From ccd226aeba3d79514900b226a4a8cb15039cc07c Mon Sep 17 00:00:00 2001
From: "7u83@mail.ru" <7u83@mail.ru@noemail.net>
Date: Mon, 23 Mar 2015 06:47:44 +0000
Subject: [PATCH] Updated docs.

FossilOrigin-Name: 17747fba31475f32e5b65fd1874e69f2703d49efffbe1eeb01dc31274b1cd39c
---
 ...-ietf-capwap-protocol-specification-07.pdf |  Bin 293986 -> 0 bytes
 ...-ietf-capwap-protocol-specification-07.txt | 7393 ++++++++++++++
 doc/rfc5415.pdf                               |  Bin 484916 -> 0 bytes
 doc/rfc5415.txt                               | 8683 +++++++++++++++++
 src/capwap/cwmsg_addelem_session_id.c         |    8 -
 5 files changed, 16076 insertions(+), 8 deletions(-)
 delete mode 100644 doc/draft-ietf-capwap-protocol-specification-07.pdf
 create mode 100644 doc/draft-ietf-capwap-protocol-specification-07.txt
 delete mode 100644 doc/rfc5415.pdf
 create mode 100644 doc/rfc5415.txt
 delete mode 100644 src/capwap/cwmsg_addelem_session_id.c

diff --git a/doc/draft-ietf-capwap-protocol-specification-07.pdf b/doc/draft-ietf-capwap-protocol-specification-07.pdf
deleted file mode 100644
index 179e2711904a1fb5bc6213ae768dabee727febef..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 293986
zcma&OV~{1<wym4CZQC{~ZQHghS!vt0ZQHhOR@(Nhwcg$P#EtbL&iXZHjF>;$_<HNT
zw=qfOg+*x@=~$phM=oOWp;!qR2<!|kp?G-crA=(joXiQ>{+uY%i&|JanfxT67qvEU
zG7&a0vNJZ}<AZW^`e|Zd1Lc-kq$=aM!G_RvuXb^$Xg2IGtbjDOX{~Wus$_-|!OZF8
z4j>>dEQACDAi6yFMfzH%<J(wHACnPUFC7lBebw#N(aVm3fDiVxu%&VOh%cyaH3R;x
zU}eXX-D~c<V~!%g5lt+=srAb?3HST=>!qWs5$PsbD3Xx0p}4AU#D!3(kHL=*LXsla
z$FPhjWxYM<FXSaGZ?*cey(%jKeaQ%Iwk6g{CWAuvoR5Q7zOZ~h__3VrrA{VomCc7M
z6rD77zzr)ZmW0|(%K<4b*!%Ff=bm3`4I`Qq)%?A<W}VV)K>V%2d-@37;ZAb9y7|y1
z1&N!lq3YiY2?ghVR<fuQbEJc;f~q~y&SLr&<|;RrN8W4aqO6obbTMyCG%p2Z953Dz
zbcUctOpx+cY(-}1(spQiwrI8T^WtRC>dTp7N&1b%7JA4b)Xdb8*}JAoMvdFE?P{(B
zyj}3~j?pl{NU~r;Aps9*q5;}|V?n_ly5n>g8?+~6v_Xuj6SfcXp)0+V#c^z8DNxj<
zqB^(Z=9yBkvz8ubOjYMVIug)utgIZE_C+k5<M!Qd0IKo|TxM)-KTa|?9HQ7+WZ9K(
zr&}_;k7Ix8uH8maKz#sWQgz3so2{7hG{9vFNpdET`ixZp^M(*m<wi;*&4sT)l7VY8
zNp;TXYQ6C<kohyR6+jH<$$dCnxDUlMXT;(opC4R00UB6Oc$@7Wzs;H>#rB=_0@T@e
z5#X)+ZPOj4LBBJ^jaHH7ool8U%bebw2=}=r7^qf>47K%ZjL<?cBA55{i<QMzm%P%v
zzC@BV&nmZI*756AR@&Gtg6t-+Y*H3ah*t!=U`V!uYMNUx8zqWkJ5I~BmrTMHMMdC*
zeI||SJYMX1l?09I2l?ln^c7HK%>T?AB2HX|aP$&g#mII>6Iooul*A?tL{*SC&8Zw!
zqJ@sWCfssiyaK&Zq(d7IjVGpeG!mhwqQNA!A}uYF5G;7LfWfk<YTc(;f-4+6Z7r@X
zc0fgrHr911j=LVG^EiH@UgTO=H+r?ayGpDFVU;KNP6iJ4@TJ`_LdV!QxKL+;@E2%z
z!gF{ye?%4`xjVoR{R#|J7gybBV|)zp_Gwr{*mw?AKJWHAc_%ubLpc(}r0V5Khd!f%
zAVR`PwVANwfV};5P`N~QZZxBJOdo^Y+}ob8PeJ;iF)0yo<}?#HOb~eCGF$&8`cnxF
z9f1`lgd`gW<2)7X#br0KJmIqNvVSv6?uTj#I0|@c%~V-si)5vvQAX&h#dpt&+=5vO
z%0@JS0&MZ`F(TfL;oX>EkQqO?lbeqqY-}`RKatg}<ZUjR&!$|f&9iUsv1PMsJ#xB{
zI}=;u|I2|t-~M99U&Q$9laYam3F`lzG5+W9f55`X{;$ZQq+pl9fZ+XH)7sLccm_!L
z1FwNCflEcHneZ|1EWi)A6Op?qtJq`H`*r$<ICoh>IVJ+od-r?y^%Wk$E+NPl*3MCK
z*LS+0kp{#U6RZ{uQYf%{Jx733-DEF8MH>IsHGgfbnD4EM?VgY<g_Qao=^-n2tdRJr
z>@iOy!A?Ch$4pOy^K^GD;YF3W#ArdQSi34*l%T7FiSVVqc1p$6r6n+SK^C1e_>PPE
zxMp&{MAh!vTca9;0zzT-tY=>Wr^KY)>RNg2bm)9mkI`Iai3Gx94<(6R5$HQmZNDZ}
z<F00)R8?kPBDKovN6h>@WEs{h>!xG?uBKG3!Ds^wL`-f)ec^ZQoFXT557<`^IpAi=
zP(kIE!ZO+%tVYestC%1!w*|lX{XmIL<o2~JAsGJCpkYMfF{-kKSRquEHHzvk3krmD
zh+O@NJy`zvLtlUt`_&~aZbcIyU`)Tb6TieYgd>JZz(Bo9`$E(pAv>nV>Cfx27vrM1
zp%X*Gi@4R$`u7&pAmyY#<-lZ37POB%WE{QM{U<S!1F38^Zj@FHAv6(QFnK<E#mvkl
zz%7L_xj2_Ns4EC_)73^Wfh?2kXVN5aw>r)H7i_^dMi2+ITXJV_$1&bD5nQtOv7u!{
zc}h3mD<Mog@8Ym6)y=NvcTjoCc~yS5bHX0pN6m6p<QXrj3hAeG=v7jCf`>!$ojyi`
z)LfH$jcIK$gN><gbbEwHF*j6;eGsWFGz-GC*=KHlgmVibEbPr^9hu%Le(A1O(m!<i
zw*dbVDk}%ae{{;k{Eq_2#PY9ns;1+(z=7g5Q`2fkBV@Sm$pUM)rWkyMLMA`s<br{R
z^3FA9C?!yjT|Xf8KJl!p;c`)Ek}_13$TdILhJUPmiyABdA@p^}f6)1ScL1~8j1J_J
z=4{8s8!#5zJwtxXkTE^er%!)*Yx(@TqI-hS`yJ}|!b_CMIT^qyY*8Z!XCUfhdO(09
zkofE!a6G5iHBtJUr)Kl6QP{wMA%ioYL^Vr616C6y4t+B-WcaH?y?_2haD*!$gLarH
zsg9yhb=Lih0=3_qBhwk;)6=}b!v6P5U=Pxo1_QoQIJ`L^0I0c>;_zf<9k^19IZ(hH
zM`{)<Wga9c3c<QKbXfERjtU^;`sygECIy>YW(*%hZIFBzgG7$N00Rd<elUU#H^rF5
zk`{|$5~1}u%@rHdHUO2kl>mkMAfqNUdOD{mCRVGSHqVc|9DYZRHhIG+C-upkc7z`#
z_SCSZos5DBQYxq>Wv9x}&n<KFd>}Y*?kIBId3^?kRH$T5NR_cCWUV4^5&L8>(idT4
z5Kxiql4kB*@DOEV%S|(AK)=nGOAQZo7%$m~5`2&^mX3}{GvUPqFz`lo&()1<87Ovn
z(YS585zZ9$uk32juknARx)Gng<g=K+56+ZKk9$f%UiK=rHsX0zBdK3{t;!v*B%iac
z`ycFt=Br3SQyaudzFml!L^`LD>I)0HkJft)NfvvoP$rH^U+X|4nwCVj&0JSchnCOl
zmub?$1n5b<MMCCjrClVAns|l_&I%8RfLfGko85d#qo}Bag|i52{O(6!H0VLd9?6Re
z&yc9XJqU&ixTA+WOdVx1(?tv!J5g@u0z^}^S<l2MD+87UV*L=1@Stc2ihLbau9i}2
zI?F=2VGB=o&W21)HSANa@w(Tz=E#Mmr~-SDQ5>Rp@JQoYpYlU%aI%M}LfBlZ^bI<5
z8V_I3Olw}x!8%92{K)BM%?=@fOpPw-W64yzVtoUBPlp-lTPqBBPP4L@xKzyml8l({
z9X>#;!Dd-6`;aQJso+Y5TPmo)h+oZn#JCk-#}iPOQWfW{M#oo)^KMW^mZikaO3@(H
z$ka|zG8o~Skval{s5%DIuYSDYgh_v|Abrn4z80y1F0Ze-&KksBlCiHjZvXM}Qmkk}
zC4SmO!ej<~1p<!5YQf2(?VKq`oAx0qR6X{<iAMe_`W6+oTUzyJ#l?9RaHk?(>07F9
z`_vB?fR%!Pd?W>kmNwF@MTnFoGBPIlx+W9SEiUE}6=Q@CG`ql`cw(Re%6$FFb8ZIq
z_gb~sT}qn=cCF?R20az7GlTk(chT}n1&#<!wU3gf)@H6u!`;t%V--p)#Y~uEFeh1;
zn{cHZtfMjtUF|(#Xz*So%Ym{n&_AbSSGzTZw?rhr>WR5sN*aj@Hgn+em+uX4@?W1F
z5<^H!rq<lM2cG+Scp3*C&#pYur5X<ByvR?!Z#&8Qk2d)A*g!lFK6ZIls++Y{jJ^V2
z4&G(^IiqSMFX#BEJfA^RUQRT$c@&n~?ezM@Hs@u04~0IRR!WWL+R5x^a1KwxYHzT&
zRFP~ZG9JraZ8KFGGLFvPhqfYRwT9$cq}2+1OpFEnFYXhmB(W+qj%2NyjNp%8L$R_v
z%eyshqWZRIPrnpg`R0hoemNhI1VUwf*5lnyyYqy&@6QDd*_gji7q|?V_OB2cuFksF
z--`?9T`!8&D2w@nlRu(ja@v)Jvc1|w689}9$tbG<NV09gB~6+1As1Cl59{DL3Jc~N
z%u1ew2{m>aFdfWsx-PXNtcj+S!>2d}%oW44m<fvtXnSwW-=gUz+#XSvn{r%rd=EHn
z+%3dkZy(G&g6;`j<Fl=N2mOQUf8+XZ`@zESU;Dw#_z$czGyNN^SN*~I`X8(xt8I==
z*p}=XcAsKP&D*$&3nFu6$(F$PL&#fcRg(<VFW~nakF)7Xlx&#FAo0{YIn8t(<5BCC
zVFoT9%Dv)}Hle$EX|8FCe=t^Pwrmv0BKHJL`@U`M`9@aKTJdb~e``YX0ww7w2>ML=
zG8Gyy6t2~)5`-*{$o1d`(x#I(?VPS%I9^(+dT3E6f6^$@!)W5hJdioh7tXWNMX7U9
z)!drDd9xIi&B=;!6~9Z1T9y&*CCZ+jyiv=MHl<JTfiGTxb+J)QlZD<Kx^KI6tB4NI
zYieS}iBAZzm^b@B&Gk0ySQ=o!fKA;XM%q18Ik@m*^aC*9(UH9M%|4@j-9>w}FRb9}
z;#{hmKD~3#KblLk<%}4TPx-(lHAwJdP$79X-*~fe>AiTf@nT~})zvP+y>*$M7c$i>
zQn4fSO0_4X#i<s<A+3#u{~i^#Ix;?VTUNwQKM^04u8RbL+Ms||D03RZ)>@}(A)_wX
zq-ZG^9R>Z76l#+t+@333XgHM6Vuf1u86Q%PxGHmKTNU*tMmK6P?v@h-QoB|v{)Ran
z8e}LC!LdDub;3wC<7#5A9*;?y#lT(9HT|m?Ha3!DSu47?N+31)7uKs-=ajZ08Eh!o
z4^6DBM0J0nS_Y!0+uU9%Q0xzpdy7hhdkpdZ>b5RrsOA2AQXUP;-&CS>R1_ov_7KUl
z&003yv10b?F9=9ei;I?*Kd9zcQ9mQ(lky}JNEMs3i%x!=OJ7Z(?4E9Gc&`_<mx5SN
zYe``Q%GH+j5nu!k>_HOMf0qQKU^F8>ML<S%F`#EJThm$$HFWOwb|M+6wqc_4t1de<
zkutr;-%cOmg0U=!soejlq*OIJ4bTpk9-&%~ldjVsLFVD5*jL~_$Q|rPQ9<-4vZWwK
z<X&9CBk?HA6ndYI(zM53#I&QH?B8+xfpoU^r(y3Z#PK)Fqc_;@Gk9(7M_C$lWVBPk
z0iJ+H=1mn7S1qhM;DzI`I)T9!4^~_K74k$FXL4I@jSw!ZdZH#Uvs!ZK;R`SY5w`n^
zcAu-R%1F;UgZQFhi-V^(YwTnc5YoJO=S&SO#!rh&j1E#^Z`2ldD*z{km`M9xYuSmV
zdoWQ*gD?o@>9$w~LSvvBo)y)Wa(Cl2qY0<B6yF^~yq(IK^x~ZO4GpenvgiOhaTCKB
zPxCy;)CEddhe-7l38>Oq>MC~q^T+V{A+vNUvQ^(!=8wE$>#gRC&j!zCFFtBoD9tft
zEY!M5VblAUSx5wBOJ*A!QYQZls*FYasUmvWqL}+_8tKK7I(u8U-D*kY;=R<6)h)V&
z_X}D_ml`gc#2=~6JheE&ENYbOW5g(CF@b(mA{^*|TN;@3ub>2bC0|E_9lwrsp*kgg
zBa|eb3Kg43L~Oon2fKebRQRzSE1Y{iVd-;XvCA)#$USe@(<5bSh*<yTa!rodrN-)e
zfY$jD4UKzb%`10*rMl|3@FaC@`w7486$x=?lx4fh*Tzn8E~3z0@ZxiFu18{-JJmlw
z^w{yfCerm%oT268<NEltmC;cl)!pO6n=bvtJ_Iw&Ux9?T)18q>{c`2Y+TGRN-QGsC
zTP=o92NlrOnl-(>xgAM{uJU1$M};P`@e9`@Ew|%E1^8Z59J(YGebT2(^>W*{Uzgv!
z$%C)SwPsk{nZr|Xh|7Teq*+$}^Z;^uCTP{-F<=^UQ)wC~%Z1xKr{4>zQ+>S)jo-rQ
zO&~>NKoc{<t?Ir}R*hrZLWw*qesFeYX$Nz&cfM#a!yRr1X2bb=X5!T1`2Zz^?#y!?
z{G<7az5sf{?;qs;o5+8Yo0*;YKZcy;pX6rwSL9ww{(B@9eEosSy&#lcHh8C0=vhxx
zQKmGaLL=ifdI%sujmQc?0bnjN@|5B#;I&$9;=z=4D=i>#D83kBrbpxQiki<5Jc{4J
zToaH}1Es!B0Opfw5_`-$O5~oR0V%Rg-=|*-@v(JztryU$;=2{La$_q=<#iI`l}hJd
z^%DlPE1V?~Id!=&=EmjCj3FH?$NzGtTdfQ|L}HmLi#kL!?>rl`*}fKgpzp<<A-HZ%
z){)krUXTvWpP9VT-{U~203n`&3J<``$6NyMNi&;6`di4_1T)#8$48F7P`~k~=p+{T
zA`)0sMPr?Jw5_)F^%a?g`U6qDi|jIxG_^q=kzGJiKNqz0l;16O(F)SBRO2ocNb?d<
z7XWo~IjcCQ{may^PY$>Vrf>uIxpH^NYSa<bQ^+9`<`GVv*u<Qx?t#4x_CCK;!;!#u
zmA2*I!y$LuC#E8q@!}F=$U31WN6RPt2ECk`&_=Y0#9cmfILS{n(DOLousLg<vSV#O
z0tQ$8oP(fNX_4cnNW1|{41#CX)5Dtf5{l8&8L2g)H*xnY>Ax7tZBU?Ti*(-sR7=(3
ztyw&(Jc66&+?Z0Wwiin`$BdNBI~SN=KBsCXYvEvmj<CqE&ug1;In;POaX6w{LwB*N
z0w^0;mF!IiX+?PQCg9iSm+S#%XAW349DemsRo#Gihg)!`Y%$4oaBj`|DagQO^-9kO
z>L3nLJ|hsWJSuE5Ix-m7&qujCZx^oc-&DV#?SpPo>p+4h42Q0`vQxu14kPtJm!?SH
z!v4}4U_C->Ujd80W8nm#p0>={r)Q9Bb%FC1qGZR#NHrbaMcPV#YT=blCxe8EYNkET
zEwWBr-(+eVx<Hos#xRM{IMiq<i~ug~x>d?y;%``&`5?Iv>!S`v+Llrdmrhn>xIQoH
zM!dlESl|fKOJ(Rp`q|C?Onj7Wr2O%P(7Mf;DWc&X*_9%;MKs+m61S6gZQlR9mwng>
z`fL3h%x@gT-H>WFNw*K>S5f1ll;6yeSlVIWSXPbniuD06I$RmLNTa#&Q14`8UhMSP
z5mWTI5hIEP7$mLkW<&w^JN1lXc{9hz*i11xaxRcZ&CT1g@Oz(4ujN{!jAh<b-CIXh
zYfJ!_s(;RzDPFFXe0}rC%W^a9wF0<Dx9oR~qL(p92z6nV70LO9z$d$=LK^2jMHC6O
z5{87Hf8e|ma{}%QVOYX+sst>s1g;au34$BeE6+?g!?PT|?%phtsN<d|Qy%c|6uSo-
zQVOwM7|vy8mR*l%pKX8egZork#5;PD4L(jUs4qYzyuFft@Z)bT{KXGWPS*e8gX15@
zkA?H!7{4ynorHW*1n=XTla@m&NdN)+oaE9Z>*>PIghgKMtpSKCX*AQ$G=Z6stsWj;
z-z$1{l@x8J>Y!ff=M_Dlt*)FtN3WZUlAhm9_XqD7&Fi;)-iym&`HX>hUI`3-9O)#v
zvuhkKuJ2zB2Q6s1J%_9xiE&Ag(wmUR*d+}YLef6BqmRI&md74$37@Bv%*R;^xbK=$
zMmw<m%kxnTr6B2h(sfaO-ZBeEAx@A|q*0S5pcS~kJqH|3TTyPzKi44wd+!aQ%~9G8
z5Q9=_Aq+ZxvmPv=?pC#v;e(giqFPd>j?PV)eE#Mp$7s7<g_bp|M<Psla5wv5n>(j%
zZIDc>s!w7*i5;YGE(dS#3go7b<s!W%WW4yiMRNO*px~jul%;cHV?i+GxQLY;4}Fht
zxMdkfm-4)PB5SGIC#H&GJe4lrDi9P14Mz&4?-3qRMg4K;lFD9Re%R-~mA9z^5t&&x
zoTzAl4Iyws+ax>9SFNk~!%8A95ysmr+(I`+8iqh+Dm~kY<Sd18{!UB)K#8=eI?dN9
z23Va{5a+ovKW70&AIW{JaKvCMQE?abV>dxK!64ObfZ=H*Kxx^9Hr&dT_jzq0r9sq6
zl+MTCEE$^Dw=(MLdQMaUgt>B;7mrqTjwgiMSK^R#j@q6uk~dV$!9G|kG3(uG!QBV-
zv|OVGd%O!Fim&$V#m637Y;P9+V-B;jnSf65y)raAJR-vX`qx~o<OUOCcnx*{sChT4
zjaPj32G!ng@$@Q;u1<OQm!VbndS`{z`ku=E$skGx&Aea>5mG5>+Eq;|(?TvJ3Q$Z{
z@zQhAhbn;qs^ezqhh3tmuoSnO20;|odLYwqEwU06eA~J4FBgEGsnWc`JlC)Zf`{M&
zH<rlG+rvqdZU2tyNHQv&H(gl|x+uREb(I~8gBr4r%-cY39^;SY_U_a>N8<0ZIEHXT
z*F$m}^5?A^J?S742V@_nUxsr}Y|5<Y_3;}8tb7j#wi`Fn_H#(Hu8U<$g;T};9Zv2(
zOXDpuX!01;QfHLIPyF+Yl;=Xti@oa$%YBYTE=0T<yM{uzbERbL&1sHv5~-MA+(>{&
zq}KosEnY4Ze%2AJulzQ|mrUzgHEk!NSZfNSLGOxOpM|Hy4XA`5ihN4y_Xd5azn1}I
zB4C#&P+Ir=p?-Q<=M^cnYIG;6X`--zmnkSdH16$XKjjd|jyqxF@dJ{Diwz7?kTrVo
zRj$T~^Un-)@S93ulj;OR+uq<EW^dz5W~Y?Ix_5My;ZE4iow(RrNF_ZA&k-h>-*VA2
zOMUssN~Y{H6UW&05aKVN@sk*taA9s$)jw>{%kO3%uUc%~O`0>rA-1N?94~?buRLEm
zTIQ3;Zq)X#Mp+wZ1SqK{)#v5$({nto0}=q1mSP?2xeQhnx1||%k$t%2uYPy$j=i;#
zv<<v0lr?oaegR3mL&5zMRDTiZZ==J=!1y0hvHo-Q#`^DeZ}D4p3k)bjJD+Nq>}+Ms
zuhvN0l4>BK5^JH#c^2@54w^!SuF(@GM(-((S;aw+x?~rgJTKchGo0-)H?8n9m$!P(
z7mqsrDl?v~HmWqyC80d-3lt(qW|Wcou#QUuuf+G@K*M@Vdo}`zFqkv)EEnQWakB}5
zoAB~Z7eFaP?9CLbwA{^Ii7b!55MT@8$Ds-WyV}`Ij2Nq5Y4oOl9*Sz|oTBBh=f_7?
zN>VrV<DVa>LV{$ca0nPomJn*t@Wlz{A~$WiP*g}h@KRM(5-xt3vhn9Cv$CD*$c>`e
zv>}7Ne|)9@7cML$CiyPaS~<Lizw*f`&F~xK6e3m;M}K_Y{q8NJf%wJr=&!VPr>qLG
zAmOZ>ZMCl?7Kgu`s~)j~)d*O0Q#j=cVN$d;cU1KG?qXJuSWXV!>LI2_ok#`FZ)RX@
zEN>^d<T?)*BC0I-W$%Jh)FQ^KJTG5qe)8t{j<HHn@*UD*Nb9lKzV1?px}httq$3qV
zLhZs(snxZfhZd!rU##vRmw7+hY5hV(f8Y>qfpSAJ8QgYz@Qu+&ar2ACYuIBq+7)#;
zo4YMMz?b~6#T5O%Ugx|jU0(pMDeZ@RJ}o#JKRb#>j8%B^yCm{qNP+>{t@YONktD${
zj`J>)9sru7@5z5?>2Hnvr6rdCDSB*w8RWmt{%6_3_Sande_!LO$vCcy|5@Wwzcpu2
zRf>3~7p%CH*B>o%F_z&da>5h<ni5+irXdD)t@U_z97Fp#SSIYY5|}@<zdw3x-Kk+1
zbHbdEcixvjkGx}6%Fu(q&7E%>GX>oO_|T7}Fl0>93q)*}i<N9W)^u$W{%|`${b>8~
zXN29rNu$aelQ{tMJteBa7bvpyj;l-ib-G38e(nC%j4zV@d(HkLc6(9vL~}I)drB3p
z|NQOj>tKm@)5-)@jg*JQe<JB{Qc^|e_)$#@8Uqfjp&-z^vvH3kqun#OM{$iMBPMnq
zSQ9J+>uVdTE6Gp{kdEx?5Q8qbz?u!0paQfWs&+M0-4od^5e%bJgtqZ8#16VHzNvD>
z-Wj%%ZuejxueH2Nl~iQ({^IUu?7;r?-h7z92AIrPEMs+fc@=Sv))+&-g?fdC4OY=*
z#SV@z=}Yj^yt2lbTxdv2q=A*e8(p*|L{icbUv|MLBq{C^P~>hE8farMRa>8t)fAQb
z;H>?~li&a_Zh{MZ40}XJND06r<c?4M(S4nn7Z;`(G5zTpJqsT`OuYvB1@lkgvbSx_
zh(-pTROrJ*A3ye%h!ybclt~0&ST>;R(M+&R(O^fAF7c=bAd7Rslb>=<X}#k?Xrv9H
zaRf>gFr}z@{lPY%G(n{^<^zqHMrx|G&Xou<Wls>zida;t*9P>dY?wc@3f-UcmEohP
zbq+WdG@*c9N_wxb_wFoKyOk?Xhz}*m0Hd8^1NTW#>9liBXt~>ugbfHRr?D20*p;W?
zxP6^3N#=vZ^n)bN1qX?MCM{@6)JQ=1)$*IO7<NK0SOw{Wwg`t-9hiuJ<L0VIkxfNo
zIFh!H3#Nhv5mrK0|L_bt0ODtrHu?fQ8GtPgyHH$)um8QOXu`g|3NkF$%ON`a0P@?E
z9r2L%oveZ_wK9Hq7UD%-3OdFP9X~r4<#FBi%}LA})j2AQky-N47^F2;O5m_Mj7%Z0
z{Q%v2p9U04asP52go1sVK~7^}W`j!%{I^nSZl(PSC;9$~J)&5T{`H=IvP_6rZJMJw
zU;2E|HOwu`XNn=MRlwPRHzP&i-r_DV3wEQ=E`*9v=__b0Gh3I$b0@l<mO(toyLdZ(
zuJH=B+3(T{B#{R<XI!yjH0@DZ+@h=DY>goF*=A?N`}5&^XfoVspn0n*D)75I1?2v)
ze0&;%*<YE$vcV8P==N=iUxV*@>sRX&gX3=|`eqb}GiCLhtf1NwOn%Y)@ONGU+w$-#
zL3;t7IDuPWJ7oBIzr7VaL&jaylZol;lK@zCozZ~rHEeTXN^84Xj1sso^(~Ko6x_&@
z<7Zx)q}{TPO$vuDk2A(#3_p{^-n}X*TVPQIiq|JY#}WkDG>SE%d*o}5zgKS`l@gMc
zG+(pI=Mqu6CF$RH5Ql0&`!$0TD479kHw<G%LvaDU1d;QM*~~Y;N2fKDmS2$v<Vr*u
zf9EBucF0?ZQh&Q}J{h2F<=MmCL6|7cUbwYOR<4KOjWsgot=&5(4bMTDu4I^)*Kuo$
z!FV+8WpLQzZ%XZTWvonM73joZb?N9{ICLu<z&;d){BmofDJw@P+naYwpxrTgY$H+S
zDH^?l8J*F{2!P)2sMjexbRKX-^kPs}1UMLpn4}bm&7Im+H{ZN$rC<@}7@s8OG|2kE
zk1v>M4MmemB9R+JQIsJs&dU30INbO(0N|K#BCKLyEdL9!u;C4H_(eptkm)?x<v0#&
zt*C4n5e<m5Di>(XqP2aZ`3BXoa8LtRL29VZX~o>gd4hJD|L%iPQIe7rQKr{o_dfJD
z9dTRet0w_~R{3&pN4pP9rj;GLx;DU$Nj5H?fKu~`YoQ7)ts`iZ*&0dC4DP{7<z{K~
z)qo9Q)x6ga!g?gkj?ZQB{9Q0Hr6ytI!-DR2NBC&noGXhc9q(v4xNG-sK+)H9-+xqv
zzj6P!!(d@!`;Wt5|K})${a=kzid3Z>H$-8&@745wS}+qc=NosqD_P@aTA1Nz;o>uK
zR*H*nCT|wGrX)XJ2YAKi3$HD(JP0*|c)kO^09-J`9DoErQFj)bJe(SUapRKe_bk$-
zOBdVo7UsM@;+Q53;h>0ajB0kw<P;44DGCx&FP&tGpfvlSl`U~%vihPs4Gx)+`Z}UL
z10#?8bC$SXQJotzL^26(PM5J)fdZtn+FMl3tO(f|N1qFKcvnd*Oi7?Ts;PIha%p>t
zKaO7&p#$gaIT`|o6Wq9p5mtPVgaB+twXyH0d?Tuqi(JWjfs_I;t>N^429`W}ecZN~
zvqYOM?3Fs`Es*<(E#2hu>$(MFLBL{sM5qH&zd-k+rIn!~;V~NrV=X~j3d+R0@!^xf
zmh;jlnP^0irL&j`>H}i4cnHri0Fg1NZw~^vYCUh?fi*{>V?~mvM+}uirQLymRqbS>
zgJOu}NsPA29zknX13jZfYj3oFHUbqVoV#71GK44S&GvfY%_I!vLyP<IIRt@P!sfJ%
zwyyTk+P3YoNj+6o82|37UY9hnQw_H&{}qfnPjB$UmJ*b!bhJpKE>a5GLzh6>kr29#
z8=*kOkF?F|+>S1@zjU7jyc@Z&*hoiF%OH(0V7h`=jldKRS|eR4Pq1}_IE=a0SMUxM
zQwj4Tt>~wkYIdaB6n0=I9d)tzlXIVPZ@bf?o)3TZSU1Jtwt$V`JSyLc@zue!H7EsJ
zKdij$ZWhTS_Aw<nDz_N)h^GETm0V!K)4EC1SkZj6T8~|;cmx+QwL>mTF-V{Iz6LeI
zPP~||n$5hFRfl8ONw|>Bkab9>4b*DlmcegDqX@wy^>i>ONv^KS2?27+lw}6;uM=`|
zzlz*d;%E6LU;D!QRTzdXoShkHUcXBK#bT5a!`lM{jV|>^et8Ln47hR3ia4Vt9=Tr5
zeItaOC={*killG)T)o3(fO#6p0OYqm>FBLI8m(zBmxJDEum}AOv@5RcYsc=<Gq%W~
z0bf-Z`l|T#mdqdB;@iVV+ipK};zk*izc4VvR+6Wte^Pn3#H=&5O920tpWB{wR*^7q
zg=ZG4Y>3;L@zntwnfB7Eals4vn(8bs)%hqrAqUc{Y7Mo(Ad(TbS?GY7Cs^9LJWqd|
zbt<z85R_WiEwNoC-7F+Yu&@d1uCoE9u0p-NY!akbTrtJooHOvSy_-NpB4A6X7aB=6
z1i-l7?~@p^?!Qv4K%ER}+>RFrrDth?zS#KQ$r*FPg0C@PDM`7VyzDf7faYdNo7x{b
z0l9wfEfIdt^gIE%Cw!uI;%Jh+ww@)!T&$*49i~%M+tqxBQ5UhXa$Vt^3+ir^x~$g6
zl&C{1W6iG!cR)ub@h<gzO1rwOGX>3tqCaUXX9xZBL(T$ELtAiX;DAPiOQtV7U=nd?
zMG@EbD_wFI)N+4OVbKJCQD(MJ95m1;ib|XBMDuGm?G&4V+3Cj#Qserqofk`a^X@%1
z1>n`=&R&9E20fr*2k_!b!|80c)3~%92r{+$?W0Ryhd%H?S49SUQlxc7;ubll$HS*=
z+kt1Zwl02+!IkPo_R3Kc8B|S^O>vPf5fl20&(o%Sg~C&!6vMVWfARyrj_QH2`^#;-
z?w4(rm6a3l(~kq0e^B#p8vad9CYJy9W$gcH*8ay#b1?iHGu`xOg0#-|C%L3oXJ^B;
zYj{5~*_hP^l*J~4jl?r0L<Z0G%cg=6i9GCmu4O_mJIOk<tyjR^(W*C+)~n<FlDw)q
z7hQDLQO)tVVt1s)h(a2{ufquuCWIK{;UohF2?L%S(j4ZlH|puS#($LfhvNbD3oB_N
zq;x-I;V*e&F^1xqR(w&$!irrFx419t$%S1RdAWDhLIspz;FyPy#!}MtE9r(!L8FC;
zp^gYpn#TI@3aDhOLn8D{jXaXZiz88@!LDsL`dm9XTD)Lld^wz9xlvk)ev)))O}9O|
zG*YaC{2c5FI%<P)R7vQX8U;P*P6yeJxz_CMsP{d$MdE7aeJldnAi#i4vz)v=P3?R@
zEh6431qXQND%2A6+I)P~T;P~|1_^h>!Wtfu?YsCffBC?NA4Ec`fM#Gq#|VBBWi$<`
z0z>sMtj7MR=~canXT#h+w^<?Wss81RjTDj_w>~>X5tj>4j_#wzV3Vm+<&d662+G?(
z>=&D>>AR+qf;HYOA+3dgi)_ZX10R!Ev?F0B^&(UJK?JOAG{&{PF*V7ko@2ni<dOyx
zbU9@8S#SbB-4SUr{09xbA>&Ws#cWlY>?!AZl0*!{)`COJiN?Ex_l-}2U0shRT|k(|
zYbZGsDtF^8)lsmZ^@Ise5rK(~6$lTN#V>kgDBUESa1q3VmA%tlX)%_fCB@E_H*J^V
zsnL-P1n9z}hGRpw!kWQW*Jo%0jF$0)<>3u2GLV-oI#Su<-6T;ws&`y_Fch>95G^my
z<SNLJgQ+z~U1zZtKkYLULfEVTc4>8O%qjV00WaD(O?!AIcU$EeROfg5Zuzqg&f<ih
z&4t#1rwJ~_7oWNJKl5`hshLUNLs`BT!n7@rt3hl?dx*!L(#9V7zVe3RcUYGK-?0s(
zb|t+~+&C5;Ev}UGPL<Goq~)rVd+t6i%I}&BvxC>gW;xA19wwfAmS51mq$NJ~G!oAz
zC8ljSHZOaz&$W=7xK~mW(Y}{P;*jsGNWq`A9(~R-sfKOaYkudrvD<MyIRtBFTYmE1
zJclC3@SvU}HE~;IRrlKo&Km$X3~c696e?{Zuh^XFP{KLzX9fbtFq){8vDE|LORE=g
z`zEK8vo5|~YMNU{Fdw$I7s}9|xqh@c%pARgKFXf0;x~^3viF(wN#{lX<6i%LU;nz-
z9Gw5X)*OGO5C7jDnd7fn@&DQ*FR5<*6-e|s{u4;7QqoWL1Xy69lw!6}VJ(7G!Y}4+
z9R`upS2AjMvD?t=W{!2y=uwo3Y77`fxVk^S-^vQOM!dOPs;P9+r593Pfdlk7ZDPig
z(?2|*#}Yw^K7e3xWg7X}vNMA_Z|Uo8K-wuMF9lPFE)>t1WeP;Ny*En?NK$l<1Q%~N
z&Ep`ODSJ_tPBsWFT2&k~Z%^Ci0M9xF^T3ipCtCuoZf=621X@WoElh^NDk$+15RElP
zc=I{S#e(CJKp32gQxNhzM^o~1$}E4pt=SSBoE}H8lj3e{z(1J}g7Pf0q(=UP?O4kd
zTyRYPBnX+mbzxI(C1~K#4V1OU3cIq@ZzVVzwaOs&jJx%!hWpZPE)EGP`J+?dbVP7-
z=-QP#qmr7`>dP9!8Dp;9RuV41(8`w4l8OOJ(eh>BW-@VduzgO4tO|xzri(oFit+Qp
ze#>|G(jegISk4#o5kpby;WuT;p{OzX2v>T8_9eTHM}&v}H@$u~`ULdm32(q!#)sZq
zCKdzd2yndr__~+^ij2)ot>N6|hC&$WS~9lx*g6@LIc5oSE`>`vjje|u>xkeq)>K4A
zRBG&blwfh;-0HUbP!o9Uq59-aaXq*~VJ6x>xVyt8VsZ?ivZl^%%VILGsyuBy^}F5*
zy~+?bU(JgDgmZ_t=0OY*J&^;907KsuR<n%9kcQR(klhP>003qT57U}rXBgB$NFp{B
z6byo18k&k#-40H1qpc&Y2ul^TZD2zfuHEK2uJ}f8hoG8bGV~bl1Xc{M4>Recd0Yk9
zpLA$H1uuZDFIp??{e)yLD92%BikUjgnEmWDrdHU4iNS(jYz?-XT;`6*IN0kyh5nyy
z2OH~u7pR<n#TWlyp>zH<YW!b?UZgx>yTO3ac~1Sb3|6ZV7yro7E&)fW*juJ@DF4tq
znmGA`2sd7I-{}5GN3q_D{WLEO4}pNr%*@5?6@W1h;oak7+3Vp{3$7}P;$@?8&N^8D
z>p-gz^su2GfH<G*ZqDG7Fdq<bSZ-_J7)n8sLIP3+8Fm!qr{`UuJeUf;S75^#UwdVK
zhWYAKk2oeN4Xn7@IAlR!hAzf72S&~P>%L33Z_u3VN_)VO=wf{wtE(b4M|-z*5&+uB
zD`ehx%CIR3v?qqdc3u^QxWL36L=4U#4X!It_nkX!+<lOFVZ3g%9DC7gt;0A{ycwhF
zuOJn$(q$m5E$26dax`mSb%|}PZ6k7aQT4n`&=7+xYvHa6ZoqaxxRxbDF8=4;#Q6MB
zO63*6c_=GJTBLVdp$ie`uD}i*0L(Vqr=Ss#4LD@+qm&swkihrLgad3FV6T{6JXVS=
zsi6+r5J<L7w|wrs-Z7WUo8zqQ@+AU&;nNUFb*54n8jj&e6tJpyf?d%cRV^8^m9b%S
z8!l0E#EYH|K@sDU=bmY?3RUlTeKa5Sf&jr?bJ#TWH)3p35=<OElxMkEUV<2T*Ef>!
zs3W~I0-f_$yN=kIed9RAA!u;b7{Xm!w~1)R!vs>85(#&xIv2R@>X``_C?9Kbehkqb
z*qGH|#}_)RjbDX31JWdE;BQ);uKvvRHbDY^d;olxZRAyqjwcYO-$>KNAT_YUcgC94
z4|<45G9HU9d^-9e#LZYV&ajBy-Aq?2oM=ex>cRz6AP&~ffp8r@8<J^!Jk+L>>p;MC
z>3$7YPk{ayP&-ihCr7)xj1%^sikSib(DUCy{Y$%SO#e;jGBW%#qRYteuQIw-YBn+J
z90*_8dW<_)R0IgRXdG2kmwl@1<>YfnI{cZ{isCR1>|q)s1}Rkd=02}cS%Fg#4N?`%
zfvd<f%rRzUPd5O-3;uo|hpy}_Z#l)a5wOsQA=i;(hfu@7ou&tv(&YD;_J-E5oLam-
z3^YLiuT!vla@Y#L8Q72Y?V@1T{3*Rlh!?Q@aj|*^u-_{jtg!K;q%Y0ls%acKRK;E6
z2zZF{TMnmHe{7@u$x^dZt2>aTP5`N2he@?8I)j)XCa%Ae5HaAu6vxk+8|p^chdqHC
zyJ?(1udkm@*#(=VHLUf%LH3R`J}QL!))Yu{&7g4IfMhY1OczlQSa?b%R?O>OS7F7c
zhDzJFBNX+6o@viZ$;V$j6_LCtCgVI(s3?h){25@~Lepw1s&n=G1<7rCl!_MX1$$x^
zjUTm-#>DHUDPT)_yn~|1tY>Rv(~0b<3;>1HAw}JC?GEV*b7Eg8hiHbOSSrj8dWaGy
z6;mmo)2z?y^p80PUJIIu)yoqlt+eudFrlX<cuYZmv^*7gOKLS#<1JKXr3(z`cLnAz
z%=#5pQB*;cfORPcC{8q-b4gBBk@HGw4z<~yu&7pxS?p*Dl__yzbmtw~%UgJInA=-U
zvSMp1Eza$ZT3Pt052S}0!;3s5K`3z&Ra5+?OzWz=-utG<UoASqWqX{Nnb4}mQfp*Z
zGnuC6G6`Ans)>;i=@{)&Vxu|!@$GyWzt^~g_fr;fyQOWo7QuVyyu0}4S=S{C&TG2d
z(o7b5><5m{{OXjKV**5u!&}ti=$JFV)=#>I!gbL#YH%v&M~~lYVxPs_dG@ewuOw5;
zH<QA8%7wME{vKGD1YNfKG2?G9_8d$lY5{rO^6n`%#|8Z1^|H&J+*c6$eVV(lUq7{T
zL`hl<-wRXQ=%ISmr=S~t>D-KFw=3?f)dELbz(_<6Od+yKzf8@`5d5A3${bbNnt2)@
zbR-2@36p?{;S=y57lnayAtobusyps;wM0^a`su>52~I*1*BE__Ht?3<02&?)3EoT_
znTK)tak7u`x|hOp34ErAh~r4J0tpmo5Ed)1C}U3^URM5-7pWuj%7i}{7IKwX(K{sf
z@W%_IQO1FrafIz{`zRTQzf`L|0zHXCB)C~~KJOkOYJ8)9C>Ue)kG25hlv&{0$>L`n
zG|1>_eqc&&79*63_>WR`YPy{R{GX^Xe9k5S!%B{ZQ^!;Q(BwB7NX~o91^%~m`h;g7
zt(hAoyhjk7!bp2yU1m}3<(V}kv;5S*zO)K_5LG`<U(7$iZ>;O6{(+4D4+VcQgOlUG
zW{;8KpG_Pi<G<?SrqpHZHbfD+&ebNXU<qs_!codLl{rO}NJ^0@NApe$M4~HgB&sKM
zsPNg}Q(R3Yykg_RIiSMl^%zn-xtXu0GMcXYkonv`=DwsO`sD14TA6|IUkci>h37y7
zW4h!2iUN?y@9FdImTbL!_PRpMeu+cB{F0zhN)4x^SqT7J3rXcWsJj7HM+?B;Tf3|2
zi#Xby%Kdd&CXTEJk|*S@p;;-}SdbxEP20HQ>GJOF0^O3-%(cWx)0|q~Bw3`=9++_6
z(k=|aL;u@%I4(7ka_ERU909<j-47@#&J|+3SN1m*@{BhIh!LV(r~db*U=pSO7D1=p
zwm;pyT<lqXsnj++tf#ySFj6Gd_0PaHPl$207@I;s3Eyt|_`&;U-^+w@7FDK3UG4`q
z%61DxC@9$^3V>v6Fq_)mT~*aa+1$tnR)pH2aS>Ssh2)W0%5bz`=G{T~NZzz}35-yC
z9_K_*e<%AO0M8j@2XKW<gUzDWN@EL@1Y5TO1%@JaG4L;@l&zma7TD5RY)mW`MXJKs
zD^}#xMOF)FlX!E%1QV0I{@gTGLf3WX?DK+DRtJp=p<kluPZUi-(rJxs!L3B3QZ45C
zK~KPjYs=rJua=BIx!EkDr7Mof7!GQi`rt&7^F5k^PP>*0XUEF=y*N@4F+91C4@i(C
z02G+ebSLKXr!rsRt9SV`5lmP8(4x0)S$2c?dgz%g$tw1OnHIP!`T7DpJ-6o_Ch?up
zmy`0Q3%$qeOB8tq%B`r}vpaVk56EO@tQ{NOhH*~vx81iJDP1v{M55ZG0a@SH<5#Jo
z7eQ4hCTK_Hye$x?npBhO$QkTzyG7d@*sH(;++aftM%l3Ewv9h=;R-6aI39|LB)NKH
z3in*Kbl8NWk#+HL<ELfgT|lj&3f8A_@HSU+FPD~KA?j^w%X`mw3Y>H_sQ96RW{jB7
zl(GrPi=ae2MaqD3B$xWUP{bHjUQGHObyAFZKDx$S4?~ovp_fRSyoMzQ0-jfwcUhK8
zPzfQ35Q7nhk@wy|iAYvZ3?!p-oP6af2pkItrxX<R#(3;9v(M1<;$x{++Nsi?bky2&
zUoG4|P~*++;L55g%W;3{t8$k~oXPwI!2(4Gb-L)MjoOD+Wys*?hq)L4pdeXe^J=1-
zg^d2povQzR)v6DIbKT5X=RBk7p3M-bV#B#IRMXSr;k+Ol%p0D^TmR{Igc5*m-t9?l
z1ld)W8Y|BeKg4m0IpJJDh`2~r(i`)>hHyXri}!)tZ@)mfOw8RwU!TpDgIDsoz(nEL
zr$H7^^_xlkgj0~4lj`mxYij1F<P29%0mqe9P%^xQq?xDQRpWSQ1#P@06PJjjRoyCE
zgCIU6>HHCuT5y@Pvj!We_k8I3JGJMk{%QZ0NI4EOpE8X&RNzW$R5cxC!~1+?Gxk^2
zfkGm5mhhZY<BO*Ehha^NxkRKVS;1g+jx915t@NmtIEMEJ?iLk{A)<?Y#{g~m>>c}L
z^U5`vRJWRjtCheK<)wG0&I2j?llk{E_R&|d`L@mD`qhu(UyYqlBr^LK2>m><(9I*~
z%Mg>dtms?eF0ItgLC0URXRkY$Np;uuZXp3wC0#4qq(M4~hb!ha$3C(l-+oW)!1B8b
zdjxOQ>k&eXuw1=Wfc3}o<G;4*IOro{M&Ep_W~OdrGn|4jWXcXW>f0vSg+CB<jmOU{
zAr32<N+9$+H>t3E?1f^7!g<E<;kUj)cOTvkl0$OvzuL^crgrf)B}&BqiR8aY`xlZK
znVJ6^$!Glkd1}S@@7`K1{R!pov!QtXc@t=NIgPM{uYb_3Fgjh>z@4DuK@OkA$I;wt
zX&ojG<nm1Wai=@RwhF=}b1GyN4`_Yro#l9iI<t!euYGU1bHDz2>Ig!8<fgCt^GKSE
zFjD6uC%ObdW}j00j0U%1ozKUG#|m)0r88JhvGMQc#woH!YXK17`Mz#^g-!Rwol@WS
zwo1nd3)UVLMYF_TtD5Zx>5{UKQ-Y>au$QbkTl|w(d%94xKNSS(i#fIGc^0JYPjq^0
zIY4)uiIL?Q2n~EGi}4u*eL<DlRux}i8&AA`-9GaJZ#vA9UT&#!EjSt5@fAK_d)xEG
zNS9QvXbe>3VpvUasMJzx==NLNN+0_>rdxf8+h^d%QaF8Xv$2H0EyPpKG984kkqBqo
z6*3CT5!IotnWCDjD*a+Z=sa0rO;ARhG+qORJpl~Rs9zGD2Xc{4i4_=11gjg=UxG*#
z4G^Pd%TBilI*%@Tk<MX9VP8@%vlfwwUgYcbOi^64c_MEfmj*<~f=pIw7Wo!Ru%vCx
z&ytCJ?~09DTR~(+6>M2Yfkk)V<sut%l(6b73U<zjfW;S0%-~keuL)G_6$2mcj(YFL
zj++f(upcu<(po2jXbp1^?4&N-72^vV@H0?1)UYI^{2hjW9(?<v7QW?|d2&1K%G>b#
zyEi&N<rNvdqnIbOozgf2qg2tld>`N=3_|lTDxjg#YL2;4N{b^lkSn1?zmw>8F4&;6
zZ%f$ma7W~+>^?tzid%+JNSDrbFul<mtY4083HgB9ZR|NkB{YXABMS1W@-UhWF-P^*
zdg7raxOmZ$*k~!pz5{P|F*5zEG<d7|T6+UbTE1ooU_-k8qAtH!R9(er5{$d|!04%I
zV|aGnU?!qnmc>Dw2p?Qd*l;1iBOf#26g3}GFlRN)g{4!B&%5ty9%VV#Msj16<Z1Hk
zo(c2G^W}w9qOX2!TT(sfDVQU-AS6C5{4Rp1&O>Xt39r7K>uJcPwW?!p8PUsk+@J~e
z3=y}Q!zF0{((*)5;N%)A!0OgDNFPPhE|E{FTlJZ3W1k?JRTj{_2xNL`tNu0~;)_#)
z*GGDo5F{ZKWSdf=fLi=a#)t`bb?aHQnX=!*8m&>i5I-K|RxC!fo>)qACS(8VK9e`j
zZ8##k?9Y>&-&*&TSw5o>IOHd3y0#bM(bvkl9KDSf^}JX7K^gc)@HhEBxGmjV-_*9e
zYxtu2wRV0ujpPeq&6T-R5Nc>c4Y5^qE#ZbBZXl+t@7oU=n{>5sF_laMvzfYRiOhre
zF`1A|en+c6(TLXYH?)eKllec73NsA`v=4~F#R7z=8_i~1mao?7HU~H5j*&K`89iiJ
z`f~`j(toM$)rH3FHtTDSBFcl53ijG<+_v{3oQV}SphsTJz@F&!Y-K3bv%hu`Kad~G
z35N|t{u53A^IC|3<G&-5KbZQ*%!HBoU$vN1Y8$o(YzST}YLi+WKl&x>jn=%R5@^~*
z+NY{@Xu|X18(HetlEgy_6Mi$k{wa_Vq+-*cYd}dx;LStK%x2Ttp0I=w1Wqw;KAK?s
zp0fHT{t%l&HU0?+kdZ>}vLj03vZhM27>9lx8$Ld`!gzpZJ{FMtv=Am>%xnQ7c*>)Q
zBo8T(>L>&GFx?@p5j_DBA~%$!(Oqa3NOf)(aeU$tn)$qZD?BaodS)eRda^aUlGGK7
zD!rZoWuqeFRq{w&EA(1n2q6ahI9OS=W1)iD+VLS@T)gjby5T@<JfGpq@(+~Z*n!#=
zNEcXp6Z=rMEBQYV=6&>=htvqw^l4gNt~v<9SDmm#apl`vi{I50EhaIxkYm)DAP;_L
z!(;YofF4Ioa8AzIvfIbNAC4K)!l+LbA@U(46>HgSR*C;k4q~v{)sN-FWxGU##X6AP
zf$DgovqO0F#dcC~+O|e5i8W5nCyMZhrnx?uz&-+Y4V|9e{AmM^7+YR{$i)3~v&c#;
zxw)8ky?r%UCBLz10AyW2lR6-tX=rqdRaIg%P+|%8jC-}Rjj$TFt#xmhAPr@?tAu?6
zsR2(lL7q#92aW1T#6hfkT)Q%Keo_PTaO`|=&dL2rGMO%@jzUj7A+~MaB!yh6y|86-
zSz#+Y|K_F~U45?#APbBRGT6RLlsaAG{Jo~cr&qKBJC3k4$}t_CH}{;DzBD#gS?$~l
zUHG7Cp&(uuM^0&TbyyN!?BFpu-l|-X$@v%8-4wvUu?^RAIgyWp3e2BBrx^dPrrO;m
z0NPq~8C`i?=ZIW2hB`3r&o@8YIK)x9R-6>2F`dI+x8s4<m<RW9D~`-+I^alea~!eR
z)gZsw<GNmIF5o6kdm$<7Y!*)^EkphS<SQ!d%|a1AN)|nvS<b>YN47~z%T{G(DMOQ@
z@`?Z0Xkda{<2W@l85Fe}8znI)oS|d5PZVnid*5$Wv45I+TQV5#Df1s-%!vM?26gSl
z&%Uaifp)6}?P<KkGhS#qU@dVjI26=$j|cnIRe0B^Vs5cLi@S7ZAH$0p)p`HWZqlI`
z1Ma?)8usq++1!6ur?+|bpv``kZ->n>e<`IPkuyLx?+|z-(ou{vt!0-CU8}0(`t>AS
z8a)Bj=9)6VDJf7_-U-es=0&UsVym-U@nKH#egY~m#Pt2zvO_-uShRMwZqoCxG_eg=
ze%@@4L-0!sn<^f~ywN<*MJX$kjvcgp`xqWZk(C9_H6hmjPV3<FEG*1zqf+d#&y<FL
zS$Eo^;8B^@VI}kbF!qkkfv(%yc9M>5+qP}nw$rg~+w9o3la6iMHakw<thwJk*RGnY
z>RDg!A8^!lkMkJk083pwJ~BuijA8P0U;#6A#Mu@xdgo~aR$Sf0ymmemayM$hm_$tB
z$CfkykOR$-c@HsV%9dSe4E>O2IktD|gLOvA;akXf6{R!mR-W|2QP+WOj^A?HtQs{g
z2&G-iVI!XWX!pHF*=0)`TT5S?E0x`(vRJcFFJ7~1O^^`eo5hrya;q!GirpbZQavT&
zhw8+aqy1b3#~f9Tp-7SH3l|mpJVtk_;j7UG6ifV_f$R(U2{O_};PFq${e`Z--d_wX
zZ2xP6FfjiI$T9y{kXuy$yX}Q$G%5=I-PET1VyZDQP_b@bs01u5NO%A-*H2#g$@J@v
zR$P*hhC+qXy*TfH4$!N|^R2ey0nH8qWVw4S=Vi|QOAGpbEKgt0<0{Ai*gsNFB90%s
z7{dH&0-LJ?_iJwk6L1ah1<_{=o+LP_Fm5snG+i+2dWCEu@aJh~u<NSXF|8vn$E5Xk
zB(lOD2+JJZzhaQKw#A>Oxm}|Dw;y)UMpaQ`i$J7Q*^%iZ=?Id7$FI&b9B$QE>o6|_
z;a-Jl-UB#G%XSZd_*5JlW=8Oe=)KT2JxTciV>{RS%!$dR25cm$_|TL|j<+Z!b*{G9
zk`f86je+6I)_?3BLZ9T&@+o~y4FMI?KR!)0Y0f!rl<i@|>J!i2grDZq2FTOo_C%i`
zrq5Bh_mE=U(1Z!Z2@{<1a>7MAAk4#ZwlB=laMse3qphl(a_BNCtt-p1DYI)>Y)8~O
z%k5VBa8=@MQM4T_z<atDf5Xba;e6Q;DMDXhk{{#tM@&O?Y!qr(7cR~5+x&L4zD8kO
z-l*<@3TW{VXLsnjls$`<ZPlphAxE#4DQkSr>{ohu&m-Be4;zcuSws((fT~InoQhp5
zr1IY!PTHT~F_Q`z%}1?Dw^aWGNVv~mV=}%B!6dN@rK)ns0>UyFQ@t?_?oJC8zU^bG
zJ#^anpk<oRPTk}%7v^(E9LhTHa_CyoIrHTs;0?0iSIqd{=5b?y@K~8X>D^X~Hn4rC
z@7vu!?#Yl?H@~_c(JxtxI8UD&AHyuf>+U>w=^vf%Ig%b3TVU@;$hCmd7ONErUeC}b
zEjUJ${xXn;fYCcckJ|x4$%I}M0X2q`Dsm?(K-+z`#|Ul|WLew6l6ZP3zn{&ETu<_e
z2}ii~-8Uc(XgYP~-stV#=qF!eq5c`$=gbqO%?&=6M11SagWX!HHxuY%V7T3YH04lt
z_)){U#Ra3}@#{lOQnK)eT+VL=S38HxiQz<>D`i9_#`y|(m9nKspmX^aaGesxB<MGw
zN^y1jMM$X2vcwQz`O3C(Tkbt-`G%!H+wy8p&|IgQi*<=#_A7QjIm?~1iI!JA>fAQ+
zhz3(2x}kzM_a5rNNDkB<XRw2c5#bO_OfV_xy6LQwyP3iCkF!A2sCg1XM&pV3>FR6`
zkXqoj{y6+0!fsmyX??bpcrbBeh#_<A(YO_v#s+=PZFvLyaq&hBy{`so2ll=W$SX~U
zVb(5>MQsXacAQ#(z)RP=00+D*NsHyQt!da-?<8x2+FYXT=>l+WiFF@nWBJA(7FchV
zJQXNi<DJ8cYajn>o!9BX+7n00ot8ua2)7xIpsTs4bAiMjud^vhOo_|Ee(FT*(s+0V
z3TvnktEC^6(5luqsCAZ|BuTUesfG4AvNf2Z*^AYjsJZ8!9L!D)yx;+#6|k8f;rde(
zA{ytGrg><b;>hU??#wrj|LN6e;s_h<)v;w=Zi??Q`eOW_{Q8SZ|HCgv`oH<b^1or%
zzr_p&mVeFp{-4R#W$O1#j~zbb`W40T9M!J1n3uY&r7{tS!ov;;kcavYzm)QXAR$sh
z1e>Rok9%m+r8pLsH3C?qP9^qm+@L#0mb<C=c3+ZwTKn=*!_PoHI;B=tK#-@oWr2hV
z{OmohNG9<_?jMtZoOT5t_v?NhAS+%;H1DdplCT`3d8L86>4Fiy7Q*J>B3SQ0wvlwb
z?g(Cx9t}Av848F)x~GDg)g&!sW*Lj9tjq6Cw=YhBP*s(bDnHcNI+2^m(@`Y*c3x*B
zV0WD|I79P;CJ40+ZxMKa*{OJSd$lD-rJz)MMHcOz*LXXBkgN9jElOkVqNr%Nto3*d
zlB}RS729qDCnZp4&Q;;-s%@Z~$urH~jFr)H*cq+XBbW|S1*jSb&#f|Jt9#R;u1naL
z9!|?d8!?EHpt)`UpgkvpHZP}6BFd#oYCVXYel`msS?E+gdp;l**2m_(S+a}OiGg&k
z9^M{@<r+xuVN94Z%?a5D+q*ah5fc(X==q6@6D2?w;gRASAEFV|Fi1~a%>kPxCa^Hs
zRN1T{VTQ`?7^5{>)*8<zldLW1%x}axgod9r)S|_d_jgi|{boba^39I^8i2tX{OSU;
zusXRqDo;e60U?l@)LPhE1Wx*4Km+Y7YVgC1PQLwXWJ=wfFQ?=lZ|L6XvnHQOf+A1i
zlhX@!@Qdu>5&XlG=qnevo-lT91m`|9-+M!MOYBfTFN;t1y^&m39$bN)$R6B2V1;Zo
z9*UqCLSksIK=7ti%>DxOQtZR7=v^EE+t?dfKzflBDtY+rjX&mwWkcx+ZTYP9@;(QI
zaEv^?xCVGY{+$nI064AkRnx5Rb;wv`osH#T#@2gydodsUDTf&6ke2im>Q1yF%a~{r
zZ0=f#xgU&->*P)O5lY2726D=&XbJpiGPd!6&b)(9hE1~#*cNtK%;xt5mv`w7ZCjfH
z;!`y$j{Y+Cl3TL?)_b=VwGHp$KGD{57367L3dCtCu4$^ojwV&~%JNop<dTMtvdwfA
zNWK4gClX3RUFS9{2tm$82JevEd%3WVqqcFCN{7w?){j=Z=vQ_0_Cz`D@?e`~X~$L}
zCA2b}M)W+C`zmlE=XC>>Jgq*is0Ju5P(4a_hZ0Qc{2})RN^d@UvW`hX9SAqVSHvCP
zE$~U0(|Hy|N)5AD*b^Q81o{}&XD=JcFUv&@IhC@tr5De4#{8G0gO{IjP=$1S*sz0m
zBlGq8(F$6IEw@yt+k9A8eyY#oYL6jJmY7X0U~+h$1~p9AA;UMLy`LwbIu54LwyBd{
z=b<=v^&Cxf?8|0-NgoIkD5hBnK}T)NX$_{q(GEbz$+a<_KVvI<NphY5dNA5IXyd^#
zW!__*(RF{*VOul58D&n(^|JlRELZs_dj0~+U+AG{`FEVa_OIyRUtj+Zdj7I&|DWio
zQrEIwXGQ+5vtqZ^0nD7AY=59}WW*QYY7GxHME}zx?ld8Qh?F3?*1h=KD|BHqzQd$>
zjz5~jhdcF}>v$%12ObUketu)#@Xx&r@RQ|Hz)Sp7!y#i(PwzH+7=b1!gE;H@)WrIq
zm;H$*@R^M{AfHuyNgxOb{f1wQBecTLba&zBy~SxCz_x6@)77jEat$7<R`G(VZvG<e
zv@D4v^N~^#EtnZr&UK$&bs<g2nuUa+>tHG0E^XOSeo*gYHzkH!3=&4*I|+ohll?v5
zcj_>BhSOs@j6yEM@`J{rtQ7>oLQ?`H>KrGrr^V0pS-Q=K&J7|1O}g8g$x#P!IEKq_
zAky1?CxHTfvprG;M#rwoFCe(p;7lMXLZCM({|P$Vo+=l7jcAukrP_d`{*xu8As`u3
zQNeOdN_XoAjlTp1u|<}IMNt|iL6a(Y4@riW*=@o2Wa#?3P7%|sHld-y3}fJRMBS|6
zdx6x^x%sXKAcP=zK^l9V%n6N@wHMF#L#&kye$dgo9^2r09RT`H+>vC>*kzTzgLb2b
z=^RZ5w!wcqp(u(kotV&HxXXs>PMbT^FSAyF!fBY}amvTVo~+Pxbz?_PvA@%)zf`fZ
zb^Q0Iq`R(!X_z5yB}QVZwt=A(G-7Y5CvUjmuoZ*l8AK~BGy-i|@r}+^tRgy}5U#P^
zQxoa6X|(hxsmA(zKRp2&vk+=S<J<$S*l-(lc9}5}>27fAQjiCjDR2e#PS3<z^D&N4
zg%h5(hqPe1q|(7#^H^-y;0?1;t4gobk09T@6r!a&#>ookkDANYsTpQz^zs*ZNpy1Q
z;wFt*px)s%hJ2AvaW9rH$a>1ElU4zeuKg7Ap+aS>r!pUdIOA9prIA<<8g7H!4DR&H
zH<}Y9#D3AOgN`9zrsgu_!@ci~cwR3l3j&y2gewTcM|lYd>N;uKO=IGv1LC|_0sXNT
zc=RUXI(S1L$Eb8k65rB_t0l?#e$@b~;v$Qp75e&;^FZVfhBpDxGs)C@+ljl|Qu3O)
zU$x#x;YZFUd>jb|!tz8?8?c#Y<Vk?xvJgeF&P>>V*T*bx9iMX&HLxUq6u;Dy8`e6@
zELO|%|9G44f8{B}5fjJg&YUn4(g-mbK<7PGl}8a*`LQIo|KZlnXer^bm3k$J4byn7
zANqL9)wj}8676_hD%lhNl_}k$8j+vuEo27#@%(mKJkD6`r3?#N^hczOJAS<T7#<ro
z5WrU9oiJyM;zgPeF*@$47=)#Iowog^3w}FYcJDr>q@#H%v-b>e-Bw3bbd?9(P%M5l
zDJ}RngU|1NU7t~Nm#wj#H-=jRyIBf0ULyl=?3|!pa5uR#0K?H9vdEZ)Rr3_}aEI~h
zN#wha+r@$bW9T=H0B;G`Mq$X}NzzBJDXGfO;EyjVvWTq}M;PS$eu@0cjm>BJyav2j
z#6Si^ZqBGse<GuS)|eVm{|=Foid$?u(s<7psXlZsG6Ds}Xg7=;;@e^*Sbwf)B8iLi
zWBicv?5V^V>MT?r9>$H;=SKwG`3pPdhVrjl{Fwy9KuNS@-g#<xFk;x7kk98?4l{oe
z+>3n#J0f>F$%#av(XSHTp~wJ}BQNu#8JaOeJL8P%RH8mvxpQxY;Yw}Sl3F$;uxg{m
zoS(7x6s3W(9MP<+q|=^fkJ{2Vck(iy5EQOPSze;81tAtztHY6eYil6oFS>=!^{OdY
zL?ey0nh==E{>Mn8OiMZZKIF9pz^B1rRO_(Ppeq^47-!#gpDx);mL(8u_TmXa$3Ls`
z<g)aEH=36QnB-6qVg#(o)tI-#%d`4bhHlka!9tKH7*y3JTLe?ZANF83oj=+>EFnXd
zbFBJB*j_4_p64&{TzDkB{t5fP7bF;%8UGD?_Ww{__?JES|AhUa>h?G6;eD3%>}|CG
z#TpK_z3(rePi6pZ2ph>Gc<2{Kk4WPoC59)B?oyw`KWdfNLF%jc{YUMgB@SG-y<Iyy
zJkdiCpf|r;M?`MMC!w23!+N|QSkt77>2c>=d9(X})~5vy;X`d$etq(WaRV*zb^7Tc
z32O8ZYV#+6pf~_Cy=F%Dk%tt5`-G^C>h(G!c0!d~(}`q=8gTy+w=EQ*nboag8K+)Y
zwrqQ;-RKdes%RbCZ5F0w?EQXbe*Y<Z(;@8b+8u#MlkPeR(~{bT6Zn&-hhORvse`bY
z&-5j_`@qCq1OXbQ7qMkX5OGuTtYb-U8eXEU<8;4Lgyq}u;)%kL>u5`aZ(IuqL^2n8
z+6K=4s7mfw7PP_f)4GsQo*2hrV#i;=j99{TA^#YI8wFJ)W`QJ_^{d54P;xvVBCe7f
z)fQdffDI2NQr?EQuD`Gao?y(!oU3<3o+|Ed-3P;XFjOv{1?h9!kgSlzmy2yRKOn~q
zL*uHD5W9-#p}E|`0#l*1h#M*4^&*y{QrhpT6=OR&3)6R<0IK*<)2Kiil-&Q&HJ1j9
zepP9Wq4yeQ-UlX$LfL4&oRC;jJL_Z~SE-tCSd>6e%6usSx=h>1R|DOB^#=|GiZ*zl
zo-a55buWt~F%F#mbK&eI#r+g`n<JoT48%7`Io`gEI!TttGe}9^@)2JVIPg`#4%$=w
zSnkJoG|=EnwnM(m>|uFJgTu&MgFr;h25Elod*dgc4=n}nQB+S?V4LjLmSBK%$r=9c
zskbLTmvQ%={i(7GT!v~^Bgl857|SJKRi!(Ro)f8Nuxx%+>8EnIJH<u%n4_~@_;s{W
z(3+&F?wgsESOQ}kS+%Eq-~>AL)!p!R+Q=_`WY;Idz|!Tuh2*d?%s-AfHfv|^^_+Nv
z`*zYFhMchbvm2==>+LIpyW~;*&w5Fp?3lrcyw8qqNpG=-Vzo&SJ4(GIS!xsV_}>0g
z+C}*1YP0Mv>}pk87Q;`h%;{7JS4kX6EDoxylz$B2IY(?${l08*qfqTz)4WQ!PXfNu
z+;58Q7TqVQ9S;i}pO}5B=L_y@C8JGaT0J|{V5THU=i7^2hJ&R~_IkoH9C_5Jt3*T4
zSZ|PIOJpQ<CFiHMn%&u~%jXBY6U$$agvgVwN^~_NO-q@)8b-6vc}t>?#k-tu62Mqo
zBih<#49c93#A#%Sr0_Pi7YE-VM;x)9?c)7xSa+AOH~C=FlmZbe_##X5CoIl6NM1Qq
zr_0Xx(v&{(PN6G`P;KlU)~V;4M>%q$F-T%FS%me1hp2`<MTI<#3<mFht&Ia}m-JEc
z0POWTaP}{&EQ4{HDc6ECVZyxo!ET<<54~W+ef@-7=-7dx(yKK4CvpC^kiWH+e<!2=
zLD^*Z@0`s;b%p;S&cEbjzy9<D>QVRmEa;OZSd08T^bj6;MjXdv;ncze8{0>^Z5$G=
zgmWi|Ea)Gk!}i3p+ne4`IM+$B^rqND4`;lQl+Ra;-_@^nxv6asq=~?L4BZXiy{U|o
zJtO)UGnT$zMm;=0PIw|9+s9#y!4#Q--O!rGuoRz#2>S#FDmOHpV_)D?_d7Z>KHstm
zgqgubyza7WhGu&r6Hy9myAf}P8()VX)OU5N6NH+TMrjdckWzcd)~%6}6!`Fd5_SYB
zbvXUNJB-Ik?9<C2#i#BlrZ7x7A{!#=Yc*|?I)7e;GsUk)B0DMxD}e;Ir5s&Js?7>p
zpec=%Xm>bdxbvVyX#DH$Czn4|VRM#tq6@0-bU4{nN!H7P4NENfn?mRs;?5OkSa%mq
zPZ!ec0xtGt$?_6br)P5~W1h^J{bp2$03dQM7H*n??&uBd{>1&~;c|n?)SdfEA*&pO
zy}M}*#OFk|{EJXIJdkK9g2~bGQ9rY8%%v;j`ofAv(GQzeLfA5MnxTz$-oj7Sy9y@e
z2D=t0rB=TCGbdlc8v&b${}eGix6np_%1~np>H0u$?s!`}`M(&r*&n-E6{Sil_h@_`
zK{`-C=k*-RVc{W`=aVH(-LR$vW@u3=Z9>dL)!hROG_l5Pq!`OJqIwI1WvwR*chf!p
zlJCMAbAC-iWmZko<vqdRC>dAWMzGp)tJ<tqy)669N<?;O$h;G0qb+GrRargG=W8w^
zppl1#rkKHG0;RJ|K8^<eNi3_u{0lY-uRbhz*dj;lCnNCo#U&E#;?DdD%MnIHns|Mz
zgK~9M1Uqq7BF=UsT{Eoo<lIOsOz})X)~H}*3pK364%DR-33g@8*Du&TW`is<x`II7
zXI~{SM;*FF7@DGQXQApv5*2T!VclA#3OBpeKp`n#H?A3y(O?Z%)#<2HXu44VqE<%0
zbGM!XFX5=u7Ofh-v`){u>1h;mL}pRkpL|iT-dgl{Q1T7oNHu9knIt;(1ff1EA#S$^
z)g&u=K9AZc1(#ryU0Q>?XETaiMAvMVxHmJ@<cLX+Vp)`1FC4S1{jQDuH_4(-!fWOF
z>`CN9-lwNiuPD-n))OSF(I~=%U6yh^;8k&^jN4E*YX)~ddntg6WY_VvfX8R}vQZLB
z3<fWVFhPu&#cR~N$ZC+uE`Xb(o|L*EO(sID#i~L4p;mb*G1^Fu0~LJeVzXKk9aW26
zMm@!L$$6UK&%>qR&1O*Iol813j_@&dxvgo%&B|JfY>7JbD<*G$T;oO+sqIO!A--^o
z;pc{+=z<3fw){A`Rb#&nnilqNf%I_6N^&Ki77M!|Q|yV9T;)T6TiJGbZgbRzz=hQ8
zMj<g{DL@*Pyh}3$Rkg3Vmc5mq0JFoJ7o9n@dNnVy+hi8Vr1mQVl4+?ud_GZk-1qkr
zPkspQ`ipi;<Rb=Vo>sZ~OI`>lf=EAbb#IlFcIsF)B{N5lAmM=i9!67wZ5_q#J?bkN
z#c~58(dFaPG0vA;LOs1?w!)UR`;$GJF7}hP@=umaBVb6xHS*>BXMCOCjkf}ZeWwyY
zkp{G5$u@D7_rVTpQ2;rCBH=HbUyY)3G&?7uOw4x!1@T`s;199ewB+*yU*2dN9Xqyc
zBa3$b1nA#}@V7d`@xP-%#{Z!EG5&YD-=VtBzy8m?m%r5#4ZzU(5|YEo2Busct=77T
z|NsA71`#Jg@@)7Z^*SNJdbF+u<jM~wai2Y9q<`FT`a}P!mjt)<Xwmy9`Tj!&+I8%<
zr}N+!l86zwju)8$kbM#<etLt`g!$Y1)-ClnKHWk1jKdNHB^5_fWFs#GqWJ9jx$)}9
zUSPM3e{(FS-;Y|9e5bb;2z-s=wpNqIlMjc|b44Ln8L~%uq>gD)c_Oru>XjN(soW(Q
zk(eIK9mS?Q9X3CqAqg2_?IKq_8|^%KD28?>2e;OiFV`al_o4~@Agp6{>bJ2F5<l-i
zW4`wg3C#WQAq7~C=uQ0z>oI64pCMT_v2B_zWqXkUk(w=*Fz|>^<<XI)AX7r6xm=mW
zpsB8kXAY5}Chda#VC{_qA+VDOAaMhP_y$HjU}gtj$PoTkJ3U~-ax?7qH8=cbw0wQ(
z#Ms41Y;Q6$3*A`Qw6}y9e;loRW1c27W=Af`WA^T^0ZAhS>LsS9M~vfqgJfitmc$OR
z#QgQ^)bS9h6{6i0n`}U)yUZ(qm@s@>%m=rZXqhUvR$p=#lO|c$d<aKvavejNJ!OkQ
zpQJ*)DleZ?@AegzqX5(GSE@`eWb39nVl=CJSMq@Z<u(MiUH=tU@dGMO@`nPttHwmp
z?WATB_cnlsB9zmDcRxu(D;iHFkT<CNF&4IKq{~v<MkNcCC_AQEP0@%wf*Z1o1^~?>
zthJwUlvv=2_2}Z5jWTt7Suaq-#Rrh`IF9DKdo=PN22GBpjYbd7s?1r{K-D~yWlMnI
zZ2|5jUqC^-DOym?7~70BcmtV9^yFXxcgyTARrMLnv?M{o3#sL*QcJLc7A-W_AoE5O
zU=HgAn{%Fg&6W$clHkf{1+kyQP>+sH(+(5H6pOEQEE^f$J6sMR#jX#^R8a*US`qcg
zu|v#Osx%MP@}*RswhmN<2opU&j(TAVB<s$aH{QkF!@0l+E(1A?9EMbAXXxBBe}E=V
zlauj+@}}%FlSpL2G6EH=?;(9<B?N>sV+K4$j)jg+=PEGii`@6cqo-=OB$GbCOx<SH
zIZn<Eq=yp+G8%E{*lJ)u=bHJ2PbIn=)o5fQdgSjcea$R@BpwdAY1Stgk>drm0;(5O
z&><h?SZ~OP1d<*dv7rhQIgFZj3&!J-X2Lz3`(Sd*TconL06dpT?E&|JZ(`x3_%&FX
zF|%%}<F!^~^QM4$IkbDN4Lr2(a2+;%89#uO$<6&R^J+Lb5B##qw`Kgu8Pb6lC5Ha=
zZ$1C<<-XxevhKw#(jhpxUfqaV-^bcTf^8&InckS)5LW_qf(v+!e_LW-2_TP(yp2-D
zR&qw}$<I>OERrbAQgmfyP?Jzm5R6k(R+{==ZIL>71>s4xMD>U3aISzzF5Ltin>Fzm
z^2c=c3d0*hcJZ7WepFD<G58NSnmj%L+<~uS5!0~2>iXJfkBW41#>5yfF5Tf#K}qNs
z!;U{68%Vk*#lVRvc*Mkauo~f0`Xo_839mnPXtf2|=;dOPD9quETdRUmwwvOQASk-f
zT^VOJNMJ0m(i4>EC*)CTG{}6U1yu?rR>2-^^iT11a9FP73y5-u+G%4h6pU7jkA<k2
z@ojh8i#^f$*ngpFr-^b(N|>`T6&*q<oq<<F#r*mMeiI}qrM&vM%!2EVtWVOD5P`7_
zCHm)!@S|xbwQV-y`s+KAmz%=Fe^{dV2X_Alrhkn^ndtx4W*GmLY5qMHWn}!Xc8$8y
zWE?ZazZ04Fh;9=ll4(XfdTATo)zHngDhI<Nhn2M-0)Ye7z^u8(HM4YbaQN<^1cqQF
zBecE%Fdq}^^VbtZ&p`pUyqnX;=O3@KedTxG!E4)H06y^UzAG_doPR{_g6>&*Mdp1h
zt~DY56VYm)EmTxKKLSYPf)$Zc+%pMB9yF@fHJV%3^Kyrdn{C&h=2THg3WNOc2T$E|
z#^uLF8H^GZr{VY4tNurvjbsrW;z7_WJg0;r4a8-Q_(13Px^Wiz?bM@SH-5nw3fj*B
zHg4>e(RM%ASNoERSC}5ds@?uQSjt~?RAG+C+&`UF2B|(?lf@{)33J-(Zk_{<W5Rz!
z6QCd%K;It=H=|!W&k++t`~pZa;Kw$ly26b>1mm1tCDRdzrXUm1I6KQ5N!94)Jox!p
z-RORYf-*7C%30jyG=J4Iu_IN~#Pv!S*rU!L1aP_^C=3Ub2_*0$Eb6ksQ)p6WUH>~f
zkyJ`Fx$Pu^plrs>CgnalMk)=>J);T~*l_@ZOYLe*G?Db3WAtHQk>K41qfQ>t>xmvZ
zydpnL7zw~(3LLJg*7GjuUGMrDO+0sw#n^eVegN}`C_>^V_YH&WXJEUZb=LJ9dzoty
ztwGtmTT5Amsa=eb;XKoH_ebHq|Cl%DG8i`&#dguw4t`28cs)1GnDv{-vuTxVF)S<`
z5x9l0U|Ck3g0M6?RxihHAH>gSSte|5<D-OzeuL3v&}CUbF$+zU`8f2%$E5H$1XO`s
zV1>qMiZn)u=Y*gMh)!FooV%GUjOzEy)))hYA@}4n2Y!pGmqcBLfD^-dL+nVHaFB>v
zB$MF8;>j6i7_M5KrxZ)*pynHU&|$49%1NL{7-yMNB5esm0{8^GMKHpWB+Zd<x~!gG
zL9K>I6SYBC=Prcy8GUYOr#2Y#)B254-?Ow_TVa{q{#kTR@G`#9IB?N$@LwZu=@cQ;
z=hPZ4^tZc)g`UQbb;s!QKsgN_9|IS_6N!l&p?8XtXgI=tHkybgQN`mIK%av#onI*y
zZP{#NW0WK1)z!KxahcW4{*Ve5<cj3DPUEMOtE}gHUSG8XT3oY+Ww^z?c@?6Xm$7v`
z0V2dFd9kD{%Tv!Q{!gLl>q*p~?N$ySyyrqO*w$biK@JOoe~RbI=t+piDxpEb-SCc*
zU?<##TalLQcf}hLnPW)!%=(w@V<5KJ?wY#vVs}PO__hP?<q<sc2PrOF=ksw^GC1BE
z_8JCOCbB|4De4R~KIEr|L1@2Zk=cq2T(hTP-?69JYH4=Bf4Uj%kOAD;H>=$xtpC8l
zr@9F%ZkNr3yF_r}{#_?V?;e`FIi+uYgM1m7wqR%y^i{i$%Snx>IK7TyZVx>zPPd7|
zejFn+-xk$k)Jkrw_@`V(rp|>KAJ7p9@1hR=Xo7z5lXHv2)rDl69z#c82UP9+3|+|E
z(Y@E1D>7&`y8g#?U2}@{V3m_iR=OzA)F18R*VeYjpLNmHdt`J~Yor6E{BK*s45Qf0
zR;*lC0$kwYeaVnv+ZWr0)%R`<v@S2uHmMpqNlY^=16a&TEnj@bBak-oeCx5T6NO$&
z7Xa%{JJ(!70k^&}HE&CAkkrC)2meImU*P)-k&F!gewi}=GqnDGxc*n6wVIUUJ}Y$h
zx!TUsRaF0(36F>4FYM-qU!y~37kTqPh!mPN!=1z}8cu0m4nfFY2!>@7Ip>v3Jh@Tx
zVtYd20KCCy?|X`tZ+@{&!Lcz=NACl6J<O%c5`pWy6B_{CGRyEol{k&8Rc~`-i}>wQ
z+3u7;D=3O<Kx&*mjNlGD$NV^YiDQ|1x*>S$ZyU>+mi=1MiYJVH$rE`c*UBq0r=w+|
z(?YL)xp*DFz^rbvRH?R9uN2WuR+(CtlvwHTxhe$Mb~bV#Ppc>Ifp3sI**$7Mpb3?B
zw2;j61s+iaGIcB@KwDHZ@QbC{5#4a^Yn%Z$dRFv$p1S2uA+BZ%8LU_+_eb6BHeS9l
z4+3D`O1NY7_@Fo8RYa<7HFG0yz_J?4XKID*jFaj2-XPnl_tW#yF|I{cG~a^UY3vWi
z12y)ngK0qz&7`Ud)}Yc*c6f<m)}%M=&nOC%m$QGmPQMe(d4Ujy*ouWMjhN0Ib2UPJ
zd25xMxZ49kpwWIFF*tZN(nYnV8*NK4X}WOwvYMHZwH6%-C}d6hJusnAh)`n|hbCR8
zhVMQf2V(Tgz10rXGw-^NehthAsHjE7G`w(f_NcI@G--&CYw$|_CtaO8sh;iy!%uRB
zo%&N|9^wf;F&lMjA7()xOy?v4uR1x?(7ldR;>L(Hcp7dW&w9xU=(LoxwxasV%2c-+
zrhLD*<T!lFfhCu~)pvHQG^R7tsvS&7XS&cr@l~<O5O2&+0Lp1Dn2nx{b5vyr#nX^w
z@jsweG_O%I;LRt%ZPblJcpM~YDbPZ1)^=KKGog8IBUl1Ved=njVQ=)-(kdO>W0!Yj
zDc<T*TFqwn`??cH9gv@3c+`h7i`}abg~pjTX1otvd7~zOEC4Y`2agVJ4Ki=Kl-Iq|
zwuk~Q%uW>e8V3i59T&f??1=D3p_AeSRsQGJ&AHsvq(5khPSUQSQ}UR4IVJYqw!*27
zN%gCJdBe#Ao1met?FD(UQ*^32R;PXVSePEiF(>T3Sa~`0oT8U4Ksg39Ig7l3<QN2S
z1;cXtMvi7PhgNQ4hrFprWj^jnZjlP)#JZFVQSarS-({-(w_)#3d+U$rbBM&aj{8rf
z8*)0RvAt|ro)lHsbG+633tPkaL-y~>R+RDCJhHFydbNG59#k_M&_UgDg9w$Uci65J
z9qm5sD)#O)tpgOZRsPE?O<;?sS(J<D$x6Yyz`eV5>7Z3ZOfT(2X0I!M8h%?~bh$us
zl3r1_02%>zvRYzY58z7K-y<wd#VbN7Nas?Xc6P%##S$3u9kw`|sGgXXy#k71#nx6L
zoh(Z8@@ugyOq4;`T*Pxn^WcKS=rf`*&zy80x&trVc&Qk0Ye({e8p=iP4PxAlX@2k-
zeA)LEQ$W!)IqKFZhZ^YY_6nau?5K7QUDkA0Q9(n|+Iz6HxOv?LgntY}ye-=<Gf#Zn
zJjwiiyLgA;=j8DDC%68h(O=wRVEB6^$;kT8#G8@zUwu;l&k&^OZzCG|PmvD(uI8PH
z%XX&(WT7~uZ52Lw1n&%@wWHeiCiz&A?PaQ~TRe4<ENj^zFsSt1%|v=X#u+Rqafts%
z&~;}7??+0Xs2Iaa?3(cYEwJd1?`4hRxEM1fd1_5Dmu9Trk%plFyHqthjv?esY4I4w
z=OaYJaeI24#P&cMC?DW>4K=eOsNUi4^-qK{h6z#Fb4B#h5T>%zC^}f+)2m+gTzWl%
z5=4#~eGbD8-A5cO+K?yQzZU`o7|{!P1h3&}FcQP}6XOUZV!~)~p~csFiDc+=rWz_p
zTJ4sZ&0HeqjYAye5(y;8ejqpV8vxeREaz%m3DTrZq3AKdn2z@dWQ~^R=g-JnsrH;v
z?BoD^nwx1Hu#?W8;)h&}2|!wCJ~DISo4w;MS0`6;7stc$jdWWXFNYj$j|}6*$h$D6
z#~Ig9hsVyc%8t0L`Trbj0(=;-zl$-<ilO9Ia~s7YuvIRM$Q!ewt;AP!b~fifj+8RI
z?|UGy=VO+~!&apgnQ|#EE}9k>$<ZJ5Q|m}jfu7d`Sj3-gZq*<`5pt)QXh-Ee<e-s~
z34pV+nvUsUcn3*zoQ4t>aB-JF(c=RFw&@aa%sD_|f{P08vZhXjM?>5q05pgjUYo3y
zVv8Vb^FuMs2ZZj2zoR)bik_i7HTs&6e9_lXAa7%Z(GK>a(qtuEC-;HuLB#%5lsD$b
z)J`A$fjym)1r?V+im(xFUfhJzD?Z?n0_-Jk9O9)WZafZ&d}C^cg7kEUg_h~^<F})}
z%brhn(Z)(1KLTDqRWUXX*Lt3bi(xZBDx~sYws_Wz-5>LXocWhk-10bf6gd5kTC^x$
ze9O2KNDz~~H_SX8da%hA0Sk|NsaUJ7DUcX-dyiL27qx<f8u`rQrM>H-rJr_jhMDc<
z5?#n4ks1Eg_H0$l&KkU3f)*sn8X@3YCsbP0aP}6_%|*20SFs4$+)@J>UW1jEI2{`D
z%=k^zGqi6H9ZDNnKRo3nX?WT~t=Y4qKLXBI_G73_sd{LpPTcM=5Iv3Eqch#%zNFnp
zA<gWjKc$!YUOSsr0FSTz>CY*X@>3tRZLE|=LfNcdG;LrC#tgeU*PF_0U4nVACtX&S
zIg?vk3`n4;J#3yiJ2<igKGCe+_I)iv_oIT7mx^v1?DyT6)AxY5*M}cFiE-lHvRvA?
z6xblQAKP<**P3yFUz^r<^{jnt488>IN<n!0zht2<cDvf(_Sz6xG<BDvx$sUBLw;kd
z!fQ#cr<A6ZCHr}58XCMF4{o9J!#a(yJq-ceYKC%eU;)y4SM>ys$r}J6I`G@4)sUc;
z(sfY{ohUAg)g1r6rc%n0w`GEQZK`(p1Tw2Z^jT5W4%*&xuW6!@Uw~s)Mn+k)GI>*2
z!A!jQn#_h)VwA?uE+ocyg}P?k(5||TZM%TkN5F{nn8_nHRM$Ze!v7TH!CVt5DM*Ui
zU!8FOj7rg}3?Q>pup?T8pbu0*ucP(K3wG>;Q=>wr`JN}chF?K}zSreqc@3g}tq$Fh
zyrLz>FERd;cz<#1e~8ESw_eEj9~>XX|IYF0QvFLW{A*=ct4D!`>vN5#O#;$smS$s!
zzgGRizj%lhDqLBd(!#^a_hm|6uX%r9#HG&R=WzbB>Ct57?uH<rZ0>Z;tJcwM<}}hu
zD><Ogsthw`^lqoz_2~;TX~8Nowdi?R4(xf00wR3wX97p34&oTJ=`D21d8weRzMyZS
zK^C-ry4dfY^TX5=OAPObf5pC-WVbuq_+87mRieHw7K3X--Z~R#Z1*74mA9f9(A7{$
zmQ{r}W9BR0#tutg?siVCP`?5<u433Y+yOxkB$FeY=-6C4?lVmQnoD4}fUB+>a0|;5
zW>Sc&rIKb4!DS+;*f5vw?}!BAY}q%7ACmg0O*O2;jlAeXiT1uTmA_#`lYaoFJK#=m
zs%O(}1+sQW_kKufy}19dYkRlr;%~g4vyE2Sj%(p!-IH0-ev{Hg5xxItY?QR^8yd!)
zJDlMlg&ZA6X{(!bPn|{lp(`+?%OOv(sqzWf+@~;8DuIQ#h*NBTiLEnE!_jcg@y_s-
zm>n`_09g^b51X)`A70$QCuX(mQHu!8?<U3_u}a$v-)jS=q)r3@a;1_Y5JKpkKvtBj
z)|lBUC?dDQS;7K;&z6b^wKt^tTXpF5JcFliG+1^so_blM!}7UET=p>Pis~0*coy((
zENKjyI0r0=l!8t0QX0a?lb@c14DtS)J+nX4_kOrCPYgyI(bXJnqb9*SHkT$-{Gv81
zGU7Cw)&Vj$sYV-Yg@TBR&~?xly~#{Q36zqeTLNFWK2ZG${lFVc)oT1)VlgcB2KZs%
zyzU`N{(UhyrAD?mu;+5|UN@t<l3gdc_?sA09jw70%*{d)Pz52=!V!QfmgeE|GBivC
zC2~Fa`n{MjpY3PI2iL5NAHRzAEG*)8bBLlmVU{t+ZyC(w?jNDmXv8>?ZK84E)2edj
zG2gz0CX+_(r7x9e)=qHH;OhV-XDvi26~0P--&z{bsZv4TihycaLdLmZs%TxR%*5(H
z<Zv?rx>Z4N5kS9DBhD_q%BrWyv--V~dF&utnHJ4@AQ)rkmJzYD)V1m$oXxec1Z0g5
zEPQDdBK8`o+9bxIpAslz+LIWwsTv~chTf%qI$N-tCQ<q+zsl3UX9ljFRNhLg?_!fG
z#P_i@xv3{oCKXR-EnStKCpFU(V{=M2gyLdAF_v87sCJ}wCIrCR%wgrwU>&rXh1OXT
zjs<^jtyXk%ZE#SZ{&v~%Ts=v97`}bR1}*U6&XVa{aGm5y0FnZ|eUXbw_})jH2K5}_
zGaTYF%4~F4f+Xk3YNkytIGaBhfm#Qu_a7!)quO!FzZ<d?x9BSb_GNa~;+Xxx5pO*k
zpvlMEr|EV93QwC#0drE|0niP<nzCjLSFL#XQk&1DVSF&8vdHO|B=aargOBm254?*@
ztzQpH;0`_N%jWKr;uVZ+edwPd@&8cgFFw)#pF@Rg|17X#Wc#lgtcq0rUf-CUj2eho
z04sV(8p^idOjj;jJS9l{0bDJ-fZq#{i-EJRx25B!Y}}E$kk5<>vC`53XN%X}Lp`ZK
zG<`#JesIhO#okW*!{>rQgI29JZPu(yU8ruOve(c-+|5<}E5R5LFoaH{zlKY2wTE=G
z=PFM402<N*?VfquK#h#Aw_=lTbdvTZZJ-uUMAO8g8(jPvGqzcPud8`)$H1-2yW!()
z6192BjVL-~9kqy)oT8HvM!VDJ8Z*d?l?oT-VZZ8d+zI7ubbb)ZL#t-qxp`H4rwG88
z1K82;eDh699_AS`=g%-ki3WmE$qP4)DidKlalS#A;|vG206YB7V%^;<v&z8cEM)8<
zF!tCK;e%=;jV3#~XMEUg1GP?#8OFsH*n*3=%wyMn2DyNRv6|7ok?3raQF?%%)S>aQ
zAw*3zkg$>EB6yWt=ZOjtk9=c3*e0EPI_@=tvOOgD!#=PgRwy!o%(7*<r{A7&6FZ;?
zbFG*>OO*pnk{k=HmcgKIPU(u)SRk}ySkzb(EWYMtRWA1NPA)2#a8!|AlF9~D5d=6H
zK>?JyKgXfmk1_G6K-)Cj^lX~TG<e$<ID!HWH_AKv;F*eqHOvl-dA~SBmNoKq$(4Gt
zAPDkluy(d?LPE?l4Tei?#9vs}6eUJdLmOpB;9KxKP8$z-_cb!B76#LeOsyUcVH5;e
z!N{>*!{-Z9D|-2fs+aMP%7lRP7W{M%n+s}7PQwu-<B*2&8VCW;J2@lfvE5=(`LOj6
zO$H~2f+x4z5F1p0YI6%LRUK5%tRqaUQZl+?DHPA;44>S$oh-TYDd=}SiSUJsnX;+M
z!vFy=5|L8HE|Q#Tq_Jn_QB}dFtE=qM#W*p+;jdpqby;-tCe0XCM3cJuxT`-?P-Efe
z4PJeX+9~ZrFVGQjAfC{<iMHhjnEJtoPltX$gD+y_MS}~B(XLr0-ISoIpAb&Z4ML_A
z!nPX=UY?`T*NsFv-GW~_Vm@NEXVa-Qa`Q+rG=FHX${oIGSH-k3Px?L+ampc8YNKG^
zO0OAd=%t;2?XRW;9Y20MOY4YQ+wnJstPaEnqprp=7mjNW)TfZnP&!KaML0qsOXSVK
zeEg5e35z0|QNl2qv+O9!+$+znMNne*tf0{3+bT0uRYq#JiX7-NgK@{+&ql8IoSG0m
zC_f#%ZlhA@W?_}WZGhfl(gg$$EIRs?l#^$s{La^w)E$OHmyx-qCDtl>F17NgGG-t)
zlE$#O01H{udoydQ2<a1Q20Y~0#8`8JDn9PIL*=yW3$cDbbH`i`ALv;SrN964o%0tR
z{)Z#<|9<EE2fdB)zth{QzK?$I{Z)<fK(k6CAJ+p;iKhbVLW!42xfFL{Fb+o0q;F^;
znvJna%66Pu;z{h^W7?ow;-8Q1vDJCyvss{p{tO8Hyy!(1{4}WoY_$*4L)Z0ZYHElc
zbH<D@gWrkum!Bxz{mS}>?>Pu8U`9=$A6{w@V{jQ?u*uQl2%zvoOo$JBU;RyY2;2DY
z&hetBt%{Z|WDD%)-4TKhLK@5PX5YO12|=TV`<Kvrj)|svN(ByTNoirygcV4VJfq*L
zhy>Wsgrv;e_rpSv_AfE$SC?-wy%gu1T`yx$K)#F^z{B!C@lx&+$vwGp5XP)DoSvo~
z{O3NS+^ab&yv_KqUwCb|7pEraLLbO1<E?9MngxycpbpA-wxBxvh0Cz~zu-mL9|~^q
zxn(zfZ~5YHjUG}%+W5Ug*KpoII?PI~tGK*2SJ5Q*PB*ygixbk`DWTHm3UR}zIutbD
zFNwb_L^zcs6fJ%THcvXr0_amKd?~B^0qo}S7T4+6w)1?6`)Sz5D=P|Cq`I(96dL>B
z$wsTo>K34I5{iT_Q}Rii(VouWh;5p`k$W_H6JdZ1OXQ1=o2$p9&4(WQ68lL@bSl8l
z2SG6bI^U1kXi4ga^y0IGTeh)z)_|$2`S~RPm1Be#>*)KTXcI~^cN8xlQ~We|x0w%C
z2dFgdBkd_~=}e|rI8q7dOn1uIz?o7Ek6K9{XXvs|=tFAsEUySBNwtTqYVR<wrg1cn
zuKXk}v*vg_d&Lbl3dO&yNI+}?eNnu~HJF_t;}saE+E~p`xw>o)z8c1rWIoZ7<ZQ$s
z+YuI??^v`xhYyi%9tG1buF2^PEw2bwmeiIfT{~PMSna<ku&%6d)QTl`6@^1183h=l
zVAO50HItxq*k>bPVpE48k~c>w_Em<Ta<K0QlA{8z?|rQr0{nZe`R!X^ssmO^E}BDK
z@fNt{t5~99R#9LKfvZAOvO-O7>MxF(<3UE!Xt0;Yfocdep*|kb>H8}AKDzUrh;Q)8
zWNlqcdJh(25hKbKk)W&KD=W_6fD_Y>CPtmtWFL(oBn{Na{4P@sp_8+C8hBBka=Ive
zC=2n>(j?p@S^p8wf{us;Nx!7^H6BXL^F2pOdnI!qqJ9wbd5$RizQX9^<affRXcg(Y
z8odNFVJE5e%0*JdMWV3e>9>%QwGgek*j`peAD%C}?x5ue>5=;fw`hoWAD1GWlLF~n
zvZMVE{$RU|#0#{9V-lq>Z<105_}Dgs{%V>mnIk<ER-#>59^@I`R_XaMzC$EU@-)7T
z!p~jyGnA|G3sY1f7D0xzM6~1=FVW$tvfy7K=H0U+Wh!ZxEL~Qsx<Z!7FJ`??XM0(L
zFQO{QTPBp1`Kv*~p^x4#@`_eit@xwJRAXlJ7i}fm{TMv4%MbG0Z8nb&TW@FyeDJgX
zq|*OU;Mo2yd1L$!3LN8qr@%F-{;$EYqou~L@PRPQ@aKR8FoVEqb5Mi<+B3JvDieyN
zoEU}d<B=ydADQd69ku@gcnQqiZMyAP_pSlmScqZA_I+~vVDeh2&VE$>X4xiT^gucb
z_Qu!8gSI$vwXHU(5(yV)%U3o8P+%aZ6Zto_KO<7ZPtuh0LJ`~uiqGQxpX`X^j4u+M
zx}U$aX%gWixGu%wr$SawnDKSgvVV$v9?Xq3q1`$%=y_$(4fJ8!Ius0A%d}}$XnUAY
z);+y6m5E1z22y}AXB(Rt$!l-n3li|sp!LPO_Ss5!C5-9O+S&xGk*rFG#j?av9~NGz
zG(i|We*}z7Vf|)N_0C(aN!X?5;=_aHngCG1*ak}sNxzS@t#s--I_^0GsLo2Is@h12
z_(7eAy**rdQ{OzMzAFQTf^d?j>SB9Yn?iI<7@&=D&fxwS#<eW$;5k0+-edjUeso++
zZK8s|bl4odOHr)N3IIpdq!BJ&M1d(oz)nR~(x>0u-*XOR%Re_Sm3Qb09*>KVP=-S6
zSaapCW$bqf^W3k>iv?FdYK)4_J|^36>w9x=M?X>w7N+qqn%pG5twmnZo0ZCrF-iZ&
zn0cz$>_?I!LZLZKA1NiYGpb!&mA-(<<4Rw$c>0FEU%{B8N1*t)h<xO1totI4vMg<r
zi{WIk<?$U*iXf=e;Y(S8PabtK<<Ju~UT^5ZT(!EZ<oOQ!nRVNBV;D+R3aDNko~H0~
z$j>s$Le_~b!>IK!E}#z}gp{LfIy@ps^Rz7M87w|Fb7DB$x!+8HLa(T=EiZV~>I8*5
zkNVQw(e#coORi2__k=L5iYmSN3cvZ$@TxUZd4t)&5CvxOrgz^7qe)(=0~J==tpcSz
zmk*~A!`JZHmE+X1z?Burz4}VYg^6G39K2%T5l-I@=r<%hh{At431S@sE;&c$^s~5T
zYI90@J_bZm|LQ~zv~c28Icd@anqkJ}0Ve2^uy0BVKMZ2Xmml;Iy7YwOO|krVo{n$v
z1XCo|S`FYYTd`K@{viETV9%$JrPt{&4MibuQ$Ydaa_s+WYWFZA8|eDHkRA5}1hTTM
zJz$&S_hr*2q0NF`)o7v*vQ-%~$~2<A_R|;NoyqS+9A;|uFI|)ck8WG#OCVF449O$c
z<W>LSkciYet=EmX`|8bLxMMCGD#Qag0obSPYM(zRTm7gol()CxZLvc;2A*6d@axJy
ziL%!WaG2Xmmu^!C{q?VqgOxd|hdj$v{M#&~(=C`=hB3Q}ovDt~-L@ry>*zoP6gsmU
zEo^#wg+NXoQslWQ(D=48hw>9JYZ_k>5fM2yy1l<{j}TW;a`Ppzlh^u%%rQ3%8+&E9
zmwhh?Ld6h{7HYjJhFtxwx9B(!DXq4zq{-*1ar{>il5K>lz>c{uF}zcgQ#=d7WKbB3
zi#Fle<TOAg6nRVQDPl3m*ibv5(u!tNWps?#0+FgVlA^#_Yj^5Y93#6oekEdFqDayT
zwyTm24Ayb9j!J$Y8@X;UUMwM<Vkc8=UV0GJoZRPDX3pHzQhjfPb7EJP@4-Y6GZ)hi
zwPu8=^8PYS-2I6vt}EWf0u!UD7JT;;EdYgiNU!Owy;XRgT20=HUA7;=^J|0VQ`^o^
ztl@XN<4WiORb>3a>OblEfBm<=4?Qr^|MSuV6a9a8>OpNi=6hwq`{}#C1gob)^Nz=M
z>IzjN-kQydE`Sgm^{@I8;o!mqcH7ZZ*N{T%m$}?g54sSMyNQYPbfyQe6A^}oXR^)`
zljD{ShDvEN(9hY5DLeK6f!I&dK!~W&c?k211DvhPB|fKrP3viBb_WCGi|M0_Ye%?n
zIYJmdV%`+8dh##cA*WHloT|}&vEle$h{cQACqZM+RgC3V&**Af#A|`qjIUm<uhMK-
zny8dRrY)z9X&3iNstBAviYXBgcWtHNoWT_+<OphalEMKhsw|cFjrC1_cmaY|Km%*j
z=uThDqX!<=ue{S5&zc8GuJUxN=r2ECq{?E8B}&k30fE-Iv?BDZv&^Z&G?9YA1XMZ{
zNx>1pR33;`@*|gP_L5mF2aWQBEtzNLewpa#OXRMH7WdN97}pL_iflCvMCVU$v4k*`
zl_Mz2#+q{|StxnbT#fQcIz`ksciLn)O^V7}6?H_x8$$4V79Y`lwflO51Z&><C@gC(
zYC=YSQYV>5sqgaM`SHIgY9=6?l~YnxfWpl9untBcy)~W{6a}T$6HY|&2H%VAnyD)_
zv!iRuz0SHVNHuHN*<lptv&!tYaBV|tvCgSahlv7rl+AJ<PkJb|xVXqUQeiqIW6Q0F
z@d6f+vzHxIGs$#PPFf&fSPDr`kdTEf3)0h28~Rg>1fdMX8;c^#3qDP`3LII(IhKnb
z=N1ey8l+E@X=e1@?LyNOFO_6TNwT0ilu`UNph*E1<fuK1qMAz7EQ}ptxufKZS=A~=
z<v6lBheok9Kt{eph?GG~F;1t%P>r4mSVLzD=t8Q-yT}+H<~rzFT7U#Rp=v0<6(VYK
zJtKdk{1Q!3l~i&o0wm-UmdOJNBkC&+9=&IR6NrO|Zkp4!>C2j%+miXDYX<Qw#8uwG
zGYP>50=jP7BYcku$N~rTBCM#!`XNcKom?CZ%kg5<)@Es^tiNPU;Xhrz+I)@JI}!km
zibaW=2>I*QXLqrms$Wd7BmDzMv+HuYdQ{Fcc4byJazyX)R^{+>*FXiV5ZY10;19M9
z>Qf0%XpRykrWz}g5QF)0JD7w2P=pD=WJbk)$Jk-=@&$_7?}G<`Rj~X+sCH^4=%N*P
zrS*U{<@~}26l9sQ(tYA(C>E6_Kq{$+GOkQzT<YRv=w=_I%s0;c;sWm?BHdq(mlXu*
z`HmeLuSQC3eA$Qv^kHJN?AfjUoX5NbM+v2PBnt0A0zBw4`KJWWEn&B`uk#Ew+81}}
z))o8gywT0G$+r%VzM4U|v138$Vzg?2DM3R?bIYJq;EP~o`U*2({Xi5F&Vp<+91=#;
zXsgY)LO8;FavVB(ul@E5a8bmw_?X=O2d&GILttSF==RGhE)~S~>|DrHw4^@5ch7@7
z_7oDuz>alR%Rl)jWt1A;F)U{)UHrt(hLwO77YI0f?B;`qDkZoZm>}E-CRHg{dt}Q;
zlMeQ&SIE=e?oowkCENK+Cn%gkNEaO>Xj%pYy*<7QV@Ao(9*5r^xXYmS*u(!n#@;Eq
z5;cn&jcwa@vSU@nX2rH`+qNpUZQD-8wkxVwH|O;IyYINC$N2kozwDR2=eO2e6CsJ9
z@=Fye-*;^wQ|V!}Wg(ce$kt*OZc7{n(tZtvAJ@yDk`~re*x!R%)>K!17>~K;P0p>&
z;xA~E$u;zk9aU19(R8P;bZx*E(6~5;Tb>d~W~5Z|UioC72-FZpL&U*(B9Hm+lM{Rs
zvEI{Xl}5PU0?aMZPV4nnj6@75x8uUK(UiJyPA?ty!P{nscEg5=QXatTD$m5Z%|b}K
z&6W&+`1o*RquVj^ZcLdX+UnBl@K07BBiggLw|dz>Gx>7ClJ`6@a%cv=MioHX)ZOf|
z;&4u+=I7!PX_M3d%%5%K+9_f7E?*q!pFf0L(O&X}_OKs2en%?4uA_E#6mcQGZ@pUM
zcb>k%3X+KY_y_L)3(f!D<yrp|sRv;GFSyVAzu~^hy2DrV+gEPYpLLt^?~#L>ufl$4
zTN~oNhij5Wr8j0lCiLb9>G9C7DPGSmu|}i@KdV+o8Ni%!PWek1+x=q*zlT=8WSMRe
z=7iR==>R#MRxMv4<}UYrD%gSze7J#WxYda*{eHw{w1blGxq;KEK{kdn^o2WLsfYu`
z+S{%@ha|29T)Db6eT@99>5|hqe5eo)>_zlMIOS~-JnnBc%^1QsTXw4N%%syVOIFq@
zs-*!-t@|o{OBUL{S51e7;>jWg|8@Bq$WYws6N(H%)!VUX(!AoOBg3A0d_H8tqH7&s
z*O=a&ZKD!7R<Ye#dyWX1bv<pG1r?^8QJyu~(mP)@KTnbF|CrdbE9plaDQHehvO-Q0
zIv<CPxu!A)?HH04JrFC4@ESNgMk&b4-g*3-ijM2V<J0raML5(4vE~}QA6($%QA{kC
zzqhb)G{||42$QD}))|#TA4lDT_8}z3>JjA6CD?2?C9eZqu6ajum#8MyEc$NmsP%8o
zA<yhuR`h2TtgxnWKY!#-Vf_a%e6WwOI7@KYJb0DJ<d%GJx>$Kxcy@gZ+8pfUmg~Sc
zoFY^rc&rNLZkb0Ui2>!ZRTW{Ms%gm$m?_24AQ>eiJQPo|%{_kYRFEwJGK2KUQizvZ
zFZ7YFi0Tif>%ffrJ}Kb~r?*|?wdIInd~|+Bc)h^Y0)|>1=Ob3Qk&~AOKehgeMa^-%
zK@KGtW9~ojjS8cc;=y%nk@P$D;_?NG1}$+gv1a16Towio*dFF%_-}c*gb(zh%$k!N
zl%&K%>99-X#W7FxApCIp6#Hrs4}yi}!?&K&+cMCD+>%C-_Yk7SP#7W!!)Q{L_hnS}
zaSAddEmjjoF;2qs-X=Jx4JkL4`$l?Y3PwJ(q`*>nhE6;?oeCZ!PC?0IO*@`X-ChkZ
zyWg0H3x^HW{Pm(Jue-!=^dvt+D_-aA6x7_4Ve$*~hUFnbO9>PeL!T*$?D2kDriwer
zB1IRmO<XamoELDdf}DwlYY)~jo=HpRkF%2SOjO%PwX2V#7Hx1kPiZK_I(TOr+HvZ-
zr?YI5AUk)2^o7J=k$<1V3^#!YR-@<F>HOIj8q0vd8e9HCajz^bW+_Ftp}wSsc86N9
za}crPp{v%kSSemB{S$WIlmZ8LpSWd&^x$F+q(sKw|69{o%){8*CtXg{34!Rdk{PAS
z=3CO?ovSt$g54`3Zb$X&t@bk5kVYl}2A>vIWo%+amATA51olUZhhN)T2Qp83`*^1o
zV;N~vD>b=&Bxr9FP;{?Y2x$z7)8tCF3VwBACC;+(Z|-IJcvXrZZ^WR)*lB?ljo6Z`
zu~~R7%%r^M^Zem$gpibg&T~^<I91Z!Wr?&iy?z^hyfzmrBi%=+{68T+Uu=<f%#V~k
zuU-+p5rOjBWAK<dG|~)TTD%8oyLfGAc!8Eff{zTjpljps{_h-59;&iAou5E}Hpabw
z0@vSg^fz!ZGyhvT3}E@Eyad4VzsXBf)@{DBT>c8&TetC7vm9~-ecj<kIAg~wNtrW<
z{99c@8%`rZe#7w4_i>v=TqN9_$PiJ4ij~3{3OJq&-p)IPoGp}l#xL5kCG@Oa(gFIT
zU|F+pD%cVJ`R+pKktINg_NYQ|*?iUG=`Z4UODnl+9YzI;^#lr~nk|Ho8|vGYLYOI(
z=F!vt^IFap#ltll@Ty*Dvy;<8KhFx#GTvZiK-0vgT6SZ7WzFc5mLMff@8vy?R|^lr
zCI*yNJ&FwPcCKE;3suEzTkD7IqI*Cg!CDJ9GX!nb8u#lL8Nrwg5buq1vLXZ@G1Ij?
zJeSxVfd-+dp^dT1&0bG2>L5M6`v6Mir$o(ybgEkS(vg=60G1yot{H*cts&<_ykPMn
z63C8gfp$U6?yS6#H#>-4u&`50crJ;Ek?;Pdne65fkFXhh@$ZiHP4W!_xE?Za{m5G%
zg!4@vpa=Oe4~vwoq7|zpn9+AB+vn`eVg|UTVU>DXwJ5yd@u97SBKc;D0yOBMo$_tJ
zp6r6<2-r#1fGY03KZ&6fTER+D;-9gx`9;*iwJxc|gE<sm>qAsB;g${Rs*rUk2X2{!
z@TCaG5ocwR-3lPy?EV1yP1YjMfHr={+Oh;RuzLk`H@0cu0Lbq3dKm$8@xRiI<-gi}
zNN~z(Yb~~SPtv@{Bp<(Ae@wK8T8JEz;q1zk<<IX^py(OU3WP*p)`c#d<{cHv^-Mw2
z%2C$|A7)99PipmeP$Y50iVjB~m-}hva9F55Cv}P7u)=nOu;_kNcYxE7q4nLqv@-1;
z)Hin6bj5>psSf#(clCvx$L>e?j8bs$5;XwAULFUTqx+D-xA8NBzj0&u2MhgJNgrW#
z4>M33>_eC!cF@QWeAyBm?GMxCH6glvZA{mscNkYfsMk)`SQzq2m*rKV@dEh#6QzZk
zx1Vks_YboHzCLIXkwwULZ~lh`%$*p?_v<0}f9UrR^~8feL$KA-TxPDo0tF6N$jd_)
zML-nC@wmhetvm2AjAB4YeU;qBte3ti_x3BgWcDXC)a<AD6XX%raTOr!+_vIS+;2rl
zP#SPZJCKuJ;3=mr`N?43Pb@Ji!vQdmtsSZ>WB0~bnh%FdlXIQljV^4OJEI28Bp=(@
zIg{-A?P%tVVEegVH|{rypG0pGfUI2y-*ki-hwuoZ*)#R2_l)R<Zdkfk*W0xu8@Nso
zOZA5uNFS+AEH`@h)R4te<PUP4`ta4a<%t(9TjAVT3FS(zZEm08T6-Syu;FGj2V6{7
zF5zDTi8Z^C=FBRqVoxeUo;%iu7Ka>j{IiCbamgd^LrmD+k;W#eI+=-@M6cuqxUgoh
zVqrxR*=?SPpf%4#gOU_l#+OWMjn>YTCVD(pnrD_?z+;Hwxe&x9E^Qcjt7-O^G&UH@
zV~*E;7A!Ook<ON&c7PtI2FzCl<%Uz{ljy@R^jEm^9jXPR?lR<2ois9mQ=Bym7|q)U
zsln6y9GaQx#Gq`UZw+;AiI`=UVz2Lgogu>zrAb=S1Ak&=arCFK>m$u(s8b18O7AMc
zcPeEBw7)b?_o!fI@?7a2xssOt6Ab@`xPO5m*S~}L04)E!>;hQ+$IGtuU-sXRYF+!2
z)GEIMb)WF8*mP?moy6fPbfex{#73w3R`EhXMf*+N9-au<Lla#2$$I@!ZhqGp*i%!i
zVQ9E#m~D0Z_gi-ePh9fe)K#&CQ*!B$Kk0HuOh0v|`t+29wJvkMiG_>#T_-PITS`)?
z+M(+TXb9swfB-yZhV5Ab8e@Dy9#3`WXrlQ=HtPvR+NJmA21%=ug$ic1>7uFdf|mC@
z?%cZkqvvEz+XJiv)9H*TGJnB%)NE@6GvOeZnu5M_HqEhi|GA6WgVy~F)J=%mJMDzT
z2DNG?-06$pWBENqmKUH8f>~hC+kux*$Rz=Dt(G5P?9matlz$(IQBOU$qQcz>YDeCW
zF$J4}=%(d8CYkpD#ikJw(h+Js{v?4igU#P{Uz)BWD}IRCV<??o;4qJ$mo(lLC}@xz
zDBo72rj(HVu(SPnpztE|fzOhQyx%AsxtRs7A4h!%JYh~%XYqDB;slC8JDJ&oE@S9q
zSZH_hjJb9#$tkY-5^z4`XUa!hXP|hP31_rX4TexODe2ZvDh|t&WO4O6B48-^AOwzP
z@k~Nb4(m9a8(+D+?;((J<#aN+zY%BffxKNQ$2}jneRQMUCCLM}ewf1jqpxB;i_x6W
z(bMtMt|Lfg>=>iM5UG(f8!GGK^pSk@s`5h)EnnnqIfneXQ)6R$vx=WVRmy{+^P!Lh
zvLAwGgL#D}UgSb_m0`)URsG#ZpwMy`Pr_y7?yxN{NIs9DmC0|`w$Lw;5sIsOG)l;-
zXdFpCP9Qq&h^WlI_&iH#^EU+$f{5w&Ug$wdf$t>OhV*;3EGd+hI{Ww-m$CyZ&AFsO
z`%?@YW@#W{OUY}aHQijs6Z3w~LVF5;>8Zr|P#DJues~HHG>%EOI^{M0{wR*n_{vsY
zkC11?r5fmP=M~k>3sd6z^qTeYv0{&8cyTP`n4y;Lg=hEKBXcANIXl9uh3>Jy7HA(C
zTMD!}s6iST&8^z?{43hF;+cnHx$#HrQ!qsFOrM^b4jE^Rp{_aW0gvnz1p$s1b7}MK
z-!d2uyy=4rvLnHzlA8&}6<XZZ5Prgy`NEamtO+3@<j;y%VKOWPPoH5QgphA_yZctW
zABpns5}(vBxB@36h5zNB`+s!&oNWI-S^)l?v-uzY69Di(`Jbx3insST|1REU=TXkp
zGqiFvO5`%KbV*rdN*+)`=*LjQT{oaZX7`lxd3KSi2i0-0pa2t85V-yE==ok`%VYu^
zb$Z#;U}1M-3WCcA<+n9u!jv_P6n&E@N=>$)4ik-43E8+_?TZVB0sN+_(pMuToZc5T
zrPoHlc>sj+CPhI9rLPX}<Nr9(13{P)I0O2)GD9*13`-j6q>VfGt3Rq5r<;98H}!7l
z(hE3J6g#;L#ip4g(K6khR2d$!X4~bfjgwb42JXduxt}_+iZ9WTH*(b~0IestZaUd`
zz_Lp@n)q$*mrax&nyea1Z2T`giJ__Tau?_GW688GBsRNNZ3e$(E+0J~XvM(UkQ&J{
z*!Th22@lX>q^~uIPG$s{?wiK<4VB~0vE7M9kb1?4H7&C_-Y^K7<VX~FEsT6NhxOYk
zSIv6m0m<~ecOF;~C?imxSbj;;9a@IYgj+p!V+k<(gnE06beI4@7~%+Y<bY5s4-@@v
zmg*XhRE$$LNh%M$Lxm($IJC(x`xD_+sUN-fd&K?6wy?hj8V(7;MXdHbc*&4;p13&o
zgINBQvO(!Lj#lop&8m~C3JT>tU{o@~*-X1Fi2GKi9<~2C%IA4c`mDi(b0kAh#GnME
zl3(Dp%_kN0S-Av_YWd-pNW`^9zq3ArChAnlq5KN7<yj4b0o6v;6a{9KGFl)<{#b{i
zzx&Zvj}lyn7sv*3aYIdVFUWQceJ9WM$TZ{VrN%=lm0BQ|b2MR!_FKRtz@5v+C<}V<
zrrF#pq&c6hK1I|a@T`iU>e*-^abm)hCB|nxvL4U9^i|{160?r1$Q8%3H*sRm6w?t)
zx>5A?8V#XnO%IuxPh5qn{x|tcgP_r)hiYC){^VSFjA-^IEZOfzMh>Y1P#F%h<j`j^
z)(EYOLA%C#^id^ioHv^~))$C#QRS?GExA7d7sdVe)iuG8)^+s(%S}|Fy=)F$DNVI1
zJ^a~}0)xfK!VTC`-e6l#WN>OuqE>P!!qTyRu@;rl=VP2jGVg*5%wmd;3kkvs7X$f(
zh`RBTNv9qk<~}63T*I3XW$irGw<R&e>MXMKkbxg_4DO3fRPkvAVekG#qiwskD8Lve
zQ-_GA%u<43{Yi7ue?o3Yhzsn`fu7R5#H2NM`qjU$zxrP{tUV_4Bg4M$_mIAQN_@O5
zF-y!%k=<93dIc`ohn;AIo_l;-`sShCxw;rC(+O&c%j-&#CUim2Wxaz~*LBb_iD<+a
zjIj)`0DbDXlIN<dYl6x~=a=*9<})r|bI=g;UQdsN^RyX>?e-ohDBz8%xM+^SeDiNt
z5M{WHwnjVU8qiD=g)?22z|wn^-O}@L9CHhE9ntdGA&RE;e&z<5^`wkGO1{>&2J|)g
z{(^6*zpIAON2$}xcv|5*_Lv?1O-y1Dq3%Q8q<nnSq0r$(PHf9D(7dC@cj;DuC}qiT
zEvu}b9OO;R+<lZfD&km9a}CKL)hQm92M@qQ)8ZO-$c4u@G1UzX=-sR;z_n?o&=<qg
zJ$u0@r(0*k(Pwhg1b}b8W-eMt1-JZE;bu9xH88VEU#D~kHdr42POs%4pP$qp)~wQ9
zd*ZjT>i|FBD&9A~9ERN7)3k9xHE@*rnbix=lJ6}=k|Zhr7~k&D1SDm^A#oJTR%13z
zL&%d;mUe_PL6=@A=QQqq#nO_hwzjN<7KZ{xg18wbNnZ_XgLiXpqrA?7Ol~C!EEtyB
zN%yOopg&X#XAusVlKrdn4bj)OZrrRDCB0O|OpOV9?dR?8J$5%kDT#D`M>C!m!5i!y
zu7$-vf%|Vf{(IyC{738y_%F6B!2f2;YEu1|*!NWx&f^rLwkgGE%)wTtB+_IKvBh42
zE`q=;Jf<yKJUQvIu;nW<08WIf-pY2ac%4-oFFw}xh;KToyMOjhUtIUMsm324-)|w7
z3wQqAf1DY=;s)Svc(BQtVkn@^wlwd}n!G=njy1vTzRiPts1c2WQEY)>ROm!s3}Ai6
z3e6zuDg5yXG>!E2V8rNh?ebWUB^m0*jG~(_s%%Z^#L+TqF7JK+DRWF%;+STsT&8qr
zr+lkaDLhW|)%E)E-V~1)uxlqB)IS<21ZRH(gAKAl-(;XZE)AYelNR?#&^yAGDqj^0
zoLr1+{qp2LFfxP}0nec2Ag(@^!Ufsn@z8kus*?cs4#9#-p{!XQ+}ZqE+`xY!+@$go
z2KCjMbOTj|SW5@mvvt>lR?)`KJSHw^fE+*GKMn(8f1CP!XrM&kBzj+e7VqR_2~J)4
zCchF+38u9SNidDAu$+p$ehj`2n1UW4U^+30HzE**$&jMy7CVWI2x9}+an#B;V5Z2>
zEZ*MnD@ihgBF1DyvZ9~-U|K!{Gv@XjQ59Bd?@v5FRs`&`qqXXBJ`y^`slc$*q(F+f
z7QCwfntRpNYxjUb?Y=vLZsFQk3e*&T(J5L$3l|TVGOfp+UojwRUrx)HYkN3a_ym*G
zXgu$delkG`{Tf%ld`%8_|4rz-T=A$WH(<mn8|VdTIRROENIitor}u4Xm9aud&=mZ<
z<11my5F+N@B89v3s>rYLoHWw1xMAbnz2zvHb(<87$0Q66LelA>?W{#Hw^7JkytS)@
z0T`!jnks;;`unu0om?=vtQLqu5*K5fv9}|Oj={_Iew*beUA!c~JWh~fCKS3CtRZCN
zW-Laz<e@T%;$tGBt=^6<^8P?+tNj;tezpO49IbuVoHJe$dHbi_6mYK)cDy7)GtI~%
z*ET4%OygXPX#>c$;w7i(I;FgToI1j4l~J%bZl+VTr*%=FA~tF5_`QB`#x<^J?@X+t
z=ZyoqFM{0=msfwuYxS++`&eulY)rsl0fkuB5F+7R;alAmu`KRYLv(>WRz}>D<?cMa
zCdU?p&>ly002SQZZd@;fC#Dg*ou;7%j{W}Jt&PW)7GKRd^#??n6@uK^183Sa#6odg
zXZDB86zsQBFUwcVdifQ+OTP1`SV@K<|B;qyenk^W_WDsej`BsbT9Jca&CH;hHc~%n
zsf-xUzBl>DBJ%5|*>$P>Ja_&vUV9R=gN~up3h1mmomnT9=p4+ECV~@Uj2Kp#rOnm=
z7t^@_kG+w^^BkB1{?m1t=ZtkDgcWMI5G#U&fXeux`xGj1K;B2}yWIcyyOtl}9hv^(
zrS+EuZT&lIV1_}(#`*ZUh2k=p|3Y?Q(Mc-X%)~G&n6Jq%3ryT|*5kwgLwtxs4U~d{
z<h;B-c~?ED4bT4h$Te--6P#6rQ<T#Ur!nq2pEYa!pdl)MA_2po5d)D}BuliYt~uaa
z@1ArLi}-vjOeeN-?&am9a2S=c=LpNGhG{mNDLYlhZ67yhdqEP8*!gOBcGR2bj&(~M
zY%S6s+(O9@{OVimQ<IyP++&gf;%bQ63V{L1<Wmb+1TdL%y`AWl00{yF_BV>5B36{$
zxsE3BWlzc9ZZCAKP-o`(?bcN6#ZN_x6i^0Uq+IO1CpU}5@ZP=$x|qM79V~gK^ic95
zO97X*5|=40th?;@UeSO|Pu$TD(76j;5Lr%gkuS^nv=I44B(yX7I^Ysqrw)x0>AWY(
z(3Co;68hqD6@T1Z&qTZdF*9#e${#XUnWekGYIw@xN}Xa>0dceauKOmk+H=S7FiIi4
z4m0S+f6f2+o8Y-#<__UntJ~^&^)PGUGsS?P!c7;u%DNusa97~mO5|un;YHNpQ!&l!
zH3)5aKUd7YU$&v3?nV-bEuL2H<PggJ^+30Gg-wseKnd3&T@?QnsmJmwrk#2H_CKGB
z|2W}T|I-Zu_%BX4!2jrkOIo-2`TZ;8z&%32W?nqauMSw3Tb8ECf|gPsqP!dv7Vd$)
zHqsT7^7n#kN}y$tLQ$z6EcT2S&u8YBY909Lfgs!cQfq6Zc1{-PK?T>8KUVK(fg_z9
zX$BLT%1LrW!}aqjGncgYdepL2GQ8d|xW%v0$-@DN*?Vsmwm5ES8nRW~mz$%^@%WF;
z6}gB%N0xJ;roKEhYog_lB<MhsMm1ror5dfd5d*E88PhTOO!}^3@7R4AI@FKtSnKb*
z8<BzuX+FhJz`qqZ6wQKgnoMwi5qxhKF+;OJ;|ib?Na#?Kms)&h)qFGbwf_y~pGxM#
zgi_a!6Fk?;)`$bkgyJS(>*ikDZMcDr366;i-)@al2B&V))#q@Cyi}iZomRa&af^GP
z2sIfU%q)Nr$2>uix3mw&EDs4p`%nr;`6H4SV}H{)I)C)M0>`7_v(z%dO`=vU^O|a#
z5Pf|m$vL>AQ>>V6N!_{jSURBfF-=;CF~-Y*hTAw+Q-?UIq&g`*K*QAuGTLIs@mFsW
zed)#z>~^y4YVDuw6TZrwdF)dwKPu-PoSKryTf}I<eMld)B<50I-6Nf%hO&FYan}7K
zyDA^hxK*Df%g2LjCK_SiE0073@>!l8*uTSEOgn^6pIQaxpO*-Zg(%@2TE5mF1uVZ|
zN+fICMSWks)xQ8WRQoV8?B<5^D3$ui;y01~Ra;y(JXgK~oGf(|stOd`k)nhy-)Kf!
zUuCXgu@QlQ`@OBwd}q`ctElHTi8x)pKH5N#Ly21-B84Du*M;zxnw^QAG_r)|s=!v$
zfjs^O$12y9Y=|~~OsOm+eX40$_C;E<*Fw2$EPnbb>qEYeW~EwFa+Td~@s6k>$gI5Y
z3cH)RcvFbwB(-BH5!9y5b|wSyQ+Kg5u>K!Iyg{C04xH-3e_BNU^>hDghGPH!uvYB<
zg|%Y;pIECZ6)DFr)~fqX^`dG_IA7#UV4P#oq2!bk5FsOnkWN5^k}#V92JdITdXqQC
zcm)Eco4{L!`=gm)=Xa>L*LDCRlRaPBN$PtP;CPSSugi&dma)$D=nj06;)!rt5b9_G
z3C!6grkVYb5O0Ra?>!9g#3h(SPPa)e%u^!zK-Al#cjmz_oPGzfCF;w$9Dg@gwy6`*
zc&+7Y61R065s_JbqY;+{;;CK5o}+@h0#)rc`J<KAY|@2}BH{+mW7*bNwl7CIK;S#0
z+*D2nEb7dK7>j1>1a(TQkYk6E_#372H7q8!f}$-;Htsog)O#5&9fjH|7%eOkej1pB
zVWQ=vqlg-V0KQqEGOIDQ#jG}b#LueA@Zm>Z4me5zVGfA<6=;9*L`jfs;1LoBU~J4w
zf_S1fx>k8RAsU*><@Fr6CI5sVm~h+@YTrU=D_WvxQ_&(a&$Bb(lR1(>vQYXarX+nu
zLCD;45E*7=e_#VL%luI&f*YF_Eiocw!LV@>@#Yzc@!NMO@ocP?Jp812Fx{d|G6$>$
z*|<vRp%i&v_Lf&Yw$ARh7@OaIN6gel=_tW%>k-SG!xHNRVlqsLLBG|iD@5un7(5!I
zd+MTX4J|i+R@d>$P6Ux461e}6k%7sFbCT_m_YX78h!HO5DHQ5q<<$USJ35u_r0^#x
zl{bIm{^K7!b)G_k?I01ldFdk+1>~xLmpGsXFPf=H@&{#(uI~G>Sro-nS1w7FA33Y4
zm1?@U9h<1vWzr%K!kTfKVg89~I%{WAY6<yo_|)P-m2_RX2!}bc_siSH`WFw5kE>-K
z+_vuQop;fm?HZ0Jn*nzVP>%q_X52NGokvTOc30B=->^O%vgRR&uQWaIZ#p=~3R5c7
z7V}h#AvlDI4di{HuN~rm-2F{VQKwj0ShJvCL}pbDPk#LgMP_bQW%ITd7=b{Fdn_zu
zOKS~W7Uj8QBFZ}&6O+S>G$k{<4X)bk9StJ=eUUhk;Ohn_;)YruIiV4lvYSXV+TWb+
z%PJ59d3fect3N?QqrPdje*i7ZHXXD2bH%^(-UJ|Nk64qURFKnRuyUzPI4aKF4>(Eo
zDbZt6m^r9WFz#+W7CNeMc=QcAmKS!%;S?ZL)D&ePUG`%;-w)jfl^D`+S1wQ9q@U+Z
zJ5d3j_-lDV9-v7LG>xAMVOJi<mZ&_NH0}e0^U`JJMV~T`#0QP+f>KZr&+Y<&sJ&v7
z@Z10NMKRq-FjpYX!l<aqUndPETPA)4v6a1sH5VCBzy72kEqGyX|M6_O4?>Bs<Y?r7
zCh^B3vG+0MH{M(D)r-J&Mj%mU+tZ&FNd9y%_FW&sNwVv%vWG8!`%BwhFX7z_^pG@|
zEw?>p-svK`1Y+l;m|YgrkiCOJq<Dm<&ZjaHU(+&c@hV2-nT*&`p4az|8QiKt^J~u^
z<FV5{v0F|~|9rgvhMvFoJSMLH+!;CkndJ-k+er0)wXs*J{vTO!tF5NO&$&mj?Rv5S
zmO{VvQmT-zS});st$Sq&7Xu>1b)RPj>TwinQ_J%4aHGh*-9xTN0!7_EGK{pnf@%pH
ztxiO}O)QKsxh{6z8OY_q&slil>wF{&lS;UoMypQ?H5A}q<YT+3SPCRz;$S!9Cvo&p
z*Nk>y#zL96-v%n4<n}4px3INaQc0dM>a@e1G#e`!)OdQTPs_obwX_-dbr|#%QmxaI
zus2lcc4@O`Q&PdBVzyhrLDyM9k>mD}xBIAvU9s{Ik`#2lPZDUh7SjiV%XHUbY<0ej
z)zYDa6tn&Q<MFXQVtKLj?G>yA*8an;tG5B?H#GlkhVj>PB;onc(nv5JRV?kLKI^SA
zkJf0~Lk_V{>~FiaKU=fk;n`|B)@))<IAu1x&9!@_mrsb-GoCi>P>_*bB+ib=0an>*
zQ7E8gdLP;PT71gu__oLg?X+&AHW!g3TzuFS`FT|pIO&fr(N%*01#=*-DqxmMXA8v8
zP-$A9kih=klETky(F%Y)1!~KY_8X2dO>f29Mdd-UdFsk-Vh5NKbRB{xmFL2-W91nP
zr~^OZ&Ddo(jrgX|5p+*Dp3X^HQoVB;?A*@lXBszMq16!V63{d{jxnl1SR20j-tM#h
zp7}R>fiIi(dPp@ka#l>*6|8vit{SkrDN+q)VM|3ki)ng|1>B1QH909^Y~yLv?o~(~
zHH=%goh3(vIMxYD>tHrffTiZ(J==~inY-f%KxE>r*I=YoRyV2vUk+7b{RRyjPdN!H
z0mFQT=>zSlgqOW?>qa<CH%7fOiR0Qu3lknW@XjPIoI_~H#XQJ60y<OEU&QX+p6@58
z4po`^=Q(<746ZcMMl;EtdG57Dpr?9Vvmvq=B1<MpR^X7CrCm;kQ>~Y7BVI`$%4uZ*
zJ|+@3ioEzZ??{w9^n#6<CqKShc0*FZuT=sS<CJ8?=oAdLf@c=P{0A{?s)Ydf^xUCP
zu3JOJ0R$_Q@UAo|K}uel5sB=Rpussio(F3}XD;H;+K2M{AJ?C7uL))c-DdVzL5JZc
zi}!qTA9*K(1u)F$Jh2E>hR;T&je}?O<1V>9ch_BLHp)v}!}8S!H9l`XrP$RPysJ^<
z8owcl=7Lo?6_q11vD!K4Jz%STz@4(lw9WeEW20@F2_g$04EeG4AxY;vF<2ZR&A`Se
zxl)!^XPUrOMohDc3`or7MX}vhtzOq*b&A(lH5!;b;Yf_R)nP2ECWCX|U36aSM%)5l
zYS1<b!!HY=R!t&SX(uBJR{#lvnBQb8cqlS+16OMkujI)|AFE-+s{K$AW9)6IW3Jc0
zy@_$Q0XS&TaE>Yd64v#kbn1<0pyO-NcaMCI_QY--Q;UgU+rRCeS0fx0wGJjdIt2Vo
z*3xGQUX3Jf&Z=;TocL3A713$V_G6J^HXYdGmAM%#84&Y`-qC6})V`^8Vb+YV&vr>5
z<5j@2KhoL|THet*-%iF^_QN-VXT6mihE30S#)b?h=KN1C#!N*_;&l9$Piw6H7?3MK
zi9w&%D_#z38@l+bP+n$Wa4#jBS`mCTG1?m-L065_N=E;<xplId$M`9~aYvGT#j`o?
z*HK}jsccMd6bP>ynHrtRf9v&=aQF-&!+AJr-DL*l)dlW6!UR`38+#)cG_{npm<*lY
z{!T4Vfx|9(VImdEoD1+AQqv{itpVjk`L<#CG5v&T52^gm%8Y;E>Ax5@rvFHix&Dj7
zgX@1&czoSPzQ)6@zsAEUCDCW%NF^Jai*#<(8P2+SS;|CE;c7BgGJ(K2YiF-;Uw2GG
zBXLceJ(zki6ky)YP45mhZJ|*TsHusbW994fP_!j$B!BlZXFD(6Ky&fWRo1{iZrT3*
zdgy73E+5=sbRbVHodMezK`fzMKL-rZIS-%|U!+hmhH6U#a&{N@u6C@DI}taUQ%R;s
zFy!dx-K!K9OJilxb<MB$r^XI*C{yjq3RBwXcFX&;Dut(;;@IGZ*R7+!8Wk;|$VaSF
z;=&_c2a&%2a&My-?t<tNXx(wmUsJL3x1Lyrx~kPVhgbTbO;OXYqMRl9D?*(l#aREB
zz+B?iTIw_Xgc`=wv5|AX;&CVKWEJ)gcEg)DAURR<!O;z1)>W%$Z`#uV$j&W;3QyD`
zoav_MN=?=hLJ@s4yBLoGSj)!k5m7kZ$_(|4I;Mt;Vmj{Lwdq9A@9gq0w-)Lio{BBE
zR1_nV{jC5qfu+~`XkEnoU@aB&U?Hg;<5l|Eh~)#4BK^S5?~5Qcuo~6~Ze%gmk-@9<
zFeq_qmzAlT46_{&r##C<<uI^)Y$-fyWA#Zb^bJYknh?QIO@ju;1;UlQK;A5aHicBV
zqD~Gev$^@n=ya~_phN(iYB2vsQ3%D=JMu~iF!~LfI5RHrO0=5F!;(l>RX^uymuL#y
z!dv;KUxSxgi9#COQe(LFQ*J=lvWA-xMO49CT)CQM-JGb78nuJdgaj3v>`T#|R6+54
zjF8=Izi(`qQdGf6R8#huzIWcMZQ0hGS`untf^zhiq@PoYe`6+N3N}m=INQB=Iy{-P
z<aGap6v-Cf9_R-{`Q6iUhfLq|&ejW^)rE$m0x}VhPkak6Qn{oh-x}4&VN+JOEj9b1
z@XOP>9>v`41H8#~8=kS{NrwNj)L=f)S6<=?hrhOjj`6uVsk4@yUubb4Z-4CxzN`Jw
z;m=$>4}Z3fhsfg`d!p!63MaU_ehE6=gBWK}0spQqVL)_tpDN8Rq|${^N*`-R9qTwj
z^7(<^8Ji4BinLfSVzU}~!-_O7L$}QZHICe-`)|N-d0&u*e#{<3Bwy1w{HYD}RdawP
z!gI(nTT0@ta0N8V*JMCXWgPGD<8g5u-j}T8L_mjx@>0PcYxe<%JO!W8_XBGDikUj^
zr2kWao4^<B9xe;PV|0`#DknB>G*t-(`ckQ}tq^YWK9%Nh^*XOZhHv<QOHBQ@5-}|K
z&#!MS6DP$f-M~2URwR^`zL+v1eA>^c2-sF#*lj}voU!k_j~^+#P<ihO%~Q&*It9Jj
z>FJ`B{EERV>1O5%(p*l1LtgDh`Y>~3Sur4MZRx=(&Q|ZCT<+1nD2Oy5M?1wF@+go=
zxAo4skm|4v!9%Utt!}#of}w41l0J<oLFoJSdsyqbnkx@MUrMfc;CE1}fp!PN`sn@M
zK~1-Eu1WBKMa5KhAN@%?&?BhcFKYNggq)8am4el%;KDK{6ZNzF6#T6y#9jWx#TKt+
z{zNzLL=FqTj|$R9omEEE1i@`WWQe(N9_G&7Ls6S^=u8DfiZTPNL#&eQO*TP=1GzF5
z)vr#*gz$GR@PV7t`8O}|qZ}U79>foD{gADHnsEVtW8dE>$-?sQm?hS~O&WiF`kxCj
zE7M;+jsMsA^ziEr@l`zgSLld!M`@L0iuG!j@jjTuPpgJ-3@$W2CKTg_IB|Lj^7H=G
zgH%^>h1+8c@kDr-BuTxWgt4)JSU>?I(i1V*k$sN&>AMsDfR;OPn%H#LoEh8z&?n^p
z^kBg$7}>qU%w+SvZs#nC->bOPQykGaTJZ;3!iHs>P}mJ)%$psM#OXWGRpPg<#KG4C
zwu$UWR)qJyS&}SA8S;|$Z;52fJ8L&{i<figS`v98G+z|I*|<Xr$`n{=^n=tCHCzA@
zdr*G-x0vg&F>n?qdcSuJf)iZ4lgO=}yZ+g)CEE@XF!+oNrw?WrrVp}k{D;^A_TKO_
zcm`sr9DqZ9s4buhDGRo&q~I>s04h|Wdc+p?=7tBSF>zV@icO?GyQ!lG!;%4rfy0Ir
zJ{5l8Z4+HsiPh)Dc~K}>!OhUPgnPdRU&D_f{f1?;_ws-TQBNoXX;Ql_L1B5><~Z&O
zQ$1RbL>6eIt}u#C&(iwlmDr09F2ZI83=;f~#s3W9F_Kh;ngtIz@PWU801i*3Nq8(M
zsB^BNSc)!EEGA+vKVMl1qoG)R`K}lTbD_q<9|~EFnTr{w(d0UJ>qPdMuL!g|(c}~t
z-VZJe+Gou}b0QtBbXBG_3`^4TjYnEpH8~E4a?4szJ<Zyto6B1=9oQnRmJ72Ll{&)2
zmcfZOk1e5Y@Y`kVw-kEl&+Q5Xp>;E?*EuJPCVvul|0N1kUlfvgiu`T!)2M_f$%+mp
z8;S>>bk=?$+m?ooz!W8FmXdLg(A%$loFR<at17A|{Kh*RL&NEb$3fsnityuXlOst3
z$c=_&dshtjGD?eJVn;Ui99Scn7WON5O)d$5G%rcKt?^vb#%&aE^L<X0PrU3G*ia&-
z(N>)3CpVa)GI%i<DtnYK^rQlYS6BR^q-@dZ&<<^?@IxsTCaxVJaf69~C^KVnDT$j}
zty7)APBt3d-6QCRSe`kldP90C92s?nWgGh9g|o$@m94jNHO%ts^1>z_o?Lo<Os+;4
zWXuH2jh$b(l;Z29Z{pK5gDigrGAiAS>BIVE=#f-Cx3+erjcRIzu4>6rSxwdxw~l3C
zw&Yj71{_^zl|2Bg=ddljbaS++eP$~l)iSn9BWEYWNV@lMjv3E5owdcYrVF|TUb016
z5!ZB$25H(IHMlvlucaZ?(i-Kl&f9X@b?2UtsuH3A$Wig_C3%tJ+LgA-YVj6}cNgOL
z*&hwEHhsoqY$#f)Mem#lx71Vf9;{}92N1=qeloPS&2ynO7BDV@Id#eujS>tb<8P3u
zv|d<@f6s;%L+tFpsAfXLP#UB->86rcpFdA#n;NRASWVRUY#9BcDZ=a)$C8GE4*Z~=
z#o2GHkga-WZN4_0VR*S|iGQR}EiB`4hs;nzFGBQZ0*IXBZBu__xn9V9dXp&D{YAy<
zlJV0!%n#n~gpWDN>%>P6CYtoXe{9tM!lAzri}^ou9qWIw9I*axmV;y!1;@RwcAUqW
z6%G#o*K!Dw_*QF>)`A4L)*b?47C)4xUQ@j=8FEZFc~2+pSUvm`_m4!lKx6OM%a$CM
zcNmFGL4$Ait~w&$zRBqo6rf#*S?Aw8!7!k{<><)jvvg+%<j--}%XQo@Q#nJ)`yQfu
zjUgT4RPS4kF2#$<>Ie8HDr6!MSLEmH{CH4hoyoV2-+u6ouby{vJB=d<%9E78dzOuF
z@_%X1qEBf6r%PgGNyXD?W;L};K^-Xco4!AnmB*qO8$`j0-mgF|PU9mH^3x?a?%4#I
z)Ptin(VL=TBuec^qDWiuqo%f_VJ`-2bLly&6-CZ#QB0Q$q>|Y`Wt9M>&><%WSMCMV
z>Oa$?x+tPy?d++Iu+Q%mcT)>0;r$SUi%XVX{)XH<Y(R3{5nzF-ZDZ{cwCw2|H3Khp
zb3lU~ay^6SYKna+m6A%#82d*WCWP+y_lt7$dNrxS;2Y1o)r2=&i@06Y2T^c-F*x2S
z8+{eD2#e^0uzaFIU;)QY0knO{73hcd0&5B~RYl8{6v$}fy<9qQYh{w!NeoPF9dLAr
zitxcL<~+n4F)=iF9vN6#GF0#h>^hPTy4YQO6Ju&?s@4k-?5d*mkTa$q4^VAyw?gFU
z%XTwphhfp@;vkp(IBV4zjjEFm#9%uclzPva;*KkdmQ4_AQdhq}<2u(*=kN9F(lRHy
zjQ@x}RWry5EKASs9r6C?RD6QFX3Ck-&w$%!wKjy0Rjpo2j@M3SwCQnZBkAnU+2n*s
zpE8Vt&vYUds=?u|68!viY+fZUqAwC}RiiN_Frbxgr`deaOHR$SY<#*g+K5;npjk#H
z&U<rp8tSMt(Xs_eej^Ol9MRI7Yl2>i;byZbv;^M$U?1s(@km%s)=5dI?eoBoT;)Vc
zST<t*sMFvn!jA3%3h`Ldekm0(`Vj;nrRD~E`Y_nFmvwUivk(~=1?%?mPCk&(_<U5a
zp?=k9lNck*fS&zX_2)Mt)>_JU1y<@Rl}rLm;JoI{{PpzfgmoL4o?~)k+zM_sPf72r
zI!aFNhIN7|f-aL-;R2o5z&N6pEc7&rX2K)*rLfaYePCQ|PZ7%|8#3;*%#9GMKZ3X|
zXJ1A&7%nzy=lRnzX%EFjj1xMO?T3TL!e;EyEP9n?hLX!^*mk&R(^@Mh*eaC{WKT{-
zD(OO>Pw-l%%-y^n&f5xAd2_-l6E9w`t0C&s8hh2T>UEZouIAJ@Kw3h?Z8xZAL0e;1
zHvJD~HwR5_+~~Or<(6LGs<|7kd%(F6b>!Y<k$8#GW2Q~W)a+1tmq)tgIc-*d@_BW?
z@1Nas%J$<<)9)5-gu|v`PKrANKLFW9aea0V&6~9jyxY8$6u>^l{PMOB_=e$Pp;PQj
zQt6rait!Gs)sN)%PZ0W#eSnGm-xXb~%>TSSurmLTw}*c(moihoOoYc$jJB25(~CdC
z3~3Yp>aqqCVI}JY$~AWOknnML1(q)~-~xn8sW*!N+irJzckKKvnmtATC|3USVgo~q
zO8%X(D<USA(vEfT@xlyZVLuVujNlNt%4OR(2Ib4}DyPwB3oFd!pZElZ;eHU0nzlFN
zghxrLrZmTRZE@r3R2Q}-=JO@qkV$ZJI*8knoM<|DxYlae5Nw@3Y9Tysv8zZ{E~DA)
zJ}Mg(8LyN_@mMB|KKRnjmI#}9;mHlB?d^SuH?*?*^LLn94?6jcirjWUTZ4*fiHt<m
zHvERb*`&VNcbfb4aW%kA!%&bj`m=ZA2!BapO$G{shb(3F^mXB|z#m<xqIa>?z|kx4
zeMHmDdk0_L5EVd`$_p3M^k2QJ8`q7zhQpj@qVp=Zvq2Mq)x;yO5XhG|&`>Y~#&ZUp
z;M~REUk2VmY_{n2!kOb3hYE)9Q{)CYO|XPV(TxvOhgz*zV@eWtOOy9y##D~b*zE1F
z2+Hi<{RWvc?VsEYai@q&l1sZtv1qjHQta`+6*xfWmrLo`8wn;;D!Lg8WiIt&gb9zg
zFxa;t!~QxUtX57%O~jQO!I%UQV$n?Tp8;K#J<QdOTop(wu1;=FS{@#_a1ctqavKK+
zcBe2PM;A3ngBbdqTUZ}=qa_YzdHyc#^-^nYc=bcK0bSv{Yby>Js;V)oY<ge2JVd<u
zs@<{8pE*enTZa^k+WGP_<~^PJJ3p&go19E&iwne(Z!Ob2eX8zaz}gdv5sQZ!%wsCD
zN7B4ul>%(+4CXP|wmbWK5BG0ye3VXpcTNf+>`e%;pinIG<yjYDXVN<k@m`xab`!ir
z53FakOBsvBY%n_~yWI%ro@mNHz;VC<D^yxGo*G6_WVi5taE>Hau98l*v-cfz%k68F
zw&d6A8W}jbDb*TGek#^k*(Pg&TG7@X6eX+}suz?QWDpumxi`^qTqfPlT@y~q8S!z!
z{0@ZQf_n>NwWcKBUQ%zvGZPs~@0%_@bCHiO6crLM$yJm}JeW8bb?#lpkT5gk;YH!n
zQ)J#lI1|lV@K`WdM^6`wFO8m+wYYpMoRuT5u#|lBENX>~_C0HhLhK;X6J4*H{i&(;
zx*}81h3+;Nl;8KO==BGxg(;J>+BZPnOJJF6bElQyW}P%u>o7%*DfW?(Y#_R_OraX~
zAmT{$w*+&pyNR5ia*fhFR+kARLmdm9_Z{D2?!G9g^~9+Q>13^n@ykJVv>4O09DFBw
zVg)|l-^+q`2~c?*G_v(dWOb`t6AEPKltWgW5hEX!cC&Ka@)DUrY|7Z4-w!%s!2{2I
za6`JE-_Q0aE=Ia-XfA-QDx-^F45-UyAwRJ5P8M!?wE9vD<x-jw6Y0W;bVFhXc2)Ow
zNE6_B?XJM+H&^RQdS}`16KNRIk<F3L8UsPR;JiG@J%2|(Y~WrwgSLuIAV<YNF-z-3
zEF2$*{k}hW_ju}8MLgGie2thuAMbkabiCKt_oZMSD!EW82B=_^$3xo1Ls$F(w!_Ib
ztBf4MiMHOs>nPROqfU!L+(5lY82e^>gBDsarwetS{kkpo30$w2UHo6r@&BljnOT@w
z|4$nZE6ZOC<o|D}{JW~*|GHFGsc3$UX#Z-fJ(U%>hp%-vgkC6?;kHVZC2)BVSYat`
zB3D7tUp<w2o$w@^=rdZKEG&}<sbkoFo_?MVmP1N_5`4Yc7D0WxUI%064(s*#MS&GP
z92fGGQ-m!o>JAYBuB<25@h&HDfYj@Y4&SLw{8ve~zA`wy0~qStPcpIy{Y9|tzMqSP
zeFo^AuxplIF_vOvviS4Se?|9(EJvt7ya96PuS})XXv~d>E!}zy!E4+E;8Q_7W@bG5
zh!6(C$&;c+IR!9PTSjO3TBNNeU0`b0SV}ixM`7T)H>Zx6Xr+c4Ln0d5gAi@2W%;}4
zxW~vSu^~7`A*QRSJVk;Mcu5lN5idy{&Ih`pv~Z4$oJ1LX!P{74#63h~)Ef0!U@l*n
zWaB);%oSZo{*YWIpNwox<f-*NfnwsyHy+IE^9we4Y&i~Dcot1Sv?3=fMN7eiP9ocw
zZkt`Q(HAl$!A8%EB1@u)c3m)4uE3~IOd&f#j>*N1M&g*AATPl^WF+g6p(&M-UZe>M
zBQ_Ka<xKYG6)Xo5Wh+Y!&!e(!iH@W*^=6$@=2pDYsyQ0Yn45^>R^-@V_Po3*oqG?k
z7S{6PKr|lV&JoQ5m40_HI|*9cYJGiwAFtn@s~7%&jCuYHrVc0a4b2(2CY;D?qAI-U
zr9?9IPX<%XHUp+_GbO*lV{%xN&>Cw`fuyzfH1c2pOViN(HW%FV)UV;7plx@GBNSj0
z4Fteo8P%;{DtLUqPR=1%((RJ&ZgaWPE;xJeoMB`8<4bYdl*Gs1El8N?J|$vKzE4hp
zLo=B)Ga<&-gY4y&dry#D5+N`~6XVX>Wwrs$2iB@ihY=Ud9R3pD5|LvaGsBMB(WW--
zTX~qVR8nP%;~S1_{o~GQL)3jOa-hhC>13mq#QwW>R5!Yx7!u(CtZ`%Eh{n8w#}Y+*
z_F<G2Hhp?MI%p$qWD5O8o^iWA(W1!f#|d5?8iKs9$Br=%*KYnU{T>bGF@2f&Rs1JE
zj{U~SYFg0PpiE>^VGS0)x@bMs%nTB=Rz#$W5Oqf5agHqcB#gAw&x|9YyaVOntCjdE
z`;iUt+b{-hYv1L-ZtTbpvXeV{^nk@{SVNw)#W#Ov4sB1DgU+o@QB_GT^YuXQmCe$d
z+l`tOm$Q=ss%A-;kKne${s{|zO>oWqwOEkTJRGG(8d&t0%&L>A^$&VEAwbZVnhlW$
z(Ets-y^q>|0;Y@yvlhVQs5f~CyTjY!@|DwZgEWZ|9ZHqXfTn9`wTwc0lg{+In#+hb
zq3PM=J3wi=ZpfViQ8tmH{AqPe(;wrIz&*)T)#4Bv+(p$EZvkYMy=F$oe^uMernMiN
zU=l4WHrD$-&TBbEn9}?)e_*JJcNO3Ze4GeY@K5;pcmE4B6C2yV;Ro=S0sa36KY;&<
z)2jNaJotZwA@pC&zeEH|(Vqj2jBs4af?wkYabv(FsTdk4N<gFaJY8fxov=tsRN>Pr
z&eZFTz!zW2kk@NWD0Q&B_a|2s@SeB${%8b}T0&>kC{aUk!Ix|@RB^EdXezjf-fWjw
z-GEVIKVM_?w`Q^=YUx$96p>jXvAB6vZX*S_37RKp9fnW1qlq2w*)TqIbG$lEd-2ry
z+yt{}lL$<RH%I&KC%10D;BuL)MRF}$Ce+~3R^+Cj>AP1Il0p460;)ew3wy}8Jl-fN
zwI|q1BKo8A2n6f6fc=mG+(CH8A^J7i={@Q!zQ|BI{Lq7yOgz|Ht$qK|p$w_;BGh0<
zT3Fod_h5*ikg8!kX?R-V)2`IU6NN#FM5chl<iIHlbF?;=J3AizC0UY|)Tc#YyVGkL
zhQd5sDzvjE;i^0aoo+kv5<#ka6=-)M&5hRg2Mk38T!j>QD`S&Dv68eA_k=uA`!ZU6
zxYdq!S644B2Hts_=y`f|JVZkU93)a2B|leOfo6GL{^k;%RL|Uzawao$plH$cZ@k~d
z{IPF0>RwY)qY;*_y=#A#YGs?<)*_(cIT&ekh70PYTOuVe#gc3SYb7F-Qhj&Dw#gXn
z?9S-1Ec~gqFprxbE23&Pm3QrF_#vu1;39;5EVG<JB2Mt8w~S^&Wn=y8Iq=0ZSBUl^
z`54pF^^9<oBY|K@%s_-uN`Vk~32AH|w`i`)x83U|z$ixyg$uvPLa~{1WIo#3b1u7=
zZw;Jpm}8J{T8;rgch4Lxr+&~cD(w^JCN^mrJJu+KiMopZV2Z~){a)@KtV9kKf;PW7
zf47&rp`^t96g|-~v4=eT%!=<M-Oz$_AStACb-=HK;oaQXPBG1`gYe+xGE~+9o?oTS
z)&$#$nh|vdeYQ`VpzJqpXy~SpYTQMNlPT&va5a%}{B;v??1N8v+>Uhx+&4`qJ(VN-
z>wOr~O7#=tQpO1zrih|0`&G{^YKyO2V_VZ>%VEJIYVX)q2g8??ZF1Te{0Xvq5$3bB
zpINId@#h*1i$NszM~)&6hL+B$KjH$qzFP%+^DOkeh;4x%(bq8$Q3k7)-;#H{e;w(_
z5ggv~h8SM?ET2J6es%UZl=#hNwFVT8;8NcoGU=dM6&6;#o+GN~Y&-Mr*T<*sTqtSi
zTM=G^=r?tw`W{V_rzq2fTwkhu7}Bj{&0ZQ6x5Qh%Kic4|+2biz{ZL&@^gC<2?noRP
z-u9aoqrQl`?K!>negvViSnSnI4|h|Wd$sp-TPFODdpN$>5B2~zPW=KZzVUNr+!!qe
zQD|$z;(UD5ebd+m`=nZ@q-M}6$MgI$E5w<)<Em8lOSJ7|OIYghDBC~HPH+2Yuuc0k
zBb_Bc7p2TeE-3V9Y&iqX%{`<e0ayY`TZ?g#`QMHARTjBiC|0gg6CizqC!W0!5}8bd
zmIcY^Q8m}jt&Z0SiTuclu%t_5D`0i1&*_`8-5I2<A?a}dk_l-X)^H}Q#I0TtA)t@G
z;{xfgjkQ)%2{ZJ}Tace1y3KQU|Af20LF`|I82i87o2;z=1@2h?C%7w8-F95#{3673
z>lRXVN(M~>!}Dz0f__SsoX$l8+)w@ptbqJ#AXiPubNcG>t)@d2O8Y5ckiZFH?(6k>
zS#k&|tPh9W^~P5du>C2aZybPiQl#4F=7k^;)RSlga_YtnJQZmCy<+qDTfmAsknaTT
z6R8mGkF<~<qbUNGTp?(_^9opq#9t?y9qk9cG~>S1+|36qsbhOi>C7Ta^R|?YY;E)A
z#+{mp$mjPVydw?u<O&oU%k0Ra(ZAZFuU=Nf5eBFvsdMKzc?tC+Rw<*9{3bFNi>cRT
zGCs|Mjvy}nAI82h$kJ@vw$ip;Y1_7KXQgf1HY#nKl~$!~+qR9D-S^$@7q2_woQN-C
z|JZ-m9Ba-s2h!Bvdi8RJYZ2{1Mnw*+$NdGz?-h>2(Y_N^x<9gn?%Fbh?M$3`vA_Y)
z5NS;sGo}dj+RizAMbP##&snNcsB|g(3hzzBIJ7SvQLvgOO(WLa3txtNV!{qOc4Ior
zn7aQs6JC5R#-F|aw&?H_@e44(<7@4`5g__yrgd;v9P!pI`ZD4hJu?aqb=h!XJ|>Z$
zvn7e|29?y;W5s4!Yfj91P?IH_P@&Y_yWj{#SyK4RK@R(}K{x4n1steI-Sd#WPT<+n
zEZusl9InK-f1<;T3jr^`j_Ze{a@jmAssO5*Cba&*O#|yaFVyzI1xtXI_-L#pG_;M`
zP$5dAP_fMcbwqoqI-V~p&{CCfCy(zL-F3%lbfl1%jbw_TR%1^UJviJXO81wg&JSzp
zr+UvtQeUg?wXz~A-_J32+BMAbRHlX*REfsjmrB3%Gi%${U(m@ye9$nj^(r%=!pHUm
zyXBC2W}3^zhg`7VG)GnYnJXvZY&^W&vu318w!eJY^&-XdGuRSa?-MbChADs2;*#ol
zdh4=r(LGv<%M{Jp#y1wl(?N(<htY)h+;tHkEUPt=1*s#w0CNSDpUqlH#*Q*4#3%3F
zTC(+zn|Nd)du3^90VaSzkkXBZT}jrOGtmqASq%ki9;PwaMES4SN+-pz32fkaiLuF5
ztlC1?Wt=E755$K<kym`zi2qKei$x5HybZ&=-Z{){0)yFO-0Kk32EW?$6ZQ8|3!3Zc
z%=3xpF?9>iMO!~(S4$7~`&I0Mv@$2jm%}?afTtI`e1ai1Y=~<_4^d`wcwu#k4?}cV
zrkBGeHut1RLMRV=)djacSUaIuGOeCt@JNmeGr+WHIY^u-pKm4^O_C!a<VDgp4rPFJ
zB?3!exKOjH<6%)yEAsD`_^r_|M)tMPafuMsX<2ePWMa@zWN}nYtU>B~>gKO0$~gmK
z?(J56$mKHX4<7-7UrCP>#U&^4yd%j5qldp4b=@W`P6Izv@MQbr4$y#Chw(WLxlf!u
zkmY_34$r;}_O((o#Zs{?Oj1zi%4sI|js}?`>wU^9(hBXWPSqrAcJ|xyBIvxFS<}Ha
z?hITr%B)fk0-sA`tarZGZ<iXwj~eu$u36(Sg{~+@bD$&yp|OOI*;IRq$?QV%FC25-
z>~Utjy_wgvrKKYQZ6(sNi*H@@@;tt4hE&<EISQO$8G|*{-QiKn!uq2n58UTYZ5acO
zfW+7}!V^0q^E$2hC<*Wc^UIPFbOD61+tU4vE@uO`5t1QoD3bx*Wpduqzv3z^vO_if
zM%KDen2H5c@YImYXgfU8V7~XwIEW7s&ewo6(b4d|Vm-sB-$94EMsIhz%S-sk$HuqX
zL4X&-=hXC*_z7;qu_NT4sQM>X{)wtz5e$Ddk<9;ss?7fts{ZW<`bFHMPfws4#dC8&
zLNk?ju|CU159cA9X&6@~z=?}C(4}3a-6R&4yg7^oDbxo?818kL<WAlre4_fc$#s#r
zw^9A*rA9&f?G{;*Hr##c{+RU$HU|#|OfIMCYRq)?^9TeLV2yHk`#eJ~n9fizg|;1$
z-IwS6UJ%t$H_L;!H~l$#!}Y@JVZ@A9_ynY4wn6MNXh0yxdK2YZAi$z2|2TOXxhQCk
zAr50~A>|50R)4(ESLC$@0UT%Z5=%g@&mBLA?NbaILI_fOYHwAU3fPz~Ot`%dJE*f%
zMQkmlFKW1)-p2dJ-xmhdyJj#yDPLi(`a2Cg3#8&y{DJM4&53)^pl_ru2ma~f+XU{x
zsHb@e^^?8g&ueV>bflr<*n=LERCNY8&QU!_3)8}sYf`H3p!;)-dzdLqBFPaLNw6k$
zKTO+phQrtLprU2LC1!~V-STwhhce_~#0dp6$RV_dmPv>qwdT|o3AhQzq>=-Sg|>x~
zMl-9YixfoIpBlzodmv8bG6;)Yp8Ak1?Vqfoj6zR}PO3V9>rSdN9FoW@HMVv^6NA+X
zqL67^<7~#2vXBm(oNZdfTGUj8e?7VfT=0ytMg?jDIXESuq2SUO)s}nx7&Qy!U<gLz
z!8%16Y@pn5wgPwRBjc4O_=S>FGhvQ<$%lHN3<OcSom<7%l&2SGcfD?m#7`6XINFyb
zNuU}=<m5vA^u5JYdzn_FScNCC6u&xdFI+F?A<L_PrhWMGR|`b+;ptfP;7{!)t;%`B
zJ1}V{K55_CE85s^Mm1JptnnubR*^;(e4m3Wo?Ob^Qd?y#o*501NLkGdhE!CP6!b8g
z2#e=S=ozT27<&{UK~&hU9lu9$uI;ULGb)JISjz@HZNER3ED*`{N)w|oNnJf-CY(cp
zi0RjoI*QXNA`ZlO>}uAQ|GMrkwp_xh>%!J|WOG*U^H;@g@Vor=0YFgx)kZ&E$)LJb
zj8mLX#0ED}<`=MB$R}w>tz&`;BUaCo5IPjp?AOQr9Mof<_QiWP46>8pT-}63`1q~E
zKe^`BLuV*I*90&@S8KFrv`ra!>PWC~j{EIXaHeC@L5jUU<$S1Aoup}C&MAYYED41%
zv=ua88$@SBynni#v>D@~S-aoJ2Bx!SxrIJd6hvw~WEM5!d4c_wnyYPkbqha`MrbO4
z2U_<j-ew;5UGg<iHt22<<02{oa?Hh|ovt9`GoNkz3W3M!1}GY-A<(YnxJMLOvctUZ
ziY6lY1kB!?=40OEY?f6w^8HbPNuQ7Pb!a`qX4jIK)e$#Zv5Ht7$xL&6=zaH)nYQHU
zlCJyBFPs%z^WnlP=W(%gSfc6C>c@O`hY!HofsM;Q@#aqy`4eyGnEu9_e^L1`{g*1A
zFIV(c5$G?v+SWorqPqM-GUseSSqb9>5eBi|j$m;JO3Tm2T<87uLX`caj~l=(1rp-r
zOet~?Cd3*z*DfHH$Eg^kqgl#!lhvccM<lg2G645wr?2!Ey`{m=V_V3C>2c(W$neni
zWp6y<$S()Y)gBx2ytOWAPardd`5_3YD;s+pQXsLWX(-p!4;<>5BW)$TSDgYoM7ZEc
z$MTMPjhAv&6=d9=Kc3BuCDk-`rHv(?Y7$Z@lt|hcFf}Ie5|ikT9!WC;JF{1Gkz?4i
z^|-<l*q-s;;tk<ril~Rsx1t<nDu@e0GKr4L_569>fvZ3luMO7*%MR3(eH{roC*;V~
z4|42Fxl#Ezu8!oDICdpc{CPv{jYK>wBp_pnu76(5E<(3e;_ns%v2k^*tM41ilnC^m
zpPfUa&f$K%?88OgHLg?@2z$uz+?ax*Y0UKj${wYy3$6*M9|A>hs*!ga>bMVvK^3M-
zLe=p=oAUXcMZH6p2Mh|bBsZejK8)CGmDht(NOaIOmJU=Q$kIR+PA|xe(F29Mw5d@6
zF4XgeCKQm+WGGs2IAzJ&bEim^=nsYlBFM1b88%KAF`f4A_cY7JE3o}g_50TL2K3c~
zo_Bla*TGl<BLY$~r9oLVk_p-9(qZ<4+y7iT&F|xo69r)kLcB<ZZ}aAGe@2leJvrea
zZ8bx_B`jhL&gSSkFLugHeX!obJY>k8P101Ss8uMu0ozNn3RJO<*xXPZxq*h*oa^eA
z$Wk<y@LO4h_-Pfxbn^37qS}l{1=NUii<>~=?0XE5w>{^bIp!ix>ws&;dwL9>0{pUx
z)kEP}DaM&H5Q_;AGQivyI`feET@1NU-i!Z4A#Y!c2oQ8KN^}|`(xu0fGFM3|-o}PJ
z1^}a)4Ct%@M2k&dHdu(9DMZ!X3z(bSsb6MJ<%%t=8kgXa!LNpuSh-$#CTMI^c<|43
zCjeY<LoZukjwxl^AB7GUT`jzr*3y-sIFzR};@m^(2Gs3hKjrMlu7zUeVqB;bm5D8W
zCP$O|c|b%HdAkl;PPIj&y`vwvjIEp{e$V&L+jAA)o<cME(emcT7u&*;bp?(1ArZlU
zo7Dx&B~dWQgsaNz?cR#=o3&izcuZo3A+HKnmx=i{75{}6avViKxWH5637`ZOwV%zd
z-&grq&-!K%cQ_tyQGPf~7OcPq&#9aw*XR?TlG4jaysFvr_-6uUb=g4@Y}D}NLa&uo
zHPboZy7ok<goBdmvlgm_m2Gp@(hXHAhtpyw#vxh~sPjB7t(}f%vXY;87z%8+M3S*=
zvJgWb9;bnGN`$=u#h7CprHve#YjGIjF?Hve>uIOJ$2Q>kwN2y1$ESmMDKx1MKE>ya
zJK8%G(6F@IKcVOE;3+!hzn7W+BBWya?}Su^U(oZFqTF#y`I01^D2)yeh=Zi5nW*F}
zDZX@%-w;C2<WDuWr5C&V_Hy^FZd!~$#?3I<a;}<J=eNovjw=n&Wc$Elz4L}=wC*Yg
z^q8boCY@GKPyVJWf*^90zTDAXbnON2ZwIwYfPtp^U>68C_3jaE{&>y+6HtVAA-_>i
zG4n$>*Gx}`g|ORU4Bg+SX2V)O(;n`$OcZ`EHyYPky{=Uo*47)=y7>i3r4?I}0cNSm
z<co#KbnJK>ep?<ohKP^?E*NrQ!=fWs$B`3N1ykXk??G0hO>Fc_yyCc+p6?@iV^Ib%
z%hp+TAN$HCTvB?AM(HCsWnfQ{E;x-Z$g$(TD<a{jvc8^Bcl=5EG-5vfvpK)`Uw+l_
z2^r~Fb28WOMjW(S#PDr9@Hy}8QypcK>|(~4M`nR>L?UbEq#FXA;y`kXZkvNTMhhG)
zAERi+u0R91(h&VZu|qTrGHfJRFvIsL1UIJC2Og*JUk-Qukq*#$kd_@YXeo^CJJDy*
zNHBzG;$g_wNbr!;l9y5$8bx6tL&(P3J*Lt}9*Z;IgfgudOGdMTJ)gSrmVXHj<ygkD
zsnVw$q@@m|KX_{;oB@h6@b!aUh}qks)>#?qkYh%*Nw#D6`1XJbrGMZqzebxKgw<Lf
zrc*P9e!EV`V|${2Q6v#Z@U}kRR1*0)3PLEjLXqsfB_bK~V7ic;g>1Uon@y~O@srvX
zz)0kmOj``@<(Ru)RX=onVA^RtT~(!5Lvc#PSy)SO@n^m@c~d$d$kn?7c2=)fDU>Vr
zdM){E16u`4LVOSMD2_2&4*4xUaq8pek`bKsjTe2XrG!KW^3Qg9*+K;`Z*}rU+0q3;
zwdAcBC748<qO9mw&w5q_jXd+Ah>sDu4s&Uy)*n~lS<u5cw665AStAomn7j?hj@R&x
zn<Zsn_Hh&y!wuw^!mH#7)ilkZ{E2I$wNs#viO?|UNEW$UoY-|c_Xv^~xxgYn^5H=*
zE>LVVnhRA@J3sk|*U_SU@%pTX@`k~IY4Q9@6(7a9PRoj6dGeM{c9Ik5zTyi6J!cYQ
z(3$q4tOzRCc~VSTDk$7|>-Bp!ulb}}nELu1qhJOtc2KGzPhLSPekn)_zZZ6wl6~Gk
z77;o1Fb{Wx{MyR<ZHnvp+j~6)6YbjP)!WnF8xR=jp!;8H`+rw)Z0vv2J6ZoQ1N#4-
z!vB;c{l`t*|Go_!Rxb^YYMbzxaQfP9+7o4tO3%jgk$kbG$Qr+CTMZ}f6&!26CT~_*
zg3+zrA%4e*H1b+mzg)%h4Dt<vpK5!SirBzorLVB01$IwYwqe5TrR(|}wgtQ<OZ7$Q
zFp9}~IQ`*~E9!edNWC=)l1CI<1B^PV6NN1h>2pmEMW}|{vAI3IlfBWO=d%7kSu1s>
zM{zWXNFordY^<KgId0OE#x5p|DH!LDWezFH1c{QV_M{E|m5ZB+i0~l%?FLh$+7Tj_
zXXhAo2vEyc;GaEo`uW4CL_n^|w~54K-E@8Z-vjv_M|SLdx5wx*zC|>YWcwE)yMd}U
z-GZz^)%5tyUTLF`N8j3E%c{{W+uJ*~CupV|?I+eGRRe47<-w15L88B2Jtym+jnl|q
zzUcV~j6}HshD0b(H;|jJNa|%MJ%NJ=T{*(Ii^EMr=nauLcI|WwN;lYpI?d|06)ULK
zU+wUJw{=mb2#iBLYaH2lJBUm3=;_(j*onijptdC(suSQKWe9G|(yowh(S!oQzCdN1
z0-Y#I@hy#o10T{%ZAyumsdU=6&2@mxbH;YGxX?AI8}ij8YaVHyJ;Dba53zal<ylwc
zF>G+iyhWf*Kn=*wCH<Dn(^}cFJRl|0xEWfVSX0GszIe37Ay>~lKLD<2o+#eXgX3t%
z8i_QHynNsRG%wOvoAe18ly`7mt9+qb#yDMD3LuomI7#iF(Z0)29oqt+C2n!NFz;|x
z<veEA=P58v-=nNn!GQSv*(7KrkUi_}bDRyQ6=0kRkm4L%yZYyw4r9Bl#qLPN@Op6r
zzdL)2M?H%eEy*Ka0r(+ZOVbHElX??Z<~Igd%vUfDRnu8S@7ee@H*em1c?5+*w;+V`
z*SwxW0w5L$6|3yuKaRxMt7(sVb%#ib)5CFb6ek0G`#D2P;>;9DSNXJ5xsor!MlQ5c
zz*1jkI71QFRw~but7KA?&_ImDRiK*VjEezRTW9qmFSECF+FIQ+q~VmDcPhsHHLyzx
z>zG=Z;@bpS1jGp@1A9invQ+anQ8A4u6>o!*a>Y$UZJ0Xoz`IKK<kM;8zL$eAnDQ5!
z1=$M|wd-7<PA?QXjwd3v$g)JKmgWxxL`{H?5sb-slSNkwzwr#pF~_D}JxqSSxW0a1
zQ%FHESd`vs@y4%jV7)s3ev|SK4f@q29dQ04dpJN%0gCJAwVRiDczb-y(+WDMny%e@
z?PpbuX3G?<hCDb4$iuDCwHi8BT(>=fs<cyE@z$h)mR`1eqt^JVc;F&>q;88cAEAXP
zzKbw<g$?tvp8dNrZ=NHC*>4)-HsR=(DzzQc0HXryEZ2~p2(O~;pyD4ty@jkQ($chB
zjbDzl_!@8&2}X&`S~kC2<rD)NP_f%kCEy<8$as|cxxK3oC&q{6?9H5Ia@H)OHqUEO
zz18ry?#;n>W4B`x=pfYM=L~MK6+`N#;mSqH2r)^hR`@@TNsswMdoAiogJ?MK14Xq}
zJSiPgC6alqX5*gW7l&c&!=hknL+G)B#CH<u_St2ehWbDh@}%)>^A6cz@;4>II^ZVa
zWGDGtR~~;GHTrCI6=R4Srg&Nhc&xvonchOw{}Uzu(qqyyF#M&`Wcrs#DyIK3lIjnw
z(ElC2j75xvPhXGz2)1+H5prbAl!2qPC$^HfU}%#Z<yiUM-gOb5Bs7pZ*N`x+28ibi
zwgvD4*~{jK{~o+p5$XNR6c81LnDe6}j3j|PGUUmJC#%=8E+yb#nuEaN@p+NV4jf*m
z4$)g0!3ZG272ufTW(Z>JYSR*#^e{GQdh&|o9Z|b*dT@yMAzy5khzF0ez-7jsx`n%K
z&e971t-Yi9-O~=L>FW`_6fg;8vQNWs43c<z>+n&-o(&Jy1bNC7QC2iX-#rQe&~v9q
zVaArMh2FB4A3b)200;x^kqggv-Cj<^GSCnt&8M=Z7Hq-B`;X+!$q;d%(w2FtGzGQM
zTl6h$b(HqKnbt1oHLW)Yj8XW9xfXzO_{o4NQT9%NGxTdFP#{jdCOJrQiO3o`3`#(;
zLgio)0c-t{JK@;$HY3PO-h!H)F33HsD3#Z5LfGgu4pj(bR-adJ^adyK`7pm|<56my
z$C&&OI?7jgcvnh6G0;ZT96j*UO|@M8r1lQ`0b9VE&Tta|hh1t4CXE(=Z#!vJwcvd5
z=Tn;JGY~kB=F_u#Djz1ak6>{K$DYZuq(cs+?`ap%vFnuxAHkgf8Nr8HRH}Yo(!YrI
zx;5oqWjaTCTYf*hb<LterNfcg#ps-&qjoz0HN>9Oq0bpM#3r33+#;>X>st#O#d^5P
z$dWu&gYl+{nl{Ca>5S`pLlKV*Aw&#Fpt?v!wN%y}G?m#h$)9dv<g_@AZ)=@f>YDRq
zAH3Oq%f+tvaUnA7cH!>4AN!jS+sr4yHA%j>-G@m7DoW<)J;2S%GhYwSHp0IV(O%hL
zfZf*e#CS}qgTY#Zs~!zN<pvjl>w(U<)m^1-S0%?T8B(G!Q(r7&yeGjq(P~~iS`Ygp
z8zUv>MmBx|x-Vf-s@oA0Zcube*3P9A-JG~dC3cqfh;t|j!icW+^jAL-?u<Ey1#$o5
zvPqeosF1s<sCVW@rC9ES+`(NZ0ec%-Me%y*-RPY=#6aB{o`zB<Jc{T^6P1n2mON(z
zVz7btlvV1Co>AP6m*SvyWW7H7G4Jf_A<y>A97jdmB~^Q{bew_1&WKC+I?Y6xuE#9d
zy}ZAqe7OIyzU=hnJK{v!y!mX8*wDNklQpYum6INSC6KtzK@2pI#HGLqd2B?zNw(I4
zGC!;IWCI-=(f7U8v!<G5IZW3$7uE3C362c8)OeL$komsmeX8Qh=C||S^?PFBbf^US
z%=~Oj1JlxhIZCY0$K^go8z${Oh;;)t&Ry4+a6L=VcX;}XtT0ymVM?E$7_9EYW4s<5
zUp8Cm^S}*5&zQm+*bIw#EOXbskZqMijpLBVHQ6Z4abZT_e9AzM3Q)7Nh^)n(CF1Eu
zfkr*0i1w9^$FzDH92=@#7mb3a&|BdwU1l6ib?Z8kk0>F$YVxcE=V?~(u6Y4va&5-z
zWRipA$yn{miD+rCCV3d#ehl#~l2lA5W?YN7L+odqJ>ff8GM=_QcrmcpilfRZZE$fy
z*t=RaQN~8eB)j+d+#GhhZP*ZEW*njG%yJM)u71x?nBRde6RlwPL@wZ=z&tu05mI_D
zX##4n1hA2_lQ}n8CYtc31vg;0TK%V<_mABm*E}?Bf)-&GMw_G*Nhj^PPHv1Cq7-EU
z@9Dfqp*+7K10H2|<p`40N2`gdVS@zG&HZ9iA<E&VT2wA%Liv<8+kyiR_2F__?H4CU
z*tLQkjVjs2INu8r^coGXEQ?zz*HQ}_39eG-U;mJUn6qydB6o04jRd_Y-`Rc?eL78g
zlL_`=m3X9oL7N85YW^pD|DD~%$oe<ogZ-Z(dnWcj7`p$l%WY5@wccexUO%P0sKQ}V
z5$@pTT%1OxiT5)R5tm2S{z{53j}?OxCpO4Qe;D;B6@80MAR}`(5`-UiaCOBa`t5Ik
zWIHz7@oVJe+5s5L2!SqUO^qMk|8k4>!64M%3_4!jVl>kF<+nzGp6^AX@|9vZm14?@
zqS&I!sMPnKAA8GvLG^W=Auh++D)AcG6{rs?MX^g&n{?F8#_^2YElG}*xxbz*pHD3z
zB+2WCgdl!6Q&BDmi#Xx4VK37%n{08&7y`Tb;kY;V-GQP2*2F7ET7YPDh4Xj&-Efyg
zLk5ne)&tB?1NF0ccb%WHVkad!P4L+)w_Q>RoUu8J$*R*A9tGo+aL#0%MkliY0{ib9
z<f7Z=s(XU~Dm$wYaU+81!$cZuPQBttDAgoLr8)~jr|<aL4FNAAW=<h24Q;tQBXd~O
zS|l9?T|-lcd}-rY%O{sxx2Ra#!_P|!(z*%6d7&3mA}XwN&`20MHK5d|McBBrVa)r#
zb^y`8FTu(xUH5!p^)A~Q^4aN_>~qIErVe13StEf(J+=hD;S0g{-cei0&UmN14IYLa
zS1T@;hF#TWK5Wu;POm0>e2UL<Q(J&GTK(o4+&@ZyR|&F4`$eM`hLLEnSDV*5gw`I_
zMm`rQp<XX;(wY_)(rsZzHtB))wl0(R!LMr_-kE>k)X+oGKc;yuy^3*;lngWYf-BVo
zNP#g`ha3!RqL`BPbYHRox9Dc*BJKX$bX+M4bUuu2v%|WLLi{C-i;)38+5^8FO+23O
zteFMB+MbCk`czhHFopvM%##f=W(u8Ti(UQ)?6CcZ1G&oGJ#&4q92$nF38o`-wjE~z
z+>zZF<dfVfX0L5=mJ7LnpdmPr*62R;oTD<s+6<km9I8Z9%k;D7W5uMj_jZ>6?E9Kf
zjdTK(ht8m<2pbI{2kF>>?YI(2M5YLBBr}6jxKPA?032)c#WdFzuHknMPr?<>9Nw9e
zM1AxWpI~pQnl3cg6>qEnSlFZbu3nK@b5`$*8qq^`+;a!R7C+$0nRhZr$H0#~FxD7V
zDjrc2n>ae|b@79B7~R_TN0@x3<Vce!w#mF+1XKHP7Vl)*NM6Cm7H4VZASH#Wg=Qnx
zAB0mI!grNJg9SMBEeE2`d_}WGx(D@Z;b}kk{TB)Gt9{M50IwXyI?o~R08xzw(g=fG
zRmZ7s0xus6OCNpT{OZTG9~16rX_3=5{#p8e7W5yZEc@S$8}q-&7n%P%`C?&Gw|zR@
zmp2wy|HjG~5i$U%r=z9I08Se*tQBk~u3;=rgMfXY*iKV*AU=?pey`HfZoqwI{aN*o
z*Kg5LUG%c==?4qNPT*}l0=l>@zeMuCd5ZcF^7?;u<9vt~7OBhgpKz#U1bpua2ez3<
zWCrM~24am1^bG!TJ_3^>G(;`;2sH7V3tY9<6@)BI3ci+$)dbYd1o22t%n7dLIk>ap
zo~&W`NdjR?bj|AtKdsHeQBbfob|r@)nxm1@VB82fuN=dN6)xd*MHJkYRQt3f@b#o0
z1Sr_pr;c_4f?{!mVL8yqNaDlKI{5rx9SbnzfmIU7rHUj|9EjnHA9asvBsa@^6nKS2
zZKljNsdMZEX9-YZgeIk7J!TxN7R`?AC#Cwqsdhy1NYqKh<umf9H65ptoh{ts=m8<d
z!^kG*+N3>TGIw$OFjSgZ%gufZ(lYcUCQ-$`AIT>lXwn;=i&#L(pfJ-~kz}zUJ#pJP
zAB$Lg(Wq+hOWUFrRGv}~j9@9XNfUbGuQFSCMOig8i8nRfBkYpoJ2{&g7fr3A7%A$-
z>_^OU3nq51OI{Sq?&U&08cFLU@P7R&$;GOy6qjcJQH;CiCJ27eF;zDI9M#cT&4~Nr
zk1(y9o~sBJ=|-r37Is_It1JuTX6BYmNbnZAM=f~6XPMDjR;VwY+3MKo<Ttbt1zY$T
zu?Sh}%;lLBh!L+-PTOpz;Wiyjrqsg7eBK%IZ{}HP>}X+04YTXjoXET3H5`q=q1nkQ
zGS;sa2I$o<=8fafb&WHhHyu@zoa6U?{l7?Bv9JNbVLCmixDru*+_<n{NEnFe`)XA=
zk7jyWi4~Ic+?HHtQ~xmY9mcw0jjRTTwv2;l6V~z$?;X`1oAXSlp1%p8^47rrM~eaX
z>B#*VovmX+vT_UQV*w}1%}SA&m14bb-PA(^yDx`~3ZO#VA#rt;4brPJr?4`B8F^th
zltKN2U9RYuM4oyT-M%o2H6=Qd>;cIXEBPqoDw9c;0oWjkP55#L*)#DNV;QRpgb;u+
z$J(2ltW&Dgp~y{?Gs~W~ij{t`7_ULX@X-7G+{wTT)U|<L&p+z&f6DETx@2Sc>qcg#
zWB<py6EpoEh7AAlM&AEQ(_EoL_L{8z+MYKIMBGXj%H-A0vdD)C)XStjY>|N0?FVoa
zQ7Zgc_|a)Ws#h=-0$H2P5eWbKV(U41f8PNTAy+du&$YYe$_uNjf`L3oY#e;}yrtn9
zVh!%M2*qz}U`}Si?QJ0!^=+JRVw+0fC+?jXTwbX>p(6Md5?kO3{QiI@TevqSTAZEH
z+^kOco}zvm=CK2Q3t2PMBuKi1=}Hc7>qU$%k%any5oiKP%&ZwEV`>tJWj*bve}I*`
zAHkk$pNnnSG(5(Makq0m=gS$6*TghdfC6GL>iKttdgm?>I8X5Jfg6%9@V`LaO)lIj
z<8WETWec3;8>Z(mLiEy#>t=6l)nwk)id?X(@~1&dVT&c5KMkL3Gf22}!j-B{9&6o}
z@wx_onuv4r9H5}NaOK`VxiMvQm5j}}I@$6%t*Gh{75Yv>&=L)BqfIX1Bq`QwTq(M|
z%5vHW>WuBZ{kB_iMj1`YfWP6Gzt+j;kiBWQ?}I4m;}KT270kY+Ks^>n0*tZ>0q!(v
z8fXyw`5dB{<J?;=onFS9=0KM83^Sr3lWUGdaRB4zZbDh22)tIomuKcPrF%5C0=Rd^
zGoJiRlVjeZ_EX@3Z%Hh1Rmd^;P1Ij}c!%A8s19nzc=j;WwBS&^o?HRo?s~1Y`&M9`
zz1*9>5N=0VW9*KovCn1=c)S}Ms_GGV)Hy2?F=*v}u)vsu`d7tUWzMD2oKja`(Q|hA
ztrI%HhsGivZMk8|KGG%#=iOIGWh;0$vBd|AU09o_nV?`upf}jdwa|9z&lU4NEm4CR
znm~Vut0-3$I8d#j){$-70g9}WQrR6erCNVR5&!fAc6Ty)e+U|^MN4cmE8s1U-F^wq
zcCC{BI_Lo^aY?y{cOr!LGTpL+^En#oyR{;^1b>u7fk4>|VssUW3~nYn%LrXRbIqf|
z??<LPh$e8t8B>J0>j2(F8VDh+=6yoLC1nwb1VBmSqegbnXyW0^yXeipNqVk2YqScE
z@Wx3gr&dCl2HMWf@#~KW>2_BccosdX13w;@!dL!Tdw-VHAGOE&w=W*^zi88#|66U^
z|70;PszTqygKC$zKDFAEE%G%j!DOgO%K^LP5RVvB#D$Bw?dH**C%Xi<x^>7*2}@k|
zu=KM#9E?E^W_LSyT^-GLk_O$*u40_k?*es{WiqBp>78wVdUAy<8`6h_bEXOwpWjYK
z+aTn4NkTrci~IzkS_A1zo&Ekw*ZW)j=mnrJ=oY9woR__P$!(X(cv3j+#hR{BtZC*-
z!k)3URLwX?d(`xuN29k@L4=qhM0yx0E-Vlumnfs+hs7}dRXYX(B<TfHAN($-A^262
zg$|CZI}E(v0jN^&G^<Aqiiltl#gMt8Dz^E!HdpdtwGKz;<-}pu=Jpn%aO$nUqydDf
z7_v2X&{}r@od=yqZtmI8#%E(#C2#(gtPZ*EO=t=APbbTVv2TJ++<5qQ3B7)*X#zrJ
zcMXGcPU>YN@YhIGP`4@Rl6It8@N&IEX9WVXRFhbn3K(K;Bt)`cL<&2aAJ?O`gxh)Q
z@U6c}(Hs%i`&_Wp%C(3@m9X@gqLK;}<RwQi7x}6rJph%EC?#aPE2v+7lW}EQMBp0*
z^VgXu+^n5@t%?55e)03y7uKc&9u9c|eOD4^(9XRf4x`1At|a^k#?bAsw$<Wpn%N$+
z2o$aS(@J<`7+l*?g1P49XGDKg63kfX9J{~bIrIlCRkb`}S!mYry<+NDl3dTj5PSLe
zgCEdqu@s{sC`*ow0ZqOWnqjK(Rt`k>(h)9NMQV^u<d6X{gOm~`z<P89bx9<_p$#NN
z!hCU?BGrVt8U~s8FA?MK=lxQh2M7GhK3&`imL{httD4wkCX}r}BNDpYRLUdw5yf$X
zgYiG$-W)yfz9olAgh3Pml=F*G735g}kLXlC2rDEz+Q9heDZlW+rAX=JGZ_4Cw|LE`
z=PHk&76la7DF(NvcQcR@iCGnZdB0KU?eti>&#j1{u3qb&2F9OQ=JG$n`^XF{%aQ$b
zG({usVrFB{_Z-}xIIDh@Ex6hKZIV+?K68>fEI8}k&gCH&v>V0=d+6L5xn7FpIaq(g
zJ(<ZZP(WWBxO%S#?IM8Hg9`%1#dI?NCBU$<F8Lrr*0QMZ+8XzQVPm?2l`@mjl{L~A
z4G5hMnvFt{IWl1%J?3DJMan~gJ$>vFl38Eh+zs@r$^KcRktHqC#^u`j2IbKm)Nw^w
zC=?C?ub(Tc3(1($yTk4wnA#hYf9aX2`|gAfsKLSxUq}uM_`bcXDwF&EIX3!ObdhIP
zM?CsiHegpT5hOp4vNZ`RvTJo;h%5$WZJVO#;*Y1ZjK>j^;-#j@Ej@tO=Iyro2Bl)%
zaP%(#^1n+XcJ{yITg-o{D*pBaVP^QRQYFq+R%Nj0;k`Di*=#@(n>~JiZ&1K2nS-33
zvK|H6>0Wk1%<llM7EBM1xjZAr?^56^v5EX;uOAb`ZDJhb0Fj_hce-#dZr%Qh`gL=o
zo)rCYbK6S03$O}p3FH5yD-t<hANzr+65v}UY3~^cK`hWm(5IL$+z3BKYMWw2I1z<&
zHh?yuXPJS1UU&HAR`+Wi^w=Rch$0Xdn~Z1v$dU;=8+H)ATp?LJb^BF-$eseJ%1B*z
zw37-7V3jH0g)e&0GejUV<|vS_T_e=%#7assXd66xP?aXyu+U`_y|EW?vwpEtG%w}Y
z?fiY4TPtnT?0UDwR8>EvNJ43zCm5tz!86Dnau8RlAh_VWv4FDJh=7CokbdJvOb%5<
zP_9{J6TxYXP`|0W;O;M^oi-MS%#!VCBOV8xSd>vFbz7*o+=y-)cEU41oVZ!tUhS2e
z_JfjJA(`6iRNo;X8pyojo;pNwM|C8o#9xJoTWnE-PsI1w?lk6ioLoj)P=KT6LV50N
zWnI<HV^2g#(jsQ+0sJ*+g;eG=mr8sFBp2!PjK+_V>>bB~y(utYG+a;M@C5D?OVVE3
z=UYKmP^Yb={zYqzP)}!X0JIvP?p2Ep_Zg=E+D_Jv_r;&c+6`}{P~}D;F=XYRyovL6
z*avRgBI@gCl&38E<rRZmXffgD=Z><noHSx^P;a5UFej2;{Ccxm9{h-Y?`aaD48*LZ
zsuk<I;U<#uluX6d5-dAu%;LR<g&-7_p|=w)@6*I_3)ntU*P<nejv<G2-@9d&-!Z>4
zdL%fB;;{B#U$xn-Ble)b7CY?GJ80JsW_{hEwIRJqCkp5MrdN@G9B&=5LYS~Z1UF%F
zH5nZT)qRyN$Cg@*mu`or?i}<VfNv_W!2hg)KachwmnaMCU!;2Gf6)*z|Cbsfl}(#j
zI(YBNA9glC(`jtHSVXZB7>MA~ApWj=T!zDi%tSJW&5`&zTeOE~B<gKWn1yVo@foz6
znZMg;CqSAb11zF1G8QLxUFfMaLIT+5dLVki0h7HGbOG&Br1)|bIR;iIez2_(@VSgw
zxMm?r076K9r_O|72ub<S&$fe`S#kRYH%mKVcGB*|5`z<tY<B>HdYm{{LUeKsm6(Xx
zN}oQ#D|1Mv8fAS`<o`%HCQN=K6(Q2I;M$P{o^?7vg3oIhCo3tnDHr_hcpfr)iru$P
zo-VUnU1hfyY4BDZyG7^n0d!x0HfopA)@)@dvba`iTeC>WSqEQf0fwi5b`Xg#l@$ba
z%A9x)@J8fBO3a}&Su9sZ18^rpnuO+ZcPcg=7<31gh9B9L>I!L8tBU{?S03!5m1=|E
zaOxLuvj4)11nSee5V{9MOElO{ILvS7Qr7p}fyQxEa5cRsg#goB=EK|aXzZz|j+c}P
zm?xMt)A%E*e*H>#6-Y^?@RY0xjYbIa#d~%NQwjLG`P8vmW>$A`zt$yflqQC*2q%?$
zziI^VdkzhNIZbW-Gw19n+wF%f4@xWWhpyrcD13i(l32^tR$u_!s7rRx$?S*E;GK_7
zgKT<d_^qg*dk%;ur@D0j(k90pCl=1nf>RJZhhK$DRay}zShepFyxQdQCMV{=8?&fk
z5B}EPkEJelG4kt~X$GQU6S7=MfeHMM)6;pYB5R>ED08hG<*JV(R#$JFxecleKgvYH
z@k}c`fJN6~-RAdxz#Tnvv)IIpf1+8fnY_NL@XBev4l-}L#AJUm7jy1m+~2fcB&PR3
zbBu0HOU|B&#a4^Q%;BXOi^eJ|JD7b*jyg<BQ8Z?m4x5{754z8TDa39b*d;0^n2^;V
z#Z}C^80V6sUd$OW8n69`pPZ5=eA0_QwNtnlvbnkJ)Z>Lz#4mLwd|xl<J@O6*sBWC)
zwr62C^u*n{^tNF$e59OphWvHGE*O8&LgRuO8)MJ9BvxW{Fc_;hST5KD7Y9v6VFH+!
zF?U$Y{H_knlfDHxFl80Eh&f}OlacjFOLvh(_rgW=K79jtkhbOiXI=iKcKLq?%YPBO
zF#mUAmwlDL{HiLo=ME%3;&F07v`9m!GrHR3v5<w~BAFW1#0mswHo%ugFK9RMg+0#u
z#N&#N3Kg*V_pZj%2e%_Hz8gdIUBFJZM{jtG=^5n#uT`o}|B*E=_4`^E`q-8MG-{f`
ze!=^LMuH14P*kUP5+heiw}&K_Iv<tY@8`!1kEDC-{Pg1$$tz{+P~M|_+gYJle&9VQ
z?r~;)3GvEB%Yh`+cA7LA>nsRWeI11=idHo}nq-^<<<G!?)8wx>h<-bFp`-oW`(Vqx
zXXvHS!s<|(FoPuAEqY%w`L2CO(Ai~dnu7VLfXfFG!^QJ^b&hcHIe#ILA&EERtV2`i
zF=T3dh=U%rCn@wF8t^4%N!9Q*J(z_cdb$QRwp-#o1G{W~mKX9iSX=RH0m@%CbeG3U
zu*lrl$0OS$nvO^7mi4ieHN;JKaO+p;ms~%U<j7kDU@R&d^Z0;3?^X7Wx-u&RNJ!I`
zrVVQ-_{3PT<N%!(K+lG`YW@A)(McD@m@IvJJS1Qw5B5G#yRWR;lqi<h%fb<h1pG^s
zvGhZOr%yWWD#aZ8ubw1iBJaOGh-<$yTzdS|FE%eYp_m?YLULpfI)L|4=gkJ8mw&l5
zjQMebSkCjF=pmVEW1wzr8!QVby1^$!I@pQHIOgP0YLCJ(5^0gs`i!G9?>qP|oh$aF
zI-9V);-*5<OknJQy|~Hn*JjkEa|4%neYistvH}tbF}Y6W_CRRmjGVn#nbP3Ofh-$r
zmE4ui&iPG(s22mKI1Jgg{KL%%>uz8y@m<>r>vwA-4ngpVvz3?L$7?Gpbat6`l|qAj
z+fz`1R>^9aV_w<w2@zF_f>l}1{<vtBINJ%~9Jwd19bKj1Luij3F$Yo4t=7B+jqp~0
z8@Y0!3QWpW(3Z-OKcr!osavBTNXFy=lqZ$2j=(q;!%(?2e?No+MMa|@^J2S*xu<b5
zqS8LhhLx$=ykk2kY2^0J;^~+&d#8@-PP$e>3=}Khb3gvs;4_Cd;*2%!LK&hP5HTxo
z1R`WbA1d?3?Ii!ILiu=^rArYRE?yF;a|2TA#QvSjkfe-u0BG6*X{OTPMh+U{lQpLj
zKVZVENqo@5O;O)e<&gu4Xr5&|t?UJch?T+=&AQ^IgLeQdPO_+umhiNNIdAlFXD>E-
zeu%5i&ZjhK?kNy$pufxEYv=W*OFVb_=D{pwbKb9;3a~T`nWZjC&RrA~xRs9x0ky*8
z*$^ID3W=JC*M{$Pwld56uVOQoPm^Q$nJ)(0_7*80E#*^}`PHeqH--NMjlaYk>}-Fr
zpqQEeX$8v6{9jptR;v7!Z@5{f&qDbuJ>v^=l>t4vWn`Vtf*0(SL%eeEJ&s1Wg?S3^
zE8tM!tPcmiKnZYlZ~a;)%R?snyCFj0-P2?{<VI(Vo+cQ=ltE*+BS(OE=;ttzpKBV4
zu22nx*h;1kB!LOQo2X8AHHL;bz7e@$dQJm2{}%@;MVN4?Yzxda;T>zuu)8fs*`u^j
zy-x(m<XA;r?`KV~MK3Gro5q+b+$~B)WFyBS@!F*@4J*T;ia7}BX^aR2dXSzJY*eu&
z%K-c@Vt4RZoW~u~H!0nGn6U`Ji%Q0;0}AvgbuK8;%p--8%JsM_T3$i_!}{keG=<)C
zW~)gQqTYsj+bttPx-bty^V|w0%^J?N@9NcySff`tj=X#}8B5u>Ang9F%$5aYPzO#j
zutyv-6`Cg1C$oaIA9n1&12}acF4H#>$Y`gz37=cfF5hF{S)}+%w9xYS5<qc8u;lyV
zi6UFC?DjR(X_V1qeE@Vjc`pq+9aiC%Aq`<v1WO%sl0?<8)GdQtpi~v1fIylu0M^VX
z<)mNK#1$#$y0J$9c_i=PU=|!7MXa#`a3$_d&Baxlw<zzj80HBt`j;|g^jTyS!CD~F
zYwu9LMfb$^o1oG!;Oe+(R`nxV|6~?zHDQyG*IP2EGTjb)eoI1CQnTnp`7R-kKSt)1
zvJAK&x&^sk0^CkE^pc=qzXYXdC#+#8%jTgbEHjL|b=gX9mD+M1QC5;?P8litxp5Rg
zB^1?!1Mmg(EjgT=@VBVZWLw0gju&$t8vvY~qVJ3#&}U{9Yg>=BOV_ADR})TP)oFMd
z%!Tt;Ig(?mel!)1Sh;Y)+?O_5_*_4xgF3#x>;5Essz_aEq?8_L{k_yXVh`>qAMDPX
zV`{IUwjzQme0XtrAFJ1rLO|N-N<|9&NH0~JEW_V~J9inO+0G;LO{Gs<718+0ij{Fz
zS9}zPl8J<^T+=g&Hj}n4wSm#eC$Oz+=-%zVS(kiAhtyLnHjA<*?=Ku_Ski(-h0Vn+
zWS%IK<4czI#tHZNZhp5tTZWz5I3(}31XZWOSH!Kac<YjpqCiRLG4Xq3mw@X|z$%Uf
zBssB8Rd9gp0Hq|Pt6C_<&?~E_%|nZk55yfYmTdfCc+FJnboXlvKcF+nU$R&SVm)He
z3*--Aw)qsJJL!JFapvZjOHe-U2SIy!CIQ&=9_Bhbng&{3QJ13MU2lATEQahe>w$Tc
z3EUi@W75__kil@Vw)&{sR;;mKq2uAhm@F~n;Rg?EUD+37G5e+qXjs`Qd`C$}?;cO?
z5CYrQ*y{noiUPaHJdGs$)RDh08s^3E-30jr=m4G_`X{XXi57p%2=sLHe_0GOGym`O
z{QnHf%zwOm|HoJE^RH%Pl@9vLJoBm%MUsi~V}n}K<7g_N4dX~}i9d0FE`YkQ4x5V4
z=Z$P|BAx|j3I&8CM*(pV@%c$CJl?uHADU}1q}X(5u$rDqv!~1H7m*%1|JF7u1Y&3}
z69A#Oc!nddkEB}6w_ZV}D|XSJ$O>r!I`PyD0qDH7vdhpn!R;XlZ=~#_!^F#F+$iMw
zj;MEHha(dC1({ixIvVIJ`dQlJj6;!)8b_F&l?5du61JLVARgzE#YAIVw9bKVu_8RJ
zDL=mVcDh~F)Djx}A~g6I=IlY2MvTGv&hYaA-xr=B6yNWT+#s|C<b}@5coTmeXPc+-
z7WzO~&v2E8#^JFiqv{44wN>$9(=u;wtk`aEe1K{%J@IW1@tD7KyjcZRLp?xppGy-g
ze>NZysx;|gpj4=LD7(3N`c33QR3f<xMafz(NlT35=<E$$S!q#Aa<|W}3}hOEFtL*L
zd%c2!n!4}2uKdk63sn|bnl5-W*P)qCYd}o-fh_spu?SOSY+VI5#4%Gesd{D{Nz2wz
z@!D|+_h&S1)2k3#;vo$dbfOXs)Ad{TSuoSiE;)9fN63lsmS(if(z!Yx>N1t11|}>u
z3~Fo^)u7%}4d^GHEF?A6AnY5LSnxTG+p>ej2H-XMMvesBk#{_MH`;!nDVmPCXKfrO
z*x{er>(!IfV4~nr7PHW74F_T=i&_we*k~ecVonW}D)&69FEyZBRyH0m9;;ZzpUJbM
znUZI54&?54TKdD3Y$=HC8$rGIX5FV)ff-%u^6FM3->I)KS=)d8D2E*GDn+hq>Uk6Q
z0pJ{3e;hjx(R(rAx}+Jl85L6z{Fj6Mzl$0c#=q!r%q;(84KuU+!Lj&{=lV+!@aMUH
z{o`C)F!}U5Lt64B?bYN0%`EW2^}<F=lj7=+Chj?dyzGjqhou+j{3ht9Ba)va!h4Rz
zs!0WE%u09B(8#70RFfD5;O?Kngax{?awquOtFndj<s@pZv~vHh%|HcUsjd&Sq0f!f
z?Gu4NOyYO`Uhw0HelV!Ho~K9rZ7{8WA;_qz1BKi+<+Mp`lQJkzfH@_cNVNtd;rh*;
zE2L#Byx0>)mAOb*ryz{N6@+tFR1v?q5$A&a?qO;TA4<c=6ICu&H1Kc<0O}1#Xdws*
zjTo}D77RDjy>FoFUJZTe=X_)xBz(2)CZ@zs26cihOvwslWJJs`45|zKQe7^9e*Ar9
z9V#q8%vC!z<Ym~tL+Tw+X$+<j9l*uwj7-m(R#_}TOcpL2San>!#w6J0Ek8KHuaywE
zNSlY_Ai6hZJ00gJn0rx>)H8MXt24KxDmKk^5x;oQ^%cojz|zhu=A<JX&7Kzam7eWn
ztwvcQi#;o6CaVdSep!)L&bO=pAqh7UJ--v!+7&>am*0BQSr5jS*1|5x_=repQ#}=R
z7w#PrL=U$0>G8=OGe;icOx6#r^-d`mQ_!~s>XgmW3owoBisgAt=!Is|V;tU&Z1t`t
ztQ=L7p44jiSn>f!u&q7y=N{QXmaak;t&P3@rf_LE#aP~3jEfPtiM^aU?9TLIQD%9F
zp~4Eo8EOmVXdrvXiHAytnjr;*4O>mZ3&jM&!pw4*&%}aWAqAp~!od;7EmUR1b5SKN
z1&Hn)jdy1)m(%IJ9g7zIx9)Q!@%6nGtA*1L4%W`-QTaSiytOwgz>mmXx%yu3GeK)D
z6_0}`LIJ|HRtDo~Gt;puXNawQ(%A*AbnBa=d=rZn-o-GQbP!>DvC`TOxpbVT`)hsx
z^$pAjVOr-eRbd;rAARu&2h!<v3qOiz&@p1g>vXP*ID*tw$Y^8$P>3vU>>iqEfLrML
zku|R!+Gihrbm<Vkr=5nwoo#B;x7K_BNcS@u{<FINESf*}Gk^OvFtalKb2s`YPyatw
zSEaK2A8Fg(i`C6d4Qdq<ja0(`DqT_UQ@O`$Qha#fJX15n3%YTT;zlrkcB9UjOUI~&
zc`%w>8-s0^orE^{kOrZyPn&fx8*7F&^!(6VcO)q?iedyW2jZ~Hj!6LnIk2t`zcxW@
z1;2eNHeOYI|A{fygMsWs_kA#SnlwG|8a<rF6{I@ix4#jBCnRXoAwi)Xn+*1hhnc)&
zeSQ#X1IVY=xN7zxrJ9+Ma;fu`Nr;gmYhg`PyzSlFhGd`}vJv)_A!ZShMC}tF0w7f&
z$`!!=fHm#0(-T-(a5#)pKpTbUyChv!pgLw$Oo!_;;Nm+draI+%tCib1{=P{<vauWb
zKFvOnR4<zwK!DxPU^9DYj2BBN>Vi`F-iESR7xZ&>44jz?t+amB$!5NYflwI0iyC3G
zT>2@j3SBR_BrYB_%9?Ps(q>fa5H{FbuJFgZYYLCeZ9kK?LEbz>%n-|1+r40fWh-xx
zdVe+JjPT>lnub%SV(2u+hCI@|Wl{Vqs#>OCh%XO!WQG`stJ9-tHnq-65FijyStMR3
zcVzI_8q=LXMK;xlFGnCu1Kuwum<tDpXH)6DwJ_}%xMnV6o2apffmPfnVbUE%$mXtw
zmGimH_9XyJc+BoQ?P8{9?JQ!ZV1#ClA7*-uG@U?5eWk2A2IY6$R4<Jl@|r~QhzAMz
zohhB|w9)h}^fhyjnS|D*%*uzL?4LfD(YM~D)C_Yc_3{(UAvaEIr<v({gDgX<=yecK
zns%a2w4*u}0?biVnYf<h&OK^~-v$LSyp>SFXxj?eup^u7&o!x<1XzmpzZcdC=18B{
z%HaaS*KtG-=5$&}(5B0jw-xD&9_Rby;cwrCO^!u<O7054{>mQbUeBMzfrItOl4pk8
zpj~?%><r>HSCc5m+SzH-+^0?G-c6%mucnah0q?!?i8?NIFy_c$loflu*1LURO?e*n
zGEdgo|L7nfo&|}hz~cA?EvY=kKHlU&E#~34x63Lw6LD2<U*IakouBSy(~Q_wd9n{e
zRX#xB1z^g5CRQ_Qqb+D@_qJ4JHtTA?ZG8;}`CPZdBDq`rigciO1s6fjd;QPS{7V_b
z#_(63HZ$8lMgPof|CQ*!@{35g%Jx4*LPe>u6Fo_L=c-*{FthC<&{p&@|F|kkRK(+0
zB@LkWr<MYuLFdS^0ve<4tz911$!!F@KgPt1<Ie~ZSC{1O6<~yB(dvL<q98jl8=eXL
zbSZ}^bR|E{^FuuUArIe=YSXRv@OCM^k)oP1{|N_RjQ6@gVfu=+EjZV<7gQ>h?!z2L
zkIG^u{p%%<m+#c(Va|^EZbrE_x63zw5D6<QD3oA+G^&M4Ag_Hfz;oW`B?8%?8I$E0
z^vnb_wbm7azh$q0DuF<mHSjq|6PCmHTc&%=Sqq36v`|eoM;DgPTSr{-O#I<v7d4RM
z_Db><8gZz{#8#*RQ6VXKun}r8?h=VQ05Lj4hl{$Ar?oongjWBMi9f*~I+4og!UBf0
z=#>mt3O(@i7p?!gEfkh@&Q@jjjb#xrs(aJ@sJumC6jXi4`8=>#Laa22V$5nvA(aGe
z4nJ}c70#EG{2Qw*2CdeBZHQ(eHI+P+a;t4V!2WdSR^euK`R(YzlpOIhCV+*doQCV3
zQ^a@ZX2_oRiD%x@JWBR%U6gHY^7SXb>T+VsIhPV9p8CC#4Zj*)ma<AoI<nD#k;kc*
zm)Y&x<2yI>l`B%C+TIy!vbbI&fhsej+HHlD;JPzzaica*VGy#%*L_iWa;SGQ?4}lx
zCG&eS36mZ6RnD~W$*Cj_@JUTaV=A6e_7E#*h)6v^a>Ll(yTV!?G+$oPYR`ux-s6tl
zLb<DL<D=JwfJ@@w|HIffI0w2nOUKE^$;P&A+uUSh+s4M;BpchdZQHhO+xoJ5>z?=4
zcTUxNs-8dL*FDel^z>xn1bAs7-Q;S?Fs`bG$>X`cqIzv$N%nZY2tNCX-MvLO3Ree)
zBOsgYm<$qUiD4Ey^UuZ+zXLF5K4Zb?9ivCeLhfXbn}FxI>Df|-sYp&BhnPc3)3;tC
zVq!m(nOp{gO$0Eikg0NLwP?nwT-D=*Cs9TmJRXr#nMgiZwa4w@V2I9Xqn422)Yw7}
z5$TJ^y4gPY`Ue`0+Qn;Us@tMfG4a}sg|D`$Da8=se;G|TU~bV+g7a`yEt|T>O@Au;
zAUb~!Oyps81zV4C<}mspq531>H8d4=e3H|?dXLOi*kk56Tu%#<GwjT91lnvrmG@}j
z>flOfCqRfcwvkbP=pwRhrb;^@7uDeE5omTuuYkJ}b-WyVT?|dXgE{5sr+-hG#kl#i
z*f6C^Y&V5;qxvQ@g2R<QC0X-~?CnDhS=04HbI$Zfo5QT+ju)8WBi1Wa5Ofp!-(mj;
z&A%%$JHubQ_soBtM)*H{9Q$u7`0o{2Y3+AK_FDKH_L$Otwl7%`K$x4vo`aFlR@vET
z0o<PsV*5z3z}!%b!;$-hi|}Z~6<g)pqFo^rmxq>$4eU1n{1Cj{7B>{f%X1o^Iv9e?
zl~TVWrU3C@UPna!2FZD!0uiLx@&zwQl&JT)-0Y=!I2pPDm7hCu?H~ftqj*0R2EP`#
z^`_;!6WxR#9Dm8Zd@h?_PLOD`k_;O0>gDidoZoqKDmBj-N+sR$k$|#I2eSWX?mK4@
zGL}XMvqUEu^jA9*F2gG{!BOi;L2vgC<clkG;>u~Tav|bW@0BIuQ5tKV^3<h{HV6^@
z_};BT<z@u4GnU-@k%`D{9_sh?*-T|EVMxi8ClPP6<2<@r{5VGq<j-@nJ=6?u<LVTW
zgr&$RQQ5!pOwsP*FV)25;!x(=5Lp8*mOdJVL?}O|SJ>&Me5=NH{9x>y^3@!sIqjfQ
z1FEG*hYy$i^nO6>SGCfT3^S!vQVqL%kWv}RJwrAN>5gs>A&~gBCq9fb`fdh#+yzD)
zQL1C;hz)Fi(?4~m22eK7!V-fDLnfwr&;%l*md7_Y+q@*#j`WGSZh{dN2LF+hQVf!p
zHEkB=zKGEllLtUKDud#i$!5`HTWvyN)mbld8%OXk3AF0jIsxdG6(8I}XlYmU9Y}Q{
zJC^L*S=N%?F7+=2|47cFd9u*1)Ly56?*?<|<rdUs#5zP^A4<uPxJ5L<{oh2n3vR<P
zi!ejZKVy`!bznn^$%j6#1#9WqOlND7I&F(XHsl`Iqe|nR1`x*XqgBafPm}49scL^Y
z#5~^^fA=OfMCovf6Dj52@Ko40Mi_G<@*u^*(AA7!W6KnsK-KGMVjyg2E=)(OMv9FJ
zCpFYI6XDmnf~^VtvYAM_qA;#pSn=Sfx)m8!HyP&VRSJLk27_t%Jzh$OK>|GuZdOML
zY5n0#kK1eTJ~lBq4VJ(Mr*}1iC6MX$P4M<i7=O7wC3@gfU3-S8u5WYCfN$+uDfeCH
zu^Qh<V7y4EgAALGGQ>p1r|0YQdpsSz*X=^HA>xPrk{j7(P)3Q@DchsG9wDZExPeWZ
z7jRPY-p0wiDZc%v@ENS}O<888iq~zXr=|gS0acsV?1ioQJ0&)aZU4FR++^!w_Q7Jr
zS!xexG&ktWyC8#Cat-ReO^ma5!MAx4ry)wLCo_N>c@9f3yviHO)Agr=G9g>&dieJQ
zekPp94HD7PXM27|a-5Gjr_;bqUV6rum%nqtABg|q0;a!~;hEY0w;}!y7qHO%E9YXF
zlHC6cek&ST6II%XEN2`L#qv%8nZ7lEo&jD(5+}?@E~cH;rqtq2EQyOUHiy%v*2|sV
zI2~M^x8Gv8qj+0a+@~w9Pd!2GFGF=|nVrJ~B0#%8_xquV^w>f}wsqIcTfHqqVFA@P
zl=?n=$qLmS?T<v#^26%<#goGWB_Kv|!Hh-3+Zxl$d6R58Ash^Z0*f^*`upH+8yp2S
zbge!|lBSFi-S_E1sd$^J-cVF7$<N%{`u+knyr1p7#~`<_IsSquP0nCcdR>p81D`W|
zVLxgiuuDKmCJ5Ak?TO7B1IU;o@>GZ%tFi*E42zf86s<+$oI%oX`)xEl)y?*{Z&~w4
zSUyq|NMMZtYWlFs4Uv%5z=YJE@Re-$z+y7kX6tzQl?sj9)$_zj2kd7vnxu!R@LS{>
zBsGGr^L5*Lo|nU0iNa=w;AaH7L&y_yej;_-=+Wj4MpY0Ra=EpOYI~jjnwCDx`gE?X
zq?uph0^q#Dbp|vV^~+^{!NFd@16QB-00h8yLFl3J8kfUhY)W7FFK|y|yBASL`b$!Z
zdK?(Z%8iZzsfCQ$44FcJ_Ah#c?E}6Hogqe0uj!NJF01!RBT4uE7-?yMZ-`mT!EP|5
zK0bzw)7<nOmN8JkzSWWJZ{}X+AURGmrDBV3vZDMVpEtdNjqHFM?Wo2QTJKq(<e-De
z(12pm_;o6C#UriKBCKIdflQTsGT;9P*r#%Ra<Xw}2H!s#{3KE(@Ua(M7iP*Faw1h8
z3DUX0W14iFc=0_yOb^~gV^?Vg0mZIOu&~ibxEMbsE+!^Jpd7y~+A)X2xu=ewB2}6v
zZN1C2tHytA*fB*WY*%D7ZR~<>;;LE1G95mn10ixi-KM0g<#qLJ?M4hUz;h;Gt(WVx
zHH^n`Y?&k6O}TfJg4%pF()u&s;$kMc;e~F)<vze<o~SL-kbD89i{I?{>#?_MQ|z#g
z=j*TZ2Y`0S6e)f%`nLibMNzPsT8%+9tZwn~FooN0`pEd*lU<{sqCGJm28U{d&-tKw
zN6!6*QT=vy*Mqcqno9?OhM~~--!S+;(E5!*HoCvu!z^@vPuFLm`>nP9*LvLcf6Nzj
zpXLkk7?dx$)6#k-f=d`o_`QP3Y?j|Vkv?N~Yf&FZ*au`%>WX^FHfxLR?$<n=Hqt6K
zI*E{^o(?z2Shcj=DodduueT)ine4jguQ-47Z-$ZRZ;pyVyEHF-7)|yA9cGXPHUO$6
zb^esX6N5HP@(skDAer^WV@>Z7zno)(3Z)b*;+~6^4BBIgABXC4?&`ga4GaQkGy48v
zbnG`FDJNnGcEcPpO%x^&6%Xn#|I)0Zlax;ixJ0<UjHYMf1Cb)E3qglkh|*O`744vU
z)89YD*i#*JkgRl2ODvnwp7PXKBK(8!nQlV@i#%z3GnqK_hRzSyu}`m2y$Yx|c&MzU
z(pSu_hdMqxb%%uZWDk;BPNH8w<_Fi#bo0S`88E6Tapvyxn&Jg}NwLk4w;`3W|6@=9
z3p7`fWI}k*i8KZz);3}YP8S)o<~B!!1>&e$+c=TFR3B5AemH^{YfpUPR)AmQkdQa~
zq4G)?&NO6lEA2V{&y-GZIRP~y;)%S#H0VHosXP_`LQ)<7+g_<ku}n{uSQyR&o?)w*
zUs+4FDl85Px-@bo=YnCm^n?w0%0Ch2QVFw9wM?VmrXg>)Mj~ziK;S|sWb=X?cuP4;
zk@qk|>dQ0r1Vlt0O2Aq`buavZZArbTjSP13%VfU@VOKclq<B9oVBSCl49oQkP#yT(
z21U6GSO~8QWu3hmQ5new*d$eUm_&>oM=iBU6HCr?!~W0#p>d`Q82WCI67NONb-kqG
zde~KtYSc=7*K@L!p_@z@%yNNRszTt#Sx8$Iq89rzvLo22!T5aPG%hy<h~+M8L<sPk
z&fXDgg^!wA^H||(6!+qgZG-6?b+%g$j0AD++$^#N3HZy;Lca!GCC0f!sCo4`OVN^`
zsk4RpooP#6xJ%FADzufOYHYz5vzD;s8KV>-@xr8Rm4Vqj7I9UShM+@>+NHzvxnslV
zO-npl8OM<5octKWExxL@Gl%N%3>nRomYJcqnxozKhND`FE4a>e9kZg1wgEV}{HdR8
zVJoVMWy8&AovNw9(Qp7I45M_k#v2Rd%Rj%PRJr?<7jc`s>u@*!;(1|EbGpsTdm4TO
z&4I5x{s+AN@5qCViT!`G@>uBqt{1b=|0})ta}FZA!Ux~>qC8qAEM5Qp>nvBEG7qFk
zAv2)=*XQ}VejHNuC&I-O07TyQn)-!AA_ZX^1F70>&X-rCANONgenV7rb2H((X6~;?
zJ;h8^-(;&8G#31##5=A`pxZgo1${&;$Sz#pmn+RcOakfrD**raG2nYe{49KAz1n-I
zFnwp8;Y7P|cZld{LXDQ}qqstraxjjVVpI&s0&9E+5Y;%-$1C#f6H%K+d$@f1zyuLO
zA|<1YCu=Sg19VdID<IfuZm=Nf*$4vwx-hmV5__KZ2mn+sOQrllnox*yRpLLBFuvp`
ziZ>$INi#y^?N(D{3E7Qyakv_*pkPKwOZp*-Q+eCWxBi464nQQ_gjY-vx)Nkd1CGe{
zZSMpqpHH0Y3>MqbLM#-BHm5l$5|lK5B%a=;<JZz*`nFL@NKPMeOs1Cl5!z?4Yt1?O
zAf*m2Xw==V3ckJszRvz~RD?i%{pW#i_MnkWxGac(Ug|z}7YH`<cD6AOKh};t&iwf3
zKMI?{DG;`AZT^^`Q=b}I(e>crK38Gr*NPh(H-$ZCc?=R+@nNIYnU9GpD-f>*!Kfa7
z88NODJzEJ3Ek@7FXu}Frl#6U9a{3lW<TAopX3kMag70cr!sGIq+h5ghI}!tlX{x@>
zFFa)i%_<@NqE<2|&t-B2z;=|g^f+D65{j!*PgxC4R4o~soy?@Z+CRIotfGT>By>yS
z!1COFcFh$oJ|tXEaIB7yt+rM-Ys_jqV4HaI>?n&(AF(tJrB-X`I*Q5Nojb-6hWL{&
zH&I#M2hOnr`v-eSbN`Cdy1ATyBQeGbM)vCD{V@%>J!t!P&=i7=U<h;4tV~0wH3iuP
zN#xG$m57lVbRCfbyxwQ3U*#v)--0c_r#ZwqYxubfg8JqW^u&Nb;smAEQ=XtctAnpG
zwvBvLE+}pVjYxS+aPALrR8#||3JL7@0f<pL3#_=>wIDdG>IC5DOE%Z2j%T)$^AOyd
zmmg2xc%Jk)>Ar%3;6_sX9b$iw^G7sh{ma6@!ti%xisjFlh5uR-%RWouAJO=;Mb)HF
znXw)MW$Bcb#}lk?EUVW+yXTW6l}wT1K#Hps)?V&#7nP_!oh3^)RKQxAT^rb0bHa6m
zqPgj0{=Bc$Fb-#pxL6wwzAukS8mtGQ`JAf@DPAka|J#$e%+uk>6#~#hz0o}q`VFO0
z2Wn8FK=d9jtAj`<9d2p<2{zr>ixV~JX8C9hCj`lD6png2Z?X{N_^D|-FF-eyTA6hO
zxiof`Apxd!O;;<yaomv_6e~1?(`U2AN)HH<00q3Z?=+YIWN`iB5_IhiK%!`~+62DZ
zHKclGB7@ztGkWn(bcYfNQxp9r5=ZS}eOAg4Szw*qUqH}O$Km5MdWabavU{S+`_66B
zz%`~U(UE{?Lf`b*b%%iolFDVlq;W?&kcB~Wj@qKi@+qJbV|Ce4&E!S%s||HPrpaW3
z$3CvI;6#`zmH?JN)#1q_ihasdWFD2PfOH#^j;Z^v(eO!}u{t&zRU~REg+V>Nk?+}<
z_a5HjcTKCw4jJ}iFt_eR6YjF1*#&^e4h-Ci`Dxwrp2+pj;QiK@^*u_Mui#v0x}`gO
zDSPNPa(p!Y`*kK~8ssS=>kE3oy?*&7O9`WSTippgob(47iBK}pv$<n|00O`80zl+d
zxQwhO<}VIpTkpki&pu8xX`oU)al<w&Md|zB7xr*--6|+_D=5B(q;tbZXLzoXX2Y#W
z(SYXOIC9r_bo+4U_vUY^*-ph5@~I_M91aS>K+ORu_ZC<+#7O90Z4=3HB}VkpLh}c;
z)eWYUcj_UcZJ=phDdEaL84})j!Jci+^xc(A#3&oInm83A<q7XA(L#OwXe6}TH^*Gv
zG(2HGKIu}6KmLyEz?oB%E{Q%tS?(-DDq@b&$b`<Blu{S=d2W^SY%-suC2T1UiLIss
zi~&7QxMa^W!|J%#RJ()fBU5d0fW`I1G^T+T`HmLwRFbVTT9Anz!HNP2PATk}&UN`d
zrJRlU3r}YBqzXaR2h9Ufjwc2qs~8EoNA%zWgX^!RgsG8ko5cIfb~!21z!=hvDk^!3
zK>Ine-7oCK3FX8x(Yn--H|gH<z#CHt5<h_nq&-B>@FhL0pLfH_3}AUQuhOyX3X!l6
ziofFZU5WG5mSoX+C^Bo$sPk##KT^9f%N`MT#yaNyC_$dm1$$6TQ|>=oI4Py2jB-+k
zf~=&=V`kU9#dhsak@%qphALc^mkekd&071~*P<y+0C<qN^F#W}jc=020Xt#`uQExX
z?e)UvRCv52EF|h57~-${D(ozO4Q*K%e;b;9)5ia4T>rS3|0_eBeVUv;9n0_O+O``y
z+03>xt<pe6r736_@(rN(fLC48G-YynPT`X1%Mk-I)6)swOfb@7Hdb+m+ipYlP7(G{
zG+CR=b6PXgE-uL3rFLYCc}C$E;B*dSyci<z&$b|tX{%K&CkG9%W!!vj;*!oWXteab
zL;*xj7!ybWH&EOH;E}Q8_G}XEYz0B~M@&X=cSzqD(B{*}{Y8ksJq!fzVW_dAOIwM2
zO(ZKaq=0JF(iyf-XZXyjrFLmRf&gBCu@p#`1)6Bpv(sfL?eiDR!fxgd9Orc1|0a<=
zn8%4zv~<=5|9jyMVmt6KbfSMM<ehM#f5t=fT!|-pFxU46+Mi`H>$$J}g>-Z%zb}{=
zQQ+NV)<?9v6T9>zc9r^aF@7#^Rp47Sx)tD5Ksz7(jD5?+U5T{e@olLUh<4Jpg&H2x
zoycQk>K!3p)G#z-VePgaSP@dPt*-SQ7N<JNL9qtCf2UWxfMg;;VIIKDL_fS$bdbLR
z<9E1p880+M+VGPsjA(CYU(rv?5ilaOlRKiy4jFX5A$JgqfETypn>0doKE!?*ELCQ2
zaWw~3C6ft2g-%vwu{9<UMhgARX!C~O4P=Qw60+6nZ2U~ivYmsTt>qL5NwuS6v0Bnd
zb|mHZqWal<cwwceo_im!2)6OYqZ{*g>;?xn!Pj`j8|=QXUqy{!U#@uzI!FozZbz)i
zxEJ$psVSBZ95CvNrOjDOW&GY_%>~Z`4jvXUDL4TbtQWhJkJx7_w}q$Jrvtj`^s<NL
zl7O>9esT=<bytsr7!=F(tP;!x?A`Z?^`zIW!y8bH^vS2dj}+@x^eC)HylLGyCmid@
zZ85}nxEWz%jx3U%KYu;?iEQ75#LYI=7+(xdf~=IdSg?VzYQqpp-)CngLwS6698sEP
z=b5~S2r_kWSLJy03Lt{R&Gh#o`j>y7mF}<c4h!S|{=EKQi2N(RPTqfffQR0eYZfxm
zhC^BbKuKwt<k4f6$PS%!NVP&st3=aTg&a#Gfx8J8VpA2i@<{O(zp~HwnpzHIngKIF
zHdAIaYldI8G=XY91)fy1{ks=>A)a^eDS+sA8-QRJf8*S<8%)|tlupfRNKcumVfX+8
z2-B^)cwn*1gj+Fq0X3J;>Ut}CL3Ow8TDF{^77UCiGC%D<DfK14MPC>S<{T|eh9^}<
zCp$MjiE8W3*RXXHeNF>%kz<|7m;dl32ypf!rZEsdKjD{+y?dXq5(~RuMscg`eub9j
z4k#cx^sA1xoe-*IGa9)FvzzqElLt!yWP8d^HSk%ovO_;dr$1QBs|v%FH%i0UYmHL}
zM|nT4=#h1#c<7T-MyA3dq4;Uw3mXe0s;_zD$8r%@Dp#0Cj(yu8!iPu+@Jv2g;<0y^
z>orlMJ&nni2g_PcnufiPo)^cxjzqyK+!zD4+PnxcsqS3}5>OMW@E;b405J?!h;;Fi
zauUgyaBIk{%_p%3ETs<PIOcqP#~2|{r3T21dF5F}s<1PhlZ7@MK-5vd{t9tRbU63J
z*Z66hUyI9Hn_NDg7fwd#DcH4<Aj^x16`_;+q^44%P+%ZiVi(40jaXrT$fhc?v&$RH
zeIOg@X8q{rkk-+I)GF|454ckNa@^0T(BWkcg5b;Sq3wCEHL5Xw&W=awg6;v)uL4$w
zMh_6lT%eqawg!CB@q~@dsdE_Wm6{04^g_zXW+TwGuGF2~bQZB(>HXZ$XLXk9<{in$
zJ`$A5z6_#}DIjKq2@>a1)AcN$xjEkih)EnY2wyGv)WPbDy;TW_k#|csfp8Nj8>p#Q
z?zjmVw-MjBQ7w#nR_yz3(A};oDW2+q*0cS5Col{FIl6bewIuEmYJ_ee0r7B(iDi%}
z>@p3>6Yi2v&FK!UhT#cepN2av*xR?AFcBI+{5q1NCx`JhuYpJHG+ej<q>ls+`9VB>
z;j7A)UbMU%JWq9`a3BbzFE|Hp0!v<M{y2?!iSxI3NKIYh?)xR|M7tdiI5DffGRh6>
z#ksRvXawo^i|EZ@Myh8g#dL)v{v&w(y0~a_m{}yHc;d&LZk^!So``lh)W`s9bO^9z
z9WN{P%-JeS4L7Sc=IFWNc*6^YEk=21x&K+|fRp1I6^i^;tO(&*i7yu_07ekvG~DP3
zlx>&^dqUV@r|P(+HGNo_Kgzfjs>T)(PEDxdcZ-+Ig{lp1&Wp<p(tbOxSAAjMhV>6=
z?TY7rAcz0ec-fi%Lk>*;AUZMqE72)WX)WUOjE2{QHodi_W2EFG#3bvmRbELm;+pha
z;0$-70ip)+kNF>m1Z%in`U6|u{$)xh@B$VS)<&K;x;Vd08K-+0s@ShCyngcF^ox>l
zT@J~eMA>dUNj(<LiGJOg5T{lR?`XZSfUkrlTi+$fpj3WBiG^eehU<!CEU|@(M$UJ+
zJx0DmTg_~$PX@K2kO%cl_2Rz~LsR$|Ip?V8c1FzEz3Ddv)J2OJRr>~lF=}0gqSJt4
zh0&Jrp$SioVlbr#3?*tvbwv9EFq@4@fRt8>=z5z+hJorR)`8Ph7mv{w;9d$(FK{1=
zK!$-gjlK7@;Dz@*aRs|c)d;JUcZwm7lyM*Co89-G)SsW7BTyjaEltCUEW;euo8~ek
z>tM$_RP#<diZSNcvPovkRTN?(q=r7;B8yDGobKtNb)k{a`G2O%2lid1vUY~?2GD8_
zaDL>yd=~Ko?$>3P!+33fSCkTmjZM*$DImxq4(3;lG5h%Dr-=062U@g7BzV#u7~w4B
z<b-a}b)BH%2qM(HumNF-m&bIl`GB);AQdzP<V9J*4vKVNVr;P5vI@7!zQhcDF%mP#
z-Pj5^kvji&raN|>np&$C!2Q+(oaKTFE-@G)pHN&h*Gn)n`A99IcFK5<p@1~CoVCw=
z43Idub^am<nS>M|_cSz`nFUF$Gf<3z@A~}eqNAO(__C;^Tn&&N!p}+RE9lBIGSCBQ
z*yzLx-Ba>XVSK@MT>U_BMoV-NPCov5-ZhR$*Ek{YsXYpQ%6g<}it9_x)$2!U$VR&T
zKw_-@1JwayyvrEqf{2{v89WZO<M0N_y5m&Ik|;M*jN=;QLI`bc##!Yu|Dpl`SlpJX
zIz8yH8I)JSQsAzyr)5UU+f-DfWfIwy!k%2<#agcNq($H|b+ZMoiY-#JqB9#c(!2sH
zhDv_!yo^LvJ_h>$2SKMmwCTb8e%bZfSiE}Ih*DF`EHJZr{tyU-K#RU(Yfsdq83z`w
z`fR?ar_qJoUKK>~Lz6yQwGz2G2&Z9#{;$`nFy$9EXXl8ylnZqsaE-y@=#ElO&;bf3
z3n|pCUQqYG;xdaq04sZ|TnvEd_25qH3=EmmE*K*f>%yaf9iNvC8@u%Pw))bsY_Dg6
z7nE1<4oaWXzoYmMIR8k;tbdJfSeXAoiemm(QdFMO%4ZZ5yvKs_=*kZ{^|`+IJr8?q
z-rU9d_1?a0vS&WY*ggRQ<f!VenYbHU!q?1)MudGfVsOUeSmRjNUx0Xj@^zeZmb7Ky
z7*)n-K|EVJt^Y=Gr!0rKE=yX$q<qC?ZQaw`5L6hrjkYQbul3{z*8V#di@z~<;P1uv
z(?A3ZvkUOY#-{;w%U0TS&3h$T@k7zCJ4fl1%XY>6PSoT`jmAwXUYe!4YmmeYa$Wj@
zj7pWEWF%~<TpbRn0!Sc?Fl6b^;-TbLJcQlvUpAk=@OoZ$Ps+~Vana9j5_}%8|1PEj
zMm{QgU=zmtYWvE2q4PxRi6b@+vbxc9MNokrC@PH9ca`EUQpGFjTPWJ<VtPpW8ZJmC
zbh3^1AXSW#wEP`&0Q5=fNhZ!!c-P3)#MP<`AKN;~m%E4~SaG`cGY1H5!-vAQdyxV#
zX%lqCk@^lnK-`*veOH4{ZSV4ATNW=4snc1>k)0XV5=)NnQUi&QEtZPXNBodz3|!5D
zFWwxjFGTguv8KQA0TdoKgcvK4s)(slqT6Ynk$q?LP!eOBo?yyK#CwQ?Z`!*vO4TcT
zy~F6;0ItKo*`5ofUwRpSnXk?e)lMz4{8;nEV;-eI*nr&VI?>p_%A~xet0_x-WByz>
z`VkO?+bEpckmD}ODF21T^EmM0@WTZ0Mb2)2nOOZ-F(SBhinub6X;gW+sZhulk7@dW
zEvo5~fu8tXk7fK&K&4a*N-8|2wnZk*hvn^Xar5i7)l6^c{3u-6@4%khq@Gx9evx!y
zuLgGeGZ$`$4*~Tew_<zAsxgyLYs63~S*{iH{L*<ui}<zK%qRs`%$m8C*cg%x2=66?
z8nYxnl8;`S&l^#6OHI}DaEX4!h~?Lg8D&3&c$f2BfiF0?Y*<SckSVQxnAl-&`V5QM
zxb%ATF1b-SfaCt^4R`A{n_~8&0TJwBB&J?RI7Me?X}WQcWTM@Q&{<hBNh7Bh75m<H
zTdS%KJ3>jcDzyPrFQ@!MsQ9)lDBd(jRnW~s8`ejXLP+u)DoP~(t?f38aZ0f*I+*H2
zZIBZ<g-?9>H8Z6Iue4hJJ>^?6Q#N#diL|39k)p`_BsVG~(UQJR*Gn3D7S)04q<k!e
z0xf@;uB5r|QFJMCwK7Ev9AsW}`CD24)>HN*ig24nQ4DKPc$J2v?Pg_OAp)z=Q(ew`
zzs4>1z{lQd1MZr26VB$&IarUg_@!9wj#Hoe*)x2a25$M@{`Gn0jm#Aeo8v<%agoH-
z6+)?9z7Qu+@nz`%wk9_#bOY+SiO31HC4Q*re*TYoWUn$u|B3DnH}?1KH*f^6Rr9|S
z${(KiO(>rx|G&&3EG)nMU;kfU&GOsA`Ct3$GDT_o&%XLo+&+atL)?iV`qAiLo908F
zHko+jvz57cA{0v46ulacPIEb;I`m_E+UC$ZHFR(8_^kZ?>=@;fQ960nI5*s^%fBv~
z(Sp1bma(Rd>mW|@rsYOT9gvgVN=%rw+^N$#Kuoq>bGME_7{c0n!KxnB4dN5sO6u{3
z;;p#RZYkc6aZa?#YPFm-iPcO-kiZ_b(G`LuUnS|~`B+h*mZbDSDoJ1@jX=&b@3-!<
zGipGhg~EmL{qn`Dg6;e6h4TH^60r+}%@`!j*4vVLvN7jr2NY63<+mxh*g__>FH!&v
z;jvVr$;giY1_P&;b5OL<Z%i=VIC1^b_1AzXHUq_A{PFNy8X5o#wJ}1iXn;9QRfza7
zv-0NcMUxoAPEr=sX5hjkRI5-h)gpV{`p70d(9gNZeVz<Z+3WYq!<KANfJe@PBrNhu
zV(Sg%WTnVvm>G*4Cg29#wYbCm7a5@@@FBUtpMiP1l{{9MU2oyvAx;ZT&WST^TnC&R
z*|+YanU|Y9Y6SV=VXL@lQJMKeQ;Sw9fcEk!@DjS|Xl}J@G9!;z#6|g*&`y#?90%-g
zS6UOQi+9_&5f56x^1;w2r8OlDE1h3vZ7~2t0n2ljYmOU9YrErRP(zi+;AyMP%~g}#
z7;YTc>qkQLCO{YZNnT+~E-FO?DFS_6f0)Wl_hzW?e;1a1O~M`c_?D?lcViqQn&=R{
zP?$2@DUV`OHQ-Sd24}3)h^Co`?Wh}}RznS>)JSUd<26fz{ukkZuDXjlg=hmq^`;k5
z3gmR0r>NOnwo_?)zxr?y`{Ga@fxp@`P6;jNd*gLgu`k7I@sjl*9;(Y6lFDSRU-ipv
z*TGkXAEC}1-CwH@e^T)b8MqxH(CY(zPvi$8AI%`-j6At}#LWPnj`-T%pr5$h5rO+L
zSHNo*=~1D{8l+EQdG{-^Y)%qMy{3jDMuuVX$lC9_CLknLlZkp4{mKc+L=b$>^~DK>
zCr!M~5cuth>HF0UhaZf<LZlZArceX~Zv_ha5>w*$k0)je#7lleayTW7tQE{kMad(A
z^dG2e(Tbc)zYtPUSH+ltm^vva7H<NRV{F-au&~#9oOjEIMU$SZtF=g{7TQ1DuRVc%
zkMY9)4&6V1{PQos{GYKD>)+S@SXlqn+FzZb-0wen&xwk}2J<{(X*{A!G1X$Lxwaht
zIUa?FO-Hb8b3J2AW7YGrw>|6>Z-IEFVwnSPydn3EP~&!VUIC<j_@<J#J;lp?docB{
zy_+;`F#S77(ZAY1@8T_e-o*>+BC(l&f76F|12ge*2DM)3W$-s;^S>iuqx<c&#`M2}
zpI5wu)T;RSf^xF?-NyTk<~v4UPcP$|ScqCSwuX6q)nxgTg$u8Gw>)J@BZaOaAu49q
z@2hym9wtQHbioX$lO|aCgv;B{gu;i)0w@w<&I3YACO@q+rV2&uf0~y{I#_IIe;`1M
z>c)%oz}l>WuMbtopAnUEt@@~q)LOd`HcewR`I{T54ltakmrtTKWTcqu<cY*z_-L`_
zOY$E1oi9i_PdK#eJCMeK&dh#ZiMxR{TNZ6YW<a%r@<P;c1mqLWnaw=2O5~1(P{P)7
zu-s`s<IJMOooGWr(aoxx*6f7em$2%sp9%!hvSBDWv6F3$fWd$~!{Sr0#gZYBTO~&*
z11$Z<`-Os(d{2D$XUdRA){le`jEMIKHVw~+s#l_4AXXIh!WH3y#i>T=D&&LeKCdOF
z#a7q-9hDCgJlU(u*-+xNeDBqu#|e2uG*vI8HA>Nv(tYv9K#85y;tS|&;_mtD4oMuK
z!p%D{j^0F;YDO();RUEsPSMZ8mU)i}=gX^3-+B%eiU3z3%`oJzsbkn{Braq_Ll7zL
zmb?0}SCb+VB4_Ac&Z^i(qv>#rJ(G!bF~Xxi=&*LkU}knh89^k1EKS7PLsPI|!oOSF
zOsk!Lt)#gu;DZO#klWIQ%Z0KL^dH`TABQ3tve~0Jcy#mC=3-Y-CoEJ`Gs7w`E{?Ji
zdQlf;PU$I!Z)Ho`>S{5Sbhve%j~TbsU;SAW#{|*c9gc1ygFWmX7$00yy&6b8N6Wfm
zFPkMX@{_6akcmn9D1Fx%lH%b2T6`2#lv^h@Bu3S1V#0T?nB1P%A9oU*gs#IZNG!uU
zx+a<Hn|x@XwO9m_E-gVrNN9Mke)>Tvl>%XfP83x1Bl2XWA@LX8D-9^fBpKT9Ip8~c
zuIB3j?FXr!w2}j9VedT0&)+YB)x7m0{|?VTsQUv?#{Z18SpT8nX8l(UcbTHPbqXDl
z=Yeu+Lz&u+ZuwBI^zby7!*On{;Ym*|I5_N27z;D07Kyj38Xt`mhcmUWeC#|A7mqs_
z76M%?${*p9CvU<Ks+Mwe38PdSaGf=G+_wSn&pG&Fwelk-4KE8QmfU<F!IF<yrnH1;
zQ3ygsb1wPt$J&R8$9xKE)>~xHhSG#5tH-11C*+yES8B2a8d<xAV5HG`kk8EM6XpGk
ziQ-v8RFI9ObmKEzMii)6Eb|EgglzTL$v-tRK+0+8IcCu7M*;#v&ZF2xt*Io2Y)odT
z%_0Bn0RjG``#Gi0aF)a9&g#5hSKZ1Q0cGH*z2}j!p<HSnk1qv96-6m97~;!L^96WC
zH6CM4@sYnn6HXrA(S6QDEPAcbV~}w-Ne%5y7T4##o5q+h6s6F(v~2T-Ex5!-7^v(`
zX%x0AyR|=obQCH3MCNJtsXsu=<g)O0qE3HbcA%1Cf`z9s&IjeGP%f%sVON05u#f%i
zcwDl6oek4DX~i!^u<@49H@|ov$AiHZn%8+-t&T2EsaG1!qxTC_yt#}N*N~)i*XBQB
z-{<zH9?ZE^_2`y>_T}m4W-*4FKbO}E^WZY26GeQP>u3fNb7BRO=PMF7mr}Rc1@%;h
zzWIm(Z9miMpqPOZUDmrJdP}CYkzd^QHsVl;>s2Nv<Z^;EXVx7T?;8SJLu(jCBagVi
zKoji*k%e#$M&_L3k@Ua80>M<=jA9WlppV+;y_C}lHhF1eNGZ7)oSVZhmY;sG@7wxv
zR<bmE*{pS#$#CL^BEvmX!&yO(12@hSiTUy5)ioo00=q&aa{y;~r)Qopcf!cL5w(kJ
zs;8jCoouW={X#CG`zJEg)TMqRNfY8V+BZPT+gjNVg{IkF8(;c(d+hM$firNsk}zH)
zqk6%MgX_z5buU2fn1|bcz{dZI(yVm<X=B;`z9YoK_OBwC^8Vw1+6IL$8LA*5M-($W
z5uD<~4q5D}4WzPF7u0jAnxPNkO|RK;cmq{eE>I+Rd0pE(Z=r1mPH^5l9$CK`cKP5A
zNOItsROYsSeuEG|{SZ&&Tg4^%_TBi{#JtAyz!?nil)7TmK9~#`EfO&Idx7vhUcWXL
z{6t`_-FoNBZ2_Z18dSmB4>I{(1YRbw&*kc|qT{r=B?TYsf}Wu{8=x39vZxS58dN6Z
z@A1aLUtrC5Bzwpo%Q3A%93D%aJP?zd1rVd~IJWP&SPA4B1H=Gmkilq>M~HJvv+Dvb
zKuzFv_+35uwg>xqQ4&?W9b}wX_=NLDjgU;lDTk4%YO1q3iI}2MY+e8$onU17zl5E+
z5Q%HRP22koJ}S({(Kktu;^pt#s?D?nT)zUICnfj1rS945Kpt94)ki~oI;6?fryD9@
zq-w|*{MUCW*nBBV4%M~UG#0UO)U1RJskkpccU+(0KfSKd^9QBc-cD_#<#Br%<6AOd
zD^~}2qh(H#xG1;4>wXY)SuKi|Srg<LMNRcLXQTC5TA045cUJUkFbNj@^kvYTx&b~6
zT4>ofN#rrz*raSttUl5EzNpc)rR0Z9=ELDw974>Z!DKh@k9aFI4DCuT0Pe23J1WHw
z^fa+3g7=cS;Z{?Ty@kjFwQ>x2Ltsqo<$XOwB)}F8iZKHNtWO*y^PAv%{`>yOl!*p#
zd4s{EEpNClKa$(colZwJ6cl@yWe?K>wClaAfh|BYktfuP&&l^FnFpP9`+BMeUF$%O
z+;jAoh6BhXZ7Y_R^gNy0!A_HI9!5cFr-BRi(>ERh&Bx{|_pneCS=X%Ycu!#`vlDum
zs^c&-%3fx#OkMDPVxjkV-O{sc*9f0ryS&~a=y5j1R4WkxZ-^O`7#BKF=(o;%W;?CG
zGnn?>%<U~)X)U`8HitZ;x{t9%FB2Ka*AU;sgx*f+%Q1>?DIh7d`<^72>%!+~5pRm}
zT<t89`J&=v(RBgD(JptknELlR-F4T8b1Av)oKz=!66L&2N)}2<G|%+lp!>*(-@6~c
z1l3Yfqg(n^q7fMH|I(2`YL-}$FxV3UCUH)l1(%0$PL8vmy8McUEEV(&Qs`SM6cFx7
zs}eSBA3z#)jFR)<`_+DZ<uLaoD1NBXYi91E`w7ZSG{5fe!2W~RKShuIKiwqzKLDHk
zUjh3w7*%%Ve}YlB{j=m~O_!O3_2j*I9I{I%p_!!JY`!+!#V_~$7>RtmYWX3sFip_E
z=$y1R9K<UVesRa$zOWes;I3Z6lHz(nqeeHc1yEmHwO}DKd3lA)s%OHyLQl3I#>Kf3
zrtRh<=v_RNZxc%(fw`Oub2La91#GfafgGI)do=3??DlDMi*Y^BYC3HaljA#v37ka^
zAn%eo6Pk+hDaImwE6IiPAPyTf0Q5s2dHiKOYeTM+=bi`!=D1;9hT!@>e=Lp2&I5xO
zMd#Ud55!9#rw<whppoan7Ok*nBLGvkSqC2|=pb5#6RotHqiWAY$;Y7!m){d>Dm?(L
z(v>fTwuw<|8Q7pxyd=^*u!~kW_-QVV{B16l#Wo}H&(bj2)FYa!Wg^5LZn8Zgc`U;$
zMjJ({nKZCoP`{=?sC=wc^`-W>qxQfj;Mv@T2TsKn08WPIhtf0QEr6q!%xtJbohP1N
zLpiV4V2F|gUBfE#1CJ^a-CukAE^~Aiifz@bn|4e7RiDv?StcbvyDt?%;JuBQ1#aWR
zASi+nv#%B)`JmNRBX&SR+3u)T_b`^IK_WU`%S_;%CC81tWP7=JA7F(JY&JP?xdERl
zFXq(uA&@_ZpdP{M2bWK!7N#9Al=*_2^p4&sQ)x;nF<;%jewW=M`fam1@j+-3W>LFf
z1mvtjL4ijf>MY&iVu?w9qmd1jeZCXR(E7z#@vRt&e`{5SlRJ|N;M~oU6h+UqUtW-0
zk=ZyTHwg8n1rK)oOH;!0oadnjMlPKJ*{mx4#Ai^Y#Tq!u&8}jV=73-Dgg3cN1A-c+
zGmMC%fkOFFdThGZx|q8Q$o-a4cg>gE=n2~F8=@4Op?zQKMjFO&kgo;D!m&T12p<4Z
zwN6%Xc4`EkBBbXkcgb+3aJ25l(|7#eM(kUjw-VpEjYb-a5Wj@_k}Eb$cA=)E;p>Nn
zA&ey&BJ1NUmIA#eqI_jXeVOD(h(07rm4X^|;ovn|jpo!vx4(z%_DCoy6W>i}U$dor
z4z8rx;&|``62}P?`aAIc;ORH;SpO4h_*q>4CgZUFNe}<8GS1mwz+<z<#JG#jmrfR!
z(whX&m!_b?fSbXQvYT<0NZn*}7jyH`=2<aCpF9V|Cn2iDWUs1_J#Rb6=P9^U1=zUX
zOH^Ec$w9lBhtg?DcH6Q28D(8QWa8_bDwR1%$z^^vFWc6MufuMD%##O3%-@Ze>%Tw<
z{%edDR+Uaj&BeMZ?)^Hy$m#HI1t%B@)Pl`U3|u}YIv4yU7!_lrzJZf-Jxw>?Ow-sg
z$Qs5l8y<ZjJHBy_$0?fb_U$oT5Dw0g%_!=|xR(HhBm#o=k`N`#3ZG$<EloFLSt>|m
zVb~W=pau(r1FR>qFUop4Ii(ip$oD)cC%b;n9w<&BY8IZlIo>W+!<SQCldz<uIEIDa
zV9U>2n#9xlHUt>CS$Lk@(22Hjc%q5GCMl;3>I|nGGK<2^$uiRbe?QHx$!I*Mj1_i2
zGy!|bam?Q$E38CVGybkA(jLioxYe-#mL&UqFaJr!x+|b*E1+o-Zyjm?AFQ9F7eZg?
z7d`)VWRoFZXG<613(T~&y~iFZ+jdi-`b%r;*XilKdHT4dW(y63i>rW)U-BmWWh);-
zJeFn~;`{lPuy)_!_iG65;93gq$lEMTjN6#bIo|wtHE7>cWKW8!nJ3WPl1@v#aw|@`
zaDU8y&}c8Y@SOgnjY^9vRZX8|LBJhFBM~7leBm&Wrnn`q!sI!}(@2~4l2vS}rldzt
zg=kYC48{;HGh8u&FA+0PPD5Kh0V?M8su)MjHOUFaOQ&{aq%7_&HnB_na^AUWZd<ug
zl44$~IWsHqur0X(LC6+l%$O9K)Di3zkr2`xvy!;q{j&vTdNWT>VJ1Wbtw5TB!EPLE
ztNv@1)8i9;O*U<~7lulKFkBmN;EsLG-`@WJJn7$WpM~WwA>`8n@egnR_YCyEzWvWU
z2m4R+;OA}G)7@wzv#Q*7vZsEs;odYhMT`EV`WRp_8e$@%On^)cM>}y(7gW5@eDS#?
zDY2E<puUy0hsu^`Xdhewos0V<#dT{|gwi@x-?q8s6sdeV*h43lbbh9!3BD|4=lSI_
zuX}+&fHT69O&0+&`@|P}F~|yjSp4h^lifhU&&3v0=Xm$q_@IY*^ZGZkX{Osi{XmC5
z<IPKfs%}0v>g~A~XHd%Db>~Zi`lxdkqfsN0jl-K3)K6V_A(qUk-i&avzFlTv2%8=|
z8fF{7x_(Jl1gJz9c`KcPVT_=lGJ&ven<}sxet5^YY#>$d<9Z&qWB)AP6j0qj3DhoC
zg_b>!>gypRw(A^Ix>JjIg6}V7A&y=3RC~m%Sao6eOExfDv;K0QRGj(og)Y!x1K&5Q
z&6818v96LT(klm_vpb*L%B}U1d<x942YNSp{wGtVE+^3}N^lVOreJJDBoktNl`RV(
z;&n$MkvmK~!aWR1Z&XNSU$vDZCH$(rKd~7MIcgJeeI#VCT2vH=3Nr)Z#O*!c0kpX^
z5;xUG*5H>{iU!2!C_9WE6X#r85`SF{2T1KcYdsycn>xJyj8!e|JH$7zu{MQ_&Ezlj
z{lS+<WY=kX9;Oo~O12z8P)RwS(_dApH}rCt<)017FUq`7Bf;{2mASUW4eOk<ic};H
zUz~MgQ%FB)--;j`2VB5g8S3Jo$0V|ICFI(^<l8&GowNANrq7j@+B;y?t9YsM2enEd
zPU6a>eqRNacs(E=6mNF`rF*0a2?ugRVO?7;2emdkBg>A2A2)D@&NbVbolTR5S{y;s
zg!62Na}}eBaN)d<S$@bfV5hfd*+&4pjd6k|&P7WN@Ss_(09B4-ew^RABl24yn>Vs|
zc{G4BTbS+5!Yb;|qZCxDsj}g}Q)zlWxo)gs(B_$)(X}3jK3Q7Ok$<YCzSO+7qdOTZ
zSkimL66u43OPeCP7Tp>h3$Eh58|ab^O{YtIp1C5FD&|YskW`8%AK_8G<YyHH1Mj}c
zFIVU1)GsWYlJf&Nb}kpUS>ZZbs=s!ga@?yg`ug}ql1xP{yR0|W{2^*iL@m3<3IZjq
zA>Mjb6}7yH5o&cfF{djOqX8S5X`xV@a+*ww>CA^!5U=E@jBan8MTGzUaG8_UxVTwa
zX=FEY{QdV-{O}uW2dvC_&oJu4L$Zvt-{qdyL+VlfPUl#(s2TU&{#V{Zqj%ppOx5p#
z8vCnaj(}oFak-b*8Ps9KFtl`ntlK?P{x9=3uZlqLTB_7JOM&N|?RW3MxRV)Y|G*x<
zN#Qqpu(SWwi?aTMyPx&nx%=~!B!9C<`zL!)k16PhbBj@Mv)6Mt4p^loqT_OK^AV9{
zfquaN*fYydxJ__MpbcV3Gc_Bmr_#I9#ocHq5xvyF<#MgN5I=vtB>!1v>z<jg&M{&L
z00rljBMh=-hwQU2vmfc$_Hp>g3{-0^4tt?5^yflsDmzRy9RB-H`-KetRL+gAl}9*Z
zY);&?{lx|X&~{GsS+NEGz2?myu6e3PS(*u`PH?DBHU)8tLD4qa*Fpvax=MvWGV`>G
zUAp@&`0PyD&0Sc6p}*H-F|{nt&avMQIy`np_pQ*JYpiaR@>1)!u>(z-5m4@>l(2-N
zrkPj0`>^$s%AgCORSXrw7f8#je;vM9A-Q-4{-V^Ew^F$#&5Ut)#c#I<#QD(*pj8>R
zdjujhZ^=JQElai5O9f#LUjs@}H<-lJ*+&ckY%%dOcjv2)@N%LPTB9ZzR1gJZ?{;H}
zi8Zv@G;Z_9Q_n$4iN4g~J)pd<8q#3xa3Cyk+<a^0E__p_i*fKm*47X;+NGn2j%Djv
znrI;@J~0V|^(!PK&P?(0Ii9g_A5lE0X|*U^<-2Gh?dn={%zAwJb1zK8<3rVUzrc8y
zuKIh#3KGX2dWnJZvD6V^?3ykKW0#=>IWx=#U0OB(({a(eWp)y1R!A(=>mW?G;@E>5
zbOKwe4dKFr7JkkXq9HC!<q8=iah@w;UwzQbB=L-DBf*WS>~d{Ls_CwaV!Q;Q$9mLN
zl7bi?9jFQ`63@Pch-}5O#K#AfuAoY`LxShmzHXRR|Bv9&N3Bh;5I~Y5c$beDBlf^X
zf$5=U;Mt<1<^I};mLciY;=QG!aHUS-33235L@QSpRpCbCGkiH0Eo4XQA{fgsQN>||
z>T~+y-R2`3S<a}_Z-|<@qu=K1hG~*p3ehVaChCyEbeDmJtn8ppvw90iVWaC6LiFhX
z6twLzRav%IZ3>}Hoq8_AlF@^{Q=ESNMnN9!_tKiReJzrrM-7q)tONoC;r8s#%k6f@
z=>-=ZmeJw5KN^A7liA;Xd4d(1@HRH+ok==D)q+63nCW{*-3?vBp6r|7y$cJ2L}4>b
zWp3_7!Mlhh119ReJTRf?QNB{;8);#ET-~-nu(qumT#zo>GcbFT9Q{xuZp(-PMT5a6
z-RU6a*Ebc`)3is%a5|9e>c>5WD25Y`zqK3*%vI(m9FtGK;n^OswE$-;Dnvwf0Zy?>
z;8!#V!S0>i9)Yu(AiqeC5oRCjs<b<{`ZQAKsr!;=VUo%$aFg?D$~RBZla*09tq{$$
zVVr9KUZetPap>vOyJ+92Rk2V8j_#tf8M5_?%xDs>!tcEiWn_gEV9aQ8l?;d^1gwBj
zjcROYEiyrYmBQIrxeXKXd_gU3{z9vPW?D7Iu`@_U8&ByZm(grsS5T}6bfTb=N7`AG
zk^^<pG2C3J%(e9dMtFS?^Bh8wTE1~^0{ydOqvhG%;T;s18BhH0-1XPm1U)_dUpdaK
z|Bz+Q`fsz$hpbjUr?)4R`|)6Ps&difO{}cqK1imUOh9&Iu9<mJWlHKo98i&x*L&F0
zl6s<nBs7pn5T@z?2?bkj*8Qy@3AQ%U+B`ASPnXm`i|p7E*JaYW`1m%bSs@7^z<VIn
z92f>l>u(ZZ8z3s(iHO~UzZgOYvixMTM;XKtc>c+=gVURL1AD)dF)nwS${u1#D~y=x
z;v>va&Qy<l{H{yM2s8474nsS%pU%o$lhhIL0EWaRo>cz85ma_L!Nq^G$;t%i8eHnp
zq4)78K`pg6PwI3&<<E&SDuitpMO{Gc6C~bg_XQ1c``+n2E^E273-;6+GP|d*3TCbW
zHV6^?O5~xid<))+1enaUxgwFmfcE~>OxN{=hQ)jog{LhLmk4{wT5_54kx2jw6I7D)
zBa~9QcIMjES`0%aOcnVy74Y~aD=>JiQHI~~CO6gM5{^a$$A57kOf^;xr|Ro1!KzgH
zEvMr$Y`6u#bV6%nK<Sb^r%woMMVC#_xd<RyDj<nuIE&ktdoRX)<<Lv>NoJK^GwTV^
zU5*A{E;i2O1Z6CyxOep&tm}4K(xIyjgh<r!X#l2OMV11=OoTpFjTle{eCs5W9`YWJ
zuCu#mQK$4g#c5j986>#L>yL%0H;6-&5v50$q(!QGt?-#AYPxK_3a78oAH5j;TEhDn
z>kkZ1WDe4k5L$-)-rk|FO}OUR3!7H!MBDmOLT@=&@>pLbOnxcl>Ex<wt={mpG~d<8
ziCXYvv3@ugCc(f`v-^%p*62h}q+iaYM5-V)Ov*D$Y1DganreVRGi6Mub+1~}j(XGA
zpUZWW+3P{WE%+(%^A>ay$vfM^CeBjq9m?!Ua}Jj(TTLLIkqVQ-6|=bSP-$_9tHcLT
zS*e0mC(fcha4Ye7e82~R?S|g7m;N@FUP!bXUWh7pg{w{MezTREck=mH1@v$$4EqN^
zL8;2rN#^huZnvRTh?5r;83cldf#S(D_6|UxH2=821M06_bXMlSwhUPR3T6I}g_@P|
zU%4Ub6j!Wf_~1Prlt(e~w)+|uzgTA>eNp(9DdNG$WpQe&SJ`INW=g)jlccIGwu0nC
zF)v-#Ho8<}JRaWRL+XC{h`z3R#`O}}S#R&YDQcbe#1$}@vq7N7$DmEam-C&ib$Q&&
z-u-g}iLzu%Sb|JaC73wZe}?cSa#9-+lGnTT2To7SZHRp`$3+^?sdki}Hb|7P>l)fD
z48}uVyuVLYTIoD$33F*31I2gb)P}@3;Uw|z#bB_@DIR|C&RX3+yPJLqa_G5=Km$&n
zpk&N&LS}u#pqXZF)za?2g;R1VuR2NRvh)2$RD~K!Z@g$R7M|1XZRBz&hBZ;Zc^YWQ
z3+AuHtZ_DM0Uof=R(hJ*LqeNEt^3rjLdE5^8l*;9Q(?l<rBho=RyE9Sw4rN7-l3is
z`T4gPK@FiF{hASjD(dsAJ8zB)vFcYgc<$tb9)c(<oiOd}%3RP~TGtvq?m3a&I;l})
zAWBOsn%T6h6~bq*GbV6#@vI{2kO`7OarpxbCO{SwcF)FijS{;r1z%mETgo>y!cv)E
zE5+c;;y@F$aw*k<665WbaV$zFVGJ$!JJ563(V2n>Dx$Xx`rxNVOhQS?T_SevCOr~{
z)xJuKhCis!T|<(cX2GdUKacg%1)@d!fOdX=m}eY&&D|iYJNuyDM~OJn5}IjCoW4Jt
zr@jn~vh6x_Ki^PvpNyGZ)QDKBIq%Ooph1$9Y5=A&tTP^Be(z_a!E3bXXK3m59+JXt
zXKOVK_g_^u5<?(;JsY?|Vi_R+*2140J)YaLb97_+a8pk)*7!1;R4PQJFrqhT239>}
zy?n?6Yd{=^9-m;MuU5uDLk=?}A*h^3a<YU-cvOsafCAs}{}?;R;7YWuYj<qhNoU7)
z(y?vZwrv|7+v$#N+w9or*ml00bHDeTTXk;Lz5h}>|Mspq)?9Oq`3#KGsTDa-#^q6I
zV@Kv`!;0lYh}tWkH->X!(K37$PXSws1mo+r`*8vtPk4sVm7AFUr?S>Qn2TSyvyur2
z&gLX#r*MR#ave{poemg&(jqaVu}ayKX0r_sPt*GKB3O_9=@E#>t%XVk@468Io^oi#
zb5KO@xHY-9PhO8I*~1nk_Y<%(H?!p2AbZGC5Z~T567IgaiEos%{pdk3y|?sygbI<h
zT(IBv#h1R`cmm62pwj$jiT+u6fAs6@On*^H*_i*sr0Y*?`hUIcSNwh3ubB8{@I<08
zI#HAL`3w}DS-mS*0uiPaZYJ&r&c8glH)M(dFy>I<x??Y7{{nOha(}j3WJ7o<2>FP=
znt$c<k=WCCBe1n<)$zm?49GQ&rzXsx!_b>vb!%Ul*mTPi^sAx3c1uASMNWQ4zK&)i
z42_$ii+rOGXut9aW_#+|5I)y-4_uavpPi0H4!z}9XNEpIT?>m2zWT<gt({Y;XIwuY
zT)FKS8N4<up!NsL#`hMQ2s$7N0d?w)nH1wj@*5GK&*qM%#di*?djAtIFy9F9&DR~_
znw%njW}0@Ph6XgcbtvM2)_oQ(hP2CH6yy~qy3=O4C~OK)ktDB4T{$#gl=CD#PRipg
zV1iXt#0IoA8B{QzBZU!VUZRI1;=I$>ZytBT3dQ%xu4a+a9)IQ(R)tAo7W$-f_1=aC
z`dH1d?}G{VDpb|g9=eq+3q4uMnseCcZZj26>n(=U052@%))I0aHfwJ(8BWexY;1Av
zyItQ#?dP(1kVyhYA9BGhF;LQfJA15P-<k;A<$&i@e#zF^j;}c!R`X(RA2$VM0MLh`
zGOBf7lNc7fe(}lZ_ydVvbnu<LC<Ni)oTV$U4Br!QcTrvJZz&F{ptYq?`mxnP<m|$S
z+iOZayj7BYB$}3f&U6Qn?n&zU{VM2timfPC`pAhqcpqo@USopr?+|z)z)EB1L&<9n
z`AD>!Ht`veF$xb}J>gkxrg<nCspy^kuAT>#<<o$>J8<xi$WP42VTj@#95H;E+9E<&
zte%A^KSa@96nO~%djiLv4Ch#8A#es{(99cHT32&<!GRAlu$y4+kpr3Bksueg5u77-
zq$tZUka8QHGbQL34avi|X-<XtGf=80m}(?2e8P&EjjyHN42Y$;0Ydwt4v!p1GWrVM
zb;U^Eewn1^K<W=RaA1=Lf+dg@^&Q7)vs24YBKRQ9ay4JICg4Lz^6rkON_gBqC-{VM
zB;OK=>!^))u|4}5dr_|pm9~&7GfP)J_PvvTnnncED{GKB#aaB(^yHk%b5<>4c_mEL
zwB&cn)mh60#_S=F3`IWt+`5?LRa;Ah+6b{M9D&XFe+dl@XiHunZDj_W0gwmD&gljU
zzI{AI;AsneNX>LycLMc{hUovZivP+qVE^05%*OnGSMh&4X#eDx|JN%1WMF(g6#XlJ
z1h&HHX@;4?R*sK8uVR`IznD9<-<(T<lN}xpnQm3L(-FC8T13DKq^&ZE^QCR-piT0;
zyGGm2>0;kV-@6r7Uq_wxkoG_YF-q@nD=Y*lsD~X`ykdN|4CgKDH!I|{^awD#p%7Nz
z624%jI!!GM(YwH=3wIdC0>o0Zui8+Jvwp*>P9(E~we1pNmc1}ZiN%Fjf)xKEDa71K
zAca(s+*c&9af$TmC=wxto^A0LEl23=-JtY1f+b>tSj-&azG9B*^)>voMdBM*SL(%v
zf?@j{qSoe>P$E$J0K~7DT_Pc=G}A*JzNb`$qPQslW8le{l><iw3U;D$zsJ17*mZYW
zb73?op^5oAN1je3GQVZ#zWijTx$<q$k~hhXs5#XnMW{Dcd#x)?+T>Sl4r$P-CEUu<
z#2?b4ESY2++nMMST)qS{p+P0y_Y0X86ciC%kSg-*6hU#eD6-kMp~OQ>SU*5K2oCfi
zvC`XPO0-X>P!~cZY6_3Xa};@0TXar1vWAVq(FZv`@7N+nxhhi<-HfK<8)2nr)N!@c
z_*Q{73R0rsL`4iR71Q;#D&|c)QmDadj69*93cpZi0B03+%G${Sl<DWT1o%!*%Yk?5
zGjGr)CPSkaY96<g@jpq@8JHI>WXoj3rC#PcRhq(UJ6Is=7xqTzET+!*9XFJwBQD6B
zi|Rp1#2w1kN8Lz$a2~2);;zuEFxbpQUUF!rsVK=tU(;TO#lhGTuXS9-qs?vGEb4CC
z^)7$Xc-u1v*PnM0!p4resmua9vJRvv1*md!v7W5@{*KR}@=6=3J9(9)>|l<|E}jh$
zH1++G&k!p1xiTfSh^GG?7m@?sYN)-QtZ+Df<x7lWaS-m8K^O}9;27Uz*edK8GXb2&
zN?tRam&<zZ4CHdv_zyh&jM(omC!hMoJ@(H+`HSPv#_(5K72AJs{ImUUj{gP~`F|D4
zCr%X(uC~xT!R511R)ZRW`MIS2cu&0&J2l`01Ngj7+9Uw8%zg`+W0kh@eR$&B%(5l=
zJnP2iH*Qv5yyANW+=)^pY1`Rl^f0$vnQ{5CV?_ynvOSEOt@@q>qXVsI>h#Hnd}hGD
z7!L1mU~>ea@|y33f(%<+5T6?RwtpYzd{~%s5tb0}rLPy;Y%Wev^tPiO(GpxG4V^pb
z`>d1cuNY`rwC0oh)MV*U@UklpA&Quw{1%X($C*%b|0ygMu+|k0?KyiUvI<K=uMo4A
zZ%<5lVRwdy2uT=+nTjG<D*)S<Tugx;h(z9#pq>6!w1DvROU(pQBsx6?ayq(>LO!S}
zPYi*OPdaFz&8yHQhi3PDEujb5jm%t&u;rcx2mq2vf`b{o!!C^u>Y%>%VZdf=YEdzZ
z%VVr%z*(K=Yx^TX9eAs-a~a){wV?a^7pD5H#P;|E2RL3(MN}CoqQV+)$OsztZ!z00
znuLLE3BO5r&`f02zlu$c+pn^)Cp*h3&t}%5ePwV0GSx^s-}%9s`P{w4(Z8dAEV^40
z9hH~!*f)a%OaqI|i^bD-3shN0p*5X`h)v6KPEw>^8I=@B>jm#24MXK;pXrF63xmc_
zFc+~P;#|y^_Hx=oX-sOa|Bn5NQHw7lrAvE^{hLYV5E#n)Mz2J|Qg*viO&-zRM(bq7
zdI@;RCU1AW`-;|~bq$i;4^oa-j4&7}%GEtI)iPHW!nWO`a46gU1QJI*!+FU^=?>>y
z#6+Pt5-9d!=qTzc<G}o$qGZg{bd%HZ`8i#A^#g^i$O*wsRAw^5=w&Kw_U+_UUwpG4
z_@MJgF!(G$fD0^j<+lv5X1ue=lR%1z4rY^A_Ibxy`9^U0#L3hSdPGRNAK74ITc>!w
z#OB^H+D|+BUJ`rUf$n4D0oDQF@36bgVIJC$SMf0GWnf0ZlnLs=U)sk6VhU^U$T=%a
zv>P)|s#%~r!oL)94pX-UN@XxS@Uy7-R<Ff3Zf&QtTDs{RSGWg`mj6yh&&7d)@QB^n
zlWIz4#q1ClN1Mkh^PP1CsinCsdoFe>JPAsTD-{xd*e=x58207^E)-ZLdyv!$3NS3s
zR{2f8(lo^OnJz6YEsq7~>)LR;_5$M|H2u%b+<(>PpFJzvU$zJ~)_>wH*#0!$|JT!Q
zK>6QJyPs}PGXNS}ZT$c!YvYOjPb=Ve_KL-R_{O>z(Z?}YmyB73;%Fkc5@o>V@3xD{
zhb-G}GN8wM^{$&0&lis1w0q#{*mQUMOuo&bk6d0qW_)-)hN|20rn*hHPgBGlRn@k3
z2)Q6;0+CTslK?#7fG&1CVNm(~Mz{X`I_E^Yr0v}&KqkR2$UD@D7FIDJtpG(>66Ayh
zU%K*-<#lr-TB=l5>I0IgpW6!E3(wQg;CUA%$#SUQ0llboFh-DeJp;fSiaHGuJ!*};
zxVtv2ri3fc=@fA!m^w^wCNgl-v=((S9&THIuIlCr_9saashyiqx1@of(PQ^zT97j!
zQ{|drVL~Or=~M=w2tgAkkoqhUNmuDarzIDuE5Mek3B#RJi8P=-LnWJ54LQgtU!_p<
zrg0>=)8xYtrQ{nff*cL&;rjouB!7*8v1y(tIQUjzio-{#xwZK)j8W73evy_mT#m*W
z&dq-jU{SZ7yv|x)&^QSRd(IKitSafGLT%dHt<1VS>5-EQ60b~>qBXt+QK2C<{h5T7
zAwpTcbH#(F#e)mvl?Yy(wb_RSx)5TX?Fs?pn$Ex%I)UlA!3X<-1Z7`c3<VY7pJ6=b
ztQ-pP>hX$t1zH~HXfhMkPuzK*AwA2Nq^bXDjlg-*shc(2D$RN2TA2ZSSMgM?xSq|?
zxQ|!Fz0|v;-saO`Xe8oso(eNk&rV;hR}NHQ)>#eLBTRAe(Q)nOFC;It!|ptP^gZY{
zl#bkOiwtmdp@(dDTLMm(i91O~PYFFxKX}h?|LYvvA#_%oBQ|!R@sa@POK{my6i}I(
zby5#YJ+|h}GrF+(6@fX(3kDhdanl}C8T~JF9fnf5$7loIW-Djs7d<*Y+uk{6x8(^E
zizkjZ5~y&MXvX4s+)yb585o<wW1zk?1$_n?Ushb+P!y%=3{L)Ej*I8_+OWE0tZDqO
z6`ZS*7Z?nK+W#a${HsR(C?+<Rzl-TV_}<z6H{bjGzp-L8Yf@22Ruk^`NqXWcaMnZw
z2|j72vm^VI@iAfp6Vtptq7n|LgXS2RhxC*oz{lrpFXue(&4F?Dkn2qCk))6B*1(o1
zc6PFD@FsN}Qi9J#bEpaG$pVr5XzZ3BZ?s$ZKq0C#-LV{bMsYQ;*OZ6x9Dv)D{?A=j
zww|U-$`7jM$v`&#i%*;>hw02O;&t-K3IWa*3t?k@%#_IAZ3D>36^*UaENeD3aY@uc
zNg6#pk1dLj@|dKwd2WOI4D#c;iXlEhmrj=`jx*sckMnFm2h`GnK0(7H-$E$H_2B<x
zRL0PI=3bDR@^}`;k~t6zP9UQjFXuB%t#%JpWuSE1n&Ieg_)hMX9o&AeZbm`)5SM96
zHq!Q@0QU|zNFMJqQ!;$79w0d6p2(f0X&*}={>8s(i|TFp+KN@JTcEKT?YMVEe`j`4
zd;^F7RSm8evqj~cS8|ga(NSfVkEDi{KmEI;aM?4^xiHO0{&jY-tnDpu;DWzJ@F_(H
zKPdzj98(UsFYEM3`MdTdKLSM0fE@g~sM-T~&d6`0+YfCb58;+27_cKF5}NY*O8Fo7
znicv@{Lu3;D_`nn@Q7T&`7@)e?kU$X8o-KZuGE`vIh~Z>aWvtIm<^N*ILcQh9J(Y#
z{9q&m7Emu{vJStLZm4SvS^4U8Jnlu7FtJ7}`szumI}C286jT3JcL^HK&US6Fs%D{`
z3?l0oGTKb7)qTU+Z0*en`{Q~%pJM){4nGi&<i%iLKDj!IjM#B-YHPADjzlyp=1JrS
z%eSO$WMy%W>ox8>a^jbgb|ma8epc;W3LQVCN_dSV0LYN9Jrt+<Vl@gtrHSb||B+p1
z^01p%{`Va>C5-J=rJ$fph0VP~u_e@J6480qf;Cm5d0~TE!jhCKYGG$-8HBKoh4P5=
z;{5|EMmbZEMWe=yh1sx5dHfwfqFhLImA~fKxEX6MtkvY4RsT=jx}izo1K0B}@$6bq
zR9ebt3##N2zVXDgx`&xcQ%*9E1|QEa)*Ea#WHe{QF4SI;V56SYvbQpy=+a>@AO5x8
zd{V=uh#hWg8!7-=uC1B)SyHL(6gk`h_x%M2tYEq)Az{;O6m?C}drH5@;cuVC8XR9t
z85CB>$OU6J3X8A#v|Fu-Doq%CSmEioRlHUt);e~=ztYjnqlPfvX+53J9u374{GHwp
zeuS{~@D@_v$o{h%{>xO)@pte#8{2=lHnRUu_|k@CZO06D)R2oOv;&(}Jkha~r=>Ql
z%q;V!vu3C)ozv4`Scn2zG5CbDz0C*6>OjSkxkQSk!03LeBaVai9eAyMf6J-ubhb$X
zHiq(sU4QP?2BsWQ#MWEsUeF!)biPQLqoob)m#kf9XnL({@b^(MlHkOmxFngXQ+}x&
z_D@KZ`fhu`;xfj;H%FdtZ-#Wr5nTJBS+h9i)k$Ww=rnY2utW2|uWx>TRz4%8>SyKC
zV-yXyAW8Hdy0s-icAgBn2=rtM1JN*eiZX%H=l7s*__j{y1rwtE`tce5A$jSmYu8tG
zSknJY&_7{J;{u88NCE?=h5qZ~&Nk+t24LS2xYH^uGuMC({yNRg)%~N4pqky`O>hw`
z*-JBnS6{|jRDsR}Ul{2mK9t&|2lO=iq}Hu)$Sg+Sz#{Za5F-e$s^T>`N1-cn*CE1&
zLp^vJk|N!D&OXaOE_8m%10R>ibPWF?8|GP8Ly2ae+(n?$U-OQPFP6y<=NAqMOSAz0
zjwQBUaFIp)Ad-mOS_Lq5t!opXJeAYH$B=HQcQ)ua+$`~<9pht7zOXDzOHq=-H@a$(
zK;FoA3TJ}_#o3N$tixcuxO5-9PI_r|WZs<&*+DiHfY+jXQ8DQm^aTFQMqKa&ZJD^a
zTa&Ogy!wx+EvATTyzOh~`(CB$Dj^+bS1Urw%I!#G<j9K|xHWUPj<5k8hkhLCAx;HA
z`^D3nWQYGI0Ru>tWy8=8PVcS-?*JEP-xGt%cnlHqG<D-+R37iud7v`N0j)`6Y|3k#
z{tH=$508ZZMGbjOtb7ESsCoI)CoY86f?CAHA+Xr{u|{shy6$VB3Q1ztXt?zk;m|6J
zyfSbS_ZEgFtML{GOsf_2?rKYnW)u$KmHs?8KT_w}B|WNN4`T+{cD!OsYo4IlQs6u)
zfGq;K^0FigjN!<i=QqEaDpGz_5P=-Aj`^(i@4(uP?)8+)xJp?{^&Zyou;K)plZOYS
z2cPQxI4#x(aeF5Btu_|9na}S|MlQ^C&iS=NcsEY9uvC~sF_mX|2rp643uC@|Ia{xJ
zhgJm@liA};6lG!RmzdD74sp(wFDy-wXqYmgLw}+JF?11jc`>^qzViWpbT{(^EkAH+
z@z1jTvl{>Ge_8&X+5QItIotn6ATRpMo!D%Pqi`}Hebc}ul7<QVIqmuXreLv5<hJ0q
z7i~^)97K>-z)yvS`>T$FOwTh<J1DTlwFyp|OxZ;u>LkIQwfWhrw=aXVKKb^bc?6<z
z_NLpZGxr~!p&FoOI_5yS$U@;nqznL<5|LuW9TbnC7($B7Si8hm7a5d;(Vr!sS+jDC
z*qVj53O5oC+?h&Nd3h}|F(pkyim56^v~!H1%jqQsL<+^i6nTzWwt&$1lMqtEDKh_1
z3Q`PAqV6ENCDO$lBD+|g(*kZT+mwVKF)mU9$PdF=t+Y^WexO_FWzH06vO+y$(X5Ak
z@=<*u#IZsCkx{0sIYt9{hzh6~z|8RYesQ^O8lzIn7YJ1Gm3+I^t47eqU_)ef?o5($
zj&(xdt;~n0s<B!tv;7*4RZnjrRB&Lb5i}h9vo1(nhKcuInRAh#dfkS|ojv8T<MduZ
z=MqY(NR^4|S(cK2Coe7#eTdV5sE-m!UKl;a-B^v(g|uOqY46fkZu9SPjB`j#gBQBr
zV>jr~S$L06m*82L`&zW6ik(UAX?4afR2}l0jI;BpLW4aXs-`stT2ArM=jrA;PhuDk
z@S8Pry#rZ|oI2g!3;n2HyFQ+BB%o4+f;FdGz^3|wiTs&N0-13jP@$KgHI67mVMSXQ
zu3>Q1j_(Xo7s<V<BtXk495&C!`Qqcq092DmY8IkmW)YnhX1@$x$Qmh-QmAD$qY_z4
z?UGckDwRP_uY5CS^?frfiQebUBFW?Jc_S4ZP&l(8S@5oNY=BLt4=rFGPdWEi%4W%2
zrg$<QxDXaX_{~9+d-%H=!sI%PfxxcJxz5L0TWabH4fdMG*2G{x{-!GJlGQDA6QWv8
z1%ud0F-Arw%Ny3ST*VTeZDbK^wlgn78O{Zc@v(4qEDcpmWmy#2D)i;I!jIJ`ZnkZC
zcG6!64*^jxFtY<zpd55H)t->G^lPV@d`)$^l+ajv*I*nj9gvcnDxPz^r|0@b*3UXL
zKao=W!yBw!qEXKl-in<<!_c>Drfg%B$*4s`M}RU-1XAX|*hLz0RJuMlqq~iF|D>SX
zZ-%}Dzt>yfuIQQid8LN>X3=5y`xT5ptPl2|)%q7BoSpeEQvo~uKUc!p>HoJ!(9e9V
zPsqe)?%Q~UcDMeWzIOxJqPRbe3y^KO3xY7hCq&AMd=}}am6w&TduXB&RYlvn(vLH~
zYNnfzi>rya*gs7CFZkKUyWWmDy*i#iORjAXJM8{NvA)ZUfy|RkW@)OPtSfIHGoP4n
z*w|YC3mBmhA~FuthEFeX+zwgvCq!z-O}8&&hwY;BlE=+^#qy8)s$}S`3ig78iH(h>
z1`ejq$^8DV1xSVpmNF&KDlwJ&grr4t0=@g&lK3ANRyy=s4-0)M<fd$r5fi&H#sn~T
zo*rUfvKuCAj&-PF>%0uYGew);u)^@zXO$mx-OxPfIC3=Q3wrRszSzbDut;G?Z!U*<
zj5+_zR`U$l^|t`O@LfUY3zo~tRjH^z1O<$}eu;2}U)*091-EMnEwQK3Lp{YzlvwcE
zY$y*{hq@KVS>O{SS#O)&?06dWS1K>gqEDs$HeN&nvTlo1hK~86SF?O0f0>ZM^kcOH
zDDQhhl9Xix)xm7?XY3#-GxU9<OIf>uQ4neg(4c~?`#_;~rL;x`#<}@`qlVdY{~8@g
zln8c;UI6>YI;;5JclJrq-8j7vXW&h;BN!ni17#L18#tD6cam|2y($q3QiT?`%IG9)
z^S1G9b~`w!m5R!(hb;ugD%~CGuRcyh_>-hO!a_TynpMhV69*$>mCH5gO5Ellp7&uH
z*10w4tD2roO2;8MbDSC90&@?JlF(-kb+*^^VRG#r^QOte;i&B)q4c>m8>3dl>RnAk
zm$;|~#HiEAu_siW0>XrRa&aHt8{L|;o%i*+IwV$BiUKEw&}UaB^-(e52JU)dz;l0C
zJN6$b<*i1w=2H#yVsgaT!-RhqnL@EiqZY?BHr-CH3(ol3iD<KW^Pc0Bv79hQNMvp|
zLzG?B2RbA3TcSFEP0IO0zz0`^6(|IDRUrPN0Mrdr$+1O5TqfYPmnCh&IU-DJbMC-C
z`Eon+U9=U>dtZ9dYa6qc?1_vvh}-H+-l;;`B9pW)XobR9D=-u0fuX5maC7I{)LAx_
zgxzJXF5$?Eq$I2(;lT>GvkI*ik4bye%(H-B``)d7<m%nA@Ha?X@lK4slkYVQEdk#&
zN<jV#vku0}JG`^eqvC+s9Y^r4JMat9$ZTY{qfJU+H;NGIV>X_$<r)h%!ZY2;I1j`i
zU^SEfv6f>ulR694k`kW%65USKzF-B69#<V0W|NzML&g@h)X3&D$ZWfEXYPgLwU&QV
zF!|$K>0{3e3Nbhz)jy=+UlsqyLC*2_LC((bPpdUM!~bNpu29wf<g}uCe};S6Y64}T
z-BpM#idVx!?UU+6>Mw!ND6+DJI|x($Bxus@l$3DUTRDkieE0j3!PWkd=}9{>wS@xR
z>5ed!f4{L&QZ0`Uc4Nb)gG+|^^f-|ZJIg+m`&;KI?ej37!f$}2=Ze7Ipg|%D&D^V|
z?!ZqIh{$0EF#8#wy+PV0`+6)&UIZ@6dQvC|h$E^OJ}BI%IB<7ZsQ=V=n=p-(tplT8
z5n&Tn?CFca$VUa6%a5n`cv};P_rEA11M1*vAS4ZsCi{vtf>&G6DLadV57d0nYOF9X
zFqI)=0m1|4fXf0WkU+|#&?+JUl&lF~Tc+9`Tr89qVlJUS3q4v4299$z{M$bVkLrCV
zJvB`L$R`!3B+)2MR^Q!H{zT+!B=SgEDL15geI^AFn_Q}yo8-ppR<~9H0Km>D>P>cx
zoFGIjBy~FHU>|7T)h9$_OLUEGfTo*oGa<R4yfO~NWFGu|D_$9o?U&t%3Yu=;<}JaF
z3N_S(Si-*GEbTyoF`&TRCt!&T4&f9j@NHN_zgLCTJ^j9~OXj@;v{47<1a93=gw|?h
zRPHNa2NDXNBa|lu!ainXmS-43XK7x}G4xi@irn1^n5$+cMOv9fR;{38-$yS*I@WpJ
zl)Lcpa*nQRL#HPqur?739<kRhOnpp5h9Cp_MPwjv-+AtQB(Fp3a`d|yM{R{3$sYEi
zsvX;lwcgb*Lm9l~3C-N@7pJ*vmX#4c?xAgyYD`I<;voy-Uo9NbNbyn2t?1X;Rq6Z2
zZ{m?F3e%1q#?YL}K>Tp2{;1F|DT6M`XJiEe?cL80H;(jji3b45uF8oZA==;KiW1fH
zQ8jp+qKTwIv!_3dx5|HGA~m#|t4~xJ_qdF`#e6g+ur;UTS_p!b*)&;dz_GZ<)(94;
zVOF!3mOV=^ekp~5jGnj+2+7(pR!zG%w0c|%v`dLET5>XjRXaPosN*=Y9HC`e`t8Lq
zS3mT2(iRCAu9g-?1jAy0$gRV+w^vFvBI~XM+cEsH?dTtL4#p@Tv|^h!+p&0Yg*rWK
zo6*r=xMkkP``j+zS1?0X)zDLDRs-7`h0NQL8y6W_008(n1)Py9V3q)ITi6}Y&7;D;
zuGjRAbh_3(g=^EL-UI}GELK8#o{#l(p3`vMGR$#tV{C?RbOy)P;0++u20iL~pz^w)
z`$mOH(P`*hqd(<L%r~vKa7GD*%N>*DHL1{ZwO-OynM?o(-F#s$kqQrvn+pkon?X#-
zrYm=Xmcozf*u&e{iG@6qJO>PCEyYov@><xyn7^8P_3+88qeL=s`Zpp=6JzgQ%yA9Q
zvS<>R@R-h{ho^P3;D66>0oDR3i>p7O<K$AIYTf~BDxbD9xH#R7<a+JY!+~%47-CpK
z*y!S)2Fd)V3jHZAf2a@x{ogQHcIJPgFWCR|h5XlfdPTDQ=WadX(B>2BL!+_;_o`ns
zK^^n=Z_bLXU++G>v0&e8{mpyQ7KZM=U(lNiF4$O}03ji}KE0g#tfg7z1_9wso^jg-
zu;l>CU;KLPTuumMz=TkJ#S{Ial!3G0NA)gU?oa$Uz?L?y!8eM3<ntkcnPWwb!UA*{
z0a1c0pjF$1Z`jmxTg;dr_gW-9kg=JwH8rhFEBN@%>gM{M)ca*OPtYpbmaFX*+ouu-
z%Id$<Dl|a8@4gM1Z6%I&_+{r{$A;To2?-$`#p4wu4u|6dvDaa`z~2l&6)p=`K->w&
zjCB(sgrlNbYUoJ=%}T<(O|HUkOq*^x1En?!pSZWC^DhW)q}OWLeyi77V;^fL2iG4I
zOOOLU3RhgKeADl=i;y&I!!dK(G_{0lU5I9N0q<C_yF4zsgXs$jB1HD$+V?7U9HRId
zKpv|hLQTq$Ly5vWE&$nk!9cc=>gvHcK2!!I97^JYe2~Rya8}m9pWpZfVOjs0b|-YT
zlxV#eC4GbA^mqiN%^(FOBqokq2C+m;caD5@$$h4&d#!}{^B1>g&Sm2%S%erte5TU=
zYFl|}{IC3V%oo>plR2$J_!VTUU@P23Y_#)3!y%oougGA|+Zwk>dvpgWfX|#@A8IW9
zSfJZuc+`OklhU&hx)=Zy*(>H9FnL(mJ#!Q2s(q;ao&fGPk;xS%*KIK80Tya&c}Qmk
zteeq@y<(vnvljfK_m`lTFHi+$OLiqI*?eDvL6l_t=zR$lCy<7R%4cK)7}($05Q#c5
za7*I4%M(JgkY4<@P&F-OGol>7Dg*+d44`SbM3#5<GcX1k%P%)(_&3JQtEK#oErTB7
z#68k#!|Lr#djU`P!R$Ghr$0k`aUeJ|zl8ZMpxFM;3i!+K#LD*9t1$atET_Ni6YMO1
z04M%y0Tii9D-yH)L2bIVu2bF!hoEna1!a$0kyg80P@zl;ET5r=#x_@(U2?M>p_}?H
zvWq}psAko@#PoTIx;sgJjTTXtDY%rXYR7-|V#?!W8>ZkoTi4^_Df*7&Q$nVg9%ZUn
zYaj>TyMFcD#E*|e-f@}klLlfeQfDP{<1kHhz}z#n$37Nori0*<|8Ua<k#f^>z~6M*
zAXeh;;)EPuS&yLt^ReAqJFDoCnWOE?-BxUA*}g3@V@=#lO=7BpEzKFLt4VWc#+-hN
z<l${0x_ioejnzd`H)rJn8{TBLOqv99)T|EOR=kO$Z-`GD^h_UPDRbC2W6#Qg$G-{u
zj66YAQ}+XXvW9azOr5_11&n5)|M28By**EWuU|tTLYc%}*!19P&@bm;+3DM;`8z{?
zEy?!?nncJkY|G?Y#JwPG3EGf;Cw_c;4$CD0$|K{jFoYz1urx+3uMb*aBB2mpU#;u8
zD{+^#7W2&CwsPLzCW@b|8et%pn`YO;Y%A=td7P0&W^Tlr_Kjy=lEl3dY>2((D8i>S
zY%Nd|nTi%50CdRsEQ2s-B#PSJtVwa-dh?)E1~*J&)c_p?j^YiDNR}ktXbjj?mf-uI
zU~6SKV#K}b0Nti9s0i%_*kPRlJ_;#=3)&e(Y<b!+eJw8A0$yh*5?y9wPS?2hn3}C|
zNB7tP9ga$k=@5Fw$k6oEyVbPkDO}Iyim@_nrk2}>b1ADFGy(2N=5w&(V?KC@1j>Ex
z`(XONatW!x{crJzjH#RGTYt_-MpTFs!N#S^DDl>W!lkg+CQHGgNMW=jqTe<H@mt^k
z7dn|=@v6L1HNY07Yzo)R@D_i02QwFJsQD@q1@-Hcf5AF>g_{J?;<=r^4`WtBEn^S9
z7)<_60#Z6aKe0L4ag8=5Kh`c+>c$LjaRRjl77eJ`%`DNrN8C<t_`!X4c}^e;?28JU
zS)7?(H_oJ{rJ#jdT`6CUi3eUT=Lw4m3H37yQrhNKyCF+q(jC!pm5W+bq=)wPD3`G}
zu~r~B;tR+sG;OXPlH_$poa=n=5=>7-^#0qPaFEan^ri+L3mirzG$hi5r(N?|aAZ&c
z8_Ggn+<K<^h3S)*E}&3!-F})+(>LdBW*O%V5#0FVI4HQbb7sDZ@D8N1lM=}+W!A?$
z5USy7b;o5VI0$5F(kJ$Grm4Z^1nfK*n67BemhtP}mJ6)+YUv9iF&q;)ZW$)v_;v;}
zh{85^hi<Pc37W41AIh9aVvd6}fmSn;{NDEy=qIB~D5*fCSAC$0Fel@m#ZN&E6@YG^
z;YK+hIV)OMJgFzFFL*R}=vv&+j#1jRVC}!Ez&&;u2j}&}$xtt)S`)%s5uGp&u_u|T
zryK*}o#GLQppeT>OHu!7;B}WK!NFeRE4CtfMMQic9LixEj(H<i6UESqUuVLDK*iiP
zoWO{~ZgvF6v=(M2PXy8SrFzYv{LCOR;fZJ=#T(@~ykQ%I1W63p(o1N)SzqG<C8ib!
ziU^qLD#~GS%Ru#A)TSxau|(*7=~o1d$wYerR~@{339Sb2Kmf?1*@&H667~fPd_Lc|
zG^1TR0hoX+Cgn60grnNHjU^%|sZx3qS^{kIzBN8H1Hs=zeUH|94^+T!?s$dScyIGL
zs=NsAAlJ*ty#LhDKc(@{E`srIvp4%+RIPs#(Lb}n|Eq{rsA?+ivSNBaR6TC2WI<V+
zKCbWtOO`k#Yoo8}f6L;5)FjogqEK^C!%xxOki7;Y3u@Fu?vA3t%ewIKf^gjFUGr+Q
zRN>&&7P2eA#Takuv=1Nz^^NJOArM3bF#H;)z^(fXoN&~N{IX6`wnZ<T2#TD*r@{Vd
zK|^{Mg4ywiQ<;ptBzil}ES$tBS-;mPoF>V(jh6{FY0!J#YAy~AId`n*>e9&WbEj$e
zTp3NVOuh;*RdS@zyM5|Ff^C1|VhlnDg2FH}ct*kk&U~{^>n)k0&|(^v5V1@aBxa`b
zhyJNr9<qD8OF~|p$geFQOqKR!-Uw@hD!tb0@iK6?6%cb^6FZt%yhx%-l{`iGU3ng|
z52l7K6S!C7*BJWko_S42v>iA|tZ(gpn*r=)&(`E3*q}5p@)P1jyvfO|WU{(mEOnS@
zJ5=7a!KPnKH9@#P=jB>(i{loJ80sVgnS-Tj#DcD4yrVrxDGZiY(SaSmBkd<1qqb6`
zjLHeIL%&->g(0s31NJtiY4bdVowOzcfEYq_<?^~Ca~Y2F*bgUK9ovm&7oQ{@Bfp<N
z0aVG@qJIaXRow>eXhN?hdD4SvIg+^Bqi1&_kiJVhfmY|EIN?EK33tdAmwM#((`e%P
z`OvGvN-jjr3)kR^5vH&_YPE`hTHA5q4cf7*=!5GdCythdl+*kwMKn&bSc)gG@~0fy
zkgp2lMwTF=IYN~{a#1^*dhK`cQW_2FB@Ddh%+(lcUS3|s7&tM41uO8mh{+q^ofkw<
zsH=P<sy45HaE6=(0+3T9|J9wwTWLRdl8TyWIcd)4U8apeU#H2`kFVLo1jIpoCZQh;
zis}=K8VeVHe2)HMgzd{4BW3_Tg8rdvslgzIL!<^}%4j+_0ZAO7{*A}RDulO47K=$B
z$1PHuX|mcvl!e}(8y<+5PNc-D=7FsC;h;a(W%=U(@KlL^7jc|d;Y_3SR%_Z?e+KDE
zV*xU(-UG&(SxJ(<(7Np|C`sPZ9Gt+DYjB8tp}*?ZW*?KI^Ye!*_CY63!f^Day^Z^i
zmi;SqJI?V<F;wDuF|Gtq8WnnRv)ew8C^0=tpPvn=m_O@SS6o6`<=ZTCV3+F}WD}if
z7^>MD$u~w-l<bt3p(KOT%+CBaMiNVE#v8D*?m`Mg`Wt?foZT|?!OlsarMan^R4Zge
zv5aAEE*0pKviC8qaJb2~oTqXVc&?Ejz!jIIb&}W&)C<Faug$%;098X&u?z!CkF<=C
zX}BD{FroxAsG&pFaR)#csm!vB9;ie7O2K8Cn$HbJkO522i?ZPpbhy<C$EwiaS6nh4
zBOcRn<x@$2&4~Pl`zol3^ntS>N9AF8JCAAZUQb4tBPwxh?V!w!F!Za{)ezauFB+B1
z;Wpa?Ey)De28egX=fPs+xHX&KL%qh}DhjL&XdSII(1uI%eVJ)V(MBQB8snTTJ)!$?
zVO-4mWhFSK<-lW}Y#r7nxScKeS8a>BGvz|^<_ENyZn`Jf0e%t(6PD5O?Ff9X@iN(M
zcbg;Rn0V-S7hwZd)<fnx4>jgm)g>82R94brZ~lQ!;|)pATv-LCjN|UeyxUF*TBXh5
z@jCvThxk0fQsNi_thW@kCW09U5*&s=lv4ze0tPKDgMOLLiWd7<29F=DgC<+FCihvM
zuV3MPvv6EVBfDO(A9r3srt}?w{;9HmYUjUH_LGwT`TsxuX8-F!=-*V9{eQv~e){!Y
zcUV!^UsT(*Ik|-zqI+E048+inj>hT3561ILVD!gw7m~vO-%Zk9uX&akcQ0pfLj)Ye
z_|{yjHoOTC{v0MdRk@$Nd13TPd=8UKG~B<BpnfIr{Z8)hmOz@Ds_Jp?^zsylQ4hJL
zbB(=W8kQg+p)f2_B?$kyQtl=dfLOcog0x}m>&}+;uzb?#LOaV$sQ>HhI&@#6-u|)1
z%&ed1xM^h7=gcUPnK1=z%~owvGF!2)$ggL&NrWEKo3}A&5QP!1p#Rj>s2N1vLEf$g
z+uy`u%n`guNpIoTZBBP6-2;}_Yhq7AkH`oOof^;>8CU<t+ouIe9GUk}zRLtA;3C8j
zS@x~kmrawYdH-9AW^wjb%uzIII{!p{F%`I$p_4u?`S|{2vk7ps*+&OWDY5@K97~kb
zG$tza2s5O4H#w!##8oWIPAeiAd(tQPvjA;bQ6H@=KH^-dz<~C;v?c;CBP&W!f>WE|
zTeU8HphWd?W!fa#Cg#u62BvOD&Zf+RHhQrU&|-dpV*8bE``N!MV7@Yv^ceGG79xoU
z!n+K;5m%%ca)a{5y2M3^GkT-x4Rf}}x#Gs@G45HzIf%m0ZmZ;Wom9%*JG__cYHV`C
z9Gld|j~?pMq;*KS-uFl;4&>^QV6-KC(PU90hO5Zk*|Gg`h@$A-&~ae_jdHH{jJ<H_
zm4*`FB(MWXDlav7bV3D3$0!iCJ}j#P)Wn^iJQ}gCeE?I#Um5VLX{gF&knS1a)vE&-
zyN{WyYTFfOpH-Au#OLu@Y3OJ{712Lw*R~=~MGNk&($<LDohD-!%?FVFJga+|Kh!lj
zF~g3x%e-ymAu(+wJ9sIpUt|h<k&rzpEu)t>`>6_*6L$rs@jVCtq(Kuw@3RI*+Nk6v
z%`o3r$jdC1!E=!Hv2#B50$zXi&fFU=ZuAloueQw|Y)O4hOxrIWOonE6doEIwKoMN*
zJqWz)G^1n1#IMy_)Sf?fyhNRzB^uq>-->0fCyn%Khuw0?>Om_!q6&wM1B4bF+}i}Y
zkNh*AC&F>gB6VWbf3)F5mWnhrU-=G{aSA6`{}MtKu&y+i%ovQ!qTb56CgOV%lngkl
zA&2hiS<@+*TcVm4tdvZaOyp{&&AeNJO<iSMO8`<JtWf!8W(7z(!~EPAnr6XL#a^L>
zmYeg6hQfuDlhJ)b!hpp{XcK9^>mxE=?|<w>6I#yw>U(V7bp#4%N|sh$qNUi=-&q}`
zmh7X}T#*;yIHNr<SlhE~LGTRP#IX9AdY-vmIs5xX+M&S5tF(~_<2i1VnC%2b&eKyr
z1C%)`xKLa1WQgDON`sa1<33Gsk#Qp*Vbkd4qav90SKi7;RCJ`oQcl(!^c<y#o#Len
zlM%RC@OjshX`ej4O*BVYiW+N=+b`O?K52q?HMMN>TT|XH9?uV8nyAc;e=5|Uy7RAT
z(%;Z3_P-v%{!O7c{&)lXuYKUW>c72r5$X$jmvM6tz!WZ7b%aOYM&O%;H!dfArek;9
z**~PXl8=PH&g829R^SZrQ)9Z>*d50?LGlvlalLrgVBL^)rJ#-y?diDdjobzOO2Dh0
z$d7%1Wp+Nn?dtmSRv@|xJFPnkP76JrASmNNzOR$=Io9?y7c=`Jy!!@u5z*Ct()+UK
ztY0;eD2FU$U5sPilDw9!YtGs<-9<|_7dnDktf8)4ihZuyj_N4SNR=4WbF$d5hxq7o
z{3Vz{T%b_Ri!bO4^p-@bf_3wTK#lel6Mbf18$ot_mrNjGm^dnbL`or;@6;H&oDeed
zBQeVr#mG15Z>I<YsI;haXj%+o9;bcCn-K3U<A~m=(SkXJSXXr*x2kK28s+7)w!uDf
zCJ5d<$lkc|^z3{eI&~p}HOUE!c4d@2*+L1(yqGFD31Np~$a%6m?7VvRoGrNb?~s?w
z05j4)O3%ZB_`|oL!Y86<P8BFHHit^5xe1@XXnh#?_I<dN`?4pKl<@%VYu4^^RjQ(j
zr-8h@rQ<YNS0BGBgAq80Vh$xQT0oUvqqSjhdB2E~rHUZUp6QR}<dZBo?PlBGz|jS=
zbvGm+x<ee$6NU*Qh^9nWectjQjKu`NPHMP``UZSRdGagq-m^D2STo3OR!h(Tu{L1#
zJYqystPyh7ZhB&Sg~*URUtZ29JT@v4IM;?r^A+JN2qJM5+{%0l1So{(;OPU}1S=Is
z5GmlvaOG~w_8I7QVKvA6(4~;@^a&xFQ}hDLOv(-<lHzW?34+BnH7m5m$Va-xw8~`(
zk^_U9g(X{+JL`HQoQ+0&bd$lPKxG6s2l2~dG7$ouJ~7N7K*h;P462QCCBr%p(u8CT
zUaZ{mNIlJW?FAG&{A4YI9~mvQNs3pzU$_K|r>oBxzLtlE5{)C@+y*wSocW^4-8=e!
zyRdWyXEKpfC-F4S`oTHCIVX2R7U(v0>@hexWoMhFogv5zq^dviB87QLN;X4qgHe*U
zgvOrht2o~dHXyFrn^%E4N{RNIVKU3yi<L!BhZ_l#S=OqeyEcO#$7J{N;tj-f@Wr^J
zQm!6;B4(1I)c3$OpFN$mmTTpC^TRW89}q&H3lN_xh-Pxo26vZmNQXy<H~0vn^1UrC
zG;39_Rn@aqjOou32^u^~6%H5r$nj(h^M0*J>3qw^CH2vl&7NCxZ6dJA*t{evd`MkH
z*bGNuXK-%PZp@LD(XRR^N>C}#+>l~Jk}8!j9ACnMee(lAvG2J1y#5jt<++o?y-IX(
zr&I4xvUCSuOfp*!+`TWKfvft^f!Yh0RJb+?c@ycYyU(+I1VH*qWv#fs9-!pQZtwzV
zwnYA^Gk>bbzjWqrA}j~}Kh0|#4F8jPtthU;rk5Ty*p+u+S)=e*^o`;7cwi9aP`R(p
zKfV=ihZKKhU@t!2U1We%lfP(ihFHy+;_wX8BE)@WE=%U_q_pxNrLSMEW=;|lXc`*9
zq?{O}@3&xGyFc(G<pL^^Z*Zf;B@rBCLS^Ah087-Q-2W;tQ|lQOVarOllz^ABE|Cx*
z8cs&@O|qEyg`UaS+P?G%;G3~G9NpMDt6A=%#Nw=&)Hs7zdHghuluxe|n9Kf~(FHvc
zqXco<bW+K6fqnezM|^7eV#qTOpKQ>~`oN&If4_czQBcHM$;L<oWfkpq0?bvHU(j%K
zM9_iE*jWmX6VU$2paqH_^(YO*eplNdM^6-`1@8!7zyH+EH^TOV-yv}$v32<*FCaQ)
zfz<!_1^)HD{_zVi{w?$ze=!vP7J3eb|7mJkp(^dT!~U<SscC5#I8NZ1A!(rnQ_{K-
z@K4;vdqOLJ7E4JXWFrSDpQlEEp`D+SG$v03a8q{c=7|qu>@*qC?OEN^_{r9oHZTlc
zkY0`j5^N}O*vq5LCpTL^Il!QYt9s`A*%0v?s2R^ScBc#yNnn%_eHH{hM-Zs)h+hzr
z)X5f#SN1z3ZAs5VH{FYJp}biB5|K94AFZfW`QaMhO*4C!H+xsG<|ih~80<UA*i+`g
zA9%upD{B%=p*Npd@xw*Q$PlBwYpg7V<uD_VLbphf6@^Z5+AWijL@NGO?a2^Yu8=x2
zz65!KpEPkAe&!=yuXvtX4A!|O8gpPEmHI{MKy{|Mm-HQA#PYHP1!)>LnLSz~*gvXq
zf{4WDd?4p6Av}G6#26HtUAQ{3KVu&CS`1PBkpd?vD<%6y)f5#1sfJlIrhM5GIg3-&
zzHlZc_Q<^qW+4Vd_EHXVp|f4~mq8a=_^q)K!BHn^-2_-u61u(ZO2q7h^#_hyiua=Y
zl2S|vQD5K}`sNaBPZ<&(`%*!ft}rs6&y|~hfPuon8&R1?ujy3v6se_AWUkEJ#R^QG
z%+$GW0E8SWM){-2fc~?Ewk*zmNL=7PEdyRH)=?R6h|Xk_tIS~zS=L>ZDP=&Ay3I2J
zR$ZyQ)MSkQ>Fjn(ZVd$va<&mXNXzh>wKXH|EHT+>YLXk=iODIb<yB%_C*_uR|70mS
z7AfpD#I$YC!IZRGQ4`{rLr#)bAzD10Sb@#C#oj{6(TJHTK*3!pXj8hLs8)SFug-LY
z0^mqRRE4R`gE1PdY3UYiQ5CeE1V{7p{D*bui&*V2bd1@^&8+{@eCN04^GCJ;BCL*y
zeodJ>$|;84#`(-^iz4`+&UJIH$rGF!c2KGYw901{K6Nl<sWiHMktVP_=ZN;G37D~c
z@>2Qy$0i=LZhB4$n*B#%g?MYK2k`dn{hL!O`_~(MHF~ty7RtGVTBnu{!%IaeD+J^a
znffM27%(0728*_;HW+1)>!8d&QM7<ti_ggP`t$X$sE(sGtk1A?tPDbDN&_uZL<BJp
zmQAN71Kzmhx9!8vHJ^^`6@tM*uyh%V7b$4A5iPsEtK69d<3m^&57W$r%*K>SZR!=_
zX!_7dej(b0`W>)#yI#m&^|fas5sL-yZCDK(`lic5@6Nnwy|7c<0F~5ZEa-Zj(ugzl
zW7JnoR+}G9`!;)n8n1^eL(H{2PdEGT9<WLEjH`y;*3xcW^&NBO2Wv~ItKaWR*UvLC
zjat?%yJ{Cwqw)n7f7Fd_H*0I=wv<yo8NE2zF0sLOuu+OWaaU)7HYZE(M*YnDOzD%(
zrzaNd_9yG3KS~vs5&=lawn@hHrUC?GPrf(hdnGM>ZCmzz9c1f$`Ne*IT9@&$)&JU8
zE?aALOZveu*Rmr?Jby9j>zX6;z8wBk&?<gtPiLk)iiZE10_OUY38cPPzWKFfk3CyW
zW%3vczhgW1;63j2UDDsz##+~Oq{~`lGw=h57ir4$Kj_>4(Zv}U{+?)ZF#gk?!NK@H
z*)tkc$3EkMP}fhW&MWagom)P+RI&;ASO7)Ya(+2f?P+9d$FHB85oF(uuYY$G8VS2_
zfq+V6xe8@_PPNEx`b%=zO^80!{m9y^L{Xy{0=bzf&m@l^a=M~|Qxwam4i4dv9Lj8*
zy1<?K%J)$4W7{x>9Loq0=yg;-j1PEB1MR;ds>;&c7JQ%Jn98D)@jR;#s}X&j{;CZ*
zf!%XEqAr+%-MV<><ieEIQy#B@UK{Wfg61^>Q`&+`|7r4q2Jbu}9n2&AYVU`7BYBI+
z2fVh&^eAP?3N(P}_4s?>psD6zHY(SL2fJElN?o5DN?fYftPrzObXFy5;fO<V)K53l
z*#=>IbH6Ee$^IKN!z~x)k$YxgzcfTPPRoaxob7OvKs9uw(a7NUFqEBVK}*kTPhxQ)
zBB)moWYsyvVFI>`tu_oq>K^}i?#;gVP6*oY{L}6yOAQAo3<HXcR+?07rie<+>WF!%
zL$bT_MWsL;CQp8AHk@U%ySA&rJ|%H&TUDXQ(M2hST)4mlnif40YWy>8S_z-2F`7Rv
z#ORdI!|B>*KFqQM(3X{f%V>20CGi8P!T=~D7sCXj<?J6kSl{7z8cD{hiRg2~<i-Z$
z&hETO2ZzH`TJ|5q3E}{Qpc9gk&ZT(<O6GA(>3g%34T;Jm1adKba^3Tb?(i@mx=O3a
z4ZnNW*pb6!kqNZx+Gqq%;X`sGI-WWzT^ZUCu5hHrYJ2JoadHWS`(cQnQIK)XY*3a7
zQihQdx);3ThKGrKCiI0ETmayM_hO*CVnJB&;e}-JA6(~iU9mylbi<+!TP6Bk`J3(?
z72Bmu&LjO2RidAaWAP9eAzWl$w{@R4t3tCp$=*G?Fs-`aMC^U+6KQjucEQtCB1YyW
zj29;W9D-+vtJtm^QjE-2Ud=;!FJYgYsHoU0figSueJiwVJ2P|1eL9uNDrA7UgaU%6
zDxzusm_}crZJ7meutCL9A-CJo(oM><mF$D?1X@IZ@cM+X7JhyG91@0#iBE}&IFnN>
zD$62xZZ1yi54*_-WPCT}v|@iYw&;GOF~qKxgJ7_e!TWg9xF%WB<~<BpQ6_=uU0T^(
zwYnXZ<)`9CVgC>CWx_pwN6FDL>pr<3kuHgMnVcRLuHLg3C}5LaBFhX5G9Ngjcj`VI
z5EGVbh*8pxD$bFWc~M+2gAxtIZj=KFRnv^*R=`8wbPi-=vox*lz55uXkz#SEW+iHB
zmggsS-u$}0uEEqB8j>-0ivMh>p6U0knlWrBZgML%Le*@Kb`&kywOVid)x4E{QHiZu
z0<+eb8|NGy8_QGxT(v$Ik#eatH(HKg?)7f}+yG>1d~t7SaKroY?BNccq}6b^{>||t
zK#?(erZGH}u-x28P)dQQ^R2+JQB&QiFHV`aHF5bRKE9h=&NzZk%zn0hG9Sxdg?bI4
zwim!n&sAcdSB~E%CQ}~dO>Jkvb7ic`DB&VDK&vkIwUnidZH07}jTi&02Y(umn7NWJ
zp2C`VgrZ`>fr`{l$AKmTiXN_B0AZ>P^_!sd37E$|7|IL2<KrO8dm7eA?d|5e+1t)5
z1k}b0@;~+PPnG+#<7TA)YgLSc`HyI{KR*4phVRcH#Q%D;|D)miKQid7$)E_7Pu(Zm
z4`FmE+@S3Hk&{O*)U<#kFe8x0J;VEN?Ko8FQ3=J+yuulX{-zg~O<Hu<EoA6Q@7oLa
z->(j6eHAX`OQPN<LHeNnkyQXOLijmQi*wYNH`g|wgK2c2=ce`mS1KWKA`*&n=n}zV
z#9gL)s5?Dn4&J`i`OV3v(WgD9rq9^J{C*gX!eHk1<Tc!!d3F8VE*aV69NFaR@+A2d
z%59H6NBJ-=CIN9w?F*cd9>?{iZ+oGD>-e2xU~W(~)Lc7dG`$5}o~mTKB!)aaA{b>=
zJf(q#NgIyK1XV3;I9=ugTVDrq67ii`Jk)o_YH#hegdhO3bbN#C4z1fFm#wvD&?F==
z9Ed;x!#N7%vVwQjWgl9XWiu;CU+c>x)}cwAd;?Gvu+c)`E+~p+gFV-@3C$S~9Gd_m
zk*$6k`crFzoddL#J)A-s-r9@}zawnHo7aG|BDSR-U3y8x)!T5O{N=v3?IB37j%#&h
z2N9+>g1Sg$lc1V&anSf!$kpUpeytr$h#onb4neKnmAuf}#wFvJ2AWC6Jnp%Bg>^^}
z(7WI436we%k=VMJfi@!cRd!L3F3tp2uLkui!7llkL@sEPWz54O$nfurMXIg*HyT}2
z<SbM(V%uYEJQ{)usBr)P$JjeYXP$M<!yVhUJGO0gY#SZh?AW$#+qP{d9otUc%-qk7
zcg?KzpRd1<*L8NCeX91ZI;w$`Q>oDDmFEH+$5PNxD-GudjkN{~s&M-myby&L?2+WJ
z$029-<A|yPlwXX?8t`36egD~3S0ys&t(KsxBlKQG{GAFdytZ+q-F5vK#*dP8w2LKK
z&yLTzjOWeIK`KLBOD{1(%Gi3B(vDJ5t+YbvFf7y7^#*MHDg$#x8^Z}$yY&3@09jQ#
zY~S-6nt*}P#8_z%HDHqu{F;GSQ3#BfP`hgfmyo(`)_l$7%<^MRz@@#Hq0w18@6<DX
zh`5<^c+c}Y4MWy1Jfy8O)l?zg^b!1Cz?&gxnmRB!W)#f_hK}u<#qz`3VD4BEBzGj-
zV@X^e3164(>x$4in7cHR$6BDbpA(L+N^P7IH0-S35x#H0h}q$*en_soK#*9aOPXJV
zpSGi7<$3)wHvQ2Xl2G$#?*w@25e&lrnEn~9<k7f>e3(p}ijMw@Gk&)=B#k^s)b+U}
z_AJbs;%FRrT#RLYXAL&La*WH$*|x-}y?xZ}gq4w@c>!Wxi}-`!(}%&me<ufT`lY1=
z5AA9dX436Kh;J^sAK=OA$1c-{&t6%O=r`7sZ;wO(Qd(`byoeqixcfR==&-=Al1G|5
z>vvCF26s5OOMV+UaQ7v#g@Z`qZJb$j%6r`QZ2^~V#G&0#TDzAZEfuWJnKs<Cz4kMz
z&9p5-?wXxl;Le63BBX}KPH>?W<b^mFrplE{L{Z!6A&uv@Kx!d%&(D1#_!t%;>{V9P
z(#78MnTSK8qEGgw1#yMmFu0y}A0TU8i&%d}r#~_0UwpuSl@a#8(VyA>q5iC_W&fp&
zeCf~4)*BfB)CXe^L?q)5oNd%t?QucUc>dIUS{j70Vy&L$-mX=|Yv_XVvB<rA7RT#R
z_7^didVB)t%g*;12|Yn;;Ef#MJ)H|I$zP_$xZ9+-L-10u=*UnkK3eA&TVP*KMkkb%
zJ448Fh+<-Z$KS7p351@|BE;DI>!CM$UhkrGV?cEPyUq*5=Axm8V2|_YBq5AnSVOI#
z6|27Tn^?c{o5YD2)w<257&><_m^C3yzE-BdLHl~}ImD0l3t&hMPi{gs<yYc~i7c)W
zB6P{+(E~`vofW~AyMIy~B_>FsW0mmQY79=}MT#-u=(^im(DJn!Oj!iPnnrXn%MNU3
ztHGXL>e@_cwE|PvB~SExsh`l|*l+@3yzJ|-c6wJp$hD9>aYnB2j`oar;Y`HyV<*ua
zkGyQep2JRjj!2Hzx=3wCk6?vq!2D}rSR`Y{88H`!7TP;DF>A|bE<jzyri=D4c2n_V
zk*n<&PLfYYN@gh2;xb?M#>Sc!TA<uPjl)j0;?pc8t=W(ACQc9oj;Ob0t;Twpmsq{+
z+Cg)4-{;7#e-Q6r)uRs)!^ZsvMsQ!U@|n{?e|Ai|bDphAmCg6-WgUF*RKEfXT(aEP
zOsbA4%}bGZDO)vvo%g?Mq6xTVVnfIQZLXIm54}`ApD*jPw{zzcM^{AXbt3$z!0=nD
zL(~T%6-*8%V))^Kr$S{P4>xiI108T3+&_o3?OncT7Z|B(cgL)eObPkBFpn!fb*#r8
z9hO?Yi+o+7+4vxa-c}#Vt9$tNt<}k$x1~Efz-?Wr8MRmK35dG;DwbT=`=Uj_*Au$!
z<#tKQ3`!2Pd1fK~z4ytfDe)w5rrpm5=B34>vivC7TY`gf&B(4YWByf+MlN_!?(3zM
zw4RETs|=tWD<P7w3tQgO5Bc-Bl6Xlc4GV>(QXiuaWA0&VtN=sP;GA;lYIvej+eKUa
z-0nPI=TafhP%Ktl^LhTt`>KRxcczHqXXk9OG$nAVC(=!gZc9T9<EQn@uWg(M<6VgU
z#8@u=r(xgJJEoPoz|h-Cjbba=@ExZ`HwLFV*V5RR{tD@#1(`0dcL#%zpH|s4;Siut
z%{>;xR&qs!-gct^>Ww;c?E97_%2x@1X+u!ZIx;^q6y2%ZGq4eqZr4%WxZai?Yyt&B
zsTEKH^^xIX9Ix^6?wGL7=PR+z(<U?yTI0qS{LTS&(9f)FL2(o=zV_~=0c6sCPOWgE
zt=n*AeVUPfHcK}i2?nxwxXX&sZ*n&0l0sm#iP@{4{pP>Zjj<;}!1~g6dr&j2ntM1#
znQyQn-7e_c-z`4YW>FDgLA#c;Z%LleMoaT6{)#XERbJ^B{xc-V&idCd4tCam6vmMd
zLvP(n2Or@48QRn!#uVWbO((CLU0OOVqF>CBYy(k=h=uL<a_bIZI-s6a5oh%3emP0%
z?<2G<l69-j)j2?hMKBXcDU2*d58+A@2W-nEu`Pz2+p&?6<$nf#q@cY=ZZHa6ryE!f
zuTm>C&WH<U=U<Nch;FE(pAZt!%=1cXO5rz?PgD^>`g53<DuaUSr6##(%{6ph&DvgL
z=UuFY#-Xyk5tMcB*#bO|E?h%!k1RQ|rT;7d2k;c|gU^LT3)g9pTKt@|A*^)UQ403X
zb3PIiJEIYH)6U**7R~YpnV*tZwI3&eQ8aPRTS2FseSIOp{5(@>KEYFo5kb&8=H>GF
zmN;eCguE=}n#0<CCt+Y?{vf3cfOW3nJaZxlYAMHZ9fp3x(q=2cu%Hq^^+^TIie85S
zJv**bz?Rb<k&)WRx95@h3wM@XuyB`Xw7>pmfBqAH+zE_K|7}?RMl5IlXJYx6mHoe0
zuPobs<*7@*Eu^JQ5D249Twtmqf303I)vo-=7m#;)yL1lBMb?;YRPC4EroEX+W3>+S
z2sBOaj?da*rq0XarPZ^}1Aa1nnDOZR)kgkab)j6HUZtW-H%g>^?(H3k81-$3gnDO*
zI;UI@r%EqP6vhrv;zeU~a0I&1=nkoU>jR0~B2PxH?p!nmRh+BsRxD~XNAAdq2R()p
zJnD5~ZfOFE3*+3O6zWM{kHS6$lC;4$Y{<GnAX%ztj8cF%bJYTumMd#PgF&PJRO2g|
zjT-c+)zjC#!mg!CO7JsJRzHe_VyMRIz-ta?ecWnqU;hW-PvWcPLBxuJ3{-#qVrt`U
zrfmr~c(bTz?MkEH#33qWrhsc(+?k3kEJl9yg3bbp+pyqi?(h`1*5rn79~)Q>npCK^
zd(lei?ffGP6xt-G_aM0BuGFBOwX+<G$17vWRB6<n7)|ji)d~x%A)DAnA_4~>ox>Sa
z`J8b)Hq)fEuL<$^=fSB3wE80TEM8;$sy3uBt-IV0Xt6a!vu9%ZQvqmL4gwTVKOO~a
z34~Jh_seOA9i_JJ#ixn#V|y;JOEKUCrvh`pj<W5G{Sipy1y>Q)XRa>r)0^^UPrmnQ
z&IkDAk(t#KapB%B8kc|7o4V~861f9K=q}f_xqAUtY_&97zFj_;c-}9vX^A-PQ#6Z3
z$!&+|V*qfCtm3;>cyuC7QR~+bir3;n+f{6;(s5shMv&5ooXU$+Hz9-eHL{Iq8&UGg
z?6nt$Q8Y;TwZ@f>o<V?-Wc*71%M&!Pa+r$kcp)_uA<a^HsWg9eXnr6ya{5vjka#cc
zFhGYA!?xyAKx?pg|DPVBWH>ghmU=-MzpN6^Twr%3l!g^sch`m6>v1VXZ)tRQ#=e!6
z3B77XxhP|mJcKWfLFEu45=S@-t0ECz&@GVovek4s{@ieGq`pfQA*%coELe68RQU4Y
zgwR1cr(!S-d72Mw{Jc=k+~K-k#*Ua<o38KH4ZT@L+i`qQOdad?n>o69y)|5ur8JFY
zn)AP}oTNg8w5pkxi{Bx;@1L%=55kzCQxwaUH2`E^pLMGQ^PJt3A%Wa?56)MRJ~-@g
zxMP1lXsE$s=~XZ}8D6w>ah&y9e-m${E!KNuJ--An4fhO6fl`aURAp4pqq8i;XdudL
zJ(=nKwSdE>**M)5FI)v!wbyhw1j?lA`V&_3xr^p5l8kxZogQEWK2e&NN63{ee;zVi
zoYC+14t9y)_g|wg9~g_0#f2>O90gJYQa9!7KUm%iNWM65w&T|911m?=hB*)FYeBpd
ziad<8o{+%dVKwYgiF8Oc`JQ!04QJ4s+k-&U<JxkiKiVUX4USOp__Kmy017cqHX>KB
z>)La=g0@rfH1E%{%hx41#gE|qES{xO=h7>ob;d^A(T%wzm}3_*``G?T()buE2U^13
z)#bv&EOXQ8se_q8xYXKj1^5me-=W&aBLt5i)An<>6)zL7)2%fm&$N-jw8|j33}b!e
zEsv1NgV*~cgng(zvP%>$hQE)T_v<XuT3>l{&yb6v^{#B4Puwcp!N5KI*8D3R{#Tm+
z-v>O~-w>K?|A^2mP+7D4dcb=gs+?)WVPNbC@9xVft*1D|M(R`U9Xq`6#bo;@0vp0R
zoOMmni2caVXR#$yBT@r)`clrE__=+@xNMGBI({bHUeNezoxAYKbl9VY!5`3c?z%$H
z5QgyE7ulFJbbK7SumCz(tATV`(ft5~kkD0NvowSwd<z3Sc&;u<XT5T|jk0gE<>5SU
zToQrgKA5u1hnuybZfS9?n(O6zRHa^m8~c|jFUdNd%Xi3_0ueF@zoE;B-`j0gLce@L
zpn&q5pM${xSllaJbC|MxR_s;D)q=J1*3fleUCr3muZIGcK!sqKlRz73ozCq*L}rSb
zy4W&@c9-v8is90jwaR9_*{O@!4PO;6TwqE7Hiof?C?;*T<T6#Da0Z{WO!h-khT0+Y
z-7Cj(_4q)43cM-b{H#GKpregH9F(!?i@>WUbEsK%r8Uxt6VyR^yCSyxE#-?+M3yhT
zSg;*Eiro-<9I0?8L2WJz!d37hJdC5uR1@bUGcz21RX}oFHV17<Xhu|viNSToUYUDd
z%m_l^KS+3xJ2{WEqzV~AlI}xC8V^QIA;}0$MckTK%iv(kM0>3x<csakZ$=9y{f#$=
z09?r&GP;Do$|YyoR2Y$L`GyA6+X^P8PMLMxEj|w=j4B=%9z$OMDUr4)!Bnk`N7{1M
zlHBYL9dx?+IonWr+y5Mc_!s4LpI9y&=Y(?@o32%~!{9CHGEJn~8OaFQZousYf~SJU
zoU2^hN9kpy1t4;Vhz!gt%ee;QVF4eSEI^eDjk)ZP^_YlWrvR-=u^yt}C|*!Pi3U{F
zf(nyU1?Ra^9UFEbmk~-}e(laZ5dHHTI8EE|#U$3lfau->72!jKI#PgeD+Y$&C});M
zvaH!njFGLn_8y}0K+BfQOklJ7tKdS%(Bi=#q`L1SX3>)cjxxbNZj_SWU1wpvlU^n-
zN~3bT3c&@8jRYgKnF|nt5P!O-LOF(brKl7Wg$C+nHpAHOPNNxv{)pr-H$HaMdB90E
zcAt(1se{wFT38+`ib9EiB>l+yR<`HTa3r%wq(b&f5i~lZoRX@*arkpgy|`9UXT<D~
zqPvLp5i8xIquF)pwmtFZ)8JiYz7n6wXZH%b-~qOmmxU{v-Yz^KT2uvbt=~cB8UUO<
zYVC79778z{tyhDdXtjodcQm{A1v>O?d!#R~Ofv5eX2a^_Vf?!kJQ$4S#^zO!xfEi8
zus69$f&|^s3}{;j{l=?6O>if7m2X(>=d*Jdzz9%pa)k(fHiSUdleq)Y0QWCATNGz2
zNGZomy}^1-Fmn;Dgqb3J5}Jt)tns{bLW$m9-hrC9^GSk+G1V;{tv|*(%zi^#+3O)I
zXY8dY?V`7P@_@IFxkdfdY8bFzfHHnK?73p?(=qowZ0Xs0Uw%IG0MbOuiuoH%`nO<D
zPsjS7fkt||zscJA`uK;%+y9eR?D+4%kfk#~5ao|ro=B@j5Y4k(ZBb!aDz|8oQ9a5K
zSaJ3Z?=6A?Hiz`W5sKoBexC`~+s(9{=uVI<*{cbA4{D9ez3)C5H)P30>#n!1&@oY6
zrtty{Q}WT{W!!bEUS6kiVc+&7R(fUFa}A?opl?>OqREM$;{5$VqnkF}pQ1mHsqHVz
zSpC09#X{m>s@c*xNhe7ik67UfJr7Nq#icOj@`CAHWEjnJwGne|)YLH8^dVZ$A^fZN
zet5`3Vpuu-4-5=I@L#7MFe;dNKU6F9<dkB`LCPvoYa3J<Wy5=doZ<Afe@dVi68jT(
zk1J22P*M*B_Y;pomxSR<+l&aq#}YrxbdI`5(IY{BX}Ysie*HznIGV&JDMx0Vr~A4w
z2pg2kbPZ@3`ibCDfz3!1M+#njnNfkLT9i)E%>r#4Fl(2x4%N;5T?sygV#N2y9oO#U
zu<iPgkl|F;p^;^%({|Iz5P9|AY<1;#F*SXe-HNKIt=$Wm%BoR8^Bf=$JZ{C@hHIYm
zMwwZ#ce!_|)JC3soH-30LfbKtH;8z8_V+;(K}tmo8r#bxX_z1G*|T237pqa9Da)?{
z7bG!n!y^W8wKgTRO`L?VsBv-1RVO&Dj)O6`Sfx!?l3J5wLYh1EHe@4apftMBQp<D5
z8aPyD_BbTa#!93xsNxK^p&|Dv_+!deW3GD7v{vo}+blyvp`IM40;9hObxAV!GxF~g
zOo{m_EQ?H~!gbICK%lFEGen4x@N9M>IJ3VM7+<?=rN?p=sFxO70j$M3xR(8U5t^E@
zf9IX<>tr;Wt2SV{L~O(PQ~8KT99sC<B5kI)-CndCuL9s4#}OpRsX{Q7A-#|}9+e-m
zic+VFtf!!Qt}kBgH<e*G4iPFpeq;@EkUrCLWDV1X&#}G3A$T18kimHZfPu&?(L;^4
z$jqF0(_QUBAH>L6`F3g-rFCHyh(~m3Xgeaq9uNI&BAq);!i&4dZk?iN-OWRE8%IUs
z%CYeBE0#?h`yoq}yzA1^w;-NPgVlmIKae?2Q!#Ge-$&+3{@{Rn21#ZP$q-_sxa_AA
z^Z25`o%P}mtHd}@x|$?kVnT<DTGqb9!(7uwHtMbLj=25b2M02SypQ6^I4iuIfIDNm
zkDs`|4wK4Nq`E(kaj~a^iDjNsq;BJOCuIg{+Ne^oW{7r-1{$InbzPoKuKd+MIu6Ok
zEHoCat_y|wQr^wBy>y-$Sr!#|U-pKN${yinmIAH+f(`#y@PEAD*qQ(H<ff<ln-P<*
zkN;@Kq#;S-j~Cp~<qNXCIhvSij2oT;DHxjRsgx$L@Qfd!JUvv1gBZsq_L|IQ4l!wL
zoR))1B_5rwsqqKzq~AP|zrVoIR-g3(DDS%Al`atEhb68ru{Z(jb=nZSp?HiR0zb}E
zTia<Az&Tg<l|sYS9%cu!Y&77a<FtEW^bTnlxKXv0-{nr<OVzd+jt8_`UDbWOeDCh$
zoIJZ;yv<=!VL1+T)xf~Xg+2&nUPh$@P?Lt-h`Mq?oO;jE{hTy}u3oYfuqQXBgxKow
zh&Y!Y^^~}DnEvl5{BY$4kL48YH){=T4gl6&Thj8|nn}||jf}crL(^c1aodnC3-F5S
zMh|$@A4J`d``aHF>muC)fa!r1GcvQe8Bu)XBe&7LFRizym#rFAx?M35-%46}t(+js
z`@oA`I$}_->gs&me^wmSUbK5ZRo==<#UH;c7u+toQNCb}24-(SY0~am5h2HC#2_R@
z%i!+w5@h9g-#G&t`EQsFP@fg7d2GgYjfASG^liB4Ej9aC<vfq!;A76bEF^?F-xuL>
zsLo+vPm`X~yU=%>I8QHmCgzu>;)q&Y>aD!!N<`*VPY3wO+p1C==P!AdJeJOo@D{s;
z@ebGXXf?1TxQIi1)SMoZXjc}PK6V;L#_<+=QTuGZ9ENRqQY+<F0eivER`H7lt7x~6
zw#r004}df}Q7-U35r<caR(sOsEx^CQyiooQ9#@H<<$=Qqnmu_FXKmgV)5~Dl9NJO_
z=c}{E21bBwCJZE=6!SknT6<Jh)OttuN8~V|>xWn^LR$Kau6)kpx>JdC->UjVO9M#S
zD?WYf%oBm|TzhH~9objE3p<f4u?Vv~^*Dq({gmGS2%S?l@MS7=BYRh8jo5r`WII7$
zTbS%%n|~(QvNnIznw$!o-Zu3n*O+m>l()S;hCbNO901Wv{w|VBoR!b>om~9j+?jqX
zWXrv+;`Up0V(`(Z6Q|hcSJLfF@RO$(vJn+e202f-IIdK`ePoLkem}D&`OnNlq<#dw
zW8(Q_{4`Pc{doTsdLL_0wG2#RQC}BCTWI-lU~wCdY5HLs*_#H#GYH5M{1M_&RW2jO
z1yR*PaTa-Ra*Esbb3jcDKfiquiw4_jL=iI{EK+@f9)nA^3;&<S210uLwfduT+nLTM
zvAunE$uhZ8WX3FDV+x2Om$GlP?+5|m`NzaZz{bXY)$s_45qgQ(Q(&Fkcas@r(~)`M
z3w0)iFW_KoIAvXneMD16$D>FMk8Gnto;(WN5#lVSmuayQ5p}3jzh*hQI(YAmNDlIl
zn<=Zs$LS@Q4$A|n>cPe3@`(~Fv8Y)5&x6iAe8G#T(u7js$FZf6?K5UJFLNze+=?c*
zLnXM#vwUoRO&NYu$!bKzGkn8FJ?GABH+5L#mWslw`BZ%t#DR(9)j{@z{s8f5!Tqa$
z-v6P_|A`L&G54XTWBjWo`t|W2Aymcxys2U_u=a)9_oWgxFq~sWViK+$7(9Q8%YKQX
zOaSV~Th0LTh>mqbMq;K8K$Dr=%iO;*yGd}H4=!}-MxTuk`hKwECby}v>!J7b5By{h
z|3eYQJV1`bu=Mt};|lxsE}`60CGn>sN(EIU_!Yh_`bYS-(SCan+*nt}TEXqYabX7v
z`AslyjhM4Qod}($=iIb_p!Y=KZO}3HLBu>m9Lf3;)gH)H@qv8z_Dcr}w8v5eOb$M=
z+%Iw(UIM{y5Leadeb)6<c%~0iC}e}%eQn&AP2}6|0Q}4bczLQPk5qLI--!v4obw4Q
zMPsF7xNmt)2HX|}ubO5aV&jPg-+)$k*jDAz;aS;pJ*#X}7@E`in5M7_k=H{6SQ50_
zXP$xi1$_0k{XAx4p8b&!pZq*7C|dPxk{EMpK2#Y~JMsFz_u@}Sckw!L1OA~ZO7huE
zlo;C(vF64z;brv@<9j*4pWuV6g)V8IrO7S*nFcOtf9NSNnE$otem#p!$VzCt3i90q
zMIPB>fhB|4qs;y*aJNJqa=?vZqaTQ-c+ze{I}-*4wMxzV%PUNm34wr>WK5;J*OzV^
zw^3==O=E0Dy4$Xak*1rsLGt)q*Eg}=;Nkdu99iCH$lGW2KoH3Yh7cFQTy^k?5sec2
zfmfWnJmnjOF30Iiax1ix5K;r%ka$BupyWYv&~QW>5ixDK-FLJFV+=rKOErDBr_M#H
z%Nl4tmhksF!*$TDWQP{E0!vUTbv?_-7#c{kSP5d<e9#Tq9EwQmMex@fLbO_{{Xwd+
zL<mYt%br8)M+p~0*}NYIjA%t5j-wS*mv+;_MbFU8cx`x2SQ61M#4s`$Y~X|JYVZa9
z63!Z9Vfy4xT<^C^HPUVO0?g?#FcA)aYz<0GaImR6fzZ7u`e3PrreS7M_dY2KZ*e4F
z4ia-e%pQ@tm~Iyy6<kkBEGcG}v(PttvdBMlUbV((r*l};D(eBkrH;S+7Rj`i4-Hdo
zlA=aYz?-TJX3pPh+&~L?9z<8NT!<g2QOj_G(+>15lZMGPF*HIbsw>l?8ZTT!4;*>i
z^j~sCsqbe<n8KEVo2WnkAsdQgVsLVnvD!DxKSEAPi_+p#^RR@juDEs#=G7b#dl}=F
zGF{H1h|^-Om6X1JDB(@(u*srf8Ua#T38X!@r+5%Ho9%O>FFHqsX-2#Z$MuPIImMxC
zJ{FhkUx*2F5}s(jvb%G`a;Uyb9$}hIqI`EAm6}K14TCChKa6?hOZn=p_e8q;x-Rs%
zepF?N=k53blwS}h`Zrz9pTO{Em-FASVR|~|zh<y}ef&o+pfCS{|KX|oPWl>u=cU0+
zQ)61N*dqMFQwt4P7|9cmx3OP*+)T>G8i-1t_J90B5cjw}m`EeI1t$o@&v$-ItMbFM
zR&c522fky0>oH^qunpd_NayEBG13*11-+~9`a~DP1!&FkfZ?TvHv(m3@e{_VA4bT3
z5=TNEs8$8z?H(G?=~*Cr!mJ<L3}uQ?<$4gyN<b2UaK0Y7n&p3NP2XCdvfdsvDYDn<
z(W16f8%^gdK{@O2GL8Sm2CYCCFS*RrgN)WiDEMhd3Gf(}28Rm$b(poF_UK(e7HvtF
zhv4|rs~s>0-)mnJWV=zuY30f^ha;-HckBih{C;t&1FK-=V6TS`iKv2^>roH6&+Y(f
zm@BCYMGz($>CNX^6=-yT3YwQM@7O4HtD_~;iX=`7^x%jJ`PNJ_wV2bv#;@Kz12kp(
zlL_^FLv?{^(V6lN0#u>|COhvoEsogS&f<=x!%Bf_oyi-noyd_<_n{L>L!fFw0m;5e
zn3QW#S7GqRbmS9C;)7OEetB_-PENL|8kJ;{L0BMEXz%n8xDU>s6SQ^xXqsL7f!zE}
zi9UC6@cc<Il7wA1@Fv;~JL_&nXlCD6Ch;c6lp9d~xri2y261H&wsaA4t0z4+X|$}6
zFM+clbyP1~KWK>{<VU&fGk7CqN|lWgztpd>MoJ$_4KVE5&0GwNxWixt7Nz_7q>@U?
zW0;#SF|j#7<l1Q8l20aj6g3UT{T#kg@E8~?MlN#%UUS4Kpfg{fp+)@uSK>8@nz^8O
zuJwZS$*FX38B1RVoz@^~ry9XGyv>M|CYW+!%(@Zu?|bnibtzfQ&V-MU5i9W|dyFEg
z3=(Q?-`+D2)`byet_KGuPX;(EI?JM*@%g)KJTAp)FD>U*<++@_b84tMFH5MGRH>T;
z-ZsmJ)?x@}m#aO9-nQA9P$S^=%KN?K=9gCCPglh-g+yCx;m(I4;$x28Kutf&oAiln
z>Rr_D)RruF)>Ip@p4=Hl8X;nU3iyfergG+$3Yw5@b&F58E>Nq92YXM~n;x}|0>!bZ
z7h;w%w->GHbsiegqu70K!?BAnw9$hM5=mC3hpt^UY-5F~BsJD)A`bQD<+k9iL@xA3
z3$OX3fo?`pev>Zy%tXE=b(rR@5j^TR@fE?X+mtVSG}-Ia2(n&kOSf7-ytX8Y^?s=>
z(ftT%g~yb2Fh#OLGB}cX;RQd%GL5LhY<36OK8@wDk~?x`*G@9U;v2`LGs9@%gr?To
za2n65^@~tVz2xuSk%D<qaur_0o!*#kc*fF82g57@AuNykSD&4`jjI)wJ2HH~f3!7*
zDg+;_qaW9RO^6mZyGswF_`8jiC0NaaS6*d{kV<p0-9U<Kzbi;^oO$&M9=nAcW{_b#
z-+p}X0(h^(J0TZ(KTzK@KcVT5_K*GzK>dk2f9-Pq#&Q1-2cdt$(KLL;M15HVb=*=u
zEE*5W#ne2r6-L6H=QCDHkp@Y_K~k|$i$xO0K5RLI^zQ+aB5_hL8$+M1HC>)VTJ`+I
z_Go$>Du3XiB2vYQ@>{!KO_LT(e!7bwr5Bnb2940(X=z(KZNjxi$mTU<_K<`i@$n~#
zM%4})C&-mSrsD~$f7t9(dznis+El56;zT9?ZNX(4!y_K1p3B`epIbd`T^BZRKLCiT
zu9i>&sjM+Rnmg`Ko#5Yb{v{v}cH*%M^uz}MBqVDi2>x>Lv&o>rS25wEfKq-FfWLtY
zE*~&$yvw8Svoq&M(IwYyM6ipfuI=4j;f%6J9pdr+mA;izUo9jU1DYdZ(2t3+(Tucb
zqSlu@8Bl>vAGU>WA-TgP{s4d>u9h=Rr%+3_6mbEpxohb+*s6KRb&@+d1P~^W^)}&r
z(gFV}%NY-f>Bp`rERR`V5lY+!<ejVC2=`lPt)QKQrNEYFJvt7N##rm3GT+C@iHIt=
z5rM<2fH^9q*+#S#wU)e?8B=SN`L}9tq1`XR6T#9cyY{Vkl=nCq!KelcV)P{)Qn6~4
z);!6EEo<3_Cs<c9zO~V_X*LrADJ_m6aHpyynR*f=^(5+t3uI+gB(1)e*(#hBFh-M$
zizBCNjw#EZSs17;={bEgT%Hc3a>Hy<uPag?J!cn0Je=(tC-%E{Jld_9Eb;b%i+b~5
zgH871;?Epo{^Oie<zeI+r=WGf8acud@iXlfYZ=Ah@5K*i65O)8a)N?_4_n3uV@*mw
zglbDiYK#<$OXVLGpQ7jDayX)ue9Bf!m=)L~i!J=;usqI0sjvm%fh{;9RueV#9)G7-
zM}zdNX#=v!sLnUNNGf723?q!+&Qfp#suu|hzf5^sOPmli=Wmu-%L2iPoZotVl5D^B
zj`Y4i4MonVT+;4;ix2*r0{QdM|4|@c;pzWg%KqXr|Lz87{YN+Wxw3@J8XtV;>zB!=
zFoRWkQ-OTQcYa7S;a_6drMN5)%PSO{Fm2|z6>h(DHdh*Me<7Oi*_^P=eBWHL?tC_0
zJhd+dA(%f?im<)#WIN_7?0`QjV5nL!6RZ>2vZ{m1P@V?~&^}SKX7#=ZfCVTenB2Kd
zmL&}K1s^O?Aq<+%ktss(cSJwjbYI5!yaF}2T&7I244a4bbDJZ83E(H0K6^lsfKgmr
z!^=32(#_A0sY&lS#x}^jNyeZ7DPPeefIn$aKZMOWS14=pZQMiZAg*(QXBOK<QU5kQ
z1cgiFVdQI+oJVKFB)X3{!?I{KMs3z>)q&u!%8bZH-~%wIP|0s_CNE954|p$t-r}F_
zcETRv!5}DBKsY5HW29-=DGb+_y;c!G_pwXIXk1uqf>@t(zj~$mN*A{es7vS*U-lMD
z?(Z?ew(R-{Xt{RoB<m!F>`yD(v<B0vhg`7}(+URFNa>kTtXJgVC7_5y$wQzfo}jcF
z(vHkHf|yK+VIUvfD{CUDYiEgr7u`@g+HSVws4Y>Q3=wUsDH{N(0)S<ojAVMm*e9kR
zCIrGo?q3G0zLIn|#s|hl#4%l;L&J7m6bqnT;~~9}L{7(s6$PGxkqw*UG(2LEg0Ztf
zq&?0!fapI)PWp}JBBs>k8}vCexk|uIMixwh*gT3O0Zes@K%!<}yjJ$DoQrlgOY@=%
zE6E34j`~cd2#C9l<7sM@fVzqDVgTo(;>h~@#wB<5*eF%WxkZ;sfag3cNr}C@@oiIN
z!8y+y4|n1;H=tFWHKHw2P1MxhJy}HqO^M-3>^x<$W6+!c`HRvx^d0g2Gj2MnZMgbt
znyO_r1*2Y*qAU1$5AB3^F0YZ>%i3oWDkh{A+d1ix%Dbog&joYj;~It*cXun7xxtk}
zN$V9ZEUM}US=TH@CmV+=on=lZgRDuDt*22@PB}rKqKD`je|5QOhcI^wmV|&Sy=WVv
z1UQo@RE{7}6??0wJ)Xg2nIixs7LUi5CfxnC;Zpd;+{>`XM1xDXA@x%7zbUyt>*&vt
zV`KiGlKZ!s@ZVu%db)pRUY`;FX9~>F)~(9=TA*TWa~G#&Tx%~e{3@i-uHLGjI88*+
zR}9Qt;-4`vntYUkeiCI&CmV+s9$RBD#PojsT05BwGeKbx<&yo~T5c#2A_nN+?=oPE
z=rAS<v*{@a56?flLXt`OnvIw}q(T_{)VTcWgE<)dAUwbOCEpWN<UQI%e?&&k9dVuX
zYD-|&HS^x(Bbmxc)CY;CqM`bJO(2#%BPRZNDbZk!3lT6_1;k$UOKXHo%fyCIn$U#~
z0h!Tr=RrQ6rKvVx>OCP;&XRB+yY(GEi&+{LxWGbL!7ul;74rs@?&Wv&`8OjlsaFU`
zf;I!M-?Wy%`}<3g*CJYkWNO&$d55J|!Aq*J9{3wkWlAG8_Gxdqbv^ge`!nMwaA}r>
zs%t7_E2Vy;=fmtSCBQ4&evLxDk!6&_8MO`7;?+EeZy(gO30t6^Sj&!hTytX*_0E_;
zBe)H7DlM*qYB!x(e*fU)^vLscEy?MEq>G4UT5Ut(jg7-DaAcgh!f1T_q&S;fJ9){f
zy;%3joAV@1fMO+Ru4k%xJ)CkR?LjM8gRALreJj^i0$3Nc7@=k=hAJ?>ahaa_aIK&C
zaf_WX$=UOosv(Y95ZWOS;G@2u`H|hHg<eI`Kra)2Qdb7{)$Ka3%^D3OPlz@ORHkc~
z079QM4Aa48Zzx*`Da{<HZdWKVpG%88`yS<x$O?PFTeZDS-wt)0g3OC7$HHc(2}D!Q
zn}o0N-e5onT^C~=`l=L|8No%`^Fyryg>IwZ^jtS0#3M!0^}VF#4}fxis=ILvWJxR$
z8;sEAz9b#G-hp`od%pb5ss7Jw5(@*{e@`{r9|L87ob~_Tss4jw`hSXH=gJz^b9BgF
zQ&nu%bR{sh)}{!86qckgQsryD55HWl5Q~_9oQ*p<0bEzV+eK!?JFeE&03yMqGufSt
zId|H360H@%KLG>2&ReFtSHTLZnneBbobNq-1e=Ds!g&aUe-IUv9hczdT#LwZ>nGsb
z=x1*agEs;u@&=YWQ5psocni?Va=;($NUBEhyf%(;-c}mR3}wRiDmsjI3efvOH<w9~
zidk&Qkck&{NT)J8tZHndSe;zNRTwA%VE)jF49&q0uP(6B$$O+9JcG-i*|cW@D^quE
zcp9*D{IY|8v_4P=T_E<HtB8^pB`g5rC+MWkV7YC^S_B2!27v@>$_TP%V;d3d|J0|)
zXGPR$YHbJyZ-HL~Mb6|$`9{I$SBDtbA34fqtj;>S7OvIyjtYQ<;zJ>*V0IL!_KKrE
z(Yu*@uiL3E)t_1sDU&b1pTM+sC3Ra>-jMJ1yg~SZ7``2-AzXB$X&C!`sR{Mt+0IRs
zcB$z+^(WPJQONzcl0(+>;)TM~%=qMk^9QMuU%&PY@u9D|!DA0&qSo%p;msK08%NA+
zIR|E5Gkthw%1~2jSH(C?jJH%Gj{7zpdb?B6IjqVvyArEAvLspU`678KX^<?L>mX90
z52R^gvZxdPEujIvLiZQ{Y!izz`5e1PhvrOFe+wr8u)2M4wC0J})~wCnxDG54X&gH9
z8_{OT(Q`dijd5;43P|Gj?^&2g(j(~R8T@>ctdVgPB#szJm7KI<kpz%QdPJTxQRYRN
z$<vtf3R&eJFeDTqTl9MYHMVm<_Am{V?AS-m%xRPuszO#uFQeWvCA$5MCDcMu#}Omf
z)qg1oFy67Wk+He?lDiGd&<*6T*{Kvd-t$aQvk?4d)Nc*j@OcChz%WPpyDIoMeaiB`
zlJMUI9MIGKvxI|=uPXR5M)q3zssarFjXIAwt#TkP(gAts<TSUVzG^Uajz(3nugN{z
zT0OX9+ARV{dnytw4hsipPKM`<OOL}rEc9o9@Uya)aE8maQ+U`_sP4}Bp0tSrI-D7I
zdM!RS4H~|jrpGg@$JYonHsE5OTxhR##6P2H8{MmfVDa<2Y<9s6mW?-?uFPIX+Sc7J
zJ8qUGVh((GGdc1p^<*KK`k)3LKua66EqN+gs^w;f#R{(ohJr6$`=OHnr5D=-@WVy(
zrV&%e-=6(7*FPko)9!8Ce3B{_UKUt4U3P<RXP%%fs0T9fAe9iGzj}QB=D{?;2A`m^
za2)tbedNI9TwhijR{V1OE3_~<o51_G(&~Qg((?KT(2w~yIBa4`Qg5|o??{s7oy6k+
zu299=Cwupo*BzCLN&y+MJbQAcULa3OdBHY)Vj1NU0o1KNnKM)g72d~_JICLFeR!GS
zx|cWSCuA?(yWvok5%<TabM6$lXr|%EYtlayc#lZ8XzXw&Ze4G5{PUv(yt#Og<^0t@
zxA<Mmkw6JN&P(s8RaRn3SfunOf=}XgQ?+k*E16*qz2K=d>(pL+@ZQ1}QNl&Mp1^0S
zpzeJ!l);wO(Ib=U9haN&I3JrJ9?pWo^PAvW0tFQ8Fd&50cwf~KDaZwb#J_L#W`UTd
zP0wHkgrGOiz>j=|i=i4I-5Wy@a7eVdgSDy0O;7;HnP4Hs(d~KdMP9<Tu>GR&H}a+W
zq1iu7F=kI<Z?qP+74bMXX(kGInd=|oXXJYjyzFw^PFCV*AA1*aimZo!wS1yjTL9Cb
z&h!n@*9caz6miOzEIhh2)g}0+fqvNfD4IE&T^!e@wq6F*SyE0VJ>5XK*+!rc`XES)
zd5+6*g<#n)H*(c3i@crE@d$KNWBH%G3_MKy0RSycpUj=?{+Yj2)#+grCbUH4!tut6
zDtvHQUJ_AHvxOub@(A*ZWrh40fN&!6{E6C@s@%u6g!2YpiCd<XlEE%+ak!5UDADB9
z`->^j+NewC<fiiRy6Jb~>(?g~HsD?IF)Nh84H~*RTV0anfkr*?o;ukvC3cBSK%*Z+
zC8u4)Oi~+EoeVhXFn?<(D!=(K^T!DvjiZ`dBQ~lgaQZQTP~V7ec+R}W%{VP^beCdC
zK8BDsb3~^8Y{Bwm;&qS_nRyWwTJDauP}0{?XqpZLhoxY*FJay)m|rZ0mwA<D%|^)k
znAeScYwzr<Rvs;ckj0uK(_hO~Jw2^UYEaJ=nVuvm0jcd6?(E91t3271b8^)lN~$i*
z;e|?+INVDu2%#baqcO0`$NUyyoH%<t)|OtX*$2X0WFd;`JJP*jEmL%0jb+XVKG?Ms
zcir*GiYzGQ^EZ(5AAcHpIwt!6-n{I8osIj#oPRVNH}KzK;fl6jeJ5kFjt+6y@(xhe
zxdXXmZo0&y#u72G!YdP9m(j5n&y*EAg8RUM13PJtxIabQfU<zM*JM7m<~O6J$f>Ys
zzrD^#SaV3>KU{mGPT^-5Gft0}abcY=Znbw4@O>)HUn%@++qeCO<M%iDHwhv{|LCPn
z(x>##WA1}5nq$q0S{^Z)&PhyWmX125#eKS-VOr<$cHr^(i{`*kA_Jf`SH22Go3|m+
zb9i6>@vl@tCK7Rf#9N){oVM}M9tEi+Xx!qQtMN_sMf75|x$OxE3zc?NfTREuiN&)%
z-p?;Xt(32M1>gro2GeMeIiPQJJ!b6?BK!u$EU-C>8sx~-dKF4OKET^5MpOrpD9p*J
z;%M5oTGl1T-Dw-j%7o;a0~#7HJhrx5w;+{75+&ofVT~dSCKCJsE<=5m$pB1<?6|W0
z*#ZmZJ<x(2u5eBJ0%tk#>jZ3e>)Tbn*Dwe5n=1iCU^%m;PALbEhEaEl=jaMK7}Q&O
z0mNtA8vxne85duJP29>>3hJ&mR&Wh+fC~_T9~9@4XUkA@siTDl2fe13HK4PKiOPrS
zBZ%+&#sN1M3FS|<3t9o58cFkXWf*>#ENAP2Em|yif%U!H4~XOpDiAmUuCyL{I0=KT
zNFu~iZ#HBlKO6H~k-=d~eG|Ssr&khLOdwdXQ{s`hGJNl)qauYfl~4BFw(2hQY0&QS
zRYD6pYe|x{%-QlN!!Mw)w6~lOuxOIR4r@OJK~>(0aF#6Db9a6$B+%T%gD)C1JSku^
zM**qj{Hz*hQI<(a_!&OMn-1Biau&kw=vhI|t-9qnh_MzGza4p~+#A+2*T$D4FHl@@
ze=g<(q;t@f6WLSfg&uw_bBkBP7N-zlZs3cFp*w9As`JPN{$<y~82qJg%#26epeZ*W
zgoyjjy*H8yVZRbfbFS0hdyYH+4ysiu!WR%j!ZF~GC99vc;fq_$Z%mHOzQ!YXcx+_T
zUU|j}U=tI=wD$ilwrs1}1NX-m#Leeb=?SujG`UVv)aV)AH;sa^4A~YXacFTkxao5c
z9MVlW(SrdazyVcqortg1)`cq9=unR6Ym{~8SC-)g!+u*`zJ9)r>-0W|2x7(y9H|_k
zgGnmz9MNr@K#<GxZ!pHHTm{XFklyQpZML$qF5dn$ebB7F@y6o0+Fz6KdcR_ixAl4n
zKkM>*%l}&EhSrajo{Kw($Xy$hiGC&?i`9Eu=c<r#KTkK93-7mj&kRj4+Xu##h^*p9
zs-|@W412o1WFCU`1EYF-K{;g%{(f=q{3iYO+Is-wdlc2PRkg_rLgAb8cd+vB_vn{Y
z{9k71>q+|8hW-mz{z*gMpuF~FA^`8Xq%yAYwS#bCEaByl!IggmxY-|;P4>bkL6lY@
z#6fJ-^m>mYA8T#ryWwa~dKK_Hh4H6x<TIoXo`7!FhPk#oFLy!pqBi(L$>OF9mk)9F
zC)Ef(jtryhQ9|a%`Jzt8Gy&gZ?9$b3tZX6OebHCO11h_J{KxDv9FgkcX4IA5bJ1h<
z9gpjIjkR#9zgIk4zUUuKjPqk?0%+@yN25y$wQf#+OiTH;YZyDN>*OCz3~m<_AOWQB
zJYwk32XP^CQWxSM3bAS(b8jA5LFvW{f{D=6RbR|o(+E6C4W1N!1X=vvXL!qA{1cLT
zvs@znU7d1bWaoAuqn{1!V{UBu(NUJjGtbA6*iVT3CK5VvM&98UU><7-WxYs`p#jX~
zqfy%_Xg|{V`f>!b`Bkqm;hmGU3!#F1Of?n)`U&4^+R_#Lb}F<h+XpN?tO5VZ764F<
z08Sb#Pu$-q4ab7vd=#ba!g`e7A@zUG{HQ$PRsa_!Wk7cYuX_R0gtlU?U0-d04UFXj
zT9plXySyZ))J%Skb2y1ldzpbz8fM^yDw<;y>iYS^jfpropbKiwX-^CJ^_V!jg+^0a
zV)V`8u|@zBGeSBueTEZp<A)F)N@YG%=Kyzh!+vT<M1dT78Lg5#3!ZOmCR%~Y@CKLS
z8x#OKj9u8MR0GN<;T2s(Ty$eAvV9jnzvm$j4>Mq<7QtGbkp6IXbTPjeP*5i$mhXA2
zo1ZXw*^dj$%exVS0A~7`tLxiaMCHcE+fs6|)y#3V22iHWNay-?U%+UC+}4%r-T5dY
zvF{;x11r-EgH388vA|xjxLkV!iTRd3i|k@HP8~ra^FZ|@t718NQxk<-t^+Kabyyp}
z**zs9R8{W>vS+F(N+@y1tWMmmt8ej_O9j^2-3KDv4X_l%Y@6axdggLj<k?&6g9TV2
z;n>ETu`zRSip`Mnd8TWbCgYrn>l0e@+$|7P4q%T|&&E*gG1bcQC!I$C)~piNDIUuN
za+wl*TBzLed#;rXR%y;f)<<o$z8NLpIkH&_a?%FDC<KfZZ0KRAu@pIW6i=iKt+I2^
zHx{{z-_@s+?4g9LPtfC_)%um@tHy~CcSoX`ob#Q#M3Q=Wr-cp4iDjla(cpf9(RhWr
z?Cw@*>saog-PFF(5<H@yn$HWivA2%7TY0fd9d4SX`B~ZL-;Ydrv!(&DV)c72jkR^F
z0CpZ8)IEP%9$1Z5sy<({+$g0KInZA?fBniaFj{JOkkYsefQY}8;%EA{G^G20ABn9x
z2ow5Te$(_6vF>f5vDl!0_rBwPA9+Os4l`8#E1LWZA^xSq&@uj}NumEwe#8IJ1N034
z$n@%K1^?elafKHCSZHi{R9;#>U#J#SS~GZPE|@Up8kNZ`L5X2U(?gPTag@-ii-KVS
zTMa^3s_W&1d%Ob}!5;jJ%BR}7Z&oG4^71b~?-Z$O)%<AxyChO}!!SZHzaEaOvb8;D
z0BcIVPr38$Llh<QY+aD@MShhOL6I)CaTnk+tt+B-jdz^%Dqk6X=T&pcf^=bVjbni?
zHGJchQK1s&j<;xREN!1e6Z71mfJF1M2GLwDLD~c)FG~k206swP0AK(raZt$i-UlAg
z<QHXqgo90~ITt_}_@$SN?>h%TE}elXu$qvR`tK#x1{1`@TDDAbv0=4M2!U?v#^P+n
zYOXIIBeIJb0f@#Dih8FFF&U@~?=5p91gAU47J|TDpK4r)B0JY%Fp_wueB8zD#)3Rn
z|Fi`XE^zV^AKBgz`A}N1Lyc*7riyWB-4*>S(ip4GY4Ax~Xne(uNO4PDEyxvg4n^Ez
ziu(oNd|Kj$)oh=Rna5la%!n2=lot|ij)(U+Lhd<YeR0itUsS3T`gE?J?6jfc!t#Ts
z&R$WYlr~G*j-3PUnT}ywqV!|4(Y5kT7AhUPag3S7b<?VtljlB$_hVupVWr=xmsZa>
zrZ_zfE4{SG6dt@`cxXO<Y0!T8qaH(^ixThe0M{QM&fp@2g04@+(M1DExXUgqniOC`
zEu%iFz90a+<-%+q+BGHp?yRla_jyW0))dD8I1To7%q3idFB??xMySHl+?6ajlXghN
zNjSC?m^a<YTg1}_pMpARBLL5ImHKR^R(k(&Y#LB<81?Jwc3DAK(a@~JY9=#BD9Gl#
z)d%+dcukA)BM!>VF*6T;GlSIaMJsb{UZK7)=LRBu&<wo+Yqw){)-}P(@cev7BGsyk
zxIceem>NM@Kd9CA3hq49)8|s=0KSk|0^{(x&XOs$F5)JfarJGe;gj2^_4vqqN{Tgb
zzFNZ)Tim+iv*!dSB6t`}T}~abFw749#jHx&4lBP1qt~w~?})*Ep_qu^A+VdLk7-st
z53dj_E$gK7tO2d|^YuQ|xLi{lzuwKk!27Lb$c<M$8kyx%H2x(=snp|OWzq}POcP4j
ze93D;x9%fW%7>wTQ{Jp*m4f>IfX{;0Y>!%n$G5k3wGn0zC$LNytYB-%ztm8{fP45w
z>PECb*WH(~d|YqK?P48Wz$3t&q5tgFkE)1vS9oxjX!0P;l@;6;yKaCG>jIuD!kG3w
z0d;5hhR4T9E3U_KN`L*dfr(H#Kh7)8|0ad2*Vkx()ivLG(qP`Ymne0JXjB1p&;WNc
zpbO?vy5Q{L`N57kOCqM0D)kQAUVJu1b2eCbWl6JgRQ-t6h@bUckLQ?0FJ{6J;n1Qd
ztEO8+%KbQPb{PGfbk7M1^H~y;OK*kgDDE}z`RN$oyZCp{?^p|xZ|Mr#Zd%e3EekOG
zJXHa62f#-@Iq~(+S>Bs-!aXk)=*~?J`}^18ugI)k^{=<HI^b+NZ}-7R3Rig1if2)O
z18#o;)}P=;&-C9#0D8v1;XdjAoUi+Ta-S7n8~m$m|F^+E36GKnw-#j)n{hm89Qb{6
z#DT*T{(;$K>C4<W=wa(JfjSrhnWf$XT36!mYl9!o&6fa5?<n(wvC0qbk)BEl-q-!a
zh%QA^k1OAqK^i|ZAHoEBw7bIUk{3iT?Ar%X)y`wMth|^Sq#B09FhT!as3=u9ewp9a
zw&#P4O&Um+uhp7HOd&zoAoZ;1ADq4lYibhe+nyVXclv~0Wr9*m>9$@(3z_g_g)E|5
z6faf?JWSBFHlMW&b!xRKmdxmP-WZM8YGTPbTwEZR@dKOJ@Y!DO)P`74oIWLVXY;CD
zgs>t(3Jd-KkYQyPL#TNZXdS|<H=Pm|6jTYO`El%lRbPsphbDGkIzw>=XoA<WfR3Re
z(1?xQ>c>l89NQ*+r%+{dx{JYGP8*0i^K7e}3qTiCJBao3@6#&v8qM~<f7V{iv<ZcH
z*9kxfH1b|zxemYSwg^A?YLZbTE25Sk%+C9EmV-a+M%z_3m=HK8RrjVYVuCrfpp)7T
z_llqFv%Q1Zoe{|kTQ%=Tw@}2-3v8v;rE;~FZDkMY0x0wQB)AlkfY7AwBalF<QD`~m
zX__fr=1aJ@9pIV{iaP;m?q%{lY;#mhKMKaw_wvcxQ4{wpqcri2s@ekOYExRW>pcK{
zm)#|QFmM#}CX<4Ku^hJjwrhls<6-5z47!M!6=1f0M}vH9D`?2>yl^XPHQ4RJifTU0
z%v$CXMqbo%S`5+L0bNjBjV8WC8qrXDl(ULURibZ1bjt$3%Rs}Rjj`Wqyh=HwG}B|z
z);_^gBre-uf!StdQ8lYbHg(LUw{g@!_(t^ZaYt>N#(`w3#YM^>VZMQmid@TacEC~-
zQC&u)`wDb6Cj91HHziy0)zg`Wyc~t%vGuRixKNL=VxS2-$5>}Xo?Ki8jo(k(g$mB_
z7Jq(TJ;DjDVqz)!Dynq@QZ}#)RA|GMzA|Sc;%i!k%&-|Dga?v`%{AXwgPqlL87rVh
zdR<T<k|?lXJ2nq7G%J9-K-2K*JCNU%JjkQF-%6RxWZuh<c6EQ`nfB+heZ;(fPBD%g
zo38REVLy!ofW<PVuN@=KzWSO{hh7>#$c~VL`GwxjU^x8LfZfdLAa3Ngc1^lcu*ZyD
zl$K|)daiP9kdMIbwj?N@1>%$VE?M5Rwdl+63#+#Z%^xum^t`6gd-0vYnLTLd?$jxf
z2jmmLG*4^kZ>s-46SM3L|I^w0jkgdz{Xa7oN{F4XTf;{Vc;p&bX-Kgxi7v;Z)mjTP
zY?Z|}sy%Y>NuW%N1cu%I?)eJn#E~+Riv$lO@P~890ulpF^nh2&Yl!E@;xgxV__mF@
z+H$(7UXufu6T6viL@ZUVj80zq81QDvcYkZGY^v&QC<h?UIFOU8c@Q-A))3D@rN=N!
z4yUn6Jv<U6-@{v>*2T>7@1I7N``fmrWk#>n7BlL5Qr05tI3+56Cj}}Zds1!erUIEp
zj>wAf?G(NP7w)p)4q(0NZXuID&OvLJV>vO;!I9WWAA$F`#oW(6x`XD%P%`22a~#|@
zGVc~hzXMyRO18^iw%_$n-33(+<PrRTjJ;EIrd!voU9oN3wr$(CZQH2WcEz@BI~7%I
zCl&9k_5J%@Z`*&h_N~+B^qKb<bB@vb)xm7Iy*o`54IIE%Ct$e0-3G3xr1<fx(p9NI
zyxK*HW&|pt1;jhz5em|HDT=`{@qdJINW~WHsAXSvwT!LCA@QJd6-&?Lg}P-jSlqTK
z7ygVH)6<yrNQS54z@4NBw!uwia|OMPGZJ4uJSelKZ-fmj)rljE)S%qh(EKnjR3JFb
z1<3HN)_O#{^qMmG!~gvsS_>1$KZ`Dg{|Jr#`zFisuM|aJAbY!wFM8-#EUHb5|A1t@
z@z_XZ<^Zi_Z%h|CY7`Io;;1Rr*Sw7-^UL-1wXqRPWUs~%k{9Of_F%dbeS)tC7kqtC
z+XB9_V^VJs0Di1k5y+6mhdBA`8hgSF79)VNx^(&M1J40`jkeW`M<tlvpCn_T0>a}6
zjPY(_^d)$-4BXz`Je9I<faC>vZ+40&MTkNQyDw!fBgv?MYcGTTJ#+4P^Xv%#RTcfK
zJoEsytqhnhS{@NJw}&$VKFpw5?D%c=SCR~NE_o;Z*Qe}(3%iTnJAYr9y4w86NoQO)
z3|d@ArX!-zb3}>TV2zm2O>zQ7UwY734MNaoEeu8D7^Y+%Ts?$%iF*Rj{{S5gSY1cY
z9w?ez;0atz^BdOdVNM`Ly->iMCx02K{s~-?vvH<EWMb>xH6SH%EO<y)3RNfXkog4U
z8Gv2hsl=FMIs5X;_NIHF8O^zLFF%he@^Wo+_C5h9;sTgA;UTz0vWMKtK*WS6pbvpY
z#eat2#HQ{=`h_|=FOFog<`ba0h@uP<Ihhk@h5Q{TEVem$@$nk>=$b&eacU{<iYlt?
zM^(<MxUO4q*ZlZ!$Zq~*34O{rCdp|*HJ$;{GFChKKGqM*Cg0#?HZq6SA;>1Uej?<J
zDpf6-N_02D6v66z<<5pl>^ej$f)Jht5S6y;Or47>LiGB&hbxFwxhV(u_^O@Kdp~Zz
z_n@DvmE6|y^9sP8aXzna&55w+K9Lk|$oTQ8<Nk9Y)>sCfDKiZf$~qNb72o9+&hcgB
zo*Pvh+{yrP7razDg}rR0A_pH>Q~^-E8@w)?p2CD^G=mQ0$UA3qybe4BK}2}uQ@G*~
ziUD>nbdkd_G6&;|7_ds)nBt0`W`kwaeb=C+er2tBoDSy~e&jy|_&nO-Nio306R&ZZ
ziSv!W-o%r-F6FGnUk&&4x+T&ZJhS_ad2G<Q&~~qRzFw4ew(RH?dzRG|`Js_jx>ej{
z%Iiqk7R49-4n3fv`rvkBH)U@G+qg7)26`R~d9>dFqyO}3tDh1NWH){7a-TeX{wDWC
zQgv!6q$Twx;)7uZ5%rbNSUa*efypE*#F}H;G2A#0Gl~~sCWhFhrYQK+xvu}DTf3H9
z!P#4`BP=j7e=m!^Vp>)#!?mf`5!m+Ex&;Y9Qwdj$i-ER*7gkZ7`O{kPOWjlZO%eN5
zBWY1zoU4gB5}S+$d$X;8wV6nl0uIKU3`O)j5r2V_63W(F4~jCSu{w4p7v}1m`@U{L
znBDRx?YV(M(r3%Wed!LD1%Kev9}33bRp77d;TK-zpQrC1@J<X2|BmnU1@riuK6j>e
zPBRrf8Gaj9w57a}-7do^Ni7GPjf?L{K>!MY`K{{M{PXq_Fi+TrI8mC!in+wUrQ@ng
zX9ogQ0usn~<f`(#>y<gM_@cPiuHjrqSGRA-pLZ{cA)1!Vh<=sIvvd9PV^N9+aImH_
zc>6GzF+hSbz+(<-lp^}r&N-(@C@r;1Z|CAo>dJNNbrovE7xjcvCKL_#q}tJ((%Fnn
z6dCr{nJ4EfcXr>Tc_~xXPWP}hDkGBYDI{kNUnZmhJ9_jZ;>+`VXzEz<44KTQn8ls}
zBQ9LKJw)&J0*Ch5_&9dV%(i2212c@(Oz6?ru_b@!;UHD7cL=D!>_`<f;i@{P`bkDD
zo-xQ-@}w$0w`XkAd?q3lSn+BvAP0XGpWl@MRusq8g!4o355}22P0mno<6Hw0)JW8e
zS;Slz<aza{$C$9OR`@gO<3QJWzYuNK{7PF@RaL2wYY$!^3yS>Y%G)^W!8)w7+M;hy
z_2XsQ#o(3HndM9Bj>+>9yX3_~p`+LKKJd{+i>$dpGAtQ_nF*{XX3X|%h2s<$_Es=(
zY)oZM4$W7)r^nUcA^nmf0nvFes8yw``zIJ~RDs(S?D^SR4}eo{$zjdnP)?)4L)~yy
zFiGpb5i8NyYA2gO9N%aa4EK-uyJ&R2jMIXT3s&l9q6dq!7~^Ka^$N1fgPbAN^yJpp
zKLk=L=-Z=RY>5!q2xnk4vDBx8RV={Ts39X2JucrZZT1yal^JhF6HW_&TnIJqWvqW;
z?T#8zP2%=(2A+eZHdZb)ge16%1T$$*S6Gph^BCuDsh+kb1rUwvg*V9$3g#w_D<_VS
zJSk&e^-Q$o2qq9odJ?CAm&NhmHV~W%lW&vD4iu<_%-e^W!XMR6#9DgSj@rydAQ5!q
zzz8O;sR~3YL5l6d0gB|oVuZ|};qS?s+m#@FM7T!a)4iTuNTP4UkFdJGH|LMNk#4(v
zE{86nhS@$=O|z<>88Jy&jgk86S;SdmS#fQeuUv84uO>!!lXW;(Nhi$22pZqhrwz!1
zu(0S@DHe-tJ$_6_uLSI=maR?P4Rst<sHK5|!am%}riguS+plE!No<K!Cn+h!Zo`_N
zZoHeEcWy-jGSdn&6+B;xg^pk0nWvfPHi~Q<+Dv9nTloB-9?cv8_X|M|d5{u!xxngB
zsf>3<sw-9+`%Hk2G`drK>uL3SvaT95M*eT)1z&V<w0%St8M(R(Ls`wSgfL;|7Ikrw
z%}|9sao9*|;5Cjt?J^hk%28;9+JSW45r;u+{XU_@UpM-O>I1|Hz#JY`Q@g=dVGz=7
zhsOkx1x>V|cHO)0@nn$z;!J*fsg4o8wK>F+PO4TG8q?J*cl!HyaVBaf`75y#>~cFu
zQ_2>E4+(HOq%>lVd~+9LsMQyPPd^pFYRM*c6o`m7iI2-fM-<NoZ5iGvmU2K0ZU^bz
z8e+BM2i<wETtv<J_{hwI6OSg;!Q4X6=@pQIbB8KBPE>#PyOzPOq+Au<{(803u(&JC
zMx;2)SaW(Z)RUVUoZemDA`pxMp}R35&4J>^c{kW0p0mu%sKK-Lb)cS@KQ4*YF?fe?
z-l1=YJ2h>4$yt@4?t`lW3^5w;b8pRMQm3_P-L2C2zIlB)ecpWMI(P|;>Z@(g)|<64
zvpt)0vN*+YdO+NEovaPjG!K&v+tOC#unKmYD$gun+p|nu5rWlT10Nc2-+5JYx%v9W
z$5c%!L-vVS(i7r${tk8*^|bwmlKc-5i;0orpPKw9*(<}plf4!z_c^YA$--Z$9#c$1
z*;hfWW04sboEaf3vc?D!gKAg4vWT!HLT78P##11Qd6<>3hV`qqF1w!^Yv}KR(APJ3
z8pb=`PzN->f{3)Lx^CP73kiG@6##GCGyDZ>uC1LrK2AYs09(aW`;L<SUTpj&3&-Y{
z&Sk$1f}bCM1wJ})yP|x!?6Tbuizf}hi`6W$`fIO&1~mi;beS=eBG*7doy`1YeB)kB
z`^tNpw5QlPepv?(wr7vF5tv)e6<##-6hZ+k!a5H)#SKp`{%N5PXzE0d$VdU%ZHo*D
zWCP9{bVgFktyab&?%;a}5|B$gkSAtxokW{Ir(M}65BhqwTkCY_sv9L(UQX3gfMy-z
zPohd5EtjU_p`BaZH;~#fk_qy2tGHHhJdnd4przqH+BbjIkt76W5h!dveEzT@xwi9H
zpjBa7JS2FhJ_;R&Qth7ULg;mhjVdmSgbzD;woO?$Yno&G)--ecNXsOCoFvx|U+C~I
zY{v-9VCMZ&M>*j&_b?^4iiFi;iN$b0)mKz|)|Sn%cs#jKgPG%nP(V&iC+4*D>g>)R
zQWfmDapIL(T9RPBFqI1UO_C<Hd@83NBoQ5*U)&A%W&+Uq`ms8xI`$&=glQX>srv#K
zS5C+Q%McIQa_rwPQCZqtX<29>l&|IT^_GcT8L{V&cG4VDN~}xZaazj3b=lCBQv7T#
zG|2(c*t8%NLbQZ;c5PKjXtKpf_2-YaPr6u@)Xu|}&6Ehn04$VeCSRUg`TDe3lcURK
zf43Vvw23Gz*=SLTw9ecPGfm#fsP8g4^pJ1l0XOcaVK<F9m;%>$cVyTizU<F1S0Ve^
zU1%FQh!Q>xDA{-oWP;8@DQh?NjS+N#?2YhfV7PbFRCdlU*b`*l)w8!N=>4w}lJNN{
z4|66`U4=`6x#Uj5jZFjO=&zgZnGKFaSe)Q$&V*mW1k4PZ#o;BbDF|rPG>tGy@B#rY
z{O_fQck>y{;9+!K)K6P<h)?sRfB3@w5xKJd<1S@j`_uN2?O$yVi&f_w|Atzs{cO3I
zhDQ@Z6fc>ACgHa3U^2m)+0S19Goa0jp+S&<o!C2^@FL#O2OMM8K?q$<iJj(o+A`u%
zWRopB<9o1E73TY7$t#XQyv1vXrlqAl>5RI%_7)F{svy9KMUBtJ$>9@~;Lm#@qdIOu
zCRcMt(Nky-r`!(){f%|MS0rYE@GgwEP%}py(=EJI|3s)m>Tt!4@1qzSW9a5;HQ2Af
zGhBG`ZZ4@*m_6+*>t;2*FKF5?QB}s`ONXLVvw?#R@9AgW74@6(TEdeLe!UhAE^L!k
zTiSU<!=h+oUY&~S$XXD7+0H42cqy<!mk(FlmEaQl7h*A$#h4>%e|E!Ebe2P_l7I=A
zeB*5B&q%8^ZbzUjUs(4uP4U_1eer$OS1mbz^8n0gXNB5~7WvGO$Gxy`%9=Te$~nC&
ziYjlc^Hrx+M$)gJ8m*mQzJ@MN7>8S+h*r*;eQSc@j&e&xM8;Y0Pevdjsd<EY|F+QN
zi5BAu!hMfYl1EvB`gx6vx(#|NzFlEVS4Fg}s^Em?S})}c8=y;3%;`1F@nX+BZEKI*
zP)?|A4&C8g(nJWD4tUD=8REq((L#iRHzb_8MMAPJb9O@LQj3zNhUst?4kb-BqbBqP
z9ZpF8rxWD#6iW%ftQg_sZ`L+xRY(om>nO*~0==!28OhokRzJ@R0bcAgIj=3<e=lEm
zoR66Q^bM8wzZLAZe0!+|NYXLgASWBPd3lZ<2F+iB?jN#Z){WJh*4#VXIXyq@sZYb#
z@Kr+2LVm8$!Yk<E*jjxN&hNstCT}ZWH_!OE(I)#~&c~WRoPrQT))T+Q*&@w#|L~st
zz_kSeDyQsFB7u3piG~ot)r=Nm39DT{xPXE^@WI|UKaWv}Pn$8RZ3G={`BpiNaqkB3
zV=%!6Z1}oQm6Wnvrl?%Veye3}9X~u20teCBd4&zPc4-B!vuP`Bmg7wwH1lLpUL?J0
zRt>eJfa-<o>02Wl7cVLpgSyUnr^WP{ww=LAto5)Y`VSj=I&$JpNvw-C%Ax1!_Shv0
z39#bo0T&|4u6ChxdegJQik50J=DzdBJAB-4bQpDdRk`@XrX&cCDN-|R+<H;x0R-P#
zSpidh1K1{1bq#QutOO>UzXDVU!s1H93zRL3%H;#kJQ=urU$efqKCdgTXU}pDNh|Bv
ziyG7tk$UA0Yhl&q$p3g;;Yz<5H@O>pR6n{V^|!<8{K>^kl^=S@AH+D&PvEh0@)-pb
z<HLHky1dH59zHT|-(9~#oV90o;T<Wz*$OwN6J-ysNy$yMq!HxwdvU}W6I4nTKU??*
zxz?5f)XzDOG8Zhw%(IwOFMlS(!fEw=DjmUS2u$Tn*gC$UZ<e<<FlY_V6BuYr$O`jU
z!FT!_G9NhwkK`vLpUfkPbaOq*qwubOs!IQe8vaY4$-w@9Rh$1kykY-WruSksslSFd
zf7@NOdgnBo_eK~podc-XZPr_l4eG!&F~zJY6iI%tUsk;zWapQOAr|smaRmTJy&XPG
zjm)8?5mQM2#;Vcac)5E=y!=TH^0D4A_xucai1ea2rB=(WSJV5;obA`r?sKXFCOp1w
zJ>thY{5a<F7$$3nLQqzJ!beI2adv+R_B#L_TdrsgYoS}A=|&A9&Ac%uocPLm;nML;
zb>*r@c<w}0=65tUd!rb(bOn1Y15!6eBwb9Hpc%d<(KK1o2{G7rPxFO4V}v(}Qi+Tr
zvfxx%)G<R|era;-!mByYA6J6nX&#filI{SCUO;%x565cFzO04sOyw(U&MDMrNaJ3z
z9$>A>oCB-^Z31BH?)EM!7-s^D-TW6uCDYNWV57z=c`ny7q-p;0kv9v>8dane*1BMe
zt-09Y6;>w@8P-2I#rU(=gisRboIeJ~pBTj9=DWNR@>a9Q*~wZU0}3WGcJjY7ToKkh
z?CB+<>jg)ecF<r8#Ul6Za$U?6?<FnIqXgPqR8sUM_&M)B7~#_qA*QcIRw>Wp^`4W5
z1GtjZ&xn6O+@@1DGNA&WEBs(;r|AGeh{)>QjMYwg5+8eyTqeFherjtGR~s{IyIf=A
z$@USN9C`B^Zz_S6Q-8kD<kFREdZ$2R0};H4W6~^e`URUS4<vb$ZXtY6&LwLf*v2@c
zLEd?!tW^S2McBHf5tUxoCbderln3y&Iap0t8v=ykKw)Fpy2JBIm8IHw_D-K%4g#E(
zrQ3l|6zmoZ>5g!euXvKd=cAbmxopTt*L3(@+{Tx%R^nGiztbtA;P{&MQq8VNW_zP~
zH2Q7P6U^Qe+9Sr`sX1jlS3;&$64o;|_lC3rR(Mdovdl;Y*%R_XGc4K5C_7A=9opt6
zSREed99t_A$*}mbVt(G}qJi{NwQ9ige!Tewhapwz!UUqsg~lQwY}Hf$ONyynyH0O%
zTTFL!5Hc&rW<rpL>9}M(x<ORa0St*njI|-9Ne<QHt*m;xL$%CAB6XaXh7E-cLg`>7
zyk>g>xE^}g3v>5$X+<zuKy1z3!ZYV!(N6&~eC%KHPQKq86#WV=6uv-p8Zfz@#?$el
zETn)hL|G3pme^&g%H*8$mnY<N#L`@nPpO#C%1bV7B$*uTLDP^{jc@CtX=7#h7XW0~
z$xXW`AulQ4)!V$J700BuM%je*H$7yC;|XYR1VVY3^|SPK&axn}5xQfpLV!g4yS9d)
z<1%50+BiVWe=e||8u6J2R1b8pvQIZG{AS54asExM<(uu8Rdocz5E{o#H2B!nU9f=;
zh*W+scawf%dH2$sn|7U#kyZwtz_=+Ps1GugVIFj?4$bltm#ezb0GWj8<aKNFR$s7f
zt6-amH3pBG$^qZhKE&{G08V1^T|};&Ay*nw>XxW>rY{q&1*^F?$wb293^{fll4gdY
zs|2(}jE!8wZvoRA9(wF63t$5DYP$uipq?q6xQckXWe=VUD?U7QOHrC8=xH9!xaZ3)
zrco6f@;y^mx`lX|0|z8BdHy(n9q#lC&^N6O0?7#<c*-UBv`72y;A=0kxDuX(mGOin
zbnmP;T4`Rt!8tcFm$^%Opm<3#L)kur8BN)kMPxBJtU?+c9{Pl>F;riDTxF8xz>R3c
zXD}Q%Vs4={G7~Dk(hZk1hS6C%y@?jjf6+QKps@&m3hDW5VG|AUkp9cy+U+<Us`Kcc
z0b%dW$$w`3oJCH8@W?|_T|#FbJCZp(tCTwe{<v6vpY&w1LfcaaMvw&A+q}oKj5t2^
zFbO&+xTL|sod&DB;@xck$dEJpV|#p}V-Bv3Qdj&B75(oj{rB#biQ^yjD+9-0#rv<H
z|GT39Es6c#cd!3nw!{BS*QO$0YKsbyI+!dLh9wqn@)v-F0|_k=^}oqSdVbN<w*&D>
zIC3V7V)=$qLAX18I$mpEg!hPx8T>|iG<aTa1_GOHlMwwjF3fp*3f9njCe{*A@0JoO
zu~CS0akf60C4m5k_%vi{miaa2C^hEV(OpI<Xs#R5NKb;7ACAF1+dizEJ8--3TsFE<
zzQ${$4gU9{UKUOFscfpqIlorU&N^PtxY`?rGbfer>*CWXl}S4pGi1AcZJUb5+&lFJ
z7d#wUM8eNn^u>+6DQGrpuCxUkX_E`PEGn{uRnmEOWhkRJCB5*Kf>Wm(SrgwV(R8)D
zy%{7IjN7nFc??w{t4u_2wfji>b>%G{9my_0+8DF)VoGC(1*)53RA{q+*@wRwd=>3I
z6WrJnf%JVJ3KxCH7tny;wFiOQvEq2ePShirSi1dY<1;Z1o#Mw?XqpjDBqoB1NFkN5
zljTE@x1@pKN75z1X3e|GTNxM^G{)bd1+x;WO;fQBek6FFO_Z&rDq9{bp}NOLS0mRq
z*gVU0k?eMj;>LlHhB}Gw!%sm}2)oQJSOApsm|;@KbD3B9AHaxfP*ItV|6um=sh-z;
zt_PbFI@N0>3w)mXHkjJ)q<PGZgHRwRIs3}onPxEPikzt6>Dn2shu1`r<dTCKOw045
zJ%wW;=Az6E12thDUPjru!S^-Z-tkiM2EXsVbh)J&jFX3OUVhz!!qGGV%e+e|P<a{<
zb}EoN!u<sbExw<l8j7;7AwRKa4e2n7S>mW-cKn1mop%6DwZYhdB`52P{DO7B*sw?2
zb$J^0y){d^V`zZytdmN(m<fZK=kgVwFCUm^30&P;K^pMj2p@4DN~%E;l9|p@3*=r*
zr{;86ovxO5aq_{+S8)szT)<GQr%TI;sL6$zii+untM*;>l;mmDxF}%=3rj-((v*09
zw+9w@Qoq64F#2{2!}!V#??r{spujlIZ44|trb&`VQ=%D%i&?u50^b`xp~SAT+GsUH
z2|tY;ta6m3$#`R|W1CXCFcSO1k301!qhz6EO>*-7j7yj_=6=Tp&J!H8{JTD6L%ZM|
ztwjr$z&?UO)sCTCnPP2<piJBejkYq{vqERw9HC<|XLMgUnwdA?^3J_m_@aXkY5Gu+
za`+0WbxU|nTn%mDDj|4$d2y?OAEdxWvynWAnHQwX$g$q4Zd0Ta!B^+2It^E|I;C;5
zMA|*!qV=@a`S4`mNO#vurd~>el%lfnepFavjD>lIk=o3-kKQ4o<iV%Xml3pFW6HHO
z%B|4D(Q4=Yk=dPhopH_>>BGtg^El3`nuSZ-IQ^n8UC~bzs}6JlRJY=-DY#{I)@cJg
ztEbwY=?>i_H!NY$SW)v}2;Jp@PqjK5Lek#VSvFXHvU`KdV0G=kx16QhA<IQnZ#RF>
zeA0cFXqP->&X!Gl_C}aL;m-x~%Yl(gX)xyC0{VCgB*VQ>K60%)7D|U!T||-OJm^Xl
zvh3hIF^r7~c=e9TuV~2Ve_VF`l@8!ej@`Z7Q>AHm`fKr*6qSS4ZFbE0Smh$5SPr!D
zYMCRi8(s;W5Q}vK+^u<&4*bp50Vo}V<pXa<{z{O;&a4_EG?%v6w+L9T#qW5b;45sK
z#Ha342KakMs0QiuzY3OiNrYf+J1u;An!w|&aB)|SiVsNM(HA#U^X@C$^}i{*RJ+^T
zP~ic3Cny^+OjurlihiH<`WY)0BQV6^IF)#a;f)5xwq^gh%gEou9a(XOaWC#yV@Q2o
zd`Of3iWOw_V}(K;rQ(A-C_9>L%(3nm#`OaS`VkqC;Qg{6ERu^>up9mu&BLDC-5JlJ
z`?Th%xV%4n41CJ}x);2Oy*A{6{zBlmgb{3+rd8YhoYNuKGTS@sl?xj1Ej^#UmX~y~
zvGtTuv@~X??h*W~-=3Iq#Fj&g_|CZr(!NF{gt{-+&glTglzf`*`)W%r7D&HyP<1ui
z^^~(G0&i)yulwsBEH!zy^yhivZ{K@7t!me!KeU(sxG27I)c#RHGt&Q|y)gbQjs9QT
z%NOD1|1NL#=S@XTg*BGN?8?uJEY1fblE<7GIrxdm3rGPl@r%n^_EVo|#3hw0r3}ZK
zxdE@QU7s$%@XX<ZnRndoFb=xV@JJh7yW)P^taL?1F~orW&W<f%ZcCFH8`quR`^wA8
zNAm=><Soeh&;~RSZO|8;C{iN|WA2;T=LQdJob>8hxI5_SsxZ0oso{NW5Z|LmkL8}X
z(vhq%@o=>eQB=IsoV4ScvO8JMm=`83><|>CREQ@}o?G;I*RhZo=+o~Ho~8@D;gHtW
z4I+r2FJ^H-kq`@XPOd2;NsOZ?dSE9c$~SUkEU%<=L&m@fh=K~&Jv-`o=%-JU1v7wB
z1J^1q8xOu%kQ6O&Oc+<5@A}CxPNk;UM#axC;i^tH7CM&Zm{0XlEmsa)Ms{egmNSqr
zs7_f#!N`xH8G*@2Mt#7@rdnBB&%)|D$fXp8Lu;;|@?+4~fW$CEd?FP<nB6laoo3rk
zrVhyFh`S%^qb9(87=7SQpAi>Y>y;M}`m%4W;a!7DhY~$4<~+y+q@2M<CEara38C*?
z`5Nze)ntoBdX~6&u}DTDA{h?ldbg-NT!dne*8m1IutUk}Vqo&Ds=?WqgiF+yCc2_h
z*j=|Dqqrp}H5!y<X4qK2<{ne8Aqe0M=mL}6G$Bg;<7U-e=$-;(XyV`jX9TRzW)c~U
zE~^js#ntQSkV~Xoyx1j~(j>PiT=Au`)93tK=jDgz)6GkQVx2%`**xSS621N~j&-8<
z>~1-Aq4eg2Cbt&KL>Jg~q)B{w_LB-F3YEc;x+U06AXA5%4g}Pd1V%$7QunCX&bOfs
zOw`Km6tCPMke<5omXdKp#B=E@wcqu%q-whOV8n$y9<bQl$|fX+5AJ;F2|O<I2Q@{H
zZQ<b_1rV}x5;yfecH1;3153X)r>2%RCMqUaVf^pf_aCM;t0a<zs^kSUD)K%Y?Uu*P
zBiPk6+Yl?&jZAa9wQ&%eLO(hq@}P*#@L?MSYQ?eN5F-RDm4_7!;A*gl;uo$%Q?vww
z4bjI*iSmBsT#VfK@VvK;b7O|~g;Tu|r#ajRDZF1h29)#R@a0Q>A71!ouA}_o9sHC?
zT^gkCIqCQt*>l0ce)1BkFgvCn%G<9Q&iW@P$kewc20@SolU^;nikru>^`?j@YvBQT
zQd>zcr6%^S*aH_uIkr2$R`GgFd&v0!S+x#P7HqftjtnJo#7Hc#>ECbMWs=IpV|7Hg
z5$gyjPqirq1JyH|g2^9`Dr8S<zHzFw7tEyE$C4DkkZ5)-iD=03>$PM}v2`iBQW=kU
z^?3E{dwx~&<B2tI;jMIz`2M&LT1V?6=>R5i1rp=@9{5v!Jx&@i;_`M%LZXHe1xlwQ
z`0&odXdcV`m#BH&qk%uKA4f$03CF~pH#bzjsQj+dJXw|waN-=oR_fIVNxGzpoAnAb
zTQ|~g$eON{f!%NhU*x+kRxRe;Cc0`HnqP{gZ+SuB9tL$kwakA8VHQi#N@xRPe1xUt
z9n~-9*DtC+<Z_dQ(LQr3y~Gq`a;b&)2&2Uuh!Ut%$G&%U3-Bxpn%-kNVQ6+Jp}X!B
z3^_cRXF%U=P(*Y)mt#R(bVzTGvW^?OC>dNa7w&f}lt4xp6*?c)%va-xy}%%24V(GE
zn8V!iyf{O>i1Zmi;>L#c*)#qaVuj8jY*{OVRYqf6{q77EF}5T(BM<KBe1TX~$J+nu
zhZ%nptfE{YEy8`Dbz_XVGN8Z{Y2V#udTUXzDf8ml%TB@+9tslhg$OyMiW!R~>utX@
zycOiUa#<CvYa3X(c8wk`qDqGAxJKNauPt+`+`5#PeCu4;b)L-QN@zi>90^{!#Ahb$
z<E&J8&Ficv%}7xl(!wM*JrmyQ0xxz|lY^q7Em$X@$guEP%1)6z&?a+jL`W|u(-d|v
zs)wPDR>XJ)5QNW>UhW*DgvfsV<qz`NN}mCYwrhPTfJP`a2lDESLIuqMP6#J*y|J_+
zm=7{v99`t64mtDsu~z=t`|zAH5Hx>Zy!7$9^{F?_8}$EgHUHB-{(i}@F#m&$W&E2C
z`~SRT7#aSWqyMW`vo8J@s^}#}2E`m<RX=vnm2yjxWH4@=Ab9|vg+7WoNQ|g+edCgD
zdxZ!BimO9q?RR1A(B#?5W(}Wvo&oZLe0Syw@zuL0U$M<xltlMtvzrG;eiVUk4Q;i#
zCr1b2NSBP9Y}gZ?rvrc9A<5Xu6eKxQh6t0UjVFtvw9=dOhyr(k%GPU$ZjJBNX0>Oo
z=R*^oNXFpYF(LjY#>{jr-cR<Xn?-M(88p2^C{6Y=8$%{dT=qGvZ1S3_{OJ|DVgpQ=
zFeL)!?r2h@)>corP+=(>MA9B3#w>dUa<yGPn`RIXDY4`eWe?JWwDaKx0#>n$%CWWI
zeP?Q2?6K9=p$<@L%-AnUR7xRMR@IdfK@o&?V0{QsAjPZ{Af$xtOuGozfZ$}m1aooI
zVW)9jA}d(Ik|>=8HxRReSvsXxpV!T7$9|at=gqNa$c7fCtX4_7CfzFR;aYRi!Y(6w
zW;57S5~&2{-VnH(N<ju6#Jjx6J@<60ciulKyyEa&GWP<=D;VB&el3xIX1K{$1y56D
zqu>;Ti|jQ7ldVzM2)b))xR0wB8)AFJxxr0VpV{FJHcaw5N?MI!xW(n<l3YMdvkHzS
z7HDH-r+V}}M5SEu`uh3_ne;VkcVjhrT%+_agh;>-h0ZrC%L=5rlLt`e#S|qd+sc-4
zxmZj55FR9XTEx&tGS+)I`^_R8_W;yU>4~U6(gU9bPsNam$B2p&;-15;pkW}lu24{h
zs5ptStSI3g<YHXPrgCjw>YWWd@?&4xB-ofcNjq5hLRnzgvkZe}=ePM&mamv8p7jnS
zbr*!ao+=df40FGMj5}iwY@`qepJq$yF~;00f<Rsm`?@Hd%CdHlEs9CGpskoPzh?pG
zD{+th*C>Pw-&7@P>SX&pmVIBjx_lT%Q4z?$&!7fzbYOPm>;RC#2^=n<e2C_$i~zPH
zG*Bi}N$5bpHWXNAy9X^dIq4f<?w&hkk<vtn$3es=yD{gSAk>ekCO8y47Ii8M@CZhl
z(n676^Srhs-f@M~DH}L9rbvb$Ay<_5fW#C<sC8WNk`yhXUS*ILQyM6v+<-@!<i2DU
zQF+aG_2=ct?NzXb&_8kbk~F_1;*h<zqw11I$Ea65EGl?W6+{Yg`zLl+q6g2`jjt2l
zW5&>pS=aN?#cQ_HNduD!OC}^0h_W^JLAJ{I3&@K#636rN+i@8i5vh6QH;BSO!+V~2
zW0_oWq;{@0K)%C~mLh{Pu+WdjBE;H#J)b6)4S4JjYwR(WD}|cn@@6H4YWghG@Fpf}
ztyp3Rm}gDDB?f7iQs4%*Nj`#%moe8S7aS2pz=(>qzq1OM2_A#_M1Vz`UsKo(O{ZvJ
zg0sj+zbPw&$)xe?|7NNo+kP(MtODojw2mfgAWzYV#Ua2IS;$pqH$`)ia3(O(o;+%_
zrh+~WYIc_OtDG<K=fLJ|+yMVcT?``b*XwNWsUwKoqOSg^jdCHMskg#_a&E>#Yy>hC
zsvBKD@W!dq&TlmrH1cK<K>aHQu(+U~csv(1!X7BryAQt_A|$@cvnOfVwWT-y1F60e
z)qGi0QPYkwi&Y&R^pj8R#vW0I)|@*_WMPdN`03+<C5CRKA$L^6+XG=JkxBW*GxRBl
znk>=Wefsv+>{w<GT=KNv$BJtrLvBL~*%<{c%<*?yWi7g`1|(<2E0W_EVfK^Us1+kh
zF@dnlRG&wqtn}ll5hYUh5%9Z;t5gJUUQv{yP`<nwRYK>ziTO+R1^gAts<C`~46X3g
zXLp$Q@79DHJp;d~eUOF&8Fj;}BR03(RCDa{Y+}%E*hGPByO=Z#^psieF27v1R^>1i
z46Rosvy_izvLq}HlB)8K%_Z194GTq$T4LxKQuFE6s%Y9<`Ye&Q22VxZ3TPWxt7jX^
zJro>7ZKmJ8Se##uhTp*PH2}EZUw6NRokF84A?u7og%fr*7(S=(Kp8$n3xDVvfA@mF
z`vx<|KLTV%#y{*d7#aWFP9st3dnWyt0QoJl!%9q&JT7>IamtussmPF1TtUTUx0j?9
zFtbi(<Ly<KD^Br8RP4A=^Ul`H5%vHSurGK3&q&>Qr&}%}yA>U<S9wFr+F&j0vFr*3
zaVGT_y6a-i^66s;3I|{~|9r<sAPJh0FR0+LdLJIKJs}xSRNi?@tCgzT<F()Gw%VqK
zWGEl63g<)sT^VrdR<~}w*ZsWt*&$P?x+uQbdbe#PVWrdfi?`CSH-HacfG_?5fA48E
zH~c+2$Nm9td45!GK|l5m09Lw|$(0=XylA#l@W9%<W0n!RhGxS2fXspaMirTke{Ls9
zkgvG65tnmOAJf!-!K4&iu@Q~Dxa`@ZwSdM05bb;Hh|M$$6+*PL&In=4!VkE7vq%?l
zl|8`doD-`{b%oDOEHK8Nkdx<X^LkHf_o!;a*`f+iP)wQ?eCHN)(b=hGgI5gM>f%66
z%9U-n^3;q@#G=GNtRJoH+retu1{UiRhQ>0qhb$!uj_hoHEA$gVipY+LBI;`j0wE~R
zYwuXDj`iPolBUEBF}s~aO*%%v@YQDU;GP46VQoNY>Mhs9E?^t$l91L-_Vp{xd=L)6
zU;1R2sxB8ATvA>%&L3Sy)<t0r0ba*R8^0CVSV{c;Fq4C@XdOZ9K%xX!gL=xG{LH4~
z2mvra_9H2O{gvCP2RO@W@rSea_xbtjtg$fuGi+sK`b*~g|6Wm;{)(6TU#}=%+UKv=
zFmmUeTIX2tR5Ucwo2lLHNMAN<;o|A<xG?}y0t6Ze`ftV}ZEHQ;aQFxLCNi9LlxsvW
z;MBOTPc+vcf`SCjS2qo(fp<NQ>Y4t5US}?GB^bm6A7~N)9-63m9<`7^%|G9y_;~=M
z@l?Rjq=YH*iAku{`uwE{MtZnOnFCGG-XO11KY>>!c8utyUp0!N6UcAG+2$Q-+ITwV
ztxXKPb*9nW?m(y;>&q2sem-_0QYkP{B?XV2J;m&QS@=E*@^ZH|lM*IZgc6aORfUVl
z`zf#iTGRc~28t6z7qwqu&|3yEiU)QY$Voj=3F}x8q3FQ|yh4dM-h7(;buFN%it|lV
z1eWM2JfM<K+hedH81SLFRk5nt8ZR!#`mW|u{oLg@?1ODQOgvy%u2`#3d?tDz+d^Zx
zlnvT3=rw?_QqEb2`+2}jqt&H!dp?JN+9a)m&K|HfsRjhZd&TUEcp;q<MB)xWAfV({
zX;O}vMJuxLg_FdJCQDk$2kX=6DcLr8RzTAZXCe2@+qOM)3gX(^W?rJ}-7(TbkfKHR
zq6Z<2HAF*MEh{hlxcIhhTZHMy!spNK0<K__nUAXH8|vnfR>LQ<_7hDaw#~3jexK#P
zzOj-VH33wJ-prx;7w3z0!@#VTM>g%qC^IxdR9H>L0K7Gclw!ARcX({{zs+~%Ji)4J
zy7<mc{UY$<(ZA0*v{IJ5lD)&8($+O?#MjWpb*FutL?+=dm&(X89%01DQ+!jLceER2
zIQSUEsb>j0s6G;6K2POE9^r83#8eGzX(}9WVC!eeGMMe%gAk2bm?ZJZP!e27#U>#p
zxhG~!ASRiUx+X)@$6``HqMk-#+o=VZi%rX$k6fCzQ+qJV0`%=uKlO%s72E8co4s4z
zS=|?tZi5qugC@JL{ACKdA*vihWu`5Ke;TBZ>q^4xInSE0cbZn@YA4-<najmONkW4(
zPg3F5XjNwAHvXWguj_k#0iC;LyOW>2z)o^<OoEwHAf}$s=pOKdk=|j|+OmW%q20<5
zme9F{ifGpAqUp1zIaOlm@AB~&5XCd~0K^zokAnc3U8{DRlWt~|iI(awKpu7ozA{eo
zovTMwf-|Xij6Tf}+>ZMv^JhK6dNM!@s-He)knLra%vLq{7JdS@Rw(KoPN49okft<2
zHom&snc}11=z80k>6QHZ_K%yOv1@lX2d9VoAZiZ6xxI}s&n;cV1Y$bac@o}$R)V$C
z)|tLrN}gsfLFz5vBFiPuBUvsLh)(yVueg%lTP*`DIDd~Dx|XturBE*CCoL+@U0cN0
zyV)?vS};;g*KNm6z1_KX9>G$jUav%>UT&}ZG@(Mqr$kzfjk1`mJ{OwGd8XcKBbpSa
z_ok=B8uuX|sd@K9yU_)!yV4LVam<6<Cr)4JZXl9eCXPQ;roYS0-(Bzvn)e??A0zW0
z1V@a_|4wj}AmFq>4<B;%f^r4=mCHO4VHBoi&M1wcuWh;0YcFpzgsM=aoRH`ktT(+b
zVZO60P+x^%@qW^^>BEohF!;`0y%ehBGdb%%JSVqO%bab9xR5F5XnaB)mS{cna=iN%
za1-Far)YEC{*`;vU>@o?1Zx}{onwuC1AGwLH7N3&O(W$x0o%iq%6y=}h#}5KDsE=n
zs?A;p$sT*=abu#JXV1DiZu!&3q*%2aQ9vW8;ij1hQ3Bh{55lv%i8!Vt2sh^=tcg3~
zmYa7(q_<NOt7E0!c3(7O$LoXSC~S1X7~5natzJ_}HK0COU8CwkHyw0*(X#YZ)*Nn^
zco3<)gg$Im@<3h#DXabJW#1imW81zx&zsF&sDit>)cNJkxm!>`A_?G5w6$xN=qCi3
zYd?4po2wXRFosSiI(<ly<!;dYmKIYWJqv0e@_c|6)gDpg>)x^botH|JprtqJnXFVp
zvz+6YaNPF*<ieEh0-lKFOSz>Q@oyK-y34`uBXOJY@HD=&Zqd1HLrbM1H&Bb>UT4ce
zvCI+$=lFY?$IGt7?iv;Po8bGZ=H*kj4i#DV>Z6jjmk~oFh56ajUguT>m=HPp+u@wf
z!!)ljIQM6N(1QNYY542pFthzvPh<Imd6SXluRGQM-qY0o$Gmx@_H);yg(<Iz+K(48
z&!(O@f5+CfWC3gh{CZejxp|?)Zj5f5DhduMk4pyyu@_%YFWc#AF22WKgk1f!%|lML
zijS0+IuaG+At@^5%yUQmHy-;}$~C(GewBw*Ots(Ve1Qw_Y9|R*YdF0mH~|DfMvJpC
zB=5&_v^-XU%9)!x()$9YXcZid&-#q$EqPrw=e&uoWBOe^SKLi!@KoV8*7n0NeM$jx
z#HfDzp#-N~Vym<WY|MyCvQsV11fTfvQK@OiV8va2PTwM6CUC$KwAeRN?`e`5Bwh4F
za|J~9OkxNYaVF>RD-BmB!b1<DeaIW1{Tjy0b!oV5pKw!kfN#0SX5L+KH`GV<KuYrg
zkGXFU-H;qq`n1H#AYsg5V;jBz#r_lCCFIIzzZHuUYTR|pspQKIqC{P^-_dWxa!@W{
zJD)E;14VsugIV2k#GKc3???D?fcCA&!Ce=54Z)zro9d*oOA%lK`lV)PiG{XFcMU>U
z>ZDWn2WH7K<ce^@u;(nOIKvziOmBd$dcQqqkxnpAAa|&_BOfstW4tI5!<}|K0{0+P
zWT6dde0demGSY5~5-gsL2P<(j2jO~+P#reyXR1u*yQ0^EJ-`HFj!j|<m8&u25YE*D
z6jBI8)^$zVk_FV5CatAnI1JM$LTlpZ1Q#~CcS&5&fP_yXua+L4>1d%y8qW{pJ-Ey)
zy0xnsGWI>QFk0HFw3UCvT^bZlI!?V7U^LBPJbvdIP-yK!Q;EMRg_VYHs~g4Tv=7VO
zDp)^}E9U_PE+Iq$zi>4O>WQ!lF$=&_d(z18pP!oWrmcH5PEJbRpZyx~joxuO@1ghE
zxULqiQb!jylJB<hVRVr*9$5^>r0Fjb&@%4+4i51mO~X+q1vy^>#*tvM1oN~?H!Tlr
zk=9SvB1^MJLF)2yz;oLPTx``wXhj0#Fn=m{j38;HQI#JNEZJsZXMd!I>LNx!$w{Z%
zX<Iq#;wRqgREN^|z{GDtY<0Kk$p@Y^Ayw>A2sB;nLafE33Q)7^Lgo<58pa%b0xlrb
zh~$`A0O{vQ>EzNGPMA5pJuf{YITcJ!=~TUK(7&w18j|y_`F)KYQ$lCT|I2xHl#>?|
zAM>1K=`qIt9#*J;{WiGflHsYVWIf*xy0AtcyGWZi?+ZyVOwgA?jYz;$Ip^BA{|PYa
zVX=C8qZ&(*Z#o{?ywU%I6TD!X|2u~$R02xgnhmH;V?ztT_vd|K6wq9&_w_)Q#cx~i
zt*8y|sx*|q_VB4Ug2NRn<T)W1sp!y{!NBqL*od`2Mc#=l;0pSW0*gjv<eY4-{nlYk
zw<d2`f<+guFw4Qc{E;g8ah~5%k6o(<tIPa4TDxL~)p^Y4rw3TRq7$`~Q`1*erO28Q
z?gRw~@^($rZ35Gf3Sw+Pd72v*;YNQ<MTGco4%RC}qFo?Yr}8*z8{L2-c&QaL<rKG}
zGPe%YD@gHY4VYY&xS`hb28NK0s|&?|sL|19W>43^vk%+n?!IstSz)o1o&E6fVk$|m
zd4NT#^cY^I7oW?gb<is=TcOkDxCy(A4bun;+bBYoEUH5dY)5rvp<iG0U(b&<eAa0T
zP-qcLs;6VWbRubQu{zkBe-p6NsfimG{ElTi`I9S9IH%IT#ep(4nR+~?|NHz<{oD8w
zl{Yngakk}!%)>}uD_8#zl3Fj&rzyT-vk*31Rh5u=5ESZa007#e7!o$Nuu3zbmm=YT
zwdZvGV%lDblGmtj7R{H@N-qE(>b|c+QZgSPH^o7><Jj}_=9G74Ew)4aF8x$`sW^3D
z7aou~a?zeecoSS95$Km9&s2Il$dZf)#}(<#i&f`kHCu$s)TP^6vlw>?9bgR}Xm)FH
zIl_l7QAooMwm?Cn6~^ZEEY?L31ow)Ts4|zZ8G*yyXMIcdh88rl@)xiQ%u5Gv1Cbvr
zHa@8_MX^i^c2<3Q{fI4RcvHwB)ZjRq!henNWLQFN(ZZRg&<D=&col4g3#52>#${=B
zq24XL2@A0_)EMl{J|zVZ2k??-FS-oHH{0;M>ql{=QtozTzucaCA41~w9qJrhl^?*z
z7X2Rp!T-}{{=Unwu>aR2_&<cz|I)ND{=4|+rerOrM1JIv?Pp}OmxAfuaYv0_w)Oc)
znMBDG_Sn4vQfv5-&7=u)+=oOj)cLg72LUEQM&tU4wzrR?tS+!j`PzpruWHOa6IA{+
z4CMRGl+Y`tYwNdAUGM<BkXcA0o8!&Bmo5P@s9LW|O!lccNnnHsd_Am06G#AGz*Kp#
z+hKQDy4xAi1T4Fllct`gL2`%AIYmmZImtP#BO1M@+K%a8nQk{QKO4){s8j|nL@Uc(
zntu5d6Ju-Jfl~C=UF<0E`{icrA+Zh%VK~H!)82~rS|9b|1Bf4JHcg>()es<A%|W&y
zW<MHnT;30Vi0R_%`NJ)~g1355spvS9b`p?g4eF>RD<ae5WfYrtsM!l|RU0Acps<qc
z5{tSzfHK!!5PfSsj~6N9oHS6nLjmpj37A?Nx18jT>@VVAX1)+sR9aCjzv#4eM{+e7
z;UOIh8xsykJ=n9xE3)G7eQwnNKp-17x`0y~_6rcN=scQ+8-wnlsETLOb*LDr8WkxF
z*-C0(%u9v*Ta%`u{j>$V>X3(VLS#c(9kBdoPTKl)&g!}UYLwY0WH=}84LbccQT1Jv
z{7#1$d;tInyCrON#;fdutGl(9-7^lH5O>Ye?2@6CAnOeW2|V3W0#V*XJ|#OVoW7I*
z_J}=6GbS0G2$Aup9>!c;Ek5QQ#eHKvuZ)9cmeUy&Z)W`o4HsugbFC%dQ9RY}50xgp
zyo6c{m9@y~R|8p?U?$Kf-c2Di!!=%IV|v2v#GDIpuy%NrzNma`{`+1lq(jf~{oLC3
z;2dV6_r|qFqMsHo<qxZwCKFh~FT|(bu2D8o1n0nhj~#dL*`*Q*=fo)OM;!`_`AF+v
zBTN&TsyxKoo&-?VAzT`paKGeu7XXO{nFJe;U$iS5tv)4I<^s+-?zz*8@Agq?Q8DOe
zIAxq#vuI@ZFm~p-<>=;#gRaJOEE%pwa<k0FOguBq9CBz6;kOTJ&@?i7_~tG*;lG=)
z+VbtOs75mrP?YN$yndg(@fYv5p+r^<qq)}xJIyGx4-?xA!>V-9uH)lXzSY_zQ-;{;
z{KK2#KcU0y^#2$)8UF-xW&C$A*JPy$+YNg7&ado<6yPRh1-k=du}1=dEXw9@c#*j1
zk<CkyMM8?UZ%@U>Z7e&){LkMACNIrHJG?<=hIU+>*eS&H&>*at`)6gE1Qd{kj@Pn7
zDTozP0u9Y$+K+MlL|V=Kck{3>B_|RD4o&5&=i)Jh4Al@@SHlttty(Gk3N#{e<`^#g
z(hbjF3}&3^pp^nK%*sdCd+Bc_>N1e!$t{SJVW{1rm(MZ~m81a7_VT}Cv1X(=1qAko
z1De!%3(hoDuzuX5NS8}8RHb*f3Ht7k)*U?ou(siYqSEdct&OXyV;ix_@Oby%X(~ZX
z1hGb+A^e0oUC)E<ivXi4fk_f}BGfNG<-w{ge)o;bh^d6~r|uW{JzdkHSgZ9r(8fiP
zEC!J5cJExVKRU6!Ed+<h5_>^5L5id$|H#$mxU)p7ACp`=P0FjHQ$<pjkv7d#c&@6+
zXs`Vh+gVKaP=J=hERwO+>T&7Yq*c`g;YDcl&IVGiQEQ+%F08#Q@Q+b5R3<t{Lq4Z|
z;^<wP$@=dxjvs0->Pv4vrAijBhF<=~1O*0RQuPs*df?m)cUt9oFUk$QPXua;Pbish
z6>3z2267onebxf?Gd~9dj({C@cJSX<#frbL4;Lj8f|3N`@Ws4@88d}$VfEGNiS<Iq
z4L5Pyb*w+qNMo41g-}rWEwa6MJo(X$hH3zR)>ghdd5ije8w~{w`@`w`57(20`M(~t
ze-bt_{##+Al-s%}^41;I<ygrWhq~ymO<PJM1FE4w@h=i;4lSsKzeI3Rv?x1uqTZI5
z7+g@c%qiwZo`?6-!=_y*-7J&z@mz)P_s480Kj@7DBfzfxW+v=d{n>$@F@3<jU1z`q
zH&z_Ys-qrf>6mX1T8&{9@CqgLEG6)^oGA4WMsGMzFbje9+a6F?{c<>D=ibN4U!GwL
zW6WiKqP8Eu7!OW=Y1YRCzL=TT@UBy-k4c*-r0~bxiCYT~CXFhxKYQqvU{~teNy9#b
z4VQf<2#uQF@JJ`7pSUeV-pCH*XBc|oR=M&$QTH+8KGpEVShGa)$@B@cAL(=H=LoK+
zwhyoE!D@|43FT7Y&k`Xa0Pv+9e;~u9kjEhZS!NJPOHBC7q7O>nA{v4&2^qmd7eCel
zGf`s3x>8J|JWbpKnh+$*Hu1&jfI*C?kj)>VTLq;(qe`FKLnOU2$0C}PEL;Z%<`eTq
z8(?6yEl`GZDONC5yGSP+NVQyt6sq3a;L$7CVQv`vERCczF2EqfJ}k~<3wr&olKlvS
z3~V%1eD1oNa6k!=iq2mGwrvuYaF{{6cRp3a&j@S>)J}g2QbC2H(?!4eUU0js9WK>Z
z4UYO9Ys2ZYUdZjFugVEyC+(`zo6NqGzD%O-9sx3NX&x%2+X+Su?s_Ua=z_<)MqZoF
z*?R_pKz%w+6YimmG~Ev`xb?oBVD-dtq{D${<VNQTRFLa8(4myyVQ&-GBx<u4*rOo;
zp3Qbk*Q`q*ExTWWS*h)26>7E9rpV~pua69SdiLuS0_vY!Y{F&(BpmC#+<8E*WnHas
z^l#7UTIL_s5+PTuxZcilK!O7txASxA-Cj;upvJj5mUxzVWNrx9m)L%;QQsevJM8D!
zZPPpQ!x-et^asWth1^_wYJJo<Un@*@<jHcHImW~i^r2Fy3ED>6lt)r|wp^PGbL(gp
zpl>VTGx!qh(xXM%mnJ!Dg$D(32omLm!NJx*pB=m<^6@l5^_bFK%@$Eu8W1ulR;}VS
zoWc=FAH`*pmn`zT77?1F!+mnh>&nq%^-c0|@+F1}buviS9>E#t2q~5|xh#oYmg!m(
zo3CpkbKu_{$O>?V7Q~U0ETU~uNnq8wm-&+$z~z0!nJzfE=;Lc$`uzqFB0}lY1r1=G
zlsRmI0EgmntOC?0n?wRq9AiK2F}C9z<HQ1Uh7QY8vsw-0LpNw^>gX|$;auGY_Yh_J
z3;Eys;5@4OUAh@kKfISo3;e^2kNsd8#^_JgPA_^HD<PmK;~7}VKEMCU*sEh`nx=1J
z&KCH{%2c(pj;>6#mDO{ihkglV;T&M5Y{JuGc9?tA{h3t*NELGLqQ*N|5S~yuJG8J^
z#!=J3w1bchqgX3>_TvWrS>vb<u%&^yoPVPMH6Sh@WfL>QH4~NJ$)up%v|6JVc?<lS
z+^TbQdFcnRR*qwY%w{9FpnlM$h=M$ut>s`ji50bsc997!$g`idd+Qg_kttPVbG*JR
zLxY(|F-ymevU>SL-^tFn*>7ASMVFYpGBLtOj4>r&pv1EBbNXa#FfDC?;{Mggh`sX5
zVnzA+aQlCXd;3`1lI%W6B1#aK2w?$&D2h0;6MBsN&OQ5k@2Bn;^~bb5czV*jp5O^L
zW99aH_jO;->vtdb-skQa;$T4(BLcF7EJl1-P87#z6h#&R6el6_Kmdb)p!`9E6rmB5
zkRZ&5Y$X0bk;QLStvb7^)?Ta5xxU%>56|nmb#_&)s#+hv^-;h6Yrpo_zWrbI@BUMN
z{+r+X&0qYJKi##z?O$oWultEV_FMj)&%X3?|J+~v{5SsLf95;i`k^1*{p@GI_@Djn
zf9qer{pP=R`XB$Rf9mJ|(09M}OW*pdfBUDWf3*ANqyOa3{x4s={5Sr@!(aXBZ~yx1
z-}*EE?CsC}=YRL-zy0dZ{r7+CXMflC{69bWt6%!vfAMGkz(4Z$|MJhg^<)3jzx3gM
z@vRsC_{kT3`lr6<$G-DV|IfeuANVi7`%nCpANbKf_>C|9yT9;fU;oGc*T3(N|KI=O
z2jBWTKlP`7*H3)uKm3(H`YV6qpZv}r{X3ug<3ICP{@8ba_n-XI7ys_R{NBI)zx~c1
z`06+Q#((oa{J;O>H-7Ec|L}kGH~;bv{nj7-iNE$Yf6Gt(iU0QI-~7YB^ZXyW{q`TZ
z`9Hq>*N0!N{>bn6xc{qP`Ezf-`al2rkN>5g{N@+`tv~eEzxRuOVe{Yp(%=4`@BCu*
zUqAchKXdvU|NeJ=+i(2nfAHW}e#fu=+%Notk8XeCxBjO;|4YBIBqajCiQ+>0+GFH;
zA^QP_!k54P^5XRU^N%i0-@ABvdH&YbXPYysuh>o9W^C)Po}50ux;?+W*zC~j`r^gy
z#?`Dr^To~8tLrBhH~7f=*H=$IxVSw#egB<zH>Y2|`0N(H`}}9OKlp+BX~jQz_X<C+
zoZsi<(W8^oH&M{`_U5c|^&C$sdQ<4}N#$M<`s(T1=#1fRHUzXirv6x+H+t5cy)QR;
za_VMZ`$@*LccC^Xu2SXWXxi>6=Xl;VEo?=q*M4F=ZwG0|RIfc<og4V^iFf=))35!W
z&17$AmsXs96HmVp(|10_$0y#4c;ZUw;lCXIdg7m>jTY1Fca6_byYgaMPi(&zuJo5X
z8Q})Bp4hFs8qvI4G4Cj@c#WIuALZn;@2geCXQ=Zx*S+T%pMB?5iO+twGRNusdGYk_
z{Vbz9+qp1@lg=Hnh~5s=kLTUf2CR7K`}olJ;?TRAK#xy+6`+&epZ4A@CR&Aiyf9wH
zu<~gi{KP!<2T$vW`h!31gBJvYyBg8-U6GAs`b3l!H(~S>^V4?^6uH@i%jyxelhMhk
zlhG|Ep8kH<nAgO~!)x4Ghd(^#JL_?W_|A@gev`Wt(Y$>+b0lXcTG@(ZuXg^Pdb*>k
zJcdsQKlx+jEZoN@-ljeAFIGhBnEdX|f~(rCEO_x!sGE9Nh`0cF?3g-4lg1P3VYNZa
zi3{nkacsD(HlLenLD2~cn%B^vulYHnY^9rfRe2$YDrNlNe&Ll5Mn->k@{(2Occofe
zNvfP$6K+d2D+=MZSF9&htSD7pQ-Yf6S#?#5RSDIpYSuo1PQTf&YE~omt73(T%MG7Y
zUS-1n@~XVT74H=*T+zL1*IpHiXTDe7*&egDiq$MsS@tK;*Hb;ISRbi;V8;m}Y5m{5
z;)4J7yc{`P-0n_vyn5EqqSZScVomnw<$SoGtSLldwPHP|a!LyfDb@oj_k=6`H{VlM
zA1bdu#H;iQQ6vK@r-Q7yN-s~tDp?fAtMuizPAb+SDpn&ZuScMr_n!3*Us4FG_f>>W
zD*t3A{@2Tw%FFSX3Qk>$6_6@^rEnEqoXGG>3h`>>d&<(h65`y~EJ;?ewm`2FIp}jD
z6M<f_MEBYF*dvzdl^5zKHERSl>jJft<S<rQTGl&%qH8Hng%&WU&#VM`)GR?gx2m0B
zOIBaAJgr%t)+|qJmZvq#)0*X}&-B6SS)SHjo}SbmpomUz?cdvp?s4s8(u()EPAuM9
zn!G;#9IIh@TC+T@y*xdsSuocul4~bJ(Vyi|&6a=7lB{Oizh+5Rvm~n-I;dGB)+`Kb
zC%y1J=IpgFzU$hbu9@f8`_j&9ogp?<`3%kMImq#vC0WgqtY%48vm~pX;f+<Y=;R2s
z_^b$9y>`a)nr9`EY_*hZHA}LZC0WgqtY%483rSYbHb3jr_1coGX2HaJ$KolHWHn2&
z+Do!{PlN=jom5+MPZBv?OF3M#Jgr%ta-hjcE#zrEBLHD9)|RK<Cm-}-cE-n=W6kok
zW_el*d0IO&K9;BT>hhGuBcCW1lJSXRd0KlDIX+QB9yU(4u6UvvU;cnKyJi+qftNKb
z)f<-TjhE^t4XY82E2<D%&CQGv@X2bNFJaA9x%As`vKki6(VjFc)f<-T4NLXLOZ8}v
z8rBD9dDA!vzvgOK<oOfUu<0AGhSiwH+qm)U*-aA7KF%;(Lu+nWRp8mP!jR0~;|-11
zEt1*qL7H%q;-sZjW}j$GjntT$;N4&ir(q4JVGXBY4X0rZr(q4JVGXAd8cxGHRJ3Pn
zYdB4!;WSdiX;{N)Si@;p!)aK<X;{N)Si@;NED-Ol&~TcyHJpYO7CxD*w!|lsHJrw4
zIPvU-Cet`=XHBlarZ&%>^_pb%e6Lt<X&Az9yoQskM%*)}7_GS)2D*7QEcoNqxFW=G
zCbEXpu!hqxV$d-1->{0*uyWL}tDy0kLcD6mB%*uf^o%uE&Dw%rb<2izylMs+8mHA@
z^{g>8hyx%TzG2;>VfY=7+faMFO0P3TR%h$v^NOo%6CI<KI!4R7Ma#NH%eqA?bc>d;
zhI!B0wRMY@RR-QORve-|YrSp}?LjMah}P*DYwkf3FVRXrLM!|LEh|wGt=IMgv<y2i
ztr>iXY0b(|%YJ~Caf{aD7V#bk{J(XI$(nn>Dgm#C6@z#+EcshTPg>S3TGlOEuUo{c
zn$;=RkXol_thp+N?|D_M7{sgc8qP_}s#MELRLg#V)@uUss#r&gPM*^<)?8Jh0ku*C
zYFWc+S;J|ChSRc66t99L@|vqiG@MpyI4x^9t<Z2<q2aV^Yd9@KF?_OE--%Ba$6~as
z;UE<>lYT9OSkWFhMQP1FNHCjLVm2)!F)eF2Eo(R}Yd9@yIIX~N+8MqIw|{L62gOUA
zBEow#0~!H8XjzqO8N+E=A8FZ{(s~UizWoBzX`QyS=AI>bSts?fR_IwRYhv?B>(<t@
zy2P{7dF3g_(>m6(I^mh=gkIIH9qG^|dQ~U&s*bg&jy*G-(6hQ(wdDKIt*vLF!b)@>
zI_Y2P*gw<>|4=9Nt!{1qP?zXioz%BF*0Va+vpS(?b;3W>t*vKuiJpZ#9JeEp+~`=(
z>R8X}SkLNM&+3Gpg)*|?BjIGNt!H(tE_qJd&G1R!w5UJm=Gd{G)p<QD;;fy}t2(E=
zt;kusBwD1C(IOpdO&udio!7JCRm>`8*o(EJJ~~#LcrVxi7N0QIo;n}(k<8x52t;zi
zDQRo&0Rurid)Bg&*?T;wW2axodRFK4tavrEN*VUTscEaO#=~5^8djR()iBP}v7Xg=
zJu6<t44#EmIGt<FRj`^AR^itauYwiFj`6IHwWQ7iXYpzn35!mc)4A4M4J$*u8V0B0
z)v(&wvBF4sEh%o*v3?k@f^N==tLRx>@~h|>oQhV_v!|<P?Wy;^vUo3McOajv-YIEo
zu7cGiUIjb8l2!P_)^o;B@Aa%`75%JAhE+IaZPiu8x4fU-T0#2ttUdMK*%!}#Rwcvi
zoszcZ>^Y2v_kgvmcn?@>>KV`KS<mXdo)xcVRw=`3oSL@gYFKUJ)v)puuZE+6daq~2
zvu9@@I`3ysvS!WMvzo-SXJsj#Ju8eod+d7FntJcCOIDN1^4{rOYp#aXC0-3HP04Eb
zcC*&hdyieb3RWzmJ#jkMnyX-SiC4j)vhgYyj_VnS>wPLwyb4w<qg6O1ZPitHwJEG(
ze>nC$inXO)L`L<q3K{Oj+L2Lx5*gLc(9(YPtSI&(GO8DmQT^JHQ9XlXO#4{{nrF}V
zz$=LH$q|uIy@Tx5JUK~ZaW5l_d)D@Pc9Zt3F7}M7^&&E=pMl13qSlU#>XXQ*epZF{
zd%|jBFCwG*8A#;W4{Jw84Xp3^6E!fl7V)HkBcledCPpV}5D`#=)1X#7QA48j4N~hH
zSlb(fwl}c5cIKqR+S=ZbplHLa@`RH!u(mgFXxG4~+8|K1L1=%&+Nj#VI2xa%Sq0j!
zhPAzcQMG~9#lb6z@yQbC+Tf6>HBS}?IEB@Cwi@3HRu2bO3<r;@#j6lmOM}z7)?5WU
zA$b+E3bfx7j?WrcT^zik7_Wl$!|0wkP;SjtB--B~wZB1Vdjq>`qgk)5?F~sD_%J&f
z_q1niZ}8e)Omm^-4QnTZ4@q47Amic(cDfF%?F~ZP8yG%}_F!#oZ(vZ2&;P6f?e~DS
zy@B1X1FMIFR}AAl5!&D25Vke%L4uwQtQ5sOiPgh_6~lp@vIA>L1EXpK>sf<9)du#;
zMtin4sy4D8((l<gD;fJeV^nQm?P=gBv4Qohfq}Sz6|=#sWbs}K)NORw){1*MvcTq5
za++1NmniG!{2U{zWFw<fBkL_AdjUt*a7OkUj;s=mtPG9b;TWxcWQ}g#<I(9EYp$MM
zP`rAUwejj1`Wjh98d*6SIlgIR4Pj&?X=L4EWZhz9-C|@AYGmbPWVK{uPuIvYdSqYO
z$WnduQaz^H9A3}5`sf^RYf_CRA5)D(b7HD7hBLBMA6cr84F8O*4vee_jO<<;Sz3;a
zo{SvtJbJ+!Q(<;91}ZpNwI&r9H(@HwLMHHsk<pWp1@P!aZ@h}xAs1HRkcl-{!Lo=~
z!9g+cUV3?YGO{2ZSp<*lr5aftjqK(cS(1$`$wroBBSRdc7lknuSb|4<z;XXIslYOf
zslY)qF%?*njV#GVmSiJKvXLd($cVw{MP$6n*;N+y+HwCCS2-mSE7R;|*q>OIWFt$m
zktNy4l5Av2HZr&{v51^lI8N-DnV7Rr?9!P;1k5;tE=-MS?Fg8O1(V<NiQ{3SJ)c;T
zO<s~kdpU{7m&u9IHTRMQ4$q#&PBMEBh)!&)Pb|qMmShu4vWX?x<Rw|W%2^o*d*r0r
znyX|1!mDI460efw>BRDMVtG2TJe^pcPApF+wvs0n{1c1(iGx@smMarmo0FGhF;!Ti
zV-kTXPO7a*l|=GPQu0hJPbZeA6U)<y<>|zR?8Jh6Vi7*Ey*II3n%FX&SdvXF$tEGm
zCYI<CRo0edQxaz}$vBINCE3K1Y+^|^u_T*Byu~CW)3kQH#gxeBNy_I*$kR#0S4?Zm
z(}~3*-&+=r@x5hvI<Y*RygZHXnUI&0ldWssvjkC}B%(gCqA;-?H?dTk*fN}0o=z-J
zCzhv^K;S1fsptEHN?;U8x8ib9Z7hy1#((Z>KLiB<lj7<?I~MI|;fhx~)-KTE9dr1H
z7eV-khb{3*E;_Vh*@_ky>KAQ1dhe^AF^5Gj8e~;kumJHV7^TS;Xu*~kW*3&nG8Wa=
zxUkNSr7T(k;n-qCOCTHzZ?pu$v5Y}W_%h2mOeB2SOS*(`LSUo&>V#w269_j0pz|SO
zp^Mpt<+0eUb}V=C4=zWwV-)}`ehcuAKsXjUXmNx~Xfel0><^KXf~y{)1bRhDJP{j<
zDtO^suna~^SRPAZw1jgZ5L*0AUY4~nS}e?8^swhFP$PbiE@Af=r$q}FsoHsYob2AL
z)9iQ8N#|8}F9B_<okVTX7Iu$iE?V5~C5vIjB<AgFL$=k91#Z|Pmb=LodDJ$Yy1$_D
z)SaYWbsrMA87tY(Y33*bKt?xzjpC`V4Ix)M7W{$gEdLX#v#x-??uI1f7x*xG5ieMi
z{9rK-0OmE|-n##c*8q|2+A4^`@DFC+;PIhlVR`$Qop8%>f6#r^<+0EV%bU|e_NNQW
z;xz=VrDAZqn(KeEvV<1F0B{!F@1vvW>w&JiPPUB0I%lWwyw0Gt_zI+`MOOu_r3zZh
zz7*)b7U;eh=)M{#mjk8ZsDW@^Yl+V`S3-?4<<Xsv$f`t1@C6ic^+GB++l&-ocC5`-
zL2Idk)=~wnr4n!fekS;kFVVT~Iz7(}o6mSavQDqJC0itndK_-L;HyqO0XtAvcb^(G
zpWC21RY7&Cg6dQS)v00#11n&ilS_pr3uas-zNl-%7+7JVO!?}gNzp`fVb!UUs#B<N
z8n0n>)hQGr4d;zDspPx`)rpIjCi@^Yrpjqws~$X7k-{1n@lV#k7zMa_kb7RuN*5!!
zztc@tT?``;VKJ<iq>BmsjTJ0#=)k^N4?#;1>t1U~);Xg*dui_Uoi*1Ps-f~axhQI!
zm5Vhn0|=E>QS_U4FVt2=i_=<?<*^SWx>vro>#ECREh8+Co%iuJhPtOHUe3E0YOJD#
zcaN*A#><N;(}vyiHCI<%9;+K+d8~9K%L`ZwSA0bc@}RYFdD&!Dvo^P1m4jVYT@`CV
zVO5OaB&!O54_AIo)-d~a_G@su+^TC}%q6U0)(rMiI256U&dAa!l%YinvzAbZ7V2a;
zoI!O8wP^7twiskJT71a=Exv>f`&pG1Nf;m$;{BXvTCjqJKRVWu>?Z?c@fw^0v+5cW
zw*pl7y^M<1z^GFlR3~2)7iK}IEQ@~x&dF*STEgxHz$X-_#h=2tU<V9Z!nt6?2onkC
zf>i*t1f~@fhEP-%fAXp|{^7oyP?=T1n96H=L0}O1^@UrrfLw5?Sb9n!5RMfMw1nlc
zWJQbHl4PC2O#<tSXt?TWO0|o6LA&sUV&hV2n5REH@fNMFFoZ&@yhWkjD&{m_grG3^
za<Mr7q2?<7!H1LUwkA6x6b9O0zb$wl4o}W)+?#VZo6{e@e0sAvJMqRR%XD@eu<T%V
z$?;Nb@9^d0E5lcq&&nQE;t2*<Oz=lA8o&lCUVq@r9xh@yd;A?=Ii4z&`%~(xfKyFv
zuT1&M()e%I^uyWZZAblDf3JOQT2#_wG2XCnYnZV&yh2}{68)HGG<?+?zCymL-s2Nr
zkB<J=^Oly^=c|pOoyAMbFnP=K_0^T|cgAg7Uazlx^Z3M9lcE3hH`rG;!GH7meU%OT
zH-Fz(cEEo#9XsZJ9W$+t4TO$W>W*EDK0g_+S+Qc*voh23zW0ni_)JH7^~xWTp80Lh
z`{gsh@OS1SJ@1>(<9U4IGh*<+JdV%Gz<={O@EHO4Zx&7ikK^OL(az)eSY!M*ufxZy
zK0fi0oA_VGMn-18Ba4HP<9Wy6DP_9)xEVZT#ICQ2^^A#s=l$*YJOAGMfN=%Aca;9Y
z_k~?u)Dnd6E=Z?ckSaUABtYc&vh9M6<AGKD+(VG`kKo_)xD>Sn&y$Bis3nNIDh%Nb
zRr*u7Li-mU!dnnf#DgRZKEP1fAKK4e>hcUjk#Xkh_;SrK@>e%_Ao3MGC)w07j<#nr
z%w^s_zde6`^-*9q{sy1Eb8&Nfvta@C-o@?tQ*^_p=CCkUH)%q#G}*std2;&u-hXdX
zJ$e-M(p>Jiw=L<F%qO>-v!<Q4*mYF7*iyD!+qYXB#%`Fl-O%Ex%(t$tpI%)1hc|cl
z?>F(jzz3(l|M3@2=>L80<J;Sp4^K~TudbfoY%ecvpKY(MKRSK+^x5f$PhJkw_uXKS
z%c~a;`tK*+{lTjbZ|PCbFJ8X*+B`p!H}Oi6`HjOCss`#!Zb<`0LE$YXS$Es2X%3#<
zr=Na0&y6N|T3tSUaQ@-V?e+PS+nep}XSc@mh*cM+*9@Q@j8o`9TLAH3hg;MHyW9M3
zK0beX_38HG+fSYwlbVIr>Eq$V9nMH#(;4L{Kb}sUEQtO}hf7^hKW(SYFzmKHZWWe=
zfP!JHwx|-cupBz9r?s}PG_E=hiqdVNhxIjvpmT>YaDVz{+#*m$8>*=%WiaRB4@(vV
zaqK(%RS-m&p2-0`o*<1jM`AB3LHsy%vn4E_3E$v2RVv|IZJeAnB<pD=>}|j4ng)9d
z!tdHGq;1zWTSVpEf$-63k|)sxN~nZ)+C_mN$DG7YA&78bBm{AUN7b|~Jtcvg3os3J
z$+iGMHEQ(QIAj^v>jBt<acUk1dK<=}myB~Z>u%Pdjbk1pC}+6B0Gzj^CO`$-LMs9E
zyG7N5g^><s=-1Dl0JEBOrsR|&b@`}HyKUxa;b`OZ>C<uqz@r5k3Cv^X)E)KMIV3}!
z=kfPlo1=4E6~^KF?vLGI-*=7oIrS&3R`5QD35CB3-Y0@@<kdJz7*soD!-R)Q4upF7
zTgpxG#Ay0%J1h!$cQmR>8z_?3k|8-%NT-I$IgdXXl_nb<cB38*)C%81<L{yDP^>Gg
zr!72ZeYe|=oywH(VuD7INDxbkxacR9BF<n^Cwd2pXu{FO9~A~VMmSa)HJs_H4m33+
z9Kk7Z61xq|m@W39uW=GpG2GPZQ08&Mla8b;2FU|ko;2Np=;<_O<1o9hje-d{J2CuK
zFac)`t0cL@CToJ&nf3NSf%KjU6i8oblGx!A>OdqLfsFy%!@VNe2otE@)DuKfrwU_T
z_jKS&Ag&;N>>-uPxC0>6iQa+qn$F-npoM{s5k{(Hc2I{p5MHr@ow>hYcw=P?Y^bo!
zwZ`imT%c0kS^D9x;?O(DN}cB&D6ffUf%_(s&)c_n&~HmI6bO~r0(*ngX1mjmqDl`3
z<AfE9ljyv};je-o0^?1lc|1L8O%o8Iati|;a}srGL^`5-CMg*RZ@&?5XHMT>fmP`o
zHrnNKP_%lMs%qFG0x5`dX7nX-t}%Ka)fcu=Y_gB_3x5{7?864tsor6mH5JE4B!-DB
z%rg>>k}m@0E80>=DW<iic=(_}n<9Se_WFRWh^guTg3hcp;jtd40E|0GC1`z&#7z~X
zlCJe>63{<=t}Y8NZ#kTg&0YZZ#Fh)n2OdOKR7@XUsgA~~4&eMPLG=g{*!CL~i{Ijz
zm<5y6EBK>&vK&sU4o18b7JoZHm4h__e-;5vcyj<CmO2`uPSmAE2UW5WJjSyHDo_7I
zFJ$2r27*(ut}Q&!+S(9LppIrTt)|}*Oa@mTtY^TYK+n1jULo8zjjFg<ON%UnrKLGD
zBtRDJ&^tAWc(aaK7^B%39pLx*b}TT2`$p+%O-Y6Sd!C4-3fu)a#Czb9A>RUUY1|x<
zyqiiX>@@U(aC30PpeK~Bj<pBo@j@gAPVpuf;)pZ@l2kIp^?Mqlf0B?qSUAf(n0=P<
zB)WESoNJDmg0ylg7v2;8EXATo$VztM4q{Q|%PtH@XI?vSfAEi^n3t-TR5m1sbK(XA
z=uR1gi2DHeyunjM+i}r*;rMc|DdRp8ySOrDlz}bVjM7+{$-3|)93)K8s#_@8Q%R|A
zRE5iV`NPqXij4C$hd;}c6{B<V65QcrsWLc5`s7HSB&c)<M_LDlLL@;^K{(QMWJ4#3
zDHEFpR^6tXY6vNUuSiJ2Jq97A>oNLJCdWd=!WLm{!F`FR|De?C-b;6aTUGeFtVs0)
z^Rns+EI2F+Z(_hwyTh_<;1%!NZV>~}POu!{feTI=Ktu@L(6kDDT{ifNw=jWrZOAdy
z!g^=L6R{lIW>5#yZ>EdG(}~D~H5K$Etk7$@co-IbKUIY>1~XM^W^f37gs+Pb9;XV{
zEgU4ezGMs*`Bmiw<H0JZNmMnP2di+=5SF6tnK4-8Oj?j<E|o&(Ix(s%r+Npjqux&!
z&7p2L3we}whHcYrYWVR9UxlB%*BzTWD~2j$c-VNbzzle>0yi)QGtXAIqKKcM@<Z%r
z!;5iSR0~wMTPLG=ws^1*XTXE$aR!dh87qs<mOLFn3*;-xikW>w4aLj`+<CBSgphy*
zz<Y*l0N93ixHT?@HCziRs}q!5%4!$Xs-ERL+!|HV*pPd;HRQBKo@cl<BMjzAm)5Fc
zV8iYn2n+E5O$*6Wj0Zr_u%?IG&^yA8or9fm2Lu>yp|%uo2jg(X*t<N*erZ99GT4mZ
zK}(7v)>&Pet@U_S1n-kNZQ83M1!Wpx)aqci-s4oP5EjMyfgTrCLR3Tyc4GdpWJ3%Z
zloE(hZzsSxzXdj+u{y-qYfE#%(dsoLw+v2f@Xp|Mbwo@+oSNPl<A~TU7QSi$<nYX{
z5SIaDM_rmJpu7$qcpd9L1zu;ZED}%)DnjBNk<89T!K=G)JhN-mdt<v=cn8|PLcj{F
zP_H83-BSdt+(D4q?iL;_=(=IBg08DdZQJ4E^YVf;k~?tUE|*5VakkGTh#RP?6mgAw
zyDcJe@p1tS09D)=tjk4Ft0#*`!%KaT1i0sZzwsvC7R6{aZldcl1>cKDwDx!kA1)gV
zRtEzkwDeC#XZKo~M`z*jTn+{;FlC?rSR&(5SRHbP6vpLqEY-o-%%=aLo((h+coUlj
zVE1H50DZKGb4jtyC*&w(5Xn#K(oEHweG@_4c;CdGrHxN*Rq4np3&D9_+7yD|bODfL
zx=I1ylSg?j5>fXFsOnVjAOJL72Ex_4HoOB!esHm`2)d`}r$R8?pq{OQmkm}80RDi3
zc`dDggBd&E5;s&DlEwt+i`96(HF(CxQsa$<9b&ZwWjC-@TiMk)UBSoZ!#G+tep$0F
z7{3-7P0gBb%{>Y2+9i;vd&UteO<Tj$1|H`lR2l?pq29G7o~)&rKs7S8wh))dF9Acv
zXf+NDH0%yArlneIzAK-8t*(s&3j-b&JbE@BR(G0V>2th!v<3d-vcAHfh5A$5ezrUC
zA5ANV_s!%#AU-%$U<rJ43OoVXD4M)+S>x&+uzMOWLBZ7qWy@odc!>xOV_n&5wHQO6
zny!!L?d^cSvAtcu-|AlF<gu4c3T_{I-Xr9kDn7J6#v9K!LQ7CJJJ{$NA!DDN91P`s
zwz$f{%@D$BY(E3iw$#x~Ayq@y!N%gT=Iw~J)j;L}Uw6o2!82VNTc}4>DY0`OyrCFW
z<PZvCtH|}JssFW|01;BaLM(_6H!ff@NF`MXY04?EUrON$p&%TcVaI~hqXswmss^Rw
zPq_yWB2ZWz+|&X*K~+_C*E)S^CL^f__!r=vXBQ_YtJxk-gS)!&45g*fm7}y#URr~w
zw%%Hrsy4+r6Y6CPQjsrPK`I(LdF)fwM+<<H4~;GXPC7@9U9@sE!hQfk26F?Kwir^Q
zvtw6kOx-lTY9#e3N0)JYK#t%ds&awi4cb++Q(62~3tn*CSQqtNh%MFGv7OJ-c*QyZ
zX<o4|0ckonj@{-9szvPUUNCKJ@9G^?3swBuuGJc`6xCj{Xe!|O$fvZu?uO8?U8^h*
z@jNEOI4+@}1moyZBhHnPw}y{$2%rr~Dt4}fAvIiTyLxeu$Q`GPq6iHIDwU$Hbg|(Q
z;nmUDZxEyg&I=OhY@wk#a_iVrE6EtJ^^igA<zdOQr>ab@&;hS&;o8J`M+?`+cCX&y
z+NgrmCFra4_aiYL;FE9)a6qFf2nS>^1??CCx-L1P;GI^9e?SfssR%t3M;;2PpvbdV
zIlpe6+fG$7@L+ren2GsL0cTR<mTTLo>dOU%Gbhcw`*x}}ss>+hs_qbd49%TQ?U40j
zo7$);qsiXbtGaO2Vn67@RkJ;A$6vKpwKQyRTXNNW(pBNAwJJqyPn#PlxS9Q>E@Yjz
zsu^l$Gqs2>hja*;bv^*CV9y}JLfhy#qiJEIZ8w`QHdWws$0WJyT5iG3=FR0jJ_t88
zbk%}0T-S4LH=En*pm_SdF61<|D*0_6TWx1G`JycMNq$w(*giH#5nt_MpGRUByJ%H8
z6Z_W|4rJ^Rlbpxb#JW$4XeOmE;-!v6ZZfzT_c08dIic2e@i9#rQGAIobudT%y|2ur
z^%mmV)o4njTUcnKKl&lH)N2$4cT%VEZeR6BT@>e@1c?@`$$~^vRi(yNf8x>PxoX^V
zG2zcb&NsH-#gXNxj4d^Oq_LeY=}lvm&c14$CTO5JS$plX#Y4Oy%QUrgl0U#|B3fg+
zT>QBTd7^x-Y+GIpQ)%KCT^Dvb_K+-akQmpO7R?=YTC=VjSJzEF{~Wj+p!5crb6|}H
zD7{hhMUluqZ}tLJ;tZrEs+f+RJ5WWFh;X~l^VH}cj3<9k3MyTv2{nK^^H2*Ui7VbN
zki^b)xdTa5?r$f$_>q_-2h~<m10@<8m8}q_28%Pee1lWMcKJ57Dne~k)~zeJTfFjK
z@V0cC@zmIeEVw(>>j~N;U$uhvsMcsfxc_{t<OwDumXhA~_=`_^vjG@mFw?Q)Xc$6v
zJPixziyCQyq*`-XKCm$a(Xb1t5JY2~4I7Vj>k4p#UsnNbP&2y_6FjeLfeYARY;)gW
ztm>UasOUUTd93J-iEySWB-l}&u6?GkH;Pf%*ibAWSil|xiBpmb-h-fI>q3$Xo|RJv
zGtZTeG6{o)*sMalzA;!N1tk%K2ZI${Z(A4iTh#7UR~DTtIhZHo-j4KSEEtlgaG(xm
zD(>tC3ZNOefeMJ3T7CvWBlAIAxG**h+uSz{tNM>9W8KK7@#2M3cUZjG*l4e6axo0M
zK#>?aT~H+A`bF}XxOpCBTlDG~aRp;ljnj{Gj3S{XN;IyNx;hdfiVzOH=T|jqP9Vw1
zW>;$F0u*IypV?2yPRZaWw4IX1SkakU*y#i|l~$xH1*}r#4m+)~9vgx6Of^JcaNd0(
zNLg1JZ49<SU<Y}FL$)UeVA!F1`UcoAEPK*I=pNVNP}A0qDG!N&pTQ^(X@j;LV6&f>
z$0rLRg*s~6#Hg)g8FvZQP;+%qxy8C(kVxcs2m+c_kAgNZs3uul)=DmnQMC}x+yV?L
zmNpwzuI<X!tGBU6!A6RO;+m$gtf`zp!RJ5e3$ul0oUgJVB4Qj^lI0GJL$%3V5qFg+
zUS|oxguK}Wmp@*(({vX1hJ!koTUIbOSwh>kX0IB6?s*7xBp=$h2Wx$3Um@X4zc6;@
z%U!D6=<M(ST>dCC$r#B@*(1f0st%&)27p`Wmd*k}6h5*Mbq}!WmTD51U!=OWajJ^E
zE>u;Zr1>4CQ4N|`uyqfW>gUQ;>exq-_;LV+dVuN~ZV!OwgGl$cr6AGO6WodyQIm{G
zu0O)AW{%%1M0Fdhiq4hPs9GDBM=7d%-f1lw4a{L4X<?o*mcDQz-P<GTIXRwz4;oK}
zd)S<(U5E-iZ~pat2%15&MSxXUBeA3pX)_JVtw3BCkY3a<Q6x=k2g!5lKp2g~y^5o0
zLKL`xwKligL5E@R%1!`Q^`$nhLbY%zV=#T;RNA4_cQ}<Q{SPTY6;OTWz$_47O(be<
zSf0I#dr^OoUsh+7HZsqqCl_deZ<>tWLV*?(N!8A<4bJ;h#o8)IB@jjR04y~=wT*%K
zg;N!y=?kao0O<B8>8s`$v@vumxs_K|QFz0ZG~(*Bg_=ex#?!_)upG-#KiIhJE458r
zH8iyquL~y97geWRAv2heRM!keohjw7P>Mk><BcB{c@@D0R2#wbszRi?TEq^<?>y4N
zsfv;Gg;QmR&>qjLMpe?=;j?a}keJ|ix{#NkTA-~RJxh>&u&a?z=FDsx_|_SfjoHGG
zj<!bNR_%RbwrYA!djMt|q%=pF76gSFB@MkbTC+4UY|ys7Z_svBMdtyaZSe3hNeV8$
zQPo>))YeNFmS!Qw*G{h-HG>=#Fih&l(XI>3Ag(*FFyo^{%%r)(+Cw1Qptu|qjxedV
zq>b4+>IXE0sb9#po;06ZYeTkfsF3L8SzMv!@1!zQ8?W_8im`cCT5M>3QVky)fn{Vk
zl&A47heCB4opHzb>w+kYA=8D^8-soKa(Y#j(T<w+3Q~_pvM4%;6(p3dL**ki>r+n#
zZ|$gAUtlr}#zmb9g8@#`l;JpVR??7FKYj*`UDSnuY#a@Bu!vd7!Q3GZ8UgD_cBY~V
z6Qh=j$rfY4bm3sdv9roNk7J9fP_ps4&c^4u`^M)cZRa{0pY!Y|gtI!kv*7KYG=bK|
z=$vE;T@0zoo$K!VMF2dcpd99|P_Kj&Ndi$&Ovu$_Hw%=h;l!Pd&vE6QfEsgjM*%ff
zmE6vT=sFvs>+Tz(gE-T+AjasFd+L*s@ur*)=Pp#}Py=45?BpH_UpSU=wClpLv_U#|
zeU4%%crjO{N#r0?XmZp`71d7D6uJZ8Id6CE$?wcAHK$&W%IR!;uCwvE?!NIkJX@lX
z{{VpQNb+m4qq7k@FHN~zGb^9C14gxGysWIQ$~;tLVDA+|pN6k%gvZ1R;6>w3j}_=_
zAkU+Q`+0f8U!NBT-mC21#_~EF%Y#2@W*^F}Jdy#Z0@MccJg*6s)*%ovUe(r)#UWT8
z$LI11v}2R-ppQCKbOIOnZ;ZYz@LxL+^A7x1f3(p~h<8H;@1mzk!Mg|(RinuPP+my;
zL3E|7mujc|;5{I9tjM9YK>rwlTcH1aR~pAtLfS;_QsbWf!JhF%DcLh>1Sh=<Xek9T
z2)9I(=t$oSPpDK;5tp>qhT8K4cTx&)V5L6o*V%|3mucIV_VHyzi_bi%lIZ|cFBFaC
zJ5VSZi`R>_qZPw?3wI!a;sp5H*;T0Tz=PDs^ST3Iy*&cv??3?o!@El=Q6k7&Ia)IW
z=8jeY1FLEcZbOlN^S;Gs+`@f}(IjQ2$H`zdORuxT@7!L`X}*pqg(@YLT6m$e!|y^_
zM1D4z%k~!1T9J{YZTDDaTC>jYR#u2%#7p+-Skcj1xNk8ix3JwY1av>!tt$O7oTLmD
zD$p?#D!g=4)ha8uBk(x2EM%}yenKH09NVMOKMufKpnn`QC+XksB8yoe%8}PiJCr>l
z<@Rz|8|pamR%=248&@1FP(KKqg3_zz4*}$z$C4XBuRiRTy|e)lx74UYP68MVobEUx
zHdlY?3D2V`C#A2VU@2v&kbxL3fL-vhYBV9x9{};~lYv<4wKJfrM$@qS7~@;mfEblq
z*nl{JTA|8uH$Z*8y^oWzm7$Jg%Z<jC`xxL`AW96%Ef6KnpH^miBvCZB+}lBT9C06_
zN-K}h7NSZ~x?8&g2Vi_h%6v5p5Ba<E%~yyR0^|6;74Uex%cri(l)`<2%n7Zxw@aAb
zLF-j3JM{;ke6!{4RFjhFt=3EGW0-H@4#d#h!X1dgB4zuIy925Wr$@&2GC~<D_!0wW
zE;ugLf=j(!*3#|uk+zsx$A}*7Ev+l0oP--d8h{?fr>9r+F?hGI*)ia@wAuG9hSe%a
zcrCn0lu+-AiBc$dRkbQ}wbQ8GW_uPy;J>?Vo(1XXzgo+vkKwz84TvGPg$;;fwv;Py
z<ZV-VWgPz{hvMXp5J}1PDGQO5c;Q3i%z)iXcOYcS@fH*^<to(y*~bXp!WP7++rk#a
zL12<DcaQ>VHKg7ydgz&ut1FF24Sz06;FDTosJCk#_A%<VK$I9Sx*wvbI&&NbrVJI*
zo5E$ai%#M>4((JXxw|4B5V+HPXqSjmKGVlt)=q=8`xq`#h;pPQr^cN3aroB4^@(Gy
z7Kma)Ja@T1DqBAQ-`NL_`s-6diq)4PdOLoL_4B>Ja_@|n<dqr`)W>L%w%bSY1yu|b
zBDj1_yHMYob8-sxy-~VdyKr#`*TUI~b6ywDRt)kebUE_EsnAIb7->Tt2h*rkc2Lkd
zVl$EpC2?26Y8egyd5$BBS~h2hF`j!OiY5kz1TYdr8IsT|Nt6RXo+F8(9cd&+&%37(
zWv<icQD(ehGBmn!sV1ZhHpVm97|(F;7>`<YWUw(Fel#_}Z2Tf-q0$#Z#1yVF#3+xl
z1#_KVZ%wxip3K%GUezimLkt<ou~1%l3;*&yx()J<-T*dJqSZ{l!4Bj?4*q=dB)1$6
z0C|qQ0~*jj*ceZ!b&m*L_Z*|Igi)yDZ%`#-mvRT3hH)f#)oapmh!G=YET306Yv^{p
z*GkQb9+JQ?$?=lPg_7gND33DJ<91su3oyipkuuaAH|DMztbM#Tre8NT*?zFIE!}2^
zR5i8+3b|^4RWvpd$7o6AWJsc_<OUpo@*KGVs>q2!o_pE=&GHyx#7G&-Z@?Zq@f)Cv
zH#I+eh-0)CHXu%tT;O*Hpgc!zfM$6NHpnyBAkT2`AdmXQ&0vE(?)n^wGpkwHLk#gO
z>|TP($m<iQ<|*gw$lcR)`@u$dYCM#P%EjS@T~vwQ4tU<Hg}YHb)3sWgVK@NeInvvu
z=0*=T#xvL$&v5S;kDBg09DwnJV0cchDFnl-8OTEn@hImiJe0+8_q%@EG-?5xN=+gj
zVz@{f>X>AGxcM|u6$fZ7+_gBUYJpS62#+$+<L;W8+&jc*kuuc&wHg=UTX@Q`Qj>d!
zI6+StszXKX4xEOgS@AYeYiK2Ee(rEUc-B#c0rWhy;ehb0P}zdxmJ14~nx8uy0NsUJ
zzkF5f_p<RCw03?EfbPPhu70Re2@N&Hc8HO?g{u-{Z3|cB-XpWr1l{3)$gEHq-qWN|
z7`{?7bO$>y%bQUA=qYQ}1>+pCT-sJ20NNdCoKIR@!*Bp<H(wTKnG`C%RVqk3#HgLZ
zZbE`+uuSX>(P~od>lgx5#yZj`qNY!dNgk&#L&rE&PTrR>hV7J@9w%DV?8`BR0JWhQ
zqV-Bd0sYrAkH<KZQyFT89Pnmp@gYCeQ98zNmMB9VCB+a$tK7^nuCt~M6)NdC*<5u0
zY8LBw03JJsTMz*Yk?(kpSzFZsc<jsr+)%c_)WfLoqWKKKDFmEZ01Z{B8dIyedSeXj
zDnrdtR5Vl}h^kggn2&Kvtu|Ds`RI;C0pHXkw8tbpSMr+p0ht9}V?(h{iXFvk>YZjX
zjxiFe&}4Qs68THKMom;3V^mieYSx%Nx@Olf*MalVevT&513U{Yr~wFL(ypZ)OUc!#
zQSuM9u5e9IKN^pY6rMg;^W8@~n$p7_`@|~Ru0mc_ttPgOHp=dcQtWL3Um~^i%7_ZF
zj5f~h*5z@FVB(Z;3pI&uv=gR@*TAw4F$WEXF1{#RsZN#g5SX1GA!j28b$9Ac$79r-
zyD>)D<@Mqkl%cp17dkBzSE}?4i$Qxin%l71Ip`#W?HjDs1ivwUx=0S?58@sw_Xn{E
zm1`ci@qkd-<HV7g4>;PPvZ1tcc!0dcvjPx)c0nQN;~JYfz>RX0VT#OdbttnMDp#!x
zfuSuna4MA|w+><yg)Ob%F>!qeaCST(TJ|_et0pdvhqzJpfft8JS~c}>wB0CNyojBa
z{1#!sX{jebj|ccsX0cA|Dga@%n&vphZWPH08U!Z+l=k)tSoqM>TMeb0J{5ExW3P-H
z&9S&SYTGT$4%)8OoXRoIoR>p+7Po)AkY%m?dZBS+;?k9JFt@JbTqk%(Kw|}VFf>J9
z0c{AexOly43#M2w#ws-)eLTQXw%1sE++0CpK@O9;GSfujcfI$%7XRQvL21!FxMSjY
zllDYhgkZs*IKWwU9G6qmMaS4zrW~$dPaO2TA8LhaI}rQbl%Yai5$pIpUh2_P>*`t+
zo=If2B!5zZKnj@yJY`3cUlqNvqfF8yym>fHcy+tm@cTgpv{g+?8e_Mc9L#gAJ?qEI
zIj|@SykA!W?SclBYe<}<>$fB9EAQIu@CsQ!>9HAV%I9d;GYEsRoyCKd;;uB0!59}b
zkW>tV!C70wIm3hD+4O4ASEjzZH`=aH4qpp(Avk=k6q>JFKejiNG(br70FUu2iv@hF
zQX^_c+aVf~va5DmLlvvR3lPg!LdjL;bAU^f^pO_6JI{PtAWBBvr@B@ln%E^O4@gxZ
z_zVvRg;KU$<IXN+tKYN4!74djTtRk0&>Y|tJ&x1qchq)@`nppg4wH{o0prmDdD|<>
z55R@u0(`Ox7>{0NZL}Sue2#;L#-o*zDAjXpyGFUDVPFVc=(NNTbnM0Uj)u|t3U3Rb
z8a!&b5)?Dk+g?XRD*Y_S4pMn>oTA%u<$1oN?YJE$9eh!9@5jX1Dz8nPi?DEQ4sehj
zd2Lj*(sq!tv<VuTmo^2&7xm#Z4bAqD@?gRB%Y#)r;9uQWPfp*ux_)|by*Z<F${qgO
z)rPCoWP{Omk%qwlz*5NuKUk^YjxI-SA87~!?_d?eJPu*tw)$zHh_;uM<!G>b1GB@)
zo(vs9m7`PaCzaPG@E;C13H+xJaiZ~`DfYU`!MribTAjb61+A`DQ*<V~K#7+aAq?cO
zC!bY`G1<8*EHOfO7SpgP#Am5h4<<W(g?B7eq2tjCZ(ONdb+R4doF@<}K5`Y@Ld8eD
z<lPke!X>;n#r|u_Sf>MArbjYX4G)-XmnoBF&sg#FA5y|foK@e1*lW5#me|v|M3!=*
z!I5Oq0#~L3GFSpp4#NW)m6aUeH4V}Gj0f1k`?Xs7W3s)bc(x4o_1>`Y2zN=1(U)Zd
zP1U%?Q-#Mp%cLS`lkGQUAsV22FGLHki0Tr1vOT9f*q)QPaODysQ6=^idrlW_OziDk
zxG}bK&55ZaZ;S@vOtxo@$T4ifl|gv+796s~N7T%a$@Z;LwimF&prIXx7wM0FO}29_
zXiY&ygZ2bpZBa*4FOKbB3tAKFXhCZ#=xDmuWc$}x1_yru%izL`5jy*~6P5V2-(Vs(
z%>))vv=H?J8F|>GiWUarcq$&Oskb{L09nlyn__?6!e9e5>Y1}P-LOSeNr|<pZ}v`c
z=F`Gxa9Kl22OBZKVYZQ|J6<Nc;t&%ugm8I67V#-{*X)`@JXnCJcrY8H(lh*~1Kg+~
zUd)T$QoNX2U}}ops0(~Nc6~1Jaof>$2R^P=r<!axn@7j@k57Aay!80A%Ia)48<BpR
z{i1*d!S)M&Q3M(&R{dmq*_f|}$mbe{A#j*N7*eIia!zqZ+QJp}7;>mj5k@QE<7$lM
z6#Lm0MuVC~{Kl22Xg2(edI=6w9Vk=mwp$qOo|&Ef6d*!0x1e<>6U>w>l?hhM@=S3t
z@`bfIwKYT|1#26;0gnc0*pF^)+j)m<ZHI8AU~Sv+NIE_{+1^x^^dTTAjE42%W@t;(
zCB5xW4O#j8e06wp=B@?iC)=eOMuW4hg3B|ERw(SLug&(VPPSKdx_7UtTEB0yy{cYn
zaOloqMyy)CZ?b)=Zm8hZU?bM9;R;`u#>Z`!D*Kg!63LZ03tFTax-;1>RkyC7jQDkx
z{AIdQ7duoJG=$g%x}YK0-nP4F2r4#W``RYk*EZd|uT3p8IN83oyPSV5(qgh*ZT|fC
z2+@T(&*#4oBi^bSa_nbYI47}ZY~h^5E*&Y~?s85v2k;cvmQsf5IhxN05f_5_@Lr_G
z6XH5m%1|Lm$CJOaf&W@p5bOlRAhZ#tMXxm<C`NUN+;*|mu<20FhTn;6z*3<K6%tMK
zSlg-KWSiiF!sj`%w}B@G?xa#=uUeRMDtOtv&bmhkeI!~b>r|~5Hx=A$-ele*gdW2w
zL4<0U`4s!v7Vc>57?XDt?*^6&)E)=hb(&)pV?}l1<<;>)w*j|n>zb-5m2f*XHWi~q
z6&&Sgo=<X^m%pfmC@<t3C_DjUnep6g@CE4|42J@ipc;G_&c>U(#TVcN9<G2V=<nxY
zIMW%zZb6jJAbqq!;tmvqrcks&4UNZWW@$~1fCyelj(}(i+30GJDx`r~jF`7>?}wa*
zEwqY~A5tw!kKxRcabY;vwLQjRtFJB;IaQ0sVK~z@;;&p_MSSH-tjM@>w$BZ-i5S2V
zGqOv^-9cketEyry<}veQ9hE|?R#gRbW1g`F;X6?3f*sLzHN}CJ><ATo!f^H(bCNt%
zTxLmLs<^CX&0sY1i1CRI*<ykB72X<AANIj;roajnd^lq);7@kSnErGihKr7@lp>r9
z7f_l8dN&eROF3g|Mj?hXg%-0~ek3Wd+5${tu-e$ACl?o3ZBuP`U`Bz}y2nv<oW@|a
zb_ye>Is{mVQyofqYHFN4XlaVA0M!JI*2f!^G}>A-K`@-jPy%OXl{RqpLb946NNj(r
zKPh{a)(hp5N~;1Pc*oafDXgz^g`=Ra6Z^DYGSEz13}^Ecudwg^-d<rZIlfhe9m7RD
zMe5M_d&C5m<d*G{yNle?{1}+aA;&Ce(R|EGTC|}+*d96WYu|gn+1FkOP*i>G&_T^(
z#%X!%{bqHg<o!0(7279Amj|*fB*?HRDLlNRKTw0kMW;-1Tb5iQMv>)m!3R~TFe!$M
z4y_!{+dqgOZXn?pCn_Z885hXTaP+5SZ~pjGQa~>&6&AtDY-<apc2I7ErB)Eh1*xUJ
zD1p&TW6RMo$ShCCg2+Nxp=w9Q&etVI6njjU7?JIqy9*=I<(=)CYoK!B1O}zHnGiQ#
z(rNYA8sKZP6(hIj!86BuUh>QtdtPwOc}HN-`htOt-8X!5)`7OYbF8TZlb4-JC6m`c
zD{S|iJ0-#3<r8hk-PUTzIrc3QS4$^4_NOhK==-h>TB{}QtDRjO)N@Qmk(p!SRHI;t
z=CcGOtKRejd~>0khaanu8C&-{I%PZO*sUEHW;o3ShH0?p*g?0r<?)daxu5`zO*wf7
zCT6HNc1D~Z>nOjaS{EPdGFg~EUPn1@)U-m36^Y2DJxCmD3wv<iWkTy-SN3B!-O^lR
z-`Wz3uv4b)a$a-+9VbjJ&b4s1ZI{kn=Bf*5+o9ve3M>Y27{qgl#TbxN?9W-EOYDJJ
z*h8Sc#d2!LxgpdrRDeCEk--tY`<z=uGJ%k#07^9w9>X1C%kCp6xeP)ff>I5b!f<8o
z83HJI*9$f9baM^5v9)U~SOUDvf~5p6>w*Q!#5~->A%g&q{w|psXfyv^v51a5WU9=q
z3OK(nG#<=!Hug$px*AD|(d<L!hYNOk7_MNa>$W9o-4rQ#Tnvs{L>)`B4;cp>az<<b
zd<z+|#{G%w5-NuzXyU9K+rFn-ee(cIiw~^GiN)U|({qVy+Ccvuq>1|S3J#ck!n{co
z4m98O(t$Sax()NYr5%^5q&}2@rI{zp$03J0HI=U|R1lSw4%}7+h~J|Z0pe$eLIL7e
z%O+uM(Gio!nJNb(iYMs)oGs84bbs~Ha|{=qSbaDSSqZ}xB0tr9RSaiB{A9#Z7|9;u
z_hBSci_-791H)iN1&H6*YT8Gw_*zY+s1<`f6d-;MBmo250m<atixS4K29kiM+j@~N
zAQPndVVP~Us`Xbf#J?oW6HI<Vm>=*u(2>Gi)%pSI7R6oQd|oCL7+*c8T6<;V`;PI2
zI%j^Y&MtFS>i~FVgZn<@D`1;=*^z3|6u`|&t?maoZlA9-z|4<UbjN8`DlwWVuN)o2
zP4#pvT+~{9(gb5g>d?|zj-mJ^IUd8ll55^Uj;n8?V6L%+x}bB!i84!bwPD}8%vD#S
zZP3?`6=F2-s9(ACvihn@RoRfQ8!J@mf>?pjEEMWODyRnjRW{xm@=V$Zc|oYd#1?43
z+v4#Y4Qqt5s1IkdFU}$k5gMMcw}k)=gR#emuX30JQ11y@!0BuC*%#=~rbQPF(0w$O
zOSCFQQyEIBosNO&L_BBd?i>L69w)QZXKFAPQxm((-O=S^0r5pz<Sajz=yLCfulmpp
zOe#~^uVKtVsSIWE>J|=C#A4ZX@|s#FO$_=jiG~EIT~Kolc>VjhBcnddQ&oq6zDKcJ
z^<^H66<rmDO9an5vs*jwyjCCA!B_?H9A{K49nTo_Rpxr+9_S)3E|aB=#d`phpQ?YA
zbWQbn9_VT&`}8vJsJDP%aj8=1fE<nBE#{S#LLk)#da$zc@d^Tu2P;TCMAGOhi_Vv_
zX8|(uXSv|Jt<@KLu&{`IE%B2Ch+p6*aXx@D*CWreYRUjfpV_`LRxo8eT?(d5qrUo3
z)i$W_j&j&=);eqr2TpfwzwxY&wJr|Q<oFZT-U^V4niYtJl@AxWETB?t{K5)PvNU>L
z0bbUb7q)P?@ElI`cX_z*h|2tTWy6m;T!?U0H^Bz;LxCaALvImhi7W;^5B<&8UqAie
z^!Gph!U_Gq&wYG*`|{!G>Fw3k^PBDE#qG20)%8cGFP}a;y?*wj-HrYCKYFCk%(Qb`
znClSwAw!-^A5HxhYOto<gL~+snTIhXiJ`s$5Q+`nG^0@SLM}+7qnCIMrMShxtmflr
zhqyLsrGcuBk^iOR7(?|7a=Shx#Ght|=rvAC9`S^`UjDjKljnermw8=C$nkV3?Sc9p
z6vi?S7~EuA80i7GL9ro9C(v=5V~#%3dM4}W+fIV2Z^@UspV>h#ks!BGJ^QhfVCjIw
z!2Z$!vEgHHBOP}@R3!n`i;EX$k0Bm{Wi)z@1dNz@tR=d{NbeF|>`F~{p^MJH>_Sa`
ztYeIhMtxqZLb<w`E>b=*T+nlTF;@;N#20tQ%1qb=E+UlK-ULj^2T1Ce((*0+^wUqb
zm*+3eop?IGxw-u4#U~dpZf{OsUR~clc=76!4==87tP5+S%@wem;K#)?1H@Je6{7X%
zy4nVt-A0E3(VjyV>O(g=;#J#Fa|4zLbt&kctuOaeP(F1O3X$8^v1%Z50U>ZL{1#4k
zz$JxhKk(42OfLqT<so)-3}HQ<js;(3qdwdQ$7rMw%CV+~UXux-D-~Su$P%(6SM*?#
zI*uV<Vp?(3_Y%{JfonO}J1{LhO$#~u){ftWX=znc;VzC&*AiXgnD0fpm`v|3bWv@5
zgtp%|UDQMvXqm;aLcoi^2Zj9ZMtz42PV`8i%ClAB9VOsdft5pVb+0U`WjB_2`GT?W
z;ggqDYq9Sbke2fb6}>sAGzhfc{JdZU!OAo>!59i(m>FDd;DY;P7w_%UlU<IY*v_=h
zP&R+Jx%%+OPGIrLi8Xkn1ZKy6VtAF3Ts>-~@Pj9IfZb?^y7OiR5g9g9eJAsnnV~>^
zXCAZ2?q8r;mg?bSR&?<0n3(}u-<dNr!&`VaL+!i9?`EggzB_7W1yjiOzYrdXsDcnx
z#E)p=WfJHK3n;)b6KfG&V3N$_(PX^Cks5?LdjnOWe$>R8*1nl0L-$E!!E;#SMndh<
zU57_bY_KS1SLWh?;b7gPbkG)s57qbHkC_<ImfD<{sfO?wJ2<%O;F&=z)#gsd1;iHk
zg)6ohrp2!->Hz7%(;}(VHm1C^9gQ#$$=gRkaa4VSL;ZAr@i8-N@T#u4m8Pa$yQsjB
z&fW4$r|Jtv2T$zj_4%{g2Ly0Fcyj*o)AN@PUS40_UOl;b{@}yQ7f&x=e1tz<T#P6w
zQ9an%q%~zk1sDZxG!kOuB@eOSYGK6xUshns5<VPr(z&aEr6-;LCRXtD<0lW!pFFsF
zd3$;F;=#@ofJq{c4Ckrs5_t%qjI0ZJRqtROs4oCvEK~JLtR~jj8x(J^)cm?e4@9Mx
z;4C%Ii{D@$c=4;-2M6yZSP)LSxnXflJxOryJPNhy>K;YcU|6VWhQ~~-scm5rSM!q-
z<KrKE^2{6cZ1|&QHgt`}8|?(IFf(>kbIAi8r#g6Mo;iMe_3GyN#n&I4pPxVY8vgf_
zk3PA5uroERI9_1MVvl|NOBVZmCyAkUxr!zg{K;_W&-Z9?uBOs<2mYZaxxoE9&t>6+
zdhf#C3P%YbFu!9F)nzMuuw*w}#pb*aO;7JA^0SH+{C@x+^|JK`pHHY^g?X90J%kyC
z=N^5i(>=}0x*zcBTJ-Yy7G6C>^rMHJy?S`KY2<+M;J3Yed2O&4cp&HLEL>OE#?jw}
z*E>4@Z=K&<ynFTH_Vn$mSJ#&p*B)P>mXp)Zzj$&*`qT!tHt89UPd|9|;qBL7Ubs#b
z+{qU&o)Rp<e~%H0@Y~aOE}uQSxW0Jt<l^S+1oHIs!}BL!yLo<o^YQ7+bF@Fdcy{am
zb$$8K$G0blk37A3dH&?$tMm6G>u<L?qoqIIoPOmG{PUX!r~?9%>cy+)&tZX9#^37A
znRC6)KOEp^--Vwxn=|JJRQ}w`KO+<aA<#T>w>fkEE9K|C_;Uxf9S9AAh4~AE=t8Hc
z$Ai8o&B=X6tdH1<GRh?XoJ<nY2WPG@i1K@+|K)#oO2#xya6$zdgODzqTKfnn=@35c
z?;vIV_jHz^r88c&4}h52-+LHmP-;84rot>iPNzj`9|0-zzo)YRF`aUud;qTVGbi%2
zzk`<f-;)7w+Rl8Mt@Z^FvT{`{wGN<U-l0bh7EI_Cm^M=anOkQ*4^I0G=;;$%v<{%9
z&rHxdfS5i!T<ZX0`gmHU1MbdQ<&;dV1IStB^i1wA$XQ#|LTV0fI5BZ;2)g6e^?-x<
z%met^7eGnTA=z|XBhjO$Fpgn@XMlGM5S!?Pc=GLTzJ&0Ap4BcuS(ysh#98gabhQp3
zsOXT)6>L@X=<p%|oW29xc|2MC>kQ#yI$7b36CDT(Xa^YRd#(aMn&?GvSqIBxPZ&7U
z&T8urVE06a9%;mFgEy+G{ggppua;@F0d?~Z%m~5xc;WEeiB6=(Pna?6xX=q^hI3yh
z4;*EpgPbzlWuliS4_M!RFEBauBH6Ai4ASPTamkfh2T)jaNKOT^K+cd=WsE`8%{!!@
zAo6BCdW5id9o{YL1Lfeo61@lupE^Y2?UxKmB6?+a1<1`=W8G^I@T_r;IfW|laflA$
z)}jv28Q@f%F!-D7kPrsw`xz?p7@r{8IzvpGDUmko&{L)ulnCTy^Pz<F6umN{;jsm%
z8e}3UBLOWH9k790U^nA@V*y>BA$Y*}3`h$w)#w1SqG+Dc0c6cP$a@IH>8y1TMA~{l
zTG1idodLAXdn~AEpl$0SIh28ruOK>f6`scK#tu$A-Xb7eq8F73=!XHxvin{{Ugy@=
z1|#xj9U8<7?gqTXy+03N-{@uV4JbmgLqZ&&9cQg|`T;M94)QwV=!#y>H-WcW_F@1D
z08mp?BOuY`5wtHmB-2Htz33tD2}F(PMaVy{(unKMTLmye^dd(mlJn@5tI&&RY{^L!
zn-Lx4R>2lHYaP6y>^R(DXPtF%5lb&R@O_!h87ggqUSxJD<4{4Gv(CD?q}+-gls%7_
z1=>C)4Ap))gEeFg1q$aqq@qieRzx={$P2e%1%9?44}|V4R)E|J*<)!uB6ap5sy95s
zj|M95$0LGU9Dz!_$R5dgMWUqaBDE;g7NBm%O{O9!qKD+$$hei==&=r{jFHWX1XOf$
ziJ{st!3hyPq!vj<L(V!EOQ3#;sGax7h(wgmy0i#$p~Nj@%7zUg)2(w(HEk@!DvKVH
zJ&;u;x=H>3s2AN_nwmNuQ9J7)l|U-OA-eekJ|Mh*ULTR%Wl5>y5w)`(J&K{=*j7-?
z_JksmyQezT4-v)l9_gl#X_t3dIJvk-XPAP)1yFlI^pI*J&0lnrs&a+u$bcaXA%aj>
z*<*p)@V%b(F1TGI5*dAYkA>YOvoG%^6&WhEaE4_Ygd*E7@3C;j!IIF8;_S4ElLeUf
z=u!6svKVN~{+N&nn0H&ac4P?V-K73hktNu>ut{}VMDeVLhtr}t5zVtcOw19sKse!$
zcxT}377d8pS&tT=J&qIw8ix;&H3+|w@gZnoqDPCTT*hH+pgrwBL^QW7d(@kiJu>aR
zB1^Eh%zq?U$Q}#V5^VFVcP>zEH^?9qJyI3`FiLb;S~`*1GVdvKUiL`GB7+dlOk*R+
z9uz&YkATF3d#^@YHJOBY4*?NWWD^c1lOdxp@39~r$ugu=DE+P?Fj4eaU@|yaqFY-7
zXTf7|GiC?~1KnJ)8;t;DAm%+5bR;qp^KR0PfnyfkENGiD;6;z6@rdHthj_dm%2Bvw
zxEknYskdY>4%xj=j11TSvd03OC9`qJ0q+>OtdK1)dMpSUG8_k!Gmz1k_gGN4ah+wi
z9TNP25zJZyFf7q)fnAgBIOIrrx;&zF)<d8t6&a9uuMS18AZd0u{bA$Cj1=93^<0r1
znRoNY9IlMn6d+47??xqqpwc42U_U6?lX*8`l~VTh*^nt!>4_nGQuII^>QLc*#95Y*
zL78`3P;_7gif#+6gY3%uYfGdc`e(D3<|ig9yXC@%EKFd#I<ul2YuO`V!IT;;x=4OT
zS<RxGJT{b%EW06&tE)yJDq*83l~{C>nha$W%WjT|#-|IeYS~Sav?gmaCzsUw$hRT8
z!3{oiJsF{VK`5K~4Cbyue6lu0kCgaiZRTCXl|@mtg<b;3rQ}=jF?miYZ&q}3dB!A}
z_II%+i!+~^w7F_BJM(TrKG$S*=Dik353VS?QN(PFN>SqO+2~T!6q!lswz5Y`d9pn7
zk4Vas;VF6v#hkodqMMXZ2ya~ICU|O1)+gEisty9_u+Sr0A5lE}i1gmp$Z>`D)zEh+
zGgb7E;0q;{o{bQ}`lQM5%zMylW>ANy#%8!zWPOgV8i=;LWO(L1Iz;7G-8jKW+<yqv
zo-AaoCc|^GVigclyU-&gG#Q=wN2I<4D+b+M{Y!OOAaveifs2vR3AeLBXtFmab5F_M
z6g|>qk*%3`k+P9e07bWj(?Pc8WFbL>wWEi1e#qx2dSsI(B4;0wml_(t8C<Id1<A-1
zJ*WtJgGZ(Junpz;iEaxrkvxyUc@0wukB2UG5gJQP<|Y7PYxl|ClwDFfk+BIl*!&Er
zExJfdf^zy~KWTW7w;ugm7N&Lq$mkSZT#8AoFXM?0>SihWz)zRD$PFZir1;c=EF>co
zV70Y_WP!>qDcQ*e6@BFSBpVdn45JB=ztqJ=F{{*c1kV)BL`_CXOZrOIWnuYbf})>w
zW61mzU8MF~ll=)8-ux61JMXf<df>m6{iIPru@~s)9uL)MMK-ADvcSa25(Thtz*xwx
zTI!OX1F}QKXFAj&rsvy&_#!J*bdv5a3eiVDQy`EX3J-$eWTt@lg)Z5&9l^8D$m2^s
zOflMm=17Jp3K3em2N|KVOExP<aPw~BgyS>VWL-HS%TsnqM<TmZ^jXlU$oj;2v$!i+
zp0Z0eoFjMknT2~mcBlB(g7!%sP0>#xkti>=&~M>hk@bl*U&E6?p*^xocF-w4T6U82
zLS?Fjew0m}8fFwfj5s{Y!$C2<vWvW16x)k_mhY9qb!8W+wxOyG^>fwT6)uF5ElXXJ
zLjh?>eJsF`f}j?<q@N+XQ+!4`rU;vn{iKAzb8ghniv4NG?37)yX*qgZU|>V`Cj4_5
z3(h{{Xr1>F+7yZ&EqqJ5A1TsHjw!`MLuRL#o79=09WC_BuZ0U+%@>ODQyG+kyq$%Q
zNzk7ja+H&k4wlA;v1Y`RlAHp_<o9Ht32K!r^%KzvNabGYm!qW(nWKWn(qWDoic9?@
zw;-z&?-Ce>2lB|4x}-;rY*P6ddF03&D*6c-iV|x}-9&(8L-wiooHRl3H0n}65k=OJ
zl`6lNN6;f<h`MEpW1?F&WTv8vDjgm@nll<mFvl4U?_J!UKRv%apVN}Q^4=Fuzj*QD
zquY-+C|z7XdUSJpeR2ND$?L!OGbAv4?c#Rx;l)RnFWz|V|N2Y6{MzR7=^L;8NcZ0E
zy_auae0=#s-?+Z`;2U51@{@0T?aB1?wcq;)zdA=U#l?fqkkR_=^7$>QAZ;#gp1kqB
zZ$JLxyWdM4K707tCoez2G&Y}o^8Cfk!_VG$&Hdyd{!PuNuWekH+poRx+E?Cte?xge
zU%R~BAZl`3J*b)=*gU&F|K#G+tLv|A5KHzNK6(B0*~7>0yvrZNf4%V<*Ab*_lusL1
zqzT^M>2z10*7XDQcyROe7q{o1J$P~ReHhP8<nk-~pS`%*x;bs1TzztS`IS=yo1KP%
z-obLNFI|S{h6X<W@aom=8?U{3b@}vRb&f=i{`}&>4yx6Is(Q9V66tRD;91)|X{u)k
zSGZ`yaHwgxJRTK0thNmXd>#LM`2O|P(^pR}t{?s2`(NDr;Kx@tw|@K$vYGnVsWjr;
z<;4BshcCVk>O8%9^ttc%f8RHpynaekj+VgGi&}nDi^A3}FAC>@srWkjJbVu+InTcS
z&iU=dBcSBngI)8Ws=r({54-ANJwDhC4|luQPqUslJNW6_IGwi_hx|0^8U6I?`pY;`
zk3PQr<azz_X7l4Xp-A?{QQG04-<}VCSod4*`uCh@=P%!T&nDX^pU}0Seh=Tddh&`&
zjeX&rV-DTvJ#X~WC;JJ%e0BZY-LR)mPA{Hc_%djK3^C)UPaZzIy8h%G_v8HK%jcI*
z&MC2)&MXc${&;(N`~2dOyT5NfzxDrkeo6Q7;q&tsAHDI~XAhoUJUf5&{Pwj+M#lWj
z%Zn$M&-m*&Jevobw~_mGef50v=8LBr+@K%7q)nzQu&ZaAAGy57Ja29`Z$3dj*Ujer
zt4maF+kE#Yf8p&n-~W*}-~aAU{tW%bW#ex?h`;Sm!t={V{vU46r}H}SuP1amude-4
zKDhW7!kXM&q`SBOvHK(ac>fdp`{~SFj`>9LvxO_}n!q7(2u}C>_tDAbp8oItJ~Rs*
zh_E+a`;<fq{>37R#afhH8JOeemYC!BpPagDjGZTT@ws;%60g}o^F~}0lK5~^Ufb<n
zLpQLaLJ#H#s86e~4SeOzSGONuU4IV$3JjP2jcmgoyLfU-|NJr?_s{)3KgfR&%k(E1
z|EiUvjJ!-H=V#X!&rWuf9yy+nwDSLl=hvYTZ=P*j8-g1~f_3TtHZOb|UKS<&EorL;
zU_!w1;(k?&(sWQ(;x_s>L9J<<ho<5-j0^u%+7E~>Qh7z&4#sKnJ%n5A$VZWW4`_*O
zBTYK*2cM~E>&Wy?zK0Tql<W|<VP(+sMB9+l5A*AwWG25wTThW6@%PX+P&jPfmeT-q
z9w`7m?uWUIgb1c>FbDux#cddaG9L0aL{jE$h|A8tR}HvKVjZ1(*CiRF?HouQw_(!=
zd`QOK;o)~OcjJCEMt+9S=Je#OUqgxYSzAltompEiY1$1G2AuVi`v%V%dH>>mH0S(W
z?RKy`vwoPf^VP<`McYKNmuXwSBS0f>%f|&ciM+71AB~&$+W}#xn!EY;2m;I6+}i|M
zn=3|;wUITO{<iIU3h#>h(YQIC(T38dX+IS5Lv2ve)(T!S^vFmM{W<_<$+)1)!nwyF
z*|@tMQr*OPK@epAy#dTl_H+L0c)eK1L=l^5+pr^>KW`%!L(+!TQpS7SM)RXgiKLAj
zIbtsd3U^QX0hM)yxZ~fVjnIm`Uke*sv=Mxq{1z|slF=Er?J$>|R$zZEy#f*U!?-O)
zMP_X-raEh*#JIfQ2vAM5Q945M+ZMU#+5N>_z?{;4J79$rGMxMtp;2(f<ZY9b0ppG$
zNz>nAdU;#h!)>1Sqj7Wof;Qv=ru`6<=iW8T#=xU+q93Y)i#C@8mHiga=!kxj_7G(Y
zbDjv?kH5FW>vdA@j|+EZ93=l62g<ODzgM-$G0N6KW5~8{X>Ex3%f2^^lRQHcu2SA_
z0%kATC~hO29|EG}d6`-%qb8R|lB{i*;KdN%L*|-j6a1=b5mT4V8A?-|%kEu;^jSG)
zL}ZIGFzKvq1j~_as24B#k$*9z%eX^rHPMF3fLR;FdEQ2I&Urf&3m1Bl&~My9d(6H!
z?mBXIXZ=uPLbM5)3~gx4&okN(x|sjg`}vbGAmW8y2TfG2ZE`Nw<hLW9?9TTbYy<HN
z**XBgigi>jCpY^ZrJv=$b@?}0zn-wftc_B;@-`RGllFrhk>9Nm5p!Z42x!auAv0c{
z(+S)z9d`!<MV>#@;>yqNh+rwPUQ{;E&l-}Xa(<7*DVLIxt!<$EldMh3^AW?!xwt@>
z<hQt$xs0N<<@X%r`~;81D_Ibu`CL$BUC<dXGGw{{e%lDWWNa4h4Ad(@D;z6v{*d>V
z$t{c__7ZJKv&!d;ENQV0ya$u*c?FDA*f=c`4zu|Yt#X}VhhwnxJvnE*DwUtfQQD!H
zOPA|cXzRrphiR3ML34qNBRNAml%$vEnUsOFAI5+(D%v10McX8KEXwL;<H9BG9(_vA
z<k*o<GnpUywNzXo>(>dHH+C+~DeDL8RQz@jbZ$r7!n7aJMcxI9`c3;`e&EoeZ4$ce
z2>VF<ws$39(mD6?tRW~fw@F}JO5Fna(YZ~Be()&e^Fxzt8->j|_EXOPpedtlO8Px;
zM2RV&P|Ctwrd)<11z{)j4QRGG?a>br@9DT`1K1+kV6=<2KF4nG+acd`w1E?e-!AAN
z5a?nrM;E@5?&VlhecP;UK?gx1g6xL_BYsPDS@Q3V@_vkyydO|8#hpf$M}7|435skw
z#twU#%VZem3ws1sC+0V~x4=>wfDH*cPhhg?xJW4J<bF)O)UPI>E#kMhak5SDAw2Yz
z>-@B~{4VSuRuL(i(SDk!NJg?YsO^IG)6T_-W&PaKBUxJ`WcRdd1usUMxW7P*avni*
z&h_FQf>ea8n0B2wLpU1Ze&Fiov;z1d?V}DTS#}O++<a{Swuc4!N&5)LO6W~cS;bv|
zc_i*RR5)?2&?c~(4jex}_f#_>JCiUZN5OOOJ;9rxWs5tF&~Pdek?uM2EAx9fftBR<
zvV&cb@f^%$%I(2j(^7c37(-xCfRS<>xWd<R9T;s`UG_bo$~pc*<L37bLB;ZH;CuNx
zki;c0H?$#yKN}afEkDob*W`K*+Jw!CHmPR=mC9{mnsa`)cF19ow1V1{?FYt?7%igs
z>AmoD&v9I`bA{g`usQFCpgBQ%09e_$G`}2EAWK*9_6hND*>6$ajgs55`2liUXrl*)
zlXZZiISpuBAuDhb<UL1iFuC4V*l!c^kOZw@8)SDCsF}b7!Gz@eT8KPx-;j19_6S7H
zX^(=8xm*DKq#X(oD&*VLQb~%Geh_&Am%{Ck_m><};<ug9+o=Mfqze`CNygo^0J%jQ
z?v|hd094twz_VLydO8Mf`6Sl?CMIaV;CDd<AB4~+a|WoqaL+q>%QWo=Nw%~$ai?1Z
zbc#9SN{c;$87lkHLy+mX6LjF5RxojLeQ1Yq^Lqr&?!qPMgTYsc^}0;=tZmG(8}tK5
z&F2EuQP3H-hL|(9SI*g0v5m*2`Q`EhTFC;h1KuvjbwzyR?*Wu=<=yW=EwK*7cZs$^
z*q5+0a-M@R5I&Xv7IoXj{NQuQX)vMOSKg0YXc@mE8st11pqcRhf+()Ieo6y4s0CkJ
z@Hs&8EUaVUYygB8`#VTK-2@OcTL+X~D0>;LI!rn1M{A=pckw!)iMkr2aT|Rv$3f60
zuwk@OD0K2Yv<d7LZJqEpqD^3t@a*Kgo#vP8{7^Prxy5YGaDIxp;9!ZiL7Y?g_vQVV
zgf0&+nDFOeZPIp`Mu0bB+%e~2C`y8`khC9-k?T#+?xjx{J1P0bBz?G4oJgE2$W_@U
z=7J5Ewk~2c^0i@p!j}&vNBG|Hy@j(eE!Zy8g6)EoLvi15*u<V=5V7YIPIO9V&|ct<
zH0PXO!C8R-j`X(xzToB)ZB&jcxeMqg@Kdx=QPsSkD}ETCXY@n5x9A7uHf_T?aFfzD
znsY9@;lU914P*4VtVP?9^C7eWg-^#oo6B#_<~-$R7w#iKx9M+bF1asZ*P(t-wr?~>
zet+R1*yZ>s+9>QOqbbz2Y+TGmV!jXo`Pz0cdvZQRW8^wN+8WALN@)Nun%Fm(LfP5H
zZzZM$ccYL;RJb+Ub0|K-Z%^OLu~M`lVnxhP#O$CSoQ8QnlvohI1wfw71%wy2GumKz
zr{4qZCAN-r<a!QHq=<u}@8$Y4+7OA7j)69S$f8Z?Am}G#BidxV8335vK1T^C+>mq(
znsaVfAg9$;oJ`LK03C70!6&o(i^3atcRn2h<5GQ=<g8%~S4%P;1ByT^?=MWXY|a?N
z)%A{li#AHhNXDSH92dY`U`VC?Xj~EN0+b=A6@4$4=V%l3Lz}==&^Ab3+{oB1;xE~H
z3Gv8rJs?^Ff2J|y8HYbg?h(Mllm<XSq>lho$zvffuCS9K^+lW@eNUcoh$F#^q2G&p
z30^1Wj7&UvuBO~pqq)el*6(ut1@prof(DR2q77dZZHP=0ZNe4@_$++F)RyxD1pkQ`
zO*keXEYdMh7KsXsWoNt-J`s!|;{VX*3aO`e1~#ma0T49VdNDuYAEdeD_Z;Yk@LOSA
zI0(g@MO+&C2^$t|gOojR+h;Vu{1A+ojzM#gd~HegK)hw=3ge0x8{~1iRR5HIP(iY_
zVJ?We%jW`Fk&Ur~Ig{Tlj3ICuv{6ZuY|p_E#QDR;lx<y(|KWRGt{-5|0{^4=<#z_i
zjVl<H(Ey2sVt&HEg>m717yY1A%eGv0BVa<>IM6I|Jr>#@oMZX-Q29@ci}*i5Q>ap6
z9f<#vZ9-N++dwo}Ixglcco@x3oCCNPB@JMU%W?aKwGBBYgSm{kjYw@d55xRiMcjBV
zp)?^dEnNq^E(l0U+vs~a4uZA?eHW%xMi*4I!u86(H&TI{<cwo}(#FAD<osIHCr*D$
zW90jRHY`N+19&LfT%FvQF8HmCiRlommh)#w^IS&lh9%nt&T=^}z!ou=1s*X<UpcYF
z?6)*-9v?y8GI{Rdug!i7<PaK6J{N=)$Tktbf!{Xy9#NaXWPo@GK8g9|vIlkRh24$s
z34blxTxITb-{4=BYwL5n2Nn)CDP1p(o7?O-_O9Z6HpY<q)i4(kmw`5T*3vO*xDj*z
z0@_4e2DRn30p{##OvZDe`Q^MF*RsuVe)?V>ABHyfKwSJiw6(bof;J#JVjT#yOxrL&
zdf<jWx5t%fF2a9A;S3Ak%XM^&+voZQ+HeWeG0+ANwQLhO5}<2=1yQVIK4*j%=Q5tg
z5H=^J<K%LNO1b2`6X`C}rwP0+qXDE_m-BY8H4%@57jK2132jXt^NBWkA}ZMrYRh$H
zFcPsJG;SV)26jr7`SR}x935kbI8d|+Up}?vG{sy1UZ-QwxH)fvClzo@+K;{`WDlx@
z$g=?iA?L-kMPlFJM$FCzdQk>?Mg#bSv$<d$LeHT&=VR<fIECf++^Z}!Nbt{KT#?g&
zHsLR$w)|Yd<6j9L3+*763z!Qc;>6lSJQv1*av}Pm0G?<AaGSPaE>wadp&yN#%V~&T
z2#~ZN#zg>m-bMi?qK#@BCu7ii<vGvBTtI}hAB~&i2QVaYG1GqZJ;`GcYbxf9SX0>s
zK`p-5=duxFU@~bxir&b1G0iXMLpW4)dU6_wyM-}C3>w-*%mixPfLQtW0NseSfn8<e
zV$O(~NPkQ7lji^cz8pi`8O%lM=t%C%c?9}N+a7JX-3Wj}+<nZC-gQan2Prd3{(_{W
zY>zOm)X~9q^Yx;i)Wgu0pFhmcJ@`eF3H$(a5m+CkYAwt~#36%;Lt9DLhBgs<PKa-Q
zXJ`z;pAm<W<G}R2d>v?$IyyNv#GM94k<k=$>2n+or%J?3K<yM5BgU1u4?sbI`w*y*
zom2c)=v>s6>j#)0l=PIQG?!e@ff_4vTJb#?L+NkPhUl5R4a`&U4FI<pkA;Jo%0nh+
zm)df>2Tj5^LG#Ob6FLbU6W^o4OZgZO%AyUPUD1XBW6>sUP9TiAj)`#>WB`tRc2|M?
zgZ$|jSg***#M*>hg{Id^xj#VZO23CO;5ZO%5~rcCzU(~Xw<4YfZ6e<QZE&cFF%UT{
z+C&@*9fMq6(%N!85e7Swo8|X%{SRP?h^IjtZdd+W*y4gNu>HiG5e_HrK9m8mm!t5D
zW84KhK<2d}!BgapP+N{~(Dlge9?)fh{~<VDtOG%*V$NWc89%_d()UCGU4nj-7#F{l
zc02+-a$NxZ1m1);B<N*(1noJGFGlHVNFUKp<XfSi$hSh9+)JQ7VlM#-=DZWX75P?Z
zlh``ia{Y?fP##wR;U;tEppNH$Ng6}kEiy23eg(rqVA7<F3YtPm%I^^vd9G(ep#k`x
z(;3Vp=MgyMf=^;I1;58aa$N<M3yyR?27a8)8T3QJz_cG=3&H;YTZp()j3Hv3(IVpo
z&`aDIL>lBV9r!JTZ8{gs55hKU!(4Lyhj-|p$)^4AJ?WFHYxfdMtV^Mvl)nqPOIRAf
zk$eoK7G(27KPpX}%0`ey@ISbT^L6020;@+GlIF$t5LhMK^78`v39OlDmFs4Jf<)ds
z#-$e!^L4;L&)aad1YM*ZfMZaLm<fUz1pV-urEC*<1o)oJ8$)%FTo<La<?<IW7phc<
zb@aLa17qOTX3<Y#3NX)wK13nlVhlWDCEF0qo{xd+k=;vNk4~N|1fpbjhOSY5kI*K4
z!r<(3ZHVQ}zK2MSM#xLhFSpr2Q;}0mS1{Kn(I)bz(S{nRISo*8Hlsa$C@^0dH@8Cp
z9g3I)j6p>Uv-1oenz%<O?IX@J%yYrBrQZ)@2rL6_h&;^4g?=jb96Dy!59<~72UQKv
zWf>unQr03gO3)NyMw}}+S;Tr5bV8&S<hDK7se5KC<)?V{TijpdfeW7K9tY3%10lzP
z&Hy82TO<6OaH~mvh0sPpXQXNgI-~AYHfPWj&k3aa2Ex0?C)4#(!erVHB1PIW2-%Uc
z0+_j=i_DXQIFhkUHS|gOTLjqUbAdi7+az{~l#u-HV_Z?A2W_wtvoVl5lG_>(m*Ng0
zm_f!`5dfIoOM=^l&INCU(3?;lN!VqSc9NfQh;E@DfV+ru1vpXM8MNhiC)TmRhoDa8
z>ww=y*u;o35`H0sP~~?Y^g}jsN@t8Kuq6PwmEh07`2|*w@8#>j7&0yhWt@eaMp3wY
zZ7_aiofuS^$T3y8L<If<#7*is_@2;_fHDXh5h|D9bq#r+Qd(htGDZ`Hm&IKGx+ZuN
z;9?O60OVSpAwne5agpR8bV96G#IC|+BYl+!a}zcMpk_H|_=WO24YgC;Uqqe@eu`>t
z0#^Z|D)<nh>+-chjg`6{Zd;Dcp`Y|EqAj;WK`RkkMs&$#6uGVBJ%>0Kd<Z&q#@jI$
zQTKz?aUp+U3W>N}3jY(|L)=_;FQLkdxOKFNxOKEixdj)2h+V+jfWkI_7Awy<^waG8
zVGLxere_jng}~dXEyp{tAF}QTXrJ>*B)&o*$uT5<fhsTPhro3~KLlROHj#^mIg9*h
zw28V4XcN2>Z9u>BIm1MhZ3x;C{Q%deZJ-qb^|Lm@ZL|G=(4uG3Q#}U}6S++SGq1_{
zJ=#Q0HQGcxI@*McLYu_MaO@@R;cLs~7NU@I{F&Ava<qYR<+>Ec6}1@1Ln>?%gvUx5
zKR~O=X$3t@oFT+&WOpCcxn*4!%umi4@M*SQ%x~ciB3>#R1O41PxQYIUNJ+{65R;Y7
z8S|4lY;YUoyd8j+$Q{PGqGlo5+$&kxT!c-BaRI)jG^H_eot3f@BwZGCbRb4K?dhfD
zoQDCvm+{5G4#j$Lv+_Nn?@7KU^S97%LC--Un~XPME&#tW8erU94pIraoK`eOjzOVq
zL4SesIO7NCCvBkyxlq~sYNYi_eFJtt#>dGel4AulXJP;15=vbKE&_44kPM%Vfw_oW
zX|y4DA*CPMz{o`#1iEMw^;z*-k<);+;RdI_g@!400i@dtdm2`cl+#dc^SJ<_75EFK
zPv`4^h!+?DxKO?yD4qjnZ#rkRN!%MAO(6#fHp|wF-?|6=k~@vEQR04}Eyp83KQNAT
zE^u1m5an$!<8!`-?+M)kS+m054K-)sw=!N2w=(B{&{zS$q;o-=w3E@6>u}`#&G#I_
zNaS=;_)G4yCQW%^&Qh-fWSQHw7*}8;G)BHQgv1Cu4C9L0kbpp8)a5jgxIFqv{Tb?{
zh+6{Z6!#M872;l^yp*_?Xj`B&q9M}x(b_~D3d)j5I>U!1*S0`s812~@@DMEMqKK)?
z_#`Ty$e1GF7P;)9?@2ntP7&u1c8a)zFjMk71C%S*LEr&GLB@<$u%{)R@wr?s08$nD
z5HuR04<V{W@N8Jqx%~lmHx8DZORn!CY)RyLphfz2fR^OHML+kBX3Cqu#B#ZSbRnS+
z0c90(2HILaXSf4I+#%K`+pvyYS4Pnz83%yR3H%SxzwlSU1QS>qewv?q%x{5rE@1!g
zvI|}UbV$VXV$S(Fg>r?0$mw2UwbCyM4?+H0^pi1Y6b6-@Q}pYkEQ2p0J45Iv@LlZ3
znCpo&=UjgQa)TQp)`0{I(Kbr?i<gANT!4Fv-y%$3+-cZW8U0|o$l8m@uFbJI%vtJY
z$Yv5gVXCE^jRAvB)Nm#jRW7^9jLOdyjVtU%=!C*QgYV^XA7jYaL8?_O=_2(eq%Y*U
zGQf7}H^40t{$wC6@@@fI5_`1ZHvsn&x-v46bGZdt3A`QQiLx#+G9v{RgzqiP85IEY
z^M|luan?o=H-fpyw;M2S9)AzyRm65fWtH(3s1+e~Oq7O{bCK~DaCr&*53fkb{gAaL
zF&9yv6>4H7bu;)E#QjD1fsow@`xi14K}GVn2ujUpkM!gmgM#8M^M&A^5p)53CG;V%
zNx?fQ#5(7Hh{_N$0MWqt_YjpK&l>hOKSQu!Wy~GECt@`)W8rs3)W6`xC{rZ(8X_Bo
zuNS8v=V6%0l=Bx1D(p)NU(3%Qtt00fXcMuG^gTIeVBz`Mg?5_nImQ)nkr+ez4IsO7
zc}d!?kRPx#g!}+<DD)<v<8nXn{$8f*VGO~GsZH2<uzqu!1cjs$toio({POw5^~vk6
zZ%#kB{KkcQMP_sQ`0DC*gKM<Gdz@c*@$6~?mbrO+a{7gLHfOK5pMUG!rhVt_{w;(8
zzcaM;+g<y1HNFdyx6`|CRgcO&zIyWL(aFv2`Sq=Pyar*nz;#c4&+qyC?|b*;{{w8`
BDhdDq

diff --git a/doc/draft-ietf-capwap-protocol-specification-07.txt b/doc/draft-ietf-capwap-protocol-specification-07.txt
new file mode 100644
index 00000000..3af9a13d
--- /dev/null
+++ b/doc/draft-ietf-capwap-protocol-specification-07.txt
@@ -0,0 +1,7393 @@
+
+
+
+Network Working Group                                 P. Calhoun, Editor
+Internet-Draft                                       Cisco Systems, Inc.
+Expires: December 13, 2007                         M. Montemurro, Editor
+                                                      Research In Motion
+                                                      D. Stanley, Editor
+                                                          Aruba Networks
+                                                           June 11, 2007
+
+
+                     CAPWAP Protocol Specification
+              draft-ietf-capwap-protocol-specification-07
+
+Status of this Memo
+
+   By submitting this Internet-Draft, each author represents that any
+   applicable patent or other IPR claims of which he or she is aware
+   have been or will be disclosed, and any of which he or she becomes
+   aware will be disclosed, in accordance with Section 6 of BCP 79.
+
+   Internet-Drafts are working documents of the Internet Engineering
+   Task Force (IETF), its areas, and its working groups.  Note that
+   other groups may also distribute working documents as Internet-
+   Drafts.
+
+   Internet-Drafts are draft documents valid for a maximum of six months
+   and may be updated, replaced, or obsoleted by other documents at any
+   time.  It is inappropriate to use Internet-Drafts as reference
+   material or to cite them other than as "work in progress."
+
+   The list of current Internet-Drafts can be accessed at
+   http://www.ietf.org/ietf/1id-abstracts.txt.
+
+   The list of Internet-Draft Shadow Directories can be accessed at
+   http://www.ietf.org/shadow.html.
+
+   This Internet-Draft will expire on December 13, 2007.
+
+Copyright Notice
+
+   Copyright (C) The IETF Trust (2007).
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007              [Page 1]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+Abstract
+
+   This specification defines the Control And Provisioning of Wireless
+   Access Points (CAPWAP) Protocol.  The CAPWAP protocol meets the IETF
+   CAPWAP working group protocol requirements.  The CAPWAP protocol is
+   designed to be flexible, allowing it to be used for a variety of
+   wireless technologies.  This document describes the base CAPWAP
+   protocol.  The CAPWAP protocol binding which defines extensions for
+   use with the IEEE 802.11 wireless LAN protocol is available in [12].
+   Extensions are expected to be defined to enable use of the CAPWAP
+   protocol with additional wireless technologies.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007              [Page 2]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+1.  Introduction
+
+   This document describes the CAPWAP Protocol, a standard,
+   interoperable protocol which enables an Access Controller (AC) to
+   manage a collection of Wireless Termination Points (WTPs).  The
+   CAPWAP protocol is defined to be independent of layer 2 technology.
+
+   The emergence of centralized IEEE 802.11 Wireless Local Area Network
+   (WLAN) architectures, in which simple IEEE 802.11 WTPs are managed by
+   an Access Controller (AC) suggested that a standards based,
+   interoperable protocol could radically simplify the deployment and
+   management of wireless networks.  WTPs require a set of dynamic
+   management and control functions related to their primary task of
+   connecting the wireless and wired mediums.  Traditional protocols for
+   managing WTPs are either manual static configuration via HTTP,
+   proprietary Layer 2 specific or non-existent (if the WTPs are self-
+   contained).  An IEEE 802.11 binding is defined in [12] to support use
+   of the CAPWAP protocol with IEEE 802.11 WLAN networks.
+
+   CAPWAP assumes a network configuration consisting of multiple WTPs
+   communicating via the Internet Protocol (IP) to an AC.  WTPs are
+   viewed as remote RF interfaces controlled by the AC.  The CAPWAP
+   protocol supports two modes of operation: Split and Local MAC.  In
+   Split MAC mode all L2 wireless data and management frames are
+   encapsulated via the CAPWAP protocol and exchanged between the AC and
+   the WTP.  As shown in Figure 1, the wireless frames received from a
+   mobile device, which is referred to in this specification as a
+   Station (STA), are directly encapsulated by the WTP and forwarded to
+   the AC.
+
+              +-+         wireless frames        +-+
+              | |--------------------------------| |
+              | |              +-+               | |
+              | |--------------| |---------------| |
+              | |wireless PHY/ | |     CAPWAP    | |
+              | | MAC sublayer | |               | |
+              +-+              +-+               +-+
+              STA              WTP                AC
+
+        Figure 1: Representative CAPWAP Architecture for Split MAC
+
+   The Local MAC mode of operation allows for the data frames to be
+   either locally bridged, or tunneled as 802.3 frames.  The latter
+   implies that the WTP performs the 802 bridging function.  In either
+   case the L2 wireless management frames are processed locally by the
+   WTP, and then forwarded to the AC.  Figure 2 shows the Local MAC
+   mode, in which a station transmits a wireless frame which is
+   encapsulated in an 802.3 frame and forwarded to the AC.
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007              [Page 3]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+              +-+wireless frames +-+ 802.3 frames +-+
+              | |----------------| |--------------| |
+              | |                | |              | |
+              | |----------------| |--------------| |
+              | |wireless PHY/   | |     CAPWAP   | |
+              | | MAC sublayer   | |              | |
+              +-+                +-+              +-+
+              STA                WTP               AC
+
+        Figure 2: Representative CAPWAP Architecture for Local MAC
+
+   Provisioning WTPs with security credentials, and managing which WTPs
+   are authorized to provide service are traditionally handled by
+   proprietary solutions.  Allowing these functions to be performed from
+   a centralized AC in an interoperable fashion increases manageability
+   and allows network operators to more tightly control their wireless
+   network infrastructure.
+
+1.1.  Goals
+
+   The goals for the CAPWAP protocol are listed below:
+
+   1. To centralize the authentication and policy enforcement functions
+      for a wireless network.  The AC may also provide centralized
+      bridging, forwarding, and encryption of user traffic.
+      Centralization of these functions will enable reduced cost and
+      higher efficiency by applying the capabilities of network
+      processing silicon to the wireless network, as in wired LANs.
+
+   2. To enable shifting of the higher level protocol processing from
+      the WTP.  This leaves the time critical applications of wireless
+      control and access in the WTP, making efficient use of the
+      computing power available in WTPs which are the subject to severe
+      cost pressure.
+
+   3. To provide a generic encapsulation and transport mechanism,
+      enabling the CAPWAP protocol to be applied to many access point
+      types in the future, via a specific wireless binding.
+
+   The CAPWAP protocol concerns itself solely with the interface between
+   the WTP and the AC.  Inter-AC and station-to AC-communication are
+   strictly outside the scope of this document.
+
+1.2.  Conventions used in this document
+
+   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+   document are to be interpreted as described in RFC 2119 [1].
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007              [Page 4]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+1.3.  Contributing Authors
+
+   This section lists and acknowledges the authors of significant text
+   and concepts included in this specification.
+
+   The CAPWAP Working Group selected the Lightweight Access Point
+   Protocol (LWAPP) [add reference, when available] to be used as the
+   basis of the CAPWAP protocol specification.  The following people are
+   authors of the LWAPP document:
+
+      Bob O'Hara, Cisco Systems, Inc.
+      170 West Tasman Drive, San Jose, CA  95134
+      Phone: +1 408-853-5513, Email: bob.ohara@cisco.com
+
+      Pat Calhoun, Cisco Systems, Inc.
+      170 West Tasman Drive, San Jose, CA  95134
+      Phone: +1 408-853-5269, Email: pcalhoun@cisco.com
+
+      Rohit Suri, Cisco Systems, Inc.
+      170 West Tasman Drive, San Jose, CA  95134
+      Phone: +1 408-853-5548, Email: rsuri@cisco.com
+
+      Nancy Cam Winget, Cisco Systems, Inc.
+      170 West Tasman Drive, San Jose, CA  95134
+      Phone: +1 408-853-0532, Email: ncamwing@cisco.com
+
+      Scott Kelly, Aruba Networks
+      1322 Crossman Ave, Sunnyvale, CA 94089
+      Phone: +1  408-754-8408, Email: skelly@arubanetworks.com
+
+      Michael Glenn Williams, Nokia, Inc.
+      313 Fairchild Drive, Mountain View, CA  94043
+      Phone: +1 650-714-7758, Email: Michael.G.Williams@Nokia.com
+
+      Sue Hares, Nexthop Technologies, Inc.
+      825 Victors Way, Suite 100, Ann Arbor, MI  48108
+      Phone: +1 734 222 1610, Email: shares@nexthop.com
+
+   DTLS is used as the security solution for the CAPWAP protocol.  The
+   following people are authors of significant DTLS-related text
+   included in this document:
+
+      Scott Kelly, Aruba Networks
+      1322 Crossman Ave, Sunnyvale, CA 94089
+      Phone: +1  408-754-8408, Email: skelly@arubanetworks.com
+
+      Eric Rescorla, Network Resonance
+      2483 El Camino Real, #212,Palo Alto CA, 94303
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007              [Page 5]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+      Email: ekr@networkresonance.com
+
+   The concept of using DTLS to secure the CAPWAP protocol was part of
+   the Secure Light Access Point Protocol (SLAPP) proposal [add
+   reference when available].  The following people are authors of the
+   SLAPP proposal:
+
+      Partha Narasimhan, Aruba Networks
+      1322 Crossman Ave, Sunnyvale, CA  94089
+      Phone: +1 408-480-4716, Email: partha@arubanetworks.com
+
+      Dan Harkins, Tropos Networks
+      555 Del Rey Avenue, Sunnyvale, CA, 95085
+      Phone: +1 408 470 7372, Email: dharkins@tropos.com
+
+      Subbu Ponnuswamy, Aruba Networks
+      1322 Crossman Ave, Sunnyvale, CA  94089
+      Phone: +1 408-754-1213, Email: subbu@arubanetworks.com
+
+
+   The following individuals contributed significant security related
+   text to the draft:
+
+      T. Charles Clancy, Laboratory for Telecommunications Sciences,
+      8080 Greenmead Drive, College Park, MD 20740
+      Phone: +1 240-373-5069, Email: clancy@ltsnet.net
+
+      Scott Kelly, Aruba Networks
+      1322 Crossman Ave, Sunnyvale, CA 94089
+      Phone: +1  408-754-8408, Email: skelly@arubanetworks.com
+
+1.4.  Terminology
+
+   Access Controller (AC): The network entity that provides WTPs access
+   to the network infrastructure in the data plane, control plane,
+   management plane, or a combination therein.
+
+   CAPWAP Control Channel: A bi-directional flow defined by the AC IP
+   Address, WTP IP Address, AC control port, WTP control port and the
+   transport-layer protocol (UDP or UDP-Lite) over which CAPWAP control
+   packets are sent and received.
+
+   CAPWAP Data Channel: A bi-directional flow defined by the AC IP
+   Address, WTP IP Address, AC data port, WTP data port, and the
+   transport-layer protocol (UDP or UDP-Lite) over which CAPWAP data
+   packets are sent and received.
+
+   Station (STA): A device that contains an IEEE 802.11 conformant
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007              [Page 6]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   medium access control (MAC) and physical layer (PHY) interface to the
+   wireless medium (WM).
+
+   Wireless Termination Point (WTP): The physical or network entity that
+   contains an RF antenna and wireless PHY to transmit and receive
+   station traffic for wireless access networks.
+
+   This document uses additional terminology defined in [15].
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007              [Page 7]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+2.  Protocol Overview
+
+   The CAPWAP protocol is a generic protocol defining AC and WTP control
+   and data plane communication via a CAPWAP protocol transport
+   mechanism.  CAPWAP control messages, and optionally CAPWAP data
+   messages, are secured using Datagram Transport Layer Security (DTLS)
+   [7].  DTLS is a standards-track IETF protocol based upon TLS.  The
+   underlying security-related protocol mechanisms of TLS have been
+   successfully deployed for many years.
+
+   The CAPWAP protocol Transport layer carries two types of payload,
+   CAPWAP Data messages and CAPWAP Control messages.  CAPWAP Data
+   messages encapsulate forwarded wireless frames.  CAPWAP protocol
+   Control messages are management messages exchanged between a WTP and
+   an AC.  The CAPWAP Data and Control packets are sent over separate
+   UDP ports.  Since both data and control packets can exceed the
+   Maximum Transmission Unit (MTU) length, the payload of a CAPWAP data
+   or control message can be fragmented.  The fragmentation behavior is
+   defined in Section 3.
+
+   The CAPWAP Protocol begins with a discovery phase.  The WTPs send a
+   Discovery Request message, causing any Access Controller (AC)
+   receiving the message to respond with a Discovery Response message.
+   From the Discovery Response messages received, a WTP selects an AC
+   with which to establish a secure DTLS session.  CAPWAP protocol
+   messages will be fragmented to the maximum length discovered to be
+   supported by the network.
+
+   Once the WTP and the AC have completed DTLS session establishment, a
+   configuration exchange occurs in which both devices agree on version
+   information.  During this exchange the WTP may receive provisioning
+   settings.  The WTP is then enabled for operation.
+
+   When the WTP and AC have completed the version and provision exchange
+   and the WTP is enabled, the CAPWAP protocol is used to encapsulate
+   the wireless data frames sent between the WTP and AC.  The CAPWAP
+   protocol will fragment the L2 frames if the size of the encapsulated
+   wireless user data (Data) or protocol control (Management) frames
+   causes the resulting CAPWAP protocol packet to exceed the MTU
+   supported between the WTP and AC.  Fragmented CAPWAP packets are
+   reassembled to reconstitute the original encapsulated payload.
+
+   The CAPWAP protocol provides for the delivery of commands from the AC
+   to the WTP for the management of stations that are communicating with
+   the WTP.  This may include the creation of local data structures in
+   the WTP for the stations and the collection of statistical
+   information about the communication between the WTP and the stations.
+   The CAPWAP protocol provides a mechanism for the AC to obtain
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007              [Page 8]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   statistical information collected by the WTP.
+
+   The CAPWAP protocol provides for a keep alive feature that preserves
+   the communication channel between the WTP and AC.  If the AC fails to
+   appear alive, the WTP will try to discover a new AC.
+
+2.1.  Wireless Binding Definition
+
+   The CAPWAP protocol is independent of a specific WTP radio
+   technology.  Elements of the CAPWAP protocol are designed to
+   accommodate the specific needs of each wireless technology in a
+   standard way.  Implementation of the CAPWAP protocol for a particular
+   wireless technology MUST follow the binding requirements defined for
+   that technology.
+
+   When defining a binding for wireless technologies, the authors MUST
+   include any necessary definitions for technology-specific messages
+   and all technology-specific message elements for those messages.  At
+   a minimum, a binding MUST provide:
+
+   1 -   The definition for a binding-specific Statistics message
+      element, carried in the WTP Event Request message
+
+   2 -   A message element carried in the Station Configuration Request
+      message to configure station information on the WTP
+
+   3 -   A WTP Radio Information message element carried in the
+      Discovery, Primary Discovery and Join Request and Response
+      messages, indicating the binding specific radio types supported at
+      the WTP and AC.
+
+   If technology specific message elements are required for any of the
+   existing CAPWAP messages defined in this specification, they MUST
+   also be defined in the technology binding document.
+
+   The naming of binding-specific message elements MUST begin with the
+   name of the technology type, e.g., the binding for IEEE 802.11,
+   provided in [12], begins with "IEEE 802.11".
+
+   The CAPWAP binding concept is also used in any future specifications
+   that add functionality to either the base CAPWAP protocol
+   specification, or any published CAPWAP binding specification.  A
+   separate WTP Radio Information message element MUST be created to
+   properly advertise support for the specification.  This mechanism
+   allows for future protocol extensibility, while providing the
+   necessary capabilities advertisement, through the WTP Radio
+   Information message element, to ensure WTP/AC interoperability.
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007              [Page 9]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+2.2.  CAPWAP Session Establishment Overview
+
+   This section describes the session establishment process message
+   exchanges in the ideal case.  The annotated ladder diagram shows the
+   AC on the right, the WTP on the left, and assumes the use of
+   certificates for DTLS authentication.  The CAPWAP Protocol State
+   Machine is described in detail in Section 2.3.  Note that DTLS allows
+   certain messages to be aggregated into a single frame, which is
+   denoted via an asterix in the following figure.
+
+           ============                         ============
+               WTP                                   AC
+           ============                         ============
+            [----------- begin optional discovery ------------]
+
+                           Discover Request
+                 ------------------------------------>
+                           Discover Response
+                 <------------------------------------
+
+            [----------- end optional discovery ------------]
+
+                      (-- begin DTLS handshake --)
+
+                             ClientHello
+                 ------------------------------------>
+                      HelloVerifyRequest (with cookie)
+                 <------------------------------------
+
+
+                        ClientHello (with cookie)
+                 ------------------------------------>
+                                ServerHello,
+                                Certificate,
+                                ServerHelloDone*
+                 <------------------------------------
+
+                (-- WTP callout for AC authorization --)
+
+                        Certificate (optional),
+                         ClientKeyExchange,
+                     CertificateVerify (optional),
+                         ChangeCipherSpec,
+                             Finished*
+                 ------------------------------------>
+
+                (-- AC callout for WTP authorization --)
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 10]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+                         ChangeCipherSpec,
+                             Finished*
+                 <------------------------------------
+
+                (-- DTLS session is established now --)
+
+                              Join Request
+                 ------------------------------------>
+                              Join Response
+                 <------------------------------------
+
+                  (-- assume image is up to date --)
+
+                      Configuration Status Request
+                 ------------------------------------>
+                      Configuration Status Response
+                 <------------------------------------
+
+                        (-- enter RUN state --)
+
+                                   :
+                                   :
+
+                              Echo Request
+                 ------------------------------------>
+                             Echo Response
+                 <------------------------------------
+
+                                   :
+                                   :
+
+                              Event Request
+                 ------------------------------------>
+                             Event Response
+                 <------------------------------------
+
+                                   :
+                                   :
+
+   At the end of the illustrated CAPWAP message exchange, the AC and WTP
+   are securely exchanging CAPWAP control messages.  This is an
+   idealized illustration, provided to clarify protocol operation.
+   Section 2.3 provides a detailed description of the corresponding
+   state machine.
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 11]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+2.3.  CAPWAP State Machine Definition
+
+   The following state diagram represents the lifecycle of a WTP-AC
+   session.  Use of DTLS by the CAPWAP protocol results in the
+   juxtaposition of two nominally separate yet tightly bound state
+   machines.  The DTLS and CAPWAP state machines are coupled through an
+   API consisting of commands (see Section 2.3.2.1) and notifications
+   (see Section 2.3.2.2).  Certain transitions in the DTLS state machine
+   are triggered by commands from the CAPWAP state machine, while
+   certain transitions in the CAPWAP state machine are triggered by
+   notifications from the DTLS state machine.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 12]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+                                       /-------------------------\
+                                      w|                         |
+                                 5+----------+ x +------------+  |
+                                  |   Run    |-->|   Reset    |-\|
+                                  +----------+   +------------+ ||
+                               u      ^           ^     ^      y||
+                +------------+--------/           |     |       ||
+                | Data Check |             /-------/    |       ||
+                +------------+<-------\   |             |       ||
+                                          |             |       ||
+                       /------------------+--------\    |       ||
+                      r|             t|  s|    4   v   o|       ||
+               +--------+     +-----------+     +--------------+||
+               |  Join  |---->| Configure |     |  Image Data  |||
+               +--------+  q  +-----------+     +--------------+||
+                ^  p|                  V|                    x| ||
+                |   |                   \-------------------\ | ||
+                |   \--------------------------------------\| | ||
+                \------------------------\                 || | ||
+         /--------------<----------------+--------------\  || | ||
+         | /------------<-------------\  |              |  || | ||
+         | |                         m|  |n            z|  vv v   vv
+         | |   +----------------+   +--------------+   +-----------+
+         | |   |   DTLS Setup   |   | DTLS Connect |   |  DTLS TD  |
+         | |   +----------------+   +--------------+   +-----------+
+         | |    g|  ^     ^   |h         ^               ^
+         v v     |  |     |   |          |               |
+         | |     |  |     |   \-------\  |   /-----------/
+         | |     |  |     |           |  |   |
+         | |     v  |e   f|      2    v  |j  |k
+         | \->+------+   +------+   +-----------+
+         |    | Idle |-->| Disc |   | Authorize |
+         \--->+------+ a +------+   +-----------+
+              b|    ^           |c
+               |    |      /----/
+               v   d|      |
+              +---------+  |
+              | Sulking |<-/
+            3 +---------+
+
+                 Figure 3: CAPWAP Integrated State Machine
+
+   The CAPWAP protocol state machine, depicted above, is used by both
+   the AC and the WTP.  In cases where states are not shared (i.e. not
+   implemented in one or the other of the AC or WTP), this is explicitly
+   called out in the transition descriptions below.  For every state
+   defined, only certain messages are permitted to be sent and received.
+   The CAPWAP control messages definitions specify the state(s) in which
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 13]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   each message is valid.
+
+   Since the WTP only communicates with a single AC, it only has a
+   single instance of the CAPWAP state machine.  The AC has a separate
+   instance of the CAPWAP state machine per WTP it is communicating
+   with.
+
+2.3.1.  CAPWAP Protocol State Transitions
+
+   This section describes the various state transitions, and the events
+   that cause them.  This section does not discuss interactions between
+   DTLS- and CAPWAP-specific states.  Those interactions, and DTLS-
+   specific states and transitions, are discussed in Section 2.3.2.
+
+   Idle to Discovery (a):  This transition occurs once device
+      initialization is complete.
+
+      WTP:  The WTP enters the Discovery state prior to transmitting the
+         first Discovery Request message (see Section 5.1).  Upon
+         entering this state, the WTP sets the DiscoveryInterval timer
+         (see Section 4.7).  The WTP resets the DiscoveryCount counter
+         to zero (0) (see Section 4.8).  The WTP also clears all
+         information from ACs it may have received during a previous
+         Discovery phase.
+
+      AC:  The AC does not maintain state information for the WTP upon
+         reception of the Discovery Request message, but it SHOULD
+         respond with a Discovery Response message (see Section 5.2).
+         This transition is a no-op for the AC.
+
+   Idle to Sulking (b):  This transition occurs to force the WTP and AC
+      to enter a quiet period to avoid repeatedly attempting to
+      establish a connection.
+
+      WTP:  The WTP enters this state when the FailedDTLSSessionCount or
+         the FailedDTLSAuthFailCount counter reaches
+         MaxFailedDTLSSessionRetry variable (see Section 4.8).  Upon
+         entering this state, the WTP MUST start the SilentInterval
+         timer.  While in the Sulking state, all received CAPWAP and
+         DTLS protocol messages received MUST be ignored.
+
+      AC:  The AC enters this state with the specific WTP when the
+         FailedDTLSSessionCount or the FailedDTLSAuthFailCount counter
+         reaches MaxFailedDTLSSessionRetry variable (see Section 4.8).
+         Upon entering this state, the AC MUST start the SilentInterval
+         timer.  While in the Sulking state, all received CAPWAP and
+         DTLS protocol messages received from the WTP MUST be ignored.
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 14]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Discovery to Discovery (2):  In the Discovery state, the WTP
+      determines which AC to connect to.
+
+      WTP:  This transition occurs when the DiscoveryInterval timer
+         expires.  If the WTP is configured with a list of ACs, it
+         transmits a Discovery Request message to every AC from which it
+         has not received a Discovery Response message.  For every
+         transition to this event, the WTP increments the DiscoveryCount
+         counter.  See Section 5.1 for more information on how the WTP
+         knows the ACs to which it should transmit the Discovery Request
+         messages.  The WTP restarts the DiscoveryInterval timer
+         whenever it transmits Discovery Request messages.
+
+      AC:  This is a no-op.
+
+   Discovery to Sulking (c):  This transition occurs on a WTP when
+      Discovery or connectivity to the AC fails.
+
+      WTP:  The WTP enters this state when the DiscoveryInterval timer
+         expires or the DiscoveryCount variable is equal to the
+         MaxDiscoveries variable (see Section 4.8).  Upon entering this
+         state, the WTP MUST start the SilentInterval timer.  While in
+         the Sulking state, all received CAPWAP protocol messages
+         received MUST be ignored.
+
+      AC:  This is a no-op.
+
+   Sulking to Idle (d):  This transition occurs on a WTP when it must
+      restart the discovery phase.
+
+      WTP:  The WTP enters this state when the SilentInterval timer (see
+         Section 4.7) expires.  The FailedDTLSSessionCount,
+         DiscoveryCount and FailedDTLSAuthFailCount counters are reset
+         to zero.
+
+      AC:  The AC enters this state when the SilentInterval timer (see
+         Section 4.7) expires.  The FailedDTLSSessionCount,
+         DiscoveryCount and FailedDTLSAuthFailCount counters are reset
+         to zero.
+
+   Sulking to Sulking (3):  The Sulking state provides the silent
+      period, minimizing the possibility for Denial of Service (DoS)
+      attacks.
+
+      WTP:  All packets received from the AC while in the sulking state
+         are ignored.
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 15]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+      AC:  All packets receive from the WTP while in the sulking state
+         are ignored.
+
+   Idle to DTLS Setup (e):  This transition occurs to establish a secure
+      DTLS session with the peer.
+
+      WTP:  The WTP initiates this transition by invoking the DTLSStart
+         command, which starts the DTLS session establishment with the
+         chosen AC.  When the discovery phase is bypassed, it is assumed
+         the WTP has a locally configured AC.
+
+      AC:  The AC initiates this transition by invoking the DTLSListen
+         command, which informs the DTLS stack that it is willing to
+         listen for an incoming session.  The AC MAY provide optional
+         qualifiers in the DTLSListen command to only accept session
+         requests from specific WTPs.
+
+   Discovery to DTLS Setup (f):  This transition occurs to establish a
+      secure DTLS session with the peer.
+
+      WTP:  The WTP initiates this transition by invoking the DTLSStart
+         command (see Section 2.3.2.1), which starts the DTLS session
+         establishment with the chosen AC.  The decision of which AC to
+         connect to is the result of the discovery phase, which is
+         described in Section 3.3.
+
+      AC:  The AC initiates this transition by invoking the DTLSListen
+         command (see Section 2.3.2.1), which informs the DTLS stack
+         that it is willing to listen for an incoming session.  The AC
+         MAY have maintained state information when it received the
+         Discovery Request message to provide optional qualifiers in the
+         DTLSListen command to only accept session requests from a
+         specific WTP.  Note that maintaining state information based on
+         an unsecured Discovery Request message MAY lead to a Denial of
+         Service attack.  Therefore the AC SHOULD ensure that the state
+         information is freed after a period, which is implementation
+         specific.
+
+   DTLS Setup to Idle (g):  This transition occurs when the DTLS Session
+      failed to be established.
+
+      WTP:  The WTP initiates this state transition when it receives a
+         DTLSEstablishFail notification from DTLS (see Section 2.3.2.2).
+         This error notification aborts the secure DTLS session
+         establishment.  When this notification is received, the
+         FailedDTLSSessionCount counter is incremented.
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 16]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+      AC:  The WTP initiates this state transition when it receives a
+         DTLSEstablishFail notification from DTLS (see Section 2.3.2.2).
+         This error notification aborts the secure DTLS session
+         establishment.  When this notification is received, the
+         FailedDTLSSessionCount counter is incremented.
+
+   DTLS Setup to Authorize (h):  This transition occurs when an incoming
+      DTLS session is being established, and the DTLS stack needs
+      authorization to proceed with the session establishment.
+
+      WTP:  This state transition occurs when the WTP receives the
+         DTLSPeerAuthorize notification (see Section 2.3.2.2).  Upon
+         entering this state, the WTP performs an authorization check
+         against the AC credentials.  See Section 2.4.4 for more
+         information on AC authorization.
+
+      AC:  This state transition occurs when the AC receives the
+         DTLSPeerAuthorize notification (see Section 2.3.2.2).  Upon
+         entering this state, the AC performs an authorization check
+         against the WTP credentials.  See Section 2.4.4 for more
+         information on WTP authorization.
+
+   Authorize to DTLS Connect (j):  This transition occurs to notify the
+      DTLS stack that the session should be established.
+
+      WTP:  This state transition occurs when the WTP has either opted
+         to forgo the authorization check of the AC's credentials, or
+         the credentials were successfully authorized.  This is done by
+         invoking the DTLSAccept DTLS command (see Section 2.3.2.1).
+
+      AC:  This state transition occurs when the AC has either opted to
+         forgo the authorization check of the WTP's credentials, or the
+         credentials were successfully authorized.  This is done by
+         invoking the DTLSAccept DTLS command (see Section 2.3.2.1).
+
+   Authorize to DTLS Teardown (k):  This transition occurs to notify the
+      DTLS stack that the session should be aborted.
+
+      WTP:  This state transition occurs when the WTP was unable to
+         authorize the AC, using the AC credentials.  The WTP then
+         aborts the DTLS session by invoking the DTLSAbortSession
+         command (see Section 2.3.2.1).
+
+      AC:  This state transition occurs when the AC was unable to
+         authorize the WTP, using the WTP credentials.  The AC then
+         aborts the DTLS session by invoking the DTLSAbortSession
+         command (see Section 2.3.2.1).
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 17]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   DTLS Connect to Idle (m):  This transition occurs when the DTLS
+      Session failed to be established.
+
+      WTP:  This state transition occurs when the WTP receives either a
+         DTLSAborted or DTLSAuthenticateFail notification (see
+         Section 2.3.2.2), indicating that the DTLS session was not
+         successfully established.  When this transition occurs due to
+         the DTLSAuthenticateFail notification, the
+         FailedDTLSAuthFailCount is incremented, otherwise the
+         FailedDTLSSessionCount counter is incremented.
+
+      AC:  This state transition occurs when the AC receives either a
+         DTLSAborted or DTLSAuthenticateFail notification (see
+         Section 2.3.2.2), indicating that the DTLS session was not
+         successfully established.  When this transition occurs due to
+         the DTLSAuthenticateFail notification, the
+         FailedDTLSAuthFailCount is incremented, otherwise the
+         FailedDTLSSessionCount counter is incremented.
+
+   DTLS Connect to Join (n):  This transition occurs when the DTLS
+      Session is successfully established.
+
+      WTP:  This state transition occurs when the WTP receives the
+         DTLSEstablished notification (see Section 2.3.2.2), indicating
+         that the DTLS session was successfully established.  When this
+         notification is received, the FailedDTLSSessionCount counter is
+         set to zero.
+
+      AC:  This state transition occurs when the AC receives the
+         DTLSEstablished notification (see Section 2.3.2.2), indicating
+         that the DTLS session was successfully established.  When this
+         notification is received, the FailedDTLSSessionCount counter is
+         set to zero, and the WaitJoin timer is started (see
+         Section 4.7).
+
+   Join to DTLS Teardown (p):  This transition occurs when the join
+      process failed.
+
+      WTP:  This state transition occurs when the WTP receives a Join
+         Response message with a Result Code message element containing
+         an error, if the Image Identifier provided by the AC in the
+         Join Response message differs from the WTP's currently running
+         firmware version and the WTP has the requested image in its
+         non-volatile memory, or if the WaitDTLS timer expires.  This
+         causes the WTP to initiate the DTLSShutdown command (see
+         Section 2.3.2.1).  This transition also occurs if the WTP
+         receives one of the following DTLS notifications: DTLSAborted,
+         DTLSReassemblyFailure or DTLSPeerDisconnect.
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 18]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+      AC:  This state transition occurs either if the WaitJoin timer
+         expires or if the AC transmits a Join Response message with a
+         Result Code message element containing an error.  This causes
+         the AC to initiate the DTLSShutdown command (see
+         Section 2.3.2.1).  This transition also occurs if the AC
+         receives one of the following DTLS notifications: DTLSAborted,
+         DTLSReassemblyFailure or DTLSPeerDisconnect.
+
+   Join to Image Data (r):  This state transition is used by the WTP and
+      the AC to download executable firmware.
+
+      WTP:  The WTP enters the Image Data state when it receives a
+         successful Join Response message and determines and the
+         included Image Identifier message element is not the same as
+         its currently running image.  The WTP also detects that the
+         requested image version is not currently available in the WTP's
+         non-volatile storage (see Section 9.1 for a full description of
+         the firmware download process).  The WTP initializes the
+         EchoInterval timer (see Section 4.7), and transmits the Image
+         Data Request message (see Section 9.1.1) requesting the start
+         of the firmware download.
+
+      AC:  This state transition occurs when the AC receives the Image
+         Data Request message from the WTP.  The AC MUST transmit an
+         Image Data Response message (see Section 9.1.2) to the WTP,
+         which includes a portion of the firmware.  The AC MUST start
+         the NeighborDeadInterval timer (see Section 4.7).
+
+   Join to Configure (q):  This state transition is used by the WTP and
+      the AC to exchange configuration information.
+
+      WTP:  The WTP enters the Configure state when it receives a
+         successful Join Response, and determines that the included
+         Image Identifier message element is the same as its currently
+         running image.  The WTP transmits the Configuration Status
+         message (see Section 8.2) to the AC with message elements
+         describing its current configuration.  The WTP also starts the
+         ResponseTimeout timer (see Section 4.7).
+
+      AC:  This state transition occurs immediately after the AC
+         transmits the Join Response message to the WTP.  If the AC
+         receives the Configuration Status message from the WTP, the AC
+         MUST transmit a Configuration Status Response message (see
+         Section 8.3) to the WTP, and MAY include specific message
+         elements to override the WTP's configuration.  The WTP also
+         starts the ChangeStatePendingTimer timer (see Section 4.7).
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 19]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Configure to Reset (s):  This state transition is used to reset the
+      connection either due to an error during the configuration phase,
+      or when the WTP determines it needs to reset in order for the new
+      configuration to take effect.
+
+      WTP:  The WTP enters the Reset state when it receives a
+         Configuration Status Response indicating an error or when it
+         determines that a reset of the WTP is required, due to the
+         characteristics of a new configuration.
+
+      AC:  The AC transitions to the Reset state when it receives a
+         Change State Event message from the WTP that contains an error
+         for which AC policy does not permit the WTP to provide service.
+         This state transition also occurs when the AC
+         ChangeStatePendingTimer timer expires.
+
+   Configure to DTLS Teardown (V):  This transition occurs when the
+      configuration process aborts due to a DTLS error.
+
+      WTP:  The WTP enters this state when it receives one of the
+         following DTLS notifications: DTLSAborted,
+         DTLSReassemblyFailure or DTLSPeerDisconnect (see
+         Section 2.3.2.2).  The WTP MAY tear down the DTLS session if it
+         receives frequent DTLSDecapFailure notifications.
+
+      AC:  The AC enters this state when it receives one of the
+         following DTLS notifications: DTLSAborted,
+         DTLSReassemblyFailure or DTLSPeerDisconnect (see
+         Section 2.3.2.2).  The WTP MAY tear down the DTLS session if it
+         receives frequent DTLSDecapFailure notifications.
+
+   Image Data to Image Data (4):  The Image Data state is used by the
+      WTP and the AC during the firmware download phase.
+
+      WTP:  The WTP enters the Image Data state when it receives an
+         Image Data Response message indicating that the AC has more
+         data to send.
+
+      AC:  This state transition occurs when the AC receives the Image
+         Data Request message from the WTP while already in the Image
+         Data state, and it detects that the firmware download has not
+         completed.
+
+   Image Data to Reset (o):  This state transition is used to reset the
+      DTLS connection prior to restarting the WTP after an image
+      download.
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 20]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+      WTP:  When an image download completes, the WTP enters the Reset
+         state.  The WTP MAY also transition to this state upon
+         receiving an Image Data Response message from the AC (see
+         Section 9.1.2) indicating a failure.
+
+      AC:  The AC enters the Reset state when the image download is
+         complete, or if an error occurs during the image download
+         process.
+
+   Image Data to DTLS Teardown (x):  This transition occurs when the
+      firmware download process aborts due to a DTLS error.
+
+      WTP:  The WTP enters this state when it receives one of the
+         following DTLS notifications: DTLSAborted,
+         DTLSReassemblyFailure or DTLSPeerDisconnect (see
+         Section 2.3.2.2).  The WTP MAY tear down the DTLS session if it
+         receives frequent DTLSDecapFailure notifications.
+
+      AC:  The AC enters this state when it receives one of the
+         following DTLS notifications: DTLSAborted,
+         DTLSReassemblyFailure or DTLSPeerDisconnect (see
+         Section 2.3.2.2).  The WTP MAY tear down the DTLS session if it
+         receives frequent DTLSDecapFailure notifications.
+
+   Configure to Data Check (t):  This state transition occurs when the
+      WTP and AC confirm the configuration.
+
+      WTP:  The WTP enters this state when it receives a successful
+         Configuration Status Response message from the AC.  The WTP
+         initializes the EchoInterval timer (see Section 4.7), and
+         transmits the Change State Event Request message (see
+         Section 8.6).
+
+      AC:  This state transition occurs when the AC receives the Change
+         State Event Request message (see Section 8.6) from the WTP.
+         The AC responds with a Change State Event Response message (see
+         Section 8.7).  The AC MUST start the NeighborDeadInterval timer
+         (see Section 4.7).
+
+   Data Check to Run (u):  This state transition occurs when the linkage
+      between the control and data channels has occured, causing the WTP
+      and AC to enter their normal state of operation.
+
+      WTP:  The WTP enters this state when it receives a successful
+         Change State Event Response message from the AC.  The WTP
+         initiates the data channel, which MAY require the establishment
+         of a DTLS session, starts the DataChannelKeepAlive timer (see
+         Section 4.7) and transmits a Data Channel Keep Alive packet
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 21]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+         (see Section 4.4.1).  The WTP then starts the
+         DataChannelDeadInterval timer (see Section 4.7).
+
+      AC:  This state transition occurs when the AC receives the Data
+         Channel Keep Alive packet (see Section 4.4.1), with a Session
+         ID message element matching that included by the WTP in the
+         Join Request message.  Note that if AC policy is to require the
+         data channel to be encrypted, this process would also require
+         the establishment of a data channel DTLS session.  Upon
+         receiving the Data Channel Keep Alive packet, the AC transmits
+         its own Data Channel Keep Alive packet.
+
+   Run to DTLS Teardown (u):  This state transition occurs when an error
+      has occured in the DTLS stack, causing the DTLS session to be
+      torndown.
+
+      WTP:  The WTP enters this state when it receives one of the
+         following DTLS notifications: DTLSAborted,
+         DTLSReassemblyFailure or DTLSPeerDisconnect (see
+         Section 2.3.2.2).  The WTP MAY tear down the DTLS session if it
+         receives frequent DTLSDecapFailure notifications.  The WTP also
+         transitions to this state if the underlying reliable
+         transport's RetransmitCount counter has reached the
+         MaxRetransmit variable (see Section 4.7).
+
+      AC:  The AC enters this state when it receives one of the
+         following DTLS notifications: DTLSAborted,
+         DTLSReassemblyFailure or DTLSPeerDisconnect (see
+         Section 2.3.2.2).  The WTP MAY tear down the DTLS session if it
+         receives frequent DTLSDecapFailure notifications.  The AC
+         transitions to this state if the underlying reliable
+         transport's RetransmitCount counter has reached the
+         MaxRetransmit variable (see Section 4.7).
+
+   Run to Run (5):  This is the normal state of operation.
+
+      WTP:  This is the WTP's normal state of operation.  There are many
+         events that result this state transition:
+
+         Configuration Update:  The WTP receives a Configuration Update
+            Request message(see Section 8.4).  The WTP MUST respond with
+            a Configuration Update Response message (see Section 8.5).
+
+         Change State Event:  The WTP receives a Change State Event
+            Response message, or determines that it must initiate a
+            Change State Event Request message, as a result of a failure
+            or change in the state of a radio.
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 22]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+         Echo Request:  The WTP sends an Echo Request message
+            (Section 7.1) or receives the corresponding Echo Response
+            message, (see Section 7.2) from the AC.
+
+         Clear Config Request:  The WTP receives a Clear Configuration
+            Request message (see Section 8.8).  The WTP MUST reset its
+            configuration back to manufacturer defaults.
+
+         WTP Event:  The WTP sends a WTP Event Request message,
+            delivering information to the AC (see Section 9.4).  The WTP
+            receives a WTP Event Response message from the AC (see
+            Section 9.5).
+
+         Data Transfer:  The WTP sends a Data Transfer Request message
+            to the AC (see Section 9.6).  The WTP receives a Data
+            Transfer Response message from the AC (see Section 9.7).
+
+         Station Configuration Request:  The WTP receives a Station
+            Configuration Request message (see Section 10.1), to which
+            it MUST respond with a Station Configuration Response
+            message (see Section 10.2).
+
+      AC:  This is the AC's normal state of operation:
+
+         Configuration Update:  The AC sends a Configuration Update
+            Request message (see Section 8.4) to the WTP to update its
+            configuration.  The AC receives a Configuration Update
+            Response message (see Section 8.5) from the WTP.
+
+         Change State Event:  The AC receives a Change State Event
+            Request message (see Section 8.6), to which it MUST respond
+            with the Change State Event Response message (see
+            Section 8.7).
+
+         Echo Request:  The AC receives an Echo Request message (see
+            Section 7.1), to which it MUST respond with an Echo Response
+            message(see Section 7.2).
+
+         Clear Config Response:  The AC receives a Clear Configuration
+            Response message from the WTP (see Section 8.9).
+
+         WTP Event:  The AC receives a WTP Event Request message from
+            the WTP (see Section 9.4) and MUST generate a corresponding
+            WTP Event Response message (see Section 9.5).
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 23]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+         Data Transfer:  The AC receives a Data Transfer Request message
+            from the WTP (see Section 9.6) and MUST generate a
+            corresponding Data Transfer Response message (see
+            Section 9.7).
+
+         Station Configuration Request:  The AC sends a Station
+            Configuration Request message (see Section 10.1) or receives
+            the corresponding Station Configuration Response message
+            (see Section 10.2) from the WTP.
+
+   Run to Reset (x):  This state transition is used when either the AC
+      or WTP tear down the connection.  This may occur as part of normal
+      operation, or due to error conditions.
+
+      WTP:  The WTP enters the Reset state when it receives a Reset
+         Request message from the AC.
+
+      AC:  The AC enters the Reset state when it transmits a Reset
+         Request message to the WTP.
+
+   Reset to DTLS Teardown (y):  This transition occurs when the CAPWAP
+      reset is complete, to terminate the DTLS session.
+
+      WTP:  This state transition occurs when the WTP receives a Reset
+         Response message.  This causes the WTP to initiate the
+         DTLSShutdown command (see Section 2.3.2.1).
+
+      AC:  This state transition occurs when the AC transmits a Reset
+         Response message.  The AC does not invoke the DTLSShutdown
+         command (see Section 2.3.2.1).
+
+   DTLS Teardown to Idle (z):  This transition occurs when the DTLS
+      session has been shutdown.
+
+      WTP:  This state transition occurs when the WTP has successfully
+         cleaned up all resources associated with the control plane DTLS
+         session.  The data plane DTLS session is also shutdown, and all
+         resources freed, if a DTLS session was established for the data
+         plane.  Any timers set for the current instance of the state
+         machine are also cleared.
+
+      AC:  This state transition occurs when the AC has successfully
+         cleaned up all resources associated with the control plane DTLS
+         session.  The data plane DTLS session is also shutdown, and all
+         resources freed, if a DTLS session was established for the data
+         plane.  Any timers set for the current instance of the state
+         machine are also cleared.
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 24]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+2.3.2.  CAPWAP/DTLS Interface
+
+   This section describes the DTLS Commands used by CAPWAP, and the
+   notifications received from DTLS to the CAPWAP protocol stack.
+
+2.3.2.1.  CAPWAP to DTLS Commands
+
+   Six commands are defined for the CAPWAP to DTLS API.  These
+   "commands" are conceptual, and may be implemented as one or more
+   function calls.  This API definition is provided to clarify
+   interactions between the DTLS and CAPWAP components of the integrated
+   CAPWAP state machine.
+
+   Below is a list of the minimal command API:
+
+   o  DTLSStart is sent to the DTLS component to cause a DTLS session to
+      be established.  Upon invoking the DTLSStart command, the WaitDTLS
+      timer is started.  The WTP initiates this DTLS command, as the AC
+      does not initiate DTLS sessions.
+
+   o  DTLSListen is sent to the DTLS component to allow the DTLS
+      component to listen for incoming DTLS session requests.
+
+   o  DTLSAccept is sent to the DTLS component to allow the DTLS session
+      establishment to continue successfully.
+
+   o  DTLSAbortSession is sent to the DTLS component to cause the
+      session that is in the process of being established to be aborted.
+      This command is also sent when the WaitDTLS timer expires.  When
+      this command is executed, the FailedDTLSSessionCount counter is
+      incremented.
+
+   o  DTLSShutdown is sent to the DTLS component to cause session
+      teardown.
+
+   o  DTLSMtuUpdate is sent by the CAPWAP component to modify the MTU
+      size used by the DTLS component.  The default size is 1468 bytes.
+
+2.3.2.2.  DTLS to CAPWAP Notifications
+
+   DTLS notifications are defined for the DTLS to CAPWAP API.  These
+   "notifications" are conceptual, and may be implemented in numerous
+   ways (e.g. as function return values).  This API definition is
+   provided to clarify interactions between the DTLS and CAPWAP
+   components of the integrated CAPWAP state machine.  It is important
+   to note that the notifications listed below MAY cause the CAPWAP
+   state machine to jump from one state to another using a state
+   transition not listed in Section 2.3.1.  When a notification listed
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 25]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   below occurs, the target CAPWAP state shown in Figure 3 becomes the
+   current state.
+
+   Below is a list of the API notifications:
+
+   o  DTLSPeerAuthorize is sent to the CAPWAP component during DTLS
+      session establishment once the peer's identity has been received.
+      This notification MAY be used by the CAPWAP component to authorize
+      the session, based on the peer's identity.  The authorization
+      process will lead to the CAPWAP component initiating either the
+      DTLSAccept or DTLSAbortSession commands.
+
+   o  DTLSEstablished is sent to the CAPWAP component to indicate that
+      that a secure channel now exists, using the parameters provided
+      during the DTLS initialization process.  When this notification is
+      received, the FailedDTLSSessionCount counter is reset to zero.
+      When this notification is received, the WaitDTLS timer is stopped.
+
+   o  DTLSEstablishFail is sent when the DTLS session establishment has
+      failed, either due to a local error, or due to the peer rejecting
+      the session establishment.  When this notification is received,
+      the FailedDTLSSessionCount counter is incremented.
+
+   o  DTLSAuthenticateFail is sent when DTLS session establishment
+      failed due to an authentication error.  When this notification is
+      received, the FailedDTLSAuthFailCount counter is incremented.
+
+   o  DTLSAborted is sent to the CAPWAP component to indicate that
+      session abort (as requested by CAPWAP) is complete; this occurs to
+      confirm a DTLS session abort, or when the WaitDTLS timer expires.
+      When this notification is received, the WaitDTLS timer is stopped.
+
+   o  DTLSReassemblyFailure MAY be sent to the CAPWAP component to
+      indicate DTLS fragment reassembly failure.
+
+   o  DTLSDecapFailure MAY be sent to the CAPWAP module to indicate a
+      decapsulation failure.  DTLSDecapFailure MAY be sent to the CAPWAP
+      module to indicate an encryption/authentication failure.  This
+      notification is intended for informative purposes only, and is not
+      intended to cause a change in the CAPWAP state machine (see
+      Section 12.4).
+
+   o  DTLSPeerDisconnect is sent to the CAPWAP component to indicate the
+      DTLS session has been torn down.  Note that this notification is
+      only received if the DTLS session has been established.
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 26]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+2.4.  Use of DTLS in the CAPWAP Protocol
+
+   DTLS is used as a tightly-integrated, secure wrapper for the CAPWAP
+   protocol.  In this document DTLS and CAPWAP are discussed as
+   nominally distinct entitites; however they are very closely coupled,
+   and may even be implemented inseparably.  Since there are DTLS
+   library implementations currently available, and since security
+   protocols (e.g.  IPsec, TLS) are often implemented in widely
+   available acceleration hardware, it is both convenient and forward-
+   looking to maintain a modular distinction in this document.
+
+   This section describes a detailed walk-through of the interactions
+   between the DTLS module and the CAPWAP module, via 'commands' (CAPWAP
+   to DTLS) and 'notifications' (DTLS to CAPWAP) as they would be
+   encountered during the normal course of operation.
+
+2.4.1.  DTLS Handshake Processing
+
+   Details of the DTLS handshake process are specified in [8].  This
+   section describes the interactions between the DTLS session
+   establishment process and the CAPWAP protocol.  Note that the
+   conceptual DTLS state is shown below to help understand the point at
+   which the DTLS states transition.  In the normal case, the DTLS
+   handshake will proceed as follows (NOTE: this example uses
+   certificates, but preshared keys are also supported):
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 27]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+           ============                         ============
+               WTP                                   AC
+           ============                         ============
+           ClientHello           ------>
+                                 <------       HelloVerifyRequest
+                                                   (with cookie)
+
+           ClientHello           ------>
+           (with cookie)
+                                 <------       ServerHello
+                                 <------       Certificate
+                                 <------       ServerHelloDone
+
+           (WTP callout for AC authorization
+                    occurs in CAPWAP Auth state)
+
+           Certificate*
+           ClientKeyExchange
+           CertificateVerify*
+           [ChangeCipherSpec]
+           Finished              ------>
+
+                                (AC callout for WTP authorization
+                                 occurs in CAPWAP Auth state)
+
+                                               [ChangeCipherSpec]
+                                 <------       Finished
+
+
+   DTLS, as specified, provides its own retransmit timers with an
+   exponential back-off.  However, DTLS will never terminate the
+   handshake due to non-responsiveness; instead, DTLS will continue to
+   increase its back-off timer period.  Hence, timing out incomplete
+   DTLS handshakes is entirely the responsiblity of the CAPWAP module.
+
+   The DTLS implementation used by CAPWAP MUST support TLS Session
+   Resumption.  Session resumption is used to establish the DTLS session
+   used for the data channel.  The DTLS implementation on the WTP MUST
+   return some unique identifier to the CAPWAP module to enable
+   subsequent establishment of a DTLS-encrypted data channel, if
+   necessary.
+
+2.4.2.  DTLS Session Establishment
+
+   The WTP, either through the Discovery process, or through pre-
+   configuration, determines the AC to connect to.  The WTP uses the
+   DTLSStart command to request that a secure connection be established
+   to the selected AC.  Prior to initiation of the DTLS handshake, the
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 28]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   WTP sets the WaitDTLS timer.  Upon receiving the DTLSPeerAuthorize
+   DTLS notification, the AC sets the WaitDTLS timer.  If the
+   DTLSEstablished notification is not received prior to timer
+   expiration, the DTLS session is aborted by issuing the
+   DTLSAbortSession DTLS command.  This notification causes the CAPWAP
+   module to transition to the Idle state.  Upon receiving a
+   DTLSEstablished notification, the WaitDTLS timer is deactivated.
+
+2.4.3.  DTLS Error Handling
+
+   If the AC does not respond to any DTLS messages sent by the WTP, the
+   DTLS specification calls for the WTP to retransmit these messages.
+   If the WaitDTLS timer expires, CAPWAP will issue the DTLSAbortSession
+   command, causing DTLS to terminate the handshake and remove any
+   allocated session context.  Note that DTLS MAY send a single TLS
+   Alert message to the AC to indicate session termination.
+
+   If the WTP does not respond to any DTLS messages sent by the AC, the
+   CAPWAP protocol allows for three possiblities, listed below.  Note
+   that DTLS MAY send a single TLS Alert message to the AC to indicate
+   session termination.
+
+   o  The message was lost in transit; in this case, the WTP will re-
+      transmit its last outstanding message, since it did not receive a
+      reply.
+
+   o  The WTP sent a DTLS Alert, which was lost in transit; in this
+      case, the AC's WaitDTLS timer will expire, and the session will be
+      terminated.
+
+   o  Communication with the WTP has completely failed; in this case,
+      the AC's WaitDTLS timer will expire, and the session will be
+      terminated.
+
+   The DTLS specification provides for retransmission of unacknowledged
+   requests.  If retransmissions remain unacknowledged, the WaitDTLS
+   timer will eventually expire, at which time the CAPWAP component will
+   terminate the session.
+
+   If a cookie fails to validate, this could represent a WTP error, or
+   it could represent a DoS attack.  Hence, AC resource utilization
+   SHOULD be minimized.  The AC MAY log a message indicating the
+   failure, but SHOULD NOT attempt to reply to the WTP.
+
+   Since DTLS handshake messages are potentially larger than the maximum
+   record size, DTLS supports fragmenting of handshake messages across
+   multiple records.  There are several potential causes of re-assembly
+   errors, including overlapping and/or lost fragments.  The DTLS
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 29]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   component MUST send a DTLSReassemblyFailure notification to the
+   CAPWAP component.  Whether precise information is given along with
+   notification is an implementation issue, and hence is beyond the
+   scope of this document.  Upon receipt of such an error, the CAPWAP
+   component SHOULD log an appropriate error message.  Whether
+   processing continues or the DTLS session is terminated is
+   implementation dependent.
+
+   DTLS decapsulation errors consist of three types: decryption errors,
+   authentication errors, and malformed DTLS record headers.  Since DTLS
+   authenticates the data prior to encapsulation, if decryption fails,
+   it is difficult to detect this without first attempting to
+   authenticate the packet.  If authentication fails, a decryption error
+   is also likely, but not guaranteed.  Rather than attempt to derive
+   (and require the implementation of) algorithms for detecting
+   decryption failures, decryption failures are reported as
+   authentication failures.  The DTLS component MUST provide a
+   DTLSDecapFailure notification to the CAPWAP component when such
+   errors occur.  If a malformed DTLS record header is detected, the
+   packets SHOULD be silently discarded, and the receiver MAY log an
+   error message.
+
+   There is currently only one encapsulation error defined: MTU
+   exceeded.  As part of DTLS session establishment, the CAPWAP
+   component informs the DTLS component of the MTU size.  This may be
+   dynamically modified at any time when the CAPWAP component sends the
+   DTLSMtuUpdate command to the DTLS component (see Section 2.3.2.1).
+   The DTLS component returns this notification to the CAPWAP component
+   whenever a transmission request will result in a packet which exceeds
+   the MTU.
+
+2.4.4.  DTLS EndPoint Authentication and Authorization
+
+   DTLS supports endpoint authentication with certificates or preshared
+   keys.  The TLS algorithm suites for each endpoint authentication
+   method are described below.
+
+2.4.4.1.  Authenticating with Certificates
+
+   Note that only block ciphers are currently recommended for use with
+   DTLS.  To understand the reasoning behind this, see [17].  At
+   present, the following algorithms MUST be supported when using
+   certificates for CAPWAP authentication:
+
+   o  TLS_RSA_WITH_AES_128_CBC_SHA
+
+   The following algorithms SHOULD be supported when using certificates:
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 30]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   o  TLS_DH_RSA_WITH_AES_128_CBC_SHA
+
+   The following algorithms MAY be supported when using certificates:
+
+   o  TLS_RSA_WITH_AES_256_CBC_SHA
+
+   o  TLS_DH_RSA_WITH_AES_256_CBC_SHA
+
+2.4.4.2.  Authenticating with Preshared Keys
+
+   Pre-shared keys present significant challenges from a security
+   perspective, and for that reason, their use is strongly discouraged.
+   Several methods for authenticating with preshared keys are defined
+   [6], and we focus on the following two:
+
+   o  PSK key exchange algorithm - simplest method, ciphersuites use
+      only symmetric key algorithms
+
+   o  DHE_PSK key exchange algorithm - use a PSK to authenticate a
+      Diffie-Hellman exchange.  These ciphersuites give some additional
+      protection against dictionary attacks and also provide Perfect
+      Forward Secrecy (PFS).
+
+   The first approach (plain PSK) is susceptible to passive dictionary
+   attacks; hence, while this alorithm MUST be supported, special care
+   should be taken when choosing that method.  In particular, user-
+   readable passphrases SHOULD NOT be used, and use of short PSKs SHOULD
+   be strongly discouraged.
+
+   The following cryptographic algorithms MUST be supported when using
+   preshared keys:
+
+   o  TLS_PSK_WITH_AES_128_CBC_SHA
+
+   o  TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+
+   The following algorithms MAY be supported when using preshared keys:
+
+   o  TLS_PSK_WITH_AES_256_CBC_SHA
+
+   o  TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+
+2.4.4.3.  Certificate Usage
+
+   Certificate authorization by the AC and WTP is required so that only
+   an AC may perform the functions of an AC and that only a WTP may
+   perform the functions of a WTP.  This restriction of functions to the
+   AC or WTP requires that the certificates used by the AC MUST be
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 31]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   distinguishable from the certificate used by the WTP.  To accomplish
+   this differentiation, the x.509 certificates MUST include the
+   Extended Key Usage (EKU) certificate extension [4].
+
+   The EKU field indicates one or more purposes for which a certificate
+   may be used.  It is an essential part in authorization.  Its syntax
+   is as follows:
+
+         ExtKeyUsageSyntax  ::=  SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+
+         KeyPurposeId  ::=  OBJECT IDENTIFIER
+
+
+   Here we define two KeyPurposeId values, one for the WTP and one for
+   the AC.  Inclusion of one of these two values indicates a certificate
+   is authorized for use by a WTP or AC, respectively.  These values are
+   formatted as id-kp fields.
+
+             id-kp  OBJECT IDENTIFIER  ::=
+                 { iso(1) identified-organization(3) dod(6) internet(1)
+                   security(5) mechanisms(5) pkix(7) 3 }
+
+              id-kp-capwapAC   OBJECT IDENTIFIER  ::=  { id-kp 18 }
+
+              id-kp-capwapWTP  OBJECT IDENTIFIER  ::=  { id-kp 19 }
+
+
+
+   For an AC, the id-kp-capwapAC EKU MUST be present in the certificate.
+   For a WTP, the id-kp-capwapWTP EKU MUST be present in the
+   certificate.
+
+   Part of the CAPWAP certificate validation process includes ensuring
+   that the proper EKU is included and allowing the CAPWAP session to be
+   established only if the extension properly represents the device.
+
+   The certificate common name (CN) for both the WTP and AC MUST be the
+   MAC address of that device.  The MAC address MUST be formatted as
+   ASCII HEX, e.g. 01:23:45:67:89:ab.
+
+   ACs and WTPs SHOULD authorize (e.g. through access control lists)
+   certificates of devices to which they are connecting, based on the
+   MAC address and organizational information specified in the O and OU
+   fields.  The identities specified in the certificates bind a
+   particular DTLS session to a specific pair of mutually-authenticated
+   and authorized MAC addresses.
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 32]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+2.4.4.4.  PSK Usage
+
+   When DTLS uses PSK Ciphersuites, the ServerKeyExchange message MUST
+   contain the "PSK identity hint" field and the ClientKeyExchange
+   message MUST contain the "PSK identity" field.  These fields are used
+   to help the WTP select the appropriate PSK for use with the AC, and
+   then indicate to the AC which key is being used.  When PSKs are
+   provisioned to WTPs and ACs, both the PSK Hint and PSK Identity for
+   the key MUST be specified.
+
+   The PSK Hint SHOULD uniquely identify the AC and the PSK Identity
+   SHOULD uniquely identify the WTP.  It is RECOMMENDED that these hints
+   and identities be the ASCII HEX-formatted MAC addresses of the
+   respective devices, since each pairwise combination of WTP and AC
+   SHOULD have a unique PSK.  The PSK hint and identity SHOULD be
+   sufficient to perform authorization, as simply having knowledge of a
+   PSK does not necessarily imply authorization.
+
+   If a single PSK is being used for multiple devices on a CAPWAP
+   network, which is NOT RECOMMENDED, the PSK Hint and Identity can no
+   longer be a MAC address, so appropriate hints and identities SHOULD
+   be selected to identify the group of devices to which the PSK is
+   provisioned.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 33]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+3.  CAPWAP Transport
+
+   Communication between a WTP and an AC is established using the
+   standard UDP client/server model.  The CAPWAP protocol supports both
+   UDP and UDP-Lite [11] transport protocols.  The UDP protocol is used
+   with IPv4.  When CAPWAP is used over IPv6, the UDP-Lite protocol is
+   used.  This section describes how the CAPWAP protocol is carried over
+   IP and UDP/UDP-Lite transport protocols.
+
+3.1.  UDP Transport
+
+   One of the CAPWAP protocol requirements is to allow a WTP to reside
+   behind a firewall and/or Network Address Translation (NAT) device.
+   Since a CAPWAP session is initiated by the WTP (client) to the well-
+   known UDP port of the AC (server), the use of UDP is a logical
+   choice.  The UDP checksum field in CAPWAP packets MUST be set to
+   zero.
+
+   CAPWAP protocol control packets sent from the WTP to the AC use the
+   CAPWAP control channel, as defined in Section 1.4.  The CAPWAP
+   control port at the AC is the well known UDP port [to be IANA
+   assigned].  The CAPWAP control port at the WTP can be any port
+   selected by the WTP.
+
+   CAPWAP protocol data packets sent from the WTP to the AC use the
+   CAPWAP data channel, as defined in Section 1.4.  The CAPWAP data port
+   at the AC is the well known UDP port [to be IANA assigned].  The
+   CAPWAP data port at the WTP can be any port selected by the WTP.
+
+3.2.  UDP-Lite Transport
+
+   When CAPWAP is run over IPv6, UDP-Lite is used as the transport
+   protocol, reducing the checksum processing required for each packet
+   (compared to UDP and IPv6).  When UDP-Lite is used, the checksum
+   field MUST have a coverage of 8 [11].
+
+   UDP-Lite uses the same port assignments as UDP.
+
+3.3.  AC Discovery
+
+   The AC discovery phase allows the WTP to determine which ACs are
+   available, and chose the best AC with which to establish a CAPWAP
+   session.  The discovery phase occurs when the WTP enters the optional
+   Discovery state.  A WTP does not need to complete the AC Discovery
+   phase if it uses a pre-configured AC.  This section details the
+   mechanism used by a WTP to dynamically discover candidate ACs.
+
+   A WTP and an AC will frequently not reside in the same IP subnet
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 34]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   (broadcast domain).  When this occurs, the WTP must be capable of
+   discovering the AC, without requiring that multicast services are
+   enabled in the network.
+
+   When the WTP attempts to establish communication with an AC, it sends
+   the Discovery Request message and receives the Discovery Response
+   message from the AC(s).  The WTP MUST send the Discovery Request
+   message to either the limited broadcast IP address (255.255.255.255),
+   a well known multicast address or to the unicast IP address of the
+   AC.  For IPv6 networks, since broadcast does not exist, the use of
+   "All ACs multicast address" is used instead.  Upon receipt of the
+   Discovery Request message, the AC sends a Discovery Response message
+   to the unicast IP address of the WTP, regardless of whether the
+   Discovery Request message was sent as a broadcast, multicast or
+   unicast message.
+
+   WTP use of a limited IP broadcast, multicast or unicast IP address is
+   implementation dependent.
+
+   When a WTP transmits a Discovery Request message to a unicast
+   address, the WTP must first obtain the IP address of the AC.  Any
+   static configuration of an AC's IP address on the WTP non-volatile
+   storage is implementation dependent.  However, additional dynamic
+   schemes are possible, for example:
+
+   DHCP:  See [13] for more information on the use of DHCP to discover
+      AC IP addresses.
+
+   DNS:  The DNS name "CAPWAP-AC-Address" MAY be resolvable to one or
+      more AC addresses.
+
+   An AC MAY also communicate alternative ACs to the WTP within the
+   Discovery Response message through the AC IPv4 List (see
+   Section 4.6.2) and AC IPv6 List (see Section 4.6.2).  The addresses
+   provided in these two message elements are intended to help the WTP
+   discover additional ACs through means other than those listed above.
+
+   The AC Name with Index message element (see Section 4.6.5), is used
+   to communicate a list of preferred ACs to the WTP.  The WTP SHOULD
+   attempt to utilize the ACs listed in the order provided by the AC.
+   The Name to IP Address mapping is handled via the Discovery message
+   exchange, in which the ACs provide their identity in the AC Name (see
+   Section 4.6.4) message element in the Discovery Response message.
+
+   Once the WTP has received Discovery Response messages from the
+   candidate ACs, it MAY use other factors to determine the preferred
+   AC.  For instance, each binding defines a WTP Radio Information
+   message element (see Section 2.1), which the AC includes in Discovery
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 35]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Response messages.  The presence of one or more of these message
+   elements is used to identify the CAPWAP bindings supported by the AC.
+   A WTP MAY connect to an AC based on the supported bindings
+   advertised.
+
+3.4.  Fragmentation/Reassembly
+
+   While fragmentation and reassembly services are provided by IP, the
+   CAPWAP protocol also provides such services.  Environments where the
+   CAPWAP protocol is used involve firewall, NAT and "middle box"
+   devices, which tend to drop IP fragments to minimize possible DoS
+   attacks.  By providing fragmentation and reassembly at the
+   application layer, any fragmentation required due to the tunneling
+   component of the CAPWAP protocol becomes transparent to these
+   intermediate devices.  Consequently, the CAPWAP protocol can be used
+   in any network configuration.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 36]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+4.  CAPWAP Packet Formats
+
+   This section contains the CAPWAP protocol packet formats.  A CAPWAP
+   protocol packet consists of one or more CAPWAP Transport Layer packet
+   headers followed by a CAPWAP message.  The CAPWAP message can be
+   either of type Control or Data, where Control packets carry
+   signaling, and Data packets carry user payloads.  The CAPWAP frame
+   formats for CAPWAP Data packets, and for DTLS encapsulated CAPWAP
+   Data and Control packets are defined below.
+
+   The CAPWAP Control protocol includes two messages that are never
+   protected by DTLS: the Discovery Request message and the Discovery
+   Response message.  These messages need to be in the clear to allow
+   the CAPWAP protocol to properly identify and process them.  The
+   format of these packets are as follows:
+
+       CAPWAP Control Packet (Discovery Request/Response):
+       +-------------------------------------------+
+       | IP  | UDP | CAPWAP | Control | Message    |
+       | Hdr | Hdr | Header | Header  | Element(s) |
+       +-------------------------------------------+
+
+   All other CAPWAP control protocol messages MUST be protected via the
+   DTLS protocol, which ensures that the packets are both authenticated
+   and encrypted.  These packets include the CAPWAP DTLS Header, which
+   is described in Section 4.2.  The format of these packets is as
+   follows:
+
+    CAPWAP Control Packet (DTLS Security Required):
+    +------------------------------------------------------------------+
+    | IP  | UDP | CAPWAP   | DTLS | CAPWAP | Control| Message   | DTLS |
+    | Hdr | Hdr | DTLS Hdr | Hdr  | Header | Header | Element(s)| Trlr |
+    +------------------------------------------------------------------+
+                           \---------- authenticated -----------/
+                                  \------------- encrypted ------------/
+
+   The CAPWAP protocol allows optional protection of data packets, using
+   DTLS.  Use of data packet protection is determined by AC policy.
+   When DTLS is utilized, the optional CAPWAP DTLS Header is present,
+   which is described in Section 4.2.  The format of CAPWAP data packets
+   is shown below:
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 37]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+       CAPWAP Plain Text Data Packet :
+       +-------------------------------+
+       | IP  | UDP | CAPWAP | Wireless |
+       | Hdr | Hdr | Header | Payload  |
+       +-------------------------------+
+
+       DTLS Secured CAPWAP Data Packet:
+       +--------------------------------------------------------+
+       | IP  | UDP |  CAPWAP  | DTLS | CAPWAP | Wireless | DTLS |
+       | Hdr | Hdr | DTLS Hdr | Hdr  |  Hdr   | Payload  | Trlr |
+       +--------------------------------------------------------+
+                              \------ authenticated -----/
+                                     \------- encrypted --------/
+
+   UDP Header:  All CAPWAP packets are encapsulated within either UDP,
+      or UDP-Lite when used over IPv6.  Section 3 defines the specific
+      UDP or UDP-Lite usage.
+
+   CAPWAP DTLS Header:  All DTLS encrypted CAPWAP protocol packets are
+      prefixed with the CAPWAP DTLS header (see Section 4.2).
+
+   DTLS Header:  The DTLS header provides authentication and encryption
+      services to the CAPWAP payload it encapsulates.  This protocol is
+      defined in RFC 4347 [8].
+
+   CAPWAP Header:  All CAPWAP protocol packets use a common header that
+      immediately follows the CAPWAP preamble or DTLS header.  The
+      CAPWAP Header is defined in Section 4.3.
+
+   Wireless Payload:  A CAPWAP protocol packet that contains a wireless
+      payload is a CAPWAP data packet.  The CAPWAP protocol does not
+      specify the format of the wireless payload, which is defined by
+      the appropriate wireless standard.  Additional information is in
+      Section 4.4.
+
+   Control Header:  The CAPWAP protocol includes a signalling component,
+      known as the CAPWAP control protocol.  All CAPWAP control packets
+      include a Control Header, which is defined in Section 4.5.1.
+      CAPWAP data packets do not contain a Control Header field.
+
+   Message Elements:  A CAPWAP Control packet includes one or more
+      message elements, which are found immediately following the
+      Control Header.  These message elements are in a Type/Length/value
+      style header, defined in Section 4.6.
+
+   A CAPWAP implementation MUST be capable of receiving a reassembled
+   CAPWAP message of length 4096 bytes.  A CAPWAP implementation MAY
+   indicate that it supports a higher maximum message length, by
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 38]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   including the Maximum Message Length message element, see
+   Section 4.6.29 in the Join Request message or the Join Response
+   message.
+
+4.1.  CAPWAP Preamble
+
+   The CAPWAP preamble is common to all CAPWAP transport headers and is
+   used to identify the header type that immediately follows.  The
+   reason for this header is to avoid needing to perform byte
+   comparisons in order to guess whether the frame is DTLS encrypted or
+   not.  It also provides an extensibility framework that can be used to
+   support additional transport types.  The format of the preamble is as
+   follows:
+
+         0
+         0 1 2 3 4 5 6 7
+        +-+-+-+-+-+-+-+-+
+        |Version| Type  |
+        +-+-+-+-+-+-+-+-+
+
+   Version:  A 4 bit field which contains the version of CAPWAP used in
+      this packet.  The value for this specification is zero (0).
+
+   Payload Type:  A 4 bit field which specifies the payload type that
+      follows the UDP header.  The following values are supported:
+
+      0 -  CAPWAP Header.  The CAPWAP Header (see Section 4.3)
+         immediately follows the UDP header.  If the packet is received
+         on the CAPWAP data channel, the CAPWAP stack MUST treat the
+         packet as a clear text CAPWAP data packet.  If received on the
+         CAPWAP control channel, the CAPWAP stack MUST treat the packet
+         as a clear text CAPWAP control packet.  If the control packet
+         is not a Discovery Request or Discovery Response packet, the
+         packet MUST be dropped.
+
+      1 -  CAPWAP DTLS Header.  The CAPWAP DTLS Header, and DTLS packet,
+         immediately follows the UDP header (see Section 4.2).
+
+4.2.  CAPWAP DTLS Header
+
+   The CAPWAP DTLS Header is used to identify the packet as a DTLS
+   encrypted packet.  The first eight bits includes the common CAPWAP
+   Preamble.  The remaining 24 bits are padding to ensure 4 byte
+   alignment, and MAY be used in a future version of the protocol.  The
+   DTLS packet [8] always immediately follows this header.  The format
+   of the CAPWAP DTLS Header is as follows:
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 39]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+        0                   1                   2                   3
+        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |CAPWAP Preamble|                    Reserved                   |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   CAPWAP Preamble:  The CAPWAP Preamble is defined in Section 4.1.  The
+      CAPWAP Preamble's Payload Type field MUST be set to one (1).
+
+   Reserved:  The 24-bit field is reserved for future use.  All
+      implementations complying with this protocol MUST set to zero any
+      bits that are reserved in the version of the protocol supported by
+      that implementation.  Receivers MUST ignore all bits not defined
+      for the version of the protocol they support.
+
+4.3.  CAPWAP Header
+
+   All CAPWAP protocol messages are encapsulated using a common header
+   format, regardless of the CAPWAP Control or CAPWAP Data transport
+   used to carry the messages.  However, certain flags are not
+   applicable for a given transport.  Refer to the specific transport
+   section in order to determine which flags are valid.
+
+   Note that the optional fields defined in this section MUST be present
+   in the precise order shown below.
+
+        0                   1                   2                   3
+        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |CAPWAP Preamble|  HLEN   |   RID   | WBID   |T|F|L|W|M|K|Flags |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |          Fragment ID          |     Frag Offset         |Rsvd |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |                 (optional) Radio MAC Address                  |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |            (optional) Wireless Specific Information           |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |                        Payload ....                           |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   CAPWAP Preamble:  The CAPWAP Preamble is defined in Section 4.1.  The
+      CAPWAP Preamble's Payload Type field MUST be set to zero (0).  If
+      the CAPWAP DTLS Header is present, the version number in both
+      CAPWAP Preambles MUST match.  The reason for this duplicate field
+      is to avoid any possible tampering of the version field in the
+      preamble which is not encrypted or authenticated.
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 40]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   HLEN:  A 5 bit field containing the length of the CAPWAP transport
+      header in 4 byte words (Similar to IP header length).  This length
+      includes the optional headers.
+
+   RID:  A 5 bit field which contains the Radio ID number for this
+      packet.  Given that MAC Addresses are not necessarily unique
+      across physical radios in a WTP, the Radio Identifier (RID) field
+      is used to indiciate which physical radio the message is
+      associated with.
+
+   WBID:  A 5 bit field which is the wireless binding identifier.  The
+      identifier will indicate the type of wireless packet type
+      associated with the radio.  The following values are defined:
+
+      1 -  IEEE 802.11
+
+      2 -  IEEE 802.16
+
+      3 -  EPCGlobal
+
+   T: The Type 'T' bit indicates the format of the frame being
+      transported in the payload.  When this bit is set to one (1), the
+      payload has the native frame format indicated by the WBID field.
+      When this bit is zero (0) the payload is an IEEE 802.3 frame.
+
+   F: The Fragment 'F' bit indicates whether this packet is a fragment.
+      When this bit is one (1), the packet is a fragment and MUST be
+      combined with the other corresponding fragments to reassemble the
+      complete information exchanged between the WTP and AC.
+
+   L: The Last 'L' bit is valid only if the 'F' bit is set and indicates
+      whether the packet contains the last fragment of a fragmented
+      exchange between WTP and AC.  When this bit is 1, the packet is
+      the last fragment.  When this bit is 0, the packet is not the last
+      fragment.
+
+   W: The Wireless 'W' bit is used to specify whether the optional
+      Wireless Specific Information field is present in the header.  A
+      value of one (1) is used to represent the fact that the optional
+      header is present.
+
+   M: The M bit is used to indicate that the Radio MAC Address optional
+      header is present.  This is used to communicate the MAC address of
+      the receiving radio.
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 41]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   K: The 'Keep-alive' K bit indicates the packet is a Data Channel Keep
+      Alive packet.  This packet is used to map the data channel to the
+      control channel for the specified Session ID and to maintain
+      freshness of the data channel.  The K bit MUST NOT be set for data
+      packets containing user data.
+
+   Flags:  A set of reserved bits for future flags in the CAPWAP header.
+      All implementations complying with this protocol MUST set to zero
+      any bits that are reserved in the version of the protocol
+      supported by that implementation.  Receivers MUST ignore all bits
+      not defined for the version of the protocol they support.
+
+   Fragment ID:  A 16 bit field whose value is assigned to each group of
+      fragments making up a complete set.  The fragment ID space is
+      managed individually for every WTP/AC pair.  The value of Fragment
+      ID is incremented with each new set of fragments.  The Fragment ID
+      wraps to zero after the maximum value has been used to identify a
+      set of fragments.
+
+   Fragment Offset:  A 13 bit field that indicates where in the payload
+      this fragment belongs during re-assembly.  This field is valid
+      when the 'F' bit is set to 1.  The fragment offset is measured in
+      units of 8 octets (64 bits).  The first fragment has offset zero.
+      Note the CAPWAP protocol does not allow for overlapping fragments.
+
+   Reserved:  The 3-bit field is reserved for future use.  All
+      implementations complying with this protocol MUST set to zero any
+      bits that are reserved in the version of the protocol supported by
+      that implementation.  Receivers MUST ignore all bits not defined
+      for the version of the protocol they support.
+
+   Radio MAC Address:  This optional field contains the MAC address of
+      the radio receiving the packet.  This is useful in packets sent
+      from the WTP to the AC, when the native wireless frame format is
+      converted to 802.3 by the WTP.  This field is only present if the
+      'M' bit is set.  The HLEN field assumes 4 byte alignment, and this
+      field MUST be padded with zeroes (0x00) if it is not 4 byte
+      aligned.
+
+      The field contains the basic format:
+
+        0                   1                   2                   3
+        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |     Length    |                  MAC Address
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 42]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+      Length:  The length of the MAC Address field [18] [19].
+
+      MAC Address:  The MAC Address of the receiving radio.
+
+   Wireless Specific Information:  This optional field contains
+      technology specific information that may be used to carry per
+      packet wireless information.  This field is only present if the
+      'W' bit is set.  The HLEN field assumes 4 byte alignment, and this
+      field MUST be padded with zeroes (0x00) if it is not 4 byte
+      aligned.
+
+      The Wireless Specific Information field uses the following format:
+
+        0                   1                   2                   3
+        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |  Wireless ID  |    Length     |             Data
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+      Wireless ID:  The wireless binding identifier.  The following
+         values are defined:
+
+         1 -  IEEE 802.11
+
+         2 -  IEEE 802.16
+
+         3 -  EPCGlobal
+
+      Length:  The length of the data field
+
+      Data:  Wireless specific information, defined by the wireless
+         specific binding.
+
+   Payload:  This field contains the header for a CAPWAP Data Message or
+      CAPWAP Control Message, followed by the data contained in the
+      message.
+
+4.4.  CAPWAP Data Messages
+
+   There are two different types of CAPWAP data packets, CAPWAP Data
+   Channel Keep Alive packets and Data Payload packets.  The first is
+   used by the WTP to synchronize the control and data channels, and to
+   maintain freshness of the data channel.  The second is used to
+   transmit user payloads between the AC and WTP.  This section
+   describes both types of CAPWAP data packet formats.
+
+   Both CAPWAP data messages are transmitted on the CAPWAP data channel.
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 43]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+4.4.1.  CAPWAP Data Keepalive
+
+   The CAPWAP Data Channel Keep Alive packet is used to bind the CAPWAP
+   control channel with the data channel, and to maintain freshness of
+   the data channel, ensuring that the channel is still functioning.
+   The CAPWAP Data Channel Keep Alive packet is transmitted by the WTP
+   when the DataChannelKeepAlive timer expires.  When the CAPWAP Data
+   Channel Keep Alive packet is transmitted, the WTP sets the
+   DataChannelDeadInterval timer.
+
+   In the CAPWAP Data Channel Keep Alive packet, all of the fields in
+   the CAPWAP header, except the HLEN field and the K bit, are set to
+   zero upon transmission.  Upon receiving a CAPWAP Data Channel Keep
+   Alive packet, the AC transmits a CAPWAP Data Channel Keep Alive
+   packet back to the WTP.  The contents of the transmitted packet are
+   identical to the contents of the received packet.
+
+   Upon receiving a CAPWAP Data Channel Keep Alive packet, the WTP
+   cancels the DataChannelDeadInterval timer and resets the
+   DataChannelKeepAlive timer.  The CAPWAP Data Channel Keep Alive
+   packet is retransmitted by the WTP in the same manner as the CAPWAP
+   control messages.  If the DataChannelDeadInterval timer expires, the
+   WTP tears down the control DTLS session, and the data DTLS session if
+   one existed.
+
+   The CAPWAP Data Channel Keep Alive packet contains the following
+   payload immediately following the CAPWAP Header (see Section 4.3)
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |    Message Element Length     |  Message Element [0..N] ...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Message Element Length:   The Length field indicates the number of
+      bytes following the CAPWAP Header.
+
+   Message Element[0..N]:   The message element(s) carry the information
+      pertinent to each of the CAPWAP Data Keepalive message.  The
+      following message elements MUST be present in this CAPWAP message:
+
+         Session ID, see Section 4.6.35
+
+4.4.2.  Data Payload
+
+   A CAPWAP protocol Data Payload packet encapsulates a forwarded
+   wireless frame.  The CAPWAP protocol defines two different modes of
+   encapsulation; IEEE 802.3 and native wireless.  IEEE 802.3
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 44]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   encapsulation requires that the bridging function be performed in the
+   WTP.  An IEEE 802.3 encapsulated user payload frame has the following
+   format:
+
+       +------------------------------------------------------+
+       | IP Header | UDP Header | CAPWAP Header | 802.3 Frame |
+       +------------------------------------------------------+
+
+   The CAPWAP protocol also defines the native wireless encapsulation
+   mode.  The format of the encapsulated CAPWAP data frame is subject to
+   the rules defined by the specific wireless technology binding.  Each
+   wireless technology binding MUST contain a section entitled "Payload
+   Encapsulation", which defines the format of the wireless payload that
+   is encapsulated within CAPWAP Data packets.
+
+   If the encapsulated frame would exceed the transport layer's MTU, the
+   sender is responsible for fragmentation of the frame, as specified in
+   Section 3.4.
+
+4.4.3.  Establishment of a DTLS Data Channel
+
+   If the AC and WTP are configured to tunnel the data channel over
+   DTLS, the proper DTLS session must be initiated.  To avoid having to
+   reauthenticate and reauthorize an AC and WTP, the DTLS data channel
+   MUST be initiated using the TLS session resumption feature [7].
+
+   When establishing the DTLS-encrypted data channel, the WTP MUST
+   provide the identifier returned during the initialization of the
+   control channel to the DTLS component so it can perform the
+   resumption using the proper session information.
+
+   The AC DTLS implementation MUST NOT accept a session resumption
+   request for a DTLS session in which the control channel for the
+   session has been torn down.
+
+4.5.  CAPWAP Control Messages
+
+   The CAPWAP Control protocol provides a control channel between the
+   WTP and the AC.  Control messages are divided into the following
+   message types:
+
+   Discovery:  CAPWAP Discovery messages are used to identify potential
+      ACs, their load and capabilities.
+
+   Join:  CAPWAP Join messages are used by a WTP to request service from
+      an AC, and for the AC to respond to the WTP.
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 45]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Control Channel Management:  CAPWAP control channel management
+      messages are used to maintain the control channel.
+
+   WTP Configuration Management:  The WTP Configuration messages are
+      used by the AC to deliver a specific configuration to the WTP.
+      Messages which retrieve statistics from a WTP are also included in
+      WTP Configuration Management.
+
+   Station Session Management:  Station Session Management messages are
+      used by the AC to deliver specific station policies to the WTP.
+
+   Device Management Operations:  Device management operations are used
+      to request and deliver a firmware image to the WTP.
+
+   Binding Specific CAPWAP Management Messages:  Messages in this
+      category are used by the AC and the WTP to exchange protocol-
+      specific CAPWAP management messages.  These messages may or may
+      not be used to change the link state of a station.
+
+   Discovery, Join, Control Channel Management, WTP Configuration
+   Management and Station Session Management CAPWAP control messages
+   MUST be implemented.  Device Management Operations messages MAY be
+   implemented.
+
+   CAPWAP control messages sent from the WTP to the AC indicate that the
+   WTP is operational, providing an implicit keep-alive mechanism for
+   the WTP.  The Control Channel Management Echo Request and Echo
+   Response messages provide an explicit keep-alive mechanism when other
+   CAPWAP control messages are not exchanged.
+
+4.5.1.  Control Message Format
+
+   All CAPWAP control messages are sent encapsulated within the CAPWAP
+   header (see Section 4.3).  Immediately following the CAPWAP header,
+   is the control header, which has the following format:
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                       Message Type                            |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |    Seq Num    |        Msg Element Length     |     Flags     |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     | Msg Element [0..N] ...
+     +-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 46]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+4.5.1.1.  Message Type
+
+   The Message Type field identifies the function of the CAPWAP control
+   message.  The Message Type field is comprised of an IANA Enterprise
+   Number and an enterprise specific message type number.  The first
+   three octets contain the enterprise number in network byte order,
+   with zero used for CAPWAP protocol defined message types and the IEEE
+   802.11 IANA assigned enterprise number 13277 is used for IEEE 802.11
+   technology specific message types.  The last octet is the enterprise
+   specific message type number, which has a range from 0 to 255.
+
+   The message type field is defined as:
+
+         Message Type =
+                 IANA Enterprise Number * 256 +
+                     Enterprise Specific Message Type Number
+
+   The CAPWAP protocol reliability mechanism requires that messages be
+   defined in pairs, consisting of both a Request and a Response
+   message.  The Response message MUST acknowledge the Request message.
+   The assignment of CAPWAP control Message Type Values always occurs in
+   pairs.  All Request messages have odd numbered Message Type Values,
+   and all Response messages have even numbered Message Type Values.
+   The Request value MUST be assigned first.  As an example, assigning a
+   Message Type Value of 3 for a Request message and 4 for a Response
+   message is valid, while assigning a Message Type Value of 4 for a
+   Response message and 5 for the corresponding Request message is
+   invalid.
+
+   When a WTP or AC receives a message with a Message Type Value field
+   that is not recognized and is an odd number, the number in the
+   Message Type Value Field is incremented by one, and a Response
+   message with a Message Type Value field containing the incremented
+   value and containing the Result Code message element with the value
+   (Unrecognized Request) is returned to the sender of the received
+   message.  If the unknown message type is even, the message is
+   ignored.
+
+   The valid values for CAPWAP Control Message Types are specified in
+   the table below:
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 47]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+           CAPWAP Control Message           Message Type
+                                              Value
+           Discovery Request                    1
+           Discovery Response                   2
+           Join Request                         3
+           Join Response                        4
+           Configuration Status                 5
+           Configuration Status Response        6
+           Configuration Update Request         7
+           Configuration Update Response        8
+           WTP Event Request                    9
+           WTP Event Response                  10
+           Change State Event Request          11
+           Change State Event Response         12
+           Echo Request                        13
+           Echo Response                       14
+           Image Data Request                  15
+           Image Data Response                 16
+           Reset Request                       17
+           Reset Response                      18
+           Primary Discovery Request           19
+           Primary Discovery Response          20
+           Data Transfer Request               21
+           Data Transfer Response              22
+           Clear Configuration Request         23
+           Clear Configuration Response        24
+           Station Configuration Request       25
+           Station Configuration Response      26
+
+4.5.1.2.  Sequence Number
+
+   The Sequence Number Field is an identifier value used to match
+   Request and Response packets.  When a CAPWAP packet with a Request
+   Message Type Value is received, the value of the Sequence Number
+   field is copied into the corresponding Response message.
+
+   When a CAPWAP control message is sent, the sender's internal sequence
+   number counter is monotonically incremented, ensuring that no two
+   pending Request messages have the same Sequence Number.  The Sequence
+   Number field wraps back to zero.
+
+4.5.1.3.  Message Element Length
+
+   The Length field indicates the number of bytes following the Sequence
+   Number field.
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 48]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+4.5.1.4.  Flags
+
+   The Flags field MUST be set to zero.
+
+4.5.1.5.  Message Element[0..N]
+
+   The message element(s) carry the information pertinent to each of the
+   control message types.  Every control message in this specification
+   specifies which message elements are permitted.
+
+   When a WTP or AC receives a CAPWAP message without a message element
+   that is specified as mandatory for the CAPWAP message, then the
+   CAPWAP message is discarded.  If the received message was a Request
+   message for which the corresponding Response message carries message
+   elements, then a corresponding Response message with a Result Code
+   message element indicating "Failure - Missing Mandatory Message
+   Element" is returned to the sender.
+
+   When a WTP or AC receives a CAPWAP message with a message element
+   that the WTP or AC does not recognize, the CAPWAP message is
+   discarded.  If the received message was a Request message for which
+   the corresponding Response message carries message elements, then a
+   corresponding Response message with a Result Code message element
+   indicating "Failure - Unrecognized Message Element" and one or more
+   Returned Message Element message elements is included, containing the
+   unrecognized message element(s).
+
+4.5.2.  Control Message Quality of Service
+
+   It is recommended that CAPWAP control messages be sent by both the AC
+   and the WTP with an appropriate Quality of Service precedence value,
+   ensuring that congestion in the network minimizes occurrences of
+   CAPWAP control channel disconnects.  Therefore, a Quality of Service
+   enabled CAPWAP device SHOULD use the following values:
+
+   802.1P:   The precedence value of 7 SHOULD be used.
+
+   DSCP:   The DSCP tag value of 46 SHOULD be used.
+
+4.5.3.  Retransmissions
+
+   The CAPWAP control protocol operates as a reliable transport.  For
+   each Request message, a Response message is defined, which is used to
+   acknowledge receipt of the Request message.  In addition, the control
+   header Sequence Number field is used to pair the Request and Response
+   messages (see Section 4.5.1).
+
+   Response messages are not explicitly acknowledged, therefore if a
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 49]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Response message is not received, the original Request message is
+   retransmitted.  Implementations MAY cache Response messages to
+   respond to a retransmitted Request messages with minimal local
+   processing.  Retransmitted Request messages MUST NOT be altered by
+   the sender.  The sender MUST assume that the original Request message
+   was processed, but that the Response message was lost.  Any
+   alterations to the original Request message MUST have a new Sequence
+   Number, and be treated as a new Request message by the receiver.
+
+   After transmitting a Request message, the RetransmitInterval (see
+   Section 4.7) timer and MaxRetransmit (see Section 4.8) variable are
+   used to determine if the original Request message needs to be
+   retransmitted.  The RetransmitInterval timer is used the first time
+   the Request is retransmitted.  The timer is then doubled every
+   subsequent time the same Request message is retransmitted, up to
+   MaxRetransmit but no more than half the EchoInterval timer (see
+   Section 4.7.5).  Response messages are not subject to these timers.
+
+   When a Request message is retransmitted, it MUST be re-encrypted via
+   the DTLS stack.  If the peer had received the Request message, and
+   the corresponding Response message was lost, it is necessary to
+   ensure that retransmitted Request messages are not identified as
+   replays by the DTLS stack.  Similarly, any cached Response messages
+   that are retransmitted as a result of receiving a retransmitted
+   Request message MUST be re-encrypted via DTLS.
+
+   Duplicate Response messages, identified by the Sequence Number field
+   in the CAPWAP control message header, SHOULD be discarded upon
+   receipt.
+
+4.6.  CAPWAP Protocol Message Elements
+
+   This section defines the CAPWAP Protocol message elements which are
+   included in CAPWAP protocol control messages.
+
+   Message elements are used to carry information needed in control
+   messages.  Every message element is identified by the Type Value
+   field, defined below.  The total length of the message elements is
+   indicated in the message element Length field.
+
+   All of the message element definitions in this document use a diagram
+   similar to the one below in order to depict its format.  Note that to
+   simplify this specification, these diagrams do not include the header
+   fields (Type and Length).  The header field values are defined in the
+   message element descriptions.
+
+   Unless otherwise specified, a control message that lists a set of
+   supported (or expected) message elements MUST not expect the message
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 50]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   elements to be in any specific order.  The sender MAY include the
+   message elements in any order.  Unless otherwise noted, one message
+   element of each type is present in a given control message.
+
+   Additional message elements may be defined in separate IETF
+   documents.
+
+   The format of a message element uses the TLV format shown here:
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |              Type             |             Length            |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Value ...   |
+     +-+-+-+-+-+-+-+-+
+
+   The 16 bit Type field identifies the information carried in the Value
+   field and Length (16 bits) indicates the number of bytes in the Value
+   field.  Type field values are allocated as follows:
+
+              Usage                              Type Values
+
+   CAPWAP Protocol Message Elements                1-1023
+   IEEE 802.11 Message Elements                    1024-2047
+   IEEE 802.16 Message Elements                    2048 - 3071
+   EPCGlobal Message Elements                      3072 - 4095
+   Reserved for Future Use                         4096 - 65024
+
+   The table below lists the CAPWAP protocol Message Elements and their
+   Type values.
+
+   CAPWAP Message Element                            Type Value
+
+   AC Descriptor                                         1
+   AC IPv4 List                                          2
+   AC IPv6 List                                          3
+   AC Name                                               4
+   AC Name with Index                                    5
+   AC Timestamp                                          6
+   Add MAC ACL Entry                                     7
+   Add Station                                           8
+   Add Static MAC ACL Entry                              9
+   CAPWAP Control IPV4 Address                          10
+   CAPWAP Control IPV6 Address                          11
+   CAPWAP Timers                                        12
+   Data Transfer Data                                   13
+   Data Transfer Mode                                   14
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 51]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Decryption Error Report                              15
+   Decryption Error Report Period                       16
+   Delete MAC ACL Entry                                 17
+   Delete Station                                       18
+   Delete Static MAC ACL Entry                          19
+   Discovery Type                                       20
+   Duplicate IPv4 Address                               21
+   Duplicate IPv6 Address                               22
+   Idle Timeout                                         23
+   Image Data                                           24
+   Image Identifier                                     25
+   Image Info                                           26
+   Initiate Download                                    27
+   Location Data                                        28
+   Maximum Message Length                               29
+   MTU Discovery Padding                                30
+   Radio Administrative State                           31
+   Radio Operational State                              32
+   Result Code                                          33
+   Returned Message Element                             34
+   Session ID                                           35
+   Statistics Timer                                     36
+   Vendor Specific Payload                              37
+   WTP Board Data                                       38
+   WTP Descriptor                                       39
+   WTP Fallback                                         40
+   WTP Frame Tunnel Mode                                41
+   WTP IPv4 IP Address                                  42
+   WTP IPv6 IP Address                                  43
+   WTP MAC Type                                         44
+   WTP Name                                             45
+   WTP Operational Statistics                           46
+   WTP Radio Statistics                                 47
+   WTP Reboot Statistics                                48
+   WTP Static IP Address Information                    49
+
+
+4.6.1.  AC Descriptor
+
+   The AC Descriptor message element is used by the AC to communicate
+   its current state.  The value contains the following fields.
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 52]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |            Stations           |             Limit             |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |          Active WTPs          |            Max WTPs           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |    Security   |  R-MAC Field  |   Reserved1   |  DTLS Policy  |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                       Vendor Identifier                       |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |         Type=4                 |             Length           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                          Value...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                       Vendor Identifier                       |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |         Type=5                 |             Length           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                          Value...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+   Type:   1 for AC Descriptor
+
+   Length:   >= 12
+
+   Stations:   The number of stations currently served by the AC
+
+   Limit:   The maximum number of stations supported by the AC
+
+   Active WTPs:   The number of WTPs currently attached to the AC
+
+   Max WTPs:   The maximum number of WTPs supported by the AC
+
+   Security:   A 8 bit bit mask specifying the authentication credential
+      type supported by the AC.  The following values are supported (see
+      Section 2.4.4):
+
+      1 -  X.509 Certificate Based
+
+      2 -  Pre-Shared Secret
+
+   R-MAC Field:   The AC supports the optional Radio MAC Address field
+      in the CAPWAP transport Header (see Section 4.3).
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 53]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Reserved:  A set of reserved bits for future use.  All
+      implementations complying with this protocol MUST set to zero any
+      bits that are reserved in the version of the protocol supported by
+      that implementation.  Receivers MUST ignore all bits not defined
+      for the version of the protocol they support.
+
+   DTLS Policy:   The AC communicates its policy on the use of DTLS for
+      the CAPWAP data channel.  The AC MAY communicate more than one
+      supported option, represented by the bit field below.  The WTP
+      MUST abide by one of the options communicated by AC.  The
+      following bit field values are supported:
+
+      1 -  Clear Text Data Channel Supported
+
+      2 -  DTLS Enabled Data Channel Supported
+
+   Vendor Identifier:   A 32-bit value containing the IANA assigned "SMI
+      Network Management Private Enterprise Codes"
+
+   Type:   Vendor specific encoding of AC information.  The following
+      values are supported.  The Hardware and Software Version values
+      MUST be included.
+
+      4 - Hardware Version:   The AC's hardware version number.
+
+      5 - Software Version:   The AC's Software (firmware) version
+         number.
+
+   Length:   Length of vendor specific encoding of AC information.
+
+   Value:   Vendor specific encoding of AC information.
+
+4.6.2.  AC IPv4 List
+
+   The AC IPv4 List message element is used to configure a WTP with the
+   latest list of ACs available for the WTP to join.
+
+
+        0                   1                   2                   3
+        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |                       AC IP Address[]                         |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 54]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Type:   2 for AC IPv4 List
+
+   Length:   >= 4
+
+      The AC IP Address: An array of 32-bit integers containing AC IPv4
+      Addresses.
+
+4.6.3.  AC IPv6 List
+
+   The AC IPv6 List message element is used to configure a WTP with the
+   latest list of ACs available for the WTP to join.
+
+
+        0                   1                   2                   3
+        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |                       AC IP Address[]                         |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |                       AC IP Address[]                         |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |                       AC IP Address[]                         |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |                       AC IP Address[]                         |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+   Type:   3 for AC IPV6 List
+
+   Length:   >= 16
+
+      The AC IP Address: An array of 128-bit integers containing AC IPv6
+      Addresses.
+
+4.6.4.  AC Name
+
+   The AC Name message element contains an UTF-8 representation of the
+   AC identity.  The value is a variable length byte string.  The string
+   is NOT zero terminated.
+
+      0
+      0 1 2 3 4 5 6 7
+     +-+-+-+-+-+-+-+-+
+     | Name ...
+     +-+-+-+-+-+-+-+-+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 55]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Type:   4 for AC Name
+
+   Length:   > 0
+
+   Name:   A variable length UTF-8 encoded string containing the AC's
+      name
+
+4.6.5.  AC Name with Index
+
+   The AC Name with Index message element is sent by the AC to the WTP
+   to configure preferred ACs.  The number of instances of this message
+   element is equal to the number of ACs configured on the WTP.
+
+      0                   1
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |     Index     |   AC Name...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   5 for AC Name with Index
+
+   Length:   > 2
+
+   Index:   The index of the preferred server (1=primary, 2=secondary).
+
+   AC Name:   A variable length UTF-8 encoded string containing the AC
+      name.
+
+4.6.6.  AC Timestamp
+
+   The AC Timestamp message element is sent by the AC to synchronize the
+   WTP clock.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           Timestamp                           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   6 for AC Timestamp
+
+   Length:   4
+
+   Timestamp:   The AC's current time, allowing all of the WTPs to be
+      time synchronized in the format defined by Network Time Protocol
+      (NTP) in RFC 1305 [3].
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 56]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+4.6.7.  Add MAC ACL Entry
+
+   The Add MAC Access Control List (ACL) Entry message element is used
+   by an AC to add a MAC ACL list entry on a WTP, ensuring that the WTP
+   no longer provides service to the MAC addresses provided in the
+   message.  The MAC Addresses provided in this message element are not
+   expected to be saved in non-volatile memory on the WTP.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     | Num of Entries|     Length      |         MAC Address ...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   7 for Add MAC ACL Entry
+
+   Length:   >= 8
+
+   Num of Entries:   The number of instances of the Type/MAC Addresses
+      fields in the array.
+
+   Length:  The length of the MAC Address field.
+
+   MAC Address:   MAC Addresses to add to the ACL.
+
+4.6.8.  Add Station
+
+   The Add Station message element is used by the AC to inform a WTP
+   that it should forward traffic for a station.  The Add Station
+   message element is accompanied by technology specific binding
+   information element(s) which may include security parameters.
+   Consequently, the security parameters MUST be applied by the WTP for
+   the station.
+
+   After station policy has been delivered to the WTP through the Add
+   Station message element, an AC MAY change any policies by sending a
+   modified Add Station message element.  When a WTP receives an Add
+   Station message element for an existing station, it MUST override any
+   existing state for the station.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |    Radio ID   |     Length      |         MAC Address ...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |  VLAN Name...
+     +-+-+-+-+-+-+-+-+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 57]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Type:   8 for Add Station
+
+   Length:   >= 8
+
+   Radio ID:   An 8-bit value representing the radio
+
+   Length:  The length of the MAC Address field.
+
+   MAC Address:   The station's MAC Address
+
+   VLAN Name:   An optional variable length UTF-8 encoded string
+      containing the VLAN Name on which the WTP is to locally bridge
+      user data.  Note this field is only valid with WTPs configured in
+      Local MAC mode.
+
+4.6.9.  Add Static MAC ACL Entry
+
+   The Add Static MAC ACL Entry message element is used by an AC to add
+   a permanent ACL entry on a WTP, ensuring that the WTP no longer
+   provides any service to the MAC addresses provided in the message.
+   The MAC Addresses provided in this message element are expected to be
+   saved in non-volative memory on the WTP.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     | Num of Entries|     Length      |         MAC Address ...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   9 for Add Static MAC ACL Entry
+
+   Length:   >= 8
+
+   Num of Entries:   The number of instances of the Type/MAC Addresses
+      fields in the array.
+
+   Length:  The length of the MAC Address field.
+
+   MAC Address:   MAC Addresses to add to the permanent ACL.
+
+4.6.10.  CAPWAP Control IPv4 Address
+
+   The CAPWAP Control IPv4 Address message element is sent by the AC to
+   the WTP during the discovery process and is used by the AC to provide
+   the interfaces available on the AC, and the current number of WTPs
+   connected.  When multiple CAPWAP Control IPV4 Address message
+   elements are returned, the WTP SHOULD perform load balancing across
+   the multiple interfaces.
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 58]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           IP Address                          |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |           WTP Count           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   10 for CAPWAP Control IPv4 Address
+
+   Length:   6
+
+   IP Address:   The IP Address of an interface.
+
+   WTP Count:   The number of WTPs currently connected to the interface.
+
+4.6.11.  CAPWAP Control IPv6 Address
+
+   The CAPWAP Control IPv6 Address message element is sent by the AC to
+   the WTP during the discovery process and is used by the AC to provide
+   the interfaces available on the AC, and the current number of WTPs
+   connected.  This message element is useful for the WTP to perform
+   load balancing across multiple interfaces.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           IP Address                          |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           IP Address                          |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           IP Address                          |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           IP Address                          |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |           WTP Count           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   11 for CAPWAP Control IPv6 Address
+
+   Length:   18
+
+   IP Address:   The IP Address of an interface.
+
+   WTP Count:   The number of WTPs currently connected to the interface.
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 59]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+4.6.12.  CAPWAP Timers
+
+   The CAPWAP Timers message element is used by an AC to configure
+   CAPWAP timers on a WTP.
+
+      0                   1
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Discovery   | Echo Request  |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   12 for CAPWAP Timers
+
+   Length:   2
+
+   Discovery:   The number of seconds between CAPWAP Discovery messages,
+      when the WTP is in the discovery phase.
+
+   Echo Request:   The number of seconds between WTP Echo Request CAPWAP
+      messages.  The default value for this message element is specified
+      in Section 4.7.5.
+
+4.6.13.  Data Transfer Data
+
+   The Data Transfer Data message element is used by the WTP to provide
+   information to the AC for debugging purposes.
+
+      0                   1                   2
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Data Type   |  Data Length  |    Data ....
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   13 for Data Transfer Data
+
+   Length:   >= 3
+
+   Data Type:   An 8-bit value the type of information being sent.  The
+      following values are supported:
+
+      1 -  WTP Crash Data
+
+      2 -  WTP Memory Dump
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 60]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Data Length:   Length of data field.
+
+   Data:   Debug information.
+
+4.6.14.  Data Transfer Mode
+
+   The Data Transfer Mode message element is used by the WTP to indicate
+   the type of data transfer information it is sending to the AC for
+   debugging purposes.
+
+      0
+      0 1 2 3 4 5 6 7
+     +-+-+-+-+-+-+-+-+
+     |   Data  Type   |
+     +-+-+-+-+-+-+-+-+
+
+   Type:   14 for Data Transfer Mode
+
+   Length:   1
+
+   Data Type:   An 8-bit value the type of information being requested.
+      The following values are supported:
+
+      1 -  WTP Crash Data
+
+      2 -  WTP Memory Dump
+
+4.6.15.  Decryption Error Report
+
+   The Decryption Error Report message element value is used by the WTP
+   to inform the AC of decryption errors that have occurred since the
+   last report.  Note that this error reporting mechanism is not used if
+   encryption and decryption services are provided in the AC.
+
+      0                   1                   2
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Radio ID    |Num Of Entries |     Length      |MAC Address...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   15 for Decryption Error Report
+
+   Length:   >= 9
+
+   Radio ID:   The Radio Identifier refers to an interface index on the
+      WTP.
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 61]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Num of Entries:   The number of instances of the Type/MAC Addresses
+      fields in the array.
+
+   Length:  The length of the MAC Address field.
+
+   MAC Address:   MAC addresses of the station that has caused
+      decryption errors.
+
+4.6.16.  Decryption Error Report Period
+
+   The Decryption Error Report Period message element value is used by
+   the AC to inform the WTP how frequently it should send decryption
+   error report messages.  Note that this error reporting mechanism is
+   not used if encryption and decryption services are provided in the
+   AC.
+
+      0                   1                   2
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Radio ID    |        Report Interval        |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   16 for Decryption Error Report Period
+
+   Length:   3
+
+   Radio ID:   The Radio Identifier refers to an interface index on the
+      WTP.
+
+   Report Interval:   A 16-bit unsigned integer indicating the time, in
+      seconds.  The default value for this message element can be found
+      in Section 4.8.8.
+
+4.6.17.  Delete MAC ACL Entry
+
+   The Delete MAC ACL Entry message element is used by an AC to delete a
+   MAC ACL entry on a WTP, ensuring that the WTP provides service to the
+   MAC addresses provided in the message.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     | Num of Entries|     Length      |         MAC Address ...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 62]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Type:   17 for Delete MAC ACL Entry
+
+   Length:   >= 8
+
+   Num of Entries:   The number of instances of the Type/MAC Addresses
+      fields in the array.
+
+   Length:  The length of the MAC Address field.
+
+   MAC Address:   An array of MAC Addresses to delete from the ACL.
+
+4.6.18.  Delete Station
+
+   The Delete Station message element is used by the AC to inform a WTP
+   that it should no longer provide service to a particular station.
+   The WTP MUST terminate service to the station immediately upon
+   receiving this message element.
+
+   The transmission of a Delete Station message element could occur for
+   various reasons, including for administrative reasons, or if the
+   station has roamed to another WTP.
+
+   The Delete Station message element MAY be sent by the WTP, in the WTP
+   Event Request message, to inform the AC that a particular station is
+   no longer being provided service.  This could occur as a result of an
+   Idle Timeout (see section 4.4.43), due to internal resource shortages
+   or for some other reason.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |    Radio ID   |     Length      |       MAC Address...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   18 for Delete Station
+
+   Length:   >= 8
+
+   Radio ID:   An 8-bit value representing the radio
+
+   Length:  The length of the MAC Address field.
+
+   MAC Address:   The station's MAC Address
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 63]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+4.6.19.  Delete Static MAC ACL Entry
+
+   The Delete Static MAC ACL Entry message element is used by an AC to
+   delete a previously added static MAC ACL entry on a WTP, ensuring
+   that the WTP provides service to the MAC addresses provided in the
+   message.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     | Num of Entries|     Length      |         MAC Address ...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   19 for Delete Static MAC ACL Entry
+
+   Length:   >= 8
+
+   Num of Entries:   The number of instances of the Type/MAC Addresses
+      fields in the array.
+
+   Length:  The length of the MAC Address field.
+
+   MAC Address:   An array of MAC Addresses to delete from the static
+      MAC ACL entry.
+
+4.6.20.  Discovery Type
+
+   The Discovery Type message element is used by the WTP to indicate how
+   it has come to know about the existence of the AC to which it is
+   sending the Discovery Request message.
+
+      0
+      0 1 2 3 4 5 6 7
+     +-+-+-+-+-+-+-+-+
+     | Discovery Type|
+     +-+-+-+-+-+-+-+-+
+
+   Type:   20 for Discovery Type
+
+   Length:   1
+
+   Discovery Type:   An 8-bit value indicating how the WTP discovered
+      the AC.  The following values are supported:
+
+      0 -  Unknown
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 64]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+      1 -  Static Configuration
+
+      2 -  DHCP
+
+      3 -  DNS
+
+      4 -  AC Referral (used when the AC was configured either through
+         the AC IPv4 List or AC IPv6 List message element)
+
+4.6.21.  Duplicate IPv4 Address
+
+   The Duplicate IPv4 Address message element is used by a WTP to inform
+   an AC that it has detected another IP device using the same IP
+   address that the WTP is currently using.
+
+   The WTP MUST transmit this message element with the status set to 1
+   after it has detected a duplicate IP address.  When the WTP detects
+   that the duplicate IP address has been cleared, it MUSY send this
+   message element with the status set to 0.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                          IP Address                           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |     Status    |     Length      |         MAC Address ...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   21 for Duplicate IPv4 Address
+
+   Length:   >= 12
+
+   IP Address:   The IP Address currently used by the WTP.
+
+   Status:   The status of the duplicate IP address.  The value MUST be
+      set to 1 when a duplicate address is detected, and 0 when the
+      duplicate address has been cleared.
+
+   Length:  The length of the MAC Address field.
+
+   MAC Address:   The MAC Address of the offending device.
+
+4.6.22.  Duplicate IPv6 Address
+
+   The Duplicate IPv6 Address message element is used by a WTP to inform
+   an AC that it has detected another host using the same IP address
+   that the WTP is currently using.
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 65]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   The WTP MUST transmit this message element with the status set to 1
+   after it has detected a duplicate IP address.  When the WTP detects
+   that the duplicate IP address has been cleared, it MUST send this
+   message element with the status set to 0.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                          IP Address                           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                          IP Address                           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                          IP Address                           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                          IP Address                           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |     Status    |     Length      |         MAC Address ...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   23 for Duplicate IPv6 Address
+
+   Length:   >= 24
+
+   IP Address:   The IP Address currently used by the WTP.
+
+   Status:   The status of the duplicate IP address.  The value MUST be
+      set to 1 when a duplicate address is detected, and 0 when the
+      duplicate address has been cleared.
+
+   Length:  The length of the MAC Address field.
+
+   MAC Address:   The MAC Address of the offending device.
+
+4.6.23.  Idle Timeout
+
+   The Idle Timeout message element is sent by the AC to the WTP to
+   provide the idle timeout value that the WTP SHOULD enforce for its
+   active stations.  The value applies to all radios on the WTP.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                            Timeout                            |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 66]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Type:   23 for Idle Timeout
+
+   Length:   4
+
+   Timeout:   The current idle timeout to be enforced by the WTP.  The
+      default value for this message element is specified in
+      Section 4.8.5.
+
+4.6.24.  Image Data
+
+   The Image Data message element is present in the Image Data Request
+   message sent by the AC and contains the following fields.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |     Opcode    |                  Value ...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   24 for Image Data
+
+   Length:   >= 1
+
+   Opcode:   An 8-bit value representing the transfer opcode.  The
+      following values are supported:
+
+      1 -  Image data is included
+
+      2 -  Last Image Data Block is included (EOF)
+
+      5 -  An error occurred.  Transfer is aborted
+
+   Value:   The Image Data field contains up to 1024 characters.  If the
+      block being sent is the last one, the Opcode is set to 2.  The AC
+      MAY opt to abort the data transfer by setting the Opcode to 5.
+      When the Opcode is 5, the Value field has a zero length.
+
+4.6.25.  Image Identifier
+
+   The Image Identifier message element is sent by the AC to the WTP and
+   is used to indicate the expected active software version that is to
+   be run on the WTP.  The value is a variable length UTF-8 encoded
+   string, which is NOT zero terminated.
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 67]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                       Vendor Identifier                       |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                          Value...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   25 for Image Identifier
+
+   Length:   >= 1
+
+   Value:   A variable length UTF-8 encoded string containing the
+      firmware identifier to be run on the WTP.
+
+4.6.26.  Image Information
+
+   The Image Information message element is present in the Image Data
+   Response message sent by the AC to the WTP and contains the following
+   fields.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |           File Size           |              Hash             |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                              Hash                             |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                              Hash                             |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                              Hash                             |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |              Hash             |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   26 for Image Information
+
+   Length:   18
+
+   File Size:   A 16-bit value containing the size of the file that will
+      be transfered by the AC to the WTP.
+
+   Hash:   A 16 octet hash of the image.  The hash is computed using
+      MD5, using the following pseudo-code:
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 68]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+           #include <md5.h>
+           CapwapCreateHash(char *hash, char *image, int image_len)
+           {
+                   MD_CTX context;
+
+                   MDInit (&context);
+                   MDUpdate (&context, buffer, len);
+                   MDFinal (hash, &context);
+           }
+
+4.6.27.  Initiate Download
+
+   The Initiate Download message element is used by the AC to inform the
+   WTP that the WTP SHOULD initiate a firmware upgrade.  The WTP
+   subsequently transmits an Image Data Request message which includes
+   the Image Download message element.  This message element does not
+   contain any data.
+
+   Type:   27 for Initiate Download
+
+   Length:   0
+
+4.6.28.  Location Data
+
+   The Location Data message element is a variable length byte UTF-8
+   encoded string containing user defined location information (e.g.
+   "Next to Fridge").  This information is configurable by the network
+   administrator, and allows the WTP location to be determined.  The
+   string is not zero terminated.
+
+      0
+      0 1 2 3 4 5 6 7
+     +-+-+-+-+-+-+-+-+-
+     | Location ...
+     +-+-+-+-+-+-+-+-+-
+
+   Type:   28 for Location Data
+
+   Length:   > 0
+
+   Location:   A non-zero terminated UTF-8 encoded string containing the
+      WTP location.
+
+4.6.29.  Maximum Message Length
+
+   The Maximum Message Length message element is included in the Join
+   Request message by the WTP to indicate the maximum CAPWAP message
+   length that it supports to the AC.  The Maximum Message Length
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 69]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   message element is optionally included in Join Response message by
+   the AC to indicate the maximum CAPWAP message length that it supports
+   to the WTP.
+
+         0              1               2
+         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
+        |   Maximum Message Length     |
+        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
+
+
+   Type:   29 for Maximim Message Length
+
+   Length:   2
+
+   Maximum Message Length  An 16-bit unsigned integer indicating the
+      maximum message length.
+
+4.6.30.  MTU Discovery Padding
+
+   The MTU Discovery Padding message element is used as padding to
+   perform MTU discovery, and MUST contain octets of value 0xFF, of any
+   length
+
+    0
+      0 1 2 3 4 5 6 7
+     +-+-+-+-+-+-+-+-+
+     |  Padding...
+     +-+-+-+-+-+-+-+-
+
+
+   Type:   30 for MTU Discovery Padding
+
+   Length:   variable
+
+   Pad:   A variable length pad.
+
+4.6.31.  Radio Administrative State
+
+   The Radio Administrative State message element is used to communicate
+   the state of a particular radio.  The Radio Administrative State
+   message element is sent by the AC to change the state of the WTP.
+   The WTP saves the value, to ensure that it remains across WTP resets.
+   The WTP communicates this message element during the configuration
+   phase, in the Configuration Status Request message, to ensure that AC
+   has the WTP radio current administrative state settings.  The message
+   element contains the following fields.
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 70]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+         0                   1
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Radio ID    |  Admin State  |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   31 for Radio Administrative State
+
+   Length:   2
+
+   Radio ID:   An 8-bit value representing the radio to configure.  The
+      Radio ID field MAY also include the value of 0xff, which is used
+      to identify the WTP.  If an AC wishes to change the administrative
+      state of a WTP, it includes 0xff in the Radio ID field.
+
+   Admin State:   An 8-bit value representing the administrative state
+      of the radio.  The default value for the Admin State field is
+      listed in Section 4.8.1.  The following values are supported:
+
+      1 -  Enabled
+
+      2 -  Disabled
+
+4.6.32.  Radio Operational State
+
+   The Radio Operational State message element is sent by the WTP to the
+   AC to communicate a radio's operational state.  This message element
+   is included in the Configuration Update Response message by the WTP
+   if it was requested to change the state of its radio, via the Radio
+   Administrative State message element, but was unable to comply to the
+   request.  This message element is included in the Change State Event
+   message when a WTP radio state was changed unexpectedly.  This could
+   occur due to a hardware failure.  Note that the operational state
+   setting is not saved on the WTP, and therefore does not remain across
+   WTP resets.  The value contains three fields, as shown below.
+
+      0                   1                   2
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Radio ID    |     State     |     Cause     |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   32 for Radio Operational State
+
+   Length:   3
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 71]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Radio ID:   The Radio Identifier refers to an interface index on the
+      WTP.  A value of 0xFF is invalid, as it is not possible to change
+      the WTP's operational state.
+
+   State:   An 8-bit boolean value representing the state of the radio.
+      A value of one disables the radio, while a value of two enables
+      it.
+
+   Cause:   When a radio is inoperable, the cause field contains the
+      reason the radio is out of service.  The following values are
+      supported:
+
+      0 -  Normal
+
+      1 -  Radio Failure
+
+      2 -  Software Failure
+
+      3 -  Administratively Set
+
+4.6.33.  Result Code
+
+   The Result Code message element value is a 32-bit integer value,
+   indicating the result of the Request message corresponding to the
+   Sequence Number included in the Response message.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                         Result Code                           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   33 for Result Code
+
+   Length:   4
+
+   Result Code:   The following values are defined:
+
+      0  Success
+
+      1  Failure (AC List message element MUST be present)
+
+      2  Success (NAT detected)
+
+      3  Join Failure (unspecified)
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 72]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+      4  Join Failure (Resource Depletion)
+
+      5  Join Failure (Unknown Source)
+
+      6  Join Failure (Incorrect Data)
+
+      7  Join Failure (Session ID already in use)
+
+      8  Join Failure (WTP Hardware not supported)
+
+      9  Join Failure (Binding Not Supported)
+
+      10 Reset Failure (Unable to Reset)
+
+      11 Reset Failure (Firmware Write Error)
+
+      12 Configuration Failure (Unable to Apply Requested Configuration
+         - Service Provided Anyhow)
+
+      13 Configuration Failure (Unable to Apply Requested Configuration
+         - Service Not Provided)
+
+      14 Image Data Error (Invalid Checksum)
+
+      15 Image Data Error (Invalid Data Length)
+
+      16 Image Data Error (Other Error)
+
+      17 Image Data Error (Image Already Present)
+
+      18 Message Unexpected (Invalid in current state)
+
+      19 Message Unexpected (Unrecognized Request)
+
+      20 Failure - Missing Mandatory Message Element
+
+      21 Failure - Unrecognized Message Element
+
+4.6.34.  Returned Message Element
+
+   The Returned Message Element is sent by the WTP in the Change State
+   Event Request message to communicate to the AC which message elements
+   in the Configuration Status Response it was unable to apply locally.
+   The Returned Message Element message element contains a result code
+   indicating the reason that the configuration could not be applied,
+   and encapsulates the failed message element.
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 73]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+      0                   1                   2
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |    Reason     |       Message Element...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   34 for Returned Message Element
+
+   Length:   >= 1
+
+   Reason:   The reason why the configuration in the offending message
+      element could not be applied by the WTP.
+
+      1 -  Unknown Message Element
+
+      2 -  Unsupported Message Element
+
+      3 -  Unknown Message Element Value
+
+      4 -  Unsupported Message Element Value
+
+   Message Element:   The Message Element field encapsulates the message
+      element sent by the AC in the Configuration Status Response
+      message that caused the error.
+
+4.6.35.  Session ID
+
+   The Session ID message element value contains a randomly generated
+   unsigned 32-bit integer.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           Session ID                          |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+   Type:   35 for Session ID
+
+   Length:   16
+
+   Session ID:   A 32-bit unsigned integer used as a random session
+      identifier
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 74]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+4.6.36.  Statistics Timer
+
+   The Statistics Timer message element value is used by the AC to
+   inform the WTP of the frequency with which it expects to receive
+   updated statistics.
+
+      0                   1
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |        Statistics Timer       |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   36 for Statistics Timer
+
+   Length:   2
+
+   Statistics Timer:   A 16-bit unsigned integer indicating the time, in
+      seconds.  The default value for this timer is specified in
+      Section 4.7.12.
+
+4.6.37.  Vendor Specific Payload
+
+   The Vendor Specific Payload message element is used to communicate
+   vendor specific information between the WTP and the AC.  The message
+   element uses the following format:
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                       Vendor Identifier                       |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |          Element ID           |   Value...    |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   37 for Vendor Specific
+
+   Length:   >= 7
+
+   Vendor Identifier:   A 32-bit value containing the IANA assigned "SMI
+      Network Management Private Enterprise Codes" [14]
+
+   Element ID:   A 16-bit Element Identifier which is managed by the
+      vendor.
+
+   Value:   The value associated with the vendor specific element.
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 75]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+4.6.38.  WTP Board Data
+
+   The WTP Board Data message element is sent by the WTP to the AC and
+   contains information about the hardware present.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                       Vendor Identifier                       |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |         Type=0                 |             Length           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                          Value...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |         Type=1                 |             Length           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                          Value...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |  Optional additional vendor specific WTP board data TLVs.....
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+   Type:   38 for WTP Board Data
+
+   Length:   >=14
+
+   Vendor Identifier:   A 32-bit value containing the IANA assigned "SMI
+      Network Management Private Enterprise Codes"
+
+   Type:   The following values are supported:
+
+      0 - WTP Model Number:   The WTP Model Number MUST be included in
+         the WTP Board Data message element.
+
+      1 - WTP Serial Number:   The WTP Serial Number MUST be included in
+         the WTP Board Data message element.
+
+      2 - Board ID:   A hardware identifier, which MAY be included in
+         the WTP Board Data mesage element.
+
+      3 - Board Revision   A revision number of the board, which MAY be
+         included in the WTP Board Data message element.
+
+      4 - Base MAC Addres   The WTP's Base MAC Address, which MAY be
+         assigned to the primary Ethernet interface.
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 76]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+4.6.39.  WTP Descriptor
+
+   The WTP Descriptor message element is used by a WTP to communicate
+   its current hardware and software (firmware) configuration.  The
+   value contains the following fields.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Max Radios  | Radios in use |    Encryption Capabilities    |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                       Vendor Identifier                       |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |         Type=0                 |             Length           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                          Value...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                       Vendor Identifier                       |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |         Type=1                 |             Length           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                          Value...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                       Vendor Identifier                       |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |         Type=2                 |             Length           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                          Value...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                       Vendor Identifier                       |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |         Type=3                 |             Length           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                          Value...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+   Type:   39 for WTP Descriptor
+
+   Length:   >= 31
+
+   Max Radios:   An 8-bit value representing the number of radios (where
+      each radio is identified via the Radio ID field) supported by the
+      WTP.
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 77]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Radios in use:   An 8-bit value representing the number of radios in
+      use in the WTP.
+
+   Encryption Capabilities:   This 16-bit field is used by the WTP to
+      communicate its capabilities to the AC.  A WTP that does not have
+      any encryption capabilities sets this field to zero (0).  Refer to
+      the specific wireless binding for further specification of the
+      Encryption Capabilities field.
+
+   Vendor Identifier:   A 32-bit value containing the IANA assigned "SMI
+      Network Management Private Enterprise Codes".
+
+   Type:   The following values are supported.  The Hardware Version,
+      Active Software Version, and Boot Version values MUST be included.
+      Zero or more Other Software Version values MAY be included.
+
+      0 - Hardware Version:   The WTP hardware version number.
+
+      1 - Active Software Version:   The WTP running software version
+         number.
+
+      2 - Boot Version:   The WTP boot loader version number.
+
+      3 - Other Software Version:   The WTP non-running software
+         (firmware) version number.
+
+   Length:   Length of vendor specific encoding of WTP information.
+
+   Value:   Vendor specific data of WTP information encoded in the UTF-8
+      format.
+
+4.6.40.  WTP Fallback
+
+   The WTP Fallback message element is sent by the AC to the WTP to
+   enable or disable automatic CAPWAP fallback in the event that a WTP
+   detects its preferred AC, and is not currently connected to it.
+
+      0
+      0 1 2 3 4 5 6 7
+     +-+-+-+-+-+-+-+-+
+     |     Mode      |
+     +-+-+-+-+-+-+-+-+
+
+   Type:   40 for WTP Fallback
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 78]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Length:   1
+
+   Mode:   The 8-bit value indicates the status of automatic CAPWAP
+      fallback on the WTP.  When enabled, if the WTP detects that its
+      primary AC is available, and that the WTP is not connected to the
+      primary AC, the WTP SHOULD automatically disconnect from its
+      current AC and reconnect to its primary AC.  If disabled, the WTP
+      will only reconnect to its primary AC through manual intervention
+      (e.g., through the Reset Request message).  The default value for
+      this field is specified in Section 4.8.10.  The following values
+      are supported:
+
+      1 -  Enabled
+
+      2 -  Disabled
+
+4.6.41.  WTP Frame Tunnel Mode
+
+   The WTP Frame Tunnel Mode message element allows the WTP to
+   communicate the tunneling modes of operation which it supports to the
+   AC.  A WTP that advertises support for all types allows the AC to
+   select which type will be used, based on its local policy.
+
+      0
+      0 1 2 3 4 5 6 7
+     +-+-+-+-+-+-+-+-+
+     | Tunnel Mode   |
+     +-+-+-+-+-+-+-+-+
+
+   Type:   41 for WTP Frame Tunnel Mode
+
+   Length:   1
+
+   Frame Tunnel Mode:   The Frame Tunnel mode specifies the tunneling
+      modes for station data that are supported by the WTP.  The
+      following values are supported:
+
+      1 - Local Bridging:   When Local Bridging is used, the WTP does
+         not tunnel user traffic to the AC; all user traffic is locally
+         bridged.  This value MUST NOT be used when the WTP MAC Type is
+         set to Split-MAC.
+
+      2 - 802.3 Frame Tunnel Mode:   The 802.3 Frame Tunnel Mode
+         requires the WTP and AC to encapsulate all user payload as
+         native IEEE 802.3 frames (see Section 4.4).  All user traffic
+         is tunneled to the AC.  This value MUST NOT be used when the
+         WTP MAC Type is set to Split-MAC.
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 79]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+      4 - Native Frame Tunnel Mode:   Native Frame Tunnel mode requires
+         the WTP and AC to encapsulate all user payloads as native
+         wireless frames, as defined by the wireless binding (see for
+         example Section 4.4).
+
+      7 - All:   The WTP is capable of supporting all frame tunnel
+         modes.
+
+4.6.42.  WTP IPv4 IP Address
+
+   The WTP IPv4 address is used to perform NAT detection.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                      WTP IPv4 IP Address                      |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+   Type:   42 for WTP IPv4 IP Address
+
+   Length:   4
+
+   WTP IPv4 IP Address:   The IPv4 address from which the WTP is sending
+      packets.  This field is used for NAT detection.
+
+4.6.43.  WTP IPv6 IP Address
+
+   The WTP IPv6 address is used to perform NAT detection (e.g., IPv4 to
+   IPv6 NAT to help with technology transition).
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                      WTP IPv6 IP Address                      |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                      WTP IPv6 IP Address                      |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                      WTP IPv6 IP Address                      |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                      WTP IPv6 IP Address                      |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 80]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Type:   43 for WTP IPv6 IP Address
+
+   Length:   32
+
+   WTP IPv6 IP Address:   The IPv6 address from which the WTP is sending
+      packets.  This field is used for NAT detection.
+
+4.6.44.  WTP MAC Type
+
+   The WTP MAC-Type message element allows the WTP to communicate its
+   mode of operation to the AC.  A WTP that advertises support for both
+   modes allows the AC to select the mode to use, based on local policy.
+
+      0
+      0 1 2 3 4 5 6 7
+     +-+-+-+-+-+-+-+-+
+     |   MAC Type    |
+     +-+-+-+-+-+-+-+-+
+
+   Type:   44 for WTP MAC Type
+
+   Length:   1
+
+   MAC Type:   The MAC mode of operation supported by the WTP.  The
+      following values are supported
+
+      0 - Local-MAC:   Local-MAC is the default mode that MUST be
+         supported by all WTPs.
+
+      1 - Split-MAC:   Split-MAC support is optional, and allows the AC
+         to receive and process native wireless frames.
+
+      2 - Both:   WTP is capable of supporting both Local-MAC and Split-
+         MAC.
+
+4.6.45.  WTP Name
+
+   The WTP Name message element is a variable length byte UTF-8 encoded
+   string.  The string is not zero terminated.
+
+      0
+      0 1 2 3 4 5 6 7
+     +-+-+-+-+-+-+-+-+-
+     | WTP Name ...
+     +-+-+-+-+-+-+-+-+-
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 81]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Type:   45 for WTP Name
+
+   Length:   variable
+
+   WTP Name:   A non-zero terminated UTF-8 encoded string containing the
+      WTP name.
+
+4.6.46.  WTP Operational Statistics
+
+   The WTP Operational Statistics message element is sent by the WTP to
+   the AC to provide statistics related to the operation of the WTP.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Radio ID   | Tx Queue Level | Wireless Link Frames per Sec  |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+   Type:   46 for WTP Operational Statistics
+
+   Length:   4
+
+   Radio ID:   The radio ID of the radio to which the statistics apply.
+
+   Wireless Transmit Queue Level:   The percentage of Wireless Transmit
+      queue utilization, calculated as the sum of utilized transmit
+      queue lengths divided by the sum of maximum transmit queue
+      lengths, multiplied by 100.  The Wireless Transmit Queue Level is
+      representative of congestion conditions over wireless interfaces
+      between the WTP and stations.
+
+   Wireless Link Frames per Sec:   The number of frames transmitted or
+      received per second by the WTP over the air interface.
+
+4.6.47.  WTP Radio Statistics
+
+   The WTP Radio Statistics message element is sent by the WTP to the AC
+   to communicate statistics on radio behavior and reasons why the WTP
+   radio has been reset.
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 82]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Radio ID    | Last Fail Type|       Reset Count             |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |     SW Failure Count          |        HW Failure Count       |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |    Other  Failure Count       |   Unknown Failure Count       |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Config Update Count         |    Channel Change Count       |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Band Change Count           |    Current Noise Floor        |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   47 for WTP Radio Statistics
+
+   Length:   20
+
+   Radio ID:   The radio ID of the radio to which the statistics apply.
+
+   Last Failure Type:   The last WTP failure.  The following values are
+      supported:
+
+      0 -  Statistic Not Supported
+
+      1 -  Software Failure
+
+      2 -  Hardware Failure
+
+      3 -  Other Failure
+
+      255 -  Unknown (e.g., WTP doesn't keep track of info)
+
+   Reset Count:   The number of times that that the radio has been
+      reset.
+
+   SW Failure Count:   The number of times that the radio has failed due
+      to software related reasons.
+
+   HW Failure Count:   The number of times that the radio has failed due
+      to hardware related reasons.
+
+   Other Failure Count:   The number of times that the radio has failed
+      due to known reasons, other than software or hardware failure.
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 83]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Unknown Failure Count:   The number of times that the radio has
+      failed for unknown reasons.
+
+   Config Update Count:   The number of times that the radio
+      configuration has been updated.
+
+   Channel Change Count:   The number of times that the radio channel
+      has been changed.
+
+   Band Change Count:   The number of times that the radio has changed
+      frequency bands.
+
+   Current Noise Floor:   A signed integer which indicates the noise
+      floor of the radio receiver in units of dBm.
+
+4.6.48.  WTP Reboot Statistics
+
+   The WTP Reboot Statistics message element is sent by the WTP to the
+   AC to communicate reasons why WTP reboots have occurred.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |         Reboot Count          |    AC Initiated Count         |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |      Link Failure Count       |    SW Failure Count           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |      HW Failure Count         |    Other Failure Count        |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |      Unknown Failure Count    |Last Failure Type|
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+   Type:   48 for WTP Reboot Statistics
+
+   Length:   15
+
+   Reboot Count:   The number of reboots that have occurred due to a WTP
+      crash.  A value of 65535 implies that this information is not
+      available on the WTP.
+
+   AC Initiated Count:   The number of reboots that have occurred at the
+      request of a CAPWAP protocol message, such as a change in
+      configuration that required a reboot or an explicit CAPWAP
+      protocol reset request.  A value of 65535 implies that this
+      information is not available on the WTP.
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 84]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Link Failure Count:   The number of times that a CAPWAP protocol
+      connection with an AC has failed due to link failure.
+
+   SW Failure Count:   The number of times that a CAPWAP protocol
+      connection with an AC has failed due to software related reasons.
+
+   HW Failure Count:   The number of times that a CAPWAP protocol
+      connection with an AC has failed due to hardware related reasons.
+
+   Other Failure Count:   The number of times that a CAPWAP protocol
+      connection with an AC has failed due to known reasons, other than
+      AC initiated, link, SW or HW failure.
+
+   Unknown Failure Count:   The number of times that a CAPWAP protocol
+      connection with an AC has failed for unknown reasons.
+
+   Last Failure Type:   The failure type of the most recent WTP failure.
+      The following values are supported:
+
+      0 -  Not Supported
+
+      1 -  AC Initiated (see Section 9.2)
+
+      2 -  Link Failure
+
+      3 -  Software Failure
+
+      4 -  Hardware Failure
+
+      5 -  Other Failure
+
+      255 -  Unknown (e.g., WTP doesn't keep track of info)
+
+4.6.49.  WTP Static IP Address Information
+
+   The WTP Static IP Address Information message element is used by an
+   AC to configure or clear a previously configured static IP address on
+   a WTP.
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 85]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                          IP Address                           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                            Netmask                            |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                            Gateway                            |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |    Static     |
+     +-+-+-+-+-+-+-+-+
+
+   Type:   49 for WTP Static IP Address Information
+
+   Length:   13
+
+   IP Address:   The IP Address to assign to the WTP.  This field is
+      only valid if the static field is set to one.
+
+   Netmask:   The IP Netmask.  This field is only valid if the static
+      field is set to one.
+
+   Gateway:   The IP address of the gateway.  This field is only valid
+      if the static field is set to one.
+
+   Netmask:   The IP Netmask.  This field is only valid if the static
+      field is set to one.
+
+   Static:   An 8-bit boolean stating whether the WTP should use a
+      static IP address or not.  A value of zero disables the static IP
+      address, while a value of one enables it.
+
+4.7.  CAPWAP Protocol Timers
+
+   This section contains the CAPWAP timers.
+
+4.7.1.  ChangeStatePendingTimer
+
+   The maximum time, in seconds, the AC will wait for the Change State
+   Event Request from the WTP after having transmitted a successful
+   Configuration Status Response message.  The default value is 25
+   seconds.
+
+4.7.2.  DataChannelDeadInterval
+
+   The minimum time, in seconds, a WTP MUST wait without having received
+   a Data Channel Keep Alive packet before the destination for the Data
+   Channel Keep Alive packets may be considered dead.  The value of this
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 86]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   timer MUST be no less than 2*DataChannelKeepAlive seconds and no
+   greater that 240 seconds.
+
+   Default: 5
+
+4.7.3.  DiscoveryInterval
+
+   The minimum time, in seconds, that a WTP MUST wait after receiving a
+   Discovery Response message, before initiating a DTLS handshake.
+
+   Default: 5
+
+4.7.4.  DTLSSessionDelete
+
+   The minimum time, in seconds, a WTP MUST wait for DTLS session
+   deletion.
+
+   Default: 5
+
+4.7.5.  EchoInterval
+
+   The minimum time, in seconds, between sending Echo Request messages
+   to the AC with which the WTP has joined.
+
+   Default: 30
+
+4.7.6.  MaxDiscoveryInterval
+
+   The maximum time allowed between sending Discovery Request messages,
+   in seconds.  This value MUST be no less than 2 seconds and no greater
+   than 180 seconds.
+
+   Default: 20 seconds.
+
+4.7.7.  MaxFailedDTLSSessionRetry
+
+   The maximum number of failed DTLS session establishment attempts
+   before the CAPWAP device enters a silent period.
+
+   Default: 3.
+
+4.7.8.  NeighborDeadInterval
+
+   The minimum time, in seconds, a WTP MUST wait without having received
+   an Echo Response message to its Echo Request message, before the
+   destination for the Echo Request may be considered dead.  This value
+   MUST be no less than 2*EchoInterval seconds and no greater than 240
+   seconds.
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 87]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Default: 60
+
+4.7.9.  ResponseTimeout
+
+   The minimum time, in seconds, in which the WTP or AC MUST respond to
+   a CAPWAP Request message.
+
+   Default: 1
+
+4.7.10.  RetransmitInterval
+
+   The minimum time, in seconds, in which a non-acknowledged CAPWAP
+   packet will be retransmitted.
+
+   Default: 3
+
+4.7.11.  SilentInterval
+
+   For a WTP, this is the minimum time, in seconds, a WTP MUST wait
+   before it MAY again send Discovery Request messages or attempt to a
+   establish DTLS session.  For an AC, this is the minimum time, in
+   seconds, during which the AC SHOULD ignore all CAPWAP and DTLS
+   packets received from the WTP that is in the Sulking state.
+
+   Default: 30
+
+4.7.12.  StatisticsTimer
+
+   The default Statistics Interval is 120 seconds.
+
+4.7.13.  WaitDTLS
+
+   The maximum time, in seconds, a WTP MUST wait without having received
+   a DTLS Handshake message from an AC.  This timer MUST be greater than
+   30 seconds.
+
+   Default: 60
+
+4.7.14.  WaitJoin
+
+   The maximum time, in seconds, after which the DTLS session has been
+   established that the AC will wait before receiving a Join Request
+   message.  This timer MUST be greater than 30 seconds.
+
+   Default: 60
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 88]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+4.8.  CAPWAP Protocol Variables
+
+   A WTP or AC that implements the CAPWAP Discovery phase MUST allow for
+   the following variables to be configured by system management;
+   default values are specified, making explicit configuration
+   unnecessary in many cases.  If the default values are explicitly
+   overriden by the AC, the WTP MUST save the values sent by the AC.
+
+4.8.1.  AdminState
+
+   The default Administrative State value is enabled (1).
+
+4.8.2.  DiscoveryCount
+
+   The number of Discovery Request messages transmitted by a WTP to a
+   single AC.  This is a monotonically increasing counter.
+
+4.8.3.  FailedDTLSAuthFailCount
+
+   The number of failed DTLS session establishment attempts due to
+   authentication failures.
+
+4.8.4.  FailedDTLSSessionCount
+
+   The number of failed DTLS session establishment attempts.
+
+4.8.5.  IdleTimeout
+
+   The default Idle Timeout is 300 seconds.
+
+4.8.6.  MaxDiscoveries
+
+   The maximum number of Discovery Request messages that will be sent
+   after a WTP boots.
+
+   Default: 10
+
+4.8.7.  MaxRetransmit
+
+   The maximum number of retransmissions for a given CAPWAP packet
+   before the link layer considers the peer dead.
+
+   Default: 5
+
+4.8.8.  ReportInterval
+
+   The default Report Interval is 120 seconds.
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 89]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+4.8.9.  RetransmitCount
+
+   The number of retransmissions for a given CAPWAP packet.  This is a
+   monotonically increasing counter.
+
+4.8.10.  WTPFallBack
+
+   The default WTP Fallback value is enabled (1).
+
+4.9.  WTP Saved Variables
+
+   In addition to the values defined in Section 4.8, the following
+   values SHOULD be saved on the WTP in non-volatile memory.  CAPWAP
+   wireless bindings MAY define additional values that SHOULD be stored
+   on the WTP.
+
+4.9.1.  AdminRebootCount
+
+   The number of times the WTP has rebooted administratively, defined in
+   Section 4.6.48.
+
+4.9.2.  FrameEncapType
+
+   For WTPs that support multiple Frame Encapsulation Types, it is
+   useful to save the value configured by the AC.  The Frame
+   Encapsulation Type is defined in Section 4.6.41.
+
+4.9.3.  LastRebootReason
+
+   The reason why the WTP last rebooted, defined in Section 4.6.48.
+
+4.9.4.  MacType
+
+   For WTPs that support multiple MAC Types, it is useful to save the
+   value configured by the AC.  The MACType is defined in
+   Section 4.6.44.
+
+4.9.5.  PreferredACs
+
+   The preferred ACs, with the index, defined in Section 4.6.5.
+
+4.9.6.  RebootCount
+
+   The number of times the WTP has rebooted, defined in Section 4.6.48.
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 90]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+4.9.7.  Static ACL Table
+
+   The static ACL table saved on the WTP, as configured by the Add
+   Static MAC ACL Entry message element, see Section 4.6.9.
+
+4.9.8.  Static IP Address
+
+   The static IP Address assigned to the WTP, as configured by the WTP
+   Static IP Address Information message element (see Section 4.6.49).
+
+4.9.9.  WTPLinkFailureCount
+
+   The number of times the link to the AC has failed, see
+   Section 4.6.48.
+
+4.9.10.  WTPLocation
+
+   The WTP Location, defined in Section 4.6.28.
+
+4.9.11.  WTPName
+
+   The WTP Name, defined in Section 4.6.45.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 91]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+5.  CAPWAP Discovery Operations
+
+   The Discovery messages are used by a WTP to determine which ACs are
+   available to provide service, and the capabilities and load of the
+   ACs.
+
+5.1.  Discovery Request Message
+
+   The Discovery Request message is used by the WTP to automatically
+   discover potential ACs available in the network.  The Discovery
+   Request message provides ACs with the primary capabilities of the
+   WTP.  A WTP must exchange this information to ensure subsequent
+   exchanges with the ACs are consistent with the WTP's functional
+   characteristics.
+
+   Discovery Request messages MUST be sent by a WTP in the Discover
+   state after waiting for a random delay less than
+   MaxDiscoveryInterval, after a WTP first comes up or is
+   (re)initialized.  A WTP MUST send no more than the maximum of
+   MaxDiscoveries Discovery Request messages, waiting for a random delay
+   less than MaxDiscoveryInterval between each successive message.
+
+   This is to prevent an explosion of WTP Discovery Request messages.
+   An example of this occurring is when many WTPs are powered on at the
+   same time.
+
+   Discovery Request messages MUST be sent by a WTP when no Echo
+   Response messages are received for NeighborDeadInterval and the WTP
+   returns to the Idle state.  Discovery Request messages are sent after
+   NeighborDeadInterval.  They MUST be sent after waiting for a random
+   delay less than MaxDiscoveryInterval.  A WTP MAY send up to a maximum
+   of MaxDiscoveries Discovery Request messages, waiting for a random
+   delay less than MaxDiscoveryInterval between each successive message.
+
+   If a Discovery Response message is not received after sending the
+   maximum number of Discovery Request messages, the WTP enters the
+   Sulking state and MUST wait for an interval equal to SilentInterval
+   before sending further Discovery Request messages.
+
+   Upon receiving a Discovery Request message, the AC will respond with
+   a Discovery Response message sent to the address in the source
+   address of the received Discovery Request message.
+
+   It is possible for the AC to receive a cleartext Discovery Request
+   message while a DTLS session is already active with the WTP.  This is
+   most likely the case if the WTP has rebooted, perhaps due to a
+   software or power failure, but could also be caused by a DoS attack.
+   In such cases, any WTP state, including the state machine instance,
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 92]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   MUST NOT be cleared until another DTLS session has been successfully
+   established, communicated via the DTLSSessionEstablished DTLS
+   notification (see Section 2.3.2.2).
+
+   The binding specific WTP Radio Information message element (see
+   Section 2.1) is included in the Discovery Request message to
+   advertise WTP support for one or more CAPWAP bindings.
+
+   The Discovery Request message is sent by the WTP when in the
+   Discovery State.  The AC does not transmit this message.
+
+   The following message elements MUST be included in the Discovery
+   Request message:
+
+   o  Discovery Type, see Section 4.6.20
+
+   o  WTP Board Data, see Section 4.6.38
+
+   o  WTP Descriptor, see Section 4.6.39
+
+   o  WTP Frame Tunnel Mode, see Section 4.6.41
+
+   o  WTP MAC Type, see Section 4.6.44
+
+   o  WTP Radio Information message element(s)that the WTP supports;
+      These are defined by the individual link layer CAPWAP Binding
+      Protocols (see Section 2.1).
+
+5.2.  Discovery Response Message
+
+   The Discovery Response message provides a mechanism for an AC to
+   advertise its services to requesting WTPs.
+
+   When a WTP receives a Discovery Response message, it MUST wait for an
+   interval not less than DiscoveryInterval for receipt of additional
+   Discovery Response messages.  After the DiscoveryInterval elapses,
+   the WTP enters the DTLS-Init state and selects one of the ACs that
+   sent a Discovery Response message and send a DTLS Handshake to that
+   AC.
+
+   One or more binding specific WTP Radio Information message elements
+   (see Section 2.1) are included in the Discovery Request message to
+   advertise AC support for the CAPWAP bindings.  The AC MAY include
+   only the bindings it shares in common with the WTP, known through the
+   WTP Radio Information message elements received in the Discovery
+   Request message, or it MAY include all of the bindings supported.
+   The WTP MAY use the supported bindings in its AC decision process.
+   Note that if the WTP joins an AC that does not support a specific
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 93]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   CAPWAP binding, service for that binding MUST NOT be provided by the
+   WTP.
+
+   The Discovery Response message is sent by the AC when in the Idle
+   State.  The WTP does not transmit this message.
+
+   The following message elements MUST be included in the Discovery
+   Response Message:
+
+   o  AC Descriptor, see Section 4.6.1
+
+   o  AC Name, see Section 4.6.4
+
+   o  WTP Radio Information message element(s)that the AC supports;
+      These are defined by the individual link layer CAPWAP Binding
+      Protocols (see Section 2.1 for more information).
+
+   o  One of the following message elements MUST be included in the
+      Discovery Response Message:
+
+      *  CAPWAP Control IPv4 Address, see Section 4.6.10
+
+      *  CAPWAP Control IPv6 Address, see Section 4.6.11
+
+5.3.  Primary Discovery Request Message
+
+   The Primary Discovery Request message is sent by the WTP to determine
+   whether its preferred (or primary) AC is available.
+
+   A Primary Discovery Request message is sent by a WTP when it has a
+   primary AC configured, and is connected to another AC.  This
+   generally occurs as a result of a failover, and is used by the WTP as
+   a means to discover when its primary AC becomes available.  Since the
+   WTP only has a single instance of the CAPWAP state machine, the
+   Primary Discovery Request is sent by the WTP when in the Run State.
+   The AC does not transmit this message.
+
+   The frequency of the Primary Discovery Request messages should be no
+   more often than the sending of the Echo Request message.
+
+   Upon receipt of a Primary Discovery Request message, the AC responds
+   with a Primary Discovery Response message sent to the address in the
+   source address of the received Primary Discovery Request message.
+
+   The following message elements MUST be included in the Primary
+   Discovery Request message.
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 94]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   o  Discovery Type, see Section 4.6.20
+
+   o  WTP Board Data, see Section 4.6.38
+
+   o  WTP Descriptor, see Section 4.6.39
+
+   o  WTP Frame Tunnel Mode, see Section 4.6.41
+
+   o  WTP MAC Type, see Section 4.6.44
+
+   o  WTP Radio Information message element(s)that the WTP supports;
+      These are defined by the individual link layer CAPWAP Binding
+      Protocols (see Section 2.1 for more information).
+
+5.4.  Primary Discovery Response
+
+   The Primary Discovery Response message enables an AC to advertise its
+   availability and services to requesting WTPs that are configured to
+   have the AC as its primary AC.
+
+   The Primary Discovery Response message is sent by an AC after
+   receiving a Primary Discovery Request message.
+
+   When a WTP receives a Primary Discovery Response message, it may
+   establish a CAPWAP protocol connection to its primary AC, based on
+   the configuration of the WTP Fallback Status message element on the
+   WTP.
+
+   The Primary Discovery Response message is sent by the AC when in the
+   Idle State.  The WTP does not transmit this message.
+
+   The following message elements MUST be included in the Primary
+   Discovery Response message.
+
+   o  AC Descriptor, see Section 4.6.1
+
+   o  AC Name, see Section 4.6.4
+
+   o  WTP Radio Information message element(s)that the AC supports;
+      These are defined by the individual link layer CAPWAP Binding
+      Protocols (see Section 2.1 for more information).
+
+   One of the following message elements MUST be included in the
+   Discovery Response Message:
+
+   o  CAPWAP Control IPv4 Address, see Section 4.6.10
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 95]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   o  CAPWAP Control IPv6 Address, see Section 4.6.11
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 96]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+6.  CAPWAP Join Operations
+
+   The Join Request message is used by a WTP to request service from an
+   AC after a DTLS connection is established to that AC.  The Join
+   Response message is used by the the AC to indicate that it will or
+   will not provide service.
+
+6.1.  Join Request
+
+   The Join Request message is used by a WTP to request service through
+   the AC.  A Join Request message is sent by a WTP after (optionally)
+   receiving one or more Discovery Response messages, and completion of
+   DTLS session establishment.  When an AC receives a Join Request
+   message it responds with a Join Response message.
+
+   Upon completion of the DTLS handshake, and receiving the
+   DTLSEstablished notification, the WTP sends the Join Request message
+   to the AC.  When the AC is notified of the DTLS session
+   establishment, it does not clear the WaitDTLS timer until it has
+   received the Join Request message, at which time it sends a Join
+   Response message to the WTP, indicating success or failure.
+
+   One or more WTP Radio Information message elements (see Section 2.1)
+   are included in the Join Request to request service for the CAPWAP
+   bindings by the AC.  Including a binding that is unsupported by the
+   AC will result in a failed Join Response.
+
+   If the AC rejects the Join Request, it sends a Join Response message
+   with a failure indication and initiates an abort of the DTLS session
+   via the DTLSAbort command.
+
+   If an invalid (i.e. malformed) Join Request message is received, the
+   message MUST be silently discarded by the AC.  No response is sent to
+   the WTP.  The AC SHOULD log this event.
+
+   The Join Request is sent by the WTP when in the Join State.  The AC
+   does not transmit this message.
+
+   The following message elements MUST be included in the Join Request
+   message.
+
+   o  Location Data, see Section 4.6.28
+
+   o  WTP Board Data, see Section 4.6.38
+
+   o  WTP Descriptor, see Section 4.6.39
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 97]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   o  WTP Name, see Section 4.6.45
+
+   o  Session ID, see Section 4.6.35
+
+   o  WTP Frame Tunnel Mode, see Section 4.6.41
+
+   o  WTP MAC Type, see Section 4.6.44
+
+   o  WTP Radio Information message element(s)that the WTP supports;
+      These are defined by the individual link layer CAPWAP Binding
+      Protocols (see Section 2.1 for more information).
+
+   At least one of the following message element MUST be included in the
+   Join Request message.
+
+   o  WTP IPv4 IP Address, see Section 4.6.42
+
+   o  WTP IPv6 IP Address, see Section 4.6.43
+
+   The following message element MAY be included in the Join Request
+   message.
+
+   o  Maximum Message Length, see Section 4.6.29
+
+   o  WTP Reboot Statistics, see Section 4.6.48
+
+   o  WTP IPv4 IP Address, see Section 4.6.42
+
+   o  WTP IPv6 IP Address, see Section 4.6.43
+
+6.2.  Join Response
+
+   The Join Response message is sent by the AC to indicate to a WTP that
+   it is capable and willing to provide service to the WTP.
+
+   The WTP, receiving a Join Response message, checks for success or
+   failure.  If the message indicates success, the WTP clears the
+   WaitDTLS timer for the session and proceeds to the Configure state.
+
+   If the WaitDTLS Timer expires prior to reception of the Join Response
+   message, the WTP MUST terminate the handshake, deallocate session
+   state and initiate the DTLSAbort command.
+
+   If an invalid (malformed) Join Response message is received, the WTP
+   SHOULD log an informative message detailing the error.  This error
+   MUST be treated in the same manner as AC non-responsiveness.  The
+   WaitDTLS timer will eventually expire, and the WTP MAY (if it is so
+   configured) attempts to join a new AC.
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 98]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   If one of the WTP Radio Information message elements (see
+   Section 2.1) in the Join Request message requested support for a
+   CAPWAP binding which the AC does not support, the AC sets the Result
+   Code message element to "Binding Not Supported".
+
+   The AC includes the Image Identifier message element to indicate the
+   software version it expects the WTP to run.  This information is used
+   to determine whether the WTP MUST either change its currently running
+   firmware image, or download a new version (see Section 9.1.1).
+
+   The Join Response message is sent by the AC when in the Join State.
+   The WTP does not transmit this message.
+
+   The following message elements MAY be included in the Join Response
+   message.
+
+   o  AC IPv4 List, see Section 4.6.2
+
+   o  AC IPv6 List, see Section 4.6.3
+
+   o  Image Identifier, see Section 4.6.25
+
+   o  Maximum Message Length, see Section 4.6.29
+
+   The following message elements MUST be included in the Join Response
+   message.
+
+   o  Result Code, see Section 4.6.33
+
+   o  AC Descriptor, see Section 4.6.1
+
+   o  AC Name, see Section 4.6.4
+
+   o  WTP Radio Information message element(s)that the AC supports;
+      These are defined by the individual link layer CAPWAP Binding
+      Protocols (see Section 2.1).
+
+   One of the following message elements MUST be included in the
+   Discovery Response Message:
+
+   o  CAPWAP Control IPv4 Address, see Section 4.6.10
+
+   o  CAPWAP Control IPv6 Address, see Section 4.6.11
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007             [Page 99]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+7.  Control Channel Management
+
+   The Control Channel Management messages are used by the WTP and AC to
+   maintain a control communication channel.  CAPWAP control messages,
+   such as the WTP Event Request message sent from the WTP to the AC
+   indicate to the AC that the WTP is operational.  When such control
+   messages are not being sent, the Echo Request and Echo Response
+   messages are used to maintain the control communication channel.
+
+7.1.  Echo Request
+
+   The Echo Request message is a keep-alive mechanism for CAPWAP control
+   messages.
+
+   Echo Request messages are sent periodically by a WTP in the Run state
+   (see Section 2.3) to determine the state of the control connection
+   between the WTP and the AC.  The Echo Request message is sent by the
+   WTP when the EchoInterval timer expires.  The WTP MUST start its
+   NeighborDeadInterval timer when the EchoInterval timer expires.
+
+   The Echo Request message is sent by the WTP when in the Run State.
+   The AC does not transmit this message.
+
+   The Echo Request message carries no message elements.
+
+   When an AC receives an Echo Request message it responds with an Echo
+   Response message.
+
+7.2.  Echo Response
+
+   The Echo Response message acknowledges the Echo Request message.
+
+   An Echo Response message is sent by an AC after receiving an
+   EchoRequest message.  After transmitting the Echo Response message,
+   the AC SHOULD reset its EchoInterval timer.  If another Echo Request
+   message or other control message is not received by the AC when the
+   timer expires, the AC SHOULD consider the WTP to be no longer
+   reachable.
+
+   The Echo Response message is sent by the AC when in the Run State.
+   The WTP does not transmit this message.
+
+   The Echo Response message carries no message elements.
+
+   When a WTP receives an Echo Response message it stops the
+   NeighborDeadInterval timer, and initializes the EchoInterval to the
+   configured value.
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 100]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   If the NeighborDeadInterval timer expires prior to receiving an Echo
+   Response message, or other control message, the WTP enters the Idle
+   state.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 101]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+8.  WTP Configuration Management
+
+   WTP Configuration messages are used to exchange configuration
+   information between the AC and the WTP.
+
+8.1.  Configuration Consistency
+
+   The CAPWAP protocol provides flexibility in how WTP configuration is
+   managed.  A WTP has two options:
+
+   1. The WTP retains no configuration and accepts the configuration
+      provided by the AC.
+
+   2. The WTP retains the configuration of parameters provided by the AC
+      that are non-default values.
+
+   If the WTP opts to save configuration locally, the CAPWAP protocol
+   state machine defines the Configure state, which allows for
+   configuration exchange.  In the Configure state, the WTP sends its
+   current configuration overrides to the AC via the Configuration
+   Status message.  A configuration override is a non-default parameter.
+   As an example, in the CAPWAP protocol, the default antenna
+   configuration is internal omni antenna.  A WTP that either has no
+   internal antennas, or has been explicitly configured by the AC to use
+   external antennas, sends its antenna configuration during the
+   configure phase, allowing the AC to become aware of the WTP's current
+   configuration.
+
+   Once the WTP has provided its configuration to the AC, the AC sends
+   its configuration to the WTP.  This allows the WTP to receive
+   configuration and policies from the AC.
+
+   The AC maintains a copy of each active WTP configuration.  There is
+   no need for versioning or other means to identify configuration
+   changes.  If a WTP becomes inactive, the AC MAY delete the inactive
+   WTP configuration.  If a WTP fails, and connects to a new AC, the WTP
+   provides its overridden configuration parameters, allowing the new AC
+   to be aware of the WTP configuration.
+
+   This model allows for resiliency in case of an AC failure, ensuring
+   another AC can provide service to the WTP.  A new AC would be
+   automatically updated with WTP configuration changes, eliminating the
+   need for inter-AC communication and the need for all ACs to be aware
+   of the configuration of all WTPs in the network.
+
+   Once the CAPWAP protocol enters the Run state, the WTPs begin to
+   provide service.  It is common for administrators to require that
+   configuration changes be made while the network is operational.
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 102]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Therefore, the Configuration Update Request is sent by the AC to the
+   WTP to make these changes at run-time.
+
+8.1.1.  Configuration Flexibility
+
+   The CAPWAP protocol provides the flexibility to configure and manage
+   WTPs of varying design and functional characteristics.  When a WTP
+   first discovers an AC, it provides primary functional information
+   relating to its type of MAC and to the nature of frames to be
+   exchanged.  The AC configures the WTP appropriately.  The AC also
+   establishes corresponding internal state for the WTP.
+
+8.2.  Configuration Status
+
+   The Configuration Status message is sent by a WTP to deliver its
+   current configuration to the AC.
+
+   The Configuration Status message carries binding specific message
+   elements.  Refer to the appropriate binding for the definition of
+   this structure.
+
+   When an AC receives a Configuration Status message it acts upon the
+   content of the message and responds to the WTP with a Configuration
+   Status Response message.
+
+   The Configuration Status message includes multiple Radio
+   Administrative State message elements, one for the WTP, and one for
+   each radio in the WTP.
+
+   The Configuration Status message is sent by the WTP when in the
+   Configure State.  The AC does not transmit this message.
+
+   The following message elements MUST be included in the Configuration
+   Status message.
+
+   o  AC Name, see Section 4.6.4
+
+   o  AC Name with Index, see Section 4.6.5
+
+   o  Radio Administrative State, see Section 4.6.31
+
+   o  Statistics Timer, see Section 4.6.36
+
+   o  WTP Reboot Statistics, see Section 4.6.48
+
+   The following message elements MAY be included in the Configuration
+   Status message.
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 103]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   o  WTP Static IP Address Information, see Section 4.6.49
+
+8.3.  Configuration Status Response
+
+   The Configuration Status Response message is sent by an AC and
+   provides a mechanism for the AC to override a WTP's requested
+   configuration.
+
+   A Configuration Status Response message is sent by an AC after
+   receiving a Configuration Request message.
+
+   The Configuration Status Response message carries binding specific
+   message elements.  Refer to the appropriate binding for the
+   definition of this structure.
+
+   When a WTP receives a Configuration Status Response message it acts
+   upon the content of the message, as appropriate.  If the
+   Configuration Status Response message includes a Radio Operational
+   State message element that causes a change in the operational state
+   of one of the radios, the WTP transmits a Change State Event to the
+   AC, as an acknowledgement of the change in state.
+
+   The Configuration Status Response message is sent by the AC when in
+   the Configure State.  The WTP does not transmit this message.
+
+   The following message elements MUST be included in the Configuration
+   Status Response message.
+
+   o  AC IPv4 List, see Section 4.6.2
+
+   o  AC IPv6 List, see Section 4.6.3
+
+   o  CAPWAP Timers, see Section 4.6.12
+
+   o  Decryption Error Report Period, see Section 4.6.16
+
+   o  Idle Timeout, see Section 4.6.23
+
+   o  WTP Fallback, see Section 4.6.40
+
+   The following message element MAY be included in the Configuration
+   Status Response message.
+
+   o  WTP Static IP Address Information, see Section 4.6.49
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 104]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+8.4.  Configuration Update Request
+
+   Configuration Update Request messages are sent by the AC to provision
+   the WTP while in the Run state.  This is used to modify the
+   configuration of the WTP while it is operational.
+
+   When a WTP receives a Configuration Update Request message, it
+   responds with a Configuration Update Response message, with a Result
+   Code message element indicating the result of the configuration
+   request.
+
+   The AC includes the Image Identifier and Initiate Download message
+   elements to force the WTP to update its firmware while in the Run
+   state.  The WTP MAY proceed to download the requested firmware if it
+   determines the version specified in the Image Identifier message
+   element is not in its non-volatile storage (see Section 9.1.1).
+
+   The Configuration Update Request is sent by the AC when in the Run
+   State.  The WTP does not transmit this message.
+
+   One or more of the following message elements MAY be included in the
+   Configuration Update message.
+
+   o  AC Name with Index, see Section 4.6.5
+
+   o  AC Timestamp, see Section 4.6.6
+
+   o  Add MAC ACL Entry, see Section 4.6.7
+
+   o  Add Static MAC ACL Entry, see Section 4.6.9
+
+   o  CAPWAP Timers, see Section 4.6.12
+
+   o  Decryption Error Report Period, see Section 4.6.16
+
+   o  Delete MAC ACL Entry, see Section 4.6.17
+
+   o  Delete Static MAC ACL Entry, see Section 4.6.19
+
+   o  Idle Timeout, see Section 4.6.23
+
+   o  Location Data, see Section 4.6.28
+
+   o  Radio Administrative State, see Section 4.6.31
+
+   o  Statistics Timer, see Section 4.6.36
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 105]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   o  WTP Fallback, see Section 4.6.40
+
+   o  WTP Name, see Section 4.6.45
+
+   o  WTP Static IP Address Information, see Section 4.6.49
+
+   o  Image Identifier, see Section 4.6.25
+
+   o  Initiate Download, see Section 4.6.27
+
+8.5.  Configuration Update Response
+
+   The Configuration Update Response message is the acknowledgement
+   message for the Configuration Update Request message.
+
+   The Configuration Update Response message is sent by a WTP after
+   receiving a Configuration Update Request message.
+
+   When an AC receives a Configuration Update Response message the
+   result code indicates if the WTP successfully accepted the
+   configuration.
+
+   The Configuration Update Response message is sent by the WTP when in
+   the Run State.  The AC does not transmit this message.
+
+   The following message element MUST be present in the Configuration
+   Update message.
+
+   Result Code, see Section 4.6.33
+
+   The following message elements MAY be present in the Configuration
+   Update Response message.
+
+   o  Radio Operational State, see Section 4.6.32
+
+8.6.  Change State Event Request
+
+   The Change State Event Request message is used by the WTP for two
+   main purposes:
+
+   o  When sent by the WTP following the reception of a Configuration
+      Status Response message from the AC, the WTP uses the Change State
+      Event Request message to provide an update on the WTP radio's
+      operational state and to confirm that the configuration provided
+      by the AC was successfully applied.
+
+   o  When sent during the Run state, the WTP uses the Change State
+      Event Request message to notify the AC of an unexpected change in
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 106]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+      the WTP's radio operational state.
+
+   When an AC receives a Change State Event Request message it responds
+   with a Change State Event Response message and modifies its data
+   structures for the WTP as needed.  The AC MAY decide not to provide
+   service to the WTP if it receives an error, based on local policy,
+   and to transition to the Reset state.
+
+   The Change State Event Request message is sent by a WTP to
+   acknowledge or report an error condition to the AC for a requested
+   configuration in the Configuration Status Response message.  The
+   Change State Event Request message includes the Result Code message
+   element, which indicates whether the configuration was successfully
+   applied.  If the WTP is unable to apply a specfic configuration
+   request, it indicates the failure by including one or more Returned
+   Message Element message elements (see Section 4.6.34).
+
+   The Change State Event Request message is sent by the WTP in the
+   Configure or Run State.  The AC does not transmit this message.
+
+   The WTP MAY save its configuration to persistent storage prior to
+   transmitting the response.  However, this is implementation specific
+   and is not required.
+
+   The following message elements MUST be present in the Change State
+   Event Request message.
+
+   o  Radio Operational State, see Section 4.6.32
+
+   o  Result Code, see Section 4.6.33
+
+   One or more of the following message elements MAY be present in the
+   Change State Event Request message.
+
+   o  Returned Message Element(s), see Section 4.6.34
+
+8.7.  Change State Event Response
+
+   The Change State Event Response message acknowledges the Change State
+   Event Request message.
+
+   A Change State Event Response message is sent by an AC in response to
+   a Change State Event Request message.
+
+   The Change State Event Response message is sent by the AC when in the
+   Configure or Run state.  The WTP does not transmit this message.
+
+   The Change State Event Response message carries no message elements.
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 107]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   The WTP does not take any action upon receipt of the Change State
+   Event Response message.
+
+8.8.  Clear Configuration Request
+
+   The Clear Configuration Request message is used to reset the WTP
+   configuration.
+
+   The Clear Configuration Request message is sent by an AC to request
+   that a WTP reset its configuration to the manufacturing default
+   configuration.  The Clear Config Request message is sent while in the
+   Run state.
+
+   The Clear Configuration Request is sent by the AC when in the Run
+   State.  The WTP does not transmit this message.
+
+   The Clear Configuration Request message carries no message elements.
+
+   When a WTP receives a Clear Configuration Request message it resets
+   its configuration to the manufacturing default configuration.
+
+8.9.  Clear Configuration Response
+
+   The Clear Configuration Response message is sent by the WTP after
+   receiving a Clear Configuration Request message and resetting its
+   configuration parameters to the manufacturing default values.
+
+   The Clear Configuration Response is sent by the WTP when in the Run
+   State.  The AC does not transmit this message.
+
+   The Clear Configuration Request message MUST include the following
+   message element.
+
+   o  Result Code, see Section 4.6.33
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 108]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+9.  Device Management Operations
+
+   This section defines CAPWAP operations responsible for debugging,
+   gathering statistics, logging, and firmware management.
+
+9.1.  Firmware Management
+
+   This section describes the firmware download procedures used by the
+   CAPWAP protocol.  Firmware download can occur during the Image Data
+   or Run state.
+
+   Figure 4 provides an example of a WTP that performs a firmware
+   upgrade while in the Image Data state.  In this example, the WTP does
+   not already have the requested firmware (Image Identifier = x), and
+   downloads the image from the AC.
+
+             WTP                                               AC
+
+                                Join Request
+         -------------------------------------------------------->
+
+                     Join Response (Image Identifier = x)
+         <------------------------------------------------------
+
+              Image Data Request (Image Identifier = x)
+         -------------------------------------------------------->
+
+           Image Data Response (Result Code = Success,
+                                Image Information = {size,hash},
+                                Initiate Download)
+         <------------------------------------------------------
+
+                Image Data Request (Image Data = Data)
+         <------------------------------------------------------
+
+                Image Data Response (Result Code = Success)
+         -------------------------------------------------------->
+
+                                  .....
+
+                Image Data Request (Image Data = EOF)
+         <------------------------------------------------------
+
+                Image Data Response (Result Code = Success)
+         -------------------------------------------------------->
+
+                     (WTP enters the Reset State)
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 109]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+                  Figure 4: WTP Firmware Download Case 1
+
+   Figure 5 provides an example in which the WTP has the image specified
+   by the AC in its non-volative storage.  The WTP opts to NOT download
+   the firmware and immediately reset.
+
+             WTP                                               AC
+
+                                Join Request
+         -------------------------------------------------------->
+
+                     Join Response (Image Identifier = x)
+         <------------------------------------------------------
+
+                     (WTP enters the Reset State)
+
+                  Figure 5: WTP Firmware Download Case 2
+
+   Figure 6 provides an example of a WTP that performs a firmware
+   upgrade while in the Run state.  This mode of firmware upgrade allows
+   the WTP to download its image while continuing to provide service.
+   The WTP will not automatically reset until it is notified by the AC,
+   with a Reset Request message.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 110]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+             WTP                                               AC
+
+                Configuration Update Request (Image Identifier = x)
+         <------------------------------------------------------
+
+            Configuration Update Response (Result Code = Success)
+         -------------------------------------------------------->
+
+
+              Image Data Request (Image Identifier = x)
+         -------------------------------------------------------->
+
+              Image Data Response (Result Code = Success,
+                                   Image Information = {size,hash},
+                                   Initiate Download)
+         <------------------------------------------------------
+
+                Image Data Request (Image Data = Data)
+         <------------------------------------------------------
+
+                Image Data Response (Result Code = Success)
+         -------------------------------------------------------->
+
+                                  .....
+
+                Image Data Request (Image Data = EOF)
+         <------------------------------------------------------
+
+                Image Data Response (Result Code = Success)
+         -------------------------------------------------------->
+
+                                  .....
+
+                (administratively requested reboot request)
+                   Reset Request (Image Identifier = x)
+         <------------------------------------------------------
+
+                  Reset Response (Result Code = Success)
+         -------------------------------------------------------->
+
+                  Figure 6: WTP Firmware Download Case 3
+
+   Figure 7 provides another example of the firmware download while in
+   the Run state.  In this example, the WTP already has the image
+   specified by the AC in its non-volative storage.  The WTP opts to NOT
+   download the firmware.  The WTP resets upon receipt of a Reset
+   Request message from the AC.
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 111]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+          WTP                                               AC
+
+          Configuration Update Request (Image Identifier = x,
+                                        Image Information = {size,hash},
+                                        Initiate Download)
+      <------------------------------------------------------
+
+   Configuration Update Response (Result Code = Already Have Image)
+      -------------------------------------------------------->
+
+                               .....
+
+             (administratively requested reboot request)
+                Reset Request (Image Identifier = x)
+      <------------------------------------------------------
+
+               Reset Response (Result Code = Success)
+      -------------------------------------------------------->
+
+                  Figure 7: WTP Firmware Download Case 4
+
+9.1.1.  Image Data Request
+
+   The Image Data Request message is used to update firmware on the WTP.
+   This message and its companion Response message are used by the AC to
+   ensure that the image being run on each WTP is appropriate.
+
+   Image Data Request messages are exchanged between the WTP and the AC
+   to download a new firmware image to the WTP.  When a WTP or AC
+   receives an Image Data Request message it responds with an Image Data
+   Response message.  The message elements contained within the Image
+   Data Request message are required to determine the intent of the
+   request.
+
+   The decision that new firmware is to be downloaded to the WTP can
+   occur in one of two ways:
+
+      When the WTP joins the AC, the Join Response message includes the
+      Image Identifier message element, which informs the WTP of the
+      firmware it is expected to run. if the WTP does not currently have
+      the requested firmware version, it transmits an Image Data Request
+      message, with the appropriate Image Identifier message element.
+      If the WTP already has the requested firmware, it simply resets.
+
+      Once the WTP is in the Run state, it is possible for the AC to
+      cause the WTP to initiate a firmware download by sending a
+      Configuration Update Request message with the Initiate Download
+      and and Image Identifier message elements.  The WTP then transmits
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 112]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+      the Image Data Request message, which includes the Image
+      Identifier message element to start the download process.  Note
+      that when the firmware is downloaded in this way, the WTP does not
+      automatically reset after the download is complete.  The WTP will
+      only reset when it receives a Reset Request message from the AC.
+      If the WTP already had the requested firmware version in its non-
+      volatile storage, the WTP does not transmit the Image Data Request
+      message and responds with a Configuration Update Response message
+      with the Result Code set to Image Already Present.
+
+   Regardless of how the download was initiated, once the AC receives an
+   Image Data Request message with the Image Identifier message element,
+   it begins the transfer process by transmitting an Image Data Request
+   message that includes the Image Data message element.  This continues
+   until the firmware image has been transfered.
+
+   The Image Data Request message is sent by the WTP or the AC when in
+   the Image Data or Run State.
+
+   The following message elements MAY be included in the Image Data
+   Request message.
+
+   o  Image Data, see Section 4.6.24
+
+   o  Image Identifier, see Section 4.6.25
+
+9.1.2.  Image Data Response
+
+   The Image Data Response message acknowledges the Image Data Request
+   message.
+
+   An Image Data Response message is sent in response to a received
+   Image Data Request message.  Its purpose is to acknowledge the
+   receipt of the Image Data Request message.  The Result Code is
+   included to indicate whether a previously sent Image Data Request
+   message was invalid.
+
+   The Image Data Response message is sent by the WTP or the AC when in
+   the Image Data or Run State.
+
+   The following message element MUST be included in the Image Data
+   Response message.
+
+   o  Result Code, see Section 4.6.33
+
+   The following message elements MAY be included in the Image Data
+   Response message.
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 113]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   o  Image Information, see Section 4.6.26
+
+   o  Initiate Download, see Section 4.6.27
+
+   Upon receiving an Image Data Response message indicating an error,
+   the WTP MAY retransmit a previous Image Data Reqest message, or
+   abandon the firmware download to the WTP by transitioning to the
+   Reset state.
+
+9.2.  Reset Request
+
+   The Reset Request message is used to cause a WTP to reboot.
+
+   A Reset Request message is sent by an AC to cause a WTP to
+   reinitialize its operation.
+
+   The Reset Request is sent by the AC when in the Run State.  The WTP
+   does not transmit this message.
+
+   The following message elements MUST be included in the Reset Request
+   message.
+
+   o  Image Identifier, see Section 4.6.25
+
+   When a WTP receives a Reset Request message, it responds with a Reset
+   Response message indicating success and then reinitialize itself.  If
+   the WTP is unable to write to its non-volatile storage, to ensure
+   that it runs the requested software version indicated in the Image
+   Identifier message element, it MAY send the appropriate Result Code
+   message element, but MUST reboot.  If the WTP is unable to reset,
+   including a hardware reset, it sends a Reset Response message to the
+   AC with a Result Code message element indicating failure.  The AC no
+   longer provides service to the WTP.
+
+9.3.  Reset Response
+
+   The Reset Response message acknowledges the Reset Request message.
+
+   A Reset Response message is sent by the WTP after receiving a Reset
+   Request message.
+
+   The Reset Response is sent by the WTP when in the Run State.  The AC
+   does not transmit this message.
+
+   The following message element MAY be included in the Image Data
+   Request message.
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 114]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   o  Result Code, see Section 4.6.33
+
+   When an AC receives a successful Reset Response message, it is
+   notified that the WTP will reinitialize its operation.  An AC that
+   receives a Reset Response message indicating failure may opt to no
+   longer provide service to the WTP.
+
+9.4.  WTP Event Request
+
+   The WTP Event Request message is used by a WTP to send information to
+   its AC.  The WTP Event Request message MAY be sent periodically, or
+   sent in response to an asynchronous event on the WTP.  For example, a
+   WTP MAY collect statistics and use the WTP Event Request message to
+   transmit the statistics to the AC.
+
+   When an AC receives a WTP Event Request message it will respond with
+   a WTP Event Response message.
+
+   The presence of the Delete Station message element is used by the WTP
+   to inform the AC that it is no longer providing service to the
+   station.  This could be the result of an Idle Timeout (see
+   Section 4.6.23), due to to resource shortages, or some other reason.
+
+   The WTP Event Request message is sent by the WTP when in the Run
+   State.  The AC does not transmit this message.
+
+   The WTP Event Request message MUST contain one of the message
+   elements listed below, or a message element that is defined for a
+   specific wireless technology.  More than one of each messsage element
+   listed MAY be included in the WTP Event Request message.
+
+   o  Decryption Error Report, see Section 4.6.15
+
+   o  Duplicate IPv4 Address, see Section 4.6.21
+
+   o  Duplicate IPv6 Address, see Section 4.6.22
+
+   o  WTP Operational Statistics, see Section 4.6.46
+
+   o  WTP Radio Statistics, see Section 4.6.47
+
+   o  WTP Reboot Statistics, see Section 4.6.48
+
+   o  Delete Station, see Section 4.6.18
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 115]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+9.5.  WTP Event Response
+
+   The WTP Event Response message acknowledges receipt of the WTP Event
+   Request message.
+
+   A WTP Event Response message is sent by an AC after receiving a WTP
+   Event Request message.
+
+   The WTP Event Response message is sent by the AC when in the Run
+   State.  The WTP does not transmit this message.
+
+   The WTP Event Response message carries no message elements.
+
+9.6.  Data Transfer Request
+
+   The Data Transfer Request message is used to deliver debug
+   information from the WTP to the AC.
+
+   Data Transfer Request messages are sent by the WTP to the AC when the
+   WTP determines that it has important information to send to the AC.
+   For instance, if the WTP detects that its previous reboot was caused
+   by a system crash, it can send the crash file to the AC.  The remote
+   debugger function in the WTP also uses the Data Transfer Request
+   message to send console output to the AC for debugging purposes.
+
+   When the AC receives a Data Transfer Request message it responds to
+   the WTP with a Data Transfer Response message.  The AC MAY log the
+   information received.
+
+   The Data Transfer Request message is sent by the WTP when in the Run
+   State.  The AC does not transmit this message.
+
+   The Data Transfer Request message MUST contain one of the message
+   elements listed below.
+
+   o  Data Transfer Data, see Section 4.6.13
+
+   o  Data Transfer Mode, see Section 4.6.14
+
+9.7.  Data Transfer Response
+
+   The Data Transfer Response message acknowledges the Data Transfer
+   Request message.
+
+   A Data Transfer Response message is sent in response to a received
+   Data Transfer Request message.  Its purpose is to acknowledge receipt
+   of the Data Transfer Request message.
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 116]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   The Data Transfer Response message is sent by the AC when in the Run
+   State.  The WTP does not transmit this message.
+
+   The Data Transfer Response message carries no message elements.
+
+   Upon receipt of a Data Transfer Response message, the WTP transmits
+   more information, if more information is available.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 117]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+10.  Station Session Management
+
+   Messages in this section are used by the AC to create, modify or
+   delete station session state on the WTPs.
+
+10.1.  Station Configuration Request
+
+   The Station Configuration Request message is used to create, modify
+   or delete station session state on a WTP.  The message is sent by the
+   AC to the WTP, and MAY contain one or more message elements.  The
+   message elements for this CAPWAP control message include information
+   that is generally highly technology specific.  Refer to the
+   appropriate binding document for definitions of the messages elements
+   that are included in this control message.
+
+   The Station Configuration Request message is sent by the AC when in
+   the Run State.  The WTP does not transmit this message.
+
+   The following CAPWAP Control message elements MAY be included in the
+   Station Configuration Request message.  More than one of each message
+   element listed MAY be included in the Station Configuration Request
+   message.
+
+   o  Add Station, see Section 4.6.8
+
+   o  Delete Station, see Section 4.6.18
+
+10.2.  Station Configuration Response
+
+   The Station Configuration Response message is used to acknowledge a
+   previously received Station Configuration Request message.
+
+   The Station Configuration Response message is sent by the WTP when in
+   the Run State.  The AC does not transmit this message.
+
+   The following message element MUST be present in the Station
+   Configuration Response message.
+
+   o  Result Code, see Section 4.6.33
+
+   The Result Code message element indicates that the requested
+   configuration was successfully applied, or that an error related to
+   processing of the Station Configuration Request message occurred on
+   the WTP.
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 118]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+11.  NAT Considerations
+
+   There are three specific situations in which a NAT deployment may be
+   used in conjunction with a CAPWAP-enabled deployment.  The first
+   consists of a configuration in which a single WTP is behind a NAT
+   system.  Since all communication is initiated by the WTP, and all
+   communication is performed over IP using two UDP ports, the protocol
+   easily traverses NAT systems in this configuration.
+
+   In the second case, two or more WTPs are deployed behind the same NAT
+   system.  Here, the AC would receive multiple connection requests from
+   the same IP address, and cannot differentiate the originating WTP of
+   the connection requests.  The CAPWAP Data Check state, which
+   establishes the data plane connection and communicates the Data
+   Keepalive, includes the Session Identifier message element, which is
+   used to bind the control and data plane.  Use of the Session
+   Identifier message element enables the AC to match the control and
+   data plane flows from multiple WTPs behind the same NAT system
+   (multiple WTPs sharing the same IP address).
+
+   In the third configuration, the AC is deployed behind a NAT.  Two
+   issues exist in this situation.  First, an AC communicates its
+   interfaces and corresponding WTP load using the CAPWAP Control
+   IP(v4/v6) Address message element.  This message element is currently
+   mandatory, and if NAT compliance becomes an issue, it is possible to
+   either:
+
+   1. Make the CAPWAP Control IP (v4/v6) Address optional, allowing the
+      WTP to use the known IP Address.  Note that this approach
+      eliminates the ability to perform load balancing of WTP across
+      ACs, and therefore is not the recommended approach.
+
+   2. Allow an AC to configure a NAT'ed address for every AC that would
+      otherwise be communicated in the CAPWAP Control IP (v4/v6) Address
+      message element.
+
+   3. Require that if a WTP determines that the AC List message element
+      contains a set of IP Addresses that are different from the AC IP
+      Address the WTP is currently using, then assume that NAT is
+      present, and require that the WTP communicate with the AC IP
+      Address (and ignore the CAPWAP Control IP (v4/v6) Address message
+      element(s)).
+
+   The CAPWAP protocol allows for all of the AC identities supporting a
+   group of WTPs to be communicated through the AC List message element.
+   This feature MUST be disabled when the AC is behind a NAT and the IP
+   Address that is embedded is invalid.
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 119]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   The CAPWAP protocol allows an AC to configure a static IP address on
+   a WTP using the WTP Static IP Address Information message element.
+   This message element SHOULD NOT be used in NAT'ed environments,
+   unless the administrator is familiar with the internal IP addressing
+   scheme within the WTP's private network, and does not rely on the
+   public address seen by the AC.
+
+   When a WTP detects the duplicate address condition, it generates a
+   message to the AC, which includes the Duplicate IP Address message
+   element.  The IP Address embedded within this message element is
+   different from the public IP address seen by the AC.
+
+   When CAPWAP is run over IPv6, NAT support can only be provided if the
+   IPv6 NAT system is capable of performing address translation over the
+   UDP-Lite 3828 protocol [11].  A protocol interoperability issues will
+   exist if the NAT system is being utilized for IPv4/IPv6 address
+   translation.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 120]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+12.  Security Considerations
+
+   This section describes security considerations for the CAPWAP
+   protocol.  It also provides security recommendations for protocols
+   used in conjunction with CAPWAP.
+
+12.1.  CAPWAP Security
+
+   As it is currently specified, the CAPWAP protocol sits between the
+   security mechanisms specified by the wireless link layer protocol
+   (e.g.IEEE 802.11i) and AAA.  One goal of CAPWAP is to bootstrap trust
+   between the STA and WTP using a series of preestablished trust
+   relationships:
+
+
+         STA            WTP           AC            AAA
+         ==============================================
+
+                            DTLS Cred     AAA Cred
+                         <------------><------------->
+
+                         EAP Credential
+          <------------------------------------------>
+
+           wireless link layer
+           (e.g.802.11 PTK)
+          <--------------> or
+          <--------------------------->
+              (derived)
+
+   Within CAPWAP, DTLS is used to secure the link between the WTP and
+   AC.  In addition to securing control messages, it's also a link in
+   this chain of trust for establishing link layer keys.  Consequently,
+   much rests on the security of DTLS.
+
+   In some CAPWAP deployment scenarios, there are two channels between
+   the WTP and AC: the control channel, carrying CAPWAP control
+   messages, and the data channel, over which client data packets are
+   tunneled between the AC and WTP.  Typically, the control channel is
+   secured by DTLS, while the data channel is not.
+
+   The use of parallel protected and unprotected channels deserves
+   special consideration, but does not create a threat.  There are two
+   potential concerns: attempting to convert protected data into un-
+   protected data and attempting to convert un-protected data into
+   protected data.  These concerns are addressed below.
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 121]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+12.1.1.  Converting Protected Data into Unprotected Data
+
+   Since CAPWAP does not support authentication-only ciphers (i.e. all
+   supported ciphersuites include encryption and authentication), it is
+   not possible to convert protected data into unprotected data.  Since
+   encrypted data is (ideally) indistinguishable from random data, the
+   probability of an encrypted packet passing for a well-formed packet
+   is effectively zero.
+
+12.1.2.  Converting Unprotected Data into Protected Data (Insertion)
+
+   The use of message authentication makes it impossible for the
+   attacker to forge protected records.  This makes conversion of
+   unprotected records to protected records impossible.
+
+12.1.3.  Deletion of Protected Records
+
+   An attacker could remove protected records from the stream, though
+   not undetectably so, due the built-in reliability of the underlying
+   CAPWAP protocol.  In the worst case, the attacker would remove the
+   same record repeatedly, resulting in a CAPWAP session timeout and
+   restart.  This is effectively a DoS attack, and could be accomplished
+   by a man in the middle regardless of the CAPWAP protocol security
+   mechanisms chosen.
+
+12.1.4.   Insertion of Unprotected Records
+
+   An attacker could inject packets into the unprotected channel, but
+   this may become evident if sequence number desynchronization occurs
+   as a result.  Only if the attacker is a MiM can packets be inserted
+   undetectably.  This is a consequence of that channel's lack of
+   protection, and not a new threat resulting from the CAPWAP security
+   mechanism.
+
+12.2.  Session ID Security
+
+   Since DTLS does not export a unique session identifier, there can be
+   no explicit protocol binding between the DTLS layer and CAPWAP layer.
+   As a result, implementations MUST provide a mechanism for performing
+   this binding.  For example, an AC MUST NOT associate decrypted DTLS
+   control packets with a particular WTP session based solely on the
+   Session ID in the packet header.  Instead, identification should be
+   done based on which DTLS session decrypted the packet.  Otherwise one
+   authenticated WTP could spoof another authenticated WTP by altering
+   the Session ID in the encrypted CAPWAP header.
+
+   It should be noted that when the CAPWAP data channel is unencrypted,
+   the WTP Session ID is exposed and possibly known to adversaries and
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 122]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   other WTPs.  This would allow the forgery of the source of data-
+   channel traffic.  This, however, should not be a surprise for
+   unencrypted data channels.  When the data channel is encrypted, the
+   Session ID is not exposed, and therefore can safely be used to
+   associate a data and control channel.  The 64-bit length of the
+   Session ID mitigates online guessing attacks where an adversarial,
+   authenticated WTP tries to correlate his own data channel with
+   another WTP's control channel.  Note that for encrypted data
+   channels, the Session ID should only be used for correlation for the
+   first packet immediately after the initial DTLS handshake.  Future
+   correlation should instead be done via identification of a packet's
+   DTLS session.
+
+12.3.  Discovery Attacks
+
+   Since the Discovery Request messages are sent in the clear, it is
+   important that AC implementations NOT assume that receiving such a
+   request from a WTP implies that it has rebooted, and consequently
+   tear down any active DTLS sessions.  Discovery Request messages can
+   easily be spoofed by malicious devices, so it is important that the
+   AC maintain two separate sets of states for the WTP until the
+   DTLSSessionEstablished notification is received, indicating that the
+   WTP was authenticated.  Once a new DTLS session is successfully
+   established, any state referring to the old session can be cleared.
+
+12.4.  Interference with a DTLS Session
+
+   If a WTP or AC repeatedly receives packets which fail DTLS
+   authentication or decryption, this could indicate a DTLS
+   desynchronization between the AC and WTP, a link prone to
+   undetectable bit errors, or an attacker trying to disrupt a DTLS
+   session.
+
+   In the state machine (section 2.3), transitions to the DTLS tear down
+   state can be triggered by frequently receiving DTLS packets with
+   authentication or decryption errors.  The threshold or technique for
+   deciding when to move to the tear down state should be chosen
+   carefully.  Being able to easily transition to DTLS TD allows easy
+   detection of malfunctioning devices, but allows for denial of service
+   attacks.  Making it difficult to transition to DTLS TD prevents
+   denial of service attacks, but makes it more difficult to detect and
+   reset a malfunctioning session.  Implementers should set this policy
+   with care.
+
+12.5.  Use of Preshared Keys in CAPWAP
+
+   While use of preshared keys may provide deployment and provisioning
+   advantages not found in public key based deployments, it also
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 123]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   introduces a number of operational and security concerns.  In
+   particular, because the keys must typically be entered manually, it
+   is common for people to base them on memorable words or phrases.
+   These are referred to as "low entropy passwords/passphrases".
+
+   Use of low-entropy preshared keys, coupled with the fact that the
+   keys are often not frequently updated, tends to significantly
+   increase exposure.  For these reasons, the following recommendations
+   are made:
+
+   o  When DTLS is used with a preshared-key (PSK) ciphersuite, each WTP
+      SHOULD have a unique PSK.  Since WTPs will likely be widely
+      deployed, their physical security is not guaranteed.  If PSKs are
+      not unique for each WTP, key reuse would allow the compromise of
+      one WTP to result in the compromise of others
+
+   o  Generating PSKs from low entropy passwords is NOT RECOMMENDED.
+
+   o  It is RECOMMENDED that implementations that allow the
+      administrator to manually configure the PSK also provide a
+      capability for generation of new random PSKs, taking RFC 4086 [2]
+      into account.
+
+   o  Preshared keys SHOULD be periodically updated.  Implementations
+      MAY facilitate this by providing an administrative interface for
+      automatic key generation and periodic update, or it MAY be
+      accomplished manually instead.
+
+   Every pairwise combination of WTP and AC on the network SHOULD have a
+   unqiue PSK.  This prevents the domino effect (see Guidance for AAA
+   Key Management [16]).  If PSKs are tied to specific WTPs, then
+   knowledge of the PSK implies a binding to a specified identity that
+   can be authorized.
+
+   If PSKs are shared, this binding between device and identity is no
+   longer possible.  Compromise of one WTP can yield compromise of
+   another WTP, violating the CAPWAP security hierarchy.  Consequently,
+   sharing keys between WTPs is NOT RECOMMENDED.
+
+12.6.  Use of Certificates in CAPWAP
+
+   For public-key-based DTLS deployments, each device SHOULD have unique
+   credentials, with an extended key usage authorizing the device to act
+   as either a WTP or AC.  If devices do not have unique credentials, it
+   is possible that by compromising one device, any other device using
+   the same credential may also be considered to be compromised.
+
+   Certificate validation involves checking a large variety of things.
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 124]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+   Since the necessary things to validate are often environment-
+   specific, many are beyond the scope of this document.  In this
+   section, we provide some basic guidance on certificate validation.
+
+   Each device is responsible for authenticating and authorizing devices
+   with which they communicate.  Authentication entails validation of
+   the chain of trust leading to the peer certificate, followed by the
+   the peer certificate itself.  At a minimum, devices SHOULD use SSH-
+   style certificate caching to guarantee consistency.  If devices have
+   access to a certificate authority, they SHOULD properly validate the
+   trust chain.  Implementations SHOULD also provide a secure method for
+   verifying that the credential in question has not been revoked.
+
+   Note that if the WTP relies on the AC for network connectivity (e.g.
+   the AC is a layer 2 switch to which the WTP is directly connected),
+   the WTP may not be able to contact an OCSP server or otherwise obtain
+   an up to date CRL if a compromised AC doesn't explicitly permit this.
+   This cannot be avoided, except through effective physical security
+   and monitoring measures at the AC.
+
+   Proper validation of certificates typically requires checking to
+   ensure the certificate has not yet expired.  If devices have a real-
+   time clock, they SHOULD verify the certificate validity dates.  If no
+   real-time clock is available, the device SHOULD make a best-effort
+   attempt to validate the certificate validity dates through other
+   means.  Failure to check a certificate's temporal validity can make a
+   device vulnerable to man-in-the-middle attacks launched using
+   compromised, expired certificates, and therefore devices should make
+   every effort to perform this validation.
+
+12.7.  AAA Security
+
+   The AAA protocol is used to distribute EAP keys to the ACs, and
+   consequently its security is important to the overall system
+   security.  When used with TLS or IPsec, security guidelines specified
+   in RFC 3539 [5] SHOULD be followed.
+
+   In general, the link between the AC and AAA server SHOULD be secured
+   using a strong ciphersuite keyed with mutually authenticated session
+   keys.  Implementations SHOULD NOT rely solely on Basic RADIUS shared
+   secret authentication as it is often vulnerable to dictionary
+   attacks, but rather SHOULD use stronger underlying security
+   mechanisms.
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 125]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+13.  Management Considerations
+
+   The CAPWAP protocol assumes that it is the only configuration
+   interface to the WTP to configure parameters that are specified in
+   the CAPWAP specifications.  While the use of a separate management
+   protocol MAY be used for the purposes of monitoring the WTP directly,
+   configuring the WTP through a separate management interface is not
+   recommended.  Configuring the WTP through a separate protocol, such
+   as via a CLI or SNMP, could lead to the AC state being out of sync
+   with the WTP.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 126]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+14.  IANA Considerations
+
+   A separate UDP port for data channel communications is (currently)
+   the selected demultiplexing mechanism, and a port must be assigned
+   for this purpose in Section 3.1.  The UDP port numbers are listed by
+   IANA at http://www.iana.org/assignments/port-numbers.
+
+   IANA needs to assign an organization local multicast address called
+   the "All ACs multicast address" from the IPv6 multicast address
+   registry in Section 3.3
+
+14.1.  CAPWAP Message Types
+
+   The Message Type field in the CAPWAP header (Section 4.5.1.1) is used
+   to identify the operation performed by the message.  There are
+   multiple namespaces, which is identified via the first three octets
+   of the field containing the IANA Enterprise Number [10].  When the
+   Enterprise Number is set to zero, the message types are reserved for
+   use by the base CAPWAP specification which are controlled and
+   maintained by IANA and requires a Standards Action.
+
+14.2.  Wireless Binding Identifiers
+
+   The Wireless Binding Identifier (WBID) field in the CAPWAP header
+   (Section 4.3) is used to identify the wireless technology associated
+   with the packet.  Due to the limited address space available, a new
+   WBID request requires Standards Action.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 127]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+15.  Acknowledgements
+
+   The following individuals are acknowledged for their contributions to
+   this protocol specification: Puneet Agarwal, Saravanan Govindan,
+   Peter Nilsson, and David Perkins.
+
+   Michael Vakulenko contributed text to describe how CAPWAP can be used
+   over layer 3 (IP/UDP) networks.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 128]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+16.  References
+
+16.1.  Normative References
+
+   [1]   Bradner, S., "Key words for use in RFCs to Indicate Requirement
+         Levels", BCP 14, RFC 2119, March 1997.
+
+   [2]   Eastlake, D., Schiller, J., and S. Crocker, "Randomness
+         Requirements for Security", BCP 106, RFC 4086, June 2005.
+
+   [3]   Mills, D., "Network Time Protocol (Version 3) Specification,
+         Implementation", RFC 1305, March 1992.
+
+   [4]   Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509
+         Public Key Infrastructure Certificate and Certificate
+         Revocation List (CRL) Profile", RFC 3280, April 2002.
+
+   [5]   Aboba, B. and J. Wood, "Authentication, Authorization and
+         Accounting (AAA) Transport Profile", RFC 3539, June 2003.
+
+   [6]   Eronen, P. and H. Tschofenig, "Pre-Shared Key Ciphersuites for
+         Transport Layer Security (TLS)", RFC 4279, December 2005.
+
+   [7]   Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS)
+         Protocol Version 1.1", RFC 4346, April 2006.
+
+   [8]   Rescorla, E. and N. Modadugu, "Datagram Transport Layer
+         Security", RFC 4347, April 2006.
+
+   [9]   Alexander, S. and R. Droms, "DHCP Options and BOOTP Vendor
+         Extensions", RFC 2132, March 1997.
+
+   [10]  Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
+         Considerations Section in RFCs", BCP 26, RFC 2434,
+         October 1998.
+
+   [11]  Larzon, L-A., Degermark, M., Pink, S., Jonsson, L-E., and G.
+         Fairhurst, "The Lightweight User Datagram Protocol (UDP-Lite)",
+         RFC 3828, July 2004.
+
+   [12]  Calhoun, P., Montemurro, M., Stanley, D., "CAPWAP Protocol
+         Binding for IEEE 802.11", draft-ietf-capwap-protocol-
+		 binding-ieee80211-04 (work in progress), June 2007.
+
+   [13]  Calhoun, P., "CAPWAP Access Controller DHCP Option",
+         draft-ietf-capwap-dhc-ac-option-00 (work in progress),
+         June 2007.
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 129]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+16.2.  Informational References
+
+   [14]  Reynolds, J., "Assigned Numbers: RFC 1700 is Replaced by an On-
+         line Database", RFC 3232, January 2002.
+
+   [15]  Manner, J. and M. Kojo, "Mobility Related Terminology",
+         RFC 3753, June 2004.
+
+   [16]  Housley, R. and B. Aboba, "Guidance for AAA Key Management",
+         draft-housley-aaa-key-mgmt-09 (work in progress),
+         February 2007.
+
+   [17]  Modadugu et al, N., "The Design and Implementation of Datagram
+         TLS", Feb 2004.
+
+   [18]  IEEE, "Guidelines for use of a 48-bit Extended Unique
+         Identifier", Dec 2005.
+
+   [19]  IEEE, "GUIDELINES FOR 64-BIT GLOBAL IDENTIFIER (EUI-64)
+         REGISTRATION AUTHORITY".
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 130]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+Editors' Addresses
+
+   Pat R. Calhoun
+   Cisco Systems, Inc.
+   170 West Tasman Drive
+   San Jose, CA  95134
+
+   Phone: +1 408-853-5269
+   Email: pcalhoun@cisco.com
+
+
+   Michael P. Montemurro
+   Research In Motion
+   5090 Commerce Blvd
+   Mississauga, ON  L4W 5M4
+   Canada
+
+   Phone: +1 905-629-4746 x4999
+   Email: mmontemurro@rim.com
+
+
+   Dorothy Stanley
+   Aruba Networks
+   1322 Crossman Ave
+   Sunnyvale, CA  94089
+
+   Phone: +1 630-363-1389
+   Email: dstanley@arubanetworks.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 131]
+
+Internet-Draft        CAPWAP Protocol Specification            June 2007
+
+
+Full Copyright Statement
+
+   Copyright (C) The IETF Trust (2007).
+
+   This document is subject to the rights, licenses and restrictions
+   contained in BCP 78, and except as set forth therein, the authors
+   retain all their rights.
+
+   This document and the information contained herein are provided on an
+   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
+   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
+   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
+   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+Intellectual Property
+
+   The IETF takes no position regarding the validity or scope of any
+   Intellectual Property Rights or other rights that might be claimed to
+   pertain to the implementation or use of the technology described in
+   this document or the extent to which any license under such rights
+   might or might not be available; nor does it represent that it has
+   made any independent effort to identify any such rights.  Information
+   on the procedures with respect to rights in RFC documents can be
+   found in BCP 78 and BCP 79.
+
+   Copies of IPR disclosures made to the IETF Secretariat and any
+   assurances of licenses to be made available, or the result of an
+   attempt made to obtain a general license or permission for the use of
+   such proprietary rights by implementers or users of this
+   specification can be obtained from the IETF on-line IPR repository at
+   http://www.ietf.org/ipr.
+
+   The IETF invites any interested party to bring to its attention any
+   copyrights, patents or patent applications, or other proprietary
+   rights that may cover technology that may be required to implement
+   this standard.  Please address the information to the IETF at
+   ietf-ipr@ietf.org.
+
+
+Acknowledgment
+
+   Funding for the RFC Editor function is provided by the IETF
+   Administrative Support Activity (IASA).
+
+
+
+
+
+Calhoun, Editor, et al.  Expires December 13, 2007            [Page 132]
+
+
diff --git a/doc/rfc5415.pdf b/doc/rfc5415.pdf
deleted file mode 100644
index c435028c6bb74c8d00da8e4e5fbbf852e343eba0..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 484916
zcma&NWmFwYw>2DGf<poXcXtTx?!n#N-Q6{~ySuwPf#B}$z9GoQc}dQB&b{9_cZ~1(
z1!Gs&T60Ow*<D>t@=ZvDhJltDmSpHGIuDiwpB~>v-yD{Ui%!bO+QiWm|LglN@^m6*
zmX1dD_;ezcdX7dyMg}&9Mm#*Q4vzLldRDNm8HLJ{3aesBU8gFJ`zZ1d0Y=X;t?a>;
zg_MRkwx2>Oxg!gcxWWn;n272((jWF$x!rYbaSdZZa$^rqFRHsQvN(^zkldfmF6@vq
zw4({?`JtZ~)abFJbf@w+O_6$C*}{5sV<5fJySqR3J-!`$M!)ptCr3>Qg`u9w5kb(C
z;@xFJzSENf7tNktx44G4K8~hjy6-<Sho@^f05xXRIWFT09u?})@PzOCCL~7}I9R-O
z^aViKfFN(BTND8*X)>wD1|7oNn?ZqP(Xy-_62u)GZA87%2_I!VqgOP3hi#ofjcSJS
z@gvc$4X@LsL{B0uOev$tA`i-fqyT3})pQ>7Rk$YMw_?YKx7wpNB%V0z=IWb>>eA9A
zlr*lDMZGJheXw(&J8B;XR`@ig*>?r??kwbDkwbbK)D)~vxuhlC{UbE%#9r*mAT#W1
ztEx|hIL`IQ&(0h^_#Iwh&r@LjP8_6ItQL_<W%|qX8@#Bya@7DARKKb^OQ%}-&s8;3
z(r2&i({_V-U>XKF5Nh&|*l8$cji_<g0_x4AYSq?3Ayv*A2J#L{l%lOfaAg8?j&))?
zmDKgyi&lw74KmS5{8*cc{7GMrM)|)LuuDV)#uBE^TVm?ZP;o|u?W|)H&~=;Pn8v(H
zg<+6fb2qJ|Z1h|h+ktEgVo9S{JuWKzoJ7FF2Uv<08T?ZJI^6%!C{u3qWcri44$?9o
zuxv~z7uy{MKxR_3sF7cn7%-_wV`p(<=Z4Pf8rC~BItWF15Uviv**8%&t!gYyA_P`U
z3u4xtoj^NUXHR97GGmq%(5x4x9AWHmwC*Qz<fB2;t$)S_b8|i_d`VKWx({erc(o<(
z1A+TNgd7|Ts0NrgV2G~aaE@(SEWU`#M&^^H;3!1zbv9nYFs0V##(T4E(~#k)g+;fP
zD@(pmlM#HImT$q`%ggmwr30BwD9s71j}0skNcGv+g0a=2xh`VkG;_?j(B|JYr6yMj
z(9_9)KaEkDsGO9Q#Tg1GM{83wjn9npqNd3zVVtkVcSE`rVs_WR>WyxQ=eOyzL1?l3
z=#qb#WtJCGuuGq$IIWcB5OF!OF5v&Qh(loMWP};?1)<PMbUQBMbiuBAEnH>cJ6m?l
zv!ounz2r-oV_cp3H(Yqu$ho5(w}n#K%Mrbx2j|VX?n)+W6~)+w+!&azUxu6US>^Zb
zQ;Dc!R}kd)6|yz-S0DN|7*sromxh{#UG93HM8Qaa_It03EHL&fC!iWuEPPtn*qWs{
z6?>2bOmUC9*L9cCEEslV*P5Hn<Q&JO5jLJpd8Lbbrz2`7ywSGNWQdeRxYp-$U4`J&
z&HQw!MhN}~a10JAcI(WK73?m&;q87Lk=~nR97wGJd-l)7WgK6mzU1h5=uB1x`mzdv
zTpc1Jjs^Vcf&T`Ehm|08A!&P+jj@<zEf4arfzb6x-m=M9fcJ9|&zPDt>1*NC!C2bP
zkr_#{k+S%g{G6W!$EJB!$wogU(6nn~OJvE{{StmO>>W3{bnYG9FJ?sY-@B}~b%DQu
z9JGth8(ACv%}wwB{pPdZEcW{^0|P5P?BBmJ{G03;{wucYOqX_8{fZO}c>L7Dk{ZSe
z4&sgTX;qw4x+tnr3Lz60AEgdMp+G|3eof<P^kYmy$4H2QTkr7CC4*Ty9Uj#STIHL~
zF|Y})Ck9U$mH6aj<aTS)jOFM@cNB1f_^b!K(G+2RlzMg9&!`@b!0T?Z4h7x*V#h)4
z@koh26tN{shT}x`h_P<555Q$h7PlW+lRVOFA#8VS>7AKe?VesEpg#i+yQL;f;(_tn
z=P9VRxPn{t<a=AAuf+FG9G&-Uox12w^U7vQHRX*m*TPw4U#lfNw>XuGB@aBb^|`Z#
zp+U2V&xF8{U>#oSEq_^Z*sQ1*R&w{DBL!t`Y6U&qE;HJwI^bs=3u~VQH%gAnl-E^`
z9~T=LcUoTmz>ZB`tWd9scB}lj&KwLPVjxs(X5KYPTh?KTb!X#4^L9>m0HI;FuKvj*
z-27F%*s6=g<ZLpd_91h+K_D|IYhb9XtG4@BQPo$Aq-3~!UTdot{13Eh7=v4bIPUEk
zjL?M;Hv_k5S%`X}!o4%=PdWf)Mw_;vUl7eh*=N&6>z_>8epb^2H0e8xe-3)hnEd$S
zUz%59P2<~v<K1L7rWa9W9B!qQd3rZdF_P?OPHYq6q+cnMY^0>P*lMk-`dA^sN~P6w
zH(-`I8RC>(ZhYve8h-12Wu5GntCqi5rd-L+OviL8>0|9=)}PN{LJeCaX%vao{@uyE
zYmpX;BGIVzJF}AKP&zw8$Z-WKBeF^Uw5t_lX0a$AwxA^-4*&C3Sb+wujOw$HK(b{G
zZq4RdXS~(SMU_8U2Ld*ZOAzA~K^#;tVIM@ABZd&RYfO%!aLrIBl7L%|Sr;M3UKcnf
zE;OizLTR2GiW}KkY;wvlk62GMcD-m?5hS~AG<feuxrRfv^TSraxFV^M3+AC^vYm)g
zbO*7}T~R^!0E0)tPky%d>vF4C9z18~myV0HlyCEGz@W}z(J4J<2UDDX(7a#cC;!Xk
zEEc~ewMxZJ<>y7zI2YQD9rV?9p_|Z65om~hbk>%Yj%6$%$@*CY%}l_P%tLf#RdZ_>
zcN`B6PhCGn;aDFljpkn40-^M#c%`s^%_e+}iXgA6ar(nELnk5*w|yT)?x$tqB)+qj
zIeqC(;nG3>npHhb%*UiVx7oB{cAF%vM6Y{i{QMyqw!#>-8#{1uly>20W-s)_&mTAP
zZO&zmG9{9Y-yVmDi}OWgT=|6Xf_m6RWDn>BkbdzkT^8?W(t`uOp>*LUI7%{<CoV_a
ztsi0>#X`uesr>xrPxpf_I*`U)egkug=qJu&vPpfjigR`OX^_M%VjMRPcO8DHkuqek
z<QCgD{yRF4Fo<63!ZYFm18ZkRQ@*Bdupffa8PMic$+*L&ktL#i!QJtJ0mQkYZ{?Kr
z#--K`gVrILO}m&(C$SKW?!3YHm|)x}O-EY9*u?BPZ_epVgzkp?-$tns3BDAL5$Z)`
z%^krV#qRmOc2t$OMZD~6ySfD7s^RAYi3jo%)QByo<K<s{am6pDl9yMyGH1R!oM~FQ
z*8iv&q~HGeCI@^Mvv<S-U)*EwW7d+@pz^^h#9(gM$w5xfHAbpJG*xZ|<45dva93jo
z*rP((U1L{qp)61|9=nEm{fma!Js3SX-1h<_d8B+fHzxI^^(A?8ME!9d<C`C>!JN>1
z-Uo$HI6aVs@LLRS#1vXENObviXBC{2Sj`&eZ)@WX{>;{f#1Hy2yrihduUl>5WYs=g
z<=fRUS7vr&uFYkPd2|$uDxRSQOMnke*nAXQ^e_VAP7Hmve%7zhpB0769y=hNc*!0p
zw^ujBAD$4p31kxkcv}|DV6E3JDs{@AGuR}~Ztsrf_W@BtQHJcInZpzU2`*yszi5~@
z*2y+M&$SFCi=3Um5c>zdcM8k<C@%NswS2%Ko4Qfks~h)3Z=u{Ymar_F$e*bo+$d}L
zym4(rH}^B4Odh<96uox2gJ}a4eZIIb8={@&pFE1wMYK+b4m{rDBgVHbd!B;g?K{F5
zx2vgfWMcaf7eZy*rf5|9@veR0G~O)Mrdt8zJ;os4rR66-D8k<*PqKy_Qbln;KtHJ}
zQM_Zq4Lq49`Up~64-|$2!TV>t3u9L0W6|S?hb<PHXf$=q^b;v}J8iv~Lfd;Pd%cR5
zxjTHM+J3kB@KNh}dnEF$*wUp-+-WSaXPEbrE_cTV$D3gRzBT!WEW|5vqt7rJH?;QL
zao~5}`QaT;8qm&0cwUd&L@+W_znxbfhCzv=w24Ls(YQmk;!1+H&sE}JRsSk_n22X3
z${G3$s;@Jd56*^|dEj0_;fI1HST*FY!~51S%61sk^a+?Nob!$ZbSInbk{(p&Z!oc^
zwT8ScfLB-Zb>-;wxtaGc3En+%`I)NzP*9>Smwxa+PAUb(@YZT98&k|=xm(Y@3HCa@
zJq&{9d8_Ws2gbjF2#9@}{FiY5QRF|$&Bn&^ALVBMw{o-pcgmfiWwZJfEg0}Z<=XsN
zbyCPnu0tvl4LZirdZ!Y-pH@*rym2{+YV`aUKvX{JrAXQUA|!H_(A0v<?Io1d4WZH-
z8Ce{8xq2PAY=5(wh|-)Mi*{GuiDRTjJ2U)DJ0nmcg`QU_!b<dH2?Xef%peb3tXfiR
z$iNGKlvbCr5#d&YHS#VEG^8#Xou;~Sf1DJPpbQraKOQ`qpKq@nmQU?`HFErl<ArhC
zaQOUz;^T;ZuD!V3${Uhrq%0|(EUEs?S1l%s&pYl~<0t9v%Fa&pePr56=V$ey`C_Y)
zHuA!$bLt)9j3cPmkHyzehED}vJBJjp;xgitik8E)wi4`vh`y7GF^6abF#|tUGi1Ap
zcJekH{e!tN=qPCHDe?KT7`3Bt7#RsZ`S`GKv+>$i-V6lXfL(34zxFL4!Yr*2T`xRu
zOYiYN`B^kN$ZuHiB4yqI_v^lxuf^X9`g84?O@6#~Y4thpX<T8aa9QzloqDaj;7NyR
zvR-Lx=d?#&S|I?@Xs0Bn1T}p(ezz8I2R3b%y)bG%n>czKA<Y<rf7pRvzTQ#vLE#C+
zqL2!42FSPT$%CFO^8E8&AfvMFZiyba>xt)E$t6hvv;ExDIP(#42615H(P<Gd2Z`W_
z_zu&4g1l~JHf2T#>JmYhO4|boQLJr~B^rxqVZ3PBie!A=w0!)aSjFE4mvAqm)^MH-
z*+>og_CwQ&(SThwaq0|cYIN&lbn9Vx2)N~K5&o#s`=IklA=GWpT6wpr@qQ0KfS;Rq
znBB&(oQIJr8zC3BM~1sxbG;PmAo?Ua$_?*?07S*BNMVN2*BzYmwj!@lC3>vWy}i^j
zd+J<?oAg@-#atO3O1J=ZJ+$+QTF|KsH$CFXs(qsxtCh=<0)!$W44MgS<H>kL96^%W
zZwot4#keWNGNV;zgPV$0Z^f7SxG3ZkXy)@KX*)=x)c%?7${_6uh+}|xov+usl~`Tw
zVmWLIB}&<p5`Q}}I(v8W{n313qf$%QX`xA)s)~{o0Iu|2)RXwJyM3?{s2YVyN@JH3
zzXylg__E6MhkO;^>UTHB4r~#q9w;b$+`jK_*x%hqm3zxM&DV3VdEUnOR%%Pg^Czi&
zXjdRdoTp|4o@CGd*nZDk_%g9fV-ev1V}x$;h9FCXRDRdSSXy-==E-dPZOtrlle<)p
zvJUwS2VVeguS{o%`R7!T7w66zld<_8T7UH07(NE9AEkBYiAX0PXLBAU#<35Xk04s$
zbSDIU`d`1#a<M22{KgE(O%o;!yMD;Cw+b}oytz;RgZYqgTwkK@pQ++Ime1OnHj6`d
zzr5!KL7N_#^Av-=A^wew=_GmIilxGDOO~7X+t`HB7xV-OHRHd%x>dh=YFD;B7FDez
zvn39`cLXEZC&N^TzdRpkznm1AC4)8Jz2_oF_Z=5`A>lCN$N$9at>n_UzLoKHQ#qo@
zv%_UejhmP}MS53gs6g;{@$mrH-^K~!*RB$<&iacz{>q8i-;KeoSU*f`r}nBs*DPsg
z=6vmZ(psY2yna~o^gDIg7JoMfZkd|lm)lw1oK$*>!)te^r<<eSoeObYLi{rUGlpOe
zY^fCZ+sl9wdo`BA0PU$#=dn7|gXej=886`Q@~?d4GyhYmF^}8s>hcBYhy9&Um-lq@
z_i|B+#|73&LHv`k{H_&C^h^vycFdb1Tokl1Z!Z+dk-wJ7Z`2JZ?N;q&2Tx9SmU1-G
zUbh2ITfY(2n`H>4CHz?~f9g$K_1&($nTyw}RRomucUn}b{$4V_W0LpbYCJw!E_%b5
zlVnDr=kK-rG8BwK^1tHAo;TlUczXIZcK7Q-ReDtAcP}eRF#Zn2WijD*M-lVLknLD0
zG+l4+Q|tVddbVf^gxWE}zj9Kq;-hY5Y}I*@Mlkyw@plECX?Lj^9r*vO_}`(N&399w
zN67A<Z6<RR_JOCV$q$P2tHl_7?)j@{Id3aFO>En=D$53aCtt7rB$KU}>z@`F)9!qE
zp52P}zyF2^!(5;C-AID+e+|Ac0b~!}bCaev{zFbm_<!tnK6XWeaXwG|rjpJ%<YT1f
zV4}Y;I}~?4&M~j+0xfS-_?XJoN}0tm1%9v1-^<VAcH%)QL-sD)*Zo&T()&^{H5Mmv
z5VrF_VP7Dshb}}+p#a=nvavADgW<niZjN#78dJWLMP4dNVnW*71!L6c;GuE*qmp7K
zIXdyBUhty1HRaIv&glNLd_0e5mfDy8J%CppV*VRQZfCX0ztsAV3jd|ntW5t=YX)|<
zf9)zVu(SU+`-+4AAH80h5b`=@l-9`6Xlo6t)rM>TW<@$}E?HUue%g&kL2-B5XknNk
zxM+sl0F%|>E_Hnwqs&w4+W@;Zbnn)h`r?^dntm=t1)Sa(iz8OD(|tRztEwv)R<bZ&
zWCE_gEb@*!%6{7|-WTaqRh7tvrJUPw{~FUca+Xa^h*LIbd?&@N^UOV)_KR!E+>XJ+
z`QcHMq*f;Djoza%r86DA!NA*hft@6GL|$5t>lw*2BYS)^dwjmbs?B)0VtzhTO?h#?
z?yRinhmEI3)2PNLNd9fcS2UA^qr7jt!Z3xgov(u@zGq!#$@gp|91;}aN}tv3@z{zY
zZ$K`^Aj~8{K*cjRlWxDao{UV4Nq3f=qzgAPROZ=mVI-p+QtTt;3}Ytm21iDbe|&qg
zgk{@w$h`T+_n0MiVzit%;c2zd{l&qhsS0<DH8DbUlT6nF@l5hM0zKCEj(gE88oU7z
z2DPG-W`A3BA@%gFiW~9H%Rg_+OxEGar?kU)i{qR@hZ6~}F@1lixcD>s`8(@#k5UYC
zo4&ib6XJWyGHp~@HM-VanT-F@nsDa@+T`pZjaziby&x_NQ2_8=c-YxF8L@139>1Ka
zkOuBm(C&Dmze{)+#jkD8Nv9bmkYf+RQkBuwgHV22L$B<2^9U4Cu!tKVX9Er+ulcTg
zaqji%Sghr&z;(qd&;tTc4KK8Baqmk?w>T^QT8<mP@=@B&K+~)-0@#$UsIGPZHZmIk
z%>kWqVI`Vm%(Dj80!U@!cPjeX<TOmY3jXR~==RAL5$66PAfc`=#Nz|-LJj`(2sfpG
zc3f-Ld1wp>dO-lP>Lov*Xo`4&yw+}VTN&VC$N|*SSXh;2S?1m3Cf#bEB!cx!PzQgX
zJN{>GRas-HEY}4C$Yy6J<$3-BVT;S;iLNNHr{SW#uDnUBaZTo24`NLawCkxLXG*kE
z*cOmA|0C+cPyED7&8ez7t)nO59h74ah2Df$hTPuY7L4C5V6VN+DBg;%|DH>3_jJ9L
zmA_sEI&<%fdF@_CU&O}!VFsNH*(bqD$y+u3JYLq{*F&t&1yAHcY@ojds>TbHctQwC
z{KT@c^yKy19<$c@7B1oCx`lLVvie8eL+ve7@YotFw~e*MS?5pSYl7fSPc7u+KsgKK
zv$c;I(fDz5r!!RyDpgBa>n_a~I<h=4o<Iyg0MBFzIhW-E(NZfq8!<m|8y;&+HtySd
z>OeQWl2)8I-xJFT1SKO0<yx93C7n|v03z{2Ww_0?${N5D;az~d8^=z;uXA}DoN`%(
z%YJ(^L$XCgzQ2f%$s71<?jdRD**d_*QO1^@vn2%D6KKb0chLV%b{>BDs6so+D|<mv
zz8;}HE_f@YOOllkH4b#P&i-Pn3$zE-qqmR3t<SD;*L}U*LR;;N6h=^uNt=s=Ob6n4
zkLuueGxJIhy2_%C4f+=ZFq>YwP=&vf@dPe*(-?~Vv?6((Yep)|@jIGTFU3H``;taz
z=L?8Ob)l78FAeLla(A^28lFw*Rh6ywp?74hMLq8&eFreLNEkOK+<G3Y=VLZv#bm^(
z(8Db>1#*~{@iZp`#bZw6|Bk-vbFB6E)(oz#{r7BlJrU;*i|RzYS0blcn7Gu<qDp!-
zZGQRT*qlaWt34Vu+-pu9{5_RkG=%GquPKaF`@hR4icBJY(EBGD@8)*x&gDB(S3gab
zv8=)b=)C*fYDZ)#Ohp8K_zU*k=yOEb>(QO#g$9$^^T$8w^uvh@`sV_Ki}b6c!r5_l
zB)@YWYDUTiC?NEO2bCWXoUlImEnRB|uXbv?eF*$LRvh{132q{-EQJf}a6v*7JB5L{
zO^wiwb^eEoo^LPSCM({Tvg&8hOCfBYPij(+IV-<h9Ai>1n^1#saKQWIDz(l$+gMj+
zIvX3CI@}&v@V9W|F4v0*f>LWdbV)nT1E;w^Ag<d0&SF><_TP~bb8L0gWIhq+lpr}H
zjs-Sn(zik7Sd^DZn~me~zP>Lh6puzJpqxzD=YNK`7T2S9H{brub)=c_GIjc?tbuP2
z`J-wD)JDbX$ps8o#kBBD5F3Xcpo`GhF18(uIHp*z0vZE(9gRA!crO2^E0E-AwXFP7
z!xc3?T&&5an-;7KqKunsRCs8CE1m%e&{LdZhEq}SOmOy=)rw2oo7Bp$n!IkCDy+QL
zQ{p?BkakTM#-%2_jj?1i!=pS68GX2i>3<=!y>AS68skXyxnvuoiS%9g{d}e&$oF`6
z;q$(G6K}fk-Eg9lmK-a4_}boUb#0NCa<<f78WvAQORajuxlt)%p_6sjBAWNm+7IWg
zQS!$6jxL|%$JW2(_%D_HOOKiV+4p9mXZV*MGto2tH+uZ{&Nts*JKtta;Cx6ua*eyG
zQt@+Pi9d5^!Kiw_VyW4aub4%h)6wxs>_|kR{%nuSj3lc)bOVA641qpVGsX}~W{+0y
zruWhTDqGay3dFK+=X+8F_SBwF?a3;xWajj2*~NI*z2C0+n!szH8M~0XqX-8-B5Fs{
zLgA>vV!f%t%ZE*mZ>75OJbK`huqBH#xO2PSy`BlBXr>+V!fQuC0w8g$vUTta!SVxX
zh)X)2NbYwHU0>~7X(vwInD8cxcXqx;mXDfiex3IW_PLZ+i>?kDVa(R|jMbo@@wgJe
zB6l3~VK)1DoPH_>RM^ID32dMwToqe~wCe8gLa=JTVMf9eJ=`(mX|JfdIHB!j-LL3?
zWz}1NzTbu-XkIhgf<=o=2#?V`VUZ6|D&dEj{#oHmI3xxYhm@trz6Wv8n*_YC7H%}{
zvwXe{*}-f8`b~A3TwQry;>+!wf;vXE%JE41$niDtuPyj|g@04@QJO7#i1LO6c!A5C
zrvdv0->6idI0ZOz93zZ;L_4gu(WRHyXa=4xA84t)=@+It^Z5$K!Zs=c#;)7}u?Xbr
z`um-S+$UakSfUx1T32uzPke?M^=2Epf@7Q=Kq06EncBLpA6AlYwwx5{wha?qQGz4>
zM{9dIsfEDd76gNujceR_?~JYuD8fP#_sLItE7#$oQcwv|wT#ieaxYHo?Xc(fC<CKU
z4Zdro-Ss7+u~X}(aFKe>(J2VzAXRHbTSONwM>o_La>RBP!j5=A;~=B=F+0J*EnJZN
zCo}TXN<Wk4sL3r{VZuVPw&=DBlmD4&aN%-%5BEOR5J+l0(W%*PQi7>VNYbJ-|KXZ1
zBlyW2+qQNKxH`qsvqSC#h8?AdIo&lI!!X&Da?EZHg#o=&QD)PX;Ive&-M@z`EZ}0Z
zyWnlmWJHOlTXR^7r%N2F!YbFnMw4#87=#ewfhKT<Aq4ypP#0nw-Sd;XG@-^ZI!5Ed
zMg7ROMU+5Hcx^mw&EGi7iec7a&W0W-?zrYUFKd-MT!?a~YQZ$#{I=r)`F+TizQ(0n
zL+3pV!r1VZc1DTfU1V)w=rKDbJH`@D+*xDpzGF0DZhJB#&4KGWQPE+^q3%}E)5{}I
zfCpNb;y|X=1vlG4CXKOsR5${p0BdK|iG5QG+->ZT2R6)lXZ=>^uFj#Zt>uR(7E%#w
z*525YAvW;Ru+yhC5t?5}7sza_CaMPddxAhw3c_8af})$^y{=*Y<3^9*GEh<piOCo>
zNM|r8tA{%7JlKfA4V8CF+T9zz_zr628V$psVB9b*Vp0Qh_5#ovHT)LML{vU$V4bAK
ztuJz0&|9Ps?HgVGww=<SgKJV0=E85k-{ZP~424WmI^;rx(C6pMiS2}LL+XJ>$G-mC
zsu75CU7M)T3{7sKM__~&PbA>Pas5CXzGn-UtT-&Oforta?0^7@p>PM|92rR&h`l&&
zJ7yitlwY=}?Z*nGs;h7NOV$E}ih$=RWqCun1<^@iylUmNNN+7ry!ouccwEynW!?If
zF68NZ1#@j^X=dOUkL~7)Jk|sEFo{u%SF;M&^U|+hfO0mR1+$!cKrKQ99VGAgw{3oR
zTEQRwJOg)70UDbHal3UcgvK1Z>A}vJjNL-xmpqY&w|lGo%z}Ucwb=DTNP916AoN-r
zSt54w1v2VDTRPdp{j!@PZ-7U}r{&HC-AHa<4{+=Cc!?-UU?|Lvpr)<psg2C|mBe=}
zHM5<oU}Y3okN;)Cp_81we6+j)0BGV5agMGhY@g&(wNXR&Pr+=Q1!iGDpW2U>&vK&&
zz@69`E8dQ1T*j$z8^2e8y-6wB&n~?3^RAmFq1UHt^^7QOoq^A$7uJI{W+PX{fU}^Z
z6IRCAfdG<y*kR^+_kqY0aRtj_T##9~)xbx_IlZq4JCgI75%%+->$|pmw`@#x?&$%{
zV<*T=Wn|+uneO0$ukh`cgjH04@&e9t<S6<rOT(hDA&IikfLbHv=oC3_Gyn5BqAho;
z_&FWTWGBsUub;bUcZ@CP$)OaZnPvx`;zkT}Qj68b-aRKbaNa_<DEq`M+@7Bn=%E9+
z-s54v;*&Ll3ie179xKUm6m5U+sh4nXSHj?UaU7`og=Y;r<)GueocY`DW5Xv(4TId{
zgvN@pZF%dZqI^jG+m|pTBDl9~^%<^31%_=<;}y6Jv(Dj;Su5vL^mXlA^<Ctinm{&|
zx+iJ`m=~^5+Zw;Hf<@c*0Qks&S5i-QufAo-_o`vfciv#$ztR{$0#n4?KQ%i<+f8XL
zwq!1j$IB!hU9iRz;U0;f@=GWKL&e;2T#j+KccRSio$qgE6(NCatr_?Boz&Fi<4?}q
z#uELuIU#=2Zx3Fy8*9?(EiIbNr->7CbGz^G3!&OAhvMzsxx3R}s0D~dC@itzwV3xU
z<%{%PJx_+RyX;(v2k;J$xk0WEIr3Zr-awYMO5pyb=6`AQA2nyEXZ+98HS_<W=FI=4
zny*OPtcoB(ZgKhyZlrw}PmrYTj;gcFhul%DRlEOo(-T7#1TRcUyx;f6)1F6-kd7FU
zVz!3?slUr|IPLCY@^i8ef<p7j?m5jSbMu0*_86PuOtjt3A0KUmCA&6U7>&5rw6Wg#
zOct-}Z8<gs-0nHfW>DB%9wnBKaHf%oSQ0taCl+xA^?1RJM7#KnO<n-IUB193Q^jRb
z5}6#c<8`oAA`>_f^Ysv23{!9`j67khbUS%#(Z1GQwPK*m>XFoj(yn{ft(Eq=f-e2b
z+m_YB0bbByTUh50R!V<9(lFOuD5S@t*9KRarcGY0GcNe!U?fUpH_{v1O2!X1ajf;O
zn-JJgJI1#d;j3Qr=_u{m)ZuyaT4Y;;=(&`i+L1z9C<~#5mkEfxLb-0N8B?NTA=iuZ
zquuadJD3G4%$}GsmgnWP44oIB%_z0+7-nh|ssO`02ff#Lz)H;RWs!&*v*Jn26Y8@P
zT1pR$^tX>{%W?&Jh{I>(fPvTc3E1`UQ_9th;)$N9Q^I;th8708Ck(SCL5`;s7k!<t
zPMc|oXKr)dXOlfqC-Mo?hRgj(uElo@(>bD!HwtSiOk+xg&21NmOykiZTmcWNpHjKL
zZ84?4gXAuH2T67tQa7Kt-l>`3B)5QNr-0#E?=gGs0?8G?Q5G>)#r4g*?=*@L-cuk%
z)DQo&q+Rv3m&TneQ<4I%n`Ua>SZ313+-LBy8}ivH$z(%3f8Ot0TRKHHfN_~R%Io55
zU>w|C3v*rP@o-=0GOm%j$4}j8Lc}}P+cvXiL4*5W;FBiNl0>UmRpfe2qNxj63pEIL
z<iD8Li>;JhI9G);+ivk>`G1=z^NJxCBd+G2Xt-<Wy48&);@33x`Z`=auKjwZH>t}@
zAuZQrwZL=NYou*%SJYU{QXRk@{#^ZHrSQz<q4{N*Ck{V#Q9Z-#+zjXJ9m037<^Az|
zYZGe+wlh03!zX-@_oE1dzXAMs2Y@m#|0}a)6X5KCIEL{)9zN5k>hZ~MvSVRK%0l+k
z7|H_;W`~w)M1(rrN-g4v=X5f|{*N6G-kQVfjyv+%mD#kFUR+_G)wkN&bG`UfC6g|&
zzcO*SszLbI6_0;ip<`myXw#@_{B+SFp52R^EYg&WLU_^m*=XfS4$g}viutZ>Ri#rk
ztFw2zeyEUQB!}^iQXJn{+u}V;lOqeef<^$)sxqQFiXPy&kSYRvtItjlX^JKiL)qwe
ze-9Y*Q5_p*hd?VVg47~nSLW?7lR`>@X!ZRr<)>vdV<oqsP6QFuljQooRqJUw=69L^
zZrbmbc$5MC|7-NLqKwDzp%~MOCgi1nc|^eY91QW<_fJ8CyFQEJp08S#3%6BUXl0)M
zuElrrYRzxR_1q&3cfTXRKC?j|#Vj_pyo;YHxzmON0jfv*<5(}+#-r?_Vb<rkQ@7?F
z`Erk%2d2P4=R%&8#pKlD&TxL`>lE_~mnY<txS67d3O`p>V_<oNLFjpZ09&kc<Ut#f
z^bQ~OFIlH+o5G0i>yz0&{y&YQBl1_C-d|w$m_?(S4VglDV4Jj;HCj7mPO`BXH)f-W
zHbs-Pj9Ji3Bp^?%s6VBEB7k36x5zz}9Co3?-Lx<=dZqXp{_dpQVqWb?Fue{*9`tNK
zT$Rt?)PD@~ux4c>MHwl3S>D}N3jhhrKk$CGR%vLX=k_!K%%yrCXjFGA-x-oTKRF5m
zGU+5<tB3!^(tmO9AC_if`RAF7nU(%u&s@x`zn{bY|Ib#cY(~$rA$d>gFzi4~Sqa9!
z9#pE(=oj`SlFXb0y4s=^vk=?W#?x?L&Ajfj8gQD;e!fsPR7<ixyJBV91iIZrYVrEg
zdbMWTU39kL^-6evOeL$k1@t04YCYouhv>gZ{m5xac5hhecsqa~1#Q8zL+}y7FakyO
z0hK#h9tMfLoGdwnA`of?f@+KCbl_hO?OK1BUh}YfGlmTCrgwc<YyaMXnDzZG0nA_b
z3{e0B9*p;FRZu2-+3|{At4H9c{13)}Xe`_a#eoX6IySBQs8UyWy=G2=Ncfau6D)-1
z++O4cP;Q#?>8b3Snv)?@o*peZ%2Y)L{^F%fKef3KnWbyde%b{#hGS8ST!L7;#Ou7k
zz*E&QlErUTZdx(lsfOX{r%0$!isI6*FLcS}5;T9pt5~L98KaBnlU(|Hm->C8|87vl
zGDgfl##p7xn~9T?u%rqbU+-VZmi1{?BOYWJ4L5KH(<-uML|8AqF2=Pa_(iZ`3M#v9
zn|1`#IfvSf5;ki~yk;-->o!)DkKPJ~_k?pOao`IVR|^tJ^kUH1o_R<rI?P^1audD%
zLy#}GzCfO@i4P8Mk^Fq>G%h*}#Vt8A=;y(*#E5d?%wPyFSIBG`@mFT;+aF*)*nKs4
zk1rbommrC=cyLeMy|vzKzn&^nvb_Y$H*}A5h(1AOIW+DFk5O!6lvk*dzV`mwT;JH}
zYr%Ttx1}D?{6QU1x&yayZBI47NCm#iJ5~%p<U2uK%BYjq-24XBWZ~yON4SZ9rG6EQ
z-jc;BPg1kin)I9y%9>L?AATB_A~44tr|ps?<*@g9t#ielq?F{V55pmvbWTkjdjaPV
z<B+<BS&4J3*SjATw%SG-L=z~Yoz8{!ro7DwIxs$Bs8XXjkSrHkS!<xD{z*izf!CmL
zpH~1GmLMX70{q8~O61|r)(`)qNJWwXcx+e+JTd6768pYSa%pHd=_=?wp<8IE!scIk
zAt04*^7^<{m*oc>4Jnlq>+-zO;5J02^QxF2MG88IOJs_0&O0!_*#uE@Jh%5m>797Q
zepwp#OEWP$Oi}+i3^q(vBpg90$qX*wu8%fcv5CAx%qQ3LK|HcqpGK&oH@KT<KzkB!
ztHIA3@AQQRLC}5COwnMlq<mbY429CFz;$q`wsOC%5({l5)(5Rq?*4gBJ9WX;PB-^-
z(4=xe_6ydoC0%u$e2h>jyXq2?+YsYqdEZ)dOO`61DnQH#<HeN@0Ql^vg#j~ZZl_zW
z6^{q8seg@u%#%#QDxVM&=Q$PaT+{92P_rYA$-!5dFt!Aic?_DmHJxbR8or}dlNck}
z!A!xq3!ZRmk%7%<M`?R%4Jcw-(m4N6zp)#|lY+Hsm2ZTGMwdw);C7_X%ps-v^UTW;
z&9f}U3=F0sbXi12`NRp?3R0ANnTs6y4YyiNuL7BK*iCPN2;BWRP)L6|XVG3mcU?1q
zb<PN(S9+BM8)eWS3SHkno5VN*hDKQA4oI#)Huj}yiZ*G7LS;lf9v_@sU_Gr1!|u$$
zjQ5OJMB&D4<ZG|PE@Qb?XJUsHDT!_zzsgEp7%QaM%b=CX0FT@2(ew246Ib_coFr~G
z7w?wnAuq1xPERxN1zWOy@1!f@=<T|Lw1055TZiQX_N|Xy)^>SSQmWm-$E`)6R)Irm
zHqH4mkEQ1m`rKN*3CEMTip7tvV2`feX^^0PQ}gopjI6Ow#xWK*N4_!W*o9JGtd6s8
zD4U%jnO(SH=C20FGLjYTn)OJ}OKKDe2`J=!VQsd@9x+nwCxz{k0^vm8%Ak<H(2tEp
z?Mg_y2?g=lbJlQZkkM(e*W7CARum^i2chmJ7#MLQMvrw{vzn6b8A8vI_~k;PX24MN
zV~#G=QCfdEPdD;zPrUsmEGYDR+Yxc_(2(;66Unofd<g~6SvtT%`nM+hVfsIs!2I=p
zG=c5^&;+*sN)s}bwW7bUqIn&vtTmI4FzVf_;@hB+SQR#`SjOa)odhsIX1M-9T?Nae
z<n20i=jy4$D*RbP<;;E8s&kliI>|h2|K*a*Ycvn|%UgnTb2N<CdNEzf+Kj6QV9Aw#
zY{)}Y?7oT%hyw5ee}(cLOMbq&h9!4MGjUM2@}RMoQFxXTRpTj8n)VQxRKfFb%NjQh
z$WXTNn7r7eHe;M1oAf#9)V|%gRc`<=#2nUJG8P<LWx)?s#*Uh_wmj9e<a3$?BrZ%n
zNr-pO%Y$2uj(+d{NCsrahC4Vj@ZlOKeejfdnI>+>A$Xl9C9KAR^$^BWb|D^tf76;-
zXv??73i7e?Y*#fFvbm{p4iDY~-W}~eYET8W%7CnDQ<v6YISIBE>}vNT^Yb+DK$1!5
z9BtJ)&&go!b6aJSqtOfFpT}~E$Q7a`R)2@S1n0{uSk_JXK4a_*q>#09XB#PM4$wQC
z7`)DV+sT!lluT~11Hn)s(BjfLl6*UHYX}TN8|)7d+EjhN%foAOg#}(L^6F@-N(nu-
z4XO(3RDU;3c-pM8|9XriY2{yy(4|9Dg~&*O#}l!yQnng<{b{{?grZu)c$MEtk9G=<
zgB;TpU3FGISx_n~Cl_HQAiHg?Ru9oSnA?rSqF7LHrWBs9k)DUK8mVyUY9ndGbBDnU
zJTi>qtaA3P3A=J>Oax>Rr$NyU>WhAUD@z~){JEcXjoUi$q-}w{I>h#uUkh^`v-x=F
zKbD9*K5Te^D<v~_=`&dfC)$VBf0$WVCe(w8gYJVtec|_7ZJIIqR+E>ZiiHo;eJC<d
z;{O>J2RT4VzY<=4nx6p1U+Yq_%(meIRX9*r%Q3eGJ8k0}%s=k4a;~ziQoF(;S;0jM
z?X)jX3x_gAd%_f8;ppm|4J*o6j`y0{<ohE(ch-0v=Ep-4!n(Hz2-Li~gIQ<6w}DY*
zHI<lr96-3Ift`eA1;_cp4%WHa#sX}r=b)>~*#wjNazvRh{sCG%Ln%*kUY*D&WEzZt
z{3llr<AHedA2M3dwv+-3kK>OtU*;CGDLi^J9Dr4s8@5<$j`G-V#vwTyRi$}8&XO$9
zlR}&NibjXKqX-I)Sk*s0=YD*kLP4cbl_Zu_$6NY=X@Z#5>#OeyKMFs|BBxX&4ljT~
zLgT}7564Nd!35ryAO;QqE|Iy(H!|&Wh=xuM^#<R<cWOOvXQ#0Dt2XbkJ(^)*w8GQ3
zuCkuwjHM!=;}#@&X*M#K8>BXn<qz;T*0UW6+>$g%)YsUZh2b)+l_&MjHX5E8{0wF<
z3iJv1<)bg!771CUYyXClUvh$>Y7{-(%?53yKj5n`-f>*Sn-V4W3mJ4w?G}2CyN91&
zt;x&$x!f>HpOKSLpk|JjKT*5BP~mZA-%kR|)asP+gr*AT*#E|mL$+|xbSZgZNh@Hk
zOXf)K0)tU)V~YPH--TkSrjQi<VY<X()K#2<8hXixI`T$3YxS>=ftG_?AaC;6a$N=>
ztEnKjR&6NnucM`NOXo^8SJU=?9YoG?EDw4`*;PtfPm=v=cNfU$K`g~y3P?|5)WGG2
zmB1|~O#jYgKt<obVEVCeWC*6KO|@xpc=KKp546AhSY`<^NrkUCk5;zKSs&WiKZ#4k
z5{HY)x3^=U#SAkH)~cdH?S`%8qHI)~I%qlI<1jZ`zagRxHV7?W9am*WOm>wG-qph?
zLO`^!k4yiN7J%0jBWmT}wEKrl|GE{Y|K~UYGuyw9BQUf5SH}@Lle838+5Q|KoUomB
z{yP20)YM7{k9I_g6sl%i+#i%j9>yA#D8XoXSM@Xs9F~##&<vNJ$>GZ~;C-9nppA1(
zwKM>->iN~BslmGwL9d7!YD{#Z0{_U@X4hs<6baG}JWfMlluOI|ZQfo2Vrgv&g@?2R
zMNmp#tVp@=j4zZoR}>pPuJ9I@huB9wN-%HO8UI)VP|bUbf0?<}&v{B*TU8-(PJ_xO
zBLs@x7bU3Kon{C;aSCZ(Cx9!Q@(+U(p_-U68!3?y?t0qtmG}y^*ksVJ+TX#g&WfKI
z2j-V0)=5)EP8f?i#OV&6kNm(r3E$?AHAoh75HqF#G35VA^7)6<l5^k5eA8)cje)@l
znUQiFdkBP1e?SZ>1XMt}oc&bUg{_@hRJClC^+dI7)VQnT!a4Ai|90T|F_+TY%WZbE
zLr)}Hy>qm8Yj39|4$JYa2Wy<n)|Oprf{w231+2e17H`z1fHa-lR{}x3CuJ8bZ8UN3
zOF$tksU|~eRQa%r^mP-5TP8Gzp3qszScP5gDccq9z5pT?)<tMvGI!)&JHb^p!G+{f
znAkJ%8E0MgJg1*5m&>jbz~}NYO4rEwdn2u5+GLK#QESY}C!bx3ZyAY_oRW#kh3n)R
zdpiWX@t7({UlAH+Kp7wsCw|r8<Qy}<NwVIriqXe1bqRDbo2W6Ao)wQCJ3qnji!MmL
zxQ|=8PgTZzL>(zb8-!(NA{HhQoRc+ic<C9}Ib!^g=%34Xn!mx6))wn^ntyPK=eX>n
z4IzUaGZljWEA)KOXhm|GoAOw{`B%2YhLy5?ZW)Q?4vs=%(!-*Yd)Y`H$mOjwj-%4j
z{MV!6<*GW)PimyNQu->I6^z<nqcc%<(cqP6z$&pOwnzK6Z{;Glf30IC-WcIra;VKP
za|YI8pfU`FM5U-!!CI;a4XfpE#h4#WThfMiKy)fHfaEvMc$TW$W--mMeMeof9Zd`l
zEF&4;RxJW{KoDVje})z9q~*hA%j!PPGtO%rejs@EFW-n-sXcGvUToIT*!xtDAC;nq
zKfE65L32<VEJrY#Esh1D%?bTnQj`b_qs`x$!>(aqoopK+v-M~Kw(57d(8HcDX)vsk
zA}VDH-+e``(VRmS!4UMZ%FaQ%#8`gPDVHpWlD(b8=>6M3k2IwehM58B1QKJ6`*Ub0
zmLm0((&&;@_D!j0ttI}Eg9H=Xv@5P5ViPq9X>Gaz!a`oL>O<Gdup-wciTa;kTfuI!
zik1X?WFPuT`@7CPq|Y*YtV5zU5&E}~y#xhiekSdefIoOweMD%9VMoc9m~de02cks|
zDDrM~V@(sW^6?c(<FyuA#GflVSo*cZw50@AVSfzk%`osL8j4Cg5}X{$I`W^j!%fak
z!-~uI`~~d5yiYObh&MeDn$fHboSQ1Ppw%0|tb*tawiy!lX;8Tac7(dRo?MAz1g;VV
z10J?<*Ec^JNbR6bbM}aI&pwWR1uVz9UAU#ItR5u{hufoO!?xB7&pq`Za`?<bZgi}t
z!!?minzq91ZoJt$Y_8)9a81|<pW;qjm6)44SH=DS17m@*q{h|Yo4qv>Gr`_zx4NyW
z@Bz_IwfpdY@Z)dR`@@fn3}64Vq0I7sY$&t*cN@x$%6~qL>bzDtlR}g(A{>>Cz4;k_
z*2I*^899iF$H>EnMw|-@0{P*bvUxArg<rnz3q_@YEQtmA$B4nzb)fSVvM1e#&8`p=
zB~ISWqM8Mn4|kOdGI5avcUSR)m<8flet8okwF~QyqGU&0J(nfst}1!S*!FZG_WL(k
zU}9Hv-#hRF>zp@wR)5KoL3dDJgOQs|q_64}#SHNOx)VKYbKKzUYzDC7Lo?FB5a2**
zV*o?2yNlv?tmXM~3t|)Z=xs~~l`9B?#qBIz1r;0prhpC+)87^7V18k*kzf5l{-Hw)
z%sNbDhV(AZ0Ep1bo%{FT&2dRI&g+CM+Cb;g2bRXEFADYS`9<k&z}9-;V|UAt#SD2T
z8Nfn5=@UV8`euXnd@;068?X-6$%3o0=(~qFsvNWxrv_)hzob;l*TZl-UP6rK)1*@F
zrI}Au%!s@TJ*SgLl9O9=4Cjihhpu9m5+4r~GUyY%6vPP3_qT;XwI<%d)B6yMm${X%
z;l#cr|70++OT~&t88-SIq}5-UsW!OW{wow0-)xx@8r%xpyye}zC-Ijrd1plm&(8fF
zo16xx-~Ggu<SKJxq*BO4JhLWAg|7xVtO`i6d9dTJo|bS!O40k5@H{B&hvI4-tj(?j
z+=s-&DY@@l0ZtDms$Yx@G@TIrfY@5%6Z`qndV)s%6i8AaX5%81R<o-lKXy0<JoP#=
z?TdQmtYg-NkjGEpk;y!HMbq92p5DJOImR{NDWk*4o+>?_;)=gealNq-vPxw`tWzw=
z%|5at?w5!oMP75GCrYAB!}RRhMI1#&%RrG1jMc{zi8C_kv%RM8Mbc*#D#Q-5n+>X6
zyQ!i5ZqDO{`qrUEt<I$rs>~br*f9HynA-fE6gohGz~bWpdss7vw>}=K<Xuk^&Gt&!
zDtVJByq3SQ#q_Oif*zT*v2#^k#?}rd=4^MQ6<AWEq*^1(pjGvhDaM{Q=rkJ;bamm>
z8hRUUL_2o|sW>|OrT^Hgn1XfKt9=I-#R-F`5K5r{wD?OAwgyp>tH@`0WTJV5`jVW2
z4E?lIWw>jJ-7`J3)dJkiZ06MLhs*Lj#kmCPZ3%`^KMLi*s?x-3XK+>(w*8qU-XVYb
zyLIyKYwvG|^1W`$5!OjqzeE7G54rT-j3~Q8%O|nIp%PZId|H=T(AonnYc~<mya=Q(
zcTh;X(D%($CVC=tdZVeY89mb3?o3zNl$@*VTQ_bE#Xah)ml@%zO6OxL3;ieKkCP*0
ztOM{tl>8V45|Ip6IZhD5oK!yZwT+wHGn$$Me8WC9x#h2nEXDp5s%F!NW*+`PEis?X
z`^=dDSuVQJfV!_6JVs)wL6>r5qjn@JN6NJpyR9^}K}r)yv8_seRyg-zd*jLo?jSgn
zL{8EQ%c(JlsTvU?D<ZXfbMe0OnzaXcA?#oD^cU&;p(lDa)_>@U;oqlMSQ!4R(<_xK
z(he(PNS&uDH&*eKQ-m?#D_9Y`D~ijF1LXTF68rRGU}GX*VlnmlreEJbQfETxi&0$G
z_R*U<k_MhGR*P=xZ9&oJ*Z|WKHvldMsupw~9+fTV!u6q{?m1z|=%eCb$S*3n)UB#~
zfS>^%E=Z`hC(-0k#Gb)t5=~;kFm@+h_n-vDBmp=bvTwKkJ=s!_AO)-&?d_+SLV8G@
zZ{trf?%7-scX9Ckx;vtR7(;%%aOb4!)yt0FyqW!)N=}JN5Y$avs8q4F>WX#kmr13T
zVEw)LxfoB|OVR$sey`-ec99RV4<MJf$0^mQ0@JNh5<2d|ifYhaG|97&>8W&;6g`F?
zB*e1%e|@+O?stU5JDjB8n=;Fys&YcSm}ReG>l(shY@ThBZ`87Vgo$U@Bk~JWq#|X}
zIzm6|`DB^ifyb*eo-6N5_ktyNO;&<?`RGkVe>z)$J(py(>00SWfsi)3au)btch%#7
zhYm0L%7zP<PK-VLseHNI^x>SOVy|H|Hg00|Ef!H?KhcodoT_F>n8S<ki~TD;V^nPI
z3R(<Im?=tNMXNePn<7X6x4e>W+@WOx7kWDiF2E+6_RIzFeq^&;UabA0L%^|vDANF%
z0;O{un^~eeXMm&{nD_{p5?O*sT5~Pk9=oBnyO}2WQ|gy=0lf{M4P1Zpb@!`Vo*~?A
zVF^wEP9Gnqv+Yk<4`gKw*@&UKNNr8eM}fLy5!2yvOBHz%=d@jEH`<Io^L{=h#Zy5l
zW`b?WMSbl9y>0xfd>A1NNOiv}jGM}7wl8vY-80R7<d*^W;5X$y{y_bF`1pbBNScL9
z_}uRXyac1CI}f%uQ{A-+xZs;u`H^EQNRL*r_A101H*%|vs$U^3Xj}X8nzPdgVOop2
zNE02oF8ozyU{^07;<3?__GP|$zv6$(Fj;LP-6~N11@|I;G{bv+jZ!$Yps9gZ+N7*7
zxb08knDj+q*cmplX*L0dMuSROV8!yh&47QjWD~b~CVenIz&+q={8Sw-f*ssUO5F~e
z==ME4EVM{1FRUzIH=!C@Jq@9A%~<M)6W-79uHGTU<J;Ivl3Ag_&s6>{7)rohXk>;d
zZ;i=(8E3}BGBzZK734WlR$Z37h8(MTW<{#LAb3GKHG5jRVIe@|_X=mljtrZK6JK3J
zW|DX)HrpavjnP(fjR)UM0!#&ooWmSmey=5a)X5~A@bLXk2gLJ<K@lbqE#BBH#BL<4
z6{jCf?xJhozIs%E08*}Cg%^WN<80|Cfs8Z40+&9!g+o@}NXr&!(?|Vc3=0{LD7)4#
z*iZAkdSeBqj21HFlf^};wP`k~efKy>@cR16dD_rn@wRI7SgX6>N!(zgwkB}V*B2Sx
zM!Z6;4ll~El|SKmB>i>)UtgZVA(BtsXPJiJRVd58wDYk@>|sh9kCKqtFAAZ`c&58t
z`>|w`i1NdBXqiIIWAau5F7aW_zQK{z@?w0KrlUQxgWX{C2@a^mLzLCE%9jW12I<_p
zaY83~N{0k=_P8^&pm5}a;$3F=L2j`L%$rhrBb*7O;{sZDH(fNFQO*dC7bHuyitnVh
zPUNQ;3^**-X0s?wDU_N^F|+tC8$v%PWDmKR&>lJ00%EF^l)l7d)6JikRv)Sh7#tck
zHo<TEjz!&3huP_>TdF}z^DnXMWuhU{7AO#(<O?n5LS<E0N7Z0?+oRtFG~71Z7h&Ax
zkzWo3%FinO^h=zNYJ;~Dzw&knRGJUSd5I~_`iRh}xeArnT;|A(@n{Ff&v+S6%p+$;
zf0NG&?GzXtE$-^?*}Ey$iUwBY$)mS2f|(@qxRjwF&OE_WA<cI&VuMcoF!)eMGRwg;
z&~i;FUh3vtP{^cgS%bm7bwBp)o@}xx!Z<X}Y8$EZ^43U39l^g^+K9*P4TSnzsLH?P
z;19|FwTa5|&!>Paj7<M}vBtv4{NKG;`{!=8@@M3Dc$}$RCwmi9e5&h->e&6%F$gFD
z3=7QE2MXa<lJ1Und_J!>EBVnTOH|jVyYnuHXV3sPKakF6&gwiJJhGYwInW!%QF7^O
zU9O&L%Zy&)Ok-W4hEUT+k5?2D1dwN}>MgA(a)p#13d87fAsId3ykz-om;&0uHd|J&
zDhb4PN$@DcydpNZo11(bGBeHHLN0DM6em;O#C&mvb{v5}l~53ev|?VO(@#T+PoZ4t
z+om;>>B}LKKmJrBYFyEAorKfrwWUu%85+GJmWe+`qZKvtWa)dp?jv}sYVkED*`o0I
zPy`FSzJ;$?Qva~1q!liLW}EJl;rD4l9!>B6F?No@oo?IKk8RsF|FO*uI#$O?$F@4Q
zZQHhO+ji2i-`@Mwd(N%ex9Xm+&*%00)|_LFIVLWEu~0`vm>shxN=#6_YEhU$Ykn3*
z?>Vfr5NOiPf=&`VJyF!%VY4C!$zn7Ryon7YnMxg2#7;rvSKQBBxkFzA-}NQQM$x3X
z#~Ms85cG8e{ni-CE`U2dG~}`e6>S=XPkl)I8$OhOdTd@_0+V6{cpC=(E!Gpf#O=XP
zCb&?(**&jL`Nq6re(>fz$~jc=71GXMzq8^@=gE&`bc5se@0OJCBF{O?t+eXIpV7?w
z#c>o3Dsz6o`v>Zyms!-RGGR`NXOQh2p6t11@UMv{k?Yfyu2}C6>-QwUK0(rU8*H{^
zKVhL0lok6|$PJ&a(|dm*lsFMW@)R*Ye_m!$H=&_jwny*Vaf$$`F;p-I<tSx^D6@Xj
z;S^6|GI+9I-A(6$uC*-%mED)2U3*ovQ26r5S}LG^2mI2YrCDaig3*$vT^}j3;$}4`
zO;)P?Er>9%nv{l)Whil?s##U5)f6QdvbhSepUXwZVIS2#%l4*xI6SmO)tQ%?C?Cfu
zRcu``0p_A8ZnT|^r@G(ECSMP_vJ#m-OO+3q-09I~9-nP)YKka3uMs^!D@vV7vZ8cS
z1{2sDEUxAa$i(JQ_g5J9ReG=z<!p*iXbWbSR~NQU#LZX{$6c*>#0wCdLNjB>p;o%B
zqi>tDujrhISCpBo9jeN=GSu8^2-40)h;^6d3*B*+?Y>um!mABOx^uh-PCswDZFfI<
zesb{YAf$U#|Dxjam!2_;YdTxq`yrz7(4p@o>;Z?^^1?f!vaZ`bzxq<WXnI2@>NQ&O
zStFRKI9+AH4nsS!Hu-CREn8AJl}fS8`W7)fX7|@9O1khHn1&8)5N}A&)ptA6n%*E$
zKA3B@gR+639q+9KRF)aeDe+W?DJJ>PVDx&rsT1FAiGlCgeK%f|Dngmwv=~ZKbEDYo
zsgCQP;mYI>&cr|cwz;+Rx8L4^QO9b8&m0~Hj+ELK#_6{(=q$m`sLgXU%Ud1mYX!)p
zOS5u~v}$>9g<-c7r=|fJ?8EQx9SJgvk;X%%jBKy-8XRnPKPqlqZPkD6suWPxkjjuI
zXGD7S!zmf9_Z)y`KC}ycz+_hyTA0i*yMm?gi>DyAOFm_ra#b<PblNF6=+TqvYHlnP
z>L{GP;|FTnf!wWm4O)?LE`g#BnU5*0R9$MUSFmj@ge;dH_VF7145!)KoMds7m~~0Y
zKIE$&*S!l{Vt6CX#2X#au4V*BF54=stUOVy>8|#N;p}5_UsT2P(BRhi2zj~uo<Zj9
z)kS(GbJTp@GSRnFKit3|zi6k1ZfN9U5=?C0Ofk)Cz<2wKr!a+PiPisL7h~9wdflGx
zuhlfnFGB^CN87j9AwYs4-m3Zr%9}Z47;N7^mT0{QzOxyYc-z}e#%hBE+uECslJWAq
z@Ar$cU!cF{9qj|&7nHH?pNRe&y#Eqh+5S_pv;I|`|Mm4hsZ#8$e_{Lo^gjGmvHwY0
z`AbkZm@^U=7Cj5kFz3nVo?=TaP@!|Szj+3VrG;S^8v!!X8h%W60ggc-ACKBclOKu#
zx#;qG+XCtGBY@2{?LNC+rE&FO4ibhWUSU)L>)(Zf;CsbIG{8cP$3lY$@40gR@<9z?
z09n|sLw`?FN&rJi5^RI=JU|+{H{CGR2Ro&4g}0gO_GdD(+khqhK<nso^?~RY;`F>z
zw#|aj10lThKnc*F2ttmKAP$G%m-5JzE7GG>PN6Y3qL4|cWJZOJwIelJ+<Hzew}e)#
zPF9cD>`j61C-bxR84>p?6PVOF;P;32lq<IFbs*jqX^i=K=wGQ|p-c25l(quSNSoS^
zD+Fc&WjAvswL`4&5-)xSST<4JuF>ieRQK>kaqb1SV>JhG<qx}Hp<!<M`xGHoZ5T=A
zO1c~-+1~m~2VF-86MoDOu+IK-CjCK^Mg*wUuD!I(i!9yTe(1!%WO^uHcY)}m2FQQ4
zF0PQS>1{+}&|(Khij@O5mkKmi6uFrQ6MzcNM?-iW=v;E{%w8xI1*^!82LrNctv3v@
z-gn$>Vh*2?tl5W$7_AR$D*}DMvaX&(Nh5nII;iH1x$D)l>o0BPEv>0g$D^NAOk3cq
zp1d7os5J|01b*JYa|HEf>+OwT$7rCx(%@QoP&wkIpKLYlnN8h48}b0bBnv?YjcSU+
zLh@p3RQMuHD&EPAD+Vc4&7FmL8S1uJc7pBzfPEwNC~3D4>aq}`4-ATxRmHA~G;Ke<
z6Zc@KXu`m)S9I;uf=rtgWj)P2CL5DWT#a_6hI0}IL6Q94g{aK|^|<f`ZBN##xq3d?
zf#xn{i(t20jEKOTgPmtLiO%snp+AShwU|kLu+$2cW?QM4s6`VR6oeem?%aeLOMk@a
zCM{oPSScCSf#NQfkn~%=oi%IJYtYrEX3l_tP7%LFD-6Yg`iiz8lxBj?62|~r&!Jf_
zCe&rbl3evz+B(db)xq=DDS?veqy<A|O*r4shSGGw&A-Ys+hSbT8oI3*A|E*XwN}}B
zAdj#{7_WXsm*6tQ(gky}gh6Y&6|fOH#Qywk??iPcvw3g@()9$E2XuBcDJWwqAtnD&
zt}1^|==)iml~n&Bw98JXif?A41Di{TQ4vImmAn_CtIY4RxFP6jGSFBR`(D^VwaAfV
zRUr(x2l3b0a?x70Or7fUZ!+3gKAm=z<_K@f2S?l}@M9CwL!lU*G~0#QCOsStwJcWj
z*A#<Wxfq6|wpsM2G(fp7o~@y=`MY@y0-f5digSkhSg%q8ak<yOE3V`QUIlWpKW&Zl
zWG{QZpAp6t1*Yp}!I-L3CQ}iteQfGjbZXKCYJY!QUuel44HwqmU6X`}Td<J>P{=Tr
zB%Zv>F%su~3n7<40m^Jg&uEjFB>jT+vNHE%ggKx1425mf=x)H^ZCXnw(9ORzez?D6
z=UNx|sT;9J^kD4LedeK8^&uu4R6=Mov$oLbo)N#l*zuW0xjm28Ba}A0R6UH&n>8;$
z|LyAQg{w4+>fRSXb}r!GAffP8PrAkBccfO8{El<_-o0ItSY%6W_Uk>$DEljX<0u&%
z_aGu!rZqPhc#byT2=dk>D8@d~;!m(e)wkUCj5S)u3q5wjQ<)n=(Y(UkfAaHhD*nw+
z7B<d*D;{kB3qRTZD}MfYu(DZW`qzV%&U&a3Gg*M-JQ+qwQDr=p==tCREF;z)`@j#%
zj}`p)->V2jLm&m~n!!}DH*VVw1cX`|zJ`Xj_l@2|toP0*{ohI8UQv_}+^lTzom@5$
zo^@w{g=WD{SC78H`^15lqFo^fNeWQ}e?TJ1DU?R^stI%(?^B4fIwD}sA_mlMo^oR4
z(K_;X!1X%Ry4VH1BDaYbt~tOlU9IS%z5|-lt<CFr`mT10czpeKxT4))^0^{c0|v=V
zdDk<a14B6diuS>{CB`4D5Fvrp>8GumzkkfSeskmDpJO}JEBz5)Oss?U{iw$ChZ_j<
zu}ehNqs6DlPNs?>mGJuaGEu-oQG`jWlsRK~{l3(~=x!$p*GUI9Da}<W6E@q~1Y+sP
zIC^g5(e=rbtN8Z!p#`xu%T@1nb5#-zO^gju(2&qN8v7Jm;7ugSSW4}hY-31`r8D(8
zp26O@X(uQtwMgagT6m7~msI`-!u<fFdC~yqj4|DfJ01gr1QEcul9~1Wdm8P!h|z$k
z^3~<b0_6+zbDev4>a4-8x*E-uZ_Cf!ujQCJk%CIpPJFVzxOqpO7O+Hy2<4N^hA5|4
z)Cu{j8zz^N?59|zzCve!^KD?Fn6VGtuLC>*-%8zUE7nofmyJRb1|vYyW2qO7!nqFc
zh6c>={BV9-_7w$EY00)@{!ZK>sPU#A!MPoZ`$RX5Z&)=tzxnLsuF@?>r_I!ZN-|j_
z<x(tS>naaA1aGpSftO0VA+Z3O^ecF@5vF0mMP*Jxg3e1Q>wsu8uJvetp=uNF26|0}
z{b$x1``>5tuTu<QX8X?}{{L?c|Dy<C|H}aLe-;6os@pc{l1Sdi)hW#ug*C&!m=#ng
zUpBsTm-4kjs}RaR)o5U>5Y$XDSf33aF?O$l^Q_oaOXWZA+R{ldy-jimbYWK!6QO~;
zVf(n9f4IjA8uP+D=F>7p9W%k+q)#bH?$LqMcg)o<UA;6);Dba6bOdfYh>jAGVjmQ8
z5GhOEFor_G6Wer}-tc~%C`!+<<-~N~X6bb33iIaQ-syGRZFn5Rn?>6RnoI8?#c`4E
zTH3O7CWS8s55lNwK7^G+Ff9KXSF&G{S(Jm{W|_2r@+Ydt`_K?JNHgA%U{005^3la3
z{#M1<g_w697!>~G^XpWDvFFK#UI8oCh#-Jrr5Zn5n~@25{+;(`q`x!cPO~?#WeaNF
zXFU1K_nZUl#U?plqFyx<nX*!ke_%F0Z-eq^_~<t(#s?*(gX2s0$dQGHRfF%zpnRds
z;scIYo7(w{scwDM8hG1DZZ)`cC6G#+kMX>vY_+28AVLB9Pz_AwP`&AtZ7o>PF#kdM
zn;jFGK9~f<q_c~x^CELO@(Pk~N7B(0hkRTt(Uy+IgA|5jv04vqk#TF|Q;_R|CfuWG
zlw59rpZo(6&z2>OA4fCkoF+DDH4dDJMWJ7LRm@|~13!LJbo!7!9xAs#c4mA)k+r5S
z%$2ylBneM-mjjH1zM!qLte;CNQ%?>OUwkChh8etRYU9I`3Kj*erak>~)P%ZDRfBV-
z?utE}L!)s=QYI0k5n*S1UP2rZb_hTHZ#ME$9W-Upx^151sJnGP)((`y3vFy25;GRO
zhbIzjmRQ4+!k;)!4w%lw8ig9+7Os)hy~IDXgK#upx(-(;Q&>#a*Y)V4lj($UE_58j
z2exoc-)MXspw+Y>S?o7msJU0zP6VAFZ&zXnIkG*1bf}-e+Z0#YD=*aj>zEBDE8z5L
z6$<LgJUZM80V{_LzR1QETRFtcH8s*$)OZOioce#Iy{O7Js-~BTpKmg$f9M<Q|FKD>
z#UQI$h5vx)!XnPfiz6GvRg8%xlZg@&78cGXNpN%b^*rwz#;)<9X7-o7d8ri+s_E*!
z9#$g{pupxsSAP!Z=_4Y(6S>hU2hCM{U6D+461l#3{YmvHGzh68>HzDA*KrxBJ6?u@
z(+<qzqIaoO?z}b(8Dnazynnz&4E^b3QtW$$jJ1A~<LIJ&1u1c{ml_DRT|w_pZt*i=
z7&}K-T?7GxR6erm2ae%5`~FwPTBT3rMO6Onc00i5_yZP!ZMpNGx7y#o`CmNXV*8J7
z1Nf);jUDjcnctGnqtiK&db;n_CQb>g7-6BMM)tp}G$(gTYdsV=`Y#|Bmmh#r&XC7|
zQ+kaMntlDoP3Pc@u0s9AN8rs$fY@{g1==6r_k7@DTK;fdR3pWPIzYK)mc;IN3sk-8
z3ZZPl@1OG1Le6abQ(`g!Y{X^?<FhW7CAgIt(xcMY2({=rGYZZD>QU7Lf$<_b%^atG
zwFm62^6~xZ0i>eVywkPl!^+~iA>xq~Le{}VT_i<b){t{5VqtvG{pHggdYscB78Sf^
zO>tQ74ME=<Z3+F0xOV?9=?0eY;dY^B;sx(M)>u}Y(|g@2R;#dDPif8>NS^qG{64|(
zf??p|*{*P$DY|pa9?{@rQRh@ABDUMbg9})DS#Oj=j%pn2v@j)zW9Bg^dobY7wRIMp
z_AH_khu6y%iJsVHU-G+Z$hL(zqNgu^3Y6`*SkE-8m#x!HgA7tI+zle1;XM>fY$?gR
z2-9#$ZeGjMUFjaV8dMjtn7MFNx4tw1Di_CJd`r}u3RSh}f&^yy(}ZyTXP!;7kw`r>
z`c%dp#h<Zm7M_<PR64zvFvxe;*T!N1t+~sY?U=m5_vjL;cg`a!l1t7Jl@!&!PD?}0
zT69t+eOFXRi1<LU(B7H|mAlxd_C^TQwO~++`(4`;gEjM9^_#Z5tY4&6xNny*stK1a
z3P!$Y`r^S0`h#(F#*gsM%bZ@B=i129jRN;20=!R<&x|ao#{62Y*$D{C$p;mq0*g>A
zstQp#csjA7=9Kkr4pfP-=s9COY?zD6xjr~C0F=aI-zHQ_pqZIZWFQEG0CZHb?y;=w
zLIqwq-)#<{U<{%~y@#;@hVmTsjIzP<z?fz&jvO)Wm(X~%>ZgftgD+Zo33rjub$sza
z%=KmE&KN1yo@{-FPpMqxAiOb?>hO2`#iv4(L@eRN{;=4TQV8Jp=_AL|)5w<d#jMTh
zQmFK2lB&mEe?se=dZVSRPx!YWQbTTRxW(hK<yBSo&wNgl?Vt#2gT4~lp+2fCU;JrA
zbL)Xev)oo%gz3<QbrW~Bow>~GkmFG=$DXF_9{%2=56qV6l;E5tsbu0icVIF{<A=^p
zHrr{qUSepuop^~^A#+mTUyDozF|O(kyXiIx`_hv3Pw$ruIa)X{cP-Qs#DP>v-y38N
zLzV*B(eiVz)mFqIZ)F6oLAGx-ZooALx%6CHi2N`w`)PX|sGuXnpP58+Wehlgc_>_!
zloNcC4emH7ztDY5w#>gkG1sb8|H*{EfAxPcf$QHj0)XS6LIL0}x7PnzBm5BxqW=;K
z&eh=Tr9fOYWPY34XcYs)6kJlAlLY5MrsdHC;!a`~xUVWd4l{|VWgfW&>$R?vmr1rK
z(%o1^yn~o!^kwyKt4rdq`6u*E<IzsWFXB%B98Bg<Ittj7Z^^JsEUOd^YXV;x1q8r*
zgo^!$7NQz`arF9~av=6F4)0mVbdx`HD64lKUZ=_ARt=ct^*<Qg9(FHbisBt#UyXn7
zbGv1OHP|r66u|-}fAGs_0HDQ#suwRehu3*pSpOV!+LmpZ+$L$;Vn<f(XI759083uo
zxM+@euJodD@{I#!z<BIe+s()?wM06>W`yscRS7$AHWj~Z0~`8E_&S?wViWn9e4E#N
zJ!6ibmh31QNqtiSH_F5@NN41nz=$LFLv&;;UgR}*#QSv9G`WJ4GR2K*>g;;bLFP#c
z++)D|p-`4^_`)*O+Uy{xC31d<gCAEQ_Rpf;Sbtc35eo+^g|Y}sMFF1zXkigMl(yuP
z>R&7~oUXRZ#U-Qf?YuC#PTH(-!&qK@6so`wRN335`!0WijRhK$OE^QhB1g9<v7cZI
zomWakH*~Zs<U3%oVPIu@K|osZuS(`AtXHyO(X$nc^jWJJ0o%<+4o59@aG@aM=Gv$s
zmo~NpJi<n%KQXiz7u<Kd3E_IrMtvSKP=Ur{5YAnZfFzzEqT$TqT;}wG8H7X%L#lLE
zN9hZ6CbGZMM+UYvMj>&_<cBm6qjQf%im!QCRj&QmL3o#($|PdSh<%pvK<*k|^(?N4
zk7Sd~vh+gK!Lq$R)gV*J1ED?0O^dWvjIdd{z9KA+X9+_q6(rN#{yvs;fbsK>F(i8h
zdH2*=&7BdN4D0u*5Nc-A?ZY~OA{Y)OcJ%wJOz}*BT~oQdu)oLYn%58hp4UXSp8l{Y
zA*BQHJaa~8?P!%#3y=mR`l3ArX~d2G3=2k+2-)ryE1lBFSD7xT@T%8!P&du**IiM0
z5*z>k9hp8s!U@|>xIl_HANR{3d<q{!XqVK>NQX*0h8X8<=io?Z?1Dl~yJZxg^!(D?
zO_<|HJf;TaBB^ELsWkN4EJ1oX8krbvIsFZO@!X{!fx>2+n8B3Y?I?ubI3rfDf<64)
z0Tyi>jfw%VR)6hn&aMYn$i1zk=Q^77Fe@Ov$B5sMlkq*FMIxGd-&`F3rL^A^V7Tv~
zO_;8Ud#3l?^eAoYT|`%GDVu+A^xa;+s6$cJOn|s*LHmn|f&kU;w2vEVFbYr=f#w-F
z>f0y~=Kt#vtqb#H7U)r=q;I|h+Uwfl_48Wz>|x$8^J!ROL0+y_9Q=h?auUmQ8(wu_
zvZt_$BJVyp7s2w|{!xYKuah7IKCzX|ERTd@=r?TltOKrb${0o^K-O2Z`_Q~5zgC@N
zD^^B97tP7IgP^5?nyBY&dt0keY}6`z=<oQ;+63x+wp~lwF$B_r-wpVz8v#(RA2jR9
z<Ho@cdmR9-wk?F>A^bzu0VYSfzB`N_2~7fG5sU7eQXIU868!J^GjE2x!=9CO+>zFi
zRn@JS^av{%Qw#|%j4fA4LHD=RQD4?4+U@`%(PFg4=a%QOQktEmpSkZ6>N9QZBm^Rn
z6=cm>ALc{%lHX2{JJymtNo#pWToD^>aCg^wWD_=Qg$xt<It>(7HG)KlvOSDV;jYQ1
z&ENN#)3b@|XkFm5x19*#1;FdbuR8F6b!!1hwk_h827Zq7tR==s>occj(7KE`rqvO^
z+c98>5)vBqG9o(N^fjo>Np*qxM|tf%E&jaFQBhJHTLw9+gtEei?v_@E*y6UcHjzx2
z?I3}y@{XJcSCTZjrjDbY%*Nqx!S@-)FBcUuN}t*DRFw4@5MM~#6VINhv;OlRvA^5*
zR6>vUktI9oRV-c4$s*anIReQuL%!J_KD^=U^vt~wQu=IDet}?gR9yWpx559n<TA7U
zkEcD3|Nr%Ww2U18l~MP9=*F^$@+OuEJHe8VM>LZQtXB)Qe+QMw2vgw1#Q=|lIfVPT
zVG>ctCWsEJ+%wN1?Py)}uQ%_2wgmjL*t)b)<r3Hyx2?v5IikPLWXcfQ+2cSk2<an(
z7|kd&G+Doe4AulQ^QnXJ)*+GxftLDF>xg3ngX~R`t$>J;cn7h?@aaTFZg-)iuFYd(
zy**6~XZHL!@nW^>X^Yda43@)2kqbE+fx>9^>t63}JpEfThb?I!Mk>{=^&m^vfks(t
z$s6jIq_L{+pQ&bzeKDli7z$|ZXX4bClrNIz5f|=6oCe?W4x^h%uTStFinidIMU8tH
zDn_fCG)PWEM5fVrKCY1>=A+$fEru9r=tPnfWh$d=q$9z{e=LgbozU4B96D@;%9F3m
zw`-cU8x^wbGIS}eyRwaFM0?&NM~l8H=BhWZk|*O_;zKiVUqTevTRD~?F51R>v7?ld
z=Xh1Ea}_2i!M5^M7h>%M?8w_Y4R7~zN_6Kb`wSNx+_m6Akq<w~HTfx0Mw)$Tsac8^
z?lIJ@{T9<knGxk+Xh#FtZZGp_s@SWqCnul@lC)_yMcRxJErQf&wB_BSe=0`^bt~zr
zg?&zts?X_*Lc^nK(YVmnI|c^e$bC+uz;%Rxfo_<B+}JHb;nSK0^<%DA-03eR4FqM#
zuN-H(3o-NUJ&now$d323FTjMUmGq*X{@w_g;B_nxc^-|a@)f0=ITRz1G6DV3uSQ8T
z`WT-T?o>&ink6$iDX}^+A#0NOlqjW-S4N)Ky`#nw+d>vbEJ`c-4UZW)yC*;q!a0cF
zHaoQ8JIEi+T#3DPI5*Xs?Wuuo)+||AHL{(tuw<qh&9)-<9y;tkmbeppKl&u$Wvz@M
z6J<_1&nvv~4E?Z7auJroZ6JFUGpUkY{PTG9>gw>l0+RPMdPsJ<GPP-_iCP{0G(gSP
zumv=M!LIJ%wtf5S-SuM%3PFZF7=C#WY95XXApR=keJ~pkfD}M*+wW>5u|@rWo=@Ws
ze8XxEChEm%U%S~RF4!IsoOwt&uTga-^4aB7(tkEu8$1r9m0~57{%e001bX-@wZvlL
z_aH>~_V`5-VME{0H3ir}R|V%4%hmg$y+!3?iz4I8hi2X7QSwTU5S`p&hT&?2OP7Vo
zPbH5Oih9tLx=JCL9xT{!6dCBBxi0K(l3w_9RiAuK-<L4PKihDcWXIXT_Bu4LaiFVj
z7nF9%7XiDyA0qjevS_4RnM-!&f_*@q+m!lPAAiQ-C7`eFfv{$ta!}&f`IaLm1M*c@
zo2A~-4C;-~9OwaM>?K*AcJ1GZmyG#WUA4R-q)o_>*e{$nZ*8w-T}4ltP$J+a(wxIC
zcus+SGQP?jO-{C=Q}>1NZa3SDIEo;ei@?JbxG~*O5W;mWf8ibrD7<b`FFMvN^Ky8a
z{&WrY3-fZw3#VV;rMG)Kcld#WOMi-LNf36%o9McwH^TM?2dV3`iDjB|yRF0SW%~(g
z{C=4BPpbXRs=w7-X10IlHL!F2FO4tPf7ST@vDe10aUylTsom=Wq|nV`;Xg;rHB6Kf
z%Vg29c?O9S{cFINqO6#cQs7$QyFIn)UYPo8(q#?0BJUT@yst~Ie+W{+P2_*b${a_h
z10{{+{vddm!;bXCLbyRk5P=d`gkpEWh{Cq|>UJm*^L-?x->n8yBngoO8|^cXp$2<~
z;}zDCls;zfkovTvBG>24iSe}6-R?;5F_V<A(dF`?oRTOOddmW*f*&0T>?t0=2ZZD4
z#osytvicg5G>htdT?dtGk*Mc|Rfj>VH8PKO5FlbhYX#s&Ld22pJCSesHhkhPV}|3K
zpR*2x{pMsHX4uOUYJ6Rz1#TQG-5~DZPcrsz)L^Otr2jmUauh>zA_yI`n__!Ta)FqS
zr2fp2$%W4XUf=J5SEJRS-U3zB|5M~Uy%Cy0SFj#iPbN}uZaqluAa3Zu1v7J!>tZ(N
zY4+{gtT$hZM>kQ;JL=H(*ua^LHbA@Z3QZKharZE!P%Wee-U=hN!!_G>%;D`m5O+HJ
zO&x8gGe1=T(M#)Q>$J8$_e=j^@l~NbO&@V8+|642H3@4y?%WLUor~a^JZAS;nM4a|
z%6=^23^qLT&Ia&uljRdXkNgk_p>r|JS|dZ0GE4dGpLX*L>TVWz3&r=FWEe%ay3V-0
z4N{ulhu3GFviMcmO#KThc-to$<&kdXWu-bA)M_PE>%eaf2HBzXxT}(-s@^b=(R6#e
zXiuBM_Me3wnh9~VgGuTLxHEXf$%z$i&RIqhdFVliSU^Fvb;T&UBW;WH=E)o2p$D$n
zsdZm3-A;Zi49n8lg;XdG*@ONHs#G4I!nqmcq2%Y_rSF`Pr!(Z%ArfMOB!&t2IFO7v
zwLDNE*UrApJW}x#$k#KfuFi>`A%+E@4CaBG^#?^+Hbnw5S5?^e6;gONLl&9odXdTn
zN1Fxdi|;6{%q&&#ie0ywpGp*0a<5NTGGS3k5tdhCLy2MvNl2#U-NGC(8i>-0p-P_h
zC!B`l%$W{~P@T1Q+PBg*d5oAJSW@Il-+L1ynjsZgDmC0aX7`3muFw(oH1WT8l^CyH
zp+I{Y!JoPEV1|UFzc|e`yANC9iVIFWxPwP;fj{gk<e#|_e~;qNsX;H9hO|Le5z&06
zaoj4%#C>|Vxize9=sD5)AO!!V19|mr>k7uaQQz}O7)DtmDd>ZdcUl`K7P*CgO$f=+
zvxl6(4%%xpHi$BDyLammPOrwao}uh9eUp6A-S<2<kk<zIO*4@yS_FMgn`V9C0yh{N
zb?q02F3kctY7OvhcA`Aun-<QytQLH2JC?JroC}l3oC&+BV*6^B3?J*|s`eBIZ4sIT
zZLi2Qlw7IPYExxUT~Q{zQJBO#1hg9c07_x3ew@lY1Dq!cdq8##iA47$uqHL_$SsNQ
z_bL`uQ<ylMO0X&I?BW#+pvbNZrLWl+OiEezhJRA(Z}$96DJHIe%k_Z&We5Q9-wgqD
z{`<{-XGT6QDiY;g)ut?N!e}T<k<P^P<Q^zKCNziy9jI<U|6{x!HV%b)KFpB3(O8Ni
z6!PNA!^V$spfIB4dEMKD_INrxMcX16`CVmM9!s3ec9#(v1tmB>fNGZx-*av2YmX^h
za4p(W>{A}tSeU|5c&>1sh!v%u_L2HdvdvyMp5xR9!H`W#TYQf7_+ju38yXa&%k8j3
zCNo;z|B)1xDQRYg)NY^zlP&(<$7KHH&{6)V4B(`iY*dSpsy!BgtD*J*Io&!2v)6hB
zw(N>Cz-AN=&GjIH^Md4)<}xzBs(15g4!<vE91yq2&KyWY_*)6dss-7o^enNniAg*4
zXfL!=A$0w>wE*mglaX{!KNna0T8K0i7Py*yA4idHZyBp@lFI;<u6Zc4nZZxdAUFiu
zts+y{IwX^NijJ|+3hT3J;dS<%N{B3@ho6DX*Nv_LGu5Nf=$YUI4=5<)wtRK$8X*%D
z8~OYXRQ+HbHCtKJB?3L(oVCaXM#<VZxGk}?l9>xB?t!Nbzy|sn2Yb)+R-bpBC2ukw
z8Y_0fn?^{^g8PQT&W1Q{UK@~W1A7v#`wMsGc&)ma<65Qlui_;<1>(_=Pu&7Q4)Y*$
zb^C~=^_KZ`;b3IvWeIIWo*B8CJ^AoHJMBxH@2Y8iN8a=Sc|EC@22K48^R1a`I~+eq
zCScJd7!cI#ot9@BP|>Cg!NE$tjTK7lkYb(JLc>cPh_gY=erXTAS_|g`1DGD0Vt#NW
zW%4LGOEnHYc$U1*^KN2TfKxP-3#%^RIPzuAQtWfBWL7G74xp@?Bd$(6{#n%Jq$2cA
zMFgfIY$I(*Y+I=1UI|+zh8e!_1`!9FN$o~H;}umUhs8S9r*GwXMo3ytmLtUkWNmcF
zOlWg4{?p<^Rp@39{dZzAi;Y$H@S$;~WnB(ZNGoMn78UV&likLbvtULu_(Fr>XbH|*
z*e;fpU9xu4E4aHST4<&g4v`SW0X**z;t2BcQ<dS7hdM~<&-(M`CdRcLAE|!mJYRQj
zmOQ=d=cswe>qa~{rGuq1oZG20c&Iw+uX^q&1pPK<fH}Nq(Dlq9%pWs#qylgjdR{7q
zSu=8Qz(&|ZhL2Z6AFRG$2Zy#)Nj&EgH)!-MkaL)yjK6F5CAq`_pCm~dob7rO<eQi~
zQMRgxFf~=LujhN&)r50FEdJPGk43LKBQ94Tn?Ll<mnzxI=t|NBbeW@*xN_-_x8V4Y
zj3z&IzAMs)gHahB7XWdxVLK6%IZ0PlA;^rPfNN@bCyrg+U{S;7+h_E3YAT9F`!xOo
zigko~W#ndpZ#pvAwWiVZNd;39pmds<yIq5@Wn)P-8|@aj95)I#**agnQ`wSs{KNgz
zJ@NGxtj{+KQ*k-kr%2jA#(fLu*$*&GN~<b>aPv9;ma>UlRxab9)EAfOqggOXQOYGJ
z6h?CgEFlO$q+Vj#ra=$ddF)59SzVO}fh?`mZFeAPc|8&OxtU3*rhw;7?<{Sz<O&}D
zXVu9UQSGNUKj+W!nco#ENCqNkTIFw9MOlQ<5rQRGqLB)$x)?;Us33bs<d?;`(Gx0D
zDpgWtu8*k^@9(U^C_S|&+wzEnnKpa4&VYZw@?Qx28<s3A|JE%5|H~#Rz<;+&YEu2*
z1}FN_h(D}Eb5LG9IFQej#3$tDn;|o*D}n;|z2M|{OLj@lA&ZMUY>P7`8GR)=(yzVl
z+)V8D8|Q3sw9%^%yc=J}vTo@2yE+?!?uP=w{1Wel+GE1@Lz&vhU7UQdL9ju}@fyXr
zIfwf*lAsP!-)b1kHSiqbHN=-fpYe2~{}|oRg&V1jP!D_ju{@0m1xn!UdhD6TrH2>(
zm<G@JC;Qc(b8iCnf?{*s$kUCzD?o-ka>59FzHnsBEw!*H!O3O!x^xWYMw=rSYuZ00
zkXLGF15x8(|HbqL$Bp+TWV&8>r`-jILE1``9xcJid~5*<zKDw5%>TN#q+!Xpe$|Wk
zC)Feq_$E=ph^SjI6!klxJ;hr%;=F8O@VKEOC&>i&MSE1N9)h3|DW!`*o+Gn*KOB<a
zF2){{wBa-(tYUT6kiXvo?enW(?2hZsW93@}O6VwxwA3G8xI2Aft~SgJi5B(jO&@78
z(-a5x#2clJQeNN^81d4JR><0ps@i~{h`dd)(if!s?|KR}1K~fj3JcaOvE^%m;?o7d
zkt`z#Iq+grK^-w>0C(m<6m$6!EMYH7n?OE#zjZOFcJ%_MPXL~TevhXO;_$m`6wk`H
z3W<#4dQSUJb~|`IWqnl{CX^vsWl5D!q#G=LFU!W++L#Fis5Nft!V3LgW3MIxUVPL<
zQ;j`^T5?GF3F}T{qcyAa3&IEP>E{iRBQ)S5+BB)VC@qX~vtbU|D@ghdb8@0;_2Un@
z&SfG`W?<nK&4)nUf<4D*(zALnxlOC*qv-<<0h;ejdB5?8GH#i;?4+Q6#khIdmO=Y4
z7;lygMT53|R&0)%gqdw7ZPd%XCJ9d#YMRAKXAf5(tzHt(7ju|vSj-DXQu;<s*_E?Y
zvWau>F=T&+ysX?C98vz6AED!<NaZb1T?vGc1)?+3;{71X0iQOhub|cgh&}iCKg}&+
zxv4Fld$)XBeAe-!=#PV5MzjL7^UW{yfUa#l=hmJGAC*hrb62h;e$^;t&B5!&Fd+`-
zrI53sWh}s{V(VD06S}yIixgoJPfk08%5MGCB8yGrMkP9yYbz4oOnjad)`zbkdo89m
zr3Pdi_7m$hU?m;P=Dl?(8-DoT%#uA@ty8|W!(qGirt-bT#<zds8sHy`6NpW~*C4dg
zg#-r>m`X4T3W@TaMB)dl=8IgpUuFyw2*ITvHO&}`oH@=6o9WFL+@A5sE0`GeeZXDA
zQJ{>|HnG7i%><84kvRrvZrG$<w*jAFdg!j6-7-{;c{Zye*~+*EABZd(udwQAXoY>R
z7Hd~YTf8@6IXPchvn%PzHp#o=o66(#PLHjE^>!^<PdpY~VjlvHKJ_a_z~o4L^%doD
zNTXJoPw#dlRzs)Jc9iItpU@{m>l|a*Fz+fW3kFToOm9j2o<Ac0!0nC|&Ko2!-id^o
z4HwF9?|y?ir-14HaW{d0I2%$WAi!%jVoYB$z_!+`oQnR1<<QKQ)RhH_(2$nDx#NcX
z>F7hs;n<7VzPre7sb(DvvDmexP+5$z0p+^4CyJ7(YUO-$E&R0j*thdFUmCg3dGyjx
zmMLkabK|$R^i`4vCN~EY{=*9b1Xq2q?bx3h!OyMC9-dX~!D0Hcdi-A8clc`y?0xVB
za{<6=@=u)pXS)vz;NJuKfPcH7{-gT=SpO?a|DyV+{raB{`HuD#Ae9(_1h$+SFCL1h
zoJuonpn{;xB}isuARG&g$u&j)`rF*MKvpUIP;&G;6{8riC(!GI$L5?V6EwJT=i1lo
zn5)xyua3EbLiOI1Egq&Ns*l$?<TSJ=RX{D<f+gSQY7P$Yn$IlECmb@luP+!9LnK7%
zuV4WJ(uH5P#vQ)NyWJ3l15a`=yIT8$mk)4w>D-JytXly?Jo!Q%Qy>Yi1GPO4)U_8T
zv7hYeTOHY3J#w*XZVAOqUt}b$3CPt(Sr3$-li^gr<7}Xf!?f$92=E{+1_*Z8SppI4
zzZ<IJI%4#|zjJjUY)=uRb%fl#!FACCx<La%>2hgYRi!&c3B;Tf%T_gXM-M^2hhj<O
zuKJ17(h_(LaCIo5=As#wDvXg;&tqYLJd-feAfra442B%1sUq%qxz1Yw`_a^zl0Jow
zu(3@A1|)}s+ALt}6`aXJwYS$F?L|ur4;R-%FBDE(t?`7wAct4P@zRH`iPVE2n1pbF
zDM?U0I83Ili!cxfnw-BILY6@k|Ger*Wf}_oy%=W7>`5Ew>kYxjC`ONi1gSktQ87B#
z8sa!W*B2sIVsOqAAD_x^_cnuTA3^}9RmD1OK*0aU-$6`3&{n9(fQ!;v;Rr|DiV}FF
z?D;|#8%6-xf-&UbGsmumc?p=Q7Nc3XVmnHmHJ+e^(>6gFhKAT}geJI;*vYe^I(*9I
z5Dku5ZNh0?gE7MGKZSd+%M)ZOemdEgL<<J#9eF~}3t35os=6Jg8n~s(B}HH)kL7>-
zwhR?FBY9B6A;5hf9RoG!*jS6;9sr)a2n9<e{R3#ze1K(fM4gmdq5e<GD5!_DwqwD7
zQy-Vo=Gsng-1zqa7(&{#o*hOd4T|KlpMfC(+OP#0ds^T(q+(X(L>uzDY|V{vMuqNR
zc9FPNFfPk1R8_+)Z{BC6R><R!>y4p<?|gH0Q$*Va2{pveCchw1&g;!!&DSIRMmO>W
zZ$`LfN-StX{H1BnsrrVKoYMH=LPVEvq#ui<wFwuoj|P`Eqhgt7PXQ$Rn#Zb76>aH<
zPO8Axq9!Ljv;nBMgfZnCEy;zhAcd2w5M)X|%!NTeK>Kk>Bj3**9dJP5$6w;v-}a=&
zJf&r)yGsPv6APm^)=(R3E4u~3w;z5{zJGjifDT~+*tVjX{rR7#S^S|(2#oxG`Fp;6
zkK`lM1Gm#oI7|r*s197?r2vjbQL(vkw8&b@+l2H!d8_kxqb=Lhhig0vT)^LH%}h8%
zT89{S2_5Z-O?Y=Wfv?GU1Km-6rAo+l37FNZkFC>A2;+#l62mFwzrVvN?Y0l~M$VoQ
zIF)#ks6Nj|D-EW(Hr6UBVk6kUo!nn*KXOG#eI}l&^D{7j^z+c?XqbgqMe<}dKM@VG
zJIEoEx1ZqW8g{fTF~k`_zSiR2t5P}b%2aY?&7v^#MMW};qdx8L?+{)e*y;?ZQP`%v
zZ2fHAbpi1@6&YUO*%yGa5qke8&HiT8zw|!V|8&y-cE9`&nz8>^df%ejrp+EFlFy&y
zKbv-1bV4a2Vy}HOwYB-I0gM9vjH_O`jJ-~>q9#AX?Ixd>NlxIt;wCMXa(^XJl<48R
zx0`3^wuxYd&h+bsd++w}-C0-u87%?#4{xwe25*Q?;DHY#AWhd+iEr(1-?FYr1n&})
zZr;%H$zp22idxkq9*Kv#IgPx5=I1;R35)djwoUzomV-}CuRk`2k?%dczxsKuozJ{(
z&&(K8d!8UG2nF$8=uQ^n8}#ybpS?MQYE@MW%X~+*3s{n=o0U{9A-@i|Glga@DH05e
zG3&ds$!4J6=wR$V<}C$&OEAF3ZpsRLqv*qe11N=$2}^$kLYVhJ!K(Ih<f4P7Oo45D
z8x96H3r1s`^Btu8Qm6wlY(>ARfhcz~mNu`fAaH5E9+(%#N&_u##tb3Aj&hDSAY-ov
z-F7giHm|8eOWPeGGO}BM*Ib2@SQa!ihi3ri=ypU`HgD^}Q)5+R|05eH5hwQz4!a(!
zO4M%|bOZ~hrH<q%IYSP(kb*Tx-LNDDb`s<giXoSW0+36?acg40>2k`x$hzJ2NBW#k
zj%g)gm|#xaP1`p>y+>#q!W}~F&chC2Y<{-&gc-VFnuiJ8i78evvKXpyh(2^N@b}fL
ziM($L#_F)Eccj%qRqszx2VE+k!nh_P>osgLPu||+&7Y;0RgHbO%`8P{5#rV3IA|Aa
zujYItTRzfM6w?n{oZS5N%>hrv?js+M65L8^N@okx)thocTSZ(j)a^zBnAY5s6Rw&O
z29`AO(mGT)q2#sytf;I`TXg_m*KbBs-wj<jq1}@|k?m1Ah!oi?00FZz0sH5fzSkOz
zpsLk2rzBInoBU9`g^D%C`xTUZMd%QAIQxm%q5XIvgPJz1`komL9`g@nCXgL4XeTSp
zlyb-N9?t@D61B`inwSyrLlv4%6L?-~JuEvG3_1VzUSW+>B1<wrDt*PiQrTFXJ&6k!
z-us=&{?m*i#7sD8Q2I1<`>mcnhtNsAt-v!Y&k`tO#M(`RzF2*$<9mq=@)XW|(r6h<
z&RK0M4NN16Y$n!vlR*_DHYy*#r@~s?@k}&NZzS@eNG(OXhS_e2jLVSl39fm}I=X5&
z{$A~RSrfusT^a6o7-Ct~-{Q6qD-vXHwvXx)dCR`1loj2WFR6=I4>u@|O-%`%KhDw3
zC=JfR-xxgX5MNvv*n7M1!@Fuu=>T2MYn=$;Ub7SOt!n){q%y10>xaL`3-BHdF}e~H
z)_Z*v#`<T!bVjRep4o*F+M&bapWy>GqC6Ex(x-~HN^DvVZ}@!p*KKy#7le+uKZd|#
z&x(83%ma-Ssj_lw#M*K`6)as2#`(VSiJdphj@8RgHS*6jwPnG=PgjNV84?$)!znHo
zR%C3PJ3k}2<=eL}%d^RiE4DkBaSjjtYH$&OXS8$Q*NoWz9CRY8R7Rn`WkNa3T+^A8
zfS&+pEJt3OaQ&VjFB|bA`;$=Exc&U2ypsBe_M6CL?BKUHI;lK9VzO#`Hr|Oh=AfJW
ze1GSttsXxF7Il{RpIp^X6+?-D%)O)rxoq9>6TEsr&%(MeaW{MVpcS`rc1V|u?uFLq
z(TaSmct^_a>JiM%_kP$V1US_2f&tWEztW>q0o%QY<&+$#zHSad&)ZK>mV(mSe^T^s
zHvX%{X8#XG0skEH1OWc4n()tRBI`djq1Uq7O(lJdExkrvL5J}s!;BbcK`2JAK`mm1
z=<0@afykKiow|=(Fy?BUr#Y&rgNtltDwo4ip9EVUKhEj5C!Xrg?JEN|<*exY;tV%M
zHlbapu6QOPy95eJrRw{8^SjUdV_dKU??d)iKF|cTLQXM_Qw<}+!5j4GTEd))$E`e<
zRiCWueKPD9s<(sA&NsubyqV~&&Rc$?Ez{{dzG2^MN=_IB-dj5)P14Qi(}&Cc2l}?e
zJml7rnU7yb6-Hd<DLb3~9HK`KXc6M2kGCulb_d1OZFmx{EJ4rpdC?W$taQ8yD7~?E
zfXv{5)?7WmIqb`a>=Rtvr9g=@XMy3bOoEei2u6}=FIFg)q$=OnQm}??#Rui^ytWjS
z39+lde46h)4x_@`x5~{CU0jFF)f+^6!C4M{Vhsy1KBK*@2vEK=4GLkpf~K(pv+%R#
zmIsYMgwAzPrB*D9ww3IIWka<gS?EG5{qW)h0*zPvabU6Cm8IJ|Z8?<ym{l0(WK|61
z)sqffau|zTJ*Rd}RBp=4bo6~~7n^1GqEakL$OC*6Flvt3uggW59F-m}rLsXfz#;PB
z^nn=ymY@ey+sQE_9A2~APx?8~_j)g=ZaBqJQG|k+yYZ6VeN|uCBxvSk%q3DetO*dw
zu%7HL@uk>Dj>>cVCf3VE^IIA3A%+9LiGe5<ZVhbTt&xr>5R5*cArw$o_Y)?U9A8bj
zyhG$?T>~r|dWTVcA=r^gdb#1=uP=IZ`kCb7B_W*~$i;&O$eDXBeo8$1I3C<4bQWD0
zjr4A(p(hoD6E(og8p23~G;MNb^^#D&Q_O(s@j*b>BFnT8>7V_Wk_*(sO*OxMHKy4q
zvlTGQA}$;#DRE+Z)Afj$-78>MLYRwLDB~|#iTw-<;r>piP=_L~`c0C7YuR{^jcO}!
z`@FP&xR}r2+ApDStz3UyQcoLXe<2tw7s@pfk~}6u1xO#QUvp+~5&VZEpFG9QlA;bz
zXr%@#p?wvRKTYyQ_%4brcTn)TAS1L62BOSwHC!9D2!P&j#HZ3(+vU^Osii(=pMFM%
zf##<D4ER>V=Ec$Lb(3d|{oAZJL?)DX6Hy3yVjOTB=}9Dx(eHsCE^<ho@Fv8k<TO(A
z`bwjeOtmsW9_l{Dkoa3B<$VX1L?D9|(5(~-vn9;NOcr2EZrdv}lA@w<3x*T=L-6mq
zMbr(VS)Id?q%C}8GeIC3;-j?IwYJzZZ=RU0{#I|$A|F$SO^7SLF8h!{xCa@4lehO{
zR#XHThn3sbYMvN+7h=T|b3x5oHt`?Jz>%;YnoaG-J}C@GqO;+dH#-;3pbK*OtkXFh
zcG9qo4p2ooG2kiwewJA~j-CEzxO3&uFEA>aNjqh<h%U#q+6Q@6jqc8N*ELupBpmN6
z@TNkI{P(`#)k_s+J76_M-;nP4-yEZHqzkr!vRg^i)pTnJGUzU>$lEy`8Jb#=?bV+u
zcXwHY@UE{6a&#c;?l=9UG__AE5OeYLY9yuNKymzK#H-jqW>?*(F4mk_^S><`bZ4-%
zZ>IK15URTGb8)uFUhJ5OV5yUPV&xasvdt|jgKTJrgdKjf#RtJ`F%x7|y8hG>^}|rA
z$az7mMN6bjS_eN<P>hof1yw8T96U3U$=}9^VJbWgk};XFXC+_Mrh5Sg;g$+)cTFSH
z_02;cBZ}3V^^5kgW_J*Jw&9`X_YeTuyU)@8Cw%`#>fi8XW%`f4$?;ELCg5*#&j0Dl
zTvYwDVt^B^<6NynOS5M;>{Zo9w-_9z!8aX>3L~742?f90A{<(Z<C6LF(2LAiB@Vy2
zRGDr`en&JRxZjQS`V_%axR>Mlv0mH5N4v;2pZAXs$EJf*p6K^2M>vb*J}>BKXQ1g-
z)42;lBh-v{g2i*aV8Wl@Q>69=k0lVzXD((2D6H{May3Raue4Os3tE`VR`@svYX~V$
zH}9P;<`(31E}t=|G%E^Z3`GK1?0Ughn%psAu|tYXt{Andt<(6pyJE8Ja^C6obJnOm
zwBPk{(7szjT*?twMliFKFt3lI#zCqX#>1qz{R{|0n2VZ%Ed{OJc8^G>7q|kQ1-NFN
z_@XncViIoYj`t|;j0`_UkCkpyNz`H`8o3(GN@I+sP-AU6b2EOjlH@OUaAGM`fs<TM
zx}zi@4j*6}w&BRe-F&wB4Z9Ndq`HF#(<(tWyn((sZl0d8P7H%alqV;L{YRUCt9#|@
zi^kI3(Q@cta9!q03|z`#)zxZx+coZiZE}K=?JURIx(hJTTQ^Gm{(GKqGcJSkmJ<2C
zVAy1KqQa(~v>O8<xG^z1X{G&)+ze3E(2y%yzjYp;=DP*+$$Q*E3Z3ex=}K0+bk#j(
z2RN{fGfx(84nAn;$-38nu+z_gGp<_E9@bz)_3QgMeKN^2Wv$(|**7pehvf@7b{@^C
z?tz_>3Xn;GNu9)VPC>3okdco<k4dC{t1|-XBxk7dwpN{LS8#NfH%)=o$~?UYP30sx
z{Nh5hlZM7uIa*bkh1?zl3H*vy_Ct$OxqAvGk)6#hL5NCZ@;Oo%pq{$rw@(jclCjmt
z3vIS=_8&G%OU<2oyWX8|$|UFvXCO;Sirhoj_VMDyENZPOsv|MzEstb7W%{E3+1h2Q
zj-~vT_yc`|A$9Ltnm(lDC3!NtM3MUSd9wCq9xG=>?bOlF&F@PLNsRODq(oBcu&tOq
zWsCB+MI@I!E(z|2*_8<^=^v(VA1#J90F`u$#WwdIOh)QT3g3;ZWT#d<Q0#DSYP4m(
z)`{inh-TPxeGgoe<46{+(g!S4!J=I~wj0LhjsU9*AVS$3^=8dj<~e;u=_Smf`9UbV
zq9LT}@j_RNv#-?3EXn{Oj99up;6TC^lObZ+Z&3OvU<14iPdUxv9XK*9LjH|TthI3V
zKdrqQMiWyaGil^IoGK&RD@ih6dG6Mb?FyPRc^UfPUW!CoYxXl(Xgn`mdx2beYA5sA
zYq+kxU)EKvbq<HbQm`^465oaJf?q5i_$Z8*Io+oOR^#1-l@>tKT_uM}vRR_FBp&_N
zTWeT%_NS$T>v%8_qxsD+n}qO`uWhd{3)lvGVk$V7r0rF`*h{%)*oGZ;ig|8y=kf3j
z@M@GPyXFN(l;h^_vFB02sY4-J*5$=Gp7z0PT-ng6?w_I#+9GlB)l*;!%O2{A#k8un
zw~T+W^&Jn@%2V>iv@y&>ex@?a<39vn8uwf-BSaEF&)sWKDhfKFAjYh(%v1FTI@CL5
ztn^Q;{G<j<g0&1a#C)y-5#pwWNwJ9%YrHVxxqk3*NWty-a5oWl*q|TRG5!;R|Mnd+
zGjsk2f?R)9n}4D4fAsNOe=Q>azagmp|0~c5EiIzmGw;*%Wph7p&7R0cD2#BgALL_8
zswntM)@#ED<1RsQ=o)q#j+sAd$8^X{gG{GVi5=hp4n0NDpQfr>-P+<cb4j50xvHv2
z0Xyr@=x@xTLMZ+ys`|5*tlm~!Lm>A8bvWK~vwzHpGDP$hQ+1%o-r@uf+L9LMe|$TC
zGJ}H$YcB;~d)>WWyb=7a!EAIju9eQ?7d76nA)`?1djhE(Q_fxFho(K7TGHr$<Qmbk
zYV_KZ*40t5ZY9-We|sNMX@Xd8LJhm!h*sYrgU;{(hW+E)Ny8oQUi2j2`PGc437sq)
zj$z%s(FrcOTnMrGTUD^!HD6{Qc-yLR#Jr9re!Vf}*9^FAthc%_MY_0=$)R|n(!;rC
z)moj#tU-%3W>2^()s9(KpU{mvZfl1*&8S0AwRW^v?qwA3j&#J`Px>_d(;5)I<#g!=
z;cVbGdRWwxa!@<x=w81c>PnX88iu@;FAQB)(qbmgy<rgki$~x5m%Umx4VetVesFy4
zUm)%zCK+NO2R#yOUy1{iX{C+w-ld6lx5PDslR33uO9Gefn-uB*y%R^a<$)<UILf!j
zEmzMB4u(*C>EJ>JEiD)EsZ0fwhaY-%8%`(~7aCpub))dn=Hm)Cb!#-eaBld7?7;tz
zv3ClxY|++rD{UK<wry3~wr$(CZQEIC+qP|1+PpdEI(zOLF;B!<?;~Qo^!Qrut^GI#
z0=nIVHE|&F1;AwGos@v9CcBC9$I6F@a^j+IB@5)3*t}G8kep!|hd<HRP}&BQJ`^OE
zjF5%&iBoG5>V8pvNX$0Y?VE^-H@y8(@-%1)oCsNMO1z;QKqkU<=5@v561yW*c7|1r
zBmCpNUXfaeW(4<&D_!a*k|xJuZ;t_z@ap3R3Z@|;->0a1P$h+%zzW7!lx2v2@pifk
zW4OYBiGr@#g}iN*&`0a*XIDYwEN2u|pe$O^rNqp*X@3l1vMlpYvwkBS2N{KsV>+Ad
z=gq?0h7qU)*?u#i%%Q||L@mdB2rCAAo}O$ORrWE3ynzSQJ2Pml&`2A1x~KZtL0d@%
z<m|Fb_fU(~ASZlLb}y+S&CDNNHXc;>y>MPf?r%G9RQkIRGjFw%d$!Z}S}K8_oOyAi
zDtV-3d*F#*7HTUz5uGXVgCoz<sNnBDm5|W8sw_I%$l8JLk-ZT=jYX!Z!tweF9#-sY
zAZTIjbSc7GEyL}F*yPX(tXXs-E}%A+Vsa=;qAu_fk4je#68}VcmR{~8JbX%WWS2SI
z$Q|>}wI3NQ`<e_pSH$4VUXDL2I)X;FU5GL0+<~glNI710AwtoHMYa8`><YElnkfAv
z<Z&M+Ll9#@__D#>&+UOtTNp=(@&F-;&j78~E^?WQ>hm2lLhyYX^TX1O6U#;#=-Q8h
z+1{LoTwOSybue2iSft+E6#||_5ahxF;+1Ujg2nB>6P(B#(Q_TM(=zM_Iuas%hzNDN
z%-*%@e)dXpHfpUHQ!SB9V{qy2QVDGMlw)eIlL8TIwr4cX`DKrP%|Bl`<RV76N+_C5
zqqA;ghb&d`#W><(_}t<t0`j#>T<q3IJcK+PfOm+<9Np>C5(<-c{xjSrtv4sV=aLtv
z!E>sjaf8Lgx0zqNmi}Pim1OvtsW7}C3TQe9iUP*^d6|Ycr_$%gUc+d}zbW}Q`~LHt
z&hU@Ak(K`6>PFVT6Z`(3lpIuDxBs^Ad}rEUXvAY+9cJloDUzp|WjJE1Wl5IIgN6E2
zu^{LDi2cbsq_d?Jo9J4bIAC8AZ{#L<txIb%P4kSQdE_T?^~$-<#yg4FG8+wcugofq
zJP6<Rj1fdAn(qiK&PExcyndeZbDDtfBgty#m_5HRwhsA-vV{K;uQ!KCHyiFQ>JCwR
z^2?4ZCQ7&(?9OFse03c{Fb}QMeYYcx6E_p`j|j_k2SS9WsD8|gUZdC>Glq^AwoY$S
zys&Yd?|Ie8tx~pK!gyWhHMhztrsuNM=+HQwUR+ACEruW!?9A6o-LFr!Zg&_uony>~
zU149jj)hi`M71Ub%v+Sy#@wXeiTncOFraiuFIBlvA7qZu+IP3YJ&i)%4wT|RjCsv<
z3xF*A7SU*E`ou{;v^_$4&-uvosMikE6QoGC!CM&{ts*6BB=>`osrQ-DS3?-UXf1M_
z59LeucxY{Ga|n(j@?m?FDem~60F0xkjR{;%B!s(z{F#?sd8e23&GfeKXhVv;Vl}GE
zqq@xTb0?E<2@9@7sG#wq4U}(g)D2mz@FmDdWeRh1+NdxZb#c{y4egK@WK`<BYKvRY
zKAq|~Yh_JsYw18`w3Lwn*Fw#gm`|^>e5RiJq1AzF#qgs-dz#!}Y=M;x$G1ei_f%H+
zUCjka@b=Iy+q80I>jJETN0H)%!nI8{v^SDblNWDXkE$Ey9I=41AeNYmcz!RH#{X!h
z>qZlV%Bk)Vc}ZtS^0Pp4_P{96!2;z2H$3|ghGW$e{dE1Jk~I63Qw({CO9ddCuG>Vp
zTjBYf{CK&laBxVfI6e$f4}T=R0L7?=8Pw^QBB45$jA3p|4!K|l1Nfwd+$x;c<{Np%
zM2<^*DpY~HqCp>GT2#bHJ%TdUwRWA~q*%>o9aI+;vb*V_v;BZ2L5wYOMzHOI7zM+3
zRR=BhdkrPjRa!!gytTF$T?Te<ae236K$I}l$c$7G%~Uh`<L={GhUw}KcKkP1VH;nD
zuJs6bBzQ9ys20LYz7}w&1|{|Hj1Q6lXU!Guwfy&lac*!=)S1$R--(!BF*lzWk#Jgy
z@p53Vz4k??j&1oqbooXi7Fn!Gx|?9PUv-c@$tF30?A<2@OblTdunOE?0!LZ<KIrt@
zSA5IiDlb`qjxVL#ilD)wKDi(rqf57F6j2(Ll@wp-GYVRHgPCPJ<6D!*@uYp^m;q?`
zA^8AqQxI8bvzqIm)&mUCr(<DVuiR&$=8em7#mn9nG~7a6B_cC1YN65YD=66+-qt;P
zzkxn{#gj6auiLIY)ol}fodSY%iaqiMv@HfL`lXtx-2qrjBh_j(_NdxhY)HNodM7Hd
z-zjclFvf__^y_=|@Kle|gSU{(SF$3nr?!cSH!&LsLaV55FS6Iror~2|LI}N8#>`Fu
zKd2a;x|tUqETPsY#Iisy52{ty3i_{CYL`ET1H0-)G#=D&Pv9)2nAy*b-(Wu4OEI{=
zb6eDMV>&29*k*>@3aRI3`~Yenr$AIB_+Q#Sy2t}l@Dk(CX163s@!D1Kt<3oq_2^9{
zO_ojqE5@dKl?as}43`*TQ0f}$#f91ofVD^SV_gihnPH}z-vk=Ht-e^bciiAt8Fgv2
zGa#xPSE$0@nz?A5#Wj5uAIFm5&C@M1N5mI?P*QvOmQY5ay-winlG6<ldd<mUBC8$c
zES`Pz82m!(@PaPv9l`UlEDmO$R8fxUSRsxra9^034?l}4kMJ!f*k9*J-L%AB`%|ll
z<A!W|d%;`zv0LDK#r^hF%Mk;Z{pSL=#q|u3R?H4DET>lHyDMw%HxL)sr^@8egW2Ki
z0ZZYtjI<M*9_Y>>+Y~6!)ilS#qJubA8*2$u%-qN}1nts@KU7bvA6n%fo-CO$Vv5S(
zR(_B`5p5qWIjF~k?k7+m+fNV}RpZ2e4Tb-p{_ml{#6tf+zD`z#e;avN8U8yXkLq9h
zgTH*86Mrplh2(QujS^5*b3x_?glbhU{Nhej+v`q3?dP!1b-D!Pn}}a3)P$n{2o?$-
zWISy}-h%Vw?PRFDWleT&TN}8};DFqf<95(R;$7cl0YePvrSnmDmYICpctm2>zSjpv
z4$ofxa`K{LkO^hS1PY-yq(^}asS};w@~GPw5ppraoW6tlr_aZElt2I&-i|vS>5iK0
zZ+R4!Y<g_$FKoF!K$nC|J14ihk6Tb{^TkrhB-`d#HF|1>S>*CF>34!NOVEiYh5Dg8
zJQ92<1-4`SFt$sd_!>eTZLOVSLy{ZTSS3OWn90hST&!79*X&Wqa8Q78!y6*zQgQ$E
zJ!JL`ucuE1rR1~LQk)(4+ZR}hMa$$e+Kbk44<%LxUV%z?mGoK-@`mKQx7))6vN0p-
zX}(401L3jPwwbhYiZteH1qpWO8IUih)gk~wDnGK`yEu?9SR4IVqd+8VM$XTiFr!Sw
zt%yzntd(xfPlzaF=7Y0Vh8d29hK03_&eS!cxe-?UDc02Ek0_UVrmDkz#CkIzt#L^z
zb)vVj6{=lTnhbTtw%>Poa$5Gt$zZ=L?bT9fN!A;wpzL%mi3W#Mb%(aiT9O`X+-5b)
zh-v5<bLxWAW?VZ*j2W8mF$13oye(@2N#)kD)F2~A*q@LPe+8z&xvq`7@$DhJ9GN1S
z%|Klsc7aY8C%#QgaHP&r-{Xl_@focmK9~uut_<L3<JPCW_TxPhiJOMA^P4%@5f$w-
z`}3d-a{5O3N6sb&c8*ZS@}de+H*+zsEJkga9!!ZHsDB&c5<yRLMc_AgfI5r1U_p+C
ziS*%L5W?oQkn`!uhycX=wNFrLISmps;v9y=uwN`Y8`q7D49&W{d8%pDqfuZB#1|b5
zgAyp$n$$<u#J7Vt1lMNv-wur70jBYWVTbL~deus`sIj6JI0oACS0$ADjb8%0b1Ro$
zm+*SjQ->VPhoz{{HmYXlfV+<K-2o!y)$G9yg51?uWEFq*ubqo4YooC>L<DnID>75#
zBwKf1Tg4d^MqD;&Orw0HiTK)vL<BmYG_i|NM1<S~qXHK@fybv77SFhprp4+4(*xli
zrriV9G_ATg4<Rug=02+vemS$!pQ@EogdFFm!Njc-7#y7xNFPPB_C*Kb=Y?to!r$UM
z@1~mfc=}hFuwJV#{4y5~&fki+A)(k<$wJu@>AwP6SWk1oY-H}Tc(zPQDu`RU%a5;$
zmQB1XV&Uh{yO@pTe5BSLxnP8sUQ$jqCD8Y&G+Qs*(PuzwuwAs?=Rp@d2qF*>wD2_U
z^o7+|S7xWlKZ~kCbCs{<6<L@Bp5z3?DGG!&#6aRG*2eQwrM(=(Yt9P>piywDV4W{W
zt7@0WAay;3XuOO!w7fZB!qfY~6$w!yKsI#0!X<4-+Sx;S5xD57LDywaWyV=EFu`5>
zVob*5kY5xXa5&MpS$v!J>a6Yv*49WLeKir}Al*mjJ)ay|;_5|fZ=sQ?=V3q4D1OJZ
zFX<Hn+1_PjoGo0XgS*vcNP;hhPPbtxzVG*k)Ii)=6e7yqPsNm{HGuABa;FA)9LzG-
zeBVnS@9?{5ylH>2>5C;smI@XeCgh}OA2+Yfj}s<D=qLpze?yPiTw|tkxX2^!!{XJ%
z5-&v|j#<@B5+M_kO8%8E<pQ=oR8PqIeB9Zx1U#FHft`onfYowNLs4PgW!-6w)aDJG
zi9yS6S}gE)zCYpCv<gS{uSmLWG1}`j>c}6`>3?usPWssJ{;Vy_+<9>sMg|e_jl`OY
zaRpjR>Ws+e41E9aNRO78@OXt~=J!X)W)hi+xmp$gqFQ2Mv)Dy@x#ogsmzWiL=kfFT
z(9TeNH!IZV*$3Ed6T8>Hk^eWy|ATyne=`4Anf@=xXZo*@-<kS1@`JxS<{d1c1}a6p
zWGAT4Cjp@>(ab7yLxkY`CD+#)iACZSF6=(WT}o?YajP%J%CdSyMd1cbw7VGR7*hlN
z%eEFxS{QkF>{U%bK^~-+gZEo>GoH^^aco6gW5o@ON>>M;>wiUn%X$TJJ`WC)0RkiJ
z)I>5cfJF0d5G49_Gj8>Rec1%a@41nHe8KI1?AtilTAq2jnryrcnG{4ij{+vT59sx1
ziKlAO<aZyr!0BA#?BGk?5=l1wUKyuT7t)Ir5v!DWM=sn2O*Mmbiek(_3V{S*9LKK?
zdV5OwGtv#}_QM-<U{$=h`NyYlAKDiH0|qT4_}cz8Sq>b-IKEgraPHHYH{&{~9f=-k
zJ(a4&2-1jMRXh88idfhVDE|o??Ks+DCisBa9&s`o8UvLo#9q0@S1%L&I>E%^KF%m*
zgJLj)dmOj55CxgZSw(&Dn!V|GP2lj4>N!Idd~BIueJ%h}Ms_=lmJPyU7pcq<!4`MT
zpgRaw^|}qh&_z6{U<~-<xeju+GU!8!A)2v}Lam$01iMUPXMeslp%#m}tqvh=oJlvt
zn*0ZR>aX(ZV`o{0MHRY}Cp28>)e(LDV(Mvp9AnHsBZv7(=HbGe_{&ZGv!xF`!x@l|
z6Stb!SYk)bQh`gThu5cOyM$~>HN>6~x093|ESWcgkJ5{Zo+Q?A*m_96JnmP3-BG_2
zEtC%k$yayd*%&MmS9;nr3T9-@<UpSl%pbKt?cy)}sSQOX%lDHmjKZK|wsIgoX}5t}
z(?7XAUvDD6tQ1#L<L8{wu^H58E1_{6Nbaf^EBak=t>d@%HH&Fo_1qfz?_9G4bwBC_
zIT2WP17$`9-T3ckoJdNmgh3hT9c^<SB_#QbKt@WcTLkK-5N@5UdJG4Iyj#ecq^P}d
zYD;DuI+Yg;Ho=iEGkfw@uOcCMj3LB1^QI!0*q9AEXOP4XmYYGrKIZ$CkvWleonko@
zB9l1Eofd#_GXhj0=bIKI5mHnA_=iix*F2F1LiOaHhdv@A@78~<b($5R{IMFaSSP7<
zOSw;U779~|QAhsmti_?yT6J4=zdgL9urqCbXL*Jw-M&-oYP@)S>PI<U`PQP4T}B~L
zVr4!`Z9Qp9Zi>Bp@CG$rFmNFnDRUNIjs?wq?K{S?DFd;a-yZqPW}fy<WUT5Cl3xgI
zxS?s7pwAk_dJU&oSQ>4;3VLqrHRA(TQNwBtL~CE;Imt+Ez|Qq}#SQ60JZ6o$DR1pP
z$-?UAZJkG|!c)^3|MvCE4{NOTQyP2vkM}b_%HAc?yF}eZWf_%4;|5Zm!Lts|CCsBl
z$X&L;wI0n4sN*bBfP`26V53C~5T5*6YKeA@an;QNQE>6bHGU}^1k2RIBq`yWHW1sM
zcW?e$UDQXn1}H1>W0eRgD9_@RV4OFzYS*(e9eTQG^ZT-GEL;l;Nz0(kbKa+UAY8By
zn^;Xs;!H&42xlBi)=~T}fHZ;M#MF>05JTg5gPyuA*Eu{SzTG&;3M5@DoNt!zaBKUn
z{|+`|{TpC^qmKT6<*Kazl>7bfVwjcnzbYhXRFSgT|2ws0qN<&*59Oh%vsD@jc?ED)
za1bXPr{()PMi~c7Zk2BEKF&#Gq|t<8qEKQF-HY(Rc6T%hcGXLY?0JWAX>{(@BDO2-
zfjl9y>1LP7cd-9|ZexSrw=w1Q<EQW27~RGgsy7WhaY*KYEEQLXB>rGG6A_bd{=-)9
z+n!B~e7q4)&|bpR<<T<x07BIE*TILpYYunFxAdQEQWTpnT^3Q$I^l*nN6RNotG_Wm
zi^>S7nNoWxqRmi?deC+EN-{|T+>@7;MO&CW%q+X#2t9#F@GIi%$Evn`FUmPOayUfi
z4y1L9wpbo}gQkV^uwI@a)Mk8t${uDm({Ttgc0lx~>(6y2DY0n7nb^YU8x3uB8Hf1P
zs4v3NU&!B?Ui;M$J-8?2XZZ&Y<v^`Jnx=ye<BI*<?(ENRh@x2EyN=u1e+y0?&0vH!
zUEbp#MQ=-YNgnWV{^AE};JOJY2x`t!=+g`r@>-^RviN;W$hQkUr>QuUs>cqPz2$~z
zT>(KDz?hG1Og{=Jx)&PwCRdy~XA;OBu0RDrxWNp$5llaU=y}VJT!q}_VC6<zB+sI(
zM15Io=FRRavg%0V;4O?O%AYe}=RKln3+kYkUV!T{a^AT>8ZEqmo1$gCc;eb|3UapU
zI?m}TZ&A^%9w5BbA`!f%9`<$4T(hG$3UZBEyBNzbuc`0GU{ta%X;yj=fX+`C=#T-8
z)p&tmsP+h%8jPYqk`;FdASAk22YL|R-lB!RQO?Q^u1Wqbmrj=<;?A)=6N;Y_$*$?B
z$)3cPl9jVm*0w$x+B!@c|A(%&DRTN~K6v8DbeN<}=eL1optc1#!=2}iUB+&F#ojzM
zGCDR^I%y}&JJ|sX)f$Eoo|ZrclaQLGXJ_J{^4%=PfQlwmWs&EmO}T<Nl4nu@X5wxE
zjmjqN!8vb^ge($@FaR{fNwn?5=B(Q0@h--Ti-i*!$6BL&j%GYyCQ^DqfGPOm;TTAM
zzTbygN>W<27zQ;Wu!ODU^?UV6_}~im`BLf>nk&^UP*$7zx13MIEM0YYbD;wWf=u}2
zo1}OIr)rD>sR|2AIQQ<Q{(d&u*vh?f?w_I0bbc`ugJHo8W!wpr(3Is{usDbyp>HrR
z_N8sL1lyASZu-IHbfXYn9x!ckdeB`6d1>aApjwi$;4Rl`0M>UmU+{XVaq#@uJbkQ7
zc-d4FySmVwv%1J>q#>9aH6x|L+us7_=t~ibdN&t!KY`vLV&~-=>=cWI*gwNI3IQ<H
zm*a@dYWGriuKB<zFeZScq23^sW|HHvofJ}#X4Db|9+@<@zgM6kv-$+)%X?jl?e+H4
zvcS&<BPiGh*!ByNc3TMo@Om}UyUI*8WzY$0{J!eT<0|l-C>)4t3omMQ)oCpn9KmwH
z&p+>88kBlKQZegrp@KT-Gw*1iODuh2z=~y(*s=LnmW!7pBKP^*PHjzS)_9R(Xz<7|
zGEsw>MgBAnpK7IAN4n-89J!k0W@2k7(^xoWlUx66Dwprz;C8_0493$_=dw6EQ(eaj
z*t|~;3S65C6LnakGKw+G8?D4QP?%ihS4^#4%S0Tvp|ksNvkI=8`LZBvncnK&In!(V
z_e<g5{QE!4;eVQ?SlL+qbwXoh`%7E!|6C3isYv{_2k83FcXBs_B&sClHGDea(8%S3
zY^e>$M)k-g9@`T}{23p9Zg4y9@*GRZZrvu8*<faQvw!UYUE)HAhYvlG@|C9CJA97L
zLIK|EIVwemBcsdI!#h8Vymw;>84u#7o86SN4U#AH<BPCr$HAYBF*Oc@$ZaQ9AoPY4
zC!Wr~5OQiq;MN8{*pTCAV5}yH$+8YA9Zt|b+*Lq#{Eo-Y%%@=hU1q!;@C^~s?1<Hz
z7xmG2#tUMyylGrGqOwNvZDxt0gPaTQyReZu9~1h7WE5IKYGnT^G)=Gp1IFG<!UTa1
zi3+7CdQ#fTVlGH!`fc(uma8caF8~pUN-l8~N;6g{lU1R=R<F6C?Rcs2Dm|FBPdRf%
zlRAdvpkqCV7G1Lz#aVh0YEAAFwEdVwGQt5BX1psyC<h(u=v;E|M7Qr^`tIYJViA+|
zB?bM64pnHc4t){42Y$MGKrHxM2glP{O$KWlU3Y6x*-M5P7qJvn@kRYpgC%<C#=HM-
z6R$2G9?IQxv({my_<5(%onQ2zS|;yl55YIkF#rjpfoxAzTw#O^%$OZ>wgt1Pf^uMw
zaX;Qy!q;An(PJh`(7+(;KWnQ9hG=EdGc~FsHMhMh5%01W9;;C16wYgmK^WZDShUf#
z>BEdRkXwLT6k42$w*!-j!xI?1r|Vcy8>XV2YNNkBnPsx*ZNJ#zD6OI_HVhS@UMSI~
z&`kN!K;Mg*lLJY2(pdFK@mgb>R$ly{#j}Yo;%A|8oVz1buu>8}m8Nu4af1f;=gUo*
zQh#bk&wla#sK%4g{LZLq+G{y^=}Rt3XBwoqE2es)HKe1)sFDM-gqM~h#teh<qac>I
z#)Q6Tp`l`OhNYGpvI?`1rr1Puh#m#Y##Ox!>o6o{T*UHO<-!T*;K|-4BbY_DNll%Q
z^!WqAM3TTN$OLI(xFO&T{OB+qN41x3Ak6Gkd2dFipCZ0O7DCve=ACsA5HKYb89fj?
zf~7>o$(lL$iNjg0J;or=Unx-yiCo9LtkA0Z)v?9-E3uVq%_KVLSB%&Nj;ZEA#e5Tt
z2dDB%Av;dCxG|iimC>H%Df>`5?G~k~9@<`L0hAe_ng594pv6Ahtvl9^FC8Q)5p0$$
z0!I7^%v?wSK$u5p;ZHywbreg^Nwcxap;_phF1CYhu?zk4&Q$s&@vcYK^dQyHa{f^i
zrc%1fC!Fn<9?=`kP4$!hg;}%WR^+7q0UncUFCCtH9YxAcFRb={JIP=zXR&8g@BYxp
z67CtG-X=8{2>S%ZP^j22gJhL=(nr$i!W+FIdu<m<A7Bn0Z>LMe5^(Qj{?2;Um1p^;
zMHuQV3Y5)tiHf!4N(L7?P-VX!;2mQWZNsfwHwDgBg^79#)Dw`6HKk)rwyprc%{yqh
zhA>!Is+TQ7+kM(}j=W{bE7fD`y2fV*y<RpZUF!0vVzst7XF*5R&rxkdnGKa3HFD=B
zCxAzo%|1OAH=*%lLkGx*Q9`KYPZj5--`2y*yWA%x(mGk(_(CPP&GgjLTk<3JB>^w9
zBbqsTOHtgF_4TxqGJJ^^K7Kh)LzuQMr3+Rrbp`Q@fMz%SRvPsJ1!FpuGO}qsBJ@Ea
zL7n}jNR{s4)v<EQU)hBBP~q2m@N*trjx9qM9YZqE?A+eO?G~|O8tQM|2my_`Mt=2=
z?7CMa#HWvDe9Gt0q@*Aa?$@Z&9iQ5JTwwjzIZb7raGyY~(T79-2Jqil{TslH^#3@k
zSlRzA<YHz2>r4H=0Pz1TV!r_lMWiWF_g>q~WaS4qNl>MQ95IMv8rGDWB$!gTSKPd*
z)5S<+BoRH&WEIciE7pa<)8)qa0!WD3AKKM_)e-Ie#ugM6rk`um8CGWrxR3Ce5oJO*
zdBiwFpf1v|UgZ;}AM#^YMZ3R(IDbNK>gczo2o8HN`KP1;D(Uaa0<>#;H>5%Oj7ed7
zs%;Tkp03V7OKcO`91)x3*^rR}Zel*{Y1QN&N5p!=i-7xX8ro`J9nJnmW#z+i|3T#g
zduj*kBJ)?QnwBXEQQ-piLsy>cI;!mHU9QO$qQN&>sF2DZ+O*rWG`E_T)S^JbOsJKB
z8j#I^t>w+-5IMKy^6mZU2t&FX2B@B(eX3pMh2-b9Y${PnQj|Rn=u@dq8cHtEW#aNI
zS&{LVmMQb%X6@GqIMY<eRR|5iu1^jSVS5}d&52O~tL8#szUuwrBgPIRYRJHCh&|*`
za<b_F7HR}PhN|5Z;8ANLZ%6-#@7nP?m}!M8FYyOFw<W2ggI;5}V8>n{#6MHqq6TEK
z$2My!=i{aF^%a@Zi%NeHmNJ3itsbbuPx8#pd(w<8eJ9oRYdXhxgv(I2kW_{gXstfZ
zH|;22^jBSKw&d>o>QP6r|C3UaoFm<x`%dy>o`NG&Z*AlcKlsV=_vM;X3Mp9{FJp*m
z>Ztk}mB2+QsV)-vGXW%Ps>G6`C#Z4G)reZtsCX23dHRW!1~w-A&0J^YIbfj2!pz=@
z^8P0w1|-=)dUMjl0p9eDD}#VHmAO^yO#(NKKn7p8?I{5*mEI_=Ec`IUxG|9IkrICl
zF7QoAod+S~R=qw~P-5m4%2BHwSjMOG&RQHk)&f{<JK6}q*WPQE$z&*!_k*SH(*!`i
zP8?-Z2Oz~v`gR=th`UCRIw6*sdZq26^I*%q3+N|`W&e~fmTGg<axCgMR5otQQI2>~
zHGv&&%_PpHXmWFDH^=%sWVP+22Jy?z+%B)$5uHi>S6e*f{Xg>o^mQ<%HcfE>ESX9=
zfQU_<Rdbl9C5T`h+>bjE;LOLduwv=Jh(uhkh;s2CPLhFJ5f?D3X+F8wZs_uU(E)av
zol{pfmdkAtP$@+GdPe-HVm2Jvpmi)W-9n#6xjf_Fr+oL^Bt1<mf`~-2Y+pe2aFXeZ
z@hQ69rym~zI++2yR`){e7s@<IuoDl7{^*&nxb0XRY6csB5MJ3;NS}N00J1qO76OU6
z!G`>WzKniVfiugb_M6kIZ(OIfbYWjJJS$$b2?*gGXN%PJs}cS+zp-epH|6!uQT7*F
zRdGsj!1kZbem8&f`6pZGM{FgHoszk&U!!GQz)6}k2Y)`6xOKCE+c8;^6=1?$non7;
zydt;)P)L6)W{#1$I)Ux(;pny@7?M^%QuIcEx!KeBm6%D!RSUj1Ao;o*U}Nrd0#HO^
z9PLJb6tli@JsLl^T0#=gKLh&goZ83hY2OwjpfGgzV}Jz(B0e7eIoV5J2ArJ4_MEoR
z7j3#@m*Gb-y;wOP8{6{O{!Cne*aI7;+^`93KVx-#&JM?cc0%4Yg(Q-$TC?tEE%>wT
zTesfb=UsgPw<+@ATgUqXY~eClFU=ryE`>^wWT1njUZA@0c_-cFnt)~ByU)so@#b-X
zONIf+J@q*&x&8qlz}kMG6oz#pPu39*^U0^KdrV==#{7H0`UNiY`Sm>A2Dor^TWk3l
z{sRt4m(uXx%>A3B|6wj2-TxfF*y#SvTsFG@lDXsG&IRPnH_A&IYTb(D_v~s0u>kTJ
z=eeN(eObp}5)Ff4MCFCZ%i{;*$C~oDl-3bU&KG>BZkOj94rMkAaQtU??Ju~;St>as
z4Ru+u&sNG=v!;^$JUsKei6jN9iIEpnoE>YMUrP`_0hzz{GCwncjD+iTh3|}p2}78A
zw+-O~5hm}ZpxoKNYLJ3^9oOK@KCAEc<`+Stf_G02)s81S?rQgEv-R<yOM1!jN7<nB
z^H}S?+Ss~3J-wxtg;h9~Fg6nzlqFCi#835oc0Kg=67#)%hIk%>6LgWMj2EyX{cnEU
zOe2L<hS3~fSx=o)Bnb_&-HMk+CK5;BnnvYpLTajyvlLbh5Gb%rzIany*ui#u5X&0!
zi&2-&5kVqyBEb%!TLI=zTjq-E)yyo?AR5K>fsT!+mUE^#)=JMM0a<4qRX}O=C!}^4
z=}jvkV2xgm68(^50w>w`Uf@^`?wA3EYKrTV2)04QKJQo%x@)IEOu?XnNBMy(vQ8pG
zN45zCRnomEiULi=0&@biuD|nbA8LeCAGWiiioEEHa;jA%A+<|&fvbw5g=l|OD;=XQ
zQ;hC8e3Hj73-~z)=irezM~F8iS~PxZvie38)X1P?h*iyJMbydrm4bS!(#n<AY2}@T
zBtfVgtzm4@Ukf4ZeKB1WDfD8YVxP5;##LIzb}HZJ+BD@kq<$w;+eq0@USRqo)=`1s
zy`o@gMJ=P`&C6C(5X2u10=)^CQqk`U`{|M>sga!7RiJHzMGM`5YWVTzk~3{bxRBK@
z;$Rt>GGg;1W3Y8dcWbDEl4x7A{3YL`(xn*#=Hqa$t0*BdlKFw*rSK5VZ#u|eD)R1%
zoCGnt2-sL$KvF+TBo}uLz@KD0jfqF{YD_u+BH5*ow+)~;_q2(Kg1f;B#kqntP{_{#
z){2K{h$BH8EYxL14rfg7$~j(dpT>T4$H4_;=#j-VLDLnZj+l~e&liLQ&ptgIo%ed!
z@zp<Vx~!49-&$<FbBJSE@dat|bSfJ7^HVn{1LpX)D<fOKpDDhXNQ<OS952nLI(nF|
zEtb8slNRG&XYL6b(os2pBM_nr8dm}ezxj{L;W4;+Cn4uc39PTg#op58JCj}J*bX<@
zfHkeire<na{OE&UVjZ!_Sdt@P^dx#Y3S8ZvXM^dgsDgeqvR*%eI%A{xjg($k0L7OD
zA^fi0yZ{eYQ^X3OR7G)_!TupugSw>Gx=?05pWBdD>qr}*G*i^PtU4>SXN{97)EQWe
z?IvoGgjdOuz62e{mYl|veOg90iV3bIUwwz#Chi7JU_3ZEM3ZN$8h^hQ+t8&n82(0w
zR?5nQ=c}Nu*JS2m<)}D_#29FlT;Oz$WM)u+8V`{)GKOogM9}_6sciOv!f1*iDAh=~
zMe6YeT5ZIfI^)+L(|JjN=)+mQv$-rpM^Lv>yY1}Rk6!3su_-*`E1pfXh#d<u)}7pj
zxhU9;OKnrOuci-}cSAX`8)XwM2fZ==CBj1uj9ovSRud21&Jdys@X{sKAHe&LP2Ib3
zC1K$+#3X&}+T`sh)fn`X`}7Y53Dfn42?uQt8>|3+^0x_*ar+n4Jq(-6?9zf&^HL-A
zlR*a?goCmzhHSZT5kiCYk22oUW5fA>UjMkS$gvAh8~A>l7)W>tpXnoT6PnU!NF8sl
z>2)*O1)Q(KPCpAR$iq-$jMNr)a+;5(FfS+s;}2=(EsUKh>f_C^RiKrbP{pfMG1dqt
zIh0&CR$nGX!DmAIC`68gr(6Qjl%1QgFcW`bEK!VmDtfoL#_$DGHtxAG0PcK*bRXM%
zUY`+kLoIcJmK^n~P)W^~&N-XOIV2mxU2pg`+wZ55FjR~#8J%Ve`-9;%Oq*w(Ld6xC
zuG5GCkGpMnY}zv9h9w`B?oemBdbOgm&BB1{tZRR+yx>}T+Wfm0>p#5zdonPw{Id>W
zqyP7fjE(-kx{*~WZzp81{8fpu(oBMpfk_v#X~yZ`WS=0J5b01nDL?|p0A7G2nn|=b
z(>$(|oz&xkzJAJH=7}>MwrS(i{V_-_sR>7NH2*<Tba&?jjCJU$%VWPExC<gl`kW<Y
z0v~jTA$n#Q9oIB%^OsoeDIxJ%B$CV_wcR0<u|((*udkcTmK%3(&J9pz-v@iz!K6M6
z?8f4F^kEUOuMCanW7G|S^C}bd4>nLXtAhY;KGgI>NmbmZnkLP*4vijp5Na5iuF`Cv
z5fy$q#1@*TfMI+9Z`wpu%)Z${@Rld+KAt1(cMpg3Q>@SVPd2Al{{9iL{Hy&#vD6TU
zR=#}ii72lRp<c3OS~I!Otv@T-+hBFW(=}DLPdP%b8RE&z%lA#i;=GUt*Be%8Q}_sb
z!LziXyI|Ii^fw_3A1Pm?=(zbgSV!SwGK%W;+j*V2^3BYmJ`;})y{Bf@my%M%z=!5A
zX|bx@eCAnDqo0k3KIu7cgz<&Rkm%dYbHsqYb0@FOb+_<4_4C4O8y{jBXgLX)*ORf4
zIN};|)4_ns7QN+};`7S^!zz)CN%M}p`5|j;yYI6OAsY{6ObglLhhKab22%*iQ@57g
zYtBSGOC^*|WyC?(Xs$Tj+PxBe3P}kWTGo??;GuwvQ+nyqx$%2Q66EoDD52EDN(IEb
z<%XC{l;m@U>q*%7Y2MYp!CH(9eVN6qhX}?sec?X5?6>-Efu>=M;REBaTp8PCZN;Pl
zzKh77U1-R8Z#Q2CaZW@;L53!RE?Z3T&@{+^w^u+8WVi|#y5L$id7n1Of|NqIj`C^b
zv5iImYRHGWdMp^-TWQkc@MCXaQrnEU5R8;$GdV)qM~o@Aji4OzdS)ohW__o~*OW#Y
z^evR>Hho7ftW?^IM9=-dn+OpLB87~HY{NqTY*nE&9k#8WcE4Dl1e8~Zi^2$d3R$^^
zymS?p(@+NN_DPRDFKJ;mJ1Nl5mrGd)LG@4zE`cQ1-n6QO=5qX?G+kR8NJNzCfhLlM
zG5|I!0E3GRKg*R*Hd55L)crViYGq-rkefS8+Yt49I8hXNoLjlN2ipi$9+yNPmsrM8
z{Y?EOWh7k5D;SU_qOk~NPWzL@e)V$ajn6|;uU|>BIZlsGOSt>z+@>A{3dM4=RX(%O
zMOGDTnTecj;@VLnmN1)C1G%K*oNKPA*e=S{0+SF-P;c>)W5^uGHOTyp@(Il=A$@IA
z4hwTH&TPYES5`v-?8pw{$XPzRB3ELenNXZj5xJNY`}FnXV#j;>nMN$2M^ub2=Fw(n
zS@T?|fMGdaGFwnI%n+PJT^_t7@1^iO=P_kT_le!VUN-*&iocOUNB@t~ijCpl8&)=k
z|8m2s<$%PB?DbUBViSa6a{eG<`7|jt=a)7EY8iY=$2HPkS7q$dD7prGC+s8UV?Mno
zKE+{&;|omUTU6jN&HfZH%_J(1dF}F?mei@UEoElmL4MP``bd)CfC+c)!IC}e$dD5k
z*C`bv^ES=<Bp<`KE22DiMVUKcmOWwCc-lBZE_GwUAwGv+HMRxi-uhaSQaozOB5LNe
z>2Y%z1C<^*KRT}Cu2QkJt{w5n4Oe(dl?H9*o=wtk_a^#uu5WjzXD7fa%$arSpWHaH
zAZ*k}uH^*Rg+Q`C`(3T!5NWb+#vpd=z=0(de}{0ZbBN>CnBdsjrX5dl&YxUoPc3g?
zBz^AXc{TZV82$y*uo$$WK$A7`teazQhExAzg9c!G_}Vggf^E)>L%f)Ja{RICOL#Q&
zKA6Y<@WzzuW8mr&Z?a!5J<@nn1Tnv;oIwmWF|grW^iEpQ4Zo^{fgAUFv0h+^IzgC&
zkV1pP0-?g_Hj*nr$@sBRVKEuf>ZesCS<#<_Qa*hJv`Wp29tgzsexgXCGWg`YV)>*1
zQP*F{g)m8g@Zzj&N{5CnZREKbL=}+Ol#erharQ=xdiH6gyfo02K0Fwt1<BQV4AQ~8
z_<S7bMDsLw&riad;xc$zYNSg+b(}0kq~2`9QT6!9oVd{Kpr60nPDO$@rcR98?<lkh
zEWAi3vx6pl$0G-Um>1Z4-HI!s)>woaE{zK^<dtH3&Dyrfkr%&hv5^5No@v<pJFmar
zt#>l()j0I9qmzlp12lxat%*E$ocrSNDC<GbK&hm$)<#oXCxDP??0J+?*@F5sHFs9A
z3fO*1mCH*v8bzGh*5<F)JCj-)bt54Un-$&J&4J}*@}4P@!{BW%_sA}0bs6;w7qUQD
zakyzwLSYRJSat^iv6Qs7oDj-rI0(DctvtO97JwP3@2)Px$?0$(NGCbNRY|FRa@sON
z%wXR(uDaxjdY36FUiJjQ1Oxi3TI{b41v6Oj$7gk*dg5`+Y{Qbfr>&#o=#L2|axq2v
zDxP(a7pg>Q_}_*E1lP=pfQxZpyjUyjsS1+DABUdg$VMxS7wNY7y(KX7WJ@Km!-dKo
z6y(s{(&$&-QX1fGQ(9MyyuaMSF7b`-vSCpzGjR0!bL%K>NXAghoMb3l+ARcM-jq(P
z0+jlzi_bTX%`#02%BikBXWQ`|JT1*Kgk)c(I_L8?CRmvrM}-kDl=Z*;3^%UYq#+54
z$@en=u&e*tvk3VacTB<bR?_;?^MrFH##PAj15Wg}Y@|1-`s0$kGTh*ORk$B7C}e-6
z7&zk%zsi&@5e|CS@)0VKaedrSOy)Lt2T11erK7O=NoW^qbNZSy-%-|@VOCG}qrH2z
zK4H*9KXs$9krmgN-1V0|H@2nIW+Ms`&Os3RPYXBgXmGAaG<aML3dBr8bP$HwFx)}A
zI{T|dKT5Zd4NTi+o3~W1SX)y)&va5j&ICaVj_ni%Igr$>QVUb4k5(r=J#cGn376@7
zMx1%GPBdFkj~s!N;;5df*e6^}Zahcg?*r(S>!;B8P=0JGR7jid`Zmzq6+1;R5(l2w
zoeBpsZl*i%U8Xu<oIZsZZc)yl%ZjJHY)=CNfcIUmJ0xoZeO*iZx}@l7obFgwi$hro
zQ6|zVb*NX+A<VTcD9>_Kuk{L>QfW>0OzigUqRv$ftr{{}zW4*P>E6!=;~Ul!J`7w{
zd8JDb_H?dH1*8X9-zm}EXv~-$v3->kaS@hFIfq)oH6rPm<?6=lFBKUqq7?nA5Bbwh
z74Z58k3`c>`Ec5D%dryReDQ|fsj$SiJTDffs24LgyUp9RA+tW7679*zCYGu3Vp~WS
z=-4J=csn~wR42WeFIf7a+H=YaNma`6Mjc1eyYCfdJ3L5eU+KUae)z!&udJ$ZId;YG
zq9nfw$G!7?n0fAW&v1u(t1F)>b9ujiPl><T|DP96)_)2G*%<#XQ-blooDx<J-x1WG
zQ#C6#%TvA)RudB4vqYWF#jO%RX;V@q2?&pXZ7a!?qo=bre`ve4Mt$)$kJWDh!-%V#
zbG#l`4;k+R;9uW2J4%F(2mgR87b5}soGX!v1=F3(U%Ao+%Q0XC3{BPbw{N~4OP^5j
z-6f-5n@cN`&_R&U={R>B!VBLsh6m93yUn_RP9OWY^wFWmyx~u5J7sTnb@>{?lT7=Z
zYff@rac-?mYr+Tb<Av!mK?j)b(3<&ZN!sv8+Uy8ZR>&vySN18=7*SLz8hPwD&YWU?
zFD3eT9zhH6AV`r;2F2(i$v@qWs0x<EGiXK_CeJ04DP?0y9pseWo5||Y#09D&gNjfq
z03|E{eP1wl?LV!Zv3W2gmE_9eAA27*Enz{&p##@FBl^&(P+yK3W8JC{#EqW1G(eoA
zfH&&BQaKGAk3*Q}+JeOu20%ymi{^rODPbxP2$S*bg{*zzoHx-qTKt<J+^Ng4+2j8R
zC>W#&1TiO*-&TWIBY$*14HuU4%SyNlj;D#A_jx#pd?KXCCng;_DIlFWhV?g&qo%83
z3V660+kAF-xQMMVOz`<yD4CH{z1GX-((4DkjbK4F&=wI(%an^#j$^{ic&{G>;*}`j
zRtag1#9JEQ>o|Opy+c!qBY+8<%V9?bf0$-Sn9%eqDi%+DI8UQ>t%@3O6JR1-6!YK3
zvz|*WuB{SRh(IGSw~9xXSViyv1dXtl9aOic+bX5c6EG}Hw5J^avmbppTSmz0f-~rW
z=n-KcfF#az-VNLut@jhp&aj{8)<Ub2qzoi;G<&iMM3g;{n~0aCm-CrJYN$qlVB}$|
zI`yF(ixJO(8Af+#;S68c6t}SrS)70WDJ!J?i|<P@6jWPUDs+Xqshs*i<ir-F3Y_!g
z{SB;J4RaE|!3kDD`Hcg0qstlDoB2zYwK}=fE($34JBc}D6}=rW`XaTP_Z~iY8^1vj
z)4Wt_$?pc2X2AnhhR~fD1_AgekS&K%qIW+_E(GXj{^mAw%SxsJB{TJN5>np641<6G
zz<O&52v6n7CQmeQ;Uh=AF8te6#goV<s2Ut?3{lx#_g58#Gb<lwq0fd#@SlGgLf;p+
zx+pfGaO&D>6L;m4Q#%9CUpD8{`+ejIq6#J#WTDrRF8wrfYxUzK>W!V>Wm`LL(>wPr
zQZjMy-uQld3Z)o@=fPv~n@f~Rkwc2>NY5gNQ%E!Dl$MUcsH)}4Y>pP%v(i@?UjJEc
z>Z)L%;aF2)+gT)E?!t&KbJqE69m0(v2_%C-2++lj(K5)k%YwI;g9np?w`Y7GEapXz
z4j9e5x$-+-zcC!3?9}3^r{>&|J7Bi1IHWTdH+tQ{^xe<Z`?X$jB)Hr~bY{Q5ZMiOy
zQioTT)Jj2DmJD@?f5`r0C~zKr&kp@wB;?1?FMCi|=-HE=%h|xWhywgSY(us(Fi}lQ
zMK|JK-HRX)HAu3MzYAxJW4kI<J<A$O{SIDOPy!1~0|O7&Sq{ybARxVe9wGoqxsniu
z2qHuK_hPIBfAAQr*P$~R^eUw(i6bJ<3-}!a9*8W+ceRny0L=y>{Z44H<ke1X+e_9H
zUBC<w`5C}TTUeS=`K%Wb+>@=QFgz-4xC6kt{@KTR@rt!c{KDnJjx2cj)l!F$;$KXY
z)Y{ZU>j!dlHtzNk7AyxJrT)S$!O=$t8Gqv^hx($-H^~Q$Mh*R8;vXxGXgTa=w&Kl3
zfxhi+p5CFLcC#~^dkTKx!3#wPmrxSlmwTso3~AB@MKyx!^K*<076@@XG~5IIZDiH@
z>el@6@rifJmnl6~QxGhem%cdJ%*1)quFQT95KcULSFSH4TBw*=vvoK47-ZU&Ai=`1
z5%+K%*rYOj%Y$DBw&nHq^dQ&Q%*Tf_W6Q^t)5n3gGkr5;_W5&faq#0}@}6pBcp(=Q
zUY-`ZKTjZ-=Z0if*EQN3X)55P=Y$l_EdH9GHVqgk<Tz-=47`Lr+fm`5w-;<bjrcI{
zbi7B?;g0j>;U-v^Iy5B5d8+H`9jbx9is;`{=I`0@_mpA&-=YJyf7EjStBYg%?;1a=
zRMzd+ME{EHxnCzyGFE<)cno`%mmb`Lk5DwHJj@@O^EIYsx}DHX{&q|^i^TuZ&D=yM
zBIApka?IiJngv=J09eo5G+}A>?hex}rUIKFH~EiUI{E`WA1~||gN1q8;^Y@x@;n~j
zQ{3e42l{s=t|;Js*&+ca{4V8f=zgE8b*EqRemC_nzMUl}U02=KhGr)J4rlNBcI92|
z!>akLw-L~AnAi?KGRMHfy436NsqMWJn|~a#x?z4`gE2<VZKOF(`DdR6MLnSAx^!d|
z5HEpW0ukLcAfo%p7n@D&Fi1cdnMCcuBD5(xQvA7oHD2fY{oxt(C3>ll7F3xU?6|+u
zZ&_obp+f5?qqD5l-Um_SHS2!BJ;=Z=aZ;0%<Ae-HwwG5uPj-y#5~SfM(vm9~($hou
zt_QW(Mmkq#N&ZmF!Y*QnFgQ(KrsR%zS6aT00k4VmV0KpViHF{`-Y>jM_vhujN-O#!
z&|P|T2ZQZr6i}X<4FkEO-~pGn)SpJbbgQrAALB`yxGys9Fy#WXrTp>Ot0`V{d6Nd|
zrd!2?)cJ?b{YM+|>{$*`#{5)Dqc{g~P%G!Oc&?HWfaO01ln);KhQm<=VeL51wf6Q;
zarnaaTZlrN`5-vDW=b74(Idrm^ci%M^aC1l5j#Iel*_3FVYec!FA+_a%ANmkR|lyx
z7=g=sDl>EKJXPizjh165&?V`^A|sEZrn*#c122tm+n2r&assFyrdA<3{$ft{E*Et2
z=S5FRO@nR$EGjBBK7_QdW~hyI9J23k^AlesOhBJypAQ;Q3J`pH*0_51-OldY!v7iD
z6SjSelAALtyv+l76RYcvfAdZ~vz}aCRA#fv5AcZ6sdRBK&opQO59(Ue$vWFC0Jkl2
zI*c2Ptox;lOdpsL4*>*y+d-2y_p_hWqc2P(MHVW0u^u9$lup~6dAOZu8uM8SpQYDB
zTU+YpmxeaW;Ep_<M8gRfMh(G^L&4Ou<Jjs>e9~d2vW4WFBly4?gL|+(F!2$1Q#Dc+
zL!^Ff8CEaBuA{J9kmo_iixjbYG4tf55)zg=g<dl6ZDw!iDEU@XZ!5gLm{D}yB+)qZ
z3)*Q6w<8mEq{K$>61cFP_Oo_M3q8{;gIKLBMg?;>Wm;ZAu{Z`Ci!ygfA>$n!-yXw6
zhf(k3BuKuMY1e0bbaVQFn8ualqTr-sbtym9*hc02J&uRzyl6dtXmJWl*~S^j=%;L+
z(~4%jkl0~ZSU$ERUFsz}GY<OQIluhi(*9&l4ko9q+g5p3+~R^Ibz|PHnNf(5rFWj}
z1))n8Lz?EI`UFuG6tcOG`ifCLD-9Q^OG!`1I;Gvb!R&3pwB{!8?ht-$=Sd5pAnyIw
z6g=<E%?w5#jMkp8$X#s~{%h_qE_IIB{@|&7MDxCMN_Bt~1zQt~dv49#klnEaX{}g%
z;P9d_?)~+PJz@5xot;bS08BOxcod7YSy&M&DM4^mE|CUYX4z0(=%!$=s=i(b_i!`9
z65n<HI_ZaJ(<ewQITZiDS@%zzBRxIKKk;O2EPn+-{6)b3AM05DddvQQ3M;CV<!ruf
z&)&;5EzOO5`D)2V5+IMUZLnumVjJqeLQuSPi71W;!YIf|Z-Tj3x;<SAEhU`S@J9-P
zgD3Zg+poGfw^&bFaqds7coO<vUgp8A8}|V^&z2zk@uA(Habfw<LFB;0InxA|j6X8=
zF@Q~Z;sLjYLJ@x*2*aC13q9%v`VekEyuzbRQM&&8I(5y)3g(8}gPW?5IW_<X)xLfu
zH9_RW{TcC?3B*O~7{C)5oV|{_BCt07Z29<N3Cc)pkv4*Tgd!tIf~X9o)&xVFDvmmH
z^+0fIcRX=d@CWR2=6Tiy?D_R)%kj{X%XdS~sXm|PBFhih<@8PaKHi_MrlFbHk6tcJ
z7x?RC`1w|o$q)P#Hz_b5#vl*={j2DzX?@48p!^2$-PA#Q<fdU2m7r=z75$m`RFq~0
zy~?t7Nn%Rqm6mEGfmOeZqagIIe0|d#Y_W<nbi2CKpy^j!^)lxg5sl-P9)p?LN3p25
zBq;*6f%E?K24-ET&HP?K-{yIZICq0))ksu4QBQ1^$V0mz5vfU}g2m?mkIF$*jUUM$
zvoiovO1LT;VW@UhgX(_`TfI90?JPY{yx~t2>ymV%EFCqN97mRUi>k3~(&K*l<34W}
zk`PDY+|@9C;x_hBD_Q^m{gI6Y9EX6lWIO}sK|4c>%CcyTbzfm|e+CEIU{AJ;zS{eY
zhr}fl7t@d@lAKwmAv&0+UM_C_j!*;y2j!<UzUIk=uY!0MHHk%Hp`NfHm!oNskcLfB
zd_7#JK`^8kpq<3*VTs63e#jxW7o6ZjtG59~$Qp=uznT5zgRu3)y?o{G&CL9K2qIO*
zd)7Yt8;B!Ir&aC*PMUi;B0r^p&1c2Mqo0(k7+Eg*PLt<^Rha2xgm7J8b_GlVBw}D;
zWWx}8XEH<Q$5BGea>Dox@X<Uk$?r$ar@f0O7|kpNsmaRZV)ET9UET)Wbzzvj#dRIh
zee~ihl9Zc!PmY%b(|vAK4lY|{Q4-mjhk%RAE|Zt|b0k9JIqP{I$%aXrP)9ti^&-*m
z1#HK8ASrIchSER3P}`O0H{(~rTqtc7X<L0!enm|@8ohh7@Z>p1xENAjx^*#7r%st(
zr>*JBZ5um9v858nWp61pnKnj%$}ot<FmoBt(0O2cKD}T8#ah?|kSR8~YPwS_Qd4HQ
zYrSEK8nxl%3#mCM-C|Z@`M}{$CKMq)nE$lQ-5CXxbId!{a3aN7E`WKyo{r(Kt<5B<
zbk{}MBHWG`d$#I({FdVYp^x?X^b2yP)^mZiBMG_C#{Ut@Pf;RH>U?Wb8EImJb+qew
z{-i;`0G}tLL<YXKS~KuqG@BFs-6>{c<J>;F;c_?&VxFn_+hc>mb~3pSAg36;2}O5V
zwUs0M$XZA5$`nsmOe&mdK4cwlLI~f!_;wLO$m!%}OJ(Wz%B_u$Ye1t6a`O1yCc|A{
zZKbi}*NXp^bfs0-?^i+d;U;l0$@;A+NK86dWP7(a#dFgk+>L;Q<W|)|YZLQV*n-FK
z|BtbEiV|$gwstdY+qP{h!?tZ38MbZP%CK$Q&amycQTv=zb^o@jwW`<kupaxIbM!vG
z-o8$@ziCk_(Cq4n5Us}!w`<q0$Tfz8U=G)dGKeMESXY~9qi8QvnFOvv`d*lZaCB8u
z&DRkyUXdD1uCrLkq@Mguwq%~#y)i+ylvAUKvMSYHg+S7@7484V6Z5DNYF_N~Q8P#i
ztCkU80j2TAl>`&`1>n-zq5TdpD>>$L+yrtr@iUemxn-9mp|UH*(zTHi>gw&`L<71d
zqK-pjmMJOAKgTN5bMkZu7{NgwVHihq2umOp!*y()w>%v298)SMP@!)1%%|x~!5CeJ
z>$U;Qh?(jhDhGu5yKeub#(&*WnOOfd31Ry;laRk?Xa7;Ri`2BgCn3n+xC*n^`U~ir
zJ-DvhWRi2@dD5aFsrLENZ>2Lcq^4XQHQ8R%?K+aEx6Iv4L;V@7Cwb(Z<yoCMU5OT0
zDQ5eXX2aFpjaT1z5*WGVv3c?YMt!pDni#oK%ZJNA!&w1a)%3*YDj3o8F4ku3L+#6G
zvadIRS`jS-y9&?O&kj!1wBn*uuNu+KrH>vd+8Il;<)qW~<=FQszT)$sY1($&amL<|
z!vG&#kc(Hhiw~VYfMMQEiuM~0jfr)>T&Zkq)r(A_HJ*a5h;j|ewnc`G`t)JwU|*dP
z`gPZBVrtKuJ`~}L@b^eWlpY%z($H@yD8rS>O|RZ$|1d)3w2@S5wJ;JUnuvHhM+Ul^
z<@Bn=t=sx>$^hFC@gLL|?uhQ*#UkZPLGNgC)=V~hid0Kb(*@7mCpmDzM+G+=x}Z~K
zqcjdb<)|ne*51)1QM`PG1OavCO&FOv+j)iL`5F~J9a*9Z1Y+_3@C@uIT+&li>sA_Y
zhXT%2fw)g6Hg&-wKCg*>a+oH#VG9=snSzZ%Op*2zqhAgBT(QqboV=<lYKmc$?+@zW
zL{+6RPk`5f5Zs!o`0))EkcTF7gUJeO(;+{m(p8V}_s|kahee%37@LeGuO)Vjv`j(6
z^JCHI0XR($6i5XfiBmeAa0)ydYe6;5pUPvh0|1&N{h{Tk`y<l0XMR$xCm(LshC8Zs
zjBT?LSpt`DgtYfT@gCl1KVur;jW{5~id{R%lV>$cp6AhMch$bN%I0M*W1tQlg>|K`
zsn^F7WHw9B?t~s>jCU|OC??tZz3s+rut5<QnV`phEMgTa4B#=GZhihyE-EG-3;l?H
zH4ErSumX`C+)wXI-z<Mb*w}_E+Dl=9Okxjz@g|uy-UNw52(>(5B*xKb>r9otiAsts
z3T&^IrZN4In!3>@18XLW+&=M!+MSB7dOkQ2gQ1gzRm6a`f`(8TK#Si{zI5D~xHfy*
zITSfg0DegIdd1KD$cg*O$-#d|_1F-1tlx5PrTpV3NKw6-YZ_DI0cdzG<o4}B2XirE
z+j_R5HllUWGB#4ACxzwFc*}|9kr7ncpVS-^Mj{Gok`Bu&4lU~y1wxSx!wdGyLgguz
zcCC&yAsrZT43H7aOyr6}oZ$8HN;g>J!j5<j!3l0;<F3)CEo#)Ex97?9Nt4bs(Y1-a
zjzH{$pDAq)8-?#<7qn=aD^BL4z=uvYUMRJ>mM5S!+*2xPb8Bbyf*eIpqx5BK?zf|)
zs+UecY&8oBZiSdP^`h}X8!DPwqj$kSlC{;yRHtna;Tg9D4qY_}DXd;!Vbf^SaMW3l
z)k>U9$O7xRdOC~YTmbF4ydFVDf!fNT<6bJ}>FXVZi#=Q`28@1Rgv&yYFC<T~!o={Z
z_N|oq{JPw!OusL{zl^aOFL*im6@DoY@?!~9MBe0X`F!fS(JmwyUUH_uRQipp==p~P
zC#sNk<R)`mJ4}(h|Fd>RVC&4!bITj<53<c`gD8P-?_w?ap6e+1_2<tFUHD?#22)VM
zB)a$3zD2OxM9B^7-eqD7j2DJNF~?27poZ<pKYW7aSTGx_p<brV0XRFVuzxrV@BtK0
z#4RoaLQu7&s8hOTL!V<g*4$+LJ*q2k@vU>`6yWtoy>}d;jn0&+2&#bK=__9qc=3nj
z1pd$@aH)=@c8cg$pK<q%qE?Mse1y(`W60n0pQBk%yezJ_v!$>jO2lHm9w1tH&VwqY
zlvqEhU3{T|=o5TeuFqbTBs8<J&99H27|(x<Fe3CdEYy;Wf)BMZ=4k2ut~eQHD!KlX
zC->^|h~LswkatUNv3tVE4J&{TEavw!Ij1mh_jgeF8$f$~p&iIIJ8vxv82r<XJgt8K
z^IUN;wfDRNv*{AbebBMA@)m?N!MUYd%2Y#e;cHqXf-NrOLt?~tB)&SE(}-R%G`SGN
zFd<z?a;#;uE#xI@PPfL4eOA%;?pI9V<%;~DqJbW>`}E>apL(8ZPl7SBBD}WjC*Ss8
z?Ph4Lo)bHy(iC*?!En^7X7199hi^h#rJY+1QXB`Nk}YC{kLz77(v4z+EK~IDcsOES
zqS2lSh+%iSN?^RZFQUq&7`XgyxaS{mdRyEuG|bt=E3P^@CWWRq&t2KLSDaq}E~^V+
ze?PkZiQi;k{nv&y`@iXtWdHAaB){8n{|~BRt=S__tiCkNkYQ5?uvWd^a-4VUmuwb+
z73L&PVe`23ew&rYOISfU!(3;$Qdc&d_Ovx2r`zlJ>-u=L(=^HPlOVX$-Yd6ci>pEz
zI4`7zSPEaK2*T|099zTM=j-$t6`-xT(w~nlG+ywuxOSC;rXG&rb5L>_PEV18Zs*UT
z?(owl@r~C?hrN!M+b@WU8QsqJ{uj&r4p)taVXK|Duy#oNXfHPKb?Kp)@rZ|#2$t_O
zt#YwM3-7hmx$uxh-htb$X7O)8z-dW}A%fIlQ>@C3k)b+n01qt{`-5UhqYr>d9EVji
z(n*1n^y_IA7kzNk-nl3uIQJ<Ukd*Rr%vG|sKM!$^5YW8VOFc%>bS*8w`o0<I){^>=
z*+Pba8$#OGWisHQ<3>|Xuz0#v1XLg?53Ree$(E%`Q<Bhjir2g&Lb5I9u*emDRpn5L
zX}REj20c%|+42vs-7CNL$)DzvutMMm!_G*ODee~-A>zqu@u&@5F(Mhd`8R*_7MjrS
z%YuCG;zESGwP<VyLsf+1i3HlQ+NHvU5&el0sCJb=n&;6^kyyffA=J^SOBYa~r{K60
z^bKgKLgll<qB*SP1lRi$x4CK!6IAPKNFWiNDNBqi5GmvvzBxPC15!Q13RML5pydXy
zkSb%~KlT#MV$377$^3F-1OC*^=^$k_s~?8*+Jxw?b6fQ)s);l!N0q^Gu0F}YM~<Ez
zDU}VCfWW}5>lEqA@7R%J6?H}`Wed45em$WgKP6o}h^kJ#U=PiB5EQ{w+}QJr)BNWQ
zUfNLY6xiHh6$@o?-d+gr5{Z(%;R<dLg?rFLi!a%Ne0&?kqk)rmy2iAwt9ppd!RxN#
z7zOMGGiR?(WD7B_v*H|?u{CL7RbJ2CNxeDDpN_*e#CT4WSM-d>$nHRpbqA^!Ef8(}
zi(_mQLM|ufW>uqdPQCe!WbEi;SN2lOGL%ZMTKwQ}hN<M30nv*4$^2pD#k|F#M|~h$
zJ{{W`S+#@o<)~!jci1C@^M-P(BkLrV$~`?tL6A0PDDMzeW37$+PMK=M+F?2pZ1!cd
ztmUX;!HcsHacW(2B?`s{tc&-?-fCODX_Dp0uC*-!QMCF2o2{WRE4@<WzS8oLk&SIO
ztf^7@`we=VcB*W+Y`q#{dnCMHETUGPb4E(9_U(3@lwWb!3pP#JVU&4QzQs%^RFc%6
zF0p&v=~!{oljAgWz>}+B>(qK7YGS}@a;ofNN1c`zfN1W~{KYUW4LT>}U!Ru-jxojE
zC>YLbmIO?nxhO79LM)Ucae&%uVdAZNzC5B_)mIccuYX3yZ_h=`3mT{!SuG)Yn0lXF
z%D0<|f*=(xL<6vz4dlvsaB0l?N?B>S;yk7^Mt?T&yIF_Cqj0w~NC!DxGY<EFt*N{8
zTQV`~N)vnyH>R6UDpu9ooIa2*wf$0maB${OP_eF)R?5i9EltU@Cnava`Ruw&@jk8=
zR0Hk88oUwDdDtvrUNw&V;Nk$_#UN|~Ox6*MD5i1Ni;nC$%_i3OK227J7v<}bEzJ}n
zL17d<l3!0cmjx|Rbva$vmE$UD{lHd;f%`FC;utGxgUt^QVsqWWNkq7n8s#So2Svm1
zYZ^)+Cs`KdOF7PPpli*U4GJv1z42xA17O^o94k|jC95{^kJI$9wexvs0??VzgmuU<
z7C)DK_o5RCZeKcPi56CdRe4pGvtyc}M}gl1`1EdPpjfkZ;v5MT)Zz$;9+H6*B@Rz@
zyC=bV?Qg79cQ2j!Uh4a<dt8sJcepHAq1e9*_P;7Mnf^sV;-LRK!k&Zvze3nosmlMu
zb@hI#Sviqh$JqZ3gYIaH-8tc0oRvqBwINjk*N2)LK_f58f0z1xyPjlZ_;XFB8ch&i
z?X%(SSNnE&4ZIk{!2NZN2+q3;k6#olVy@V4h@pLGQ3l>SdDw&-=8#~pGv9AEo^HSZ
zp|1~x#j{};xnioQqFOajNM;YP4_QCCxV}1A&CbJZ4!(FkcMOtR7nF{+?xa4q#88bc
zs1I!boS%^A6sUN-*gi6;I${w~v-p=Ouja-CYOPtKd{Ft$el(f^4Wvn6{72B0x}p_9
z)IP=F3dr5N)x3S;DtoZJ2k1jb$1V3*!bw928i1F_Z}bkN;Qo4jg)1dPvk(DBdrPnr
z`g9`(2W<^Zn<lL$XmFTG9e>X2?~Zj?bvM9%Nt5xs1Iwlw=u}=8U25SCcU&QM8<5+@
zYX@CBSD(5+gH>D04d8t9f;QK$%bh(UwJI=nDpvAl5&hwsHalH%57D#E1=K@2j&hce
z7swP|m#V{ez!)axfySBAx8zea5o-1)<PkmsY4Y5W_40Uk<3b0cq%u{+{rVCSpg2A<
zamlt5zoDnqHKBBpz8ejPNvu}=fCBu<^{~c&MpM5(wP8mM$)^h@8_TcN(@)I5tE!Fs
zCch%^4zt=?8GpVpCU7YVc5gSBtvuux0fnYACbFcB8hUDAer<%Em_eu?U3l8L_Brn5
zC8XrZ=*P;d;&kOZ?<OH#(}ixQ=?64bE{cv0&iLam(R~oi))>3dyl54z#rz%yY6M0~
z*;EcMlB~upL4Z$C)xz4aDxX><CZP8Yj|SB_=-?o_gC(aJK#9?cPe-IAQfJHDrzhU5
zpU>Z6FJFPvN>;(WbYinHX=gC9B~OX0NeL9+4qIYVL$3_wFqH2K(%z~TKwqtZ?g4>^
zEKxmZBFoB<u^w6%z)V*eMC3dY8Z}<9(6Pcu;bh$ot>Owkf9pl29(Aaz>?-#<na58m
z66S|=f#B~%$vLLYD9n}+y<6_j!hxmW&!4E@-$>5j<W70n3^ntXbO4G#C)}aS5}pJi
zG$^6WM8Ne$pO|jQcb;1F)M6K;((9t)-uRf-L=ijBDIrwRy@qwwaS6#3DvzP>y3oM^
zerrWZAJR{<n{54zekae;EGuU}PX}%SUE{jaXzCn{x$L<LtEL&1+!QOk_+9YHfOl94
zToa}a-7thm@<eoqrDJD*y)~;F9w2d=aC;f;TwozP(&>H8B153*T7;jybqg4L+xJ{2
zZ01a2;Y43qBEzMWnnWT|v&)N9(4U<Rmp7cx71L1;+N^-nuJ5I=4;&j!$Q>&(O70B~
zP*Ri;iaW&U(M19al0tasTJ&CeKc|1Q^Gx$hvC?F)mVB@s$g1yi*p;fUo^Znrc?q(i
zt3BxRh5HsVoZl?Y>tl9=ksQOCndBrRpqy#KH4plV)YQL(Y!#(9&a2W&7YWlrG$^Dk
z7Z4tTJ{Zhm{D)6e><suL?OjZimdIRCpB*P*Hw?c*5i6+sqO7`i?2h<%b)?*Aj$rnJ
z_Xg9?Hhi|C-q8-E%UI6$<!EwhfIl9}tC6#aHv_wvdfmT=xl%6Y<>lrZ^&40npLoQs
zKP8Str7jgZ?rcOa)FR&5sd6rZo~lFwd=??Iwu<hvSW`z`;%D#?K^hYJ5rp3pP&yY(
ze~^hKNWj9D_bsAa`6lxCf23Y^FT@!(5%@u}VXdpr@9l8ZxD-bW<7Rf6wd8T3_!t69
zX|v#n-N1KSB49YG<i(7`U#Cu#AD>H3iUr*2DO<kc%5C%^@#UZ)Kaju7WoPjLe*u!l
zK~Vfnum4Ad|93X@&&3@MhQ9-!IsR(;{ExGt#{UIAKdD0B&Y@!cPNvqpy-dhxSOK&?
z9onKn6_KAow05KlgB0Po=^FgrmP97e-J_i;%z#4VI@q<FN@FV6;E!>iDUf|)n&PCZ
z5mHOWfjd^D;|l17_s8`X69C@TL-s?>68XlNc5gdzNBp=H%j~Vd$dA+;5T)02vM_=Z
ze209SxYJK|&hC#`-Nu<VlwY{hd#t{Df1Lz@2DH82Q$Kq6b}|(UK1Kkt(dzu*c4rK|
z<?!mi>>0AXFlF`fljQ3p^ff}&XpJVKlwLmjp0tLku01;u23KGNS+7Njjvv9SR)*iE
z5hJ`_-Ubg;eaqml(@>k_ztl832uS$u5jKV*-Fuh=!9w|x!Mcy?^c%olKu{%wiW`2U
z?boRPGJa>I0#K&lr#W}-A@?+{*(M6K8JC?qV2m@aToUYm2HcYIB@06}rjQVQd*_7;
z;n|)OhiFST@HTN9C|L#Giuv-dr-Uq$_B>cbo-bKuM75(aC`v%QELrwR)|@#0Jxt1s
z?lytdN8k6fp7^SNz(-KjJ7TI|8}m}M6nr)NMuup-K&zT)Jdq-~)Jfh9y+dQHn+$)a
zkhxBhSQNBS#6cT{DL)C5!eR2WmV_%LNCl&i@{nSHQg_6-h^9(2B4~7hkTtdxnoVGe
z$q&Q%r*Wg&NIU4U)W%KaPml;@mnM*GGC6Q*Mv5B{d_1?vR}~aHs!5BGIeM`bJJh?q
zWHfE)L9?W6b#zS&I~9^a3?c$0<6pD=X7pr~+7ZBw<|y_R<;;E@q=SP`i~3hhEs86u
zfhKRe`wXgM;M_r2p2#9KRSgyZYw6oRw)Ou|UXgxN?H7DeOm&PMiK8TnrwVzX_E4rB
z<33HcH#A#>EL?~;u1z@b`ya>lF5y2v!IwYnLmr^qG=u44BrGx$Vvk9=X;6lejg@6k
zNv~muoT3rc5>_M-^@u3<q}L3@28i^vIpb_<0mlXZsHI_qC(==bX(*2?6KyvqIRCgZ
zGT-S!hVhA^n<qCwSUvq=jq<UGx`<37IfYzH;3?7S(NAy&0yfiFdu9pky6j8F?%Iu(
z*ZYZg^Hcy3@!tQeZe3Khukm%_2|&aBm?K!xD0Lby_!z6`SfQaKLdh71RcW&hA30)9
zacWF5mya+B0cY_6Z5Zn$+kjiaT#_JV*FYBZLkTQ1TE)#Nyj9eTces;`n5SaVS%g+l
zP-Hn)Lh?69^zzMvS?@z#0f_vF=t5u22qt$C8!*t}8`z8{rKgpHxU>TLjK5+0g#5>v
zu)HR9gBp0l)j?_WYIT~7&)4;E`#2J|y`iuQ`kFFE+L%uu)pq@EUNUel5utRI+#yzT
zbZcL6LTEy@ytdW-zJ^QeO@8c4{ACC<8HJ6uq|MW1<^aM`>;R7X2I2>HOqcek+hXuR
zbjh*;&}T9h;a1Q}>0Zg2^v-^)n;<~%{Dldg#~Xj=rNZ`;CYPYI7|>Dy!SD5C@v3Av
zcWMnG-JAHf^w<T~?ijTtA;6bUp`wAGIZ{8}M}Qp+tu*Tr(yDeqVxs0$e8PH`;zv7R
zbCXK;fmwjAK|S$c$$|}2S6VpYxl`PJNPuKe*@!gP<>}rDQ(}9sF)ZZ09~eA!^7ezJ
zeA*3k5H<Ze<S}l6CGs-FbM^GjwU83ZRDsY*JxmM68n4<Gig4Qjf>U#Jj&`R7sf$j|
zbtqr)2pmpnEMYT#j9p*a&4NJ)b9SaV<#e4EjLxsen2^QjZOPiQHyAZ97N)m3isc})
zdP1)Q+m*xlAxjS+x~K5y#(T3ni>LqCF>~1QRp?>ep@$d8T=^0|XJY(vt6^vLdzHJY
z^{&rj+FsjRV^m2m>%zJ*A=su_NF8p>xqH)fqdDR33b|yz#4KC+qT#3sQM0rO6a~m9
ztENcBUHXLvwZ`uE7DcHjBBSp7inJ{DUUJC^hgOv75$oe`DN?fwM`zbVenkCgi==3x
z02a_HNDpYMYTHe~C_$42H%R4Vhv?N-rFl`Pq3dU?!FP-OOCi*ooRbQ&7tmbtxx+Y~
zKUjGbdy@#hsBB4vpJ__@CppFW6j*SM{3{-Hrz7U49v-nJ9K0-gL4LFBi^xB<ZLn2V
zfrWl2ObHW?ifD&lTc9aTvZ2`gWIH0OoApHK&W6V%_l(in$t~{Q6$p}8bl9I5I6Nkh
zrI8MymQQ2(YQX2wzIG}q$F^S0ja}*G6DdAkfhYmHN)t8N85ll-cyZYAF)x2IJkqTU
zK-~HJ;rGw-Y6e!0f06<?{z>)wm!ZwU^bfZ8e?0uE)HJ`ROQ_$E75rC5CjP#~O~glv
z468bjH4NE(fm-zY@A*;&(k7*ZJ&)}u-S$;%qU{ZA(+#O}!q0=*R<G@0$NMDr4O84-
z?K$o&FY8AXnkQk?$L*TZd+hpgA+nf7R+y#~X9q?cd5edi%VD<E^iM=JD}0Bw@pX}=
zR$ZBD<GdMr+sp^vJ%@`2VvqChF=1DC%nx3yU+gb8cW;`gV&3oba0xzBWZg2AjaTlz
zS0&uAE6g|F<lYc$@6D|VTpJUsC6-?aY$WZr#?{G`Xq^_P{XsdxDK+Xl?iep_IMVLt
zrWoz8hS`CkK04^*cpk;fipuLwou!^jY?U@1qpyuUc$TBdS!&Almlr^kX*D8MPJ>2^
z$&)ImR&_kmeOr@_Gv{?StSnT@MU^m<!rHZhedZ*VUiT>Ll_;4gSw@&=60^N<g|XBR
zXQGnS%kCwpZkgq)S0Sq(UAG`xiDV<yV6N6K@^$2rg5kSSC{X#4cxmr_7#T#)q$Vwu
zi#hQuk_l5!v{~o<S!EG?(seH$DZH9VMe)YH*^P<kBXw6$OEE;3WYpsJJPg^J;~R+#
zduSl%rrf;DZ+#B(`%JkC88Qu3<*J4~q={6DcPwKx)(Z&ypOhAsdcc`Ow$g);jap;T
zj4Gizm7MbCfG2{05bpENp`{y)o5_?ZgBZk*lM;O~(L9>?fN@upMKwW7($&DHcb6a!
z9@|b*-bg<h1AqVYdn(g5ORV*F;@>F6g|AvId9g*#!1KiQBu$}MF--R5^hWl~6{UNC
zT4x3-H_u=9dj*H6-b&=`a~*4#$Y`6nK0^(R(*>)fYF3R_nF=K|9rZtN*qst}V%Z5k
zZ_u6}i@p_{>7Q2`Mg<~4R2M1C5`M1NNYpf~z-dF}p0^@kmcj>hkoOK~gZF1EPbgX#
z;eOU-Gyc71Ag~Nw;mmc9E$SaDi$ur1`!yvp{Ql<ial1au1-iW>Vyxg^;<Uv*YGb(r
zD@pd?$+bM6SVHV>kLf@+5e*K1`wR%kZh(X7jUf`5il2?CoC>{!xLOd22LSBc$#7~h
z@`H*u>t~76v9hs|;e4657<p(TZ{j<Z3QOBJs?xfo2M;Fq&~oj^R2BhnxyeKsChtiX
z)~z@GwXcy~7fQq&w=x_}7DNN0SJ~nNo=~INmOOsa0xava_h}S89umIzqXoR=mk8(z
z(+_sN%~M~5wXHV+EIoXMeg?};@l$upf+*{V%0yqD6`*M_^Fl#y#gQ4%Q^V|A`kY;F
zWf+zscuDBGlc~unCSkWgaPCq-v|g0Q-{)-7Pb1lQHr_7PPKY-ARLKG2crIo@_Eerz
zu>}I{TvarmyV=3k<k5_Cz$8SX3f0oMk4Hhj?=+}l0o8sf1W`DJof7>y4P##)Uu)^x
zmceo2kVm}1mx5`bGaMi37m66!MR?g%H$&688W=#_MZ?BYif*+ghin!{t+r_LNBsqv
zq~dWw2`5Y=@jg1>b0weau?7#JDSIzoo91hLd+#3nrRy@i<=|jR4F^l`Lt-gtkac%H
zE%$V0>O-`TMN2b+jHAy!(3Z?1Dteb6kuTvMsG|wV&2u?`6zJuNFuUzNh7;ZK%YQ6b
zURe4xZx^j0R3ie#+1cq3Xzh=jS{~F4yWtB}mJn*RtbZCgbafWR&u|W5TAR>5Vq<;O
zYib$UwY<QPUXZX*gB;jEp>-KjsU7{(*^BuekVMtQ0mBAbc!WvNi-QYbCa1QXh928#
zLF7ShaJAIejf`SLr1Q5`61mX1z!EXm?v>X5n3uDHD8YAn&+t#)&txraWQ84}{Mawz
zeeWhX3Q0N$iqPKZ<B{VOd4d^lg{ouxZA&^%<_be|VJz7I-qU5?&G!sy^lQ8yzC-!1
zw}>Hn8lcPj6mTEfy!p&6r32(7r1L@r`-MV;Ccdx&p}H|lwC4E>Fc1Y6kghVWw;H@*
z4)C3mfqoygT;QreGU5$8$80*|%{-r0)wQV(t>)-`fw$+<6P(Hr^v4~=oPRnyhM|FS
z$mUPNnsgYAT5<1YuAvxL@T;}^Z~4j&bstmFVp1QiMUIWV(xtz;^D*`ENqc!~rSo6u
zSskjyg>BcU0!W#5wB;?C8$hI8T1+7@Jd92@dJ~}1)yuL9R;L=m6NQ$M@psK8!mBy~
z^k$QPec6L1F&!nzJ7nIOJtSL*;1F7OX83fJ9R9XG{cwLYxelUeV9^68T!xBCz_Y_{
zM9aFEW!_t@yFsI}jYFHunzzdT>N}8QduR-sn}TT4Z@zn7sb7bZT#Qlfz%;&+;uW}T
zCL4J|%oe8p35c5+%XBbHa*+9oZN<qvL8phXX3adr{a95d$(=#UU9jvK^7#DOm^XrF
zEKA2lIg2IV89n)WtUS-dR!}^SI;kkQ=#tNcW1(T`WF9pa$KF-KPPHbMF+mJ$GTQ<q
z1Mf-|sl3m0xPUm1KE@kP14`09UiOGN(Ll#MR==9c7I(a|DMRLe>BZS)W^zAB{%HeR
z;BL7t;jugCY6qXa5vHTXVUJFy3CAqugwx3##)O-;V<XaP13Chik4VDjVeYwIfP$)>
zN0Iv;m-X`cOEg+!HwEFMTjmoeUm54;-|qu|o$`M@hB^Kfl;HSh?Ct+|ANcQDjH^`s
z58XClt+}9InL_d>nN#~55N2lx(&HZpce9Kt9fBfIjf2_?x@`iH(RjS$VsPs-fl04S
z4Daoc7<w|+iN)c}gpIZiC_O3~tOYSEnr&TQwqf1lAoyo_aDR0yN%ga%nB*#ip3Hdc
zt>N!*n=oN0n@Wh4kneU6NfVI$Kf=5>XyZ-d=u_6Ad>Xcw-n#x*tDoOtUbwo4(bE~7
zdSC010atvrm4TZ!ks(9(&R4Ha|0MD=MhYf1Rq9==?3whG!IkUea3ioOFWfS8x(?rG
z7v$ccvxK0Cm*FzeWG~H`NVIi~8Nwhe4aHKk+oVNAL`q?(C?mj<waUUW;vYBB5As&u
zbA5dXcqhg1Ou`@8p7RWL&50gvNIqIXREQd*qy;RJQ5?y#yJlp@?bHz(dQHEKl<0r1
z2BRI{^wi&m<%aCX>oK^#;)~kDUjABii!+iQBVLdtIgpZQQ)c7RusrtvWeA7>H>Yq(
zEicd8z<E#Qq;J=6tdK7R<$7MHUw?_<e2fH@u#A(Stp0Ne%SCx}TQc&8YMG=Itl=WM
z_)w{wB6GhNj9llm{RoWob(;a9rC&*9=}Ylq+>Vw1^BBdI3N!hpi$JS<41KtLQrVhF
zV}1uG?M-OxuQ1g$v@Sf9KlQS&!;ALDi*BwrU&CBTt(eo-M-n(!wkmGSyWDU9JpEOx
zFveUrZ$v0>L<JOB+B=IOk$=>>u5O11u8Qn&7tT4ya|bvheji}}wDataMge;4cpEBP
zE7%9LAb0?0a$B=U=A$wq^3b6wk7RoU2>7wK!^}u5zsAHtS)NNQqPe@#GqJTuZaTr;
z>7vT|yIx=qQG^ny7mwbl@TP^LtMY6uPg3xFOJ2ASe@@#z3Pqk~nkf2|zk9_RhmLRx
zc-g7NF})|VbOC1(R?w*vot2P9gV8`BL8vh^A-o)~cphBG)nV7ah|KsF@$y58lgzn*
z)QNjo0u!o?ZOt&MaRI>~l|8Szt|glQHEqSP(<It-sM~YC3|J4?;RPwykQ#)I+!VT~
zZmK&Q^v~H6ZC)kvZ}TN6-C69gR2iMTsDYHn6H#B}F0nBg?IAslR2C%nCqV064+!P7
zn?e%OlWDaC8@$=3GWVe`{S&DQ@6b!N&#{)i=zxbzjNEFZP8~A4^U&v=Hrkty9TqHs
z<G7iOA9&9GNIu3+WOi1nFSt#BQW}?ICHZe5bIyUS()mGK6(o}`#)=a^nuAS@`pTT6
zq*KF{@|o?j6dT?wixQ9BeV&TmjXuDlhc9vet`-06>g8bjX9W-k%RdkX|8EwSgZ00A
zI;cuJerI7j?^MsLMhE;Myyw}LWlGZQO%hYhixWlxNC_Zdx&`H2m=lE7b+<tH!wZF*
z>y$@PNdQ*{yPDrn-yvD^^eS9krJ>H=e}P+?%gbGvSigAx$d3AoLlZb2Mqu91P`7Bp
z{j!j^256Ji=$VGl2qPe6Af_5uD~8|GJw`m`S5TwdF}@8Ep$H?)5Ogr?bo&}ddB%Ov
z{WR*7sdP=Qdqf6H6#bS8XmWe*eWUlbHZAWCt-kuQHOeZ7mMV8j6++{x(y^O?=1Ot4
zofVhL$Chisy?OTFZ>i`Rd`_^kZEa3tk{9gjZnT@!0F_Mk-lfsP9$KmLXncNJrW(l2
zdBfSFUOWmpBk^|m?CKYrz0Q<`*d}xInM~hJ_#Ih6C)qSkmE3D|8FSuiFOI%4<#x6_
zI!Uu}>$HAdxjjjK0HyU1>6_yxe1+Y8$}?#&55of)hl^`N{`-{^04AQ)Hal<=F6eIL
zOqL00rD^lJUil>K=b7ixSEq-C5kQAjhIVK33<k%JGJr+=AHW^PX-{HH=`!FYJLAwr
zhm5mL?ogM2m#G_nh~V*Q6Z4w;l|9i0Y+QQu6$ve^&HZ$?@i*Tek(M9k277A=5OQ>a
zdj{s^8pDMPLFeW9p2hwxenRJE>Lbq*iCTa|ko5`BRZucgiwA?e*PYbl{KLJrB$|%-
zs5toBXt6T=3_!0_{5rBf>9mPVOyX*=Htw6FDLU^AWv^2X-jPAy`ORC=hKV6dklhA2
z{D7zP2B1iTzm|6Leym#<)rrmG^9IrNnhom{nmrK;0g9m%v5t;ailO^VQ8gY+cK$?p
zSwtUfn+KhZJ`+Uzqc!43N)QsxVjgHI@qF(!V~!q=F7Sl2_Zl|@`c{18u?ykL#Z3A+
zaA+F9_E4LL+q>yUUx6M15sm@}Jy%W+e-lMexLNChYa@@$jRbDo6`-7Sv>1@tvt_5U
z@keWMDO4YZ3okbN9F7BB=*#OMYlfhX6T+R?p&-DCPuy`Mv<0ah)QgNCffLYYd%f+m
z@Y)CX7Ywt3Zj&2(@4XlUz2#BwHd$jj=jHiOy1>hbvWmWQqB2*HEwe*On5MF{pJ%Dc
ztLjy^t8=inz>c`3@a(1yePMDfCeLEjSeSmRRh^4^!frC{Zz*zEbW~0A4hqqkd~z^J
zvW1NA<p-f?t-ZHhfU_-#%K2DCZi#3ZR~FNCi=EQr*dfrH?2!!ujC`rPs$|YsgQ(n4
zhpO<JY6;}7-|k!8iHktxyM=Qeww=a|Ww#%t6t@6JQ{7`Zqb{bQyk)4H@R~xvGRW}j
zJVt|L_lbx5A<yK@O&g849YRMQANEChu}PF+UH8#DzDYaotgg6j5hqb%AZ}TAfEWq;
zr`h?uc2OIY0@USVQ-C6-39hW3j0<Hp%GPyIxZ~Ah87}!{2|prHa~ts1mPDNgMyn5x
z*gCYDGw!z4x^PzGFJM``=8cEGh^Bb!FZGG;e!3|Y_fqVg?}QPhqhBtpMlAN|r(Lch
zidfS#_}@SFTLZdcU)T0Hfobk4I*ko>3a0P6l9H%)(qvG~O&P(lR!_3jt}xdUZC*^w
z?#nNybi1xZFwVyy6*KJYewQ`0Ss+{2B3L>n)2*<{TSauz?H^AZJAC0+HaQR8!jMj5
z=ut8j!4)i9mrNt(WYVi2;mYySBsouiZ8&~Ty@F9Nu}J-0VgC}&ziwlU?Ejk1u>Bh=
zneD%_l8aQe757>H2lKF*g}A6&m-VY)M&_gk8fwdhlj|*a#Ua1i8bsZ15|-|I+>>Nn
zfI%M;D?}=k1SiMysuiylAP0EoEaih5^D3nR88r*d*LyUGEsGTX?RjbsdhUc8XtZN&
zzJ2mF3Jo2&7Ec7I`!JL-03%I6$DPOF2gPR*0)*fQ))h|2^w)#GuTdHvzxQQl`|AgA
zu|55-uY@Pf%U|~%4b9y6;Eaqg1k!+rLmxsLX9v%>SNoDJiGpE*3wE6bAT@3RC}>sf
zH~wP=5P4VA%){cD@#gdyy~OG9#DZ^kbNF{nrOPC?Xt~MIaKH8^+x(!GoSk}iG8>^9
z1BbkgSuE8mqH_(ctT+r>MY|^})I}L5X<-QCAFDe}f*2@BA;JJZ8t|OWFyR}P{dff{
zqFQ|*-;csKE7ePyL?KVAovCJBhE~LP-Z0JT8{3|8dBj}EyVRA$(-HWX?hPD5TLY+Y
z`1eMFXH9f8J?FfSh=r$#z1h(d3m#m)#xB9O1PIbW_w#^f+HhIP#WkJclxmF{jOu~b
zl3P4uIG1p!9?W&}1Kk=KbS`E6)+*7xOCa6mYvUCMPhphus|U5kph=KZL<IzK>Pw{(
zW0S_^6x&fc0+Z`><^WZs_O?I|u~_(X38*MJ`kXYt1u;PZQON^fFO#9e#AyOl$c5_T
z8yMi&C#P#@z%8L#)hSd6+nIuBPp;J!Hu9a<z<RnUmR!81EUQ_0`m$nmJ&B+;=<$xB
zy-${?_J3+5Yf<GaMY}czR1!5@!1#wsB>cv&#xi4by9BDX3GlpBLc~K8-K~Qv&4nin
z)rW*AMBUWllNF_Nz4@ez<caSJ(F#Gl{JJ^_P3HLo*g@YL&7>-2uaG>WouwRO(BMRG
z{*bZmTFkY_w|z=quna`iO{?E(FM3GlIVo8$%W>Q1N&v)t7rV_YWVPlKis<tQr)nz$
zp}|pJcU$r0DS0`$pDXTT9eVX$s@;tcNV1Xxr+OM*3>j4nc<vWjZv}%>>x3&^L}=<(
zhqjN6WgZc2<mAkC7@Um^T!p<Zpiq*JKMAtm-PG~42oCFyR-LBA!m0}TK(X)?SE2Wg
zC`bI2Q~SwP6fRg-Xgz*P<eH}#3W=6e?Wp=F>XVu>_KTjB%wQoh|Fc%~oZr^jLnX>y
zN6*PWjldq#Ep7o_%+ZUb3}EvX(@;GIm8;ze@}y0CH_<hy$7<7xt1{LQ+*NkloMs|U
zaymAfiM&Xys&?;E*=MI*7wxo@Vu!jXz(%>Lu)8oYyLX?8*ksPaYCFbM9X>?k+vbDk
zlMqu!#f>%2%ZVr60PyCvbAdoQNH2DA;|ScK?`R1%(pA#s>S?(VHNMOe*dV5NaMQtP
z+VpNtQPRq<#L%Ti(Gxp9XP&guNp&wHGYDds(0%MMf_Y@o{$szu_M>g0<{o%PmX2Mp
z@&@)XqvR%N$!qq}um$yc@P?0*%?e2vsl0K{G?UjnvVjlXC75C#$MW+Cs3AQ!*#O*x
z9d8;DiTND|S<K#}MMisu&g>0m(}~WAXlVH&uTwZ*xFAw<cnbW%UuA;<GOw5k5sM>p
z#)D$%0>Nz3%!hNiu`gCm-6dA?dyuS^L-!C9$^OFl{8sRU_e*sD&)+5UFCqLN$z)>r
zKMW(szhRGa{CDi}Mb+Ma6jOG7=bn>|Eb<C}hAY@cW5@6`Dh`_rg-F4{Lr7SO`vc&c
zC(aIj-qP~N=94rklF1YYRmK6s+v2(4xh&`OlHj(y8uKO0y}Ypcw>ojp&@s67*#Y}S
zT-nnHlV?T>(33gd&zpSw{@&24#S@3HH55+k36#R0$^=~v0RJM)aT5xaJYwkx`?BMX
zi5#v5yGgoxee{CV-wCqS;kYt53YgF38TLJj5@!!IJBZVtK|hH(Ihp)8f!P4BcI$&`
zsZftMbr)2gs`w08Rw9N%Z@UzB#0Exy=o|$G_5LZ!o6RTVIzo#Ldo{9gJ(Agd<&RSu
zg5?E{ABZ4KA3W-KI1@m#ARA!o^-$ZC1%yFk3bKyNfw;jqIuKqYmfS=)VR@Wjb^xn6
zeNp!Yg0EBip*})VNIgzvl&U(jymmKmE=!2mOAZ~nef$zlA}R)O<D}ND(APUcW-~KP
za)>P&`e{^(2A1^=R=>=;O$x+nqhOaN*jj+D&qSfn^67}sAL3^O2?we{=XQ$`7P@M!
zhsl4~rAMD|FqWV3%a5`j0x^<oM21d|Czzkl=TE_v;G{eAPpVWntQP;tE@O3T0ehxJ
z!%qX>XmeGxYcB4s?+;YP%5{Q|6oyp_7;eHvi7pkSq$>3j2P8W!2d7wTi3JT3FY}=m
zdP31gIEPoi71Sd2;4Zv?L<2eMBD_LHkc;>t%%?tvkCg`E_MyBV8PkCCmI2G$I`?On
zfaN{|##zUb7;#oIExL3XecN6BVXpvLf~Xt%#pB6kE=fZCR2uWFzOtZYD|M;MyTYlP
zBF-BkPs8!`(}90Abs1;x%v9M=r~%7Pb8Bh$BH(nvl=U>Ga&mG3s<IEu0{?KS#y~{M
zfuVET)?EU+=XCu_8GL;~d1P6Y8FwMfeM<y0Z8SApr?r`zB6=}(B`zURDh#Bx@S&8Z
zTx_{GR<>Lm+Bp-UF=Ql?a`2@H?D5Iyo^Vum30R~J&uTRyb?eAw%y`tvMz8qA31<uI
zrsl3C)gpzE<@qgaEm?<AYJt|BGstEXuU~;-Gzua6+p1lL>U%y)&$QKBoy%05>N?qJ
zwokT`Xe&eOcNdF~-kzNw&Ysl;uX8~)`;Csrt+|d_{kgj{y33N+n#m`TYgHR#%CCDM
zFW_`sxEhVTeKgXJu*)Ti?9z&Pwokp!1RWlUmyW$s+2&k=EtToi_YDm1_Mi0yG<(3q
z+dOwTZXaNn75c{p(&0K?zfXaDnwQ3$Xy7i1Fk2>~*<Lz5Tu^m4R~?{=;TXeS55)Q8
zX~xrZhB7A>4bZN5T$+pp{*Xo-I;n}43Hufc%nE3v=ND5y;2>8MIJfP&mvhmUwkEbl
zSLPc}2GVXd!8R9K37MS^e+QsYW}Q@}`vbFlR~Fh}W`dl;uqchyQU%d=`K+ouiyPFg
zjhz9HB{aB`KC<$a!=?QK)n*Q+4PAHVVN~3}^S3oYyzM>#=NQu||E^&Ff_F3gt6G<X
z<L|pl9Df15|Dz?Br6TRP_uZoSrg|ThR=(2+05%e(KVnrrf|}qK(Z7HlNK@-#9QKox
z+Edc|rHR-FAiF#*sE|DJzU}SdECvny9UkzGmM>xB?ZO<I>mo>R%i>66mL?MLJtvZs
zKDro5ZeiWyu;Jrl5Q+vc5l<X8$3Qr(Zy`sp;{p4-$nG5r?!)ef{pBy;m>XRk^w$J&
zc)^Z)Uhd6l0?eS<;q2zn&YEnYHxwX!_L~BLNLwKvdI!<9nis3a>?*w?BLbw+U3Xce
zCSwSSROE|*7-13&Xn#Emuk)B8Z)BO089dR?3;6vQ#fbMehnr!X9_akfV3b<p#FE&b
z^6;doD*|!yJ4)x_&<9K2R6OL!2p)9G_Tqj_Ir8xeAW}W0-5e;$(F#SFTg>AaWRQ>$
za22PCOxKq{0~qsvR10ed3<!5a5-lusE~N_tQ(PNkjzEQcys)4t?_}X}Y6K}66_o5b
za>?Quo%WbQg}MaDnh-k$??PR1rm~5B=J!CO(-x3*Ao%3?W!W0o6)5>3A#HcL;N$w}
z2iUu6RlTgDc&84f$$v8|D_KSckwXfi;+y%yg&MpAgZ1jbrxHt8z`UIoGSp!w-Y8+w
ziU%}AtFm2u{|6Eo5cD?qraMKyAO=iYQHTwxEDplNzj2hu1lrlbW_<5(s45F4!Hfne
z*mWMZX*tJRn9WfbFD)OtSI<z3U%GBhHN$>w)XfnbfZcY3Eq2gcHVW6$EF~wopy~&M
zmgi{jA+<q0M~c{f<YbYgm_)PG%>5;&s29kLn6bR{q9qm&a||A81c;QsA71bzUBD%j
z(4AXdy3ejdfR~S@Yq+kZNC5u5E!oQ4(B}d&b5l6xGV-4<EB*lT+x}UMbJumjzR{8Q
znVMF69OACukwc^;oh@LZz{>TRKWgh85`|Xzn!*o|slZ0BY;c@S1vVM=ug*uqB;yTk
zm(r@J6g?*>r3}~PH;qBo;>|{AuLMLh$pF_6EdL0esQj^n%t+ud0=_UhZyvjtyX;mH
zcZ13tT#KbZojuk+mU32_>@>X4iPMf24B7f1aU6~$tUnV^>VoO;YjAy^YHM|9n3N)m
zzR-yA;T=v*B;64{#8QNj{`h$&Lx|#1+v!xKrEiu1BvSWj*0p=j4F%qKge;i?G2Duw
ze4j&1WMFDWmr?qMS4Z8|<PLT!Ir=xr?8tJxDo7~GgaR}Y7P%whH~RLL-j}5&tB^%&
z898eb(ne~@D=!x7ajj8%P$^^q^5}?h9@7ISxt)J25`LSYWyBW9D0qTJK@89Jyt*QJ
zO>>!8g-Ceac;87>l_jQqP|Z)-5|X=t_#0BhLpcVosnVWtj(%Pl))%E^)P>nd(~Mm8
z!^($1eD`oV$P+C?+`1_sLToq)tBSoR@5xO>)Dl0b>2yC!E3x3q!Oxsa;gXMrNR5-j
z24qME$*;~hlMp3ev9nLwzcanuDFK!)(mt%RBNZuoG@u1Q5n;pjD*Re2S0YS(#vlmN
zKYF=2NgY%);cBtx^}92Wa!<kG?*jMF9s&jimVdr#8R-8?L;t^%!|#v(Sgrq$5?Ays
zaT!1VaY=hEE*vAo&!gK$9;`0J=8B$Ffz|Xx@5i46MP~$3Nz}X@Z*B(z)}hi&iZV(%
z(0BWIeK^DI;@=5@pK1S)fxKGW1Z-M@^4l^wn>29@1$?J2AfYy?AVEJd#=ST^)9r{w
z$o-Ijbi*MUgH-v1+?#M5A)vmtWq9a^7zla-)EV;e)IX+65dgpOyc*p618O4A?#c1Z
zhPx^_n(-##N2mQ*1xCG_$q}X<xo%Y7_SV?$tD0?;ae{qHl2R&0l&8{$Wz&I5IM+i2
zrrKkVM*XDLs?y`mdby)G#4CyPa)!N;=}Ssnbjzv`gD9v#;4Z~fN<*w{klPQIAkHD7
z)quYi{q6|ol22y*YW_j{{9|hK7$~?m!!vbg4A}xEsFa;wA~y_Z&>6XQFh3%U)-qt#
zWtqv^ZL{qh;Y3G660*Y+DBsFYS$)4mY%H>&9g)p{Dtpi<_}AmI&&IIb9YHWyq<<uX
z0o=e-s}i+iKYjUzf=n>oYl|!61KOS5T$w{!L=_L18WT1mKjR!Xp)<58M?qy777;-~
z7CE1y)!BzixDuxSFWN`WX#o^vTBtCo5ins$G}r<2no}IYxW_D0b~Xb)%3ld4xsBv-
z(K4M#Ea1eBMyt2(iNVe`DChK^;Ok0BtSo<=?dWA&^QK%G<HCKhks4`OL=jU#2QTv^
zw1p^{lnK>TZ*m4od|<WD6;HA1NFa~lss-5b6q9B--67wynnI~>MeBQK#n<Or6(Ozi
zt7fHx5M;}98b?rJp3<b{^do9N>rJj2rZDCBx5EPs9$HcJku{S!lw&BZ<)VPdCZQFK
zjrwq=B+2^#cn6znmarP~40IdVkw=aFAz_3l>y->z;L$^@dsm7!nv=0zBr+BtE<K4T
z*VVy<RU}o@1ih3+6kCpY7G%`U3Dj}1bc(<W>w(G_Tm<nh_#mGM#_igvww&a+P3!h6
z*RF^?%2+H(U|Ug7M%(Nqo#Nv3t0m9d8W@y>h=z{=)wvHsY#dt6o`LQZ&2#WToq9!6
zE;bspZG);jhRM?%b8&)@Q9ZLxH@_>p8gU`(fwLBvHM^#XF2nF};u)JRZ+@<$CWJH8
z_C|?b)iDPUI9Mes6(}rdA2W8E%9`IR(UwF0<}(gB3Tm|k>u)t=rG_|k#l{L~4F<h-
z*T||Iww0#G)Z)4LV(HC>uHHSlJ43Q!Zvi#<+yZV#Dx0&5!s(V#oEXh+9$G+&Lv*L|
z_QY;g%xHpY{xH3ZXu=p`%|xcy!h23VvrGf0#-U3l|B-#-i7m#VpDzIULOdvFC%>hw
zrPafj`aEwFCm>U|M}loq(97%;2oEN^t+oDIX{|aHD}5HriQJ4tqo@Zri;sRBy=->o
zaaWn(9LCf{=%YtRA!g*nb8fKg!n3sggvN#gWtjnp6g~tOl5P=0iXV~LdKAM8&voDj
zEIm&^*Tj;BCeQ_@8?XarZ<ja9FQk`tJIfdGPQJHhE!;IP?G75BzJka5-1{pEI#8Tu
z05k%eOvh(yPakOZwC0lIq2LLQ&ciz7Z>smdQuf!&l;K}~3BxzP^>2pB_s9RLLGX`?
z<Ubsfu5ZU=a&$phJRDhk8+$m*4bwF-6$6ivgP)i<?~f3`4*S^s-1plQ7nvf$X4t+Y
zCEf#CV5h&iefx5c379yLfBUlAssnGkq&8Ux{1w%bPW%ua?0NEgphrB-PjCC@WcBdF
zl#UsE=W`5H2PHIKNXCI&C0hiRU{IEmNFP{aztcBmuto<xo*GJ!e9MDw>&pp19GjF*
zwqv}{^GLm+#0owbL!9vEcjL7|`{;8UyY5CdogM+_Vv;rto2JSw3SHTrHdnTrv`DKT
zIk>~*Y>Z-jpgZg*HNhRmnywO$L!Ex@US)OexrT^4mB8*yyo63)ITDPrDJD^RoD;6_
z(3E$|kLVgZ1L}12jJ$-QE-ZSXOuhhg#8e?jj00H=p#|Jiu&=Zy@H5xDx8z34MvQE@
z>a#m2_8Q9G!tX*=?Dj20j^DEtG!-_+fF<T~lKn$TE$A6?61mn7p+`8ez~;(>lshzD
z*by)0tB52J5QeD*#Yg5g3tlg~V=+usC0A0h<ZwUJarC_BSP7;Xj^{(COc2s0V?w9)
zP2sa9W7Hr)Z*AHy0u4|Y+%f)8JilFEIyw-OpzYf$Y3G7aVSM$ivw&;dL`xB$(4bW=
zNq&1Zs#S{s$xs0k2sRZtW*@nbQsKgN4)ZR~&08<^AqPOjxA~BmZ2=?!Tw#C;IEhN3
zI96%bAq^{Yw`|2bT}Nzv_|eJ61uu;(v|{7x6~0*OV7UqFNNNs6N8-hq3%0u2otMka
zL#ov_UHT0Mg0e0Lp!hlj+`1PNPLjp0PFEs6V-cQDFmn5qo_CM8XktMU?#uKLb=?~j
zpbdv-O})~xQC^E%hXBW~{nB|nt%D;(o1W3?pHX430-xYrpuIV3I7`n>ieNn&dWt~>
z&tjg`>i03<B%!lQor=mU5VEiJSH8rr{nxK_N(t~6TPmMJ%L`ejtNvs;0yeI*`?@*X
z1`!75?%Ts^fYEM-P7T#-am=-i-+4V!Dglb6E8zvm`sVZHvaVkYsGf-=wp3NE0WwaB
zBV-PVr%2prPO7dAoLr^kVBTvh{=SK`ZXs3D0hWd0%f~<rql?m={M3HK^lWbn#^ZW*
zHy!Ktwgb6wL)Apv+XgrMn3F_^MP=rU4DK@HV~p`9ihJmBJ&C%7Cp!8TM||gc<kD8o
zZJT9pu#{aIyG*FIjq8l_T|=SY;Eo(D7+!8w%NSd;^?FQi6RWeF<#(tv)%08QT&<2b
zw2$5ps4~k!$M&*!TJGjSL09rt%kijV4H^#~t+rYVJuHFt)=i6T7EI`JSnA4J4(l~}
zOI$h!YGR><)0PKv0nJrC)csoi!y&*hW!+6C6P6lHK3b9bU$(;ZS$eSf2KC5ZVb$6$
zse?ZIe?H+$K~fHgS*JR4ABx-itp=Zz=5e&yAYF?AAy5DjNXOW{w2ryO{bf5tx7~dJ
zWTb45|BYV#r9uCrSM>j6Of%3k{yV*5{IB$?N>$Two*nr+9LjDRv?_eoZn!0}hQo<m
z4A1mS&rJ@yb+(!YO!6dX7sUGoSKZ;19RSmRK9VbWs>JbS>L_7)2N6!|qwcB0;nO>(
zC+d5SmUB21mX9uo)}3GnD4r;jt1q*Aym|3zI&6v1vvmupWAeRuETJ$0IgIZayQ7N;
zKOIu(kllNCt~-1;VzlQGtIavR^~DrKexH9tHsyZU;RwA(0QUbe_Kv}sZfzQ9Y};nX
zPCB-2cWm3XZQHh;bZpx;Iy~8X>g<_wW>?Mk@2#iazxTD)x^%m41q$(y)QP^&;LP<D
zm#8k6sM;<rluw-_8B-<S`yVUaYCN!Y=Sg>iY&$7l?z2mY9TZVU280d*4(HHl9Hca9
zIOm!u$(N=kJ_L*B!U8YK5mHs7Xae+Ckgl&~(3K%nlDq~=w}u?g4}ql12_hlcKwtJA
zw9$&c`hqm$WMhTwvKUm{nvL10XW;M(SJdIhk~n|RGOZG<Xlts?zVjCQN~%dt#Fpz#
z4dtg46LKT4)&!Z?+OoRXj?@9H>CcXzK$M!^{`ei#Plp1VAnDiS*Uo2eR;W!(cF?}N
z2bNN5zTBZWBV6XHE>MToRt$ATgm#?E_ZFGT+i0R?qKbBEJq9Dr933=E0VZ@C&eD6O
zieuns6VGtcGN#uF8ILj#Ww#SgA+fG8t%i*mNJ99DNCH&=5>y!T-evT{o;uh{zlE}J
zbI=a`>SE76m+YbD&jC7?h+}*oIXe_2SJ_rnBwkv*7u+`dvIpQ3Yc?9*Zb}0+^*acJ
z7Qtah4*mx9wHM29-D^rE*tmvvdK=3^P|MTt?iHkif4?C57saUYcsyNYnO@hNyFL;j
zX)-M5V}SQkZRV|}wEpWp1ofOV!Rx~ODOtyz2|)2PY&gvXj!pX^by1iZ%x1L|#cEOM
zw2wt7paw~IZ&m4#Q3z8bYoC?W^TO3B#|rEg^PZed>8Sc25Td4}fvLvI2EvclgfYcL
z1J0q*kKjvH1QPAHnnF~;ML`Tlv8SR10_iGG=Nig~y?j>zTNP)Ku9=6j@L7@m{BGn7
zce96v3;W<gt1yl=xpvg`Pox`}2#dZO2wH|xZeg$XesgfSE9o6!?c_(?xnC{iRIhSN
zj)0xzEB=Z@ze7eYJ0{&L*MhD2_7MCR$jz8BORa1pmxhu32gLAOk=L1LsRmjYb!abi
zwz5q=vrYQ&s;mgPH}Lo%5C>y>LFNRr)sX<+S$OUm_+QtiY=aMMb?TvvKxori`^@^P
z;Z=Ft13N!J0%Lj4rhUiXyxjHFuZ9dzKBnaFMSA1Jrb{Xlk~SYAoLEHT^Tnp{AG&ks
z-3-CVG8Ip`YnD*OK7*|G77^@Fb|c>;N2Hs7_Ecp8Fhy)1xS&iGGu#ad%d;tS>Rmhe
z3}Fog$$<UlDPVWjZ2J<PUKhk4Uu?g_c<-fzwBeaxOf66|O&i|V_%6ZTR1oW|+>O{I
zNwqLOJm0ef8G#JAE+PS<a}rM<2G$N0kHsN`^*c{s-|A=my#t=DgF*fRU6wIW+^Dr=
zv0(neLp!E2J&gjzZe?3LhV>D>?cmip=N8>5i|w<`@de!fW250;Q0{N!`Y)7Y`A08c
zplA9E(Ek6AQKr9y*Z=!5swy6{CWg}erpk2~UscwJ&DzGmM-|sjPSTnbmyZM00h8oP
zNZWxa;wA3=r&EKTRa)fiS34-Js+Y~%*4{Ne2`kLui04S#<H!iWQhz<acX`v{8}Uu>
z3%)xc$R~SXxOy3>OU3avjV7V*pKym4CV@nT$T5ukg}G5ykQemUL1%*BRp>X2ujZ?)
zkOO(Jvr&(G`;RD|(@(lQEk|*WeRHO=h`-heZ*d_+SnarI3O%IBBV-dmsmtqW_Zb5Y
zlZUtt8LHgW9oe?#er)+N;Y1fjS24=AEZvTYo$eyWuyfavYp~+P=LU!Z7&jKz=Dt-H
zh6&-Z8*DJzY9U1ipX>>#^Kz(lajR`|gKJ{>7_ih56>H8KHW~v_6dE-ZDEG(DBM|OH
zt5O>X@M+9u=Hbl-bH~TkCZa<qUrUI&rq_p~vK$!sTNs4{CX0#YoqV$0So7ovvO9)C
zH;U!<9(pW=3-XV^9s|TCZewpm3a~XMla+QgSD~V+woXmNb9|j?%QrX`MfdnOQtE>?
z>em{f0v%8T>XbU<<b#^iQ~s2I!87w)$L{;#Sngbn1cUtpMM%R~y={L;<1Bgp6*k)@
zz-eCL@o}f6dO6e?iPDX`w*$1(h?&0$Z^wG6je)`9y6L<oX$pS085;E`!!?egDcNsg
zZQB9yjW>R8%ff?1!aQfHJIURLe*MB9XXmB1fcf8%H#=A-v&y8Aa<C$-ASAWR#eDjp
zy;9}LJ!yI4Lw9&89TE&>C4HIwD8JX7C|i$~NCMi3bfPv2h+?x4%>HwjARbPVrr>lJ
z+?xw1XYA;qvh(`x-KrB{SR)<`YT8%t)m!%f3CGO>Du05Q0T(NU-<Qap3F=p~ZQKmJ
zE4+3~V*B{ua@m)KpZWUCx<(gJ$t+do10$H@u2U8Vr!j|*7spBE2(Pn_1A8{ZoutVC
zC=)v)kB)zk6{hNi-V=-VVaOZHJL<=f_&zWavh~4#C^aIiBcYC-WGhdDZiu+7$@M{{
z(VG&ZWmu_0M4y$rJ8(s>oZ|qOQzbw~B88Sm0OvTmoi=xrIAJW0RO9*|!-k;;meWzg
zrfKbI&sfz$j`OU6UZJ`#T5C-wWPn+5ISrUGaTbFXuc&a;A^)1hG_<3{FsxKt#y%Yv
z96ojTD89xajD};*db_{wn7Q@R_b|N)1!-=6c-=p6=1Kj+)!yNA!O$<b%J(Kri9)(s
zAvEB%41s*!)60*bh)5|t{jsl4>_$Z?sfV^n?IfRSZ7N@Tv1|}5UOT2_MCL4+i<%%z
zdw5<PU#2XuDF)L-7nfTH7Ic@bYyw1EbRH=vp(nU>22p9rc;rTGzFOwiXF+?fj?@U^
zu6qZfdDTVTXr(ujK1YCnre+AE_~Wdoe(&q|TlAhrVf^Caot)lQcTY#!BZ$GYYX6Or
zDnB)xbhq-m6lT>dB-kEMb2Rs*<8s{?1%%Rxt@#tKjUy!P2BKXTUa9f<uY-NyL>H_}
zu@DW8u;cYeT#GDoYoD$djW2>2_gU6Y4rE((0W;p;_TtZ+jy6SDl79Tri=hOXrlio)
zbOJ{df4u0x>#1SFIN_w4|Ddz8!HAp2jBpFhb%#quLAI1KYcu6_T7$oia@6ExT13!%
zwjPIJZOLx<YgM^Kew0_1E72e&bSW@7aIyU;6Ow5aN?BAt`fk@`(P8Vz+p<YxXIh<V
z4K>QX-fnDek@S*h=dUpLyQ9~g=e8Wz_{?8jg>+$Dya%u0iz1mrv%GU0VmiQAbcjSp
z(EX{Dojzx&$U20&qX|DLcKv}s9!=Euj0Y$mq==B&#zR+_)O~-*R|CJ~Q%y<sZx8Ih
z;rVYUXJY@SoRfi``G2=_et-Or>N%UfdBuM$iAn;0D8sus%DJt`WpE?Xq{tJ11q6`H
z<6|LzM;p7F`M5dv$*MR0j3&=#Y2@44y<BgB-twEosXaBn61V=aNAB0qgqu;Wt|CbF
zv)OmKnkIzF=Sb|=P-kA}>S@3U0GOm1+m()_Kop|(cQslZg$sN^cb~8$oT^g2`T4nS
zkHea?4mW61rOK894dF@d`jOy-sCiw5b;*IvK9vbd8^{#W=G`@R)9}52&(#}txu{$z
zpHa<Pm`IgzH%V#8b`O;<0k*Xn7jdKvzrHt&DAgS>!wthH6YGFCk$UQ<+AC<=OnOZa
zm=4s6SzLb#x9tmtu3(W|OGnlWs;T_exKMAo(jNm<bFfa|`ymh;%1R~3MUkCrECCzT
z=)E51&|a8Fdv3HT%N9_z()=F`y+gt1L8J89K;nn_rS9#QnT2TyE)EFSsWW!JMhTAV
zOK&VnNkV*y8^u63oJp5E>X+Vq)wD+LO@G_&%Ntky?h+{*J?Ns4ciA*d9fhTbAF{Bm
zUW+P+t&uw}Pu$b-t+tJ-Hq4i9PdAK*;+lstj5F*&!5qyG`H6ZGN;_Vj-6#YmTF&)x
zLptZ!e*)%R!I&l%{+U?kjXK-{4CiAljGNDMj`yqrw8(uG$@JS%4(H$xPXLwr5qzW4
zQK(z`CboKEy_)QLyLA;$?mF2Y%UGLz-7--(JsSiI<tzBJwzz~)R>RPg7l|p+==I_r
zDG$LD(a5`f5=KP;jR*C~KX|oIw@bjN<^FVDfUKNI5mIO^WEnsU;g!1N&eUNF<WP&7
zvQpFOnWpFo22}Xt%$YLjnYI@NTl2wdgD#JHn2L^!+s4M-VykA;kNVnKUqO=CxrDu9
zE;!_V+L(3HQSkL^2kDu@I;9!FaCqZ<(1lmH(+!a7yE^gYWqHU{m32_oK`SyG95`$x
zC=ywU88#~|U^Se3^J9Jyh6Ovua;(fVz8k3y`lco65d>s==agjd*z&#tXf$~xAO-0J
zg3VKG`Yxi+4co9>(+2zq=??2AfDR|7?^|qu>&Cl)MCUO>#do_3NgOp3h}R<QUTc^|
zJloR^7ls$Z^!Z{hD%Xt6qEPTioZ?<MOVFY+&)Xp1>kB_Bf_$%+$J1u9Gq8iG?au&G
zh!~8HnXW<m+pK#%zW`o%6R)1R(8~rf8n}P5j4uGEwZ}9>L9J7aor3V>Np;N3Ppw{B
z^bb>~=B|@;TUfQS%6eQRiBDnnahL19uh_oZi41SVG1xTDW~}r9;{&DgLpX$HGc7rt
z<do2L{w(wnX@%cXB-pYULRLI`<PD!!*y!uf_U^s?E^5fXYP(TEIX7nt-DTXj_yFdB
zW&1K@db(nwAO7^A%AD<9OF%^9S}(=T4gu;g8-^PkWU3N#OEV9Z%-)DT{WwjpM{><s
z&-b?R0#>2ODEybJ=HHm}H$Ks`|BtIC%l~c~V4!FD4|R_|>vfU8bdRH@!X))LB+_y|
z`0`i)!1&&}v{!_KTB4LW)`RNKj`)I&c)IHe`?1*gi+&0t!C2=P<D)J%!Oa2o$X`-)
zU)jrj*K7_esRTgor_!+`OsUbgyjjKcvS^g1c!_|*9rtep_7FSUcUYgl5sUyMYys6V
znMV;PZf$rV3oz<`x&qQQ`1n&m%{$`oKe4*n-MfR1F-z!tB6a@uhvyG?$^?;53>JsE
zS4SD1ClmkDpsBe|Ubd}DQf@2XaUOAy56@K3GvvL&o&STjck9Z};ylFFv(64_QXOrU
z8YqteyOX`Hi9==v&p7zAjlpt&kn@V2UsswqlK*GTo;Z6>RNP6wU98m~0t|`13Lv4r
zB4MyrzzD=coug<d<@V|9nxuG@iZdnJz$$F9N)pA|`7>YN-X0CwD76TQmHkmbZ3!zm
z<Ni_QuKE5O|9VD9o8;@18wri-&E*?!-I}&wSua&C*-&vV=n{sBBQtgxT&I&pajvkh
z5Ud3CHSqVyBy=V2Yp5Q3|G@|jEvHHreGHq9WS&}~2uH8rD3zj_VIrq=2f4PxB?8$w
zM#8XZXbG-<tYJxO{KQY7^8#UNZCh@CaJ`nBC<{;zqHd+Nh+R}&rofdZgS$=Zpwn{a
zfjeL*9jLJ9Cl7k*N4yIC6@MzcA!pW;xO)_EwQZH1cPsUCM6h&mm>*5$ao!aKGVuuT
zoEbe{b4SHgDQUc1#W@e&4>_)m{pUCCfrq+vnV9da09U$QoNGx;QX4y3S0j>hWqEF-
zYD`*UI^9MJsaQQ-+t8OssjJCKz!u(H3X-7i1|u^j#P!LD!%%H`m|9fK-~re|2c@}8
ztlo^Ak>*X8usq2tc+UFWZ>|}D<2_=Ja<~2qPV%t7JZeIS0E{D7MzKElL1C7sV#|8e
zg9v)d!JU~;sy%C9o%iarc-0o_%Vp*<8|MMRb16E<WBs5<3zqB_nglVMkMv&r#>wqo
zH=B}hP6~I8H=m^DMH^&<v0M1M>)lmv<9NxXQ%8Qv3R+5=dV07wVab8dUtPqzGoz~|
zP;B%ncjny18RE_CXP(M%AfpTTA4^!E%Of0^d2IsoiKz|-*>$fIjl*2kTWD$3YUPbP
z(83k^fbXlU4%u&B<g9PQLO9bVk#YsW`V<TiY-aO;dTSKAxsF*Uty#Bdi#@k%vj`le
zC!`=cd4Z6MPml+n^k|r}@y3ZgKHPB28BqVWLkfp{P8t&b;cY%h<>HW#<iD|rclsu}
zx<4rS6wp4mamBKVnnJf})H*0C{wCQ6t(aLA!Z!IwXO1>@z$&JcSrm5sxOqh^Xh66*
z^oD;uRez|wYHgq9MNUtdeWkty4f9t!eXQ9AcM95ViG@U*6mJVJ8P9juiH{Zc*uP-V
z-?;K$81%h8<@*o+^_%s7TZ$RzS^qOnv5Is;#<#uXTYF6|G#BN^fZ5XAn^3t_sXvrj
znIKFGfT<^hju#!xPJe&3B1{FuOqc-k7}nkVc-?1_b=g6N>UMLiQNQf!4%6FqMVS!1
z?4r;RIN8@lB0~_Z06}?n&aSie>A5$>25e8M3~r$mQSS?{B-nIgWemc|x%Hm`m|OFJ
zteLaHD<Tp1ggW)OKAgn22o=EUa^KZ1*%F-=@qhy;`u6mOrX+&ofnw^Mvt_KaVXsh>
z8Ie)FIPR#oQ85)uQU(X(r~Zb5@bodV?}Rcynq7pdMnhDmt^H)SAua(8L9Y0{@y>e(
z=B)5YU_sd^5DDLDwvsLQYRd;)%+8FKbSwwe0*awzAUD~J8bVWZ@NvBo^^1S62>$_1
zhJ$u4HxiIF*v>cG&WrU>FEDTY`yF)<Rsr6+>!Q|~ZC}VFGszzwEXxiWJ+E7j;y`fO
zl<M3LF{hKaA6T`K^j1(G_)?h0!)h`*JIxUlm(n2fg=1g*2UFqQLB^nP(5_vY&DLvA
zV7kecW#6$ZXu)NkDwVG}4emxVcEM<{FacOxTSUtw=pB)`bUbv*EE)0pYfh7Tu8UN|
zxa;@t(NiEiCrrO&PiK+gF(aXCW>pj?%sP3aNn6lk*3|aMRC{}Q;1onFXoVr6hW#@E
ztG-q4e!KK?8e7b|YIemb|5jJO@ldl82Av(oe)>g>DLqhHVp<N^I{!ntm+Y#_2zsJj
zA~R(=5=4GT=Ciw=BxVA6Mkt9|7{#Jd_IIz!7A<wVLetQ4`^QoR*}an$;BuXy`jDR#
zxf6EFQE)#hvTZHpkeUM1Pb*UqhP#KP4rH@9YcF)Gu_rE@cYxIB!k;`^>6`##D%N3*
zC?ZtWq$I*kI=OD&TU7k4B<z>HZO5DS@FK<z`pP-TY$lk>lrnU6!ao$tn}SG>{dr`%
zmhY#w2$)xXWT1DCx4F+^Fjs?A++b&HwDm%-KS<$4RfQ=^`ibKEk!P2?_adb2u>`XU
zJIvxFjj5tb1@uZ>8L6K5JtwUII)<^x)grg3*QN84&F#iBfVQg<6KzmAoBoO@V08GJ
zN+RiL1oHc)bECnjYF{2vF~CS=58A5NmijzspW0t`$<!LMnO0=E9QDDa@7oy&mz&|+
zxrJ0*uNn$49<DvV%Ql&#&ST1sj#(<8GC8ME(Tj-+GRU_gg{G9YQah-hy!T$~8CXPS
zm%Z`uyS@M%Jz*pM1p)q^>c6I*<G<@f8R*&mjqmz9Xz+jXT~(^H_IrPY3RE}7#;>M8
z7Fk(Yy$S-QT#UuVf04tdaZxk_G>H(!i=}(5dy4Zmsn)}?&a5gxjm4_XwLND$IFe@f
zkpsRwX?qz{U6*u#pshjob}#lv?BfaXd=|??iEqgAGuT|Mu3EpZLgN4_;jcn@rx8lv
zzZSwbw5bw-$L`3^k@7<{Bt0YYOnN{2`xchr_g+Li-(I;x*r5#O@VFMFxtu4NmViL`
zCk_&lbomC#V;26wf+KqlfRsvPW=sH;TBhE2$d(@{GL^wmOrjxt_~@Rr%a}M_3}!fO
z<03*z@D-wIRkVN>&txTl>~-QtU(<Ka2LO*7ky#-XpB4>vP<^)?`>jrYTsf-u?({Q&
z94sA^9;uswbj*$ADL(PVtYGxzod`Qs?J(6$8XZOiRFgq(r;q&L=r+WtrrfAf>q)yu
zP$bD6I3Pf4qDUjDzb1`QOU=+QP+m!A>ax(whsc^NNd6=fYrV57Z5TzA4#w|Uw2cp=
znxD-p_^MfKk*RpsX^i1Orx~kMpS1y%E%*>b)k>0Du}zl|5ar4QITi{`a3c|OpAJII
zqF_0-W`p{0c&AqfMQD?1hPup8`!_Xsxt_4FOw=G$9JA=RSG>rJ49CdG&f^x5?ig!q
zx(>;AI(qZxwr2`iQ`>gkG3<P?K>2q?Ydl2<bAkjzS2EGDz8}>^j(bUK(ki3ohc5r(
zgv#n1exBNr7LU6k2FCBq%R?o={E4=CG=AD@N;=k3E%0G2i#O9wQkxBl68rlgBT<G1
zd7v^r;I&s~WDdpSh|e0-7Jir9HX%O3DB%?7zMdo~{NEZ$_VukH^(tZ|5gr5<L5}sU
zqN(-lBSRlQnime<K2Cw;>|*`ZSydGl{kIp1uAdtMs$!ydh^SacPl_ylBtmEOS_fFA
z-@;?#n&IV<yF84>h^=ilJ=|mlU%io-5$20pvo-D<O*XGmD$;Q|R5c?%*`3wN==`|~
z%lAEhz1d1f$?3FRhzW1;;oEX}f7ayia@o=$)NMQey{2wgKxM+b;VnGrjJ~SEi(r!k
zQKLn8sNr(<*)5%zQf=}0VP8OFhyCjXihtLcFIK_Hh56VrS~M;~cKJMCC*pCZyq%kw
z(V~UKtI$Xdh*$R47)3KmZcuVlTO%;`huMH_2P6nlt1a6c^K^yRr^rBt3pJ91_sg{i
zwENR<%qQeIc%);P&M&6`9rxgM0bYWxM$p&L_$<3V$lG>QVVXh8acVlB$J=UTH6y(8
zLHy~_&Wwk+eHEMs|0xuo`k!4AErRXd<|a<f{)rxizvwDwSW%U}<0QLCj-0zD-^=g5
zm+JZaVBexv^EUKoJc_^6<H0a*L5P8bo!14|?FP`Tsz5W2QX=+d7qWxC3_7xAez)Sn
z+tiAxu1s482uWKymJ}AUwoy7(qlJX<_JB0VaeVvAIQFOQqZ5;!5p^lL0+BZr{mH-F
zQr)NzYv#wsU<c{?Q4DJ4#hHfXp(xiDoR+_eZ+q}aU+2Yhb(!gW{sG&9x*Ym1823*?
z>f2%VKbRo)e`A9Fjt2anAXlXN|K`|X+*i>;+mfl(6<R2E+BGeGi>39^xly?PDs>}{
z`yoy~xs|TlEqErczC;^446ha!yxrODc7QDv2Cw*L?cFf<_VF_~>&dg$rs+Q46mA!#
zM?94erwEeb$cmflGTZ0gGX!8#R;53KCBHB>9%V_hM&yZbSeA>}8{mA-1CDOV$D>;|
z-tcVTwd?u)brUInCPwG|=%ekax)bY?0m_q?P#)lRgPdQD>a-_0VthJ6vQ=qrR0^%O
zTy408s~}i%7QHj~$GRYWR`JsCRO*Nawvge~1%$W|&>nst_fm_mkT`ri0CjnJ>#;t#
zsy(PkGaPLZJ=90XFO7NJ1_|=Km=cDWgkK_ie^3--J5DmOcd(Gt$LbA<OgK`xSp*B~
zMdoVta?|K*+d`t4Jy48m)!>-IT9pp2c8?!PH|!D%flQSt)hT6Q11f-NTHA6)FAawl
zXr?igOhL!fddD?2a8@vp`UDvA;D5WHQjZt%32F_u+Wr7xa#7gi8v~{L!)sbJQ6Hdy
z23gYrJJDNYDI4?)^gxTa@K@R_#_VG@Wph$^7GRTn7Ck>3s7MjdCg0%%X6Nhqe#x`V
zZf;tG0ab*+mb&0~8v?0>%WQQ)yi^>BDqSC?KuDVs1_-@lh_k>3k$xf~GkH{dOU0p)
zhjClF;Lw609Tm#@yk?*;tN*yaIX3`DKnM5q69mgBLO1<A$9&oz_5(t}pCVoN7y}Rb
zs4*^I3Rv;8lIUEuX?~0l*&R=W;)CzqNWg9y;v#jj?-ZBe_D_lNnKI&@fuS(%#v<~0
zlGQBsN*#O93W?Y%+2cnH<Q2_K;!+GMVPN6-l~ewjX#RrLg^Z=gSxUr4BNVLF7EiFJ
zCTrzQO5Mh;G6eD&9!_U1T8<!fF4VfUG0cqxt5LBoV%{h%MPpP3>gHuUGrmWe25!e3
zElzGnLiKAUU>4J+Q`GXenKU=>A@%`2HXKxU*~X<5s-jqy_-0Wywe7|af=pmNGV1uq
zAp_J>it&R^pDHV0mL_!*t`ZH^Ve6vRZk)IKAowt4^b>Go+IqSPU@On%JD6-kUc9(}
z@L5Hy3idQ}iIp%U+kza+I-A^D?1sS__x;fZ67wCAtrwBjQrk&k-PhdIQDIC%><p9!
zhDsK(tT8I6wHq>$8QZ11N)@*^hNF#SJQOYVA(G<YWdwtzOkn40mo;@A);&hX^fB9=
ziWX|7+!;B}P2J4(=|DbWIVS&@d1k3&JLAxo2;fPDF!vFSv=yHFEg^O>$oW!R=4Bf1
zmmp@DD5)V(VyMv9>oHHb%B3_?qzdGxPKk6Qk7il-Q`?4aWtDSdQ^dI|@$)aj-C|RB
z&bEebDQd2<pNYEO^J6_BvBUuAU(etS_ySC0o#&|IgPQgn&r;gh3i71^NTlIIK>}J=
zH~)-fQuqbA`v`y8BLL`e9s)<U=Hq$@J_fwRZ@>f9c?I$w28XAk>4ylu)d(HCX}9KO
zQYYjcs(~wG5}eskMoUd|wnBv2n8%`i3h`Xl8iGrPm4dBP|0!hWiB(uy)&h^Otzo8T
zxqzi=D_%kA=aGeF_p46W?4&n~zXYXJd`%(?nk(Qf%A&hu_{*J51}Xl<49X8bo;@7=
zlHL1vYP7)Kbc`>)mZkEh^vQG16${hhvTEciHDSY-Es>i)^7qcMqXx&FAsXdJW8eG!
z$&^)UTm1xDy2n7XV~Z(zuT}~sP3W)nFHnQFW>Hp4!&V&lAony(LUG(f>+W^ZG%6+i
zYc`Tgc#q{n89z=G15G|!cxz&l7O72QvBdb9w5CE(XALc0jA~d=j@M-yBdX{h52lyF
zbED_uMNXXIJ<T}Xcb}mB_5#oU0`mW4x)_)l{^{*xpyy!!7v+}YuU3Np0OZHNvtB5h
z_f%K3W08^J?iQy%uSl4j&(x$EP8<RKVnYLgFnk-!jqVP+&;iWO;!a8GE@pveyfPiG
z0N+7_se=f)_Zn76d$_0c&f`%|^jgLoe+G;pe4!<PPLzy;s-;;Xtz9nnkd(y$+=^f9
zJi`=F>y0JHTE!!91aW*$jZowAH%sdDS6nE@7hBe06vu9o(&2x#`kj(wb-TxH7>~V?
z2))IDn6>|!N1QOB#FiF_|D2wD92hwVcdadE?N6*NFO<V3b*+lLvgtflL7~TjOHtZi
zG@L3vwTD#Qr_6||`=Wl1({6CSlO%S6ZCVpAg@%mYj}U!bSgcK$x~&2^M5tf0zjQ9I
zHsbLu_Fu~c+F|;7Te%E$QVd|NWlHvUfCZ&v<C(0Yn9$Ugd>fR^+2~g#ClwHte}(wO
z5RL%Vl&iQWTtX$#65qW|tL4a09OIRovK$Uh@IJ7CLHMDHd1)At1ROnSu87>8L(j4&
zgu4&7U2KpYf0zgx7FIEvI%zT>FFCdj5R>pzR7}gNocJVZ3y8PCgoZ7!Hc1Pmb>GMA
z6zFG2FZ)Y79m-izB9}|ImWDDOv*+{A4ozVl#xX1FCwG7ie%h>Ba~cP^S9A<)>0wLe
zfK|u-;R51*5g3z8bO`L2U>Ndl^grtWwO)NJxA*E9+!xScu9`rb_l)V(r<|&|-hOBi
z0V<SOD4wK?$gGo2a7ipc9K9|=8j=xpgS_VZRU)SyuR!>r*83$(u&<sqTkn5%uUI<Y
zm;y4D3T)HvC@#%OzyoI~{EBfCkoA~b)!f~1BpD-ZC_MNUac{8=5XW(Qeg&G!l>^vJ
z=<tX~wBkZCvBiTBDA9@&kvq+byo-tAJ(ttgQqw#qdYafjPzPQJ4FN)Ipae7yZTqMh
zonXr{217)X+FCSdDjI>zV2$(rSssjl#x_W8Q0I8zLWGZ?>1JwjDM?4G6pawfYX*gA
zq`uuixl+Tn4C?-3@VE&(eSDmRcF{;4s2)c;M*{m;$c0arhB<)Kp!eLA_KqDK5jcZx
z@UreI{S`Bo-rm}u`6MU5FB@*KfSf1qm93%baGT}?rYLS$$0zROenr(<0HVpYx1do|
zm3iPy*1#>Go4@51rp9(BOZ9Y9$ylasK)fbul~wHBET4!GK28<fA@ia<2478jU)q<n
zRu;d0$G3=YyCS?hkh9{LqkJ{lpc{pb__UTNqy<8mdObUQ9eUyM{vttV`_*11@pJgl
zEh~Trpl(~aqRB<a!q>vcdy0FF@iMw47&}uwA|<$a7zj3KnA{ysC4-9G_LD(2fW=YH
z;9Pmqdu!)*iCL%6l3mvoKD&06&eh$c`<b}@K4aF)@~%0NQ)t@FM)r8Oqr}8Im?z>M
zd*Vk5c9Fa{_d$CpjU%JT<$^=sZW5YNLdXEacRLOHUMiFeKjL#qnOH#-ui1=s+fbeY
zmh6Xi>zf&+K{dvk7OXa-uO@T%fEgQe-Lb+rTvA|<>#AGF@)|+E(6DAYH!;j9LFp}{
zszjG?0&}0q6oKO90i`42E-vTUgCUi>In1G=PVWg8?2~=ETsH5n7DUYCp$M}#qTV3K
z6zaA{Hz)XSP~fm<R(g$KTFTfu$Jbp6TB;xy&LCV+v}pMFrE7XLnWrO!AGRNFuLN6A
z2DnPPHys2xIh+%w_->t*ZW1RKZTB~x5ho#Cdgxq;2K>x4ihzd+1CN+=?c>UL^aAZ&
z*+?X8ozzkRj}i;+W6__)>WgX+?!f^Q`5*m3IX(CkvyQj2=LFXYUjY0znDhSv)_()=
z-&`Zp|G1Ge(Ekfqe?$0x0@nW@ZI)R8(wm7*nAnBUfGu2_JYnnrATD+=83+ZSu|kG!
ziSF7TKb+)uHhY%u(kKX;jmvg7=mV;jKwp#Wb5>2(cC~?;d5FK)!W`rP1Q0r}cq|`I
zF(kzmHIBt*rH_+o0KledcQ6~~-xu=wpm`$2&|A7E$VUQA&hNUIrxHO*aikOh=hM#C
z?o>XEnVUnpDQ1T)PMS3b9J%z^nE>|uL1+!~5Cg_+FP!OL#f5Qgl{>}*_xAEf6Nw5q
zSUL<zHN6g-3&ZSC`bcxkL2>x;qa*JP`TX6esLNP|>UK`L=5Xzx2SZf9VkPxZ+|>(U
zHSOuCjB|f9&9;`d0k*Ll0Wdgqt%@1B0>Uc*eqkft8nuXiYX}a07^*F7nD4i==avZB
z&mv;EL2DUUkPdJ~0A$TxksM;mw!#368>MZ%=&e{j0u7zz(Ad^7OtzbZj{v|}fy~K3
zlz3qfOyE<odJUVuw6IviEjVrb^whWP?0)0%gG`g#9k_EV%GSs1687h7EtOYUQ=%zU
zt$$(b-dm;Yi31KJkEa;j8?ahn@Lw@^4217=#_BtgQw^5cE{Pe1xy@t_<eBFzqxp%7
zBk-fRlHAOTG_$G6W19(-E{?)C3&skOaP)6Bxfc^o#XN<zn2UJ-qCw^T=9n*nk@rS~
z<=2E&V2kREHOE!^(2MwnB_yAM^<ddMvy9ON+o98zCzqH|n}1sh)`jbpY~?O#u_gVc
z<$VZtC%p#EC3!iQab(xRfO9vV;$%98H?T&a)ObVq+dIein%U-M+7tbG+#ve;%ziP^
zytK=%({rG2rXqUIOIZwGS<ZnVko{!W{mP6rDLGFTkfoiM4^`QDdDnawVwJ^I^jpQz
zxy+7>S_gVSXx8C|kC>0#Jp>!t1JiLPUuXJOO6YL1#rX=vIc5<z&qX@h^aEZM32!5d
zd*!07_+nP?<5Jer5+TvLr7l2VT;wn+v!`f1cQ44#YOGvh?F2!pVD0u&rw4D&nch0X
z+RdK1Iz7=5ee{&nZINZO(dKqHm%hJYlyjcarevOyq*|2X1CJmAi6HeD%np6ZX*!oX
zo7P;B7`f&3w$hdg&uXW`ZrgBv_25}zYSpF4AGpOm6rt7ZC4gaP2?8;n{$b$0oz*h>
zc_h;Swj&3m`3m<jL$s{rhroaWY??LHYWYxhA#-@>c6(;6IjO}h)D1a!#i)EC8yI2Q
z4`##gL!T_kqx*?qgks%S=&P=K{Pcv3hyRTa|26Y}vy%TqmiS(>`oHgT3=C}l2|N^~
z{4GlaU%!WUTPZXVhRQl*)@A)rT~*)HBM(u6(}?9>0~HEPHT?XL__a!(#*klJ7h&Hw
zUlr5RafrXO0)gX{b)|0RwIOP2NeyzgCrSk&aD)3t`vp4G-xV-Z4P3Hollx0AZwffm
zS{<^b>;Xy8awHb7a*N4d%$sOhgtoBg5pJvGO9NsxA}D}hQ{(z6CmG>|!u2bpNv4WU
z<=RRHAP~*@dxbR7`r{jcpyn2dt__kHJ2JHa=*A*R0eHF|zdDPjU5MKgK=uBhc_jY(
zD4ZP5061N(pzIXyB<D1_59b{7i`Xyi*mxzNYPDA-<kk^k$wY(YhJqQpj<N9&Hc7QO
zvi(N1NZorzMv@eZ*6^+Z>ARDGWL8yCCRWv-?K8VlYaKH=cH$F#Q|~4ZvOn++c;tu6
zT+<5!ptI)UnSoN8+%Dwi-QYM+_l(<uoJe0BwTxzcyODb+&HB;E-DR=*@x^(7lhATb
z65vv#qBVZIf5(K)xwOvioG>_Q=JEieh98oRR+#HiBJQEA5Y(-onKUjrdL$x6u6PPK
zs?*c$?8=~*_0QdEYJ0go2s*!v5Y|27w(2%W^kS#tQO8~sH^r?c+bU5#=A?Ii;!4dx
z#{GFp2a<O!h9(-F5aORr%}${>kyiJ2Os+Ids1qd$Sy$F$a%fsovC=M;;eVYoCr}hF
zNHHajqtc*q>UxK9vEuF;5rl4BVs+zh$I+|exXM0NXkr!g$}#g1vaw%9Gb$i8)}DkN
zc69pH$&40Rk<?yRnrl9$dSRkWZ%Kl!N~N4sNPCc3)}c|x`5uvM<;H_$DejbrYvsQr
zv03B;zmUGeRkCRJ!#Q`ceuTqFL7%kB5d7F4EyinDd%iP7<UyBZck{tWJzD_vQirjT
zCh&q(1XOx{D-DgN#?X73UEZ&x$(fw6NiQSG&Ge>msXcxHBAvyHm!Y6(=}J6lT%sI4
z(SAC+81>k!%1au#)hPAYVep6s?BT+p03H5Bww2<uZ`CKblB=3SFuej<b4>-6GEyTg
zW=mn(tBA#mNELjGlon4-^8-={fc9c`++MXpi`KFr{c;@nJ(;2?Xv*cIWk2GPx0pWW
zUn~s&HG6-JDLd1DtA`AX|Dql;F#bpCVUx;s%^W?7_qMLx)&hmo=Jlo!vXHb?E0~@L
z^1k3Il+riDcl863?looI85?dTDqjbT+G6_8l-XO>^#$|_L_k%|Q#RVtz8i#vp5BaV
zQ?n;8z_d!wXavE-KEx06DrzgMqaL*t0zMB(XxC(lL=1ft!TNeELzukRVA_5-k{~C1
zJdzyhNO_c1jQBDqpHF+B?vM}g=SuXj$6@msT1a2JKu_>~0OAn~{|DZL+lx(Cu!eBS
z>^mGZ&GdRy$uPst3v8W)ADg}g>vdCh2SKAFb}+=tqJ9-iIfh_vGN4t~reG<aT+fc1
z<~Q1m0q3_M@tet?9PuU2<@esw;k?hxTi)j%&6S{&c)HCPbSFdE36XYcVofmu^-Aws
zoEIMRq{nwaE_7#Z*exhJlfN>JP*H(&lBjf0O-$TxqTk-zQ+xd^h__>4+qh5&DrN6&
zPR-XTxCDd%!a=9Y#HgB+IvF1v^o>~TwNSvC=k4fLXABf67WT%{fhNuPB_XAJdDPUd
z_*jSI1%F56)3O|%0>GxB#4afpZ3eBWg{Skek<^sk(U9sD(c4mGAHP#kE!XNZPlG6Q
zxQp4Xp=NX20=WK~z{GGs-4pi)L!`1m=ei;E{jUF^!?Z{PzOj9XSq3!QmR*~POYwrk
zpBzX;{Z`a2u31a$eyqYSHqA+%QIuHRT^hb#*=xuR(UG}K-g_1bUl)<dF>Qw-SRZ{?
z%Ysh0PR(s*UC-<FkcmRom!=e;OA8YQep*10ALciGK{<Mro{%%n1ZK_I)3B`_og(+j
zaIVSA#GLEXoa>8I?NBN92S-{-A9I?reC9&p)*Bmv%f;GMmPQZ~$lJ7Z#sfoer)QDt
zuRKyg5|N6tK?y<5A&QL*t}`)+wV2G#N&-hphKfikTY@6y@TcnZ%=;H{i&cF}u0DP?
z=BIg+{K-8L+e`+}?|0#+eD~tDBZ3#kW6ukz#ZQOJRr$qe9~;u?b3$XiL-07Y6!JM+
z-iBzof<Sy=71Fon>Zs<nRMkm-UrbWn_|Y~skVX%Gwa>SS^Fu;)e;3!VXQgL*`uSsw
za9XTO>g-t_S5M#$wq{(Ek2Dqscd_wD93!zZ89|xY>z~dOK%NQ5YnYpnE9PxAUcjD0
z&%}Q@X8#__zvq|rpUOrChJQ1=GyG>}_bQd~_-}_~=eGk1twW#CGyGr+g@eaUv3@Wy
zOXAR%lrRobd=#LOw#ZSun+y1c#v$t>K&wiEV1{Y_1n-7vWe`wv`_e^2o!3&3U2GiC
zD<S|DMDoV!UC0|m4?&b5wW;O7^8UTy5Cg=tXAa6+3V}2@bujj#3T)L6;Y%Qfot7l&
z5lV;LM=e?~f7F@4&8BOuTT^g{v+w-6G6(5AU@@1Q%y(ai#FkL&=ip-o!M;V;nx~f4
zFXGlcN;*9kL$f+Mg>opJ81gNJxTBpl=Sl~y7edI)@5V;-*rJd}a`li-qxdk7<V}Fe
z?+zNzm<whDTU823587Wo3gmq|B$$0}MsC_}_^qYUq!nsaQW8iC(ZI*~JiRFbhq-qG
z{dJOGPbu2^`aj@&82aK`0K=A!$+~}+0fo=LHHKq>V{R}JI&G%beXjP&$Q_)z9tfOj
zOu^1E3+7{rspr+Ddxi^6GGNe@@R22@Q;n{4mm<o}-$hYB#5ka56C|F;*_w3_w>z`F
z`uInvoLd)L@~;RSsW}8c6ar!9ljGDVcP!fYN(5$Z0(LTzDavoKNJS03us3zcNCBz6
z(%yEhgxZZL6flpFO49g|mv2N_A&DRx>N}Pb?*#}?E7Q%(HfVVf`QZ+vLoT-ZPToGm
zD(PlYc!>AEQ04cd6PO3S>k3)H%2$Min9z7yE!x~ZP@sQn^9*s#k6&zegPqIlF%S0F
z+ZLJV_4m$p5&fR3wF)kC>WcRTGV#f^Me2S0)4E2O_I@-fH5n|9<8tdSNx4l6p|MQq
z41hk8!`Xyd(@l_gVcs|i6q!Gk$+wsS&xHZQHXv_!3-gSo$K!qYX)p;rqHD-$Uw?ZL
zHoPh^@IPK{&)*Fe#>voyVRyZsXPXb`v(E>2IX~P~YjQ?*xWAiRoGnjhyHZbC?>a;a
zSrrp*l4pg$ubh;Do#8MMaL@m=NqFX5xv3YMCO#*STr6Xi*7k?<VrKGXYa%-Q8Lb|1
zYZ8W!NnQ{xkUrmTOnPdtQSFU8;wP~j-uVlX1^W#9#e(`BEREOv?)<aMpT$aL9peh)
ztONFrVHM`DJ!h(hQgr<YxQeiqILG?7s^?QoRz9YF_G^xbTN3I1;pG{t%P{*;T#~)O
z_&2HkH-4%i*XXLxt*SadMSBk~jl5QMhT)G@h5_p)E67CD<{6L4No0D)PGB*#Ifc(7
z!=(g>Okc?-w0f*g{QBlTy3QT(D}4Z?aRto(1r7c&Omi^*H-XB){4Z7j2Il`L`qHHG
zPrz>gnqJew>Ugi!hLENq%PegM!}UAjXGMz0t`K_=d~pNR;~8UktiPW;NlPNFus-L~
z?ZA^YZUP|&;pes7v-<n(o;5h=N#I*0y8#Ozd;orrd?gMAAA>--Kg!nrmdTz3LI56R
zoBh!#^GRZ3LFU?22}2O}bvM2P$)~?Pz^3P8z5~g#6cB`6PuZK@nZ3FAaM`?%w2IeF
zs(D%Z1Tdn82>e_y;tMsAI6Y+hryaK_#S&O)V?f3h$+sNSrMn6^be(xWGzCyV!VXWK
z4HzL3K;E}}VLVQJ(ywD}(u~it503#1W+r?y4IIloY)7Jk+mz_(q{}c8(-E~)QLLt)
zga4Ro*P<d1%g@D%ch(*117cez|4P;xa2NeLnxuAOjSB2Zi^pgIMnYZx-L0+wj8b)N
zX6MKD4GBe6+oLNwSHG|++O=wm7?)D4f))(LEI}BDX;g+n=mLcd8cl&Xeh6TVu4Y0H
zHt4wp26e4mO&|w`yOZF7&C0jZPHnolbKlc}c2OZb_+vpOkfQqMwR2v96Ct-4DbSY_
z80k*PvTd}(?gtlUg*PV&hRXQeI>i@D<6;vw5q){6V=FY<$tXG37-Ju!hjC{2Ch<io
zC#5#rP4!fks&gm^^`oLonS|HCrfV=%o%#b-pg9fmB%EN3Bx)oD?Vgyehl^0L`0@<Y
z9yhUJ{F#(DUo|rBFm4T&r$#ziGakFeM=#(!CxIe@Sw*(O=J>UE^h>-cVp<C=Xk#To
z{*wKg>lyI<1&Z@Z828ydtFEqy$sg}Q4?r+f4`ht;`3df0_iOqY@6;m0l`7gMZB+iH
z0%sruHM4B#uBPX^3P?QM1TZ?g1y7f$u9xI%G7}FznZ`aaR@eM<#NZE8kmXr)9{Qi=
zz^(aw!;Z{GaJ-l=LDGBkck>Iys=Ci#W^Rm3<r7-BLkk^wK*-yqvvs#N4H*^JQF{;J
zdT150BiO~^+lm7_3K+#p;TB-XX-pr59h;6P*4pLo4^G??0LW<*RidMCEjI(nA@3FE
zPZ<wIyyeLFTlmv_C9vx9yo88C;!^SS&P)hX%3XQ~B57ajs>0%Yd-A{!g4#Q9ED>S$
zLnuwS!($bj7brntn`hVB(=j0^N_N{R2sc5FuyK95N{85Q3ro9cnb<D3&DP}A;XKR&
zm*y|s1P*biM&72eF;8%F>?})tztJgLox2k9TB6ySy}`pmUJNK1T`10it*w}C@#wT)
zln+c+L<*}XFWXcT_<+ZyLAU*{X+PP2E_B$Hw>oq^hYE&ll2rkRxF6)MEC%&3$;WXt
z(CAt-J3B<=UjB5%GX=KLHc80Em}QwvjWT2;@XJV%&xNE(u18s6wZowiEBG}Da~2tI
zA%;51<FwfLtXMHu`>dCOS<~eMU`c2G{x6vHH_-e|6w<T(w{*|&FAenH+Wucr<o{FE
zxm1ys-JnP4I#!*4l?%f@<`k<+wAO4wN<s_W@%_%Lj-`{avg`1a>#XVOaIR9Tw`=mB
zmi2F062*KNbKPejQrRMajXVr-+EgxwASzV_^*O4m^CS3QpO8Npg!+?!iC4`rHgLWr
z1#yC?b>4w(8DWw7fsn=~sl-GQ&h?B6t^`%qHS3Xg)Y6OCUHlq-s=6GAL5A?exv*5n
zXFTsco6X(>*v9~+6(SU=-sZ$?5&y|8UP7NF5T><Y>nQG^QlCjd_TsvSPIQmi8l8}e
zVZ|!|D1%hn1rU_I<)acA>s9;sMNSlfO+<;KxN6?YJ!*_HH>LvJ(C4_B;X9q-@FT9z
znHwc2di~NT48t*0G+zlDA*C3fG$HEGD~Ip-L6iejh1E@G)3Du7zv)ht`qTM3S+^o%
zkF^;eKZ+)J9SF0Qh)%%6HVTZINSZ85`^hVLm)&493Lw}vqsdOcWUm5a7H6$5dA%<3
z@YLMsFO1(S<XHEoV}Y<)2*T}8!BRX>aTeuIEf0=3C{+ac-ahjd_)qE;KbzaavJL5w
zXBDgHK0c&OP1obYfvU^|+klq(JBvUm0NZv*D~{6fKxFF8a_m_O;2(?iEb>diDq!_f
zTG2*X^jJ7*C{JM0jc|j5yAUeJ4;4TPusCl#1}ug*SPZtnwo)V8cFep$5d=UONMteR
zOMw@t-qO4RAH62wz|v(1X`srW9o(Dsl6Agf_T33mFRtRRoWfWaHFs66pLLdOwtagr
zv>>-u6ySs;>`laW+nzY)LH5H{ULzSE6awuEnm|9-fM{n-J2-XvK$!)Y6el6Bh2RZS
zpSiN!8AN1I=$y{DHA@Tzi)02w&zU`EPa|Y>_g=U6!XFmx<$41bm>8B*u*!WGOoy)H
zh&pG`d(arg?`qBkIJ45f&%5d1fa~5@Q0zDVn|~RSf120X=vn_U@iP2N_4+r1_MdgH
zt9&m7|0_tKIxz`pZq@c~?1v^7ghjDaC^5kdJ`lpf5#Nm3_GFJL%1?JncTJs=NU6?X
zSyBiQzLB>2$MssgWrqo_oBPc}-GjGVR&UiE=b|h{2ZtQtkE4-1m|3Pt?yRQkQoCl)
zqboY#tET!u4XE%Kp$P{H^tA9%>>N2PCVXybm+DRX%lLk#QQCAK`?F3LZw5ck?aO1>
zv*vEsy;kF~Wv|=t9>82+1A%=;WX!7Lr`^wxHWiU1b69jXwckP1L2>1n*xiWjTKqe2
zZIgCLMbt-ba0&Fr;$n~J%IIw?TRXCj@OpX7QYJTV@6#YtMi!Nt2=&aj0oBZmKSzws
zRF>XTa{S1Z3cc1j`Wnlbo2#_H{eF#TnsU%P{H$%sV1@>^VeLT*EFz;KtdhqsW5Jj$
zGez4W15b_@vlOLCBJ@<Va^z+F`n3l8$-ExL;wZHg6CK{7)OvAMpGC+IUddO&hS~{R
z;aDB&ARJY)&Rv(_b^U!1=H+74h_+EIti~sN&`OUXdzSHihdSQVRBTd=Vh~2+XZ6Gr
z!Q!z#qC;^x4X(T=%Bp4<#?E^688sEk`>?Q4KO9O)Q!!M#Do=`-HIH6z#Vgq$;?Ig}
zG{VnWWR`Hj;N3*|Yg)kaSki6hIy%75zn)@%y1$>Ma?ACIU{nz)z^?PV_@D(<3<Tjq
z2!cRnF&@77WZ=ivhxqO7@{GfHEWBcRxdzNLb-<Hjh)<7nm+m8N18|RgeZ@+sDuQ&h
zx>ND7hIBCm;lOBfQeWf;H!J0v>?ez%H*iAohE{O=LLq{a;?S^8yC_#G<)n9^)Ad^m
zGr#E|Y<RR#HXm*s!WM#41J{9q4)zW~B&@a|CEc3mBVIZl^>J=>=yqi0D2_FLNH@Bs
zyI-_%%^>Lq7~whT5oF0fts{zfQ6D+S4cEnv!;aC`Is0iS;+HfuldCtB)yQkYCGcU+
zCa(Mx7;g?aiG#UuCSLj&E`UIJ^lpI?!@Brc#9&)$8$+;E<quot-7+13OF_S==EwYe
zo4J6oC~Dv2BM7py+m}NG6U)!z{cLr_`va$A)k*e44IeeW1X_{{Eg9GmH!dyLhhqgs
z!NBPc)+8>`2i*L$0w_O@;Q9yVszzSjM;GRqT)Ti*qhHrUjGu7p&jJ*1<}7D0YtecY
z*nZW|8c@W^p0%dI$qksdB>@}CCBKF?#T%9tju_9Y{YJ6Sve6HenZ)Mf0bTNpN2y9x
z^Z6APAj0*4QP4xlXl3Xiw8L#tK9Cd#=y{TEEW?+qXMEUSWf=d082>bhbFlpn#9;di
z9R50N|9h{?H^uiKovMc_(lLKUBhOVQXdtne^1D%UL7PSF*PJpd{c-&Na>F%H#bHY{
zFALL-(Ot*BhF&;nw$i$n849ur^GtQ7xed_mAVF2Pb(rXI)bI?}mg7PlEm4uf5JPCa
zlko%DrIO{gH8@UKzI{dr(f~Qebo%Qu35gSuQW{E@2p1#llmDf^Rb(FD5WP+2C6a_m
z5_ULe`?zuj(dX_)m`r6%xLr4z9$WI62?)UNg(A_JvSI4ZSNtid;FxGKSE`n1_1bAu
z3(sT`7`q+BF1}}Rt<J#0Cg+zDNH3<p6-4@T;-jK=P(eANHl&-8Q){GAD?CO{no?m5
zi{H?a0Ma_4+y`BXO>+RngWcKJcE573D6t2j4<A+AO{nXAPy`-(e2e<Ra~ptokoAZz
zKY3#aAv24dMzu;$7)3RijtxYDbc5t<q3lq)Qc%i@y0GU0$A)jil-f1!%X@@_2~qal
zMUUoCXX7e8%+JeNk<U(Ot<Mc1CX^3NkykCb$3ReLHzhQ59;^(XOh7lpfjm9p+NvWf
zyM)9z0phu2IpmkpxmOP;FKCq=;U%k6kh?YRS(U_`xO)N_&ST^-Dw(v69UaUK{;K8b
zK8tLy6~=&%m;*LAv*QO380h;446^VzlF%6XVg8`sgYVV7|LOC!?>R?T_e(h=T0iy@
zzY;{KR_T>qbxphGJI+eU&&D|6%6%}|fOQwOM8=DyClQ`hw3a3?fS;SpYDAA}p1=(4
z&1h@9%bo{?Fjp-&@MDRuFGXOFf@~*}jkD;wiZp-#j=HZ!o%PFF<?Ft_FwTsU9|uwC
zP^ZTC)!LQc$=zCt=o;XWNcz!KqThg+t_iUN-h2e(0Z#ZJi+a7iMrkuwsJhUK8^dNh
zAjs4lrXCeNz1{c&@{y&2f!-=J?Fb{ca|6XIQ(iaOKLxbS7Xf9Sz*ZdLOK$!}p9Pl~
zi-QKLweSC7>>H!&@Ykgq+qTtc$F|ehwr$(CZKJW(*tVS}jhZyZoA%uIoc~(4Yu)p8
zf7^TQncstXW;ok2boy~tPhPjpEcke)<>mAvXvGb0y3xh=*#;iA0<sd;r6(g%A|f8A
zjY@l9XIJ%P%=z1b`%!?H!0wUXmvJ_mxoHY&;5#(pp(V*wwfX~9H0A9IuRW+8Y<efP
zK%z6v8sT+a8lJ{}$Z^g~oL%Ww^OwfFGKUi?&kJ0OaW62lZ;pX3Sgq3~OUg7?3>3<Q
zQ;kqBwy(G|tzns;<Y7BzVM#Ma9gz*cLhoqCd}2j<ZV{bD7vI5-HX(eh2^65PaO_@#
z;zm>7dY_KA3OOcGa!jlbSZ@BfyUh38)@4PtM*c)}&|{`&zuudpbZn3Dd}u1(-X~=H
zWJAuj2uuyE3mGm!RA=)Hzf{nP?e5CxpfY^g?affVx>Z7HvXhdWSz7vq9u`iF0sqCb
zh>CjIf~3x;PE^t%j=sfAxsTZ<-aKVHcZBkRn@t2=#MK+d>+%K2SQ)qfFMRZeWd5hj
z|Htfs{cp1e_Wy47plWUVK}c^ky7t>^1`HIZ+F-1`HyU~T$VK6Ed6Yjtf+r(0X*h{D
z7kaxJd%VOVT+r6X<2aM|Ad6xUE)O}jzQcP7_OZ2iroeohsG=T?73y8sTnyR+$H(^2
zj1flPz;a$pa+6qZZ@VuL`*|k8JQVUL;W{J;G2D0<L4RZ$5ak1*!d#Mdet!E&Nv3|J
zNGa2mnrcgdD8}sb>zk*d+hrI2ITemvMm)P8b3SR<lXS?kk(WJFw_l`;h58tHO-d&!
zlRP7>5f>`Ap|-lvM-4M;k6KJx;tpR3AeRWc!$=n4Jv`T1t_6z75Hf@yG|jVjV$JDo
zt>COdodC7{JojbNs6|f$$g)!V=DFGv6Rcu6T9r`af!S$v-U~m73Tl>&nbiF9o^AP3
zRNlnpU4S0Kod2g0q`T!00ou?sSw*HIr0_y*mc$cCmVQi*?DMi!d%4O(1(yuf0dO{P
zM-o<OIhyN0X)6dIuk(;90tYaS41f1DwOESM1IT#>>I71vt_UQF5r(?_ZrM2?{5kk)
zKWb}^Eu5^vftt3EOb`LJynL%Ee>Sf^O*p|mNg}LLOVfG=oyL%<-kp+G_FfZhCap4o
zMTbSDkf-}9p;~9F5DC+vR;6D!2|Q?VKfw?Dh^uH04MsI~Z+DG1$3&-=Nm7}~q(n5s
zT`m9~Jf8iyQ>wqtK`$)*&Aat1lPEKlgEw{#D^NV(zAV*&Eq5vo_)8g8K5RlSv!0=x
z1%Z6CbMaR0O#;!R!@1tnJs~u#4XlsM-ehlr6S-`@hK*;v)ThFcugN!o)^~?NvmG$q
zx~6@GZLHyH%UJd{tAJ*36}%?U=jrQYspH1+4XQVx?bbhU-&Q1?miHX2rtr7kBdUB;
z^9Z8FoXEs>ZW`z{katj0U+t=Lh&5Yi0PepPp|rkp_F-obuAfRa^QQP*S>EqKXf?g^
z5yP#+`$PA(SIbV1Zo~Df$Uq^IU>G4dHy%;o3zg#(x}UD7*p_CI??lfR6)337w~Z+6
z#kFo%G+Vh^NFqM5bcE7<NA_VQcc;)-JG3)0wop40p$=bBt24mM8;+5UgJDZLeoI_*
z$w=OGmAbvr0WzFOGu9MliIeD37KDO51<67mp=?_>n>nQ>yzX~4&3i!)KLfEl@X)(A
ziE4qkQqt1z4R_!|6Q-8%E@<8{7kXl|1l9-<m&21VELP|=Bk(NE<~wCnsU~=qaqiiA
z^C7Xgx;2q4g|Kd#W6*)sPRpr{-X^#Lz>*-yg#>~>va$)jA|NCZ@|D1ZlL#h4<h7*f
z09zZV+4h7DS}=%5VD>;7mA9!-$c?Em&9+Z85{+CX_O;qJvUILtb~}@i7f~N)W>8vX
zE{!CxOk$U)F@7D>LzovBWbRMmO3fg+=yRskGQmb&-Sgl^6<*Zz+Zik4K)F#~rr0fC
z9Sp%6Ct)iUz(?8kp&~p9Vp##whuX(h6T(kI<{nvt?jQye86N9FK*f1*(myp!*s=+D
z*?PucDslLW%!%O-RsEqghJTJ!IsS5Z!0^Y>`~RL^C`&uee@ri)Rewagm<1b;*H6+G
z0RW02jSRQFb{_*(h6j@5bAA&Kf8D7u`;Arxyt$c=tQiV>V)xv;>aA`qe+kO8CyNVx
z3vMn~eGN?1+v1XteLFq!Zk{9mvj==ib1B$Yr!F7k8El{o&9rZkpX9x+!V&rg)QA-A
zt`FCOG!To1fN;Tc;UvS4(@_Hy_jg_v5phMc`zeOTd)b*(%sQ<2%f)bEv}D2uRWhw&
zcJ-VXF#E(0jq#75qK+A(DC{Z6*r!<uyr`AfLB^TAvkfyRF05!nuQ(Az*}n&zk4!L!
zcle8Gu=aCPqb0aAX#g;V;}b;k**KfMqS%|Q_8d^C@fQanO@7w!i(d;#k&OtKFj5oI
z<;~oWlO<ttVhW~j^RfjkT4MA;7Dx`RHomzdW9WCsSwJ}^hhl3Q#Sc|NV>w^lf<&?>
zxLsIQu~QdkK*EC5A=(qup+LEbR;CqVOZp;E7dv^VC+kRpJqnx3GxO``7&Fos2MxBT
zjl#}-rrLL(Q}jpBL^A_qaOz=87W^2OG-l+qc#P5Q@$~foc9ddOr6O(Pw;)DRFB>Nm
zOvV@luV(d!^Vx=>(pUW1Q9dD9or!N}f@JdC#5yFd0h58!{?X<|qL?`Q`Nk!G#TBdF
zNI{23X@)pYZ}2$!fv>(8H-coPxAO_&W1Z@nZW)1ab?Y`=Dbju+;lr~PrGfYApv7k=
zqmkO*`K_jPIp@L1^J}FdWQyaXR&Ehg*-tKS)28wAiIPL9&?}Rp5;_l+OvI_M5`~o}
z;tq4Dxq(LRC8AAo-Fu(<PID(~a=hn{Y!7Q`@91$XNb$iI_G$&Su%ZO)6t0-_xaWIf
zPTs<-)&)zR+ziijUWzPdfTwq^s}}*49nO1^@AT87ukC9e%>`NLs8mH!%56rVjG6Hv
zoJ?&#Ur_Y=21sUp?b;T>t)0pGfC=8tP`|a!_hd1IZG7LrP`;zv%cI8k_u73Fm6mBa
zQYK+eVD$iT@z9}GVG7jGp9$rNU*?8y_r*2w?|G}ezfU|sMIe#<@7PL)e}U;Y@Yp#1
zQ%*1f{-PgZ1pHU}p^vGd?K%MV19w+T=wFz}x3{WcSo4G+imLtbL-0^DB{~NkK95Sn
z+z!XqXHQJd>07(5=sOsYF+U3bjF+<MHOAHQ{N<^`VM}kQW)>RQwean?wlH<;f3$^8
zM=^^wx!dfWB7Q#O)NZ**lF(FNh%&kG7(>%^>ZV&E)DLm{CGIA7v&h27iMU*2==o#_
zVcpyu4!lOPU`mBNr+~63Xl@B(*lz+Z;&wB#WNKwg0m@C~AJz-1mJ{Rd=`e~*4rLGO
zWnNG@XC+I+_J|E}rBqR`aU#5fxoETwE<Ho8jgIg)8rHiMP0SH9(<LoPS?Ixn)wEH^
z4eSnGtV)cWVr_u&CGPyN>JzK>#g;v*a1~-ss0BwvWJz<mNs*YUmbR%M;nB>RD62|L
zN-Ej-<|8=8av6&}2Te(7I5fQrdg6|uEW}krNZQD(#p(fmk{ij&ihb2;EN1$JfTEA>
zi-!xE@PHy}DXkDtB<3-z06p1ev>Gb+HzTf^=`*cHB~YQyF2XUcMYmB38aa(Y5jF<?
ze$-WzrE(TCF1ec^3iXs{PV2R&F@;FR9nw#w8N6D1(t&GHeib26)h|x<wFS#f3nLn(
z9`(708iiaHH|-VJ=9Rdb?{}7y4i>R2lH%IQArS>!No(B0KU2ODQ%ZA!O1gn1h$@fK
z&Y6T;|4{mDEMH}(vJJGAyk?e`ze?yLpDqn&DO@bZYUE%+t3-tXlIpZs=GAjl{axc=
zd)7}aOu=G4!e!B{=eF-2;0<jRe9?qUi{YdF;y1xXc!SU!PAh=$J6HwMK%CG!rpgt2
zXYwI=8UFjO-{m?>-s|YED^>5ceLXHFZ&!9EgvRf)TS>5QcH(ORc{Ma;5xOjeF8~u>
zS)VD&%U?_uVeWdOBJ?@(vprmeK4)w1Scg}=hPM#oa{#1Dve%^8Uf}AL!jeu#L3BYh
zY(^0=ywi1h#mr60*Y@gXm}3Zt@#vZVU7G(3AAg|4{2!MR#(xLJ|6^3Z_(z}je?MU=
z<2LI6#LhG7yCu+Q^>~l_qjoApLZB>Res~dt#>VDF4FzHa36O(1FL#M9t5rsg;bn1j
z&>M!eY&`hKPvrS}rycHM<=5Yb0)qjRCmm{-G5Z156~iswS6RKGz|n2_VydqQ;MItE
z?jlrPP-v2$fS?Goa99|@WM8=><-qkVvU<%Q=JS#sx+RD@nPqIcrF-kj9iRHx5uz;%
zMY#?@lAZ?iciNHw9d9E?ELgIaLyBqWZ4-rFU@iBUWH+RHjH3;c{;Hi}DZNrmGYm0S
zvFyx{dPW=rO-gV28^oDkJ!kz{S!YbFQDy`cST=xhaP2<aX99%QP(4{@hG*klLvI-o
zy*#z0^l^v5pzC}m#yzDj8I&0qBHe06HJU=F?;q5=@KBE2XKSX%x%a5iHVW56mIv&@
zR|V;Qfu6ETpP@QAwhC{4%PjiIA-+fqh^!;bY<Bo+%VClI`K*$Aken`manHL_I-Sn`
z9H0FA29=Zojqo8?^=1_3n#K04`JJdx#oQqbsFr?2dXO+b6(D4l=?ZoTC5}VbomCdy
z*dL^MK5rCTI-MxA!%otL8r+jcHkx~7^i5Zths9S~IEl~TTI-cBHictjM<`qnzi8>z
zLg{%v1Uu8iiaL&kR-3u{t)4MkKfj4WP97g7E#FIULZjFDMS5{ymC#f63yav9s<I#k
zbNPF9={9{Ee?d=$2f<^-K+Of?WtiG>SBB4^uPY=*`hcKx)fv1mC~>EEvYJkw!l!ZA
zFbuck3R{MXW|d60pbW7p%=M-)^ZT#55?!LeC7#WxBPBF%+E|lzvf|F=A@|447SCzh
z#9I4z;X0{D;zQ+!$m8HgjNdx7hq_20O&5qyS6ZN6B`vU%Ga-{CV^3G5Wl#vwXqD~D
zCYi^|Nb0!Ql#8<aUMo=1zEHhq7a3Q`q}1=Ei=z-ZVPhk=`eBMFkunY1Ccvp4LZVx;
znWS)X%~_-4IV8<KqhD|0J5_5)re9!w2eI_d%DP%)q;Fv2hw>8fxbUEMN52t-Vx@7r
zwKU6o<6XSFOy_GitBvkC&&`Sd3kLr!d}RmxN2kNc__ybb@xOY`236N>_E{0VmsKY;
zU1!tKoK?59N@1+xH$70m1mtf8Qp_}~r8pCQF!SqX&|ktjhtrIkE4EOg3B?HGPvPdY
zJpf4!^%YgNQQ+)n;t;45_xaZt7`N6y#DwSeLiM`#e}dMhfy=1g=EKw?;dlJPdSx9%
zNfbmAWM;lFg6s8iV?9J0#yZ61M(}E2Hx<x(fT)dgX~R3w>)iVMM!nxL@?fxFX1nTl
z<JX4%fNz?jXgf#H@cqSyGt@o*b8;E3O$+g8iaN4tdctdX?jEsvpm7G#>I&A4i!E)c
z`x<<xdlVOhnXS|0ZQAiIqWZC{(m?%2MZqa|p*K0}RO9tm@{~!hY2i7=$>CRx5f^h6
z!Men}y8^%1n=V(NMUCFgMK6bJWnd+N?R*P1%H8=}F}1MWQKHitRH_$wXrR}9PaMMy
zs5E1LjGddcQO)?1hPr9JDMpT)0Nzt32aNn&IH-dM$ndX7##ptD4JbC5pp4%;YuZrT
zRv^`pVl(^(QNm!UXqaQ~XR|1aYUi<(pvSDp_Hpr-vBoM5or5N=EkS_y+k?w?Q{glW
z-LO>|NYB(H<C%)OxK6MSY$7Mnh>=!#6REqdJd-6_kr24#RWPdcol1(!o<{I+!Z-od
zg%IbbK>=kvZdz1dW`9Dg)<Z=51<iGPMvV^%JJnM3tCe_r)+h&beh<tjG53#zU_Teg
zD(8<}hi%9X?K=wH^#^qZ)jU1{2+N&)dQP8mjl78aeo(LUb##sy1Lhab$F|E<e`5bz
z{+)t+zPa|o>y7ZB_Y^?3HNRib=Y;wAnBB_JgkX=ifir_UaSN7d-n?%qqWz@cRIQ#w
zfEjs?BqN)uZ9=7^fDX7tS?hd^RT$ublkL3`H&#Qrv*rroZb&#t1>HJEsW85&a@kp>
zShjUt&{wePTm1em`%H%qy%hZ}{OtYXSiaA-!bkei6sFq-MJs5~<!Bp)``#NJe@~$t
zYouM3aHvrg0+KxZYULV3{q%6Sz-#ooYYS4D2vtPa%rsz}Muf<SQKge9T>(Q0<16dX
z+5`KdkzN8Fk?IN3Rzn368F?e9AqzEi!U4%s#35acsGw1mNt99@!ig14F2DH_BG+VC
zb>wn%B~)*Fc|#B<ogrotN#-sf_IOSanPFwe4+j4sy5W<qEV%0Z(S0Cn(0fn2iJsVP
zBU-APYuglIDNYymjmC&_Qwdn7`<!%f=)#%PCio%06?sV4fO1dj%okC2wF++4SdAfv
z7NlVGN!}@WFGP%jNl)S~T(Z>uq9YxOfiKqTsd2he+?#Jv*vhf<Q(h`TI+ch>iz=a+
zDkH}P;$)k%%tDtgGtF{kDqtE5c?rfa0^BEU)<-TwEXGYXuK4e?rU>gLiaxq<?Y*CT
z^=D(5GuR?;n%4Bc>Y)w@i`eS5$D3;vk%f~zqKOX4I!Xd~-`lD`>qhYb85?{^v~7$W
zog9qyt^d7vWc))x|LS@H|ERv1e&6x@{`j9I1M`2ik8DzwmR;xn-StjX=Ot7xU#rGx
zP=T`hWA`G5R)j`($uu{0nJkAW*i-d%Hk^53+94pFa>_UEr?)WKZpmEqlA&tdRQb-&
zJv!m_DR7}q6sE`^2JLh_M89Gd=phI0$y{LCKEF-nqXRARnL|-P6-em`lE)p$gh~;8
zlVv7f2rP1f-vK=C%1Q366vt_?Lo6RNL3&~1`q)h&ACG;Xx#RGgO9RChCL+t(#+%dq
zpemP-U1UPElraz+i>wHp!V;wVFFg8mN!6XUi-ChyX_I%058n}1gxnxd>a)Ug^$eVZ
znM)#MKgA`0IBKQSRPtszh^V0xmSL*sR+?~rq?Kt(n9(4FVBUd70~v(QRe~xUBwY0o
z77c!WU)Z`4d~}e;sAv53GLMj&{GmcJUg(LLK?xH-j*-_aU21`b;AVw}MGe%QOXlKW
z2@hSTwo~sB+{#ec!)KyM@mWt;UeMobajCmHA`^&P``ang$Xn1%AD*Soo}Q#tlWkhd
zuARkt^<Sr6Pq`dOTJJ-?>r9IMb>?#`ckcY5cxtM_*DpV@0-Ef{1L|a{!^B`_dwHle
zVgid*v<ji4&7u-AFceti2cX@*p0&|HKk5m(FQ#bKfg4--vj7GKTAXRouwx;N#q~iu
z7#ST2x4`6!MKZ6g#1KD&<I$(t=xi1x3YPFaGh7{4jqxAZ(Lu*#)*eq!^JMkz5Q1n?
z8OfKJSEAxCd;zXo`BozJ^aE=W_G_wr_UF142h*gG(0lrmfc<rWpEUEuW*KxKQN9$}
zHRTuB9pxA9&D3l4Rv}|j3|*&{#{E_9?xSDI@pl_(&wO^d1ghyFQ%rG^VRVedt_WvB
zNTOenjWq+%duT!Q5qIQ%0O8qwq9xEwCVGyeR=<PLWt&Fy2nMOzS2_^@x92XfV?Z&I
z0N}KC?6L|Z0>gRjJ+oR3MI>8QlI*~J4d_g>WP__@EMc@B@T<U9+deX}65G0;BsfaG
z!PwEhwE7FG{vhQ~9sUnvYDVVY&;9=b)$cR9|FaISR@VNQkfVAp*S6YP)@39cd9MJe
z^g1)@@n^Nigz&<8<`q+a$rRxvO<v&FUDMtABH@B6_T9uP0ZyRvV0X9eSZC9JoZIev
zlV^U+y(2=u5D(!;HLDD!C}QhvE+|S^|94PS&Nf3+wrj3oOT;|SBD79fNMmS4)?iXs
z4I>1Dr$NJ`$2g@aYPal{LpS_PDJ_Hq%j3n<WsV?!jPAG5Hp#45nMju@@EkV%d<6Rg
z20k;k@47duKj*EWzK}&r9irQ~rlq*2J19!d=C<y9rtNjzEI)K3b$m1bXlvnO{X`}r
zbMms?nb{2FXM~JCrEb`XqhfH1fx)EbZ|X6ZP#KQRjSze^w-V=7NW@fjdQeJbEZc-T
z=+vm-l5kB!uuGnR#y!P)P?CJqbTnw$MA254l+{Z_Blz?|Hi#F60|n*kPUFC;c)Nii
z;x*$2ju}|V*1=IbZCh5>_R2*Wi-joSVIeJo`tNfmP+(k=#E*cGPakvJ3jmN0e)h)j
z2*wGil~LY3K@G=l{ER>S$#<|jP@!_Oz8ZNeso9AiqA{9led&IqX3}dLH`dXl{xZsK
zHmIlNYs>c0sCY{JyV}ufdP8ek#||CI2<R{(A6I8TjL&(oTLou+*-)Ut>A;S|lK7!n
zDBY*w6%!?!uVfh1w9;kFbA!JM+4(0cdA3$nYWHMK*W~q<Mv&7JSW>=SvMdZYDhHLX
zU1D3;CKYJa%#8h<E@tk$Q0Hk%_tsGsN+#`4B8cc$S=eVaYnese2Z#2NT@s(ypb}gx
z7N4a%Rj4~$izA>R;M|R7Ua4UOyEfBnFLM?PHt!QDr~aZKK95X$0}nG8{|Q4qH?~PM
z-Nj~&%3asQCI4ilN3QGY<tO;ii?8A#!2f&fkWS5s<0XZ*;b4QpH`~<7XKC%eP~4gz
zc{20s;`GH7Z!TYf@DFhavF?W>r>Z19OYv80NqY9@My9T3u#(N4T_cR_(T@A5C@EdZ
z#^!wR(rQJHUrzdRhgnr(xeza~3QqW5IqZxtIBt|>m3-&}*pnaydB%{sUAEC(LtB2<
zRRcdMul;dYnphYto(fsD)F|d6S#&*{TX+s3Bxb{#(|Orbs0Z(*FG+2rA<=ub$v^V2
zfL^kQ-PdI-zt4;MU~1ItCV{~nW!b{0N3!{WKcw*3-_Tx<w-!vEki@_7?6^J{ns<nD
zzun9L_&B$L{Oj#>{s#O1e-g{V@ShVKMwY*o{w)7h>0hn#AK07MWuW}3{)DsBhJ{E-
zyCEz@5Wx#THa1VB3N1>+IvKwkca@Ncsd8IIUar><Bc`A3I^Gc4^#4NHdUX1J({!`%
z3`>0|2T0Z8(8m<m*`tR-4(n$I8qJ<#XgI&&3SEPoc|Wv#AnT{3Dk2T8a%vwzHFz1~
z&Br&gJcjF>^l_ymlh{)jsmWqn?x7=uHG8<5XdB6rmBBbC`&f+q&!ud;^ib}g*Q0xP
zP_dPBW((Ygm77kg^OVzO#PtAz)Dhb6O?^}YAvuw>V%j57xYq<9wbcPNok}|=#K>p(
z=q~?e&}dhJBbYRd-~&kk^_vpH&8qrj%Mvtzywv<<^TjtxIXqS!e%hV!R#N)Pw&US}
z;RLzd0qsqCpN=fB@YUC3<vWAeqFMF>)kK5>++i;)sa$YU*b+eD4rrQBScVKafDEE(
z(@LY<U4W)dCo998387S^hRu$P_^PwVm?xKKP|~%17HwXR0gPk)^FifK+lKW-;XbS*
zm1g<K8Py<b#JAqB775VeK@YNJD9$9vVEb`pi}%l@JKuJKEo~yeztEj6NxE*s&W~ZG
z^Y!2^sfjl4_2P6N3HI|?Hse}=HT$)6kOVWKiNQNXzUpO+z<W)l$TcCzN&2)5@=wBB
zz*ShZNCQPgf-p{5;c9v_17J#r^8vfD)kk>A?Sh2+=1pq56P*SHDwe{lV#w7OS4(7e
zb<?SMKO!g(yt5sRi(BH)y|tZqq9305Z-SBfyCXdFTd!_~Vx!z!pUNk!N&|k&1SUW7
zy{DspseSTE>$+O2eF^EYR9T?a>L$22FQs@_Frxvt4B54%IOix=ZC<yVFJorJf7X5C
z;kv!_egb*9(HVaA_FrQ(u|k!1D35|o=SOGAPdKF1mcQc5$5Znj1ONOBk6WpFFV>*v
z@X6oNf1LeA<h^<9`a2S>)TwFjB*W|~ZG<<qQWvs{LPjkjkzgGKcEnO+Sk3Ya9z4EC
zvD;RJ;4f3fzAw$zAvVm)jnx3_C0wQ+mg$y)6(%#(R}Zm59sU5wmmp*|nJS3QtBrb$
zxHLJBG4sPA(x31Ki74<DE4VanMRNzU-t+UDuDJ7Sw*AiU=yk0DF!_fUzG)ZpBC;!<
z%<6?ZQ}U5EL|g_PLI9gUEYGu|iQu&{8N($;F8YgCX}B8G0KTV<6WBp26nb309J64t
zp_fbj*!j9;&1I&$NBa&|dW?|PjLIoqu2{~m^MR=-gh5`afcK+H`^!qPAP(pGT;Bjt
z2tzLzf{1QCxSTQI;6i_v1HU|+=&50&e8NPU_kGCVD`RtJTnJr=*vEqx5F;U^znFhA
z{^5&1bvodm+`{_*8RwsMI_rORgunQ2Tdav{+9i`;KBy~To#yC}aZdBXB6XA=d1Pxx
zD#&;V4%mA1=k(k8l!NvAB5~}gO$qG8V*R!z-R>vgT6_MMHE$hd*)6J2G|Bt^Z3lCI
zLVbMa0l}nW3UL$a?4s@KJ@%b4Ah)_Aa6QLmWPwpearC&AtAU`t34U(82TeEFTL->e
zIbw4QzX<tUb#!0tf#pv`KEkm}+iqs-)^Z&Dj*Cfu5{2{Zh2F(o9~-$my1PK7DwxTK
zLDwu-?ZD`K%(I!$JM-$*{4d+n``F=7kloe6=Lw1J{qBy9OCN<a1J!!X3&~7R@oEmJ
z!KF2))0uHP<uh2p6puvrmpCj_Jbv97xBxfQCrOoi6Rg}|WGNSaJMJhgOS+B0Jk(mH
zZGCXc?hoa2)Z2y`8k4aSs!T~we4!*h5#l41`0*5|;d#duS$Ap!u13PG!dIsNLu6Tj
zHd7+(ji9eV3!U_fWRHJ9cWBoWo9~5?$REKz0h#Umo9okeE9{aXiD{#t+y~Og;m<wT
zj);e9$MbsNI^qR(1SYunKulqP_c@-l1b>TVOClC(2{B>5(WsSM-o}*B!UrtmDeNy;
zC^`)y=jd~CFqG<p%pocf?UAoP4zh4}VWhsZ+ex4r<DJG047kSH1sxBO!n-;VV{L2B
zEVqv@OrZ&VzIgt2<)Vsf!JI>fwPP`f4VNZTEm%Kw>4AXRb2ao8kJ4+39)Yx2N8U>=
zP$L}urWQ#q+$7w*JH?>?OB8A%jt-zO;#-E~WMp#zauS$6vV&hJ#R}+>)KX`@$FVs`
zxi6%fc0)oTzca)+Hf@U}DK+Nyl}Y$FvxyvU2#4*g3NmY@$z;Zec&u9nHni;G0!j_@
z&wc&SU-J_pRfupagbT?}`U@<+1i~D~yO`msy44)vG$((f-CE4v%II4`6HyLWD#^-6
z!SN@aV?X1A^#FYv{6U|FGrjljT_nG3L|H*Tfk4B#iTRz{WuCDZB03R?2fQ1T6&ISx
zp|ZtdJdT42|GT>ad_Ml^<I4ESrwAVf>*5YbxNBZ&YH*I)bTgJ0xv0Jy%c@inQYfM*
zp*@J^1xgjC6`=rCJEb~ld;O}XW6-e_bqL~h91W~zVe0s^G)aX*-(*^An}BJVOAvzw
zb*BXoGK(Kpcmy=j?Fmi8P%o`lSNnKsHwaZ=5Sm)1=zm%{(m27pq$Xa!Pd!qxofj;x
zhHqN42{7!Qd>i+huRa7W9l%5fBJn>=_ct@rhXSidg)M6}de-pxc3O0a&M_dEo@$b1
zj@1m#aY<IO;|)327(-!1U4UDt^F!22zchz3WHNb=W1_c(^dVfDE?<IN`tl$@e)yP?
zy3eMYRox7R6nN*+GoYOVd0(g{+2Wj0v*1U?WchkEa)&3JzwG1jy+=7`Jcd>ZTBUWK
zDV$$Fnu@*DJq|~aX#3MmW+DbAxAFi!=^JE#Yo|#@&23}b!#LSsC(QPB8y1>AR4^UH
z;#JtF;%*nVZZ(TcoH&e}&`xy4SSmQX9WxH+&Oi^>m;l3e*oe4{v8tq(6d`Y?I7md=
zLO^qQwJ|SI%q|nb@o~NbU-wUa`Afm|hw1*XA|v2GakPwolOi$xcT%Kk<!#xIg@@0y
zuDvZtw1<6$uE<(ZjTJVsR5188;JlC2CNZ9UP)393y8iW$i%Wvan%^*UlXdd(!fSie
z^$u?(D4^Q(ISS@%)A$q2N5;J(9nJJjU(+>CI}zv>CFp2%TXECmQ?^Jngc*T75CO?8
zV*nDC0CNlWG%D~5sE{CD81&gE_(B5oVp3RZ=-G5<yGM86oG)GdY)hph?O(BNYghf|
z;@sdtdC6kdt?GF`?w@|SK`W}O7;7B?G=H*Znle<@D_BwIFkzMMtlWtYv)h5}&CWuC
z3&lPN4G@rJn|fjhQxECkVg`H+ybuWsOm@%pOl?%~cSsfO+xC9q7d(^sy3Gz@CG@sr
z+lYO{R>=;BxKp`uH^oe~swtH(6;vOTXXs$TKtiyogHfj}<1)sl9fW}u9b#7`^*b{M
z7d7oeajp&5EPkY2$?xX6ryn0`c<vO?wHl$xVqZe19ps%J)+bSNZ;2WIWbfUkwx=Fz
zS}_7mtQ>5BHjLC)h;VN%D=yzFj4^bQ>6R*qt=A`c=JZ5u6J^fnCChcBQitcW3}&cN
zq|>1MY689If}ypCHAY4^R<Bdk#j!F4nkA!3mt|Z5TqS*T!FCCz8bQl`m4%_D)YF{)
ze!AqKo!Kg2W_F33%N}!dwC$2`j<W5&heGY4K<_vSxuu6q5iSf`BG$fyX%(?@8%8eB
zvr6YNf||Cly#c}`Tq#*Zh}?c+&PeX`xiTqV8;nYYau+R@r7Mk6+FvHV!Yg?Ychds=
z^dn>QgmUevffaebq>wEHX<5NQ_|e-?!h^F$nYSlHL{5TSDc&4omA8szu6PyaQG;5p
zb8h5>*M6n*+t>RY{`%w|I+Lm)XEFKtBvI|AURJ*+spw~%m?8VAI;cdFu2O-5R&m&f
zrD+0#I!{KUc30mS{PcMeoV&ZlsWxb$C>;{dH!1J)4bGNaytM0>)9F}@sYl-^^Q9!S
zn=P$RTnxE}D9!@Nf^U|9X>EnZwxXx$gw65Oe$PA^YHz7Bomtvek<;@WYxwwP7Ur@G
z@a23dwVaeDcHjfL@zF#Jy(!^uMg@ckG~MUaD=p<VVZHBLcuN>dwy4^CE`LGkzm+xY
zO#j$Qa{NWW%*gRy37F4S*JVCNj32he6F9#|jIJb23X<hPpbDQz@DULryJ9w<kUMb@
zkqNfdb$i33g)_=ztDySMRvS!BOk+YJW}v{dwa;DCEOqI%(_o?l+AG>j*5TDSeYnR#
zmhX7VTG1`X+I`;gX0d_RY5}1HKm`vwC<Fm&mT^?A5BnKG*oX&fyttq}EFZF(@2CMx
z*6%-;8CKAn5bhci`8#H?8>LzE7D$?bYJ|e|Su$^jubo_&viqt&8)KzlY0<i+4VjM^
zX`p-eJE{ajVYXjT$DoXpvHtQ-OJlW{y5$SAIG`RqP{7^Q75FBw;3_vncul84#~3`Z
z>jX{{@tF?P9F{=6`M}P{8?Bc|7eP>n-wvu?I5r1a=hIn!lUy8hSnEOl!7R~NV!?My
z%?+IW<!`X5WKugNW*8<}%G|_eR%rvyPKE1lQ5cTtxGY)?PbH40ULLUX=u|T9=uP;8
z#>q@ns0af%?elq%h|<08pyog=uZ~+Z@v!q`B|tIzapb8oHL?^br3R0&>4vS~*V*`c
z+IS1=Xd{#284JYCO`>yk&4lJ_YQ<ZhN1;({+tiYhl|sww7wx=_S=@P+$kjbfmyN43
zPLT_Fb{S*bk%|X#8_pQuI97>2sa?RM7wtc>s7Df7JHp(TUmy-^^bNc`uTnRPl{(hN
z2&>kd<;!))(g))D)^R}OTxVe@B(Eyyb#L(*qHTdPDJPrf|MV`hQwPG7PX}mGoGF}1
zq7o!yZb2s~hzlzLsqCWDT*3%zwy^|wRIv(!@77nuN!@K!;g+xFvDAo&s8k`kR}jwS
zi^)<gHF(We%2<R1j~j$XLF9B&ShH2XEC^%Y_zM|+fyi(wyQ|_sN{ej5pq+y7o)sew
z5(?eTBXJxW$>ON6Y;y2}LjTuNA#<V&`d8{`$};ubIOM&H-arS9uWzT9!_xut&H^*1
z?Y(s5*Ri&397I8vG2@T(SPZSMepn%A{L3z&JCzQshc`Ib%53jQ(|fuf-{o~}aK76r
zS36ozcyFiWcr|+ym_L`*q7Y;@X|wuxPh>awoC&+mzEmT<5}fPaU&eB-7^aXN*0Y07
zD5b=sz4p~p603*+2Sfz>4w0U^l;~{NcrKIm1>a%7pxN901-gIm`1^rn|A)5^6W}jW
zUnanRCH1ZTh#Z*zh#YuUb+QMtK+#|QDYk=JFZV@R4}@XRKO@k9I$Uj-HG#21anShj
zu+eIG--x>*d2%JO?u$i_jdPFBoU0ua*z(pn(<TQ!ugKR~cree(XcSN)0ERC^BoQ<@
z1LbZNo~8D*ud7+~r*o3czB5pHasUyE_>xTE$A+M1gkmAk=$Je3c$6(v0eP4%*yw`$
z`PKy-sIc#*bSiV;@r2pzm_3h~+#f<-JbW0N;?<H>+bf+;FJDrz#29{DvdDo}(Z)#q
z7H-=y*{08NGd#Ku=ICY70|@Gj9TSS7h@_Dz^(chYh({Rsif$Z?)PZ8Gt8T`SfWo_K
zdgVp}wLR^)N=Bd_O>F2ZipEX!r})ThN?38YHC|OVy%`ry5XB{1-2|}i92ICHYGs{q
zsRdE7nPu+nb$uI7ze56FpPYC20=3l7XnyYk*wMz#{M;-*HT+ne(U{E(tmWL44;9RC
zV5c4BxD$)PtCS<95DPU=U*xPYE_9sqCU7uskgko2S%^g}2{8Y)N0`F0RE54;fB4oR
z^u&PZ>53<L-TP}_-jK6gz(FxQm9@`D`-~)m)#kWhC9S$i|6H8wz24ZeU3Cn({{0-%
z$e&qyoOqsOJUp4*?z7MlyvhZC5;zNrW%o1!Zc|-4t%7eE4z@X>dMd?PXRXw6IM6Rl
zeIigyqR(cVy<g&&+WW<Y_h6Fx9I2r8Nz5G5t?Jl`QIg_iS_8&|D`UeK-I$&~je9F6
zpY|kInm)(bRZBLUlZIlfRwuxXq|z`}J~#PDfVBtPQu@=q3+zf1`>U&41=XD0<}<fs
z4)$O!OsC*bqc$MfS$`*kIUr^{JbN#V5c4*0)jC2(XMyU^o-N(|sP2IUSCLMXCleT=
z)3Z6GJC(cqJ2%n#pM#6&RbH`qNqO%hC1%1Ta@k8Y91z!XqVaOj5o7Dbt=FmLsq`gC
zBBiyhyrzRZDxPUDQBelGCph<2rZC;?#kKf6syIWD`Zj(E)PCJ8Y4vO_&2{al_?~Uj
z6MUbWDj^gkVaA8&dUg?JHxenmq;*l$*F?Z#oDSvm(<N5tX@4cl)B2_n-()U3X3*wv
zwMkC&^vEdwXGE<L-K4bk3q=!*<!Xq1<<!ajXx}w8zh3^EXws}+ueIJi9>EaccCnh?
zf>uU|gCY7l%QAKh-F4{3x{Y3x5H`nfWLC73Ijm2)gh-zI)zYl?t^I2R#-J)hjkl8z
zkg>pc&i|%@f8qN#6>$8+KZuFpF9}FYe*{PW=T2i%Mf3Mg!)N&;QrNmKZGNyFY~>T1
zr5~{Q8M#Ja{s{=Jd^4-M6Xj?1&~B?9uVcCTj}TtK^dMj?#5m$*>YR(<*C$rT-jd2^
z>E)%C79twUaiI2vxu36}N?3gg%|Y`C#PWiYH5=EseZPKWv~9|^honLk3?MdOCTv*5
z<3V1d{LW}o*PPxJ`Pp#DP7`4Tk$`jdc>W9RL2=mkdcq@F?XnvE92F!6g<(4wV3)>a
z9Su9YXywC~*{>x*tEm2MQ?y7#r$`H<9-GdqU%4H4x!Lfi{qe;2*>+x-C;~-v0NaWX
z7XvewUZ0cS$S0lJM}=MlEl1!Sw}+AbQz@<3VE<_KDJkHDWK5dirZUSX63IIB<dA}p
zXym50YW_?5ZZw4GvS0e;h|VyEtaQAY(GAo)%HZWy%=8s&6NmLQhl=vFMD)Vxi?HJz
zj#nm{L^v^_OpM1d6YgPdJ6Qrwc1;k9|8n$^O&6L#Kgk?T|In+!_(&@xPUFnJ@?o0*
z^<OLFv5T{F*h#Er8MrURiB-?y$kYCcQ1N=-q(kFcHuq5xU{*)P#&=(ZL=B1&R5Gpb
zm{kmG2K0ZM<^1)6sN8@aVHw|4#$p%zV!?`2Zuiq6iTxv=Fgh-t#mG^<*f=q~N|p#6
zQ+4x71EKA;KIuDsKit)GrR%aUZ1ZCyoDiC%euhy7t0WN}c%hr}vEZytH{ha9AcHQp
zV=AuaGRg!*!$8pxYz|G8dr@!^qr?+hJC?kHS;YKRWc~#5K(dBmlihh{Vfysk!7#Ov
z__DtMm{#fvMj*VF3oGw2A%T?IUjOZvllAMcNYe}mDU^+-=IJY2LoUA!^JGR5CZr--
z*CYls7_gQ390(q^AS8kRrE0+wwb;wjAcAl*ewlaYo*Kr3H0A1{KO91GqVvX$&=H4x
z?ZNJ&B=5k6`QurX2c)6gyWH$EoMF39-ej6mdxz|i8yE3+k>pu@%8Ad{)HyK=kt36P
zNY8RdPvO`<k<ulPi*>G3Sdh&@E6U?owedKq@t8*NJrWiJ`wuT)L<y7i!8vKdPYvLS
zs?0XCSBAHos`>3*OlB`bQt>3ob1M{n!p3r@7YI0TqqxiK`<Y#BH}u14qeJY70yT8a
zDBZx{h|&#Ca0HU)U@+Jsv_w`aYa!!zDud}J85peWfsat8{fJm|D4zExNIa7WLe7*#
zZr7l;=!-S&+-iMDFc!mnPvY=7Bkb;V_s7XaX*{ndTmgA?0+OvHX8Cr1r#;8YQgPT`
z)*7#k(tbSC-Ouaqs7n*$3HnxRi*C3N;)0ib>D>?=OaGoPdrrvnzDCdCGf`3^rP`@A
zTGIZ>KSRErr{5KOTCGMd>I!xk#m>kpD-k#Ny0rRpXUiMtM{{KT7y9|Pi18y}?LVzP
z6XRdx`AmPrR{tmeoU45KeFoWmrV8t@3aVXKu=RNcxF%5qW29tC!yLX3-z>a-^<+2h
zwq5gJ*j0QqU=Ny#73LOoECkfSg#Bic4c7-aR_<zosWWou@tW1Y+JQ1n%qE*Mg6Q@t
zH-w5*J|*Bl<`C1o<83s52^hAvz+cy~F+o6-afG_GMT)5JBh>s<Xp8-We%^lDkSfLs
zzOA|Ycs2!57R^S&94lXRI(t~gezf~ZADQM1WIijljCkXNr>_QJ)T`fXPAt?e-HATS
z18Cb_KD+fB)q!l^Fzy%PkdqdugWDj+v-dvS%xO#!+`UkEJtHY)2c3mjb7-Y@E}A8O
zDLjK94d>Y&3QeeW?^xt2ycwU?17=C|y=rDYEi6#i<=^SR$=}Ucgn$=WwjkG-wGp_q
zOB~D$9#2AEPf5M9@^*}FE>XL)@7#S_8I8r1jjUlYBM8K}mvVGlw4l3JpoAZ<IXJ}<
zfHB?bHp=+by}?AaQgUQt4dUnen4Af03!_9UU~Z2443OT~PeUT4tw-FOq0o<8ogl&q
z_z?L$h_VtU!{U^PUXt^#Er9Er8EqhS{0z$WZ$qx<U>p^QY6IHr3kl?I^vhxpyu4W?
z!*#_Y=E!rrvB}O&^b{Yt<hbgAj>(fppjt!AuoQ`t?2zxMoT-v)<*5DAi!iIAC8<<y
zv<#b72fwG$pUhab-z0q*%&A_tcCgMA(1cwKbPc{Eh>XJLEy!4gk;wk?jXZ=WNh<Pi
ze&zFzM8>3auAla0Z2d2e(T<R?2A-qIuRoX;&M;Z0jSf>Py_XGs%D7Y=9ranzrI2q6
zrT8};hVxY%i>WSe&f1kvM}TQhDj~xoyz!h&WbrX!OsKT@FNS_XR1PEZN39>8h?aWl
z^WJ09c;eoFHrEQz=+}6e>><8+^u2=`wv{^X{(QArddd5XH+%7R<#pfuJ{Q**!<2UW
zKBT-3^{r!;S`pApl4hfH^M!lf1R-!T@aPozFfF98%yPb{(Wn~RV|c@#)lm*h+_To~
z$Jzxb8$HPiRuKeS5ZrB^4BbZ@($!BtF}kEqWH+L8XT<3}3N1vlop?lg4ScBj11G*b
zf7#r*1Z2st<5JOENb7!O$LVOxKd|qYyT~eCH}ktdg@YCkU^1#%T)@e{fVCM74s($E
zsA0`0T-w~;SKlDCTE^e}1>64?N3yeX{9BsD#Pm04GyPts{-4nP=rU~AKe~($Xn#b0
z;4~C;H}PX!apG7-7CEDU@t|@5J`z8u!$1Ds60={P$GH|lNvJJ4wv;3Z1BnTadAieQ
z;XVd=))#l_=u0;@h$+b;eH#|$k3OGrqTk~&1WtyLC~atIm^yrX4Sx>_#58(!e^(ZX
zm<hp)go=>Y^iELDgj7|fS2T~y1xdp3(nK6hIXSr#z4vABKiJML2RtlU%tAjdoP|FO
z3jL6WEm^<+79wpr!8?*QNg2aqSms0oi>IU4|B&T2{H*Q&VNe)uk1?@pg_jHJjEfHy
z))4DL$ihYFzbr)hiT+DI*gS5`Ve<spIPBZNAQm0|+<?6V<_e{Y%2{01LqD3_RfWM9
zc<y5`dX_L~R<!AzCwOK$x6}!NFNlYN6$Wm4kQPT$rVo1U&)(P5nd9?@T5~podPGWf
z#u5D{T}m|jMNlT3{fVrEi%0EyY&aXd!`f)nm4YYGYEbkrDC-RKuv3#!lCD4meJ*5I
zal+|GnNg~=N#Xe|X1z6Am{{-<rU|NYlA8fV^$Su-n7w#LkV1A|6ej&#ZJIZHSKovD
z#-g%>1D(dki*?e&UA7k?a7JUb3_7l-Bx_#XsDClYrzx%;`6FGFimqkym=J>#q$B^}
zJWlLH2f_<}(juowG#e1>lrj!!u53g;MBaM$ZK9lu0Hz@&vfmHELq}(GQ@Z0wbIECe
z@K{_O7>J}QB*)SXL*_WhW|dxA=&=+izr;!!jqxlz#*j%lfXwMUYFQ&)4@X{2;Coza
zYl1LL8nnhRXp<LRXO$KMrES}i`~{?@q8CO<J+FY5U(BTEPS>(X*X6pqxAZX%t!euV
zi!_(9lI7}2S0ID(FpwN%f}O$p@s*aY1M?=z<WaQv8HoJ8ZUXPzk6vwcJ$YTS3Xa68
zdeKW4a!TLx@Jh|{>3%u~Uk^8Ni%1#|&*yF{-N1arSX*+Wyau)lOp}{v(>2tj??t`8
z<FCzFh{3xtI2m|eGhKm&GmxyQVn_X<f|?2Z`8vFR^-u)3cAK=<R&lBUiDFO0dYB~k
zvmf0UO3<!1P*E(spSP4jhL6x$6|G4$gO3K(aB6h&K(n&(L*de0GU{QNPN3+09*XHv
zVDPfxrbHtF>v_adzx8UhX2Z;i(XwUv*J@(%`SQ_N$VNgE=7Y5~pvaL;e3E`}!`h{K
zX8cvKZOe%xp<O<P2b~{yDL+uLYPp@$S36G3Xg$<o2m@OAnyFa}f0@|bQ~28Ol89By
z_wb=&amC6?pY@%X(&&!D9g!@nO^o8t!$gzilvf1^*WH3dX<Z(Zr-kV_V?8cCflu)v
zll_HH{*c7KmZkqNSz-E{{)&nDztUe7E3bdVOCWk5tNzf;E)PQPWU{SLn06Y<k+&*w
zKREy*7l5LrXZ*x@Eyc?VgV;zV5^)xi1Rgk^v&rN6wG$#&?rQREsQ#BvhlGA5H}p}m
zCVdP_nAeNxAA=RbHdW7~#?7AlGLcVgNwhCIgp%+aqxofBNa=zRJ<O!ceg(hicBHRk
z#i&LZa|P`WwKueCh+@oMjxa7`zj<Cpo7LL$n~VPTS4kkm&YsBqWpQKQ<RAURS@#ZZ
z<HDWF;^Q{?$;Rg@W7Gk{|Ks-?GEPcJJK~_}Pa`Ed(p5rlbKAISVF%|}=n}4^FTm4i
zJ(8@W4W-_){xwAiN+f~8_f>uG(Y{~9pax@UmrBtOZN|u*f*Cd&c|AszkaMy{Yfo*p
zw}bWsPb`fi(Ga~F#2U}cP+&A`OLdt(92hyc?U0oi3JN4~`<*s5H;$CEmvltr8fXhj
z`3^yg_gjcE8oBuyV7A9=Z+=mKSXPs#cnW9hr%a$6fYK<QYURTwk#C8J_@Zqfq8Ys@
zLk^?29lC~Z16}Se+oT|{dqIo(#L`V~vbXQu!MzQjxWv;w$J^jj1nl*a=*+b6KPxs)
zTtD4ZvCH`>)ig%(pe&wP99iIQPDH>K7WGczgfGTJgV(!(!q<)vu2eI96;<(})^6NH
zHZA%*bm_naU-VYLglvX8$Al;|L4^#SFN`nl5>pKF32ar!JXIAcPJ-s)%NPFr)g~D|
zW#cy`ri1043##kz*=;*7L7Z@&V}h8)L>&r|4rXbf=AH4W+#L?tSG5yv_hvj*ORNca
zXIB&cUzi@%tjLSe_EAwicTU?HVGO6ZSi}vd5Ow!M3kNL={gUfd$225ruAuP@Cm{iG
zm}~Zpi-g)YOf7Zj>jG=M7k+nKB>>RQ!lMBXpKl2O%GTX`5LFLB-k4<|j?aiTW1dD>
zV*-*WkX%M?Mo^B7UFy+I>_V+)#3Xi`Y|`(mMM^MRN~h<eG5YKM_Xw}_(V&bY$Ck%9
z<FVM$^NYEc8ynCQRM_3!&^MG_<v76$E`=DsJRh*6uQU0IdrT&42-?ByXk>-p%LIdJ
z4C)o+#8uur1Ed~24J(qsa!a~zx1PcCei%*v1+9M&_-Dq*{Ex!^Z>lM#|4ubktg`*v
zPQYjRV~1zXkU4L=?(Mh<N;y+wUXYI&!t)`TvQLx{EBXPtGJcnODK43U%Ox}?$!aBk
z;Oa_n*}c#6K>BHWW7D?#+NV3cPs1H3twY^YB0=!SzAOH;ehSUe450S*x4p?03=Oao
z-y`^zX;{4<m^#0T2Rw%#mX8S%l;8;K7LHry>vu4q^y$}6^|D);nU!dy_HmtES9DC5
zmB%wWhJ=tuq)_@P;G|L6@z+fnI=-4Z{mvv!6UJ~YnkhF4$4ZV=LnwUn<h6viuff;$
z*wf<3H0Xe6<OEU7-v%c*8g@_we4YL8Ux04D<1K$JbRLh(x9&$p$%te*frj{@MN5=g
zaB$YFkFuhwP*+OBj(`iTYBzkF!vLfJc%XQ|D5E5VhU5>)>jIH;P{Fuzf5e&5kRbgU
zxJz8S9-xkZTSU|6OZmkx%P`6;U%3hpbN#JVlXq=&yWX<#x(+w5%<mBTPD@#8mHqSQ
zCHQo79J<yyIOI0NJm$qEL>2(b&eH&qadt07#~V9rKtq4ngaY3WD0OTQJ4-v=Z@)Nv
z5pR=>Z?C_y;T3~Xn`_?B6kGj>iU+}4)`AmQG=t$7z}jE%*0u&UmwdsT8=;V>|Jvp`
z?vR<rke=9EH0r7%f+<ES6`R+g_eFi#!Pd;MU=wfv)BiP|Ixkv!(i{LYdHUVIs{lc>
zX}#LYZj_7ZdNgJCupiYD)U{-_&OnbE(4QKxwYWb!6Xmm0LGUJnEpLE)3tG7_gq4^i
ze2rj-@jxZ9Pa-vk@s?Vx59=DXM8`s-+a)T65XAm1#Dhm20;dFZ(7=FYT@OFAg832F
zHPnC^E!1~93=F+kIeD@KO>_+Ksx7EX8AtM^8Tv;z$rDQ8ChJaQ4R2&Ovud^mNBE1g
zCMHO0sV3FJ&i#&QY*16RzAPI0F^@^23o_GORG_$Bbyg3`iaqCvKxiX(&0&L=^iGZQ
zl18Qq9?|+!UFoF0b2qopx7Dlc{;AVLo4g9$j#|0Q>M3XF%RR>KRy~;8a2~xv0qE0@
z`2pQ}yR1+8u{DT@<z|W8Y{`n@wSa_sv^8+*3vm-sw8h!{Xo(AZgn6YOBz+OMNZsjI
z>sv0Sx@r&t?2w8OL5lRum9KDvcII2+i;)@85Y(!bGE`Z(2A6Z}7{7Wf)JlV({TZ~W
z+b~wD<YcB!TF?ULso9y(bI>fP4H1D<h>HM$95ipXKM1M$q;=g1RNi<_FJGCQ!U5d1
zlrFOOFG8%jSIIm!)`gLR>;5^3IHuPqD3;o*-#14dv=}+bTi>SC12r}4hg|G`oNAdZ
zB{2{0hfuBvr81hf^p(W(G<ELy)#K)}*VM#tl4Cr?V6Zy3UMRXmLXA8>;S~W_<6EwN
z7zv*z_0AW5^Q5v2ndNmfVjr2c!)G7wg=s%(rPpyA4H$5FjaW*y8U#%n62j(?^l(x|
zRlA3-4>|J9rh<8RT^pI?ek#0-*8PZQT|Z>~i-W+w*y&H%!SIiKRwmZJ^)amfT_2+?
zt@xov`0XG7mxjEU8$L-3%I@R`6^;d;jUUt{p@d5{!U)TxwUg><Owsqa!>`GKW$Kc<
zRpXM&8oR@Yp!H0%y}I$pd)n9N#Qilkhf{tbc&6AEcW5Ru0h5^%Ww^ldy>NdK_N$k%
zBfE4snST&joJ>~8Y9PM12hfd|`0*4GZgCIZw4wbEk2oF9(85R{;d~4{Joe*q$N$IJ
zJ4T6_2Ho0i+eX^9ZQD#+Y1_7KJ8j#Ywr$%+()v1i&zYI^omuOhzt8{LPu*3!uD!=>
z`4w{8jUmGG*oo&bL?-qT>psNgjS!}hkx~gX5<N96Y`6tcvdK?P+mz{Ahpm>wxeqU*
z<I@_AP;1S9BzK2e4~^@Km|U7e->k={*I9M81a3i)9h52M{S{$X&-kJ8K|0au&R2~j
zdpf2aQ*t}kjTR*oDNq@D9?c!bBsf-sKpF&%!$=Z~*2o<9#~iI0vIG&`iL3Kgy1WY5
zJc#A$7a_3Nc$fTeK^|xh(8Ptz-8APuxsK8rkSfGci(2{g4zm4C9$TG+Z$(EP&&#@M
z`pQGy+xex;)(Zv|q=zeYS1rJ2mq!kSBIe{&H-Q7tkuwcJx5gx*$`nWrmGQAo8VD<o
zZ<W{Uv}d2WMHP!8Di|20INxw9_vbX0DrVwnyrH2TsHJ#CdVr3|Wt804SmFG(TG4|+
z^lii2Zg6bA66d2ZRy)Z|RA6t_D2>VBp2caJFWNB{LDtAO4DBu`N+y>y$fps;ez~N`
zjnz;%NS%uzN!n1WaxlpuH*j(DuzbhUs!^M7I_9Mauz=G!7JwO1v;1b~b@sYfZ{og@
z;8DL?`R3XAzLeSI9@|BI+KU9@IQ9@spHZ4ZUSeWGxHCK3m)Ua!oX>-9p9!%d9TYPd
zQ%+4})j-yJ8s4wv1CZkQeaGVakGrDXYU?42%r8+ESe3IK&87q4h?`X}6q$Lwk+-fk
zQ_#<O;yGvJ&2^TfZ(!8x!82hhMG|MGE#%YhWDV0Zv?l?|Q}Kt%8-{TTeSK})z`Eng
zBr$-n*Zx)wZk8?Mt&>vXEK_)o6gx-L$zR}nDi7D9?!X%>wh;fNS@=^oziW(*^&g{x
zzd}R*VS{91`)?@*e?vN8QwjU*cdHE{F64s+%{ET_c5+uGscVXq<F)!K-wrBX5i?^M
zfth}cu-83x>Rfc`Z1~HOKVP0+xm|R&h3Z>zLtV~(qk|zz{rN0q0{KHf-S=>F)M4@B
zMJuKWW_s%uOV@NbUQkkTSXFmOnsCsDn}pf7;xW5F;=Ek!GlnQf@Nv__+pf*mR<s{|
zsv}|iW#7rtXU}&wFc9zuB1vzB1LHgO;n>+vq-0Hvq;e=)Hg0sPI3}t@9PDhStQ3T2
z?^A=!@jo#{Bh17zC{H=4zz!hSvXGD^(#lbX*S4e%MJ!V^9s0>UoSyU~cKhHLcwEY!
zp>6wvEf|xVJsq=|s9HTsYQcO4jPCOG5N(sm*U2Zl**m8Jb+#*(tdd%~k@6>mr;V{e
zv1ep}se91YEpI_B@#n?6dMZx_mQwImazRyVu2qdSII<0@?l2H~dHa$T*c&8op$R`t
zl&s>Ons&g1*1!oC)EV2uWwztbxZ)htHn<cBtZAEz+FT}m=m4_bpV+m%L)5b&48TlT
zwC+?XbjmWlFV#t=wMOo2ioXwyK!50M@p?=htR@?ZJA&NKBx`@@raxnNycosqD;m}w
zWCI|vi=A*5P>pmO^0i7|_zP~(V4Z`7Db|liFG$Z73{!=57Az{h_Ne5%AW~ktB&GMX
z_7n?{<S=Q_m)|=NxhmdZWkuUM2Cm)RFcTj$#+j2&ScqeAd&=9As!1+o*~*g#4D7ku
zzC9Sh%%&EqgRnK45Pz8)o{09r4fGbyU%?{-951nI;I1=g+Yer0U4d-Gw$~WR0r98b
zMge5g;#cs?5Lb72a#3Im3$|K;2j{8FUguE%s#ofvDQ!}9+7@R`+AJl;^0mi{!j=Hu
zq~p%|mjNu^6V@t+btJYNHVG`a{!TWgne)ZO>SLAiWSNDOdl{egV-HU-B@OZ{KtJ#d
zbCQSRwT`@qM@=rTj_or4;P)b<CY>XX-ovu*P_gU`)~?v8+XG|S5CgE<hn4|&^c2NG
z)$-#QI|9Pi=;q?DkD-0sbm}T)qFo@F(-mJlObHLc+eOg_N7z2V#CUU3qPZZuVcOpJ
z-#`e@w1WPnO8=DJpO&8KZ)718`)_m4@2~%?(m!6k|8<~up)6%HPmj>`2?CB%ts$M{
zO5&%Kii_1;c2;ud$65a|5^QoY@2pArFl2aC8*@o3Kk6rxB~zCs-SzV@<3>9mihlX<
z`08Zc-3v{SkOt-uA?V-*(6xz|h|YgHh6rJPlxA<EtGmfI0^p4%tG`{i;0Hp%=bG>|
zmLc#LdK&~+?06;5vRs!IMge&p1M$$}=1K^|Gv4FVS9P&4CkrRDn7_kD&ipH?Zg%!}
zZGn(`QRUn~=hBOfb&G|QGAlW=5#lC$YA=>;aoh-R?Qr^s9~8DvUlT0(oAe!aXjn}n
zCcMad0KyvEe_Qi@2U^9{nm=&nrWBCjK^J;Ba1;nXQZ`NvC8An1d9v0iP)G>ul;%5(
zq6i-6#M}MO2w@UWT3@*D89o-63_2{q>NR_e6_Lv;`1ZQh<(JFm%z<ghSkP9!29xxj
zVV|5LLew@%&P6okFj^OnN`ED2mN;=cLt7DSRtAId8A|Fm@1$a3o#H|>E5azCGoGo2
z+Rc)h$l_22JZnjawH{lRhZLGikkNK1*v+%7oNtvLCn2V2R}bYI^)pk4!F$XZVvg1H
ztP!GiZSD;e&y&G2rEAkhe(5#kfT2uT$L6L(<!r~rO``l9b$wE@Q$lXC1k&?Yre*a&
zOyX%z^cAoistS@-_!EFvZVgK*t)isGigKHD-N7SS7QsYO_3Mu7aq*32gbb=e6f<fC
zM*<b)Bj7!m@Dqx8;pC8~Y|u7PW%Q`nl)(~wTttDhtUEdXXPnFIR<te`zh86kcP-Dd
zm5h7dE*tO@dOooTEXRO(h%QH+eQt<lYv6h^REo4sI0A^V=Z>}j|2pp}%jntQkve){
zK(3kNI%Q2)5opS$djM{ySR1MjAI>3{3e=x2RWGKpQ<<8w-jN+m3qytJH^H4iWxmR0
zS;@0&iJ_l(e{uK5sD-7ll_P~~D-5HOMLD-F&6R&CpTGR8Y)t=n5wrixO)k?P7v29_
zK1HABgL9IfhPmogHvZU7T_0@7!fAiyFu~j|^gJp&)<<I2<+J&A^ROQ=ri=K5c1n_c
zZIyEqmn&&Z4wJe86YR@}CtK#mZ+8rVMRn|{B^sJt_`ardHv1w7zwAI@HKE5Uth>9L
zTtCZ)s&ZRJkeuNMb+D1X(=d+UFG!t1Tye@X25yNi&CGi8Iu2r+$|3x%Ous9;j}f9X
zCj+k<&IUucZEk}uVEvx7J*SZK==ziMIY+Si;zcLT6x+tW26dG0(;_r3=(^#g6TP1W
z^n?9I@bHd3IP9#xr|31ILPVC8%2U>6DMVzW2bI#;mv(Z3cF0&?kITxW;gDvuXmY{=
zPu}0;bjh8G2lP@n!7WdpMx{0}Re+F%w$`sP-zN|VFe+9<$M4h`X_D4Q=UgOMQAu_A
z{MOYm4`@n18@rj<om$V@D4w&C*0~4B20lUIJv~&dO&pb2MC1mm3Ot-l>)pM|p`#v<
za#w&FvF1m3UGOJ=4iRdBfpyEbSZ9uD`k`eBMj<|2wNZ+fgsBw$Vn`%l>09Cnm^E}(
zzm=~1Cw=3ZizPx8L}Vk!z%IZGb*Wt1j8n!c!0>*e^cS;b3)gcm6xQG$JP8m4p}(t3
z6(9Qc$-bXy`|XhJHZEBE%^vx<g0&VZNEXzfiWl>#kEz+mOrI`DuRbga<F_En6st7m
z3s=zua7g9UMMkBHvve4A10A>teZhH-#!&0K68JI)zsCw1c-uDDUnWmDw_o;9=g-yV
zIYm$KpfR7`Ma31y^LfmgLYy1MdDaZ$u;1d{UY{7Z1`4rWL-sW$7A^HjS&eDxz!$uy
zy14T3_hm<=&&o8V=Ez+6ui0p}g<*ZO038qc#JnQNo2~hI*D}D@qD;&-LJZn6y-CH@
zSxQ$CNC2&Wy_5_cH{V}B^GpO0gVg2OW$x1%(DjV@R3o`Q@nXiFR;WAbvJGjkqx{gk
zGI7YWZFyAfZ#1=MvJR3DW2Pgn!y5)+oD3{g$zoVE*4V;&bE@F^a7f{zKf+0MkhAL#
zIecGViFTQrImUi8@BrMZzl3P!At_$+I-s3&nPT>t{2qs4Sc3n7eFv{)+9`Lo$F+R`
z4PibTleY9FD~z#v=@v5=>~n?PcAOoXX2#e?iWTS0_2c-1X|7J;+1U01eo?N<Aq)Ip
z%K9(ID?9t&K3Jx|;x+&AS7fIDPp9@5s%z16;=g^ciLQVRdxKBVNaBR!l0*#keyKZv
zH`BFTVZF{FmybrKEco3E)?_!tqN{$0a^J}8XH%3^j+9kixY&Pyifz3yRac_p8>mZ+
zfqF$Gp#~#@z<DPS__0ePBaCZmx;wFbY}j*w9OJve+A#hfknb2l`)`nM*qMN;*3`D!
z<AS|TJaIJi3fI|62ww>TnDz7Pcc*NPE1G~u1mLQS-}iy`Vdxk{{ogp#ywb<@NLzL}
zs`a|`-CC&~$|N^o&~+8#s(T$Wm0!%j86Y>9LD%3V_6=V(W(dF57jFa6LM@X2(BCD2
zlkIsr7x}&&tV$D*$rhe0vr@rdiK#7JMar5~r_EB~OLjLFVTcw9t|o2O`W&3i>^NY-
z>}#FErp&-@gMy5$APJ_VOaBvu7ar3imDoEo-&}c+tTql*<(g+}&ibto%J1lNgl^zX
zh#TX5d<?nPA2xjB%$%)8+7r<n%*S^6yas=DA_Df^Ur}(QR<UPSHGy+-TZRlyz~b?6
zd|j)ol+{s2L;@YPo@%jTzHLiyjF%$UGFf|G$2zmud7=mrIV%pr-6ED1G!>U0G$3l5
z97#!e-C4;>iJlPk=$JL>n7cT0GF0e3bX7>dMnwRijs<M(&2KE`4yNjT)b}lmY5jsj
zJ(62ZTH^NZ)=)%LR@gw=x>AY%3le)bL1%=Xf-O99|8wHRHf%}$am$rbukx%Nt<muC
z+kre2g@TnH&!?wxUXIASS@Y)d$fzt0Pa>oX;y_+07kabIdJD_SD#}D!D25nT7cNux
zayXTZ@i4|D(qtSM9|!{Q3=~NmpRs8wh41`p$CJ1VQCGiu$xClr`_}#(0ngz@-{rSZ
zgxk``7<+>D4f+lCSK+0fcB<I@S8claYMtH(U~k)dnaGBi_pye%Fp_&c7n2a8w#OVV
zUwRH#Y0axNdqEgb-6%g4lr(FAV~r%y_xYr+;{>tPWRY+2C4JO}3bf~~ibiDyf&q|Z
z?lTTB#dVpsr7RCg@UFZnKvmWojs+mx^RkbyHz>`Vz?6aFQzPv2rf^kntfnS<(q$2d
zO1SmRQ-i6_*IXTkk>GJQTF3PRcuxuh=mdB``WqM{95xMz*_CcgoO)K1U1h)HL))Lu
z`T{7sZYPUs+(PY5ujsYyj(xmr)~3HXxo}!hda-@HxZm^yeao_l*|<0GblDtXDOyNx
ze*P6eB12_A71KJ~NCX9$mix1rL5*+9@rHCHWdnND<Lv8;Jy7lcs}KKE^uPOK4i@&m
z*5J(lmb1(J-*R?4KlS1F*6KGo2+46Gw5bZZ!MDC06zWG<y($)p0RC@>i)6l#;tIyF
z)a?PLWHPl!Qf>xol4l-!e?L?IPTuD4`{764*OH>Ud)B}xXYyq&E1WI(9)}xjH^e}1
z9KTN-hx*mvCyoOa2<LqkDVrn|Nl4m2-2OM{dzUN|ku#{!5wAaCpYGFaD?%Hz-+K4_
zxI}f$bIRwozfL?!RU+as43a4NBS#QJp7CK-B6w-R^QXz@{cyZ!ah>l%bjcTV3MN5S
zp&?ME6SU$gY^`WyI%3`^!_;w4q;dLp;<MNsiDJeUlVE|mtsALx$)?v1Z2R5_7~w&x
z0Azbuuq;OAoTJ>5n#256fNI6Go5+Sz@b~s;pFsx&+#Y)klv}tVy~k+sD-8t)FTjdX
zU#3Wj!$mCzdT}Y2$Vc1egXQW91@cTlowCFnJxExRU3#Jgyh5PXdUL}85_cI>Vwm+4
z0uXf4=ND3qJ|H6UZ4sTS);7ys_N$<QGZlZtfYRCgLDyQp+yb}WF&qLg3EI|0%YHxf
zjvt}J<Rq&~nsy}1Ub18xAIRU$h01Ur)*eX4^&=*@il1w>=RvDtdKR?CKb~(sU2vk!
zubtB^qsb|p4S5!KbIC{*m3tJuHnCXpAJ+c5QnC7|bcbs6Q;gJV8+3a_UJbR2k1;0<
zl>^0s?xL*s&XS2RV{e1j(c##IRxP6%qhh77yRMVvQ7g_C^2~BNedkSAefTgxH>?*F
zETUYO5ehGB(|0{@7y;i24~A3P$Xyv(){kwNz7?N@vMAG=q(PY=9LN$hv{rxpS`yS|
zC<5H5PcOW5HlhdW!QgXkzBA(+$ZV0gP6T*Ux-fRdgR|}nvI$9Qez2W>rW}R~rA73V
zH7fUuy2*ZP<j2fghi;|lA{KJ%Ch#}U+Gs_MWG7=eOy2y*J~Q!eMd!!fM_R3mjBFGA
zCEBI4pN}@>qzIYHbl`Fx6gZ>}h|WfA(z1HwJROQRmaHzHnYgYK@h!^+TFa`E(l7t#
zAq9VOHkFw}`f+<1$Lr5C%hy9Q7C8U-bGlC_bj<jo^rx*-kwrI?nT=LWA7>YZ<lPOp
zoxinYdD(@L6{gdpKoRVCVC+ZYw1$G?6+?Z?%DO3bVb*i0P4_EIeKDM^%K*(FDpgZm
z6)nI+JnDX-k?LTVV5ziFzWT2xafRNsq74OwS5q?F>P$NSiq52eEB*i5+jB57{9XEg
zp~U{#8vMr$-QNzF|49X@gtVxAMG%=`8?y5Qaw=D+wui7+kE8mg<!$UjAreIQNOv_(
zOA?1>)pIiH&u{<p@FK&F=^ZTlEI=&hl8q|s>!m@9S~UE9+><QIgx=|n3vZSX4v9nT
zx&~Ln8u!QHGZ<i7PDLR6?=-I#$ii<!UtT`byl~pQ0nAT20-jE`qOaQTT91T&wclM{
zE`19v_P&27J0f-B<v_cj0rd2_6b1ajv;|wtD(<86m4^2#jUM4=G?5eFSg@%94P&v0
z&I8*fW11Dgbw?n(Y;i62PYIv|dV5pCY`zKDTbdU*7i#pzwjbr?P=^Ug(>2B-V+sYL
z_5)NjWggSma4K3=ErIT^vmL-O?XW4Ytx(B;rs6&4z<K=pf%RzIA(eVy6F-8sc!4%)
zZpq}W=H?amq8GARb3<|Gj~sV)RS?>4#-ZUDsBI8X8^S*jyc7seIUE9sl--TFZ}F`l
z*;GiMqKaEi0Jt(M9@Fu&l{A&x)35zg#6<`x=L!^-oD}A{JfkfzMYJO<;RAYpl%TIz
z`>%B;Q&hMcRJLr|=?duBx!&jas&IfPFxyAs4Ui~y)S|$X^%eAsRWVXv=}3{cDxPNx
zxga3B+~a8Im<Qi7z=E1eVt?7Q*oOT05z@(}PFa%Rcp_w6SXrD@YA<<sC&^%5S0U#o
z%kK3Gt8@rk&gw_#K5~E1%H6`v{`GyhQ%@Q4)&YP}n$REf2YtwXqlZ`@pWNm%N7ql=
zp#@eS{vl8PuR9L}BTE(fR0<F@Ep;&X?`q=?ozl-z8DZ1vGiVga%m<3r491BQPUTu7
zBW9^h<@p#%@G0cj8EkV~D2r&D%SwyRf;JUu=|XhOvhvyiRXbm4&y)bS4HodmO78IK
zN8|!I%WYbf3l)zVfX@LAG<FDQWAmhtjI<Gw4~Q<yu>xuhAdE_t8-p{eMHar_LP57J
z<M+j=V_J^Npa+(gbdZ>T^Clx+<^Ns~6D_0BMrZ8H=(ZY+AOd*LDvM*y|Io#-aRRYf
zbB<pXvP-36>K|vVv)N+Rn`Iu>#wn?PJ97n0{Hix;T+zoGlHQoKvWeeplW~-X-cpYl
zsBj+qzCON2G9?}R9eY;qrI!P5@(@^gDRPG(Oy6Ew$D4f{8m}=6BjIQ&SXXfCUJD=X
z^%(-}bkKN3l~qUCL8BWyR{>)8G+o;)u2lOrJ!2QgNUy(Xy(Khf7_Mj9t&FV`jy6#2
zY6O>H<Az055&b20`EIwtOK_L;rzC|VuiN*r6#@6llubR4m*X?iOsog#6*Nsfxntn_
z55N`xm6SyWY(J(bO@%O~^qoN-*t5;`{HXg5Rx-l@P)<lI!4|4AfM}wM`f1k&<i&3e
zQ%@$=21TtV17JE%fXkv9JAytmEHjC%{>u47`bJ(Fv9e)L58K0XlRiZ(0{;IZO@H*}
zcUQtd&;Ac>`YVp~pW5`tjr+e&BRc=#&NGjQYWY<|UCzd4RSTFtU%7x1@daEn->M1e
zB)p+h<9_!27B{|5|0j`v^ITB^JHkjBn~lllF*XQsV2|hORsN&*M{J+88)2#((_MTa
zd?$bpcqd??1gmebo6=Nf)5})Jw5IQ4dFhUEv?}AUIM~m5hh!n~8?q<~3;|t_&zH;l
z0JIPz1_<H4O{XdTW~R_Abi$Eb=Ths_ro$rME&<G^Q<mT&g!q($to_WB{TDM%Z)uz+
zTAlxmKdR>_bXhA(J2;)W(l{ZM|G3`02Zcl*H87v7IN#v&oxLH4Z$B!Y8yc<~+7)sQ
z1Lp1xhI=eOz9I(yW31_LHq(8^2R@&c)E0bgw?UcNv)~w5RT}xtS-z1VQAPy^`|F#U
z!Ky&~7VYxl(axh5sfqi$j~=JYB2^g$;l4ta7=y%%K!cK?i}4ZYB|KsDE96p5{zAL}
zVNkKQEdwx*so6~pxt$J7buh0=_!J1$&dBpEP*tk#*df(pL@twR0kkD;SAKf$w>*t{
zvlfFj^$E@t5+%7|uTmLO*lEv6IHX7cWs++d{!zVPBsU&V&pv4*X_Vu3;>lxWR+a^V
zlC`xS)Cy{iE(@o;fR0Xh?PV(bJGOT{!^68OBOYnwf(p4=2&6=`d5m(6(f~WYy4gEA
zC;Dh`;>+a@^F3=4+ZoB+q~_9`U2~r?omOP0kz(xz964i^k;a|b<S0&HN=ZGGqS>2L
z472grRpO(^mYyBWDa>q}agt2}tPV;j6Giy~nef&w(D7z%4C7)I=*`v(qoQ3&Lq$@U
zI6x~5>ZCEm#ru>Z@`}1@j;7Ab<oL6Q=t^ABdKTwk`XY;szJnpVXm5T7Sk1nzinwc{
zXY;%p+R{g7!ZS#=PW#o5s;Nc#i&P}VXKXb%h&t=p8VXh8OTB6SIMF3{|3zsUv)<@t
z%v8j^y)8a7r7Bp{r3!`NIcTZd5>Jr3iOJCmU-d=gz-4>evYB=JmHE%4(#4+$O7#Zx
z$x2>0LiH%Bar1}55eL>sI=N2<VbsYfil;&V$af9#4Z<GX{vpf1yiH%WnPH0o9>2G&
zUByt?SU8*?0iN&Vv=_FFHqt<Qpq?jRkWkZ6@4Hisdmtri1hvtQ`@DoPeDTvfzP`xF
zry8Z={Ei`Bl7q3PWL%&%0`;}WR!slvHb$!pdkcs4pb*!L7V4IgP04aFTeDAiW9P~G
z#oMS`4P>`_3h+z0p1352aHniy-L!PMM;<mf*z*IPGM6tx@d!J*by@0<Mxi5=`=M-+
z&PZW|Af9;A6QZbma%geRV~kEh>+`_0m7DrNkc^a52hE8C#Y{kpyrj1*mPHe0<|6-&
zya6@#I^LKXZvtqWCf_ZO4}iFNVXA-8p1<7v4D`%@ultz)3P1g)_Avdob>Cm6|MAbh
zsNQ|`cC#r1R<lPYO9zw#<TLxoxV%W1PU51^_Y-<@1@mxC6d}?iK(oeJy2BP@b69}i
zV+#1}`0&*6=-rmlKj;cLUBspvKThy?lQ2jzo*)9H=~^VVc=<B`ogL)Z#toM5k2Of^
z(;9?p58&WAMT8a@yYPRlK~hS5zLqDQtsXwW5;(**KG)VvR|QLXor3}hh18JxywK_x
zF0!&;*_O(umZ;Rtja90M*RO<ilT;?Hiqe((w^}Bf5q`b<8{h=Ec{S<xnb1b3PN?H#
z=XEl&_zardKz;#!&aB+#NwJ@}>xOX0+UbY*nHG$gG38m|up=33HIT+I--pqKNKjZR
zVwlIMcigoZAhLFbT{HTYucNBN7!;eo^NoVvoSbsc`*yJmODYZCi5A>OWv}K3QEQEs
zwI4G5t+aSh&6j2{%GdJ-@}R~1V<Fd7RdL}1Aj`y{j)9P<B#&X0xouVj`asM%9k|Gs
z7I#F3N&`ZnP=a6(6Z$J)fM+{*yC^w09llaQM~D#gC+#0`7cRR{SGDjYXs3}?a3&P#
zQ5*3x)77!%<=J(PZG-dpt(KsRHMydwgGsaM)>^=2uVtrGhdhjV>3%8}IhAJacoC4w
z2jb5?p#@Opm=2=eW$9-;wE>aWV!9Hmynvf1SwDRl5Ll<@+2$SO6YS>R=(>G0ySNSm
z^{>8nyQ7ddmQ4YlV*3N-BQ#)0&*&`42cSzoFWH+d8r-{m9{Cmi0LmLem$%JOy)c1h
zvC*WBL!)ATV4)mFJhka%wPak4FXz$^9JmTm#o!v>;;SHPLm;s^;AeRpMI5!RjW;GS
z+6it@qNXOBoc}J{C7a&2lBu6DC^4K*>|}2ra}p0VNNpT(HT|7DTEasv?}b>3q{zK2
zJu0CL0UoF!BYHv;1~a0#GU#xgsS0n|6pO2C<05fzfNJ%9yr&;UJ1#D2SG~(O*`^(j
zuPV6VSCviBhwdOpQAQ2BWDFL*SNC9!0UTwu8x6s?TB@RiP@9C8F`cg`ykwH&W0E=L
zZPwUiypz+M-1~?YfsS7aorTp8<_9DO`BOOXJ=lVlvZ!2OP+|nvMhPUldm%|gLD3rL
zG6#>~0`Z3QUfHuYPWY2IuB$*Bf=xUoZbS{l`l(P)A<h#kZr?sU)g9l|aCmX7;m7(*
zQs5&*`aBI{xHoNERjil*1u|>ueQ2K0lA_M~_=_d_bKJZ%5Wh!U$K<8(xqko|6~%J?
zi#q(N`2U%g{5?-){wsy_pW?v$pTyz!*}x}h`A;xfyV>~ZT=Htd(lroh{5*E~aNhA}
z43SnPHRYGAiU{4d?hd9x8Yx{atJxw;i2PwTCL5FNX9(K6o}zC)Q>>FuPekezL%?n6
zNys8X5IV0z`Y;9LVR?v?vv~`LZv}gpAj?~Iu%6<Ge>^v|xDn^Q5IzOIZoGxqN4Onw
zJ}%rb1GQ%Y?t2~WAMAeQ_xVq1lgxjfOe|pBbS81|1$jfS(^x0bBd(A1*}WBUnkIFD
zZZvfU8b+V@h^Mq22Qp1yTTaNgb_mhx`y`Ms{-LnIk)JOn`?m4{cvpBH^-(aqSxisM
zXHovPN=k*k%5hM@XFzONoh^{CF&p8=*>9`I`lZYcbctr!_UTvwNLc$w9K{@Q{rS_Q
z+jPzDYY@wny|y|UyN9%1iw_1$DF#H8R{n~y5}C`W3sBk6onW1`DD&Vz);?(^gW1W~
zC1%9e7R@e@Aq*8u+Q4G<m3$&W2|(Gx1);2tNqAb)jg{Y4%<MY?jP-tXF@$p=g92*E
zg{zRvAkj&EYmdjWucfAp!;cFMOF7@`zuX4tw<6o$LL9LT!Q&3|ZemTPiM+Mb(klf^
zKpHK_8ASdfu8di|(6q0aX^aQ%7JXu#d)Tgcs|`3rUQuZpNE6hj9IxOcQ~lUWsAP17
zK@{!$Gyn7Lw6!G(f!y&t9wv6&G;;Qf{yK#Eo-iEv5G?E@p><dqIgq+A+{^F-G%UpE
z$+tTd4$3n{7iQIH87w{Bs8HPL{1^3en}_c3(0BKSai`mR6+zCQ&*q$2mlLaz7{MMK
zu3Y`uF~VOE$v<sETe13dvg+&oZw3QB!QZjFgav>t?XA>*?Dox)+zuj(Dx;4Q2PQHG
z3rOj0LcWBhXz6p^ULK*KiQ3z{>PD2w^wS*r?#EDHfEwwh1a+mNuG<!4+eia)Biu%f
zyF%ipfBCA=N<^#CX-#ves4i0Dm*z_Mu;UlZdXFEIG@VyUoNxe#W~96i?p@V|imvv7
z_0bvTvyS{yuj!+)L}z!6fAH=<`sC>ow2NK%e%Ktr%P`aL9(CDW>u?i^Bus?nT6<Cz
zo2UF<9qbfhiSbAu7ht`j?zf&pEsM&?v$)(dj{%jmO9j{$FWE72RKRUuQp?D?7B0)8
z9;cagB7RpS^ln6h<?(o8@nab%Eqpl6N{9TsgQvcj9bK{d$&HYF!Ku%i3bif8oJl`&
z2POHIg__+79*emWypcM>(xsTrw#5`WgZzQe7vT#=Uuk9Z6&RV?%OTyGXOqy$&jB7X
z?*_7t8lIg-^LG3AP+o^x4ep%-P3!V+2#LsG8w^X&3%js*;IqM|K0RqSXP?YlkZxSc
zr-VEBxgy-te^Hu0^6@`!Af~^e?#wK|kq5s&|5IvM{+raO{WYJN_)KjbIk+9;hb9+w
z2uB_=(F5^=r?N1vC2>h2F&+~5-H43SK430{7RaNCC)C$7*&KG}@d^!pfjD8xEN6Xw
zpbTiI4fW-Hq!o`x5f0tb-j5{_fl~#o_pR8tn-bXP?y)V?bXCbu0fJKH=YZ}wf?#|d
zGeEN=U)u)lp#Ff#4?S?h5co;zYWMI92MLjcPR^fiblYpYlgBiGd{m>4P>N_UXv^q@
z9slcQB;C$z`lfQR-&s)EsfNx-7pwc)wcx4+95)PfxE(QLvakqX0lU6=<j)kPqn}Z;
zE^n_e)nDrN7{+E}+qH*Bo^eKpg7S|Jv|B&4m{jyk^w36s>9ijh=v!77)4K)YO<0dg
z9ikDytQ|iOn-rUm3sqk6pBPKY+8%UTCYJ%5FAQ#A(r!UR#2|>GG=C;i-eg+Q=3TBo
zDzPMt6+gv2I;`{$gq$IfhV<VI$->o{lZU`1w4_nNzA1iNkpIyVFl#@XyTO<BC4@`2
zY3#kDD;&g>I|N1U3$6A>waURZD)oSeau&WN#UwK6kLW8OIb20aHTxMFY&HM1B${Ns
z9w-YL(ki!n;n;u~td0}wRkvY{NT)^`1DTc{*@h`0{|J9O@x54*5ncrU8zS3K4xrXE
zEIaj6QKx0MYk4h^6k6kKVxyOCie|+zt_8}CfLeLX4K1UB00g{47R4)rS3BR@ORj10
zB#%Zq^ff#l&t-eVx0d{$g^NlST$S@E9&7wZ$Cnzc+g2toIxVOf^K(wN<*&hl^#SMM
zIPF#FG8-Pwm2_$-gm9^#sKTrz*1!^;kMr0$e7y{jTV;}jaMmk*>EV4h)1F^l*Mpu$
zV~q%fDA3OJz7R{yA`lXO;*V*JbKkT{<pM*T&xar*0|Zb&$C$R%qZ>vLC$NGjqz0np
z;)%w8()8`QJCYm}u*h~vNYV99A|Q;ywF4q(Eg`Zr{_1RC@nf~fd@VS9fZ|Q87UPfr
z8a=${FLCZ9G2+7|w6_~I7^e`y8)_Yc1UJdN-NneQi$wJtI;qUzEe~ZdwsL<itMJoZ
zX<96F8JEKDi!6U4EaY%Vt&q(p00V?9jIC^a8Z-N-_r8BBw(i03a39f~sxGb;553Cx
zm2)n0wdK<fcxh8*dHjgMv_v%O*)ZbSJj<6?<u4{(SXzxJRew&lpi;;HJrF&owe<*E
z0uEl7mMFWJUWchGB(JUM6drELS?K?&*gS^T_N)BX@baP^X+8yN0X04ppO)ROfJ+v`
zl~g^^2wPt~20hp+CxBji#N2ATO^oN_SKDcq6!9ZEE>dLlWQGeD(yhRGw+Kv*O0iW+
z`ldvf|F<Fb-pV!0{KMO>L2FW#CP`;e7xnzckGz=98*S$nfUkWOr^;7hQH>SjiiTn@
zY@(HyNe^HRW7~tUCA~{RQPqyFTa-p|KsX_=7@C1QoI0+yS8jKmq#9OT;o>6}vZHoL
z`_I_E-lFo0M|Ek2>?OWyW5HIRY%x{2qJa|~O^r8D@MyUd5EnvgHJ(S_XLtroHurxK
zygwrLNAMU}|8{UO|K+~?r{J;vCzNfYs?={QbJwSpxsqN+c`SM_6}!;*7{*G-AXumb
zTz{-Kf(TQ?JQ$PqdaV7H%I{fzRWw>GVPl~==P_wLK!$wz(EQQN*ems=hMETIP(f<!
zZjiq2CM%M3+oKl*r5R~VUG0}gget_e<qXuMpfDr>0bpR53X#(F&0c#TCqh*P5j&iZ
zW@7xvk75K}O|iQ>3Rj|2-0phbpv5GWg3bZJBII3;?HCF>(Z+-g7M`q)%t^iC!sNJd
zeT8dssk+b;>2RHXI%yFK_9k46=>9l4ZY&UbM;=D!o8Lh)Yc<_wG2<t3t<}JvK{CuP
z`XG3by&;ewHgWp*7P(LTKAxO~VxC9Tlf<6y>OS2@MZpfq2MD|<uXY|K9CWS0-?gDT
zQF-w~6Eq?+!iO|(Qgpdw(ci#A_U>g$v;}hJG<|3;1J^_G0)Pk2DMjLGcG^PIE_aw^
z(h#_-9}lG703BQgh1d7$_BvF<3$Dw@CE<=*6HgH`aZ;WQ*UY)5QSKoxiSUseU6Ci#
zSHGHNA{R~O*V*}u3@DZiF4kfztdWRf6yqqbu`mK|cr78Zng=5fhK|CasVnTm0|&0+
zLuDu%z<AesP7qS<B%i?^0Tpgv3+MEL%oZ7au<8_~OMa_1Nj(tNr%jocRE$7QJF-s*
z`y|uq+665jJt38q5*P>4EQt`JVr8GdfHO@6*TCYLDD~&_%#a|Nrq#xWZDI@u->6<-
zJb)_Mb+59Vw%t6&xM$BaSv~z2iH9jGABs=e%?jq4gq{u;aUqpU6W@2pn7Uy91{|W_
zD#AvZw*p0!t5ob_pTU@bD;>osCJ}JwF4+k<z8^A#Q0-=eSCc$SY9Tb>kU-}+AxSZs
zZSTqh^FbBUATfo1?HX6sT{tTRe1b{oREGTl9Gk=?jHFWo;L%R9{s15dhF4pj;~JP*
z$1P$3+=HdZ;kOY4N@KwNRZtyOcIp?eA^S4WmDo$j;pi_|qgdIZe<`OwCGxwR*qHyZ
z+5I=yGV_0QE&l@yEma$sWa*{uB^3#Z9b0Lg{{?;k&n&#DMZ8c*K|<+%=qWzlxZT9B
zRfL$VPUJST|7AoBLINbOGlcA$e{(Zt#To&S$C*<sF~twU_laFhBMDyMi2xNn)ApMo
z0(%I0ZgpTa(ER<_1e|b{X(F-M9kPsgGawP<%-)RMZi4V(OEgjWbr93$B?s|ca<@CJ
zYcWJm2=@jhh<r2Act|62VNyG}I-dzT^rsYPbu(iWC6;w7c4VsFQbfs1xz`K})m~y4
zhw_^*lj2AR9NN;z@v?RwA}6tYqu}4ONwk#|T+;ison|}w{qlDS+D%4SN>MRpuF<4L
zVBhz0%_&fn8{WJ>c%GnoT_LH8^02R2N-E=N1p1|miKY5SoZq!alGOW$WF#geULl;M
zCvY@NJUns*)$M8X9FB`(y7CooS9z97E^;2EIyps64sE^0)s&O@gudm0E7Ltl-VH@d
zJpxG?U8i@<rAq;Skk8n+R3*(OzaVMWCLgmC!hS6P5~DUU?;ktiw{i~4S?pt<DNvli
zM3;jgo(5J-U4%<fgI$q}Nw}lyRnImcUt15AklY;?-I*%ZN{wgc?I8wu8UV8XsYn6r
z0w(mG#lKY@f9}YD**r&V(PmS{7tfNSEp@4*RurA4;jz`zF1aouvhFKSt0PCVp)?C@
z`V^;rhS;@sXG_uQO(O=191e=%Vm*nSduGn0wyd75-3HJANXj~=@Lnn4c&tDl$FiO$
znv>O*S@ib^Z73f~u8mT_Q|KkAR=4h&yd04^77W&}&$PP=U&=cWW7Hsq)b`!jZaOmD
z_a@!#fRy;j1fej;3HS~+Y8ZUC=)7<6;<}>4L(FVfI@gBiqbJ{>69kw09O)0v&dl2o
zZ+B`I@h$w@J+7|5S@`q${8-`JTnoLQaOIKNtXhuQnqG{&ib#R|AVD4CFd(#I7<34~
z$a$BXXZjoouqI`l!{L~2fv($et)M}xEx}WQCE_+01#1fW7%ntahFT%XH4KhGq>zp<
z1I}1l)SfA-Zw3k<$ZYxDlqj1pBTkbs<LWGWRzJH^4%k^|He_^tb${AP|D44D9zQZS
zu4ESnYkI+1g@lk%n>ijgw3KY%!A)UAZ{|Y{aSsFC<0kd+71*WH1JA)37M@ex<evJh
zxPaSR9^<dFjYynV(3dy`J#vG8g0%eJpoyfDl~ZU?((AylwR6y#QVveK*U;VxpTQ;>
ze{KGY7X0On=3x4V7W|txn)$zZqX+(hEcKmt|CtrsT!jS`W))<ztG^l`k;(ea0DaBx
z2Eym(q_v`^-YS4Oag^duT9+-Ct`|>G+M6C0m#0bWqkcCahXYqVYYvxu^5E$KQ<P|e
zuvtX$!^G&Drbnuwdc<6h16a>-`p>jO2|}tYCnI>IR}#P*&tWW6e7L%t=%cuq;RgaP
zr^l%nQiLE~$C@M0(M%>&+zS#&ZX4k*`0>j`-Yv3qUNVDo5jQBsie_;USSD1-YQ{-Q
zI*?r#&uOEcfL&+BV0-k^;`>DuFae=I0B@(Duzxn}O0nmwY)FD3&)9o~maq5&+GI$P
z3MA&12UAQ#m-#&csN(t#fvS^DfgVve$68Z%0*vZ&`+=&+8&In9&oE8{StN97o06$B
z{oyrx6|M|q<X&_FrXdw|<;BC2lz$&|8YxB6<_Wlcev_vyrG7^|Q0wHUzXEj}8GyZ-
zf#p}HPYp4gr$zBryOC529_n!(>|yqeE$;ETjI;5?ed%VRLev;@3FQI4N~G-UP2Q+d
zhp#jQ!CIo`*Zu~=DV5Arweuyzy51XV8Vu2i#+s5BJXkrcfyY+n46W5b%hy7UiqP)n
znu4)I8w1D_5zC}=tKZpmFgQ}~7mpv;0EQ*>+F0ToJn(J-5E+9&RQ)LH8B`|H*6}bE
zDwD045!+>F5;vc?tyfE)&i%Znkd@YR<jdSC$e`8YNzb5@QtotWOgo^bMRcT_=`o(A
zw^60n*(L)c8F2evkY4zexjJJL5RG{kbEm?M;(B-2t*Z&B0DnGt?E<8Pbl(g%)MYC}
zSbtV32=!~)paXeG0!3tmAY)ODm#r+82j_~+NlebrnnByoYD552^%)Le)%rmgiK1MU
z<@A(h_M9mkk>zf3UiMLA7PkIiqKu_T$$8%-qopJ>6|WaPI)1C!Ioi%+l5i}~;X5OD
z+>GusNW<=H0M<D_Hv}k@=1f+Myq8Q3nd{wDkh8_~X?H&;7Jy(u<%Fzy+}1lFY)JtV
zm-n=@m-%VA1bi>HOpb2AFAEOW|5A2;d#eAz7-9a)lKIbu_7C*%f8AmZs7n22jC|sQ
z#;vq0$HU`|B|2NJT@Wp`TE6?@q4Chq4j)ztbACyh7x8(8d$7&al*s@)mSjMIG3|2m
z+P{YK9PD+ux}NxUwITw8y=P}@Q-70h2I!FEJ;LqBE{SY5O~q5PQTf%aL&$gMa}4=~
zC=o?5Sy0uT=QC&YeK+<7pl;OzNUq+8dr~9*8K-V(Ga-Uc6=A~d{+{hh<*@V4y&;5s
zn_FK2;KsjRZ<C9|TXpOq<N#|is)=(6wPQ=4Rw@mes*zLGlPKL2+V84_c5sE;1W`^Y
zH3(5FFwsXfa+o)h*HaKpdbqC|nqJUe5ndk-k@|CRKN~V!>drHLRWH^BUPy=B3qSP}
zD_LYFmtkwskFJ}Q)VJB}oBn&J+(F9FeMyZg(c_1d^c9T)_eVCoCZr%5-K(CFVbj)*
z!>>stawlN?x(5iS`6maFZ%)l2VCPGvtj=dJZtS7f4_WMM`3a$by%q?A!%_Ah8k$66
z<K_~;ML)^_%pr~(%gt0Sb~KganMWsQ?{}h9^`<%HD`T^Y*{1i&^961j?`$~JBTt7i
z;XPByLoRtN-Ge*~((d1xf{rsz1vMzeO;Tq2pew0R%7zrMTUNgGvhp*_uSV+t)i2O+
zn8C_|5e>3i&lPwk)4rnV<mc4R$cq!vQZWzt<y6B9<I+r#Lue5C;f+(^@-JXZjYX3U
z1&Ar7+8z!`u(2LeJBQrKMduOghh?A-g`PXU8r2OBIwA)Tbq<_Qr+W7}X0fHZ08=iF
zLVf?mh^j70!u7K!1#r{3^j!8CzFGvMj{NftK>r?UVY_8|gDb2SQ7Mn@*wN2Y=8v(c
zQa~jd8~<)jf?#nYv1qkX<O-(PI%=kZz@Ys;hPpmn=8r9K?=+;MmN+RVW}Au8TwSH0
z(b7|n28+qk#!Ii2n0(xYx)lA^gg81st4WPhvc^run{35m>sX{h!Dco0l{mA05ut3w
z+?d>Q7B%C$*AtS|jOrr?$V}>30Xa^f<Ht_36*S&PlcBK1nv{MJ)%U(rx*r>L@k_2g
zQ^nNo(QQg$lTkplPa*kpkSYWVoyiTg66`aKK{?dN8?tOoMX)t4WC{5b@J>=RIM@q>
zoLltl;74AIt$f&R&QiHAn#jMzDlu*RWz9(_IbY{7r$;C$olWDBL6r&9`}h|_J#W9<
zKBcn*n%~-;KXYC2O~4Er|4Y69DdOKPHwVMtxn?YXeAWNIi5(05e}WD-s{RcfmhW9m
zVQ+d7MW)R2M+v3EE90epB-Xtqab?qf?_z2~hLI#9MCXbtdbmtWbC{g`1!%eBJK^#q
z4Rv<r1R!O_(c{wD;OPTHl<~ep9@rBjSURJr&fV_zp~nFW<QP-vd&Q6^j1UH~8?^9+
z3t^h>I&e==TRp@UWlJNPsBhYtpsNP1+DEzvpW}VT&k0RSO*P^%4j>vCYAZ<Z9KvND
z?Br|0+{(lWjER$RS>dRDSD!GA@|UQx(f1!x8f2I)O}KW^Yeu}fm1hxl2}9x_eICG%
zy`z>|AUxcF^hu(!j2g+Qatg&qMZLci4srH>M45dWy~Fe@k=M+Hgfj_I%9ID%01BYE
z!BqSQ3n`VnV34eLF}2^*hpvf}{K$;!EUX9;V#>7R_aV!~q_-kOTk1X`o!Z-EyQlli
zB_lQQBRp6w10pI!7~whjtYwyvCA}t*Y6*uh4{|WDL7s#Jxt5KRwS$Q@MwF{{rI##%
zjRf39T-3C+*3kJ*#-JP)GRQ`dmnnE|IOVVlc7S!#=HB4-6$(i89n-#Cb!_z@om)uj
zNDKo(+DC`jkr!Pde3lutJZJ(aR#8k?mYKY}i=3(JL*p~vLy2d*$)jY}Z1*)LCCH58
z+0Cja&_6}{a81lpd4o%&XW*35Js)aRD-JKD0%k50tU?`Uxkr@4z}<mmC|v58kvShI
z(y&-E0ueW<K^NTf9e{bO$y0+>D$CsW5}>4MMpP^%n>gWZcb+ZV=sgM_gC%&vzaWBD
zE4~C2T@uyJOOh=REz$|S2<?45$q3TAerxFT`<}psvSk9WRI1kCMFDjo+*$~rW15>Q
zs-UFzd6|yxaLS3oobcq)`V^vYHJxqSNAs|^GyjB;=1yrOn-pJJoLbQPv5@Z8%|d;G
z<^_I20bZz<BbIaI*7p=Z<JGJ8>sP4omPWjakc>yfA!Ho*XyV2|s!@Lk3$740`YG<c
z6HV@kJ?U8+YD^76+Ptlrf`bHKEkjEeO~-N4rY(J^mvH_Q_e9(pU)Igbip*MgI_Pxe
z_T<G%XMHS1Arq;ETk3FT7w)KGZvWTA-3hVf_36cAmMkJW88NQ&7Vjx>w9tG$Y_RHz
z?uwrs8vk$E{!cCbE>QM=Q2tmL{$<e4@&`Tozy78h|K90Uw)6L$&egd~?NPV!`@0*`
zpoz=?6Gd4$i;NO}cfGsfN;J~gY_V2sPKL#ty|#Pa%pk<?{ap8dUib#xdw0m`8+QP#
z7pdvSOA|bvutk-`lCGdIyGu=pG+*I&=8E{ftBOB!kR`$}CJS`kbM6Bu{whX<791{m
zg4;auaTn+*{#^IJE_%3p>|n*Si*J5xZ|rZ9RSS8Hfe6qWOF*0u>*=q{FurSlo#@t{
z(69QYh3*6z0gGlp0c9;xIq2u2js6Y7i_d`rZluGjQNNGW3Xef*g>V^L?eK*fcZb0@
zCcfHskmjp;l@%?q1zWFis=~f8My=y6@|>}hV3(+TlqWyz0}>2cBPFc5`!AB5epO{u
z%hsBj3KocOdI2cr-)hpSh)zI*ysOdgIeevnE^lfD3^Bj6jc<TX*p6h3zJtW^B|lDB
z%I?MvD6n2*KAR$P>L)w{Byj9>PXtn&lFd)yCyBiMC{Lab4UHN8Ipmu3nh_fXB83D{
zUFIG^!kxSEg)(0=Nw8AScLNa=DT?rMd;n25Xx043I!+$|$t=OTm+n3YY*}!4Z~~>a
z0Q>QX%870zv;An+u(P_AH2nkk4`iqyaD@-uGGbYc#Hd23$rOu7iHh~T;>E{>FSx<L
z467Jqb9eF}`;SN`jVMrSAqME4>o3+Y`l;xO?X^tQ_jkn?RBW0`3J(^*s^kg^K`U)b
zV&s&ZE75Ij&I=lsL;2X>Xa~Jrzh`Udu23w~ArGFxyi+Oc5gREmZbV>Z)16|}qdG0w
z>VEYSgk4}GEqm+MfwtJs3>Vb7-7PO`Mop%g?OcP3E^W)BZ_p7d6r2+hL>o)!yr8xy
zkQns06t;5YZ8Vh5cP6B~-6%JE<M%$8+(O@%w2wV@4(~Q?gS|{oSQCk!{^e_APe}po
zqSg)g)ox~CEUXKH7CK+Y`n*e>+?P+ek6pp^=Y>CiWS*qH*J8NEvEw4obgajUnOZ}Z
z(yuStueWDMYnY))_7X}`Te!H|0Zwy|1X&s|t%dwI!cCf|nwQw4=~^kEGz&bM%nNF4
z$dx_2Csy_;8yeYA$T`1^+n$s?yGjOACzTpd^ef26-=FQuRJ$WSzP4S%9Up$Ts_!h1
ztlz9kl<}xLDa6ZEnO9^T#RaS70Zb!Y@-gcUur3glQji$jW!+C#J8M%w=eG({JKq+T
z3@nZRw%X<(qwAlNvvp*>l)JZu&&A|<`wnE7jMDNia_|>kn1lIm?;*=yyug2S?JWN-
zO!?D$_#689XT=Y>Z7j0#%ho2kSwNoHw_de9Bp<v=SVNlFJ|*#d!|;;}SV*jOiA4iL
zcmob2)z6msv}t<}!kf3f=JJuTuqo%la2_ev+x0LB-4B7r>zyD1WY;3i?@)bh+0g#6
zuMh(8Ca2o}f})UILo6i@T`g4nc`=oZjK#0%VY8$2YoQ>KI82W4ZNIbgr6$-`px?!&
z<E!FT#8RG4!e2N4`BIGDm1-F;3t+68ER;&9miTU@P;s@Q<Q#CX<BqC=+b>e>LwhDw
z)vOQ_`;WB*485a+W@^cYV#Jz}2#`HI$P-q-%)jZ|9J(4tudahQAc^tXXSUzY#S2Yj
zi)<`Tho(>Qi_>!}F|sk~+2&Yp-`T98z=eW=&m@*v<r;Yqx{x~#4rCvFBtzL@F3(@b
z5z3Bq=_6Ugtl5z_l=(@hSB6c{MoN{p6T{;;r`Lmhu#qH?Hx8t~^hZPJa-dC<v>kwc
zD?c<1eXV7xLL*9lA%;mI<H$d;k7V!=@KzC&Mf`yj!l<l520_JH<to-J5I<9aeovkz
z;M@vgjrAxGsdS5@xe^M6P>epyPTVfivL{Cq>}<bMZU!=YcEeYuZ~6+*DM(CT7@#`>
zQX3yg?AXdJL|h#cu$6{3jKe0&i{%obI~KC8_i#Br>_%ubWdZ-h-g5!of{7#PcLX_y
zqv=qa234ffVKD)jYgRO7U|X%F;vgR+WAqHUYVeqzhZD5ixT@=dNu}+(vkJOnb?^Tc
zkXF;m@n}PsJ@dswwGoHOQ@%|sUUKt(hb>)=+=G{v^y>Zs&3U_+OWchY<G6tHnrF!w
z|5)5*xPw6~c1{;JY?#c)yF!>W{S*|XYVOO_Pg{2G4o4XVZ0%LI+2t?is3Y)RhzaLS
z5Vp>G?T^kxj<YA*3C}Qykh%wrv1?!_j_**(81^TY7|%{Oeay)u)C-m8P)?B&V@7a3
zGu<N%ge-F8H+xDuz59Jbq3X|-^l2&&##S;9TLWWF-aSfSS>D=C+~0oz25c0kF*ll3
zFjR77Qec6e3z}l$7#_FG(f7dzXi8Wzh81)RjzOmFoR|=Wu%?+5x$#S&42g*z&0*pa
zuId^uZ?xh<ls8dabeEUXtl!rAeVRmAQrMkhKhZ=Cu?1^bPUf$M29Y>;+0;hmt!bj#
z2%y9mh|Q_e>linYEmmqzF1t~Vkvr>lo|PIwaw_&<I6{>6kMiMOG!DfMz~4<)*j(R!
z85-i3m&$$M48QHZ0q?KC{7Xc^|J41TMxXT`67g38>pvxe`9C%KMJaz=K*3kPP#w-_
zV{7ue7BZGJ3P9^h*;L!f!~bA`i^xS1Gau}JON6DE#5zj!D<ClIPy552aj9Q;+Je0-
zQ~jp89DJJtzXJ;HEZP1ftv<{8gY44F<Q~YLq|Q7(d4y<!vU~2MdJfBz1SJ;6CQask
zQbE+tkxvCwIj*+79-BX@z(^^A&SxF%TH}PDk&Ex(M}~)<&R~sFXt~UUdEj=!VdyXs
zk@%lEt7DdsV@;Q*9mzEouC$VI^|JF8+}Ft8?r1(E7t=B1dbP7F(c^~)5fLKK!<K{6
zT4}??+<$=lyb%5W82iT<OVq7x8!j7Nwr$(CZQHhOTV3q3-DOvoZQHiqTI>F@_fDRb
zeCzK_=ASu}Bi9(?#Bs;wjjFv(V@)SAxQ-WZ1Q8km8ta$!Sia$w@PgXUSIY^lQYm)X
zjeeZ&tG3IZyP6HKOVc(Q;P8Ty>Q2+zE>mn!A{s0Ca6xn{h>I>87J<KAHQmvj`lS}f
zF3DhgJBrbiqJiQ-d_8y3We(X@vBhcA<2zbMZPlm-{15Dhf4llo%+HqlCkWW9g8!h=
zlFDyENd#GR>9FMV0XxY|a~VtE<wLdXbt63TzjLoZXcl#uH@ELU+hy7QB;GVgN2K%J
z$B{eaQN?!0>X1H>bWUTmjbozG{jOY|u^x!6AZiIc(0ges$00}+^Z^}xB+o32CWkS+
z6Y9UI2y9RT3`+v|{u!ssW&M*z{f8qVo)a!RE*HM=eZOPJO`%|)4bAA)ngqjC%qtZy
z1xh;(q@kMxW;@GF7-Mi_#JLO7WPh<K4$M!_p`yQlOFy_c4$8wVf=ooSO#0&_@vs@U
z_H~J|J<EO(%*7(`NkYoRVaScL^%@phyb3#vpsQMk^?puj8uZ~#B4NV!=aGFy0jVPQ
z;b!UBtPPb^!6N3%i;<_tH(V8r1>prB&kDs;<*qFRN=)qTT@b<MLg=j=k7@pS1(cdE
zx%i!n;p#(qMsOw+S&`@Waq&2m8-to*;ExzeU|MDA(pf>GOF`U@R&(kq7t0pMRCSB5
z8QaKG8A56A1Dj{+hfSV~&g7xJhC5LRz}eUU^m|mCXNaMyyMvgp8V|1`W_t94MO7HR
zp#agnE7Pi9<Z(VC@(k&WX3kt)6y(VtLn42si_@8^ts4_%7vt3K$jKU?&N(7)Xv&g_
zu(zn6u>>T`v65$ogPV?U#+<J6#EV05pi{fCau-i!GShnN`fGC(6qlscDhz7TXKtQG
zmt%%UBq+wvr04Wl7w*Y{sI-RP*}TN;v39BBytoc;E;J6;IQCA_+S3|F{p#YWfdj*G
zl-9{SEiDRT4)<*-D{4S$x&&xl)*2VHvl78CGDKt)$-q%RcH|}zMSatWv}IXct>>nX
zVl?TCzaq9Quqh<8l4W>dY&cKq9nIgt-7lx_{rnx8E6i*EAD$(DgXAyfeCv|`s|R9X
z`G+<}7M6e2##ogu^_TQ;`05q;FX-5dC?F0Np0V}-Nu0^Rod2agJWh|%%{TtVVaw+c
zR)FVtK0!FPTo*I4uh;+LfO}6A94u&_w>H%Q#k=9ydIbdaXmJ@tEI|NwlQM{LEo`i>
zTnlr4yz@5f4+mBIF+%n15=#jLf<UhaCYu2?%r^-Uqpu5!x4rkC=dYM(LJ;!ea=r6t
z2_+$&6xR*XJrzV3pyV|MOFkiv2q;GpVd$20WAtt0&KcJ?&FmV@LcG*WIV+wtsmb!>
zz81~&230_ZvfA5BZ>eFG6z5z<KoVF^_?}ZxLxbb)A$pq5U$vUdF}>4tl(Zhk#J6k5
z!Vz*qj}Hy6d%TN(WZ(eHRhS*$Y}MRhB$N9uRRvPg{*;%}sQ_|@#jP;a##h)T2y}tC
zROWqVBc+IF3xnTHPN2t?LgM45m=aIFcp2FA77ZM@Eb#tZFTZkXvy29vAwXCWYO!4#
zx|gpS(`_jZ%o@F)g>pvw={1d0$<?HtHqACY8dHz07y2X8*0@bIp6x+#s|NN~n|(Kl
z!hy?x%nAj5oZ<NV+~K@)B2Pn<krJecnplERcE+nMO)1dBtny-vR~iz{5T5TQj89Qm
zZ7N!mG6;Zl?($*U+Kngyq271)!xF#bOz`8))*(X_#K}F;0H#iflXomG17E?F_yQ6f
zBPkqjyJ*vXC=z1$V8WuI`fX`t{>(BThFR*^rMTVaQhW4rL&*%AF>xrqHkkNc8o=XV
zlA2^Cp^=VInv0tQ|CYfv%DgB%{L+(pjKe#(w}?FY)c1$*hHtBLzkq8_SBo;eo^74Z
z_8?OkLN`Z}_?0X&-_qESa<x{^#Pp~aXt{Dqx!3a|#X$m3M$e#8)SyzJ%s9o{co>fu
z|4hQ8U+(=LF(EZavMk;m_D3DztQhf9yKie^yRaf3Mkxv9`LSGy&^WEav?%o~XV7~0
z>mYJe4~M_*%})82`dShm5&{B|Z(r7yy2DtFL(Ie3x;5iQjCYMNromU74Z0L){%$fT
zG>_`o?s6{8&}tX;Zt%c)PvC31SRG_9CgY+r^Jjd@nQ$FQ5e&^2E)3W820y*5ItX<E
z@xePYxpzApYDhY2TqBQwa3GREPI8<{x>?A>wR+sSTweDHtsUzh?*6<g#{Mq1Vj2w7
zL9<?LQkyflRJOwN0DW>pNBppiYWYq^l*Im^+#w=r)@0Z13}rI5bjSmsI1KhGmI+Zb
zb>WniW9*x;cJz8vTCKL};>)H^B3)`M4Hya3Dcs8e{}z0{JhrMeqV;;~Ggm<#>~5((
zBN6BKUXPYjhpOvouf1&c)*MH+6PK1N)5||yTrn|R5NBd-mso3f`}Nd$Q|z6~rvgzv
zMjKWdoPu7c=(eiWsvk;5xFgV1&A5IRW2w4q<`;7CRWm8VV{tz&M-8~J;Z<c!+WJmC
z0n5QP5(~GaYJtn4Eh6C#MGxWaU!Sc^VSf_5d9{FcfqVg<N=ZZf1IYe{)88OtVEnJn
zhvh$wZU6gvV*gjd#$q)Yr@scQJGFC~(dg*NdGNALZL%CsQd{h(Tx?Dreq!@{FhEdz
zn%^z^X>MpB6dLs#64on=;l!JlT|RI5HT0$o(I+UIQJk*_lp$DXgZy+}NE4<`>9IF-
zS*G!ms2J)9DhNCmSAH>uaR572r8_Oy3aGXE&?6P4La_vcTh4vEAh(>J&{wy91?;98
ztg!@N=$)OfA26nK?vIx;_XKggVmPaD=;3?O6NutR3{oXI2_Jb4b7OSB((El{jGzkj
z+Ymx3jeD^y?mvUj)={m*hxR~U+!<w7sCB8gjTw#ZAcykOa9^Z+M*(C{a84Il@GqlS
zme_zYo1F1oOsqEo*ua8at5CLAQ;_tu^0WG%5$eG0Yf~mL4M4JUIkw%a=~pF|w%ay%
znBRv47ES}B?L)>9pbXV@nfrF{>g{3Z$dFPehb8QeI-Nt>kRAc6N6?%*Q70W3y&XEo
z4MKbqix+_H@p9)k_5I)w;JMvk?Le-fs`^sLL{G7Lu5Vfo+L>9B1#iIR&A}2{;i`47
z-+I%WV#2OkF+tNO9Z6`~)zF=Ptis|KIqzJvQFTehG`A*xMLLdzzyp5J31F4RpllYv
z|2%xEx3!{Qr~^i%;g%ae4ygrN{IQ;7Ku|WJ3IQ8f*s86C{M_1s)EPoHo9u<bp*S@Z
z$@K>!FzPLaF;>}x67T9xwqZ{==X>|VCOPdur>ulr)r5@cyIegpn0W>scv;lKpk*Ke
zX`a9)Y!tq9gISjHpj4fwHZs#?WE%v88%QFx%DgNA6@Z;gaFEP=TiD>R?UBc|u}I~O
z+UZB3mCsvy{$u&VqtkkUW(6WrB*nc`-u3sqrLvbeM!~LMksk#L&_fxFIF&*|tLLwZ
z#R8N!z7zKC6HE(8>K|Z!pZDaAz|?-l*ANJrue$cq3sLiLe}>W_V$+IA7D8WLOPWOF
zl>Mg0gwGWpD#O(M^PCADtH4Wp!&uzJv!;PpA&gn}%Ljb5p=#WM52#2sFlVq)B2To2
zrayo{h1X6ncA0D6_vRjkpK1|OIq6Jp3A;n<-AqBM*2<!4Sr_F|3JlcL+xoWS!#`f`
zjDTq)$f83{0*%6lK;V8BUw2|$gFU?EVOvXN?u7VgACf6C%HF(={w%Yl&0$m4#R{sd
zsvVb@7vL1P#>cgwN#1rBTW1@l@G)e4xLv8PLnR-688*qotRGH6=@<wI03`bSj5idb
zg6>!XQz_i9l867y2rOiM4CZI7Gc=JFg6j3IegSKkhl=!nx)@fTNPR^bI?_T`)~3v^
zBT{c-X4DMv5#bQptK6>YzkdyQ+@!8cVCiTz0X)@K64LeJt91*$Txx<)PNh{|dn%r0
zv$Wn-ES$sSD?Aqa;Lg{*JtE^1<mokUT!>MIuxx*<om!KJH^5b{QuLXDA>qf~2B_4M
z`3(iMDX|%26s+kgj^_&hHU<c6bIF=*CmXI-%B4H5&KV+s*x-@LtLWB8N^LM|g`6v+
z@reHJHO-ESvdMw$5qnc(toBJu?Z|7P){zXx)UMU#c>qOXdFnIJj|BAPVOk$;(uhyG
zk{v@9Ha}4FljQsR+<qYMIPbO+iRZ5ipN6jUNp<?%Q5csS^IWo_KgXu`Z<L92)ZD5!
ztfMauf6jE(zkedL9`&@`MR2UD=-vY9T%!Hy8u}=hY4hXmaTV`cR}YKBsbnr#!^YI^
z(Wc3=4e_uDD}XCaUP)AhE2`CU%Okm8ZV6iU<!QEf1RlX-T^7<+^ORsTnxhyv2^=I3
z^YM{c$tI~uP?y}wLZyanHPfz=sSv}rUr|1vK`SL`ZckjB6^PZNx7~R@s*y5e!<GBO
z<$lHf02g9lPW=bC{|)TF;m%C|Kd)4dzc~Ka$Nvj=j=w@`|Nk!2tJHLq*4UB1bHrNh
z8kr&%^XfKypbWUiU@VmE(@xIMgKAL<45fM<_1&qvJJjm42MB750{{#N&(@u$I-kVX
z1Esj_AI7?lQtpO5V3z*e@OPhDkwuFBXn#%$h8$4H<e$iHE6ig(Yl$`c(bIK+f^8Q5
zcVOnBY}C0x^p*oZH(vc85Adsot8cjpu>;S@WVYK89@)3t<o<Kyh03Xmoo3Yv$X!>E
z5N|g@?7bGY{(}W$iguVOeW5;~je5s$)RFgy!=@E^4PMqFhpxwML)i&Clp&&nImF;c
zf`b2xS%^R?K-vmSEJ+nKdp<0Vzv1|PlkBz&)Qhih-w#7?ER0VyYPNkrM#B6xA>SNk
zO)s=T-7&+_Jo=O+@0F3)i4nWL`(>}NI=n$hha{XwJS$Cx5mmuj#FBdbFfxY7h%-B}
zGZF;sbYbMgo-GMO&RqV-T5sS>U4DDjmcaYgFmOkBZA6h1xEH7Ic<*0^v}ffxg^?5@
zH5j#tD$>k+^F++htJ`#@uB8i(6lbCzZCqa$=O)l4=+l`3y@%ShK-IY8y0lQf!%-+S
z`TM(IlCM3dwk2^7<*lM;we%bDRL=&=Jg+(moy>#|5JYamyUZ75r%6Jdt72(=sB2)p
z#6xx+^9xkp&E_`{Su?A!l)z3JskgXH8z~wFSUy2iG)lVFP{}dSL~D?0Z5>7r{kUyY
zD;JSvCH=4dlvPH#E-JaEdf$5B!VuKe$5Xos%VBCkD_B?Mg-*=pum{Uvi=Rq%52t+6
z$o0BfyoWdPlA74OPUgrKbh>nLj{r9t=y<0KOoU-Y>BPh{WQyq}#1U()AkBZAC+8KR
zu!}6TR-0>fU6;CsRvVhmYE5VyF4KV`@eZIVTgz(^tbPJbw_~>bYA_E_hZRGPttwOZ
z8FmsjC*H)7o;pDlWs~2xn9`w5?@?c+vP@<2H525Mv-fAve|;bf@{06p8vo%MhKL3`
z%m4JFJ^-=BQVS7lea=<~IK5{KY#-aX|15BJwtehQ8hKHlTP*!^zbZjPA}z8k0Q3|)
z;lyR(a&(e5^cT>aJgm($xJbZh%CaI<k$z^JuQfNrITm!$j~$T+YPin=Qjqr;yi(9k
zgLYyq@x9U9K<~u>t5V|3TNSHDp#|7kIvk)=3l6xZgU52TVD}@4M7Bl~I!JNGQ$W7V
zy<-idjV1*y1fi)rmRb88_c|s_cJ4=dW}aUH7Y?Q>iyz4uj#zFjFptq$$R=Lmu2>J^
z`aV|JI7L}w<$?y69u3Etwg7B`n`hFNZSAahYpBmnfv$yZN7)>!Zp|>x;3pg#`+$wq
zze9EJngeSC)w9RpA~stEXYS|D!kTYUhAiaEfUuM-{v2x^bCd(W5@RiH3O{@Ecy5uP
zl`}DRs){E|a|x?qK<QLyW&1{e<+QCJ5(ev7(45R2N$34p6#6|jE_%wd_sHiuuEKTo
zs2MzP)nu^Bn2k!}#c4exJt8{pk}4w;Qr_B?Lr@KS1M@5G5|?uUjSf$a{32KW^%kL+
znE4DzlXhPc#@_%?a`uhxvOwUf@2eHrm}SCl`(&w`NoLZi@Qc&$W%nKA577tgKXCDH
z*8R;zM*9C62U!{Zp^%uB;oq$c)pY)<GW1#c=AunlFw#TS<){nS&z{+~h<Zcx#~$(I
zDiuN;MaS*o{j@7Zyx4aHkXUOnFzVCmbticEGOt=l(6x@YtHyfYPB??IZ+UxFYU&mE
z_R2Hb|1V`p)iz`1;=wDb8DiS67{y!i2T5r9K>WUHm^8tF+%e)QzoN#~j?itM2t@>8
zmf&sJ!{_T0$20B&Uq?e1@uFLW5SJN{B+)L{53po*UAEC@mOL8YanxG*`qVP&9n*<9
zLOMlNG{tCeU51qEzY|J3?ge+}*h8h3$O57s$TXs;0ZpBr$6d-JU1%0S%_rCDUEimW
zM)DbM2%PORQ$Jwkv@CHUAvXGX<j{yZVkEDaPtyI2Q1ZqzL}?=e89vjS*kW9Mhz`Vx
zR{9Y`x0-4Y>{N^tm$xsfXj?V!_ekkFDDa(<m8w+^`K`~FWj$z?Yks*Nw^pyQOFHRC
z3Ju)}Uc+2AUsQ#RM9L(vR0h}o;LA7Gss=;zVN@GLoLKFLX`a1amVCXOh#caD<bm*x
zYn{w3m?TDHZ>5$WN1*)~EH7aqxl#5atT{Kg%vwl?lNKCs5zYPeYa9PgHD5cm*qa{%
zPV48+=_6?XS5S7UOlSdW-@0QvXdZOVA6PZ5)<aJk(8s-U;P-IOOY-xfuX?R<Cko3D
ztCuswy<X}u<jqB|*9lmAoGktMmpU;+Ogs<H+(Qe#qTtsX@?2R}By8ooM-<Lvrc5_F
z_49}aeeU*~>fC)4t?^IZok%m_?Car4#D%C-ezng*kx*M)MjTXYEy+}whrl36<e<3Z
zKBU#Q4X~YM0=QKzN?r%D5lj(cMy^;i0{eAPd<Fz1Wf-(k_qKI5?WKOp6II*g4ewTG
z88cl`bWRm>W$Ae#u*{yS12JIlN{=C{YRYJ7cXbEss-HcmH7HYUip%R_)+6m%H=`g7
zh7GV(lCEmILqsZgx#5k6e?WfFpKEmnR_wb9I~eA+y9U3Ni2)<dn%9KT-jFem4mL=i
zUjRO>oUF#SIWGIJc-%IqdMm5`tgJO8-;7w8IkVcADISS33HqZ4fRxeOmj{9x)mcjN
zNxDWlaX8SLKi&B$McZm<(gvDQ64U2#9TdjBk=!KV3C6)XalNs_`s$IzOugbiSc^#7
zm_d6Mg)KR4RPDx{qJGza7e5PI0%XS)0XGI970|f4Dq!?8nUvFcV!X!}{<ILuuabdK
zy<L#+JGEMO@jZBft6Yavhpj+}ghz1}hm0|zLqW0>MO72!Fgrlr2Yl3lvnio;yohiE
zu2HWEC{b&)WL#PsDxwrT#_q``V`;tC1jmGW7+W%wqpOI@1HvnCi)M(bnd`tk^5XS_
zvMp-Ix_H%o@}8kP3<&MkqV$9ND$_rdA-;0$K6FlytRpo>GOy-gp(&c}xL<9hYd)z#
zj;>#Mcp;am1sh(j*^1XAsgDe73K(-Jcy><=+-$c2cyKteb~vX2QHO%of2l{Z{>j@V
z=#0^baxR`c^)q;Hi4VGvu_?&UExJqV3pf&gz5V}X-T(3H{|5a3IghaZ(*>3F-(65A
z{&Ft<-K{oWMf1I=^iep?y{!X;Vuof@U{go-`bolhsQL{%*PZVRsvG%ewaITA#DiK_
zY&_}7jwjP+c29usI;4%?U$mB2Em&Yri-p^phnrD*AcS~)7Rf+S4am{grny=hpP$<^
ztU&jABCtmsqNDgk82d~$QPKfBc+ilr_%)qN*Q8%dg~>%_as+-?on3A1{_F)eS!$bj
zZBM;t1w15x#S{_1`j8|7^CT-iI@vOplce+v?K2_O+pYvq97&*dMXJA{YuYFdzjM<M
z>2pP+2bjmUnWH5T3BNk5iLCs8djlP1W+Bpg^vm@?&D^dcx@QUs{751P3e}T{`cg%v
zX$>bPz6DRnBaNBc6sv2gzu%?{p^4UJUhP1CzOn#2K4HIyl#0l^%<pFGK#iwMK}69$
zQ;a4{px*`my#hwumq5H59^8xj9bpSSvJ{2ZBP$eW=0Y|K;KhvSb)3XL`Pj2{t!U}~
z%XD>qgQGm8>0Q^q^jpStx8NIOI*Ij8wu<B0rfxpBy!G_mb^U0cfzlJ>uQ*<WNFu#-
zp<5=|mU!@8x+d{}LD_|B>QpkdQFDr0RS4g}v5(r-T;AnbUCJB<8HIm?)K_o)(~^Ja
z-r1ivgr*q_U0$TL$-%fK(3hwRa%S9ZOfD$C7KE$u=_htd#!30CUi@d*BdXV#U3$B{
zNE5Y!RGB6XndstrWt{T1;;LXxuttB3yE@dGwPBYCWJ}wYo#r;@S8IbwpOjiiS3(|*
zhaZ^H{f51q<I;!$eRYCSQ2=Y#+=w5fO2KW`8-Pb8)x_8hIHC?Q);`wtv29w9S*y9c
z+Wiay@?3J!WqV|ObW!D)l)loPK*)t46;=DE;YPI)?Bib57MJXe1qro1sJU4TnC@<$
z=q}>QGEvNsnzpJpCDlr$gIa`URthyeh%KwmRa>g)SZz)KyBv9A=IC2-ud1!H-|CS!
z$!hh`z<RrL?J;1UPJDl}4>6GiLZW5%hjY<$B?4Ig1p-6C4|8dV6g*fib`i1d^@)(a
zs!7b>^0I?s0Nes4@^=pegyUg@@vgBBo_^Zarnt!R4?N+V@J*Zn6fLEds-5++^D(<Q
zZD%Ws!!_<IG9EV=wpg3g7hO;OwpAr@!C1OQh&~zJ>=XN>y|^E4CL{nP<{&4E?2W~u
z8Yx3oBlad%CznJPeu}Aj7-z$4?`D&p{-?w5vBY9>f~nvQD|a|4ro^Ipu;M+-0SGbK
z<AFbZ+5T~TN3Q#d2wE}!DzXrtHICP(pNSrjA?h<^wfrei(w%O0`*p;<HxxlFrR$r!
z0{fos5xUc$S%I$0hSrgJR?G<)V5^tV+mF>AO?e|QCTN>|hTX+0qn%PZ^|@02y!`<#
zmO1tK59s+DCx4@d{(oFgtpD*+|Ihfz%KR_K&;PWr?H7M97ZZ`~PP3?f%{eD()}@$o
z=6w5UhzSWGK>;pqjBXEfw8eGySQUIQR*-9#d5+FCj*)_i1E;;;mg-@BJ4Owv0wKPm
zgTO5^1rT@b5|HD6H2@Jqs|IM;Y<(dMvjRP*)raJzp__m)F$Nt_+9wc=+>qrZl82gL
zafhLe!3!WK6hIKEcfsXuy)%X}N6ez}fzYM(uJwq#r2-d};#<IYpeC?8gq{0-Tc57z
z&}!oaqZFC#e;bhK-6UGlwr_;kl~P-U_uHE~c8EJBiZ*<w*eWH;)P0(m5b3$W3_v+g
z=#ylMa$noR(kMk%W7LK=Rn9?ecKp`q!vWq*k<qJz`l8o@s~C1y(@xpV9TjUeuq5If
z+>VKQL^4E_lgJIZsa21D7#I0Pl6q(9kk@0PBC*Z{IEa2u_+q0h)1PjPVGPPUMV;7E
z*+@@9OoW<xwGSZ@Z-ViyZj@b2z?rY}T7N=e#BI|OL(bI@M@%y2#FEtbjQT<Q#hnkF
zOk`K){ch)Jo;TZ%S6LB^Z2}AZx(uP2QxU>WcP)TwN}M+lOP}428_|!ArV}k;5N3Sj
zA4SNNlZvW@=ovg(n!E*K=+<d4>snn8S>!5IpBG3rSlw-q=UH+;0<AVpRkU-7K;EH8
z%MZ=W+9Jx}F(qZJ6p3o?7ML~0F`Z(H_@qmtw<So?K3NzTzyQ{1)mqNL8@j-<&>Cdj
zAiye}ETrp}#JJj{WY2X)X{0zlxPyu7J_o>Pqw7;7YrZV*Fh#{`EZ3FiIPc1sl|bk=
zV)QG!*F+({Z~4epIM^@^c}zd~x62n*P<v{D-VzzQ^RppgO?F5Y06Kz76Jk9Jj&*Ki
z%uX_EXrv7v;VcR1PTiNcuHQ>pN)baw$)IkK%;-JLHj#BM;TrV2iDAX7{`S3yKlzw0
zCEXEVL?-1xz43dlN^A}}YcH)RG7d-II6q`n{5fQ|BE+2v9k~2(2$}hfhD_}R%;69-
z$z138I>s_k4$pnW&XGlLV{SUN*k?3FSItT<18?%_4X=G|Z}_0eQ2A*1+C|OMm98Ev
zWuV!RzfU~Z>U6a*OfJS?YSRx(fMB=qkH}P^D5{#RosUojYs9S+AFnXsok8F!rRx_X
zGTe57BO_d=8KX$5$xO@E!smA%biF||>NmIi6%fmtp7^8)DS>S`NYXc(P5!K=c<m*c
zauK)y^TOb=mIKX($aJfODx-?RNQ*mHGgI8j-WX#lQj$+M4mM`^=k%vi#e)4~mj%?M
zh?BFhOd`<dFt*i*o8GDkO0Qx^he|vuYE-U~A#fUtUz$jIc%Bgn`99_7u7J2&oK?^2
zB&R=(CVs;HlGs8^zfkj**h8EHND+)$d;plQ_3UOFxuNz8gQib#oujt`&gIuaCsi)X
z^fhi~%=#nxhJt=_4HclJdkI5?jkFizMx{9@T`snK4m~u<V3&ak!}n9Zl9saK5%B>A
z#t|!#zMx@WC2%E2zM#GHM!xz&cS5TO6lEN%0a;|fA13vF!8pO5Cmb{=eWRN5b$|U~
zkN`c&U>&p9Xp1W<xwfD~ARt@+%ySqBHj}M!7f9D-2w+_-s<2`^1BobtDAD*C5R`^v
z>WNg;d$CkDG8);-p}SR%Um<b|z7vmU`<V6j@MsxUioG(I8Sl=Q8`!69RkIpCQ^5tr
zVqhp}q0(c{DH|5SgS*WwaUtu42&7k?U86+2CaS}RE)k|=Se!d)1c!~K^Asd~%%SKb
zui&QTIVYupoRq{^oc;U5QXf4|$lw-mw_T7QKxL2$<Ue5hZxsKHZ6;Rc|74M}{?l!n
z^<Un$)wJviMUj1v)UsPHB}bDnXn{|YlFrM^cIUAgG*wjaNa>r+(9pwrCl4834tR`!
zp=0M*N%WytoSY}0a=6^K5uvI(v&=Nv`L^uUF~b5oD~gdo2%c$uiTHqU2N0BJHP}@>
z-F%OxbHL1TEdb3REh7j>8Hl0HYQ9g~@J|pX@yL^0?s?uW<Rl9FisIGTZftl{1lJbV
z-!Y^@yWWnEtGY)1v*92x?&6SlPol3&FUF51j6oX3Ryn8GhgKQoA(A3h&MRoyk(4@s
zP8-XH+z%X(=GgsZXz|lRpAyY;-fjM#BnFPLa4(c|tLMI-B`T0?x3)wwK0xJQL}TOr
z=J4a1X`+GzF$hu~#~{jHHK!<%bisevQb1HpX@nI_pOqFQ=Mh<U@mku;1+E;liPfB#
zO<^Jn;H%235I1Iw$+Auh_*p<e)5YA6>ldl(1!BtABehMgOT&rD<iox5D+EpDfOTm+
z<-yv1DcYF08q(yi0<%`_-`{ZuXhDh|)K}htk0eWoq>RGY;$iY3`dh_7VWH(a-s`|N
z*&eHx(T&0kCU$Neb$@=ooB}y^4lp67X(jXZ(Qt%I{c2~3k=*emq4~gL$X+@=oLqD=
z%^1Q@#=KD}U<MWS49h2Y2Z{`tbn>bBV{(L^F$R>MJ}Fc#eHZf}g(nUCF7k!T@C&fo
zIf(<U0F_K!L$JGDSFJ00h}a)L9CGiby8STyUiG(};O@8U^UG|<&<vuswf4_yxyUsu
zxf!NXQCyeZUdpuwzqg<MuedF|D7?MEi5q~g5N3<w#ir^_7{94W06v_stvL1w8#}D+
zZqyL$m~2so2rw|Po}h#tp*;E;c<-*O0DBLH%@bM@1Lj%=aZg^v-&crvc$^<bA-ZA4
zN~w%tWs^f<{vp}=M#ouL!97?KL7~BOLYPX{)1&>bu+vI$%Q!`5CjOgvVVhAH5kW%t
zY=lafv{GE3k39E34frz2tfvYt!NON6m)H#_=)_E4ecgAYk=SRL+T;)7+RVV;RZXxG
zgsT78#Ycf_G>!eq;Gs#I02rv)(1qcSwK`&kgLvwNHWGyYlbFCT5xnzyAPPLl{zyrF
zZ<}?3{VMFbh7zMg<-00VQwiH2c4w7-mGcS~GA=RFb5|FEOJU4f59tB(26AKrCu2EM
z+`}W3R<ARqoBd7)`$=TsYz@xE`;v8E2h9(c)=&kXMBP8}CwdczUVB+k9T{<HZwgyN
zES3P3QJc=a1|2>l7+hL(Us$Nv%#lANrf7F(4dSBoeeW@B;x^82<0JQ|-%lc7!1h;j
zX#3)gD#bP<BF^2~h_5sUD;(ydqCRC;g`rYUqr++nb=rfa_d5scr@g)%{km8Q<DgFl
zo9C2B*KF1;h%qc7S<sTA_Y^skwo?qO$}4QHp5G+3)#;F*OE@owA22!j;>SPG>AweS
zdiMWzqp-65gYt%z?cXVHzUlP6yYpSDVgFWB_3Q|1sGU>Duu==H7B{u)|Fyhx9v3Cl
zNtDg}Yk3#nJ|Br=U1m0HZ=A5z=5xd~j|Kr5GTr%hRSxU>p5EI8N#5Gh1(!%1!ag8}
zd-PWjPbT<SPu1g7H^@8@|CdVBb+d3X5R@W+8w{s06vn5ClOWM|5D!ZS1s`~FA~!rm
z@=@<uTz57<;@tiOeD9RWHNo+;uA%>IHZg)R1&P8s#)@waww^YwUQdXss!DmlV5XWO
z1*K_7;u`c8gH9DbRDa)#JF*#Zz6hY$U2u_8bay3BJy0t(-8NCT;-9`g!q~b3Mke~~
zx9cHx-PF==Nl&<gu=!M2-FC_o!?&QO0rGZ?abNO>;pFhSK8&Be1{IGfFzvEWp}LPd
zvPLYQb;eq(;bt)_)b}5UJRy;4I6zxR5djB5KP7Q#nNn~=|6~f;V<#zInWRBw(aI*>
zV7oEEd|0S`b7E=U#&Dh)M4$e{V&@c>nwFCnu!4VN^(O51SB6=T4#QjWN;p*|aOrZU
z4hwdA<&G?KO#G7Vk!FRKg44iKOTn%FBuF2Eb?8k0-HcENQ$KBGYpcr->+Uh8Qq_)j
zhT4JKOc|A(sh`Y(ybiXb!VNRnNG{Fysl(}S*W<N5tn6Sa{TZy6h&R|HBuI~q+<N{f
zG)tQ$T2}UHRPE3hdzI`p6F;^i5~UnsQhW99u6cSNKckn6hY$6Z1Phg{XtGfbl<FSW
z6*odHdfk9<k(h<=F6RnB#$2e1YDhmj1mh+mH@3?&8%h+qCVkj_#y4&7GUNLq4Jw=-
zo+T}yQ!KSQI{6q$9oA^9gkj-ntmutsYVh)Y>8aW4#@SwhH9tQ*$sPTgE<J<WFesqj
z@a->a8?^M=C4gAcwAd97dHyVj8z<X`>Yu?bbi8p{Fs2b?ps0fyZzYYF#66kRU?!T0
z4D$*_iM{V}$l1`Byn2(I^oAPN#QuVWH(Y6nR^U-&i3e30s64n>ZJ+gXT`|Oe!SQV1
zo07Z@K+~<!ph3=tZ4;P<Y1@Idn_&TlC-?b1x`8WAm((Yavdb>~F-c~Lj^OFPIYUg!
zoCClIH+ULxZ_*!wV>G|Pk~(j_Xf>>`R5l)E7~8)x@l?ogEsOlt>v6E(gA}$R0BjZF
zL+<eYVBWA3y0cgjWOQ4yLKZ<*ekiAOMfrMa^DTAAD#xL&(c>WsF_#=EUzzV<a$DqV
zZNTic&m=f_RDUj6t>7_XwY0cGkDR4h(ru3qA5o%C!{FFwHX{lfLeSFg8;jX-k<-);
zgFSKy>EDRl^W{OwfpQsYVhdEms+tk9h8{>w55P61a6ZF9<YlE+tGX=8n&G(t7sGoW
z__R%(oD1LPu*)?zmi<Lc1Hltsa?^pYz#HI8oa=PQ?B)iS(VwoyvGZP#MfyAW%<PD5
zQFEfmBBYRM_mMQ$U{!JFN2}Ao`b?AnjTh;n9Ot#(&@`@>JN4P?keh@b^4n!!yOJvA
zP8}nmLh42CU}C>)@(gy|2J;%HqM?FpTUn#JRxv!E_-r6C64lx!o}knbcZ@_Tx5Fn-
zY}>a`oBWptCj&jlFy0{>ji4g(N$S>@MKe$OaD?wuy^Zhc9F1(ZDz?^?h1^71slmgv
ztE}M7c%%~cHN68c>~ArXGjI{Q?N09<EBAfIFiB(@#Kb}V8$gQ8UtfFJG1nOgd1%c6
zUIC5~LtJ}GKaon2zPn3AC;hebVKcZ*3Z6$YEw~R-Gga7X-(Ju9P=aT#uV!}Od-)0$
zss3r>_&0U`@BR2cea@`^baiI^cUR{LwJp1%?>^_Fn)H_6Nr-4z(K1`j70Qw+jb0k7
zrRA^Nz*n@LgPQ<ZkDqU`FDk9^s*oP!)Ib3l8CO|x87tt|kf2)^8yqwpc9$UMRB?f8
zW1YhuAo+1&FeDJTQshl7ck8EzFF|5h(9=1yKwVPPk}wPr1S=j@CQv|rg!st<itc|M
zSHi?75@vtJue)Deb?E`aQ+!=d{+8^B)3v%Ffg?`|X8M6ZLT#NB-SS}R)V<nM(%2+(
zfzV8rbNHKE#l?2QeW!|Y4w!x`PA57oA3uADK^rVv7;smveyAR_Rr3pC?e4^Q>=lTz
z3QJz-o~|(LB~TchM~F`5S}TV&A%vJPT8_Fq8cnPtP8vS@-I#e9XC54u%Zq!J&#56y
zP%UNEYFbRkTuIIT?T$4-4%0CScPeA@y1?TAJS(dvDNOXr*`>Z@)_x816%}a|h>-9*
z@Z>x`xQWFjf}?elJGAys{r5D8?){_*1e}*Z9!M_Op8ErxZjTNM12U+U%pO(z9wmNB
zDqoDzk#k7!BSin2D?<4FOQAnTW?{`TV2~F9u@xqqZx~-^2>*z|z)%zpII#su2;OAh
z5h#QvI8X(4Obedm1s<i+*GCpa=#Sa_^a?=(p?cNY{MNooC;JsMezo2pLjsdA%|0cv
zET?1gBkQ9%_FJH|TW?%PbPzl$*c1k2>vv~ck#dP6jkS4<UGYlYScGYRh&(#$t2@j=
zyFFv)q<qoxtV<iV0KRw+X)dWCA~eD?K|(KjZ`CUm-K2;f-HvFMkB@q+5Iv$8k{^-`
z4Rvrp(EyqecDH%biX(cpeqk4O)t^m(@Bu6%KP2pn(nC{n?D<g4prF+P;hptuurB{X
z^me+$p6R<KaFb|W!&4a3ag-5Kh|LaU+5Th6v%8u{mU<u+OLjGNZ9X51$TOdMKodqa
zD@!glZ53NfZhnE)3^^NxY#F}Qk}9TKWAhUoUHx8{)N-cD&T`BSU7q%y%lm!}H6j0W
z@s2hs8-~gX8>co+H&@3bj;+@`aCgOrTHczTT;~<xU)tJF;5M39IDwPX!AM3{=RDOk
zZ4k7WR%$1`aDbeN?N~ZwnRT=DQ4X+`986!6YiDZ+z68;4rLr^TV(}z-S;@lfUj#-`
zBOB>~qJGMaXNUJ}I~8)|B|^PsRdQ*k>3o(QSMf(G0ZIHTRwZ)d4HKP?+=J^ATJ;`{
zs>4A%S<utzm}v(y%~cE<<>Qn~KC@HT&Tlq*f`!SSn{!_?Z&-T`8CL)Bg8R?)m4k)t
zKjS6ae~e!LvlV1x_*YxOiT^&}>}&#pnOy3MIz4Q|K+WmdW-wv;anU21TP2E!W*s_O
z9@4JlleI@(<C|zhUw}qYJ!rSwCdF<6NrU?ax_(>fdTnhC)Xw69zS*kkBFhkDZ?i!n
zg%>ghgnCI$#oFfaxi>ZeY>?FKguzr5#U~=y7avh8h2J272fu!YI$OCXee5VmCK?M8
zczs_aUL4>Q#0%MKI@~gzdYu-#1^|m8BfP_ZB|qmoF?vs!Mg3j@LXBahR6|*>_MlBA
zH2XGnVY^Rcc7XUXO4vlF8Auamme^wm8)NE!YRqW*rlmpIKKF-O0kbS+R<(jH+D~g^
zs^5v00!^qbz+JlaY}0D_$LmYNsj<NE3Io`5nS=&dZkrMbV41SNS8;?9km`Z8Ux^XJ
zAiVhxz&&f_wm`lS*8+NzEc$X1I50N8K}H7#Vr|X~-m*%i1!%6~(IoTATvU$vEW(Xy
zOU&UDxu@tjKdoDHxan)Gr&F)Ktz-ijyE6%YfyCqB;WruqLmtc6j7?UvIFK-Gi>U@6
zu-N(YRf+Vo2=w@jTXWuc1%>hI-A^-gn$50qLoiw)1qvE$h@12<OP^|P%S5Phflm$8
zE2|VY3sye{Tt_aUhlif6)P&=K#j9lnqJ3}T2VxCRD!u*AWdObR>wC)2xxi4Z)hJZ8
zdol(w$ezWLLy3z|O4)@NNd!DaeF~O^8AzBVy$D(xis&r>?c65^3vE<iV19uOA2%h2
zgjUg;@Ldb%Z#3>P<IO&#*e|Cm7!|-pr9Ybi#1j+Om9sR8KNcJq+Il4p*=`@?KJM0T
z4`Tq0eI;9J-SnMq7?}7B0mk4d&r0(eIZS`cPMZgs&)w@;HuwCLo5OTxB)FRFNQ}&~
zjuhL>Q%+K#ZQ)w@KHkUPT2ei2Yr*a*LfDn!f*{gXLHfSiR`EGXU(yH6=y6{eAjMMo
z2(Z=0QV;Mmcl(8QOiDRPNL}h7Yj-y0baTP2HJVP_OW9|Tb5IG3yy|dH&P2Xig|K<d
z71UQbL0QU;KwYFMOOv&m9(ryQH`JyqcB2MaU{3W;8)6Q-QI4zGzQmw#Kma2Op0lW&
z>3c8uG2>9$Mc#u2@#-USC_@k`5&bwYI2FS7K2>P`s9Q<Ztulvmeg5W9s{LRe5E&|t
z&kh<&E^@WwXbju1s!MkR{Oxnfl9b+6RoGlp_-*?s+8jm_<C>2dx<~l&84MfJ*(6qs
z;{_x^kXBx{GP5~u>C(a?lxAiqp#bDX4fz2UwKYvxzyW4#D<XzPd$$n<ZQ$mr{$vK;
z;UU~RTU+^@)QXlu&$TvGyxKe+w=E3H*(78WL46*1P(mMNJ&IdJ@1JP9*P&8t!i79;
zLvbx1n3_!+>3K0f;4!VUrR8uuMYTAUtx~)?0^I`|qhjog+s-nAZDk*o#L`;Se{<Fn
za=|S5vE`-9=l%sSUp^)L|I+IJ5cGfdQ~LkrNU$;f!@SAH_^;;89JOBCzeA>}4x4}T
z7ih|2uMIOF1A(@ivz`%t+sn|uJGoNCLyFE_y1VSeC7Mls4KB*+4`6m>c-)z?dlXA#
z&IE65nCX)7aZgxWBt}2mER9;binSoU)7qjj=h2`Un<$c6<K%XeYViNOB&s<XMv+f#
zlum1;ObXAQ!REWmV$PZ^m))ETThNn8Esh!_E?l4+eft#$&-{DB6mOG+uPSj$Lii0A
zT%%dsOeu5A<m8@}lf##1osV~mZ?=$SbHAj3E@oV%%yB1WW;ir2c!G^NM>-XI@8N<w
z$7GB|XKQ@+H`abPC6Ht4tR>Nj#{-0Dhx}>+YciHjxr-H1`7~$*cUp|wzJd3x^Em(g
zrh0=)2=%cEUhFzw(NAN~q{%DNxlLQo>x%(ZT>vsAMWV{m;<QB_e$eAKr*4GY;FJ+z
zJ+yjcn*$4~a#Y&n$56_oC`#^)OsH5&iKfb!4LyhIo^yY6q0`xAY~H9v%1$_6gc~kl
zBiC8QH2@_K63Pd+=(ZIIGP<HSrxiR>q*7*r3xy$qW~hW(8?}p)ibs#;N$9w3kuC*I
zM8`p~{hNHDl$pawS1eEgfVFdMf?u=~N>{g9T?n2uO2HL$d-ojdWzg3rI`H$FR84qj
z_Ec3O6N2q^rj07QAe^V<1>ONki!({yB2C<XcC#UN*1G|v|0J+iJA*TigiiGZJ0ZC!
z5das{C15defg-F*RSk|bK`|z(3JI4ima{=CFtP~vD+1P-VI*#MVaB?Ut)pOI;dY6S
zBCw|XNvU}Z8ctZofEI3s>w9+%Wl7$T>48VYMbQ(T(G~HyXA~>jJ`*`CNhNk&hb`f@
z^snAc3w9Rx>^{|o+ucbHvpw{e1IB4|TmVN@<XZa5659beP`6RXQMm22LRZg_YQjmf
zM|X|cVdQTpW_eh<vqBN7U|`wXH}1;fNg@V)(!AUuVdo(s!)~J9xQqUYNFxBnnT+oM
z?o|!`$yiC|96X($!JqS3z8*K^kfwBOm=;<_BnVL#OTB@<#DDSYZHwRysuQv6B+pGe
ztpJZ+DxVT9lyuEJW4JEVH~DwIC;hn>qbj##qm{lfLwS$EcHBL>0KCq%WA&deWdnI(
zoA|34@?iYz^5prK+%Tb7RekAknCX6w0-<Vqq}FM^BNimiMX*H<I2Q}S2G<Jp`{Bfn
ztJ$A97F5h`Qw`>wWe6_mpRFoTFl&LX=!8ce4+kRBDdh_EeyfW?{(T*7hqcl=E$w<p
zt-1-*lW@EUiCm;jL8qlWzf)d7b{#+H7iO=bKVI#8_%d6znY2&ekINPc&qBy{GwUWe
zHi&#R;&a0o$s&#g1wqXfCW-Wobk1LvR5dV6?*@mi*iC>e0iD;=Qn)8$bkapdofL|3
zB+X5p&kgz7=8s$Chj%!E1NXQb(NA(%V?AN@=69{^VNf0gc6jTmx*p5nvIc9le4lPP
zb2bgWvcd)(6HG0J-qyZ!RLGK?eFMW4vk$-O61V1|J;$#4F*$X12OfUL8>SZ;IlvSK
zdQifXk5BC^8WJoC8VR-5hJv98lxrD0t>f`4osoamFL+cEGFdZR7lmjlPa@rU1SJs1
z4yl$=TdI+#-Hkgs(CWurhmm7dShjM2sdlh0e#qz2%&q-c4k~3WSuoc*FIDlZUpIQ0
z38`)ER|`L(%IW@e7p{KB+c})l1<gzH0|?Ru=K2TP{!P%oY0Jp*Uo$To6YKx0SY~7T
zSFy8IYJdCc{z~ckEB+(WQ+<AhMN>aOX2)e7>^uHLNP$%=!kOH&<?{*WPa@Iar7h9|
zJVg9p#tSY}Q64@qvf$TcO#x)rmT|2OFx00_i$EqVKIF|9BA7-dQ!QgD(3kVmn-c$T
zh-p1xU_NAYlCbQ3dF5UT#t;}j4QX=_5v1=5w81>U;^4Y?!5aqmmKO_93&FXkEl@tx
z-e23u7c7wECd4uLTJne_zlisiEZcn5s|~(`YWn8wyVC?!B<+7i<MO!=S1k)5hql$+
zu#SpL-eKGBB~u#?=q2kIQ(0-3w`{|ZF9mX4lB7djrc!OU-?wbY1|DAO|Hh*n!&-TL
zi@PQ9j3)a+<*II}Ck6ne9iZ<!mb7v3SPStaU+j7EvU*f?AUoT;OX{$NWn3Dx!11e8
z`Q5M5r>@<>)_xyCc~P{`0p{H&Q5ucYm&kBdlj@SdfLI^vAW8^-5d+02n*PfZ`3FI@
zC#tOAhS5bBD(mfuzc^QjxvQot)*!J~@XXKnqeH7GzytFa)xhr}nAP4r1ovS^OXWYB
zKB<q9^19Xz{Dux8>A_bddez){M~1vz)!#FlO6f-7sq$|duROyMv=A67V;U^#5|L`w
z`b5`Kqx}?uReaB@6h&3ZifT;e(lrmlY#s=^6)JRGSH;4X&YenR#21T%+ONP<Fb!Z@
zZLf&k+NW`YwvpnyY}b?#CeAIX&WJU@jHTl!N3Lz2c)zmV8q2Bt!_tDrQh1VG8@MK=
zH_g7#v_IN?8mX{~k<^B*Q}xhfbjj_2g=DbqbG_$wa53W!FdBKF4RKr#6X>}%zN9l$
z<@Y2oY*4F(?zybR0)&kY{^TxeKO1vgx@4V9PFKBeaJ@&t);}Eew&lN#(BK_N%4saR
zVICx%fO-#8?7nvKfRJ{1uE~SJFR%;*)VwmKUKE_ONcH%m(K}&5%%;h~7+8<A)W4Zl
zROBAShhB8SN&cV_N0D+2%kR3ArZN*T;27PQ5J8Y=k}DHkc!MyMgp+2FLM%&zI7rVj
zV-Z~AG$h1<<$S@I@<xk@PFL(XBgvUC83c2T-ZDkoHSONE*tzW<<UWV0a>HIXsSHuN
zWv`|4L@1>G@C+Gn#tl>W&aJ`I%IA|o^#!<$aXE52_?k{5==H_^g-w*tWG0PFbB+Es
zyO5Iu>aD(4N#W39vlBFwQ+jfr3ri7;5kZzg29~$-O934rH3s2>(j~&{%)T#-g>Nx5
z?XI}j$%1#3Eraca8#~#sa8_v@rN-^he_V>2b;0;n46JFEq{SUm@F}8u`}W~&^@+K7
z6z?dK7xW82@T-XTA5ii)9{xrN{r^7PSQ!5SC4cAm{|ocOe+~uTb7m-$%hDz{9VifU
z>6tlnXg++j@XEUJ41ops%M(|TaahC#bM+yYajsL>6&IS~6FmVk=_7}?+SzuR2$&R(
ze63s)%=eMNJ@ATql0YgF8yP;cr`q*v3w++gf2TsT-;TtS;wL_6vdpwsN&F5~6a;L(
zHu(1z>P3#9V)PC&<ksoh_r?P3+n)=66*$KDjCsE~3CV9EoA{$XIg$P{=s9l1*_SJ)
zUt5BRYNc-?RILC3g-Ou$v(Kue93?nO!hiv{Cwq!jTKv?0pV;&8lv~$B)=?8VmoL!T
zcq#lq_2JkKhDi$+x|*$iZXN9RPYpX)1W{rsGIFmAWD2!+7b|tAs+Gi`>7O2E+m{IH
z;By$hi*$3LaBPy7!V@g?jg_jENS?4U%KG$(ni!Cd!zq0%t^3W{-E-<fPg>QmH4Gbz
zVh6y4?l%DKaSR_8BQZNrADumw?t_D}&QiknI8$)jn>Uc+c1v}J;<yiONIEeDbocTe
z!?lm79S2rL`3y7AoAxFwjh6MWk(~;G7+p`zYMwvp4`YslgNU#?Y(W_;wKA$WMRr{W
zfAdlV5!1%l6+9pW1FB;9NE<~#<LF9P)ScMNb4!)@P>$S|->`QuEa)uQzSV2hYKlMC
z?{q?1fr~9BcO#<!GX!z0SejWuFM2pZ93;Wd!&ZUIiSxU9PYJEKzZSmP6f;G-c+y1A
zRX;6-b*;Dg&l0iaJlrcho^HwVHg@Pfwt^kW`D6Plq#QN%Pe;SE?i6rMX53`o5;)`i
zVXP#HT##`3xtg|kwlOo(oC4o0s<+6Z{pFz4w?Po`p!;Rk7%Si#b`<e^OMfj@cL<eK
z%mMD_^u4JLYs7~fU?#zs*!a=4lQPFkN|A4L$YqP7fRIQy`jmwl_?4q}>aYi-O&LPd
zwT)E<Gv0<+kGuT-{)ilc6!_ML_k@w>O`O+=-+29^y+Gqu7O%yG=_5`QIE=^_8OIwf
zRuG5u9T(%d29&41wrMc+X?NU7&il%a9l={fJW<c{O6O`#(VAr1lt+K`bP%EQB?ElC
zloS(TbZprbwbL+d>aEAg(9iuH2*X7i;-DF7A>Kzu1HY_<_jW9KUHH5$2A4wLcSq0T
z@8?3;|8QS}H?_A%$!>+eMq3Y7AP8%qxdf%wuM$R<-ULnGj815by)()~`~u0bmmm~l
z%5H0ZiqfCgQBl|O=!Qsd7FT7w_sc2$z`Zx_sggP}f!m&H46K`Jv3egh<j6hMYP121
zR9Z!iNyUmBWs-;8_noJOMA+i?!vEOn8t)Wyc<Ubs@}G7Oj{kj&u>RBJ$NH}(zbf_r
zx&*8Of>9o-I!$DuK*ZUWZhj#5<041Iwn-ES%`)6Bf8Odu)=P2N*7?`rpx2H#P3`bJ
zC652?@!#BY+W^Hw<=`&$5A+xd!<S(a7ksBm1iEdc=C9XBN&h~MeS7>N=zSM(-oG!6
zh?0tZjwtHJP#nIu>C+IYI@fTUbYGC<Bq9jknaLnmsCZ`aq|82FQua+Syx^!8EP&)R
z;+O)t3Wy}E;cuBb<5#qY^l5@onvLJmH5R>__F3)w%O1Iu%B3G61{UnNBOSUn$%)q6
z3h~B351cw80#KT%aJT|21$sAORgLFg>&z*pwfb>dC5;g-vQAuQ+>zhPwARy!T714N
z2ppwyPkkuLQT{sJ{tu>OmY^sMb3iPL+}1vi;ZY%Nrc+yvu#L<X7<az++U3We%%c25
zV=QX^c~yonfM>$}YQUT&>-h6XriLysWfRtQ2Cn=Ih}mvG%p}&UG~gHLCF(P8$cPU7
zBzT3q2e=SPGFHR86l(W8Ka7Z(#Oto)_sqR(Z5~Q(Ni+K)^l8q<Pj9<0V3zq{3=ilH
z=zQvNi6R>-<;3+?sc*V$TVVgNLM-J#x^C!`J98${?fR)icPd|`Zl7s)w^(Wp5J!*o
zR<=~)s!|bPL^#HA{^TH8_SHVO8xp4?uyUn`{;X~C*wO5b9J4hWKVO|)6hp^sybE&G
z!c`j99FarQi+->&jaduV*@`U3P+}zp$-@@BS%|phe`1wpTDkF+o<vG2N#<YS4Tdn9
zc_+6j1clpFn1(jW7ci%Ly(60`P?Im26~u&5>Zm_e8GhKV`+gJ>&6*Tf2;rbpxf|!E
zQj8*r?<E&GXFey&3-bJbjJ;J*o!J^K8r<F8-5r8kaCdiicY;H37VZwg-95NlaEIXT
z4wt0Q+1<BJSMB|}9w;8>9RD}RH{=R`7m2D4ignLN=a8iCUfU`Dew2w{I4wUmZFtav
zPX%&w`iuk{WtCEicH|`CT#De;<ja+Lz-yGcLo>-{{0_RE_w#I4=scI@8TTw_7sn|I
zI3IoZ7e=e@j$V8E?PwUUJi*s#7DRJXe==s*=0tO?8kPy3kx*>Qv#e8=_Nu7lj-!GJ
zq|=3DQc%o>E;YP58Bh9_SZ)4n|LoU%S_(|EZx@gOI=h_jC1OvPq;Ww|RNIDMi)x6I
za7~U%S0YzC#*e=^44e7>+6e$KX2;rLkDbGcu6C<b?bdY#kdiB~L+w&uEV)Dmuu?F&
zphcQV!~>VC>%U3?Wb>MTS)2^>4V)CU^u7V+t~^*kn*qpHjy>!`mMJXdAp=^nxWS<3
z(6+1JvVJJZsRP<Gjw~Fke5|Cl*obM#r^%_kKYuO_3x}0ssti8{ceCC3NJ_R-nXye6
z_Wk8Vz;sdvIq69MjKic`FqXR=Mg1dcyEaBx?vBaT;;2?n84hDH`NDZ1kv)AFB~Ytw
z=TWMrtqI2|ufML9BrVqaW4X*8zS&UwI;<xc8AX*Ql16z^Zl<{{*gl2}w&#9XW4ZEN
z`gUJI-ShEh<%s3(nlHsJnY^63FHB`40I2bwP`0zopu@?Mlp?sxmKzrD%(_`OJ3O!K
zQ0kR7l#$Q7rM^A-C0BLr?fv><ad+=Oy}!wC9u-{qFYxyV)Ba+<{?Yr&@t<7Pe-iav
zzo)AIIzWBY(f?+?{?yUCe&F8+QQz4zfDTzL*b&_*sBq&?qtK|Csw_^m{`w40r4dKR
zZ80A)!tPBnnZcF8l`m!w1-8KRbZ>q9QXj5gfd{>pJ1>hlL1=%82Eim^fE>6jyOlC`
z_bwKy33{+mOZNgGmIQ{9Af(HHPZbK99HRIc=zRRAkQ%;_G+GDxP;7tgXaOt;2yR1<
zi$HNdem1v*>{B5V6mOVmg1aDwu{Yh`Xy_wyk|aBGJlg644^0HKkqlM8`xc(k5;)I-
z4D4V!Au*8*a`UAy^EJ~uYts<&CXvn$pTJL8tMmq0`{7n_O?k1FRt8mqPPR&Tj-Kh}
zodhTZ#0bJGk!K#Jhv3Fv0v<j+*chhH+AF*XQcCZ;j?UxSI?-dJhLlAtdHITX+u@pz
zZA8%T@JASaSaROFoZ_U|aA|3mnj~vqu2>o6nc+Dmew>%~Igw~P?L3mEwPaNwl@Gum
zM;alg*QN*iPfrDrsrM<O?zXDvO#4<k&D*Ox=t$+ZkO}46ZUCYEq*%L1cI!otSU?ph
z$?fT<eHI(i>Az;%FcihTrx7~i&~I76GutH4s!V@140z>be132>#V+Yiw(GXOuF2bi
zMv4ie%DTKNLABDp%PhcW*ZzdUsCQ$ooejZV;9=9pDJt2d0+Kq$gcOIfBRE!DJ(Fte
zoNf{(U#}AUxV7K9<q>1@srI98tZ;|#Vd9roIF(JE{v7nwfm4RF!pEkD*n<ei92Lb=
zYdaL~N2m8la5;4g%YLod4;n3P`};?}U<O=E<za7z{`$P4)u)#U2pyL+2KnoCu*%K_
zQ1gsf%z$n(LFXS}^cF5RwSE)gA`mQI3bb%;*ZjI@R?C%UrCUMP2Zc0A$;iHC9uR}n
z+z0fkHFb*oMSZ-5hW4r9zG2rPZ(m6aaL>CYf|d|cpgPav86!h-s||ohd+`yy-I>Xz
zaaNB}woc}2H0rUV%#G3KFWjzvitDRKx|CU#w7fkUn`oHvHhw&6Il3?hD=N}zIbGLE
zU^Y!2nmjF?g8^C*oO;>_HH_)DKceE#dC{w8sacU%WcU)z*E!LaD-#Pa1riUFX<lJT
z#43zBQ0{lZ2bP<e>(z~#2p*pJB;O)`js_LA89kXx{&Z2fdU1x~hskWRWH{B|tvY5(
zd@N_>gd8!<v4DqTLw=!Y%uF@VfUq8vLYRZ-n#pujYLS*T5CX>W?J142zI09F=%#kG
z*Nbr$olveMQgNRIo;{u{%$2aXSy*r8<9Y|C*7IZh7o_-e`+p+^7yI8EJx<1dA#FGr
z|0mMsBSYl>_Apko`Sl(>8`)LH<$+<Bb12}T_Tyv5H7<=52urd%uD<T#DFTf8Co1bc
zN_pbGf3z^J^UTC-#((mDKI<xLxWBdmm)Zf--|##nlYp*?`Rb7&oP^3{en!XBw!HTB
z2KXbRQLQ0FPg3O1W9uWM5uUJD4n2-A$nmrz@P4;T7crLS9)$A!VtwuHb08@^;GW-O
zq40kAcxoM)5YiD46k7-cwL?F&WyPMkA-B)CP^yqvx@Fr-Q-g?R69fo_vHM=BiumMf
z;M5+@0ss{SQd1C`fjnkN74Fn?fKvY991^LlZQTL{U5Az^1@8uD!>Mi8V!fHf-?++J
zy*D7=PJ!*+ZJl7eM+ODihBAJ{hWi}5<wZ!1RgTt6%vf&@%eXB6Yw}0RmnM~2Lqc^*
zxbg5_A1(+>0mlhWl22s1y}#^=zJdr-V?vZ*o1<FSFK>5&ATMYsICvQeAVpM$<yt~%
zTNP4V2*8>7InS5ou~{qAl@?1N7|%8krb&|E9`cf+58#YpN|80QM~WvsZ3%?QT;r<3
znT9VAWX1BP8|Nb)gSFH@$(8DiWAXWwn|CU-F6|?r-5Dof%@{4^H_wRflvjbN(f8HP
zWx5ABmzm{9urJNyx>S&KhH@3tYs}FJCwUbuxAq8F$1IRsrd3^DLY=4r&(TyPDzo!7
zYB_k<Ds^)n<AwKpKn7<-V`X*-yA6ATJ@BK?<*EZnMFB!XyuXft2Ky^$l!I4FR?Rn+
z5hr$ZJ3-N?AN83>;V6#Z(j4$KXl%+vwnlgtICxPObiR3+J^|ponKF8F?b^pv@(9T#
zK0<tA38^w1Rxd{sP~#IsN-}2%ZVJ8+iL(d1NoJIZ7=&|F-f5cgf4}t!%m9^p7$%ey
zJGY^E=30s2S6W2pcyOg(SgbG&ehAc*o6L_g_vxLYbDLmMO}a&_jOzA}bFEHn)Ud0s
zmUT9y4V{Wo38)ai7Y?*|D{}Q7oz~LUysKMxjygAlBj#bmnnp85qhzIibcTabS+F!C
z!G}89n`}eIw;ou%<QcmcG>eYlTq;GWLF=Y75$X~9H8kfZd&o#(pBmdsI|$<twvw|}
zq<h5KDKOaVG3YCOMM=P}sx?rDb6Y|H?rwDE`(?%+)i}Z1QR7MhACZ5B;{CGQMtR?H
z0{}w(Dh^lt<+LsSd8;1Rv&-wyS#NAXiVW$INJ1&>Bao@syrXZ0w!%PQhL(G(PfwfK
z*p*YeCxdS;yms_<tKJ9GPFc)NxsI56peQZ=Bmnt3<Ja8@MqU(#AVzZg%)vyBHoo9I
zuWMsR7tbOufznvbH7?A#_Hk+!+Uo`BZgdmnLr<(+cIkxtn-;ul)&6Yuu<PByTFjOL
z`^M_U$-wO^9zxTxy+FpaXQ3t+5KrDrTBNU{{xU#e95w;l3w*HZ>s}-9i^-Ko%9h;v
zd(ZLU&i{*6e?ib+bIm`9Ax@^>Pq^Pd|6{J<Wd3al|F3h+_(#Nay1+-|5zXGbh-4$}
z#?7AQVM!crI(um;K6~{dYxQxpRNl+;M8GNXjtJAYp8<5VUi;%?=}nVf5bU}7>0Z~;
zG{-wUL4~!HDQ&u%odkYnJKR^qkguEpX<98Ns!d%R8ug-n<0KWEP63omeWW3zO&{V>
zqE4Y?c?iJBXaCt>P5;OFJ@+~FYihu`!uw62OPsozYN)I9-^TCcg0C_Zb;rZ7rVT%t
z6Uk`jdFZZ)O<H5~x-I~7htRky(K1o{y5ip0gZ5`nr1mxMq*ih9XraH|(Ug72)Rm}O
zj+<mv%~SSVk3bx_&~ZsJ11v9}utADw$nEEZSjO+M1jZt~P`LLk>4LYlrsRgc?Eo07
zGf#z}E;1ve=iAuz2k@naYgyzogtPm127U!0`67utxJ&_>H!VhE#elaP6CyJZpa~&?
zx2?sDAlqe4V<jpD#NpD`9QC)6)RSuj(dBKZ80N8!`LYC<v*4BLtxz^%R%%I*JN*42
zd!rJb!ax%>994Uj!`s!_U5W>}x~!UKDu68(gEP-XF4X)P`p#H2D9uqV<v;914r|EY
z#t1eUPC?>w&!WXk#z<}LQ-H~5>D?A)LSG9!`&p}1VRU?gRpn@ywu%nIzmbc%d~^pn
zVNGf%VRsuG_9|vqTpFk(c-IMXd<Zf8n2~V=1*=??nD5@Iw+*d6h4GN)NV%Ac{gnP*
z%7`Mon3aa`)43fZl{}=sopbT4zG#*i3Pa@jS_BVvZ0r{;j#hTz<#0s0eSEQQ-TYgY
z1gl~#7kyzoiruX@96K#rk#8Maa30<eD@P=JR$7_Y(Ki*vA2%s+%v!zD!^dym)-+^9
z4GvC+>NuoG23GbkHljOiu6#R1p@XN<OO^OZ!L-KWRv<!b32b?kvdJCoJ$VCtc%FUP
z(G{PC)^gGr9tX^n(OJf1V8a^TRU8-s7X!hE6}L6;o!!m;yO<FFNw&%t>=XI2_w?Qw
zM)HKtcZ--AOuWY4%vwh>90%}+`w7XbU&hg)TyZs@m12L=b_8$TI+-4PY1eBDuPo;m
z9e3;cm)rQ~hW);FoJ@Z&d^lPDg{9^E)B65jFJqy~@7V#h{aCGC%MB<r&RB~e6kpK}
z1k_x?j#wW-6ro;Z*qTg%sDzX6?Cr|uC6@LaopPoD1rw1V^m=bxei9J?DRh0?WrDHF
zS2XpV5coP#rh1LM8tRgN#W>dX8kQ91s9SmEcAu~oa`Wp5ye}2vpPkQ7f8l7t{w`;k
zJj`%<cZl<du0Tp+jgM}$7xZ?o_KhA_l;6I>7fnzCkkGpihae@%3g!$c@#O$s?aRs8
zUG~{s^#{$OSbxD<4OnO|NQ>~*c;HUlMcQT@gBwg8TWO1GBCX-6^k1J>`FJNrmFi7F
zc0=6#kP4CZTCR@1#eTy~sn4WznjfFHUGA1?C$~V(+e=K$=X3-MPi))|pKCX>RQxiA
z$Z5#7$-rL^Ye`gd#mEkKo<7%PBs>;!L=xW&DY@fY=ux6N1>FQ>t|vHd;+6*x<X|BW
zf$g=x2^-xZgBh#>UJum0Vi(B&5!{P~fw_7r029;KOa#*VJ-VrPv9TEo=U_Fqp}C^)
z;G{^d-xq8#&3KYT2|HVXm(HDb7+#1oPihWSavmn?#vF!%XVO-yQC_aT8Y8AKMJa%q
z%@vZ7AXEjC&n+sps2tU2JYAtSoEGHL6oEYD8|io^jKmEH-xxDM)WbJ8Y-Uw1zQcVQ
zn^98d@hhf$B7mSA_rwq&nep`T|ASLWs^&sla-Dyz$#J{btn2v27MNHMp^!w<>QQgY
zX2$0%j?E`8^O`Y*6k}wUIhG+R^AUQAYNO@gC~YQ9$3qG~>kh_xzBnSB8I8MRbfi_v
zMr^+Uel`Q(fa7Zwa>9uv7xmCBvVK@cRT?oL&}A}!F5xu?8EO+0mzj163$HZBFl&jz
zHv#M!>Um%Npb?A3cOSi7GWC%~-L$Oo@cCjmRxl#0Gj55+5W~6uVXdT05|YGij=S?B
z)C<&N0y@PC#<;fM6Xv5C*nHpD&+G%;(AQ#x>+CLf%5DeAPZ8NdC@`#>kjT&x)I#DW
zs*tmrmoSC4HSKN1q&0pPlHS5aF+1?W@f9bRNvr|$DqQn}?|BZ^+&cNLz!4aXR;N!n
z#{q;D`b819u`Z=UK6x+u^=-3C^XpH`thkyef^;SX8?yX4tmvD5t|7gAYlnret`7(k
zqPS~sEbYEE3prwG8Rv@qHjmzd8>eG)P0_-r1C2HLrwWm;&?#Km+8wLejKFA#Vano~
zZy+0A-&S#MDB<7JB5#-;pxZ`cQ2qr5{@m?9PY9O3T^*dP{{{np`rZF444i%xB+fGa
zl~iS|h_hWUf!!A?sZmIzzlLss5C*~Epe1bR)>wyth_J%2|5;)X`nXXRTW*!rQCW{5
z+sS(47piwmz<Fikxa8FpV@N6y>T01GDJ;psvpd2QNLa7&r?ih~&?T35s$4eUdKuLp
zE2s*{;_aX_R2H#ReGd^{_;7@D!|2w<dQgSy`kPAP{IM0imykdB;F|Pe*Aj4J!ENH9
zDDm74J~@bV<ZMVga)0R^zO)BMsVE;&1`>nG`c^WOf+o2x`!eLr9@>46GFY<`(-BJ!
z<?NM<aV!5d?cLuyLsq{IGaA=<>Uw(!!SWFy%DpNmNZ41?!Du>fWn%4@b2g?O;)NhR
z9Z;S8jD7Pm%~E8q?nI#|N=pb{bF;44$?dHBnp7FlMYKj^{jRNIrc1&6Ko+VhW5ni>
zHhTE3>_S~@d!ET5BcDoeaNG#j5oc*_Bu-sP+B_1MN~<;d6Z{L~Huw2hYU;bT${p^g
z^M=se`{~bd{<Y8Pn4L+Bv+lfC)fGYeh9<fA$0uiR4_!4h4!f3YNf4EAi(GD`Ex{xa
zgRf8Y5kLcmsuu9mWvyc|!Ss`<Z#p>oee%RMgN?&XwDq4+xH!5=FJM&Zq2bl}C-;H%
z=xhxkLd2?l(Hks^JP0md?2KgTkK4C~3?QupsF!$^z_QHy*i<b*54t5x1e;~GC`=OP
zDbbwC3S;Y%40%)cOK}YiT|-{DITC&XLui6!-zg0xBkSxtQ)LXlfS3Ggp-Jc`^F`q#
zaL5^*8#n#s!JUeND*EA&NJgUBD+S<n1C?K>jtvCIa?Q5*E7zT@;K4k2Y`5nDz1F_S
za}suaGIMyX_?I*O=ivT6<Lv*)4CZA0x4Dz;f0{cp69nykG9m__zoDIfp=ltWuw{n=
zE-=YeL=s<NS40R4lxW8hMz*slUcnz_Fw2lB0~RfGK^9do?ew@Np8zAKM+`P<Pp0$o
zNHaW55#T&YBO8XD4Xd<HBa*p-RjomTneKgtAqNK@&|2Eo5lq14np7xXjHZp9NtJC5
zQ>eE_c<y&22c4`H&w1#(lZ`<aFCt$0+QWx>5_D=VM@1+y5RZ8%ec|3p<M{Q1NxObT
zma=N6k_oJfqP~?(p0S!;LwKRJ(IAP=<1y#SDB?l#i0+m6VTN+l_5F=78$*i6W*h?u
zPtN^w#CGoMATuBK+Lp4;&4@?sL8p@&Q|P3&9n{13Bn7{flnJU;+$P5gd+m~m_-`ZI
zaFxDqQj5p?hff3=96jF1x#fXXD)QfXCfaYPhdc-m#jCu^Vmq<-TnlX45^rACt=k5M
zpkX9l`;E>pGYpKz3o8=>PjV`a+bmGWpdI}lG(D{obg)(wK~+g^?D(I?mq#QGw5)(*
z^8@!f17X6s<bN*bvdsx}?XDIM7cpsZSi+PDy96Gow%@^fVvbh|S(x+bRJFN4;-vd2
z-6<xA$K)7-+PKW-u;AC;7Zv&_D0WyapZCmU3BX+nK2egxcKm2M7VP(SV9aY=UNG*q
zh2Gf@SLG4|2yrcM^5BfA4;8WdxP5|7fP1$QVePC0G&)k2(|+Y)yki)h$`9MAYI=`A
zxr1TMq@nniQ~2j-{XT_k{|IH^WcxR=hV6eMYyL0NPJU!xeIV^oqXqH@(l$vZVjj2V
z@Dk#;_gTPw%Un9+6X1!|n{WZxo_>MJWbXsvhyr}(7~IeBGTFz~r1wwaJ+jK+W}x7c
zZV>Lqw>)y!MQEkt3AFvxi2<II691XK&D-}Z78&SBDx-G=Qb7oE4KeR$Ni5XE!!<X(
zg>V8lcQuZWE2KkUjwqq${)u!5$VF@4iq96V$V81&t_=$ik^gZ+&pA@lS_QdAwBT3o
zWrALH2@<2!9*G{qtg94k`hLf4B9%+n<qB1EF7~$0<2c43(?KUMyq^SQ_px&MOx75$
z{=v3x+Fc8l$yeuQum$3e&Xv@z1mQv0;3%$qX3O2<l*LNm`9V;D$SDE5%}@RlbU2<c
zx2=!g1)5zz7h-3FQPX<h*2h@_HK2qIDXuw9HLD8mIbFy1a6sGXhCv``Lhnj)({-%M
z^BdT|1mM_$osUYzNu;Tp$dQ=&2$v5n9bDf9SYE`57mkzx&U!e;yJ`m_kCyILeB?G{
z(nnRIPZN{77PnSB-e@~IzAg9K+mxdo$z}3#V!v_RAq}igk?sdr8723?B<bu7s6UM&
zw{yqO(1OpGHp3`Sj-4;u?^llD#eJ=y6>i&Lgw#!JJB=-S0hG3}VS=MBxmrdX{X&E$
zV{re$Do->H>tn3O%D@cH4EBO>2uz`|sXf8Tx3`@ul+K?DGX;+Eb>R$zv+owTR)JjI
zkyR;@e8DfmjBCJ#$;!0#>7W~(tBs!E4uTWQK3`CLx;++)9R+#n3$-^)@i$9l4gKi2
zi#N*B8e1*~8Vyh3B}K~=BeF|A({@HxjtWcdKw3@u!P@04sl+iW!^Y!|snaBISabGx
zr|C~8@M$eH4O~phq{?L2#G*S4UFPR8MiDa0nQ{@6ZASYPQ(IP7|8^~YpY=cB%=M1}
zg#BN7r#RXFryS&d)eXDtFNnVPdQ5g5@%jiTkPkmq^R)BVOH^8dj{Y>p1>9Sn1J+z1
zV-EFvS&sGmh*XGGbOH!XUr#wU#=LjDFsl*4Z%X-gc--B%{iEQ7a*~%ocP`l?!5^}s
zix{!Qlo*NCA?jD&eF=i_fl6aIL$i~@kOljQ)hh#$xq_hHWGdA;gG}(-{hLOs1Tkw5
zoe_UrEo_dTj^hsG+rQkkZSI>~a8XX{ItpOQF1bU-AIHLp?GlAr@o9Od(&-!2&(=(A
z+R_-dBr&-umi0z;IiM6X;=&SdFA~Tsaz+v#=tV8vq78IO%f@!mVqDa+rK8+jgv(Sy
z2ot<9sZ`86Dy0CH308u*ftt2E5$Ahm2Q%zIy`_U3hx9NXfbic1m*D5Db2`tvEQz#}
z*T6Jg%M#Hpf;Pg(wkkyk3pGqZ<?b$Ez6#WeJQ5EsD4g7X<r%$d={Mif$*hp$87>6O
zE7&6tuNWnIwTK36sA{%7{phD$4i<vEKYx6(12{(yJ;JV`Inb8B63jRXtB`)E#kBT6
zvgrpe-w`~Ena5F5oQ%0YI|pEBjZ=m%IwO1FgsBe+SvD_VkLq`mi-p0C074K}FF((&
z(}f_}o^os@tJX;Or@qGKKRGLCQqrQQ&B`apG*puH@Hx4&jP%LE&F*YhutBRqiJKA4
zKPJ%}O_5)Yql?^7RNUdavJbM9NurJ@%4&~fzRP%a(h$voOXr4t+dPO!VB$%%Yx-gr
zCDK@)em>fxDJR4;K&6IbNW3Z=MlMMpDp8@8^j%Id84`lbwL+FmYgN81xH5y7_C9Ah
z!5!34gtodjF4Qx`6rr%MqCn5kfI?^aq{_auEgH?#q|&NGl-%*ebL5+&Hg#ljP60yG
z504^xN=8RKi;->dAQW&L$pk1x_!_|~8p2jpkDsZLh!vm^S&5wmjKhOZ8lUyau>D6-
zj?4SBU1oE4ni<7Gq(ER?;B1Qx2Ji1)m)`CVzh8D*mRKk5XT84!skMU9sAQmht4`F_
zNk4Kw{&vH=ScqJvTH3(gVgre|M*iV-Bf_;H!oS?=PQ=!~RBEeA_d<yZLX`!D-Ppuh
z>g<=WSjIC3Cc-{|FcA0A)8sTu7%$O@8L0+4`k7xPD8zTr9<kNLnFv3KbYaO}ysAqa
zu_WM17d=z@p2Lz6jkT;aV6z;kvei#a)qeTYG1fTTyVs4Ze`Q-e)$Y}~f7qDDgBJoC
z8ss}v29<$!SD8Ai!sfIIMGu{!dT78+>5EN6gQKW)%`HM^rIsL*n3y$V93me$Cj-6R
zoVhhb)GTzOygkIQ=bcAI<q)}lv4oX_tWTf{dRM&0JelUgR4&ULLK*5thFJ-H_4);t
zpV^5y@CFyFrtQ>9Qpn&}H!;?i7DDnZ`x`ahP=1JwPd?D<LH~kAe<0>J8Zj}l|6LNz
z$?-dk^7qgG<S04*r`>CX+TXiZH~*lyIl$ANsg}OK?S~GQ{v&DPL%nvQSRg#jboHTL
zqfauSusK?m08Rgun#vN&5-)Zk@u}12ezNwmQ?Iz%qT|zvmR&okhQP^=9r}lU!~;Cd
zqruFr?N*Gz9&(C*1l*VQ|BxcOp|}F!{1zesh~WcXze$k}LPCu_2>F-o4y|`@2nk%$
z^R8=O>h?+9&^vSx!Pq#`AZMgl#<NIiJ-5-h<Xvc0O)M2^pnGoBtF+{w_GHC4{0cg@
zL^rRiPwqIyq)=D5w)sJ{#F1U!!G9tAlvl4C<h6psZC(mkVt!bhf_tk-VGWyPmDg~A
z0pQ5O1tJ^~2ItLX1j08M*jOQ@=))P-gKnw?7mp?7CDO&im+!T5$&dRr$=|w{1JlQK
z;}2OooC;*yt@<<cLvz%k7cdLle__M)kO+1kh-`%IDuerM)dcS@MhQx-Qin3e=v;iT
z1+NV$?<itF;SiWDIgmY-U;=>=%?Y9*9NC~6#nRF)yc%<RK!uhzeT3Cmza#4gvD8-_
z=TA|jl`d=>wes-mG#(i<Q-2D(aC(Xh3?+><(I(KAAl?nI*rS&ICDN(bc+PdHNGz6{
z%&K$gSXQR%lsbLCVP&lr$?zv+<w<al5?X867?w-Wk+%9BXgO`e45Bsy34s2^K6WI{
z=6fZmP++M+89YTxZ(q}pcyaR)_^fhm)}e%Nxuz+!cd&ml8Q<)Q3;`VAsheH9@hpL)
zbzqIVLh|^o_gcJj%Q5gwyLw$14t<qwvljI^yx}@weAQmjWk!^rEZ|n%>xI&^X~^F?
zt`5S~PW`;pbPjAUVj(yH-DX7Fz2hhWzxn)Z2yERfck@Homgmdl!_X{GL-ex;nS%lA
z!r~DEocY3d^at$w>Kko1!Guj|O&EGoR_2T;Z7~NXbD+hgua+C6Q+5GXUqnif!d~e;
zFU^`s_;3JdO-15+4U_)<H>2!63wCEPwnUGQ8kP5`&SxMEV+!`7&d>-N9|Uw#xT4PY
z3FF`=%+HwR2X!4+3lIR)hyI`ItkINR^wE?E5?PTB+7+AEdmgG)Cpzgm{iCf}81-el
zxP_$9M3NT{{v(VXfDuY!34rV_Pc~g8hA?ifvz&Bh(3FgrAoj9O6G<T_?k*@rH4QMV
zcR3j1BbUVW1Y>GLVP(Z<2%%LM%Qr>;tXl(3-^3$A^#-nUBH<OTWVNqPLTtJtYU6Nl
zKy2lqZ29(|k8m7rljyBmx}R%Sjx#Os8iPNB8}A%GX9R9wapSl1t=zDzIa6;5*Wua`
zrft>Mg4DHXgoWkP-8tU%&2{z@P4z#-z_q7KWqsd#FKy@)*nMBt3PsvD>&!PSySoBE
z5uqI#?n1l=HxtNc(Omg7T4n$C<YW>BYH+n6&&}tx@d?zk^<SLboPUt!FI3|AJ2#i}
zKQZI~L?zDu$-3F`|6lY<Cfv@YAKOfSYWt|#!bbhg)ec&k%n+4ewl&=)yNOFg+i=;S
zxL6HV6G!8Ro{#g)ApEuJ?To0nzm);LUxw-Koa?|4Ws>%JDVRkCP)Z3p*qtt!bG&VW
z!2`8c8NzJrg#iS=Fb^&0M&Jqre3cLfhJKv)0<pW^XeT7JID&}nx?f-Q<_|T;7P0HP
z>KyHe(T%tRKm`zzAqA7dLuNL{<96-U^{-h2!H`AK8pDm^F_gNfFe*tn;6C`57=rw~
zXG!0gV<l3EHL*wgLJIHj>Twu*4Hw!_Zq-uN$7|g(f06}K^_T<$LSUQBRnDoL_dOku
z><$E;-Mqg1-EFMe2^jGz<Tw*G?cRKY5Q~*m;$)Ujr1g6dJ7Y3gw%;CZG?iB>`A<1<
zX(HK6-xEr$s~?w4WK2*b={q!Y0xdh7<n<Wa1P5uaFTsmX-y#%C1DC7yvn_{5rpL&r
z*29FeMHJYL>2ZcL2;xac-}uk;yS9L-1e@n5?jNjuQzy~yG|LN@Tj#OHf3cFXhEPI@
z+xttVMdvgBc!SIS-rjGLABfiOS+C9P&^H^KD48%pxGY|opd1flt=V~Y6|5xWke@QO
zGV&=fb2}!{`sR=n0dAov+Xz^Z$OAp30(0K7Y`s-+g;xnzvIV12zh|hIN0pdc!bGEX
zxWNbywlV-`Dg;YbmjOnRLk0z)(JOq!EF^XiTSVG`?-?onB+V_9u>>xG<L*M)PEp7E
z%@-gpoZpgPtnVINt`&Zv*RQ6CZRjvL;(o`Yx&cgiZ_NiP$~RfB){gugq^xWbQlE7Q
zPpy*4-hbh^GWqH3r&xuD&bIb}MEk;fd(AuMlDeSy$sS%#GU#D-4FD-%23GJ8>Mk2a
z+joP>HCOJ|k{wn|GngvsBwh^yTgyM0|Hb|JEi<t;%J-M#iu5jay*ADQw9HD|WXb39
zI1*lNtc-CNaE}j0MQYiMX*RdLu&)r(VsmQFG_X2T+1Na;iW@z{^#@@@*V@)ZnMFNO
z=s^mq5PvT(<)hs(xK3~p(`B#m&vkaj=;VuAQ8`f7D~C3$TJ}2;0gK4uNf0Zy#%L`i
zOAeNDMc1V{Z7u4ix<u@|#HE|K_dRX<dXS?c$_si;BMVVPiuvM-`%6!m&kV;IljP=j
zn$;@f6=WwWCab{>l0^M;`Q=FX5Djr7g%N?;2VZWVHTLmyu&0-cEiuA&?W;r9={=vh
zc)@PD@HBt5PvD9*&QH;=Zu_0ON}eePs}Dk)jmq-+tIXcIn#oO~<j`KD^c{XxQ{US!
zUmpUGQKTd&8y-GSDir*YDs<}DAHHGm@ML1(1ZDnWrPo2w(e-IJv~}QLMxZ|c@)y{!
z{2fEa$@MStTTZV3O@8}#6R^$4W+>5k6cAn627`J4ye?uckIHLLwrnUB2QSe-zP_xt
zPDDoLXiOnf>xv9g!%1Mb?v;T9DFK@6b)Rj5@?xL*V*(VZxoI6tqBcl0tZRulkad`4
zigpqF%;No32J!JDraJ-dMO{Au*AXCG1J^o)RPYc#A%QA94f-MCzcfP>B^~_%8Lk&_
zpPW4(OPlwrw{6o1$s4NGoIwIn6idQTJQ?X5h7RD;s$*HZioJSzq*M{AdASZ?=OIC-
z=J>K{RyvCPu^Q5e!iY#9Rmke?=OG&9y3<qUV@@tKr=fQf$SrF9EI*Ej(|ZEj4AyIG
za#1FAPjK&6RbVj1Xmk+mucB{thY1SXrrGPi(#pLA4P&Lki)$3XCao#0`#8e%oa8ud
z`Q=l1TFZ_iQ3!p4yyGD2Nki){8jCuhb9Xlur!oQ#EB|%dfqphJC{^q;h10?)4MnmE
zsS{!hup#&0(4&Tk#r>uz55*yKWT-~-#N;QL(XN8ekgBJMK-`{ZMJ5CAF-RD1eCGV$
zoQPTikwY(TZM%^U=80$05+gTU6E4h<*2Q)*fBD>Vo_^DnCFS`kO$^f-tqC=t_}uMp
zu`X%wtf*0)COJzeXcJ|SO>a~dBoDDLN%DsE(EbG1S*r_L-pa7+ZW_-#v9H8P{sN0*
zdg19hU?7>qM4AH1c8ulHFIja1rUCG{0&gU~#_*7>WhIaXw|Yn0t-R?d=?+<k5-sbD
zaj3;$4*(3sT;biub=AZ;OH8qc@>SxMe0L_FQAp*2V6oBIUTm!3B!N74Tg_l(A;rz}
zzo}+xKv>-s(g&t**;T%<6DKiFSY|oxz|?5JVrv%eNQ@fcq8Rx`A|!mySnA^IHh|LA
zMn<1UCXwHRg0azqGKhqP6}mB~Wd`06&vP6Rk77h%1qTmd6Z|xY2<B!(l%!Rder8yI
z)Th1Hu4;9q9k5Q??zZLJ;z)wLZ3`}Wf6cgNvqwK+o23rI9Gk|iF|R2xhpo@o47eu&
zehAVu`Z{aM5bIMPvkUD&b?J&hiG2QTRb7|Zrn+oi^lPmyceSxGz#6xx7^;zvt$KFb
z1K5Wfvd2aDQR}N^${<oS*VloDdt0bDam$9=xwoJq8!YW5+njinZGSM{&$HCk=g}xW
z&zV^rM+%yQd5+LLNpp;r+(T{lYH}r-3S6Gev8{E!<(Nn>Ey%FY>x^@n4-jzm2p66v
z@P^^>h`cPB59TlEg<mX0?CEd^-`v1ej#mZ;l*^Eym1t~`+;)Z#zOZo;oUGEp{UoH$
zjP9KZ_N<A_UV@jUd~nx$AUGDxik-6Sa`%-Ht<dBGVKt;4nof&ijYq5O1&5Am!;seN
zveTYZ$arIdy^*>gsN{E6{ul8111Nui58L0aZ?1o92;lnP8UiXlw68cEh&~%188+m8
z<0r2(9CHqSz-*;M>ENPM5SGa_H5zfu5)#uJX3b3}lF>S9Nwknxj`U{k6JtDnAGIl`
zZO`=V6K$fvG^g(R8<x8w3b45m*{sq;-)d1&ou~)1Y_s?|b$5ObIUrrT2V{Yf#<6O$
z$4h~r?*Kn{zF#=|aP8yoE<7;>CC7qqq1UFDTi|(95$kW;t9uh-#kY5WPg%);p-|Gh
zFoH(GfvWVSmuqWyr$0l^y_V`lIL1$VssV`e@6_{~ZMLRP?eHkb9va{af+E|WF857#
zxb#>aGA6fNCxiUKycU^k^n2@zXu#dF&zvX=7!zP(1N_Uob42f7P<fw>*j92V;Mf*I
z6040Hc(nbM1t6-{ux>=)?BU4Dn!D=~d4m({e4RsK;I+3rDtf97>5S>r!~zZq4Cj4^
z!WBfkkaL{oOdL6$aq56R{Qhd&b|S`Ez;aWo2;#_Xz6i3w?PkHBZPN`msDq&x7FDU8
zz|xp7H=ah#cPXgeNTQ8qkdL#_WFlkx`lPHg-zhR<s~isE8HYUSH4xiuY^ZuSKa{0G
z8XDAns|J{Zo>Y+8#+Rh)n4#x-VIYY}6#V^2U7w>B+M%L1nLnDx0An~i)wtSI0I6mU
zN@E-MOK8gKz~)2JWlT{_y)fd-FpSJxeJQH(;~(OX)b_Zxz&k<?B8!-T)<V=L_(R{p
z15lIqf5&oAIFK7VGK>*uDf1xR>q#dpCO`Fja`G%Eqtg>aYZQ&ziE;ovO}ShHMbJU;
zK?#-qk_SUrL?v;$3SAdjkckN;-P*V=nVYWRd`fnDC;=QJ-7;^Sf>HlK{VUgWH{3!S
z7J8tmh`=RqiKO@J@f(vDHElGX4FPS8U!b)sNIkQ31Jp^2`qq$$m9r=ET~~COnS9I-
ztsKnvYSX;zh=@$im~sWw$d?OkN!k>F9vso&b$jmF>C;&%mD+*K?rm-z$Sj=ceW=WU
zr`ze=*LqTV++{(;SV~FVf-oshyQ;A6ad7}y2l2X+Fj3QjJkxC?W?H%(3tcKbs@^u+
zvSjl7x5JEX)!~3d?u?S^S=VH%u&Xfm)<WkMx<Wj`q6zlqPKBP^fvZXfGt$kM0k4BQ
zR(gA&)%pn9H6`6ylc;4@5QwQ9GHTsb_yyk5TzTcHQ&)}JU0av41Bwz>ZNX#HujMgG
z&L`>PcEKKa^X;aAWxB9<_mhve{#Df?cgu+HSw?~tX-gcfOY`HF%a&~#t}103Yi~#P
znRT8+2`i%5y?J9=1!zSfDQ~D?I3vu5x~H;hRh?F})6M1Tf(bmxUneb$_zlK$ifA_Z
zNh_We_35t&C#11OQf4VwPt*5RHWZY1YJN5kq`TCuieW+FWN_5$j^e?qoBC-^MCx*S
zi%Os^8{}-$WOQ|o+3Z}r++^!^5oDf+LskR+Ux4}xbp8S;&cA#6xc(El{g0;@*PpD4
z|GF^W{ot$98GrND4t7?BK?cac(#HjnWXlCEQd$Lk(q7fwpzPI3JN0WuSIOtFxl%La
znzb$r+{pf4FV@z~HbU*X8z~p}G}m?j?d>=Enn=)lib~t9AO|ZC_s@Lpwwr<5q-3V9
zyuQNbQJ=~_;@UoTIKYtQpYjq|hfsN5Ja{8MBPRX=mCd&cQXIXvfu0s~bmW5XIaRv9
z0mBmg6~Jm9%9-=?Bd)t0s3F65$9V0>)-O*^|8D@zfm**Zte9)onAC|v^=$VE<qUtL
z75{HFEBCa?;6Tn^m23wFZwiVeT}Ekw1u5SZD>ngZEL7C%K;+0%SP;GhX42AJeToO#
zV;*2m-jqi@$L6&%pM)#}Rrgwf8^QFNBz09_fjoMo=vjf8;9A6`;ln0CBSivUuqac1
za58Yxe#st`g5l20+J&<&cDWs8MCBX{*&30sT2Wrruf;}BU)yKivIoyKR8j4!5lNr}
z#`ap{9l0ZGF>28Fm%A1cUIcYxi!mbgFf$$mn?LR3qHLr%EYmW3{`SnVg(tS=M0=!U
zinX$w4N+$uzV}Z2D7fkx%QI2z)UObzHy2QYWjn;E{KVOHM+VJ8W_MkHMCCg<f+dL}
ziP{)qkZ)9~5nF1}fc;1*xAw$Jt%12Vi?{#)<gIFaI^V_X+AR(I5k~1T*LqxTfSn^^
z$SPzxv`9B7;9IWm7$>R1P5?%iyG`sd<=pQOx!{vB3~fF*vbOtK7)wvDD^YphaM_zM
z0brTU`rg9)u4CXEg8bHD)5T=9u)bkNBFsk1C-G3-(oT2a*dn{?;K5F23tiGBR)KG6
zXhy^pw!I@btdnRo6fQj>3egO%s*Yo>hTTN2)QpGp(N`DL#em{uoFjYDz^kDXn|(xM
z$nY=M;6E`e>>U5N1uXwkaK^>*KM@iYsxtB0AMKUTYBzLkD&<Bv)eg2n#!gEmhFBCz
zT3TF?QUj9K-{OAd4pqsG5=1hYT2i8?0D~Xi9xqgBd4f;g_S8+@@zP~xb0D46?*#gk
zX0l|5GG1TUF=+{~#$bFbGPzt`UZ3lB79giO3&~#62qj@_aD)L|aJ2|Xop~k45U~jp
z5DzIYI}e?0>h64`dKn1mlQb!lFOP%S85=13WwSYJ$ldoCXFPtCH*5Oypojdbqqnn;
za8_hd(k4JLUP)Jx#eMcvPcQ^wl1`9342`&Q#<r8}DQyPhB(A~>{2*;iER#<8_*pO)
zI830(qCpcW0dQWGDeUZh#e@S5*#RXu!T6RkR#<?HC_8_Eg^Vj~bBH7h^cP?gu&+I2
z2{vVG)v}NSqU0(|2T4>K0fINh#y0oMF{6nQDm+XNSA5{uip2V(0xSl84kC)xyp3Um
zXom1%^$rTr#TnmBcPs`$n-9%Cs#3@)z`vW+nm}sos7sP@fU8AQumTZNl4qf#i58ir
zNW<I^QgKs_K&ukxL*Y6`hs;E6EU)>%A;r<auF2cw%J(&i^!7a+YSwD!h@&oGE=`V}
z5to#RPaCg|4*!x=ZF^zPeA0qp7B?%X|C*yEl3yljiDR?Dra278@c7kcJ3u3@ur{HA
zOi9f^UOn8ipomjQ0(77#9x0rcY>K0ORmvocvG}J+16|5QA*=QYBO-H2#f4?bGU^wH
zJ4fA^&+!0UEy{XQ52AL$Fo@g9%ws+yY;AMc^jau$jmBWg`zTemj59$C60|^Nq|9uw
zgxESmyV(k6E!zGBa9N~4Gcl2gG5_xq*jOdd`5X0OYW0nUt@r|?@>42lP2%SV#?E=M
zE(~Xd^Q)GA=Jv5Ff^;{-)&-QmfFLC`C41AhYI<!n$Ywr&!tim2ajb|6(QqD9QdU|f
zRyNg3RRc6+r}?QLqZ{i{8IRqB85~<oJM>h9`S}`|8{N#TgfEvk9;)@<=t7rrOQPTV
zp;&{C)Bh|cnnrhMIRYQL!a;R(V<Oh{yb)_SX`2Y#^0P?ztbW;ynLUsWJ;?Z!rK9A-
znO}A9BKB)*a<ETzJ=RK)#iGKj%{%siA(`~o#X&s@j#o0%!3K{l_er3}2{_~J#jmLR
zryyVBsC~1$UkK-%PnY;ev_cE%U)G}bguc*@kAK$1KXQYy=z7H@3T)Yz9Sq9YpfW~m
z-71U4X(S2X#>y2mou9u=@Vd_7a;xfy*M|0>9#mmFrr)SN`z+Wtym-86rGm@Qr^ks~
z!_|gES3X=58?>$yW$yoek-vERdXa}c`_O6mz}F}h(MBvvPs0RcdV%XOd3GA(-mXZS
z(3n^7{$qFNc{%)8uA@sXvh(vh$VF0x+`mB19~}AX%gg$=VwLMZsp<dx^0NL`Rs7d4
zZ=tGAO#VlC*uL88M?AX5N1pIh6RS<3BpwyF0e5LBpL;i{bI-)0vDo9i*Q=lq;jDC;
zcNpS{(<E;v-vYyL0`%2&q5aa=JJKM({nL$>ZTpfnd|b>1sU%@mA(Z%DVivwlR+qcK
z;3v0XoChx91XM+Ukg6v-mmenoWdbOXanwB!pXs}&pa7r`f$+Ka`Ql*(*;L`f>lJu!
zwdZq3yG#cZKuA=Fxa}eEV+j1PD=A`b))0(_N;573d!9Q<%_MQQ5xJfJ!hggYCilEJ
zZ6|K*bSZ>|nS)1>nPLlTF)H<u@0*u9=qARp;t=U>sWCEs>M~U2N24#5w8KTQz2tUF
zj3LICQ0vk46c9M2a9hl&7aEKzHX3$mL2g`rZH7K?V}=it2)y6s3|{^+QiK%~4OsXk
zI(4+kZdL;@<@#><(*SfIt_U7+meZ$)4wdSa(M)-8-TX}Cy5=@?1GXf}!Ed^L-pkCk
z9()92LB-Z=)BL!wMGaM2>fzf7SY;YU%u3a2<x@P=x(AL%7p*3o8ra`~jkr@9jR@&L
zGIqD=l46zMCt)3@Pb@=X=%+PlDezF&*G5Jpc0?Qm($?cr`mmZ67sznbesCXEl?BHS
z5EjV3s_biAI#8w1-hUU2c-er|3~&8t+uDd^b$_Uxs4qa9JodT#V!4weyv`rB6J7^M
z(bt51>U2#{4DyxUBNDNY1aPu}SDUstR6s_Vd~WO2m@3M1m!0~|-P@kGv|V)!&~XgE
zH@~CU0jqR38>`L>)tuV4ecc9q4<pVNabQkj=uqm^m)(x{)?=J}lg(2r^>r+FsT)o!
zRl&Hi3i_FsEW}=<Ba=fd_Vox(q-(mgXtH4m?!C)JCf@Hsw!FJbIES>};|6HDWxm3s
z{R`5~t-s?>A+?l4eVw~r@;iMtrN)y;y~W^y??IP!@p^f6yMSB<Y5DJY)Ceff@h~&!
z(kmr3h*1T&Bt}$(?oB*LvVy&SV>^pbk^$VLG9+aZ1ho{0iWjxZCxsnO1J;vZvSU(W
zf$te>ZU>cCu=O2;v}eDpmK7^#YhdZ!fEI#JJn^|1c7q-Av@enj=^!VZIqQhPqYG)<
zd$IULisKsrtA~i!c4YYQG1leNw@phmy^6D6I3igjj-NiQSl0DRjb71VG%Vr@a8Zyf
z1KplANpOO;u1M6xC!+6YxEb862>tRhsxOSIDt9k5Dm^Qhapuk$&6x}t$z>twdg00E
zX#Lf;@cz<#xjt_lXr4?13fRx%UCuOFGQ!xo>;Tc6@uaykcZ01f8(#9jr@9Up5wdU^
z@A~l(>MR)#U)00Dw*GqJ194AV!1FJl@&_pX0u`oz@C|<iSigV%C#d`>V)(D1^3l}#
zyN26)zpA;3lm%W&5taX`XylZY#YL<p^{=WNV<I9bY{H7^uJZswG)dLO<x=aIPQQ+}
z{`Kt_@vP%`GvAQ?c1Pdls6#<+zEpzS&9Qx?VEi`#W3GD^c|miX>)6rTv)JG{lDYc`
z%@Y-fq-06DVxuc<tsIl@PU<m4g35%JXR?oj_l6AeWbp~d{^==$R9fiU%Nox9{@CMz
zdVMnJ#cN+C1gcmkP7wRhO^tRrAA@SWVr^mz?P29si+V&xgV6kJFo*Om4m1w~8&@ZS
zk=t1@RY&&tnt8}mU7pwkd&Yb%?XK!i1d=Dk`3hk7{svQo4EJFg-KI2K^sh6#6bkz$
zY8Su^-`6gTkUx1XEC>13qa$S2p4&be4Z3h|w+<;%!$YdZmvarXIfRslo(tynVCN}O
zIY*=vJAEiX1+eYE_O0me4a8wYK1$|^Dnt^h6>t?FVs%QB`eU>y2q>Vos8YD`oX<k7
z4avajRG~ur#0d7snV3<)5`V!4ZFr%)w}`|bCm35}<OySu;lH3CBY2A5ws`w`(Hd)6
zWvp4FL#5&1LF5pCP;^=3GG?upk}srovg=oQ!OPK{Gr(Fe@6;~tgR}U0A3YUS&eqfd
zD}igwa&z!_`Yel<_BpD^oUG=>imr)_;ev^KIxlKlPRO-&wFkzDKFj@*VCBx^xt&(n
zruETxq3LwrT66`jYI?wrS8|%R`P6d8kKNYb2W^tFcx6cvT|@X>E3$hH(8=RXXX<KP
z+4OjE+ZZP_<RJ?;Yr?)pCc{O2i@u6l<D%xp`>^&8O6Ne0EA55r(I*yIUXIB48vZWf
zH4O$nqSgg_w{-&DNh3RiT#VLXD(u-&^9-`iW4sy8>24NcQJoZS+z-ls@s5;w#igB7
z(8yO{Cn>kMl?P(4m1cUf+(NRa2hsfa(!R^F@Iv+y(9ppTt7e#Auw(|0(RA*{Fyph$
zJjq??_tR}?vHZaF{+7bf9LBrZWp#G%83R`kS^Y<mpMC5GMk<wbM8L`q=ks=w4vGwn
zYp7#0RIr9ag+R^v%r!gKt~E$$x^giFccl@Xuiw#Da=B%3_3Wk>LycZ$=2V@vrm-Qp
z{X6#A+Cp9Arof-IU>XR_9F@Wb)I;Kp#L`lXP2ijAWnq%r_i@6;$+<TV@QhVcxuK&X
z9Y>M%Rp#b))TyKs^Uyk+JF)K3oK;eGpS`2m*|aMPOCu$-n)487lx-8{ZOMFEbrncd
z%Bnn@O)<>}Q)4WEh<Z0`6!Pg{8`$M+bigkl(6Xyv5$2;<2Y&=O7HxHqvp(f8J5fkZ
zy>4kH$=D=i_+pejbWcwoo*q7-ZC5YtC@zmw(hj62P&>DpcYhXI2&{mGtFWjrX0u4+
zLvA(@^~Vv{Qq{_DZy07aYiK#nNsYVb@T~RzWLSum<8ZnW1BN?(1%8v(Fa=d~nwA`x
z6{5124rI}?^{D2xs|$xMG#{HkmA;<co!ny~sY>uO6w(j#eVWmjPNO9b?~5Wl3^Ni1
z!lJYeql)<m>K8Q6w+Abe$boFIuQ5qi(~l63$(zjo0)YQ%mtkV!{JW}}>)!+~T>qos
zMSa+D<;!nV-V=FSxKLQ|ibC8DHCe5&l=EZkhyf(*&^Lc9cktLBtK|%G_q2%OOp;5?
zWN0Ix7e&bnRc)_e<O;ATPnQer_^-|^p%qyD0{oubX|iUqG8cAnbozWc^a9rkTzSQ(
zuMGK%#C~1B*k0PdB#_bOla-Ig2}c`5cU`lFqo^<Bt6g}$E>K42_ZuSjK6&08?VXZI
z*SSAES>KF$-WdFv>fH6?)D@Wp-K*o2WOf_6aPp{ma;^zTRIM0M0c(Pr6s2;Uhb9X}
z=rsDgA;_FcJ3Mf0jW4sai##!F!74TV?qU$<q_U7%aNpwZI@k+jr#`yrI9Tut?Pb8j
z$yebUHy=3Bbt%nDZ__F!&pjt}n3szEQl5dfa1=rf9fa;Bb{B5%t89+N4*@fGpo)N~
z*x>%rL~AzBeq(<m(u{x;b82!A(2Hq%`Q3|OW)nd4OGVoQAk$J9$<CVNnmlg@%{_wh
zsz>VrB`R<(Y7KcMoZgyMz%wD|0UaT8xa)f5Jts1wRu7&RJSljyLbe119hx4ns;JoG
zK4DLh;jIp?E7I8R_m{44<;>xEpmy^MP5R#TcptXvnTApBH|7?x7^e<9P1sV1aUbC6
zV{TQbn>cPG<zlCB6MKn<Nl|0iu}^zE3x<K4LO)_RHdF-;y}yb0Yb1$iwAO=m?Y7(!
z%jN}rzsXFDm)W7r!Xp$*dOkE1;+TkMO`9Z_$azbwr*GoUg>h_0U6EaJj|R~KZCO*c
zjM06rXBlz(wSm3|`r%=FKol%Rp9?XdkBzQgTG1LpI3S&wCCs}Ng>CJna6O5$(7sE`
zg&NV24(g3;Op{OwPVoG)G`3YIWF*fUNfB6uV6@RNpNn&>bDmF^1}=CJj<80<y6(Ix
zg1=WW1zwgcadj-f0m{c<JnAy+cqToR_@&^>Z~(Mldj%?t=vt~g+Iqc|TwB?k4mbvg
zT-JJa@H77L_am8$Lv^?V8WH1)nP(>J)_KQFDB6ad()#TIO?_-B5mhfWZV@l$mg(*2
z0DNFuZ0BW(CDX5j>>!2D4Djk!csSNQUGF|{IyBUm2m}IfQfnIi0Q(cpFk}?}7Hg*K
zflJiRJMGVu8-fQ5eR*FF?`n#9pmbt0&a0mKi8bY)htaRiCDzR3?=)B=wokx<Khm2Z
znL-yy%fn)Ba6kZb{NItr?4n!4sFrTN<v**^ZVv}_Pdw+j8v0{luLMBoCK*5Ai5a5)
zSj0D){<gV~6B3Y$(&02;4QE=5=Kfx`^%A7~;^#L}ODTZ>629dv!CH(}vWxgY<g7E9
zI=})J=&fL|B(=9aU8Y;vT3WrOy;;u6i!_PX*6R)14|nJpf{~ry>8jaGQO)Rv=+)9~
z#OhL2jMNYwJu}C_tXDWV$J}^@{PQOsQ45}!=Ov!zprbPDOs%Dy=VBA!cuMkuemTe`
zT=$VtLFNBr>>IlS(Xwq*so1tvv2EM7ZQHh8v2EM7?TT&Z<@D{*x8LhC#_O;92duf*
zToe1<n+v<A2%URNt{{!1;o&w5+a<7}t_LB@yEg_FpGvuBEboxy_7*Sq@g$sLd8<%!
zMhH~JJn@_-mUh0cGa+dc&ELlPyI+<qwUvNElP^r1U+Y+R^0Cx=ru00{=fwR&@l*MX
zYyjTJY$xDsC9xJs49im)B@@Q?kG1Q$^PMXef!T&=??y=32+JvkjHAhN_5dHe1>Aqm
z&U^5Wo;~5Y9^QbfKsF_cQ)8Y3t7*jSb*BN|c2(I-q4}!xS*BZC2y<2FEr}0TQ4kKR
z>72|t#A@CdY^EjAhO3o3HIV_^BOfJ3a-1?{JLH|}(8l(9G7#&2m1LuS^obZqrxtu4
zDDIEG8m1I{omu0@+j^yW5vRD;0He&!*aYnFXBa8Rip@oE#G~6Pd1A7)LT5-YY}TbE
z(tRW_(gh+rFr8=XenK0U+7M7{6<qZ<qgmcafI}Z)Aig!tBlX##f!Y<G7RV)y08=Tg
zg;o1erC_lDv#{RV(;$ocH6j@B^#*vWoT2j8oe4^AQ*aC#(4U9iq=GLqg>JZRiur*A
z+SMtR^$Ayqs|%0K(^<7aWAG56^ds9-Y_4Iq;Q~Um3oBs1U40~;UEl&h9TIcwajUbg
zSZeZ6rIoz1UfLaFS{5^U^9`!)q9{-)n!M%$wk(MgD%d?BJ6jiL*cxio2<ubFExFr}
zJ-2kMOa@B`{Cd_^2c4dn`GMNCKR~<BRd*)+yo~_yhq&BXRo`GomHc3O$6<X=JQq^H
z!0{73%llJR?q$&I)#P{ySNIE%I8Sl*Z_w|5g;mV|7B$B9FA2oIfB#wkTTa1YjrD)*
zZ)PT;5kEkW9U1nCPb`h+gHc>=YwBV95QL+s<iw<z-;&>NJL4_)0Y(`$;-E%EkG4Ff
zK6XIw`@voxmAXxgt}oBf?6C!Pb;x1&o`HnD-m@b~Xrqe}WhqsG9~<62Mc~+gO1A3|
zyk+2xAm(i$PROrE;3IErIHB@?6c}BDY!z(>kV5=Q@CG_Dx;{J`Mjyy0_4Yu@DDF+^
z$?qKEMUv`s1=vp@#ft2RyG$p(J2U+2>NsKeBLaH-Io#x%%WMPXflsQ`o4Jyyj2X_i
zLlc=N!-CzvHVnNfUcfK5Skkq|kd#NdmF^cOe}g}OfXWg#?jb`A#++h2Hm{ExvyJ<?
zO8i65fw(-X(=Bs~2@PBVB#m-hTvY{KNRTtG8uLJ+3OZ5JBA!7Pm||8ol*k>GjlDm#
z6e&Pv8>JL@zcm)ZF8K)taI$AJ9ef9bl!20=%}ITkRif$8AJ8veLA|E%eOMh0s{cmJ
zXNL6?5LZx@HIg_%f6(C!`iE8Q3l#MsFR2n5fT&*yha=pPZXuOcRC~muvHW%ioT%GL
zl4n>%=9TWv@M7~g!?Wj~)KbQ|K44GjIl}jW0V);wm4G&te8s$)$BJKp$(ndC;b@8L
z2vXwOws||zm^84c!DM{l(y?eF(1rC(?7J}elk81|Q3p2~NEkp2F7liAv0M;}`iEd<
zHP7K5L}OXicFc=)yv!H~OafFERtc*=GOH?AvX-j08rG1g`_+k%BJ3s1rVoXufcj-;
zq3f#U`zgfFFCJ-&S(V{Y)#T(3r7{{x*yk2i&U7(mJ=vY?1Ck_!$;#$#op`61^~iK8
zQ|n@s#gnI8r4&HzvrC(9I@;<7Md_JAm!0zbsLsAt2S|R(SfawMs@7D<Z*25SLPSjp
zwrVa{@iD1mHS^C~4Ot+qC<B|vl64tghJ}n}@wOHjtzmG_q@|Y$yHG<VHzhyLQWa~-
z4qDdh`#a12j)-EH%FO+_O|kpoz_c&*m5z|_3J0?<Rw;<~;g2#OcT^9F-V{&}H()j+
z+g;9=XLXSS<GOT6h*JIN5HhPBa%nZbfCXtE)@V~dul&*lN3}{kz69hUTiRSACA@8C
ziOf6+No}2j_hd;SSlRy*@~#FH_2}q`_JmLc-p6s1q!jMQQBrmkS941Emxj%aXjH6W
zT1DV*BUrI`P67@Ue?ICkOm8R4jcGcvsEcGw+OobhrD0V<wG>pdy$Kr*ZfWqM^BKXK
zD19gs5an9!b-H6-TH$O{i>}$Lr{9@6C@uArpU%66r<d`D-JLHF>*Y%hU0A9nCw~Bq
zok^B)S|%N=&#PdEGo4-yT|8gwwKMW1mr9f}k*3qV!$0@jd++@gJh@lc#k{=xI6v-c
zr&9Z=GyN55a8?}bLlQyHL*J8UhqLo9^S{^-p|{#8HCEtbE-ZT`8~FlVF`_pf(8-om
z$+>i!oPuR&ub-eEC4`s?!VOtKE8dx!4X81qKds&OQ+9Y@-+m4M&1Cz>wE73JLHBQE
zKx}_k2E_K?l>rrgtGNEEAAkD}bf(g^pz>*NuBeAZGOab+7lMu8nnC!^xD`z*Kxk>c
zPr1UBuR~tf$cakmi5BAic0C%i>X@Y#Fdk$da#476d!^53o)r%8JXWz}PMOjVZ0pzM
zyg0VvQFyH5RKrYnKhF8`PHHI6U0LK%nx#>ibzTS^BpyCz#w0ijp4C02Z&h^P&oQb|
z29s58KWY2CIta~+v3uQ>Jq@=#)uPUNANn$C5zWI-nwZh24+ykXFD_0Vm1DNm4*i}$
za?}`=v{EAJpl@rx4yaj;7Vh7TXM-WRGfbyWVMLQjSVg<3zVm%od&!)Gw#=?tzOoTx
zE6bc1#k8j{uO#YDP$cz|!92k&T-c46KEp&{=Sc#{Q7I2R&LoLDBEL3|OYF*@FtzFJ
zNSq4eIC(92rx3}r4Ho1SGCLmT-8m#(2d8D!xNUOIY8r}n)V759;|zt?grrYHwK?9|
zKTDCH`K~T;5#iPCM{Y5qS34UQ_D)FHZDJbD(K|NFnl>Gr&kQ%PBT1&Q=%9vdtOJ;$
zNzzy|=F44!7pI$s16{wUj#8Bbk@M@+u^~X-rvIywbn=qhsBeu+WErb79CA$;W{nQ)
z=Rse@zV#gd9gYhGzDbaN*RC6Jod@`jo<`)BL+BAFmRgl^0LbVW`_Af}DnNd10*Gox
z(OEKpHBh=YPfz^mmfF^a8`K7E17geJ)sn!$FjdXoL;5>kBmPG2PoG$}6zMh4lPM=>
zO^iI<G3h^Z!3ZbwMZp-tAQ*{iWSsG!S?^@vjM1x>`sKD|kI>2_mCiO|t~BFg4&gi2
zp0J}{A+})ZX50FXqah|(vqrJ%u%Ea`FA1V6qd#kVu$(}P+hdpdI7v3G@8>V9!#Q&e
z0+kb^;~B+T_k0@Lp-o0DZ=o2LC_ty^H?aEJt$!AGbIjc|=jJwgS=!dfS(-LO@MA$V
zP1cu}kMXL@^~Z`Dou~ZFkKi&Y<DbIjDitItDamV@nZp2Z*4EUffVIR@UT7sMWoWPF
zuZDE<a-MLpwi_1L<4&@Zwrb(_KF(xVCX(`nR&+Smg9MF}s9L&O$)*@iUph|kpI%c}
zhzI8BxOtVG716L75Jr~bL23)YUI*FgK_}Y-p*)sD83e!`@An4*CpvJ396ROX-?W)a
zPeHehpNe;DW5uw&xBux(myLP7U`Yr2tI5+n1ac^N<8vl5Gi#~g9MM9S>~dAOM#SwJ
z2y!Bg%?1AzSi)+RSrxd2P>q7YzyXyV&>qe&zZomrunCo2u0HH$s+&{ZT@7$J!Hgc=
z1%cJu4X`~G>;)qwHAc?a{(%hSwjW9BB)=@J6cVO;;KPkCMwUm<{<?)yoEleQ`-1u)
zOrm3{)es<Y3r9gP`<7ih<hMGqw{P6g7{8NwboLF2#`WMfQMs9+62sMCYq$zGMuZ+I
zqV!P23*3MKOQ?Y#haVe>uzz!Sb!P^RlO~cAd<Lv=9@lhlrJk)qA!7@z+f)QACqMX^
z#_vqU_8bd`b=$Chu?5GU{%Xc!;UUbc`c|$2VcPlnl7(Y;{%Tv`5wKH@br~hLXqzzm
za4|o}k~k?bem#u8vt#t?@4w7eC#1YJMx+If)|ug9={Fy}r<){w`d@_npt-L&F0PLw
zljKF^JTq8cAyh%1?zsJ-0!|{*SjZ~5ufFKi+MAZz`pCYnmcQ7%G9(!s*npbRgEaRH
zk^4F5QnAL(QfiON@O8ht`P%Q&l0JNRLZ1d?Pa&5xL)*5CfS?JOxm+1C3Z!zh2ADpj
z^R;2SE;T&wqoLq={sEd6%?kZDGy7i!O>_**|GIF|)6)KRK>xqV=<mn>?l-FP&Bd^O
zXR=Uezw8x=ABL)z<{QYEYbHr%h?Zi>v+;h{wjbsJ<RDK{z1*IF`X+W5meI$ni0kfC
zZGQCFFox=5T&q0)PVVI4o-j3Vr@Kknx+h5>ivoQX8v>ssxeIJKuk`3x^ZKkr<p6^4
znTyw^@}n<yV=VsDb`)ojzU#ppzK2gWz6I&t`o0#iPbvmNN40&g?dj?zlwil{=C<|S
z1LCoLXWCuQhxKdLP_*6*3wqc)VSjn?&qeXLM%!Xz<$PPtpmLFUrM#Y!7B-D1g=6}>
zEp4hpB<j8zW7v^H8=6$!3D^q_Lr4emNoGT^a=fBZK@)v`(O5xJDRQ|!E<BZk5!kl>
z9EL;}Q=K^RqD5V6O$;Q!2qUTzafE{aaF5$A$}Au({G*s6x>6&sI<brIjJzsiKVy*6
zV(?NM^-Y!F4;`#ICVH!eIuCN<d<q5OVdT#X6loJNMo~?teLW-*MCtu6W=q<rqJ0C=
zh4XwnWOt8?*!DafD3Mu9cC@BNox^x*@!H-ibFH&Em)gXkYmd6v!V1a{SGdh9Vh#)#
z0$Fc%bP>Yo)u1b&sC+X<Noi3}PPEnm*cqNuB$qka{ko^LnBb1%y!}uatRQ@i0NFoH
zwcoa?R$8{oB+9xGRAENf_B!%ELkw1mMt_E8d*Woc`?>yvw<-r24uNd>&6RU$(QH$`
z{s48^H<(!+yK1`1>t&ip$Tjiv=#$gFYHr#xt)0ZL%UkiFezkpTFsJmgihPJr=_^5c
zPdUjn!x9omXcTlY+WxcZxM2EZs8$LUL9gqm*liOoZeA-7T=i-tDa{3njs{2@rmwJ{
z)j?EiH!g<9Z|DQNa?V&PX>5lia|l`~DYHCAXS@*h-iU&E*pAriGj<5XMI@G311qf?
zn%@fRC*{GJ9W5<p$rvTP4_b2n5=gsmhX5TClh4UCVu(WwOWQ3=B2~61PVd#+NM{aw
z!a2>iMi-}L;3`TiBS?k!1!!N1DL|>Y5g#5tHK%@NY%yJ<tF^#^l3&(U2hG<1q{V{Q
zSN_2e&s;a=x~o>j{IaUY^-<#nO?AQR31)6pPzWu9Sn5WvbRV<uAoEoVcI&6gESpw}
z83j*L2Nf{vss>@<hGdRvPXf6h__KTm3vU$wPW}g9fEX}SeXFb%TLJHpg`N-xB=)g5
zPCMj=%*HbLo$^A`C*Poq!lf&Fba1})7_^M;l;`<_3se{&r7RZ?G0XDvvck}8e$tu2
zCN)wvmS$z0y8B(ic5~z5KCc297S)V(4EPaX5G`!O8SMMS@-=#J51e1$ME%t5X0K@>
zr<L;DWx;)>9S5p@40U~6uy8AjdVQB6{`0;l?!4idNKHMFfDI3Ia%Cm`x(2E<Nk>w;
z2<xLI$3zsgUXE&Yt*|#L)Tluybv5VK_EmB!PLVY7G00(S*w1+T8tgOj@;C(#)w_(L
z!XZaXh}@I;+op1?qS$@c-h+n>C{~dV`7Q#SID0Z$AGiZ4Bg)S!mp`ze5(&#vadt0U
z^2*=zN1%*LYE)~rHRb?*Oh0pv&v4}i8R5F$5bI_RYDboW*rv6yhJZRC<!GycjB@4U
zg(4-MyEXIG1EW}miU4KqzR!!Jor{R<bOENvNaE^A-|!34)RTo({<zfQMQ<3_-mmSE
z8ypd1teaNvi2=MXu1%$fD*LV2O$n<&<?{(83ydy=9{P(`&!fD--h!=GuZ;ea$G`=4
z>?-;|&)HitLF-1<{J|gPGH#s-Pn0dPKubsAY1SB>i^mxKppp5B*x#re=Vd;g#8oz*
zE8ea9rxy{5W^Zlf@%aF%CzNTP-Ia`d5qn7;7`&Ted+n4&5RQ@qhXj>ERS3U43KM&J
zSf0F`8Gv!eG?#Z?svp<i$XgMO2UcxNt6p#xdm*c4u}!;8pn9opN4C{(;|kPB-_E7D
zvugL~FwOF_YI7AG$mpm0N=!&4jKC#n=ZyY=a|ua)!|V-x7x#j3B_m8*FP);=nB>b3
zvL)}sTSB665(pdM6*dMo9I%ylj0l0dSvad^Fg?;M4y>^HWDjB-4LA+Hm5&Xe0)ufq
zwq}`D$_@%S08E*TP-WZ3Xl=-dmB1+|Dkh$MZZEH{KcL`PXI%{p&t6wLkjPz3|AAQl
zM4^9d8O(J5GN#ef(*37b<oofz^NOfQ{dGR=JX1NR8jYL?uQMDKS#~B#t2G#w|9#@<
z?#nAHD1`vUE3RZcN^_;*n`p{rHEc!Y69)9Of3e<NKFt`ek8xA}K@rgl3(KJ1&L{a^
zch>9ZE}Q`GeVD*DS#;!3XC4dl+|d2y2Im2}@EHgE(Gr;Cz#cPYmImYhC)M~lD^vI;
zHF<D{sZ;HfJ9OWa8+Wjw1HHrB)kADvjMMAR+_n?T6AQ?K#tv@y&Xm1qRShfZSFhOD
z+3nuv{2<q+h61LUy}F|KsiK6Og~B8376b(YMvU+g);@P?iU~)SunBjxD^@0V?L*zb
z)UVldOU6s|$k3{W1mpbk=*YtIKa>6_W!B_vB^LO&*zFwX*}<SsUzCWjWBe)da+#%B
zNuUp{a#cnAY`>Pq;%dS($SvjydB`1z&tn;>TlV*Qi>S#BEd1`ANX*+>4k%j5b$bcV
zkNY>{10AGt`{2t9<}kIY#Bz=;_i6HT7t;NKywtZm>M?HIFtN~dCIT(2R2%7wlt*I)
z(_#Y+n3a}ZqRokT!&Z}98VT_&I^}+_gR)>5+{^f}#^(_cX9Ra51C&LIDe;$MBNHsk
z|1N?glEb7*!i;D5(O?kD>fECU1|5oaP|1gvRFh|XU?D<cWyPiowoN9!X|$2pI3)lb
z*GoWT8x>Hl*$#!DRKz`_fxDwOgN~y`@=1N|1NcWd=Mj3V_s3;9kYT$)7Z~~ClE+yd
zgftt|vgpC-90@4(Dcs<Uz(s$^nWEa+2m00I!Dt*Yh|8ipbhMqz^v3Vx)}X1NNf&`N
zf<71lL0?-X+AaRMM*(1SQknI^_V#S+D&4!#*5QtGI|#abI6v{0NGK>5A>;IopOWCA
z1ePhn5~Z=1^MDr$hUFANGjFkt(@(xXkF)7BL#VxqZ#Ui}@8`6JhsV;Rq<g?k;8?a6
z#qA5*MVEAuqKV5E2zcmD!W5EUM0Khs_AtY85DeMD*hCP(S+4>w_TuvRIY|}QES4Z(
z>Dl}ebD%}DcUpmX*<K;MA*=%%$h;U?x6}JF{ePE9KD6;!q3_zTwgvnVr<>%(5-bca
zgYh*2*fiRMXR~(7w9BZZif-cX15l;iE>Q9t_CGVipzw;CF}DE5+Ac0&RH-)Es|08g
zt9GD<J{7X^!M@bafq&L&p?YCC@5!D}T$X<avNh$DZr+PAX~I>6CSC<A=StVflwZJg
zp!rRiFl*+>oIAQogpob<!Kxa#HcyoP6+*|r_FDw)%Bz1n*gHBSYx;R=w977D`ZgQv
z{bG=Yh`}IZ55@$YV|2FqL7U~3$%yJZ0@Wl@QMXMDZBiYz%U_!tw~FS<+NPREQ%fgE
znCtP%3)IU@qMm0qA{dr2`p*ObMr2Y`2px{0vU$UDtPE&ZXjLu*Cpj*M*AF+H+T%Z;
zW8y~o`B6dz<B|+ocUbNRJ$G=XES%~Z-l;)Tez}jFk|kaY)dS*3ZCi98;lpEoTgWmE
zdcV-V{bU^33iw<<f!R8#JMRf?96i?0w-pqemoJ5eb?q&z@rAk)WwFYQHdPo*&m72v
zjw{UGBgx$Mj3tA``IG<=xFu+OxX4Tq;k02nPUwuRY76<G)qG}yhfZlC`KN0J2xOPG
zGO7LG$E%KIO1QRV(_v*J19}LxN*a&QQlKXL7gRy9*-8$*xq)xa4eJw@xo}!n{Ag$u
z@!-IA;Kamx8P9|W?ZHIq3?5sV9}z*}Md}V`s~Jf+tGi2J#2vw}XrT>ji!bpbkGCVh
zmga9P5eDbgnscN-Lx3A?;@6W05g2rC9(R~D9TQg1_O>reuI8P$e*&gncaqIk(OUC_
zdCDo2SOdJZ=G-r#CyS{{CN^-up3uVazQ%1`3W`wnrEVtC*Qc83_y;AGHJ{daU%UIt
z_9|RAdLFDLo#yaMrIF%HYk#QB2vqP5=`$SIsWmMcw$`>gbNCaj7L{cO&sxK2KCp3%
z+=$RkUCAG;h{T5Uy>PnUrkVIzG59sHsjENd9O-m#-MM3DPkEn>+}mCMLO>O1{Tqb&
zS2`>m6T`nD%)j)<|I5(R)Bblgkbh-d|HWhdRZK<&XF)YuSFtr`h)VkE*8nd|iQ<t{
z7&jP2)JBxlGkowZxF=@29Yz@$vWBO?-=64jyA%BiY{l)#*zTYHR{p(Z^$fZGxc<&$
zVAbx^m;O?TKqj(l1B}u>xiNow%GTb2(|wL(xyC2_mj3YsRouHD03f`k2ztZuFS*+6
zYCXoF0)3h@eQW>DJ3l^$kq091yq|{NxbC{#xYi^9fqKVc1VoelaH(JM=D$~>$(V7>
zmTyC%=Av!;pk^{Xs&big+jYc@8}P1YmVI=+(B3d#dLL!@hmqieNsz$jihm_sBr-}a
zyc@AbpvYF;^p_D(5Z~!=Y#`E*kqxa&X^^+0?<>7>-(sH*6-kW@s&1ocl%efU<yQKt
z`swD_+!@<S9CZ~}G{FvsrYm`!Cj;jXM#anslqFGH`+B}8;0hO6^Y>Lfi!*F+Vi7l*
zb*Y#x<QHu9pRjYv!<)Y}XXS7zu`%-)ky6h#m$-75#4&O4@-?jrXBEq+UE>Bj%!z{n
z<;@Ua1!jfSY&Ssp4<Im|VhjqCBPdHoa>4jd!NN~RD2!^bY3*}s&rjV&_;~OF!kjL6
zWzobIxe`XY&tKX><d#o+uhTcV(K#69lL`{r&efkrVu82Du_l2lI5@1SwEk2gJxC@o
z1f-`xsrIQ8#JN2aT%z%+lNySVUz(pmaQ<FU-sh6Dctpp}jcM`1iE0t(ABmcC1>0T*
z%%cJ!H3yozv(o~J%8f}p8aCE25a^Zr9cR9!PhqB8Zk`sySxbp^_PGG4eNJcBc0G^h
zBoE8a<2`r`CtsHl0vh`{AZjaYY)>Pl<H*Ax*KPE*yGofzE!%zx13*a}ztfgnL;zv7
z!Li4oA~oN*kHjhuWC{N;n3hIY##d6>$`lc?#<?y{4+yAA0jRtBHDcXjW9tSy;3<)B
z7CFP=qsz1J9T|Oxcb4u!Wq9$(T$i+<XWDKo#Uxvz*;u&YxMsx0YZ-(BZJ&?sD8rk5
z0-H53WviS~R0{Mqh<z#QNYrR1E;$hzL(P4KH?qI?gchwt1W6(kckL>jR-4rsB7QiL
ziy6$9TCj{Q^&b1&1*uxoPfEM#Tz-!?CyYEoTu$})M;oqsWNH5}prDdCI$!9Fbyxm|
z(xG;#RT%fOwai~5AQ78*^sJODP=w0eXDox@0m(Ab`Dtr48!Kx_SCc$sE#O&zBP>Z+
z_1XUAh|KLiFVK*qpd3>elb%53OH`i>BHg+_^&kR8-JF{9_BQ>zZ&a5wJ!Cm<g8=1H
z5Z`pI{M4f?5eN2%2ePJ5rx$xZV%Z}iOb`ylAX6*Dii;CvNAt56s2j}mVjIt%@DEN5
z!RIewMBy;pAh^QZ>>-LHsOJ9b*b_<}J@#2oA<ze;739kXlJ%}aq~Mmb50c!)VQT@R
ztqt$=5#x6tLAcdMI`S09M`T25k?rGA?tLcD`|julJoVREz`WEJNEk8558!Schv{6%
zsXe%Nl>y)z{}fyXmfBLR#*3>EPhMQ<#)cKNUr&4&Q@PS?ziZsR>#8?_0jjbL9_Ff*
zs84s@uZJWZ?4(%BZ&VnKyY5pU+sLUu+!C?M+1!Lw{E2SnuK`|Cv~mUK=I0Ya#~ej)
z99QSCrMj=OLp>`Kx$u5f2OfYtMzx|gQa&%|eZUIIJUuQet*MzWMusqYKy5d7k&m0e
zubvFNXMbF=!uMBsn7;rrBjsXacnp1Z?F%30Id`qMzs)wL!mNlRAKkaOY%AD70dmRj
zhj&HZJh5pz5}UXEo}C?PZe8Pf-gC4#+2U10&&#w9vweL%6Sj;U@_2YE>9yJF_QHn$
z&#S~gC-gt|1qRlCH5Sm*GX9mi`2R9ojDKbB{D0+^-_zV-P4q9dQJbfjJTL?xJ{}7S
z$LhiwICz1)MkyAE8E<_u<5(on_|~3ISGCCA_+k7CkrAbtwom8s<}07pbTPG0`nKGX
z`-hvT#rka+kMSl36hB1UGY^C?BUYq{p`pd%Uh(D!F4Z=^>>b6}aSX8R5aZ)egKDF>
zVRrB{%ejYl42s$rai{wG{H>P_<LPTdi&f|QyR&#e4{nG1Y@1pGccXcO4&BZhq0LOb
z-myn#4zv9$L*_)6v@s(?+d`bQnf8cir6Q4d;oUswRbUvxsZ+bbV=W?7rymcFLNU*E
zANQWl0E`-<RGz51ghFNtNNDp|vW;n+D8fTjNo(95NRob<xQkfHhJ4z{Fj>iDx$0pd
zc~V1xN`Zsenru<jhKQ`FndNW6vO6X#rL<T)g~B<)rl@x&UeBn+!m+Vbaj9C$!cioE
z=CDAwpC)w`V^3tZvMrZTJ3H{DI}S$RsoBcn>{PSWc0IVT9eTXGV9Nq3d99HdH(97V
z^GAvA#xEZEJ(!t#^XA!XN&6OueV*4-mhbc-{j~Sy5N}*Gp26MwJ($6pTi|#Q&x7Js
zuM;CvobVv%UlNy;?>6CAXsc(-zhHGRguSJZ$h8;YfblG$?WW<<R(8|3e6@A?<4(0e
zvf@VeU+aXd6}!56#Ncg!MB72|9kd8ak*9j{^VEyTPXRjXktS*hDUVBiGu1a^MQh>q
zAj$yL?#MO#^(L%o$CZQ%rVuIe$4cyn>B9;}spN0DZD=9%#F3RsX|2@9L~U~<m)SeQ
ziJK^R4;eRixqG2UXH5vIpE24So`%>@1Dq#f`A-4e0{B^>f+z4e#)wMx8QT|0nkxDT
z=v@2Up`jLnkK*(j29g+ylGAD&lTNADS=xB#f*N6VnS3nps?hdjyV$3tF6^2dSUt1{
zm^Z3+EIb!Z#RWq-;0rBCX>gXO{seO^l*=DFeMG*?^#ar>BG>wstp|F9!cA#3PH8C|
zyoIa@3ELYVbO$vh?F!$atdeRydrBPHPP*kQw7_EQ(wm^wRCT;*_hlIpB->;OSEqH`
z-niRw@Hkc$wPzOlc~2esaLE=x+|z25$~TFHle%GWS?JT{zhvWfZ)htJFqfd@?&5m`
zg6yRdvW~*4t%$cOY>%gNYk>WU1$<vPa2^#e(5F79Ot=_PQ#v!y0uQ(sLuYVPu^dU-
z0UMNI(x&}dadFPQ@Mnm3>s(aA5a5+0lBSFYPcj~pI|v<^_ahYi6WO4oUPqnHDU;sb
z*~!aB^pQD{2_naEbOJGaOyI-T1B;7#|6=@lb9s5#|1kNW4c_CXbNi9t!9<}1(q%7E
z;wG!ZIp9=lNH7%JHxQ^YLGL9?>k^ct9^gkU+;XNqky{yNpidwdS}5L1nX%`DNMso0
zcwjF<Di_JiW~ivR;qczgv+SRB1&se7(zT2ot;ulYMRFXS#eh$1^}4%qH=Lhfb-2zj
zloAuigqG>oH)-O20t+||JI&ke(7oINtf!o4z2hvb`aum%C2R6%s>tN7bxWe382vkI
z%aKBPk*$>aO3o#ryOo0;+!iYG2Up4)`p6%Y7qZ2L;ANmls0_O{&Ui7!!oxrK_JCZw
z@t9dr5m6piS%|4#mR@doZd1S=%FJx&Vzj0bWP6Zf9jl`KYYN8W1Vg)pW3W)hll3>F
ziNBB|@KcBd-F>#svc}FTUZ_}!k1H{=R$zeRWm`#F)%B>#Q##9ClEQ_&lM}>(LTU?^
zA`I3)Dx+SjU*_GEm$UBP9q7|IuW<q<*@rQDgWAnwyFR)OAKw&gW*%Pmcl{>!Yo4%}
zp9HFLGyJ@LSZxjhH#el**E{%HUUm=prJq{2^m(hbwym7srC9+;9KK|u(%&|ETlmPE
zQF42tQz|mJn4y@iezvzc>C@NK3MSZ%_)&2ZOqbR-)~rE)VIoS@2=%S2S|gE<19PO>
z8Jv?jJX`&gz+?s}PrfuVaOXBimm7e&OdPmxW2_gvG?wGKWEL-eIMBOfvSA6aOD7$H
zveD--A#Z-GEZpR^)Ad|xjP&BQj@QXj2&hGE(Jdm7>XD*^<_znoPZ@9v(*(nDh9u1M
zaDV-7rGW?_*}w8Q^)~;2<^3{f`kR&GAHefJq!#VJB(e0ge^X%k{rFc-<^LC?Dpllc
z=0)MWr>j$0c*Q;KMAHvyQA=1$6X!te5cc#8Wa0}St*_U}y1v7fwpq@cP8*OBh8uH~
zZ(e`fbiEimzh(x@NeaBc@Fa9R4KF4#SD_|&qW<18wCCT)|C}CTNS8ijAa7~D95wrT
z_n>(ML-HnK`)CCk%Q&3PNIugJz?w(;Dyq(R6&&w)`aaQgKkTulPX^ObO?%K(PoXfP
z4=1S5xZ9+3#&m*Qr~nS!P^L$kx+93>+aVUbHL`ZTd%BCI1W{S(Gqi2l<t?+z6*d)l
zTz8VkQ$+>$x7u>XzC2ipBpeUig^JAHgPkoS{Eo>#8MR&b5gE$OM$%pcjB1ns%rQq|
zNY)FIzdUIXqLW;jaxj6?P_CRN4Z@-ct2|~WZj*epoOnxJ?=)59=%o*gEWdRYc=Ea#
zB6DP8TK*`RG`mgVt;xMZ0$l8>R1RgceQGZ;2KPm}S^(xNtH{=<C$H4n81yOf8#+nD
z+8{AmQ9ke8zYvQKt_4phJ0%5ZtQgYpW0@VxB~hKe>D->(I7fr>!qg;lz8s3LsjNUr
zDs0jvXtEIzVX1-WHAgey!S83Kcr*}^-kIVSv|wu)_zh*{buE*0ab!q*)E8dhE+gPj
zE?ksu=Gv^b5xZ4I$>f%?hheHETPwVOIK7hPfoyJTMd9Ti6xa-3?y|l{W&)B_j9^J=
zWG7b241P4ET)4L!<^khsNQ;8gfY@Tl%2^TT8G)&)mL?J_B+>KepP*y{@}uqYSo=KY
ze5`Sfy1*o%H6gSIlmh{~j{LtN1Ov(GrL&Ot&<D4iIm1?f+cQO}leGE?_9)3B?i)rx
z`n2kSk2n`6em^*u|9}CwipEMt;1)e=2rw6_mOq(rqA*^@4j|Gfj7ljk(G){3U*On$
zE#?SrWPf?&;~YPyqO6bSx8rs9gmHGxs1*9+nNmx7Y0%!p(g~`OxhMcljznV;8tWeR
zsCn$P*?^<oi|9?u5Sky8A!8naBNzZ&fZR_Ge04EduiRB*WJ=xnm^0S^Y=XhuG~{F7
zb`1oT(%jS%r%ksP+ZmjD#kwZ=Q5*z*mAeo=r35V|d>~6jmgrTI8bhMJ0E}1P27Gki
zwOtyS5$~K->vyQ=ji<_{see1t@TyB6r8i?WVR5Y4n8mG$<ARH_oboi&?3+WM`99II
zNS~-uhz4M~Xf3<uXVVO$@7v~|+$(p4!QHB%nYkU|UdF*h^tMpPKqDSGhi%-H{O+uI
z5b{F81*$_?h>2*lcK(PWElM}+L)4KVj@q<l8MbUe!%@*vIU7oT<}MVDZ<U~tFL4j;
z8DDQt3okAk?9Qp+1NKvTm}|C?CRpY>dlpaU`bivh^F?{BxX^@94l}@c3|>==$%D@~
z0Y?Y&lUo)nug*CmNnP04IN`VV{C2KUy0$Aq-!FWA(Lb62)|NfDEwH{@=^hh5=@hy>
zGK0`s+u+$L7#9KN*7t1tlZcPxQ@$&E*b)T5JC^~W$_xVc(OF$PEeXq4j(?m0YYQ`K
z<P5{+T#M(R)&SmlC81NVUG_lJ&KUc~251(OaRWIdZLn^LCGl0<ABUg2HgBUGkAQhy
z(Tw`$g5aJWHZ_gO%aHQYohm30rqlZMUR!KwattpI_~^_D&wrovzFi8;Z@5bh)Cc`}
zk2sm0=|$IG^~G8<X@`^_Cq+$xxP5DF7QbT9U{c_e1IsQLx{dXMMJceSyk4UIIB|yM
zKL-jY=-s<-5!u5aq;%s?xiUu@569}falhQyQp<pZeA?LC1as6aUU-2L;%_^n(kpev
z&qmxcFdC_cTr5sY&XRf=3k^c!P2MhXNGx%857z8YJ===7e_~4o-{nJcwA}SfZ@0n}
z@*dC<e0Tydx)-bOo0l5KzQR-GavH8vZ^EmwT}r~;SGWpuxe8}d)ui(VL9X&&p`bqf
zFrm_pms5f$)R>|_A6OC8GP7FKoUlar-Nf<aFoLQ@={I^nwiPt$EGlLsb@l4}RIRB}
zZqp(uT|akcrrnXm&20%C8?rpf_@mQB)iKBGt5$Y0o3LyZ^}{mud1$VfLXRm+IKh?s
zNlCK=DgkiV_D2aN`zs=>OQV=l9J@LSn%w>U*?8eQFhWd-&U)!h?Gw%EUVP}^fYrac
za_N}=*T6<k%lw}O4&RUe6<8I12bQjhf4gES9yK(=UUhpkamb_`35dy{6&K|eLwa#^
zF?5b6SQGD-ykFEjI6)HZ3z~QdsBx-SQyP~nyX1d?mG;YgVVG2Q;{-P_SH?b<E?1Ib
z$aV*O$@vKOn{pCRX_TW>J1=)P@rUq!5>FjZ0+JeFfEuV*s3Y5p3cN#m@U0XIExC(T
zqv)vXp+yR3#-cP=rob*Mgum+Dp9-Cs&$@4y&3Kyx&|(40r344i9zT{#rN^8YKHAae
zr%_wNqmoTF(<@UTLzahkv|dXey9#Vdn@rGkUBU*CV#S;|(LjK39dwIg)v>j1TL%)y
z6%9_!l+8R-o><cp#}TPx2sGss7R-$VB2_0(-+}IRXnM!hW)?hZ8^$Y(7m4vQ(iw^i
z5@lJHLRpO)l}&);jCcO@+V!=rLRq#_Pik6-&njS6wJuR@E%C%|a>BkO`N}EOkqBxm
z+OUSSV*3d@=yG5$f{SxGI)IrrnzNd_UDTsX3q}qSxY>jJ4BO6i3EIzBybf?6FGa$b
zVpp29*?#Ecu~^oRx!nOgw>KC<o|9U|cC3&WxoEDYE~c_wF%hL+q^gyN)cP>UGvE2M
zwo6CKnCDpTQfs-@H=)!lVFWRJ7Bmrq^&~4%$iS;+WgAt~XyZrR`s*PeG*Ioxc~sKs
zE{x$D{0}9$tHjM2{)mn1Nt_eq^Fr>#fG!&ABOb7Yj<g^7UK{ROWr9WIDMcizLUTM<
z4nDLHc!_)_a8S8e)-VTNeD!=8V9>ZB`|8WTbh}YEO_3s1XQT$S7uo|O@kg+tqz&F3
z`9k%YaqmHYxsvV_^6`^peu5vHq<?)}_Frf`7Af^!5+{6LQLywb(04Zu8j{%<>MmBm
zw>bB#+Y{)YG+iW3?9fZIQ~g4yu>Kg@3v(9Ay`*DLodVkEH*WSci33CPi!${yuwoR{
z{IWwLtU^blw5ZGDf`r{`8EqolAa9ngE{fj!+yt}+1yd+^2gLOvj0``~yL~+D&zKOl
z4MaxTTbyHdG1x{1nKSAqRkj6nCs(Kf^$28$Nks+kd_wC}hv(t{qD7hm6b%XIZR6JS
zR5=V=ILR89rI;r)q~8kFOq<X&?);dgMZ0@ZO0!vM4V1`~rsd=_<WZkERzI-}K~TQr
z7|L^4dV7ZwKNx$7VI>*=wPu}fd+DZ3JV-4A8HdIlGbL;K$EC^(aTc$rxr9i3Ovg1n
zmQlIIAYrwaZlGnx8Y?>kw9DI{DsPburhmf4TP-K-eBCtmusz#`Jq?6fASSRTjeUg1
zS+_mP5$O7+lUBr6bL@bY#1fH&xxR(jVdmn%a0F7c9~wJ~;lq)8WPq^gVElHSS*f<H
zHjvJ!i7T3l8-qo*rQs}m5cs=yMD0}#@CV~iz-R;eM&i1p#Davq=fO%OQI*6b>RKY!
zZ#e<?jJDQa7td)VzzF(=+t`-vHY54brM`Xp`kCcEf9}E^VhJ9p^(}7{IHP8Vr)6YM
zjM~l~-1(58DK;Od;WkS&;Jd&>Z@bp}yfaP;7=spbX%|iQ1y#onR2+{}cSQ*+SlC$n
z4@yvsQ<BtEUcU};lQc?I2&^Gux0jy8)*zx<QOe&zG%pVaW_K3Y_%T^-Ngr3EEFfhX
zSm}xO`JvNB2G`WOK-tml&Q98KrkV@4P-=icM#D9kT6+9`g{Ng-uH%$X<+To3JIYnD
z92uA{2(Zn$;}sbP1BcB&-7o8&Nv>U{^zaSc7XT&G;X%flv<x+E7dNw5@BF6VhCIP3
zcFe`Sc{^0gj7~Uv|FnM0hwh;V&OjQSUCu#?HY8(HY~ov(JilAXoQRsLz1Sn1hP@m{
z7@<QxDI&dNzEMjD`PDskNZTN2s){?b{2b@)?U|0R4)L~oq#kso@$~~`hv`52^!_={
z|FNeqGW^?~!t!@=F_!;QF7`iU+L_9|RRXyz9Nte6f{e|DHJGr~TRjWd07n0?LUejU
zKGwBv&vp}GJZ@&CRbM)#xnrlNv&-d4mg6A!`{Rr5d3x6;BOnSyL0+3qh`nc!V6OMb
z5CgQq1UgfkgCChqPu;+ALI7V$$=BX~q=>13h^hzQ9bUSDKKXoT4|;MSHai!47H~ql
zt{V}$cBmaMxA=apXoEIBkk+WZM?JY8k$$8YA$GXJEOINj?1UF8^qD+Te>H&0my++;
z^((|hBr5TbKK6PP%`@G5bb`OEU`O|{rc35<g!cdbG1NUmd8<E(IUyC0MrO@h20=ds
zu@Ytujf_K)W=NrJujV&)kz}Ud=K#Wa$oNCg7hNHRGeEpIUZBj7TDh?Z(xUQo5hIeE
z4XsNrUC9b^1Q#D%%`US((M7iz1x=>xlz_0JQnzR1PZUarzB}yb<}eH=_r^5Gbx(Qb
z+%yi+jWM<m=%F@_HR@<_2y8XB>>67hE$L=-eJ+vUcl!#~=Kbph-gM~Oq-<!C@U`P)
z!2z&cEJJPt7m|Ksm2<|YK$Q|W6y0=aIpa88O3m(?t~N#OAN-zQY4#FN^ZGCr#<ZT)
z8ivj=EYK-wH*$o*vgrP45I<RxM4|P)N|*+Zap-<ECe-Ee+QdPEOlR1%;e>wceJoX9
zCn&N-4J>%oW0kMb%UAI2Io0Y+I3uXt3(P0Ub?sp>jUrW1Qf=dmfOX2QRBdTEHG@*y
zPxg?r2PXDID8Zn8CJ&jRaNLOqbgWvn9g^kZN)>lD&sEE%a8f6vHxZiZxS+nIDcfI>
zh=W!A91G_Q2#7R}8}<6`Jd+(_3^hQ&6*<Q7uqT+llpWG8y_!>l1^3k`>9|^1nfv{S
zVHh0Q>~OxqN>kU6WGQ1p45<af8ejEULz-6JGt!}l>{u@aIK%r$vs4@13flTNVEW}&
ziVr`t*_k`g13P!Y8HIEQO=(Z&J1=wJGf^^C-&%Qx_H89^QHB$0c-kU~Fh2Q7;fH*~
zSBEZl-c8jTR=R_`ci5#9(S*<!R|&r2i}$+-8=ysrE7BM-3n}LK3F$8zW>yRt#g1`+
zF7@d-KcY`_+_X_i4NF66f-E?!2BQ?<mK{|{02}>hlog~HIHxd5e@Y~73p_oykJiR`
zc}%EpT2>v``OH{gIuWDcs{mi=|IXFSSuZ7*+pl*?<cB&e(W|1PacX6LPF!wh2)bHn
z+OR`9yx^0gVp2Yf=FcYrp|Q=PmIG=dpO&Lm7SGpB(p{QVtxtBgD8E_~yZ_3`PFG1B
zkyk8HOI`ZKezd>X$jC~~hu8bvps1xtM2n?;iA2uvUF4=hp^I}imXmj!H~{4#>T?D$
z>{EihJ%?l_O&>OkR&IU__HxrgCMcv_iHhBJ@Qal}1+6G|K&~sopB8Nb#U(}yNv3l<
zmOESY8G$&R1kVIa#2|*=HqtUZu*$X8oI!7H4X#)tc)w<7Z+&H~*(um;I~*z^UunSP
zex-nr1sb(-r9NGub0<THQc}tM46In)>>SHnSc%>RT!<Ym^f-4kNV?r>zs@J;z)(8%
zma;AbB$0|zd@&halI~5M>A*O08wZ9&-AhnwKG1o>6+cU^GkQJErQi&kEVeo34y2ju
zlM{(P<F4=Rz}!d1u?|<nX>DKS6~kGIClO+N@7Q?Ed_E8TLcA?9sv_J<0MQyv#r%=W
z1-4zh-l8X_lk>6e>8Z|K;{fNO=g-Ty)$PgW=cAr8hr_+-@EP&o<jT`(ekbP7YIA<V
z)m%w-0jcqXyvl;j4O>`)!m<nTOTW+gnO>l_<t@+T0a6?1wj#-_%Ococn6Q9iJaWHb
z9J_y{lQ(uAxAeK**u^+1Hb24wjA2x|6+nT8*~c3-x1d+CsZ*XQD;zdDK6-)XaEUWY
zA9*Jv1|pkEIRm&T316(a?_Lry6v@fk;S^2VzPx%wNAL*tfAUO<Kd?QcvUy0A{msVk
z4=DH_*kJoN*!UaI8$IoR>3RF-Mg2_$%H9l;wT##Y!b5z%0jy@SC=8Vg>DwA&Ri7l9
zl(=VXGfK0X-DV>?>WqLI!7K(*4A1tR@Y{jzRm_Jp@7ujTU2)#ol|DE2pucC+ei}85
zhyi_V!<;_rm@zdnwpBM={Bd{HxuTKtNJw!qiKQ$ro}YL)u3huZZ}H6QA^l>c@t`?b
ze7B&9&R?~Jn}46)8ZUP#X2coX|K_($?zV=tYaS_J_FPe-5YwgiNYR0Rz3CMHO39X{
zKAB5jGc3wE6E`+5rI(|~e}eUfW7bfhM=QYEzcIy#+Gi}>-(^jQiu>YxN<Oj>3mWZ;
zD>o8SUx-RFOjg{#s;n-1c<7TecC^}M(txZa<__|X1h6#DvzyaUCD*V9qC7Otha|LT
zP8K^VVOET=iO(RjQ%tIpX{{)jO4627K!*leMbW4&ntideQu-q^x4G!)jca#42JhWa
zD)tEg*Eq3y%^$BT62YHbiC*kT0!u8EM>;WdK>+>K?y6^7uN>69mj254)NG?jjm>6e
zqj+dzm6!xvoQy1fy4E>G%wrFKN!)MBj!uNld(;T4L66Y4H8-b<i}@Rcy*NRE8LTG7
zeDI-%!RVy_-9{ZOB$ksshWF?#tz>{7xl9?Xl1iWWl&PjIIsQ@X#iBxHPK;5?lwLe<
zmiD2d17t(8Rgcja;+<qYB!P%u;}Y}HG!ev%B1%VM`g|mTRm_0ft0Tx^cz4){$}hj9
zm0wB;UBksT<D&#3sWe?WN?UBW36}P`Z=t=Yjf11JW!PxOwh^RWJmC$6E~#NR5QVtR
zUa>^p&!0*rIqDG%d|@9Y<mHLb*o}&}1Z$P68*kqcsnD)xGRXh^w=kU}+>KW-8ub3?
z`8dNV14jSKfnT<4_^xFSY;<!^kbH+lhwp~y8C=9$SbVI;@1l{kT^K9Fb@SW@*o8a_
z-DM(?@gh=~e9RB-oS6qYM*GxYqWz;-_vApJN9a7@X&GwiRA+7@8LXq+^II=*i$Ord
zHOiSGH=w{T#4qYoT_>uH6otu(vWf~pTU!9>;97GOq2bFWerum-yp@QeM7)mv3{5i7
z3n7Zi!KgsiG3nn76tntn+ZM^oxRIdA+%+49v^i(Y%54ra+0)%RS-XrvD2(DabkL#x
zoBKp*oFN-xSWzUfk={3>K*2Gf@Aq{58k`-b0>48|K#akBr^ADf2Kn`K1hoYWN#V`o
z`I@nX!v;=*%3v3TMhRTDGLj_BDzlBeVkoR*t;d2III(-f`Kc{%;FT+voVpv^G3DM{
z7^@ypUs`x&Ye18)bw2rwPONQxbm=>PawO-5tPB2>sCeJvrD{hCG{#Rl9;1L_Yt{SZ
z2}DSH#gi%Jza?I*oW44zWl5~NtG1ushX`JeA^{l*e%~?Y>1o%VlA2Vt2hwL)d{=+=
z<Om2cr_nNLZjet4k@yQ=q;d@h{&i{krRQ>KNjTTMgWNEUj3QUbmW1D>h3OMA{K0H?
zp+TPIn961x4?|+v=F48Ta(ya!rVA&RutuUbOD)l1wgk|{c3E-5oDYnzPAlZR&I1DB
zk>X$jpAy1^Ra0#d5X>=tj^G3}&H6DXvORG1CW=&+*EB#Mok`;fOpd-3fYlkpb!c&E
zBuo6hw%CmX2d1{O;|O7F8WJ^i>rzKPxdUBH?`Py2!U2U|UBwCc^8zI9NuR!cM0A{Y
z+=f)D%#|FnCGQ9rQ^iTNUk})*>*AVm^3^%0JJ-Q%=P+yq7zBtNBonWr%|Sd1;_RS*
zG$Y$S2bL_gb*9RmIP0(_H&p7hGI^1lMPUG}v_q)?Z%Es8$Xp$wn%>2qMFy~E=6cDS
zgAZKQ9kE605Q*$UJwo_Y+seWk&l_kGba|fLokUXhZliuc!V?N^I<~dT*^V$&e$X{X
zaP#iVKxC(1fqWUVGTSp=D1eM`Pcrr9E)0k8mCYS6BS5sNuC_5&l&(ixwt8OE&xQKS
zq#TteV<<~c?{07W2r+plu4|W&a_^C1fe&Nl*Ii=PSL46oy?mMT6k>10vIGG7=VneG
z_Y3vfVSoU|a0qiCfCexrnui2wLC_#^pha9=Rzgoz4MjqN6POA?zp&QK8!K3by!W++
zx}m#nXkvM4w<pJWoW-vrJ6WO=OgZyi>7(Lz4`w4quF;W0i|0wDaL`~PtT|J!11=yL
z_dUrWXd%i-<4oYWT=}}U%)d4udT#H}?g~}K!bSQw^*?K$a3PJ>*8c|n{?{1E{O|Dh
zH}UrLwEtbaed9kR%Xcd02Xlr){LfOfTx6fA#uy%08d9)nSh@)DGx7z1yz&{pKgR0;
zcm&7HIh!=uamWsDf3&}CX<TEr4E$VvXUtyhbMr{*kz~V3#btBIBMqJz)WMJ!%}ew@
zm|CElef(q@t_Pd(G=y~J;rrH;#rGMWE{xz1J=1`P9`zgUb_BB|_+U*FCbr>7a<f-g
zPetQHbRJLIOq~q894wg1sP){DhIxwW$2{wGihi-<=zMZ@1xl!$ke5TWXx~ao3Jo=s
zjCt>{C9Gn3E=x_~v`=z!Y48x#Zib-3`}jUI49vw6)t)^8fcJ!qJ3$?l^BaJO_p?qD
ztBh69-v+REz0r?aQE^Ao4AGiEaIhkZJB&K$%HBdN+7F4}<WmdD8CCcSfliv6_H?6g
zZeL*Tow9|f?C1I3)Ve=!P{0*Jzf2V9vH*viRjA*x`%z=8Tj#7bo??%!Z}Zu~cu8|s
zLU*OagY5+(q^yl;-A$07$L{z>KYw>+obSi?w;+h%gTE(JhFDe-OTfaf-Y$dFcgMfl
zdEd9>vLqRayw$M#Pip2cryl$qi=;Gqq}~64&Z^JocudtGXiKURfl2M6zCE+|0+f>|
zOCyEvY!JV56#H}QN6=$Uk2WX35Wfs<y_piyqHrREYQ6p-vbpu-Ztz`Q%00(AM7RfS
zR@-_w&&x$oyxWo3uVW=h#lnv=da~s9DkU8i&+r|ip~Wog$kTGj%MYK1P8@&hE2fK)
z75o0={0j0$!Cyfmu=~yBo~=%+`-jR$O^@jlLH-Hk8dR>OA*yWi6GM2)^aJd4&B44L
zHCff2VB>)SmB>2JfO}^G@zik+NC3a>Qa7kysx#MWN^qeSdLufNq<=nvny{tVnqc3)
zTp|*Y)d3xO@XulU1riZ#@ezO<h|l3abA__M;7Lt%$_>x4KPAyGDfo@l*6O=kC=B`G
zpPdBi6eVfuPDpuK$Ss#H;b0)9&-<{=B813{Ui%S`Kle<g4+8a70oS)E;LkSSYwEj|
zOFC3y3@OhacA16E0w5N`x4+~!&dehqcO~-MwbT@W=w!*rDii|sjr`&hAmt<z>cYjH
zOTr`O#`g6lc9N;l`4r%&GozxFNhm)}u<bdSYM%up-m%NIn(7h=@X}?dt`UcY3|>>#
z#Kd^tsq^P}>bhB~@*)Xj#%_gI*P9rL$@7?368Kp!V$ofsLlx=<HVl_y;c!ppPyqbc
zQo-2f-~lKnJ|UjPa>fLsorHDS;UN%W&eT7zXK5Bdws$b!5m#hNmiPL9c>D5rs=n|2
z5|tsz95O`_$(`>_DMd1sDP>3@N+P0!C_<4E%2)|ymMK%IgeWp3B^g6h6osTzztcVI
zaDBaBuixjd``>Nf>vW#I_p_e0*4}&VgS9K~8&+vsuyW?FaU7d}FqVJyrKR)7&&M?i
z2_D(Ja?82yJwYxW4m(&#8l{cuLp6nW;&3*$YwEu*>kB(EZ1XH~-kaj13cei`$I3st
zkIlc>>$LVqvi&a2hmonTSH@m)JGgJ7aATErw9h%U6}_9dJ4H|Qo5tx4J0`?;?Pp#2
zVF!6<v8rh23gYWiB7BsapZ8p_+@CovRb-PDv-Kcb+(y+`N1FexuV>L_X-?TWCDXdB
zT58}^<C5)S+-I_`-zxZZK2K1yJ1%vv3xDagk0s;tPxU?aw~<@tu>55C%W#6@0sm7<
znFaf0BJI0$2lZ5wZa(I8tWQauw`=&$OZ~xpM!u_?RNQK}iBs8K$Zz+^KCIYVy5zkz
zxy4y?IIFkd3r)DFPRmI)Y~o(AV_<(eF-Y8TNlW=4?WLgoW9|0R6}=|c_FQu!RLK?w
zHmx}wKk_*#CM_n-xH@@Z+RnOqiA%9;hd<kF^^rO~Ds#=W(6YO)b!GF!mfqSh-p?MT
z>;5WBg?UUW->lAzPMVOIe~Dyrd45$vRbR|=0bS(AoR0jOD4kxMrLd3V#&;2;eDU2^
zga5<4&s-otRGz-Q1dqf0M^X%j`=63xNM&Nz9{RcWF~@`HepTO!CL#|!bxOBOj`n{m
zmi%4v$o#js6VgFBLrZ)n3lE5LxvYv`$iY#&^OMi;@rf11{(cUYb?$}Es(YU(8*#IZ
zh7(qEtz2v|C8NgT61_^YgmC=%VXwdS34-%uvyaR_XrrzrB`Y72vg4wzRF(S>->1hX
z-<>)W+Iw0|TPwVnzY3{Kyjy61XCZOwM;t*+rR%!LXIWAG*vpM)sfm@GpY-mvOn&^(
z@5Z_kwd@by$3zE**c)8!2-p|%yuZ7|>2Q6q%JbT!@h!ZquKH6hXU6l&n$A>)4IZEO
zOzGNadNXg*WX)A;0=E!boP2&u+2~-(iA_}{bx%)rX8NUdYj7vBUOc_gk20V*z)KDu
zwW;FC(0N_^EkZ^n!JfmwkMil}9S^&-#oM>bv3Fip7O9pQzxT$Rha)n0;HCl(ZCye1
z9p9@C`r8&}&Ra`+$yw_AQz^Po!BIR-ba~EWrLpxFR~<Bs$ke#5XdR(IQ=U4YBfl(b
z&jO+Rl0dz@09*S@&VDL#O2ZzV5if!o)2rquUx~i@efz8Cp_JkWj$2G~cqz}V@&apL
z9!(L}x|Hg!<J-7BSj}3N>+gg2h7|&jgiZydp0KxLA-&tU!*gw-$hL1W`et`_?k8oB
zu)fq*imoC|UE(~^^z+z$^5_POJ;%LmIJuW*6B4Y9<zILX2k*qW*jDY!mUFW>zXQ20
z(NoE1QNwYmi8~H_B*o(Q2TLEm-x*u4_-VWyXIAYx63EMc62~qXBA;O8*_TsvB}sC8
z`>DmH1&<erlPH(2Hw|py^R6eJWfywSRadQj++3^KcI6-5<4I1YRdu~Y&r10mmqiA`
zKi|E6`f^XhysmufXBQ9t>CG#beLa;mkhx1x=XOG-Thdo8hr*8Uf?L#f9edNbHnHX~
zEpF=v^P~BRsdxuzom+<<B;H&5zVgeJge9x1NVQFOd>%Y}K$OOD@Lm;|tUeVRtkqSP
z7Vj@ZV_h9-6u+>4Tl@`s;%08{m{=uQyrh)S#M6QxVbl2ig+6PxF0OU$Q?s%gzxGkw
zQ167hu2ov=?YrYO910e`JljvlB)Pq{re$4@5cu=L&}_K%iPzozD|Rl_^fBHzexZDx
z>!-=Z9{g(Fd%4eT-EI-8|5J>5HlXTp!pie;^FBFH*Z)mQT{UESuDsUWKzf1Lo2C(~
zyEew3r1p9{9_Tt@+-CUwL7!FWPIA;kGmrLNvC;7_&BfI^_6h!7XU_6z(A)FE@Glvz
z-ohf8;YRa&mw$C0d%0#R(}ZgATEobBa%}&^g>zP}t|ulv+S+{o++C4U9eRAJ=kd<i
zuy!36@uaT?b>F)1?_^cA5*Kv;S=PW>lCeDY;Aq~O^wxVfhEfl1zVu5#<YswT<I|I}
zW9?gRTKOE)6Ir^Vd2%mB|5tyKr(x@N-d^0$>gbk>k2ES9<cv4udKB_-S`|9h$TX|k
zPU!L<F?1f1yJ(>OkfkD-B)8j>@@u1epM$fHY*Y)E&rY2m37hVJKVs*2*0VmCMy})Q
z79r?zr?(eW$>3uYgmq++Q@H;K$MkGIJ2Gri+I9W!d>xOE<#VkcYSHMq9UO(mf&Ad#
zXFQI6Fyh}whSL%_!vA#DdEM-b;)3&3y+&7=OKvthz-Q$p=Xulit(}4nw|v`R=MZvr
z)3~F88sE_~S8b@5149WF6XH)+=diPxpHA;OVEcQDr)-NU|CpwdV#Da;g0G_Yq*yKa
z{rX<FH@)bejL=xZV!Y`Yhw2mLCS7&u^8+S9x>9A2_UooD_*(OGo<#4Xwc1+3Z~1#v
z1}iGETe?e{fBlFUrxiZjBm352)lH(zjRn3tgL)$)+_DFs{g#OEDvt69TkXLS>Tu(H
z$@V=`-!esih(<i)6>GcXc1aJPo&Eaj`J>-%ihs0ua3|-ftnX2k6`NU<O9C}-Al1IV
z^9;9Gd}P0K&1L!9DZU0>(H_~O6$5@L1fJ#mCxu*`inVX;5i0Q)*d4r<I&vlZq)C~Y
zi_bm7#VvbpwT#PhX>CthJjEk%<;i|aJ9dj6K2No{)M381&(acVa*M6jaNMrd^C*;y
zEX#{|_{iYYLJe-~z<}UMOZSQ~<!|RVZo9FMq!G38fM`frV=zv^QgJkfrO;N|_T`nW
zmhM+R1orZ$>*V^9>wj1ru(--z|0J^Fu}bXJl^+Wi{iXVK7)s``|A?v;<Nm&Eb=ag`
zuD{2_uwq`3kKH{~HkBL6KZSbLzOHTP=ILJW%;0Wt?OKz}7nB&K&I3V3aR&t=V{}7J
zbGb^C&wdnlTK#C}bN%EidkzGOhHr9Yy%bQ*60aQeAUgW0jKJmPSGL!4bbJhV@UEAx
z+LF5E%kczSGQQz`ut4#KN0LZQmHRiY>@?^e`sx3^Ye2ghi7Q-{JR(PmMg_-*0&Mg`
z%w9A<^v@{N^Aoq0{}}h<%QB;#8hPu+#jM_3j#lyA<bPu$MY31UbE%qp!oHLb9lWHP
z_ZQM%Z_FqR6g5#Uw#-xPO{?0PDzCXhs%1^VwZr#JMmFoLYjnHaudNYf|5n#XYVWO&
zhV=qXL8<o-oJvZ(&$FQAm)zUqjy(&ll0IB`dYHdMLs7sx?&^xhAcrDP)7L34Hu)Fs
zZIgXRJ+;))Jt1`O5}k*y`K$8OQ)G|C9u5Ao>eshR*KtEHVr4B>8a=ww{`ldyjYo%;
zOGyWDwMX6-Z7&<hl6-PG)hpQC(RjY8<)H{U+2(uxriII7CJzVyQ9gTpbKIKIJCy1j
zru#g|6>JY4ET6CQ@>I%xhcCjM<(KB2E#No5VqtFh;F;=CZIW$0^;IF8=>F(kR@Yf6
z_8-5?TYfn5=}*YroPr41+Ctxg7k5_$Iv(E0<CRsb6LMTwJ3d(zzmhl7YNvVTbM;5p
ztDBFX=PQ4cP`T7^Sli~@w#q@N7OoF2N6U^caY?(N896FcR~5R;@hO!>^|ZOG>CJIR
zwyv<pEgAD`Ze;xtUGkGF#XUx4-^KGagTI9D_O=#}FS@9vA|&c26h=H(z9&yN%XP@f
zb;HoLv>SxM6UGg<<EuBg4Eerl68B+$S-Uc4>(|N;OO!hv_<tgYZy2(Yh*!~6d%?et
z7JcHv&odg;h1=HO{#|Ci=i^uJwE-6|s#rEuE_zElF!=Xn<xa)54ULtDJ|23)oqMfF
zI96y`OW%pQCRvfT#f`gSl=58*vMskK^u_xYC2SfdT}U1LyUXbPg>i|nJJn<VVGZdP
z4z-4~nX_ZK|EL&`$Ng^=<LjdKM!Y5S2M+&MsNWkAb8}B#UugRa$Mq30$y-lstkXyl
zsuJuLR5T$s)^&WV^^y^_9t~5X#<8AQq}-%%-L-R6vg@plTycMEX)@=)xZ}K+O$qyN
zcz#;^Zh`yPO?^_V(j00!2YaGleE;Qj&W!DlWfR+!SdupDvLMMD)B=3KyuU1=`U}67
zd(2<g`)CDX5AX5!bX^lFdenKQ+qiV<nTM!~#5J?e;cRkCg7)+LxT0*iuF0pJOH<<9
zN@4q5X~uQ$oaA4g3Qy6xnvuA1#5?ija^;qb&&3yQko4QOjBA71sinQ4gp3Ua8PaD<
zbHav-PMPkIJLqp^wp_byMc1=tr*nMq`ke+36_+EY;*QGmojDm9r7y#2suW?&;<HCa
z1AldSh(veC$b^)PhMi5aUtH^1Z{JUsBl4c7JlP_+D@dt$-+Qwj{*%9k4L@->y<Z<C
zYEi9y+iaD9_HIJ!tv@+Ea>9eR<f1rM57+W;QoL;t-*0<c!t$|QvUbq3*B5S;uYII;
zS~-;UVeJX&MQo}`_9ldNr)5U39<gh$32M&UZrkQ2bpLJj0gr-=G|A>c1Jb8^GKV;=
z$)~l_Z*g-_9BguAt(RRA8!|EwlB+t<(yNymVNsv8HRJdD>mk4Wx5?#BNe(nM^NZ`q
z@8tjZv(I0OU2pKmn;0LS6)F~E&vtEQKVf6;<-o-?EVwE)f7$nsyVr5(de{3`Oo_i6
zX_QUqT9VQqDjKtn+iTf<_g%4n40D<fUqAS!QKMs(-KJ-IveuaYcrIhDIBLydpLkq}
zaKX>$>X#fTf0s+%e?D+W^O(Op|3<;Y#nF7bUUx(@$D$*3&TDnjTJT$o_89M%63oc+
z+p??J^X#RLw*~6#>6b^g8<f7i$x}hG>y+8oYn$7lwY=u}z?y;$xhJZ|Yse1=J>>Ha
zDNgKnN}edn=2>RdaG<O3yV0_ae&>r0l?x9eH%juV$0tAc-E=46TduO3M1#7m_(B={
zqt{C!e@#Wd-s7Yo?lSqH=0>?KVW|2YUMS?G^eI7`q5=mciPb|#ZViZaEa><ZU7~Zc
z@nT8Qrc?37NUi4w3meH}+j&}4mU%7e+@0{#{~UL>_wvHehh*FrnDtFe94rvR@dh1~
zKWhH-uyK6Gm+{Qbuz`&Hw<kVOtO}~-#6A5sW_Z1;&bya&XwUViG&7yw`dyY&OH)<O
zE<M!o`%7F{Y``J4byU@3O@D4VIh?K%jD5p8g%e-y_g=&9?e5r#{%<1-?G7*SV2kU!
zaPV@b)*GX;R{_tzID1IPztYWk<!1LG;a%7!b`{NL`^z>?-PuY@k9+sH?k|@;=`eCN
zgRiIL(Ms>%lRQV)cuJ?VA?M|eC9W45>EAs5;j2cczj%20wQBvbRWS`Yso9%N4zV^Z
zE6Gq^9aOJ<ws0)IcUN~qn7wt)*+(Z#esoVQx_+*=;y)}BL%Dg%OoboZ^sVEJ{u%jy
zx;LjT%D}aU%pcJ8Tj7hj`$67UdA7&`jBOs_daILZ&qvjvp|jSk#ZSn&x=lmoh)I$?
zt0}BKFXDRafop0_kJnGMuj>)F*z)*Q_V~uS>+#jgo?qFj_9#7uk5x)p=rpaDhYfd5
zd%cln1G#sCo5Ydx@HTBK_NF!$E=Ve7{Y8Ah;?vUc`b)#xJr)f|JQCApA5aSDOB!{W
zvRXVp>G7}lYjKs6L&U==r{>+h#wxBZB`fZrTKO>W?2D+!i?{7Ejj}H}({@`o-##*U
zy#l9K&v2sl01}~Q#^-uRzjPmDlOZ;!E!a}AHkZ%6|DH_V*y6If5x(|2k+pg01tSGQ
zy&(<_s|`LRR`BId9#Hxmq+Hi$&0;$L_(91i?VuRelFKEEhfkUqp5XNNJmI(_|Ez1d
zz1Y^LE;m~%vve<xhWJ-<{w(G*@XNh>YoDZ1j^QyD_nmgx`@)ws%dT=a)w)fIepN$0
zBb*%)_SV7pzEe@>9@E8RhvW^@ZqwTBeGejc9{WYv;WnIqqP^yaQU<T4<z{|9IZpNl
z{=av=x5^7%;O$-ABCBR)d+=M$_FIW(RM=l0+ZF9G&~m0km3_It)KBkL4rOs(Cw9JG
z88V@jgn#j?{TM-r&90&OQ_<rT-_`>CHE{y#FK}d>cvQ0{Xt<(olTIt^L!0+|R1bVx
zreMY2q%C58AD7*yXmotsjV*N4(B3G+V!v?nx(|ojR3wVZtg^ejWOwSYpZ?U7-6dR`
zmU$qoW>hC&Y_at=YmuU<^PZy>Ch93w*5Ox`qx*!@+eCh^f4<D?r=Vu$d`G2i6KZ5X
z(afQ=s3o!DVadX@C^eqS$_qW$^?&&+eYqhp(Yz_!=62_1nV#Z8QEyva`IJD_tA%=5
ztuAMj)@KN(Ty(3}T(DwotM%%aOOg(Zp9xJ<k>8gl5}fy%$Nrx7j>7W+UmR`=?kZ09
zQD57ze~^EB)>Wl5Yic(1xGZ)qI@wq3y!UIDoQ?V0zU_*nf+f+GU2DInS+D4hc%|y~
zscq~9t^KY2uteqBDvNUI&SMuQ`XjU692;DE_Z6$Y;-!S$y=CG~pFd0$=kvHOf2Z1|
zM;SaVoL3N9E_fw!SvqNK(~hkJgiP7j;yMin-vnAZu#E5Dqmx}={1^XAP5snQvTb2O
zXh5`H`c{(a3TrQ~Jfq%GgTl77qZjc@LksRm6v$ohN_uW`#NfNyfeQj68~NYd`lMX_
z{Mz5;)um;!K4K5F${auUQUlYBf6PnteVK4(pohJmWod?y;%3e(oYt8)cE3MNZgJo6
zUiDXX#i1qfwcZm+?W;GihT=DjSri*v3NO=5%kt*B5ZhFlV0qs)+VitQw}awaqsY(X
z!TE`o8ebe-BN(=M;)39c;3r}ko@{wln=h|jcBIQ%Iz7nm7VpQd4p&jjeVX@j<$Jrx
zK|hA3IK3W-EdCF3L^m;X2T7Ssoe3AI|Mm(0-*AzB+4%qWq)S~C{cwHY@J|8PHbLj&
z#D@h%#AhsQZ#7~Ue@^(|8+OS2e%^=6#-$(EPQF*Ubs+mlEw|Xg{9L}px!cy!hM#Xp
zIQm$Y-(vL3oyq5u<7)zgj>$zAU87nFt9ADr<(1(%XU`I@VpFZ&_N$1yfTMBmx8<jv
z>dOXPxpn#Cb(5GaA)9h{rY>rIj+mqTO^AbpB+T-5*5A+QYLMhQ^y81vfVAsFYSvpR
z&gq2NTaBOD`7djarbIc*2MCs=c6-*39<%7zjY|Bo$j1&J?>BHSt+n?s;oQN&0GYgB
zH>JL|lX4djT=()$Am&J5x8Ch{y8P{n<4?+OyLM7FXr<5!r6b>3uS_hkviO#MCU4;b
z7n`c9)_mNhJp@aKlls?=3N9Z1SwMS!Nd|E*jL!3xzF6f_=Q?<5vvkk7>S8`4KgZSx
zAAdu&q?7Z__TLMT#}{d3tZKmR=Hac%%oKU17UFBld9gOtHBb8<DR(fAVBiqs_|jCv
z%-tdIbc1PqUGT$2l-njF-8Wb*MQ#}k-G0}5sO;&JE43%Kx@R6968AYKKk`g-$~f50
zZ^?)G6_O^q%8xwCFi*=_ylu;Pn>%Z!lH@^B`~IsMMr|JkqH1+k@_O+E%>VizDl1YV
z<&eg{w`M`##~<8f``S_I?<9Dj>agPG`IL!~uVbM`aqErJuQeyT3w--nD1XtFWHGgI
zz|bb6>*^`r!RQ~p$NIv}&rzzkeA7z1TPk7o*dJeCv;1Z8gRaK6uQI*O7U=z*e7yU_
zrh$=Hk=~P)!uJ#ECr1YZ?y~d67yI1nS+X&f;;o@0*6~zi@6YzfJ&9+Z2prUI-f8f(
z@(9bJbKMy)<hZPRQa+wIt6ANfn*AV7GjH4$_h3<B%!I1kTH*Q&jmlBwBV1Qi@-D`u
z-;?k&%Cn9T66e0%6mqra8~1MfDB0mkq3Gt$yZP0eO=0rpYb5O)xR;LYOO}e2L5TTR
zrPYsLp8t{adzHK61zjR--!F}DcOJL(@bmn2^{>JwHvU?z2!Zj^q_mdZ>boD=MvbT`
zo0cJqH_5s2ZlaF|pSJ0Hks2r2Wu2}aDe!V`PP@ytcc0f1xA2A~1m)~JCzWT4wNC0u
zQFcRH+xZ>MBv%LS-<Bj$m#92eQLS{Sqieo`qt<$=<MrZBuIp2hGQP;2S)V>MxA>U5
zi3k@Qyj~XQX4%Wy|73oGRjGB@Y2t;S!7DD*m(<wOT7Izg+Y36f9?ee`8ab@^?bKB4
zj^5Axs-G&~=A~x;4p%g^&RlA<tTV?cR8lBEj`uH#`+BkV#)8_3Pa{`b*eq3Vgev+8
za(o$DU31I#V>iu3saEA$Ecf<|I>nZ~EBX0Pg=AzTgtskx%Y#cP^BlOL`!Luc|Elap
zO}kZJ)9~>p%slUj=AL|iQfADZK-SgT|C?s>ia%&Qi$&<J1CD;#q{Kz5E!0+-{%I*I
z${dbLj<LV|XU~Ztp#h1WZ)0))VX^2|2o33!3DXt}DK0hFVj-u^|Ch6Q4|eMuMXsxO
zIEs`5Vdptoaw?x<s&$6tc)}ZX*Tu(friE2TO4};gJ}J?9RGNQZMlUFY-_%K7)bq1X
zd(7~=uM46>&dN)SyXFyn9*kQladCe$s9(}DUWWTfab_9mP(H(ZF-B^4#;^p}9iE#$
z+L6vHmT51R;*^SAE)sKg=cb2s#cVH{PA)i_^k_-FDNnRm;-(NvkwkU(`gZSM7rsj2
zRhNr=z9#A{uH3@X)%*O|7?R&VNu1meTXst^U0NPrY;F}^-z0OVNqShRG^qB#{7C!2
zZy~!cHCTuTI@{iVo}c#TQ2J#J_rEIVN9AQ)xF;6pTk9QdvUv4I(ABaiv(ZLXz~+VC
zuC?ybsb|+ex8d&Es+z4=C}G&5@{~)`>=w(nlR?%3$cYa9t8I3YyDbZdAIqa$#2Z{V
zCU%be`p^)TzClp>`hd=J1+||i_oT=+4UD{N<EZ6u`igt9q(k%0CYc*N5xl*@JQ-}|
z1BX~zG%R+!^R{@xvoY&3&p=vgO^SPtDgPF7u|<`@icyN;1zSQFA!}hqiA=p0zgEnh
z^u%VWSJcnGY^pgWzN?2z=Q-by_Q;WoUUw>vWVw6^=UKNuIBwPG{WH2z<GA{~U)0G(
zPQmhPk~1$0S{7Vy+@R5{SHfZ^Z>JrqciMcOv;|MpndRDF_ABr#`r+ZRmBsKfF;ug2
zY$_-Fz+m{FAJ@Vp?!QstWy=g`HdGVXd3&S5tG!zHE-VkJQub2XWLoL5CNe!JufuBJ
z7rmF2iF=GhT}o<#S0}f%6>zaS$A?c9^<RB|PbF<vctpEu;|tB(D(mar6*=D~*6&R$
z`xaKOw4%V`0>`(+aNop^fR{h-9L|?Clraojd1P|O=QOgv?F)yG4;2-7->=cw@c6HC
z&f!}FZ#;1w?YYqcXLKr^C$6>@%H@b1T<RrP64;~lQb#rM_qnkfVHOXr9X>_eoP+Pw
zadl|uc6R=)S@Pb0>|nx)FfOHup6*Z5<Y&8hjd-#~#q#5~XL}~37fV>5+jGvITo(Mi
zNT)ArHCMH3wCy5qkG80%ZGF!<zvsALHx6^!xXjV)eWARSr&RLWEB&q|F`J)`zgqaU
zByNrBhw(%0(TCS5E%c;4F^x@XtWFw|vl<*)oTT`Al<oYO=#h<A{p<rh4dRZEC$4w@
zup&3FK)#6eh;nTo!Ev5%s9Skf_5#OsD_Tm1{Oh;AVBK?ni+jj-F^OFwk1ianXxYB{
zNS9Hk?~At0zqRg9jNEG>9k(_-e|NdjK4c%&R(msKFMh}UH(&NvzWqWOt2T+9s0=a8
z{$yVIyZ>~Y(UFK9%YS-1>?2lxq}{&Y?YSeYpv6*eG-))bX^B+bt&mFjgG;&BZZ&8X
zwOJS#S@n67$Of}>5~7<dZANm|()ONtuR;_n#d~vq?O*8i=J>Wxf5V41`*?4!O^fOK
z(T&^u^sDaStZz**No>ORF4c>*kL^jtRl966!slKP_;}{CRr@Yu((iq%CD*(^^77F`
z-CNZq4nB_lBhP*aU6R@HX0ACyO%!U*7`E`^ag_fsXY`_a|9=N;&t4;>;;Z*Wc5y{*
zAwg|?LbEGxv-_L*tMuAWoKW%BKk~%DB~!9htF>sPcA{p7-vTF<?n0wQ);U*uy&5)7
zY_C}oUCCnfsBqwbRjJ6L%kmX0zr$nRd8ihz`V;81*jFe(G6sj-g7x#yMXOhfb2iFy
z{vd3-vRIl|Z398%04K{7yO?z=&$<wy5&WMcdj#3HzV!Q1eiG;7%5uZO16kv(x9-h)
zadYGQ`H=#=4S{7v=RcE|+DojicyaFC;%$akq?gfjBNg8fZZw8pKvGoUH3zs0?YFJ3
z@>bs2@cR4tebrVTmE7EAH=<+g!*2#?&Qq;iDg5#ZXY`f3#v_5>O2fH&+GJnuL<;dw
zJ<a`mxr`F_?XKO*8-(JU=^KQ(3H9IjPtKR^RAuc??+fx{GYYmFvZ~_=dw=9{FtV13
zJJj;U-p%ykPF<lXo@@$j#~wqWDp^&R-{O6(PU=JCZ!4VHu3F1qVaeZ7z`EzU*PS#q
zmcuMrl9dfBhDRNRuaPRl0&D%G2|BULOO}^kv5_VB=YIBZU$Cbk=7{rdVz%)4<x|zS
zK1jOQbiSj?ryse~@U*Y0WI_7=x^EWo!)iPta^+1Mgw}s?>?q#yg>>a`hUdJy+oclN
zbaQJG*L-@>kR85aQf9N##whCd(5!Gi_3c`s_mYL}9bGMis&HF3j#=3X-rXFOto$Hg
z^xdnR9oN@9$=||hoZ#4DY(dyv)*2-nAsf;foKI5K3>}u!kv6Rx=`ExVQT*$34EnO}
zl<3DEF1aaN^-H9rv#9%tuaq~RzQnl1@L(dPI=W6@U!(lSzRhm3>)g(NRQKA);q}W<
z)MY^T$Qt!Yqs))ulR{n*0}CsI607rudxtL43KAam?#QeEE4nZsc30wucRSx+T>rFv
z@?}VN<Big;H#atfhzYIPRH$!$`moL4z=h)lg<cQ0dJB9Vpj{b^-II~ylB(*eeTZ_T
zV1C$ht7Ci5AFpr9?0@j__S)RNcZhs){iJny_g3uQkag&e$kpMnoW<MIlvtxKpHIAU
z%FO<~m8)Cbk9)HFOU#4C-JUoI?_#r&<sz(UAxe}vuOEo_U|;QOaC=mHw~M+!S7CDu
zKU;-mtiIN6xm=b%yb2*#dJ2{)#P}=RP`KUp`HJ<}NdwE#Eu@Z#P`SLdjgMT-4)o=U
zD|z5k6sxuO?WQT*dE)J7<~5{~mbJ!q&0`0ye(MM34oA(+?=LS`y}3D4`7S52HpzXY
zUNgJ%`lT;7_rEuL>Y(AN^)z>F&my&z3962dBJ@Qs-}Og|=q?+QlME}k5V2>Y^u_k%
zLyp@+#?qbKKDVC34F~+u|0?0K(#|w&Jgq>A*E9e>71tab!$Y;zwcf<leMr5QW>GaP
z`F_m{fd?B!+@3z@{a`h^>a{d$TanA|S2F38(DffW2`-{;XZo_<SO>EdBtDh-tW|V@
z*u4G1UEHxdHS<H*n{GMweQQ2jYnOHGR1Kk&y<!7jc+}{V?3H!jgNE;JuekXu;x&s#
zk(u@lhpM4rf}N*h%-0Q?yVt++-%BFT!|luYwf0y4#t7}513OwcZudruDN*W$YVEZ4
z{5?(l@HmC<-IlUyq8_i~#MLG7$t`Dhwy3FAENE8CzcsSeyZ2pqV(+1c58k{S)~L*4
zU!OqRA+epMUXi%^9P#R#H^#{v)<Ldji#}B^s}WRe_<1*JDC_GcgM$~({)bVWu0D#x
zlcz7I#^VY9c6<Dvs1{H7XKDYxMztWCel99-cq&*)DbDzDrrnr#<rzM&+^93xnoZU$
zG8NhXddsnG;d}#urzgK}KgA`V`qUt6MYZrPyMB*fpFj312>bgbJS=*YbbO#8hO@SG
ztD1MMZFS*_9ImOaic2lpCN_VoPfWUV$MWyngk7v}{sg~vUbdfK;#AMpoDa=m^2I+I
zNbI&enJP!S9Y>CyGwktL7_h&|gK%HW&(Yx5XNl`BjgyUONe}v$$c>+`D?2V{W%7H~
z&lYFp-^A#0V>=B&TlVJ?9x{T`9Gqdde+EzzLQKlIDt0>znJeX{4R7tb8)Vb-=WKEC
z)bicB-l0A(zJvr?#eVOO9ot`7!v8UEk?Yh-U7J(9PI<O5V>eZnTo7nyb>Bod6R~e)
zm}V<qR71{F84JDn5(9_pb`&jIf2ZZ6Rig02fV}9+ERq3l>WVbm-^mLFlPZsm-F(22
zXfOI{@{do^*OCtI8rvA5V(u=fPbPt3VrM`9koy#3xG%{^s)G7HZ&k<d3!5s6bgMix
zGM>}U^N%Ep1#?;b7Ma*3l5wkBxp$wA)MRW5o9++3o!=r$y-ztfi=AsepcH6y(?s-5
zvkCj@^KZ^39m+P3e_~;6|Jax;*W@Vp!K`wV+5XRR6~;R$+XLSQM{|B@wa5|MTFX{<
z{OU(L*3JvW{zElic9}WHe6!xi;(77gyWV=ooRU~o+Pdn1q`lhR4=tQ?oM?AWpSfgy
zctJ-VyN#wnk+?c(&&r{d;$O!%Mg^C;-zask?>nk-w<f%F(dh)vb>SnvErF$Fnjh+F
z9R<Xeja!d3hIqSI3P}s>3aA&<&!n1EJn_>RyR|vAN_pU$mimTsI*%iS&)x{SyS#2t
z$I^JCzOTM+hFQ3wK<B9PwuJi+Mx}iA9kkQ$IeD_Qq;l+dLI?T#!N}0UrnBF7$hD;0
zITtlP!6Ck5UB9QU(a7GIb{*Dmg(5Ef?9iV3n*~zLKdxe}Dk*Nb(WtXPxT8L9#lC#g
zT|uKYq=rNF!9L-ROD(UEy6lS$)Ed6UH>f_mn<tvDTb>i~HJ4}5XDgTEfsrLWo|*=@
zj>!j#TQ}t8UQ|B3LU{bu@f3gMv|jry&&!YhkkojnU2*sOOWW{`)#psCk4k@7sL-h!
zs3tb-P5kpG`uui&<>yVZ4H+p%^LrYXI964(MU86nFON;W&A-NdZQQb#-@j|iac5m|
zHf~AK)Ucb%O<n72*qFut+(hWcm2&cUr?qo@$GJU~Pwxc$x?-DK^OrY5*g?N8qeY*k
zR6e3dvu+QYn7V<9wJ`CCow9K0<}(YQOAt)2oeNEA*&<WA!e=OK$#c^R=^JTZtLuuo
zkBXe^6JvW~Qmk7debnh$oRZ}+-qH%Uk-yF*eO9ItVjcIp^M<XyY)$yFpJv*^HK-Zg
zRL5Ez`}bm;v*Igi!`Wq2yNs7{RyzlMKmPFlDWcxKUG#jt%Tw|7qxSJ-Dj^TOL=vmV
zw&2;{FMYlvdTh}v^}N3GI@Yblk2j@Ad#CEu9FOex=vBNiR^5glyHsW?*Oz|9!yrmJ
z`uzL!A62jZI-fiK`;<s%xwJ)%v$yb5vU`&KX=#qmJ2i1P^fm;3>W&$_x5$)7FYZna
zG01*}M#qU=+(zq&AJXsC-devj({;sF+mn})JE_kv+zS<v8u7TxtCeV$Hn`U3h|4+r
z1!J#QnK7~N_O`Bn?{TMrJbsfnU?8vYwVmUEt@W;nk<A5*3py$;+fW^!dM*5VE$QZc
zT>0*GM9D7eHE#=@xOUl@k>%6Oikv(fx8A;c`c>h(o5{Ota-SQ%%GDbreA?(MS#5Ia
zu~DvZJZXDpeD;>02lz`>b&9I|p$bO=b;hi(ulQxdu2VzUbb#}S-?ORrryXOL7o2x+
z=yRF){LDeEAi0FyTeO<s-OZ1beQD-v9;;@}x~dtYTkfba#lDv?|I(zmcAt~rZT|wo
zVbY+HQ0VecLod>^3gW+yr)FQDD3bVdlY4w5@7IuCm`LC=j=0<6-K-L;`l5IHj%*!I
zSlV+*e24m<4NIcLQtKWLrFwsuTGYyttok2%Le~holTO0T6s^Pm#~s0V{Qq`GaKRqz
zoUNNn>n#pDlElxNB{q2{tdFo9q3ufB81iJEwtrxV%<izZ{-~p&>YEQp=_H!v=oAWX
z)O+O9@w@V%Gdo+$L-*>FpQlvW_s6L4549<-Xc$#1{vjI7!?KR!vE0FTZ(h9`h+knQ
zRrZA^``zI{xn=4yey!zcVe+g$_?)*afBw3j^Ca!p2Yv1G#@ovGT`hGjmzME0drig>
zuF;0CiF`ijwAp_9hK0U6+4;uxVzbpwPrZ?-c=KUP_4<I1+nzj=4zdmVkXhm^qgTq(
ze=n@VW+!W9k^$?+FU#U>rt&=krslgV7BBv@-hyV}k*T-lzOsyDKCPWk_+!bnsM<Wv
z>kg(*Z-+TVFOPXI>KHt%btWQPrDWH_<TXlqhDTKP9y&JWs@1Ku@?mI6w@fOZl}C})
zo2)76ukBlZ`|C9-jZs!<tqoF5+jBteK+Bl$ov(XOs9Qfhbha`~(L}2=z(DVvC=2Cq
z?$ax33#;*eZUy)0T+a`Vs+AL4DHmdQy8O7Gyr)Sra@W~vKVJ#|$|XyQ){>5gDnFf9
z=ez6GXs!S9(C9gb9ZkZMrE0x5?ow{Gb>B4)^VHa%Q@*Jw_*L82{Nj+Rpm2{nuXlbF
z46Hg7aaOT=mFb<b!=kJ5^gR@;*#`VqF7jLUIB7w?usNrl#)t66O<O*{F8I9d``J#_
zZ<8fYyRHb2sxI~VIsARhD`axX&*9th#;*fRvwB2Xevg^HXEXUDCjU1{w||Wu{%XY*
z(Z0b)C8sNUcIL^JKX&~4aOr~U?-yIAn>}^(N)48NHqZU6>E=el_D46w`we@}bq8E4
zR*}wLXtUqvLZ7lYPyHq3`_BFo5nlYuXn`5qI30?fJuQ0h`DDaOQ!VNC<JA6E*%a-U
zHVJKwRhtJdt}S)QtV(;HV|VPLVNB1X?Ay3CdV{C$+<luEsHC9h_4uOFsIlXH<<?h|
zD}8f!Y-$y$Zj06x7`bth`lkM{jfLuMEv}=l1fB8&!cyPhm5`IEH+2mfbZm1Qwi1PQ
zH0O8fy}2*5u6y`#-<OQ*k1xpV`kTEi41ZT)$$Wn&(fQ5khtK%LpAPo^rT+71%2FAQ
zk`D%cO64a$tQQcF#|JFRztUP16!>6XGFzTP-6{7k<zw!bU+$^H8SK*ZwZ2`Jo>}#Z
z^JH{qqO19;Lbg`dfwU;w+@``-N#mvDH&4$z^t)Yd@As=?Xm~Vf%&Pg<=9}D)ILSVK
zE!RHX@FU+J*qp4e*IF;c;Aut4_5C8I=229)Px2<$@A5ucC3Jk}{g`xOI;YB;4V-6J
z<%BMN+U^>@Qnv8^rzev)#rZPz6iq%<=WYx+9xgyTeD7G~zNN3ft$EhJ_=NZ~yALO*
zVq4CSUTcbsRFY90S$xsgeMCC4(Im3IXvc$~x5_JD-02OtvDYoHmtEvq?Lg?$F4t2r
zpBiMW-96nUh%{$!f^huK>WV58^$bPjr6oLN0p|pJ<(6b!JMP#Lm%6&CEN$;tHnH@^
zm}W)i$nPWZixp@poSEOgzp|HoYTKD_xkA3|tfpB=R~dKh8FgZ6q0WMGGajCx^~tMb
za@X=J9J=T|)Osm80KcXpWcW>LHubi4Jypfiq7AvMe4s${%h>1!Q#+3Mw>9Gt_{j{i
zl7DaDg8jad&79wl-Slm<L(b#Px6w?!+-&8#;he<Y?gOh2M`#~;H*&YY@|)D4sf5|`
zAFE?Bb|{R>TI@LG8+dt{pjb~~Wl>OD#k-FZ39tWLPs&Y+nskr3+GIQ$dp&<-!^n>p
zXAc#6ok?G~L^br`D+!k=w{1V=wZ3YJrRl!td%jL&Gr{&XdyU?@wvC>7`j>f@C+}Il
z#J2T8kv&l??#yZbVBe@zP8r>ypCLOx$6EH8F10wlH1Fup2Sr=$OVWQ{TOIr5tvU6P
zb+ts*v9vSNgTJyKx&E1d@4(ut|6%%PZbxP;v4EdGLd&pTkEi@kp#)N0=NMA2)VpQ3
z+t=`0+9HEKTDJ?e1>d}0DC*aD9J#)AG48yUzq(s)l=p>4r@UlB9{UQf+pmZV_uLWx
z(lvQ<KHgw+|L`l^4bIgoIl~S0&pf)IuFS>fwtQ2e(^*?8ncp~?W9m!)&!uYi(q*4`
z8r~5r<+!PpzRqjzh6&`1G&G%0+(H%VEWbYzcT=vi(3Y+I;m8TMe%}Ozs{52J>-bgK
z9q+d2-jpNbjB|7YQax3k_1C(dqkQ2B)UbT-a$`%*O<Y_aHGR(w$Ig?>1-^0_o1UO<
z(<(ZjK;_;ZtERhTbm?lnzDLV)ouYq!ei<<^xuSNJ!Ky8r)ko}zI_kw`FV`6;mGAcX
zemt^8x_#uOT-=7$^G`hd$+}=f|N7$}q8AlTXzE1wvz_!X5s2p4*5lEU%WGt1>L>Pv
z{p!wlfda(aw(L$~qZP^rO?Q<yM8==Hv^b8pbcfB}UFV(rWNmh2v09ka^EQl~{*)d^
zR(nhF3%;lvYxC8`Ua$MWzSpN;e+=h5%=_nN`m)+9uQba=SFAAVX#6UjU3*1ILpUt3
z&4}d-RYEhh%%e`fJNnq4u#_m|DoKvPn`W<K-kfUS{673iVQJ`=K2qm5m3Kb(?);i3
z@sYQdaDjJyb+o3|ZF};IvgTch4m&D7rBPTlj6(Ib^Tlr2D5Nen|7scZ!azSg>!jYs
z1heYqh<={&<u!#ja~hj>3tTD4zxlKHQeaWsgqK0^p!j?7o_i9dCFeOZZyRk``pNGr
zvIXdTe=#xN-$dGC+1HzIe{O&2)*4&4M8`<5PG^~txx-_FGLJ*@U)H7Xh?mX(bmQA!
z^AkBIv=npWN`G)Gwn?xJ>p6?7jwiWFuRH3KAp2oc%6kqExz<yHS<z~xU8aG)_jb~_
zMinz^e;s<bAtYi4q0VdZAqye?pX>SyH{l{3-@le~8mh?@{k|ZrjdN-=W0z0Vq)cox
zyV=GpNo}npdAIWA0ZMC4!%1IGZ&&?uDvX@*pd+QR?7o43EL$WevZ49f3*4gQVV2kT
zzsq)X_O%a>dn$+~$=8~QYV9=?r<L!u6v^lC{A)~%Ypme0JUFDO_c-1;E)H)dnW}Vg
zBJYWsqhp+dev400%S5*4{A)|L6>q+6w8?+;Pj~a@1(x?XeiI&1)-P^uI1#x>c)b3%
zq*zJ9rec<f^`*igQzJSDSLY<S-$<-WaX51QOw-B@Ca?GtTMyZ+apAh}5^K6^ZD;(o
z_O33zd*>tU)<-^(Sr;B*s+v;$!z_Ptjrq&t+Xs&Xwp)b1me2N#w&FjXa#iS}(LL>Z
z`M72!X_K|_B%O-T1b(jDHwU!N9anyssGTR(7X0>|%6`MBT}I;4r`|+=3Ei7W-2L-K
z@hM*0oSUs2U3r-wPDwoXtu_!hR@xx2uTZAd_<)|;<+H^#)prlwTc}>LEtju%$$hs?
zM``9M%l-08QwK(3g!9ho^jxy)>VA=USjzB=l2K$+#n1CkSX4Hw_lWG>$MLxTdj37R
zJvHy%KEh2cU6Og7)?F3+c_Mjtrh8OX@J1HP;Ok2-xrzVUG12mH^u2m<S7{?s$5!Ex
z@#lt$x<ohAyw|10UT4;3s2g1F(}-PHvNy7tloz{=xWf2V<&7>gckycpHYTZS`P$lp
z-<}Y^H#EYz$W46brX8_YKMSin`9w%|46aJ*I94dmxu#ip%_>=cHl^YfzArd<If4_q
zRP(-T{aD&Ctj_r#7M5-`>CQEtVaGb2`X4vQ;Hm%94Ki0F)Q+}E@>dU^3U+r$f5LUd
zChkUf^7ZDlFHMz(+%LJgA}TW+&7AYz7khuRs{WX#agkWI<+ay_Kb!uHu&^3QIu0K+
zO_<0RHW4&9bl+5}N_uh7uW)7G=&!6HTXdT3+`kH`-{)xDnddk7eAl}&+_@t`->=G7
zI#te3Ry`mfQfB*oi9v9Lzy8xNFZO@8Vo|&`^o^y%?!&Ur8NVAAURf1A$)m~t>m72(
z8F~3mp<a32i%xf&WuM1iRg4Va*Gm}etuz)cSs2gLd3dZ`m{3DIIlsc7`$xXm5~tC`
z7gd&J)P{?BCavU_rOsl@9`(8eBq#bV4-ArP@ieN~`D*RY_lrXxo7)Fm73o)LOReF4
zcPH|VY{4=SzCChnn^zr?JzR`?Vltjv^6PJEmdJYIy!t~t_ntlyd411h_sFI7e0-sN
zU7S;wuW1+SX&6{O&Tqf4;+Y9=<h}K4V+4<_HD)*BO1pEt?;`FeSBI|Ys}&#jeipo&
z(y>6foL$##m;6cri>S8JrMChKoX*#2bG>`Hpv=2?USy#6N$JC37hE&1DX;rhGO85P
zt@)I8I-)q;a{0F8RL{QM*%Kv{w;i$L-2E3*bqZ7#sF35bS;UP;_r|UEa>k8#M+-Zu
zEUi8**4{ksq)>A<pkCUCTY=-ekh-tt**?dc?O!x5sVm(6a#bv|&n2p}>zP#QLiM1(
zo^opsDCs&$5w@s4w*R$3K!NQ_?z(d=KhOIt_@TP&^nXl6`t<rY6-lJ&x){WnoT0IY
zv+X*4tAn=d^lT5<TWvXdQquh25egD=Z6B40-^;Pi@Ti-Wo2{fW@~dOEPHvL)a(hU#
zt?SX_$82m}5pO~N*ijoJTQ~D{`s&*x*BRTMbVL45<D{FW5&chb^d)PKb=!_2e~v@{
zUR9N2otl%=Q8!m}9R0`!2aaADeeb%h$ghz9$5oQPQ;-AsA%cp|B__W%jq$Z<b6=b8
z8F8QsSRCj*P#ky^3!aXJ1CKrdkNz$G-}@VK;89$7`Y}BYJo*&+%^%2jbX&lI9%A7j
zpid#7Pa&XBA)rqopiiNve+@a%gf9o-pM638g+7H|f8LM-tvJs?M4v)LpF%{RLf<rw
z`~-a$BKj^w^eII2DI^pT34IrOxnM&Mv_LQi34IC)eHRk?6nX{$`3d?I68aP}`V=zy
z6nY&;Lk_fZBL{t-DDp4#DP;61Wb|Fg=u^n(Qz+<DDCkq@*PI)2P*6k^^j+w6!jMMv
zDX90#K|!BFL7zfJpF%~SLPh(9zB|m21KkhCK`$GF{0n^w6@3@F^+p=er_j)+(CANL
zn6>mXnT8D0mhp08rmzjY_!y%b4aLB~HyR3uUK_xW1FZ(Yfm25D;OLu943U4M{en|Q
zyBDX7_AicpZ|A@7(dXin(Wl{*(LTm0quqm>W;NQ)I4}Y@;6Dxr&x8JgW2=Z2fahVn
z0%GBSSva5;4!DH_a^ZkoIG`7@N<!xX4hV(=hM}j%koO0U;ecc~U>Oc*h6A4AfN03&
zrRej3YB=B;a$OYK4s62#-EhD+<eqBy9`FL?;AjR14oHUs*5QD5IN%))h=&8_Ar}Ur
z&jaq^fP6S$9}eh;1ODNFfH+_vQcxBBd*C1rNQmy%M*0P4hyxztfQUF?A`YmC11{o#
zj5uH;4(NyjKH`9oIAA0WD2W43A}9LL_W@SofR;GmB@T#*17_lYnmFJl4#<fEcH)4Z
zIN&D^B`9K_VLpQ)$I)qN$Ut164TIj$iSkc*5Q$?3bMZh)R4DPlOa|s6R}<1Z3*8xp
z$OVuT4<tqI9D(maV}PW1ASqJ%3cg1>9S<Z$PLiYTKvF!A6gfZy?eIMGY&mlF5+x}f
zNQ%eQ50k%X{X;t)S*ApvgGnH!ftUzlDu~G-=pY_QiU*S7fuwjKDIQ3Q2a=+zp-8^~
zN%25ZJdhL*B*g<s@jy~MkQ5KHhzFA5K^XBsQaq3p4<y9{N%25ZJdhL*B*g<s@jy~M
zkQB|b|8oUkJb<KlASoV5iU*S7fuwklN<5GhSqVn_6-bH)lH!4+cpxbrNQwuN;(?@i
zASoV5il%^&_X3jQfuu+fgZ@82Qaq3p4<y9{N%25ZJdhL*B*g<s(Etc}K9Cd-B*g<s
z@jy~MkQ9%S6mg4S{(+d`Q3+!pFAk_P!(IZND@<fBVHSG{bJ<G(mJ)!a1dvh!u#^BS
zB>+naAf*IgDFIkY0G1Mfr37Fp0i=`wEF}O-3BXbUu#^BSB>+naAf*IgDFIkY0G1Mf
zr37Fp0a!}Fyj9Fy#r)N2hZSW#0drX~pA~ajF|QSKTY;qnU?~AuN&uD;fTaXrDFIkY
z0G1Mfr37Fp0a!`^mJ)!a1YjuvSV{nv5`d)yU?~BllmILx080tLQsg>wIx7gkQUb7)
z04yZ{O9{YI0<e?-EF}O-3BXbUu#^BSB>+naz)}LRlmJpn0G1Mfr37Fp0a!`^mJ)!a
z1YjuvSV{nv5`d-1<y9yikWvD$lmILx080tLQUb7)04yZ{O9{YI!W@<oz`2}ZDUsPM
zCBh(}8cT$sV9;11uoNk@LhlVCu#^ZaB?3!{z)~Wxln5*(0!xX&QX;UF2rMN6ONqcz
zBCwPQEF}U<iNI1Ku#^ZaB?3!{z)~Wxln5*(0!xX&QX;UF2rMN6OOez+iVw7u2rMN6
zONqczBCwPQEG1&mB^F*{@g){uPDhx~e^`u(1({fsiG`WKQX;UF2rMN6ONqczBCwPQ
zEF}U<iNI1Ku#^ZaB?3!{z)~Wxln5*(0!xX&QX<My22CN(ovn1nGEq~AKyjF@Ky=30
z3buj>wt@(@f(W*Ph}sH9RA6lwI7qh}%tQr-2T+0eVMGNMiwG8rh*~U06ky{RP|&Rx
zGf~Xad*WQZCxYE1g54y7-6VqDB!b-}g54y7-6YPjn?$h4GiXW7wwoj{cj%ar!00iI
z842tr3G5~b>?R59CJD8h3}Z-|!!HuuhB9#sNnm6F6_{E^RA9YHV7*CTy-8rbk-al?
zD@p?EO+u|VBTCQ%hOwhta;Bn0-FH9<LcoX;G=u~iLIMpTp&G)72GoZE4P8%|i3S7+
z(0~jvq5&mCu2x3J29%5hN=8DJj1d)RAp<J9sxcE4$RmadomPyf!0RQUddm3rpuCK4
z|1Yj&=G%h^!`p)tGrm2jI<g3XjtQtb2~?c~s!l>xeHJ=&@-m>KD?BsNfvW)Mz+qrS
z2fhUf^(`3R9=s5Sx2O9V%zS%r1>o%=c$oF}Xb+RXGax}6LIU4{1il3c^(|(ho1Uhy
zMnj@IEX+g)K?|Up5lU=zi3FYk38Enq_!cDaEl3azk-#Y-q3#GH${Du{LrIT}n2B<h
zuR)sYYmmUVAc1c|0^j1_GTy%>Arkl&q&dC?3A~h<8A@ihZ$XAo2^~W+NG`(+C4+B4
z2H%1Vz6BY43o^uHWN=c*;GQ6thtbiKQ4MAoQ}P_&gG^U=CXOi?bQn-WSjLDNd<!!8
z7G#JF$>6k*!CfIkWJm^WCPQRM23046s*^$0$q*Tm(a4aoSHQbrm<x1eWM;2GcnG}$
zK_X+XfU1*0)ybghWQb46;2w~{F(5;HN(PlALwrgGJtaeYN=5~ku{R(xX6Oxitjf&Z
z0QrF4fKZmPH$YFxpr>TeQ!?l&8KPt|2s9a_nT$rsjA$YLW<X0<HD;oP;1$q<ZZV<-
z=_Nx(jSR^gGNf_HkWnLpl955l$e?6oRLK}oLpFc`HC-T?i5kK~Kn;eR5jEuX$e?6o
zP%<(o85xv}3`#}@B_l&%O$Lc1gE*2QuSZ5LKVxq|x`ClL=z7A$-k^XfM|*<;2A#1t
zK*`9cl5vnh8p$Av6uNpLI{?7KQ(%pZ0vbXA4WWRBP*4qF>;=%ynO>mK^@N$d0Hzyy
z0Sq`pFHk@-DIk^<h)*eC!6^`*Qb0o}pdl2{5DI7r1vG>L8bSdLp`aSV&?^+sQifik
z>j^V^1xz*c3Pendy#kU-0WqaOTt@**PJzgf0vbXA4WWRBP(VW{pdl2{5DI7r1vG>L
z8bU!egt3=ETN!$ZE@;f`B`}82OJEWidkHK(1!6J^Xb1%~gaR5u0S%#mhEPC5D4-z}
z$h1;Gq$nUy6o`f>U|T5=K2gAWQ^0ytQ0vXudoywmo;HPU$(h-EU`(O+z@#$v9z;VF
z5GxAE6a@k+3fNEzL=6<M-W0Ij6tLbD)Os_b2eo3DJ9JCVO!Q#-06hc`jOal_D4-z}
zh#n{)Vib@s3L1wnqMJ$cVq;6U<V-|I1=EkBqk;f1q5}<~f`(8*L#Uu3R8&J4QGp80
zj2V@#C(J|zCLd6N;b%Zag=mNh7MuzhNh)Xv6*Pp3Y6t^5Du^)yI=Y@P6CDT=po7qc
z5gjNQ6_kvMDj6dR&^`tfba`ba3J@Sb0WvfT1-cW23afQgP%<hg85LDBMpQFS0q}`R
zS2bp$nw7JpLgdDX3iOl;dP)U7rGlO!8;t4kITiGj3NaaVPL7ibO3g5abgf_}T97pu
z!<oPV%QR6zPpP1%RM1l@=qVNSlnQ!E1wEyLo>D<isi3D+R8JYl9M(!1dV#L3%<Kh_
zKj;MzLB=tMn2ZW;2o)R<D#T<|P&q0ZlQE*3NvvWsny#(PL^ms&NS&Kaq=KqbLDi|C
z>Qqp5D#T<|a3iSTKu{qjqt3}LQfCsf7;0u`7il1O=$O)GQe)FI8&sVN*+nY22~=<p
zs1TD;K@F)8lTlGUWgO!<*+v>&TbVe<G>|_)3nIucgK6Lx&>*`=0~Mq}FiHbGrJ;Jt
zfQ|++<_te+bZuoOI*<iG2Pr>Bbl@P+ATp$ZI?^CAq=BB&Ku>898PY(AX&}KgG(=@Y
z4>2eMdU`a(O!Tv|hqRe+0-MP+&{G;jhBOdn8b~q?B10PJ4Gkhg8YmeJl#B*SMgt|I
zfs)Zc$!MTtGzeK~bFzyxP<n>mVs>_s20{dL1>}fvu7Hx!K*?yJWHeOC7{`82_K-$b
zHD-=I2n?W^38tpU9^z9P2ssTToCfhJ4fKZw@hJ_Ij0Q?ZLzQe6>i@eoNu#S8Gf~fq
zS7~$ORT{*nG|(9u#HTb+G8!lu4U~)qN=BO#pVC138D=cA<5L<45RCCmqHcPOL9%HO
zpVB~YXb_*$P$gp=!#Qy&jjn1;97E*n4Z4#Qg@ybRb&DC92#QLB2o?DaeQApk2#D~^
z@E||>w*!~CNYFTD8p$+4un|ID3OhN3>M8>S<U4fJAR`94$}$xLC?bXdgppx1kV8^%
z3P%|<4{1RcT9FSJJXBz3!JD%e2svi;ZycEl4}=GUH+MS_@=_Q)5PPHrg9rWv(t@u2
zBOmBPJ_{%K4vfP{7ha~~1WCqlf-=t<Mo@j^kQ)XMbRTKK;DPcZE$CcEPQsz9%E$*g
zZD%0|zk(4t-4$ReatK5*<e=iSkb|RyU_c3re8AwLQa%e6crlEq=q>?MQO#NlMb00h
zHggs#aA=T2irDBuY>l+g;mtw?-V7ruW-oanFwkzt#tNL6S*XA-L4J#w7Vu1vmbu)U
zNlZXIi5$`V*Hug%D+q%zRN$n{LItS<<n1u-fro;$V50{<3etj2PViEY<EC@D2dlh{
z<4O02n2H=iVhs6=D9;EWBpDD4827+iK@QJirUm>Jqy_Z_kPnzmM!lX{Ga0fAjL7Ms
zI5UxBCxZbwGB@eDJ;pId^qt;@91cdwi+lih)8~v4L-g-Av*3aA!vGJN5lo)a*uiBC
z-b}DNJ+KUCo-uf6c7YKLc2JrT4BdBN>R3ULkAa!dYX&edIdQ1}GYiAaA_Hb)(DT^L
z#W2fqVh6fs%{R<znLZ6ZeH<LlgU><*UJv8QFx_jx&XZ#!1HQ&ARG8N?eKvjia5@h2
zTHtv4EO>KW6ZEh;QwMEUf(9u9fKIYm@E~=9d<nt;XXR&s0q2f!teBlXL9X9MO&m5>
za}y}YPcZuiDHNmy4RMeUba=B+&B>x5zxvlhOdTR{E-+M({g^dG;CmrO8!&j_bs#Mm
zJj`o>N&>TSqSR#^J-Q#nRGi>bU^v0En1vHO3Zy6ni0^b+gXy{k(}fMDD;q#*gIR!Q
z+`4IlNq1nF3K(1o3@|tpvj9W>2sd43VY<%3bfJamN(<Aa7N%=0K(U2c$iWk29BR4)
z!%XB@eFQ*`l}VU|9F{H+wZn7|OSNEC7myMpAnQ<fVHVDry%N|6<LT=NOvMR{85mB;
zQZVAgN<biBz@^5DKp>S>=D5`O87FQU72WY+Dymsq01!uGI!83^tY8Hx5DYMSSV;=x
z=iqbV!O1~d=thfi^ze|qVVI>z)ng_bUaWcrHhQ4tvqlfLmmwIi(S!62QU?c{oS^ea
z3m7e|Oa{_2M{@9Uwh<t|Vz%U9bvH2NGwFtz5r%~pq|OgW4ixQ}HH?s=VH`&K!V6QU
zD=0k%W+uzP00tX95PYO+5jJ|L!!Qfg%*Kjo64HGKrlJBl$525kV%FruaxHk+$bfj=
z822!T0jp?&e1%O;)M1zf82l>6VWc}HOa(mKJ;48mdw`W!L4pcw^e~43tFVH61^y6L
zV+Cn}EDly>1!<uhtyx_#<8@7sInx~mtZWN5=5x10AW;+s4^j|F3mx7pFmrtXv;quM
z#}ninz@X(}=ylp=Xo=-ou=+Ddu`moC$UD-4jUMJOK-H#MfamOTK%&!sQ-qm-v2rmO
z;JF(eke32@SScE$1>j-DXpk0ARID5gQZbFrYDU0>nH4K+x}w!-m<kwnDqw(T!ujbD
z#!BNL7$C)n6~{qZz$Rnmagd5|bXL#8Ig|C7#z}Wan2Hkw9>WPT&uEIVQauO;Z1gaP
zfq*#-1k_=e1rPEi42Bmi-osRQ5dUNF{=*p{U}+8lwm3t;7H6>HK}h{Ru*q2YAf$yZ
zIkN!6x(_2@raKH+9U=_ye>e<SDI+A~1B!|jGeTPCc(Yg`Bt}$BcNnm$NEoV_Wr-O!
zVh#gVSqaHwVen9gVb)m9^$O5ROH7@dvo@I^={9td&Eg)mID^%BLQv67%PcV9PB9J<
zv$u{QZ;u)WY>2?)nFR)0oWY7tA%8@-oU_2p*%*SPAO8&`Q%45&abRFzk!2PbScXF0
z4%0o<YncTG_P;QW4BhczDj4uGFfib2%mRb05MkxGkjyc-)L20-q-9RLhZXf=gh$VK
zFcThDQw!i>rL`F0Va1nlL~Ml!E6jzo&_{39pn-G8fC{bC#Z**~ZoyE^_zKe&4=WOe
zB;G-tpiCGe7_71wBN(Qy5MgD<Ffia-%^D&s*MgNSLu%g6@eHvtXN+Lzju}%&27De2
z45UhCfx-5*VD-}wFyJ~t1+`g2G?RnE{6Msx8dFih+7N~c9G+RIuzf99H8-RjF*v?h
zJvXFfjye%%T*_&9^t208;eo4z!GjFREO^)o5fM(J;E34179zH<g^2EJnKgPdTY;wG
z(Y+|9!UKm0g9qy-v*4jCL`aQjY+nmj><($cCMT9_!Rp;1i)EN;K^JFcA&1-)^1n<Y
zr+XqyMLyeyBL0UDh1F$5z|5VTGpVO(3`}>Oh_hWM;(xeKSP4F)!Z*a!P|a`FfXsEB
zh)j2#h_g<;AZxPd+?q8NG1m!7@gZ{(OZX7yCVYr<eJCQc549kL)KN=^5o~4?$&4Ih
z2_LK^AM!`w8Dd5Gkd`_5EUd5}Ba7$`2s2rP*2*))%KVdNww6xABVn!+R+|qgDi83m
z>U>BGOirlJ$APqfX@MetjMEh@JIHvu0aBm-U;N2b<g?d<NHbbIgB;t9i`D5vUK4Z=
ztJH_IK*9$r0*I{DgXJX6T_GaPtfgUAhs5+1BCLWPOlc@&_wTNW8RVGPLc$V0BrM@W
z!d8e#*a{H|TOlH0TS~B+dB`;bbEZ939gtz#ljyz!QwJY35$l4Pq`*uUU@Jr<(0OFb
z1vc$5hk=AS3?$59AYl#z3EK!u!g4JnY;gvwUWaVmfKUtS*UjR{%$A+$nL^(g!qjep
z<qE8uW(@L7H(|LJ66P?Fu-zO`#}2Ut*lrFIwwr^5?Lj4BX$}%BRUkjc2n7O<+(m&A
z3R@S!YRMsAVMBst7)Y2*qBZ1@t0+j=_D>Qjud{j?93aNYNMB}PYA-_!j`cFg$t*r%
zG6{9%5LDRqPZGBMlZ0*mgj#H~aL#O<ot{nfIG>p~vHEI&6DzYe3n#WN0u|;EoY+PR
ztXv&(1qo#Lu<C0_3oPbh72c2*m={=$H>72*B?6UZ7<{zk8&f-FwhUoa*BCnmD{O~c
zx&rnBtupuTniWi;$k=%iGNw>iy*K1HKq#!@8?xOB2n99Y7-tGr?2fThn66M*wKZ&}
z%xu$}wmVq)IRp#_4^t>Irch)|p~#p*kuilLV<9b801mmq2BaM;0f)3;PeyI=tZtgS
z;Q=iP$JDtqTg9*{ZL{VMrch)|p~#p*kuilLV+uva6pD=PH^d6UA@}*v2{o$=Kn@va
z3ey#e40a!zDPa9)bpfVOWK5yRm_m`U?E_>?p~#p*Va4H)eTUe*z!VCr4~JZ8gjpg?
zp|BEh$X6IuQH7e-adSn7Oizb1b?(d-9rAyO4pu1+xwHwh7qA46v|#YC95_}k4*3c~
z0jyvg(gL9XRx%E`{b^2yj|?i!IGdQRP!tG%U^Zdp(PqsiOrfyKaR?X;9=6pFD;|g3
zZUr5Om5)POpyRLta!3n3yUu}pfR4k8*C8$NWVCV|V(+1R+N{|$SH;kBZp@rb6j<`b
zI&Q`~P8)2jmK=fs2!&OXLt4PlV)f*ZYrwFMgN!lKf^{4ks4;c{R<@2|?ogOrRSwzP
zi@qS%1)wyHbBBT{6joUd`J*|@t`rEp7{SoRimBrX+JJ!pg_sQno1B<TVs-A2-ObqO
zVKEd|>JIq|95V_QL;XMI-Y!Xw<VX{I$0<^#ABruq6&e2TUQ(<PHaXqfGUP6$$d=|V
zwjWSHq6$M4fCaLKWIxRz<_vR*eb~Fq1@;R2nVD*Yg{ysP?pawG#Rn4fv~Y7ZQ&ZEQ
zPgN(qp(eedrgTGH?64`^1LSm=<VhDr?gm|yvj_3a<O<8zs(1KIJ=K~_sD<zFCuMuR
zp|tiL(BPucYV|ujF&D5_+{-!T$pLPY2zOl+F+wglMX$+8ugOUbxk;}{t%C>nyNW|K
z<g^qX{-hiyeo{c><pS1nczB`<r#IB3H`Jsy)TB4mlx(OAMze^yRGjW98BGersZ&l1
z&RwjjMrkK?HBO2xoAid76k9gw4K?WvrKRZ_txbo2SV<%*LdIXI+TD|`g%~!%U$a~u
z`C80+O=^icbbl1S&?0qsB7C7`>hMG)(VT3koC{L*y$c8B9K)1PO1T&|O1WGf7nJKY
zDdp<WMp&=OS^SxJA_r>L*yOA^_j9^xE-06)IN$SVPCY5*a-%5aXII!s(9UYerE+yp
zjkLBK{vrCsoM2rS<cUR?lNT?mCnZmAyc2opdoMOtuSr|O4lPU*D__tMB;%9Pa0yS>
z;&c}@s5L2->@M~}^oyK^C&!j)g*@E{F%K_kkSj;3>Rr%qb{eZsZI0LWlkS7uS0@^h
zN^wDhnzXYzUFT%dUJ!Ez)}4rn*Y=YVBX*_|a|V2$&%G)PvwD7KRT#7c9#YIy0I0&C
zb@q^SW(-fQB$%^e)E%Cba=E;fa=F4Uwo$c~Sv|j6SP)c+A~|c~|E#dCS!0u0bPwrv
zMv>I=g833e-Qg*hK<nel5@?ycd<nF|ATkBTz({5PApNyw9{wTMy4K&r6XW^S%7Pie
zsT|*v5-c~g5-j)h1;MJdqym6}PSsi#_53dC`PEW<7$ZVUi}9grwdg}yjt@^nACiK6
zxh#;1gjw@>3=eDgq^l!NTwR^>#eI?mTKle9l4^88!?|Rk%Cl6Y?@4Kpn_6i&1BT8t
zXr&-65eQ;*_tdV|DuHM=9@+ka&a<20L}%0;o|I0pdX-LbOJ8uZ8uwaF5yXhlTGai#
zsKT(Q`&lXmUJ!f+@}CHf7x9x4e0l3iNxzE-`l81DqQ?EA?q{tW*l6iM{6mG7-ql(?
z5Pyo7*~Jo^D+HXD;K}c5DeR{<>T(V+o_SmE>P7Erts>ZH8A1F*?rJS0h$qSyYTQdL
z!HXq0qrFZ`5bgXY<$_BWx)cSx<O02`7xjT_Nx?>H3SLkp9*X>0dTJjy($v$<kPb8c
zZ*ps19A@<}Eb3uc)We{a1@XId<=`JyXc?C^Muijbgu90<{A3p^o#$dS%E0)j#GLp?
zlF9f-Vov;8$&-))o}_idKhlcfA8SnuzfY5%cNn9>Bu`5Dg|i-22$F{~+hIIY^2Eb{
zCrX}p81TfBCz?l2-cvi`QKcd6nr^Jzrx)ajF9l<hB8h(}dE&;$lO&VzkF;m_$6ArZ
z8YITZ369tHlkVq*vmW&#(%xMVESd;vRw#3dhXGHNJaJ3liL$+M#N%(Lmy6)Vd|?fr
zlwi4Ab%*7Ky&zar5`3MKC+0eyD0wLkn@M2&EwMqqpYhs$Qu4$*uH?xzdO@Bj45+N3
z<cV>QCrX|uDR`nnOC0fSD&?0~N5ddXdAzotlyb57m2#_8;M0{nG4An1$rFVE#Yxsz
z4hE%l$~X3@6$aEwNgtu)St}o(uH=crfG0|x825OM3N112@kCFxG4AnuOZih9_oxYz
zxJxM4DtI|dYgIoKk`eN>svn*Rc~aHy8J-B+YkfdGk%iOBcz7ZUrv>%!6_zhVamn}s
z6~mrbo@re<U7fS-dQwGDI|?85H7J)W7XMK4^sYwP8X2Q^HHxt46S>S#A|yP?Wgd!y
z#X<QJ#B1#-Pd@Ub;z#HbSW~%0ZoLqrcXgw8HIlORPs$f!SL0W@aH0p`i7uSnWo;^8
zceyAMe90H(sqN|((7lUAIg98sU+7(}HSj=;k|%lqsuJnK$?b+G$`^V~N*OuumtK>=
z&B~ezTnT^DH>V5tf{Bb-j;{}sJSh{&1)xl1;mY`^r0n7!N}gVm0P+aIdQAeDqE8Zc
zqCk``oS3wDq8umjYCO?5>kZWy;4!989Gml3y!@VYy+ruwdY#i>&-^8~2P$Ie!s!jA
z72NPAT{yj=q=Fl`NpC2)wPY#9_QRia;p7^`lelmfY<1QERNaIP^~7w2BNe}0mI>z|
z{$Fg}X_;UfB=Vpj>pz4%Xjb|}_ySk5K9PmPT_sP{nrzjYgt!WS$`=JDV;r6F4)_U=
zo|1R8ESN6J*$;VM6uqIecp6Hk$$^sMY0vP#x^UtR#}i#Ru}kqp7f!4#Jkf<yLr&|K
z;eGL_UaZ#{GjL*}r$$tPs!JxaK2m(T@`c_|t=>?rAgWNcP9%}kEyD_`A=j!Q*Qz1c
z>gCW1<`;u?;q-FQl41BjeRH}TE>_UMuQ2?{IZkA+a-2xui({xal$H!bT{`7BxjgYi
zIZkb;R&A(OFNanyhgL6#Rxbyw)&-{2Hz#xLV!e!q7Q+KuKj{e-(XHzx0{mjV^oDBH
zhSCCMZ7Y{2{-Jy!vKUVyD_;<N#$BI|SiC2mlwi4Rlwi4XE(q2es!cZ31r1_xoyBTk
zltjSI?H~X4;qK=4_b<M^`*d^rpWnRtbo2aKI?-}F$h{_)*fXsR){7rhQjni%j<06R
zYA&QEVoK8BGflG_<m78&*&r;g8C06)q}e~39iu5CnggL|f5pC!vSXvHl0u9Va2AcP
zMRugtx%mIWO^Pm4h?D}d6lSD&oLNN9ET>Gv^ct(y$gM^;7m@867D|nuzJ8WkA>n^z
z{?t|nkx+F^!(2?4C(K3thgb?Q7iEi%nrWwQ4w#GS_`+P&G3v}#QxfK4x{6@ErZWJ$
zRemKV!!sC*Nuo-LWqg?Gk+9Tsu<{1{OY!E0r6!Z=Z71b2@pF~lu+((0NFx-*lNYAC
zcNm=N!G(WlYEY-RuT*j?{7C_}oxU&?JPLnO9A+xC6P{?CqEnB4s(^w&^|~6pV$4#p
zits17l~7PX7OK}kR<Bc}g!C|2(F(ny5mWLn{*-cI!#_0kIfx`hzMH&x5QarYm#q9K
z8Uu9dB-)X!k~9V=`T7t2m9{zupj`f>ZM+3hjM=57H2!hIQ|QJe7$C-IOI5(JWK)#m
zQS?|gF2RAqV6iBmGRqfgk3*mngo+em$6#$HhX|=KiFR0nY!MFE4qb>M$!(@Rk0hP|
zPl2}9fo>|7e)80YKk2P_R5M0T0bEI<Y$Z2H@HnW}g>8=93uRL#1-LLhNlG~eCq*>;
zL%rrnQ3y}eQqqEu|8{fx>-RsryT5_)nS%{ZQdflTuV381c>DfamA+~2+uz)My8m>O
zG^X3%-QB-<g<&_)4AbJDrFftxzlQ$PU+@3v5BD$b@1EWM@4x@uP4m@Pa%Dw1l8^k=
zyLa#JpWS|a_wxScITW}9l>2__4uQ{bfgEsFP{`nb{O5mrcKZ+SKfb#Ac=J5$&=LRt
zS6_a4`-j_q`TC!qh5!1+clY-nzPP=;fB*jNr^B1O``3r}AHTi*@apyLH!nX-^WTSC
z>JLABbB}B0_P1}|{rUV=fxY-wjl%)g9?Fy8YdU;RbAUO8Djo+wtG9pE#~(i3-`$<R
z>+PGDcke#keg5X%>-Wy5h257=`+9m78Rxw2Q6lMImuHa&v%jvl<zlhN<*?k~>cLVE
zH`5#z9uRM=^iZHFaKdfNmM?G!UA{EWFdsr!d3e+g&=My+9EZ|Go454i>zBB<2WREN
zYS6C|Rzq&vA>^-i#}40jgT$%>>PZw9V9$4<2u#nvE8d{=yXNTtX+F%yL&)e}h67NM
z%gun3&<}m#yW+;oWMiT!NT=%YQp}-q;i@=5SFKDnv8ggX4SHO%Q1xKLmwbS6h6MD(
z2wed8F37t<viJen<&3K4$mR;-sY;g2rDXYYEo`bFj_FiN)-WDI0)dh>PKR;fWU*ru
zuUI;l?v~7@WL4&B7+q`2@<KEyU40M1ccyCqH#VHEj?LwYA*D;^Qo1U0QMz1Fq;z#1
zq}`dWzB{0+EM>!i(d7ylRNXmDH@LUrR7zH5s-8?0T`-h2L}s+jA-FtGGNWq`M=moO
zc9Ns|P3ID_WG*GEGS$e)+9WiN%ORM<db--<0V!^Dx7bOJaf}*SGL@25nTm<s=%=Go
z2@|5|(IM1FRI-lq0mZBtSuJCD<7B%y$Z5B9DkZBj6%)JBK~*ISY(Kzw5wcK|>CiWv
zEXwe{%!p?z5ErHrvT9Q?@f1CRoUCp*Km@8v3Tx*8yOOJ<Nl~I_YlFzpsgx|L{idnd
z*@|w>Dp_L#wFkQ;WKAv9GP+wmySbuyM&}YHl&O@g%2bTsqZLf2(z7M1x-ubE)#DQO
zY`3DROXm`@)GA2Y6SoS|RCKp|JwuqVgO-jci0)QDACPjuL`KiVQ}kii$dajaw<=Rn
zvV1i|$ZE$!h@vZ5-E;uHkC8P{&e$R{WGW@AG8L1A(eFlA5QV;@$Y^@}&zUUfya=XK
zvgp~`A~IwuC95(OBP+%$s$?D8Lzjt+raQD;WDHEe8$es>-jb=5tjbhOz(;=>B`YaU
z-EutiFz!`(LQ&&GSG4ZqIUea;zG)KgEuBlrs!YWgBL=%DSt1EhI2`sZm@rvfs3{Hm
zmNMZ;cPlu2=v+w>>Qq8jZ7NEZFEWxL*^ML2<TF_lEG{lGMkb!33$sR+Or>O1reelI
z1bEP?bhqIDnuExY-Gbu@B`=uB7}>oQ!xwZe*)5q$$*N4n$ciWxI+c>uxA2&?C$feP
zUX7NL#WZ*W5-o@fw2+8XDOr`N*cBNAnN_m7=5T~}R(Gq1UvQ#iP3+!^j$S&K?3PTW
zWL2hO0zSrx=u{#J;h}?H`y>g`h2((N#%#AHc8+6kg3cvm$y`cSWhzS6CXsQR4jp1l
zx?2tGt%j4uL`IAg)yR^ml&s2B^lWYMWxyAI2%#Y*>o^{|j+4biMhv}I$kM5ltjbi3
ztQcRRQ;EoE=MEmi6Itl)1pg-|i;0XFfTVLJCe*2ftlCseWW*R8ol41?;Bq~S48;B6
z0HtKjOv{KU4LX;QB~vL`m8sY<Hu&@lp)0B`+Q`8Hirq?PB=8$>fO4`ZXKc_ibSfpQ
zG8I#3Vq~7Kppw;3@PD4kLJR{nPM9Q|+1ZNmQ976GmQ1B&Ri<LnDPm3NR7zGi!Y6qq
zs~_S1<YZBX-(Z-aQD&S<$*N4n$cmU#PFB(h0lb3$^DHu8g(201?iLdnG5$~IlHHQ2
zl&s2Blq}!<naoIBQgDBscdPB-{-k6rOv{Kt@fuk&m6BDNie1MM>_MkeCOpF6%0x!f
z!2L<d0uqI|kRxP;PA1zWb17Z^TnjtL5!^+m61o6CfK#$jQ3&t={GScuLS$Vqx;A(-
zbS|N*Iv3@QEs6#Z8;BNyuw<J6Z-G#;Ll_hC5t%|)F>RR6rG(YyVp2XrOXys>V`C2=
z=y}INM0jurV}c{1-RNXOn9QYw)#hTdH=^)lE{h6?coqGtK?Rt^q>CGUKPrH6a0EBe
z^|%%)AmX9uR|!kNwE&MK&<aVPnL5Byni47?I)i{%BZoNUThZAPPv~UA6V=I>rj~NL
z=wwP-5Pt9gD`{;DucSj7J6b7mjLs&c$z)1eZ8A=p>sAxeM#$POU`%A!nj<`u4r%OK
zP8o0&(sVK<tu`4GhcFC0*P4<B35X?C(ohZ;-bsfvc7>%>z8YyVnUGeUjFaZxVM>}H
zaAemw0!Pjo6Tc}Zu|}Fqrle80k4(noZ_0b5lPPH<Kt*RUGEP0blzi7(rsJgKN;+FQ
zYpAmwCsWcYlQopIm>xqXQ_==N^Uh)fh-Y{z9n$E@jyX7VHX%(WQ_^aaF+C@x#L~%>
zv<|>Hc*>L^ha<d|9B<H42^sOnbT%PPCR5UClhK<d0*C2jN?MBmVt`TrV2K1NRN;rm
z(jkqWY?BIgp+g91GMSQAn~amTNsKfj+?Hq3S_Bb23>KA;rUq$=G?`3Et4&64nwY&+
z-L+#6&*ho42H`~qhSk!O?IRCm*JLs!tu`4Y&Bq=JLk>#|@8y{^pfG`{r`A$OC1gw<
zpbMEu)5(;y%499QX%KjFqG3v!Kse>BRbZ89|IKvBm~2oZO(ql4s*_O(>0=O;G=*^{
zF;atZc2q)|ig$&xrkGJB&Bt*f!cNz5ix?Rc$|<BlmGq#T9cO>nrWS_Whvn?3IF6~B
zltpyc6wN85RS=dPm5@FdQApbd=j5dMXhbDV0i8lx1!dXMlN}RV=|T!=`yibi6~{gz
zQArb|rHYXX(z2%#(g!69Y5QQE4ryDA8gwm8z)sn<3fhvQ&(O8qlgC2ZK4@o8C1k91
zL0Lq0O%a#6Yd+!<jeVKW^1+FTG@VQ(WNk7|n(NV5(iGsCcCCWCM7A0u%?Bt7X}chv
zNS>mTxfwo68b}IxN3v@bkSDsu(%D?czK|x9$*xr=qc@F@QdH6u=qbDAqc4$gNl9~o
zibC2hs3(#Y>112Ph~{PKuK8e3G)<+mZ4e_mneJL;GKaJ++6X#-C%~udnvcRnY9}Ra
zgEpd*DQUIIs2GXax>X6Opid#qM`9vbm67Iy7KI^q!9G#ThfcOhj41F^Nb}K{Au*F=
zCHlZcA#E4*6a7``WLu0HMC=myQ%Lg>nJ8~WXWJr1cELYUREbWuMT{saQ^kmn%0#X-
zoo#~{(aH3z)h6SlZ4o1i%oNfp$V`-=qNHsQBRZLoR-KHKwnZB`0YMW(c0M{2#l9G6
zK9Dh;HJwaJt4&648Xw6hS9YghP$A7nXae~_N!y@}=wwP-Z8A>U7BQkIO=U<QrHQ0A
zO4<f7qLV3UwaMsB<0Be%*Ax^gyXGS`Q7Vm+wndEWf`y`F1D$M>7!kCl?wXI*L`zCK
z+ZHjh3mOVvJ)LZm7*TMj?3$0*MAJw%n-6XjF|rFDic%+ZvMt((qBeEceAFhOMRc|e
zVnip?vsRmoien$)C}&NPn?hOzxrtGfv<+fJClk`DlX23vXd|e6m4Kp&AuB*plvSam
zZ4e_mnUdy1MUi|<C)*-M6v3&x<|8;!>5<O1L5%2RN?L6)Dvo3Eu9{JUVsHsCD!b;R
zI8nQZk>&#)lNiy-l(gDpRA%{zM?Gr_8WqxfBqxg2P|~)DkzKG+^i`yjZP7+fz)>O1
zM{}YW5uI&|7}*6KMF}K2*(Ncf;87vXM|7h8D4lJK7}*6MMF}T5*(Ncf08$~%2Xz9j
zNN3w3Ms^`cJ<_&lBZ})330cE+E|mR!{9_U$I+=)(+GI1;MtuCEh!I70DrpsD=R(Cu
zj)1iFW`s0>tSV`>$*4Ha0hM+#$?brdl5nH~kgZ@l7b-?#B|Cc62x<F(qze@zv6Pog
zW|5?5jdTvJd~KklwodRx0Czu@l&wiB$4l4bT42(UCs#)TD8N&3i4`>I!sKEqfJ_%5
zF@{biJYPeTQpQL{mg!`2oTq(g(uLhGsc0jeO-S2^CUr>5n7VMBQ{IIFJayM90MCV4
zyJ(By@kk;~C(~W4O~x*>RQ8&#qwLza4^6r-k&i-#8%W!SCZ*XIseX5rv|VUY$S<N5
zp!LHB()OWA9n!Xl5e0ZEF3|^gLSj<VT%}kTavz%1A<fl^l_7VbNg;J9X|7T%r0qkK
zI;3q9BfHR~5b>0>En;LJn$#i9)roc26iu4&_7yZKL_8(U7b8G?h0=_>;H0>|*la!u
zQfb=-Cq=PWI-4&?gtlFHQjfMxf@Bw-6!#aU%@-s>+b%$<N81)jq8LxHFHri#1C-*r
zq_p{xB+;g`$+cabjq~IdQKE%9g|-UF6PGik%@-v?+b&3{w{KfyiK0A}HhhCq85Ftz
zrEQBW(b;6*Dgai8HXjNpvSc5o6#2f4HXjR#s`o)o>TF7zk6?wKLucC}ONL#bQZ!nj
zvu%+jI-AnwLs&i9d|4vZY86$Q4En)Gl>(AaY1<@AcEL(L+BV4&g_Wked+=eUXvafo
z+aybN;YvN)Hpvpjl?rV>t`ybODQ%l%$u3~2Lz|C>6j`EJPcZ@pAM1%eS&X(y$;Kp0
zbT&P2wb`gFsZ?!D7I#q3W9iVeZxv)IT4GV!w#X8lO=zpm#%c3qiO>cwb%d4*ZIz;)
zG!-y4Afi^V+yOgFh&EJHh;1$CY|4|0Efv~)Y$@6o(0$t?OZr{lQZziHvu%+jiuaWB
zRw?g^rdf2hEwV&sQ=atEr4DUAC{p)L(WSC)KHwAGCKzp%T8<)1WHzO(G8^AF9~G&z
zDZEr@^Wmk408-jE$&y|8Qg7dUS(5aUUh$<#FX?@JDZ1ZK+P3H=I-BlWWj1Huw&*1%
zfT`@84=_ceF-qGeS+WaZ>h0SWS)!m%l_fst6TMt0ZChlC&ZhfTnT_w8kBpS_rl?P$
zt%CYQ2N_124~>-jO=lC@s<Tl|p;G5D-Q5cNRN8#lXG@b*Q&&8Cn<{O)>W!jN99>CY
zmI!SMGEL_V<ukmBqv!xhXWJr6_MuEY+P26N1%B$j`M^&!wWPFdktI5t@?>Q;XWur-
z5`~${zWFdyG!mt>ZIUIsaHh__`S3`UC5kf@+I*a8OVf)}_sHsb+XXcBXxrj1=@e)x
zwD~|&H27ls<^v>Emh3{BdbDkkB?|r&A71B!KT#Tx(zZpG=xlo4DzowP=9hv*^b(al
z75u5?!7J#`mL^ZPm12-dSJvr-w%TkCZN4m#!ikDCP5NX7Yl;rKbl<kfl6_!PhbMiE
zq!wJ&%A`V@kN-pqU`Cq{l9cnd4{eIh!*n)ZmdL&-+Ei%s0ib9_Kxf-x<LrZ*qK7h_
z&6g!Yo5D?nHXm*ZuLzxOlPuYVH$^vSI-9GPh%6BV=t-796LSicV%_O%Tl5k|x2i0u
z%|@ki>{?21Q$24AIF)_#0jKDhO=;UCOLien(e;(h<^v^_HbtBYZ9d`@O~2`ETVle%
zro;lNx^K1Fs4Vf3l8Gl31gbn)L4l&-2c>O`EYazNw(4wDmiSOf1!nH5T#Ck!l(sFh
zL=mn^8y489lZuY;bT(I(C~dnyr|1()XWJr66ymD1`4CqWU!=2TdWl7ywt10Gi#kQG
zP7j;4A9cz;vqL>G2i|!t)M@9Jj7%q5aiDslD?reerfNft_ZC4kADvD(qdFU3a+eQ<
z>rb%LB#9@#u4qehwL28Sb2eCM+l4#jT;KU{NwIzv3MyWU$%lfrBa{1`-)dQC)7f<2
zDznkl@Xp6e%D$a|r)l3Rl|@^c(%e<5MkXstXA|10v$6X+^?k2tKH5oG>SI^xn6@;h
zxvP|o6xwz{PvLnalDMnXjZE7333@8~R)L<<q~@+tH&STZg*|O)R&&>EktL}0ohq3M
zZGLglmS#0~mBNui+b-~FOVgUWO65q|HwB*xZGLspmS!4vK4wy7$u9J%LtCYEq|m15
zQ=!c-FAA>%I{}r_k+N_5(5Ey(ysOlX6xtMhDzy3aMO&KK9IA%a@3(Ou`jlpfca`Fi
zLYtybg*LyyXiJlgyGrp$*|&Y@Q-?NJmL#1^;h?H>)$pJb)5g1Yi(aDB>HSv0y3!o+
zu2McS?b```n)a=RKBZ~f=qI*;Cv`TVtvVakCw<JM=v;~i6`iYw2c^l)=)ARswq2d+
zTbd=_Z7U$D6-`sbVZi@56;07-o5{&a0m*dUcA`&ddUNOZwHAF+@t~q}4HY~nO>gch
z6(ohWT{TTxn%~@2N=V9i+lM}#nJ2BQl#mqK_MuN{Hg(szemmVaMW2c+si043&T;2s
zCPgnnJ03KKLeuWlqPd23<+S;jNu^EEr$So=eM%cPA)dTNmh3~H(p2%TQbjWHq~byK
zyjAd^G<&;4$?v*eqO<9~)n=oXu;1`n?f}Ju${kR{gVHSB&c{p&PwH$!TXi-nm3vn&
zQQG#QPibCQ=QqAq+GIARt%7x>Nx_|8NHXbM3I|2^o5Ot5SFoovOSkh8lS<h>>?x<r
zM@)(&Q8Z`+^u=&fgPzhX-OdM0Drvj=*tZU8u5(sNQ|M_T&BuavG?f*2qAhY{7xJ{D
zIl<lF`u~L=6?mHX(Z`*3G?TR(ws>9pUAR+^GFOTSWePh@l;L`F+S$WL&GbmW6SlJB
zuCk_Z)YI9v=p!f8X<|nobP9(!o6LtwDrvhwrw(a8R8mC0!axO-Q|W6Dhd8Bei#npS
zsp$7XrvO9I*<2|iE2+RtnXOX%)0@o|Bf63bl}rVPDo{zd-zjab7*X1G^=J2Ja|Mag
zrXAXaHXpnQXFsLQ6(maAt|sjsZLXU{X%q0G!qR-GB%J+}HdmA=Z8DqkWNkJU{_XZb
zC1u}ys3bxQjJ8Un>|`Xu=^R_bD{ZyeIBl*h5gh^ho*K4Cp$zxB*RLIM3`*K2QL+mu
ziTD$p%@-xfj#BJm((EcgNrW-zWLqSOPNuu&10@lnp|kmtL`c)d?Qz#C$VF@_ootIB
z*@u(#Nb?1Wkfu1vM4DeE6Co2y+7>yo4<?C|$!6OJlT4)fD9MgyxphAQO0uK*f*rbI
zJ6;44BZ^y0XAM{YuZKGVCUhOQh!LGk&RTUgde>BXXbVFsNHXo3kC8-lhLW~PjO@Zl
zBF;r;+ayM`nR_D52Q79qRjQjeiIH73IT3iGq-_!-3Xz0u2tOF|D!qp82nEsEHp!7)
z5J`tNA0nAdM8zy7XAE-Py`Js}J2A@qQj(%+>12A=YO~Q@+XIkHlvMzW9Zi$!{7RBS
z**<tA0%~*}U1cQgnc@|NGCXwPiU>K;xwZ%qolN$u(nKENG&<WBA);`_B>GV#+iUEO
zzLRvaEkZ;mQ_^a)andp&VzH5(kB#gf8ym?^P5<-6M)p27Qgi}ED<;OMfE5uOB#hDj
z1kgwXKIv>O8!Bl6Rus~FWF#Vybh3;KZH-J3REonCp0D6AJ<{B(Oh{9#qLAi86%qDi
zr2PcINQbn2z{sfXRFH~@u~O1pjaYVVA1=}(%~gqY*957UcC7-7>}UcO$`E+UzLK^J
z7K!jNT}byfQ_{4*d)hT06^VE*oy@(=l(b!_NRPBFV&sI1Or-gsNCb~5X<NjIP9|cc
z(oEhXZIc*LP-G&_$3%8Cv#kFKFp-FhvxVG;iA<(Nr6MOH)pWK^a%2}K(xYvY98pZ9
z(B@+zJDN4u{{)ywkG4&ML@|*<n~#Y^6rS$eCP}gj6Y0^mMUp5=u@TyQlp^Brl(sFR
zL}yb`QkjkRIqmmhA`@*DlwwCS0{fo;6AAPLTgeJ0GC7w{m`I@wApoZ$CqM>twk@(m
zXOn%aATT}Jw#X7iDGE<kFp)qRP};UAB|4kZ<|8mWnp@fL!$iuy`Ityx8YpdBWQig$
zmA2Y!R8iQ6i4@xWik!euP}(-hl3kccZ{N14C5lp1p7b%19nIJ4e*#RTL)$(~r0koI
ziR@^WS^pDYB0HKL*zdzc3T-}0v7`BV{ZD|2^l00nmnce6c(Q_0>}Yq@{wKghdbDlP
zOSDF&(&nQSJDQ8w{{)ywkG3tc<OGULJXt|Sb~G2U{|Qi$9nD4TccLO=_@n}h1WJe9
z0Y3pO(xYvQUZO47l_x8>NSbHa{}i}LXWur-5(P#IPvU=$P4{olZvWx^$5(eBZ=Q#=
zpd<eOZ|*+b-*z<5vi~WNku=Y;A2!Jng+>Z(6>KEUv+REgY@|b*D@z3RsU6=F>azlk
zq<N1xrW@RMio+Cbvaig>Df6L`i89413Ua&xRiyc&y<bC8ymva8QdXJGp=^sB(fXLl
z=UOR`+0mrO9!WC}z(Prz<^wVvHNB=bn?u?bF`}4HA<eJFiC`I%{^J(wMkkY9s{u@D
zo>D(%QpCpe`Y|&{Y`qg)-`+OtuXjR&K7LWbYt=jHCzlP=X9W}m@{hrb2uxNYdenV3
zxg6L*MZ{K&n&uAo=WsJp|M9QB{POk>xBv3>KR*lq^^5QB?>~HTdwc)>{o7B6H+T21
z5AQ#Id;8(l>)Vg7U*b~h|Ng757_<5%3WIC`I}e%)hW>)EB?f9_?fI~wZ$|IKe7>H1
zzV`83`}vw4_SqGhSL16R<P|?lHTii#W9eFY6NQ|^jyp?`g8Z2?VOWqqKJ;h*K2i91
z?*o6XwoyJpD1DX)ptMmH0Yu@$y^jwH_tA2rm1b}>4^TdMNOjLa2Uu%y4!U1xE#x6}
z=kEf16or+Z=DRY+wlIabGa6k?J5vcRQuIH3ALk=vXKI!n{XK59Yyk?>A7F!30s;W5
zFp0lpg4NCj+{OV#X$9KXp;Ol~J3zuce9$9u=J7!;(WhtOE5F9Qb@%R7sE-6a>AXl*
zkPMFvPNMk?!_O0)H2CNwIYt_u15_EO+m8hTf<#zo@WDxFpL6JMRKZ25tpn;8aRqk|
z3qfa?ISUPbKiqg^6-J$oYz0M4Ge6KADdR@Ntk9RTKbzjxL$g6?2tavcmy6apBTu&*
zm`j5uRt!G0<yyDi;FkvL;pm3zQ^OYh&>m2chZk4a!$I9NbPfmkRm9?YY3+ctGnF=3
zG{I)@D~K)V=``MG60SP!sAFr-3ix7p@N11VNZ-Th*X$T{xr{Z;aYbR57<*Fp-r$!S
zLw5E7E;+?4W9xziRzpbB>=>9W*{QULHpjsfZWzA=RXR$$4lT142fzH()eddzD-MXy
zqG$an+71jQd=HgqJLe3)OjSCF;y)Av#`oyaET$ocV^{-b$ng^euJB72?dJ;4y?%)P
zYFy#hHww^oDENw<5qZI@m+cW`z5`+K!~Thbr09llP^H2L%S;~pGDt1nj+3BnT7=gR
zs0&!hmZ!;LLtX``z^-|SzQC@2B=`aB%CI?uUm53W?3#y*OUswZxWe-JVZ;Y49|Nrn
zehBeu%Qv{1D+-*48(RCiA;0o~uv4vz9D_g&eyB07frcZ}39bYP_@VO4ub{IE3IJ)+
zc!!Cbn@Z9+g)IZIbyh;G`Q0=KJ;VM+oyUMk5qVij<EB93ArCPYxIK>v7P#FHKRtlk
znNMOEUADR!x935s!t#xohp4oCnGtAr`T@&F?Qy@L!_}70ulyjH4kxfoDk9lez%taY
zHTa>d9-ueCvsGTe8;a7*Hx+@wOAQSh;#t}rMN(G%MB|o4&VY>d1cpS8PAP)Ww_x*E
z5)x^?$dHGr3LKwDiwYd?7X)|!$5Ru@uLf{6j`zb(K<FLd>phuBG0Io5ka$n5!4EyP
zD8>OLLQ%A+b{q`%N*z=9nwihfk0^<fI|!~-l-vjRwIA}Rl9ipw!>C2<P!2WN7!|k{
zZ@@L=F)BM5%JzhyCo-=QdT1dsqDvg<WQS#<E)Q?pauw5hA@W{Gg(J2lUbM#x(Xz<q
z;Kz%ucEtQ}k!+UM9hc1-{fwTLJNuXHinpxMfC=C)Q!J}!YZWZ3bH@BYP~v)R1c#O%
zhv}vbd%aLL<Z7rN1(K<xE{7a2G`Tt~9i7Xg%lDT1p`8E#a-c%{Zxve9VElQ8c1Az6
zBTT5Nw`evSoadE9U&<JxAKTH%BpFuyIrDhv7apFVx60^8Y!Vw{TTrbF5;$^vEo#Lq
z>M;-5*rS}L(yLiGzH&EHyxEw?f9zZ;HpKfRJ63^GQzLJzB%K4S10S8@e|sPlmm46<
z5A#AHvRojJe$IJNuYt_b@BqO1*g06UZg{|(ErX|7b#%<*X!fog{SeCo1PAi~j(*VO
zT6g8>hgbA0qjov4>^H)Om99{n4fE&<<#|O+sFd=vzqypkV>Na%q@G>GA`%-`PP0Q<
z#)XB+B4R@IY(dUc^lX~;H~LLn(A5&YC)GDltpS1din`&D<r<daxmUS?&ZJR{_=3Zs
zYl|YKRUm~sP=4ree1LK@`T;aC!xRaCthNI@_!TICLs_QJTkeoUroI574BfZA#;gwC
zXPT6qEP=Q*UMkYJ5-)WKbNyFBm^vPWu$tq6-p&_cHe(fyd0ufr(r<~4?Xikzb*Rw~
zcU?`=`@t^JqohHY=ur<9y?(SS;m1a;-yk@`N(U`kg&lxsPxrr6+7ewgDNi{tkDL{b
zR`LR<nD3VM0JlL!%(tAdN^+|hmXD+%`nj!glGQcZLSY<ho>7l7*Id)d#G9g$-uI^P
zJIs$~2C0hxy{e<_f<_LI^bb}?{g|fs9!>^&Vv&l4?k%JnDMDqO=;@u2DgbQ=sGi`Z
zst9{$A+uYoplRoss0I1EC0e;l{?b$G2OzH|fBjIU?3MPql)W1Ls!n{b{Ai_|FpaCo
z39H0axW-Y5SBjvL49p}udWutv378Jc=kZD_gH?7&{d$!h<8YWdYRfv5xw@22Ce^z|
zD*C0uJ<8mROrldK%`LT)svKs7rHQkC%u^x@r#a7IES%;%u4#AS0d_MBDvW-r+|^EV
zo>ONRKsZAyJ&F&kmY2bOV0nsOVK&H3Tv}QWu|-l?cT*{c*wQwF<LL6Ckf!QeV){z0
zFW%R0^yAX&<gy4#=ecD`cF<x8V<p-wf=U|psH@&LXL+0G(T_GK#Z+^SH9+Mf6nWp~
z(GNDGWKl?pQGl6vASwVe?ybkQbk?~G!s8-DY_RR)<TBU;ga-qSj9a43;He4X3>iov
zpJ~GM<52Qb@5CJr96~<&p=mu~VvETgR!JS=s(>GG4h#s*M2~ZiECPg>YUi07Eq=sV
zNIUt^Qy`*dkMZrz*wBha@iePFhVll;XnD9fR*5&G^8`+Xo@dnJK-WjW+`2<MP{pIA
z9k`Ibc0OU2G+D=!J(e)`6{rfJcT5@Z3)Kgx8IA@jkpU3XA#EqpR%t=h()w3p9>2D<
zsqanjZGD75RN!qMX|Ax5h17l*BJ*)MqTCz}V>+by$*MZrupDLp;nUq&wf-1>cFglt
z3sN}80Tfg?Ka%_aDa^2EqaR4VnhJ-kMJH%1d!>T$$LcwG0Ne7sOr~CYHOLmkOnH?W
zD)Ogemc?Qx6OpgU-6HZUu|;mTOvh%!I;vn)(tN?_kmd(kQgBh_ViNf^u}Cko$%hr_
zX_lTtDmyB!BU*lE@}UKib=xC08*>9t4FYZ}+-Y;e1(h?IA8bh$#W^H_Y&*y+KO_Mm
zO753w6JkJHYUo1xEj74yI^~D~D;K9c%5UZ3)VLh>0J+Fa@F|Z?+hckyxj6X=q2e%A
zN0m5CD~>8>v-~_y1#4+sA~{Sey09aw{Nzmuf=I1rvB@gPFpsp%VQTkRNmJ;GkmhGx
zd!)J7S->VD=BYPKpK|Xif#HTW+MRsdK#DS|e^H{075^gbSU>r&0kLfr>Z!IZfV9&@
zHE(CvD!2huR|8%}^H<P_B&z*>%{7NKSJ>zcBORjT?yQJmes}u7fsnicGk8K-4@90c
zlh*IZ<1M3an?*!~Muuh2Dv@D__w&Ttg2c~*{RN4i2bS$QeSpMgnDi-+QL~wz-XAf6
zp*Lv4U<HT|1p(F2gUo1$AKsfRaiLbZ5-#LruA;}!;X*(6R&{(8_%W<mk@wtYpL~dc
zpzRf^sJF|5<-HFxka*HQdEe5So>K)qAX$A9jMl8aO13PmvN`zxf(GU}(o9a}L!!T%
zR}V>EVe0&td;o!5(<kSLVEg@u688{HH4Fiec5u{cCcy&z{-%~lK)pzl4<V4mAk8F{
zA{sSU%fte&laC=tCtE!&a<XflmWjEnCciwk*tlxI^sr~3_E&CBWT-F$W*dm$csyWY
zpa&9&z&Btpiq4i9XNBwRB0<@>*C)Sh@&m3jx++_8ov(16`A~zP;lL-Z{k#OVSi!Wm
z3-iLESd4d{snl0Ae9E!n)ya~ua%S_@Dk%~v7h3Xv)GjnyrgZXA1nEF)-3HC0sq{SI
z&K4g<Ad>-Nx&)j*vI*ectUB}grun8>sw$&3EmJyoHSEazpHrSgZM8nNUy!0UKtosi
z#rOTS{O%lFhqn~WQOs^4t%mjIZloMVU`Z3^S7S*M3~R~$+>Mlj66|bpu+{k|2fOC|
z<9dOg+nyLwbr8AEs!9mu5kI|McI~7VK#0Rc^AT|^zo_%1b-IqK7U(+qo!hau>^AeU
zB2p0I1c^%pA!<PpepCB+5#f<m)7BDXy^^-(+|(5qNV;kivm+~6!|ZV3pTj^3dO;4{
zD44lEL}0&OK>HU?IXuAfSDNVxdO;3Lu%9KYaYE4~)~LZ~_-5sa@OCyW=PZs*xv71?
zb<1z+sdAqM*N%p=^rrR^*AO}EK<9;(EoB015x8GMTvy<J6o5DRP!X}s^nMY<b?tuP
zg!yn04TGZ$E`VLCgH%L5C(Q?eq;QW~ouU-fLhcS_TRc1}gEz*dDSzY`kb;=X%LEj}
zl#dR0fSBUn>1s+>6H`8hKu|3je-Yn$CH}(mC#M`lU=Q;;FdaQ)m8gN^r_CV=cCxtQ
zdYGj#hVNLXRZ6A}r3v(KHHbxr>TAABhacp;+(3cd^ZEb<cK3k+4`6quhs{1J;9BfH
z`|tsYTPb3!iw?00V2m0N0d(Uyy5kaPeG=h{N_`R<Y?*!RKu|zK7+-Hmc!8mmSFXvH
zMUv+nI$&9F&Z`4h7M%T5^arpYvvOuX5B+K^=x3};6)LSY+@Kd}sA5`ak=U>x5bzpR
zCe&c2RGsu=nY7vPya8aKcfM4h3K=*~IxVNkbxWaJb;t}>s|%fdLS7QLy7oYA{aVFy
z4lgL2j2sV8I2nHA`2i<`xl(68>U_160U6~8%of?#sKToksrYyJMf!;Qn#ZyW`<l1e
zF72y}mDs<pv~TpBmkuTx5B!5qjX<CMkaucPcCv&MN}F54d$;xPKHa^%fAjv`=iR|6
zv_5YLmTRquB)uxIAld+X_T%4?9a10_*^_V$qnwlPou%!l=REjbVB0)gU0_>3EcyVp
zWud&;kBMGQ994p+3H_;1QwjQ2F!)rjpDV%B1gKJPb5cwz&StKd`k~Xf-pTpf2?ti3
zztpQ80Q`<bk29Tgf@By~e6h5L_go2@rprS^wC#clx>by6f22CFpLrb;yy2D%PQD0l
zLb*4D2^$J;+9T5jXfiz8XTAv6nz|KppSkV|XMRhJHE3;H8-dWYjM)#HUhT~L@zoTD
z(O_-|cPbPT9?X5jZT0iHh2Qjo>Jq>48|pDXEJF`il|vRxs&B}G@qDkx{4O`8De{+^
z`D%Q_)IxDv)-;56p`ZOE@zgm*qr1{Mg@<?dEJ5E+P9w9~j|2<PXe|oi8D5KG&xciH
zR4r&6;s<&y2+#0q;Ss;95?@Y2{nUyq9kMnw!z*TQJ?4kGNiXS;Y1~g1jK}>R^Sd&G
zt)O7$VdlbR<A*cT6|n2Fp$>yQlxc<3)h?SngvvfkdM%2KswDLf)Z(vXz5_dnK#9ie
zBmneSa(X^G`bs5B9@S)~bE`qg;059hZQl!mdLL{1-<7ep-J1X`4CR)9&qO<0O;WA&
zK<pL<Q=ao^dEp@CA@0IK@<XKi57Kxf!Pwc4kY4Q|`JvP<Wl@~ewv<uK)wYO=L(ez1
z2!1RzfSpi&Q)la81Hge>osFJcKcilfh%|dYRUYSxUm}e*rJeI&s^xmLPmf|kVFWQ*
zx;hzy#m#wW)=rl6CdKBX;dN-eR>9`O`lg%a>ZuLx8H9p$Ho?wRW&>Z*+3MP-dfi2`
zSE|L2EUrA~+4Kd`kq5X7qGLmhblP(V({d=N?pt*QT*Eh+$5Sm6CW*GE;X3UgH|L>Q
zI}_4MLQqZ{9;04=NP^|i-91-bH@8lg(%H|=4|*l8V8Oy}Y}-KVRn8mI^A#>C@hHC}
z&PXHBe#X6KTA&aMl59?06#NRWwEybt2i675bFyjD4a9AlD5mLTOCDRdM}Em;-1f*X
zd3@IL;RCb<CIuHi5&K%&!jflfvjy1G;+*C&EqU^{ok?ns=#iJ~&c`|Oa1uIN_u>cP
zdmMJejZdf__$@;#b_l5E$JQ$HMbWY$WUs9>l60t~8_<gQOCE(UoS{5yUN}Q}B-d{2
z1I`drHkU0m<DWjHxA+C-8+drm<>-(<2QMk=fgXP}`=G_9)3SZ>^Td0k?m;AJV+v`x
z#Zyc7T(Rvmx7^BI{Lp@ifS#~Gsqt6^3k0>1D4&ZT-A~>kolJ9EP`q{NN+xx>ik!(@
zJ6TfmHQOZBy|2VG(Q=Sd=IW4X85QN!NdGp!_Gd#|m50n9Cw3LwfQYqdN=6G4v;xkh
z9e<ZRp`1t)&5w}2l74yw&7fH>a??$8XvsS&7o^^X82K(^VPbv;boKGp{%V>-9#FR%
zrP+7dzamw}MD2_AN0<1+k#WEaIJw?(Nsn}uds18q*hb_L6`W}C#81p0vG{rCBFe-s
z)}ZeNSgzt1qk-zh&pMB6poOKxSn!j;otd(@Xklk#!&MFScRi|d06*zhmEs-O79UxW
zWag=Q=72ttD5U}<Nas`-q5grz2Um!yr@(^LjfVpZ_FRdmaoIRmqK~dvi`M}NR`^-5
z4`{MeVA@?Dw#@E_`N5Xt15*@QHCJNKhxGvFc`N1$#dPwtV~L!+O2?9x;!zeKxgl+V
zgD%klwFe72=y;VL#0_UsAH1QZ1EltuxKw$lGI=?ve&k~}1c0lydNXw~nLjweI98S4
zxH%rf3YI9s6sZb85unu^sG0;bbEhsB&<=aI`xWz-EqIJQjzF3Zy7&-_tKIEB!a}Nm
z^uP_lPDgY)RJ|Th3AN>2%V;_D#ZPrlK7CEUmC`L02$nNf=87&Dx;c2Epz`@i&}p-F
zu?2J2Eq(&@)z~7BVcYX7#*{cmrB-dFPyqE1FMg)9G!au4>|2zLg>Lmw9`qBXB|lYz
z6iH{~F^XNcT-SRxyq{7nf!C8NmO764ni$t*eFTEs1bPtVCa4_5nO-|S2thLK6poWp
zbSqaJt?9D($O6rRhY5?4I5$#2i6dE(4}f+$Uvh9kLB!-C{(^|{6Qv&@VyHjbPm;cx
zi1E{@lU}Frcws^gk579=fgsBUtbjVC#l!0NQk_`()#76XB$liRn9}sFl1<G|vX21J
z(uTW==khDn2LMDqQuQ&dVI|Vz%;c*4(h^aTUsB5UagbkrrqhxG1qw$#5A7F@d>)jx
zm+AwKJawPXKg+D^rIK}xgpYuA0LBQmiX^aAa2EU=`Z?Eeu{FAzxV56c@I&Z>3A#wt
zsmrCL<so+A)RcCp%3Q$(2F%0y1qSqE!}}R<rk+ecFq~$3`uI(A%wx#*2!`s|fDday
zM^qRL?w5+=9%X)s;~vvxP8GXd_<JVk?0(_znH6I{_W>Km@HCjpbp>8=$FelS;u2<}
zuC#<3@^g22?`cmbWUaaW=<6+Eo}X*ENYr8tFl(`K;Jl9u4UKV}AeO;pS}8W5)1~5Q
zm3Vf4WPW+fR_EJYS_!peFja*W^EhmY74v*ryAKaI&CILN9Q`QX^;mI3%ugYtSZ`#3
zRuH7L>Nl3aXTy}oc*1_;G6M9&FW1CNwPQAy4TIqhPunTF0pAfoGL`5C)i^L)#)+1b
zk|#~|;||p#VFGgfIN44#Dv8;05o=tm%`s1OF7dq|r+Wb3Gvf=N;^JMe$M+jTdWswo
zzNf&ExLq>?3t$OcPSi@6;PfNPr)VY23fhp1Uq7fPcZ-_4QmD+YH-s!-s!#b*y|}%4
z#?mrYj@Znn@&k1VrhN)K0d0X;4i7u+aTNMlWX;h}nT~6q)`pnjzOg~eJYuR`JuMvk
zJX%&d_<3x`imCkvf8m;T9_L|GUBlq$GucVLYgf`ab$-Ha>vp6H;53EPv?z%bt|K2$
z<J>=a!gNU~&%<gZ#_;P9KY%e<co3`Nio-P3H5kKBQ%&EsD+_L6E_keg%Y>RJB;~V3
zBd7k)J+iDrI~5+<Z;pBDX^D^WI9!R3{AkVt_=s!Net_nBeB=jn;&*j@i-x19Y9U4V
zhVFnu1O+%rR4r(_9=6L>JL6p1U`*y}{rdd0_YvmGc(%kE7tt3}puaih$%91j?y~zA
zu5oP%<y=F=Yzh4A6ER#}@}oJCH8j8?ticigi4D2VxgnUNky6nD{YWXCUsU7t!#Nk1
zs-S`BrMgRSHlvff)Exc5kMxhz>t2cx^Xq=^mz|1Bp+x$@!EWI@GY6<Wg_3`$>MAOz
z9w26U!^OSd>0Lc}f@w*<T!eZG@+D6|w3Ma$U=KtDoJyH+OW^1l0%l8?X_tV3uYoRt
zA3PEivUbWyNTrcB%Gkq6V9(y;q%D!AaYp%Dt!!2)tqK#KFG6OKS+0}wq*$3va4pB6
z@N-vFgkI}{2=cOqrdYUwmB+3uY0{ciup5#zR+)`gWNwamT59R|=h>kJ%@bFKhdqDD
z@uw>T$xxr`3dbLZ)%&i*A17~a%1f!Zb9v*p2B*TCt%Z(@z=KAQ1>94K9=BAdgYUze
zE$*+P$CH<ZqsNnfmEwp%S?07X@FH~K^S6|EaYOpxE>#y3G6B@&3552PCceK0FXowx
z_PeAwt`<5-c>hYB1E?W<6*68d?N}ZOEbds{klMLpoRjmYlwFzY?O2{1SX#q8pRcrr
z8$wAt*O2eGA4|I88rGd#DZ+)OvoV}ji*WHkYg36iNtrNI2pR*pQgZ##MRF*X35!CJ
zR?uvkO3bOL#GIPPjyXX}Q)%!s4LUV`&`E0O07@JX*c$c+!hbFnnTi{RtQWotE-%V#
z(uiAU^Bc2vE!T<sxKjwsV1z2dn(kWxjZ=?9lgFJ(vMLW2m1LEl=#%8fE@P3_GHMz>
z&*yrw%1;Su5rJ&Z0gBY!^N~CjW9!t5#DZmvTio32vMz0I9_(Nj?7q$AhwSH>MbtEY
z8c}3AZOSYck$?1go<HWw)Mc{Xs+y;{YN~m|#Y`TkD)B}hT`KWL9>5^qx=%@=<#CYG
z@0w%RJNSMsQR0nw3!Rh{{}STG3-A}$Y)d)D3OxgGGxQ|l*t0!OqOKxj{799i1@sH*
zv7J#Fv?s}<epzN+5*AhbMmkQFYz1D(0^3s&wRwQ4beyIQEWS_Fa-BafPD$3~3YFWi
zx;~39VCwNyh6ecz0h#hRWoT+Vz99~FiUB2Sga(<D&xF<v!78|18{#rOQkX{|R3ty7
zN84tUe<?&g_Z%kJ9fRWwZu~G<Qi4w(hE9}#ls?giWl9X;W-UM`r`(5xH7&P?@|aoa
z(#(TbrBj}#(U5Q5cWJgXw9?FVW#THQ9A$RBGCZlZnWo1{dBRG1oP*g$j|Oi#sT!!$
zX$JtL;x-+vrQ(3L0ZsL$ODX|82orofqAt=hY)Mi$cBvnvk|uE)D%JK%G>99g^H$Oi
zQ^`u|bh47%&XMW3W$Fi?;I2IY8K<QdG)RMjRH!xdBSm5DHptVWN>U(?E|sLfhLV{(
zr2q}9HCqy+uHn_*l18Ng)&!ULVZ#mgr~tU*oym|xfmKouy7t=eHFX&E%w2>ArrvZ>
z1f12*DfE@8>7BGLG43i?Z<NwQ5haCwkx6Che3X<+njal#^Vm{>^P#X*mu4sD(|Atn
zm&Cl9(b#T?X{j9ttXE(UZpX<LK|>?}sZ|$TD<8>Zy#Jm|#u-14R2Af6n<uQ5xMM@Y
z(@yT7w+r;u>cU(@J8Cz?v`(#O5_j;{Gik#*s?MSah_?t*!9r_7N!oIyCKS*rR50do
zFRT4R;R-pan$o6_sbKW-I!#Vkz4g0KA~qe6;wJ?HMih_{m10c}fCY$+^J12`KTljM
zalaphO7d!#2cV<2L7T^*>`q)yHs-M}_FX5fAj(E={|on1k8|r+zl8HV)=UQ216k8r
z5sep@jnmOmKn>vHXZEn9NqIc=BuhIxlxIHR92C^qsx0;^TMC@&gegmXSU9LGPS<e=
zTk8iUg*xqlEYwwcAR{bGC5a!Glwx)#IVmld(MA|9CbpO^b(zUpI@)<+TIpzSNNn17
zv2|482U^JEv+Eu0Jfq6;fBLSSN1FyW(C*{B2&E0nBZ<Wg%OLvfWB18oR>KH=P~1!S
zdK;E!La{a2xnW#2*br$v)qzfGPo>*E`tnifk%t;f+>wX;O5Cv}!D%0Na7pJUI9-oB
z^86;t9pZaZx7v^P;<bLX@v*&l?S_D(;xW}mgUfs3E<@lfC_DO5L}(5Nz+E)%D?a~9
z;J2lXZkyH*Bu0+fX%hC_!pMVzrK6VTo|TSTo(pB!EV2Ktqt<h!I4^6*=DLEbto1{K
za?~{ZBuA~1g5<b)TR%D|M@^>_H*a-1&i#JSFYfRe=$G6fm0A`(SNZ)op0sSz3gn>$
zK=0QdN09+~to=BiY}?7&MHB#F=t^BVciXnaIdnSNw(4}ww$=S7rv!?0VOLTb8d|!#
zL04Q~ovVc1+D8w&^<4G*nTFk3KkOFI**Q#_ywa68Y0q`qJm^*u`+1bCB=++N3lqir
z#6CZ#d9;Sjbq%raXAP;?msp~TeLtA!$&Wm3$S#A5eVI<her-A~Kk_UjJ6#g{4T{tu
zqM#a<U$+bX8Y+tYfSW9(Ruz(^tW*_pm(rDuvXnZVEM;{%XDNN@*yZ7`!eQ(3pbgoI
zeclNk8w1AVEXmniS2%14Q`f(1pRwE14TD47n@kjb^<GIUhKiTJ<(ZY;hM-%j3wb(f
zmAa74Kox$}LGox5N1$FbT85HdG<yI{ou63V`EfT*EZ2&{NNYtni`VOZ)Gy0|bcNfp
zyNIjVgl!P+t@#6tq=6bq-If^LH4gBWc;3DPJWw+NIT+Oi-)TY*)S=t?K{~0QuVv=D
zSU;b$ZFJ<fv_5r%>{5?3!AgWlV=h!Gz=xXiBo}JeDe-Z}p)Jh`H&!|&7xA~kDe>zV
zKID{8BcR(7%e%%Y@#B8l4qOtaq=Ft#CVkA^-4OX3v<aESy^%@N^Mo!S!k9jYvSepg
zvRVi-^w0}NOLu6$AZ%B;uJxW(2<OWI*>-u5u*BneRIjAU<$)+m*h6@n+D)CGr<Ufr
z29M_%ZEOv8-UQUL=<@V9GTC0XrLh1sDskBsQW!obE&VQ)@ObU_J$ze1M4}9r_hpi!
zuB|l{Nb)GX->P4hp)$w@ooZbsxx#B*rl31*#evLRKkSG;gXd)`9p4Ql757<UBUjXa
zreQ~z!{;?38<wD&0YIJn!9G-zcc}y7$mQE8!xB{UY#R9`UXiLsZ=Fim5gOx}@)CDE
zdf1VpRl1*P*byDp&ue74L;9y^>1)6MLg=hg8KC8fhn*jGjQpXX7GcI3sAc3zV;*!Y
zUH*BTu*4sE3YuM;2VDLm*P!xrHa6EaF8{o?BKa<LtmuaMu%Kq-8c-gbENxgGP%Lej
zAB}p*hH*v3k4B}ruCZZ$T3P%qO(~HLtE7~`3q&PwUS6@dVVPZD+OWKG9^tN?_cM1A
zZi!i4W5YJYw|4qIczu3Uw>XRY(uQ5cnF=<)pF{M36Gj_O1K?5DC9Z)e?>5A@b}Cd8
z*Kz!ym0+$<NG@dbBAXQ@=8wf5(8*cF%hPmz%qnj0xm;?BX;$i`(k{2y-wH40L8gN6
zK)wDmFF%U#n5ZfNqU&>AL3s3jr8`MDP}G<-MCG}kyDV70UU%pLeDW@m-BED1njIBz
z_C&R(K97PG#9E(6qe`sghcX@_)~J%xZ^$6JhFI(Kpa|KpomqC=E8bsZF4=YwnCQ$s
z#SL>K!VlRns^s(=f)iKSFh7pbA;}XZX;gJcrTQzmXuOR>pNBC@C+s4aU=;`4Q0EOL
z+_g{B^S;#$2PfvZhOqX77(pwC#fricXmTGq#4Lv%&c_b<*QFebU9#Gb1oeItL+Wiw
zJzc5C#=&Qg`C)kwqr`Q2+@T~U{Ir$_hzZ)p5@@>(9DWV1+Y-Xq=f0n5G#fYs@0hpa
zaDY~?J=5X7Js{7CH%(9aDo;f3H-sim9WBHe?dNJYyk{dCFrR5FF=HN0C^2L1tbP;`
z$omiWeg(bjiNL&oo?QcJFQWk-Sbzr@tb-qy^j5*;M#Tk*z-^-O#073-MsKpr*I`ME
zORkr(I$m%bred9;6d0MgJ(33-O1zjm{Y$*Kp)lUQ>zH>}?DN8SWMQtNKjj7a>~~2=
zbgg0`(LWx$mo1}~eD6ma(j}{ocCDG=1M_)jzkWlwK`WlB+t#mm+RWUdsl*Uc8oDL{
zG%0zM=K(yX{@{ljG>nQ0u%YaShEY3o+$<)@KkAp&9SRBxk`3aZAYnb~tL`rX9R+JE
z&tNJ^i!H&4UFdP%OtIe(aJY)JsKh4vN^GKk^w<P%#@PQ%V-x*`*o2}jR4NSvP(mg9
zCow&5^VnBn6a7UFOu=G(^w<P%pMtu6XVubPMb}f;{Mdvv($FG>(z2BnPmDW;v>6sn
z>hs_PS%q^0%;<dvg6FXCqVdhbuj7kIM?of5GHUuQ(TQC$kvC=RH$)t+A`|`KL{fRt
zJR4;&Znkwk;XQx)4WWrMbA)!_Ro>w4<UBG#7%}9ygr>Kt=3uSL4R2luE$n>sOPYLM
zZ?14R4_hJ=`}mOR5rZFXxSE(6HpCiswaiA5KPIGxJk&sV;~durd|0bFv(S+BkcTbE
zTxTsl%r*E*JPP-5x-vdwbD`;8i?Sn|YCEH9AD_#$%ah#b8uY!_xhiMbDOv?^%K3Z|
zx=zUCSQnA^6igQwPYfFJFjC<x4|(XPbe5Y8&Pcv>msO5rKe`87a$K(9t{k@H!<^ie
zf#)j)t6JVoYuJ$EvM-YF6l)tcgpu|szfMgGB)3($UcIoQY1h24M=lcc*bre`g(}Nr
z9fc~(8RIfB4>Xa<&gVHQiM0dG@espB3XD|}he`>$!H@W)3v<uqjPjH8K>I<Q>s`)y
z42Nvk`ErgMRy)xR)#`^lAVenHSNsAsHtCAz$t7emjpilwx8huOno#0B^#k3GNU_u_
zvx)+u>hIv!o=exWsP#z|s1?uQMLmWM5xR3aK~(FhdoGENhO4g|B6M2ML)7|kHjA!6
znTyNBJnB|b1@b^yNfq!DKprAFxJcbnN$wh|K%V_U&evITY*7VxBZ6T=aPF)Mgt;n_
zfR;BB7&ZjwhG9I+u~b8tYd}ZTaiLx?6lSF|$`80jK1%)@?KsSPOeCIfxjaPq_!{Kv
zj35ehRmyZDg`Cq>SL;>h5Z6OR<=`d3hdkJ3`7o689pG(fQSKJq45tBp0l;oLG{-B|
z%@@hRDa%85cDA@<nw%_BYC+=`XReld+y*~gN7^={ZtDWAtD3hNDMJ*M?pdC%!zgQe
z^yWReRS-HldX#ZlpXdJAxxxaXP8M3jpzlkA7L@2te}m2zX#3KzdZrFE06BqY&M!&(
zJOo;j_I?EI0n(nAdL8_jSeok^(mv1Du{)N&YnS2I@*6J?h}pRWHmm)pB`#R$N9{3w
z9$&N5MbfnXTRPH}@^39KK|bUK0_|MVX}g`_TnYRStXb&PFvE*Zua}175Qe<mpq(vI
zCXGCWG9ToN8q!pJ_~}^4WDE7i6*~g7PH5{{!Hzf$$c7C;&waOa$8Tvr=oujQkY{R3
zq?XhbTf$?<Jd{Z`?VQsU^$$O#tL4>`hdeB5=ju`mGL0Z1aCr!Uct3>XM0L<W_$-L+
zbdev=evhbv(8hV`qVD)b?bmfoC+(!~q?1-rc-&2^hX})J_9vey@*@u2RO(_TlyL*l
zk5x;}5>>AR#aD6ZG`vOnupwN%55<Sz43#2&3|dN;smY1z5(nURY8mW2ra9zMXu^=1
zjt7%EXpVkAsg{>v9`cAbn@jYoq!YIl{i@^k?L~#if@f^bl5<KLj~`i1xBV{97_SFB
zY=|pgBYZmKA!xf_TG~szI<a`FpV`H8>4rR-ZKsktt;+T7447^}pfey;6d=4><>2>G
z6SG1JgK48N--zMu9S6UQnv@|sY5K?IFjX~uUO5%|#QB0LY5F-Vpv3nZLd*L?JiJ!)
zkcXD-rl&J@4NX4}Y1{9T9aGOvLX}ip!VS+28~ny-GMno9G8@|cwgYWfh}NC#dKvTD
zkOkTj0A7`St@>H%ZOSp}qn`sQB19{zYZH`8Wp%FZk3QHy#E6E!QS?1DEv?4C`C7U@
zZ%HQ5n3=34FVB<Q6C<@R@Y(01UD!JKk6=$gAqbtLJJfAO1hrP2f@i;u8*l^~+n3-$
zCAQBCv5!8EK)SoA2Mgw2Fr+FTEH048yc%agM2>m+%z}s<HzXqN6p_^M8uL6vyXRLE
zkz=0!Xum5p2UZCw$GRpWkJKH46Y6n39ABXhmWoI@)-`tskNKb(pF15i0i3Xt&=M(9
z5n2v$F0du&Jkd|kqWLw>^@6H&H<i9kPHW83hZN{+D26)1|AHjx;D&_aj&hIO|H56<
zqYo-TUCJP{p!0-^?JBc;V;(*sDv-CJ3ZOfNuy~SLmAbb86Y;q+Ma!Om<aAf-TAc0`
z>zb>_qYo;0WF2y>pbEwcssI6O@BBQ#cH-6dkvLkP>k2yL=%WfAS%(~bSixiKkUp+J
z^q$AlA$@4UqwA19y5O;ONFQJD=sKhiF%WtDXgXvLGO#i-3WA+FB=rd*M&Jp8q>(6k
zLNt;}H<ZTFNc_ZJ(MS}7EgDG;gzab~d1|j+Na0CsFd)-a8VooJ@<pPs^_`75_M@aA
zZ@>@iRFJ8=bliX+xQ6d+^sxp~{9=TwDfAlcQ0O>xB!_YbRe=V0Iox3M3yJD<+ROv?
zJp4eT-^>Gz3aRqrBMy=nQ8QcAx|*5osC63<2O3sOKI%$T4fsn=*@ghkf?b0#zR~QZ
zKI+lO8;IF^3I`>#w*rG59m-tyf#jM3fe+e3hzp>K8^AdaEytHRBBTO17%PB-@zDVX
zygSGEGX)%sKHwnTXd2<|QeplI5X%X2jXvZ+R7ef+CO2d)#LJzYqmMYy+0-zMPVq`Z
z6wm4DV-CW-If3JYVTdyDsWDr{GIY|-M;~(#P8dRVnr<$!44!VD+=9Gh;^@N;w4@0j
z6i1{-i5Ie`4Or52jz`yr9cWNUGI2!Fsu;cwfMfKL2O1a}#{;}gH=_B}LcQD<<0B7{
zJpmRuLFuH@P|Xp^d*_Tk_@KoFgVk0roj4IHtv=8@kKS!Q_&}!{79cxMK*5@h%z<2^
zk3Z1q<ib(vDmM<ts6d->4FGg7L7epzXB(zNzzpJ=^B{G+^gGPk^K>OIat<0ODam<&
z+N$&qaFRHDmIu4pT-R`t%&xK}qD$S#BD!jBWRC9~{fv3hS{L|RabJkmTJs`1TI+_K
zdG(PbO|k~6<4u}IAFYrA+S-Fl0@}4JfD1_<t{^x!EhQv4w@P6@)DEFitAavEGWl%T
z<CsHc`iT)vjqlM%B8VSBlB?B^(8HeUD45#wBlt)J^&@C$yA*2RrR~z??f4OVEQ0zG
zMtJ?96ssQrh;alvs8z}trGiC3=1L|)ZH0^R(Xj};!`JvT#Uj8Za9$%Tx<w;V5h)r;
zO+-33g%3tBeuU(<sQD2nL~-)b2s)j#r$TY?=(ebI|KM(mse(pG`j)y9L?fyA5*&SN
z^3e#Q0G%wjl$cSo;JCgu`PC0pGZ*KDuu3H%zv0=1Qw5FynFT+fB4=f~8gjOASS8c9
z3I`$WojOZo?<&p`H0NTs&g4T91cs?~%>{;8Noj0&&%Y_hBowGi%Bz+(?~?M0BE>)f
zQ2=ejmDeeUIFzOfVcC#n5GtdHCRE9xbi%UJh7t#=E(pfdFFXjM>AvM94lHF+t=9DG
zq;=J@uLsVO7v&PHpM1)JA_Ws*@^J<aF#)K@cG^<5;0h+d<l_-EP8zI2WI*cu)&jWI
zQ9n6%lTVxA2&n2Ap%w{3Rl{0v3t-v+M^J}a;>C(X4c&7o-}^NVx_$|XH0pHfkzX@F
zHn&jhsQhq>mY_nvtCd7pN2+!NM?zZ1N{JLte&l!rcBZ94X_6n6QiSb5eI!$kZD4bW
zIxg}f<b3fGUl1>R&$276;6j-4n&c(<;bROQB0s1uKluoQG}krchmS=_@_tv&Chwq!
zQn+WXFYQ;394PLWtII!Nzc^TQ@&nY@+b=(o9lvXzSA_T9oANleJ<DQTt5PM_ZcVA;
z#`Tnk#qD%bKL4aurI2q;tMaJJxUn!DTojPfs#j^Ekgr%lj!|Ld7dsGN-AU#TxUe^r
zxTCq)lV9&Zrqc?vlHyen`%W_D<U<zJS1p<5>Z^vlD|ZM^ei+BP@KFmL(rD0%Uc{Dk
z#i`^%IZ20;k3~p+PYwLaZC#7}I$BQ-MJP$h96L~wl743VL!>0P7V<E)Jww-%l6iQX
zeV62#CoQDn@@aV&%E>P?o*bShAZrRU*W!6R{To=E^Brm_6a29ziVFU?k|~N#T~uoM
zb;iXfqM4%N&aH(HIh0`XVGBB)l;Y6o{8AhZ?`9F4v`#@2nNH(}Vm#I2hmOam21tk=
zpPim~$K&H85=2NUUIiv04oyvL@p`*c1(6U<np5;JnKZTNp(7-7L_$eO<`{yKkn{u9
z4-t~wb>K&-uO}q^aCZ8xeL|9(*M2NJ1=!SaELAINj$_A(<%hB*Orx#?0j$(~2Ry<y
z<)LgVlSPbZW|>H>T4tGJV&{?Z!gMJG@#I>S9z1?#v8UQq66(cIjS?16ebmELwF3B!
z<0sThN%E5wAo=^a#8E_>hS+#ru*uJ<Pq+8U2uQbgB^KK_x3>>k(Aztf#s!8jWe?RH
zKhEv#;}*2e1L|9K!PH5d(lzq|EKApt=Oa%QI6~r-^K}X*IkfajUbv$yRNx4pqrcJH
zRPcSZxVGbL^5F<#oho8o0LeAPx?`RChy;nB1knPc?MAHAT439;PJK**h_Dkt9x*V?
zS_8;CikFW`NPxo7n?8oo6QB?&;BFY5*XWpXNJ2?j$Uy`pWnoKs{#~^!ILdh1P;&no
zc>KvP&!3b@4Wnxx+O9{RVj5=fEN&mUAl$DBtHS*?sF9;D_}~QrHU<7eQnwiR6|j-#
zj`tx6QSZ{^*kqgn$&5Z?bRk>bz<u)Z2!h-dY^x%7E7;bNYI(B{M@Z{<y1FH-QMtOg
z;XPN-2q}m%^oJSsPc?{A^WRZdM}TxXwqo2h?N5<*t#WU-Bh`WC9Eng6SfOy}>01f{
zYxcv_NweQ2usD2r-VmI=hQONrKz4`NKRmK10v8jtQ(AZ}Pn(~!IS*wQbn?iHCzU*L
zehuy5aDE;bFU*!8eJ95}+AHD)tf}PAvG$872+ByyO9;xShU)g#GUM(7b?ID7Pd7c+
zekmhI8qa=hgm_l8fR~)>N&zpPhCb(jh0?jsK?bFB?FXqJa;|B-V)jGSX|5{-EN4HM
zEq65>3NbG*owQnBAonxP8^YOIZ(i<dzt(2!&6S0-8Q&`iS@^yNLiT2Ji*&^O)vH?g
z9{=MQ+0Y)C7kO^o5*-4<RNG1YtQAnOBd`4W35i7>%@sN46%<N`I!76l4s{;&w%h)Y
zLrq<gv!5-0y+iG%)u-<gS7bt{)Z#T0S5h}5)uVz9I)-Y7>ex<b7)r~xfS)Mi`$_d$
z(pJ*+w4|+Hzop{{);R|)lvptb50qHZk5NB_6)AXU_5;+{W5qm@U0lOVmX+3UL$dY0
z<o$`;34VF^>#bp)m|a@KJVaewLpR9z06v^4P-6BYoYz~!JQP}5!#s9bTEjd-_9)j1
zcjwJ{w2jSm4PDVs?Tve@^;1&y@(P^aNwb>syx!t|WrdbX`{hT-9>Vk7m*L09uE+D0
zKpGTKtg?b|HAlfm;W{}Ab0v@_iRS7ZOGR^Q8aGdonk#{{<Rg&8Z`JSH0Z45g*mCsy
zN*wJ$@HXy3ohxxPKsI3fp5SfJsA3|x-`$tTKxaRY7CAVSkPC6Gbh0a9E!5AWN?aaA
zE1m2->{UA1er)9-Cz~tyeqiN#Cp!<p*c(DDKrQDZ7GTY6cPzj>qEnbI9<^k*pUNiI
znq)Xf&Cd#zkoC#cn0UYDYaI9<=V_sqxVXou7>61#m0BE5%kDW(F|~6^Tu{+%0&S?F
z+Z-w4N7^LrqX%0txs`ymH{AwLqh>paM6RSed7j2RgjSLxdC;pMM;1T2@(?*f4cEnw
ztz1oxEE}RQ`{3_0wNRHl3RB?y<Yhm@dZL%T2J7K6YsrH;h3S%dAlawFj1_g&Va8=k
zd1}!`lKZc6ssZt47wF>Wf+p~n9y5G%$h4{*GY$(`@>I~mF<bKBSm~Jg!IcLbGhR_+
z@gpnOJ7$&g)am|&bA4*h0r5%}JMU|<_#v2(qyQBvb!WtNosxGe?HL>1y<*9uFr|Z*
zrV|&SPUrgo8(tA_$%8tD=};~RfPg`hCKCv&mNYqY$z4eZP3XXrGLrI4YRZVm!I@cG
zpbj}0@Nb`L_@_c-!+^XG>Q8NY8kAc6jL_uSSBb1LvTM;}kk7{Tx@AMSP2C4cMpoo8
z^jaz-{cu~N>|{O(bfWjoCyz2W_bJL9)v^+0HS>uB!<RgSR+7gMAs(1v$>S@Q!yY1!
zsbgfxV>N89D>$;2JbSdXhItle=}y}cU)co+S*W?ZY>2O10}!(Kv6#e15@Sj(gIbJf
zp(fgr2VyKAwLn;*DXHRaJ3vw38>yHvyye-FhjrL&s$X?!wwiv$+u|*LR_G%~SC>2~
zw8Z&&Z|f50`<a3dksdU%xcGU3X|8KXk36H$^2b9spQ|5vcA}k296fq#ile7;Z93J)
z7C+jSnDNmt6U&Bp+X*w#1+}h{p4=|n`pjc!b|K@Yg?s^2nYdY?PX*_y+s>_BxPf*N
zkF$kXmORa~bjY^E(Dqy}-I2!YmOL&-*5xYKOCFE2-=!W-v6-Z5ZMA|p*Muv%gh}r{
z*-TOIu9{5FY_7hTj+ufcMDMPkCOqGSpGp{6U+tyD`W15t2t}%Q`(aX*S7U=zgmZRN
zCFJBddHhJJ$ScXEl7*}RHyt&9L;O=^2)Z=}dF9KH?&z>c7PBv1)OjJ|k_>t5_$M-c
z=%)Wn<DZKk{|r|PqI!C$`vJ*6@Qe86{JMr~seb%Zs-8+&Z}H1jLJ3Z^b@9WWGMgMU
zt+DDKH0aTMi!*k#;#e`u(ongBOlgpB=QmXLW^=tD4emY!z*IG85mAO(Thk4Ax!T2#
zeul)U(B4&xdV@ib00EyJy5Z5ZzLu+WdHmBZW!gARkrXzmrATrN+j0?2E$AY7)?Z1E
zY>9yG(?z(c>qj+{VtoyT-w%JL3sjmECAnV-TXaV*MEu}qoJ*@prpvlgR1*EM>7mXe
zpQSq{k5-m=Bag6IPEPx^k2m<K@pH<q#~T~6&(wq3z(awnvdSD>3j672i8&<7B$HLb
zOlX`zxB~@vj%P<A+1-6@=DUWOA(+f99TF+i0z^Vtr2tXaFeMd}Ww~dT@A3CcJ-2+1
zzh{_LvNF3csa?bLK+NS{yw~D;e3yGg$M4d}v20i+#S<xHloe~qXR#-#CV5Jpe<jNk
zDiNQq&WsxI(KGG0B<*NfnfB<%N0U0B0iOnCCqkMXjrjcP%P(*LaQiP`|MRo(U%&Y7
z{{F)kx3~B2-@pBIcyo9E`tbhax3?c&y}teU`XzMF?(e_)imyU;3M`i+M0dcapS}#L
z-||!+=E6*p6coi*u1H_+<vKlfCy%BW^$CB^(tb*!!jG_}<GbsMqy_)rxvI166<j&^
zu1wroMoMcSk%F{el}JI?Ff{>lxl9{!IN_XA$ZL<4hkUISo^=jy9*iTTX;HvLTBRl+
zq89W#UIg|Etmv0#ZI4@mar;=2>kfH<jjYR6STPUm+3!l_X|(KuI29|*NUJ+z!ChXA
ze811{M(gfiE>|Wh(ogO4=)bJk=fL_>R`m1UPzxL7u}`%=+ZJuAg8e+8>H@WxY3*3h
zmdRMVY0VLh(omTOme&9;ZiAZ``dy_CPUme~rrnja!#wa=68U+E&3^6!M1IRP**sjw
z=6ZUI8M%HgJ4(f{6Fxbm0#xwHw0!_(%PwiM3g{;o(N#$bR{{kd>*x7wb}ngKsjexx
zV7O~)m%etKM^9h#L$eKP)+3;*UM%qlayQnaewk~-EZqTad=03JipvA)yFP3gTX)Ga
zBc^oJ^XO~osONz`%M1@W>f8p(gNAIbYaI0*wPCkucaCWGYs1F%-luNS<~;4uuMFG6
z3k)2ta&12YJBI&@4RA^@_tfu)=_;(4$7xHfxFN{5&nM9`zafHnb$NRg?aq$|M)ufw
z4{$@nj|KK4O1dGogpz|$HKctpZ#lh3rlAtd;>ol;ani~O@h1p87X6e$3Lua7KI(^M
z9Bx0XfdvRfPZi<@3kcNo(|p;6>b05yl%Q;tupO@{&>lBbuRYbhN-<;~mfE%43d<|f
zmaexvMqH99eu(h_*BdS6iFI*xgf!PRt~WmsvqKkjtg?CodxQ$XwN?B#7p;CMQcmwM
zq9tw*QzzzjR9dvPj@R7}MaD(fvc3}7>cNv8MSp{Hsm<sIBHN=Mh{WGBv&@Q*hcF|z
zZ-1VFNUVV?LZxV`0vZ%J<O3RLd9C*7hazP*71#=&KuzDS$RN9}l4hL$?$h1N`#103
zeGV+aq493KJd8;=L*3NE#ngWuJ7oaVOSw1?iQ2gYQlfZFDcs5Nn0wY_fFH$Og}S#%
z>)VPeGWcA1rzq?qUj^U1Po}08oE48urQj^B;R-&?)Xma0mWQDW*I2V5khxDa?r7);
z>OnPVdJWaM$wQu&Z<F-g<%6gAdE7THCnhJW#s(F+iC(JxLQAr8=4kvh&q$aC2F3T|
zSARw6UB>qCG<utxE@xHw#lgaL{wQi_QA(_$>-9``vsAiDgbkHKR~-#4Ac*M^rcy0J
z*I>*@)MUYy@wBsr%FxCSX?J)p8nvQB;EWpKQp78PTuOS!BZ^Qo#`cy$E<E+^X<<$z
zbU9`GoMrHX+Hr%EQ@ayHdd;UzE7zk9i7S?*cL`D_Ls?#lpI2(T(=u9^EQ|LQ<TZ@W
z^D>v@wV&acWYw-f6|J$4Z~b|i9gW`^G_AoddEHaZyzyhyBG&Lfp#-R0<`rK(&BK5O
z;&NgVYvP>{c}+FSq^!~OR?L+#qP_G&{ow9wy1@+%c~djpxCajoj5Ax?*;HK?oS;aL
z3Kq<f9vdRh>PJZHSgD`g^;}@*k!MR8nw<pvZ6L76|28m*p^*W12t$DOy>P_GMI774
zxzXYLyv`-@u_gArPkc~C82Ie-x7d|Q$Mgzb3)Hx(f7d?o!Bt*A^t=)u;?`T{1L}=Y
z^fX5$BDP$m?9})O0Q67_0D&)_u-^658PoWI=R}!Wmg2DF(5%#i(W5NmYr;#KdM92;
zzq3F`izu{B9>cbCCCaqmxlmTioAD@f^{NIAPF%y9InzRot!CdrRij$EpS~N<q=s$M
zI#!}K9Zghd@#!8ns$`V5GC(JVgp*oZ8QP~4(`DkOq*>)~fRbqRL&Qm3?Gug8HvCLA
zD?fWznDK-GO4yYO28gHWv`rpDwkItvx!R|R8!NcgZlECQ#?RgrNi2m}#CcpxE96d~
z#?RhOW}GH5N_@078?E+;b#!kuk;S_l<Bdm~>)?vJwl5+?vyVWTd!vagj^=QuF8@l-
zhfA63R*>1GMyE>t%01)J=H6*(Htnvev-xRboi|%u<mfGv&RQ)$)8j|?PD_-XF=?p?
zSFJZ2*TD1Wzm*~ifs=mFO~hhXZnehI_w(HA(lwJOOP8*h4RQE=4p&-pum#h2H*mVr
zuAzbZVfgf2qJbw~tlTlk2&5WMo(pWbBk`hw?NshpG;rsZ@uTGeu~wW#kJ*=-3f>Nv
zB&BUbyj(+2a(`C*1w8Kq!4Qv^BoB0uOQwx^pq1cjLt7HI*a&yFq!kb1;uR2W#mDPT
zx8X`txgQOuN@?b9;D(c*c%2yXWL~5wcFnwSJmp*Ru6HKXdb8C9&Pndab*#B<X<25l
zh<l;QC8JV*Tct;jGWSYrW>_zwrFH6&i7t5||EFfmIMd}&hte&RgA+=(jNj5TN!VS+
z4DD8mkd>=7UGJ9J0*cso%W#9v2Sq&SmZ6nBu;MN=iZ@j)C+QDcF`anfqZTTYCye6;
z?{h1S{7Uoj3TYuvZY9C^_=p9-CFlj}BNk*K6|o=-$q@_5i{(w{-fD3nwZ3(_uWK2~
zJTU}m1m32lh177J=sg^YpD3HSpEHLcSS?Ey^4zu$`H*mG4TvfX)C&$w1mCy1$Wg3w
zTF6>znWKvM$@Oy2pvA#4`1j?Wsq_=0U7T>%vRkbr`136Hg5XC&khkp*5d0%Gyh7Ki
zQ#DPy=~ol{z>9m|CCsQ^EIHK`3!~v%2FSNJU0ep0#iE5*P!?P-02I`lOYWI{UM$*c
z2hQe<8SMs(J5ceRs)hU6-i<e%d#xq$C`HNBLRLgEvg()w0ffX`NO4YUF044GE4i>x
z0{L{VFFcZVt``v^GZo>8R3$!_YpIFk*M=oYVATqO(vBr9!X@59c4#VtIG_sSzCru~
zUVf;{14q{(O3I1LWKKao!ee;;oRWOpf*shU7<2d)&d>Q<?D4steB1ytQ0bV?Sw%Q@
zT;*wfn1Q$r)c=y)1{M57Lkp5)GM5=2rWkwEWz0x6c&B1aEsVB;Ge~u~R5KR;OGPoJ
zrPi^K?wuwJss0yLjD3t9%m{j_bJzk|NDc2Mlyc4gLYs(#H1|?VqF9QZrnzd4aE=mh
zH`EgkYZ;&+0z~nVA>G8U7{7!8iqagAwbu%cEinj(vF$+)0*~cE&|4pKq92ATqVUk+
z149KlUcYG9hoNhag9>kbfJz9xz**nSGx~?2VqcFBn{S#0kjADdpfmP;*>P~cER$oU
zTP}x{lx{g6!jNvBUAG+VaSM@K*V?Xu>TZ3g15Q$av`v8Hw@8tfY=o&r@3^jnz1g+9
z%k1)<4~!5*@hM0EZ64=>M+r86**7mgG`+`lIfBAU;RFdhebxkv_fb9z)s_G?_0l%m
z9J*mYY!yw1?Tv%Yqv@O1D|{G&$?l4|3V?{Vt(Wq?51ah0%+z4JV$vo~9b47X=)1mb
zn!U0DSW!<YPVEY`h@&=n8;^%+Dpg0>^I;tvf$m<qrggYD;hWLG3~B=&rW+oY+4W(5
z(lVCBTd@$dhq%|;6{)=J<CL!G#@0WUuH={WPX!h9T_4J`ab;@PlFhBVmp-s4sFDEH
zos3ecPe6^*&0iKI?9od^Ykd@w>Owz(lGghLQd%Fdq#vg7t)!%d;7QSn-@IU<(q22c
zOy*;o(xuekG8%EK_UTfBg?JdcAFHDc5LKSM$m^SwbhI40RMOG%q83&}KR`#LUGZSe
z{Y*U(Ihe+-fmF^`9S!KF1B|!F(a|7|CU19h7*FBLl3Pm?^`t#CFXFlDK+L|?g5Cg*
z*S$vzGNeCfp0i>LX`b`0FY}9Hwtkrv)rMvmq8KTa$vFaj^Or&Dy4k<2Uy>!M9O|bL
zmE#dU3$m?}mfZSSFkLW3xg<;tb+T+;ulQlJtJnI#vCvHly%@D%UTTuaE9UL`u)cAH
zu8$mRhaO?Ln^T+-XeXdDxGR0<m-zz2RfeKC-{<O~J#<>QZ9EZ>?4gr(lk6exa^JHE
z=q}*$jSol@_?!Bmq$<MWIH5Xtb3A$O!`A{R3Dw6HzoU)I9!0^y<=~YPZgZ$xNsq`I
zh?MjQ9|yHxkH9WbKdoQzCCzmOKxv!9rR;4jg$GBt?hq2x9PJ6QsCM|VzMdX;na6iI
zP|JQ<N-oyRT9G<G{<02+h<_gPiZg}pO1@A1F!6oz_Ah&62<k(*CpE8iW529L*B~f?
zdijXoZtvyum%sewaQETmw{PEn^WyEBcQ0e<@9*A!f9Gzc>+BK5OAGO9(L0oTJr*%8
zdzNhI8`s>;(S9Wnk|Xp=B4h)=YZoTHr;UIR5vfPQui`Gwp<tyoTr#!Wu3>ih|HF$<
zcmMeQ-Tm#a-~aIO&E3b_$i(5vv)ljl?&bSeZ{B?iXlTS|eSQ0fAHKQ&+lRY2s6oN`
zyLYeNfAe3S$=}02QMEq4L4SMun>Vjt-+jD$_ww%3^Jh&v-+uGr<)1&jeevnL+Yc}B
z{O#TA`}D7mZ@&HR{#i2~Z$Eu_@$&B9&hO7$O2?b$fw8~7x&71s@qgZY-rvmd1Hb#>
z?OVh+8s~5A&GXp0`~1TRMKF%~)9&VZBJuRzi$C}HbwpN?pAR?B(V6e!yDok|;>*0h
zPxyO;{*(95g};Xe0<(Vqf&uZmBQF4e#0&`j2UJaHQT9_8Fsxt%qO#Xu8O?x;4*|f!
zj2O{x36UtcC{7b$K?iR^0E{pLS^$ySX`JDz(C@{%4iOu}z84F-9xxz?f-^gS9rQI=
zUKl@o`vAi*1EBgJCcwIJMayddpm+{P4u1{ea%O<t1boPIh*0M>SmGhNSqarxXEUHf
zC5B~yT<lJt8<se_b=Ygd>PDlF4G62d8W0TS0q|Vd{kkk+bz}WO_L{J|5hP3oAXfZ*
z^tc6!{(N+gH`a8F0aP{x)^v>dq-+4z6rg0jE68SlKF0h7_698H809h>faRQG;Tkpo
zD>+5*0ULmooML7$8GtC`bMOGC0(|!zlFJ!@m0S<#TkQEVg<jmU=LmtBQPJ0rMt-Mb
z2mku>DOUVqUyCJO4;YXm(Jk|Y8FVhJ>l{&y>@`@|^?*>`5v<yP|MfLk-1Vq-LYRLT
zLw8#pg%zG-RU0xHeEH8IQuzYHr)~yV0f`ySs2&!<Jk1>hw0sS`&ClmpMuB||mUum&
z>jB~DCb-y7ufaO6M_JNwO+24Hv4fJ%X21Yb^@y0eesEai=y+ov9M*R|;NpUTbNKlj
zvy#Xw;H5PK>~`ZQKc79J0|90STz*Md+|?_Bm!KO^IQqopxF4P`v1S|lUaYGba5)hc
zc0FQ*WdZ5k0s16s3un{wCE^>|L|EJPfEXEECd8NIEf5aRmk2r{Z-LXq46v6N92jO)
z1j{TV)D)cyOT2hO7tVy|ORV0_J|-+~be6CIVR2UjM%4LQAg^$Y^+Un}uSVGe0N2Iy
z#gmPo%nZODL1~$1$aR?v*8g)TLtH|@2!D=Bhe3lURKXm^2v6~WS!zdEl7K0}u!#I*
zQ(=Ye2o#&10RG3`DN$HwR10*p7D%nahzmYPT9O?SYM9N45F?d9=fX0ZxvX*sGZDjL
z`wBuEj5|BRibvR57#1UY>_u_4*CQ@ygLQ$IcnSnq!j9<Ru11rj9w$Ml$AxK!p`HkI
z+A(OKIxH@C^l-9|j;p;Marx14rB_4j@d;%)@lC67RzU{KhH+pz%Gsg1Wnsw0SB0vS
zcFgLg3DqPq$TQkP5lB14D$1dL<MSp}RwQc~{)izF&P|7e^-hJ%=#a49>mg&`;=W!`
z0!;T7-x9`or!ABT#1PMn2*v%vkl+kp9~7)PGh}S$1Ee@Cy7LEx#a_QEt>lb%2v3If
z!7xvtH|WA<hm44n0GZL_m#0_71z)|&Dx#q(Al~QM)}cV39a7-(VBeWn*$Y3^#lyJh
zN@eRBY&<h$L>KGhgq!I^Bmm+V<~b&UqEQ%fd0wE7+A)Q-f-dnKB?O(TDO7B;L#!?W
zKTlztu>cw%j`2Fra%+O|XNC-jb&Or^3BX~%Fi-Ig72XO%E|&_`)-WalQrX@C%~}|;
zdQDjI1RkTWiHjZaW!aF`YvO9J#sv3vKcT$mNqq@5z%X5eaAfbw{aX!ma681>9Zj$h
z&8zIj1v{~6W8js|2)~>iQV?drRy3~)=~*MfACTXA;)A&ezH(HI2GCeLq;Nv9qG6mT
z`CvucAq7T<LG&Cv>V8#NdNbs5r-RvO##n<d)P=%0Ps<O*oC-r$(}gu(zsBw|Y;_ES
zh~YN`n9dFvP#y>O!x8+UyBDlS)G~Bm6_(r#S$%k1?$v8b)5SGkjSGR&VVKaP_w-r8
znnaDIfbwK~9PCLmq;Mkzi_(lsQWnPb`Q{3SB~aU*l!XCohYSeL3@Bd!SDG$ruq{#A
z&|6fv=j;$GKCx36wlaY(T-d;)7KRx6F<iBHQw(vk6%96~8DhB)`eYauod5Jqam`ml
z3VVa7wS84VK@A2cM5Q}rT=UhCf=UEeAR-Pi1D1Y$SoHOf!o3^}PpEPp#{|<8H3c1;
zu?co3N<}#?%%HOrhFqS&XnU?-W6hK%TA(3Si0@vsKG#DmAHd|sS4GGtTS<fr?U0hA
zKd$)dRV^ykAG`CZie_k!v*mnwTyFQcMDr6lxEF7+-T-7Hg->_SOEf^&L#&<Jz_}b=
z<y~vh3|$W?m^{%KHRFuuu!+{_dYp0egxDFrELH<xTZj`?7;?#bc!3>b&mN#?g>jZ0
z(DS)4&K^J{R2RnC4G857?DtvEL?}h@99Q`zZ(K;*poJHPTr5XO<+o$3^b2YDcARC!
zkU($8S=TArcofFLnGWk^8qWtQWUbrx6_z8~s)MJy1L_oBwH|W09MM=^kFg48FgNVG
zY+NBEXWMaB`$plq!Z>@TPy?zo&gdj4m{S;MeRrt75yr)YHgc#!PIqC*<+4R{b^V$G
z7e$+OJ#Ls#@fX26)K?azBxE()Ib-p-1$xj)^#b&yG|q&Qf=y@NSKzj2y{^A60Av^7
z0CClvzAtXWYS{{5%V@$vUAz$BmxnZ(uV%>Q@<#i0J;r($Lf$FJTuoPyZPAKdk1K3L
zv}Db=wcXrCYj!=XaOOjJ(|n%w&7wVZVVqSDT8IhzKBG+rOWY1CY*sXHhX@m6XCYd)
zh?qG08Lis&kixwYP2156)rKU%=YX<Y-o@6SYok>=t_53ex`%{MylOS1^i^T$M@&rh
z78J`a46)`@NaC`uDoq(g(70mS%QF%!+hDZtuZl+PdPw1jM9bC<p|>F-3KQgV4U9?&
z<aJ?K;bw}~?c|x;0X_4)Sq~}PCLua%#;sIO6nZTUGQJRClEXL;3J{WL?2y9AiRSI(
z1(C5X;Z>_4h5d<^?G%&7*ddITtr>DDF{4#GdA_BPihwU#4_Un?E_ehB(yxijy&7Vj
zVr{f(r`5QE{ud3~*>j)*=Z-I553zC&b_0e%6X2&N+O+E-1$8IdwCiyN^#n0>Oz8y`
z0KO^>xm<Rfbo(0XI73V{jPn8%NVSVYyhVscZSVv0b&5vq>_y&?Z4f3}4JnAbXw%Lf
zex{8!?Rp3*J0M~*1&6R|A<?LvBYK!|XEbWpLkd?&jI7RHq^pf4?RrSz1jBa3Labg@
zFo>dYyR2@vOSvEI+VzmannvSxJ+81|(YRe=r5Cnf(YQsR%wdLT*P0=h92{-h#S0um
ztHe5)A*<H}249aUoV#e$nsLS~2>4RG57!N4_26T+Lq-&7LG(N{k`d<XqCLBQmGzEx
z(VksAe($0w3nYN|RY9<<hgfeW+6)!OSydGITw&bmj=x~OE?TndA*Cq;zpuwxe($0s
zyB=q?+AdnM>v8td4Ib#{@KSiI7OYt_#2(o$ShHr_Dj41cQ`QW!s2vm?2;)3_8^8#q
zAs4KV`fP<UD_sZi+%U+~VY*<xnjr;#4kj#|FPF;pB}WA7)eJEaSL9`dVV(*T!Xbqr
zmkSVVR`Z(m0tAB<J{%`>)P-=X8B+M_xZbNb*_#3l#tW~rdJL)_gmF+DxTp!{su^O{
zUi1wM<6QX=ELAhax~D>9$d0pt!Y-Jq@KHGyM;EMAJLGZ?gN16wSmm$_CaM{iA}ps!
zei!UhGf12hFt$`M2OAaTWxRzCHmV(R`RTzvHDe0rCK#z^T!9~gkqQ@_qln>0r6H@&
z3ah?;jkP|J>s}aV!?@_?R2XNixDF5(%<Em~XvI?)QrPTZs+w07PFgTk&A7r18|+m$
z5FM2T<?c&EE>||#spd6>4G+eu8CO`@V62*P)|VE-ni%J~UAkbZ+98*pA8b`Krob4%
zRyE@a*L5&h&A7Gr4c00gqz)K9L{{yP0#^i!)x65;x~O_n7*|juLNpe&N<CFCL}Trc
z)v|`AU%#fXtifzG;|g36Y*#a`z|_Hbwc|n!q8w@51q0R$Tkle^UhSYzTp&jhBWt-d
z%%CE>V8Oye?bwTenwExKu52(~&1(wES+HR3I0NVl;c`2!uv5X7HSa6vwZWh@<E#(9
z3kIznX8=Yhj#L<DZ5bf4O5+TM6)jT>;|lU6n6~EoOn5P11Pa5@qi>$Z5XjZ*HJG=E
zCwS*7ShjY^<?aX5){Y4sLb?U{8K>!jX=}z6#78h~?Kp$7?1Fu3##z^Y7mQppu5d{O
zL)VV8yC1AwGtNd}0&b!(&RVj;;<fKv%ZHFKX@{-k15&9=gG>?{$^?XQUfxI_tX(_g
zV(Ss`D2y=*c^{&;=2bSB(+88+jI*k5z=#yanMB5r(__b3JFgEBTr;l?ZK42nX`Dgi
zqr_-ooaK-{+P&*tunH$C)s^07I3(J>>(^NYFhFNOE`$lOXTJLCoX8xmhCGq^cX#(M
zUcI<~ajr7)r{Ded_P2NMzP<nM2AbRS)mNYHKi<9g{@IuR@vq2R{`1}a%{O=7zIpe{
z&;Gyv=l}ie=FO{Le)g}!?~cFw@awzp-u$os{_*Y)|Ng)I@#Vk&`Q`HJv;X)Ne)R%5
z)OVl%^~HzJU%z>KfA{gz&E2P$zx)rs{`$B7_#eW6zkc!8?>~Hx&$#*P_ix{Q`r@y@
z{4D<D3;a7gzWwYb4!QsHFF*U!?|y%C|Ni~kKfk%ZLBi*u`Ml}=mz&ogUwnV}m-iq4
zd;>q^XL#kuSFgYL`Zxb5FU0@*<!9gB-+%bx_VzERHSm`%Rv3U|WVt=Iw{815MtuJ1
zZ}0A3{Ppv9pZ*T>#SeM&r_;~geLBQ%I=p=U{q37S-2w}6s}rFe$IFjzKHR@~|L!JC
z{NkJUKivQFvmbtV^XiMH`R3K}<?+Smui97R=S_3>`tu|H^ZD}4*nBg-XotJy8=dY$
z_L&#+;SZRw!-QYrpI`j`<NH@XyuADP)j$3Iw>SUv-TP1XY5tq#a2&t9y%_Q={^CF1
z{SB-0>eE-h`1|zt(}QPU-iA-kNRZXbp8P1Hu(jny1V6|seu*(({0^D;umAR&7x#Bx
z!9g>8e#FkUe{9Atn(2$C{rot8aXfx`yBZ1J!B2k;?!3R-^3!Z&_S5$t{|Juy>bv{z
z-?kq<-TYT@XxK_@F&O>+#gwLvzm=gs`J%n}@Vnpn%l7^E;aG%mU;O6%%OAeKdw2iO
zzuCidw~xHhuU?)$_`?q$-^LU6>gDa-+q>{>pRm^rzWCM4FJ8a@`27o<j~5?4ynXZX
zML0HrXTjX~<Ncfaw|8H~^ZTo}_vs&R--Pq{#oHI}zWwEAfBpQ`-Rl=WyuJVItFQm@
z*EdKcA8tOs`8Db}e0=}*=2!1t-Qalq*EeAYLuH5euW$bK%}0F1r%yM(dWjkhpKgBt
z{tdq8=70XT|MBZz{r+En_51(%-~M~}&HekAc)=e&+`WABT0Sdn^V>IHrGLZ^x;=j+
z{`E4j-usW~JO6O^f9nUwgBA|f>BsSp;m4<+;NP##l4H*+E`C-xzwr^oA9ncmBwW9G
zcJoO8dAt{$Zxq~5zx?bk;l9AX<i626>wICU<oiWQ^8Nj@+jvH?^FbE;;x}IeL2^VI
zP%|Ph9c0L7$Kz)h23b=XA&31JR3_jpzxv_+yZ0Y|fq$tq4gW?3k^ge{@;?0YkAate
z@#DDk{{jt(P4Tam@F~jV$XfmN<K63L$578?d=~DR^q-q?fDLu?`X)Yub$ASU{NX=0
z@6t2WU>)EOym;2aiwHaL;u#>AL-3x5|LAYSzi|k||76cnjz#_q^CH*$a$JvwC52}J
z%X{&@@Y~?<T)i)N($>!gER%T_P{H|cK?mwjT|NU9QPs-FAxkyZrO%(?TZRxyT|I-{
zW1h{y#jzT<gra$u&&FfW+gHz`*J<^v4I%o~Gni!N*$_hXt8pWA&h@hifra(6Idn-_
z{dTduF~!W&%W+d|w7q&3upF!RO<*kZETn+0$3?)?>V5D+m~rsCm}g6fK3)EH#txfj
zAw6zA4yJ>7785sC?~B;()w3Za9Il>41kvglEO#?*4shz#IMkh3KU<DL)xR8vbQJTx
zB?Lm(<AQCperC=z+6asxEoL>xv_3}|2cLi$x0rJYV;6qj%lE;yHRlL+Y{+H2m=}g?
zfLE=a^&#f6dWQD8=9xL?XhkrGw1w4gmk^b>e1>FQ^FCZB=KGLPXWoZQ8T-Bn@?XsX
zYuL;?n)A`4<(Ylo96Zyj_bujppx~Z4AE?x3&Ii&f%=zfs-kcA#K{V$Bm7ha0(&e`R
z(`&vD01`tlDsir5VvlI~T88x@QG7i|7r-s6c@d3T%QX}jUdwwx7)SUM*1w&M%nrpw
zR&pGNEqJRgejDzJkRl)cbG{pKZx!ZP-@o`4lu)?*EufP}1S&7yhi4(vas4b7rO)TZ
zxDdNokLxX8^|5r(>bEGJY<?RH)vU%X=AP-HaG8BWCctW~fcXr_+|~CDT>y7p&N1}s
zHN|i3{foknMs|X<kWIOI-)wmUwU^8~k0A+t_1iH(($~*I(0Tm~yJ?=qidJEu@&?dS
z_Flja**!u-F0&tK%VnOSxRP1>Ddsz0&Wj8|v-UWu_Sq1yMyuaO0PgD96f%xh&m!Dx
z^$g*W^|<+H_h^niZZCg3$NF=tXZ9}ZQTNR32R_B@$2{3RnrC}&%_u6i{$?b8nzaWA
z-#%+YHI>V6UV`^}{cNzZc!~ACR=-6bIP=@t?$NRsxr<_SW{+@G1Ek_&4rtG2kA`DR
zcU+C@jV=nU)5utu8b;qhpU43GT)i(A<+*%@LKy3{N6^vi5yZ>dhCpYB5R6>SfuF9|
z9wv#|Bb0Yr%XYkPHhTn4GdeZ8-kUu_zbd0Qp&XyxqhRH%zZp`(J{tmL?Q*Tq<lH`+
zj4m)BD|~%E1{^K3AAow<XI3wUgs^)A)yJ%TFq+oij4d+z0aedF!@)Ga1(UCz!JWT8
zA49M(&A86!b?6FY_o$C$3NP0gm&!`k0kdfA&~Vz;a_EQxGUlufXlZ1>5BWUin`fgZ
z!qPCh@_++pehcQc&jQAC#Y02P)xD&5z-ch!#sE`Yjf?pC)w3C>nf18E*Z~889A+=!
zvN7udF>aqBO1qu|m67c;T<B(;wSUn*Hz33>>3}#e&!z~XyBr7A(T*#~Q(QfETyOM}
zVH!i-h1DGBzhR!CM}>J7suiw&3lV0Yg^~;Fajm5TC93Q=lvOsrMXv_)Y_fFBv!!ER
zEFDWMx^=k*FxAW)OKj$|8rNAmV4B+BqM+USn{l-4GdK{;xW&)`b<)s*oizI~9${Rq
z-Un%5_G3KSJ77E_E^dB18am)wGISto%g`~Rc9nTwaGkE_fURqvb(Rh!wA*om*^jXq
zEgh&jYkzC?_7UJFGY)V+`wRe^H68G7+Gnt?%s2=@^K7(qw3DR+X$khXK&r3b2l%yp
z213j@qz#y7u!_wydvAqWGj`l$=|J^OI}RNb*K<Jiw$I?KHsb<j{8GM*aGTj@v9j>R
z`31Da?gvyj``g*lfo^(cTu?mM-x8EK^DGv#x%?I^sU2thf2bGGt!?6P?}r4Q{C!8P
zp4~UVi`VxXJon~4ht+6o&Jl?CwO)tnLdMrJLU5RIIE40D$WFTWW+bI`MxPu}RM?J-
zd7(MI_$}%wn)g{>^N8F=GY-CH`z(~UU47qVeTU=JSvsaz(Bbm?CTqJOqsiDVh=^D^
zrp4~Z9O3$xbIh@V-0GS2k3$8q`vKF`&^yPf(yRAbf9DvhbB1AO-vhkpmJZZlHFJPZ
z?X%YI2LeNOT&($iIWNp<JI?y_N4UN1xR^$D@ji6GF?2xNFmy~X%hvBht#CsJSk2G@
zRnP3lgxXJQ{dt1wZJ*6Rp@mOAuRU6w02j4>7K<yc#sNfT#=+n+&tSZmXZGHLdTQh(
zio_aQ64i2zEs4`>?0sm@#&3ppaK>*2uSKZ9dPy5Rp7t3G5Hk+Sym<!2*gT6liK{sl
zO9xU>&2N#aV|W8OBK8>?f2`+4#RvN=6bV_;3m>w5HXECGLg2;l2Fx<U2ly2GEVi+@
zTmv|f*S6IJ)y(iqKN`OUzS!8r5S_+vG4-K<_=?^k)`GqK7KEA1+GF|bvse^s_1oU~
z(NPfAo+GHmX8jOGG;4(_2!&_swMWp|$c=D!uYJ;}Rc!s};Yu-k4n^Cn6>1-t{eZ$|
z$Hj6>m+OLyf325HxJ2!<*`8GlGiwjwY4{%C3HvORu2}8)6f#!U&)_gI&)}>#&th+Z
zOWG!MpD^R#kX=6mY4%w`p3Vh%3iqk~ZEyS*NVZ$+aLDks{wv%7_N>mcJ*#lTnR&4t
z_E{*?vszPBMYqoo@G;{MJTcFpQJQCy@xx7ML14$l>fjf9grzrhpme991L}~W1MUbz
z2Py{`I?%Pi(18f9p#z}=LkH@T8#-o`XkOC>Z-k`-1uN~iSf}oC4N~Ez)w9vkf$*h$
zUrg>_{dTc*AQ#d67AZjXSsN0EFW-lVw|xdrx*3N6mw7gsdm7!I%{>iG-sn;Y*%)04
z&(`-ZWGtLFm-7aBy1tX4)mi^3ymj`Q;oe=#4IFc$ugwrwYZ(jG+r%Z|`Z9VQx>T%n
z0R(!Dt{lF3&8P4L4d!0O`wHu4eWfTUVR;hfwAnX=^H#Ls`;4zXe9PJ&dqjyngI&O_
zZ*0>Uf${ad0FSTbmmZhd<^F<$&@;e1TP$B8G-iHlabyUzg`D^m-y=A&`aZ0|us%nD
z-u1nY$XLwWzC1^O$gS_o88*B9zR}<#Fs+pb!)*BqY;VqLa1>tB20Bb^Cw%johmh)S
z{RcCA0ITzctP|_Io=1xZLGKbPo8XWz{D*M7rDL{y58wKVPw_3wn%9E$vDQmKTWp$?
z?-2%B-zzKwqXWasWpp2)uZ(?!FtOcpD8^>bCj?&Bd$bsRBYfZ5R>N%>`e3ej7i~%n
zKLawh;sfM-prE?>?PByWSaj=i9=wwwF*jeo@N6Ad!`cJvayc%1^O|?D@P#|7pmU+*
zi}8IS!e?bMV)?7@!?%oUT{O(Qwy^=+vicviFuQ(G8O)i+Vi|shzr>6KPZ~a0;2^(T
zD@0r^h7`}%YY*B$@a1m<9c$SMPlok<;eG3U!@RL4-{t-;)-M2!+N?c(wD!G*dDpfY
z1e5iV!Q-*sH++lr|IH9$c1^9#zCg!Zj|<{pz4izd{r`pCPs^pbamL~Oe2U&=J?);E
z?tZ}-GWG<#3OLJ<g%>s$LJX5xgnas3^#)=;_wPW?ve0=Xm84SrxvP}B5pDS=Y7pMv
zJa$ih<e7`j?t8Ia9O;!;fV#y`zJ2@>-wi0|$^-uuQGV_N?{wCl7J1rOw02JB{MS<M
zopN(qpVlEi;<vc%yfTMNF!!{OTx`xa7t-u!<7@o#?SBh_J@zT@WbRP3VA|fD>(BY#
zJXY`gNa2V*?R)WOzrjkbJSE1XgE-Q;L*F#(e}fnJ<mm4?Ld$)Q=7c=wM!7Fm18wEA
zJ?;=b|9d=G90iAOW5>Rib19mfJ5QOZt`P`d&ZQC$;fpIT`%3ou>H=?4spsy&16jz=
zxe<QFM2p&2MsPc3EC;I0_ue1OeC|oW!)-^wU)~>2_e`^Xix;@}Ucv(|^T;~OHfwp-
zR_^#W0IbnLAZu03+_{18mUg-FH{HMasaYSvRw$~~Gfn-=_*^Na*;(l$`}93)XV(1q
zw=x#o_OhdQ%x@jDa8&jS@jQLVnJH%WjlLV6(s#4RKYO=z$Kny8@Y(Xdpv5+z-0t0T
z^IhG-?e_kr<8$3U*N3dgS?>zY`mDJts<gy8frqL`ym35ceZMrm;Pl3B<O8TIK1b5<
z)U}_x3=h@^4@J@VG|gi5D@XNLJu{pX*)NV@_QBWU;GuFW|Gegzy+Ii*t$rVN&)Tb>
zAP6cqUg&@H_UHnq%kTc9WUelHD3q0nG@s&aeXn<(7+=mMM|xyCheX@O2jIs0xH>vo
z?szm8>vO-Lao&XX{>1a&pBe4$DV~QcL33zIi(N*UivJ3)c5X(Jb9sI2{e~9bD?ozD
z?N}^PY0*{uH@XU1)(tJb5j4^0^y?|y(B2>LeDahepY@fHL_yvEev+?PT4V_YX7}^)
zbp1$_p~Uy~`~KAZj4!!!+6AYN7MwmBVV5z#ST_=8&N*!@Iwo3t=4ip`qXnmr7Mwm>
zaQbM$>7xawkM{mn=#y7W$ysxTM)HdMHGbuf!k4S7D645E%fIjMb*?#s-@jNlG0p5N
zG0oB-#PYphXN-mSHSJ>iQ5>URp$V$*e_acuT}_~w8~rMKgMJmh5T~VmU7w(_yp^Xu
zm;b)VH?<lYpSg8gJ3z!Hwt-BodqHyMCX_JpUOUe9w2SS0nP2OVKub&$&Ee1YSky}s
z(~KM!)6AH;EVCYbg46EYbt|)vFROQQ^aZoSvI_1RE%!89{PJkfR+-zE)r+-@eub8N
zAxcj8a&En~<IO{+$g^LY>V>Qm&<pSBR~hpKhMwOume^ouvMJIo{y*)ick*6sA2;T`
z;{_K4G1|xSKp)95MvD!0(XI7Spv4A5`?O~ZE&Bb@mVXjAV|U*?;`0EN?AbTu@ZOW0
zv%dOG?j~Ad?`ZEOtN;G4Fuv+T#<J&#S1LIs_r2A}nSLb4tPyo6GV#)dcK>-McXj16
z#n;A0YwYvfdZU-znD>ryEtp)!_jxffXToN0a9uCX2w?W(#um{kuaGvLqFrKMXy31`
zizcYFV-^k=K3mJTjho(lm(S8&;tRh%BCohCv+sr8*H<9$6nh^nab2_*Yc3sj_c-q5
zoGbUxeZaF4zSx!d9%FpvhAgk;3#G39A-r0B1M1=Z{j<M6N1m_L@vc$tY3*{h&>&y)
z-><pzM67qrl+KT<Q=_#`f{0RljL;jquLK)Sc*jEBSlRA<zn&wyUieJcD=jfsV^(M)
z{U#?#yTsW=Sdx>3#(BNpGq>3<);xCO@gO#$Ra+ZJ9}*MN$BQ#fcMSiO63BdifX>VJ
z0Ea{4=~@~+F=J8WZ|1A0dUNcE*!6ip(SF|lx-3bF^n0%cJ@rYVsryCfF6)7%*&Co`
z;T3f<^Pne&FE6m?^xgFd-aLAyId392r1oVj0Jq@*KV0U)j4F*&W_hJlMAjUDt#eai
zcK-`lm9c=jgjZZ{`5t%9^sBaeay@K~#CEVW@hH*87i;eLc6=|^oO(KA@jZ{rX1>9P
znMCqL(2|pm#uc~Uv+c7d-)hqVJyp-4qGxU(q)QXr$^GW~U0*Yg0$0+E4{iNY)+ktw
zTaVQVDPa_>es5zo`u#qBxGVC%ymG~F{K$VTdin@od@eZ`H@@BDwqNYp>tpQziB<7$
zpw)I^)powZrn}}~U+Y`<J%E~>8$W;6h<kU>mTcmkoA1?UF4t)N#m9qPHzsy!nn2CP
z-;P$jlNz=<p?39e2%D}=e8{}WY@b_fg?6c(g;p8y$rc~}*;cV7Z@#-H&!vz%&-c1U
zw5jZSb!W0huIZfB>O(4uahU8r;IEs#VII+GZp?dEd~~a>um1Yjcn@0icC?(M3#)Zc
zQp4sBFuulJjAhTSqsqay^JSm!9WT5UAKn$|>3>^8!>zjhF#S^Ep8axO)t^n<s2qZ0
z?D$d_=d6Ir5~^AD3soiGdx35I$gMa3y(mQIp@QAC0}4;>KUy%tSEcC1f4`5;^$Fy?
zW3Em2N$Nw}H7?1=vvEJ-%H_Cg#K%1}W3G?(@Hx3F#CpRQZs3fMC@!tOb*}%)1A1)#
zn>_39M5Fc&aP`FhOvz6E77<pR!S^<1s1Ja+C;wQX?=P%8Y{^fTn3Z;fSZTW+cU=b0
zV0?RKcsHtNLk;&1pq@q-kb=<hRfl7;M{h^ly~`V$xbBT_<q#2@925L|p>s(th#ab{
z!_d^QLaR=ASe*HuF-MOuJ{>>T$RUsaKp#NS&vs~^H|C1=;;hO~$sUrQk~7FvHDgiy
zDmV(X#LCeU6Gm(86R@S-r#IjD8K7QQPTu$S?m_#qdl#*K%u^%wOuq+2ho|qsz|bW3
zg;u}g1!&r?wN!9<^-1pg)cj$jMEBt_5<JOR8mr`4iml5*8F_FH#e7dWx4Bmt74>}?
z-p=>NyfV?1$2G8HmL9+R@0?H_OZZ|e!PlV)_&ocd^2dI=v8+D~Ew<2oZ)FaefW@;9
z2)P&giV-&RHI~Ez2^^98=l9SASf8}(V|81!;PucP|NJ+2J?%L5(yn;~{MqZDyz#Bi
z$h99kMIY6H@8atCf)V!LV1$8|f)Pf;{GG=!;YmCA_|h2I!7d0hB}d}=hz)_bx-!xa
ztDmAJhy4D!Jf#%J{<yKM4uV#EiSMmlp^xMmDQ=ruDrh+K<Q1BYRoeQSj5&2|ZhUJq
zaWvP~(8uPq>Nm9~&{F3FO+ku`k8u#%`}3d=9f_&dwS*&^vv6*Ky}NH7tA|mWs7~9j
zVs)k6tMWIL|HEF|F3EvLQ_U>xlE0u`@)ywR<5vE3$81YRW}9!Y1~<3Wiygr4b0;%(
z6LXN+9NUVOw|1?u2tMt6`FF!VwMD`|x_AEzO}yW8+`>~=#oW_}TG~7Q=DV>hw`%eY
z9KqB*KMB#j=BQ>KAUiV_|E-?GwC{by=iC2sf<Ad*ZnTCc?dGw11V;U8?Kfk2p+`7w
z^F1O*QKx4g@376Rkqe~%B@mwfHD-aAC(ZbHL6>&OhbQgC-`Y56D!-+j;;EsfW{v+A
zv-lm?|BQuqDD|$7wmOoz1*hePN{y(43&an{+A8k>^|KH7WWr}SfVCl9=ZRsc`Q3e5
zpZ;AbId70#k<Vx=?>V%fIiI{Y-}tiyW>ZH=zx9Vf*sNWlU9m@Awu&v}6|40X=zu`j
z@iD<xU%N7{%V*zvK?Bx!e$V)15iQL&*fkQGjf_BBo!Xcii!r|4_Z%q6gQN<ih9nw`
zE8~N*2`x3w{rB_APBh7k`R~`*q0&0yKj1Oi`^bDh@BMaji{1pG86TtXy`VMz3$e5I
z3@!&_jg}l3wB*2`B?ksg7V7ea4xIf$2TnVN+3Xj53EqOq`NPTsP@LYsP|b;3fg>#j
zoVr#Y032Cl6WZQ0fIZO}4i>cWBj#o5>Fc-H9u`jg7Wd%E%63_<>u2DZi{Be9@(PV7
zWY@@_vmRW1Sq}poS#on*eZ$Fb{Fm2u|7$G8ansDA4>_sPJ0XRl!>Q@MvV`i*Y})z$
zKw~RyWrX#O4tG**Z4Kr*r7+)%E?_J=PCHf4LaVPHYOXR?h$`Pxk2dq=SDrODx75bC
zdF;LdRg2$;=~BH|>4fO~XX1p<-13?4=f;?&mv!A<<lrCvW%llkdHdkDNPQ6V;B;Hw
z!#xbIpkrUmmot3&)$YYP=W5OxeX0LhnTf^f9x8YBMB!R6@aLFsZhN1D4mPgld%^5L
zbH(mfEw}QSlP7$Eg<ajzwpzYiWs&ul-1v5HfHpSX?Ry(1hCqv5i<Y_-XcXutuh1lx
zm$rBnV@^#m<6|g4|I4+Mnna5A0XaO|q0yE@<G~ND_Ow&9{Tg55YB!dhhYCWevuG?Y
z_UR=|W-ReV`fu_jkGA{oo-$i`U@WO)&2f`DEcd<OMnqz=CofdFYYEjC{S<9=hJ!fl
z{c&SizbJ@nYCCYh@SqN_gh-<^TpC8(c_btMt-N>3L~fw%J!2m6E8m#+?&g|HZAkNA
zH0@aIqKx?r@3gzOsGq)|ADB!l6PX&->%_9=zc;?c@vs&Yo=G1H&4!lxW}JEq`LqiL
zT)W^^@HBqlLpASxbl%SBG`<%*fCnIY-N7uwQ;>v}2M5a?8Oys7Tl~hd{R*xME-nw6
zn@ihm?3f0;zQd~^8U5vl3sP+#u8NNN-b8-vmmA;i=i3Ik2T6#PFWipxaf1tN96~!U
zNIm;SYaZIEgl+eE^@EF6to?Rl-ZcUrX9}d>;3JGgvE8(*fBc?2*t?8ZIdYQcb?;SG
z4H!PpKFlLNH)Doef3{;yS6BAEwT1NIm7wQ;(K!D@3$8%BVkW?bS3a}A;#)$4{@6ZV
z==W6b>i2?t!~2`>%IA03|Lo^?7kB3NLcjN#NM)E(8*}zm$cxYD`dxjEdpEcnV~HOQ
zP4%qh3wvSK7a~7(>5jJN?JD@Kf9=MyXVu4eZ_@9JeJVXFcLe}o)>0YB(u(bY*?zIU
zspWIyTN}})kFJ6T959*33;EYr(RXg-9Sd5qJyguD$AN5~{o;LcJ#Nfv!`>}jo~jF$
zb9u#apM4l#>H(nDS5Ko^9Z9=jqb{_w{yMbAdU-KB7WnKLGYF~E@Eo)GTFj+^R8Bkn
zQv09n(2CE#Bhz+`+0aT>r}4e!v@+S(7IMK;h;}U0lE@cu$2lK(kop!Js=@wJoAOqG
zenrdE@AoTTw97kFXtCAMlH-n+H%5f%Y73nhTHQ>R*XpePTN@i~?LmBz5b>Pbg<Vz`
zpu$lQp6&F}yd7l+cVB6jw=U6ALl;fexbzYI;E=V^4~XLR)oaI*x!=14q|mC<aG7WS
zaStWl<Cf0;Lwm9RRJD8ddpuox>%u}SW6dMAQ+bwv{GZ=L>s<jIwqwyQ^}^8vt@FKN
z%OC<{&v>#aeh^nwVnB!8U%ie-7(3u|bL@nU8#`u(E>E>9rczd5_knscE5|>7mwMq8
zxXK|Y?(PHn<gABC<;(S5zl8`(YYtpWP4+2Wbowy9`go)X#}6kOwReF37DK@87{AoH
zBBx(-ODy5$v3XBIe75iID<Ox>&ATnrhw5Q3<Qk)-|K%OtJ{+StZ@yP74i~`ctlFg}
zn<!IivY|DvO*Crlg^N(F&X0eJ2tCJqyxRMm1PfO3zPI)&nuzW5duU#Y3$6Kxr1N4C
z{WtF#p}mmB(mEnHxT;DMOx>|aKaV`%j(tJf@loNDqkX(u{qNFsqf1??;PC!XTHW{j
z%54|y+jj@wO}o}u)s6sM9uS?SHHIcDA^rp2u$`|yVw<9+=9Fj|sPv9S*kE*vQ}0)|
zIG)C4=PIav(066@TN~`21In6<1!lh#H|%?<>3NaB?jeEBnHv;d<t}X~aszG8)|n9N
zE4a{m?sGT5>QefxPtZFx>(9}y`M<m%!8^(w39l{`v;1RP<?i;++}%z>^la{poP{eT
zy8B)go0VaA`v!9&g)Kf>$k6y5S)s8dU*wZWS5sx{xu2n%f_nuQXnuw7<!*fO?hQB>
z&G^{|T634a*y7=fD`4+I5RAximh<Z4`e;4`Eo}Ww79+Lu(Et^8%ntCJef*0pdAwSG
z_PI(UC#5kj@AX@`Cdw3DPxk)y;lHVqil##F&I70@JcTRB8j(%m0r0}=f23*j2w};}
z1L64DYxnX`^a!qk?t70kXDosuU60hNJKpa+z&wiIRi?arR@Y$qU<}#_%Ts5jwB})`
zhEiT}gtU*=5R&ne`_h%XcM9hVH^p;&w@ueRIv%Xwf^yLOBj4+oh3Kab{l3_{r;I+w
zqFwxJQe>0IVl1gM3;u!${a*JFr7Jv@nwB-vEbWNc)q$xw-MfTN#^S*3oy=nIJp;;=
zGpJluX|)kA<T^aXzubd(l|ESU^$kOoMZc0))cY5-F}wmLp0SWZsh5k!7}|Ba#}-1X
z@5^f#J#SnE;XU71X#nZlN9z^fpH2R3hgZ=LXmza%;fa>YP9i6A7p^oi7Ou4IXjsp&
z5Mg-}7){61&YMFk>r}y2<S6YL!{A-Z`hsf2m#b84&KuWj&L#CezD;iq1*ae+5?+~Y
z^sBGuW!!m48JPWNEpw)C-ImV+`7e0&!uKUw78!P>ac94Xs-@2HLA&E?Vd6xGqje@G
z2lWtNizg!z>yT>M_5D=51<%dun930N;FG7vmz9ZNX|+>$q}ON8JCxe~XaFnEKCUY9
z;v>-F>mx{FTcL5-?e`=bl@>kLe^Y-052AP8d}EV%9lLuHqG8Xfh)wssTd(b!zjZlc
zna7KoQ*MRsD;V&--$0{c8=$R^5f4)5M2RSfl_#HBDS20c^CfScqvicowB}n~+5NpQ
zQG&M+3XDHOTJQ4y%4#hB>c+fx4_a-5dr~FxREkN~jjN^Yk{{3NAvnUn#B4wkg7byI
zZLEj|w(&RZdS9aLJ!mX1^aF91nHy*$=kRmP*T=R)lNi12F0fJB=KC2->PK9^>#O1{
zZcIefVB_Z;-1VEC+b4J4=e!Z=zfe@qF&kfM8{SA(-(c+LZQlD{{7owKR6eWE8ku;`
zrRP`x16p@W26Sbe<C}G3IA%Q<W?45i2c{h!1Y={q!R8%Ts)K+A%)U1dQH;z@k(AI9
z0|HL0?Z?a7`_fSIJ?|-v4D-F#^SF}pvk$b3ubz|ICHfrm@nC)H0;G9k-S>)3@yc2J
z-cDBU0Iv1y7c~d6U%*96Ydr75`_W%uH0QtOOH%H9nTW$H0Eb{4F7<2wix&GFtu@(9
zH!&||7lIw+-H3naps>3S?){_P2h4@oI4q&nhj>teze4L>cJCDpue3`%08bOcJ^m%W
z1w9#i(2{q|LJ6xE^ESmUbK|YOWh~jJ#*#Od7*P`1pZkFOK-Hws8fUuqkJ_%b-@Sjd
zdr}5v_9+Wu{XWJLyG-dUk;LctZXO%g<xvRl?|ZT1Wd`MJvB0uVL8#(KI`{p^4N63@
zreGPl7kF~_j`H8&g3LE^&D@fQaZe#e7xlg9SKuJg+wI8QJzyTWdoHaqXTjDet-j5-
z7rsr%^XMBq0Oi$j=DFrqkuCcG57utvEh#=$h^4%eq&R(eR)Ht|*)LkLAK)~xA&A}B
zwY1p8e??+em%8U1a)&|?RQ>^^kIcrG)JHlVtlT)*`m67)Kk=$>MCT$&Vk647-?5y<
z9^D&lzjvkYc262#^h5*6yX)6S_Y2_M@I|}$O3@k%v@;f~ds%Y3uh5$RrX0`m;35fY
zH{Lwf&mhp|w|fl}N|Ozhb`UzDeW{EUbZxuV6muiT?<0@2`<X79vro;QdkYUzqvz(k
zdc?iFvbG<~xqcel>m4ezJ@<nDCN_)KcUwTv;>$%_JI_3F@86hLw-60&jV<5nzIst-
z_TDVc`qFJPH@fZc8R+4Kd{O_Z?Ow<iw)6CRFUYL!eJKseTf8`DbODND_8LWO`ryHn
zc)WYpg;d%L`NE|TnJoq$J@G{z5KUlxD2EP<Z-n-;dxH{IKaKD0-KZQuV(Ms;IG*#p
zvH?35wCM6^u|tox_m+9Y#xZ8_#%I6x;@bM)eJ?R}G!gXYf6;;qM|<0`TvT%PShT#y
zhn757v={R&u0=a2mgo5JAhPb}ySDRt8b;<O9$#8&K<M|ye3@#)=PS>!vJNfpqM)ht
zH1i-4SH|9$SKp9^k=W;bZ}kl{;J0TVXo)GIC2obrTHF5`;GBI);K`}Eaun_Ns;T6A
z$psZg1W13jyZP=pKd<~^t@In&i5A(37JU*e@foz_ZVIoajvSg0^>fT<9QdIbOlSar
zp~cVOd+{@%rJnTB)^@?u;82c#YlC?JIrS*+d))_I=9w=QZr1I>zdIH*j`W?cWS+Sz
zv`alfwCH+hqDuK*;%eHZMijmTGlmDT&sngkM|R&^e-5i6^`+2KPY^BmShVPRXn9{3
zP4TClFJI)?F4_e*0<<382Tl6Yeh=U$YuUOfmrAj^8D7PIMWKE%U*Mk6bBu+U%~%)~
zp(U5ce`8yrMfX9AZAEDhmJ=;CAkc#4L=&{x@!3|TrM`gw=FJ?m*zsstOS~^W5uX?1
zVB<<^$oNtd@XGOY%$z9MYoK(Qo0_PlrG}M0Am(>0bhy&uhx6aWlyn-r4_a^@Xuvbm
zuaNcPOSBWDO1s1j@V@Z{eBKy=q=dxeu8;M@p#=+u#z4wgf|+oElF-}kvP(m&EWQNb
zmE*kf>!;C2>~6H+7}0`bL`x0_q*`!aN87uChU7+n&f|ExwuVfU$oBhQ?kyHh?kz6R
z@`|r7ycbjopNqxOF9Gu$Gg{(8G={{5(11<%zf8{3Qis5QqhDS1ro{;!uXfE9zhdO1
zUrQHS>J;f$fx@&)tt;)mMlS{si!2eLk3Pg)$Q?!e<&J`qi5><F5j_kzAa{yw-?PsL
z6~6TCV34-dl)(Gqk??u_42*^N!tZ;#Mrbc&STT#*r6vMe>O`Z(_X=(XJh*GwIzZaR
zSA~`uM`)>0h6Z_)K9au=^bmgpTJXDQwIv}wH>RYWthi^tXMyd0x%Jris>I0Tso(dy
zuY`rB5AA}@lQ9)L4=uTemszzk5$(kpr1I}Q?NF~z(0_wXfkKIGg%->Nnk2C&|ImVu
zMWbY<9i;S=2JR>e^+`KEuZ%Dh4zXvu>tk_lXu(t}fTOU>{1;3scBpG+^;rMSJA3bC
z^Y#un7r^pfj#GTYJbkOT-`sY6v6;}xnB&hjmb~vmN+vJsXweU#EjA_sXk`Qbt>0gM
z{^MW%{ZBuC^Xp%K`1W7^^51{@z#{nk;oCp_^{>Bt(Cot>K79N8|M>G?KbZQ5KYa7;
z?|=8<Uw;h)^6__He`NXo_~X~#zWwywryqafgZ;-}z5Vp|`M2MH_nZH}#lL;?o8Nr%
hpTGR^=U@Ko=Rf`V8-?t?e)r{@fB1)={`sH2`5&`7fhzz2

diff --git a/doc/rfc5415.txt b/doc/rfc5415.txt
new file mode 100644
index 00000000..fcb71d8d
--- /dev/null
+++ b/doc/rfc5415.txt
@@ -0,0 +1,8683 @@
+
+
+
+
+
+
+Network Working Group                                    P. Calhoun, Ed.
+Request for Comments: 5415                           Cisco Systems, Inc.
+Category: Standards Track                             M. Montemurro, Ed.
+                                                      Research In Motion
+                                                         D. Stanley, Ed.
+                                                          Aruba Networks
+                                                              March 2009
+
+
+      Control And Provisioning of Wireless Access Points (CAPWAP)
+                         Protocol Specification
+
+Status of This Memo
+
+   This document specifies an Internet standards track protocol for the
+   Internet community, and requests discussion and suggestions for
+   improvements.  Please refer to the current edition of the "Internet
+   Official Protocol Standards" (STD 1) for the standardization state
+   and status of this protocol.  Distribution of this memo is unlimited.
+
+Copyright Notice
+
+   Copyright (c) 2009 IETF Trust and the persons identified as the
+   document authors.  All rights reserved.
+
+   This document is subject to BCP 78 and the IETF Trust's Legal
+   Provisions Relating to IETF Documents in effect on the date of
+   publication of this document (http://trustee.ietf.org/license-info).
+   Please review these documents carefully, as they describe your rights
+   and restrictions with respect to this document.
+
+   This document may contain material from IETF Documents or IETF
+   Contributions published or made publicly available before November
+   10, 2008.  The person(s) controlling the copyright in some of this
+   material may not have granted the IETF Trust the right to allow
+   modifications of such material outside the IETF Standards Process.
+   Without obtaining an adequate license from the person(s) controlling
+   the copyright in such materials, this document may not be modified
+   outside the IETF Standards Process, and derivative works of it may
+   not be created outside the IETF Standards Process, except to format
+   it for publication as an RFC or to translate it into languages other
+   than English.
+
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                     [Page 1]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+Abstract
+
+   This specification defines the Control And Provisioning of Wireless
+   Access Points (CAPWAP) Protocol, meeting the objectives defined by
+   the CAPWAP Working Group in RFC 4564.  The CAPWAP protocol is
+   designed to be flexible, allowing it to be used for a variety of
+   wireless technologies.  This document describes the base CAPWAP
+   protocol, while separate binding extensions will enable its use with
+   additional wireless technologies.
+
+Table of Contents
+
+   1. Introduction ....................................................7
+      1.1. Goals ......................................................8
+      1.2. Conventions Used in This Document ..........................9
+      1.3. Contributing Authors .......................................9
+      1.4. Terminology ...............................................10
+   2. Protocol Overview ..............................................11
+      2.1. Wireless Binding Definition ...............................12
+      2.2. CAPWAP Session Establishment Overview .....................13
+      2.3. CAPWAP State Machine Definition ...........................15
+           2.3.1. CAPWAP Protocol State Transitions ..................17
+           2.3.2. CAPWAP/DTLS Interface ..............................31
+      2.4. Use of DTLS in the CAPWAP Protocol ........................33
+           2.4.1. DTLS Handshake Processing ..........................33
+           2.4.2. DTLS Session Establishment .........................35
+           2.4.3. DTLS Error Handling ................................35
+           2.4.4. DTLS Endpoint Authentication and Authorization .....36
+   3. CAPWAP Transport ...............................................40
+      3.1. UDP Transport .............................................40
+      3.2. UDP-Lite Transport ........................................41
+      3.3. AC Discovery ..............................................41
+      3.4. Fragmentation/Reassembly ..................................42
+      3.5. MTU Discovery .............................................43
+   4. CAPWAP Packet Formats ..........................................43
+      4.1. CAPWAP Preamble ...........................................46
+      4.2. CAPWAP DTLS Header ........................................46
+      4.3. CAPWAP Header .............................................47
+      4.4. CAPWAP Data Messages ......................................50
+           4.4.1. CAPWAP Data Channel Keep-Alive .....................51
+           4.4.2. Data Payload .......................................52
+           4.4.3. Establishment of a DTLS Data Channel ...............52
+      4.5. CAPWAP Control Messages ...................................52
+           4.5.1. Control Message Format .............................53
+           4.5.2. Quality of Service .................................56
+           4.5.3. Retransmissions ....................................57
+      4.6. CAPWAP Protocol Message Elements ..........................58
+           4.6.1. AC Descriptor ......................................61
+
+
+
+Calhoun, et al.             Standards Track                     [Page 2]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+           4.6.2. AC IPv4 List .......................................64
+           4.6.3. AC IPv6 List .......................................64
+           4.6.4. AC Name ............................................65
+           4.6.5. AC Name with Priority ..............................65
+           4.6.6. AC Timestamp .......................................66
+           4.6.7. Add MAC ACL Entry ..................................66
+           4.6.8. Add Station ........................................67
+           4.6.9. CAPWAP Control IPv4 Address ........................68
+           4.6.10. CAPWAP Control IPv6 Address .......................68
+           4.6.11. CAPWAP Local IPv4 Address .........................69
+           4.6.12. CAPWAP Local IPv6 Address .........................69
+           4.6.13. CAPWAP Timers .....................................70
+           4.6.14. CAPWAP Transport Protocol .........................71
+           4.6.15. Data Transfer Data ................................72
+           4.6.16. Data Transfer Mode ................................73
+           4.6.17. Decryption Error Report ...........................73
+           4.6.18. Decryption Error Report Period ....................74
+           4.6.19. Delete MAC ACL Entry ..............................74
+           4.6.20. Delete Station ....................................75
+           4.6.21. Discovery Type ....................................75
+           4.6.22. Duplicate IPv4 Address ............................76
+           4.6.23. Duplicate IPv6 Address ............................77
+           4.6.24. Idle Timeout ......................................78
+           4.6.25. ECN Support .......................................78
+           4.6.26. Image Data ........................................79
+           4.6.27. Image Identifier ..................................79
+           4.6.28. Image Information .................................80
+           4.6.29. Initiate Download .................................81
+           4.6.30. Location Data .....................................81
+           4.6.31. Maximum Message Length ............................81
+           4.6.32. MTU Discovery Padding .............................82
+           4.6.33. Radio Administrative State ........................82
+           4.6.34. Radio Operational State ...........................83
+           4.6.35. Result Code .......................................84
+           4.6.36. Returned Message Element ..........................85
+           4.6.37. Session ID ........................................86
+           4.6.38. Statistics Timer ..................................87
+           4.6.39. Vendor Specific Payload ...........................87
+           4.6.40. WTP Board Data ....................................88
+           4.6.41. WTP Descriptor ....................................89
+           4.6.42. WTP Fallback ......................................92
+           4.6.43. WTP Frame Tunnel Mode .............................92
+           4.6.44. WTP MAC Type ......................................93
+           4.6.45. WTP Name ..........................................94
+           4.6.46. WTP Radio Statistics ..............................94
+           4.6.47. WTP Reboot Statistics .............................96
+           4.6.48. WTP Static IP Address Information .................97
+      4.7. CAPWAP Protocol Timers ....................................98
+
+
+
+Calhoun, et al.             Standards Track                     [Page 3]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+           4.7.1. ChangeStatePendingTimer ............................98
+           4.7.2. DataChannelKeepAlive ...............................98
+           4.7.3. DataChannelDeadInterval ............................99
+           4.7.4. DataCheckTimer .....................................99
+           4.7.5. DiscoveryInterval ..................................99
+           4.7.6. DTLSSessionDelete ..................................99
+           4.7.7. EchoInterval .......................................99
+           4.7.8. IdleTimeout ........................................99
+           4.7.9. ImageDataStartTimer ...............................100
+           4.7.10. MaxDiscoveryInterval .............................100
+           4.7.11. ReportInterval ...................................100
+           4.7.12. RetransmitInterval ...............................100
+           4.7.13. SilentInterval ...................................100
+           4.7.14. StatisticsTimer ..................................100
+           4.7.15. WaitDTLS .........................................101
+           4.7.16. WaitJoin .........................................101
+      4.8. CAPWAP Protocol Variables ................................101
+           4.8.1. AdminState ........................................101
+           4.8.2. DiscoveryCount ....................................101
+           4.8.3. FailedDTLSAuthFailCount ...........................101
+           4.8.4. FailedDTLSSessionCount ............................101
+           4.8.5. MaxDiscoveries ....................................102
+           4.8.6. MaxFailedDTLSSessionRetry .........................102
+           4.8.7. MaxRetransmit .....................................102
+           4.8.8. RetransmitCount ...................................102
+           4.8.9. WTPFallBack .......................................102
+      4.9. WTP Saved Variables ......................................102
+           4.9.1. AdminRebootCount ..................................102
+           4.9.2. FrameEncapType ....................................102
+           4.9.3. LastRebootReason ..................................103
+           4.9.4. MacType ...........................................103
+           4.9.5. PreferredACs ......................................103
+           4.9.6. RebootCount .......................................103
+           4.9.7. Static IP Address .................................103
+           4.9.8. WTPLinkFailureCount ...............................103
+           4.9.9. WTPLocation .......................................103
+           4.9.10. WTPName ..........................................103
+   5. CAPWAP Discovery Operations ...................................103
+      5.1. Discovery Request Message ................................103
+      5.2. Discovery Response Message ...............................105
+      5.3. Primary Discovery Request Message ........................106
+      5.4. Primary Discovery Response ...............................107
+   6. CAPWAP Join Operations ........................................108
+      6.1. Join Request .............................................108
+      6.2. Join Response ............................................110
+   7. Control Channel Management ....................................111
+      7.1. Echo Request .............................................111
+      7.2. Echo Response ............................................112
+
+
+
+Calhoun, et al.             Standards Track                     [Page 4]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   8. WTP Configuration Management ..................................112
+      8.1. Configuration Consistency ................................112
+           8.1.1. Configuration Flexibility .........................113
+      8.2. Configuration Status Request .............................114
+      8.3. Configuration Status Response ............................115
+      8.4. Configuration Update Request .............................116
+      8.5. Configuration Update Response ............................117
+      8.6. Change State Event Request ...............................117
+      8.7. Change State Event Response ..............................118
+      8.8. Clear Configuration Request ..............................119
+      8.9. Clear Configuration Response .............................119
+   9. Device Management Operations ..................................120
+      9.1. Firmware Management ......................................120
+           9.1.1. Image Data Request ................................124
+           9.1.2. Image Data Response ...............................125
+      9.2. Reset Request ............................................126
+      9.3. Reset Response ...........................................127
+      9.4. WTP Event Request ........................................127
+      9.5. WTP Event Response .......................................128
+      9.6. Data Transfer ............................................128
+           9.6.1. Data Transfer Request .............................130
+           9.6.2. Data Transfer Response ............................131
+   10. Station Session Management ...................................131
+      10.1. Station Configuration Request ...........................131
+      10.2. Station Configuration Response ..........................132
+   11. NAT Considerations ...........................................132
+   12. Security Considerations ......................................134
+      12.1. CAPWAP Security .........................................134
+           12.1.1. Converting Protected Data into Unprotected Data ..135
+           12.1.2. Converting Unprotected Data into
+                   Protected Data (Insertion) .......................135
+           12.1.3. Deletion of Protected Records ....................135
+           12.1.4. Insertion of Unprotected Records .................135
+           12.1.5. Use of MD5 .......................................136
+           12.1.6. CAPWAP Fragmentation .............................136
+      12.2. Session ID Security .....................................136
+      12.3. Discovery or DTLS Setup Attacks .........................137
+      12.4. Interference with a DTLS Session ........................137
+      12.5. CAPWAP Pre-Provisioning .................................138
+      12.6. Use of Pre-Shared Keys in CAPWAP ........................139
+      12.7. Use of Certificates in CAPWAP ...........................140
+      12.8. Use of MAC Address in CN Field ..........................140
+      12.9. AAA Security ............................................141
+      12.10. WTP Firmware ...........................................141
+   13. Operational Considerations ...................................141
+   14. Transport Considerations .....................................142
+   15. IANA Considerations ..........................................143
+      15.1. IPv4 Multicast Address ..................................143
+
+
+
+Calhoun, et al.             Standards Track                     [Page 5]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+      15.2. IPv6 Multicast Address ..................................144
+      15.3. UDP Port ................................................144
+      15.4. CAPWAP Message Types ....................................144
+      15.5. CAPWAP Header Flags .....................................144
+      15.6. CAPWAP Control Message Flags ............................145
+      15.7. CAPWAP Message Element Type .............................145
+      15.8. CAPWAP Wireless Binding Identifiers .....................145
+      15.9. AC Security Types .......................................146
+      15.10. AC DTLS Policy .........................................146
+      15.11. AC Information Type ....................................146
+      15.12. CAPWAP Transport Protocol Types ........................146
+      15.13. Data Transfer Type .....................................147
+      15.14. Data Transfer Mode .....................................147
+      15.15. Discovery Types ........................................147
+      15.16. ECN Support ............................................148
+      15.17. Radio Admin State ......................................148
+      15.18. Radio Operational State ................................148
+      15.19. Radio Failure Causes ...................................148
+      15.20. Result Code ............................................149
+      15.21. Returned Message Element Reason ........................149
+      15.22. WTP Board Data Type ....................................149
+      15.23. WTP Descriptor Type ....................................149
+      15.24. WTP Fallback Mode ......................................150
+      15.25. WTP Frame Tunnel Mode ..................................150
+      15.26. WTP MAC Type ...........................................150
+      15.27. WTP Radio Stats Failure Type ...........................151
+      15.28. WTP Reboot Stats Failure Type ..........................151
+   16. Acknowledgments ..............................................151
+   17. References ...................................................151
+      17.1. Normative References ....................................151
+      17.2. Informative References ..................................153
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                     [Page 6]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+1.  Introduction
+
+   This document describes the CAPWAP protocol, a standard,
+   interoperable protocol that enables an Access Controller (AC) to
+   manage a collection of Wireless Termination Points (WTPs).  The
+   CAPWAP protocol is defined to be independent of Layer 2 (L2)
+   technology, and meets the objectives in "Objectives for Control and
+   Provisioning of Wireless Access Points (CAPWAP)" [RFC4564].
+
+   The emergence of centralized IEEE 802.11 Wireless Local Area Network
+   (WLAN) architectures, in which simple IEEE 802.11 WTPs are managed by
+   an Access Controller (AC), suggested that a standards-based,
+   interoperable protocol could radically simplify the deployment and
+   management of wireless networks.  WTPs require a set of dynamic
+   management and control functions related to their primary task of
+   connecting the wireless and wired mediums.  Traditional protocols for
+   managing WTPs are either manual static configuration via HTTP,
+   proprietary Layer 2-specific or non-existent (if the WTPs are self-
+   contained).  An IEEE 802.11 binding is defined in [RFC5416] to
+   support use of the CAPWAP protocol with IEEE 802.11 WLAN networks.
+
+   CAPWAP assumes a network configuration consisting of multiple WTPs
+   communicating via the Internet Protocol (IP) to an AC.  WTPs are
+   viewed as remote radio frequency (RF) interfaces controlled by the
+   AC.  The CAPWAP protocol supports two modes of operation: Split and
+   Local MAC (medium access control).  In Split MAC mode, all L2
+   wireless data and management frames are encapsulated via the CAPWAP
+   protocol and exchanged between the AC and the WTP.  As shown in
+   Figure 1, the wireless frames received from a mobile device, which is
+   referred to in this specification as a Station (STA), are directly
+   encapsulated by the WTP and forwarded to the AC.
+
+              +-+         wireless frames        +-+
+              | |--------------------------------| |
+              | |              +-+               | |
+              | |--------------| |---------------| |
+              | |wireless PHY/ | |     CAPWAP    | |
+              | | MAC sublayer | |               | |
+              +-+              +-+               +-+
+              STA              WTP                AC
+
+        Figure 1: Representative CAPWAP Architecture for Split MAC
+
+   The Local MAC mode of operation allows for the data frames to be
+   either locally bridged or tunneled as 802.3 frames.  The latter
+   implies that the WTP performs the 802.11 Integration function.  In
+   either case, the L2 wireless management frames are processed locally
+
+
+
+
+Calhoun, et al.             Standards Track                     [Page 7]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   by the WTP and then forwarded to the AC.  Figure 2 shows the Local
+   MAC mode, in which a station transmits a wireless frame that is
+   encapsulated in an 802.3 frame and forwarded to the AC.
+
+              +-+wireless frames +-+ 802.3 frames +-+
+              | |----------------| |--------------| |
+              | |                | |              | |
+              | |----------------| |--------------| |
+              | |wireless PHY/   | |     CAPWAP   | |
+              | | MAC sublayer   | |              | |
+              +-+                +-+              +-+
+              STA                WTP               AC
+
+        Figure 2: Representative CAPWAP Architecture for Local MAC
+
+   Provisioning WTPs with security credentials and managing which WTPs
+   are authorized to provide service are traditionally handled by
+   proprietary solutions.  Allowing these functions to be performed from
+   a centralized AC in an interoperable fashion increases manageability
+   and allows network operators to more tightly control their wireless
+   network infrastructure.
+
+1.1.  Goals
+
+   The goals for the CAPWAP protocol are listed below:
+
+   1. To centralize the authentication and policy enforcement functions
+      for a wireless network.  The AC may also provide centralized
+      bridging, forwarding, and encryption of user traffic.
+      Centralization of these functions will enable reduced cost and
+      higher efficiency by applying the capabilities of network
+      processing silicon to the wireless network, as in wired LANs.
+
+   2. To enable shifting of the higher-level protocol processing from
+      the WTP.  This leaves the time-critical applications of wireless
+      control and access in the WTP, making efficient use of the
+      computing power available in WTPs, which are subject to severe
+      cost pressure.
+
+   3. To provide an extensible protocol that is not bound to a specific
+      wireless technology.  Extensibility is provided via a generic
+      encapsulation and transport mechanism, enabling the CAPWAP
+      protocol to be applied to many access point types in the future,
+      via a specific wireless binding.
+
+   The CAPWAP protocol concerns itself solely with the interface between
+   the WTP and the AC.  Inter-AC and station-to-AC communication are
+   strictly outside the scope of this document.
+
+
+
+Calhoun, et al.             Standards Track                     [Page 8]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+1.2.  Conventions Used in This Document
+
+   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+   document are to be interpreted as described in RFC 2119 [RFC2119].
+
+1.3.  Contributing Authors
+
+   This section lists and acknowledges the authors of significant text
+   and concepts included in this specification.
+
+   The CAPWAP Working Group selected the Lightweight Access Point
+   Protocol (LWAPP) [LWAPP] to be used as the basis of the CAPWAP
+   protocol specification.  The following people are authors of the
+   LWAPP document:
+
+      Bob O'Hara
+      Email: bob.ohara@computer.org
+
+      Pat Calhoun, Cisco Systems, Inc.
+      170 West Tasman Drive, San Jose, CA  95134
+      Phone: +1 408-902-3240, Email: pcalhoun@cisco.com
+
+      Rohit Suri, Cisco Systems, Inc.
+      170 West Tasman Drive, San Jose, CA  95134
+      Phone: +1 408-853-5548, Email: rsuri@cisco.com
+
+      Nancy Cam Winget, Cisco Systems, Inc.
+      170 West Tasman Drive, San Jose, CA  95134
+      Phone: +1 408-853-0532, Email: ncamwing@cisco.com
+
+      Scott Kelly, Aruba Networks
+      1322 Crossman Ave, Sunnyvale, CA 94089
+      Phone: +1  408-754-8408, Email: skelly@arubanetworks.com
+
+      Michael Glenn Williams, Nokia, Inc.
+      313 Fairchild Drive, Mountain View, CA  94043
+      Phone: +1 650-714-7758, Email: Michael.G.Williams@Nokia.com
+
+      Sue Hares, Green Hills Software
+      825 Victors Way, Suite 100, Ann Arbor, MI  48108
+      Phone: +1 734 222 1610, Email: shares@ndzh.com
+
+   Datagram Transport Layer Security (DTLS) [RFC4347] is used as the
+   security solution for the CAPWAP protocol.  The following people are
+   authors of significant DTLS-related text included in this document:
+
+
+
+
+
+Calhoun, et al.             Standards Track                     [Page 9]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+      Scott Kelly, Aruba Networks
+      1322 Crossman Ave, Sunnyvale, CA 94089
+      Phone: +1  408-754-8408
+      Email: skelly@arubanetworks.com
+
+      Eric Rescorla, Network Resonance
+      2483 El Camino Real, #212,Palo Alto CA, 94303
+      Email: ekr@networkresonance.com
+
+   The concept of using DTLS to secure the CAPWAP protocol was part of
+   the Secure Light Access Point Protocol (SLAPP) proposal [SLAPP].  The
+   following people are authors of the SLAPP proposal:
+
+      Partha Narasimhan, Aruba Networks
+      1322 Crossman Ave, Sunnyvale, CA  94089
+      Phone: +1 408-480-4716
+      Email: partha@arubanetworks.com
+
+      Dan Harkins
+      Trapeze Networks
+      5753 W. Las Positas Blvd, Pleasanton, CA  94588
+      Phone: +1-925-474-2212
+      EMail: dharkins@trpz.com
+
+      Subbu Ponnuswamy, Aruba Networks
+      1322 Crossman Ave, Sunnyvale, CA  94089
+      Phone: +1 408-754-1213
+      Email: subbu@arubanetworks.com
+
+   The following individuals contributed significant security-related
+   text to the document [RFC5418]:
+
+      T. Charles Clancy, Laboratory for Telecommunications Sciences,
+      8080 Greenmead Drive, College Park, MD 20740
+      Phone: +1 240-373-5069, Email: clancy@ltsnet.net
+
+      Scott Kelly, Aruba Networks
+      1322 Crossman Ave, Sunnyvale, CA 94089
+      Phone: +1  408-754-8408, Email: scott@hyperthought.com
+
+1.4.  Terminology
+
+   Access Controller (AC): The network entity that provides WTP access
+   to the network infrastructure in the data plane, control plane,
+   management plane, or a combination therein.
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 10]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   CAPWAP Control Channel: A bi-directional flow defined by the AC IP
+   Address, WTP IP Address, AC control port, WTP control port, and the
+   transport-layer protocol (UDP or UDP-Lite) over which CAPWAP Control
+   packets are sent and received.
+
+   CAPWAP Data Channel: A bi-directional flow defined by the AC IP
+   Address, WTP IP Address, AC data port, WTP data port, and the
+   transport-layer protocol (UDP or UDP-Lite) over which CAPWAP Data
+   packets are sent and received.
+
+   Station (STA): A device that contains an interface to a wireless
+   medium (WM).
+
+   Wireless Termination Point (WTP): The physical or network entity that
+   contains an RF antenna and wireless Physical Layer (PHY) to transmit
+   and receive station traffic for wireless access networks.
+
+   This document uses additional terminology defined in [RFC3753].
+
+2.  Protocol Overview
+
+   The CAPWAP protocol is a generic protocol defining AC and WTP control
+   and data plane communication via a CAPWAP protocol transport
+   mechanism.  CAPWAP Control messages, and optionally CAPWAP Data
+   messages, are secured using Datagram Transport Layer Security (DTLS)
+   [RFC4347].  DTLS is a standards-track IETF protocol based upon TLS.
+   The underlying security-related protocol mechanisms of TLS have been
+   successfully deployed for many years.
+
+   The CAPWAP protocol transport layer carries two types of payload,
+   CAPWAP Data messages and CAPWAP Control messages.  CAPWAP Data
+   messages encapsulate forwarded wireless frames.  CAPWAP protocol
+   Control messages are management messages exchanged between a WTP and
+   an AC.  The CAPWAP Data and Control packets are sent over separate
+   UDP ports.  Since both data and control packets can exceed the
+   Maximum Transmission Unit (MTU) length, the payload of a CAPWAP Data
+   or Control message can be fragmented.  The fragmentation behavior is
+   defined in Section 3.
+
+   The CAPWAP Protocol begins with a Discovery phase.  The WTPs send a
+   Discovery Request message, causing any Access Controller (AC)
+   receiving the message to respond with a Discovery Response message.
+   From the Discovery Response messages received, a WTP selects an AC
+   with which to establish a secure DTLS session.  In order to establish
+   the secure DTLS connection, the WTP will need some amount of pre-
+   provisioning, which is specified in Section 12.5.  CAPWAP protocol
+   messages will be fragmented to the maximum length discovered to be
+   supported by the network.
+
+
+
+Calhoun, et al.             Standards Track                    [Page 11]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Once the WTP and the AC have completed DTLS session establishment, a
+   configuration exchange occurs in which both devices agree on version
+   information.  During this exchange, the WTP may receive provisioning
+   settings.  The WTP is then enabled for operation.
+
+   When the WTP and AC have completed the version and provision exchange
+   and the WTP is enabled, the CAPWAP protocol is used to encapsulate
+   the wireless data frames sent between the WTP and AC.  The CAPWAP
+   protocol will fragment the L2 frames if the size of the encapsulated
+   wireless user data (Data) or protocol control (Management) frames
+   causes the resulting CAPWAP protocol packet to exceed the MTU
+   supported between the WTP and AC.  Fragmented CAPWAP packets are
+   reassembled to reconstitute the original encapsulated payload.  MTU
+   Discovery and Fragmentation are described in Section 3.
+
+   The CAPWAP protocol provides for the delivery of commands from the AC
+   to the WTP for the management of stations that are communicating with
+   the WTP.  This may include the creation of local data structures in
+   the WTP for the stations and the collection of statistical
+   information about the communication between the WTP and the stations.
+   The CAPWAP protocol provides a mechanism for the AC to obtain
+   statistical information collected by the WTP.
+
+   The CAPWAP protocol provides for a keep-alive feature that preserves
+   the communication channel between the WTP and AC.  If the AC fails to
+   appear alive, the WTP will try to discover a new AC.
+
+2.1.  Wireless Binding Definition
+
+   The CAPWAP protocol is independent of a specific WTP radio
+   technology, as well its associated wireless link layer protocol.
+   Elements of the CAPWAP protocol are designed to accommodate the
+   specific needs of each wireless technology in a standard way.
+   Implementation of the CAPWAP protocol for a particular wireless
+   technology MUST follow the binding requirements defined for that
+   technology.
+
+   When defining a binding for wireless technologies, the authors MUST
+   include any necessary definitions for technology-specific messages
+   and all technology-specific message elements for those messages.  At
+   a minimum, a binding MUST provide:
+
+   1. The definition for a binding-specific Statistics message element,
+      carried in the WTP Event Request message.
+
+   2. A message element carried in the Station Configuration Request
+      message to configure station information on the WTP.
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 12]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   3. A WTP Radio Information message element carried in the Discovery,
+      Primary Discovery, and Join Request and Response messages,
+      indicating the binding-specific radio types supported at the WTP
+      and AC.
+
+   If technology-specific message elements are required for any of the
+   existing CAPWAP messages defined in this specification, they MUST
+   also be defined in the technology binding document.
+
+   The naming of binding-specific message elements MUST begin with the
+   name of the technology type, e.g., the binding for IEEE 802.11,
+   provided in [RFC5416], begins with "IEEE 802.11".
+
+   The CAPWAP binding concept MUST also be used in any future
+   specifications that add functionality to either the base CAPWAP
+   protocol specification, or any published CAPWAP binding
+   specification.  A separate WTP Radio Information message element MUST
+   be created to properly advertise support for the specification.  This
+   mechanism allows for future protocol extensibility, while providing
+   the necessary capabilities advertisement, through the WTP Radio
+   Information message element, to ensure WTP/AC interoperability.
+
+2.2.  CAPWAP Session Establishment Overview
+
+   This section describes the session establishment process message
+   exchanges between a CAPWAP WTP and AC.  The annotated ladder diagram
+   shows the AC on the right, the WTP on the left, and assumes the use
+   of certificates for DTLS authentication.  The CAPWAP protocol state
+   machine is described in detail in Section 2.3.  Note that DTLS allows
+   certain messages to be aggregated into a single frame, which is
+   denoted via an asterisk in Figure 3.
+
+           ============                         ============
+               WTP                                   AC
+           ============                         ============
+            [----------- begin optional discovery ------------]
+
+                           Discover Request
+                 ------------------------------------>
+                           Discover Response
+                 <------------------------------------
+
+            [----------- end optional discovery ------------]
+
+                      (-- begin DTLS handshake --)
+
+                             ClientHello
+                 ------------------------------------>
+
+
+
+Calhoun, et al.             Standards Track                    [Page 13]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+                      HelloVerifyRequest (with cookie)
+                 <------------------------------------
+
+
+                        ClientHello (with cookie)
+                 ------------------------------------>
+                                ServerHello,
+                                Certificate,
+                                ServerHelloDone*
+                 <------------------------------------
+
+                (-- WTP callout for AC authorization --)
+
+                        Certificate (optional),
+                         ClientKeyExchange,
+                     CertificateVerify (optional),
+                         ChangeCipherSpec,
+                             Finished*
+                 ------------------------------------>
+
+                (-- AC callout for WTP authorization --)
+
+                         ChangeCipherSpec,
+                             Finished*
+                 <------------------------------------
+
+                (-- DTLS session is established now --)
+
+                              Join Request
+                 ------------------------------------>
+                              Join Response
+                 <------------------------------------
+                      [-- Join State Complete --]
+
+                   (-- assume image is up to date --)
+
+                      Configuration Status Request
+                 ------------------------------------>
+                      Configuration Status Response
+                 <------------------------------------
+                    [-- Configure State Complete --]
+
+                       Change State Event Request
+                 ------------------------------------>
+                       Change State Event Response
+                 <------------------------------------
+                   [-- Data Check State Complete --]
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 14]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+                        (-- enter RUN state --)
+
+                                   :
+                                   :
+
+                              Echo Request
+                 ------------------------------------>
+                             Echo Response
+                 <------------------------------------
+
+                                   :
+                                   :
+
+                              Event Request
+                 ------------------------------------>
+                             Event Response
+                 <------------------------------------
+
+                                   :
+                                   :
+
+                Figure 3: CAPWAP Control Protocol Exchange
+
+   At the end of the illustrated CAPWAP message exchange, the AC and WTP
+   are securely exchanging CAPWAP Control messages.  This illustration
+   is provided to clarify protocol operation, and does not include any
+   possible error conditions.  Section 2.3 provides a detailed
+   description of the corresponding state machine.
+
+2.3.  CAPWAP State Machine Definition
+
+   The following state diagram represents the lifecycle of a WTP-AC
+   session.  Use of DTLS by the CAPWAP protocol results in the
+   juxtaposition of two nominally separate yet tightly bound state
+   machines.  The DTLS and CAPWAP state machines are coupled through an
+   API consisting of commands (see Section 2.3.2.1) and notifications
+   (see Section 2.3.2.2).  Certain transitions in the DTLS state machine
+   are triggered by commands from the CAPWAP state machine, while
+   certain transitions in the CAPWAP state machine are triggered by
+   notifications from the DTLS state machine.
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 15]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+                            /-------------------------------------\
+                            |          /-------------------------\|
+                            |         p|                         ||
+                            |    q+----------+ r +------------+  ||
+                            |     |   Run    |-->|   Reset    |-\||
+                            |     +----------+   +------------+ |||
+                           n|  o      ^           ^     ^      s|||
+                +------------+--------/           |     |       |||
+                | Data Check |             /-------/    |       |||
+                +------------+<-------\   |             |       |||
+                                      |   |             |       |||
+                       /------------------+--------\    |       |||
+                      f|             m|  h|    j   v   k|       |||
+               +--------+     +-----------+     +--------------+|||
+               |  Join  |---->| Configure |     |  Image Data  ||||
+               +--------+  n  +-----------+     +--------------+|||
+                ^   |g                 i|                    l| |||
+                |   |                   \-------------------\ | |||
+                |   \--------------------------------------\| | |||
+                \------------------------\                 || | |||
+         /--------------<----------------+---------------\ || | |||
+         | /------------<----------------+-------------\ | || | |||
+         | |  4                          |d           t| | vv v vvv
+         | |   +----------------+   +--------------+   +-----------+
+         | |   |   DTLS Setup   |   | DTLS Connect |-->|  DTLS TD  |
+       /-|-|---+----------------+   +--------------+ e +-----------+
+       | | |    |$  ^  ^   |5  ^6         ^              ^  |w
+       v v v    |   |  |   |   \-------\  |              |  |
+       | | |    |   |  |   \---------\ |  |  /-----------/  |
+       | | |    |   |  \--\          | |  |  |              |
+       | | |    |   |     |          | |  |  |              |
+       | | |    v  3|  1  |%     #   v |  |a |b             v
+       | | \->+------+-->+------+   +-----------+    +--------+
+       | |    | Idle |   | Disc |   | Authorize |    |  Dead  |
+       | |    +------+<--+------+   +-----------+    +--------+
+       | |     ^   0^  2      |!
+       | |     |    |         |   +-------+
+      *| |u    |    \---------+---| Start |
+       | |     |@             |   +-------+
+       | \->+---------+<------/
+       \--->| Sulking |
+            +---------+&
+
+                 Figure 4: CAPWAP Integrated State Machine
+
+   The CAPWAP protocol state machine, depicted above, is used by both
+   the AC and the WTP.  In cases where states are not shared (i.e., not
+   implemented in one or the other of the AC or WTP), this is explicitly
+
+
+
+Calhoun, et al.             Standards Track                    [Page 16]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   called out in the transition descriptions below.  For every state
+   defined, only certain messages are permitted to be sent and received.
+   The CAPWAP Control message definitions specify the state(s) in which
+   each message is valid.
+
+   Since the WTP only communicates with a single AC, it only has a
+   single instance of the CAPWAP state machine.  The state machine works
+   differently on the AC since it communicates with many WTPs.  The AC
+   uses the concept of three threads.  Note that the term thread used
+   here does not necessarily imply that implementers must use threads,
+   but it is one possible way of implementing the AC's state machine.
+
+   Listener Thread:   The AC's Listener thread handles inbound DTLS
+      session establishment requests, through the DTLSListen command.
+      Upon creation, the Listener thread starts in the DTLS Setup state.
+      Once a DTLS session has been validated, which occurs when the
+      state machine enters the "Authorize" state, the Listener thread
+      creates a WTP session-specific Service thread and state context.
+      The state machine transitions in Figure 4 are represented by
+      numerals.  It is necessary for the AC to protect itself against
+      various attacks that exist with non-authenticated frames.  See
+      Section 12 for more information.
+
+   Discovery Thread:   The AC's Discovery thread is responsible for
+      receiving, and responding to, Discovery Request messages.  The
+      state machine transitions in Figure 4 are represented by numerals.
+      Note that the Discovery thread does not maintain any per-WTP-
+      specific context information, and a single state context exists.
+      It is necessary for the AC to protect itself against various
+      attacks that exist with non-authenticated frames.  See Section 12
+      for more information.
+
+   Service Thread:   The AC's Service thread handles the per-WTP states,
+      and one such thread exists per-WTP connection.  This thread is
+      created by the Listener thread when the Authorize state is
+      reached.  When created, the Service thread inherits a copy of the
+      state machine context from the Listener thread.  When
+      communication with the WTP is complete, the Service thread is
+      terminated and all associated resources are released.  The state
+      machine transitions in Figure 4 are represented by alphabetic and
+      punctuation characters.
+
+2.3.1.  CAPWAP Protocol State Transitions
+
+   This section describes the various state transitions, and the events
+   that cause them.  This section does not discuss interactions between
+   DTLS- and CAPWAP-specific states.  Those interactions, and DTLS-
+   specific states and transitions, are discussed in Section 2.3.2.
+
+
+
+Calhoun, et al.             Standards Track                    [Page 17]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Start to Idle (0):  This transition occurs once device initialization
+      is complete.
+
+      WTP:  This state transition is used to start the WTP's CAPWAP
+            state machine.
+
+      AC:   The AC creates the Discovery and Listener threads and starts
+            the CAPWAP state machine.
+
+   Idle to Discovery (1):  This transition occurs to support the CAPWAP
+      discovery process.
+
+      WTP:  The WTP enters the Discovery state prior to transmitting the
+            first Discovery Request message (see Section 5.1).  Upon
+            entering this state, the WTP sets the DiscoveryInterval
+            timer (see Section 4.7).  The WTP resets the DiscoveryCount
+            counter to zero (0) (see Section 4.8).  The WTP also clears
+            all information from ACs it may have received during a
+            previous Discovery phase.
+
+      AC:   This state transition is executed by the AC's Discovery
+            thread, and occurs when a Discovery Request message is
+            received.  The AC SHOULD respond with a Discovery Response
+            message (see Section 5.2).
+
+   Discovery to Discovery (#):  In the Discovery state, the WTP
+      determines to which AC to connect.
+
+      WTP:  This transition occurs when the DiscoveryInterval timer
+            expires.  If the WTP is configured with a list of ACs, it
+            transmits a Discovery Request message to every AC from which
+            it has not received a Discovery Response message.  For every
+            transition to this event, the WTP increments the
+            DiscoveryCount counter.  See Section 5.1 for more
+            information on how the WTP knows the ACs to which it should
+            transmit the Discovery Request messages.  The WTP restarts
+            the DiscoveryInterval timer whenever it transmits Discovery
+            Request messages.
+
+      AC:   This is an invalid state transition for the AC.
+
+   Discovery to Idle (2):  This transition occurs on the AC's Discovery
+      thread when the Discovery processing is complete.
+
+      WTP:  This is an invalid state transition for the WTP.
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 18]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+      AC:   This state transition is executed by the AC's Discovery
+            thread when it has transmitted the Discovery Response, in
+            response to a Discovery Request.
+
+   Discovery to Sulking (!):  This transition occurs on a WTP when AC
+      Discovery fails.
+
+      WTP:  The WTP enters this state when the DiscoveryInterval timer
+            expires and the DiscoveryCount variable is equal to the
+            MaxDiscoveries variable (see Section 4.8).  Upon entering
+            this state, the WTP MUST start the SilentInterval timer.
+            While in the Sulking state, all received CAPWAP protocol
+            messages MUST be ignored.
+
+      AC:   This is an invalid state transition for the AC.
+
+   Sulking to Idle (@):  This transition occurs on a WTP when it must
+      restart the Discovery phase.
+
+      WTP:  The WTP enters this state when the SilentInterval timer (see
+            Section 4.7) expires.  The FailedDTLSSessionCount,
+            DiscoveryCount, and FailedDTLSAuthFailCount counters are
+            reset to zero.
+
+      AC:   This is an invalid state transition for the AC.
+
+   Sulking to Sulking (&):  The Sulking state provides the silent
+      period, minimizing the possibility for Denial-of-Service (DoS)
+      attacks.
+
+      WTP:  All packets received from the AC while in the sulking state
+            are ignored.
+
+      AC:   This is an invalid state transition for the AC.
+
+   Idle to DTLS Setup (3):  This transition occurs to establish a secure
+      DTLS session with the peer.
+
+      WTP:  The WTP initiates this transition by invoking the DTLSStart
+            command (see Section 2.3.2.1), which starts the DTLS session
+            establishment with the chosen AC and the WaitDTLS timer is
+            started (see Section 4.7).  When the Discovery phase is
+            bypassed, it is assumed the WTP has locally configured ACs.
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 19]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+      AC:   Upon entering the Idle state from the Start state, the newly
+            created Listener thread automatically transitions to the
+            DTLS Setup and invokes the DTLSListen command (see
+            Section 2.3.2.1), and the WaitDTLS timer is started (see
+            Section 4.7).
+
+   Discovery to DTLS Setup (%):  This transition occurs to establish a
+      secure DTLS session with the peer.
+
+      WTP:  The WTP initiates this transition by invoking the DTLSStart
+            command (see Section 2.3.2.1), which starts the DTLS session
+            establishment with the chosen AC.  The decision of to which
+            AC to connect is the result of the Discovery phase, which is
+            described in Section 3.3.
+
+      AC:   This is an invalid state transition for the AC.
+
+   DTLS Setup to Idle ($):  This transition occurs when the DTLS
+      connection setup fails.
+
+      WTP:  The WTP initiates this state transition when it receives a
+            DTLSEstablishFail notification from DTLS (see
+            Section 2.3.2.2), and the FailedDTLSSessionCount or the
+            FailedDTLSAuthFailCount counter have not reached the value
+            of the MaxFailedDTLSSessionRetry variable (see Section 4.8).
+            This error notification aborts the secure DTLS session
+            establishment.  When this notification is received, the
+            FailedDTLSSessionCount counter is incremented.  This state
+            transition also occurs if the WaitDTLS timer has expired.
+
+      AC:   This is an invalid state transition for the AC.
+
+   DTLS Setup to Sulking (*):  This transition occurs when repeated
+      attempts to set up the DTLS connection have failed.
+
+      WTP:  The WTP enters this state when the FailedDTLSSessionCount or
+            the FailedDTLSAuthFailCount counter reaches the value of the
+            MaxFailedDTLSSessionRetry variable (see Section 4.8).  Upon
+            entering this state, the WTP MUST start the SilentInterval
+            timer.  While in the Sulking state, all received CAPWAP and
+            DTLS protocol messages received MUST be ignored.
+
+      AC:   This is an invalid state transition for the AC.
+
+   DTLS Setup to DTLS Setup (4):  This transition occurs when the DTLS
+      Session failed to be established.
+
+      WTP:  This is an invalid state transition for the WTP.
+
+
+
+Calhoun, et al.             Standards Track                    [Page 20]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+      AC:   The AC's Listener initiates this state transition when it
+            receives a DTLSEstablishFail notification from DTLS (see
+            Section 2.3.2.2).  This error notification aborts the secure
+            DTLS session establishment.  When this notification is
+            received, the FailedDTLSSessionCount counter is incremented.
+            The Listener thread then invokes the DTLSListen command (see
+            Section 2.3.2.1).
+
+   DTLS Setup to Authorize (5):  This transition occurs when an incoming
+      DTLS session is being established, and the DTLS stack needs
+      authorization to proceed with the session establishment.
+
+      WTP:  This state transition occurs when the WTP receives the
+            DTLSPeerAuthorize notification (see Section 2.3.2.2).  Upon
+            entering this state, the WTP performs an authorization check
+            against the AC credentials.  See Section 2.4.4 for more
+            information on AC authorization.
+
+      AC:   This state transition is handled by the AC's Listener thread
+            when the DTLS module initiates the DTLSPeerAuthorize
+            notification (see Section 2.3.2.2).  The Listener thread
+            forks an instance of the Service thread, along with a copy
+            of the state context.  Once created, the Service thread
+            performs an authorization check against the WTP credentials.
+            See Section 2.4.4 for more information on WTP authorization.
+
+   Authorize to DTLS Setup (6):  This transition is executed by the
+      Listener thread to enable it to listen for new incoming sessions.
+
+      WTP:  This is an invalid state transition for the WTP.
+
+      AC:   This state transition occurs when the AC's Listener thread
+            has created the WTP context and the Service thread.  The
+            Listener thread then invokes the DTLSListen command (see
+            Section 2.3.2.1).
+
+   Authorize to DTLS Connect (a):  This transition occurs to notify the
+      DTLS stack that the session should be established.
+
+      WTP:  This state transition occurs when the WTP has successfully
+            authorized the AC's credentials (see Section 2.4.4).  This
+            is done by invoking the DTLSAccept DTLS command (see
+            Section 2.3.2.1).
+
+      AC:   This state transition occurs when the AC has successfully
+            authorized the WTP's credentials (see Section 2.4.4).  This
+            is done by invoking the DTLSAccept DTLS command (see
+            Section 2.3.2.1).
+
+
+
+Calhoun, et al.             Standards Track                    [Page 21]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Authorize to DTLS Teardown (b):  This transition occurs to notify the
+      DTLS stack that the session should be aborted.
+
+      WTP:  This state transition occurs when the WTP has been unable to
+            authorize the AC, using the AC credentials.  The WTP then
+            aborts the DTLS session by invoking the DTLSAbortSession
+            command (see Section 2.3.2.1).  This state transition also
+            occurs if the WaitDTLS timer has expired.  The WTP starts
+            the DTLSSessionDelete timer (see Section 4.7.6).
+
+      AC:   This state transition occurs when the AC has been unable to
+            authorize the WTP, using the WTP credentials.  The AC then
+            aborts the DTLS session by invoking the DTLSAbortSession
+            command (see Section 2.3.2.1).  This state transition also
+            occurs if the WaitDTLS timer has expired.  The AC starts the
+            DTLSSessionDelete timer (see Section 4.7.6).
+
+   DTLS Connect to DTLS Teardown (c):  This transition occurs when the
+      DTLS Session failed to be established.
+
+      WTP:  This state transition occurs when the WTP receives either a
+            DTLSAborted or DTLSAuthenticateFail notification (see
+            Section 2.3.2.2), indicating that the DTLS session was not
+            successfully established.  When this transition occurs due
+            to the DTLSAuthenticateFail notification, the
+            FailedDTLSAuthFailCount is incremented; otherwise, the
+            FailedDTLSSessionCount counter is incremented.  This state
+            transition also occurs if the WaitDTLS timer has expired.
+            The WTP starts the DTLSSessionDelete timer (see
+            Section 4.7.6).
+
+      AC:   This state transition occurs when the AC receives either a
+            DTLSAborted or DTLSAuthenticateFail notification (see
+            Section 2.3.2.2), indicating that the DTLS session was not
+            successfully established, and both of the
+            FailedDTLSAuthFailCount and FailedDTLSSessionCount counters
+            have not reached the value of the MaxFailedDTLSSessionRetry
+            variable (see Section 4.8).  This state transition also
+            occurs if the WaitDTLS timer has expired.  The AC starts the
+            DTLSSessionDelete timer (see Section 4.7.6).
+
+   DTLS Connect to Join (d):  This transition occurs when the DTLS
+      Session is successfully established.
+
+      WTP:  This state transition occurs when the WTP receives the
+            DTLSEstablished notification (see Section 2.3.2.2),
+            indicating that the DTLS session was successfully
+            established.  When this notification is received, the
+
+
+
+Calhoun, et al.             Standards Track                    [Page 22]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+            FailedDTLSSessionCount counter is set to zero.  The WTP
+            enters the Join state by transmitting the Join Request to
+            the AC.  The WTP stops the WaitDTLS timer.
+
+      AC:   This state transition occurs when the AC receives the
+            DTLSEstablished notification (see Section 2.3.2.2),
+            indicating that the DTLS session was successfully
+            established.  When this notification is received, the
+            FailedDTLSSessionCount counter is set to zero.  The AC stops
+            the WaitDTLS timer, and starts the WaitJoin timer.
+
+   Join to DTLS Teardown (e):  This transition occurs when the join
+      process has failed.
+
+      WTP:  This state transition occurs when the WTP receives a Join
+            Response message with a Result Code message element
+            containing an error, or if the Image Identifier provided by
+            the AC in the Join Response message differs from the WTP's
+            currently running firmware version and the WTP has the
+            requested image in its non-volatile memory.  This causes the
+            WTP to initiate the DTLSShutdown command (see
+            Section 2.3.2.1).  This transition also occurs if the WTP
+            receives one of the following DTLS notifications:
+            DTLSAborted, DTLSReassemblyFailure, or DTLSPeerDisconnect.
+            The WTP starts the DTLSSessionDelete timer (see
+            Section 4.7.6).
+
+      AC:   This state transition occurs either if the WaitJoin timer
+            expires or if the AC transmits a Join Response message with
+            a Result Code message element containing an error.  This
+            causes the AC to initiate the DTLSShutdown command (see
+            Section 2.3.2.1).  This transition also occurs if the AC
+            receives one of the following DTLS notifications:
+            DTLSAborted, DTLSReassemblyFailure, or DTLSPeerDisconnect.
+            The AC starts the DTLSSessionDelete timer (see
+            Section 4.7.6).
+
+   Join to Image Data (f):  This state transition is used by the WTP and
+      the AC to download executable firmware.
+
+      WTP:  The WTP enters the Image Data state when it receives a
+            successful Join Response message and determines that the
+            software version in the Image Identifier message element is
+            not the same as its currently running image.  The WTP also
+            detects that the requested image version is not currently
+            available in the WTP's non-volatile storage (see Section 9.1
+            for a full description of the firmware download process).
+            The WTP initializes the EchoInterval timer (see
+
+
+
+Calhoun, et al.             Standards Track                    [Page 23]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+            Section 4.7), and transmits the Image Data Request message
+            (see Section 9.1.1) requesting the start of the firmware
+            download.
+
+      AC:   This state transition occurs when the AC receives the Image
+            Data Request message from the WTP, after having sent its
+            Join Response to the WTP.  The AC stops the WaitJoin timer.
+            The AC MUST transmit an Image Data Response message (see
+            Section 9.1.2) to the WTP, which includes a portion of the
+            firmware.
+
+   Join to Configure (g):  This state transition is used by the WTP and
+      the AC to exchange configuration information.
+
+      WTP:  The WTP enters the Configure state when it receives a
+            successful Join Response message, and determines that the
+            included Image Identifier message element is the same as its
+            currently running image.  The WTP transmits the
+            Configuration Status Request message (see Section 8.2) to
+            the AC with message elements describing its current
+            configuration.
+
+      AC:   This state transition occurs when it receives the
+            Configuration Status Request message from the WTP (see
+            Section 8.2), which MAY include specific message elements to
+            override the WTP's configuration.  The AC stops the WaitJoin
+            timer.  The AC transmits the Configuration Status Response
+            message (see Section 8.3) and starts the
+            ChangeStatePendingTimer timer (see Section 4.7).
+
+   Configure to Reset (h):  This state transition is used to reset the
+      connection either due to an error during the configuration phase,
+      or when the WTP determines it needs to reset in order for the new
+      configuration to take effect.  The CAPWAP Reset command is used to
+      indicate to the peer that it will initiate a DTLS teardown.
+
+      WTP:  The WTP enters the Reset state when it receives a
+            Configuration Status Response message indicating an error or
+            when it determines that a reset of the WTP is required, due
+            to the characteristics of a new configuration.
+
+      AC:   The AC transitions to the Reset state when it receives a
+            Change State Event message from the WTP that contains an
+            error for which AC policy does not permit the WTP to provide
+            service.  This state transition also occurs when the AC
+            ChangeStatePendingTimer timer expires.
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 24]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Configure to DTLS Teardown (i):  This transition occurs when the
+      configuration process aborts due to a DTLS error.
+
+      WTP:  The WTP enters this state when it receives one of the
+            following DTLS notifications: DTLSAborted,
+            DTLSReassemblyFailure, or DTLSPeerDisconnect (see
+            Section 2.3.2.2).  The WTP MAY tear down the DTLS session if
+            it receives frequent DTLSDecapFailure notifications.  The
+            WTP starts the DTLSSessionDelete timer (see Section 4.7.6).
+
+      AC:   The AC enters this state when it receives one of the
+            following DTLS notifications: DTLSAborted,
+            DTLSReassemblyFailure, or DTLSPeerDisconnect (see
+            Section 2.3.2.2).  The AC MAY tear down the DTLS session if
+            it receives frequent DTLSDecapFailure notifications.  The AC
+            starts the DTLSSessionDelete timer (see Section 4.7.6).
+
+   Image Data to Image Data (j):  The Image Data state is used by the
+      WTP and the AC during the firmware download phase.
+
+      WTP:  The WTP enters the Image Data state when it receives an
+            Image Data Response message indicating that the AC has more
+            data to send.  This state transition also occurs when the
+            WTP receives the subsequent Image Data Requests, at which
+            time it resets the ImageDataStartTimer time to ensure it
+            receives the next expected Image Data Request from the AC.
+            This state transition can also occur when the WTP's
+            EchoInterval timer (see Section 4.7.7) expires, in which
+            case the WTP transmits an Echo Request message (see
+            Section 7.1), and resets its EchoInterval timer.  The state
+            transition also occurs when the WTP receives an Echo
+            Response from the AC (see Section 7.2).
+
+      AC:   This state transition occurs when the AC receives the Image
+            Data Response message from the WTP while already in the
+            Image Data state.  This state transition also occurs when
+            the AC receives an Echo Request (see Section 7.1) from the
+            WTP, in which case it responds with an Echo Response (see
+            Section 7.2), and resets its EchoInterval timer (see
+            Section 4.7.7).
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 25]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Image Data to Reset (k):  This state transition is used to reset the
+      DTLS connection prior to restarting the WTP after an image
+      download.
+
+      WTP:  When an image download completes, or if the
+            ImageDataStartTimer timer expires, the WTP enters the Reset
+            state.  The WTP MAY also transition to this state upon
+            receiving an Image Data Response message from the AC (see
+            Section 9.1.2) indicating a failure.
+
+      AC:   The AC enters the Reset state either when the image transfer
+            has successfully completed or an error occurs during the
+            image download process.
+
+   Image Data to DTLS Teardown (l):  This transition occurs when the
+      firmware download process aborts due to a DTLS error.
+
+      WTP:  The WTP enters this state when it receives one of the
+            following DTLS notifications: DTLSAborted,
+            DTLSReassemblyFailure, or DTLSPeerDisconnect (see
+            Section 2.3.2.2).  The WTP MAY tear down the DTLS session if
+            it receives frequent DTLSDecapFailure notifications.  The
+            WTP starts the DTLSSessionDelete timer (see Section 4.7.6).
+
+      AC:   The AC enters this state when it receives one of the
+            following DTLS notifications: DTLSAborted,
+            DTLSReassemblyFailure, or DTLSPeerDisconnect (see
+            Section 2.3.2.2).  The AC MAY tear down the DTLS session if
+            it receives frequent DTLSDecapFailure notifications.  The AC
+            starts the DTLSSessionDelete timer (see Section 4.7.6).
+
+   Configure to Data Check (m):  This state transition occurs when the
+      WTP and AC confirm the configuration.
+
+      WTP:  The WTP enters this state when it receives a successful
+            Configuration Status Response message from the AC.  The WTP
+            transmits the Change State Event Request message (see
+            Section 8.6).
+
+      AC:   This state transition occurs when the AC receives the Change
+            State Event Request message (see Section 8.6) from the WTP.
+            The AC responds with a Change State Event Response message
+            (see Section 8.7).  The AC MUST start the DataCheckTimer
+            timer and stops the ChangeStatePendingTimer timer (see
+            Section 4.7).
+
+   Data Check to DTLS Teardown (n):  This transition occurs when the WTP
+      does not complete the Data Check exchange.
+
+
+
+Calhoun, et al.             Standards Track                    [Page 26]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+      WTP:  This state transition occurs if the WTP does not receive the
+            Change State Event Response message before a CAPWAP
+            retransmission timeout occurs.  The WTP also transitions to
+            this state if the underlying reliable transport's
+            RetransmitCount counter has reached the MaxRetransmit
+            variable (see Section 4.7).  The WTP starts the
+            DTLSSessionDelete timer (see Section 4.7.6).
+
+      AC:   The AC enters this state when the DataCheckTimer timer
+            expires (see Section 4.7).  The AC starts the
+            DTLSSessionDelete timer (see Section 4.7.6).
+
+   Data Check to Run (o):  This state transition occurs when the linkage
+      between the control and data channels is established, causing the
+      WTP and AC to enter their normal state of operation.
+
+      WTP:  The WTP enters this state when it receives a successful
+            Change State Event Response message from the AC.  The WTP
+            initiates the data channel, which MAY require the
+            establishment of a DTLS session, starts the
+            DataChannelKeepAlive timer (see Section 4.7.2) and transmits
+            a Data Channel Keep-Alive packet (see Section 4.4.1).  The
+            WTP then starts the EchoInterval timer and
+            DataChannelDeadInterval timer (see Section 4.7).
+
+      AC:   This state transition occurs when the AC receives the Data
+            Channel Keep-Alive packet (see Section 4.4.1), with a
+            Session ID message element matching that included by the WTP
+            in the Join Request message.  The AC disables the
+            DataCheckTimer timer.  Note that if AC policy is to require
+            the data channel to be encrypted, this process would also
+            require the establishment of a data channel DTLS session.
+            Upon receiving the Data Channel Keep-Alive packet, the AC
+            transmits its own Data Channel Keep Alive packet.
+
+   Run to DTLS Teardown (p):  This state transition occurs when an error
+      has occurred in the DTLS stack, causing the DTLS session to be
+      torn down.
+
+      WTP:  The WTP enters this state when it receives one of the
+            following DTLS notifications: DTLSAborted,
+            DTLSReassemblyFailure, or DTLSPeerDisconnect (see
+            Section 2.3.2.2).  The WTP MAY tear down the DTLS session if
+            it receives frequent DTLSDecapFailure notifications.  The
+            WTP also transitions to this state if the underlying
+            reliable transport's RetransmitCount counter has reached the
+            MaxRetransmit variable (see Section 4.7).  The WTP starts
+            the DTLSSessionDelete timer (see Section 4.7.6).
+
+
+
+Calhoun, et al.             Standards Track                    [Page 27]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+      AC:   The AC enters this state when it receives one of the
+            following DTLS notifications: DTLSAborted,
+            DTLSReassemblyFailure, or DTLSPeerDisconnect (see
+            Section 2.3.2.2).  The AC MAY tear down the DTLS session if
+            it receives frequent DTLSDecapFailure notifications.  The AC
+            transitions to this state if the underlying reliable
+            transport's RetransmitCount counter has reached the
+            MaxRetransmit variable (see Section 4.7).  This state
+            transition also occurs when the AC's EchoInterval timer (see
+            Section 4.7.7) expires.  The AC starts the DTLSSessionDelete
+            timer (see Section 4.7.6).
+
+   Run to Run (q):  This is the normal state of operation.
+
+      WTP:  This is the WTP's normal state of operation.  The WTP resets
+            its EchoInterval timer whenever it transmits a request to
+            the AC.  There are many events that result in this state
+            transition:
+
+            Configuration Update:  The WTP receives a Configuration
+                  Update Request message (see Section 8.4).  The WTP
+                  MUST respond with a Configuration Update Response
+                  message (see Section 8.5).
+
+            Change State Event:  The WTP receives a Change State Event
+                  Response message, or determines that it must initiate
+                  a Change State Event Request message, as a result of a
+                  failure or change in the state of a radio.
+
+            Echo Request:  The WTP sends an Echo Request message
+                  (Section 7.1) or receives the corresponding Echo
+                  Response message, (see Section 7.2) from the AC.  When
+                  the WTP receives the Echo Response, it resets its
+                  EchoInterval timer (see Section 4.7.7).
+
+            Clear Config Request:  The WTP receives a Clear
+                  Configuration Request message (see Section 8.8) and
+                  MUST generate a corresponding Clear Configuration
+                  Response message (see Section 8.9).  The WTP MUST
+                  reset its configuration back to manufacturer defaults.
+
+            WTP Event:  The WTP sends a WTP Event Request message,
+                  delivering information to the AC (see Section 9.4).
+                  The WTP receives a WTP Event Response message from the
+                  AC (see Section 9.5).
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 28]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+            Data Transfer:  The WTP sends a Data Transfer Request or
+                  Data Transfer Response message to the AC (see
+                  Section 9.6).  The WTP receives a Data Transfer
+                  Request or Data Transfer Response message from the AC
+                  (see Section 9.6).  Upon receipt of a Data Transfer
+                  Request, the WTP transmits a Data Transfer Response to
+                  the AC.
+
+            Station Configuration Request:  The WTP receives a Station
+                  Configuration Request message (see Section 10.1), to
+                  which it MUST respond with a Station Configuration
+                  Response message (see Section 10.2).
+
+      AC:   This is the AC's normal state of operation.  Note that the
+            receipt of any Request from the WTP causes the AC to reset
+            its EchoInterval timer (see Section 4.7.7).
+
+            Configuration Update:  The AC sends a Configuration Update
+                  Request message (see Section 8.4) to the WTP to update
+                  its configuration.  The AC receives a Configuration
+                  Update Response message (see Section 8.5) from the
+                  WTP.
+
+            Change State Event:  The AC receives a Change State Event
+                  Request message (see Section 8.6), to which it MUST
+                  respond with the Change State Event Response message
+                  (see Section 8.7).
+
+            Echo Request:  The AC receives an Echo Request message (see
+                  Section 7.1), to which it MUST respond with an Echo
+                  Response message (see Section 7.2).
+
+            Clear Config Response:  The AC sends a Clear Configuration
+                  Request message (see Section 8.8) to the WTP to clear
+                  its configuration.  The AC receives a Clear
+                  Configuration Response message from the WTP (see
+                  Section 8.9).
+
+            WTP Event:  The AC receives a WTP Event Request message from
+                  the WTP (see Section 9.4) and MUST generate a
+                  corresponding WTP Event Response message (see
+                  Section 9.5).
+
+            Data Transfer:  The AC sends a Data Transfer Request or Data
+                  Transfer Response message to the WTP (see
+                  Section 9.6).  The AC receives a Data Transfer Request
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 29]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+                  or Data Transfer Response message from the WTP (see
+                  Section 9.6).  Upon receipt of a Data Transfer
+                  Request, the AC transmits a Data Transfer Response to
+                  the WTP.
+
+            Station Configuration Request:  The AC sends a Station
+                  Configuration Request message (see Section 10.1) or
+                  receives the corresponding Station Configuration
+                  Response message (see Section 10.2) from the WTP.
+
+   Run to Reset (r):  This state transition is used when either the AC
+      or WTP tears down the connection.  This may occur as part of
+      normal operation, or due to error conditions.
+
+      WTP:  The WTP enters the Reset state when it receives a Reset
+            Request message from the AC.
+
+      AC:   The AC enters the Reset state when it transmits a Reset
+            Request message to the WTP.
+
+   Reset to DTLS Teardown (s):  This transition occurs when the CAPWAP
+      reset is complete to terminate the DTLS session.
+
+      WTP:  This state transition occurs when the WTP transmits a Reset
+            Response message.  The WTP does not invoke the DTLSShutdown
+            command (see Section 2.3.2.1).  The WTP starts the
+            DTLSSessionDelete timer (see Section 4.7.6).
+
+      AC:   This state transition occurs when the AC receives a Reset
+            Response message.  This causes the AC to initiate the
+            DTLSShutdown command (see Section 2.3.2.1).  The AC starts
+            the DTLSSessionDelete timer (see Section 4.7.6).
+
+   DTLS Teardown to Idle (t):  This transition occurs when the DTLS
+      session has been shut down.
+
+      WTP:  This state transition occurs when the WTP has successfully
+            cleaned up all resources associated with the control plane
+            DTLS session, or if the DTLSSessionDelete timer (see
+            Section 4.7.6) expires.  The data plane DTLS session is also
+            shut down, and all resources released, if a DTLS session was
+            established for the data plane.  Any timers set for the
+            current instance of the state machine are also cleared.
+
+      AC:   This is an invalid state transition for the AC.
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 30]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   DTLS Teardown to Sulking (u):  This transition occurs when repeated
+      attempts to setup the DTLS connection have failed.
+
+      WTP:  The WTP enters this state when the FailedDTLSSessionCount or
+            the FailedDTLSAuthFailCount counter reaches the value of the
+            MaxFailedDTLSSessionRetry variable (see Section 4.8).  Upon
+            entering this state, the WTP MUST start the SilentInterval
+            timer.  While in the Sulking state, all received CAPWAP and
+            DTLS protocol messages received MUST be ignored.
+
+      AC:   This is an invalid state transition for the AC.
+
+   DTLS Teardown to Dead (w):  This transition occurs when the DTLS
+      session has been shut down.
+
+      WTP:  This is an invalid state transition for the WTP.
+
+      AC:   This state transition occurs when the AC has successfully
+            cleaned up all resources associated with the control plane
+            DTLS session , or if the DTLSSessionDelete timer (see
+            Section 4.7.6) expires.  The data plane DTLS session is also
+            shut down, and all resources released, if a DTLS session was
+            established for the data plane.  Any timers set for the
+            current instance of the state machine are also cleared.  The
+            AC's Service thread is terminated.
+
+2.3.2.  CAPWAP/DTLS Interface
+
+   This section describes the DTLS Commands used by CAPWAP, and the
+   notifications received from DTLS to the CAPWAP protocol stack.
+
+2.3.2.1.  CAPWAP to DTLS Commands
+
+   Six commands are defined for the CAPWAP to DTLS API.  These
+   "commands" are conceptual, and may be implemented as one or more
+   function calls.  This API definition is provided to clarify
+   interactions between the DTLS and CAPWAP components of the integrated
+   CAPWAP state machine.
+
+   Below is a list of the minimal command APIs:
+
+   o  DTLSStart is sent to the DTLS component to cause a DTLS session to
+      be established.  Upon invoking the DTLSStart command, the WaitDTLS
+      timer is started.  The WTP initiates this DTLS command, as the AC
+      does not initiate DTLS sessions.
+
+   o  DTLSListen is sent to the DTLS component to allow the DTLS
+      component to listen for incoming DTLS session requests.
+
+
+
+Calhoun, et al.             Standards Track                    [Page 31]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   o  DTLSAccept is sent to the DTLS component to allow the DTLS session
+      establishment to continue successfully.
+
+   o  DTLSAbortSession is sent to the DTLS component to cause the
+      session that is in the process of being established to be aborted.
+      This command is also sent when the WaitDTLS timer expires.  When
+      this command is executed, the FailedDTLSSessionCount counter is
+      incremented.
+
+   o  DTLSShutdown is sent to the DTLS component to cause session
+      teardown.
+
+   o  DTLSMtuUpdate is sent by the CAPWAP component to modify the MTU
+      size used by the DTLS component.  See Section 3.5 for more
+      information on MTU Discovery.  The default size is 1468 bytes.
+
+2.3.2.2.  DTLS to CAPWAP Notifications
+
+   DTLS notifications are defined for the DTLS to CAPWAP API.  These
+   "notifications" are conceptual and may be implemented in numerous
+   ways (e.g., as function return values).  This API definition is
+   provided to clarify interactions between the DTLS and CAPWAP
+   components of the integrated CAPWAP state machine.  It is important
+   to note that the notifications listed below MAY cause the CAPWAP
+   state machine to jump from one state to another using a state
+   transition not listed in Section 2.3.1.  When a notification listed
+   below occurs, the target CAPWAP state shown in Figure 4 becomes the
+   current state.
+
+   Below is a list of the API notifications:
+
+   o  DTLSPeerAuthorize is sent to the CAPWAP component during DTLS
+      session establishment once the peer's identity has been received.
+      This notification MAY be used by the CAPWAP component to authorize
+      the session, based on the peer's identity.  The authorization
+      process will lead to the CAPWAP component initiating either the
+      DTLSAccept or DTLSAbortSession commands.
+
+   o  DTLSEstablished is sent to the CAPWAP component to indicate that a
+      secure channel now exists, using the parameters provided during
+      the DTLS initialization process.  When this notification is
+      received, the FailedDTLSSessionCount counter is reset to zero.
+      When this notification is received, the WaitDTLS timer is stopped.
+
+   o  DTLSEstablishFail is sent when the DTLS session establishment has
+      failed, either due to a local error or due to the peer rejecting
+      the session establishment.  When this notification is received,
+      the FailedDTLSSessionCount counter is incremented.
+
+
+
+Calhoun, et al.             Standards Track                    [Page 32]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   o  DTLSAuthenticateFail is sent when DTLS session establishment has
+      failed due to an authentication error.  When this notification is
+      received, the FailedDTLSAuthFailCount counter is incremented.
+
+   o  DTLSAborted is sent to the CAPWAP component to indicate that
+      session abort (as requested by CAPWAP) is complete; this occurs to
+      confirm a DTLS session abort or when the WaitDTLS timer expires.
+      When this notification is received, the WaitDTLS timer is stopped.
+
+   o  DTLSReassemblyFailure MAY be sent to the CAPWAP component to
+      indicate DTLS fragment reassembly failure.
+
+   o  DTLSDecapFailure MAY be sent to the CAPWAP module to indicate a
+      decapsulation failure.  DTLSDecapFailure MAY be sent to the CAPWAP
+      module to indicate an encryption/authentication failure.  This
+      notification is intended for informative purposes only, and is not
+      intended to cause a change in the CAPWAP state machine (see
+      Section 12.4).
+
+   o  DTLSPeerDisconnect is sent to the CAPWAP component to indicate the
+      DTLS session has been torn down.  Note that this notification is
+      only received if the DTLS session has been established.
+
+2.4.  Use of DTLS in the CAPWAP Protocol
+
+   DTLS is used as a tightly integrated, secure wrapper for the CAPWAP
+   protocol.  In this document, DTLS and CAPWAP are discussed as
+   nominally distinct entities; however, they are very closely coupled,
+   and may even be implemented inseparably.  Since there are DTLS
+   library implementations currently available, and since security
+   protocols (e.g., IPsec, TLS) are often implemented in widely
+   available acceleration hardware, it is both convenient and forward-
+   looking to maintain a modular distinction in this document.
+
+   This section describes a detailed walk-through of the interactions
+   between the DTLS module and the CAPWAP module, via 'commands' (CAPWAP
+   to DTLS) and 'notifications' (DTLS to CAPWAP) as they would be
+   encountered during the normal course of operation.
+
+2.4.1.  DTLS Handshake Processing
+
+   Details of the DTLS handshake process are specified in [RFC4347].
+   This section describes the interactions between the DTLS session
+   establishment process and the CAPWAP protocol.  Note that the
+   conceptual DTLS state is shown below to help understand the point at
+   which the DTLS states transition.  In the normal case, the DTLS
+   handshake will proceed as shown in Figure 5.  (NOTE: this example
+   uses certificates, but pre-shared keys are also supported.)
+
+
+
+Calhoun, et al.             Standards Track                    [Page 33]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+           ============                         ============
+               WTP                                   AC
+           ============                         ============
+           ClientHello           ------>
+                                 <------       HelloVerifyRequest
+                                                   (with cookie)
+
+           ClientHello           ------>
+           (with cookie)
+                                 <------       ServerHello
+                                 <------       Certificate
+                                 <------       ServerHelloDone
+
+           (WTP callout for AC authorization
+                    occurs in CAPWAP Auth state)
+
+           Certificate*
+           ClientKeyExchange
+           CertificateVerify*
+           ChangeCipherSpec
+           Finished              ------>
+
+                                (AC callout for WTP authorization
+                                 occurs in CAPWAP Auth state)
+
+                                               ChangeCipherSpec
+                                 <------       Finished
+
+                         Figure 5: DTLS Handshake
+
+   DTLS, as specified, provides its own retransmit timers with an
+   exponential back-off.  [RFC4347] does not specify how long
+   retransmissions should continue.  Consequently, timing out incomplete
+   DTLS handshakes is entirely the responsibility of the CAPWAP module.
+
+   The DTLS implementation used by CAPWAP MUST support TLS Session
+   Resumption.  Session resumption is typically used to establish the
+   DTLS session used for the data channel.  Since the data channel uses
+   different port numbers than the control channel, the DTLS
+   implementation on the WTP MUST provide an interface that allows the
+   CAPWAP module to request session resumption despite the use of the
+   different port numbers (TLS implementations usually attempt session
+   resumption only when connecting to the same IP address and port
+   number).  Note that session resumption is not guaranteed to occur,
+   and a full DTLS handshake may occur instead.
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 34]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   The DTLS implementation used by CAPWAP MUST use replay detection, per
+   Section 3.3 of [RFC4347].  Since the CAPWAP protocol handles
+   retransmissions by re-encrypting lost frames, any duplicate DTLS
+   frames are either unintentional or malicious and should be silently
+   discarded.
+
+2.4.2.  DTLS Session Establishment
+
+   The WTP, either through the Discovery process or through pre-
+   configuration, determines to which AC to connect.  The WTP uses the
+   DTLSStart command to request that a secure connection be established
+   to the selected AC.  Prior to initiation of the DTLS handshake, the
+   WTP sets the WaitDTLS timer.  Upon invoking the DTLSStart or
+   DTLSListen commands, the WTP and AC, respectively, set the WaitDTLS
+   timer.  If the DTLSEstablished notification is not received prior to
+   timer expiration, the DTLS session is aborted by issuing the
+   DTLSAbortSession DTLS command.  This notification causes the CAPWAP
+   module to transition to the Idle state.  Upon receiving a
+   DTLSEstablished notification, the WaitDTLS timer is deactivated.
+
+2.4.3.  DTLS Error Handling
+
+   If the AC or WTP does not respond to any DTLS handshake messages sent
+   by its peer, the DTLS specification calls for the message to be
+   retransmitted.  Note that during the handshake, when both the AC and
+   the WTP are expecting additional handshake messages, they both
+   retransmit if an expected message has not been received (note that
+   retransmissions for CAPWAP Control messages work differently: all
+   CAPWAP Control messages are either requests or responses, and the
+   peer who sent the request is responsible for retransmissions).
+
+   If the WTP or the AC does not receive an expected DTLS handshake
+   message despite of retransmissions, the WaitDTLS timer will
+   eventually expire, and the session will be terminated.  This can
+   happen if communication between the peers has completely failed, or
+   if one of the peers sent a DTLS Alert message that was lost in
+   transit (DTLS does not retransmit Alert messages).
+
+   If a cookie fails to validate, this could represent a WTP error, or
+   it could represent a DoS attack.  Hence, AC resource utilization
+   SHOULD be minimized.  The AC MAY log a message indicating the
+   failure, and SHOULD treat the message as though no cookie were
+   present.
+
+   Since DTLS Handshake messages are potentially larger than the maximum
+   record size, DTLS supports fragmenting of Handshake messages across
+   multiple records.  There are several potential causes of re-assembly
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 35]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   errors, including overlapping and/or lost fragments.  The DTLS
+   component MUST send a DTLSReassemblyFailure notification to the
+   CAPWAP component.  Whether precise information is given along with
+   notification is an implementation issue, and hence is beyond the
+   scope of this document.  Upon receipt of such an error, the CAPWAP
+   component SHOULD log an appropriate error message.  Whether
+   processing continues or the DTLS session is terminated is
+   implementation dependent.
+
+   DTLS decapsulation errors consist of three types: decryption errors,
+   authentication errors, and malformed DTLS record headers.  Since DTLS
+   authenticates the data prior to encapsulation, if decryption fails,
+   it is difficult to detect this without first attempting to
+   authenticate the packet.  If authentication fails, a decryption error
+   is also likely, but not guaranteed.  Rather than attempt to derive
+   (and require the implementation of) algorithms for detecting
+   decryption failures, decryption failures are reported as
+   authentication failures.  The DTLS component MUST provide a
+   DTLSDecapFailure notification to the CAPWAP component when such
+   errors occur.  If a malformed DTLS record header is detected, the
+   packets SHOULD be silently discarded, and the receiver MAY log an
+   error message.
+
+   There is currently only one encapsulation error defined: MTU
+   exceeded.  As part of DTLS session establishment, the CAPWAP
+   component informs the DTLS component of the MTU size.  This may be
+   dynamically modified at any time when the CAPWAP component sends the
+   DTLSMtuUpdate command to the DTLS component (see Section 2.3.2.1).
+   The value provided to the DTLS stack is the result of the MTU
+   Discovery process, which is described in Section 3.5.  The DTLS
+   component returns this notification to the CAPWAP component whenever
+   a transmission request will result in a packet that exceeds the MTU.
+
+2.4.4.  DTLS Endpoint Authentication and Authorization
+
+   DTLS supports endpoint authentication with certificates or pre-shared
+   keys.  The TLS algorithm suites for each endpoint authentication
+   method are described below.
+
+2.4.4.1.  Authenticating with Certificates
+
+   CAPWAP implementations only use cipher suites that are recommended
+   for use with DTLS, see [DTLS-DESIGN].  At present, the following
+   algorithms MUST be supported when using certificates for CAPWAP
+   authentication:
+
+   o  TLS_RSA_WITH_AES_128_CBC_SHA [RFC5246]
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 36]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   The following algorithms SHOULD be supported when using certificates:
+
+   o  TLS_DHE_RSA_WITH_AES_128_CBC_SHA [RFC5246]
+
+   The following algorithms MAY be supported when using certificates:
+
+   o  TLS_RSA_WITH_AES_256_CBC_SHA [RFC5246]
+
+   o  TLS_DHE_RSA_WITH_AES_256_CBC_SHA [RFC5246]
+
+   Additional ciphers MAY be defined in subsequent CAPWAP
+   specifications.
+
+2.4.4.2.  Authenticating with Pre-Shared Keys
+
+   Pre-shared keys present significant challenges from a security
+   perspective, and for that reason, their use is strongly discouraged.
+   Several methods for authenticating with pre-shared keys are defined
+   [RFC4279], and we focus on the following two:
+
+   o  Pre-Shared Key (PSK) key exchange algorithm - simplest method,
+      ciphersuites use only symmetric key algorithms.
+
+   o  DHE_PSK key exchange algorithm - use a PSK to authenticate a
+      Diffie-Hellman exchange.  These ciphersuites give some additional
+      protection against dictionary attacks and also provide Perfect
+      Forward Secrecy (PFS).
+
+   The first approach (plain PSK) is susceptible to passive dictionary
+   attacks; hence, while this algorithm MUST be supported, special care
+   should be taken when choosing that method.  In particular, user-
+   readable passphrases SHOULD NOT be used, and use of short PSKs SHOULD
+   be strongly discouraged.
+
+   The following cryptographic algorithms MUST be supported when using
+   pre-shared keys:
+
+   o  TLS_PSK_WITH_AES_128_CBC_SHA [RFC5246]
+
+   o  TLS_DHE_PSK_WITH_AES_128_CBC_SHA [RFC5246]
+
+   The following algorithms MAY be supported when using pre-shared keys:
+
+   o  TLS_PSK_WITH_AES_256_CBC_SHA [RFC5246]
+
+   o  TLS_DHE_PSK_WITH_AES_256_CBC_SHA [RFC5246]
+
+   Additional ciphers MAY be defined in following CAPWAP specifications.
+
+
+
+Calhoun, et al.             Standards Track                    [Page 37]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+2.4.4.3.  Certificate Usage
+
+   Certificate authorization by the AC and WTP is required so that only
+   an AC may perform the functions of an AC and that only a WTP may
+   perform the functions of a WTP.  This restriction of functions to the
+   AC or WTP requires that the certificates used by the AC MUST be
+   distinguishable from the certificate used by the WTP.  To accomplish
+   this differentiation, the x.509 certificates MUST include the
+   Extended Key Usage (EKU) certificate extension [RFC5280].
+
+   The EKU field indicates one or more purposes for which a certificate
+   may be used.  It is an essential part in authorization.  Its syntax
+   is described in [RFC5280] and [ISO.9834-1.1993] and is as follows:
+
+         ExtKeyUsageSyntax  ::=  SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+
+         KeyPurposeId  ::=  OBJECT IDENTIFIER
+
+   Here we define two KeyPurposeId values, one for the WTP and one for
+   the AC.  Inclusion of one of these two values indicates a certificate
+   is authorized for use by a WTP or AC, respectively.  These values are
+   formatted as id-kp fields.
+
+             id-kp  OBJECT IDENTIFIER  ::=
+                 { iso(1) identified-organization(3) dod(6) internet(1)
+                   security(5) mechanisms(5) pkix(7) 3 }
+
+              id-kp-capwapAC   OBJECT IDENTIFIER  ::=  { id-kp 18 }
+
+              id-kp-capwapWTP  OBJECT IDENTIFIER  ::=  { id-kp 19 }
+
+   All capwap devices MUST support the ExtendedKeyUsage certificate
+   extension if it is present in a certificate.  If the extension is
+   present, then the certificate MUST have either the id-kp-capwapAC or
+   the id-kp-anyExtendedKeyUsage keyPurposeID to act as an AC.
+   Similarly, if the extension is present, a device MUST have the id-kp-
+   capwapWTP or id-kp-anyExtendedKeyUsage keyPurposeID to act as a WTP.
+
+   Part of the CAPWAP certificate validation process includes ensuring
+   that the proper EKU is included and allowing the CAPWAP session to be
+   established only if the extension properly represents the device.
+   For instance, an AC SHOULD NOT accept a connection request from
+   another AC, and therefore MUST verify that the id-kp-capwapWTP EKU is
+   present in the certificate.
+
+   CAPWAP implementations MUST support certificates where the common
+   name (CN) for both the WTP and AC is the MAC address of that device.
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 38]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   The MAC address MUST be encoded in the PrintableString format, using
+   the well-recognized MAC address format of 01:23:45:67:89:ab.  The CN
+   field MAY contain either of the EUI-48 [EUI-48] or EUI-64 [EUI-64]
+   MAC Address formats.  This seemingly unconventional use of the CN
+   field is consistent with other standards that rely on device
+   certificates that are provisioned during the manufacturing process,
+   such as Packet Cable [PacketCable], Cable Labs [CableLabs], and WiMAX
+   [WiMAX].  See Section 12.8 for more information on the use of the MAC
+   address in the CN field.
+
+   ACs and WTPs MUST authorize (e.g., through access control lists)
+   certificates of devices to which they are connecting, e.g., based on
+   the issuer, MAC address, or organizational information specified in
+   the certificate.  The identities specified in the certificates bind a
+   particular DTLS session to a specific pair of mutually authenticated
+   and authorized MAC addresses.  The particulars of authorization
+   filter construction are implementation details which are, for the
+   most part, not within the scope of this specification.  However, at
+   minimum, all devices MUST verify that the appropriate EKU bit is set
+   according to the role of the peer device (AC versus WTP), and that
+   the issuer of the certificate is appropriate for the domain in
+   question.
+
+2.4.4.4.  PSK Usage
+
+   When DTLS uses PSK Ciphersuites, the ServerKeyExchange message MUST
+   contain the "PSK identity hint" field and the ClientKeyExchange
+   message MUST contain the "PSK identity" field.  These fields are used
+   to help the WTP select the appropriate PSK for use with the AC, and
+   then indicate to the AC which key is being used.  When PSKs are
+   provisioned to WTPs and ACs, both the PSK Hint and PSK Identity for
+   the key MUST be specified.
+
+   The PSK Hint SHOULD uniquely identify the AC and the PSK Identity
+   SHOULD uniquely identify the WTP.  It is RECOMMENDED that these hints
+   and identities be the ASCII HEX-formatted MAC addresses of the
+   respective devices, since each pairwise combination of WTP and AC
+   SHOULD have a unique PSK.  The PSK Hint and Identity SHOULD be
+   sufficient to perform authorization, as simply having knowledge of a
+   PSK does not necessarily imply authorization.
+
+   If a single PSK is being used for multiple devices on a CAPWAP
+   network, which is NOT RECOMMENDED, the PSK Hint and Identity can no
+   longer be a MAC address, so appropriate hints and identities SHOULD
+   be selected to identify the group of devices to which the PSK is
+   provisioned.
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 39]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+3.  CAPWAP Transport
+
+   Communication between a WTP and an AC is established using the
+   standard UDP client/server model.  The CAPWAP protocol supports both
+   UDP and UDP-Lite [RFC3828] transport protocols.  When run over IPv4,
+   UDP is used for the CAPWAP Control and Data channels.
+
+   When run over IPv6, the CAPWAP Control channel always uses UDP, while
+   the CAPWAP Data channel may use either UDP or UDP-Lite.  UDP-Lite is
+   the default transport protocol for the CAPWAP Data channel.  However,
+   if a middlebox or IPv4 to IPv6 gateway has been discovered, UDP is
+   used for the CAPWAP Data channel.
+
+   This section describes how the CAPWAP protocol is carried over IP and
+   UDP/UDP-Lite transport protocols.  The CAPWAP Transport Protocol
+   message element, Section 4.6.14, describes the rules to use in
+   determining which transport protocol is to be used.
+
+   In order for CAPWAP to be compatible with potential middleboxes in
+   the network, CAPWAP implementations MUST send return traffic from the
+   same port on which they received traffic from a given peer.  Further,
+   any unsolicited requests generated by a CAPWAP node MUST be sent on
+   the same port.
+
+3.1.  UDP Transport
+
+   One of the CAPWAP protocol requirements is to allow a WTP to reside
+   behind a middlebox, firewall, and/or Network Address Translation
+   (NAT) device.  Since a CAPWAP session is initiated by the WTP
+   (client) to the well-known UDP port of the AC (server), the use of
+   UDP is a logical choice.  When CAPWAP is run over IPv4, the UDP
+   checksum field in CAPWAP packets MUST be set to zero.
+
+   CAPWAP protocol control packets sent from the WTP to the AC use the
+   CAPWAP Control channel, as defined in Section 1.4.  The CAPWAP
+   control port at the AC is the well-known UDP port 5246.  The CAPWAP
+   control port at the WTP can be any port selected by the WTP.
+
+   CAPWAP protocol data packets sent from the WTP to the AC use the
+   CAPWAP Data channel, as defined in Section 1.4.  The CAPWAP data port
+   at the AC is the well-known UDP port 5247.  If an AC permits the
+   administrator to change the CAPWAP control port, the CAPWAP data port
+   MUST be the next consecutive port number.  The CAPWAP data port at
+   the WTP can be any port selected by the WTP.
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 40]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+3.2.  UDP-Lite Transport
+
+   When CAPWAP is run over IPv6, UDP-Lite is the default transport
+   protocol, which reduces the checksum processing required for each
+   packet (compared to the use of UDP over IPv6 [RFC2460]).  When UDP-
+   Lite is used, the checksum field MUST have a coverage of 8 [RFC3828].
+
+   UDP-Lite uses the same port assignments as UDP.
+
+3.3.  AC Discovery
+
+   The AC Discovery phase allows the WTP to determine which ACs are
+   available and choose the best AC with which to establish a CAPWAP
+   session.  The Discovery phase occurs when the WTP enters the optional
+   Discovery state.  A WTP does not need to complete the AC Discovery
+   phase if it uses a pre-configured AC.  This section details the
+   mechanism used by a WTP to dynamically discover candidate ACs.
+
+   A WTP and an AC will frequently not reside in the same IP subnet
+   (broadcast domain).  When this occurs, the WTP must be capable of
+   discovering the AC, without requiring that multicast services are
+   enabled in the network.
+
+   When the WTP attempts to establish communication with an AC, it sends
+   the Discovery Request message and receives the Discovery Response
+   message from the AC(s).  The WTP MUST send the Discovery Request
+   message to either the limited broadcast IP address (255.255.255.255),
+   the well-known CAPWAP multicast address (224.0.1.140), or to the
+   unicast IP address of the AC.  For IPv6 networks, since broadcast
+   does not exist, the use of "All ACs multicast address" (FF0X:0:0:0:0:
+   0:0:18C) is used instead.  Upon receipt of the Discovery Request
+   message, the AC sends a Discovery Response message to the unicast IP
+   address of the WTP, regardless of whether the Discovery Request
+   message was sent as a broadcast, multicast, or unicast message.
+
+   WTP use of a limited IP broadcast, multicast, or unicast IP address
+   is implementation dependent.  ACs, on the other hand, MUST support
+   broadcast, multicast, and unicast discovery.
+
+   When a WTP transmits a Discovery Request message to a unicast
+   address, the WTP must first obtain the IP address of the AC.  Any
+   static configuration of an AC's IP address on the WTP non-volatile
+   storage is implementation dependent.  However, additional dynamic
+   schemes are possible, for example:
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 41]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   DHCP:  See [RFC5417] for more information on the use of DHCP to
+      discover AC IP addresses.
+
+   DNS:  The WTP MAY support use of DNS Service Records (SRVs) [RFC2782]
+      to discover the AC address(es).  In this case, the WTP first
+      obtains (e.g., from local configuration) the correct domain name
+      suffix (e.g., "example.com") and performs an SRV lookup with
+      Service name "capwap-control" and Proto "udp".  Thus, the name
+      resolved in DNS would be, e.g., "_capwap-
+      control._udp.example.com".  Note that the SRV record MAY specify a
+      non-default port number for the control channel; the port number
+      for the data channel is the next port number (control channel port
+      + 1).
+
+   An AC MAY also communicate alternative ACs to the WTP within the
+   Discovery Response message through the AC IPv4 List (see
+   Section 4.6.2) and AC IPv6 List (see Section 4.6.2).  The addresses
+   provided in these two message elements are intended to help the WTP
+   discover additional ACs through means other than those listed above.
+
+   The AC Name with Priority message element (see Section 4.6.5) is used
+   to communicate a list of preferred ACs to the WTP.  The WTP SHOULD
+   attempt to utilize the ACs listed in the order provided by the AC.
+   The Name-to-IP Address mapping is handled via the Discovery message
+   exchange, in which the ACs provide their identity in the AC Name (see
+   Section 4.6.4) message element in the Discovery Response message.
+
+   Once the WTP has received Discovery Response messages from the
+   candidate ACs, it MAY use other factors to determine the preferred
+   AC.  For instance, each binding defines a WTP Radio Information
+   message element (see Section 2.1), which the AC includes in Discovery
+   Response messages.  The presence of one or more of these message
+   elements is used to identify the CAPWAP bindings supported by the AC.
+   A WTP MAY connect to an AC based on the supported bindings
+   advertised.
+
+3.4.  Fragmentation/Reassembly
+
+   While fragmentation and reassembly services are provided by IP, the
+   CAPWAP protocol also provides such services.  Environments where the
+   CAPWAP protocol is used involve firewall, NAT, and "middlebox"
+   devices, which tend to drop IP fragments to minimize possible DoS
+   attacks.  By providing fragmentation and reassembly at the
+   application layer, any fragmentation required due to the tunneling
+   component of the CAPWAP protocol becomes transparent to these
+   intermediate devices.  Consequently, the CAPWAP protocol can be used
+   in any network topology including firewall, NAT, and middlebox
+   devices.
+
+
+
+Calhoun, et al.             Standards Track                    [Page 42]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   It is important to note that the fragmentation mechanism employed by
+   CAPWAP has known limitations and deficiencies, which are similar to
+   those described in [RFC4963].  The limited size of the Fragment ID
+   field (see Section 4.3) can cause wrapping of the field, and hence
+   cause fragments from different datagrams to be incorrectly spliced
+   together (known as "mis-associated").  For example, a 100Mpbs link
+   with an MTU of 1500 (causing fragmentation at 1450 bytes) would cause
+   the Fragment ID field wrap in 8 seconds.  Consequently, CAPWAP
+   implementers are warned to properly size their buffers for reassembly
+   purposes based on the expected wireless technology throughput.
+
+   CAPWAP implementations SHOULD perform MTU Discovery (see
+   Section 3.5), which can avoid the need for fragmentation.  At the
+   time of writing of this specification, most enterprise switching and
+   routing infrastructure were capable of supporting "mini-jumbo" frames
+   (1800 bytes), which eliminates the need for fragmentation (assuming
+   the station's MTU is 1500 bytes).  The need for fragmentation
+   typically continues to exist when the WTP communicates with the AC
+   over a Wide Area Network (WAN).  Therefore, future versions of the
+   CAPWAP protocol SHOULD consider either increasing the size of the
+   Fragment ID field or providing alternative extensions.
+
+3.5.  MTU Discovery
+
+   Once a WTP has discovered the AC with which it wishes to establish a
+   CAPWAP session, it SHOULD perform a Path MTU (PMTU) discovery.  One
+   recommendation for performing PMTU discovery is to have the WTP
+   transmit Discovery Request (see Section 5.1) messages, and include
+   the MTU Discovery Padding message element (see Section 4.6.32).  The
+   actual procedures used for PMTU discovery are described in [RFC1191]
+   for IPv4; for IPv6, [RFC1981] SHOULD be used.  Alternatively,
+   implementers MAY use the procedures defined in [RFC4821].  The WTP
+   SHOULD also periodically re-evaluate the PMTU using the guidelines
+   provided in these two RFCs, using the Primary Discovery Request (see
+   Section 5.3) along with the MTU Discovery Padding message element
+   (see Section 4.6.32).  When the MTU is initially known, or updated in
+   the case where an existing session already exists, the discovered
+   PMTU is used to configure the DTLS component (see Section 2.3.2.1),
+   while non-DTLS frames need to be fragmented to fit the MTU, defined
+   in Section 3.4.
+
+4.  CAPWAP Packet Formats
+
+   This section contains the CAPWAP protocol packet formats.  A CAPWAP
+   protocol packet consists of one or more CAPWAP Transport Layer packet
+   headers followed by a CAPWAP message.  The CAPWAP message can be
+   either of type Control or Data, where Control packets carry
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 43]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   signaling, and Data packets carry user payloads.  The CAPWAP frame
+   formats for CAPWAP Data packets, and for DTLS encapsulated CAPWAP
+   Data and Control packets are defined below.
+
+   The CAPWAP Control protocol includes two messages that are never
+   protected by DTLS: the Discovery Request message and the Discovery
+   Response message.  These messages need to be in the clear to allow
+   the CAPWAP protocol to properly identify and process them.  The
+   format of these packets are as follows:
+
+       CAPWAP Control Packet (Discovery Request/Response):
+       +-------------------------------------------+
+       | IP  | UDP | CAPWAP | Control | Message    |
+       | Hdr | Hdr | Header | Header  | Element(s) |
+       +-------------------------------------------+
+
+   All other CAPWAP Control protocol messages MUST be protected via the
+   DTLS protocol, which ensures that the packets are both authenticated
+   and encrypted.  These packets include the CAPWAP DTLS Header, which
+   is described in Section 4.2.  The format of these packets is as
+   follows:
+
+    CAPWAP Control Packet (DTLS Security Required):
+    +------------------------------------------------------------------+
+    | IP  | UDP | CAPWAP   | DTLS | CAPWAP | Control| Message   | DTLS |
+    | Hdr | Hdr | DTLS Hdr | Hdr  | Header | Header | Element(s)| Trlr |
+    +------------------------------------------------------------------+
+                           \---------- authenticated -----------/
+                                  \------------- encrypted ------------/
+
+   The CAPWAP protocol allows optional protection of data packets, using
+   DTLS.  Use of data packet protection is determined by AC policy.
+   When DTLS is utilized, the optional CAPWAP DTLS Header is present,
+   which is described in Section 4.2.  The format of CAPWAP Data packets
+   is shown below:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 44]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+       CAPWAP Plain Text Data Packet :
+       +-------------------------------+
+       | IP  | UDP | CAPWAP | Wireless |
+       | Hdr | Hdr | Header | Payload  |
+       +-------------------------------+
+
+       DTLS Secured CAPWAP Data Packet:
+       +--------------------------------------------------------+
+       | IP  | UDP |  CAPWAP  | DTLS | CAPWAP | Wireless | DTLS |
+       | Hdr | Hdr | DTLS Hdr | Hdr  |  Hdr   | Payload  | Trlr |
+       +--------------------------------------------------------+
+                              \------ authenticated -----/
+                                     \------- encrypted --------/
+
+   UDP Header:  All CAPWAP packets are encapsulated within either UDP,
+      or UDP-Lite when used over IPv6.  Section 3 defines the specific
+      UDP or UDP-Lite usage.
+
+   CAPWAP DTLS Header:  All DTLS encrypted CAPWAP protocol packets are
+      prefixed with the CAPWAP DTLS Header (see Section 4.2).
+
+   DTLS Header:  The DTLS Header provides authentication and encryption
+      services to the CAPWAP payload it encapsulates.  This protocol is
+      defined in [RFC4347].
+
+   CAPWAP Header:  All CAPWAP protocol packets use a common header that
+      immediately follows the CAPWAP preamble or DTLS Header.  The
+      CAPWAP Header is defined in Section 4.3.
+
+   Wireless Payload:  A CAPWAP protocol packet that contains a wireless
+      payload is a CAPWAP Data packet.  The CAPWAP protocol does not
+      specify the format of the wireless payload, which is defined by
+      the appropriate wireless standard.  Additional information is in
+      Section 4.4.
+
+   Control Header:  The CAPWAP protocol includes a signaling component,
+      known as the CAPWAP Control protocol.  All CAPWAP Control packets
+      include a Control Header, which is defined in Section 4.5.1.
+      CAPWAP Data packets do not contain a Control Header field.
+
+   Message Elements:  A CAPWAP Control packet includes one or more
+      message elements, which are found immediately following the
+      Control Header.  These message elements are in a Type/Length/Value
+      style header, defined in Section 4.6.
+
+   A CAPWAP implementation MUST be capable of receiving a reassembled
+   CAPWAP message of length 4096 bytes.  A CAPWAP implementation MAY
+   indicate that it supports a higher maximum message length, by
+
+
+
+Calhoun, et al.             Standards Track                    [Page 45]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   including the Maximum Message Length message element, see
+   Section 4.6.31, in the Join Request message or the Join Response
+   message.
+
+4.1.  CAPWAP Preamble
+
+   The CAPWAP preamble is common to all CAPWAP transport headers and is
+   used to identify the header type that immediately follows.  The
+   reason for this preamble is to avoid needing to perform byte
+   comparisons in order to guess whether or not the frame is DTLS
+   encrypted.  It also provides an extensibility framework that can be
+   used to support additional transport types.  The format of the
+   preamble is as follows:
+
+         0
+         0 1 2 3 4 5 6 7
+        +-+-+-+-+-+-+-+-+
+        |Version| Type  |
+        +-+-+-+-+-+-+-+-+
+
+   Version:  A 4-bit field that contains the version of CAPWAP used in
+      this packet.  The value for this specification is zero (0).
+
+   Type:  A 4-bit field that specifies the payload type that follows the
+      UDP header.  The following values are supported:
+
+      0 -   CAPWAP Header.  The CAPWAP Header (see Section 4.3)
+            immediately follows the UDP header.  If the packet is
+            received on the CAPWAP Data channel, the CAPWAP stack MUST
+            treat the packet as a clear text CAPWAP Data packet.  If
+            received on the CAPWAP Control channel, the CAPWAP stack
+            MUST treat the packet as a clear text CAPWAP Control packet.
+            If the control packet is not a Discovery Request or
+            Discovery Response packet, the packet MUST be dropped.
+
+      1 -   CAPWAP DTLS Header.  The CAPWAP DTLS Header (and DTLS
+            packet) immediately follows the UDP header (see
+            Section 4.2).
+
+4.2.  CAPWAP DTLS Header
+
+   The CAPWAP DTLS Header is used to identify the packet as a DTLS
+   encrypted packet.  The first eight bits include the common CAPWAP
+   Preamble.  The remaining 24 bits are padding to ensure 4-byte
+   alignment, and MAY be used in a future version of the protocol.  The
+   DTLS packet [RFC4347] always immediately follows this header.  The
+   format of the CAPWAP DTLS Header is as follows:
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 46]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+        0                   1                   2                   3
+        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |CAPWAP Preamble|                    Reserved                   |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   CAPWAP Preamble:  The CAPWAP Preamble is defined in Section 4.1.  The
+      CAPWAP Preamble's Payload Type field MUST be set to one (1).
+
+   Reserved:  The 24-bit field is reserved for future use.  All
+      implementations complying with this protocol MUST set to zero any
+      bits that are reserved in the version of the protocol supported by
+      that implementation.  Receivers MUST ignore all bits not defined
+      for the version of the protocol they support.
+
+4.3.  CAPWAP Header
+
+   All CAPWAP protocol messages are encapsulated using a common header
+   format, regardless of the CAPWAP Control or CAPWAP Data transport
+   used to carry the messages.  However, certain flags are not
+   applicable for a given transport.  Refer to the specific transport
+   section in order to determine which flags are valid.
+
+   Note that the optional fields defined in this section MUST be present
+   in the precise order shown below.
+
+        0                   1                   2                   3
+        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |CAPWAP Preamble|  HLEN   |   RID   | WBID    |T|F|L|W|M|K|Flags|
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |          Fragment ID          |     Frag Offset         |Rsvd |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |                 (optional) Radio MAC Address                  |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |            (optional) Wireless Specific Information           |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |                        Payload ....                           |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   CAPWAP Preamble:  The CAPWAP Preamble is defined in Section 4.1.  The
+      CAPWAP Preamble's Payload Type field MUST be set to zero (0).  If
+      the CAPWAP DTLS Header is present, the version number in both
+      CAPWAP Preambles MUST match.  The reason for this duplicate field
+      is to avoid any possible tampering of the version field in the
+      preamble that is not encrypted or authenticated.
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 47]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   HLEN:  A 5-bit field containing the length of the CAPWAP transport
+      header in 4-byte words (similar to IP header length).  This length
+      includes the optional headers.
+
+   RID:  A 5-bit field that contains the Radio ID number for this
+      packet, whose value is between one (1) and 31.  Given that MAC
+      Addresses are not necessarily unique across physical radios in a
+      WTP, the Radio Identifier (RID) field is used to indicate with
+      which physical radio the message is associated.
+
+   WBID:  A 5-bit field that is the wireless binding identifier.  The
+      identifier will indicate the type of wireless packet associated
+      with the radio.  The following values are defined:
+
+      0 -  Reserved
+
+      1 -  IEEE 802.11
+
+      2 -  Reserved
+
+      3 -  EPCGlobal [EPCGlobal]
+
+   T: The Type 'T' bit indicates the format of the frame being
+      transported in the payload.  When this bit is set to one (1), the
+      payload has the native frame format indicated by the WBID field.
+      When this bit is zero (0), the payload is an IEEE 802.3 frame.
+
+   F: The Fragment 'F' bit indicates whether this packet is a fragment.
+      When this bit is one (1), the packet is a fragment and MUST be
+      combined with the other corresponding fragments to reassemble the
+      complete information exchanged between the WTP and AC.
+
+   L: The Last 'L' bit is valid only if the 'F' bit is set and indicates
+      whether the packet contains the last fragment of a fragmented
+      exchange between WTP and AC.  When this bit is one (1), the packet
+      is the last fragment.  When this bit is (zero) 0, the packet is
+      not the last fragment.
+
+   W: The Wireless 'W' bit is used to specify whether the optional
+      Wireless Specific Information field is present in the header.  A
+      value of one (1) is used to represent the fact that the optional
+      header is present.
+
+   M: The Radio MAC 'M' bit is used to indicate that the Radio MAC
+      Address optional header is present.  This is used to communicate
+      the MAC address of the receiving radio.
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 48]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   K: The Keep-Alive 'K' bit indicates the packet is a Data Channel
+      Keep-Alive packet.  This packet is used to map the data channel to
+      the control channel for the specified Session ID and to maintain
+      freshness of the data channel.  The 'K' bit MUST NOT be set for
+      data packets containing user data.
+
+   Flags:  A set of reserved bits for future flags in the CAPWAP Header.
+      All implementations complying with this protocol MUST set to zero
+      any bits that are reserved in the version of the protocol
+      supported by that implementation.  Receivers MUST ignore all bits
+      not defined for the version of the protocol they support.
+
+   Fragment ID:  A 16-bit field whose value is assigned to each group of
+      fragments making up a complete set.  The Fragment ID space is
+      managed individually for each direction for every WTP/AC pair.
+      The value of Fragment ID is incremented with each new set of
+      fragments.  The Fragment ID wraps to zero after the maximum value
+      has been used to identify a set of fragments.
+
+   Fragment Offset:  A 13-bit field that indicates where in the payload
+      this fragment belongs during re-assembly.  This field is valid
+      when the 'F' bit is set to 1.  The fragment offset is measured in
+      units of 8 octets (64 bits).  The first fragment has offset zero.
+      Note that the CAPWAP protocol does not allow for overlapping
+      fragments.
+
+   Reserved:  The 3-bit field is reserved for future use.  All
+      implementations complying with this protocol MUST set to zero any
+      bits that are reserved in the version of the protocol supported by
+      that implementation.  Receivers MUST ignore all bits not defined
+      for the version of the protocol they support.
+
+   Radio MAC Address:  This optional field contains the MAC address of
+      the radio receiving the packet.  Because the native wireless frame
+      format to IEEE 802.3 format causes the MAC address of the WTP's
+      radio to be lost, this field allows the address to be communicated
+      to the AC.  This field is only present if the 'M' bit is set.  The
+      HLEN field assumes 4-byte alignment, and this field MUST be padded
+      with zeroes (0x00) if it is not 4-byte aligned.
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 49]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+      The field contains the basic format:
+
+        0                   1                   2                   3
+        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |     Length    |                  MAC Address
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+      Length:  The length of the MAC address field.  The formats and
+         lengths specified in [EUI-48] and [EUI-64] are supported.
+
+      MAC Address:  The MAC address of the receiving radio.
+
+   Wireless Specific Information:  This optional field contains
+      technology-specific information that may be used to carry per-
+      packet wireless information.  This field is only present if the
+      'W' bit is set.  The WBID field in the CAPWAP Header is used to
+      identify the format of the Wireless-Specific Information optional
+      field.  The HLEN field assumes 4-byte alignment, and this field
+      MUST be padded with zeroes (0x00) if it is not 4-byte aligned.
+
+      The Wireless-Specific Information field uses the following format:
+
+        0                   1                   2                   3
+        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |    Length     |                Data...
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+      Length:  The 8-bit field contains the length of the data field,
+         with a maximum size of 255.
+
+      Data:  Wireless-specific information, defined by the wireless-
+         specific binding specified in the CAPWAP Header's WBID field.
+
+   Payload:  This field contains the header for a CAPWAP Data Message or
+      CAPWAP Control Message, followed by the data contained in the
+      message.
+
+4.4.  CAPWAP Data Messages
+
+   There are two different types of CAPWAP Data packets: CAPWAP Data
+   Channel Keep-Alive packets and Data Payload packets.  The first is
+   used by the WTP to synchronize the control and data channels and to
+   maintain freshness of the data channel.  The second is used to
+   transmit user payloads between the AC and WTP.  This section
+   describes both types of CAPWAP Data packet formats.
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 50]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Both CAPWAP Data messages are transmitted on the CAPWAP Data channel.
+
+4.4.1.  CAPWAP Data Channel Keep-Alive
+
+   The CAPWAP Data Channel Keep-Alive packet is used to bind the CAPWAP
+   control channel with the data channel, and to maintain freshness of
+   the data channel, ensuring that the channel is still functioning.
+   The CAPWAP Data Channel Keep-Alive packet is transmitted by the WTP
+   when the DataChannelKeepAlive timer expires (see Section 4.7.2).
+   When the CAPWAP Data Channel Keep-Alive packet is transmitted, the
+   WTP sets the DataChannelDeadInterval timer.
+
+   In the CAPWAP Data Channel Keep-Alive packet, all of the fields in
+   the CAPWAP Header, except the HLEN field and the 'K' bit, are set to
+   zero upon transmission.  Upon receiving a CAPWAP Data Channel Keep-
+   Alive packet, the AC transmits a CAPWAP Data Channel Keep-Alive
+   packet back to the WTP.  The contents of the transmitted packet are
+   identical to the contents of the received packet.
+
+   Upon receiving a CAPWAP Data Channel Keep-Alive packet, the WTP
+   cancels the DataChannelDeadInterval timer and resets the
+   DataChannelKeepAlive timer.  The CAPWAP Data Channel Keep-Alive
+   packet is retransmitted by the WTP in the same manner as the CAPWAP
+   Control messages.  If the DataChannelDeadInterval timer expires, the
+   WTP tears down the control DTLS session, and the data DTLS session if
+   one existed.
+
+   The CAPWAP Data Channel Keep-Alive packet contains the following
+   payload immediately following the CAPWAP Header (see Section 4.3).
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |    Message Element Length     |  Message Element [0..N] ...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Message Element Length:   The 16-bit Length field indicates the
+      number of bytes following the CAPWAP Header, with a maximum size
+      of 65535.
+
+   Message Element[0..N]:   The message element(s) carry the information
+      pertinent to each of the CAPWAP Data Channel Keep-Alive message.
+      The following message elements MUST be present in this CAPWAP
+      message:
+
+         Session ID, see Section 4.6.37.
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 51]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+4.4.2.  Data Payload
+
+   A CAPWAP protocol Data Payload packet encapsulates a forwarded
+   wireless frame.  The CAPWAP protocol defines two different modes of
+   encapsulation: IEEE 802.3 and native wireless.  IEEE 802.3
+   encapsulation requires that for 802.11 frames, the 802.11
+   *Integration* function be performed in the WTP.  An IEEE 802.3-
+   encapsulated user payload frame has the following format:
+
+       +------------------------------------------------------+
+       | IP Header | UDP Header | CAPWAP Header | 802.3 Frame |
+       +------------------------------------------------------+
+
+   The CAPWAP protocol also defines the native wireless encapsulation
+   mode.  The format of the encapsulated CAPWAP Data frame is subject to
+   the rules defined by the specific wireless technology binding.  Each
+   wireless technology binding MUST contain a section entitled "Payload
+   Encapsulation", which defines the format of the wireless payload that
+   is encapsulated within CAPWAP Data packets.
+
+   For 802.3 payload frames, the 802.3 frame is encapsulated (excluding
+   the IEEE 802.3 Preamble, Start Frame Delimiter (SFD), and Frame Check
+   Sequence (FCS) fields).  If the encapsulated frame would exceed the
+   transport layer's MTU, the sender is responsible for the
+   fragmentation of the frame, as specified in Section 3.4.  The CAPWAP
+   protocol can support IEEE 802.3 frames whose length is defined in the
+   IEEE 802.3as specification [FRAME-EXT].
+
+4.4.3.  Establishment of a DTLS Data Channel
+
+   If the AC and WTP are configured to tunnel the data channel over
+   DTLS, the proper DTLS session must be initiated.  To avoid having to
+   reauthenticate and reauthorize an AC and WTP, the DTLS data channel
+   SHOULD be initiated using the TLS session resumption feature
+   [RFC5246].
+
+   The AC DTLS implementation MUST NOT initiate a data channel session
+   for a DTLS session for which there is no active control channel
+   session.
+
+4.5.  CAPWAP Control Messages
+
+   The CAPWAP Control protocol provides a control channel between the
+   WTP and the AC.  Control messages are divided into the following
+   message types:
+
+   Discovery:  CAPWAP Discovery messages are used to identify potential
+      ACs, their load and capabilities.
+
+
+
+Calhoun, et al.             Standards Track                    [Page 52]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Join:  CAPWAP Join messages are used by a WTP to request service from
+      an AC, and for the AC to respond to the WTP.
+
+   Control Channel Management:  CAPWAP Control channel management
+      messages are used to maintain the control channel.
+
+   WTP Configuration Management:  The WTP Configuration messages are
+      used by the AC to deliver a specific configuration to the WTP.
+      Messages that retrieve statistics from a WTP are also included in
+      WTP Configuration Management.
+
+   Station Session Management:  Station Session Management messages are
+      used by the AC to deliver specific station policies to the WTP.
+
+   Device Management Operations:  Device management operations are used
+      to request and deliver a firmware image to the WTP.
+
+   Binding-Specific CAPWAP Management Messages:  Messages in this
+      category are used by the AC and the WTP to exchange protocol-
+      specific CAPWAP management messages.  These messages may or may
+      not be used to change the link state of a station.
+
+   Discovery, Join, Control Channel Management, WTP Configuration
+   Management, and Station Session Management CAPWAP Control messages
+   MUST be implemented.  Device Management Operations messages MAY be
+   implemented.
+
+   CAPWAP Control messages sent from the WTP to the AC indicate that the
+   WTP is operational, providing an implicit keep-alive mechanism for
+   the WTP.  The Control Channel Management Echo Request and Echo
+   Response messages provide an explicit keep-alive mechanism when other
+   CAPWAP Control messages are not exchanged.
+
+4.5.1.  Control Message Format
+
+   All CAPWAP Control messages are sent encapsulated within the CAPWAP
+   Header (see Section 4.3).  Immediately following the CAPWAP Header is
+   the control header, which has the following format:
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                       Message Type                            |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |    Seq Num    |        Msg Element Length     |     Flags     |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     | Msg Element [0..N] ...
+     +-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 53]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+4.5.1.1.  Message Type
+
+   The Message Type field identifies the function of the CAPWAP Control
+   message.  To provide extensibility, the Message Type field is
+   comprised of an IANA Enterprise Number [RFC3232] and an enterprise-
+   specific message type number.  The first three octets contain the
+   IANA Enterprise Number in network byte order, with zero used for
+   CAPWAP base protocol (this specification) defined message types.  The
+   last octet is the enterprise-specific message type number, which has
+   a range from 0 to 255.
+
+   The Message Type field is defined as:
+
+         Message Type =
+                 IANA Enterprise Number * 256 +
+                     Enterprise Specific Message Type Number
+
+   The CAPWAP protocol reliability mechanism requires that messages be
+   defined in pairs, consisting of both a Request and a Response
+   message.  The Response message MUST acknowledge the Request message.
+   The assignment of CAPWAP Control Message Type Values always occurs in
+   pairs.  All Request messages have odd numbered Message Type Values,
+   and all Response messages have even numbered Message Type Values.
+   The Request value MUST be assigned first.  As an example, assigning a
+   Message Type Value of 3 for a Request message and 4 for a Response
+   message is valid, while assigning a Message Type Value of 4 for a
+   Response message and 5 for the corresponding Request message is
+   invalid.
+
+   When a WTP or AC receives a message with a Message Type Value field
+   that is not recognized and is an odd number, the number in the
+   Message Type Value Field is incremented by one, and a Response
+   message with a Message Type Value field containing the incremented
+   value and containing the Result Code message element with the value
+   (Unrecognized Request) is returned to the sender of the received
+   message.  If the unknown message type is even, the message is
+   ignored.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 54]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   The valid values for CAPWAP Control Message Types are specified in
+   the table below:
+
+           CAPWAP Control Message           Message Type
+                                              Value
+           Discovery Request                    1
+           Discovery Response                   2
+           Join Request                         3
+           Join Response                        4
+           Configuration Status Request         5
+           Configuration Status Response        6
+           Configuration Update Request         7
+           Configuration Update Response        8
+           WTP Event Request                    9
+           WTP Event Response                  10
+           Change State Event Request          11
+           Change State Event Response         12
+           Echo Request                        13
+           Echo Response                       14
+           Image Data Request                  15
+           Image Data Response                 16
+           Reset Request                       17
+           Reset Response                      18
+           Primary Discovery Request           19
+           Primary Discovery Response          20
+           Data Transfer Request               21
+           Data Transfer Response              22
+           Clear Configuration Request         23
+           Clear Configuration Response        24
+           Station Configuration Request       25
+           Station Configuration Response      26
+
+4.5.1.2.  Sequence Number
+
+   The Sequence Number field is an identifier value used to match
+   Request and Response packets.  When a CAPWAP packet with a Request
+   Message Type Value is received, the value of the Sequence Number
+   field is copied into the corresponding Response message.
+
+   When a CAPWAP Control message is sent, the sender's internal sequence
+   number counter is monotonically incremented, ensuring that no two
+   pending Request messages have the same sequence number.  The Sequence
+   Number field wraps back to zero.
+
+4.5.1.3.  Message Element Length
+
+   The Length field indicates the number of bytes following the Sequence
+   Number field.
+
+
+
+Calhoun, et al.             Standards Track                    [Page 55]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+4.5.1.4.  Flags
+
+   The Flags field MUST be set to zero.
+
+4.5.1.5.  Message Element [0..N]
+
+   The message element(s) carry the information pertinent to each of the
+   control message types.  Every control message in this specification
+   specifies which message elements are permitted.
+
+   When a WTP or AC receives a CAPWAP message without a message element
+   that is specified as mandatory for the CAPWAP message, then the
+   CAPWAP message is discarded.  If the received message was a Request
+   message for which the corresponding Response message carries message
+   elements, then a corresponding Response message with a Result Code
+   message element indicating "Failure - Missing Mandatory Message
+   Element" is returned to the sender.
+
+   When a WTP or AC receives a CAPWAP message with a message element
+   that the WTP or AC does not recognize, the CAPWAP message is
+   discarded.  If the received message was a Request message for which
+   the corresponding Response message carries message elements, then a
+   corresponding Response message with a Result Code message element
+   indicating "Failure - Unrecognized Message Element" and one or more
+   Returned Message Element message elements is included, containing the
+   unrecognized message element(s).
+
+4.5.2.  Quality of Service
+
+   The CAPWAP base protocol does not provide any Quality of Service
+   (QoS) recommendations for use with the CAPWAP Data messages.  Any
+   wireless-specific CAPWAP binding specification that has QoS
+   requirements MUST define the application of QoS to the CAPWAP Data
+   messages.
+
+   The IP header also includes the Explicit Congestion Notification
+   (ECN) bits [RFC3168].  Section 9.1.1 of [RFC3168] describes two
+   levels of ECN functionality: full functionality and limited
+   functionality.  CAPWAP ACs and WTPs SHALL implement the limited
+   functionality and are RECOMMENDED to implement the full functionality
+   described in [RFC3168].
+
+
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 56]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+4.5.2.1.  Applying QoS to CAPWAP Control Message
+
+   It is recommended that CAPWAP Control messages be sent by both the AC
+   and the WTP with an appropriate Quality-of-Service precedence value,
+   ensuring that congestion in the network minimizes occurrences of
+   CAPWAP Control channel disconnects.  Therefore, a QoS-enabled CAPWAP
+   device SHOULD use the following values:
+
+   802.1Q:   The priority tag of 7 SHOULD be used.
+
+   DSCP:   The CS6 per-hop behavior Service Class SHOULD be used, which
+      is described in [RFC2474]).
+
+4.5.3.  Retransmissions
+
+   The CAPWAP Control protocol operates as a reliable transport.  For
+   each Request message, a Response message is defined, which is used to
+   acknowledge receipt of the Request message.  In addition, the control
+   header Sequence Number field is used to pair the Request and Response
+   messages (see Section 4.5.1).
+
+   Response messages are not explicitly acknowledged; therefore, if a
+   Response message is not received, the original Request message is
+   retransmitted.
+
+   Implementations MUST keep track of the sequence number of the last
+   received Request message, and MUST cache the corresponding Response
+   message.  If a retransmission with the same sequence number is
+   received, the cached Response message MUST be retransmitted without
+   re-processing the Request.  If an older Request message is received,
+   meaning one where the sequence number is smaller, it MUST be ignored.
+   A newer Request message, meaning one whose sequence number is larger,
+   is processed as usual.
+
+   Note: A sequence number is considered "smaller" when s1 is smaller
+   than s2 modulo 256 if and only if (s1<s2 and (s2-s1)<128) or
+   (s1>s2 and (s1-s2)>128).
+
+   Both the WTP and the AC can only have a single request outstanding at
+   any given time.  Retransmitted Request messages MUST NOT be altered
+   by the sender.
+
+   After transmitting a Request message, the RetransmitInterval (see
+   Section 4.7) timer and MaxRetransmit (see Section 4.8) variable are
+   used to determine if the original Request message needs to be
+   retransmitted.  The RetransmitInterval timer is used the first time
+   the Request is retransmitted.  The timer is then doubled every
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 57]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   subsequent time the same Request message is retransmitted, up to
+   MaxRetransmit but no more than half the EchoInterval timer (see
+   Section 4.7.7).  Response messages are not subject to these timers.
+
+   If the sender stops retransmitting a Request message before reaching
+   MaxRetransmit retransmissions (which leads to transition to DTLS
+   Teardown, as described in Section 2.3.1), it cannot know whether the
+   recipient received and processed the Request or not.  In most
+   situations, the sender SHOULD NOT do this, and instead continue
+   retransmitting until a Response message is received, or transition to
+   DTLS Teardown occurs.  However, if the sender does decide to continue
+   the connection with a new or modified Request message, the new
+   message MUST have a new sequence number, and be treated as a new
+   Request message by the receiver.  Note that there is a high chance
+   that both the WTP and the AC's sequence numbers will become out of
+   sync.
+
+   When a Request message is retransmitted, it MUST be re-encrypted via
+   the DTLS stack.  If the peer had received the Request message, and
+   the corresponding Response message was lost, it is necessary to
+   ensure that retransmitted Request messages are not identified as
+   replays by the DTLS stack.  Similarly, any cached Response messages
+   that are retransmitted as a result of receiving a retransmitted
+   Request message MUST be re-encrypted via DTLS.
+
+   Duplicate Response messages, identified by the Sequence Number field
+   in the CAPWAP Control message header, SHOULD be discarded upon
+   receipt.
+
+4.6.  CAPWAP Protocol Message Elements
+
+   This section defines the CAPWAP Protocol message elements that are
+   included in CAPWAP protocol control messages.
+
+   Message elements are used to carry information needed in control
+   messages.  Every message element is identified by the Type Value
+   field, defined below.  The total length of the message elements is
+   indicated in the message element's length field.
+
+   All of the message element definitions in this document use a diagram
+   similar to the one below in order to depict its format.  Note that to
+   simplify this specification, these diagrams do not include the header
+   fields (Type and Length).  The header field values are defined in the
+   message element descriptions.
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 58]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Unless otherwise specified, a control message that lists a set of
+   supported (or expected) message elements MUST NOT expect the message
+   elements to be in any specific order.  The sender MAY include the
+   message elements in any order.  Unless otherwise noted, one message
+   element of each type is present in a given control message.
+
+   Unless otherwise specified, any configuration information sent by the
+   AC to the WTP MAY be saved to non-volatile storage (see Section 8.1)
+   for more information).
+
+   Additional message elements may be defined in separate IETF
+   documents.
+
+   The format of a message element uses the TLV format shown here:
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |              Type             |             Length            |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Value ...   |
+     +-+-+-+-+-+-+-+-+
+
+   The 16-bit Type field identifies the information carried in the Value
+   field and Length (16 bits) indicates the number of bytes in the Value
+   field.  The value of zero (0) is reserved and MUST NOT be used.  The
+   rest of the Type field values are allocated as follows:
+
+              Usage                              Type Values
+
+   CAPWAP Protocol Message Elements                   1 - 1023
+   IEEE 802.11 Message Elements                    1024 - 2047
+   Reserved for Future Use                         2048 - 3071
+   EPCGlobal Message Elements                      3072 - 4095
+   Reserved for Future Use                         4096 - 65535
+
+   The table below lists the CAPWAP protocol Message Elements and their
+   Type values.
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 59]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   CAPWAP Message Element                            Type Value
+
+   AC Descriptor                                         1
+   AC IPv4 List                                          2
+   AC IPv6 List                                          3
+   AC Name                                               4
+   AC Name with Priority                                 5
+   AC Timestamp                                          6
+   Add MAC ACL Entry                                     7
+   Add Station                                           8
+   Reserved                                              9
+   CAPWAP Control IPV4 Address                          10
+   CAPWAP Control IPV6 Address                          11
+   CAPWAP Local IPV4 Address                            30
+   CAPWAP Local IPV6 Address                            50
+   CAPWAP Timers                                        12
+   CAPWAP Transport Protocol                            51
+   Data Transfer Data                                   13
+   Data Transfer Mode                                   14
+   Decryption Error Report                              15
+   Decryption Error Report Period                       16
+   Delete MAC ACL Entry                                 17
+   Delete Station                                       18
+   Reserved                                             19
+   Discovery Type                                       20
+   Duplicate IPv4 Address                               21
+   Duplicate IPv6 Address                               22
+   ECN Support                                          53
+   Idle Timeout                                         23
+   Image Data                                           24
+   Image Identifier                                     25
+   Image Information                                    26
+   Initiate Download                                    27
+   Location Data                                        28
+   Maximum Message Length                               29
+   MTU Discovery Padding                                52
+   Radio Administrative State                           31
+   Radio Operational State                              32
+   Result Code                                          33
+   Returned Message Element                             34
+   Session ID                                           35
+   Statistics Timer                                     36
+   Vendor Specific Payload                              37
+   WTP Board Data                                       38
+   WTP Descriptor                                       39
+   WTP Fallback                                         40
+   WTP Frame Tunnel Mode                                41
+   Reserved                                             42
+
+
+
+Calhoun, et al.             Standards Track                    [Page 60]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Reserved                                             43
+   WTP MAC Type                                         44
+   WTP Name                                             45
+   Unused/Reserved                                      46
+   WTP Radio Statistics                                 47
+   WTP Reboot Statistics                                48
+   WTP Static IP Address Information                    49
+
+4.6.1.  AC Descriptor
+
+   The AC Descriptor message element is used by the AC to communicate
+   its current state.  The value contains the following fields.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |            Stations           |             Limit             |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |          Active WTPs          |            Max WTPs           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |    Security   |  R-MAC Field  |   Reserved1   |  DTLS Policy  |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                  AC Information Sub-Element...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   1 for AC Descriptor
+
+   Length:   >= 12
+
+   Stations:   The number of stations currently served by the AC
+
+   Limit:   The maximum number of stations supported by the AC
+
+   Active WTPs:   The number of WTPs currently attached to the AC
+
+   Max WTPs:   The maximum number of WTPs supported by the AC
+
+   Security:   An 8-bit mask specifying the authentication credential
+      type supported by the AC (see Section 2.4.4).  The field has the
+      following format:
+
+         0 1 2 3 4 5 6 7
+        +-+-+-+-+-+-+-+-+
+        |Reserved |S|X|R|
+        +-+-+-+-+-+-+-+-+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 61]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+      Reserved:  A set of reserved bits for future use.  All
+         implementations complying with this protocol MUST set to zero
+         any bits that are reserved in the version of the protocol
+         supported by that implementation.  Receivers MUST ignore all
+         bits not defined for the version of the protocol they support.
+
+      S:    The AC supports the pre-shared secret authentication, as
+            described in Section 12.6.
+
+      X:    The AC supports X.509 Certificate authentication, as
+            described in Section 12.7.
+
+      R:    A reserved bit for future use.  All implementations
+            complying with this protocol MUST set to zero any bits that
+            are reserved in the version of the protocol supported by
+            that implementation.  Receivers MUST ignore all bits not
+            defined for the version of the protocol they support.
+
+   R-MAC Field:   The AC supports the optional Radio MAC Address field
+      in the CAPWAP transport header (see Section 4.3).  The following
+      enumerated values are supported:
+
+      0 -  Reserved
+
+      1 -  Supported
+
+      2 -  Not Supported
+
+   Reserved:  A set of reserved bits for future use.  All
+      implementations complying with this protocol MUST set to zero any
+      bits that are reserved in the version of the protocol supported by
+      that implementation.  Receivers MUST ignore all bits not defined
+      for the version of the protocol they support.
+
+   DTLS Policy:   The AC communicates its policy on the use of DTLS for
+      the CAPWAP data channel.  The AC MAY communicate more than one
+      supported option, represented by the bit field below.  The WTP
+      MUST abide by one of the options communicated by AC.  The field
+      has the following format:
+
+         0 1 2 3 4 5 6 7
+        +-+-+-+-+-+-+-+-+
+        |Reserved |D|C|R|
+        +-+-+-+-+-+-+-+-+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 62]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+      Reserved:  A set of reserved bits for future use.  All
+         implementations complying with this protocol MUST set to zero
+         any bits that are reserved in the version of the protocol
+         supported by that implementation.  Receivers MUST ignore all
+         bits not defined for the version of the protocol they support.
+
+      D:    DTLS-Enabled Data Channel Supported
+
+      C:    Clear Text Data Channel Supported
+
+      R:    A reserved bit for future use.  All implementations
+            complying with this protocol MUST set to zero any bits that
+            are reserved in the version of the protocol supported by
+            that implementation.  Receivers MUST ignore all bits not
+            defined for the version of the protocol they support.
+
+   AC Information Sub-Element:   The AC Descriptor message element
+      contains multiple AC Information sub-elements, and defines two
+      sub-types, each of which MUST be present.  The AC Information sub-
+      element has the following format:
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                AC Information Vendor Identifier               |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |      AC Information Type      |     AC Information Length     |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                     AC Information Data...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+      AC Information Vendor Identifier:   A 32-bit value containing the
+         IANA-assigned "Structure of Management Information (SMI)
+         Network Management Private Enterprise Codes".
+
+      AC Information Type:   Vendor-specific encoding of AC information
+         in the UTF-8 format [RFC3629].  The following enumerated values
+         are supported.  Both the Hardware and Software Version sub-
+         elements MUST be included in the AC Descriptor message element.
+         The values listed below are used in conjunction with the AC
+         Information Vendor Identifier field, whose value MUST be set to
+         zero (0).  This field, combined with the AC Information Vendor
+         Identifier set to a non-zero (0) value, allows vendors to use a
+         private namespace.
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 63]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+         4 -   Hardware Version: The AC's hardware version number.
+
+         5 -   Software Version: The AC's Software (firmware) version
+               number.
+
+      AC Information Length:   Length of vendor-specific encoding of AC
+         information, with a maximum size of 1024.
+
+      AC Information Data:   Vendor-specific encoding of AC information.
+
+4.6.2.  AC IPv4 List
+
+   The AC IPv4 List message element is used to configure a WTP with the
+   latest list of ACs available for the WTP to join.
+
+
+        0                   1                   2                   3
+        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |                       AC IP Address[]                         |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   2 for AC IPv4 List
+
+   Length:   >= 4
+
+   AC IP Address:   An array of 32-bit integers containing AC IPv4
+      Addresses, containing no more than 1024 addresses.
+
+4.6.3.  AC IPv6 List
+
+   The AC IPv6 List message element is used to configure a WTP with the
+   latest list of ACs available for the WTP to join.
+
+
+        0                   1                   2                   3
+        0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |                       AC IP Address[]                         |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |                       AC IP Address[]                         |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |                       AC IP Address[]                         |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |                       AC IP Address[]                         |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 64]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Type:   3 for AC IPV6 List
+
+   Length:   >= 16
+
+   AC IP Address:   An array of 128-bit integers containing AC IPv6
+      Addresses, containing no more than 1024 addresses.
+
+4.6.4.  AC Name
+
+   The AC Name message element contains an UTF-8 [RFC3629]
+   representation of the AC identity.  The value is a variable-length
+   byte string.  The string is NOT zero terminated.
+
+      0
+      0 1 2 3 4 5 6 7
+     +-+-+-+-+-+-+-+-+
+     |   Name ...
+     +-+-+-+-+-+-+-+-+
+
+   Type:   4 for AC Name
+
+   Length:   >= 1
+
+   Name:   A variable-length UTF-8 encoded string [RFC3629] containing
+      the AC's name, whose maximum size MUST NOT exceed 512 bytes.
+
+4.6.5.  AC Name with Priority
+
+   The AC Name with Priority message element is sent by the AC to the
+   WTP to configure preferred ACs.  The number of instances of this
+   message element is equal to the number of ACs configured on the WTP.
+   The WTP also uses this message element to send its configuration to
+   the AC.
+
+      0                   1
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Priority  |   AC Name...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   5 for AC Name with Priority
+
+   Length:   >= 2
+
+   Priority:   A value between 1 and 255 specifying the priority order
+      of the preferred AC.  For instance, the value of one (1) is used
+      to set the primary AC, the value of two (2) is used to set the
+      secondary, etc.
+
+
+
+Calhoun, et al.             Standards Track                    [Page 65]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   AC Name:   A variable-length UTF-8 encoded string [RFC3629]
+      containing the AC name, whose maximum size MUST NOT exceed 512
+      bytes.
+
+4.6.6.  AC Timestamp
+
+   The AC Timestamp message element is sent by the AC to synchronize the
+   WTP clock.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           Timestamp                           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   6 for AC Timestamp
+
+   Length:   4
+
+   Timestamp:   The AC's current time, allowing all of the WTPs to be
+      time synchronized in the format defined by Network Time Protocol
+      (NTP) in RFC 1305 [RFC1305].  Only the most significant 32 bits of
+      the NTP time are included in this field.
+
+4.6.7.  Add MAC ACL Entry
+
+   The Add MAC Access Control List (ACL) Entry message element is used
+   by an AC to add a MAC ACL list entry on a WTP, ensuring that the WTP
+   no longer provides service to the MAC addresses provided in the
+   message.  The MAC addresses provided in this message element are not
+   expected to be saved in non-volatile memory on the WTP.  The MAC ACL
+   table on the WTP is cleared every time the WTP establishes a new
+   session with an AC.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     | Num of Entries|    Length     |         MAC Address ...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   7 for Add MAC ACL Entry
+
+   Length:   >= 8
+
+   Num of Entries:   The number of instances of the Length/MAC Address
+      fields in the array.  This value MUST NOT exceed 255.
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 66]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Length:  The length of the MAC Address field.  The formats and
+      lengths specified in [EUI-48] and [EUI-64] are supported.
+
+   MAC Address:   MAC addresses to add to the ACL.
+
+4.6.8.  Add Station
+
+   The Add Station message element is used by the AC to inform a WTP
+   that it should forward traffic for a station.  The Add Station
+   message element is accompanied by technology-specific binding
+   information element(s), which may include security parameters.
+   Consequently, the security parameters MUST be applied by the WTP for
+   the station.
+
+   After station policy has been delivered to the WTP through the Add
+   Station message element, an AC MAY change any policies by sending a
+   modified Add Station message element.  When a WTP receives an Add
+   Station message element for an existing station, it MUST override any
+   existing state for the station.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |    Radio ID   |     Length    |          MAC Address ...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |  VLAN Name...
+     +-+-+-+-+-+-+-+-+
+
+   Type:   8 for Add Station
+
+   Length:   >= 8
+
+   Radio ID:   An 8-bit value representing the radio, whose value is
+      between one (1) and 31.
+
+   Length:  The length of the MAC Address field.  The formats and
+      lengths specified in [EUI-48] and [EUI-64] are supported.
+
+   MAC Address:   The station's MAC address.
+
+   VLAN Name:   An optional variable-length UTF-8 encoded string
+      [RFC3629], with a maximum length of 512 octets, containing the
+      VLAN Name on which the WTP is to locally bridge user data.  Note
+      this field is only valid with WTPs configured in Local MAC mode.
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 67]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+4.6.9.  CAPWAP Control IPv4 Address
+
+   The CAPWAP Control IPv4 Address message element is sent by the AC to
+   the WTP during the Discovery process and is used by the AC to provide
+   the interfaces available on the AC, and the current number of WTPs
+   connected.  When multiple CAPWAP Control IPV4 Address message
+   elements are returned, the WTP SHOULD perform load balancing across
+   the multiple interfaces (see Section 6.1).
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           IP Address                          |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |           WTP Count           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   10 for CAPWAP Control IPv4 Address
+
+   Length:   6
+
+   IP Address:   The IP address of an interface.
+
+   WTP Count:   The number of WTPs currently connected to the interface,
+      with a maximum value of 65535.
+
+4.6.10.  CAPWAP Control IPv6 Address
+
+   The CAPWAP Control IPv6 Address message element is sent by the AC to
+   the WTP during the Discovery process and is used by the AC to provide
+   the interfaces available on the AC, and the current number of WTPs
+   connected.  This message element is useful for the WTP to perform
+   load balancing across multiple interfaces (see Section 6.1).
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           IP Address                          |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           IP Address                          |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           IP Address                          |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           IP Address                          |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |           WTP Count           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 68]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Type:   11 for CAPWAP Control IPv6 Address
+
+   Length:   18
+
+   IP Address:   The IP address of an interface.
+
+   WTP Count:   The number of WTPs currently connected to the interface,
+      with a maximum value of 65535.
+
+4.6.11.  CAPWAP Local IPv4 Address
+
+   The CAPWAP Local IPv4 Address message element is sent by either the
+   WTP, in the Join Request, or by the AC, in the Join Response.  The
+   CAPWAP Local IPv4 Address message element is used to communicate the
+   IP Address of the transmitter.  The receiver uses this to determine
+   whether a middlebox exists between the two peers, by comparing the
+   source IP address of the packet against the value of the message
+   element.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           IP Address                          |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   30 for CAPWAP Local IPv4 Address
+
+   Length:   4
+
+   IP Address:   The IP address of the sender.
+
+4.6.12.  CAPWAP Local IPv6 Address
+
+   The CAPWAP Local IPv6 Address message element is sent by either the
+   WTP, in the Join Request, or by the AC, in the Join Response.  The
+   CAPWAP Local IPv6 Address message element is used to communicate the
+   IP Address of the transmitter.  The receiver uses this to determine
+   whether a middlebox exists between the two peers, by comparing the
+   source IP address of the packet against the value of the message
+   element.
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 69]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           IP Address                          |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           IP Address                          |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           IP Address                          |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           IP Address                          |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   50 for CAPWAP Local IPv6 Address
+
+   Length:   16
+
+   IP Address:   The IP address of the sender.
+
+4.6.13.  CAPWAP Timers
+
+   The CAPWAP Timers message element is used by an AC to configure
+   CAPWAP timers on a WTP.
+
+      0                   1
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Discovery   | Echo Request  |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   12 for CAPWAP Timers
+
+   Length:   2
+
+   Discovery:   The number of seconds between CAPWAP Discovery messages,
+      when the WTP is in the Discovery phase.  This value is used to
+      configure the MaxDiscoveryInterval timer (see Section 4.7.10).
+
+   Echo Request:   The number of seconds between WTP Echo Request CAPWAP
+      messages.  This value is used to configure the EchoInterval timer
+      (see Section 4.7.7).  The AC sets its EchoInterval timer to this
+      value, plus the maximum retransmission time as described in
+      Section 4.5.3.
+
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 70]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+4.6.14.  CAPWAP Transport Protocol
+
+   When CAPWAP is run over IPv6, the UDP-Lite or UDP transports MAY be
+   used (see Section 3).  The CAPWAP IPv6 Transport Protocol message
+   element is used by either the WTP or the AC to signal which transport
+   protocol is to be used for the CAPWAP data channel.
+
+   Upon receiving the Join Request, the AC MAY set the CAPWAP Transport
+   Protocol to UDP-Lite in the Join Response message if the CAPWAP
+   message was received over IPv6, and the CAPWAP Local IPv6 Address
+   message element (see Section 4.6.12) is present and no middlebox was
+   detected (see Section 11).
+
+   Upon receiving the Join Response, the WTP MAY set the CAPWAP
+   Transport Protocol to UDP-Lite in the Configuration Status Request or
+   Image Data Request message if the AC advertised support for UDP-Lite,
+   the message was received over IPv6, the CAPWAP Local IPv6 Address
+   message element (see Section 4.6.12) and no middlebox was detected
+   (see Section 11).  Upon receiving either the Configuration Status
+   Request or the Image Data Request, the AC MUST observe the preference
+   indicated by the WTP in the CAPWAP Transport Protocol, as long as it
+   is consistent with what the AC advertised in the Join Response.
+
+   For any other condition, the CAPWAP Transport Protocol MUST be set to
+   UDP.
+
+      0
+      0 1 2 3 4 5 6 7
+     +-+-+-+-+-+-+-+-+
+     |   Transport   |
+     +-+-+-+-+-+-+-+-+
+
+   Type:   51 for CAPWAP Transport Protocol
+
+   Length:   1
+
+   Transport:   The transport to use for the CAPWAP Data channel.  The
+      following enumerated values are supported:
+
+      1 -   UDP-Lite: The UDP-Lite transport protocol is to be used for
+            the CAPWAP Data channel.  Note that this option MUST NOT be
+            used if the CAPWAP Control channel is being used over IPv4.
+
+      2 -   UDP: The UDP transport protocol is to be used for the CAPWAP
+            Data channel.
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 71]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+4.6.15.  Data Transfer Data
+
+   The Data Transfer Data message element is used by the WTP to provide
+   information to the AC for debugging purposes.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Data Type   |   Data Mode   |         Data Length           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Data ....
+     +-+-+-+-+-+-+-+-+
+
+   Type:   13 for Data Transfer Data
+
+   Length:   >= 5
+
+   Data Type:   An 8-bit value representing the transfer Data Type.  The
+      following enumerated values are supported:
+
+      1 -  Transfer data is included.
+
+      2 -  Last Transfer Data Block is included (End of File (EOF)).
+
+      5 -  An error occurred.  Transfer is aborted.
+
+   Data Mode:   An 8-bit value describing the type of information being
+      transmitted.  The following enumerated values are supported:
+
+      0 -  Reserved
+
+      1 -  WTP Crash Data
+
+      2 -  WTP Memory Dump
+
+   Data Length:   Length of data field, with a maximum size of 65535.
+
+   Data:   Data being transferred from the WTP to the AC, whose type is
+      identified via the Data Mode field.
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 72]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+4.6.16.  Data Transfer Mode
+
+   The Data Transfer Mode message element is used by the WTP to indicate
+   the type of data transfer information it is sending to the AC for
+   debugging purposes.
+
+      0
+      0 1 2 3 4 5 6 7
+     +-+-+-+-+-+-+-+-+
+     |   Data Mode   |
+     +-+-+-+-+-+-+-+-+
+
+   Type:   14 for Data Transfer Mode
+
+   Length:   1
+
+   Data Mode:   An 8-bit value describing the type of information being
+      requested.  The following enumerated values are supported:
+
+      0 -  Reserved
+
+      1 -  WTP Crash Data
+
+      2 -  WTP Memory Dump
+
+4.6.17.  Decryption Error Report
+
+   The Decryption Error Report message element value is used by the WTP
+   to inform the AC of decryption errors that have occurred since the
+   last report.  Note that this error reporting mechanism is not used if
+   encryption and decryption services are provided in the AC.
+
+      0                   1                   2
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Radio ID    |Num Of Entries |     Length    | MAC Address...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   15 for Decryption Error Report
+
+   Length:   >= 9
+
+   Radio ID:   The Radio Identifier refers to an interface index on the
+      WTP, whose value is between one (1) and 31.
+
+   Num of Entries:   The number of instances of the Length/MAC Address
+      fields in the array.  This field MUST NOT exceed the value of 255.
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 73]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Length:  The length of the MAC Address field.  The formats and
+      lengths specified in [EUI-48] and [EUI-64] are supported.
+
+   MAC Address:   MAC address of the station that has caused decryption
+      errors.
+
+4.6.18.  Decryption Error Report Period
+
+   The Decryption Error Report Period message element value is used by
+   the AC to inform the WTP how frequently it should send decryption
+   error report messages.  Note that this error reporting mechanism is
+   not used if encryption and decryption services are provided in the
+   AC.
+
+      0                   1                   2
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Radio ID    |        Report Interval        |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   16 for Decryption Error Report Period
+
+   Length:   3
+
+   Radio ID:   The Radio Identifier refers to an interface index on the
+      WTP, whose value is between one (1) and 31.
+
+   Report Interval:   A 16-bit unsigned integer indicating the time, in
+      seconds.  The default value for this message element can be found
+      in Section 4.7.11.
+
+4.6.19.  Delete MAC ACL Entry
+
+   The Delete MAC ACL Entry message element is used by an AC to delete a
+   MAC ACL entry on a WTP, ensuring that the WTP provides service to the
+   MAC addresses provided in the message.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     | Num of Entries|     Length    |          MAC Address ...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   17 for Delete MAC ACL Entry
+
+   Length:   >= 8
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 74]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Num of Entries:   The number of instances of the Length/MAC Address
+      fields in the array.  This field MUST NOT exceed the value of 255.
+
+   Length:  The length of the MAC Address field.  The formats and
+      lengths specified in [EUI-48] and [EUI-64] are supported.
+
+   MAC Address:   An array of MAC addresses to delete from the ACL.
+
+4.6.20.  Delete Station
+
+   The Delete Station message element is used by the AC to inform a WTP
+   that it should no longer provide service to a particular station.
+   The WTP MUST terminate service to the station immediately upon
+   receiving this message element.
+
+   The transmission of a Delete Station message element could occur for
+   various reasons, including for administrative reasons, or if the
+   station has roamed to another WTP.
+
+   The Delete Station message element MAY be sent by the WTP, in the WTP
+   Event Request message, to inform the AC that a particular station is
+   no longer being provided service.  This could occur as a result of an
+   Idle Timeout (see section 4.4.43), due to internal resource shortages
+   or for some other reason.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |    Radio ID   |     Length    |        MAC Address...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   18 for Delete Station
+
+   Length:   >= 8
+
+   Radio ID:   An 8-bit value representing the radio, whose value is
+      between one (1) and 31.
+
+   Length:  The length of the MAC Address field.  The formats and
+      lengths specified in [EUI-48] and [EUI-64] are supported.
+
+   MAC Address:   The station's MAC address.
+
+4.6.21.  Discovery Type
+
+   The Discovery Type message element is used by the WTP to indicate how
+   it has come to know about the existence of the AC to which it is
+   sending the Discovery Request message.
+
+
+
+Calhoun, et al.             Standards Track                    [Page 75]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+      0
+      0 1 2 3 4 5 6 7
+     +-+-+-+-+-+-+-+-+
+     | Discovery Type|
+     +-+-+-+-+-+-+-+-+
+
+   Type:   20 for Discovery Type
+
+   Length:   1
+
+   Discovery Type:   An 8-bit value indicating how the WTP discovered
+      the AC.  The following enumerated values are supported:
+
+      0 -   Unknown
+
+      1 -   Static Configuration
+
+      2 -   DHCP
+
+      3 -   DNS
+
+      4 -   AC Referral (used when the AC was configured either through
+            the AC IPv4 List or AC IPv6 List message element)
+
+4.6.22.  Duplicate IPv4 Address
+
+   The Duplicate IPv4 Address message element is used by a WTP to inform
+   an AC that it has detected another IP device using the same IP
+   address that the WTP is currently using.
+
+   The WTP MUST transmit this message element with the status set to 1
+   after it has detected a duplicate IP address.  When the WTP detects
+   that the duplicate IP address has been cleared, it MUST send this
+   message element with the status set to 0.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                          IP Address                           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |     Status    |     Length    |          MAC Address ...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   21 for Duplicate IPv4 Address
+
+   Length:   >= 12
+
+   IP Address:   The IP address currently used by the WTP.
+
+
+
+Calhoun, et al.             Standards Track                    [Page 76]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Status:   The status of the duplicate IP address.  The value MUST be
+      set to 1 when a duplicate address is detected, and 0 when the
+      duplicate address has been cleared.
+
+   Length:  The length of the MAC Address field.  The formats and
+      lengths specified in [EUI-48] and [EUI-64] are supported.
+
+   MAC Address:   The MAC address of the offending device.
+
+4.6.23.  Duplicate IPv6 Address
+
+   The Duplicate IPv6 Address message element is used by a WTP to inform
+   an AC that it has detected another host using the same IP address
+   that the WTP is currently using.
+
+   The WTP MUST transmit this message element with the status set to 1
+   after it has detected a duplicate IP address.  When the WTP detects
+   that the duplicate IP address has been cleared, it MUST send this
+   message element with the status set to 0.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                          IP Address                           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                          IP Address                           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                          IP Address                           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                          IP Address                           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |     Status    |     Length    |         MAC Address ...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   22 for Duplicate IPv6 Address
+
+   Length:   >= 24
+
+   IP Address:   The IP address currently used by the WTP.
+
+   Status:   The status of the duplicate IP address.  The value MUST be
+      set to 1 when a duplicate address is detected, and 0 when the
+      duplicate address has been cleared.
+
+   Length:  The length of the MAC Address field.  The formats and
+      lengths specified in [EUI-48] and [EUI-64] are supported.
+
+   MAC Address:   The MAC address of the offending device.
+
+
+
+Calhoun, et al.             Standards Track                    [Page 77]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+4.6.24.  Idle Timeout
+
+   The Idle Timeout message element is sent by the AC to the WTP to
+   provide the Idle Timeout value that the WTP SHOULD enforce for its
+   active stations.  The value applies to all radios on the WTP.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                            Timeout                            |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   23 for Idle Timeout
+
+   Length:   4
+
+   Timeout:   The current Idle Timeout, in seconds, to be enforced by
+      the WTP.  The default value for this message element is specified
+      in Section 4.7.8.
+
+4.6.25.  ECN Support
+
+   The ECN Support message element is sent by both the WTP and the AC to
+   indicate their support for the Explicit Congestion Notification (ECN)
+   bits, as defined in [RFC3168].
+
+      0
+      0 1 2 3 4 5 6 7
+     +-+-+-+-+-+-+-+-+
+     |  ECN Support  |
+     +-+-+-+-+-+-+-+-+
+
+   Type:   53 for ECN Support
+
+   Length:   1
+
+   ECN Support:   An 8-bit value representing the sender's support for
+      ECN, as defined in [RFC3168].  All CAPWAP Implementations MUST
+      support the Limited ECN Support mode.  Full ECN Support is used if
+      both the WTP and AC advertise the capability for "Full and Limited
+      ECN" Support; otherwise, Limited ECN Support is used.
+
+      0 -  Limited ECN Support
+
+      1 -  Full and Limited ECN Support
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 78]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+4.6.26.  Image Data
+
+   The Image Data message element is present in the Image Data Request
+   message sent by the AC and contains the following fields.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Data Type   |                    Data ....
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   24 for Image Data
+
+   Length:   >= 1
+
+   Data Type:   An 8-bit value representing the image Data Type.  The
+      following enumerated values are supported:
+
+      1 -  Image data is included.
+
+      2 -  Last Image Data Block is included (EOF).
+
+      5 -  An error occurred.  Transfer is aborted.
+
+   Data:   The Image Data field contains up to 1024 characters, and its
+      length is inferred from this message element's length field.  If
+      the block being sent is the last one, the Data Type field is set
+      to 2.  The AC MAY opt to abort the data transfer by setting the
+      Data Type field to 5.  When the Data Type field is 5, the Value
+      field has a zero length.
+
+4.6.27.  Image Identifier
+
+   The Image Identifier message element is sent by the AC to the WTP to
+   indicate the expected active software version that is to be run on
+   the WTP.  The WTP sends the Image Identifier message element in order
+   to request a specific software version from the AC.  The actual
+   download process is defined in Section 9.1.  The value is a variable-
+   length UTF-8 encoded string [RFC3629], which is NOT zero terminated.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                       Vendor Identifier                       |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                             Data...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 79]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Type:   25 for Image Identifier
+
+   Length:   >= 5
+
+   Vendor Identifier:   A 32-bit value containing the IANA-assigned "SMI
+      Network Management Private Enterprise Codes".
+
+   Data:   A variable-length UTF-8 encoded string [RFC3629] containing
+      the firmware identifier to be run on the WTP, whose length MUST
+      NOT exceed 1024 octets.  The length of this field is inferred from
+      this message element's length field.
+
+4.6.28.  Image Information
+
+   The Image Information message element is present in the Image Data
+   Response message sent by the AC to the WTP and contains the following
+   fields.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           File Size                           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                              Hash                             |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                              Hash                             |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                              Hash                             |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                              Hash                             |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   26 for Image Information
+
+   Length:   20
+
+   File Size:   A 32-bit value containing the size of the file, in
+      bytes, that will be transferred by the AC to the WTP.
+
+   Hash:   A 16-octet MD5 hash of the image using the procedures defined
+      in [RFC1321].
+
+
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 80]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+4.6.29.  Initiate Download
+
+   The Initiate Download message element is used by the WTP to inform
+   the AC that the AC SHOULD initiate a firmware upgrade.  The AC
+   subsequently transmits an Image Data Request message, which includes
+   the Image Data message element.  This message element does not
+   contain any data.
+
+   Type:   27 for Initiate Download
+
+   Length:   0
+
+4.6.30.  Location Data
+
+   The Location Data message element is a variable-length byte UTF-8
+   encoded string [RFC3629] containing user-defined location information
+   (e.g., "Next to Fridge").  This information is configurable by the
+   network administrator, and allows the WTP location to be determined.
+   The string is not zero terminated.
+
+      0
+      0 1 2 3 4 5 6 7
+     +-+-+-+-+-+-+-+-+-
+     | Location ...
+     +-+-+-+-+-+-+-+-+-
+
+   Type:   28 for Location Data
+
+   Length:   >= 1
+
+   Location:   A non-zero-terminated UTF-8 encoded string [RFC3629]
+      containing the WTP location, whose maximum size MUST NOT exceed
+      1024.
+
+4.6.31.  Maximum Message Length
+
+   The Maximum Message Length message element is included in the Join
+   Request message by the WTP to indicate the maximum CAPWAP message
+   length that it supports to the AC.  The Maximum Message Length
+   message element is optionally included in Join Response message by
+   the AC to indicate the maximum CAPWAP message length that it supports
+   to the WTP.
+
+         0              1
+         0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+        |    Maximum Message Length     |
+        +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 81]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Type:   29 for Maximum Message Length
+
+   Length:   2
+
+   Maximum Message Length  A 16-bit unsigned integer indicating the
+      maximum message length.
+
+4.6.32.  MTU Discovery Padding
+
+   The MTU Discovery Padding message element is used as padding to
+   perform MTU discovery, and MUST contain octets of value 0xFF, of any
+   length.
+
+      0
+      0 1 2 3 4 5 6 7
+     +-+-+-+-+-+-+-+-+
+     |  Padding...
+     +-+-+-+-+-+-+-+-
+
+
+   Type:   52 for MTU Discovery Padding
+
+   Length:   Variable
+
+   Pad:   A variable-length pad, filled with the value 0xFF.
+
+4.6.33.  Radio Administrative State
+
+   The Radio Administrative State message element is used to communicate
+   the state of a particular radio.  The Radio Administrative State
+   message element is sent by the AC to change the state of the WTP.
+   The WTP saves the value, to ensure that it remains across WTP resets.
+   The WTP communicates this message element during the configuration
+   phase, in the Configuration Status Request message, to ensure that
+   the AC has the WTP radio current administrative state settings.  The
+   message element contains the following fields:
+
+         0                   1
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Radio ID    |  Admin State  |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   31 for Radio Administrative State
+
+   Length:   2
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 82]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Radio ID:   An 8-bit value representing the radio to configure, whose
+      value is between one (1) and 31.  The Radio ID field MAY also
+      include the value of 0xff, which is used to identify the WTP.  If
+      an AC wishes to change the administrative state of a WTP, it
+      includes 0xff in the Radio ID field.
+
+   Admin State:   An 8-bit value representing the administrative state
+      of the radio.  The default value for the Admin State field is
+      listed in Section 4.8.1.  The following enumerated values are
+      supported:
+
+      0 -  Reserved
+
+      1 -  Enabled
+
+      2 -  Disabled
+
+4.6.34.  Radio Operational State
+
+   The Radio Operational State message element is sent by the WTP to the
+   AC to communicate a radio's operational state.  This message element
+   is included in the Configuration Update Response message by the WTP
+   if it was requested to change the state of its radio, via the Radio
+   Administrative State message element, but was unable to comply to the
+   request.  This message element is included in the Change State Event
+   message when a WTP radio state was changed unexpectedly.  This could
+   occur due to a hardware failure.  Note that the operational state
+   setting is not saved on the WTP, and therefore does not remain across
+   WTP resets.  The value contains three fields, as shown below.
+
+      0                   1                   2
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Radio ID    |     State     |     Cause     |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   32 for Radio Operational State
+
+   Length:   3
+
+   Radio ID:   The Radio Identifier refers to an interface index on the
+      WTP, whose value is between one (1) and 31.  A value of 0xFF is
+      invalid, as it is not possible to change the WTP's operational
+      state.
+
+   State:   An 8-bit Boolean value representing the state of the radio.
+      The following enumerated values are supported:
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 83]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+      0 -  Reserved
+
+      1 -  Enabled
+
+      2 -  Disabled
+
+   Cause:   When a radio is inoperable, the cause field contains the
+      reason the radio is out of service.  The following enumerated
+      values are supported:
+
+      0 -  Normal
+
+      1 -  Radio Failure
+
+      2 -  Software Failure
+
+      3 -  Administratively Set
+
+4.6.35.  Result Code
+
+   The Result Code message element value is a 32-bit integer value,
+   indicating the result of the Request message corresponding to the
+   sequence number included in the Response message.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                         Result Code                           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   33 for Result Code
+
+   Length:   4
+
+   Result Code:   The following enumerated values are defined:
+
+      0  Success
+
+      1  Failure (AC List Message Element MUST Be Present)
+
+      2  Success (NAT Detected)
+
+      3  Join Failure (Unspecified)
+
+      4  Join Failure (Resource Depletion)
+
+      5  Join Failure (Unknown Source)
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 84]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+      6  Join Failure (Incorrect Data)
+
+      7  Join Failure (Session ID Already in Use)
+
+      8  Join Failure (WTP Hardware Not Supported)
+
+      9  Join Failure (Binding Not Supported)
+
+      10 Reset Failure (Unable to Reset)
+
+      11 Reset Failure (Firmware Write Error)
+
+      12 Configuration Failure (Unable to Apply Requested Configuration
+         - Service Provided Anyhow)
+
+      13 Configuration Failure (Unable to Apply Requested Configuration
+         - Service Not Provided)
+
+      14 Image Data Error (Invalid Checksum)
+
+      15 Image Data Error (Invalid Data Length)
+
+      16 Image Data Error (Other Error)
+
+      17 Image Data Error (Image Already Present)
+
+      18 Message Unexpected (Invalid in Current State)
+
+      19 Message Unexpected (Unrecognized Request)
+
+      20 Failure - Missing Mandatory Message Element
+
+      21 Failure - Unrecognized Message Element
+
+      22 Data Transfer Error (No Information to Transfer)
+
+4.6.36.  Returned Message Element
+
+   The Returned Message Element is sent by the WTP in the Change State
+   Event Request message to communicate to the AC which message elements
+   in the Configuration Status Response it was unable to apply locally.
+   The Returned Message Element message element contains a result code
+   indicating the reason that the configuration could not be applied,
+   and encapsulates the failed message element.
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 85]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |    Reason     |    Length     |       Message Element...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   34 for Returned Message Element
+
+   Length:   >= 6
+
+   Reason:   The reason the configuration in the offending message
+      element could not be applied by the WTP.  The following enumerated
+      values are supported:
+
+      0 -  Reserved
+
+      1 -  Unknown Message Element
+
+      2 -  Unsupported Message Element
+
+      3 -  Unknown Message Element Value
+
+      4 -  Unsupported Message Element Value
+
+   Length:   The length of the Message Element field, which MUST NOT
+      exceed 255 octets.
+
+   Message Element:   The Message Element field encapsulates the message
+      element sent by the AC in the Configuration Status Response
+      message that caused the error.
+
+4.6.37.  Session ID
+
+   The Session ID message element value contains a randomly generated
+   unsigned 128-bit integer.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           Session ID                          |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           Session ID                          |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           Session ID                          |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                           Session ID                          |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 86]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Type:   35 for Session ID
+
+   Length:   16
+
+   Session ID:   A 128-bit unsigned integer used as a random session
+      identifier
+
+4.6.38.  Statistics Timer
+
+   The Statistics Timer message element value is used by the AC to
+   inform the WTP of the frequency with which it expects to receive
+   updated statistics.
+
+      0                   1
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |        Statistics Timer       |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   36 for Statistics Timer
+
+   Length:   2
+
+   Statistics Timer:   A 16-bit unsigned integer indicating the time, in
+      seconds.  The default value for this timer is specified in
+      Section 4.7.14.
+
+4.6.39.  Vendor Specific Payload
+
+   The Vendor Specific Payload message element is used to communicate
+   vendor-specific information between the WTP and the AC.  The Vendor
+   Specific Payload message element MAY be present in any CAPWAP
+   message.  The exchange of vendor-specific data between the MUST NOT
+   modify the behavior of the base CAPWAP protocol and state machine.
+   The message element uses the following format:
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                       Vendor Identifier                       |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |          Element ID           |    Data...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   37 for Vendor Specific Payload
+
+   Length:   >= 7
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 87]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Vendor Identifier:   A 32-bit value containing the IANA-assigned "SMI
+      Network Management Private Enterprise Codes" [RFC3232].
+
+   Element ID:   A 16-bit Element Identifier that is managed by the
+      vendor.
+
+   Data:   Variable-length vendor-specific information, whose contents
+      and format are proprietary and understood based on the Element ID
+      field.  This field MUST NOT exceed 2048 octets.
+
+4.6.40.  WTP Board Data
+
+   The WTP Board Data message element is sent by the WTP to the AC and
+   contains information about the hardware present.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                       Vendor Identifier                       |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                   Board Data Sub-Element...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   38 for WTP Board Data
+
+   Length:   >=14
+
+   Vendor Identifier:   A 32-bit value containing the IANA-assigned "SMI
+      Network Management Private Enterprise Codes", identifying the WTP
+      hardware manufacturer.  The Vendor Identifier field MUST NOT be
+      set to zero.
+
+   Board Data Sub-Element:   The WTP Board Data message element contains
+      multiple Board Data sub-elements, some of which are mandatory and
+      some are optional, as described below.  The Board Data Type values
+      are not extensible by vendors, and are therefore not coupled along
+      with the Vendor Identifier field.  The Board Data sub-element has
+      the following format:
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |        Board Data Type        |       Board Data Length       |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                      Board Data Value...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 88]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+      Board Data Type:   The Board Data Type field identifies the data
+         being encoded.  The CAPWAP protocol defines the following
+         values, and each of these types identify whether their presence
+         is mandatory or optional:
+
+      0 -   WTP Model Number: The WTP Model Number MUST be included in
+            the WTP Board Data message element.
+
+      1 -   WTP Serial Number: The WTP Serial Number MUST be included in
+            the WTP Board Data message element.
+
+      2 -   Board ID: A hardware identifier, which MAY be included in
+            the WTP Board Data message element.
+
+      3 -   Board Revision: A revision number of the board, which MAY be
+            included in the WTP Board Data message element.
+
+      4 -   Base MAC Address: The WTP's Base MAC address, which MAY be
+            assigned to the primary Ethernet interface.
+
+   Board Data Length:   The length of the data in the Board Data Value
+      field, whose length MUST NOT exceed 1024 octets.
+
+   Board Data Value:   The data associated with the Board Data Type
+      field for this Board Data sub-element.
+
+4.6.41.  WTP Descriptor
+
+   The WTP Descriptor message element is used by a WTP to communicate
+   its current hardware and software (firmware) configuration.  The
+   value contains the following fields:
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Max Radios  | Radios in use |  Num Encrypt  |Encryp Sub-Elmt|
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |     Encryption Sub-Element    |    Descriptor Sub-Element...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   39 for WTP Descriptor
+
+   Length:   >= 33
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 89]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Max Radios:   An 8-bit value representing the number of radios (where
+      each radio is identified via the Radio ID field) supported by the
+      WTP.
+
+   Radios in use:   An 8-bit value representing the number of radios in
+      use in the WTP.
+
+   Num Encrypt:   The number of 3-byte Encryption sub-elements that
+      follow this field.  The value of the Num Encrypt field MUST be
+      between one (1) and 255.
+
+   Encryption Sub-Element:   The WTP Descriptor message element MUST
+      contain at least one Encryption sub-element.  One sub-element is
+      present for each binding supported by the WTP.  The Encryption
+      sub-element has the following format:
+
+      0                   1                   2
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |Resvd|  WBID   |  Encryption Capabilities      |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+      Resvd:  The 3-bit field is reserved for future use.  All
+         implementations complying with this protocol MUST set to zero
+         any bits that are reserved in the version of the protocol
+         supported by that implementation.  Receivers MUST ignore all
+         bits not defined for the version of the protocol they support.
+
+      WBID:   A 5-bit field that is the wireless binding identifier.
+         The identifier will indicate the type of wireless packet
+         associated with the radio.  The WBIDs defined in this
+         specification can be found in Section 4.3.
+
+      Encryption Capabilities:   This 16-bit field is used by the WTP to
+         communicate its capabilities to the AC.  A WTP that does not
+         have any encryption capabilities sets this field to zero (0).
+         Refer to the specific wireless binding for further
+         specification of the Encryption Capabilities field.
+
+   Descriptor Sub-Element:   The WTP Descriptor message element contains
+      multiple Descriptor sub-elements, some of which are mandatory and
+      some are optional, as described below.  The Descriptor sub-element
+      has the following format:
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 90]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                  Descriptor Vendor Identifier                 |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |        Descriptor Type        |       Descriptor Length       |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                       Descriptor Data...
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+      Descriptor Vendor Identifier:   A 32-bit value containing the
+         IANA-assigned "SMI Network Management Private Enterprise
+         Codes".
+
+      Descriptor Type:   The Descriptor Type field identifies the data
+         being encoded.  The format of the data is vendor-specific
+         encoded in the UTF-8 format [RFC3629].  The CAPWAP protocol
+         defines the following values, and each of these types identify
+         whether their presence is mandatory or optional.  The values
+         listed below are used in conjunction with the Descriptor Vendor
+         Identifier field, whose value MUST be set to zero (0).  This
+         field, combined with the Descriptor Vendor Identifier set to a
+         non-zero (0) value, allows vendors to use a private namespace.
+
+         0 -   Hardware Version: The WTP hardware version number MUST be
+               present.
+
+         1 -   Active Software Version: The WTP running software version
+               number MUST be present.
+
+         2 -   Boot Version: The WTP boot loader version number MUST be
+               present.
+
+         3 -   Other Software Version: The WTP non-running software
+               (firmware) version number MAY be present.  This type is
+               used to communicate alternate software versions that are
+               available on the WTP's non-volatile storage.
+
+      Descriptor Length:   Length of the vendor-specific encoding of the
+         Descriptor Data field, whose length MUST NOT exceed 1024
+         octets.
+
+      Descriptor Data:   Vendor-specific data of WTP information encoded
+         in the UTF-8 format [RFC3629].
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 91]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+4.6.42.  WTP Fallback
+
+   The WTP Fallback message element is sent by the AC to the WTP to
+   enable or disable automatic CAPWAP fallback in the event that a WTP
+   detects its preferred AC to which it is not currently connected.
+
+      0
+      0 1 2 3 4 5 6 7
+     +-+-+-+-+-+-+-+-+
+     |     Mode      |
+     +-+-+-+-+-+-+-+-+
+
+   Type:   40 for WTP Fallback
+
+   Length:   1
+
+   Mode:   The 8-bit value indicates the status of automatic CAPWAP
+      fallback on the WTP.  When enabled, if the WTP detects that its
+      primary AC is available, and that the WTP is not connected to the
+      primary AC, the WTP SHOULD automatically disconnect from its
+      current AC and reconnect to its primary AC.  If disabled, the WTP
+      will only reconnect to its primary AC through manual intervention
+      (e.g., through the Reset Request message).  The default value for
+      this field is specified in Section 4.8.9.  The following
+      enumerated values are supported:
+
+      0 -  Reserved
+
+      1 -  Enabled
+
+      2 -  Disabled
+
+4.6.43.  WTP Frame Tunnel Mode
+
+   The WTP Frame Tunnel Mode message element allows the WTP to
+   communicate the tunneling modes of operation that it supports to the
+   AC.  A WTP that advertises support for all types allows the AC to
+   select which type will be used, based on its local policy.
+
+      0
+      0 1 2 3 4 5 6 7
+     +-+-+-+-+-+-+-+-+
+     |Reservd|N|E|L|U|
+     +-+-+-+-+-+-+-+-+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 92]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Type:   41 for WTP Frame Tunnel Mode
+
+   Length:   1
+
+   Reservd:   A set of reserved bits for future use.  All
+      implementations complying with this protocol MUST set to zero any
+      bits that are reserved in the version of the protocol supported by
+      that implementation.  Receivers MUST ignore all bits not defined
+      for the version of the protocol they support.
+
+   N:    Native Frame Tunnel mode requires the WTP and AC to encapsulate
+         all user payloads as native wireless frames, as defined by the
+         wireless binding (see for example Section 4.4)
+
+   E:    The 802.3 Frame Tunnel Mode requires the WTP and AC to
+         encapsulate all user payload as native IEEE 802.3 frames (see
+         Section 4.4).  All user traffic is tunneled to the AC.  This
+         value MUST NOT be used when the WTP MAC Type is set to Split
+         MAC.
+
+   L:    When Local Bridging is used, the WTP does not tunnel user
+         traffic to the AC; all user traffic is locally bridged.  This
+         value MUST NOT be used when the WTP MAC Type is set to Split
+         MAC.
+
+   R:    A reserved bit for future use.  All implementations complying
+         with this protocol MUST set to zero any bits that are reserved
+         in the version of the protocol supported by that
+         implementation.  Receivers MUST ignore all bits not defined for
+         the version of the protocol they support.
+
+4.6.44.  WTP MAC Type
+
+   The WTP MAC-Type message element allows the WTP to communicate its
+   mode of operation to the AC.  A WTP that advertises support for both
+   modes allows the AC to select the mode to use, based on local policy.
+
+      0
+      0 1 2 3 4 5 6 7
+     +-+-+-+-+-+-+-+-+
+     |   MAC Type    |
+     +-+-+-+-+-+-+-+-+
+
+   Type:   44 for WTP MAC Type
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 93]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Length:   1
+
+   MAC Type:   The MAC mode of operation supported by the WTP.  The
+      following enumerated values are supported:
+
+      0 -   Local MAC: Local MAC is the default mode that MUST be
+            supported by all WTPs.  When tunneling is enabled (see
+            Section 4.6.43), the encapsulated frames MUST be in the
+            802.3 format (see Section 4.4.2), unless a wireless
+            management or control frame which MAY be in its native
+            format.  Any CAPWAP binding needs to specify the format of
+            management and control wireless frames.
+
+      1 -   Split MAC: Split MAC support is optional, and allows the AC
+            to receive and process native wireless frames.
+
+      2 -   Both: WTP is capable of supporting both Local MAC and Split
+            MAC.
+
+4.6.45.  WTP Name
+
+   The WTP Name message element is a variable-length byte UTF-8 encoded
+   string [RFC3629].  The string is not zero terminated.
+
+      0
+      0 1 2 3 4 5 6 7
+     +-+-+-+-+-+-+-+-+-
+     |  WTP Name ...
+     +-+-+-+-+-+-+-+-+-
+
+   Type:   45 for WTP Name
+
+   Length:   >= 1
+
+   WTP Name:   A non-zero-terminated UTF-8 encoded string [RFC3629]
+      containing the WTP name, whose maximum size MUST NOT exceed 512
+      bytes.
+
+4.6.46.  WTP Radio Statistics
+
+   The WTP Radio Statistics message element is sent by the WTP to the AC
+   to communicate statistics on radio behavior and reasons why the WTP
+   radio has been reset.  These counters are never reset on the WTP, and
+   will therefore roll over to zero when the maximum size has been
+   reached.
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 94]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |   Radio ID    | Last Fail Type|          Reset Count          |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |       SW Failure Count        |        HW Failure Count       |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |     Other  Failure Count      |     Unknown Failure Count     |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |      Config Update Count      |     Channel Change Count      |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |       Band Change Count       |      Current Noise Floor      |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   47 for WTP Radio Statistics
+
+   Length:   20
+
+   Radio ID:   The radio ID of the radio to which the statistics apply,
+      whose value is between one (1) and 31.
+
+   Last Failure Type:   The last WTP failure.  The following enumerated
+      values are supported:
+
+      0 -  Statistic Not Supported
+
+      1 -  Software Failure
+
+      2 -  Hardware Failure
+
+      3 -  Other Failure
+
+      255 -  Unknown (e.g., WTP doesn't keep track of info)
+
+   Reset Count:   The number of times that the radio has been reset.
+
+   SW Failure Count:   The number of times that the radio has failed due
+      to software-related reasons.
+
+   HW Failure Count:   The number of times that the radio has failed due
+      to hardware-related reasons.
+
+   Other Failure Count:   The number of times that the radio has failed
+      due to known reasons, other than software or hardware failure.
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 95]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Unknown Failure Count:   The number of times that the radio has
+      failed for unknown reasons.
+
+   Config Update Count:   The number of times that the radio
+      configuration has been updated.
+
+   Channel Change Count:   The number of times that the radio channel
+      has been changed.
+
+   Band Change Count:   The number of times that the radio has changed
+      frequency bands.
+
+   Current Noise Floor:   A signed integer that indicates the noise
+      floor of the radio receiver in units of dBm.
+
+4.6.47.  WTP Reboot Statistics
+
+   The WTP Reboot Statistics message element is sent by the WTP to the
+   AC to communicate reasons why WTP reboots have occurred.  These
+   counters are never reset on the WTP, and will therefore roll over to
+   zero when the maximum size has been reached.
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |         Reboot Count          |      AC Initiated Count       |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |      Link Failure Count       |       SW Failure Count        |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |       HW Failure Count        |      Other Failure Count      |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |     Unknown Failure Count     |Last Failure Type|
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+   Type:   48 for WTP Reboot Statistics
+
+   Length:   15
+
+   Reboot Count:   The number of reboots that have occurred due to a WTP
+      crash.  A value of 65535 implies that this information is not
+      available on the WTP.
+
+   AC Initiated Count:   The number of reboots that have occurred at the
+      request of a CAPWAP protocol message, such as a change in
+      configuration that required a reboot or an explicit CAPWAP
+      protocol reset request.  A value of 65535 implies that this
+      information is not available on the WTP.
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 96]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Link Failure Count:   The number of times that a CAPWAP protocol
+      connection with an AC has failed due to link failure.
+
+   SW Failure Count:   The number of times that a CAPWAP protocol
+      connection with an AC has failed due to software-related reasons.
+
+   HW Failure Count:   The number of times that a CAPWAP protocol
+      connection with an AC has failed due to hardware-related reasons.
+
+   Other Failure Count:   The number of times that a CAPWAP protocol
+      connection with an AC has failed due to known reasons, other than
+      AC initiated, link, SW or HW failure.
+
+   Unknown Failure Count:   The number of times that a CAPWAP protocol
+      connection with an AC has failed for unknown reasons.
+
+   Last Failure Type:   The failure type of the most recent WTP failure.
+      The following enumerated values are supported:
+
+      0 -  Not Supported
+
+      1 -  AC Initiated (see Section 9.2)
+
+      2 -  Link Failure
+
+      3 -  Software Failure
+
+      4 -  Hardware Failure
+
+      5 -  Other Failure
+
+      255 -  Unknown (e.g., WTP doesn't keep track of info)
+
+4.6.48.  WTP Static IP Address Information
+
+   The WTP Static IP Address Information message element is used by an
+   AC to configure or clear a previously configured static IP address on
+   a WTP.  IPv6 WTPs are expected to use dynamic addresses.
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 97]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+      0                   1                   2                   3
+      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                          IP Address                           |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                            Netmask                            |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |                            Gateway                            |
+     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+     |    Static     |
+     +-+-+-+-+-+-+-+-+
+
+   Type:   49 for WTP Static IP Address Information
+
+   Length:   13
+
+   IP Address:   The IP address to assign to the WTP.  This field is
+      only valid if the static field is set to one.
+
+   Netmask:   The IP Netmask.  This field is only valid if the static
+      field is set to one.
+
+   Gateway:   The IP address of the gateway.  This field is only valid
+      if the static field is set to one.
+
+   Static:   An 8-bit Boolean stating whether or not the WTP should use
+      a static IP address.  A value of zero disables the static IP
+      address, while a value of one enables it.
+
+4.7.  CAPWAP Protocol Timers
+
+   This section contains the definition of the CAPWAP timers.
+
+4.7.1.  ChangeStatePendingTimer
+
+   The maximum time, in seconds, the AC will wait for the Change State
+   Event Request from the WTP after having transmitted a successful
+   Configuration Status Response message.
+
+   Default: 25 seconds
+
+4.7.2.  DataChannelKeepAlive
+
+   The DataChannelKeepAlive timer is used by the WTP to determine the
+   next opportunity when it must transmit the Data Channel Keep-Alive,
+   in seconds.
+
+   Default: 30 seconds
+
+
+
+Calhoun, et al.             Standards Track                    [Page 98]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+4.7.3.  DataChannelDeadInterval
+
+   The minimum time, in seconds, a WTP MUST wait without having received
+   a Data Channel Keep-Alive packet before the destination for the Data
+   Channel Keep-Alive packets may be considered dead.  The value of this
+   timer MUST be no less than 2*DataChannelKeepAlive seconds and no
+   greater that 240 seconds.
+
+   Default: 60
+
+4.7.4.  DataCheckTimer
+
+   The number of seconds the AC will wait for the Data Channel Keep
+   Alive, which is required by the CAPWAP state machine's Data Check
+   state.  The AC resets the state machine if this timer expires prior
+   to transitioning to the next state.
+
+   Default: 30
+
+4.7.5.  DiscoveryInterval
+
+   The minimum time, in seconds, that a WTP MUST wait after receiving a
+   Discovery Response message, before initiating a DTLS handshake.
+
+   Default: 5
+
+4.7.6.  DTLSSessionDelete
+
+   The minimum time, in seconds, a WTP MUST wait for DTLS session
+   deletion.
+
+   Default: 5
+
+4.7.7.  EchoInterval
+
+   The minimum time, in seconds, between sending Echo Request messages
+   to the AC with which the WTP has joined.
+
+   Default: 30
+
+4.7.8.  IdleTimeout
+
+   The default Idle Timeout is 300 seconds.
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                    [Page 99]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+4.7.9.  ImageDataStartTimer
+
+   The number of seconds the WTP will wait for its peer to transmit the
+   Image Data Request.
+
+   Default: 30
+
+4.7.10.  MaxDiscoveryInterval
+
+   The maximum time allowed between sending Discovery Request messages,
+   in seconds.  This value MUST be no less than 2 seconds and no greater
+   than 180 seconds.
+
+   Default: 20 seconds.
+
+4.7.11.  ReportInterval
+
+   The ReportInterval is used by the WTP to determine the interval the
+   WTP uses between sending the Decryption Error message elements to
+   inform the AC of decryption errors, in seconds.
+
+   The default Report Interval is 120 seconds.
+
+4.7.12.  RetransmitInterval
+
+   The minimum time, in seconds, in which a non-acknowledged CAPWAP
+   packet will be retransmitted.
+
+   Default: 3
+
+4.7.13.  SilentInterval
+
+   For a WTP, this is the minimum time, in seconds, a WTP MUST wait
+   before it MAY again send Discovery Request messages or attempt to
+   establish a DTLS session.  For an AC, this is the minimum time, in
+   seconds, during which the AC SHOULD ignore all CAPWAP and DTLS
+   packets received from the WTP that is in the Sulking state.
+
+   Default: 30 seconds
+
+4.7.14.  StatisticsTimer
+
+   The StatisticsTimer is used by the WTP to determine the interval the
+   WTP uses between the WTP Events Requests it transmits to the AC to
+   communicate its statistics, in seconds.
+
+   Default: 120 seconds
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 100]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+4.7.15.  WaitDTLS
+
+   The maximum time, in seconds, a WTP MUST wait without having received
+   a DTLS Handshake message from an AC.  This timer MUST be greater than
+   30 seconds.
+
+   Default: 60
+
+4.7.16.  WaitJoin
+
+   The maximum time, in seconds, an AC will wait after the DTLS session
+   has been established until it receives the Join Request from the WTP.
+   This timer MUST be greater than 20 seconds.
+
+   Default: 60
+
+4.8.  CAPWAP Protocol Variables
+
+   This section defines the CAPWAP protocol variables, which are used
+   for various protocol functions.  Some of these variables are
+   configurable, while others are counters or have a fixed value.  For
+   non-counter-related variables, default values are specified.
+   However, when a WTP's variable configuration is explicitly overridden
+   by an AC, the WTP MUST save the new value.
+
+4.8.1.  AdminState
+
+   The default Administrative State value is enabled (1).
+
+4.8.2.  DiscoveryCount
+
+   The number of Discovery Request messages transmitted by a WTP to a
+   single AC.  This is a monotonically increasing counter.
+
+4.8.3.  FailedDTLSAuthFailCount
+
+   The number of failed DTLS session establishment attempts due to
+   authentication failures.
+
+4.8.4.  FailedDTLSSessionCount
+
+   The number of failed DTLS session establishment attempts.
+
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 101]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+4.8.5.  MaxDiscoveries
+
+   The maximum number of Discovery Request messages that will be sent
+   after a WTP boots.
+
+   Default: 10
+
+4.8.6.  MaxFailedDTLSSessionRetry
+
+   The maximum number of failed DTLS session establishment attempts
+   before the CAPWAP device enters a silent period.
+
+   Default: 3
+
+4.8.7.  MaxRetransmit
+
+   The maximum number of retransmissions for a given CAPWAP packet
+   before the link layer considers the peer dead.
+
+   Default: 5
+
+4.8.8.  RetransmitCount
+
+   The number of retransmissions for a given CAPWAP packet.  This is a
+   monotonically increasing counter.
+
+4.8.9.  WTPFallBack
+
+   The default WTP Fallback value is enabled (1).
+
+4.9.  WTP Saved Variables
+
+   In addition to the values defined in Section 4.8, the following
+   values SHOULD be saved on the WTP in non-volatile memory.  CAPWAP
+   wireless bindings MAY define additional values that SHOULD be stored
+   on the WTP.
+
+4.9.1.  AdminRebootCount
+
+   The number of times the WTP has rebooted administratively, defined in
+   Section 4.6.47.
+
+4.9.2.  FrameEncapType
+
+   For WTPs that support multiple Frame Encapsulation Types, it is
+   useful to save the value configured by the AC.  The Frame
+   Encapsulation Type is defined in Section 4.6.43.
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 102]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+4.9.3.  LastRebootReason
+
+   The reason why the WTP last rebooted, defined in Section 4.6.47.
+
+4.9.4.  MacType
+
+   For WTPs that support multiple MAC-Types, it is useful to save the
+   value configured by the AC.  The MAC-Type is defined in
+   Section 4.6.44.
+
+4.9.5.  PreferredACs
+
+   The preferred ACs, with the index, defined in Section 4.6.5.
+
+4.9.6.  RebootCount
+
+   The number of times the WTP has rebooted, defined in Section 4.6.47.
+
+4.9.7.  Static IP Address
+
+   The static IP address assigned to the WTP, as configured by the WTP
+   Static IP address Information message element (see Section 4.6.48).
+
+4.9.8.  WTPLinkFailureCount
+
+   The number of times the link to the AC has failed, see
+   Section 4.6.47.
+
+4.9.9.  WTPLocation
+
+   The WTP Location, defined in Section 4.6.30.
+
+4.9.10.  WTPName
+
+   The WTP Name, defined in Section 4.6.45.
+
+5.  CAPWAP Discovery Operations
+
+   The Discovery messages are used by a WTP to determine which ACs are
+   available to provide service, and the capabilities and load of the
+   ACs.
+
+5.1.  Discovery Request Message
+
+   The Discovery Request message is used by the WTP to automatically
+   discover potential ACs available in the network.  The Discovery
+   Request message provides ACs with the primary capabilities of the
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 103]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   WTP.  A WTP must exchange this information to ensure subsequent
+   exchanges with the ACs are consistent with the WTP's functional
+   characteristics.
+
+   Discovery Request messages MUST be sent by a WTP in the Discover
+   state after waiting for a random delay less than
+   MaxDiscoveryInterval, after a WTP first comes up or is
+   (re)initialized.  A WTP MUST send no more than the maximum of
+   MaxDiscoveries Discovery Request messages, waiting for a random delay
+   less than MaxDiscoveryInterval between each successive message.
+
+   This is to prevent an explosion of WTP Discovery Request messages.
+   An example of this occurring is when many WTPs are powered on at the
+   same time.
+
+   If a Discovery Response message is not received after sending the
+   maximum number of Discovery Request messages, the WTP enters the
+   Sulking state and MUST wait for an interval equal to SilentInterval
+   before sending further Discovery Request messages.
+
+   Upon receiving a Discovery Request message, the AC will respond with
+   a Discovery Response message sent to the address in the source
+   address of the received Discovery Request message.  Once a Discovery
+   Response has been received, if the WTP decides to establish a session
+   with the responding AC, it SHOULD perform an MTU discovery, using the
+   process described in Section 3.5.
+
+   It is possible for the AC to receive a clear text Discovery Request
+   message while a DTLS session is already active with the WTP.  This is
+   most likely the case if the WTP has rebooted, perhaps due to a
+   software or power failure, but could also be caused by a DoS attack.
+   In such cases, any WTP state, including the state machine instance,
+   MUST NOT be cleared until another DTLS session has been successfully
+   established, communicated via the DTLSSessionEstablished DTLS
+   notification (see Section 2.3.2.2).
+
+   The binding specific WTP Radio Information message element (see
+   Section 2.1) is included in the Discovery Request message to
+   advertise WTP support for one or more CAPWAP bindings.
+
+   The Discovery Request message is sent by the WTP when in the
+   Discovery state.  The AC does not transmit this message.
+
+   The following message elements MUST be included in the Discovery
+   Request message:
+
+   o  Discovery Type, see Section 4.6.21
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 104]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   o  WTP Board Data, see Section 4.6.40
+
+   o  WTP Descriptor, see Section 4.6.41
+
+   o  WTP Frame Tunnel Mode, see Section 4.6.43
+
+   o  WTP MAC Type, see Section 4.6.44
+
+   o  WTP Radio Information message element(s) that the WTP supports;
+      These are defined by the individual link layer CAPWAP Binding
+      Protocols (see Section 2.1).
+
+   The following message elements MAY be included in the Discovery
+   Request message:
+
+   o  MTU Discovery Padding, see Section 4.6.32
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+5.2.  Discovery Response Message
+
+   The Discovery Response message provides a mechanism for an AC to
+   advertise its services to requesting WTPs.
+
+   When a WTP receives a Discovery Response message, it MUST wait for an
+   interval not less than DiscoveryInterval for receipt of additional
+   Discovery Response messages.  After the DiscoveryInterval elapses,
+   the WTP enters the DTLS-Init state and selects one of the ACs that
+   sent a Discovery Response message and send a DTLS Handshake to that
+   AC.
+
+   One or more binding-specific WTP Radio Information message elements
+   (see Section 2.1) are included in the Discovery Request message to
+   advertise AC support for the CAPWAP bindings.  The AC MAY include
+   only the bindings it shares in common with the WTP, known through the
+   WTP Radio Information message elements received in the Discovery
+   Request message, or it MAY include all of the bindings supported.
+   The WTP MAY use the supported bindings in its AC decision process.
+   Note that if the WTP joins an AC that does not support a specific
+   CAPWAP binding, service for that binding MUST NOT be provided by the
+   WTP.
+
+   The Discovery Response message is sent by the AC when in the Idle
+   state.  The WTP does not transmit this message.
+
+   The following message elements MUST be included in the Discovery
+   Response Message:
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 105]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   o  AC Descriptor, see Section 4.6.1
+
+   o  AC Name, see Section 4.6.4
+
+   o  WTP Radio Information message element(s) that the AC supports;
+      these are defined by the individual link layer CAPWAP Binding
+      Protocols (see Section 2.1 for more information).
+
+   o  One of the following message elements MUST be included in the
+      Discovery Response Message:
+
+      *  CAPWAP Control IPv4 Address, see Section 4.6.9
+
+      *  CAPWAP Control IPv6 Address, see Section 4.6.10
+
+   The following message elements MAY be included in the Discovery
+   Response message:
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+5.3.  Primary Discovery Request Message
+
+   The Primary Discovery Request message is sent by the WTP to:
+
+   o  determine whether its preferred (or primary) AC is available, or
+
+   o  perform a Path MTU Discovery (see Section 3.5).
+
+   A Primary Discovery Request message is sent by a WTP when it has a
+   primary AC configured, and is connected to another AC.  This
+   generally occurs as a result of a failover, and is used by the WTP as
+   a means to discover when its primary AC becomes available.  Since the
+   WTP only has a single instance of the CAPWAP state machine, the
+   Primary Discovery Request is sent by the WTP when in the Run state.
+   The AC does not transmit this message.
+
+   The frequency of the Primary Discovery Request messages should be no
+   more often than the sending of the Echo Request message.
+
+   Upon receipt of a Primary Discovery Request message, the AC responds
+   with a Primary Discovery Response message sent to the address in the
+   source address of the received Primary Discovery Request message.
+
+   The following message elements MUST be included in the Primary
+   Discovery Request message.
+
+   o  Discovery Type, see Section 4.6.21
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 106]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   o  WTP Board Data, see Section 4.6.40
+
+   o  WTP Descriptor, see Section 4.6.41
+
+   o  WTP Frame Tunnel Mode, see Section 4.6.43
+
+   o  WTP MAC Type, see Section 4.6.44
+
+   o  WTP Radio Information message element(s) that the WTP supports;
+      these are defined by the individual link layer CAPWAP Binding
+      Protocols (see Section 2.1 for more information).
+
+   The following message elements MAY be included in the Primary
+   Discovery Request message:
+
+   o  MTU Discovery Padding, see Section 4.6.32
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+5.4.  Primary Discovery Response
+
+   The Primary Discovery Response message enables an AC to advertise its
+   availability and services to requesting WTPs that are configured to
+   have the AC as its primary AC.
+
+   The Primary Discovery Response message is sent by an AC after
+   receiving a Primary Discovery Request message.
+
+   When a WTP receives a Primary Discovery Response message, it may
+   establish a CAPWAP protocol connection to its primary AC, based on
+   the configuration of the WTP Fallback Status message element on the
+   WTP.
+
+   The Primary Discovery Response message is sent by the AC when in the
+   Idle state.  The WTP does not transmit this message.
+
+   The following message elements MUST be included in the Primary
+   Discovery Response message.
+
+   o  AC Descriptor, see Section 4.6.1
+
+   o  AC Name, see Section 4.6.4
+
+   o  WTP Radio Information message element(s) that the AC supports;
+      These are defined by the individual link layer CAPWAP Binding
+      Protocols (see Section 2.1 for more information).
+
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 107]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   One of the following message elements MUST be included in the
+   Discovery Response Message:
+
+   o  CAPWAP Control IPv4 Address, see Section 4.6.9
+
+   o  CAPWAP Control IPv6 Address, see Section 4.6.10
+
+   The following message elements MAY be included in the Primary
+   Discovery Response message:
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+6.  CAPWAP Join Operations
+
+   The Join Request message is used by a WTP to request service from an
+   AC after a DTLS connection is established to that AC.  The Join
+   Response message is used by the AC to indicate that it will or will
+   not provide service.
+
+6.1.  Join Request
+
+   The Join Request message is used by a WTP to request service through
+   the AC.  If the WTP is performing the optional AC Discovery process
+   (see Section 3.3), the join process occurs after the WTP has received
+   one or more Discovery Response messages.  During the Discovery
+   process, an AC MAY return more than one CAPWAP Control IPv4 Address
+   or CAPWAP Control IPv6 Address message elements.  When more than one
+   such message element is returned, the WTP SHOULD perform "load
+   balancing" by choosing the interface that is servicing the least
+   number of WTPs (known through the WTP Count field of the message
+   element).  Note, however, that other load balancing algorithms are
+   also permitted.  Once the WTP has determined its preferred AC, and
+   its associated interface, to which to connect, it establishes the
+   DTLS session, and transmits the Join Request over the secured control
+   channel.  When an AC receives a Join Request message it responds with
+   a Join Response message.
+
+   Upon completion of the DTLS handshake and receipt of the
+   DTLSEstablished notification, the WTP sends the Join Request message
+   to the AC.  When the AC is notified of the DTLS session
+   establishment, it does not clear the WaitDTLS timer until it has
+   received the Join Request message, at which time it sends a Join
+   Response message to the WTP, indicating success or failure.
+
+   One or more WTP Radio Information message elements (see Section 2.1)
+   are included in the Join Request to request service for the CAPWAP
+   bindings by the AC.  Including a binding that is unsupported by the
+   AC will result in a failed Join Response.
+
+
+
+Calhoun, et al.             Standards Track                   [Page 108]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   If the AC rejects the Join Request, it sends a Join Response message
+   with a failure indication and initiates an abort of the DTLS session
+   via the DTLSAbort command.
+
+   If an invalid (i.e., malformed) Join Request message is received, the
+   message MUST be silently discarded by the AC.  No response is sent to
+   the WTP.  The AC SHOULD log this event.
+
+   The Join Request is sent by the WTP when in the Join State.  The AC
+   does not transmit this message.
+
+   The following message elements MUST be included in the Join Request
+   message.
+
+   o  Location Data, see Section 4.6.30
+
+   o  WTP Board Data, see Section 4.6.40
+
+   o  WTP Descriptor, see Section 4.6.41
+
+   o  WTP Name, see Section 4.6.45
+
+   o  Session ID, see Section 4.6.37
+
+   o  WTP Frame Tunnel Mode, see Section 4.6.43
+
+   o  WTP MAC Type, see Section 4.6.44
+
+   o  WTP Radio Information message element(s) that the WTP supports;
+      these are defined by the individual link layer CAPWAP Binding
+      Protocols (see Section 2.1 for more information).
+
+   o  ECN Support, see Section 4.6.25
+
+   At least one of the following message element MUST be included in the
+   Join Request message.
+
+   o  CAPWAP Local IPv4 Address, see Section 4.6.11
+
+   o  CAPWAP Local IPv6 Address, see Section 4.6.12
+
+   The following message element MAY be included in the Join Request
+   message.
+
+   o  CAPWAP Transport Protocol, see Section 4.6.14
+
+   o  Maximum Message Length, see Section 4.6.31
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 109]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   o  WTP Reboot Statistics, see Section 4.6.47
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+6.2.  Join Response
+
+   The Join Response message is sent by the AC to indicate to a WTP that
+   it is capable and willing to provide service to the WTP.
+
+   The WTP, receiving a Join Response message, checks for success or
+   failure.  If the message indicates success, the WTP clears the
+   WaitDTLS timer for the session and proceeds to the Configure state.
+
+   If the WaitDTLS Timer expires prior to reception of the Join Response
+   message, the WTP MUST terminate the handshake, deallocate session
+   state and initiate the DTLSAbort command.
+
+   If an invalid (malformed) Join Response message is received, the WTP
+   SHOULD log an informative message detailing the error.  This error
+   MUST be treated in the same manner as AC non-responsiveness.  The
+   WaitDTLS timer will eventually expire, and the WTP MAY (if it is so
+   configured) attempt to join a new AC.
+
+   If one of the WTP Radio Information message elements (see
+   Section 2.1) in the Join Request message requested support for a
+   CAPWAP binding that the AC does not support, the AC sets the Result
+   Code message element to "Binding Not Supported".
+
+   The AC includes the Image Identifier message element to indicate the
+   software version it expects the WTP to run.  This information is used
+   to determine whether the WTP MUST change its currently running
+   firmware image or download a new version (see Section 9.1.1).
+
+   The Join Response message is sent by the AC when in the Join State.
+   The WTP does not transmit this message.
+
+   The following message elements MUST be included in the Join Response
+   message.
+
+   o  Result Code, see Section 4.6.35
+
+   o  AC Descriptor, see Section 4.6.1
+
+   o  AC Name, see Section 4.6.4
+
+   o  WTP Radio Information message element(s) that the AC supports;
+      these are defined by the individual link layer CAPWAP Binding
+      Protocols (see Section 2.1).
+
+
+
+Calhoun, et al.             Standards Track                   [Page 110]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   o  ECN Support, see Section 4.6.25
+
+   One of the following message elements MUST be included in the Join
+   Response Message:
+
+   o  CAPWAP Control IPv4 Address, see Section 4.6.9
+
+   o  CAPWAP Control IPv6 Address, see Section 4.6.10
+
+   One of the following message elements MUST be included in the Join
+   Response Message:
+
+   o  CAPWAP Local IPv4 Address, see Section 4.6.11
+
+   o  CAPWAP Local IPv6 Address, see Section 4.6.12
+
+   The following message elements MAY be included in the Join Response
+   message.
+
+   o  AC IPv4 List, see Section 4.6.2
+
+   o  AC IPv6 List, see Section 4.6.3
+
+   o  CAPWAP Transport Protocol, see Section 4.6.14
+
+   o  Image Identifier, see Section 4.6.27
+
+   o  Maximum Message Length, see Section 4.6.31
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+7.  Control Channel Management
+
+   The Control Channel Management messages are used by the WTP and AC to
+   maintain a control communication channel.  CAPWAP Control messages,
+   such as the WTP Event Request message sent from the WTP to the AC
+   indicate to the AC that the WTP is operational.  When such control
+   messages are not being sent, the Echo Request and Echo Response
+   messages are used to maintain the control communication channel.
+
+7.1.  Echo Request
+
+   The Echo Request message is a keep-alive mechanism for CAPWAP control
+   messages.
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 111]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Echo Request messages are sent periodically by a WTP in the Image
+   Data or Run state (see Section 2.3) to determine the state of the
+   control connection between the WTP and the AC.  The Echo Request
+   message is sent by the WTP when the EchoInterval timer expires.
+
+   The Echo Request message is sent by the WTP when in the Run state.
+   The AC does not transmit this message.
+
+   The following message elements MAY be included in the Echo Request
+   message:
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+   When an AC receives an Echo Request message it responds with an Echo
+   Response message.
+
+7.2.  Echo Response
+
+   The Echo Response message acknowledges the Echo Request message.
+
+   An Echo Response message is sent by an AC after receiving an Echo
+   Request message.  After transmitting the Echo Response message, the
+   AC SHOULD reset its EchoInterval timer (see Section 4.7.7).  If
+   another Echo Request message or other control message is not received
+   by the AC when the timer expires, the AC SHOULD consider the WTP to
+   be no longer reachable.
+
+   The Echo Response message is sent by the AC when in the Run state.
+   The WTP does not transmit this message.
+
+   The following message elements MAY be included in the Echo Response
+   message:
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+   When a WTP receives an Echo Response message it initializes the
+   EchoInterval to the configured value.
+
+8.  WTP Configuration Management
+
+   WTP Configuration messages are used to exchange configuration
+   information between the AC and the WTP.
+
+8.1.  Configuration Consistency
+
+   The CAPWAP protocol provides flexibility in how WTP configuration is
+   managed.  A WTP can behave in one of two ways, which is
+   implementation specific:
+
+
+
+Calhoun, et al.             Standards Track                   [Page 112]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   1. The WTP retains no configuration and accepts the configuration
+      provided by the AC.
+
+   2. The WTP saves the configuration of parameters provided by the AC
+      that are non-default values into local non-volatile memory, and
+      are enforced during the WTP's power up initialization phase.
+
+   If the WTP opts to save configuration locally, the CAPWAP protocol
+   state machine defines the Configure state, which allows for
+   configuration exchange.  In the Configure state, the WTP sends its
+   current configuration overrides to the AC via the Configuration
+   Status Request message.  A configuration override is a non-default
+   parameter.  As an example, in the CAPWAP protocol, the default
+   antenna configuration is internal omni antenna.  A WTP that either
+   has no internal antennas, or has been explicitly configured by the AC
+   to use external antennas, sends its antenna configuration during the
+   configure phase, allowing the AC to become aware of the WTP's current
+   configuration.
+
+   Once the WTP has provided its configuration to the AC, the AC sends
+   its configuration to the WTP.  This allows the WTP to receive
+   configuration and policies from the AC.
+
+   The AC maintains a copy of each active WTP configuration.  There is
+   no need for versioning or other means to identify configuration
+   changes.  If a WTP becomes inactive, the AC MAY delete the inactive
+   WTP configuration.  If a WTP fails, and connects to a new AC, the WTP
+   provides its overridden configuration parameters, allowing the new AC
+   to be aware of the WTP configuration.
+
+   This model allows for resiliency in case of an AC failure, ensuring
+   another AC can provide service to the WTP.  A new AC would be
+   automatically updated with WTP configuration changes, eliminating the
+   need for inter-AC communication and the need for all ACs to be aware
+   of the configuration of all WTPs in the network.
+
+   Once the CAPWAP protocol enters the Run state, the WTPs begin to
+   provide service.  It is common for administrators to require that
+   configuration changes be made while the network is operational.
+   Therefore, the Configuration Update Request is sent by the AC to the
+   WTP to make these changes at run-time.
+
+8.1.1.  Configuration Flexibility
+
+   The CAPWAP protocol provides the flexibility to configure and manage
+   WTPs of varying design and functional characteristics.  When a WTP
+   first discovers an AC, it provides primary functional information
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 113]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   relating to its type of MAC and to the nature of frames to be
+   exchanged.  The AC configures the WTP appropriately.  The AC also
+   establishes corresponding internal state for the WTP.
+
+8.2.  Configuration Status Request
+
+   The Configuration Status Request message is sent by a WTP to deliver
+   its current configuration to the AC.
+
+   The Configuration Status Request message carries binding-specific
+   message elements.  Refer to the appropriate binding for the
+   definition of this structure.
+
+   When an AC receives a Configuration Status Request message, it acts
+   upon the content of the message and responds to the WTP with a
+   Configuration Status Response message.
+
+   The Configuration Status Request message includes multiple Radio
+   Administrative State message elements, one for the WTP, and one for
+   each radio in the WTP.
+
+   The Configuration Status Request message is sent by the WTP when in
+   the Configure State.  The AC does not transmit this message.
+
+   The following message elements MUST be included in the Configuration
+   Status Request message.
+
+   o  AC Name, see Section 4.6.4
+
+   o  Radio Administrative State, see Section 4.6.33
+
+   o  Statistics Timer, see Section 4.6.38
+
+   o  WTP Reboot Statistics, see Section 4.6.47
+
+   The following message elements MAY be included in the Configuration
+   Status Request message.
+
+   o  AC Name with Priority, see Section 4.6.5
+
+   o  CAPWAP Transport Protocol, see Section 4.6.14
+
+   o  WTP Static IP Address Information, see Section 4.6.48
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 114]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+8.3.  Configuration Status Response
+
+   The Configuration Status Response message is sent by an AC and
+   provides a mechanism for the AC to override a WTP's requested
+   configuration.
+
+   A Configuration Status Response message is sent by an AC after
+   receiving a Configuration Status Request message.
+
+   The Configuration Status Response message carries binding-specific
+   message elements.  Refer to the appropriate binding for the
+   definition of this structure.
+
+   When a WTP receives a Configuration Status Response message, it acts
+   upon the content of the message, as appropriate.  If the
+   Configuration Status Response message includes a Radio Operational
+   State message element that causes a change in the operational state
+   of one of the radios, the WTP transmits a Change State Event to the
+   AC, as an acknowledgement of the change in state.
+
+   The Configuration Status Response message is sent by the AC when in
+   the Configure state.  The WTP does not transmit this message.
+
+   The following message elements MUST be included in the Configuration
+   Status Response message.
+
+   o  CAPWAP Timers, see Section 4.6.13
+
+   o  Decryption Error Report Period, see Section 4.6.18
+
+   o  Idle Timeout, see Section 4.6.24
+
+   o  WTP Fallback, see Section 4.6.42
+
+   One or both of the following message elements MUST be included in the
+   Configuration Status Response message:
+
+   o  AC IPv4 List, see Section 4.6.2
+
+   o  AC IPv6 List, see Section 4.6.3
+
+   The following message element MAY be included in the Configuration
+   Status Response message.
+
+   o  WTP Static IP Address Information, see Section 4.6.48
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 115]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+8.4.  Configuration Update Request
+
+   Configuration Update Request messages are sent by the AC to provision
+   the WTP while in the Run state.  This is used to modify the
+   configuration of the WTP while it is operational.
+
+   When a WTP receives a Configuration Update Request message, it
+   responds with a Configuration Update Response message, with a Result
+   Code message element indicating the result of the configuration
+   request.
+
+   The AC includes the Image Identifier message element (see
+   Section 4.6.27) to force the WTP to update its firmware while in the
+   Run state.  The WTP MAY proceed to download the requested firmware if
+   it determines the version specified in the Image Identifier message
+   element is not in its non-volatile storage by transmitting an Image
+   Data Request (see Section 9.1.1) that includes the Initiate Download
+   message element (see Section 4.6.29).
+
+   The Configuration Update Request is sent by the AC when in the Run
+   state.  The WTP does not transmit this message.
+
+   One or more of the following message elements MAY be included in the
+   Configuration Update message:
+
+   o  AC Name with Priority, see Section 4.6.5
+
+   o  AC Timestamp, see Section 4.6.6
+
+   o  Add MAC ACL Entry, see Section 4.6.7
+
+   o  CAPWAP Timers, see Section 4.6.13
+
+   o  Decryption Error Report Period, see Section 4.6.18
+
+   o  Delete MAC ACL Entry, see Section 4.6.19
+
+   o  Idle Timeout, see Section 4.6.24
+
+   o  Location Data, see Section 4.6.30
+
+   o  Radio Administrative State, see Section 4.6.33
+
+   o  Statistics Timer, see Section 4.6.38
+
+   o  WTP Fallback, see Section 4.6.42
+
+   o  WTP Name, see Section 4.6.45
+
+
+
+Calhoun, et al.             Standards Track                   [Page 116]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   o  WTP Static IP Address Information, see Section 4.6.48
+
+   o  Image Identifier, see Section 4.6.27
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+8.5.  Configuration Update Response
+
+   The Configuration Update Response message is the acknowledgement
+   message for the Configuration Update Request message.
+
+   The Configuration Update Response message is sent by a WTP after
+   receiving a Configuration Update Request message.
+
+   When an AC receives a Configuration Update Response message, the
+   result code indicates if the WTP successfully accepted the
+   configuration.
+
+   The Configuration Update Response message is sent by the WTP when in
+   the Run state.  The AC does not transmit this message.
+
+   The following message element MUST be present in the Configuration
+   Update message.
+
+   Result Code, see Section 4.6.35
+
+   The following message elements MAY be present in the Configuration
+   Update Response message.
+
+   o  Radio Operational State, see Section 4.6.34
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+8.6.  Change State Event Request
+
+   The Change State Event Request message is used by the WTP for two
+   main purposes:
+
+   o  When sent by the WTP following the reception of a Configuration
+      Status Response message from the AC, the WTP uses the Change State
+      Event Request message to provide an update on the WTP radio's
+      operational state and to confirm that the configuration provided
+      by the AC was successfully applied.
+
+   o  When sent during the Run state, the WTP uses the Change State
+      Event Request message to notify the AC of an unexpected change in
+      the WTP's radio operational state.
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 117]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   When an AC receives a Change State Event Request message it responds
+   with a Change State Event Response message and modifies its data
+   structures for the WTP as needed.  The AC MAY decide not to provide
+   service to the WTP if it receives an error, based on local policy,
+   and to transition to the Reset state.
+
+   The Change State Event Request message is sent by a WTP to
+   acknowledge or report an error condition to the AC for a requested
+   configuration in the Configuration Status Response message.  The
+   Change State Event Request message includes the Result Code message
+   element, which indicates whether the configuration was successfully
+   applied.  If the WTP is unable to apply a specific configuration
+   request, it indicates the failure by including one or more Returned
+   Message Element message elements (see Section 4.6.36).
+
+   The Change State Event Request message is sent by the WTP in the
+   Configure or Run state.  The AC does not transmit this message.
+
+   The WTP MAY save its configuration to persistent storage prior to
+   transmitting the response.  However, this is implementation specific
+   and is not required.
+
+   The following message elements MUST be present in the Change State
+   Event Request message.
+
+   o  Radio Operational State, see Section 4.6.34
+
+   o  Result Code, see Section 4.6.35
+
+   One or more of the following message elements MAY be present in the
+   Change State Event Request message:
+
+   o  Returned Message Element(s), see Section 4.6.36
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+8.7.  Change State Event Response
+
+   The Change State Event Response message acknowledges the Change State
+   Event Request message.
+
+   A Change State Event Response message is sent by an AC in response to
+   a Change State Event Request message.
+
+   The Change State Event Response message is sent by the AC when in the
+   Configure or Run state.  The WTP does not transmit this message.
+
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 118]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   The following message element MAY be included in the Change State
+   Event Response message:
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+   The WTP does not take any action upon receipt of the Change State
+   Event Response message.
+
+8.8.  Clear Configuration Request
+
+   The Clear Configuration Request message is used to reset the WTP
+   configuration.
+
+   The Clear Configuration Request message is sent by an AC to request
+   that a WTP reset its configuration to the manufacturing default
+   configuration.  The Clear Config Request message is sent while in the
+   Run state.
+
+   The Clear Configuration Request is sent by the AC when in the Run
+   state.  The WTP does not transmit this message.
+
+   The following message element MAY be included in the Clear
+   Configuration Request message:
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+   When a WTP receives a Clear Configuration Request message, it resets
+   its configuration to the manufacturing default configuration.
+
+8.9.  Clear Configuration Response
+
+   The Clear Configuration Response message is sent by the WTP after
+   receiving a Clear Configuration Request message and resetting its
+   configuration parameters to the manufacturing default values.
+
+   The Clear Configuration Response is sent by the WTP when in the Run
+   state.  The AC does not transmit this message.
+
+   The Clear Configuration Response message MUST include the following
+   message element:
+
+   o  Result Code, see Section 4.6.35
+
+   The following message element MAY be included in the Clear
+   Configuration Request message:
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 119]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+9.  Device Management Operations
+
+   This section defines CAPWAP operations responsible for debugging,
+   gathering statistics, logging, and firmware management.  The
+   management operations defined in this section are used by the AC to
+   either push/pull information to/from the WTP, or request that the WTP
+   reboot.  This section does not deal with the management of the AC per
+   se, and assumes that the AC is operational and configured.
+
+9.1.  Firmware Management
+
+   This section describes the firmware download procedures used by the
+   CAPWAP protocol.  Firmware download can occur during the Image Data
+   or Run state.  The former allows the download to occur at boot time,
+   while the latter is used to trigger the download while an active
+   CAPWAP session exists.  It is important to note that the CAPWAP
+   protocol does not provide the ability for the AC to identify whether
+   the firmware information provided by the WTP is correct or whether
+   the WTP is properly storing the firmware (see Section 12.10 for more
+   information).
+
+   Figure 6 provides an example of a WTP that performs a firmware
+   upgrade while in the Image Data state.  In this example, the WTP does
+   not already have the requested firmware (Image Identifier = x), and
+   downloads the image from the AC.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 120]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+             WTP                                               AC
+
+                                Join Request
+         -------------------------------------------------------->
+
+                     Join Response (Image Identifier = x)
+         <------------------------------------------------------
+
+              Image Data Request (Image Identifier = x,
+                                  Initiate Download)
+         -------------------------------------------------------->
+
+           Image Data Response (Result Code = Success,
+                                Image Information = {size,hash})
+         <------------------------------------------------------
+
+                Image Data Request (Image Data = Data)
+         <------------------------------------------------------
+
+                Image Data Response (Result Code = Success)
+         -------------------------------------------------------->
+
+                                  .....
+
+                Image Data Request (Image Data = EOF)
+         <------------------------------------------------------
+
+                Image Data Response (Result Code = Success)
+         -------------------------------------------------------->
+
+                     (WTP enters the Reset State)
+
+                  Figure 6: WTP Firmware Download Case 1
+
+   Figure 7 provides an example in which the WTP has the image specified
+   by the AC in its non-volatile storage, but is not its current running
+   image.  In this case, the WTP opts to NOT download the firmware and
+   immediately reset to the requested image.
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 121]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+             WTP                                               AC
+
+                                Join Request
+         -------------------------------------------------------->
+
+                     Join Response (Image Identifier = x)
+         <------------------------------------------------------
+
+                     (WTP enters the Reset State)
+
+                  Figure 7: WTP Firmware Download Case 2
+
+   Figure 8 provides an example of a WTP that performs a firmware
+   upgrade while in the Run state.  This mode of firmware upgrade allows
+   the WTP to download its image while continuing to provide service.
+   The WTP will not automatically reset until it is notified by the AC,
+   with a Reset Request message.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 122]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+             WTP                                               AC
+
+                Configuration Update Request (Image Identifier = x)
+         <------------------------------------------------------
+
+            Configuration Update Response (Result Code = Success)
+         -------------------------------------------------------->
+
+
+              Image Data Request (Image Identifier = x,
+                                  Initiate Download)
+         -------------------------------------------------------->
+
+              Image Data Response (Result Code = Success,
+                                   Image Information = {size,hash})
+         <------------------------------------------------------
+
+                Image Data Request (Image Data = Data)
+         <------------------------------------------------------
+
+                Image Data Response (Result Code = Success)
+         -------------------------------------------------------->
+
+                                  .....
+
+                Image Data Request (Image Data = EOF)
+         <------------------------------------------------------
+
+                Image Data Response (Result Code = Success)
+         -------------------------------------------------------->
+
+                                  .....
+
+                (administratively requested reboot request)
+                   Reset Request (Image Identifier = x)
+         <------------------------------------------------------
+
+                  Reset Response (Result Code = Success)
+         -------------------------------------------------------->
+
+                  Figure 8: WTP Firmware Download Case 3
+
+   Figure 9 provides another example of the firmware download while in
+   the Run state.  In this example, the WTP already has the image
+   specified by the AC in its non-volatile storage.  The WTP opts to NOT
+   download the firmware.  The WTP resets upon receipt of a Reset
+   Request message from the AC.
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 123]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+             WTP                                               AC
+
+             Configuration Update Request (Image Identifier = x)
+         <------------------------------------------------------
+
+      Configuration Update Response (Result Code = Already Have Image)
+         -------------------------------------------------------->
+
+                                  .....
+
+                (administratively requested reboot request)
+                   Reset Request (Image Identifier = x)
+         <------------------------------------------------------
+
+                  Reset Response (Result Code = Success)
+         -------------------------------------------------------->
+
+                  Figure 9: WTP Firmware Download Case 4
+
+9.1.1.  Image Data Request
+
+   The Image Data Request message is used to update firmware on the WTP.
+   This message and its companion Response message are used by the AC to
+   ensure that the image being run on each WTP is appropriate.
+
+   Image Data Request messages are exchanged between the WTP and the AC
+   to download a new firmware image to the WTP.  When a WTP or AC
+   receives an Image Data Request message, it responds with an Image
+   Data Response message.  The message elements contained within the
+   Image Data Request message are required to determine the intent of
+   the request.
+
+   The decision that new firmware is to be downloaded to the WTP can
+   occur in one of two ways:
+
+      When the WTP joins the AC, the Join Response message includes the
+      Image Identifier message element, which informs the WTP of the
+      firmware it is expected to run.  If the WTP does not currently
+      have the requested firmware version, it transmits an Image Data
+      Request message, with the appropriate Image Identifier message
+      element.  If the WTP already has the requested firmware in its
+      non-volatile flash, but is not its currently running image, it
+      simply resets to run the proper firmware.
+
+      Once the WTP is in the Run state, it is possible for the AC to
+      cause the WTP to initiate a firmware download by sending a
+      Configuration Update Request message with the Image Identifier
+      message elements.  This will cause the WTP to transmit an Image
+
+
+
+Calhoun, et al.             Standards Track                   [Page 124]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+      Data Request with the Image Identifier and the Initiate Download
+      message elements.  Note that when the firmware is downloaded in
+      this way, the WTP does not automatically reset after the download
+      is complete.  The WTP will only reset when it receives a Reset
+      Request message from the AC.  If the WTP already had the requested
+      firmware version in its non-volatile storage, the WTP does not
+      transmit the Image Data Request message and responds with a
+      Configuration Update Response message with the Result Code set to
+      Image Already Present.
+
+   Regardless of how the download was initiated, once the AC receives an
+   Image Data Request message with the Image Identifier message element,
+   it begins the transfer process by transmitting an Image Data Request
+   message that includes the Image Data message element.  This continues
+   until the firmware image has been transferred.
+
+   The Image Data Request message is sent by the WTP or the AC when in
+   the Image Data or Run state.
+
+   The following message elements MAY be included in the Image Data
+   Request message:
+
+   o  CAPWAP Transport Protocol, see Section 4.6.14
+
+   o  Image Data, see Section 4.6.26
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+   The following message elements MAY be included in the Image Data
+   Request message when sent by the WTP:
+
+   o  Image Identifier, see Section 4.6.27
+
+   o  Initiate Download, see Section 4.6.29
+
+9.1.2.  Image Data Response
+
+   The Image Data Response message acknowledges the Image Data Request
+   message.
+
+   An Image Data Response message is sent in response to a received
+   Image Data Request message.  Its purpose is to acknowledge the
+   receipt of the Image Data Request message.  The Result Code is
+   included to indicate whether a previously sent Image Data Request
+   message was invalid.
+
+   The Image Data Response message is sent by the WTP or the AC when in
+   the Image Data or Run state.
+
+
+
+Calhoun, et al.             Standards Track                   [Page 125]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   The following message element MUST be included in the Image Data
+   Response message:
+
+   o  Result Code, see Section 4.6.35
+
+   The following message element MAY be included in the Image Data
+   Response message:
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+   The following message element MAY be included in the Image Data
+   Response message when sent by the AC:
+
+   o  Image Information, see Section 4.6.28
+
+   Upon receiving an Image Data Response message indicating an error,
+   the WTP MAY retransmit a previous Image Data Request message, or
+   abandon the firmware download to the WTP by transitioning to the
+   Reset state.
+
+9.2.  Reset Request
+
+   The Reset Request message is used to cause a WTP to reboot.
+
+   A Reset Request message is sent by an AC to cause a WTP to
+   reinitialize its operation.  If the AC includes the Image Identifier
+   message element (see Section 4.6.27), it indicates to the WTP that it
+   SHOULD use that version of software upon reboot.
+
+   The Reset Request is sent by the AC when in the Run state.  The WTP
+   does not transmit this message.
+
+   The following message element MUST be included in the Reset Request
+   message:
+
+   o  Image Identifier, see Section 4.6.27
+
+   The following message element MAY be included in the Reset Request
+   message:
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+   When a WTP receives a Reset Request message, it responds with a Reset
+   Response message indicating success and then reinitializes itself.
+   If the WTP is unable to write to its non-volatile storage, to ensure
+   that it runs the requested software version indicated in the Image
+   Identifier message element, it MAY send the appropriate Result Code
+   message element, but MUST reboot.  If the WTP is unable to reset,
+
+
+
+Calhoun, et al.             Standards Track                   [Page 126]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   including a hardware reset, it sends a Reset Response message to the
+   AC with a Result Code message element indicating failure.  The AC no
+   longer provides service to the WTP.
+
+9.3.  Reset Response
+
+   The Reset Response message acknowledges the Reset Request message.
+
+   A Reset Response message is sent by the WTP after receiving a Reset
+   Request message.
+
+   The Reset Response is sent by the WTP when in the Run state.  The AC
+   does not transmit this message.
+
+   The following message elements MAY be included in the Reset Response
+   message.
+
+   o  Result Code, see Section 4.6.35
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+   When an AC receives a successful Reset Response message, it is
+   notified that the WTP will reinitialize its operation.  An AC that
+   receives a Reset Response message indicating failure may opt to no
+   longer provide service to the WTP.
+
+9.4.  WTP Event Request
+
+   The WTP Event Request message is used by a WTP to send information to
+   its AC.  The WTP Event Request message MAY be sent periodically, or
+   sent in response to an asynchronous event on the WTP.  For example, a
+   WTP MAY collect statistics and use the WTP Event Request message to
+   transmit the statistics to the AC.
+
+   When an AC receives a WTP Event Request message it will respond with
+   a WTP Event Response message.
+
+   The presence of the Delete Station message element is used by the WTP
+   to inform the AC that it is no longer providing service to the
+   station.  This could be the result of an Idle Timeout (see
+   Section 4.6.24), due to resource shortages, or some other reason.
+
+   The WTP Event Request message is sent by the WTP when in the Run
+   state.  The AC does not transmit this message.
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 127]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   The WTP Event Request message MUST contain one of the message
+   elements listed below, or a message element that is defined for a
+   specific wireless technology.  More than one of each message element
+   listed MAY be included in the WTP Event Request message.
+
+   o  Decryption Error Report, see Section 4.6.17
+
+   o  Duplicate IPv4 Address, see Section 4.6.22
+
+   o  Duplicate IPv6 Address, see Section 4.6.23
+
+   o  WTP Radio Statistics, see Section 4.6.46
+
+   o  WTP Reboot Statistics, see Section 4.6.47
+
+   o  Delete Station, see Section 4.6.20
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+9.5.  WTP Event Response
+
+   The WTP Event Response message acknowledges receipt of the WTP Event
+   Request message.
+
+   A WTP Event Response message is sent by an AC after receiving a WTP
+   Event Request message.
+
+   The WTP Event Response message is sent by the AC when in the Run
+   state.  The WTP does not transmit this message.
+
+   The following message element MAY be included in the WTP Event
+   Response message:
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+9.6.  Data Transfer
+
+   This section describes the data transfer procedures used by the
+   CAPWAP protocol.  The data transfer mechanism is used to upload
+   information available at the WTP to the AC, such as crash or debug
+   information.  The data transfer messages can only be exchanged while
+   in the Run state.
+
+   Figure 10 provides an example of an AC that requests that the WTP
+   transfer its latest crash file.  Once the WTP acknowledges that it
+   has information to send, via the Data Transfer Response, it transmits
+   its own Data Transfer Request.  Upon receipt, the AC responds with a
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 128]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Data Transfer Response, and the exchange continues until the WTP
+   transmits a Data Transfer Data message element that indicates an End
+   of File (EOF).
+
+             WTP                                               AC
+
+           Data Transfer Request (Data Transfer Mode = Crash Data)
+         <------------------------------------------------------
+
+              Data Transfer Response (Result Code = Success)
+         -------------------------------------------------------->
+
+              Data Transfer Request (Data Transfer Data = Data)
+         -------------------------------------------------------->
+
+              Data Transfer Response (Result Code = Success)
+         <------------------------------------------------------
+
+                                  .....
+
+                Data Transfer Request (Data Transfer Data = EOF)
+         -------------------------------------------------------->
+
+              Data Transfer Response (Result Code = Success)
+         <------------------------------------------------------
+
+
+                    Figure 10: WTP Data Transfer Case 1
+
+   Figure 11 provides an example of an AC that requests that the WTP
+   transfer its latest crash file.  However, in this example, the WTP
+   does not have any crash information to send, and therefore sends a
+   Data Transfer Response with a Result Code indicating the error.
+
+            WTP                                               AC
+
+          Data Transfer Request (Data Transfer Mode = Crash Data)
+        <------------------------------------------------------
+
+             Data Transfer Response (Result Code = Data Transfer
+                                     Error (No Information to Transfer))
+        -------------------------------------------------------->
+
+
+                    Figure 11: WTP Data Transfer Case 2
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 129]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+9.6.1.  Data Transfer Request
+
+   The Data Transfer Request message is used to deliver debug
+   information from the WTP to the AC.
+
+   The Data Transfer Request messages can be sent either by the AC or
+   the WTP.  When sent by the AC, it is used to request that data be
+   transmitted from the WTP to the AC, and includes the Data Transfer
+   Mode message element, which specifies the information desired by the
+   AC.  The Data Transfer Request is sent by the WTP in order to
+   transfer actual data to the AC, through the Data Transfer Data
+   message element.
+
+   Given that the CAPWAP protocol minimizes the need for WTPs to be
+   directly managed, the Data Transfer Request is an important
+   troubleshooting tool used by the AC to retrieve information that may
+   be available on the WTP.  For instance, some WTP implementations may
+   store crash information to help manufacturers identify software
+   faults.  The Data Transfer Request message can be used to send such
+   information from the WTP to the AC.  Another possible use would be to
+   allow a remote debugger function in the WTP to use the Data Transfer
+   Request message to send console output to the AC for debugging
+   purposes.
+
+   When the WTP or AC receives a Data Transfer Request message, it
+   responds to the WTP with a Data Transfer Response message.  The AC
+   MAY log the information received through the Data Transfer Data
+   message element.
+
+   The Data Transfer Request message is sent by the WTP or AC when in
+   the Run state.
+
+   When sent by the AC, the Data Transfer Request message MUST contain
+   the following message element:
+
+   o  Data Transfer Mode, see Section 4.6.16
+
+   When sent by the WTP, the Data Transfer Request message MUST contain
+   the following message element:
+
+   o  Data Transfer Data, see Section 4.6.15
+
+   Regardless of whether the Data Transfer Request is sent by the AC or
+   WTP, the following message element MAY be included in the Data
+   Transfer Request message:
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 130]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+9.6.2.  Data Transfer Response
+
+   The Data Transfer Response message acknowledges the Data Transfer
+   Request message.
+
+   A Data Transfer Response message is sent in response to a received
+   Data Transfer Request message.  Its purpose is to acknowledge receipt
+   of the Data Transfer Request message.  When sent by the WTP, the
+   Result Code message element is used to indicate whether the data
+   transfer requested by the AC can be completed.  When sent by the AC,
+   the Result Code message element is used to indicate receipt of the
+   data transferred in the Data Transfer Request message.
+
+   The Data Transfer Response message is sent by the WTP or AC when in
+   the Run state.
+
+   The following message element MUST be included in the Data Transfer
+   Response message:
+
+   o  Result Code, see Section 4.6.35
+
+   The following message element MAY be included in the Data Transfer
+   Response message:
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+   Upon receipt of a Data Transfer Response message, the WTP transmits
+   more information, if more information is available.
+
+10.  Station Session Management
+
+   Messages in this section are used by the AC to create, modify, or
+   delete station session state on the WTPs.
+
+10.1.  Station Configuration Request
+
+   The Station Configuration Request message is used to create, modify,
+   or delete station session state on a WTP.  The message is sent by the
+   AC to the WTP, and MAY contain one or more message elements.  The
+   message elements for this CAPWAP Control message include information
+   that is generally highly technology specific.  Refer to the
+   appropriate binding document for definitions of the messages elements
+   that are included in this control message.
+
+   The Station Configuration Request message is sent by the AC when in
+   the Run state.  The WTP does not transmit this message.
+
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 131]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   The following CAPWAP Control message elements MAY be included in the
+   Station Configuration Request message.  More than one of each message
+   element listed MAY be included in the Station Configuration Request
+   message:
+
+   o  Add Station, see Section 4.6.8
+
+   o  Delete Station, see Section 4.6.20
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+10.2.  Station Configuration Response
+
+   The Station Configuration Response message is used to acknowledge a
+   previously received Station Configuration Request message.
+
+   The Station Configuration Response message is sent by the WTP when in
+   the Run state.  The AC does not transmit this message.
+
+   The following message element MUST be present in the Station
+   Configuration Response message:
+
+   o  Result Code, see Section 4.6.35
+
+   The following message element MAY be included in the Station
+   Configuration Response message:
+
+   o  Vendor Specific Payload, see Section 4.6.39
+
+   The Result Code message element indicates that the requested
+   configuration was successfully applied, or that an error related to
+   processing of the Station Configuration Request message occurred on
+   the WTP.
+
+11.  NAT Considerations
+
+   There are three specific situations in which a NAT deployment may be
+   used in conjunction with a CAPWAP-enabled deployment.  The first
+   consists of a configuration in which a single WTP is behind a NAT
+   system.  Since all communication is initiated by the WTP, and all
+   communication is performed over IP using two UDP ports, the protocol
+   easily traverses NAT systems in this configuration.
+
+   In the second case, two or more WTPs are deployed behind the same NAT
+   system.  Here, the AC would receive multiple connection requests from
+   the same IP address, and therefore cannot use the WTP's IP address
+   alone to bind the CAPWAP Control and Data channel.  The CAPWAP Data
+   Check state, which establishes the data plane connection and
+
+
+
+Calhoun, et al.             Standards Track                   [Page 132]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   communicates the CAPWAP Data Channel Keep-Alive, includes the Session
+   Identifier message element, which is used to bind the control and
+   data plane.  Use of the Session Identifier message element enables
+   the AC to match the control and data plane flows from multiple WTPs
+   behind the same NAT system (multiple WTPs sharing the same IP
+   address).  CAPWAP implementations MUST also use DTLS session
+   information on any encrypted CAPWAP channel to validate the source of
+   both the control and data plane, as described in Section 12.2.
+
+   In the third configuration, the AC is deployed behind a NAT.  In this
+   case, the AC is not reachable by the WTP unless a specific rule has
+   been configured on the NAT to translate the address and redirect
+   CAPWAP messages to the AC.  This deployment presents two issues.
+   First, an AC communicates its interfaces and corresponding WTP load
+   using the CAPWAP Control IPv4 Address and CAPWAP Control IPv6 Address
+   message elements.  This message element is mandatory, but contains IP
+   addresses that are only valid in the private address space used by
+   the AC, which is not reachable by the WTP.  The WTP MUST NOT utilize
+   the information in these message elements if it detects a NAT (as
+   described in the CAPWAP Transport Protocol message element in
+   Section 4.6.14).  Second, since the addresses cannot be used by the
+   WTP, this effectively disables the load-balancing capabilities (see
+   Section 6.1) of the CAPWAP protocol.  Alternatively, the AC could
+   have a configured NAT'ed address, which it would include in either of
+   the two control address message elements, and the NAT would need to
+   be configured accordingly.
+
+   In order for a CAPWAP WTP or AC to detect whether a middlebox is
+   present, both the Join Request (see Section 6.1) and the Join
+   Response (see Section 6.2) include either the CAPWAP Local IPv4
+   Address (see Section 4.6.11) or the CAPWAP Local IPv6 Address (see
+   Section 4.6.12) message element.  Upon receiving one of these
+   messages, if the packet's source IP address differs from the address
+   found in either one of these message elements, it indicates that a
+   middlebox is present.
+
+   In order for CAPWAP to be compatible with potential middleboxes in
+   the network, CAPWAP implementations MUST send return traffic from the
+   same port on which it received traffic from a given peer.  Further,
+   any unsolicited requests generated by a CAPWAP node MUST be sent on
+   the same port.
+
+   Note that this middlebox detection technique is not foolproof.  If
+   the public IP address assigned to the NAT is identical to the private
+   IP address used by the AC, detection by the WTP would fail.  This
+   failure can lead to various protocol errors, so it is therefore
+   necessary for deployments to ensure that the NAT's IP address is not
+   the same as the ACs.
+
+
+
+Calhoun, et al.             Standards Track                   [Page 133]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   The CAPWAP protocol allows for all of the AC identities supporting a
+   group of WTPs to be communicated through the AC List message element.
+   This feature MUST be ignored by the WTP when it detects the AC is
+   behind a middlebox.
+
+   The CAPWAP protocol allows an AC to configure a static IP address on
+   a WTP using the WTP Static IP Address Information message element.
+   This message element SHOULD NOT be used in NAT'ed environments,
+   unless the administrator is familiar with the internal IP addressing
+   scheme within the WTP's private network, and does not rely on the
+   public address seen by the AC.
+
+   When a WTP detects the duplicate address condition, it generates a
+   message to the AC, which includes the Duplicate IP Address message
+   element.  The IP address embedded within this message element is
+   different from the public IP address seen by the AC.
+
+12.  Security Considerations
+
+   This section describes security considerations for the CAPWAP
+   protocol.  It also provides security recommendations for protocols
+   used in conjunction with CAPWAP.
+
+12.1.  CAPWAP Security
+
+   As it is currently specified, the CAPWAP protocol sits between the
+   security mechanisms specified by the wireless link layer protocol
+   (e.g., IEEE 802.11i) and Authentication, Authorization, and
+   Accounting (AAA).  One goal of CAPWAP is to bootstrap trust between
+   the STA and WTP using a series of preestablished trust relationships:
+
+         STA            WTP           AC            AAA
+         ==============================================
+
+                            DTLS Cred     AAA Cred
+                         <------------><------------->
+
+                         EAP Credential
+          <------------------------------------------>
+
+           wireless link layer
+           (e.g., 802.11 PTK)
+          <--------------> or
+          <--------------------------->
+              (derived)
+
+                       Figure 12: STA Session Setup
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 134]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   Within CAPWAP, DTLS is used to secure the link between the WTP and
+   AC.  In addition to securing control messages, it's also a link in
+   this chain of trust for establishing link layer keys.  Consequently,
+   much rests on the security of DTLS.
+
+   In some CAPWAP deployment scenarios, there are two channels between
+   the WTP and AC: the control channel, carrying CAPWAP Control
+   messages, and the data channel, over which client data packets are
+   tunneled between the AC and WTP.  Typically, the control channel is
+   secured by DTLS, while the data channel is not.
+
+   The use of parallel protected and unprotected channels deserves
+   special consideration, but does not create a threat.  There are two
+   potential concerns: attempting to convert protected data into
+   unprotected data and attempting to convert un-protected data into
+   protected data.  These concerns are addressed below.
+
+12.1.1.  Converting Protected Data into Unprotected Data
+
+   Since CAPWAP does not support authentication-only ciphers (i.e., all
+   supported ciphersuites include encryption and authentication), it is
+   not possible to convert protected data into unprotected data.  Since
+   encrypted data is (ideally) indistinguishable from random data, the
+   probability of an encrypted packet passing for a well-formed packet
+   is effectively zero.
+
+12.1.2.  Converting Unprotected Data into Protected Data (Insertion)
+
+   The use of message authentication makes it impossible for the
+   attacker to forge protected records.  This makes conversion of
+   unprotected records to protected records impossible.
+
+12.1.3.  Deletion of Protected Records
+
+   An attacker could remove protected records from the stream, though
+   not undetectably so, due the built-in reliability of the underlying
+   CAPWAP protocol.  In the worst case, the attacker would remove the
+   same record repeatedly, resulting in a CAPWAP session timeout and
+   restart.  This is effectively a DoS attack, and could be accomplished
+   by a man in the middle regardless of the CAPWAP protocol security
+   mechanisms chosen.
+
+12.1.4.   Insertion of Unprotected Records
+
+   An attacker could inject packets into the unprotected channel, but
+   this may become evident if sequence number desynchronization occurs
+   as a result.  Only if the attacker is a man in the middle (MITM) can
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 135]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   packets be inserted undetectably.  This is a consequence of that
+   channel's lack of protection, and not a new threat resulting from the
+   CAPWAP security mechanism.
+
+12.1.5.  Use of MD5
+
+   The Image Information message element (Section 4.6.28) makes use of
+   MD5 to compute the hash field.  The authenticity and integrity of the
+   image file is protected by DTLS, and in this context, MD5 is not used
+   as a cryptographically secure hash, but just as a basic checksum.
+   Therefore, the use of MD5 is not considered a security vulnerability,
+   and no mechanisms for algorithm agility are provided.
+
+12.1.6.  CAPWAP Fragmentation
+
+   RFC 4963 [RFC4963] describes a possible security vulnerability where
+   a malicious entity can "corrupt" a flow by injecting fragments.  By
+   sending "high" fragments (those with offset greater than zero) with a
+   forged source address, the attacker can deliberately cause
+   corruption.  The use of DTLS on the CAPWAP Data channel can be used
+   to avoid this possible vulnerability.
+
+12.2.  Session ID Security
+
+   Since DTLS does not export a unique session identifier, there can be
+   no explicit protocol binding between the DTLS layer and CAPWAP layer.
+   As a result, implementations MUST provide a mechanism for performing
+   this binding.  For example, an AC MUST NOT associate decrypted DTLS
+   control packets with a particular WTP session based solely on the
+   Session ID in the packet header.  Instead, identification should be
+   done based on which DTLS session decrypted the packet.  Otherwise,
+   one authenticated WTP could spoof another authenticated WTP by
+   altering the Session ID in the encrypted CAPWAP Header.
+
+   It should be noted that when the CAPWAP Data channel is unencrypted,
+   the WTP Session ID is exposed and possibly known to adversaries and
+   other WTPs.  This would allow the forgery of the source of data-
+   channel traffic.  This, however, should not be a surprise for
+   unencrypted data channels.  When the data channel is encrypted, the
+   Session ID is not exposed, and therefore can safely be used to
+   associate a data and control channel.  The 128-bit length of the
+   Session ID mitigates online guessing attacks where an adversarial,
+   authenticated WTP tries to correlate his own data channel with
+   another WTP's control channel.  Note that for encrypted data
+   channels, the Session ID should only be used for correlation for the
+   first packet immediately after the initial DTLS handshake.  Future
+   correlation should instead be done via identification of a packet's
+   DTLS session.
+
+
+
+Calhoun, et al.             Standards Track                   [Page 136]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+12.3.  Discovery or DTLS Setup Attacks
+
+   Since the Discovery Request messages are sent in the clear, it is
+   important that AC implementations NOT assume that receiving a
+   Discovery Request message from a WTP implies that the WTP has
+   rebooted, and consequently tear down any active DTLS sessions.
+   Discovery Request messages can easily be spoofed by malicious
+   devices, so it is important that the AC maintain two separate sets of
+   states for the WTP until the DTLSSessionEstablished notification is
+   received, indicating that the WTP was authenticated.  Once a new DTLS
+   session is successfully established, any state referring to the old
+   session can be cleared.
+
+   Similarly, when the AC is entering the DTLS Setup phase, it SHOULD
+   NOT assume that the WTP has reset, and therefore should not discard
+   active state until the DTLS session has been successfully
+   established.  While the HelloVerifyRequest provides some protection
+   against denial-of-service (DoS) attacks on the AC, an adversary
+   capable of receiving packets at a valid address (or a malfunctioning
+   or misconfigured WTP) may repeatedly attempt DTLS handshakes with the
+   AC, potentially creating a resource shortage.  If either the
+   FailedDTLSSessionCount or the FailedDTLSAuthFailCount counter reaches
+   the value of MaxFailedDTLSSessionRetry variable (see Section 4.8),
+   implementations MAY choose to rate-limit new DTLS handshakes for some
+   period of time.  It is RECOMMENDED that implementations choosing to
+   implement rate-limiting use a random discard technique, rather than
+   mimicking the WTP's sulking behavior.  This will ensure that messages
+   from valid WTPs will have some probability of eliciting a response,
+   even in the face of a significant DoS attack.
+
+   Some CAPWAP implementations may wish to restrict the DTLS setup
+   process to only those peers that have been configured in the access
+   control list, authorizing only those clients to initiate a DTLS
+   handshake.  Note that the impact of this on mitigating denial-of-
+   service attacks against the DTLS layer is minimal, because DTLS
+   already uses client-side cookies to minimize processor consumption
+   attacks.
+
+12.4.  Interference with a DTLS Session
+
+   If a WTP or AC repeatedly receives packets that fail DTLS
+   authentication or decryption, this could indicate a DTLS
+   desynchronization between the AC and WTP, a link prone to
+   undetectable bit errors, or an attacker trying to disrupt a DTLS
+   session.
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 137]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   In the state machine (section 2.3), transitions to the DTLS Tear Down
+   (TD) state can be triggered by frequently receiving DTLS packets with
+   authentication or decryption errors.  The threshold or technique for
+   deciding when to move to the tear down state should be chosen
+   carefully.  Being able to easily transition to DTLS TD allows easy
+   detection of malfunctioning devices, but allows for denial-of-service
+   attacks.  Making it difficult to transition to DTLS TD prevents
+   denial-of-service attacks, but makes it more difficult to detect and
+   reset a malfunctioning session.  Implementers should set this policy
+   with care.
+
+12.5.  CAPWAP Pre-Provisioning
+
+   In order for CAPWAP to establish a secure communication with a peer,
+   some level of pre-provisioning on both the WTP and AC is necessary.
+   This section will detail the minimal number of configuration
+   parameters.
+
+   When using pre-shared keys, it is necessary to configure the pre-
+   shared key for each possible peer with which a DTLS session may be
+   established.  To support this mode of operation, one or more entries
+   of the following table may be configured on either the AC or WTP:
+
+   o  Identity: The identity of the peering AC or WTP.  This format MAY
+      be in the form of either an IP address or host name (the latter of
+      which needs to be resolved to an IP address using DNS).
+
+   o  Key: The pre-shared key for use with the peer when establishing
+      the DTLS session (see Section 12.6 for more information).
+
+   o  PSK Identity: Identity hint associated with the provisioned key
+      (see Section 2.4.4.4 for more information).
+
+   When using certificates, the following items need to be pre-
+   provisioned:
+
+   o  Device Certificate: The local device's certificate (see
+      Section 12.7 for more information).
+
+   o  Trust Anchor: Trusted root certificate chain used to validate any
+      certificate received from CAPWAP peers.  Note that one or more
+      root certificates MAY be configured on a given device.
+
+   Regardless of the authentication method, the following item needs to
+   be pre-provisioned:
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 138]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   o  Access Control List: The access control list table contains the
+      identities of one or more CAPWAP peers, along with a rule.  The
+      rule is used to determine whether communication with the peer is
+      permitted (see Section 2.4.4.3 for more information).
+
+12.6.  Use of Pre-Shared Keys in CAPWAP
+
+   While use of pre-shared keys may provide deployment and provisioning
+   advantages not found in public-key-based deployments, it also
+   introduces a number of operational and security concerns.  In
+   particular, because the keys must typically be entered manually, it
+   is common for people to base them on memorable words or phrases.
+   These are referred to as "low entropy passwords/passphrases".
+
+   Use of low-entropy pre-shared keys, coupled with the fact that the
+   keys are often not frequently updated, tends to significantly
+   increase exposure.  For these reasons, the following recommendations
+   are made:
+
+   o  When DTLS is used with a pre-shared key (PSK) ciphersuite, each
+      WTP SHOULD have a unique PSK.  Since WTPs will likely be widely
+      deployed, their physical security is not guaranteed.  If PSKs are
+      not unique for each WTP, key reuse would allow the compromise of
+      one WTP to result in the compromise of others.
+
+   o  Generating PSKs from low entropy passwords is NOT RECOMMENDED.
+
+   o  It is RECOMMENDED that implementations that allow the
+      administrator to manually configure the PSK also provide a
+      capability for generation of new random PSKs, taking RFC 4086
+      [RFC4086] into account.
+
+   o  Pre-shared keys SHOULD be periodically updated.  Implementations
+      MAY facilitate this by providing an administrative interface for
+      automatic key generation and periodic update, or it MAY be
+      accomplished manually instead.
+
+   Every pairwise combination of WTP and AC on the network SHOULD have a
+   unique PSK.  This prevents the domino effect (see "Guidance for
+   Authentication, Authorization, and Accounting (AAA) Key Management"
+   [RFC4962]).  If PSKs are tied to specific WTPs, then knowledge of the
+   PSK implies a binding to a specified identity that can be authorized.
+
+   If PSKs are shared, this binding between device and identity is no
+   longer possible.  Compromise of one WTP can yield compromise of
+   another WTP, violating the CAPWAP security hierarchy.  Consequently,
+   sharing keys between WTPs is NOT RECOMMENDED.
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 139]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+12.7.  Use of Certificates in CAPWAP
+
+   For public-key-based DTLS deployments, each device SHOULD have unique
+   credentials, with an extended key usage authorizing the device to act
+   as either a WTP or AC.  If devices do not have unique credentials, it
+   is possible that by compromising one device, any other device using
+   the same credential may also be considered to be compromised.
+
+   Certificate validation involves checking a large variety of things.
+   Since the necessary things to validate are often environment-
+   specific, many are beyond the scope of this document.  In this
+   section, we provide some basic guidance on certificate validation.
+
+   Each device is responsible for authenticating and authorizing devices
+   with which they communicate.  Authentication entails validation of
+   the chain of trust leading to the peer certificate, followed by the
+   peer certificate itself.  Implementations SHOULD also provide a
+   secure method for verifying that the credential in question has not
+   been revoked.
+
+   Note that if the WTP relies on the AC for network connectivity (e.g.,
+   the AC is a Layer 2 switch to which the WTP is directly connected),
+   the WTP may not be able to contact an Online Certificate Status
+   Protocol (OCSP) server or otherwise obtain an up-to-date Certificate
+   Revocation List (CRL) if a compromised AC doesn't explicitly permit
+   this.  This cannot be avoided, except through effective physical
+   security and monitoring measures at the AC.
+
+   Proper validation of certificates typically requires checking to
+   ensure the certificate has not yet expired.  If devices have a real-
+   time clock, they SHOULD verify the certificate validity dates.  If no
+   real-time clock is available, the device SHOULD make a best-effort
+   attempt to validate the certificate validity dates through other
+   means.  Failure to check a certificate's temporal validity can make a
+   device vulnerable to man-in-the-middle attacks launched using
+   compromised, expired certificates, and therefore devices should make
+   every effort to perform this validation.
+
+12.8.  Use of MAC Address in CN Field
+
+   The CAPWAP protocol is an evolution of an existing protocol [LWAPP],
+   which is implemented on a large number of already deployed ACs and
+   WTPs.  Every one of these devices has an existing X.509 certificate,
+   which is provisioned at the time of manufacturing.  These X.509
+   certificates use the device's MAC address in the Common Name (CN)
+   field.  It is well understood that encoding the MAC address in the CN
+   field is less than optimal, and using the SubjectAltName field would
+   be preferable.  However, at the time of publication, there is no URN
+
+
+
+Calhoun, et al.             Standards Track                   [Page 140]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   specification that allows for the MAC address to be used in the
+   SubjectAltName field.  As such a specification is published by the
+   IETF, future versions of the CAPWAP protocol MAY require support for
+   the new URN scheme.
+
+12.9.  AAA Security
+
+   The AAA protocol is used to distribute Extensible Authentication
+   Protocol (EAP) keys to the ACs, and consequently its security is
+   important to the overall system security.  When used with Transport
+   Layer Security (TLS) or IPsec, security guidelines specified in RFC
+   3539 [RFC3539] SHOULD be followed.
+
+   In general, the link between the AC and AAA server SHOULD be secured
+   using a strong ciphersuite keyed with mutually authenticated session
+   keys.  Implementations SHOULD NOT rely solely on Basic RADIUS shared
+   secret authentication as it is often vulnerable to dictionary
+   attacks, but rather SHOULD use stronger underlying security
+   mechanisms.
+
+12.10.  WTP Firmware
+
+   The CAPWAP protocol defines a mechanism by which the AC downloads new
+   firmware to the WTP.  During the session establishment process, the
+   WTP provides information about its current firmware to the AC.  The
+   AC then decides whether the WTP's firmware needs to be updated.  It
+   is important to note that the CAPWAP specification makes the explicit
+   assumption that the WTP is providing the correct firmware version to
+   the AC, and is therefore not lying.  Further, during the firmware
+   download process, the CAPWAP protocol does not provide any mechanisms
+   to recognize whether the WTP is actually storing the firmware for
+   future use.
+
+13.  Operational Considerations
+
+   The CAPWAP protocol assumes that it is the only configuration
+   interface to the WTP to configure parameters that are specified in
+   the CAPWAP specifications.  While the use of a separate management
+   protocol MAY be used for the purposes of monitoring the WTP directly,
+   configuring the WTP through a separate management interface is not
+   recommended.  Configuring the WTP through a separate protocol, such
+   as via a command line interface (CLI) or Simple Network Management
+   Protocol (SNMP), could lead to the AC state being out of sync with
+   the WTP.
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 141]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   The CAPWAP protocol does not deal with the management of the ACs.
+   The AC is assumed to be configured through some separate management
+   interface, which could be via a proprietary CLI, SNMP, Network
+   Configuration Protocol (NETCONF), or some other management protocol.
+
+   The CAPWAP protocol's control channel is fairly lightweight from a
+   traffic perspective.  Once the WTP has been configured, the WTP sends
+   periodic statistics.  Further, the specification calls for a keep-
+   alive packet to be sent on the protocol's data channel to make sure
+   that any possible middleboxes (e.g., NAT) maintain their UDP state.
+   The overhead associated with the control and data channel is not
+   expected to impact network traffic.  That said, the CAPWAP protocol
+   does allow for the frequency of these packets to be modified through
+   the DataChannelKeepAlive and StatisticsTimer (see Section 4.7.2 and
+   Section 4.7.14, respectively).
+
+14.  Transport Considerations
+
+   The CAPWAP WG carefully considered the congestion control
+   requirements of the CAPWAP protocol, both for the CAPWAP Control and
+   Data channels.
+
+   CAPWAP specifies a single-threaded command/response protocol to be
+   used on the control channel, and we have specified that an
+   exponential back-off algorithm should be used when commands are
+   retransmitted.  When CAPWAP runs in its default mode (Local MAC), the
+   control channel is the only CAPWAP channel.
+
+   However, CAPWAP can also be run in Split MAC mode, in which case
+   there will be a DTLS-encrypted data channel between each WTP and the
+   AC.  The WG discussed various options for providing congestion
+   control on this channel.  However, due to performance problems with
+   TCP when it is run over another congestion control mechanism and the
+   fact that the vast majority of traffic run over the CAPWAP Data
+   channel is likely to be congestion-controlled IP traffic, the CAPWAP
+   WG felt that specifying a congestion control mechanism for the CAPWAP
+   Data channel would be more likely to cause problems than to resolve
+   any.
+
+   Because there is no congestion control mechanism specified for the
+   CAPWAP Data channel, it is RECOMMENDED that non-congestion-controlled
+   traffic not be tunneled over CAPWAP.  When a significant amount of
+   non-congestion-controlled traffic is expected to be present on a
+   WLAN, the CAPWAP connection between the AC and the WTP for that LAN
+   should be configured to remain in Local MAC mode with Distribution
+   function at the WTP.
+
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 142]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   The lock step nature of the CAPWAP protocol's control channel can
+   cause the firmware download process to take some time, depending upon
+   the round-trip time (RTT).  This is not expected to be a problem
+   since the CAPWAP protocol allows firmware to be downloaded while the
+   WTP provides service to wireless clients/devices.
+
+   It is necessary for the WTP and AC to configure their MTU based on
+   the capabilities of the path.  See Section 3.5 for more information.
+
+   The CAPWAP protocol mandates support of the Explicit Congestion
+   Notification (ECN) through a mode of operation named "limited
+   functionality option", detailed in section 9.1.1 of [RFC3168].
+   Future versions of the CAPWAP protocol should consider mandating
+   support for the "full functionality option".
+
+15.  IANA Considerations
+
+   This section details the actions that IANA has taken in preparation
+   for publication of the specification.  Numerous registries have been
+   created, and the contents, document action (see [RFC5226], and
+   registry format are all included below.  Note that in cases where bit
+   fields are referred to, the bit numbering is left to right, where the
+   leftmost bit is labeled as bit zero (0).
+
+   For future registration requests where an Expert Review is required,
+   a Designated Expert should be consulted, which is appointed by the
+   responsible IESG Area Director.  The intention is that any allocation
+   will be accompanied by a published RFC, but given that other SDOs may
+   want to create standards built on top of CAPWAP, a document the
+   Designated Expert can review is also acceptable.  IANA should allow
+   for allocation of values prior to documents being approved for
+   publication, so the Designated Expert can approve allocations once it
+   seems clear that publication will occur.  The Designated Expert will
+   post a request to the CAPWAP WG mailing list (or a successor
+   designated by the Area Director) for comment and review.  Before a
+   period of 30 days has passed, the Designated Expert will either
+   approve or deny the registration request and publish a notice of the
+   decision to the CAPWAP WG mailing list or its successor, as well as
+   informing IANA.  A denial notice must be justified by an explanation,
+   and in the cases where it is possible, concrete suggestions on how
+   the request can be modified so as to become acceptable should be
+   provided.
+
+15.1.  IPv4 Multicast Address
+
+   IANA has registered a new IPv4 multicast address called "capwap-ac"
+   from the Internetwork Control Block IPv4 multicast address registry;
+   see Section 3.3.
+
+
+
+Calhoun, et al.             Standards Track                   [Page 143]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+15.2.  IPv6 Multicast Address
+
+   IANA has registered a new organization local multicast address called
+   the "All ACs multicast address" in the Variable Scope IPv6 multicast
+   address registry; see Section 3.3.
+
+15.3.  UDP Port
+
+   IANA registered two new UDP Ports, which are organization-local
+   multicast addresses, in the registered port numbers registry; see
+   Section 3.1.  The following values have been registered:
+
+   Keyword         Decimal    Description                  References
+   -------         -------    -----------                  ----------
+   capwap-control  5246/udp   CAPWAP Control Protocol      This Document
+   capwap-data     5247/udp   CAPWAP Data Protocol         This Document
+
+
+15.4.  CAPWAP Message Types
+
+   The Message Type field in the CAPWAP Header (see Section 4.5.1.1) is
+   used to identify the operation performed by the message.  There are
+   multiple namespaces, which are identified via the first three octets
+   of the field containing the IANA Enterprise Number [RFC5226].
+
+   IANA maintains the CAPWAP Message Types registry for all message
+   types whose Enterprise Number is set to zero (0).  The namespace is 8
+   bits (0-255), where the value of zero (0) is reserved and must not be
+   assigned.  The values one (1) through 26 are allocated in this
+   specification, and can be found in Section 4.5.1.1.  Any new
+   assignments of a CAPWAP Message Type whose Enterprise Number is set
+   to zero (0) requires an Expert Review.  The registry maintained by
+   IANA has the following format:
+
+           CAPWAP Control Message           Message Type     Reference
+                                              Value
+
+15.5.  CAPWAP Header Flags
+
+   The Flags field in the CAPWAP Header (see Section 4.3) is 9 bits in
+   length and is used to identify any special treatment related to the
+   message.  This specification defines bits zero (0) through five (5),
+   while bits six (6) through eight (8) are reserved.  There are
+   currently three unused, reserved bits that are managed by IANA and
+   whose assignment require an Expert Review.  IANA created the CAPWAP
+   Header Flags registry, whose format is:
+
+           Flag Field Name                   Bit Position    Reference
+
+
+
+Calhoun, et al.             Standards Track                   [Page 144]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+15.6.  CAPWAP Control Message Flags
+
+   The Flags field in the CAPWAP Control Message header (see
+   Section 4.5.1.4) is used to identify any special treatment related to
+   the control message.  There are currently eight (8) unused, reserved
+   bits.  The assignment of these bits is managed by IANA and requires
+   an Expert Review.  IANA created the CAPWAP Control Message Flags
+   registry, whose format is:
+
+           Flag Field Name                   Bit Position    Reference
+
+15.7.  CAPWAP Message Element Type
+
+   The Type field in the CAPWAP Message Element header (see Section 4.6)
+   is used to identify the data being transported.  The namespace is 16
+   bits (0-65535), where the value of zero (0) is reserved and must not
+   be assigned.  The values one (1) through 53 are allocated in this
+   specification, and can be found in Section 4.5.1.1.
+
+   The 16-bit namespace is further divided into blocks of addresses that
+   are reserved for specific CAPWAP wireless bindings.  The following
+   blocks are reserved:
+
+         CAPWAP Protocol Message Elements                   1 - 1023
+         IEEE 802.11 Message Elements                    1024 - 2047
+         EPCGlobal Message Elements                      3072 - 4095
+
+   This namespace is managed by IANA and assignments require an Expert
+   Review.  IANA created the CAPWAP Message Element Type registry, whose
+   format is:
+
+           CAPWAP Message Element           Type Value       Reference
+
+15.8.  CAPWAP Wireless Binding Identifiers
+
+   The Wireless Binding Identifier (WBID) field in the CAPWAP Header
+   (see Section 4.3) is used to identify the wireless technology
+   associated with the packet.  This specification allocates the values
+   one (1) and three (3).  Due to the limited address space available, a
+   new WBID request requires Expert Review.  IANA created the CAPWAP
+   Wireless Binding Identifier registry, whose format is:
+
+           CAPWAP Wireless Binding Identifier  Type Value      Reference
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 145]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+15.9.  AC Security Types
+
+   The Security field in the AC Descriptor message element (see
+   Section 4.6.1) is 8 bits in length and is used to identify the
+   authentication methods available on the AC.  This specification
+   defines bits five (5) and six (6), while bits zero (0) through four
+   (4) as well as bit seven (7) are reserved and unused.  These reserved
+   bits are managed by IANA and assignment requires Standards Action.
+   IANA created the AC Security Types registry, whose format is:
+
+           AC Security Type                  Bit Position    Reference
+
+15.10.  AC DTLS Policy
+
+   The DTLS Policy field in the AC Descriptor message element (see
+   Section 4.6.1) is 8 bits in length and is used to identify whether
+   the CAPWAP Data Channel is to be secured.  This specification defines
+   bits five (5) and six (6), while bits zero (0) through four (4) as
+   well as bit seven (7) are reserved and unused.  These reserved bits
+   are managed by IANA and assignment requires Standards Action.  IANA
+   created the AC DTLS Policy registry, whose format is:
+
+           AC DTLS Policy                    Bit Position    Reference
+
+15.11.  AC Information Type
+
+   The Information Type field in the AC Descriptor message element (see
+   Section 4.6.1) is used to represent information about the AC.  The
+   namespace is 16 bits (0-65535), where the value of zero (0) is
+   reserved and must not be assigned.  This field, combined with the AC
+   Information Vendor ID, allows vendors to use a private namespace.
+   This specification defines the AC Information Type namespace when the
+   AC Information Vendor ID is set to zero (0), for which the values
+   four (4) and five (5) are allocated in this specification, and can be
+   found in Section 4.6.1.  This namespace is managed by IANA and
+   assignments require an Expert Review.  IANA created the AC
+   Information Type registry, whose format is:
+
+           AC Information Type              Type Value       Reference
+
+15.12.  CAPWAP Transport Protocol Types
+
+   The Transport field in the CAPWAP Transport Protocol message element
+   (see Section 4.6.14) is used to identify the transport to use for the
+   CAPWAP Data Channel.  The namespace is 8 bits (0-255), where the
+   value of zero (0) is reserved and must not be assigned.  The values
+   one (1) and two (2) are allocated in this specification, and can be
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 146]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   found in Section 4.6.14.  This namespace is managed by IANA and
+   assignments require an Expert Review.  IANA created the CAPWAP
+   Transport Protocol Types registry, whose format is:
+
+           CAPWAP Transport Protocol Type   Type Value       Reference
+
+15.13.  Data Transfer Type
+
+   The Data Type field in the Data Transfer Data message element (see
+   Section 4.6.15) and Image Data message element (see Section 4.6.26)
+   is used to provide information about the data being carried.  The
+   namespace is 8 bits (0-255), where the value of zero (0) is reserved
+   and must not be assigned.  The values one (1), two (2), and five (5)
+   are allocated in this specification, and can be found in
+   Section 4.6.15.  This namespace is managed by IANA and assignments
+   require an Expert Review.  IANA created the Data Transfer Type
+   registry, whose format is:
+
+           Data Transfer Type               Type Value       Reference
+
+15.14.  Data Transfer Mode
+
+   The Data Mode field in the Data Transfer Data message element (see
+   Section 4.6.15) and Data Transfer Mode message element (see
+   Section 15.14) is used to provide information about the data being
+   carried.  The namespace is 8 bits (0-255), where the value of zero
+   (0) is reserved and must not be assigned.  The values one (1) and two
+   (2) are allocated in this specification, and can be found in
+   Section 15.14.  This namespace is managed by IANA and assignments
+   require an Expert Review.  IANA created the Data Transfer Mode
+   registry, whose format is:
+
+           Data Transfer Mode               Type Value       Reference
+
+15.15.  Discovery Types
+
+   The Discovery Type field in the Discovery Type message element (see
+   Section 4.6.21) is used by the WTP to indicate to the AC how it was
+   discovered.  The namespace is 8 bits (0-255).  The values zero (0)
+   through four (4) are allocated in this specification and can be found
+   in Section 4.6.21.  This namespace is managed by IANA and assignments
+   require an Expert Review.  IANA created the Discovery Types registry,
+   whose format is:
+
+           Discovery Types                  Type Value       Reference
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 147]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+15.16.  ECN Support
+
+   The ECN Support field in the ECN Support message element (see
+   Section 4.6.25) is used by the WTP to represent its ECN Support.  The
+   namespace is 8 bits (0-255).  The values zero (0) and one (1) are
+   allocated in this specification, and can be found in Section 4.6.25.
+   This namespace is managed by IANA and assignments require an Expert
+   Review.  IANA created the ECN Support registry, whose format is:
+
+           ECN Support                      Type Value       Reference
+
+15.17.  Radio Admin State
+
+   The Radio Admin field in the Radio Administrative State message
+   element (see Section 4.6.33) is used by the WTP to represent the
+   state of its radios.  The namespace is 8 bits (0-255), where the
+   value of zero (0) is reserved and must not be assigned.  The values
+   one (1) and two (2) are allocated in this specification, and can be
+   found in Section 4.6.33.  This namespace is managed by IANA and
+   assignments require an Expert Review.  IANA created the Radio Admin
+   State registry, whose format is:
+
+           Radio Admin State                Type Value       Reference
+
+15.18.  Radio Operational State
+
+   The State field in the Radio Operational State message element (see
+   Section 4.6.34) is used by the WTP to represent the operational state
+   of its radios.  The namespace is 8 bits (0-255), where the value of
+   zero (0) is reserved and must not be assigned.  The values one (1)
+   and two (2) are allocated in this specification, and can be found in
+   Section 4.6.34.  This namespace is managed by IANA and assignments
+   require an Expert Review.  IANA created the Radio Operational State
+   registry, whose format is:
+
+           Radio Operational State          Type Value       Reference
+
+15.19.  Radio Failure Causes
+
+   The Cause field in the Radio Operational State message element (see
+   Section 4.6.34) is used by the WTP to represent the reason a radio
+   may have failed.  The namespace is 8 bits (0-255), where the value of
+   zero (0) through three (3) are allocated in this specification, and
+   can be found in Section 4.6.34.  This namespace is managed by IANA
+   and assignments require an Expert Review.  IANA created the Radio
+   Failure Causes registry, whose format is:
+
+           Radio Failure Causes             Type Value       Reference
+
+
+
+Calhoun, et al.             Standards Track                   [Page 148]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+15.20.  Result Code
+
+   The Result Code field in the Result Code message element (see
+   Section 4.6.35) is used to indicate the success or failure of a
+   CAPWAP Control message.  The namespace is 32 bits (0-4294967295),
+   where the value of zero (0) through 22 are allocated in this
+   specification, and can be found in Section 4.6.35.  This namespace is
+   managed by IANA and assignments require an Expert Review.  IANA
+   created the Result Code registry, whose format is:
+
+           Result Code                      Type Value       Reference
+
+15.21.  Returned Message Element Reason
+
+   The Reason field in the Returned Message Element message element (see
+   Section 4.6.36) is used to indicate the reason why a message element
+   was not processed successfully.  The namespace is 8 bits (0-255),
+   where the value of zero (0) is reserved and must not be assigned.
+   The values one (1) through four (4) are allocated in this
+   specification, and can be found in Section 4.6.36.  This namespace is
+   managed by IANA and assignments require an Expert Review.  IANA
+   created the Returned Message Element Reason registry, whose format
+   is:
+
+           Returned Message Element Reason  Type Value       Reference
+
+15.22.  WTP Board Data Type
+
+   The Board Data Type field in the WTP Board Data message element (see
+   Section 4.6.40) is used to represent information about the WTP
+   hardware.  The namespace is 16 bits (0-65535).  The WTP Board Data
+   Type values zero (0) through four (4) are allocated in this
+   specification, and can be found in Section 4.6.40.  This namespace is
+   managed by IANA and assignments require an Expert Review.  IANA
+   created the WTP Board Data Type registry, whose format is:
+
+           WTP Board Data Type              Type Value       Reference
+
+15.23.  WTP Descriptor Type
+
+   The Descriptor Type field in the WTP Descriptor message element (see
+   Section 4.6.41) is used to represent information about the WTP
+   software.  The namespace is 16 bits (0-65535).  This field, combined
+   with the Descriptor Vendor ID, allows vendors to use a private
+   namespace.  This specification defines the WTP Descriptor Type
+   namespace when the Descriptor Vendor ID is set to zero (0), for which
+   the values zero (0) through three (3) are allocated in this
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 149]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   specification, and can be found in Section 4.6.41.  This namespace is
+   managed by IANA and assignments require an Expert Review.  IANA
+   created the WTP Board Data Type registry, whose format is:
+
+           WTP Descriptor Type              Type Value       Reference
+
+15.24.  WTP Fallback Mode
+
+   The Mode field in the WTP Fallback message element (see
+   Section 4.6.42) is used to indicate the type of AC fallback mechanism
+   the WTP should employ.  The namespace is 8 bits (0-255), where the
+   value of zero (0) is reserved and must not be assigned.  The values
+   one (1) and two (2) are allocated in this specification, and can be
+   found in Section 4.6.42.  This namespace is managed by IANA and
+   assignments require an Expert Review.  IANA created the WTP Fallback
+   Mode registry, whose format is:
+
+           WTP Fallback Mode                Type Value       Reference
+
+15.25.  WTP Frame Tunnel Mode
+
+   The Tunnel Type field in the WTP Frame Tunnel Mode message element
+   (see Section 4.6.43) is 8 bits and is used to indicate the type of
+   tunneling to use between the WTP and the AC.  This specification
+   defines bits four (4) through six (6), while bits zero (0) through
+   three (3) as well as bit seven (7) are reserved and unused.  These
+   reserved bits are managed by IANA and assignment requires an Expert
+   Review.  IANA created the WTP Frame Tunnel Mode registry, whose
+   format is:
+
+           WTP Frame Tunnel Mode             Bit Position    Reference
+
+15.26.  WTP MAC Type
+
+   The MAC Type field in the WTP MAC Type message element (see
+   Section 4.6.44) is used to indicate the type of MAC to use in
+   tunneled frames between the WTP and the AC.  The namespace is 8 bits
+   (0-255), where the value of zero (0) through two (2) are allocated in
+   this specification, and can be found in Section 4.6.44.  This
+   namespace is managed by IANA and assignments require an Expert
+   Review.  IANA created the WTP MAC Type registry, whose format is:
+
+           WTP MAC Type                     Type Value       Reference
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 150]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+15.27.  WTP Radio Stats Failure Type
+
+   The Last Failure Type field in the WTP Radio Statistics message
+   element (see Section 4.6.46) is used to indicate the last WTP
+   failure.  The namespace is 8 bits (0-255), where the value of zero
+   (0) through three (3) as well as the value 255 are allocated in this
+   specification, and can be found in Section 4.6.46.  This namespace is
+   managed by IANA and assignments require an Expert Review.  IANA
+   created the WTP Radio Stats Failure Type registry, whose format is:
+
+           WTP Radio Stats Failure Type     Type Value       Reference
+
+15.28.  WTP Reboot Stats Failure Type
+
+   The Last Failure Type field in the WTP Reboot Statistics message
+   element (see Section 4.6.47) is used to indicate the last reboot
+   reason.  The namespace is 8 bits (0-255), where the value of zero (0)
+   through five (5) as well as the value 255 are allocated in this
+   specification, and can be found in Section 4.6.47.  This namespace is
+   managed by IANA and assignments require an Expert Review.  IANA
+   created the WTP Reboot Stats Failure Type registry, whose format is:
+
+           WTP Reboot Stats Failure Type    Type Value       Reference
+
+16.  Acknowledgments
+
+   The following individuals are acknowledged for their contributions to
+   this protocol specification: Puneet Agarwal, Abhijit Choudhury, Pasi
+   Eronen, Saravanan Govindan, Peter Nilsson, David Perkins, and Yong
+   Zhang.
+
+   Michael Vakulenko contributed text to describe how CAPWAP can be used
+   over Layer 3 (IP/UDP) networks.
+
+17.  References
+
+17.1.  Normative References
+
+   [RFC1191]          Mogul, J. and S. Deering, "Path MTU discovery",
+                      RFC 1191, November 1990.
+
+   [RFC1321]          Rivest, R., "The MD5 Message-Digest Algorithm",
+                      RFC 1321, April 1992.
+
+   [RFC1305]          Mills, D., "Network Time Protocol (Version 3)
+                      Specification, Implementation", RFC 1305,
+                      March 1992.
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 151]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   [RFC1981]          McCann, J., Deering, S., and J. Mogul, "Path MTU
+                      Discovery for IP version 6", RFC 1981,
+                      August 1996.
+
+   [RFC2119]          Bradner, S., "Key words for use in RFCs to
+                      Indicate Requirement Levels", BCP 14, RFC 2119,
+                      March 1997.
+
+   [RFC2460]          Deering, S. and R. Hinden, "Internet Protocol,
+                      Version 6 (IPv6) Specification", RFC 2460,
+                      December 1998.
+
+   [RFC2474]          Nichols, K., Blake, S., Baker, F., and D. Black,
+                      "Definition of the Differentiated Services Field
+                      (DS Field) in the IPv4 and IPv6 Headers",
+                      RFC 2474, December 1998.
+
+   [RFC2782]          Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS
+                      RR for specifying the location of services (DNS
+                      SRV)", RFC 2782, February 2000.
+
+   [RFC3168]          Ramakrishnan, K., Floyd, S., and D. Black, "The
+                      Addition of Explicit Congestion Notification (ECN)
+                      to IP", RFC 3168, September 2001.
+
+   [RFC3539]          Aboba, B. and J. Wood, "Authentication,
+                      Authorization and Accounting (AAA) Transport
+                      Profile", RFC 3539, June 2003.
+
+   [RFC3629]          Yergeau, F., "UTF-8, a transformation format of
+                      ISO 10646", STD 63, RFC 3629, November 2003.
+
+   [RFC3828]          Larzon, L-A., Degermark, M., Pink, S., Jonsson,
+                      L-E., and G. Fairhurst, "The Lightweight User
+                      Datagram Protocol (UDP-Lite)", RFC 3828,
+                      July 2004.
+
+   [RFC4086]          Eastlake, D., Schiller, J., and S. Crocker,
+                      "Randomness Requirements for Security", BCP 106,
+                      RFC 4086, June 2005.
+
+   [RFC4279]          Eronen, P. and H. Tschofenig, "Pre-Shared Key
+                      Ciphersuites for Transport Layer Security (TLS)",
+                      RFC 4279, December 2005.
+
+   [RFC5246]          Dierks, T. and E. Rescorla, "The Transport Layer
+                      Security (TLS) Protocol Version 1.2", RFC 5246,
+                      August 2008.
+
+
+
+Calhoun, et al.             Standards Track                   [Page 152]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   [RFC4347]          Rescorla, E. and N. Modadugu, "Datagram Transport
+                      Layer Security", RFC 4347, April 2006.
+
+   [RFC4821]          Mathis, M. and J. Heffner, "Packetization Layer
+                      Path MTU Discovery", RFC 4821, March 2007.
+
+   [RFC4963]          Heffner, J., Mathis, M., and B. Chandler, "IPv4
+                      Reassembly Errors at High Data Rates", RFC 4963,
+                      July 2007.
+
+   [RFC5226]          Narten, T. and H. Alvestrand, "Guidelines for
+                      Writing an IANA Considerations Section in RFCs",
+                      BCP 26, RFC 5226, May 2008.
+
+   [RFC5280]          Cooper, D., Santesson, S., Farrell, S., Boeyen,
+                      S., Housley, R., and W. Polk, "Internet X.509
+                      Public Key Infrastructure Certificate and
+                      Certificate Revocation List (CRL) Profile",
+                      RFC 5280, May 2008.
+
+   [ISO.9834-1.1993]  International Organization for Standardization,
+                      "Procedures for the operation of OSI registration
+                      authorities - part 1: general procedures",
+                      ISO Standard 9834-1, 1993.
+
+   [RFC5416]          Calhoun, P., Ed., Montemurro, M., Ed., and D.
+                      Stanley, Ed., "Control And Provisioning of
+                      Wireless Access Points (CAPWAP) Protocol Binding
+                      for IEEE 802.11", RFC 5416, March 2009.
+
+   [RFC5417]          Calhoun, P., "Control And Provisioning of Wireless
+                      Access Points (CAPWAP) Access Controller DHCP
+                      Option", RFC 5417, March 2009.
+
+   [FRAME-EXT]        IEEE, "IEEE Standard 802.3as-2006", 2005.
+
+17.2.  Informative References
+
+   [RFC3232]          Reynolds, J., "Assigned Numbers: RFC 1700 is
+                      Replaced by an On-line Database", RFC 3232,
+                      January 2002.
+
+   [RFC3753]          Manner, J. and M. Kojo, "Mobility Related
+                      Terminology", RFC 3753, June 2004.
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 153]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+   [RFC4564]          Govindan, S., Cheng, H., Yao, ZH., Zhou, WH., and
+                      L. Yang, "Objectives for Control and Provisioning
+                      of Wireless Access Points (CAPWAP)", RFC 4564,
+                      July 2006.
+
+   [RFC4962]          Housley, R. and B. Aboba, "Guidance for
+                      Authentication, Authorization, and Accounting
+                      (AAA) Key Management", BCP 132, RFC 4962,
+                      July 2007.
+
+   [LWAPP]            Calhoun, P., O'Hara, B., Suri, R., Cam Winget, N.,
+                      Kelly, S., Williams, M., and S. Hares,
+                      "Lightweight Access Point Protocol", Work in
+                      Progress, March 2007.
+
+   [SLAPP]            Narasimhan, P., Harkins, D., and S. Ponnuswamy,
+                      "SLAPP: Secure Light Access Point Protocol", Work
+                      in Progress, May 2005.
+
+   [DTLS-DESIGN]      Modadugu, et al., N., "The Design and
+                      Implementation of Datagram TLS", Feb 2004.
+
+   [EUI-48]           IEEE, "Guidelines for use of a 48-bit Extended
+                      Unique Identifier", Dec 2005.
+
+   [EUI-64]           IEEE, "GUIDELINES FOR 64-BIT GLOBAL IDENTIFIER
+                      (EUI-64) REGISTRATION AUTHORITY".
+
+   [EPCGlobal]        "See http://www.epcglobalinc.org/home".
+
+   [PacketCable]      "PacketCable Security Specification PKT-SP-SEC-
+                      I12-050812", August 2005, <PacketCable>.
+
+   [CableLabs]        "OpenCable System Security Specification OC-SP-
+                      SEC-I07-061031", October 2006, <CableLabs>.
+
+   [WiMAX]            "WiMAX Forum X.509 Device Certificate Profile
+                      Approved Specification V1.0.1", April 2008,
+                      <WiMAX>.
+
+   [RFC5418]          Kelly, S. and C. Clancy, "Control And Provisioning
+                      for Wireless Access Points (CAPWAP) Threat
+                      Analysis for IEEE 802.11 Deployments", RFC 5418,
+                      March 2009.
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 154]
+
+RFC 5415             CAPWAP Protocol Specification            March 2009
+
+
+Editors' Addresses
+
+   Pat R. Calhoun (editor)
+   Cisco Systems, Inc.
+   170 West Tasman Drive
+   San Jose, CA  95134
+
+   Phone: +1 408-902-3240
+   EMail: pcalhoun@cisco.com
+
+   Michael P. Montemurro (editor)
+   Research In Motion
+   5090 Commerce Blvd
+   Mississauga, ON  L4W 5M4
+   Canada
+
+   Phone: +1 905-629-4746 x4999
+   EMail: mmontemurro@rim.com
+
+
+   Dorothy Stanley (editor)
+   Aruba Networks
+   1322 Crossman Ave
+   Sunnyvale, CA  94089
+
+   Phone: +1 630-363-1389
+   EMail: dstanley@arubanetworks.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Calhoun, et al.             Standards Track                   [Page 155]
+
diff --git a/src/capwap/cwmsg_addelem_session_id.c b/src/capwap/cwmsg_addelem_session_id.c
deleted file mode 100644
index 235e9235..00000000
--- a/src/capwap/cwmsg_addelem_session_id.c
+++ /dev/null
@@ -1,8 +0,0 @@
-#include "capwap.h"
-#include "bstr.h"
-#include "cwmsg.h"
-
-void cwmsg_addelem_cwmsg_session_id(struct cwmsg *msg, bstr_t session_id)
-{
-	cwmsg_addelem(msg,CWMSGELEM_SESSION_ID,bstr_data(session_id),bstr_len(session_id));
-}