From dbaed3a1b75a801373b5ed972e3dc38ce2688dee Mon Sep 17 00:00:00 2001
From: ponselvajeganathan
<68591831+ponselvajeganathan@users.noreply.github.com>
Date: Mon, 23 Mar 2026 20:29:32 +0530
Subject: [PATCH 1/5] 10111993: Added Blazor with AWS Cognito
---
blazor-toc.html | 3 +
.../authentication/blazor-aws-cognito.md | 342 ++++++++++++++++++
.../authentication/images/aws-cognito.webp | Bin 0 -> 7714 bytes
3 files changed, 345 insertions(+)
create mode 100644 blazor/common/authentication/blazor-aws-cognito.md
create mode 100644 blazor/common/authentication/images/aws-cognito.webp
diff --git a/blazor-toc.html b/blazor-toc.html
index d95567a62a..15bc34136e 100644
--- a/blazor-toc.html
+++ b/blazor-toc.html
@@ -398,6 +398,9 @@
Blazor with JWT Authentication
+
+ Blazor with AWS Cognito Authentication
+
Integration with Other Syncfusion Products
diff --git a/blazor/common/authentication/blazor-aws-cognito.md b/blazor/common/authentication/blazor-aws-cognito.md
new file mode 100644
index 0000000000..77f016ee05
--- /dev/null
+++ b/blazor/common/authentication/blazor-aws-cognito.md
@@ -0,0 +1,342 @@
+---
+layout: post
+title: Using Syncfusion Blazor Server with AWS Cognito
+description: Authenticate a Blazor Server app with AWS Cognito (OIDC Hosted UI) and secure Syncfusion components.
+platform: Blazor
+control: Common
+documentation: ug
+---
+
+# Authentication and Authorization with AWS Cognito in Blazor Server
+
+AWS Cognito User Pools provide a managed identity system that supports OpenID Connect (OIDC), OAuth 2.0, JWT tokens, MFA, user attributes, and group‑based roles. This guide explains how to integrate a Blazor Server application with Cognito using Authorization Code Flow + PKCE through the Hosted UI, configure roles, and secure Syncfusion Blazor UI components.
+
+## What is AWS?
+
+Amazon Web Services (AWS) is a cloud platform offering compute, storage, databases, security, and many managed services.
+
+For identity, AWS provides Amazon Cognito to handle sign-up/sign-in, tokens, MFA, and issuing temporary AWS credentials via IAM. Cognito exposes managed login (Hosted UI) and standard OpenID Connect (OIDC) endpoints for modern auth flows.
+
+## Why Amazon Cognito for Blazor?
+
+* Standards-based OIDC: Works with ASP.NET Core's built-in OpenID Connect middleware for Blazor Server; no third-party libraries are necessary. This is the Microsoft-recommended pattern to connect non-Microsoft OIDC providers.
+* Hosted UI & MFA: Prebuilt, brandable login with MFA and password policies, reducing custom auth UI work.
+* Groups/roles: Emit cognito:groups in tokens for role-based authorization in your app and API.
+* Temporary AWS credentials (optional): Identity Pools can exchange a user's ID token for time-limited AWS credentials to call S3, DynamoDB, etc.
+
+## Cognito building blocks
+
+* **User Pools:** Managed user directory + OIDC authorization server (tokens, Hosted UI, MFA, groups). Use this to authenticate users and obtain ID/Access tokens for your app/APIs.
+* **Identity Pools (Federated Identities):** Optional service that exchanges a trusted identity (e.g., User Pool ID token) for temporary AWS credentials through IAM roles; use when your app (typically the server) must call AWS services on behalf of the user.
+
+## Password Policies
+
+In **User Pool → Sign-in experience**:
+- Configure **Password policy** (length, complexity, expiration).
+- Turn **MFA** Off/Optional/Required; choose **SMS** or **TOTP** enrollment.
+- Hosted UI prompts users according to your policy.
+
+## Role-Based Authorization with Cognito Groups
+
+* Create groups (e.g., `Admin`) in **User Pool → Groups** and add users.
+* Ensure **Group membership** is included in tokens.
+* Map roles using `RoleClaimType = "cognito:groups"` and protect pages/endpoints with `[Authorize(Roles="Admin")]`.
+
+```razor
+@page "/admin"
+@attribute [Authorize(Roles = "Admin")]
+Admin Dashboard
+Only users in the Admin group can access this page.
+```
+
+> Group creation and behavior are documented in AWS; using roles in Blazor/ASP.NET Core follows Microsoft's standard policy system.
+
+## Prerequisites
+
+* .NET 10
+* Visual Studio 2022 or VS Code + C# Dev Kit
+* AWS Account with permission to manage Cognito
+
+## Integrating Cognito with Blazor
+
+Configure OpenID Connect with the Cognito Hosted UI (Authorization Code + PKCE), which Microsoft's docs show for any OIDC provider in Blazor Web Apps.
+
+### Create project
+
+If you already have a Blazor project, proceed to the package installation section. Otherwise, create one using Syncfusion’s Blazor getting‑started guides.
+
+* [Server](https://blazor.syncfusion.com/documentation/getting-started/blazor-server-side-visual-studio)
+* [WebAssembly](https://blazor.syncfusion.com/documentation/getting-started/blazor-webassembly-app)
+
+### Update `appsettings.json`
+
+This stores your Cognito Hosted UI domain and app client ID so the app can read them at startup. The Authority is the base URL of your Cognito User Pool domain, and ClientId identifies your web app in Cognito. Keep these out of code to simplify environment changes. Replace the placeholders with your actual Cognito values.
+
+{% tabs %}
+{% highlight json %}
+
+{
+ "Cognito": {
+ "Authority": "https://your-domain.auth.ap-south-1.amazoncognito.com",
+ "ClientId": "YOUR_APP_CLIENT_ID"
+ },
+ "AllowedHosts": "*"
+}
+
+{% endhighlight %}
+{% endtabs %}
+
+N> This sample uses Authorization Code + PKCE with a public client (no client secret). If you created a confidential client, add ClientSecret to configuration and set options.ClientSecret in the OIDC options.
+
+### `Program.cs` (OIDC + Cookies)
+
+This wires OpenID Connect against Cognito’s Hosted UI using the Authorization Code flow (PKCE) and uses cookies for the authenticated session. SaveTokens = true keeps ID/Access tokens available for downstream API calls. RoleClaimType = "cognito:groups" turns Cognito groups into ASP.NET Core roles. The /signin and /signout endpoints start and end the hosted login flow.
+
+{% tabs %}
+{% highlight cs %}
+
+using Microsoft.AspNetCore.Components;
+using Microsoft.AspNetCore.Components.Web;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Components.Authorization;
+using WebApp.Data;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.IdentityModel.Tokens;
+using Syncfusion.Blazor;
+
+var builder = WebApplication.CreateBuilder(args);
+
+// Add services to the container.
+builder.Services.AddRazorPages();
+builder.Services.AddServerSideBlazor();
+builder.Services.AddSyncfusionBlazor();
+builder.Services.AddHttpContextAccessor();
+
+builder.Services.AddSingleton();
+var cognitoDomain = builder.Configuration["Cognito:Authority"];
+var clientId = builder.Configuration["Cognito:ClientId"];
+
+bool TryGetAuthorityUri(string? authority, out Uri? uri)
+{
+ uri = null;
+ if (string.IsNullOrWhiteSpace(authority)) return false;
+ if (authority.Contains("your-domain")) return false;
+ // Require a valid absolute URI (e.g. https://your-domain.auth.region.amazoncognito.com)
+ if (!Uri.TryCreate(authority, UriKind.Absolute, out var parsed)) return false;
+ // only http or https are acceptable here for dev detection; production will require https
+ if (parsed.Scheme != Uri.UriSchemeHttp && parsed.Scheme != Uri.UriSchemeHttps) return false;
+ uri = parsed;
+ return true;
+}
+
+// Decide whether to enable OIDC (Cognito) or fall back to cookie-only auth in Development.
+bool useOidc = false;
+if (!string.IsNullOrWhiteSpace(cognitoDomain)
+ && !cognitoDomain.Contains("your-domain")
+ && !string.Equals(cognitoDomain, "Test user", StringComparison.OrdinalIgnoreCase)
+ && !string.IsNullOrWhiteSpace(clientId)
+ && !clientId.Contains("YOUR_APP_CLIENT_ID"))
+{
+ if (Uri.TryCreate(cognitoDomain, UriKind.Absolute, out var u))
+ {
+ // Allow only HTTPS authority generally
+ if (string.Equals(u.Scheme, Uri.UriSchemeHttps, StringComparison.OrdinalIgnoreCase))
+ {
+ useOidc = true;
+ }
+ else if (string.Equals(u.Scheme, Uri.UriSchemeHttp, StringComparison.OrdinalIgnoreCase)
+ && !u.IsLoopback
+ && builder.Environment.IsDevelopment())
+ {
+ // allow non-local http authority in development (rare)
+ useOidc = true;
+ }
+ }
+}
+
+if (useOidc)
+{
+ builder.Services.AddAuthentication(options =>
+ {
+ options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+ options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
+ })
+ .AddCookie()
+ .AddOpenIdConnect(options =>
+ {
+ options.Authority = cognitoDomain!; // Cognito Hosted UI domain
+ options.ClientId = clientId!; // App client ID
+ options.ResponseType = "code"; // Authorization Code + PKCE
+ options.SaveTokens = true; // persist tokens in auth session
+
+ // If the authority is http and we're in Development, allow non-https metadata.
+ options.RequireHttpsMetadata = !(builder.Environment.IsDevelopment()
+ && Uri.TryCreate(cognitoDomain, UriKind.Absolute, out var uu)
+ && string.Equals(uu.Scheme, Uri.UriSchemeHttp, StringComparison.OrdinalIgnoreCase));
+
+ options.Scope.Clear();
+ options.Scope.Add("openid");
+ options.Scope.Add("email");
+ options.Scope.Add("profile");
+
+ options.TokenValidationParameters = new TokenValidationParameters
+ {
+ NameClaimType = "cognito:username",
+ RoleClaimType = "cognito:groups"
+ };
+
+ options.CallbackPath = "/signin-oidc";
+ options.SignedOutCallbackPath = "/signout-callback-oidc";
+ });
+}
+else
+{
+ // Cookie-only auth for development/test when Cognito isn't configured.
+ builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
+ .AddCookie();
+}
+
+// In Production require a valid HTTPS Cognito authority.
+if (!builder.Environment.IsDevelopment())
+{
+ if (!TryGetAuthorityUri(cognitoDomain, out var prodUri) || prodUri!.Scheme != Uri.UriSchemeHttps || string.IsNullOrWhiteSpace(clientId) || clientId.Contains("YOUR_APP_CLIENT_ID"))
+ {
+ throw new InvalidOperationException(
+ "Cognito configuration is invalid. Set 'Cognito:Authority' to your Cognito Hosted UI domain (https://.auth..amazoncognito.com) and 'Cognito:ClientId' to your app client id.");
+ }
+
+ // If we reach here, OIDC is already registered above when appropriate.
+}
+
+builder.Services.AddAuthorization(o =>
+{
+ o.AddPolicy("AdminOnly", p => p.RequireRole("Admin"));
+});
+
+var app = builder.Build();
+
+// Configure the HTTP request pipeline.
+if (!app.Environment.IsDevelopment())
+{
+ app.UseExceptionHandler("/Error");
+ // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
+ app.UseHsts();
+}
+
+app.UseHttpsRedirection();
+
+app.UseStaticFiles();
+
+app.UseRouting();
+
+app.UseAuthentication();
+app.UseAuthorization();
+
+app.MapBlazorHub();
+// Dev + auth endpoints for sign-in/sign-out to avoid performing SignIn/Challenge from Blazor components
+app.MapGet("/signin", async (HttpContext ctx) =>
+{
+ if (useOidc)
+ {
+ await ctx.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
+ return Results.Empty;
+ }
+
+ // Dev fallback: create a local cookie user and redirect home
+ var claims = new[] {
+ new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.NameIdentifier, "devuser"),
+ new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Name, "Developer User"),
+ new System.Security.Claims.Claim(System.Security.Claims.ClaimTypes.Email, "dev@example.local")
+ };
+ var identity = new System.Security.Claims.ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
+ var user = new System.Security.Claims.ClaimsPrincipal(identity);
+ await ctx.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user);
+ ctx.Response.Redirect("/");
+ return Results.Empty;
+});
+
+app.MapGet("/signout", async (HttpContext ctx) =>
+{
+ if (useOidc)
+ {
+ await ctx.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties { RedirectUri = "/" });
+ return Results.Empty;
+ }
+
+ await ctx.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+ ctx.Response.Redirect("/");
+ return Results.Empty;
+});
+app.MapFallbackToPage("/_Host");
+
+app.Run();
+
+{% endhighlight %}
+{% endtabs %}
+
+### Syncfusion DataGrid on an authenticated page
+
+This page shows a Sign in link when anonymous and renders a Syncfusion DataGrid once authenticated. The links hit the minimal endpoints you mapped in Program.cs. The grid uses in‑memory data to keep the sample runnable.
+
+
+{% tabs %}
+{% highlight razor %}
+
+@page "/"
+@using Microsoft.AspNetCore.Components.Authorization
+@using Syncfusion.Blazor.Grids
+
+Welcome
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Please sign in to view the grid.
+ Sign in
+
+
+
+@code {
+ private record Order(int Id, string Item, int Qty, decimal Price);
+
+ private readonly List _orders = new()
+ {
+ new Order(1, "Laptop", 1, 1299.00m),
+ new Order(2, "Mouse", 2, 49.99m)
+ };
+}
+
+{% endhighlight %}
+{% endtabs %}
+
+### Run the application
+
+Run the application using below:
+
+```
+dotnet run
+```
+
+**Expected Behavior**
+
+* Syncfusion DataGrid component should render only for authorized users.
+* If the user is not authenticated, the application should display Sign in options instead of the Syncfusion components.
+* After a successful login, the user should be able to view the Syncfusion DataGrid component.
+
+**Output:**
+
+
\ No newline at end of file
diff --git a/blazor/common/authentication/images/aws-cognito.webp b/blazor/common/authentication/images/aws-cognito.webp
new file mode 100644
index 0000000000000000000000000000000000000000..a6c9e9e3d6bb57de3c614bdc04093e3c079128d7
GIT binary patch
literal 7714
zcmcgwWmH^C)@@vZ2e(Fo1p+~XYmg=oAi-S%H15GQNRR|~hakZnf;H|Epc{7&5FkL%
zhW?m&Yu4D4kam!$We;4?0(P6^q
zDqGP$#L!rDL1N}^&pU263SoI*atFMVsCxE&r);GJazz`1kAM@1E8We_8=V6m_>){k
zAN!~X&A^XxR{F)q{j_eLr9igfjF(!sWW{6~kYWE}2gTWO*orZiUAy;PKb&jxA_xD(
ze+FUeJ8)fk=f8+@U>D>!bxJPwHr^!4s-I#o2|K%g8;~
z+f>n?3=WfGu@3Z7fxWaXtRyk0*0isEYxvk1D;_y_(4(+v4VvdE)FmTCarbROiBOh(
zIN*+uRT8ZFJdHUl9;^J$DU$Ve#RVx3&&irGJFFVV>KkezqnwoG8$LCR`UZ|a-{1Ay
z#QZm0SaR{kO#Wm@!bRwd&05feT@cdqyfW&kWokjkweB#yKN=_~pB|!g)@Y0wk+`rF
zjC@Jv+14LUb>TE0`4W8eRwPL`WD26!gCwUVbXz{x!7|_4k1ioX-Uo-j?9k2`IJzk3
z%M0lgF485vWseMcE-lj<9n*u<-F?dpR+!aG?N=wjO`Fahm=Vthzw@{;v}Gpcfqc(u
z%pmZQN;KZiI{q{FsD9v1VF(8Cl|6QPI;-l?jYKfh2zsy;gLA@+WDG=>M(t8_CJ$zd
za*+O|cthpT!lGKxVB?=nT>&ul7hO(kpv$NYtm%_D%s%R^0nk86x3>S@2MTlW;&7_-
zF&n>=66T-g@E`dVp}P|zQH?%+lM&&^1N-q__sSxp+4niV0_ZH@k)D44$c6`!omz(`
zp4HJGV)Bpm?$PU^(k#fxLcp%#JZDUBB5lz}DpAv}J1aJ!8t>A){{-8=uM;Z2CCaC&
zd^`Ux{Vvz=s9wS?As|Rp#Pp5$dGN%no;!~aZM*GcsT;ZeFY)E?Yci7cF5eN%pLwY$
zlD=NL+E$j;7Ak7}bF%#wm;*miC4X%^PeVqu>DVvH?4L?3ynRalZ&6eI_}q0V?xN!H
z2T1W469oPn<9Gyx^5Jrs0f!&`!q6jJ?QK=TFa!--!lwi-r_X>g-$*k(W@!75ukt{!@_R
zuTW{H_djQErDl$9H}w9hh)R9PKgAuyUuFEYoYGtdMUrx663HO@Shzp?W3BwFNW}Hc
zRw5q*{})pDEq#8T@qaAK|3o8)aUScxOflTQTK4|#AVhSq_%BfGH|(G7r1F#e%4zxk
z`5Fp8W&YJmz(42xPpa1c4k`)&;BEwn1*XV0oamnMI+Fw>kCH3?c3l39Dn^NCHP)FQa$^z7VE;itKeBri92bY*^8w~Aa`bGZhqbjmfYFwb(N
z-4a7M>;#nd37u7D`xheyuj^>eqHGytM6%#Jeyr?$Q&RNJ0&8Iv?ZA`zSjvfr^3z#o
zFog~>m`VKjAb_g_Wv_>&&_jjUNKu{_JzJ;lNE=gAT&U~f333Zeo5iEj8*@mAOo6C1
zd`LNBQ#bYUwo6{8ekkPZ6EXn6Oktl#s{A0(gm*Fbn{VM(YoFZvOR(ll^^P(jiS^+`
zVd$}Q(?cR*)|v@+6CW1x*zjRZpIdj6t(&qoH!FeN-pL$HC)_V3iAdmET+2&~eRnwkO?D0Ajz|Kg|7xQNtg*5owN<0*-yBg|Om@x=U`fOeEa
zI>L}?ukH=~8y&!{{IfYzx6byq!{g-4fw)r>XzoEKeadlXc)U96v)(>y;V+ewzQ(=_
zo87LSijjK2%E6)?OI{nX9{5`NEuVkJVwF%y?{+73K9JK-;dY9k|Z
zn=V&5VssOSt%ZKB^^G3sZ6GOb>Rbi)*YclhV{&uSZJV%VOM1-MG;1XdR*5gP9H3s1
z0K118cqqq(Z#I?Z?NgCz)4o37Gkq^WxKp(#LCU9JoFT!tXj0HHsg4Vbj$}nTIKw-{
zWbmAtv@16iP#IO8C&1E&#hNgz9<;p^Sm;Inw8?Gr`H88YUQbbMP!~6f#l*ne+lBZU
ze^3p8Ulx5F&~?~t!0wFQzZVy5iq%xo?CLV#r4=93ys}XlG-7#tw$muo@p1hOV|ij<
zl(bCRsEeSR8YS0aQg5cNvIv3y;TT^o+OeaTvrVUYK+gNvW{`Z1vXU`;BCu*}>YRgF
zn6}q!WgIe0gNMv0D&x#Lz4lfq{S)VR+c$(e7i_IV|h=
z8nb#72c`6F9BP*0^dphyEoys5Rg?rv8?2S&hz&R{`a|I)uuQ9fa|fASKlynCyB~qj
znzxhMr-e99%nBXvQ*aJDO2_1uONTekOJAAiC91?{ffB>MSL0mg95R<=g|ReDz=W`!
zaLuL8S{2&!GlE@3Z`c7%Pn5$xX+o|asXxVAjmpo*0)F}pLug+DXLEfbb>lw5mNzyB
z*HRU0P{%4%YZvm;x~ZRT-L)2ceY~Br9MXOw?KQV^$4o!5(u#V;oE}r!4HI(ZBMVLS
z-Fc9)MfM2|USA|6w}lixDvccxX#0FuQ&xau+?ZK)9$r3YlObaQT;lqeH1uL#cSYva
zi547V4A(I|NV^YcWt3mJMnG&8L(xqU(Qq0KG$XfR3Nk)$a!S(I)c~QA+bZ2wx@2zR
ztC8?OBtL_{-^(USY%n`_J?N3(P*T3uxNwJn$e1Kt9xvsHHEwl3qdOF0_KP9=P{>P6
z#DXzZRo0Cos-D_vx-%v5LAZJtTK|+;((oCqy&N1ha)JpKTS2f*Rw+h{X83Lwh0|%*
zrv{O*!_sRw!ef_?3V9^am=YnVLLNW-=u#Y`tz-dhS$S4UdWRoH%vWhrAt0`?Wm;j=
zkEcpOrk|t8k6xO~?*D{#y-E5?*u|+CL5+&4?G`7m=+gt~EI8dj!z%4(ps7@&B~t<~=)c3)(9
zEPV2U3!382VG!L{Zm>J!#lQT)J^ycpeRJuu-gJcv@G{HE2^QVjsGQ+(G^Jb^GioJD
zO;U5lg%=OAr)>My+x%`hb)Hi*g||BJx`m|Qj!cP1;8u?mT=l9Xd@pua0dKupHb`(d
zzZ@x+j=;&F0ee@(O&Rv2(<+fBAA|TU$|~*2le@3#g1Ibf)OC(|(cgbY9!J-|zYW2i
zkNO$`&~u}my>{OSH5wjnUG%PCVUvhB+7zIOl|xufE_E0c5O&H78IIG!$}wIUD!i?q
zA^i?h(jQ(^3uSLh@)?kqzPZT}|7Om*2K~Yx&!)V7ef){n7%zvz^(QzsV?9esiUH~<
zrSQe=#?N(_0E5CET7SH$E7%-vK^dXJRRb_MQM2D?V#CF5-rv|=sdZ2SRpZnvoMs%i
z3QLGBeiDnSZ45y6ayR+r2?lpi+2O@r;SoJ~F8NfC%DtIUA^gRduY5V&<9y(1WhzgS
z9&t%v_!-V_Nt5r_d-y=tcVMzPJo)*IGPS>*0gVHvnuZiVkGcHL=OIkPe!=dx2X!yD
ze-IU8B&25cFdH`NP++{oC5J9dnwb(s!R!+!NP^hwGB!*Zhnwpt$XZ~%jZ)GljFjiL
zp7@>ug6fs8=Vsz-{OgppR+M+`sK}I>E*j9&o<-LAgt2&!oMCF_>Vfpei8H+(H+HCQ
zuc02Xioz#oLQxe+wfVX7Blo}j=zNGvd}`uQXNy6gY67HR
z!*r0e-d4O`i#Sv7ca>!~e3A9&72FkLU5gxh8ebb6bts3wo6_B&*^l07Z9M>vKSGZlQ4D0>Yg
z^IDL1U}$JD)S4NK!w3I#wSo2-#Kp|RGxu<}4jgtDJG
zkm@6wx?n=&Bw4F_r-po2UaHoxIYW?GT8S=e$J<_!#W=QJ}IGewDxiGUvFZ+
zt%ar{+?ywHQQ*cUpsFEO(D4|zRZ$n(EI}|CXXN`GNOO7s&WU=Jb)~I>zjxXe&&fQ6
zb8%Lx4Y>gO9>F0Srx&Rhxew97nl?4tJ3P_vf_Yhb`(xm3K>+_AM|Pq=hxLn0sv+cr
zawNHP|A?r^2M4pl@q7hkPnwYv2Kv7cXiXMN=x`dv3Jadlo@6G4T<+?$Z3p<(U%Wj{
zGI`?M%grw;^1@l%P4`0b#->>_hcyP;5SRw3b*;9Su1*0erWQW^DdaPL{Ne7qm%K{r
z!|b8G>~*m!Vf2kh*Qn?z_8nxnF?3I>4M@(+-!i#huj8E@<7jL;p*XBC3^&XqZ@
zTJ@vn+1HJMj`dP}l8tt@o7J(eAv=iUfh?KT^MviOhjctMNp}#sv}$=j0-t1DEdH8D
z+E#0e)8hjRYjby)4&e67ZVi1>lSlT%`JR2W{1o|l^-B{ayPQs>Oob~pNVF2K1a5-x
zQlK9S($7M)1p~8Jq1|f~L7Q}wFICNFV=oSvPr?m`Lk?7FN2ztC>K$v0rG
zjy@3@2eUs1AQc>i94q#B9PgrZAembJn4KHXR1^Ft3ai{pqjL<5t>{AHYZD>iE6i?w
z&+URynLI{C8jC4)`Y2A;sQEhd?W(LMpBjF8=mIi!f)2M1-MDf);0>C68jkh8svz#P
z<&Uq_9hY~vWXNgluL2kxtSjR?n7H4hecAqI(L?)Mo6D^@OY^~)SJ^?r8s>>l6c)Ey
z5|rKr4O70?IKjZxh@k5ID<56c=KiOv_eaB9wGGBc=F@fi4?q^BR01!&Ztx!#^8Oo3WFj
zyia`O+3c<=o+acAstmvui)vVQzF9;>;lD49c=z%-nw$~NPEIvvf}>?%$EIFocDcmVn-!0Hs>aG_RNgxG@S$yAcBP=mAwdII;KvYH
z40p8g`a|bO-oCpEGq-}1bbHjFm@K?rr^9d0;RDDy3%HuW-IV!kIdkuu9*K&o=YTXc
zLa;x-2_d)(6gkEeFdQK*qh4qf)iSAPB7V>%k2{pJ74n09?ne`+wYNMqPw#dE(Gm*g
z9rD=;O|N}RCs8}2L8=a^)6lmxi}wA8hWw(;OtmW7D*Jg78at;6&^k9U|6?Cb2as1L
z<7wmcgQeU`{3}tGMe=34)AoEC-p3dM&c>@S!Q_{DmRsSUz70YcY^>Xqx2@n?T(9(V
z?tlK{o!_Bl-}zVwyy7R8kv#&1IUih%VgTn}JLc9{ymI6e^%ELTaiuq?%Mid+Oc<|=
zqjoNu?2^Lruk)YY*Dyb}$pmGwU(6uqaGAgmN}g;i#v0dkUORSfxTLL|5gs0Jbji@~
zC>?vq0hTh1d@tBWuU6UB%{gc*qCnXy7932d&|MY!>K}f?Hy;J`Qj(I8Ds|!guPS99
zZBcFmA7U6W8QF^NsaVo=;0=K(--pczoTVjorg}f9tcZb@?-J1LKkI%ti5jcFpR!Jz
za+B%78^K1T^PTa{iVJ8&bC29N3%u~C>EuoXcP|&iEfnAALCLKe%=Y*i+$Cj}9m;xt
z`B2lCg6B`oF1-u4<_N^B9gJUj31=&keYLI~Gpc`^XgaEaw(wzEkv0{VziW{Div0U+
zjpC7{#ckPnzQRL8+8mdU#d<_rd+$$vo&qBqkjd*8d$9CQ`H2xJCjxD_-!D!4f{hIL
zMimhvVW6U<+r&LzmYJm6P@8B}sBw=5Mttt;gv*_+K&`;D@+AgWuDB)x4K-OB{tf^D
z%_%4em4qtPSv9_fA`Lii
zcjPyabhe#Pot4A`tydZormb-S8B)@;1N8fLfM>$jq93iBt;rBr)((}xK$|?zdzp&8
z+1wN^@}LhIuuzM;zd7WGX}4A6`mMlA9{=Rx;gd0|(q4I&DvrX_P&!awJ})+qOz~#>!;FPHC`-CnWyyzaz?11V1;$
zK^vQN+4OFZ%N8Z9^|9`s8Z}=RX48yoitpE`XTKhyrj(K!M-xp!$%@U_{ai-Xg+MbR
zUY~H%?vm%so$`wjf8Iz`kJ8V=Y&mefULKTlbv@G#Vi;MiuK
zf)80DK`h+1lV;6G32$Wu^y;Kio%ybL-E0|3j5MgJ#yANK8A?W~YuTZR=3lAAv6+cm
z^^6bFQS;$p=!yARlP?9ZS-ymVMtv3SSv7vBct>Ou^P*!!
zS0eniyx^o_|nL|$_|y!bKAf4{;%8>zo4`K0_@&}8$*|mbF%TcW>(l*KDCXNSiRQ%Z(rnH3Bm*h9=A$ZS6tUcJoTZ@=w;s7gGdtztWcRM1i&s}!SXR^khu3~aZAmkv
z_?odOzEQ_7vo^=ru#Xjwylk1h*
oO3c5%=CV#!j43g7SSxK9*9HIp{
Date: Tue, 24 Mar 2026 11:23:35 +0530
Subject: [PATCH 2/5] 1011193: Update
---
blazor-toc.html | 2 +-
blazor/common/authentication/blazor-aws-cognito.md | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/blazor-toc.html b/blazor-toc.html
index 15bc34136e..91b693e972 100644
--- a/blazor-toc.html
+++ b/blazor-toc.html
@@ -399,7 +399,7 @@
Blazor with JWT Authentication
- Blazor with AWS Cognito Authentication
+ Blazor with AWS Cognito Authentication
diff --git a/blazor/common/authentication/blazor-aws-cognito.md b/blazor/common/authentication/blazor-aws-cognito.md
index 77f016ee05..f6915ead1a 100644
--- a/blazor/common/authentication/blazor-aws-cognito.md
+++ b/blazor/common/authentication/blazor-aws-cognito.md
@@ -20,7 +20,7 @@ For identity, AWS provides Amazon Cognito to handle sign-up/sign-in, tokens, MFA
## Why Amazon Cognito for Blazor?
* Standards-based OIDC: Works with ASP.NET Core's built-in OpenID Connect middleware for Blazor Server; no third-party libraries are necessary. This is the Microsoft-recommended pattern to connect non-Microsoft OIDC providers.
-* Hosted UI & MFA: Prebuilt, brandable login with MFA and password policies, reducing custom auth UI work.
+* Hosted UI & MFA: Pre-built, login with MFA and password policies, reducing custom auth UI work.
* Groups/roles: Emit cognito:groups in tokens for role-based authorization in your app and API.
* Temporary AWS credentials (optional): Identity Pools can exchange a user's ID token for time-limited AWS credentials to call S3, DynamoDB, etc.
@@ -90,7 +90,7 @@ N> This sample uses Authorization Code + PKCE with a public client (no client se
### `Program.cs` (OIDC + Cookies)
-This wires OpenID Connect against Cognito’s Hosted UI using the Authorization Code flow (PKCE) and uses cookies for the authenticated session. SaveTokens = true keeps ID/Access tokens available for downstream API calls. RoleClaimType = "cognito:groups" turns Cognito groups into ASP.NET Core roles. The /signin and /signout endpoints start and end the hosted login flow.
+This wires OpenID Connect against Cognito’s Hosted UI using the Authorization Code flow (PKCE) and uses cookies for the authenticated session. SaveTokens = true keeps ID/Access tokens available for downstream API calls. RoleClaimType = "cognito:groups" turns Cognito groups into ASP.NET Core roles. The /sign-in and /sign-out endpoints start and end the hosted login flow.
{% tabs %}
{% highlight cs %}
From e44ec95f68a46fa93dbc924498992ff373cc97a2 Mon Sep 17 00:00:00 2001
From: ponselvajeganathan
<68591831+ponselvajeganathan@users.noreply.github.com>
Date: Wed, 25 Mar 2026 17:40:07 +0530
Subject: [PATCH 3/5] 1011193: updated
---
.../authentication/blazor-aws-cognito.md | 103 ++++++++++++------
.../authentication/images/aws-cognito.webp | Bin 7714 -> 1244296 bytes
2 files changed, 67 insertions(+), 36 deletions(-)
diff --git a/blazor/common/authentication/blazor-aws-cognito.md b/blazor/common/authentication/blazor-aws-cognito.md
index f6915ead1a..5bb775e37e 100644
--- a/blazor/common/authentication/blazor-aws-cognito.md
+++ b/blazor/common/authentication/blazor-aws-cognito.md
@@ -1,33 +1,33 @@
---
layout: post
-title: Using Syncfusion Blazor Server with AWS Cognito
+title: Using Syncfusion Blazor Server with AWS Cognito
description: Authenticate a Blazor Server app with AWS Cognito (OIDC Hosted UI) and secure Syncfusion components.
platform: Blazor
control: Common
documentation: ug
---
-# Authentication and Authorization with AWS Cognito in Blazor Server
+# Authentication and Authorization with AWS Cognito in Blazor Server
-AWS Cognito User Pools provide a managed identity system that supports OpenID Connect (OIDC), OAuth 2.0, JWT tokens, MFA, user attributes, and group‑based roles. This guide explains how to integrate a Blazor Server application with Cognito using Authorization Code Flow + PKCE through the Hosted UI, configure roles, and secure Syncfusion Blazor UI components.
+AWS Cognito User Pools provide a managed identity system that supports OpenID Connect (OIDC), OAuth 2.0, JSON Web Tokens (JWTs), MFA, user attributes, and group-based roles. This guide explains how to integrate a Blazor Server application with Cognito using Authorization Code Flow + PKCE through the Hosted UI, configure roles, and secure Syncfusion Blazor UI components.
## What is AWS?
-Amazon Web Services (AWS) is a cloud platform offering compute, storage, databases, security, and many managed services.
+Amazon Web Services (AWS) is a cloud platform that provides compute, storage, and identity services. For Blazor developers, AWS offers Amazon Cognito for user authentication and identity management.
-For identity, AWS provides Amazon Cognito to handle sign-up/sign-in, tokens, MFA, and issuing temporary AWS credentials via IAM. Cognito exposes managed login (Hosted UI) and standard OpenID Connect (OIDC) endpoints for modern auth flows.
+For identity, AWS provides Amazon Cognito to handle sign-up and sign-in, tokens, MFA, and issuing temporary AWS credentials via IAM. Cognito provides a managed login interface (Hosted UI) and implements standard OpenID Connect (OIDC) endpoints to support modern authentication flows.
## Why Amazon Cognito for Blazor?
-* Standards-based OIDC: Works with ASP.NET Core's built-in OpenID Connect middleware for Blazor Server; no third-party libraries are necessary. This is the Microsoft-recommended pattern to connect non-Microsoft OIDC providers.
-* Hosted UI & MFA: Pre-built, login with MFA and password policies, reducing custom auth UI work.
-* Groups/roles: Emit cognito:groups in tokens for role-based authorization in your app and API.
-* Temporary AWS credentials (optional): Identity Pools can exchange a user's ID token for time-limited AWS credentials to call S3, DynamoDB, etc.
+* Standards-based OIDC works with ASP.NET Core's built-in OpenID Connect middleware for Blazor Server; no third-party libraries are necessary. This is the Microsoft-recommended pattern to connect non-Microsoft OIDC providers.
+* Supports login with MFA and password policies, reducing custom auth UI work.
+* Emits `cognito:groups` in tokens for role-based authorization in your app and API.
+* Identity Pools can exchange a user's ID token for time-limited AWS credentials to call S3, DynamoDB, etc.
-## Cognito building blocks
+## Cognito Building Blocks
-* **User Pools:** Managed user directory + OIDC authorization server (tokens, Hosted UI, MFA, groups). Use this to authenticate users and obtain ID/Access tokens for your app/APIs.
-* **Identity Pools (Federated Identities):** Optional service that exchanges a trusted identity (e.g., User Pool ID token) for temporary AWS credentials through IAM roles; use when your app (typically the server) must call AWS services on behalf of the user.
+* **User Pools:** Managed user directory + OIDC authorization server (tokens, Hosted UI, MFA, groups). Use this to authenticate users and obtain ID/Access tokens for your app and APIs.
+* **Identity Pools (Federated Identities):** Optional service that exchanges a trusted identity (e.g., User Pool ID token) for temporary AWS credentials through IAM roles. Use this when server must call AWS services (such as Amazon S3 and Amazon DynamoDB) on behalf of the user.
## Password Policies
@@ -40,10 +40,13 @@ In **User Pool → Sign-in experience**:
* Create groups (e.g., `Admin`) in **User Pool → Groups** and add users.
* Ensure **Group membership** is included in tokens.
-* Map roles using `RoleClaimType = "cognito:groups"` and protect pages/endpoints with `[Authorize(Roles="Admin")]`.
+* Map roles using `RoleClaimType = "cognito:groups"` and protect pages/endpoints with `[Authorize(Roles="Admin")]`.
+
+Add the following attribute to any `.razor` page file to restrict access to the Admin role:
```razor
@page "/admin"
+@using Microsoft.AspNetCore.Authorization
@attribute [Authorize(Roles = "Admin")]
Admin Dashboard
Only users in the Admin group can access this page.
@@ -53,24 +56,47 @@ In **User Pool → Sign-in experience**:
## Prerequisites
-* .NET 10
-* Visual Studio 2022 or VS Code + C# Dev Kit
+* .NET SDK (version 8.0 or later; this guide uses .NET 10.0)
+* Visual Studio 2022 or VS Code + C# Dev Kit
* AWS Account with permission to manage Cognito
## Integrating Cognito with Blazor
Configure OpenID Connect with the Cognito Hosted UI (Authorization Code + PKCE), which Microsoft's docs show for any OIDC provider in Blazor Web Apps.
-### Create project
+### Create a Blazor Server Project
-If you already have a Blazor project, proceed to the package installation section. Otherwise, create one using Syncfusion’s Blazor getting‑started guides.
+If you already have a Blazor project, proceed to the **Create a Cognito User Pool** section. Otherwise, create one using Syncfusion Blazor Server getting started guides.
* [Server](https://blazor.syncfusion.com/documentation/getting-started/blazor-server-side-visual-studio)
-* [WebAssembly](https://blazor.syncfusion.com/documentation/getting-started/blazor-webassembly-app)
+
+### Create a Cognito User Pool
+
+Before building the Blazor app, set up an AWS Cognito User Pool:
+
+1. Go to **AWS Management Console** > **Amazon Cognito**.
+2. Click **Create user pool**.
+3. Choose authentication method: **Email** or **Phone number** (or both).
+4. Continue through the setup wizard. Accept defaults or customize as needed.
+5. Note the **User pool ID** and **User pool name**.
+6. Go to **App integration** > **App clients** (or **App clients and analytics**).
+7. Click **Create app client**:
+ - **App type:** Choose **Public client** (for PKCE without a secret).
+ - **Client name:** (for example, `MyBlazorServer`).
+ - **Authentication flows:** Ensure **Authorization code flow** is selected.
+ - Under **Allowed redirect URIs**, add: `https://localhost:7000/signin-oidc` (adjust port if different; check `Properties/launchSettings.json`).
+ - Under **Allowed sign-out URIs**, add: `https://localhost:7000/signout-callback-oidc`.
+8. Create the app client and note the **Client ID**.
+9. In **Domain name** (under App integration), create a custom domain or use the Cognito-provided subdomain. Note the full Hosted UI domain:
+ `https://your-domain.auth.{region}.amazoncognito.com`
+
+You now have the values to add to `appsettings.json`.
+
+[Amazon Cognito user pools](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools.html)
### Update `appsettings.json`
-This stores your Cognito Hosted UI domain and app client ID so the app can read them at startup. The Authority is the base URL of your Cognito User Pool domain, and ClientId identifies your web app in Cognito. Keep these out of code to simplify environment changes. Replace the placeholders with your actual Cognito values.
+This stores your Cognito Hosted UI domain and app client ID so the app can read them at startup. The `Authority` is the base URL of your Cognito User Pool domain, and `ClientId` identifies your web app in Cognito. Keep these out of code to simplify environment changes. Replace the placeholders with your actual Cognito values.
{% tabs %}
{% highlight json %}
@@ -86,20 +112,23 @@ This stores your Cognito Hosted UI domain and app client ID so the app can read
{% endhighlight %}
{% endtabs %}
-N> This sample uses Authorization Code + PKCE with a public client (no client secret). If you created a confidential client, add ClientSecret to configuration and set options.ClientSecret in the OIDC options.
+N> Replace **ap-south-1** with your AWS region (e.g., us-east-1, eu-west-1). Check your Cognito User Pool details page for the correct region.
+
+**Where to find these values:**
+- **Authority:** Go to **Amazon Cognito** > Your **User Pool** > **App integration** > **Domain name**. The full URL is `https://{domain-name}.auth.{region}.amazoncognito.com` (for example, `https://myapp.auth.us-east-1.amazoncognito.com`).
+- **ClientId:** Go to **App integration** > **App clients** and copy the **Client ID** for your app.
+
+
+N> This sample uses Authorization Code + PKCE with a public client (no client secret). If you created a confidential client, add ClientSecret to configuration and set `options.ClientSecret` in the OIDC options.
### `Program.cs` (OIDC + Cookies)
-This wires OpenID Connect against Cognito’s Hosted UI using the Authorization Code flow (PKCE) and uses cookies for the authenticated session. SaveTokens = true keeps ID/Access tokens available for downstream API calls. RoleClaimType = "cognito:groups" turns Cognito groups into ASP.NET Core roles. The /sign-in and /sign-out endpoints start and end the hosted login flow.
+This wires OpenID Connect against Cognito’s Hosted UI using the Authorization Code flow (PKCE) and uses cookies for the authenticated session. `SaveTokens = true` keeps ID/Access tokens available for downstream API calls. `RoleClaimType = "cognito:groups"` turns Cognito groups into ASP.NET Core roles. The `/sign-in` and `/sign-out` endpoints start and end the hosted login flow.
{% tabs %}
{% highlight cs %}
-using Microsoft.AspNetCore.Components;
-using Microsoft.AspNetCore.Components.Web;
using Microsoft.AspNetCore.Authentication;
-using Microsoft.AspNetCore.Components.Authorization;
-using WebApp.Data;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.IdentityModel.Tokens;
@@ -113,7 +142,6 @@ builder.Services.AddServerSideBlazor();
builder.Services.AddSyncfusionBlazor();
builder.Services.AddHttpContextAccessor();
-builder.Services.AddSingleton();
var cognitoDomain = builder.Configuration["Cognito:Authority"];
var clientId = builder.Configuration["Cognito:ClientId"];
@@ -122,7 +150,7 @@ bool TryGetAuthorityUri(string? authority, out Uri? uri)
uri = null;
if (string.IsNullOrWhiteSpace(authority)) return false;
if (authority.Contains("your-domain")) return false;
- // Require a valid absolute URI (e.g. https://your-domain.auth.region.amazoncognito.com)
+ // Require a valid absolute URI (for example, https://your-domain.auth.region.amazoncognito.com)
if (!Uri.TryCreate(authority, UriKind.Absolute, out var parsed)) return false;
// only http or https are acceptable here for dev detection; production will require https
if (parsed.Scheme != Uri.UriSchemeHttp && parsed.Scheme != Uri.UriSchemeHttps) return false;
@@ -149,7 +177,7 @@ if (!string.IsNullOrWhiteSpace(cognitoDomain)
&& !u.IsLoopback
&& builder.Environment.IsDevelopment())
{
- // allow non-local http authority in development (rare)
+ // Allow non-local http authority in development (rare)
useOidc = true;
}
}
@@ -168,7 +196,7 @@ if (useOidc)
options.Authority = cognitoDomain!; // Cognito Hosted UI domain
options.ClientId = clientId!; // App client ID
options.ResponseType = "code"; // Authorization Code + PKCE
- options.SaveTokens = true; // persist tokens in auth session
+ options.SaveTokens = true; // Persist ID/Access tokens in session for use in API calls or as Bearer tokens
// If the authority is http and we're in Development, allow non-https metadata.
options.RequireHttpsMetadata = !(builder.Environment.IsDevelopment()
@@ -275,10 +303,9 @@ app.Run();
{% endhighlight %}
{% endtabs %}
-### Syncfusion DataGrid on an authenticated page
-
-This page shows a Sign in link when anonymous and renders a Syncfusion DataGrid once authenticated. The links hit the minimal endpoints you mapped in Program.cs. The grid uses in‑memory data to keep the sample runnable.
+### Syncfusion DataGrid on an authenticated page
+This page demonstrates how to protect a Syncfusion DataGrid using ASP.NET Core authorization. When unauthenticated, a `Sign in` link is displayed. Once authenticated, the grid renders with sample data.
{% tabs %}
{% highlight razor %}
@@ -295,12 +322,12 @@ This page shows a Sign in link when anonymous and renders a Syncfusion DataGrid
Sign out
-
+
-
+
@@ -311,6 +338,8 @@ This page shows a Sign in link when anonymous and renders a Syncfusion DataGrid
@code {
+
+ // Demo data for this sample; in production, fetch from a service/API
private record Order(int Id, string Item, int Qty, decimal Price);
private readonly List _orders = new()
@@ -323,14 +352,16 @@ This page shows a Sign in link when anonymous and renders a Syncfusion DataGrid
{% endhighlight %}
{% endtabs %}
-### Run the application
+### Run the Application
-Run the application using below:
+Run the application using the following command:
```
dotnet run
```
+N> By default, the app runs on `https://localhost:7000` (or `https://localhost:5001` in older project templates). Ensure your Cognito app client **Allowed redirect URIs** match your actual localhost URL.
+
**Expected Behavior**
* Syncfusion DataGrid component should render only for authorized users.
diff --git a/blazor/common/authentication/images/aws-cognito.webp b/blazor/common/authentication/images/aws-cognito.webp
index a6c9e9e3d6bb57de3c614bdc04093e3c079128d7..418a97826e1714a5a173a77ffe73f20a62879e56 100644
GIT binary patch
literal 1244296
zcmc$FWk6iX()QpG9D;j*KyY_=cXxMp2^QQ*g1cLAm*5^WxVyVM%tvgF$&@$BEF9(099cDITblJwO0TD0OjS^9SYzG3gDL!mxg?40bee_
zOG{b=0sp1>)AjQRasUAIWgg)*9sqEv4Uz^z;Q{3Y%9AFOEkl}1oI|KG%T|FJYHkAr
z?w$bs#W3p9QT?$*5X*;~$jQU<=ezPbi^%(=UHXjAg(a`Sr1coMB3
zxa2+7z2hByCq6G|w}Bs-Spk
zRMxF9LyZXx+ggK3jx@$EBAwSm#a#~iOf2E_ZnSEQ%DG?8^8+-IGPjPjZB
z7TD>Vc_HEANWC}LNQZBHt(mz7<`8q=oqJ?{{;qoK%d|n)Le=Tr)}B%bFB~9^{gBX5
zf(tVutS#;_P*#CWc#f$!05+>wge;CZue_fBruVBs`srF%Faj={-QQGj34H*;%R&hG
znOvrLxs`NeI?-7*-mrk1e=_++zmeH}BdBm*0LwnNe%&qEueKudtX!;i7m#5d1At~=
zP840PmPlgF$I(4xEtcVW>LGsQyLN}(q`p5qJdNqfw$X|Cm}IilU_uY7U3u|#j6!*A
zdLtnh{IHoOz>iy&SOM!iw$s3#%S9lk_V{qu(Y>_NR3?qXX>X$7FDfsnZ-ttN`J!*n
z!9LmbIw2{(;~*mC{Fas?XqZ6VTY+c=EnOkCm3xN!Ikalz?@je`TH8LK3VcRef7s0E
zqT3eCOx{I({f@7U>hB0+M!icw$BQXw7E1h>q&pIDGd?)d=)ixHARbB%TV`DTN9tX;
z;0T`e304Q#Uq6~$bcAR|sGrKYLd8Igw6@cMM;_2miTbup!;0@P{Zn{;f*?@0Hva$=00WeEAUD!rfuOQ+qVq{U@REA_tw^fzF;
zOt)(+pxaJ>{v*TwZbPg)Nz7<^+rRe^)(yqL)AxVq{Db!xwG)9+bPRL<&U8k0g>;9B
z_+woMP=ATaXFvelmp=~a!EH_%whsSOBIneZ{zI<+#xzbYL&vtvbyR=t9RHml-aV|I+gp
zeZK?c_no$*EYSacmQlOJ{{`$XZ1K|uSa(vu|II87LE+3#efiC{0=U%^YK*y^II^67
z6V?6;+zV|couj)+ax3@B7REs6shCm9{{`-*U;4N&W98NT{*^K7%>5p=JK|tXTv?MB
z(EsUPbJs1%BNU=Io+4{gFaBBd{?9o}zLPV1@{0`r%V|H&Udbm7%2wX4>-pPT#cz%3
zGUEPqdbawvU4QRNwi75_@)Q@E1|$DwElyLee-re6wl?ctsD5GGzcS*>S@5dU|4mT%
zIV7cAc2`VF{99{8&5iyWZv1R8>3ah;3sRkbaSQli4N=ukWDUw*vbcVoQ7)ftq{{MM89&6>4q7klh
zD&`tTO-d*OWST5%@iCBv9gZY<9S|1e0y0+nvp}+0+V-Q;jYBcv5wjf^M
zK)moPfMAfNJ$px3&Q2i>UErJg#a})+c^->Dh&j@e;Ev>Sjyda#SL0Ejp3K{(K#eNe
zk5wU{!n-4R50m_COE#`J^NkPzA1z6NWBc$Gg=Y=?_vW=}ul{N=R+g^NzM}n4d
z;Rj1Lw7#jR%kisSddgi`A$o^ZV{lPpvrm}4;>jb1R(Mbn(X%DqU42VigVPr<%3{>I
zm5U%?;xcqe!taR~*c8|OwNRQp&Qc(XmLy=co&v{|Z;X_}d%-2y#FCf4CKf_yqC7Na
z6mI71Cb%!#JK4+G-V$7)>Rc$be4fwrJB>*DVk3RCI~$
z93{~&$VU}zIY{c*OlW}f2oLrvg%}E^koNd3^X5`gb&YzH=e+`sKrSrq8pOUvJ$$7{
z&?=m%)3QgQg(0FvrEXc0qrRU`{aL$%@FL}GxagSa9mb#w6Z4+&6(@sbuu4`dtj!yR
zwD+tRB-W?;VnPa5*4MryWEwW@{gWBkGNVdrIQO4*Uzd`K0nTS5ldG{nHzOg1y^m={
zK0g+BcH37sX1dM5H5LuDet?H4-^fWh%{(4Hd3=U}Cx@f9&}#bZK~m5kjH(!DU+7rJ
z?o?T#ZsUaBf
z7F{uCOQSDpwMpIpJr00&)%9_GRd!jtOuFCd?d$Gfo6DLA`t${^^7m;fw7TC4_p#{E
z@~!vb$?GS|QlXdGP5odemky$&&Ng)xSdC(HVB{G7KyRJ>u{+Jw6^s$N^eaq
z$nY(L8Qb7WHXD!Ly132<(UOIo1|4>`TVs+ed^HtD(=goh1z+$
z30!6LM7;wqDuCvFdA}qq1^EJ2kM+VH6JM@%F3-&OOD?50i0|dsUj};IUukxS(g%(L
z?-ASo^R(fmnvXk^9=9_=q{$
z6h2}F{hy|S(Z1N
zt7&JZlZ!RY8v^xU2Ul6352qKgPv$9L^rg}~L5Ev#lU(?f$KhJ>O0een*F!55)|fDx
ziHlfkwwRINVN}W>M)1_mE7z8=3}8;IX(y3+B!XD*G}Ns-b_whm-`019=?HvEH!;p|
z!<#;FR=Swte}EfTc7CXc6x_DZ;EQjAdB?+s58<7j+0wZldFi@3r#UbyU(}VD)3qCS
zk)d`XzG6vQXCN`+b6*zT3_5WK!TU&*ijeqFPsY99k5Vr-)s}sdc;67MILcoxpa*<~
z(!nd1`du)*?OtV~uHz~FO#O&|F-G#DJB9`sTw=rRO>EFf
z
zL^tUWG$=b;zv#aAFuZqE7|SN?)#j$PcgKX3W=3stNH~Q4u;;S|O_PdKc4szWxb5mwK98~(k
z7M+)YM1-*b-v+hVJiD8NL&|gyFZ#L=uQTwf?s2MMITuvg0SQq+b!2zl2YKjH~
z_SHGZWhf%Cam%+;Fv$@J7*8@RZKA>-Oo#Z_h>@GOk03N7vQA5Y?r=ToLycWR<>U{~RPoSm_$5
z$9BC*pFxNrpn>t!4ao=2B*3vviq-!OU*Yno^n)DFSmyv-OY8g-MA|V&D`B&U8h>9q
zzFane{H2Z8VKcqlaR_Tb`-UN4pO&;28H?A04g2xro23*004v+Yv(+mycjgO@#@so_
zo4%mABEHB|#;NatTJ2ra5nQByH|h~8xJY9wc%1&-t#8kjn|^HwRZ_6TLWqkjhiIHC
zg)x%~m?#J4ll(~tv$VrvHCmx94h&sb>S@8DDM1228_i~xW#h1?YyXDmEy~=;2;b1b
zx$>%mtjz1~v`hjp`0BaxtwK=Y+!dlPf)G6>4;mM1^&R6ni!aZaG4eRt4mOu1$)5^l
zV<1GI4AP)&P5}TAaHdXXQda>Ia;Idv_f5?z1s>ZHaXfnkiXgYmWS8CdQec^h
zwmYbW{k9_bPlTHqepr2dF~kc~@Xt#YN5&%X9>9tO`&P$=A!sHX8
z*6_wuR13XPr>KJoi@KI59j%bJ+e0Qq7W4e#NNqPu^DQ>t)NBe+3t*XqK;LU
zc2w2+MsC@-ZXrEfawT#S^;}$+aeWm;VG#ya@$PSPSr$_73Xi*I&2K8CS4R!7J
zaFm^sAhsaUu)_Im6Syj<27L)*N{MX75jLaq^4F{q3C#EV(_|ww*I|$*ZA+o#K4iNc
zfRC|6b9nNE1QR`7?kT-mVq?R-H+XNuJ8b^;c}L0O
znsEmh;AisWx8K0qQqB&>x{~Ili`Z!28@U=vN;flLYyMWlxH4vuegCWEelQ_#YA@56
zSE#D(3p4->u$G#*O`tgc*D9y(V5(L7jTZiX7{nZoNhM;7V6(WfWHiYcul}UZn7csx
z)#wnCboC+(Pw%98bO6N+Q$`TbEu1EUg?T^vYayseKVP1K
zKocNSuA+_XV?#80uQ(Upr&DeVgI>=@#&fa0l^d+p+7<$_Y@*3vGoOOp#HGu9&sP|g4hcILT
zW}O7mq0&;P{ek4!5u#=Zx4i3^b{5KA%ss25bSpxhpmZs$C=#?BGN&3BTV|25h1pB9
zJ-kKwI7;6h7Y61nU{ylJk%qN*<>lnKsb9So(}0rDjn$7!A&0!g*z5x7%L;e^!#CWf
zV57+K?cnQ%!M-c!UEEyNuH40YbBNtzMs`ScHMb_&%U|1(>o!%)Q7-Na0Kf%x`Ca=;
zD-Dl&=6YU)Jd{|B>US?(8D4|H(q80A6^W8QH$8O+d_+e2xcsIP+tlAp^viulL)J+6
zi3-xA`tx&z)0-A>5|iDibxsZ|;!rbXZGXx!dqhCCSltWY*no?1s>J7fivheLA&_wF
zkhN%Ugat&^BF;B!o3M>$%&PV(G34mjR^uQI@r?>65+ZA>bij-)$=rR{PF+eIu>>`3A4*hYU|&%EE<0Sw2-N?EWD-7WS_1
zZVf@qIT5Aib7%To=i6)y39Vy@NaLp_?L6LEk;=;+q*&hml>pPfKFz1{y{<~
z9|DDnV=muGhZqF^TWH?_u1>Re!;C?Rim1K2{4NaJHwE`wvauzGGm#ZBXiVgiDAZy?
z1#glOuVx)tDytjd{9ci(@#TZXronyciC3HhM8ol2~s+b{eV2=Tv
zPyb?8i|1ts$k&5>wXL|y?czYM_E+3oZVEz(w`M0UK&MmL`a(Hb(>5t^%JWVX2XOk&
zGj4K=8~s>HL;wmZk1#MUWY|LAAItpr0#^+vu1A);q=H5XRz7h@NX5b5K(#<;`LcYD
zr%&t)0Kmi$k~;i%{2wH+E`T%aswRU&hcK@%RjDjeACkQt@s?>X5xfgQ$;)Q1w5%#H
z^u)GG-yGe#7N83?6lT1Z4I}G8T@O7IMw=#Wcu|OXoC-w{Z5gHUoi6jFeEOyc6I5gs
z=GlLato%)d%R+^o2yHt6fXHth>VUf1V{aW=1c}8#UCB(?C9E-4*Bw;i&mC^1W|SN=UlZm(tDkM+uX~_flqN
zioKLSXN6sU%?dAo0T@65FIiy#zm%NV$V&}^NC!kl26Z4256c}}y-Z-imu7UG5@kpF
z4urAWAt36y3nPRmh$vj8pEsA6mo6#W1$mNzEh6n(m`r1^;xguv6_)2mJ2VtId$(QL
z!;*VhQpr&M{w~%WSzg<*cr_QfkFxZ0R*#$lvBu
z4?$-t@4>Nbdw2yHm&4k6UM9AM&)*>;{K$2OyyUtsv3}&b7r_``a@`UcQXgQ1ntego
z;#p3*7rdA5NP}iAA8v)86ET23nI=~`^r1(iLcBLa4!ca>p|WW&c@m$Hx!T=3eHx#7
zZ)C@SK+jqK>y%ltk?^UM$CLc!oQ!bZG9b^B`IGwD!u`#bXedFv4?)l8+_ouqoCnrB
z#6uqMn}y?xhfz7*fwp8|$cgf?^ANDxyTB8~v*>d4MtAAG1knGPai4XgZ4x-*>FY!L
z?EHLjRKKZv!h@xwc>m=T_KD!Z_DQ$7EiZb*=Md=mIC7nJcXP}8$h+kY%A4Y&4h((T
zSzw$kIEJb!KcWTFkAZUtE;M+|-g*R=Mh6$VhSIq{Z$>9qugy
z(kz>}Egt#0zT}e8qvE`Seo*sFQFPX8+l|U*$`TaM?F?<%!a4wEVbB&O#0-m00maDv
zrERZ+OE$aXEacpf*W@a99#p!+w5@@&Rhj1WW27Q786OHxi6dewREp%QIR}lDaX%X6
zuP#{I&vHliyJ3S1W(L1qth$`7UOOQz_R6?It}tEh+2;%%Xy&UM>^@i*jofZ^Un~Xv
z^AUbM%O8X&TV-U-F%b$Z4D=JaK>5=vL{0o@#1BrvJfjo@=~)TSnLBJDOb+n^-q}qp
zY;t85Af%02Ep=cueh?;c8kvGqLWd*fy2=g-M_ztKw8VIQP)hI=U<@eWyNs{4@%*WR
z`G}E;v(!SA^JXfQ#eL_lloH`HelJMmn12d!Q_(@JaQa3xK^{UA`+6}=iPq-3@qS`Z
z6nR!0#h1_X5LsYw7!uR!8)52Lk`j^FOlIG6ME*}@LU*fpFTn{v?1}Tc^|a@t~%+4^+l|WuhM8@hJ*}*i3`;c
zHX*pEu`ea_!@+fg$C#HO3=3`|E4agG6U7S`|A61`d$z9>)F&gV8V6sqtlBK%xZ#>I
z^ZC!;1L5n+p_K^`<*q7!0Q|p&9MBW?pSLzOAW--p=Ktktw;o1ZjkGq+vg=>|&#C_F
z628&o;`smL-2WX>^LX=iC`knI`iJ}cAA^oi&zL_do9b9OXrTRMWp@4rph-f)f8Fyh
zHtDRi*ZBCGmHwxGm&)kUu&V=*L=`Ycx;LYdDb&BW>Yv#nFJ$3>+AI+s;kkN!KLgxy
zk=yD$x8QVN*W_Ob=0u8x#l3%w8oxhw;7+aC&++8(LdFAd^^9Z5No)64==}gzL-VS3
z`#;vQ|1((FF_Onh4t_D}{~G3_{^sLPL=`uP$>_2+H9p3#B@oAl!#di4Pe%tUQ{O?sp^*sr{Qjnb?hPSr
zE^9jY@ru(q;dlKLr~92hssjtQXbfMd{(=gF^?oUs6v985rbz$~A)~_gbNtyiFw9bL
zxcM_D|J`~T_&$qQqCelkR!EZzN+K>{>ch-qN5e)$Ay1y3usm$wRLABHQT)U%e)wLu
zZaMBh)vbP%_Rd`Sbu@F9`iuh_V8`;{k!9LNXYDUpw6^Dap7x&@Ak`cDx8d$5#|$#c
z!lNm?{}ED?4VTu{=RAM9Xa7Y|`01@&Ou+qW=cnS(VllCZd{oF_8lZ`}+X@n|YYq6s
zXen_lnB5n|(JiL^lZhCnB-ew7+B5A(P9tP0wj5iIAX2`5=%Z-qPFTgqmz>{Nq!}%bZi+q_9OEMb=*ck
z&h@IXju8>MG@=Jr7AA-Y%1L!@*nuIM1}^%T2s%OQbxYYO$hK*dI2FtQv;%!Qnmm23
z<{aCoM&pBetr8S}j!Bp|lS-4UB$O8A*A6ZHx!Z8gUNpi2r*ZC4!5)M|dJC1%t`ObX
zWzJgH(VPN>w^|VN9S3SPrFI-8&wd%XK5=Op9$nw(!X($j^`9?rY}c510U{laorY1~
zygHRyErr@DfGqn%oUcbP#NUd@A_G6>Qy(Cnqt|bT6F@(a+f4~1#fAjCs7&FbVk=5!
zEPgw@$R;p@34FXzCHV|)o@U=0Pz5qY{@{&kj8S=xY~KiC|b)DSrAH0?+;J0zJ`wwAzo3GnBLstZO|jJJ`S-W
zQ%A;|9_PkGEZU>;6+IaVeP&P|QIIS3maDk$H#duq5u)lJU4o$7;(8BGvX*%o=WtcC8&(>S;_dd+}Y1
zYV=VQiAMP`cyT#xwPZESoMhbevS$!kcqaNK9&wiUm;={2(pIFYjR=R9Vf&LD(}W@E
z2={iQ1rpr{8AjDZ7{+#KYCJwXpS0{%Xl!AhTFLB}|3unf-GBi#bh@IR^YF8HGvDDV
z+j6Km*a8v&^0D*nP}FO_NKDtPsscY(9Xm;+Z(8Nil&>EH5F7cKPo|)dd{XlG!zNgj
zuIp487&DkxK|(n=nl4~Xcqs1-Tgr@vh0W(msF69UkaZHs!x`^HKPKPk2sw}x@o5YD
z9Y(f{zYj1K;93c`lMbPDl_7pFJkN=P9qBHKhLz(Lft)rQt@*IZWf_hep(c($_;69M
z_*Fn0GHZoj1RYK{dt@f|iWL;aDMM5kgZojMv}o8iV+ziINB}4=j;_$aw1qX8xi;O8
zBd1sI6xNODfv^LAsPK>#ARW8Gv?{cMQUq(NiOw2V|C*v}XBZ3JG
z3WB6CKCW~iFo1Z?4I7u%ZM3nypqQJpRSNq$ICRPPpG#l<*OYXiM;qze(~Kmjwu&DGLAf)`tu+gMAU1xp6
zpCfrQ9!)Ug=#-XiBEBG5xWiKCFX-uIevt0R^N>`$KlPWa94A?JwR>NcYTk$flpv<&zWYU-X-)vtt_?F>o#aJcM^{N
zsYlS-1a7WSWc%WnDcruo4NJc+t~D(tSU~sSTQbavfi@5A@@`WNyZ+g8rsHaSD)aDc
zQi|Q6idTD8_QwJ701rT1*0D!M)XGihJ%JWXM5Y=NkV#pkG$
z)KaJ!duDj0!;D-IVAme3)8$eg%jiNlIb+0Gl@@svGVnqPO$FP
zZ6GJz!FmL+6>t36|e$eL#^7f^I8Wq0;Vud(YZ@
zLy|3ED*svP%EGVDoMN=iOPH%@O9sH%m-RGWOO0Qwas7crcC-qYxP;YSp@oDL>mv2i
z)sa`qIIf1#S_Rqi;(3@}w*c`?>{@6?g`cG(+o1g1#)&~{F~+5g)`aB3MZ(6pOV}dMa*pV44%x)^b>uA?oGN02Yu>tZ5%;btcD}6!lRq2vrTaQ$0da
z_GIBcwT4){pO-zo%Q%Hdd+?t~_hLd}gsv?EP@#2FL0HC)y(>o7Q+@@If-yG_L)`7C
ze#?8W4Z9Q9hw}U(WLYi8>taD)5+=~?zLWmp>xl?^ZxPyer?}dq5;uDjAuj^J>)gr}R$X0Q8@OFBOjmrOA@05R)W
zuaF)~1Abvv>|@JUP=a=%$3GVDZon;@v}1|G2r1&8@0O>mnfgAV3u3XgaSpC-rUyPs
zn-Uvvd(=(L>=<>aA_$IuteBwXt;s5cjnaFVA|9m9HB%cyjy&L6{djnJYeBkbu}Ae5
z3FPawwx?q^3n;Bb$;mgme&|09x&)O4
zE^-6M3nBYP&ptx9AO(=`O2z~|S#XmgKg(NoaeHVDq3HO6CRYe}?tS0KT`mWE4Z*Zp
zjNt}rM)>mZ4**8K6psgKB}iAaeqb`oi$LuXiJVeoOssY|Kn$NF4Fx}S)_kIr1mLe;q
zQqvf_JPd2zdrf~STjfW&-43_uiA@0E6HSnG_Dq)?1PAz7+_lV*6^EPRYzlqEI;;k2|2*R&hzhXF-%GgdF=?^MrR>7~}IKkI6T83O+?VpOUZi4YiY2
zbVJ%xEqbKlu)1)gt=bhS^0%4q{UlOWze;RI`7#?bOwV{Ke=8;4hF;l+tlf5~R2tOz
zx-nIj{t|eQB8yT*{qIRB1ADBotJ}8{F-RKPyR!@NgIH_gE`06-P=F~2%H%%GMFP=fJ@O&o
zlC9svH)?i+e=$`?d9*f0d28#*n83cv;aKb)nUY&-!+x+UQr_&g$D=1&+9!SdjyklHwXU05^}OZ4;udJ|C@gGA=@^P%
z_~o3YAZmXvFUg0Wewh?@yB?YI7Oj4w%$?}?Nb3M!$3b?cNj6pyb6SEOw
zD##TLqQCC8N$c+OC&d1GQQV?Dhf=wust{X9yV#yr(;w1U_>B`w2LPEY6HC>FpPBj_
zp0*9CDHDR#^rUj2kruxwHPb(Mls_CYhrsBl=X^uJWoJ1JF`SdK+^rzJj3t-5FKoq}
zd}{7NM$2D?G=;Aqx&UQ4b!Ttg;?^}LmjIQ0w{fC%ST>BsJFTh0;YtoeYfA&e5Ob5a
zB!AX6wZpaQz9Tn;p~7aWLS32A+DbaQM1Q2^MRs!|9RMt@Qw(^l6Og35Ckt
zqjT2%lmOh~4kY`&76KOcX^R?@9o@dTY9d(CF1)(5tzmQ#sxW0me*Z$SGl;|G!>3m&
z(}cA}K8v4r3!>qItst4?lF!*FBE8#f{TMV6A-K4fIWe^-GA6rZxK1TMV?BJ+9QCee
z*mx8?t7a2|J7|w5?gSyu-YR_1t_s%L@05yu*J{U7P7|D+)c39Ig#QbeI~?aF_HF0J
z94Mdxdry4GH7WS)(29=z6W6Dcv&4$6YmC?l6rWHj}6-SEt7J3W??RHvt84MvGU+h%cMmE?C8$e^4h=%FnM*TM%vZH11!&r5nL`B&DveEtXduZ!TQ&R}z9qWi=E=td(Q4YwcP
zdkO102hrhxDH{<7#vH>_r5}LSvVO4@04LC<%M;T#4bjH`>dnCisDA4L-`5?!vHy0V
zl=JKUkF?mY7o;ag10>-uO)M)g|CcR`Nvsz<*FO+E_W>(`hd%#Ez%P2JYxqUaON}M}
zt5!ne>Ex8~E1L|2>>60JE|axtySWCdMHU+zR``^l;Xm)79o^{h35`D4G`d^W^0V&T
zQVpS-qXmV~Lkv~*!C+s$;eNUzIz+(rVOT0xod(h5u
z1i+&~fPft$JeV&pW)@N^SQpnQ$}=1yO(-2w!5JiqJvib3d?HF
zY43n*Z4x`Qk;Kpm96+GdF@^;2QiS5;1G$pI0|7uy(fy|zLAK*;WPjKL7i>8Le=rDg
zi|UfPuJTv@EE8xncZ0sF5!ibSu-0|p%nfDXH$wlbm$vrX_+O|0NYlCjl=}`M%3V{k
zp8-4yqot23T0)OQmCv-cN%6crM;8obwi3y^AaUT@c54LsNqFO)MkKi&p}P(B$xq7n
zU#?X5%cpdU+myYFf7=uWuk&U4%{nh4y|Te
zDpStsRCuS!XDr~y2w;D&&!!>oIeo?*=ICRD>9YtUkoea(4D4%u&OWmd{-Xcq?6cfU
z^GEi1^rikK`@A6biNw9)S@VnN((GXi=oHRN_W5*xS0QKvUaW&XCtGu}!^!CT_u4hM
zqCBhmB2Hts)7Y~ByyjV9w8OsG1-|+Go~sZ6=asK7x##=By%W3Q)kJ-PnXpkTY$X;L
zm!Z-PgvQD_fJ6^6Q+W|-SQlx*t0*iz-zJ6kBZXX!Be={jnP={u1NJgCot3aQee))J
zAIfL6ta8?Wk%;6=&v;Uyald~)rhe@Q7rv{M0qoii~!w7=TYy8=L~oc+=99)
zmjNQ*)t{w`c)&iXe)Os2O?s~1VZDonc*X%T?!SB$`-1j@bFqowwtTWpPuHb2___K4
zxapcXdPXqqCH`1{KYB-7CtHEI#rxf7@!s{>wd>@VcdNyhHy!8*Y`!tPtbEjcDnIkt
zd!q67f5rgP-j(~>ZtG6-t^=K~>#sQ<{13l8DDfkOav{VgQRSocN-S~2BBZr=d)Lad0FYdZm|T{*_yeayF>J|G*GwgO6+hhE^rpq*;cV}vUWv$)1hI7L
zEptvwgb8_%Vq(IF%X|d?o&t8T*I^@Jl3p$a*7yM7*t#))s&c7aPFU^T>)06<0G_kx
zmr^62<+`q05L9!YUqydD`YOz4rJJ7yO>&;y6;xbI#2W$qnx30Gv>*8vH(ts2tR47}X
zJXYdop~8Ls!_py8D_1nbF3?>z73RdK7E{>GasO-jvnO{->55Ps*X517*Z$@aRTSms
z>gpjvO)acyjYA(tXif2KZ7{yqB8SV>BeXm*6mp?POHP6vi8K$K^%BW^|b4I@>#A&HFUr&iA)2^+wm_3)41+8c6$pmr$j;#xFT5=*HPN-
zA6eow(JMAgAs%6;>@(rlkA}LdBeO7w1gAieoQ>`ipllS3X2+Sx>IH>=P1O>VfBTiN!Oz_Igq-+rcV!3M4-kmgu
zreZ00lWOG%wu`?c+AqqC8fKT>2I)?|*ZzjXzmoYs0%BqQ1t=g@h72{dd)=PxPlV==
zqj&3um)3ur{RhR3OpZ%Gnfm?NaM+(AoTt)L@|zP72mNPF1&pPx0$bhoKomNA?7%O7
zMp~UwR((9>QcVon4e1<};fdP@V_s{&thUSF(dZA0{Nj%QgJGK;+o{G2(ht_LPN?!f
zARcWFmRWA|dqtwR&isR&$KZcpC%Wbl27SR_+NXQnwoo&&cf-D6(Yi+JP|54RPNwsH
z@K0H0fc!qcOTS{)iUkKg=+6YKDh`%kBG8}M-y(ez9}&vGWA&6S8_;n)$a-~g8ty0uF+c(KqCx46DPgV#>m9dr;a}KES5G*0hDaPKy`9*1%t|PuR|AeuXew`%%e~|NvqfZc=xQl-XL4U#>
z!rnj)_v7xLf}dK5fWu$LjbBNnwP#WHpKVN5qP>gy3!eQZ3g#(9@e{^~k)Xgpuu4xj
zE&cCe+-LiD_ox5Cj;d2ikI;ri8&(_>^02~5>c3*+FENixs0ae}g~>0IJh%x$3oRg3
zT##(Z>_DSPO|I32_~+GyX>(E^r3K{}sw@26IelN-zbm6NABlRx`RPW9bDFOI+Zg(*
zE&h*#&C3G-_p$tt>4J)jrpE7C!MU$1soQ-_)RMW$BXp1WdaORQw1+td#-b>XVobRu
z6u;86i~IzmZZ|-68k-KwR2M|i8Vwyhaw!Bmirit3p7LlC1n%xW5H|E>o?1&)EF0=Z
zZ6tjY@c@#ii)HbPh5KOV7-A_uBatp#eDmvB=oz7*JL8t5O>^a8l3HVA4(cXa5MWDw
zKBmH=+!NgsMynSMHl)t#i0#lTyTCDvWg&ho+BhQ3rP4Z{v?~O7tFL8kkrVJ6h|`uXbnqU7Zof&D}>)4#~@sQlHnMpe)H&Vu`uIE4jh8YZnk?
z!_z?MGfQnjnKWo=a-)gz4w}X`^`xw_=TsD6K{-sYUzzr!a$r{Cx~)zCi8_yx
zg5V-fLdsJNJWe{VXbtgAJ)~c4Z4p{FEc5PLN;Z(7eOvd3jmODu87MY}W~AocscWsN
zVT@xtCdbr6fazh_c}Gbv$=v~;6Qb;S5zHF=M_wb87B_>rWShsR!_x3jTal&KmOiHX+1R9xL+kuIpbjX?)>%029J8e`U
zU$}-hKOhIN&oZXx9{GE}GelvHHi2*Ln^6c;M|GGdD651LCacekMeD_n$AP;0W(1+4
zEup;VJEE4HER@f_-LZvcJU}M>T$DOAphqzUCEDbCFtchcS)^#1B?k?3qch08T7Uv_
zHRMzf1O#;DUybJO;OsIXhzJ&wLso-baZgnR;^TX}J&A8f1uA)6opWx71;S@O>(+T5
z1y?|l)Wm^QL@%<|JzmF69#Lji@4wSpR?KH@$FcP6T{ffjT2+pL2A$m{;9$>%f1J}%
z(RE(Cr5*XW=`wQo^7Rwt(bl^+zR*IOG=t9LU?-niDb@Be(B5LH6=)N%-z^BNsAsq)
zx+bu#`$W50PT0H?fIQII@zBFgt4Iaq9m2ANS$l9E0Q%@*2{1DquLr)@f0KK0*wl@t
zk!7n5G0Zn2+0PZi-AzW?>mp{BOw*K)Q>X_C&JgwO6&dT|(nfSD6vc+%neTB{PIo@B
zAFVwHwS636z+rK(!jA4enXaj*K~oWUQ666qXUiGHt58_+rkSUjm#-oZWsi2@!d3$5
z3VJyGzpaqZ2FhS%~XeHIVCNwgs{0PCbx
zO6xF1X@0eZVu1MMJM?wR?u{MMlqjhEC9K#x<_Cv1e@0JxT*_6hw9_soX&9k|!T^gL
zjbb@L+GPjj-qUr^CUmsz72p4Sgyp{a4ma6cxJQUmzb%zWV@cl4EA&kTZ=%LAeW_H;
zHvKwdVi+!vGpZyKoub{vT`aMcnJx+O^FXMc*GFIh`vWwnH*|7oRZrZ53;H}^lV4>&
z`&o?aNCC$C<6Zb8Rup}b(uNJcxJL4zl4wdMj)|fw+^G%rh9QXnCfc
z&Lc;)#Wz-UO>&aaFA7nS9MauvZRYWnu;J{gK5L4e3v@}j)}p>CmZxv!wp3Z5ORDSiaPKm@oG_)ej)zp?Pd%{M46ZX&vU2B$L(@ta`?Q#(S)V
zJ_RWYrxj#ER#tzbWRQG9(V>%c*4v}bP8)h_@%{0=5ma(PzH&UdFhM}%uw#QppKl@?K;*f)>p^v#YELWdi!52KV1HKWk&<;kilMFc{9_AG
zGo`il4#C$#k|H5K()2BSNsoim!a0azwOI4
z+(~9z57S(MK1pIAdzfYSB_m-=xMi}tkGhG2W10E%K5h0Rn~CP9MP=vmi}%JtGE|fG
z0+wbg5c;x+kXl1A&y=bfN$c^qevt}-uICMJGhs`zIbsSJlzdmE19#qN+W2hu2d~o$
zEpX8#RPMVwZ=FF`qJObRRAF7U$Ns26iB&RGprz^&R`(U(PYi(fwP99*{F~skZTVuH
z@i<%oWE^66(n)kGO$MGd>O?ZJBrX0daZ+;Ub=MK-y{yCSG4$%yWM6Vuo1fua`xz_g
zgnx3KKtJ|<`VzR$ZLO(+oXn^iKimo9i*19!ny2+0XRJuTCe23N#2<0?H`L7Ec(|z%$wmNYu
zW4gTFLaL|a7*k^j4)Cq&829bXQZ!()KGe35Mp4%gb7gE2DvgLgO3g<_UB8ml6Fd|h
zZ+R%P2VJjQqmhccB#zu1f1p?H@66_519SWMv6-IU(s5!~7TBAbcOo*DC5thINZR`~
zw@b|NfF&?-q0scyy*x7jl82DZLAptqkAuBaE#zbiMRrfNS3zs`4xjDGA@cjYc(8Ea
z&}`F9W1-4A*osOe!xCi~0+p9SS|=mr#38uAoi0=RTUMdj&lRUc5Dl>Eux#x8Q7}GU
z%H2FPY2v&B)VAGb82^v5cL0oZSr*4*+xA8q+cq{%HnzDjHa0dkH@0ot+Ss;@`Df30
z=iYPQyYJoq@0*#gzeaUeS5;TfOjmae3S*2z6TWgO(S5kO?ap8|khgpkRyAg
zF7BISFk#LC*B}N!=7JSG512_+r~9*Cz8JZ%g?G{-(l5&#S*TwE^^+x
z9U&@TB9`5y
zFe*|~X1tuYGlU(R9=uwUAsNH|=>GRXo?ej~g!%d6cJ%PTdB{tXK@RyO9r9O%QRMnxdc+0y
zNTt>r3<7B{8$fwK-*|8=vGU8|pb2q^TX%yqjcRZZczL;8!!@6CzXuN_y<(@=he+
zN=XAd8d=byE-#ZO?Z`iIN$Oq+-0*Qqku%MBp`4@idNCs_xe9Zlkps*nxm)j^Mm@fB
zv(fi<$)jzaxVod3Fv8pEhibJ^#vwpU@KVVmU_Sy;M=w4ZwKlTC2AAE6p{L3I+$(I?
zmvn*VDkX&(FPO5QU9ZY(4aiW52{f5C<21kcs;J%brDUjwQu0fZWnX4Pw}ahaQ5XHJ
zEJZXW(L$HN8$YK?thRI59L%mMc2EkZ3~4(>H&G!|C3l=s_9#p
zVv=h+rQ5Ws#5f|%3H38^KX@4buX+fAZ#7P9WsyisvPq-3NCEZZjG(x>>uu9<5^K%#
zyQ4*(+i!W(Z}>1e5O2PN0A_e09iTz87?G@nIO>MgAm8|&c8CJe;3aJ0tmx8%P1n&=
zanG0{zWH#~RAwe|9VHTDu|D-nIfr%fP_&K0iCVNz`3!o>#tPpHlssJ!GqQ(74ji*<
zc9fL4_al1M_*mm6R=p-v+0x3rS2PU{LOm$FvaQOCP?>znBt%qMueVV%v7ky;FvCP}D9NEH2SfKL;q
z+Q+4iR&LaOv*HmB=p(;0p^Ebd%JP3^))qTOxn(S(vi)h%kw((p$9ttK&()fDisQcl
zxxp62yYG|6prb!2KI#fpm9RK@JX&JzdFDPgHsATu_0r1SiTu@U;Zz(OaI+2o%yy_-
zj&x*ga)nQSg*zE&Ea;4JZ?hfhUD@elgcC;kUvIrfYD=7J1!scSgc{n{z@0wBuh*0`
zl=!2y#cDL2;&$R>&Y&?k??nwPw1!71oeyvY&cG|%BmL2jCuBx($rGPV={3YNMZ0zr
zi(bE6wY^_wT^F>9J@B#7P{QGF*KOZ)OHO0Ciz*W-L{nM_L1y6#oI|Nc8Bd1=(PBl6
zA)KE$n!FM{Xr5dO6PFg;#oBwz2skr^gCSqA^_w~^gtOk_S~(87#U>Y-w82L#D2uel
zj6lfm1%rvg2cxcNpo%gxxPw^2iB#kF@P}d!;tBXu@s=9fatz5BHk~6*&;>-+OdZ^(
z?4ESFs!51}lt4+*gs#vW9hA*}+K#~4#WnU1viXka8~u89vNW%ahTrm|3*c-uIuelY
zmmWf;>o=8P1s_bEtgCj>rDI#leN|_LftQ7!LZ3nvmP94=de@U$i>Xht}c3$ugla)`x=wzO=qFojri3(
zsyhu7VXMx4SDL>|d|N^7w@QK7H!Km|?lc&b!9JuzXtn}G^A%DG?v}3C%C8>3qL08B
z!Kb%=HiNsXj3SDlt^IQq8+dDXP~g9Q#Q?!ZC7`Aa{1rn|JV9Xf9Di2?96$+TE1cAh
zUY6eJ1BXWO@fq0&D7qdr`21BAU5fw>Wq>cso2JnjbUVo;6Znl(I743rn8#U#^RH6i
zmbw5yOdnzqG7*qrZI#E^<}VQIuPZ2>62o&tIW#d`DQKdx6iOr^H6q7G3K$X@GGQdc
zsKqfN>LgA~l;LDw3Ph2OLjPWr5RE|KFBCpP0WbZovFC_cB2SAlI2(4L)G)ik=|H@G
zu`(GyhSem_ZWQ1_o#ioNftBD2?UHjcnapPA(xw#BCK
z`LXJgm8r=d`0o-8%+KQgs^yOm)P~in>%UTf8`Ob-N-XH=y3Glq^Vn)-5ImISQGV(c
zK=PJQLd(<7f@aR6ffZpM`A%Adfhfb?b{*7<0#k!O>sh7N5O?5$Tp&Dxk73->IbzH0
z!Rb)P*93|@MILwx-dZ(Ayqn3p&jSO|5lPjvhfi%hi1!3;bwcR#<+j`nG->eb
z`ZHuHthw)K(Gpg6C(9L`w|}d^h+5bjqnLBiXb!(XUi
z?U{bQvD{>TuKp$_qTs_4W_RMVmzpeG8(zu*2fTvNjy+oFCq*x-h2>@=I4PLnzitYy
zJNzCq?MB1OfSH!v&SH9pNQZs4|4Z#U+XLm8K#O^0ysUCh=>F3jPm^h5n!4^t;Hh+x
zo86=>TTN#I>|&Dq^;YJ(wXseG0|b9`Q<4|MnP4id_xMZ6+;-Aef*WtEl{Aw)Hd^&`
z?(b}Jx)~wzcf8v6+}^SD2G$)*JeXu-(It{1m9R$bc6U+5wsf-O$?5=1`k;D-6M0(mtEgF}C@>uksf8;uC`B8w7^VM#$Qg(CXToDBgW5|ffTF-Zn|
za-c@xD&o)IN&{_J?aBu#(3|Fa8gZIbchq23Ew(g&X#GEBt(CSBeAu_lr5>|O3s--!
zd#L=Ld3O=F-hS<|&>`np$;V*_M4p!@vY^nSQOeZQ?)ppA+8h2I_m%z8_VVK>?q2U8
zz`u(=Gq=&RvA;odt^WM0Z-0ie$v%H2(0Zr>f%hSs=N5;!`P=AA7BZ&sI-i(UtXbWy
zlxMa&)h^h$y&Bf&{Z;;t5ctOhVig+_5Q3P6&`yHe53uE`vtP!6$HU+bMs_H~J*hJ#
z4uq9k+Z9;Gc>!yXKzejvNn{1CnQ0iC658SFqSJnE!hw&1Nfr@^rnUWPKTt#TXU#xB
z8=yc8|J=R)n=60W5B#xvUH8b9WkP3M0YT)}8{}1datmIn|KrTx2FqhTu1X#QEJLe$
zDjp+_o9HVj?k@)62K>1|jlQtj=?GMi=gDgO36)t)Un)6OzKz%g{2=v*Mb|6G)gwG)
zSeIbo{uz(Qa&BpCW>w6g6}wD2m~gB#013zC2c^s#MS^`ieJ9X&Cau~P{Ouy2|wX!MX4(K`<5G9LHz
z<@T2B4cR;Hw&`~IFnkO$Eh}f^iZ7lZuJe&Ml)u4y?;hyL7{Kl)`Z{^J(AlE%#x?9v?#Z)9m;Nnx6mZIKxE}k`{GK}p`>XS`O~QH9JZqy<)6>@@_q}#@
zbl$tg%fci4DfnLQHgl73n7;tfew}lf@{;wuq3691SOwgBd%Z?J#sEBC)b2OdHY@=@
zy@LTuA1AbHJ~iG=J`=9B*YbvXZFvJ8jNhsO?_^brScL3$ElehDjdmWP7cQ&ar+U(7
zf{)2x4NJ{&nIfiXh<6Dyvtf
zfe`$~#u%QqjOJ}b43=ypf!47Wook&*^L-?2H7J3!U$^pjHICO6{KgkHdO~r0<#W4~
zd$YQW%O@~h+WvT4uZPL?rnZH?v%i(|J8!e73d$N6*-`0(6zMw7C{{
zDmTuq&dLm#r$vHq9jI#wP`?rW@{*-&5$TX>hmj8KO|Rnb-)pev33h9uju2FTMf`lODM@NBBT0J<*yp)EZ7PE1DQsSqjW
zme=R~(d7`wxo`~;wp#qwd!)WucT#op!eW(e0k@hG(8JUQ+BuYf5V
zs)5u59doOBP~T4AugtW+oAK8KcH5cyVuH`|1T67EdVP3XUD=rEsK|-&
zu`&Kb{m~90-@5KIp1<}x3`42Ss7omY+i?|Cu13sr{
z-*5l}gv?ep+uL)yHG`}!)4ZSF!8(}LzSPdqj^|9CPs%rb3ZZ*R=IwiEJ=eRZAQ-~h
zmifD)`RCw!c1AnwLJLpr1X8~exF!(#her5&$2xw~vGS%Wr{-ytVCfHi`rqj>$5Z)e
zhWL&5{3WShlqT8gwB+B{R+{EMpl50Y~36=V+c-;~h*je@+m@o#17C+Q-4HJ1LetTsP8JvlxK4e=kx
zi5b=()7qrM6kr6t^B;4~L&ra-pR*yLr!?2`PU<5$UNo6pS1k9}M&A5353PMX-l?j%eL!NF)bm
z!R(*w5%eN1^`{XLN`V70f1xReyS&2dt8I%Qu_rOB>5d8)6QlpYUvyC2-tHF#?5UMw
zUSL~ox-7~5*zg&uN&pgb_hO>^?0GH8T`VTNp??6sINn()HmbkLo#lbjX4i*a!r+Z_
z*TK;iYO0sQR+bSS`~<(dJ1^gfHvz8}{<54~&P=q(;Vy_c;SV4)y_roZN`Cd4Da?eKS_|~A#>)p81U=QxVJ&!`jXaX~bO3=xz
zR&2p93Ll&n2CIO})%~hN{GnrG30#QaDUwBikuDQ;%gf0DMlU*^4W*0A!F?n9W86LA
zM>_sf!N7jI)W8J7>#U)JPQIZjq?dVhbERT+t$!!W;_5>2*QM_DUzu`8A;x%9%**uJ
zl1_s6pQw_iWq(ixIsiZMdoyhIv9Y6!ycdA(7OPJWJH8C2o8KUFJIg~s;3RFi>F4ONm6GKyCP&$~LTpL}!-2gu
zp7d#j1PAQ%%|EPa71N(b+xM+)y^{F%b}oE=JE$35Qu;*D6X_3MmhnOqu_f$he#5J!
ziGa*Q{*(!%WU_Y=T5@0CQNCd<#3qGlt}}hBeg2wV;$^ye@&Jbbx+OR1x2z?!w!S=$
zHc?(SL~GSu>#dq0^IumJF3xQ
zR`)VoVAjJ8kz^x2=&Fq80%#o9l6{qmem?ozLW>|XX#fMXBS3G1z&5BPH44fI75IW2J#lvc7%TvcIR*;1C~{XV71HS@+1lP^Y3sw!Jx
zKkCE=G_!9#9@ErNTvxK`SMClPUy3a4dwDc?Ge{-l+EPIHC!2;GQoo63;&^$Uaq{DwdMw(f
ze};N=8Ls5YB+e=b80^9{*Jy~!Ezg@fR~TUo+|V5HppFMa7T|m+k^N4KF^n!*uxagA
zoi%O7x~{{v1usLk42!%|pQ+hu=|UGX$x=u%fQd?JsZpFHB;nYz5RuZ8PJ*D*96Wwk
z(Y6)rwDB41^tRK(jp;c6(Y#k=Gk`CqWuz&o_3)j|8bz3O()tJ|lVb(MZJXmdlL10Q
z^pSB?uDvBTsrj)!8WSelQo9=$ZD8dwgW?@XZpaXQA#y}F#+07z0OER7Vv{?pSJvZA
ze98sIZC~V@$2n8gXSXa;iKrJ}399Aa2`vuqDO
z^jf$ey?+yp}(eCi_|+)|Jbv
z0Qwf96vibt%O{|D=Rb$(n>iv`B8CMtRvC@)dUg$xk!%}jPE2DfvSY%!TV%qy)9=L0
zdmr9i$YG#-r8X&gQ_%IZLRL&kxlW1Ev)=40?~VBbHq%^ve*Ywg{nnv}+m!8i;RdKr
z!+c}|6xrQoUX;-T3eeEz8@Ek_y#zzW0~l0?XuJ{Y&~b*B?56-oU#YB_NvrCnlFL}Q
z%rv`W_#Em3fAO3lE3NQ%ITraHUkf8b4Nzc#Eo{ZH3qJ~jGY%(W)vCE6%xEWAspKSo
zpBbUhag0r+Sf1;u=r1WZo^IdzMDM&+BJ&!X)(%m;Gt_v$6CZq@m!%wShXA58lZm7Q
zvU*{_C(a+RyEf1Gc&~niAzOBgaKW!fj8`w>c6;djA}KryV`W|3u{Zcdv^-U=l))=?
zkzut&U&Y7B%NEC*J=ZKZV;s)Kj3&Cq)n{JsLBMP<^CTf3Plea2UXL{qM2dNRqA#Gi
zD?E4%7e~|yzegb7i)Z?>%Hs^)S+@f-%7<#3*ml2$9e~*iI>8mgGQexz47xeVjaXjK
z4f`!RBt`PmdsOLGJBQ_s9CKs#c(U}}@d7EoxF+*VZ_Tp<)?#2=$64V|$B^z`@0+96
z1HK7kD|1|_3e75bY>{YJ=oD1I-tLl;;<-ms=9vd_6==yzS5Ij*o`Uh^9B}*baWvgn
zn{56seiorN490K3#yx6o4$2K*S&eC&bRRge38<@TOqG6#4wa18}gom1h`Q*PC4TQfu|FYl9SL1WE!P6?J??Q1=NTcA3x!TDtB%AQEl^;o&(TNlhC
z4UCPyA>GF7VE5r#famcTfvh;yTZbST<-qvSMzY{a^(109ka0z6PE;cf9*qKPL&q!h
zDDkNapv3%x9~0C?OTPlo-P(@saV+8R#+=Whpl^P$x~5jcV>igyUY;)yDh9t$))|f5
zgrhZcs}iU2xZG-o-?-2CR)ll$M2%__=pxd=8y2w`&Mb1GVf0JW1#YhpivmS4)l`oM
zk@=RG%38a%Ya2-_%1NQVMOAKPfK!7@UJysIjd!3W>ax=0nUfuZC}|y#^XTN-Jy^#+
zoCV@FEig@rTy3v(APoo&oL}tLC1cp@SIuV3!L9FsK@p{j)#%*$nhz>rjfj=sb^W)$
zdf^kzx{kDfsM7I1cm?r}Kx2?p+YnPg;rZP2dlub_dm3FF%z8btSnFTm4{YhZaL*wV
z;?3#Ny=U+ynR#_vDn19yQj!TtAMve&U)(mfms}NR
zbt|z*GJ(vjRa>K2x%sB;+PRG`Nlp4+jfV4zvVKWk?TzW(R^p%V*iK8`Mhxa3bJce2
ztrp{?3@kWo$Bc5k6$e9QwJyNGn)ov2ffpyAf-sMca9U*D)IY}M@)Xs34I(jEu0n+-
zBa9%i(b6NWLajBUCl1Tu$Biw}2QZUM+un2YC47
zJ2q=BKC0`Nl3c#Csz!VI6pDW6>c;msqwh^3lllF8Jh$%NDI2EUIjNYPV&a2mV)h;i
zia%bz2@ebgvhD=SJVN9V+h9FxeXd
z2I$I_EvSbcqyO({7YF$^5-Gg$qS=jk^YgLhI*MXmi)i
zotBks9hG2#sQm(v;0l0w*o@
zH$^!iIbIkluwYv^D^*ApW$GM{>7B1Xmc)}ALMnWU@6|)^x`CR{u+kF6-&QzXDtVW8
zS%V^-xx$OpVE3$e>Qe31;a>sY&*)>f9u4Lw4`yZLwawV^@nXoG@HEyJ0S=GVi3*Bw
zd>{T>3a1&X7a)`Tcw$S@brG-0t6}*RH3bDV%rp)juPJVUEGM3!@M0WSzN;d)9#57}
zATRbs+$=h)-PWb|JzXT?Qf8t)-J~!9aRoWV
zg83GR9JwRexPDkm;F-tQNfJ3+QYzb)u{!CFRvb7V(?hn_l{6;jUvra?km$xtjm>-X
zwa4hdjVJaZ;mEfba}*5es($=Mh}@;y{jvDYkXP<*M=hObESBI6xw5T4W61qtVC|6}
zhC4PG-o(=z667V;Yw{3*_6a+V98ZM#nhlq|O)r~rEQMj4I4h=VseK0=TFhuT7#Z&M
zN6`2M7Nrz3xeP~$>8=%-1n=nrq$pIf~F!*1&=>hj+*va*7=(tdIklg|$~kfnof>ij>x
zwL_5Qa_6z@FF^{7G9R2lhplQ1bocc}JEBj8#i#gPX=m9Yu-lcZX9RN9MU
z9urOd@uWrf>Id+1Q&)y6V%|KdGCE?zF^m%5spKAZ5h_$UKl9|z?k{7L!+gL|IlW#q
zyV@-xMBqQ)ZdBMFW8LGwLb}J!+aEaBLPgJBqvasafeLcFw>cjI@5(f&Lfc1!P&Gu+
zp=XNK$>^8zS|jk!v#tj#Dks4l*^33~NS;Fu*MsI3zfg}5J2a&Whhi4)Jr?PnUE789
z^`gDE!$3W|GEZcJh?@&jG<<*9V_l_oGKE$
zM}3aG+-f0D>TaqeZA%tuWWY~1i>l^QIq1X|bgG{siVzjnzZHg$GQ34Eh&h0*rqmb7
zd4o~(&55p?G(xJ}6!g=gqg!6*Ct%6xW}#(=a;fRMvkC`6kEAvYQxu%x-uO5Or6fO8@INkM?Rh0C8B1ym6y?1L3``T)Ga+6(
zgO;U~Ms-b87*{47@=$)K7W{8+K@;0Vot+ytE|*7ke?WujZB{N&L;vir-jNBNcY@*w
zqY_KC=Xu9UA;oX;Sly!u{yN>|1EocBE)�GcyJssq6x|=3Fg*JX@~La^ja{h)A2>onqgrPZ{6bmUDK-G`lSJyK(D`G-MwNk
zFg-O}`==zqV#R%ko?^lZSEubv9B6a!gwk2&clok%os_KWKx2#BF+lw1&uRsxui5Gv
z?acgpFeCFvDF8}U)k>MkC!v~pcOI&L5b*zefXx009FYMMWi^zohINM`kjWg&$J035
z^#Mfwvd01nDzb`RrULVe5UZ3Giz$Qsj}O@l46jIXo}4sq3L32?_w_QX=X0eZ(FY9J
zrw4|*U3nm23|s~M`ro(8j_k|{l_hhJFdYK21hYMQsrAIzLFC^JfSj1qzmz(6!|^M_
z&V$?ubW+Gp9c9}a#PH6MZ|%;64nUamtt5*kcnN$IhO9w5=$fR0rvZ}_5xEr>29^Ow
zavs4~2)D1A6a1?8Q3BZZ=NcG_f%sxW4J3Zqi6|=~j5E3vrc;HjWt0=#y?w=~Og@WF
zIct^A@4|C^i$JiQf$|^tUwVSlR!L^G>oW)rzp8MO}w9Bcb9_eP88q1^x#CWG^IQSAfEF~GR_D2;(+{^vxz-*u%7M6|c4dNH
zQuy*f|Bna~5=h=?9mSRKAUvMdKJN?c0SWrdB5cR*SpEGd@eiA5W#;F^jwK_;@)?*Q
zZ^eZbnjqE|LHUVI^1n7VeE}(zhqn>|P;|xU@>v0aHv?oHSxmu{F9uk_Fqt;fv0X;K3Lq*gE3A@I
z8;B{aYhEqK&j=li+)3SV`umv`BS6BpdQv$^Q^QwWhrJkalP$F13uj_$l2Dhp9J!8#
zKn{imF&(C3KisByPcpu-|Ks(bonsfEz|u=I^P;Qp%FBM;4gA|00q+C%x-Fm&YlIch
zDPX<~p$}^Wf6U+32+rr2=7-?P^oE^4{POgGl|0hU*jVwkvXIQ&*M>(zLBO_)^pnqx
z^R488$`REu_uI`JXg>ezzRX2vXTBG?E9_g;wc&&}@_Oo9)C1`J3dI}r>(V;z4gdV>
zBtU)hqJ#g?Q_$1)eYDTk{7&T->cQoB;~dcL>i>T5#(lrB8db)>|JKDH4-f)4o$xIAI^>d>VVw0lNI5`;B&QF`qM*y
zf2gh=dp#RTBqT9Xe}OQht#-kkk(CX+VCP-@9lf47F|%jio6&GLaby-VxY3A&3W_=S
zFd|($RMxGzUJh}=4Gz%zEuV-rEo9XsTlhg1eGm7rtl53^DNy_9N&rgPfxWBUO&BmWXz5HC!3SCf{Qo1A=2F`O}|luQcA8hJO?gQWAR
ztE~C9-zDwXBny3zMF68hQuN|@8#mHN8xjBLh_CMDd`T1iX;ma~jQ$#SO5T99U)9Cc
zSBScmyGQ0i~y@QXps-3+02Y`T{GS2r}j
zq=7Ag)L+H)_rg+A#00#CG?l|JjX7_UEX5wwgfc#_ye28%45s$d*MjpW!T)VtzeVX!4z;$}bpn#r
z^-t_3_kh1iPt8|9Xh@Dn5!PZF12?y)4zD-`vzhO<)PCbz+lFP<$&@Z-M?G76X-iVI
zp;&2saHA_*ahVB{##gC{N<{mV@@ht;+
zdRae^{)g0Omj$x?MRSm)Lvt{~3-Vq3-Btg#v}l(&dxUEn!FAao?%`%gH+G^6awy-G
z_||s6zeD}Wsee?cjA2yWVY`oAmPh?B!|N}Q>gU1}r7>o83FW_<{g(>#S-?4Z&N1y;
z16S#`Twt5D|6}A6UY_Rv-X|g578ti6ODdSZN!34a%`WpQexAF5`=yBfp#c8E@So!M
zRTgO6m{|V5gz;}+f6^>H^|#*mpJ0C$gn2^z_Z0Y}{*<}Kjn-i&lWot|PM6r@@xB)q
zuZvIfX`%P$Z|ncywF
zA{&V@Ic-N@Ti7zS&BOBlZz%mK{(^S&h#1$}i*DnSzwXV;q6M-D{w897NMExrDtjOe
zM2#S@p>Gmu-4O%{kIHY2`aehKKS$JGm?5vHbOF6p`NCj*!|#@KNGnv|7`;gw><^CP
zP|4c4m(gk{jUa1>j?*B5G3=r98M4U};a7{T50{`sDdEB&k=l87c#>}+axSaTKlQ0(
zyQ2RERx*Qqt>}JSEKb~p5@ZtsWhu%?-|%@nfk9}a&c+Sj)x?^h-xcb~)A^EDZ9JBa
zLWItbbk;H>x4X4_G*2y{g=Mtd4dkk}!_skbH48`2Z_Ak!MRa~py;wcj+~QmDbFk}D
zy~v%@Tjwc{p&x^j3Q)I2t8tGb){kMr*igx*qN;B+d2JN7mqDP2{oRo5(AFVQjqLGw
zv!KKk+TT{5-YI7LSHro6zyw$!%7t4qbf0FJ{GboDkG5AX62;peUI&gsyY;iXE9^Q#
zC~BKXF$K6$@~HO_764*d`c83lUvujwEZDTXX5z-AKHHzbMsym4F@Ng6dG#xrs#!rJ
z_rVtZaXS_6-W3$CA5P-z0Gkq`TSC3-%_HBOxty<9-Y+(SdVXiDa~S?z-0`!){3piM
zUt}Vqi51gU0bhjraj&z14*PYl(G);4htANE29ImHx~fWrs<2MZ@M5_${q#?VgMKZc~fS0Nl#sx8RbFtWvbm$?a?GqF8|_y57I
z7%P$1rD!U83gw8Z%x+Cv=gr>!V2MNR`Gu|1y)W*3KMZN3;<@CC+(jpUBt8yoU8M%B
z;*r{iKCHdAx%qt@-=t`caE4$I_TJ7V+_VmG5d9+n8z;d~ZlY1fU6GL^92Fdf6(OVO
z!u1qL1U;BbTRm^Y%zibu65020K)!?7!Nz#5ic^FoJIBD<5omlTzR65E%I#E!4HrWu
zX1hj}4UJ$$o#4%iZ{K-`ieX8jxn2nclKVulGAi@Zx-)>btRbBXGW6Q1Q2ZvJfOfsC
zqSiC-+1rR05#yaNFl%+5Pl41gd7jsC4rt|#IW5VyYzn#%*&5PC;~NFh5#bJp9s6bb
zT0%^O>(#3`eN--AH@CVsU7$?EFl*v3ly3a2pjZj8I&z=HfGL!zR1ghR0cjyKXfs)0
zTIdi`p*e5Qwd@c|#I9hUl}0U{C5*fVt$}+q(R(cZoSUCt2RKV1(8PZEx-H3i%T++H
zW>W???0@B;egcESo9F7CIh64I)w-nsGrG^Yvif0zU$WR@kTj$Ji`b1T&?>^{XHDGV
zY&Ue+H+%(#&nVtjy7unjymuq0kmP~UmmEcA{Oz}Jvm*O*fyYnYdGb<+c5t_XP@N&#
z&6R_qs;MyJ$n|g9kkU4Bm3qWbKdf3dca)~iK2vd3kIQ7VkWWB_flzCVpC=mNGAXc81K=PF>123g&U31>*90@jmHSJB38$llX_&^jB&&8rGPw<6==Cv@0DtX;YYbZYQ`tE_xD1p5DlYSLFw?F
zifcc0ri<$7Iq|9<(R)>8g3TLW=*JUxp8onSmB-~Mc>Y@Yeact8pQt5+G-7H5b7Bif
zo_@();h)crgW8xGY;$pYxIJdQq5hAsx7E|b5=4o7l8I^S)~9_)u*+4
z;U-kJ_TpS`EM^u;(k~g7loXasurYy>@hg~$*
z9pQ6h1;$ITEtlQCv2nPy<3V2YZyEs-K31eN
z*r}9@Ryl{tXz5v0C_%P^Ot;V+6|sKu=C>1_$8L$d#WS}$Z%PwSYVDsyc)}vF;V>Vh
z?S!w};3AD@LM5MZ%^JEfu$009Z%L3X1m8nKXgymoE7MtO-^`t6OoU#Q;dEQ*d=Te^
zh|^SXsznBql9O@QdAr(X=mq6Qp@`m0Aac(1uMCUZYoZF@~zw5Ucw5Fa8ZJuMV?3U8=#R
z$()<|0jz+c%0<)eo|Jx+>b0qFL6QoGcSE|+4lKN*2F*qSrxc!b;d}t436}Y+28KK>
zigtHPCaHU|dkNWUi&g6vGG*&!zXe=d?3+VPLj+$J+8iF?wwBpcpc1K-aKASp)yrZL
zlH#QoEZ(Bwr+68bRXnIyQ%1iA+>KVP7k~N*Yk5tTpPsc9oH4mSki8gybB6qF;=@kU
zv28941Dzes22rw9%-%;9gNX4=$1~g7lZsL)Y03C`2XmllY6n$r8&<%aSZ;g5=nVpO
zmG7)4u?k0-D4jP($+`A$Rq*4jPqvIE_~BJKvoJL;5RV3E@Q-Ml6Nx{C<5b9|-9I~l
zw9zSLl2*dgcz$^N#tJ7kWL%a^Ok>ya>}Rsg_oN$ELHlJmRO!5j#a{4TtHjDu{)DC1
z(E7nzBE9c($+!5DT05nx8vp7NOAHAk43Cq}4HA~8E=apnjnHi>;l_l`I+3F3=OoO~
zPZV9aO*@VH6d?E
zp*9N!+akOuycgznQdmvnAMmfP-U<
zYSh$W$*GB;Q<;*IzGk?MX-f~Id<-QsQ~cf;CGt9JP*C|M_%F+djBY`V_#Ji?a>Mrp
ze>S3NHoOfEaVdS5bw8Vzl<1Hla6fo(Y%KnGQ!r-n$y#}NsyZl|Tvm%p?+j^NxA
zH$BHnP0y+v8p|z$Aej$gjHaW_uSUy}Zxo!wOdq-j%^mt02afsNE>H%I&I6&Wj~!Bz
z_oBnAKG`-||N6WazCmq1-vzx1uA&pwtQ!m;URe1lUE1P1&?5hr-9uWsl+oMK)6a1%
zQXM~(TBe7oNGooc^{eKTN5fS1gtIlqOcK#WBt!U3Cj-Mmk$q!kdpv$Td
z4zJHo7&!E^5km4S%+h_f)5gh9bG+rJQ@XvK#zX;#ctw7aw$qBhh?_7V!g9?6K-uSL
z@4@poAmeBIB=!J!1gs4ZpDTS}?5I-<>!g~~~b;x#ki8-Jm%Cp3D`r%aM7Bd4dN@uDZ^rN{f
zBoJSaABgUc)X9*8<6%;v(^=(Ho5(EEFEkZc}A!1onFHgezR+cifas%q@>-@{*g3d+KyBlheJZ*-C|RR?5CsC
zF|0e=W|@74qyrj9`Szso_{JqfGOOmE>h)Uw-7A9_*}SxE7ngk6z&X;eEb3@Zm|nuW
z6lyM*pwU#_wB54o%?qDLO^!lv%|v1p*f)B+>Wc$Lp?-IkGC-K8UokudfAY+|ei_S2
zQy!NAvBGqNkpH$||0Uf2CDMmy;H$U_p=%4{z?(~hJ91S$+V{Hgj?Zy>qyFfXYa#C#
zIGtktiXCF9Umq{YsLzmrt{{GJ`%`Sf^Ef8AhlbBL9?-j;SdXDhtN~bYH2dvqJ|&`H
z1H5jY?pl>K0kV%3{1WKy(`51yvojK?;m9lOz@di35B|eUTHdzphf5=hVW@<3^~Zj%?X)#a+no
zQrFeZ>t>gvksFsyS^lTP=(FAV$1&(YpVfbLOr0@CGi3RVQEd=#uEdroBm$=+BwHeG
zVW~ir`F|mz7dJNCIojpON$8@q54-(j6W4@75msVeM_T$G-cY>d0zd8$4^
zJo<2{0(Te+3b4E~H%XJVCy!dZ_FjqYMd`7$i^8Nl(1scrrrbOU`t{|hs7Chl9P-G<
z1ZU^Ed0_`JFet*UU9)j~MB$>kG^K0ec$f-7g+X0lszgJ0LYmWLri
zBqM4j2WWYnKBru!-kaaCLIMi_x050)=OIckc2}jt
z<`(uH=15)kN<<$nRWX<@?XKXH*`?=TZ#_1mT2_O-%d&go3x&S@
ztk{L$U7eGrHQv(mzt5T2X02A`VK;8Z#sWivH;0VA_Z;_--us1Rf#E-DR!OB~Fu_Y8s6V&yquL|#6AOUle~jlX#KLRyFxpuH4*
z73OpNz95eUw!*Vf77e`M@4Pr=k~Do}iI$a*U27+
zFajnHQz_bIms$7QT*XdJ!^#WTWtMD$&NUsz1bh4ousK21#kS8>UeYh(fl${;)6huNMUKF-_7TJ+0;F`^9+zC
z(D7gyAU~yYEuAhS+27jO{;(#e&%K;`jFG<=_eOw3ZEz_2NlHOAbnbanBB0saO)RE7
zB&mIeO5Po3>dm-wMmyWOYP4&RKu&xM%*U0bP<{-H)pQaf_Ce-8f^XQB>rE(Vb}Rpj
zb-=#ree8Sfd5N#p#C;T{Is!aZyER$HY(u;1?Mf1h$!Q3)(p-Ae$+HHn%>qp(ImB_N
zy|CB16dG@pu8+38Xh(Z%kMme%YAl;_>tPpHIzirM_vJRNCl;iV|6Dp2AD(DsF3_=^
zdz?RHZ%F;E9=`03K8WdBCftXT`?!MUJ9YkeK*9yUN0vs<#pbSOApop4?b!{>o@xHb
z0wQrt5oJZm=aJrIV<_qh+?sN0lcj)ML3v4~#jZQ)M#DD;{8{ll*?WlpAA4^ZoJX%E>YACEnPZBXV#mzP
z%1aTX7>4Wt4^J&^bd8fZo!gTQgvzdvqa@4I6@$I
z9rEu56c#~))xRbGupbp+5dFS{)B7C)1m^k
zABnU#GSiduqr(?F_}8EHU!X43sbx&@9@!AAK^5k^J22=&trCiuqdajT*?~(e^>iXI
zh1et%QwMqB1JZqG8>$(EBR*WUQIG9pL;M`?w$NC_%Ce!v*T$O#^i;Yh-@E99l@5(fO-(DdF?Lu@Oz?&hvau&J+*xID?FlkGPeFFV95CM=-`e_0v5mxx5q-3ub5@<~10mWml)S1Nh!8e;
zQ^XnY6?>9flD4fuH3xfq`nNqj^+)3}yV%onNnc``eFxeb6(fn%U%9kb&}rwI7<~Ji
z<1Ta&gg3S(ZAtynPtDBQqxw1hLqKB8i)~~Q4Gn8Q5S^=tU0tUm_O^cqk&b+-o~~kn-iMY4pHaFpKs8Bur>UB(DBJB#JetuDsesqzDu1P
zd}_cxlb)yG8}1chH{WS?T&KgM@P_m)#P9uuFaHkYF8hTK
z=`F8S_nu(^QIGz@r|$i1JN2b%FS>p^XBVA{_gi)H(zy^g}z|`kUWKaJ$PYw
z=et^O;5z{X0vKKj&LVCmFE<_lqpuJE*7phk-^)Q`bTwcl8t{Ic-5`Jg7uR;!*9@&d
zNfuabmn~K7cyo1EwxMMaS(EZ0gXbE77Ji@`px7Dji`cZM(UE2akx~EcievM(`F-b;
z;Nt^1*e&}@E^*@#&q|qT88qA`KE&xxR|R%zk)}2$`a*Sc#-w)JZcpxOijrbM
z^u~9Pn1yE$Kyz*0YU`eNkKWLNl6;XD>zO&sc|{V)navLe+L!-GO>Y!cIsc5wB&urZ
z1)EA**3cO=7CSdf13SENeZbcz+tK2D;2Xw-kvijlKMiGjEX9N)!(F#*_jvJWKgS!y
zB1Xg%Y|h4+R*&$u(z@LChi9i#om>U5LJhjd{=BD<3iFHn~0Biubu=j=nD2U~pc|
zPsMA0tM_?US16*)26{U`5Rf+V-;cg*40pOMrBGRV)hB$xSy75Dm7TWba={jVvYUeL
zvlhsHaAWLh8xDF~mtr`-*7tFVmUNa_K`=Ay{f;HJt%a7^;B}zWmSZ077Q1mOlnSk$
zx=A7xR2YPuX(EisxaWqG5ovWtZ+mX>rZ{hV`CmEhR-`Cry|8=eRMd^|z*ng(?cx7a
zvKdJOCazHN#GjaXz{Fz`Q?o$Gh9t%&fl-XeO-w&t
z3rZbxw@^w8DNacr2pbg`=^z!JWEJQ{KRw9-n^A$mnr=U}t35YimtWDX4k_1H3u@2n
zrz#f($NaHNWC{V5f15Y*WkEP2Qmx#ai06d%+UND8;U5$+E&YNn5}T=xM#YLD&0oW@yLq)!`YoT3}#g
zr=2GVmcba>4d7lGP0z9szky(`e}?eJV!ogB^%sC$OZw-Q5~&#~p65iz8T{Rd5@;>^
z-~M@YcuUbR3zt`^{)rk6=hTW6@FcbWP8h>f{
z3~%teH~lYFp+1EFca14ovnBuEa{RApN6xNWoUqh=f&lYhhfX}~OM8m$+HTML1qD*1
zB9b|GSOo}Ek+=6M+TAuhr5$UIh|LVNG1wL
z1WwoW6QzVd=KuF$`5$vgVEKO=Yti%wF+gvYLCK`C6DJ2(+TZRFe|1)BuG!n0C9^Tx
zX>*{hLs`flXt1JlF#oipv0fLd;7E**DBT*_qPIi;_
z)6cXXx(J%BX3DqG15BR&vq~s1gxj`T;m`U@co##+O9gdo(#-TtrnH**tvnsPhs`5R
zCaS9BGNvj5a70;RR`4So$BwD8@s@Wt@fU#T1oen=K&}6Teb=fyN}u+&;;r-$#2pzc
zJchAR-CCmI&7~0*SJ)>*u{cm-uMiN#IG16(mFzdHaHKIw^N0
z`3haWkm-m>N_vl%f*ZVU?b+Y5%f2p$Z(E-mm$a1z>|ve0t$S7vW*Gv2Bs4;f3l@#R
z5p-TTpGO!U5?p<4E^xXvP(&wSVeVxayleid^DxTCY<#_t@
zwpfiq8_;{7^gbl^hnuIH@ST?NSoJ2Qmf3kq;Bm=n5!#g0&{c303b1~u`f0~koXaxd
zT8qXU?ztc-PdnEn5b5H)VQaM%A2W5uxr@;^d*7<-Ei?}tu
z(`p5cRq~7X#eKZ
zix&CXmr;Vs3S(|eTcf}sI`be~9oz?)j#TO&+4wXBDYwQ#-mu|>i>^GoXL(@;fK0+N
z>`s!eUF`(Z*zv-KZ@m|%0Vr$Y`>3$QD2fL^gub4MY_icO_u{HHGFW~dF{Mj|j!vQQ
zEnD^m+7IcJ8rfgu-5;wJTK2BJ9wg893a3ks5-=dMmdt5o=m6fxebPt`syZ94^CIK^
zygB*{eDxs4@4OF-m-i{lp-?Tzs5C{ZN(*c_qCq_()HsR=gGd)*rO-D!f8dGsB3BPw
zT28`u)nj@o!Pg%j*cC|6GrRFJL2nQung;afrg5RS7$ub!o$?Yx;dvY!P)S_7izGy+
znZXUocj;8VeQwUCqdm0zJQ>y2ng=z<;9w1y=dU?hJ+)h>*;v#4f^ODZD17#S@S?Yc
z3>7LQK!S`E8Yo0U{98~LokB^9Wp67DyvPg}5@y1}`hwBxQ=X&RTOfD4Y@57E26gh?
z^fb`z3@6}gJO|#-<}cEzZQC}L$ePM}uK=^pX>7u)4XGN#%b3vh3=BN8aDF8y`!2Z{
zJS_&(1`D26ALKgYjM@#)S3J=7+%-JcGK3M~suOFlR+jq=Vki-5L4}lw(+YQ)w7C{U
zzz>*I-=a#>Tg<%3;u@m$CL=fWyeO3Lfv?<+
z>~WHht~Dws;6ODchCwpv$MY^YD!YE3dG#@hIv0pyKd@=?(1M1epKd>rWuD4Jq2Wo$
zrpdc9_`E)^&|7Ix%tZ<+tBFD41rn^%fOWI9yUdji2y2M_@Gfc;%j{yd!hGqJMn*zAb(ux%V~ojIa*Q0(J7EpY2Mw5z^k7O3(Thwv
z&3q|nJX0@qn+_t4t>9cuLxy+)+ns4Bhqb1nKDJkg{f*xm`iHOuJ-IpS8jqAv=%3rY|d;r&O
z3kqvJub+0scO%oc`p`nX#^CUzhs--Xws6Y3x%9#CrcWVEhrb(t2fbWCdzXmJ48C&I
zNcJ(v;CFJ0dFHXI`DvlQ?sn{fK5g2~9HOJ;-!|npIhkE#w|K*lnX#T?wEP5rwGA)Z
zhP(Lvc|Y3UOgaCX_u~yjr$?#(WCfm26eywJl5QL^+WBEV>{~{PrVakLo{fh~ql(g{
z=;p-b0Xxr2jc;!`P!FzSs7D3CY=rw$?2qN^8%I|b;Pm=qr&HaHZ#@?#%MisTQ}fv~
zoVn`}EWNg=VBS2;XL%CFzTMOs(TW^Qw1qHO_b&rHG1`3U+8eg(tuEqU83ejEY1}XN
z>KzaEV$b5?p)20&+9qbe7E3+tOP)y;5zP@hPP(u+J?I1*Orwv$Z8ikrm?PJro>vfx
zQ3Kl{x%>Hbcsrt+1A4Qp+0XR$PWs4pI74BydZNjMb!D%g+mG2G2gT|7K_&;CSky>j
zP)dLCMTO)WCFA9WR{0hR+HE7HhXImPVIDZKx72n{#lpHFL~|
z-m~HC(w(D>H(r6M-00O|tyg`bHIwZc++LU;(nSYbl+BTsEoh8Uv}VyQ!Z%cssc+af
zC2%-Ef>tZc!j7TdJ(iu+6H=wK=$Z?W|H7xvyV3y
z{KP_vB4?HiT{(7~Kuu!{2}2pcl<3&<6Y{&90_Lp^&Y^;h&?5_{v*K-jzYJU>!{(^C
zlNnc*V9L~2nP>C&Fo7fr(coZgOXMN-D6oxwlaqlOg*8f7?HAn$rR^l$Zs#{6Gy2#N
z%=AIbxWE`txgRbqhB2gW=G96=}i{Gd?^tT#o9%2N$2w#TiTb*~)T`!S1iZ%z=IvxVN
z^ocrJS>Y7BC${P1yTzft!NA}NT%M#&_1@vHJ?mN;2VP>}oM>8j(ynkdE;mJGS5%ne
zxP860CbMjvt_fj%?&cf!^6z0i&k56YU*7u;5Gn^l^-B4<5z`dwHi30KU^~8l?|+D5
zah-OZ`IG~>JZgc%BlE>ZqCDxrZwoIT*|BA5v?{G(Yu1OJFQkRw5;;Q^PoEXMOLnb}
zoh;H-`^R=lXbudWEAYKc`H_YhJ(Ugn3iS4FM3eAmNuT8mZ^mSJ;|=t2iqFcs0HE$w_BliU|`S+|4ai@y`dOo0ZxCuR`uI%{X>x!~2RLRdB`MpH;Wcx~0^g{P;V
zdCc?V9x~l99V_hl6?9I}*aRbafU5~mclHT;BSeGeU(S4EyE$dUgYgz
zzZ)PxNAZ29%>NAGx^-`@$Pm_e@s@3^`YuIic=j4Sn2udBC5Bn^>$-`6xZn#
z=X@Erk)mBuYej0AC$(5-G^H82mMmHkp73b^7IE@soy310gg?+JJ#w7{IxbG1lIs@2
zk1fz~q5-dyqBU4xiVQ?Q-m5s}whE-1w_FP)SGr<)xDx92S
z-ErhB(@IYpB|U-(6d}JlWoAUiL-j7#lg<#)BzF*du=SBNYZbQHuX6{l+^wt8tl`EN
zaS{?OOKi2h#PIsTx&UO0E{q)p>177quNR>e{H2#dIP24OmPMWZX)LAYJ{W*A%d3}
z_TKqZui3MmgFEiB(Bz#<9spWiJc%@w2$nX1NXI2pWG*^su?U#bEgjr@o78|?V;vvX
z#Avcwm|(B(fH=_!eH7la_n~vXEXZJalZ|sOY}_)ItCL6J-BXcCmstYY-MYH^s&w06
zxXiJ;{~j6)gL0&-oTlHlG#~i5J9?O+v!`=Rk7m67E9$FT9PimgccoV;hv?I2ik$4m
z4-|XJmHqi0c#{s^+@+k~E33e!+J<;Cp}E7s&?z-Qhq@@(*Ls3c6N*?>x0vCl}96hVzc-!FNLO(fhvVpBSJjYGMd5|DXzxnaoT-0
zHlnZn9!(T|s)JX#@D&^kJ(YES7GKnEil{IhI^bPmF>09-v9aa)1`6xaQrkB6B8((n
zD>!4E3C#Hx<#M;DIPV4RSg-71CrUqSx~T_%eG3Vpg~`~gl$_!ayKh7g(Sdk@Y<}WO
z#j?!Q99#9&rwA%WYalSVyznvi3*Dbw;bxa^kt&i`7k!ZvlmWl78=sQ6lIsE5v;U=c
z?k8UE`n%?vYQjEuXL5@H@uqPrh=FBp>F<}_#*|2^Dn;gEz~k=(q1r~IjyQAMu7#_e
zW#jtkkXkwRW$*6~G|wC^{yz#ES9?an8=7lciTh@Q#dGMM^%D#Y=X$;>FdLy2CQiR!
zbh7*YVvc}wdaprd4&U3}Q~(`guF&ifjA2TdfFL&_iHKY3RseCR$Ez1_96QvWJh
zz#RkwV{lYV!Eh2ASAjst#T8B%y42yHzptxm6Oz8pAN}e-v|Q;zVJB!?6kJMRt-H^
z6*pmgrJ-ZYnL6tGQF^dJHuWQXSTT<+wG$!s3twdQ!)KiFe&OiYm~N-`7-qSjfFEP=Pj(jYfu(OhG-<_o7vgRkW1lQ=uUo%q
ztV0kxEiDuecML=)bzQ&GKBU0IgVg4>$W$NPz1_{gxwE|QnUgydPUT=jmN>p*ooS^y34$2m%pWm?&0T)8NZ2;-2Dh!MvDHa*rBWzX>T~WV1c1T{
zM+Rk=Z(hzdD~JI1K@yD*w7GrvW~>x|lOoK@pA#KypnK=2X%x*bpN(u>Dz5YE{uOWH
zkIGX^(mqi4!oGt7yhh$?<@SlnV(~cDvVgARYe!RDsJoI8$_pkLnhjLnZ_uAJ-{BO&
z1Ojmux7hcud+gm?@A}94Rf%dM6nM8Q~^jB$KwVegEmTGq<#ocFkxA
zhwq&SHWy7Cs7MnKmfHdoY`VsmH1b7}T7rw-yRPd_SxJwp)Xf$kUZL*mTc7tcg%LZ#
zkyFRvTox5!O;m?KnO1|lcd`;)mDgD@#cGQGt8F{-JJe^qBZmCoaL#J)!AGJ#hy2bs
z9IE}FFNB)`$P;nTVrF^ikf%QWaH3q2N5r|A>DDM$A4a6V4jkXV&Z*PtlMb$ViNxiD
zQTcPKK^x@6c`psq<$paDT&@l0{7G*0>#1y)A&%R@}GC&J_!J(CeSc%r3%&&fP~
zs4gOInp7F=^j}GU5bd%s0
z?c|;T9gJ{uiS81y`HsQ*7Ro>KTFeBqPr5S8s35!xfSSQ|H^Uec=IvK-7eP@U{av|x_bqINa+uhm5>5eSnmTBuTC-9?4&c%I8#0Z1+G!{sV!ZN-kMHh?FS+40IESN&}U`nK_oM)TYfLC~w
z{ailXd=xlRq*ydB-~Ys+#;jVeyY5(0rX`|#Jun_0%b4oP(1YuF7WR;Uw=JE%h6
znxPC;>~`ievj*oVErtUAQG+3q{6jkaAszpa
zj(&~g){|#w(X60fg7s#GONx74%h@E`j%^iu2|tb
zWMzN3NE`~4OGRT~<+Kt;L}#SdHm$4f*=-h~SYg}EA}q~pTsSa?2X5@82!;Bs0(C&C
zPMUQLi91gUcxl^Jzs;xWX}Nw29O$=~(tFg8JyU~!Q;aj9T|m5$6l22L
z;}f%g{$wBfvz|`3H;|d>%v(*R#$ojgR_ghatRUgegMvfPGx=fC9s2v=G4KK3an-vI
zd2$cmhz}0;{`<}o^Fh@Xfa>k!hBAhb5fF6_`p9=kpa=MINxAm^gD}pA^G$POrE=X5
ze-YsE7SQi;7d<*@%iHe(9shX|?E@;`7W+1E(7ZVqT!~15?T63OK
z%(KQ}0AB`d6n1NN|E)|^9ckDn;KI~q&h*6dNlt(1xlE{q+fVp{{P005|Lq`ZwW(Yt
z=BcMIDDb}twI(Usw*V?u_r4><3|f)KR>)rk12J2?p2MbjFj~L^@M~H3
z=sHAAN){?@`?ySWn@|lF%8nLy6=Q~c^k0Hmahmy2tnRa92f
z`sWH5s1I4(_UkoVg48>G=dme#r?rB<`4^P`Ym?-g#Ads6=)szI7&wMZV36z{AInge
z<&|F}sGoZ<<82T8a0r2dewoB?u~Ew;z6lD0{qKUYiyszCjdBi~wkHk7)zSLM1&nwr
z*Nt=eNKS=wz(En%@1_=0lU;W`8~v-@|3#2qVchxI@17D(wMgS#%4_MZLgdl4R&F(=
zzzj0klhAo)Xc8Wqg5ix;@L-9{q7>O(cbS9+#8XMGTp}vu&44R7MToVjO`0&oD~-Q<
zyJyrDZ|TWm_iy{bzxEJALwu1&0YjVGQf|Hpcyx~2g|LH{J$#~
z{_Q8pE+GdwCpsx3?JG6d&B#&@9uegQkMrJNO-x4nKMVD~$k?^9%uGNps9g1+8?&EM
z`XfAy#quN!^AD{?+7;$<`Xwj9mEo~94-N?-S)tcW@xORvkS67m%RfY865|R~JI&7M
zp9?YSZ`otNrSc(nYE%yYtkYP3qK0VTo3*+g0v)wTIjp@GGcU(=ADBp6fd`e1;?24s
zgRinq;tFRjeUc0(x1K%KR-47&X*FUaZ{pHMc;V}mFxioOAK96j9!kB`L3`YpYJ2JN
zJS%ED^qBkxi^x~ZG*iz*aMw3X1p^hY;
zXjto>so@8u-ft$HpQaG1_j7;1t1;Yv*6aha>le$~B8PHzswULtcr#`n2A!VLyGwvh
zRL;xRE#55B2qynknH%8ulQ#T^+y!&p%ljD{^ySWNVs~~Pm@m|Z<SnE*C1{zSK1ZsenM~aJ
zy>}tD_s8V_5Qm4lPZj1u^(TnPX;?x49Ds5HM`m})iT_m6m%4VWnQx*#?%!&fT0iN@
zTPu-G8kg4iS^`^;VPMb)Qe@B=f?+o{kuQo=2BgU9t!eaLDuO^ihEs3J&mzpH*XUun
ziaVJhldjcknWi&E3&z
z6n1<-QBdMt^6jM2-!->iG`)^H|C%R+hX#|=iZfGWKQAQ2o;kIbF#OR|uSC!HXW%=Qbf
zeUZHcZ>~=l9#gX~EbJGxxd}ZRwEmsks{mQSJ*2>G~p9
zgKsmuO+L^wn!RW8c+sQ|enLkTTld9LqOmRAxsLOfFG`}ML#vzeT$Zk0rR=MrFX6)E
ztlxLqa=t6Ufi=OpyVr;_6S#9LSS3b{SdF(kn@==p2XZy%1=CtpUKgx^@?&m!n!cH5
z)171)bs-pIf!|?Insw7s&(XpZEJ5#C45QGg{n(F<0SbTcwqJT~t0N4>8YmZ&3)l3(bX?EaA(1Rc63g9*&|=
zh1=a~%mISNPf$HzCwk*Z1M&V83#kWC!9|#meCWh_QJ=O)LAj{l@B`^HDlygVHkTX<
zpA+kXkiJBmp4bzqiC>2EolOBPnA
zS|&{r2fQF>w`Y4pd-Na?i1M;MWnUNuLsQa-I%Iv+Ce77oPvmWAYQF^W+GJ@hsAvI{
z*3?BHFhwnp?6rp{kf7`-cypx^p4NIm$u1Ea;lKw(BiXPY-fFW*
z+wX9_S=T}zO-9YqrR;%#uGZly4{`Y`$DgGOG~-7Dhdcz4l4z#{RMO)+<$vi8|BxL!
zc;7wZnxcWCPT)m#+q%iydtm&^>FdW+$YB%ZeUtw4g7dTg;TX@QOeJSNyxTPJJT+*K
zeJu9z!(BmrkM+QEIV6QKt~o0Ppk#4nowCnm%l7?O)T;w$&qi)0?bE}yUd9xzMtjXE
zVtF0IJ3I)mQsV6{_F=1X$!aZ~UoEV_O5Hwx@F18ZbS)b8Y04}RZ{!jINTB4I2vh?1
zC^lkO>5ll>Lx~Pgso)OEmB|soyZ7_mC2k{gIUJdd2Iz7|J$=i3L++)t1b2H`oQWJA
zE-TJ69;J_1nh$i&RB&wRU0LaA2@3f7TmfyN8Wm3)Rix87e6;WEm8sMWB8vsO>t}6R
zN+>sgq^4v_US&sQ*4HZCu#<1ih!K7V*0lqL=NT}h9XB3?@Oe5r(XC^
zq
zpoOQ?6L`B`;-#vceY>BfMl4zi54N=VBx5lax1^&d5XyAxxZ7O`
za^U;It)Qe-;##+qAK2NJ*mP$mo0MFI|UE0vIPF8dmy8i5_D8En6b-^nV^&g
zz^rn*FcG8lHSU`uW%^c^ss4I0`YfVXW>fFo$8V}~PX`^q&|E^I9j<0ZOrF7XufA(=
zR?2&-h|CVddgr`XED>K=o7XN9SZK%&tR0>EuouVITxbNItn~IJ|%S+SdqlC)Sn(o2|%xGBmyD(piv9A
zmGhNQwBo?dr=zPc_{r-%*X6^7t2DAHxci`Y)f;s{HE>IFE`+hTYz0xPrYRHvk4zzx
zqm`lvN|&UJ%0~(wQ{==OSyg_j`;oGzHrQu=nCxqJ(j-LM)o0WoY%C
zYlzRN-SLDUq@VqT$@7y`yv|5u2+^RoHv%;$mfXxSji>+!TPDq7-ob0i9QR%giQ|D@
z;kGM>NKn0P@Nv*8Sl!TGJx4gRM?3Cnq+jfWM~1aOQ}?63f4Yq!A!{6Ss3JUQE4}dv
zn9S_AsR|vItUiaZa(YWNEyBblaUjn0EQ_os^@$;^k{LEzaowaVK}HFO_>KiqySC;R
z3lySjCS%9QD}Gy-uW4k472e#vofrZPq;Gyj^IsCunVY(+MaQd77Cf1pG4-LYAp*Dk
zFax~>?JRFSZ09@#GbKc&6byeM%V%Deou}_?RV-X5+V=RJXHRauh_X~S&ZHyiI>{Gt
z2|3PnjpIr4(3<0$RxwRA2J8>`b?07YGF!e{0q9h|t|j=w313`;qUexxEYs+6#>lcs
zHDUUHx9KhoALFwVFN!!1`W2dXnSVh>f;_CE0c$kUC5%OxuFH7JQRnY75!@N5ebM5=
zCk$N}mCDsugd>T?Lit&jHg8dYd(~1_Dn$##TwVUN-`qu34&G94+Dr;Z!xaBS8imDF
zkt*e~fvo)9l}khH*n!t~GqS1kE#Q1!q6B{eha_4qk9|Mm0vw-+ShvZ=v6^xPTIvpM
z)9$lhzBga(fD*<{t$H4gzd5Y03|j%q1x6?PdM(^`I(umT@G_1n&uD6!PWNQwE@0Mx
z+lT95lD%ej0ex#tq+_E?KH;X*)>-6mDKm`o%VBbO$L%zOKy#|xY&JP%XgI)7va#Re
z7skvi_mWT?avU+z>Tr0oZ4e{B1#I
z)AOgTpV|UB8@H!8t>1BE*^@4o=)3?&Lp&t&uH!z(U#7mr=&=jZ{J4#R+>V9gE}BM_
zdRQe#=KQ+8BQt}7((uy8Hib7XQI4P!8B#$aFg`LTVkeG+dXp$-DI?-(d5CI~&*nIHWmbDh3{~`VCPdZ5>ojHt6;#zq
zDxJw{xQ=2h6U`Jyl`(O96_d~;fMXn12uYFiCKbdQHADke?f!e<*1Ufo^(L-M@_Sho
zW}olJk_Qk*@JjWS
z__zqD)WV8zpr
zU&da(O5M4F*k@0%Uc&Db|G?g|cGZFRqdApDJi8)42O+X+O5ES({_s1bvsf;?yCZz}
zPIP1Dye}y7OEP9Gr7_EF;>fg&a|Y3aB+j_;q!0+EyK+YmpCnk0N5EfD8H#8#
zm&IuGU2G>|^Xr6Z$Z#w2mGz5E^Hi^%z|AFd1rVX>xAkg+YEz#A>=7P99+#|;*
zjF}oROh)&IqxIOm{wazVP>%b)vDc~;d7YVQVor*CKCvYq7rcx_pNUu5d1z#257%iH
zVI0JTYf6{o_f4p*PszPjO$iLlp&>L$ID$>O0$LjE8yoRV7Xvuu3$c&vj0o$K<+;&!
zxU(NvmYXj(bF=Ajyc%c5UAjlG7cbur@74G67SuoQlWBn|B0Hbd!CY3eT^m(6hrK=U
ze