From 41eae6d3f94dd46dff1c9cac50a56e723410bd4f Mon Sep 17 00:00:00 2001
From: Bogdan Gavril <bogavril@microsoft.com>
Date: Mon, 17 Jun 2024 12:00:59 +0100
Subject: [PATCH 1/3] Update proof-of-possession-tokens.md

---
 .../advanced/proof-of-possession-tokens.md    | 60 +++++++++++--------
 1 file changed, 36 insertions(+), 24 deletions(-)

diff --git a/msal-dotnet-articles/advanced/proof-of-possession-tokens.md b/msal-dotnet-articles/advanced/proof-of-possession-tokens.md
index 3962915a..9e539ea7 100644
--- a/msal-dotnet-articles/advanced/proof-of-possession-tokens.md
+++ b/msal-dotnet-articles/advanced/proof-of-possession-tokens.md
@@ -5,28 +5,44 @@ description: Learn how to acquire Proof-of-Possession tokens for public and conf
 
 # Proof-of-Possession (PoP) tokens
 
-Bearer tokens are the norm in modern identity flows, however they are vulnerable to being stolen and used to access a protected resource.
+Bearer tokens are the norm in modern identity flows, however they are vulnerable to being stolen from token caches and via man in the middle attacks.
 
-Proof-of-Possession (PoP) tokens mitigate this threat via 2 mechanisms:
+Proof-of-Possession (PoP) tokens - as described by [RFC 7800](https://tools.ietf.org/html/rfc7800) - mitigate this threat. PoP tokens are bound to the client machine, via a public/private PoP key. The PoP public key is injected into the token by the token issuer (Entra ID), and the client
+also signs the token using the private PoP key. A fully formed PoP token has 2 digital signatures - one from the token issuer and one from the client. So the PoP protocol has 2 protections:
 
-- They are bound to the user/machine that wants to access a protected resource, via a public/private key pair
-- They are bound to the protected resource itself, i.e. a token that is used to access `GET https://contoso.com/transactions` cannot be used to access `GET https://contoso.com/tranfer/100`
+- Protection against token cache compromise - MSAL will not store fully formed PoP tokens in the cache. Instead, it will sign tokens on demand, when the app needs them. An attacker who is able to compromise the token cache will not be able to digitally sign with the PoP private key. 
+- Protection against man-in-the-middle attacks - A server nonce is added to the protocol.
 
-For more details, see [RFC 7800](https://tools.ietf.org/html/rfc7800).
+> [!WARNING]
+> The strength of the PoP protocol depends in the strength of the PoP keys. Microsoft recommends using hardware keys - [TPM](https://support.microsoft.com/topic/what-is-tpm-705f241d-025d-4470-80c5-4feeb24fa1ee) where possible.
 
-## Does the protected resource accept PoP tokens?
+## PoP Variants
 
-If you make an unauthenticated request to a protected API, it should reply with HTTP 401 Unauthorized response, and with some [WWW-Authenticate](https://developer.mozilla.org/docs/Web/HTTP/Headers/WWW-Authenticate) headers. These headers inform the clients of the available authentication schemes, such as Basic, NTLM, Bearer, and POP. The MSAL family of libraries can help with Bearer and PoP.
+There are several PoP protocols and variations, and Microsoft has decided to focus on 2 of them: 
 
-Programatically, MSAL.NET offers [a helper API](extract-authentication-parameters.md) for parsing these headers.
+- PoP via Signed Http Request (SHR) - see [PoP key distribution](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-pop-key-distribution-07) and [SHR](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-signed-http-request-03) 
+- PoP via MTLS - see [RFC 8705](https://datatracker.ietf.org/doc/html/rfc8705)
 
-## Can my own web api validate PoP tokens?
+MTLS is faster and has the advantage of including man-in-the-middle protection at the TLS layer, but it can be difficult to establish MTLS tunnels between the client and the Identity Provider and between the client and the resource. PoP via Signed Http Request (SHR) does not rely on transport protocol changes, however the server nonce must be handled explicitly by the app developer.
 
-Microsoft does not currently offer an out-of-the-box PoP token validation experience, in the same way that it offers a Bearer token validation experience for web apis. A validator exists for Microsoft's own web apis.
+All client SDKs - MSAL libraries - support PoP via SHR for public client (desktop apps). For confidential client (web apps, web apis, managed identity), Microsoft is exploring PoP via MTLS.
+
+## Support for PoP
+
+Microsoft has enabled PoP via Signed Http Request (SHR) in some of its Web APIs. Microsoft Graph supports PoP tokens - for example if you make an unauthenticated request to https://graph.microsoft.com/v1.0/me/messages, you will get a 401 response with two WWW-Authenticate headers, indicating Bearer and PoP support.
+
+![image](https://github.com/MicrosoftDocs/microsoft-authentication-library-dotnet/assets/12273384/2b4ec2d4-7d57-411e-ae27-f3c764d5909d)
+
+### Token validation - could my own web api validate PoP tokens?
+
+Microsoft does not currently offer an SDK for PoP token validation. A validator exists for Microsoft's own web apis, with plans to open source it.
 
 ## Proof-of-Possession for public clients
 
-Proof-of-Possession on public client flows can be achieved with the use of the updated [Windows broker](../acquiring-tokens/desktop-mobile/wam.md) in MSAL 4.52.0 and above. MSAL will use the best available keys which exist on the machine, typically hardware keys (see [TPM](/windows/security/hardware-security/tpm/tpm-fundamentals)).
+Proof-of-Possession on public client flows can be achieved with the use of the updated [Windows broker](../acquiring-tokens/desktop-mobile/wam.md) in MSAL 4.52.0 and above. 
+MSAL Java, MSAL Python and MSAL NodeJS also support it in conjuction with the broker. 
+
+MSAL will use the best available keys which exist on the machine, typically hardware keys (see [TPM](/windows/security/hardware-security/tpm/tpm-fundamentals)). There is no option to "bring your own key".
 
 It is possible that a client does not support creating PoP tokens. This is due to the fact that brokers (WAM, Company Portal) are not always present on the device or that the SDK does not implement the protocol on a specific operating system. Currently, PoP tokens are available on Windows 10+ and Windows Server 2019+. Use the API `publicClientApp.IsProofOfPossessionSupportedByClient()` to understand if POP is supported by the client.
 
@@ -75,8 +91,9 @@ var result = await pca.AcquireTokenSilent(new[] { "scope" }, accounts.FirstOrDef
 
 ## Proof-of-Possession for confidential clients
 
+
 > [!NOTE]
-> Proof-of-Possession is experimental for confidential clients. 
+> Proof-of-Possession via Signed Http Request is experimental for confidential clients and will likely be renamed or removed in a future version. Proof-of-Posession via MTLS is being explored.
 >
 
 Example implementation:
@@ -112,26 +129,21 @@ result = await cca
 var authHeader = new AuthenticationHeaderValue(result.TokenType, result.AccessToken);
 ```
 
-## How does MSAL manage the keys
+### No hardware keys by default
+
+MSAL.NET experimental API uses in-memory / software keys. 
 
 An RSA key pair of length 2048 is generated by MSAL and stored in memory which will be cycled every 8 hours. For details, see the implementation in [PoPProviderFactory](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/300fba16bd8096dceba3684311550b4b52a56177/src/client/Microsoft.Identity.Client/AuthScheme/PoP/PoPProviderFactory.cs#L18) and [InMemoryCryptoProvider](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/main/src/client/Microsoft.Identity.Client/AuthScheme/PoP/InMemoryCryptoProvider.cs).
 
-## Bring your own key
+### Bring your own key
 
-The PoP feature in MSAL allows users to provide their own key management for additional control over cryptographic operations. The interface is an abstraction over the asymmetric key operations needed by PoP that encapsulates a pair of public and private keys and some typical crypto operations. All symmetric operations use SHA256.
+To use a better key, the API allows app developers to provide their own key management. The interface is an abstraction over the asymmetric key operations needed by PoP that encapsulates a pair of public and private keys and some typical crypto operations. All symmetric operations use SHA256.
 
 > [!IMPORTANT]
 > Two properties and the sign method on this interface will be called at different times but MUST return details of the same private / public key pair, i.e. do not change to a different key pair mid way. It is best to make this class immutable. Ideally there should be a single public and private key pair associated with a machine, so that implementers of this interface should consider exposing a singleton. See [IPoPCryptoProvider interface](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/master/src/client/Microsoft.Identity.Client/AuthScheme/PoP/IPoPCryptoProvider.cs), [example RSA key implementation](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/9895855ac4fcf52893fbc2b06ee20ea3eda1549a/tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/PoPTests.cs#L503), and [example ECD key implementation](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/9895855ac4fcf52893fbc2b06ee20ea3eda1549a/tests/Microsoft.Identity.Test.Common/Core/Helpers/ECDCertificatePopCryptoProvider.cs#L11).
 
-## How to add more claims / How do I create the Signed HTTP Request (SHR) part of the PoP token myself?
+### How to add more claims / How do I create the Signed HTTP Request (SHR) part of the PoP token myself?
 
-If you want to do key management and to create the SHR yourself,  see [this example implementation](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/300fba16bd8096dceba3684311550b4b52a56177/tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/PoPTests.cs#L286).
+To create the SHR yourself,  see [this example implementation](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/300fba16bd8096dceba3684311550b4b52a56177/tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/PoPTests.cs#L286).
 
-An end to end implementation would need to: 
 
-1. [Enable the use of broker](../acquiring-tokens/desktop-mobile/wam.md)
-1. Check if the client is capable of creating PoP tokens using `publicClientApp.IsProofOfPossessionSupportedByClient()`
-2. Make an unauthenticated call to the service
-3. [Parse the WWW-Authenticate headers](extract-authentication-parameters.md) and if PoP is supported, extract the nonce
-4. Request PoP tokens using the `AcquireTokenSilent` / `AcquireTokenInteractive` pattern, by adding the `.WithProofOfPossession(nonce, method, requestUri)` modifier
-5. Make the request to the protected resource. If the request results in 200 OK, [parse the Authenticate-Info](extract-authentication-parameters.md)  header and extract the new `nonce` - it needs to be used at step 4 when requesting a new token. If the request results in a 401 Unauthenticated, observe the error - it may be because of an expired nonce. In that case, repeat steps 3-5. 

From 170524ae01de51719ed443c2901ee024b23777c8 Mon Sep 17 00:00:00 2001
From: Den <53200638+localden@users.noreply.github.com>
Date: Mon, 17 Jun 2024 12:48:41 -0700
Subject: [PATCH 2/3] Doc cleanup

---
 .../advanced/proof-of-possession-tokens.md    |  72 +++++++++---------
 .../example-www-authenticate-headers.png      | Bin 0 -> 46141 bytes
 2 files changed, 34 insertions(+), 38 deletions(-)
 create mode 100644 msal-dotnet-articles/media/proof-of-possession-tokens/example-www-authenticate-headers.png

diff --git a/msal-dotnet-articles/advanced/proof-of-possession-tokens.md b/msal-dotnet-articles/advanced/proof-of-possession-tokens.md
index 9e539ea7..55314675 100644
--- a/msal-dotnet-articles/advanced/proof-of-possession-tokens.md
+++ b/msal-dotnet-articles/advanced/proof-of-possession-tokens.md
@@ -5,48 +5,51 @@ description: Learn how to acquire Proof-of-Possession tokens for public and conf
 
 # Proof-of-Possession (PoP) tokens
 
-Bearer tokens are the norm in modern identity flows, however they are vulnerable to being stolen from token caches and via man in the middle attacks.
+Bearer tokens are the norm in modern identity flows; however they are vulnerable to being stolen from token caches and via man-in-the-middle (MITM) attacks.
 
-Proof-of-Possession (PoP) tokens - as described by [RFC 7800](https://tools.ietf.org/html/rfc7800) - mitigate this threat. PoP tokens are bound to the client machine, via a public/private PoP key. The PoP public key is injected into the token by the token issuer (Entra ID), and the client
-also signs the token using the private PoP key. A fully formed PoP token has 2 digital signatures - one from the token issuer and one from the client. So the PoP protocol has 2 protections:
+Proof-of-Possession (PoP) tokens, as described by [RFC 7800](https://tools.ietf.org/html/rfc7800), mitigate this threat. PoP tokens are bound to the client machine, via a public/private PoP key. The PoP public key is injected into the token by the token issuer (Entra ID) and the client
+also signs the token using the private PoP key. A fully formed PoP token has two digital signatures - one from the token issuer and one from the client. The PoP protocol has two protections in place:
 
-- Protection against token cache compromise - MSAL will not store fully formed PoP tokens in the cache. Instead, it will sign tokens on demand, when the app needs them. An attacker who is able to compromise the token cache will not be able to digitally sign with the PoP private key. 
-- Protection against man-in-the-middle attacks - A server nonce is added to the protocol.
+- **Protection against token cache compromise**. MSAL will not store fully-formed PoP tokens in the cache. Instead, it will sign tokens on-demand when the app needs them. An attacker who is able to compromise the token cache will not be able to digitally sign with the PoP private key.
+- **Protection against man-in-the-middle attacks**. A server nonce is added to the protocol.
 
 > [!WARNING]
-> The strength of the PoP protocol depends in the strength of the PoP keys. Microsoft recommends using hardware keys - [TPM](https://support.microsoft.com/topic/what-is-tpm-705f241d-025d-4470-80c5-4feeb24fa1ee) where possible.
+> The strength of the PoP protocol depends in the strength of the PoP keys. Microsoft recommends using hardware keys via the [Trusted Platform Module (TPM)](https://support.microsoft.com/topic/what-is-tpm-705f241d-025d-4470-80c5-4feeb24fa1ee) where possible.
 
 ## PoP Variants
 
-There are several PoP protocols and variations, and Microsoft has decided to focus on 2 of them: 
+There are several PoP protocols and variations. The Microsoft Entra ID infrastructure currently supports two types:
 
-- PoP via Signed Http Request (SHR) - see [PoP key distribution](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-pop-key-distribution-07) and [SHR](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-signed-http-request-03) 
-- PoP via MTLS - see [RFC 8705](https://datatracker.ietf.org/doc/html/rfc8705)
+- **PoP via Signed HTTP Request (SHR)** . See [PoP key distribution](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-pop-key-distribution-07) and [SHR](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-signed-http-request-03) for the detailed specifications.
+- **PoP via mutual TLS (mTLS)**. See [RFC 8705](https://datatracker.ietf.org/doc/html/rfc8705) for details.
 
-MTLS is faster and has the advantage of including man-in-the-middle protection at the TLS layer, but it can be difficult to establish MTLS tunnels between the client and the Identity Provider and between the client and the resource. PoP via Signed Http Request (SHR) does not rely on transport protocol changes, however the server nonce must be handled explicitly by the app developer.
+mTLS is faster and has the advantage of including man-in-the-middle protections at the TLS layer; however, it can be difficult to establish mTLS tunnels between the client and the identity provider and between the client and the resource.
 
-All client SDKs - MSAL libraries - support PoP via SHR for public client (desktop apps). For confidential client (web apps, web apis, managed identity), Microsoft is exploring PoP via MTLS.
+PoP via Signed HTTP Request (SHR) does not rely on transport protocol changes; however the server nonce must be handled explicitly by the app developer. All MSAL releases support PoP via SHR for public client (desktop) and confidential client applications.
+
+For confidential client (web apps, web APIs, and Managed Identity), support for mTLS is currently not available.
 
 ## Support for PoP
 
-Microsoft has enabled PoP via Signed Http Request (SHR) in some of its Web APIs. Microsoft Graph supports PoP tokens - for example if you make an unauthenticated request to https://graph.microsoft.com/v1.0/me/messages, you will get a 401 response with two WWW-Authenticate headers, indicating Bearer and PoP support.
+Microsoft has enabled PoP via Signed HTTP Request (SHR) in some of its web APIs. Microsoft Graph supports PoP tokens. For example, if you make an unauthenticated request to `https://graph.microsoft.com/v1.0/me/messages` you will get a `HTTP 401` response with two `WWW-Authenticate` headers, indicating bearer and PoP token support.
+
+:::image type="content" source="../media/proof-of-possession-tokens/example-www-authenticate-headers.png" alt-text="Example of WWW-Authenticate headers in response":::
 
-![image](https://github.com/MicrosoftDocs/microsoft-authentication-library-dotnet/assets/12273384/2b4ec2d4-7d57-411e-ae27-f3c764d5909d)
+## Token validation
 
-### Token validation - could my own web api validate PoP tokens?
+Microsoft does not currently offer a public SDK for PoP token validation.
 
-Microsoft does not currently offer an SDK for PoP token validation. A validator exists for Microsoft's own web apis, with plans to open source it.
+## Usage
 
-## Proof-of-Possession for public clients
+### Public client applications
 
-Proof-of-Possession on public client flows can be achieved with the use of the updated [Windows broker](../acquiring-tokens/desktop-mobile/wam.md) in MSAL 4.52.0 and above. 
-MSAL Java, MSAL Python and MSAL NodeJS also support it in conjuction with the broker. 
+PoP on public client flows can be achieved with the use of the [Windows broker](../acquiring-tokens/desktop-mobile/wam.md) (WAM). Other MSAL libraries also support PoP through WAM.
 
-MSAL will use the best available keys which exist on the machine, typically hardware keys (see [TPM](/windows/security/hardware-security/tpm/tpm-fundamentals)). There is no option to "bring your own key".
+MSAL will use the best available keys which exist on the machine, typically hardware keys (e.g., [TPM](/windows/security/hardware-security/tpm/tpm-fundamentals)). There is no option to bring your own key.
 
-It is possible that a client does not support creating PoP tokens. This is due to the fact that brokers (WAM, Company Portal) are not always present on the device or that the SDK does not implement the protocol on a specific operating system. Currently, PoP tokens are available on Windows 10+ and Windows Server 2019+. Use the API `publicClientApp.IsProofOfPossessionSupportedByClient()` to understand if POP is supported by the client.
+It is possible that a client does not support creating PoP tokens. This is caused by the fact that brokers (such as WAM or Company Portal) are not always present on the device or the SDK does not implement the protocol on a specific operating system. Currently, PoP tokens are available on Windows 10 and above, as well as Windows Server 2019 and above. Use [`IsProofOfPossessionSupportedByClient()`](xref:Microsoft.Identity.Client.PublicClientApplication.IsProofOfPossessionSupportedByClient) to check if PoP is supported by the client.
 
-Example implementation:
+#### Example
 
 ```csharp
 // Required for the use of the broker 
@@ -86,17 +89,14 @@ var result = await pca.AcquireTokenSilent(new[] { "scope" }, accounts.FirstOrDef
        .WithProofOfPossession(nonce, method, requestUri)
        .ExecuteAsync()
        .ConfigureAwait(false);
-
 ```
 
-## Proof-of-Possession for confidential clients
-
+### Confidential client applications
 
 > [!NOTE]
-> Proof-of-Possession via Signed Http Request is experimental for confidential clients and will likely be renamed or removed in a future version. Proof-of-Posession via MTLS is being explored.
->
+> Proof-of-Possession via Signed HTTP Request is experimental for confidential clients and will likely be renamed or removed in a future version. Future APIs will rely on PoP via mTLS.
 
-Example implementation:
+#### Example
 
 ```csharp
 // The PoP token will be bound to this user / machine and to `GET https://www.contoso.com/tranfers` (the query params are not bound).
@@ -129,21 +129,17 @@ result = await cca
 var authHeader = new AuthenticationHeaderValue(result.TokenType, result.AccessToken);
 ```
 
-### No hardware keys by default
+#### No hardware keys by default
 
-MSAL.NET experimental API uses in-memory / software keys. 
+MSAL.NET experimental API uses in-memory/software keys. An RSA key pair of length 2048 is generated by MSAL and stored in memory, cycled every eight hours. For details, see the implementation in [`PoPProviderFactory`](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/300fba16bd8096dceba3684311550b4b52a56177/src/client/Microsoft.Identity.Client/AuthScheme/PoP/PoPProviderFactory.cs#L18) and [`InMemoryCryptoProvider`](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/main/src/client/Microsoft.Identity.Client/AuthScheme/PoP/InMemoryCryptoProvider.cs).
 
-An RSA key pair of length 2048 is generated by MSAL and stored in memory which will be cycled every 8 hours. For details, see the implementation in [PoPProviderFactory](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/300fba16bd8096dceba3684311550b4b52a56177/src/client/Microsoft.Identity.Client/AuthScheme/PoP/PoPProviderFactory.cs#L18) and [InMemoryCryptoProvider](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/main/src/client/Microsoft.Identity.Client/AuthScheme/PoP/InMemoryCryptoProvider.cs).
+#### Bring your own key
 
-### Bring your own key
-
-To use a better key, the API allows app developers to provide their own key management. The interface is an abstraction over the asymmetric key operations needed by PoP that encapsulates a pair of public and private keys and some typical crypto operations. All symmetric operations use SHA256.
+To use a better key, the API allows app developers to provide their own managed keys. The interface is an abstraction over the asymmetric key operations needed by PoP that encapsulates a pair of public and private keys and related crypto operations. All symmetric operations use SHA256.
 
 > [!IMPORTANT]
-> Two properties and the sign method on this interface will be called at different times but MUST return details of the same private / public key pair, i.e. do not change to a different key pair mid way. It is best to make this class immutable. Ideally there should be a single public and private key pair associated with a machine, so that implementers of this interface should consider exposing a singleton. See [IPoPCryptoProvider interface](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/master/src/client/Microsoft.Identity.Client/AuthScheme/PoP/IPoPCryptoProvider.cs), [example RSA key implementation](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/9895855ac4fcf52893fbc2b06ee20ea3eda1549a/tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/PoPTests.cs#L503), and [example ECD key implementation](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/9895855ac4fcf52893fbc2b06ee20ea3eda1549a/tests/Microsoft.Identity.Test.Common/Core/Helpers/ECDCertificatePopCryptoProvider.cs#L11).
-
-### How to add more claims / How do I create the Signed HTTP Request (SHR) part of the PoP token myself?
-
-To create the SHR yourself,  see [this example implementation](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/300fba16bd8096dceba3684311550b4b52a56177/tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/PoPTests.cs#L286).
+> Two properties and the sign method on this interface will be called at different times but **must** return details of the same private/public key pair. Do not change to a different key pair through the process. It is best to make this class immutable. Ideally there should be a single public and private key pair associated with a machine. Implementers of this interface should consider exposing a singleton. See [`IPoPCryptoProvider`](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/master/src/client/Microsoft.Identity.Client/AuthScheme/PoP/IPoPCryptoProvider.cs), [example RSA key implementation](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/9895855ac4fcf52893fbc2b06ee20ea3eda1549a/tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/PoPTests.cs#L503), and [an example ECD key implementation](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/9895855ac4fcf52893fbc2b06ee20ea3eda1549a/tests/Microsoft.Identity.Test.Common/Core/Helpers/ECDCertificatePopCryptoProvider.cs#L11) for reference.
 
+#### Adding more claims or creating the SHR request part of the PoP token
 
+To create the SHR yourself, refer to [the example implementation](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/300fba16bd8096dceba3684311550b4b52a56177/tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/PoPTests.cs#L286).
diff --git a/msal-dotnet-articles/media/proof-of-possession-tokens/example-www-authenticate-headers.png b/msal-dotnet-articles/media/proof-of-possession-tokens/example-www-authenticate-headers.png
new file mode 100644
index 0000000000000000000000000000000000000000..815083b42a81a442e9f69805ccdf07bc867465b6
GIT binary patch
literal 46141
zcmdqIbySq!+y6@=Dxsi&v`9%wcL_+BC`f~p#Lyuzq>4&+cMA;CU5a!!L&MN9IK;rf
zz`4=S_xpUGXPtG{de-`#^T+u^T=$@J-+SNJwfD8(ulMyuQ(b}Z_M_Vv7#M^~igGV8
zFmQ=5Ffbq7!UI0Z_ImFR{DtZIQsFrUWQckjxWKWNQIo;IsEE9CX@(126F4dAxnf`t
z{k-{u+3i?lfq_vqrX(lx>b>!Pi`@X{FZaTw%QglqBE_F4?N2(|13(U=PMKlhVP(?l
zpSGepUv>p|ykS+WFtcajF_k1~zfFtNdhee7Gv<W*xXfQD6z|@vq=sAtV2IJvcRr*h
zd3OIv*Jq8jBjmXCwegfe)3+vX_~J!N+7jc52>f8dDDicPPMN;Zq)#1<R3T*#aou&P
z7d+wG5z$Lw9>&x4_ea&N)A8_sT=RXz4*BO-H~%P!jar!hKdx0*+Oz-lUxD9S-Nq*h
z|Bq{JVW)Th{%Z5E<R5{u|8*<#0Wu=$NB?nM;IusQ|9or1&E`|6-5^_G+Suiq)YTg7
z=8*>b!i5%R(%!FrDccvSa{m2`ye?$+<UOL7C6!cNI2-L>6&#W2IwUe^;MgJ{Vm`%J
zO}bxW*`JVKM}=Pb{*%b=pb6gEOKC31a;AQ!nW{9sKYm;_>ubHubE2=o!Q^xnOm~?j
zg6LsPmAa^sN=@^^#~WHgFD!wA%^SL|jtixXE*&JK&;7O&{cI8m_KG=adicBYI=^U%
zi#IF?KkK+036Y$LXb@f;y|;^U(6vnNpt5M8rRik|)51TPd}7O|UexGjn~cKSWm>Kt
z#Wty)ZrIG2iwK#kb96kYUyHDclsHZDZSoZi=A;a@L>3RWTaD2{rBEeccj%tXnfwX<
zn0#%X3MzCe{RFDsUoF&=bQy4c;`zaK3=I1?|MH0nL{EA7P}gr=HzhYxvhn=DvrUYN
zRkH1DHFS{5v3ax^wNnyXCAK1lHxsKN*)Z$51ZJ_GCZ-rF%<%puvK)Y&(sq5(mYJ4L
z6BI?g`_VGdx@B^Sf{*I%*BOV1Zd#wxn%}A^2|Su9M)+wtgQ6?!B3@SF%Dl!ZEkDYA
z&sIWG?{GIeJ^em$lCHNTetmf~NU9+|n&v*G7t1F$J0NJ!xGX6^wZ)s&WY^ogmUj@}
z=Dk~1Cpc~Bs%EXZ8;DQ)E<$7@$wO;=h9qnDwa$Pe-o|8G&8Ny-<goaW>curvqT!hR
zTrDX6>bKD57O7!XTsuS885-{IFXp9+uW<Vq(a$a9*oO9)qh!2Bm0v^su7Mfwaj^o+
z%mUF=z7ctS7C9Ffg88oMs1?~#?uFVeOeOX^436dNqR{>nBB^WS{(AQvuNSWspYu;b
zAr8<933z){feysgxRukJ9NukJ^z-rPhqNy?%F~{qK_OSe5=cYWE=p_Fp;E%#eCkwO
z<j?d{`Aq2Dc`$Ne*F$TV<Q9zY)1AFL9U~X;HYuusP3om|Kh$=r;7GG-rd4$5G>>^p
zPa?&XEV0Cdq4Tc??3QMM__c=#1`ak-*#6@hPrCD4)}ojqaBi`^`w;JK4_-e@^gmDR
zolSp-yJ}OIK6TZW(f)qk_h=9#O}0j0v+y?wx3Sw01*s0U=}5Qdizn$kR>B9`RoMYQ
z&o?urM5>&7apQ@kE)Vyfvt%v$)=jZ<h9{Fh+@*2pVHnH~p%oRWa?PfbapwFq{&lbZ
zrJqfp?Bh0k+V{)fI9uG56C|!S9Ivc=@=8wY6E0?U2E<NoaUmikI?&B@(TpBW5KDsJ
z>7I)sXBp7f!KI&kS3Z(MvzW1oI%KiF@Te`fL^QaWgU?ctPhJ`mT@5YB>ic#_PpNd;
z36CL_5y_3$TMAOPM<edep-#G9%5Y&=Qxa_mB4J?7Q|n6Lq|o>GRZ<(`RM6Udibecn
z&N>sEf<`X+yI8RZXL&o~DLC{$>|Z;PP(Tq8p`_r@6$xgJrp=Uk_bhH=&;#?!l}3K_
zt<BjNKWgS>y`5E5^ry~fqRJ1(qf1<$=(fG5+cft+Y90Q_gIx51gSrLMY<2SAy_`HT
z;so#aA}55P{#nM2I-tIU90gjhJdxGUjFtNZyK%ZuTKe-Y-u!9zZHns>&aunYd+wDg
zc(xiDimr!suxyvOKJszZat1Ic@T+%TwO!OzSL0_^d`&+a6ShgSTct5$Pw!ntvcGto
z@10;Vu<NGmo$uo62=%iudQvzqpv=M|t7Fk$uDXrlis=_iB+omk2co$Un%KyQy+g<(
zB1bcH4<5SzI9)4sOVjT$XNV#^be*1#$Vm2TEKpx0f4iGs?rHb&qcMr20lvBP*PH2{
z#y*3Y*XNmamiv`vM((6AHHpLRUft=9o%>ooiri-J^wXvVsBPw8TP3l556Zt-;y^S&
zcS8Co=NMV|w05)wEI)fWIf1{C$AvIX>8&drDO!rZpb6=TxmGfmUf*GK!Ne~boi=P+
z<J-iw99Y*tDQkPJcl9cUr+tbtuu0x|o}$6w`C&M1)2A0#tm85J6-$|+k8>nKxh>?;
z9P<LbV@(re#lJ?0i<73fIrqvb%HxA`N=5228A!0-*1D!C0wNfW2+!jk*rwZT+{@}4
zE%X=3@ntN&Y&}YctF|Vm$CS%0mZmXfx~(%-dZACIQ+18K@{OVgmoE0}mSA(4Rpxkp
zhpX4AmjYqe=Tg_35liRkOS8YnGq0-Amq%T5&SOd}HP^0}h1bWK9+%BLP<Z_(y9Rt?
z@W~{N6ueZ-Z!v4%dPL-4&96g(x@ungj!jpi<^jLjvM7RaN$~(>Ncn2<`i$;+?VGog
zQHq1NI&V1gw~)<=5q<+=OTUJ6%dk1Y)&DoS|LE0V4G(CNO-(E@^O!zfz+ID4d7IKa
z;SSghSm?wgPl`3vhW2KD9|c->H!YzLXl^1CHlTjyJ0gQ$mNwl&y|a4^8XL1-J{qQ3
zcyRIS+V^T1UrJb;*5m>@?QywzeVOT*=6`iwg6Neos!wP>6N^buIbjCNh^$)2OZ0`p
zT~9(!G@)^fWp_5sXIIhrjPY|hSsdW~<S7%)u4)HEs$FiySnpr(da1IKp<ja0_U5UI
zpG0WZ8VxDs^xGa$Vr&XOeyYIX2%>T0>I>l2JcS?>+`#%=%Z92Umo8u?-H<o6^U<|F
z<gz=-u{^M2<@EwdBgAm;XI}8G!IJH@jwlo5#*plRm}DWZ#+=dl`p%G7D}H=xW9LPD
zfkpB0+jIssZl=Y;>Nt;Z8kK%bL-KKKSm^~Tsp$Lj^~Ac&k7GNrq}v7Se{#YiVJg+l
zu8(+v0Yuf4A6-&D^oy63yOq@D>YHP8fgtCkSo~}KTC#k)@-O@O{4VPepnO;A?Ut>V
z%?WMer}uox%Rj#K+i8=9rn$x`*=!rT#mG)S9X4#SE?d*ob18!|O}9Sx&b7m}>8gAV
zX*m~5P}=^*`x^`ytQQ&#zF2L^;vYx38gVUr-pME+fKkm6Du&wSrj7Z!tm8?#O7^iN
z;zu!`d;$Fc7yHIrakRni!6!xB*cOTBQ|)}BH`tR;;z7nPD6)NpZ$cvH1?zqBM(41x
zuPB_Jr+tl|UbQyx7J*q62DI0geGit!dUNlrCr{zmn}~i+%b_;4VJBLd_D4_8DRP&b
z1Qb4O+OIXB>V?htz+2|x*|LySF2p1YQs=N(U3B~HrM6uoxUFs$y7}e4NKT7*_DZYX
zL2+QUVl1fd>qO=KU_>F@hB`D;$m!?;s0m^<)Q&15!KG*!${p-doaW68pA`1;W|wuP
zTX4op7>m^Gyx+xsNzO7*VEHtOOBr{MhtEe&A9tKIw}oAlHytzrJC@DWA{=defgC0r
z|5h0bSCB%DdeqpM_*LI=zie2mdu%r*ORK-4<jp}Bc}`_MMI;fp)-KqIG{-<cr0Ucb
zN-y+3f`n%h>wx_6P=XpgtE4=&-Iu<5wwa&g7mqTK19AAKD*lp5<$Z-X(^pfDXdSyF
zT*0p_qchKEU$<_`|Eyc^nEQ&(r~b{xK3%Eyt?OZzca$J6`gf#%^A7rn;m^JyVWMb!
zcI@6<H@ODR7>0cjZYj?kC`)%==<98kbhnpt>h$RP<1rQ88iLAoNyzxw)0Z^6YpoXt
zcH?HHF~(tR!FoIGH5F2axfsVG^3DGI)4DE)60IicLLz4n?(jJINm826mCVG5mr{jl
zGkp*1PBlGzX*K;PV*MGU_!n6kTSK>u<aj^`+3TD^S(Y=g9VXuA)>}dXrgk~hBW60x
zQ5xh`&<e60Ctyjdld>YYc;XV#_=9?l_-dJ$In(1MJIiqdQsP(q>rC{XwXQ{%d-aKt
z=R%DO5u_EhQ;d`&l-d7Dl=g-k7H+?F<lNj|7ztu)NLU=7l2_A@BNX{1m`mtlNebTo
zB_Ru<Tq}VwUR=dyUgoLE#vSuc7qViz7QGVckwtsHOC8UAMLWx&6UP&xJ$v3ZVO%xg
z{O~40^81aSMxLqnFrbuaD^z>FPvJkh?bY3EYd>L`Xf##p7+2m?R-Jcg9=-`aKIhl8
zo9oof{N(r3SA3_R<J6QDe42}Qa;Gn!pViSp{aJz9zN{cqZ5cGoMUJ(5ruAjSJn_TO
zd_1C>39XMS>7Q^;Nk|m#BAf{W>sc|dd~WH6cj;Kw3e&kyXt5h)HAE7XG+Q;WEFART
ztLu82^dPaWaGfrdzbF|`pXXiAS6;a{E-6njrYq25h?_DoKFwAMyV<C7zsnz0=&v77
z2a;P3l(w*#LOe2mNQ~`DJwWfkHu8{xy7ZPoa`Ll22m#hJ9+EF>G@wU^#wk5f;x2PV
zO<7#`_P8VXBMhH#okw<Z64<{ksjzeo!k+Ma*D!rY00=1rCk_$id3I!vJ}P<+rDU*y
zMP3}?9th#H`9j*(L%~a-kMH~G7&^gCm0DfS5iCE&w;w`sA>!?E*nwXM;`Y&%b$HIz
z*h*^DA<x`6UqZkvDkIHVL-W*!&_<GJE}b`lCYNY_nu#<^G9|2oL}V0V&&Zq<6}<aW
z3>!wiL@GeGlQ4Jtb{rM>GbT-6n(^F8MlF}^Sk7V`V~w4W*J;gkbFJ#B1PFe=K~kPl
zICGqkr+RSQu0j?E+jeiY)ZGwPA60U#3I3?(o0XlnKVzBuj;}W5WgEq_`*Gn}TH6X*
zQ^6X1owZ*WBniEqL9+dEe184=&4#9kV4jCrYG1I<lEvF`wlnwO<#7l&DSp5G>oLU>
z+(^tq3fNl8gs?K3b65R!abbpSI1RG*O@9E}Gr@j|(ug&Jcj9l>nOUjePiGt5cfTz^
z)-ZS<quSX2iJrsj=$JlXJLnEql3@jf1%=9OyxW~YuyY0fV}<=qt`Y3JIg36N#8{DC
zN#Qame%hu$^N+zy)}d=>Ymtt|-rM=7kJ=s9OpiVsRdmzZ?PIc+j2AjZiLTaoN$*==
zyI}8B4NEp5GQK5|!>hg?%0(YZ8wtB;)C#f7LS09*=)_-9Js-3nrf7Q85HzHKPt_II
z!QuXf*=T6f3RmpMS3BmHl@iAnTqEQ<&tZOf*}F}*WK@C@1x(97%`~4Vf@q@ro2@>l
zy@`LmWbsx(^f!$TLW3OB-JrZ^(OEZ;2uqp?1+`1AEu8?8FwTDJ@tm*fLnf6jE**vZ
zz(fXABQ2PI$9<=`uoiU=j7I~vUApAQdsbRK4aq^0Ic8h%Bh%LsGRyUqPC7o%;&{3^
zQ1bg}rh26{YP}~56MlK2bP11y^Ezf1RZPRT#BoFMQrbkiJq=0gu(17eg>eqHN`3Zg
zrj?(??01*?snn4SyJ(OL6UK$N>)z#X@x8uS%0yu%F{HcDz6lJ`J{rEh9M)d<1`bz+
zI(y-`pwrN{v(Q+L@$Vl|{U%o~M<?a};6t6a&|vk!T3EF@H3fo80ZLINscG_XhR~jg
zC?T!;{o$)v%-3_Dtj_O6q=<I~u|(TbdTk_I7a&&HnAZr`B5U<KK~F+I@vyfpi+DcU
z;7Wm>8crpB@gteh#}UD&+L+vqlb>QxfJSydk1c=2?S4ozU26S?l0<iKw0ryd*ppfF
z_pco`BlZu#np?WQ^P$GHM>)AiQ^c&PVr9l-<30|>$S?U5+@u<Ze(4i+&j(wqvo)=v
zoZ|`cs8=SG4`(;bD_QjtbRJIa*p(4ibI@TNf^R+HVJ5x&y5|0*?rEuqxJiNox6574
zxqLBJs~UV+%Ad?*MExnG6TA}zVe9N{COhG@3KVeIFg@Rh?1MM9%Opi)9Wp`gteHCJ
zfmq(Y-BT+QMcP_ezORnUuXf6Hg22=`I0Q4l4?^BAaUk7ff;F$^Puz%3=j@nrmr<;4
zpF4i>L{)B~qx-S)-}c|ZR_0`70~umtj=stOA|4k^OT|GE^$AMYAyImEV4flVDF{6X
z>fXj~_>Q)We#W)Z%y2z+Z;7(X-eo^oa^-_t=wP$kHa<v+(iR=0*xPZCqf@B;@O6mf
zNb;8bPT)={t8na2J`wKHG`5HY%+N*v2ORo9V1m(o1ed+SYfuIfVYDRQlgbP03o&|5
zm$Zy^y}1_;nY%S$>l)I-_5)m+@b)>Ae@3tUkW{?UFi5H-yTl<*tS;OkIc{e`-o)qc
zOotDDFA}7SmG6l`A*91R=?Xj?Xu+K4(*1{+JqGaR-P;zt1)Dnh2|eMP4Z_j~jb2HU
zwI_jT%3`dh4}n0}+Xv?r_?P1{oog+*F~O2rUk(u~?!R#ey%@s|dG)zROzX-mp3dJj
z0{+fWUX+nSEQ74V;>{-w<N{DLfp7%y7|jxVT<A3y!O}F!)3K6x&+nN`CMIsUN*%V!
z)h-nbkUq(c?!A*s3%CBYRM&>y?=3W&h{ON&BkQ|+5@+x8^BpCXyK#OuWiCr4Tf^lW
z(5>cqeFU~e5mMbnLLCFH$=_8f^<IGtJC2%r50B^;yYs585bCUE+Ia3NGQ3MrAvG&Y
zl~BMd4EHpo<AgNxtn=xGyceKwoSr(SJ!DRI#^}0d9eQMiLD^mA%T}}hg*uva?JM+i
zwH{#<ZzSIrzh_*zbk6K-maDx-QSF&o%|=A0B<T?6E^@69NhiTkJvZH`Ykkm3a!5>A
z)A4PIuv44{S9Ma`G1Mw~oACK5jY68oH1e3VOd7^#*`v1A*s8(+(y4!IvbytPteq?R
z6D<jBFW$|w^ozaza78xP1OeSWF!{{fnTX}*w6W?D0<1?VsUzLVMMu!bz4sdZOc|I8
z?eZJ5?c&6YdYkR5jkLwEanR4f!Plc+-~+pI%UND%@kC)`UzW3Pn4k%NXcUv^?V0d6
zeQ?=H;HNW;Bb>4=*G@bXRuE2#3p;1A_TYQS@}0TlCP=VXkb$iI90~C1<-#Slf_xMi
zcWjk2(M5rNJf~@<VOcinet99S95LF=e$so^)$Y~i)k3Xm$36+P!g(vVTrjb%z7EA_
zKuNymVpk0c<H2vupy%4q22Ed|z24J1=*_0XQo_!-H`Yy0YMRGTgss6}uK}lf^0{kj
zflL%9&FKdLD40k~uJ7kpWmp&5o1C6dGBi5?ia5Md@G}eJ?CnE(`fYmZixgdP5KehU
z`E;9cNgX6sb|Hlxn`}q(Sb;m}gJtuBS<JSZ%qgDCR{rq8aHoOa5(i{KojrE=i%z9Y
znkT-)7~R1kP-OQ6j0Z1IKD|QeDLeiUG(_rh<@Av~rN^B@^`)QQN$<iiPo9R)<rGLT
zu~5Hm;ftxZ=_V7Av={i{S>#TSYtCp+O4JPfQ0-(onx6g4%i?~V&r&}1xqf;AU$46n
z=4{382>y9?mGDv@aftEyf?}M-e7>#;dPmnF^M$*@L5~zlZ}duuSeaeFkr`&RwBFt-
zdA1z9FZbeHTZmbO$A9ku>4%~aKrXbuIE>fjvL`Ddl_7yDouHfAE}9l6-`BW!9}NoW
z=BxRCZKF1*ya@Be32m~^X5H3@I8;-vN33n>OSe=jb3jE<xF>9*)5iVZEy3WYx_BGR
zjebB_;F<SVI{KE6>W1%wC8HoEzcFpQd+&1`f3b|fuY60Z(UjmvmTx7#DLEDd*$rr9
zug~Ybn>|%K`QtLR@=%&BJ{G2yY+Zr>9Mh0<@9C(ul&v(fJB@Up#6RHjb2iEM*vt3N
zWYRvHj2V+nBud`yOB~+j?lM=&8St3v$XE`%bh;Q$K|1Jp4~*VO*t>Vr?5M}RXkSrQ
zWtcq=;2T!XsBkkxe^Rm$O@^Z!v`XbOx;XCaBJD{AHbMjmEK1!+yk|*-&DV7wsq(A^
zh7s`IuTEilZ=DdD>whD+CsSrnROPg7Y*+GFu`~;Xz7}YRe`vJCc^k#!wc&wHSv9H`
zDp^ChoF3Is)|g6zHHcG<@_3naZYof0d}1~wW$gS%hp!6#S<70>v~Joz0BPQNdyk!H
z`u5Iqv8qA!Sb@n%B?N~7^hQxPqBK_eS#sCq@KMy@_itnW676r>7qn;B+80PEw>Nb)
ze;mIVsL2210b7~>q5uEC%>({VqX^1)Ko75&t+ed#b6x@?)mrrif03Isy9}Cz&`gN~
zhvZnt#T8&3wo@1X-5I|-B(j;dQC7E@;(I}47tMl<`2=Cyr#4Rj&3eT|AeOIR`u#;E
zNrPYhP?Q(J(&M1Ig(>mV8S}x@{kc?tNYseHn~w^xbaArIu9B@YY_8j2F)Asbx!SVZ
zhWFa%8r|(&4;nThhIf1;0-I}kVtwipn;RmU>HN-Cirb+{mIk5X{}7iZ!9O^K5;w>J
zrxen-^UVqv0%$nhxr=iDYfGv_qYcyH3)3Ay%C&{muYSG33h##RC5de$nWq>yG~}c2
zdd@p5xZWHnmN2JXhHq5*MPguFPQ!ZE>606{Fg3~p;8+{qJ~#7!ds{o{L$>GNL*W^K
zuylHaO)Ne_{f~AG^}`F&EzI=uZVHN6CdY&Ts&|`2Vf#ZT;%!onU|>{s4I$!>4S{0%
zqS~wDKL^$IC-`!uO~WU>dA9HXq0Z#ux}?0d@qXG`y7#twvpM`^+QiY=Ydv1DT|O(+
z_1?jXaqU#hls>FiU_MtIXId)(kb`T{;#RX$k2UJIazaz69O|>tsn;iUe<Rguy8Z7>
zqVK%eZ@a$Q|5o3#5<(|=zDsk<VZQ~r2*?~4o{w0Aj~9U_t?p%fPRXibF;H0s<nSL{
zm1IQq2YYdR1OyNVgl@9X;`>~q2h-i5+^sW^v|V#f#6(}GWEaPrKFsE?5<h$Shm2XV
z<rxIH#_3$<!)n(y-h_&~vR}D`>DAWs{7J4ZimG$x8zwgJ4yM!kyH$KKm3&m}{Bfy^
zc}*&7nXd}mC{%pS2LsnKizAw+zxJWmKRC?;^d~L(Za4FB*QM(Q3hPu<JdK!iZdiUe
z_wIyNswI|tLBB*gS!V_qgnoD;9z{b$<<>$V5W1X*e<jtQF@^oO!3hxCHSz$)%P}}l
zH}yER_g41)X4Q~rNy{e_o`*Q!&+?c4#f|2I+eFBN4N&XmV*$Wq@hhbQuT@r$mGnOc
zWu8LAcNk25y#(V1R*(&v8#!}dc;y4B#|??v-vr7m&%d&!hWKx}3rauKc;>-OEy%#<
zP{?=R&cwi-&WRX_pxKf{d<GU$m@^=H)?8!TL?s-M{^tnxpnF|Xu@r9wq~@=xHd+jt
z-vDd#06)2jud{16jc2t#9Ej#YfJ)3#gO5k|tvhyVU56#=ykOA^&|!QUH%-@RBTuz5
zH=i4n2xO$d4Me&)Pjelzaj0MUbPDg$hj{@xCICq1i!kkRL*TqPC{J$0e|}8#-=3rK
ze`3&4ssF&9|9cGjuQzn_CI252*#F(F>xaC66Jm<Cx=8+cxBq1~Kv{vkF_0zGw^C&9
z`_Gh%gC<9puDk22q1+C{Rl73RB0v;CuZ6^b3^I3J{lZc!nLbNlnpkT;TY2ok$c>P*
z4x8Px7o-dD^8prLe#e%RDOi}&tbHpVNG%n9yLIm+R*2MD2XP8xq<H0d6##5|lRc$p
zfC{5+4zJq<`>0R~y}jzWi`j=%X**VFQZ>~8ZA%yMFv|zC#Fo7u5dHl~tYr|7_w0t*
zikjJw6znz`JxFV`6glqk=Tp7fjHeV0p?yruOpsaz_vp2r?f7w$<63?GB9m+kaszBL
zfb;0a4I4aN@LcK@vir#kn)bGu1>07A*E<gJmNWT2JXJ=XTF?4$l1`Ca5Bqu-E?;3h
zXQPD})LLVgM_Y#to*&2LL)cGz!p9pS6J0&h(@r-Kn!OFdJ_vmAf-kaZDgCK<rit(G
zUmF1Ves_Z(03G#^1{>MSlG(fw>_PNs^F}2h5?&72fL~w1S*)!?=$~|Zo6WB4Ii3i0
z4d7uvs5QVByqwV17$kBL2ush<ldPV!A~aro<Mp!b&0ltl|1Wm?ebziug4x>hxd<Fs
z9yjJ)hm8`iO4xEeB+$p>x;492wPsY9$l}?pO6`7&Mdz1+gy(^Ei{5swg96jl+X(=e
zXMtY#dfJm^{f>wY?|6Y6AMroV2+_Or?`2Bl2Y`lw0Bv@xL7f8#ln23;?DlpgMm{Em
z`0Q15>r+MJ5uabx&N<k%>1G-zFO$fgTp`=q2uTVEU#yt;ov&{I=*9t{kb%GyT<*4A
z*<GM-h)8ep39jXwU3p6iU=xsXz*P?hc`PDZkpdc0Xt$#dVm~JrVDWBj0Cd|_@ae2|
zU)ONo%yzO-@XhAXuofYf!0Yw)ZNGAUC|Bb<7c28h)npJqKbr)wSwgQFho!E4kAB?Y
z<}Xb5fWih=^|(d5p9cb~KSX3LjE~uRpt+t7q6Pq8x7p(G&YRuy6gv>iKqB|7f$VN0
z5cSjhtGPVwQ{^EKMvp3u(fKEjO;**2C5|;+e?8DG4a3C2-X5=;cTu^Zq+lch>gZFk
zW&MK=Jg2s0T2yS;yB*KT*Sa<6kIex|4`pPBO0Epssy(SIsbes*Z$Eic+&!fm0pMW&
z<g|q^I`oik87xM3pti2V)C#+w=MGTqDp$=P>XH|GRk3_WJRaU%6nr?o?LdW4T#q8?
zPMh8%k>l$ch`g9^LhVhwc#Nc9J^V>L%%zNlYcM2reR<=RVCIMshDFJy0EF7j#mZVU
z>h*8^`WJNcpEDqFo3vPAIJkkpp5AWu!EQAu3^-Tk;}Y>4|3iyk#pFk}ou{_V(r$l~
zfUHZ_iXN#;1cf%6YdA^46=0uV1lv&>9yA{fbs#4ok1Pc8GJI|BtI+cl5HwHoBs!E5
z`yXY<_4RiwHTWoo!iC4Yzq}_@Kp87ZY9r~;TM8iBMlOeY2TwJ&X+nI-$JaC$W4tc8
z`q~Pv;<y*-j&v6nH|z(x0<VV0SI-W@#>51zFq^VKPx4X=BDE=(;L&qG+Ihj?VJ+`M
z#Sh}bJwh!SmSg8$yZtk+@D^n4+LLZ%+ci2~>GiZ{O{eJA=Q)=%F&5I^1o-5Tb%vMK
z#bMO763c>dT&)61Vq!~Gx9O-2Dw3E$bTEB3o{#;MZ!Vt}*kLw4Ge*2QH(poV<*6p(
zxlZyVoTu7-Jm#_HUu(J=Tx|c;Gj5h6%XNzZ)zevid~6K*b+6wrhG$z75@Q@q8*-ov
zZD^FE?6#ZGY4B;(k<vO%GtXcg6q`1VD(MCa)TSNptIaA43?`9IJC`j<H+iI!)HW+!
z`ex&2#Ok7=H(f|y$Mpn3gL66JzJN<#er5v0R0w0@@b7NArDh-}%7&Z?OVU^k5(#&|
zrP9-Z++SEVa_J_LK_b0{`O9AU+042ePb#4q{W5og#-tA_(!QxcX>EK6#(GbRQ+SVS
zL^Qd_qOZ2~57dq{XMa(+mli7wu+&;ZBy%hZQBa*uU*WN4RuwLPN!JYciKjza*j6J1
zahHMIUTH3fu{H!2vr%@cm3r8=*XgyHK3$+~%e@}!$NiELSQ%c_C(5o*3(QlMZ>A(A
zM7&zG$*=+I*%VHuU()G%1C^gtV&q88HnLbf4;%@<*vlH*8gHX6_LYCyRu0~`i*>Xr
zgt2RxU<JWqA;N{U<!x8qM}6$&)!=kfy3NP)KU+HI06bT34ag~}h83g`^O~H879{Ur
zt|^;iSRt=6mQ!vM@tk#a_z+D-8UC!fPlk1)3+aN?)*fZ>I}zIuU`4=AOs@L<DSb7D
zvIiN0<upnC(9{0lr-S-4rx$B<*YyjILmf-vOkXS;mV@p<ug@c}yFVgd%ULozc>o1&
z9jP3oVHeVr!tH<FuiYUV_Z#U4N2as^%7anEL59zPUIU~+{9e$P>yx&tX&pbq68_mP
z!n>WN0~4Nck%Fe@9B%6hKKCr-$gj>buN%+@yC&D(?2-KMZNl_2O$)zci__rQuLF8^
z6K|6977bOgc@(2s`5oqIRly$FA>tu&!MKjhqXuL^6h3y*BFhgMQ9xm0DM<TFR(t2!
z)>BZ%j9Hc6nvh>ExV_WMo@+WU;$`pe@eX7^hKQzQ%iM=x&Q;;KM}>B#moI215<@~R
zHT0cTZZDYtCHml6q|~Bcp(nX~h+okV3@VZ1!p2F2zy%F%jbmQkueErb7^^N?+!8UI
zkFh@@`ivpaa4|H1CpoxT+2B);So+;O1^YV5!;7s@TXu`jRmxXAxlhddMhbP$?wO#*
z5_OJm>#g~8`l(-s!Vek1%#XotWqvt^6M=A*C@B!_(MEfu^3qZYl$}WD!Sd3i=6IWn
z(^9Di$48VV_aL?#9GF{?h8&ws>@&|eZFG^2`j(|{9cc)vs@)@pZtMZkBI!qaraP@H
znZZP&MUx_sl~yjJHRGULJdTitE7We`o_l61ake05AIW-QrF)H@iO=BM{#WW_W(aR!
zi>WJFVHMhJ>Pj@s%o*Iq&*Go($SD}amH7y~Ylr+yP2vM|JHF(|P+gp)Agr>VD|P;a
zsA>uTXh9IB;j#LtD(xDSvUe3qIy#0h(lX`O3kGtmr(5qtrSg5Ze0|Fqrz2O!F(f~_
zg;&Pt9P^FjNBY7T_YITaQI57OY#RF%7-7~+7mG-!oigz<Yw*|#{Sr{3v`l*S`T(jZ
zS>K{H{32_Atv+N?n!3$Qhwkyt63NT+Xj*4NsCW=j#5Vi-h8WKEXIFwNb?l(1#s0n@
zHx?U&4a+fUAK6M3D)No~GRfHTqmCP(T2_|#RKpx=+KCg1L4$)ECiVRX67D_S1by%h
zI;ARWX5ZkL;A2bAIrfBtIWQ-{Cdx(iRuTFNC{}<v+IP>K&fvj2ruPbkorir%hmt=u
z{1CCAXFQL*!fs*fHAko?Ui?mxtj|z-h~!(oJ@!PH00+-}wilU8hkiG=f<ojP6|Jo&
znza6#9aBsswE=3HG@T`eHNAB^ev1jCsQ$4zihoED-5|%+!gWK6OQEYj&@)ohg6ZA0
zd2q~Z@i=ax6nn4P3Uh@ExAHq`qJbCA#(Kp;3kg*}u6yXgQW`sF`3iBfkF)1t`Oa8T
zltc<BS*xR<W+x&hJ7!Vg_rlP(MMHV}i}>bG*6!{XTx^U6Qp@gUeJP=L%ph~!pIO$p
zyy4O1d}?0F)i5{hZjuJsxCYc6cNhUmeA&cr<&Mc4o3^ylWQy)DEYnvjbXR5<Quw6$
zMERHqN}GN%l#4@?=IwLR0Moa{%_}=4<qp_xTeo|R<tZ_}1N|m$!h68H`*B*gkeYj@
z&u?5@(X(O=ux<Rj?Yf+Qo=I2y>mC)}pOH^EJ!<4=5~-t|i!Y5jPrrcU#iK-c6EeBF
zCXlVwfLh;)e5ECbMWE`pHZMI<J<U<8y8eXbz>)!D4FWY-QxT2K5eKNCDS=dg_m;Tj
z*`Br3+?7Q2U^3M&gsEfTRZeBBq#r(7Dt-argcCP$EPEW!t69K$<ki*2WmTbt<5)ph
zsdcaSu|w4p(2i`&2dKGyCZ16aIxg{;0otoS$4oH{pzJGCL~-U!<m6P<OmKFmugYmI
z@wUyLcD2b)VJHvCmb{X!0@O>qARof$D^*(_7wla1!hcj?+n7AAWVaE(!w+y@<9Zcl
zQwv4_IPnpdGiwU{cXIZjr!xP=hKX|v05%*F@9Av7p<uXBV5;M$IfjT-do-bnU3T~R
zA39u_^7O&9O@7`o{yW?Fr!jc%n?BElUmt5+S3i}4e$ILl*wa(GF3`n6%MA6->8i!J
znuaymjitAS%DUxGE1>cS6@ub9Q^;;*w5~|^72M9a_0-Y+9_i*g4cAU-9Mf{=C*zzr
zRG52W>jhWPl-Ry^#xK1_AutwvtB2{udf`udu)7<{!ZPIXUs@H*dV`b{y5DjhlS(l!
zyhucSt%})skjE>h@tsNdss_fK|NNAxO#3z{ot>^xBLK%p##%A*(gmblvIa(%biVOW
zb?@2s`{1FZD>Kpe<s#`#qK@neW8vIG-1QXqnAyq2EqwQ{GC4daEzF#V0&1MMkE^q5
z>+_FmrYUOgE)3RqMx=$k{sh55j|djd|JI-V3iT6Iq3Mpw?@NxjGeN8<dv{Wo!u)dA
z{B!tot5Vo=E}j5Vwpl^|rNr*s&mwkS)VG_%xl&S^c7<V;+`QD|*~mwEg#v!4$KcO#
zF>2XH?=ouwP$jKK6FbD{oIfv-K<8dH0ENvdvDJBcx&>^Q9?0d5yIyN+NK8JxgDeg%
z)_OpZx=yRp{X348w$z0*F5D#0%0TWe7vfdu7VkC}RnT|X;M34I%phlDvYj|1<q~NQ
z#SDN3`%m~CU`d#cjQ9|*$t;fo;BkeG0j#UwyYtyRD46#H<QS#M(lEn8Z9;7-@^dth
z%!Nzu<HI_)XU>ZcOzk^GtlfnKlTdbcLzT($)?*&<AeMdMMrX@gVa3>06K2U1qM50L
zSY6PEAvEn%Zn)!T5%DBANv^Rkb-p}fi-jl4wyF^dNKSbd))EyDOUbEM<Cb_SVjHL%
zbb(C09mi)hg=mM$b&Kj2cOP_%fjkFq^zT~B2FZM0x7l;~n)4(M<pd@%0XdWDTw=N8
z87vhkYXjGzAs51uA7feL-UypdGlDX0WdxTPwUPL5oh=y#-V%S}?Mjk=1Wb3Oo=Pg<
zA>1F%pA6Y<nW47Vcv2YayWwk594JecvEPC-rD^+=;z8(t;a_u(Tk~cV??W<zqV1)u
zP7E49zEALJY(LZ##4_Re-qS&gJjOTuq-wko_~1Q-Tnqj)THxGuJn^-qB5TkOFt|A*
zY#!BW9?{Y+8t}QX^Xvy^1M@x}9LTU)4|sgIz2DaBm{zU&d>adv#=_38)sI_bs$zZb
zuk02##@HJCF8UqSn_dxo3#E3OQI40^hj-q$Y53xkgq302Wg|lmrTEYLwhJOCzU!6C
z&3-rf+&cUuCS<zwG%G`-QD?75YR|xiVaZC@Oh=68mAc`uMRKi0JYlR^*^@FO0l_%S
z*>=6`MelN5>P_J{HL+FuV0ZljPWGF^mgC!Cw}n<E$80gco@lNUim$`iabj4trz2v=
zzI}g``H8>5YLvs}Zq_i#Uih5vAB%(e7LLvF`L<mLNh)tb`4gk;MH`Yx!JmGn3KlA3
zlT|>$nJ1&)^KcA<aeC#tC;}*Ad%gmz6{dCgGJS_A*{hOEX-tV$m8I8MuaYq6u+B=_
zP$luEboiJuSRPX6y&5_TLj4j(&w8^i8+Lh0_m-@qLe;Igu&9GW%>xYCQWxnOI5eee
zLrjb8WC(259^Lv}04RL+hTmI+t+r38D9l4;>Fz>gK?%#WI;q_Eb+mbn<0BYKIJ-a9
zDrKH-bk$X?SF@&@alCcuoJvnYTK*_?H(+lWme3oD&whAG%^V}LFu~L1<I_dIDMoK?
z@px0@`N9lp>V&8q^5CPYmCc$P)f=KTgyH#!lFpFL9Rr(-tQ+8K?rOIl_oFlBOO=lP
zGUNE^aSa(t*1^t<(8xU&GC9QkP)4^!1z2f#L3+g+?(s7JHS=C4@fTyi9VsO-&_)34
zMFf5)-J@To@$9K3-bpj)NPvvIGzjZ0tt}(Q%8T+ruHD#7j%Iv#UOWoTdeWBW7q-oA
zhCSx1EwQrfIP^PRbJjxPyVp$X#D<gF9$-<}tTt95rheP`S&r0FP4^tIl%ElO>=p5N
z^`VeePUf}9Lig|+Qmya~#iaENYJMDb%SVS{QIap>=xK{uImmTn5v_6wN`(LemeuRI
zV@~<s8L+(N>aVGlv)#eIM8Ui(9!*r4Be-N=^&bdKBItqh7Xo8H`2&F+zqi;ESdJ+B
zcSIt!dFnZN4+91tD}Hc&ka=oma>itQRTvg_XOz~)5^5FDc-UX@sL*A3;)MdP$RU~7
zWBd<CV3(BcdxmjCakZ>JNob0kyQZJRAGo~@n>zb4#7DXG?hnFKy(RDk3mO@4zjEpW
zD%9k1RrvyIJBoJuF(30cXzPIcRxtJ9t);c^o-MANL4=P@+u0r8UTymnE1%w8Q1k!g
ztTW~vLFnF&UqJNRD5km_kYgmz;|g`uZS-x~_b5i{-U<0CLmtG1NG4ZdvWXb&exqtk
zfLIs{o^{Ox9xp^{8K+rWhV8us;C_FC`$;i`ccjqlAIghN*n3sh`Vx}z+wn8;GmVk2
zJ}&TP6$WsYDw}{L;mM073PwxEQQ58$ev-Z#aK|o}EohE}zjeH;+FcpIz1R}rjVZj5
zE#!Hln}x)de`qfgnu2tl3M}Fq@JeHgZXy~kZ5ir;)54@f=57dPh|s+p23I(`q5;K%
z6<dZY>z=k7gv^G;wEMnAEoJvI4Q7-7MV-H$?!CuxJse2b2ytK@=J2g;MtiI<ehT+x
zHUi`}Iv8hkrZF{#o|05F?uo~aBr7rd(`YK>u2BGMcPaLJkk|Wb#<ttP5-ip)#M+L;
z%BWxYCs6H*^|Y)#OQb`pRIFW4MVBA<P*hd43yK2>wM_e~YhOo`iW6BvMGg^uGBTwi
zUhVv7C=pPp9Ddav^?L}rdz(BA<|dX9{3%A1e6~@GkRvl46|-`3psZWH2#AWO{wXP9
z*1vws#mJ4-j>5p2LYMW<kTHsuhIuqhsz#K)Fv9K7i~{b;VE~U7F=vX%TeRtXg1_)j
zgy8%Dc9*I7P;+WaH7Bk8{=lE<SAF?gDRH)MOG3uMBc4w4zs=uXl|H9`bN{H2n^)xX
z>20gzH;@Ns*=K<`WUugjThllgWnpsH6UZIi9`%ufYX3cWwGcR_byh)X+QprbxHa<p
z#*o4D8+{leCEj40(t4`@iF0>XJD-;t&;euFHyn>FpVe|S?U7CF*bSZub>bJ%u&8`z
zWvMk6e}&g2<R)R=X6O58S+t92*5LTdM>hN4;hLVfru7i^qy+QNpb|{4Z|K!G9SmN>
zw!}Do_q<c?C@WaiAn)yr0kL6bjK)U%^6T`|8jIx7YNa>f+AJ|ud6UH4unV1t7?ISf
zonWHj4!p>L9HJe>W@34w=p3%~jutspB1LYHi<P>Q6G2g)dJs=4uG(tX?YD>Y6x}J4
ztPOsA9)1GP^sIt<ao#3;iR0N#uG!M2N|zL?NoFAFBo4ZN*N|Ig1rVIC2COB=FMpX_
z{#tG?n57m*Sp(Ys-s8j0Bo?T+mQdG3M`T4s3`-sAOD`F_5lY7_i~tiW=u;_{)5wUu
z;8czV2(NK(!YTwQdb*$Y?5M*b9)M|cGCz$d%KtWO%}PJ3u-etwZV|PYH52QD^jYbb
z9iI>Tx1R4WUG2Xvc~?Yd(4{>0?FJ^shCH}v_IQjxH!V@S@drQw4`csGP<#2AP{#^b
zc`?Tx_#nyhe>Q(9Tmv8fL1H&Q{!cf5{qNAj|GMvNplJU6TKHfBr-4qy4VOR++H$p?
zt;X9CiS2#g0F?DK-y@>(mQ(#3E&(z0{5OA?^8~<MLn6N$jm;)Sm3{wEtXmxZbs_@L
zS#JQ1z4~7k_XsD&0We>0+!zUK9hVm8fi9;(K;060Q2!X?*Z=5cdcFJ=V{xj?AQb>o
zp6mL{u6JPosRL>S*q}QM4XCjixKsa)C)WJsgsdcPjHd2@I4p281fPR2zM*%zdkb#k
zYV3hRSla(mnE8R6Qt*jrpTFUG^Dh0I`_@3CnOI6Nv1C1(s6N3b0}$;`{eW==`V5Kg
zmI`vyJN7vt7d*>x7Q49q17rUCwuab28ux;Xe36$&!*!W-fF8dQB}-&OByl`)%16>H
z3Xp=i2W~iRx11LIuhIJ=xU~U3ikYUA0KYTrmw??{NdZ*&!ofTLIVhfgcs7<@=~SqU
z&<udzpw}h<?TBBdhEJ%JuhIDYTfM{N!ZJz=1+ZXcO+qyQdLb*c>kRb~mEwTNy}$W~
zjs5`8+{C=oPs07B%ks8=L36ynHwia<W_yiBI_mzCzv+SMHGxYz*#UZQhOaHOZCsi%
z4+)Xa$Wx=e*C(y__`ktD=szS^969eA+t%0oyNe1S$dbkYp7B^Wq_c}I)L}m5`9q&?
z!T}(V8{L0+vkJokR$6ZLDmPOdjZn8fEZN|9qWOPf<-y3mt^vk6L^yK&_hR$s#a?o=
zc&d^GIh%C@Z@4~;atWK272ER5f6~<|yS1C1%p|Slbgzc}=G&bWU&CKJmqzsC*3G;q
zL7r`=`)*I^<MvhmZ~(ZpZ8Lv+k9(XvoQS&09(dM&^7rqU$kfI5t36&*wP8@NB>F`H
zU3eQKvcw>%OrUpfU*Pg<1%1FTZghq(qIVD=sdKcKgAEk(W88GHc))ATQ-T7o^-<sR
zWYhl`6vg;nQXpOP*)_BO4GV-H-Y62?1T1Oa*CusMKvGM9mMXT0KJbM9!A8S}K=X}T
zcP(fR8r-&G2XwD|y9fX*5O8T^w1NdE;z{I<6o;l$46b&|1d`7#+L{~|+xP45B2?8d
z6YkH<(`oBhkG3B4se50M15Av~O<He6h#kDUUIhB_QpMoSRU)XZ+_~YPNze_!Kk8wO
ztj;7B-OAd4G##YqZ=b?qH3R`pWw!{lGn^g)u8;A*aTHzCb97_$9|FFkx3J(3O}YU_
zh;5obft<W{V-~4(Sb!P=NjXSqoyH?#_jiq)wf_r+lVnH?(f?ZfKh_CQ{Rxt)FV274
zaD#zN!cY0LmjBZ_D=6}hndfgb0Zq04|DwqQTz!C>VD`p5w|{LkVSKX@QkV;p|Lqm#
zLjWC{0(7X65U6P%FBba^%=eLF{rQC@V+Mf4`4a!-$uS5STV9680SjTd+C>+YV;a!8
z3r<W>Vcnl^v6&UQS=LMM0)}Q-VocvhJC|)%!rsq5%I<iO6=;lVgOo09_JuiG*aZpO
z2^nbYV^Kbb^`-aOj%sFB8&b>mjpWP9TFl22Z7L&_$0LwO-~&mXSBplLWD}f;%t+1F
zmwqv?Fa2m+Nas^`9qm3^B-I*-yYN0;D714$ggQwslFvP3VT5pRM<Bk%vrqe9uF+*S
z>TGLf7-j}MqS=bENrV(c;UnXA2(`GL8l+f@k6p$q6sOzL5AxGR@RzeL9kWhqt*b;D
zda0~yLV2zk_V3uFZuFI0s#LzZ%7?3Xle(7_5Ix`ibs_(a-Dp2^yu>gis!4DXyJ(Vf
zGVth|4;%dbK1q)1T6C<V2`x%;vA-st7kg>*xL7Wn2zD&Y+5M*Rm27yJYhx^}NJDOu
zz;u3*s!jSUT_B$uHIvOR*o^-8Ly`z@54HcZQPs`1f_;Ey!r|)8^HR*VPe5|jHJopx
zrcRsqx7;w*8-`4qXyWI!%Wvp5Dj!<~zu8lSfUZf4BVbP>c4>7AijcZGi?7^Wz68ur
zv)jkRSe6%^ERv(tt^+)SH{K}#3eyhW5Y-z@b<;`A(_kxb!(%TNwhJ>Cjk#eT@+-eC
zi_<!H-Yfe_zUz6@OMGL{cy}Ue43niamjrxIZ&H!^43yboaZCyOfaq_t2z1KIh^7EA
zVN5|ccTJ2ep6)HQdPzTMF-yuQD-j%9a6;rQVRvCROba+gUhfwK^8-!N$PHk#%QS2u
zg?*I(>{cZ@Mv+|mK<{>J3F6($UneuB3#nC!HKsns?^ixr0ei_mm|9%*I6~rdX2S<i
z<6)|_s8tfG^tCY+ZlmHQ@e^Obe4;Nl-+e>+Z*~-Rujp$Te46UMg1qx#QRe)-^Q=3-
zbb_ZmO3-V8Mn5FinJ>5Kx3~2X+07#98vPwIbdl!w@7kC^s8+=W-fAm@zcw!ds=r`)
zGolaH=UKm9kScm1zHU08o=psNO_#+BcqwKy)UHxXeu7Lo15TH^b+z3u#7@AJK@7Vo
zoB)PzG3Wky2m|yUK-1N&x<ka-t@w1lPIFu}94>~2c;+)~Nv{)aS$l;~;Gdw}xckC%
z-S@Y(Oy+>CU$zXy`TKOvQ3zn!{V;9X*3Cxhzj;g*H&Gl%`W5>tHV+OpHI|Jq%kM8w
zyp|^lNI~rlK0wbxiqz##DSN3+Y7@29T-OidAJ@WT<JD0^!fRnuN^cS5G_E41zEWh=
zoCq16+mEnh<kEx@ec1#Tf4ZMFM1>txxf-d}cS4Rn$G!)ewpE7?ECx`~#QXUKGB^#f
zo}vwgcrikxJkX3vxuRX6*5BbfmFsS|Xx3fTyYjA=gNX&XThHFQ&RQm_4Q-6G1ukN5
zE4<50x#-3-GK<M^iI>jQ5Z%t(>75ow+vdvn%lIW4x+obq2HF$wK1)_vZ+G`cu=w+y
z$0>+D1gQ{iajy3+1n-Ni$7!cTg7?e^0d$g?&N0@CQ%4XK$Lx)jj<M%Jxb+?akHD0v
zBKAM~sck+;F%hOz6~vV#R)eVo)s<le7z9i;ARKX@pSEx0R32^%4#^h8ZA6iInO&RH
zeE|G+-w6{EcQoj-xJk&=8D;{nbDE!Mbj=o-<G2ZTCnYC@p8i<Oz4)CG>35u4($@z*
z!_4=i?A=xsC2}UT)W9|}j8tnl{BfsbzmH>W)%z`nm_Q`g2~ViME;dNvkjhB0`(sLN
zuKJcHIhgpB@Gz38;qMM+FAY1(D_OZI^#tj4ZhvwQWUK~^e5K;iozZ44iGY+jG-&Lz
zKdJ6SaDNiUwu#p*=05*14V1P4{h~}RtS@XR?4qS3oEj&#si@T2b3b{9dixor#q-V&
zPvuX3Vse$;r^xl2@0Np12-*>xJXg0F0jZ8?K?|O&jdfQ1G54jvnO2{9NVuLo{2di=
z-DH}RY#`Cho_iH@sxm9=#+2?mCEYj^$q;)XsTeESi4zm@FrVNVd#%Ub%&7V+kvHjY
zg0lEdGHRs41{EX`(XY)1-wg0F69!I7%Vtq;8LEi@5!^N;xc64^VrW(DZUtM_X)&?|
z4jyC(p?*0*fRz%)ew&NnL<Xhup)t$c8$+?7$Y46@%iV@@4Q}E;#Uy%S>n^d?cot`+
z)!pYIwtC0)_3yeWwX1es(uE$wS=mwgh*T6*z4545!><x86|!Tn(>*3)k@)kkF|i$^
zcLzVC%f|h#!gl(jM&oJcJdG{DX-)`Js(`Gu&IhP2^0e?fUTvhcT4O~pK4ZTN0~&%I
zcUhhObm6!t=5h$Xr76~i+>KFt8hMLUiF$B?&GNCdBo4*fMgjLk^Pr;uj;1utgYa15
zw9_=%*eUsS_4G?J<^ku6h`yyd7sijiY~%(NuCWx<r}Kgg@qBnV^_hip`2j3jt!^(9
zcpcGhCMF~{w*<g<SKX;A2FC8VF|)wA##(cD^F%wXnZJU0)mb8JM2)gC?a!5Tmj<va
zvs>QMj5j8jTFN#yX5*Y#t-h?vDbazS`6+ru^SI}y=PWR!zakoaSS(&DEOTX#4>XNW
z`sGFMD4V3d9p7>+{q|Kf*nz&BA@=Aqioxb?zQwh93XZEX>GD{Tc95h}3eeiU{wjm5
zr>Z=h(a1YaC6r!|+O8`=^dwyADNALf=8J7T^3ow1gmmC8tH!~~t3JR~3f%*YMuS%u
za48YKFz6}Gju^)F6f{onf~*{ewf8H6<U0d}Z#yPFu$X*k9H|>EzIBpa_I?ZN5q@<r
zy#mN5nz{1ZXz(j*#l$NT&_gf<I6q<{-tLyT{55vEn)@r8-!%Tiyj)x<*<gpeVgjLD
zN(sekQ#0MyRVYtz(LSqo;?gTyv4hPH3KZf_+u@zqs&P#dM7w%HB@>}rL}R@1@Sg*B
zlGf-&-LV5v8p9$dIld#_@-f<@G^w3UEj{$cc)IXaUevJLN6P8POb!XYB=s$Xl|a&%
zMGR{XU+Z+iu{s@M+JfIRZ+$n&j`H(~B<Z9U5u^K$igwB`TQ>AWs^q2Wis_b$nV+Vo
zXsVxM>Aj2?Q-0JppiCjMQZvLF%h(ey_5=3i*s0Naoen^fPz;<CE;Wcs2}cqB`OyN&
zt2Rh4!GM8OpO^*KoIHpw_zqXS>AEOUMno?A7DXI$K6pfTi|Y7ZzR{S!j{Zs<ay`&~
zwbS_)G~&gAOGmn1miRH-WF)o^uB`6nF^>ge5+4-GHBqhhp?%4H+Gtw*>THc288w72
zc^EhaaUz=Q=_3ZU<z$YrjIi&KH1=%H_yb3D=&66a{G5!Xu69yVj=>g46~EzG;19?!
zG?I)=8a~>s*Y$-ARm&U|SHc{ng>7Ra_H=D5DQ>TbId{wa+tQA?Y;C)T79aEI)t1s-
zR%NNiE`lt&EbDxp3LNjimcEv84NW}M3w8CHyEaSuOAIf~wKw*)E7=i&AE1KBKC-Oz
z@c{O7ZK4ig>GPW4EIAXOY?kBhlm{oWZl4-$+<8vAA)U*+z-eb8K}u4N9t2ryvJ4BY
zdR9G5IJ(C5Y3DvV0)GHjg8ylTX^#{X-l8ApUs!7%wv#jAv4v^=Vp<j?(_&78yP0KY
z@A=0ZT=dR`l_HOVM1XbW4Wc?SP}n%pmFoi@$aJ}rfKh@PBZ~9~4lhxfw@^4D&z^@y
zgvA-d@^vJ0UPG?OB(Y@<7Z1I(-s(fVv>y}q;?@?BunJ=4wLF2mgDm)a;@8bAAA2d-
z&0rt2r^aFjY63j{{x9m@GAhdNjo+091x7@=K}sa0ySovP7(nTUVE~CCRYV$w9=at|
zN<kzP>28Kph6aJ5WT^jxet$2{d3D~Ma~AJdtXaUG{mkC?=f18RcGhq05eWkGFqL~s
z3Nlrah~9(2hzSMILk;ERN6(IwdDt~an4a6P*W9y#s968RJMzAFFgqOLr?aYO-CgRm
zN_R|e^l4n9H=|Ql)-&-<ub$-38fQ8;LZFK|KbrQ^;Fz5R`<@cE?OwoekVzav@hf6`
zQ?`1la8eF$%g3VH%VW2=u}qEv(w13P)hNBOC7{QeRJ4)Q{Nvt@_#EY1-|3H>$C3us
zyFL4~XSK-P8;CZCw01LI0%bkCcIwbG#EHV9Z9k6gWNPzhtL>3-7boKsmwR8tmGW0g
zX9@BBRLH<wEAtYIJ!7_F;LPw-0vWfrJ&eV$OwqUQQn<)Rrg<zQ>Bb(I;LXdt!wq8h
zD0gM5@=#hg_=N`f>}cyB&(W?LQ<rlDwNirPDEn$<6wU4B<e@-3a5;$`j<52`sN+hg
z?CDv{zrq6rez7_RrK5KaAt&M}+q{jH8(TKLrO}jobzDu#BlC>j*4TomPdQ*L-#9oc
zt}Y$FTGO84_7LeNs9K5?cZdO!9+{<R=G`^6OIr`4b<0X`En8<NG!F)v2b}uHPg(b&
z&vnnvq$XDfHFcOG=Y88BrjFSeEmsw~Y8Te`>E=5++qh`IZb^9fDmt!DJB%<VAtljF
z!339xQi6LFmnBD><dv-YLR721oV(F1A^?d4xfDW968e_y*uLM0Eygm`ksaMGNU^Gp
zkG7=|LOtG$!@{CRvdDgT_o|osQh@-Lg~7Ieupk~{<bc$gE_Q;*#Z<8>bwAiDNUbT+
z@V_`VYAthzto(eG|Jb~PXHN0VrxUW#gGc>CdiM^R0W#oXqz*bWI2k(+SCM2)0l7b^
zbKxhzYBBpA(@D@bktgf}0(3w$7s6XQbSTCbeT~5fG1hLfhnd6mAhaf|G9h4hU*82|
zX=f$#+6+n*^zuUPv}ssm>0(W6+Si6MJDQhTvbDtTqp+U(zY3Zm%iWH?62YHDUg>pO
zx%_Px=y#kK^su&gDUf;eH_eiavPMYE#77NN9cVbct&LizJF(LC(95ve;LB}m&zzWf
zQK8oLMd&e+uPwVudQtiv^;PCu?J?Kqjl%vN%4w-I;(H|&w28U{=h&m*@)mD2qR7v}
zAUext!CXL?TJJ2=u0XC~D8QYuI4;&9)%)cwR&qsZTVFV4wvdxO3o&TquvKFWtvC9e
zW4KM$_Xd#}wr0}E?7tOxH8`H|fxP0YN!ZunAr&s1%9Sx=tyq>=_Cx$>T=IdBOZ<ez
zbf$ltlZV8|@W_4b$|u$91fbe)g~~Ibk0sO+9A-`8a{4yk$ct^39ah!6ov8PW+tV-X
zFO3~7yN{T7%e7^2yEuAY3FmhSeS{#n%x2IBjUd5Rfgx1>SHhE%<8Cvks;vd>t%MQl
zKUmE1e@2{nyMC|`@A`-Y&UZg*emPH*-UghSbnqOgR+lPvQITo-a|Qhuaf8JnO$XI?
zwi0xb!Kl!oW4r=}n~HVa6Y3XcO~M>7J>A~Jb{vr9aeU2-&azW)EzRHM3n8kRNAWen
za`aLpBM>()YA@Uj=qf_Bb;Zg6a?h8+o;{Amx0}cT{f*qc@5i_rf(cPgXwN%IqL$hF
zyw{)xEMr6`ud|w5s6ms0Fx<Z@!Q#_*dDA^q<KFkqx><(LK6m*+G1fXQ#!duud!DUs
z{-pihd}Ix2fhefARJBWl+yQN0NO}B)CyXbc?1X#QF~%;omr7sPEp9P10Jy!x-$PN8
zV~h|x<LjGj;7YC!Uqw1z-UIIri<d<^kif%h@4^#hCc`gZw-UMX&Zyvtyv7wfm!GP#
zGyvznzkY_3QSJkCo&+-i8|A9>_ss>_*QQLE(J$Nz-gQK1uN=B=2Bz3_0X}{Tl=E~l
zKk0>!+3@g5j<U-gf2_})P*b4P7ig;lReZ&CT^r_d*KKGs^+d|1our#}tDxTM@W+KW
zMSU)zSd6GQl*uX?j(b-2dgC6m6gC8Cif<F97_h$i%-Kfgga<PFLo+e^@<a=YQ<BuD
zNBb4R)&*DSfX(kSdZ>x0zXi&)+qyh$^cg;jzw*U#5!AnVCEkGpN@I`XzqbmhP=BCl
zzdpUbTB<IJDT1?dK8+0O)tGpxGd(#49=aDFpZlEr5%XuV98LsnpE;xz#bxxGe*U{?
zQjPp;Y#tGd6vHOeNJ=REJHy=DotMYf*T)afNPufWfz}ce_Y*nPyoki6BG$S&0lkae
zBwpncLm5^bsDSRh5iGl>bhtLpr`H9_j#hzy9ay!A@YV&fg1fhq6-{rYxAx%jBkL^X
zEQGUy53CgX9)l*bZ%L;V3gYN0^~gY%E#0Uv5~8L2;+3gXbv1rG4RV)u8~iAUo^x%*
z)uPxlh6s~*l7)yxJaSjYKl|UGRG}*xyuGWqX9w@q#cIUjZS>!uzbC+xK8X%=F5g%p
zC=(IeMYyk~xofd41s%1&IW*)8A1SGW(L6G-#eDT&cHU#|+NwHN{gnEx<k+0JyB#DT
z5Hkd2Sqf)T>L4xK91`LibG)zI*NgWBF59WHIP(r+U2&DMHTnofy4GN%1SLvjfTckU
zqsqH`Tnw&qcAjweR5cc9Z&1Jla`L>G`Q0=3vfitc_TZf{m&yK3CF-7_m{){5DQt)v
zabI9K0wt*BX|z89tV>^X^X19h+%T$_SvPl-yPL*lgx-~vGN~^4s!({fz>=&c(i1TC
z{NP-Ga6oyBby<(wdle{qa9y@_X~mVCKaj3t6BrDUuf7?2q1hXqpf8G`YfLJsyv5Bn
z_ihwtvLFUw30ZckW5r{Lkz{@15u*R<+7(fLPvp2L?w8B3S-!6La+!lk=)oD#FZ<`=
zLQSeM)uu9@qil}TXlR9)WO~rAoEoTt9MI}sZDD#$vA6=y?vXcTgo83i(p~HZaKj{(
zb2tW}*u#$K7}!flId73Aml%vm=Ix0#`M7<X7!j<P=@1!F&=Y^VFM))*Hp_zx46+(o
znGxN<TA$#{vKd_(t>*ijd!ET96rg(?7u;-;Io>$)j=EjVM2RzgKE?ySBbV>Uo;iSh
zCO}z4?zYZ=gNmkiP7rolBtU-?C7Cop(+Y8nmR{&EDdXR?6|}97yqNhUlz3vNC5HtE
z+&7h)pbr!qZWp5w0UIt$v`YmE$vT_cM#!#NJm-<TJirGxB#YH7io`<~>y=*FO=oDx
zb+;P%EhtGM5_UUaO2L!nIh$<mY@}E5;k<p1`#+a6-&?l@Cpk*4VeJ~Ac{Ffn)R<gy
zWv5HJMTke)XFbp>l2CdX6S;7eGk+2HD9h2Gg8Fo<>0?Ui_y6&04ER=!R)X@b0Wy)i
zk!vFzCi`|IYJ9EzdwW;E_e^q=lld&#sdtWL_TnW00{I>OKtUo${G)iyU~7twmp4_5
zluEyQ1YY!{1-%5PKR*|f-=!xBi8g^uoZlZWi-q~7`@A{K(53AGalXy}H7K?;Ut?%<
zk1|hIO&!FETPEN;zy^=zES%7?|J6Rb9-Pj2)XPq=s@UeWJeoA|%($swDtfE%i5&8l
zi|I_sp419+d4wA`o22U3!bP9`Gt<yxQwz0_@+!>_$H^@t&sLRW7=!maDv0g}7Q06_
zn-DZ}bkjdcsDH12T2q^bUdF-(TFRWIAPP%Oxs95kqcqP$M}23i>l09JpyT}bkHlM!
z+96{n=0`y|No=AHls7d(<5k{XSM3bwbH^T23|}i|@_l0mMJmBL)f^sJ(f@<lrj&zk
zXEaUiPgBDrJ>>LAxKoM`bHWRLdq&ALvd)45Z~#k!Aog7{yh;~^&?2A-UW4!Q?POZR
z-WJ6S7RMi@d?pZ0%GJg2b&LBr_0i8zoue;ZkM!l<Dm+~Ffk$IPH>dr5%C9zf8v}_o
zceQd{gQNJG-84<}3PYLqCgMv+O4S&AC*DOFva9o8#8DcH&P+SBk0n4G(fV^LQbP5i
z=}-s44GHJFovcpm_ix2l9yriYakE_#J_oNRtRmlH)-N<Mw7x1+@;U39J^~ZEB@-L>
zR^?R<#3ub_zRvi;gNU#BN`Pw!eaQC=P<&VvZ;wj&iY!1tmmdF*fcE|iK-1izH=q}z
zCzG&r@QG0B-IBz{Ygf+qyZ3yc<}HQ<D|24iuc#nwF41PNHp5XG>9%X<$8aBo9dZ^(
z22!7w>#~)>491}M?n|$AVBg)bIGOqRmn*L8T6S9g6Z>&&uqw2kHnOabo|Klh&b8w~
zVr$-&*H9qK=?Z>>(<)_UaO|x5-JbE!^r4*|+7LO>=MJ`vQVm>`t4juIZk1!;7y{jY
zbx7A(4)caNyqlcX60$dG$^XGVVK)mrSE{waLd|2FAx~#(^1TxOwa1Fs_<(KMz<;St
z6`5PzvNJb%b-<zw5KuV4j1H{^8(vnA2j)@Qjwiaqaft);95)vrT|0euQNO^|NBkx+
z)n(NUba4SY@JvwK%Kz1L`j7JdFMRudS+e^7BxhG$`yU0p_BUA(v<;IU{vQpE;PwF|
ztftmq7(WAqWfreRV?9A=_L)L_6ocQ>Lm*4j9iq0Ky0;?~CFlS=Jad7h=W$&0zw1zr
zIM$RwR{MI*WRh-fQy!GC=Wd2ZrpVJG=s7xStbx9t(6IBuXEjEh(ZH&?4fWX{HY_pO
z;2@+c)!AaqSW;lSqoK^r6d!;c&;)gjyoa*rvldFI&7x{B&Wk@Ho3ree7K&BREjhxp
zT64Ix1+1DyK=}cS=h{sQaFfa-09rc5)35Mi+?K4C`#28~l6+kiXkk%?AcZ`7$E#W1
zqICE})`k<}J~@3_ah`!r{ra%?NfbJEMJLcJcTWqzY&I|xCWfzDh1bIUSeFp<K-f~&
zXKp(@nOjoJv-AR9qhnuOq<STZu`5S!1){8;tIx7Yz#jH~O+#EkP{{HJ-7m@)8=B>K
zV3;H&-?+w-iIXOD$uSdak)ecRg_>q{l`UB7#CVk(CWl*Mymbe~LZj(%xaH%{#J!q+
z5@k3$zTI5I@b+JHtP~lFxV3GwFL@)SjJyI&x3a!6c^Yc*cz<&g3RBC`7Jyv%Yh=xh
znfLBy80;WmnnwivZc2H4sn6J_at1j|M{o>vZ%aJs4q%8i_h{ZM)r}$zxQSm<^bW&U
z6d3XV=JDiOi?6A876@wLKIY#`(yf|VAESbSbSGhLM)|p{q|>-rzD@#=?U;Oe9*B?w
zQlg-KesJ?{<DAKnnHMRn^(H3*0waHjpP%|)#}ldae!EFy9rHTHbJz{%c`{#vTbmz8
zNwf<c5bPF?Vhr2>jEBM<P1jfFrWh-?7y$G3gRK53zFY_1Vjj9O#}k>D;Ans+aeimj
zB%4+D$=S;{X`l$Fp4(lEuJj~p_@=@yRr(d($Me^IyA?ejHS>xu=d4FfcFf8L2o0(b
zHw<DH5HUL$2gv~uaV45wa?t=E%8u;+3;O}z;xv84coYd)N7bCP++;wLhc`f?N7HIr
zZ<%!PurD`CA!K9k?lr+i|3P3cQ(ly}<+=t{D7V${sbzYkpADik?sHlrK=VhHbyb@6
z13*c0xoffajmpirw3Z1wP$M&yFRE)kL$p@W;XsnXGHT$4!8<{gpC63OyaoyZp4=em
zefc_|;w#4Avafgugi?A#X`6MtaJjU{4d3V6e7C1e(tU42GvlM-=W=C(%SYpSp5xKP
z)oSqte)xRA9k-%3mc);cDXlee?Un9Ni^EIm6PH+7z*!YE^tEECN)~~H)hqzLD4eE)
z|IYlXD*&P5%BcVX;KYfr7@Y9$VYXR54u+qv0ffvGCw#srJoQjq#d$<~X!;eE)l+Dp
z5f_285nmq_3)7YYtlX5OIQ%dG2$$}2651;0m-iPaiHhF^E;=aGzz%a6u)5_WNX<s^
zY3<ivILvxP*Qr$#eR{(!_(#%i)-Q)uTX(f{m1BgAgAbQbT}$0_bhCbV;I={!Q2nc%
z+%{Y7v%9a(rU)~lar5gUZU=??{f!Y%5-h#K8r65FSQV%MBqz^Lk=q6H$H9h?A%7tw
z<8fLsxiaSA=Djy>A$V?5OE;1QU>h854&+_*=EXWVYOa7EDWz90Us=+0<7USY)3mXo
zVm!V3xXZMMc3vLT_B%jw_k32iGOmW73dlZg<m%CtV{h+#LD4U$HG2k_N;k`P)oGP3
z%goE~D3oW_k81TzQQ;PXiJl%X+xA4R-#-KQYy*8WnOox$TuXQ7lIy-(Ut^|Ck<^fB
zRQ@0YwBlINP0bwoMs}=_xd*>TE}~lg(~%79wV(%On`4@6a{nIC$K!gbyf6$bn|71)
z_l+`~>F1~2{}~S2Z$&@OlI=*Cz|CeQ4#CByA+`;BBt~PSKcs`(oKFugLvf`ccKCXj
z)}w+bdx6-nb*g};*KjC-{$oJ9^Mm)FY2P+J6KcuD39${s(MhD`6p~yclkgVz1J{oD
z8sq_YiTs4{KCQWO{!StV-YUByITZq^>C2M~K$<hRcE|dU;ujbD%zQc}Q+@t>&~S7t
zo@AFxDIbGUo|%Z?gBPNrwi~y2bO}j|VPqCw69#GxYR!R1H+>=3a=Z28$ZOZ9jYFs|
zsYwI!y$0OuY+0vb87&Zvh*fC^E{j~`fq+ou_4kM43{rl=e~qpKFZA`g9JiPXhy}}q
zU4aFFYT8aex-#M|*2%;~v@~?cV@Nvcgg1nM|NGIME}IC?u`l#>Gn89H@04cm$gY4?
z?J8YOid|KNc_My{1jgd6V7WIC=4d35s<i1`k*}YHSaof&)%(9okLC6*k=#|Y0>l=f
z=K*B@wa<7d($ss&YYOa>kcgJ(@)f6GjcIaXKl<rt6Bj867zUH~{$xY+bNSQ+(?h9B
zBp-Ux1Bdxm;NE50r!JG>wA$E$mYM!x%-|-&1uOz+s0)jLUO+;MuK3k>M)q=9yw+`=
z{a+@B_nMd~Aj|nf$(eSkeL|ddvg&I5Z`MLeevqwJ8Ov>=cwY6wFcY!_q}-CetEr}q
z?&-QSJyMevoA?BwcWQK2wF1ndH3QTE3uTH!NotDOKsH7e(4ALC97<3w=(3O1yB-lk
zPJe`Ce0!OkubU3mI*vM0|Ky4HFp)EWJW+npji?wF0yHpu!U)>o`I5l7(~f~A4c;xK
z+s)tYlF@JL6Vfrky6?L=rW-5V$3)<qeT9{7U`hRV>B!W*@SxdJwNR>_l>7}~KQ1s<
z@UENx9>>Y95263K@F#>!a$LourD%R8r!`v4UeDd!T<wbQSg-f#bTTDoK*k_`GqS5D
zDmFG9E<?q|qH{sKmF;n90lzkiw0m9COL-vY>!7U}nG9#cPj%pyA_zTgc<h{ZQC5HH
zvSVNDIZ%>w*2+(<E-^AY_D&h~P6&d68YnN61sm)^CSv(rI}!s?m}f};*LPvXt<Vt~
zv=Wsqjnm`bt6yp$-lRwQ@>oVW1jp~o^N#rA`51B=5>V($g-ZqB3WbvhwubBo$Oi2{
zi-scKpOi?2w2tcgZkif7mK}ET7QQ~@;Wr`^hQt+eNOjk;6uJ!9fH8(w;9}p-CiSIL
z<qsP^dFPhrGR5%$FD3QUp@k`uGKw8+cEXfR6mr_?F9?RDmzRGQuOWiAe)#vq_%|}&
zq%HYpaZ7*VPGDh(_X`}B5l4i{72p>_!HWUw)!Kg=w#qzJ2=xNIuYMVw(@!Kt%P15A
z?Vn4zF4GgyxCk)93~~AyEh>2$asF#de~WT&d+hNTTj+0lUv|u^M-WnfJDT153ZIgG
z-UvjKIbrZq=~a4bgK-es#x2OhYRZvLW&7pO#u3<YrFHdUV3#sQ4hw@xS0X7IMK5YM
zkgBeIk1%*6=Nal4@Uyo~{*W!_u_!Z?lHw^=qbaZCV4oR;D)KFK`)xPR<2pLc6;9{7
zZgRT4*BRd(4>#W^Ix<EZTEA7e5+-Cl)3=^gu~W%;vR1F>y*DFiq(r~>#G@-l{3j|=
zhgYzeL?h;OJ}Ii^N6k%Mk!yKC8aVQ%%4uoLMaclUSk*ZCnJ#nk`dM%QpbMUBR@Xfm
zH)D2s_fh-3fXyQfQ)UBIG+7-Sd_{idtB@seO$6o;=-hVV+I#f=#U`!KDElIl+8Lxn
zKD^bCbgZ|5$31+Z=)J};p}?4xv)L%G+bg@m)Zh(pyqS9pdei(>oVx<hx<&xy-Myo<
zm2{%ibw3}}KSY9;)4^1%eKaXc-3Bz8HB*2K8Jz1t!OJ-Aa_g4Pu2O!Pwdnk?K#-aH
zOxgFtlO$Ou(3xvkZc#S8;6Cns&z1w#IS;tbt}0DpHZtxy$^MAuUr~qUS)v_we|t_g
zVb7V3mpyZLk{zqSo(bHHdB6J>!;+bz4TmrF>gQjHgc9D`Z^t10n*~>+8q94_S8q+k
zhwexUJ&|zSaGb(rb6!EhcHGvZVr%{}{4HI&$Gw=DZrMhN%r)EG{OzO+kQ!}9{!TH)
zC+2b0dL_#eG11$7A4Rw))$pjF!@TmBj%)ly+AjLrT3ELynh0vvTg!RG)0~-wNDRZq
zVlLJ91Y&r8LWF3(<Usdrg_~~C@16ie^R>D6?_Q&hlo@|Rmva_oP-7F>XD%Jqddct>
z_Qy5sPn*l#2WM)ziVU-hd#-*kEho)8wb6eB-}Ka&m?pj7k^})jjkYRuM0E2dq88oC
z2`(Zc#VVaikE-Wo{`7*kqtG&MV?3NiUv|v&Zk}w@oX3|2tVChL<m^92i%yjjWv_L`
zsfe1(<@w7OoTC27bEvt~B@>)v9vU#tt9@C^hmD3tByQ-L?pr`~OkEC}Jda28x!UYH
z3v9gH+u~c+W%kV26J&clofvJy2c!K`PSiiO4Bz%O6!<W4jn_)PVo{UO?*MGa9G(?w
z^<hIMg~muhs&b1>mW8UuR~J1@3|*)F3P@>Og{bo*7Jqkl8Lm4*@|4Z#t`tW~esvKo
z2X~0BRHgFRj*E`k>2nO55(UwH4S1{RgTJnmNi@ugNlz78Q7M>&4Sdm;ABnFkc*3Z6
zIh~h3{W#FLA^|y-6#czvnMsO6H;wkqM*70Wl;wxIsoMVhSbLmzHt<fqOWy(3O&KXV
zr1?8U<|hU5P*Xk`9FZwZSbQ-i?{a(d2T=?u$6Da95lNLeee*ZGDE2iqm=CG0qy`%k
zqVtId`*T@(?LOOcBR^ESqQy^v9~uh0BKEfE*m1QhZLhIluV1!Tmi;EGjl#X$tImEH
zk4N+}N6b^)Wkx;BIn-LA!e)2H(|UBVlsWFkcyKaEuMXig{4(+judyZ2RDiQw-pyPN
zGvb$+l5mQt|DDgA$Si}gApUb)O~_Snvb>RfUu`V4ToKY=;8(y<uBU6-{Zd{8qRELO
z>+82;VqhM@b+Ld-mJ~;BHaIWWm=L_qZ+*8c*ZlBO<D7e1Ket}4w7GbBn|02fa_qDZ
zz<)H|rHV<$DGZaw#N!6PtNj`BZylEs#a?9w=@g!YRvBM_uRyC0^i>v>aQKyA_m9f-
zNV&oGOo}dI+ytvMO6gxB!pX1=F~)P2O#HLj>c^2nMRU$yA)w9AesA2PK>-0_Wg&U4
zQo(nyRcD}nQ>Ztfm!H#GD=6M6Z5eElSMcUgAYVc4*0qYS!qD$`K@;RO%tlvxW0^gy
zzMpY7S*ehT%g;Pyzf0J?zx5oGNCIi~l$2e)_-CYwRdoOG3X7zybm|$q%-Em~7m68W
zvO+|U74j@CvQ4Ghr|7~pl36|r;!qDRIJuf&;l<-rrp5hs#*JsV&O(*g(P48uEj{8P
zE-ybjO;_>Qn3bxhzXLZj6~CUQ?WMZK<I!lYr|tfh*MLZ-L6`AVplQw0!!WXDf4j<i
zj*b9g&q~2rXfQmIJ#WYI4L9o6JtvV-)#vJR#WEX*;BX1MF5CiqC_;2OkO9`FY+32w
zFi`g}4pM6<SXOCk^f<nlT)1I3V`8ISf1~oq9plWW-?j8kYPxvk!5jw>y}+VILWc6&
zkG`d8;)~Hx?KRJ#RHUCe-MbK2qbT0OFNK#ou2ivkmSy>P*FJn=22p~Sd1g5L5_7M$
zliXhl6-qr%tF4UPaHhKHR2CGa^|8J6GDKyG7Y~Q6p4*q}_<%(;#ryvGo16q&ep^9X
z2yq6efp<dXGDk_F_5KBy$#F8@D%U3UQuh(z^S3O=`AnsAI}(~wc(1>GR@zUmg;qad
z#KDk)q{eNK(y<F_Bkr^M!5?KWyG%aD(MpLP6);T~(sBQ*dc2w^@4b)DX7U7zhcSd(
z#nt8EaK@DtZWdFOy_DCmj83(6x~iKHEF`)U4#4I@Q4#XEugh1e0@j%s5P+2MiLUko
zuUN0dwQ%W-#41i<g|{h}e9b1D%J-q)158KKMT@Fmp%ilKc@#WTBYFG9Pb=azOvf~^
zqD+4OkW8d>S8LLE?;t_~d%gT6B7Hk4fU|re=EUaLcU<)p79B)J#z*tS*7h?MgPR57
zNl&gRB@Sp8qRh&VQ>iBPV(6$up0<pcZq^+!nY0R8buClfxKlrKoOo6nI#6gJHq^SN
zGHJ&SbQ>%0LzBQdG+#*8*&9>smPAPT`>r#i44E?_o$@~(*{5Gmh*2hTI495~k~ImY
zAEaJjx`dGMuqV^E>wvYW&2Nis*!<I<5lc_)7&Vi|vacWBT=zKNj>)CGnjqi$uU+O8
zs2%1)2qSE9bpvLacL-Pyg&dfk{b1%H_?UO}J$a~f#B`juN5so|sO>*u!s&VMEo<5b
z-Wgs`R~|<5Q9tsQeeK5d#);>)h3E^~>{fmiiyUrKQsC118a3RXZp-k6!>7q7>%%gA
z@L~3n8^f#C$;jKHXb7}C)sy$OwraN$d324jOM??@o!e91=puT9uU=VBcO<O9dS6Q%
zVHV56X3-YqUR^9Tzfwq-gRfVuuYk*HTqHAVJm$u8U>xs|eyCyP+^)A?zJ1dK`2<f!
z#Tni92%;;HCt-cta`Hq8b#JMn3@5XWH9R`g<c`qC0iD}i-7P$PiJp0jBv?(*-s;zg
znl*XQxUsH8Q`rRaJ}PeBwoRVX)!mIr33>~%7x1IzE}?n>L*lT1+xdbClWkr~JR01b
z{4ff|{BO15g+}<C+thbm`VvKzRRcH33>a+-Bn4}d9jC>mORtqeckVox(60?}#?+-T
zTt`DkKG7GeWC4VPZA6G|)US-ngNCCay8=kb+@_JHD0yN9#xrk0(P3=5ps@u10@U~Y
ztB6IO7I6i^-JNxYYG*lmx;Uv#P_`Q`aHFb<S6SMKk~p6w*cCm(3jN<wIo-_%M%DB_
zB_6@jQzokEOh5Ej$WJKyARb;P-PB3+JU|vlXy`scXgB*g@dPRoC+jMiWwne^+(6{)
z@n>{#M!0CJc7}pgiiCSFo<x&`*M=EZ*J&2Le}Qx^5Vja#2XF(+H|xyGQWk$Go<`qX
zieHl&yi#muR@`BSFygr5{R6vMNyd!i?%Z7`wN2;raYjxaZ){Bq!GMD56+3Im_5vct
z-B{TVtkEH*`8Yy$cak`SB-C*TMDe4=yB$NKg>~D*uI~2Z1nY9Tx?*8vmdEs@QMDLd
zkD;t!cIt9FN|?7-U9}@awj(9}0(Lw(7_W;}o4#0jAFLYsF=LL33K$it;{ki4o^BUB
z+<#aV0!s+?05mndWi4NyD$h+7E)%=+H5oeWXp;6u0VNy1E0gP~gi^w4#+Vc+<~eQt
z?=c#?)0@EtGk!|>HBASkBV;>9!~&14irwjG#$JypjjabMFt#K=djtoqxD1L*$6QBx
zbi1C>T{5!GP})C~=#?$$XfW%uT9Hd~*aQdFDOzp#6T>U4U>)-LEwQgQL0ZL$qPrh}
z{LomaU}#2uVOSS*6z}T8{P;pB0#X}o8=<p7d+tJG4mwV#XF@Y{oP6BUl$Ca~w}9?G
zZLp#)O30s^nU!se2`=2loh3(dpDfURj;eKEX!f;t^Z92&6e#aK;LIp=r#43qO-&&l
z$39N9O7Qsxa&$@-$EByl|4KcB&B3c}^(#dSp@jZf;W@zMn3N7rU*uGhSvhu->S*ef
z;pG4!ED;3Y_ne&)iDbIWJZATWw{W_Xn1;D@27tP)y&-;}gjn7<ku9$Qsix<K(FrY3
z!z?`PqEv#W+PrP;RtN$#nPo@!W$eyLkK;E5&3*=_=N2XeTW3|}S8Bg_z8@ZjTX}0X
zi#{@Z11Ip~O|h`J$k-N~Vu2_AOX@AO=4g?h!|`LyM0hG$R#i1c&sG}{lD8I09m#MA
zAN3kuK68@W!GV>4Y#g6ZBHR|indb)SW?Y*&eT!me6qZV~+PL*9@z$C*<Hr{I>L??8
zooxgnw2x$!dy5~eOuT*`8Ng|TJnhk%hVT5CaksbwnY7b^l(Z~iramDll)2$F;8*io
zPjj@GZv7xC-|EJdJN-~n{J7`$()Hz%>1>Mm>sbG>2Jup~grg~&5;9Tpq5L~nmiSZK
zu&?%()dA%yU!yQ`o<Py|o$FclxmHNG{sW`lXg}K)g^(n(KGNd6!#s7IHd3iXi;t#S
z%_ZqLJqay%_Uq=@*0p4t9W#2&csYG%2+3b2&yeBFt}UXI_G8;Y{v0q7*zkS^d@D{S
zT49*ap@Jar{&7qsgdPx+R_n&$UF|1&yT}NdFlk&0GK`k#z^u^udS#bi@n><nSdTjv
z{60{IF#jier1!bWG1kJ%>TzQrSmF{mwmQsH*z}ax?czvV$t2sb$FL4Os(OXon%=6}
z3+VB8Gn+AuTY_Q=)}9+IcTyta+*}9NUR`O({Zg>XtF{`p9jbZlb|;*J`Hu^o?SPb9
zz3i`lk(BEG%XA9)O<Xm-A6gcwqPN{j9x(qTLYNK1F$IDSEA0;u`32pGV=VXfx9le7
z-r`P911_TGO#iS-Gl8mzH+x}NLu4O%+(jm064zmlgXXnn5qS=W0`*KD51tliw?FXz
z@RsFM^-M-w-@4rOSp{zfrXcO(CmsM5`tMc5TO2uHavHyL^s+7vQQk!!4TcOy9;tsA
zS#771ks+VSo|QzH@D>yB(27FzCo<qTq~bPP489wZJfz((7Qz51YVr@m|836S<$wI*
zUzF<q)0Rm9^>k3W@%4)QFJNlSvj#>JtaXy>xee3V`pJC2;{<r3w>knh_+8gu-Q@o`
zAs0Ci&H8xIp!mO<9n=E=_#FDvczFmSU%VVX2x8b~`J+Yyv1b$4NEBkPt|T3bF@*WT
z$E-NssXhACe)f&XNP?nj5G?f)QKdDMTT|_gKi<6Tbk8mRtTR&hdhhzOt#T`)P;%)8
zJoGJraP1-ZDoLC6x|k>HW@ImNDlPIJ>oUk)9VF<%-Up_|Q_m;Be^+u>E}zrNJl&f>
z;%#ZbjHDjAwDC6(J!%f+)>+7A1l!Z4a2>Wvv!@(!^)@BY(xmvswLr^BOKP|DGwr)4
z{J1f)$a0lNGwxl(GZ&gKyDpo_{Oip~tJA5YjyJzomiO-W7JBYrmr$(2Pxkm|lKD2b
z%^3{x{3srr)-)H9H-*5*mkI*O4CvO54BbtDX@g&mz_&NcR@d}f*)K-~U+eU;d>vY)
zu}|I#bpLuT|GHRARW6bE%S}1v1i@Dl)tCB3G;Q`@^ZK`20dwx3L~f{?I@tNiN&7RM
zXUpTKk~btr?<d!OAd^}Il#())eJ2}538Db5wTF7^Pak{Z2)-HaU;+-hL3jY7U<cJ#
zS{-^JYefJ&Pk+CwpN;@nyK;AOB%d!_{1jMhVX>v)L#|c$ic+q@P!HKnMW9gW2%!0d
z0q}JMH7*R#L952gVm8(QO2>jdh!lF1A4%%M*Rua@P3|J<dgNx--r)B8w#6xt)f+(Y
zM!mQO2=<kIfUy;yrf-H9rg$zX?COSaBiPz(<0Tv*4)hQ7di9T$S`X#vMksFtTO5vy
z;q|F{(oTAqzvARRF!3h;m)oO!>Qww+kH%7cDh4wtj*fs-#OVYW+qDKvILtr{)|Fp1
z0CIHg8V{t8ckr@Jp%3u4HwMPaCg{{8B(4L&TB#d}uicn0P_NQUCBF;-gpTVE*@SfM
zpB6Ue3HqhgNbR@dWFHR8g(m-Ui(PQ&|3I)Qu6uTqVZ7R$X%Xo9m)ITKuu*5zd{JkM
z;4A8$pjoPN-N9}xBHp05E1Vza>}pru*oOydIsx>APLU+Z5(K*eK&irhZ+1XnXx#Hg
z|J<87nIE|!H_ZTOfO*!PD$Rn6_|)@)d-x||e@9AIUjd}izeEjvGgqpzyYO!Yr`J#Q
zj9y-C#b2`Ae@iS@hu+$^+^y#r7|r5z<9a-i_HADWbl2N(J!#zEFrbIdT*`9n6$>%V
zFbe}+q7PCvD@X?D{;u4SMi=fqe6jHtavg1N>J)4P1Zq>#cN^8ca0!{gkY4s`^81`W
z+L;k|(o|6+kHg5tEkOcJodGRtS*{$8erYKh9?%UZiwIiC=htCunlSGtOhBWEv2Gzk
z6Rp@<QP-vXVfgI%FC~W0HK46%+ZRB*Q=i9uCtwM{s4Ee!z4BOz<GNDSGS`4|tMU3y
zjnXxX@5ouU4=R1Dzs1sT)_(UI{t+(fZcO*4kP%lmL*S;QpHg?J-wh1Mss*atF!Ly*
z#Ko4&9|NQ*cc2%xOy^JiesNJQv^C2UWPGrpDjv2~6oA*$6cvY}G(y`}(=3p~VQw2d
z+HjvsJi3E8&tTg%+1OY>@DCCLV6aPVtXo{ib@#zh7gT~Yc@2Y8eT*Y%H&ZJem))vI
zs2}stelh&2*m`7&7cb(MicNY1ivZ(hjxcp8LSsd-kZ%dxj><AX;dt1@mf4LAr}uE#
z+%Zcv*qGN09h~_vqY(vYk_{h3Ww8#U3iFaXOB6j*zW>OfO7B?FUixDHJEtQh4kj{W
z;5^Kh@dVh)Ykx<Rp!mRL*UXV-KNoKzxm`MTFty^~3)#-4nBbGTJg_ea(?hQ!8~!h+
z4)2IjsPa6fpFVitIvU>tOw)Xk8^+|koVc8^oL@!Ym60*<^MR9LKJ)WwTwg+M@u%M3
zachb>`|hYoyecdC7)%C@i5|LvcN_rwTsC4b^6)izdd=%^-akfTDr>mZh{JYn%-+S|
zA^5T^65cMqm47I<F04TvV<@v0ZcHHMx8uYaL@zyC6CUkZ<KDf&?;tt?!n-1({a{$Y
z<5atGHHjw~86PXyq*<WblrIB`K4am*Y(72VBS3!-=?q)Ft9kiIg~y0ef+nwIaB7Tk
z=hITi<cV9RK-XQn!t24?l61#!Wwn`;1i>ANHK~qUb>`sGd@>#-wqoxdmZ&P+OgpM(
z#)!U8^8Vew=eB8f?kF@_E^DBT1pKX*%0Wm$Q%biL12u+8#!XFY8G2)y^W_i|1nDu*
z=Ue->W6b`rA1Jf#k|n)QpHnc5#NdbIU34S(CKQ)wgmQ=P?5YR-8_XLU!NJ`?s!Bqf
zeDL+bMUF>FPx$xPlw$v2E{0qebf?9pH!%!b*IbFSlN%0F<CZ+qf5_?EtAjGu19um%
z0HF@J!v8_F|8Ls%1IOnbniN|a5=Lq!tFg7VbobP1w7nw~1I<VEBU&<AP#j`_V%u`N
zXVpY|`NazS68ZiTiPEN#Sag<f0wIJDGU(D8ahH!@ja#9$u|67sZvGm1hQOM*U<l4w
zKh00^4XI>4OyCQ^b~ko8yl=OEGtV`VoL|B~v|1NyXn4-rAzb#s<vB2=@ml+srB}S~
z-e>+)Bhw}BP1p`y{`Qj^WMf8pIaAiYKVB8EvoQIgD3ce(?#yR?#}szp+8i>pttCr!
zR+P2G82VY1)++0ZS2`-HaBsqrkhDm@(yt995Cb^!QMZ0j*u|LayH=AeTku^%mJJ>G
zTU>gQX$rdUp?r-#=8b0gvNz4-F<6Vp;L+J~(|Wl}e*D8kiQ2O2u`rx<r*5QtU4-^+
zffJegTE{N~4@1C5EK_<y39yGJE0%L%Zmv5<&7zI(kJOyk?TDQ7e$!DwV7WF1mLJ)B
zKo;bY_J@B|-#I?gd&o4V^GVl-3534+AUsir(bi1PeB^Qhp%o|_^glhFF7Sg|*@?kJ
zouv~FSsQYK`{7xlPnHa_;axsZA7UmYOu;M0f5j#|2^77zyiShLm4gaFB`H+LBkX&o
z`0<31MVaZ|Ts!yG{JN}I6D#QSVDTX$5n3S|&%h<K_*F@w&}cRa;mQ$OCx6*6NIZ+O
z=?9e~CfFBpBZ}@X$#jOVT&?nl20(u3qGAPRWB2$v!WCK}U9UJOrO$wf>1uaMVKik-
zmhe&Vrk1tKQi>uYvP+fDkd$<FK}@jQK*Mww3&JV0m9iC!80PDy`<!sDg@w(b8<^bx
z;8Bg}eN<5xj=nBHAcRHVvVTJ=si1<iB%k`o4DM4iTe0Kv6{jM(<PzINd}<rOhAGXh
zImvO9ISa&|D7JA~Bjm>&4CIp7D*b+)myU&KF&;T@e%;ZO%q$4qZ&k0!w5J<=)QJIz
zu3;#I+D!F&i}lmDNYOVZF^%~;A7EhL!j>$X)E$ihHLSas(Ys^lgWp`(dov^Va4$#L
ztV|7DV(5W)O=0gJA?y<+lU3pdf(;9#+JVT72~8wt&s~OP%)OqMyuo!F>?44Y5San^
zBaqy1rn!#B?_-f!EN2h(UtNCZTSex{CLxvHT;gf&KAhurF)djg3tEX2%ep?0yHfjd
z7}5Mpid*b5vb}gq`%53e!{dMwEg9TEawey;kd#G+H@eDmBaWx8=fM?KwIXAtXpS7S
zV78+ye<q>dl~wQ<Y3{ljHZX9*&xt{6;Cy*VzBx5>7p!;Q3yQ{Cx_8@a8j~rVq2lq5
zXC*iow3Gp8Bo|6$H|KGi))rr>GsS>BAt%J2K{8lhgAzp_jL<23ii%x7WTjIAcl<l&
zg^hQK65{(VdY6ZT2skC}iC<`Ei7X4L-}|E;`Ba>oxb{FMP&@@}(ev3_;rqN)@{MxS
zZd{AAS6kDIZ}q}!naeMH{NDQnQj3=@n8qS6&qtgoof8Es73}s2mAaofB|o(nM~bR1
zNd+8FntmEG|Lt7D(a@6M+GFAp(PjPT8<j~7r<@g1w~4#^X?eVOc|>D(MKassD^y0G
zra<`jXnRGqph@jkVX}6EHFM~#%hGD`4AhkN?bqK>w_(k{o3~A{O||_JRq}@7@tXB4
zig}#Al<)E@v4HVNCZmA;oDhzW+yd_fntl<{Ah&jtCzeg5grMv<KU!@Dg?as^=)~4p
zT*0N>U<%zQ2o*RJMu@Y-5Xh+~-Z3mW4u?WAY)3C$3H!v5T1Zxppn*vZU(+RHvk{`r
zTh7;mOBXtOQ^qwh3TJ=vWA;9{A4C=PfMDvJFmBp@Li{O#;=E_+ueH0Tvyx@hcOT`0
zT1bC!0`9kWSAaff%-gc#QoNBg+*@!_D~RWXK;^Dtlmhu7y%JjGl)8@QOVYC=5bkN&
ziT>p)`IkExXbq-_;8h-LXKQ;wN`pLmDd)M3?Gjmiz8)1=xer{6c;1V&jk`|;&B}1b
z1@jAa${U{L?0aRU2Fsy1>l<A!v6NVf*%mKrr&t}iJumzr8y_GS@Mkzt?<0dYBMm}X
zD{_8E%0E^(DW5(fLDttN^GEQhNsUv?proD4PE5jwW*kc@y$9gBU9zclj`B?z1kXTF
zUiUXcM7<9i)qoQMZeQ#pcBY7l2@QM5KfbM#i1GR`Q^TFxt23<ArZ?;zvx!I8{gO%M
zs*7LI!l!VnDl5%|a50bYuFZJ8ED4O&R6JXeYteVQ4zi!ze!T@$&JtRrU|mY2A+uMQ
z4;Bx~D$ty}JCjHxrCQce8-?bsHqRhHt8>bVKi|+FRBn2ZLP$<whp=!b>`B<G2gfWM
zAqYoaLq@pSI_3~paSF7{#x}14(-6Nt%KJN<CFNyZ2>}(>BE3NGLXsZYnlX7%x4~au
zbuUO}ZgF&)ll%xk8dc(H7B?$PEklhy&G?T{HH<!TGDI*+2P<50XLYJ`hBxn<`3`-I
zy)xF~UUK?0>W>uDr58yuT;RR~(i_3LMDsMp6@kXOLs(o*lvRFpO0k}g;Mo@rGrw;Q
zku1(*iG+S@)*fSKCQwM_(>#%H=8}q`|MSXlk^Jn&|If3leO`RY6TebV7xD(%7r<#~
zCS!;~>v@#qb^qWrfYx2mtB)lIXX30<u|>Uuv9C(y$lko^$wdpO1{}VNpq0|cS&a=~
zB|vY~rPkVxa<a~-f33H;H9|MW#yfNXZZ;P?Ho)x2!emcx-$M5spG~a23ypuq_9b`~
zQ9V6V8fD+3wyJNPvY-c}&1cdALE%v1{p>FhfxtV3ZIa5s+#olCuYbsEWKEEZtDF-{
z4@C<j>XjmazT34g3zGmH$E@nu6KmEDTMbL*g2FFs_o<w0XFdOQR^aPd7!iaGBhro1
zB0Ju8M2ElafCJ3J&fWS~0aeV((Gv%>*x?31|5AT>%XwoEix$aMgHy!Y??=GA!LPo-
zT^VlSNC~Pc?GCK%ENQL}Q9i2X@Q-U1BIHm+6{3h?)UFUU;LV3`rSVu7cO>X{S+y{C
z<wCC5eY7U0AjHIRbev_`&hXP1%0Kr?2-k$w1}9O4?*r=>Ws4CjT&6^_z<kkIa>ZkY
zqXxY)7n;Y_vRra0<R;-vp%(}4i}dC>Z(9BEDuMHfCf5s|%O9lrR(R*oyFG6bnO2SS
zbE91(1=sgJBN-MhH}yizExnDD@^ZFtz$#+rj3Y<Kb?P49n$^cdV-(~WvVw=7gPt>$
zSY0S`hw~t*z$rEUIxXDfD}3S2W=y4APT23Jt868FpCPKvWF#M0W4MK$@2Gl|RPWQ~
zeFzAn_gNtv@#{;+nLTV{G<>I%YC?48TN2f#l%M15iD%Q39VHJZp&N4Cid*cVEbzI(
z;wC)q?XdaXQ;%u(ZY|al6n_%g_mH7Wbrkr5kOXXH@f8lzZ1Hr<8$D!N_QYHM%+cUp
z!RG~)!HqK1PZ*Yv`Z{$tpHpD?`)g=N7>WUBlfKFLx`+Q$5RnBVmC?k}9XpZX7qUEo
zUSVJb>;I<NG^GY5u?!V*cq#qaGHpXjN;I9u9w}I%%)VFY{dw^)=6k!cx0!A-Vw7cB
z0Bb111l{ADLC_$#xf(Ld&l=U}%1S+l)r6gQZiAK&nzo!HAh(BJNiCh}S}cA>ra+1k
z;0cizkd#__C1mxshLqm=c|>YYWd7Wv<#HjiG99gyB{Pgx9`CbXFM|s`^iAnub_z^d
zt7LOZ9R#Uyy#3m1&-b6H(^aVnOQ>*cDkm5}9T6F|uDnvo{N=)Ulx^%6xMw8&%Y_VW
z#9Ulo%SCWJ-kBQNMiKiIe<QO|^SPtX#8Dj~M1fHvs3=7LcF4&3uXl5_W1`!vTgJR_
zyr8hy&w8-?0r><yoUPq8xIB3yNq+)Kdy7B~3Va#*T5t*2TkpgJN~t0x1w3qQT;eEH
zr7K0O@^w-+#`D1z=0^IkcpzGM#U4<pbB-Yi6q=g36HC5<d(7c^6pl6m*$w*VUyKw1
z8VN5Kv1rnW2lGpgrz_&tF~N9!Pm;esY8}<LHbb+JTu}DiKX1ll1!tM(WZ*$x9b^S2
zU|qh*tu<tH!xhD6=*3fJ-<$v3S0MY&?^}ZI`_V6V>~UO?UW*68jD>P*|J+pVM9=rN
z2>9{8Oh{;G<gk$Hpp7)iNq;~4^#fM2{EYi63n{_$M>M`;i))PP%i4k3oH}KVDREix
z5i*3OU3Q<+bXVEe+a6uJYv!~0Vb7_Wg2zrARc=8x0-55_-=cX6{PHjVsPrMj9!)14
zzqBA-x=Fc=c|5|<1;bTtD;Ynqy18S84CSIbi8OE*dfW@NH*X6;6`G#1t6XYTTHB;u
z8IE}-5<^l*pxSc=<I4p|oXo46pzfiC(p|Fk>}rpXBw8>>wy>SVXOa?lGIuw!HYyj=
zX4^(Um=Md^^5t9PWqdseLWX6bf1*OmZ`+Z1<+m85*N@fS@6`IaXn7_)S{Z)AJfk$C
zR;jP-E=O*eK&*N4+9%j_%=M^Ll#sAVbXze{q?3_L;0NfAbBVyn5|Pd2xZI_Yapovl
zSEJ>kGjl`f<%4b7&y;gTe!bQ6zibAK@)52O6goARne&X=;Qh$){mtJ1FK7M9R=pku
zzWX8$ZIaz({Dk|q%M>z+R#<oBYQ|$$(hVOI*Q#vM`Lrh^gU*x{=GSJI(hOCV9GFp>
zTXjP{Y9*`XKkIv_Cu#EV?#m^`%;#+e5<aqnkJL?lj#H~9JVf>rAG^z~Dzty<!cQI1
z+&x-IOX3SqQ!kq+OT@X9mo!OPYgsvyUS>-cyZq-pD{8lSW5k&A1YgBHXi|Q_AGj$8
zor?*K^eV&;C2~*&e!^eg@u|T*-Nab#3*-oR@vggY$|%m|&eYuP=N!`@9AeZ}-u)7b
zNnBBA{wS;MH@<t%GW|{|+SM8NsW6SP#m~>b+HbF>X1kR*;l0YQcAlHLa$!R|+@t7!
z$+r>h8GP`9s4trB)nl`j<z%WM<Rcz@h`ucS^W33zjv9FMB)ztu_f%BafKxwpyL@Ah
zcwz6e`D7C*jg`PLemt7y#F`(>KG6l2Dw642pWN^;^uEI1z6NqjJ1eVYoiLBwHSO2;
z+|r{<_Hg@dxO4^#%>2A{7^t+1q-a-aOEi!?i+fZT`ca1X(ndwaa<f3Fxb0zHJexdC
z1$o<}JS6mY$pUWPvF>~Z(<Kpu$|*#S5AI<*lnTmWd-Gki!F)ty>=}<ekQL(K-D%#5
z>oUU_?l2vRY=Na1(~wmO1t<9vYG+Jew3=Mqsdp(NA8Sg*dp4bnD;0`2na)iJY@Zw;
zgMInjrI1<Y6?$&2@=Jf>ukLkk5W=*t=tr#J?8o-a$os&7pGu7Xh`^10vrfnCGBWVv
zTY4CaUdL&P_v%dvAW1K8A+KaujX@OzsVr#1pCvhn`yAD{99(ZYpIzsf?^pK7xh;CN
zDqx?QW!T9UORnyTbzdyP_DZBUe7{EewS0i)rM&*s{5)<kQ$58Ao<x~!K|AS2xTh)I
z!$HBWL)pa5o0y}wEN4V-gP%6^KYgM&7jbD|8NuGKb|S4$Gs`y4uJMcDA79FT<*S=(
zt5erQd2x8wo0&;W7_iRN2$FUOh&MDr1jY621t5BxMtXsK9vKF>QM^c`V4lyO<S1Ea
zNgX9Ry{HB%A1<#z;|1}O{Po4)=|VfXChAp@Qeeq4hkK7*<x%T{a9gbr`2c<E2y^H2
z6wY0p=BCpI=E_!MEO`lU$T>pB;E*q~!0EZ-nNgGTSbET@BU9EJl}k>39SmDN7|sqU
zV@l(24(|5d$}8E{>`8i69(o|(HQL0PkaflSIk%N@Tusi&^GG7q7Z+?Zc`N?tW-^B%
zDIRUc6V)h2&fMi0pxE8?5PUUs%n<Qu)TCOhT+ANsu{MGd^qA8wxQf}ZhV%BN;C#@i
z;N@$;N_ie)CZ?Ee_}(y-jbTC0T>CX-PL4aWQFS|z!TTN_9F*gLU4<_2$pfN8i)^zy
zn*uCx17pKSzuRjluHX!FAlgug4|_+W^Do4U2VJOLKoe>JSQqNMDt%p)cQZVxK_?wS
z<M_a$F9Mtz>$4j*Ksci>no2$fe74wtrjymCHB0Y_oVh^steh>p<S?|`Jb&Ut@YpR5
z*0Mco&=w<fA(@h<35MCMrW@uz#CYJ@Ckd-%R=D>@)9abwU8y%x+f*yxSy*dXywbU}
z<N)XdiU(H@E%#Km_-n%r_LVtJRvl{n;WvB?h_h&G7!>P2($7R8T1Uj}tl3X#U$7Hh
z-8r!i0QRBv_@_d-5;pwpG4%EuSxH!I0M2353zB1btH2kL?hhw*Y*QI+;K;jQX<eoF
zB85iNpXY4wd&k$$kxmtmqN3(Pr&|1DY~yeIbNIx6q-DCobM2GslG-c2HFbYv_?0*q
zgLsc9lDxka7D<4MMTiUXwTTmSsJ0R6>CEY6OX0Wmvqwde-NM4o%dWOAA13#r`3~xP
zw$xL_9)ESCKg`CZH;s5LUeixZ8&5)hJ6F}Gn8yHkg|9|+_A?n^ysrH}F>9oy!>?g%
zb!mSCsxCMA7gQSah4`C6cLp)a7O#A|AI(k03A*CIQYWXR>&Xy2U#$m#%x?D0|9<{v
z3|NIf2l~GG9<T6r`ezqrnU=Th8F4r~Up7A-fWyIiR5wwdC~HVJ;EnueP6U28hui-@
z)49^UycymJKxjT$H`B);T^Xf+r_TY7xQ~+{TT!90)f*`)#DRAEyygcm*K__x80hYU
z3?a++M0Jdo1a(zWxww@Gf{AnfxoaH?1egT{dby{QvT+68luUcm`^`KX1nh(oO<N38
z5NwHJD-kXk4voWnBK^3>%mHd=KZu@4Yr5+f!gbSwp8$>h8A8E8WBl-x4ko|F&@8R5
z*w$(m6kdx$8_|40CY-w<sXmLYvB|_7*XUH@m&m!w<yU=llPuKTKh=lD0?HY*2Ej^_
zYZ*M*!#fvZxHx}GZ`&)^$Cs*Cv#?UIJuVBEazTA$G+5Ade=iD`dDP%spRS*5Hc$pn
zix;#vuT28mFMqiwaT(`pbZOKC-$=oW>Wj3z;oPJF0&B1+K^D35Wv_Mj%<SBm6b*22
zF<HQ~rfhKg#v41%WY}FGq~1H}$Os$^(m`rfm0Yv2PfVYj9yPx}Az#<VN}Sv}>kRhU
zP2$;;uGKvp=oLyHzy7$I$mV`-_J5i?&u_T8fNw`9Y9gW=CF&?ah|Xm69-`MoZ_y=0
zmngSx3?j<tMDNjwgdrh}5iLq&M2`@4l)PuS@Aa<d4|vvke6hv{%$#%fK4<^-@48Oo
zw;=1G8-qvtQ`w?Uq!m@tC`sMz$&{ecx1X9ZehMbMNlp22ITv1-VR%a*{|J-%;?+7*
zD)TL(RqtW{92`~@(AdeWNU`{hK}G-vUCV|!N*?&fGnXwXOIoZy{Y+J3a{+o_1w&;n
zUMV=b?oip}7LZYaVSKD#<c}<U_s7-rYRb7Xb#u;C+K0J{Nr0!}zY5ZSsIFR37npu!
z*x#bjyBrA);}AxmN7ajC`gzt`+>^4!K?4D1-E6HMTjOuwr}zJE_nf!F+b5=QY*(BH
zkF~_Jz&AaF4W;lAGADFXhan}fNfA|qx}$bv1*qu^12zGypGR%M;#k=7GZxF_t_}dN
z_6A5Li@Gx8bOGZf<S;4#_W6-Db{NR_j8PotvcKNh8C}S{JF03Nb^WBVSe%?uQ=}(S
znV&%E-|-(x5w7wwpqR3P3vwrQ_U=VD(BEr>H32GFe|TqMwMEAEdP8bT<4|zvXj^#9
z{u;n0wQOT!?H?W06d<<`MQQL>uL+Y(>1V`%Lf=W_41U-czjFY3W#cdJKMe%2b8gW-
zI4t8Ji?6otT0xBNXcc9}4m3X@<hh`ag0YM+t*sPLC!Do~cIvi2V0P{_rIzG!B9MM!
zL%e@-{3F?OP}ZuyAQZMaWrZk08m^}t;VOk#P8S;kM!OXAqh4TwlMS*U-=IIGI4L@U
zZUT=XIC|dPeP91h08co(Q_m}5r%Q=}2GLCP{Zt*Zm`%m*b!}K!d}&5GtUr}A$X63X
zo-j47zVYmCL-FD<Du)r9eSbDeE9ZB)UX<Ni9F!k&=yGWVd@V+S0IE(>!W~-;Lo)|M
zDM3QlbC`LGq@uZTkmCUS5&um*md}~iK`whP5<%~SfKHnBsCJQ3c%+2(y;?w&+mdI6
z_lTt$m)+q2e#9iIF_Bzq@+gGL_3fkY)M4)^^%LY%5lJ}r9B+Pr%rGu_1M^1y^9P~P
z9~2X3k;7;BbX4@aoev%F*!6d!Lni>xvfj0@_>{D;nAUTt1AUT=_=1W1H9~+*^ib}(
zWy@hR9Q;YBwJBd~thJ6d1jbPVrP3y)pVzxh=Ab6*vRL?Z8UVU`g}I>Q(nUS=5)%a>
z3qZH>d1d^X;0pf6;0JLJU%#zr=BHVxBZu%ByUMz4ls_W)3Q2fRu_Dow{OfQg!bU%A
zuPm1fc>)}ts=bdHF5-`F12>Z@FZae2NfG)zq=yE5_qLpc)&`vvPiKb8o}E#-lLZN^
z84`k1nfJ6#4P6o#<1goHcVrlwtSW+>@0qe)YWJ6ivOks6lh0%!9Th^Uq8B7n&fkn)
z=+^`WS2VNz#RgLj@8crOk`RZE-EBW1u>z}<RQEIetL_5N-7HbkD>dP~mweI`18s|n
zSd(=;J_+8c;HuzI9~M{7#DUsijcz2{C#?XGe}umK_bW-~jQ6fW)#@6oY7w2UkB7Y@
z0mx!c?sI=g-4?Eac>E73A|a^Z+lncH2Xy8XU(v2^G4xad;0+&PCbsyLPA}PeVSH=c
z4bqpPW(Jg>;YRAh$GDqG(y-z*-GGQuyHCrm{bmLEW$o13%BNf0M?O|l_OYjCD@vdb
z#GZc6wbQM2sf0J(cwYfxNb^R!!K9yX6Kfa6KZ^P5YEXuWL-aIKc#PFgR6z-0O{iq*
z(P53qYhrDg7bM0Kf$wUCu!3U3m4|x59cB}lEChhEs0pOx7STlArj=x4a?WBOL%-%3
z15#rsQPeI%FMBvTROfF7D|6)8E+2R(>raWygOMy)+MgYRI*aLAv~_*jF|JG~eXU2`
zs^%at8q0Lud?J|(DL;E`{z&(7{p>U4C|8t(p09V(^s>S1?0stOX%ugpG{c%1>dSSC
zq;Izc#{?)@(_fbbN@ccHQ@-UrqKtrK-m|lAbiXkKktxnp;9eyYA9WiwGeBUbLbs=Q
zoHh!6m9&%yqG4Dnye{dD@}kllmOhwq&bn~fjY0B3fuC051x{%%4H;W2G{VX&jmdn{
zH-x&z{E<t*(?u>y*4VQcETyUM$is+!QQl3tg6sbgAlL1KV;6?o9QO{d(0G+`4H&*5
z-*Nq<X-RE+Y>U7~#5M5ERC1u=rIV%!5Yciot7aSz_CATU{^jC2a9g)ew@I}2)1gT1
z;_<f9H%7%pOy;oavl=k>HmBp1p-*4vy@jIdwdm13sEhP8SSp4dU=%KHkf#g&gFY<J
zbLrr$ZTe-&+}boXjZ{d1u!!@~uSVDCKU7RU;9FNEL)mKaSB^1)&>4Gp=rBz$4_%wW
z1<i$G?jDsD@VsLBBi@r!03^ACekSU+lp!Oan3UZ~xWY|J-x{;3?$6EbB>wZ2WI+fY
z$lst#6OtAisTtA&;5S!nO4Ks7eM3nCGK5B~9JB`+)DL2~nyJIxmnDMp=nlwBUVZkx
zpjd^3+~{fWZ02yu9AKG=HKk6Zv(y7k_79n59Xt-z$gGHW_j=3QCYeo#5kpTY4YVm$
z`rXVIN!u`!Q6>NPOwgk;BkP^GTOG9IyC`s*rI({Je*aEplh)nXKS>Z`v%D1VrG%25
zoWA<y5YTSdBPrsl=lw3D)#!1;MmM*|<|4!W9c~N>aO%05He%ii$D2lxeXJyq9oB!A
z*x94LP54SbwbFHuL%oDheIKKHBxQ<xl3^rvL%MSIZH(n<3*I5zY=`4f2S=kH_{K`|
z4*I)NSohhAh+a(=tA`K=duGdbQ+5JBUMn)uN1my&=T%MFQF}k$ZRSE*D&#a^aWVKr
zEbI0T?nqceib?*$z>=SfKa>(36UxYoj~O9+)%|&s;5grBT+%Z6{2xi7?m2$?dojYY
zWD<uI^0pFe9(1P<N2$usQ?x9{l|az@3x6+;TF+m8DJIthWQd`|N1dyQXB{m`DC&u4
znH*5ms7_?LxE);xOB;2)1zMVT_Vvq;wjydS%iQHAt}kwt|L9B!y{Tk)mw*q7?X|P!
zBZ2AY)SZ0JQtu|5bmi?|6O`m6W@&yB9Z-`h?qcgn+HzNtonW+ptLl2c>Ss4*^>~E`
zW-F}-^5&p15|11#=k&~%kYBzq@G$%R0g?S~dqdy!vutzMD0oGUGP=z0jVN)|*g1Bp
zXW?meX7bSAbfP!31lIM`0{W-}ni~cn7)eMP7l|YhsJ=;tF~nZ`6xZY0>%!iZtP}Z7
z>k*hgPfvKjZVmmbMBm;!YU^1@$+-MQpMF?XKfd8>m84*z^fx^Pb`azogds1Olm1Jf
z`G=rJrL<AM=o7uA7v!`H^Qx;bN8-@HVRJ9g@jyZy-0YC{@MXB5tR)bw)wG<gNwwcN
zP+Pg0p;3=%p4<#?j42Z3X`AG_uDL!`o`c6ywU++p*Zmv<7TU3cUM1bJ;!Ta<8tZhD
zGR~TN{q@V-=TZcX3J{~Ql+3T0EZLUw_a2vMbK{WgMlf3{X*ZwS6XADg%~)>Qi}<W7
zJLR2{{p0VkSn=xAJJ^|PZ#;g!!}$2&&m3BCx%f8!v;l(&7dv&1!#;T9#*zBrAI|xY
z^(^Ep=FKE9mW8%-UEP>9q4fizu(r&mCyS6g?@zo_G%RTZqlA&&O>Cj=&f3L*IHizI
zuqygSQ|7GpI^x;d9rjwB)|US%BvXF#dRFS~K60%8Y)g|-yG(RY*QV8uYbYS)4Rk21
z3AXp-6Ayz4A8C9sI49UZARe12CY|3sG}+>WfwrvPDx%G(|4FeC{>!o^6Cye*_zONd
z5J$hRDakKA2Yro-G1g`Z+k@pdMF{D{YS6YlOH{Fopddr>A^#aEe@!!STl=1b?(e@0
z0c_58_6b5frk!gs<f&49$uY)is>O2;dB@>txtLHChx~vDX3D|PaBNq&NA*Ln-#$^h
z8|1#0q#eZq;KKN6n2$vZbn!md`27PohHm~6hkf-ML~ku-OOaN1S_1+D$m8>>{h5&6
zyrWLuO1p~W+o@I`h&40DlLq9}JMI~KTStgoh**&@k^9(D9f^N6bPS29j@?PNr%-C0
znCy$(+||(l&z9E$abz`1j6u<-H7>|<PUmtI>}GnPaX#+`>mZFRLsVr##9EcRcndyj
zvR%jU`sE68iPCRPf}BVhJB9g}G`shU6azsrdE`DS40n8CPt;k9YJw`{DBkn8O>#Hm
zl<{smo7b5h)Ubv0iS?%T?q-Ph-<T7aABE0hA|`lN2>|%}wO)BC({vI4mri(U4|O~C
zme=Kzj7IScUw7~<x^$H2HFe|>x_w;lWY@!JzBrOjYi9QxinRq-G8IlpD|_<OZksX#
z<WIB>sX(IvcwUmrnV#n+X7En1d^jurx|R^K#_=FdX~*=tagevd`dE_oH~Xlp-(KnZ
zi$XI>N{8AgO^^7{lrnen0~x?rF*ik}uIMv&nDx>dr05);x5DG_O)X@o2<%L{4>jie
zNY;V~-8b8^eksNU!mmtkzD1!03Po&AHwnLar86MO_2XMqf$$uZ^~v2_A1=KbIP0oX
zDAWY;`MSf03-Jo0YxSNIv{(Rc4z-&Nj7X^Ozs@ea`5nJqV2&~Qoy_%icjt=vclmzl
zJbPTdQ@n2Dt5dN6b-r7{n3HuC>psw_uekO2dbcV?WC5t^da>u1Li#qz_txV(1~0g+
zl#>XB>%rVTcBCNzHtBu|p&YWDb*#sAgi~XcYl;Cg<7tXe<{$aCAcMamCHH=o*P`V}
zQ+EolaULnp*t$7`<S|Q2a5<}sr*TYHj%R#B;H1Q6{lDh8lVOkH0orp<)1)SIc<1UQ
z2yf)%h1=a$lQ<%je19aRHSV%xE0##WPRf2rbj@qP%g?J6ac^elZRW5z4?4<&t65~v
z$taVjPRdk@8``q6q8_DYMdd^`oa+1DDI%!eM-)z$<UWK4WkWiszczGjRUC=m=zD2j
z&NWMd)gB}Bx+pOA<R^D1tlcLf%2NJbh0@J#5?gnAKSdOz3Hphx-=u<~2A=}b(_#q5
z99aJ5xjzGjFyFZM-qEE*pJ{D5`<+ij%NZ`q3x393$<ZE}*+4hlYA{y_Q&L>UmgNP#
z-PS`V#<8!GIu={F4#9>P90YZSn{pcm6vn8{PDBYeRNH0_)dRI^3DiNMV+#@ity+rh
z?$kc0_%j#Y+1x#EAxUFuu+koge6OD;(~q{RY{Z$?xaELIb&T21T~IbZs)gOOk?&Lr
zY?pA3q;4yyl%ChF*mc8}H@l(W4B_SVjDHN?g0}OC712F))Fsb4N|1xvgMM2cnO!&2
zDH-+IPFQpL9Y65|+?Y!V#%^8EAm1o4Zx1l!w2TV|+#18%vd<KmlmHH^veiaZgCPk!
zDHF$Yz852qv6R0ta-XfDg)>vS^&K&im9+(@Tz_V{FYi6v8GK-4vBai%-9s+1F_A$M
z0NIpy6co6uoNi3*SFo2r23Ek)wrb==e{m6?++tY%Beyh76TEeu%8#Q=a9-@=Fq`o)
z%`t1kb|L1ufi8=~tb#wn>%9*w@qqNeR)PqR0Aoz<U-~N~MFB=zjjW!uz-K3H7za0V
zkhE8{I8-vM=!e&D%KN(!tvqN6QcvM(#zRMFq!>p`zQ<6^P;Eyw-S8=uC*wg^VFl#3
z5S><doCwNwL#v)+a2E#%(>i7SqI#OSMUYDmuu9*7WDss7$?YMZ^inaa&8~O2_}(1?
z?Nu%jc9I6KL!zu9?5FRXafhvtn&bZPkfeiEe4<L2=C+IofO_YdSi2k0LmtVJ4p-8a
zX#>&P4?MpGSjE{ta5A`Ufeey4B2sTQ2MCpcB_z2DcO9+Ujh{WHucL0zTC<~<woyHN
zD;Zm?z;aIIE@W4T$$;8vH)WnFqJNR^Q_B;&lU4fES2THy22eB?LD!gk9k;>gh?ut_
zcr#{f?$nbjEJ*WhKF9HsSp`P^12Uq~iQeZzm)pi>Xzr3dzPn>CG#IF3-_gsM3`<}s
zenl{7dp_bB+NkqvEg+_5FXg_&T6Sk<Zy>kSKXTX{_2KZ(d;|w;bGiocJQRy3qt9k-
zzor-^U_d5n>tomNZAjkfy)!5t!WloIeER*vV8ePa(-^~bF{BOxevw79#6AY;<!U__
zC0SV`r-`VU_|RzVIo{tyDV??CENeM6`~;(lco+Z8-qn3S1>yGbW{6NTp81IEove86
zRZ47KVWfup)SY5Cha#R@Zxm>JBfHyZq={tv!JEs{ohGw4jdHOf?Xf1Wd)mssw8pX&
zVxN`M?j?@%d^o&K>9)TEe!19KcaymP;Oz%n79o{ut{Q*n8Yr!>+Hb}|si3*^ak`q1
zNgPfX`A_f0i4Ih2qZ6pDAVNeIDd0+(@sEMVT9Y&c+~H?|<+p}rnpBitz}?qU#3;-h
z9{rd?k2y`DTOOLYdPD<&=|Q_`e=LKCPzO&PiMh89+c95yeR0e_p1ab<C#1q;O}5c|
z;bPyrKImf2(E>ln{Y6sRyvRBOw(QL8Ja(i=M{7@b=HX0Lp#B_YfMwWl11#|&=qKVA
z6gaNq4#v(I82BGqH$R2dKNJTNnj!d%6U5C8|3Yt_6IR}p*15*<RuiVT=N*e7ho!X%
zTmcs#y$Mf#ao>k{`kleJWdLl{y&)bYq9>r?d7C72(~N(>Hur)rc45)z51}kT{6j9g
z9}-d1G4u^-@HRBQe;IL&R3y*Q|KTWy<?ZxW8rm|ugF{bLEM<m_f4d=FlUM)?Vl3>&
zimW8&RZgIYEucyG&~kFNs@S8cD%Gg1?$xaU8u)5~>W@nT6Wr5?_exUWdnC!HQ#ug7
zHy%U!b?l3gDuM!|Gt<U1dyR)Kr|8^Q<ol{6njFQQTLXu*4Os|e-eXm;TO`cynB~uX
z1eoIy*I<_GQ2K^cZxxbtPBk`x6uq2ccIrK~o;5{O<2QTjZG5XfDC#l!V^{K2W-Kjl
z_{JL-uW(78-}gQRO!<A&??x)-KL0w+h6PK~ov6%xTvR;nqc%3?NFoxmYrgMe5Js@E
z3pDJ4;c|stwwC-53uGxf0ZO=9m=)h4(SsuGeqaH4IFMF9QnF=4SV-I0t24g4Ej<wA
z|8R3^f81e8JqGTUaE^i(ND>S@H;P5B)34YE$2Gvdq+2w{R85i;jy!q+Z{dScO)2~A
zJV+PXWU{M^+Eo)Mhi1;xr;B7n1WWNUmz^5C$$Zd_j1Nd&PyGJHFHt%Ne8S8$g{r@G
ztZio3WniUto5{0%Lm25>E?gGMyPf>Btdh=GCcmYA3#^=9R;l*@8y>M)PgJi55cV5l
z%X6-FjwTxN;0dtY<x%y%Tg`nGAJz+N&$cC+sxye{lPm30Vq{e`e(?Ry0R7_M`Ni}3
zw;IAxBL3ODOR7v~u0ly~_6kC!xZ5U8rGndmwFl*#PBIn>B5JLvYyN{~BRclJm{7{s
zT>js@5>gV4KUQ%g@dpJmm}6S^g+W>V9jeM6z4po{4|47$5N*f8z7gqi&UG4vE!Z&3
zMbp1hV}ys6JC`pUdgJy6(vlo_@a*HNZlw#}$UwlwzG9sJb;DVxSWf{hG7B13TI8<|
zS7|*SC#}94N74|FmzVuaIyHvJvp7N*njSw3p{0loh}wC*_H&kuIkhG_E`>@mE3Oce
z&*r@x*<~+55>ewUTc0@{Ee{x4xIwegp^@`&*5$CRoBl(I^hoH=Qn7W(;mAzLKEa8G
z?l-W->si7*h$H$<sQ62uqT&k|7Ff(Vb91M5=qtUcl!WbH%(0Vjs@Zl$9xxjZBKjZZ
ze>mzs>M{z_Z=k=i&y|aCy{XMs;{Epa0VS)8EP)tWq_^^Oy31NJ>1P6&(p)?NHxovK
z#TYDNqAh^`;g2aya247HJR=dAcJ^Bjy>0#m(osYbT&f$Q_)C%y72hITM%(KYjE{XT
z2*SG!pxshq6b5&5p?mK~y>-s0UXPcJ^^xXl*-<nUd6rgA0Xw^Xo0AxeZOFK@2f=3F
zHBreF%JXj5pTF)FCDFVXz%A#tJ!wBnm#B7fjdvkgh%m2of(|OS1Qa>Rl}{X@Bid7(
z5=W=7awQ5w5s4a6bNdhR&rr<<7tQ*k^8vq?<NgOb^7BtM-3L!^zN?J-5sYi-S&TdS
zt4e~UU{clE`i{96p!H^^5Z|;&Sht${;mrt%jM_EQ=aXvKF;Afa_coH$4zZ5Hznhoc
zJi}{);dJ;_v7!?cA<sV7;Oo79?YEac1p!Q2Gp4`Uq~|;vwMlszvlEJ%-p^+>f4B@F
zO2e)BMgklfnTU)|7v40^Xe=_4wmoBcz0x~O>anPi%+Z7PNSKi@OQxpy0p{}|3Gn2y
z>+r~kIB-|!G@1e8GY#7pVmmV5iG~(j+nIQbI#*+lcK6RsM{2GmmABB7Z35;wcfotV
z`Z)(BJ&h!pDbH9ujjSoVf7i4aT~((3%iuoWx=IQEdtK^<Ti(9XhXFyI_^ZqA#DA~<
z4^Sfo+K!jw=lZh_KI_YO{eSf1mC}ssD#yRCr*LBLJN-CD0+3bwz<ieNJosucf>WyH
z0L$?sZna&K(x+5}Qm7rNGNtGw%UML{P*kTudYBEn$~s>UM?~hWjR(2v$$lM3xQ#<8
zOGpIE3Y|l_Z^dW7&;*$zNR^YEK^sTZK8t_6zph4)$dK~dX&`|U@?J{`D%XhKujY|(
zx8nDgv_TWXkal`2zlT8LaddC4)zkB`kal0TVmluF2MWUKTO<X3vcLRvzfxb0f3M#_
zspXph3!Yszj`PL6#BqGK94{jIpM(&n1=%4rz6`E_5US&*J>KZ%JK*ij`AXxmh)V|)
zP6qY!WHmoOhn2VwCjLdPkuo-A5%@lFq3CJ5{XgM>+&J1I|7%r%wwv@5fGTDO3q-lM
z0y?>2nXjV66&Yj=3P2K*J)x)AC8Q>YGd2DMR!eg&fdyPB{q4T_XN&WPR#>l>2oRpu
zEVTVSBzzaUS!*NSb(Qme`gnQ9`!)i_vnD)t{Fg3wzXKvQX95dCWzszr(*51@?=hf-
zP##iZTt0HzV@r3dvd{n-Z_7Oe@<DPKu1_g35w5C3E33=D;8>D!fbz+=I$H*yhrPkY
zOO&%KOLB|8R!KNHkvRKXY}pa*OTeI|W-=rQuil6~t5_A|(AWAM$Ns3s%Jbd#=nA+e
zGtqETRjQ}GwUsH)+8NILckQWpCJ<G&2Lhezx$e+QClk)PI*>K;FXl30QiG6`Oj*Tr
z+z&^M8w7lLveF&2)dGOO5WvQrTmV9+yzA}h>`N-wexw`fx)5Zx(ItoQJ=Zwls_M;_
zVBpsUY)*$^MB4^ZdLcu+gE;ivVFyZ6V$$ZsFBP^8#AAzFz;A`=eTuj?vyy4EU<vfh
zJZM}^9$)^S%t5KdzlkE&D{I={ZqF?w;ryr!jcxxTChF#QaXrH*vPgEeIp(VZhlyp$
z+#R#;xOU>B+VCHt9=<%s?_wu?UFv9?5)F5P!5(vROW_2wdn@?a$nQYh;YNVl2eOLU
zas}K=ZE)A(K}`)5Z$9Z%>CPWJBd2!G^y(kD8WT=dH1s-me=^xmTCHu_zv>P~rW-t8
z*(<g>1%3-{H_F9U<UN?u{JJhn^|7=4F1giq`3|WmYIRz2^a$5OoeMDP5rFh?zbo&R
znF0!mT^@I{ew;4;y%45jki?BeGgVhz*;}M6H16#B<x7N>C)2K4`pHp8ECOC1BrLU*
zpq0S370utvK(X%=u?;7o1*sQ}J7JfTD6z2H*xL@AWzolx7o&p^dew``?A|Z=iNi*I
z`a5lx+&q;Fyw91vys(RtnQ%vsYdVW%;K@4{s9MOnrSFIYP_8=|2G_cqxD8y>`xTO$
z@-^9Z0&v5$a+08&=5}#rn4j;-MJ&1ByeokpGB&*R6GFJRg;)FC*)T=#D*T*$#j(H6
z@1YxlgiWS2iOU?q^3RI5%Qj57Q*LZ$kyl-gR#_uaSH-j_TLK787c6;F9Y~igm~*rU
z{AM|Gi20tYu_#90G=Z$(`&@6K5qxP-S4NGWM`%b|{t<3(b24l)JNcX+y$T=?-)k<#
zpW>?W?n<PjWBP-~T)bzslaW@H?Mf?lD&|%6a~d;WvoFe3$WU!Sk<t8wrb?ydEV=X5
z@T<=gNAjfya{v}~?oV12eik98f9<gK1kZZy(ZFOH_cRl*i+HfMT`vZ|xG{~~uhE=l
zh9=g~qVPxa_T5@xipS-7mzN0x>|c*mflzJGGmgsCTQq?C++z~MgdcbPOodeLM$W@)
zso}O1a_~qYm%6gs#>2Y`_l;!)e($^W9J+bX2y)Xe0ej?cxhVOsx%M?#BO`5Dz^Atu
zHlh$~KtexDoSY&=GM711^Y#c0ABI=je0xIGuBzxKehWV<Jr3?EvExqIGSHZ&dl09#
zejeQHOyox4*T|IIqO9tw<;N0I;Sm$)Uyxz8kG`DVvaWFC398?OtCns@-0WKn`eHqj
zVT2z`7|mY8&Ncnu_p567^?mQUj~O<eN#J%@j^_*ndW4iGVPBO@UpA%0hhkp-oe+9&
zRScfohcdPGI#SJY9!1@$B2HN0%sRzoLOuyT4o0BL(*gFQnvVyhK^nd05l@Y8?-3{>
zbLgUjN7tW&{%pK2eCSp0`AJc%fOT*UbU6(>o-bb&Pxb3w*$zMJ{*xO3w><k!dGV8F
z(VKGWup0ej@=^Od96{Na_{~+^IQt`=RbwICR$`}ywrb(ijg|MqijiW_NS)pTbi79?
zmLpMNhAfnjsI6?puq}l-f_-)skX^U~7kVCln-7g;Zl;;Zt5I_Q?I2#8UolTofX4w9
z9z5k)B{446$p|G|A*g?WC!D>{x{C^tk(L)}Ogwmz5!F7C1jWW&4)Qb4uP)X{q?$DP
z$G@KS%n?6Y4lu4($H+$BgGN%B=c<Rtv+F(u^Zcfg!51Q=UyXp<wmq9#!56q*_yJ*f
zeI*i@lUv}BZC6ME-1Qr^W^J^=Z;b|fBaVg@nMnOV!!_j9dG<v1Cbq8bPkMzjMf`Q=
zm;<?5!?0yxuC4rk7{|O(C%|xOg6<cNUW>#JG(X9Duq0{{ZFX>LT5`mHoqCTHRdVh;
zc+g;gx;*}Z#FvXg3I9Y2RS9UDeB^)L|E$f(;7m#NEaK*p_+0vdf}-)a-GzRXKy|m0
zRuVAag{;Vj^-}xNq{Jy+a7;Hax9a$Uz`NK;zVvuF4A`}{pKj^86lC9f4vjJzKE=&}
zMta7=s%9JQ`@o0F1*tI)yn1$suw7_l_(Xu|yFIOf2xr}<+f3WYN)g_bpG)WV^*h7$
ze<}yL<+mRA)JziL2NIqy*BVCc-#ZHZ0KA>!yr#B%1x60m*~G&l)=R_i=br;t+gb{3
z$uTX;8<zaXbYX~>QMM!&P6t|Dgqp_>DXK4qAzm-TP0tRd_d{Y?2-8T}yMVnOl?$6{
zW4pk(_=VW?UCdGYy7{jk^AWpKaawin)2^XYCL?cbd_HeedI&<M+Ui&FMnGF$XtnhE
zpYiFqlY~Z`0QU^cEL(yQnI<)JHmZd(b^U*OXQvUKO+srXCDNwynZpo-7UA)e@DxAi
z7@Rrm*@1N&M|(IMP<oHr7I@EBsj|+`P99nwEwmx3hx#sGNGP@%!V1tLfTLvgcdI3;
z>j}Zh_rrXNo%!XgBHV<>_87d5lYs)$pa3(4xFZ{B3+*(w6g45g8$sID^<(!h$$bcU
zJ{BWtS3p;U9cLk-y!@~vMK15NMBgN!s5>rC1pwDTb9vurCy96FOth1Xk@u^@|8f4x
zt_$|>y>O!&u(#%FoV&U=F7>)n=U)E3|J~bU?FSQQf0tq?GVjuDR9yqUG*onzYaZA}
F{y(39yqW+2

literal 0
HcmV?d00001


From c384851488ad518c0bc2c22e76265c80f120dc2d Mon Sep 17 00:00:00 2001
From: Den <53200638+localden@users.noreply.github.com>
Date: Mon, 17 Jun 2024 12:55:39 -0700
Subject: [PATCH 3/3] Fix broken link

---
 msal-dotnet-articles/how-to/token-cache-serialization.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/msal-dotnet-articles/how-to/token-cache-serialization.md b/msal-dotnet-articles/how-to/token-cache-serialization.md
index 36327232..ee37d169 100644
--- a/msal-dotnet-articles/how-to/token-cache-serialization.md
+++ b/msal-dotnet-articles/how-to/token-cache-serialization.md
@@ -37,7 +37,7 @@ The recommendation is:
 The [Microsoft.Identity.Web.TokenCache](https://www.nuget.org/packages/Microsoft.Identity.Web.TokenCache) NuGet package provides token cache serialization within the [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) library. The library provides integration with both ASP.NET Core and ASP.NET Classic, and its abstractions can be used to drive other web app or API frameworks. 
 
 >[!NOTE]
-> The examples below are for ASP.NET Core. For ASP.NET the code is similar, see [the `ms-identity-aspnet-wepapp-openidconnect` web app sample](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect/blob/master/WebApp/App_Start/Startup.Auth.cs) for a reference implementation.
+> The examples below are for ASP.NET Core. For ASP.NET the code is similar, see [the `ms-identity-aspnet-wepapp-openidconnect` web app sample](https://github.com/Azure-Samples/ms-identity-aspnet-webapp-openidconnect/blob/archive/WebApp/App_Start/Startup.Auth.cs) for a reference implementation.
 
 | Extension method | Description  |
 | ---------------- | ------------ |