From 9d1b30bbf0b6e3f907c14462a0943a92b2e27433 Mon Sep 17 00:00:00 2001 From: Matt Jenkinson <75292329+mattdjenkinson@users.noreply.github.com> Date: Wed, 13 May 2026 21:15:41 +0100 Subject: [PATCH 1/5] docs: add customer-facing logs design Add a design document for the v1 customer-facing logs pipeline, scoped to AI Edge (HTTPProxy access logs and WAF events) as the first producer. Key decisions captured: - Service declaration via ServiceConfiguration.spec.logs[] fanning out to telemetry.LogDefinition and telemetry.MonitoredResourceType CRDs - OTel Collector gateway stamps tenant identity and validates the label vocabulary declared in MonitoredResourceType - Shared ClickHouse platform_logs table, tenant_id as the first ORDER BY column and partition key - Loki-compatible HTTP API exposed under /projects/{project}/telemetry/loki/api/v1/... with URL-based tenancy - Catalog-backed labels/series discovery so Grafana populates the stream selector UI on empty projects - Tiered retention defaults (7d allLogs, 400d audit), opt-in collection for non-audit categories, attribute-level redaction only Open questions are listed explicitly: live tail backend, policy granularity, the LogQL subset to support in v1, and how label-value discovery handles tenant-specific values. --- docs/architecture/customer-facing-logs.md | 366 ++++++++++++++++++++++ 1 file changed, 366 insertions(+) create mode 100644 docs/architecture/customer-facing-logs.md diff --git a/docs/architecture/customer-facing-logs.md b/docs/architecture/customer-facing-logs.md new file mode 100644 index 0000000..198da02 --- /dev/null +++ b/docs/architecture/customer-facing-logs.md @@ -0,0 +1,366 @@ +# Customer-Facing Logs + +Status: Draft +Scope (v1): AI Edge (HTTPProxy + WAF) logs only + +## Motivation + +Datum platform services emit operational signals — request logs, security +events, control-plane activity — that customers need visibility into for +debugging, compliance, and security investigation. Today there is no +customer-facing query surface for these logs. Customers running workloads on +AI Edge (Datum's HTTP proxy + WAF product) cannot answer basic questions +like "show me 5xx responses for my proxy in the last hour" or "which +requests did the WAF block." + +This design defines a project-scoped, multi-tenant logs pipeline with a +Loki-compatible query API. AI Edge is the v1 scope: it produces high-volume +access logs and WAF events that are the most acute customer need, and its +log shape exercises every layer of the design without depending on +control-plane audit-log work that lives elsewhere. + +## Goals (v1) + +- Customers can query AI Edge access logs and WAF events for their project + through Grafana, LogCLI, and any Loki-compatible client. +- All logs are tenant-isolated at storage and query time; cross-tenant + reads are structurally impossible. +- Log schemas are declared once by the producing service and surface + automatically as catalog metadata (resource types, label vocabulary, log + definitions). +- 7-day default retention for operational logs, with a longer default for + any log marked as `audit` category. + +## Non-Goals (v1) + +- Control-plane audit log surface (covered by `milo-os/activity`; integrated + later via a shared catalog). +- Customer-configurable log export (`LogSource` in `ExportPolicy`) — + deferred to a follow-on enhancement. +- Body-content redaction via regex; v1 redacts at attribute level only. +- Log-based metrics and alerting derived from log streams. + +## Layers + +### 1. Service Declaration + +Services declare what they emit in their `ServiceConfiguration` +(`services.miloapis.com/v1alpha1`). Two fields participate: + +- `spec.monitoredResourceTypes[]` — already fans out to + `billing.MonitoredResourceType`; now also fans out to a new + `telemetry.MonitoredResourceType`. +- `spec.logs[]` (new) — fans out to `telemetry.LogDefinition`. + +AI Edge declaration: + +```yaml +apiVersion: services.miloapis.com/v1alpha1 +kind: ServiceConfiguration +metadata: + name: networking-datumapis-com +spec: + serviceRef: + name: networking-datumapis-com + phase: Published + monitoredResourceTypes: + - resourceTypeName: networking.datumapis.com/HTTPProxy + displayName: HTTP Proxy + gvk: + group: networking.datumapis.com + kind: HTTPProxy + labels: + - name: resource.name + description: Name of the HTTPProxy instance. + - name: resource.namespace + description: Project namespace the HTTPProxy belongs to. + - name: hostname + description: Hostname the request was received on. + logs: + - logID: networking.datumapis.com/httpproxy-access + displayName: HTTP Proxy Access Log + description: One entry per HTTP request handled by the proxy. + monitoredResourceType: networking.datumapis.com/HTTPProxy + entrySchema: + - name: http.request.method + description: HTTP method (GET, POST, etc). + - name: http.response.status_code + description: HTTP response status returned to the client. + - name: url.path + description: Request path. + - name: client.address + description: Client IP. + - name: http.request.duration_ms + description: Request duration in milliseconds. + destinations: + - audience: tenant + - audience: platform + categoryGroups: [allLogs] + + - logID: networking.datumapis.com/httpproxy-waf + displayName: HTTP Proxy WAF Event Log + description: One entry per WAF rule evaluation that matched or blocked. + monitoredResourceType: networking.datumapis.com/HTTPProxy + entrySchema: + - name: waf.rule.id + description: Identifier of the WAF rule that matched. + - name: waf.action + description: Action taken — block, log, challenge. + - name: waf.severity + description: Severity classification of the matched rule. + - name: client.address + description: Client IP. + destinations: + - audience: tenant + - audience: platform + categoryGroups: [allLogs, audit] +``` + +### 2. Platform Catalog + +The services operator (`milo-os/telemetry`) owns two new CRDs that the +`ServiceConfiguration` controller fans out into. + +`telemetry.MonitoredResourceType` — instance-identifying label vocabulary +for a resource Kind. Parallel to `billing.MonitoredResourceType`: + +```yaml +apiVersion: telemetry.miloapis.com/v1alpha1 +kind: MonitoredResourceType +metadata: + name: networking-datumapis-com-httpproxy +spec: + resourceTypeName: networking.datumapis.com/HTTPProxy + phase: Published + displayName: HTTP Proxy + gvk: + group: networking.datumapis.com + kind: HTTPProxy + labels: + - name: resource.name + - name: resource.namespace + - name: hostname +``` + +`LogDefinition` — the log type catalog entry; references +`MonitoredResourceType` by `resourceTypeName`: + +```yaml +apiVersion: telemetry.miloapis.com/v1alpha1 +kind: LogDefinition +metadata: + name: networking-datumapis-com-httpproxy-access +spec: + logID: networking.datumapis.com/httpproxy-access + phase: Published + displayName: HTTP Proxy Access Log + monitoredResourceType: networking.datumapis.com/HTTPProxy + entrySchema: + - name: http.request.method + - name: http.response.status_code + - name: url.path + - name: client.address + - name: http.request.duration_ms + destinations: + - audience: tenant + - audience: platform + categoryGroups: [allLogs] +``` + +Both CRDs are server-managed: the `ServiceConfiguration` controller is the +sole writer. Customers read them via standard list/get to populate UIs and +discover available log types. + +### 3. Ingestion Pipeline + +AI Edge data-plane components (Envoy + WAF sidecar) emit logs over OTLP to +a regional OTel Collector gateway. + +Gateway responsibilities: + +1. Receive OTLP log records. +2. Stamp `cloud.account.id` (Milo project ID) immutably from the caller's + workload identity — customers cannot override. +3. Look up the declared `MonitoredResourceType` for the entry's + `resource_type` and validate that emitted resource attributes are a + subset of the declared label vocabulary. Reject undeclared labels. +4. Derive `tenant_id` from `cloud.account.id`. +5. Write to ClickHouse via the `clickhouse` exporter. + +Services are responsible for stamping the instance-identifying labels +(e.g. `resource.name`, `resource.namespace`, `hostname`). The gateway +enforces the vocabulary; it does not inject instance identity. + +### 4. Storage + +Shared ClickHouse `platform_logs` table, OTel-aligned schema, `tenant_id` +first in `ORDER BY` and partition key: + +```sql +CREATE TABLE platform_logs ( + tenant_id UInt32, + timestamp UInt64, + observed_timestamp UInt64, + severity_number UInt8, + severity_text LowCardinality(String), + body String, + log_id LowCardinality(String), + resource_type LowCardinality(String), + attributes_string Map(String, String), + resources_string Map(String, String), + trace_id String, + span_id String +) +ENGINE = MergeTree() +PARTITION BY (tenant_id, toYYYYMM(toDateTime(timestamp / 1e9))) +ORDER BY (tenant_id, log_id, timestamp) +TTL toDateTime(timestamp / 1e9) + INTERVAL 7 DAY DELETE; +``` + +`log_id` and `resource_type` are promoted to top-level columns: both are +low-cardinality and appear in nearly every query's filter clause. + +Per-tenant retention overrides are applied via per-row `_row_ttl` +attribute set by the gateway based on the log's `categoryGroups` and the +tenant's retention policy (see Retention below). + +### 5. Query API — Loki-Compatible, Project-Scoped + +Customer query surface is a Loki-compatible HTTP API exposed under the +project's telemetry namespace: + +``` +GET /projects/{project}/telemetry/loki/api/v1/query +GET /projects/{project}/telemetry/loki/api/v1/query_range +GET /projects/{project}/telemetry/loki/api/v1/labels +GET /projects/{project}/telemetry/loki/api/v1/label/{name}/values +GET /projects/{project}/telemetry/loki/api/v1/series +GET /projects/{project}/telemetry/loki/api/v1/tail +``` + +The Milo gateway resolves `{project}` to a `tenant_id` and enforces IAM +before the request reaches the Loki handler. The handler itself is a pure +query layer: + +- Parses LogQL. +- Translates to ClickHouse SQL: stream selectors → `resources_string` map + lookups; line filters → `body LIKE` / full-text; parsed field filters → + `attributes_string` lookups. +- Executes with `tenant_id` already injected from URL context. +- Serialises results in Loki's response format. + +`X-Scope-OrgID` sent by Grafana is ignored — the project in the URL is +authoritative. + +Label and series discovery is served from the `MonitoredResourceType` +catalog rather than from ClickHouse, so discovery works on empty projects +and Grafana's stream-selector UI populates correctly on first open. + +Grafana datasource configuration: base URL +`https://api.datum.net/projects/{project}/telemetry/`, type Loki, no +custom plugin. + +A secondary `LogQuery` virtual resource (Kubernetes-native, modelled on +`AuditLogQuery` in `milo-os/activity`) is retained for kubectl-native and +GitOps workflows. It shares the same LogQL → SQL translation layer. + +### 6. Access Control + +- Milo IAM gates access at the project boundary via standard Kubernetes + RBAC on the project's telemetry endpoint. +- `LogDefinition.spec.categoryGroups` provides a secondary access + dimension: `audit` requires a distinct permission from `allLogs`, + matching GCP's `roles/logging.viewAccessor` pattern scoped to a log + view. The query layer filters out log IDs the caller cannot access + before executing the SQL. + +## Cross-Cutting Concerns + +### Retention + +Fixed tiered defaults; no free-form per-project retention in v1. + +| Category Group | Default Retention | Disable-able | +|---|---|---| +| `allLogs` | 7 days | Yes (opt-in collection) | +| `audit` | 400 days | No (compliance signal) | + +Paid retention overrides are applied per category group on a project, not +per log ID. Implemented as a TTL adjustment column populated by the +gateway at write time so existing rows are not rewritten when overrides +change. + +### Ingestion Quota + +A new `telemetry.miloapis.com/LogIngestionQuota` resource integrates with +the standard Milo quota system. Quota is dimensioned by +`(project, category_group)` in bytes/second. On exceed: + +- Gateway returns 429 with `Retry-After`. +- A per-tenant `telemetry_ingestion_dropped_bytes_total` counter is + exposed via the same Loki API so customers can see drops. +- No silent drops. + +### Default Enablement + +- `allLogs` collection is opt-in per project via a `LogCollectionPolicy` + resource. Customers don't get surprise bills from log volume tracking + workload activity they didn't request. +- `audit` category is on by default and not disable-able. Volume is + bounded by control-plane API traffic, not workload activity. + +For v1 (AI Edge only): proxy access logs default off, WAF events default +on (they fall into both `allLogs` and `audit` and the volume is bounded +by request rate × match rate, not full request rate). + +### Redaction + +- Platform-managed allowlist of attribute keys always dropped or hashed + at the gateway (`*.token`, `*.password`, `authorization`, ...). +- Customer-configurable `LogRedactionPolicy` resource — attribute-level + drop/hash rules only. +- Body content is **not** redacted in v1. Documented as a constraint; + services are pushed to put structured data in attributes. + +## Fan-Out Summary + +``` +ServiceConfiguration + spec.monitoredResourceTypes[] → billing.MonitoredResourceType (existing) + → telemetry.MonitoredResourceType (new) + spec.logs[] → telemetry.LogDefinition (new) +``` + +## v1 Delivery Slice + +In dependency order: + +1. CRDs: `MonitoredResourceType`, `LogDefinition`, + `LogCollectionPolicy`, `LogIngestionQuota`, `LogRedactionPolicy`, + `LogQuery`. +2. Fan-out controllers in this operator for the first three. +3. ClickHouse `platform_logs` table and OTel Collector gateway with + tenant stamping, label-vocabulary validation, and quota enforcement. +4. AI Edge data-plane integration: Envoy access log + WAF event OTLP + exporters; `ServiceConfiguration` for `networking-datumapis-com` with + the two log definitions. +5. Loki API handler (`/projects/{project}/telemetry/loki/api/v1/...`) + backed by a LogQL → SQL translator. +6. Catalog-backed labels/series discovery. +7. Grafana datasource documentation. + +## Open Questions + +- Live tail backend: ClickHouse polling vs. a separate Kafka topic + consumed by the tail handler. Polling is simpler; Kafka is lower + latency. Likely poll for v1. +- Whether `LogCollectionPolicy` is project-scoped or finer-grained (per + `HTTPProxy`). Project-scoped is the simpler v1; finer granularity is a + future enhancement once we see usage patterns. +- Loki LogQL feature subset for v1: instant queries, range queries, + line filters, label filters are required; metric queries + (`rate`, `sum by`, ...) likely deferred to v2. +- How the catalog-backed label discovery handles tenant-specific label + values (e.g. the set of `resource.name` values that actually exist in + the project). Likely a hybrid: label names from catalog, values from + ClickHouse with a short cache. From 50bd41524c267107617370281a5ee39a4c049960 Mon Sep 17 00:00:00 2001 From: Matt Jenkinson <75292329+mattdjenkinson@users.noreply.github.com> Date: Thu, 14 May 2026 10:24:17 +0100 Subject: [PATCH 2/5] docs: add ingestion pipeline diagram Add a C4 container diagram of the customer-facing logs ingestion pipeline and reference it from the design doc. Include a docs Taskfile mirroring milo-os/activity so future PlantUML sources render to PNG via the same docker plantuml workflow. --- docs/Taskfile.yaml | 75 ++++++++++++++++++++++ docs/architecture/customer-facing-logs.md | 2 + docs/diagrams/ingestion-pipeline.png | Bin 0 -> 50642 bytes docs/diagrams/ingestion-pipeline.puml | 32 +++++++++ 4 files changed, 109 insertions(+) create mode 100644 docs/Taskfile.yaml create mode 100644 docs/diagrams/ingestion-pipeline.png create mode 100644 docs/diagrams/ingestion-pipeline.puml diff --git a/docs/Taskfile.yaml b/docs/Taskfile.yaml new file mode 100644 index 0000000..319b9e6 --- /dev/null +++ b/docs/Taskfile.yaml @@ -0,0 +1,75 @@ +version: '3' + +vars: + DIAGRAMS_DIR: "{{.USER_WORKING_DIR}}/docs/diagrams" + OUTPUT_FORMAT: "png" + +tasks: + generate: + desc: Generate all documentation artifacts (diagrams, etc.) + cmds: + - task: diagrams:render + silent: true + + diagrams: + desc: Generate all architecture diagrams from PlantUML + cmds: + - task: diagrams:render + silent: true + + diagrams:render: + desc: Render PlantUML diagrams to PNG format using Docker + cmds: + - | + set -e + echo "Rendering PlantUML diagrams..." + echo "" + + # Check if PlantUML files exist + if ! ls {{.DIAGRAMS_DIR}}/*.puml 1>/dev/null 2>&1; then + echo "No PlantUML source files found in {{.DIAGRAMS_DIR}}" + exit 0 + fi + + # Render using Docker (no local installation required) + docker run --rm \ + -v "{{.DIAGRAMS_DIR}}":/data \ + plantuml/plantuml:latest \ + -t{{.OUTPUT_FORMAT}} \ + /data/*.puml + + echo "" + echo "Diagrams rendered in {{.DIAGRAMS_DIR}}" + echo "" + echo "Generated files:" + ls -1 {{.DIAGRAMS_DIR}}/*.{{.OUTPUT_FORMAT}} 2>/dev/null | xargs -n1 basename || echo "No output files found" + silent: true + + diagrams:clean: + desc: Remove generated diagram files + cmds: + - | + rm -f {{.DIAGRAMS_DIR}}/*.png {{.DIAGRAMS_DIR}}/*.svg + echo "Generated diagram files removed" + silent: true + + diagrams:validate: + desc: Validate PlantUML syntax using Docker + cmds: + - | + set -e + echo "Validating PlantUML diagrams..." + + # Check if PlantUML files exist + if ! ls {{.DIAGRAMS_DIR}}/*.puml 1>/dev/null 2>&1; then + echo "No PlantUML source files found in {{.DIAGRAMS_DIR}}" + exit 0 + fi + + docker run --rm \ + -v "{{.DIAGRAMS_DIR}}":/data \ + plantuml/plantuml:latest \ + -syntax \ + /data/*.puml + echo "All diagrams are valid" + silent: true diff --git a/docs/architecture/customer-facing-logs.md b/docs/architecture/customer-facing-logs.md index 198da02..20fc4a8 100644 --- a/docs/architecture/customer-facing-logs.md +++ b/docs/architecture/customer-facing-logs.md @@ -173,6 +173,8 @@ discover available log types. ### 3. Ingestion Pipeline +![Ingestion Pipeline](../diagrams/ingestion-pipeline.png) + AI Edge data-plane components (Envoy + WAF sidecar) emit logs over OTLP to a regional OTel Collector gateway. diff --git a/docs/diagrams/ingestion-pipeline.png b/docs/diagrams/ingestion-pipeline.png new file mode 100644 index 0000000000000000000000000000000000000000..fe4b7bf73527e022d7914da80ddeac309c14f490 GIT binary patch literal 50642 zcmbrkV{~Ofw>G+CbZm5Nvt!%tq+{E*ZL?!^l8$ZLwr%X#x#{4j}^ofLtlasEB?Q zVPRpRg*;JFQBfrQkj**>2nev{g9ubYv8=kj+jisGbyHAKkf?=|t49($_R`SMP-#X} zx%Sh046w7avl=Eac@47p4YB(T^Yim_m?raBr1A%kiin5^Sf`6SWC?_f35HDwM=yxS zElNm8NIGT9x#r4vmB~a;NW{#^$4$y6F3Be?tEs8|^e$A0n^a4hR!Cm{nYN;anBhsf)(B ztG2eb&WZJwg{zLG>#k*BZ*On+)JEUT*3kS;_tItW%H_cN&D7M?@WRgI%E9E;)$qpc z!Tr|O*5={G^3lWk>EqV<)BgVc_R;0e@zv4Qi4#EF*v8mF-^tjB z(7>J0%*n~lk&A)B&Pw0L$=TY9-q6CCo!FKa_-CU_`Zxt~m_4axMlg}+(W6rHVg5?4*t3Qvn;QyYq`xR(R| zrh`Lcdo=!~G1Dy7Lil)iEUmRbE3dy{F$4_sB!%6 z;i5iFD$B-Dg-7`-|yHIP30EViJv?z_4<&N%BH#Xi_M1b`xxS;JFD0Z(# zpH*sY!Ft}F`13=dhsY5j2*oVCr3d696ly_osbxfnw(_rEsxw}JncPtrwSfc&@E+4f zg~OwGs`|;cvX;CazB&ddV`yDG_Gc?sB^9>{DWn^#uMMkGws?gFN`nMShj~#~$mUHpu3qMqi zE7SR_CsYaTSbsAMI67LF2+SF>8g&u0?SK~ydEXv`zZV4LKJD0ztHNgZhL8zFRhs9y zUP3TOPtjP}o$dW_hbP6H=3TZ4QfqBd7m`VMV2^3nT9KHUXwZOQ05g&MsXS9*Oy7eC zu*nmjYh9AP#=15K3$Ria^-Xq`4OYD9KCRvRwdy5%x(|T_*&SL?;MUP-~x&O-3n5BV<9A6 zKA@m_DXE9`cMZYDBm^GbPpqA88C(#k)?-6>a0)}QS8oyA7Hg;b%V5^ut+c~4ziT=GpF7~2y&AE# z7JFNsaM}J~u2^)%df*a)0VQl6nE#|@2)CDzh?g|XWgxl`XXsOaf-$!5h=_HQ_2;iLv&-V~1D%xO)sRyXEj3fJpiqrYM2XtKpJ*oykSan|Qz zNzwD%2S;bEcxWPW(Lzw>QhKj}Mt>NC(sqsZ5<{QR29=2LsNraI6M~|$i{z$GsS=f1 za2bLXONFNOVShr?XLF$kz$yQ6qIWM*BBDi8DimV8S)d#|RF|rEWJp($06u*CMj|4r z-(O!s>BPfH4NLGxBK>%uNJ_LuSt2z;Xf%}^InT6o&XLQ*2U*FE#AwV!+pUemz^;pqFk1VnF$53O@q(>M@1aD_QY@pL(0Am9WU!DJt5(|S1L&#~UX zv!7aRse*1)V;j^&@MGZ<56wg8xX5)^edTi`{PrdtAkQoEfSV%vRa|N~B45W6#;Ep< zJZ)(EjY!K!W<@j05=Ix;EBFH$%Qma#oMHsol9}VXkOGdpl=&=)`}cWb%t6g2Q-^)z z&5V(F2{TRdbf~4WW*3IQ{w70*`UpLm!+{ke3CvE!IzGBBPVM1f52e;P?z~@Lj{>vS zxL~BEjxT9cn7QEf3sN~uhy3Ihy5!Uq^~qc$koLDdx#yv*KAhsWy-D9b0@sKe(KO-6 zpZcA03O>4j-a2KTz0*^lJK^4&8;KFwa`|f+yg%13c^f<%#EvklWxa z);nA*9RL=$SNhf9a1I>IMh1JL3U`N@10WFd!>!sBN3{mL)QX@Ayk4oG5SATqig z7P_*Rb=hg6z;(4^J4d5+QyzLz0k)psh!Q|DJv~8^prMbHzjVMMk`7G@$S2+&9ar@e zFp{2WxQ0eDbGZ_22%bm+HV^2hfOn8#bhT(-HzgVgBeOeA& z!oJ&`Sg)Q&ubm)w?y8B`Z{7y-5Y`7opli!eNGd3A3^4D5*SS{t*tMSn2_f;_&*$mR zhJy9X_QuZ<7R%mGe>x;ja|Doa`@$#0V~_@#2IsN9G4x3WQoT_AsR{7eA@8s$l&}X} z;mpWvwHbzLk?ebI$Q3@3fKNVx0%Thwv5ywUR!NKOVCkgv9FG-ARlmQL>FycPrN(36-HIF3tFX;>U?aMV@=H}0{ zvo}RW>IAC1X3UT1_uA}Ni{j&Xn0FL!j3xn&22AKJ>ADa2bQsJr^Mr|*BOU1D4g zoRoTEEu5UJ;dD6o`-F;FeIE64Lx(T6Fz~lt$6OXT+u*zUzfrX;Tn=@A3wl>3Y4KTa z%Cp0KM$l$DqQBto}%`ppaPOOUYc>)=js(7>T`r*Legc80fOR^S*Cl|Vl8jdF@ zd8pV-LfJGi#*N9uM%S~FWMmM^`P%^(_tR*)Ieib|VZqJPvTKJu`fy;%hN7#zB0l5W ztnaxjZl0r)9_`~XcRw0ESLV~Nu`00&47k=YkW~Bzjp$!BJg3Zaim8-u{#Y0j+(aoA z>AuYP>b2YZW7o_ulihGtgVH%6*g2|pB_zZrbrfu-O9Y!8IoX1^wwt!oCnueu2HDxF z)H=SV1yj0w@gO|KL||6DkhgcNRx8)f$^MFa8?XMdFH;UYCWmACnqc}4;M zAC=VgoBl1^x3v#{*3)l8TM*lbS}Y!~LndYLu!q*!xz;+dAA`9e%Q%&}D|v1~dZw0( zr*(;Z;Jb^~B^S0zj#MU4SI!+7yIogYPY|^n-=)oEU_6GqV?mFbJ{UBW=R4j%5-?4z zuZ-S;l$Ps@cFBp z#E;i#>D|67I8o0aJ45uaaN0P2!Hl~CkGL1>Iy2>8D9E+3Mak>)9s%N0s?E<6*QeMO zmy{j)#@p>HIEkDSloQnG(%qvx=IVbnA+2Zip0U%wg7iUfZKu5DV>@sfY7MA@w`J^r zk8SGkUVh>Dz!X9sjOK=KUVjiiotz9tv;ldygBw`XNAO;%(^A&E1$||9ur!?Dk;=5*1^wvx`tXz}RLp?C z`I@-oI! zE6BSw%k^D32(J0OMQ3S$$4C=&J7a)vy+?A?2X(+dY@Dc zTD?qOr(J^QsljDbD_Dc#{PSnFpT;@HM(*p>6h(|PrR&cpTo~>M=>*sGIzw(p$mdap z-LiuYHG&V3GZxdBq|DGKK*oacX7i<~2Uc}2qAsVo2eyGPh-KH6Fa5_Hrs76)YTD7x zDqKCjD;bd<2UlBK#jun*+>IR+G4+3}GHWAecJ9AKf@qh?ruU+u%4tS4nr_Bd~83(2% zVoWj9wV$B9-QC1`?RZXXIU|qW{nQ`5IPGLyw>ZB`C&T0)+NA3 z`2)!nX74q=99TE1Pc~BDoTy7q-W;f8EqN*_k*kl$W9lVSQ7WAnyQ^H z-z&%m_SMu5UIgFUmc+7RWOLz18*wW_jQdn?Dq2S$Ai0Gf8&+_{JuJ_>+Y`xK*`vo8 z4qo_WLQ%8zMS7rk-%Y~P-tkh5wo#xGn0YE=X$NtGxjh9tGU}V4{SsxRQ)mkK z>-kM$bw5Npg8KX8vK^N9)*BnhRDR;;@ui;{FhQO}#p&g$(}^s}BNc+1TNkDW?6~gA z^mr-zJ$ecx6Ux*_F0@_QLy@AfYpcYtBd;j>x)7$_61V^)KD@qc+O;GQOzpP3H|$gP z?O+4$RO5H?Dg$>1pL&}3%57wnwVWS-0pf)4*c>kryY^1hY8$1=*L<%%xV`nxDtwaAAk9zmH5Z%F~H z^o#ACnLs@XfwIPaH+vPZcqMwOsMb=MP2p-5Zdf)kOU9h|B5&kbPH)e#hiYg%w7lHw zwIW)*z2TaUxp?D%6|UXvCG`9gLsaxc+gRV~uRLSPCin4NN9eSvmmm>KV(rcjZxfU0 zuML8t1{zDfH0|Z&b=DOZDbyFMi;M|%Ck0hLH#bJEK5jVx5L@@Jww!R&NvZn#kBG3@ zJERITEibk_-B_tQ|c(eIjz*V4q zy-b&t^C#ryLb}s0%i=7+;zg{T@sl=Zk3n*tfbub{qlO zZ2@q5+bd3F}C7PZGxnKyy zjj@kbjKrgm>#Q0 z{g$wZcZ{&p`!k**#5d+a{^D^5&h=vpWO>0M!Sm#;D?g;G+Fcjh+tt(w8s8?=%om-< z>jkjBA*SThfgP-EIe8h=`JCAc*>h#s29h~j((8rj!?|zYB$YCEA@+jNLc9gWQUpM| z_8v~vl7&Z#4&VpCTZbTIN>A~_j=g~?(%k8*@hHr{pc>y zwGrMQj@7XTbCQJ6X2aFMO;VR@!Zp`aphSWAE}W@#DY=LQY2#IbeQ?9?!P88Sv*e10 zC6uZ*S)8=QBeX|`54~o@*6)$&e6xtK0{+f+`5CwFu(}~J7a$Zry&X-|YTL~jGXz56 z92~ONBE;)dc^d`i8RApaKBD)uKdop(1+lh($;>oa2InwVn%)8tOzbWJA{=J5=(o1v z1q)BK%_#CtXNCoxKht+6wDry)_MZ9eS;BBWpWh7O!8B|3VlVnW;?h> z^9U8v{Zdq}Q%i!s#SQyFaqlo@p4Kwpl~>bY>}T>4cPy=V_6QWRvzQ_NkR#+s=E|YA zh&NUlS>t#Zl}GXWQXZ4zx6z3h48yQbQ(UX_8cM5!#qr%0Te&@`!xd5OmD($I>9M5W zNV54`U>nD&d5N9!1!(*kTE?Os`Xw6ip<}qZNH_W^4yXl^R#o~gGuJD7!-`xEu)zZP zat{_AB(V82X6*_cUzP!_81}Jjt5Tb z4jTB24GcsKzx35Cm3wX)FL;LU7SdAF#ntQkb=(|VcNO0|%haB%nVbCwXZs<(8R(PJ z+E&csh1cs7;XRTR{xo4DyQb=LECG8xZ^@R|whS~|WSLeLVu+3af$*>}PB-f+=mOHL zhcA_JI7Ur}dcN=E8L#vDjQx=RR)BtB^XS4)f7CNrV70$9NwUTjO_3GVqNzHxu6%tB zq&JQY0iN|-WSI$v2kWvP9&DN+#h?1kp>edGZkcpCQ7;0}Ap}6Zjo99ry;-X26~1em zcBO6mGlrjI{9;>LI`Q{3s=6YMI+AuQYwOc)`uO2(h@p(K()fgo8zzHqaoR9a+{tIU$p{)Kx93AWG#M-n&XfJx(v7B=qVzAf4^H) zbl#liqkEJzRJ3-0w62@C&LCz1ffy9bIsI^lOe?rXnUTyNYDjlE!6Tn#Y2Ly+s<_bg zCmy7zXTr=dZ~RDNT><`h9&73jU%EkhWtfoBU>UNszZ2vIifUUH>m3Ra5t&nK+|E7xOoNaGw@oS%m3>#&p)*Fc>3B59enQA2C+!_`6yhNi^<5bm z-0{O#^aUVAe+C;G)9`N;SxG}FdTad4iq7#+ma265fIix1A?~>OUxq+nl4pP3cBq~& zMa$vc(!kUC+vu3M4e9Z z!C=7mAS=ZgS?stq2B|E$p)6gpGm7y3Xc3`ML=sGee?Ppc4ZV#Fa7xC=)q}@JHt2%j^WmA>%qP~O(=Ke8p+BTdYVE! zV4YYU@PQK~Y#hrc;$_O=Unnin0Y%RJJ##KPe6O+oA+Ayh&oYyje|6aMPQ@DZGCJyN5u^ zSgm`xA+fSTdv^UN*EAu`u81Db^!Cy3Rtzb~G;w#1K&ovuYZ&<&xB61m@k=8*3QkYX zt)_=~d4&OpE!zYnZ?>;4Dp(&@zJO<)BM0I6z*Nelmi(4btTT`YN9o;WMQt!RR-RH} zPc_Xc&#(ikZ|B&ney2Fi*c(h0vAgfKHXlW}T0ffoUf=r-nichHypa4-_(3ITwHDqG z510rQ>jfPVYw`%>BW|irw!b1l2?we&x=o}mZNORT69X%XZvQ&VR=r})#feTVgnK`4 z^vE+*{>OSgjhc7oir9FiUNrhfc6cs7l?ahyWMW&u-Hm0eT5h8Dh5=C&fj`N`k8fGR zO6Ex02*0nS5KVh@mBHrFX&Sg#r8sl7t*QWAMb3-+nh;Js`^i@aWIcj0U5I)gG1CU$ zy`z={qQ`}aJAOxb^`|NT0fD#2qs*nMeDX4h}U1n1gg7ejfKIq0~uE*F4iFl0Hs0G^= z+rNEh#up+`Wyx!`5`YnMP!xY@eckO1vqy9Z8}UBGUuR>0Ncke_aT#K(s|z=c2O`hH zQyr+Bj75-@4X5dJi~_G-@>JP0Ytg=1c2A@vg>^B6v|Q(k;;Y4mMuzeQO!- z+lrvsn)Kd^DBEX{#y1aUcL&W7B3(w+W|rUfuqjBSW%{Hk?CYwgNP=DKqz=V_vb1O{>ZjQX!!1?I#$cTcLM+Cu0{;nCDxqz#2bi2MIC^8&btOsf~O z5ep@M8#I_7J@;aj<2w?9R5+Xk?Q;>0vr-*oYZuLZtGvaRPo)Nx+192^Ek5kYw4 z8OTS0mS0*u;R-ZrR;(E2t9kE~F@HmK5bpM@9(K*X%5YO~opGkE~ zyA#8c2$bc9nmV_Lj9OKHY?xs-m$dP-ec}M4`9vhG|_xLcKWnG zI`J!GScuXBTbF_#rnP_yWXHXFrC8Y)os&>F|7_SU5k1ezf{>GEwF7uoy|A_AC!4|B zn0~dkpmT#w$zapm@#?VBPR~NgJIoymv6C2?tPq%-`+^-7!rPx`n(08A8W@8~C8ikq z`H-66)3Ucj|JJh%(OzXKG}&z9m6_<53I(VK&(@tqz;ZA0Q-sZONo0O&tN!%@c3#B^ zNi#Yp=m!(djQbU#D^dxVIir2#!c+I|jxo~7@BIKjPSgNSqfgc9Eq6deXgJrmRcZlm z!BC_xdozI5%j;9o<#DB*qT81DfRnlQ(r#nM40@Ck*=bbT3}-X-XmGts`nV1ANgJJO z`+?)&P=HVIGA_6SN6#!mx>o zos9IwyR)XFF5E}g_p|Gf0-xZtCUID^;MrBGsC^TW1kV}Hm(U0T*m3{Nlcn$vMC%BfcT=Qr%t z!5F(7ZJ!K^)CBBZq80?A)+;s}l%`iT_)n*hltBs*r#Qgz8q1LNMMigmj@mDcG?*jS z&z0f*r)nx=@lB`Gc#knsEX}H^_3N&@t2^sYYy97T4^0|A)K-Mz1q?mM{My|m^lrXw zRPVG-MX9ZFVaVd&m&#D1a!Y5e*80Ea`*4jvc7c|W<_~kyMnV6apXWB^ zs}1Pt6Vj&U1EQ%mk}W%-y?0shjp~BEg6u|aZKawow;&?%uf4at?-IG+OHE*?w){7| z$`G*kcSSqS0SHz~=lge$9TtrF+#Ne#wK6MBZ9IZUE8-@;>JWC0cKp2!U3 zR!qG@sR;Nf-G)JL;z)R>9|J3138N}oa28vNtT+5I=s$`^w~rUrc&jCSWzKxzrGWAL zh~dq)rd1AgL|mBjmw;-l8TIHzt5)ffSqcV>7Fx@!e4Oi_37#EH1}$?9(0U`LTA^sm zn3=*|42w4y6yvjv=ih=VXy70CjH0X@=E8TVB#{tD`tJNXbi05EP2B)oFf5TJ#wV)8 z7@EkDNYUQfMXJ9bTjApV;a)VecrtI{F;{V*A(kV|>n_)h%rjVh$<-Et-nyG!oi1G% zpMWG{irCu+1TmUtD&e6X8qW*H$)eo9Z6(wx3%3I)XbWZvensJuW%u`raW{NJ2^fQU z2-bZE(##PUDftLtFakGf{-uNF!rZ*7FuhCcJPB#<-`8Dia_ixcNWz>Po!Kyx)w|jqXzt$V6@9;N< ziK$7rXW^(H<;;Kft70AssZ|>>_y}@PHXHf(HY}m?OuRzYEVv6Sh-@s?WjbYh2zmCl zvWyHnpM?)!#f#8DATnNgiKRdGwS0n4^kPaQmFqG1D11qNMw72ePndBPT&qX8JR~>R zVjMCEQZdyJ$4tAZ85}38^QfZ-OVIxIE?xmT9}2{qYUG-UbQ*ZFFy4)7d3I(rdB5oI zAmk`%e3>AsFE$b4C;mSwLqLaTpXl{Fw+pPW`ccZtLq9O;O(?Q`d2@QZet!?CF5t`G z6yUp@Z)z3`FE=+qy9j#+X z>$1>{9TS*nA)Le0EQw#v{9$P4bBlQ68YxfZdb3Sb5mI-|6|TmDypd31lu$448PlWC$+6paFJg?Q1m=sbW^AAqOIp< zdt33>)q3%L7feywa9?{z#RoK?$^^w(IzK^jmJbLKa4Ok-phA_&82!j_2IOlmYaHqt zODK;fhGc`r1xzUwScIlw4ZDCx)`PdXDOMlp8i%6O%uL8|Cs!)(?-MmH`3qaP|41Ya zAeJImd?iI2R*~nC3Pv5;XUMgU-W!^JG;p*{V2i*a#P!<}j6M(c6eUsaI&HQRH<(4o zY?3$^RgG@U)HRN3K0c>F<8*HxHR#6$ONW+HVD=Y!W!0BEEmz{Ocbh@P%)nu$N2FWc8RaPnDO0(TmV2eo;>J=@(6av3aUZwM}qvDYVdWNT6 ziT?M4(w_BCLCPW-{7ozbhhF${6RAas(t3G9WnQ2JEQKUH8HFTn5gXv%4DHxWYK12H zm$Z$ogTp(aS8KBiA%m}p)JQ@o)Bbs?=0-pUl_W{gET6yDeLo3xCh0~}0I7A-YIjCr zNtN`%e_CGMyhtNqSGB|y^RpI-5W)U^-c%VySK+oOIuez{DNS#X59pPgmo1f?6{9k9 zdpk&KFz?sEzEFffCu6vM==`*9b7Ll#%raTzgW2=fVlN`Bi!*$GEtP+~TPx~Cl7hTJ zc1C#y(sKU_=1yck04h7mY_l$%)ZBtZf1Szo(^%xl==iM3Yvs9j`nK2#X!s~6a~_D4 zNvvqo!V=ZV>dmEy(W^B4(ra9iJe({utF6a`9V5BpvAynLX_DfpgxJoPnh75M2<44S%#80>ALwtjb(lzg z`kN0{Eojp>h=`#5CXCw3^l75#52JD-?HKt76|)3^h%R0?^b0}-_4`Mq-}rCo&YLBhq)txlB__fp6}`X!N$li1w?O#i{$Jd zco@CMc}O>$yO4<+YyK?=0?HCDHOr{$4V^WT2S=Imiquc)n@{6K99jMMP6;h7D{oyG zuMmzhgFOUIO7Z^{tZ`3kYPufh+xW`VAnO-CEP>4-Xlr#a9Fipe99h(>WRs!tW$hUK zTRA(dH_4uvk$|5@#RK8JN+Tg4fq?uo2KhfQs6WO}YhuTdeRoB=G0p8Dm+KvxayGh9 zQbUNVNKzw#-^}VugTqWg|J^7a50Bu!e&Zye7}}ic6kjLy{^AjuDE#z}WYmeoJRv1c z?(3mIiA}kWB}7U{8XCqt6lOoyLt+PfB~*5_Ta77e^3+TGz@lu8KtUF5jc1jV?w2!9 z{AzMSnH!1(6P6?##DE@z$CeexDUwbM?m@sT#@0gew=zJ4^hK*57mXASjO2r-uzz}fxn~`79}3-L@XgOMPf}lu|7yhQX0h2GaOuG zlqi3gsaI`DTSmz-bKNW(t=A!OHn!wz&@vhcnRTQ^VPCSMAXoGMBa6c6Ya94Z6&&HfW&mjzp;yS%Mk*giBBgSrR|@-;o^Lu8c`asDyxQ925Wfew`RTr^6;W!Q^g# zFw|?{@Pf>=0WCgSNH&tC6e;0=_>V$BQzaml5K!S1+3$_%;#vi>_%X!tu~FM-krf(e z13rr-vq8muScaIF1QNUu3XOu4oFM$mnZB#niE-Uf`}x^gSN+vQNfVnY1k|}8-SKM* z%_)f?(Casnu{_95#y-x*LAZE-h_b-4+g?S%btKe2g=$=39{drT`(k5@j`Lvu@(BII z$+OpSljl_+_H*j2Q#4L`^k5N(a@wO&iTTUuldA}m<1CSfXi_E-gTjAT;08XqxHapn z;BRL*I#j>}e?$nS|G=4C8>8q_ zG#MoNCpmJEboRIKjcZx#9}+e;z^~+FSW-HzqD)dRIB4(46p%{C7FXdXv&<6FPNwZb z=)NnPR&%zsbuhpetSp+={i3eL#$J)iO_fXr;};X^<)pNee+BR1Zk$D%I2+&-FDV^Y z!NUK?s@@?HJx9~B#MGx0IxCrsAeY(cqoo!0^N9TG2R(z>{a7X)vE?SN#Uddo-9BMn zK4F7Z-Ql{VhLvgLuVuKFbY&OyvY_HpR-tBrfi2S*YLxtifHDnD>yV&$vL`BRGYMJnf%%-csV=bm9tDhtU${QR!k z7L#>!boLDV@fm_prCub6g*QXbsZS3l8@~K`ZsXy^L}KYlmdy@Q7Dw7`g zBej&tM|mMCuwg9b&l3=}iVPli8jnle*s{d%wRK*;Jpy!JCwJNeT37)YUeSvwNz6=i`ogjR4t;DjQvJ z*VC?bIxsS1{OGS@Zcb(3Yv*-|rT|$3_2qesDSh7mL7&gfDZdny>+rp0fQ%hwB`RXL2t4n;X3&C@?LXhhZol-qjrpf z!#NJ${X5hgm3A>*_D{xuGzJ~5*isQ1VsJBowjQe#=0mudlZO{I8|26G5m7y);^jLB zm#tvx@XTv^(Df)DHyA!?cWxj~R;iTQH-taE)zyF@87fRz4qJv;n;jvAEoc&cNf|*a zW>72Wjl<9aCch~|4iqwfLn&}KHPAo>KRGWDuur}2ps6=0M>4+^aJ@26flp=I+;K!Y zLr+nsV;;5}WKtHC&m-H@hIO@3S+S9gY#kG6ilnT69v|5ek!hNv#+A_Gbm$kjEp?Y* z9Io}La1C%kRkXl&@Xwo5P=u8%6(z`u1%P8ZCq z>A-GV)xDq>t^brzrA*6VKXE9r;dCFRsDJYM=PaiM>PzGXsik?~hut={pC@rYhejR) zv^QHSSo>z2HQkE`Vh#-F@23zB!+DtI3sCxN_>i>IA0B@GiWv932d24F$KSyGA#tDD z>7kfmZI}giK7h(TnPbWwKYCzG7oh(^i8v@kpx7(0pRa?>WIxljjRID!QiT&i#~?+^ zz8UZ!c%7O4nZZ9$xsYQpwHF|Ig=Ha}s&Qv`trUH-zKx*biVrX5r8|H3s|2-m2)A01 zV}Ap|;M27-UHrP%!?GP+sSNqQfoi7E)}=Kdwnyc>LVC@$)B8dY>WP6#9t*I=+|+QN zc{|Dw^aSeitR2#f-%z#!@mlE?PqW}Uc(0`^qWoA?p}gnJW_5?+Xx_HG;yUq`_Hm&% zyXZy(S6ZZSD230n9|_+HcIBn~`9ao>a&YzAyBdvdyL4M47YB_BzBz#Fwn%z>w8DcR z>Jyw@9KROXh-IjP&zaLt1C(tPr67!O`EI*)P;IzzP_rgM1J<~5zem{0#F3r*q)X-T z75#I(_KnjrKw*&Yg~E&E(s99>yrfT!Jkqag49T2x;mR~aAAs$hOe6*(FA;H`{|Tj{ zxmN)m^wrVizW%08lWmYOtxp&vBv4NgqN6f}>((t6b<3u>=gPj>YY*UjXz3HWHAj!; z=nYi2Eo%cU1E!(CQ;OwsnY@XR@q1BzeO0^#RT5`HsJkbFzxy+}xAJE)JNtIJ0s7 zC4m;amltZG*+PX6k}-9gC4aj=u#}9Vj{$_ZjqEcO%70O77ra4{yBCBr%|dY3J<=wJ zT3d!5d8%PE@Vn4@Y4q5L|B2o|;P;9G6U^4B`5>2FN8ZwWwvy|tz39TX;kTi;bIe{M z0v+lU;l4E7pSJl=W(wj!2ME(Z8juu&~vY79mrI2Os3GuDxw0#x2>x zFoXXL;K%AE^}!)=>=#WLB(ev~)csdM52fduWKD-CocHP%DCzTtMhqWB=le<2SxVv- z`Tdm8Sm31pD_uxK;9p8mP>7m3@Wfr4RaE*sAyO%0-)nR8ob!jC<=FwItDh&Mkwe8y zA0J?j3)dm%vB~pQ=-#a=pCD%Wk~t315C3v*js2~D(U)gb)-R-{gG94Ylbg$`CME`9 znSB{JtlcSjjp*vcXgd)9%F(`o7yBensO#Pb3_D?b_T#wDsg#wj|5#JBfn;q*#BL1i zF)`Hs%I6ZX3YE3pv;q4>`EAX@4FSBhlv}r+YjTgTnr}K?(jg+SgME_6qWZutkJNP% zPDj4rA+^}PBq9Iq25R9D%^tBhh{cj=F{fJx`cwcoS^~*7RebWh?e-0rss!fPn3Np< zft#Kb7JEK97>py)Vu=HGW1ez*Y}@bz`ME;}c$4pwmTV-cKW%$K`VwE&OgN9BNj;c7 z(vGP``o4l>UHGt2eRuTtE&xF!ns&}zGI7j1qgUZkV(`jcuw19;5B##x5CYtY*gHZ_ z@6t0>)CrYz(Cc1>z}r|5j%>dthRZ#Ilh!MfXT;hFukg(hWmu4wQED%%s+_ji?aBtN z9+0~=JSYO+)jcB8n4G6dW( zk7mwg?IP&suc(=uEPU>Ep1`fpf3a18HdFQc_nRLbv_VFWW%(k%kd}Z)M!w!aZs;!* z2F2Q@>{{3*H7XQpQ$Uf^2-jb~8OWowLaIrH?+sm)6!!eDobLuLQn2+!79~x7@yZbx z|HT~r%M$yqtOAMuW|{x*JT)`Sf0Q+7zpxn^RB!^UM{@FiDC_Cwf6Yud;rb{-scNj1 z5cBpkoOhMR>1b?fdKB5DQDxABSel%67=MKV39s#$MPThft@%Z^5>Q&S=A~iFTh?|hB%T8U<>}lxz!t>Md?7!nMnA~mRNnp@x;8Z%03Rdb*LM1hhs z7X==);$*4siJ6LezGUqN{JJWS+%9;+PL{Gy%?hq1_7?>Q0f~!ZstPDOPB6S%xMn7^ z@ZvvBrk1e3b8!o6)`U;_(+>@cVpJ=FvBFkq$gqWF!*Ci^CTsO_!aSnx@ncLFe3phP z+(5S;mSTxgw3Jfcd$cw(Ey!-D0B4BK^txecC^+E}C^FJJTj!1{;*HIZU z?-ey~o~Kn$?Gj7hA>jy#j6i|OzQhpH&c1q=F3r_vZIi2#cvW;h!b)@*Pal!&u%41*V%8Sj%@t6uqsgXqR-$^@I4h@goimf&Oa3ILG2kNn(3C)Y{0I`b626gm<{GxrTNyu7 zpHDAmJK^IkHLsN~Vqmhy`i65V;6=;E^0jXUVjEyMC2WL_?$?86Hhapsza|-t-yh`7 zjT$p3MpaG7$^e5XdEk_2k@|@?5`%@kAPFRIU9xI<1(MGEE3~_@T1|<;5qm_sZcH5f z!CQ;*pR5Zqn!$;RpGXhizxlNW=cj{?p-4eFI=dcwO9Y5^qUx z_rT93ImNe>Q(;8T(+;ocHjeHPp%ZY1uQku~i~Mwc;uWaRw#HQBKiNg2p1X^4FPxaJ zU@k9*drf1bApXl^SyPH4|3?cd^nuX_Z>K82<{X$OZv!4T)?VsH#vnh#vyOsrd;n z6!D2AKx4bG1FXk3e%Mcug1OK?ba&Nw2Gr}bVMtcub93R{eE4}qWtvwJn!_G#%ka{< z^!kMrH|xSwt)cGkm&fZ6?20lk&8WAEK)!J-7+yfn5%MO`WGGQ2NAzxOx&K*2GG*og z8nnSD1dc_m#wm`}5?7t)tH6F+mlsEV zV^%hZx+;1+`p+?-I{vrJP{T+wcC-39jw4<0ko|;@8d67wOt(HOtV5&ztqY|G3ItUL zCGc+{b4uPp;rXLdpDBQzh_^PVdM>J)uxg(tB0Y633?|W<7+~UaI`=kK(1D%B6<;p4 z!QeMj8St%k_qU?&yjVGyr_f$&JnnuVWsTm~3 z{Pd?Kt3w=5p1N!zO@pFLDz-pgK00Qm!pqSy1WnPx@yp!cGf*)lE zy^>px{cl|tp<<+twwYDm4Kpay5NEoMWJVL|=|v8+_l-&Jod#Jjl^F{Q^Q&!)v8Z=w z=f%S9Po%W8Vbr7MUf_Xh!C*sP5oWkx!Ix};&aIFPGL?yU4|8xz3{J=DwO76CN};m+ z6H$gK$9*M{U2x^R+;~g`Zp2p0o33+U>@h39xXAodNJ$58;f8Y)TVK+ydUxpedk0iX zGdv+U$(MKYxeYfYoZ@H4@ zZR80r499$>1n34=wzqd`_CjtbtHx<$^NJD5LZAgDK74A`JuG^T4WO?*SLd7A)x#$a z+95?!F65yK*!u5p2I93Qqw?5k7$#(4u<~|+RsU2qk#^IsLK!#-%LGJNL(heWJh+h` zxY4KUdf=+wLCaZhA9r5>5z%Uj7Mm?N@U2@nnIFJY>%d&_q81(6+ermK9k^$Fq=#+% ziOt*Q4D|<09FBDs1`zVrj#=-~M~hnxD~E_I1n#3mHJJlvW$M{=5tTs;`@MZxYm@i| zc@w8UDp5Xh!-;Bt*hD#yW!y42a*ZYZU^_N`~y*j`>H_s&@WDM z%p4#c$?j;_+zh11(h@6fOC{}WMTo(G$!wEX*jA~g1#^{$#n@w`rN?X{?8#o!Yln}C za@g28+B+B@nfE2;NRWpQ2?MrWk-vEWuH|_2KPRXTGIR^dyv0y9V#K0k1&AkwJZA$s zC2Y1<(CzpDumNJsy;(pvBX#?Y1e%H6PmAD4<9R#_E^Yu3} zRQ+U8R~UZJ93*5=k@f36BDp|8-i4_)cTS`#fzmNlsZ$&+=c2zrVLrPhs~{KoL!_G; zxzdn<%V!!a*HUjyK?dLNu~F?g_cRCAq&8!k<~7)>=}JkDepbNf)ojv*uUdzIsnQhv zSY5jVW$z{HDKO6XWi^+4?04RNPC&(jsHmE)8@h7~D=qLd0tX@W_Lq(wHi61Cny=;s zUWyI88h1A}qrla{`?knjGU#dJ_2gGRW$HakyP?iz&TMCg^jHABkcd`cSVs%GD#8HS;0C z{c4zCthEWXCx?$0yVI_P5xTq4mb?Lrbftp}n7{+MLM zxym8|^$5O&TU$PW)t8Bw4uf|M45cg!<4nI(V0@OE5G5+NGztZ}dp=Cg&VJg+vjADu zRA{l`CuWZT5YnEc1%64lb|)ohrO zA$v(h{-D@pq4I>Gr;k}9XG^-G98z6;Z}_}W37BcA>`LfmkX3KI{qrR$eQe~POgeO3 zC`QQ`oMD?Z{;?Cu6+lafF1k#kpD@+WAyx6AKiCZGX{>fh#8Xmo1H#e)-U|^mnlPOq zQx5A{R7tMd;R`$O^3nPTm+w>EGrD_9H;1AHFVVoaFD`(s$LhyGK`wD3LTXym&b);mJREr~0FidV*G3Y!hA+@wklrA?q9L8(EqWh3#2R7e}M8LPxx%Y-Ll zieDq+N~EC-3tg?rcPP3a1?Z0H%5R#X zr(;_T-3Yj$>FzEtlb~qWgx}ard>8n5TYn+a@A~1rRC~exAp=ZY<;SvRZ;#c7UWKSP z+_{AKVhiHF-n)q367aY7^ZX(f!;)9DHMblt%A-CExxkAk4HywqOu@~O^5)} zx>Poor=v{4;$v_!*+#2T)=VRe(U`MCMvr+b7QNE;cdYyK?*7Ew#jo%pd{Es7H+uHl zqtDdxMft=lu2@(gvYK~Yq59P(6hOGW=QaAW_cb5om|*)v(X#I#j3^#_mBm+AkGf!C z5`sm?c0E9*!p<$2ed6iC*L-h*a=d0DjM$6$Bm`(a5u)7-!8eBu8RJR(dcBdAHsn>o zFAkA(bd8DD&|JvY6v9@w*AbhnJ}d9Znl4=F@)vDT;Z*|YVCv~f-uQuilUOzR&b zn%dB}?!BW%CU?R`YYM&iG0e}uC+s*DS}q2bGX}?ysWglMf9Rbpa`tb0<;4~MVdov< zp;ZyK$tV;ldo!$htEWKldQDrm#a9|*l*}JP!A+Cw?V^%p?I{B#L0@6h6YN+Z?#tAT ziI`^o*0czrzMIau9)BOtfcxSHF$#KatA7IVVo9xC$_kXrK<5%IS@^Ug zQmLg-z)9u+^6=Tg?iyGx?c#jkeI?*mG5*G&z~Av7q68@~L~bkGeXuh2enjSMN4NgJ zfiR?!f_rtocBK^~FnAyyva4E#-MsT)C!KAAbXi!3lUwH!Ix7(vx&)d3xa`-&5q{zz zzzze)4k0S0lSD0sE`$2=6RT76HFoOX&NpelG2o2UD zd&DSIOd-OK#lT_=0$|Zpsu9S-y1dj6Vc_y|N^}{`x-UtP0%#+I#k(2dN%Liu*i_Jcl$;03uPCG=Sv+hBTbV&xpAeuPIj$a+c}3 zNowQ_;wWF-{Ji*lrj1Y7>#fAXKdrWd7ILyAZ)&P$6!>?HeV6)@cLO$Ih@s|2&_zo3 zhgIP26Z*={#4vM$C%?yPiXAe6C!e*5F0Az)&;bO`2%t)SA?ek*oaTC@D!^A>^>oGf;w(u$;8JLkj}(3{`v8JUd)(3u2`Gq@5J; zFA7pH%fGsN!XMJ5**^kgqgFOqI72|og8vlKsqH(PR^{Yd+9JTuz2?kYW_io7EsbMb zx!S-d6Aen~(yUv5#&&3jPiK{PG&6etYgZy+=H#)O)HeE*`#DP=<&JJVOAC-u^<$0o zDb*KuX&iZ;iC=i=B2rIsAsM%(K#JbOJ|l7uzTGTl{Q+XlJoO0}r6h3%=;dFwWe?>To8&Gk!A{8z@x7}|OzANL56cr2S>8P$z9}^M z9&tT=L+jEeDN%!P4n4A?)ncC)3jc4Iev^0i%-i6C52=D01j1=aTbynH{Y#T75(Etk znyfu+m-o{%Zl4ee>>3<7w`TU=EX$JPc>qn+RD}^;-LlN{Mus7ur?U{k5ncHqRGX%@ zKohpewV*Q*RdDz$?d2^Iy1GL;HL^0XB=1Q$n3@JhNebe=EBh4=Ph%x*!vtB#VS>CK zcGhXPQDj_Mu+zd|mz9Qb96;L9uS2^K0V4Cp+OlV4B-y-CIQ8RpgLCqzOV6Kk^+o}=XXE__o@q8bgKEC0Zd*Q_~y zsf&3A!Qfdyi(G*rrW8$36J3xUfgviqWYJ?yZFo)sG6uc0P{cGoISRIskf=dCU9Dr7 z;`R=(VoWl8>->PQ z<2U+Dy7eYkegw_`ckI~LNAV|P+!Apw(VF<4O(oD@AQ09|x5wxS>o82$ZmeZFZt)JJ zDRAY)k)kTcZ(~Nl<&~{bIT=1dR!b6T@&v*l*%HA-7tx*F#TLQuH#y>aCs)Ia%_I^l z5x6~j4Cq0Vp_>WvJ1xz=*o@yt4Ct$oH+#3m$0-qwnZYqaesxua2*=csAY@vIg`qa9 z8|O7vob7=IZ^_>+yBv)`9yU{BobbT zEwPX}7nVRSfkyeVr+9V(NB^Uh-UCz9NY!xYTt-nx<3e9!{DlpkP(1n6jYi30qIOcA z1gC)r14EPEgr&~}E-Tx<+H^2$H zsALw>S`hatyJ7gB%08x2kS15!&wJGSM=!{^3-!FuN3OMs81CWgZ=5KQ=eTN^B+hE& zNIno8A?5LvXdt+@U$TeW-TqRouT)FdD|H{y4wr-u zm&*=p?~_Vw7RJ>5{yVPBn}oM|oykD6uhcYhS3aH8O$C2tjh~ZPmUK>J(=lLE@Ld=@ zB^Q|6bp9Y9ASGC+E3gYYHo&xs`T-D^xys8t#Cd`(wUMfZe#vuAIVfNJfLzk}wymD! z6TY9@k=b)Af{;U~{GO8*zFO>zsKtB6Z@5WcIWM2LWQF=d1cFUc7nA`nllZJGP z908xxlS`dD#yXVdCGx+@1S+;7Hfp$?V+q>GoML0UgeKnvl)NAbP1qLq5n)?Hn*;=9 zVhNrzi36SxrI#DDBAeG>Zh5)%9@)_C!;y*n02tnDpPe9aZ<{Zdgx$e0tuXe00}V0y zt)JR;*ZqXe{0P{{iEc(I9q-5*Hx|0;?$`DR-oS9$6(3&_zQ^?J3}85y(e&s^sJ|?) zZcEr>%2Eid0RuU!Uy9O~PYGsnp;Zh+nzRr?dk677rZW|p*6_}NmE05HLRM-ax--%J z6h4{4n1klLt%PH2Q5R8!t)eXgf->>=@ARN*2lE!TLEDly`K^>sVIpCh5o74ba8?HO zAY)c!x|KJQ$ljFG308S4#6plu*cgM!uQ0CX42h~Tdtq75toOkEnd4fXzj}4M&MXfv z32W`5rr(U0n)@GD`Df~YSJvyL=Gq+Yd)b+CjcTOs6NxPzUxEt31(5KqNH$w7NH6gO zOtQ23E#GEwyf|-f3cmDsmXT6mweM4$ZH?RTf-t=f&7;Jf!BkcEDmsN=Hba6n%sYH2R0ij6nNL-D8O8!denHbfh1zni(lO!%IWi?R@ zT-}ubB1OX3@O_bpk!NLwcFmg>CHk*gBOVDiZR2=}TWLFUpCt>^qf;Shs8At{8fxE( zb@;DZjhGWo#p*hRUgLDts)FlS3JuIZ6JN6c4+%ua^Q*yIXbZg4-Rr-{sT(io5uC-{ zy&kl!o!nMO^P5Go52)(X4iAr1l@OR~`vJI$i=&}751!9h(Nshd+S0a->dGu12ij+J3!RG_I?I2PKa^oF;WH^RVEA}20grH3ta5P$QbyGy2!WPjx7#BBE_Y1`}`6C3#|`@OG~l&PwsLupsxET99YKJA7^2ln@) zwfOMi^#0ahJ*hUu)bF-2f*BX*yY|bA9_&Y0p+>Ll8&d87uE+#Az?)+qkn3#YygOIz zJE_ij6D`xQv^NK^Wg;6yZ)e8sLxtM9|4~)3XDg0L5@g&Di z9|Y)Wt-b*Jcy-)d`4Lm;x;{*H3FnVH>KwFrhk<>Ro|6i%;r|DvSMq zAP`8Dz$`Wdq(h~N>s=lH8kn!o&*EJrYd?sZw(F`i8}V7Sakeqc1f(B7E_OMv|9UTH zgsqo(9DaM?&)tST2zM0bjuZn!Krlg@S3z*)gDAZCT{trlgou~vHPFPCnV}fhScZOR zQ#AO=gZwEL*Vk0Dg>BStAM6?!#woEFNQOo#qXLg;)Lu{kEnSG1~)%2g?QojVq6vfKaB1LyM zGC!22WA% z(jO&{?Fs#WtITUiK5f@1s$mSOaQ~ z3?GA-4A(FxLXLA^12|XK#~#=iQe&Aq;q?H!XQ0PCdWQW_%}l4l6JY(Rkj}$16ZfM8 zp}Hi^ZjzLVVp%50B#K-`m)tPyu7vP5KDUIXFiH?L!xr3vTE#WOaNpNYo{3GKk|wnr zmKOHVLo)7wT2IdiUpl1nOzj#t(2*;N&6);uTkKzthBw*^;hf(NJ7Y`Hx`Eb!&B)Ir z7TVT#Y1EYp#DCdWOtQ^Nkc1gtWVaZWGeqtQX3~JmwJ|f&pG{hip)6uaCUeXgc}C-W z`l9@1HI3L+slirU-ftfNey70=g29PaU4s_KUdUjxrcQDt^)6QgBF&z$P{B7$jH?ij zkdmP7l-kz(pK&c+%et1hcENb9;gv25OpHt{;1AAHW(vvM5xWyL-==!JC#15ii{|1l z5ef-682aG z`eZ=8JP-^n7atynHpRn(mFp+>MLrhbzK8u2(7m-0w;% z=t_9v4tn1z7dmrUr)B(lz~Yg#G1Bjc$Q^0xU4nJf&H*hAuXoj`iY$|xYE{YXe_EIi z;3&o~y1K=PbEL3zj9s=3zql@|-?~Y6xA;M4k7_Lgb9!c4)LS$4IQ?rJv$A6>c6 zO8(~+2-Vu0*WKd|i{i0wmTSX1*TlUc-7qH+lSH3qF4s!UwGhYNe+k}@R+BKfBqQPr z2Zw8Gfx>Y&Q5&`g*zT?cP83?9jsAm4ln z=NxnnCH{NPwHRq?uHG|d-~Z2?LoeM6<*oAaoIySNI!Er@b@R$+Sok0T|M;bU!8d-6 zyTxmNM<0y(f3blXIIAqxUBlYyDPm7Df@aC{bKmyuVKZ;wxMOoH*7p0g#Oe1jc`Snhn{t@)}xPfiqf)u zAy{mdbWGSDp`Qd#M~G|@!n?Z$9|@caJw5q8)+Z z{Qdi)*V(c_KMY=v4k&43ay_#h)bCU;=4tUl32&k)K^>TeWkK*{Dp;r;aXI5#uhnGA zAEhj+DJVX>af3xuE`?Ho#AM5omI;d*$xh%qepJr*`>v7(4eG|OD7(@5@KK0fSen(f zu|iPp*xxyN8EHXd@x&u$y<_eR95m$g3cqGR+KxIhSp00#AgPps1g+OvnExvbS%KS8 z1%s-qIjjAcIth=2+Hr?MX}t=|sE;e%`#dz_}1vbbk7HW#}m$Hy4h>HX|Nj z@8p1(!BW{Be1g_e&CigJ8UCu(<|)T3JIb%81Xt|E>9t(%aGy69jBV*sG}Y9~hq-o)rV``B<5QEslq(T8IdocGkn)Oe7DC&4JlbQqM`zWwkJW4|`e{BzWi0JH@h?(SFM<%9V$EB6wVBYv*B;)QdeI@tqy7{3T?owKQB2J$% zG|X>R)_PS^D#)aM4n-`OuE@->b#W|uI(Ac}_aCmqZr$2LHlW9Gdi9C{=ON0A1UfxX zhk|XBZGoDa7Fe#(`VfyU&+s0VH?^nFl zML}R=5B0TiY>8TUQU2u4pZAhR&4!4$Os`!E4)^FQl|8S=Hs5DE>x=+QWg-i6} zU#9bH+-pxyv={~kT?&zY(uV_+wBM&dTLOZJ6G9PX`sID02B9G)g%pqiuge&po~6S3y>`A`Wt3zEQN(gq`uakRnA76jS=|G?BU z1u~8sa$!m&x)OWDQI7*@du6j}nfvra-7Hz1u|)5tGnGtPdo)OG7ik+e9kY z2gwd^vyf*&b~ScYjQ`y>h}lkF#D*${7)v5dNDE3TED2QT2N3`N43?wBOo3ikEXtC& zZ&;ENibWA|ig+A{5N~`#Ah;xFp(FW_NYuYABw>rJNhf=g zbPkSNS=(unJc&8N*51fRN{;krI{)={??)FWx~7+dCBuHiaa*((sHaSiD|$sC?DzY3 z15ekSeA!1RKK4RLdWz5!v&aM|_C`ypI{6SmvCFCmWfA5DsdmeSES4-OVx6MklmKRP zeD(VbmSI!Ev}EaBZunGsE$VnFoSg075MCW_cljt_AHLrrM|^K3B7wuj5R|F@!f?4a z!i#nglKjR@a71hRcZ6zp2mYEz{lDF0mpf=dlE;_`NzhElF>tIkj_5;z%^byrsDeEK z;Sm?HIqk5z*6SmL?v7e?WAcJt(75aPR~wL{mTUMt#!iYwlSM@G&=&47W zGs=b~|00NhMIgnV5(9oEJXVF`0{Vn~=F)<%CwC=4f}aN)OOQ7}awgj^8Als3bqLO8 zK}qK;iW(ab9_uq`ohDDudp0hHM?`jpIER-U5lq60`dk($zmGdYjVA?>q`pJ=9XlfH zP5Z~fztx2mErD;>2#bBY>r>F$a#bsb!)X-dfer>82Odk5O47kS@EFo1xSy5N zK85>V|F*<_#v&CdT|caC0@uZiPBZ@yeze?o1cB1d$(7$qa84uGI4QY2z4xbP(xE0=`r*Apv2+Cjy zJ{}PA8blSTgxl~*J7SWJH5??SEgHKa`kvObq5eF6NA7zBBdb9>^&H=JR zOb-ykPpqVL3n#Q#)FH9WNU1-39lxp2rRPWCRZ1nUi8I zB^Hde4YU??m$`8B92C^oHu8}f(~)S&)%otzeTxaraxmVcLs!2x*z?zOy1~2H{ExoJ z#EH@1kFVzq@Yb@+j{CQD7(6Oq5=a>Wi?BMXC0EQ5M@xd(-J-*~3wwB? zO~NnjkiKO*lO@aCnQiMjbCz{ggqzza*@(>UG!o7}F%;e!v#~mXuTW1LjE0(?Ksrw( zr~*Wbh=WJ~?1#gHu)OWL)A{l>Oe}D_$E(;YM+9)Qz0-XYKN5Sh^>Y2Ht6!AhfFtpg-S&#^IG(}5hdpoi2W-CO!h1_@D*sioJ;?>aYugE z(`Yg;Ym!~UYNmEU7k`4|jfk7jHgefg7*L)|ajgm~r9dNUC_yY=04k!}Oy8hZmLl6z zTJ|`2SR8GkyTM600m` zE^^)sP!9b!ryM#tLH5=7#7-FFW6U2Km;U0982`HC%|zNSKq4Qe86*M(r-cgu-U$pEFiQ)y-DYjS(wi32z1*nLAExo7H<5&k;CS`HA zPi%bnvCXHWLzb^QR)+60*YJaWXmjdRaJQCEOT5^2MaO_~A0{gbd*Odm&zE*+#gvyoB@>u$YDl$?9mwH~_87uysM&Nwlp}jjdLDxYX zDbm`xO>9WXJ?sUlqSnnDfG(gQvtt(vQSOM4ZfjBqBXcD0&U7RYhEw9Z0dKum7T0|N zqut$}UpR-SsGA817l0S{*?=|vw2rcB^H~eLm-G?^hujq%6GTVILeKdy(%nvexY=Mb%9wl?Er8oPCR? z%?yNAiC0`Qt-o1#E-La5!Z1Y7r20ptU2rJBi^>s(>d9}b`&YHkFi?yo1)yer+KeYe z=IC~cJ_vjxXHE*4eHqj$&q@qZ^S(PL6)osI@I+K#2Eur-t&;MKAjK&)z~g;{i2>~` zpGjE;VjnCfQu?&Z6kq)j+XILGgCc#*UGa;6aE~0R602xrUU@F+L*=1sW^a2#*4GWg zILS>hfCGMNy?y7|f@PKr5gej>(f<*?Wk?OLU_vhD0-@Y=K4<699k%?y71%n-26$}} zrm-zJXSzMF;Dks*DjaaGq$HD{zuN6Tj>cLJ20M#_m9Z>*5+!VclZ{?IfG7;zLtLpM2Ps{ET!W6t>nV*GP^qE@ zqft!TV5&WduxFkq*)%qJUMV)pYuD178-=ad>D%MxJIO7TRySv1hkc?6KaF`Z@Vke2 z1AQv>7>4F0u3CwwX=FY*{a55)v;hY^e#_Qcd2PetK?ZZBO5QkK_ONWAw)L8mfMT z3)UtwNU^jF1)IG*IQuVE7DnxKtpcvT`JB=A%-UW3-;+WzpRse%gXPJ=Bk-oX?6qXr z-`9}O_OpR(M2TYL2{pFliP2{e154SMYq;5Sf-mvb1MdPKLz=(hH1Pr5hh0Tt33xj* zf1fJ2aZ=XiV~<)JbmEn>uI=R4f{}Pf)<;Jh-6^-ttONWi|1GK^YOVfZbt~kwQdoJO zoR4EsEH}Hr@lbg(h+?yyPWRB&vzD7e-|bJWIUd_NWxfZc{QE6W?^~KIL;Mza``)#$ z>guex?#h|N!G#$=6YDLcorarj4V^28cl@*<+UCXSEVhjdfG6oeQd$w_VcJ%JGaRW# ztVYnvu7F2~nSkfthE?4Zn;Rk7c%l@Gl|ir@xOT(JaJw6wUQ4^OBRA;Lg1lAa6t8}h z-ddi865>&+i+Q!Q4d@{!%~!{=GhXAslsK;>NKr~ooD0$A{6<^jIVs)33rVjdOSVTDQ!l`H=#rXze!D1uO^J$XcT5?)GKC`oaFO%L*{XhmW zY=-GbVWito(XbGf#|zW&1qGwRV#|FD*3vrXqk7Q!|+s57~DH#`1q zuO|3Mg9x+z&9*q5g@1i$204DSa!*pHX}zZ{ zE-6|DA;Qzib44W9WPE&kvmzR={XwVgY2-B)jg~chpduQ33gj^!P~6(_9xwqc+{p0+ zIImj?j9jq05QW3*^V6LYk;BUwga|$yyP@dS?C@i2=)!=(>B=!w(J0DT`Y#ncHxRyu zdyx&dOnko43HMFfVu8lTcKGDKn`C2QHbTsfne3M?IaIg>u%OSS{Zp;zhM| zHE3r{$DQ5BTBl+?gub?uQu3Z^6u!*&MG%zKM@Og!YAsz2qyVm{%Rp}VTG~vgfrZ4L zp?uXVMQx)XL0)4M=_J&e;O^e__&(k!&*srv-kO9Z=A*XpdzmQx{Rxk1vV}tI5 zQ*~kgVTP0y10}N4#t=h6D{;fRl18A2Ud}I@4w+=-Qf+?p(1!dKD|@NeRhNU=c^>-k zu(WYpSeSJh+x+Zio^3sfGCedvb5M6C9?>LYXrH{~C}@~1Yz0s#rZ7x>W+T>R()Vb! zt>V6O`|{qjW_i|KJ{{!u^HxI(jt^BCGN{C!6Twx6HFUsHu<%&1Rx8*r0nLn$j=%_4 z@00AgkTwE8?A>Ilb2%wPFg+E)(HV{L3Y8L2-U?Hk_|b~gWZU{%<(Aid0Bdz}CrZXZ znVe86m{?HOxmeNT!Sj5Wx^7_Pbc}hy$-*jI%aiL}(*KQ>iTgWit~cNWjJZEv+(QTG%&RGe`Y%PL=wgsUM zO4!@x%ikH#>WrS+-75SVlmCW@0E9eAC%V){#=FKayVh>03(_n>$V+_c-LNZ4zS# zH)0sh!Tq&9b0@ki68N(l_4R<};XM?LsfrjX$_}JTj=1C?(uia6VdVBV24?8$QtFj1 zzhOGes%jC5MvB!;-X)@x?S^EoTha>yYihmSc1DWnz7zc3xCNgYLmfa93 zNZA<&P#ijLf{pk>#6}LL@&x;S3w$zi$H2)0KQX5?(Yf{-H-ITShWbb0nA*@E;mN&2uIJ@#<~w?Z7PNs?v}HAokYil ztHvP44uNXwHwO^-wy(yv^osF)do#J-C&@xeyTbEhuda%-o!;N>9*%^lCwiPp0sSpj zwX_uRHpKkUcmsg%9lMR~-PqWzV&^#DB-#I_Q5PI4(+(o5;$a<6 z#LskdVa0b|$T;DVoA#!y{e18=}j2OEqsYa~xX;ocx z@v=SkYB2*^gV6wK?i`|Q<5URW^m6F`Rw@Jf%So5_^TRcqS=fiz1LLSnlYBZjV^J21 zoFoBHNrA&{>F}BCl$$rwf0hrxw{iWMlXnPD0e>%VR?_v?*YM3&4(X`Lm>5~+_-aMN z;vrCjwQrjZ|2Q~hRg?-pP6Ccdp2^SGgS%G&hm83>oM_(6dk1Mf*iMl?t9Gu`*)=> z8zfu7A0tVe++0(+=~KA`YWB@7K#v(^6T}sn>=?d0GB2m&3F4TJaX26EV4-LK*gyhr zOlHg_$({;F=BYUz>8yX2)kP09?BveXotnH5o;B>0ewzakRqBsMt>x5OY{B0bXm%$l z3F~&hDvZqK;EN+eJp6}7#yr>}jbB`yr5W*@hHWtWPgB>NT=kuu3nNC*8K+;XT+#dC z!7P+__~M+%4`;&KLQ$FbyGRNBSK$Khyn{sV?0PPa(xl|V)L-GiE7CDR-d1MzXk^=#gE?p`P^-BQk5fhP?~=U-#Z@c zq&*WXYQU)cugMdqv*1OVAui1W7xl#{IDvGSnlpY6I>MiSK@xY;St#-J?9{neTlU!!e=vGZlzbBNuePk1p_~ zOfX|hPg|tbqt!*bj8}PAP$JPY{OF4OC0-MDN=dMNR|OIap42J-NQz9D>bRmA*!@p5 zVsCK&TKV(&gs5Hk?pldnzzcgv@#FV9Fl$6hLzRk~@Wb8Ku9Az%efuP~4|KV``)Jsi z&6^h~a&*0tFS{s~*K)dCD$!*c+N|8+e0*{-0xT6hmak*`AWp^}4pOblbMK_RTl6U; zHJ6Ndc}SeFPnO`&nd#fZR*MJAuG|#G_ao>DPrZ1&12yFlc71t%dN_Q;Ax{_DXC}^M zhyPO-^jkD`HdE@+nMqKVyxy(yfns~BSlEbTuZ^v13W4gQ?9yK;kUPdn{8{EvDlsH4 zOE$tO{SJmVd(l@3!vaFr6oU0%J@c$W5g}{a!K|z$%K{^X432b5sL+dAlvR(G5Xk9(TrJCm?w*)?af!HY&YID zfsr5lCr#%Mv@bE<=GM-`l`E2nu2R0+A=2HWwa$l7dCdWOP1$-sd`ECUCTXr(P+eO=OAO^e)Q5Iz`)m=`#w^ zAs);WV#U%N3Qo7?ck#RfH(K^It4v%0D>pPBzpi`JZ={g3N-3jVFoN9ZsPyV#daWJ( z4+9b1LOMaj0|oJH2TB9>BXyAZrze z`$A9@CI(B>{@xGxrh52RS#EE`!XV629irQxzhHaom!N7Cby&v6(@x)fBnum)Y{m zy3tF9U{)+$oA7>%N55i;fr`VWg~KY4_=}^`1{+&U>;gUzII8MSlthLN{3Wv&vntj` znWYui0t)0Qs|M2sH!IQ{`=ooRx;+d$WE6Bvk+501J z^{uPn#)Ks8H34j1TA=BgfG~sI ziDy=b`;a4HdKqR6RXM3iiOndCAZs&_2qrWNqTskaON%x>5_+CMizPFX7vNFbtCy`p zfGI_N8RjY^M-!a42PIA0yrD!T_%nba_wh+pDFz6k2)F|&HwK_toHj4D)*5e{d2_27 zu$ryy;w|A_J{Y5JsZPHyO=>7N?rc@Wig8(fY#|-EabFs2|qz>u8KdPbQ(KHF+K zw)BCKTfR~$lb!1a)3ieLRlZVgNSDuLH1#6nNk4~$Im+YQef8R63;Ps|V*it(g`mOq zh|zKZ0(Q2Ks&qWxlTF=U-en>Od{nF`(S5503t!t%Rv=8izWTerRxqz#I2XE4>?lx* z$`~nnP1op(-_2BFX_d^eyF+|?I|%q-eX*@YLmu`~>G2@&Uw&ddrve&CHjnPAt3 z=x!;VXGktcp~n={Z6?JH?C*y$aQdtaGruEA2C1@Z5F#%cieQ7Y?aRXdm=h^P!}Rlk z{-YozVILeW`lyM>5GES5YDBJ+&ZdCmASEn=w-1V!mB#8kkSHO35JWDywPI@;B8SOi z6^>nlGNij;agM}qL`7Qv%uR%9Q0FYz(RPXXLx3agN8!&t- z{D3$&MBq^$rgGVTkQ9=^b66rm&O^D4X7wqvr-HAe0#o5)TJGIdZe`Q>e%(ETpwfic zDT->N%x5#QV)Av_ad(2dy99R#AvgqgcbDMq?(VJug1cLAcYQng z&OKGPUfp{4JpN*@HPbWGGt>Q>?p{6o{uK4kVhJH@r;q1Fm(acCP9E~qGtrX~>iIG8 zp*6GNX2vm?Y3K}Y4AC47ER?OSz4M_KLEl4%>8=_W2)>4zFl0!a&=^0(J`;D3xul~>hX zr43Eap`X0JEH(F`D_+V5k9$@|4{hE(A9A8v+Vd@syK*&SUomxIX0a1tAKW*E2q%?) z>1~p62w}xkPp#6dg{Ex}%DFCJEf@SszX?f&gI!hk-)54snv6HI`$D2p5xv214#PiK zD)q9`XIA0p_5Ex^*PIuGnhxFgP@F@+8^!*G&Bqa9FQ+?!l@8eLgb_a>l5+>?Z5yBnOT}DHuSnna#V1%Dhy?L zi7MD+G>>gK6*zfU`@{(P(UH!R4vRR6vmC?rtGLmf&JiPeMw>Q={ zid_7pxgGtH<{ttq1=}EYb4vMDDTY%3!6lgY;i!$}pU?UG^3)iQ_@voCg{^!rB+ARk zF;a}sM%K@}H&L{GS$^idVK|>Si<^baZMCfG;lK{(^#w? zpiFxwONNPgpzpC$~jsrCV?5K%MF3AK`WTm z?8JW52LC)nAlluoR{;e@A#jRKY06vdlJNG*uk*l;i%Bf08~({oESHDEG!wS4J)ax3~kC!k`oAn>4~Hga%@M9PQ60* zm+ui?P_0v+s}{GGhVjfo1;j9|%({r>UakbwiTLd(Ley}K)glk+#R4B-mp;#|i3F+? z&?dw;))?IZopwr4j%>@!8qqg#sYRIc88GJz@VKY!f^+nXFMzu%4= zevak7p}PNURmc8E2KnS+U7dyXyM=mg93@HVaslLzWHW=b4dm5EcXAzp+X^qebN0Z8 zb5`{%y~g2V^Sw3w*&Xq(mZw8SbS4l}n8_H6#aYg7MR2Bu*c?n?PZd?+=x0grbIRcz zzm8I?4i3Ci%!=v8uST*wzxdBlPd}ZkMtV6;D=jol2|r9@R#>=+>pTw5p)9V6-tpCY z%gR@O)sXsncr35TP8eI#scq3_DG6C%IHpTs41+}pA7FGZfF2l>Sm>x7E$$ds$@_H{ zq4U+qJE0T>YitE;=ho;TdIfY#fGbe4+q@_2j>o;&w5}NVDb|qqQTux^?PPSR$>-Fg z;0;yQbOjN8N?hY`UG8*+gF}8F8oaYGy~g|8hD3(~YN8U+@H6bF?IIKOiL*-lu*!z6 zC3vHIqfyZCkj30b!i3?|v&D}|wW#KZ$w7C`7MWIfl~@YS%Vbm$HHy-IhL3uG_%$y0I z8Zqtm#b>2eeR;@;M#hB7VJ6%76G9B`R?sYvCT^?9Xo()AT>J)xLgrCZ4Skv!v}0;PKip;ovM`907`j~dsT5&?%Svbw-94~Jh|adbxl$zXRn$j zd&(ikUQx@8hO?`-PArg(YVv1mxtGl_VJ$jyi90%leU3%B>QO>a7R2aw7S*$1%f)E7 ze!&&}Ww1V|O)wvKs_cUsMYB-|Rr6RX@!Qd)5}seXzeQ5`uX%n!%)z6MPQvUuuUmRi zTjxr*u7p?qXgR-9OBw_V`IVYm6JBSqKO zLgty0%(K-zefP?{(zan-)_C;ZvHk;3i$?ovaG(o1bgqZq0Hm+0nI-IxIYM6My ztT=&4`^1_pl?{kV}sZUXml-u z602N;!p+w96V*HPnl(oLR&+edlGevS4gU;UYJ!4hz2sEIjb76bRzbfobtS{{23qxj`L5SpF$GAY-(wvdo`@ zLmR&&r>-zBxU9Pjak*LbN!prd}vs0eeDz7=V7xi3$CCce@ms z7$-g~6;P@rrF z2ZJ3-ZI>HDtu_c$AxWK}y!lsw#@A#yY{klyGF^t-fFb#+~AIyB=pGn|+zsPO&{ zpw)Hj*=nJP|8M|^=|b9sUWqnKQk9za8whjK+EkT$b({-xQSEf09U%I0@<_9A@$dtb z%ZIC{;5n9om>PkG%dOOW>(gjer-D)6hG=Xvobjn;rhp6bacc4~+kg@LbVA6jPG|Xx zI1c`yw42qm%I&E5P5iTs!LI?JG&pX^?+ily zBbHFn9&+SSr@CfB+?hzm7`z#%T2qzFGb{cbz!dAiHj@#%>euW_eyGcPJX@G& zir8m}*}c5-FaA|IjG-I}e!8~n(xmy8M3vP7$jX&wfnSk=Y;ibnElOv$!0uXcFLF0; zUix)UB-M!0VkUCe>59pZnMc}Z5rmLqr^Yro*FG2f2gMBfO0sXU6PkR2IR1pCHXU{) zg@xGt$%$!9Jzads7-I5FjhRL)P-wvS@01m;``MEuKvMmX^8Sg1`L_Ru7Yyuki?o=q zs-(15of9l8t{%WLDf@UGH6^@4k5ENEnA#n2TT>JjA6g!oNez!VJKa*TL%PcbB|>r~ zjKECbbI1en1WMWc>QU)ZKZE%cVAB=U*)(9GA99KLqS*`orI<-6&x1H02$A)ik_I)1S z=o_}^$>&f~hB%mm&{e-T=RxbY^(Bt1`-a*?qLw4YbqkJ)P&Th#~>%M8$#C?w? z@XHi}NDl&&$egPuT+)~iCtPdEf6lj4$Yi1}&Vnel+ACT;5jT%}8Hdv`4N(-fB#HAY zF}Gdr?zgW7Wib;Bo}!j!Gxn;tUDH+$w3?48NUr3+OQ(BUWzrpd-pyBi*$gBAmw!qT*d#!I(t}qxl z@?So}$QhMgL=XB7FM-|09e=9x(vB8;z@NGoX{PVPGO1S?RKuG6ij!e=YHck>W0`}+ zsNb=hjQRZbLM7m}YbCRQhX+Z*o|pH4)I6bFqxq0e>dyLdlC^9?~aMBy3o{bj!ZPI=8>84AmX3MZZALP*N`4_CK0O5R5I(~1y*ftl!`p~p|(;9Z=_e37s}IB&?bfqVT5g&bO2GH` zg=au>tIxRmElds`+1Uzbl57@~e=4)YmPfe4knSW*UT~d5(rR{b%f#ZZXwP2Z(X8&5 zzyRUHty_pN6aUWH_=74#YKf1&3li~Vr3WoTCm6p>!#dGzK8~?ZQf$IMYq87n{T(eO zlhRIw=#ysVOX6g{a3|wb_nQpwI(d}ueXUmOz!1rgjq=a*r(M7pE##R0S(ZO$K32>l z=PWi08tCW1p-WI~?LH3LXG^1}K`zKY_s7$6b_3Kuj_7eqBh(;D3z4yf&Jv1cnMeLe zFWuL*jYi`sWsgnk#g%q~AUoZKj<)8g0u83j9|pAZ{pQdc;Z@Am)*m(x+nf^Lu0Xg`MNy54(d(8AE7P z+n=&L&BjRYL{fj!u!fm4R?PQBVAPUx8C5=LbTaKyK3J2SQ0}?6?3wk~Ggv-l;IUMo z{{FjYu|A4RM)el6ziVK<|FMd#%0UtjbFD3`eL*x`b`Ej^;f89;X$9P-NvQZtF035& zRRgf60Pa(!{(c;%rr)R$SCLLKHk3aT-+;&!RS;ZCMNby>*OLn#a*3ZwQQ8S~9RgG%iEv4w;N`_bqHWnO&Ps z4a6@WbqWqp8II8w0biro=upZCY(Xi3+Y<1EE+(tWE5HK2ZnF#eR<=W^)=cizg5>j% z(X}4#t=b!72np%m~GD zi>RXb1<0gq^RPW^!|2MH`rQfb10=FghWAlGd4cHVte{!;ER5N-PV=xNk~|j2I_N%D zMd00RY-{H{3GZ64ws)IKk9ACphUYCPBp3-C(;Z{dJ}A_pB7an<#VH!CC|sb2;2f_j zb@gRD4ZO$}E%T%(7@prG7qIN%1#TQqKR|RgSV8(=Xry~^hJ zjZmYb7AoaefT&dy%0I`<_`GBU?}9Q8z`pwTeu_p+^($fhk|@${9*RRt#2Nvv{o!@s zVu-J*gf5wK(8y@jl91Z~?fsTf8v-rED`m@=y~gcNZ-QYuP_`?vCApy&_o1LA(b`EZ zzz?}wBP183ZoV%ri%ka;MNSUiM0NdMj=?w=P!+h>cqECj8v}=5)_GWeAKbH6&NAOp zD{#QbBXjn7O4??9WjRGPDqE33dOu8L@eQ!3%^P#K1pMiL!LI_uf%-T>BiT4Py;E}7 zPe2si>SU-tai-Rw09N)TYIIv7<>GL{p(2={R8CpvYAcglTP`V#b!#lNKnL!O7Q=%yR3s^Oa1L&;_bR&vp-yD1w|IGfEPmKz{)=GyC?a0Pm z#))_(`iW4BdIEgfb|W}d#uX$(tDLhb`;!7Sx=l!vJ>?x^Oo9Vw5y z$Pw|X_Y+ab`N5Q*bN87Qza;p~ho*NP*3=tmp@d}KNzC)4?x~CwO?nRJq_IA2ANFB@ zf=gd#`33Lx%wZ?b)*&Ci=_iH3AMjH4XU+4u4^&fxvK7QXMUU2eH^Pj` zQd84{t;2gC2YjD;f;K1cPF;;4c^?owxhDmk$4eF^l{i%f@jfb6Bdj#tI|aZvd&}vu zg+m7A!AwIVw!-z&!NviQKfu`_g)>SX`S$dxV=B;u9jV3eqzYR*KNe0P%Eg}26`@Wp zpoGf;4Zc~Yq<1FoJ<|sP3MfCXaqVTWAKd{}k^XkqssV9y-^8uI1oiWH7;fpf#IM+9 z3Qs@?dwkUA<_8hvt+GWJzcn$d8V9Mg3FiLg3#tAs+&bYZ-Jw*Aslmi9)B)Jvu~95R zC48y*wykxGF#c=oRuw;_wr;=--pHzB@+_1b>*1CRcVnXlhqzeCq78#dLeW!zuse{Z zu>M@VY>>qOU??HJjSZ7OJ4XLHC_U#yat!kJLYvigm>as1`I*Z{onKZ6NjexoDcOH& z27bp?p;zB1%d|%=wg6U5g}Q0=kB8i&?t&x!9?M23x?UHyF3-}-z+H}T*#&T#i3RJ9 zDyxN9$@#U9R!LS5?dX4i0|w%T#?RgWY|8{eyuU}^7`|Wg!!<44Yl6aq;20!}4)zYu z!G3OzIg6|O7)(xR@&jsPUXZ1isuG0@6P2na{WfXSvf@ciHe>OxAdVW1H6coKH-cmo z0@=s@On&GiPL6mKMc6&rOPP#JkA^yWpQ8I=S4&h0*;K~^zwaTmHs$6gSa08q_LGaP zKs&&JNX9>E;iY-7EX8H71>yQvP=Scv{1MKRJ-oQ^_`LYT?$MK0LYCNP`}pe$E;&E$ zlh{__FIy*FiVLPav8OYbU#X)_RNIBWN~a2LRWHjk`RskwirilPJKlN?anT{QH1HCD zFsgJnHlcg&B#0F0DTo8$u`L-%OYKeC{Q|HBM(^c&Uw9y!<9g+MC2146i8gUlGk%`C zf_;J1QUuk#qJ`e0w}l5Fi)Ix?2<53|-YTfwfbZSK$$X2&nz`=zai-ur|EIM>4@RM%09BUI~;)k4|rV2j@{$q{+UbmBK|KZWa1B8 z=^)B$1qpTv)KXRN!~M9XGj?&tNHD9-vwd6iWzR>817o+KEG2tXY9HJ8+Q3o^Ss^!{ zgBUUL;u0GSBZO#?*t(>(m2+EnLkmUd5|BdwK)tYrG+m(XaZ5tlz%_7m|JR>r@`Md+fXgJN@%+ zy!x%mFgtDy1DlNs^*W!A*IMZS=SKm=1}|RyOZksqm*x@j>)j4pVj=~{$c~IJ^a+Z| zPNFPvRRm^n1Lh*8urf0En7MQyQw273;B-f8BTDF6VRehXRFXK!lZR@zF_)+n8~h}z z9p4vN`glzh_WBU)LL>wuv#wpfsaFK=aJ{o}Gr4E3mdEtye4ijqhgf9YV{pUnVOipZ z{8Amc_Jq-+u?^Rc9v6a^dZ9}h7Q0rJJ@KMs>}X=4RPHU_wX5vQF2rXqoDJMvY%-v< zC5{n2Uw+ahcW68#8P}h@b@byQp$c95ADe;r(2J8mTr)ocDMu5)FH9?N ziQ(_LQIV?Qyfbaf9m6DxPdV!RP-s3QsKJrW$j_rqpXRR$UeQ}PM~bpWxH*(n+(xj5 zff-24!_?ZQ${Ng3DTGGQlyRvnI-KVX%#d??aRXH1FQek$NbSB@$y{}n()Y3qf6Q8L;R`;yt~@F2aAGOyqfWN$_*?!?^VSTgOXs!_l+q3q~9+#s3l}|_! zl9de1h41w4?`CP?Y<>tjIYl*?b`#h}Sckwgy@CHpBq1qKl>wx!kQt-;ARTGj*gvyQaKB@v zKhVtXyuM+d`Rk@?)o4r1s6b}H6B%{Zj(df)!?~82vOjQKmfIDPHe_C;EX&3&(V)O$ zAp>ZP$5?z#+R=IghW!FId2oKddcX5rF&`oOP8tQgtmXJjkRW*buCw`M+y1GDGXB?v zUoD+I4L)p)epH6SK9i(>Y#L%<;*`UM<3YF=vj8J!H}4BF!WaBc2pYsyisaav4s;CM zEsq2sFLHO%(i6YqQu!sV8%hC`exYL(t< zQQ%dOYht2{d8`eCzWq!XH5F`EpsgDuG>{*>Ko3%%OnGcWVX$ENhQ`S|Y-PXc>rLF; z$hvUbz{S2Rcmst`qD$8plfSAsA#R>r|GwpMxVWpWpeAxgil?D@7n@23gc(ZFe7UqZa=Cb0d&Ww9trI-y4zY^C@?3^d+2RM&apf-wnca>1 z>2=2IWNq{YBmo7I{bOj|Z4^FEvL7?F0`fS*1f`Y)BE{R+98O3Pm(b0Mee0iKXVQDW z*yD49ZWfEC!|m%6BlG*gpszoYycZ;OK7Uz&21Ot4EUG|^Agy&GbaY+Zic&y{&U=K` zjj+yQJ!){5=`vajM;1!v^bIyWxV);=Qa8}WPDO4r(^nv#x^{FF<|iK35I$U_<<+%F zE&0V%?MP)yw{$2N~82p(A@wdymb@<;5MxFaw%g0}vOm^+=^SDu&ne z)6EjJYewA<7{p=JM5pMxKRAdHKv`NLaDoo;STzfh86TL z*M<{OR^R_XPY_#SpEjQLG|W}I4nqoC^kk++FrUa@f=@33NM86;?`w3IF(;j zivXI$GJ>>*nN~-3k_co&;@xS-Z>ED|g9PEz z|H7jn(Fvep76lBz{WnDYKRsI0T5eM(m*!Ag_3b1}$6sVCpn_x;_R8D&A>|OE(3RyO zkr~uN1x{r$Y@-KnD^8fd2+urz)4V z;Wvusy(Y0pu6P((6xn-v{((J!Rzb0e5p6q+$Xr!mksq0xQDaGffJGE5kNRCW^9}a& z#}ka$XKtHpQ7QX9(%u>;0_J4ZjotO$9mvbyI_i|hm39ijb}q6xp8PcUI#PS~RuAQX z3kzgwfflb-Fz12ovkrA~O(_vq0BMIULryW~hJsbVV12=osUU1#|Gq;gMj$~eY+Y?! zd>^FBEOy|Q@6M2d0E|CGChB!zH1ZHQAe1;ZGHTCZj~*>ZlUym-@D)tR(icOFRKAT= zwBueG8xSsbKLp{Y=`;970z16#0LvXTUhtB`W?pI}dQ^L=;9JT)f2;K1#@S;gzynxv zT3C{q6eszanMn~4*X2r*C6G+A`=Lect4?lQNbQ(l$p*S!h#49JP~Jfdsr-Xml;_h- zY#0>iV~S_y*6UP1lkYu`sosb|IRv50O=A)sVoq(Uix|D&S=C+niWr z8Q+ECGadp+7{5#X^n}P)3Ki~)2huoe1N+ax-E{KugDB6~o^Vd<&uUXQz)m!}r`jyZ z(n&?!e(>1hD=D4lt8Jk8Q@5l8_rhsLJb%!=MKRXemR>ii3DSKPBX8!gwPZ0qC^UA@$iN+xBFalD*y+BG0le z#@5}7tOo@iMf3wjBa|{S3{==-u&$2}vkMa4-%-VzmSC37VT2u9(tvviskx$ChhPH} zxM=ysiEBrW1kk@e6&|WE#dcp=S(b4!{|q<~qO`X7bVS}M7S1V4Uw-J45y=^RC*GtA zTeFJde`t4SV~hP3p*WHRRN3}Eb`8!jR^h&PGc7|LtfhEoL4(7PkHLsYt^Hvi#;%}9 zFxF>(t(w|-6mC@tP%;vP?Q7j%J(>M|nWiHXU*V%qg(Uo>R=8%=WwfM?t#9pa90V5f z7W-A$#CZOr6rjXQ^9rBE8px}-uK&D4^K zy4s?7NWWbsT)h^-)M5qBU(;MO_|*8M7gMpS(y75Vr2~1!$-gfkpH;6w;YjAldAx?+ zPHrMr^A1Y`R>g1VXwIS7(t5hMGB72G`pJizWOQn55+_VoOiOX2NXL;!Xdz~(dT%Ph zR%YY~H`F;Yp|Z*lt!+oeNMxajdxHB)nQ^!d(7r(+FB+LRG}OjBeli-;E-J)htf8R? zr`0+T?ko${1jhH&S-kNUV>wIU6~M2>THVeURf~0j(eyD|Im9%%@~zmkE3VjE`lS zG$=52qAdc~hffR4n#W?r;K{!!{icIkp<3TYz6RnS3m|kl=JL$=-e(iS|2Z-u87X6D z6b<+65&Hc}RvxUBa4$V0jzYa=34Ru0cWO|Qh<~nvVTKNR+XMsrn-;Q^6%HD5yx@m9 z7JVDkUsqlQ8lkDzK}o7w0Zfjx3VH+yg*L??eeW*=-Z~>Q-Qdu>A5SlGw(R)$FkzTK z(@6gL`YY9oMzEhJ3xBr6$wHIXNL>TRf`M=?35Z_~TlBh5&;J_IwC)tYdtHYIPK8;=pDLQ{t9a@kQ*;b%WcoAl2Mc{JexMSnM$=3{5%<=5UoHYw{Jp z{Z}KKk@mKWDfIbC?(Q33pwvs!2|3c-ixKN80>>Zz{vo)#AWl{XD^imvL zg;=qpBoZQEafB+fvfF6}9P}urDkT<)hU8U`SejkqY)b(3Q?ocXhl#WF__X}wDS11h z-EHb~0v6^CiV7E5{C(rB4FIfsv?5 zLnl12omz^To_pD@)-A`WOoufAk6+JRoWj-Gaf%n`V?;Kt!xpQ4Sm4+@>_i|cFExLI z@9qfQyi^XZ_@P4P-vW31SEaiA2J*W}YS4Thtoe!MkG!a43l(_tYEwTxQT{D<>J~{ zl$GUEC8+gbAW3;RI0!0Hz-`e?@mIHC7x#At(FgwZ zb`ZDDnXAdVqkRcFKRA)W=v>*sG%Ptfmj6c1>T1Shnpo4hNJT=)P%&c88hCh2kqaYX zvhw+JEKOW8I;$l*KEcH73@uYuTE`2D?;}Ano7lX+Ss9`}DI`IXlKPFW_J|rGLDi?Y zWHX>fQccrp+K4P)+5$O{2TE$sa8UGT9v~t&3BJ_#7s&ibB9fS!1p6t3LbX&&WvuTY zu1f(zglB&Y?Y>LIAY49;T&x<*h&J9VdmRYv(m#X281ApyvyZr~!7Y;b$vshOlyQ!F zjoEW3{v>y^%wD15iKxzLCs#cb z0?r3z$Z(OgDEgMXgj^j0H&RN({_N+e?%wm@iFPO8j+S)i*B5P8D^07~jkb`bm z5KruY%w4(~`iEYUzZJOd7=ZUp!j&ZPi~i{?3FfP~nOT%EAoOprM2{<8AfAaXYUotw z;T%chFO}GIlw{Tch3;u>xf$uUQFwR2%QErzTvHaQh8P8x)1!p?eqBi8C4@5JSUga| zgtioKvR+6$UA&n@*!yJr+iw}m#ie5?2okk0aB4gWst$lcpG?NUJD{!zY`YnnNS&8P zP$3Y}0?+{m00!NgMAlCKh`TA<&6( zT$s9SH?)RyT35t(^3#{1+yZ}K9USpb&8v-Irhll4U*x_EKRnMQAm6e^}kl}_KdKYbkIxgh!@3ShahYCvcfVi^YHv>k`&(x#m}p7EE`%>_Ei3ZFNp zK0rRBSWOO2$3Ad8p2>vwVZc>T=mhRe4B(;bZd_uXU$C{Rm0n$jIIpOv!IRF-+cDEG zu&$U|v=K*~KVvWvc~$o%xrPub-btS)hg>WU zNDQZgaL9pA%G!Da92u>e7YmY%c~k))=0iqJg{U&0GSl*_4+3oFg94-K;>y|=9tuiT z=6L2pNTO1b)r2dR^T$R3HrDAd!^iV&9HlA%u|c2uO@44Snox!mAbg38@Tu_M<@oRP z;+h83(>uT4)R^GI*hSrD)d@vaWFtT5(_QHzx~eU2Jt!qF)YE?#01($5Rn?_6-V8;r z*lrXx4_Mj+SXt<{Bp33m!YU`wChllcG-_Yeh(?eUei1nu|M4>>k8LFqJ~MD1*)~t} zVnna(0r`wBc0udqvVW_OVIzM#Bvv(aZW|=53Uh_6&^9`cXtNZLauB$LN7mw5n-j z0c!;OT#@8Qv{}xt z-&S5NwUuw7{cPM*+1@EKH&CcTIiE0XM1=-pF4>mH9j(ro_Tv|!J_Uw)nll~x^wHlg zN|L#&u7(}d<}H4R1AMku#>IgaD*vnEdM8^fezjFJ*_b$}&Hi$kvb*Tx&VHV=2vd%? zBzK&(x{!ww?fXEt8)wHsam1F=oSi&MwcjQx{72-9FIe%$B*87dK_`w(su?ZuziR}BnGgbWASW>)d;=oR)l(67Q5jGY#&KQEp*NBx`(88mmJx! zQBCx&_6TMgpX1@iY6Qli5yoP*5i5?$&&<9tM04}IWt4_;ZA%9as1r+zy#$Y*7(S`R z;|1iCbLK&WzeMj0uq8E~HI>=6_tq3+f^avLCkt{d5JCC+!(J%w_v;}pSzLsemiFGU zp2Md_B5{kqy6PHn0ztAGVLA|~TL}yV+H)rbE!`cM;Tc;M8CzAf_j~Rr<#Ck4uI5i# z4jV3zWq4yig)u)K$t>Z4PMQ7taXih7sQO&|oux-rSo-qeR0r<6X`<1_W1_7a$WvKb zp$Tg_H*W1?%eWDaqG2{Dew2sv9%ncc?t!x?4j-t{f|HSeiTGuD-eJP z>_mR(V}awtFbbUnO2Uecd_(>Djhm#_NGe6Ux-eCwsRTcSKIP&2^~!Ym9ZrTfdjRoW z4`6@@gbzm827Ur~{X(vx<_E~>s|W(bujixdjHLV(rmTy0o%>JY;Vo0?F`VxBhW2jB zcwPKR;LlA%W53(UwE@&{RBC2}V*N(gdvrU36cSg4z?~^iBj;OH1HGzpn5T(l;Mg-^ z{VV+2$(+hNqm{Aq;6<&RfT@PDk;tsIU{B}65a{N8^9t>mb|4-bK?Q}qE0y>Mo`?ZV zFm=1e>XuGGNglK}wOY$%jsWD350F+*^!F@m!LvilQmrT$TL-rcstwV$!?Am{*KG^4KG5vLl=Jl7T~1A{eUQ^ z1Ug1(Y6UF#{o9JVYij?N(9PdKM+U3brL>sB(K}TW?JpS^BDbf0&cva=9{EL6;6_BO zik$K|^g-W|BC?`@$gK@s;P%;=e0wf1bOvG-)uH5%L!1c!lCNI40@HkBzep+~o9gKN zDH-2At2l3i|M$uxxF)wnH*Whn1Bkby2(_CFx@-=5R|KNh@yF4zCP;(&XlRTPOO`Ip!o4o*CQ*?ZNm$S7=(S1H{x zQ11>CQIpxooYbP1v%*6RDSy~u|Mms&3=Z>wSLpxbYT zP<6c%Lp)*I4;%e%?pB!rW&U|G_|T&xfT?U^+2V%0g0oGqEQ{ECb0qFT2W)yNXxx&! zN#6=@juOb#uVj@<5Mr6a?x2r|&(Zg&FG)$xsnw8pI2yLAG2UWZee>p zwZ-Asx8g%JwUGSn?6Bj20f(_{a;A`Mxq|oS?U8v-??0DW4w8x(X5u0k=Dk;|RfMS> z8MaHk+fsyAFs!eGUDwkW*^&1>A9WW=`!T0QKAqxm(Snvivz0G+&brN>t0$X?{&r)F z>Du66t*}pzZf={|X5!E@6LCX?==$G)@4y_nDW3NL-a?0KhL6sw5uvl$mSZpwzX?N7 z7B`36K$GJt8$d}?HCcZ@$fY9r|1zb<@$5h#8$|G{x<8RWHN5m+rIOV*kiYsZe_W3S zW<2xaZgq)nAN|3SHaZl&rlZ1lH}i{ed;2A9W3x1VA0r6AnJDP6kGJ-~GOKb z>iG(xW03m3S^Tj%Y9Ncb9k=-rl70HL7qjv92-DQja+_MOrGdQn; zbXxP7x$#zhKn|^{8wz$Z#%QrVAjW04|YsKz8P{G{BO8$-t{lU{M@X62etJ` zwUQqH`;+Gz%103f^~d*b^hB>3Gb%S)@i;y&h2O`Ty-(7pB!iy;13F9NgG?0NtKbn< zFAHYM=zw7FGYyJ6(R;mQl!Cr-aS*w8LuD@?7kv#)>J&kC0)h|{0mIRHNKMR+F%bY2 zXd_)Eee|9{Y`s#w82@_&Qsy7m%bWMluzz2&UBql?TyciE@g^)PK1>w z?QrujwyA+vQpfu~39ML?=Y@u2+e=Wt zK?sCj_RZPp4sSO(?oB3ff6!8bA_ToB;pE!l6}H_0=R+j>=@JOJx+*%qGYL9jyL}9M zP&`iI*DVzdG_Sq4cfYh(I$mFJJv9q4)nGMqoc}HS=qu=9cY*EjA$k8=z2WoBnKj*H zu7*Bh(jfpmu)xIkGy|;@6zaD+}1W;z_gGUPH*gl^G(qd7Ztc#ZZO(-|~>b=lt%IU6++Xq>INtyQ;~qon6V* z%K%6Oj{gm14~rfm{uC_=5JcxNE9u(rMFq)vZ$m?$U)MoKzArG%1u>JoxsmL!`PKcs z4-MY%-Yru%>8m7n*JuP|-Hc^Y>A44k+42xHa7YC)Elwt`i9wIPFWFKbyQQ$WW(0UI zqt#xyQ0@Y2ULY_>tV=^LCx@|peLZ9gyCEiYV)ke$()FD|()Bf(FUxB&Nm9 zpmNXzZd@Z(qxjyqfp&0m&_6#Kep06kryPdXB|GIlgofrqC{zD_^!YElV9zWsi&dw}H~3Pxv-CObDd@N! zGi1huPy7s?7F$S_0os3O{JT!ho&I%H(S~KUC#gV2{ZHC@uOqTs0&Z+b7&Lh>pk8pn zVYh%D!U{>UhbNCyDmi@l*_4wK0*Gr5?80G@<6n-;klZXwZPpk+@pZ9l`wrg`PPyay zYa=XdjjZ$YYUsnVe#ufvsQOQHR1infce}YK^~By)W{ezw$X8Kh(%?LtHx0%#oeV(~ zMdS>B9B!IHHcP(GpxCjEFLLXWL%XXZIL{l_)g862p(c`iC3GC({bvBr5haXGam-{SSk6Rj7zvMJrLLLAP$B1~* zxd&G)ci~+>tN;Nu^z8SorS0M|ziCTLK6a38Vse*$f`v4qBS#*3` z0%;C{2Bx8MdXxSc%QFH#E&atvL|rzQYV#*`Mq#zRdoU!GNKMXzD6C6J4m0X;&Nsc@f;t)(E#A1lhTOtn zvi@@V0T@T5f2mkWu$^V6h{qT!=nH3AnSvHFYmYEI^bVu`%h%yJ@sLDG39kZF5HXTe zUWZIqNP>PQ+bc{OjQ~kg&z|T~+>zk6-y(HRiagHX*ViiA8t`=A%`x2Mo1IOT$?s2< zQhtAeriuOOmw{~$a*x26J{HMS9a+ooQ4q;%`25ul4}lPO{m-4j@cE3V^lh6Lv`6__O&*J{s$PY$gPgt0kmY0jUrJ(00CQ`t#cN+^& zsnYhZ!f%jv<60Gz(l4%?9!QZ3CgmUfn+|oq@Zhj?gV2vAb3|!{kQ#x6aaw=ouLi^ut{GpmW?y<&-8>WF1xsY zMHc8oE7UoHvdZ-NUF#muq{jrpGdi+$CNYAri6Fpov+gIO@0_@Pj)(Bd%nT%3oi==! z{~WF2tcGR^#pX*3WKe^ZRhNhbk9ITt#E1-E)G5eLe07POf~jVlEVG#yg9uu{#8Yva zEvm;ze!9nrIqlpD0f|9SsmUTG^=>x8ZczynBQtBdC96{%cIH)ZJUa*)g#vJ51v62w zwl*_m1B{7XbOC>*{J?Czl3BQ-DD7M)05_yh2AEH`k1e&=$e|AA4n6W9y&_GXCH=`< zXqT;hmj<=e@hiLr?=+7~*CXgm(m@3|0mri%>zQ#L;gAfecZ5c#N&aC{h7uMcWyF=w z@tv5W>2gO!3VW0}xLi&9kL={|KRkN;(p&8mzMwK882Ie#*sohV_uWjvAZCPqJ?1~?bY#PmOREPv zSY*PAag-wO^3co0#35O{`{VleS_c=4C?0OV7H5)OKcfckKY7#l=Ub4BGb!?m$_a#c zX&97@d{9~68BaAc69Q-*3R2H0Sum($0x=6z=I@PRK;UEm4x|P)Se1ORt3VLye;&y3 l*AM*v9q#deC>8cWER{1<$vw#d4F>v?7FQ6f5;64ue*o=gqyGQ^ literal 0 HcmV?d00001 diff --git a/docs/diagrams/ingestion-pipeline.puml b/docs/diagrams/ingestion-pipeline.puml new file mode 100644 index 0000000..c588ad5 --- /dev/null +++ b/docs/diagrams/ingestion-pipeline.puml @@ -0,0 +1,32 @@ +@startuml ingestion-pipeline +!include https://raw.githubusercontent.com/plantuml-stdlib/C4-PlantUML/master/C4_Container.puml + +LAYOUT_LANDSCAPE() +LAYOUT_WITH_LEGEND() + +title Customer-Facing Logs — Ingestion Pipeline (AI Edge v1) + +' External producers +System_Ext(ai_edge, "AI Edge Data Plane", "Envoy + WAF sidecar handling customer HTTP traffic. Emits one OTLP log record per request (access) and per WAF rule match (waf).") + +' Catalog and per-tenant policies — read by the gateway via cached informers +System_Ext(catalog, "Telemetry Catalog", "MonitoredResourceType and LogDefinition CRDs published by the telemetry-services-operator. Defines the legal label vocabulary per resource type.") +System_Ext(policies, "Per-Tenant Policies", "LogCollectionPolicy, LogIngestionQuota, LogRedactionPolicy resources.") + +' Ingestion system boundary +System_Boundary(ingest, "Ingestion Pipeline") { + Container(gateway, "OTel Collector Gateway", "OpenTelemetry Collector, regional Deployment", "Stamps cloud.account.id from caller workload identity. Validates resource attributes against catalog vocabulary. Derives tenant_id. Enforces collection policy and ingestion quota. Drops/hashes per redaction allowlist. Emits telemetry_ingestion_dropped_bytes_total per (project, category_group).") + ContainerDb(clickhouse, "ClickHouse", "platform_logs table", "MergeTree, partitioned by (tenant_id, month). Per-row TTL column set from category and tenant retention policy.") +} + +' Producer flow (ingress) +Rel_D(ai_edge, gateway, "Emit log records (OTLP/gRPC). 429 + Retry-After on quota exceed.") + +' Gateway lookups +Rel_R(gateway, catalog, "Validate label vocabulary", "informer cache") +Rel_R(gateway, policies, "Apply collection / quota / redaction", "informer cache") + +' Successful write +Rel_D(gateway, clickhouse, "Batch insert validated records", "TCP/9000") + +@enduml From 26e18f73977ff472afa12215144e01fb422bd0b7 Mon Sep 17 00:00:00 2001 From: Matt Jenkinson <75292329+mattdjenkinson@users.noreply.github.com> Date: Tue, 19 May 2026 11:21:55 +0100 Subject: [PATCH 3/5] docs: address review feedback on customer-facing logs Adjust the customer-facing logs design based on PR #72 review. Key changes: - Tenancy travels on the log record as `tenant.kind` / `tenant.name` instead of being stamped by the gateway from workload identity, since log producers are typically service components (e.g. Envoy) writing to a sink rather than consumer-authored applications - Replace the `audience: tenant|platform` destination model with `type: consumer|producer` matching GCP. The gateway emits one record per destination; producer rows carry `consumer_name` so service teams can query their own producer project across all consumers without cross-tenant grants - Add NATS JetStream between the gateway and ClickHouse for backpressure and to back the Loki `/tail` handler without polling ClickHouse - Promote `resource_group`, `resource_kind`, `resource_name`, `resource_namespace`, and `consumer_name` to top-level columns and reorder the sort key to serve per-resource and per-tenant queries - Expose the Loki API under the project control-plane endpoint (`{project-control-plane-endpoint}/telemetry/...`) instead of a `/projects/{project}/...` path - Remove audit logs from scope; they're handled by `milo-os/activity` - Drop `LogIngestionQuota` and user-controllable retention from v1; both move to follow-on enhancements Regenerate ingestion-pipeline diagram to match. --- docs/architecture/customer-facing-logs.md | 288 +++++++++++++++------- docs/diagrams/ingestion-pipeline.png | Bin 50642 -> 65765 bytes docs/diagrams/ingestion-pipeline.puml | 24 +- 3 files changed, 209 insertions(+), 103 deletions(-) diff --git a/docs/architecture/customer-facing-logs.md b/docs/architecture/customer-facing-logs.md index 20fc4a8..0255bf1 100644 --- a/docs/architecture/customer-facing-logs.md +++ b/docs/architecture/customer-facing-logs.md @@ -28,17 +28,26 @@ control-plane audit-log work that lives elsewhere. - Log schemas are declared once by the producing service and surface automatically as catalog metadata (resource types, label vocabulary, log definitions). -- 7-day default retention for operational logs, with a longer default for - any log marked as `audit` category. +- Service teams can see logs from their own service across all consumers + in the service's producer project; customers only see logs scoped to + their own project. This follows GCP's consumer / producer pattern, which + falls out naturally from Milo's project hierarchy (both tenants and + service producers are modelled as projects). +- 7-day default retention for operational logs. Retention is platform-set + in v1; not user-controllable. ## Non-Goals (v1) -- Control-plane audit log surface (covered by `milo-os/activity`; integrated - later via a shared catalog). +- Control-plane audit logs. Audit logs are collected by the activity + system (`milo-os/activity`) and stored separately; they do not flow + through this pipeline. - Customer-configurable log export (`LogSource` in `ExportPolicy`) — deferred to a follow-on enhancement. - Body-content redaction via regex; v1 redacts at attribute level only. - Log-based metrics and alerting derived from log streams. +- Per-project ingestion quota. Volume protection in v1 is platform-set + defaults at the gateway; a `LogIngestionQuota` resource is a follow-on + enhancement. ## Layers @@ -70,6 +79,10 @@ spec: group: networking.datumapis.com kind: HTTPProxy labels: + - name: resource.group + description: API group of the resource (networking.datumapis.com). + - name: resource.kind + description: Resource kind (HTTPProxy). - name: resource.name description: Name of the HTTPProxy instance. - name: resource.namespace @@ -93,8 +106,8 @@ spec: - name: http.request.duration_ms description: Request duration in milliseconds. destinations: - - audience: tenant - - audience: platform + - type: consumer # written to the customer's project + - type: producer # written to the networking service's producer project categoryGroups: [allLogs] - logID: networking.datumapis.com/httpproxy-waf @@ -111,11 +124,24 @@ spec: - name: client.address description: Client IP. destinations: - - audience: tenant - - audience: platform - categoryGroups: [allLogs, audit] + - type: consumer + - type: producer + categoryGroups: [allLogs] ``` +A log entry is written once per declared destination: + +- `consumer` — the customer's project. They query their own project and + see only their data. +- `producer` — the service's producer project (here, the networking + service's project). The Datum networking team queries that project and + sees logs across all consumers, with the originating consumer preserved + on each entry as a `consumer_name` label. + +Producer-only log types (no `consumer` destination) are also supported — +useful for internal diagnostics that should never be visible to +customers. + ### 2. Platform Catalog The services operator (`milo-os/telemetry`) owns two new CRDs that the @@ -137,6 +163,8 @@ spec: group: networking.datumapis.com kind: HTTPProxy labels: + - name: resource.group + - name: resource.kind - name: resource.name - name: resource.namespace - name: hostname @@ -162,8 +190,8 @@ spec: - name: client.address - name: http.request.duration_ms destinations: - - audience: tenant - - audience: platform + - type: consumer + - type: producer categoryGroups: [allLogs] ``` @@ -176,22 +204,54 @@ discover available log types. ![Ingestion Pipeline](../diagrams/ingestion-pipeline.png) AI Edge data-plane components (Envoy + WAF sidecar) emit logs over OTLP to -a regional OTel Collector gateway. +a regional OTel Collector gateway. Workload identity cannot be relied on +to resolve the project — the source of these logs is typically a service +component (e.g. Envoy) writing to a log sink, not a consumer-authored +application running with the consumer's identity. Tenancy therefore has +to travel on the log record itself. + +Every log record entering the gateway must carry tenancy labels stamped +by the producing service: + +- `tenant.kind` — the type of tenant that generated the log + (`Project`, `Organization`, `User`). +- `tenant.name` — the resource name of the tenant + (e.g. `personal-project-xyz`). + +Records missing these labels are rejected. Services are also responsible +for stamping resource identity labels declared by their +`MonitoredResourceType` (`resource.group`, `resource.kind`, +`resource.name`, `resource.namespace`, and any service-specific labels +such as `hostname`). The gateway enforces the vocabulary; it does not +inject tenancy or instance identity. Gateway responsibilities: 1. Receive OTLP log records. -2. Stamp `cloud.account.id` (Milo project ID) immutably from the caller's - workload identity — customers cannot override. +2. Validate that `tenant.kind` and `tenant.name` are present and refer to + a tenant the caller is authorised to write logs for. 3. Look up the declared `MonitoredResourceType` for the entry's `resource_type` and validate that emitted resource attributes are a subset of the declared label vocabulary. Reject undeclared labels. -4. Derive `tenant_id` from `cloud.account.id`. -5. Write to ClickHouse via the `clickhouse` exporter. - -Services are responsible for stamping the instance-identifying labels -(e.g. `resource.name`, `resource.namespace`, `hostname`). The gateway -enforces the vocabulary; it does not inject instance identity. +4. Resolve `tenant_id` from `(tenant.kind, tenant.name)` via the project + catalog. +5. For each declared destination on the matching `LogDefinition`, emit one + log record: + - `consumer` → `tenant_id` resolved from the originating tenant. + - `producer` → `tenant_id` resolved from the service's producer + project, with `consumer_name` set to the originating tenant. +6. Hand the resulting records off to NATS for durable buffering. + +A NATS JetStream subject sits between the gateway and ClickHouse. NATS +gives us: + +- **Backpressure**. If ClickHouse is down or slow, the consumer pauses; + NATS retains the backlog rather than the gateway dropping records. +- **Live tail**. The same stream feeds the Loki `/tail` handler, so tail + doesn't need to poll ClickHouse — see Live Tail below. + +A ClickHouse-writer consumer drains NATS into the `platform_logs` table +in batches. ### 4. Storage @@ -208,6 +268,11 @@ CREATE TABLE platform_logs ( body String, log_id LowCardinality(String), resource_type LowCardinality(String), + resource_group LowCardinality(String), + resource_kind LowCardinality(String), + resource_name String, + resource_namespace LowCardinality(String), + consumer_name String, -- empty on consumer-destination rows attributes_string Map(String, String), resources_string Map(String, String), trace_id String, @@ -215,52 +280,93 @@ CREATE TABLE platform_logs ( ) ENGINE = MergeTree() PARTITION BY (tenant_id, toYYYYMM(toDateTime(timestamp / 1e9))) -ORDER BY (tenant_id, log_id, timestamp) +ORDER BY (tenant_id, resource_type, resource_name, log_id, timestamp) TTL toDateTime(timestamp / 1e9) + INTERVAL 7 DAY DELETE; ``` -`log_id` and `resource_type` are promoted to top-level columns: both are -low-cardinality and appear in nearly every query's filter clause. +Top-level columns are chosen for the two common query shapes: + +- **Per-resource**: "give me all access logs for proxy XYZ". Served by + the `(tenant_id, resource_type, resource_name, log_id)` prefix of the + sort key. +- **Per-tenant**: "give me all logs for project X". Served by the + `tenant_id` prefix. -Per-tenant retention overrides are applied via per-row `_row_ttl` -attribute set by the gateway based on the log's `categoryGroups` and the -tenant's retention policy (see Retention below). +`log_id`, `resource_type`, `resource_group`, `resource_kind`, and +`resource_namespace` are all low-cardinality and appear in nearly every +query's filter clause. `resource_name` is high-cardinality but is the +primary drill-down key, so it earns a top-level column and a position in +the sort key. `consumer_name` is populated only on producer-destination +rows, so service teams can filter "show me logs for consumer X" without +cross-tenant grants. ### 5. Query API — Loki-Compatible, Project-Scoped Customer query surface is a Loki-compatible HTTP API exposed under the -project's telemetry namespace: +project's control-plane endpoint: ``` -GET /projects/{project}/telemetry/loki/api/v1/query -GET /projects/{project}/telemetry/loki/api/v1/query_range -GET /projects/{project}/telemetry/loki/api/v1/labels -GET /projects/{project}/telemetry/loki/api/v1/label/{name}/values -GET /projects/{project}/telemetry/loki/api/v1/series -GET /projects/{project}/telemetry/loki/api/v1/tail +GET {project-control-plane-endpoint}/telemetry/loki/api/v1/query +GET {project-control-plane-endpoint}/telemetry/loki/api/v1/query_range +GET {project-control-plane-endpoint}/telemetry/loki/api/v1/labels +GET {project-control-plane-endpoint}/telemetry/loki/api/v1/label/{name}/values +GET {project-control-plane-endpoint}/telemetry/loki/api/v1/series +GET {project-control-plane-endpoint}/telemetry/loki/api/v1/tail ``` -The Milo gateway resolves `{project}` to a `tenant_id` and enforces IAM +`{project-control-plane-endpoint}` is the same per-project control-plane +URL Milo already issues for Kubernetes API access; the telemetry handler +mounts at `/telemetry/...` under it. The project is therefore resolved +from the endpoint itself — no `{project}` placeholder in the path, no +`X-Scope-OrgID` header. `X-Scope-OrgID` sent by Grafana is ignored. + +The Milo gateway resolves the endpoint to a `tenant_id` and enforces IAM before the request reaches the Loki handler. The handler itself is a pure query layer: - Parses LogQL. -- Translates to ClickHouse SQL: stream selectors → `resources_string` map - lookups; line filters → `body LIKE` / full-text; parsed field filters → - `attributes_string` lookups. -- Executes with `tenant_id` already injected from URL context. +- Translates to ClickHouse SQL: stream selectors → top-level column + lookups (`tenant_id`, `resource_type`, `resource_name`, `log_id`, …) + where possible, `resources_string` map lookups otherwise; line filters + → `body LIKE` / full-text; parsed field filters → `attributes_string` + lookups. +- Executes with `tenant_id` already injected from the endpoint context. - Serialises results in Loki's response format. -`X-Scope-OrgID` sent by Grafana is ignored — the project in the URL is -authoritative. - Label and series discovery is served from the `MonitoredResourceType` catalog rather than from ClickHouse, so discovery works on empty projects and Grafana's stream-selector UI populates correctly on first open. -Grafana datasource configuration: base URL -`https://api.datum.net/projects/{project}/telemetry/`, type Loki, no -custom plugin. +Grafana datasource configuration: base URL set to the project's +control-plane endpoint with `/telemetry/` appended, type Loki, no custom +plugin. + +#### Example queries + +Consumer querying their own project: + +```logql +{log_id="networking.datumapis.com/httpproxy-access", resource_name="api-gateway"} + | json | http_response_status_code >= 500 +``` + +Service team querying the networking service's producer project — across +all consumers, or drilling into one: + +```logql +# Aggregate error rate by consumer +sum by (consumer_name) ( + rate({log_id="networking.datumapis.com/httpproxy-access"} + | json | http_response_status_code >= 500 [5m]) +) + +# Drill into a specific consumer +{log_id="networking.datumapis.com/httpproxy-access", consumer_name="ecommerce-co"} + | json | http_response_status_code >= 500 +``` + +No cross-tenant grants are needed for either side — each principal has +IAM on the project (consumer or producer) whose endpoint they're querying. A secondary `LogQuery` virtual resource (Kubernetes-native, modelled on `AuditLogQuery` in `milo-os/activity`) is retained for kubectl-native and @@ -268,52 +374,46 @@ GitOps workflows. It shares the same LogQL → SQL translation layer. ### 6. Access Control -- Milo IAM gates access at the project boundary via standard Kubernetes - RBAC on the project's telemetry endpoint. -- `LogDefinition.spec.categoryGroups` provides a secondary access - dimension: `audit` requires a distinct permission from `allLogs`, - matching GCP's `roles/logging.viewAccessor` pattern scoped to a log - view. The query layer filters out log IDs the caller cannot access - before executing the SQL. +Milo IAM gates access at the project boundary via standard Kubernetes +RBAC on the project's telemetry endpoint. Because the URL is the project +control-plane endpoint, the same RBAC that protects the rest of the +project's resources protects log queries — no separate access model. + +Consumer vs. producer separation is what gives service teams visibility +across all consumers of their service: a Datum networking SRE needs IAM +only on the networking service's producer project to see access logs for +every customer's `HTTPProxy`. No cross-tenant grant is required. ## Cross-Cutting Concerns ### Retention -Fixed tiered defaults; no free-form per-project retention in v1. - -| Category Group | Default Retention | Disable-able | -|---|---|---| -| `allLogs` | 7 days | Yes (opt-in collection) | -| `audit` | 400 days | No (compliance signal) | - -Paid retention overrides are applied per category group on a project, not -per log ID. Implemented as a TTL adjustment column populated by the -gateway at write time so existing rows are not rewritten when overrides -change. +Fixed defaults; not user-controllable in v1. -### Ingestion Quota +| Category Group | Retention | +|---|---| +| `allLogs` | 7 days | -A new `telemetry.miloapis.com/LogIngestionQuota` resource integrates with -the standard Milo quota system. Quota is dimensioned by -`(project, category_group)` in bytes/second. On exceed: - -- Gateway returns 429 with `Retry-After`. -- A per-tenant `telemetry_ingestion_dropped_bytes_total` counter is - exposed via the same Loki API so customers can see drops. -- No silent drops. +Implemented via the table TTL on the `timestamp` column. Per-project or +per-category retention overrides are a follow-on enhancement. ### Default Enablement -- `allLogs` collection is opt-in per project via a `LogCollectionPolicy` - resource. Customers don't get surprise bills from log volume tracking - workload activity they didn't request. -- `audit` category is on by default and not disable-able. Volume is - bounded by control-plane API traffic, not workload activity. +`allLogs` collection is opt-in per project via a `LogCollectionPolicy` +resource. Customers don't get surprise bills from log volume tracking +workload activity they didn't request. For v1 (AI Edge only): proxy access logs default off, WAF events default -on (they fall into both `allLogs` and `audit` and the volume is bounded -by request rate × match rate, not full request rate). +on (the volume is bounded by request rate × match rate, not full request +rate). + +### Live Tail + +The Loki `/tail` endpoint is served by a small handler that subscribes to +the NATS subject the ingestion pipeline already writes to, filters by +`tenant_id` and the stream selector from the request, and streams +matching records over the WebSocket. This avoids polling ClickHouse and +keeps tail latency in the low hundreds of milliseconds. ### Redaction @@ -338,24 +438,26 @@ ServiceConfiguration In dependency order: 1. CRDs: `MonitoredResourceType`, `LogDefinition`, - `LogCollectionPolicy`, `LogIngestionQuota`, `LogRedactionPolicy`, - `LogQuery`. -2. Fan-out controllers in this operator for the first three. -3. ClickHouse `platform_logs` table and OTel Collector gateway with - tenant stamping, label-vocabulary validation, and quota enforcement. -4. AI Edge data-plane integration: Envoy access log + WAF event OTLP - exporters; `ServiceConfiguration` for `networking-datumapis-com` with - the two log definitions. -5. Loki API handler (`/projects/{project}/telemetry/loki/api/v1/...`) - backed by a LogQL → SQL translator. -6. Catalog-backed labels/series discovery. -7. Grafana datasource documentation. + `LogCollectionPolicy`, `LogRedactionPolicy`, `LogQuery`. +2. Fan-out controllers in this operator for `MonitoredResourceType` and + `LogDefinition`. +3. NATS JetStream subject and ClickHouse `platform_logs` table. +4. OTel Collector gateway with tenancy-label validation + (`tenant.kind` / `tenant.name`), label-vocabulary validation, and + per-destination fan-out (`consumer` / `producer`) into NATS. +5. ClickHouse writer consumer draining NATS into `platform_logs`. +6. AI Edge data-plane integration: Envoy access log + WAF event OTLP + exporters that stamp tenancy and resource identity labels; + `ServiceConfiguration` for `networking-datumapis-com` with the two log + definitions. +7. Loki API handler at + `{project-control-plane-endpoint}/telemetry/loki/api/v1/...` backed by + a LogQL → SQL translator, plus the NATS-backed `/tail` handler. +8. Catalog-backed labels/series discovery. +9. Grafana datasource documentation. ## Open Questions -- Live tail backend: ClickHouse polling vs. a separate Kafka topic - consumed by the tail handler. Polling is simpler; Kafka is lower - latency. Likely poll for v1. - Whether `LogCollectionPolicy` is project-scoped or finer-grained (per `HTTPProxy`). Project-scoped is the simpler v1; finer granularity is a future enhancement once we see usage patterns. diff --git a/docs/diagrams/ingestion-pipeline.png b/docs/diagrams/ingestion-pipeline.png index fe4b7bf73527e022d7914da80ddeac309c14f490..3e7f795e885a9dd4c542f578bbb4939428f7ceee 100644 GIT binary patch literal 65765 zcmagEV{oQH*De~{wlPU2p4gaRCe{<%&cwED+t$Rk%_p{P=VadZ+k4lkI=fE)SXFns z?_Ryu)$8g|IT>+8I6OEI5D-L32~hRh5Xd>3`998rJrA)aBy%i z!tUtk=xCBYsHPpn#KgF=0mMqdIF?-mHr<4_-PF|7%>rO6|`#kF|RrDV~)Y}u`9+pBgb zFfcGEuQQ;0)~^Z}RI?J;uov-_ihH6;dZQZFLYnr%oA(nF6JyK!lWT^Po0ejl*5jJj zW7-drx{p%7Qte1u$7WX7R%Xv$df#zgUS3Y)cwy^Q!Qese;7Rf5X+=dvX~#@u_gu-) ze)-5@<-~b?eSKa3V#CmK{lsC-)Oq9FWov6|=fqme!ez(ORoC)$_g9))@0-~in&0kT zy66X<4XoWvO-&6iY)=CBCpRyL*Ka4c@8;*{XVwnqH;xv!j%Rl7H#avo4$hYkAJ$GD zH_x8-_V%_8FSd^^4=*40FP{&to-Zygj?Qn-uI|t8UazmOZyw(sU*11IKVjulNxu|= z*5RkBgMp2$tEG{#1Bkehwb36v2O~ogeOD4w2M1ewZbn91OFe4`M=MJP0~;%+$x-4j zHA^>BQg!%W`5>TQ{kUYDYn}gDZN_}BE*8w3RB|%#)QFp_FrobQYt{~JX_0*nc;@mA zE)FPHkVNd%zCM0O`V!z7r|km*8;2qZtQ%Q}%K}yi5o~SkZ1~fuQ*=6OE;w~0`a0N$ z5(1jWcN;nfgRFN(i5(PK+quLzs@j~i7fu`902(J3ksP-KmKI6J`g4_Li)EecO7RZ% zXU+B^*$au2*N~+z+wZQPh1?8{xhLwN0dRb)4Qzial_sG-pPu^eUOcY!910N_1{XxM z?~m8-&hMX}CZ76WXz8jh@Nj6dcGc-DiDi`#kMis-j&nXgUImT_52F}xoRtXMMRuRj z@>i+0J_81IeEm!DOszERW&0WxTUw#D%PpD}lk?>2a!iF)fK9;qWn0$NW=;F~=%vUEuL)XDHIlK8|e zOf7b^`L-g;%8K-cxJ0M%I|PGj_)^Y)IX2)cbtqy7vpMXSl{ffzZ|KgiU=!jkJ=+wu z_F`BY4Bc2FlIxoKja2_$c2mNdD~;;Q8RM{4YDyE-I)1*&RkzLVJ8ph+;~x-(tCR3n~xL3WC*d}^`X zadj)U{|y>W!*3EwxA2r%4_zjX_>jc`WqvHpt?AS4QCe!aPZd9zr<59iO@p`46hX&K z8oSZN^Aw&I+7br0rP9-qSFXDXW{edfiwfds^N`*}0P%Hx;^WzJZftNm;h^O#>*I~6 zq*FlbYX!%48VM7_+O{Eju*H->S$bwl(a!DCe;f@A(LlA2;?>CXMc~|sNC{Lz>=*#k zkBkmCUhe2yj)0)H`wr=GJf;Evqcw=Z@)TXb?jV&K+OfMwEDWnmbE!_a5gv|!VegMk?@5!aIOdVUZ@wGT_2Z6G<;e9N7225zvK z^u-)#eM9@$W=RP1OPxY-KzW<#uMOoZ5u$QqDA?7TspZGGwD$T(BCIFGs0quswJIb@C#Phk03TXj>#O&a@l%k2h8^o zbT55Eh6Ok$U}n?e>7v|`om4Ib$y8DtNOa7znjzrnk89~#VjL)E2c7HbxbHG7+isg{ z8yL6l+i=2!j|6LGj*0|4eu;XF!CYiw3R5&SKmv}ZE5^BP#4B6Tu^ z=OhH7%_YrVZL=ui2}{}CT+;}9{4yvFK}rl#CXrMSLslq;zEAjF`qpMpC|{~Dtp}$J z$Do<{ODKp&kv*AAsT2b%?3)4&4y1X4?kx%BN^7zvZNW8uQXy(y9h1Jg5*D{+)M#%o zjRFJr&kzN*GmM$Sx)`_uNwFiLle?HGBJBc)T<9{5MYN4C6x4mzFlPsycqx!XLXD$!38`)$6w};xnrbrSyY?bOj zBwT&7B92Sp%2Om*E@3^u%acxU+&jm_Q@9^G7bsj(TnHbC{;L2!kTt9r-W3LReawQ` zh|H{2t~qn>SXk&UOIP6yuXB?9H&K|)Pdk&(q0Du>e{!>z*m?BkXNp$1vRS80&1dKM z$1BV0Yr==*e!u#uEQKsQj`t4&S*n2_EQegu7Spx5*0+3eGKv%7y zUC{!Elak2MN%sT5ZxFldP{D>1Lt|$3eKb>HXtbb)SF;8cC@&dgMr%BLdcdhWI@J6F zS7US`7Al)93_-+T563_tCb1D>kxviD#2QXCMC7?#;QhI^D#@}0AiQua<8fS7kxEn7u@GCmhef`)d#1BIR(|Y?1eq2jTjRj+)g7ycd-?`W3QGn)I^s{<) z8i;F>?|5`rS3r;lOg~iX0CzjdHy(=r>m-OV{8}a84z|~f-x&%tw!1_ZVyW9 zram7b|J#F^q!=zI6wcNsohCACd#grPaKyZ zTib+^>F7^(jP1PTT*iampS31ZNK51n#NOjHXfmDLPZvB1yyJKE&%n11LgO&Q>Q;He z{-`+-$u^2fN=oDB^X%WPBPeen;{k*e&`D^&dC$6MrSqW=N2r!akEgRImZCo3y%sDp z-;bPc=1#dwxyawCH_lMGn#3KK<=sPQ%sn`t)rzwx-1rC_(iLU78r(8ft-L?X2A_++ zz0BYzg%hifs*DN9M^`A_an2vX4Iqg{G6-*r7f?}4%A|=ZcuQrZ;boTCdYL=KX=D_n z73^l4j=(|=5s5vEhDyk&MxxO!sg;j#1s6M$-He3VAPgm6ZnS3-iQr%0RZq{%7({9E zahEB%=nUmYXYW^ z$;Juu?lf(u-1)_)C>lUxwf2+Q$bzQG95DI0|%x+OBR<2?3iJX^E zmbCKogck(F2Sid-NXcd8tOMQyLpkm7^9Stlg~Y5C+APX3k}w)ZJW8Lfd_Gu|FoAeo z>sAEaxVH=D=VaJLr~m6kR38uVP^#l6(nZzyg^APPa}7^#RDK153#kh!lR@)f4g}Z= z1({iZ14%7UQzu34XK|I5verVALopBa)Fb)2@*(fxeCf@|v7&Ow=(IqHkx|1BeWT!}+4s=m*LMpDy}5Bv;}%m2edW2o|XU&2^j z#7<5vR@5}sjou`z$)I6CrT>-92I3xVgeFAID1K?P*ekLcQDo7CCqvcng`!2Jolcoy ztcv#fLo~xp>h&DHNWIfMb~}!H;1t(#H6rb2*JGQmS;`+=o*n*h9JpH(%v}0$lf~WN z4HGF5HI69pP;|TgmtA02`k@uEVHWdiyp(X&)^2tXTkdotDl?Z1AMR_(v}y(MfTnjs zLCMrzrQ$F^wlm@ozzp;`xj62_!TYVlu6JvSRzc&J2liXncslmtcVWU$*k~plZ;DSR ztB40YGkeP27j|n4p~1pNh>upPAcq_CS*!O9&bttN_Q!R5{CQ#;HSkF*Cnl8&;362f zfG-=Rt$s0i{f*vD*H%;1KucHf{jHOSuC{Cytt1D7cBRQ2{KqL?tPJ+ z)%RVX*K2Vx3g*16e*4};@to_|>~Ohzl_2EYZA8ProN+r7O)woYpCx;jSAPR|lz zFzO!px?Q$uNW70b8>}b$PqQ2Hr;G(qz{iyLe#{+>miOBhCLh6{%+p{R{X#(cu(;!3 z6+Bh*-B9%KXXkns__UUqKG)u88RcO1E2#FEI_&2n$dz!?XGU+i{}4K209D|n_JTPU zekm_qBmGXU-%tM(P!AHTy4w+5$2U-;L-MJBKBh>!{YRlk?`#-?7U>O@54>x7BL$_E zaSH4VUdcE2Q;CMZcN2)&MJx8g66DoRU-7* zltql4FMk%%ZLa~I-q=r1_|-kmfM=p(Z+{2M=}+v(JCJJ^-46jMZ4%kxj7fX#7o(m0W%sSNL~d?j z{R25<6}C-;QNw#Wm5p=K|qa%`aM(w?qop7-B-Z}W`D6}8SuY;Q0ZzP@rj;=>|>aD zkpeQxIRmz?{h;co?l~zI`I2hbpz%vN%VQLG!{Lq=g?l1<+PKJHi?@<9>qq5{Qd2F1 zYvUv6bzyS!3M&wtBcHHR`YU7L;jhm500hNbplZjUJ|iQx!80*p+LerE_Ve*XBcLh< zUEm&vDgF35L7l}~-s-x#pNy*@GHSVy2?C!K@4>gjo(DNGa%9<2&uSprlU#No^}K=~ z4hbAm^`IN>^Uip}r~A>=%qVI7*1xm2jeOvG{Nlt$r+(R$piqruUfKKXg3JlJPHr!gc+A(XBYKTB-JJ14#PV z<{tg$lbzYvBZkOWdsw{t2QP^vjvjYGmnu0CqbUh{C?z-<%6FW98@;?~Q>h3)(AC+D z3s-@1k&%dPC=Y&2{z2g5O@j0~bE%003`hUa3?2Kpn1A+)WVbIu?wUtNj=Mx>jE`P& zn(|7r?2Rzw5?w2p!@q5>ymj;v|GYzU(TC%tO_|YlQt7+Y#xHfjxhNfO{$qyn(L!c> zq%deedWo-{Ay9YNAhMKXHm~`IG2^Z8ae2bK6O#ZDQ1p%7>xa%^DIMS~_LbtxF7#9V zl&mqXjUBDu!7H*eCsj&G*BiY>om7jJytrN2@+Pqm($*$wSz0Aj?}ol=$4#5KWm_4q zRfRt5(C-@i`O&U_pa;XZ7^e_&09E=AZZ_Og&D-pA{J*07Cawoj zO9$fDO2E|2{B>i;l@IIDa(SKbTCz+r5(L*Un`yc%coS1z>PeW-H&unmGNV2V`#PBy z$6Us6NQ+Qk{-UP1*|Y(Xa+O$As}3$Md5jnn{wtw2#y59zsN4|q^aUV~k;r#|fu#gT zwG5_FOEDNOra(=)V!nDVJfre11e|SMplaKw{ z*~2S@-@};GfSs{uB?dNNYk@hEek#K+-9VkK=Man)-C(~`>`6^koVPC^F_4DUCPH`o z;AaJ5YED1qeo;MYnEuVlRAXkLj@ni^cTu=CFyV@m@LK3f4%gm7i%Rrmgd`1D~N!MEpp`|L6eRi>tp zF2%5&R$PCeQk4DN_{p%0ocC!?wwkZmRqqHgAhsex2f)Rn1=$QxD^h>{Kq;5Q5fy(4 zyb~20`PTljBWddd`lI_73(*HM$P%Np7E{Ky#|ZR6RmTv=$#yalllx>=N5?wo^aA8q zDw!7_r`NH;Lpr;vkt0M4R7&%4My>9)3mOF*JYoz^3~d6`jBj*#sX+pHOl0Tg6B1hV z8+dmsKEHAH+s9(@=PU2fK~_uNaZOT!?-Vp2!?(=hu1K|nf?{|} zJ}Z9KAI#p&-Yee5x>@|u5o}@Ku{PvGe;&6-xE4+?kXMT2Y!h?DZ;NN{eRFhmHC$pS zRqMcAfg0`?J}Tb~Idyh{YU7U55$F!&Z*-^)-^}0}+j|ycIdS3|UhZoZ;wM3gnCcbG zDnKGlSFjI<#zWdCs0{anExvSsvb}J03 zJ@(_iTSIa)wqcHr#&lJaJ}~x>RH`M0Kn+8XGHYj=IA!uGI%PO4=+3+{Yzn@tcEW=o z(H$FnPCBPvzl87Hn(N!uF&1AM&NIJ$w!=k%j3+Es{1OE>^oz+kTtK!A`~+cY8$KvI zuad@`o>8_Zw`A9lKJ;Wt$F)0KhyNUR&Mj|z&0;*e5&HY+AYI%Id0=ifaU%Ld4wB7% zK9;09>+$o#0eg|qHueR}uw(9?8CNa<#LX(8T`*;$1c(aGQ;r7@gJXO-;xb> zw8gFs$Us>`2@4hKJYU-Dbp;YLDYE;8PHBGDCX91kC-x=AN5nElke}c4JSaQ;QQhxg z%84N@7D@7izM-qC%h18jp53>%H+Oq?LqFEIbL9;km_Av{Sh7U7my8XlG7D4MnLQ}k zo>LOPsJ}6b&-y?_mfvbSAat`WQE!K?5ORn-ENi0~uEl?w$l|9mGDlEFYmg&lvBP1d zEQ=%w*u!VDL-?|0v97m)V$L6;U2VQzlc^b-9KAD zk((NR9jUABB!Pj1@w~@r*Chux9JN6RuG&%c7Ezqe7 z{z?3N$;5HTsz`qON72(a#%}oNhdc9ZJy3JUvTWS9Tr8?o~5Vpcnrq1;e1jhCXt_W;OAMkLy9vD>Q-1mUH%7Q~l|0g4Ig=?I!9~ z3F!Ck_H1X&>Xn)0AnnNhffTp<`@qP^7f58o?l>*_ciZCTv1wQ&s>N)7m;3Kbj)@|m zcSSEdB)bXB_a_l1goMHP;nw~d&K<}v=61B=nzdNV(b+%e5JpaR0VPPT8!r zCx5F|(26G~0$e@=9Fxl?j*W+msi|X8_?&4tEWM?=SjkmRmfH$Ulu#dsp2A}Z|U9b>1fTdH!mx?o*q6{<0qg|MOOp~d5<-`3R(x#=u zSZ=Fc0#2+H{}(|`!tW^4xPK6#L_QEKyx`RR3*c)Vtk+E#Tiw^KQQkPtFMfo^zcSQo z`1&v}S<=!n$T-HwD4`Sryj@RjjHnMMOON6W#ENgVs6Gfm;*Cx+T6XhBBz8i2%iEBf zbc~7AB1AT)g={W?BEG#l>4&EHdKr8tA$tqHK?hYzO?H2e7<4{Vb!ulzVk0ef6~rN` zKkn#%^`5`*TdO}*Dsh0}lJ^b)dESet7Z9azTHk$N71p5)En%vG?%71eR0J}P;4#c( zZ*yECW$D2rb|@R=@Zi2m987u;V9i9!qNKg+c}QTp*P+_q^kl%lj1}s&YeUp^$n`nU z_v-TYx`)V7^wv7|I;5N%C%AJWA{#7zP^&&x9?dGFLy}u~i?+`N$NZMw2rtvg9FyX> zAHzhJBUEVUHA3M0jYn{$|9u^n{wEcM9c)~SJZ=5=yffU9<#2h-;HBfb!B$8KZkAuE z9lfz?jQGZ<6xn?q`>^To=oJa?hHEZTj94r(5@&m;i(}0nEWekxn(@{!GWeQN*~2U2 zKl_H`=ChdobGq0lf6eNc1X_y5C-VNwcnSc?MUJQso`xO-iX4H9lfZaVyj#y?z!R|WeZYFoNR0@e& zOOlzq8nB$c8*+4)pLi;;Je6vWA29F;0v6O_^yx<^fEHyKAy^dW?UZ=O#%;R3OK0NG zm$sM=wyM6o*J2L|{%5nX*!82MruC=#cpUueNsq!g<+Cr~EYX4$@IkeZj3{Xlx4p1d zP=gW{x%DjTBj#kHMP(;f=nLA4pQ9(=nXAgpatztb_NnjArzj+=M~YyQRP<6tdMwS- zo`&G=craaSL+T^)XRY2(k=PTObhafw2pD@t<42$`y; z<;(0u8M-vATKT;;22-IIBV4465^YNd@wSUaWwmKCoqCuh(4*2H1FmdN;Ep&DE`L-a=e6KNXE)?bfLZWS>V;3PS>ch3eScgJZi2Ok7}Xw~Uwy^raN*f0qCLr*3Nt^cwv3b#A2aqlkhM^X?vh$f7m7>pWJ(qX5l zl#DXAd1c_ZU2s=QQtuiAha$hL<;l`{5SGqtU(WLEi-GTZJ&|<&v0T+Bop^?O*U>I1f;q`UqBu8te7v(!`P+H0Rx_07Qu2uYJn8I>G-FpoVC;uW3B zJfr4C8RkB9!1eHG=ZTB*i&y^!s#`vx{{Dn51Q1#*!;6kxX;u9>XQpbR7TV^MoM!hP zdOn*rHTSV~*NPrTox&G9vSYEl3oLq2>h6i(V-F@({`%1Qwfr7Wi$-4FkB9WO^3HFf z6Y8(NY3eCWf8VZvuFhD5Dc4KC`H^_PCs0wkfS0IQeeSv6@>&#K3T&CwHUArD`G<-3 zhCzkreo*zp<}hzUy(iabQS?g^m?Q_<0w9@%?r3GDQDljgdzBi5kdUem82JGn4 znx$&hJlOBVZPi306j;ikJBgSMssdYRm5p<`ixBbnxrnqh6%=>wqVmr^IX=bcz^J_da@>#!?`V*~W56Ofld@4Ql8 z*n!zE0w7E5;24@%zhtej5okU3c*a137w^PbXoGVGpUBsR*s0EW#rW{mV)L zZfJ$TdO}hIGw|aYo0A_#S;3Hr0*^S}ZlE`laqY*&IXH(?CjfS+Qja&=u1*IEaCrk3Oe*No4-1rRnMfTFa>a(hDd zs~;_DcElQxI$F#LzWb9+xUY0SsT4p*vK?tAvB>Y@a!_GjORQ9e!rG)R8|JkjOgjzY zFZ@=)i?i>oSd6j)lLiEE{We>HhnVBR3nFgI9^2Pzj@Xdkre!XR?nfuj#l{|1+yiAL zd{USmj(Z@RKROId&eCbU*5c2p3~q%9d`Nzw6^Lp*ofA@npAz0<2`QM2pU27evEY)G zoclqQ7h6)g*Tn{^X1ajH&2zvM?JQJhM?7fChjPnH$myKF=hX$`(uMOM%11dZB$kpw zjlsQG1~LYwgfDRIOC~*^Tjg8vm_L+|3u&+S@&;N&0ei+}YjrgI&}TKu@3RTQJHguc z+%)K~zI-vopT+K~l;6!>Wm0yFLz=LD-y~9uzi?SlfY}2Ig;lp2_&=;g{_j{fVf-IC z4P6x({y!p05aoYGkRAXhZ6Y8Pu0*>K|Z9BB5{4%>wEXmdOqA;0E6_3~;$rA}AW0^>LfVSck z2&s#|#j#uoqZ-_D8CRhi9rzEye80uwV~@v=;CK*Y_XxVnbdIE|x@(Zy8`goxKU10Q z=KKO7;efWargPtc4jE&$14w7Xw#SuJ;K@j0qkZeW@x_Y1o=P$U) zmV6Kb9_SXZv9B8>u@hNoL_2;431{B1R$HGgY~(msx}2$=*2$?FfBAfg@V zfSmV=KLaPD@Ob782_)_z#S{dkt_68btREejgc8H3rF9^6^^*v=#XqDM8semiziVw} z^lMV$canUnmqifG{n23eDfFk$@iUsG-kamkEWbX@*sA>=|CB#Q$J@Sgq~-wyUL+%` zAO6Sw%3I55_vW}q0AhOZt^E=Fw%uP(B8g#|kr^-obznUWuaUzSr~@b| zupo{v@+}?JHhrR+leBqoO>S5W8-0ziVlw8JWK?8<%y}{Z=IWZ`&)N*ccaaGq$Nnd4 zySdGJ9qU)PKgq`Bdy0I;$;oO&BQTQKC~^M4MEpR#;lF{pYHofGO$)l3Eo}=J0F)7=lT&XuPobZiqVRb(YCy8*Ft-;c z_2pDUhU%URhW6+JBKb6o4)CtaQBP1_PEvGgTql1!g_$&+CL0pMNFuWxc4=Kg)@RUS zmhH@!VQ?#*edmx~O`885TtE*ScBj$t-FCYWCo3Zp+ZWONU8QjOSRrL7qdSh}T zA^{6s35Zu`VF-r$-kheEn3T*DK58s<@;xj+5F?Z!O{B`#*scpqdOry}=XfAYOrE#0 zM3582K{$7hexlrB5t=)i9g1xUO}R1X3@=qs^m0LMCx`7@{6XO)Nm%{>1|%Hf5BPeJ zmbOffyF;jdi|Fsr9!|t)u%S)&R9qiN-W%A9ROBh3{Re@MI@}~O+6faRZxu{X24?ib zzyhJt0@n>J!PSJW|K@?&$s*rKc00MhlPeGT4Tvf?CY`C{&!5SQ-)XPg(_j5LM8Rwj zCO{;a`Dy>{$Mi4Z{y9=i)sRTPaOF{bksSIqF)EaqAz(eL_1I{ph|)Zq-47p8>2)|7Vj}+G$Xpw(aYhSq)wp31E`m3NtHB{vX^wo|9CIU_GlmHhQMzR)^wTp%)*$A9YZ6 z+rc5^DJ98Kz8Z{Vd^He?b7(608Y}e{357x;?#2A8Kr+)AMc|)O;20zJ2dSIh?M?E8 zgbY@I-Ybd^GE0Vso*42?*IBN#_55|Nf_)gwy1hBX&ALVH({Z+?)U=7dW)mL7XYL1v zL%W*ZDNXVSQlT(cM&k42!$qCAm+RoPkk>oD6NV}uT`YbB&AK;ur z9abF#3=J*J$3j#alNZ=vV$2VW(f3VeGBA6+oY))IXr5Z2Ojt9!s-FrW6i)Vrm1~&5 z?O3w=@Ze`?SqG7ni4vPInlHl~`}wUr^D%7vtSNL3 zKK_89L_wvXCEr2U$$x3UnYIr8av>mQq9HgVK9m#KsZCq z<7)(fEJj=jaMwRSxL+2)S-nc%kfh&Yw!&^iIw?i>m&cE(UibxT z3dil7MY7>+;l-k48%NKH!RsHwpqXn6RnChA2UHm=&l9sRs33N1g5fEcZ==Wom_7Qp zEKulv8~a!owxez~r!D;NCWLvBNU&O3e>NkK36U$)KlG;X;)4>@dHeqt?qVh{1+9v` z7R%T*7sG!iV|1ECWX$!7Rg?=h&leE}wCVU3{TYLwzS9r|g)dsd(B;<7qOa7VD#Sv*UP&7QqeptS6@jsh+&P7f z&Z$e$>7md!M%N+nStJecI|Ot+&Q0((nc(IfKZB(%3=BLzO~=)apo zm5Y>IMO%1a!H~6Hr4#2UDDU^`DR_M!U^4DVa>88NFcYHyV1(Cn8Oc{ytJtylawS74 z?vDEU3fY?(&7=R2P(%xWT1hw(vrzcNN`ZdTt}7#sp|7;n2l-(hV*+n#9Cuk$f2 zgNONf!5CtPN*Um!e`C(B;%4aU^@DUFnokbhgZ#oZ=x)TB4_z9)phzA|h>D=rg$b@C>?Jo7^I|_I0xOxYJ6f3N`j-i4yKix8mFL7^1y_SB#cswNrIl1a*$$Q zJDd2e7`f(OEkT4Dr21A#j`lkm*P?<1U1~lbC|q{1*Cv#V79S}?{gZN_>T&MK=rMRj z>Wik2uFri~^oWeFau!Xh5XrJ6a*l86^J?=QT0M;nT?ptuRVXn=4EgHa*38@HNFi2VoWV~b4e!gQ{?tirDLtc7q|L)pi+jrH zF6?vfqS7rGb0jgi(!AXbaw>6yEARzpDbxph%lifu#bW~E4Xd>Q;{29NKaG-TZShbX zDO@-7!7zc6;JaVY=1&KA99eqwp*Fr)EInM^S3?$}olbiz^A;0={BlnPwN2_|!m)_# zUQcE6U@C8WvB}uAwy0-awe?W)m&EK>4(*N2*!Kkx6P0tGgA(;Mm_MtpWpy8CZ5B+Z zis;p)^3od`>EmBlG#`qpNO)9CVB53H#e;2_W$84YP@dlSj&BJ~ospj<{m({G(?}9| zW@GKjvf(7Sx&{m&S}vQP=+C$gZa=bgY(o*we^oLG{>7uWvjHYQ)xxQ^F@b(0JQZXb zDC%?#%eDE6vV+iHD%n}h(6PqddeTQ%x8DAL%9#z`jQy$!Ixo_DF;4NB_?~RT zPb9PJdDfE|J&YO2?(y3|`EBC+u{&XV`58nYjX8fDT%HS5oR&7ydZs6U0l7tyX~yt} zpQVAXUK!0)lE6cyn8L3F*@qk4DV(#H*3ESR&ND~qYc35krh_BIBAOPpIk^1eJm$%- ztI|z7xBG$AfyMOx$vxuz^BVV++w1J%xdiD^B&di?lHRW>AVFWqe`tmwjg+%9GV9&4 zrG4Tf{2SL`k1Z&z?(*AS95>h8CDB%+XuUs9Dp-5Q`|66h5Ia%zLo75JE96M8 z@BSk1zF9sxhxeyo{OemNK1(^^$)MekP;&5#{jr6v;wfYOIIOY6kh6&Hl9=)J;M|@h zV<^)``^QC0AG`3S)lTS{4rbW3C zL|EYo5)|QH&RYiNR(o4 zI=Sz4zaXt(^zk(|GD|Zbc}j zKW@0e?(q@KaH5?#W$P%r5ZhV%+Io6f{-+9-kUnWFdCWt7$H#;7BQ$zc`{^uG$8(ZI z9qoA?44QAh`9qTGs#61FAS+)-kQqlWEC&H&jav82jE0;f_l9qhmj$fJaDcmwA3nbU zdWM|MFx`|7dvSJx{;Y;BoX%JG)V12{+ZKVR!z7;Oi-8A>7U$ZgHre{6Hf*XZ#cH5V ze&w!+hb7`2iMZk&)XM>#gdiQ29ES5v>VMMD=_EH`lLxvJ3B!N;*nL5wADEz^>%|#41ZSvMlFUz}xm~6Qb;u-%b$%TOXu>_Qc zlhnVUQ>`du<|&O;F96VtK~8 z04Ynfav;yb-&G4HP!}!n6kv$r)-bG2EU=}kvQ)fHP8MAi-p2uW=uY)Wh`m^6Fjn+( zLb4m*A0?>XquI)tUvPKUs4;v_^u2Y5lV{?lyYs-ItMRq14T%=E7qg$v+FGEgNNbr+l9imqQGD%7<`*BQ}4Ac?8z5EI# zO;E=&JX)&DTI6hG@ZSZF1QPM%}r<0K}shOei-uFKu7blVXf9L~nBgVsK4uH#`i zrkA_#=fkQ^@cP3l zv9{C9`fl_4L&YZRHk~w6oz+TT3u6C76X@r}g$DNSEw7;i#Xvb>V9wOo z?bP_#n8i)?_}Fmi#A)r`KK%m{+9sd8m!Ye+*nP6C$3rA;;(7ms3Hay4xieN|C**Jd z6|VL-KESw6Jq_=wf$>jSsN_k>qw8d!1p1Ny7}CV z^HK3naG`(SoUYem^LRb?S1g`9(|hZ%XaCkEzGiT?@Z}iECpQMn#!aFVJv4Xs<6d-o z+R^xyl>PT-#4p=Cz(a|C#VO< z8@wGrE--0BpS-sV8i{*0p+O!=9N(vQ%O>}0v)?U z-eI-7?3XoYpXZ?PHIBATF8YNf2;57Go^q`sB4fk$u=UysJxKRA*&ft`)fWirZ4Ehk zkI%7RcHaG-pa5?%F-evz-*Im8^|2V3C#=nH(x_dONf)g3gD=LY{|L8$&XqjRHf%Ms zG>!*2?tfZj{($l#@xIaw6KAT>#m?YIfk)s=@*k?{%NT7a{4+`amBPf$>OHkT73*oGKMAs*QOlPr&Q(f2(3&lshq-IhcD^KAG#nWnrwlEkp!^a!YiEUIS5_R{$};OOv@!a+=mQLo*Kn@-ruyU>4cpQ-N zQr$kDfy0eT~@U+*-XpBdU#D}s0N%oJ`))4tGt9_$ZOyq}4MV>*Q zqNvFW%U~NC+4iLQ8bNzx4NF6HK#q>tQ*PkaBQ{vgZ9h!jAnde-U-4A2H7~viI_w!# ze?+CT{w(+H+I*@uaIlQ_=)EC+?{JA(venYMs$j@!G!uC}Ytfy)pzDxWE?b4G=C7&* zKg-M)Bq-9+Yg&bPv_h7ooTLP@Ci3;BBe?qDAEUt=TgLQRBF6qet{Kbdvb!rXTT1=& z|Iqc0(Um-3*l29qnAo;4!NkdAVoYq?wllG9+nU(P#I|kUlbPTDz3Z-Z-!Hv7E7f(X ztNZNQ`$3(qhJ;-JA07@R0FEhL{p+=YGnmC1eQmD7PS><1#={^Nc?0+64M^E>m)~-U zTQZjf=!p$zU(e}c&Z=1P9SAA>e+>C5fFWNLDE%KpPQLMHb!uvAACo{ji|oOF4C(#L zlb+M=V@p@wl-|&9@=gl(NS3nfAQwi>I8ry9bH7$};2nM^hpo2-!c@%XJrT{xcf;x& z4$SNxP~*{TtAZ#=wn}^_#AF8pA0e}$*BbrWrNth^i7hmi+Q)Rx`pDZsVtv=`eS^bV zs(LKunoy;+dQZ$3o(=c!sjB~IbX)iTFO5D1+w=BY#Swmtab;&@tSP1YoxSAeWc395 z+95v~nvH8p4;#m$38HDBJ>mjaFj_b?AXo)k8H>h$$ng<`48v8%5SRDwp1=seRVS~$ z_L;=@_oU(2`}fn5U+i&0pu~pJwJ=;QAV{igFPyf_osXm=>*zz$`Jub;PGFgZ$kX`& zk}&{%W~m7{(8CE6=4Ha>MKW<*=}jB_36&Q|>3HtpN@@c7L(Bfu`D&kQq(9!p=dGW+ z68ed`?F@IzewVY|rWSbZB81uwR`t&nixQ2;D7lDEh0H$Y`$U6(%YZOGZ>Mk6H< z^nG>*_3wy0kH2cMRjgW`6Hz0iES{sZ5?Ug4J#2V>{U6G_<3_iIr%E5QMAzwIdnaoMYAa)~8$pb}-|ZNlaTQ#?b`60}mk)&Th1n-Ef1>3l%h72hA}Wu-mD!5% z7-OM{b!in=+&if?nBpJkm`M}i)y}s2fAltahsPz>OMj8HXIe5hFha%AQ~kOLFD#?~ zs=DkOp^teQFbsW?v6nIPA%qVbm{OrWtEDhG#PE$7?vc|=B{A;HXd+ixO4H7ddr1jk zji)f(|*XzA# zD1`i6q1fM4xVFl^kkC>tP3G$mr|F_7e#1VXZw2}!t6$)NnRST?wDyhmml|Vxo|06; zq<3K#Nqy9k#AZnyKZ^m$lQKH)?YZ-_vU9xjZ4X3sj1L1SuTgHJ+3`tF%V$s6tX|$( z-5_*FmQMBzGuGalcl$moUBwE58M*^!PMS|@dL3@HFS?f$PVg^DRV5nP-D`cpIXv_# z195JceJL|E@pBM44$UcAral0HDWb*mH7xocHGRPgpr&IbQjI2GzLIf-$2e;_PX$6| z5PXGc8zkoz85}1ls*Wfz^m5lIWx!%a2w|DfHc(d=(+Ngt^SpH=LIwKE6a$1KfOT9J zG#8-$`(%qgWqzB0HUGZ@6xjbvU{{HL04vzPBl0sK(}wc=_dWUlD^5bw^{tqEC(AHG zn&#Vd@__1?Bc?}WR;l&LnG>(n3|3TAPfl!ts(^*QhnQPx!k=f^qmzSAv}4!mMpz1# zbstrbKGb9}`C3yixUu_QF&Xh40daMcBSbW2dfG|Q5pU~jvesw&Sd7uc$Plfdx<{}WWA6biYl#Obr{=j?|95e?S}v? zRRnMsMMaKN>65L?TEizV%|XxWQylZy_ElvCkFureHZPv><+|;qTrQqegNae{Wnxvs z)I-nZA=uNc=aDXrF{abL`RFimK$nf+;>@szPZEBLf78tJZf^bMNV^YFrliwLf;%oC z#6V{f0!y!TlW%w9AT5At00{f*SmwnT>6=5miTOpdH%rr9q|#KoUCnOhM=i4M6jyHn6!Q`BYpn^ zPv=c4{H(FnZEzqjTd60U4TkjOGa!BT)G+G+BNMDiG<%}PdKV@n}&+D zik@#V4y0G99koYUcDP12_lY)vn=8}%o=nl7G&w^(Y2yTR zJf@4>Pks87G-oSN0y_rHuH8>Z&ni=2Ih6hmAcrL8)p*lPMTD>G;2+;hXNTJN56_R! zZ|94SP{44moqT?8FIL2|hqRlIpPaCy4t~;IBVW9JM)bm)I_tBE3xN@S1yo@3tf35E zZ2mRXH1%Z-Seoa>-%eoQwYKI*s{P$V_2V{hjVlu`1$Y*9jVQ;Inl0ok%+ zwh`k0GTXoU#vOoc1Ni_d-^o-$agXGL?kXWdS6&5mo?n=q894L?Tf#KUAXxbdvx;x| zEV3aVhgb>jo3M8HXd(QsO$~cdp)Z-IHPr7d9e_B?^vYc;saFKQNeAxudw*`s0!XZR z@{2T#uJS7%hqSAQE)SHVm(#K!qW;@YCCj;~moUR)(YmlL5{N7hYF`IGAn_k`&hksZ zI?i;>{kx_W#^yT~n5(g8>*h(5QXwD!jc`;%@Rw9PJT#7rvXSSyi^?7Z)!h#?jHf8B zQVfpX{Mt@AdYyKsk)H?s%X`5Zl{&U#gIEL|s#ei!8A?mTPDqA zaOUbfwdkm)42{)>9E8gIPpODM`B}QavdXAUNInHh0;h+0Cw?X0GcJT*J@Nui9id|o zoDD};yzA1vpXhyt;Jm{Vtn{D;4nYOmg-jr{>7T~8TS14vo6^(n3lSfrm*=HvegkfB7sYnqbzEq&Lbsmo;Xv7`3&@bhs2%vU%Ce*6lCTxw?+ z>j;)QHuH4Il~rtu%#AR{$=tOhFdPb%cbD$?@hfQU0h%AS$}a^ennIKz3aAjs1blf! z?Uo9H*Zfj;9TUSLQ4+DLOtJTIsOnUnx+ipsYPsUzfK_@*@(F{;U3ot>%wKUAUwBv& zvOn3areJ~MS0CBNYA_0qVR-vql^|&#Jr7tGOJdc;OkEC7dHB_QAA+*bw3_W21`ZJ! zFa3aTU@VhIdxnYP%tP6^D7#9~-w~+=vR69Wv2iv+OWXD|d^&IZ6C1$ni!`=RRdE z-71aZ@@||pE;1t=q&TtP?B=@qgSd&=m1>rXg1;2KLYF2H=Ec*$brXKK6^vh^^QN|> zHRyXSQN}Qu7fc3lq7+PnOYv|kV#do4r!gaFzQ7XKZTGr<$LV2MATJ$9r`p5z!I{)ullydfRfsV=dif2rc@7Rw zft}(9u;$bSg9}E@g%vl@*H9P7gRJxV82C7Zu7{S?g*{|_DXTh9!_q2f=5>I+wh9qW zGXT-J?CHh)n^w`#zMuGkNbsopT5W>dP_FmteKEFC3@_wuz50APEnix%DH9a_C({pk zApuc04XVVVyT25E17zjHdx@E%p#jgaM%<7APObti4J?3N&6z^R#+|3BfFQ&w5v78O z-Ch(z5^caZ0rN&gub+8UTvu1X6+PaTOUnixhV4Bm`xliNcGb?X{T0B+h56iYnpJ;-Dm^qj~{$Q`GkE#^ek67uYjGEIGM|nD2!`Ktg=YiIIV3B zl1K5S09D9wh^yslF>*UQi3pn-AB@>R@(Zglaq*`peoh7;iubl$jr|#dXTOFS2=6B< zdEN2+Xbj#^-DU#ZjjhW{0Qn}>GYmGu8}>_lfA8qGTIIbH`oGVJ4~O3~m)q z0KLcIVDy|D@}?cZlIMrU6y$R| z@5fksdpk*!8nfNLA&>(`!Lu+CTI_9ut!Ko zuTrn#f=J+!(RB-K01z$R$&T$uA|6KQxIW1uH+{-Yq6*5n$NZ8DqsV4fMXiZ0NfCBX2#SyBl_ zwELI#un6|~YEwBocOa>xXROe5D9!E$+gPx;TTb`7iGa~L792i~vEH<=q`pv|jEr$wZwe zg;3;tD?PWC=8fJ{S0#L^$1ZvK7_+Q4wQohg<)x(<$Dr@LG6XP^&?Tvs&3Cv-e$jr> zZuh|KhL2x7pHvm$x2k|77h+`cw*<8%%QJmObFcm$T%Y*#(92&K^G9AniV^sJvL3V} z)vJEzv?Y(y^Td6dZjWwE9DOH(P7N@xo2;mjo`DFmD-@WkNHvAU@H@db$C;!Az>=u- z;zXU4-{hVfIVrV7#kOZ}Eb~d$Wx3Z5fERy;f>+jVh)Xur0-LE zBsPV8@E)ToJvr%}YY}&~e&^T{Usw^n|Gi})?5(78TjF~9v@AG}(!-$TYGtKmoCi3H zqhdyxhJX^U#J`sLvc8?f`D701KgcZ&wrq12gOh;`ZKibCb7xwLOK4|9aFmG$tBYrW zGpl0@@3n6ghw|k%FZc#Nfo?j}=CB*)^Kmb!Ac`tI^A&IJD4}9nAf)?_eQOcg!HvMg z#(ayUZCHfj3uJ5QlQ-*vnp&ILPQ(c_&3}vpNGbC>wP0@Mi50kxFWEx$C!QD+-A`1-!dU6~K zqUUMfGHtoqd}gNS3x7KW6A-laX#t%Q_w1csr6=0K>nTH|cBeJ|zFgRWXzL|*jxK}9 zglj0aq$+|5RAet;J0M(A7iZP{LfM8MVnWGAPY?P~mQ;4~s5vhboabbE9?-60n+tXa zrHx-3qpb72Kdp0^|D7$-7W7IoeiLKqyZ^_Vqf*+So^rdlGnhl6(RKxUTJUY-(>D=f zy5GsGsa}o*Ryb?e?seiS1d`sY;zS+ONAk}610MAAJqJ}W7hxAYUs6Q!5w)+qfG1Wm~*v?L)2jEMq>x`l9M#K+%NGY?o5!V_|DgKde(Y*|Om9~9901tpJx zN0VqTRyKFZl*Z>W!Q-O7T$S1ALZiv7h`fFQF9|$JE+*27DGvyg4XEE(rh&$F3h(%J zGQUYoh@mv5%8tZm%XV<7cprB~2D~4GBTvj5((lEU_BOUG*wxXo*^GRiPBJB@3xo&Y z)t$p_5xgs`326XjB^rI_8D=S>0&P4eS^d|diVzHoO~_m`)>-z%y4?3gmq+tq?r_3IBE<)wDHJgWV@6Y=14;BjEv%bN zoYaD?=1g)}x7S^tx$ZMA>fP#VqW9OEO@DKZ21et_w(C=QvEF?dW}AH=yo9~?8y}zj znl{pPw&Fg#dGX#3-hID!IKjDx_%kLyuVCp0(YRkh!xXdI(ZVBA+RonSFBG@PufK2Q zm<*?b*6r}(bod2Se}!ToxM{g((%o^`iKiawK6hNLXW;R2LSHv{@ z>vTFg(TE|ngfR!r5hR(OQKPX#mo*bSc^X)0gZ#yD1M5=bUU>S)gpHZI>%KF&e^geQ zjfu=;(Vbt1Nu5eH6(R2csj9#i!a`~B(kkq@bCXEGQ}bPn5@aH2@i$Bv*EQ5j9p^V2 zA?5IdrS?8&dcXCfiieXcWk6ow6=>3zs$Q*p7$FRB>dCBQ!oja|O#`9lmLO2Fx4ob| znAOvf5m4Vb?i@=l-J&}6Svm(&{Za8~jfgb_)kuHifqlbhaO?xwS!RzWg57fEjys}h zQ!w;fTFAJ@w`h26a0Ql~JzBiFMbUsXqh4WW|582MZK$7*$&r_r>>Ao&`2lQF=QVx78P)8~kpQ?fnCw{$*k(b9^olP1fC!{y#% zlqgbf+WOQ|CDUci^;T|;iWcPt#GK1%{E15^qTJ0|+KN_bfBH@e_;ScN)fxAlY`HLu z8B63`oGh5D6aDzi>(&(r>xU<{YNh+jbOf+BQeaX$RwKhqL5aU;8noxlsfcr#3PwG^ zx`Kg**8kaomb?Lj9I|SnjrK@8PifH5V;Oqs`iJyk$K9Kl-ft^P)r;aMkbEh8_g0A4 zSUF=_K=UIka+!_-Jm5Jw81CFqCJamw+fMec1BmLAf*$pBFrdBA;EHdM;iUL7RkDtK zD3LChCy^Hlyv$L_jN163PwfDs*`J)fITig z4|AOT;coTw0|hRck=inRsEmS?Zftkb$;L!NJ)D3u6IV9Jrtd;M;mqVe?CQ zJ_e>xpXaDHnvwF+n{%j#;JA*_+sI^oDstJF7Jt^5iN4i~5j|!DVRr%Cqkv55IMhLk zNdbzGs7DXPX4F_+`G?VkQ!ODhr(1Sz+5Id9@z{7Q(?a$4Bw#UEgGU#+z4ZP*`I*YSax zmRuk{Ekk+5w(& zbf2R<1!!s4f#cL$B3o(H!kd}9Q@YOeqDadiQglT-HCXA45;@cD@t5kyEu5b<1dIiA zmyYk(lIAhv3145n32^_1HLiwjTL?3H{}bjSWwkxbb_5ZoKAyI&qzY*A!V0P*jYtXb z+FQei7_LBSR#Z&1U?eNGV(HcpkTzW7<~Mp8pH~=!*X{HBnDI-pijiX=_a5z8Ltw4r ztTs(H#0as!)a2$6sE>_$gEH0!uBsTtoi~Oy>7n>N(E!lZgo4Pssav^+)6H6IvZW#~ zm>3#5&UWzBLRxFI(PhYtU5U)&=j&PfNP?4}rWL&d-BrLwlg1>mHv2^6;AxcL8@=*! zU{&YqFhOkuo|1d6;#c`cWyvv71~+(52d8U~DOkJv>8xEYD7b}~wDJ7JS@%bpjfRRe zwkk!ro0z*gQVBJTsvH_xrf+vVl{C&LvXbWL(#gx66R{1Ea@2_`dElRBeTf{o&<#t^ zD}?ubd4^c|!ydW&Wh{L5Hs(hLD=M9x7qWx*w;2z`)grFh_`Eowrz)Tx;9xtRlxEdD)#* zLhy{;R@@kQvr{kSjt9Ea;O3VtQMuDz4du_H3*@mT# zEc?FCVCO0v+f#d%D|e?Uh|wFjT8}AgPwj0${y6~+wqWy`vZW2X^RjWRx?%9a&+&%T z5NRydg@L^xZwL@RYY&9W`@1v{1hvyP%Z)V~WlSUtQzqVaC(gPZzJ^!JXv=2qk{x@O zf6f@_$tCTz>LW9i;M~olJ#Vg(8yU$Z#Cc0UI{brDS^pxQk6-0KmbP3u?IX#*ph6IP zHN<`3Uk^=!jJS*G=cvRPFg35@JdxL}^rtvTdc9ln8=DAiQC_zyo6oT;nCI%?`HpE( zH1#~r{Xu>c#?B$wqXW zU(gdjinxc~@&`z(JOSz{b%4-1Y}v3ku`<`lH$_ry@L?{Jxm<==I?3^F7vTR!U(i z`umv({T#Q+N~>|ax^8V<56Y%Z({-Do_Y|0bZ2+Hk_Aj0m<74a1c5K3`U7Y@(klJS{ zX=BaUQyqx~7G=N|&Pv@G)O**QGl6Pf}JT_^R$4}&%xpUtUwn6rD1C_n7j z7%)QJAes>pm|BbN_Ky>!*|h`f{fDnPjXv4aKNggN)5G)#0gD21g^JwVm7578U6UcG zYO_0g=olBJ9|j#l6}uZo)|O6OcuD)S+ILm^Lv%Sjy*BVVB$N7yliP@)XPz;fxPK0?fsn{6aFGk3(Q$nzd*6Nh2;gX6^IN*V7qxTVn zi$K&IVM~6rX*Smh8Y+^oVZxR|x8vsZ{*h|W-~Vbc>Idc^_AVaH%?V)ZIbZ+tou$Yo zp|e1ejpagdn+R#v-7@NE$BmFsmaCBE$lbXH1GPtT|blyP&vE%msG)zK4LCD&FWt`v`K{!?JcMRp{$ zv>Lb$X2&7#YkGIJ-GNDZX~V7j=5k;3q{*=&dd2yWw@<;jy0{dTb9l3k>*5(BCU|Y9 z)NwI|1{l=k?yHSO1{i8673jz>TUakPv*+8gHev?VF{dLEGqX)jg>k>@4?xPHea3!T zZO@PNGH$H{Yqrcr@PhXrktOY^(=(`;Vi~6XZex#|&2F_{AhQ6>mUJCNtB%h$#k|$@ zkPKvrz-&+p(?Enc082IL)Hqd=6Ywt8gesdbe|TyEe&SIr>EcB7!Mv2xuM8Jj2!sY3 z2?dt!FZcaY$)f}PK{kOdFXj#D)G9=W$wH9QZPLFqi|1hkfAw@Sui^tOOSdWZr670>03Z+Knuvo;e`cTe|LWbqCfH60-hwhdMaN> z=@s5vd5ic{@rj?)#**iYYw;NGZ}pJRo<6Kh#~hgsTN!u>q`K9&b8m~RWjk%y-zTP*4L*u`k^69_31XCI zAhyy=6G3HQ5s4WZLrq9*(rk6@0&izb%b-Kes^|l-%_+AgPA)|u$(XyH#+653Urtm( zq{~tNhMT{WpMwhO0*YXZ0;CfvpTsNZahkJ`P!#l8HI-FG@fNUQ8FU;8&5C>E{(WX` zhCRzq*(cjzelelI!rz?`exd*gP-VwdNg)&Qk4&BP5E6QlDjBqsjN!<4>aMs_+Nrt5 zI1<>B12JqSL7E>Zzi)$qJpJ~G#J3*O?}Cj7dIUT#G~n$#=t+9DLnBc7ZV4X15|N86 zRooi47jWj`8;TVZHMP8A3fj9 zP4;op6ww(rBt0R~UqY-O`a{Q4rW7~P#9=!+`g)iE5O@*js^-z8B>ajfzBskkN9k_Y zQc4XfvG1xteZn2{P^2{3UR{*%nVBJrM>E`_<$0>+RCa0}O%i;7Q56=ajRLL|mgjTI zwb+{c9=v0AJUw%&mB&w^fx*iseCi(a&4+zdqA#cE%=FSl|1( z-XMex^=48TS@xbUi2Yy73T&PX@zNeZpF&SgjH_)CF_af!j2Ec}MbB|0k`w@q^}kQY z1Yb<8nRSIzgl_~4cBHA_=7L!`uYI(y-Q15O@|NVVEXzwR_NshdTF|iE;cW3J7l=pk z)FA~z1I?stq=_s*%vB}8HHjqR()uNwR7a6?&t!sW!Q8b$5v2m3hffr-0-Z-|KMcRL zgt~aBG|yEgddKW}TJtPqISHLu?*21LN!6Co3Lx210U)Qhc}H`9DjCy~0DI|4iqlLG z?2g=16RKG&R0%3i(iT^s7fP|+{z0~wGmmc|3Ns57Pf+@z{$&S$yusE!pXZo3M-9zw z-;r;u4C~J4Pk|?no0+5}@Id9S=usTvcD7l+8U7Fy5;wLt6MoR)1XXZCH-16t0P8CD_Mq zxW9cCYNadlzoN-Jd{f!lG)EeVP%fB1( zDVa+3Y`6_hg@vX&%>C+FpKY87m4D_h`=gaqA~ONd1JmE@vC(9tkj+r-mC@&Vj)T67 zFxr5eOjZ6ZSC8h1b5Ozl4&ZJq$F~4{xX#VSlz-E)IyVhSy#=tz(RBSc%N|X(uMNAZ z2fgXk2!iB5spdOI)L-5G=+*y-L*9+m63x-J@2c@Nvl3pakFl=7*#y$yqsfSv{O`K0 z-^DFH^3jb(3>w7vC?H?cz&st~Cuxx-5K9tc`yksfSk4%r$wa=+Dhk^fh8gtJb! zeR1OWcCfE?#TFQ?!;GD1?9C1)Mvtn0a$4}GF@thwnSol^N&hvrZD0#hAAlUwsWzP{ zE)$v|kQpZ^0F|FTEEAj|=qVHN4s`s(1;mm|{mqf&lY&5Gb`(J(XKXXPog*@p!>ZE$ z6;|*wZUhM}v7i-x2n%VT>>w%y#kE}6!Jt<&VUzFEFgwQRdU7&Y2(JQJH+VSwdx7RV z%IB6=0XJqVJNmOhjapJx(sz!6Cc-Qe>sZ&JTRYP#enemVREiiW#j;jTqTHD2{6xv& zwHrJOA+1Lb%Y=}8Suc-Kt(c)C9Z8TV>(IG^2+L`5~~f{At#{zL;@P}Bc0FsXci z{W%6SVE*pXL4wcf4i%?5BM4{*4e_~`)n_Z@I+YiX9_uUyRz4gt50WjKXgc#>pQ;T} zd5*IS@SzOy4CTi#XMgQSjK+eaX`5HMrT|`9``gKxGL_!_-`~A0{_=;Lb7%A{>EJKl z?pD)KDW7=kyduAL2(we<3<^_HU%?DE`)~eY+0PJ z?Iy4=&-^ucq^*N-)Z4II$_mWRvOvGCM8)o?d|QI&4=(|d{gq|ccLkz>q4UgASP1Zm zKXn!nw$0~nthF-V-oakagN1~sdfIq@5wz_b!_X>otu} z5o+}xa2hv9R9T=4OAd!#la%%I?osGBJf?4Y44S5_R#L*f0g`3Uw#>q!B#oYCr}sofe4C&gfP#6oa;?vX?yOAgsaX#jY0b(Svbr z%I>zrgRt-IUxt^`>}}kB_6R&?Hi>BPIxGasj}GMVCG^nDL)eZNjcnj5=VG4E4e+|m zD=L>ZHuDH_Y=JEv2P)Cb7>YRssQ=?g>qb0l zvqepmpDiRKwb)9pD@uwVl~*H(&e#XOu~n-eU`*vbf|(<)k-}*By-PU)-}bWSDHwVr zsxVT;^nr$g(xT6uQfyk{t_1rz7s(T){4af`-xp?ySA6#I3>JKTuZk!*+*5vyuDSl= z$w7_73$lfP&E<$_|1S7V{2Lky0;l_uNZujSkM*7?#eyPcN~H6cScL~h!wU%Mq0&T3 zqA&;ON+;v6nrjTFUtZ&&RK7OB5!40ers-W5qh(V{zKtzokQ%foRAHYlfnGT;1DL{e zD_Ac+GlIf#=D<@tOAM6|Gyj^qyeKV(3ZRiyMgm8Onj1uK2JVK=pJI2M1MAaO2kouI z^bW4z?KLoi@^?_KaZ!#uz$o27|NcS) zB)i7M3#W2vgLaAB=D{Jle$6gSjX}ALAYtGO?1OS!CZA(+9eCITA3EeR{5=E>y{fdz zLKyYPu9(L=4e(+gthg0rp}!3?%PW9aaU(qRZSA|U!aiY2zsb{F@|4*L)gMTH z-$7S;8LjhguQmpWy>_5NFN#aN3*4(72CtL{!e1EW=%7e`HF4XbhU9QEz3c|#c2f@S zsmNw9P6f{nr_C<+wUcP!{nqc!8y1aqPmE*|4swp-z-IKdhe2JLVt_Z_kFQf(XBVPV z_lz1}RD7StIj8>;n2?mwyQ+(M<4gh#?}Q1Ndg`#$x=tgD6B9~U@XY+O8AM_2k9LL6 zvK;5lX6SFJTxdCEtf{KxiPS4c_=(En3-N|dSzBem-OfxlVgH!UcYkx255_F>S8E5> zo&!HPg@4Wkjzh(d^>-hh;y9#!u3V91y;ZCkRYWo#=m{?b(PrRwfUsC#5Ze*rRSpg4 zrc2%yfq|ReVdnY>50Iaui3wY__<{q~QUg@ql=bxr*)t6}1dNZKA*SC(nSSuNcSBcW zE`^Hh=V?E;%5Z!?HsosQ_be~Is3N50z&MmT8t|6Iz*2rJh6Q?LA19O%>lQW$7qb`S zTV^;_hzz*R{@82Ub>V3vqA>rPZlCm-32D+VM+@;OT8@~?(BDCCYnU7q(Q}h}JAftX z2m2uj)Wx#{-lfbKU~8AWsctBLf}|pisVLCZXn5@3u~zN?4fL6+`Vzri3HXKIWs_b# z=|8zTyy8cIa-B|7{tO_ae;DZ4bD`R!u8N>mi@h{d#w>z2VJE?}V?*o#QK{eXT3cuP z)|nN3*tm;CJu>RiAmCGqmvsZbRVQZXn zSd28?@7hk~OR5o|2W)n8Uv1Hk0D*v;3z|=5 zpstOSe|z~Gfq4u5b}L7Y(m`bLsFEgDlQFz~z;zq-1B{aIpr}6zQ?-=vgcWjGjv~C)q#)Pc?pZ zOZ?I|74N^l!dA`hOBus|PP4H#9eOIfMSkVHCTS6aP3|qdXJ8%`S>%>JCRYF>jsFHl zjoPPL%v9VQ%oC3kmIM}W79dUU2aCZ9f`cmEXNjb`M=&4<3I!3b=}OBb7;v95tkH%P zbSDV)HIFnW)7QeUMG1`hYMT2HTAxD(YH&9e8@$Zy!@mJ`08*gW+jP<(Y0UaR=hZ&%%1|$y}2LYKUmf;b63p0WBS?8y}%Ig zX{X*{Vv5kP-tN{7TzM*w=u_t4RWl<5h*WzA&-$ z)9c90pYAS4fjX4U&d5vkCW0#iDD78|wM*x)8~4tJsV;)ntFp9^(&(f`-n@wk*5s-A zfvXV-Ty71xK=9d6-E1buZ-~1RFanOwK_=A2iO$ftjV=bFKOOEztRP)LI|i0HdY=(R zM}xY6n$=n>&vky6*r~B~cg2#S<8($mv#j-5OTCR+e1E{ zIeVGE*CO@aPxwb&cshRowcoq@YVp^kpd=czhY_0=m1A$Ujh3N)>vG@HrlQIXm1emQf2_)jr^ufmNETnPz^3>pW}( z-t_D78M$CpYo&@B@VGpr8S~{`NT*#2%;_i7{YEABn@DE}*4>D6K{py#`&63N2a^2k z23x5a-K!D{QX@Koaw?$%6|sB5H?fxCd2?UEmeW*tgkXeZ>H$ z_k*655g|U^d{>~P>r;7}+lb?CjE;%fOnzv+f9CiYw{YcKfi((auyy?783Rj<2q?)VMIt|f1$f0b+ zTa}u)XgGe|#*8!3el>^w)H*1iA3GtZSWQ{$Id*$sEt#Wo&$v)h(%hR}tw`zBiSC^QV-b^Rsn)Glzu61wzo~2 zvMfqi4{Z(Hdt7jb%d39^VZ7)%^6=F{&6D?>^12vTJvPz$E6i3$?oxk*JzD9mon0Qa z*E-UC$jz6NIoOp*WtXg}K+3%240A9QzeH)TLTEhrTjSrN7Zj60_2wj0+O#n09)n-% z&cDm^=znBcTYx2~@{PyfK%>e!iWvzU@eqZcwW1KM*J6Avs;qWgb?>&X+XpS8tehaQ z+*=M};6H~n`N+l{dAHD7TB};CL-yK0=xB~VFK%?srjh zj~m{28vFvZPB%dR%_Ky$-PVIR-~q;_lOMRvvv={sK=*}g#}j?z6fwADZP}T~iR{qG z?-6@lDEllrCXJ1d^Q*1ny$Q`i;tCj zQkfGj?b6BYnCL!Sj{OYzR2X!zr6_ya`HVz0B|u?rlV`cH=2^(+q41?HZVEZ8_W;8v z`b$|YA#n2n75K*;hY~s_k}#h zAp^$CcYa*wiJT#odmEYszK5vle&q7b*%~sGTbp z3|>hK2{bV?j!HnA{e>#U{2@7?xFn8doXpO6BWNmjvc8|Lp`=h4^|7>{d*tIp4a@c) z`F7DyIkE-FIwjJ9ac320lL$g$J+*|*6i`hrk4+W+v<08!_<@4*ORTj~Y(IQy3U=0> zc6v6$8z*#C&~bV;%I2CSPfBBMxt~$UHY2`rJof4Q+M@V)ef`zmzy~l}U~^yP1bT-j zBT_8$=IMiM`yKHMhuR;w7O*8!at-iz7)G6~6@p&llZhElxqNu~hC-#tB3IVP+3$3J zC+0-<=9Xlykdj)2j-j>?lyx=l$72FHS!;5-)RRR@^&K=Ue57f0Jjw}-T-sDx9-O-A zJ6YfMb8l=X3CKf8p}Yu&3i}@Ap12)rQf2f=cr~h+WA-L*b0?egr)1o_x$TZD!M;C( zQohi*$gExdX-7QO`ooc3a=by*W2TsrbQEguKA|=^@?N^j;W^URW5wss7OIskx+Sl@ z6zw?uGryFfU5K_y%au%6rp4 z)p4Qm_l6)(xd;7J6X9_pqQ%?o#&_jFI`7}SJeFu?xvM!&CbLr?P*!QtS!cpQ9y$Ty zTM4bp<{JF1I}HkyFWcsi)?49*8y(P0-)9|H+7A%o;oMMepHoI2Yb-fqxHli`25a3( zP~v_5-m^tOudtVF-uy%#;FcL{oTUspU($ErL|aPytarQz!@ZZ`oYxk-3{F@kMf#M2 zmkAuZT5V^S;(0Q~P|=EiJ1ZPg{t;c&+gUT-@O-VZN^gCTqTOE@Hushg+}W>;_eAuZ zg4eOx$-TFH4VBd%G_VX|i7PM>9qZPK*J77erU@B5}wgR$sZQ6UOG@x428q zt5PvS7l_J-llD=P_G!?r5)$tN^)G&)$EWZ^>)MDY;k#gq8XT^2wHHqxij+I$L!sH5 z<4Vlwa+*K?4{7fhURkre569MI;!HfTZD(TJoY=N)+u5;g+vc8dl8McU|ND8)IoI`j zKfm91)vDFiy;pbLci*MgbK;rfIaG!R=sZ_CP-!?Jo+SQG{knKYB*e*9Aap478!==b zGCQa|VLL=Z>*2%ZoE!B+LVcESYqD>P^hT}JY2U8Y^fi!eoV$MBaBQ*IGz2%vQslQA zAn3POSnQwBZ&jTLGpE>=Pe>Y1{f!2Dq1k6gpRec{oJcbMvEQ!qP0*54)~V<&_E0{F z`hTkjL@Bhh{}s3$3v@7I=W|Udu5B;0wRvaC3h_wd3QqX>4wpH%|4&#=VeizTPv3#Q z$DQ>+2g%;4OGw_8F3wj(ktS&F(;{;)6K%IPJ>Z&X>D~;@0joMY|KkT6qyRO7a3AbU{j_SZ%q@E0t~c^ zx2ud5*&^1dj^5MPb@3{EOGHkc!G~l)ndkphq9Jfv4dzg69eZ+A!?i&n7ywPc;})cM zk_4gCf{`ogX~(4|yiP+&dcDX)Qio?`8hxjiW2pW!2|+*X&&G;EZzL~yiM`#AXwGe} z0?PRz{l4{^DkjZuyHwJ*j|)k`ue^+(mn9fZe^g zaYeW%T@u(r2j$-}BF1BzBx>tM^!-i;BA@LE0@Zv`1$Vux2(&rgL|uf>U)_CTP`m!p zJ)wZwdIKEBFc(O;qGn;!?;8pi?)>xrau7{0YPJ#~fhz z;hQ%f;@5opY{vdsR8B~3k3t_u8QPbi4FVHy4BXBSVL<&}a>B?8muJ4p zffnJ7*eJRYP?_0;tz;P6{wzNo;Zogfh?J~Hc@;bVftSR2rTY#8Q@9;UjOtuWE@o4v z6j)M3|KvV9QnE}+&y5dfCgPjdnN{xrvgfxipLR`#8xdhKovJ+=Y!>F>>?p!<_L8j> zj90}c>M!TtZSVJWIx+JPEfwTdeFV+2E$yFDe-8_;=s!kF%^wHd;sb!rCG4>1pB}3Vc&BWQcs(29bjoH3 z5tW}W8}Y!Tf>0%V*!_gMjuZMqI_hY4tfpujT;^92m$DAZ6#h#aezs$Yr9W|5V~3v} zbQ4uTNY3$!&V}7jJi5|x_@N-zbyg(5XvoTuWP<#ZRlR{Vtl#x;+?(}?VqY&)toySt z6>jk5^8*)o?!!5L&t0BMu67@Oi=2nfPBm|P->mH1A~v4STFP(Wm)?54`zlGLsWjBN zs&6rjXcD}~Y}8$;YU}6@2g8`7-O&0!yzJd$y|7ClM7y2`%8H?Xi-B$X_dA-%xG+C@ zx4t#}J!9>T-6o|XF z)glFlmKT;3g#FqvnfTTa@hccTh2`#>-yd8We=!EtyEmdymds$G*xWV4M^gdz zDMik@2lJhu_wD2k5|(E~SIuVR?bzl*B`D+x$W(P&#jJOx)inHz>zZ+X?XGfG^kBb8 zNrkhLtC05+zdMt7t&F>D0K6l#my6O`#DQjZ-%&MIR$J{AduN9Ojpwc#NzcqZGIteX z%xoQvTMKNyaP>hXOtE&Or~Qg>VX$S%xa2%tT@C?JZ{hAE5YzfY#u#WF|2Eh&dOdes zNx@!;wzF@s1)-MyVk}&=5L*fvy}9%0n27be`6V$6c7A?-#GnnzRxD z6mMuxz$E~gjZmRzxSkaqi(eCJK%UOD^<5e#3#&W)L+G9I9=TKNy(4=eF8ShY+fK$2 z>kL<)qS*Y{GOh6wY@d_#D$eYSMX>D=%vG=dL|fD&0~6ngxGYRMtsD+(`{L%$qkUiy z`MgOs=AOsV`p_}C<5;WicDkfFR@#l_4Ae(rJxksMH7dDe*Mj@TL%Vn_N2use^2#Qv z3Vp_Vd=8L-sF0=%0NAb2?e8#w8N{B^BI(e zqi^42_;inb^XacwHTGp_^0qt=(4fmEoY1ESmpTz~<4c3AJh45L^iWhxEmgS0L;|V& zb%ho)q@w4GTt{K)=gfVjOd+wPV!1Z&Eh zp03X&Y2hAV&*vuk)NsYu9`F3Zc1XmWEHt<&Dj0+nMI=+9^nUDmse=~V0h9E)OPb4# z+>(ikZhdHiqJ$Zpgm091ZPEQxBKU@k-G@o*Oc4d=lkYCUeJ{~Fv(l`q2 zso+Z%bLS*-YB6(ZH#*ZRFoOy{T3BU;;@4UaJk8RF682C1*bXPtPyCWa{>M8zO|9r> z*BI$BE+1dt-oy6rka#GggWkr;w7 zv8U$PsoTm_7TsovvpHeF=`dt5i$LO;@fFYrPA-*|Np^%4O%Dl;t+rI-f})71vP!|lhhu$oRaQSC&Iw7b_Q%P^o+K4A*CS6FgT_WY{DXdkH=n~Ww8 zAA&yzW21f-jS7Aj{N&>dV|-)(iXwmp^+OqM_`WAysNk>faBE{$>Gzl(HGi6ZZ-1e3q1aQ2hK?Ia>wIHkaN~#$ z&@pZ6xVZ=i>SS=S9kH;f%<%#z_43C(MKfeh4VY7h1-ru&pb$3bG?${dPc3-buxJG*8lfPkwjq+R*0n5G4 z-UuW*y*AIH;W1U7hf( zt*d;$s0kEj+}|{^VB>=nj8}T23rst}awEoZGAWKtMN_(7I**gfLv{W=qm|)5d+fcX zQqw=y?!J&Wxr>=vZJoo56dPu~d*m3E&z+$79YBMurDd zg6)K@@f_DAb7j|5D#i9rc%Vvq=0SM&l|J+FD2c-Rr>FFu*YA0JFn02NTM2OWI*Bv; zZ_uAZE>YdR*vZEks5ky^{YoXRLwFunLI)xx>v34xzI%UaO3JG{Ml$e&N3mcZ!1+uy zhK!B8K{e0h7V!kEo&y?^_!4drnN{lIZpEh)wCfGL;TkB7Y!VEn{qM!CJ}KW5Dp#5Mnz zL6c#p*U=qqfx#RHW0qnC*(hzA?@LdMBfSQk0mj0y7pZHsxO1Z$AT=};XlrL-BNSiV zh&cxUGy3~VnmEOsR~?njQ@E0Ol5z!7fqT7@2)CU%Hl1TE$iKbp>X#%qY0I3MAMY8E ze1yJQ5iz?$USHe_%ODD;C8*_6&bq0cho$G4%^3t2zL&Uq>d9j{k%-NT_cE{8TMj_! zq2VLQPM+kv=T9F%q=BCrAHx_jp>{5P&-&I_d3SKGxA6taLxgeIL~g^%87C3vYcyWa zWjDEqe{prWZrTX=jt=2$LA;&OXY$Am8$&7h=<8Y+I22rPD?OB!kh*JL8Af9G!VNbb zj`Gx8S2o}LqDq!cj2lHT363)VUINj(gFUXL0!N{-T=N+1S&L(lYqABA=CUG6?t4Im z4-mLgAdPO>dmPfoyr^Z?$%fQ#DU zz$v7A27|_W7OdLOZ=UL=wen1&6crbQyW+a9Y1k;w1ca$DPKZ@$g7A@_tBU7C_ViGH>(<9yCrD()%&*t*g(r;mPg6-d-ZXHvP*JV@$d~6wx54 ziUrskPI+{?ipYz4kB3jTyC3Z()x0BUDS-&muER?GS)mUs!Z+x$_XZksMba#l~X-$@W{iXG2r9J4X#2l4LcSwMZnZ? zLY2Dkz5K119827nmD!kOXK!#nLd6#LtcaH)QCIoSk?Ml8o6@lP<=t6Wb2v{mEpBF? z%43~GwOk?rEpeK745B=`0#REq-@r=#Uo9kWWQU@NByit$E`vhC*DQBECZR2?q9&jJ zY8vY503t`(4KDuXVJCcKqr^}RGJ zmX?a!^01PcG=!>8o4M!mR2AmhFB_VYS~QO;rJ}tgd;G|M>)3INU}LDCx(wW}MhE^r z0o5|c_be|rh!dXM1`%HTcIY|B#$z_QyxC2()0J{7IVmm)d4oR6rXq(%Hn#X7$JR$> zv3!$(Cj5t7VKA?V8uQ?K=D8<%tmLlZo@OyeXzFWZ+GoUQMexsFVi?wK<<*GNr!J9r zTyoiVS@y#2U)i?^NZN46gHsO@8LfLCReCBlP=z0u^ibsCX6M9~TC7UiitiAWMiF<= z!+R&n0IyD7DoxPP^cF$Ii{YoHf5`cGk^f~7;3EAfvSTdelh~Zfo&{4)ae)@GSZtvC zGSY-fAE)!K))1{Ymtpb}erVa(DE{b`}aAcoO3^l?v}a zkg*J{;&640{Eg4Lxh_UtMo{b#HQ)V`26*oQIonG%V6?~d@mMaCUldgH!vhd~M?&E~ zJ9xe=rYu8GvYPVY7w9lId2vfCpZxw!hZS`X)h8;MR$iFA(7aLla6cS-Ddi@6wpsZC zSa?-ZOJ4ynzO(+mdVHEj z{91Iw7#`K4qDj5ji2$Q-3?sgT^?eQ5jzZ4eeEbGa^33;mEX|V=%u0}3@1=hy;V4e@ z0j;wBa0oL0!SyUGuQU-w@*L><_B+eme_iMC;Sw?r6R6d<08vPvj-tlTGCxbU5pX!h zq4#dH#@tALImanA@4_(k#IpY@AWC~4N>)s7jlbX#Ousz*~u#sr{?SQi=U`JO@OWHgI@b}sI97_{Mt7hb+F?TqO;Ij?1#ArDqzp; zQ&doojfkL(x@*b;97p^v3fT4QA;m@L4xoA0mt&Z0a|jAR@oB2tZ-5n1TUeu-N?+Kz zfb=xxQ}*8>G2#0PpBD-=TANN<9R^ZU03^@8+r*a6kgtu+j?3YHP|y)jOzRF# z^FdVua2C{8s@t7`;i%1oW&N`AM;FY;UB=%zW#LWc)6&tX=!bje94AX%Dt7vonum7Nk>{lJU2^o zF<>g6i=qTbvWn&`G@q0r>loSvT7c#XsO(+#^tV-E*W}U}U_WN}@xaHSk8nOUYIrS# zp1Ts3c;T(Hb|v?w*!NhfBe^Wc3<@LztY@-9Yv=puC?fPnr~;&iu!ii4s|7{Ttjk$AQulb>g3FbQiINT66;K{8qHh&wy}N8WUb*_rL>SZ> zRx20B>|$fUxi%%n{E$R#0EDBazn9HfE+&d226LAb`j;PZ8a!q&z~0KCSJN-1-cmzQ zTeO=XAZiCw6xCK0tNin~a2RuR0B;LnLn3C90>_CkO>A#6CbeWd|#KUe2ezn=X~(>J)Ym4+et^9m3@oIWsKc8vmXv6f3vWMGW6|@9B3}KqV8-ljkR4nE@ z`iWQdHB%pK5(UlcY&O(PNYp4*c||u^E;zcBd2m?Gaa35#a*%A2!TjBM?vRT6b9&we z5IP(GN*wcXd9xBhAD+i%*?Zk@;ICKmc!n*|T>%0ceBd-Ga@^23Act$=m`zB2bdC04?W0fQdVdD+rX19c6N;=qcQz3JKcVQ$vKg zM=Ce0m_eIp2gV51m=`QtK>~Q@aR?*?<0x$-HWayc&yoMAugFI(%o5bJKk`w{y+5Nm z#kt3j<|)qy)oKcwAZ7_A=M(;Zv*3NOAWO%qQvFJQnrjSW$128B+bUmBs$T@r3iI>0 zj!IZCMW~N}xodC_vo@zP>q{OrD^Mh+)kyr;bBcY4ySAJCH-G#cjh}SZU#v7Bk11xS zw_UG%9>BOG?Dd1M#?G}HQEiTYEk$c7&qHtt0@e9}<0YdsDFt5Foxp>n`^ZeR0v>z6=Ela+<`C zy-AYic=bJV?LS~)sRIDcP3&8R3k_N3SMzxEJnsJvh>owZU~t;Q;EXCY`S;5qX__!->+~s{^C;WMQmD>M%hBpz5%MyKKHEwMm*d%AZml~&%nH#m? zA7Jt0i0f_Q%+aa-jL=RVx&?GkvlRyx8|d^N$LiNi&kn5Q+S*t~5>*m~F=GMEC=N13 zXC`QyuK*weY~b&|MH+T$a=rF+(-ySMKGLYZ;3$rA%**4@ znm_q|31Ph#Xr7Lb4#KG4%^ZclerIQ3{Uf1MzJMdn@Zh;1H`i|q!@*`M>3qp?XN<5e zF3$e!2w@Yk5w#z@Vk=L8909Y?=3D)0N%<4C4W}aMB@G0__qK=6L zSU*-tIp)#nkCo3CRL&!UB5ZJ--eYeAIL`UD=9F%WXAfNCcfAOKFw#<%Zt;$w%iFv)YLfdavs`KyZO2Xz3n$?+sI`Ia% zzmPdtzx?}Sg)mL4-#_Zi;23{LlF}Z}`!>}U*fURSx-CsZFdmoQz9max;5SxM4$4*4Nca^}k4tI37Zjm!`H@i_#q zh?r< zz{7E4#+it1X=u5AZ>S8oPVtK)dhndZy5vuK8^22%W$iUDcuhetON@dU*ybsrsVdur zO&P;Y-ZU)>lJS6QZf|btiZV>4PpMHR^Lm*)Q9RXo$Vw+#Og88xoi(v}>J|eV`1$_v zPmce1Gw*>aXv3>Ngxng;hCla)pC&;1DsM)=F)QSxqRcto65Rhd2BWl=8-7s~bY{#7 ze!|)h@DTP*WJgUnn6|%D-?11IPL6y1*=`E@I-J$)$IGOfa<)M+-S#18=ksQ#u0qd? zgBLyrh}cuqUy#?kFmb(-uO_7IWY9=B7EN6`k`jH=|xcxgz|B$PHzEzj8Ej>gKN4GtHF*$ z0Ir_-;5Z1~PT~nH&z;@)z$vQbMKrODoq_twC=~rf za=`Qf(Jy#51Nnl&@8gx9K|xkzg&~N~&DF{~H3!;zJ;50=S@mtB_fx&cyx9*O9?hDS zxYCw{a1zCw4WyYt;Mr_;<*05niKI!NLWy6vOg>UhQRultWQ{D#2I!CgIn!c|n+iPx zo>w*>0|A^uh}xF@ym(F+EaspC7dw-cpgp`{iXX$W9Uy)-hhF+DOdkSi+owQhdIqXG zy}#alV)Os&oav-<$z7o_BMbie7^hu=nR;=aum6qjC(~Cu6g?~iZIP=l^Zn)T-Q)o( zFSyS;;zYUsBteQX(8#*_S?G#|iSui{KE(d^pVG-oO$;(va#sj|8;|L$j%ch=De@lW z3S%EG;5p4 zc~XC924PZf3p@0E+zTctH>s0}*s9FAwU2xm!)$Z@Is9YG_PuTaQ}hn(&imPV&euz4 zhp1Y|JOdUTW_q14(C0DE75Qz(pH+v&9r>WBxYoKX_)gJCbm!Dt?aT90v*&L1DQ!^x z9MP1El=EmsqXLOtPi>%0Vsw(1LDo%7p*X-wiyD!->_?xb_=ptmH0FsNd|Xju_M5?~ zzP}PqDATXJnO&7!EvCYA;*u`JaN{qfO=3z_JdR1dSQJ}`ZoykS42Qf4<0vDfvgVQB z@?+1C08Iy;Sm@439Rm1k5iuA?cwU_vWus!B%{kVQS}3)>y>y-(-?J$if=D=1@jcAq zja(n1ka|%CWb{}0s&L+_t_+C=qnbU*%}9bsTB?3Vb7F)z0 zWHV55@u^>Vb$<3&IMr6judH?q^1x}IC~y$@n=hHG!wuB@je7!}Fp)kK^@6$AYOZXw zpbxvv2;5@k0aZJnR5c>6czn4P`U6|Xmq6>DY+}Z9OpMMKuS*4m32c=3m6W#W_W6`P zIu<~ty4MCjEb35)KSr>EUDpxhATQ=SJl7F0W375fK7e~A69b5BR~FlRX8G!2FMNz) zTZQndI)G~)f0q`kYhe_-l$$>L)pHr@G{4oSfX;JlvUrty4JKMETyKaxL#$BG<+VS- zf=6Io2RnwTW|e%OM0TN8HL4^b0cF)_Tp z?lF~vDEAkXw5+9Ei8(>lvN!IJ-wV*I62G#Kh+0UDoM&5@>p*X`8PA4rk%%m?{)hFd zHWikE8FL8dBP!~pvD-2UPu^F7>xMnv620Tq|NQ_)g}Dg4Q&faN;WP}y!wM6}iX+OpW^ z{Z_EGS}kie+QFeU&2xT2Z&MYOSTbp`YDUp3|EVJl=c!v&|8Roe(%w68&{6zNte@1SfTy_!Izx5)Fq2<6TUp`qcM=Q#WG%6 ziOa8TB5Y4C=#D19x+mS`Zhg9#a(2$_RPv*-dA7++*M`C0cfYK%cN>z5<<_JBq?)E2=K>bv&<-z$v&5Rah*Pj71;xU51 zEMCo{L92dNK4#OYVGmV1Cq7VewbW}Hle- z=)r0sE@q-)4y$gh6SGY`3jl!-Zhc(o;Ok#(KP?%-Kx(>%*V^Bx&Z0^HRlO4NAAyw87&+XEzKH0P@o{i z(EpIXrJpAbXK=3ODl2XxOAsY-RWc?XR72WjT!=p{(FNgQB8YiW2fixKVmM7rkd(RlNp%j%cqO+V2$R9ocZ zS1U(!S!MOI9CKrJEd%LhzB)3rs(olj?EY$~@1CGQY5?Va>{cF@*8GZZ^9!;Ne#I$> z;)ALG1ux!>(ujYHyn5&=Y7oQ%YIg|LXhERq9RY&$@x81Doav!7tql|sI@kiEM;It- zGsbS+U^&QD%_qJ$R-8iF@RTnA0Kx`NDId#9o^!BbdOVGLHR}vJV_E#G?+(S-AV@H3 zadv!>Z{hekymnOJ2wery@QV*G=zFeM%kIwvnnZ5RuZ5QbwlezrnFRe#(ut=5D5?^{ zG#@&+k4V7=9zQI&d|{-|#*47+EEuKUYFZ-7u0>|t?i&pin}Q9QJV6&u8_3(JvHT79 z{!1Y`aZQsY&8}QMS-?Zgdc!#XcU+KlEvZ%}7QIMEM_O6xzG#Nj{;)Okw5AZHBhz(G zb4O`sE46`cpLZmr%v{21Ts}s3SY$rpyKS zKa8PO0B%ekj_4_kQS4Y+CB2%W!j0ls*Cz1)W(<~tZ zlSUomd?mbBy2TBasb+gVl_+KI!~pHDuU**piP)Nx>GyE-s1pxC;@KRRl0-T~0}V&) zgY0uTkURz8n9>CR6JDAvO#8S*QA+QT_BO~>OPN|qlorsX@UA?MeX74itDkfWfANp+ zTSI_*+kxYu(xEuAc{teC!?bgJk2jDKnD?+yg)7+l+uA%Zvq@6NdXVZr)lC_Z;IMh` z^P`1y>B>M4t3elqkS)w+=8UVn^D67+csa#6sIGxy z;!Lr`R6k0IoA!0+sdFb>gM|}Q5S0e2Yl_|STQP3H7@wu?dOM|U_0&ek5PjH5&FOE) z2E>$SzZdW=MnA>vms7*I=W`O&Ht4YKv#gtxqJ?`ay~K>b1U=A2N$?VM`1>KIq)B${ zNRC>HVlf32DhD+k9oQVj=Tx4U4eD=hk1Io9jL0_+h3N)@=?VfQm?8%=`EpPAIkDp} z8||52oU$dm=^prNG-xp{uH=n;t`O56t#NxbWeuW_L5GHU6}pJ1SMKY z`Rx`!bV*NkF+tJ1Am-f-qHI!@Wk)^+{y_dSzk!;OD6t9?OfwO|}j!+p0jD@yz{=U((OSnZUFs6r5L>W9JK5i1V&cJBV$Xeu$;X zhIm0At#?H=1a)AfvTES}ParX&73;k?{-Che!SrEyd0%otFaj(Hw8Cz<<-?Td6(v=`188c5a%MC;2I(3fhT{~k5bn-1)pPKAx^Ue zf$n_ghHh-|wG2N5YpIy#+qK{e8RKsY&^@dbm>e`Xbt~-E`84qGQ#%jjOFm%w>ja4q zHWkJk&(Ba-U`4>G>Yko8^vbL?EC^2#AysNAd9V{!8nk=d{2AG%1q-VRvpwGqSHYRI zrQ!#|Y`5xX9%_&44|xBIcU_vFw*74RD@~K1EEUvf#)zZ_GCp7QA^3;dOnZSPip(kKT7}@>R^`mx=-K|duY^Kkx>mI z<83{hE}=qrT7Z!q>3F`i)7@l-wH09%tVK=-uKK4gAmi%yeg+ss3cLt!%+awSlssb0@*UjgQOND_4=4HVT0c3{;I^h`X<8Sgc)4%&RGNMv$*niO8IV*(QIYWVz|&pBTH9p)_!?)R?~cqrSp7Q_B3u<+qrYlTDL;lpyCu!AB$6O z=$O47K|j+I)NrRp{%{>8MO;FOdx2_-X&YSq*%p-Um%O3GZ(W!SKS)Y^?T8zewJhsE zz$#%e*<$9{N$1#X)S7W_)xm@@!+55_%_$rl?;njan3p;qBzILV0V|nl;)Cf86LJ$J>$YSmP7467yE;f;sN#pHUW-mc zg}Upls-=;)bYL7Xw!L|-a8caZRtwmKu+%T+yZZhsCzK~D@V*SAx_K^Xu{HtfeIv-S z{Parp$$J*1xcRGwspT9gMn)5-#vXhTtBx`-4?zpaN~kiv@#{jhaCz48X+3f9`y6C- zv%(LbDO$+JW^;y82N?96@gYZ+tk(U5=b%(KP6pc%N*Qkokw^MN2xXvXaC7q?_CJ|n zZ&hBX3#LatX436uDdsZ>-m7Kuk>KL!Y_6o@hvPPML>U&qL5h(BZsIkSs9PspV5OJ5 z8qH73IjRGLl|p(AP@(64up;7rt2`EYulzI!5hBpike z5M;*w87hB2a5;hWzw7o)4g-0w19`tiqrIr?zZK!wkUWTkm=i$4)Wxvx^Yj#o%MS)IkUYAO2HPLC-AQ8qc3+ zbS+kkVilA}7LY|T$U!zu`TBNeno@#m z5L=xs-7m*&a{6Nnr|P1!*~s(tQ}$t;YbGe31b@)ENEg_ND;Mf?|2093^lIh}8 z&uJ9m(bJpelkFSoNX>61lHV_YVtir$=YdFI){Wem?0Vh^U-C)D0*eZmXgEQeEo-n! z{CWo-ZOvfnIluMR5Pq|Qt0sZEIXD-TK7ff`;-TWM`7y?J zeBP7bAEkv9Uu=y{l(fZ0kdU+bn{=&Ge$HHeE@XB%@#Ag>^Zv46hxMHkpECHM84I~X zy@eoO>uX9aVHg{QPIQ>wz@Ylx(t>ZCZ&?enT~DeWbN#qi5X z?M^aQ5kaR*-k!xRoIig*03c5&9jYy%kTnys_A5{&Pn%rRrp35q+Dlp6j{Ehw%WNXS zWvK^C?aNr$G$u3b4e+9`xoKPYV>@AoE|*0~d1S6|<=#kvSVRE85b|5+@olz;(plWDV(ARg(R3E&_r`M8HVRnRlA306xL zRn`)Yy`AQ{uk!VPZ*PD;2h6?rJTmxMw_a>hY(eOsMJkh)AAE?PS z50hz$tSYW;D0XMqw9E$XS&I5cSx2w>`DP5`Ojz)DG*pe%=wcX;23BJtD@Lb-PkrUz zoYg{M_t2@81bsYDu!8SGb_hpW@s@4NmagCchPa_2o-5vXa`8M?K5S09Ug`+8uGR1W2M!(9_>bZrOI4Q^jEmx>1mP~bWU zuRV=|k3|V7Bj9bpu0kCK&RhJsg=UaMDl#&1(Sz=nhVJ}r*@|&ylx8K^42Zc@45ejv zVwTo;kn1>GSR8gJOV*z2t)%~E!NAII=eB~ou+O(n$1aDahm@0TyDxGVowd$m1DaZ9 zCCJKrv--jb*-(y;^OfX6Y|*I*Y(F$L<7R&k93s>%m?tB~7eJt-h)(`dqS^i`@qWCb zhH~kmg8&6A0v-=K`8N9)sp^tvTiq7iGsFWV9!w2ZKtf! zvg#F7-M@z%?^bB-;<&iZ*m1;F~Rx^jla<8HMu;cncT)gd&^-;2!Ymm*ukg>I1 zKKIZH-}Q}MIbMYDc~Xa$NdvCIVW=-ugXDKgH?43Wq^3$Y z3Hb!wY2!-Cxpg<1911e0n;EF&3R#OH;Ze0pN}08ZtSyc*t%VK9;Da zf6OmZ4EI4eYh&KV0-^QU!mqs+gq3(}hK@Y#HdmQRb^kIwyGR(7f6K@H0ZGDHutZhI zg-4`pNR?$K^RFj84R;rutg2z-~^=iG;FS{$OFMbNM zb+e~1*`biRk8W+qfxy)#&d)&IO@OWyyPj;;MMmrGtWA&h1rBsNaa_o=u?W|`1z8=M!p|6{*lW4aSM2mx{=9_bsXweCO`KU%Wcf>lGtVU^R9_NlHEzFyig?Fu@hzq4u-=yp7D?(t2?f^y(U~a7zz6T0vTkYyx2`Sr4cS^GxlwX?VA+zZk8d9^>2lyCsu70}E^+4PFxvah`-r2I0e;-*$}(@ZH0)A&e_Bv09zBu#t3r{w~+?pmubESkROXE8tC>)x2VUH+?U?h#UmwUYILnRx6WhK+or8P77s%;{yU>B~D7q=F7w71qSEPcUih z>x4H7imgFbSI|RFXyMnult)EN>oGl@LodA}-a0ewWxS3|B|uHmqHH*@SZfP)>YkSh zCa;x2-IiG83?FK?kD=>m*NE#We(7ClRuxAYU+!{L;O%-_&bh1huEwhJ2fwsyCA(F# znsU~O;#vkKUp9*)^bSn7U#NN?@5SMwNV2ZXwpw7U3Rs0c-LQ6S2(~6azGEd_GY?n{JYt2m7N>y!Pu-#A_+k<5Z zIF3TsG?jX;U9d~j5mBYehmYMH24bk@Ob@E>1%5o|tgUC5kLzOwRtwDk$pFhe%x0gu zQbi4p2T;7>)CGU}y3V`Lt%;u{9aR8&h_loiwiL>9n;E+q^mHq>GDBz9r9!NUdDpo& zvRgm515Co2yJp++4LAIQzn3?`C~h8h*HwsM6$ZIqDlfG2N2XoMf3V#1+wTt&_)IaZ zS@0C%S<9_0KYF;e@6ex{Q!slcnyVdE{HP%S7|eJFXS;26zXj|5>NFEHR~QW8tMZy` zDYxZZe|`5+mhYR*6AM(zF!zv>oc>;4*-LI$FSSW(s7BuxN`8m}+HU+$o)4U-8= zVYs&83fGVx7OM5-l3NI*KgHdiCvSe@Lh%9B^-(7H?X$SZ8vX1JAkmpcQ^#7S9~{Nwn&%|FxL;#WeKlwqrKx|k*H zxdU8YF44Jz;HTC}cI8Jyy9@?y{BGw6Td~@Hxj@o8qr499UUTULnD1lB%MkR-&+5UU zYojclcF7z>yd=3Kou|6iLU|PND6j-nG8?KSo<&S2=R%)CQez{vP*Tn$f`cC+y>#ct z>TuD!g7N+%Ph!C>S#`yrWC3-$a;N##*GWN+u6kyb!v&^0`!u$-Rf_d6s@t3x6d|_Z z4y$2=6yS;>kufML8}21Mjhr#Ppl-57(+fMvHYk#$ev)4{4>JHOiH1&d9xhjkMX4aK z&_jx;Vlh(Gr(iH6*du9PvH;!w`!UI+Y~Zd4&hVL+2UA9O&WQK;>m=a?tRXUFXW#=^ z{V2F|MuTrZ+-n}VXpCzxdZ-Xnv0JK*qbL3%D#8JIF14fKi7mzTW1ks_vR}5V|FFMX>(IoXYOd6mNz&Ld!1Wo)HJqa3E z8(ixUpK8+E2N2&Mr9gy&FFrAk)!|>>ppcwVu)G>>_~^>|wB1{FW7eLt{S5P*G%_~&|Ddh2FNcSgvJ z9W!I3(+5MThI#zpr|HE5cHD3zc~k^Q3u?i60M7fzgC-_NR)#ftd4OvYPDmrGxAxK* zH^jZ6FZr>QMLNc2p4+=Zq`2q8_fgK>zk1Vfv--b_!{~^*Xp|(|d*JLMYMn$)J&DR) z!Jl|G+jjm~4N8ALfpaQ-2e|6r?jqTefbILaQCQw$7-mD}%RhPs-8ZwrM}x280aiOn zGD0KzV-!t^dVb`2G6VKDkUWa!Hv&)`_PBCDnk1NKwPQM~q%x-nV64o|?7tHnFc^z< zMHiSF+t8XeRKn#@zD1q!_UD6r)jmPMzpQlSV8_pg;(*tT@4)n|YCLl&m=jQYK5VDy za{j4odh`RdjL`#r$z8eW*j0IV3@j^VeZX{Y42oojlzHNV_2^rEz+cn;7`Dr?`kgx%W$&7xZ`)z>?UGB}nbDW)TE$L~e-*PB8cos9o3 zr`Xn5`f>fD#QZ5#Sjm&i*QJ)frJtAkM@VM6|C=izJ4cgGN)Nv&(Q8fE-%ODFMBt#D zJM-Q$geX5VSxf7T~8;Lk(#B|{fE3p0|cCso3Y;>o-?n5)GB}E^T+b>f@>MW9G2ge zH#|#a%}s8nB^XkzcLUY)2qz)Z`YiOI za24w-TT{(pqXoQqJl%rY4GrTU;(1U+1QL7bl^lv~N$ama+1Hg`qBnmefP=K_bUfYa zkDJPp&5sOWh+Nrj%O60mtQWwap3_s!hl+H2z7_l{tsCY) zdvV{#HsdZIqOne*sQbYz!QoCK@wyeisqaDfjEgvB6J|x#f zKKmEL@9>}boXAYlg66N-?a{>E7}b>*e>Q4f&Mgl%T$v!9K|yENVLr<9_u&|i?lqR4WeiQ}H&^y{`}71;k_Rr+&}5FxX`XI!`=ma{K{Gmd?Y*#lZ%$ zAt)EJo3L&G^bs)1=V&>o!2j3TSBAyaEbHQg;O-V61W#~>;O_43?ykXtdvLcIBzSOl zm%#^@;I2W=E-I1yziENm1qjQQYmK{ z$wD9~$*X@shR6!G*r#~+WLd=a!zOj$x|lGAbl6QPw8Y_o-5ZQ2<}Q@wkj(&M)ECQo zk}gRwn^7PgFW5^#YOHo$z=OI??y5JJwBcijhs4!^JRA{oSg-WLzl~_C5bAqv6KDD&=O!e4>jd5GG8O{%=I(RI*$F;P|3QgGDf(?JkN+#( zOJXEfwf>9)RTb0-8{=o`xrE?r5g!L@(@^`$=zQwHSBR%I)CeO~#W=~B*_+MFIBjw?Ex5M#`3%d2;mV0?D9UD5%&&hp2VtM-wHWHo=Qd?s# zZ87xokd*%rPnZt1^tGCXxh?i(rfXBnXrsiyddK`*`UQ}b3k_dkRVT#QChOhR$%o;6 zJLk{sgK~Km4K@m%4!jX0TvdYek5aJ0r?ieF?_Xmb%ywc#>?x#O!#V3qsSJ*@?KAU~ zYkk8J`FOEF91;qU4L9l;L+E-vs)?@M$9KD9%@U+-u-s-~TdK&W!%@b!_=3eqKaXVb z4 zv*Mj>0ZAmW%QucoEbCAkAVYc(NLFIvYF1{?^cS*NTfGqrmdanJOkK70dJq{(1J`CS ztaOLBc||y>wBjVCN_@MqySDU^5I2j8&))VgPBbK0f9xPs%=9kXQUX}&cF?#TMW|W8 z>0IFM(Ad*WxNz$mn1cb%oJvigJarXF=BpM}R}O(?1m3cDm?mAh{R0+ab!Hj|-M zvgjLgRU4)Thr8waK&a^CdQw-IVohN(`}>@0IcreLS^KqOkqCxr!M>gqf2+p2TO5aGi-p?BhQPIbY=X*Xds`%5qe8bNwo2nUVf+AUELvF>SurGi9Zy$ZcM;B8 z=IygRfRqH!6r_GB6`+dUdcBdsjGE3wWgy%#U1%)FL3pD^QLeTs0ljB;{hY5{TlL2> zSdF@fJ6BVkqs7@Bqo+>7%9YD@*&}@B>5jqp7y5>;9f?p)%jrD#+;~SlPnW$bjzOXv z2TNkQ=OkeVf$EA%(H#QFOdcOHdwvuaoriP>^8@gL;ZE9jW+r38f%77177i(F6KfTo zUlM7tL2hkqmVs$tNgNh2tjpJNK@GUGk}bkku{jH0Iu-7q<92jwS=%$f}x@ApNkdJ$SPb!r%j!Z zojmtZQ)35K>LE@fgY$97mrC%lKAk3eWpYX1t3{*)JXdc<>6!FV>>JtlZy|>#JOgL7 zREJ(KUi`L`UHxuB-`AAF-Jb} zqOt>LVJW`Ue|0RVRrS~J0&fmP>g@GDaLK8wyM_qC?%gih`(paN zb^dv`rYgEr?CU^M+5x94joytjTs@}xohPEA6`}XtD@x2_pnDFCt%f7?Qeh6O=CuJ# z6{695k5drc(>v-?6jk?13%J0hNw1gCqAav(p{{B>cCVxiE0*9^_u6<(-MC`z5e@Z+1)6ZBM4BGEk*vc_shX+j*7?DY~}+;P7F2tBF$AF z&IIt~RddBRO!`W_{Hsu?GCNbtsq0J8DNv-hacriK<(ZsID1BmXiH2HCPFbDS2-_$` zsL$$N6mq=0OJK2TkJ1+=p4$2pItx{tPC?W^5zY7J(<<~KN;`s%S9cdK5FuwV(0a$4 zprc9b;Afoy%q;A*rXR@t9~k$fgCC|&Awr_O20}~hgg9uN`moI(-}kTODac*Bj(=gy zfg+ql*o!I@Gf2qp(8Uqo8JmEU^_;=L*9dS|ikzOm7+0pW=&J5EyA5-|N3tjfBor)d} z8G7#J(O3@ul}pBF*cNsV<~QmV(Z6BX_&31oXBH-PBqTO1b;TXjCQ97F@GC_s%ARh3 z50T?f_tf5{jKfzF>U}JWZj@qsjC|8pPZ1Ml<0qhwt>4JOV<#4tgj}F{-q0w8sp`X~ zCmXe;gtW4 z4egYnV@G00M;nBtO?d!tfdBM@;A3C?_PCkD7vCT;OhuTxw)m$wpjhL-3vkZf9MAoN z*2>TL-$Kb6!wI7jvwBoMo_)zpB#n2j9JtFyMZ?IJ37Q~(=lcz;_p5D}qQxwEwN2(o z#of08IJQS$!NgfHQI{$sH4N_{T6cowM+ftbHSW>&+-T`bu23xptk$5E#q5ICtk*nI zPsbv-=FL_DoS8USwLwehe*b3?9i%x`)7Evq7{xVwx7D62=q0L76up7;N5QOhi1!?A zV{S;MG-aHGAuo@7jkvn79MkbZLC)wiSI@mV$@q5_8iBIIVPTHy)oraUHaB>vAhZaduo1|l5>F}*=ucYFe7tw}lgjatv;Ly(ms0wPcV5Pk= z&Tc!c4aI1qLu)?GBU*F*#+AC`u=+;O{e-bh#sh=fQJm>L)){*FmHv1p6pFaH=}A_E z`Lo6fqKbY#tS9ArP~O2AhP^gvcI(S(%^?k;`Ds21DK}7pzit-j%p;!653)Ohdv{ifQsbQwCr?YU-`RlL)SMl=J3Ev$B&Bha_fL9ftbe)9Velt9 zd&dTyoz^csp)`|+u!qZoKz+yX!_QdTIi{wI=v_SM*V9NpyXE(q=T0j8P!zf^bt4hj zTFXK6REy}u%PkQHrs-Y&Cht7*yu6p36+9gcMIE~2c$SYGv9tx2)coxN7`l_4ZpoyC ze4MWJq3*lOn7B$DaZ3Iu;uI#3u@hf9;7Fn=pb;;3<#t_J(5zVVa{>Uoo^?XZ@-toE z%6Q0wnkE<|_TDetN5nWF}0y>tM0cPTe|WF+0SGd<3?^&Rv(=hz*qiyax#f$-W&E^ctc-}l?ZeljO=rRe$-~`rcJ!$}Uu96_cX^P&HS*fZbZulpK-$-_rIrAO{9Y$jfdJ+#%^lEy`QY2UVI zOcBG@pl-BdynKfgc5klM8WjcHTWcOh(}Tyk7Xa2DvbCmA5G}`^sR2k^TM=fRY zrpgXtsRnjDJ(S)hmwM!jLR9?@#{xN<8hZ)dv(wAz^+=bI$1x^0Hg&1z=IOIjb5&mE z26QGSOFOI_OOF(oh}`!`oYf)SmAFw^JI{?z7dVQI=(L65hhfrQ-5 zH3+8tx}I4Aj3k+Wo^pV(uFlIIB@n00@_Z}%YN@#WSJm$=`3fQle$vLU#L(NdZ%zFU zCK`erlx^0E9QW#h)2^1lE`GCAlfb5jf+%gDDU+x&zr6g%>c1`EU;A?NDxI=*Meksy z6vsE_GaXU1UzXIF=5e(plyw9o+HqYu#KWI1(-2ic5%_(XIJOIrFe>DMg_4=4K6?YK znEh;3D!2ZDwx8|=+o~rr-fa`c+(g5nZ(Q4OP>>;~4Q+27&Rm7#O6K6HDAq2AeMPS- z>pAg)DoHmZDxcDWqB^1MysWaJp;+gcFoqCY&s=R%D7)Wn-a6x{#IKx)83pho)bBv^ zW916C*v|gb;MIDQYr%w*|O@Q0kxlga;(3WNB* znxOG9kGHG}jbO*#3J$rT5F?nLbd^2kER{ET=ggI2!|?^B45ptYL0;yzl;nt6Z7 z$=60cWj4eRCW}#zV}yBEEW<)id?_V*FI?Wotmf4MGaJcx2XMaqXw}e8z|Y2Nkupju z6)z=Wo%8ri35tUx^vMyJ;2ZFa-$KiDUvMe$Nl*u1jeD-N`1u8N))Di#>t08{6wN16 z<-C;6(vQT_lC`(0Cf?#Ijwc(hsQfc6*6fpHu1mFEUW_^hJa$aDO(_dT9__xJ`~UnM zV9oAc|Rz3Fr`+-f(g-o8k z0gFVYN9nNAjy(l1M|^<^@7S^As|WkJniO9U8wRykJ|J;37$6aX2p~ctE4TSSJeaX6 z-pIUoelO@^I5U`tOhyh+@PL&Yc4NVe(9@8oZhNmH!O+O`erhbbsYtD2ILS=*fJ!OF zHZ|hA*d#YKBZzx;@qr#Qlt%j$ zsX?QAErRguC8rt%-;Nr|+LeX=p_#R{NC*dg*Q(znkSDmpv7VMfU#ehQ{BR z(6t?r9I;{w!q@{~#GNBVI#W{;?Zx8QdYdk)74i{*$qu+F)vx)bh_}2e&k(s&Nkcjt zsAv@+C{Z*^a0!#QKv$f(SB;>=!i4Q`i7L>p2u^E>UD~*QQ-6!tomH0$st&tKOkFz! z$L7?4z6q-+0jA&%(z%{`z@NxWVJz-~1r%Np3wT1Qd*=oJR@v|?`UAnJv~Sdk8{dh8 zO(@aeN3u=wpPh_ml_OmAKCn@3J`PNUHozLF%fGs_AS+=ByOr}6p>6CM2KbnoG24J? z+l=oyLiKMZk=jhy_faQt!j4YVW*WtmJD^qn@Jp?3s)Ni}F%@QVGDRsf9%h?YuS)$- zL3?{Kw$Wx3Qxb5W$eBLMxww@Ez4kdX8O!|wL*9m-J7mMElZ2{VXtk)oh1;q}ZEC@; zf|HUSga_1PryMvm`-XB#%2U`b)vr>*r!aVl@`Ab>oi8{-Nmb3;bWC^lE8R%|eb&HB z%{^o|+#n2z?(}O666BhQ3#{Gk&w8MB=RZ1F!&(56lH|2q7&m8?1r2x?YhM3I&@ zCmQqD=XSb*oI+ou=4*=6upvI*^^L_hY;4;iNH~loz?y_j@xuO~kP-=Bs|~ zjInXalmQ`V(?`!D3Uh&|<8){9pOkkXQgoi7YIK=>wJhUj$;u19@XddU$?S}zquU;i zX0$d2D4Qf+i-i-vO(uXQzkA)G$V)a&;q>}LmDwLM;~Yy>)PIYa!d=b6buF}U8fDs- zYuyURD0a}$0u3C5VW?4)@FiN*&6+mGcz#GI4P|Ig_z#xhf3Q%8bqEa5;rDAetIDgf z;y)c*f)uN?Wq~H*x++vKgXSV>#hB{obYE;nSss8)D5Mm5ee9(oW?o{YiLUdd^A?g5 zm;7+0Ha&f9C<#p^1@6&d>FoVeaPO zxK2=`ilD-L2IA8K)nN*i*6!Wtu2~c!r3`!4xLnO~0lezt$gGnXmdNq#{Et&?$hTS=)=}mw_s}OUqmv=k>PzwYm(IjhYe!c z!6ykshj=!c2IQa!eUf0JAN&5%2tD zSY#(B#-%jtg;QGb_@EIl2imcV&LOpbq6B+|;k%?qL^boMom6XgYQLmskp*-4i6m_q z?|V57CQ{`U#_4ptX-<*$J5!3;^Y}}f_7gu~m%N$#bOJz|pARpSE*Xc~ID|f?R853J zeLydz<6@f{b8EjP`AMFSwKiP4(D-YH#(kd!>uKp?-2P{8mPio*pu+@#LfQNwr0V-3SeZ+XQqrUZ1(gfi|XXj~jWWTxA*bWWTQg6=DY# z=^WSX>W3?HRwwx+gZFrpA_%9sgdg-z1;1Bj!#`Zid@y?F(Jv;d89mzedpup@kB^lijI7ye+U-TtIK@*IEz9{} zI=)B^dBYjAvui}88cid{z*Wdt4nbkB-a!>dtA+G_0DPRY*#p58Z?=XMf-9}Oxd^&a zfi6kBeu^h+MeVD|5~?>1)=_6_Eg>li4x6*e!We_!#mo`!__O7F4hD&j@_4#^#Wu`+ zbsUOcBkl-NJ4m%Eew1gHP*oc;aL&ic%+!|cJ-HQ9d^I1zNj4Eb#`q?+2G5FxdR(-~ER(tIVp!oS&3v-?&uW)S5jr274 zsx+=a$nYH{`$Z#@pc)gsEL>2=?Q$k`auxY}Mr2~L9z)*yTAB#JB6(6$F`lX>LVsJU z%4bU87;1w?8BJn9P^VJlAG}N>QbSv^cJ)n^5-Y+!iOdGhKZ2jW89%x1l~ zf*ckWvD|dKipn$D%1Xb~bj4Yl2i2|#SG5TXjZ&Hx1X=3`)inqcxSX1JF^qFqn0{rp zY6oV5bs$}?<0;$Ln727--pKk~g)*H^TwYR1b0`8$C7xEW&kB8RyOAio^@k3HJU4}r z4E=V}IbL?=!}L4y6#+DDo_szt2UIr))QlNeWa+*8{M77v4q=N=)-Z9MQvMGbjdPV# zb}tGpS#SZ-X+_>IBQeGCIOxO-u=H*sMJ!xDbEBDXgcE!&0=rg>7Z&Yb&<0iMhHFV6 zlXkd7md|y+G#Yf%B=ETqLR!cIq2#qP0|oU}l53yv+`8A)A}q^5kuk0ZrX8N?$1+Z_ zIq7jsqp@Gv)&4RIkuaOkCSczdTuCq0z0r|v|2-#hWMTdSig^eRn=R0IEBjzCs;Z{n z&u1^i_Vusg5s?7H#3I85QB&9S7SEJd{dsHP4N9AZ-MAVn^);?6*luOoS`(2&pVUwH z1LKNW;rB#0^>=s48gqDSI=m~8qU1j>4#=B*^;C@qqS?A&C1Z z7h>iV7%i+ZS#5Od@Lcq54LLN3bL|A~c#YX!ZiRhLE$+pSHP|@nt#tLlQpC#lpu(d- z4b;hT9see^3G-C+qhyOgYg)W|b~-@QfJimNXVb>BkpBQLRHqh1>sXuFvS6%>MLMRCP6WPGa5zsGZqpj@IHp0L-A(ZB~Qze^;RcE!)kP zH?uS`?<0$+$u+Cs)qz+@kR8kY`y>`iP)+j7hS-fd$JJF2+Q`nFH|uxx+HF3?i{IFYRP#IS>64FV>Hu7 zkcz-a;+UM^fHq7eeHCBXCm&f0NKZB9g5IoDp|%1;-Xq!Hk*amFD7topWG?T<3uU4;?eXW|W)#_T(*3rU>SfD%c z<{aYona7>YiD9pn{x|XZben~J$b?4hKLB-MTU%FCp@2mCV0+{zVB%)&H~?=T_4F)_ zmyC0z?He@yN}Rby<4+iiLMCZ{&6BIw_Mah+1onK)L4;E2Uj!Yw_d0x5OYCP<7C)Ch8c2tE}aNixBAd&lcK@ zSBOAn{(SXl_`?l^w-vk#TzpKSKgOkcFQgJ39^bjMmdV1lp^w;js8CDlvq{8CQ%W0R z6sfCZIdLNRbTpbv`@7FfF4 z9Br`vE*37BS6yCzYW!+EW`4nF?(PEQHa$70FRGYD?26<&Q8)f-i)*0VxPN8=o^Eck z@o^_?-{6KAup_lb=i{Ep5B8p{e7%~Xops%Ke_v%QKr^=6#i=>J2Kh2J?v4?(lqOl^ z-nO;1{NeFlj}X^eDa~3L)^*`REIIICqtu5yzaa3LaVV|73hX3{>#$}D!S+0k3DTJ6=~iXJ4>(#6oDzYT!rl&mc7v8<_mu9gMIw32I1vbQBkl zYl9XTWjPU>G$xZsv8emN6RpN8nZVj#OF!}KeNV$B0~;;87pRnU`DZMIZYKS7geq}; zGE0)}0V0mV#B4?!V_Ovp9t>P6O9H4x#1gV`yTf;u;|Krf=1hIrh;+O#Q=1ttT68p* z#qL-W<4_Hye=HVnu)335(eI?SHy!Lw2{ZLt6@~fHQJlbnNtcg{}f+KnAT2_^8LE5MD+SHf91dt-O=8gft{|ye z3@GfAKcEh!hIHtcX(Zt}z@pTjDxlT7CCIcfs8&z7T19=z4M`gVCqDNxZ^F;`X&Y-( zXy_mg!8V%iHZoEJeXV@SFnsa*-xpF@n=dwrVP=avWwgl|hwcJ8%+fjh$#Opm0l?rj zIyPJA1(`?g89I)l@9KvsebY5*2CJxpL{hGP9=1WA0=(^5d;0P3H_F^mtTo%?LE{ZI zLyFDIuctuxm^~ObWf`rcKkTv%+_1|9Vj8IH)m_-uJP5pSZ8b-$HqTc#A z%G2+j>c^DJ+Rtvl(~Vl4ZY^fvQWT|BnmEl;P~zuUU71Ckw2AAZ_7}gVhm(D%^R(X= z5^7#mrc$erUEN2@16;gi@`tMm?{g~f{b$+TPoL(F0&Hkc3m4-SoP5tLC(`8~D`S{= z+uOacA@KdY)vbX}VIQAYev&BOTeeuQ zlTTJDYh~MHb}B=fxatfN=G#12HgUfEMx%*5AF7_ip<8Fce!(CT((mGX$6t*noPcZ8 z;!i=QiA*v4KIj#4Mlvs;;V8ZMqv3s&l5`!|8^fz*DTSx{ti*$$RzBPjWqsaZ9(a^_ zIZag|S5UWHC!?|S-c?`kqkW^m;@6Hn2rOv&ig7bqo}+iVOZ3D+SjFB$X##QtuXZlyP1S-GIHIG2l}CG9e$QQ~(P6Wx zL0F~1g(wm1c10;>OVBC3VVU-NE(#-_W7>%IsK#7F_r8T&*iFY%8($Wz?YnuM-i$7~ zrG}@rT7Ndwq*auGt{b1Dpfskt^Gh|ap#(mO)uG?IEZOTNXOaVDqhm4u zKCYdklX-TJ$Xi(sAu7`s$YcNT(OzB`Wy6nP5vzgJJq~2U?>0OXCH7u<>D?Gv!k>-R@FPl3wdsUFNK@LoXe zR-Xr(`0C5NfgzJ6r=KoWXnt2KY55{J<*cb|eS(@@a?`a%tEiYpdtr36u`bP~;A832 z9Kl)XOZh6eL5tswe5NdGzi*I_!d?n{=R{kWoU_g)zYB6m2-F1?E*+6k;D2xj`pCMp zATI=C*teq=zm)qL=r?N;nMzYtmA*E9#yhWf2x#)n>oE)PASh-+v$fT;k>t}zZoq@n z1@`bSn`CQNF8lnlE&4IbrTRyTuLrEmAjxYf=yP!O*ep{|;lPu8NRXLmOyPW4;mMiJ zx8eI*<(ht*gCOvgLCRRV`~A$fxSrg&InvNFpoA`tB;N>XO`bM+jxX^|>13`YhX=l4 z-XS+j^vJkw2k|RaQ2jht2P3AI4`Bvyb5T`7EB(_n|h$~(t7R7Z$nY3A&-^T|}EazdgSGNtQ?7!ueecmshkM{mcTh^C3P~y>K8vC6o z%eFk%4m7Wi#547YZ&ecF@v7_B+%NBG|7sgpnO#s(uC?c2SLD?HB(a#A(WieLTxmPh zArYbgz6T!P3IgHXYusZ+jBITy%9qlJ#*>*)FA^ei8^YTx2EMI0*Cghv-fKblX){^j zCjY|_OSzVb!)zj1;OivZVIk96qe=`yT{Y=F5fb{$!NpHz4z{)BOLt=XBMbg( zO<~E58_RG{z*XpT&FBG|xMRR>l3pb+E_1k_K8uA({->KC++1#@gC};#1N6TiRbLd@ zeChG%FBzLxkpFlD2&FK%EV2m($9QnvGK?Wu5gt52_xKU>;b}ACfA!lLLah6STpgX- za|zGZaQY@eOe2SlWH&Ik+J>o(3XVEb8X} z2x)-0oburw*ANaI>P*bXs98n7EVBQK7=`Q6{srTbv~wIgW0w_W>5{n=6lLAu-$*FETFL$a_Zhcx&E#qqgq z0PKi1>rnarb8{vBlpRGElXR1~vuEz#j&9U6{dl@23?gFTNCA9M1Q+u1na)YZXRgb4 z6Ek5Lcrm54#x1fg@nkb4Zxbp&QCi9{7p*?{NIwPF1Xbjb4& zELe1OKZi8n->O4f#9+&qcyb);ks9%l&xSvc0y8Q$2C`}fdk7YzUivncXFcVt` z-yLG02MAXTsYkrKraXijE1wTL^tA)XVMC3&@F0f%U)sXaTb)7 zhD5;#5Aip;Zp*I0@shOZmDV;rAC`!O(g*Meer2Oub7}Ag+)l>1sn&oq{RPc%>$U*_ z1(zQ+ZXXlW-~AJ$$f(C|EhQpYfqaeAgsoOq6B3~6WQJ_utb_LBKnt5kj6SW)lJYK0 zTT7Vzd=u*Km5v@d2wyT1zilOc0AFDq6)B`6c#tQ7){3R#S}ll#2xptvy$$Tqss#b! zip@{uJ$P}XU-{?E)U!f?wlj0~f;PU~9&nd($?En<)zzegGoaWXM_$N~_u;KAn}%B% z#O69&E4PK2N@6HBY)+D~i9uSO3fc&ew9(Y@h0H5566op_9?f(Bu)+b)vkAffxwnez2>ZmwE z1H+6X_&-nR{NGQK|1%27==BfZ^`@n01kYM#gYmaLIVu9nZTk7%*!l!cT4oce5-lo- zEGeWex@(E7zs*Rprk}j3{WuYLo~Oy9dsS#3lltRq;kog0AmrDUMEG!2j2$|d2i1wTzq!*!0Tv^|Xbc%%i4Ad1{um!X zbcvo}WCqO~Y|x6|R0dtCjy*q~yMK$U9{W&6z6qoYIwC=V;rG_`UQ4oIzN>rJcBM+mt_U%YAtUdu)8NBU$MaKGj@2Y8&snq2!tXhugmj$UZ; z0lK_@hjC;;Io4=l+Y!c!agm(ab3lA zv6o~FyNhQn(Palyp!QgYCzO%FCSAFb1 z3j1#m;Ni~s&hw$8cf7M(|Kh+In$x_+iaoXG_Uw@*A6x+{I zXezbzvP8ce+pn5_IV{V++Qw&r{bi>lA43hz&3!*9Yq-6Y860RMKlN9^uG-ob!%NQ) zAJzk3jl+PiQXOO{fysHtyshY+f2#5{SzbqUs}2cUvoOv-2_`s_2IeDLr0zs7ro^T) zgL4k(kM2(R7{G}{f*6qLc^kJ`^?WswVN9)D#S6N&>8C9b0s1OoL*(BBYe^C5sS!J| zoqjgL4g2+f61HaEk5}|RayQ$Fv<((UtInVyDlPx)TKGJO&gFM;KK#1g*rkMi;GmQD z3+0SS&s);*j@A+8`EW$mF)8r!infMjW3fG<9Kz9W_7dFdd7g!2S*RI{hrwLzVmL;IS42ybR+z9{I>TUk#*z9#$*Fh%|LR#T8S8 zxi+6#q$kQ6($DblpQX~?ypKQZO|)nsl*wHW)76eRosb2!w%(`dXDFmrCqj{IJNU%{ zJNR1uj0iGd>Afggk^A*mDz9hkmu0TlKAU&KAykq&%N*@GV$aTpc&r}{#lm-JSytPo z+_>v&8QAYf@rV6(>X@pIh~q$!Ld=h2aV^!Cl2H4v=BxFkeR*&3e^{Qj4FezlAnV=s zTn;MkAm5x&t}Bz18~8|n^?n>P%xPcrEAOr033S-wQ|SYLGv(M$cl~b1(&6*cEFXcw zv)G%vr3J~}L&SRSR|O(9THDEuxflK?&8Lx;EpzKQgqPN=RJ!$sr_$$hD-maH8mSeo@PP?IpV!+!K+ zyL-+EsiT{UebJ}ZRBcRaeBHiZQ>bHB#@0als|P=^Qb~DJW5+{@0$%jfUQ(~Sa{TXw z^ovQYwT%-PpblAuXRaUHA%^ZbF*J7m$QfZFIo8U$?fcFCV7k`GeNtH<^f4l%Pr z7V#TW)vz0$uMe?b9=gpfYGq8OXv~+;($@|vU9l_Xy6j8-ghRxXjClS!%7>r#{KC?8 zv$4@(_2#TPsG9c&!7uPFqWS=h8{ru7?S$c6@8%4f0nG7N?lWuh0=3Kh%l&*)zZm7( z&8l?irE?7>;%!hpu_5~7XaU-5I-?hO3s2wOgFk?rNJi%K z&Xe32HjLtmlU4u{?N@cGF$h}W(Wm*1m~J!3>Pw5ZDgg-?L8!Y>9L`6{N8Q&STo8DL zyiAS&>soNR*_x`*)u|7Z6=H%$+qh7dGSDtlQ^ct?sUJdR(6s2=>-aPh10+ZFIdDeb z95kfWqP>H4;m`Smnb~og*VTP#Kl0smerdad9l{e_@r7E~H+<-DyL+**LGrLa;q|cC z8I03hCw=YHCdd@J-2W490RKxxqp1Fz$mc%w>TGtklCY|G$l{e}^)Z4Kf=eJHP>#s zErNH&JmRz&Zk$*qVf-ndJTiUmFY3FAF5n<5Su$JKl_^8k6Z-k7{t~u6PVF{vhwe)A z9jqH#G-XhvG>Gu({wblV*KSL7t_B(dZTo`2sTh@IGHTkMazK-gMYHx%Og%$R5{cxG9+>X&&9JHx+XHF5n#USLOVx-o_Ptx#o zK_7hn%90i2_><*{SS_;dVxbF61s?-P3Hg)fcbaGi!zFvk&0zIC30A?j@K=aSm5E+l zZyB(Vq0Qj#vF_*B*3gA$k%Q~Q+vp;YxWB-9IKm`Q&nN{B>}n%G}mjUzW~LoZxMfF(3I!{DD8Xh| zMkxdB{8|ZLXqXM>XNtP%lbwRR^+8N-k5;x1v!x+5LaiCj5`W)?M_U#?(jKdn?S?9k zIyvrN+4_pRfAaYeCfPV)sOG0y_MseA4PVk_#781%SIHpjOp&vgjlvy0uGDnZrS}?2 z+?(097=|&S3;GFDR_c3}&IloR30k0xVw5rCzy=q?qrnSdKA zWap>q6(32}kBljh^rWRVlcb-<@EaY{i!A>oG??W->jKHjr%lqAs_y(`wj|Ldh9JcK zmgG?joPr!So9>Q{N_a@8P7w0#SrdlK&qd;kQK}1w4ITh~L@N*tEl8MIuHODNR$t*N z@}+hXfRgb{Y{vQF-m8k=p|F9e=i$wYAGkz%=e(W4gG7l%&f5!t;K@O7H4iq zP#X*=lTidf8UzbacAPX9#c&&6Bes%_znGHDaoTXG2tm9%K|*=ddM2X5>Mm z3E#mW(@->rNm+Os(hx+@0|+V{petves&{C8?xHM@BI;D@Es!Wo4u!?{4dU{8O6Y>2 zB}N4Z&;L3j>apyp-`;b4qRn%<5 zQWb^M_I_K=uNa73{Pj+fFs^IVlfW)CBYnc@aPV5g2j)zvzkk&n%NaaICKvr)%U}b; zrmd7LPJSEa%oUnIztnm3YF_zn(8*AI0O6y8cS!VCg|=H5Q$#Kgs^IuyBhshtTU+kAKa-i!%zp< z>Zow{e}6$`_^2A_-kwz~PF>X0I+jeCi*w3}t3Efe*GS^K+6Xc80TpTuCD2gj>1qP> ze5loeP?n>ql(P1FY{hmA?G@!AMeRvDcB`a+_rmY2!TBgDvZE#h%SkrD=*ckcB~83& z=_&TjhpZ|dOz4fP9?&&-n1RD#f~=04ZC_CoEk|!ee$Gx1S2XqBfM8(bR(9XQ1j)Yr zq$_8!AJATR8KmifY(yhBP_a_Uu#`;6749F9TY@QnOskwWSG!(vKh`fYEB4Z4XzyE-2jg;KyTz)t5j-a7#G$v0&c9^DRh<%@ef;aFrVvS+haVA* z!L~QpBmU2ZrvQKi?KmWmtm1zbJpS)BhyOc|=RjgPRCG}#Q9UTgPg-0-tXjk<G+CbZm5Nvt!%tq+{E*ZL?!^l8$ZLwr%X#x#{4j}^ofLtlasEB?Q zVPRpRg*;JFQBfrQkj**>2nev{g9ubYv8=kj+jisGbyHAKkf?=|t49($_R`SMP-#X} zx%Sh046w7avl=Eac@47p4YB(T^Yim_m?raBr1A%kiin5^Sf`6SWC?_f35HDwM=yxS zElNm8NIGT9x#r4vmB~a;NW{#^$4$y6F3Be?tEs8|^e$A0n^a4hR!Cm{nYN;anBhsf)(B ztG2eb&WZJwg{zLG>#k*BZ*On+)JEUT*3kS;_tItW%H_cN&D7M?@WRgI%E9E;)$qpc z!Tr|O*5={G^3lWk>EqV<)BgVc_R;0e@zv4Qi4#EF*v8mF-^tjB z(7>J0%*n~lk&A)B&Pw0L$=TY9-q6CCo!FKa_-CU_`Zxt~m_4axMlg}+(W6rHVg5?4*t3Qvn;QyYq`xR(R| zrh`Lcdo=!~G1Dy7Lil)iEUmRbE3dy{F$4_sB!%6 z;i5iFD$B-Dg-7`-|yHIP30EViJv?z_4<&N%BH#Xi_M1b`xxS;JFD0Z(# zpH*sY!Ft}F`13=dhsY5j2*oVCr3d696ly_osbxfnw(_rEsxw}JncPtrwSfc&@E+4f zg~OwGs`|;cvX;CazB&ddV`yDG_Gc?sB^9>{DWn^#uMMkGws?gFN`nMShj~#~$mUHpu3qMqi zE7SR_CsYaTSbsAMI67LF2+SF>8g&u0?SK~ydEXv`zZV4LKJD0ztHNgZhL8zFRhs9y zUP3TOPtjP}o$dW_hbP6H=3TZ4QfqBd7m`VMV2^3nT9KHUXwZOQ05g&MsXS9*Oy7eC zu*nmjYh9AP#=15K3$Ria^-Xq`4OYD9KCRvRwdy5%x(|T_*&SL?;MUP-~x&O-3n5BV<9A6 zKA@m_DXE9`cMZYDBm^GbPpqA88C(#k)?-6>a0)}QS8oyA7Hg;b%V5^ut+c~4ziT=GpF7~2y&AE# z7JFNsaM}J~u2^)%df*a)0VQl6nE#|@2)CDzh?g|XWgxl`XXsOaf-$!5h=_HQ_2;iLv&-V~1D%xO)sRyXEj3fJpiqrYM2XtKpJ*oykSan|Qz zNzwD%2S;bEcxWPW(Lzw>QhKj}Mt>NC(sqsZ5<{QR29=2LsNraI6M~|$i{z$GsS=f1 za2bLXONFNOVShr?XLF$kz$yQ6qIWM*BBDi8DimV8S)d#|RF|rEWJp($06u*CMj|4r z-(O!s>BPfH4NLGxBK>%uNJ_LuSt2z;Xf%}^InT6o&XLQ*2U*FE#AwV!+pUemz^;pqFk1VnF$53O@q(>M@1aD_QY@pL(0Am9WU!DJt5(|S1L&#~UX zv!7aRse*1)V;j^&@MGZ<56wg8xX5)^edTi`{PrdtAkQoEfSV%vRa|N~B45W6#;Ep< zJZ)(EjY!K!W<@j05=Ix;EBFH$%Qma#oMHsol9}VXkOGdpl=&=)`}cWb%t6g2Q-^)z z&5V(F2{TRdbf~4WW*3IQ{w70*`UpLm!+{ke3CvE!IzGBBPVM1f52e;P?z~@Lj{>vS zxL~BEjxT9cn7QEf3sN~uhy3Ihy5!Uq^~qc$koLDdx#yv*KAhsWy-D9b0@sKe(KO-6 zpZcA03O>4j-a2KTz0*^lJK^4&8;KFwa`|f+yg%13c^f<%#EvklWxa z);nA*9RL=$SNhf9a1I>IMh1JL3U`N@10WFd!>!sBN3{mL)QX@Ayk4oG5SATqig z7P_*Rb=hg6z;(4^J4d5+QyzLz0k)psh!Q|DJv~8^prMbHzjVMMk`7G@$S2+&9ar@e zFp{2WxQ0eDbGZ_22%bm+HV^2hfOn8#bhT(-HzgVgBeOeA& z!oJ&`Sg)Q&ubm)w?y8B`Z{7y-5Y`7opli!eNGd3A3^4D5*SS{t*tMSn2_f;_&*$mR zhJy9X_QuZ<7R%mGe>x;ja|Doa`@$#0V~_@#2IsN9G4x3WQoT_AsR{7eA@8s$l&}X} z;mpWvwHbzLk?ebI$Q3@3fKNVx0%Thwv5ywUR!NKOVCkgv9FG-ARlmQL>FycPrN(36-HIF3tFX;>U?aMV@=H}0{ zvo}RW>IAC1X3UT1_uA}Ni{j&Xn0FL!j3xn&22AKJ>ADa2bQsJr^Mr|*BOU1D4g zoRoTEEu5UJ;dD6o`-F;FeIE64Lx(T6Fz~lt$6OXT+u*zUzfrX;Tn=@A3wl>3Y4KTa z%Cp0KM$l$DqQBto}%`ppaPOOUYc>)=js(7>T`r*Legc80fOR^S*Cl|Vl8jdF@ zd8pV-LfJGi#*N9uM%S~FWMmM^`P%^(_tR*)Ieib|VZqJPvTKJu`fy;%hN7#zB0l5W ztnaxjZl0r)9_`~XcRw0ESLV~Nu`00&47k=YkW~Bzjp$!BJg3Zaim8-u{#Y0j+(aoA z>AuYP>b2YZW7o_ulihGtgVH%6*g2|pB_zZrbrfu-O9Y!8IoX1^wwt!oCnueu2HDxF z)H=SV1yj0w@gO|KL||6DkhgcNRx8)f$^MFa8?XMdFH;UYCWmACnqc}4;M zAC=VgoBl1^x3v#{*3)l8TM*lbS}Y!~LndYLu!q*!xz;+dAA`9e%Q%&}D|v1~dZw0( zr*(;Z;Jb^~B^S0zj#MU4SI!+7yIogYPY|^n-=)oEU_6GqV?mFbJ{UBW=R4j%5-?4z zuZ-S;l$Ps@cFBp z#E;i#>D|67I8o0aJ45uaaN0P2!Hl~CkGL1>Iy2>8D9E+3Mak>)9s%N0s?E<6*QeMO zmy{j)#@p>HIEkDSloQnG(%qvx=IVbnA+2Zip0U%wg7iUfZKu5DV>@sfY7MA@w`J^r zk8SGkUVh>Dz!X9sjOK=KUVjiiotz9tv;ldygBw`XNAO;%(^A&E1$||9ur!?Dk;=5*1^wvx`tXz}RLp?C z`I@-oI! zE6BSw%k^D32(J0OMQ3S$$4C=&J7a)vy+?A?2X(+dY@Dc zTD?qOr(J^QsljDbD_Dc#{PSnFpT;@HM(*p>6h(|PrR&cpTo~>M=>*sGIzw(p$mdap z-LiuYHG&V3GZxdBq|DGKK*oacX7i<~2Uc}2qAsVo2eyGPh-KH6Fa5_Hrs76)YTD7x zDqKCjD;bd<2UlBK#jun*+>IR+G4+3}GHWAecJ9AKf@qh?ruU+u%4tS4nr_Bd~83(2% zVoWj9wV$B9-QC1`?RZXXIU|qW{nQ`5IPGLyw>ZB`C&T0)+NA3 z`2)!nX74q=99TE1Pc~BDoTy7q-W;f8EqN*_k*kl$W9lVSQ7WAnyQ^H z-z&%m_SMu5UIgFUmc+7RWOLz18*wW_jQdn?Dq2S$Ai0Gf8&+_{JuJ_>+Y`xK*`vo8 z4qo_WLQ%8zMS7rk-%Y~P-tkh5wo#xGn0YE=X$NtGxjh9tGU}V4{SsxRQ)mkK z>-kM$bw5Npg8KX8vK^N9)*BnhRDR;;@ui;{FhQO}#p&g$(}^s}BNc+1TNkDW?6~gA z^mr-zJ$ecx6Ux*_F0@_QLy@AfYpcYtBd;j>x)7$_61V^)KD@qc+O;GQOzpP3H|$gP z?O+4$RO5H?Dg$>1pL&}3%57wnwVWS-0pf)4*c>kryY^1hY8$1=*L<%%xV`nxDtwaAAk9zmH5Z%F~H z^o#ACnLs@XfwIPaH+vPZcqMwOsMb=MP2p-5Zdf)kOU9h|B5&kbPH)e#hiYg%w7lHw zwIW)*z2TaUxp?D%6|UXvCG`9gLsaxc+gRV~uRLSPCin4NN9eSvmmm>KV(rcjZxfU0 zuML8t1{zDfH0|Z&b=DOZDbyFMi;M|%Ck0hLH#bJEK5jVx5L@@Jww!R&NvZn#kBG3@ zJERITEibk_-B_tQ|c(eIjz*V4q zy-b&t^C#ryLb}s0%i=7+;zg{T@sl=Zk3n*tfbub{qlO zZ2@q5+bd3F}C7PZGxnKyy zjj@kbjKrgm>#Q0 z{g$wZcZ{&p`!k**#5d+a{^D^5&h=vpWO>0M!Sm#;D?g;G+Fcjh+tt(w8s8?=%om-< z>jkjBA*SThfgP-EIe8h=`JCAc*>h#s29h~j((8rj!?|zYB$YCEA@+jNLc9gWQUpM| z_8v~vl7&Z#4&VpCTZbTIN>A~_j=g~?(%k8*@hHr{pc>y zwGrMQj@7XTbCQJ6X2aFMO;VR@!Zp`aphSWAE}W@#DY=LQY2#IbeQ?9?!P88Sv*e10 zC6uZ*S)8=QBeX|`54~o@*6)$&e6xtK0{+f+`5CwFu(}~J7a$Zry&X-|YTL~jGXz56 z92~ONBE;)dc^d`i8RApaKBD)uKdop(1+lh($;>oa2InwVn%)8tOzbWJA{=J5=(o1v z1q)BK%_#CtXNCoxKht+6wDry)_MZ9eS;BBWpWh7O!8B|3VlVnW;?h> z^9U8v{Zdq}Q%i!s#SQyFaqlo@p4Kwpl~>bY>}T>4cPy=V_6QWRvzQ_NkR#+s=E|YA zh&NUlS>t#Zl}GXWQXZ4zx6z3h48yQbQ(UX_8cM5!#qr%0Te&@`!xd5OmD($I>9M5W zNV54`U>nD&d5N9!1!(*kTE?Os`Xw6ip<}qZNH_W^4yXl^R#o~gGuJD7!-`xEu)zZP zat{_AB(V82X6*_cUzP!_81}Jjt5Tb z4jTB24GcsKzx35Cm3wX)FL;LU7SdAF#ntQkb=(|VcNO0|%haB%nVbCwXZs<(8R(PJ z+E&csh1cs7;XRTR{xo4DyQb=LECG8xZ^@R|whS~|WSLeLVu+3af$*>}PB-f+=mOHL zhcA_JI7Ur}dcN=E8L#vDjQx=RR)BtB^XS4)f7CNrV70$9NwUTjO_3GVqNzHxu6%tB zq&JQY0iN|-WSI$v2kWvP9&DN+#h?1kp>edGZkcpCQ7;0}Ap}6Zjo99ry;-X26~1em zcBO6mGlrjI{9;>LI`Q{3s=6YMI+AuQYwOc)`uO2(h@p(K()fgo8zzHqaoR9a+{tIU$p{)Kx93AWG#M-n&XfJx(v7B=qVzAf4^H) zbl#liqkEJzRJ3-0w62@C&LCz1ffy9bIsI^lOe?rXnUTyNYDjlE!6Tn#Y2Ly+s<_bg zCmy7zXTr=dZ~RDNT><`h9&73jU%EkhWtfoBU>UNszZ2vIifUUH>m3Ra5t&nK+|E7xOoNaGw@oS%m3>#&p)*Fc>3B59enQA2C+!_`6yhNi^<5bm z-0{O#^aUVAe+C;G)9`N;SxG}FdTad4iq7#+ma265fIix1A?~>OUxq+nl4pP3cBq~& zMa$vc(!kUC+vu3M4e9Z z!C=7mAS=ZgS?stq2B|E$p)6gpGm7y3Xc3`ML=sGee?Ppc4ZV#Fa7xC=)q}@JHt2%j^WmA>%qP~O(=Ke8p+BTdYVE! zV4YYU@PQK~Y#hrc;$_O=Unnin0Y%RJJ##KPe6O+oA+Ayh&oYyje|6aMPQ@DZGCJyN5u^ zSgm`xA+fSTdv^UN*EAu`u81Db^!Cy3Rtzb~G;w#1K&ovuYZ&<&xB61m@k=8*3QkYX zt)_=~d4&OpE!zYnZ?>;4Dp(&@zJO<)BM0I6z*Nelmi(4btTT`YN9o;WMQt!RR-RH} zPc_Xc&#(ikZ|B&ney2Fi*c(h0vAgfKHXlW}T0ffoUf=r-nichHypa4-_(3ITwHDqG z510rQ>jfPVYw`%>BW|irw!b1l2?we&x=o}mZNORT69X%XZvQ&VR=r})#feTVgnK`4 z^vE+*{>OSgjhc7oir9FiUNrhfc6cs7l?ahyWMW&u-Hm0eT5h8Dh5=C&fj`N`k8fGR zO6Ex02*0nS5KVh@mBHrFX&Sg#r8sl7t*QWAMb3-+nh;Js`^i@aWIcj0U5I)gG1CU$ zy`z={qQ`}aJAOxb^`|NT0fD#2qs*nMeDX4h}U1n1gg7ejfKIq0~uE*F4iFl0Hs0G^= z+rNEh#up+`Wyx!`5`YnMP!xY@eckO1vqy9Z8}UBGUuR>0Ncke_aT#K(s|z=c2O`hH zQyr+Bj75-@4X5dJi~_G-@>JP0Ytg=1c2A@vg>^B6v|Q(k;;Y4mMuzeQO!- z+lrvsn)Kd^DBEX{#y1aUcL&W7B3(w+W|rUfuqjBSW%{Hk?CYwgNP=DKqz=V_vb1O{>ZjQX!!1?I#$cTcLM+Cu0{;nCDxqz#2bi2MIC^8&btOsf~O z5ep@M8#I_7J@;aj<2w?9R5+Xk?Q;>0vr-*oYZuLZtGvaRPo)Nx+192^Ek5kYw4 z8OTS0mS0*u;R-ZrR;(E2t9kE~F@HmK5bpM@9(K*X%5YO~opGkE~ zyA#8c2$bc9nmV_Lj9OKHY?xs-m$dP-ec}M4`9vhG|_xLcKWnG zI`J!GScuXBTbF_#rnP_yWXHXFrC8Y)os&>F|7_SU5k1ezf{>GEwF7uoy|A_AC!4|B zn0~dkpmT#w$zapm@#?VBPR~NgJIoymv6C2?tPq%-`+^-7!rPx`n(08A8W@8~C8ikq z`H-66)3Ucj|JJh%(OzXKG}&z9m6_<53I(VK&(@tqz;ZA0Q-sZONo0O&tN!%@c3#B^ zNi#Yp=m!(djQbU#D^dxVIir2#!c+I|jxo~7@BIKjPSgNSqfgc9Eq6deXgJrmRcZlm z!BC_xdozI5%j;9o<#DB*qT81DfRnlQ(r#nM40@Ck*=bbT3}-X-XmGts`nV1ANgJJO z`+?)&P=HVIGA_6SN6#!mx>o zos9IwyR)XFF5E}g_p|Gf0-xZtCUID^;MrBGsC^TW1kV}Hm(U0T*m3{Nlcn$vMC%BfcT=Qr%t z!5F(7ZJ!K^)CBBZq80?A)+;s}l%`iT_)n*hltBs*r#Qgz8q1LNMMigmj@mDcG?*jS z&z0f*r)nx=@lB`Gc#knsEX}H^_3N&@t2^sYYy97T4^0|A)K-Mz1q?mM{My|m^lrXw zRPVG-MX9ZFVaVd&m&#D1a!Y5e*80Ea`*4jvc7c|W<_~kyMnV6apXWB^ zs}1Pt6Vj&U1EQ%mk}W%-y?0shjp~BEg6u|aZKawow;&?%uf4at?-IG+OHE*?w){7| z$`G*kcSSqS0SHz~=lge$9TtrF+#Ne#wK6MBZ9IZUE8-@;>JWC0cKp2!U3 zR!qG@sR;Nf-G)JL;z)R>9|J3138N}oa28vNtT+5I=s$`^w~rUrc&jCSWzKxzrGWAL zh~dq)rd1AgL|mBjmw;-l8TIHzt5)ffSqcV>7Fx@!e4Oi_37#EH1}$?9(0U`LTA^sm zn3=*|42w4y6yvjv=ih=VXy70CjH0X@=E8TVB#{tD`tJNXbi05EP2B)oFf5TJ#wV)8 z7@EkDNYUQfMXJ9bTjApV;a)VecrtI{F;{V*A(kV|>n_)h%rjVh$<-Et-nyG!oi1G% zpMWG{irCu+1TmUtD&e6X8qW*H$)eo9Z6(wx3%3I)XbWZvensJuW%u`raW{NJ2^fQU z2-bZE(##PUDftLtFakGf{-uNF!rZ*7FuhCcJPB#<-`8Dia_ixcNWz>Po!Kyx)w|jqXzt$V6@9;N< ziK$7rXW^(H<;;Kft70AssZ|>>_y}@PHXHf(HY}m?OuRzYEVv6Sh-@s?WjbYh2zmCl zvWyHnpM?)!#f#8DATnNgiKRdGwS0n4^kPaQmFqG1D11qNMw72ePndBPT&qX8JR~>R zVjMCEQZdyJ$4tAZ85}38^QfZ-OVIxIE?xmT9}2{qYUG-UbQ*ZFFy4)7d3I(rdB5oI zAmk`%e3>AsFE$b4C;mSwLqLaTpXl{Fw+pPW`ccZtLq9O;O(?Q`d2@QZet!?CF5t`G z6yUp@Z)z3`FE=+qy9j#+X z>$1>{9TS*nA)Le0EQw#v{9$P4bBlQ68YxfZdb3Sb5mI-|6|TmDypd31lu$448PlWC$+6paFJg?Q1m=sbW^AAqOIp< zdt33>)q3%L7feywa9?{z#RoK?$^^w(IzK^jmJbLKa4Ok-phA_&82!j_2IOlmYaHqt zODK;fhGc`r1xzUwScIlw4ZDCx)`PdXDOMlp8i%6O%uL8|Cs!)(?-MmH`3qaP|41Ya zAeJImd?iI2R*~nC3Pv5;XUMgU-W!^JG;p*{V2i*a#P!<}j6M(c6eUsaI&HQRH<(4o zY?3$^RgG@U)HRN3K0c>F<8*HxHR#6$ONW+HVD=Y!W!0BEEmz{Ocbh@P%)nu$N2FWc8RaPnDO0(TmV2eo;>J=@(6av3aUZwM}qvDYVdWNT6 ziT?M4(w_BCLCPW-{7ozbhhF${6RAas(t3G9WnQ2JEQKUH8HFTn5gXv%4DHxWYK12H zm$Z$ogTp(aS8KBiA%m}p)JQ@o)Bbs?=0-pUl_W{gET6yDeLo3xCh0~}0I7A-YIjCr zNtN`%e_CGMyhtNqSGB|y^RpI-5W)U^-c%VySK+oOIuez{DNS#X59pPgmo1f?6{9k9 zdpk&KFz?sEzEFffCu6vM==`*9b7Ll#%raTzgW2=fVlN`Bi!*$GEtP+~TPx~Cl7hTJ zc1C#y(sKU_=1yck04h7mY_l$%)ZBtZf1Szo(^%xl==iM3Yvs9j`nK2#X!s~6a~_D4 zNvvqo!V=ZV>dmEy(W^B4(ra9iJe({utF6a`9V5BpvAynLX_DfpgxJoPnh75M2<44S%#80>ALwtjb(lzg z`kN0{Eojp>h=`#5CXCw3^l75#52JD-?HKt76|)3^h%R0?^b0}-_4`Mq-}rCo&YLBhq)txlB__fp6}`X!N$li1w?O#i{$Jd zco@CMc}O>$yO4<+YyK?=0?HCDHOr{$4V^WT2S=Imiquc)n@{6K99jMMP6;h7D{oyG zuMmzhgFOUIO7Z^{tZ`3kYPufh+xW`VAnO-CEP>4-Xlr#a9Fipe99h(>WRs!tW$hUK zTRA(dH_4uvk$|5@#RK8JN+Tg4fq?uo2KhfQs6WO}YhuTdeRoB=G0p8Dm+KvxayGh9 zQbUNVNKzw#-^}VugTqWg|J^7a50Bu!e&Zye7}}ic6kjLy{^AjuDE#z}WYmeoJRv1c z?(3mIiA}kWB}7U{8XCqt6lOoyLt+PfB~*5_Ta77e^3+TGz@lu8KtUF5jc1jV?w2!9 z{AzMSnH!1(6P6?##DE@z$CeexDUwbM?m@sT#@0gew=zJ4^hK*57mXASjO2r-uzz}fxn~`79}3-L@XgOMPf}lu|7yhQX0h2GaOuG zlqi3gsaI`DTSmz-bKNW(t=A!OHn!wz&@vhcnRTQ^VPCSMAXoGMBa6c6Ya94Z6&&HfW&mjzp;yS%Mk*giBBgSrR|@-;o^Lu8c`asDyxQ925Wfew`RTr^6;W!Q^g# zFw|?{@Pf>=0WCgSNH&tC6e;0=_>V$BQzaml5K!S1+3$_%;#vi>_%X!tu~FM-krf(e z13rr-vq8muScaIF1QNUu3XOu4oFM$mnZB#niE-Uf`}x^gSN+vQNfVnY1k|}8-SKM* z%_)f?(Casnu{_95#y-x*LAZE-h_b-4+g?S%btKe2g=$=39{drT`(k5@j`Lvu@(BII z$+OpSljl_+_H*j2Q#4L`^k5N(a@wO&iTTUuldA}m<1CSfXi_E-gTjAT;08XqxHapn z;BRL*I#j>}e?$nS|G=4C8>8q_ zG#MoNCpmJEboRIKjcZx#9}+e;z^~+FSW-HzqD)dRIB4(46p%{C7FXdXv&<6FPNwZb z=)NnPR&%zsbuhpetSp+={i3eL#$J)iO_fXr;};X^<)pNee+BR1Zk$D%I2+&-FDV^Y z!NUK?s@@?HJx9~B#MGx0IxCrsAeY(cqoo!0^N9TG2R(z>{a7X)vE?SN#Uddo-9BMn zK4F7Z-Ql{VhLvgLuVuKFbY&OyvY_HpR-tBrfi2S*YLxtifHDnD>yV&$vL`BRGYMJnf%%-csV=bm9tDhtU${QR!k z7L#>!boLDV@fm_prCub6g*QXbsZS3l8@~K`ZsXy^L}KYlmdy@Q7Dw7`g zBej&tM|mMCuwg9b&l3=}iVPli8jnle*s{d%wRK*;Jpy!JCwJNeT37)YUeSvwNz6=i`ogjR4t;DjQvJ z*VC?bIxsS1{OGS@Zcb(3Yv*-|rT|$3_2qesDSh7mL7&gfDZdny>+rp0fQ%hwB`RXL2t4n;X3&C@?LXhhZol-qjrpf z!#NJ${X5hgm3A>*_D{xuGzJ~5*isQ1VsJBowjQe#=0mudlZO{I8|26G5m7y);^jLB zm#tvx@XTv^(Df)DHyA!?cWxj~R;iTQH-taE)zyF@87fRz4qJv;n;jvAEoc&cNf|*a zW>72Wjl<9aCch~|4iqwfLn&}KHPAo>KRGWDuur}2ps6=0M>4+^aJ@26flp=I+;K!Y zLr+nsV;;5}WKtHC&m-H@hIO@3S+S9gY#kG6ilnT69v|5ek!hNv#+A_Gbm$kjEp?Y* z9Io}La1C%kRkXl&@Xwo5P=u8%6(z`u1%P8ZCq z>A-GV)xDq>t^brzrA*6VKXE9r;dCFRsDJYM=PaiM>PzGXsik?~hut={pC@rYhejR) zv^QHSSo>z2HQkE`Vh#-F@23zB!+DtI3sCxN_>i>IA0B@GiWv932d24F$KSyGA#tDD z>7kfmZI}giK7h(TnPbWwKYCzG7oh(^i8v@kpx7(0pRa?>WIxljjRID!QiT&i#~?+^ zz8UZ!c%7O4nZZ9$xsYQpwHF|Ig=Ha}s&Qv`trUH-zKx*biVrX5r8|H3s|2-m2)A01 zV}Ap|;M27-UHrP%!?GP+sSNqQfoi7E)}=Kdwnyc>LVC@$)B8dY>WP6#9t*I=+|+QN zc{|Dw^aSeitR2#f-%z#!@mlE?PqW}Uc(0`^qWoA?p}gnJW_5?+Xx_HG;yUq`_Hm&% zyXZy(S6ZZSD230n9|_+HcIBn~`9ao>a&YzAyBdvdyL4M47YB_BzBz#Fwn%z>w8DcR z>Jyw@9KROXh-IjP&zaLt1C(tPr67!O`EI*)P;IzzP_rgM1J<~5zem{0#F3r*q)X-T z75#I(_KnjrKw*&Yg~E&E(s99>yrfT!Jkqag49T2x;mR~aAAs$hOe6*(FA;H`{|Tj{ zxmN)m^wrVizW%08lWmYOtxp&vBv4NgqN6f}>((t6b<3u>=gPj>YY*UjXz3HWHAj!; z=nYi2Eo%cU1E!(CQ;OwsnY@XR@q1BzeO0^#RT5`HsJkbFzxy+}xAJE)JNtIJ0s7 zC4m;amltZG*+PX6k}-9gC4aj=u#}9Vj{$_ZjqEcO%70O77ra4{yBCBr%|dY3J<=wJ zT3d!5d8%PE@Vn4@Y4q5L|B2o|;P;9G6U^4B`5>2FN8ZwWwvy|tz39TX;kTi;bIe{M z0v+lU;l4E7pSJl=W(wj!2ME(Z8juu&~vY79mrI2Os3GuDxw0#x2>x zFoXXL;K%AE^}!)=>=#WLB(ev~)csdM52fduWKD-CocHP%DCzTtMhqWB=le<2SxVv- z`Tdm8Sm31pD_uxK;9p8mP>7m3@Wfr4RaE*sAyO%0-)nR8ob!jC<=FwItDh&Mkwe8y zA0J?j3)dm%vB~pQ=-#a=pCD%Wk~t315C3v*js2~D(U)gb)-R-{gG94Ylbg$`CME`9 znSB{JtlcSjjp*vcXgd)9%F(`o7yBensO#Pb3_D?b_T#wDsg#wj|5#JBfn;q*#BL1i zF)`Hs%I6ZX3YE3pv;q4>`EAX@4FSBhlv}r+YjTgTnr}K?(jg+SgME_6qWZutkJNP% zPDj4rA+^}PBq9Iq25R9D%^tBhh{cj=F{fJx`cwcoS^~*7RebWh?e-0rss!fPn3Np< zft#Kb7JEK97>py)Vu=HGW1ez*Y}@bz`ME;}c$4pwmTV-cKW%$K`VwE&OgN9BNj;c7 z(vGP``o4l>UHGt2eRuTtE&xF!ns&}zGI7j1qgUZkV(`jcuw19;5B##x5CYtY*gHZ_ z@6t0>)CrYz(Cc1>z}r|5j%>dthRZ#Ilh!MfXT;hFukg(hWmu4wQED%%s+_ji?aBtN z9+0~=JSYO+)jcB8n4G6dW( zk7mwg?IP&suc(=uEPU>Ep1`fpf3a18HdFQc_nRLbv_VFWW%(k%kd}Z)M!w!aZs;!* z2F2Q@>{{3*H7XQpQ$Uf^2-jb~8OWowLaIrH?+sm)6!!eDobLuLQn2+!79~x7@yZbx z|HT~r%M$yqtOAMuW|{x*JT)`Sf0Q+7zpxn^RB!^UM{@FiDC_Cwf6Yud;rb{-scNj1 z5cBpkoOhMR>1b?fdKB5DQDxABSel%67=MKV39s#$MPThft@%Z^5>Q&S=A~iFTh?|hB%T8U<>}lxz!t>Md?7!nMnA~mRNnp@x;8Z%03Rdb*LM1hhs z7X==);$*4siJ6LezGUqN{JJWS+%9;+PL{Gy%?hq1_7?>Q0f~!ZstPDOPB6S%xMn7^ z@ZvvBrk1e3b8!o6)`U;_(+>@cVpJ=FvBFkq$gqWF!*Ci^CTsO_!aSnx@ncLFe3phP z+(5S;mSTxgw3Jfcd$cw(Ey!-D0B4BK^txecC^+E}C^FJJTj!1{;*HIZU z?-ey~o~Kn$?Gj7hA>jy#j6i|OzQhpH&c1q=F3r_vZIi2#cvW;h!b)@*Pal!&u%41*V%8Sj%@t6uqsgXqR-$^@I4h@goimf&Oa3ILG2kNn(3C)Y{0I`b626gm<{GxrTNyu7 zpHDAmJK^IkHLsN~Vqmhy`i65V;6=;E^0jXUVjEyMC2WL_?$?86Hhapsza|-t-yh`7 zjT$p3MpaG7$^e5XdEk_2k@|@?5`%@kAPFRIU9xI<1(MGEE3~_@T1|<;5qm_sZcH5f z!CQ;*pR5Zqn!$;RpGXhizxlNW=cj{?p-4eFI=dcwO9Y5^qUx z_rT93ImNe>Q(;8T(+;ocHjeHPp%ZY1uQku~i~Mwc;uWaRw#HQBKiNg2p1X^4FPxaJ zU@k9*drf1bApXl^SyPH4|3?cd^nuX_Z>K82<{X$OZv!4T)?VsH#vnh#vyOsrd;n z6!D2AKx4bG1FXk3e%Mcug1OK?ba&Nw2Gr}bVMtcub93R{eE4}qWtvwJn!_G#%ka{< z^!kMrH|xSwt)cGkm&fZ6?20lk&8WAEK)!J-7+yfn5%MO`WGGQ2NAzxOx&K*2GG*og z8nnSD1dc_m#wm`}5?7t)tH6F+mlsEV zV^%hZx+;1+`p+?-I{vrJP{T+wcC-39jw4<0ko|;@8d67wOt(HOtV5&ztqY|G3ItUL zCGc+{b4uPp;rXLdpDBQzh_^PVdM>J)uxg(tB0Y633?|W<7+~UaI`=kK(1D%B6<;p4 z!QeMj8St%k_qU?&yjVGyr_f$&JnnuVWsTm~3 z{Pd?Kt3w=5p1N!zO@pFLDz-pgK00Qm!pqSy1WnPx@yp!cGf*)lE zy^>px{cl|tp<<+twwYDm4Kpay5NEoMWJVL|=|v8+_l-&Jod#Jjl^F{Q^Q&!)v8Z=w z=f%S9Po%W8Vbr7MUf_Xh!C*sP5oWkx!Ix};&aIFPGL?yU4|8xz3{J=DwO76CN};m+ z6H$gK$9*M{U2x^R+;~g`Zp2p0o33+U>@h39xXAodNJ$58;f8Y)TVK+ydUxpedk0iX zGdv+U$(MKYxeYfYoZ@H4@ zZR80r499$>1n34=wzqd`_CjtbtHx<$^NJD5LZAgDK74A`JuG^T4WO?*SLd7A)x#$a z+95?!F65yK*!u5p2I93Qqw?5k7$#(4u<~|+RsU2qk#^IsLK!#-%LGJNL(heWJh+h` zxY4KUdf=+wLCaZhA9r5>5z%Uj7Mm?N@U2@nnIFJY>%d&_q81(6+ermK9k^$Fq=#+% ziOt*Q4D|<09FBDs1`zVrj#=-~M~hnxD~E_I1n#3mHJJlvW$M{=5tTs;`@MZxYm@i| zc@w8UDp5Xh!-;Bt*hD#yW!y42a*ZYZU^_N`~y*j`>H_s&@WDM z%p4#c$?j;_+zh11(h@6fOC{}WMTo(G$!wEX*jA~g1#^{$#n@w`rN?X{?8#o!Yln}C za@g28+B+B@nfE2;NRWpQ2?MrWk-vEWuH|_2KPRXTGIR^dyv0y9V#K0k1&AkwJZA$s zC2Y1<(CzpDumNJsy;(pvBX#?Y1e%H6PmAD4<9R#_E^Yu3} zRQ+U8R~UZJ93*5=k@f36BDp|8-i4_)cTS`#fzmNlsZ$&+=c2zrVLrPhs~{KoL!_G; zxzdn<%V!!a*HUjyK?dLNu~F?g_cRCAq&8!k<~7)>=}JkDepbNf)ojv*uUdzIsnQhv zSY5jVW$z{HDKO6XWi^+4?04RNPC&(jsHmE)8@h7~D=qLd0tX@W_Lq(wHi61Cny=;s zUWyI88h1A}qrla{`?knjGU#dJ_2gGRW$HakyP?iz&TMCg^jHABkcd`cSVs%GD#8HS;0C z{c4zCthEWXCx?$0yVI_P5xTq4mb?Lrbftp}n7{+MLM zxym8|^$5O&TU$PW)t8Bw4uf|M45cg!<4nI(V0@OE5G5+NGztZ}dp=Cg&VJg+vjADu zRA{l`CuWZT5YnEc1%64lb|)ohrO zA$v(h{-D@pq4I>Gr;k}9XG^-G98z6;Z}_}W37BcA>`LfmkX3KI{qrR$eQe~POgeO3 zC`QQ`oMD?Z{;?Cu6+lafF1k#kpD@+WAyx6AKiCZGX{>fh#8Xmo1H#e)-U|^mnlPOq zQx5A{R7tMd;R`$O^3nPTm+w>EGrD_9H;1AHFVVoaFD`(s$LhyGK`wD3LTXym&b);mJREr~0FidV*G3Y!hA+@wklrA?q9L8(EqWh3#2R7e}M8LPxx%Y-Ll zieDq+N~EC-3tg?rcPP3a1?Z0H%5R#X zr(;_T-3Yj$>FzEtlb~qWgx}ard>8n5TYn+a@A~1rRC~exAp=ZY<;SvRZ;#c7UWKSP z+_{AKVhiHF-n)q367aY7^ZX(f!;)9DHMblt%A-CExxkAk4HywqOu@~O^5)} zx>Poor=v{4;$v_!*+#2T)=VRe(U`MCMvr+b7QNE;cdYyK?*7Ew#jo%pd{Es7H+uHl zqtDdxMft=lu2@(gvYK~Yq59P(6hOGW=QaAW_cb5om|*)v(X#I#j3^#_mBm+AkGf!C z5`sm?c0E9*!p<$2ed6iC*L-h*a=d0DjM$6$Bm`(a5u)7-!8eBu8RJR(dcBdAHsn>o zFAkA(bd8DD&|JvY6v9@w*AbhnJ}d9Znl4=F@)vDT;Z*|YVCv~f-uQuilUOzR&b zn%dB}?!BW%CU?R`YYM&iG0e}uC+s*DS}q2bGX}?ysWglMf9Rbpa`tb0<;4~MVdov< zp;ZyK$tV;ldo!$htEWKldQDrm#a9|*l*}JP!A+Cw?V^%p?I{B#L0@6h6YN+Z?#tAT ziI`^o*0czrzMIau9)BOtfcxSHF$#KatA7IVVo9xC$_kXrK<5%IS@^Ug zQmLg-z)9u+^6=Tg?iyGx?c#jkeI?*mG5*G&z~Av7q68@~L~bkGeXuh2enjSMN4NgJ zfiR?!f_rtocBK^~FnAyyva4E#-MsT)C!KAAbXi!3lUwH!Ix7(vx&)d3xa`-&5q{zz zzzze)4k0S0lSD0sE`$2=6RT76HFoOX&NpelG2o2UD zd&DSIOd-OK#lT_=0$|Zpsu9S-y1dj6Vc_y|N^}{`x-UtP0%#+I#k(2dN%Liu*i_Jcl$;03uPCG=Sv+hBTbV&xpAeuPIj$a+c}3 zNowQ_;wWF-{Ji*lrj1Y7>#fAXKdrWd7ILyAZ)&P$6!>?HeV6)@cLO$Ih@s|2&_zo3 zhgIP26Z*={#4vM$C%?yPiXAe6C!e*5F0Az)&;bO`2%t)SA?ek*oaTC@D!^A>^>oGf;w(u$;8JLkj}(3{`v8JUd)(3u2`Gq@5J; zFA7pH%fGsN!XMJ5**^kgqgFOqI72|og8vlKsqH(PR^{Yd+9JTuz2?kYW_io7EsbMb zx!S-d6Aen~(yUv5#&&3jPiK{PG&6etYgZy+=H#)O)HeE*`#DP=<&JJVOAC-u^<$0o zDb*KuX&iZ;iC=i=B2rIsAsM%(K#JbOJ|l7uzTGTl{Q+XlJoO0}r6h3%=;dFwWe?>To8&Gk!A{8z@x7}|OzANL56cr2S>8P$z9}^M z9&tT=L+jEeDN%!P4n4A?)ncC)3jc4Iev^0i%-i6C52=D01j1=aTbynH{Y#T75(Etk znyfu+m-o{%Zl4ee>>3<7w`TU=EX$JPc>qn+RD}^;-LlN{Mus7ur?U{k5ncHqRGX%@ zKohpewV*Q*RdDz$?d2^Iy1GL;HL^0XB=1Q$n3@JhNebe=EBh4=Ph%x*!vtB#VS>CK zcGhXPQDj_Mu+zd|mz9Qb96;L9uS2^K0V4Cp+OlV4B-y-CIQ8RpgLCqzOV6Kk^+o}=XXE__o@q8bgKEC0Zd*Q_~y zsf&3A!Qfdyi(G*rrW8$36J3xUfgviqWYJ?yZFo)sG6uc0P{cGoISRIskf=dCU9Dr7 z;`R=(VoWl8>->PQ z<2U+Dy7eYkegw_`ckI~LNAV|P+!Apw(VF<4O(oD@AQ09|x5wxS>o82$ZmeZFZt)JJ zDRAY)k)kTcZ(~Nl<&~{bIT=1dR!b6T@&v*l*%HA-7tx*F#TLQuH#y>aCs)Ia%_I^l z5x6~j4Cq0Vp_>WvJ1xz=*o@yt4Ct$oH+#3m$0-qwnZYqaesxua2*=csAY@vIg`qa9 z8|O7vob7=IZ^_>+yBv)`9yU{BobbT zEwPX}7nVRSfkyeVr+9V(NB^Uh-UCz9NY!xYTt-nx<3e9!{DlpkP(1n6jYi30qIOcA z1gC)r14EPEgr&~}E-Tx<+H^2$H zsALw>S`hatyJ7gB%08x2kS15!&wJGSM=!{^3-!FuN3OMs81CWgZ=5KQ=eTN^B+hE& zNIno8A?5LvXdt+@U$TeW-TqRouT)FdD|H{y4wr-u zm&*=p?~_Vw7RJ>5{yVPBn}oM|oykD6uhcYhS3aH8O$C2tjh~ZPmUK>J(=lLE@Ld=@ zB^Q|6bp9Y9ASGC+E3gYYHo&xs`T-D^xys8t#Cd`(wUMfZe#vuAIVfNJfLzk}wymD! z6TY9@k=b)Af{;U~{GO8*zFO>zsKtB6Z@5WcIWM2LWQF=d1cFUc7nA`nllZJGP z908xxlS`dD#yXVdCGx+@1S+;7Hfp$?V+q>GoML0UgeKnvl)NAbP1qLq5n)?Hn*;=9 zVhNrzi36SxrI#DDBAeG>Zh5)%9@)_C!;y*n02tnDpPe9aZ<{Zdgx$e0tuXe00}V0y zt)JR;*ZqXe{0P{{iEc(I9q-5*Hx|0;?$`DR-oS9$6(3&_zQ^?J3}85y(e&s^sJ|?) zZcEr>%2Eid0RuU!Uy9O~PYGsnp;Zh+nzRr?dk677rZW|p*6_}NmE05HLRM-ax--%J z6h4{4n1klLt%PH2Q5R8!t)eXgf->>=@ARN*2lE!TLEDly`K^>sVIpCh5o74ba8?HO zAY)c!x|KJQ$ljFG308S4#6plu*cgM!uQ0CX42h~Tdtq75toOkEnd4fXzj}4M&MXfv z32W`5rr(U0n)@GD`Df~YSJvyL=Gq+Yd)b+CjcTOs6NxPzUxEt31(5KqNH$w7NH6gO zOtQ23E#GEwyf|-f3cmDsmXT6mweM4$ZH?RTf-t=f&7;Jf!BkcEDmsN=Hba6n%sYH2R0ij6nNL-D8O8!denHbfh1zni(lO!%IWi?R@ zT-}ubB1OX3@O_bpk!NLwcFmg>CHk*gBOVDiZR2=}TWLFUpCt>^qf;Shs8At{8fxE( zb@;DZjhGWo#p*hRUgLDts)FlS3JuIZ6JN6c4+%ua^Q*yIXbZg4-Rr-{sT(io5uC-{ zy&kl!o!nMO^P5Go52)(X4iAr1l@OR~`vJI$i=&}751!9h(Nshd+S0a->dGu12ij+J3!RG_I?I2PKa^oF;WH^RVEA}20grH3ta5P$QbyGy2!WPjx7#BBE_Y1`}`6C3#|`@OG~l&PwsLupsxET99YKJA7^2ln@) zwfOMi^#0ahJ*hUu)bF-2f*BX*yY|bA9_&Y0p+>Ll8&d87uE+#Az?)+qkn3#YygOIz zJE_ij6D`xQv^NK^Wg;6yZ)e8sLxtM9|4~)3XDg0L5@g&Di z9|Y)Wt-b*Jcy-)d`4Lm;x;{*H3FnVH>KwFrhk<>Ro|6i%;r|DvSMq zAP`8Dz$`Wdq(h~N>s=lH8kn!o&*EJrYd?sZw(F`i8}V7Sakeqc1f(B7E_OMv|9UTH zgsqo(9DaM?&)tST2zM0bjuZn!Krlg@S3z*)gDAZCT{trlgou~vHPFPCnV}fhScZOR zQ#AO=gZwEL*Vk0Dg>BStAM6?!#woEFNQOo#qXLg;)Lu{kEnSG1~)%2g?QojVq6vfKaB1LyM zGC!22WA% z(jO&{?Fs#WtITUiK5f@1s$mSOaQ~ z3?GA-4A(FxLXLA^12|XK#~#=iQe&Aq;q?H!XQ0PCdWQW_%}l4l6JY(Rkj}$16ZfM8 zp}Hi^ZjzLVVp%50B#K-`m)tPyu7vP5KDUIXFiH?L!xr3vTE#WOaNpNYo{3GKk|wnr zmKOHVLo)7wT2IdiUpl1nOzj#t(2*;N&6);uTkKzthBw*^;hf(NJ7Y`Hx`Eb!&B)Ir z7TVT#Y1EYp#DCdWOtQ^Nkc1gtWVaZWGeqtQX3~JmwJ|f&pG{hip)6uaCUeXgc}C-W z`l9@1HI3L+slirU-ftfNey70=g29PaU4s_KUdUjxrcQDt^)6QgBF&z$P{B7$jH?ij zkdmP7l-kz(pK&c+%et1hcENb9;gv25OpHt{;1AAHW(vvM5xWyL-==!JC#15ii{|1l z5ef-682aG z`eZ=8JP-^n7atynHpRn(mFp+>MLrhbzK8u2(7m-0w;% z=t_9v4tn1z7dmrUr)B(lz~Yg#G1Bjc$Q^0xU4nJf&H*hAuXoj`iY$|xYE{YXe_EIi z;3&o~y1K=PbEL3zj9s=3zql@|-?~Y6xA;M4k7_Lgb9!c4)LS$4IQ?rJv$A6>c6 zO8(~+2-Vu0*WKd|i{i0wmTSX1*TlUc-7qH+lSH3qF4s!UwGhYNe+k}@R+BKfBqQPr z2Zw8Gfx>Y&Q5&`g*zT?cP83?9jsAm4ln z=NxnnCH{NPwHRq?uHG|d-~Z2?LoeM6<*oAaoIySNI!Er@b@R$+Sok0T|M;bU!8d-6 zyTxmNM<0y(f3blXIIAqxUBlYyDPm7Df@aC{bKmyuVKZ;wxMOoH*7p0g#Oe1jc`Snhn{t@)}xPfiqf)u zAy{mdbWGSDp`Qd#M~G|@!n?Z$9|@caJw5q8)+Z z{Qdi)*V(c_KMY=v4k&43ay_#h)bCU;=4tUl32&k)K^>TeWkK*{Dp;r;aXI5#uhnGA zAEhj+DJVX>af3xuE`?Ho#AM5omI;d*$xh%qepJr*`>v7(4eG|OD7(@5@KK0fSen(f zu|iPp*xxyN8EHXd@x&u$y<_eR95m$g3cqGR+KxIhSp00#AgPps1g+OvnExvbS%KS8 z1%s-qIjjAcIth=2+Hr?MX}t=|sE;e%`#dz_}1vbbk7HW#}m$Hy4h>HX|Nj z@8p1(!BW{Be1g_e&CigJ8UCu(<|)T3JIb%81Xt|E>9t(%aGy69jBV*sG}Y9~hq-o)rV``B<5QEslq(T8IdocGkn)Oe7DC&4JlbQqM`zWwkJW4|`e{BzWi0JH@h?(SFM<%9V$EB6wVBYv*B;)QdeI@tqy7{3T?owKQB2J$% zG|X>R)_PS^D#)aM4n-`OuE@->b#W|uI(Ac}_aCmqZr$2LHlW9Gdi9C{=ON0A1UfxX zhk|XBZGoDa7Fe#(`VfyU&+s0VH?^nFl zML}R=5B0TiY>8TUQU2u4pZAhR&4!4$Os`!E4)^FQl|8S=Hs5DE>x=+QWg-i6} zU#9bH+-pxyv={~kT?&zY(uV_+wBM&dTLOZJ6G9PX`sID02B9G)g%pqiuge&po~6S3y>`A`Wt3zEQN(gq`uakRnA76jS=|G?BU z1u~8sa$!m&x)OWDQI7*@du6j}nfvra-7Hz1u|)5tGnGtPdo)OG7ik+e9kY z2gwd^vyf*&b~ScYjQ`y>h}lkF#D*${7)v5dNDE3TED2QT2N3`N43?wBOo3ikEXtC& zZ&;ENibWA|ig+A{5N~`#Ah;xFp(FW_NYuYABw>rJNhf=g zbPkSNS=(unJc&8N*51fRN{;krI{)={??)FWx~7+dCBuHiaa*((sHaSiD|$sC?DzY3 z15ekSeA!1RKK4RLdWz5!v&aM|_C`ypI{6SmvCFCmWfA5DsdmeSES4-OVx6MklmKRP zeD(VbmSI!Ev}EaBZunGsE$VnFoSg075MCW_cljt_AHLrrM|^K3B7wuj5R|F@!f?4a z!i#nglKjR@a71hRcZ6zp2mYEz{lDF0mpf=dlE;_`NzhElF>tIkj_5;z%^byrsDeEK z;Sm?HIqk5z*6SmL?v7e?WAcJt(75aPR~wL{mTUMt#!iYwlSM@G&=&47W zGs=b~|00NhMIgnV5(9oEJXVF`0{Vn~=F)<%CwC=4f}aN)OOQ7}awgj^8Als3bqLO8 zK}qK;iW(ab9_uq`ohDDudp0hHM?`jpIER-U5lq60`dk($zmGdYjVA?>q`pJ=9XlfH zP5Z~fztx2mErD;>2#bBY>r>F$a#bsb!)X-dfer>82Odk5O47kS@EFo1xSy5N zK85>V|F*<_#v&CdT|caC0@uZiPBZ@yeze?o1cB1d$(7$qa84uGI4QY2z4xbP(xE0=`r*Apv2+Cjy zJ{}PA8blSTgxl~*J7SWJH5??SEgHKa`kvObq5eF6NA7zBBdb9>^&H=JR zOb-ykPpqVL3n#Q#)FH9WNU1-39lxp2rRPWCRZ1nUi8I zB^Hde4YU??m$`8B92C^oHu8}f(~)S&)%otzeTxaraxmVcLs!2x*z?zOy1~2H{ExoJ z#EH@1kFVzq@Yb@+j{CQD7(6Oq5=a>Wi?BMXC0EQ5M@xd(-J-*~3wwB? zO~NnjkiKO*lO@aCnQiMjbCz{ggqzza*@(>UG!o7}F%;e!v#~mXuTW1LjE0(?Ksrw( zr~*Wbh=WJ~?1#gHu)OWL)A{l>Oe}D_$E(;YM+9)Qz0-XYKN5Sh^>Y2Ht6!AhfFtpg-S&#^IG(}5hdpoi2W-CO!h1_@D*sioJ;?>aYugE z(`Yg;Ym!~UYNmEU7k`4|jfk7jHgefg7*L)|ajgm~r9dNUC_yY=04k!}Oy8hZmLl6z zTJ|`2SR8GkyTM600m` zE^^)sP!9b!ryM#tLH5=7#7-FFW6U2Km;U0982`HC%|zNSKq4Qe86*M(r-cgu-U$pEFiQ)y-DYjS(wi32z1*nLAExo7H<5&k;CS`HA zPi%bnvCXHWLzb^QR)+60*YJaWXmjdRaJQCEOT5^2MaO_~A0{gbd*Odm&zE*+#gvyoB@>u$YDl$?9mwH~_87uysM&Nwlp}jjdLDxYX zDbm`xO>9WXJ?sUlqSnnDfG(gQvtt(vQSOM4ZfjBqBXcD0&U7RYhEw9Z0dKum7T0|N zqut$}UpR-SsGA817l0S{*?=|vw2rcB^H~eLm-G?^hujq%6GTVILeKdy(%nvexY=Mb%9wl?Er8oPCR? z%?yNAiC0`Qt-o1#E-La5!Z1Y7r20ptU2rJBi^>s(>d9}b`&YHkFi?yo1)yer+KeYe z=IC~cJ_vjxXHE*4eHqj$&q@qZ^S(PL6)osI@I+K#2Eur-t&;MKAjK&)z~g;{i2>~` zpGjE;VjnCfQu?&Z6kq)j+XILGgCc#*UGa;6aE~0R602xrUU@F+L*=1sW^a2#*4GWg zILS>hfCGMNy?y7|f@PKr5gej>(f<*?Wk?OLU_vhD0-@Y=K4<699k%?y71%n-26$}} zrm-zJXSzMF;Dks*DjaaGq$HD{zuN6Tj>cLJ20M#_m9Z>*5+!VclZ{?IfG7;zLtLpM2Ps{ET!W6t>nV*GP^qE@ zqft!TV5&WduxFkq*)%qJUMV)pYuD178-=ad>D%MxJIO7TRySv1hkc?6KaF`Z@Vke2 z1AQv>7>4F0u3CwwX=FY*{a55)v;hY^e#_Qcd2PetK?ZZBO5QkK_ONWAw)L8mfMT z3)UtwNU^jF1)IG*IQuVE7DnxKtpcvT`JB=A%-UW3-;+WzpRse%gXPJ=Bk-oX?6qXr z-`9}O_OpR(M2TYL2{pFliP2{e154SMYq;5Sf-mvb1MdPKLz=(hH1Pr5hh0Tt33xj* zf1fJ2aZ=XiV~<)JbmEn>uI=R4f{}Pf)<;Jh-6^-ttONWi|1GK^YOVfZbt~kwQdoJO zoR4EsEH}Hr@lbg(h+?yyPWRB&vzD7e-|bJWIUd_NWxfZc{QE6W?^~KIL;Mza``)#$ z>guex?#h|N!G#$=6YDLcorarj4V^28cl@*<+UCXSEVhjdfG6oeQd$w_VcJ%JGaRW# ztVYnvu7F2~nSkfthE?4Zn;Rk7c%l@Gl|ir@xOT(JaJw6wUQ4^OBRA;Lg1lAa6t8}h z-ddi865>&+i+Q!Q4d@{!%~!{=GhXAslsK;>NKr~ooD0$A{6<^jIVs)33rVjdOSVTDQ!l`H=#rXze!D1uO^J$XcT5?)GKC`oaFO%L*{XhmW zY=-GbVWito(XbGf#|zW&1qGwRV#|FD*3vrXqk7Q!|+s57~DH#`1q zuO|3Mg9x+z&9*q5g@1i$204DSa!*pHX}zZ{ zE-6|DA;Qzib44W9WPE&kvmzR={XwVgY2-B)jg~chpduQ33gj^!P~6(_9xwqc+{p0+ zIImj?j9jq05QW3*^V6LYk;BUwga|$yyP@dS?C@i2=)!=(>B=!w(J0DT`Y#ncHxRyu zdyx&dOnko43HMFfVu8lTcKGDKn`C2QHbTsfne3M?IaIg>u%OSS{Zp;zhM| zHE3r{$DQ5BTBl+?gub?uQu3Z^6u!*&MG%zKM@Og!YAsz2qyVm{%Rp}VTG~vgfrZ4L zp?uXVMQx)XL0)4M=_J&e;O^e__&(k!&*srv-kO9Z=A*XpdzmQx{Rxk1vV}tI5 zQ*~kgVTP0y10}N4#t=h6D{;fRl18A2Ud}I@4w+=-Qf+?p(1!dKD|@NeRhNU=c^>-k zu(WYpSeSJh+x+Zio^3sfGCedvb5M6C9?>LYXrH{~C}@~1Yz0s#rZ7x>W+T>R()Vb! zt>V6O`|{qjW_i|KJ{{!u^HxI(jt^BCGN{C!6Twx6HFUsHu<%&1Rx8*r0nLn$j=%_4 z@00AgkTwE8?A>Ilb2%wPFg+E)(HV{L3Y8L2-U?Hk_|b~gWZU{%<(Aid0Bdz}CrZXZ znVe86m{?HOxmeNT!Sj5Wx^7_Pbc}hy$-*jI%aiL}(*KQ>iTgWit~cNWjJZEv+(QTG%&RGe`Y%PL=wgsUM zO4!@x%ikH#>WrS+-75SVlmCW@0E9eAC%V){#=FKayVh>03(_n>$V+_c-LNZ4zS# zH)0sh!Tq&9b0@ki68N(l_4R<};XM?LsfrjX$_}JTj=1C?(uia6VdVBV24?8$QtFj1 zzhOGes%jC5MvB!;-X)@x?S^EoTha>yYihmSc1DWnz7zc3xCNgYLmfa93 zNZA<&P#ijLf{pk>#6}LL@&x;S3w$zi$H2)0KQX5?(Yf{-H-ITShWbb0nA*@E;mN&2uIJ@#<~w?Z7PNs?v}HAokYil ztHvP44uNXwHwO^-wy(yv^osF)do#J-C&@xeyTbEhuda%-o!;N>9*%^lCwiPp0sSpj zwX_uRHpKkUcmsg%9lMR~-PqWzV&^#DB-#I_Q5PI4(+(o5;$a<6 z#LskdVa0b|$T;DVoA#!y{e18=}j2OEqsYa~xX;ocx z@v=SkYB2*^gV6wK?i`|Q<5URW^m6F`Rw@Jf%So5_^TRcqS=fiz1LLSnlYBZjV^J21 zoFoBHNrA&{>F}BCl$$rwf0hrxw{iWMlXnPD0e>%VR?_v?*YM3&4(X`Lm>5~+_-aMN z;vrCjwQrjZ|2Q~hRg?-pP6Ccdp2^SGgS%G&hm83>oM_(6dk1Mf*iMl?t9Gu`*)=> z8zfu7A0tVe++0(+=~KA`YWB@7K#v(^6T}sn>=?d0GB2m&3F4TJaX26EV4-LK*gyhr zOlHg_$({;F=BYUz>8yX2)kP09?BveXotnH5o;B>0ewzakRqBsMt>x5OY{B0bXm%$l z3F~&hDvZqK;EN+eJp6}7#yr>}jbB`yr5W*@hHWtWPgB>NT=kuu3nNC*8K+;XT+#dC z!7P+__~M+%4`;&KLQ$FbyGRNBSK$Khyn{sV?0PPa(xl|V)L-GiE7CDR-d1MzXk^=#gE?p`P^-BQk5fhP?~=U-#Z@c zq&*WXYQU)cugMdqv*1OVAui1W7xl#{IDvGSnlpY6I>MiSK@xY;St#-J?9{neTlU!!e=vGZlzbBNuePk1p_~ zOfX|hPg|tbqt!*bj8}PAP$JPY{OF4OC0-MDN=dMNR|OIap42J-NQz9D>bRmA*!@p5 zVsCK&TKV(&gs5Hk?pldnzzcgv@#FV9Fl$6hLzRk~@Wb8Ku9Az%efuP~4|KV``)Jsi z&6^h~a&*0tFS{s~*K)dCD$!*c+N|8+e0*{-0xT6hmak*`AWp^}4pOblbMK_RTl6U; zHJ6Ndc}SeFPnO`&nd#fZR*MJAuG|#G_ao>DPrZ1&12yFlc71t%dN_Q;Ax{_DXC}^M zhyPO-^jkD`HdE@+nMqKVyxy(yfns~BSlEbTuZ^v13W4gQ?9yK;kUPdn{8{EvDlsH4 zOE$tO{SJmVd(l@3!vaFr6oU0%J@c$W5g}{a!K|z$%K{^X432b5sL+dAlvR(G5Xk9(TrJCm?w*)?af!HY&YID zfsr5lCr#%Mv@bE<=GM-`l`E2nu2R0+A=2HWwa$l7dCdWOP1$-sd`ECUCTXr(P+eO=OAO^e)Q5Iz`)m=`#w^ zAs);WV#U%N3Qo7?ck#RfH(K^It4v%0D>pPBzpi`JZ={g3N-3jVFoN9ZsPyV#daWJ( z4+9b1LOMaj0|oJH2TB9>BXyAZrze z`$A9@CI(B>{@xGxrh52RS#EE`!XV629irQxzhHaom!N7Cby&v6(@x)fBnum)Y{m zy3tF9U{)+$oA7>%N55i;fr`VWg~KY4_=}^`1{+&U>;gUzII8MSlthLN{3Wv&vntj` znWYui0t)0Qs|M2sH!IQ{`=ooRx;+d$WE6Bvk+501J z^{uPn#)Ks8H34j1TA=BgfG~sI ziDy=b`;a4HdKqR6RXM3iiOndCAZs&_2qrWNqTskaON%x>5_+CMizPFX7vNFbtCy`p zfGI_N8RjY^M-!a42PIA0yrD!T_%nba_wh+pDFz6k2)F|&HwK_toHj4D)*5e{d2_27 zu$ryy;w|A_J{Y5JsZPHyO=>7N?rc@Wig8(fY#|-EabFs2|qz>u8KdPbQ(KHF+K zw)BCKTfR~$lb!1a)3ieLRlZVgNSDuLH1#6nNk4~$Im+YQef8R63;Ps|V*it(g`mOq zh|zKZ0(Q2Ks&qWxlTF=U-en>Od{nF`(S5503t!t%Rv=8izWTerRxqz#I2XE4>?lx* z$`~nnP1op(-_2BFX_d^eyF+|?I|%q-eX*@YLmu`~>G2@&Uw&ddrve&CHjnPAt3 z=x!;VXGktcp~n={Z6?JH?C*y$aQdtaGruEA2C1@Z5F#%cieQ7Y?aRXdm=h^P!}Rlk z{-YozVILeW`lyM>5GES5YDBJ+&ZdCmASEn=w-1V!mB#8kkSHO35JWDywPI@;B8SOi z6^>nlGNij;agM}qL`7Qv%uR%9Q0FYz(RPXXLx3agN8!&t- z{D3$&MBq^$rgGVTkQ9=^b66rm&O^D4X7wqvr-HAe0#o5)TJGIdZe`Q>e%(ETpwfic zDT->N%x5#QV)Av_ad(2dy99R#AvgqgcbDMq?(VJug1cLAcYQng z&OKGPUfp{4JpN*@HPbWGGt>Q>?p{6o{uK4kVhJH@r;q1Fm(acCP9E~qGtrX~>iIG8 zp*6GNX2vm?Y3K}Y4AC47ER?OSz4M_KLEl4%>8=_W2)>4zFl0!a&=^0(J`;D3xul~>hX zr43Eap`X0JEH(F`D_+V5k9$@|4{hE(A9A8v+Vd@syK*&SUomxIX0a1tAKW*E2q%?) z>1~p62w}xkPp#6dg{Ex}%DFCJEf@SszX?f&gI!hk-)54snv6HI`$D2p5xv214#PiK zD)q9`XIA0p_5Ex^*PIuGnhxFgP@F@+8^!*G&Bqa9FQ+?!l@8eLgb_a>l5+>?Z5yBnOT}DHuSnna#V1%Dhy?L zi7MD+G>>gK6*zfU`@{(P(UH!R4vRR6vmC?rtGLmf&JiPeMw>Q={ zid_7pxgGtH<{ttq1=}EYb4vMDDTY%3!6lgY;i!$}pU?UG^3)iQ_@voCg{^!rB+ARk zF;a}sM%K@}H&L{GS$^idVK|>Si<^baZMCfG;lK{(^#w? zpiFxwONNPgpzpC$~jsrCV?5K%MF3AK`WTm z?8JW52LC)nAlluoR{;e@A#jRKY06vdlJNG*uk*l;i%Bf08~({oESHDEG!wS4J)ax3~kC!k`oAn>4~Hga%@M9PQ60* zm+ui?P_0v+s}{GGhVjfo1;j9|%({r>UakbwiTLd(Ley}K)glk+#R4B-mp;#|i3F+? z&?dw;))?IZopwr4j%>@!8qqg#sYRIc88GJz@VKY!f^+nXFMzu%4= zevak7p}PNURmc8E2KnS+U7dyXyM=mg93@HVaslLzWHW=b4dm5EcXAzp+X^qebN0Z8 zb5`{%y~g2V^Sw3w*&Xq(mZw8SbS4l}n8_H6#aYg7MR2Bu*c?n?PZd?+=x0grbIRcz zzm8I?4i3Ci%!=v8uST*wzxdBlPd}ZkMtV6;D=jol2|r9@R#>=+>pTw5p)9V6-tpCY z%gR@O)sXsncr35TP8eI#scq3_DG6C%IHpTs41+}pA7FGZfF2l>Sm>x7E$$ds$@_H{ zq4U+qJE0T>YitE;=ho;TdIfY#fGbe4+q@_2j>o;&w5}NVDb|qqQTux^?PPSR$>-Fg z;0;yQbOjN8N?hY`UG8*+gF}8F8oaYGy~g|8hD3(~YN8U+@H6bF?IIKOiL*-lu*!z6 zC3vHIqfyZCkj30b!i3?|v&D}|wW#KZ$w7C`7MWIfl~@YS%Vbm$HHy-IhL3uG_%$y0I z8Zqtm#b>2eeR;@;M#hB7VJ6%76G9B`R?sYvCT^?9Xo()AT>J)xLgrCZ4Skv!v}0;PKip;ovM`907`j~dsT5&?%Svbw-94~Jh|adbxl$zXRn$j zd&(ikUQx@8hO?`-PArg(YVv1mxtGl_VJ$jyi90%leU3%B>QO>a7R2aw7S*$1%f)E7 ze!&&}Ww1V|O)wvKs_cUsMYB-|Rr6RX@!Qd)5}seXzeQ5`uX%n!%)z6MPQvUuuUmRi zTjxr*u7p?qXgR-9OBw_V`IVYm6JBSqKO zLgty0%(K-zefP?{(zan-)_C;ZvHk;3i$?ovaG(o1bgqZq0Hm+0nI-IxIYM6My ztT=&4`^1_pl?{kV}sZUXml-u z602N;!p+w96V*HPnl(oLR&+edlGevS4gU;UYJ!4hz2sEIjb76bRzbfobtS{{23qxj`L5SpF$GAY-(wvdo`@ zLmR&&r>-zBxU9Pjak*LbN!prd}vs0eeDz7=V7xi3$CCce@ms z7$-g~6;P@rrF z2ZJ3-ZI>HDtu_c$AxWK}y!lsw#@A#yY{klyGF^t-fFb#+~AIyB=pGn|+zsPO&{ zpw)Hj*=nJP|8M|^=|b9sUWqnKQk9za8whjK+EkT$b({-xQSEf09U%I0@<_9A@$dtb z%ZIC{;5n9om>PkG%dOOW>(gjer-D)6hG=Xvobjn;rhp6bacc4~+kg@LbVA6jPG|Xx zI1c`yw42qm%I&E5P5iTs!LI?JG&pX^?+ily zBbHFn9&+SSr@CfB+?hzm7`z#%T2qzFGb{cbz!dAiHj@#%>euW_eyGcPJX@G& zir8m}*}c5-FaA|IjG-I}e!8~n(xmy8M3vP7$jX&wfnSk=Y;ibnElOv$!0uXcFLF0; zUix)UB-M!0VkUCe>59pZnMc}Z5rmLqr^Yro*FG2f2gMBfO0sXU6PkR2IR1pCHXU{) zg@xGt$%$!9Jzads7-I5FjhRL)P-wvS@01m;``MEuKvMmX^8Sg1`L_Ru7Yyuki?o=q zs-(15of9l8t{%WLDf@UGH6^@4k5ENEnA#n2TT>JjA6g!oNez!VJKa*TL%PcbB|>r~ zjKECbbI1en1WMWc>QU)ZKZE%cVAB=U*)(9GA99KLqS*`orI<-6&x1H02$A)ik_I)1S z=o_}^$>&f~hB%mm&{e-T=RxbY^(Bt1`-a*?qLw4YbqkJ)P&Th#~>%M8$#C?w? z@XHi}NDl&&$egPuT+)~iCtPdEf6lj4$Yi1}&Vnel+ACT;5jT%}8Hdv`4N(-fB#HAY zF}Gdr?zgW7Wib;Bo}!j!Gxn;tUDH+$w3?48NUr3+OQ(BUWzrpd-pyBi*$gBAmw!qT*d#!I(t}qxl z@?So}$QhMgL=XB7FM-|09e=9x(vB8;z@NGoX{PVPGO1S?RKuG6ij!e=YHck>W0`}+ zsNb=hjQRZbLM7m}YbCRQhX+Z*o|pH4)I6bFqxq0e>dyLdlC^9?~aMBy3o{bj!ZPI=8>84AmX3MZZALP*N`4_CK0O5R5I(~1y*ftl!`p~p|(;9Z=_e37s}IB&?bfqVT5g&bO2GH` zg=au>tIxRmElds`+1Uzbl57@~e=4)YmPfe4knSW*UT~d5(rR{b%f#ZZXwP2Z(X8&5 zzyRUHty_pN6aUWH_=74#YKf1&3li~Vr3WoTCm6p>!#dGzK8~?ZQf$IMYq87n{T(eO zlhRIw=#ysVOX6g{a3|wb_nQpwI(d}ueXUmOz!1rgjq=a*r(M7pE##R0S(ZO$K32>l z=PWi08tCW1p-WI~?LH3LXG^1}K`zKY_s7$6b_3Kuj_7eqBh(;D3z4yf&Jv1cnMeLe zFWuL*jYi`sWsgnk#g%q~AUoZKj<)8g0u83j9|pAZ{pQdc;Z@Am)*m(x+nf^Lu0Xg`MNy54(d(8AE7P z+n=&L&BjRYL{fj!u!fm4R?PQBVAPUx8C5=LbTaKyK3J2SQ0}?6?3wk~Ggv-l;IUMo z{{FjYu|A4RM)el6ziVK<|FMd#%0UtjbFD3`eL*x`b`Ej^;f89;X$9P-NvQZtF035& zRRgf60Pa(!{(c;%rr)R$SCLLKHk3aT-+;&!RS;ZCMNby>*OLn#a*3ZwQQ8S~9RgG%iEv4w;N`_bqHWnO&Ps z4a6@WbqWqp8II8w0biro=upZCY(Xi3+Y<1EE+(tWE5HK2ZnF#eR<=W^)=cizg5>j% z(X}4#t=b!72np%m~GD zi>RXb1<0gq^RPW^!|2MH`rQfb10=FghWAlGd4cHVte{!;ER5N-PV=xNk~|j2I_N%D zMd00RY-{H{3GZ64ws)IKk9ACphUYCPBp3-C(;Z{dJ}A_pB7an<#VH!CC|sb2;2f_j zb@gRD4ZO$}E%T%(7@prG7qIN%1#TQqKR|RgSV8(=Xry~^hJ zjZmYb7AoaefT&dy%0I`<_`GBU?}9Q8z`pwTeu_p+^($fhk|@${9*RRt#2Nvv{o!@s zVu-J*gf5wK(8y@jl91Z~?fsTf8v-rED`m@=y~gcNZ-QYuP_`?vCApy&_o1LA(b`EZ zzz?}wBP183ZoV%ri%ka;MNSUiM0NdMj=?w=P!+h>cqECj8v}=5)_GWeAKbH6&NAOp zD{#QbBXjn7O4??9WjRGPDqE33dOu8L@eQ!3%^P#K1pMiL!LI_uf%-T>BiT4Py;E}7 zPe2si>SU-tai-Rw09N)TYIIv7<>GL{p(2={R8CpvYAcglTP`V#b!#lNKnL!O7Q=%yR3s^Oa1L&;_bR&vp-yD1w|IGfEPmKz{)=GyC?a0Pm z#))_(`iW4BdIEgfb|W}d#uX$(tDLhb`;!7Sx=l!vJ>?x^Oo9Vw5y z$Pw|X_Y+ab`N5Q*bN87Qza;p~ho*NP*3=tmp@d}KNzC)4?x~CwO?nRJq_IA2ANFB@ zf=gd#`33Lx%wZ?b)*&Ci=_iH3AMjH4XU+4u4^&fxvK7QXMUU2eH^Pj` zQd84{t;2gC2YjD;f;K1cPF;;4c^?owxhDmk$4eF^l{i%f@jfb6Bdj#tI|aZvd&}vu zg+m7A!AwIVw!-z&!NviQKfu`_g)>SX`S$dxV=B;u9jV3eqzYR*KNe0P%Eg}26`@Wp zpoGf;4Zc~Yq<1FoJ<|sP3MfCXaqVTWAKd{}k^XkqssV9y-^8uI1oiWH7;fpf#IM+9 z3Qs@?dwkUA<_8hvt+GWJzcn$d8V9Mg3FiLg3#tAs+&bYZ-Jw*Aslmi9)B)Jvu~95R zC48y*wykxGF#c=oRuw;_wr;=--pHzB@+_1b>*1CRcVnXlhqzeCq78#dLeW!zuse{Z zu>M@VY>>qOU??HJjSZ7OJ4XLHC_U#yat!kJLYvigm>as1`I*Z{onKZ6NjexoDcOH& z27bp?p;zB1%d|%=wg6U5g}Q0=kB8i&?t&x!9?M23x?UHyF3-}-z+H}T*#&T#i3RJ9 zDyxN9$@#U9R!LS5?dX4i0|w%T#?RgWY|8{eyuU}^7`|Wg!!<44Yl6aq;20!}4)zYu z!G3OzIg6|O7)(xR@&jsPUXZ1isuG0@6P2na{WfXSvf@ciHe>OxAdVW1H6coKH-cmo z0@=s@On&GiPL6mKMc6&rOPP#JkA^yWpQ8I=S4&h0*;K~^zwaTmHs$6gSa08q_LGaP zKs&&JNX9>E;iY-7EX8H71>yQvP=Scv{1MKRJ-oQ^_`LYT?$MK0LYCNP`}pe$E;&E$ zlh{__FIy*FiVLPav8OYbU#X)_RNIBWN~a2LRWHjk`RskwirilPJKlN?anT{QH1HCD zFsgJnHlcg&B#0F0DTo8$u`L-%OYKeC{Q|HBM(^c&Uw9y!<9g+MC2146i8gUlGk%`C zf_;J1QUuk#qJ`e0w}l5Fi)Ix?2<53|-YTfwfbZSK$$X2&nz`=zai-ur|EIM>4@RM%09BUI~;)k4|rV2j@{$q{+UbmBK|KZWa1B8 z=^)B$1qpTv)KXRN!~M9XGj?&tNHD9-vwd6iWzR>817o+KEG2tXY9HJ8+Q3o^Ss^!{ zgBUUL;u0GSBZO#?*t(>(m2+EnLkmUd5|BdwK)tYrG+m(XaZ5tlz%_7m|JR>r@`Md+fXgJN@%+ zy!x%mFgtDy1DlNs^*W!A*IMZS=SKm=1}|RyOZksqm*x@j>)j4pVj=~{$c~IJ^a+Z| zPNFPvRRm^n1Lh*8urf0En7MQyQw273;B-f8BTDF6VRehXRFXK!lZR@zF_)+n8~h}z z9p4vN`glzh_WBU)LL>wuv#wpfsaFK=aJ{o}Gr4E3mdEtye4ijqhgf9YV{pUnVOipZ z{8Amc_Jq-+u?^Rc9v6a^dZ9}h7Q0rJJ@KMs>}X=4RPHU_wX5vQF2rXqoDJMvY%-v< zC5{n2Uw+ahcW68#8P}h@b@byQp$c95ADe;r(2J8mTr)ocDMu5)FH9?N ziQ(_LQIV?Qyfbaf9m6DxPdV!RP-s3QsKJrW$j_rqpXRR$UeQ}PM~bpWxH*(n+(xj5 zff-24!_?ZQ${Ng3DTGGQlyRvnI-KVX%#d??aRXH1FQek$NbSB@$y{}n()Y3qf6Q8L;R`;yt~@F2aAGOyqfWN$_*?!?^VSTgOXs!_l+q3q~9+#s3l}|_! zl9de1h41w4?`CP?Y<>tjIYl*?b`#h}Sckwgy@CHpBq1qKl>wx!kQt-;ARTGj*gvyQaKB@v zKhVtXyuM+d`Rk@?)o4r1s6b}H6B%{Zj(df)!?~82vOjQKmfIDPHe_C;EX&3&(V)O$ zAp>ZP$5?z#+R=IghW!FId2oKddcX5rF&`oOP8tQgtmXJjkRW*buCw`M+y1GDGXB?v zUoD+I4L)p)epH6SK9i(>Y#L%<;*`UM<3YF=vj8J!H}4BF!WaBc2pYsyisaav4s;CM zEsq2sFLHO%(i6YqQu!sV8%hC`exYL(t< zQQ%dOYht2{d8`eCzWq!XH5F`EpsgDuG>{*>Ko3%%OnGcWVX$ENhQ`S|Y-PXc>rLF; z$hvUbz{S2Rcmst`qD$8plfSAsA#R>r|GwpMxVWpWpeAxgil?D@7n@23gc(ZFe7UqZa=Cb0d&Ww9trI-y4zY^C@?3^d+2RM&apf-wnca>1 z>2=2IWNq{YBmo7I{bOj|Z4^FEvL7?F0`fS*1f`Y)BE{R+98O3Pm(b0Mee0iKXVQDW z*yD49ZWfEC!|m%6BlG*gpszoYycZ;OK7Uz&21Ot4EUG|^Agy&GbaY+Zic&y{&U=K` zjj+yQJ!){5=`vajM;1!v^bIyWxV);=Qa8}WPDO4r(^nv#x^{FF<|iK35I$U_<<+%F zE&0V%?MP)yw{$2N~82p(A@wdymb@<;5MxFaw%g0}vOm^+=^SDu&ne z)6EjJYewA<7{p=JM5pMxKRAdHKv`NLaDoo;STzfh86TL z*M<{OR^R_XPY_#SpEjQLG|W}I4nqoC^kk++FrUa@f=@33NM86;?`w3IF(;j zivXI$GJ>>*nN~-3k_co&;@xS-Z>ED|g9PEz z|H7jn(Fvep76lBz{WnDYKRsI0T5eM(m*!Ag_3b1}$6sVCpn_x;_R8D&A>|OE(3RyO zkr~uN1x{r$Y@-KnD^8fd2+urz)4V z;Wvusy(Y0pu6P((6xn-v{((J!Rzb0e5p6q+$Xr!mksq0xQDaGffJGE5kNRCW^9}a& z#}ka$XKtHpQ7QX9(%u>;0_J4ZjotO$9mvbyI_i|hm39ijb}q6xp8PcUI#PS~RuAQX z3kzgwfflb-Fz12ovkrA~O(_vq0BMIULryW~hJsbVV12=osUU1#|Gq;gMj$~eY+Y?! zd>^FBEOy|Q@6M2d0E|CGChB!zH1ZHQAe1;ZGHTCZj~*>ZlUym-@D)tR(icOFRKAT= zwBueG8xSsbKLp{Y=`;970z16#0LvXTUhtB`W?pI}dQ^L=;9JT)f2;K1#@S;gzynxv zT3C{q6eszanMn~4*X2r*C6G+A`=Lect4?lQNbQ(l$p*S!h#49JP~Jfdsr-Xml;_h- zY#0>iV~S_y*6UP1lkYu`sosb|IRv50O=A)sVoq(Uix|D&S=C+niWr z8Q+ECGadp+7{5#X^n}P)3Ki~)2huoe1N+ax-E{KugDB6~o^Vd<&uUXQz)m!}r`jyZ z(n&?!e(>1hD=D4lt8Jk8Q@5l8_rhsLJb%!=MKRXemR>ii3DSKPBX8!gwPZ0qC^UA@$iN+xBFalD*y+BG0le z#@5}7tOo@iMf3wjBa|{S3{==-u&$2}vkMa4-%-VzmSC37VT2u9(tvviskx$ChhPH} zxM=ysiEBrW1kk@e6&|WE#dcp=S(b4!{|q<~qO`X7bVS}M7S1V4Uw-J45y=^RC*GtA zTeFJde`t4SV~hP3p*WHRRN3}Eb`8!jR^h&PGc7|LtfhEoL4(7PkHLsYt^Hvi#;%}9 zFxF>(t(w|-6mC@tP%;vP?Q7j%J(>M|nWiHXU*V%qg(Uo>R=8%=WwfM?t#9pa90V5f z7W-A$#CZOr6rjXQ^9rBE8px}-uK&D4^K zy4s?7NWWbsT)h^-)M5qBU(;MO_|*8M7gMpS(y75Vr2~1!$-gfkpH;6w;YjAldAx?+ zPHrMr^A1Y`R>g1VXwIS7(t5hMGB72G`pJizWOQn55+_VoOiOX2NXL;!Xdz~(dT%Ph zR%YY~H`F;Yp|Z*lt!+oeNMxajdxHB)nQ^!d(7r(+FB+LRG}OjBeli-;E-J)htf8R? zr`0+T?ko${1jhH&S-kNUV>wIU6~M2>THVeURf~0j(eyD|Im9%%@~zmkE3VjE`lS zG$=52qAdc~hffR4n#W?r;K{!!{icIkp<3TYz6RnS3m|kl=JL$=-e(iS|2Z-u87X6D z6b<+65&Hc}RvxUBa4$V0jzYa=34Ru0cWO|Qh<~nvVTKNR+XMsrn-;Q^6%HD5yx@m9 z7JVDkUsqlQ8lkDzK}o7w0Zfjx3VH+yg*L??eeW*=-Z~>Q-Qdu>A5SlGw(R)$FkzTK z(@6gL`YY9oMzEhJ3xBr6$wHIXNL>TRf`M=?35Z_~TlBh5&;J_IwC)tYdtHYIPK8;=pDLQ{t9a@kQ*;b%WcoAl2Mc{JexMSnM$=3{5%<=5UoHYw{Jp z{Z}KKk@mKWDfIbC?(Q33pwvs!2|3c-ixKN80>>Zz{vo)#AWl{XD^imvL zg;=qpBoZQEafB+fvfF6}9P}urDkT<)hU8U`SejkqY)b(3Q?ocXhl#WF__X}wDS11h z-EHb~0v6^CiV7E5{C(rB4FIfsv?5 zLnl12omz^To_pD@)-A`WOoufAk6+JRoWj-Gaf%n`V?;Kt!xpQ4Sm4+@>_i|cFExLI z@9qfQyi^XZ_@P4P-vW31SEaiA2J*W}YS4Thtoe!MkG!a43l(_tYEwTxQT{D<>J~{ zl$GUEC8+gbAW3;RI0!0Hz-`e?@mIHC7x#At(FgwZ zb`ZDDnXAdVqkRcFKRA)W=v>*sG%Ptfmj6c1>T1Shnpo4hNJT=)P%&c88hCh2kqaYX zvhw+JEKOW8I;$l*KEcH73@uYuTE`2D?;}Ano7lX+Ss9`}DI`IXlKPFW_J|rGLDi?Y zWHX>fQccrp+K4P)+5$O{2TE$sa8UGT9v~t&3BJ_#7s&ibB9fS!1p6t3LbX&&WvuTY zu1f(zglB&Y?Y>LIAY49;T&x<*h&J9VdmRYv(m#X281ApyvyZr~!7Y;b$vshOlyQ!F zjoEW3{v>y^%wD15iKxzLCs#cb z0?r3z$Z(OgDEgMXgj^j0H&RN({_N+e?%wm@iFPO8j+S)i*B5P8D^07~jkb`bm z5KruY%w4(~`iEYUzZJOd7=ZUp!j&ZPi~i{?3FfP~nOT%EAoOprM2{<8AfAaXYUotw z;T%chFO}GIlw{Tch3;u>xf$uUQFwR2%QErzTvHaQh8P8x)1!p?eqBi8C4@5JSUga| zgtioKvR+6$UA&n@*!yJr+iw}m#ie5?2okk0aB4gWst$lcpG?NUJD{!zY`YnnNS&8P zP$3Y}0?+{m00!NgMAlCKh`TA<&6( zT$s9SH?)RyT35t(^3#{1+yZ}K9USpb&8v-Irhll4U*x_EKRnMQAm6e^}kl}_KdKYbkIxgh!@3ShahYCvcfVi^YHv>k`&(x#m}p7EE`%>_Ei3ZFNp zK0rRBSWOO2$3Ad8p2>vwVZc>T=mhRe4B(;bZd_uXU$C{Rm0n$jIIpOv!IRF-+cDEG zu&$U|v=K*~KVvWvc~$o%xrPub-btS)hg>WU zNDQZgaL9pA%G!Da92u>e7YmY%c~k))=0iqJg{U&0GSl*_4+3oFg94-K;>y|=9tuiT z=6L2pNTO1b)r2dR^T$R3HrDAd!^iV&9HlA%u|c2uO@44Snox!mAbg38@Tu_M<@oRP z;+h83(>uT4)R^GI*hSrD)d@vaWFtT5(_QHzx~eU2Jt!qF)YE?#01($5Rn?_6-V8;r z*lrXx4_Mj+SXt<{Bp33m!YU`wChllcG-_Yeh(?eUei1nu|M4>>k8LFqJ~MD1*)~t} zVnna(0r`wBc0udqvVW_OVIzM#Bvv(aZW|=53Uh_6&^9`cXtNZLauB$LN7mw5n-j z0c!;OT#@8Qv{}xt z-&S5NwUuw7{cPM*+1@EKH&CcTIiE0XM1=-pF4>mH9j(ro_Tv|!J_Uw)nll~x^wHlg zN|L#&u7(}d<}H4R1AMku#>IgaD*vnEdM8^fezjFJ*_b$}&Hi$kvb*Tx&VHV=2vd%? zBzK&(x{!ww?fXEt8)wHsam1F=oSi&MwcjQx{72-9FIe%$B*87dK_`w(su?ZuziR}BnGgbWASW>)d;=oR)l(67Q5jGY#&KQEp*NBx`(88mmJx! zQBCx&_6TMgpX1@iY6Qli5yoP*5i5?$&&<9tM04}IWt4_;ZA%9as1r+zy#$Y*7(S`R z;|1iCbLK&WzeMj0uq8E~HI>=6_tq3+f^avLCkt{d5JCC+!(J%w_v;}pSzLsemiFGU zp2Md_B5{kqy6PHn0ztAGVLA|~TL}yV+H)rbE!`cM;Tc;M8CzAf_j~Rr<#Ck4uI5i# z4jV3zWq4yig)u)K$t>Z4PMQ7taXih7sQO&|oux-rSo-qeR0r<6X`<1_W1_7a$WvKb zp$Tg_H*W1?%eWDaqG2{Dew2sv9%ncc?t!x?4j-t{f|HSeiTGuD-eJP z>_mR(V}awtFbbUnO2Uecd_(>Djhm#_NGe6Ux-eCwsRTcSKIP&2^~!Ym9ZrTfdjRoW z4`6@@gbzm827Ur~{X(vx<_E~>s|W(bujixdjHLV(rmTy0o%>JY;Vo0?F`VxBhW2jB zcwPKR;LlA%W53(UwE@&{RBC2}V*N(gdvrU36cSg4z?~^iBj;OH1HGzpn5T(l;Mg-^ z{VV+2$(+hNqm{Aq;6<&RfT@PDk;tsIU{B}65a{N8^9t>mb|4-bK?Q}qE0y>Mo`?ZV zFm=1e>XuGGNglK}wOY$%jsWD350F+*^!F@m!LvilQmrT$TL-rcstwV$!?Am{*KG^4KG5vLl=Jl7T~1A{eUQ^ z1Ug1(Y6UF#{o9JVYij?N(9PdKM+U3brL>sB(K}TW?JpS^BDbf0&cva=9{EL6;6_BO zik$K|^g-W|BC?`@$gK@s;P%;=e0wf1bOvG-)uH5%L!1c!lCNI40@HkBzep+~o9gKN zDH-2At2l3i|M$uxxF)wnH*Whn1Bkby2(_CFx@-=5R|KNh@yF4zCP;(&XlRTPOO`Ip!o4o*CQ*?ZNm$S7=(S1H{x zQ11>CQIpxooYbP1v%*6RDSy~u|Mms&3=Z>wSLpxbYT zP<6c%Lp)*I4;%e%?pB!rW&U|G_|T&xfT?U^+2V%0g0oGqEQ{ECb0qFT2W)yNXxx&! zN#6=@juOb#uVj@<5Mr6a?x2r|&(Zg&FG)$xsnw8pI2yLAG2UWZee>p zwZ-Asx8g%JwUGSn?6Bj20f(_{a;A`Mxq|oS?U8v-??0DW4w8x(X5u0k=Dk;|RfMS> z8MaHk+fsyAFs!eGUDwkW*^&1>A9WW=`!T0QKAqxm(Snvivz0G+&brN>t0$X?{&r)F z>Du66t*}pzZf={|X5!E@6LCX?==$G)@4y_nDW3NL-a?0KhL6sw5uvl$mSZpwzX?N7 z7B`36K$GJt8$d}?HCcZ@$fY9r|1zb<@$5h#8$|G{x<8RWHN5m+rIOV*kiYsZe_W3S zW<2xaZgq)nAN|3SHaZl&rlZ1lH}i{ed;2A9W3x1VA0r6AnJDP6kGJ-~GOKb z>iG(xW03m3S^Tj%Y9Ncb9k=-rl70HL7qjv92-DQja+_MOrGdQn; zbXxP7x$#zhKn|^{8wz$Z#%QrVAjW04|YsKz8P{G{BO8$-t{lU{M@X62etJ` zwUQqH`;+Gz%103f^~d*b^hB>3Gb%S)@i;y&h2O`Ty-(7pB!iy;13F9NgG?0NtKbn< zFAHYM=zw7FGYyJ6(R;mQl!Cr-aS*w8LuD@?7kv#)>J&kC0)h|{0mIRHNKMR+F%bY2 zXd_)Eee|9{Y`s#w82@_&Qsy7m%bWMluzz2&UBql?TyciE@g^)PK1>w z?QrujwyA+vQpfu~39ML?=Y@u2+e=Wt zK?sCj_RZPp4sSO(?oB3ff6!8bA_ToB;pE!l6}H_0=R+j>=@JOJx+*%qGYL9jyL}9M zP&`iI*DVzdG_Sq4cfYh(I$mFJJv9q4)nGMqoc}HS=qu=9cY*EjA$k8=z2WoBnKj*H zu7*Bh(jfpmu)xIkGy|;@6zaD+}1W;z_gGUPH*gl^G(qd7Ztc#ZZO(-|~>b=lt%IU6++Xq>INtyQ;~qon6V* z%K%6Oj{gm14~rfm{uC_=5JcxNE9u(rMFq)vZ$m?$U)MoKzArG%1u>JoxsmL!`PKcs z4-MY%-Yru%>8m7n*JuP|-Hc^Y>A44k+42xHa7YC)Elwt`i9wIPFWFKbyQQ$WW(0UI zqt#xyQ0@Y2ULY_>tV=^LCx@|peLZ9gyCEiYV)ke$()FD|()Bf(FUxB&Nm9 zpmNXzZd@Z(qxjyqfp&0m&_6#Kep06kryPdXB|GIlgofrqC{zD_^!YElV9zWsi&dw}H~3Pxv-CObDd@N! zGi1huPy7s?7F$S_0os3O{JT!ho&I%H(S~KUC#gV2{ZHC@uOqTs0&Z+b7&Lh>pk8pn zVYh%D!U{>UhbNCyDmi@l*_4wK0*Gr5?80G@<6n-;klZXwZPpk+@pZ9l`wrg`PPyay zYa=XdjjZ$YYUsnVe#ufvsQOQHR1infce}YK^~By)W{ezw$X8Kh(%?LtHx0%#oeV(~ zMdS>B9B!IHHcP(GpxCjEFLLXWL%XXZIL{l_)g862p(c`iC3GC({bvBr5haXGam-{SSk6Rj7zvMJrLLLAP$B1~* zxd&G)ci~+>tN;Nu^z8SorS0M|ziCTLK6a38Vse*$f`v4qBS#*3` z0%;C{2Bx8MdXxSc%QFH#E&atvL|rzQYV#*`Mq#zRdoU!GNKMXzD6C6J4m0X;&Nsc@f;t)(E#A1lhTOtn zvi@@V0T@T5f2mkWu$^V6h{qT!=nH3AnSvHFYmYEI^bVu`%h%yJ@sLDG39kZF5HXTe zUWZIqNP>PQ+bc{OjQ~kg&z|T~+>zk6-y(HRiagHX*ViiA8t`=A%`x2Mo1IOT$?s2< zQhtAeriuOOmw{~$a*x26J{HMS9a+ooQ4q;%`25ul4}lPO{m-4j@cE3V^lh6Lv`6__O&*J{s$PY$gPgt0kmY0jUrJ(00CQ`t#cN+^& zsnYhZ!f%jv<60Gz(l4%?9!QZ3CgmUfn+|oq@Zhj?gV2vAb3|!{kQ#x6aaw=ouLi^ut{GpmW?y<&-8>WF1xsY zMHc8oE7UoHvdZ-NUF#muq{jrpGdi+$CNYAri6Fpov+gIO@0_@Pj)(Bd%nT%3oi==! z{~WF2tcGR^#pX*3WKe^ZRhNhbk9ITt#E1-E)G5eLe07POf~jVlEVG#yg9uu{#8Yva zEvm;ze!9nrIqlpD0f|9SsmUTG^=>x8ZczynBQtBdC96{%cIH)ZJUa*)g#vJ51v62w zwl*_m1B{7XbOC>*{J?Czl3BQ-DD7M)05_yh2AEH`k1e&=$e|AA4n6W9y&_GXCH=`< zXqT;hmj<=e@hiLr?=+7~*CXgm(m@3|0mri%>zQ#L;gAfecZ5c#N&aC{h7uMcWyF=w z@tv5W>2gO!3VW0}xLi&9kL={|KRkN;(p&8mzMwK882Ie#*sohV_uWjvAZCPqJ?1~?bY#PmOREPv zSY*PAag-wO^3co0#35O{`{VleS_c=4C?0OV7H5)OKcfckKY7#l=Ub4BGb!?m$_a#c zX&97@d{9~68BaAc69Q-*3R2H0Sum($0x=6z=I@PRK;UEm4x|P)Se1ORt3VLye;&y3 l*AM*v9q#deC>8cWER{1<$vw#d4F>v?7FQ6f5;64ue*o=gqyGQ^ diff --git a/docs/diagrams/ingestion-pipeline.puml b/docs/diagrams/ingestion-pipeline.puml index c588ad5..d7724f8 100644 --- a/docs/diagrams/ingestion-pipeline.puml +++ b/docs/diagrams/ingestion-pipeline.puml @@ -7,26 +7,30 @@ LAYOUT_WITH_LEGEND() title Customer-Facing Logs — Ingestion Pipeline (AI Edge v1) ' External producers -System_Ext(ai_edge, "AI Edge Data Plane", "Envoy + WAF sidecar handling customer HTTP traffic. Emits one OTLP log record per request (access) and per WAF rule match (waf).") +System_Ext(ai_edge, "AI Edge Data Plane", "Envoy + WAF sidecar handling customer HTTP traffic. Emits one OTLP log record per request (access) and per WAF rule match (waf). Stamps tenant.kind / tenant.name and resource identity labels on every record.") ' Catalog and per-tenant policies — read by the gateway via cached informers -System_Ext(catalog, "Telemetry Catalog", "MonitoredResourceType and LogDefinition CRDs published by the telemetry-services-operator. Defines the legal label vocabulary per resource type.") -System_Ext(policies, "Per-Tenant Policies", "LogCollectionPolicy, LogIngestionQuota, LogRedactionPolicy resources.") +System_Ext(catalog, "Telemetry Catalog", "MonitoredResourceType and LogDefinition CRDs published by the telemetry-services-operator. Defines the legal label vocabulary per resource type and the consumer / producer destinations per log.") +System_Ext(policies, "Per-Tenant Policies", "LogCollectionPolicy and LogRedactionPolicy resources.") ' Ingestion system boundary System_Boundary(ingest, "Ingestion Pipeline") { - Container(gateway, "OTel Collector Gateway", "OpenTelemetry Collector, regional Deployment", "Stamps cloud.account.id from caller workload identity. Validates resource attributes against catalog vocabulary. Derives tenant_id. Enforces collection policy and ingestion quota. Drops/hashes per redaction allowlist. Emits telemetry_ingestion_dropped_bytes_total per (project, category_group).") - ContainerDb(clickhouse, "ClickHouse", "platform_logs table", "MergeTree, partitioned by (tenant_id, month). Per-row TTL column set from category and tenant retention policy.") + Container(gateway, "OTel Collector Gateway", "OpenTelemetry Collector, regional Deployment", "Validates tenant.kind / tenant.name. Resolves tenant_id via the project catalog. Validates resource attributes against catalog vocabulary. Fans out one record per declared destination (consumer / producer), stamping consumer_name on producer records. Drops/hashes per redaction allowlist.") + ContainerQueue(nats, "NATS JetStream", "Durable subject", "Buffers records between the gateway and ClickHouse. Provides backpressure if ClickHouse is down and feeds the live-tail handler.") + Container(writer, "ClickHouse Writer", "Go consumer", "Drains NATS into platform_logs in batches.") + ContainerDb(clickhouse, "ClickHouse", "platform_logs table", "MergeTree, partitioned by (tenant_id, month). Sorted by (tenant_id, resource_type, resource_name, log_id, timestamp). Table TTL on timestamp.") } ' Producer flow (ingress) -Rel_D(ai_edge, gateway, "Emit log records (OTLP/gRPC). 429 + Retry-After on quota exceed.") +Rel_D(ai_edge, gateway, "Emit log records (OTLP/gRPC) with tenancy + resource labels.") ' Gateway lookups -Rel_R(gateway, catalog, "Validate label vocabulary", "informer cache") -Rel_R(gateway, policies, "Apply collection / quota / redaction", "informer cache") +Rel_R(gateway, catalog, "Validate label vocabulary; resolve destinations", "informer cache") +Rel_R(gateway, policies, "Apply collection / redaction", "informer cache") -' Successful write -Rel_D(gateway, clickhouse, "Batch insert validated records", "TCP/9000") +' Successful write path +Rel_D(gateway, nats, "Publish per-destination records", "NATS") +Rel_D(nats, writer, "Consume", "NATS") +Rel_D(writer, clickhouse, "Batch insert", "TCP/9000") @enduml From 0bec8978bcab55dac50fce72e8882273bf9bc89e Mon Sep 17 00:00:00 2001 From: Matt Jenkinson <75292329+mattdjenkinson@users.noreply.github.com> Date: Tue, 19 May 2026 12:00:28 +0100 Subject: [PATCH 4/5] docs: add request correlation, user agent, and PoP fields Extend the AI Edge access and WAF log entry schemas to support a per-request lifecycle view (firewall decision, geo/routing) keyed off a shared correlation ID. Key changes: - Add http.request.id (Envoy x-request-id) to both httpproxy-access and httpproxy-waf so a single request_id filter returns the access entry and every WAF rule that fired on the request - Denormalise waf.outcome and waf.matched_rules onto the access log so "show me blocked requests" is a single stream filter, not a join; per-rule detail stays on the WAF log for drill-down - Add user_agent.original to the access log - Add edge.pop.ingress (and edge.pop.upstream on the access log) to carry the ingress / upstream PoP per request. PoP is emission context, not resource identity, so it lives on the entry schema not the MonitoredResourceType - Add a Request Correlation subsection explaining the join key and the denormalised-summary pattern --- docs/architecture/customer-facing-logs.md | 59 ++++++++++++++++++++++- 1 file changed, 58 insertions(+), 1 deletion(-) diff --git a/docs/architecture/customer-facing-logs.md b/docs/architecture/customer-facing-logs.md index 0255bf1..14c1bcb 100644 --- a/docs/architecture/customer-facing-logs.md +++ b/docs/architecture/customer-facing-logs.md @@ -95,6 +95,8 @@ spec: description: One entry per HTTP request handled by the proxy. monitoredResourceType: networking.datumapis.com/HTTPProxy entrySchema: + - name: http.request.id + description: Per-request correlation ID (Envoy x-request-id). - name: http.request.method description: HTTP method (GET, POST, etc). - name: http.response.status_code @@ -103,8 +105,18 @@ spec: description: Request path. - name: client.address description: Client IP. + - name: user_agent.original + description: Verbatim User-Agent header sent by the client. - name: http.request.duration_ms description: Request duration in milliseconds. + - name: edge.pop.ingress + description: PoP code that received the request (e.g. cdg1). + - name: edge.pop.upstream + description: PoP that routed to the upstream when different from ingress; empty when handled at ingress. + - name: waf.outcome + description: Summary of WAF decision for this request — allowed, blocked, or challenged. + - name: waf.matched_rules + description: Number of WAF rules that matched on this request. Non-zero implies a paired httpproxy-waf entry exists per matched rule. destinations: - type: consumer # written to the customer's project - type: producer # written to the networking service's producer project @@ -115,14 +127,18 @@ spec: description: One entry per WAF rule evaluation that matched or blocked. monitoredResourceType: networking.datumapis.com/HTTPProxy entrySchema: + - name: http.request.id + description: Matches the http.request.id on the paired httpproxy-access entry. - name: waf.rule.id description: Identifier of the WAF rule that matched. - name: waf.action - description: Action taken — block, log, challenge. + description: Action taken for this rule — block, log, challenge. - name: waf.severity description: Severity classification of the matched rule. - name: client.address description: Client IP. + - name: edge.pop.ingress + description: PoP code that ran the WAF evaluation. destinations: - type: consumer - type: producer @@ -184,11 +200,17 @@ spec: displayName: HTTP Proxy Access Log monitoredResourceType: networking.datumapis.com/HTTPProxy entrySchema: + - name: http.request.id - name: http.request.method - name: http.response.status_code - name: url.path - name: client.address + - name: user_agent.original - name: http.request.duration_ms + - name: edge.pop.ingress + - name: edge.pop.upstream + - name: waf.outcome + - name: waf.matched_rules destinations: - type: consumer - type: producer @@ -415,6 +437,41 @@ the NATS subject the ingestion pipeline already writes to, filters by matching records over the WebSocket. This avoids polling ClickHouse and keeps tail latency in the low hundreds of milliseconds. +### Request Correlation + +A single HTTP request through AI Edge produces one access log entry +(`httpproxy-access`) and zero-or-more WAF entries (`httpproxy-waf`, one +per matched rule). All of them carry the same `http.request.id` +(Envoy's `x-request-id`, which already propagates through the filter +chain to the WAF sidecar). That's the join key. + +The model favours denormalisation on the access log for the common case: + +- `waf.outcome` (`allowed` / `blocked` / `challenged`) and + `waf.matched_rules` (count) are stamped directly on the access log, + so the high-frequency "show me blocked requests" query is a single + stream filter, not a join — same shape as GCP Cloud Armor's + `enforcedSecurityPolicy.outcome` on LB access logs. +- The per-rule `httpproxy-waf` entries carry the rule id, action, and + severity, joined back to the access log by `http.request.id` when the + customer needs to drill in to "which rules fired on this request." + +This supports a per-request lifecycle view (one row per request, +expandable to show every WAF rule that fired) without forcing every +query through a join. The lifecycle view itself is built by a single +`http.request.id` filter across both streams: + +```logql +{log_id=~"networking.datumapis.com/httpproxy-(access|waf)"} + | json | http_request_id="phl94-1779186433904-397d1bd984ce" +``` + +`edge.pop.ingress` (where the request was received) and +`edge.pop.upstream` (where it was routed to, when different) populate +the geo/routing portion of that view. Both are stamped at emission by +the data plane — they're not resource identity, since one `HTTPProxy` +serves from many PoPs. + ### Redaction - Platform-managed allowlist of attribute keys always dropped or hashed From 1f3128645874ef4d343243247928eb22a602c90f Mon Sep 17 00:00:00 2001 From: Matt Jenkinson <75292329+mattdjenkinson@users.noreply.github.com> Date: Tue, 19 May 2026 12:01:57 +0100 Subject: [PATCH 5/5] docs: keep PoP and request context on the access log only MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove edge.pop.ingress and client.address from the WAF entry schema. Both are already on the paired access log and reachable by joining on http.request.id; duplicating them on every matched-rule row is waste, and the WAF has no concept of edge.pop.upstream anyway since it runs before the routing decision. Clarify in the Request Correlation subsection that the WAF schema is deliberately lean — any context that exists on the access log is reached via the join rather than copied per matched rule. --- docs/architecture/customer-facing-logs.md | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/docs/architecture/customer-facing-logs.md b/docs/architecture/customer-facing-logs.md index 14c1bcb..e15423d 100644 --- a/docs/architecture/customer-facing-logs.md +++ b/docs/architecture/customer-facing-logs.md @@ -128,17 +128,13 @@ spec: monitoredResourceType: networking.datumapis.com/HTTPProxy entrySchema: - name: http.request.id - description: Matches the http.request.id on the paired httpproxy-access entry. + description: Matches the http.request.id on the paired httpproxy-access entry. PoP, user agent, response status, and other request-level context are joined from there. - name: waf.rule.id description: Identifier of the WAF rule that matched. - name: waf.action description: Action taken for this rule — block, log, challenge. - name: waf.severity description: Severity classification of the matched rule. - - name: client.address - description: Client IP. - - name: edge.pop.ingress - description: PoP code that ran the WAF evaluation. destinations: - type: consumer - type: producer @@ -467,10 +463,15 @@ query through a join. The lifecycle view itself is built by a single ``` `edge.pop.ingress` (where the request was received) and -`edge.pop.upstream` (where it was routed to, when different) populate -the geo/routing portion of that view. Both are stamped at emission by -the data plane — they're not resource identity, since one `HTTPProxy` -serves from many PoPs. +`edge.pop.upstream` (where it was routed to, when different) live only +on the access log; WAF entries inherit them by joining on +`http.request.id`. They're emission context, not resource identity — +one `HTTPProxy` serves from many PoPs — so they're stamped at emission +by the data plane and aren't part of the `MonitoredResourceType` +vocabulary. The same reasoning is why the WAF entry schema is lean: +client IP, user agent, response status, PoP — anything that already +exists on the paired access entry is reached via the join rather than +duplicated on every matched-rule row. ### Redaction