From 1bb060ad1dae5c1abcc8ff1af5fc5f48dc8e6b92 Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Wed, 19 Jul 2023 09:44:23 +0200
Subject: [PATCH 01/18] Introduce `Job` & `Schedule` DB model

---
 library/X509/Job.php                          |  1 -
 library/X509/Model/Behavior/DERBase64.php     |  2 +
 .../Model/Behavior/ExpressionInjector.php     |  2 +
 library/X509/Model/Behavior/Ip.php            |  2 +
 library/X509/Model/X509Certificate.php        |  2 +
 library/X509/Model/X509CertificateChain.php   |  2 +
 .../X509/Model/X509CertificateChainLink.php   |  2 +
 .../Model/X509CertificateSubjectAltName.php   |  2 +
 library/X509/Model/X509Dn.php                 |  2 +
 library/X509/Model/X509Job.php                | 73 +++++++++++++++++++
 library/X509/Model/X509JobRun.php             | 52 ++++++++++---
 library/X509/Model/X509Schedule.php           | 70 ++++++++++++++++++
 library/X509/Model/X509Target.php             |  2 +
 schema/mysql-upgrades/1.3.0.sql               | 39 ++++++++++
 schema/mysql.schema.sql                       | 53 +++++++++++---
 schema/pgsql-upgrades/1.3.0.sql               | 37 ++++++++++
 schema/pgsql.schema.sql                       | 49 ++++++++++---
 17 files changed, 359 insertions(+), 33 deletions(-)
 create mode 100644 library/X509/Model/X509Job.php
 create mode 100644 library/X509/Model/X509Schedule.php
 create mode 100644 schema/mysql-upgrades/1.3.0.sql
 create mode 100644 schema/pgsql-upgrades/1.3.0.sql

diff --git a/library/X509/Job.php b/library/X509/Job.php
index 1937812e..da396e2a 100644
--- a/library/X509/Job.php
+++ b/library/X509/Job.php
@@ -443,7 +443,6 @@ public function run(): Promise\ExtendedPromiseInterface
             $this->db->insert('x509_job_run', [
                 'name'             => $this->getName(),
                 'start_time'       => $this->jobRunStart->getTimestamp() * 1000.0,
-                'ctime'            => new Expression('UNIX_TIMESTAMP() * 1000'),
                 'total_targets'    => 0,
                 'finished_targets' => 0
             ]);
diff --git a/library/X509/Model/Behavior/DERBase64.php b/library/X509/Model/Behavior/DERBase64.php
index 402a4194..f7b7215d 100644
--- a/library/X509/Model/Behavior/DERBase64.php
+++ b/library/X509/Model/Behavior/DERBase64.php
@@ -1,5 +1,7 @@
 <?php
 
+/* Icinga Web 2 X.509 Module | (c) 2022 Icinga GmbH | GPLv2 */
+
 namespace Icinga\Module\X509\Model\Behavior;
 
 use ipl\Orm\Contract\PropertyBehavior;
diff --git a/library/X509/Model/Behavior/ExpressionInjector.php b/library/X509/Model/Behavior/ExpressionInjector.php
index caccdf95..afb8049f 100644
--- a/library/X509/Model/Behavior/ExpressionInjector.php
+++ b/library/X509/Model/Behavior/ExpressionInjector.php
@@ -1,5 +1,7 @@
 <?php
 
+/* Icinga Web 2 X.509 Module | (c) 2022 Icinga GmbH | GPLv2 */
+
 namespace Icinga\Module\X509\Model\Behavior;
 
 use ipl\Orm\Contract\QueryAwareBehavior;
diff --git a/library/X509/Model/Behavior/Ip.php b/library/X509/Model/Behavior/Ip.php
index 3ca1a351..79c9e80d 100644
--- a/library/X509/Model/Behavior/Ip.php
+++ b/library/X509/Model/Behavior/Ip.php
@@ -1,5 +1,7 @@
 <?php
 
+/* Icinga Web 2 X.509 Module | (c) 2022 Icinga GmbH | GPLv2 */
+
 namespace Icinga\Module\X509\Model\Behavior;
 
 use ipl\Orm\Behavior\Binary;
diff --git a/library/X509/Model/X509Certificate.php b/library/X509/Model/X509Certificate.php
index f2041fb6..63bdf955 100644
--- a/library/X509/Model/X509Certificate.php
+++ b/library/X509/Model/X509Certificate.php
@@ -1,5 +1,7 @@
 <?php
 
+/* Icinga Web 2 X.509 Module | (c) 2022 Icinga GmbH | GPLv2 */
+
 namespace Icinga\Module\X509\Model;
 
 use Icinga\Module\X509\Model\Behavior\DERBase64;
diff --git a/library/X509/Model/X509CertificateChain.php b/library/X509/Model/X509CertificateChain.php
index 8565585c..189c38dd 100644
--- a/library/X509/Model/X509CertificateChain.php
+++ b/library/X509/Model/X509CertificateChain.php
@@ -1,5 +1,7 @@
 <?php
 
+/* Icinga Web 2 X.509 Module | (c) 2022 Icinga GmbH | GPLv2 */
+
 namespace Icinga\Module\X509\Model;
 
 use ipl\Orm\Behavior\BoolCast;
diff --git a/library/X509/Model/X509CertificateChainLink.php b/library/X509/Model/X509CertificateChainLink.php
index 3b7a4a5b..d0937930 100644
--- a/library/X509/Model/X509CertificateChainLink.php
+++ b/library/X509/Model/X509CertificateChainLink.php
@@ -1,5 +1,7 @@
 <?php
 
+/* Icinga Web 2 X.509 Module | (c) 2022 Icinga GmbH | GPLv2 */
+
 namespace Icinga\Module\X509\Model;
 
 use ipl\Orm\Behavior\MillisecondTimestamp;
diff --git a/library/X509/Model/X509CertificateSubjectAltName.php b/library/X509/Model/X509CertificateSubjectAltName.php
index 2e431301..62aac5c1 100644
--- a/library/X509/Model/X509CertificateSubjectAltName.php
+++ b/library/X509/Model/X509CertificateSubjectAltName.php
@@ -1,5 +1,7 @@
 <?php
 
+/* Icinga Web 2 X.509 Module | (c) 2022 Icinga GmbH | GPLv2 */
+
 namespace Icinga\Module\X509\Model;
 
 use ipl\Orm\Behavior\Binary;
diff --git a/library/X509/Model/X509Dn.php b/library/X509/Model/X509Dn.php
index b3c4cd25..fa0406ff 100644
--- a/library/X509/Model/X509Dn.php
+++ b/library/X509/Model/X509Dn.php
@@ -1,5 +1,7 @@
 <?php
 
+/* Icinga Web 2 X.509 Module | (c) 2022 Icinga GmbH | GPLv2 */
+
 namespace Icinga\Module\X509\Model;
 
 use ipl\Orm\Behavior\Binary;
diff --git a/library/X509/Model/X509Job.php b/library/X509/Model/X509Job.php
new file mode 100644
index 00000000..1b3a855d
--- /dev/null
+++ b/library/X509/Model/X509Job.php
@@ -0,0 +1,73 @@
+<?php
+
+/* Icinga Web 2 X.509 Module | (c) 2023 Icinga GmbH | GPLv2 */
+
+namespace Icinga\Module\X509\Model;
+
+use DateTime;
+use ipl\Orm\Behavior\MillisecondTimestamp;
+use ipl\Orm\Behaviors;
+use ipl\Orm\Model;
+use ipl\Orm\Query;
+use ipl\Orm\Relations;
+
+/**
+ * A database model for all x509 jobs
+ *
+ * @property int $id Unique identifier of this job
+ * @property string $name The name of this job
+ * @property string $author The author of this job
+ * @property string $cidrs The configured cidrs of this job
+ * @property string $ports The configured ports of this job
+ * @property ?string $exclude_targets The configured excluded targets of this job
+ * @property DateTime $ctime The creation time of this job
+ * @property DateTime $mtime The modification time of this job
+ * @property Query|X509Schedule $schedule The configured schedules of this job
+ * @property Query|X509JobRun $job_run Job activities
+ */
+class X509Job extends Model
+{
+    public function getTableName(): string
+    {
+        return 'x509_job';
+    }
+
+    public function getTableAlias(): string
+    {
+        return 'job';
+    }
+
+    public function getKeyName()
+    {
+        return 'id';
+    }
+
+    public function getColumns(): array
+    {
+        return [
+            'name',
+            'author',
+            'cidrs',
+            'ports',
+            'exclude_targets',
+            'ctime',
+            'mtime'
+        ];
+    }
+
+    public function createBehaviors(Behaviors $behaviors): void
+    {
+        $behaviors->add(new MillisecondTimestamp([
+            'ctime',
+            'mtime'
+        ]));
+    }
+
+    public function createRelations(Relations $relations): void
+    {
+        $relations->hasMany('schedule', X509Schedule::class)
+            ->setForeignKey('job_id');
+        $relations->hasMany('job_run', X509JobRun::class)
+            ->setForeignKey('job_id');
+    }
+}
diff --git a/library/X509/Model/X509JobRun.php b/library/X509/Model/X509JobRun.php
index 1fa4af58..d776622f 100644
--- a/library/X509/Model/X509JobRun.php
+++ b/library/X509/Model/X509JobRun.php
@@ -1,43 +1,77 @@
 <?php
 
+/* Icinga Web 2 X.509 Module | (c) 2022 Icinga GmbH | GPLv2 */
+
 namespace Icinga\Module\X509\Model;
 
+use DateTime;
 use ipl\Orm\Behavior\MillisecondTimestamp;
 use ipl\Orm\Behaviors;
 use ipl\Orm\Model;
+use ipl\Orm\Query;
+use ipl\Orm\Relations;
 
+/**
+ * A database model for all x509 job schedules
+ *
+ * @property int $id Unique identifier of this job
+ * @property ?int $job_id The id of the x509 job this job run belongs to
+ * @property ?int $schedule_id The id of the x509 job schedule this run belongs to
+ * @property int $total_targets All the x509 targets found by this job run
+ * @property int $finished_targets All the x509 targets scanned by this job run
+ * @property DateTime $start_time The start time of this job run
+ * @property DateTime $end_time The end time of this job run
+ * @property Query|X509Job $job The x509 job this job run belongs to
+ * @property Query|X509Schedule $schedule The x509 job schedule this job run belongs to
+ */
 class X509JobRun extends Model
 {
-    public function getTableName()
+    public function getTableName(): string
     {
         return 'x509_job_run';
     }
 
+    public function getTableAlias(): string
+    {
+        return 'job_run';
+    }
+
     public function getKeyName()
     {
         return 'id';
     }
 
-    public function getColumns()
+    public function getColumns(): array
     {
         return [
-            'name',
+            'job_id',
+            'schedule_id',
             'total_targets',
             'finished_targets',
             'start_time',
-            'end_time',
-            'ctime',
-            'mtime'
+            'end_time'
         ];
     }
 
-    public function createBehaviors(Behaviors $behaviors)
+    public function getDefaultSort(): string
+    {
+        return 'start_time desc';
+    }
+
+    public function createBehaviors(Behaviors $behaviors): void
     {
         $behaviors->add(new MillisecondTimestamp([
             'start_time',
             'end_time',
-            'ctime',
-            'mtime'
         ]));
     }
+
+    public function createRelations(Relations $relations): void
+    {
+        $relations->belongsTo('job', X509Job::class)
+            ->setCandidateKey('job_id');
+        $relations->belongsTo('schedule', X509Schedule::class)
+            ->setJoinType('LEFT')
+            ->setCandidateKey('schedule_id');
+    }
 }
diff --git a/library/X509/Model/X509Schedule.php b/library/X509/Model/X509Schedule.php
new file mode 100644
index 00000000..476641aa
--- /dev/null
+++ b/library/X509/Model/X509Schedule.php
@@ -0,0 +1,70 @@
+<?php
+
+/* Icinga Web 2 X.509 Module | (c) 2023 Icinga GmbH | GPLv2 */
+
+namespace Icinga\Module\X509\Model;
+
+use DateTime;
+use ipl\Orm\Behavior\MillisecondTimestamp;
+use ipl\Orm\Behaviors;
+use ipl\Orm\Model;
+use ipl\Orm\Relations;
+
+/**
+ * A database model for all x509 job schedules
+ *
+ * @property int $id Unique identifier of this job
+ * @property int $job_id The id of the x509 job this schedule belongs to
+ * @property string $name The name of this job schedule
+ * @property string $author The author of this job schedule
+ * @property string $config The config of this job schedule
+ * @property DateTime $ctime The creation time of this job
+ * @property DateTime $mtime The modification time of this job
+ * @property X509Job $job The x509 job this schedule belongs to
+ * @property X509JobRun $job_run Schedule activities
+ */
+class X509Schedule extends Model
+{
+    public function getTableName(): string
+    {
+        return 'x509_schedule';
+    }
+
+    public function getTableAlias(): string
+    {
+        return 'schedule';
+    }
+
+    public function getKeyName()
+    {
+        return 'id';
+    }
+
+    public function getColumns(): array
+    {
+        return [
+            'job_id',
+            'name',
+            'author',
+            'config',
+            'ctime',
+            'mtime'
+        ];
+    }
+
+    public function createBehaviors(Behaviors $behaviors): void
+    {
+        $behaviors->add(new MillisecondTimestamp([
+            'ctime',
+            'mtime'
+        ]));
+    }
+
+    public function createRelations(Relations $relations): void
+    {
+        $relations->belongsTo('job', X509Job::class)
+            ->setCandidateKey('job_id');
+        $relations->hasMany('job_run', X509JobRun::class)
+            ->setForeignKey('schedule_id');
+    }
+}
diff --git a/library/X509/Model/X509Target.php b/library/X509/Model/X509Target.php
index 978e6f27..7705d573 100644
--- a/library/X509/Model/X509Target.php
+++ b/library/X509/Model/X509Target.php
@@ -1,5 +1,7 @@
 <?php
 
+/* Icinga Web 2 X.509 Module | (c) 2022 Icinga GmbH | GPLv2 */
+
 namespace Icinga\Module\X509\Model;
 
 use Icinga\Module\X509\Model\Behavior\Ip;
diff --git a/schema/mysql-upgrades/1.3.0.sql b/schema/mysql-upgrades/1.3.0.sql
new file mode 100644
index 00000000..c886b0bd
--- /dev/null
+++ b/schema/mysql-upgrades/1.3.0.sql
@@ -0,0 +1,39 @@
+CREATE TABLE IF NOT EXISTS x509_job (
+  id int(10) unsigned NOT NULL AUTO_INCREMENT,
+  name varchar(255) NOT NULL COLLATE utf8mb4_unicode_ci,
+  author varchar(255) NOT NULL COLLATE utf8mb4_unicode_ci,
+  cidrs text NOT NULL,
+  ports text NOT NULL,
+  exclude_targets text DEFAULT NULL,
+  ctime bigint unsigned NOT NULL,
+  mtime bigint unsigned NOT NULL,
+
+  PRIMARY KEY (id),
+  UNIQUE (name)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE IF NOT EXISTS x509_schedule (
+  id int(10) unsigned NOT NULL AUTO_INCREMENT,
+  job_id int(10) unsigned NOT NULL,
+  name varchar(255) NOT NULL COLLATE utf8mb4_unicode_ci,
+  author varchar(255) NOT NULL COLLATE utf8mb4_unicode_ci,
+  config text NOT NULL, -- json
+  ctime bigint unsigned NOT NULL,
+  mtime bigint unsigned NOT NULL,
+
+  PRIMARY KEY (id),
+  CONSTRAINT fk_x509_schedule_job FOREIGN KEY (job_id) REFERENCES x509_job (id) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+DELETE FROM x509_job_run;
+ALTER TABLE x509_job_run
+  ADD COLUMN IF NOT EXISTS job_id int(10) unsigned NOT NULL AFTER id,
+  ADD COLUMN IF NOT EXISTS schedule_id int(10) unsigned DEFAULT NULL AFTER job_id,
+  DROP COLUMN IF EXISTS `name`,
+  DROP COLUMN IF EXISTS ctime,
+  DROP COLUMN IF EXISTS mtime,
+  DROP CONSTRAINT IF EXISTS fk_x509_job_run_job,
+  DROP CONSTRAINT IF EXISTS fk_x509_job_run_schedule;
+ALTER TABLE x509_job_run
+  ADD CONSTRAINT fk_x509_job_run_job FOREIGN KEY (job_id) REFERENCES x509_job (id) ON DELETE CASCADE,
+  ADD CONSTRAINT fk_x509_job_run_schedule FOREIGN KEY (schedule_id) REFERENCES x509_schedule (id) ON DELETE CASCADE;
diff --git a/schema/mysql.schema.sql b/schema/mysql.schema.sql
index 52530797..cf32c220 100644
--- a/schema/mysql.schema.sql
+++ b/schema/mysql.schema.sql
@@ -67,18 +67,6 @@ CREATE TABLE x509_dn (
   PRIMARY KEY (`hash`,`type`,`order`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
-CREATE TABLE x509_job_run (
-  id int(10) unsigned NOT NULL AUTO_INCREMENT,
-  `name` varchar(255) NOT NULL,
-  total_targets int(10) NOT NULL,
-  finished_targets int(10) NOT NULL,
-  start_time bigint unsigned DEFAULT NULL,
-  end_time bigint unsigned DEFAULT NULL,
-  ctime bigint unsigned DEFAULT NULL,
-  mtime bigint unsigned DEFAULT NULL,
-  PRIMARY KEY (id)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
-
 CREATE TABLE x509_target (
   id int(10) unsigned NOT NULL AUTO_INCREMENT,
   ip binary(16) NOT NULL,
@@ -91,3 +79,44 @@ CREATE TABLE x509_target (
   PRIMARY KEY (id),
   INDEX x509_idx_target_ip_port (ip, port)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE x509_job (
+  id int(10) unsigned NOT NULL AUTO_INCREMENT,
+  name varchar(255) NOT NULL COLLATE utf8mb4_unicode_ci,
+  author varchar(255) NOT NULL COLLATE utf8mb4_unicode_ci,
+  cidrs text NOT NULL,
+  ports text NOT NULL,
+  exclude_targets text DEFAULT NULL,
+  ctime bigint unsigned NOT NULL,
+  mtime bigint unsigned NOT NULL,
+
+  PRIMARY KEY (id),
+  UNIQUE (name)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE x509_schedule (
+  id int(10) unsigned NOT NULL AUTO_INCREMENT,
+  job_id int(10) NOT NULL,
+  name varchar(255) NOT NULL COLLATE utf8mb4_unicode_ci,
+  author varchar(255) NOT NULL COLLATE utf8mb4_unicode_ci,
+  config text NOT NULL, -- json
+  ctime bigint unsigned NOT NULL,
+  mtime bigint unsigned NOT NULL,
+
+  PRIMARY KEY (id),
+  CONSTRAINT fk_x509_schedule_job FOREIGN KEY (job_id) REFERENCES x509_job (id) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE x509_job_run (
+  id int(10) unsigned NOT NULL AUTO_INCREMENT,
+  job_id int(10) unsigned NOT NULL,
+  schedule_id int(10) unsigned DEFAULT NULL,
+  total_targets int(10) NOT NULL,
+  finished_targets int(10) NOT NULL,
+  start_time bigint unsigned DEFAULT NULL,
+  end_time bigint unsigned DEFAULT NULL,
+
+  PRIMARY KEY (id),
+  CONSTRAINT fk_x509_job_run_job FOREIGN KEY (job_id) REFERENCES x509_job (id) ON DELETE CASCADE,
+  CONSTRAINT fk_x509_job_run_schedule FOREIGN KEY (schedule_id) REFERENCES x509_schedule (id) ON DELETE CASCADE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
diff --git a/schema/pgsql-upgrades/1.3.0.sql b/schema/pgsql-upgrades/1.3.0.sql
new file mode 100644
index 00000000..be8fcfaa
--- /dev/null
+++ b/schema/pgsql-upgrades/1.3.0.sql
@@ -0,0 +1,37 @@
+CREATE TABLE IF NOT EXISTS x509_job (
+  id serial PRIMARY KEY,
+  name varchar(255) NOT NULL,
+  author varchar(255) NOT NULL,
+  cidrs text NOT NULL,
+  ports text NOT NULL,
+  exclude_targets text DEFAULT NULL,
+  ctime bigint NOT NULL,
+  mtime bigint NOT NULL,
+
+  UNIQUE (name)
+);
+
+CREATE TABLE IF NOT EXISTS x509_schedule (
+  id serial PRIMARY KEY,
+  job_id int NOT NULL,
+  name varchar(255) NOT NULL,
+  author varchar(255) NOT NULL,
+  config text NOT NULL, -- json
+  ctime bigint NOT NULL,
+  mtime bigint NOT NULL,
+
+  CONSTRAINT fk_x509_schedule_job FOREIGN KEY (job_id) REFERENCES x509_job (id) ON DELETE CASCADE
+);
+
+DELETE FROM x509_job_run;
+ALTER TABLE x509_job_run
+  ADD COLUMN IF NOT EXISTS job_id int NOT NULL,
+  ADD COLUMN IF NOT EXISTS schedule_id int DEFAULT NULL,
+  DROP COLUMN IF EXISTS name,
+  DROP COLUMN IF EXISTS ctime,
+  DROP COLUMN IF EXISTS mtime,
+  DROP CONSTRAINT IF EXISTS fk_x509_job_run_job,
+  DROP CONSTRAINT IF EXISTS fk_x509_job_run_schedule;
+ALTER TABLE x509_job_run
+  ADD CONSTRAINT fk_x509_job_run_job FOREIGN KEY (job_id) REFERENCES x509_job (id) ON DELETE CASCADE,
+  ADD CONSTRAINT fk_x509_job_run_schedule FOREIGN KEY (schedule_id) REFERENCES x509_schedule (id) ON DELETE CASCADE;
diff --git a/schema/pgsql.schema.sql b/schema/pgsql.schema.sql
index f79c47a2..cfaa3793 100644
--- a/schema/pgsql.schema.sql
+++ b/schema/pgsql.schema.sql
@@ -96,17 +96,6 @@ CREATE TABLE x509_dn (
   PRIMARY KEY (hash,type,"order")
 );
 
-CREATE TABLE x509_job_run (
-  id serial PRIMARY KEY,
-  name varchar(255) NOT NULL,
-  total_targets int NOT NULL,
-  finished_targets int NOT NULL,
-  start_time biguint NULL DEFAULT NULL,
-  end_time biguint NULL DEFAULT NULL,
-  ctime biguint NOT NULL,
-  mtime biguint DEFAULT NULL
-);
-
 CREATE TABLE x509_target (
   id serial PRIMARY KEY,
   ip bytea NOT NULL,
@@ -119,3 +108,41 @@ CREATE TABLE x509_target (
 );
 
 CREATE INDEX x509_idx_target ON x509_target (ip,port,hostname);
+
+CREATE TABLE x509_job (
+  id serial PRIMARY KEY,
+  name varchar(255) NOT NULL,
+  author varchar(255) NOT NULL,
+  cidrs text NOT NULL,
+  ports text NOT NULL,
+  exclude_targets text DEFAULT NULL,
+  ctime bigint NOT NULL,
+  mtime bigint NOT NULL,
+
+  UNIQUE (name)
+);
+
+CREATE TABLE x509_schedule (
+  id serial PRIMARY KEY,
+  job_id int NOT NULL,
+  name varchar(255) NOT NULL,
+  author varchar(255) NOT NULL,
+  config text NOT NULL, -- json
+  ctime bigint NOT NULL,
+  mtime bigint NOT NULL,
+
+  CONSTRAINT fk_x509_schedule_job FOREIGN KEY (job_id) REFERENCES x509_job (id) ON DELETE CASCADE
+);
+
+CREATE TABLE x509_job_run (
+  id serial PRIMARY KEY,
+  job_id int NOT NULL,
+  schedule_id int DEFAULT NULL,
+  total_targets int NOT NULL,
+  finished_targets int NOT NULL,
+  start_time biguint NULL DEFAULT NULL,
+  end_time biguint NULL DEFAULT NULL,
+
+  CONSTRAINT fk_x509_job_run_job FOREIGN KEY (job_id) REFERENCES x509_job (id) ON DELETE CASCADE,
+  CONSTRAINT fk_x509_job_run_schedule FOREIGN KEY (schedule_id) REFERENCES x509_schedule (id) ON DELETE CASCADE
+);

From fe23643c5abaa99ba76a9acc949c9a7b0d3c0d8f Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Wed, 19 Jul 2023 09:52:17 +0200
Subject: [PATCH 02/18] Render `Jobs` section as sub section of module main
 menu

---
 configuration.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/configuration.php b/configuration.php
index 259e1fcc..9930753a 100644
--- a/configuration.php
+++ b/configuration.php
@@ -20,18 +20,18 @@
     'priority'  => 20
 ));
 
+$section->add(N_('Jobs'), [
+    'url'         => 'x509/jobs',
+    'priority'    => 100,
+    'description' => $this->translate('Configure the scan jobs')
+]);
+
 $this->provideConfigTab('backend', array(
     'title' => $this->translate('Configure the database backend'),
     'label' => $this->translate('Backend'),
     'url' => 'config/backend'
 ));
 
-$this->provideConfigTab('jobs', array(
-    'title' => $this->translate('Configure the scan jobs'),
-    'label' => $this->translate('Jobs'),
-    'url' => 'jobs'
-));
-
 $this->provideConfigTab('sni', array(
     'title' => $this->translate('Configure SNI'),
     'label' => $this->translate('SNI'),

From 329fdbd191ba6ec9e92b5cbdb70d1912ee3ee92e Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Wed, 19 Jul 2023 09:51:28 +0200
Subject: [PATCH 03/18] Separate `Job` & `Schedule` configs

---
 application/controllers/JobController.php  | 228 +++++++++++++++++++++
 application/controllers/JobsController.php | 123 +++--------
 application/forms/Config/JobConfigForm.php | 174 ----------------
 application/forms/Jobs/JobConfigForm.php   | 155 ++++++++++++++
 application/forms/Jobs/ScheduleForm.php    | 201 ++++++++++++++++++
 library/X509/Common/Links.php              |  37 ++++
 library/X509/Widget/JobDetails.php         |  60 ++++++
 library/X509/Widget/Jobs.php               |  62 ++++++
 library/X509/Widget/Schedules.php          |  60 ++++++
 public/css/module.less                     |  12 ++
 schema/mysql.schema.sql                    |   2 +-
 11 files changed, 847 insertions(+), 267 deletions(-)
 create mode 100644 application/controllers/JobController.php
 delete mode 100644 application/forms/Config/JobConfigForm.php
 create mode 100644 application/forms/Jobs/JobConfigForm.php
 create mode 100644 application/forms/Jobs/ScheduleForm.php
 create mode 100644 library/X509/Common/Links.php
 create mode 100644 library/X509/Widget/JobDetails.php
 create mode 100644 library/X509/Widget/Jobs.php
 create mode 100644 library/X509/Widget/Schedules.php

diff --git a/application/controllers/JobController.php b/application/controllers/JobController.php
new file mode 100644
index 00000000..ec39f330
--- /dev/null
+++ b/application/controllers/JobController.php
@@ -0,0 +1,228 @@
+<?php
+
+/* Icinga Web 2 X.509 Module | (c) 2023 Icinga GmbH | GPLv2 */
+
+namespace Icinga\Module\X509\Controllers;
+
+use Icinga\Module\X509\Common\Database;
+use Icinga\Module\X509\Common\Links;
+use Icinga\Module\X509\Forms\Jobs\JobConfigForm;
+use Icinga\Module\X509\Model\X509Job;
+use Icinga\Module\X509\Model\X509Schedule;
+use Icinga\Module\X509\Forms\Jobs\ScheduleForm;
+use Icinga\Module\X509\Widget\JobDetails;
+use Icinga\Module\X509\Widget\Schedules;
+use Icinga\Util\Json;
+use ipl\Html\Contract\FormSubmitElement;
+use ipl\Html\ValidHtml;
+use ipl\Scheduler\Contract\Frequency;
+use ipl\Stdlib\Filter;
+use ipl\Web\Compat\CompatController;
+use ipl\Web\Url;
+use ipl\Web\Widget\ActionBar;
+use ipl\Web\Widget\ActionLink;
+use ipl\Web\Widget\ButtonLink;
+use stdClass;
+
+class JobController extends CompatController
+{
+    use Database;
+
+    /** @var X509Job */
+    protected $job;
+
+    public function init()
+    {
+        parent::init();
+
+        $this->getTabs()->disableLegacyExtensions();
+
+        /** @var int $jobId */
+        $jobId = $this->params->getRequired('id');
+
+        /** @var X509Job $job */
+        $job = X509Job::on($this->getDb())
+            ->filter(Filter::equal('id', $jobId))
+            ->first();
+
+        if ($job === null) {
+            $this->httpNotFound($this->translate('Job not found'));
+        }
+
+        $this->job = $job;
+    }
+
+    public function indexAction(): void
+    {
+        $this->assertPermission('config/x509');
+
+        $this->initTabs();
+        $this->getTabs()->activate('job-activities');
+
+        $jobRuns = $this->job->job_run->with(['job', 'schedule']);
+
+        $limitControl = $this->createLimitControl();
+        $sortControl = $this->createSortControl($jobRuns, [
+            'schedule.name'    => $this->translate('Schedule Name'),
+            'schedule.author'  => $this->translate('Author'),
+            'total_targets'    => $this->translate('Total Targets'),
+            'finished_targets' => $this->translate('Finished Targets'),
+            'start_time desc'  => $this->translate('Started At'),
+            'end_time'         => $this->translate('Ended At')
+        ]);
+
+        $this->controls->getAttributes()->add('class', 'default-layout');
+        $this->addControl($sortControl);
+        $this->addControl($limitControl);
+        $this->addControl($this->createActionBar());
+
+        $this->addContent(new JobDetails($jobRuns));
+    }
+
+    public function updateAction(): void
+    {
+        $this->assertPermission('config/x509');
+
+        $this->addTitleTab($this->translate('Update Job'));
+
+        $form = (new JobConfigForm($this->job))
+            ->setAction((string) Url::fromRequest())
+            ->populate([
+                'name'            => $this->job->name,
+                'cidrs'           => $this->job->cidrs,
+                'ports'           => $this->job->ports,
+                'exclude_targets' => $this->job->exclude_targets
+            ])
+            ->on(JobConfigForm::ON_SUCCESS, function (JobConfigForm $form) {
+                /** @var FormSubmitElement $button */
+                $button = $form->getPressedSubmitElement();
+                if ($button->getName() === 'btn_remove') {
+                    $this->switchToSingleColumnLayout();
+                } else {
+                    $this->closeModalAndRefreshRelatedView(Links::job($this->job));
+                }
+            })
+            ->handleRequest($this->getServerRequest());
+
+        $this->addContent($form);
+    }
+
+    public function schedulesAction(): void
+    {
+        $this->assertPermission('config/x509');
+
+        $this->initTabs();
+        $this->getTabs()->activate('schedules');
+
+        $schedules = $this->job->schedule->with(['job']);
+
+        $sortControl = $this->createSortControl($schedules, [
+            'name'   => $this->translate('Name'),
+            'author' => $this->translate('Author'),
+            'ctime'  => $this->translate('Date Created'),
+            'mtime'  => $this->translate('Date Modified')
+        ]);
+
+        $this->controls->getAttributes()->add('class', 'default-layout');
+        $this->addControl(
+            (new ButtonLink($this->translate('New Schedule'), Links::scheduleJob($this->job), 'plus'))
+                ->openInModal()
+        );
+        $this->addControl($sortControl);
+
+        $this->addContent(new Schedules($schedules));
+    }
+
+    public function scheduleAction(): void
+    {
+        $this->assertPermission('config/x509');
+
+        $this->addTitleTab($this->translate('Schedule Job'));
+
+        $form = (new ScheduleForm())
+            ->setAction((string) Url::fromRequest())
+            ->setJobId($this->job->id)
+            ->on(JobConfigForm::ON_SUCCESS, function () {
+                $this->redirectNow(Links::schedules($this->job));
+            })
+            ->handleRequest($this->getServerRequest());
+
+        $parts = $form->getPartUpdates();
+        if (! empty($parts)) {
+            $this->sendMultipartUpdate(...$parts);
+        }
+
+        $this->addContent($form);
+    }
+
+    public function updateScheduleAction(): void
+    {
+        $this->assertPermission('config/x509');
+
+        $this->addTitleTab($this->translate('Update Schedule'));
+
+        /** @var int $id */
+        $id = $this->params->getRequired('scheduleId');
+        /** @var X509Schedule $schedule */
+        $schedule = X509Schedule::on($this->getDb())
+            ->filter(Filter::equal('id', $id))
+            ->first();
+        if ($schedule === null) {
+            $this->httpNotFound($this->translate('Schedule not found'));
+        }
+
+        /** @var stdClass $config */
+        $config = Json::decode($schedule->config);
+        /** @var Frequency $type */
+        $type = $config->type;
+        $frequency = $type::fromJson($config->frequency);
+
+        $form = (new ScheduleForm($schedule))
+            ->setAction((string) Url::fromRequest())
+            ->populate([
+                'name'             => $schedule->name,
+                'full_scan'        => $config->full_scan ?? 'n',
+                'rescan'           => $config->rescan ?? 'n',
+                'since_last_scan'  => $config->since_last_scan ?? null,
+                'schedule_element' => $frequency
+            ])
+            ->on(JobConfigForm::ON_SUCCESS, function () {
+                $this->redirectNow(Links::schedules($this->job));
+            })
+            ->handleRequest($this->getServerRequest());
+
+        $parts = $form->getPartUpdates();
+        if (! empty($parts)) {
+            $this->sendMultipartUpdate(...$parts);
+        }
+
+        $this->addContent($form);
+    }
+
+    protected function createActionBar(): ValidHtml
+    {
+        $actions = new ActionBar();
+        $actions->addHtml(
+            (new ActionLink($this->translate('Modify'), Links::updateJob($this->job), 'edit'))
+                ->openInModal(),
+            (new ActionLink($this->translate('Schedule'), Links::scheduleJob($this->job), 'calendar'))
+                ->openInModal()
+        );
+
+        return $actions;
+    }
+
+    protected function initTabs(): void
+    {
+        $tabs = $this->getTabs();
+        $tabs
+            ->add('job-activities', [
+                'label' => $this->translate('Job Activities'),
+                'url'   => Links::job($this->job)
+            ])
+            ->add('schedules', [
+                'label' => $this->translate('Schedules'),
+                'url'   => Links::schedules($this->job)
+            ]);
+    }
+}
diff --git a/application/controllers/JobsController.php b/application/controllers/JobsController.php
index 3beec87b..a51562f9 100644
--- a/application/controllers/JobsController.php
+++ b/application/controllers/JobsController.php
@@ -4,17 +4,18 @@
 
 namespace Icinga\Module\X509\Controllers;
 
-use Icinga\Module\X509\Forms\Config\JobConfigForm;
-use Icinga\Module\X509\JobsIniRepository;
-use Icinga\Web\Url;
-use ipl\Html\HtmlElement;
-use ipl\Scheduler\Contract\Frequency;
-use ipl\Scheduler\Cron;
+use Icinga\Module\X509\Common\Database;
+use Icinga\Module\X509\Forms\Jobs\JobConfigForm;
+use Icinga\Module\X509\Model\X509Job;
+use Icinga\Module\X509\Widget\Jobs;
 use ipl\Web\Compat\CompatController;
-use stdClass;
+use ipl\Web\Url;
+use ipl\Web\Widget\ButtonLink;
 
 class JobsController extends CompatController
 {
+    use Database;
+
     protected function prepareInit()
     {
         parent::prepareInit();
@@ -27,104 +28,42 @@ protected function prepareInit()
      */
     public function indexAction()
     {
-        $this->view->tabs = $this->Module()->getConfigTabs()->activate('jobs');
+        $this->addTitleTab($this->translate('Jobs'));
+
+        $jobs = X509Job::on($this->getDb());
+        if ($this->hasPermission('config/x509')) {
+            $this->addControl(
+                (new ButtonLink($this->translate('New Job'), Url::fromPath('x509/jobs/new'), 'plus'))
+                    ->openInModal()
+            );
+        }
+
+        $sortControl = $this->createSortControl($jobs, [
+            'name'   => $this->translate('Name'),
+            'author' => $this->translate('Author'),
+            'ctime'  => $this->translate('Date Created'),
+            'mtime'  => $this->translate('Date Modified')
+        ]);
 
-        $repo = new JobsIniRepository();
+        $this->controls->getAttributes()->add('class', 'default-layout');
+        $this->addControl($sortControl);
 
-        $this->view->jobs = $repo->select(array('name'));
+        $this->addContent(new Jobs($jobs));
     }
 
-    /**
-     * Create a job
-     */
     public function newAction()
     {
-        $form = $this->prepareForm(true);
+        $this->assertPermission('config/x509');
 
         $this->addTitleTab($this->translate('New Job'));
-        $this->addContent($form);
-    }
 
-    /**
-     * Update a job
-     */
-    public function updateAction()
-    {
-        $name = $this->params->getRequired('name');
-        $form = $this->prepareForm();
-
-        $this->addTitleTab($this->translate('Update Job'));
-
-        $this->addContent($form);
-    }
-
-    /**
-     * Remove a job
-     */
-    public function removeAction()
-    {
-        $name = $this->params->getRequired('name');
-        $form = $this->prepareForm();
-
-        $this->addTitleTab($this->translate('Remove Job'));
-
-        $form->prependHtml(HtmlElement::create('h1', null, sprintf($this->translate('Remove job %s'), $name)));
-        $this->addContent($form);
-    }
-
-    /**
-     * Assert config permission and return a prepared RepositoryForm
-     *
-     * @return  JobConfigForm
-     */
-    protected function prepareForm(bool $isNew = false)
-    {
-        $this->assertPermission('config/x509');
-
-        $repo = new JobsIniRepository();
         $form = (new JobConfigForm())
-            ->setRedirectUrl(Url::fromPath('x509/jobs'))
-            ->setRepo($repo);
-
-        $values = [];
-        if (! $isNew) {
-            $name = $this->params->getRequired('name');
-            $query = $repo->select()->where('name', $name);
-            /** @var false|stdClass $data */
-            $data = $query->fetchRow();
-            if ($data === false) {
-                $this->httpNotFound($this->translate('Job not found'));
-            }
-
-            if (! isset($data->frequencyType) && ! empty($data->schedule)) {
-                $frequency = new Cron($data->schedule);
-            } elseif (! empty($data->schedule)) {
-                /** @var Frequency $type */
-                $type = $data->frequencyType;
-                $frequency = $type::fromJson($data->schedule);
-            }
-
-            $values = [
-                'name'             => $data->name,
-                'cidrs'            => $data->cidrs,
-                'ports'            => $data->ports,
-                'exclude_targets'  => $data->exclude_targets,
-                'schedule-element' => $frequency ?? []
-            ];
-        }
-
-        $form
-            ->populate($values)
+            ->setAction((string) Url::fromRequest())
             ->on(JobConfigForm::ON_SUCCESS, function () {
-                $this->redirectNow(Url::fromPath('x509/jobs'));
+                $this->closeModalAndRefreshRelatedView(Url::fromPath('x509/jobs'));
             })
             ->handleRequest($this->getServerRequest());
 
-        $parts = $form->getPartUpdates();
-        if (! empty($parts)) {
-            $this->sendMultipartUpdate(...$parts);
-        }
-
-        return $form;
+        $this->addContent($form);
     }
 }
diff --git a/application/forms/Config/JobConfigForm.php b/application/forms/Config/JobConfigForm.php
deleted file mode 100644
index a7ecbbaa..00000000
--- a/application/forms/Config/JobConfigForm.php
+++ /dev/null
@@ -1,174 +0,0 @@
-<?php
-
-// Icinga Web 2 X.509 Module | (c) 2018 Icinga GmbH | GPLv2
-
-namespace Icinga\Module\X509\Forms\Config;
-
-use Icinga\Application\Icinga;
-use Icinga\Data\Filter\Filter;
-use Icinga\Exception\StatementException;
-use Icinga\Module\X509\JobsIniRepository;
-use Icinga\Web\Notification;
-use ipl\Html\HtmlElement;
-use ipl\Scheduler\Contract\Frequency;
-use ipl\Stdlib\Str;
-use ipl\Validator\CallbackValidator;
-use ipl\Validator\CidrValidator;
-use ipl\Web\Compat\CompatForm;
-use ipl\Web\FormElement\ScheduleElement;
-use ipl\Web\Url;
-
-use function ipl\Stdlib\get_php_type;
-
-/**
- * Create, update and delete jobs
- */
-class JobConfigForm extends CompatForm
-{
-    /** @var string The name of this job  */
-    protected $identifier;
-
-    /** @var JobsIniRepository */
-    protected $repo;
-
-    /** @var ScheduleElement */
-    protected $scheduleElement;
-
-    public function __construct()
-    {
-        $this->identifier = Url::fromRequest()->getParam('name');
-        $this->scheduleElement = new ScheduleElement('schedule-element');
-        $this->scheduleElement->setIdProtector([Icinga::app()->getRequest(), 'protectId']);
-    }
-
-    public function setRepo(JobsIniRepository $repo): self
-    {
-        $this->repo = $repo;
-
-        return $this;
-    }
-
-    protected function createFilter()
-    {
-        return Filter::where('name', $this->identifier);
-    }
-
-    protected function isUpdating(): bool
-    {
-        return Url::fromRequest()->getPath() === 'x509/jobs/update';
-    }
-
-    protected function isRemoving(): bool
-    {
-        return Url::fromRequest()->getPath() === 'x509/jobs/remove';
-    }
-
-    /**
-     * Get multipart updates
-     *
-     * @return array
-     */
-    public function getPartUpdates(): array
-    {
-        if ($this->scheduleElement->getFrequency() === 'none') {
-            // Workaround for https://github.com/Icinga/ipl-web/issues/130
-            return [];
-        }
-
-        return $this->scheduleElement->prepareMultipartUpdate($this->getRequest());
-    }
-
-    protected function assemble()
-    {
-        if (! $this->isRemoving()) {
-            $this->addElement('text', 'name', [
-                'required'    => true,
-                'description' => t('Job name'),
-                'label'       => t('Name'),
-            ]);
-            $this->addElement('textarea', 'cidrs', [
-                'description' => t('Comma-separated list of CIDR addresses to scan'),
-                'label'       => t('CIDRs'),
-                'required'    => true,
-                'validators'  => [
-                    new CallbackValidator(function ($value, CallbackValidator $validator): bool {
-                        $cidrValidator = new CidrValidator();
-                        $cidrs = Str::trimSplit($value);
-
-                        foreach ($cidrs as $cidr) {
-                            if (! $cidrValidator->isValid($cidr)) {
-                                $validator->addMessage(...$cidrValidator->getMessages());
-
-                                return false;
-                            }
-                        }
-
-                        return true;
-                    })
-                ]
-            ]);
-            $this->addElement('textarea', 'ports', [
-                'required'    => true,
-                'description' => t('Comma-separated list of ports to scan'),
-                'label'       => t('Ports'),
-            ]);
-
-            $this->addElement('textarea', 'exclude_targets', [
-                'description' => $this->translate('Comma-separated list of addresses/hostnames to exclude'),
-                'label'       => $this->translate('Exclude Targets'),
-                'required'    => false
-            ]);
-
-            $this->addHtml(HtmlElement::create('div', ['class' => 'schedule-element-separator']));
-            $this->addElement($this->scheduleElement);
-        }
-
-        $this->addElement('submit', 'submit', [
-            'label' => $this->isRemoving() ? t('Yes') : ($this->isUpdating() ? t('Update') : t('Create'))
-        ]);
-    }
-
-    protected function onSuccess()
-    {
-        if ($this->isRemoving()) {
-            try {
-                $this->repo->delete($this->repo->getBaseTable(), $this->createFilter());
-
-                Notification::success(t('Job removed'));
-            } catch (StatementException $err) {
-                Notification::error(t('Failed to remove job'));
-            }
-        } else {
-            /** @var Frequency $frequency */
-            $frequency = $this->scheduleElement->getValue();
-            $data = [
-                'name'            => $this->getValue('name'),
-                'cidrs'           => $this->getValue('cidrs'),
-                'ports'           => $this->getValue('ports'),
-                'schedule'        => json_encode($frequency),
-                'frequencyType'   => get_php_type($frequency),
-            ];
-
-            $excludes = $this->getValue('exclude_targets');
-            if (! empty($excludes)) {
-                $data['exclude_targets'] = $excludes;
-            }
-
-            try {
-                if ($this->isUpdating()) {
-                    $message = t('Job updated');
-                    $this->repo->update($this->repo->getBaseTable(), $data, $this->createFilter());
-                } else {
-                    $message = t('Job created');
-                    $this->repo->insert($this->repo->getBaseTable(), $data);
-                }
-
-                Notification::success($message);
-            } catch (StatementException $err) {
-                $message = $this->isUpdating() ? t('Failed to update job') : t('Failed to create job');
-
-                Notification::error($message . ': ' . $err->getMessage());
-            }
-        }
-    }
-}
diff --git a/application/forms/Jobs/JobConfigForm.php b/application/forms/Jobs/JobConfigForm.php
new file mode 100644
index 00000000..81355bb4
--- /dev/null
+++ b/application/forms/Jobs/JobConfigForm.php
@@ -0,0 +1,155 @@
+<?php
+
+// Icinga Web 2 X.509 Module | (c) 2018 Icinga GmbH | GPLv2
+
+namespace Icinga\Module\X509\Forms\Jobs;
+
+use DateTime;
+use Exception;
+use Icinga\Authentication\Auth;
+use Icinga\Module\X509\Common\Database;
+use Icinga\Module\X509\Model\X509Job;
+use Icinga\User;
+use Icinga\Web\Notification;
+use ipl\Html\Contract\FormSubmitElement;
+use ipl\Html\HtmlDocument;
+use ipl\Stdlib\Str;
+use ipl\Validator\CallbackValidator;
+use ipl\Validator\CidrValidator;
+use ipl\Web\Compat\CompatForm;
+
+/**
+ * Create, update and delete jobs
+ */
+class JobConfigForm extends CompatForm
+{
+    use Database;
+
+    /** @var ?X509Job */
+    protected $job;
+
+    public function __construct(X509Job $job = null)
+    {
+        $this->job = $job;
+    }
+
+    protected function isUpdating(): bool
+    {
+        return $this->job !== null;
+    }
+
+    public function hasBeenSubmitted(): bool
+    {
+        if (! $this->hasBeenSent()) {
+            return false;
+        }
+
+        $button = $this->getPressedSubmitElement();
+        return $button && ($button->getName() === 'btn_submit' || $button->getName() === 'btn_remove');
+    }
+
+    protected function assemble(): void
+    {
+        $this->addElement('text', 'name', [
+            'required'    => true,
+            'label'       => $this->translate('Name'),
+            'description' => $this->translate('Job name'),
+        ]);
+
+        $this->addElement('textarea', 'cidrs', [
+            'required'    => true,
+            'label'       => $this->translate('CIDRs'),
+            'description' => $this->translate('Comma-separated list of CIDR addresses to scan'),
+            'validators'  => [
+                new CallbackValidator(function ($value, CallbackValidator $validator): bool {
+                    $cidrValidator = new CidrValidator();
+                    $cidrs = Str::trimSplit($value);
+
+                    foreach ($cidrs as $cidr) {
+                        if (! $cidrValidator->isValid($cidr)) {
+                            $validator->addMessage(...$cidrValidator->getMessages());
+
+                            return false;
+                        }
+                    }
+
+                    return true;
+                })
+            ]
+        ]);
+
+        $this->addElement('textarea', 'ports', [
+            'required'    => true,
+            'label'       => $this->translate('Ports'),
+            'description' => $this->translate('Comma-separated list of ports to scan'),
+        ]);
+
+        $this->addElement('textarea', 'exclude_targets', [
+            'required'    => false,
+            'label'       => $this->translate('Exclude Targets'),
+            'description' => $this->translate('Comma-separated list of addresses/hostnames to exclude'),
+        ]);
+
+        $this->addElement('submit', 'btn_submit', [
+            'label' => $this->isUpdating() ? $this->translate('Update') : $this->translate('Create')
+        ]);
+
+        if ($this->isUpdating()) {
+            $removeButton = $this->createElement('submit', 'btn_remove', [
+                'class' => 'btn-remove',
+                'label' => $this->translate('Remove Job'),
+            ]);
+            $this->registerElement($removeButton);
+
+            /** @var HtmlDocument $wrapper */
+            $wrapper = $this->getElement('btn_submit')->getWrapper();
+            $wrapper->prepend($removeButton);
+        }
+    }
+
+    protected function onSuccess(): void
+    {
+        $conn = $this->getDb();
+        /** @var FormSubmitElement $submitElement */
+        $submitElement = $this->getPressedSubmitElement();
+        if ($submitElement->getName() === 'btn_remove') {
+            try {
+                /** @var X509Job $job */
+                $job = $this->job;
+                $conn->delete('x509_job', ['id = ?' => $job->id]);
+
+                Notification::success($this->translate('Removed job successfully'));
+            } catch (Exception $err) {
+                Notification::error($this->translate('Failed to remove job') . ': ' . $err->getMessage());
+            }
+        } else {
+            $values = $this->getValues();
+
+            try {
+                /** @var User $user */
+                $user = Auth::getInstance()->getUser();
+                if ($this->job === null) {
+                    $values['author'] = $user->getUsername();
+                    $values['ctime'] = (new DateTime())->getTimestamp() * 1000.0;
+                    $values['mtime'] = (new DateTime())->getTimestamp() * 1000.0;
+
+                    $conn->insert('x509_job', $values);
+                    $message = $this->translate('Created job successfully');
+                } else {
+                    $values['mtime'] = (new DateTime())->getTimestamp() * 1000.0;
+
+                    $conn->update('x509_job', $values, ['id = ?' => $this->job->id]);
+                    $message = $this->translate('Updated job successfully');
+                }
+
+                Notification::success($message);
+            } catch (Exception $err) {
+                $message = $this->isUpdating()
+                    ? $this->translate('Failed to update job')
+                    : $this->translate('Failed to create job');
+
+                Notification::error($message . ': ' . $err->getMessage());
+            }
+        }
+    }
+}
diff --git a/application/forms/Jobs/ScheduleForm.php b/application/forms/Jobs/ScheduleForm.php
new file mode 100644
index 00000000..ea74dcd1
--- /dev/null
+++ b/application/forms/Jobs/ScheduleForm.php
@@ -0,0 +1,201 @@
+<?php
+
+/* Icinga Web 2 X.509 Module | (c) 2023 Icinga GmbH | GPLv2 */
+
+namespace Icinga\Module\X509\Forms\Jobs;
+
+use DateTime;
+use Exception;
+use Icinga\Application\Icinga;
+use Icinga\Application\Web;
+use Icinga\Authentication\Auth;
+use Icinga\Module\X509\Common\Database;
+use Icinga\Module\X509\Model\X509Schedule;
+use Icinga\User;
+use Icinga\Util\Json;
+use Icinga\Web\Notification;
+use ipl\Html\BaseHtmlElement;
+use ipl\Html\Contract\FormSubmitElement;
+use ipl\Html\HtmlDocument;
+use ipl\Html\HtmlElement;
+use ipl\Validator\CallbackValidator;
+use ipl\Web\Compat\CompatForm;
+use ipl\Web\FormElement\ScheduleElement;
+use Psr\Http\Message\RequestInterface;
+
+use function ipl\Stdlib\get_php_type;
+
+class ScheduleForm extends CompatForm
+{
+    use Database;
+
+    /** @var int */
+    protected $jobId;
+
+    /** @var ?X509Schedule */
+    protected $schedule;
+
+    /** @var ScheduleElement */
+    protected $scheduleElement;
+
+    public function __construct(X509Schedule $schedule = null)
+    {
+        $this->schedule = $schedule;
+        $this->scheduleElement = new ScheduleElement('schedule_element');
+
+        /** @var Web $app */
+        $app = Icinga::app();
+        $this->scheduleElement->setIdProtector([$app->getRequest(), 'protectId']);
+    }
+
+    protected function isUpdating(): bool
+    {
+        return $this->schedule !== null;
+    }
+
+    public function setJobId(int $jobId): self
+    {
+        $this->jobId = $jobId;
+
+        return $this;
+    }
+
+    /**
+     * Get multipart updates
+     *
+     * @return array<int, BaseHtmlElement>
+     */
+    public function getPartUpdates(): array
+    {
+        /** @var RequestInterface $request */
+        $request = $this->getRequest();
+        return $this->scheduleElement->prepareMultipartUpdate($request);
+    }
+
+    public function hasBeenSubmitted(): bool
+    {
+        if (! $this->hasBeenSent()) {
+            return false;
+        }
+
+        $button = $this->getPressedSubmitElement();
+        return $button && ($button->getName() === 'submit' || $button->getName() === 'btn_remove');
+    }
+
+    protected function assemble(): void
+    {
+        $this->addElement('text', 'name', [
+            'required'    => true,
+            'label'       => $this->translate('Name'),
+            'description' => $this->translate('Schedule name'),
+        ]);
+
+        $this->addElement('checkbox', 'full_scan', [
+            'required'    => false,
+            'class'       => 'autosubmit',
+            'label'       => $this->translate('Full Scan'),
+            'description' => $this->translate(
+                'Scan all known and unknown targets of this job. (Defaults to only scan unknown targets)'
+            )
+        ]);
+
+        if ($this->getPopulatedValue('full_scan', 'n') === 'n') {
+            $this->addElement('checkbox', 'rescan', [
+                'required'    => false,
+                'class'       => 'autosubmit',
+                'label'       => $this->translate('Rescan'),
+                'description' => $this->translate('Rescan only targets that have been scanned before')
+            ]);
+
+            $this->addElement('text', 'since_last_scan', [
+                'required'    => false,
+                'label'       => $this->translate('Since Last Scan'),
+                'placeholder' => '-24 hours',
+                'description' => $this->translate(
+                    'Scan targets whose last scan is older than the specified date/time, which can also be an'
+                    . ' English textual datetime description like "2 days". If you want to scan only unknown targets'
+                    . ' you can set this to "null".'
+                ),
+                'validators'  => [
+                    new CallbackValidator(function ($value, CallbackValidator $validator) {
+                        if ($value !== null && $value !== 'null') {
+                            try {
+                                new DateTime($value);
+                            } catch (Exception $_) {
+                                $validator->addMessage($this->translate('Invalid textual date time'));
+
+                                return false;
+                            }
+                        }
+
+                        return true;
+                    })
+                ]
+            ]);
+        }
+
+        $this->addHtml(HtmlElement::create('div', ['class' => 'schedule-element-separator']));
+        $this->addElement($this->scheduleElement);
+
+        $this->addElement('submit', 'submit', [
+            'label' => $this->isUpdating() ? $this->translate('Update') : $this->translate('Schedule')
+        ]);
+
+        if ($this->isUpdating()) {
+            $removeButton = $this->createElement('submit', 'btn_remove', [
+                'class' => 'btn-remove',
+                'label' => $this->translate('Remove Schedule'),
+            ]);
+            $this->registerElement($removeButton);
+
+            /** @var HtmlDocument $wrapper */
+            $wrapper = $this->getElement('submit')->getWrapper();
+            $wrapper->prepend($removeButton);
+        }
+    }
+
+    protected function onSuccess(): void
+    {
+        /** @var X509Schedule $schedule */
+        $schedule = $this->schedule;
+        $conn = $this->getDb();
+        /** @var FormSubmitElement $submitElement */
+        $submitElement = $this->getPressedSubmitElement();
+        if ($submitElement->getName() === 'btn_remove') {
+            $conn->delete('x509_schedule', ['id = ?' => $schedule->id]);
+
+            Notification::success($this->translate('Deleted schedule successfully'));
+        } else {
+            $config = $this->getValues();
+            unset($config['name']);
+            unset($config['schedule_element']);
+
+            $frequency = $this->scheduleElement->getValue();
+            $config['type'] = get_php_type($frequency);
+            $config['frequency'] = Json::encode($frequency);
+
+            /** @var User $user */
+            $user = Auth::getInstance()->getUser();
+            if (! $this->isUpdating()) {
+                $conn->insert('x509_schedule', [
+                    'job_id' => $this->schedule ? $this->schedule->job_id : $this->jobId,
+                    'name'   => $this->getValue('name'),
+                    'author' => $user->getUsername(),
+                    'config' => Json::encode($config),
+                    'ctime'  => (new DateTime())->getTimestamp() * 1000.0,
+                    'mtime'  => (new DateTime())->getTimestamp() * 1000.0
+                ]);
+                $message = $this->translate('Created schedule successfully');
+            } else {
+                $conn->update('x509_schedule', [
+                    'name'   => $this->getValue('name'),
+                    'config' => Json::encode($config),
+                    'mtime'  => (new DateTime())->getTimestamp() * 1000.0
+                ], ['id = ?' => $schedule->id]);
+                $message = $this->translate('Updated schedule successfully');
+            }
+
+            Notification::success($message);
+        }
+    }
+}
diff --git a/library/X509/Common/Links.php b/library/X509/Common/Links.php
new file mode 100644
index 00000000..c1570dcb
--- /dev/null
+++ b/library/X509/Common/Links.php
@@ -0,0 +1,37 @@
+<?php
+
+/* Icinga Web 2 X.509 Module | (c) 2023 Icinga GmbH | GPLv2 */
+
+namespace Icinga\Module\X509\Common;
+
+use Icinga\Module\X509\Model\X509Job;
+use Icinga\Module\X509\Model\X509Schedule;
+use ipl\Web\Url;
+
+class Links
+{
+    public static function job(X509Job $job): Url
+    {
+        return Url::fromPath('x509/job', ['id' => $job->id]);
+    }
+
+    public static function updateJob(X509Job $job): Url
+    {
+        return Url::fromPath('x509/job/update', ['id' => $job->id]);
+    }
+
+    public static function schedules(X509Job $job): Url
+    {
+        return Url::fromPath('x509/job/schedules', ['id' => $job->id]);
+    }
+
+    public static function scheduleJob(X509Job $job): Url
+    {
+        return Url::fromPath('x509/job/schedule', ['id' => $job->id]);
+    }
+
+    public static function updateSchedule(X509Schedule $schedule): Url
+    {
+        return Url::fromPath('x509/job/update-schedule', ['id' => $schedule->job->id, 'scheduleId' => $schedule->id]);
+    }
+}
diff --git a/library/X509/Widget/JobDetails.php b/library/X509/Widget/JobDetails.php
new file mode 100644
index 00000000..c3f8522d
--- /dev/null
+++ b/library/X509/Widget/JobDetails.php
@@ -0,0 +1,60 @@
+<?php
+
+/* Icinga Web 2 X.509 Module | (c) 2023 Icinga GmbH | GPLv2 */
+
+namespace Icinga\Module\X509\Widget;
+
+use Icinga\Module\X509\Model\X509JobRun;
+use ipl\Html\Table;
+use ipl\I18n\Translation;
+use ipl\Orm\Query;
+use ipl\Web\Widget\EmptyState;
+
+class JobDetails extends Table
+{
+    use Translation;
+
+    protected $defaultAttributes = ['class' => 'common-table'];
+
+    /** @var Query */
+    protected $runs;
+
+    public function __construct(Query $runs)
+    {
+        $this->runs = $runs;
+    }
+
+    protected function assemble(): void
+    {
+        /** @var X509JobRun $run */
+        foreach ($this->runs as $run) {
+            $row = static::tr();
+            $row->addHtml(
+                static::td($run->job->name),
+                static::td($run->schedule->name ?: $this->translate('N/A')),
+                static::td((string) $run->total_targets),
+                static::td((string) $run->finished_targets),
+                static::td($run->start_time->format('Y-m-d H:i')),
+                static::td($run->end_time ? $run->end_time->format('Y-m-d H:i') : 'N/A')
+            );
+
+            $this->addHtml($row);
+        }
+
+        if ($this->isEmpty()) {
+            $this->addHtml(new EmptyState($this->translate('Job never run.')));
+        } else {
+            $row = static::tr();
+            $row->addHtml(
+                static::th($this->translate('Name')),
+                static::th($this->translate('Schedule Name')),
+                static::th($this->translate('Total')),
+                static::th($this->translate('Scanned')),
+                static::th($this->translate('Started')),
+                static::th($this->translate('Finished'))
+            );
+
+            $this->getHeader()->addHtml($row);
+        }
+    }
+}
diff --git a/library/X509/Widget/Jobs.php b/library/X509/Widget/Jobs.php
new file mode 100644
index 00000000..171d0519
--- /dev/null
+++ b/library/X509/Widget/Jobs.php
@@ -0,0 +1,62 @@
+<?php
+
+/* Icinga Web 2 X.509 Module | (c) 2023 Icinga GmbH | GPLv2 */
+
+namespace Icinga\Module\X509\Widget;
+
+use Icinga\Module\X509\Common\Links;
+use Icinga\Module\X509\Model\X509Job;
+use ipl\Html\Table;
+use ipl\I18n\Translation;
+use ipl\Orm\Query;
+use ipl\Web\Widget\EmptyState;
+use ipl\Web\Widget\Link;
+
+class Jobs extends Table
+{
+    use Translation;
+
+    /** @var Query */
+    protected $jobs;
+
+    protected $defaultAttributes = [
+        'class'            => 'common-table table-row-selectable',
+        'data-base-target' => '_next'
+    ];
+
+    public function __construct(Query $jobs)
+    {
+        $this->jobs = $jobs;
+    }
+
+    protected function assemble(): void
+    {
+        $jobs = $this->jobs->execute();
+        if (! $jobs->hasResult()) {
+            $this->addHtml(new EmptyState($this->translate('No jobs configured yet.')));
+            return;
+        }
+
+        $headers = static::tr();
+        $headers->addHtml(
+            static::th($this->translate('Name')),
+            static::th($this->translate('Author')),
+            static::th($this->translate('Date Created')),
+            static::th($this->translate('Date Modified'))
+        );
+        $this->getHeader()->addHtml($headers);
+
+        /** @var X509Job $job */
+        foreach ($jobs as $job) {
+            $row = static::tr();
+            $row->addHtml(
+                static::td(new Link($job->name, Links::job($job))),
+                static::td($job->author),
+                static::td($job->ctime->format('Y-m-d H:i')),
+                static::td($job->mtime->format('Y-m-d H:i'))
+            );
+
+            $this->addHtml($row);
+        }
+    }
+}
diff --git a/library/X509/Widget/Schedules.php b/library/X509/Widget/Schedules.php
new file mode 100644
index 00000000..6c3576a8
--- /dev/null
+++ b/library/X509/Widget/Schedules.php
@@ -0,0 +1,60 @@
+<?php
+
+/* Icinga Web 2 X.509 Module | (c) 2023 Icinga GmbH | GPLv2 */
+
+namespace Icinga\Module\X509\Widget;
+
+use Icinga\Module\X509\Common\Links;
+use Icinga\Module\X509\Model\X509Schedule;
+use ipl\Html\Table;
+use ipl\I18n\Translation;
+use ipl\Orm\Query;
+use ipl\Web\Widget\EmptyState;
+use ipl\Web\Widget\Link;
+
+class Schedules extends Table
+{
+    use Translation;
+
+    protected $defaultAttributes = [
+        'class'            => 'common-table table-row-selectable',
+        'data-base-target' => '_next'
+    ];
+
+    /** @var Query */
+    protected $schedules;
+
+    public function __construct(Query $schedules)
+    {
+        $this->schedules = $schedules;
+    }
+
+    protected function assemble(): void
+    {
+        /** @var X509Schedule $schedule */
+        foreach ($this->schedules as $schedule) {
+            $row = ModalOpener::addTo(static::tr());
+            $row->addHtml(
+                static::td((new Link(Links::updateSchedule($schedule), $schedule->name))->openInModal()),
+                static::td($schedule->author),
+                static::td($schedule->ctime->format('Y-m-d H:i')),
+                static::td($schedule->mtime->format('Y-m-d H:i'))
+            );
+
+            $this->addHtml($row);
+        }
+
+        if ($this->isEmpty()) {
+            $this->addHtml(new EmptyState($this->translate('No job schedules.')));
+        } else {
+            $row = static::tr();
+            $row->addHtml(
+                static::th($this->translate('Name')),
+                static::th($this->translate('Author')),
+                static::th($this->translate('Date Created')),
+                static::th($this->translate('Date Modified'))
+            );
+            $this->getHeader()->addHtml($row);
+        }
+    }
+}
diff --git a/public/css/module.less b/public/css/module.less
index 3665d339..d4ce29bb 100644
--- a/public/css/module.less
+++ b/public/css/module.less
@@ -6,6 +6,18 @@
 @cert-segment-color-3: #1982C4;
 @cert-segment-color-4: #6A4C93;
 
+.empty-state {
+  .rounded-corners();
+  background-color: @gray-lighter;
+  margin: 0 1em;
+  padding: 1em;
+  text-align: center;
+}
+
+.action-bar {
+  line-height: 2.5em;
+}
+
 .cert-details {
   .iicon-certificate {
     font-size: 5em;
diff --git a/schema/mysql.schema.sql b/schema/mysql.schema.sql
index cf32c220..8892b357 100644
--- a/schema/mysql.schema.sql
+++ b/schema/mysql.schema.sql
@@ -96,7 +96,7 @@ CREATE TABLE x509_job (
 
 CREATE TABLE x509_schedule (
   id int(10) unsigned NOT NULL AUTO_INCREMENT,
-  job_id int(10) NOT NULL,
+  job_id int(10) unsigned NOT NULL,
   name varchar(255) NOT NULL COLLATE utf8mb4_unicode_ci,
   author varchar(255) NOT NULL COLLATE utf8mb4_unicode_ci,
   config text NOT NULL, -- json

From 382dda4f10df9273ed40466f4d4eb98907e8ef85 Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Wed, 19 Jul 2023 09:54:34 +0200
Subject: [PATCH 04/18] Load `Jobs` & `Schedules` from database for scanning

---
 application/clicommands/JobsCommand.php | 181 ++++++++++++++-------
 application/clicommands/ScanCommand.php |  54 +++----
 library/X509/Common/JobOptions.php      | 145 +++++++++++++++++
 library/X509/Common/JobUtils.php        | 108 +++++++------
 library/X509/Job.php                    | 206 ++++++++++--------------
 library/X509/Schedule.php               | 125 ++++++++++++++
 6 files changed, 562 insertions(+), 257 deletions(-)
 create mode 100644 library/X509/Common/JobOptions.php
 create mode 100644 library/X509/Schedule.php

diff --git a/application/clicommands/JobsCommand.php b/application/clicommands/JobsCommand.php
index 378498c4..6ab5a577 100644
--- a/application/clicommands/JobsCommand.php
+++ b/application/clicommands/JobsCommand.php
@@ -6,18 +6,23 @@
 
 use DateTime;
 use Exception;
-use Icinga\Application\Config;
 use Icinga\Application\Logger;
 use Icinga\Module\X509\CertificateUtils;
 use Icinga\Module\X509\Command;
 use Icinga\Module\X509\Hook\SniHook;
 use Icinga\Module\X509\Job;
+use Icinga\Module\X509\Model\X509Job;
+use Icinga\Module\X509\Model\X509Schedule;
+use Icinga\Module\X509\Schedule;
+use InvalidArgumentException;
+use ipl\Orm\Query;
 use ipl\Scheduler\Contract\Frequency;
-use ipl\Scheduler\Contract\Task;
-use ipl\Scheduler\Cron;
 use ipl\Scheduler\Scheduler;
+use ipl\Stdlib\Filter;
+use Ramsey\Uuid\Uuid;
 use React\EventLoop\Loop;
 use React\Promise\ExtendedPromiseInterface;
+use stdClass;
 use Throwable;
 
 class JobsCommand extends Command
@@ -27,15 +32,34 @@ class JobsCommand extends Command
      *
      * USAGE:
      *
-     *   icingacli x509 jobs run
+     *     icingacli x509 jobs run [OPTIONS]
+     *
+     * OPTIONS
+     *
+     * --job=<name>
+     *     Run all configured schedules only of the specified job.
+     *
+     * --schedule=<name>
+     *     Run only the given schedule of the specified job. Providing a schedule name
+     *     without a job will fail immediately.
+     *
+     * --parallel=<number>
+     *     Allow parallel scanning of targets up to the specified number. Defaults to 256.
+     *     May cause **too many open files** error if set to a number higher than the configured one (ulimit).
      */
-    public function runAction()
+    public function runAction(): void
     {
-        $parallel = (int) $this->Config()->get('scan', 'parallel', 256);
+        $parallel = (int) $this->params->get('parallel', Job::DEFAULT_PARALLEL);
         if ($parallel <= 0) {
             $this->fail("The 'parallel' option must be set to at least 1");
         }
 
+        $jobName = (string) $this->params->get('job');
+        $scheduleName = (string) $this->params->get('schedule');
+        if (! $jobName && $scheduleName) {
+            throw new InvalidArgumentException('You cannot provide a schedule without a job');
+        }
+
         $scheduler = new Scheduler();
         $this->attachJobsLogging($scheduler);
 
@@ -53,13 +77,14 @@ public function runAction()
         $scheduled = [];
         // Periodically check configuration changes to ensure that new jobs are scheduled, jobs are updated,
         // and deleted jobs are canceled.
-        $watchdog = function () use (&$watchdog, $scheduler, &$scheduled, $parallel) {
-            $jobs = $this->fetchJobs();
+        $watchdog = function () use (&$watchdog, &$scheduled, $scheduler, $parallel, $jobName, $scheduleName) {
+            $jobs = $this->fetchSchedules($jobName, $scheduleName);
             $outdatedJobs = array_diff_key($scheduled, $jobs);
             foreach ($outdatedJobs as $job) {
                 Logger::info(
-                    'Removing scheduled job %s, as it either no longer exists in the configuration or its config has'
-                    . ' been changed',
+                    'Removing schedule %s of job %s, as it either no longer exists in the configuration or its'
+                    . ' config has been changed',
+                    $job->getSchedule()->getName(),
                     $job->getName()
                 );
 
@@ -70,30 +95,21 @@ public function runAction()
             foreach ($newJobs as $job) {
                 $job->setParallel($parallel);
 
-                $config = $job->getConfig();
-                if (! isset($config->frequencyType)) {
-                    if (! Cron::isValid($config->schedule)) {
-                        Logger::error('Job %s has invalid schedule expression %s', $job->getName(), $config->schedule);
-
-                        continue;
-                    }
-
-                    $frequency = new Cron($config->schedule);
-                } else {
-                    try {
-                        /** @var Frequency $type */
-                        $type = $config->frequencyType;
-                        $frequency = $type::fromJson($config->schedule);
-                    } catch (Exception $err) {
-                        Logger::error(
-                            'Job %s has invalid schedule expression %s: %s',
-                            $job->getName(),
-                            $config->schedule,
-                            $err->getMessage()
-                        );
-
-                        continue;
-                    }
+                /** @var stdClass $config */
+                $config = $job->getSchedule()->getConfig();
+                try {
+                    /** @var Frequency $type */
+                    $type = $config->type;
+                    $frequency = $type::fromJson($config->frequency);
+                } catch (Throwable $err) {
+                    Logger::error(
+                        'Cannot create schedule %s of job %s: %s',
+                        $job->getSchedule()->getName(),
+                        $job->getName(),
+                        $err->getMessage()
+                    );
+
+                    continue;
                 }
 
                 $scheduler->schedule($job, $frequency);
@@ -108,28 +124,51 @@ public function runAction()
     }
 
     /**
-     * Fetch jobs from disk
+     * Fetch job schedules from database
+     *
+     * @param ?string $jobName
+     * @param ?string $scheduleName
      *
      * @return Job[]
      */
-    protected function fetchJobs(): array
+    protected function fetchSchedules(?string $jobName, ?string $scheduleName): array
     {
-        $configs = Config::module($this->getModuleName(), 'jobs', true);
-        $defaultSchedule = $configs->get('jobs', 'default_schedule');
+        $jobs = X509Job::on($this->getDb());
+        if ($jobName) {
+            $jobs->filter(Filter::equal('name', $jobName));
+        }
+
+        $jobSchedules = [];
+        $snimap = SniHook::getAll();
+        /** @var X509Job $jobConfig */
+        foreach ($jobs as $jobConfig) {
+            $job = (new Job($jobConfig->name, $jobConfig->cidrs, $jobConfig->ports, $snimap))
+                ->setId($jobConfig->id)
+                ->setExcludes($jobConfig->exclude_targets);
+
+            /** @var Query $schedules */
+            $schedules = $jobConfig->schedule;
+            if ($scheduleName) {
+                $schedules->filter(Filter::equal('name', $scheduleName));
+            }
 
-        $jobs = [];
-        foreach ($configs as $name => $config) {
-            if (! $config->get('schedule', $defaultSchedule)) {
-                Logger::debug('Job %s cannot be scheduled', $name);
+            $jobSchedules = [];
+            /** @var X509Schedule $scheduleModel */
+            foreach ($schedules as $scheduleModel) {
+                $schedule = Schedule::fromModel($scheduleModel);
+                $job = (clone $job)
+                    ->setSchedule($schedule)
+                    ->setUuid(Uuid::fromBytes($job->getChecksum()));
 
-                continue;
+                $jobSchedules[$job->getUuid()->toString()] = $job;
             }
 
-            $job = new Job($name, $config, SniHook::getAll());
-            $jobs[$job->getUuid()->toString()] = $job;
+            if (! isset($jobSchedules[$job->getUuid()->toString()])) {
+                Logger::info('Skipping job %s because no schedules are configured', $job->getName());
+            }
         }
 
-        return $jobs;
+        return $jobSchedules;
     }
 
     /**
@@ -139,15 +178,24 @@ protected function fetchJobs(): array
      */
     protected function attachJobsLogging(Scheduler $scheduler): void
     {
-        $scheduler->on(Scheduler::ON_TASK_CANCEL, function (Task $job, array $_) {
-            Logger::info('Job %s canceled', $job->getName());
+        $scheduler->on(Scheduler::ON_TASK_CANCEL, function (Job $task, array $_) {
+            Logger::info('Schedule %s of job %s canceled', $task->getSchedule()->getName(), $task->getName());
         });
 
-        $scheduler->on(Scheduler::ON_TASK_DONE, function (Task $job, $targets = 0) {
+        $scheduler->on(Scheduler::ON_TASK_DONE, function (Job $task, $targets = 0) {
             if ($targets === 0) {
-                Logger::warning('The job %s does not have any targets', $job->getName());
+                Logger::warning(
+                    'Schedule %s of job %s does not have any targets',
+                    $task->getSchedule()->getName(),
+                    $task->getName()
+                );
             } else {
-                Logger::info('Scanned %d target(s) from job %s', $targets, $job->getName());
+                Logger::info(
+                    'Scanned %d target(s) by schedule %s of job %s',
+                    $targets,
+                    $task->getSchedule()->getName(),
+                    $task->getName()
+                );
 
                 try {
                     $verified = CertificateUtils::verifyCertificates($this->getDb());
@@ -160,21 +208,36 @@ protected function attachJobsLogging(Scheduler $scheduler): void
             }
         });
 
-        $scheduler->on(Scheduler::ON_TASK_FAILED, function (Task $job, Throwable $e) {
-            Logger::error('Failed to run job %s: %s', $job->getName(), $e->getMessage());
+        $scheduler->on(Scheduler::ON_TASK_FAILED, function (Job $task, Throwable $e) {
+            Logger::error(
+                'Failed to run schedule %s of job %s: %s',
+                $task->getSchedule()->getName(),
+                $task->getName(),
+                $e->getMessage()
+            );
             Logger::debug($e->getTraceAsString());
         });
 
-        $scheduler->on(Scheduler::ON_TASK_RUN, function (Task $job, ExtendedPromiseInterface $_) {
-            Logger::info('Running job %s', $job->getName());
+        $scheduler->on(Scheduler::ON_TASK_RUN, function (Job $task, ExtendedPromiseInterface $_) {
+            Logger::info('Running schedule %s of job %s', $task->getSchedule()->getName(), $task->getName());
         });
 
-        $scheduler->on(Scheduler::ON_TASK_SCHEDULED, function (Task $job, DateTime $dateTime) {
-            Logger::info('Scheduling job %s to run at %s', $job->getName(), $dateTime->format('Y-m-d H:i:s'));
+        $scheduler->on(Scheduler::ON_TASK_SCHEDULED, function (Job $task, DateTime $dateTime) {
+            Logger::info(
+                'Scheduling %s of job %s to run at %s',
+                $task->getSchedule()->getName(),
+                $task->getName(),
+                $dateTime->format('Y-m-d H:i:s')
+            );
         });
 
-        $scheduler->on(Scheduler::ON_TASK_EXPIRED, function (Task $task, DateTime $dateTime) {
-            Logger::info(sprintf('Detaching expired job %s at %s', $task->getName(), $dateTime->format('Y-m-d H:i:s')));
+        $scheduler->on(Scheduler::ON_TASK_EXPIRED, function (Job $task, DateTime $dateTime) {
+            Logger::info(
+                'Detaching expired schedule %s of job %s at %s',
+                $task->getSchedule()->getName(),
+                $task->getName(),
+                $dateTime->format('Y-m-d H:i:s')
+            );
         });
     }
 }
diff --git a/application/clicommands/ScanCommand.php b/application/clicommands/ScanCommand.php
index c633ecec..eb3123ea 100644
--- a/application/clicommands/ScanCommand.php
+++ b/application/clicommands/ScanCommand.php
@@ -4,14 +4,14 @@
 
 namespace Icinga\Module\X509\Clicommands;
 
-use DateTime;
 use Exception;
 use Icinga\Application\Logger;
 use Icinga\Module\X509\CertificateUtils;
 use Icinga\Module\X509\Command;
 use Icinga\Module\X509\Hook\SniHook;
 use Icinga\Module\X509\Job;
-use InvalidArgumentException;
+use Icinga\Module\X509\Model\X509Job;
+use ipl\Stdlib\Filter;
 use React\EventLoop\Loop;
 use Throwable;
 
@@ -45,6 +45,10 @@ class ScanCommand extends Command
      *     which can also be an English textual datetime description like "2 days".
      *     Defaults to "-24 hours".
      *
+     * --parallel=<number>
+     *     Allow parallel scanning of targets up to the specified number. Defaults to 256.
+     *     May cause **too many open files** error if set to a number higher than the configured one (ulimit).
+     *
      * --rescan
      *     Rescan only targets that have been scanned before.
      *
@@ -74,51 +78,43 @@ class ScanCommand extends Command
      *
      *     icingacli x509 scan --job <name> --full
      */
-    public function indexAction()
+    public function indexAction(): void
     {
+        /** @var string $name */
         $name = $this->params->shiftRequired('job');
         $fullScan = (bool) $this->params->get('full', false);
         $rescan = (bool) $this->params->get('rescan', false);
 
-        $parallel = (int) $this->Config()->get('scan', 'parallel', 256);
+        /** @var string $sinceLastScan */
+        $sinceLastScan = $this->params->get('since-last-scan', Job::DEFAULT_SINCE_LAST_SCAN);
+        if ($sinceLastScan === 'null') {
+            $sinceLastScan = null;
+        }
+
+        /** @var int $parallel */
+        $parallel = $this->params->get('parallel', Job::DEFAULT_PARALLEL);
         if ($parallel <= 0) {
             throw new Exception('The \'parallel\' option must be set to at least 1');
         }
 
-        $jobs = $this->Config('jobs');
-        if (! $jobs->hasSection($name)) {
+        /** @var X509Job $jobConfig */
+        $jobConfig = X509Job::on($this->getDb())
+            ->filter(Filter::equal('name', $name))
+            ->first();
+        if ($jobConfig === null) {
             throw new Exception(sprintf('Job %s not found', $name));
         }
 
-        $jobDescription = $this->Config('jobs')->getSection($name);
-        if (! strlen($jobDescription->get('cidrs'))) {
+        if (! strlen($jobConfig->cidrs)) {
             throw new Exception(sprintf('The job %s does not specify any CIDRs', $name));
         }
 
-        $sinceLastScan = $this->params->get('since-last-scan', '-24 hours');
-        if ($sinceLastScan === 'null') {
-            $sinceLastScan = null;
-        } else {
-            if ($sinceLastScan[0] !== '-') {
-                // When the user specified "2 days" as a threshold strtotime() will compute the
-                // timestamp NOW() + 2 days, but it has to be NOW() + (-2 days)
-                $sinceLastScan = "-$sinceLastScan";
-            }
-
-            try {
-                $sinceLastScan = new DateTime($sinceLastScan);
-            } catch (Exception $_) {
-                throw new InvalidArgumentException(sprintf(
-                    'The specified last scan time is in an unknown format: %s',
-                    $this->params->get('since-last-scan')
-                ));
-            }
-        }
-
-        $job = (new Job($name, $jobDescription, SniHook::getAll()))
+        $job = (new Job($name, $jobConfig->cidrs, $jobConfig->ports, SniHook::getAll()))
+            ->setId($jobConfig->id)
             ->setFullScan($fullScan)
             ->setRescan($rescan)
             ->setParallel($parallel)
+            ->setExcludes($jobConfig->exclude_targets)
             ->setLastScan($sinceLastScan);
 
         $promise = $job->run();
diff --git a/library/X509/Common/JobOptions.php b/library/X509/Common/JobOptions.php
new file mode 100644
index 00000000..b0fcb99b
--- /dev/null
+++ b/library/X509/Common/JobOptions.php
@@ -0,0 +1,145 @@
+<?php
+
+/* Icinga Web 2 X.509 Module | (c) 2023 Icinga GmbH | GPLv2 */
+
+namespace Icinga\Module\X509\Common;
+
+use DateTime;
+use Exception;
+use Icinga\Module\X509\Job;
+use Icinga\Module\X509\Schedule;
+use InvalidArgumentException;
+use LogicException;
+use stdClass;
+
+trait JobOptions
+{
+    /** @var bool Whether this job should only perform a rescan */
+    protected $rescan;
+
+    /** @var bool Whether this job should perform a full scan */
+    protected $fullScan;
+
+    /** @var DateTime Since last scan threshold used to filter out scan targets */
+    protected $sinceLastScan;
+
+    /** @var int Used to control how many targets can be scanned in parallel */
+    protected $parallel = Job::DEFAULT_PARALLEL;
+
+    /** @var Schedule The job schedule config */
+    protected $schedule;
+
+    /**
+     * Get whether this job is performing only a rescan
+     *
+     * @return bool
+     */
+    public function isRescan(): bool
+    {
+        return $this->rescan;
+    }
+
+    /**
+     * Set whether this job should do only a rescan or full scan
+     *
+     * @param bool $rescan
+     *
+     * @return $this
+     */
+    public function setRescan(bool $rescan): self
+    {
+        $this->rescan = $rescan;
+
+        return $this;
+    }
+
+    public function getParallel(): int
+    {
+        return $this->parallel;
+    }
+
+    public function setParallel(int $parallel): self
+    {
+        $this->parallel = $parallel;
+
+        return $this;
+    }
+
+    /**
+     * Set whether this job should scan all known and unknown targets
+     *
+     * @param bool $fullScan
+     *
+     * @return $this
+     */
+    public function setFullScan(bool $fullScan): self
+    {
+        $this->fullScan = $fullScan;
+
+        return $this;
+    }
+
+    /**
+     * Set since last scan threshold for the targets to rescan
+     *
+     * @param ?string $time
+     *
+     * @return $this
+     */
+    public function setLastScan(?string $time): self
+    {
+        if ($time && $time !== 'null') {
+            $sinceLastScan = $time;
+            if ($sinceLastScan[0] !== '-') {
+                // When the user specified "2 days" as a threshold strtotime() will compute the
+                // timestamp NOW() + 2 days, but it has to be NOW() + (-2 days)
+                $sinceLastScan = "-$sinceLastScan";
+            }
+
+            try {
+                $this->sinceLastScan = new DateTime($sinceLastScan);
+            } catch (Exception $_) {
+                throw new InvalidArgumentException(sprintf(
+                    'The specified last scan time is in an unknown format: %s',
+                    $time
+                ));
+            }
+        }
+
+        return $this;
+    }
+
+    /**
+     * Get the schedule config of this job
+     *
+     * @return Schedule
+     */
+    public function getSchedule(): Schedule
+    {
+        if (! $this->schedule) {
+            throw new LogicException('You are accessing an unset property. Please make sure to set it beforehand.');
+        }
+
+        return $this->schedule;
+    }
+
+    /**
+     * Set the schedule config of this job
+     *
+     * @param Schedule $schedule
+     *
+     * @return $this
+     */
+    public function setSchedule(Schedule $schedule): self
+    {
+        $this->schedule = $schedule;
+
+        /** @var stdClass $config */
+        $config = $schedule->getConfig();
+        $this->setRescan($config->rescan);
+        $this->setFullScan($config->full_scan);
+        $this->setLastScan($config->since_last_scan ?? Job::DEFAULT_SINCE_LAST_SCAN);
+
+        return $this;
+    }
+}
diff --git a/library/X509/Common/JobUtils.php b/library/X509/Common/JobUtils.php
index d868a4ee..4a81c5bd 100644
--- a/library/X509/Common/JobUtils.php
+++ b/library/X509/Common/JobUtils.php
@@ -6,91 +6,109 @@
 
 use GMP;
 use Icinga\Application\Logger;
-use Icinga\Data\ConfigObject;
-use ipl\Scheduler\Common\TaskProperties;
 use ipl\Stdlib\Str;
 
 trait JobUtils
 {
-    use TaskProperties;
-
-    /** @var ConfigObject A config for this job loaded from the jobs.ini file */
-    private $config;
+    /** @var array<string> A list of excluded IP addresses and host names */
+    private $excludedTargets = [];
 
+    /** @var array<string, array<int, int|string>> */
     private $cidrs = [];
 
+    /** @var array<int, array<string>> */
     private $ports = [];
 
     /**
-     * Get this job's config
+     * Get the configured job CIDRS
      *
-     * @return ConfigObject
+     * @return array<string, array<int, int|string>>
      */
-    public function getConfig(): ConfigObject
+    public function getCIDRs(): array
     {
-        return $this->config;
+        return $this->cidrs;
     }
 
     /**
-     * Set the config of this job
+     * Set the CIDRs of this job
      *
-     * @param ConfigObject $jobConfig
+     * @param string $cidrs
      *
      * @return $this
      */
-    public function setConfig(ConfigObject $jobConfig): self
+    public function setCIDRs(string $cidrs): self
     {
-        $this->config = $jobConfig;
+        foreach (Str::trimSplit($cidrs) as $cidr) {
+            $pieces = Str::trimSplit($cidr, '/');
+            if (count($pieces) !== 2) {
+                Logger::warning('CIDR %s is in the wrong format', $cidr);
+                continue;
+            }
+
+            $this->cidrs[$cidr] = $pieces;
+        }
 
         return $this;
     }
 
     /**
-     * Get the configured job CIDRS as an array
+     * Get the configured ports of this job
+     *
+     * @return array<int, array<string>>
+     */
+    public function getPorts(): array
+    {
+        return $this->ports;
+    }
+
+    /**
+     * Set the ports of this job to be scanned
      *
-     * @return array
+     * @param string $ports
+     *
+     * @return $this
      */
-    public function getCidrs(): array
+    public function setPorts(string $ports): self
     {
-        if (empty($this->cidrs) && ! $this->config->isEmpty()) {
-            $cidrs = Str::trimSplit($this->config->get('cidrs'));
-            foreach ($cidrs as $cidr) {
-                $pieces = Str::trimSplit($cidr, '/');
-                if (count($pieces) !== 2) {
-                    Logger::warning('CIDR %s is in the wrong format', $cidr);
-                    continue;
-                }
-
-                $this->cidrs[$cidr] = $pieces;
+        foreach (Str::trimSplit($ports) as $portRange) {
+            $pieces = Str::trimSplit($portRange, '-');
+            if (count($pieces) === 2) {
+                list($start, $end) = $pieces;
+            } else {
+                $start = $pieces[0];
+                $end = $pieces[0];
             }
+
+            $this->ports[] = [$start, $end];
         }
 
-        return $this->cidrs;
+        return $this;
     }
 
     /**
-     * Get the configured ports of this job
+     * Get excluded IPs and host names
      *
-     * @return array
+     * @return array<string>
      */
-    public function getPorts(): array
+    public function getExcludes(): array
     {
-        if (empty($this->ports) && ! $this->config->isEmpty()) {
-            $ports = Str::trimSplit($this->config->get('ports'));
-            foreach ($ports as $portRange) {
-                $pieces = Str::trimSplit($portRange, '-');
-                if (count($pieces) === 2) {
-                    list($start, $end) = $pieces;
-                } else {
-                    $start = $pieces[0];
-                    $end = $pieces[0];
-                }
-
-                $this->ports[] = [$start, $end];
-            }
+        return $this->excludedTargets;
+    }
+
+    /**
+     * Set a set of IPs and host names to be excluded from scan
+     *
+     * @param ?string $targets
+     *
+     * @return $this
+     */
+    public function setExcludes(?string $targets): self
+    {
+        if (! empty($targets)) {
+            $this->excludedTargets = array_flip(Str::trimSplit($targets));
         }
 
-        return $this->ports;
+        return $this;
     }
 
     /**
diff --git a/library/X509/Job.php b/library/X509/Job.php
index da396e2a..20a89241 100644
--- a/library/X509/Job.php
+++ b/library/X509/Job.php
@@ -8,19 +8,20 @@
 use Exception;
 use Generator;
 use Icinga\Application\Logger;
-use Icinga\Data\ConfigObject;
 use Icinga\Module\X509\Common\Database;
+use Icinga\Module\X509\Common\JobOptions;
 use Icinga\Module\X509\Common\JobUtils;
 use Icinga\Module\X509\Model\X509Certificate;
 use Icinga\Module\X509\Model\X509CertificateChain;
+use Icinga\Module\X509\Model\X509JobRun;
 use Icinga\Module\X509\Model\X509Target;
 use Icinga\Module\X509\React\StreamOptsCaptureConnector;
 use Icinga\Util\Json;
+use ipl\Scheduler\Common\TaskProperties;
 use ipl\Scheduler\Contract\Task;
 use ipl\Sql\Connection;
 use ipl\Sql\Expression;
 use ipl\Stdlib\Filter;
-use ipl\Stdlib\Str;
 use LogicException;
 use Ramsey\Uuid\Uuid;
 use React\EventLoop\Loop;
@@ -35,7 +36,17 @@
 class Job implements Task
 {
     use Database;
+    use JobOptions;
     use JobUtils;
+    use TaskProperties;
+
+    /** @var int Number of targets to be scanned in parallel by default */
+    public const DEFAULT_PARALLEL = 256;
+
+    public const DEFAULT_SINCE_LAST_SCAN = '-24 hours';
+
+    /** @var int The database id of this job */
+    protected $id;
 
     /** @var Connection x509 database connection */
     private $db;
@@ -43,67 +54,71 @@ class Job implements Task
     /** @var DbTool Database utils for marshalling and unmarshalling binary data */
     private $dbTool;
 
+    /** @var int Number of pending targets to be scanned */
     private $pendingTargets = 0;
+
+    /** @var int Total number of scan targets */
     private $totalTargets = 0;
+
+    /** @var int Number of scanned targets */
     private $finishedTargets = 0;
 
-    /** @var Generator */
+    /** @var Generator Scan targets generator */
     private $targets;
+
+    /** @var array<string, array<string>> The configured SNI maps */
     private $snimap;
 
-    protected $jobId;
+    /** @var int The id of the last inserted job run entry */
+    private $jobRunId;
 
     /** @var Promise\Deferred React promise deferred instance used to resolve the running promise */
     protected $deferred;
 
-    /** @var int Used to control how many targets can be scanned in parallel */
-    protected $parallel;
-
-    /** @var DateTime A formatted date time of this job start time */
+    /** @var DateTime The start time of this job */
     protected $jobRunStart;
 
-    /** @var ?array A list of excluded IP addresses and host names */
-    protected $excludedTargets = null;
-
-    /** @var ?DateTime Since last scan threshold used to filter out scan targets */
-    protected $sinceLastScan;
-
-    /** @var bool Whether job run should only perform a rescan */
-    protected $rescan = false;
-
-    /** @var bool Whether the job run should perform a full scan */
-    protected $fullScan = false;
-
-    public function __construct(string $name, ConfigObject $config, array $snimap)
+    public function __construct(string $name, string $cidrs, string $ports, array $snimap, Schedule $schedule = null)
     {
         $this->db = $this->getDb();
         $this->dbTool = new DbTool($this->db);
         $this->snimap = $snimap;
 
-        $this->setConfig($config);
+        if ($schedule) {
+            $this->setSchedule($schedule);
+        }
+
         $this->setName($name);
+        $this->setCIDRs($cidrs);
+        $this->setPorts($ports);
         $this->setUuid(Uuid::fromBytes($this->getChecksum()));
     }
 
     /**
-     * Get excluded IPs and host names
+     * Get the database id of this job
      *
-     * @return array
+     * @return int
      */
-    protected function getExcludes(): array
+    public function getId(): int
     {
-        if ($this->excludedTargets === null) {
-            $config = $this->getConfig();
-            $this->excludedTargets = [];
-            if (isset($config['exclude_targets']) && ! empty($config['exclude_targets'])) {
-                $this->excludedTargets = array_flip(Str::trimSplit($config['exclude_targets']));
-            }
-        }
+        return $this->id;
+    }
 
-        return $this->excludedTargets;
+    /**
+     * Set the database id of this job
+     *
+     * @param int $id
+     *
+     * @return $this
+     */
+    public function setId(int $id): self
+    {
+        $this->id = $id;
+
+        return $this;
     }
 
-    private function getConnector($peerName)
+    private function getConnector($peerName): array
     {
         $simpleConnector = new Connector();
         $streamCaptureConnector = new StreamOptsCaptureConnector($simpleConnector);
@@ -118,7 +133,7 @@ private function getConnector($peerName)
     }
 
     /**
-     * Get whether this task has been completed
+     * Get whether this job has been completed scanning all targets
      *
      * @return bool
      */
@@ -127,71 +142,7 @@ public function isFinished(): bool
         return ! $this->targets->valid() && $this->pendingTargets === 0;
     }
 
-    public function getParallel(): int
-    {
-        return $this->parallel;
-    }
-
-    public function setParallel(int $parallel): self
-    {
-        $this->parallel = $parallel;
-
-        return $this;
-    }
-
-    /**
-     * Get whether this job run should do only a rescan
-     *
-     * @return bool
-     */
-    public function isRescan(): bool
-    {
-        return $this->rescan;
-    }
-
-    /**
-     * Set whether this job run should do only a rescan or full scan
-     *
-     * @param bool $rescan
-     *
-     * @return $this
-     */
-    public function setRescan(bool $rescan): self
-    {
-        $this->rescan = $rescan;
-
-        return $this;
-    }
-
-    /**
-     * Set whether this job run should scan all known and unknown targets
-     *
-     * @param bool $fullScan
-     *
-     * @return $this
-     */
-    public function setFullScan(bool $fullScan): self
-    {
-        $this->fullScan = $fullScan;
-
-        return $this;
-    }
-
-    /**
-     * Set since last scan threshold for the targets to rescan
-     *
-     * @param ?DateTime $dateTime
-     *
-     * @return $this
-     */
-    public function setLastScan(?DateTime $dateTime): self
-    {
-        $this->sinceLastScan = $dateTime;
-
-        return $this;
-    }
-
-    protected function updateLastScan($target)
+    public function updateLastScan($target)
     {
         if (! $this->isRescan()) {
             return;
@@ -202,12 +153,21 @@ protected function updateLastScan($target)
         ], ['id = ?' => $target->id]);
     }
 
-    protected function getChecksum()
+    public function getChecksum(): string
     {
-        $config = $this->getConfig()->toArray();
-        ksort($config);
+        $data = [
+            'name'            => $this->getName(),
+            'cidrs'           => $this->getCIDRs(),
+            'ports'           => $this->getPorts(),
+            'exclude_targets' => $this->getExcludes(),
+        ];
+
+        $schedule = null;
+        if ($this->schedule) {
+            $schedule = $this->getSchedule();
+        }
 
-        return md5($this->getName() . Json::encode($config), true);
+        return md5(Json::encode($data) . ($schedule ? bin2hex($schedule->getChecksum()) : ''), true);
     }
 
     protected function getScanTargets(): Generator
@@ -225,9 +185,9 @@ protected function getScanTargets(): Generator
             foreach ($targets as $target) {
                 $addr = static::addrToNumber($target->ip);
                 $addrFound = false;
-                foreach ($this->getCidrs() as $cidr) {
+                foreach ($this->getCIDRs() as $cidr) {
                     list($subnet, $mask) = $cidr;
-                    if (static::isAddrInside($addr, $subnet, $mask)) {
+                    if (static::isAddrInside($addr, (string) $subnet, (int) $mask)) {
                         $target->ip = static::numberToAddr($addr, static::isIPV6($subnet));
                         $addrFound = true;
 
@@ -245,15 +205,15 @@ protected function getScanTargets(): Generator
     private function generateTargets(): Generator
     {
         $excludes = $this->getExcludes();
-        foreach ($this->getCidrs() as $cidr) {
+        foreach ($this->getCIDRs() as $cidr) {
             list($startIp, $prefix) = $cidr;
             $ipv6 = static::isIPV6($startIp);
             $subnet = $ipv6 ? 128 : 32;
-            $numIps = pow(2, ($subnet - $prefix));
+            $numIps = pow(2, ($subnet - (int) $prefix));
 
             Logger::info('Scanning %d IPs in the CIDR %s', $numIps, implode('/', $cidr));
 
-            $start = static::addrToNumber($startIp);
+            $start = static::addrToNumber((string) $startIp);
             for ($i = 0; $i < $numIps; $i++) {
                 $ip = static::numberToAddr(gmp_add($start, $i), $ipv6);
                 if (isset($excludes[$ip])) {
@@ -265,7 +225,7 @@ private function generateTargets(): Generator
                     list($startPort, $endPort) = $portRange;
                     foreach (range($startPort, $endPort) as $port) {
                         foreach ($this->snimap[$ip] ?? [null] as $hostname) {
-                            if (array_key_exists($hostname, $excludes)) {
+                            if (array_key_exists((string) $hostname, $excludes)) {
                                 Logger::debug('Excluding host %s from scan', $hostname);
                                 continue;
                             }
@@ -302,24 +262,16 @@ private function generateTargets(): Generator
 
     public function updateJobStats(bool $finished = false): void
     {
-        $fields = [
-            'finished_targets' => $this->finishedTargets,
-            'mtime'            => new Expression('UNIX_TIMESTAMP() * 1000')
-        ];
-
+        $fields = ['finished_targets' => $this->finishedTargets];
         if ($finished) {
             $fields['end_time'] = new Expression('UNIX_TIMESTAMP() * 1000');
             $fields['total_targets'] = $this->totalTargets;
         }
 
-        $this->db->update(
-            'x509_job_run',
-            $fields,
-            ['id = ?' => $this->jobId]
-        );
+        $this->db->update('x509_job_run', $fields, ['id = ?' => $this->jobRunId]);
     }
 
-    private static function formatTarget($target)
+    private static function formatTarget($target): string
     {
         $result = "tls://[{$target->ip}]:{$target->port}";
 
@@ -440,14 +392,20 @@ public function run(): Promise\ExtendedPromiseInterface
             $this->finishedTargets = 0;
             $this->pendingTargets = 0;
 
+            if ($this->schedule) {
+                $scheduleId = $this->getSchedule()->getId();
+            } else {
+                $scheduleId = new Expression('NULL');
+            }
+
             $this->db->insert('x509_job_run', [
-                'name'             => $this->getName(),
+                'job_id'           => $this->getId(),
+                'schedule_id'      => $scheduleId,
                 'start_time'       => $this->jobRunStart->getTimestamp() * 1000.0,
                 'total_targets'    => 0,
                 'finished_targets' => 0
             ]);
-
-            $this->jobId = $this->db->lastInsertId();
+            $this->jobRunId = (int) $this->db->lastInsertId();
 
             $this->targets = $this->getScanTargets();
 
diff --git a/library/X509/Schedule.php b/library/X509/Schedule.php
new file mode 100644
index 00000000..3f809328
--- /dev/null
+++ b/library/X509/Schedule.php
@@ -0,0 +1,125 @@
+<?php
+
+/* Icinga Web 2 X.509 Module | (c) 2023 Icinga GmbH | GPLv2 */
+
+namespace Icinga\Module\X509;
+
+use Icinga\Module\X509\Model\X509Schedule;
+use Icinga\Util\Json;
+use stdClass;
+
+class Schedule
+{
+    /** @var int The database id of this schedule */
+    protected $id;
+
+    /** @var string The name of this job schedule */
+    protected $name;
+
+    /** @var object The config of this schedule */
+    protected $config;
+
+    public function __construct(string $name, int $id, object $config)
+    {
+        $this->id = $id;
+        $this->name = $name;
+        $this->config = $config;
+    }
+
+    public static function fromModel(X509Schedule $schedule): self
+    {
+        /** @var stdClass $config */
+        $config = Json::decode($schedule->config);
+        if (isset($config->rescan)) {
+            $config->rescan = $config->rescan === 'y';
+        }
+
+        if (isset($config->full_scan)) {
+            $config->full_scan = $config->full_scan === 'y';
+        }
+
+        return new static($schedule->name, $schedule->id, $config);
+    }
+
+    /**
+     * Get the name of this schedule
+     *
+     * @return string
+     */
+    public function getName(): string
+    {
+        return $this->name;
+    }
+
+    /**
+     * Set the name of this schedule
+     *
+     * @param string $name
+     *
+     * @return $this
+     */
+    public function setName(string $name): self
+    {
+        $this->name = $name;
+
+        return $this;
+    }
+
+    /**
+     * Get the database id of this job
+     *
+     * @return int
+     */
+    public function getId(): int
+    {
+        return $this->id;
+    }
+
+    /**
+     * Set the database id of this job
+     *
+     * @param int $id
+     *
+     * @return $this
+     */
+    public function setId(int $id): self
+    {
+        $this->id = $id;
+
+        return $this;
+    }
+
+    /**
+     * Get the config of this schedule
+     *
+     * @return object
+     */
+    public function getConfig(): object
+    {
+        return $this->config;
+    }
+
+    /**
+     * Set the config of this schedule
+     *
+     * @param object $config
+     *
+     * @return $this
+     */
+    public function setConfig(object $config): self
+    {
+        $this->config = $config;
+
+        return $this;
+    }
+
+    /**
+     * Get the checksum of this schedule
+     *
+     * @return string
+     */
+    public function getChecksum(): string
+    {
+        return md5($this->getName() . Json::encode($this->getConfig()), true);
+    }
+}

From 6ea1e560e7e7a89783c7e3a1ae2ff593420f2f94 Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Wed, 19 Jul 2023 09:56:24 +0200
Subject: [PATCH 05/18] Document cli commands & enhance existing configuration
 docs

---
 doc/03-Configuration.md      |  89 +++++++++++++++--------------------
 doc/04-Scanning.md           |  85 +++++++++++++++++++++++++++++++++
 doc/res/weekly-schedules.png | Bin 0 -> 140091 bytes
 3 files changed, 124 insertions(+), 50 deletions(-)
 create mode 100644 doc/04-Scanning.md
 create mode 100644 doc/res/weekly-schedules.png

diff --git a/doc/03-Configuration.md b/doc/03-Configuration.md
index a70bf0bf..62a1649f 100644
--- a/doc/03-Configuration.md
+++ b/doc/03-Configuration.md
@@ -2,7 +2,7 @@
 
 ## Importing CA certificates
 
-The module tries to verify certificates using its own trust store. By default this trust store is empty and it
+The module tries to verify certificates using its own trust store. By default, this trust store is empty, and it
 is up to the Icinga Web 2 admin to import CA certificates into it.
 
 Using the `icingacli x509 import` command CA certificates can be imported. The certificate chain file that is specified
@@ -13,19 +13,14 @@ store:
 icingacli x509 import --file /etc/ssl/certs/ca-certificates.crt
 ```
 
-## Scan Jobs
-
-The module needs to know which IP address ranges and ports to scan. These can be configured in
-`Configuration -> Modules -> x509 -> Jobs`.
+## Configure Jobs
 
 Scan jobs have a name which uniquely identifies them, e.g. `lan`. These names are used by the CLI command to start
 scanning for specific jobs.
 
 Each scan job can have one or more IP address ranges and one or more port ranges. The module scans each port in
-a job's port ranges for all the individual IP addresses in the IP ranges.
-
-IP address ranges have to be specified using the CIDR format. Multiple IP address ranges can be separated with commas,
-e.g.:
+a job's port ranges for all the individual IP addresses in the IP ranges. IP address ranges have to be specified using
+the CIDR format. Multiple IP address ranges can be separated with commas, e.g.:
 
 `192.0.2.0/24,10.0.10.0/24`
 
@@ -34,17 +29,37 @@ port:
 
 `443,5665-5669`
 
-Scan jobs can be executed using the `icingacli x509 scan` CLI command. The `--job` option is used to specify the scan
-job which should be run:
+Additionally, each job may also exclude specific **hosts** and **IP** addresses from scan. These hosts won't be scanned
+when you run the [scan](04-Scanning.md#scan-command) or [jobs](04-Scanning.md#scheduling-jobs) command. Excluding an
+entire network and specifying IP addresses in CIDR format will not work. You must specify a comma-separated concrete
+**IP** and **host CN**, e.g:
 
-```
-icingacli x509 scan --job lan
-```
+`192.0.2.2,192.0.2.5,icinga.com`
+
+### Job Schedules
+
+Schedules are `cron` and [rrule](https://www.rfc-editor.org/rfc/rfc5545) based configs used to run periodically
+at the given interval. Every job is allowed to have multiple schedules that can be run independently of each other.
+Don't worry, you don't need to know anything about rrule to create **rrule** based schedules. All you need to do is
+clicking some buttons over the UI. On the other hand, you should know what cron is and how to configure it to create
+**cron**-based schedules. `Cron` based examples can be found [here](#cron-schedules).
+
+Each job schedule provides different options that you can use to control the scheduling behavior of the
+[jobs command](04-Scanning.md#scheduling-jobs).
 
-## Scheduling Jobs
+#### Examples
 
-Each job may specify a `cron` compatible `schedule` to run periodically at the given interval. The `cron` format is as
-follows:
+##### RRule Schedules
+
+A schedule that runs weekly on **Friday** and scans all targets that have not yet been scanned, or
+whose last scan is older than `1 week`.
+
+![Weekly Schedules](res/weekly-schedules.png "Weekly Schedules")
+
+
+##### Cron Schedules
+
+The `cron` format is as follows:
 
 ```
 *    *    *    *    *
@@ -60,39 +75,13 @@ follows:
 
 Example definitions:
 
-Description                                                 | Definition
-------------------------------------------------------------| ----------
-Run once a year at midnight of 1 January                    | 0 0 1 1 *
-Run once a month at midnight of the first day of the month  | 0 0 1 * *
-Run once a week at midnight on Sunday morning               | 0 0 * * 0
-Run once a day at midnight                                  | 0 0 * * *
-Run once an hour at the beginning of the hour               | 0 * * * *
-
-Jobs are executed on CLI with the `jobs` command:
-
-```
-icingacli x509 jobs run
-```
-
-This command runs all jobs which are currently due and schedules the next execution of all jobs.
-
-You may configure this command as `systemd` service. Just copy the example service definition from
-`config/systemd/icinga-x509.service` to `/etc/systemd/system/icinga-x509.service` and enable it afterwards:
-
-```
-systemctl enable icinga-x509.service
-```
-
-As an alternative if you want scan jobs to be run periodically, you can use the `cron(8)` daemon to run them on a
-schedule:
-
-```
-vi /etc/crontab
-[...]
-
-# Runs job 'lan' daily at 2:30 AM
-30 2 * * *   www-data   icingacli x509 scan --job lan
-```
+| Description                                                | Definition |
+|------------------------------------------------------------|------------|
+| Run once a year at midnight of 1 January                   | 0 0 1 1 *  |
+| Run once a month at midnight of the first day of the month | 0 0 1 * *  |
+| Run once a week at midnight on Sunday morning              | 0 0 * * 0  |
+| Run once a day at midnight                                 | 0 0 * * *  |
+| Run once an hour at the beginning of the hour              | 0 * * * *  |
 
 ## Server Name Indication
 
diff --git a/doc/04-Scanning.md b/doc/04-Scanning.md
new file mode 100644
index 00000000..3dc89206
--- /dev/null
+++ b/doc/04-Scanning.md
@@ -0,0 +1,85 @@
+# <a id="Scanning"></a>Scanning
+
+The Icinga Certificate Monitoring provides CLI commands to scan arbitrary **hosts** and **IPs** in various ways.
+These commands are listed below and can be used individually. It is necessary for all commands to know which IP address
+ranges and ports to scan. These can be configured as described [here](03-Configuration.md#configure-jobs).
+
+## Scan Command
+
+The scan command, as its name implies, scans targets to find their X.509 certificates and track changes to them.
+A **target** is an **IP-port** combination that is generated from the job configuration, taking into account configured
+[**SNI**](03-Configuration.md#server-name-indication) maps, so that targets with multiple certificates are also properly
+scanned.
+
+By default, successive calls to the scan command perform partial scans, checking both targets not yet scanned and
+targets whose scan is older than 24 hours, to ensure that all targets are rescanned over time and new certificates
+are collected. This behavior can be customized through the command [options](#usage-1).
+
+> **Note**
+>
+> When rescanning due targets, they will be rescanned regardless of whether the target previously provided a certificate
+> or not, to collect new certificates, track changed certificates, and remove decommissioned certificates.
+
+### Usage
+
+This scan command can be used like any other Icinga Web 2 cli operations like this: `icingacli x509 scan [OPTIONS]`
+
+**Options:**
+
+```
+--job=<name>                Scan targets that belong to the specified job. (Required)
+--since-last-scan=<time>    Scan targets whose last scan is older than the spcified date/time, which can also be an
+                            English textual datetime description like "2 days". Defaults to "-24 hours".
+--rescan                    Rescn only targets that have been scanned before.
+--full                      (Re)scan all known and unknown targets. This will override the "rescan" and "since-last-scan" options.
+--parallel=<number>         Allow parallel scanning of targets up to the specified number. Defaults to 256.
+                            May cause **too many open files** error if set to a number higher than the configured one (ulimit).
+```
+
+#### Example
+
+Scan all targets that have not yet been scanned, or whose last scan is older than a certain date/time:
+```
+# icingacli x509 scan --job <name> --since-last-scan '3 days'
+```
+
+Scan only **unknown** targets:
+```
+# icingacli x509 scan --job <name> --since-last-scan=null
+```
+
+Scan only known targets:
+```
+# icingacli x509 scan --job <name> --rescan
+```
+
+Scan only known targets whose last scan is older than certain a given date/time:
+```
+# icingacli x509 scan --job <name> --rescan --since-last-scan '5 days'
+```
+
+Scan all known and unknown targets:
+```
+# icingacli x509 scan --job <name> --full
+```
+
+## Scheduling Jobs
+
+The jobs command is similar to the [scan command](#scan-command), but it additionally allows you to schedule your jobs
+in a more convenient way. This is used by the default `systemd` service of this module as well. By default, this command
+will run all your configured jobs based on their frequency. This behaviour can be customized through the command options
+too. Since you can have multiple schedules for a single job, all job schedules can also be scheduled individually.
+
+### Usage
+
+This scan command can be used like any other Icinga Web 2 cli operations like this: `icingacli x509 jobs run [OPTIONS`
+
+**Options:**
+
+```
+--job=<name>            Run all configured schedules only of the specified job.
+--schedule=<name>       Run only the given schedule of the specified job.
+                        Providing a schedule name without a job will fail immediately.
+--parallel=<number>     Allow parallel scanning of targets up to the specified number. Defaults to 256.
+                        May cause **too many open files** error if set to a number higher than the configured one (ulimit).
+```
diff --git a/doc/res/weekly-schedules.png b/doc/res/weekly-schedules.png
new file mode 100644
index 0000000000000000000000000000000000000000..a7b9508437360cce19a97a8d01cff6295a6d87f4
GIT binary patch
literal 140091
zcmeFZcT|&0*EmYIAOZp+J%WIMfOH5gN(U(dN|U1Wt`LZHBPu8z1f=)gq<4aaUPG0x
z(n5{Y03qb}aE|)E=X{^*-aqfU>&IG2o-(s%X3y?>53hB!R4C3fo+lt6piom))FmJw
z%_JZoF+58KJlUDg76X0=-E~!N6O{HduK+i3)`n^}nwkW>!1Y-I5<*4-($gluM~;x`
z_q8(NbpqnQo)Zxe1lbdi{A{BI{GR?r0-w`9fB%w1zalsT++6}bFVYEr_5|Li6aDH*
znwd`g>zc$6Xh(2MPeDx$_|>y?v$l3|w{wL?iE^3%56(SSHF75)xXgL_Aym`7_5&E}
zi@m-f)KK#d*wWQm;Gvc4BWr=D&W}&w5Xd|Q1DDR$(1)O>&Q31w;HR?ef3*Mu*QbvK
z*+G9bfjY{v8*1u+6kOe`LE-{81#Ys-od<zHGHzBjU|mJ!pWT5wS#~=p^f6da5C($@
zz(fRG-E0Mgq@<(-Zwd<v3-bdl_}#r+pbww&ySQ`w4dfRbMQe9UH~Ys>dsi3GDcpyT
zTs@$&?Chrl{r>xVp4Lz8|1*+{`_E+o3luzkBPb+rQ}8!zpsUR3Q?QQxQ)?$9MSEue
zXTTV8LPA2qGJkdWAFuv1<bQQF{I9N}qW|dnU$6e%^`5)6n}Vw|Fep^+KO6RQ-2Z<0
zv!jgQ>DvDb7k?xAucrW}<<83p{@yjY^BGGQFu+DK+be481HS;to&FKs0KTsO{d;=7
z?Ux<f4UidxKuz(M{!_yBnKKr&N>i;{+`F?r=;lCCI=;&~R3x_uZ&8!zQ+;^#2%VWZ
z1hmw-1tFxPQ#5OP&Tjf<$Op~23rjucGtoTF8NYDp(smje=hj$RS=op%Rokquw`F%*
z><ZAjQ!Wp^6=KU-$a`e_EUc7w{LupzC0N2BC;G#sNsYw0GUHKo-E@e5+NafkaaCld
z(lvvA=9Y$>p8K6};xm404LVugbY1a+Wo4UbbVb(aS-+OOk4op&7vIqNt~GjY#N8_z
zS6%F;%YK~kyyXZ&j=*ijC(C&ltH<3Cu<m(#e&m`($}%&%BCo+4tl=bbiQmK;ccj@O
z$ESatuPyYJll6y>ZEowRtuKl1DF{iZAOwGX!Sw|r`5l#gC_2K^)P=@%%O6Sc7-zp<
z_D#l6X<6?xPvmHotVYZEdFS!=kI(q*cX!9)y(bs@l1v=N@|OyvJyzdZ^<G*0KJm5I
zZT*XoQJq~uvMke4()g?Rk=PqX6;Hj58(jjOW*TPn=+k1S>)j_DRpa}c)XrxlOT)Cr
zicJNlYSFvZ7Z)BM?b>%mUJWeMOefuNd@1CCFc|TiaJPz?6f5eeM+`4dRN7j14K2DI
z{J5Lf-I6;HX|_6ELiee67<H_kj;*ol5|;8s1v^Ix=_%U}<-={qJ=P?;<M^j!JUrWU
z#2brW=gs2%tW&^Zvgjg8R`3mtxEq*t%el(S;W%8mPY`4v-^V9?5rTHb4Tuf;8^`k*
zXcd^1RM_r}IZIm&=km8S=*-Sz8IxX$*!Fi1S>xaNFf495IZiHI8rY%g-pRo>XaZYd
z^XP0&ih!lxj9ux&`S!jV%`D|TPWRk9E&GiybX087$xexF=erLww$+^OODOS{Fn@A*
zzX_g2((T&O1ix`rq<*o^tn0wnBHRAta(o=KJS#&JwTXZLeDI`RYe7tf?V5KNbj9e&
zMe6s$4)ceavzKSZ%mo>P_i^gG{E|sCWrX6XW!o-WrS(2%y`(-1^tZ7JQ64_FuYX9k
zqhe&a6C!Tf0FAqaS3Q^?K;+ncyRF+!M=)FN9)FCTGp3BCP+ShXs90uLZ@gbegjBl2
z7R#%Q|J2ZPtkB}H7m&Hf*xGM-a>Wgg%*3a&iUs7Shy+*^i+2pki>k++WeyGx4HZQY
z2x}<5z<ijk@e9HQs%cj#Ze{A0Ix(2;#?o+WO<FF92E0AOe?!UP-z@e_S~R(;j6Xlw
z$_(f|X@2~gSz`Itt-mSrlsvyay4)GJ=nDc1FOp>PB@k#uvA>jAM+}&Qj%ph&`vvHg
zY4LZ(@fYQVRc4~ak}(jil$}Df&n_-PZ+o%NlI)wl$NhO+!;@hf<THbO&My{>ELXD8
z1^b&*=*E7XqY;en-s))FjU`-60Mg=F%b5$b>7KJp;M~_w2A^e-`KCnoH$@aVZfftZ
zPbBlst#!q4FBVJXL6&{izdSLjGbF~^`fc>Y^K-QI`5<1zwQ=3_Mg4f#=)*-5>@s~5
z0`hk3g;cfBHy;nRr+#v1^`3bZ*3!^W?WnFbPEe-6Mb-R;WH?24@WR<5<DBTqRiAr4
zegVmx8cWXx3NErv*^_y{G<Ha!)ZJd_+ORK0_w9M9J0Wk`9QBg%dZ)3o4<+Cu>h}(w
zxC_$r$B5Vt9EgiMPY-@RJA@sZuY7M;ehB&2NlkO+I+wM2d{raak?S;W-D$Gvp15=P
zk!$5$1w5qcP{+YzH%K?O7u3kUb<o<1pWdtYAVRJT=fng2D<bszLaNP??^<R4K#M=Y
z*MJj~-k`f{W3E5eKXte9QBg}WG9NrAK9;y#_t2>tnQ{>4OTLLCy00uIiQs8a+KnDo
zQ0(8~$h3@DIZ}ExQ0DE}?ATBE$d96eoN&o-^kc)_0Q<VYwxf_IuMe$s@fO3{*yPMK
zRG$Q)11_+YXS67R8o3l9oL6kPh<n@k{!qmj4}rcpi5@n8r&aLC--zypVXINt(PuxE
zUGB|>46AcE&P%fF#*}4<3%kR+p$x)_=96?v@-whE?k5eK0sblxtTAm%5p2z56wk&*
z(h?ixw?;rU;i7}Ow}_Gc95-r`+^6cEgd~Igx=-Ax_#eW)ogq34dPeZ~7kv&y{eq%F
zu}=TR$4>(B8F0Iu79|a2=F6Ph^%a|aTwi&`gDX2iy~jMkl1g)qb#vONi;PcG@Z-0c
z(nt52yhN!?mFO+smQ2-Pi9UI0rk6b}e<Y-QXH~Ub{^SAGcD@~j*8PG9Lha?#bRBo7
z(81?6SI?SI=%}Phew$r48f#6)*WM8uEZ|7p^Bc8y_pf(fjK0MAX426EU5t*{^^1<P
zxX5_Z)bY9Hk=Y$$+auP}r$Vk4hJgX#N2U=)Ir)cF8MhDJJSPq_HhT<;w@KGT&laIq
zDy;YX-~E_N^k|_xpA5fuLj0DULpykusk+Nbx&HF?NWpfj^l}}z`zW$}B)TiqZTwkw
zW3dF>nu6enUUtb^lgX>F_T96+BMRhPRf%4aawtIWb7PrU^P%+8W!ZwUwN6YJmt^5U
zm_J0PN|joqwXn)%n~ud|Z=7f+^vL0n`5<QhgsmHO)|BOJ+`G*2!S}ahE!T0L&*aG0
zBwQ+h#Wus>$A{Uz^}<4A(JOZD&DvV_L#ir@KE%kQUOVY!;&;b3I!P_&FiMAE+<1bm
z$J(Lo=t^1Qx$R|%4$n7o^Z~f$PNTgh2a7K(Y=d{l7>ma<_Znspb{0nHdO6#prlo=S
z0so>YL`vz}86ho@v3&BN?I%+xNzKJh_Y<ZryXn<L>OC;Q0M7|tTxzc=*BPEpxb{xy
zD^*4&Y?uG=^0X;Q@ordd_$*^{wvP&FChlafJDIb{sykUz*rwYFkJO6q_f@AsaooUc
z2_96;DZN<peY7V2OwFm!Qa)!8vpahmVWxm?U(ZkTUCWE1ZZWqwib&l#ml1w6>a2w{
zf6*`h#+d$b;~JmsB<yJSE=Ngq^L~+^q!I=e@G&odK&r#D7U`*loR?1PTvKzz3)QON
zwhGLPhO{SBGO_iDOY!~dOnW_i=QXi%UcwF}FHdgGpS0yJdu$)0&gaRa9YuY2sfn%X
zU%M>L%#^k@2q|OT882eizZ<<q$~}EKfj%y6VV$O@_EoV&;{rM2a?72zS;XSRyDE7;
z_h_ZYs3BF<lnbn6^xtr4f8vfmPyubpW~-fqyyIUy9#h-U9#cAw%>Hf?qYrCak+_A&
zy+f48WTLRN7#}*>S1h9LCr>vq4E<YsXg>^=!Nm3G3Bva5i1=W6m1*e71^rIv6k<{@
ziZSiTr5bSiVX|woA^Ebb@q734(CNBxhH=kja3G7w)n(dZ!GXgwPg!NAQfSB@t<8xK
zdbE3Po?xYe$f27bCc)S`bK*3W@A#<;P&4lbn1GOeFA`_RSx0HkK`*j~eu&@8$^I=^
z_)60e+tiGC`uvLjR(*fnk-ICbUoB$Iyo!YsPR?tQdJBg}Ep(|$d2GK(mU(hVOYtbD
zL>7-ymj6(ilU$$WrnshL)t`K?VzHCcsB&2p0m&i`rr#x!lKd|@@*jx;TtVJkl7wv*
zGs}A$hO<ar<JPJp8oKoyNzE8MrfpQQ-0RFm-pRor+@A7OR>@R|JMgD0`Ui~DXOC}@
zXr&3eSFlKdR4Ca(Pxhm@udq}<B1Upu;kOz3NbZ)&O#2_B@1Iv74{~PkdxMK?(@cKU
z{vS}mnVdaoJ+XNN1(KPs4R8NP8~^hvIOtjKswC7Rf>{a*@)o2Cm1B#D3w|@oluSPG
z!V-zAeDSBrM%Iw@Crfc+Vd&r}5#vB4^*sl%huwWudoqu!|HsPy7Qc|_vvw^gVjq|i
zW+NK~qGECWc<GNg{YWaR)RCHEvas;F6Qw1pbOw&Hqm27y@&0r1z?v>`Q(1n$J<I|}
zeNL#5_!HD;8ldfiyAzF$MMbY5Rc8X}ew)z$0to+nE?LS?-P6g`7A%zpGLBd6i;~pe
zSN<pVewyDv-yi3lX6h#Ose<<l-@p13%BaNQ`H(74db&^>Md%m1m9zgE^!F`<^sM3z
z^KYf~Z**QOfIvaUlr*=(QP)Ou-T$x#5Ct$N3pYiqt|CpaR$v4{eCQu0cCF-@1eNon
zAz%lk;;VwPVSj)~0I#}cL5%eNu&km4fYgAcIV%0H2!YcIMhcj|c+00}+#So$$*E2o
z^O1B%;{(wlCt$GePjhf^SYuL~E8H<=6BX7;#U==~G3PJWZ3l9bg*r^`I9y~3<f2OX
zo+hD1^&2Pu7-%RGQu;tD$E9RdxADGM!M!Yprc&RP?br&dmGeebyKGWW)Z?ao%{T1;
z3w|fbVxUf;?cRO;hvmPxPDM?9Rg-Znraf#`qnejaVVdu8C0)@;jQkRwAAzse=}&2V
z%#mH|WN585ct<xs&)%OZ_@XZ&|9@XSAxZRubjXSC(D7=|Vq%d1`C7UEv3+W9;!eo=
zM5ACa?$u-hH<hy|I~7YI^Tr=28h-P<{&jO@7d!u)5up{y=*%19_TZKzF@v$<nMm51
zj!9d6ka3b?*c&b?7Cw3=>i>}9e_z3WkiX^E)19np5JDD6eg}(aj&3dPCRF%;TB=KY
z<sl76y>}a8_yf04$-^_1&Ucm6R;gA*4W8I$ab)HB?v*&rmG=bbMV9~+AZ!f&6Gwc%
zT-WTk_I~+A_*#CV$Wf(WZrkV$rzs5j!SYJT2s7)&`@a?rZzTeUcyvX#$uiZt%m@H3
z)7A*7aaR&|#6oZEr`nayZyXh_c*41(muBzeteXJWsvpLPI629i9$vdO=WYBzC&DIP
zBKEsdh^oJc*PWx?6>IznuEJ-)>~N>-<@Weoh(ZJAbv5=l29s06Xa4nLn?{b_xY_Fs
zaU+a&|MFTzZrB1Y%GIkBz3GGPLI)f#7Fd%0BD=asB2A{zcmY^dOelj0iEJ4EQgb`t
z`oE$rmh+d<ZNWVZpLQGG+eeRCq@;p9jO7lY702Ruw1wtJV}xsmF%olE>nhcT>W??S
zi0?CdB&Wt@Bhi5Hyta3g9X*j595Np8`>X*Ax9Tg0om(_j!dYV-UF`URF0$;8ns$=n
zA>W$jmNX(}ae@mxrtd8!Tt*;d3E0Jpy=TA-IMBCp?$j7_e;mi)()&@<P&g{vx8<y2
z&;~M#<0l)dvcn(LyLC6iVA0(`Bt`Z)Sw>J3E|pozO@Ff5-kw|J!kA&;plgft<WfMX
zN#m>ChCKJ;4|WtT2no;I6;1T7wfZt_UAb-)>lSs@ThQN@{Y@{Bw~%zmZm4TZyb75t
z6L(Yq$QV|4^h&(K58E$^(F`Z+Vh9${0U<(JPhKtbGRWRO9=(e0UYEjaglmNDUGYP&
z@ihB*hE#|7%uiG<TYc%oSdU=Yy6WB4cDTjhcC}BZdq^_p#WP8Nj`+Y3&L`-~p5p4t
zw0o__W$J1fC5v_7pjMW}2UMpj%?tl!Kcm`*F~j<+qXkzno)NNFWKSv!gfa1Re%NcH
zL;!B0bIgBYr7j;3vO&xH;`!z(atv!MN+<aYMl!fH^hft+B>O{KH8tD2G{iJjm=XKA
zP8#jzcj<ofldmDr2e)T8NHUvQi?9AvYTY!bsb!Z_8PrNMWkXijbTXzY<)nNYOOLmJ
zrh}>~wVT0Wi)JhgDFP{ai(aM;zBx@IkBajIc<wjB?L@c|sgY_Q?xg(`@{h~U0kUO)
zMe{WrRcut*9Wkd#-M6?Qkf)s%hrUzV9Dq0B<JL-jyKUX0y5m?DjMT!c46d*mHTb^t
z!Mwjg6CBRQ0Y@EpAsK&?aI``C?RsJ1baU+(Ca`5IG5SmWRQM~or$2OBH?(d}l4Z={
zAY&zSSKgauX{@SaN?ABfBO$v5dU*?BwJJS{9!x}=Y^CZ%$ZyfvY`+LfkBB7mlY8SQ
zx?s<fd^w+er%dhjqa}l`!K<^>eN#2)$TLUs0(|#N_jk)^=v$7y>$%y-yh=Ta;Jy<b
zZ_cz@Kwgtc!}dzJD`%5U9R!xcy_`>ezDHdwC#8qD2FSC1Ti$o1dp{8pSwos=?pF`B
z8|S_MqV74e#I->yuFR0%ah&tU*$rmj?+Yu!j{SoD4$)1Qg0(K)2mchx@DNi_0Wp$N
z9*TH-<8E)q0rr@5d*X9}&83+0ZsRGn8aZzkbF8|)yB!;5JIyxSTS`#d=JJ)}>{nA(
zkLA5O1BSgd7AsQQdZgrxcN}*Gm=;f+;&hjLCPX`3hkMJ>%hJ6-rzKhchWS`Ht$=aW
zdls=K?>$DN@>TN$am!rPb#j>3$x6pH*yaP>5(n!!FUhHRe5HB~`pZKD4=yxegxsRj
zcC$@q<SkK)>0A#D9+TX+v;z8r{jJT8<1Q2L?L*Wyg!Ec)E;Y%LPljr>^U0gNp)vj#
z%&usFb*J<;k~__3H97V<*TCL-f*z+{E-LB<IlW-4mZ^`FrcBvlPi*YIvum6(#hOOc
z$CuZ%Q>QENt%NiSCkAo&O5M1Gs1f(2e)4y=U_($t`O4aMPhxNj;JT{qug~z2)APqF
zEy=VbNNJo#S)|V3>HGvXQICs68?sYrMFx}vVk%9zkt0ou0sMy7(lir!9mh&BbNubz
zlBs1EH(a7Ll9bQv@3G1qABYHr=g{%H)ZKTf+jJPH0hYbtGy5IT9o@Fw?$3*V+c?Xl
zo8nn-lf(<z@>CvtKv}SS7P~arJm<QDk1J;*J@FZz5fB1|0Zmp%%P+#PA&mx8$p*|)
zieEtyXdk-0TK`htb0-yMFjzLiBIl;KxrWK7U<PCB&C%=Aw^&&Q$Jg1umG1MifqfNO
z1Gc@qe!zW{h<mjXFjKxO$VNn^gSp3u^T4L*`XLFHH>2{?9C`c~<Yz`FkM3!sVW%Ho
zj41aRy}rK~aef+W>t0`xWBpmWOl?J%Q+Dr!k5O@B7)@<deI$?9EH9N8{z}NS4wLZi
zt+Rv38X_&4Xugb#GY+Q7cr@hIlY!Zoz8HXKX8ZNn?3DDLp_&KRVDS(*>Rg&;+|@D}
zN8+u`n*Qwo$1$~Kmu5wDS-|VyV1TD~Bh6$R$Y$myREW3A5K?#gNf<m>OPAMHxY^>u
zH>M<m=u!@w%`9EtPfUElw6N|oK*#p(rO|irk3gWh@_L&)mJGl2+G7$j`Tg|6q?)=)
z#x+OZK;+iB+iP$Mmr33M#HC4zqerqxL-9+&;iN&DzpPKlP58n^MK)RQI~BGAm)D`b
zdx?z){f+3DoSu`d(UseI;TsEG9c<fx@<z_1I?Z5@rF1~XdIqTA1)ZKH{;6KCz48yx
z8SV@?iZ_<8yTdX_qn}yoHn?i3M=!$KCi_W#&Zwru7bw%_ej<ItI5F|Y*@rN{{2s<1
zEMiW<q9R#w3jFwDL+kLv_v;gt<Fz4xwn5j%^(F`(PLdc8QcuD#>r9p}4tfUUd1|X1
zsO{pPc`$;|_#ZJsH7|D#)i)tfHyJ&l*8JZFQfO;ZnG9#W+v0@@_7MxHZ{VOe5ukPB
zf>?b77TncTKk=^_Bru%M!dO*&v?KrRd%)9)x>$lQdb1OX7mKdkoSgBml{}0lr@H|X
z$<u!8G*Llj#{!ED05#lM(cRvt8h8|%KDx^^1zV54)D}X<TrImfKd>+=F<X7c7gG|y
zSfRnB(GUzxeS5j#F7}D?Olq*q)v%-)3k;IFEk>TnaX9A7`Eg2$u~bnk9iQ>%drZ}J
zE;D5IQ{^V1Ag9n*%Y5pzf?Sm?Da@9Y;iyz`zue;=^AD1`KW~L0Z$gyfr6+sRRhqN9
zQ*6NA2E<*A#ruNb^G3tZCEMhwHb#QBz0rQe3(H;zY~t+W8L{oLwE^r{3TdA~^TT;A
z9v9{ctNwL;tQi~I@pE4>oXMPbU0T_~1x4<0k;PAs2!E5)Ip3S#J;sggLe?alqUp^;
zj*`HGtT}g%TDaLpU2o-*S4oXE_#DYFukC+!xki;@cxzwfZ-X8#%JVpb2)Tndz8=FB
zV67}u7RfkTq}o_h^61XnJPAcTXm0|O*hJ?uf4_y)M(K_^ZM~KwW1B>oZj&09c&;$P
zsL~Wy8VX@-ym<g#Z*yfYz0CW^Jn=$!c<s@c$2UNSb#}~icX!3)IjKi2jhk@}$nL%4
zrU>r;KC>M+C5vsdt@t=KSsiD4Mt*f70La(4p>f1YDwK}Mrpc^V%~um0KA5I@Z_*t;
zdLwb~l}{snyLMQPzE75=*zRP(y2oHLYB_OWB7mg9N1nx04xQ&JQ*a-O1*}L;g*m^0
z@Ub!G@$m<vcUV~;BW$6SW^;6XCRi?!3zvia(SZ?8t5hsrW(XI4uWu8#mWbgf=6Ua?
z+MuwwyXc5vC2YG@KgPUWH6oMk@&zU_<>aU>7}SnC;-YWs=KS#>t&oBFTzmW{@brLz
z8(C(|PJ-L<)88HmGyH%oQ_OmT2^}gPNG2|AO5*E0o|`j0c-;ML>QT`(Dwd>+Q@>4c
z@@tQ;5+M^=GZmIuGgr8hqov%r4tKLK>)8QXDJ>3KE8J;b6ZidaizLW%+tW%aRjZx%
zVaV4@(9h)oljJ}^cgn;#@tG@BpfN=n*0XHxyRz9WfY@2m7&=bm^V@^F;o7;WWH$pJ
zdJ4<tDX^$b-y4p6*M*x_;(n4WdO|FHE?uuIM%KaMjZVmt&loKTu55T_)pB^L#74K3
zZGk+7-q>BQv4^fNu{$3YR9EEmCR)7KBbNBgMekLQXvLHpNYl;cxlpSUPKRsm>5wWd
zVJR!rS&V>go+riO`aCkVVZ!~y*4@L=8iYaH;;e>UfV@?I<(wrYMubfl`eVdnbIjz#
ztm^aFOYEU~KOiXN^jIOkJrqI?s<aX246+QCF9&2<YJJ~2w|<-R**D?j)WI&uhAfo9
z)^P}#S-`;&xpp;~av7qad7&>x#UE=9Wh8aZ<}h|`st<I%ErAJ76g1o+YXs!iWHW!w
z;)$P6!Z`}`u9%e1ezJa<Pl2l`JrSuQo8Nb-gp)m3s%PT;g)(znA7w+l<g#r&0&kh>
z+22h*AR|y)Q$Jx8JDjJjQ9@>LpuBY?{<$Lk14;-@5$3L|2%`t9WrVYi?_SqBN89O#
zipsNE!c?YkwHWx7l2I~(5`{nVfF1lc2N08^fbQujb>Q*AY`_w+z!GdKSgvmB7n|0a
zxi}1Wm0t9H9|1-5NUNI>&%?PqZ|K%V9`AlK(305SOZk>%y?}b6w(ZMl06MxYqsOZF
z3vZx4@)uyEhk#hU=;Zqx*(GdrRVp*Z<P+a7|ADFj;&vtzhMwi?D-F9?e3Z7L&DD1s
z$PW39_M_(C&~<n1^340~HT?LrUO(j83erxg%=EJ}-@If3G9K2_7o#~lR(w~p`z??C
zkoLk`W~quP0}A0rjYj|_3tKJi4$RC<EL!jgIgA#wW;wrq<{bK}^v&+dutpD4Y3!K9
z-1WV_z0YDi>6_jMoz$lWKp#iRnros=uSBA6@1`5BueK{!(`5SIRetQ5Opo2YQHiQ^
zb!B)v^FFMvWl?y|Mx;S%Y@CERX1(^&q65==jQ;AIE>qK<X>-`2(~!Q`X4}<hT7Wl6
zGX+OP7Co(gDc_-*))`Z2^<m{bOQm4Gv!-QQ6h^MP9_w>xTyDy+ef|g391wS~lz(%G
zsTtOmH0z>fxu|sXQ)|IRxg)3Hs4veyyur`@kjS2})|A0yxMUUOc=kDD5~{%%T-*pK
znWWlH7mZGK#@S?6q=;A=E#Sx7)58%H$0LlP7jpm`+fOa9VSDS{w+v=3yQHy=hTvQY
zH9O>MtiyPrfY=?Kns6`Y>3sM?XR53P4E($vLwq-;*;m-}1<T=v=!neZ9;4}EQY5l~
za&c6is`>Gj?#f8DL93}s(@x?8k2dQTXK<pK%BbU^UGGi%FX^eSCcgAG3Fnxwa-yBN
z>gO;!u@B&=w?FQ*ji>DY@_U|~6Ga@ktqhjl8w`2FcXkF9-7qvmQi*xzrDPW1_;wwm
zfn9<!tKang%iz}<VHWB4|K>l_<e#JX4nK^yf1R&e^jd=FfxfK#e}W+oh~Pv>d7NwN
z?g}=z=-$^h`ZS;0lQk|Y6Zu)jGxaZ*2e2PR>P?;OuUBQ&&OKEtZQNJaPNNWP)^bRM
z?7q9JAiJk9%P3&kuK8o6-oQUqR^j~RUUX3+U@=O6951kgs>zCUV@SK=B_j0bh8zLP
z(@YW#eZq2;Wn?tpImjjTEkmj1IpY!J5aTi14-51asXDO^vw0hdFZv)FIY!RC)sbzM
zPYflSMZq1neTk49bAG0!PM1^8w*e`zoj2npdLpbU`{JXoZ+hJBg<v?#{~{;iltv8i
zycs!0gbqV(5C0iippSvPbhEaCAW|<mS#%VRIxdtvWINz0^)zp!d7%|AkWw;R?V~+t
zQKf~FMSVNd`y_K1QI7=!x&H)T->PDx+7G5I`_@Frhuk>|zZ^YsBE}aF8ot_U_dn_z
zE?Qyx&I{*)HSTs_&OCgX@|`W%Gs4DWvd-N0P6~*wTSZ&-=~6F4fe|7>zeHCp*Y_l&
zvEWY1ewfVGNJuK!R*9Q;gc`Z|U7p>TTeR4$<W1viW?AoEEyg;JHF2q@KO&g{!+dko
zJ7}RlrDt3~2(S~ma2@e6a@%`3<cVjn!>{#ZJT`&y1GlaZ3PHa2MDEPm*Ot2~u+xt?
zb$@=6>f1YMU1TEN1K7=7?`zGX97|o6q`K+GYcBa!Qq5f|h3vl1DC-t8Fx`|o=2Mv6
zDsD7zTkO5663!f3xy&s*?X)g-#k9m>@x8qH3EYn5mKiphZ#r+@#NVow_|#*>j(KFb
zd@Axi91wJzRGnozjI+hgVD@9?@CO>Y+ailn4}VF%ubG!mV*)W`B@Tm*52~!{Lys()
zxUX!mz3}v$t=9-dax6YO^qJ;q3!#e&Vq3Q!UY7DWDbt8Adka$z-7C9@1p|S(n4zmb
z1!XoJVM?nex0`!>og3Z(f{rk6k+6pi1hDn3GXwqzMQS~Ei&8O7*5|%JeN{cPwCD6p
zuYhBBFezf-GDWy_TNe+DU8YnYsjp*4V{&flI3(sw12OV&XBmhaC4ZB`2iz}?ZuHr&
z{$LBU1+Qdi`J>)`Cdu5Z+gbA6fLfd9`AR9I`Yu^(n?5ptDt5(0$Xan-zwvEtRf47}
z)S0ASd>3)Qq!HJjTJfdn$q&lnRdMbsg*_)qfsJ5er8H_W_vH^44M5;QDN~ObeouA{
z{LX7<+3A6JR=&ad6_gw9*(U_a`RyRaV69TyZhW%QPs@;yWSYppY*rCGH#=rZXX%A}
zL=(zNLl=7SGJwU&ddFH8hLR5`o#%rMa|Z*t-P7j&um;r%10tlFvPQ=*sZvhvdvMY?
zRF?sBqo$bLU%|ddUDv`#&yq-)`y4XZKjcEV$B*Jmqf92}R!T1c$#j?Fp-?MUS_{CA
zXq_3@@sIaGGg&A*<;A3Few7SpX-YjgBfIx}1#O~jntO*qNl*MB!qf9irfbuQvDZ%Z
zvJ6&M7-f{O)rUz1`%F&^D+T&#ofD(NefYAqR0QWpo>?y<v$h>bW^a3Qd27^>H^yWV
z_L`btoD973h*RWl7C+Y#!ei~CQKO6Bi1!Woy(YY<{awJ{T5`<!fG;XVD2dJ}r)MsU
zuT6C=QQ|UF`wYZg`Hz&pj+wYb)2HrfT|8WV{?g4LqJ?YFcdRi&EhmFVY<lqnT)Puf
z>0fd0+j+&>=A4|SgLRtCPr>2AC#aZKnh`s2T<;PwWzqmTxf8uZAMF291lXQb9ds&8
zZ4T@Gv|m$i)^3#vhO}J^Dnmp99!^7%0xNaOgMqip3x>ZdJ&sA-7Q1;cvomVE2E6Fn
zw#J6XTf#<7(3jA)>Dd#CrI}UJVZ<%&JICtY(;h(ySk52GT>Y#?cvC)fSPIpyt7)F8
zq}e&eAcZKopN1(&^L$myp|aQF%MU`Orh%=2eX6FgRnoq^W7H>H_Pw4p%c=m6&PL(Q
zm;sqRK+;cs?W<LpgwiIS=WrY=9y%Gjzg@R7j*!7`Gi|Rd-?is66P7BNI#|peyZZ%4
zb|Kn406Xm8ryb}WAp=EJHLQ@~OFy#&yVxi@HA$>fXeYs5Ap|*80#HT6%rNlny2Y?Q
zKaU2g>r^E%c>Bkrra;*2dM#{)nxj?b#|OC~TxtJiZYJT3kM~~ft-H2?WEmYTm>MAd
z-d#{Z_>kg4kS>v5>-+Vz*zH~Svi44)63o58-c2>ay(?Hs=17e)Cwq6rwWJX9fFosL
zs~<}XOk1;t()J7WJ1YWJGX^noahXcwSS>yI!MaQ@KB>q4-xD5_W_nni$hd25`o3VK
zMLWwW9!`icDhF049({kf<5bt9H_*&(ekZ}D=;NWUeUL)|4Sz$3zu|BeEMTJ9wyb1~
z^1hh_+p4I&@9V|{(~BO8RpI~-^0uq#{!%Ju>qrvC3k6L#?dU~=DvRt5>9te9{As>m
zBmX2k%n(a4#sEiI2#;|5DzJER7IpSJx-a++ewVr5<un#3<~TkjN|~b(3oVo_19#VW
z^>_*?gGk5~*ZRSiJmz!xbqlS|A>Drn21PJOF}XDK#Z%U6Z7_OfSCY};LYCZSEuZ@^
zR#8-$PBjuE!AH;*HU94x3mrfnT|)s@C*}c3$byLlT^i;a2Bo3+3?jhmiNvlwKzBOL
zYyrmJHYPKNi>^y(jwBM?)m_y!uSp;mlIP08fSWo-SOLXdT-xqW>I>RDgeFNCtv6Oa
zSG)P`6j`An-$_-8=`=zo&Kn^fW@$!c+K4&m@7&>Cfr|K!Tw${E95a8q^rXJJudlxl
zeNVpl0LV4y=IanjXJky>WAek!I5GS{>9y<w9OoFMEi0tsg6PAF>G;(^tNK1FX{-wg
zip4076&lUJd`*KxL*MdgGE#EiQ<h8<+%T6{Jy^jCdLZ?75wV;-Cs7x;NHr;9RPMUF
zpW)p)cj|l7p=1gaer3d_iE3+IotJ*p^_s>m^vIuxYRh3C8Ar2qND;v8RGu6BROS#6
zA(2?2L6o)}Gf!fkRErXE66W3ARPd9;fY<y~8*^g;xW(~T-5oSsUWLSqH}^$@t=m|F
z$86Xl7zE-)^O<^B;S!{b)Fu4OzL*?a+V?)L_~VIMm>r)s1tZGk(sD)k`<AS==9X6b
zWa)QgXo>)ZMANZrZ*zqvQJ<q(JQQpBVuQ#u^Ry2?lNnjAQ)S;SYj(t7W3H)GvFgg}
zAFPIGKe|(KWdZ6tI?y7iD3>NWT3br~&9|irQDC#Jl42)vl~WFGw;^AjTJYilIreAd
z5Hd-9-8ef^ZDs8C>O0p9Tq;IRWYKpHS4}2bEDhY4`&k1a(2Be6pkGmcL(;^=yIEy2
z@`ivV$F|Ms5UD%NBv~JTgY8l(Y9|TlslTKCu(vk0@49M)w>wt!8eKT@7?PD_s<i52
zcSUSHO8zja7L%to0~X84j4_{p-bB|Pit|4oj?WE0u=s33s3I%v49(s<mZt~e^QF*2
zqVV9cFvcIFt*+^S!89g5(_mK^jQ!plmgg*Xy_kl0^Gms&fr3DSh;2nyW|^o|(!8E1
zWp(cPiE@!8w%wdwlHgB4ExdHy@nMx3eQPj$U_|$Jz<saDSMG{cp2bqNK?q!-e!&Bz
zdoqOY=tI}kC*>ZL5L?F==Kf_3X+c8}!gs$5b;YZ8=FC_WUcUcuLgZ?$ON1-P7^4<$
zs~(~7TYNvFxo(o1U1jf)rC)RjGiOu2M>Ae?ngtci8xRfPa}5W$zm_KWA|H3kuhfSz
zU1y4P{PcKHV@mK~z#~ZQYcjilcVa5DEL(8ypsL0&0l;%QH6NhYR#Q@>RR<aygO_ML
z<L?#WMF>A?pZcRSqp8-K*vCN(cZ;P0#BlINyY&4M*j#1I#c-j+*d$ShuT$#)+9<qz
zSrUq4zR=ygrI2Swa4hZar=V%>Y+QXB5|v7_!fZAVtxvvN;i<ZH8rL_Sy3bXj?0%X=
zbY-LXBGDjYW9F<$kKE`FciXtvC*u{K!cyxr!<86rS@A^LeJNCr1#Li)jj6|!N)lI_
z)H>Hn)q7lP$fY}XA4=;MFYQuk4;JNr(U?E8)Mw&+^m=@bd8sF8-9^N6S31>4WUZrq
z2y+#!7_5a|PV?_g1h0{wnB6el+?+2yG7}4)E|@QIn<^<$3S2x<+R-0Kz=kx5_*PM@
zV_jimp8(06mUy%v6oYTl+DH@{O0#3#r#JW05CDu!GI_aHDN^b4%`0>g-3&CM<C$#J
zp==UEwWjpOwQKD7liD%8Jie~IJ8hCT>3#)jpJ}AuJ`{FS*x`$DvZ@MyapE%eAm;Yt
zz_t9YN>vcpD_QFNFT;`=zPmD{hV%Atf@rIFq=Nm_g>Ac?p1<+2S{vK2acfpeeZBX*
zoaDTsyge6WB(pv_<XzdO{j7c8c%xU3_(UVj{C(-8kvx%Q!+f1vJa$~yWt^W^CFV)W
zVX?6MEC;chC2;+|;o_`!G<r~?X6A{?o-RFZX8{{La%Quo(ssaR=eA?GbxP~j!Io-_
zyicX6XRXG1#S-B-^qRM}d*bVpT}f{<ASzLr6-P`eZYiBR`{{ezn@Mc`2Gnn{J7BRB
znN_|Kmp!%1ylb{vnbVUXY#mKuqgWrlIffj}h<hw=?kxa*^FV%G3bvnYS4fv~LAXHO
zO;%6M<77AFr{7dyp8o7my7_Q4K1kNKYUxF)*fRYDO$6rRw~-M@RovN~fc=2e$_V;?
z;z9afp^ImbW70?DiX8}v{omnaz-WPwTuWzbm#{a~W|SyQL+P_5zL}3W4Cp}z2!uv`
z6qM3DtH_-v-toH}=Qb@+1;b9;_bU(w#8c~nNq3WiJo-ppRXg5`F%~OqUsI14Fz3;T
zD~(j*VhQqL-+1bAsl6S@zy+%r{MvI!9SM-l)QI-~FG#95qLm>f)q3HaoCg!So|kq$
z+GIjCneul0?2vE$8Zqm!DK=(t{9GP$4SPveKv}Ej#~*Lq_DC}Ix>LT&{00;cXc2m{
zkY6L6Vl8qN$erdLnRJr=l)|lT*KfYZ`*~iHTb}e!LqJZYx6vZquki3+C{n!#WDWI3
zH@;i_$3Oo)$f<aSk8ndk;Jq1<{wx3J_#XuSUl9Kv#Dx$MlHa68Ccd!rS<LV7^FKBg
z*iBU=k$b?&XsY=O#b6v897XGgkd*pmnEWzies%(lp8I@O(V$@T1vRo@Q{3(2f0N!X
zI}>;Y>81;gN(A(Kce7FQpNd!_8Ba;Iy|G>Dw~6{Ma0RNZEW!Qpf)R>0*}-%(vReNn
z+yBBiDUlWkY*JG^1k|?@Aq&2yK6&#mSif!|g_j-^A?bSJW4^bA0BPxau!uk6Mi>5!
zCRo5IvknM*gg~IYb+*auzs1b2s*%6>EV7U!83O$ag;D@3;pYFyO0<GsFDfo~r^HYr
zc}~KgJpVPZf5LkP;iUoQ3HYLMK(rM|%35Q9yu-h?<JYZj(=)P64tDlzwJfq|9z8Ci
z|0l?U5Gat~%Ql-a76-8awQBmFXQWL3wC69$?Lc6I{$$-+ElmLOvDp*vKh3$27Jv+n
zNz4L@3Zkznkm<T-cQ<yb{b_%B3?alw<8Gk9AE>(l>aN5Nemgh6v(G<=q7o<Mree8D
zty`#n4hV$B<oqh3`418Ny5a-yn`9^ow@W4e!;%Q#Kh6WC9A(_iKh33o;U2g>0BSw<
zi68!n;2@x;(?W|iHP=6&f`G^$Xn=zl{%Oys&Xy6tQ9rzgnEpUf&z_|L;$5EV{vTvA
zA<0KRKqxn*?*6f=@hc#;Cn;at`@d-T{{tFYGh~^ZH5C;VM;v2~HTw^%|4f|(a1wH=
zV6B@h((L~wmH$EIFW4at;W}^a{#f!HX+cPYJeO;!@<-~?IW=rD6`B6n;Q!4eKww(V
z$$xYE?@3=Xd<KC&U-?4)2eShLq6KD|aUDta#|9q&KBT$R5&lO;%{U9l0;SjDe{68>
zGKeb00_>^yOWyulg`QOcW_ew`>bJx8?*^*x0bVB=F6a0YuS2c_vsAd7N%6-9&jDr0
z{Vts4kJ8{aHDIv5x#SFt4W|V~$|+p#ik3xK^+&4=+4i!p3|XrZ+P3lhjp@f3r2VES
z8r8{p^M&~Ms;BgN=yN_)mukk_<~=vpR|x27sM7^_3j5i(se?lBrCW0x9}HM`b#6&q
zJJ2~dgY@B=t$wkekdM3Md;Z+4(A~VA{%>@WjwiBUcV1mBMb^m9ET6^RmChfmpx9ky
z5IA=Fx)u!~$xsa>_eT9SmCfkPGTQ$^G^!~?+#Hl$QGrQH=EKHUsZz!^CC33zpg;?v
za(lVkKv~$fFKM+uh30?OwU)KMp2sc@wour+SOIb$?cT}=;4$($NyRcRm()(2)|2J7
zbN@rsLq3vRM9*DUp>)>x(q8}-1nh?0_9v4-M^BP%x>7Cm@GAGldfk6c6fO!%FOb^b
zIOe8!V86==)Zx@voIACmqKK5#CDfvp+tmJ-fk-`_j%B||=Y5ntr<nIKshx-88D#Pj
zKvgxH5(dA#ouBj<DGspJxPzO3^Rz?hrBl!>0Bz`X_<g_e@4XL>05k*<a?8ui?i9$i
zdVtEVaW4`4o06|J{?)GQWbg?DSPn=W;F<E3|30Sr7x%zNcp#ue2z1rgP0A5)ckBR?
zGq0+RBmW)G`kSs*KLHa07V@nlO+$qM{`NYchB#;G`cLujO9`J|0hRhx!9cZm9d~du
zFm?D%Kqg%jxjyr61Vs`7D+Wv)!icMRr<|_{wEKzHe}D@C*i00T3RyH-0t06k*#Uz0
zi<(vyApY05gr|NH5wf%ct^`cu>qh`w%MZ*mk^csE+66RC^zDM8ZCA7rkXyY9gh3;l
zytY+mo4nRnHs=B$`)raRCJE;#pfFxz;Wf>-me5G-6p++(X1YrK2ygHb0_}V%dMXp5
z6#({kyY7DBpUVec7=W1Js0UK+-S-U4xWtMKVu4EKc5lKwt(0hMeDT|~rT!R&Aj*zO
zaUP(eOY8i-qf>AnuSeb|Mly)lL^{N3m~@RgifdRcbVcfG&<b8Z+*yha3<~dlr73-T
zGD!J<Y;<00z5BA&a<2R(kIo8fbq%bEiQ2x?#P`twq-DoK2+y!J?p4^<q+ofN7*$DD
z200xs=p{M*+u&?w>J-2RTbV71$<|KO8Y`Uw&GjbJtsR=fHez*i+>~hUNZw%c+x9AU
zo(KlE=s_{j7KI{E5U#dax5v997Jt^L(xvEl8(Z;Aw6>~g#MhKNZ)U&ivyt1;Zo-uf
z-h0=t#)}s|T(cc8y`EIN`3A{Vz{@yR#9k&h{K*slk%?xZ1J8e9MTg_nZcJgUdRLsY
zPqs!`yuu{6P*~yvT}=mlem;kLxmFLE2*z9MPw>fU^gU5o9W=wT*nerb2QP@0`%}c=
zsKawD6|X2()kBy{#awa2ocWZpC$)2Zaq{#x)CW(_P1vu!x~JQ0{MV6iDOZ|kt!@aE
zCnjqF%Mi2fl?r6+z#eOyA(}4H7S_G_8ADZS3Q|B>`Knk8*idBkl$=A1K`n4p=F6R~
zJhc2n%@YwgDwVQ@;S;yXSg-KL@G_^u(XQu|f_8Yck_J8mSvuG3tVBF!Z076!-0mj0
zUR|A1(YE{TE!Ndxty08Mbow=uT69#N86)?axC`avD~f+@uDv!0$h!iYsy5!wa*6qc
zXVo6F9HTrkG<0@BpL4}AZkIdTF6!gmTPUCiZ0(*ia1wQL+B1(?`tsAND}Y>R#z4aX
zX{rcJ+OE0yT-F)2a`r<d#H#xai*`3MD=M|fdGdWj)4{?_OT$2JZxoWvZ{7rUxxGnR
zr#n`_;fT7vdQHUUdEi3N)z~3oWSKmyOf+AwD<fLghq8OgxslUrDdEbm{{^63%B)+c
zcon<BHuLoRXP%W=Sg@T=;`4u4AfRW@&R-LyDv`?Y*;~JihBAK`5!39*N6trc+Co<{
z>p4xqB9|sfGUCe&V|_U?Q$kKlG%xt?)7g&hsDmayeE?!**>~YDNHW>h{fequ$_wax
zj_ZZCJD$_AHlOjSjveFAR0glT5?iZPkMN(38m@P<i79KBclEy&Tx^Qa++4xD%8ST0
zQ|p4Go|C%uWS46jJ-6)8?i`HLvl^R5_+8@+p^yGREUnhI&FM6ApjK(!dyvqwapPas
zO13ln#Zs_~-%glrnO2G67L@&?Hn&!}^J!JC-4Ae01yF>MAkMKeR~g3>H$|3#*_`3#
zyN^pchTAFCmCa=d+inU9$$USrxZIg)%6tC?Hyz(w;7EgT_bPs@v+y21!8cjOayM4i
zN4(%c`STL<3TS=yK;-Of6;P|$6`mr!h<>SI1)SOOY*b!c8!NTPhN;GDod{K`l|I0w
zb)|WOl@VGmmn4uorxD>|!}`fwW@N&39)P?ck4P_F3T`QWLgD2<Xu3a`rj1jZWx`Z1
zi?$;$b+m%Utp<4<sZ+CuRm_r4KO4{+ut`<e#!iZLYka%y)hA)XZv8D9Z#AAu+=2__
zw-Z>b$a(Y5{Kdq=T(!w!+C3(srMz%HD$~gY%l-rohug3Axc1uax?eOVS_~e$I|Cdq
zit41{zB9Y-OsHMrw8FkbvsmmVv;Bgi>5LP!MK|!6aee%flc?8S5q7`h{Eptd=9Nc%
z2BsMggrrwxv^SG0EXU=NOuUy%amx|3J4yj6D|RqhbJ<tnpT}r#m}qJ_;S}0UMM*X4
zh1;A)fpc>kLFXBn%Z$t4CW|7n#9d}N`S3H>0TJebUNRZ8jJ<w;a0$^L&mGi!QB&m7
z)ZwA0&F>=0zcmNwGTgnw((;&#uQyt%^1^yRnpN*Rp*Vk~%Qqg}5NSD_t*NhH+#5<a
zOEH{syx`tx@@d0o$&iW5EsHF(@5Ozti;Z8JFyVJvAiF?Hp?5qk%PnSerq<keZqjIX
z)bu%N=3dwnpj6kYHLzKU8v>>Gqmf(sbZ&b|nnTvL)75d@IF;o%-x&<l&($NwXHxyd
zDECAJo47(WBfUHM2Gsjj@6F64O3XCo^vw8KRjP4+7dR~>_@-bUJ6T=WSmbQBR*yL5
z4NUdD+U1(L+zM29w<>W*Mna(b>qb_I41L8hpGuEmF}n;0H3Le4@o9-8EXG>NGMot_
zN;o2)l|F6REN?8-m2<<y{Na@B@rX}_#TLTTD4@#TD`6KkdAq`<YrSarrKXAJ1T7n)
zKOzBd&aLeG?R8_e@#0XbA8_({l6tD_0&Y4rqEe^^vKt#eTFwzJ)>-6!@xm1u^~-`L
zjxY+^;FCww!@3}I0V%KTs;ZUkx2WqjFyw;?J$bJ&lA6lIG7gs5v6M_@>BgzL_{LfP
z6lf#P+eGX*&|cW<XkfFi#X6-^2Rq$}et+D2ZBm<Qp)2K+w|<#!`}nMpPDh>@t1VHR
zbP6xF5VKkC&ysV0&n?y46bahT8fbDw!z;IP*O+>qVJD|XVRLx(&4zhzBqi1KBBI(v
zkvnk2vLPgw-fMHqC6h1!zdbA%ve-u*lMsw#d*$&D<qu*dk`_N<jTmDOV;qaWJZ{dk
zEVso%UBcpz#W^M5ZFeR7=4Dig80|nupSxnV$IWe?EADKpStS+!_!J=@!yC)18q<C^
zMh3Tw@EXcPbEImVy&Swbnw7NMh{($;!FNjz<BMFI){1}v2ftW<a`5-VuNj}B=X$5F
z<U7sOm?qZREt5Z9%cEioV-cu!&?g_69`lo5<6Z%3u3P+`i(3%`1~Qc*=qix5bNJ#&
z8B8YSQMIO7D}NQphYhW^a}6P2(v8PQjWJeVaT^;3mi`ATu3m>F+Rn`<S8(?Ol8kQ$
zj+Wd>wWs**Q2%|%czc(_bOU8<@(rUfB`<0BqF9*lah~0KAC!h)F9MsBTzI7nkM$^!
z!A^Fx1PBHKq<#>1#<Tp^{_v7Q-?BNIpgg{2WZWDm5S6BTO=cQ!oCX_eQ{F4;<kQBy
z_v=l@<u&d1E1CzuFEfhe^OnhYM9fsd@K?RoCoqBGRTrxeWIyJ-3u^UCb%Y0PO!BgN
z&%C1~VD4DAQLNRvUBJ;57^@Hzp*C>hdZc^<$W?#XM|x8z&tV63()==>do6x?NEs5I
zKbA>cBKEb6%}LUF;?3R=ru<<)Z`r@J@D^>bE2zN|E3R9up7WHIvucS?voLf3aUfjP
ze$FWej#A*-Z-6GKu_Y$MQ9|=vod?>8Nc$N1s0a0#+izv|runwp-mbK0oTCjM`-)Cx
zYk3RUoL@Xo&kWe$Bn^a<jvPxJxG3cwmzB&}4mmyW@9S%6IR;L4CR4VDN$|)DcMfaI
z+yIikYmSXR7&EW$EA-Zf@<rJ$DT&)hJp=E`pekV?N3WiZ3Kv{^zGc!;lJNuEc!Puy
z7KNZ@?$e5nYRCIA+-yFo=V?1#Yn!+B&mLN=KQ+hyrPa2mRqa5NvJT_2nMQh^c9UUx
zd0I)YFP!Nar1zO3*lNKA<(SsmI^Wb)(H}V2C1pxCdv8}QbG&Qk)4kYDTU{WSe0OAC
z4r{j5Z^E7+Y!i8(Ke1bLT&!jTs{2Wx*?dbg`e5OimRld)-nw|71nvX3i1o}XXWeQy
zo|UP}l7$|oJs$}7oe_O{V<Mn5(^Yqv<O8~j@UARA&+O#7^2r(mZb$Jff_Z3QzbLCZ
z&38+oasBvdw(FVtt;tuO_X1HGaVlY@o;6rR;lO91Kuz9=eAh)(?UT#=rW|;z^J}|j
zo}Y44TGC7LEe)j{VSC0^PC`6la>+kZZkShpAj#GEf?V=&RLY4y+878}cun6v>B%x>
z#)<K4>=JO~4S#6!VrQwOu`h@sXEEG!Ty=EkmOo2@%zR_M_9%`RxpQJDkXYs&lAvFn
zajs>}&VHE@s$ZXLfE+rB<I5hHDOs=Zhx};&q2@{JMHe$PKhe>se$rIGUXzNOtGMOV
z_>uA-B7^|`^xS6&s**tWkjt+ROYUKAd4M*60=fy_Fk6SCZ*{s}cJmw3p56JFjtN}!
zY7ki_Y-5%KpLk$jaVAp?(-~$Xd6-ltYg?v0Y+2<p*A{=mt^)!$A2ROyH8)Nr51yW!
zD$5O6D`${*$sQ>)nHrmU?0#mV&K^khoylCriJN=xdv(%Z8*J)F^rhI_I*+v1&LB<W
z5}F3J>M^OMEd&@qRB-@>I)Tmb0KD8(%jTDQ4KTE!<2D#;=MbUYTW{6>R_!vs85ay1
zc0N*i%Ih>1dYcX)F=G{lwR}7Nek(6<rpM8XW#^U!#O2aBl~e|Pm}gUeuG63=_-Y2(
zn;8y&6+cM@E`KQli76;8<JYn6Z+UY)9cg%r_`RT9%^^^ExFK+i7$Nd5`B;Rz`NmO$
z&%mt}*~j^6_nvgtAldHm#=WgIZ!s6P?zY%bn!~G()EWWY1kS`JbZpXUW<3FnQ>OGi
zZCD156etJ5sc^8;X-a%cOZ}7*r{K;uH#@I1hdwhSXoze@uMNzskuNk%*@I5FY0}f2
zxo(b(T;I$bKkWM)zwTitw>nEayPy4aaD)NOSPwaw_M~;=+j$6ILX?_RK7XKFR<Yr*
zI=<uNVwX4PUCr0cG=Qln0#BN#_&GiSHjKWOY(hIt&a!qTLVD7aUv|^Uetgc~wa|C3
zugvpsqN72*GWRZ~Jf4B4*;{i2tvi!1mAe-h8oK1~aPoxZrRKk4Pr(R?FEKJgen`8*
zYCo4}U%v2S@aWwREqmZ_oc$M&gT*^NdX(6<Vs_K9G1Pbf;(W;@4~}Bt`r2%>@rs-#
zc#Qn%Moyj*jjf|mlT|%*b4;WET^Yfd^NLf-xBP+s!Jx*98dhk4ty!7aJ$}04CNeTb
z3j<9CEL6MTUD_3SObfG7b|{;1<%sMt=RN^P_S2#h`o)!H^Vri8jj+{w3nAKB$^~J}
zxQr%|W5323oaH(ScACIgTKf?-l-^anpEx~bbQ<fqeJYfU1N(>X3>v94f$eEeok4Vq
zH$t{}=|U=ao<527(MS^IBsgV6ColxOeP89P!>Pl;(A+d5fN&bRD=Kc!Bg&~9GDS9V
zchvLKA)8oHY%I*|^(r10fr!%P9@yH&Z+$lM+%5BAGaUmJlIe-HPG^1sF+KADHimm^
zQPXkqYsnJK|G1vgYDNBT+K(d)-3_Xlu29C7<^Ibx_0qCISjn_^J4}ws+(E{GA#)A<
z<eQkmNVQZN@djpoAjGMg#`ZRZ!eULz0ZD)$JHly1-9F5=fKR)1lZ2&=FrPRld*BE_
zK@1tPGocpa!ubEg-dDy&nZ9kWNQ#7{h=kHDEscb92nf<B-O>#rA|TQwjdUXnA&sK+
z(A`Q)=P(TMUgO4p7oUB;y&s<UefGot)^+Bd>%Q_lkK;IxYx^<Z<6w4hQf=W8IVY3A
zWOuO)Pc0r6%J_UN`ecctW<Ah}<?^K(Y=iyCK>qJ})wdh6Z^RD_{WzkRSTrYI*k_ZS
zI*$-1bjCs1!}edru;4d>l5OqsXNQ5<QY$@Ct)L!KhsVkSF4QX1-7&E63`fdvpr>KC
zxgv46Kwok%F{O7>CU>9EPN3ow%0TM&4_h;Hz3)7bGVWaE$ZJd8Z<Zx3r`{)<Cx?F+
zjT+TS5wBb}@i^%W^4a7W-!PmeWSX6>jtMy`gV}!;M8+I>;u2Q}Cd*?`BxF8SZ`_v^
ztZLTW+UTFAgsAr=m`sH?y3+2Oa3`kcw)YQTPs)6HyzaA^{W7U^VYIYw{OH8^M|<D9
zVOfFAI`ptJ1)yp6d7L!(Em2EsZ!vo`%wf}Q?5r$#m_$gpK)^dS2@NOKx<&X27D+I>
z26cqD=(3zw<JQ6Lt;*Z_o{cu@rl{*ePa4AuON|FDhwo*9Es@clo{-hL$&@fv1zt~e
z5v?_MKD|{+D00+T6Q=LG3&k=UKKN`j)0RJmg<IBK=P%d#NQXI&!%j`tl;0x-^3M8=
z-7Qvpk>@*Job-yUdW>b>=bvI+&E3F`C(>*!s``9R1xI3ib!+ZI=MF?s)BzfHdEv@_
zL@wO-*~`y+ms?dtV{pj%0&fHT?eOjPaEh3~(0Kii;*}_C_`7&>eq*`q_l+M;x@-(e
zo{04;B=K1?CRJn^EaXRNuR)W2plj1WXBlqYKbGOYY6tAF7#;jqK~0NX-<BJ?NcF{Q
zb~jiQnjgnenHdGZ!-CZTz+gd9f-u_F-Q+wG<CO4pZR}hom~C)Ln4Um9o-0o^Dn=)_
zuSa+cv{Z)Yr<tlLG#o7FRj1~TzT-XQofCCnW7VmCNa^`3n<B6{D@u~>jFQSuMyOtf
zxgIuhW55U9b4dGR4F<N9HM#j>RZN<sVcxs>I_2L!K0AC^yZy~=TA$8c`)V8BL4$N@
zQ$y*d<j|YdS5bn@Cu!_#Js2pDD3wp5RdF>s7b8YbXK$%Slpv*wUtS7w&FWW{g&1Q@
zF@uf<I1z_=T0*?*X9bvOT`?hPI2RSV_wLBWDStTtK>og3@H3Hpy_;Bk4*)rfNyVyj
zD(6S-hMJ6-@+I^u5|wY<AZj`C9WZYCi8JR43FwVYc4X1=^vofyZVn*|<$ZTmP|m)D
zC1q%ZGDP+Emeo{>u!sD)-Un5lm3<&bQcCM;9Rvl$me%Kn3To(?Q<ZjiI7CQ!-`I3%
z8Fm9Os=ECE7+sO$Y@AjZMRj&}Y9*cdJOPmEM>GOJJZsW6E8Z08pp+VVURk@wC3N>V
z)bb+chH)+ex6~sw-J`Ndf6Nw{j3pTQuB*d8z4di@6P`Bms8WX~_*Q;4|HW1+C(Q@9
zO#$lU>Wygf(po9X&9MQ#Q~`uaqOsazROY(5HFfh1DgUICR!}SA1oLImyZ2*Uw};lJ
zQL%I_OUBrjoDSq^E?OfA?FgB(w1I=$LAX?LV`*!aDk~*XF{URyb5~P!-U?D&p@?Fa
z=uH(dABz2AVZ`h#(Jn`Y%lBYw!xh3^Zn)2~-klMY+52=gzkq9VD!-w}|K$0YWs^M=
zQDTbd_2KgSB(L4%*m#>qASvRu$X4=OPCb7MFY5g)soj@@AM8wp2J1WNMtY_($x@V#
z0?^M|{4YUC_<qQuI&$7(4z?a|ukyGU29>VrO(BzIJh7yM+w~hJfuPWN)FirtXv%JH
z69zFoPaoL6Ft$x;2}`2U8B(ws#ia1}0XAhxI>v*qIMr&^(E64>%1DU`&R<z`UD<R+
ztlQ(plv7EE4LiB^hv2!ONU_P01(#}+Hz+Y=wv)kj&G&wgZ~wT9w5PzV7mpeYQ%WzL
z#@-eFoJWtZKa83^BRynqaSJ!kgkRuw^R0^%=%<b0wW8dm{)5}f9!I-&gT-=6LWy%w
zH(|1S_#2fj2HkP&%*L}67FsT-o5AG+AfHmo&;s+DK{~|*Wie}Zm4ogL@dxO|J^%3s
zeGws?<wiFCtE}2w69;#-Atv!2eylbAt0YkJ3B2ovI(Sq9l&c!ghJCp9ILR}>{uJ!I
zdft%w8|OnB_4n`!Ui)eihNa-;xO4Z#tZL<bndW;Y4f?JZ{R17QVN<g{7@HnHP+t$x
z3!4x5+!l5oeyiix>!g_a>JfwSFu|61C8EJO+wDShbAvnM@H{Jj#`fpI{WmfoSRaX%
zvL<qOx17TguSg77a-K!pvl+h0jWJ89;_~Sw+Tyvvj0mV90U5`{mDVWW)Kt{kv;k@z
z-2IXs)RO|7P)n;^LLl*UA}GzfZ%h2(&oVoS`|u=+IIG7j-R;J&6@ZhV&110ChLWe#
zv3=9ok}ytQ!L#3c_4%ebQ;~6*MBdnLpa*uI6*P6c+dKeO6#5E^-oD6WJTGWFB5Xb0
zSg=DxV%?tgmLxQc%dNJUvHSq%Uwd1oOgigX9x+^?J*$-$GwkAL6bxzsrwPw3)0RMP
z(vfTV{1&h66aB4ihfw`g3r7K!WOy=8ny=6<U9$ZX^{3aptzsFZUxl;#I_%73UeQr{
zI<WtVf0NM|1Wk#09~2Ajnq@XOW%`@2`O}lWWy3E)2p<{A#F)bgyk^b&QX!vU>3+J*
zD$RRQcDMzr`BoJAB}-X-zL61%8K)_0-TKaI5;#)p{KiKcB8;2cp1pRXDt^u98)%(o
z^iji^9+kZ5)#}cudkA|G6W?Z&3d$O14;{zk;XBIL!e+d1C+BONgrU-B7IV0csht!h
zbmjgQB4VkrY77d~PahgITRaS3=U#}lE-PkG5gzU=ZHp_Lnh5$!y$oVBB-`^2NeNiv
zmDo28m_-Ip=xRVUVrrjuR`>}gTaOj9+uGN5s;?Mme{?TUOy(TYkE89D-ZPCVc1_E|
z6mVbd55xngwd>~KBTDk|F}F{kCcG%wE>g?TyUT70_-85}dsh_mht#lW6;sdDyKvcW
zKu(Sny2L9fP38l9vJv{Jo4dFaf~=4DJp&gzqV(&g2MnBtD@mX@B?6g0!A=R(YYA2+
zC<6n8b6;yBx}lh6sg?aq&8JO0sFCdgMNMP4wxzKKZqh#ed2umKNh~z&y*svJXiD9j
zdtn%KWn^SUrUQe#W?#0rCLr69!+crpx``>nx7<fE;qOx`aX^+RCs^IsHM*X^u&wwe
zoY?Gp{l)~B!c;N`DFttd>6+NOl#`S-GVwn#Q?l-aL`dh{7#QCkDtk-VNT2tGI2f5H
zG{B$P=hgc7d=D(&n@XQG98N>`Wx4fXtff)?paG1c@_Bw%g0%)4jjes%^zy_g-&}7J
zM_Ds@T$21){W~n0?Jeg3_DQ3Cm>63maS@;F?lUxLbvGimls-GeUb4qtub1JZDXilt
z-B+9S<iU&F&i<C?XOnR@<Y!Ui;+03c%h-)MrHS5;x}%q@P21d>r{rz}15Pt1Um@6q
zzf91?0d@5qvA->BBr^J)4hbTbrU>L{_1P_-IS-3ZyHnf~U&u1sYk8E_J`vk~g)gY;
z$NVgtTG2z^eS?YYdY*s`_TylSMnRFN@~pY2Hu~)l5;tl=`!r#$rG2~{i-FIsx;A3K
zM51H`-d5CiqUMh(n9%42>r9>5CWLzY44Me;MuH{_l>|`wb$pQ9gW~NQr^v5G2bxar
z$ao*(iHYctu<C3A3WHgTkxA0<hq26tAgJX^ia42pHSaxMZ%zOZRD2P8*+S92;ke)Y
z2VnqQL0L+s021pmCE}KZb<wNx!W|&e2bB0C9#6rMB$Ci4>i#*wUT4U<a{EZHU$4(o
z_#)HCdD}Z{`f2Yc);1mIm*P05>kiYV^Jg`3-Rrk%i-fz$`L}tp+UFoy1ug;Td%PJ`
z`6>6D=q;43*uG&(SsNj8KFvUDVz^KR^@bf3tzz4+W<SKLyGnkkmxWQVu%xUplKkIW
zui!49S$xJQu@nPTS6oD!N@akzi%3ED@*xYI%GNYJ%|q>&fxBLV=$WBJ?6hLO{3E_f
zUgI5{T+@rJSelial}rmzS``7s@SZcriN}u!@vRUjXnWm79M|K~57#FLjBergPv1>f
zPGL^wvyb`|f%jpix~>XxT4R=~-vl7;y-5X?DO07G_uLQay1!sijR&93g~rRS*v&>c
zJ}%OTE+A~5SdO^vscGiD-)OG|wf5N-(a({~Qph$7D{KmGQqDd;?4dIGSgWjruZ&Dw
z37C;XN$CcH{TzT59}!Kuc#WRcdos?iS-hy0eecb8@th^*s?OCE|2NC`n&2n&YVB{6
z*djR+;7d7Fci#Y)7=<>!-K^7l<`3S^I3L)p9F57I3C8u*Jdu|_aX!JyA3yDZT-5aE
z){NI$H`|Mev`ul$nU5hMBq5aXiTsPL=Dh<Ez9%IvN!uPf3RIKOUW?h^i6eW#dUpe=
z)rq#ZPnvp0;TTX6oP{Tr!x@FsbB$FLoyB9{*^|0GdO1Q(zF-VpMXv=#-{udc=PZVD
z7ki>c%=53n#YjslXx`5-aaP(Zl@BgeFZ0>HHg57=!1X{h0@IteDck4zL*5p3cx+od
zx03c2n_YBm8}}uhL{%tZl@zrACYzf~>Feb?Gs^Va*3Ee%$C>%Sj$yx}n!;-Xb4`wZ
zt|o@^%dh)!KN<n>Sfk;wQPpxL`1}ezix=~3(+y%<y4>G)-+>Jfz|wO=AOobaygCpf
zH1f{N`q>tk1|jr6X6tP0u~JZR-+h_pwzT453l1OG?AfG0_FmqY$QHnFy!%2ti9psS
zd^Nj`S>s+=CnQA~ms0fB;9{VsXwrg!8~grR9@gyEv`<TnxnMz`7GmtT8uYrVgN=*$
z(;C-MedSfW#xzIMH%W%s6FosCH|Xc<rFjyZ7^SZc23}h%k2;NEQ0|;P^B1Fi4vU*Z
zz2Hu4Y4TN_Pg5M6q1Wp^5h`&XICb0`CKK>Jez%J0{HJFAk33lXJ2HA6%}QWX*O{D~
zWS#{D0u=3}>bc2L{p5sxH+EM)kp`0xUhltnTrl$Gt##JV?`0GD-_1$Rj#ZaCTzQ{W
zp*u4!wbjgEB_R!UIO~t0Q9pBWxbpYh0p#2TD%9YhY<vbK^BIXtkOTaS(sFQqY}hAS
zo~$nwewtk>PAhZ@$`%*<)cBhmKhxjH&q&SG%IgD=PgYvYb|ffhdyS+F3zAX&<!knb
zO2L1T1XG53QotN~^HIGk4nS01LB}Kc%izl;Ob8fN<QWETN1KwaNoVvDfyejHKHYKR
zl}<H3T_)7>k;=m9cVp?BOgKL@t5Z`2oHS=C&T<r!;kxdEd8Gfu8Nmk5gb$n*gz<bH
zBoPKTQE&Y8vc%K}s)kj~@+upR<~L9!pS@vAZDab)sj3xm8|cJk&7pWSP*l>(I7f>b
zA!%mJFIwQ+-d`;u{+V$BWiTl<z7n<Il2}d(D5A|~0#X#qAFfX2m-^OH>ZjI&XD{C=
z5h!wWK)2<^3w`yt#P(C;*ZtIbycc7u{3*qF0DhK>+6nXWD@JSoe4dH#;{Dr57y>9_
zR>ytD|1yjCbM9CH**|C=uV_sQH;_4e0ZJE+@5$XcmozKc+MwO2nL`_`eStvB(*?ej
z%C(Jc9(eh6pZzXv>Dg~Znj?vi14&I#YAo($CC|tCpOPBGouEiU<OG;TfnU=~P}Fv;
zEqd~c-pOBs^*PsG<i-?Sg}LeFarz0^_cxVq5ZnRP5SUW!hEXEOaEz9yBdzG&VvnvM
zR)qN2rS1h?nt~DpvyaURs-|1H!*N^=q&_>kEm+8YD8~l;vb5t83r!+qIjr%H?&a2s
zQ-8%yx!+`nyE#Q|t}K&#?1Zy|MG%aeNAH8|CplUmk#byQmwOXVyO*Q;%TP#)t2^En
z_^5rrTS5#*e>2>v5wyn&&Dq2`egjVD6fYbtYD^-Rz%E(XNTNK=_Pn=|;KUKd4g2gj
zhpL0L7jA5&J~5tNkq|7kR33A}=76tdRdZwr*CV!LUQC!(&w^C;u3v=W>w47qSKEm#
zS1WYoi9W7U1%#fXsDD@gD)4hGfjbDqT%|ivJ<9R!-U}(pndIe%5<)cr;*~U?{<6XN
z2e5`5zi6Np{F{^6&%pPOf1UTurnYDcoZ;QR=oKAO<mD}?j5(6Ndq+y_1~J_oqA12|
z+7(jorGlj<bQrI_w|M^wpK0?TVKCRnsxUFB3ZA}QD^eq54VjtPT50fY_Nd-Z*-wFS
zw{^qP5F)>i-hD7fD6p!38OlFfX#fOKo5Y&8{#A1P985+b0-Ilk^Y;M$3Tne$pciH-
z=DEBo{+iVD;PqW;$1g9!KO2DQ4is9IT2Czh)eE-;*+kh7|Jp)e#^`TR_F<6mA2`il
z&j*qb8qmZjqf45(|9oJc7%WVKr#X)<&$_>&DH+g2nolHuAG*K(4t%MF1@v;`XZfsu
z?dEXMM46Xt|Jp(=(92$daS#8sn{R_AhNJ$nF8*po8R+GsYb;^^+Rgtv5&mDB2pO@M
z#|R90*(YdNxGWr3uH5-fg>O>*>H7+mYBr6cNZMT{rVvMAx=tHH+THOxa`#<T!>Lr*
z2UjwGwHV%M0`qg5d<e<#t1_az|Mp0YKC=)tD4zQaPAs1e-==*`uz=S+FfKwsMVflC
zY;j5D0ycv;IpB1B2G?<C1Pg+C1?84IyVm<~RP>;g)7)oIxCJ<sftmHQt3zLRcHL=z
zS!f+W;M?Bw4#-_pH5SF!_ljESGYYKGe6`q!NAo^Zp))K&cs5bP!?7s#$>_hVk_-#5
zen`WFK$Q6#3Y=hvUm%@D)6&H3K|*JCs)n4hAbn?u3|(grm$I^>ZPl~LL|%%U8g0F4
zxLh!F^uR>OSB|hCQG|b^U!wP5NaEWF^<NgU>LB=qgi8Ll{ktz-^kJ_)d-Z4}NlskV
z0zLHj<C!C^S$#HbyZOiXiI5j9s!ZhC>JqIirmnTJeL1vW6%MwlSk0bf+xz!kZaL#k
zu&&V-WLdxuir>LHmit;5*7Ne!($GO3cLtuceRTFK8q40518T<X;@Akmg)i6FQf8OV
zJVSPa7F*Jq6=e!$x8G9!wF~^&uPxTd4e6mmEAp|Qu%+Hjbl+IAPO*3r0P&4}zLD`|
z12MIzAqw0b&rVP2D)zJq2sA%cE?5Z};*j)1%Y$5HixZdh$LV-@q;z=fnX9ZvBCkb7
zslAuT_IVY6VZ3Oh_!cNeBsI$n7<RF+0?#ZCg8tg?f8STdLkOwy^}idC;Q^cKCT4u1
z+jky~Bqx2dRyNnl81KEwR~xHDRA=<$wCAmLjMpUZLfuEyEOk21F~OK^!D^#6_cxlr
zYno+~qfs`A*OK<Zg9j6%%JTBjRqGegU*|4pgCZ7f`8=yBo?lk^`>WkmExbD5Vl@Wr
zakHe%%g!KchA@`y9}V>=LdfpmBnmE^?P2A+`OUY22oh;{&^v;bCONU3AzBiM`VQ?z
zsKNlX^Fe8qfnQ3Ui<LsemOgERqFJc8*^JNhK-ONTIb>;$O&3!7<rlYc?<X0mfQEVh
z9{7855Kixi(ZLPL`MPRCo5V~TH<){lcPK1pi$mZ*;#phaq~bPG+*{9L0#UD$H?7TV
z%^Cdo=&B{~Hi-?xOlZECU|qkMrWWJSr)N2Tk_w&CLspsY(c|mTcjZEN8W1gMV$$YP
zURkSeSKmA)_sUumt|?fP`5y6b1%9qR<8H7H$r*~HkW!Cb%(1YFt=%W>s#s##cNBvC
z5w-p`UaEy?*Ld;uyB8<)?wOl~i~F4{@z<`WVK{2=7s+d*r9cGJ9}D%uM^`Fi%Z<|#
z^4}zh@$T>SBB(m77wF}?c2AeApbaj)U|E!1%TC9kpsF!^c4U9REMt;$LU7BVv&d&L
z*TKH`O{s2P{6SNWd0Ie!?|q(|B1^4gW@ZO`D@4B@YWGm2Zv~5{DSbGak{0WjzoW9a
zPG?H|y!VH<Yig>sS(lP0!i76os6|sjRxwtIenv)b`jNoG+d8$~FLyOPA2p|m*nGjB
z;BDtcZbj`V{+~><)ecE4e{9dyszt|qA4*|a4QR<wEpVQkK%22?nw)C3uA*h2gldtm
z*^j35pCJxAT?E4qHt)A5<r;sUis>ZVeDO>C(Sk{&P3`%kGLh@Y*Kz|Ntlzt8rd1em
zVC?8q!(QDLo$eR+UPXjqU;tyIyt%n~dSJzjOnAqRJU?7THqv#oENcAY$Bm@LpM?iB
z{=s{^w0A3V>+L?5-xSElCL)n2Fd|{Ujup!KD$Q|J+NQ@fM5L0&JkIG!k@ZRu@Jj(u
z-e@3ZUf*%gD7f*;ZD8KTbt&Sp^<uZcenrt|<jemVr2YIaZ}|)<RKRx#D|}Y;U8A_z
zjBP|5nY%y8OV`xraf6^=6DFnWVV+MJfnUc-zyEDzg+YM?8kL{_COS5jmQ-($X^47%
zpC&ERPQR?$O+@&B3~sf>PnKjep3#)@_~Lr<>_T&Dy~)f8PKDFh*7d^_!bvx1Ql7#Y
z_qrT(NF_l8AaRD|=hYr%>gwvLR$H57hd<=uj;19so@?Cc)@pAwN_3=MH;(%jE6&A`
zekS#zV7;oIqVZ@!mTg?S-mgL(SzRNXR!3}~NIhnvdffMOW<f(rYRj<;U%h_S5s85=
ztE#G6t;Bv|9M=Q)^e-8L{|Fzfd)#fazTV8z)*xtb5FmFc^9So7_66BM(lz55Dus>u
zq{F4Ly)PeDxEpF<3{CX5ePUWi+Y#}u32v^2eaO!7fQ7BO9*}8XoHwR!dLPRcSJtk+
zapu(v8Yz5CtiK`OtztHM;2*$QioKk-9OrAiVPQFuS%64^K;UyFju!!vrbEkYy-f8b
z+6z2n0^j8Zria%;(aRAth>X?7w59eyr)<Y1M!3twwTVWr2)(JCm=#lUSwE-mw23>t
zi##g=AWi$uqMFkt0FL_&-<C5Wt;EXP?bGeE(^%KJEFUN<B$IqeK1(g!Twn^RaBF{~
z{<wShkZ&cGCRNb&zUkR?Z}2Gk3i}hr=EUZ&zgE;x<FjeGZY5^T1tbp5#h5AGny4ER
zJsHj=?p%BM%CzfMXRKSh!Vo<UWJ6)d{a}+{cC^?DdJu|<mk_uw8nd_5ZR*kYUNR_0
zw@=j4OanO5v)T(fJe{AHF&%iO_2NRqr50rR(k!YaNATq<r_*@l=2P~Wq2Gxg?(Xj=
z6jn_VJ=7A|pn2?Sf5sc+qN2aqMmZMZyWU1F-Q2jh3p|puEGI9QRAqd@B0>z`{`&M`
zWz&d1>>%#S8KTZ`r^#o4Ydcxmb$R~>@4BK+<P%ucfzW~h1sw%@{g*T(T-6|YPN7}v
zS;AvGEo;|QUY}xbwrC08LeOy;^=G*@+ou~Gt$+8-`1E!~rkNS|lh$w-B4!+lc<e{N
zjCw6kkeasT8IJp$eIpANb!9b3^Kh*^ZE#MsxOX~mCtz{!Xwznfm_@6b&1cJDt{oQz
zlgQBDs%k3N<Kv8OLaxBk(Swuo#+kW-Nsf+PSaVT?2LGH{XXz@xD&IL|LUW)w$GpbE
zwM&Ci$0Gr*d2LR#Q#s!HQdrVNt7-z=!H<ux7ckyFe)UDF_N){^%gNc9+sgQ3`1Xn3
z6|)DQAN7gQC6V*^4Cq0vp^D2KJ)bq4Ryc@K3pQdSBaO7ryCtx$Uysd_iRi>>Jjo?<
ztF5@f<u%Hayl`^7yFkAwBa`e`2dynx%*1vk$?gcE@_FVYDP)^Ams_O>wqdV)k9=OL
zDs|zj1F&h>2k(o8zFs==w+1}+@lp@t69PCn`NpaccabaE25k`IB{mm+a?Arz{J;Qn
zhbTV?_gke2pyi?EnQHfeSMe|He52VC)G|C2i+NoThqzyqdi=_Le=~8cqOQl|zu3<@
zPzLhU?0g<zgoFy|*q{uYG~9Z-H3*llE$trRvxl(LzH7Q25*AmFAxz7nRZ^AUyj-!I
zJ-T-uyS6vTVn6QFM^!iej2H4QgWYZ^dwHi}t9IKy?atl1dcL~fb$Hg>)8i-4Qv|^c
zM4P?bwZ*(2H?`@*{j}MeI(X|VEQ?&DqocojB>JG@GrmRvU-xE0OHQI;@L!$NDvovW
zv-{uyTUa2>KBFV;%po;gg{vlR5eE0h2F6?(Mp0%kj28M&b|MHrO&%PDm_0n`&r6G0
zTwHuc9DL-hj6=DO5>j_;RFB=40QCE{9M<yJQ{kt5xqdlgVPoAfl2nyrlpfw6d*GAA
z;;ve~W-_GrHzwiC$*;2<ve3=wodgD^2hy(W6r&9I73<J6dcykpPdaX>bhv<>d?h*6
zshqc0HG~ihQ86kPyXMD9R!#Rx)ilm~j6JNH?;Ji2ORNdUC|~m||C|COCX~j57*ybb
zw<*Wl!SuXAH0{5n#Uv~}yUzkA&MGX7j`xm8yMyzn;z0OV{iCQ%C9-BNnK@v)UKbdK
z)QF7LTo}Q>E?W1>Ap@U=r;Z9*Leg7<prHzWy6kQT^<t7*eK>x4b%tJHA}Z8^SMeC|
z8RJm^Nfkfezqe&BMAWDq{&mZN%FBs?HM1}_qHqPu?l|K5?DUSnhxV#`;2GGH>1YQU
zWJ{g&^%_Kch3B6s_zRV5L=$gU3x>>+rW1`-Lbht3e6!(BK7Pbqbl(SV@ng!>tfIHV
z&dtLdW~vnOzJSx&zlB8zCcNa~7U(Q=%L4b>wMz4t7<I1f`sanP#xoK!u44nQkH<mj
zi?ax-D0ce1gViXNDJPnT;ZYH0J&uLu^)7AMajvH|>b`mv!#&i7G@P74i^1AA9oj10
zHqTHqA*PFWQF0`xGre&_f{WKE6_C-uM;HgJoZpRE!;<#S(^9<gh6xqrsqnA~b`YvB
zR-Q1eS8;}Zb^S4ZXUg-0Ej6{?bqdW27_nNDvTQh;VqoFo_8v9WVv}^)cWavH28CXl
zf0)N_#LMxdtd$q5SbT|Q%=o&s`YtMuS%e5DbiurQXVrsU`rC0RM?{RAx>(l%tkvnp
zC$u^C_)n5)ksw6woaPX#K5R~dm0b7eA&xz=$v6~X%Q;UxG}&%Ct5~h4k|w>Uce3Cu
zWTvn2;f#1pUP2-h5%1|@-92XbG0k7RGC7a}RlY>r=s8(|Mx%7n?&e(WVD?I|ic@I@
z9!h|Ol1?}TyKcg}s>UxtP9gfqb4xi1NePpVt5<u1!X9Xgj*%12#`r96L(B_o203vy
z=En9ll6;_WvE`9ng7nD9Wnqk8UbqnX!t0^%ll?WdG6M<()d5B62K@jAZr$7%&X`-=
zHx&`9h(<uKYVSL1-!spJLL0nblxrg^ltMziXZU6^0XI3468p3a91=y4!6q^-*c9pZ
zJ#Slf9mT$tGD=;g{$se54q~Pl|KWq`!1N%g-el+EOLmS>Qg6GWjai5mJHN3j3B@oP
zVLHD@8n0U=3CcjcKNV)Ir+@wrC@tgt&mz4bvm}7{Wg*7Ng`(nqC|DeKp2B8VY4~mF
z>DuHE*vBM3)YfimxEyX<7R5s$#eD0bWhRG{hnA%^_vWhCT<=03C1Eq*9+0yd_9iAw
z(Dhydq^aj)Q0VUBpAF`lFD5B#jgwaHrbD^DrFIffrGvFrI~F#x+4Hn<wM4wKTI8^C
z*U`>;tVbN@rr$lETyV+HgYYkHliGd!&fCm5<ilfy)s@@ssTTb@-6Cfv9cNchCVU!U
zp#n~(BR^b#bF<Q#jhfr={WBgf+ew-9E+>wLXRv1YiF$!{tBY?M+!L1hRiS6BB_P`=
zFWfasO1Ja$choP#8T(ayNOVV+c@A0jvixXD=PYAV3^0%;%_D$p+lPqV(w~peD7DdE
zvp-i3N?=l_wr!^nVJ4hSV+9U$Op!+xsFz?n|3PZiyC?&7&*x&@<|21?HUdy*uS=zS
zJk%#MC&3#g>zN=v6Fk~kY40#k?~_yCoXDe!S+94IbL!nU+FxdKY@Z1*>6`UAa-I`y
z+!*^RvVI?N^4R`NuojG9_%&Tr`DXDG?EwJ35Hvbf!P}%9{c&gK#8fktt?yj9GO;4g
z-mk1O@UF&8QfS8NR?ckA0ngmCT{q<=%j6_ay<G46lIJrOY$`A(!hdd6zoFzjM&_3z
zg_=>)`{om5J%n?qca7VXddk<~W)BKvDC<;irMToOxxL56{9&`WOE{b0)F+_JZa=47
zZF`|2XfV_|vz+bL7BXA&?Sik%h5tYlxs9>9^5BbZ?A~!qTw}Q_EUd()l)4LRQ=-Q_
zi%#84S<V#bmnOx)*<cVUYX&Jf3rj&kf$MFM(wKAttLemk2M5djG%NkooIE>apVS-Y
z8~F*Q2TrZoo`;2e(4btz^EbKp1&@nfd&ABM$nJH-ReY(<onoN$61S@@2vTwyth2?C
zlat$R=n(}GlJONK=#9sX1s)P&`xhGZBV+>@&fg^V`E$hIz^8NuSXJ}6GgC#cWzTr?
zMq8;l78Bw;^n#?AHyvh%;xF^wEP1f{N21#Ze^(jySBm>5BtgUou1<J>8OKCuMoNEx
zx08^1u^CN7_#691=7XJE^tKNJPR!+>sb$_4#;5VSfG|N{zSI_pLC-GIDzZYMcs3Ne
zG3EE8EK!Ry^cflk#?*Xy?@2B|6}PWRNsY#W^bM#IUk+fk<G#r)=@+-~eS>bqdnN<$
zxuLg3o2Qjps<1Z7$vfqoQ`m*IHd6(<dDRE2vvgxfsxhb(duKboWC9dX{SxLp&iI0s
z>2oN}X$StQh0e%~Rm;VUHJt|uYXxQU%c)7s?h#-F#>VYEGM6<{9q)V?`YA1Sx3RtF
zxY~dBvj;VlZ03A0G+R67q3fN=4bKs0MeDH(y3po}kd*$32M&L`c^J7;T2=txgg7k&
z7mHH^)XN5U#R^JG&B)W5)!x3DKx20FT;9?9wRK`DCg%0H3bS|@3-_EJcG9)l*lhQZ
z*~aP?C!-Z-)uhm7>CjxYscfM_d@?3tW~oVCJj%CGARer6nZnh!B}p4;IQupI=r90W
z+>xjr66}AI^P*W>R@F%W1Kqqj*t&4_`r6``Ec!CXlnFOm7wQL}zL||Wk&TT`uP0q8
z5y%VG8ZaN59&3lbeEaKj8Q}mBQ#cngLB*t=&-y#QScnP&h`3ga>USw)thqXc2CM;>
zWbr$e0HYH<J0TMWsUo`ne7~bwsRRYLkYIxp9>YY>tf=?%P}(*s_JM`@Z<p~saq27p
zY`&#WK|WJHTin7uHZ~-m`PMrUCf_waE*YgN|COwAFIrJ{!F}eGUnmZL0uFKNx-ZQV
z=*TIYP2B(Wy5whO+2>C@urM)iT)d!$;E;%2yr?9`hBF?zzsY`=($}sY-NW~QAc7+L
zl`%%B4d-VGO3`1c=jVq&clewfa=TxiZGT_}EeIrlXs?KO`Q-cqJ$j)63gnO0#`@-e
zdE-AYhi&8snm9!+!%e@h#otgw*#Ie%XDAl%mp||&xS|2P`Xr+5;Lk5yZpm>az^v1K
z&#qHm+TZ{D<KIE;|LP(CpLBxwL8+e&gRie|scq}Bt$O1e+rN$p2n0c&8hQ-91<o6n
zhU51?GTyzS=0tQuc;?@DrY0mEs5Q&8a5+o=6N-8x3s(4zPecF4h0P<mG@m6UZsq^F
z1>zaONUZ<={U!|5pO;G>?(aL<lJnUo|6mC)Pr1AV{#skJKp?T{W9<1)!0$gJ=&b_?
zOqFI|^vlwUKaWUvL+}BBZ2ijX{Qi)??}2~)>ff6)?*lf;S^iv%e;KuwJmjfzux`Hd
z_iz1eS-yZ_w283(=>-5j>^1l9S7PIjS(FakbvB2}(m(y1OW6Oc4pF^@c6xS|j<)zE
zYEWFlix;3!1CwjYXm=lvaqwF%rAkz6tdu}nv`IBqwEIRR?QJ2(_6P>jHKzfA%ON7>
z-v^SB$iIJwk%{op<Cl`%iRY)+a{5l)qL~4Av}CbC84?lN>*rMYw;}jrGJI77E4193
zO_&HgJ<{n4j&MSestig%tCO!fXK`Z6O@<&myK?`vXUFcszh3ydh%`14-T8=gL1UD^
zBG&vHlU8~7D`^d;u6D+qrikAUTUjeBdH))vfL|tqDi2uxp>3%K;9T+d#yU<;=_4-U
z;eupzn+z%!(lSuQfEXa!#EguAp|)Cwv!f>o_d2t&xe7+2*VTZ}Jrmy(+9cD@T4tLS
zMc2M4wzV_;G9MW&!7nIGk}r7NK*l=GoS*Z54{!pcy{CNz2q5}u(F@#q-5XNkMnITV
z%=G?S99O+w_KI5ccREj)4hc8wV2$|7<(3n@1qc00hioJ(lo5$~n*D6#Awb{uEKi2W
z`hSLLpQCtIoILS~)HJ(fQXQVXc2?fr^KJZcEa_;}XPBF%vF-No*W-4c7pyCTtemIF
z$IheO?b%pD2AVv@pR~o0l<u>mGh0Vysy?kCU*B^AZ8$3yR*})9Lse=SI`-=FxTFy6
zXwM$|2EnacciEEoK~cYzY+#3Mf$E(>(a)a(I34fNKSbWVSfo`JbNuSnXJ4L^OU6Co
z0A9rpW_KuiivdJMhQyfH!Xxv4C_#64^B^p$Hs;rp^}6V<>EC1ZHEXNt6xmF2(ARr8
zP(aXVo!aR}p?l9*Sej+2D?aWh!GIQ;#1oy7kzr%aKu6a(dFa>qecLa(Rc4QmTx1IO
zBhn-0?|X|l6A*sr%Nx+Pf~hdbf&aKMQQPL;XOaH@yR2PbtarPgkm+I4VFf_!%^VG{
zK)1Rp8I+MH9-RVpC19MAzrlwwj!u~bX(q`538z&&IZm#$QmdpSM&QRI*au7h(YCLX
z&X!ubL7kLI%OS0v)sxz+8qa2!m@rj~ap`FFS7TGn_g~ea?^}K;z^#IH%V$1g8rEW5
z;TQ)qZ%*BNnvYzfL|6R}Anz9zjud*%!wh^XI^+-Ocp9R$5FJVjvnj;-HOg#jJ_>!p
z81GXZEbe)B1#$QEtlIW6{i^&iLVd%7zggR&F8llg)^8TG>RKTY5efbQR59rZ>`uz%
z$RN~Pjr!ilw;F}BccJ6pj#s8mxn0X%;)4f9s`(m%n;S3f_zX8U=c;s~2_u$^!VdVY
zl~>QtP8J0zWKLXDjFpBszioCdzI7G<MfC%I9F)4bOe&Hcet!Z}z{J6dq7NhQYQ@8i
zC4nZ7@2`*AM^f_7eJgDRfI0PiC<>shWu;7%VEu&QUppS?XMDhyM}s_nD*MFb&Ot1M
z{h4vK!p3_FfufXF9ep7~x)L3}zUpdrsrx={=GDDWk@`^dG6)M2^+ZA-`oyKbKp^TU
zU+M8T^JQKIb*J>@$yF6T?m^LOUpjTw>WUhFvQjY<&q97@B}p$W?{OJ@xr0N+K@D+*
z7c7m(WsqvsW?it#deX>ELqmF^&ZYje(IIAIx=P4rgr^-qA_<Tm>31Fxvvl|gxrLy&
zL+WJ^1prSf@G}!B@HknkFy9u1Ter@Egy`tHM_FrYw=Bp%C(kv@v>D9gKk`@(izo5g
zvSNjVRCw%@Xg9hxW`ln`=y5@gR)hL?R*VnP?4dk!YS((VP#&J|3AfE{*&0h3Pa?0+
zc;kyHxafa{fQTs8Hm3XH37u1ufzi5iQ(ac2-3Zsz3CO*<08aKD4o$bQpZ~?FG)FIE
z94&JM@dpM{e&B<^i#HS=bULWp_4Ih&FQS&K_#{ay3;TA{-ehux#cnju%3+4V%p})V
z+#`UjrCuLfW_!ZeCydC1Uvrr>szFbiyD6ljQ*Dv-jdFAS93!ZUo{;f~mDf6jo<>HP
zsid#-W=21?YqJ+sB{ruZZ2Gy67TNi5*3t9DRV~x`Mz=(5*Bia2^=JEK7coIWqA|-&
zJjD0G{-DP3CnZL?a-LeGs1t6yWo*BNik?_WotLA8{T+I)JaV)fD>YGX{I#HP>DV)Q
zzc)&mLMWxe*UntZI=~6qZ0M`2`MeLTootkU?nJ+#e0`Gf1U*wG++Ct{-LuMcea0<=
zRrfq-X8XALXzzzYUrs08rezU#pXVH>_-L_^fNm+kKe$#PmYI-<s_fj{$;8nsSFUX7
zY8C6T)g08e`xHOeV%iQ*$W^*k*OxOlkT~vxz;T4-aMzOdA{4t4I1-u)5y$=STL(+b
zsbFud`ot^i)#!x)yW!wuh?q{)TLy=7tRo<l`uJ&t6D9rns^@y<Di#8{ti;6p3UrE;
z-XFw4l+{dOqlQkJyckt>8xE;FR_>a(R?AIqe94y=R7CsE!lo~Kr;0NXF}nJ%cEx2b
z7IBC=_FcF0`&xy(eA)8(XyV>(&~~tIm`*pjeIvtuGhF#)K)_-yd7WIuRw>yqfP@wc
z+4<{+JPv9P={=k~e2&tPDDhJogUF8`vj!WqjXi98WDE2Jx(wER7dA7m7_$9I$8A~5
zhmEy2)39ij#pQ;PcS8AH6ZWCk1=;3&nx)XMJ3=kCrt%WbJZsX%=3Dp8Uhk8{oJ*Q(
z!0Hz?htgTLt9qN#cGpOClm;;}Nqt~hitcU|;93*?N&R8X*LYr1T@OE+$<EDg`@#=v
zmX1Vy0cK;5rBO7)2YumYub;F$K83M{fVukRSv6C)&s~&?0*|i|oBCn<N}E%2NJ$oz
zM%ql~1e3al#gaa~>F_Hz`YFUOwzDtFuz?`pBsp+y>bJ6el)HDkWV6uCJ7?Tx=|_}N
z(c;ff>ZcuG)VikgB0i?#7fr5y)5+Ui$%J!mc2(TjF1eMx??%5T_AXQ<$aE0{1C|w+
zZ<5g6jo3DNDyN`s_V|nzY7e))piJ&~Nr{)Ha1Ly`d-qhsDMje{4}K)mqXp&mz7w%d
z0#`Ln^s3r9J(5Yz`;)dC&HR(LJ4^YKwmTk~wznz75!tyeRi@LZY_~2X&Qq4JzQuLL
zMoBVrY2pz__d$f16Fc%apdyf^!es9dw^6=11WS+cYS7N3ZWlX<0(Ttt_S;awOk<AL
z{vz%K%3N4r4w^!{Si5GAX8&8_Zg$6y+_XQE!DOnMqWZ@x{<aRfP4>veMH7L%&86sf
z?p#Ji#JvLbf!_DwY`U<xvDs+1*^8DfYig~lbvn)tpU39BW#UgOd0Nk^U&7yWCz!uW
z9MhRi=h8RuT*9f}hA$ip6;6F6;<eaFME?Q_hiq?ebKJP`ZEq?X?Pxe6cN@@xCNL3D
zSsrn;qMej1jcu;zHI|liyhTJNWS6;OdISPQ8B|&5H+UvCAFqru%0P436Q=d^X(Q6F
zVG$~kM+thg2?pNpS0qjA06C>j@-s&GTMToYFJ69K%I^q%o9z7b9S<bH?_`T5<V~T4
zp}M!X_v<m@Tb_;&lXK^9+PoasaUR|0A<Q^xD1ER2?pW!DiJh}Tnv*yXM>6$OLtpXJ
zZ=Ym{_%7~#<65!S`fWo0PBMl5{0ATevAL&<2z$%QkR&wOw{2oK2FNqPeO>bxUhzYP
zS}{nZSRFM}#B^K+92);&_wZ3bwEQfPjMRuNwwHS?JA;&^N6rd&g_GWACrU20lC9m}
zLe1&E<1fNre5MNV1N-KSJL+O7-+VEWqFXz&iXn+Enh^DuFJGEK_oz}@)$OV_Mcr_n
z$At18W0P^YzkrTyh<ZF*0fe&I=)QZR4a#*L^f|X0IlRHCEw9|;4-6IXfoum!kJiO_
z*TFX?k9mv4E7{}oL+L$9Y^`@u#w4`<dIe@pTh>qSmu3P)|2yt)W$|TYZJj_&SFLvO
zy&8WDzyPAATvqjovLNa6Ke)e{9S}PtSgO;HF90GPGH;|ZQMGQ8A#IMne*G!iE$ZH4
zRCM%r!xT(M>qE&GGfD5|QzxqwDOdO$?baciV}&m7!A%zPI#<W_OSc%aWJGOMB5n#i
z6ixb;6tywjZG{*Zu9@-QLaJ`45?JHJG)to1y_0lYlr0weiVp4uM->36xi*$mY}uU~
zQM@w=$Z+RVqhD=AW3Bpoc^WLN&;v8lS}P$wv-&TTjyX16BVpPacE%*>o5SUjBwG4;
zgwW;~*R4sm{U&Xb^RtREcFpm%E?l$n>3N&&<a(p`r`0yn)h@pT*)Pg4iIT-DUp8~P
zR_e_*rB=c8hE-G=&bwscb4v+HXejC+6rxy?wJ9!17^6yhxBzY^uC}!z?|r-QC-n#Q
z71`D$+k3~txH+M+?xZ6R6hED_J_yqRH?cSDMjsE_;hFFZytXg02$s^gSFfaCY==Ka
z<I9?#LqCGh%j_wLh#eX6Z|Xf{erz9=dvu=4qU0I=*7D7uM%M~5<do}na23^M8lQq~
zb6Ls}V6(HyS;z)o_b_^~%5Pu6Y_I69a+KH%OUrRwlIPm_f>M{ZlIo)`Y1C7+Kqq?V
zlfc(s80vHqMos@!?jIvj6X`w{SL*<$F$ft;t#EC$9yM%ks_DE6gVk_Y4}7QNTK)7s
z`q`k>eQ>ewR0z9Z&QfFN(9%L8#Kz7{fANFP2=m@tum0Xnzd0@YmdS5fki@go?;#U?
z+e&F>0q9A69us|Y<I}y9@yki0DMQKw+9Q8Zf&xG?!v3)`rV~wnHdVqHc=0*H<7O0F
zrVnkd(BD5h4Q8;}vam&#7IcE<JJKN2A5=7%kM<!EQyiQK{<?_9azgEbrdO}E_8ty-
zSaCCPjxNUNB<FcS>gAje>otxQ%#fyIdCg=OG+_m7$OqdR>#|+pI5WfM8~aNs9+tfh
zms9^29N0u);WY)Dr~4|FZjXL#iXrwZj@PwoZr`%j2?v58!qm><C9QoI^VF~gw>eQu
zpWX>a;|S{+?#UD$avl3Yp@l{7{Sj-nW)4FpZqYLdkXo|i^cLD*ol^D!vV)oep32!j
z*uk|@96moz^U`8)`T(Ys=~hFj!-?h5WMzbC+=_ww*Db&O!#p*}>-AINeHR;?c<Ub#
zy{UroQ~P~YE(aL?7W`;HQxb{o-_P|3q`k#FZWg5`(8P_fOo0MkeisL3PQ-cqaTWt<
z0$aX0i&k~<0ly!twL6w6l71naG7igLCB9WAoJiJ-=aMVH3vo+)WC+B(yxxo5bS`zU
zKB%+hWt7i)+FPai6eyoee|XtXPIPF0^SgIONG5Rd7-out(#*R>ht)}+khko#<u`{v
zpgpd<dp%faMYtxJ-#$uci;~vsXbX~uI9fApp54@LpBO7M6I!?f5)Ys&^q&U8N#fM#
zXvP5{tz>&6+Lh`8n{@=xb`M*!(Na?*Zg))ZskM+c@{&(_C@OUiBjVGRlX=d23xsXe
z)g!uzAo$zOy46c-zIK0IMe+ysmr;3*$O>HBZL*pfkfbot*_lFCoIBsIaT|Huv|vy=
zX$_tBAQ{}cmRR%>UiacPo&&LyDrisBHJ^u#b$bVdlG)mjHa_YN)RY?gi@x5-G@ipO
zo(C4d(UMvm{Xewe`WA!W$qQCETuX>>k{cQ{o8{u7nHoOiQ5tq(6K^il$eNW-PCrtl
zRb?s4GZRG8H%vX_c@)*mcWT=wB<5UwgokZDWsW>|Dbk(7062V{_9Ax~D0PRgPxqY~
zirwFbaA)GJeh#Fh%3e}vI~6IhAYmLP8&IZ#Ta}61Df2Q3jE10RHEQ>AV^93J`^p37
zp*6ne)@fixk2m7=<uU#Z#S$rcO|4!(rLr{Q2Z7WxT*|J2?}4{|E7M+ZmQ$3El?=k|
z9>{7}hU4FgEHx-8#8M3Y($3J)be4Cn^AWux0D9df6{}GU<4^^TuYtr}l`;Qh0dLp-
z7cAhrTye*$)byikKW34r44;|T1KtE%A(!>xc*>djMM0&Y+=b&s$i%Ybz`xOeQoy(G
zFb7Ek?wDTTHm)t?Hil<QIu3FQ5H-q06YRw&-2YuBE(s2IWj>wjM?4ru{vvf2o1MdQ
zv%akV;Q_a*Fe-j<Gck3t7uFvm(mSwHi3wINGdcGFP6p>izMA~I7tn8dC5fo0foAS|
zNWJ@)9!h1o@V@745W*||@6|?oDsXYiVkegFiX=o6aSYUtk+|b-q~OXsA!;lJG>}%w
z#CK_OBm!l<)_+Hx+E~5oB{h=+Z4Re6ex>XFg$7LMT!gDho69mVQ1W`jE%Y>57ZC@%
zY=suDaFv$Sj`3dAaZ)BN%j_$yEsID-BfIQ!1o+H704yh*x^-ZJ99jnL^b{pq@2emI
z$)g+%tlPiW7;p-dsmqUiym|d{3fRO7n2m%vQDfk>qIL)WwvKYw<9uT?nV^K#UE1V{
zDFBK_eK~HW^Smt#h{C@ESpdE<K^FTByy6D`Up#~e6DJ~?>&9d0t3!9ca?Ctj&M)BG
z@#b-j_|h(IZV(8${AFs@@5p8!YjykvmbHH+O5HmEfc#SR5n2804pk07i-}_P;qLO$
z6ZEp*%O!!_-zbXh;ggQmJfX{2=>G^>;Qucw;PRRL6BB&_``=D@@xPq__J#iuo#4ND
zac<ha&EWg&V(f#*ltwzqQzYvr&Pj}vi~vds3o9)4MTY7w439NerOWttOjh+BO3ta6
zp*(!&8W8-Lz~X8QUp34;uE-Hi7d>>ZSos#>LwL#<>zJAD?VNznb@G!*W2)F-?#A}m
zVlLy)^@*;O@v!AKge}2u?0FkEQ6?l~YtDa!d&PnS32T=V6t1x`b?%}~J;1UI6L-e)
zcqB{@qKs<s=N1AXjE3sY3YTObV5f~{ioEIf<QbkV>C6eZU1HPPK4lm97=#e^C-yHf
zk48m)xJI`%;bC-nU&WVYi3C+vw?#jET`_wIZYe-`wcG$_g6an9=k8Q`Q<h<N*S@b;
zFJsX!#Ai{%Z%;Ej1i3A5E)#f?`mYk4e0R42=RJl0o5#tK(XDO<{4|$TB0E=rXv)E;
z&y(urTIU^tU{T9Yl*r#=MJpV!(`8K$4Z0i@{^s9+y)j$Iv(2B-B7`NC(2~$bLxY6G
zfMTNr2DP{p2zVnIz5VKfrrkm^I^>hNkfm^MVPDiQivS|Y0a=Bb>9miKK;8`1vJN7M
zMrFlc<d;Oh7vKk;E64;PCx$Ed9AxMlvJU1S`yZY9&jS2tcyhNosF*Jx27Hi}A=}kU
z6xGhtpFit!JeK|*e9QrywfeW`uJygTOemd$h64rmoISo9k~l^KCwkqB2bQ>(8JTC)
zKku~QJmy`zfjn_zK>Jj5KKxSSW(f!?CF;7$Q+94#z;@Dsk12G9n%unf8kp{&I2UBP
zyX!6N$o@M3p9?*w*a2Fkf4nXxQKk3;^h`-f$!zKUT(x>loPs~JQ|%(|_a5T5ed!pr
z6*4*e;R0l>s{O4U4qj6iXWgTRgkt3v*5EG4c6SY=?BW`7z@9P=VO;LdKo(Ve|5ZoR
zZh3?PM>HtzkVBTsT$TMtUES@@>Qa98_;=#YPoBJUuB!;REtYn7f0=`MaJ7-&0M!;b
z=-Oba^vcuk?>~6pKlt&1t=I0w`2_p!Zb+imBJ1T}m8OkMN@Dh^K1(W_T^}uA6RC5H
z+Tk*F98vyTJ)M(_p)U(5z)uH5Ibt=<`4i~FZgr5E4-==-H=Xz40B2(KM4<~^!ng<}
z?rIsTI+c@Y*BBAl@)wvXfKhX64b<=?Bqeh|%?1JfJV!Hdp=LEKFU-cJ>s~3<$*IsA
z_@-uQGwTx5hLd9>_3`wq&kWJzXHci8d0H;m?Ntlj=`PxhV7syE#1!pq=WckbN|EXQ
zsD4iTQG+Iq=>fOf#I6Wzk4O8Ul`6-z`1<vKPMHjoYuUM!{6P7?ce=AuB|4=%36vXs
z>g1Cb({OCliM=?FIx!A@Voz#8TG}UR9(y-xs}=HC)7_FgwH@aIB$u|slBZqT8U^JA
z^+1(Z+S!P=$3e)AEo(ZDy!g(k3Zq^{p;rK?>dGf=Cn@@t;x{WWc#;wyosx1F01fnl
zfnxm9+Y~~}9wCKK?sQMhdR$!fu$`8Y1Gi6f3+jotB%tkqt6sSUGPjx$g0*{lPBX6-
zX5kWMQ0?!c?6yK++D?(13jbp|imwrNs8HA0rRofVbTfL4x-zSv@7|w9d$C$Ift10%
z_Me~BW^8(FJ=mP6SE;s{VJB8X*#ye&<it-`j&!`e8=N;Ck}Xtqx&_Q@B4sFVS-{fC
z58pt|pW(?LM|`IYrsUk<6#8nI$g$QheY7=|ZoKORW#EpP^_@9WCL|y<9m@5iW8cb8
zMJwB$W;$_s0l0+cxD%k%Fi70s>Htn}F_VgjcW8=1W3-I*U0|*8{P{l@6xdtdV=n^N
z8iDr+*m}&m^KES$)gfm^cQ42Hi*MP18Wiw-CcFHG;||vM9KY;ybZ(T9ex%?@5?c=Z
z#upfnma+r<hBw1%X2uj2lr3?k#QrGmJE~#>sV>>cuoD4=PYWdif#|02v5Wt7b-UW%
zO1~VUkFciYV=v`tGHZJ!-h{dbZcI4(fo<B7s!zA`CCDoc59AW+0ibf^pNgGphSX&O
znf0zs@;X&EX`5HqC0-4gdz-CKPeba#wGj1t?S;I10KA!a%oJ%Icq_PR_q81|N8bo&
zMw|!j?OEHK-IRjf%IoxwDU`Sx2X4Mi0M!bWE<6d23$M*5eDr4q<Zj%cG<bMxSZpZG
zu+c2_oxmF3wlgF*Oxk?jZni;MvrM0ZiHV8q#8KITe5J~c4y5e7p?7k-USA+|`E17B
zyU=d%&N(29`rvy@i+#=KDw-t*E57V`o9edv<iX*f671w~ePRXk+V$v*spANrqYacg
z&xmDf(V}xQ$DSVHISaK6i(a$Tz^z#MxXf(Lu%V@<D{djVEB$*dtty=c+yQ6(-&!j=
zKbmQs_IN$1un3oueq2d^sQ^*wKLv=;ZbWBT_aD`Sn>O13W3BA-E|p_a8}WW#VchOV
zpKy55xh3MoEldi^M_BzEP%{nvo@Ve^>y3$iZwTx*S=;vO3V!di;h=nV;Lu7dfy-0^
zDz@)Xan@XUab2T;i0LtNz1o(|u~#y!*J;>D3M{PGk&PrDwsw|AcUM?Zhet%RP_uwq
zCZesIs))a9_KY*_G1rXPde1Gj8cp7Pj()B^82x_V@@qCeTh)`UJbCD&db7tdMNMxT
zHw|N0gnEUq{$l0xnOHV%M%St4$<sfuPE<5BQ$+qx3RhY2eAC-S#&V|6wEB>@R}c`m
zd2a*Frety1Nvx<n0lCDrlh$-p{;=^NNs(7TmW!n>@~Hsf&FLC3o%kfQ(@MRewQC-h
z!`!aTbB%a!dOwUfwjS!69;-)8o<(ID#`(i$O<xk-I2wn)fA9>)(e9joK|YfIaDyHX
zr%sD!d`+9@`Pq>d)jR1Mb2rXjeTG;(cR3v&7|iq_>>G02c+%kAylC!m+PUI*`h5@B
zNr~H+k(VU|q0iCW%7(F?G;Av+(U&!xYbKeGd2KZ!a1nlfeqw#P$f|N-PMd7j^KT4Z
z=ZSfgQE6j_$+_W98J{LET<T^8dYp@xG=DF=EXG!;26dN;>yL{xN4zngS2rHTc;sR9
zWX7e@)oe3xu#2&$(8RIGbe45%c5KafaV>I;`Q4mLx!>8_5A)_bx`CVq=$Y#y1?**S
zFEpBTE7Ww-XT%L|&Gv~pf>{6&y~$48CDXCYR-e6nW;}S^?bx_+={vSwdW)#AO(v`1
zVGY7_0lmufQ~@@%&`HG>$wZZU`eLoFh$Fh*(~SVCzo}ilInH9Q0@v|9hk9qcE7b^Q
zW$6=fsJEz3qZ1W<<g0(4*KqI1c>mKv=jq`Du&!^+&k^R$PB{Cp|FKiyqF<fRWMndC
z{f2vWACSiXANJlWtf{VR7q(JFAcBf?6aneddsBK<P>>px-aAMMh^T-dMVj;uB2{{*
zDk_~AT7Uo%450?31`+~$#kYJuJpXg}pX~jeaOL7!Yt6aFnsdxi?s1R5S_(54$J=}z
zE7RSrxub!ypV=fF+E2YsQriF1Er414TdOG$+=6(vG>C4zPQ^ai#YU%uoMscRjg!JS
z1j|sW+9Tr03WBDl5dBXSp&T=#CPWxnqr{W6`)T%8pTpzMdxOUe*os?~tkN?W5vIvN
z7FV)1B1f10%;0-BK<^UQmpQ}9nxAQ#)++=oYl!0KJ=gl;l<-fd0=;Q*o?c!xK&qrU
z&UYcUg?!>iD84y6Sv)s%ryi(t>GcW4Y~x5!^xu)*dMXhN0Fr8L&1r3t4qMbEpY`<m
zT`M{_)bcT->&}Fr-KhXd)kbHeu4KAtXA7=*Xco-{BCh^y>{DBik_hcnZQczujQzq^
zD=PbQKblq}a?oW=bSrv&z5=%Z)Mk1b;ra@}>+~p}UlfL5uSebi_=Fk!*JRyjvP5#F
z!{WvB&Lz*!koSxy;Iunyon%TxT|)N)UY`&3d{1z9GX^?c9F<;eOsDNWz@A^T2jlOA
z9N6l;+?D=Y-uw{-S`q}Yj$0{&N5xz?OAHQm-7{A_L~j9D8NDDtRSPj+xEg)AUlbhW
zH}GIg{7MJ0{Z_k37!oKEMf%WYhdqYz3^;NG0y&f3=l(o>Kz&`&w3@5!UbV&)ar)n>
z>xKycFVMTqOFwNi0W?|Q1@eRL!<vgRt3d?R)vKRA0VS&05LNKY%UQ`4uza=fMQhaC
z8%H=Cw<Em#gZ%z@cs{RSox|h>JteRAZ&H=($T~X+7;nJHbj%1{N|r(+)lfQ-GNA#4
zXxm>9f8-WnAZ8P&d~P7f-risM3Py@w(|Bxc+ih*o_a-N#-th*0x7`#!g*hj%60;bz
z9{Od_hDJ=RA|mY`pX>{8G+7SNwMba2N9#>|yaUV@ciX;WMc_%vVgxOaqq;7;Wjg$B
zQFp0a+iJ$Z%Azh5fH({~g<>Y)n_EM++*~Se<z;Q+MO^LKjY2itm%I&(<A4&-R_^#z
zWgmP*j}AxkR<i5-ryxsI$dfrJZa&p^#kE$Cc{JIxfV{b7yvDV0O7RyLZiC7I#pOEa
z=y0fiU27pDM?4hBiQ3zD$k@g2w=CoF@q<Z+hb5zQEEjKB%35+DEIixWjvn@3fbL{7
z^ye2>`Y;+Oj_3$=6ehPdETOVC*T}c}&ttQO-l+&eJHS%4-(5|E^z4m7w<rAllxhKy
zVsb*zlFZM?78oU+US;XIy8rl_8Lq|=k5sPH|5)x;LuF%fh=l4$reAC|6L0YKi?&<a
zv-iVcMNLonv?;o$kQiE()1?3|eElb*tSq}MnL;)tVZAcoP)=uED|^_RM1VWpp}k`L
zsdzy8dh<`?0FQY7CwrtK9DG;Kgx$InG;V##zh(MpHM$DjQ=$>*$K(I@$7&~S^C`h~
zgES$g)zJff{uH4)^8v;wAO$8_Rqb6ccu0J>X)gJ+&1=*Q3T@=)Shaw;WB`JH+LNR3
z@l1dO&vtQWV>d(XLa`(M_SX4@%<0eB!z{>jXLD~;*kS*rD@Tudgoi?ZfN%=waV<a{
znO-}hw`QiFCC7ax%t-xwkZz#Q`eRza?Bg1Ek|k^Ex+9~ZfJ>5#$C?@pN0eLQN`fEJ
z<-q{Z96-;y8eqD)8L~N-pA|@!zYbl0w13!@GY!i>`Y4nxrE`t554p{izLNe-`4QE{
z`y9<?$*(ryEe7MWA)8-mH!*}->>+DgWs-T&p)hqPwSUabr6ih(BnIzdC1-D)qlU-f
z@{$Lv=2b8~)*_r<CG7^c9+<;ONinVRc1Lo)%HymL<zKaSE?l|7v1J!4ikhORc14NV
zl&i8!?>FW@BBpOnz6+ycVR6_}qYeJDLmj^z=Abvb(Qn;2@q$@Gx>9B5Qkf;Y&?L?N
z-&Dp0lFCp3U=(yrZzR>+@m*s*A0lYkJ#)rlPB%-=lxhdxYVEQ6H3^`VRs!?L^LHEp
z?}@9~BabYV-`HbdSx@Oz)dGY+PEq7@TlYf%oxmh8mixgTevwJ6xXsx>FWCQ84677;
zt%Hc+A6omog*Ab~+J1%F?M~l?Azf}3*=`kM_|YLXz62Wh#8+7zT;kF?GSIzELCcDL
z{ap2vnY}|~l@3y}0{c0%0_hiTRFvPX!!cRgu}uJ!jaN=j;xxc>5~LMA@2vY#N<ct2
z<Y=E+ZrId5ze6b?J$Q59Wun1V1J6CgvcLnXpmy|V(pli2Zx%Aqajre_(9ZFW&&%EE
z(`<CqGjd$Q>s?T(T32HsGX$mT%KFCu?o?mA={|i|hX6yy#Ew~dgA)Mjs^i%UQ@%<8
zd}Xr;$(;&~BFxhL{%6H<=rwY1eF0=;{!_ln!-0jV-KlT8>+?E4?Rux&L+LH=c+BzB
zjt6E#-)T^{7!A5lcNc$I^y&QRmr_^ZGZ!IL{*Fq(DZqXiAxa!xFZ`4yVf&ds91ATK
zYfsi1#vp+zabYDS*sT7YyFJ){dB2IcfDi+<J?Y_d^j8sMey$iOpz<>IiOE>GKSXqO
zf`)MHu%@`!@Kox5up<bS=zn8J(uuS8iblxtv%;K1<|G#y-qe~)CVCG%^KE`sFgWPj
zy8sRmjH3;jVZ&SpVbM~4YY434XjxDGe(fqROnG~V9W!BC$rOnl-zS5a*GwVg1q_t-
zs|kU@K#!-NYxH(q-m@PErvrPGG7fiIGao4_g)Qm`wJQsCY(FM(Qrs(l@M%z#R&k@=
zzl0O`LS0p@(zhzLQ@;l<R8C7?*f-(+RpqENME(dc>;1BCH<EZlCbL5;Ay!0CuJ*k4
zT3<Td&zDw^X{&$$C4FnCujha3%l*?m-TwuaTkiEou4YE7c{>|{Zs>;PpI4=A-7;I6
zDas-uzt3YzR#(xmfom`Ec|*V8Mpy~G(Y%2497YATK#QQLsi24z^NZ<^0TZ4eFj`&;
zd+T$nQk+SaUj{-+=~=Y;eM{fmveJp4cIu}#b^d~ZZ%#2eT>NS_z^@78Wrvvw(DQ`O
zv(y}mmnr9Jp7mmm90brV_R5Khd)<XXGbulneM)r)W*^!#ycYd*&+>W|z@4*dORc}`
zGM|)mQ7*`AOU!x6e?7eB3z~84zs53T096(cte_*2C}q2G$|T<vkRq?-n848|<37i8
z)D;IGiNqo>3Mrof^E(=oTT2GIYuK9e2!}Zg;10IwX<Ll!Y!G4g9A>AFZnIr^XvgFK
z#%tc<<W*RZgu@I%z_`gD6@puOc3!oGSwfEK%TVwbXLiU))(U<U!PAXg*Q+lzAZf<s
zxik5x>B<MJ+;LCvn^V8KiU{?H@nOIpUh%NFa!QRca?ApjzGd2HZ71oensz6^t6LDW
zzUjFX*k|PBT0%8HXfCJaG9^-*J9`tLl~?ro6re}y(C4*fSxHMLQU9&6)~a7*w734K
zJKUg^%YSA}E6_4DAa<Qu+@}?&5e2rRy(&r$EwLq-svzT*`0Druc%s7r@XAjCWCBP)
z&gSKJPUjsShS=FzI;GTV`+kCcMFl^y=U>rT17LxhB|YYuiHvX=fET=lsvWQDG%9aN
z!xED~B|Km{gIa0!dy~MKJ%Uu*(sp+H+5d{n(nq8mm0H#Bl{p9jY(?<+u6&|>P`T?h
z5fQBv!K2$D0H4uBJ5j0j#E%PdL5;{L##Ug3lo(`5Kpr6_CGWq~AE+{EZ1C<O8<cpu
zmIQbO65m;DE?*r6qAPD671s}kppfnfSHmrdGE`j4^(0%h8DKP=Aw$mb-AMxK<1IXP
zw-;R4?6U4!!26xr=W50zf0Tux#8$Gn*JB{vL(@m&%$o;^kby?A&o;ZQVDxCCh0OlW
zT-UlHFTi|Uy(3QUW5@OJ0IMqk^wn64OK_Fj?M+V2;g6$fh8t%!dZY#8e)jge(YFc9
z@B$7x(#9yXkXChl!vD^DW51mWu{uJA#qi+c$TZ1rt-nPSR7j%#P5&}vE2nw%HYzGA
zpAqE4+CJTaoBVptcgWqt!vp``F&5y2aj4}klrjBC{vw?-aAq~GNFQq^xff*G<vf5W
zrx#<5U3eU%9~k|NMzupe@Ocns=f0&|lAw8GQNU%r51tiiGA?taq<Vj>z$^**3=YAE
zRY?7I5Nr{jA2_=8&#PFSg2yTP<ZMH++(;w4fDZ~r9yXT&jtf=lD_|cLX2zpQ2RVAv
zVg1aY*-MgL^<!J-RsEaZw=DK%$nd69K>DdVT}K&S4`2V8Y$}674`<tKIysyE!ain{
zM^m=sq~a1y7=SYROm+aTYlht#7*11C-@j1-bK?-EUbi>@)jyq?$i1W37TSqI>S|}5
z<8BN!^=GpuGK+c--7LNLA@iWdr7erP!c}qq;CjaGNypH=?}}cYNIOa4P{4TXzsu2N
zg<am9kw$!epB>F5>uOiO12j&}j}+@TP~mPpcse3IkW90Pm=Epw32V2{;VP4qK3;P5
zw2`EK#wc6UvC6dyHuq=V{>on6>h{as;mg==I!(Y0EMFGOlhh*770uDp)s!277yx%p
z0l)ufXg-}E>m4U`<0nsR&Q;L&R#W<YkD-jqK0rCT*V0k*B>pUG<eK-2-sWOF!3DXZ
zcWON&2qh@nGR~WQa$IU=$Q}X{YHbW&x|KmL`zg5jdm}1Wyj0oe8!n@&<3{t9g5pa{
zW3_Q6cB)Fa{yR${miB~q21;^fb|Ltpt#J}RSsH%k2_>ztHB1IDb95E=+FP)~BN}3M
zJ%BCPybjMg>uvXn?5l)^Pe!zCdeubN#7g?E>Tr%jz^{ZyqOf4uH;IPB{gMbt3C(&E
zpMvdB@nVTcw%So%fG2v`YyMK|#Bis2D@RVSByw$Go{0XcCdUbK?b*K@bN2n1Eb6c}
zDMzCp2uo@pqUUGYD?3gPify-r#<<MP;U6x~65QhTkDPy6)YQIdNe>=MKiA2d{`j_$
zs{>q(CgOGa8%zdW`k?g>OT^>~P#&=&JP_k#DfVzJCLw>nfSx|lw!50LW*3$ifIF?1
zp1+XO+$mIig+1p6k*wp*BlT@>VS_|9rGu-!PWKa~x~7C5<y~!vqwSxIShug)%WLaC
z)`|^?!;|)&1EjDrtLlxhV21s^Pp$6dh*4)m33TT37xR`ZO}Pxr=cv<`QdoepOSI))
z?gGhgw^}h4oo|zxI{jdy%PEbx6FgyOsGY>m{OE!^6dK`B2^P$OC~9N}+a*m4FDm=Y
zYu^?1o@~jNDXcFy#g+7DbZE}Se$z4+(?OVy7${x%p7v3H#zv1bZ|Qm+i(;^<g)q(_
zDv~1Ae4uuv+)*%{c~b1_3x%{ES{Ngo`Dnt${;a*>K=$M>oVuKxdH6ol2!e$FPTSom
z*{sr1oXI^*BhlOO8gchq4YTWW;4_T{b)Oyy23d7&W4>rfMrH%Sekt54hHZTa9Liw1
z4d=zpKq996*Ryu-poV#B+v|8WjH|Q=RM-*Rl#{XrL*7V!*gkDBEXj98svD@eU@q^-
z3o>y8XvGLAyR22UD$WWCz|Ll1z(y<A@!fe<t2}Dvs>^{#->M7<7&|zV4|Iy)OYBmb
zTk{LuzPjW|pul;`i46xlPup0%sFxtJw;`2vyJfVF#l21b0bf#Fbr(P4fK!RsYz%bk
z77$DyNfa`%e8_NXBs!hlY)jP{+5(gCvToe<JJMVgNpm;!IdHVIi%6wRaLYnQ4W^IP
z*b(jE_pX}B+pEd}^!}k6X9sM7=#VcWn1XL}n<~+^XQ+PnE&K69@M429p#4atP(Z27
z+an=Ay;}q8V*lo<a2Y0I8Y_&Z!SBKxvRLID9xAo`$XT;D@qvF*p;Z(Dh)E`$fW1AY
zzLH~VP^_2sa5Js>6z5WoMtGg9Ad$#BJe|4?1+ytku{QaFe~m}QDsnXLuyO!E)n!k~
zElZfP4@N>idsP0r|Mb>V%c=F+I3BH?<w_2G4-+E}=)YwZ5IW~Pw0qz!W-RN;4TRjM
za6j(AAJ!QSx=rX7>t)B=Nn&D;{CbaME!Xe$cm-h?eQl@83S4AU1o+dan69uN9$X=O
z3b${YYR>_ve%>$uYB+m&l|dscpGLK;CkB`EhA;V=APj*z;I^K5yHtEmit0*;i0kvk
z^R|NPx<s?$P<$4lxpw$Rf4Zn2x(#E_Wx7z5E@2<#una0$L`{|S&qV?};y(Je<7_c9
zk58l0P0VzF_)HrHdSdRw-Wlk^)yu;77><#<DbG>?;i3wI(upg9s39>_;+P?TmrJ6x
zAE&H*A%X|IYq`_SO_t`2_+K2QmSuM7CrYf8uF!LOF9;?vd~40-uJ}5SMfNaTYaqGZ
zphPzK#E6+Jcp6^p{~e<DB9C7_Fy-B=OX!FfwOE0b4?nqkzxbCtu}T3-nYue^&tJ?E
zDOU@J0pavbfU9Y~UTP*~J@i0E52En>>miB%C`|@ZDegSk-B9s~P7k{=+Ujo8sx_aW
zNUio#T|e`kas4ZSbfvzKvkGOhgZu6b5Mf-#kJc1zJ9XURLbfOsO|~n;*^xtuT)FAO
z>G1|gguKK^{gVf&YmJeEbz^i7+c6;~C}g31oU<BX^uscQ>8Vw{T~-VLOKxyQK3WMp
zY-%@WSPC_9m#GMpNJPk~>}Dtj0e<A<%VG+~-8~SrzqKRsmj}!ai`YDxY3ezX2Yz$E
z3{eEdu%LGV-TYNcXLA~-WAiarBdc=ye@H!?Nu(YG!fbmt&8Zh0q?BXv>wfav1>}<@
z5XULqGy>Kg8n_ujwj1wU`Q2g^K-b!2Y8@<Z;k5hgD&3z?N$lC~+iwl(BHi8Wl>FDm
zjm;#LhB3)wX+0QNyvvb$Rq$TVwS7#>JmcE%3j_BhPiW@wroh%fTsp?x^l6(0!wXA?
zAvax-fLz?FFT|l#%9*|DHPb_+R!*7O5vJ|eb{5dI;Zg|RH%nf^>rF-9-xaqJM-`yB
zzisJWK4tm*W)&)TjAQ%XiM$t*=xda!as|T|>8J-~jYy0rhZyGtCe^Wf^lEpv8To)@
z1=S5FCK~ExOyS}cAMQ#rDZez9ZeH##uSb^$YAs3))!;Vs&GEVR*(<Brw~g{t-=_UI
zdGc`cXmy%0Q*WNVYa<8Z(m7u1Y&5}DbU#}4#hZ(KYWLo}QyuHRENGZ;Lv>P<Dqk%+
z)X>bObd}&%p7!Aoww^ZVyD-=$<}c^JmbIU0B8;1=Ra_uW9qkcj>_cEF70BU{<z2r@
zvR_cI`G#lX^dYFO_E>z9FnBD9R>tq(?e#UJ@KL$xiuY%2f;>S2Xm$_4f7z=jR1=k@
zom4f3x5i!JQMBIXO5rptvU3QaYeV+f6CpbA_cL%g|8;}=_LJ>G$NSz=e0ipPL#0j;
zoZOoX&{f)<OkMi!#Ug8f#8WeK_9m68_^9S2Wsp!1B7Ap>4a2Xv$_)ICxc(&gR2~^T
z(6WLN;@Zhyq+U-2U@-%Nr+ZxxVU2wzm2ZIPbd08+1MC|}HR#nZ5*b9K=*ee`H&#ID
z;l}|0SI&ICpo$#$?nGJdbiYyiYO2&IGaa2FCO}(v%3b@adtL8_P`&m~Zc|%-G3Tq1
zg8~6-B-ZdfUS$xL=VHWhzy|2{soC@S*0Ucd^R4qz9XJ7;pEEGD%QW#g1W@_%C636-
zi61_fvF2=4q&aE<7rtGUWcnLRP4lTU@H6nG5asbGU}#mdryR0Fb5pc`O*o%839z)}
zQ|4zKC3%uc?m12Xk2_H<eVjx+?8*g>NbX30e2i~E^+ed}HDyqiWnlWkF?NP-{ojL5
zENu<e0sxou6d=_uWgfWdac|<(Mbgt~esOlr0>|6aTHvlhyqE9s%S3NK<w)m{6;t$|
zA`waaB8e~YCF}7M@k{v$6>$}x{*Wh*(tzmnfLAD=sFJ?~WIMh{G;p3cA<Ctts&em-
zl&<pbWzqx&XO5_TEL~9MSU&SAxsp5J=UhRhr8vcL5uJHPFP-9ZXBTV1IMpK(IEL9N
z)9v%tq!Br?R0gpYSZdV*k0?8LF-DmG1wEhbXxC5Zv3xA3+wW8aom6i^II?Ecn_ktv
zYz^}Wxasm)uld--y~oL1;KSz+TohgZzHFt!&;?Om9w;)IfNMRjKv@A-<RBi>PY;Oq
zGU)pd%Zpd{a#b}hFY2%z<6Ph%oO95M?If3sZntZE!6DnSBMk!<p$LC2XTi^Nms5j1
z)woQurF+uE{QDKDsQnqFv4`J|b~p^Sj>s5U)0$6~qHKLChY66nZ(VlwX7u9&r{pFJ
zzE&n$^0SdYC%8@$(A^lNxbk!UDng%f7}3-+f=p*?4!St{lpczQym$CbJEfdNnJMdg
zOP|f)4Z4u{#>d9Jftk|PpIoI*@Si&!Jmmz|Lu|FzKlA9DKjoNA0qFLRFPMLe{o{p`
z&m1%!K>wM^Ur-t3ssj-IA5Vz=dujcMJfTv@S#EKB8~k^`kHGqA;QHP1<oKulor(8Q
z1!j1`Sm+-|ct{0OMbfn%M?U>`jY<PM3`@b!a6IS)z;gaIU^TFBT`5WQ2LJibUw^Rx
z8`kf6a`ZorFb)X0;mqH3?SB)5vB2h)``oMck0ZDMLN<SPtP|TGlhHUsk<a>QKL7Z3
z{qG13fRO*6Uk0iIk%}d^L<rgcycSdwK28o0SX`-9>IzydSpE?4pX)y|Bus!_RYOTa
z@R(BmpLOAJi{mlScF;i{@sF28h5*`gah=obIE%u6w#t{f6DmHs{_L;+iEk+%44gE0
zLgeLtT6rSC=3^b6*7*4kD=Tb~fg>{ZP%;0-Kdc;OU10Nc`QYIH#5%=+2R27RN1OxD
z<>$Yv?ayBzfVT=RG7S;`C(ft;6~pgU^M9Wh9-bkcxJ}Q#a)B-G_9XM@dtv%t|EETy
zd#T(t{wuq%v%i&ej!+ZrEf4z_wbN-q6~iU^PaKtLgprx!+bGDbCd(fsWFhL`4c4}d
z75&dZ${rf%PQMvhf7WKFxo~#+d9K0vQfMZNRhZEjtRS%~@w$v-$92{TejbDCFK}cc
zUJ}n1uPoh22kf#5a}IZl){A_GD%;7&p*ttfJU06AU`RzK_+jm$v!6Ldeyw@jRx8jz
z%KMZoooxF9+n!XVtC&gs@V{*&j(X)yxT;K(`|Sp1Mm<m#-uok|Xalfw&V5Tw{!E#i
z|4(*KQqx@kI((UA=Ui6tiSc6rEa|XS&O7Bk653uiIcpfLV}sR%Jx#%kH+tJjJ{b~=
z(*!}jJ^M|U&v&->o)ah;n}7GujraR}1GRpPeI5NwNrnt|Ju>!_enAgVf!79{7PTg!
zTXn}Sp8#yYX1nm=iGs2KZPGhP0vB2r<T#KZ#Q!}mNx#B?1B+gjd^2G70dU<%PvCg!
zih`aze%S>;y8xE#UPLT2Nkc7Bf>cXNIu-v^rKGk0*yy+IDX9dlV>)@J1~4&wQm|%h
z#{iog%z!Ea?75$DN^t-oIs68o+FrNa$~bNmQ0V=BTAcyNo`e{F1egyrVmDHc0g#nB
z&H*n+nP2e3T9Y1lM3@+$rtAeC{Oz)`->+()3=@R`>0nd9*pQ9(xgK{sHT*P#WEj^W
zyTb01B)0`<MX?TAhrfwr_A-S%h?ODLz-hExD48!M^?AM;*VVjtj&6_VLbRqjz>;p0
z*K|@V;|tMf52cqV1hO?GSw=Df4cbDTJp&K<>B#{|8AJ&j9hx`1|K<i?;|IlZ$hLbt
zf;P-18x~Byc*A1=bj1AulyTPt&+`Fs_gg>{);rBzvL6yTCMoY%k{p)jcY&9Rd24a*
z*l`zj;{t_5WTheWO`X$(?zzi1K;P+E_i^BTk8dS4A)Viz4pQy>(51>}wt~DEsW38n
zZ~5T<piIfD#hV++p@&@j#)klP$=;CmJZ%KtC6g3Xw;|120RCG3%<-jCdgc~o{tBXu
zQ_sCw#S7h?ww!+0E(5_QC4UOxQWD;uMj72w6q-}<X%7yteTd2)$~QI2d5y9e6<C@q
zXgsJ5bbW6vR2KSSq@}4LQ`*yzTR)v!HdEd(n#OhgdwT_XFiR)p03UI%y;YUaEP+!w
z5#}NUI93BnC*+SowUkrnr6Ksb)v0ZxJFxpjUTV-P%az>Q4uoPRb%ShtyM$<9Vp|U!
z5lIfG?`jiBm3p@x_zvK2?tA$<qv-8@Wx^_7@^zC+3p=o(;Tv&x-ztY2uEODXoM`93
z4pBl%JkhcRH{QY$DtN!<c`$CY1fwYH({_|Q8;eS0ChaXgWzfLFaZ59-oGbV0uR*=&
z(;+u1D2aDUc2B1M{N>9jI4t6JP#8H96YBu7EcW3wy&0Mku*Ruzn5=SJy|<)x0m>pi
zz%FrM3hm}Y<n=X4@$@X3bhYf#tG3*DKoY`rKnSm8Gc=AFzulKll^EpIJzLB<9WsV#
zluT%@cP<Xf)>qwIBZ&2jxSBOyq^=q^4<T5m1#eDFZPQTpwMUY{{ig$3&M$5iI_^Dh
zEbgT$02^$9F7>7+3o8<o0qxJrEajS#;pQsHrF}8=)qI~8LWuTN%EI>|f)UXsRU#e#
z@l$w>-!xh6z#*qbEDO-QMn-0Rs<!AB)GNQB(uBAZ2hFAl@&}*0EWmLeCWmk_Yj$~o
z?#VC_YH%{i0T9+T)(dWFa_ju1ro?N!=DPv`j_8NpnJM#Ewk9*|Afu?V`9*laTB;2z
zu+k~Yl$*jAMT=hbB&Xg_U1l&&pc*XW(1_*kd8LHtt4Ur#XRsfFU^$6vv_|h$?>Y`I
z2bKo9o#i#nk6hJ}zwSKdn!F@-xf@f_GDS<>7s!EYDW6gEdNlefWEzL=G1@%rKl>(F
zV4KbW?>~4c)i^PoAxm&n`297mXoiIPmBt>RHSK)MkzleQGWcjWHamzY;ahmOGrH*3
z#2d_d`vB6f@3UIp{MNowRKqZWPFu-X0Ia<{CJWmxs3heP4^3-L4-bM8587SotITC<
z+BAbz9B0s8J+{g1vOweS{)1KWjx}$;`C4>3zY{dpa&P#YY1?kU`(3Et^XfOI5awHn
zMp;ZT@cYzG-B9~fF~q*xtf6V6XV81+O|m~V!DmiTf8=6Q@IJa{%~Dl|qNGt^A4|Kx
z+VQEQac1hl@@PfY%xv+&#=BIjL_ll##8LU$tA;NM(fY<~u&+Iwly^Zpq&*(x*l1W(
zeYvsm!WJl;uURYs+dS;Z9>T|7o}ozwGLl*a#r{pZj`0dUcfdwEll2=N$rVTdajy~B
z-MnLO_q=s07PINnQ8IABy5i9y>$>~Oa(~B>DJLuYnvha3F>Rs9Vm)Ywl_kObyoHnv
zaKP7ODNBbhQVmw!;3SiGfG{sZ)TiA;_AFnviBFHr;hwh_y4??0OC!JTJ~NfwqWe(x
z@pjPWeB*3c4*MdJY`ay1$tvv-T)9Tw(ee{C@xeKVQ2Z3JqcdF6Ji{wx85)J~2D+{D
zL9&DTo*!hBFJ_*;P4ELj^xgZwWm0|gkgnbijp0M~usiq<8@@Z}D4~k-j+LR^f`;3t
zf5ENod!rJ0+9dePk;|is;6UFF^H)4yGFI4RgYTu+FJ;Us)M0;umxYq~Q#@G-n52o#
zH4RkLOhhy3yE(OBw@yp+vZorbtpuCDhi$%<vfn3ueF_2p#YO$76!!4hqE5xhW<6$9
z{4Dh;)(aI3nby?bELVSJKDj`hU)BCTtaW3Vip&|e);3hCL%ZL{bT<>e**`ozpDkI@
z%2u4WIUu+uNjP^&;0Aag>#EwT!h`TJBqccwOA^w&G1V36|8{y!rEXzkvVmOIH}M6P
zoq55C*ON8L^`PxlcXhp>=^k~`X?XtB?74hct-4Gs+l-pH#}KdrPS*rZU*@$Euo_e<
zX_e?v>4ib}sY2>MFZvtRw+2JsaPQT^rlE3ojfu5dgB2FWJ~=|NfsN+t2%C8@b3ftE
zAq6JHKz>r&t$8qr!=+KJ6C6aT0h-1|HH<}KnlW!=6V`z5&@;=a<&}47Z$%Sq8Othn
zHLJPf2B}T+I##K!t#Rr}T0mJxc`X{(p|@w=v37PWn3A`aP1veNJCHj4Va{W#+e=;M
zOklfP4uog2`H*OdQ|3yi=Lh*7xu-zEL;+aG9I@{)Lgi|?gOX2cN$J!?e%=mL&iiU;
zxPwAtg@h;yLg^36VuY+5%I8&*KQ8Q;{k~r6SE_hAF!b5touII-KMXugjgR<<AF(HR
z_*=_HUA<<{E|hq~fA~8}MBx+<r1z-yJneu@_4&oQ9>kX2tM+BDWuQ^(L0^^VQQz6k
zm31AxsMkg%Lx)T?`VZeK3F+g_Z54c^p+ZcG>yz~wu{qL0Jw09h4L~c;^w}l6`o_zc
zCq25)AG8?zE^U8QFsxOV@Sghk3D!qoFB*Bjdp^IObzPUBOyV^Iy3kgKU;%tMEC)Qu
zXQXWhOLrSY<YB{K#)z(%eV1zkTT78|kPwrgXUa{_7B$!$xGT&otj#ue{5yK?IHPNc
zVkVs<_T>qsvgfuP3~MC#>cQ{t!Xbfm$;?c}XDUMl!2E6G2JwZ3)^Cvb{i%hXhM`{_
zbd)+K<;h(+TIPPd-@E+hLhO@;xQ)K;h`P=|`R`8pvRxi}hx+_tv#-1~JZ2&xG_i2u
z>4vdmbP}qG_W_5#I?b}nDM!dI<$8aDBYOz;@w+>fNxC6zCHx2L3J&=Pb!dZHa9>eO
zKzo^EiQD4Lg701LAj%?k6w_AHz0!N%wh0+Vm~H}l=n7tLb+XLKJSR*t|LTWWwA)NW
z$I8|tlpITyEI#1D5sg>&&U}Or(`V$PIwh5DnftxH%));DFLwMgJ~OJ?8>1#+bj!{h
z>Vj_Vx0-!i*6^)RR0hYSW%!>V*w2Cw&%&8Q&n@QDDvZzc-q0xtiZy=z-NGmp=+vx}
zWhP-U%049LNr=s|Yj59<rSt`>hC8^Hzx+i1tqpyyV4D5m`V2(W{}5qJow#4)vagM^
zv{NYPIVap!SZNUu(7RYuI;<pKpNEaM@N-lM2s+@$U>CeGeMW8M>ApA)d|VNKAu&9z
z`I#%h0`ecj#BMl3OfmT|{AJ6!9qGXI(B-gDsbjr`KgUR}<lRxqT0uKh0DG_x*=O3)
zl|6^w!extvm4$4KeLzyxxOMs=wo<B{t{Jc*%s1zCO7Hr@ZUfY4(W|m>purJtW&eS*
zqt|VSH-f>6a7QtRVH~`dJ<x{VOy6{=BJ^WExI?(v`|*;aSDDE4uMnS46z??p)-|>H
zxP?Yf`4Z|eSe%kj;>k`PWJ~`_0js%YpPfmXFLCGxl%W{9OOA{)6Mizs&$}i5q@`r$
zp(ctPy@}@qPbwau9RM}A!?vd8Y}9dc@2dAiTNJtNV)T0NX;=3*P7L=_VxBn=^KDk&
zxp^Hzd9UuGm$v5HTinGF=j=gQfcB+XQGRX3c=&Fl+9_itpL3RhxLI<3d3vUmCsOkK
z!5?nHQ|nW5l0xSeC)<Mj5}SfOm$D1IH(BMMbo=%X0A+l{K;F}R7R+ts*SUClsuwhZ
zCg|JsF3{%JFWu)extP`TE2UUU`@{2ms~o%CDdG7g#qe_Qj^ff}&Rq~z_Pe#((Ou(r
zcT`LdI^}B@2rr@wy;GAsJ}N}AiTfn!hK3e*P4K!?=C{>U1I_lXaR5$%nTC)78=;Od
zti@&CjPY<Y$kA+#Eq0e(QY)mIyMI_sqtZ#i%Ca>X`yI==Ua!qHm0-x1w;ta(9~y14
zh{?Uovu4unLg{>FbC_Ef(fl3f!^Sq`-~hSFY8hfa%-`=Zb20_t<UFK~Q`5K{Dzg<(
ztHl$%@?BzH%F!pBb<e3fbiK24_zcdhGYJ2@-H;<x(X=+COnw}z=ACs1f48c%=%&wp
z2wc?J>vJ7FfjStk=zQv9I_51++-vQf7vU3EUMj6};CaecyMLvYWKf<1*Q-Az(5sd~
zV<`|MGb)jHeIPZ;+VHb4pnQFsc8bZyjsp7lb08ly{jd``m{QRKcLnBI133j492dsq
z2&w=Zw(d=8jM)@*=(Ne+w?)@x^%nsWqpbadTtDm=rSt{WBS62_%)vTrA|yV`^x$7F
zI9EXpeH7bcQUsV)k+j)z{%-KQ{XqM|c%9`@5iw~e2Nz-XP*L;jC8aMR{D)`YU!%D+
zx6Cu%CLkC97wOgI*9;Y`t_a1^=>2o~$myf%13c0YL7Xz7$e)&Y0B}`ko_o$2xmyC%
z7T&*o%W~2`VCMet9=>cv6UBo}!^&QrWdI*N9s_RdRGZ%YRtTGKOQV|dC$C%kLd;%*
zt20Toj@MbE-_qI)rbeH3GP+5=a>Iyv-)G-%mVI+|YrRQmYjE7ExS=710$TRdyAr#`
zzpFWlM*kc_56)E5F|BnyF~^O@&BXem{QQb)(a9I$UZq@uC-e*;cee=HYlt3)Hiv{;
zUQw6)nhji*3_zC6_nzqn)|Y(wIxm5BM%g~U_*(d)2Z*@WDOePc*rzAfHu_`m9kE%7
z4#KP}7cSELUWFPU$1HQ6(|_g=s(6y+kF1~alQXBN^NG9zj~Z98{>6PSsWT2}@@s7z
zX_z~aWiPvBMIH@j7}|x(2a0P6LGu%w@A;^!_|!)W#hZYcxNSw>CC`aPy1Ac)8^3mN
zr&6hty3}y>sq*zR*Dk1n15AD4LoCfMs1GKS3gT1u*_(*duPx_k<yS5tVc-T`&os$H
z#x2Q_sI||K4(&_YeaI?B+xGaW_F*P!*JK)a)TJy7pPEkypp5-$9{o{iw2<uk{ph%t
z8BASEqa%K_Fmt7w<15{kFni4^c7?c#2kl8aYOW#hhkN<&lhKl8#vUj6pO2*vaCT)n
zRxJeRx8isr*(R&P#hcLAya{)!LO5y{gfCOWPP1N62>uxEwe*$Y?aJbrH~1nQ4xK{0
z<XgX&osk@}@dl^6{)qU3(v@>nd^i#>kuj;-LwnBop79yXlqvW4Stmg`Mp>nBDOET}
z;H^?0Q;)@$Rrde{adY8)$3URE%Jw$zPc<Iy5!=2o*G(dAG`dkKB~6Q*mQ_|@-5}%P
z?gdq5vO^#=a^-@DY~)z3akw%ym+#Wnl=<dQnEmoLF6e!hh5vol+Ny!@+p3)wFtxrr
z{W&6^pSSTFSEN=NbSwu%qSiYh9VZpm6JDB(N#guzpA+5gfXEf$Mafe`(zb)oIuI@?
z5jj_|OqS*Jm-IjM7A}e&WpIi1^BK&#!kc?=b#69(3KQ$p`@Ty`Gc?|=eec*U$qySv
zy?d3lZkUaG*OpGKDw@d*oTPE-z7aWgx5aPzaYbVV{bMK7M3VKpY@D2JX`b<hkG?|d
zdfV$?2J06%M;pT$#4OZ-gzb(Z;g9GMMHL{&?V=swl;YP$WWVrEJs+&QY>>OGc5Lme
za(-!mWWT%5v<5)39yh?!aLEFP`v{*nO2FB1R)rC_6-q5i^H+7Igb@;Mv%ZGPklfP5
zZ@piAozm=Ec6J+T?685gYiz2h?}bH+0`a?a;HG#1{2`Umk(lRE2z2+`2tuhvn=4I$
zf1aHHq|a*=vpCxb0Y~?pS`>cgD`x3DL?eY#?u^Gwje?gDwlh*4g{ACR#oo<^AhPbm
z(-Cco>16PLO|+!%i~4qtY8~nIl6rTZn2@1!-D(Y{oNe`NwZjE@$SKb(`6ufGn2jTa
zbe9*K)`p{IV^O;^Pd>Cv9Q91G&(D7lYc+&|yV~p;8^ei98n7+Jba`dKJqZFRgvDd(
z)IE@i_lspdhEXq_g`2&)y%LnlcXtF&M<`4aFwziRq0<FbEKJNdi}%ymc&;aEZdY_*
z&zD>PR%i}I>>ptU4)HMMa0k|p1RI>tSV!B|Uh75~0LK9;{|vFhrZvyy@pmHbA*WC*
zN+A}csz~6RY;mU{1Ois@h1+<YT5~s1+Ku!Vo0CnA7Mx#JdCE)+(sdyO-_y<B2sg*^
zchEMSY%H#B5&f)rdvOAcG1F>mbC8KWyQL`U?!P+4g+TeVtRQ;5O?^uu&M#X#X{?<5
zbOz3)b1`+j<FMZ%bQ=HK%R9PdKsJ;VmC>h?zNETBu?X*MejC-h&6sj<*tpFmE;4XE
z#8PgWyAkD86wt39*YVcQP;vV1_4eHUblGl}0{TnK&tH5Jnr+QVVTOBMYTkSA&gvr9
zmW4pS#1CzWIM-FwXI66~u@WA)(i8e+DW`dc$ug{c(9l?AT!YU_a7$fvukGUIkDtQb
z>AuKTRy*|?!f;$RPpZJ(FX`t+^nvb;oVI;Q@fpmcQuL!so;_W$IvOi|&jpc&M>z~I
z=jSVsK$SYe^>ibpJ#B9Ntd(ZhYL&W`Qzy%9)KPe3s|V8sRYKXI=O6Li=RzO{P=)^p
zbYpo;Kh0*woXTzxZ;>LTv}HaRs4K|t-q!Y2aE3+-S(pEXCnsyaF$H$|_S6M9M{`J9
zvuMCv8W=Gaby6vd_`+qf^}dg4?X?Ey;okQdX?^lzF>y+X?WZH4Y#RxKw3-MF*>qgs
zV1$@b0yyPBNGG-E$6yXI;oc4K*eW6(zj9XTLFeFBcZD9aPI#Y?rzOu@4ztcxrI3B&
zy4FacoRGs80tcQS1or&$SQNd!__`XC;<z4Ez=^$38zLFYGBTmtT#U7B^NaRbAvUwr
z+l}m4xV7wS2b6EQ+Ie^6x%Yj}F@C~!ZLJ{KH~&^v_04fE3!Jz6@EA4--L9c7Ez4x4
z!+Aa!Z?%;nBm3QNQD+!k<{rA$`>Ur;WegQ`))tF*wR>LG7`~b?8z`7nep6=uL3-z@
zr7m%vpot%fDpr97^=+9<L)>7Mx)kQLU%m9jl@0o<?;!84LfcgNA_rsI>vKd35FX4I
zRPC=1hWrs1|I7o@1+jvgs^v#Y+a%z@Vb$X3?vA70rj11OkG$KDpjLqlQNU;Fcsz-P
z>kpN7wpD_ocSfbN#H-EY?13(Bst5q|iimei{8l7u;;bU&6c`~>e4Ef<_oR8{Oyeb1
zv&v3{FC};6*cNw8kZGmE9k7X|PE~t2=jQ9Mm6zo}6@CLfg+Hhwab5wj5CW~6dGXD#
zkHulY63it9ge*|c#{#R#`kBOogb-j$4ZPySpbJesjd#<URC%ZdbhX2t#clLaw*9EJ
zpHr#PmOP_KZUL`eKJE(fn{Ju}Aym=bp1kVlFys2b<n9(ze1}*=YLc+Ykgnmo#7luf
zVY>w>dOhyR(C_m<@<J7a?PnN-FAKBlF+ChhJ%U=Xt@vX4tgCpQI~HI)7k}M#94oF`
zc`r)`*62n?$BO!cM?ON}hRiEc*mxRC4X8Vfqk<S-GM+2~2^^jv$T21K@R>uKb#m{e
z`F6jGiWqTwO==+go1_awddpGOyoD=!L0*8f)pFMaJgOY1G^)pUzdWAr-Wbsg6)-qe
zWwZCrq*dSHNf&kiokzZ&SYx03K|O-2FT0HZI7`_mAijk$4-+lYNvmOJ3aPTH)hDA3
zQc;&jfCpvE>iP*@Ve*GI><SicZO{+$O5*eE(~XU8!m_sutJJDWQPNXWg$ay|SunoM
ziu!y`5ua(3jBz0OVG8ERRH-}ET^%lXZ4s(xdAg*Cp?N1{^!@ZYAp>T}MUN&%@y_PP
zYPWU0uMIxfqhx5c@?NEyE?kCQ>X*!VcZWydydPy3QRuyymKF2<TgPXL1+j$+zRUNj
z^|W#FkTr$~d6#6U=6;R$s(DTid2PEMjztiaSH$KM;JB)>xiqC#8td-Sqn6K^?+e#D
z=Ua0N$MrTO7#(Ie^!}>^MwDr!64^9Od}G(<k~SymdLU*8S$b8Ep?W1wE>ryp#W9&<
zzCK=Wu(l@sCFi!7JU8%tI@JSMelV&At?uF_6*!+cRN1)vkvji)A?zXG^6C-;eN}m`
zo|lXn0|gE;fO}xZ^--FFX>@=cZj!4UQW|&&rDF#_@G_%pfBDf2HIbvH<A&}{Mlz}S
z-HL@0(<>ovyk!)PgJh+gdAQXHXLp*uvXq6JI9Qqv4XYwcinG@RU>kl+RZi1RHEk)M
z*!^7X5JfEr$?MzABIr`I1;N66s><^g>ZAhuOpP^5qwT*3PT%(}L>XcG+W~sY-YgvL
zuGt)CsD+}VkE>-Fx2IK_`)hqgkMBXI1s+odeX)z(PCyKDyRskr<EX#mu)(Ox@<T9h
zfbCvEv3f&00{_*lOS+&4h#3|le)4)#FQ%Swm7`5AEKC|=mZ>njLto)_5eN&4q;B{P
zJj8DRv0byG+iPNogTpRc(I+GK#P)NhjeXY-J#?Ue6J$4>VPx0W!Va-s_uC#d0acKh
zfY(}fO=VWZ0t#$P`*K3vlfHHw+Co$y%9vp2xP1^2i|SuCZ<#%85Ss#QBtP0ep*v5v
zPUW3}Pc{QBO|^jjg{Opu^X8=$GdD^l=mHD2XqWsVbgA>FCqMC#(mPLS!$dDta7><~
zyluJGLQr=M^|waYVjx@5lm(W|Q^v-XlN>sS(p${e^q4LA41C*$SrRgXExs8va4S84
z>JL^J8nZ2ZpL*|~X_&E$^<U^o!eLr0m-?4ES<5d#2aMFwht&?yZFb2e;NY#lvu08|
zIblbq-iA)8Xqj&pf{}|eO``l#`0n2OCXc$mJ!-|Rmt$X590)A)y4ItOQ!CNKNeO5G
zT$$wm&2%<o=`p5BDWyu{YC}r4!|<joJpD_vLv^T0*8;jb;rf=<5k&)gy?9ql&*>tM
zyaS9`8NxLgwjlV%6^YZ1np0ElD|4W56vhfl2_olQ9U<no19DyIYgg){YKLMLcm4DO
zk-=x-OIZbkL4}s`*8NR-%+1hn?@+u{Eq;s`Ky)l2Y_yM^mbezV%hlue=TRUGaspKd
z4yD5plC6eL_gcR5F{JTKtFr-iQA(ACEv7YE^%#~iZ0M3OHQvN^irp3?2h+ZlaBD3i
zxN;?O{*kezZ4mr!Gi<lnpt7~Rxs7+AZ0usl`y=L3?nG}T2fzuoP$^02Yg)*AwANx&
z5#iO58liZt{(X*hrPTIU|M@<5B0F^j&pvVxqbJ0WH3dTz0mi@K*`rb6@@oZT{+F{n
zz9aLC00Q`&OgpdcJNS(`vjv@_Y;3=3)XZ8bvTn6E(qtyJs$)wLp3k=B)7XM8UNPc6
zx%Tgv+%(HJT@Rog4hPEHeaW{=vevo?W;}pMI{y@jD42sqrH*(}R?4cvY_!6#d!8%L
z;jWgZCZl-r+a^@ft(hjrXaURS&-dc0VNu)sDn5l@q3omxWiBZ~>5p3d$rP4xmtHZA
zP|zyxr~bZk6Eh%~g+%cI?M^^AtvR1(P5V?S-DU0}kJWz_%l2Sj$8KV6&%Tvy4w{qm
zw!th=P45<4Qe#5YDsmy1q_8nTFH$0?5R#g3^7YFx<2|IlASIm8vB~6Uo)Z}Tve&G}
z#(nP7Jvk?Yv<6$~yP|vV@5qk&Rm_%UADOpa8})<GJ1M2`-tSL8QT^gxOKweBVWgD_
zkN!c>z-2MfARy%JlL-4t6Kjwu&D&^}NHuAz7MvabiG~_2aUCHl;;(q~MtA{ib*zV_
zq;;n6;Pc0~8|?ObX+vVfC15ur#SAcDx#>7uJ=?p45EW6oF9jGc&aU8iw={Y%&PMLf
zT<jhXXpm#FL(XpP?iqO63Tzq(QHPyBt8G&5e%2K#DlcS6eo^O!OEUU~z20PcpYFL9
zzfQl2dO3I%az&=u;px&kT`%#VEn>m*Q{C_u(_uRTj#|jF)YncHa2g2m&?ePy9F<Sg
z#V2&&Hs$qo?p&<V_FaTXxlY*Phqtb{uPdcVjwe}@f{IIU`|`%y`GMwzc&U;0*Z1TK
znrj_c{+O)kgMZ-_Oq)Uj#7TJu%$d&;*JLqlnPeJ8$_abVM4g>_-_36%+V^cUCZv78
z$tU7KYLEn&^Z)(>diER6O2N*qPx4GY3*VVcFTbOsSIq&UKDAcFEUR#szgQR{@aH|i
z-C@6x2;_&Qv*$^Ng-V!cGL!TZU!m8^4^K&nm-CZC+p1;HHT#0d@s@*})h!->?O`0h
z^BW0Vdsvdm13-M=(g7f>(zV{r*MdOg+R0eXoQ6gITIgY$NS~50?O)Mh(p<_QJrH)p
zK6-@|0#E@U735#PX&sv&g=+op7rPg#><CEAMhQr}uOb%YMgH^R{}O@n*l&QwAU?+{
z8wB7mv;iDIadY&yKY|OtFZ_}E8{7b9zeqzOrn?5rftA;B?T@I<Z;2|Se?uxbagIOr
zfeAfj2Ot$89G(<^9TdRDa+BVH)tcQj9YD#NS^}e%;cmi?aka&>{!2(d7qaaEV9X5w
z#}PX>nCE!>RnGuWW#DOOjfi2AGj9*fA<J|A{qf6eihoPQF66LD3Ybv5Ixs3VCG#Kt
z|G!{Z0RWZ-fO#K*wt!}u@%6ydYK=oT#g9Mk9qDP}M>?dN@=0=g-yHt!kCpXXZlKG*
zA66Y4-$W7uNC@~09$H?ke`xpL<L7JqhO7iCzOEy6zODWbMEb+;DgF5;OyHV_z*6oi
z5-J)k|2j18LjaM_`yoxwRZIsJMLsd{=MB<6xOM96&pz$h=h_#VnH&Gck$AG?EDe`i
z5+`}13?$=Sv!aU6Jzw(Iq|1iRp?g_*Hoo%dv>#A9`q%t_z@)S}_8szBrW#fBvo&9p
z`bA7W05Vx;W!QmfM?MAMNjL5lp5l_d_HaP(xMV%Fm36!Tenr!5i59^#@QI4904v}o
z)03=>tR~e>=xBaE=;jx#!Az+2uBk&)%ST6?)L|8QK>CqX_hR=5wI)%hz&mSZy+A@y
zQf@f?qub?iIGdnf)~eZtG{=<t@C=WJ<WYdl{U$0e%ENvR_ijh{jre&bGSkD81sg_c
z|H297>;4!irT5x=^5!}ZHnos5sCHV@p+)Y0@xA{G^9KDd%=^U2|Noc4Q+p6G^u&o1
zM@Q~Dv+(~kkNjOnwR6<95tsJJZk3QyZ@9~KO|9$({MI$PyEV!4CD+e!=}_@Kzux;s
zRn7EOymmAswPu~*M%KAb*w<fZ_Me(q>(AQRfgBup!xR>R2KTcUpv7J5kd7@GM!<Lp
zP;)r0!T(2DUw`v)4V$r=AgW3B;Yb6NrCG!B7XZwkn(X5_km{DopDOuJs0`>=8342g
z2gm@$G5_=Yzx+}W&-u$8e|b~~@N`0QYB&kFs3i;nfv$hbgI+gsprJf}KIQ4h7>q=s
z4F!cR{!>%dM(;dDRAduJDyL97!UO7YSol0gNhnnq?6vasZ#}^%3e|w4r|yXfl=}=w
zGxgL}(@jlG`Pu76ntt9y3}szuzGVW{qZ0H~S~#8GuEYB)BH@4d-oVKKh#+i_1O-RM
zD3E?%<jVczy=%dB{f1G>MTyEi8qCm(TCe3j8fM)te=z=UJwBCtf#X|$0v7=%6=cEB
z*>r<$On9fpe=pxJz$P+DWh!}V>a!xRnpCP5ew!7uJAOifevyha&c3)0h*epef#Rk_
zj`xDFwVjInuILEA*V0@7)Mqx+LcBIc*fJ(~G?sCod?`034ZFG&V~5I($+L6q<^P#y
zt>ovBSjq$W)VK5DIN0&z8AAZV>EqO59m4>egl$h1V{RIJI!E_b1kDs(U8{lKj+&<P
z<Xug7oiRQ`_Cm8EQ;qAoj+J{xqOawbuQz1^AF|Sl>5jF0?D+%K@%!UyvH-IG;)%XN
znmZk(P5ji^-nZm*m|xO4gHII$w!zRVA(Pe+3zW_IL2em<3<Pz4scCKgD1_m&e(#6y
zjQ*&~y(62<V>L&>M>zoOD6EtjO$=atU2j)577LPbj=gro`k-^-JRM-?WJ(`2mX-#~
zsPOd1Uj^`YEn3fRd#C+WWs_4O*DcI~WlnM0_Y1iHjl-9s&<dFGNYMHfpjm05SXfM2
zjdu2}`GNb+dJEmT<AYZu>yz}(Wl1wJ_QyCI1<87S^VOy-sOp9jSM=Ie#G<@kv;5t1
zcw+$=Nj*J8|IerPx3oSyR=X}QU@=ySTI`@t<BWLuQkzJ={C2Y9f~fz@ElMg{03aX@
zY@$fYJpQ*4)ONmiRo{~Dvrad1!<}y+nMPjlYvl%TJl1w(y2U=-Ayjle!t*b?jI{lf
z<<Gtmj|5U-_a^I{gn(Xdn|)QG-MypE)+}y6yO?@?Ur_ZPo+h`&$C!%j>Mg&nUvJWT
zf3Ff$GCW9_<=GEf>F`|6h}S=j-=UKjHvTYa>9sNU^$M*&N};~UVq!>SH>!D~8*VK+
zAI&(l6)LQ`Qj$}bq4Angm_3$>p`L#oC_1}v_Lk_v2V1cz+JMy`>TpK*p@S@^tbbU|
zp>!RrYh;u2(LyY~RY~r+!TnTulk&PF2-3O3HQ!RjgDfN3e6|VjAMd_W6+GAo*6gAC
zYJ*s7Gptfcyh7mK`PN9joBWb?G<w*PoQ9D*#~_WZq@8l<B8nq$gxtMP!GH7>f;TRm
zqj{{28r}IQyl}A1e*$6;kunI}4dJxv$`d<9@x_2+*=3Qm(7z;9Y{+TK2QBoQYu~Ct
zzh1C9Tp28PIGXUXIle6qfcg?_fyW33esg}2oo+Yq=#%KrjP+o7qbdJrcMx$fH>9EU
zC4teWp*biz5CFceCX+KsCcnSW*VA{j;?hEMMf~2F>rDwKz^ebj5SFW(#^s);&DNz@
z<DP8Md<FAC=mYAE?fHb(7iHIXAJO}?auN{TMN|uPKIi@ZR=*ck2zWEQ@F|7J%DZKi
znX*|2wD4E%AS`ysy~0>ck#OCsxOwmaB5eim6*aBG%4J?@j%BJ@hEpho-ilp0eJ(L~
zUX)hoJk3Db8T(gA-oeaqL3{nRD0BP3<3*%Tm0w-Z998id6EH1wNz0foHk9h#uf93q
zw0!f32$Q4~>x0*?PSm`5S@DAEQj(ZGthYwVxcj70xNQ3Xf<sm(rQgfDlo`7;R&FW$
z=4yD77~)P|uqkDShYC>TeHB2K#z#g*Iz-&7(|iOloV23*GBkkT<YRW-CS;PZRxgQ>
zShY8$y(jjr{cX9OcLi49hj((P459f+?fcv^9=~$SA3)V<*rUof(mz=QC2L<Q9C?k<
zArqqy3YQry7Brt9D$;>l1wEeba4`5tcE&LG>6jCcme!XG@X5$jqCY~J4<2p=P!E_X
zd!eC<iY<HfRbyYqCdWxm_P-8;{~TeOmZwTZBganE{@ik1Jt9A2^9!UDGWUEt1d=OY
zwi(?O2pP_w_&L<3Lk^GNZf*n+gT3Ez8a<!Ybf!(ZnpT}b#4kVNG>;I0lh)4I#X;5_
zdTNtt<TpKYbdeQNwd+!S+t^Cz&}x)ACM?dRim*A)zq!+h()t#|I6q59J8n6*S^fE4
z*BH(->%w$yh$Vc8ZF16gRY)h4I4#ryMzwTmXf5ozs@`@k$x>qHCX%%Z{vY<<Gpeb!
z+Zw)A1Q98MiXc@*L<E#h=z`Kg0Y$p>5}K4CB_N`Jg7gjn=^{;f4+=`}Ep$*iA%q$X
zp}bdo%6V>l&l&HJ@6R{J`Qwm5$lm+fS6OS#x#rAMJ9D%)bEuhSz+e>xmwd7Gxy)|h
zk>Jy?G1{%e`;x-g^NMXJ@xj_LFTbc3va^g<jz!OlVm+}vZ$5-%-&Qo~DPcR5Ft%$!
zGCh~2!swpY7peI3v^z_u7$du#Ct0i1v7p0h^ijat|J5rA>v4(c`>_XyaZtm00ye?~
zd+rWhcoAt;;d@K=+Y$zP<;&()^tDA{4q|sfV_0YbS}4S!zpkJPW$i%d)auWGw#36+
z>{ZBR%b<52UE20RNVw^3&UIh3P?;OAC*V2`c39)MbqcF0IB^Fq%<-p5H2q}0{;W)R
zWOOj;=7eHhm{!<!Tc+EJ<TpPPe)7BR^#yji7x~=I&#dO?jmafwYX5u?+OwH8Y!G0!
z<72p859*+X>ZxMaB#oB2RebS=n{#bE_WD9`!y3{yc-IH6E%e3}9U{}N8Qyo7&B)2A
zDzFOP+iyF;X4)3bl_6ncNiSlv|Jl%Yd+Dyn`VUK773}^w=?VX(C-&k=jD0!vxM7Ab
z;_eujy-Vudd~W)~?a~ky5n0&k2v0e5DEhFd;r3|BgYIyj?8)Fw0&52bIrQmC?AzG~
zHJ10Fm<8;@{xkoT8n?BI(xyo{Tr{n`M(SOaX0`b13|;i6;a&~qRtDmifm&b86nr{z
z=Zdfj0DV@^L9HtG<iezu6VI=O5f(%IbVxM)!KevI26#MM<PY0D^r73?Ka>J*Tw?_t
zW-np)M>C$^$Z1VOnu49zR$cMtMRsld)0yx^mcqPqciaN>1);a`Tk}zrmJc@SSTBv)
zBgD&M)G^~@^VACOqaK+x*W&utpI9lQL-g&z;)t1!Jy;%NnSA9%!)(ZESXAoS@dVj4
z^j$K@sNS+(VzL4V5SPF_3)NKgrR3wLnYL3@@umU1?JASvDp%;rpaj!BRKM>Rao8xn
zZ|BY8Jl;xQ%#nkGq_1Hg7sxaIqtkAfkJ?9H0(CK4+QiZu3b)Bw{<Q-sv$3J294p7q
z9*&;cI_0N*l}6}{`U;!y3O*`{C$~ttx+rez_}mD;L;{|gnUV39@4=q`Qm1vndx@#e
zb18>Aw@1sN8fCj?+d=O0g=3ZDfisT_JW>s+ocb~xhi=7~_rDHXtx3cBUS|zEnlP)a
z6nRdW?l#RI<KWKRC>i8qwRDC-`uRI(60f!(HBYjzN3x-a<%B%L;g8F;5<aVBM6Rk=
z*N{WewZ$H<;lLr9!yaQF8u-%>711>E4TsIoz%jdKKecM3S@-l&-)OJ<u+0)uX-!a|
zu_eU2rw~n8puunEIbuqr*HT;FdicwnrT-upNT5s?46G&XI3BiVUh>nXm*-vux=Z0?
z=%I}}Q<X<A_cs>L;vLq)Dw5xL+0O&ftnS#gUgpNeMhV=2$Qm^;8=Sog+ER9f;OT`<
z)ah<G2iGjIZiF~rhfY2W14tkW1!e_^v-G!aQY?0r9ZdQ!S*R>1gGj|LAq<?4Zp=M!
zllE_SE55xc1gm{ptH(9`A~&jv`jKT%@@<i+hnm9nhx&{{_L$<X1Bw&7Y-6muJ+t5H
zWZB+O7!W=;3N4ttS&TFvlx2|XYC6l!*;f72nU>|rWqOXi<3UpRCP^eu&~PN3p6Au<
z3hP6Z=I3W8M$5g52BA(nKVI)WYh;;(w3$((;#NmX4PAnK4<~u;!Ix4qOI>9Uu#7J6
zh%*@AthwmBU#_VqJuX($Rk*Vz>-t{LO%1fCmGfku2JF(@;Ts<f=NSf9fDHoF<&|}T
zMg2liE425pCbbgxwb#%22q@R8aRKDR8NLCyUv5Wr_+l!*=v(2nGP-RSBAbNjq7*9I
z@B(Cp*n?`C#PXMOtuFP_8t045jL(R3wNN>Pprl;?j0fiE75mw0THW5vw}=^!<_(X1
z(Yq#E6D#7#qFdusF<G~hYQO0;n^U;_=>&#Z2pS~Sid_@OhND$3x$pGpw(^X-mSNoj
zin|4evxPp?mw)&mqg8Y59u<@5lBZ%yrB8QF=DGBpWa%z~-r0+{o;B^%uE<Ln^f3f)
z?d`<TWo>t5t&W$`%A>#knmrV=th*Y{NK&$J^Qx}PB{xc;{e5yVpCwzk8;Vr=_FTL1
z0}z_;{b)rpZ+5<&bY3vu&WiUIzvcBu<ngkB7}O3YbV5o+*x3B#<>gzMcO|ZaF0W0`
z_mr%kI2m!a1dnBY59HQS9nR&+iX0hq(n#(BQu<r>E2Qgk<b<b!q5iw31g?CcEXO=U
z4fWKw<Es{nBU46E5FqaF9W>#tVJ{x-wIXSG%4PStMNjNwAKmTxdYEBqEFkMmNV|*2
zo>yExDVxBrGIcLTBEZ9Z`j%G8?3kt;3xf97jhkjcTpf=%{1lWXCc{=mER=Y!tLa95
zV-{2RqqPoB0b<;O!P%BNJ|V~2p-)BApGP|%u3gPhN8qX`E^<dlJ<kYKs>s*H?D@$B
zv@L37kI#Fpec~`Qeqq$u*krL%may5CFUCRutdXn>+)utq3}Q<LKR(vzPL|}xj7jlK
z8reA#cnr$4Yh1A$=Phdo*6M33wmqwZ;e@u=T$|tHB7_nVnBPynHi#^6U8526H?Z=m
z^jSN7WdS`R_?mU+>p1L5mB4V>1$hE^i|XJl>XB?-_{7E_aQ{$!@NOVN@+xPj-41%)
zWr2qSq}6*nOdDdqzEfDuEgiaTjJ`o0-%!}X?~z1G1Qi-#F5!P=n50_>mDx`htN1+q
ztSA`W&BS;$hWl}N0Og7j2rgG)1=N#sZB_<C@p)64N;lwp5tFcupZ6Jr7PR!O@Ic6>
zzs}|wO72`72r8DE{wlZ84du)6zUtw;Sc3Hxp%yauHPDmY`Q1coIOCllbn_$hM)7dq
zFr=?o2rNtRtM<{-zMfvNU1_Ad<(1<#uj%a$I05#<M!G<1xy|MJxwz?7=dP8ZIb7lp
zrey0H&*{FyD&J7LqBCG$4Da-~ZiP&e2*@jsEVnF?P8`l09vkG!MS!&PH9|ZwGT__O
z<ME;lTj)t87I}1)>w|4YE!(SuBt3V9C>_VkydF`pZk%J8uzKt@ZY=kMzBAv7G6V4h
zX<&n2je2x9Ma#+%y^5|9++~AQ9Igq}z$w#rnDji&J6qE#%HCGG*j_Fw%_z^xV$&<)
zEXJm?L<Pv$(gi`dAy<FCVw$XM-ap-%C0`%?@+DiFR#hYksipGZ?2Wl+odN1WEQI6f
zSNQ(PHn4ClbaD-3jh5E)wLd-_79x!P5OrD)Cx+If=U8rWsvC%p^W9;SNfDSAPE1Vb
zJWVl2&-rrbFVCH^oz3Pi?iQ#*D63@_wUBrE#x>0h&&O@4d__=cM2sXj&G0asfz_E}
zB+j=W2QkS6RTxOqXprTfMYodi)u50LgJtD*WBZjY?5@MO$kU~&e_goQB+X>jGC!3j
zdr(u+8PrV+D<t&(xVAa9{^&+N&o!PTkzxy#Peb{$w<doeeeF6Jf30*v?N>g|Yt#u9
z=oEn0E4iae=GEXTR)J0ehpP5%<Kb>o-%oC2li!EhqmfFM>PgS08}@B|6Ali%QNo6b
zorJ~b&!*VIl}XA36^Qx2^$tZ2H}0{OJnH}%eIj2vZB_zbsdEz9g_RKNMW(mT6C})Y
z@3`8EjRZro|Jb->RxT)3u#NpVdne5qq_6Weji>LkT2`6NT7rhu&!u9+Iy{dfh6W?4
z&YcUF^x7SF5*|jV2Htyfc4P}7>cjtt#prUJ%Z(?jLfjA8Qb|Zj67^8$OMH*MeuKDv
z5>vND`sR`*_+=}Cv@TeAnCbrE6@Bx|%%BKjJ^BvB#KXv4i**Kml95f;uW5SCH#bL+
zOq|8LVlK{M$zsLg#nc@ee@<2M(~*)v>W$EOZDKWnk>-v-EQP2*Y>`oSR`BBdT%Yf}
zY1LwraS<-agUifGxGiFll)U{iqf5*6DO)RVRzU%z{hgF=oQtl1?g7>S8hiVo&5u}1
z%RK*CD4F6(_?HmW@F=yom%Mt?Xw&()#-D=mUp~;ZSz77_nzvoaIaC_u`e_=^B>9=Q
z5BiLAUdV~}k8~^ui2W=?5wWMtdwzdyvB?(9GevWi#`PJWN3g?}8^yGA@cFu-!~&Us
z#of{r0R?0t{F;@Fg4En#hhL<9OsFB$*jSj_JoEqZ{y=uEey|(P4Q|=>Rye!d2lF1o
zd-qBgG_+1G_Ao_iwZP&NQRi(|YN{?Dzp?&OP+Idu5)1&=oJsDd%09~BRY+?IbB)!8
zOU8AsVzgS^Ti<-v%H4xp{?m!kfLn$JUO)~d4wg0-O(aK{dAFX7VEiQ|k9py`45Q+&
zTh#(&9ILC3u!c{G;!l5%a&nD8<!Na89xpL<UBA#9$Uqvn5UH9bcKyzsrzcMeB%)L!
z+1Ywa&1f5HoyG25Rqa~rI8WaNtuhex)okoxT{L;E<jpF|eEfUc*g@|s(@HW?FX>oX
z{Exby0(i;GOO`IV$8P9fKgu|R-g3@B$Z=_>e}7qj1Q<3*&8Wd|KFuEw2JlHHaEZ3G
zZn5Jv$A5l>pDVGyH`GBm?!QyVxgH2E;r!7>{r~<9GHlGmru~ehuB_vm<Zpx%{PVxV
z@cVuK?=bxDF#Ky_|9w%c%d*|MDGw^C5i{Y*08fxVdGeLF=-JwT>{8*wB!!vf6q|J^
zf<7K8^c}TJr@aYmzbbULGZgLh3k{HS7Of0*`CBcYj=G~>4t)1T{lfm(ic#?TWG(W`
z`<Ai$Hq+ZhapSOr4+q{XuX@C9SXZqkSDlRO!e#^oo6xer?lpF^#006By!Cpe?JW3e
zN!vN&GO$t1bo{*yLqpTki~cWlJ;X_XKC~r7)!sKA(7zU>?&zM32DaDQoF4?zN*8(A
z0WPIEIl^$~_@;Q~#aSW_l@p3lbQj1VPnVP?t0M;fn#nS;t8X~;3x9Gs7@Yf4_stuK
zE_ml8OP2RkBD9u`NcwWOo9_Y}MMde8)fCYg*A@1vCk?p%el-~gQI!p(e~M%}o;$SU
z=|y^<i3Wn1ihi%YL$h0--zBmk{$8+LH=Oy>ZGprlpWVG4r2a<aJv*=;+yew0b>rQn
zy#HuVApV&mk->5iYNW(knV3fe#59S!<w})C2<@>w-|yFNnUI#nt$W7cnqRQs4}CZn
z{;&(YUj3Ve66w1nN)$|@i2~oJ3bFemHF5($Af0?pw+3$p;Jyfg0}x^9$U`6S_cI_o
z^fyIjV522f1+<Mt14$GFE%vP0ara0z6L32uedGj^;@{ktR`BE7bL~Hl502uA-=E`}
zF>9p(zw^rjKkD#2{p0Hjem`su&_qFjhDRHsCd&H>Mcz}#2IYhZk^W*`8FnfdtPGh=
zfFE)mNk02?P%30hN&A37g=Vg)2bWQP&|G_hmh*hOO`sQ`E{lPB^6Esn!f?JWpUDqk
zDa!C%Y6{@BcGKq~Wmk`4fWV9Z3o|$X{W595YdmYw{U1%3zsF0a|LpY#Gzdw3;p)XT
zJ!0jzE&eWm`J6y1rCVtdbz5&gI2i(mG$Rj36lpNjk3)&7DA&_vOiB8(3LDfJr5<W2
zU*Nt83VG4N^t^3=>1Q!8EpCBdX|O=0$h{RcrF!%C7XyyPyW|Gd&iAR-_9U};iygRi
z)2jqQ@zcC5S!@`&#@wAE&N*P!8Ho{x)fC|f&XL6DXYa3YqX0;6&`zVU{nRaKUIQkm
zG=#WK*ch_0%epp)$o6l2&vu?Rtd#F?UDkZ<eFq0kkaW~7gYVa~-@N%SQK&}Y)yY#9
zT><tbwwNcrsgbjPl<n+J0&Nmu*=<&-)CSM;Tbf6HkVtm9Rk6Ivs3kmreAs+>jpyx4
zjfXjGXbd|CZzf0+Iz$ay`5F$`d)$^T<se;&)1klQWs$6_jLgeALi3hp*3b96DFasB
zM2>V<Wfpt3gZ7Cl`;aSET?c9baKR>zq|71@XRElP8{6fJ`)h&I^Y!NkqPF*wk4gN1
zS9n2Dk;bq@{;tiAwpOZ~^&-UW937{cfIx=3Sl<3#V!rJ5d`DbHeHAM`Z$zP_r$Q})
zk~p_K&#wywIqW;xFYm8r@Mh-<_(b+(AKWxCp<k^D4_DnZt!<h63K=qlLmKwe>_+OE
zcBFDIok@>UPTcx?uy`hu<b<)mbpiP#(h&V3ZZ>Ewv0SxfshBP@)6%u%bYH64p(bg)
zqy*&D@b97B=bTZYDc}%89@aG=@cDtDCEs@W2)AgYmg=>~Zgcpn9yZ>{!EN!yD+=Qr
zx~iMG<c8<CdbM#d5{Vmsgm`X<TliUltzah1O?dQhVl7+4W#3)s<`kKHD(}45dCLpO
z9AR%MjQc9rBH8?CFWXe}j<3Tq!C9r&XK2jVe1FaZhEK(K8GfxMsJ}To7ppw)7_OS|
z%6zgJQ(}ga?c39Pq`%PntQskAQtLSzi>MIP#`AN`H=`*!el&5eA{D|?OUB*m=9S~Z
zBfnE9zto-D>~X+bjZ0OV7p5NDZC=Wlp8chFZ7(8#x}7J6yIJ%CoaRTgO@!~pM4gRU
z-#R3_!g)szWVRFWHP_oKw9m^=JHeIOA|#WTAl~x0)k&+v<hqX&wksdZ+ah%@#U~7S
z?P7Mn+|;Qki>}%5Y>T*7Yd28_+!A#8_Ox5$^&-$`RkGgAUpJnrTaXB}z|_3Q8F*|h
zM3~+$j9RClH*ae0DwK=nf=9hhOhiFgm~{qWhCl8RTZ;+yjnYRBVKt-3upZG2#<{jA
zeTM=)-Ln^3`MhweLT2Mv$*7w5KNt6l#6>14PqGo~C6;IryI44Z`b7wj{&4=Vy3S!O
zJTO^;fuXm`y*-g5STeMbU^NaCbGx;iTCyy~0*YYhlSq<2p-(XpUyG!nHn>&E+db~A
zFtvxPRW=EsxwCtU75QoDJL#-88;O{4TrSysF6YXKgW5RNod&eTDRW9!X{P>B2Uf@m
zcNpWq_jhw~BA(^3KkrkB<~*<G)vM7fJ4z^B<Zv&v<2N&vMpb;I@DI?4VfE2l(>qv_
zb5|^FS-aa{>{30v-1s)i%G{5<PXW%~aV^~8Ayyb~oO7cB8&5v1gyuvmIjs-noI$Uy
zo3O$yEd8+2Qj#f={aNoknRZ+IqWZH?ilgo`A6q=9jx7bY@H>7)bZ8&cj%k^0OV+qW
zhA<QzV)Y!&o+6#gI}d%3lY{GNo|>50_NkicVH=0Nwa*c>m)69-b`G&eT++NxbFlSl
zG?LGl1>bR@XE?z|2&(O3ct`;ZZeFFvj_fjahcZchBW*9Fviz}+zoT2Xt>aPN^H<Ra
zxY07NhOqs0NNtaep0N2Qy@0&qXDPU*{!rp>TeZt#S4fSFZi92Kp~%)aHftB{IBK!W
z`p-Jz<4`8CTjf|NDEfOd<e04!Qn}~8`1x-xHSI`-=CZ~=GLwqwW7SxHTI4ABg2lw(
zmd-8TE`Ynbw+BypwKa^xM(jNc9P19>8L|jCq@O!->J%cB*$f#Nt*|gi)eF6dS4~vr
zK|#Zx`pH~9`-@f{szk-pm1h5Qkk!0#u=VJ#`y%;`r?(WJ(8)u`E8q<WhG-}aLfV)Y
z@A^$8y)>eHS>ECRv2yr95Al8fC-=3^xDegdPJ6`r)q?ts?#1-4<rM^M;jQ`_ArYa^
zbvq#jyWczSr~8!-O!!+{84l_kVBZaQcgI|V4yxe}{N!3P@h+z%PdXGa>k<#G|9pco
z5+qcs2A9I7t_pq9iP_t^${F&#%*@+L9$mc9Y0TyuKhc-U^Z0b%6dS}H!$m>QQ|`C%
zZR1*&DZXT?X4GxV*Wmi3(aP-k8)fhXuI0XRvob=Jqhbh~p1-|u^D;@_+U!Qf>I>0v
zek-aNfWj%`owE>+QFSR|UQfm<&{v@-M}WC(wf<ynC{Nq(HmsfZ3s5UsmbTv%Md$n8
zd${<u8P)j-X-W13?BB0QyvfrE4gJb%b&{JJZhKTIH>Hm%gs04i+xq5`VSlmO9Q_Lw
zA46{J`~Cjz&%B18;<vFw%A0fT4lVtK<99~)uq=IgL-?(Q=(ic3V>=X=ilTpHSdCcl
z?4~t9%e(`-kyQM~B(?*dD8`4W)D3JxpJHQi1y__GKAfxgYI$jA|H$%@0w^lV1{rrg
zH7CH(y(6)^pUDKJ%j8?eu^OcuVrB9QsVqF5#z^^q<pKy*grS$|VIJM0=pSmLH1vMI
zNc*}HC2r_tePy*DSZJ6JUN$Do_7<9D*RYKx;0c7(j`?qIwbD&;11@0Ct#DGVpvvhh
zJUX5*NSTJ%;R(jM+G+VqAyz!aX_$I|mxH#yRc9fsv3qi3FJHDUyUlW{M-cJOL&1Z{
z!2*{sSKI04&bnI24)5Jp*2c}b{%!zu3UF@_32ZIuIJ`ia=!ILlx;sfHw)Olwu%p#R
zQ{ncuTLPO%l@MOo670~5e*|mCCn0pE_b7jVovvARmv>Y;Cg;0KmR4LVjdf@1?p(K?
z5N59>#hPPfxeTb#v^RPPV8*56ilU#`U$c53KJEdsgKzZf96>(54>@z6u6c^b$1;;9
z@!t!amAnH^)Loi7`0fwk5jS<Cm4K_7=!(tAzSqqVFZ|%L3rx$7n%i#R=Lwt9ZJ+U7
zG}bqQy7|RnOP{3EA*P42-|NeZaTNT(n7dN3=a97)8Pb`;Q|c|SOo_tcsgADjCRMJ%
z0&ejnPH^^AgzTf~3X%$TN{<u8ZM0@exZI0(kTuS2s#kZiPRBP?)SGPFYja&tO?D4+
zq?tUd9@hLgQ_gW`QsW~>NabN^S7HCeXXUK3#j%^c-2}DMq>eF{Cc+TC^X3%kO^uBP
z^K9uxuZPWi7OLsz8sD_mbg!}J2V^lO)`%1Ymza*84F2R6nN;y&IK#o^jkCqv7CEbu
zQ?_b}?GD6dYQ>|rHa4!8pKeTW11mklT)VpeB5k&`e*-VvJx&t0u<n)&`ODp(im&c^
zu<zlJ5bwc5o@8+?prXd!qLCavj(vAd{guB!+vYSlNquE2GF$0*#ysP#0A6F+m23yq
zMW=S5K0fXlw3FoCVf}awOX<<XB5mstYL()nX>>SE0n^7K9osq`k?!yPPlLi(*h@ay
zZ3V2G+mQHhVvqXFmDKZljPkY8`wv;wf8~0t&#-a}C+Qu;rAxx?WVge8dX#qbmB(rD
zUpb9poCN3~wuJo*oy=A@{9J3XR)40OZ|x{Ra~<bg@eW9<gMuD~U4ClqPN<cf^wce9
z*2OBwfTz>+;;OzQ0djC$-C6PA<oO#S26%0#SdvJp20fkkLYek~U7fN2k`bT#-N)?r
zOqo*Ef!0ULxE%Eq-%#Ep?W|PI-P;nXr1b|r`3JQ9?4z%iMo0}YIEXXOZcbH<^R=Ys
zYSkdJ(hn+}<Z_Nj{4QL1ZnZM3*~ixE05YD8+Ax#;T%INLSJ9KwQ2F?oAzgR;=Ec4(
zgtYI}vV(EC<#tgpvhqYxA@J_BHg3sXgq<7A^em{UnEF)co=CX8uvs}6duEGA_50a*
z^Rdh@dwK-spu6|Hx;rXQO1t=j$4pwcAgZ5fOz?}*-hlhUR|{QCh|BIKlc$7aA!L|;
zx3OBG@Kgzi_22S>h!R6m3Aqd(nHr;vm=0*Razc{!LD2Z7uLwz&vme>Fvm4yoN*aXQ
z!-AiT%%I@6i%<6%`%W1<Co*;uBgR+^Sv7V=50?72Agv^J3_#HJV%9up+V5xEhwZ(x
z3{h!?X3O{9lyJ<Sa$z1jlg@KW`fsVApCFIZUBJweoKjW4c#EkBeNOVZ!7a6<tL&T_
z-=Gb@x`RShXbw>C9+&vcS`tF4KYw<r2A=KCy9oDhkU~Lbd9>XAlf==ssj<@n*J@DE
zQ+999O|HHEy!Sy0!Npu|1CK_+jhqXH!v$?A$gB74Wt$%G%%%EPc9d|q*taqn@|a6D
zzkYr#v$-H*n(?||5Du&bs+MQ-E9L#^kG%}%`$&;}`Yc{^?6rmWhQtdDgDt~UQjI1t
zHF3rmtfyXfOK4wRAK4`cwT)}L%Y|FoGCqm)_{DX-Mk1>yeKctZR8HfG!CR55{f(Wq
z`XMT_UrPy_nB+X)`{z-`ct&~jM)_^U+9%XXVp>o!+ku8Jm+e_@iXJ3!6sp|?ss{vo
zOM>G#vRjVIP`rl6)qYx$C6^V?s*`g)$cv_cT4C^D@``NPpL7C<faigk+T4o`+UJd}
zp1;Di_nkkPL$2&bGIjgSUXgFf5)5=%)sRlTB@SDC=R$+XR&ntb#;XWSdR3Xx&F0ZH
z@)FFd%WQUk3c+jZM~ueG;d_ZYeFfH|*%|qUm9oS87a3m37v!xXQ@zv{Uz7GBLtOCh
zhG3$_4Cj`PJ_-7i`C-r`eMI~;#kV5H5LE%!!FLTtheGr8vLaRa=T*zZ=Ed|Xz553<
zLiexER8vg?1n@8j{bLC<=aAEY-5uupY=+vBbn}CWmMN28_u&vj%lY$hn0$+ZdMt~4
zrM1XI9JA=k^AOv|4zccgm8Ix_&^;g-roT{ZIBlI9vXX6_wJD<5r4Nh<m1PU1CcS*G
z=M5j2O}AW-hX!)7?#A9b?c5QO!I{-25Rv6?K(^=jHQ}^F054_gDvwpq8;?$+pzN(?
zuVaNB$CGht3F80&kGYoRfU6iS=OrK|H8=8XXy+_6^YgUMQ2=7W?AGT-a4<{cuQyz|
zsDFkqa&5<A<_g>n%P{TD3Gmx>&tSJFh(nKG#vMAN3{8+)9V<MGl(+U;{y;BUYT!m#
z6ws_3v!8mkq&wXcmttA*d{B6&v{<uR)1xn8x*QuUQBgEIXx3sm!xQB5E6tPN{F$+M
znFuM8TPx?jl=+>Nrx{+-N43kE`Acqvn@q;uhsD~To^}sUBP-W3D(aM62_--zn^xmX
z99zx9uM+$gt9dXQ#!lqk0_P@SvvpJak-`&@p7-swGt#Dtv+}-AS+j!Psq`!<Eb}Qz
z!L0Fovmg9iQMW#k0rPSNst?tIOKZa$&#Ox<PuF^GZolDQ+Y*C;O*!Rgz?lEVFZ#7w
z<>?fSj!Adz5;Wix$c)u5V|Q&*>uyxLSVT>FQMU~+2aI%e2ElYp8U9|{VJkeTquMsb
zLoIQgtX*fjMrDn8JaYnNtn`7)9SsG{PeXur<{B5NhvW<>(-Cm2;nmW&1?R=6MguRd
zY|Zc|Buw2c7u%w5WzA-MBduRD6r|qC&?gd8Ba1v(aX}0ID9z=ctEZkd7d8c+HrSN0
z3T!>K#0?-tw>_c(y?#{Z6f0^WnarjKRVdQmC|$~{)E%oijJrRrRG2I#2|}QjT>nju
zAYR?{_)feqe<$8&Ev$bwruE_2!PUIS1-G*t>ZSrZD17%u;ZY!VdIE8`hN9fOH!K+N
zhcs>B?Ec>TCM9*^c9{ysASrrzL~{00Ll={TT%E@HT2hb7kg~|=0bs&8LfKeFT{~w*
z#Y(IqP{y`gmD;x~P|)g-N3&L=^R>{&u}HqkI?MXPGu_dTnv?e0->A(Lbdjg;xPSYA
zN{#XMaB21PZ<#CDy)o`I4&#?znScjxuT3=~4@?)XGMFj5T6aWo*Ln-x-E<!;lnl&#
z+|tT6>L4ghtn;KeGUIhvp~FYqM_%@2h<c12b}X$}Vsi$A!@T;=JztO(g(+!xwUp#|
z`<DCQP0qZor%wt;SI#vJCk=nu$NKJ8S;nFt9GHISHmqzl(wg;bbA(DXuZ<;uSl~Zv
zrhd^J&kjY_q<5$IygogMMY@v4Id)ibZB2^MK1=C~4Zk!E=%}JkJzde}HzF-UaAnsX
z_?q6BWZ4)=;WIW`wsS@<B}$2_mm)u}uP=eRz@FfFd9uVAcYMid;X70!xxV8tL-`JS
zQJz-S93tH!{p%`z%cTFK4OINvn56a4VZj)zf*L<?AgIc4*ZcE?m%I7H0yKE_aScbF
z?+kq5<X-+O61|GsvhUQrer_ma9zi8B`nwE$$WSfnIZ&HHtuGcyD-zihPit^XJRq$x
zkK0jr`}4c`LK!(NBcrLILqjbRekN@ojYt&=#OCNzxKSQrlcEBzNOR~Py*={pNuJ#V
z0NMuK&4;VP1neCjuY{7zZ?@WhQ5!qQG>Lkw<aZ|5YY#h4nfT9LQNDBuF_hfVsXd%+
zA(og#%M?hZa40o!Ak8}2;V@9sJ%BX24egYpc3JGS^#5Uce{<Y^uZcVzv-y&WSV)5<
z1vKlG$g%Q&T=c>%?-g#<_qx2!pDvrk4e+fm^jy9z>*t57kEO#yhb(n*ix2coulXVk
zfPJ#zYKRr)1GVuW8LKUMM2QG}oVa7yet_Q5%6&Q8oJ(cWudETH2lKyB28H&<-a5eQ
z-Vtd?6}g;>i&-7zABVok#Xi+V+6LFVM>TIdzrp>p*x*1|KUUXeo2OW<%BWbanpGF?
zy$99lP}^EmBt6)gC8+?rt7nY@qtwkxZJd;fer1o~(ADAi$Zu-}ns1!@ml`6GYiNW8
z{KjNu=_17O0GD{<mGuxvEi;HICWYI|;PO$gh%%`3W?F3BASTN;T^0rB3kseVU*(6l
zzo28354gkqq%h*X^pWkoQxS>4S{EafH}2C-4M=eHu(E)X4C$0-_a>aG3mym&9n=v#
z1%zs{zP+iq=PN$oz^^e5gcZzxSC0@f5PE%NiDS|Qyh`%4U}ZV28o4G*`=}frj#H%6
z<sEC%QmoR-uES*mWkw;Scp_yS;s-dh@zW|Nq!6DU4E0y!-?vtD3L&J5dORRag!KCs
zO#EEQF}B=Un=)7v5b!XA0%_FlMwVZC`d2z1R8F&Yh$!)C@yh#~=h)QS6o_M{CggzZ
zn=xk-nOkIM+Emf~u$|`d)Q+FVMLy@3!`Sp#zli?C&>J){J+p-K8I<&Qd&1h&mL4E<
z3k5od4hc4n)ksyRRPr^*8H&H<{ePY0(tGCnz1<mvaPJO^Z}&AXtNgBh+c<6_Zzo*i
zl;v=}W7UI*>NDeP%^k?0^ZfX9S3^LyjPwSUa+#01`5`BeNjBSb9ak^0C#ch_7K}q%
z<0ItMoR|oy^|fR~Lp&nwRx$SW-RbR*vSmfH+d@IZ6!20k_vVX?KtmLho5^?ubN>RK
z*Ll77$H%114Kqp$nTA$|h??iU;@A$WsBFW5u#156FYWi5q!0259ZVnjqzkRYqosV$
zilw%4Yk{KdG4!ZdATf+Zd>+}xi#|8MhG2;s&x@nunN6!M_R-BDbn*)z5dF-j0@Wi}
z>5U6G9@kl)Shj4ph(_kdBjA|1E&>%(u|Q^n;E4jSGX<Oj&MZ8sRY3is^c_iJVoyS6
zDkG)Ov<vQYz?ZPW2E$L<RgX3o+Duwp7FNM=j-rUo59eqo+^Hhn)nvoePysb!oTnX1
zcNp>jAzR?~c`}J~+APq$GOuhfFm}H;yP+kJdi7?O%0)UJxBlW50&KX#0X>~pKJlbH
zgh~4O7z?&Hf)3R5Tw71=PT96czg7xEwTv(f!j8q>ptfEBGO;pKo1wrb8bU%xguyM}
z*%tcE_LvU-zB%u4_tkgULa7}MKy7^Hw_oBkrF!Lc2!qI@0AJA?>i#Lx1Ql^F{6ACo
zNct&Qr@3vc)R7&~#GZYU`w$sIlK9vCQ~nh6yzTBTzTpw9aMNHng~>`lE9%F5$7xnQ
zltpDnacZ=UXh@YV+V8!XYpMdJC(Mf^E*fBXW)z;}SksrH(Brn($-p4ySvR3q{;oi}
z9=dCki~8^uT~#yFA!;VDbf64uWZQ03Xe*W{x*2dh*!EuO&2ka%L${_#CQ<sj<}-Hk
z9qhP^)9tN}x{U24W?M)e?qL*ar5Xq8tMj^>SS%C^NBzJQ312!%PMMB4vFyKJmi%D&
zcAD^)p};-Nl-I9BnUQ7Io$`l%6R;R?sI80es`;V}bZ&+jR9$8V>g9BlNHZv-589vZ
z)JcKX(NdE>7|NO1lRdD@pCTh*tZywk=nBZ7M~{&5l9j_f$Y;v0<qeCdwJ*@k87n`d
zES9e$Igaauhnys4Vsk4)pMs=b_oD9T$t{U(U20A3(BVjs0U(YN?D2wpf<WL{;Az`4
zCDRgI{EdSm?{k-Le+5FW2@D<{_A<3cUu63dKNjt-v1>^6wXQJ=1;IiWleyXM$lx%O
ztmx|GgYBVFk-}NmX%S=xqayvSr(e8fzQ>*y^PaQL5A4;vmKu8S1*cy&N8cBCsUNg^
z+nn|;IFBgHn6o>!4*-CXmAJq>QzALusYEqXx74Zz#?Hn|nZ+iM*9%BBsX0vxUXkZ~
zy3lay8%L0OzDriw>;)dp5sA4C=IV`rNSL*T<bZ5hs4&pPjC}Ip*+!z0*S+rJxWHd0
zedrZ|7}cr4#J=4LLzP?6+-8S0qGlmx$QK*w`Qx9JF7X_4DB0dqU_J+$%_DAN2h3;+
z+$@{JJdDpKjt;03T=2>^Llvc4vB2U;@g8VCyZ&u~NV@u4Me}+D5s>SCDEG=gOEYT|
z(7Vs;b6nLaOok0?%yM?Rgs8W68+w^{CGJ$@7nN#gHqgqqTuou|Uus_fT{5M`ya|Bx
zpA^Z&r(~e)Q3W#v4Ry4@D+1DYQ;g>Cl~b^TK481+zjVRn(cN>e*&w7$lhK^+ywz(p
zjSGMdZoU;;P`s^vCCMepQPp<xd6Gems}c^l@g)f#*|WCB2p5Lt$*}DZi8DyA=Ah%;
zoFH(~8q+TBV)kO9tgZ~(G7uSv>P{3m&bbQL{td?}?dZ-*fWeSS2A`Y#CeQiz01cqh
zF~33OPkUeZfgOh;0sNKC5sS-lPoHIt-zozK@Re#)@UcGdF|Iw_9ns@o=MB*C8$q~b
z|EAw64h`U{2OJ&Gk3WW@)NgTvIl}gHV!P&-V9@zWf8og=57GV`qt?PJ#Qy+LyB;0D
zXrb=W=;N{kGOvOET%s=-@j>4a@%TrT{$G#H0JiX(zenWlrtD8P;s;I1=Xf8g^S?3I
z$ZvYibo@bR6fOOTU9BTuDcdC8WlA0pyL`z7h+V!q!0XNi`<E3FcsD)Y8d?9@yyLM%
ztdZTHEb_stPJ6%9#k_2dZ5bTWL!#Iqk1mT5<s87_MdatD)V?MOT-cme66HTWi_Tns
zEAtCK>%1~T^|tCl?Da(zE>89!buRZ;zq=Lhp0TzG1#M`W>DNfF3I8#0{in;WxBSV#
z;Qk<xA@?^ji6*A}j+46|_nPBR<m#-$b7@&SNlCI9JZ}a3pk6YuPrh_aI^*qh+fS5u
zdyt`c?WJ^A#nnnw3a1?82yT9B0zcwCJ<vi|qOW{Gaf{Vo(ASS^L+g9|?=(O&{tEzH
zuLI)Y>p(;}Xb&8iRJC4&0l%{U!BOqkePGGPm(TRyd%6)F)2<({`u$hhu}+*!#!tm=
z{xPEeoDnatfyP6{|CFZs+g1UZ3BlxS`0V`fk2&$LivY=uv55b{*NzX&G#``s565?*
ze^1F!aEsUe2WLHF;<{;Ump#62{&fQ+pe@*1;eRl7YXB?@!kZZX|BiTfMiks)=>K3V
z=L1F=N5M^YjMeh*8=!Flx5)fI7~Aa=o381fQ2lr0LADuii~pZY1bL+Z?7y@Ch|HV+
zy2t<e-~YcRMR?=slm7RvUsquvr)uN!W01Sf#&+{fSp1KFtn=^-Cv_r!UT<>`1+=d=
zvZS%@)p4?~mGzoQYTL8*&iKf<_y5cK`d`-9|FXXRA6Q?CfQkgTQJR2C6Z@h=x|ZYi
z>b>NuV1qaf01xwWY9L~mYpK53utNSgVh2yY1=6cMv1)78wXxbabsq3rc3z(4FsOU+
zXxM(_dhn$q(2SHCT3jS8Oe;^2i!mea#cyxYfSQ-6Xq2F%cNiXa*MGm%zUa1LMK{`-
z1-?YJ#bYB399nFo+p|>8qqb|8o3A=6yx)W!fU2Cu?vxyAdjs`ur7}8}{UD_@kac~^
zT(`>HB3WH%Ws+BOA=|XXYWlp*sL#V>T-tA6*Z(}&l(?Mc+b@b$p?66TCFXB`_GfN1
zMRK?-ykK5jt#;vuH{TvbnpxH1RIC@xDbqVZS4X0-hqgmqTIL1brw<$XUU$^&B$)#y
z&E`1Px4i<R6ddueGrGnXBkm9dG#$S|Bo4^dN9XwFfq_vmF6$Iv!69V4{g;SE`RFjO
z@e>Y0vaYp-azzYwfK`NtwI|VDxNKeNh856zQZVVM*1+2%LQ9!nUN7WYVtpB*{hkey
zn<+;9_fuR(lLAoVMoId7e|e9AOiGcc{2*q1LW)_gN7`!YB;EyoD;2kEkz-DtE@07q
z({TsO0|4^(uujP1{erJe=3_e3^5ZSjS6m@p<HJ1H0r4%i=qXRbQFY^V&UVMfG|Pw%
zqm(wEdW*yGrkHLiOfGq^pByAG57>|(m$BU((dnZ1_K<IQW;;?BmMnQ?;qC}1EJRiA
zl|3&=g3NL<h;MkIysUmiQG2!Se5Xj54H9%1>KTktu92Q(4}z_oJnrObqei6Xfv%R!
zAuTmHRT{GjbJI7afzHk)!|q!R$QvFs%$I4{W}EByDjyfE)O^;;QSX@6KZ?oMEgc!{
zla-YP6*<)-y*=s|Ejv<N^qY$v+$xtkOL7L6SBe_$igIbBS}(q1ls86ti;bB{<K(%$
z_|h?;ai2!f`GoPSr9x)Lj%(CY4lQHo_ZoA%^H(IBC(Gg2JTiUeRIMi0dvNue2J}4%
z1EZxDv5q(Db1zEGO=Adiqr6xTrlx5}5T@{SZX63!B2~ViKzaRMr6US5H7}Z8s}8Kj
zJXc>|&t*W&$!-tuq=W+`*3FOrs0rqSBO3Gj_$`>Bwe`nspR6Pz(3GdK^`xic)6f(&
zxdwtaVdo+36S5r=V$B!u>HQfFqGvwht?O0B#EBTgo2izA6N1e<Ut=W#L~K;~stX?)
zp&*EjiKS(v^Ut}VY3gF;YtYz-x!Q-MT;bAj$>Q`kxKVa7ati8Ip$wC+h7r8F`5&x%
z4|W^8ESeUWjnG;xm*naB^khmb-sk(5!xw$Tpv@n;^xs<}h7e*dL2$^r^f=CgS+DKq
z=`P<^xq0uWRg_cpFw;M*4&SoPK;JL@qo!GSdG^e<>}##;uFvp95qrDCUH6L1gd&6b
zCrE^(NVC-2;=4-z);w(+9qCv#r|_Xr_!>1u7D1)Rqds)a5Yp;muQz5t-G!GmS{dr$
zT?8yw*FAhz&>1b2y)jx^$ZU<~_f|5f{pem8-euc`rKRUtHZJC-k#>6w4-XJ_k41>P
zk28D$aLW3UPO-NxmqAtdIj=>vTB8nUZ_!P&+B%z#Cpu1RNG(8}>nIqyrQ($ROt;wf
z{r(mfMzGpggS(3TOM7BP2#Qkqz;%$u`k`NB`Z^gEOEhRPZvAmh0Rv-p{I_I;i~W_(
zD4w1DI9|h&@!8EL_ybq(S4&q4`M3b&5hWKG)(V7<GhY;^FYJ99+2DIxB@gmo>~l|{
zq2~)gEr4idn1{-z=P9Pu(kfNH*r9~1^XT%R8sD4oEUfd`QY^lTN~rnqPcEOe;YM#b
zjreaSAEMgo^yXse^v{nCm6uYVKM?Be=`486t>SkQZ_&d-_rZR`bWOLD+L0UX!d0C+
zNEr$8b7+N6ljYkzj{%Hssd<FU0!2dC!l5VBHtz^#x-x4oJ)Gr3oO8Ez@6G88B#GU*
zBO`oJuL8lnm_GfeHF`DPRN38{qQR+ezx$o{r?oF>T5~PmxeX2=74WBt63%h(qkgoR
zIUxNSj<a}ujFmurLgIHXuj=Jc)Z&;*IHY_I%<6&QMF#Z)rd|RAmzT@)Fnb~aH3aju
zsp0eNbK&L-^3#TSC3V9YZ%E>&gZFe;h|o>G(QeV?kUoth{GM@Jl6Wm>lviSb;%o5k
z7uJ%Sk+ub^38}jxN6q)TuwkW}ioqz!iml`FRDRzsR$V27HDgWQuz&s9pP|p$=iGR=
ze4bmUV->qN&Z}2gImQ!Xw&Ji=>mK;NEUMCUHU7(cB}Vya-P-IBhK&^F%}_+`+y>{k
z0o?_0R7Tnap!aaplHU{R%=bX~S2)IXV=@n13hXPrSYN2(u+mGbrp7|O2#M!qhHJYE
z<19kiMSQvjQcMuV!Up8)7O6eUwf)nele^+`zy}rjZe(^?>CYG`M^A5+UO+F>SE+GI
zd!<fK@Lc^x?llltNAOc%`?nH^6qbsW12JA1K|@yv!2n+1vdE0RuKm3gce35Mv-9nu
zNvr6ua)DVENuecPyGCI<ef1kcL5Ch+?b_n_!uBoR#X{GOfk*&~%V=p><<frHHzdjl
zHn+|${1E1Lhr*LNIPUOP5sqPI$A4lmW^L1a;DNBBGj2e}hR8EKGFjG=E+;A$B-ndQ
zk=Xi`_{?k8IxJL9t6)*nB>)&`PAVbxD?bj6XKTR0DJMln`B;96tGCEB1c^G$e3004
zf`^%{Sh)<wYglZz&`AuVuTZ8aT#jpxx!Q2~IranfPw!$cKD_%lRjr=Nm!)&wlvCKM
z+C!lu-ZF!(q6HPEgI%Ye-;@a0uLmz~=h%ZOYkiSn14p4*=t>S0ziv~etnx7avi17)
zHL<^-X%>b@P&Y)gAd=!YuQ1F7-sd*&{mcccKfElSpA=n_7DO4yD(sdm^lb=+V!oJ#
z?I^HoqpH2yPEA=^i-af(C;c^H!w92h9eJcYt=*~X)`gBVMkyavO1m5&LwJEce8X@?
z7Uk%U`#=&_H8Ry#9}P*V1YpaBwwJp%IvP1rs15TUm6x4cBP2^UPn`B`A7@o{VGcWn
zA_B20cBf~HB`=sO0=V1^8jKK6ci&<|tR-idqTV0=SX`V1baOzXE)xu_h{%wRI1kFw
zaT$b1WdJG9oz*`)Z0SCU6AI$h{`j&p<?d+r!qC?8wmYSy(1dGZx2X^4Vikb$<shn=
zX`Y?U@U)pU_L(F_)hwHA6*SIN8db7~#udVbIO%Q#`{d1l9^x@w`klvC5~+gar9z$C
z!>+=cKs&|#wD8oPD4Ld0UcBYGFJ_`V=e9xFAZasQOV|a3EQ{f9RR^3VYglo`KM9ep
zwJ-8D{)-UFa%yw4dBaKALfCgo`uT(+mvLcP=}ICB2mmPql+zru_kMFPPtxvY5yBPM
zaCq^hS8Zu5p4Q5IE>2VciC5p-W?n)j%nS0)Kxrmd+G_gu+FHqCYI>}PBboJJvp>J9
zEXW2FwXIh|Mqd6J*%;V-fj-1df9n32B5CpRV6wt{=#mEj@$$UkZ|_xXzYz%bY#hXw
z{E8Eb<T4AFFgSwQJlqu?*I>0BDQSAPm8BdHpI-FknM2k(6nE%3dQL35Sd53lH5V34
z0bl+>q_~c7tr~0mM{4!K1)iWn!_rseUsEgC%R-NKWa)}>eK9~d;;;P-_u7%!6+4WS
zBiuF)!OGV#qRo=8HHjRefp_h-jt+Ih{^m+ZOzsu!{>_i%`SP0|c|Ub%u_rcDcAJ2u
zj3!FBpa$lBi`uCvF0~NGyeZT5E4?*6aWB56X!t*ZuYZWee0-XgUw5=7Bfh00BJ6+*
z;o(jz|3q=IlW*ErU}!C4V08Kg+ORhNew|S3@cLsbV{vMoK~K~k#;=<MSvqXbqBZYT
zFD!#h5NcUt1=tlCduY-fCH_R+BBD-Ahw(`0Ld%aPg)H}J&}kv24cfq`7zTR=#VE^@
zSUtCu`Vz{E%fA7g*@OlVbxw4)N^$_*nhH`#3h54djNMx4?T>5Ct+5S9G0M$gnxR*n
z?XmUJ%7Y5}zd4+GoJ*`g;e^si$h$~?k!9K3G6=n@n#1vc2Gb$BvkzcHMD8I_DRCQ3
z#j$L!_T68r&8c9{-r@)lSfCE1jD+kyh!uR8N3E(G_ZT{?gfFp>x9SzAM(^8fXf6+C
z<s95rOOohbD?HIaI=+S}5b;#WP+%#^OK}))>(+Fi?sgu#1ZcIxqrDJrz41&w`c}@U
zg|WZfhv!7>>*pGtI7Gw|-pAx54aHa`Dv%EE$=suS2i4}j=5Opfye7UkFv^cXe~0P%
z+f!DR!yy((Z`}7GKDF)Xf`D%jGu<RQAF_l^IhO_|a~~bj#1c8qEV-~B&f6ng;|jjf
zypOe~SO<0aEzXwgq>F=IjLA#jP8cQ+j6C$pLLR*Mb$?m%SzZ3qtxB|L_p3@ay-GEv
zp@HcAHeWRls@)PMU``arnd;Rs8!WI`b)0ycY3SFHJ@I{*u+q*UkkA)*>Di&_Zoqd6
zj)8={9;0^{QNRHzSC&tEb=p)SU)^YOuSa-XK|r1de?^~*8dEo|eR3T~e{?tHcFL6~
z!Jw4wWd+ThSY=ocwbX=anS_FOQju(#*O{qIk1JPJA&b2F3zl?@Q#P+=LWF6gJox$9
z-eOGN@WE_3na9d20uv;5xEb!e_~@cYSYZ(r_sei_GCt~X^i`}4oit1f9M(Cs-!RZo
zB*<@7lyncifsJkTR74i?NjOe>CW)c9U3>wBx7@+`MU|Dkb`G|z2zj3JJ7R&Q(e~*l
z)XdbjTpi$-5=@36ZEE@wP_&XbyezYIkxq(#$4X!{P;Etyv%G$=z7!DGCwS2!JO^ZT
zX2jL$>iq;FHQnryG}F%n2ohv74!u9##F=mOG}JU_9mUgkBe=v|7Qz9)xE14mKNfR_
zs{49}ul}=!5519BHOj2fx4x!{gM|5C9Mk-L#`2Z7-J!#Ll4ahigPTli7Gh-;t_ZR#
zwNiYAUq6Rup9agfTxz@WhHJMeOMj)qEX-pg=Da3SRSEB;XocSS(K6lIIjS<ha3#2X
zDJ_CJVknStrHL}taZ(1*Tv~8Y!p~Yu+@?>hMC<E;%7kz|71KfApO3}!#+Vy`Rqp23
znbuj~{n1_i`Mgw#(4)~Z*7<?9tqJ$y4s89XkwdO_J89=m64Lg_l&GRq=2||8tbawB
zR*rNj5@~J&{K_Mf_nx1ZUM*b;o9671V#Z?!>m>pS9#SH+SFje|k9xiy<C^)EanP7-
z=EZ1~$Ci3*;ayF>TB)lH^)wTNg4TAN>9r6uwjRcgr-s@-<fz7+&XL@nInb=vn=`&C
zj;^Z@coW$6p|VKIxLrT>b)iZ>+g=A(YSjuew9Bf%?aK55lm>IS-qcWe$jutE_cZpf
zq_Z<5_|U`?5IoHkC}YOlCoE4!aSPw3qzK-pbKQj|ilZsEoW7X~f2hw>H}5jrWz(~=
ztPO0a!PboqtoomD6W&I+G1jnlca|ab($k6(5QKT1X-~UdT(e{lu3}PG<R4V4)`Xy%
zZgLZVw)2)_?VZ$q<yvrNYcM#vA6c*Fz=n%lZZEp+k5Jp$+mz@2iy)ih07RHvy8Kyp
zewgV|>z*>QCr6yephb5kLjAf^ij49KDO+6Y2g(crrs(YF9dqq%Hy*_6;)wLvRx<q+
zJFI&^s8da?(N5aC(_N>i-Lk7=7kY;aF#|*#8a8^MLV6IgY^64?V8(fQu^5)Xx~xFV
zN#9H@4e6C7e+Si-&4;BrS@)wLo2~-{9;0B`DT`^p3>+T~lAn5OVDmD_5X-3#ui(3b
zacQsg3NxPP`BXF<#^ZIR3B9t0!@6yc^qrg@pl%i5CmdVl!x9H;?p6Q;z5USD5w|ZH
zf`RA{ma_iNl${ySzSDig&H_HEWwRm_m>yobp@3uCmI7Bu7Z*eyOP%{af4Q&4ZZbLB
zHK(1{xKY#IOV^UsU&cl2yeVIY3&w^lRe{<^!BY;jh(kpWgo1)1j;LzmKJB59KdbB_
zTShmr5+e=7I&_Pj)$-3g68{DGsQHU+mO$}C?u5{5qgn@l#5@FD>#?BG9OjwKTfw%6
z`tG9Y6g3c=`vMR%!{7*!HGyKRAa&1xOBGq)6q9ArXbDj_s!UiVBf9`0H;N)kFkT1b
zU(j~pEBvF@=S)4|<M~|R(f=vP`Fe<KM{>(xE_GLYeETuFe;czE35}^_o0_aO$+(m*
zP!h+J0F|@k(LIkC{})Yn_#ZS~Pm|EEKw&fMeqL+%h}&07lMh@88za6P0=Km52ZrxD
z_N_i&9>}Z3;5PFP3^lmirhCSnWw&xJLYnkcVyog7FZUijw%NBnRU7P?dxZy1e*Joo
z&)nDXENEc!rF?ztqyECjr?|{kIIvS*iYaS%zMWovU99Jhe=F?xj&uN$u?G@1^O;_*
ziqzQQU(XlD3*n~vPs`U>m!}BV#3^*GuC<iAEerK`!(geotH`46ptX@%_-HlZ1Hl&M
z3@DQ@Crcx=KRqi*zd*U8={1^IGI_5LQ_hK#a$*iV7S#G}gKp>yl=QHCC_Uf#oZz1S
z2S)FLvdcNo(lC%D%%$FMxVvtc0I|<Dqg&JgEfSJ`v8MqUDoVRh`!I3K=Iv{+K%&VP
zZiw+@v*~q6<{Kiv!QSh!j*J=`PqN-yj3(JQlit;I-pzM+p@*#|AYsUB#dYG)M3jBC
zL^@U_3C34L-N%bwHAH;Bf*LMSQ@FBUgy)8d>?U>tMg^Q<ar0sx#^Sr>3=6F|FsM@R
zqrEi-h?ch+5)%8L+jrYN&yi4g@#{2xJ_jqW0#ul4WfRN2c?$#6jTvc)U7A(TSP~>~
zkMq(jL|LE@JG#%L9Aao0cG_;oMGm{Ip#(Nv^2UjI^Q5r#$OXJf-&vgozUG~~78cH<
zyLzX_^eF`W++HX6!IxUeN6Qz(C7h-U`b$*=#@*IlNzdn`>UfN+xi+ZKUt9G*S-!0R
zG)8BB%xbb3&sFb&PCJZRfz6^x&>C3?S5Tps#^dFof@)0RyqG#diraA)YBfzwSmI6)
za!(+nJw1l$Dh7h?c$W!bVQ<yY=o+r(ydI=unD)MHB8f+CB+YE-k$s3G4RdPX#b%Kp
zbr))GSKntJx@Fcz3GXjs-*z8%A;jYl7N5#Jc24*Ksk2E^HFMyf&C*hpVd=&o;#p;g
z!gf{ON3$r{>)py2#t5y-op7`D%vRMoimux!Ma+jaJQ*`IJ)2(M6y}1Ayo$OQ>mNwf
zF}W*EyCaCJ7oad`F**pXskr2%N1o2=m5EF^Kha{e7~+VG0!)(^LcO}tkdDow`MlNo
zeVZwi=EsL82yD$CvlNm~E%_6+O~S|OPWP2|HeK^d9BqCyKG@Sd#>W^MpRicob<Wiu
zocX&uphxGQ?Bq$qpM*CZO_VI*?2h#gyF;5yddP*@umJFaRK}+@_{uqdD!iiuFS~$V
z;5$j*8&x*U)Zy-!wSGX8ZXAb75U~eG-+xp$r${eWuERyNpn+@Wc@Ec3TEhUNFm_hx
z3~UclgreuWp6Wf)ghU*^C;!r7O!);NHDxsEZw<fsGwuc(>w%F7m!@bD=8&+dwz-m&
zYM>>2Gn=S!8pXp$%Sd~>VIMg~+P8x(GVxVdE>DqinHqoi^tf3>H%Vc9f3ZHx3q`8v
zqNSa77wpK5|HIx}hDEi$Z^HsApi&~BbO=Z*5}WSsZcw^o=oSG%8WE80W*B;?0R`#q
zZpop$dDpoAd;hlX|MPo4yr16Vcs_72tXbS~)qP&qeXe`0G~P%f%T1~o=l~^b!qFmW
z;N?+<yt9E12}ILgahwJP=JK{v0O#dhV2!*wH_Lr`n)KS&@9J$K<yi%_MfiHA*n@7Y
zd0!KVgh&`BOXG7HpPOFzF&?w3;%Z-_sfZ!CU#ENI#n=#5$`mxVk7R1fJN1AysRm#!
z9$5C<{z<_`Km3xe(=9XOJ3s4k{KWy+<SZz<;tDwP($2IuS|5U8Kd<%y_F9lM-xH#j
z2Qcu4Zq0Ui?_|9g`{RZh>9Gfkw8q^htsjOMCp>pyZ!|;$&BjlUCe!pv2}(7#CKw*L
zh}{#ryCG+hK^=9ln)I@LZUs5M+Xe)^BwDHN?diKRwXHavw`=N88nL`sc9oC{#qV8V
zF?!H+OJRcVCxnw(Z(Ci^aC4wi-CcH*10yyZ51REZ+A5pwb2;6)B&Bg&6K~R=FBL*L
zzslmIv{g;U1~+E;p5Hhw*HP*$X<5K;Soqz$&mcCG`V`!gE|w@UIGH@Io8(!*!zd@a
z+phdk8S(KShg{mHBK4>3sFIu~zh7Y9t}pjf1#J=<h*~1qpim@U%fvCqQepCRT(Hi&
zN1|jU_ewk{d+dg6!+r9~yGOb%Ek4;bo4C?0fyEIls;5H?YGxm^tAq~K+wv+@Pg)Ll
zloSlFb$u0rN>n?y674BmGa7gvcD$J1xOUm1AV_x4XF7bpzjAfKW3=t+a`ce%<3*%;
z{8JH#_rQGxC%o~l&S)YCm);cA#-!x1Xr(xGr}7&%Ot|tP^F)CNQSI%?L$N?(x&8MK
zOB8~~SmO<xinl5*F{@{(SM8!xZx71^x|{5t6$D9Pzq@mn{0<VD;2q>YKl-sEYiS*<
z?Ra(;Z@UIl4uOVt%g=QnQq}HBQ2K&$VJCgtl1H#JFQwkHOt!6W?P2?C0!l$T)z%aQ
zPvxpIvtRYtHd)m?dD7;(rlVBbwF6P7&?Y)P6FHTf=Qr`s!yz6;J=o%M%$foVFOfj?
z?EGgokRTnkz{>a(>8y#P$+c-`;G5fZY+erV+P{+;+{}ueY<K&KZH_;ZQ)QUs)Mi{Z
z$c?@gB3-lbaV$N1s6Vblh;)7!IX9w~a53)0wJ@-}Rd@N+ZR%s&XuG?M3fNoW^$r7@
zW{S+XKD%lJ&xL*cd2ZQ)n(w#7_mrY*PZv+?9mur5Y3fNm;<d8>oD{9S%KqVU7bd6r
zMX##xYlO3slF~@aU1u3k*Vl)XGfu@HX1znV_|s+c)%E3r$Bv-}-s&8a*)i9KTeZ83
znSM|74nW5b20N=&;Bw-@WBgu+E0;s*KHk%np&#_|Ry=i>4kTbNg*V4~D|9a~Cg%B#
z9j@(}tw;32Zd4+6ea{LWkt(n1e_JtnMv4sPIV#&>`?OtlpJ60DkU9L>X(&#VL``qU
z!Izf%9b9>_FsXDN1Fvlr_l5m(tMu+{TQ1U?WlD>w8o$}&<$hm6fRqa?*XQNVk#e$c
znte?BRws-$$+WLUt++2oP*x^dTr1#~&Q~Q4gRk}@pD8!#mk|35^ku3KC;FtmR2z|~
z%ykp4+?mfYP^jHGP;na76e03GhlXKq$H)*p&V<euhR(Pz*D}}Z={vV9vz{cOD_u_f
zZcj*PFZ?X7T{&)D%3g9@oYQVx%$au%k!7pN#^PljI|UI}rddPfyclfw_`BSgp4u5M
zxet%&97nZ`w~-z0xWWmEwvRdI9g-TEiu3^7lL2dZ``vI2(`f$_^})z%md?m!-!fs)
zscll{$F@Q(rdalZ()w{E3Grgns;hdt#y61#lBZ|EW-HTVKA-V>lRCeuD14UVcCBnb
zYC#{YyZKIaDn(}0SRy56<UE-nG+*aDD?1WY%9D0KTjeZK_3PEfv;r7Ae|l5?M`)Qr
zH*K2FTRrQ1&yNIYJ|o(^aED`tE!|-2Sx1>k&wix3Y3+)_NRzdPQw(3)DmMF`kPS|8
z;w`B~jb~%wchOvmS`4H&<~!GEQ&}l<Y*J~f1YvIf$T1`1{PwLYfDuFc{G$WR@JMH)
z-iT$xY^KO9MkDy-A|mx_P1Sub8i(V|Fl`R@Bfu!KG%j9yj6oFc!n!>I>O>pV-kGV8
zkA2uLAfo}ExSC4JTFKjQk_Ha55hL@;mm!er=RGZ-vF}cCne{f062}-@ms`VXl;yv1
z3UeiZQ&0}niP#-pcgWYZ1N)V+<7u`02iG;;6QKtumj>}g5Tna6R>QNL=<C~y)0TtT
z$Qa6L+Z>(v6VR#LT0)Q_9#Cn$$=~%fPO*CKE$G-gfNKIxfjW$S)?wB!mu0Ry@PTV+
zW2rv}p5J~gKR2&!2EU-keRn)V0e??mD;Ydi&3n48hT}U7#MAgJdDxuxTPyG9|A|Nc
z6Pg4W{c8E3(d?^oCzu9#%+-pl!cJKqFjk1Oct#-_EY%;SY#^Go%A{Uy0S<b#j0Fd=
zbgJ9Jl^nM5DHqyM{7s)X-WG#P)MHqsAx+E$@6yM*QFof4(`t)D45CGNCn%@a3ZU_2
ztd+x8%RiEZM6#~J3!5yCdA8-^4X)=qRNnX2yT;~`HW_S=M+%%#Q|GY$D7X3npq~g;
zoaYqU?aL85keKVS<uud9W--vg*F&&ct$#Xy9q{tZJe;<$iw3_Rc$uEogL>kG(bbf5
zC54)Zm4}8w)Qacka<_Y>qXo-FjvkuK?VOnGbFu(p)~f`Q!CrS=42}t3@J%@P`-6SA
zL9wM&Pwp1di!x*{-qtHtudAP=?{ug@UfbdRXgA42wn<X&Eq)m8AC9%&Ji70#cg!}{
zkGegqQN1xKrp;z$%oNi*5}Qy#&@s&7{e0K=O0V|9YP^J+mb5C!x=BuBqgu=Ju#}~p
z|D7_~0h!N<e;Auj`WlPoX`FxRa%xgP^jOz>88@>;P<Lpzlj)YfC1kWt;hN9DaTxbx
zFNHIiVLH*}`h47)%hCSGpH#zVKr5(ok;XnNS95S?<t_R@)|fv(?!^eQ3RhN3z_5}*
zORv;ewTC^VWn_$h46|s)H`i^u7UEE7^W?;pZ^GRpXI(yOZq)Xb=+<`KeRMUa&BhYE
zZ;|OfqV~<Vq;{mnZld!7McsFpUfRoq*s^JF$O>nigs?~6f2y`}gC=EVzD=)9UB~7v
z7*dr?gW;BsKcv8WuKO7c+&)!lYm&xFTsp6R(m-!q1TlxyUQ|z8Q@0Zm5L<Rm)v3wo
zw3nN7gIA7|vgSiU-RaIAdVcv<kHe)m<d_xHv=xh5D>)1Hz_ui81w~lS=VcjAv+VI&
zuH;4G=_9V=-eTu8pXNLd#jIe(aW$6FI!em$lZyU7T5FUig{r4Oj-9V=)SY>cyzF3y
zjgNd6UcsO9RX6a<Dq1-mqwWk1<(wbv87WL1k~$hEq-jC0!RI68*FzNkVeFm+o}_%^
z<tyDLXa14hnA3Jv*9!eFjp`!NO*iB^D;-51mDF7sa_!e-6&FS6d!L5YJRLlwN5v>9
zxHccj&qyJdQpa0u_d1WQ3OK0?-me}VExJtgIH9iH7%P7lILBKY6eLI=U@l-$WjQ%=
zrqvgh)2;seNrU2aCVwgsXQ5qV3+3Uh{^J$1ss8G^I<*D$44q*uf_dtgydF>xaQ4#w
zz=^-LUKl7?j_}8J{ppbV6tX86mUtNwO_v#7M!XWL8ilVYrkoW~&TWPYve>MRXV{*;
z)%3rROX7e1R;ju6kB<I+PMROxdR1^eOU3$=?WwL!_9C&se$fCeye72{)rb6ed<@c?
zB_hY$_h{@h>M+rDlo?!)_rdSsy0{q?ZYYnO7`36c7FQ0?QsnI!_d_O5i0`&0#ndb3
zwJr|iiR4K~PB&%^`S=p+%<ZE%@K)V}A)+b^n|n~?W#NTgUwqrrki0ZE!RmQitEAmv
zBZZicO|h<#rQf7Gu%9BU9peB*3A*)QZ4<Hv1B2RyuyRzr&E<<vMP!mfy{brm%iu4d
zl~3$fh&Jev+b6EVw;Aluu$?P1>(Fr2MI;`SqF;Mo<CSap!$CD`fmRf0avTcoV7>7m
zl6F$(FS-sJV%46OE51_+{_iK$E>zJGa1$(QTdpp;&|HBPbA7sLqss;kWiI9~Xusvo
z$)wy0`VHS9p`D4R7Xq4)^%mbXZ4kE}HF7M_^PJtCbqm+8Fb%(AUF0OXE#dYOZm&k7
z;EqF^wh$r@6FwS^H=vXt_K9*PTD~vjZDnOIr(A<hE}Cb0b?Z8-HDonyTV1}i^cVm^
z8Y{=HZMnH1OTT}0t@;UJQ?6YNGrE%=aHbriAeS*6q2XM)t&CQhlZhp28DrqJCagYJ
zkTF;>gUYN-!1^Xl-}z%oY;lSyqNf!#H4|r1jWVge4ywWp9Z#&0(FVVf8hD`oF5$)J
zQPLFLxM-B3X3Z}GOT&AU*kh}0I6088G`e?VXoB8<W#&1qYAj;!SQf?o3QFCNmwW&2
zv0$(%>EAf`?<U_%+@Yv5Gr+Zsy!-RohVUH<Zawk$F8{t&8Mu{@g4?;`V<JM;+3)TM
zJ3Sy*zV|D_23jHSMI#rb63v_ZoXv&(PH+McWRUm$0pH)3Jv2(B0P}!#@;<8zpmXDw
zNCE4QNO==6{~p}m76o+0ChT-i#eWt7<1Ie`J@?wL75@v~BMAU~QHfr1HRTflE-IJ<
z{Ha0s?A~7u{Rh5TDEyqvHZ2`Sz@59zV!*6*m*wmz{+TQwrULNSGjTFoUJY+h-zATF
z1^o5eG~fKizvuiG&=%Stx&l5cB0A(_BKK;aMsd4`7cQ$Nqx>E&$nW@Bl9$$z8{qe*
zDPovOr>XQ@!8xbDFm^t^^mPqbKYB)@jSO`E6+3_4+{j|0l8W))Q@}<;^D_y}>khf%
zLfVisoD~d~55uiR+&A*nFIn4tC|`@V6FgnnHud%6@ACqND2d_MtQJb`JIF@IOfM-H
z_)Phsu+xV}PkIsZkQ3B%WHX;3B_LT$y?;dd`}kRt-_`xlY;?+9XSGJB;I^ic_ocYw
z7e<{PH|TzxBx9?O+gXr8J2_d!TFt^XBa=Q-AARQWsr9kIw+|q3PI3<`5tD0veIYCQ
ziERZdde`!<l?V%mY<pvB8j(WI?lfA4ALCTZi_D#$y*i&ONR~N0$3C;bKEupiF3yzu
zsq`q*yVBAj*=}-vPw*L|-{U<LF+<<}fI=}9{pR0G@qe`5h%Fd=a*rYQ-vRt@@xG&a
z2awo-BMbkf;=hBw0bt&j?_;I^7oq;u)mI!rfJ^_sEENCghXt@D?{CsM|2E>k{bT{?
zi03imf9r<;FuTS#Im&<k&u<0{4B8&(hy*?EzxDGFa72SrWxD_KoB>`t8o+Cp`7izK
z1>O;^WYH{m^1HSCJ?A?By*>b-*8{Hf?_vIr=+1xuG(}LX`ruzt;4j(UL5=`AqWbpu
zzx3lp0ci1|I(^`OQ6mt}{;#?GTMz#<7i?|hD$DVh84tM}d0VQ2nDGJoj;=TOIs4Q4
z-*(OtV4mF%Z1deLr1qzTKj=-~!mFKoDZ^J2@w&O>Q>$XF?aP1=r%tdcv)I+DTxq&;
z|1bvWccm4^1Ht_GVAc9BzqVZC_<TQnTFQ2o#$t>$G3F5vreuuIhqTIb?X_52=}>+*
z41U1ZPS6=ge>%0`1+JpZ`Ug24O5wa)MYX~}dT|yVUXt#0X(g)HznPscusU3J$4~wA
zFY<8o5xW_6LXM57Hl}Qg&c~Y7#vh6`xp^j+KKuV>MSf3kfnfVevGC^?emxWem7}Yg
zB4&N|YK1wLcrdqbcCqv#roa2jUL;_*zSafLe#&4dSrCrNBdxA3p9uZ5N-ZMjPurJv
zF2^eNzswL3wvg!6{+yvHw)t!Z6eqLdbyitrx$<2^T5%HwVNm<f^Sh5PkOBU7JE8pN
z%(J<G6_$-Got_PgqVB=oi{D)AD=OgP{DL{sKgZqi2>2`Em3(LAV+!tPmY;uvJO5u>
z=8sgdDELg{7Q)yYZz6!pSaxHLHV9v9QTk12qjCT~sr%^2|MR*e5n_lKVxsRjSe-^Z
zdd|B>%(Q5Q&D_U~4%9&vm6a2B8Lo0a<#hZDL--(!B$V;^PZ3Tb^mmONOSq^Nqy0QS
z?u&0-<!$l{J(n5jzBXj;?wf87nM0O(>w*<$Uo~Zmk2slTl%g7e6ehog;_Od=@zPr;
z6a2I+<0pW8M=&)K&}?QLo-Wqb)JRH)j7vHwO_qP(dX1W?VE%p8no7`YZ6q#PyQ(XW
ztE%{gP4+td$3bdpvGO;o(7`pMhrj!WWf;&!c*ffIpSo2X27<W?4>G-I5jCg`C%qzD
z6LYeuX$z|1JDIJbQ=r4iveT&!rjIHZHtpsi^P+=9-VB|6?u#a-k~K3~BNuI_Zj=8_
z#0gRW_<7wPt}cRD;RGK5i%#C1r78Mi_R2C3W>!k4VR3iRC5C_Yv}p>x^Lwe7yv~85
z-I&(%d&=FxgW}=x+F|NeTlXp&i$=~nAN}r~HweK;GO_>Jcp^gZvv&%3A|4xIq^M~>
zkDT#LaM~VvRnSGNkU(Mfs7_3}BCH703NIx^m5;i$C>;CRTiJx}PjLDV^Ddx$hn?b)
zJA(GJzh?;4Du$B7%r$lq$nSK^&uTpI(Sf0_zd!zM%ZE<jH90G*Np^AK;e@TduI=6m
z-BwvmtjyeF7oqZ$_HWB@GH=C$Bf6pTDO2Un{Y=|s2DDeqMe5*?Bs*^&_&9`C$9k^!
z><&vDna_p0x7N6)_2G_Qj*$Na>oH`b+<r0hcy)#Rm*5gLi9m{;SLS?o$*~_JySuxy
z?v3Dvy@bAn5448Hcc}C?K6%Wl1~*j;TyG2C?54Ope(iSxGPbyR@a%Z?OCkFU5gDEN
zfz3E0xeQ*nHSEbkiTE16+NBT%<B@!&lL=rp%nJPH#=5UA;?aG(xZ-Chsw~&0z6NRm
z1v9b0gVQatrE01z9@m|D3DU+}`OrlJjVp;c!fT(LXkG7fYEZL-g!JO(X!-Cv6yx&{
zyx0<vhYhEzp+gxWJkL&#T|pOG1T<=>fxoQNem&%X(4Q@fG5}yN3Rf{h{9cl%vd<0c
z2JDdkqcMheDv<ZVsyFE44ZM=s?4~+Ey47B>#9mjU8OGW)q6FQEqxTLb*B6!R)xjX*
z2Fgkv&FH7Fp}Q|<4x_#)*UP8kWX3$y)>Kx0{?OD1F5fyN0;F<I<GmcQ8V1A`x_QRk
zC|HqEo<Raz1u#$%>J~J9#;4o4dSHP<qw5klg0uEP2gWbvXZ#3o$gpShgg~SVNDwT>
z)>BqirigF{&bT4HB-LMZz$~VU3d7dx))Yu{7`g!+WuSyf)|HeDJREEjINBU7GM+(Q
z5tD+Tftk73Hu&Z6J`Q@Ha?5Ov6j&|cQHts)(p}{jV)Gr8y)8F_Y(Mv%1U)Mqr;w^W
z*>jN)+uoVwh~aWv>qH77ro9&!IM-7A(+B=uOOODJLK5YdO$0byDY{$WI&GS}l5OMm
z&KuX7L=O!u3T<$jU8767b+rZ0wD2+^7o~WRPB3${@}a%)@n)=eu+MYLBk>4gI?h?A
zm|52@y1b594SkF8QL!N0EZC*qVxwn@MZmg;cyM3!4%f_$XuPJVhHN3duoJXI??+X9
zYGrH_u(by|_U$5NRQ0OHAmcjDUj9*@;cwkW5wFLPHGgg264>!;f^Q5Uxb-k1Rzkqh
z1EPTvms87q4C4ysBu!mk`D>XG6A5cepaA1EneC{RN~Z!2%;HptWU8CyCgikzj_aHB
zTp;{b4LD0=x%aWw{K&}g#0V6qKp2m0aSfG;cur=FS7!?K@?WjLuD4cfYAj~+8}vzI
z<5KRc&)gn$fv`k!`l^jHFo@bgk4-`CzWrr+dNqF-*w!6taa{*^=SZB&zsJ_23=Cu_
z#s-&g>t3v9MHVl3O}q^f3ovut8r3kUYOcKha>gi<Z^o92*X-ki!P?s682n6`aI1)O
z{`yr#0zB?K0v0VwU%4b4i>8uFi(zdJj$5|tE4U~fJ$*U+B0469O2=-r#ny_8X;&`x
ze2!YhRz$e+lG$q3S2p$W%I$gbYlYZv1j!}}o{9S#SF!us#4L0K7^eAQ>Ud8&j8*!{
zeC1=2D@c>Hp_X)HO{a+t$I&L&YDM###wzvIL`m>Ij!!zY8jZIO4Od(%EVz=6vtCZX
zOS%fCO-&km+HbFlyfa5yDqV}1prt+#;I&LN%f1QZt*xykXuqQK^bjBh6`@5fA;M;%
zKcK54B?)52aRbj<o4Ha{(wIdoe)W=qwN&RsUALPAms{T(&!mRE11lGp`=Kf8)sBt{
zJk`W7fuW}BZ0FjkCmysi%K6#T`{od9{&O5tQa5z|`h}Qy!^U)dJOhnCbE9xcEhxCs
za<VxDcw%Xbg+aYIjCed&yA84zpVnaWew_U?wM?A!yxwUj_fETbx$u$3{51`9<~kWe
z@sF))A+$jn#kW!p(Z$TVbOsHlilS$sw0BDEi1ieO^>!-zCzWZTsm5y~(p{8wBQ*~a
z1P+sqQ%btp8($t)xmV<}ZbS;K3}nei6z-<-*nWbY62Cdc;9aA9#$&6ebL4q^rD77d
zJhyAgI?ux=1e81#g6CX!`F;SE?TVYU(R%|HX8JGYy`aqN%MTR<DEY#JOWuPZjh@mD
zVM*j9^@n}@vo|VlCzDj|n>MGCe#G=Q?(I~=`}l(RU&75wuwwDvMGBmt5e+ymhfj%)
z!aDBSc^__{{urCy4eycZwLgju>Tn*{H9eejg6o04xtmD?<^9aA%@$6)*1Q{bK1%^0
z3j7@zfPer3bQiNMPKQ{lN2ST1QPi1)t{!ZlLUe?rz{ptKR{<a!pX-&p;#NZ`se-NQ
zQ;M-fE*4G=aejVX55n%RAw!;IUX%p4@XZ%*+tCO2yL9abO@^B6?6`Kmu+ERt?=-Mq
zT;~_pZ;fb>68Z$qo_1N;b&lRLJFa2J(zOzSdA7_&`;r5!Y=&z5wn}X{&liSwsZ6jl
zTYLPSg^$*DdCBSD#NB(zX!ns2iNH)uO!hiYXwPMGcczjcGicU1bgS%=xf<f_GRb)`
z=BLdYdA*eqTzdXJroYq1b%tPL|5;wz3z7S2X3!MLl&w?d1P~tj;N@0T5>5sLia%}n
z4Q$KW@C_x2&4STLfW)SKy*<q*dRc*sXNVRGS}`H$mTD(k;Q&+D@EafG4)>EXE;oi?
zK0lxLHDHz?^(pOjX{KB2z!JFLVk)0I_Q#r#u&v$Ko-PSt<p;J^Yp+Wdqg#O8@$%Pw
zAt8ejBmx6{8-D~%-uq?oP<;;oFX}hZcnDA=hqL!!kj(q4_ED(O?A8>A<JeYkRoR1j
z`aMhTz0zfq5ck=coW2z9j`i_0Xp%wLwRRuxsbT$1Q_?LJVk<^ZgMiQ#cydkCOa4{K
z-Rh_!mL^f{r+zxaB&Rbhk^DE6dgE9?{d<RJ$9En5d^2e`%-OL~Htm&4^=4UZ!(LAo
z$E`$K7!F<@Y@-bh`P72N^>v5aec^npe9Chs^0@24;Qkc02gOtkpCU!wL`}1%Ua2y_
zw`UFBcJfn_NG-9;WHhkw(L0pBcy9OO=d_++u}YkLhM2+@%8M^lSh2Udjs-Sj=l(1)
zkpd(}<Iw5cJl@v_-y|K4$nMte=4j)c&bgB<>v)Dgzl6!;>he-}K=|%==-pmI@G`3S
z2rz4f`7gb!v$5(jk?xIxw1xqA^W0KuOOF04TnA&b%WU#sh4tvbxBClAV>$jbiUOCu
zJm2{rNqS6~{q?0`NesIt&vu1ky9w$?P))n0J^~Ld5?;>*(Y!PCt35f6&LBu*sj?cc
zZY`-<z3;vqKIp=y9y|u$^pA{)vKTh)>RU~8pRJ15<`hbF_hy!~Hu3tkc!>@`P<b@m
z1O%8FVMKyp!!qJ#TyL|)@A}M`PW#UD0jrd)+bR5{)-1(x29%srr2f+5G6k#n&Ea(o
z);4JF>K>>E-At3gBB|3W|I5`#FlyNCDEDJ4oDIB8SY|RqQ8(1UQ=VgErYzYL6QUD=
zSoKpcN#25GVJ6p_cC&MuqGq(VI3y4Zv_Y#tb9karVAxYqrk8C-aUG2+{Y|}^qT`&+
z<`)kJZ8+y7`MuWgrc-d*HqXbZ)cY@BL%Z>u+tsHTnezq2ROP<Mt)64hqcwxDn2LU~
zPe-Tn_r{DHA!Wix^vlreooTyD!;+BYwP#9vV}@FnLruF82kZVOe#(&geHZteR;4*+
zZQldC2IUj`&5Bn>E6EQ(h)2L%0&&AG!_=8{y6zg8T<u(viA8LLT*UYul(B}cB;C43
z@|I_t5&m@+!1>WbrFMp?y>j4;-T0LcIy+%qn|R5`LVo&5Z0@H;yPn=>E62XRs~fbP
z)c*Zd?zf(YBnMlECd<~Yd%vQI=ZLy1o%NIVK<HD1-KD1z_4MvrT^);lMb>1(bV-vW
z_!gDS!7zIf0z1lff={*Hr<`_&qJaC?m^_{0<5QV%%gEf$&}&`Y63C_{DJl-mT28fZ
z`^)$ZQ?Oz7gNBptrzp!0I?XV6wU`@A87I=lHwPKQ`1bbD9Or^yc}F%R6x{dBQ^cIm
z0?l*s?C{p7@8Qzi03pP+?%u^xMdV}<hvj+GbjdZiD7xs@v7!OMOPPLX20kTQJh}L-
zmRiX`?3x74?N0Nwd1!(&j^9RI*a(;nD4y?JrY*@oa`tn8%iUJDGvAD}uYCVe=M3+H
z8Z_F03rA=Bm)l6%WFU<cuT6VGbkbb&?$bL{p0q^r(Yemn_hrr`vAA3>UhY2Gj!d<?
zZ1nt&@!_nGs9z>8f@DjiO7E1>@pcg}^VW6krMuUU3MI9ooGMTM<qQdluGv$*C(g+j
zza)9-2f%W|&>!~rClp9|rx8pFfPB`af;D>U7CYcA627+;FG0E}_?8R8a;U@}$ruee
znPDNX6IF>-qGgB6BuHp(8!rr8^aNC`BjkW=CR%UPReKiG9E4cJz3h;aF+zUq|3pjt
z9%i3$R?EM`Q<p!$OFmO!@(q~Io~9cWGho?qHI3n9stAsu4{od`W{uosNG@X*eDlDA
z5E{b343m`SUo?kDWS`1kYQjx14D%gzuk+K4BMOQzkBfW;2a0}-#6-k&e~9xIIN>?d
zOyKYqADXW>Zi47jOidTGr@Cp|HeLGcmgFC+$aAYRlX+y!u6gN5n7kx%opXV0LHkpc
z>W`U%Aid6uOowBw8mkvMwmOC?aCIiIg6Hh*K|be?M7Zt8-p8(&GRqZpTEjFai5cS&
zZk<Gbfa3Wu%f}@k*d+aCRrmR>)@PNfxdYbSR44zrIpfy_WVa=}ucZ;;C*K8GpW>p^
zO#gF|9fKzyfAj~p>(Ro%3T^H*$JGMXv-hk}V%k)f60h49H=S5*hN4kW=0^5#f2gJc
zH-&cK!Eir4Zqd@{GGpOG4M^M#%1L~4^XNff*_3)y`Lb^+d3&mpX@g<omPoKX##rSe
zbxk?pO3seeNrFdZc4UaWNLg2x(c5)WA%b(~1v8;j^$!*u=4)BO7SG)}Ef=!Vik?J1
ziIb^YNuE2MKD(coG@`M=_=D}qZn^u^1}FA(E-ue0MT<<TE=>5h7Or!YvObilO`vL^
z$dxwV^S#A&W_(7Wtrv53HEUL#y6a2KLYu0+Dos^rSmCf8D?;U`9Las-bne`|t5m{O
znH+aY<86M@=?R(ALmSj*{Us41cL!=ZofTQnfdtyml1dQ|U{syY>99xzo!G2IcB=e{
zqEaYFYG>P<=+SaCPD6<dsTurZE9!bB7Y?bu_E@Qc8Xwh@wQU=LwYl2TETb`AXsW6j
zA3moSCG%Qn1i{0{r&u>rjXFQ&9CV<V2=$lLFZv!_$(SrD%;4s^(F!|RzKcU2Y^7PB
zlRjUXMWs3{7}1o`ps^?wmaChwn0L&UPx1I<gS=p3Vxo~tn4~ey=G!(N%d9bp>|R?t
zwpMW=rx9w1vFhF-bUBI2c9Gsjw4iXWA0S!vKB(mGcW$(jKJkpVuGOUQ*qJ#m9~1}M
z=!^(o0(`sDZ}+z```d-u*xPO34!w(=mTe`~`*gE99yU$kk0x@Ojxly4ir`o#%W`_0
z)2jNu=XCW&tj)WqSq5<~Hk@(i4{zd-JV}<otmQj1uIpYiWw&!<B+=uPz$V@M5WIf|
zfHP^J)~(T?iYSYbvm;0rX|5+5tm_T0t&RHX_mmkvY_#p6lHnfHZGX~uba3Cmv3(pW
zs~W5>P;QB&2hrC%2gYmCIg|tX{ucEaj$`;%L%ZLnv?gosJgJScv2E9v-yT@074!|D
zGO!(~9x<`+;Hwjqd@dv7CC16b+v1$}q5^&@lD!T(L5O6m%;$Ji!{lsl5!8yO(Lw6D
zg~OFA?9>G7WBv93p0M93Zv_|u80m^FYQDco{&RRZH8^C@b?)#T@4=ahy6Wwb|F~RK
zBYx($gAqdQ;d=ynrnAHA9_2tZ=yne@$FSyJ>RemNStE^!Aepjq6h*<<bfz2&6c-q7
zZy&=g9>9+{d`rf71ZQg5tsSjn9t_gpc`7skzo4bp%y3^8nZJ^JK6~6mWIPXZg=(n<
zs|!sbxSB@Gh9d1hAQrEUZ$%=if^afnp8>|}f66|B$3U63gtRaD9s)7OqN%C{+t%-k
zXU6%{qv1Wl57Bn8oVt8R1y-xH(v85mZX`O*$R{&*PI<Lg{7nf`47WP994z=YiKyPS
zL~^OoTj7A$>du=qx-(Wsz47Xf(#9@tg3`KxYDZnJYIk`oPyxotEb5s;AGA`30PF*3
zb2ODimmKG;v1<Xj_t|35^s!QwxE7K&r&Ai~Aq`%p)p$V?j&S9;Ng%u>Ln4JS=H_hJ
zc5W|?VXFn-RkrE1cUTgpb6^JD<gQ-%N&~>QB%CrC?mK86j+{ajoyv6+5`m4)DhQl@
znsJkvOnQ`PFl<}DV>}zR&JLWlFWzZo7skv}dU6QkG<X7w+i=ytwqP+RqXf;scRkiu
zZsVZg0vn=3Ux(#CXAs0{Y4~2wMuHL@9%kDr>DHalFUKvfmvaG+E$?>bXy}_^QHb&g
z|FZL?=#5BcBiYRmU?GYPfN^~1{RJF*T4J$G`sJdj-Z!zJpfoS*n*7lWnN0%iYms&u
zJZIIJ!R)cltgz6C{U+JZ_c1mRnS%+K^H_5We*95e)M|2$$C{Rklq9z(+UaJYySUZd
zSc1J6D1qKDuj75e&Yv(|%p6s=EAT|k!pEnv>ch=8bbiYRFL}Dkik3FT>C^0-*J1BU
zCv6(r4n3h*EF5||2^3sjV=0WVOC)qh<Ub;s$Y&lWo(hxW++ehWUC3sOmDy6BOc}kK
z@ia?#3Q16X$p--W=&QO<Kl7md0CSs`IZsS%jIBJWcBj3lq96W|{8iHz8T@JO-X|p(
z-_M563|4Al`a_6^W4EEx+NnNENcDETiR_?T5rqj<E$#9Bc4AU=!#{S4?8H#+dc<fH
zYY6ObvhYV|GmGi7A=hd1S`ER6^3r@Qrkj9rr%jquQ=>yhBRqx0Jit6h7$M)kwuJ<b
z0p37~{#-H!!lsq)HV7YmpjX_lIqkdr-0ku`1GNid99;27<AnfcHv^<mi#aXC$92X-
zPn3;5{@a#jjeRuUP%e<)f@%OVRO)h;tGL+J5VLlJsLSl(La?)QwsM*VP|!xHkp&7{
zne2fF8`Gy!Hb#p(a%F~<A$@faN*s?WoL8<qd%^{3JmbLwn~7AgK=bXQ`_;pDTod(4
zk3Z--&N2bOgm47Hvdr(>u6+ZqcAU<DGgJReRm1=eRx8mRhm|fh&=I<s=sgxMmmebK
z+Z;NRoD3evvj7QAvs>V1fNu!ek6A~^S%7zzE>nVymj&AxC6Lheo!WfulQ)YQWoX2n
zVm{U2so}o4f0^TR?cosm`Sa(lsP2+z*ZJE&K*T`Ieg8|$RV4x{WtJkn9}&WQu8=MV
zS3ii}cTBX=HM4%vo75!eGJQD!npDkJn(x_k5iv-a2as)+e)uW=fS{3CnnTFZHq76;
zYGw745lWkhR#7u_&fVYxQPYs)YTqF~&gm5F;+q<L6(gsJxk*!=cjraYc7d6}rzG2O
zpI%>)6%~gDlj-f}dFlyCpN!%4*G*>KCpxaNO}AR~5@|l(<)g+fTvfpww|IEqIMm%5
z(drq)VbJwQyex*t8C44q+`JAhksY>X8<I}e+h^2uy52-nN-6k*Q*m$zOgDmi>CJSp
z5P<;&na`D$Dy{@Shpfw1Rm!aE#9&?rz(J8984ovZbnX0nsLkx@t!Aa?5ssiaXBt+~
z954HPYmJ|FzW!tR2-l=zfmP!vN`I|nTf`*|NLFJ+uOk6PA<ig*TlJ_e2a8UXQ3L4$
zFx6PNU7en3&lfy3@q1p!%f;t&z_Y})TZLV|k*dT3V>Jr{P$r<DX3<}7Jqfb%zFA#A
z?ShFdVKn43fAG1yj?Cv^w;NOCzud#{+^)ZD3=&0o@#$|XM;N?cA&@1O5DG{minM6F
zNEq}Jl~TA2k9*md98DPU#!)2<7Bz%qhjH3dX@ELrW#d*OvDKulCl%Z1e$Gy*T4A%D
zlvEjUov%UdkE`V+7lT%F4B31sJ*V$=%l3gg#K3E|I6RVZ#73FgKae%nfaXk`9}dnr
z<{9$+47ZPMD#kH7^T+4oib`N*&6(kZ950!@3BT-WRs%q7JfvlxHO;4M{{SMxTp9$V
z6QfFT-TMc2=4o~CmlsgRmwpe8P?&A=8QXu|p}Iv-724wx|J>rlM5?+N`D(18>k-X&
zG0HjLZDEEP5;J_O2M)td3CB($9I(W*`MzFU{Mdc3k7CHCB0_5PvOVqfkL1wZs87m9
z55bg9kH-c)mShPsW8Q1X1(JI2*>23cN@!Jk)jpblV=EDmcG6V6SBDbM*11GKdu`S&
z6hvk>-ym7d-z9|DUHUt;Y{&qapLhF*IK*W%Vn0MdB;t=N^3HC(HB1rzYKy(<L`m?}
zF;HOMPW;1}yx+oGjHqZmS8lTte9M(LWO$U_IlNMS%ljfUzW6hv6^5RBJTWFCzzc}J
zSfNSb>4LKen0V_8TusD)#$i}A-k<!jW;ASJ``S8<G{|u@v-S^uC4t1!yu;SBFn;oL
zh<?WCf5=EP82}KPa|RU8d%KixTvP<ARlUnl45C6-_j~a5f@Rvg19f*?;bh7NbuxRo
zO&OxEKa*Obt3|Go*B_0=f37~~W>#DlpiX6uq4*_P2GjL1z<p>=TUild`3z(zW7;gI
zWTn1=H>;dZC#Um1T2s(z&BmvfRmtu<twddY4*vvjg5>_dX0_Sg!k`o4a)S69fcZ-(
zR9=Dyp-EhLbGX_I8Ds`j9pDR2!mNs7reor0u5_4IQht1DtVL6kQfJoDr|dhR=GeZ-
zha_AXFTOeM=m?iwlP9rx*@TYkt8j65(@`6xppVU#3!g>nlM~;QUl}k%X+SmXA`*w`
z&&z3Om9|Y;&Pa<Y$BQNEt!6UmTf_N-R?zXcWf7c|{ORFn;2_Fr_yKjr2kewb>|MVW
zWPtbD{A(v%JeVV{<~bSqQ>3XJXDbuW;=L`*T*-GXqW}>27X>C86^N}zPf@l1EGMuF
zraK4Ci3gV?vMdprbL7b)sA<Si9S925KddgD5J3l{vX=j|(6@moKET?jV!=Ye^3-yh
z|6KO~J5_WB@)9*ONsOOX8<hc|kJnBMkIgy$|J8J2^^`6M&e1tAHoSF=^Fp^u6rbhH
z##`%;`@aeYC^Jg}TkV8z9qE4xO_Bxqm<SsCL5@3HBg<S)8jVqhRYaXJCFN6H{@s6i
z^3RfjJn*lZj|%=|cd&jI1UxtU?Qn#qnA!T7+K6@42mNZdx+h>QEhYSuUw6R(Siz1+
zn@tyzF@H8Y6e_qq^I<66f#>`B5n)`mP8Q|SK~9CS++uk)Je~YM*yPVxlAQ|ZdNV<p
z>gN~6Pm!v^`oQC=n?E>MZwW(;O{fR`m2nQ6IAhy(2DT+r%keI2cZ_WIl{>piR>1V-
zjU^`VF-lZit%6d`K-9+tRc(jG%pLKgf#=FKpjUAN?EHjm|1crMM?plwx{^?e`nweV
zv7RUcvg8hYS@7V$+=HkVF!u-W{Ua*={xM1z=!z~tO6~VA{=#PnJ4Fb<oo4Gdg2q4Y
zxa0Q(KymUEvW35y_%HV$N<`hS-(vkP;D2~fb`;RngSX0f|K*;~z{b2@D!S)Cgz@`F
za+AB#CaVTb(^KWoWwvf-Jx`eAw60bEwa5RDNiWhUS_Z6Jpbajj-u*Wn@$U}ar2&(;
z&X)N}6aD+@pN8_+JP-|OX^Ota`9FM*5Xx5;K<+-#Ir_iEk6-Pe6zD1e?H^<O{o?`y
zf>pP#%=KTSMK1ap^}mfn0~kl+QV!_9j052HV*WL^e=78U-1{8_7^iou%*yY>`^UZS
zuzQLBvo!zvMg#QEad92R7BO2~e{1acxcFx|;a8#jr<DxE?sj5EZq~n>`)e})g~$8X
zEy5yzAF+wZNdSxka_o+RSlVCtrSAurE)-GjPH~>Mr#g=fsk7U=$Uiei-X>&uV|&m2
zomHt_51253Y(b^o{rG6|^lnYO6PN}q`E1~gr}j>j<$Isf{*4ly*94ppFNtuOxgW|y
z_hNWRasWENlvMN+2whb3duruU!;B{ccxOKP0p{~Kj>w3y6;LSBLZShNtiF@fdqFky
z8X`>}Vzt=kD@N!qp@ttzQ|OU<z^c*Nq%26B5bR8ts;0s{V98Qd%#LuoJL4RBdFJLc
z5zpv1dhfj4YeRN0C#|6JJ5UdmFBKMerostWj2}IM$R^&)4G`gS)k;Dikf-0R@iQR>
zj&ZJCA<)`1v3-SlMZU0#CtOM9)S?H}v1;1q`{(N6_`;QGpIfwC7YkcIHJK+u;s9Fm
zVzSN=Au@KyOCYA(Fk&RR^pvU(&p6S11xh86@}|)6+StkE_&%_iZO-AkvF-FsgK%))
z%q!XPIDp0t?=beMpK*Rj!F|}yO5#~+z3-$IEzl0ljg5=zDz<2vzNq+K<286&f4Zf!
zIsL5Q>Cc!)FPE+bC$0IB&&K|sIPwl>DLkvCtPuN+ty&<d$+*P3+A4l-Vwt#iNg6=)
z?{T)S7+|Ihlr1-fkL|~q0@e#ZWqa`=ZzdWIUZL+}<`|O+J4wG(Mn|}kFM8$1#P~d}
zqUSoAJql4B1*97DHM9`Jd0qbd%!An|4Vj=>VEiTcGa20I!cO@g>a}^`B|2z>qal2%
zv`L)a$#&OFukZ&e%7RbAS@00ckt8~xoX>BvA7dfezTtbRDMyF2sxIxIoDg)!u^YvI
z^fQkA;R6b86UhQ|Ccvq4-x~l*d`L0H(mWFSKfZ$v0$i0M?GC?F8j&Vhx^fQn*BL{~
zKeaV!KMn^J<y5ogM+TD!KJlk_rblv}6%ID#KLbF>6ifNYL%?0hMF6yJ)*)!3_`24w
zH~m{zX)Y_2)%q)Ier*r<5n=Ho%R+>-p0Sxf8&U<h^3U=gS?AW<Qiz%@ESN|FkNLhf
zPB*7Ph^Pqx`^7jKjzK6yb7iOXYduU&=s{4QRdu)ax&G98_dx7z+7<h;aBPx32S|iI
z!fKqH2Qb&Turph@b`ZAmPA~un_IK|w&`|<b5+bN9#|4-)NOB^Y68QbZFFWxCvaLRa
zsKnd1RKO7onJRap>6iZ0U5(pB0y6T=gF$K<&Bf=_T|Zgvr>WjDDg(BKf8y&Wh%GrB
z$-<A=3->wRzmI)_`^Gls>5EY@w3krI7n)KOKix(JEw+#mkT=c$mG}R<ynP-F=HyVb
zhQ0};drJLN%nMY2?8p{BR9f1;5#in&9k5wdXBWiWp!=djLE@HHzl{hU{pli_e8Ns>
zsIbJkt)E_Ump33!C>V1web@vM>huA-)+a2^dk^?<LAoT#KA@r{rMCw3z;9)tXl_IF
z8o-=LWIk*cB5FnSLR}i7U-h5}Z~hK=^PiUxPS#-$wDgSsoyCNg?VDkHMdYF9tLlRH
zSuyIr%}BQhp$o<!!Vc!wH@R8_*qOuDg2*Gp2q(cDNYB;M@WRWK3A2jWh_Q~W_!~96
zzR!k0VS@Ppun+P$^WNa)EJd*4Mc&o6vH?evJ9e{_FP4n=G6byK_oE1SL}G8Fs%@$w
z@6-ii_j&<02v-^y7Z4zt_y81d`=b21(oI1qNkaayZ{<vEO(x!%C^{zSJY&;*Hlm6M
z<gd*KShEX&X|O6jn~+6}uJ7x&?kE~6gx?OzBINZa)707xzH*<V!D!dDKS9R_7t`*#
z2fP;nOXG6|0?Cv@*J3dd1$XkYJ_*bP5$-nAN!lDgcQtGnoR94*>pGsb#f2bp_G|?E
zvrAEVP#byXD=Xd=<=2@5fW^uR{et3yjfhE8SapjfxD?zo%e!W~vxt}kv<<GWtQ1}C
zKbzvb1Hgxj9K)YW7Vuz03U}Oys`xu1O;f<5zUUwj&MLm+SFE3&d?~~^<4h?U<au?y
z1w(|DODV1fXDZPk*R2f%hVerKf+X4lb!E|aL=%Vr00Np=i7KTM1AfyXOR+26MJO<$
zxmo;A4k@MDcj^U%NjdD70`K>cmI)0PJK|I;&RJT@p>Achx*+2ai8KCq-Q?Ndn1e^K
zh=vGVXsVn*H=8u1SBDNLL|3m$3P@R@mLXSlhb7iyveFgh)OK2pKZ^BXJAxk|ub}i#
zzZNrU4Hnn(Y1-{mcCt1SNPWcp8LS;lKd$yLYg*j>z)05#PBM=cToDPz9I?+;GyA!i
zfj>~c4Bwwe?3TQY35)<V_l+9+IR&@xa&>ueueeJoVSg$$#%jNe`9ft_+~|n?4zY#t
zP4p*P>?5KH>TRBmkT@{?z5J7|*rCnSj{x6$_2BM%HfUV66-&2HRdvdY`Bmg6Jzd?B
zmV4oZoz2X8+c(F0Nvo$5$|0b`?7k2@;P3&vl})M9h|C7w^QC5r>bgGQE!Yvujk0Q^
z?D`5(t8oOTQrlCku0>#2{bOyrn>FLkZUcI51z+A9V;$3O4TDekG2O*sj|&52msZs@
z1J`G`h97&lDUIY8tT&0O%+lfJT$frEWAiO%>SU*j#EXXBr!mkBG>4gu!-vYpY>dT1
z<CM)tr5$(qH3<8X7<%(==(HSe;_jOc6cteI)ZyKysH>4LVVp5m(Xw5Q=>uoZ=oZ}e
z&%5xmr`*Jk=+u-Z<_E2@`8*t?Zlm<zz#m*pP&@*j{^*cJ7J8gXyIs-LGwY$lgDqz&
z8*h{9%bg)~z8|1sY%%S^VK+_I7}Lw|#gYLs4pAUq=Pbp=;+MsDny2(xW0**SI(<BH
zH+Q=yF`4qhkGvNwa5AN_YF!W8zToKRqn0!6dlB?jeAkE7d3+YA#ovb#9vjy3(z8W8
z;}w;zaLoSp{(Q*ld)CT9wq<)_L*2njVEn`;cjS2w+Mq#p;U*!3R?@Nip`*#+>Ot>U
z#|A*SyEi99L#E9vnOJi^+&j;IN|!_UC_A7lrXUQ!C~xsH>oK^$19=}=d23&!SUnl#
z!-zj#ySN5UGtGHuYd0J=@ZFqd<aIW~BJy9_DPjf42Xl<=`fgW-%I*%&^S=w`ED2xj
zi6ezXe$qW`lUGwI;F_OFotCtak1&VPI|WhK!qo=?*YSFFIv_!0)J2ILp*)oy+nWc2
zs6!|1yUV0zW*`L9AK)oMJ~1Q<(gm#FC6E5O(<FzBR)`JOb@kf%hQZ&dZ_B9D#A7oX
zNd|zZ{*Ltdukus7f(heBMK2U{CMT7q%OH?(ok~R)x2wf`UTf7<!Kl?Sfh6Y`11z2)
z;q|LP9Ow2p0%u?D6H%?9jI7=)+m|kNrxBpBz)&8SPy6l3Zw@POR~aUch9l{*IKDjw
zo_TvOon?J5oTz);ELEdKY|cu3>sb1=-Ttc8SRE-v9dVuXw*5F`fVn@@>TWi{kIY%D
z*n2@KJF``D$5XdGvEdSP7NlQIx@S~wsjU*LHSKQ5NgpL)Utiv!b~Z41ihodUUG)gX
z?@aVKHV$-O$i*^ZAJwWA_TbwO_7-{ZiR&YtclY|k!zc}v`rW3o_r{M$jg4_!XCIVf
zgPU$gunTJBNqEF3#jL`pj|9e6CZwqpAteR^tS%{S5z+DnUZj(zIfXzzI_Ct)OF5et
z5$M8bu#G9|W>4o6iP}%cdH8*|U}-&*ruCAfKmZKM)@TM`=R>neaiZ>1+7wgQA~9GW
zmGUO~T?^Zd$Qc$?J?p^Fxx+V~zy@9%4>ZfloYXm=T86JE^LB4ov<X{lH>KFbrLyqT
z_U6htPpUME2Fr5|5f<&mQ$@alP`O4=tyZ1foX)Df<pI`E(U<`w*WL&9*nGP+hbEo!
zm(<_GWIy7d#Q<cn$6Yu2tCHYm<c*V^^%tC~MTu<D^O(GBOQv?i3jCi>=6zD0c02%4
zh=$(P3QlExgOyNgM8<Qm2`Zefx0`MXvgPiX@<AQs^}tg19HrlIz2&R%cCc42P3H90
zePH>~;2!?qer@T`)lnM<4Ui{i(e+M~M)`R0$8O!U_mO;d_CG9YOsAr-!3v$DEGhSG
zEZ^u4ce6qWT4e$;2opW5rjrO@esr%mS?SgB*(@2I;~A@O+TTA}@9zG3y@z>#Q4DRW
zOAW>bHyZ*p{jtodoln#N%fJTXZXTW8#!wBv|LBE`_e4Rg5%|5Z1+UeIAF3~#Y{ZZ*
z(WYiD7Qd_XV6C~F5LO-XK_#?!SY|3iuRz~lDN*I~Cya7da9%qlmnGWHE0u?a6t`9~
z!wO2@QY{ZR<m3kzL-327eJG{Cf$Fv7&JS<P0P|cI?JyBX5ZH_0oTWR(BM|p2u8OVs
zS~r+F*&20~rB?TM?ZCj5^5Oy=jU$7;P4-XqURt%wLKBN6T0otUAk&KFMk1uwxj1`=
zTc(w~C))TDn})*U+bW;&l2DMgDjrNI`*hYI#k&y?^Vn|oM1fx)6MTW9Z+k<E|8$Yt
zb&?fV#<UTy+UPYtn=NHgc+N4F6~-gBHVN9p)lW1q-_TQhDQl91hV2p^p~lGD)i6h~
z-CD=7;%Y1-qumszE1KQf$ey{9c#<x#zPnPQLW1>p3@lAU$uqXrcRYLSD)DGHdk%H=
zY3P>6s(#VVQmc#afB<%;KY#NP7Jz@g-bVwBWUK^^yA$qnL&tpYxWCXx8%CFk4Srv>
zsxxB|ldn+)QYX-EDoOG_YsA6K3T%b+^NwE-TkWrrDf@myPMEBZ#L2P}lh2{7y&$nV
zg!e~#3u&RZU|4TyQd5e0USFRyoyr&JmC_dyV(6aE7MM+VCp8_{Ri>U<jqEqoyTl8e
z&gdMq$H@?W&MU)t&+U6tVE(QzJukf%Y;hgV?s&^;wYr^3`u19}?$woJButD6bc70N
zv@BjGy<FBNv-f`GmXCL72rfLX%Ym@o+UULu-gn;k)Yvxzobof&su?DgjB0TaWz<X|
zA&T5o2O|9L9MjK_?@W-1PBs`JYsw5{Q1!6GIB$PRi0fRo;gLE^ljct1$$3=w);z3Q
zz{|>z<+Cr3l-_WDDB<<u>}B*NOzpnutX>6nCN4qdp=?ya36?I)#TVZxyi@7!aS6%m
zj{=fl6Pf3}mnkNF8}U**GtY(=QyI2-&%1xnSrX5;TfL!CPL2qW3Rdq{tCAlb@jgnz
zo8w{GY$$LZRWdsV4GKCkZ=kT?;i(No$a!2(9gJ%9pj51!MBQu?I}SD(RsavoH=Kl2
zUM-(?xL|9{I5Ttr<Xi#+dO{-+|AP~Ed(D}*y0htij5`yPq*f>6PX@m(Cw_vZr8S9R
zS=B<E&3gh1>UV5g?Pp!2P;58tG*ViG<k1F!bCoX;<zaFpWT7XS$EM0mvCHV3`p-9s
zw81y3UzCc#?9TAmieUAJs@LBdJAw!BsJ#ne+pnoIi<=wy;k;U-#w|DtP;XP?g}dKh
z&U|g_3lt47$0$7<XGXDB^2XCQ_;^YaK5;!uhq7JLE0<n6Mx*#ehLGZhb{Ta7p8Jht
zI7fTd?(_)P51I|Q`Ve`+W|m@1NCQcu{%PS7r&+R*PdXc?`tIv(c0=*qM)f~-1h#fM
zW(M8&mx0sL4}f8Mi&_nl%MiXZTg*+G+;$_|_tM{tEGLuoJj#%4$i^4(0FMM<lSC@6
zZpnxT>l^GI3AJ+c^FKSLX*UyLf%@ny^DT_lIYrzI=M+`F+`6`Z>0euC1?0#}!cH&&
zTFIb#=89pP*41gL>v^AGSw33PwccdP6x(OkrwZr0%jLORMUttd#eiZ@>d*?I_8CWB
z8(LK4tF&w*9%PU)$Yx_!X0~01&Fv4P6Mbp09vFMu{T-YMx>CfFkPh~BbG>Ifs|S70
zDC%is@3x!v_*swf?%Emv9esEfqA*g0^@<CMs>o@9XXhiCy%7%~Mgirq2ZQvCc1MS2
z!8wa33Vak8y^+Rt2M+}4^Vf?s2)|ICpdON4Zm~F4&yC^Rl)h<nx&VcF<GBaol$sq+
z4PH!)_!BDWFcIn<JQ%d(n%#yC4mnM+4HC^1pt!`}n}wEY9ka7|&oW5TJ>o1aTVBZn
z=wgNQX}klC%_aE7Nl(WgF@>?qOM$02GV48U6v={*JeC$;P`s#4NoXXgtj!UKYO2|L
zyxc~sktml!$!Fj*hZ$YBcfOhYaO;95&D#*dB|zc|uql>$HF8GnaJMgx8hJVmcy=wv
zJ;U8pj|g)tx@<kWdPqE`ona@=H%pEMx2MQ(VbgN$Q6g88L_?--AD%tzgr?TGlP_aA
zNKZzW_?vp$ShEzGf^X$|-(lOlGTD*<4)_}07%ukwa&ddbbl%45G30|fsS%1Ny5+AH
zV2=BvcpsTZ0wCVwX5!5OuUYLL;`fwZ6esCvnb1}q$*v_A4Fyy>hMK<I2P@s;@905y
zw#l<2-kjzOH|r16ESzG|>1m$<S96RPpls{IG&F7pH#6zydC^keGJ@l);cp_{Z>u+9
zb=pe4&VA&b*30_>i69fdcgLyx>zzOK4R7(Tl5~;Ubw8Su7F)P5g;9=&CJLwtSJru1
z*ge7?nav{Py)N6m84FKL718Tn*RdCp1N@al>jJT-MJ|LagqI2Rv<$!lsjgcbcDrrZ
z>eHRj(AF5oK9QM6{h$?(wh~}&gz>7a;iLqzQE<F@^8c{+mO*iKOTca*5G(|UKyY^p
z9^566KybI<9)boKBxr)WLvS73-5myZcX!usPmaBEPO5HQ`E{%IkEuN~d-v*Py}F;(
zi<Hp6q^W4!lQPK^oLg>LzWJrWtzPJKoRLRQ3nKxOvwr^Lj&=Fu_^n_m911X)>%W;O
zxTF@z`<dO6n&}AR=*qvS16Y@|&Mw?1gQD~=JmbE-txRx+y|b<z;dPiK<hSW>Equ35
z9FwUf!$WcwxFCQ!n%*2fni!1S71u!ss<Xx(ow{D!<G8h~mEj-N^nKzW7cF>AG*B;{
z+gTU7T)$kYMcb)y%eW&cIM-p$FI4CtRqpp8Z)Ys}KnDM{HL552UYGtlGk_y*EZMJj
z7EdtV0p@HZV9xdk4K6m}kWG?9vrJfeK4aSV{$X&X#NCrSFgG{qr<M!ZXs^XXpV}z*
z8(7eF@8dL(h;SzE_d~~L0FoYQER15i?IK~MNMBT^qp7Jsus0)qe_<YgTB#i^#bx^v
zNT`K&JOjE2w6j|a+5ol=yS}+NietY&a^AXbt_6q`M5WieI^J9z;pe<fIJTQL961Zd
zYy`tM^mdUcmWOrJfI~1GdqmWY&<Wm(jZPMeIquU!z-bac;to)wuSKt+4*H+SaNlS|
zE<lTXv7a|FQeEvzKRohtZ9NEtBa_9#TN%LBhsOfp)VJdn_Dr5I(imaXmwdIkGF;@0
zvJ`EWt>bSgCjiR;&3UZSjQ@lNWd6lsBtBmApo;wbvzQfvEZyv&J5ZTs?gVFM*&H3*
z3m|9C#s(aolbdn|-c#|2`xs<X<mK5o3zspOc{6Qp{Q+3R7GmGtg*o<0OV3laOq1ni
z-zg4i)@=2Kn*%lmv;elVMdEdOf3ET5s_R!1>CFzOZ2BLH_xX0EPmX$*#Cuy9;-?5#
z_pj5fzPgyrzB1X?r_1IJ1oj-%6V6uvRzkP_yb}=f_bu$`p-6UnKBii}PG~dqvDRuO
z*)^o#pz#G~5PBf`p4Vnqx?gE3=78J$Tjnoqv?7q#F5&sR(=1>5z<?_V$O>4j9PNO!
zAPU+u9R#w7`Ss%m_|x3YL>tR-;F*3-bxj_7D3t>8t6-(t<&SB0)X`T)wXb`4w^?_l
zGUzxpT)ro(`Wf{O@M|5of`Dc6@!pov7WM9e+Fd*@bmkZh&CrGhHlC9KD+MR(PHE=(
z%dxT1wH35{a<2ks?at}->MZl7W+21dM0E6%NMok2VVJ>^+cx_<r2~~Wqx^Z-*dwc6
zn?G({swMhx{LCk2tSSt?9b<?Te-_qT$wJ>FaW=!P!^|!CfCDEFzGAb`&wpV1sq#@C
zePcW~^TXN>3#3#y6Z62d_-yT`R5}%-%&FaCK?gWE^Q-!KSu=ti$hVWQf<GaVT-jko
zzOLVkIeGbdP>4{g>ZR2{_6}OK!lsggn5kmn_*ooH&3t<e>-O7y6y*;cjGk{R$2q8g
zZKU(Q;Q1Q<#x^)|R;z2rjXVNzKQTXhAzNMG2<jR|^@FnS`B)QHWG6wiwZX%QTEtGr
zV2Gr(C$q9pD6Ano;N21`i+_Agq;w~i=Nt$)Os4JTHsp4NSwNn$sPdzUgC*=10W*Qu
z=irpoI*px9tzIC~?*usN1?~Hb3n~rFwoBeGyiqsJU&XR0F=_LTB><Ox@&@|Og=Cx@
zu}J5W>~W{DkCF?nBcoGQOFM7(rD_S<(10m1hz10WbACjE6~s(^<%x2caldHqaw;e#
z=B@WCWUMm-nJaD?X=vmoZt)8@T2bf9RqXg<r<I$jL0WSHBTX=_w4ddD))5SEZXFr`
z#QD>`Aq0G@T#a@7MdJwIs|fx;$Pw0fG<jMuydvH0_U=i>PwN-Bk8)Zk^hgVltvGw&
zM44URu;rKq6mP^YYIJ-Ohc`=nG0>>ncysVwMCC%O@;SD-k@p_G^3a*|U8I}cIedj0
zUFwUJ_=c}x7^$>Q0!LTv(La!R0dGU+jArQ}Mq)znW_Kkv@igLCF_3O$R>*eO<)hoc
zcFTLhNz>zoz-%}5F?c0WK}SshuMQG<>%D1L&#10mWrDR+)2ce}OdlgpERt8->2tCn
zny9o<j6-4!`00e?a{`~QJTpB%EpgtU>t?>_Uw_!=y@^uF#bo{!qX$BV-xx$7z#8!i
zFt_Q2&)OB^5=r?9?egd5`>L3XYsUixd5G1t11FSM*%bAW*6kKjJnBcieJKEUYu&IB
z!i<Z8lAn@WgQ@P)2Q6)Ht%c7EPkGdp*sXL+E$>=N=Sf1(!V>Us)89CJZ7>$O`bj~#
z4c9N(2`{R+&}Y&3Fz`gJpMfFl{$d_`E%?GWT)Grfv;RKM^cFd4QYU8{*9Kule3~59
zE7y{Twftt^%!JS22X~pJiDi#s*8mLzla<$d4n7U3{24Umg4CVF3;Gvcn|5zmtifE~
zn<~-xK@$*hLZip5@JveIcG7AMiGj>PwVa{31~K1WQM9~&$P8p@hF9jGvY8qJO#KXC
z$#i@Y+Np-33>K~&+pr>i;Z=E_tJq<no#JA3UtlWaSMhq+x7HGVPs>ab?S=ZuwYeql
zk+L<zV4aYy!Tv_Q)ijAnu#`D^SeG|?A{^@vz~hLXZ3!!gl{(frGkL;LHm*ibd1pvc
zu+hb@Su^c7V=9^*TFKV_BDH?p4gbBuiX-2~x>a$8@uKhttsPNdQZweJ<{@PHV0%ve
z_`Jy339yq`g(^9|YLWt*i5CKDy{<YegzRNQk1+1|X>pu-y-j$t`GZa)b<c1M-xa>w
zE@VzpPljf%BspUUZQ^v|HG9~b7#EuEe_UAm^M}h!ZQXpvL}l4Te+WnL1Q;NPqu;NC
zm3`6o=rYE@k!tdt6c-eLdzvnG(VTk%Z`(-^>Yf-arkcP5HX3))y%#z~qf8>9RVypm
z@80!PUP0l~x;{Hh+vRN_*f|+|bCWrUh4rks5oQ!Dl<eyxJ|~=G%zHkIvKKG5^CETT
z{xH$}e98Gp8oLW5SU>T_GlPklf<R@x<vo3(dZC@gdQfe~6Nh_Ci`}PIKQ{sU7$X&5
zb;Z)MCRnKKdn2p!6U?C<<I-Qt7*r%UO+Tg8qg0YkvCbe$5i`}Zu?)Ui1-RMs*ihL*
z*&J;x)aS~RKT{0LVcJ+jVkmy;7K4ZII&Ohc98d4UxT!Fkh^%Aoo7x(kS!pQmKCtgg
z>8|)hi6xJ`y!6`Y=B|?cb0V0`olx-3I{p4<W8LC16&9T)pOf}<?9nMjBH==^ON~P`
zungdoMKQ6uK5miH|DdHQi(*!9*{;^T!zSzb!mv=4bcW}_R#lb-q4Oz$sp#kOj`{Og
z%8aGD>QGZ<b~8%|n4}u$TZnN18adAZdnb25HPIIoz<7+uvY;`H&_aV_BIIYU@U2qB
z@7(HrE1Aec@r5h1QT!fVpXEUVJ?`DDJZBM3*I}(ZLR_P6b;t47&{Nk{7@LQNfic0y
zC+8m-Av3~i9yOK22>Ee6C_~j0M4wfO#>H$5{jX0^rI5Glqj34}=FZ1Bu_m1v>_)OL
zxXY1IW|z8#t7S*=fyI1Wbz_oFFu5~-Fgm`VKYIN$cr)lM+47F)sn99lan9G-#n(MU
z1#=KGD3XcD9Mpy%y{OOY&m<{T6CJ(TAfz@Ql~}i|2XBsi`Cw`>w{j*6*ip~~T%_T;
zdq3tcgILC|;uIb!Fx4F8$Fd*aygw0^czjR=WS=abMWal{{JNM@h)@x8>sx%PN+C5<
z9*qsUp83hGW?!3?6e4D`QDq8S`SduL6qP3%?Ulxt!dJBxm9`T!b4tyQS<d@KXg#ym
zn$kN)bXgA5?fY`HZ(fz1`Ia>hr=qd55(Q@(%4bPHqLV9ku9xm)EejnwK1kGyK6K?~
z_UoTl%&7B^Gq6DU!`R+!^k3fZJMJ8>xV{($z|&Yf(Lj#RHO-mpn!!daqW;w57RZWW
zr2<ru^IS5uY+(2Bb|upIm=9mqSYzU~1B92#;-<B-<J%Po<w0F<C>KqO&E$<vVC_%A
zqz$W~)&>hhw3uKOVzrCl>P_tmX*=x<D?+GKzTQfHC4wl6Xu+)7+Q#j%ox0|l$>G|Q
z4x`c<vmu0oYg{YYjSoE~xG1;xt^4fz8cNf9zj{vZ=WR-$zo-=b>Ms#+Ekq(aO-`ao
z9i@g{6%f8xZ1d8y-!HBcPZn?#n@WfD*Pm`(Etigq7tRDi&9U`w4%iT`1?O3?v$yeF
z78;K$&yv2`*2-}kgI-!&CjnZEeTW<0UHM1>bNzy}eatq!n*O&uK6HmJ*M*0l5(1f-
zBU#_C8-k-<7XV*%<=FVqvndb_tJTSFxDs4|KC{vgKjGJatD|xg{b&brMz@@otfuA;
z#J|kNnj4G){`{K-2W4;kK?Hs1Dw0=gO2-=*cgiN{L61rrywL0UxMD$1iKiQnPyom2
zOR%mVpAMT_)_C;k!7^sY8<B;!!PT=9T=jwKmf<^qz(@UZ2{D{Y{gE^D9VZ!%6aGr8
zH!!}2H2(8uXvdnAR3+^`bFFcpt+Rt|btP(eb+WjhmhYrCaZOj%dW^Y@SW$~zpX#q=
zxf0y8?XKQ*>3w`nndzYuPTD@w=rm)J-^y8IZF_tnj?|CuvTPv00_d17EN(jqR5P`7
zGCJL-^zRQpx((#0h<f=cDTsrW&vmRv%JXGM!|)kkh)%`hmQN2hX&1i(!RG}t)gvi2
zHVR7WR(S;CGnQA#=HY&roBt}ser@1lj#&$~F*(+{>EYL`?cR1eBmEk8$JYKNN8VaO
zzK)Q~^oXTXC4+%|+{+skSF|VBpi%8h+rXBD&m%D0SIZo`o8Zo5b8#tfMUBg?;B4s0
z6IsQ^v+YJct>LB*PIGFb)ul+EC&#ZlCtOUs$AIw3c}>RnaPd3Q)^6uLJx?rCeD>I#
zM73oH<_Rv;q?{X$yH#N`VoY^D`ASco%H_cC*JR2It6T`ze4n-J=<Jgxo--xkzV1I=
zBU(Z3sDoYDcV@BT|B+NFHB(Vq;2BkEif_%E1}mGzl-w;x`UObRSnso?E-ColQp=lN
zWy#wYC;42I`QTEpB>jO83Dp`J09#3no~{djxTt$ML5sq-L7%|A!?@*gLR4$kgG#FZ
zVWh;pVV*}&8!a9kypjWBGp6}XEx!YKxLmoQ%x&iMAXV*+^9T@yh^zFnXG4>lnB&el
z%ew|8l`RNnHW-e}6yd-)j%;6}20WTyP?5HxZZ9{TX-qrXhtwH-E7}KaSu~|=tF`y+
zjreB`xl|k+rkl3UOz5Ja3z@adJ_E^h*Lhqtecw)kuxpeD>#?bf3c-h@Cr1RdxoL)v
zf90oyj-Nte0N={DuEp>gpfsLpz5}a`i+;NgDNy`4pR8h6Mmz_>h{B!B4f5o>r0Va9
z;#%*N2aH2W#Vr0z){lt|(wnfBO1a;j_V>+7S}vY;Dy1OxL?~*Ie5K)2M&ImKuWeY?
zm@G=6Pa7Yp`>~tR>STZ<vaa(k2lZ`K7hXP)nS-gZ*3etgPr8!{Nix2LN~E@!mfdY+
z^pSw~a(>vS6*=98&4nCP^8P}%nJ)o1-dwcG=2XtBRmh%B4~5HVHI|4@Unamm0o>i1
z&UjYj)FbEKVz^pi;qoPfUGU)fJH_f`ne=<2bpSe8&K{<O2CE~9plO>)MGDKE@<cdG
zgnp91>ehLH{orrprQE9{)sjXlf*#qJ;iHVpi8n#R`=d-5nar@dn5nUk?*R%0{03?0
z{&~i^3V<9Gi%j|e>j89TD4>ITXu8S3Q8f05Gd)Yk(%W`1FJ-0=Z0e5JBL53xXlcHv
z?ges8J$`0=2Bie>m)|YgOkkvfp1ePUR>g24G;0@*|7L=%6~$gJ5fGL)9MmyTkq0ON
zb{*_djdi6bs7g=R#-Kty#VLDg0_0oqd8+V)eFVxxuzWsbP6yUj06)O`0&u&#Yr_=*
zd8z)d(*grFz%tinc8l%*ZeX6}U+@kz_O8$D!H$0uvu<SY1<Tku4g-L5`k#;q^y^x}
z8^0OJr|ko?;)b}hc0vp1{?r)94rrr+Pe^q>SVJKOcT{s6I|S$*&&*%O?LQK@ejoWV
z@aP5bs3uSKR!u$2vBO7jm#2N;M`)I)_WjUD;oy0>CjoKzpO538%zc4AiuHAXJA1PX
z5Pz<cSnrE5?>5LOPP|{JH(D5WFG*L2)&w&&_m<c*bv2GS+{rS6qyS4i8`?BqMldd9
zR&r;ld$OY%;8GHcg<~pE#r>pbQo1jFs-c`y2b#gOJ%ANj`1<%jcOPUE01acTmGiyP
z(i8UgX`1yQ14~85gExtR)vq##3K|+}fahp}`dYsLwpUSr?b*ezs?19UsSE(VqNvc!
zWT-qeKyoBanAi4{9{@ZeeMt86V*rc5ebly;4j_SHV&ctbzkm%V-jKHu&_rSBMY2>d
zzetqCM|35B+zF442ME-R-D|sr#8I@x{Jhx=!G_jRFOGrtlVwJ)1Y90I6ud$((-=wN
zKpfh7gWPQH3FS2qY+OcC06+}5QwAlm1yG^%jo>8=FB?Y@4E`kRCZ-K7>J#Fh9{@Pg
zR>!PL9r~P!LjkzMQ^X+{yiwMzFz9o#y4~T5umOIn9pJYJqi~v$AHV&&`5fp%(4271
zud^}>Oa7G$pwo669uSfhr`Z(6hE`=IR=Qr-GGoLTE{pz`kVfxEGAIF&prrs7M}Ux4
z<|7&6zwVSl^P&o%LigPeAHwj_140ta;_Tzt<oO^FHDwuD!aII8D>C~f<RTH==_nv1
zv=mXlglyJ<D?@_bQK|Xm`;-M_`yNK3oeE%*A0l2}(EtO5qUxtrnTSU=w6b!mc~5^a
zWwgS9b>9KjN80Q8*D&H=cuMzR+ItcJVSAAxLI53nV1TV4_>0ZplmhF=>cWe{pViit
z5T8{0)O5|}0)p~`p%fkr;U>-|fsie#09rRS6ujXgd#v?%PQ<SOW-|erno@uZ%D80>
zA&RM2d7yT@&D3LzQQvw?(`@|0hW7PJjAi{VOl3}t;$+4XJ@HB}rhxYs`e=)v(q|Rj
zC}bOor1W-5h(twq9rDTv=$&v8K#LbZsCZJ_j%tqDf_9k`s}4iBh_g#zllNo^;d1ns
z#vMb<vds{O*x>l!vh1LJ3H_-(svQP#jZc$}8nk%-Oz}(db`R*2Z}nm=d4U?6@q^3a
z?E^0c7;v4nLHndFPNYs5;KczX4XXc#TzH8(W!=hvm7^j8X(Qo!&El;EJkEn0(AH!M
zxHt&Vmfq%Lw@>Rzi@sGIT!6NiPCfXFq1y5wSjXAI0}|QkptZmIrLC8(nxu(<wlH=R
zpb0|-uAz03T#P6w1!${BB2$|m&=v=Upb3TzEfs03*4-~{)pw910^2p7wNPam5&pt>
zcsnV9)F#k7!wAsQDMGs;yyMG2DWDrxsX$3Y09O=9|4{{WN9$rJhy<mS3P>b=L<2;W
z<})O2xqt9#@^BHRJwTl?_<G?(J9LXElwg&kER?O{`d|ejZ$iy4bQIR)w4ohsJuusd
zRc}~EwOE7d+}9rYa@-oAg9m*YKK(-0?i3E;o3_8XsIt0!W3)5NXukwlQ~H0frq~|W
zf$UL0iptD<J{l-h*9Y*LZz^v|r0V<V*WC$!$#?E)S+yhL_w3^GX381*$n)?ojyup@
z6!~4rE4YuKFOy?}4*sJUP%Jty&Ms`W=7YR4HJf)F@XQnfS8Z;{?C~qBY+55rZ-9;4
zse@KT1MxG9cEq6+e5VC&z&-(Pq&=HMLRO}ax)mJ>82jR31p)w7)PIUf4`bIq^wZi|
z!!{k$%-C$@3459FfpaHNbkb*gNHOZbW3;*Vp%`IdjIb)FkS&#Oy&4w~q6P-kZ``bu
zve9_G(E~3vuVep%<;%Snpiev5=7^rHqX?7dmMJMU%eZ{15KRCl8Ez&<{-fNgW-!SU
zcXIWkeC{XM+qbzfsN%U|KwoBajR=zYHQ8UfOvdv7L+I+1?3X)$#5G$F!`y*%$s(G&
z|ApHwj2bMU{{Iu#LPH6_Ob0Y-=q&&1<Nt?wj(`04p}*hPU9taf5E#UX`>!0#_mFwj
zrgw_vy0;mEvhTK}F+NIiiJ;4hpp$0+sS3Fqu%h-YL!>cYilB!oNY>QCzcazS9I%OU
zZsaayDFrUNBFIf^wcW8BqyNpULy|BonZSR!WP=`gZ&Eq*a_T-Og8849V*?zO2*39H
zZXle5`~SRB@jMn6#e3pbVv;z(oT;;W8(#1J_pc?0mXSXC1vz%?di>8P0xwHtg+U&Y
zy*{@&{;%@?^CtQcAfPyp-uZtk<G=qX8wV{c=!Wy_|12q>1V2aEm#L&lOwPYi2$2WX
z2X`Uch=#ia9;A>*|ML>z0i?%(#PI&+Hz5KM6zI2`p&C36?^*mPhD08^lWGq~s6Kdy
zQ~vKN0falmhA|Ymc}k8;^4p(%7I6o>FEl*j|E2o>ts1gL7NFE1pD@(W|6LlO5N}BY
zh^H}LC6WI2m4IZ(Lwv&BKEG)#z*l$}KhgL6kRiW+<z>JlZ{y??ec}HI``>Cg2=Swz
zy@>b5?_cR61}Fpav4r?{Er19{9B5A5sVz3Ye<dF&pbR6bDfItY|Ili8Cj~T%FT2F~
z`&TAImBA8W?)SUiAkl;YXf`PO5byV|gaFDo$ChLl`F)-H0h$$8a18qWD~$kU{J+x7
zntG*(WLw~lr7QYM9u_gGtxv{#xkDugu67C=DXi+ReBcoHqk5I^14oDIB=o*3pzkL9
zP0~egB6Pglj|@q?1)a}7q<+5-=XF@h!eFbZvR;vFbt)$l3)uW}+eUr$b<H$d6Qq$D
zp$~}?wVc0}G3-m&D4}Bv1FEPg?>&)Nz-zfwW5MqPns-IdNC&iU#h>BxVT$F1^jd%F
zj1s)7=`}lA?sj{ai+VP9ZA?4{?$Leu?e+CO_Y|2;=4lwQCQh}(LjxYStK>66UIyP_
zuiKTC{O^uO%RS<RnBf6iBgkII@sdRRp!2$Xty;n05mnv<@x**p=51Hmi`{CJngvZ~
zw5ohudNtPW7-Dd`vfhVe_VTtMe5rw?Myf1GLO7|oOphl5nuZ-MTb^RnFu8wMns{*f
z*Lch0)2)XGPE?3X6Rl>P0>ce61E1@$$hg(5R8lsWO(U>fp3j)yK3_#HTZixaD;A$y
zhnoWPx%<j;^}>sKlSYAti`9OP<sGKkdI#-_+w#`5Bav|%+@xj->4=Z>ki^#fl7l9U
zE8qmqlS$W3+=6q9qnN+e0}t`xtoLTwHr9<|FV<%9a`d{|SzJ%S+)Y9dsONG?F8vVU
zi_D!+Y~@FjtTmEtA-XdZ4zH7#ZLIx0Zu{<Jb>5o{_SB9}dtkyyedYmYRZs1CbN1P+
z1vsfZy!eGtmE!qc`a80&#&FdNP_zL3bsQzn?7KMD;xel-l`t~t)go_grNZ!bDdkDO
za<S$zNiT~FP15g#4|XdN)%9)<9!WDE!s7il<B5{5dfs`<^s30j-b@rMgy^PGbhk?Z
zCv0{+6WMrTmn(H&R~;zNu0D#*>l*j`Cc%j7#=(j)M~*_7QB6jwu{o{(dMQ!nj%zI4
zIOW#xuE>7c{uqtCh#S{G%jJ#FXpWr3%9C<3gCF`%5))Rl5zjPlyx4du3!O(?gLYNZ
z6P@M*s+=#9%8qwT@M`J<^Ebx#U~<1X>JF!TkiRQw&*pGg3O=4Wzzr0R2Xkmx;4H)Z
zwVyi*63KZR14-$6Eb}zVgBG#G#4)CXSmEOM$LU6d)vFw1PoHic7{~l$xW|xg((<c-
zxR*cE**Vu_{(7ykLmhq7mE_IVX&K2>x9OX#8D+QeX_)MLMyWQ6g}leHa-rsgYCF;k
zvJhJn`JDXy%^GaKq4T@u=~U&3isQ^_lKXn657G%dq$YA%5ih$J#y3J@@!smBYm~f*
zXw1Ehb&;!xV0eLtm%p>LfThogyEj*DqwI8nPlGNS=w37dUUA@hfwQ3lw!U8`Pn>$H
z%b9e|js|OChxVGRa<tNRm$aeho`Aim5)(=J{<;=(O12~XYBXQ%o#abe{RQuSCan-0
zT}BZ=-yAM{G>Qrz`GMRQVwG_zj9$iv7nyf&t(PSPg3rIv>5^(74Q--5Og-TL$lt)!
z>$q#P*^qWuL_G^oX$?gOg3M+&vwxdkt&l`&&;ya^)JonvU2<bOQj0h{`>Q6yNh~T7
z>%2-;&R3(Aa@DwMkw(St?y3_tpR7}CNUrbda~ZgCl{PuHu=t+RW{g<V)l{LTqHvR&
z8bPnAF)`<`SQHTZMiZ%}S*@->xi<HuYz4X>zS}{lb-3X+$VGq%pOZ{LU0lGNfcZ<R
z>(qC%B0`h7)Rb63F6Vi)<D2XLs&rE4@%PJF%<nO>q?5<?gm}c;0&&IT*mBe8#7eeT
zwn{O(I{If$8_q}}&YZv@(>2$leoXTE2lv8G3nN!5GZhQIgR}fac?2^VZUqvMre^lk
z+_YlH9)u{8z@3RO4bIXXU4c3_EwW1z(rK(c;VMROo2uDc;21{g-Y7AeJnkqbEyI3w
zk{SD5_B_!J8~=e&gJ<eMS|ypTqM>jN<YDv~;u>L>N}qb*bcurT^J<yDPCWC^9rJlo
z8F^%ajq})i?GEYH9Ky<X*i~e<K)|^!4mSGHbg?Ww>f2^J2+s({l?V?v$~w#n+rxKN
zOE=|-W4{`KqtEVdBt`rP=xdJa>gdIT6GLV>Z6taksP!j*3V`q{@X|Wo58oi55h~gf
z2bER{v)%5BY%5S_2;5&p5<M43qN<J5-g<|7)Go_=so)yIUzq+;+tc-UHRsrcm&A8;
zV(7qkNgi2y4;YfSc8gB17<%}~{WLyKfzCa4+n)AFv0WbNO_e${-WkxptdHi-;&Z#)
zWb&x;Y^o|T=+3`zIGCa=j_3+!l(C$n6bX&Y8{agGWi}j~a#tzanY}`xdBGg`DMWli
z`(%djTQN3_wv2{UEJ^ijgN?YevsTS%u=SLo*+QeF#Ry+n^(e3N;bBU`$NQDqF&Bco
zube0{lRicPVvSuAo(ptIBW*pYi)GKNgQ(mz#4lR2Tj>GAY%vEt&<UX5vm2Ew#};%Q
z1&z8B1dXot`E5nixrofL2<{yY<`wxLAH3b>)7aoDw_;FbHW<9WceNK{!7){6%zQ}~
zB3_9-XjMi1T6htUw=DSF(C5M$;@-^OP+7FSi8ZJijK9n#Vou6^g@0yK2--n6dx99S
zGj3IkZBtSiF0nA5cv`LLd`=r5xV3)fw4f0ANfdcAxf__*LTHr>;wFm1clXkBEyY34
zTGqU%OU(;beyT-6GIqtu%ZO&D3!~3l&kgxfxQY^r4B2Jk*v0Rs4R=O%jp>q(yCawq
zZI8@yoPEoYuJbNcRU-wH+bOY!<|~q^^_;fylQ?ekc{5$lwd<WU`PB!!jO!G-qA8=3
zAi!y>=@54eim5I~OI@4igRKy})~;fC14x7CdhwlfeAI&E0N&K;*3^kxh}!ndQ$%Ot
zY4w5{S=YZB?CxktBDv_Oq3Hfr#6-{BWY=)(%LgEl=%}(*eTOi|TKf(_{<7rL8r1l7
zvkSgV9rZe6;@G$L*$lq$g?xDmt(k>CUh##(fQ0MF(5OSJWl!u&mMYiS_ten19MB>N
zqidrBRZ5*+c|cg<l*|^fuGjbr!(cqcxn8E5Dcs0?r|B;@HUlGAzR2o}kkzB~&h>qt
zGxP&V#O~&;^>JC5>4Yfba}y1-xsqa53k4a%sQdI14F!}0Rnmi-YJ>BDqicnOCJ$z}
zA-Q_(vpmMOMsdHNESAf*S4sxG%`&*wmt9Obr*`=DjjsJ)JQmj3%VS=(?YF=`9DKdj
zoM9+2+#{^f0B>u*s~zu$V|<$L!Gwm-q;#caS(Jon_8|D!=Uwl5U>|&Lz&A(gp%f{r
zv$5Ne4r-enq?yAYj6{RJ5NR>gJxc7zkDmz9cbZS5)bN4?VfWDw75scIkuflrX|*U`
z$<DW;@1eJf$wb}J>{J;=v%?bV)#>9he@f+UwN|AlGD0|GA<iU9`#L^Lp3>ub-YqUy
zy-az1`<d-Ygs{q8?!)9^R$oG`N^+&E0##uNn4d9A29*HVOu(ytTBLB)B3EGkj<<4&
zhIDGa;_)krfbGJEIZo^C060`U19pEb6O)njQIcDn^4F=Lrg1&vhY&Z?``Mb2l)ZOo
z?dT{^fsGhV_r%MY94Ezup4PWMP9_`z2Ewf)I1OW6J{5)$X$jErv=g1xVSk!-#E5?M
zoDBUIL@(kz%y&-+%g%sqquV~rZ5*TU5uya}k=xc>$9@$~`ZEi?K+6oR=6Rc4>#FK?
zGdbt>Q=afx2>v+N&B|<3T(?xs&-&`e*f6BAl+T_*#JNS0qYLe?D~UrU4~bW)Ss;F8
z18SqF7H{NDle_y)F_U>3vX#D=EEZy}f}Z_&CcA(EHTIrqD`oJ#=Cu8$<^4ClPZA+6
zfKAL$u^i1d+#v6l9YWNsUb5U-{cTsrWvxmqk>ZQeS7oc)JEOC+74+hchCO?H=Q!2I
z^NIY<SNyb;cacpNethF*9rqDir3QyZOdTonu1XF0Pq(p_*-UMkzdRy-vGN9%WIv!=
zk8GosSUZ`0K)tey)pD|`yr+Wer_2q22UP@v5U(Qhd|Y_v&{Ow%7pn~7rPXv8l+T4D
z?dChFN%h?(ECyTfShm%?jq$iq{D!nA%#BYX?PMmMn8oyq8MS$4TtXjtz(Aspj^Xvh
z3~xEk;y7{nAmQ$)Ff!i8h>DKHt5ijw7w$d9%VH4F4E<`*9Z0$2SZ~GDF@7co&E52r
zn{n7iSKBm@g5x*_Z&oNF5qsPho1h(p+oW3iOX=iqUG<ip7VD+u`F4c&!{|5|@fGIb
zCM?331LaZH6;`hpby-SWN3_{Ri7A3!uNKnNDm_$atusFR8j6i^!c>yT<o;cLqf6;5
z6@oL+@ri!LcmbPGKV_pUX)Kda8+mBH%nC$ZY<op>WwM5IRiT9%Eo5tcHq6>s(%jT|
z!2K{!>Ck$#m+9wZdE|f=MVvME;Ecy>KRmQI^bmC_3t`j}xy{njY01NT*yjeQsHN@C
zk9gkwbq3aY?x#SE1G}5giL%xy%F-{IUi6v>6P~pt78uqlTCxatKB4pZ1}FVwwhr!f
zuKpr%F|bGWU5yHbNyK18Itl0al_}ytFBXKkkj-RDYn&D)O<TtyN8w0b)Acrei}{nS
z1iKE;*_qw#r~8xP>T8^m=*QR3#%~-(Cnok-22bI85%PIMKA6+(dRgaxTt2FIzBnUM
zaJ5j6QEk(7It>L5n%ta558LRA(b2kbJ%?32A7OMF%9kVmA$gLCTDCxq?4}A%!c))&
ziwEG0%k)Gr<Xp%kbJCJV26ipfUgQ=YHjsApFq{hVflx82ii89&CH;JUa>)n2h@#*a
zh1Kag7X!9<PG$rozWD%jY|Y5(jFKl1Q`+FKr4&e7bVOpo@g$A6HA+U;W7*dkE}9vs
zd~S;LN=gl%>@4EHy*L*-wKALNy#$hLjpmff)v4$n9Zbp2`w?nSfETJFZ?7io>kp7-
z%(o4`Q|jd_*ZSBVqhRzN%E3X{OJr^GjBMK$iR54B%hfkjL<~J%ML?<|T0|knaYJ*v
z-BRYv-_<=V-AwL%*iJU+q5)|Mm5oWlVAu0T{4{Lq?3qr@EvXVX#eXX&o!dBa4uhLX
zeCM<|Vm4YyzD|Gp(1?9*0Pa+hdaPomQtts?D>Bw-@j@z7l+TUmhI8%pPQH>O4adP=
zQK1{cIRvbex)eV6UNrq=QWsuAp2tNL%^V*YvaO0vw^_(W8$|~?QV~{{TQ&KNTcU-^
z(uk`^_)7ZkYAc;PmcuR)P$%r)>mm&WUE6GE=<`-~Om4fLl)q#=_TXdH5?F)}XCa=>
zHkzwx9aBrX`K$9}Q3^JcL4@>0l}j}<v#pMM5|&peV?zO$CCs`d6g^P8$-!I|IIz9$
z6k?F0w4?5UP>fMM4-z+&Cd_J|ZX8qoZZ>Z5Nh9p}cHYbjF|?u1qLj@Mx9k9HCILd>
zL2&ML3$P=iiLu5l9|?n#C`9<ZEr(jUF<n2-#7MglL^J)SWW4-Gj*@kiqQ6+K7D&_f
zXgE3Dxsb?=&E#WcrmgXWTyi{@UeHq<E;UdFM}_%9otXdpVSBz>UP>T5LS0}qeJmIx
z9U7@#q{6w^x{E^WG_enoE0mQY@8c=MrhJwUc-aUKqxx|q{WFP|`?HI~BR}$vnLk!t
z?TQd%XHL}}VK4dGt5k1g;CsKrYM$cl1d;`@ntoJQ2Q9uWT0oCwu_|s@MN*gPH12PD
zs4;xJHv&dT;rmh-{-K_gDh0FmM@GXkzmyJEE0ISLBG8t3Sd1XrwkqV8vcU4<ZR<-a
zF!qq}7_2Ko1f&kc!$^!{vpIdl{Vv^03r<9H(&M#kmf@?r)MuR*+*dn&GAnV#?GT^h
z)|+j&$2wauX2C@*ah(1EBQV09Twqvr1i#qxV!Im#56Z%&NUM6SjNvS~`xP{{6Lx&(
zcmo&S<hUNRD%)<78Z)C$HKoNWoo0=M1bo@JL*FvF_bTrSLbU{*GkV{kVW-{qbAz*9
zVF=km+Y6{Cfx6z-6l>Yj0<=yog6ma9{%233BQ|0kx)7@X>eFrVWLjJlIIniAZMIi*
z3TqO6VoEzLoW$SOs=kldt``;<U&U})r=OEHxIHwiGHQrb8ffg#rKJJut}yHDN;E>g
zFq*NQEqFLERvkv_(mPZuQ#$6D!b9<I#gm;q1}CFJ_9o>az+u%A=Y_IpjT%@~YU3|i
z18P)mw?XCZL~Su6Mv(5t2Q5X_ih~}PNY#KhZ6;}T#UC;-wcaP~TF_5k566)b85i{>
z5>7wHyu%S<<!SPdF3>^N>xk(HCZHqt#~NDZf4#(~LaLo~p&#Xx<NliKQ^NZ=F8Kp>
zU{*ScDP;=@<a4w4d&{PK{1ltd^jpI&wE7VtW{As(bkc9-zB*Y=R*{e5*}=GmxZ}d*
z3)!l)<5uqKs|~*vI&IvJhfj1qwNW|yia4b5rdYn#aM~Zov+2_}6@@_@r5(>qaLr`h
z>#``^0`oV^d7|=5FodkeWoL5PpuD00EIUC@F(gbyJIpRuOO;Be>|QiQ_A5xwweDKs
z&ie|nlmdJ;Q<+Pf?KOde2I0Vw<=!hY$q0dOP7X?pczT=d(#~htINL@vT=wjkHXrS|
zm)1PD_YvFe=e%~_<e#HZnV}YmPC9?TQS%D|yc~~w+)kF3lDHI+n_2wed5#>g1&ODB
zw$cCDyV2Auu;`7Es+;!6|Jmg>iC9o9l?ogr6kYRfr)N0N*$+b5!}Z*8r6bT^ii_`|
zBr34!X>VW#ilM}GSxz7c^XD!q52JFBBdLg$TBVTDUGul)a7f-12RIn4T1w7$tx-TF
z`?Z&l7M`8NX!M)%8eiddQPSNzy7Y;9DQ-}Wp0Zm#Vk!t*yc5{Dcc1CXGF5C-nYR9c
z_!<J{PIpa1k4H9Z4m5LnPRI2fafh#EJ~dFALvx%)gu{4Pt>U)&Lox?n(VJDPMlVDS
zCF1E96-hxDs*uu1KT8lMaoNFCtv1r<__8_VeGX5!S#rReu$1F+Y->D&T;^?M_dbbl
z;w3dIu@hw8lljZ+L!+I}9!ILTvC7MG%OL^A&%VF`^i1~47b$R>r14k=HRm`wCl*)<
z!a5jj#jT#Fy>IoYWfHi!SHF2eG`8CfdNa?;IJnK<`2;19i3f9^FS6z8<-ZFj8{X3k
zZF#yiLggPA*0aB1rwPZ`c1X%jBE37w{6)fjUvG~v-XN$aj=d%NBu9RSmRh##r{%ON
zds$xbYrPUn-X+g#U8MGLKAtIuG1u8D>vWmIpl^+6hm!l_&OZYorHtO2T~3zZzWj3r
zemZq({)dwBy7$D>BF*@JHd#HQ-32}$3RgRxR}q-7ey6yWIiK}T78{);zAsQCC=rOb
zBLNYvLTE=Q0*6r$d0lT+awjawEE>&dM3LQo*1tc&qyhVmRVd1v%oYXB2<OlJtTtaL
z?#-;zj$a=xa+P3z#o%&jO&&??FqQfA8PBU!UBVKh8^Ri1Wt8Ew-EB&?Tu@GLa{~<D
zgcz^0I)-Lfw|M+PoJ6?Q&UT&>3JPU={|FyO>ewgen6$Jv%&C=B!Rt?Y@}_W<#Kuns
z&L5^L<hMb%pWc0Xm0CQR40`Aerwm_E_VyF>LATh0XjY7K4RjdrTH%upZ1mnFU6z{=
zAJ7J?-nfhQ{7li)zwR4k6xi)Oj)4<sq7f-nDOZZRts16(<AYxBd;o*ZW*OJYg+VPs
zn)YHU@9KDU7}P4H+vSJERXgJPMid1r<hoo~t7&S+{<T4PeWJqk`F=Lql0&^qyXi_;
zKW0+Ho;urj(#fSychx%<gRBy>W3rII**q!rdL6t5@JOyE+SkK3Z9!Dx=XAr;XP!mc
zIz!4Q?{dd^H%Ib3F>4{(Rq3S#_+a@(Q@Zn$bDv<^l*tA{nIO$_G&F0!Qoo!9NOZrO
zW#v|j@~;tnynFG0N5sMJ;6bAymABc`lQ3SCN+h1D>MsGu!{_LZDS(ge+XWL(2*zd4
zSztT|Ij}gj@Y?LrcA*i3nX|)oq$<2L2%N8cXqt#7q%It_n0ctUa^eu_G4MBv^Pfr~
zz@%?m_C8+%93A#bg(~R{lJRm6$11tISmz&h^zszj5JdUM8~XEH)v_CFg5V#1L?Nq+
z4Cxy5cK_%Z*LN@B5UeWcDN-1!RU*D#LDr6+pB1Z4-6n5ZJ!(DE{nz@KFbds#)PY<i
z?P*C=XnlaY`##lY!Xy8S45^1rBUpo$?FGPAaY`yWvklmUAWjy(q?P-Kyb2*z`OIv;
ztI|PEUm)CM7$Tqor=>((Q_!<Ye@_<<_3twqUpjh-`lPwPoo+AmZaBS5XfJVHNly7e
z>|bf;?{i&O+PA1c9d0HwH=*U9#nNijr$vR!G2?1OqR^_FkbQ3_N`0bht=Ur(@+kv(
zZFITX;PlEq@$u?7_@OV#g)RBoF8AG#(3M>+`l!Qgedlg#&59}A_?P)(Yx0-sH%GP$
ziZ`C$YNUkDz{GHM!+Q$}D+k{(I_hJ1^pezGp8N3yKE1du&)Z6FwZWuQT#(~5epxxi
z2id@!U+_j*SM&$mYK$y~u?sJomc3Nc2mNsEcaVr4^J&$ESh+93cPGv`lsViM$r3AR
zit+00{K%8_QU7z72Lh{9u#5@ls2-NhyVPOyW`^;cdKki_q+DiE@25K+!)MZR2g39y
zwa&R09!DUNmbtNR>kQ>gL_(-iecjwt%k*RCIr#F0PKOO>)1`v>Ix^l=su&-H2Md=}
z0XtOUyK%ZIH1oVB$!JFQR&!X6x3Gwl(uJSEb!8=c`Qfb5Dn$e7XI1h{@_Z#<@hfWM
zDhusTpIzteU=L?SzTzJkS##B@R=ef$^&1}ladlG9sLE_Kx+aU};SF2-ny^LI(0VUU
zTWUhu;_S>1JyrY}YFG(jq+Fvdf22@*Z?{{e)lNgpHQ>-V_X20>*|Ph#eSdChhTVs&
zt8c#Z7?{0LU>VcU?-bV{tKlUXr@&EOb!3ly1EXgo>1;3$K|T*Gu&H(ejZ2yBezFK8
ztZl|#Zi8<$2daGNOMJO2tr)C$Uyv;cqw<>?VW{8HvFEd~o6plMK(tniHaW%`6&S;i
zcg%qHrZ;04#wI1U$2|x55k6>Y_aR^}dhp(jR(hwR@MJR?iBAn~PL8Prcz8z#%R*`b
zjRi*(Z-B{)i$eKk{JmYC)dkX-mDOO=-~-wbPx8!aci48mk>0I}%L|m}B)i_mX#shA
z@a5<>fCu@Rf7SAK5v&X}e)h);aFo@37Ghn0QfxakYr?LYrbNu;10dHoQEX}<?aFDm
z?3NaK{f}fii%AiX+f+wyO4N8+NT;_m>aHv8m_MD8UFkO4u5sc>`47L!b4kPUV1B)V
zb$-@JKjGUoc%Ltax*`{&uHx1N3+Iu)d)*TU8$~L1x|?avnd>w8h3?^NWYY|`Y@t2s
z)+*L=R^3AragJ)`_kLIh7+&t)2}PRilC;hbp-d}TUXB@-*NXJ>ua<R@84Vn1a6JNM
z$xpI&`l#Pfr!s?=x^KHX3A>8~J!)d=vk8^y>CRV{Ro7cSVGxV7eu7t`^;>XVAOg?W
z6|1V0*ybz`XXu%MKs~3N%vR0M>ko3!_W)C_!w-u<Wfk3DIH~coESK$;Md>CP=6V}!
zBBHZD4k(O}Y|*``mqJ9?-RGxo)3Q6zAWFM2?ca!kXnu-2pTs|xSD@I5YP63LEj8+;
za|Oq5>Rmo|*c_j@y$TAqqL$ehph?5wuf;gQqK_VfXw_}KkmjqgGtap1mq^=VFPdD8
zq^-E$(^&w^(<XjLA+EQebfbULTIe(yB2ezG^Io-ai_w>)g5#w5GwxU+H9X4d5Gf(Y
zmh;)coR)9tXCuJxT72*(75;<rUNnuC%Df|K!(B+9o<8OZIWz1yJtB{A2dtY?=+~P8
z-f3x3ET{9Mx@7gbeD|uL2Q)ze5uca<iKJT#>YsE;38F1<R+8U8d7m1nIOEGbEX^py
zSG*m#cW56|CFJ>Ate}D9PzZS_Mq_SzEHY-WCm~DGuj5@_Crg7<t%#~^(*tXR+IwWx
zx~@2}CR`kXAw<7o0B3ca-Q#vxEoC&_++9?n$B`=SIJ3o8A=8oNC7pSidQo7pQ`Y4U
z+v|EQ3aY<hyaLUM&G{6pu0BR#WQbu?HR4G_?D!_SJ$UY1ZPU|fAh{K%()8@U+Xun~
z7Xe>NnWrrfzP00gjvo@)cuV21KR*;ZyVmQiFQvBxW?svS@&Bs(ECvO(E{Z{$xYqta
z{zRG-olp10w-{cB(9<n`g@Y`qcrjO1KJA0nQpeoq&Xs$&>S5XNaJb_)V$6mTS%pia
zBwofq1CC)44IvL`O7$UDomVDvYv7T)+mT#n+&J`Qr=tT58D8C;t=CHqTAQ9OPFju_
zFzPSpG-Bz^FzFj`Z3+}CbB@7ww`|Uuv4muY0RsAnLq(pK%O_u);QU=xh}FkRccmwd
zzO;;7U!TQ4%S)1TW0X$fGSj*dP@QD8ME^7dH-v?WUqsgxLJV$VXuhm1{oE~6V%kq=
zSU)i;RE9spCeObkw`p^6z#js{T4N@_+%idgp{Vf{ahQmNQFJ8b5xlUlXN%mR_g_`@
zmO5=s<leO-6Pg8EYAmGld<T-(d=gPQTYd>5p^%BEb>k|UI<n<6X34mAXlrzKzAG70
z^?BPv+=2rH_k^4-AF^l#OC2ihVWlF}D=npxVMy<_sqvf(rqS|ZJ5Wu#5v~>{&KbeC
zPChixX#GF+*wZ+j8gDNoBz_tBl<^!JLjNR&+~$c#<HZ)s#+gu3%9FiSuQ5i@ehc9k
z%3Pqdq))=RPhPLj*U-NPvuBA8Tabsks1kwYCH3kQ$`Ejxo_pi#)cmw+Eg<^24J_V4
z-o#XpBql+mri1NNk2{~Pgs=W*t_g384W>vUuktYEMBq?gQ?P8%jow_ki!;}SfrqM{
zf8JK{?0UD%cPA+tO5>YNyQ$1H@zGIFJ8TmJo~QBk=Oryhkk?i#dKUDLn4AG;DzjY&
z-i`^<?wD%BH8Yv|^m<FF=L<^dcb*jB5Ao=qMGP&yW%%tCX4f@D5QjF2vaWyJUC4LD
z@kO&I@^LraHG!B~<cV?4fHu?p8U>4nXhjV5xuYW&ieos(-2lYpXel2L68;EL#0On-
zWruM!4b6WG_l?R|Zqk+E#7)9U(Z<0qS-V_k7dqp!Ay(W!d0ZKYQC@#aEq&{FnH}(&
zMf9c<*Wd@$P@TuIoIOXr>p+)rf#!<TS!siN@Age3<c&GOq1E$Lp(|#&t=NwXvIa(^
zxMO@giD=U%*A^Dt$sCoIUv}HDw=>50Zr1x(iaM522}{F`xCh`qAP$luAZ*Hs2PF-v
z9-iCHaoUeJaND&$Pt`2Pz=nYHj=bywfz_~=W8$AHZ&8#401=E;Ug;chIBMclJRflX
zNtaJNub|yr@3dF*^5)Gd?Y!96%Xb`C6$L%d8HlRCG>|fVY8!-o!W`hHc9j<(Tk-0U
zO!Os9jCLlqE^e{WfoqOz*7sN>Uz_or=)zlC^4?qRzV^3qx#la7p6IdIA#}{8S9`$b
z`-+pgWT{+Ql%Q|$$H=ZGUVZ_E5u{S~S3eZlF>$D@;6zTIS*S}k7-{#4@~SukpopC6
zkN2ZfV`8d$C{I+}i>8$$S3jJ+vK#e4gq3w|&E&VEV09@5!@y)Z1P960C@`IspTHU7
z>r(<I`e@nyW_rGG6g3Kl*O(gYI3)s_Hyx~j1=dYo6yqT5!?Yc4y6BGdd33+trLr>k
z*!!gdcH5<7Ig_QMQLFG&lAX#OsorrgTkk0glglXFoX=G3^pTf^W2fIevq2wGeFVHz
zfd(g>5@ih5^6u0Lm#|aZ@mr38EtFd#7%aHMz~GcS=k4TVDK|B8e(>kIk9nXMUD@r+
zwm^IslWu>5s>a?prxB*uVSyN%$^M6Gx<#+m+8o|gnSrQTq~;HA;koZkN%&;mC9ghH
z{?k)lEWq5O7dp&H8>P%2{UdHcqM6ObMlY=dU*%^Hsm&A){Bb?y;e#FJ;Imz}T{nW3
z^A!CfA+8tL{4yAq+{k93iM8jZc?hFyshW8mT;Z=O&;Zv6i?r{w6LYfT_6#@albf9z
zd?j{PuBT>n4U2m3^A$^<gmF)BU*mFWI-|ak&NHF{+wL7E^4;rBNnTxH%|z!LHovh?
zC?^zS169v+D2^=`!H<6GtZXZk`pK=>#~gYz8<*%@<mt9Ul(e$&)iJ)6phMBIbxg6g
zPVBF)_kDE7eW5aL&*Su`B}GK3%hARDk}e(FM-9&qE6^MDM1q&jQ=QKB+%*x(x_V8Q
zgz{o^wFjJ@3Sui^qY?0oHlDVIk><O*hY6`VQ{k!QS05LG7jjCkeL$UH^~%+#=e?w)
zO^Eqc*@Z{7wT>xSE2m!c*T@I2kCuV#{R+p2L&DWLZK1Ue2Vc4L$4NalB%8X>=SnYr
z2H<g=Ri6hAEW#(S+ev;;(^}<0c1_2msH5Vrd|PpOxVCu6LKS(f>g6U?pjFRs5s}pZ
zTHK(+<ZSEh?(Zqk+h(bKcJpO?#V;<HQm;6u7qB7ocbe`=BgWb|wb}0E%3sJ{TxEP~
zYW|yzi0`43;jhVqb^Kw+I8{XI79bu!OH5~K>Jt3pry}^U#be7RdOjCpjF;;SDm0DY
znU{7H2OaOhQ;j2r44-QR5^z6!)m#<DmWpKTq3z8d{-ilLw9{SuXKx}D;q*}c24J7c
z%j{pCLp{=q&af({Xebcknll1pr{0@}tmx8qnVzVyLK<HcF}tlX?E($!gLp~|rWq^)
zx_;b=$hw0K1%I{uu<!Cl;%y336o0mNq4=1Tq`T0ml+(&vbLg7K&lnc{B{7}Pnj7BG
zilgj|)p&N$YHzqy0c~Cg00fC_ztN5;UTlZg(rL<svnPN0*L4!`h&KSg$1d?%>Q_V3
z5q{*qX3!lbXgOCy5AYx5)g6y9=w4n#9UuC-odWa{>8oyk=BU%H;cV|OE4@Q{lxy?#
zgALQ6$lnvg|7e>3`Yb{N5QL#WlK;zB|FPqn@??M#<+%lO3jY`Bpj!QP`6)nA*;oAB
ze*<a$@GlSLWT^fh2yA@*8WH#-$BCW;MR;jk?WO<Pd;a*ZLOwwH!h7EJr@uvu<)CP>
z!tH<I1^)mfYk>giweOt!u>aaV|EM&9^yfd(@pCSxIR94ffB0G5H6VTC^+gN|*}s(Y
zZ!P`jgNFpU05O-`QK`)z^z*mhJDwrI@jDS=K@taF1pb=`R(9J?ApV^QAx$SlO#z!5
zg0Z0gROBB-{O3)9mlS{u$O|sgf0;V}pc#OnO+o+^4e?~Y`H%E}6BMAJ-vbo%%Z952
zuHQ+<g9h8&jJCEswNgXNpmfROSNgXI_8;Hk_X*k(ig5?FepfF|ClrS&1|r%zVy7n^
z1NXnfeu=ixfhx4yXET!gUE2y3av#SF{RW)m@prBL`;NdUF`&NfS+jwNKU*GuRv(Es
z;NK(#{F^cR+;Ji=?kJu2TVzNLSa*N>FNwuS04ctXtj$RHEmK^l0&Q(77oKUvf3K8(
z-|<j}!u`toQD21q*oFT3`S24!9^ZYMLkseOmI#nM)eC7g(LC1Rp_%l{$~ssAyESic
z>u*dhb^ULcT%Z)*Rj7Dy&}QNF;SX>vm=0Ggq46>pj|;Elxy5Tya;WP$Tif9)y%x{a
zLF3GDiaH^Ex{o3xaR*&^0Yn+EKM<kCoGwLrvA+<l*D2Gzl-9X+7`nm`?}x=$;Bu<V
z)E&bI7NBa(fjb5QHoe>BxTkM56~+FaBWow_e?!*d@?j6tvO_MRINktNMV3tRh>Nuw
z2)|gbJxmDx<XwIY(`w_4gTc;u<J^Agzew9-hl9CjdbhpLwFTum`n;XvOkU-L^VLqR
zZ2859f9pzbNzn6Ml^YxxMDqM7BxjnE0dL~N1Ba1#`9I0+#p)LlhvV_gRoZBk*K^fo
z$pMLPTfrq(lpjb0?-Tn<_G;lwhbDNImZXQ%zh{8*I>N}TNqp&VOPmtvv}#(!^4X9x
z6-mr%4{+YyUKZkJ_3ho=pq<V>!{ahdD&1Ge{U}Z2qSoQmGuvo?=kpYo?Hz+wjd>D_
zJrNg2w!G%?M!!Wu$yDmV=F!M%a_<03A`mT(23(oFM=!E678ZvL?+ypDToX;@%09Z5
zx~gyk@kih1lZj9)*?PGx)W<IG-TZ|OC*DA#a$$E25=+_UL6JKGrF@noaUkw!SOj(0
z*7QGN+Nv?Re{i(-f8l5+p&ac}VjhP^D+@!^Ut)?xFtor<33Zdt0LbYMr=<gXE>s43
zl5e-EUU?AKJ+h%DQ#}i~!}B@q^8%Jc`EPei^0~3XDc;c~-l-YKBS$m>D~ACZ=@=r9
zbg6hr13U4Feu03B1GI6>`kIPJjxkIakCV1;mM{uC$#<c*7NBRb-5!s{ddRs2ukw15
zyD1H%wwRlnn`;Q*B>qIivIPoI*j5HDY`xb`@GS4R@{hJPWbs;av|iaxHO_NxBC59A
z;ZMu04lFEb^hMpJH#S=<Y%~kS$Kw4z)qQnTlv^9G0Rqy9AkrlwB_T>9-H1wej5J7h
zN(?O}C<2NgAl=>FjFLk)N_WHEgU9nJ=iKjG_s{EMxn|AGg8lB<@7~Yzt9dKm^(8u4
zBv0tYNT|Ku7Yto$0L~feZ}?%aq9MsN&a{NhdAFC><g5z+h@wXt9*6p4lec+()ZeKZ
zpyNHh)DR|h^JefvAf0`|uzDSa({<IkFa{u&@9Z?uU^)RV7UbbOB>E)X%?1L^>z)1T
z*}HCA|B!sw3xmDi(I}4*agU2oUCzL%((6}K-JEHcAPHH@4i69RRB!a_QlC2-4(jY&
z0991for!@rx1@soJ_KQyW%!B~<=m4R{@P?W=7xfm!8r0=3I}Uo+O7(&m;%i=7F^zU
z2@8(nc(yik)qAd$^756A%g`=iF}W!A_V%lnkHQC-ZktqKk@O_&y*jRTXScUA=y@l3
z4Cm-S`lXSrbx%_L#NDn(lfj?BZ|Y?>S}D7xF0fe{^GuB+JwrYObg;Xt0?B)P@nJ>g
zM{cNHCs!+e<Y^u*1a4!HnCW*-88MEpw?%NhvNajhz@AC$P&SxVG4RudwdCnFMU@v-
zzY!vz?Qf|$saBY0K8CrsT96C(S!mR}nQecoIar5IIMd`?A;jTx{8g&8*pHp^Hql^i
z(Ie|^9}Hr?HnG>C!3($a?H}A(dY`+ts^M1GUu{Wtv0f8&1eG8bHq-f%_L87E7kRe6
ztF&1N9aXx*RQZ9Dk*dSt>?1Y&>t)pntNx9#3WsRyHPRfz;dD2fwg~!HqtAs3661S=
zn}1<^CrI1G7T23`NW`&MK2^P)avNpW$)$Hpx}V8?h-^Ec@9&6-JJKrWPNz;_Ji*-<
zs5?+en{RPKFjl=0zPv*7wZs96+?LIE6y4QqI}_1&^!W>*Km^gJ|0(md7zrI?(`{#r
zTY8kHG-pG9q=3eRTC%$Y($}lr%BNv5(q+Ewiu~LaUQ;}Lcn5?BJao-G!Bo6bQ^j<B
zp36*-#Vdx5Z3qal42jJ5?b#tRbehL%KcsS>)*at-S5ks38^TnVb-|Y(x5sL6XDnb3
z*R;sJkH}EYSu*Sj$HD9f^CWYhza$<Se-8k69AVTmTv(<u^OJpYj`Kf&{=4R%`fqvE
z$v7Z!@*6VyN)5l^oq0}T^#pjP3UM?lLvwMo!|63doUnzHg~3Otx|@+Xlb{Jlbq&TQ
z<G&{?CbR7<=EcW@$_5FC@tUqiJXvx3-!et)wqi0~*GdxS;zix`Y2Or$;Rt7o21T*_
zDsvQg?ENn_I<S@-sofI2wF)l^03E2bC7&+3|G<P*<j6CtrT3KbwBEyF?0fHSvcDb_
z`C4ACuFe^5Ihy6XzQDDaeaxc$@k`N|nDVCkO4P*gcM74_p#Ww{RO@Hx@TU!2q^up7
zeXmvv<DX;?J<zL@R`GSb?Wa?2GpO~J-}Iw1m$iJ2&P#D<bCs_zYNN(6w%pnW-KUTF
zOj`%+X+)@{9bZ0iI7zyOQE`M_xN#{gc;QhdE0IP6kFsUyZ8z(m?aOaP{y2_frn`Iv
za7_{WWS+m;;}7Q6R^Y7L8+nifnP7FqV;xGcHd%+EKsaq7A|B~CVZ?*9{VmT$yUc#Y
zZ<WoV+aXzT>zcF2@$B1tw*|5)%M;HDn?bCJ@6T|`2F-K3T#Mfntu|=iuBX!b_Qsse
zeE!N3B<5%U`BdkpLT`?e>|CKo^AmT_%FYpQbPYB$w7qZjgJigTjFT8XtYUU;d9wCq
zVv;Yqgc~Ht`%(o_pjZE=<CD=fDZs36?^GROwL$ZqZCBHgw>tNP^JR2ZzW%-%iev63
z`AfwIb)4b4bcrcTQsnV-grX0upl1ICe)TuO)@sA0K)uJNAsm{vFci<~>ySPE5|a?0
z;LhKb+g}gpK$XXHx#1h4Vp~tbUH8Q~S%gs^Y@}+>t;1%l*T&uAPXc6~7=-h)P{K{<
zJcGx{Og03l`IQC;6r-Dvlh$g(tvCBrXClhnq*X&Oz7GnM=N!1b>Qpc7teiJVmF=*k
zH4HT?N6mbolQ(rYR{|j$qj4@=jJOA3^O~@pGOX@vO%`i@L?B&w?KoKdp=FwU-R9Nd
z1yt=Gl%7kOl6v&yW{d<w89lF`4EO$}8@owvFkx>r@|=xf1icY9LkHPQxXOJ*QcNp~
z?r$(mjb1kK0jAd1kL<QR1u!!+v$NHeguF7E)5i@vNr6CFmVm{YpP(N+sBB~BpONaS
z5_Yl5UIwjQF<rerqJwgLj0V2lA?~4Nn<~mK>MiG7wIR#SMxxJx#$8bR*|i|<9%*PZ
zNxA*893K5g!pjPT_7q}$>8hf@Op=VPyLKrK1>8feLsM==lc>_zDlR@Z2bL8Ks<3Wx
z4;bGZdL&p`7?w5S(6)RaVB~V+$W-y3+r2q~(<khf-||XSn+LbjRkQM=n2Gelr(|Rt
zI0=qe)x*Z7u97ddx8tR_mVF)gGS7cpYsJ!?P@$8s)gQ{^Z9KAe`#Uo2hF;3qYgS-O
zGahpT$SpW*iFw@~C_DW7O#}MR6{g1nh#uQ(K?Fz!{QDs@Z{lT^kc6T3MbObLoTNM*
zy;S?ILc#~lVNFPRX&)YBDxt`#+rjv229}ynUqW8tYBL2pOwSslJtZp5uD{3FK=;U~
z_iovC&&^cD*C(U77CTP{$-kIwCPw!+v}+H(H472a<SC2_Ci-f;X5e_2c<OKY4}pQ1
zcB!KzL>T*lHs`Gq-6b=|0k#1*hlAQd;<LIqxN7Yi{pr48=Z|8B5MD0wH#%w*6E0T<
zP+csow9(Hmb<~w>F!x_CwVDEK4TSi^*AOKIFUl1q%G(L;bn^biS+)0d!tMk6(z9d^
zpG7_w?DkfxXQZJVNxqA*tol+*1ek?AEY~hA1?JtT!KPijJzRPBThZX9GS@lnWjGSS
zV-g--i4h?RX`=eng4P`i`xQ+LQ?#K73{o!15vfNEVOzIMfd|U=NG18c@F7RL-lycs
zkCj2V>!f~Xxwr`bU%2p<Z7Qhg*$|`6^MOL#>i6>TYTA+kNyv8Jy7ND3hBV!Zv|C~(
z-wry(b*xs(IuH&e6`)1XB)}48gpSwX?+Uy)Y$l_HPxc1jmX3RxXrHZSn#1|4xUZkO
zQ@pBHU-Pow8|N!P2Wnu%a){j6(a^Mda5($s;`(<L1rF96iTra#4O9ork#p0RqWsyG
zXp0>qR9M9xS?`sPpQM0*q~Yu3;V%dQiDm;ELO|k;p?{Ri9B61cq8sH)XEiZSx<h%K
z9h0MCu8}`n-%tV?1MXLZ_Lwtwx}pG_3XihdyENQdRbCi9s7SCoLnoiCSV6WqIVG&g
z_osN|9ZepdI*(D_(Xp?zccy7)8$a+IR+~BQW2{U(qiEOf7WR|JafGPP6b()rhb_wx
zfvoAPe!-Z})=LJkO(&vtuFG3FT2X&?7trQBD;xXFrHzJ|1a-QZrLyvAla-i%N=eZX
zZso_}<_J)u)`ns||2oW0@s9b1;oHh}Y%&hl%37)h1woRP=|LgwL-%ey)tZf-Crz)L
zM#@En-Nsd4yad|VXiNzkFTv||_RY(_`Bq!SPt1K6M0Ro*q~2l&E!`XN#b;2wOLvo>
z=~GY15(z~~lyW|9^}Ao*zj9U7A3Uey`nI|Sb`J<l>(<xn>K#G1Wow6e&}!g-57bN4
zpnK_yAvh})Qp!FYQ(z72F2j>SLAHzWK^y<NQqMD{mC!OlOdagP?$pf7^>Q7`k2$eY
zkG$1hCoJ9{<fAIbUY59Evuq|a-rYZ`V+NK(`(KFQZ%1l1!jP>@GmLd!h2QszQGlL)
z*)-gg9De!^!!-m2i<qUva>7dLdUembhnQd?*5X6n=kqKgMo<{)*$3T^1TDh5FBf*Z
z=CTa0(72{eiLWr~wFE-cOn-UXbYYfXJm^!T@COEg{;;LEi^lX#Fx;WM;!H5EygC+}
zt@f(RAsU-?Pdf6wKLiHy@A~L>^xmY^fMYs-$Gi|SrdAcSvLc;12h?M<v1(1K4kMgw
zgOPO7U(ES}omI?m(RJW0Tdtv+A#HJG@E)|5>{9M~J^%1vPhtXOYP?rp^ZWz|MbhE~
zs&)<}UL*n(l1FCmWs7s!Z7=h|rQ7k_cIN2s+1Pbx^K>Q+7eEMV24uHck3D&8mrM&j
zOsTi?Cl$1(`3(ie))<umPp;Nl#o^*WUi7ZF-wu))OSVRt$upAW3Okb&c1z0Sl9kz<
zCY^o7u-kZPZYhJ7haDfGD_ySlp<+9xQgv6HwjG;g549k|JjH}ofI43fAYgiju{<K%
zb5i#Tg-vJi5tq$wB__EeVTr}~lYE2j4?TOtyken=k08&Q<E|=u8-wC+F67}fk2%?J
zck2(a+ID0w!|Oo~)1sFf$5ehmkdh21b&7Ci1)L}L9mjj}GFYA1mG$`tvKX=ltp8cb
zYU4N_KT=_S&-EoP@GlH8_vE3v8;o$|C)T#^{Tn^pcTNwNoUIIC1QH$yB1GM)1PKF!
zITIXVSv;xT@1rAAPixkb`ll}^u`qJ$#J#2jd6;}c(;{egJHFEHUxVg}%&Q1k5^T)|
zWmppYZB!&IH@@C%hQzHzrpg;Me9roe+2BtbB*6rMc?$CF%aK3R8c>O40e0o5dG#&M
zth@+<7@A7Yq9-!YNo1Eel*ntIeOzWvXK!Br?chT=009C#_I918L=1_h#SC>rnuz&}
zz9_%Jmd1x^>cU!Xw%cC~x_K?*EI=ZgtyqBh+0&;q9_rfuC!#>Y{9?d<&0?icv>mV|
zDZmZZ{Ia2FN9?}&=!ZA1ug~1fQNFe37^b;XCN!uYZNJ@e#+5boYIO{S)nu@$wiwos
z4`{4(xHR-vGyStYQ$ZpVaL)u;LUAJ3VY;wsJH(=did+c?`BD3a=m(1pdd>r{qD!_u
zQn!pz^$O$$(MY~;&B|ZmGz(X?iHU`Tdj&D-K>fR?C#OEK>2>1M;tOyF;VUFLU7br=
zwoo~FuiqR@Uu5b^ucFbbxU5`VpKDj@uvX2i^wE_leOo4NEiJzwN3#a^OL^+nV`15v
zET)64`2q9L_(#G_#icCIkD3DzylNr<6{KF3_tOA>XvivwMUGYlvp!wt>u)`5pQm7a
z)-OGoU1k^2;%~0y>fNHN!j)-Y=vMOwBzj)a+4`#gd5O9<q>^y)G`cIYMTA&SUNJs`
z06XgFJ>@G>UjLe?)F#g`Q2M~ypij@L+?>ZAonX%f|F4RoZQRY@pmB))MR+k&O*F86
z-cV60R2oiJni^!B)u97UFLvR9I!N5J3=egdEkc$OE<*Mf7zg=!PV|~z(u%9@GxIxb
zif~#C-$8%wWWcQ6@I%3jZ_S8&rB-XEJHCQ5M%V30z9VIP0134ih8w1PXD&gVkXx?3
zpe8lE$RxACSa++pOk7~bHZ6;8%WI!UFSn+8LKh<ZsR7Is6FKUSx##ojW<syi&DS4K
z;C!Iu=+Q2eu~3hF@mzITlgHJcYO^6fdUK1#bjRIMK<$AkMVU<%HG&!jL?Wv4FXLk?
zX3^`9iS2z@@*>SPBncbCF_>!_RZ}Jt55q1}7Zi+F3g=OSaB>jcKfvd84189HU7m=A
z#vP7I)*d~~Qe$M1d;e(j?tZvh?0V8@>D174L(D5-Kihk>#r#T1Tm2b>bK@tkF^o*f
zarDH&QSc~FzvBgDkag#+rhifJiMvQwOJv?q7!z;HwM06pWO0Jhst=Zhkgj^HWdWgK
z?f2}=qUq)$V|#az!y_+%XO7=N!R`Ltl9KNH)WH>|C|0XA?_95jCpxZrr)-Xt%i?~6
zNyEQ97;%7iBIip&OvIHyTtgmP+NP)zy>@n?3ZY}6)&f7`fcoR-0+e1aN@4c}-`jT{
zXUrKp%7a-OP5DH*Y8{|wZOYLC-@Yw>&8X2RvwraP^D$LO)Af%|GvyI`C+|(dJ2cs>
zewZ!Mu3iLB04&9NMZV8_Z=r{zzhGX^S7CYHrX0~tO$J^<5<v~nJs__znNh4B$W$P0
z1Ab8rWhF||^4);G^lESc-nBs(mA#(kXv@;KE`sKQR}^9ZxSr;+#&yo+yp;Ttqq9@x
zyr(7e{_e-hoq1xoz~OXCM|j|*=xy+o8i%&VAa3Dro{oQHApf7+H=bh=V%m$=SPcJb
zZcDfv0O67+u3-I1KU`o#w9FAq*UC}H@PCV15lp@TXp-+Go>zaK5dZ$amvUTfB)}Js
z-%>kAz-Znr3Jlv2x*wXz#})kdP#8xo(9R05d|mdxxQYBe+N8T)bn?%|wvAtih{HyD
zjQ{zW{$~vdHX;VR5j=eL&xQ5pIukJl7yoH{WnuQ>efRsE{r{duH2FQU#d>ucw~OL$
zy6F?gO}T$;*uT%UM6DrG0>4v|&tgM49|-JeX#XF9Js4mnG4V$K8$Sl_IaE-e;d)1h
z{P(xr0;_?T=A!-Q!kUBPfWJtM#6WyuQ@ZfB`>4EbUkDg@o0_g;lKqe2?Z<-98}h4=
zf7F$~71iKwF9yRK*__1vZ!7DyXBZl<!T`yFao3do7qkBnqeBA<^?w*4z|r~pj~5hl
zz}!@6`LcgL|NDCok0Ze~+(33fe3%qJ@Fb${dsRj<6)X!lidc+R-n4t{$h9@7?IAnv
zyoHH|<<1BWrzMDKb;fB@Xomy4f%HFjGZt=e+a=x$TNHMV{m)IEg#CU7aZ`JxiTy_5
z{XgX6T>8J~<B&M0@@Q3-Zo>SVX!H*YuY5fIjMplk$j6c~Xwf@kt4L&*|DrAJNOY`V
zfqBv0VTErp-=fe6Mx*an7@-yNzzyDq$79dP<#L+zp5I0;l!T8SNM&C3XZ2+&sY=B#
zQiYN6Ma-L*w>{el%fub;TmYrD^cxwXzS5_N&S1O4`&(*H8<2F&f~HlBP_87qIhxP(
z4*k=+H8k>Xp7W{0=DrFj8vt!<zG;tp>IzrI6M$oEe!k5xy;^mYKbJ$=9q8=J|1YUJ
z>gKe6<>oL}{L0OF#LJVwuf5n1Q>hukRk=s?tl9SPt#}-Or6U;5wCwtMb1rVof~8>p
z$9l-7gjgS5t(31PvmQcT){t4)Roe{m6Y*I2sY52@-idf0^Sp(OIH2_<<v7(h#3xJM
zkUmlhp_QB#!BXFc>~O1A+WLm5nBvRC-H9$d$_{S~J1e(pA04kb6YN>3{rG8~Ye^3H
z36kqmA(^S2C#Hjzt+@)3v*5g%=h8<>vU$bbPwO#0+DsqE^dp!|KsF%eUkE-o%lSwK
zLwjQoBH^x}!)Y{pVAn;SFJa}nIU6vSxsv_K>alIkvw}c;WtN8|$Uci8_oN+gRHT|%
zcFgBc!k8uX>Ub3$&~o1P=O6wo7cF%AVOmO)BZuQjv+VcYBKcTz{cKXe?Xb`V*V_=D
z-UXZs?2)a@()X=7)A8(UBnd8FG1$P6&XDM~8LkryB`P3n^ON-``{6zK$Bu`%VMf8N
z?N3a^fH+75XK``~lQhx7{-OfQ`JNbb*1yv)X}_hl-Oyt(XrpxBIHK|EaE@<ry5QT4
z!R)2XX&*E^iSoj9+j*vL;Xio5jkSJL>*-k{$w=;$WQo&ae*ezd+RM~)5%C|6|C0XO
zzMY)Z(Zu$?oBuv!cXhOk0bt4fRG*pC_$g}bmiFVjeVVycOyAcyN*ZzstAr9h%w`TO
zE=R$LP%k<C)-n*bfA7d;sCK+OE4t=1Thv}-?*)IWiSN1zs?Xw{_d9mD$h871_rG|T
zrI(#<hBJpr^(~tRsSrCZ1B<m050#*9u8A&YR>fl0D|$2{ZMjsSw8ZQER7J5ggbL87
z*ah*F!0W4)ow2MT%%cQJ3MFFwQZM+HOYxFeJ$SF~PJQ3<wXd8CIhYYp_E-qX^IOoG
zq{Y>;rXYsj#!t%PD7_%(o@4-9xSMFi%K3C7-N?NTV^GS9rWMEzo+RV5Bm+S@BtL_6
zl=VLAJ_`pW-PhR>IG!*>Pe?`dTCo-8T!x#XLi-!$P|e|gNz%bUB<aA2Dh>tR1V4~~
zARV2tOL<PMtpV0zs!kL-0$%~*!%l6#TS-2<w-dMXz!eCa<sqF^a`F5bBfgHIP~wN7
z9H!63Rf7%sTR?Eb>yWsT?`})t347L3L3iwS(sA`aw~n7sRx2lTqhKBsSx^o4qhDE9
zt=20#v<zvx7kAr+y$M%!2IuaG9oFlSk~J0o<UP_5bRqk*T4p@yJfRVgf?Y<jRGNV|
zSBE=D0r!WTDLf0POo<*c#RNcCE{8E-3@O-2yvnG82&d%4I2x^>vp7asQ!-G$^)N!f
zUnPK;D!RAcg%5jT9#$662fY<Dk;&`Z;xiq`tCL1io?5K}VJ9Vh87D;t5l!$rzD5j~
z7i;1DKyYGcha2!9wtk#CB%mZ$z@{3F2a@?>JfkV(c%YPK5?ldUF)nw6?*?V$yRVH`
zWw<&B2fdw&S4-XPDoWjurR6vpM(Z*{SB*t@1-h>N<PmTE<Ppgk>hcV0b%@Eeq1h)_
zxR>&TX?&sP26Q!%OhJW~q<WZ_>nz3&nK&EdcJ1-LkMJ~lBNgBH)FS^dXYdz=nDdiD
zG&`|E7~A?+(mHrL__Kd8hf&3UF^AYlLsPGgi*&HHS5AeSV`m=Nx8JR+F2`HNeO8mm
z5_dLgp}|%X+Pq_2_H}cPaL$fs|B?J#)*i+%QVn4uq(|NW0*+#>vQ^q6CaU;F7`iMm
zP~ILcNAQcQx>;<-a1wJ`uOlGq9s4|262UIcsp+wMOrHFv{Z#xBUeZ(zX>WtPc1sJ0
zl8M&deC)Q|wKa!nS&4*bBFGx(=g`LuYf-D#7O8pnlCtuvS+%k!$<{`z<VU7HXoCE{
z#mx)(eV!#q>n_J!%u0()Vn2a?C>@}BF*j~fF*Yh2T-Vp-hWbIlD(G;Jwi_*wCiV*3
zsA~|1v_b>4<Pq5@(dNX@3^{t<5vw)&kekm1CN8@BWw26g5$Wz^oa#3uve~Taxs4wx
ze5`CQKINquab92FuwEQa@=pmQd}9rf{!xahOw_hpOlqWGpLXgkN}kuMea<+xV#&tc
zNg<dTOl!hfxmrvneB{4RdRAtaDm)TN7O2Y&vQdby?PBAiSH0~ama_HlN13*y#S49l
z1K+B6;#Ik6esa4!n0kYh5NHBMoF63jqBz+VTMmw&%)yI@%Q0uJD$%sYHtR*UVvqsw
z&Z_MN`kPz@FHdxasPV@Q$=>B9Mk9kl+ufQjki$&ha?Q$@fQ>BP9L_{?Fo@pUTFYFR
zlmH<z0*Lq&t5;`_f2<1hZX@l@A8h)S^hd&n3;fZ1_p}6|&ED^I0vFJObf=N=yoCyz
zYcDF$$Zr5!Mt65S*1?H35zf6tnVoaVmfI+H+|RaVJp#c3`;>qamS>q1eQyO6TR{Qq
zI(}*BRu7XtNj6v(o?JfsK2()M?=#<h5L#$5F6bcOz9}<YZ6lxdv39M@)PHT;2|BvO
zIrM_x|I7L^(s2sqYidsO;X6Rl>S#~99HNNf)79!+;X6v96Z&Mhqt#REWW@PxjboWb
z-^c;R@;6yLS}6*Z4_39kdDgq5$TqpH)|Oc+5XAvZD1SRUaWU1vOU~@ocr^xr<v#1F
zX@RfoFLR3m%O;c{cr_Vp0pV6yBiQ1)ZuGf-MUAkED1#lS)f+)!A_4)qkQ{uBpo?yO
zC+;&L``k<9<KsD11U)G@Az15sm+Wt)MrR@9rCt0DaH}0xrv_pI`h#diiS0$0!NSDR
z>}r(@mOtLO%jKZ=k*VG9w7!GfOT9VC3#BYMg3l6;H48+vfm9KmEIy0kVPtJ#0w?$U
z!^mP>_Ewk7<PF@ZGIpHMU`j`xK_*jGWKt9y)A|r|1w~a2ibE`tbYC`*U+_1pnf({5
zSvqTNT4YpP@7`T$pZ7%bcRI7>0-YK38=Yyn5V?1vVUkz>4t{o6*WjP81qqlab&_`B
zX@EDXR9Z#m&&Gbv<XUbRF4gh4vSzxk($E7}_(deL6q!u0M_mduvjkk`whD8aFX_oE
zzojNDkp9DSJB~-lcFeN+&9o?gZ$F(}{3l<t%GXxWxGQNa4n1Yg)vk3T{f}I&SiqM@
zP<5JKD9o!V*0<B!q5Mt3M%uXs#OHhWM-T(BElVqwz~=$e^{6w^tzo@k7#jpvWl!?|
zBKjSOwr+nJ-vWm<3ZqYq1X>j;v^@7JYyCa<VgO*XtA?016BJYF`|tH%xy#6>vx2Ln
zQXm>W7r3lvcv&3{n*KBNq2>Ov?D8k66#10n7IKq$bM9Tvj(t7;HpM#*YuPJNw@4eR
z)!i^I-v$98FFBYqUaz&E4gWC3Aie=zAGpu!w?TFFw7*6E{XmR15+yf?$NZYE3AHTR
zAqu!l3Gd&UV;EQ3-94%<CB#o!Ne4dYKT5RPK~SF^y}LVd-g%%>0jGS!k0h%OIcFGe
z6uZx&M~+rxH{T&w<{__-k%}bH=E%4x=;MTnJjsBFe^b&dT+97*Ss%A%zukGNvF#fk
z$UOK&HP4lii%|jn@c7d#DC;|yc6rWY56VxBozn8#Jd_4*FnDMh=0CV@x6=C*7_#UV
z`Z~M-PI)`EY2<)LHbSN3GBKv%#)L;nf4xhGStdhperPkK==FJt4GKjut2p!TPeoH+
z^h+JSpQ5$EzxyGR>i$EYsu%|YbXcyq*MbwsqTA+c@Q!iZ#RVQh{~gx@?-H`gNNnvf
z^y@IWOIsX&wwj)QWVqr=1KwBPsw~ppy;f{Zg#%=MmVIPP+FRzkOWh*-AaK}>8YC?c
zv41W^#0A{<5B*PEz^n7P01D6p25H9CQbG0oQND|!g{SZW&@66g;FZSOi<mdEOW%D*
zb)?yBXKA>cM*-~A{EkDCYK)(NzVkJINdC}WdKF%r%j5?8l*G7n_GUz&&f3e{4eMeP
zhsY97b-7NiVX&ArxL+k|A?7?waf{zztUQwAq*vu_<eu4>X)&?55k1$A_Q}+WGkYjc
zzb#hRZRc2n$z6FaX!B{chVhtI$+$`(i%6w^ig=<HDYCvNYN)Bw#B?h`QkMPQUr_=E
z)25X0_=OJj@%c&8<^4@9kobEkHuaCy<B8-7#Q25sR{5-meFysJcY@UJg@MT0xQn1z
zNZfp`96;<_pNQ_7Rr8kFPT)NE503p%ptyqatnlUKbnS{S{N@OvRCd??>GzR}Py9X;
zJDWE%LZms>9TiGI>L>+LJ-^;)^4ol%m5F0pCDW;^)zXAtC#ZGFR5~#4&-Sk^APT2;
zAuvuod_2UGyV&I_b(4j0qHq6c33{Ddd$1Gym1?5nu5Oo~ZxdQ9(UgfsGZhqP4h6%?
z?Ah1S$4mzlXGi5dFS07$v0zS4VdfFCDh_*_6&D}}$bi@&af%4x556zQGkS2M70-qQ
zr@sX+uJdY-uXCcT>9oY`fiv!EEwAXGa_7lsh*CT-G6d0V3O3?8s`@Sh6<fr#D7wjg
z5RvoxaYG9_BO3{FV->SI({{?*0^^$<;xi0I4ArzObst8IMKf3(!lNEGiSVe4E`lzr
z9pp|572Qm@(O;8&7sAh&ouNYbH1qk#_s{nWgZU@2Z9GTIcM^v)A8xTCX>tsJ1F74G
zlel<UFv|ZCw(c<x?P~!AA+GxVQn=fo1jxEkWN}>_r0x9*KXa%6R@Q>L6~ZVI{60;*
zJC4$XKFSB*&Xi#;j&dRQRb-T?4!vH92Y=JDjAv4UHlgK7e8g25g57S#6aUP0g#~|g
zwE9!kfPct41A+`7)KGiRmP7Jf>jy~pVsm<j3{+r=ES8Sc)HUuaCWpT5?~$dEC(Q2G
zpU>Un=nL+3FDR8KO`c6E*7x~Ok{mFP`~_ySGZ%=+P7flo7OcQgnsv78Fm1(C8Gd?o
zsh;)vCTX^pLyl!xjRJ<3Ck*!ms43J?K*6jQe9MkPNH|ywWGQ`{3pO39S1z+Tn)eo+
z#wnO*g1Pq{*4BwHtK`X;hG52(wC@!Va^0ofl-*%Tc^*)I_)ZbJI#m4DpesV*NX}u8
z-00b0+(DtyQ)PsxvBcj#{y+_7clpB#k4_IPU(>-UnIJ=?^fqB-;?(63PticP&yLO8
z#yd$7rPZc;?nHdL-1c@VP4Y7uD(Xiv8@cWNc4L~9+?n<-PwJaI3VXv&5C-sIlV$2$
zoI3<Og<@dF`gTBJWk`Z9rZ*))?dk;1E#l{87tlFi^arS2AmhmS^PsXC_Ax^31z%T(
zqX775!$_uO40#aJ8o?%N?M7seuYL;GCFn|ED%dZwND7;hAN{DV9fyoL@id`3UQz5p
zqfq0qXa{5m4w#jG|L~KbOg%<U$GLXJxaptPW;BeS*5=ngt<7FJ+lR6qT=;o>@$$fO
zoGjOM&zU5*CYIk+H*Hx1wI3%FxAhU(A!EVAOslz$NOh2+nzd9{pX9IB+tZrdEGgXB
zd|D~mVbBG~9O}Q^@%rI7)RM#xP8GKgB8a!0R8lEkVuv7K-9cj!c#j5ai>zTn-mG3I
z+ySgU{!393erpY^^s{Wu8p^n0AA^pWrgQps4(t{;#=b3d5RVVUaE&;u!gg7lU;b$L
zzpgd_117cRpL5(G-LDlVDTtt*McY+NuEzj|&0v7glfR3u61~Ekm7`trJ$E&o-EeL;
zy<olwdvhTixMP3lL#uNaJ!OUbFpQBo$pdcC_6-s+A4mdiN<-$JTBYOHJWY1V_<O$m
z4rixV5h#(<SozlM_Z!2x#u@b0?kf4vzNc?6Q2So3ZL`inLVU@;rAX4=WN^(STxi&l
zmBLT>Tp5n5%5K=_rsuI)Shl%P96wZqCcp5?7teot=_BDykyqk<LOx3mPid92wIacW
z!NAq8=i6!$N+9bNFWI#0B+$CH^l<4Ux7nBbGT(8hFV56sOr_X0!$enu7t+GZYkkxb
zWc;qlBX$c7>u>x{q!?-vI2C!_63lKZpn!<aBkSE3C6A3VbdM-t#W&IxL6GWhH6Rl%
zhp?aHy5kn2Kvkk@y6!;%`y_sYk=f~+-icmt*YH4pRc?+jB|HK3A`|BdLj4PK0`mFJ
zj}D4ISX?o{;<B?zj0K!}Y0?0AZ52P-j<~orvrM`(A7|xue@;4KJG(r5MMt+9AO=H>
zBFZ8G^O!%L7chK3?)|Y496S#<(G_H5Uc3inqxwTKqZJO?gc(n&gP%L!>2r8KJlvXH
zgbk+8e!L@Ec=D$C{_T+xbCMh-q7Iz-kjxhj&C&dtCf|EMr#A-NXfbMjfu0c-ZerDO
zVn2Y-=}SUViYLJ5matqAAVCSQW|<j^TR=A#!MD_R4K2=I^>uT)4%-!Rl(}#om?F*t
z*{GHC^8g7K3i7gv;5Di3!NJTwt(__}O7f>;BTG&F#VbQhDx*CLwtv+}E_<XAxcaHF
zqVVElrSYzCSr(r`HAu-d6amhhGB~SikY+S%cGjtRRi}34=%c<7Ak%7%x!JMQsR3;i
z6Eqr2Gs7oH+icY+7V~mlLp!z|Lo2-M62b%0Gx7cVAGb~WMm>;V3&5rJtM>D_tIKqS
z9HJt7OOJ*5G^eV<DUTlG>ZMb7a9+R2!Mim2z&3FL1Km$ij3NbiPw^prQF=6Z2X|>9
z9rZ$8fqak|a*DhyR*V-i9P}ne@AqEXjk$J`E+n|jCrlWd%#W8XxJ@kVRc9>l^QGoE
zc&PCakI0emS*^z8ebJVoO=v%{S+Mm<SW$17?)Ifrl2p!CNjcu^e^MIxe5W~Z{)cJ)
zQXuxTV6=Uyn@*76sc?s>`P!BBb=aQ2#PjjQ&NV(BmwLY)Q;#Ex#`J_#xRVR^GUgb=
z8{g9I(?~*-vy+y=ym$QWl6W;F(5hN}p6E6$)%Q7Kj%Vg49wR~UBW^+_RJu?yxrx(f
zb{;EyS~n;JJuh9pf`p1gA^3spa=@Z<q3av)1nrHq=bQqL`;XE?tKPV5=MiosA#Z*C
zGPc1o)AkBY8|eStC#I=8nwn<!j%kQa9!RQ$g;rxH@_XcXW+zbJ`I4i-P5Pp^$akpW
z03K#f+Mk$ya^x`+ptzAIzv1{*i26=TM&xvK*$+)+nRc<6(9mJyiKV@OwV=9>I1EVz
z)$iOA@<R>p&CGr0i{2^o|20CyP($!uLoK2*t<Z2N?sp->BT$Mpt6Vv=$f~$rGJwQ+
zk9XoxE1NMid>Kb!BvL3<?)sApSJ(36Q%+%l<;)A|r&YEne_ikSg{w&lQk6&BKVt+_
z(E5a;*z}QIB@5}setOW<%DRN#C;79FoR;ug_GTjy*Q}Rk5AL(EsX;%S|0<l81}en7
z{hGjD4lsY8VR5lwluZOGRn|_AN<AF*mCt7M#9^iVq(dbPnW{xpjY<UKhdmq?N!;Sh
zKg!>yazFgq0xsr1zeev09*n8@V?Cvyr=Zf60{Doq^5FD+&Rtes7yj7(Tqbro*LBV1
zL6Rf!8h3V$*wXXC+!t>Y`eQKoh{5E>Mg2Z^=N~g-xU_h&v8b<l5|S_Xpt1`c78JUS
zi3FhfNd3B$zXx;v0Q05<9!#D#iCD_)<<F&Z;eAo+U=l}<Se*a$)me)B``cFBK?5XQ
zI&t3rIvxoAYbf(fcF@~@eU<CFgvbKa{NBI*_9zALw}UH~U;OK<vv(<Q<Ee|&f1jGa
zFYbvLm?O5;^4Q;}|L<2{fASQu4ITPS_4hNsJrE>9rb+53UDCVr+mn9}UNH1ZQNW_*
YHeE=;TE?F6CGbyDR8AyYNXPsC0Q&0~v;Y7A

literal 0
HcmV?d00001


From 5df32e8b87e9e824fa7f411a83ae76c448022ed6 Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Wed, 19 Jul 2023 10:19:03 +0200
Subject: [PATCH 06/18] Drop `JobsIniRepository`

---
 library/X509/JobsIniRepository.php | 21 ---------------------
 1 file changed, 21 deletions(-)
 delete mode 100644 library/X509/JobsIniRepository.php

diff --git a/library/X509/JobsIniRepository.php b/library/X509/JobsIniRepository.php
deleted file mode 100644
index e1234228..00000000
--- a/library/X509/JobsIniRepository.php
+++ /dev/null
@@ -1,21 +0,0 @@
-<?php
-
-// Icinga Web 2 X.509 Module | (c) 2018 Icinga GmbH | GPLv2
-
-namespace Icinga\Module\X509;
-
-use Icinga\Repository\IniRepository;
-
-/**
- * Collection of jobs stored in the jobs.ini file
- */
-class JobsIniRepository extends IniRepository
-{
-    protected $queryColumns = ['jobs' => ['name', 'cidrs', 'ports', 'exclude_targets', 'schedule', 'frequencyType']];
-
-    protected $configs = array('jobs' => array(
-        'module'    => 'x509',
-        'name'      => 'jobs',
-        'keyColumn' => 'name'
-    ));
-}

From c7b36d1c1a02fb42d8a4c2e1594d87fa2c4abd5a Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Thu, 20 Jul 2023 13:07:44 +0200
Subject: [PATCH 07/18] Always perform a full scan when scheduling a job
 initially

---
 library/X509/Job.php | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/library/X509/Job.php b/library/X509/Job.php
index 20a89241..c38ca647 100644
--- a/library/X509/Job.php
+++ b/library/X509/Job.php
@@ -144,7 +144,7 @@ public function isFinished(): bool
 
     public function updateLastScan($target)
     {
-        if (! $this->isRescan()) {
+        if (! $this->isRescan() || ! isset($target->id)) {
             return;
         }
 
@@ -172,7 +172,19 @@ public function getChecksum(): string
 
     protected function getScanTargets(): Generator
     {
-        if (! $this->isRescan() || $this->fullScan) {
+        $generate = $this->fullScan || ! $this->isRescan();
+        if (! $generate) {
+            $run = X509JobRun::on($this->db)
+                ->columns([new Expression('1')])
+                ->filter(Filter::equal('schedule.job_id', $this->getId()))
+                ->filter(Filter::unequal('total_targets', 0))
+                ->limit(1)
+                ->execute();
+
+            $generate = ! $run->hasResult();
+        }
+
+        if ($generate) {
             yield from $this->generateTargets();
         }
 

From a3915a79b6cf04eb7a4102918de2158ede91bbcc Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Fri, 28 Jul 2023 17:01:10 +0200
Subject: [PATCH 08/18] Dont't disable exports for job list

---
 application/controllers/JobsController.php | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/application/controllers/JobsController.php b/application/controllers/JobsController.php
index a51562f9..132d6216 100644
--- a/application/controllers/JobsController.php
+++ b/application/controllers/JobsController.php
@@ -16,13 +16,6 @@ class JobsController extends CompatController
 {
     use Database;
 
-    protected function prepareInit()
-    {
-        parent::prepareInit();
-
-        $this->getTabs()->disableLegacyExtensions();
-    }
-
     /**
      * List all jobs
      */

From 57ffe787e0671bfdae5d1e282a04b725b707a9c7 Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Wed, 6 Sep 2023 15:10:34 +0200
Subject: [PATCH 09/18] Update phpstan baseline config

---
 phpstan-baseline.neon | 235 +++++-------------------------------------
 phpstan.neon          |   2 +
 2 files changed, 27 insertions(+), 210 deletions(-)

diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
index f365b012..45bb28a0 100644
--- a/phpstan-baseline.neon
+++ b/phpstan-baseline.neon
@@ -111,55 +111,15 @@ parameters:
 			path: application/clicommands/ImportCommand.php
 
 		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Clicommands\\\\JobsCommand\\:\\:runAction\\(\\) has no return type specified\\.$#"
+			message: "#^Cannot cast mixed to int\\.$#"
 			count: 1
 			path: application/clicommands/JobsCommand.php
 
 		-
-			message: "#^Parameter \\#1 \\$expression of class ipl\\\\Scheduler\\\\Cron constructor expects string, mixed given\\.$#"
-			count: 1
-			path: application/clicommands/JobsCommand.php
-
-		-
-			message: "#^Parameter \\#1 \\$expression of static method ipl\\\\Scheduler\\\\Cron\\:\\:isValid\\(\\) expects string, mixed given\\.$#"
-			count: 1
-			path: application/clicommands/JobsCommand.php
-
-		-
-			message: "#^Parameter \\#1 \\$json of static method ipl\\\\Scheduler\\\\Contract\\\\Frequency\\:\\:fromJson\\(\\) expects string, mixed given\\.$#"
-			count: 1
+			message: "#^Cannot cast mixed to string\\.$#"
+			count: 2
 			path: application/clicommands/JobsCommand.php
 
-		-
-			message: "#^Cannot access offset 0 on mixed\\.$#"
-			count: 1
-			path: application/clicommands/ScanCommand.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Clicommands\\\\ScanCommand\\:\\:indexAction\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: application/clicommands/ScanCommand.php
-
-		-
-			message: "#^Parameter \\#1 \\$datetime of class DateTime constructor expects string, mixed given\\.$#"
-			count: 1
-			path: application/clicommands/ScanCommand.php
-
-		-
-			message: "#^Parameter \\#1 \\$name of class Icinga\\\\Module\\\\X509\\\\Job constructor expects string, mixed given\\.$#"
-			count: 1
-			path: application/clicommands/ScanCommand.php
-
-		-
-			message: "#^Parameter \\#2 \\.\\.\\.\\$values of function sprintf expects bool\\|float\\|int\\|string\\|null, mixed given\\.$#"
-			count: 3
-			path: application/clicommands/ScanCommand.php
-
-		-
-			message: "#^Part \\$sinceLastScan \\(mixed\\) of encapsed string cannot be cast to string\\.$#"
-			count: 1
-			path: application/clicommands/ScanCommand.php
-
 		-
 			message: "#^Method Icinga\\\\Module\\\\X509\\\\Clicommands\\\\VerifyCommand\\:\\:indexAction\\(\\) has no return type specified\\.$#"
 			count: 1
@@ -256,24 +216,14 @@ parameters:
 			path: application/controllers/DashboardController.php
 
 		-
-			message: "#^Cannot access property \\$cidrs on stdClass\\|false\\.$#"
+			message: "#^Call to an undefined method Icinga\\\\Module\\\\X509\\\\Model\\\\X509JobRun\\|ipl\\\\Orm\\\\Query\\:\\:with\\(\\)\\.$#"
 			count: 1
-			path: application/controllers/JobsController.php
-
-		-
-			message: "#^Cannot access property \\$exclude_targets on stdClass\\|false\\.$#"
-			count: 1
-			path: application/controllers/JobsController.php
+			path: application/controllers/JobController.php
 
 		-
-			message: "#^Cannot access property \\$name on stdClass\\|false\\.$#"
+			message: "#^Call to an undefined method Icinga\\\\Module\\\\X509\\\\Model\\\\X509Schedule\\|ipl\\\\Orm\\\\Query\\:\\:with\\(\\)\\.$#"
 			count: 1
-			path: application/controllers/JobsController.php
-
-		-
-			message: "#^Cannot access property \\$ports on stdClass\\|false\\.$#"
-			count: 1
-			path: application/controllers/JobsController.php
+			path: application/controllers/JobController.php
 
 		-
 			message: "#^Method Icinga\\\\Module\\\\X509\\\\Controllers\\\\JobsController\\:\\:indexAction\\(\\) has no return type specified\\.$#"
@@ -285,26 +235,6 @@ parameters:
 			count: 1
 			path: application/controllers/JobsController.php
 
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Controllers\\\\JobsController\\:\\:prepareInit\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: application/controllers/JobsController.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Controllers\\\\JobsController\\:\\:removeAction\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: application/controllers/JobsController.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Controllers\\\\JobsController\\:\\:updateAction\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: application/controllers/JobsController.php
-
-		-
-			message: "#^Parameter \\#2 \\.\\.\\.\\$values of function sprintf expects bool\\|float\\|int\\|string\\|null, mixed given\\.$#"
-			count: 1
-			path: application/controllers/JobsController.php
-
 		-
 			message: "#^Method Icinga\\\\Module\\\\X509\\\\Controllers\\\\SniController\\:\\:indexAction\\(\\) has no return type specified\\.$#"
 			count: 1
@@ -410,46 +340,6 @@ parameters:
 			count: 1
 			path: application/forms/Config/BackendConfigForm.php
 
-		-
-			message: "#^Call to an undefined method Icinga\\\\Application\\\\ApplicationBootstrap\\:\\:getRequest\\(\\)\\.$#"
-			count: 1
-			path: application/forms/Config/JobConfigForm.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Forms\\\\Config\\\\JobConfigForm\\:\\:assemble\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: application/forms/Config/JobConfigForm.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Forms\\\\Config\\\\JobConfigForm\\:\\:createFilter\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: application/forms/Config/JobConfigForm.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Forms\\\\Config\\\\JobConfigForm\\:\\:getPartUpdates\\(\\) return type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: application/forms/Config/JobConfigForm.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Forms\\\\Config\\\\JobConfigForm\\:\\:onSuccess\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: application/forms/Config/JobConfigForm.php
-
-		-
-			message: "#^Parameter \\#1 \\$protector of method ipl\\\\Web\\\\FormElement\\\\ScheduleElement\\:\\:setIdProtector\\(\\) expects \\(callable\\(\\)\\: mixed\\)\\|null, array\\{mixed, 'protectId'\\} given\\.$#"
-			count: 1
-			path: application/forms/Config/JobConfigForm.php
-
-		-
-			message: "#^Parameter \\#1 \\$request of method ipl\\\\Web\\\\FormElement\\\\ScheduleElement\\:\\:prepareMultipartUpdate\\(\\) expects Psr\\\\Http\\\\Message\\\\RequestInterface, Psr\\\\Http\\\\Message\\\\ServerRequestInterface\\|null given\\.$#"
-			count: 1
-			path: application/forms/Config/JobConfigForm.php
-
-		-
-			message: "#^Property Icinga\\\\Module\\\\X509\\\\Forms\\\\Config\\\\JobConfigForm\\:\\:\\$identifier \\(string\\) does not accept mixed\\.$#"
-			count: 1
-			path: application/forms/Config/JobConfigForm.php
-
 		-
 			message: "#^Method Icinga\\\\Module\\\\X509\\\\Forms\\\\Config\\\\SniConfigForm\\:\\:createDeleteElements\\(\\) has no return type specified\\.$#"
 			count: 1
@@ -985,16 +875,6 @@ parameters:
 			count: 1
 			path: library/X509/Hook/SniHook.php
 
-		-
-			message: "#^Cannot access an offset on array\\<int\\<0, max\\>, array\\<int, string\\>\\>\\|float\\|int\\|string\\|false\\|null\\.$#"
-			count: 1
-			path: library/X509/Job.php
-
-		-
-			message: "#^Cannot access offset string on 0\\|0\\.0\\|''\\|'0'\\|array\\<string, non\\-empty\\-array\\<string\\>\\>\\|false\\|null\\.$#"
-			count: 1
-			path: library/X509/Job.php
-
 		-
 			message: "#^Cannot access property \\$fingerprint on mixed\\.$#"
 			count: 1
@@ -1025,43 +905,18 @@ parameters:
 			count: 1
 			path: library/X509/Job.php
 
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Job\\:\\:formatTarget\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: library/X509/Job.php
-
 		-
 			message: "#^Method Icinga\\\\Module\\\\X509\\\\Job\\:\\:formatTarget\\(\\) has parameter \\$target with no type specified\\.$#"
 			count: 1
 			path: library/X509/Job.php
 
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Job\\:\\:getChecksum\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: library/X509/Job.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Job\\:\\:getCidrs\\(\\) return type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Job.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Job\\:\\:getConnector\\(\\) has no return type specified\\.$#"
-			count: 1
-			path: library/X509/Job.php
-
 		-
 			message: "#^Method Icinga\\\\Module\\\\X509\\\\Job\\:\\:getConnector\\(\\) has parameter \\$peerName with no type specified\\.$#"
 			count: 1
 			path: library/X509/Job.php
 
 		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Job\\:\\:getExcludes\\(\\) return type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Job.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Job\\:\\:getPorts\\(\\) return type has no value type specified in iterable type array\\.$#"
+			message: "#^Method Icinga\\\\Module\\\\X509\\\\Job\\:\\:getConnector\\(\\) return type has no value type specified in iterable type array\\.$#"
 			count: 1
 			path: library/X509/Job.php
 
@@ -1130,11 +985,6 @@ parameters:
 			count: 1
 			path: library/X509/Job.php
 
-		-
-			message: "#^Parameter \\#1 \\$subject of static method ipl\\\\Stdlib\\\\Str\\:\\:trimSplit\\(\\) expects string\\|null, mixed given\\.$#"
-			count: 3
-			path: library/X509/Job.php
-
 		-
 			message: "#^Parameter \\#2 \\$value of static method ipl\\\\Stdlib\\\\Filter\\:\\:equal\\(\\) expects array\\|bool\\|float\\|int\\|string, mixed given\\.$#"
 			count: 1
@@ -1145,56 +995,6 @@ parameters:
 			count: 1
 			path: library/X509/Job.php
 
-		-
-			message: "#^Property Icinga\\\\Module\\\\X509\\\\Job\\:\\:\\$cidrs has no type specified\\.$#"
-			count: 1
-			path: library/X509/Job.php
-
-		-
-			message: "#^Property Icinga\\\\Module\\\\X509\\\\Job\\:\\:\\$excludedTargets type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Job.php
-
-		-
-			message: "#^Property Icinga\\\\Module\\\\X509\\\\Job\\:\\:\\$finishedTargets has no type specified\\.$#"
-			count: 1
-			path: library/X509/Job.php
-
-		-
-			message: "#^Property Icinga\\\\Module\\\\X509\\\\Job\\:\\:\\$jobId has no type specified\\.$#"
-			count: 1
-			path: library/X509/Job.php
-
-		-
-			message: "#^Property Icinga\\\\Module\\\\X509\\\\Job\\:\\:\\$pendingTargets has no type specified\\.$#"
-			count: 1
-			path: library/X509/Job.php
-
-		-
-			message: "#^Property Icinga\\\\Module\\\\X509\\\\Job\\:\\:\\$ports has no type specified\\.$#"
-			count: 1
-			path: library/X509/Job.php
-
-		-
-			message: "#^Property Icinga\\\\Module\\\\X509\\\\Job\\:\\:\\$snimap has no type specified\\.$#"
-			count: 1
-			path: library/X509/Job.php
-
-		-
-			message: "#^Property Icinga\\\\Module\\\\X509\\\\Job\\:\\:\\$totalTargets has no type specified\\.$#"
-			count: 1
-			path: library/X509/Job.php
-
-		-
-			message: "#^Property Icinga\\\\Module\\\\X509\\\\JobsIniRepository\\:\\:\\$configs type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/JobsIniRepository.php
-
-		-
-			message: "#^Property Icinga\\\\Module\\\\X509\\\\JobsIniRepository\\:\\:\\$queryColumns type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/JobsIniRepository.php
-
 		-
 			message: "#^Parameter \\#1 \\$string of function base64_encode expects string, mixed given\\.$#"
 			count: 1
@@ -1351,9 +1151,14 @@ parameters:
 			path: library/X509/Model/X509Dn.php
 
 		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509JobRun\\:\\:createBehaviors\\(\\) has no return type specified\\.$#"
+			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509Job\\:\\:getColumns\\(\\) return type has no value type specified in iterable type array\\.$#"
 			count: 1
-			path: library/X509/Model/X509JobRun.php
+			path: library/X509/Model/X509Job.php
+
+		-
+			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509Job\\:\\:getKeyName\\(\\) return type has no value type specified in iterable type array\\.$#"
+			count: 1
+			path: library/X509/Model/X509Job.php
 
 		-
 			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509JobRun\\:\\:getColumns\\(\\) return type has no value type specified in iterable type array\\.$#"
@@ -1365,6 +1170,16 @@ parameters:
 			count: 1
 			path: library/X509/Model/X509JobRun.php
 
+		-
+			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509Schedule\\:\\:getColumns\\(\\) return type has no value type specified in iterable type array\\.$#"
+			count: 1
+			path: library/X509/Model/X509Schedule.php
+
+		-
+			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509Schedule\\:\\:getKeyName\\(\\) return type has no value type specified in iterable type array\\.$#"
+			count: 1
+			path: library/X509/Model/X509Schedule.php
+
 		-
 			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509Target\\:\\:createBehaviors\\(\\) has no return type specified\\.$#"
 			count: 1
diff --git a/phpstan.neon b/phpstan.neon
index ffffae4d..6b51bb43 100644
--- a/phpstan.neon
+++ b/phpstan.neon
@@ -30,6 +30,8 @@ parameters:
 
         - '#Binary operation .* between GMP and .* results in an error#'
 
+        - '#Access to an undefined property (Icinga\\Module\\X509\\Model\\.*|ipl\\Orm\\Query::.*)#'
+
     universalObjectCratesClasses:
         - ipl\Orm\Model
         - Icinga\Web\View

From cc39ad706673c371d300eb33b04dc656063f13a9 Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Mon, 11 Sep 2023 12:10:59 +0200
Subject: [PATCH 10/18] Don't use modal view in list views

---
 application/controllers/JobController.php | 2 +-
 library/X509/Widget/Schedules.php         | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/application/controllers/JobController.php b/application/controllers/JobController.php
index ec39f330..c97d6c88 100644
--- a/application/controllers/JobController.php
+++ b/application/controllers/JobController.php
@@ -187,7 +187,7 @@ public function updateScheduleAction(): void
                 'schedule_element' => $frequency
             ])
             ->on(JobConfigForm::ON_SUCCESS, function () {
-                $this->redirectNow(Links::schedules($this->job));
+                $this->redirectNow('__BACK__');
             })
             ->handleRequest($this->getServerRequest());
 
diff --git a/library/X509/Widget/Schedules.php b/library/X509/Widget/Schedules.php
index 6c3576a8..8ff0a459 100644
--- a/library/X509/Widget/Schedules.php
+++ b/library/X509/Widget/Schedules.php
@@ -33,9 +33,9 @@ protected function assemble(): void
     {
         /** @var X509Schedule $schedule */
         foreach ($this->schedules as $schedule) {
-            $row = ModalOpener::addTo(static::tr());
+            $row = static::tr();
             $row->addHtml(
-                static::td((new Link(Links::updateSchedule($schedule), $schedule->name))->openInModal()),
+                static::td(new Link($schedule->name, Links::updateSchedule($schedule))),
                 static::td($schedule->author),
                 static::td($schedule->ctime->format('Y-m-d H:i')),
                 static::td($schedule->mtime->format('Y-m-d H:i'))

From e723a5df8f23e60e41081b6c3f8f5ab95f3bf02d Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Tue, 12 Sep 2023 10:17:43 +0200
Subject: [PATCH 11/18] Job: Add missing constant doc block

---
 library/X509/Job.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/library/X509/Job.php b/library/X509/Job.php
index c38ca647..56e4c1c1 100644
--- a/library/X509/Job.php
+++ b/library/X509/Job.php
@@ -43,6 +43,7 @@ class Job implements Task
     /** @var int Number of targets to be scanned in parallel by default */
     public const DEFAULT_PARALLEL = 256;
 
+    /** @var string Default since last scan threshold used to filter out scan targets  */
     public const DEFAULT_SINCE_LAST_SCAN = '-24 hours';
 
     /** @var int The database id of this job */

From 3eda53845e3f991d464faf8dfa1b2889333fcbf8 Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Tue, 12 Sep 2023 10:25:45 +0200
Subject: [PATCH 12/18] JobsCommand: Enhance logging

---
 application/clicommands/JobsCommand.php | 20 +++++++++++++++-----
 library/X509/Common/JobOptions.php      | 12 +++++++++++-
 2 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/application/clicommands/JobsCommand.php b/application/clicommands/JobsCommand.php
index 6ab5a577..89acb20a 100644
--- a/application/clicommands/JobsCommand.php
+++ b/application/clicommands/JobsCommand.php
@@ -184,11 +184,21 @@ protected function attachJobsLogging(Scheduler $scheduler): void
 
         $scheduler->on(Scheduler::ON_TASK_DONE, function (Job $task, $targets = 0) {
             if ($targets === 0) {
-                Logger::warning(
-                    'Schedule %s of job %s does not have any targets',
-                    $task->getSchedule()->getName(),
-                    $task->getName()
-                );
+                $sinceLastScan = $task->getSinceLastScan();
+                if ($sinceLastScan) {
+                     Logger::info(
+                         'Schedule %s of job %s does not have any targets to be rescanned matching since last scan: %s',
+                         $task->getSchedule()->getName(),
+                         $task->getName(),
+                         $sinceLastScan->format('Y-m-d H:i:s')
+                     );
+                } else {
+                    Logger::warning(
+                        'Schedule %s of job %s does not have any targets',
+                        $task->getSchedule()->getName(),
+                        $task->getName()
+                    );
+                }
             } else {
                 Logger::info(
                     'Scanned %d target(s) by schedule %s of job %s',
diff --git a/library/X509/Common/JobOptions.php b/library/X509/Common/JobOptions.php
index b0fcb99b..c9bf490a 100644
--- a/library/X509/Common/JobOptions.php
+++ b/library/X509/Common/JobOptions.php
@@ -20,7 +20,7 @@ trait JobOptions
     /** @var bool Whether this job should perform a full scan */
     protected $fullScan;
 
-    /** @var DateTime Since last scan threshold used to filter out scan targets */
+    /** @var ?DateTime Since last scan threshold used to filter out scan targets */
     protected $sinceLastScan;
 
     /** @var int Used to control how many targets can be scanned in parallel */
@@ -109,6 +109,16 @@ public function setLastScan(?string $time): self
         return $this;
     }
 
+    /**
+     * Get the targets since last scan threshold
+     *
+     * @return ?DateTime
+     */
+    public function getSinceLastScan(): ?DateTime
+    {
+        return $this->sinceLastScan;
+    }
+
     /**
      * Get the schedule config of this job
      *

From f43243582b72084e3702f2a4501e67415af81764 Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Tue, 12 Sep 2023 11:11:03 +0200
Subject: [PATCH 13/18] Enhance docs

---
 doc/03-Configuration.md | 45 +++++------------------------------------
 doc/04-Scanning.md      |  4 ++--
 2 files changed, 7 insertions(+), 42 deletions(-)

diff --git a/doc/03-Configuration.md b/doc/03-Configuration.md
index 62a1649f..26a1736a 100644
--- a/doc/03-Configuration.md
+++ b/doc/03-Configuration.md
@@ -30,59 +30,24 @@ port:
 `443,5665-5669`
 
 Additionally, each job may also exclude specific **hosts** and **IP** addresses from scan. These hosts won't be scanned
-when you run the [scan](04-Scanning.md#scan-command) or [jobs](04-Scanning.md#scheduling-jobs) command. Excluding an
-entire network and specifying IP addresses in CIDR format will not work. You must specify a comma-separated concrete
-**IP** and **host CN**, e.g:
+when you run the [scan](04-Scanning.md#scan-command) or [jobs](04-Scanning.md#scheduling-jobs) command. Excluding an entire network and specifying IP addresses in CIDR
+format will not work. You must specify concrete **IP**s and **host CN**s separated with commas, e.g:
 
 `192.0.2.2,192.0.2.5,icinga.com`
 
 ### Job Schedules
 
-Schedules are `cron` and [rrule](https://www.rfc-editor.org/rfc/rfc5545) based configs used to run periodically
-at the given interval. Every job is allowed to have multiple schedules that can be run independently of each other.
-Don't worry, you don't need to know anything about rrule to create **rrule** based schedules. All you need to do is
-clicking some buttons over the UI. On the other hand, you should know what cron is and how to configure it to create
-**cron**-based schedules. `Cron` based examples can be found [here](#cron-schedules).
-
-Each job schedule provides different options that you can use to control the scheduling behavior of the
-[jobs command](04-Scanning.md#scheduling-jobs).
+Schedules are [`cron`](https://crontab.guru) and rule based configs used to run jobs periodically at the given interval.
+Every job is allowed to have multiple schedules that can be run independently of each other. Each job schedule provides
+different options that you can use to control the scheduling behavior of the [jobs command](04-Scanning.md#scheduling-jobs).
 
 #### Examples
 
-##### RRule Schedules
-
 A schedule that runs weekly on **Friday** and scans all targets that have not yet been scanned, or
 whose last scan is older than `1 week`.
 
 ![Weekly Schedules](res/weekly-schedules.png "Weekly Schedules")
 
-
-##### Cron Schedules
-
-The `cron` format is as follows:
-
-```
-*    *    *    *    *
--    -    -    -    -
-|    |    |    |    |
-|    |    |    |    |
-|    |    |    |    +----- day of week (0 - 6) (Sunday to Saturday)
-|    |    |    +---------- month (1 - 12)
-|    |    +--------------- day of month (1 - 31)
-|    +-------------------- hour (0 - 23)
-+------------------------- minute (0 - 59)
-```
-
-Example definitions:
-
-| Description                                                | Definition |
-|------------------------------------------------------------|------------|
-| Run once a year at midnight of 1 January                   | 0 0 1 1 *  |
-| Run once a month at midnight of the first day of the month | 0 0 1 * *  |
-| Run once a week at midnight on Sunday morning              | 0 0 * * 0  |
-| Run once a day at midnight                                 | 0 0 * * *  |
-| Run once an hour at the beginning of the hour              | 0 * * * *  |
-
 ## Server Name Indication
 
 In case you are serving multiple virtual hosts under a single IP you can configure those in
diff --git a/doc/04-Scanning.md b/doc/04-Scanning.md
index 3dc89206..82920e92 100644
--- a/doc/04-Scanning.md
+++ b/doc/04-Scanning.md
@@ -1,12 +1,12 @@
 # <a id="Scanning"></a>Scanning
 
-The Icinga Certificate Monitoring provides CLI commands to scan arbitrary **hosts** and **IPs** in various ways.
+The Icinga Certificate Monitoring provides CLI commands to scan **hosts** and **IPs** in various ways.
 These commands are listed below and can be used individually. It is necessary for all commands to know which IP address
 ranges and ports to scan. These can be configured as described [here](03-Configuration.md#configure-jobs).
 
 ## Scan Command
 
-The scan command, as its name implies, scans targets to find their X.509 certificates and track changes to them.
+The scan command, scans targets to find their X.509 certificates and track changes to them.
 A **target** is an **IP-port** combination that is generated from the job configuration, taking into account configured
 [**SNI**](03-Configuration.md#server-name-indication) maps, so that targets with multiple certificates are also properly
 scanned.

From b56123cc563c0a31c513bca391f2dc001186fb42 Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Wed, 13 Sep 2023 13:30:21 +0200
Subject: [PATCH 14/18] Use `EmptyStateBar` where applicable

---
 library/X509/Widget/JobDetails.php | 5 +++--
 library/X509/Widget/Jobs.php       | 6 ++++--
 library/X509/Widget/Schedules.php  | 5 +++--
 public/css/module.less             | 8 --------
 4 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/library/X509/Widget/JobDetails.php b/library/X509/Widget/JobDetails.php
index c3f8522d..c1e38432 100644
--- a/library/X509/Widget/JobDetails.php
+++ b/library/X509/Widget/JobDetails.php
@@ -8,7 +8,7 @@
 use ipl\Html\Table;
 use ipl\I18n\Translation;
 use ipl\Orm\Query;
-use ipl\Web\Widget\EmptyState;
+use ipl\Web\Widget\EmptyStateBar;
 
 class JobDetails extends Table
 {
@@ -42,7 +42,8 @@ protected function assemble(): void
         }
 
         if ($this->isEmpty()) {
-            $this->addHtml(new EmptyState($this->translate('Job never run.')));
+            $this->setTag('div');
+            $this->addHtml(new EmptyStateBar($this->translate('Job never run.')));
         } else {
             $row = static::tr();
             $row->addHtml(
diff --git a/library/X509/Widget/Jobs.php b/library/X509/Widget/Jobs.php
index 171d0519..997e7efc 100644
--- a/library/X509/Widget/Jobs.php
+++ b/library/X509/Widget/Jobs.php
@@ -9,7 +9,7 @@
 use ipl\Html\Table;
 use ipl\I18n\Translation;
 use ipl\Orm\Query;
-use ipl\Web\Widget\EmptyState;
+use ipl\Web\Widget\EmptyStateBar;
 use ipl\Web\Widget\Link;
 
 class Jobs extends Table
@@ -33,7 +33,9 @@ protected function assemble(): void
     {
         $jobs = $this->jobs->execute();
         if (! $jobs->hasResult()) {
-            $this->addHtml(new EmptyState($this->translate('No jobs configured yet.')));
+            $this->setTag('div');
+            $this->addHtml(new EmptyStateBar($this->translate('No jobs configured yet.')));
+
             return;
         }
 
diff --git a/library/X509/Widget/Schedules.php b/library/X509/Widget/Schedules.php
index 8ff0a459..9f37986f 100644
--- a/library/X509/Widget/Schedules.php
+++ b/library/X509/Widget/Schedules.php
@@ -9,7 +9,7 @@
 use ipl\Html\Table;
 use ipl\I18n\Translation;
 use ipl\Orm\Query;
-use ipl\Web\Widget\EmptyState;
+use ipl\Web\Widget\EmptyStateBar;
 use ipl\Web\Widget\Link;
 
 class Schedules extends Table
@@ -45,7 +45,8 @@ protected function assemble(): void
         }
 
         if ($this->isEmpty()) {
-            $this->addHtml(new EmptyState($this->translate('No job schedules.')));
+            $this->setTag('div');
+            $this->addHtml(new EmptyStateBar($this->translate('No job schedules.')));
         } else {
             $row = static::tr();
             $row->addHtml(
diff --git a/public/css/module.less b/public/css/module.less
index d4ce29bb..2a59ae72 100644
--- a/public/css/module.less
+++ b/public/css/module.less
@@ -6,14 +6,6 @@
 @cert-segment-color-3: #1982C4;
 @cert-segment-color-4: #6A4C93;
 
-.empty-state {
-  .rounded-corners();
-  background-color: @gray-lighter;
-  margin: 0 1em;
-  padding: 1em;
-  text-align: center;
-}
-
 .action-bar {
   line-height: 2.5em;
 }

From fc404995b382d85af58f42b386e6e7cb895e793c Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Wed, 13 Sep 2023 13:38:11 +0200
Subject: [PATCH 15/18] Expect parsed cidrs & ports in Job class & parse jobs
 config in cli commands

---
 application/clicommands/JobsCommand.php |   9 +-
 application/clicommands/ScanCommand.php |   9 +-
 library/X509/Common/JobUtils.php        | 146 +++-----------------
 library/X509/Job.php                    | 170 +++++++++++++++++++++++-
 phpstan-baseline.neon                   |   5 -
 5 files changed, 199 insertions(+), 140 deletions(-)

diff --git a/application/clicommands/JobsCommand.php b/application/clicommands/JobsCommand.php
index 89acb20a..7272e5a4 100644
--- a/application/clicommands/JobsCommand.php
+++ b/application/clicommands/JobsCommand.php
@@ -9,6 +9,7 @@
 use Icinga\Application\Logger;
 use Icinga\Module\X509\CertificateUtils;
 use Icinga\Module\X509\Command;
+use Icinga\Module\X509\Common\JobUtils;
 use Icinga\Module\X509\Hook\SniHook;
 use Icinga\Module\X509\Job;
 use Icinga\Module\X509\Model\X509Job;
@@ -27,6 +28,8 @@
 
 class JobsCommand extends Command
 {
+    use JobUtils;
+
     /**
      * Run all configured jobs based on their schedule
      *
@@ -142,9 +145,11 @@ protected function fetchSchedules(?string $jobName, ?string $scheduleName): arra
         $snimap = SniHook::getAll();
         /** @var X509Job $jobConfig */
         foreach ($jobs as $jobConfig) {
-            $job = (new Job($jobConfig->name, $jobConfig->cidrs, $jobConfig->ports, $snimap))
+            $cidrs = $this->parseCIDRs($jobConfig->cidrs);
+            $ports = $this->parsePorts($jobConfig->ports);
+            $job = (new Job($jobConfig->name, $cidrs, $ports, $snimap))
                 ->setId($jobConfig->id)
-                ->setExcludes($jobConfig->exclude_targets);
+                ->setExcludes($this->parseExcludes($jobConfig->exclude_targets));
 
             /** @var Query $schedules */
             $schedules = $jobConfig->schedule;
diff --git a/application/clicommands/ScanCommand.php b/application/clicommands/ScanCommand.php
index eb3123ea..422a59ec 100644
--- a/application/clicommands/ScanCommand.php
+++ b/application/clicommands/ScanCommand.php
@@ -8,6 +8,7 @@
 use Icinga\Application\Logger;
 use Icinga\Module\X509\CertificateUtils;
 use Icinga\Module\X509\Command;
+use Icinga\Module\X509\Common\JobUtils;
 use Icinga\Module\X509\Hook\SniHook;
 use Icinga\Module\X509\Job;
 use Icinga\Module\X509\Model\X509Job;
@@ -17,6 +18,8 @@
 
 class ScanCommand extends Command
 {
+    use JobUtils;
+
     /**
      * Scan targets to find their X.509 certificates and track changes to them.
      *
@@ -109,12 +112,14 @@ public function indexAction(): void
             throw new Exception(sprintf('The job %s does not specify any CIDRs', $name));
         }
 
-        $job = (new Job($name, $jobConfig->cidrs, $jobConfig->ports, SniHook::getAll()))
+        $cidrs = $this->parseCIDRs($jobConfig->cidrs);
+        $ports = $this->parsePorts($jobConfig->ports);
+        $job = (new Job($name, $cidrs, $ports, SniHook::getAll()))
             ->setId($jobConfig->id)
             ->setFullScan($fullScan)
             ->setRescan($rescan)
             ->setParallel($parallel)
-            ->setExcludes($jobConfig->exclude_targets)
+            ->setExcludes($this->parseExcludes($jobConfig->exclude_targets))
             ->setLastScan($sinceLastScan);
 
         $promise = $job->run();
diff --git a/library/X509/Common/JobUtils.php b/library/X509/Common/JobUtils.php
index 4a81c5bd..54398feb 100644
--- a/library/X509/Common/JobUtils.php
+++ b/library/X509/Common/JobUtils.php
@@ -10,34 +10,16 @@
 
 trait JobUtils
 {
-    /** @var array<string> A list of excluded IP addresses and host names */
-    private $excludedTargets = [];
-
-    /** @var array<string, array<int, int|string>> */
-    private $cidrs = [];
-
-    /** @var array<int, array<string>> */
-    private $ports = [];
-
-    /**
-     * Get the configured job CIDRS
-     *
-     * @return array<string, array<int, int|string>>
-     */
-    public function getCIDRs(): array
-    {
-        return $this->cidrs;
-    }
-
     /**
-     * Set the CIDRs of this job
+     * Parse the given comma separated CIDRs
      *
      * @param string $cidrs
      *
-     * @return $this
+     * @return array<string, array<int, int|string>>
      */
-    public function setCIDRs(string $cidrs): self
+    public function parseCIDRs(string $cidrs): array
     {
+        $result = [];
         foreach (Str::trimSplit($cidrs) as $cidr) {
             $pieces = Str::trimSplit($cidr, '/');
             if (count($pieces) !== 2) {
@@ -45,31 +27,22 @@ public function setCIDRs(string $cidrs): self
                 continue;
             }
 
-            $this->cidrs[$cidr] = $pieces;
+            $result[$cidr] = $pieces;
         }
 
-        return $this;
-    }
-
-    /**
-     * Get the configured ports of this job
-     *
-     * @return array<int, array<string>>
-     */
-    public function getPorts(): array
-    {
-        return $this->ports;
+        return $result;
     }
 
     /**
-     * Set the ports of this job to be scanned
+     * Parse the given comma separated ports
      *
      * @param string $ports
      *
-     * @return $this
+     * @return array<int, array<string>>
      */
-    public function setPorts(string $ports): self
+    public function parsePorts(string $ports): array
     {
+        $result = [];
         foreach (Str::trimSplit($ports) as $portRange) {
             $pieces = Str::trimSplit($portRange, '-');
             if (count($pieces) === 2) {
@@ -79,105 +52,26 @@ public function setPorts(string $ports): self
                 $end = $pieces[0];
             }
 
-            $this->ports[] = [$start, $end];
+            $result[] = [$start, $end];
         }
 
-        return $this;
-    }
-
-    /**
-     * Get excluded IPs and host names
-     *
-     * @return array<string>
-     */
-    public function getExcludes(): array
-    {
-        return $this->excludedTargets;
+        return $result;
     }
 
     /**
-     * Set a set of IPs and host names to be excluded from scan
+     * Parse the given comma separated excluded targets
      *
-     * @param ?string $targets
+     * @param ?string $excludes
      *
-     * @return $this
-     */
-    public function setExcludes(?string $targets): self
-    {
-        if (! empty($targets)) {
-            $this->excludedTargets = array_flip(Str::trimSplit($targets));
-        }
-
-        return $this;
-    }
-
-    /**
-     * Transform the given human-readable IP address into a binary format
-     *
-     * @param string $addr
-     *
-     * @return string
-     */
-    public static function binary(string $addr): string
-    {
-        return str_pad(inet_pton($addr), 16, "\0", STR_PAD_LEFT);
-    }
-
-    /**
-     * Transform the given human-readable IP address into GMP number
-     *
-     * @param string $addr
-     *
-     * @return ?GMP
-     */
-    public static function addrToNumber(string $addr): ?GMP
-    {
-        return gmp_import(static::binary($addr));
-    }
-
-    /**
-     * Transform the given number into human-readable IP address
-     *
-     * @param $num
-     * @param bool $ipv6
-     *
-     * @return false|string
+     * @return array<string>
      */
-    public static function numberToAddr($num, bool $ipv6 = true)
+    public function parseExcludes(?string $excludes): array
     {
-        if ($ipv6) {
-            return inet_ntop(str_pad(gmp_export($num), 16, "\0", STR_PAD_LEFT));
-        } else {
-            return inet_ntop(gmp_export($num));
+        $result = [];
+        if (! empty($excludes)) {
+            $result = array_flip(Str::trimSplit($excludes));
         }
-    }
 
-    /**
-     * Check whether the given IP is inside the specified CIDR
-     *
-     * @param GMP $addr
-     * @param string $subnet
-     * @param int $mask
-     *
-     * @return bool
-     */
-    public static function isAddrInside(GMP $addr, string $subnet, int $mask): bool
-    {
-        // `gmp_pow()` is like PHP's pow() function, but handles also very large numbers
-        // and `gmp_com()` is like the bitwise NOT (~) operator.
-        $mask = gmp_com(gmp_pow(2, (static::isIPV6($subnet) ? 128 : 32) - $mask) - 1);
-        return gmp_strval(gmp_and($addr, $mask)) === gmp_strval(gmp_and(static::addrToNumber($subnet), $mask));
-    }
-
-    /**
-     * Get whether the given IP address is IPV6 address
-     *
-     * @param $addr
-     *
-     * @return bool
-     */
-    public static function isIPV6($addr): bool
-    {
-        return filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) !== false;
+        return $result;
     }
 }
diff --git a/library/X509/Job.php b/library/X509/Job.php
index 56e4c1c1..46e40e0a 100644
--- a/library/X509/Job.php
+++ b/library/X509/Job.php
@@ -7,10 +7,10 @@
 use DateTime;
 use Exception;
 use Generator;
+use GMP;
 use Icinga\Application\Logger;
 use Icinga\Module\X509\Common\Database;
 use Icinga\Module\X509\Common\JobOptions;
-use Icinga\Module\X509\Common\JobUtils;
 use Icinga\Module\X509\Model\X509Certificate;
 use Icinga\Module\X509\Model\X509CertificateChain;
 use Icinga\Module\X509\Model\X509JobRun;
@@ -37,7 +37,6 @@ class Job implements Task
 {
     use Database;
     use JobOptions;
-    use JobUtils;
     use TaskProperties;
 
     /** @var int Number of targets to be scanned in parallel by default */
@@ -79,22 +78,111 @@ class Job implements Task
     /** @var DateTime The start time of this job */
     protected $jobRunStart;
 
-    public function __construct(string $name, string $cidrs, string $ports, array $snimap, Schedule $schedule = null)
+    /** @var array<string> A list of excluded IP addresses and host names */
+    private $excludedTargets = [];
+
+    /** @var array<string, array<int, int|string>> The configured CIDRs of this job */
+    private $cidrs;
+
+    /** @var array<int, array<string>> The configured ports of this job */
+    private $ports;
+
+    /**
+     * Construct a new Job instance
+     *
+     * @param string $name The name of this job
+     * @param array<string, array<int, int|string>> $cidrs The configured CIDRs to be used by this job
+     * @param array<int, array<string>> $ports The configured ports to be used by this job
+     * @param array<string, array<string>> $snimap The configured SNI maps to be used by this job
+     * @param ?Schedule $schedule
+     */
+    public function __construct(string $name, array $cidrs, array $ports, array $snimap, Schedule $schedule = null)
     {
+        $this->name = $name;
         $this->db = $this->getDb();
         $this->dbTool = new DbTool($this->db);
         $this->snimap = $snimap;
+        $this->cidrs = $cidrs;
+        $this->ports = $ports;
 
         if ($schedule) {
             $this->setSchedule($schedule);
         }
 
         $this->setName($name);
-        $this->setCIDRs($cidrs);
-        $this->setPorts($ports);
         $this->setUuid(Uuid::fromBytes($this->getChecksum()));
     }
 
+    /**
+     * Transform the given human-readable IP address into a binary format
+     *
+     * @param string $addr
+     *
+     * @return string
+     */
+    public static function binary(string $addr): string
+    {
+        return str_pad(inet_pton($addr), 16, "\0", STR_PAD_LEFT);
+    }
+
+    /**
+     * Transform the given human-readable IP address into GMP number
+     *
+     * @param string $addr
+     *
+     * @return ?GMP
+     */
+    public static function addrToNumber(string $addr): ?GMP
+    {
+        return gmp_import(static::binary($addr));
+    }
+
+    /**
+     * Transform the given number into human-readable IP address
+     *
+     * @param $num
+     * @param bool $ipv6
+     *
+     * @return false|string
+     */
+    public static function numberToAddr($num, bool $ipv6 = true)
+    {
+        if ($ipv6) {
+            return inet_ntop(str_pad(gmp_export($num), 16, "\0", STR_PAD_LEFT));
+        } else {
+            return inet_ntop(gmp_export($num));
+        }
+    }
+
+    /**
+     * Check whether the given IP is inside the specified CIDR
+     *
+     * @param GMP $addr
+     * @param string $subnet
+     * @param int $mask
+     *
+     * @return bool
+     */
+    public static function isAddrInside(GMP $addr, string $subnet, int $mask): bool
+    {
+        // `gmp_pow()` is like PHP's pow() function, but handles also very large numbers
+        // and `gmp_com()` is like the bitwise NOT (~) operator.
+        $mask = gmp_com(gmp_pow(2, (static::isIPV6($subnet) ? 128 : 32) - $mask) - 1);
+        return gmp_strval(gmp_and($addr, $mask)) === gmp_strval(gmp_and(static::addrToNumber($subnet), $mask));
+    }
+
+    /**
+     * Get whether the given IP address is IPV6 address
+     *
+     * @param $addr
+     *
+     * @return bool
+     */
+    public static function isIPV6($addr): bool
+    {
+        return filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) !== false;
+    }
+
     /**
      * Get the database id of this job
      *
@@ -119,6 +207,78 @@ public function setId(int $id): self
         return $this;
     }
 
+    /**
+     * Get the configured job CIDRS
+     *
+     * @return array<string, array<int, int|string>>
+     */
+    public function getCIDRs(): array
+    {
+        return $this->cidrs;
+    }
+
+    /**
+     * Set the CIDRs of this job
+     *
+     * @param array<string, array<int, int|string>> $cidrs
+     *
+     * @return $this
+     */
+    public function setCIDRs(array $cidrs): self
+    {
+        $this->cidrs = $cidrs;
+
+        return $this;
+    }
+
+    /**
+     * Get the configured ports of this job
+     *
+     * @return array<int, array<string>>
+     */
+    public function getPorts(): array
+    {
+        return $this->ports;
+    }
+
+    /**
+     * Set the ports of this job to be scanned
+     *
+     * @param array<int, array<string>> $ports
+     *
+     * @return $this
+     */
+    public function setPorts(array $ports): self
+    {
+        $this->ports = $ports;
+
+        return $this;
+    }
+
+    /**
+     * Get excluded IPs and host names
+     *
+     * @return array<string>
+     */
+    public function getExcludes(): array
+    {
+        return $this->excludedTargets;
+    }
+
+    /**
+     * Set a set of IPs and host names to be excluded from scan
+     *
+     * @param array<string> $targets
+     *
+     * @return $this
+     */
+    public function setExcludes(array $targets): self
+    {
+        $this->excludedTargets = $targets;
+
+        return $this;
+    }
+
     private function getConnector($peerName): array
     {
         $simpleConnector = new Connector();
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
index 45bb28a0..ea7f1157 100644
--- a/phpstan-baseline.neon
+++ b/phpstan-baseline.neon
@@ -895,11 +895,6 @@ parameters:
 			count: 2
 			path: library/X509/Job.php
 
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Job\\:\\:__construct\\(\\) has parameter \\$snimap with no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Job.php
-
 		-
 			message: "#^Method Icinga\\\\Module\\\\X509\\\\Job\\:\\:finishTarget\\(\\) has no return type specified\\.$#"
 			count: 1

From 1a0a54e66a25216f9952b197651c268d232b38d1 Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Wed, 13 Sep 2023 13:43:15 +0200
Subject: [PATCH 16/18] Add newline before return statement

---
 application/forms/Jobs/JobConfigForm.php | 1 +
 application/forms/Jobs/ScheduleForm.php  | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/application/forms/Jobs/JobConfigForm.php b/application/forms/Jobs/JobConfigForm.php
index 81355bb4..8b46773d 100644
--- a/application/forms/Jobs/JobConfigForm.php
+++ b/application/forms/Jobs/JobConfigForm.php
@@ -45,6 +45,7 @@ public function hasBeenSubmitted(): bool
         }
 
         $button = $this->getPressedSubmitElement();
+
         return $button && ($button->getName() === 'btn_submit' || $button->getName() === 'btn_remove');
     }
 
diff --git a/application/forms/Jobs/ScheduleForm.php b/application/forms/Jobs/ScheduleForm.php
index ea74dcd1..3903e2a3 100644
--- a/application/forms/Jobs/ScheduleForm.php
+++ b/application/forms/Jobs/ScheduleForm.php
@@ -69,6 +69,7 @@ public function getPartUpdates(): array
     {
         /** @var RequestInterface $request */
         $request = $this->getRequest();
+
         return $this->scheduleElement->prepareMultipartUpdate($request);
     }
 
@@ -79,6 +80,7 @@ public function hasBeenSubmitted(): bool
         }
 
         $button = $this->getPressedSubmitElement();
+
         return $button && ($button->getName() === 'submit' || $button->getName() === 'btn_remove');
     }
 

From 1bd66836b1d180defa4eb8b85e92d85056427126 Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Wed, 13 Sep 2023 16:17:30 +0200
Subject: [PATCH 17/18] Use `Icinga Web` instead of `Icinga Web 2` as a
 component name

---
 doc/04-Scanning.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/04-Scanning.md b/doc/04-Scanning.md
index 82920e92..608d18ab 100644
--- a/doc/04-Scanning.md
+++ b/doc/04-Scanning.md
@@ -22,7 +22,7 @@ are collected. This behavior can be customized through the command [options](#us
 
 ### Usage
 
-This scan command can be used like any other Icinga Web 2 cli operations like this: `icingacli x509 scan [OPTIONS]`
+This scan command can be used like any other Icinga Web cli operations like this: `icingacli x509 scan [OPTIONS]`
 
 **Options:**
 
@@ -72,7 +72,7 @@ too. Since you can have multiple schedules for a single job, all job schedules c
 
 ### Usage
 
-This scan command can be used like any other Icinga Web 2 cli operations like this: `icingacli x509 jobs run [OPTIONS`
+This scan command can be used like any other Icinga Web cli operations like this: `icingacli x509 jobs run [OPTIONS`
 
 **Options:**
 

From c45935d4a6435d880fe719ae22594b902445b670 Mon Sep 17 00:00:00 2001
From: Yonas Habteab <yonas.habteab@icinga.com>
Date: Wed, 13 Sep 2023 16:21:06 +0200
Subject: [PATCH 18/18] Drop ignore error pattern matching
 `Model::getKeyName()` & `Model::getColumns()` methods

---
 .../Model/Behavior/ExpressionInjector.php     |  5 +-
 phpstan-baseline.neon                         | 90 -------------------
 2 files changed, 4 insertions(+), 91 deletions(-)

diff --git a/library/X509/Model/Behavior/ExpressionInjector.php b/library/X509/Model/Behavior/ExpressionInjector.php
index afb8049f..c3fa2cbe 100644
--- a/library/X509/Model/Behavior/ExpressionInjector.php
+++ b/library/X509/Model/Behavior/ExpressionInjector.php
@@ -7,6 +7,7 @@
 use ipl\Orm\Contract\QueryAwareBehavior;
 use ipl\Orm\Contract\RewriteFilterBehavior;
 use ipl\Orm\Query;
+use ipl\Sql\ExpressionInterface;
 use ipl\Stdlib\Filter;
 
 /**
@@ -44,7 +45,9 @@ public function rewriteCondition(Filter\Condition $condition, $relation = null)
                 $subject = $this->query->getModel();
             }
 
-            $expression = clone $subject->getColumns()[$columnName];
+            /** @var ExpressionInterface $column */
+            $column = $subject->getColumns()[$columnName];
+            $expression = clone $column;
             $expression->setColumns($this->query->getResolver()->qualifyColumns(
                 $this->query->getResolver()->requireAndResolveColumns(
                     $expression->getColumns(),
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
index ea7f1157..028c8b07 100644
--- a/phpstan-baseline.neon
+++ b/phpstan-baseline.neon
@@ -1050,16 +1050,6 @@ parameters:
 			count: 1
 			path: library/X509/Model/X509Certificate.php
 
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509Certificate\\:\\:getColumns\\(\\) return type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Model/X509Certificate.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509Certificate\\:\\:getKeyName\\(\\) return type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Model/X509Certificate.php
-
 		-
 			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509Certificate\\:\\:getSearchColumns\\(\\) return type has no value type specified in iterable type array\\.$#"
 			count: 1
@@ -1075,16 +1065,6 @@ parameters:
 			count: 1
 			path: library/X509/Model/X509CertificateChain.php
 
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509CertificateChain\\:\\:getColumns\\(\\) return type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Model/X509CertificateChain.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509CertificateChain\\:\\:getKeyName\\(\\) return type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Model/X509CertificateChain.php
-
 		-
 			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509CertificateChainLink\\:\\:createBehaviors\\(\\) has no return type specified\\.$#"
 			count: 1
@@ -1095,16 +1075,6 @@ parameters:
 			count: 1
 			path: library/X509/Model/X509CertificateChainLink.php
 
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509CertificateChainLink\\:\\:getColumns\\(\\) return type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Model/X509CertificateChainLink.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509CertificateChainLink\\:\\:getKeyName\\(\\) return type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Model/X509CertificateChainLink.php
-
 		-
 			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509CertificateSubjectAltName\\:\\:createBehaviors\\(\\) has no return type specified\\.$#"
 			count: 1
@@ -1115,16 +1085,6 @@ parameters:
 			count: 1
 			path: library/X509/Model/X509CertificateSubjectAltName.php
 
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509CertificateSubjectAltName\\:\\:getColumns\\(\\) return type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Model/X509CertificateSubjectAltName.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509CertificateSubjectAltName\\:\\:getKeyName\\(\\) return type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Model/X509CertificateSubjectAltName.php
-
 		-
 			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509Dn\\:\\:createBehaviors\\(\\) has no return type specified\\.$#"
 			count: 1
@@ -1135,46 +1095,6 @@ parameters:
 			count: 1
 			path: library/X509/Model/X509Dn.php
 
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509Dn\\:\\:getColumns\\(\\) return type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Model/X509Dn.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509Dn\\:\\:getKeyName\\(\\) return type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Model/X509Dn.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509Job\\:\\:getColumns\\(\\) return type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Model/X509Job.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509Job\\:\\:getKeyName\\(\\) return type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Model/X509Job.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509JobRun\\:\\:getColumns\\(\\) return type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Model/X509JobRun.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509JobRun\\:\\:getKeyName\\(\\) return type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Model/X509JobRun.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509Schedule\\:\\:getColumns\\(\\) return type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Model/X509Schedule.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509Schedule\\:\\:getKeyName\\(\\) return type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Model/X509Schedule.php
-
 		-
 			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509Target\\:\\:createBehaviors\\(\\) has no return type specified\\.$#"
 			count: 1
@@ -1190,16 +1110,6 @@ parameters:
 			count: 1
 			path: library/X509/Model/X509Target.php
 
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509Target\\:\\:getColumns\\(\\) return type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Model/X509Target.php
-
-		-
-			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509Target\\:\\:getKeyName\\(\\) return type has no value type specified in iterable type array\\.$#"
-			count: 1
-			path: library/X509/Model/X509Target.php
-
 		-
 			message: "#^Method Icinga\\\\Module\\\\X509\\\\Model\\\\X509Target\\:\\:getSearchColumns\\(\\) return type has no value type specified in iterable type array\\.$#"
 			count: 1