From d7ac503cf4744a0c4ccdd2877a0ac46735c9ce0d Mon Sep 17 00:00:00 2001
From: Stefan Wiedemann <wistefan@googlemail.com>
Date: Mon, 29 Jul 2024 15:44:19 +0200
Subject: [PATCH 1/3] add cm

---
 charts/data-space-connector/Chart.yaml        |  15 +-
 .../data-space-connector/templates/opa.yaml   | 286 ++++++++++++
 .../templates/tmf-registration-cm.yaml        |  40 ++
 .../templates/tmf-registration-job.yaml       |  29 ++
 charts/data-space-connector/values.yaml       | 136 +++++-
 charts/trust-anchor/Chart.yaml                |   4 +-
 .../local-deployment/LOCAL.MD                 | 426 +++++++++++++++++-
 doc/img/local/provider.drawio                 | 118 +++--
 doc/img/local/provider.jpg                    | Bin 52416 -> 63283 bytes
 doc/scripts/get_access_token_oid4vp.sh        |  26 ++
 doc/scripts/get_credential_for_consumer.sh    |  27 ++
 it/pom.xml                                    | 129 +++++-
 .../FancyMarketplaceEnvironment.java          |   1 +
 .../components/MPOperationsEnvironment.java   |  11 +-
 .../it/components/StepDefinitions.java        | 340 +++++++++++++-
 .../dataspace/it/components/Wallet.java       |  31 +-
 .../dataspace/it/components/model/Policy.java |  18 +
 it/src/test/resources/it/mvds_basic.feature   |  20 +-
 .../policies/allowProductOffering.json        |  37 ++
 .../resources/policies/allowProductOrder.json |  37 ++
 .../policies/allowSelfRegistration.json       |  37 ++
 .../resources/policies/clusterCreate.json     |  69 +++
 .../test/resources/policies/energyReport.json |   2 +-
 k3s/consumer.yaml                             |  37 +-
 k3s/provider.yaml                             |  78 +++-
 pom.xml                                       |  10 +-
 26 files changed, 1827 insertions(+), 137 deletions(-)
 create mode 100644 charts/data-space-connector/templates/opa.yaml
 create mode 100644 charts/data-space-connector/templates/tmf-registration-cm.yaml
 create mode 100644 charts/data-space-connector/templates/tmf-registration-job.yaml
 create mode 100755 doc/scripts/get_access_token_oid4vp.sh
 create mode 100755 doc/scripts/get_credential_for_consumer.sh
 create mode 100644 it/src/test/java/org/fiware/dataspace/it/components/model/Policy.java
 create mode 100644 it/src/test/resources/policies/allowProductOffering.json
 create mode 100644 it/src/test/resources/policies/allowProductOrder.json
 create mode 100644 it/src/test/resources/policies/allowSelfRegistration.json
 create mode 100644 it/src/test/resources/policies/clusterCreate.json

diff --git a/charts/data-space-connector/Chart.yaml b/charts/data-space-connector/Chart.yaml
index a9785f7..454575c 100644
--- a/charts/data-space-connector/Chart.yaml
+++ b/charts/data-space-connector/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: data-space-connector
 description: Umbrella Chart for the FIWARE Data Space Connector, combining all essential parts to be used by a participant.
 type: application
-version: 7.0.0
+version: 7.1.0
 dependencies:
   - name: postgresql
     condition: postgresql.enabled
@@ -11,7 +11,7 @@ dependencies:
   # authentication
   - name: vcverifier
     condition: vcverifier.enabled
-    version: 2.9.0
+    version: 2.9.2
     repository: https://fiware.github.io/helm-charts
   - name: credentials-config-service
     condition: credentials-config-service.enabled
@@ -19,7 +19,7 @@ dependencies:
     repository: https://fiware.github.io/helm-charts
   - name: trusted-issuers-list
     condition: trusted-issuers-list.enabled
-    version: 0.6.2
+    version: 0.7.0
     repository: https://fiware.github.io/helm-charts
   - name: mysql
     condition: mysql.enabled
@@ -50,3 +50,12 @@ dependencies:
     condition: keycloak.enabled
     version: 21.1.1
     repository: https://charts.bitnami.com/bitnami
+  # contract management
+  - name: tm-forum-api
+    condition: tm-forum-api.enabled
+    version: 0.9.4
+    repository: https://fiware.github.io/helm-charts
+  - name: contract-management
+    condition: contract-management.enabled
+    version: 0.6.4
+    repository: https://fiware.github.io/helm-charts
diff --git a/charts/data-space-connector/templates/opa.yaml b/charts/data-space-connector/templates/opa.yaml
new file mode 100644
index 0000000..835c00a
--- /dev/null
+++ b/charts/data-space-connector/templates/opa.yaml
@@ -0,0 +1,286 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: opa-lua
+  namespace: {{ $.Release.Namespace | quote }}
+  labels:
+    {{ include "dsc.labels" . | nindent 4 }}
+data:
+  # extends the apisix opa-plugin to forward the http-body as part of the decision request.
+  opa.lua: |-
+    --
+    -- Licensed to the Apache Software Foundation (ASF) under one or more
+    -- contributor license agreements.  See the NOTICE file distributed with
+    -- this work for additional information regarding copyright ownership.
+    -- The ASF licenses this file to You under the Apache License, Version 2.0
+    -- (the "License"); you may not use this file except in compliance with
+    -- the License.  You may obtain a copy of the License at
+    --
+    --     http://www.apache.org/licenses/LICENSE-2.0
+    --
+    -- Unless required by applicable law or agreed to in writing, software
+    -- distributed under the License is distributed on an "AS IS" BASIS,
+    -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    -- See the License for the specific language governing permissions and
+    -- limitations under the License.
+    --
+
+    local core   = require("apisix.core")
+    local http   = require("resty.http")
+    local helper = require("apisix.plugins.opa.helper")
+    local type   = type
+    local ipairs = ipairs
+
+    local schema = {
+        type = "object",
+        properties = {
+            host = {type = "string"},
+            ssl_verify = {
+                type = "boolean",
+                default = true,
+            },
+            policy = {type = "string"},
+            timeout = {
+                type = "integer",
+                minimum = 1,
+                maximum = 60000,
+                default = 3000,
+                description = "timeout in milliseconds",
+            },
+            keepalive = {type = "boolean", default = true},
+            send_headers_upstream = {
+                type = "array",
+                minItems = 1,
+                items = {
+                    type = "string"
+                },
+                description = "list of headers to pass to upstream in request"
+            },
+            keepalive_timeout = {type = "integer", minimum = 1000, default = 60000},
+            keepalive_pool = {type = "integer", minimum = 1, default = 5},
+            with_route = {type = "boolean", default = false},
+            with_service = {type = "boolean", default = false},
+            with_consumer = {type = "boolean", default = false},
+            with_body = {type = "boolean", default = false},
+        },
+        required = {"host", "policy"}
+    }
+
+
+    local _M = {
+        version = 0.1,
+        priority = 2001,
+        name = "opa",
+        schema = schema,
+    }
+
+
+    function _M.check_schema(conf)
+        return core.schema.check(schema, conf)
+    end
+
+
+    function _M.access(conf, ctx)
+        local body = helper.build_opa_input(conf, ctx, "http")
+
+        local params = {
+            method = "POST",
+            body = core.json.encode(body),
+            headers = {
+                ["Content-Type"] = "application/json",
+            },
+            keepalive = conf.keepalive,
+            ssl_verify = conf.ssl_verify
+        }
+
+        if conf.keepalive then
+            params.keepalive_timeout = conf.keepalive_timeout
+            params.keepalive_pool = conf.keepalive_pool
+        end
+
+        local endpoint = conf.host .. "/v1/data/" .. conf.policy
+
+        local httpc = http.new()
+        httpc:set_timeout(conf.timeout)
+
+        local res, err = httpc:request_uri(endpoint, params)
+
+        -- block by default when decision is unavailable
+        if not res then
+            core.log.error("failed to process OPA decision, err: ", err)
+            return 403
+        end
+
+        -- parse the results of the decision
+        local data, err = core.json.decode(res.body)
+
+        if not data then
+            core.log.error("invalid response body: ", res.body, " err: ", err)
+            return 503
+        end
+
+        if not data.result then
+            core.log.error("invalid OPA decision format: ", res.body,
+                           " err: `result` field does not exist")
+            return 503
+        end
+
+        local result = data.result
+
+        if not result.allow then
+            if result.headers then
+                core.response.set_header(result.headers)
+            end
+
+            local status_code = 403
+            if result.status_code then
+                status_code = result.status_code
+            end
+
+            local reason = nil
+            if result.reason then
+                reason = type(result.reason) == "table"
+                    and core.json.encode(result.reason)
+                    or result.reason
+            end
+
+            return status_code, reason
+        else if result.headers and conf.send_headers_upstream then
+            for _, name in ipairs(conf.send_headers_upstream) do
+                local value = result.headers[name]
+                if value then
+                    core.request.set_header(ctx, name, value)
+                end
+            end
+            end
+        end
+    end
+
+
+    return _M
+
+  helper.lua: |-
+    --
+    -- Licensed to the Apache Software Foundation (ASF) under one or more
+    -- contributor license agreements.  See the NOTICE file distributed with
+    -- this work for additional information regarding copyright ownership.
+    -- The ASF licenses this file to You under the Apache License, Version 2.0
+    -- (the "License"); you may not use this file except in compliance with
+    -- the License.  You may obtain a copy of the License at
+    --
+    --     http://www.apache.org/licenses/LICENSE-2.0
+    --
+    -- Unless required by applicable law or agreed to in writing, software
+    -- distributed under the License is distributed on an "AS IS" BASIS,
+    -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    -- See the License for the specific language governing permissions and
+    -- limitations under the License.
+    --
+    
+    local core        = require("apisix.core")
+    local get_service = require("apisix.http.service").get
+    local ngx_time    = ngx.time
+    
+    local _M = {}
+    
+    
+    -- build a table of Nginx variables with some generality
+    -- between http subsystem and stream subsystem
+    local function build_var(conf, ctx)
+      return {
+        server_addr = ctx.var.server_addr,
+        server_port = ctx.var.server_port,
+        remote_addr = ctx.var.remote_addr,
+        remote_port = ctx.var.remote_port,
+        timestamp   = ngx_time(),
+      }
+    end
+    
+    
+    local function build_http_request(conf, ctx)
+    
+      local http = {
+        scheme  = core.request.get_scheme(ctx),
+        method  = core.request.get_method(),
+        host    = core.request.get_host(ctx),
+        port    = core.request.get_port(ctx),
+        path    = ctx.var.uri,
+        headers = core.request.headers(ctx),
+        query   = core.request.get_uri_args(ctx),
+      }
+    
+      if conf.with_body then
+        http.body = core.json.decode(core.request.get_body())
+      end
+      
+      return http
+    end
+    
+    
+    local function build_http_route(conf, ctx, remove_upstream)
+      local route = core.table.deepcopy(ctx.matched_route).value
+    
+      if remove_upstream and route and route.upstream then
+        -- unimportant to send upstream info to OPA
+        route.upstream = nil
+      end
+    
+      return route
+    end
+    
+    
+    local function build_http_service(conf, ctx)
+      local service_id = ctx.service_id
+      
+      -- possible that there is no service bound to the route
+      if service_id then
+        local service = core.table.clone(get_service(service_id)).value
+      
+        if service then
+          if service.upstream then
+            service.upstream = nil
+          end
+          return service
+        end
+      end
+      
+      return nil
+    end
+    
+    
+    local function build_http_consumer(conf, ctx)
+      -- possible that there is no consumer bound to the route
+      if ctx.consumer then
+        return core.table.clone(ctx.consumer)
+      end
+      
+      return nil
+    end
+    
+    
+    function _M.build_opa_input(conf, ctx, subsystem)
+      local data = {
+        type    = subsystem,
+        request = build_http_request(conf, ctx),
+        var     = build_var(conf, ctx)
+      }
+      
+      if conf.with_route then
+        data.route = build_http_route(conf, ctx, true)
+      end
+      
+      if conf.with_consumer then
+        data.consumer = build_http_consumer(conf, ctx)
+      end
+      
+      if conf.with_service then
+        data.service = build_http_service(conf, ctx)
+      end
+      
+      return {
+        input = data,
+      }
+    end
+    
+    
+    return _M
diff --git a/charts/data-space-connector/templates/tmf-registration-cm.yaml b/charts/data-space-connector/templates/tmf-registration-cm.yaml
new file mode 100644
index 0000000..0d8d3ef
--- /dev/null
+++ b/charts/data-space-connector/templates/tmf-registration-cm.yaml
@@ -0,0 +1,40 @@
+{{- $tmf := index .Values "tm-forum-api" }}
+{{- if and (eq $tmf.registration.enabled true) (eq $tmf.enabled true) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ $tmf.registration.name  }}
+  namespace: {{ $.Release.Namespace | quote }}
+  labels:
+    {{- include "dsc.labels" . | nindent 4 }}
+data:
+  init.sh: |-
+    # credentials config service registration
+    curl -X 'POST' \
+      '{{ $tmf.registration.ccs.endpoint }}/service' \
+      -H 'accept: */*' \
+      -H 'Content-Type: application/json' \
+      -d '{
+      "id": {{ $tmf.registration.ccs.id | quote }},
+      "defaultOidcScope": {{ $tmf.registration.ccs.defaultOidcScope.name | quote }},
+      {{- if and ($tmf.registration.ccs.defaultOidcScope.credentialType) ($tmf.registration.ccs.defaultOidcScope.trustedParticipantsLists) ($tmf.registration.ccs.defaultOidcScope.trustedIssuersLists) -}}
+      "oidcScopes": {
+        {{ $tmf.registration.ccs.defaultOidcScope.name | quote }}: [
+          {
+            "type": {{ $tmf.registration.ccs.defaultOidcScope.credentialType | quote }},
+            "trustedParticipantsLists": [
+              {{ $tmf.registration.ccs.defaultOidcScope.trustedParticipantsLists | quote }}
+            ],
+            "trustedIssuersLists": [
+              {{ $tmf.registration.ccs.defaultOidcScope.trustedIssuersLists | quote }}
+            ]
+          }
+        ]
+      }
+      {{- end }}
+      {{- if $tmf.registration.ccs.oidcScopes -}}
+      "oidcScopes": {{- toJson $tmf.registration.ccs.oidcScopes }}
+      {{- end }}
+    }'
+
+{{- end }}
\ No newline at end of file
diff --git a/charts/data-space-connector/templates/tmf-registration-job.yaml b/charts/data-space-connector/templates/tmf-registration-job.yaml
new file mode 100644
index 0000000..ebebcf7
--- /dev/null
+++ b/charts/data-space-connector/templates/tmf-registration-job.yaml
@@ -0,0 +1,29 @@
+{{- $tmf := index .Values "tm-forum-api" }}
+{{- if and (eq $tmf.registration.enabled true) (eq $tmf.enabled true) }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ $tmf.registration.name }}
+  namespace: {{ $.Release.Namespace | quote }}
+  labels:
+    {{- include "dsc.labels" . | nindent 4 }}
+spec:
+  template:
+    spec:
+      containers:
+        - name: register-credential-config
+          image: quay.io/curl/curl:8.1.2
+          command: [ "/bin/sh", "-c", "/bin/init.sh" ]
+          volumeMounts:
+            - name: tm-forum-registration
+              mountPath: /bin/init.sh
+              subPath: init.sh
+      volumes:
+        - name: tm-forum-registration
+          configMap:
+            name: {{ $tmf.registration.name }}
+            defaultMode: 0755
+
+      restartPolicy: Never
+  backoffLimit: 10
+{{- end }}
\ No newline at end of file
diff --git a/charts/data-space-connector/values.yaml b/charts/data-space-connector/values.yaml
index fa90149..cec0505 100644
--- a/charts/data-space-connector/values.yaml
+++ b/charts/data-space-connector/values.yaml
@@ -131,8 +131,7 @@ odrl-pap:
   deployment:
     image:
       repository: quay.io/fiware/odrl-pap
-      tag: 0.1.0
-      pullPolicy: Always
+      tag: 0.1.3
   # -- connection to the database
   database:
     # -- url to connect the db at
@@ -145,6 +144,7 @@ odrl-pap:
       name: database-secret
       key: postgres-admin-password
 
+
 # -- configuration for the open-policy-agent to be deployed as part of the connector, as a sidecar to apisix
 opa:
   # -- should an opa sidecar be deployed to apisix
@@ -172,8 +172,6 @@ apisix:
   enabled: true
   # -- configuration in regard to the apisix control plane
   controlPlane:
-    # -- resources config to be set
-    resourcesPreset: micro
     # -- should it be enabled
     enabled: true
   # -- configuration in regard to the apisix ingressController
@@ -190,14 +188,14 @@ apisix:
       enabled: false
   # -- configuration in regard to the apisix dataplane
   dataPlane:
-    # -- resources config to be set
-    resourcesPreset: micro
     # -- configuration for extra configmaps to be deployed
     extraConfig:
       deployment:
         # -- allows to configure apisix through a yaml file
         role_data_plane:
           config_provider: yaml
+      apisix:
+        extra_lua_path: /extra/apisix/plugins/?.lua
     # -- extra volumes
     # we need `routes` to declaratively configure the routes
     # and the config for the opa sidecar
@@ -208,11 +206,20 @@ apisix:
       - name: opa-config
         configMap:
           name: opa-config
+      - name: opa-lua
+        configMap:
+          name: opa-lua
     # -- extra volumes to be mounted
     extraVolumeMounts:
       - name: routes
         mountPath: /usr/local/apisix/conf/apisix.yaml
         subPath: apisix.yaml
+      - name: opa-lua
+        mountPath: /usr/local/apisix/apisix/plugins/opa/helper.lua
+        subPath: helper.lua
+      - name: opa-lua
+        mountPath: /usr/local/apisix/apisix/plugins/opa.lua
+        subPath: opa.lua
     # -- sidecars to be deployed for apisix
     sidecars:
       # -- we want to deploy the open-policy-agent as a pep
@@ -333,15 +340,7 @@ scorpio:
     configMap: scorpio-registration
     # -- service id of the data-service to be used
     id: data-service
-    # -- default scope to be created for the data plane
-    defaultOidcScope:
-      # -- name of the scope
-      name: default
-      # -- name of the default credential to be configured
-      credentialType: VerifiableCredential
-      # -- needs to be updated for the concrete dataspace
-      trustedParticipantsLists: http://tir.trust-anchor.org
-      trustedIssuersLists: http://trusted-issuers-list:8080
+
   # -- additional init containers to be used for the dataplane
   initContainers:
     # -- curl container to register at the credentials config service
@@ -627,6 +626,113 @@ keycloak:
         "optionalClientScopes": []
       }
 
+
+## configuration of the tm-forum-api - see https://github.com/FIWARE/helm-charts/tree/main/charts/tm-forum-api for details
+tm-forum-api:
+  # -- should it be enabled? set to false if one outside the chart is used.
+  enabled: true
+  ## configuration to be used by every api-deployment if nothing specific is provided.
+  defaultConfig:
+    # --  ngsi-ld broker connection information
+    ngsiLd:
+      # -- address of the broker
+      url: http://data-service-scorpio:9090
+    contextUrl: https://uri.etsi.org/ngsi-ld/v1/ngsi-ld-core-context.jsonld
+
+  # enable the api proxy
+  apiProxy:
+    enabled: true
+    image:
+      tag: distroless-v1.27-latest
+    service:
+      # -- name to be used for the proxy service.
+      nameOverride: tm-forum-api
+
+  # -- list of apis to be deployed
+  # -- every api needs to define a name and image. Basepath is required when routes or ingress will be enabled. Beside that, they can overwrite the default-config by using the same keys.
+  # -- be aware: when you change the image repositrory or the tag for an api, you have to provide both values for the changes to take effect
+  apis:
+    - name: party-catalog
+      image: tmforum-party-catalog
+      basePath: /tmf-api/party/v4
+
+    - name: customer-bill-management
+      image: tmforum-customer-bill-management
+      basePath: /tmf-api/customerBillManagement/v4
+
+    - name: customer-management
+      image: tmforum-customer-management
+      basePath: /tmf-api/customerManagement/v4
+
+    - name: product-catalog
+      image: tmforum-product-catalog
+      basePath: /tmf-api/productCatalogManagement/v4
+
+    - name: product-inventory
+      image: tmforum-product-inventory
+      basePath: /tmf-api/productInventory/v4
+
+    - name: product-ordering-management
+      image: tmforum-product-ordering-management
+      basePath: /tmf-api/productOrderingManagement/v4
+
+    - name: resource-catalog
+      image: tmforum-resource-catalog
+      basePath: /tmf-api/resourceCatalog/v4
+
+    - name: resource-function-activation
+      image: tmforum-resource-function-activation
+      basePath: /tmf-api/resourceFunctionActivation/v4
+
+    - name: resource-inventory
+      image: tmforum-resource-inventory
+      basePath: /tmf-api/resourceInventoryManagement/v4
+
+    - name: service-catalog
+      image: tmforum-service-catalog
+      basePath: /tmf-api/serviceCatalogManagement/v4
+
+  # redis caching
+  redis:
+    enabled: false
+
+  registration:
+    enabled: true
+    # -- name to be used for the registration jobs
+    name: tmf-api-registration
+    # -- configuration to register the dataplane at the credentials-config-service
+    ccs:
+      # -- endpoint of the ccs to regsiter at
+      endpoint: http://credentials-config-service:8080
+      # -- service id of the data-service to be used
+      id: tmf-api
+      # -- default scope to be created for the data plane
+      defaultOidcScope:
+        # -- name of the scope
+        name: default
+        # -- name of the default credential to be configured
+        credentialType: VerifiableCredential
+        # -- needs to be updated for the concrete dataspace
+        trustedParticipantsLists: http://tir.trust-anchor.org
+        trustedIssuersLists: http://trusted-issuers-list:8080
+
+## configuration of the tm-forum-api - see https://github.com/FIWARE/helm-charts/tree/main/charts/contract-management for details
+contract-management:
+  # -- should it be enabled? set to false if one outside the chart is used.
+  enabled: true
+  services:
+    ## Config for Trusted Issuers List
+    til:
+      ## URL of the Trusted Issuers List Service
+      url: http://trusted-issuers-list:8080
+    ## Config for the TM Forum Service hosting the APIs
+    product:
+      ## URL of the TM Forum Service hosting the Product Ordering API
+      url: http://tm-forum-api:8080
+    party:
+      ## URL of the TM Forum Service hosting the Party API
+      url: http://tm-forum-api:8080
+
 # -- configuration for the did-helper, should only be used for demonstrational deployments, see https://github.com/wistefan/did-helper
 did:
   enabled: false
diff --git a/charts/trust-anchor/Chart.yaml b/charts/trust-anchor/Chart.yaml
index 6eebc53..cd9df7b 100644
--- a/charts/trust-anchor/Chart.yaml
+++ b/charts/trust-anchor/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: trust-anchor
 description: Umbrella Chart to provide a minimal trust anchor for a FIWARE Dataspace
-version: 2.0.0
+version: 0.0.1
 dependencies:
   - name: trusted-issuers-list
     condition: trusted-issuers-list.enabled
@@ -10,4 +10,4 @@ dependencies:
   - name: mysql
     condition: mysql.enabled
     version: 9.4.4
-    repository: https://charts.bitnami.com/bitnami
+    repository: https://charts.bitnami.com/bitnami
\ No newline at end of file
diff --git a/doc/deployment-integration/local-deployment/LOCAL.MD b/doc/deployment-integration/local-deployment/LOCAL.MD
index 3db2093..bcec7c0 100644
--- a/doc/deployment-integration/local-deployment/LOCAL.MD
+++ b/doc/deployment-integration/local-deployment/LOCAL.MD
@@ -194,11 +194,16 @@ essentially 3 building blocks:
     * [ODRL-PAP](https://github.com/wistefan/odrl-pap): Policy Administration & Information Point, that allows to
       configure policies in ODRL and provides them to the Open Policy Agent(translated into rego). It can be used to
       offer additional infromation to be taken into account.
+* Value creation:
+    * [TMForum API](https://github.com/FIWARE/tmforum-api): Implementation of the [TMForum APIs](https://www.tmforum.org/oda/open-apis/directory) 
+      to provide API's focused for offering, selling and buying data products and services.
+    * [Contract Management](https://github.com/FIWARE/contract-management): Enables access to services and data when orders
+      happend at the TMForum-API
 * [did-helper](https://github.com/wistefan/did-helper) - a small helper application, providing the decentralized
   identity to be used for the local Data Space
 
 After the deployment, the provider can create a policy to allow access to its data. An example policy can be found in
-the [test-resources](../../../it/src/test/resources/policies/energyReport.json)
+the [test-resources](../it/src/test/resources/policies/energyReport.json)
 It allows every participant to access entities of type ```EnergyReport```.
 
 > :warning: The PAP and Scorpio APIs are only published to make demo interactions easier.
@@ -239,7 +244,7 @@ The policy can be created at the PAP via:
                 ]
               },
               "odrl:assignee": {
-                "@id": "odrl:any"
+                "@id": "vc:any"
               },
               "odrl:action": {
                 "@id": "odrl:read"
@@ -413,6 +418,413 @@ With that token, try to access the data again:
     --header "Authorization: Bearer ${DATA_SERVICE_ACCESS_TOKEN}"
 ```
 
+### Buy access to a service offering
+
+An essential use-case within Dataspaces is trading of data and digital services. The Minimal Viable Dataspace supports 
+such marketplace services as part of the Data Provider. In the scenario, M&P Operations will offer managed Kubernetes Clusters
+to other participants of the Dataspace. While every participant should be allowed to see the offerings, only those that are 
+registered as customers at M&P Operations and bought access should be allowed to create clusters. 
+The following steps will show how Fancy Marketplace views the available offerings of M&P Operations, then decides to buy 
+managed Kubernetes Services from M&P Operations and creates the cluster itself.
+
+#### Offer creation
+
+Similar to the interactions required for making the energy reports available, M&P Operations as the provider has to create some policies first.
+Since the offerings are handled through the TMForum APIs, the policies belong to them:
+1. Allow every authenticated participant to read offerings:
+```shell
+  curl -s -X 'POST' http://pap-provider.127.0.0.1.nip.io:8080/policy \
+    -H 'Content-Type: application/json' \
+    -d  '{
+          "@context": {
+            "dc": "http://purl.org/dc/elements/1.1/",
+            "dct": "http://purl.org/dc/terms/",
+            "owl": "http://www.w3.org/2002/07/owl#",
+            "odrl": "http://www.w3.org/ns/odrl/2/",
+            "rdfs": "http://www.w3.org/2000/01/rdf-schema#",
+            "skos": "http://www.w3.org/2004/02/skos/core#"
+          },
+          "@id": "https://mp-operation.org/policy/common/type",
+          "@type": "odrl:Policy",
+          "odrl:permission": {
+            "odrl:assigner": {
+              "@id": "https://www.mp-operation.org/"
+            },
+            "odrl:target": {
+              "@type": "odrl:AssetCollection",
+              "odrl:source": "urn:asset",
+              "odrl:refinement": [
+                {
+                  "@type": "odrl:Constraint",
+                  "odrl:leftOperand": "tmf:resource",
+                  "odrl:operator": {
+                    "@id": "odrl:eq"
+                  },
+                  "odrl:rightOperand": "productOffering"
+                }
+              ]
+            },
+            "odrl:assignee": {
+              "@id": "vc:any"
+            },
+            "odrl:action": {
+              "@id": "odrl:read"
+            }
+          }
+        }'
+```
+2. Allow every authenticated participant to register as customer at M&P Operations:
+```shell
+  curl -s -X 'POST' http://pap-provider.127.0.0.1.nip.io:8080/policy \
+    -H 'Content-Type: application/json' \
+    -d  '{
+          "@context": {
+            "dc": "http://purl.org/dc/elements/1.1/",
+            "dct": "http://purl.org/dc/terms/",
+            "owl": "http://www.w3.org/2002/07/owl#",
+            "odrl": "http://www.w3.org/ns/odrl/2/",
+            "rdfs": "http://www.w3.org/2000/01/rdf-schema#",
+            "skos": "http://www.w3.org/2004/02/skos/core#"
+          },
+          "@id": "https://mp-operation.org/policy/common/type",
+          "@type": "odrl:Policy",
+          "odrl:permission": {
+            "odrl:assigner": {
+              "@id": "https://www.mp-operation.org/"
+            },
+            "odrl:target": {
+              "@type": "odrl:AssetCollection",
+              "odrl:source": "urn:asset",
+              "odrl:refinement": [
+                {
+                  "@type": "odrl:Constraint",
+                  "odrl:leftOperand": "tmf:resource",
+                  "odrl:operator": {
+                    "@id": "odrl:eq"
+                  },
+                  "odrl:rightOperand": "organization"
+                }
+              ]
+            },
+            "odrl:assignee": {
+              "@id": "vc:any"
+            },
+            "odrl:action": {
+              "@id": "tmf:create"
+            }
+          }
+        }'
+```
+Similar to the previous policy, it restricts access to a defined TMForum Resource(e.g. with `"odrl:leftOperand" : "tmf:resource"`), but allows
+creation of such through the action `"tmf:create"`.
+
+3. Allow product orders: 
+```shell
+  curl -s -X 'POST' http://pap-provider.127.0.0.1.nip.io:8080/policy \
+    -H 'Content-Type: application/json' \
+    -d  '{
+          "@context": {
+            "dc": "http://purl.org/dc/elements/1.1/",
+            "dct": "http://purl.org/dc/terms/",
+            "owl": "http://www.w3.org/2002/07/owl#",
+            "odrl": "http://www.w3.org/ns/odrl/2/",
+            "rdfs": "http://www.w3.org/2000/01/rdf-schema#",
+            "skos": "http://www.w3.org/2004/02/skos/core#"
+          },
+          "@id": "https://mp-operation.org/policy/common/type",
+          "@type": "odrl:Policy",
+          "odrl:permission": {
+            "odrl:assigner": {
+              "@id": "https://www.mp-operation.org/"
+            },
+            "odrl:target": {
+              "@type": "odrl:AssetCollection",
+              "odrl:source": "urn:asset",
+              "odrl:refinement": [
+                {
+                  "@type": "odrl:Constraint",
+                  "odrl:leftOperand": "tmf:resource",
+                  "odrl:operator": {
+                    "@id": "odrl:eq"
+                  },
+                  "odrl:rightOperand": "productOrder"
+                }
+              ]
+            },
+            "odrl:assignee": {
+              "@id": "vc:any"
+            },
+            "odrl:action": {
+              "@id": "tmf:create"
+            }
+          }
+        }'
+```
+Accepting an offer essentially happens by creating a ProductOrder in TMForum. While this step is "manual" in our demo here, its
+usually hidden behind a marketplace application, taking care of the concrete TMForum interaction. A possible marketplace would be f.e. the [FIWARE BAE Marketplace](https://github.com/FIWARE-TMForum/Business-API-Ecosystem).
+
+In addition to the policies for accessing the TMForum-APIS, another one to handle the actual "cluster creation" is required:
+
+4. Allow creation of entities of type "K8SCluster" to authenticated participants with the role "OPERATOR":
+```shell
+  curl -s -X 'POST' http://pap-provider.127.0.0.1.nip.io:8080/policy \
+    -H 'Content-Type: application/json' \
+    -d  '{
+              "@context": {
+                "dc": "http://purl.org/dc/elements/1.1/",
+                "dct": "http://purl.org/dc/terms/",
+                "owl": "http://www.w3.org/2002/07/owl#",
+                "odrl": "http://www.w3.org/ns/odrl/2/",
+                "rdfs": "http://www.w3.org/2000/01/rdf-schema#",
+                "skos": "http://www.w3.org/2004/02/skos/core#"
+              },
+              "@id": "https://mp-operation.org/policy/common/type",
+              "@type": "odrl:Policy",
+              "odrl:permission": {
+                "odrl:assigner": {
+                  "@id": "https://www.mp-operation.org/"
+                },
+                "odrl:target": {
+                  "@type": "odrl:AssetCollection",
+                  "odrl:source": "urn:asset",
+                  "odrl:refinement": [
+                    {
+                      "@type": "odrl:Constraint",
+                      "odrl:leftOperand": "ngsi-ld:entityType",
+                      "odrl:operator": {
+                        "@id": "odrl:eq"
+                      },
+                      "odrl:rightOperand": "K8SCluster"
+                    }
+                  ]
+                },
+                "odrl:assignee": {
+                  "@type": "odrl:PartyCollection",
+                  "odrl:source": "urn:user",
+                  "odrl:refinement": {
+                    "@type": "odrl:LogicalConstraint",
+                    "odrl:and": [
+                      {
+                        "@type": "odrl:Constraint",
+                        "odrl:leftOperand": {
+                          "@id": "vc:role"
+                        },
+                        "odrl:operator": {
+                          "@id": "odrl:hasPart"
+                        },
+                        "odrl:rightOperand": {
+                          "@value": "OPERATOR",
+                          "@type": "xsd:string"
+                        }
+                      },
+                      {
+                        "@type": "odrl:Constraint",
+                        "odrl:leftOperand": {
+                          "@id": "vc:type"
+                        },
+                        "odrl:operator": {
+                          "@id": "odrl:hasPart"
+                        },
+                        "odrl:rightOperand": {
+                          "@value": "OperatorCredential",
+                          "@type": "xsd:string"
+                        }
+                      }
+                    ]
+                  }
+                },
+                "odrl:action": {
+                  "@id": "odrl:use"
+                }
+              }
+            }'
+```
+Since initially only "UserCredentials" are allowed to be issued for the consumer inside the providers' Trusted-Issuers-List, no "OperatorCredentials"
+are accepted before an order was created. Thus, the policy effectively restricts the cluster creation to participants that bought access and assigned
+users with the role "Operator".
+
+In addition to the policies, an offering should be created. Similar to the broker access, the local deployment contains a direct
+ingress to the TMForum API for test and demo instrumentation. In production environments, this should never be accessible without an IAM framework in front.
+
+> :warning: This is a very simple demo product. Please check the [TMForum API Documentation](https://www.tmforum.org/oda/open-apis/directory/product-catalog-management-api-TMF620/v5.0.0) 
+> for all available options.
+
+The offer creation includes multiple steps:
+1. Create the product specification:
+```shell
+export PRODUCT_SPEC_ID=$(curl -X 'POST' http://tm-forum-api.127.0.0.1.nip.io:8080/tmf-api/productCatalogManagement/v4/productSpecification \
+     -H 'Content-Type: application/json;charset=utf-8' \
+     -d '{
+        "brand": "M&P Operations",
+        "version": "1.0.0",
+        "lifecycleStatus": "ACTIVE",
+        "name": "M&P K8S"
+     }' | jq '.id' -r ); echo ${PRODUCT_SPEC_ID}
+```
+2. Create a product offering, referencing the spec:
+```shell
+export PRODUCT_OFFERING_ID=$(curl -X 'POST' http://tm-forum-api.127.0.0.1.nip.io:8080/tmf-api/productCatalogManagement/v4/productOffering \
+     -H 'Content-Type: application/json;charset=utf-8' \
+     -d "{
+        \"version\": \"1.0.0\",
+        \"lifecycleStatus\": \"ACTIVE\",
+        \"name\": \"M&P K8S Offering\",
+        \"productSpecification\": {
+          \"id\": \"${PRODUCT_SPEC_ID}\"
+        }
+     }"| jq '.id' -r ); echo ${PRODUCT_OFFERING_ID}
+```
+
+#### Credentials issuance at the consumer
+
+In order to buy and use the offering, the consumer "Fancy Marketplace" has to issue two credentials. One for accessing and 
+buying the offerings from the provider and one to actually carry out the cluster creation. For the ease of configuration, in the 
+local environment the same user will take care of both actions. However, in a real use-case its possible to have different users
+taking care of that. The issuance process is the same as it can be found in the [Data Consumer Chapter](#the-data-consumer), therefor 
+the steps are combined within a script:
+
+1. Get the UserCredential:
+```shell
+ export USER_CREDENTIAL=$(./doc/scripts/get_credential_for_consumer.sh http://keycloak-consumer.127.0.0.1.nip.io:8080 user-credential); echo ${USER_CREDENTIAL}
+```
+2. Get the OperatorCredential:
+```shell
+ export OPERATOR_CREDENTIAL=$(./doc/scripts/get_credential_for_consumer.sh http://keycloak-consumer.127.0.0.1.nip.io:8080 operator-credential); echo ${OPERATOR_CREDENTIAL}
+```
+
+#### Buy access and create cluster
+
+With the credentials beeing issued, the employee of Fancy Marketplace now can buy and create the cluster. The authentication 
+steps are equal to the description in the [OID4VP Authentication chapter](#authenticate-via-oid4vp), thus are combined within scripts.
+
+In order to prove that not every user can just create a cluster, try the following:
+
+1. Try creation with the USER_CREDENTIAL - it should result in a 403
+```shell
+  export ACCESS_TOKEN=$(./doc/scripts/get_access_token_oid4vp.sh http://mp-data-service.127.0.0.1.nip.io:8080 $USER_CREDENTIAL default); echo ${ACCESS_TOKEN}
+  curl -X POST http://mp-data-service.127.0.0.1.nip.io:8080/ngsi-ld/v1/entities \
+    -H 'Accept: */*' \
+    -H 'Content-Type: application/json' \
+    -H "Authorization: Bearer ${ACCESS_TOKEN}" \
+    -d '{
+      "id": "urn:ngsi-ld:K8SCluster:fancy-marketplace",
+      "type": "K8SCluster",
+      "name": {
+        "type": "Property",
+        "value": "Fancy Marketplace Cluster"
+      },
+      "numNodes": {
+        "type": "Property",
+        "value": "3"
+      },
+      "k8sVersion": {
+        "type": "Property",
+        "value": "1.26.0"        
+      }
+    }'
+```
+2. Try access with the OPERATOR_CREDENTIAL - no token will be returned:
+```shell
+    ./doc/scripts/get_access_token_oid4vp.sh http://mp-data-service.127.0.0.1.nip.io:8080 $OPERATOR_CREDENTIAL operator
+```
+
+> :bulb: For easier access, the identity(in form of the did) of the consumer is available at ```http://did-consumer.127.0.0.1.nip.io:8080/did-material/did.env```.
+
+3. Export the Fancy Marketplace's did:
+```shell
+    export CONSUMER_DID=$(curl -X GET http://did-consumer.127.0.0.1.nip.io:8080/did-material/did.env | cut -d'=' -f2); echo ${CONSUMER_DID} 
+```
+
+4. Register Fancy Marketplace at M&P Operations:
+```shell
+  export ACCESS_TOKEN=$(./doc/scripts/get_access_token_oid4vp.sh http://mp-data-service.127.0.0.1.nip.io:8080 $USER_CREDENTIAL default); echo ${ACCESS_TOKEN}
+  export FANCY_MARKETPLACE_ID=$(curl -X POST http://mp-tmf-api.127.0.0.1.nip.io:8080/tmf-api/party/v4/organization \
+    -H 'Accept: */*' \
+    -H 'Content-Type: application/json' \
+    -H "Authorization: Bearer ${ACCESS_TOKEN}" \
+    -d "{
+      \"name\": \"Fancy Marketplace Inc.\",
+      \"partyCharacteristic\": [
+        {
+          \"name\": \"did\",
+          \"value\": \"${CONSUMER_DID}\" 
+        }
+      ]
+    }" | jq '.id' -r); echo ${FANCY_MARKETPLACE_ID} 
+```
+As a result of the operation, Fancy Marketplace Inc. is registered in M&P Operations customer system and has a customer id.
+
+5. Buy access. In order to buy access, a ProductOrder, referencing the offering from M&P Operations has to be created. A typical 
+marketplace implementation would take care of that and handle potential payments. For the sample use-case, we continue to communicate 
+with the TMForum-APIs directly.
+    1. List offerings
+    ```shell
+        export ACCESS_TOKEN=$(./doc/scripts/get_access_token_oid4vp.sh http://mp-data-service.127.0.0.1.nip.io:8080 $USER_CREDENTIAL default)
+        curl -X GET http://mp-tmf-api.127.0.0.1.nip.io:8080/tmf-api/productCatalogManagement/v4/productOffering -H "Authorization: Bearer ${ACCESS_TOKEN}"
+    ```
+    2. To accept the offering, one has to be choosen(in the example, only one exists) and its id needs to be extracted:
+    ```shell
+        export ACCESS_TOKEN=$(./doc/scripts/get_access_token_oid4vp.sh http://mp-data-service.127.0.0.1.nip.io:8080 $USER_CREDENTIAL default)
+        export OFFER_ID=$(curl -X GET http://mp-tmf-api.127.0.0.1.nip.io:8080/tmf-api/productCatalogManagement/v4/productOffering -H "Authorization: Bearer ${ACCESS_TOKEN}" | jq '.[0].id' -r); echo ${OFFER_ID}
+
+    ```
+   3. Create the order:
+   ```shell
+      export ACCESS_TOKEN=$(./doc/scripts/get_access_token_oid4vp.sh http://mp-data-service.127.0.0.1.nip.io:8080 $USER_CREDENTIAL default)
+      curl -X POST http://mp-tmf-api.127.0.0.1.nip.io:8080/tmf-api/productOrderingManagement/v4/productOrder \
+      -H 'Accept: */*' \
+      -H 'Content-Type: application/json' \
+      -H "Authorization: Bearer ${ACCESS_TOKEN}" \
+      -d "{
+          \"productOrderItem\": [
+            {
+              \"id\": \"random-order-id\",
+              \"action\": \"add\",
+              \"productOffering\": {
+                \"id\" :  \"${OFFER_ID}\"
+              }
+            }  
+          ],
+          \"relatedParty\": [
+            {
+              \"id\": \"${FANCY_MARKETPLACE_ID}\"
+            }
+          ]}"
+   ```
+   Once the order is created, TMForum will notify the ContractManagement to create an entry in the TrustedIssuersList, 
+   allowing Fancy Marketplace to access M&P Operation's services with an ```Operator Credential``` 
+6. Create a cluster as a Fancy Marketplace Operator:
+```shell
+  export ACCESS_TOKEN=$(./doc/scripts/get_access_token_oid4vp.sh http://mp-data-service.127.0.0.1.nip.io:8080 $OPERATOR_CREDENTIAL operator)
+  curl -X POST http://mp-data-service.127.0.0.1.nip.io:8080/ngsi-ld/v1/entities \
+    -H 'Accept: */*' \
+    -H 'Content-Type: application/json' \
+    -H "Authorization: Bearer ${ACCESS_TOKEN}" \
+    -d '{
+      "id": "urn:ngsi-ld:K8SCluster:fancy-marketplace",
+      "type": "K8SCluster",
+      "name": {
+        "type": "Property",
+        "value": "Fancy Marketplace Cluster"
+      },
+      "numNodes": {
+        "type": "Property",
+        "value": "3"
+      },
+      "k8sVersion": {
+        "type": "Property",
+        "value": "1.26.0"        
+      }
+    }'
+```
+7. Verify that it now exists:
+```shell
+  export ACCESS_TOKEN=$(./doc/scripts/get_access_token_oid4vp.sh http://mp-data-service.127.0.0.1.nip.io:8080 $OPERATOR_CREDENTIAL operator)
+  curl -X GET http://mp-data-service.127.0.0.1.nip.io:8080/ngsi-ld/v1/entities/urn:ngsi-ld:K8SCluster:fancy-marketplace \
+    -H 'Accept: */*' \
+    -H "Authorization: Bearer ${ACCESS_TOKEN}"
+```
+
 ## Deployment details
 
 In order to make the setup properly working locally and usable for development and try out, some adaptions have been
@@ -458,12 +870,12 @@ more organization-focused once like [did:web](https://w3c-ccg.github.io/did-meth
 ### Deployment
 
 The deployment leverages the [k3s-maven-plugin](https://github.com/kokuwaio/k3s-maven-plugin) to stay as close to the real deployments as possible,
-while providing integration with the [integration tests](../../../it/src/test).
+while providing integration with the [integration tests](../it/src/test).
 In order to build a concrete deployment, [maven](https://maven.apache.org/) executes the following steps, that would also be done by a `normal` deployment process:
 
-1. Copy the required charts([charts/](../../../charts)) to the target folder, e.g. `target/charts`
-2. Copy additionally required resources([k3s/infra & k3s/namespaces](../../../k3s/)) to the target folder, e.g. `target/k3s`
-3. Execute `helm template` on the charts, with the local values provided for each participant(e.g. [trust-anchor](../../../k3s/trust-anchor.yaml), [provider](../../../k3s/provider.yaml) and [consumer](../../../k3s/consumer.yaml)) and copy the manifests to the target folder(e.g. `target/k3s`)
+1. Copy the required charts([charts/](../charts)) to the target folder, e.g. `target/charts`
+2. Copy additionally required resources([k3s/infra & k3s/namespaces](../k3s/)) to the target folder, e.g. `target/k3s`
+3. Execute `helm template` on the charts, with the local values provided for each participant(e.g. [trust-anchor](../k3s/trust-anchor.yaml), [provider](../k3s/provider.yaml) and [consumer](../k3s/consumer.yaml)) and copy the manifests to the target folder(e.g. `target/k3s`)
 4. Spin up the cluster
 5. Apply the infrastructure resources to the cluster, via `kubectl apply`
-6. Apply the charts to the cluster, via `kubectl apply`
+6. Apply the charts to the cluster, via `kubectl apply`
\ No newline at end of file
diff --git a/doc/img/local/provider.drawio b/doc/img/local/provider.drawio
index 72172f2..bc2ad75 100644
--- a/doc/img/local/provider.drawio
+++ b/doc/img/local/provider.drawio
@@ -1,82 +1,110 @@
-<mxfile host="app.diagrams.net" modified="2024-05-30T14:31:58.806Z" agent="Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" etag="cKNEm-9uD4k9_LK0fMHC" version="24.4.9" type="device">
+<mxfile host="app.diagrams.net" modified="2024-06-19T07:53:19.175Z" agent="Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0" etag="J5tuqsFVNdiUhuI2mT8D" version="24.5.3" type="device">
   <diagram name="Page-1" id="rYzr1DH2yIFesMKslzU0">
-    <mxGraphModel dx="1434" dy="764" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="850" pageHeight="1100" math="0" shadow="0">
+    <mxGraphModel dx="1434" dy="763" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="850" pageHeight="1100" math="0" shadow="0">
       <root>
         <mxCell id="0" />
         <mxCell id="1" parent="0" />
-        <mxCell id="w16GQVXMl-_tRw7hFywQ-32" value="&lt;div&gt;Data Provider&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;" style="rounded=1;whiteSpace=wrap;html=1;" vertex="1" parent="1">
-          <mxGeometry x="290" y="300" width="550" height="440" as="geometry" />
+        <mxCell id="w16GQVXMl-_tRw7hFywQ-32" value="&lt;div&gt;Data Provider&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;" style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="30" y="310" width="730" height="440" as="geometry" />
         </mxCell>
-        <mxCell id="w16GQVXMl-_tRw7hFywQ-7" value="did-helper" style="rounded=1;whiteSpace=wrap;html=1;" vertex="1" parent="1">
-          <mxGeometry x="690" y="350" width="120" height="60" as="geometry" />
+        <mxCell id="w16GQVXMl-_tRw7hFywQ-7" value="did-helper" style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="430" y="360" width="120" height="60" as="geometry" />
         </mxCell>
-        <mxCell id="w16GQVXMl-_tRw7hFywQ-13" value="&lt;div&gt;Scorpio&lt;/div&gt;&lt;div&gt;---&lt;/div&gt;&lt;div&gt;Data Plane&lt;br&gt;&lt;/div&gt;" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#e1d5e7;strokeColor=#9673a6;" vertex="1" parent="1">
-          <mxGeometry x="510" y="450" width="140" height="60" as="geometry" />
+        <mxCell id="w16GQVXMl-_tRw7hFywQ-13" value="&lt;div&gt;Scorpio&lt;/div&gt;&lt;div&gt;---&lt;/div&gt;&lt;div&gt;Data Plane&lt;br&gt;&lt;/div&gt;" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#e1d5e7;strokeColor=#9673a6;" parent="1" vertex="1">
+          <mxGeometry x="250" y="460" width="140" height="60" as="geometry" />
         </mxCell>
-        <mxCell id="w16GQVXMl-_tRw7hFywQ-14" value="Postgis" style="shape=cylinder3;whiteSpace=wrap;html=1;boundedLbl=1;backgroundOutline=1;size=15;fillColor=#e1d5e7;strokeColor=#9673a6;" vertex="1" parent="1">
-          <mxGeometry x="720" y="440" width="60" height="80" as="geometry" />
+        <mxCell id="w16GQVXMl-_tRw7hFywQ-14" value="Postgis" style="shape=cylinder3;whiteSpace=wrap;html=1;boundedLbl=1;backgroundOutline=1;size=15;fillColor=#e1d5e7;strokeColor=#9673a6;" parent="1" vertex="1">
+          <mxGeometry x="460" y="450" width="60" height="80" as="geometry" />
         </mxCell>
-        <mxCell id="w16GQVXMl-_tRw7hFywQ-15" value="" style="endArrow=none;html=1;rounded=0;entryX=1;entryY=0.5;entryDx=0;entryDy=0;" edge="1" parent="1" source="w16GQVXMl-_tRw7hFywQ-14" target="w16GQVXMl-_tRw7hFywQ-13">
+        <mxCell id="w16GQVXMl-_tRw7hFywQ-15" value="" style="endArrow=none;html=1;rounded=0;entryX=1;entryY=0.5;entryDx=0;entryDy=0;" parent="1" source="w16GQVXMl-_tRw7hFywQ-14" target="w16GQVXMl-_tRw7hFywQ-13" edge="1">
           <mxGeometry width="50" height="50" relative="1" as="geometry">
-            <mxPoint x="460" y="570" as="sourcePoint" />
-            <mxPoint x="510" y="520" as="targetPoint" />
+            <mxPoint x="200" y="580" as="sourcePoint" />
+            <mxPoint x="250" y="530" as="targetPoint" />
           </mxGeometry>
         </mxCell>
-        <mxCell id="w16GQVXMl-_tRw7hFywQ-16" value="&lt;div&gt;Apisix&lt;/div&gt;&lt;div&gt;---&lt;/div&gt;&lt;div&gt;Policy Enforcement Point&lt;br&gt;&lt;/div&gt;" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;" vertex="1" parent="1">
-          <mxGeometry x="320" y="450" width="140" height="60" as="geometry" />
+        <mxCell id="w16GQVXMl-_tRw7hFywQ-16" value="&lt;div&gt;Apisix&lt;/div&gt;&lt;div&gt;---&lt;/div&gt;&lt;div&gt;Policy Enforcement Point&lt;br&gt;&lt;/div&gt;" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" vertex="1">
+          <mxGeometry x="60" y="460" width="140" height="60" as="geometry" />
         </mxCell>
-        <mxCell id="w16GQVXMl-_tRw7hFywQ-17" value="&lt;div&gt;Open Policy Agent&lt;/div&gt;&lt;div&gt;---&lt;/div&gt;&lt;div&gt;Policy Decision Point &lt;br&gt;&lt;/div&gt;" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;" vertex="1" parent="1">
-          <mxGeometry x="320" y="350" width="140" height="60" as="geometry" />
+        <mxCell id="w16GQVXMl-_tRw7hFywQ-17" value="&lt;div&gt;Open Policy Agent&lt;/div&gt;&lt;div&gt;---&lt;/div&gt;&lt;div&gt;Policy Decision Point &lt;br&gt;&lt;/div&gt;" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" vertex="1">
+          <mxGeometry x="60" y="360" width="140" height="60" as="geometry" />
         </mxCell>
-        <mxCell id="w16GQVXMl-_tRw7hFywQ-19" value="&lt;div&gt;ODRL-PAP&lt;/div&gt;&lt;div&gt;---&lt;/div&gt;&lt;div&gt;Policy Administration &amp;amp; Information Point&lt;br&gt;&lt;/div&gt;" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;" vertex="1" parent="1">
-          <mxGeometry x="510" y="345" width="140" height="70" as="geometry" />
+        <mxCell id="w16GQVXMl-_tRw7hFywQ-19" value="&lt;div&gt;ODRL-PAP&lt;/div&gt;&lt;div&gt;---&lt;/div&gt;&lt;div&gt;Policy Administration &amp;amp; Information Point&lt;br&gt;&lt;/div&gt;" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" vertex="1">
+          <mxGeometry x="250" y="355" width="140" height="70" as="geometry" />
         </mxCell>
-        <mxCell id="w16GQVXMl-_tRw7hFywQ-20" value="" style="endArrow=none;html=1;rounded=0;entryX=1;entryY=0.5;entryDx=0;entryDy=0;" edge="1" parent="1" source="w16GQVXMl-_tRw7hFywQ-19" target="w16GQVXMl-_tRw7hFywQ-17">
+        <mxCell id="w16GQVXMl-_tRw7hFywQ-20" value="" style="endArrow=none;html=1;rounded=0;entryX=1;entryY=0.5;entryDx=0;entryDy=0;" parent="1" source="w16GQVXMl-_tRw7hFywQ-19" target="w16GQVXMl-_tRw7hFywQ-17" edge="1">
           <mxGeometry width="50" height="50" relative="1" as="geometry">
-            <mxPoint x="160" y="720" as="sourcePoint" />
-            <mxPoint x="210" y="670" as="targetPoint" />
+            <mxPoint x="-100" y="730" as="sourcePoint" />
+            <mxPoint x="-50" y="680" as="targetPoint" />
           </mxGeometry>
         </mxCell>
-        <mxCell id="w16GQVXMl-_tRw7hFywQ-21" value="&lt;div&gt;VCVerifier&lt;/div&gt;&lt;div&gt;---&lt;/div&gt;&lt;div&gt;Credentials Verifier&lt;br&gt;&lt;/div&gt;" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#fff2cc;strokeColor=#d6b656;" vertex="1" parent="1">
-          <mxGeometry x="320" y="610" width="140" height="60" as="geometry" />
+        <mxCell id="w16GQVXMl-_tRw7hFywQ-21" value="&lt;div&gt;VCVerifier&lt;/div&gt;&lt;div&gt;---&lt;/div&gt;&lt;div&gt;Credentials Verifier&lt;br&gt;&lt;/div&gt;" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#fff2cc;strokeColor=#d6b656;" parent="1" vertex="1">
+          <mxGeometry x="60" y="620" width="140" height="60" as="geometry" />
         </mxCell>
-        <mxCell id="w16GQVXMl-_tRw7hFywQ-24" value="" style="endArrow=none;html=1;rounded=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" edge="1" parent="1" source="w16GQVXMl-_tRw7hFywQ-16" target="w16GQVXMl-_tRw7hFywQ-17">
+        <mxCell id="w16GQVXMl-_tRw7hFywQ-24" value="" style="endArrow=none;html=1;rounded=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" parent="1" source="w16GQVXMl-_tRw7hFywQ-16" target="w16GQVXMl-_tRw7hFywQ-17" edge="1">
           <mxGeometry width="50" height="50" relative="1" as="geometry">
-            <mxPoint x="70" y="500" as="sourcePoint" />
-            <mxPoint x="120" y="450" as="targetPoint" />
+            <mxPoint x="-190" y="510" as="sourcePoint" />
+            <mxPoint x="-140" y="460" as="targetPoint" />
           </mxGeometry>
         </mxCell>
-        <mxCell id="w16GQVXMl-_tRw7hFywQ-25" value="&lt;div&gt;Credentials Config Service&lt;br&gt;&lt;/div&gt;" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#fff2cc;strokeColor=#d6b656;" vertex="1" parent="1">
-          <mxGeometry x="510" y="560" width="140" height="60" as="geometry" />
+        <mxCell id="w16GQVXMl-_tRw7hFywQ-25" value="&lt;div&gt;Credentials Config Service&lt;br&gt;&lt;/div&gt;" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#fff2cc;strokeColor=#d6b656;" parent="1" vertex="1">
+          <mxGeometry x="250" y="570" width="140" height="60" as="geometry" />
         </mxCell>
-        <mxCell id="w16GQVXMl-_tRw7hFywQ-26" value="Trusted Issuers List" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#fff2cc;strokeColor=#d6b656;" vertex="1" parent="1">
-          <mxGeometry x="510" y="660" width="140" height="60" as="geometry" />
+        <mxCell id="w16GQVXMl-_tRw7hFywQ-26" value="Trusted Issuers List" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#fff2cc;strokeColor=#d6b656;" parent="1" vertex="1">
+          <mxGeometry x="250" y="670" width="140" height="60" as="geometry" />
         </mxCell>
-        <mxCell id="w16GQVXMl-_tRw7hFywQ-27" value="MySql" style="shape=cylinder3;whiteSpace=wrap;html=1;boundedLbl=1;backgroundOutline=1;size=15;fillColor=#fff2cc;strokeColor=#d6b656;" vertex="1" parent="1">
-          <mxGeometry x="720" y="590" width="60" height="80" as="geometry" />
+        <mxCell id="w16GQVXMl-_tRw7hFywQ-27" value="MySql" style="shape=cylinder3;whiteSpace=wrap;html=1;boundedLbl=1;backgroundOutline=1;size=15;fillColor=#fff2cc;strokeColor=#d6b656;" parent="1" vertex="1">
+          <mxGeometry x="460" y="600" width="60" height="80" as="geometry" />
         </mxCell>
-        <mxCell id="w16GQVXMl-_tRw7hFywQ-28" value="" style="endArrow=none;html=1;rounded=0;entryX=1;entryY=0.5;entryDx=0;entryDy=0;exitX=0;exitY=0.5;exitDx=0;exitDy=0;exitPerimeter=0;" edge="1" parent="1" source="w16GQVXMl-_tRw7hFywQ-27" target="w16GQVXMl-_tRw7hFywQ-25">
+        <mxCell id="w16GQVXMl-_tRw7hFywQ-28" value="" style="endArrow=none;html=1;rounded=0;entryX=1;entryY=0.5;entryDx=0;entryDy=0;exitX=0;exitY=0.5;exitDx=0;exitDy=0;exitPerimeter=0;" parent="1" source="w16GQVXMl-_tRw7hFywQ-27" target="w16GQVXMl-_tRw7hFywQ-25" edge="1">
           <mxGeometry width="50" height="50" relative="1" as="geometry">
-            <mxPoint x="310" y="770" as="sourcePoint" />
-            <mxPoint x="360" y="720" as="targetPoint" />
+            <mxPoint x="50" y="780" as="sourcePoint" />
+            <mxPoint x="100" y="730" as="targetPoint" />
           </mxGeometry>
         </mxCell>
-        <mxCell id="w16GQVXMl-_tRw7hFywQ-29" value="" style="endArrow=none;html=1;rounded=0;entryX=0;entryY=0;entryDx=0;entryDy=52.5;entryPerimeter=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" edge="1" parent="1" source="w16GQVXMl-_tRw7hFywQ-26" target="w16GQVXMl-_tRw7hFywQ-27">
+        <mxCell id="w16GQVXMl-_tRw7hFywQ-29" value="" style="endArrow=none;html=1;rounded=0;entryX=0;entryY=0;entryDx=0;entryDy=52.5;entryPerimeter=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" parent="1" source="w16GQVXMl-_tRw7hFywQ-26" target="w16GQVXMl-_tRw7hFywQ-27" edge="1">
           <mxGeometry width="50" height="50" relative="1" as="geometry">
-            <mxPoint x="640" y="690" as="sourcePoint" />
-            <mxPoint x="560" y="770" as="targetPoint" />
+            <mxPoint x="380" y="700" as="sourcePoint" />
+            <mxPoint x="300" y="780" as="targetPoint" />
           </mxGeometry>
         </mxCell>
-        <mxCell id="w16GQVXMl-_tRw7hFywQ-30" value="" style="endArrow=none;html=1;rounded=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" edge="1" parent="1" source="w16GQVXMl-_tRw7hFywQ-21" target="w16GQVXMl-_tRw7hFywQ-25">
+        <mxCell id="w16GQVXMl-_tRw7hFywQ-30" value="" style="endArrow=none;html=1;rounded=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" parent="1" source="w16GQVXMl-_tRw7hFywQ-21" target="w16GQVXMl-_tRw7hFywQ-25" edge="1">
           <mxGeometry width="50" height="50" relative="1" as="geometry">
-            <mxPoint x="100" y="730" as="sourcePoint" />
-            <mxPoint x="150" y="680" as="targetPoint" />
+            <mxPoint x="-160" y="740" as="sourcePoint" />
+            <mxPoint x="-110" y="690" as="targetPoint" />
           </mxGeometry>
         </mxCell>
-        <mxCell id="w16GQVXMl-_tRw7hFywQ-31" value="" style="endArrow=none;html=1;rounded=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" edge="1" parent="1" source="w16GQVXMl-_tRw7hFywQ-21" target="w16GQVXMl-_tRw7hFywQ-26">
+        <mxCell id="w16GQVXMl-_tRw7hFywQ-31" value="" style="endArrow=none;html=1;rounded=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" parent="1" source="w16GQVXMl-_tRw7hFywQ-21" target="w16GQVXMl-_tRw7hFywQ-26" edge="1">
           <mxGeometry width="50" height="50" relative="1" as="geometry">
-            <mxPoint x="320" y="770" as="sourcePoint" />
-            <mxPoint x="370" y="720" as="targetPoint" />
+            <mxPoint x="60" y="780" as="sourcePoint" />
+            <mxPoint x="110" y="730" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="zDRT03OJtIV-XoysJIOY-1" value="TMForum-API" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#ffe6cc;strokeColor=#d79b00;" vertex="1" parent="1">
+          <mxGeometry x="580" y="570" width="140" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="zDRT03OJtIV-XoysJIOY-2" value="Contract Management" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#ffe6cc;strokeColor=#d79b00;" vertex="1" parent="1">
+          <mxGeometry x="580" y="670" width="140" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="zDRT03OJtIV-XoysJIOY-3" value="" style="endArrow=none;html=1;rounded=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" edge="1" parent="1" source="zDRT03OJtIV-XoysJIOY-2" target="zDRT03OJtIV-XoysJIOY-1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="980" y="610" as="sourcePoint" />
+            <mxPoint x="1030" y="560" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="zDRT03OJtIV-XoysJIOY-4" value="" style="endArrow=classic;html=1;rounded=0;exitX=0;exitY=0.5;exitDx=0;exitDy=0;" edge="1" parent="1" source="zDRT03OJtIV-XoysJIOY-2" target="w16GQVXMl-_tRw7hFywQ-26">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="450" y="840" as="sourcePoint" />
+            <mxPoint x="500" y="790" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="zDRT03OJtIV-XoysJIOY-5" value="" style="endArrow=none;html=1;rounded=0;exitX=0.5;exitY=1;exitDx=0;exitDy=0;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" edge="1" parent="1">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="310" y="520" as="sourcePoint" />
+            <mxPoint x="640" y="570" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="310" y="550" />
+              <mxPoint x="640" y="550" />
+            </Array>
           </mxGeometry>
         </mxCell>
       </root>
diff --git a/doc/img/local/provider.jpg b/doc/img/local/provider.jpg
index 9872363b445bc985de69537813117f99e0c65c11..7a70132aee97f0ded2840773b7b337b1a0fee740 100644
GIT binary patch
delta 41585
zcmb@ucT`i|-Yy!7fYN&>AibkBrG+A0KtXy_5oywUT}m$kLZk@Nq)G3Dj&!AWq(cCa
zo=_u%aPq!;@9*w0zWt4J&%Ni5IaacmD|4~(tIzYyeEWn~cZm0)2<ND#_z5obEiNyh
ztQ<P5h?lJA2s&Q80WENLU8L3hUL}=?cZDmI;K!3Bp<d40)kQvW(|1-@)8<QOiByq7
zM*h)c$R!HHOs(*5ai9PMW~RlzXs_2eGk7LsfJEoi;bY)9UQ{<Y#w_tjPUY&c--a(5
zIdQto){k?#Y$vq(x#%rDhKB24WPp4C99svu=!E4bo+i**Pu6we)8N*z<JaQ?Pnp6k
zexd_VWp9FkhJ)g3-bQytq7a6l*OUH;)dTLb6`RB27_@ZJYVJADsH`;S?w^ZX0x)gJ
zL<ki#S_d)IlPyu3nAU<wEq!y8?ko5rIQkkPdix;Z6KDzHIzS$kEip?NQE?_)0q$)j
ziR!sL``F@AU>I`3MO|9|{lPGh<f^Ma@;#UA{OuhOA1D|1|2eE-?gm**%8`CGK^f~z
zRt0HqkiH<^$!41ZNmH>u5Fg!FHe2LhFa8)YHrTop&d$;uM295r?QTgspsZ3YTYNy0
zO)|-oDvZ12Yo6H3Q{+B(08-W%{1%mrvuEa$RlGwd<`AGmAJLwYRZ5f#gT>gya<S4H
zD&8T?rNMa(rR<jnqLADD01jGu_H>mLm8uisY+zL1)Y(us(I#H9N7YbIPNgka5#QD?
zVU$f_dj7sCmn^JXK@>5U7$j>4A0u+2a178v+1wg_2ugXG@V*?6v#gAh6ErwD_>Dpp
zq~idWr@FG54!Y+MlI)oAm~KuwwaeV=p6)A(8m{MuVngo%>I+@>K9Iu`!c;%r^GuX9
zlJM#H=@^+)zyc&@B1a|X8KR@CaAEhY+GLWGyRS2ic#g2?xA>na`rjyS=aTDxm%n_1
zJ5KlzKoWLm829WY#+nsg_vJ($NJP%Lh`0#3aHcYIM~&JA`Y6d%D{8*abyK^u9Si#X
z8|OYBjy)(BnvW|3JiGxhp&<z4-eB+*;eZvx)LARVo`m~yH%pJe=kglZN`mSGf!`{)
z_lYEMw(S&AFvN3z3|Yst0w+p_&33%Od`#SG3XYdkV>Jj&0edM^x5*vGZY#2dt%*jn
zQKQn<f1`EQuJsOl-XGvk{Gje}caXV8iEw<l&Hm|jkJ>I!F8kLV{hMLPb;8wq6Dg&m
zzo0Y`$;8^LOe>3VnTv}lCqhBeFBd~sEWfh1))<*McaaL>YMM+eD@unjpoI`OpzZ@6
z_^NJG>x^Wu{!{OYy_UEb*E6Te6Fqj2doq<IF^f~Usv+nJp`GF_5Dn-F&R+*;xw<64
z#)uT}C0=t~knO@q&7dE`hn8uBD64i{z4K5uPiOIsJyv)0RcS&8Z$Gw8z8x(Bk|meG
zSzi%B&_|!`Ir$<XUGuA2$jDZBCzWYWDN6sO7d#*Dc3!ifB$DMUpyKT7RwmiKw9J}1
zY^iCSgusCoprlP35zhVjRY5efl7KMKtALO4x2v#nRG^vOPRgFOi!*SlhdpcRxF_dx
zAe;{M?zIn(il$ZsD~1eQs+FyG5~5%|83|#51!fDV+QVRh6+JS&FJ{EI^FlR73JVI`
z(upO)AF+JoPU&v41+f6%$mds0Za@*7h*lF+{05k9brq%8gIL*Fp_*|9_A7+FvJ`*H
zff(}YW4Bf$GM*V`n-U2_QyFu~R8&wZ>j04-c-<D(TNRqkjwFms><OpOuuXmE`PEVd
z-po;dV%HKX;b7D1w{g7D`~ipX<6Z~5F*{Qyu>xI?`Ba<p+E`>Kg@m)(wpQw@5-J6*
zV>vzKczIovk?Kpw^Wqrz6pyC!y$*R<TfJ+KHz>IpkuiiBz32cVx4ZNh{lfY#z(hf^
zMJTRCdud-P2ZO%C{kHm*=#U<nvGyWOxyCHUmuxTCOh9K0Az-u;^!$B}!HkeAd`_<y
zr)1H|sDr3A)f%OqLa^vrDY>wqZtvU`aS&9;n_(LMxK~S2zF6{H4RH(B(>Xu&jY$RN
zXi0C}ggE@<S<&O^GGW<p1De09sW8q$ctUZvm$q3oo&xk01UhGeCgCaq$2Xwp&f90&
zRTRa2*5Q{ajbR%@CbRs*U6DC(Vp|r|U7~y;&<)5~CQOL;@K71qL~zl41Bz*}>m8wk
zZ%OQBF<VU9T@keBS=DB?^PKX%j<hT&!zFr^q^U`nGX23Gul8RNlZ+g`-K(SWZ9z35
zbKO!v-lm_8yG4`9E~<XuC6#t4v3&2QN8>oVgYApanT2LwMMWXB5Xz<iErLL|csFcb
z7FCs6Naa`V`KnwC8g;tir%`3Qf4h?u*7#tC(?Z}KRPT-`^!czQbex^katllsL|L}O
zGz?+EFz(#9^y^V+xKhX~{I(8R=b8MN8c6@+j-Ad3cYXW?*B}*@DIZ=ZA}UTol-1AX
zF)}LBRdqJ4%$$3szE!Jn7VQ1;IH6cz(9Q6jJ`Vm9f<EXgvPx(*8J`H-!#q*60C~JV
zN)i;;4Nw=f&YXIK@N4EatfemJgDbzR`jpDZ(T883(ctWR)wz<t#f5&r<pJ=<Ffu6F
zXUN1JXEg{(t^&^llYC%L;%Da>p~X>{exT6%Y=g@I!B8SD3Nq+7jL2jVur@+Iz(k!o
zb#^VYs^7SL5$@5?B1kqY{XC(UQjz&1HYPxuZb0G1=h^Y(BTm>*()G&%AYYUW{89?6
zXm|~<4S59H<IVn^zkr9Vfdj4%fg&ln4m-i_E{h^OsRlF@jX3ik3R>5WX`Xutk<<1W
z(@lTo7i?&q7d-)HMjg|$jfZG`Y=Lg44beZR6Tq=3YS!AM*C!EfbC!|y;or|soV{1K
z$8h|Qr-A>o>HpVf1EQ$^-7WrKU-RFW1pcR|RkpE8y9k!rel%6Z2@a6;U*W%p8AUwH
zdHF0bR-wU4rm6V%{tXC>!ZRtUm>C^XnUgr8*x4y@sI5~Q{yw;CxZ(ZamA70ZAq;+>
zNOD=L+(|u~&{8I;gv~yKHt)qhat48VEO6G3IFC{&BoUPC-;7+5;u0L;3|G|H6#0dp
z{f&B|y4TQ)znR;&_AG!?ra}HQOQK9eotRvju{4$C$`a0bT(f_&z6`l7>qj?2t+faR
zOY^quqcTh@n+vRUsm@3Y>+h7G47J5UpdVa_TOc<X@`1z%E1p@QQyu2sBcY6sKs;HN
zCr^$yX+r+pP%SenO{T@AM%rjfjm@_j-x*8Y?2B&;YY5+f?DZm~nU*prXT43><jpLJ
zR+jw&pTeee^H_c@AIxGj=w@<84H$3@nwuE8o__C1HfpA8xKaz^L!9T8{d8Q&Zl?(W
zH%kRnT%ybkp}I9GhNj_jKi)Wh00dg-Y}gI)U&T6-hK7Gy*ijG|ms~bBnUKg*w6L-l
zS8@HS#_7i4|3Y(vIr`3@ghy{mI6t!~(F#jw>o|I@+(!+q>ESv}plqzttTGJ(!3UhK
zg?>)@GbBE(^K$c~pQ)nfJgWbE-_cQR@c3wMtaJk+u3NXuTKi7jFO@9a%K>ouy%}Ih
zfUQ$nM%(Ihe)9si37*_9Ug5Cc3iw0FIrlvuUbTR?4uqan7%L$O@+$@uLX$L0$DG$I
zbPq?nxZZ12$WKch;j6qL(SGo46COd(rPTiPx6}pQg%8qlL62ozH;zkRtt(~xeI&k{
z5+VC^vgTi3K92tRx6vJcJHYKcARKg^eJH~9{t~D!W+_>V9W7J<{AD%Y+<+>xl^qW2
z?Y^MYtz4<>r7k~@mrFBe6Q_UN<eF$!$Lo;h=bWZ+8t*ak-YIFYt2;9jpU5{@=+c<4
z7*YPKG{y@@#URx&l%&c7-Bt{Uk?mNtO<C^+os4in+?~Rf`(?{wmKI|C&MxJH(v7AG
zMiNQy%s{<VnCX*5$#Ml+Q@ZW%^a1gsW3JLeiNM^;>sugEC<VO@l#!m(kmig$2B60<
zt6$e4oxaHkUqpN%xmZ{YuM!b?J;jN~;}pmEl1hS|q^|q8<?P<Ut+#{~^DAbKbRVpL
zTB>+Dc`}WVj5qmh#YY;ZM3EFwD6vr3<2qu~pdfGz%%g!9DjQXi<x+`+emzfOXM%-}
z8XbMsfqB&qu|z#y)~|nuPjY^gGNe9)JIEGEk`subDwAge+Y5UI(hXc=nwlW-pnwMK
zlQuSN31k&HJ{KciT>K#rwp*%!F{I`GLC8HpEj>gx#y`P9cd7dMMI7~=*5=*A9#7!m
znNV+Xux6D&xW7Z6Kie}O)rIMN!9F$t#6@VmYz`Hw%m_B+wW!$P+&ciGd;T?-%yj;f
zp`p_2*C1RCnn~A3x25*q=MbQuAoLPlsw9rcc8yh@R6k1n)$?Sk(rfQK+(TK*`7l4h
zS~#|v9Ol6OR+qo2p=rr%X?OP#4Ne@eA<BRX{Km%AhV+fC;%=DS$7S4#oi$IpwQQqU
zqg=t6e3*Mn-@~C`v6e|!_xm8ix(~qjyVCENkc0S_sFpg^sJeR>?=DClrucmLZo<`}
zy7^RNBKbXDgy07?Po2J8clVhL1zzM>WDv`^dezDp4eW{Kk`fJ_=h6=WbLH1S=1b-G
z!`+fxe9Y;HycpbMo&DR=H7!K!l;bBF%HxER?nvG)sT_)m5LyeTiQ?EQui2TksbPKF
z1KL6QRoD=rM+Z$Kobo%qAjKccN(EyVmndxwB}K-|?9KxFix%Ci5~~7wrmYPV2V`xs
zU6Z+g<sA|dTn^Z$Ki|69P`4I<b*BuPw|uxqZws7U86ADx-DwZPjrB!cC0UA&N{pTa
zCk6AbTZ`O%YN-!M99#!5zpyNQ@P{qlDrx1Pb+`wZTI~R=r>_fX5FR6Bl?Lxvm>h*d
z;OZixYgWb5CZFH^?SjMDZ)mn~LoYI07~vBiB-B9atK2yy42Wp5t4PcqF+Jo=ihS;O
zS{hgP*xkn=TeWgeCat%M0A;=YIv&y5$3y^gDz*2e?{t|cgw>4ORJVr0jS~=6^V=NG
z3lAb%e>Anc5^%XY*K*`Bx#eQ~P`gAj*k&El3wbxoMt}_S%kNzgMoLI|=&YCh77~WH
z&bn|#qF0CR01N4p{B&+cYBu$^Zbj3~#%mN7e60Fu%^1XsN-9TzH~P-g;E4<i!oR9Y
zm*-LX@(R=QexcmeFa=#5*dnWlj|6^~Tb70eg$KW2uD)jP?x`q)bXW&R(Bqgk2)zA1
zKxOG5&BQv1A~&7hS7g#DS8Q$w7ok$MeRaRT#{s_*5Z5d#&^Fda51AGBbVg%1P-|&0
zfI{*HM4pbOBrRNNSkK~_U70-wV8bgK^b=M@gLy^^wXWL_yFenZ@~io|Srg@u^xyQr
zmP&9x1x8KRf*tI&_16#$M1jn&I8X1uuggE%0?I7Sm#)9CX9sVn5`TZ0VzS6Wg3B~L
zn+EKfWlUb{)~TZ$;NUo``>6P`-4JfnyR{s0zs51O6N#ZfL36#v9-dDO84tNy>is9C
zJRf16C8e;3Mbe6B@l$PnNi+CuDf+l(!fQyL`7w;b^rsSQLz`kUXAF(NSKe$8UdEUw
zZ;9iFzZ*9KY^zrj&-v_$E<u&&`_E?!>cFQ8H!%JUsCTp+{O#Iw!PtHFZ^L5KMrbXt
zYWLlMXxp59LUr`7`X=o$o*olFf10b%(CzIo_%x+~SDQXyCx8NGpf7IINplLcq}bll
z=)!kX1^Gkv7x4oi;X$fvt=#iPD1*L**`&h0g_Z9XpPs)9rs7I}6jrO2-vA02f##73
z0{(gt1LxKUqDVX)y)&84h@gk%I5!}j*<h^&gBwuDdLud!JNK^;w`GkJ;*a580(VOH
zk{bA;ab^7mFfwt9Y-LzOxARNHs2&(#+KO*L<D|CMDE(6)iB^H|w|~*68xZ@V-sL(N
z6Dl}bh!9m7Hm7s!_b(nG1)H@34G17sBA#s9Jh2PI2b&YEZ+%iBKT{2BdiP$Vm(VX`
zU4&LVRqTbwqEb^ssQ{^CBJFj4WmO1|JsT&oKWrUBwX*<;Y{QoRP|IDJH<zlj`R@Mm
zncVf1OXZ%<@6B2n84Xq10*Qk*E#&83JCOUT+4vQIOPljet3&gmyh{N;-}UIuadV3a
z(KZf$F6qfWw*2!Ff&?bULmP6Qv~3!=D_1pD`129SuYh>%KiNe$ptl{w1Mox&6xG-O
zhO&L8P1M<TLoiyX0Yd)cg{>XSMT_0M^GHGM@bmW(*(MyHdU91cD0*>=1$kXL9?r}9
zvr56%JDGNGKsD--XmLP3vi$~h`yRG{k6dq#+aKe}C)p9sOUZahoBlo1G&A5cE%&>w
zf((Nus8-<sS{KFXS@ctLgH+oZnbxaambuI`W|?p-YnN?_%iJjyXyRP%yrxM}cbiM`
z{qdLkLGwf!Lq%PTr$0}?%znhZ7b}FwR|<Df!Ej=0k`>hr2ntZGcQ4Q*X-tLsIdhoI
zPUi-CXP_)4p41A4oGCtS;wzY$S#=$5;P&=iJds7UQRh2Cs2j{7tY~2*TMay3ySG-d
zsGaol4=1{}=P&S`g9tx1?y;e=hnws^rXG*3bL*T=Bn3+ZFj?2OCq_3sJUgQB>)?;y
z4*wFi-tc+qc_#4nw8-7v58KLQpJ<L%&Ck7yH58tjHWaG2Di*9l$-<XcV5K1wbg4Cw
zlV}IJe24Xu_12=<Uz0*{JBcj%aqq%YXSEj#;`WD!=kT)C7IcERd6_*vXC)-b54>;V
zq>l`e2b_>H+N+G%d)0H?aSil6m)&ekJ9y;pt5Jz00?x(byoYtRsH-~?uIy!hA2mi;
zg4caxj@qaz9WsC@@4W{uUOM!;GyCOjjDcSyXHYZ3S=-5)m4(UYhYx1g+Lr{LlpWr0
zq#+!xl;-yAXhCV_`+34KaXeWF*dU@K1}QLj*)OYetFWO)6D{dZtcT0>N|k;Q)Bh?7
z^eBanPF>(hb+*$$NKT2|T*BqznL=UtW97HdL{U|o2&{86b1-A8NysL3=?&<o)y5xg
zr?)6x43GD74B_tRWNSioE-v(`mmu_+mn^efDP$R2Ri)g3(h{SPt{2B=j8ZqC-?O>o
zhR|TM$3SuU?*-#%uc3H)^Xka+{sXz@gI|_E?ruNe?9_7jN!{2tsQAy^cHdqf&dC0u
z$&@Ca#v?xTUJpM$*v*3vPqaIPdR&e&cM;{(BgHeN*XUqLS(I#Nm#mho$)?Get?tjd
zob|I#oJx}?(|0D!xwX#f14D~zXb@w*QyNbP&jgzD%g;TgRMlU3&M#<;r602A+&6r3
zl#H{Pttt!4JzR;L;ehg*3jrTcY1pWd1;KQ?0X&sLzFlA>XC^H|)F885_pg5ApTI2t
z?zyx~>L>RXcI8$M2BQ&F=OZs1av>{9_ca+IN1Wu2_LO5lH#OV}fFGe?7`c!iHz2kJ
zJ*pef*c{p)s5rj?8Qy>%?=1VU&e?pKd{gOlAhpncVyxCW!y77=80b?YG?j#Q;du0(
z8Z*duUch5s@HYha4<ybNEp!9=pj&nWdJ&konNo?jmV^2<6NUnp$!Z<Sbicg=eQrbt
zfUtnnKqp<$EySofu`7ckwrFR{7~!sHD9Z8-mQ^7#kmwh*-}H(U+vzaEl~`#_fAxeA
zXDx9dzbl&qkpg?)_V|N+YFYq!)LDAPK|%AhOF^39Nw3sIA8nJvQaX_mdHT_bEd@>!
zUJXhW>8XzDv4IPlE7d0pvXWcns3ZWI_%U3+`0{-1Vl^h#+$QUtspAJHKDc>+2!#>F
z=jA9<q+nNoYpkfGE#i7+AVNJ(^uYB?Q^LyZ1eLhY#ELeJ+cI}svXF<|qwqHbcXau1
zujdY!*Wxne6^?p{y}!y~IHu|a_q6w9D?|?aT<_a71qP-Y=|?=PWqtPwbl?Jzg0$Dc
z3xR8{2@-$Kf(Zw3yigMULCT_%q*5oku*}DCu35e$u%~L!K1N$AIonV=oW|r^AT7W_
zG|VAy2^G56NAF{Fp4QmnHE#7Ac0O0)?s2=(x>ozn(#tns{<ij7Hi{bfTY0AbLt*8?
z6%76-&gK{%)ol7m#c~{+4L4F&=4`{a><C2(9C<8u`usBkG@q1@9GlHfyjCytZa^2D
z*bD}(5u^kDk8{{Ry#;$9<WitV+1oJX#QAk##&1ALoklkx^XpaApMO{wFay*X4i5~E
zxRRr+br9cMnVd(fq!;a^v8HJ6MDKfLah?bqP(eQC?DNd9M(`Z+96C+@8^U}qv%BRe
z7H!qoLf+d+<#*piVv2L=x0^%l51Bu?Z`^|&Jl=VZ4VKQcy7w^v7ik#q^c*SLc;_<X
z281ZW+`R!!{6u3dy~{NM_@iU>={F&ozcae?)CWQfAk5dTF$Pa?ZlLx&R5&20AP+yl
zkj;y-*{~$757v8j{UwCMFLHs^2=~&b&}RJ<mj0s2r*VqoBl*QEvyJ{%Wf^aEDZw?X
zqJ!t|IXvil*A<cn0T7(s1#E2tiBz~7*E>6D=@<40vGozLtHAJ1sIWO1zSXhlCfAg~
z!Tcww*OPq!!oTqBAdp!r!?@P2zzGc0J4#2nxYSn>IWh56Z8?}lM8KjeYz#Z6Dy!BS
zouYfG?=e5>;pfn#%$EO+)0M4EBgs>D{iPmNpCr`5fFzGTT9;{9K9wQ+#J0z(F!dyR
zT#w7cf@)q&%rK@PRfV~>_n|5a-iMv~qj&|{8A(!zW_`_!&Urpuc8rv}RXG&UD1yO~
z*S9~o{&_B@mMj<y=MASN`AI!E-purHbpdaKK30ML24uq<R&UO#t1-FV%f_MoF=?bT
z>P=f`;}C@!L(T<~=)zVPy!FOyomO~&sKmt>HFu?|f;j5Q7R%{Ypr4Ub`iipYIVjT!
zbaiG~aDHFgdteXa9ZfJc7GMOzIR^7cwrC=Y89XK3!XIWd%dZ{?e^G%GAkK1nTv=Az
zGS0Rmg({sZ-k{?SjOMwLwf*9j%E*^hxk5E*?=HM2j?~Zd@Q<pSybxFpnd)GutB3Yc
zIV|)puuq(pP1us9ljX7Y{rY<8o4VTBbN?~Oe#S$p#u&<>vKdHN7f1)VcG|ZyjjZK7
zn`i*YMKa4AnOviVBxQ+ywKQBwCGr$$HMI8(gb~H`aAdkUryFs9*d$YCRXLBCDVz#|
zeEr>dyUm#Vd>~rlKzL)?rcUu3rZEbmc$}ujsD#I0%80dtX2yqdJ<wK()78ZDjKg>I
z(QVQQ*g!x-`^@P%ofF_{XCJwqdp~A#Rk&N7Mq|A8=+g#S-=n}2?c`;Z<k6AO^*5mU
z{g$kq7Q||#D|OEt6G23UnPZyN_;+7xN41$ReyWoX*l}~;9k<A`4pPW&9zyJ#M@NS?
zRwIsrl-NGVLEuF7i|uMx>QiSs!s|@l*Vh??c8$?7kMpADD?xy7Jf|l$zR!cfO&{K*
zp9=Ir{@D7gPdi?U6w;l|Ghu8oKGz!{*V0~3S(I0t8gFKTE-4VKAE7f+jE^z`m5fk@
zMQf4qLg0z<mzbn0WrtOw)1!Uq#z0x~t1^eXNrx+=N}lI&o%KSYg0J585Y2PFne^{*
zu;Tx^BF(S#;DnoP&h%5}|BJj&58w@jaG*Hh{HXYXAYIfexre@hYu>7#&+(9DOZEbH
ztbcBXY<fW?zoz{P71P~PE;5Ke;}Z?SBtOWx5h`abUbNfzGNf+Z>A<&($vXT?ZK%U`
z<S1tEal?$T%cQZ1X<j^h`bW$Rm%#7ak4Y%VwNW|<YwHP@hAQeH&1vO5AR{qOR8G^`
zb$tYQ3agG0xeI%Wj}%m4omaVSIrXUP?Q#QgEr^Wl26V22l!76Ozgd$WosHZbK}#ZF
z1_;CJzIrIFOiI_J)x&(8r`e>JUVT68m!d34Y6Nh2GOr$>wnuaNWJVfeUX&>`<XH~J
z!Q1VuQ}!ihn?IDaO)K~SuLDc&DA(NOF&Ej20kK%W>$KC0?WFIty8%UIGor$zqtMcJ
zc|rFq={2SFEt%&lT`Gj}odb#0DH}~vm$;JDIn!R6NSI>*2k+dF5sZ|x5rk&1v4u9_
zYmn;t;=BQd3cFrXxz`W7k752_Nw?ybzS~5+eDt`{a_AK(SXdG7FFx-7UQS^Es2k$d
zdsaz<OsjrhfbBY`BxJ9KOdAFNc&fV`#y7k(hy<;LlDnJrSr$AqTu>jy(4nR_R!QS!
z`>FSCK$K{w^{?oA3i<F`NN`yGL@F@=uf9$eWW@Bn=5es~NpwAW#!q6Y_+z3^p45VR
z%BF1wa}NcV_vz`%n0@E84p5pqVZc{!q<r^E%q<<v!eNvpngyXeBvzANFSbGpaf~?L
zm28<Oe}SpGMnTwu9N?>WP_MUpRzS_jhjBd_1jTUK<_44JtqD5Hx1bb{J_rHE_wRzG
zlrRbD&nc*U`1!cHpJ=w$l_QM%^EX5(>^m5udLVYwE>H{SmypIIrl(V`bi<)RHNX68
z8x0O^Y18c(`1==Px(Bx*64o?r&PZ{%)Ti~a_cEPPHi)(iFB#n&wogT4&&PygANOyJ
zG&)5YaI%DFkv+gSnBewe;;IA^R6Cv93C4QNq*{T3-$~7g>=bys$HHFkJ=5jVl}E3{
z9A-z~&rN>Gzh^lS$|P1kyr^=nyA{amSv{xlz^~<~XN3>R8x@4}5K)=K)@kbmCwA87
z^k!YjWbOVTzVL(iuA*IIGT-Jhzi@TEIkUt^+Wnt@jcelbx9!s%yubqbK9;3%)ir3G
z;Z8m2rC4<IB^Hjg$ZQRyk5L^dt&7gqC|qH+zA&*EUoY%kFB}c*>8$VQ2w`$qxtG|L
zyq6L3ZmpfOk4<d4(%WRMB~&)kT0!qFUq!F4IG4s`6YjFuAT_kcJhVO5Yv#bScmgBu
z7p9MV6W~48^R=SwAs`)BCC5lt+A?|-)f&O$oo?>W5fn*rApGmdnCp!#^Pt<5hd(Xs
zUWf$hsFz8v?|`#g%<l#?kj*;Di|CszGU!&I(Q$!0)wje-o*3`byCm)VY!el1{2Jwp
zHENH-&uEXeVnO{u8fYSvGW)=!tA;aZ{`D;+d0atLtL6P)fS`27_V?q8M;?O9?d@fc
z5#o=cO+?UHc}+a0Hg0hN;wC}fNF}7<K%^Z1x-C+2r2<}7!KvePU?}A5oExRl(6KV9
z?s!;}B={~R>7shu0f#!Y;b${#<xtL@4l%zWEbngMDiUT}gz~VyW48Nx`KWENEN~;x
z*Hr*r9pSwUxD4fpk=(6j^eEL5;M0$dmH$%54qL1G1LnN}RjXrWX<pobR&r2)frT_O
zr+7C&HNY<SpJkl~7+aieQey#)pSt9mGkpmtP7Igl%Z^*Sp58J2ZrS80y<)$>wd_oU
zf$_ApVRZunfjF3%RNa&uR!~pgr}liqtqE*++Q{n|q-+iUHQZ}4V^*AV!aaUda0|1F
zv(&5?1rBKx_BpRjgxNb_tw}|C^62?rP8x<;kL{&GYZ8<yy(ef#Q@@+L&R_Jgv7NZI
z-9~D9$!kA_O}~*89GFn;k+0}4^bV$0EV89oQk<(R{l4;&b>2P^#Ikc3F`E4wuzS}5
z9uhs^hGSXZ7}xT?0uu+L7H8ObL|J#5S$%BM%5q=(vq6Oso1%VhP>I5GgNv`O%Nj0L
zaCPk}G(G~HAm>|#nu1$Lor=<{`xcuy1lT5&<@dQ|SlnaGHel9l-A>u&{-pd_o#_N7
z@o~ZEQAvGyBBbRyCCH=$G}8gFIe-~MMr`2_GILa*X;Y5U$##}=o;`au&z15Ym*>Y{
z(#1Y#a1Q=?+#7oydr=cIVRbHh4Otue>1|1k#h=2Vz&RxT%$o7d6`R~@<NT_5aHcHA
zGRI~4*Ym^UntGSPF{yCR9h;2C>ra?5m%n(nRvQPMoc$%c{SfwGYXB2~?f7m$yw{&y
zw+{`rF&(ObdV5<o=2j?5_cB!3Go(&V{I4myY01TS7oNy2Hf>{Q&t3tj@Mr%06zb6L
z&vHJLfbVJf7*S=VR9stZqouFzJ1Vfo!guHTE^npgi8L2FX%Zx@1Jw@v+(}T+;20P4
zi>a8*;gnZTv>y2c0R`foP0QM84ZwW2j!Jh3C1MbjrqQlPY_+=F-T})6>>cJ-9sF4&
zQnLfdr9{OqTr5Mg1{{{Z6_>p<n5h%jxK2G2=2fXd9HUiXsk3uhQ>UL8eh0ovmK8Qx
zU94Vw@XWaqsX$XkRry6sigNVwr%T~kO{WclTEB5dsQge4@PhhjtIjrnDRyKOCmWY~
z{Cz|`YM1>BwDFz&Wz|BtUK|tn5D#u2Pg`KjGP8+Lsy84a=ec*4z&iVt9hxJA#Fgma
ziZ|`NEtB&+u_LGxb$pd0eL2>CeEhk}{h<}cju0t&ZrFs1`igp+$hu(a(6UlTA4ADC
zuG)9dn9pih;M1i#_qp|e^{!zu9^0?@g7;dbJ<bBDzn?jJoXTHv@WtSdR<S=}P4Ovl
z*~HZ)Y}A{r6PE!;<Q(6g0ro}R(a8<pf~apm)H2lo-kF_)<$%c(9Oyeu2B?AtDb(!_
z0W@5b_V3qgq>NN-*d9k(=LY0;gH<qiNZ{<&|COBU2E}6t{->_bMoMGSeu4kleVG(n
zc_MjL9;nfa=1qFB&d^Oua;p!0u9V07u7z;H=%}SzmqKsdo~<R{W+Z3>F07XgC%l50
z&W^4*e|)wi91?DU?0vlf9mKQWfQI$QFgKto)J&iwFx-KJ`pDKp{bZv66?Zr**^IPy
z=^~XbEtTTocD12J9r*d}LLpVYidW&=wA1?vV0)&BHdqJutZ??i#*=4}EAz+>VlN>z
zw3p9oA@vva-UKbxUIm#IPfgpY_S1GpmxTG%PEwDK|A{&LrC1}=hCALzIk+Mo`_QLe
zhy!&D!IcB^Ds+Itpi>;UkXvB{l7=Q7eWQQ9e8uve{e9R6C+hdu>&OMBAa-E99R<o+
zIY!sgy?EOSzx(8P78)nrw&p|~^No-0vg5DroY+PS9v6QX^EJ<O*=mVzMURkLuVJAw
z!4Y+ny1BChL6f$*btHF3v8@nWaKvW78#CX-M@e$8rGUmLC$1899(Bm_9nbcN(R1cp
zG!X)b3O{i8x+kvZTVTB-?MqKjbiB+wl-k_f{9*ss>y-Igv9~PvAP}Kc*GP>d`P&tW
z>3VsCo|9d(?!{dU84U4gANq*(%?s*VNt%hcHs?`86vh#M)E_?l>Djva%OK}GaGVRt
zICp?{fCFV3#=T|mpQqnnH_+AWT5<syOM`oN)ASQL1){idDGGIi2}ciJwn6G3p<gD2
zCH&=-;1AOtPi;)qFGe=K<Ehqg)jwX)_{3qoq9WwJ|C%(#;z3XiuPnL!NIdacVpP4e
zxh|4*ELw8e+Prr57xGqrAs|HHbk!`x)^jmLqX{s5F>f-|NEW-pzb)M4;i~iymKUNI
zzQO`sPmETekvuHCPJ%yZh;}KWQa}G_sb#vAGvu79WYqkD=h@n=(S0go@%ElitLZaH
zNT>va-cM@#+rsxIXN6zO!b5%h3HF1u_XZOb_M>+z%Vq9|X-Z}FW@U|P4Xp7-eVGvs
zQY{DkihDDDHM^F^8|mm{%wI_Mh~#*`U=gYAVbP{i4U`q=j}Gc-j<bas%l@qNtxj95
z+YUV=C*J9x%F&;VC`w!VfhNU|lT$XZ;cFx?Qm`V~*iWMPc{_PtnFzG)+w|A-4p99_
zwJ_i1B)>nGtU}d)As$Zk_#4PFR3P`Izbs&A%=?y*mWx^+#D$aWb_?WXeP_dFy`+Ks
zkL}mhrDbKHoiezzXFimGt=FhIpq*DC9(F8)aJuk4oc}rJKK*xMW)m!R^b7(av6>_~
z(~5=V5yW;s?4BcRA)=ub>-t28<<)(zoJ#_>eFexK;y-y>eRs7cX-)C?2tC2J$jmiN
zp)>1Y7Sg<H&gl57{jVs?1~0b&iY^3J{s<LOd;=v^bbsZ^CV2ft0lYJU{X8t-f2Iv#
z^XorgzLM?f0Jp{N!qvMLPFn71YlvSIr<al`3jNf_X-9;8!(x`?a^$Z0P8pxgQd<MP
zearTItMfD}C7GL7;OqGYgS~9ZNhO<V(d1g711OG{5ZPeoubs}roEy-g+FN-eERstv
zg_GPzGf{7#R?GSRe)V_G@i5JTnRLluM(iY_&PYApo)$X{t~!P`ZDt1$xJt^YEk>6e
zQbS9XT%jdO51yWY7X%+oVEf~!%g5(TswwqV8=d&y#z<Q@88(qpnJm#7VDF?)CSC%)
zY`2T|`9*6xHX*j;Th{J7tB5$19VTK~{04->c>}s*ZJdveJ5+{#QTBm;Rh9zu9KQTM
zr}Cd=(#fh%@BjV$(Syr(hD=Yw+Fqu8FC-dx7T1uc^bg4ijv{IDgJ1D^8Ipd>TD8^R
zp9h4>#_I5tca{AflWE6F5GB<3*Gt%^y$}#zXWxejeuNiBIt4P91YMxuUsaOpjuVq<
z?QA3SRXNr<D{gwk4*+t*U;GA^;DL1JHukq0A0!zPC0Uws{#>B)A-3j!01C_ia_;($
z;0-8@q2w6K^=KKY@W>LNya6fPfN0qIVaFKmOluG-(aKe@w^pghp&;aZWztjVB=NBB
z0Egy+xG8DLz{G6kwCr%8*4K4=ylLGI0=G|8k7THTYp}=LBuElP=i@vh0TI5i%Fq({
zex%9$N+BH!@%|ld9go&?dg7JWk3=zGl*=!FO}kWQ9zq{Ng@TVia)|)wm?{)Hs;bRO
z+Rof_Ngm}qk`r~RO?sa|_PvqMk2}<R;h-l35m+`(=)b{||44L>Siv@gl3d^hl!@h^
zT7Vl+GZW~{>@Rp38l)Z$W%uAG^EXB>OJ7gjfUduf6P7~1MKeM>)!qQOf|+Gb57>5(
z;d~tLZ8uZ8OB40=a5HpTISN*yw<;9`QFmCbb1Y>d$;68mMgqil(w|1{nF~o8Pp-6t
zypDapsyAL9B8<ZJ1f`SSe+a)$SpsTZrI+PbRc#^NRw_{VQMmN2mPFHrF@LYXFP(9B
z#lSK7yA3ktM@sv=*AfEGzdIxlInf1T_8oVtTeCt=Z_E4{!kpUu0!Nn@YZXFbOkxZ^
z`l`*mR)lhRNc;~8T=*}8(pXnZHKnCgGfiK^IdqUpZY7NcBa-}r+`N||Hy~Un+6m&S
z{U>cD8mgeh3Kh`0_s>Bumnd{y&~R|aIx0iCufpUZn*u_R0>-CH80%H5XZ03Wuezwr
zAW$=S{eb;48(Zz)21j-NmMsR>^nrL$=$h6u=(v`)DR0A!SL^n@c}F7{8G%;c{buyL
z(s&I$jr#s##y3NTwtv&Sf0F|^R>zng-S;|Qt-72UACOAKhC%clzBa#!ga*=dt_vby
z*CZLn7y@;Sq}5<>`XA^o?L{cnV`JduLDqF-K4Yd{d+0AQH#0`s{*c`1rl!O2Df3i*
zqQ8ZF|D{J?mowd1{C!k7F30sjewfg93%zT`Y{V%`sU|n?ro_o%9FN6RcMFvyM+{t6
z=Tri`pca!4O6tv>uEN{riZadGRGRIk8ML0Z+dL+MA6?Kom1qMgW-_9jUIztU60$Z^
zvC7!BaI^CY90F>I&g5lQcAjko{p_KYkLLXl+$YJ)nm*<9vj0;#s;>KyW`Xrcxd|V0
z{fM&1Aw4F2bl&!jm$6VA&hc4EmW;QrQSjVu%tuc7Q@awsz+M@<nA4_)U;!ih&mUhU
zX=&2Lx=plX8-AolsGl%McIi_Ui<q+1g@x5gl-`DR;oc*cE5o>CVzBH!X44*T#vVHQ
zhTewY$6Xa>ZNXcQ^oIv>@k$C7wDzUs5`Jx=U+z@wx%*cST`daotNpI{0&)BJ`xPgC
z%@6z(e4MdF%-PjK%c|{!NDc(`${))n{V9a0UVF1%f5JM}xWXdlS`=k?#ph$~Rt~Mw
zm4;^PN^vCwQ>(Tp(T*nB-WM!*_X?(lGZ7~EJR$Eb`#C$?bl?M#XrUOWqMinJNCI~S
z<H<FepKwj(k`#MrL{m<*-mhK%coj<e_^Uzk>|OWA`*L`2;;Uv+IoYz&IeN2zg7Kve
zX+4*%(8B>_iGINav!1?F)oml476V@=yJg4>khB<Cy5*<s{f9N)C+nX9mViD!NS!yL
zP1e2C+`OW1-tXXm!$Z04xJl;`i8_bUbCZPF+ZFax=XG0w^tvp^HCr|+^-WFA+GhO~
zC4-Q_K%dxS>Dq*(;x9Zj0d`!MEVD)l(R=MFsnKayV2vA4u3^qK${JA!rF{AT+W90F
zJ0yUV&2iz}CZ?iLwWQKsa%iA^?0fR(Ya|-kU%!Rz`xlRR4+%dx@^)}cG(<?p<n(1T
z!)7XlXIBoaw4J^`+p=kj8PuS;&^HzcETP?=E#5DJH$K=^Nj8$+yZc{s-W^b3g>{yo
zdglxsCr4dl>KZ#nINBVXAdtuA0PtO~7>jEl^@tcY5sfLHEb;s;^$EM0=0`eQWxwR&
zF;n8=U=OEhtS!hEBgJ3le)tzncpJmyNNk7XG)JI`;Ian-i_boiH`NJMQHFH-Pd%6O
ziZ=2~U-|g@QZ}S>u0(QXt#I3B*6Ho$fBD)!JP$gKd-p$?VqK8_H$136E+0AGe@o_c
z&`^&1SOV~`f3OR=9p-fuZACVNCNH<LT6DNvE}OTK{~ViKPu`mpY5N?na#POEiRJlP
zWLDMy{or8&`Nl;TF%Y}L+~mvy543b)#ljJf>P?C%l;j)c-~ON};CIfefO`u(D`Vf+
zki6|to2Ou8-iX3k|JCViXN`1?mAtmB^4bIPzwXkD-A0#D3!0lH@-R%iG|GN0`%Ghm
zLuhktV)T+w_V?4;>kPCw%aCt{-(uh8^)z_?>4L?sug{odLr2b66#yS+^49&5j1{pX
z=}-I?@7Q@IJgd(W^E%fdVQdTt*ElX@2eia-q<ocoVfR8@hndxSG+irlk21a=?_(6>
z>oF0jSBwU+x;kaIM;dH8O1S<R%b<bmd_Yf-IhI5f!IIW5;#@b+rXo-|dF|vemn?nW
z%>NZr{e9A|Abx?`nVPlM^nPD9dSpmX%@R`9V-AHEb?Y*CMG0mp;!-toNRrz2;~LzW
zp5XIw>G4~QojW7EJ5nG~E@(}7<~6NE<HTvaRN$$Jgtmc@N9lsUdp>Ze9!f5vnPIF%
zRa$Kk>LDDK!eplRZJD6Qq8e#bg4KEKWt^qfu+?5>=LvUax*>lq&8rfZiw!V!Cs{r2
zvUwys3fB~F{(44ckb#KWM{Zd<(qrx+6=0HW9U`-Bnyz0|eW@LWB>R?o%$IBiPkhVu
z^Zi5YK5{WP()}rYCMy$~==msQ#ELXwa7wKK$s1E~>R#-S@w%)?)e{7p{Zg%(fajgA
z9myA)@WMVk7PndeRQx?Gg$-u(1X}sr3>Y--pq{8aG{Z0y*0g!1Hr0O0^@SYlvqR8C
zOojTI=3e@lW|Y7yztY7xQM!Ub8B*mg?gyvCI`rG<ofD-aaPtkQCjx$<R5zeKu;9fn
zkNyNbU9rDjO%Kd|ac<2#(z7Qc*>Z7j=U8L)or5Ac>C5Sy`o#_C8*xu{RCk?~8Sve+
zH=yu1yLy1VA#NvHxrS}HKheQ8f*XZ-G2)z5QM}U<lHwvPF~leQ!s?M*Kc(m1yVaGv
zA3v6p7X#|Fzd?@m4<Y-vZa^^H+FsyR04CfB10FsLSbGSq!M*n%YaZRdJ?bIHhAY))
zyLG}iHP;R-tq+#bqXe+5eh9Ww!P5Fzqk6ns-kLDfT(N%bsz0kbKi$Sr_8ap0b05Vt
zcRkR6?b1_guCx8!q9)FzOJj9RbWG;{o!mD^7^4%RSnLm53On5qy8#{Pp&=!e%&4&`
zyfgW`(4p4?z~6Svzk30bamjQKw##4Mt?Q1M9Gu8AEru+shz~G8j${%89+L%PsP(8k
zZ$NZ$eVxdS^G?*CNnjSML4f^rw-wmOX^d4|@mrqLq7&jY+ncAo76bQ2?jC7p`1Q1B
zEk2r3)I&UsSh=r$CDOB!KIHZ7pZ=qVJ(2(fL9Y;r@6yc1&nmzJ($bJcdTQ4R^zBN=
z^D7e(!W>%%A@im!-$RyHB(cBx&`uK!a0Tw)UI1cpm8|o(1q!QPh|KA;MpsrEKtEXU
z^WtHc%-83xiF2^b@YG*_O_>G(J=#GsH=sOEcol{TpaqUw-a?fu_<#|l^Z_U0*p<w&
zx;QF?pCGy4`xb@<mG_LAad$uuMDF1xu+yp&kU}0q+Xj)b_$}i+?8L75X5E`gZKCNG
z4s*&|TZP=W>h4zWVRkl4;|1*h3faU8SPfcon)?mtx#)EhZ8j%LaPE``hQQdB&Eb6i
z7wrz6C;bm~FFh1Thy|d8yT)3PqkLU+P5hEAEsrF>TJKA>7)1n^j)_H37AjbNzTb3*
z)k6a><K%Z=lc0}!CQ-96X(EB&Dt5CAg%=l+H{4qfW>P=7SSN8`iOb;87FVoEp<yyV
z?Ymp7hVOO-7M#?iK3k^8Z&Z;~c0wX%&;2E3O%E!HBL(?4Ddhm<4=(epC#5AOpAUKM
z*>RO@@#`A8N9UwVh>9zmn0%w^ovs0srYrf#PtL+y(~FGgCL86$#b<O6p6G(O&S@q)
z-lm*BbR`ISjsOx}U)CZH(&E%}2p3*9O$V`-?aWrO;ow_XnyXWOXMfkqTP=ar^%m2?
zq|t`(cH%BG77W0N<X%dhr8^>dJhAvgE|IIY{Ha>fqYAEsV~yyqv8JEif}om$zhg9E
zuN*@e2pGE<H(!1rPWo5-#?p7uJBIJDN;U`Y8*RWs?U{6yX^2G~kt@xoRuAd8R5)FX
z^=bHB0t`J`e+E^e3#|#z<_PJ8v$#%jd*6TpCZHjuWqG7{_mcG->b)sWOI0rYq4$Vw
zJ%0C2*jrtVyuJ#hz6#UH6~|d4`bIi>9za$<WgT{Wu$km5<jk?MTWG`lwA$h;@15H(
zag1oA&z1oV#OP=5V4pK#VLE%^;qrpS`wm8Yb0F#y&AXx-%EtIrHUAFlQ_@ubyT|^^
zVXMBbE;yJ4kCp(UDNc68OL{z$i=3)L10X6loHde3yjX<qfN123?DQM2EMkM17cDc+
z@xQXz%5oi<tQXhsFtpdSg>pQ&)0LQNzO`K}@e%q{OEb%*v&w;ue!?|KwQ8j>JF8fE
zj^3b&OP%R`Dm$*<In82Yx%1EQB0|m$;B{;^87lCrLx6g8!R)Kf*_X}PgL7KrqGzTB
z2}`{^9;t4FgQa%SRNu%yzbyPA+`FLC#(^~WrXZKPKz_&Xo$FR>ea58(-HBQ^U$K}L
ziwqufL2kYp%1vqTJrfP|C$*kUc_{-H9tE2k0uNRh(I&thzm~BsCcU028dQ~G%M|y_
zaDceO@9IT$f!@CO<!MIQEVq)T>4&BZy)ft7au6hJJ+(a-1z4r^wfMwiTOn~xvMk$j
zOI15x;a-pQ!ncq1i8YeTI0X*>MByVe3ex#`-dF{xp#qDYU<&lpa=z<(maj)=s$3+1
zodyl6U1o2c1Myz-fPU&<LTaGx2gSoxP6>N9#EPg3M3@z#I4bC+0(Kj*ZY@&xv!uL?
zy!ta3>=T^$6OIwk&bU+y((N}Q{NTXfSGHs^I42>}A>@ar(a_d`)Qj~>BwIAyt+mI5
zRFs-64oD7ywDSE6UPZ1mJ0S-X?t9+nZnE^2nf6Me(^$GMMp9nP9yT8K?EdOoV6$)u
z_(^;Na=B#}jk$AneY*k;`LuiX%>&v+dhdT|K<k2E$`e69dGQ0sRexGsudrR>RT5TK
zhmBWqWoz{4Y1b=0rUA_4KTZkkHdX}}u9&JR2FCf{)ekn+0FQnt@Lz+se0kmcWnzno
zwR>rYE*WGPu9eKOo;2<JinE4<h;!OFMcHB+J|-aYyWQ*~R-?Z`PUsgnkU@$i#|&+`
zf2H{tA8<<zc?t>2gyo3n34d&Jp2&asv`gSysH()m45?JsL_G)(<gTFvMUv9IxiyBv
z(TprA_NKpQ>VP!YSPrk;I=@!_$~&Jn`(Cs?8fr;pEp>Dqkg;yKD?QJah*bssv)*D+
z?>n_e^V1b69eXV+&+e`zu0<;hc<$$2Q2*qYoC?Qqw-!08Y`{EI@F_p|Rpz_fL-TMM
z0g4X<n(((WdSR4xDBbO6co$4XCBD8ctE=H1z3%&6(s)Z0PMHihAb*!1*c>G5qaJ8c
z^lxf9TfeW=>%q@)lHZ7kK@Ktvr%-bxPf$r)O!o-YYuGoL?W=*cyX}lFqXW$zA4317
z02D$IVzeyB8Y9MNF!<z%awNFRsxwcrGwMX%s)<Yy>W(Y+9}07N1H1$z;oDcOooU91
z!-9<9nXXk&k_krV?Kd_d<4WplwjbBd1oR~PjER;$@5oBGEJKcgnFO;Y7rPNcI}{@r
z5#e`&2{|Q4$75&{XOQw6sPyYPXJ>I7sH}@5P_ib<WRWAVXE9m+#kHNgp>>E4ynn=@
zbitlzqdwzKHSt6A(IQ&ug`@m}x^u2QlW*kd)|A)xCHB`zD{7)#wfBZ(Yj%6Fz~eWN
zu{YDbJT?v1`knrd{x9uk3nTuq511r_q4I8EV05xcfqp_lUdqS!6iT~92g*J(1Or+b
zRzU)D_01$9WOD~V-3@3fCAEYmnc4k%`jff4(odNh@X7$~BFi&dv}%<%MqR5ir@uiE
z=*B~eVgNbu8xRz{Zg>_epR;BRO>+$dJ`MZPiAHxwW9hi4ABjDwIX{`sRw5S*ve3W6
zTwa0szR9+DzW2`GqiKbFvs%b`jb&dDZ_(N}pqw!hEQ30LdiwW=L7er5A?rAQDLWzA
zj5nYki3sd9fsk+V4G?U76;24ZMq~W!Za_Sc?!@w^`#0DvtJCNn3_t;n0Z#s`=b+QE
zsH8%TdL0^X(cpv}r5M7EEuyv~fnysq-(?@$7=rx&;}ZXQ1)fHf0i4weP@;b?r()mY
ztNEtBsUW_R@WSe~bC<lb0Q7p_T@#)UUattc0e#nPvBsSnK3xp-6J}4CU7(3&c%sf?
z-}LN>7zi&Hw<*(k`E$jpzSh4aw%8&D_kLN4`jf#PtQV<*{G!f-RtVanx-MH&Vm#@R
zun*DWa4Gov1pth_vJm9os%d&fo%mG8$O4Jg6j~;1iP|@(4gXiogj-oy^3#DXKDfk^
zi=v3&*RJO8Qkgoow`7_-y7xSMR5aTuXVGGam16sas5r?*yN0%zSw80jE|7dffqAUp
z#)G5`_1CPmWiw7`)K9g>6NXO2DkKgVPGuLiaK!!x7={sAh${u<<DkXv%4Y%Y1T-cV
z?ln^F1dQg~Iw<HNr}@sPm$#kA8okMu^7M1=pD+6Zj1OA#-*uq$N*%U+!_ZHLh<0qs
zI4yG7V#MwmvK_vvY=T2ETp><+J+9w>{}lk1Y{tHzA637ESrO6a1^g&-eDa;Vi8?)T
zJ#n<&kZ;Jrd<IAvGAO#d0a*hvPb=kA7<)T#kODbMj)|9LNydke`q&HL6M2l>3ooB}
zw9K4I_KAG?9fiVQgva=k9!0PWH1ORxbVXyl0ioWTWy}VgOTDAq9X$$u06rAyCBzV{
z>duh0GaUG$sCK8!olvaCkr)O)K&egV<*|8|ouSgP)oQgTeN_t6TgIedL!~pG=G~We
zPdzH=U)jh^X4FowMtFY0<`wb(49}ANwW%2DFHQq(SEInb*7^TGjhD?3vVWFOYG*Pl
z0YtA-Na!7mC|m09&OM%!%LM8*<M&Id4@M_e{{FcQC_DZ;f%`#}`FjetQCFU8*bVk*
z<EkBF1#+gGq)JDK<8kG!qqKIiiNv&6(0L2A%ZuT^GZs<MHC!^1e+NIHFT9vJ{<nz|
z8=6H82HKEDDNdf;p8@;UZ0g2m4etslbJSiOhwbYImksy6Mp?)$%QkDezFKa#`tiqV
z`>|MqfQWP2Cqgt2UFRv`OeX>>kFT=00WCHGn`z58ApA~frY{1T<6A42J=PbXGc)Yt
z5&UJ+KjCNcF5P>LVA{k%z3PYO6^K9m^puiXhxY?{GCK3;I|Y|w)3xe1Mp}-g1g9T{
zLTkME08VqHZhWpLZTneoyr)cR?7|9NhTYRH=jhwSIq(N~vu(p6?%_kPN@k&+sipUH
z^_|+2T~=I%hIf0`_Fh)*RL~pkcU;U3d5UA`Xrrz{-eYLI8_<5)=ncpeOB9dAcA^N;
z)MZyZuoLwoY_JC-s>^}jIF-N}Hc7(2-T?nLjRNzd3_Wpm16m_Q3kiZRK~6a+0tl)U
zGV2IA!FFZXb_pL+>v#i_z;=`<>^tH+1DLl=+Zdcgj6mX9Mk4yJR_=ch_uWxVb?M%q
zsGw4%2nZ-eq$^bciHdXqk=~`32nf;%97PeO3ZV%CBE3d>C(@gUbm=7Yo=`%7Bz{NV
znYnXk-n+gv_ug;5KU}&@)-Gq~?EO5y^6ck8Gwnt)vX2W%A_H1lN<pOWGzb7ZxA{pH
zmPxeF1nClxW0>Q@C>~!$>;iu}sy`jnB^F%cHbE>JuLVJ|j3U8?QS_wlUBavWiJ<YN
z&2gl+^s^5(m5}{}P!VFJww5+tngI4ux!K3nunnNBj6m@9B)E!SZh$h&M}K)f!0!k2
z|6}HVOdR-!_4w17|36#~;2+lG_oz;yr9)Wy@+O=U=nm4*-EC@HUu!9EPm=i$kSgXf
zihaL*2<V}W_pkI!Oexzv6KBoU?4;0LNRmc&t)dfdWvXSw*hVRxkIKFBVu4OY$5M%^
zBTH{?D=k0st5f^<mO|cdfcXz`Jk@`w<NvC+n4@MlvcVVZERCt}Y%DoC)F;d7#rt<~
zJh$gW`Ot5N?MlGzWAKI>)7e*J155UU@-1c@v>1}}b!Wz%9VR9w$4xt-(6jA~ip~X5
zWQe3!Jd}Cu#yo>A)!rI<@KS146Ga~<mp~W3>?tAPM<t^M97;;+?u9H=g*i97+o#z$
zFErNH4?Zx2v*wnknHt8|b(elF3hdeBpOxCH6}{^FK@eB66YlQTm=--!X!&*5J#Iv{
zX{%q?zR@NQK5&B9<pld=R#|x(?xDJA+u&!;Fe*q-8N%3VRlTAr%x%k1^aF=lo@gDX
z9|~^=Wg0;wspUC`RU3ND$8L~QLdNfg=&YQ9jkPSsEvyvjyEu<j<Pat%2Zg4?HtMI2
zk_)Z}ed9XsX*uRozbm;uC;^_DtiWaZ;G0<|d^rsU_xn^@Z(K5}pvp5*K232dH9^l(
zNu=`mhIzepZs-EWccRu42(^18bm%&fY++atyE0X0w9uDd5SQ`x*l;n(+XP}h*3Hov
z_yYAiOg|G3^bG;OsIMu|f?WLDpGSsV$^^#mj6!hnzyFKuVR?W**9nDGG~|$_Qu}BJ
z<dE-3H75f#Ao@gsyy_N0lD}=Z<bDJp1PcS}6JkUP!`{chv=i_e5~~o4=pbr%joyKy
zsM&5Qp=J-cvO&!pgfz;OVEmJer}`(E1roP=zLVGugzw4K9rG;zj>`Z3B>02Vz5^#9
zd4MyaFz^hzF$YAGE@J!J<tA^-w3PbVA9bpa>~k};YK>T+nd8)i2=6q6&t`B`Ehq_|
z?sd7XH!m>gp4&+B7KiI3d;FM}ESzR(CrMy55iKk7cTosRXCIQt2*Y5nPR-{k?D@})
znZ@5JdwN~?TD#V(9lb>TqU>oiwdfOX11Up`$a!mnVvo)IMNWD=92>jd!cvzIKi}<u
zrNo%GFGp+&6BP5HCa=?B4wVf3IDsdF9NbG3(7uG2(wQ?ov3{oCc5^k=`<wzL)x6dN
zb%%7N1WXQA5&PfEi+l@))Ugh2=eA!0^!pq>EoHecT%^qXkJ}SnI7*U-)~TNY7mUuy
zWAEAhh?d>D{yyj7z$@a9k5kqK%KbBgy@9e$;DWH1!w{Mfi(FF-N?so;(V;+t`Bsiq
zF^9KQ8;~UG%iL)2<+@(=6~Te5BJq{d8h+ap5@u$HK4ctSC){F8G{=V*b6M3?EPXs1
zj-YP$GW{e|hAh7?!sHOM=Gs7p@2o!7y9j2Ajy?&ySeL9a%C8ty=9~Hn8ROCxEM60P
z3hrzbH2jmyXH(oS@mjWT_NQm7#AygZ><a%_apqy1yg62V?br;<GEQ&`s;XPejq*&@
z)*L3-xCeR^bEM9j-gVFMQ*+Axd_4$7_dYAaE<APVgMhJ!^y2DL-4;MNqUzZWA_9dR
zGokYVkz(_>m)T~%yL!V5wT**MiYtV;=%-E0S4X$A+E{G|vfdUWo}5ceMZ7DDDR-HE
z(^d3AOsU>ybSCgXyQ_jo1W$d%A<|{v&=!jm#7~mjYy_iWVNV1#@|CIfcdtO51UYsN
zmCYvyr4{`<io)NCaKIIvJxaxRAy|mbJziZ@a^Gjf&y%PD*GXOQTU-tgy3{bkYFcb*
zi8sZBKGME0J8ogJb|5Qk5|t;Gab3M!c@3)~-W}k6s!5;kjNHXjCgaNfn*yuL*+>*T
zkg{&*)9{k(zFU|{f3Uped_S}AZik8Cn+6UHyfx@@MS0b52_Vd^so#;!Tg@U}TGp|B
zx$2GD`8N+?UrO!>dFNzbY!|vEwKJ421J|rByMI)XCW?^^y3&L<^(yK|pG#-MZ$X9B
zq|T*O);5GH*2j*>=bOhPVWsb$KYmxcay?Oaqrk<H<mg|xa{$DwAj_BE5N_qeoUm78
zFkmQwc+=p3GWTs@{WP;ZT-h6`b<K-a6k*_jkdW?XwF!qQo{(n0mm_^1+M%BOEKF-V
zyW)F+%Pl#%LN3)Y)|!VW8^C0Zb0U%W3WPnzp%bX>1ON2-#1(fiY<SCc-&1P)(iM1y
z3NOGq!vi{>0`$PO5%@{AchZbC_c+oGqp@R;x14Vs33A{9PqZ%XPEzA1@Vr-oRh=P@
zCgN=lc~%7pZo}2)w&2D_zGQ;fWWfw6V@>hgN3$JZWT%09t>Gw7j?i9Kp?J$UbRRoj
zrg^rZ^rWDK%5mG3&plcN5mSEg#cKfaYxigvtZsGy97Xjff;HX+%|(sRY@bjGyON@c
zG2hC_g^r0(l!mj1)2C$Fd7bwr|B!d(_1Rd;e9xTZaFfO+JHZ&I?%OOYkJBe~QNl0P
zWbF>#dc7=O@lN9{XA^t5ANe3vcBM;X`JKr`m(`5*yHju|EcCK|0M&X>)Fgn|<)2j4
z@ZacH8Iq!ua*-a=uZ&u}(iklFW^`#n!ztcek(~EYK{xy3ov4By4@wGpV<`ul`&%W(
zUEd`7PJ(>n$)p;5${bYtO;tKoiTqs#-?HNeF4ojH+pjKH7+$m8l|FpDW!RE%{@yLJ
z5No0F?#{Fc`hF%+jkRZnTonM&BB$xGe6L~DE8M$$1o^o{YzZ@(%lV$^Cs`8r4*Nr>
zyCeHoJIno=?vqkMEiRVJb;#*jg$b(3Js_>q1=Y{w$SG3YSclmMs{x{i_SuUC7aMY;
z?M5n!83#~b_@RZ=t%C0FRF}%*%zPvx;;N+b&w~U6WrG}e80;Z&XTThOqNS`Cvf%xb
zY<-M0V+E$`wPM(yP#;TM80L5FvOg86{K|sZ08U-37&<4>W*$jR5c*zmxZh7VJ!3lS
ze0}md{mPNM=&6z6&{s2GigbvFM$!Y7yk6MdntZEyAE+Aa;QM-WRe_vn#K!t^|DC^(
zBiBy$Rzy#nX+8Q@Na5W?gEhei?Ha>dacTTeBbpR<7+n6e)VUkA`Vt)jR2HWqfU4{G
z%c;|+6V`Bzb)bP3ZC`NJ3ky@h`+<gB$M5*v)-q>K&X6ssaHWyU5>5lxdexr3sJ{2n
zL*w}=hmB?1jr|`bc9pH#_!!KtLHMH-b?kDe8_&Q;XtCPnzACTjO{Oe^1nVML1vN#F
z@n`a|yB`W4doC4w?$g*Fy+>kdfTl|(t1L}d#t4?5R!sEM@+MS~!~4*i#mgTA%QoJr
z8!nwcTgU|S&^vE;%vx<*Lb6_t+8AxX9=z}*`e<Q54|${~yNiQSgl4YOkn_Xrkp+iL
zMS7PV8d^chto*)Q-U`Jf!^*z3;Na(%k)`D$!mgfu_on$P>)+0$@v|E908jPfj_Fi$
zQd7TI-}*^*1}1}ve!kRDhuKWso~WdFEfiiz)LMU7<NIlLQE6$ao2N+C_Fa)xus}=~
zS!thERxa`|=$?+wkJYuaXUTRC@W?Z*=GuCe9KNQypD`&jVDwr4RJ6z?{iOd)K@e`>
zZU>*8<I^A~I!s^_SM|uU8?gMh4aI*ZJ#Y1>F@h~8KF}?|!Hcc$RC_}q@1xA~uMHk4
zo{*(;w^(g4`YToRTRd=*`?y_JDz49wKcFxk^|3NC#|yIQf`ZK5H%xic_qoRD<}C~J
zPbDPp0oaD8Zp%nsNqk~jI=DA-r{EKf6H_2G0L7V%h6bbl#f$L6v2=M{CW(oQa8@ly
zUFBZ0%BJ>~<+8Oz5k9+?Ir&k5UzyB$g#l#pW;Kqx$%XU=kw3TvYUY$1(T<0KT$)Kf
z<NhlEnGMfAlZIToSXi7Tv0;of(L9&mm_^#g^X8-RsCoT??Ts(%+#USU>q*^@Z}$LU
ztGVeq;13TI2iyFL+%ZKq@(4V3z_9_LOHalvf2=(`SFEtbo)k@ve%h+=!3T%1h~iGT
zdTGx#t3LNx!qa$}UMYK{;y3@HS~w}!2G;CyPTyaIke)+dO8z8sFD6k1J(xX5@byQ0
zo!<ivDZspItitk$5|IFW0fl9QKgrGmyn%d{kw*#ZMbCes+e1c!QpSLjCFOdlQ=(gr
zsV{q*H{7B~_;Hw@+n#;YRXDr;xOIHIS~q<yS;);1sg2}aOSrhxu^u6PDf$EktnI<+
zbQF%i0%I@g%z)`(Eh-^zt_BD&vr`tq)Bw*NE!9H<Qj6+kKv`b)6Vn>iN*sDjYCp{2
zF#Av<?RqS%YM>f`1Ic0pD!ew9J7AW|FO45N*4k`^@oAB@`<ftY9(FhuqnXF*l1=(v
z{z16(%sm}%@x#ogx6GId6wNOjq_2)g#osb_9;-uItTYz-iWzV*Y;#(k!oNO1OTg|7
zx>X>VQ^j=w*EF`sP3oS&M!LJ_l}E&`1ZZ|yI0*B|wGQf<r5soJ`yKi3vxhHD&eV<d
zj_qB+$h<N|DTTILa?TKLW9edV8@6ep1&Tc73ODbw_I;^zdK|)u$~?<-fl{9dzLnp1
zA+f?EEU-8)gUdcs$fvf&0>&{WZ;GjJV?(}CU|LTHCXaktG?mRy&&+GaO&hHPuEP#5
z9+SEIziN4yyG;fphAu1VD?9P$N;f43QOLSJbSZYhujA7W=lVk}crn_M1fLATwdz3v
zU)F;Ok?Hz1wo3;IG7N!fo^_6~a^bLV?U%*X8l#lWH55?&0{I=H{*C@1^`A=rG9oME
z)AwBfLFX$me`=<-AZYM+v4sXV=4=Pl5Go~S%zj`4EVjV-tJp&F-xXUhbS+Jlj29Ex
z&YnT0CM;=5)E6#SR#weoyk#v<5l#;`IK!Z4q8e=Gp|mtJgge8PVt8c=Y41@MO!h=C
zV<e9Wu^1f_W3*Xw_RC{;AVx>Fhj~#QH+$qwI2Xw;v?~MMBs%+ZebMAG7}$d_w-&A@
zdW$`qM=+STR9~-9HsTw$_g#GW#Z~1ItI^ZD6bwRwebU9_LCSG(wb^<?zh+V7J&+^_
zZ$<7vKq&e#Kr9jxE+?tDks5)`CD!QU*q>x9D?VO0mHuD(6y3vrNT}ep{tC2yhT!{a
zvR~Cm+amVLU=-dG#sjFK`a|kyTaf2Xo$6frW^xOh{o4$WW~zglw=2V!C~mj6J}19P
zuFpsj$)v-iqp$Kd?I&4%D?wvl?mDC`C}O>^MXu$q?1h3=8Qu*m+u7kQ({vFJ&GVIM
z6G8hTK)Ulj_PjgZP=BcJM?h|%NQsGZP1>yQ(zv-j0QX6|BRpM_b;(7*-1Pov{@&;$
z|8lh=jWPeH>IE>B+t|c9Q?t39bN07<>*j#jdW)_RMwEEnX1Fc)uy*)ynk4f&#kqhh
zsW}W?q6?8a-#G^3sZHdS<aULe#{yRIP7CU}LZ)M-GlU0tCUl>{&=*;;;5{Kn$@<N+
zVkhu}z%+jtZ}oRDp2>b(%W0)wU0bF9AboG=hhSF3>R6bEhyTp_*wNU6*~h)=Ol}A@
z=?Y#OEz;ShkGJCwFS?+QeQ?9^oyCu=V&+eh^QYDVKk0=#nhK!2>=`I(`1B%sIxAkG
zy8B!z$FlbbN<Bl3h}y0xQa`|Wy3{XI4b}Jvm{h~c;Z2^op!&2`LzM?EXjN6b-JH;<
z_ZcRuPMA=8Ed3>PmrOxTbXn<52qIAbpmBP8eA1$tpoa56P7{3;+7LHa|F%o|yoAh8
zf`HTKIFQj32{5}&+SVm_5NU(~EYC_5+wq)N=PQJ(yb|U@+YS6x9NMrJsQW%M)sNa#
zHsDLmDnAv}FO*h3DfvWgYF$)1-4`Y7>oXtU*o3f~Lxz($;a?O48r)A6n43}U6&sj2
zFtZ%%UsZ@vEd}ciJSgoW^N;_7&G{AhcAL*m`NpakiQ2wYkDR!%c*C&%@?30deDviP
zFB8^3JPp!jPts=R2hKjKl*&oI<>|i{4RveW%-p~BP%nM~A=XQxUC?lGad9|1IdS*W
zjms@r&P*zELa%Q`un6nN)VtJ|nSA^`@3S&&CWp%phjO9p8vx=BZ8`@<_`ukY-Icpb
z<vQ^K$0iJm>0V>q#mW1JMlSiH#)XJ=*N&~1MX4sNpK9L%R*e<zOkdU2%wpd4X!99)
zK<J0rjvA^tONVF0E9SEj*Ba8blUMwF!#G<^oYOk8{rPYHQMVQpIs3c;`5=oC$a)Vz
zBpW;JM4C4xFc981vEVWLmhU@Pev<7_g5V*-5xGZiDe~ecnO8RHB1!c~9m&2gGG_dX
zEreH6Gs}^)gaQjei6rpQIyN#eb|6H}62a|k@~Z^b0Ut^1`_}qKblUI9{;6mh6cC-R
z&vLd<(bs3?iz3Tf_*8;p(_9HlpOl3VPZfd60gzFMd`5gm4N_G+2cL-X+Ka$bz{L^F
zYM4Pj4Y^8^4D|Wq!;d&ANIbEbSPAAf-%WnmesaNLlT$JTLiEhbAHyWWgEP3%=$~YF
zp^#%z`n<~6)7f2M2jWj_qkCvM#WiX2*B*gLF7sBPzl*qXJMw?GyMO8p04Mlw?Czg>
zv;FTsOorw>BXj9q(@DRiXKxk^AQ{C1XaRliTwWrZZ4X0qTai(*+8+xKe-bBi`W(vQ
zrF07XP73c8DS0a}jjaQSudaY;Y++kJFpVPd9i=95p&`mD7W6Z4tFxEjdax^iJwCcM
zh!ad)0#NBpE8c7!F?nr|>r0!e)#lP9Ml57b83oYa;k1|`$7f=a0yF1uRWKdYO4sz<
zHiKntEah(3&_4exZ-AcF;~EBKU;WrqOV4G~$zj%@lm}5Ff1A8<KwjJGVgh*l`VVv2
z4R1dDaOMWX{Zja#qls!tc``t@<@if8D(F1edph1vlDbNDbHP?2f-%MnU#rf@e{Bn1
zJ!Q_DeKWUmpc`+3W{;*>?W6h5Fmdy}3PwE7!17Bl<SgEdaTtSvmRTeW&Wc2PlsRYC
z=9?>9{Z-(@D0yyHrqdAjUHszwkhSrf^(Cr{Aq3_JAOyeel*wDL_+Iao#fLCb{^|ig
z{=JRO6M0+k*NdU)Y5KDB>sbArWJxrrfDtq<9|Qt*!8${yYb3M}*k<Pv7y2;B&d>tF
zHwgIoJEdr10O%_G7<TxC_PAIK)48KEsE?n`cdhFJ5mGkU|41PJ8~G!PGqsP=K$iE}
zf^!T3<m#GA<{OeF8&RS+L*Jf&vb9+_YaI8Q8lScamN-ze2<d9(T?kgacrrb-*u)r)
z8>!SbYTroIl-qY%OAA*Vf5pt<p%{cf5>AZaEK)$IblvTE2Z_?z0B0z890qTWEQ7a3
zh5%vniUV7^Pm(>!qVxw&$a3jh1?Ns(8t$c459r*34s10k>c*})`9gK-C8k!ABl_e=
z!(v<IY&<{LUUu!o3j9Uny;AnXMSbdr^VUveav*vedRS;oNZZ)OdfJ@Rd;NBAqwnZ|
z<}zr>!)IePEULyb@Jg7l(IH*@OL$P+Ba;rSd1~J%e95@QK5fu(E0%Blvhu08fcU91
zO+vljuJ5*4S(X{bnZ%lJ>{}H7M&YxZMh>d{S#gQpW24yVi3erv*QSbci(&1uF@;Pw
z<#PNz!o$n27Se%m??r%adV12xRL#dny#2gJ?fYo$-Bq1OSx!pdT)SyNIvHF~%JHd*
z)vM4h6V`2qgiW+-Y3P%J^r!WA5BdVHs)eR;QKsrUsnwcR&V-MSBHu5~3kt>uPA8<h
zS6bBefZX>Pp?Oev2-1!zc2FpK^P-t{uDYw_B%UuIU{l(|@y4>rREL2PZzp@q3!azn
zR6o*Onk6{l6;M(E0sUb?v=Ll;>o;wp+mijypJJHIGpamwG8XHn>)xh&<LdL<=bAYo
z7>BmNi%=3JmO7`{me<kNQH|lQAZ9?5oea~J`#N&Oi1XvaGk4*o>6d^g(J}4DimK{i
zNrPz5&mCjTWehw?n_S}Qb3r#g&;>;8V|21*o%AwBgmTM=0RF@Mt$-4B?F7KjnTy`(
zc$E51Q|i+x%91adodc#@NCHK2&Ah;DLT=shZH49XLveEfHx9#?9LmS6s+V^tOB%nn
zgD<y`#hSl&@{8^5$JM}@+$5An0QnSANU(Bsz%ZY;Q9XhW62i##lT2>}lma}#y-TZ3
zyb*u%Cs~ern%cn=T7>$tm-E<Q*rMgvv4!g6jYf^d2q`!c3~9y3UT?VUfqvP_%9<yD
z1GBwNZE8fVaAz%lqkk>awSi9c8zgPy%=Cwv@mo5Y2Sl2VCgAU0=_`$u8k4s+vU&O1
zG%wJve0fP&7u+-8j?3$Hy4tjFz1laFoV=R9Y{5|z|KxRa5QTq2LLt<L+3);EvN^!L
z10?+S`(RfM4b-DYpiTzynNmv$(FAdeJxhm~<q`cwIIe=k>Wu6idD3UH_ci#BjRYQg
zf&ofJW}7BJ)_;=6c>=7%<EZ@P5yeok-5G9gL;Lu#5k;4W0r9Rs@=z-cuF_RDw5YrS
zci`)gtBW7MW9~@q_r<=P{K3~81jD5u6Js$jkn)kj@dy857yL6zFdMrA>CVCI{-ziy
z7@ERL+SDb8?MP-5RF5)GYQVoIGQ*2LPy&AaZQIPg;msBj_<(};JQqw;agiEo+Vw}<
zE2<Lk=X<AS#?T+V#QT!`Ipj$<MZvuDQ{9L}y^<zV5*y(S+#OoF2&!QtvD)bB@C?ki
znECt$xh#A_U_hHRTYO2nlgLO@sEwCP?t~(A`9Ai7JCB<8U{7qk8WS0LqWw-Ta8_r@
zdD9p+gV_4fr~b&hc8LG2f&fe&8y#HnlkAf3wl<bIByZg$Gz8&#x$?EZgYqwlvUcr1
z?&~nlwThGr`@ZcP7AsXFw@FA<?QS<7hYU>a9y0kU6_)plAfJF2XxMoH2#t?xA_bGP
zzP;L2BbCSItngO*HE5tTJKewqAmEw2cdQnD*mJw)xD&yZN4XMZdlN_dNZS&Xswxta
zr+gG}3<Qi_+zBEmClN`Jb8R#917jwn!ASl_*@`2{7tAvnPAA0R`CVlTugP_LAMY@~
zlnPa!>NiNK&L$9$B^7Hj)gbIM!$Hh$aF_%03pRp9k|t9}%KUB94Ff=Cv|}Wwwb-eO
zIRP~@$YLfn#ND;?__WWvrUg1DVR`#QkTmhZYBnK`2zGkzhKcD*QRxqe#o42ovMQm3
zD=1LN>l@+wQv3TW6P9qBrooiWs<8`-;<H6$?~0+^>aXcm$n6+lFHk6#LKh*Kf-!CG
z#$udFx}xd(3CfAJo0kTypLdnkdKq+HzCjj~_Uc9YT{HW(xIb#Y!QUqF0y>M9j7<X2
z(TP0>WfQ&0gfl?rCFlN(H&M`{v$aZC9jxtT>2f*dUCTvsTDg3(0^wNDI|LKKn|=f#
zPWz#X^}<GNz2PltQg!j{=YUP?!{@Z_a{noNyz|G+59E;nsM}Y!mNdE|`#$V)3^o>R
zvLpp68mshZ*RmcU_%Fnw+$Fr8%=6cWJCh3S37gLf(!`6Udh2$Dz`~=fE@1fCXakz$
zkVhl^Bm@`-EiZr?EiwG*^zw*!cXIe%ye*K{-y*A2{M84}o-&S-`xH<+ahG*pA976r
z-{0sK+I>CAub}vrn#<S8>Q56S@7mM{cE+8Fb_*_sB_1Jv&0_qvBb(0R-P&d6eP{0?
zk(lU63N;3N^nJUqCC4E-?mFeuLS1*|m1JvJ<-EC)pWoWYm(Od5WEV9-9D#?TG4zux
zQIZ#V14Z7E@6Jv#46c6FHn?hZMpxXyk!)`=RYiM*Afb?-ZD~3)K5Z=j-ORM7Oi56j
zfz?>;Jmt#W_GdQ0bO8`TQjP=Oa_QMRrSDLKFG>kL7@Kf6i6>&_SE8*gFYqT^%TZ(;
zD0(x+Wc3a>X?QJPNX?u|8mLru!gPdDN#i1&wIM6z@|TEoFU*iS894n$c1yT&+C-o^
z(Tf18@?HhqIFNGDS0M)7BKc*mg=a1PBztikhbTLKNuuxN2en8(`41p<2fH>{^5>F)
zTC`{n0Jr;-4E)L`OAq1kl?j8iC5_t(lv%fJDP__Ny&$Ph+SGt@cmp?_5VT|W=+Shd
zkcX;d`XT!)sTp}}P%jP~Ueq9P9lJ+~;m?ij$rc>7_WUIV1OGb7WroRli)Q7nK~~4O
zetcAFZu<56*D(J)&&!~z#&#jVFfqyYhx|94d<zjRIdzc^HSeWxtr@NLuJu+MsFi4b
zBj;)%0;nYgytl-Z2+R3~w{hXwLFdERdr~0?Nqz)%7+i#t<;V8bJ1QX18O#NK3s|wi
zg8Hav($(mFlV~CZxXXgc*xVUhpXEaIFC7j9W%f(e(TS!dP;(J9xz;MVjwnG5$_wy|
zw42GuZmxO~CD2j>rh6IDV21!31fL8Uafa;C8~!9a`AZKoDFwtrd<b;lB_O}JCPl6{
z5R4>%l>`cgffa59=?th4gj9i|7v7+4JQ&oUMR$^3L+F4xFi%5+fAsTy(M*;ET2Srs
zWQ3$joW&@TnA)R>=Yv4^$Cm-HK;6LKW(aT*$VlUbgqUOG+y}7^^Q-G$X6T0Yi)q`E
zyJ~B(mLYpSyCv0#@$LOyb^*+F1-Gkc&D`?GyAir(VoE^o(XVGjE{`rhrUx5H9U};Z
za~)kI+yy6`3DRWQf9nVQ)=#oO84d8Chx2!%3H^t*GKmIYlXpRX1_Vz|EH^ylIRJG%
zctd8$-VOXq@Y#V;_XU-sVii*GFEtN<IeBc4_`j|k@ZVp$|9a)Ps3lporj?Hkhp&*X
ziMoAgBYiD=-uh#KOC2&I&$!p7m96@dOgQJzvcSNqZpX*sp5Hf~jce@(YL?i>sDg{u
z)o(8c^G4kq7UaHm_M;~mO>k2JUF5aAyT&36raV1yA132cC%N?gu#NoR1!sM!l5pWz
zD&RdH4hmV&(J%Hb$=AmWN2`*H)RE4g<CMIhg0kI=m|6oWVGnNA2)*ZBG_>k<UK|1f
zC9iq})xR!RLS9%frzl|(-lK|bOfcEoFN#hlW;jnselDJ_Opm|hc9IGm%WC6(UMW`f
zy^nGPnH_}*La3TAVB7tskdWs!XUlRR7?5%cN#1Vh-E?Ss#Q#>Tqcm@Q_Q~BsjeIKW
zc(MC47H#otl=oaBxQkQ^GVU;ra;tyJiyhMNthNe}obNHhp7|n1y%uQ;yM<1_fWK+7
z@)U3Hj#{tzD3h$m7a=_;8Kc_0co@5paN$z^QqvggC#i*Mwe`S&mpN$@EC>ZEUoBvV
zBj`-iNQ}G^+J&Xv@QTAdn_tL(IjNtG`5r8X)LT8n{)}VCDp9CP-$}^tY7;0sOFE>F
zaX*%VDKrdidiGBCxjKqSPCwHOCkoJycxfunK1_Jn^&-KjMC8g1@tBH}HMg1>OD|}x
z_hJl)UM%HGU`3y(bVeLo=o@)I^v!JsXOp1%(+!Dr+0(W53G9BCqqqbw+63PWez5Rn
zUfEvmebTbPXaH|)WoY+wT8vS`??4WOe%>Zsrs;t_!e=8)q2CGIcqJ(OUI@1o*C?mX
zzkIBMjI}txDTCI2F^E^E)@`#qA%CxlsxFnkw&8mpG95)!`oSEN_Lb>azQn)Z)y7(D
z+1R~e7rnXfx9j3?$f8cbR(pDzkk`AM(}dztQ7aSo98}F3pjVq~gy^WumMNaAZV1f_
zOvad&ZuI(i5RLv4?4Edjc@S7|1CCFFrDEWZv$){nC+Of2DnftmJQ%uZM9YlF+73!W
z`*d1XaWpTo6VO&Ql3!yo#Z5D2h0fd2sd4+*V%<0dfM+0a``ju5sMYA-yUhYmj}tki
zkhk;g8~nuyNqAkBBp`o`i@+X4kXT`tN9C<B+Yg4MxEStw<%~O3)y3AEYDkR`8$TP;
z*U6|wQChux*)_Lswc3%b#JY)?D{*+Fb)#+y4YNGfSQ9{7zD%&Bt$><qJiv#tt(g>R
zMYxJQv8xtyxpYTXuwVGam)ZCeRCmedBCTGVl|S=u3)MB6%m;GOz=TCR;WSJIGug_P
zQ=e~!SMP2Aeh*i)>g3?_^j(Lm&8v#ZVfMEs*GAr&-WtCCxHbuuemiFa;Z}b{P+oKL
z)W?KwQt<|HjWnpBX&HT0I+OLwf0#HOkWSx&Ppuj1UNn3V!0Kx6n>%CODqoPL+TLa@
zExD|y&zKw(SnoFTrNGGtkpZX@GqSKMQIcGgPHA)_o<c9th3V(<!MzsMZ(UuoG#Sj*
z&WpIo$6V*>I&77Vx1SuA;tySX3HKRXo2feWXls;I6rl8s?VS^3M+QlJ3E+yoZ9(Aj
zdLkZzo4;g<VL_~T>F<Zefq2qIrZe$DgR?tY7177nI4ORT4Hs(ss>bYog85Iajm*G_
zgi5gRallWqBV6Jyu~r}G!tu^0u^h7Lkaz=iUgQ8>(nF*gaEt#KhVQX#jsA4|E$l(L
z3FR^YIzM|BCO?Q8A($3OWyu(xbAU2R4^B;imv8V{1ykxTCf_UQE0eNsDeWNVMp5Z`
zzZH*-Li_Td&%A2lcG6wvWEh?S*3M}pme)lE7#E9*h|&p3N;J#ze(qw5ud2&$73iRp
z)cTNLugb$G67~9Hrm$~{qT7Y)mrC0NErw<<>8hRCaGNU;3IvzqHD!r3iHK+VJ%@gE
zXV-92g36EAEpA~tL$|i}i0ULAKf9bNgj8i?*4Tx>7)z@do42g#OY_dbK-(UZIzvL?
z_e9>vwb%&cS$w)87V+9M{UYA}cr#hK*6wts)w4zUAg_ilPMIHb;)_O?u2VR?qt^R`
z;%9YzmF&C{wcS3$S&Fqtol9v{>>2e65GuacGyMsseX6{roC)sQ*W-HSP{#F289DhI
zM)vT;`z(f^n>es;p$$e81ppp+cx;Ii&6bYwZ{b&p+Pa*h+H6OT+a@bp^l>#?G&=F{
zY2{I{(}u~&emDosfSA|Gn_(I$0ZKa}S*Z=(OR6@9HU^LD7tFsY51W-U>DyEBi_po~
zu;0N)qr@1U8CL747Z-=$&8)Ens7p>}Rm(6x;`LE2udu#4&U5H@UJ;O0FVIlBY!ZJ<
z$^0;g`;oRyPTn<g3R@6Czl02fk)tf%4$k7`I%M4@CD;3;EEi%vCC}J?kkoAze23L!
z5Alqlw6mk2Q~IZ0q&5CzCrJ>)5>`Yy3xf_fjpxm{X;a}#=Z!M3!q>7RE}SCg9=5qd
zr_ph}T=2a$85K|XI_))_33ykEIM9W)3~!K_b2+=*HX}CnWG_;*@0rxda0cClFFI+)
zNppe`<qTvL@2;Kf_R@$BgIw}V>2^^@VCKItn93EE6uY1`?e4*!XE|uTXw*K^r5Rm@
z_lGBnP$BsbS=20?{4$#`oAFI4D58W`1<mEk^4F9vy9Tc--8pUi*8V1k8ZWTVJJzA=
z`cO0NYkZ0_f7|v6FsbRpq!YM7#4vq)7ArYeDF*4<Mb7t-X1498dk;wc<+l!f9L`*n
z8%i%vltG}2?q_~2@+*0HEH>#IVChCj%ck*EgkZ_?=82UHge1TBBV@fjJA=XFt#r2c
z`qi6;dgD7=avB%D7P}@Kt^$a;H+n_e&(6)IH%A%(r$EtK*%%1<vLl#%3tSXieZ(hk
zr{dmcn_5)h40cRanVP=Y1tduCJU2N9XAkLaHz=z8l&sZjDdPg5jz3vZb16dgi77A@
zbTJsac3KGIBXfWjd))_Y7MYp8ZX41G#Wp^;q_hA(QTu>TeQ_@KL)Ui3<0<UI^@{FW
z$MJATO&<(Zg~+<pSLf5V_6IA-RpC>M@UxvwSHrf}hB{_3F{V?^xo<8He}cEhIJI91
z?~f_YjGX>5Gk9Z1OKr9;RsB28na*4UH2Rq7yj-f^KH?;ry>5eRrwhQtV07>YssexF
znPM)l%d((gO8ZrLDXifXx)2ha&bBXB<t&pj1Q*HYBLDSU5rqfjqu@?dv~Ueo!9Q!{
z0V40tm;sA)-W{h5-;O}_7-MU&jzhMlmuBEfo<@SYd6cPQjYcZxHzf-Cvzhs8QJLp+
zzXww)pqtofMg4VxET5So;NNje#aAtg-~Pgn0ZLD?y=W$jJ{AEdyGsn$S9pCys@E7#
z05eRJvHbEbYQ>q1>4iSkQ%FXuNbk&xO(n~^mIi(fa`RyJ;A@EX32~F>nCFn$O!itD
zJLGlDseXU)pI#?2zvbuh02)E=ThKq3+tH}8nH;&ahe;3Tlmf!I7+S)Nny)`(5K)$-
zXs|gao}X};EcWK}+X*1PRh;k4JfR;k5i)r_jA_a{qMY-^oh`M?<Wn(5*6wsIgYnKO
zVr#v98x6g=TKcvb9OHcw(7KpoB~rfBJ6D6z?|Jmm%I_k-&CH*iY=jk?xr)&pX3Lx+
zlvbscjJa)DfVxi5hpTI#PI4o>{z>LA4SWwU0CSskQl-u24X$0Br5_BWHsb@EiRoTo
z(y(a?q5#0raKHl<0x@ys(*OK3;QvLV|3aI<|H>@>g%1CrKj2?}q%E(<Dq3+V)LPKR
zI~peD@!WS;%E)U?rxpTyiUsCNlN|b~Y7vX^m3!WGLDd%bdqUX4`b_(Pn8DS$$f{x+
znoRq)cG)fV*B3cMR5$Jd6!bq{S{lD@8)_ej^f!g9%@jH;`RNPv#7*(li5M*WqLx$8
z+6;K0`G{%zEkVE7*hy9^l|F3?w_^u-)PM^TbZ2;JJ??y@6_Q1^%|_ktL>Z1KaN?=E
zAd}DTE<%&1R4TI=&i}aA3PHYy?a+2#vJ|c$Um;OpxLzq-as&iWh*ORao&5b(cPrcz
z9FiSw`DMp+``Ov_s&0Jij8*$ceFS0@?;1YWVus7)nFr0B#O2hEvxRZ5K71Cu<+vMr
zUA*x|luFlp*-;XeY}}_swe_5m+k5L=npKt22CuoLVk1(s55d~?gzin(O*bpk6uCFc
zZx0P4U!KH=p+f*w{b)&!v6y<0z2GaP`%N`JtR4Ao#sSd`L2QGY6(=TUC!lMZKCoZm
z`KZOfaC&J5rytJzwneu;A#72{Y}eazbh>YrcBMG0RdVc6(b!lNUv13YbMLO_ecWME
zIf=ckhA8OS`AL?i>*~6jPzJ<WXyo?o%Qt8OZhS5P!;cZfgQdTNV}k3jGzhd)nkLty
zKp9mP+b~D^2M0+vMb8B@$OoS$x4-!K3mt8{!B?zt!-voD9I{juA092G*3GEpbsSW}
zJuG&dB%?oOJkJgd!woE@JCyAV`OJQr_=+H=f`z{nm1{vrA)V;lxfYLHxr!hGzfh2s
zMGz5Cm<Oq5mjfa-X!|+Mg~|NO7k+(y%L(YO0ZHnVz`wQ-3OXjU-HxdKg2>RASnh5?
zo&xr>!1n>rfn@c|X_;?I3I<Q8UkE}%BH=iCifg=jc25$t9$f@lq6@%%=3_Dv0C5kp
zMbH`WKkwc>2Axhmf$w|}syYUm=`~#3@|}(f1ZU}#+T*8Wyf=qFCR28Ed}%kkzW;H1
zKP+0gGXB5-*hISa>!>r@7H`ZSfQ-rC4e{@v0IUMJJQXxY>T3e=rp#YfqgE1Q;G=3H
z#R&NCU&xh+*x><J4W!%+x#Bnm!GLPk5H7u9aL<(b4Yc%XkODimXg4OekJzO83Fjdw
zl@TG}yC(1(U-AGG=ydnvm&ek_q}P$pKoEu&biJz2?p^o`n04uYssFO|(b>i!n0bCy
zZ%=q^BE1YyE+pzsTGidUhPyanf#YJ565BR$56Ul`9B9WqUPUcutqS=$k_?Etve9Sp
zF_kN>A_$kk$w!~vIi{|)C&t9ZP?5!1b?seAEJ!{QPM7kF;Mc0~a~|@JH7WLv4Yc8_
zcJOV~l{fRIU5nKc#U}LcYWD%~HP^ASr@vue;2(5T|Ai6d^yy4ge&1Ab)LU2;T+2uM
zeChkk@uiVJD41N&T%J3i*tKAmxr!U%cp_PAd!T6{_H9fPBDD)v8gz%nEaa6S8TClr
zSb(q(qGUTFPXU`Hu0C2q(#p{^Km*!-H_}-^L!BlUNJkG4qmuwh$j;-V>3_>7z`v`b
z|DvCN=Uo370?YBac0;bZ6y2d>I?Nz&_gwd7u8pl<?slR;5u9DdX*j~rGX)SD4+;wQ
zoe<JzCTdO#saFhao=Q!wnr@$-u9lC|(ztP3?I)SM;rBU==V!@yK@H9Q>89eQ<x?hQ
z#iC9uLU~=+PNssJ_j7q6tXxZV8Vxoo1=lCL3nj!#>Y9FyU=u*atNP|dws6*|z7j7B
zrsRGuzx#y~f;D{Jpznauowvxw^(pWA!!Lc}5WU0Md*`CU^;_koiU+0-U-FDmd?wz3
zg!tC3gCSEGX%Fb%Rk1&Zj~<9I4EFhb>k>eNv4YqP^N<*aOQfS8yzAWOB}r{!KqSl|
zdGi*KzVuDlpNI}pU4c&Dy!TvwyA#RkIeQ+;^JRu%z!hdU|K29b7K2L>6q>xZeC}C*
z1T4Xu804p5-%OtsA^rWd&ubEmv;SzV-TZbG+emd7OvOqd{lQRirsJL_b@@&T6!7Nl
zlZ{dsk+xm`d@n2eFK(`1`X`%NyslDHYDs(j#I%ga?X1XirC@;~H(D^RJKfNrrTwa1
zZP<M=(YMKPx9TUET&g72%c(?ftNu2CYErt2>8PaoNp=q_z0YxKF}Vx4*<+Y0|GL6*
zt8kULl8ev1kYV$QbS>~3Fq_)-EfT#rXTD0iy{L{nzENbM8EvXXyU2G`MygdTC!8`r
z)Bec)YH7}$+csrBkk_^+_oQ^XZ<OH++WnP~-&D2P)m)fK0ESApIbTM$sWQ(Z3R@IB
z1Ighbe{)n?k_`K`{tbF@1Vj(0c7`;*@8uFZ^kGDD^%EisIRM$#2hUAbN1smKzctQq
zigkZJ{{Z1Y`#Liuv^;}}X`#sdTh>~WQ+-*V>z%)<%gFCAO08OO(CQ>#6~s<F=uxqz
zL)VlG)cMK|MXiYw-dAx57z787ExG$&a$<g)+s+npzcNIR<~aq~*+cm{!HcpwQ9U;Z
zF?%B^Uc9Ggz0FHnuY*7hn^SbFEh5_W1cq<$0?;%bHQO5y<dtBU<0I#lh1f}{p7uFN
zvRB97L~aK`N#xUp<6QFp1@R239^we+iQnq6Zkj7kNSDnP1LZemv}?JNK5%tBzik2n
zbpr62QZc=LGGEXKYjFarpWdt;>7O_$#oo7yf-uWN85Q_K7)yg6f8;fZaHR6>V7Aj0
zzC+IIPUbHY0hu2IWrd$#L5`(--)|o`K-!SH<tGU$D_!fL<P>b29eyK}6Br)#D&}gf
z(;uxzQycU@7<yvuRDuxWH+md=V`TbAh(2c)x^e#1jvHRRiHG0@alk)ygI$>Ok+a8Y
zZszpq>b;4oGp{JPe<Nma4drq7tNV4KYh-&|<S<!GXsag6F>MRm!^$wV^9P0uUAxnk
zT0wgUG7J}ZcdGq(?QOn%BRk1RJ_xsxxCsBOLIwHHH!eN3Pv4S4Hj8zqpnzyv{lgDI
zpl<Fm$fMxGfAJkVKe!G|EK$)5(OHF9<fCb?cOb&X2GINZkW^NI4e$-946#c9x;8;k
zJA&BIdIPMWV2LKuY&CTq&i%Fv>=e@OrB9@rbwb8xY4<>#UpX#P87v)^KCVsN`BhsI
zEP;IubBokQ%uwL>4bpxGtqTf4CrJz%IA(uNiuPh=KE!$Mf21}1-P&&r)LA&}#AR^N
zM1dV@iB1bqj5IP6#*FWWjZK8K?*W)_-_LEOt>~L{H?DtUqzKiCRJOPg^8W7c46)(K
z4nqQ`h)5Pv7eO(Yw>_TLXhFVmiVW62uQB@;BvMn+MyB)qQEq$MG`?5ez~IK7{q_k+
zg&I@a#|hTgN#<6zZ$y=CS^52>CQkuW%>iMXlZeA4jbw5EJ*4)I9J^)o(T0ik8!uWq
zn0%;Kx)SC(_NzgDkzb!MjcY@_6MOfGThfy!+F|XF7EYjiq+NsS)V4OOGb{$yy#^Oe
zwI?8YBMM+$kkTP}mQPuek16Xy!+6SvMdc??)v-w9+-O{dM^YdAeTvC4G==~k_jcrE
z^$sTqk~5PBq!P}-oyF3nBmT`&05yBUQ5S!#g(*5BC|sz<YSonCbA+f|MV9;$c!yB2
zr;g1hMH(U=bDD_S=<u+Z%os@tC}>RJOo9Sq&Q>Pm+RQ^Hz{}7R$K8TB@sDmc2sSBz
z){T&>*mJWPHSll4Mf3ITaG>SR^Q<yczb3~x)p0#Cs?$$1n6hT7Txa>g5It2HH?gdP
zg`*SSG+pvtZ_U-NY#iRpKv^=b`%K)9tW$H(>$T!YX})wnxcMhpfZ+426K1xT&O0c_
z=AQ}NiYL12EuhD~E<sR*C7F0f5(M6=K$pf-(wxahjE>B#`~K1R3LwrNUcXnh`(#x5
zG(W@Si865-{p#=|1hU(w5;wMhK+I@Y9=IK)GUaYkyNiYtJC6mOuZ}Wj`C`-2$5B;F
zy&yq2fG()GpRI5W-AGAztYx4R_vq|!gF-%kebr3*62xh7a9I|3VtFo_qZ4IW>S*2P
z)hE~LbEQFza-@BK0%)#84Z#|BO*;9$x;M;Nf1VVg9H%Qq6llOxx*IEo`fC~s8sA8X
zO(5G$d|vKFv(CU|zVD^b(m7WryQX`U;Hx*7RYgqneCleCg|h3_u`VxEuk83p8Z|@D
zvG6kqO_qVhl@CHIy&I#p(YbB33{H@<uv_yY=e)!7oJp54Ku86q+;lqWF>+M+aqaWE
z?YFz<cRH7pRhK<vrk#7@CD(2?KFP*k)ms?WwNPx5fIS>mU|loeSj<T*So>W0x)zX5
z$)!v-oh|)QvCdGa{Ow!&(+my;Yl#|Ig-%Yv)$~Mki^rnlToK?H{f1NgWwUJPt3At8
z?B<3Y1CE9VY=A@fkY0IB1(a&pE=sSGK}ArU4%^H4pqL>~xWwGc*H`hqS|g&e?kHxH
zy|O-C#SnBho_Py1AbwV$CiP8d6}q7NT)em#y8YxwXE=uzmFw-~?sea?W*EH`b37iF
zPhPdn;}QT<NN(-_n?O8_t6T%hRp}5c89gD)GVdKV>o6>KwHDL)YU19JQe=a8*<F7t
zyVGb?Sb0&o>sjdvHRi3rp;t#i;AYGV{Lkc*%bd4HVc@+QVJ2=Z02RJ!z9nHbLlaG{
ztzTYIUDNo^Z=Hhfj;Kv6BkQjDbmp_2j*rxBV;QF|Hh)t;`mqd;%LTep>)x-=gBuM)
z3U~`H&gDWUNeUTgup|V}qZXvy=#_cSS~78ykA4c2otY@xM2ST7*Z4u-Rd!QZ1c=D*
z1DKZOI2VqYCKWN6O{YThAI?EnFv~584c`fJsBl_F=+N}KhKsus<Ic2_NQI8DXt_3h
zSyIdr_jQX)3>k<upj+}orEBleVa$H0{osI5!jq<31l=-hR5|Jvfi??j$U=hDVyd3=
zj805nt`1ja>Ckw6EUJGmgWoZxT<F?#sYb3kji6ywA`n;~sh<otSa)lgmvWofR>M?B
zNTr@@uR9&%W|cJwO%x%fppCq!4H$>4{gS4QRX8WzWUsvkK3U$Lji<>|J1Z;^ryIUG
zqzP-oo)vd0AqKF(9I%%2CGlBKGY&1&Laj$}BtFc3+9B*Nu23#TZXF@0`l=9G>u~Rc
zYLmq<Lt!UxQv0=`oSB1xz0KWA1$r7#=elU{-n?tRL#W)yCN{Gbwoi9ahud4rSj|Gy
z4)naHHuo)ncc#Y#a#?GPBE#&B>a8=3I=O5y@dqoiLveiUF2l{~^T?=Tg_|%%Beoe3
z{YYcQY`lCh#G5?YBe1=h`$DuNt09S2R4Nv&YWj>x$9aRXbg3~S@Iyc~(NU!`Hea-x
zxk79LVS;`1V^x6(!~CLneXL0Y-s0@J&CI&z(VGRNs+#j*DyFc0iZ<5gL(h}Bil=d?
z7|RJ+y7*L$v6U=-GMSlNtvvYLBtk55CES=Zm+0`o3*D`7nj4up8Z*Yim?_Mh#>Cui
zXD4vSYK*@}zxznv5pplVQ}`5p>#jxuvCe1v2j82;XsP=B&BNrn+)chhkp=(6*Q86-
z+AXC3KJhN5cq?D}v&hz!`r(E0hwCm2pudm>^V&_ys5|~#1?vet=Du}%5*Ve&Xq8Wk
zh$hbdB%^uOiW|YS)rA}xubS{}rb%^GbZx>k80$X3o!*(LckFcAOgm8YI*BEUuF~Gv
zzAwsLxK=Xjqbaq!rZTEeA~iOIM;~hv?hXNyI&cfTkb{F;rsI*yTQ62_tjdQ0CzFV>
zc6$9|!R<Qb>KZYcd*ocb63h<`KZj44k4_u*TOIp}%#UvmB<_LSLuV^nXxl!9S9*fS
zxEl?Prp)X_UraYN#h-t()1C8bCZWkwn=bLINNSM{rOzW@?~K01z>4GJNb3vfVyQs&
z*w!r$C@vol&m%AoH$Za<Ql*&DjAEF?sJs{I{o<Iy_+t3A;;&6G`yZ$5j?FyUPVdJX
z(pd3^RE7rU_e^gL`uiNdTkmd79v!F%yq&9%A)4-T6#;c~fnhSuT3zI{89n0JM|f@T
zt<l`E4pVIwY&^qLxhEUH3F=~Kegb4&L^0wE@MgBpMP>bm9LOV(Kdw$%f^2CJEHkFZ
z{uamTU}_?v^DOPN%=~@SO&Qs~CR72k<HqMgPmbFU=O~f}KX2aQM1ZM@pG-S5D34M^
z_qPIXLl?_x)7G2WGNZydv#bNu*vD8B5-^CTuHR&n$@Y`UuEBXagn;+h>5xcbPF(fq
zL$fzhP$%>SWiH!1HAAz#$9@zZLhb$RdOU7RmignshIzz`M;I;4M;iWi2$lRT^rnN^
zn3T}8x&S!rbDAij_+Zr$hHom~4tKg#6UC*e_<XrUploHqYMwq<nq{7Sz=s^)^mRj1
zmrp<<<xM|!`k|0`;C|(eEVD^|TtecmHEY8P?*!n--_MeOk9qyn-B6oe&=sd`dUQiQ
zIq^~3Y&q$r7rIfd%`i<0>(ci+G0$WTH*x;psakGlpxcSoOKT4xj?p3KZKCYnRH-S}
zmNnMvxT|?1Eq7?`5drU|Ez7n;B~uk<AAE1(!EdXDcn%MU0n{P;MdFsLF}=d?OnSK|
zx9+l}i}QX@TAo;tEPCpk##imbctij_C3wzzda>h)m56a<OI`n)DA0sL<q%d>fy45J
zhNs-Ctb5^!8!6^{t@Pn_NKR`K3(Q)FRrnjDTIkuEZ<VFXCdSsS>YVCR#iB@zj$CwJ
zP!6d6h*Y5vP%NiDBKd|(v*B1G%Lh#_{9@S6Sa)MZC;l~!2YZCW*^=b49pLFA6Hj6V
zG4)9i3fUNnMnoI7)g@#?^R?0UYfGc{CuYtBUz_2rG*#oK@4YO<SHHz8!O#;?C$H#j
zRxn)&CZQy5T#&tT_A$3F=XR?~OPyt8gVQGy3&(1}|8&Vw;B+3`u)MZ5dCB%ew=3$L
z=Ch}hAL*GG%1T(y3Ro{>e;xFn_6vd}HO5xLWdp>XA6-pE-yhveXY;M<)Pk-D8f@RK
zY6`opuyaJ28OfhW??-r(DaNM$xn9&lny);iWa`P_{+h!5)Gg`xIfWFi5Kqf<zCP$P
z5%ThN0MATP$=-2_K`eN29qUq<Z*H)L-@}AM4W-(r(x3U>22JnYQsW1PmY?FBM;}xc
z5oj<~*_dz@yj1qu#J7+vU*P!Cs!sw#%RxeMj@eyz=jIZg1Q~7(#{;*>m**p%sTsuP
zt=%?7&eu#`hz76enUh^F1sRwYJFHEo!j-x*Kx1W7%sx@Ow5H0m5V%69{#;Q#p~tZ{
z>nr1-VB(AvYh?uS%8}9lxvicFpN;vC<K~gByPZKI!-RWYy&T?}9;+Kl!(|h9`5JV@
zm7XM!Ea8%QZTBy|rJAh~67qe$r)Dx*)fnVMYhPWv?)A-)ksLjH0b-LrzKe?=+<%D$
z#J(i-72V$J=0xU_L-X51^mUi>h;t9G7hdz^NN8;0azQPn@AmH9EL}f{*}Knm5;RgG
zpCiwbI46ABJ0LU)oP;}dLtCPnO|=Dh?k|?T&O7Dp9A6{KShMa-%FiZx6c92m9p_Tb
z0<HW(y<B@Pkh4fk<PZ|yN5+Neo-G49iR{`f2m+7iHc8^n8G^Xa28d=T4`D!9nsQq1
zCt1XIP%U>p^;j4fs33r9wiX$!pJelrU`66TZSP-g4)|Yg?_X^W`1eltpN0qgZ8;u}
zA??J*Jvh$kB!ehF%33u6E?$P0(>kT97)%RqE)nkW$PF&ODJR8h3?eD4Ad(Vb9%K*R
zGE-c<u}3XFI7m4ceD0=A*fmhACrHM0XO4^vgjLKgc(m%e1?eAhY3T4tCq7HTj<paW
z9d#w|(WVdvXc}-4OB2nA8%_Qe&U@~u$kH{t7lXdpuZ_ktBdfaEtzwLy`j!09bJsLk
z>F^v*-L`)g6Z9>Ob!fx06}8QRFH|0@n2fx)+MovYaudz=;oIf0@LTe=4QVT8<c+>Y
zv17f1qj)GbS+%cLGV>~cvC5T5RB1lG34@elkZ&5U<W2$3xH_M=up162jgQsWc2uCQ
zqTW4GD{Wspb_{$1kE4cOeA9NjI-IWZ6nCRM+RH|Lat;yd(%=d6O`fS3iVP&EafGX#
z8UH`UU1wBN*%}Q}qEaFVDn&qwC<sVbP(l$zupme;QKHfbLZk*Rh^RC{LXjeh@aR>V
zlz>PV=?Dmh5`thrNN9!x;=9budh_0_c|YEddGq_;b-#7Wx@({P?Y)mfLy$`4)_%rf
zk2JZ=AxHPIo=l~O`Ae5AfA_(um=BvqX=z~STliDEpO8E9%(i>oRA7951wVAFftTif
z%9nDh=sddl9qRTIFRBSvJldY~=y>JA&}u!_FvN&togpn)kbA@LhtDWQ1-i7A)0b;!
zLz?2jpbA}-?3~q9X;mBeqGVOzbH&zXdFz8O+97i_6|F1BXK~NNrEwLF5%;$*E}2!K
za;MRgXQ?(bz?0+=iww!bCLMPG@W#Vi)fcaGkP$k^UfgEA1Q(+`P{5`S>tsC`>L$yf
zhryG)=Xd(aZ8*R=;pcS)XdM)^JLUYIW|SvPvTCZtny9@|(lJ}+{NkX0Do3@OE&73;
z^G1aICStIL=(yoGKFTQdwrOdq*bIL~eGeDH`wg{O_ZHN3juM0PT}^;^5Zd1D%2i5?
zWEszy)Dt}D!uCipGuU%Yx~C(l3%%`O@;afm<R|1GNOcgXAjm;uDQ*pR1e^k@Xv0qJ
zI{j!*nc9eT_|hm=Yl*C+|Jo)(r{VZn)j0NQrUEl!o!rYu59_#>X$<vrP)D`YMOY*B
zsCOGt+#;swLB3$LsAxS8N&9X?-C$#<xmB@Azf6zRSeCxuve;v1&P{JIsA^$HvRQE|
zePw=r;;T`noV#!;ynb%SN27wSK}F}}=EMq6o6+pl`v%kfCN#dXvLNl-HW6ZbxW!*i
z8D2l`kBn~Wj0%n3sTlZ-xDv#^DdSoXq+}IgILJvgY&aC)n@3t`JVstloJq?P8rYLm
zhp91n|Lu9NgslGwFRyIrTNW%SX19xp6ZH0PdQ&};Ke&c8Ih?KGQP-ZVuN?8q;Z!Ci
zt51`OzU4X3RoG*`I(J&OF7XrNbq`*?wI<Y*T+hN)c(1}}H1Ctdi=p60ZXo6LIAj@f
zILnXg>raR^fW16`f#p&6@OX&vbmvUAx$^cdi8J@II|`2&7qDyIAUfb0YSZiMcUtL3
zR`WK^>3v2+vQlM3?x#GeG+yYt`th8UmrGJm>6Q+;9d{w($X#(M2WevZi6eYbzIXGj
zc>W7F*YO)S2mFhiQ^FV#j!M0^Kl%w{QEJETuB7+or7<q0PLD+)MFP2QCbbLvHUs)q
z++j2NiM|94Q}+_Tr>;#0UHWS#AFW(}8^3G->dlAb&t1@P5QTzNYxb^Ys-v}!*=pO6
ze5htRu)FpYND;bU_O!pi6yG~%;3sE%PFSr?x<hO}rc+6azlrT!U?An-yF=EEwa!PA
zpSVe;8BjRm4_1RYKHhx8u5tTx#gb#n*Yqi6GvN?lWo#y=G&U<h9IF;}9!m?6)Z$p-
z2J?+@1;8jMtDrHJa18CV*H9(5lrZv?8B&u{>;UL~=0<{c$pKKm-e|+jSTx$+Wt<a(
z)kroaZ@?Q51b{vAT;NCk44L2kPh<{_!??v!*IF|UQ=yJ)Ed>6nH3ToV3)Y<JPx=nt
z3*9UXV{IJNc1k6dDu93+?7>4o*76*(!>hDe{z=E|{*$rIlQOC_RP>0lgeAUYtf<O|
zv2=^;p1UU=yR<5FO3sP-^8y&`EPaxhx&55gSS`IUPaFF!{zh;%ti8dOzB4XgnZ-b)
z?Zz6oc0C*Yt#fjWi;PeW2#c+wCAPy#_L|Z_GwSBsz@16ZOS!|{7RwOBqA)VXy7m!Y
z`!|j_nDj|ze|Y69$t4q|7?vMaymxsP<bQ9C$2h6sgB|%Y4X{qBn1R!`11(bw7PPg)
z5R%DPZZr?3``iP0;GCj#mrI&UIJ=x%pq!T<U=n%6K#AD8&vy@u`c{8?I@N~^HcPT7
z@zp?Qm#(GN5E-)^-Is-cHX6{ZQSeJ(-RTDJSp;lbot%_Ei{iEI;!4SGp1<r6-F@m|
zTt4r;(jJMYOL<Rf!GJ9$31g@v8PQDJ2yZN<h;&p(!J->b%D$-&`8m+tCtBEL-IY&I
zKN0tCcq-uRc&{ZAvR?4(q>DC|zxi~kM7hVXSFm2=Z3cUk|13<XyiB^2<ab9jPJ22`
zOIUV>6KP6iDjnNCNtw)5nR;;l(#TM=rdXY1Oqxh-7Q(1sJ+yk<SG>nq%;Aoi5+rc<
zzOa)3UzM!pgjspowFVQ17d|g?Ibg=`Hbq0Um$Zr$&II_?nPgcw?%4SkkEWnWh6xF?
zb!Q(5Y$h{e^PEkm3Otj2T(S+$TPym?1cW|Y8E-T!feD6VD#B8~otQwF1?K)JRr(a}
zqGC2wgZ&9nXc|w3ugklNP}xC(y~zCu*zpFGz~;FT4nB|Y16;tSdOxlRn3e}Oc$5Qt
z{v&8HI`G#%1ODFy|4<M3%SZT!f`6z7{ONSVzVDds2woj@EQht=C#CbE1Bz}Y`K&{k
zr>dN<L1Wr94bfi?TN#cA$l#l5{jt)+&N3e?RuNzC3*1d}&$iUfwJO~E%I;Npw*tvB
zgBX8FGkbLO*6B(z8mW`iO{-r+nfsf$7#4k*t7nn5(0&dYhK~b6tW%GxUb6RyIgKMp
z0m@GYFS2mGCiI<4*iVGUo)u?Ne89U0qC(+&^U?mAYFPr_nzK6VQ0+{RTSBTy%!;cr
z0XLj_alp7^u(eHkbuN{(864n7Uk}9dHC2_;sYakdh;?_@Y1Z2?LU%POBIK)S*TEfF
zPH&-G(-}bcuI~r@{R;fs8#=>H^Gm^G#t3+Z%De`Cf(2-gEg1o2E7rTwy9cV|x9B1b
z@T$_L1yj(>#3Vw=TC8eXIP`0ruB;IwxMKzO-F1b=yX)f#xw!2_`;MZqf@c#jNSEE@
z_v+zr;BT#d0Qft{zB_bKne@NUye7WXmN9>Y>`}C)w%@}{mS9Ti?TLfqIf7zDtlB^Q
z@T3|(MNArUZ&h!uU)kE%4dZk)S6!_KyubyxZ-0<HoXVl5X7OX6cRmT=lBiGNeR$-E
zLBFuhi8I34<s{c{inaw-XeslCgu)xXSR3a`<jz=eef7krjN@?rjao@or;B&CYCss&
zg;pyZKeIoey*!%=7}k%f;0;Hw4HX>=j4G_pH$QPRLf;BM7E%C_z-kG@rx%Z+W=o^c
zQ&E~yRdqw#oUbo!ma+j(7Czs3N7oWXUDckw<#_BWQlayX*Ie=K8vh|tnA`9DLM03s
zV#C}nzzLoQwoS9GNvT(JnQiQ?@cI&wPGeq0xuxspA|b09S9IG!tX6dTTd=r#M@*w&
zdz<V=l||jBZ4KxdqdETg&ChI*TCKZ!%sm!NIS^q<@Yaqn9g2C3BSD^HQB}P<G4Fy@
zCGO4J-N=f8_zRMjfniz#*y|tNu&2GiELK@i{TdO>Np;L=1_(Hdt|Xc+D%Vn5@LEv5
zEmDl#2F-S94vyFIJbMNb$MkLt1E-+cgDfsnlG}@w7Z@T#b2fPKcltL{E|9b%7tNmS
zGm40d>GBBAj3{f%xo@EbbNqe8zbNBiGNYPol8?%L31Al~1CV)31xoEZ9dVK4pFJvr
zuG$7I;?76rJNPTUBVYdF5f>T>2@RIRXp^<*@OF`hv{Y>o7y$;&PVG(q0FU|pOmAK2
z<}>1lsJ;~ge$k_-2aR$VIcjv@;m}~w1%bKNvunjgE3@&0J?at1pdX{3&Ljvx7V~!T
z&#y8)?1cAq>?`ys0H#5a`o53s-69aRpeC$dKD;qJ?UX7SWMPWzXL5FtNW-=phK^=%
zLXejTs8~36IW!C-0&NKryM`<B`v<aN7=PY<eL+GYQ~XR|L?|NRxnLsXC@ch=Setis
z(TwA%VAD}5N*>8=PffN>@le@^W%y^BS$-$15Z^s(%V6`FKOUm-0n|<N+MGoQU`|r+
zQ23F;=c&NV$^qpwtJ%Zoh1_^CbzUEn&Y<BiEurT-shR@gKqoGbI@{6>>SrneA=g7?
zuxxg3Vr=sXCSXQOE8S)rNiF07d>K3`5<9oeQ6s-(y;q2`RPM2I?9oI}8PqC@IWYiu
zkMM>rGU;mV1@3^Wq6VxgI;l5B)&$KE0B(}?pxTH=7x8i+EAx2Bd1y-pFS#kKa(JLY
nd<G}4TNb-){jK`mgih0iXjYL#h|6y+ePis+j|R-ppP&B;#_g}v

delta 34206
zcmd42by!sG+b+BiknRQv=|+%{7Lk^ePL&1$X^>b5(#;SuN=OJuiF8Z1bm!0@F@wY?
zFzoU9J@4;*_ZRzpj{WUFzCW&mgPC=#x!1j}`-<~Cuj(VrZ<&}$pD?7Wiga#)SnS;V
z-GC(fc`k`S`*ofSvwwhGJbY4h2F13Yq&hah93hY%@W2)an{$fY=4<quew+Jlv~H=%
zF+i03q3n9L9&_XkKyqkS1a)mu@~>YuI(XH+s+_6P3OoqBi%cs<{p^;n=}V9RM;Vzl
z#}A${YtDF#{2Fw?0AY``mX^o^-I1mDZ-9Wy*AH$0RhYpwceMhRCMNh&(kecOO8;CQ
zo{X9Jty>AWi{#s2u*y-sE)3>e=x_ISrBP{#yA&CDHmoxK<{}qMistY>Y<0!aQWh>B
z2V*|jD|eXOqo}`bGaV2iya8rQP^mx{VpRwJ@dPCjD1e}O%VyPDYI1j`Ch+z9_XZ-J
zZRPG*e3RJ@m=iT5q~I<S-}qsmA}q+G%Xs4W>2O`^mqv|Pf5_zkD|wl0M=lXQzzyWy
z3i;1Jm|@6hgr_Q8{G&C@LPEV2ArvR}R_K#oz!P9eHDqm6x(d(vWl==79*sQju?K00
zCm!6aTb=@c->OErmAdlfnuy<hRj6?df%~$n+`R*6W}j6J1|A#VEhbf*a>oUqoC4#H
z!aZ^7b3>nE*3gv|js)%`F9QRBn<+#G8wyFj#RJN;n_U;Sk@$Ib)3--@x4IeEf+Q=P
zIi*fSuq>TD)1a;%%8y)AN{!XA7oMHnHQ%`1Q@AlFJFsl-ggvBNVL~uPueaWFmSbwy
zSmexJpL-JX&Hu|2_+Y~`k|B22b~w|6Tzn>3#Bn%^4r#j6Ybny&P&-l1Q5ULGSJlvx
zRtPp^Ke+oibeYM7ZYy0BKT6A3=eAo&un>}D-Qc{a0BLyx=xJ&z8{4!`db?0xs<nnn
z*8kEIt343b*lN#UF<PuieMYR1OWaSYtgs%!<4ix25N?;T5Z!Q6&{$Vv#X4ga@slg_
zZXzFjHTEj&k%xHR*3#$Fdq9{mLODEl-;|#zvDC_+CYZe~NJ1lV(C1RA(@fKAAPtN2
zZe7+%HwlDpNuQL+6nLnxsdEcb<;MeJY_;7*V&^ix*y*(*6mzbOY~yPJr2?+$aOTeN
z9t^a7VK-ae1PH#CeG3}U`T39#zSDE<tcajW>{^XqV62SvzE&HS(kg#(%o$zY=9hr?
z;dba|Lhz8pu>Z-*v$AiP(+>ZWkDS~9(ahvBk5^b@VO*W60{TLM&H=81Zf>qd!&UI*
zSXTmnpWM)+9+T(wSfXWk9M&q{z%tSrUfp#A5Y)Vn4U$?v)}KC8Q<|x-*caqzpRQ;g
zkqN=*RaKqhcdsC$(#Lqnm<7Qg<OeZM>OQXXjS|-%;;ium(;-*QW&$188PdlN1+I9C
z<#I}t+;bgginVf|UsAgJSE(nAiX7t3AK>DA@GJVpBsAW}vI{Z4l4)<4X<=9=!8WaH
zw1*LC>$gpbmfB2C{N5+hkxzDU(qC5Lh$9oNtlISMj(d1JxE5Y*A1Znr=>z6qw2crI
z_QgN;&|YJ>R>vqFD#`g;*jgh%R3p+_pES1bNgYil&X)KAAn`;-=OKrBSF0}G*2Fqn
zQK+m-N5C~K$ciMV1?*xCCbPGFBK+P(Myc?}*~X{h&VQh~9l{%Ec>N)D4_x@27<J`{
zAh1BtM7P{6+RuO{)&I;JF9*HfZKY5qYS-7ta8ube_}^i9NzFfp3EW9&gjbLtwQ5O7
z6yQ1fH^AGD7XSRZ=!(VNukqru9aZne8mcv>tyl?kUu2|@*tTj6UcR;WO9{E}MH10Y
zetad--Xljb%XAFuZCx9U{EY|wuAF|UIeBGZ?de^r(rZaq{-Vkkk_%qmDac7p!bo#Q
zdkix?*^dE5mJ`9mIf>%mTWF89>TVOrQEf<=aUM7gGL@Fj6fy}ceV6U{?1avu8~?G&
zpdeX@NT57Ctj9DXykO#>MPQvkLo%ZyU5@3;SGWM`&3S46m0FR8?9{}FuV_a7s}9CV
zjR5>#ws#sc>ng@b+IU3c+0@~vH2aSZrnVJXpZ4G!<%NZ1e3atwyl~ZVN^Aoi03Zao
zZ!M#}g%7mz%jlA0Mx=)Yz(6X88E6HhxchlibyJiYWyvfS^CJwLVivMcY`~u>wj3FI
z9xz>V17IO9O`2y=%uc=p*039Za#eHNe2=0TJ5p<^z&evG8V`GZGpTCWH#J3v#O*%=
z<pcTH95OKyOh;-dw{WlGvqW0Ibj@AIY^F)ZC^bP`{tJra!NrGf3ezH`jhwcYF@S1#
zH7o%FZ|*wTo0)~|L)%JTEhIFTFO!^>n_hn-H&^%X19+8*=Qi}?Uwy^~e7qnqbyEl_
zA%z7UiUp2}TpuC60lMTkCd$2Kx%BH(CeFX_3$s7%+&4&`f-7Lf06&?-e^->lH+odo
zm}8HH+@8fu9|zKvuMFBio=zquiVQl^rd;?mr)e-ljh}dUbh_j+wLZj#JR_~Jc(qC!
z%)ET{5Dx9jwNxxZ7CmaxwC^&FD`|Xr_CV3!He|DVe?pNLy*p1;TX%2W0G+GMCRf^U
z>ckCaGai2S_UQDJPD3Jr@B^)J3sY4UCY$?x{F(_8cY6SD{c0PskXxV(q%%ea1M#za
z1z&f|QBJms>E6T`ytMe+_@a}0<)<xYyf0EM)pc?R7N+`#*Z?KQ=8-&%=ej6g@u%sP
zJlsEnx$Atya`$u2MGB*E-`AxaQ{XJ-PwFC8u|zB`SPm6B(7(1aH>(?pE==vg5(x3J
z;Sog2gwrw-VD`8hfIYQb`09tQ=Neb5XP(ecTxlmg7MWIXC~^oDBx-dPixSJ25oXLs
zzPq+7vSI!&pNj@rlP$<c1^s{f82mqSm;e2nfdBcR|7RZPzg-G1@}kG5Z=`Wt^hbZ+
z3Yf6s8}kILZlU6uOJiD3EH_H1;Q1{r--iNbc%8jHzmA=aNOw!Ub~1fgHeM|v(v;@6
ztVPGDefP~FGA@+JSFe<QeCN%qR)LcWlr!AHSO?=TCrMs!b#IaVI9j5JKjPkaw>~}^
z|EDU9lw6Xa@eS7(tn)HqDhqs9HH!nV)iUaPxwbtH+xPO9!z3KjBi$Lk^*~VGk)=&)
zLfE{D?H!DXhP&DshR0mZ`!_&E-}~~T3;yXiw1;8Y8R!jv14PthFdp6^4nu6fjG}8}
zWhs;q(nFkuY>GwZ14YY<*2Vp~Dd`z0%5@h4;V-cCBw5HsZaaOT=jqhYBLKk#3YcbZ
zJ?C5REJK_`!;D7~^_EOiE~k^lDw6d9-t8&awe~+#dx6v=*V}589``oWDwN8D$8+#y
zWQ(27>FbIrm6#)sG_y;C+o-2)Cd+IM44;dgm@(MkSA@Uor&6F}g@!%*$m!Fh9aBT(
zYcM0K$)!U>10@_=+$W1#!nFjA_56C*Z?#z`Gw`bJ;3O$&Xp&Ewez=Hh6G2jZgPsP{
z&KAyonp)|*R9)P&q@Su)WUM&X7FV>#$`e~Elk<>zs_SB2NIg9Ub{-&2cKk%J5b*`^
z2wc?_2H`%oa^z#97j*hja7LVC{Hx)Tizrh`%Ql7nvlDJ)>3Im!Y7K04HW&+3DE{F-
znp>dfRK4iu{It3Hiy9j_pSCwqa|h|1BKh}wk`F#Ae9>{!e@)cd)4JSZ<OAswrN|qg
zO#Wi)#di129a4pUG4_<d-o1Y7m-|hYCQGu}9|3v$=GbU9xtv3uK3+f8>Jsgo6|D&~
z`5#3|(13Ef-8Qn>_h2`asI5qpkEnMibelsGPt;ZS+j0D$>KPXO>AmT!*G?`b2iJyi
zrw&u+U-ZPCJ$3$y^e{QrKwWflRn)11XGF-{_g`<P-ABmwB*Z$hc9yuteZDX<BE&Z{
zD;0@9Ot(&pXMbiGB8=5uE3+};OcHLW)OdoulJ8l)IC6r!v3fSwuJDimB1IPnF{i@^
zv1Jw4t$J>Ni18cX<&`O%I5r685GH$G591q(&8+GFHUM4kHGUh9i^&gfsc3x?pzsXi
zhmUVMG`xW3oJMD9VX3!TQB;sg()xLt?ei`kEK(ILdH{+p<WIoFuuFV5bU#C$&!8P1
z`20E5B=Py{^g|IHaNe*r!ukd<#{dr>GFAO`hPLE!Rn8N;E92VkLXN>s1N;20L+pyg
z7jrj2`z#F(BA3Jvy&1gw_1e~jE0(<&0RjFTIza|%%!7FajVzl@taiU%%x_7tv#zRE
z#|gi9ZsaR#G3RP8SNJYPyF_eDCsE)*CEH*^f3s<-tzUkRB@^5*(sLcOqH>z~?fTw<
zW~AZW+O1(KN{k`t`@Elv`O!yB?G{vX_YLQAGGuKvh6xXGIK7<(TUOt7qQ*^GnscJ}
z{+{K3M@v;rvvtaSXsgN)<NT1F6t72ux}G7{EXzVQG(<Sic7vJ353|cCTM%KeS=VF{
zq9{{kI^?m|T;@Q{ZBPJuSWE$*wKPTF`zWdn%+pyCAS>4rnVpOlxFV0mxN9}Vxhn)~
zuFaHNCn_fB2(U8xTVi<VMRY@66?)))cWkI37L=-1=|)MyN5i1FXP5Kq>H7rDQLLfg
z12Q=@9G*<RRMpLVr(6(@>B&SX%%Z2(`iApdLILZR6q6&aDX<Mz$gv|iC)cSeJ4@qV
ziy{n;pbIVZ{xMHl^BNyrp8tAwWYn3y^hgp2f5FUG+c$VPGPdW4%Z(}jboMl!=|XL?
zmTxL_!@R|rNKRbu$pwL%Sck%!kjLUb<sZ;0t^&>G0-leOumKA=WxUIVfYx_G*48gE
z`$~t~`Kiliyn`g*SD``~zO8O`zR%j*S?!gIFZpU!nAyflC!{<7)eI6Vt~)H}@9nGg
zofkH)ZG76e=8I*7t6ZsW^;{85ZU3N1`m1r2%!y&5pK5W0PxiDCk5`7Lf2`Ow`fXb{
zz>aGNUEWY(_qaDq!jz`#<Cq{ga=*WJ*<KHswzdiqT=9>$(fH**oH_K?BwoKbToA20
zmm>6`d1bDSSfRR<*%WA2A+7h9pm`Fm*=>4Zab#*<KDfi<%~@F%$c2oAOLcu)x#vdd
z_r9l%Gvd2ii&zkLc#F~Nk?y3`_rIQ-J*8J-{f^&1>=Tk(bqhLPLRpiNc1f@y^cH<A
z#BwmfE5EjhE8PtSrIzV4vu1gGm7<0BLZpxDsCNbi>MpGdzxRf`6Qn312qjkH@WNMn
zkYyRZaU1U2Efk$B5qV|wNqb$RoO465$qM6#R8|zGT5S}K_?Pfb)v~e(<2e_Wv|dLs
zuV|+|Fw<Ed>5E|QmcK)Oe!PCW9rlws^lnWvIMZ^!U}14#Mf?2M`+-}(`8w$Ic^3^e
zuXY}=U=OGIV6*2}?PRke@iu-G%V^_t@d%t|$-~ZbiuRZ&BhANMT`RpAnrRXZoJ#|8
zY93RJwm5wBC)6utuznMwXbPRU)_7`aRWjpn0}#n5BAk1z$ZCVMyW2@+C}79b^Sdi{
zV5Xa`v*Y=k%_JLz3VViOqLh@YL(X7|NCD}q&cXpDR`XQ7{UCzEy>uzTO#6Jt^mPJh
zT(-LUDDubdtl<V&KfeK<CPy}B0($@I3|Enc!Uaw-c;BXv+#%V`+CRlAFxPUBnbToN
z=2B_(BdNc<3UeSB&rGqzuYH}ZKE7g1?X#6%lP2?bS5s*Q0*4o&%Ry|!v*a6>7v#+A
zxg@3#_gmB;maUOqS#Aj}O9E~#3D@=eXNfBC#Hbb;n`Y5fe7|PX3DJgTvv~ptKdDgO
zV+d}NkLr|9E{O>`WXbfMXMIh-IQK=yxx5lAYY_uWOex097az@%=3M?F*TKnmyr^<A
zq+W=lJ30EO29aO3#R`rH;Ya5eCIdLlPR_bT$0hO4z=zWk;5WAVIB=u52EuE{0zw^g
zPKeO0Lj~Clu*=%AZ*}Wbrl-oT%pMx}YW%FU*$M}luR3<*-EhUc9vkFwsZonRxok!d
z5JijbE`6gb$YD<<t#8u^)G)-F=H<>5Bdivr_Al1$-mJ^tagd`x2xjFYojd5;GR0Q%
zKaCbxI7!ez=D(ULFb?*K&-IjoRmo}k(tTg*zbkbu``9I2c-cwB1mXqx`Ul8&f{~_0
zk-@aF*Vwfq<d>Z^DT+b-y8H4@Ne-}&+1vL{9E07pI8QV%xRnVfQTD}C?V0;-NP@MN
zU~UA-8~!U0#;|PGc|Kz)(hxfI6n>RXZRkE4@F^&LX+eX(7q{PJE0hlWAcdtzM);7|
z<EzgJMHZw!dD1zU0Z~zTN$Ka-b$`xz6%Ju0LAo-$Ya2dsy7xV0fzBj9*(5HyHnYB@
zL(ljQy;`AkwCHDZu=_YvLdxZB_Pwdv8-OnGaZ_XK#LKg}W41c~t+Bh!KkaKH7J65(
zk_qmmJjNa6W#bx2dK=dSz9h@hOcX}chqP!1t%1~vYn72JEVb~FO-nQa_ts2>{xN*W
z(NQ8|f-2rc9jD%;GJH~rfVKWuADbaGM$^LL{Ax(g$SA1&etT?(lz2Wu+MpV-+PO;h
zgNb{pMT5=Md2D_-y~=^aj#PQ}o4<x@)p7K}P=vpl8~+ix{;DQOM>DDNvG9^_4jKD2
z#}a`PyZ&y)Pn}zi!DK`nuPIU8o`xni@z=5Fhu_y(ezb*p%d$#(LrVJ|O*cSTo51pq
z*F}e9j?T0$LcPgO;@Qk{3{5VsF0B1+?+`uQ4YX=5HmyynZNtMOuOv5J3T8X?-0OJ;
z=JqI-{DwM({p`EI+4FXaf>y-4sg}p*73mlCpmm#uWAKzphF8onX`=Omdh_lTU1@^d
z<GQf6gi8m5aTJYT_GO3Ec4iUM*Rncd=kd7Lq2=IEM@AEyg;l)X{E9z2bl*hCbtB%D
zV7appzior>`NP1$4G$yfAC+&R5|MI3yI&nw2?8q#c5}!@$|}pOYsO5?%qVlZj7V$X
ztjdpdgW3=5)JU<^bZtBe3GlXCeD{7sM*NP;+n?^6c6UR>%(x+Yl6N5mB(#he?eJ=p
zf>h;o_>p{yVFO7hxNdJqvKCx+$k*@#qTnM0QTCw{B39fWYVozgy>fHr9@K=5sEaf8
zE<AL&)z|rJvkB=4<IB{tbiwabmfK#&%O%c++-;(U9GHlJx3a7A9WC!p3W{2|b}}q7
z)ST?pXZo_oeppMm<|%rnwMfGQ{HuEa20m&;*@QlV+33aT4vORU5f+dJb@b;Fw&NkS
zAHtQx++dZ2bMH0f<_o=)p=w##YV>OC{_J-CjGMkbzAuJ{)!3mftA<2%M<cHvzSwKS
zgWJVdfR@PjD)59@>oO-38fbX!TV3;|&CtLB1I0E~oD_e`qm{7c*9`h^DgP{j`iklX
zVB5R_&T(&mh0Zwn%Ski{z3&`>x_^4Dty=ly^lxAmor|rmLcMN)OT3ONXhYR17TBHe
z(&$^OmTT36zw`B<ON&auxutzm+n(_3D*r-lDN2n+vG7kJH-JCZ0K3f%&=MzGlB*(n
z1K?^$``-Yu?dz*Z#3k2NfTN7Y4IpoY*h1AWUK?HCFY=!AwMd9n``S2Jv*^q)VtK5e
zjoT@ExX@j#rGjV(C%>nC$(_HDl<A5tGX8p&KRrA8#nSz+-s~Mvl7#8X1WwZ>`BI?e
zdFhhbl9RJ&dfg1vd*t+x@a~gI+VcG53EHktzl?DwUmrbBes~8bRNg7^wqInY;fe@C
zL?O@AVpooN=0$y7%8qVRiiOcA>7ojyA*{&b*<CC->-Le<hqu>=`(QLZBg`8_iBYvK
zw<lD~ykuVo5lga@gY1xZdEv|1JZvg&y41&Ov?TbH6*~HXJN2D83)L|D?n>;vHtv?`
zjIIkKCMqWW_S&|Xb?E@J$EqWXD*pVsU0&%Ys#X06a<VV9JP&dSF05+YLIq!*UbYho
z%;f$=Mrw^!mJ5{~)igI#wG1S{4v(Ijs8i|n`(P(w);5S@fI@FU$Ky9`4<>h}Pnqvv
zPp*w`A#hu!L>EV-R$N2`+Ps%UmX+wWDQ#0#5$U+bw-;0?F?g;E+K4`(Yi5E<N{e~3
z1<QrKNriyC)kVv~o_@~x-~oO<_vkNypH9yE{T}tj0H@9j4YdS(0Z4M2gl+arYClW5
zTVJqn;=g&JaaltktOFRsIt6qf7|*FW?iBST{^H0MxdEy`bf+`n$PFO1Zvgh{j`nk*
zz182EjDWWnB!r6=B4oz^K^icFe;RKOMHm<nAzXs2k3Bvl`NeSNcGkXp10?30S)KM>
z8(oT-4+jp<z;A%?(^bOQs!vP%KZEK#-G$C0s(iuPQ3upG+b=a#r;F~Kp6j~nb}P$&
zVISyP_$rW<JwKdtuQU)`VH{zaBC_8jZ@=e<R6=j}(Fo6EaMQ?KeJ)R)y`zh6ar{Bp
zwdSkUp5UC4${PURZC&V^F|o($iW+Hj1EfyxWrsk{xp^R?+?*gr^g0+JCpNaIGIgfC
zz_m^j<??a*nNX3Fp&YY@e*{CMvx^Ab!yCXysY1rNhOJ27^F<r>zUvGQ-HBTl^TMR%
zY(AW+yz)vBX}!+fqUpjh8zrhuY@$t^4~rrnG|LneG&`)v9E#2(YtOu+B0}hSl2xcR
zTUAq17{K{jxeB~g&iC`#{-F+!sLFFf8KxB*oB74eh?!kW?V||n8sZf0lhr&CNuf-p
z+gJ&?L$`TXQO{X^floVDjeH1}NQz8AQIuM&D(3DbA5~2ris2n%ov3hh2tY8gjiG8b
z!p;1Osk+}JiQj7>Ct(&(btX^WYcT4sI?1uMz$eUVxIy+9=Ky~}CjZ+vKsqLtBWwK%
ztDl0-$Qzk*g5><H>s&cuzkC>YF5)MxR5i63FBqt>PT8n-XA$W$G<5m03hR0F4FHlR
z`sl+@hJD0jdP}cj(zn2Putr~=_)2mE?}`l;^t78kF+xUep=P%3e0=27+z`LkOsq%X
z?v}R)`0?GNJD*9v>#91rN8UHWRm?1fETbkC*yUK<NKCH85hIram6m=l2DcYxM*G{Q
zT~gH8>!Vr+zg$o0sj?^Q2^4>8u;r!UdKVxo<WW9*C=H91R+G`?%qr8&BVtx>rPkRC
z*(Y1FbV@Apce%W}&;IRpyb+r-mA?q3oXVE~39!oU@;r9DYz6O3lfejnve#7i@e?w%
z>*<#S=TfU`hZ858QnMu)zk5+1MCj^o&xgM-A%3`dcS_#D!qh^d>vuvd{C&?WbhGXk
zrZur5t1K-_;_Mao!yRkD>v<}vaCma2HgRb(1TrisU9GK&ya605cFFu=yFh|K-%_(>
zD^UBnUER4)lq)?Zceduq61)53cmly++4m0gRoX=x1*RnV59WuoFSUkBR^C?<A?*+{
zvhKMKrqiEFJY5JQz0V6=Ou61#u!RD=xXgU{RZAZ++q5>$eU=Um+GLTI7u{rgm|ZBA
zSk2}sx0)b%%aj$eBCFN;vQGgHQK^HpK_GMu$8SPH_@0V&T!qRDf5tGFZ(k0{m43tI
zv&k!-br&k{5u!kq{GrlC1$rlXe~0P9#6jqz<|pH}Hn?-%&+tEtb3b^SyY7kNMy^)w
zG1qWr!4tJmT><vhwe3xHDLhPv2b(nV4$YU3`dRB#3Gc<HD35S`5Kmi&#&39}Qm`fp
zA9`nI{x`}04k%N<&KxSoniI94(tRAE*p=aX{+sb4(v81%vE(q%xCn}u-x#C%A~ii8
zb~leV@8QNpavD~MKTX&TVCxo*!kxI{0E>ReQMb(ok`*G=`M5c={azj))eKqa%^Y%g
zheK&s1fIOh(tA`9lKQO!IBkEsihXuX{lgR?(Vg{J5Ns?)e*M{<K7+b5d&Ureo3hU5
zO{z^^BfOk?FKt=$2`$m0PBROzc6<ZatWr3G_<`8)6*QtU!N1yNMc^%uZM9^kCj7L-
zoRMP#dXI{3ZMEo$d3t=m_qQSPTyn?u>coV=y{o5Xiw^1Z)jv$BmWtc>X1sq{c4<0i
z;=dnJ1b6K0o01Cn$XRW_9vLTL^dK3|y^y7dfO8P(56g+V?+14Iyr$`*8ux<Oa*Ve^
zxA!N;lxM%xxHH&ByL6(#LrEWwFr^v+z}FP#V0FW8+8UwN?EKMqKeF4Bu{BK|_UGs5
z`<|rxt4csaR*YMRBOVyCKOVAOs(XktF@*s@P-3)f9y!$Vo9TW-sGe(;8$hif7ZWCb
zl`@Ks9dqqP;GU=##&pW_`=H||uwQ%<)quVxH|A$aAi>yA>R#sVLu+05MVA$|^KaR{
z`Qy_OV${iuOAN|<e6cy-<(WP#<N-_Al3|sRBNdfT^3V40Hc{k7m$eq+?e80)8>B}%
z$rEZ9Bi{t7tnHrKh9b-4ZDM-CDwAlaiADb6<utw`jgE+yyS5@|gmpT1EC$8}KS;Fr
z0=KKpHAPx=8!p@ck*GzYtl#^Fv!;e01-hN|99g2nXlk-({hyUQG>CfU<ZrlHTt03F
z8|}-X_p9%0qicj;ga`&|y?}4ODM2P2xfs$4Za{S2*mRSz6HpCDMUEta`JZU9u(D#*
z@$RLPyB_?Ip+bPg$f0g}p@_Ti(fKomf>{RR#KY#^RIkOJYL*;+|Lm9Lsh62bc67b?
z?sa*uzBZ1I(DVo~1U^B=fAaI(Ag+YXT?uh!5krdlJ~>v;-5+`Z5pMYD0)<WW_ub`E
zOu(Q#RkOGq&6l6-w&<o%4WEgxSlyFicMaq!^vgG|YeIm8hQ3bq$#jJD-qrbHr^Us?
zMqbY%;`r{1k6l9=EeDnk#6}aC1e@U(F*0hfRX{6{uc)tb-V_<Ss2{bg;`^!Z)z>HI
zUmx`+(H$1VNJ^+{ycD4B9pS(Z5dUNHkFIltyoI9A+X>rY43nvcwQ9C42rTi1tj?hq
z8JtHeV9&a)r&HNFR|=1Bq|x;ZjpzeM_Xm!i+3@2-p~{>HsBfG#+@@(eC)ZC%6`>L*
z#+POIKrlC9dv+AkAH(O)I6OcuS^?BQ5qZ0LV7ONKB1<g5eD4%Yv}BoTF=NW|gzxjY
z5o@mh7`?6ZxuUuab_7$)vZG#6wYvLOTEo8?oE~7HQ$G11x|FTtGHewuCylrbK?JD6
z<Cx?TJCR<|SHj*Usqn;b3bO|2p<rHo;PfT-VnG07V<*ppU)3?JX_e1AI4fUdM9Rqp
z>Q4lc+96cBe5buZd_Vs{#q~Ww!PzH`F(ccJCo-kFcVaHw+?*z52*+8e3EH_FT=7~#
z+9lSNxEW@~K%GDXcUU66pGlymZ>itsAF7k4mj)UPW)62J1l;Otk{6oGY}D6mZGsLY
z7al%dEB6spa{jv0SsBM9f=otGE)M0+JGR})=uB_QtPeOA-(NwlEH4hW^WU}bHT$|V
zjEP%z+x&A%OblgSUZO);zW|aCr7~~>xy2?2e&7m2QS7ZSA-O(XQBI%HOurNel#!A4
z_Dc3A@+3*#Y{ptz#MARznj3wpzvb^qiMBg0+pA}z&W2vCh$1tnOM`5Sj2-E1yXm>+
z(+O0C%8xc3A)}zUKXii1{wY0CZkctGbC#EqXW>`s#q%J9N@UAo<*h(H3lhC4mot!o
zNF8yi`)btLy~M)m@fc6$V+m5RgZ-}(?;?Fn*}maO1$^`@YNA_ni#!>+R6}DwtY$xi
z9jWOJD&D(Xe{_Nu&Xltj_}06-8HglS8}C&`KjhVZM|r)^aG}SL(U3gx;|9Qx!P!V;
z+()5T3%e%h8DHL;fm&u-f8IrybAlO!%J!+f6Ry9u{0HoGipY9f4o5h|(~@~z_}E5|
z+HI|<g+j#KBB3h1R@EkciCyU^rWseRvA|zDW)7yfT+wY~ZD#Leia!yuljEMWJr!nc
z&1*fdsxfL!xB;}0_s<!P9#7o>F!t5!#El@MUNgDAM2W*X-<egr?>9h(J-Ar!|4zE4
z%!T1=^~lFNzm2!c+wH*W#R4>ocr>^0)c#U}?vgo*8C{QNxA(OV+yM3rzb;dM-2j!z
zmXp7K8PCkNVVOIjc&BBa+Hd&R%%2hYY?wuV{GyUFy$S!l2k`iC4;MaO`%1;N$*VG~
zmzDOm$krJ&l0;*Bs9|U#82O^1sTL9Z#<p0a!qId>p}^1TfL>kA#%5{tg<1Ob>AKxd
z4iif9WX2pG!lfe#y{$v5^H&fZc+T5Ekv5JAp{Jd*^=Qv7-(_B)_r6%LR3YLh$_^We
z9ll=7cvj@T;QNYae=hax<?w_&T1cQab`U7jPUf;zTRTy6&8aK}GR?Cm3>iwCABcaa
zVsLKJ4(IJIEsi64>)BSvP!jagZSD$ds=QW%Pdbs2eT977yIiGPN-IgUy#C&bMeK*N
zdP_(04hBoD@!V+Iz&BZ;CyiINH1g@6c0%RIz)lA5HRl|ps@y!fXSE7r=#&l~*t)Ld
z?7z-G&JjY%wC#+%L{%RLwiNL#X&JR=c3f#(r@6}A-Irrw>+?xBb*(S!S%0i1O6DHm
zQrzdr_(j)yNAOZbHO(fZuQA_|jr{YMMfJiaD*6wtB*9VYtP1x_`zdj3Ek2ty0+2U{
zkh8Mk?~yS3t59#NOM)eI`&h|D1HpPuk>XDUVe+H==lxT4l6drOHXI&=HA>AsuKmDj
z3Ot3X19B8MzyLqo?K<|iFAAdakkJBSl}2ql&!(2|P^i<tZ;*P*az+W&G>O<rGVeqY
zB%?c7MXDB+p{llws0vo*S2Vj{F*=@xs<PYABW{3Y(A!99{M322{WOu&-HVyOZWj$x
z=HCEyqUiESSVR62)xKeHSaJi1T=qbU<;)>^a$nKL2R0J*MR`f<FAJ8wRC}PWhS{9m
zVc;<w6vCNWMVVKdLh-@q=@(>Bt`qgi3NpjEF2FfnL60H8z85JlR>goApMO`y7%@IY
zzuz&D;##X@cdGH#s#N+_O(DZ~v-bW!z|P+-o}^H8@er)Ay+e4;(rjr2HT?X%nc0>Q
zG`{4i;15nsy%a@R!6hWCG%kD(JXu0Th!x7T?)?FCOP^eS2qY;$su;s<+e$0M(refH
zWr*C_M)A^KvR>NFlSYM5fJGzeER};fEFH_PF3sut;>SNl#lSZx#;Hm%#uuYjvo+-}
zep*F#r~l4M{o;R4le|~uxY|hm81W8VSYRwmDG15Da|3wsd_Sj=o^uU@vvr`DC~80D
zmyO7-B!dOZOXlWmLtbuzrrX=wiq)A=BfI`i;1wwV+*!mC@1Byw^i$LuJJTi^EpaAr
zD@97Jc2IoPB=xR(`-EDFQwA?_ftg>yl4k49=Fao)$6%%wIDh;Q(rs^5j{u8e%I{i{
zSH@aT-i1z?_LX=gqnthY%3>_kW#T^HNyUAXCV9#%T^j>O4Wsa5RcppK5jauX7WcIi
zwI*HZ*Rh}-cUv`v99eC`L4U%kzN&ZP2CrZz-5(BQ^TkDlLgkpoYh9$fedSnYy@Onb
z%-(m?(5GE}p{qRF{1QO2$`9(YJ4L&~3|LjaaTk54gAKG|ZLfs?lB4kR(2kH}LF&vl
zWt^)-t<T(TdZ)&`pzF<JpAHJtxnP@aKg@g@LL>b}&HVcXv3;<$Q8x;A?8;(oF$dF`
z6;^Zk-m6}S@{?pfw|*b*gUhdMpPRny4id31_>%khO7by>WHZI;*CIgbs`VUlXXsYj
zXE75ojbAQrX9=5vrr*A5>LPUKSED*OD5byqlXzPoecAl@MdM1RRq$vw!IX^9C!~6i
zhAB1FDvS#*O3shK(~QfTqci^HcR%s#W5s8j8n(DBm{}{ZKl{B$t)t;=k6m_AZK+16
z!Lan5RP8>1;e-46O*FW9XkeZV+|f_cR0Wc5t9_%y7!Tx&PmK69CBK!P4|;mzp-z>~
zOG)f-X#>bixAspz{1#vB|ItyoyxMGUZPBOm7pCY}QBpDj$LvF~Bkby(eI>eb=$Cpv
zuR2lB97<fVHGS=(YDs)ml0gmWBNW;W=cA0~Q#G(5%w-&5&ggXu`<+(f+vMBhhGSti
z_%R>K=rcXuv8#yFL5U#&F;rxOY(IjajTOWg_NzRPLV`u;d!jI>`LFyp7;4-Oj){@M
zCw!&R%s9^9cY6d_Mpv?56iWit&sA?<bdub%x{`s*w#8RCxjUI29!{@RmalY%vo=h*
z?gYd}#B1}B`r|7XCDXIWa%0w@51gcSEc1zmjO`8Z0)-AB1rs_L@EmmP3Ip*EtR~w}
zp;Ey9E<{_GM&eco9lx$7gOaE->w_*n!cbXUQFOoxGaApl0pPJno0CB4Pv9Cm2r~(?
z%s8oRq`Tw=2istf_m5wp?SW3B@O55|CWAH-EEs)WU}C0@l7>GagfHd^CumbRR`tJq
zb74Z47Wt@5VGSDGnR3Z@q<F4_GPq#MLg$3`2yoY8QXWn&4=+4>E#Kd^DFlHic|+bQ
zNrBzxP{G9KTv^Wx<`>oCTqCd)6N{;I3vs1;c>-f};=EOxO)38ay9DOh5*!xj@{QuB
zO8E#QaEjR)3MQO}>D%Idmaby>g*|?eO`k%fqK$dsGwb<oCj|7iSx~IZeMyS5;`Gy!
zx}1?GVEkYi`s?i1^$r%iIud?n$zv-ve&zqBxf7RI5>q$or|u9MK*<4P?w=d9XCO!p
zKt^yZuN^5IlLH}9S%h$@*n!MHj}Zz7&Y;k`NiCct>TLU@MT4E*4ytnOa>ykz`T+Gq
zZj4O(RdY0Bk63uQm3rGj0GAIch#-O56U7;I>i0Zmg*_B^=D~(eRLni9hu;7ns=b1|
zvV_wVL&d#6T9!W`@pc7@?&`smAQM`~iB`Nt9NDL)``b-C^R>Rcul58AL_(TXA&@3j
zwa1I&E%LcYpQU*u`1s2ti*-Yf{mZ0}at&w*(BUtC|3_US4dj`ID`f2!4LkAE^*(eH
zNe9lg7vBJTqNzY2*A0+jvbK6jb9#KunGhn?1X<&tg(Rtma$*by8vprnL+Fy`jQN@~
zC4>ac-J)HR;g3tA-+jUO7>-ejI0s}%%>u-&a4j!e3n(3m%8d}tNHN0yEUPAi?<jr{
z0eQ`q-hd|exjoN=y!L4ye1GpOwmbUixiWM4%P-Sb8n5?$L3!^7$v>(>*26YXrE0UA
zO!=DL*9^By_p6WE5SMuV#M-fKq)XKMvUanwTjNJDDE_E#!JLVor}o@halYi7j@O&!
zAtyV7S(7^QkTIP{-j`$SKX!yJ$8+8VvwqFuO+|6M;Ly@tW-!S7OSkkl0r5|tkd_}^
zVNp8TChJn#W+nhk+Ym>-FLNJn06dz=J{$`)X8`As@2x&RZO;taO@st%(nIVuh5t5s
zsguzK4a>1Yq<;aw>2z4~#__Ex0*|+AenlGWXS)FVCB9RwL`}vD(*#M$J_t`n2B5;4
zd{Nk3$O(w97Au5A%LZ+9CV2rCMjCCNjOm5WuhwkJp7Q1N(-%*@J&k?h<eolUYxu7S
z_}6)&Iu<$*-R)ioKcF6mgiNXy-#_Do#-{f>N>pi}$lD3Pv4KKx%?8{sI4GJ=gp6wo
zK(w_h(Pj(^&acin31`+^&IwxMV1G<Dx8Enyh)vkl6l;8u6#6e^!XGF8qx_@j$(C(P
z_-%pNsfM}q&BxN}d*R307x$|utw%Dj$VI69mOM|gKkHMNPm3R3dr1_jiH)$uyjQAg
zZ_rqN?O0pdEu9{u@V1a)M)X^P;0@qz*pv!38sz7lNN6pnC@R*;J}6*8pBSEfdgY8#
zmc*x%<wt2+Mk8^;Pv=7Yah9IyxzERo*YP_-M`LB!A48R{7J5S8G(VZ*5`=+!afj)K
zeM%lf-<X9=Gbf9TyzQ5Ri!&eHUsZmc5!s^n$uCDE)@Y*8E_y&&jj|wFwTOtJWXt5C
zHWnxxW=?gN*JCSr=)nW&`|7z#f1TPt5B$%L548=(SJkB6iNOwC%4*?VVBb+ZrI{#^
zt+5fLZE}9SWcgAAbv`(#+r;OPxWpkvhugvLp}?U4cy8PPt-<FN_48gDMWZM>CjIRn
za*i(JpoI!(=h%KqQioOqX`rZr2N^S#_#laTs%YcjV9R+t?wX|JSzz)cW{<^0U_8X@
z+29;o@iSc6D4bfR?*w@StlAI^Ju%3Ut|}O_p*SI^k0-i|$+MKgisj`xT-IPKw-)x4
zmvXZ<>cdlM5&#*BI?@;=-v3$KGm~8+Dj^g<x!Cxux$4SEzeKioativR(*WX{y1X!d
zp?zkx=>z-RXi2^ttYU3Z^tTUUgl|}p4Zz%pmz>gPez^NsN(ZQ#CsoQ+kUha9>(?=+
zX3Gn8HWj@t`(@cP87WidZ#;G=D9E5UQ&sBZk+`z5oYxY6kYC`q8y(J+IUpA)mX@C<
zb!=;!$ARjbkl&@UzX5`2u6Q7F`eqOk{TQ^7fwuml1P+3?OLCJ7oT@N4R~A_FG3Op&
zl5>5&$8yQ!_|w8;NMCx{)HHuOkZ9c=VIOgL<{ax?-)xk!a6%<%e8lRJf-O6hHkiGy
z<bPIj$<t7tAeFS47XQ0H<Uig&+7+FRcGSm@&y=G2Umg}V;L69opzhm<DOQ1k>au-Q
z!xJ)3J8w(M2o#$4v8lV3vo)m{UQVj<{z_y6YlesWmY`?6j^YV>S5M}O+5gT4+_%68
zXz2Wv>dck=tp^F0>UGl`m`D6WeBD-+D_(OXjI31IoDzj}Z3(NDXZxDoemwqjXV5jt
zzYpPm6belLPnE*|Tqsnp8hpe2r#XNc!eaRV#Kh^#CYo%!>nCjlm#gv*a4GuXQ)%mW
z?!l`*CQq(Rmli_YoP@|Ka}Nup_wl`B#n<#eK5-RG0LAC$3afb^edyibrEyI@{^ElI
z*7>X*Cc9ozVO>Oh^i+vnSy&az6vyD;+g~QGi)%QM(CgYPu&0fC_RObsvLYeB*!&w8
zcvAMH+{H=eowZW5ssFn}T{h9T)sQe1>D@cWAC-sBo#Dft0xPu}ZZtnGbU<4bN6(Vw
zMVXnI-@zY=u1IlIDF;6}`*pRf*c5tTg?t$Q-nAeXfmSG>2>q-(+V~;8zqJZW#j67|
zoJ*HRL|=M?QqOrA%9JH&iS-!Y%QVa<aoTF}NQ#$niBBi|F8FsCAPC040g_L^ODymZ
zoyD&AAP<eCz^w(VgKOBKpbO_fpv8J@BH^yYxRaDo1Xn}7i_~|A4=oJFj|5Fv14Wd7
zeifYVggqq9O_nJPke{#bnE9=bVr)im#kig7Pb{iTh|V96KN}Z#QZ-oWxYe83$b>7?
z$mwW-rT)3Y1Fyf1Sl`i69@C3~$fK*rv?xYKvBG)A6zqOIwEy~T9m=Jv&)U<LQt(UH
z9cO$c|NGeSq{q_H>~-7uQ<7TFoy^sJY2L+F$iD91OEV|PW>W-5TQt>@W)c4^jW3a#
zdm`V+N|k#2)~{@xB-c5!?Gl|MeAyAQOEEujX+BN*+3sx4`tjbZPma)vOse5qtEMp>
z)DMVeo>K|Z=J85~=aF;ce=EL~!%D3Gdf7w)qHSXU@>n9Zm75!#kuTDF5#LSM2kqW0
z-2nAp(6l(5#VJjV!)09E#X;#hdA-z?zr_^7y(>n5mAWx0ENYeWvuFgTC3xosAf}03
zzCFq)#Oyd$aB*U%J?Wo+5&ZnfKXN|MO@gFscjm`ZU(o<tFm@pjtQ<RO!Mu6{07Ar_
z%=qAl{|#_=lx#m^@O9Un&>5jmck#Oe?$gT_woztm{E8H-Q?ASTwD;Sfp=Odlw>I3L
ztczA@v;qfw9m&Pzqv5hYA_Sm80*!_n;0q0E34e&}it5L2GBYH2fBHwr=D(@aEjfO0
zfFF^8h7uA{5VeOmogkXoCAuL%Q@dJdYS&>GvlNmPL=B;27q|S6!;hK5B#z+e4JP%g
zvAaCTLHsO0&|F=EeaF8m(VXt-_s>HO2hGqG=9x1A8;dNBPWra6bH`y_qDN*bmwF_>
zoSEl$GH`>KtzQ=xOuwCufBo>U{0}*1=LaK@^)~>E1s|%5dUfDO5dlJ8@ijBWsbtK)
z_`lc8eJi^%!1L2yJ<ZH(*_BcmZVUc$dMc>r_0)YC_b}AY;){ZBJMA!01eZL*p~dV5
zV3K!6^UPUX*KSvre^$8)o`I(mX{*nz`gd#IFJ`G|*0;4x2%a_;fpOCF%Qc#!ST_LX
zJBtl=@auu>UR?c?f5$C+pbu`}tBs4K^DZYb9l!GQ^t`Te7r$oy2Hmc7s|{WAKQ~P2
zX-+T-hV?$|uXt(I+e((ewr&}T<~oQ3;6G5|qcQDB$18&yU~qry9tqOXEz;^#FcAHJ
zm-c!kMC2JQmprVn4PE6oBGBL;k$g=1FN=pbSEBV@mA`4^(Bl-aqCa2o6+<ShctFBc
zir@)(5>EJbDZZcYdXgi*y^a-3JBCU@IJ?XX4qR~Es(4>BTcU$ZHtYIX_&w~?Qtwx+
z^zSsf>@Ex;I%JK;x1a9gV);_-4*B@Vj^ID~_bykjG5_N6Wj;p_ZY;hrS(guO1s^$s
zB-^iBU)_20M+5w)9{uM~)*mSV_}1_JdPW$EadDTLi9N$8V8n^$lBgo>qm@(j@ZHCb
z+8OqQ6}KYIQ-JN3-@>l=%gNiFf*Oj}9oZ7__HITzG#kPA^l(N%wC-SpFiDMaTvClS
zoyWi?M(LS?iovtjF?G=K_#zrRHoqTTe3hdx@78Qht(gF4M_A0DKbE!(=%GfvqtE-<
zkV`sx0T)OzQQ$v(Rb4x>|A^;@X>S(nkp2d+nh}&6eg4Tz!{1xH7Zju&Yp$EdPN1X+
z!IKRat<2>JA~x&Dp_O6YSez?sk+xkQ-|0AiS0ToX<Mi9Rv@b+~hQ@Hb+XI)yb>M&q
zEiLBhDId83sQfA)p#{vKeAJbiFGp>7a~FlE&xtnM0Dmc^Zh<bJ8e2;WD=%xh-7|oF
zLj5<Zp36LaZUjceD`kJ$f?Jz^bxr8~#t{xe-0z_G?W#pqd6wIER(|R!ExZz+)M%T~
zH%d^7ChcELn+nG_%T6<|IA`W-=P~MNr@kWEXnk?qwZOPi0^TmSb*=Yw{M{BARIuz%
z*z>rQXj53aufh6tXzm(C3b(tnj=Qs=S3R^gE&MP%d?4rhRH2{CRkJ_4#Snw4Z&QhJ
z@6<~gUcAmw;}C=J7qY%q6EgRU7_BT?H8hl<1fG06Y{O847_o0yR}-qS$g#8zz5|zk
zkq*EC*$oKPhV%cw%as_`SFhf9RbCRBfm{_Igu1VZb_2D?w)u+Z{t7&N`x56+!yM1g
zRzq8+^PLwI12uL1;~K)>us#5On4%%;EsTgESbf4710&a?sWW5OS~F|^B9+g(^br~7
z$VU-EFF`k!D6LyxthdsC`R|Qzu%DBs*qc@USWpQ+HCrWfz9_LTavZDenL5HF>&@qg
z0<vYp#Scpvd_;NP^dnc-i^AHN_USE?*LlP;h0fkp*ndTX*#y^yj%@Y9cpnNsh<yE=
zxsLS(bBDIXL&IG>=@>UqA5N0UQ5V*k&0_Y;^^l9REgrjN{7VeaFnJ_#Nbepu_jubK
zQjh%G;q2#FlXE|KBmNZ$b6y&O-z9oMYUa*t!D_fN1pcE(j&ItvX29E%DQ@94zxeoI
zm9Vw1_ie2mb6!_5Vnd%QfyGDKBv&p-+e!yH=Gj7oYgRtk`D8+|$i$gO*JOFf{mv(z
zXJpd1CfGms4>q?w?~ozq;lx*aPm@E|#<aI^I2wLN!iao5Yf@e7ycjP9y69mwMJzuJ
zc!Ho_se1b>mMlc_JI_zPg^i}U&M`UJE0)<79@r{vVpK5mWLeA8A|h?AMBQnD!)?FN
z?S}?A$I8C^Arw_<Z#L=G-JLFIL~2I}Dr1=dG_fVr@^n3mt*dV4bs1D1J)fIihZyk)
zAunEWq`TXoyl~}_ANOIv%9X}KtCo>nDMf-X4wH|kpXHQgny~(#1f_p0PpTHOlf~u0
zOhs1x5ij*xoeS;D|JLLHnDK4^G>t8Rrm>~bG<JS2am62{AXxf&q4hk&-<A&JNMJKs
z?aY=1l!{5-35(f}hHl5Iq&oN#covwdVi=O~szyer=+-7Bbl+o1)U`Cg^L!dBQ{0?)
z=A@%@TPRM35q8YvAi+e7Fi6dSTFhJ3ED8*NDcdIwY?P_fL)0tBN2_3!-om4tbk-ML
z@KqiI2r+u@Lf(*2In&5sMeOuKv!={@Y>Rqa*nG&FGZxSAb93yhOz*Xwvub*&1unLq
z?K_7X6|dU7mVIrX`<G8)1MbW;<N5Fc(@dO!NpAwP(op$OmP^LbuaQgI&kAO>D3Iw#
znYAPd%is0?OdvPK_n?*3^x&h1bX+mOo*bd_C`>v_hh)hKTDZL23<i^5lJ!+%Es?xZ
zsCa38z17Ta9fdrcXFT+H_g}PqY3sS#;b$SY)xI=*L-PqPM%o*eg^KIwt?FiE>JCeC
z$?LcQLSjyBo28ky2LG?gM{a>eK^{pe-&x%aV!uYcMGssKpS}LSbrJu46Jc~K<iRni
z-))WNU)~_`zFN_;Ipf8>5wi3ZpI(VWEXv^9CR!wV1wYLVUd0c5hg1iYqu~**YvZlb
zi0!~JAMi~w8Z<OYl;1gicmwpW!i=x2C|2a76Cs2iPLMM9LA2ciW3q1{3I|RqYDahn
zIWH&7%v!#_L47}=WcI*47Y#BZ6S$Lds@dL6O`X47;InZ1O_86QmW9NV_|DsojGHe`
zG}!J`H#3!KBMAX)U)_9qvduS(S|1!$(mCUu{+?VzYfod=x#}CDIbxK!clYT`R6DSk
zaucSwTy$Rgs}}BbmIr7g^{pKS&tA%-OiY}T)$Z0aFRP{1Q!<8?l3gFTTU7NZTcO7y
ztTw$q?_D|T)nBp5livV4KfC0A38Sd2jPvJF*bp~Q4T!1dv%gIh)O3LtbxXB`3eoyS
zjC&oW%saZPF_@DawG1zYzJ6=Kbvd^V=~0&NGW~S}BxQNEVOM7E)t$pl6&TBFcqs4X
zCOjB_Rh;__z<G%6F22|-Y1USd8uA~tBzjT~t<_KXm==M{#u5Xd5zb#NME)dUXTE&o
z+XAe6s4Z~0;WGIM&4czg7(N}ce$~&#lm{(q-1v!VW*oE}_Y}(fsH*U<f&|+_<LQ?P
z0s2e5Ce^!7h(@L$<NDrqvcMh4#D^D~f1!Hi$mg(Dt?^nCYUjF9XaCYNoy7%JAi!C*
zp3<n-olP`hSlZU;^Q<6eUfM^-jP2*9j$#YKyS}x9&;C9}l>Zcf<AbcJKL#n!T$nXx
zUvf;GWyujNszosIB#GoGjy{qm>zC!tmsI$vG@l^i?yG_sgdWMB{C<ps{FqKQ(PyaK
z_)wPo+2hZ$O9K|}JzQ6+S2H;gtI1=fMTp9Vz8ocF^s^q<7E+-{XOJgTACs70aS1bb
zF=sh^)=i(N|BS8=(~C6EQ0*XjzPVq-{pdi<bpyH3Y34H{*2*Q&kqW(^BFyA|ox6wC
zNbia&+3f&h${>wll1;pVEloEuv=A++61ye&qw`u~v{Z%64RGLci)}h<<@YQ3C5tGM
zE26fn&y25y7mnc^)1T^Q;Zl`ESNGtkFh6L|X1&z+&taRb?a#J_tTcGVFj#+o4%^rC
zoa+9bw`D5W-|Jl{W}7FCza#SRT9f-9$6&}(p!+|M*#Ez}n$G}}>1U6rLHTgH`*q%t
zpVqwI%<UxQAiBswk}Apb%KK#RVXuCA9c^*6LVV5wxV8ea?sZNTH`ZCAM~mN?-T-6F
zhBv@BH&m<V4d9B#;8U!8ugFo=&x7qSAdA6LGA9A@RC^Le!t(>?v1;4WFEolxh3}pk
z%Jay5+gYgZ+MzXnJk8fIZ~%2eCE8t8dhkByolF$}(LYzIvkm!Z!o~hi6CrwAd5!xJ
z23sQ)X<PHdW23&JJ|(<oaniuBZ08Z%D%G|fG8zW2oNrdwWWTi7zt(GQ`Tl`JOs}Z*
z>(pp%ZT;8!gqazt819H^gF6^j!nn$0x-nl>3Km@t(u*Ngx9ChGjwTj<FKB2q7#bH^
zl$A-v#H4N*3Q`z7afie<iOO&Vc={H+tK__|Z7)+-$>$BRer|l3wxHeSyys#51o6P&
z&|-^veKkOqxzw;db9;m5vv<&P_NS58ecX_bB<%l?QJ1TZ4o6~e{6j{84?T8I1wQlZ
zLdpJ-+~X?V0M$m(**8FQ*OkVZ^ga3R;JAbqwia&8t~O5RY+AT{-wi<Mx3ivgnEf7R
z+;Tt2y3px&GT!qdr%HDMb@nurDn~lDPQs!GYZ|6)UG``9)V&9jXwjfFom%mT<V$y`
z!BOlwdIAQ?IScb*Vu8=T6_W;U0P6i{N892hv`jd{*m8Vk7t7YRE(Nyf{XdHP&akMq
zHO)dnKtLoX0VRl%N^%e=QON?5GYE*}AX(BD6ayKGARsx10?86fpvaPw<P4H2VgW@t
z+jIJ!>FIg8@9mk}-9LHOuD#Y?tnh{ReZQ$n$ponmA;Q5tqMp>=_5C??8INwQ=g58}
z5mpJ)<*`6AqoRynuE4zY=3hK$_lys?H6ns|q~0Vn`O*5Ey4v<ywA&?-)gHwkyO&p#
zq!4SbhI4aXR5m4X)EzYytQRE3B76^l@w1->V^TV{Io=hE1SieN4`&he3kF)>s*_3@
z{TF+xBgR#2kKTPHE+$Cz&Jf&ENb#b7GJMCTC1C5RlYkDp^{%Z|Q;P5}ND$dXlU{CG
zsTKm`lFE%qTw*2kwl=_Im2@o_6#)!06JqcE3<~OICS_&9;=3o4IU7!b7)tm7zxvnL
zmhr?o5x2KCT!+K5vr6mhO#MY_GBg^JRM$&?x;8P7@0R2ZG&mPx>UCxK&<cS~q$aBD
zn^YM{11YsZv(D;8Sq5XJOI=m>kaj@*aiUaDtY(Aepu{0=Cv7|-3cfiui0x+K$K-hU
zmw1P6;e?S!Ca%LBl4^Om8v%g8*QQ$Ch(0tT{p+w)cID6ydYH?HCqwdrZG8u7)Wz}1
zu7?LEUIG62D_+O|<Y>h1BXnbX0{UEbs6^^jp`EMo?7FD#Bu(Up9R&a3rq_@KX}QhN
z<FWB-f}XzdPF=-`>K)W`T{XJQnfgs<ne)75!vGwp?~}3q3vyiw1lU9I0tOkq!UK5i
zXu&YvTnk^`PsyhI9_H|ftmA6mACuOnx8iLAx@ul(ZsLa!H`9cRcjwSC`qXbU)CJ^p
z<@fDN?H{xuubDcNBF0Kfv3!_E1zaC@w@Udud{b!o6tw9EK5-gkd3a|fK5zUQG{+tD
zCME0=!XZoAGxqRcXb#xxYI<v8J80)7=2O$gXWh&KMX!ZQy;|bqL785|C@mnb8yZa6
z>CsZ$E?m-#F$zuApRn|bGJ4GM?(rR&XL>hj>a{e(EaE;Vo!X8hcjZn^u=yLR(|I$(
zuFv`L)s0!B3HrnRyhP%%lY)CEr)M8!%yikMYL|4+HR*RgxTk1pd`Pbn@2MkN2?$H;
zocba=56vbHPyshaK(HuW5d)z0P^LnA4W^`n&R!daEA4sIl3@vYMG|_6$<M>e+L~?!
zGLdCyF<lW^;#8Gr<MJAsw9yg$oRTscnQb374X<8S`bT5Yzw?pT;Coa|Kz9HqR(oj6
z&ual0>_eL-Q@hAi-{ZS2&-CJwG^-ltx4OEhz2qM>AuuG*l}XX;h$a~?8eS=<ZChyS
z8MC+OsDjmCN{Zj<&%f;ISDw-54={ki=(C9N=2;#y@>zR9?|@;{wmsgk6Ew#9b$iAO
zG45RN$y+?%%Hn}`R(z`Z^r0Ek@fx#z?32;QeNE60AZ3Vaq$-?|mBrgr^-=3UV|$rR
zUG^16Nlpe^{_CPYwXZ3;K#DIuZ>6Nx(|oV~Y6~)8WmxP6?X+x7rS`U$eT2z83Z$C~
z@I$RHRfY_G*NKb|Oixr1g$O7L#W`I2JX(^P@jXpT3`YmhwT7CoouDLtK|&8rNR%r^
znUv_xQW4fP4F|!xCNady*ycbTi_!??z%Znx=vLg^cVqNS(s-)O9)DWN`Yat1UGm1U
zc$4B|<+h}wGId=8$hf!QYm#kVk)@84s9cW!;MaXz+xYb9Q+&E(QJ<XfzQlZ^?Bkl3
zQdFoV9uC0iYI&Lk=u1`9(XPSfci-VC_HK+Pm@-#1p6jMZwY~HJ3TEu+$f=F6`3+Nv
z93CG@V`#$e$q7n8XeA0pVo!cSpq<Lx_nD<-WgoBv{DRQUW9$nyLYGQO>^xbhd?%Qt
z^qdGr!z<>UjYidHC+~=(iV@eyd)ZjXYg&)b8h~x={>3$30L}h0(rEaI8KzhEMti6f
zvFostWsv^0ChmENws}-{x8gH}hu3&!#8v)gX#Sb-eQxHRCtse3z~A+7Z4jm{tL)3W
zKs0b+i9!xuGE~!%aS`(LRO-z2O+r&5Lc9&DXokuUhH<RRS^(vy;DPnRH{kW5SVAZR
zHj5IFJXlK|0a`$0MxYY3OYx`vor{8t9_*I9M;dhv+pw~_v#9)qXGq7nH7yRM*NYsa
zIg&J)o4+&Opvnr(TCccv4mBa4Cw(4}Szzs*gVqcMBjQP5d{AGCMyxUoB=g|MNtxY{
zva6H6_{98NABDbfW8eh{Yc))S4>n-?ILgSB+60`6*GaY&FDb57eGl84%yZ7HjOURz
z)9OYsFQrCrJsg1>-5f+|qFPhKViVkVT>B_<PhS-G(3JhFEcibFAsG0BkV}HIgA<!y
zi+Od2oG{K$6O&VFWIupq!^k<pZ+>9|=<!o;V2skSJbP``$+^=r8$P*t#c}{*(`$?6
zT)*krqiJJt2-RyEjR%T@IutrI+TMw~=M69vQmf)JR^ew~-R}$iPk_Xo%d1RKFi}HQ
z>}PH1yAb)V?)@9ThqGKEzaS>#hw9fmSc5%Gq-NgNfoIA}w*ANLlL$v3Zp>Ef)$*m@
z$qm`|p}5gXRl77*$MOJQ_j@ZbK0E;mtXa6eIokBW+`a0&98CN%aP4O*Pf+*Sn${ru
za1}|4Jn@pO)0YP|<qVVNyg@sPqs(|Scb|@Cp|p^K)d;Vqw0EhG3tg)keVKPr{eh;u
zqmELSGcnMI)o)aq1~T^mXgJ@HcczLzS$1`jE=lw%jgfD%m39{hVdV=dRP0Of&g0@j
z>@)(10J&~*6(2$Ny}3o!w>Y+GKRL5^n%;HIB4*UBv>yq!LzD;Y*wyZt=1p=cRtJ}-
z(&?JtR0+~ioG$iNRJ-wcY|6yPOdVy6xIcORIlO=C1pUCCE=gE1m1&f(GK~ruoF_Va
zW90CIyCa40roCe7Om=;Z{{xa&j@j{-9f*K?mzQI9-1R>go{XCL&dgq<RBZyNG;5xV
zxpB8G<%5VQxJKV?V4<{$(AZn~cnM{OC-sOm$k~b0HyJ^;{T;_LVr5}4sd7(mYrl3=
zx<Ve6(pSD@dlEs}@jgJpXlmma6mmc=tV>;9OzyaDm^1n<O?lL+{iQijrD?fN9ZLNR
za@ccYfUw|ifml$|C2r=T<0FSh(5j+v{!A8&7L6}ZevOz{LVur#Uc#xigK!yL`xag9
zlEb5AXq%OwP^x%beLg!0(+nn1GF9HkBIj|BtH;L1To8@f6s?q`-0~UP0hhj7(l@)d
z88B5()pHj9xvsKa=9H#-kV$%$HFca}UZ0`|6dRfSBW2#Q*o!b|rd4I|8=RQ<B~6q9
zW^wN(V^)&taMfE*KP9_HGm>~d#WPJQP#B}K<GL6~v-fr0v!j`1ON)A5ZZfML@Tf^D
z1r&81o|e2%_>i&1nOm@Br<ds#{AXw%B<%ftHpgF^Oza{SPHIj95I{s`*fsYh3-h~p
zT?n{1X}rD+IX~9MO$>spcRnx$4vb^%(>6ajpPsTd(rpz2Jm+uD?ZM<odR5v5xa`nb
zn_vHEBP=VxmhO;mBUo`kW5CG;tUa=10lBsuaLCf0w~zb^tF8pjNDO{K<_>>B7-j0g
zotGAU4h;A*rgh`yag%@bH;lD8+hM{5DD28^+5MBd`@eew{(HOox4i-XZ<85M_ONBW
z+HiL2d+TQfwz3N{TXhQMqACflpToDG#s+X&wAm^CvG!l-wLwD+kE$EVTcB@stCP}D
z%xcrdU7XzsWqaG9lt_4E9HoG}8A$-`PqV9s43#sI8@pPgBKP0??<4i{wAwsG4Wc85
z$1bNWr>*l8uK@11Yzk0`p#qrpPC^gw&yiwEAAK1U4wq*qm<d0sQ^!ZA7NWm$xBdu$
z>>uxux3Ru$-DV}Ms#uI9mzUoq^p3gs9;J{fpH?7q%08JzLhvm{sHHdxDvURRAz7k(
zgZ1}+x$u*0=i{O;5vm5qG?sqOpJ(@WUgARxXILuy;n3rm&jSFV+wT|>o|bOBzHm`j
zx?{P5GyAQ>XW1cZZQV~ZBoy3JnikhN@3u*oM5wonU!V5&QnT@V9Y2Wbh6TnwEXUzf
zVDwt%bMxN6F^M^>jz4wqjf3kj_bP7){T1fONH;xgl0;SqMs=_xQ+`)4yQheP&X-%`
z2u&DNIrVtEv)K-p^^VllYhkD!CMNSGuHTFMwWrQ8Va(r*f`2snL<@+_SjtEL;Lhh&
z+9J3s@_QrJmy3U0WZ@t#wx@Vi0Nv$te9jO-)IY=NL&uH}k0HMK>{<XzmF)}lDcw<N
zOS*Cs;oZ@iLLWX*(m>y%i|nikOnsA>P53xpTt*;wyFsF^LU|sxXon}sr1e}#72L!A
zH5aF5ds!1&AkY%tmwE`NOydDudBVvRYE{c^2QEqIJtq3;uk-F|nv0tjuk_tr*1=MR
zx>GVWm4ciFg#1>&Tc(|m@PQ$>3h8$EP|I>)Ju50l89wbOtyG%XRaV90W?od^Eoyrb
z+E}`Zu-^Br=x-Yg<I`m18m<uAoE8rP5#NgmZG1jcrtcT%T6m09)fa(lc~1P#V^&mt
zU_9GCnr)M8XHyE&KZ4v^^SDVP7o+%15*myoac2$oA)WM0@$f3xNJ?o&jvdt>llvE&
z-NW1Aa)EF`xHDfzXBM&*a_2*~eqLs3^YjukR8O=fPV!aCs#8oT4y32m*wJ%g!IVP9
zTl*=31G-E#?3BDJMt%6Jd|#!AD@W()%})HZo-~;<GwSfN73`tTaxG7-I-uT=FV>#l
zNnG#d=l`BmEDJ}I&;yUWyd2FPIcKJOs0H{}Ur59HbL5nxbLb@MImFw#Cg`y2)^7IM
ziKVw}tQ%8}YChJrGnW_ow`>#6i5w>0X7To8^U%q;z2Y?P12r<lStp0(7wVjN8v3`7
z`mEgnH}Z|rNE|(eYtb<dQ5srl{!%98?$=@G`MB-f%8Aa76u{n%!QdJEhLb#g#5GyA
z*WzvfI&c2`?dbNd%w3GkJz%(aAp%Be`|}>Pic^Ng2=z6UwiVS5iYKTf$RQNp`xm4+
zjpER}6vK`ZO{$8D&WO(7P{J>2l@oTj+{%{9C<f+g10OIGKs3jY%j96p!gL6{9j?@t
zA$LY$E#Mu&t_(v(7K+!K$Q%z%&OIG8lpbnjGB)f~jIgZq>jnZb?JlxA_s5&%W7l&u
z-)ono_N!vk*2ZghYVXPzT&(2#$>r_pi(ESMXmw$$#}i|fbFKr|E~VX4SYCi(>gLwr
zd20W1mwQfwhpGIhTd%EdzUgGEI}xG<A%Y0s0#I4gju6=xG|iG~8O*mu=yq6KIG!hG
znjLe*eJ>VA{nY+KOXs_xT*c%=pIPH}?Im1d`zx-QFEWihDWgSZ$~<v^kXg*!Zut>3
z{@$1xP6gXz%2ZY}j8z*OTPVBuY>*hS>M6Kf!Lposw6Uz6rNDfr<5UKe0rqrVdcGnj
zHYa#^pYi;1*I(zxzX#IzHy90;yY{esLU5Os+5(4E#y|Q`?9vv1=p5*x!YDnX8T?ks
z4WKW8%ew+)dKI14I-|??$T|4P(L(*&re{0HO;s<}GlKU0`f)k|4ti3&^B0PodQ4hD
zpP$#|c<j&ZjW0h=4mF8{g1G?a5P+t^g#4X*B(v(m3>T_mbN1Gk5rq4>k`v<aK2wpS
z%n*~AB-e-JkBlnS@!GM4iun-Ida*chO(0T8&#q_n2=HvT(}Y*`B}yrwRTkF5{Altp
zOC3JIhe|#L!x1Sy-<Jf%0?JmY__f3Q{4H!B@~$vACR(D@oHG1F6iIGWZpf=~_jTbS
z=F&Qgy7^2}LGJc*^@Vz#q6;4rLJddV+4FWo|7t|(<j?P^Ok!F_>tBAn`;a`92rN~`
zxP)n6<|j?3rYRkjNJ+>YA4i;Xx=L5o9Gx<!R-8ZDJnONKTyQ2)vdyqDy}cI^Q8#`Z
zYb(7znm3qDRK0JcNa2^FCYQi*?`o<MVN@kUv83**PvuM_bZzCrBTu8T0r@BbBr@_X
z!3b?MyvG+0TWm^%=NLBTEXtay0nwskW_#5yl{MFnqv{q)5@{9S5TS<Plbdgp%$LMK
zA~!MwB*%>}ac6}zH2i`HyPsKaJMvdC3`xNj$jLEpP?jjhfVXS|4Mxnzv2%{qUy~T(
zFP`BC+Z#}7-+TXn<PLn9oSekb$kw1yx9%0qwsZN&8RK*x$o17|hf`mnmkaMHtd_w0
zfFE|qL3(y|NtEMHoFH7GiTTR4!lp0#k?^QwG5CvgJ_FFPA+?_)UKjHcG=1#ku=Z&u
zZrj?Xp>?BMM$^Buzwwp$=LC|E$wk%-($hwIM@C|6_9@!vINK7F@kBG+^&aOlvQ1VD
zC{{970v!30gHj<}pyLUA6RtSTgW|zi^K(G3eE`J}pOa<7r|H>#;u)%$z9FLi!h%!T
zlXm}2KN+RBt-U(7-6~EmW*TY7530UzSaSDC)kE3s8r@?5^1J%|9QX8E1MZG9wV#oJ
zM&w&R8#cuRln*<vo{)Uv1kKPr0n>-Xi+4xAbxnQ2j^Oo|wxu!p@$p%qf%Auf?jIt4
zG`vi2W?y%BO`eMT5uc!D;Zr8~O)?RF{{bPWLLnJYx{!FJ%6&Eqil=t11})C&#N5@0
z`paWaX2NZ2VWIoNSy;uhEcPd0>clbc!X@$-M3x2}i+s=e*q0KMC{-pWNS_=2Tz<ZY
z^bLlwR!+%K`6r-MRVbwXPWY)(O{Kjii1?CAoL~F-_Ug)6IC(kZ=Oi{s_;`3@ce8Yr
z3(Jm<tSz!Dgl(ex4|-X(O}L;~;`del3Dc~55eBfc^G0R!i*aN!>jzT2tPK}{3J&__
zX{X>5l;_be`sIfzPXrCt_vCJE-jr>)Fe<=qDtp_J3!5xZr!AepxnttDYK>yxj=3DX
ze?hYUG2R&sfTsc`C!(Z(K`wkjJ(zUH)pjuGtqqDcW5e(KjvD2E8-^`2fdM3Ab})${
z=Vt|7=on-{HQhEq;QwLP+~`N8L2Txz{m2V3<fe5^Rh6R_I_ElXGkJ;(G{zM3g1f&c
zSw>Snw#dHnz{N*rIDcJ9)%~`HrmnSg0ro1eS2+oNTiH)$&o~|o^&@*G+(@E3m=o-@
zU5w3N@}^g(j_P6hV8I*nxTj9|+2uQIqpwVAdFFgSHX9gaJkq>K#!?jd@s0=3n%T>+
zMN26Kh=ePco?DO^nkcGJ7x>)XKjz3Ecu3`7PGcdba}|<XMyW&dI6lcJr=DaYk43Ws
z_#lJl?W}FjzR*vNNo#HyfAqdpD3aWy4X<G+gV($|Iy*#O9r``t`Ik>C>LSNqdnrme
z>(q@lr<sM12O3}PskC@SZSF}Q7k^xYQrR?d*OEw5F^?r&q#b(?lvAyU9h)@mO?}#h
zlh&G)7bzKaiJZ(~J37NcBPWU$j#ks`fn3vBdpB9z+|48hvvtLYqCz{-v$y5%9+Q^0
zy|g9%7#p6>+}uZ$^C8L0)GVlGGrutj3WkgE-7$GzMx<ny`suvkn!`swM3x&z`L}z7
zzf5)EyPQ64y+MJZwB}G?6cU*J-XWn@F~Jd6ETgt{7=rrp=b3Sdj0-1!@(ZrkL@NTK
z%>Rwu^>@rJ+?V|bxOuuDJm!)BfJRdKT}x<rY6oi9Q7qEzsgA5m_pZKk#QqjG;{R3|
zcKob#V#RID*NutNOR^_CFOAN*s6W{r)>)^w7G9rKK0r2QV`y*ILFy$xL?!ufWywI4
ztXcoH@|rluB?WUc2DRysnaCGL^$8oOzYOUs;0|H;1*HkZlzu_%#$Tv|e-Z<4z}%Vu
zsIZCWgL|)IrvK_+GRvUN^bd>P6qnW8+Ag&<Nf`)-Gal%;B>BHdx3&8E$%#ye!{&SZ
zPp|G)hR2kODHBpg9m;0Y7r;EdCF_pn!3DV-#%Qlb7NeKmn`b+&=aX7cFwJz~Y=nGv
zGTC+jVOjKoTynWoc!!vg8`Q8Uj4YI@r~pA4!tl!_0zkjaMV6HR66~EBkw_%H-~D0X
zUIkQ?iEXu^V@Y<&*if$r;Oszyata@^45EKFzb`JW@AI-iL*CaO!;?4y4|A#!Pou*P
zorQQO%&#Q0ZZnQ+4$ItXuZu4n&H@E8861126s}(jspz@sBDV4%=;;G-c75{%-s#!0
zTO(tl8-Oh)?Kq(fz)PdRite=+lx*n9P?n?JuQwJ+8XC+@a|k4VTHq5sy0WMnB4VN2
z=Rr!(|3cil-?pA-Y6pj;s7o@T@w;{YP>J>ZkuwG6O&bdZdNt1Bm^R5DyfmV+PbA|;
z+G&Pa+Km!Z@1A`6($8H$De#g$JX~U6RPJ_K+Eb^KFWgBcn?KElU^cc=8cX4XEsWN0
zMNF>FV+z+=Wp0*_BNmO4ZK)n7Xg(q_>gRYuv@he*mt#<UM5eTG`fPdTu&xFXs9j%$
zEMgfnZqJ5)slEG;30ly>w=<Z4Fft*WY<1dE3+w`4uU!*&!=GYHWzi~WKmoR7#)8pW
zSWUQAx;UeOxK;Pn=)QhNb^Pk$#zG(u>Gg-DyhAj)j?qP;G!gfR>4=oGDwSemy{MX5
zuS;>Fsg%?7_u_L;o*EiAri{2v_S(L*bqO@cNF^TReD|OjQ8lW@pmt9d$aG&(os?y`
z>)<Xzz+j1*Wb#gFV1xpTF7YG<RW<QgBL-6QlO^XlO@Yto&z4CgdOf`ZdU|CAnnHwz
z=>B(7FfXsX4ZZ!)9zKz(R|v%R?XSsOA?Ku_Hx$4Bf`~C`({iO3K8>w1eOt@ntQ~8G
z(L<fFhWiO+V>(*J<{X9qk)AsuOeAS{mktoC5712=cnRF!7GASUy|&AtBNp#*=NQ&|
z>=nSjcN7_NxQjot!J=DHG+|;#tGi9L=*^c(^Qk!5(@E<kc~|{QvM3_b2kFzsbvNr8
zgZFkr{iGM$NA+6I-cN#xQyzCKL&qp2dA(i|2+EV(A+PZ!NZ_e=1=hH~QN9T-9idXU
z7%MH-|LOVBH=hBeX*@LvjdtYNUR4)-#M<+}YbSgHYbPj4*aX(oPZFX4V(+Y{3919m
zQ2y+9Cr^hbHF9S-YrmF9v)9R`WKoEAvG#OYFbwHv8s5D$Qqax4+k>Wz@nsf~eL%#{
z209HZSS_u2@~c?2c+mBk6&Mbf$TPJCK^Pq2)ME!63z?}5+V4Ybrg^eIJmR@?Gl-`G
zG=!qxB0=m^4Lz8`eccE=qWT7kPw2gF(6Qdr0x?p@z48aH@Vstj0`Lq{r~tFpg1{Ap
z5Uj~U+GQI(ncL`qdh2XkPy57@k{qJfsh7g`zjxqiTYZXxa0EVJQ7JU`)4(ic&#Kso
z0Pk5KF%vUZ9`??Z_T1E;3D_ka$TonXPo6bWseZ<_HmaxKF{*r^(hKV4I3Nz^$k&rR
z(q9rFKHq!HA|D;Z4H5hff-E<b0Iq`DO@hg;K@P{yizfwSxV-6bv@noew?Ky*!S#XF
z9dhFeUf~o{K)|)$@rkeKjv4aUKe4~3UR=C+_VdN(+D3rJf|JF{ve%t;B4Da@^4$Bi
z_mEMb^CG6<ktGReAfVTBQBYGpJ|cLmQWZ~)fj~=LZhykdN&QqSdv~CwUlqWAm}Bkx
z$qXMyYFB~b=}5|nuV0KLn(?k^)3Re>s*Ru6+O6#6o;=DcuZfv_fH-#JnJ%k|y)<C_
zX_{Y+yUMDUddSo8v>wERlh05Q*_<&MmTpZg!f5REaFS?il%o)iN-*i!&=E6JD_~w(
zWzU4HL>)|Zxe3kC+Bjr6B`U;!&u8Z~%&}mn&Y)i}*=<UxygTeT)2JB0;zxm=sX=X9
zx8tPI!g^l1siL4M8Zx^|CMA0%hdT8}sM=jpQ@?P>8%{e{j-w-ET-7c{Hgw-tJPlfR
z#wIO>v5L$A11B5HqHyLi?tcv9QgN%!9iJuug8l^wX&_iEf(4~99zm<^#FF9g!X{Qc
zJFqYcKOEDv@DCnjsx(JLj2kVhqeNuFQ2PD?O&(r3G2PgLl7iAk8e-Qjm9iciFJiZ>
ziO%$(TiPDd8YAYhXV+y3r}bLRSNfHqJv;Uu`#vnwquD*9Ww+ojgBgKq!8nj2F_F2#
z$D0)-&x{|jQho98wfcEWz3bz(@B)!a3;2=K@p-~xm_W&hCEe)shW$oA@0uU*$9~#F
zti5Tl%)O{kYXJBDAKQujN{F|WCd=I{my(!Uq{Zn$pu+3@J;F$=&ODUH085P-FYvF>
zXqZl=LR+?%0go2-HB{(tU%e!k-~Kuw%>0FpAPPdMaGkIMjDyfr@jaYUE=zt||AOLS
zeZ*kA<-i^0E)K~37#>nJHhM!%gqGEX!K=oEMECXX;#l^2iCjl7O_&XG^maK}_v9qa
zC4rwq6tz>+&wRZ~<BG!D7FmUJ=aKQE!=sbi7d<^7HS%FFw_TSRhyjn9+d3~jBe$Ew
zP=Ov%v41W*E}&-@8k4qP`W05OgZwF71k8grh+(8Hn4C>3KX3hKGy(tgH~!~d2>h3Q
z**`W8;O|f4)5+sc0mJ46y?*(`_A2Gsiqf<X#CUu^M>-wlNO=m8o-T-qV9TqUBF5Fn
zHaioaW@#7{y(-<8G!fIN9xXN>arp5m&!p9*_3}Ug^M{*3_pjS;-usc{T_;egVtoM^
zjXGfaxpO2mli$|J6;A)A<q7#IEt-*IU=JJ7u#l=EJ}#x<Ore?C*(YU>u97dluz)NF
z?tlu8E7p3LWOU~zEcaPn>l|J!;klEI6vEBu!*OMhY%-C)^~nJ=RrZuUbS3_^G;6cW
z<-PZ<;RI45^N6ctP<161&j`Wq2f&jxsBpOil(+bmEpy_JeI;Q$BpBy*rHiMNVT@M@
znp6qDtzZjt&q*DC#}g><vAD`#(aRO+JiXy*riI6)8Eaf1?LOMklw!GFJyy0cfRZoQ
zfL9`67+9h-Vg|9r<7WNx1{%hV{_+f<Fn(HawQTiG-M-k%m!8k7EWiL307<_}Cs{}G
zCU5;q)ddc=G)pO?{)#CRTDvyD*fS{!KNe>1m+8qXnt+-`8yE7VI`y1Q)z&Xu&{TeU
zk+h+cbcRON2;RBndWD9X<zfDO09S#?k%6h%(N)LZS=TZ3eU&cv)26(HkEPqoh)g5K
zs`by!e_}!ZwAgR`BRZ9g06i!`m?!3HC&{@#sVXreCD{HvNVi?=*>#<-H{QINrt0<9
zpH80A_V_Zi0-q7_M&36O#*X)jdJeYjE5u~hVKubQxj?7kU>wY3byhWBM1BH<Vf&U@
zo9_2v-(cl_X1^fP!T>f@;aJ8TI{*^1-u#~}|3TBg|D%6i3-BM0?w{Auzta!!cPHpS
zF$A+MD2;KzhNHS#<)c<5d??3jpyF#V;q;rs-0~+5GkKZ<CPR+cQmfN5;w2k|w$YK8
zyC8ylSfP^E({9R(&dYOpUqXTxb;N~5n>~8dJoIfyyMRw@-1DsZ{4<SRcV%t1aY@!q
zIK=>z_5cY1gWYYWm(V(C&FbMk2~#3Wy<PBMy(~PwB9Ld8Z>xQ6<TH*BNh6IZTaO?(
zn#Hx!i&UO-FgXe9W&Q+Rgvra962mDzvjT4~BA-TLv^2j?N`r>#2pltB)4F?+YG1j6
z1CqtdHcvjDvS*aKFI<HjAX%_h!+rwAk(a$y<Z96g5mpfr@YYF({8C4f&wRaGz551J
zN2klD$@uay_ol$wW=t4~f=$Dfgvcgwd)?W)Xy&)M{z7Wi;aP*iqW#^Dh#zoaU_<;|
zdjek4d^IK(Z=>>WS_6^5f-3EqXFct%z58_Kaf~p32M9iaVTl;`(GoILG+Y`T@g|F>
zW_?rG9rxk3(cD_Cx~(Hn9^#Zbxs`E*>w*L|HR4VeZ+{EBbl22<pK%bVE6qE}Ok4b{
z790_Z$vC+m;KeQ}778Q;dS%0qaoix%xV`L^sI;RvEH+`I=WOL#{~nDyD~%E=sXY;L
z6wx(}V~8Rj7**hC?^!IOS*QI4k+>!0$XRIwqR+o^s$a>T-Z&e}@VVb!PU4OG6n2Gu
zqrJ{{?}!VB*3{ZZg75Egz#Uuj`XN`QHL(C}U$oeLlS~l6v(GbVb-cdzT#?#(JR)zl
z@v{tL1T9P7TW!6VvJOdj;c4zpk4Wu*9)qH_Cv+mY+tw(SQGp3`i#t51oRL`$uy6qw
zAxCz<6$$>}7Q&M*-2^1&STUDdkW>vkujY5@*O3mxrJ~3#b~%xT&gOsXL)^LChs9g^
zO)Vp7(*+1*L^jMEMx4dC-eUF9#ZNKu)SB(YL9e6j1kyQ|=ndkYltJ*LQFuRb_dq73
z2@KbA9h~UVMQh~F9vGs#Q2S1fW+ljCFD2TAH($B|Fwgg6jz^GNoG@IE={Px1Kk^H5
z1NkVF6%28*YZ;7H0@v2{40k_>7)cAMmVL~vYiLL@4<hQ&^Rl4P_JN0-L{N1h7q~Hz
z=!T25h33XR^}y-v<TkPDWD!+OHpz9*p@Qq}3MxgxU4#OtZ^h}C2S7p0%@$TNVY4k5
zk?qZgV|O`(W{g$X`#t<6&WER`6`#PnXO^QABQJ}CJUA8jE$Lfk&3*wRbcz@XG^>s^
z5pM%$u`w+d1ivD#;_NA*(tNMfx(xY1W$wdwJ*rhT-0}kDoW=pMcopF7@Jb=D|Cno=
z7=6EW-|vmd@FA4CIW?w2j_)nXH~&jbe?=Yw;?wxMIM^k(CisgcZr~|llx?ac+AFZ?
zf@!|A-FLNVgdYmRsNNd2y%ULGrT7;3@tsRLhh&(YAUce<oAmc=w=G#m#ePBCI&z++
zc;Ajw2>5=qu}A&@#0de6rdZWIJ=88`%N&cJ8<6Sk)-2>betvJ_C&fjkVhQJ!f$zdC
zn<N~vu0l7v?st^{KklfJOzSz#0N-1T2jSy6XF&9iNh~mKG356s-}}wNvZVVNH1K_d
zMU|>$pY1a@kCiFKSw)Jj>L0W`tK11U=}2lT+-Zi?y&M~_9!DCLBydj#44&l{pp9@e
z5sCASG`FW9awAe2%&8eKSAXyg)YepZyS;o-ym`5oI-IQz=sJ&~i(VMY>ziB1J)T1z
zxf~}X@I{IZ!W=;e*fk8*!?cb`uVCx(g}oGHh(}vOn}EK`OJ||)Ww+Bvqo9*J6OPN4
zko`e7#*g%MWBbhoO8chc<--SCA9RYV?z1xB1_H!KntFWqPFkYd7Ie@j@3D8qKA2vR
zp;A3_teIy4-c(9_0?wGJ-h;=P^4;kWMWJ9K#O<RB&(r(%nAi=m>T$`)ur%rhxxJ+h
zQ)Wqj#7<rg`BhAwQPbd-<B&?Yyb;mXEYTtdE&2I`Ho;BGrJM7XlEQI{_jlb(H(m3%
zXq&7BK(eig2WzVW8k@?n_ZH3UNyY%(@^fS!3%&$&5l2m%%;nT1zbN}6ARhmNCOXO$
z(O@>}k5g$ZtwwVC2kiTo)&nCy5ilG3kM4Z-y7hZj4X!_%F0+W*Y*%$U-%4AnH)Fg1
zK_|-{_I$eHl52TbW|VHu!jY2nOf{I~7dThvPmmZsx4;;C@4&8Jgg&CRFR`6vswG=g
zlrI6GC1Yfz*OFIulg1?YEyGt2Xx>fe%XbEc`)eA1o>kq>P4#cv*4dIR2pGk&4L7i6
zd-okIG`-LM;r&LZVc7i~;njwGRxWEdl+`%eKViZ*sTb;SRhArHo7qmHuU{)(U^<h4
zWo?iys@n1bXk>1B!<E2@RX>A`QKiWvJv2c0mM<?jX?ClX09R&7@SR}XPyLg1JWNnf
z;eK?}rml8Do<`fI6|`9}?{;R=J~KLb@m<DVzvjR$pKzm|PH?eE&uQh1_~W73i-@*7
z{WwEWPfwm;qV)rcl-8BZa1jk*ERvQgfk%PB^8B&i19U74@rV>xCg#rMMw4jhLnHu#
zsZEn|Qrfcg)$jAV=H$mnXhgk_(9g88iIcT*-7IQtxzVk<?T;8AiL{wPOrJ@9?QMB2
zuCg0?#uenmFU6I!Uem;dj>z$sif3US3To`(f~dMIzpbpnf7UOcvsFJu<X^)23*uFP
zlL&ZE3&TVoK2CzRka@KmrsRb+!MN;14OcEIa@x}teA#-_ZT1Vg74zpsRzM6yKk6HS
zRND=ywOMiX-?c|Lbjj~r<aIV+r1LSVGPVuo`L?OFiti0*amP%r6b2q~lmHX*!gw2p
zzpq#pRkR#(;X0-Qgw>g!I+R$~?aAjaWp)(Mrw+*<wXNhd@JusRMC87fegO}>#0RYU
zd6`=RwmE!9v2<)?hLhfJ2j5R{Q|gRM)3eCl2tm8Gj}lFtCTw^<i`#(7%QR4dY=e(z
z^%nJO-t`9KBE8Bdnj!u`%dofd%Ci`e#}&~ti35U^oZrKPluQYG4BLy-V@#MkT~w#n
zWNroYu`prYI2=bVsnh-xnDutXQ2=~TZ0SV1E^>0PKi)Y@5{stIDjl?~G;x@JzM(UW
zQciA!kKw{Jb8|+@#J0dp(2RGf8k%M;+|S6(JZFQpuCe-!^faX{dd}$E7w}3YpJZQn
zM8A}1!58y%$D!0|#8}g$bR7F;qG)ziHDRlMp_fa&W>^^d0e64M+(blJ1!y(*w<k?F
zd+yr9L0jHgeI6yZ_Wh&qZHePrGM*cZc^@5T+GLP0B#tmDj-%RY+y2;jucTs;z4#ZT
z#bB|BPr5<Ld~tOE;goJ7U1hIi9&LRq!}iN6!5n?8yoyjTrFlyPn?`tXb=BDqrzEE}
zl_g{_BO!{}u)}cFL)ET(6HptfQe`6?c9!|R&Ww4ha?^upO#57t+RFUR=XXmCEk(J-
z4QbO7a*8Y4Fl!?oapzrgOwrOPnm;FhazhIf&F^5@=vfmuA0qaVPj^W1t!wAiE~oR4
zq^R;N{>bYy3EVY~02oL6(3qAOT@cWjN?5-)xL1;}<jiOjpOC~i3j`K5rFq$LjBf2X
zy{Jv(5;XeyaM*ZS^e4XD<Km*=mJt2gyKcg%HKt~ftI+3&=Y6R?^D-ZEFwr87T<xiR
zWy48lb2{|{j-{EA>J3dncb1e^P^JLeou2lXV*Z|l@Q)6wn>9?rjXsglT)yF7G32=&
z3np|ev&@*lC315955P$-PovE0X!h5L9r;(8sdwjNX0<t+GzXoG$%=_B%xe7lG?nHK
zPp74ms^EO~u*(g61%7OUI5JzG>WU0o7FJw`q{+(LFO4fjwh7mb4ZqlbSPAcpnUtPd
zde+K*V@M~vP%=_?7qcUVztpYKfVoz;1u~xY68-ei{U4l)V}P^!Dib-wTTXoO8*`li
z-xeR=aU7vf%`Dk;WPDO-&t4l8dE{W)cV1qdaxVT;RL|0=0X-M$0lS{!+F=4WuJfhv
z;H{2Qa;AO~ZN!O8SnlN(pde&>=(TgTd-hf%rEV3X)GVcS0<q&W<Ca7Kk)1aYQmuj;
zk02_~ZJc(i?r@!Jqftd1=hXPK->j;G9`w0L>eaMvH%RUN1@Vq3Y#e?I&miUmx*DA3
z_C8@>?a>99pKdp>5{!o*smn!Y#<!}6zxUsk-pZ<WI2gGKIZFCNm&$U{I<OeW=}ls^
zC%rNq4@_3)ibL5TUDmGIQgnC7nHJ+Lqutt<8PZAT-mpkFVm{83@R=D`M)aUWDSNZM
z-*pjB*%nULhHQv*;%7vwv|s&kn&th&rRDYg-{p~c;F=%U;hE%2?7LThj_RCW5c9iW
z1rfvJuf7+vd6<>68~VQ>iwc9xWWF6lV6++33pB;ydQ{44M~-;%5eVMJS36vBLD?GV
zynU!W2qeZIG^2p6b6fw?b;*wQ6xT5$e}zT4Av@16Pl7or1})X0sx?+OX`I=G>Z0S~
zH>|eqTps%uV;3FC+>OL<VrLDzlM5sCE}mL%64D=tw)CvGC?B0VFAHv~YV{;mujq97
zQkzb04IZjIcSy<U(bg7gJ0%%c)N_?I&Z1z9Xt&)Ho2H@2(*TDpkX%erdRyU7Uy9Rj
zV&j_3=7t`<3|O3Tg9ytrxv+ck3c1^Jr~sbrq5t|Lmta&cSm_%a((r@_hHMzUCXQgN
z>R(RPZRVt#qL^?#pa2y2akVa4q>SJL=~zfQ_iM;J-UE_9Lk#$IW1@yRaqWo(2CZJ!
zV8Z65vy}N#yeNSIvpQ)uC6Uy1o6Bttw~Flmh{!o>u+06D)%rcP0?A2lE|lKmvI<L@
z6Jh&xAHt`iQ)<hv3h|#jDa?IF?gD=BUEor6PTrJVwUF&e$P=xS;mU=;4SE*Tbx<CQ
z<{cNgI-Rn%9eBhRm5S6I@TVwg#(eftxYzm{M>Tjv#_fBgM!D0g{gJRpUTwwssi5?^
zUYAbul1pj4i<=22ll?}iJML)J=L<r<u+DQISQR_hT*C!#TY_m%;Or>8jP(Fm1u(>3
zdDzWe@@<v0GrFosEWt0x=AeTD_B0K5iSEC;1^Dmk=-=rF_;38ye?0`e3uGaXWjp!e
z$?+|WZ+)8%MWjv`W#8=UdEaBi-Ffuaye_rmpv}8R>T<p{Cs08v!*I@5${@t7FYC#$
zV`V6j`=*FFHAy9{#0zN^s_7Udu92j(t=qJz*TQTxCjh+w$Blk&gpyA3=NhZRpF*Is
zcMBjFz!ac`48Y=m&L9%fqH09umc0u@y1`&}<sk1tRTb0rSCpMAdnosCrzk%pdI?km
zVDyt7mSMo?vXcEUov{-m=S@h8FYwl$vGW?LUN6bBg3x(xL3Ezxr-OJ&W}UwQ%Bk^^
z7uCsrvfLYR#zGfU*v7SoJj5AaOz!_tlvuts&Pp1{Sbj<vJ!!`xc9CNKUIooCCgr#{
zD|*)%QP?;JD&I@AnBDoFP~CZtp!>4m9TvN<WcMIP+k_}ax{ykH7zM}?EE}yvJiH~H
zvmMv+8#o*mbBnumnh`Pp?kXGLa;FCnS~nhfWPqjFyTqfaYh$u~q)y-0<oPkPE~S)_
z#{77*tbd37S-!&V^T^<5*D4kwTV^gVct*ao&YhmM^C>BSO?e>PG+y%I5T5d+2VWuX
zOghx~;g>SG^Dn)=&;6G}|EFKS-{>}Pp>IzY0L4fw)`P0sXGdG_e19Mi@tX=GD;=}-
z!#@h+x!}Cy_`U7xMD*!Ibc<^!R($dbtT{%#Ae&+jcXQ82sd)W+7G`#W+Dx{cnB_@+
z1MV;|25$_*v$)o>`{6s<n{M%1V2SagG|9<6oCN<(_WYRZex02=3}7|+x<6G9|3$wD
z9&t$%xXg;e3G77%xsQ$cS%X3x557FvsT+l6R=u?>F_kAd8z4+go1{`l3!KB6k(a$g
z7fHig<|d3n`IyxUM)<4c*v>9KtF^MPq+i|Mi|m-AB2PxowMUCabMej3kyOS{T1LpI
z)K`;u_~G5iKbPVqCMN;!xNxZQu&}h`oZ=v(`;>`HOP|QQ+20gkddnLGkDt<LdqON;
z^MUscHGtO*R-#dFg?{LvNAI?Rc{=aFjE=b5S$T3&(G&w&<?)YpvKb-E9b1EYW5YPP
zZG{dN7PHfpEX<OA)ocHoMrj-Y#1BZosy>(S7w48(+w|e*$i3Juu1&UzfJz9^67&mF
zIQm;b=_(924hk#Xfu14EXn;M?o8NYa0Dt#^zxRUw-}e9E0RVr0ivEAU@IU-L0R9jD
z!w3G0+kxMU;D2xcz#psde{KNIe{O^SdjOnLV(pP3*<P%BG0|x#c`^tWR_Ohkk^mFy
z_B1LF{r=gIrH(VyOXPVMSql%j1<`RjnKLOCg1NgursUB}xDfe1b5x7TLt<-e_0STR
Z$~gnYNk3o-gf}bufXsP{%Y?rs{uj5kA6NhY

diff --git a/doc/scripts/get_access_token_oid4vp.sh b/doc/scripts/get_access_token_oid4vp.sh
new file mode 100755
index 0000000..a71c73e
--- /dev/null
+++ b/doc/scripts/get_access_token_oid4vp.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+token_endpoint=$(curl -s -X GET "$1/.well-known/openid-configuration" | jq -r '.token_endpoint')
+holder_did=$(cat did.json | jq '.id' -r)
+
+verifiable_presentation="{
+  \"@context\": [\"https://www.w3.org/2018/credentials/v1\"],
+  \"type\": [\"VerifiablePresentation\"],
+  \"verifiableCredential\": [
+      \"$2\"
+  ],
+  \"holder\": \"${holder_did}\"
+}"
+
+jwt_header=$(echo -n "{\"alg\":\"ES256\", \"typ\":\"JWT\", \"kid\":\"${holder_did}\"}"| base64 -w0 | sed s/\+/-/g | sed 's/\//_/g' | sed -E s/=+$//)
+payload=$(echo -n "{\"iss\": \"${holder_did}\", \"sub\": \"${holder_did}\", \"vp\": ${verifiable_presentation}}" | base64 -w0 | sed s/\+/-/g |sed 's/\//_/g' |  sed -E s/=+$//)
+signature=$(echo -n "${jwt_header}.${payload}" | openssl dgst -sha256 -binary -sign private-key.pem | base64 -w0 | sed s/\+/-/g | sed 's/\//_/g' | sed -E s/=+$//)
+jwt="${jwt_header}.${payload}.${signature}"
+vp_token=$(echo -n ${jwt} | base64 -w0 | sed s/\+/-/g | sed 's/\//_/g' | sed -E s/=+$//)
+
+echo $(curl -s -X POST $token_endpoint \
+      --header 'Accept: */*' \
+      --header 'Content-Type: application/x-www-form-urlencoded' \
+      --data grant_type=vp_token \
+      --data vp_token=${vp_token} \
+      --data scope=$3 | jq '.access_token' -r )
\ No newline at end of file
diff --git a/doc/scripts/get_credential_for_consumer.sh b/doc/scripts/get_credential_for_consumer.sh
new file mode 100755
index 0000000..7daad07
--- /dev/null
+++ b/doc/scripts/get_credential_for_consumer.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+access_token=$(curl -s -X POST "$1/realms/test-realm/protocol/openid-connect/token" \
+  --header 'Accept: */*' \
+  --header 'Content-Type: application/x-www-form-urlencoded' \
+  --data grant_type=password \
+  --data client_id=admin-cli \
+  --data username=test-user \
+  --data password=test | jq '.access_token' -r)
+
+offer_uri=$(curl -s -X GET "$1/realms/test-realm/protocol/oid4vc/credential-offer-uri?credential_configuration_id=$2" \
+  --header "Authorization: Bearer ${access_token}" | jq '"\(.issuer)\(.nonce)"' -r)
+
+export pre_authorized_code=$(curl -s -X GET ${offer_uri} \
+  --header "Authorization: Bearer ${access_token}" | jq '.grants."urn:ietf:params:oauth:grant-type:pre-authorized_code"."pre-authorized_code"' -r)
+
+credential_access_token=$(curl -s -X POST "$1/realms/test-realm/protocol/openid-connect/token" \
+  --header 'Accept: */*' \
+  --header 'Content-Type: application/x-www-form-urlencoded' \
+  --data grant_type=urn:ietf:params:oauth:grant-type:pre-authorized_code \
+  --data code=${pre_authorized_code} | jq '.access_token' -r)
+
+curl -s -X POST "$1/realms/test-realm/protocol/oid4vc/credential" \
+  --header 'Accept: */*' \
+  --header 'Content-Type: application/json' \
+  --header "Authorization: Bearer ${credential_access_token}" \
+  --data "{\"credential_identifier\":\"$2\", \"format\":\"jwt_vc\"}" | jq '.credential' -r
\ No newline at end of file
diff --git a/it/pom.xml b/it/pom.xml
index 08e4b96..bf5ca7f 100644
--- a/it/pom.xml
+++ b/it/pom.xml
@@ -25,6 +25,11 @@
         <version.org.junit.bom>5.9.2</version.org.junit.bom>
         <version.io.cucumber>7.11.1</version.io.cucumber>
         <version.org.keycloak>24.0.4</version.org.keycloak>
+        <version.org.openapitools.generator-maven-plugin>6.3.0</version.org.openapitools.generator-maven-plugin>
+        <version.io.swagger>1.6.10</version.io.swagger>
+        <version.javax.annotation>1.3.2</version.javax.annotation>
+        <version.com.squareup.okhttp>2.7.5</version.com.squareup.okhttp>
+        <version.com.github.multiformat.multi-base>v1.1.1</version.com.github.multiformat.multi-base>
     </properties>
 
     <dependencyManagement>
@@ -77,14 +82,24 @@
         <dependency>
             <groupId>com.squareup.okhttp</groupId>
             <artifactId>okhttp</artifactId>
-            <version>2.7.5</version>
+            <version>${version.com.squareup.okhttp}</version>
+        </dependency>
+        <dependency>
+            <groupId>io.swagger</groupId>
+            <artifactId>swagger-annotations</artifactId>
+            <version>${version.io.swagger}</version>
+        </dependency>
+        <dependency>
+            <groupId>javax.annotation</groupId>
+            <artifactId>javax.annotation-api</artifactId>
+            <version>${version.javax.annotation}</version>
         </dependency>
 
         <!-- test -->
         <dependency>
             <groupId>com.github.multiformats</groupId>
             <artifactId>java-multibase</artifactId>
-            <version>v1.1.1</version>
+            <version>${version.com.github.multiformat.multi-base}</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -204,6 +219,116 @@
                             <skip>true</skip>
                         </configuration>
                     </plugin>
+                    <plugin>
+                        <groupId>org.openapitools</groupId>
+                        <artifactId>openapi-generator-maven-plugin</artifactId>
+                        <version>${version.org.openapitools.generator-maven-plugin}</version>
+                        <configuration>
+                            <strictSpec>true</strictSpec>
+                            <modelPackage>org.fiware.dataspace.tmf.model</modelPackage>
+                            <generateAliasAsModel>true</generateAliasAsModel>
+                            <generatorName>jaxrs-spec</generatorName>
+                            <generateApis>false</generateApis>
+                            <generateApiTests>false</generateApiTests>
+                            <generateSupportingFiles>false</generateSupportingFiles>
+                            <generateModels>true</generateModels>
+                            <modelNameSuffix>VO</modelNameSuffix>
+                        </configuration>
+                        <executions>
+                            <execution>
+                                <id>tmf-party-catalog</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>generate</goal>
+                                </goals>
+                                <configuration>
+                                    <inputSpec>
+                                        https://raw.githubusercontent.com/FIWARE/tmforum-api/main/api/tm-forum/party-catalog/api.json
+                                    </inputSpec>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <id>tmf-product-catalog</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>generate</goal>
+                                </goals>
+                                <configuration>
+                                    <inputSpec>
+                                        https://github.com/FIWARE/tmforum-api/raw/main/api/tm-forum/product-catalog/api.json
+                                    </inputSpec>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <id>tmf-product-inventory</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>generate</goal>
+                                </goals>
+                                <configuration>
+                                    <inputSpec>
+                                        https://github.com/FIWARE/tmforum-api/raw/main/api/tm-forum/product-inventory/api.json
+                                    </inputSpec>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <id>tmf-product-ordering-management</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>generate</goal>
+                                </goals>
+                                <configuration>
+                                    <inputSpec>
+                                        https://github.com/FIWARE/tmforum-api/raw/main/api/tm-forum/product-ordering-management/api.json
+                                    </inputSpec>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <id>tmf-service-catalog</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>generate</goal>
+                                </goals>
+                                <configuration>
+                                    <inputSpec>
+                                        https://github.com/FIWARE/tmforum-api/raw/main/api/tm-forum/service-catalog/api.json
+                                    </inputSpec>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                    <!-- add generated sources -->
+                    <plugin>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>build-helper-maven-plugin</artifactId>
+                        <version>3.3.0</version>
+                        <executions>
+                            <execution>
+                                <id>openapi-sources</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>add-source</goal>
+                                </goals>
+                                <configuration>
+                                    <sources>
+                                        <source>${project.build.directory}/generated-sources/openapi</source>
+                                    </sources>
+                                </configuration>
+                            </execution>
+                            <execution>
+                                <id>openapi-test-sources</id>
+                                <phase>generate-test-sources</phase>
+                                <goals>
+                                    <goal>add-test-source</goal>
+                                </goals>
+                                <configuration>
+                                    <sources>
+                                        <source>${project.build.directory}/generated-test-sources/openapi</source>
+                                    </sources>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
                     <plugin>
                         <artifactId>maven-resources-plugin</artifactId>
                         <configuration>
diff --git a/it/src/test/java/org/fiware/dataspace/it/components/FancyMarketplaceEnvironment.java b/it/src/test/java/org/fiware/dataspace/it/components/FancyMarketplaceEnvironment.java
index e455f85..a5b9aed 100644
--- a/it/src/test/java/org/fiware/dataspace/it/components/FancyMarketplaceEnvironment.java
+++ b/it/src/test/java/org/fiware/dataspace/it/components/FancyMarketplaceEnvironment.java
@@ -19,4 +19,5 @@ public static String loginToConsumerKeycloak() {
         KeycloakHelper consumerKeycloak = new KeycloakHelper(TEST_REALM, CONSUMER_KEYCLOAK_ADDRESS);
         return consumerKeycloak.getUserToken(TEST_USER_NAME, TEST_USER_PASSWORD);
     }
+
 }
diff --git a/it/src/test/java/org/fiware/dataspace/it/components/MPOperationsEnvironment.java b/it/src/test/java/org/fiware/dataspace/it/components/MPOperationsEnvironment.java
index 5c00413..c7f7810 100644
--- a/it/src/test/java/org/fiware/dataspace/it/components/MPOperationsEnvironment.java
+++ b/it/src/test/java/org/fiware/dataspace/it/components/MPOperationsEnvironment.java
@@ -7,7 +7,6 @@
 import org.apache.http.HttpStatus;
 import org.fiware.dataspace.it.components.model.OpenIdConfiguration;
 
-import static org.fiware.dataspace.it.components.TestUtils.OBJECT_MAPPER;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
 /**
@@ -18,15 +17,19 @@ public abstract class MPOperationsEnvironment {
     public static final String DID_PROVIDER_ADDRESS = "http://did-provider.127.0.0.1.nip.io:8080";
     public static final String PROVIDER_PAP_ADDRESS = "http://pap-provider.127.0.0.1.nip.io:8080";
     public static final String PROVIDER_API_ADDRESS = "http://mp-data-service.127.0.0.1.nip.io:8080";
-    public static final String SCORPIO_ADDRESS = "http://scorpio-provider.127.0.0.1.nip.io:8080";
+    public static final String TM_FORUM_API_ADDRESS = "http://mp-tmf-api.127.0.0.1.nip.io:8080";
 
+    // direct access endpoints
+    public static final String SCORPIO_ADDRESS = "http://scorpio-provider.127.0.0.1.nip.io:8080";
+    public static final String TMF_DIRECT_ADDRESS = "http://tm-forum-api.127.0.0.1.nip.io:8080";
+    public static final String TIL_DIRECT_ADDRESS = "http://til-provider.127.0.0.1.nip.io:8080";
     public static final String OIDC_WELL_KNOWN_PATH = "/.well-known/openid-configuration";
     private static final OkHttpClient HTTP_CLIENT = new OkHttpClient();
     private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
 
-    public static OpenIdConfiguration getOpenIDConfiguration() throws Exception {
+    public static OpenIdConfiguration getOpenIDConfiguration(String targetHost) throws Exception {
         Request wellKnownRequest = new Request.Builder().get()
-                .url(PROVIDER_API_ADDRESS + OIDC_WELL_KNOWN_PATH)
+                .url(targetHost + OIDC_WELL_KNOWN_PATH)
                 .build();
         Response wellKnownResponse = HTTP_CLIENT.newCall(wellKnownRequest).execute();
         assertEquals(HttpStatus.SC_OK, wellKnownResponse.code(), "The oidc config should have been returned.");
diff --git a/it/src/test/java/org/fiware/dataspace/it/components/StepDefinitions.java b/it/src/test/java/org/fiware/dataspace/it/components/StepDefinitions.java
index 650f456..0e70084 100644
--- a/it/src/test/java/org/fiware/dataspace/it/components/StepDefinitions.java
+++ b/it/src/test/java/org/fiware/dataspace/it/components/StepDefinitions.java
@@ -1,5 +1,6 @@
 package org.fiware.dataspace.it.components;
 
+import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.squareup.okhttp.MediaType;
 import com.squareup.okhttp.OkHttpClient;
@@ -16,7 +17,22 @@
 import org.awaitility.Awaitility;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.fiware.dataspace.it.components.model.OpenIdConfiguration;
+import org.fiware.dataspace.it.components.model.Policy;
+import org.fiware.dataspace.tmf.model.CharacteristicVO;
+import org.fiware.dataspace.tmf.model.OrderItemActionTypeVO;
+import org.fiware.dataspace.tmf.model.OrganizationCreateVO;
+import org.fiware.dataspace.tmf.model.OrganizationVO;
+import org.fiware.dataspace.tmf.model.ProductOfferingCreateVO;
+import org.fiware.dataspace.tmf.model.ProductOfferingRefVO;
+import org.fiware.dataspace.tmf.model.ProductOfferingVO;
+import org.fiware.dataspace.tmf.model.ProductOrderCreateVO;
+import org.fiware.dataspace.tmf.model.ProductOrderItemVO;
+import org.fiware.dataspace.tmf.model.ProductSpecificationCreateVO;
+import org.fiware.dataspace.tmf.model.ProductSpecificationRefVO;
+import org.fiware.dataspace.tmf.model.ProductSpecificationVO;
+import org.fiware.dataspace.tmf.model.RelatedPartyVO;
 import org.keycloak.common.crypto.CryptoIntegration;
+import org.opentest4j.AssertionFailedError;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -25,9 +41,11 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 /**
@@ -39,11 +57,14 @@ public class StepDefinitions {
     private static final OkHttpClient HTTP_CLIENT = new OkHttpClient();
     private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
     private static final String USER_CREDENTIAL = "user-credential";
+    private static final String OPERATOR_CREDENTIAL = "operator-credential";
+    private static final String DEFAULT_SCOPE = "default";
+    private static final String OPERATOR_SCOPE = "operator";
     private static final String GRANT_TYPE_VP_TOKEN = "vp_token";
     private static final String RESPONSE_TYPE_DIRECT_POST = "direct_post";
 
     private Wallet fancyMarketplaceEmployeeWallet;
-
+    private OrganizationVO fancyMarketplaceRegistration;
     private List<String> createdPolicies = new ArrayList<>();
     private List<String> createdEntities = new ArrayList<>();
 
@@ -55,19 +76,119 @@ public void setup() throws Exception {
     }
 
     @After
-    public void cleanUp() {
+    public void cleanUp() throws Exception {
         cleanUpPolicies();
         cleanUpEntities();
+        cleanUpTMForum();
+        cleanUpTIL();
+    }
+
+    private void cleanUpTIL() throws Exception {
+        String consumerDid = getDid(FancyMarketplaceEnvironment.DID_CONSUMER_ADDRESS);
+        Request tilCleanRequest = new Request.Builder()
+                .delete()
+                .url(MPOperationsEnvironment.TIL_DIRECT_ADDRESS + "/issuer/" + consumerDid)
+                .build();
+        HTTP_CLIENT.newCall(tilCleanRequest).execute();
+        Map tilConfig = Map.of(
+                "did", getDid(FancyMarketplaceEnvironment.DID_CONSUMER_ADDRESS),
+                "credentials", List.of(Map.of("credentialsType", "UserCredential", "claims", List.of())));
+        RequestBody tilUpdateBody = RequestBody.create(MediaType.parse("application/json"), OBJECT_MAPPER.writeValueAsString(tilConfig));
+        Request tilUpdateRequest = new Request.Builder()
+                .post(tilUpdateBody)
+                .url(MPOperationsEnvironment.TIL_DIRECT_ADDRESS + "/issuer")
+                .build();
+        HTTP_CLIENT.newCall(tilUpdateRequest).execute();
+    }
+
+    private void cleanUpTMForum() throws Exception {
+        Request offerRequest = new Request.Builder()
+                .get()
+                .url(MPOperationsEnvironment.TMF_DIRECT_ADDRESS + "/tmf-api/productCatalogManagement/v4/productOffering")
+                .build();
+        Response offerResponse = HTTP_CLIENT.newCall(offerRequest).execute();
+        assertEquals(HttpStatus.SC_OK, offerResponse.code(), "The offer should have been returend");
+        List<ProductOfferingVO> offers = OBJECT_MAPPER.readValue(offerResponse.body().string(), new TypeReference<List<ProductOfferingVO>>() {
+        });
+        offers.stream()
+                .map(ProductOfferingVO::getId)
+                .forEach(id -> {
+                    Request deletionRequest = new Request.Builder()
+                            .delete()
+                            .url(MPOperationsEnvironment.TMF_DIRECT_ADDRESS + "/tmf-api/productCatalogManagement/v4/productOffering/" + id)
+                            .build();
+                    try {
+                        HTTP_CLIENT.newCall(deletionRequest).execute();
+                    } catch (IOException e) {
+                        // ignore
+                    }
+                });
+        offerResponse.body().close();
+
+        Request specRequest = new Request.Builder()
+                .get()
+                .url(MPOperationsEnvironment.TMF_DIRECT_ADDRESS + "/tmf-api/productCatalogManagement/v4/productSpecification")
+                .build();
+        Response specResponse = HTTP_CLIENT.newCall(specRequest).execute();
+        assertEquals(HttpStatus.SC_OK, specResponse.code(), "The spec should have been returend");
+        List<ProductSpecificationVO> specs = OBJECT_MAPPER.readValue(specResponse.body().string(), new TypeReference<List<ProductSpecificationVO>>() {
+        });
+        specs.stream()
+                .map(ProductSpecificationVO::getId)
+                .forEach(id -> {
+                    Request deletionRequest = new Request.Builder()
+                            .delete()
+                            .url(MPOperationsEnvironment.TMF_DIRECT_ADDRESS + "/tmf-api/productCatalogManagement/v4/productSpecification/" + id)
+                            .build();
+                    try {
+                        HTTP_CLIENT.newCall(deletionRequest).execute();
+                    } catch (IOException e) {
+                        // ignore
+                    }
+                });
+        specResponse.body().close();
+
+        Request organizationRequest = new Request.Builder()
+                .get()
+                .url(MPOperationsEnvironment.TMF_DIRECT_ADDRESS + "/tmf-api/party/v4/organization")
+                .build();
+        Response organizationResponse = HTTP_CLIENT.newCall(organizationRequest).execute();
+        assertEquals(HttpStatus.SC_OK, organizationResponse.code(), "The spec should have been returend");
+        List<OrganizationVO> organizations = OBJECT_MAPPER.readValue(organizationResponse.body().string(), new TypeReference<List<OrganizationVO>>() {
+        });
+        organizations.stream()
+                .map(OrganizationVO::getId)
+                .forEach(id -> {
+                    Request deletionRequest = new Request.Builder()
+                            .delete()
+                            .url(MPOperationsEnvironment.TMF_DIRECT_ADDRESS + "/tmf-api/party/v4/organization/" + id)
+                            .build();
+                    try {
+                        HTTP_CLIENT.newCall(deletionRequest).execute();
+                    } catch (IOException e) {
+                        // ignore
+                    }
+                });
+        organizationResponse.body().close();
     }
 
-    private void cleanUpPolicies() {
-        createdPolicies.forEach(policyId -> {
+    private void cleanUpPolicies() throws Exception {
+        Request getPolicies = new Request.Builder()
+                .url(MPOperationsEnvironment.PROVIDER_PAP_ADDRESS + "/policy")
+                .get().build();
+        Response policyResponse = HTTP_CLIENT.newCall(getPolicies).execute();
+
+        List<Policy> policies = OBJECT_MAPPER.readValue(policyResponse.body().string(), new TypeReference<List<Policy>>() {
+        });
+
+        policies.forEach(policyId -> {
             Request deletionRequest = new Request.Builder()
-                    .url(MPOperationsEnvironment.PROVIDER_PAP_ADDRESS + "/policy/" + policyId)
+                    .url(MPOperationsEnvironment.PROVIDER_PAP_ADDRESS + "/policy/" + policyId.getId())
                     .delete()
                     .build();
             try {
-                HTTP_CLIENT.newCall(deletionRequest).execute();
+                Response r = HTTP_CLIENT.newCall(deletionRequest).execute();
+                log.warn(r.body().string());
             } catch (IOException e) {
                 // just log
                 log.warn("Was not able to clean up policy {}.", policyId);
@@ -95,7 +216,9 @@ public void checkMPRegistered() throws Exception {
         Request didCheckRequest = new Request.Builder()
                 .url(TrustAnchorEnvironment.TIR_ADDRESS + "/v4/issuers/" + getDid(MPOperationsEnvironment.DID_PROVIDER_ADDRESS))
                 .build();
-        assertEquals(HttpStatus.SC_OK, HTTP_CLIENT.newCall(didCheckRequest).execute().code(), "The did should be registered at the trust-anchor.");
+        Response tirResponse = HTTP_CLIENT.newCall(didCheckRequest).execute();
+        assertEquals(HttpStatus.SC_OK, tirResponse.code(), "The did should be registered at the trust-anchor.");
+        tirResponse.body().close();
     }
 
 
@@ -104,21 +227,167 @@ public void checkFMRegistered() throws Exception {
         Request didCheckRequest = new Request.Builder()
                 .url(TrustAnchorEnvironment.TIR_ADDRESS + "/v4/issuers/" + getDid(FancyMarketplaceEnvironment.DID_CONSUMER_ADDRESS))
                 .build();
-        assertEquals(HttpStatus.SC_OK, HTTP_CLIENT.newCall(didCheckRequest).execute().code(), "The did should be registered at the trust-anchor.");
+        Response tirResponse = HTTP_CLIENT.newCall(didCheckRequest).execute();
+        assertEquals(HttpStatus.SC_OK, tirResponse.code(), "The did should be registered at the trust-anchor.");
+        tirResponse.body().close();
     }
 
-    @When("M&P Operations registers a policy to allow every participant access to its energy reports.")
-    public void mpRegisterEnergyReportPolicy() throws Exception {
-        RequestBody policyBody = RequestBody.create(MediaType.parse("application/json"), getPolicy("energyReport"));
+    @Given("Fancy Marketplace is not allowed to create a cluster at M&P Operations.")
+    public void fmNotAllowedToCreateCluster() throws Exception {
+        assertThrows(AssertionFailedError.class, () ->
+                getAccessTokenForFancyMarketplace(OPERATOR_CREDENTIAL, OPERATOR_SCOPE), "Fancy Marketplace is not allowed to use the operator credential.");
+        String userToken = getAccessTokenForFancyMarketplace(USER_CREDENTIAL, DEFAULT_SCOPE);
+        Request createClusterRequest = createK8SClusterRequest(userToken);
+        Response creationResponse = HTTP_CLIENT.newCall(createClusterRequest).execute();
+        assertEquals(HttpStatus.SC_FORBIDDEN, creationResponse.code(), "The creation should not be allowed.");
+    }
+
+    private static Request createK8SClusterRequest(String accessToken) throws IOException {
+        Map clusterEntity = Map.of("type", "K8SCluster",
+                "id", "urn:ngsi-ld:K8SCluster:fancy-marketplace",
+                "name", Map.of("type", "Property", "value", "Fancy Marketplace Cluster"),
+                "numNodes", Map.of("type", "Property", "value", "3"),
+                "k8sVersion", Map.of("type", "Property", "value", "1.26.0"));
+        RequestBody clusterCreationBody = RequestBody.create(MediaType.parse("application/json"), OBJECT_MAPPER.writeValueAsString(clusterEntity));
+        return new Request.Builder()
+                .post(clusterCreationBody)
+                .url(MPOperationsEnvironment.PROVIDER_API_ADDRESS + "/ngsi-ld/v1/entities")
+                .addHeader("Authorization", "Bearer " + accessToken)
+                .addHeader("Accept", "application/json")
+                .build();
+    }
+
+    @Given("M&P Operations allows self-registration of organizations.")
+    public void allowSelfRegistration() throws Exception {
+        createPolicyAtMP("allowProductOffering");
+        createPolicyAtMP("allowSelfRegistration");
+        // we need to wait a little for the policies to be updated
+        Thread.sleep(10000);
+    }
+
+    @Given("M&P Operations allows to buy its offerings.")
+    public void allowProductOrder() throws Exception {
+        createPolicyAtMP("allowProductOrder");
+        // we need to wait a little for the policies to be updated
+        Thread.sleep(10000);
+
+    }
+
+    private void createPolicyAtMP(String policy) throws IOException {
+        RequestBody policyBody = RequestBody.create(MediaType.parse("application/json"), getPolicy(policy));
         Request policyCreationRequest = new Request.Builder()
                 .post(policyBody)
                 .url(MPOperationsEnvironment.PROVIDER_PAP_ADDRESS + "/policy")
                 .build();
         Response policyCreationResponse = HTTP_CLIENT.newCall(policyCreationRequest).execute();
         assertEquals(HttpStatus.SC_OK, policyCreationResponse.code(), "The policy should have been created.");
+        policyCreationResponse.body().close();
         createdPolicies.add(policyCreationResponse.header("Location"));
     }
 
+    @Given("M&P Operations offers a managed kubernetes.")
+    public void createManagedKubernetesOffering() throws Exception {
+        ProductSpecificationCreateVO pscVo = new ProductSpecificationCreateVO()
+                .brand("M&P Operations")
+                .version("1.0.0")
+                .lifecycleStatus("ACTIVE")
+                .name("M&P K8S");
+        RequestBody specificationRequestBody = RequestBody.create(MediaType.parse("application/json"), OBJECT_MAPPER.writeValueAsString(pscVo));
+        Request specificationRequest = new Request.Builder()
+                .post(specificationRequestBody)
+                .url(MPOperationsEnvironment.TMF_DIRECT_ADDRESS + "/tmf-api/productCatalogManagement/v4/productSpecification")
+                .build();
+        Response specificationResponse = HTTP_CLIENT.newCall(specificationRequest).execute();
+        assertEquals(HttpStatus.SC_CREATED, specificationResponse.code(), "The specification should have been created.");
+        ProductSpecificationVO createdSpec = OBJECT_MAPPER.readValue(specificationResponse.body().string(), ProductSpecificationVO.class);
+
+        ProductOfferingCreateVO productOfferingCreate = new ProductOfferingCreateVO()
+                .lifecycleStatus("ACTIVE")
+                .name("M&P K8S Offering")
+                .version("1.0.0")
+                .productSpecification(new ProductSpecificationRefVO().id(createdSpec.getId()));
+        RequestBody productOfferingBody = RequestBody.create(MediaType.parse("application/json"), OBJECT_MAPPER.writeValueAsString(productOfferingCreate));
+        Request productOfferingRequest = new Request.Builder()
+                .post(productOfferingBody)
+                .url(MPOperationsEnvironment.TMF_DIRECT_ADDRESS + "/tmf-api/productCatalogManagement/v4/productOffering")
+                .build();
+        Response productOfferingResponse = HTTP_CLIENT.newCall(productOfferingRequest).execute();
+        assertEquals(HttpStatus.SC_CREATED, productOfferingResponse.code(), "The offering should have been created.");
+    }
+
+    @When("Fancy Marketplace registers itself at M&P Operations.")
+    public void registerAtMP() throws Exception {
+        String accessToken = getAccessTokenForFancyMarketplace(USER_CREDENTIAL, DEFAULT_SCOPE);
+
+        CharacteristicVO didCharacteristic = new CharacteristicVO()
+                .name("did")
+                .value(getDid(FancyMarketplaceEnvironment.DID_CONSUMER_ADDRESS));
+
+        OrganizationCreateVO organizationCreateVO = new OrganizationCreateVO()
+                .organizationType("Consumer")
+                .name("Fancy Marketplace Inc.")
+                .partyCharacteristic(List.of(didCharacteristic));
+
+        RequestBody organizationCreateBody = RequestBody.create(MediaType.parse("application/json"), OBJECT_MAPPER.writeValueAsString(organizationCreateVO));
+        Request organizationCreateRequest = new Request.Builder()
+                .post(organizationCreateBody)
+                .url(MPOperationsEnvironment.TM_FORUM_API_ADDRESS + "/tmf-api/party/v4/organization")
+                .addHeader("Authorization", "Bearer " + accessToken)
+                .build();
+        Response organizationCreateResponse = HTTP_CLIENT.newCall(organizationCreateRequest).execute();
+        assertEquals(HttpStatus.SC_CREATED, organizationCreateResponse.code(), "The organization should have been created.");
+        fancyMarketplaceRegistration = OBJECT_MAPPER.readValue(organizationCreateResponse.body().string(), OrganizationVO.class);
+    }
+
+    @When("Fancy Marketplace buys access to M&P's k8s services.")
+    public void buyAccess() throws Exception {
+        String accessToken = getAccessTokenForFancyMarketplace(USER_CREDENTIAL, DEFAULT_SCOPE);
+        Request offerRequest = new Request.Builder()
+                .get()
+                .url(MPOperationsEnvironment.TM_FORUM_API_ADDRESS + "/tmf-api/productCatalogManagement/v4/productOffering")
+                .addHeader("Authorization", "Bearer " + accessToken)
+                .build();
+        Response offerResponse = HTTP_CLIENT.newCall(offerRequest).execute();
+        assertEquals(HttpStatus.SC_OK, offerResponse.code(), "The offer should have been returend");
+        List<ProductOfferingVO> offers = OBJECT_MAPPER.readValue(offerResponse.body().string(), new TypeReference<List<ProductOfferingVO>>() {
+        });
+        Optional<String> optionalId = offers.stream()
+                .map(ProductOfferingVO::getId)
+                .findFirst();
+        assertTrue(optionalId.isPresent(), "The id should be present.");
+
+
+        ProductOfferingRefVO productOfferingRefVO = new ProductOfferingRefVO()
+                .id(optionalId.get());
+        ProductOrderItemVO pod = new ProductOrderItemVO()
+                .id("my-item")
+                .action(OrderItemActionTypeVO.ADD)
+                .productOffering(productOfferingRefVO);
+        RelatedPartyVO relatedPartyVO = new RelatedPartyVO()
+                .id(fancyMarketplaceRegistration.getId());
+        ProductOrderCreateVO poc = new ProductOrderCreateVO()
+                .productOrderItem(List.of(pod))
+                .relatedParty(List.of(relatedPartyVO));
+        RequestBody pocBody = RequestBody.create(MediaType.parse("application/json"), OBJECT_MAPPER.writeValueAsString(poc));
+        Request pocRequest = new Request.Builder()
+                .post(pocBody)
+                .url(MPOperationsEnvironment.TM_FORUM_API_ADDRESS + "/tmf-api/productOrderingManagement/v4/productOrder")
+                .addHeader("Authorization", "Bearer " + accessToken)
+                .build();
+        Response pocResponse = HTTP_CLIENT.newCall(pocRequest).execute();
+        assertEquals(HttpStatus.SC_CREATED, pocResponse.code(), "The product ordering should have been created.");
+    }
+
+    @When("M&P Operations registers a policy to allow every participant access to its energy reports.")
+    public void mpRegisterEnergyReportPolicy() throws Exception {
+        createPolicyAtMP("energyReport");
+    }
+
+    @When("M&P Operations allows operators to create clusters.")
+    public void mpRegisterClusterCreatePolicy() throws Exception {
+        createPolicyAtMP("clusterCreate");
+    }
+
     @When("M&P Operations creates an energy report.")
     public void createEnergyReport() throws Exception {
         Map offerEntity = Map.of("type", "EnergyReport",
@@ -135,20 +404,39 @@ public void createEnergyReport() throws Exception {
         createdEntities.add("urn:ngsi-ld:EnergyReport:fms-1");
     }
 
-    @When("Fancy Marketplace issues a credential to its employee.")
-    public void issueCredentialToEmployee() throws Exception {
+    @When("Fancy Marketplace issues a user credential to its employee.")
+    public void issueUserCredentialToEmployee() throws Exception {
         String accessToken = FancyMarketplaceEnvironment.loginToConsumerKeycloak();
         fancyMarketplaceEmployeeWallet.getCredentialFromIssuer(accessToken, FancyMarketplaceEnvironment.CONSUMER_KEYCLOAK_ADDRESS, USER_CREDENTIAL);
     }
 
+
+    @When("Fancy Marketplace issues an operator credential to its employee.")
+    public void issueOperatorCredentialToEmployee() throws Exception {
+        String accessToken = FancyMarketplaceEnvironment.loginToConsumerKeycloak();
+        fancyMarketplaceEmployeeWallet.getCredentialFromIssuer(accessToken, FancyMarketplaceEnvironment.CONSUMER_KEYCLOAK_ADDRESS, OPERATOR_CREDENTIAL);
+    }
+
+    @Then("Fancy Marketplace operators can create clusters.")
+    public void createK8SCluster() throws Exception {
+        Awaitility.await().atMost(Duration.ofSeconds(60)).until(() -> {
+            try {
+                String accessToken = getAccessTokenForFancyMarketplace(OPERATOR_CREDENTIAL, OPERATOR_SCOPE);
+                Request creationRequest = createK8SClusterRequest(accessToken);
+                assertEquals(HttpStatus.SC_CREATED, HTTP_CLIENT.newCall(creationRequest).execute().code(), "The cluster should now have been created.");
+                return true;
+            } catch (Throwable t) {
+                log.info("No token: {}", t);
+                return false;
+            }
+        });
+
+        createdEntities.add("urn:ngsi-ld:K8SCluster:fancy-marketplace");
+    }
+
     @Then("Fancy Marketplace' employee can access the EnergyReport.")
     public void accessTheEnergyReport() throws Exception {
-        OpenIdConfiguration openIdConfiguration = MPOperationsEnvironment.getOpenIDConfiguration();
-        assertTrue(openIdConfiguration.getGrantTypesSupported().contains(GRANT_TYPE_VP_TOKEN), "The M&P environment should support vp_tokens");
-        assertTrue(openIdConfiguration.getResponseModeSupported().contains(RESPONSE_TYPE_DIRECT_POST), "The M&P environment should support direct_post");
-        assertNotNull(openIdConfiguration.getTokenEndpoint(), "The M&P environment should provide a token endpoint.");
-
-        String accessToken = fancyMarketplaceEmployeeWallet.exchangeCredentialForToken(openIdConfiguration, USER_CREDENTIAL);
+        String accessToken = getAccessTokenForFancyMarketplace(USER_CREDENTIAL, DEFAULT_SCOPE);
         Request authenticatedEntityRequest = new Request.Builder().get()
                 .url(MPOperationsEnvironment.PROVIDER_API_ADDRESS + "/ngsi-ld/v1/entities/urn:ngsi-ld:EnergyReport:fms-1")
                 .addHeader("Authorization", "Bearer " + accessToken)
@@ -157,9 +445,17 @@ public void accessTheEnergyReport() throws Exception {
 
         Awaitility.await()
                 .atMost(Duration.ofSeconds(60))
-                .until(() -> {
-                    return HttpStatus.SC_OK == HTTP_CLIENT.newCall(authenticatedEntityRequest).execute().code();
-                });
+                .until(() -> HttpStatus.SC_OK == HTTP_CLIENT.newCall(authenticatedEntityRequest).execute().code());
+    }
+
+    private String getAccessTokenForFancyMarketplace(String credentialId, String scope) throws Exception {
+        OpenIdConfiguration openIdConfiguration = MPOperationsEnvironment.getOpenIDConfiguration(MPOperationsEnvironment.PROVIDER_API_ADDRESS);
+        assertTrue(openIdConfiguration.getGrantTypesSupported().contains(GRANT_TYPE_VP_TOKEN), "The M&P environment should support vp_tokens");
+        assertTrue(openIdConfiguration.getResponseModeSupported().contains(RESPONSE_TYPE_DIRECT_POST), "The M&P environment should support direct_post");
+        assertNotNull(openIdConfiguration.getTokenEndpoint(), "The M&P environment should provide a token endpoint.");
+
+        String accessToken = fancyMarketplaceEmployeeWallet.exchangeCredentialForToken(openIdConfiguration, credentialId, scope);
+        return accessToken;
     }
 
     private String getDid(String didHelperAddress) throws Exception {
diff --git a/it/src/test/java/org/fiware/dataspace/it/components/Wallet.java b/it/src/test/java/org/fiware/dataspace/it/components/Wallet.java
index d8ffcf6..28241ef 100644
--- a/it/src/test/java/org/fiware/dataspace/it/components/Wallet.java
+++ b/it/src/test/java/org/fiware/dataspace/it/components/Wallet.java
@@ -71,24 +71,24 @@ public Wallet() throws Exception {
     }
 
 
-    public String exchangeCredentialForToken(OpenIdConfiguration openIdConfiguration, String credentialId) throws Exception {
+    public String exchangeCredentialForToken(OpenIdConfiguration openIdConfiguration, String credentialId, String scope) throws Exception {
         String vpToken = Base64.getUrlEncoder()
                 .withoutPadding()
                 .encodeToString(createVPToken(did, walletKey, credentialStorage.get(credentialId)).getBytes());
         RequestBody requestBody = new FormEncodingBuilder()
                 .add("grant_type", "vp_token")
                 .add("vp_token", vpToken)
-                .add("scope", "default")
+                .add("scope", scope)
                 .build();
         Request tokenRequest = new Request.Builder()
                 .post(requestBody)
                 .url(openIdConfiguration.getTokenEndpoint())
                 .build();
         Response tokenResponse = HTTP_CLIENT.newCall(tokenRequest).execute();
-
         assertEquals(HttpStatus.SC_OK, tokenResponse.code(), "A token should have been responded.");
 
         TokenResponse accessTokenResponse = OBJECT_MAPPER.readValue(tokenResponse.body().string(), TokenResponse.class);
+        tokenResponse.body().close();
         assertNotNull(accessTokenResponse.getAccessToken(), "The access token should have been returned.");
         return accessTokenResponse.getAccessToken();
     }
@@ -134,7 +134,9 @@ public IssuerConfiguration getIssuerConfiguration(String issuerHost) throws Exce
         Response configResponse = HTTP_CLIENT.newCall(configRequest).execute();
 
         assertEquals(HttpStatus.SC_OK, configResponse.code(), "An issuer config should have been returned.");
-        return OBJECT_MAPPER.readValue(configResponse.body().string(), IssuerConfiguration.class);
+        IssuerConfiguration issuerConfiguration = OBJECT_MAPPER.readValue(configResponse.body().string(), IssuerConfiguration.class);
+        configResponse.body().close();
+        return issuerConfiguration;
     }
 
     public OfferUri getCredentialOfferUri(String keycloakJwt, String issuerHost, String credentialConfigId) throws Exception {
@@ -148,7 +150,9 @@ public OfferUri getCredentialOfferUri(String keycloakJwt, String issuerHost, Str
         Response uriResponse = HTTP_CLIENT.newCall(request).execute();
 
         assertEquals(HttpStatus.SC_OK, uriResponse.code(), "An uri should have been returned.");
-        return OBJECT_MAPPER.readValue(uriResponse.body().string(), OfferUri.class);
+        OfferUri offerUri = OBJECT_MAPPER.readValue(uriResponse.body().string(), OfferUri.class);
+        uriResponse.body().close();
+        return offerUri;
     }
 
     public CredentialOffer getCredentialOffer(String keycloakJwt, OfferUri offerUri) throws Exception {
@@ -162,7 +166,9 @@ public CredentialOffer getCredentialOffer(String keycloakJwt, OfferUri offerUri)
         Response offerResponse = HTTP_CLIENT.newCall(uriRequest).execute();
 
         assertEquals(HttpStatus.SC_OK, offerResponse.code(), "An offer should have been returned.");
-        return OBJECT_MAPPER.readValue(offerResponse.body().string(), CredentialOffer.class);
+        CredentialOffer credentialOffer = OBJECT_MAPPER.readValue(offerResponse.body().string(), CredentialOffer.class);
+        offerResponse.body().close();
+        return credentialOffer;
     }
 
     public String getTokenForOffer(IssuerConfiguration issuerConfiguration, CredentialOffer credentialOffer) throws Exception {
@@ -212,7 +218,9 @@ private String requestOffer(String token, String credentialEndpoint, SupportedCo
 
         Response credentialResponse = HTTP_CLIENT.newCall(credentialHttpRequest).execute();
         assertEquals(HttpStatus.SC_OK, credentialResponse.code(), "A credential should have been returned.");
-        return credentialResponse.body().string();
+        String offer = credentialResponse.body().string();
+        credentialResponse.body().close();
+        return offer;
     }
 
     public String getAccessToken(String tokenEndpoint, String preAuthorizedCode) throws Exception {
@@ -225,11 +233,12 @@ public String getAccessToken(String tokenEndpoint, String preAuthorizedCode) thr
                 .post(requestBody)
                 .build();
 
-
         Response tokenResponse = HTTP_CLIENT.newCall(tokenRequest).execute();
         assertEquals(HttpStatus.SC_OK, tokenResponse.code(), "A valid token should have been returned.");
 
-        return OBJECT_MAPPER.readValue(tokenResponse.body().string(), TokenResponse.class).getAccessToken();
+        String accessToken = OBJECT_MAPPER.readValue(tokenResponse.body().string(), TokenResponse.class).getAccessToken();
+        tokenResponse.body().close();
+        return accessToken;
     }
 
     public OpenIdConfiguration getOpenIdConfiguration(String authorizationServer) throws Exception {
@@ -240,7 +249,9 @@ public OpenIdConfiguration getOpenIdConfiguration(String authorizationServer) th
         Response openIdConfigResponse = HTTP_CLIENT.newCall(request).execute();
 
         assertEquals(HttpStatus.SC_OK, openIdConfigResponse.code(), "An openId config should have been returned.");
-        return OBJECT_MAPPER.readValue(openIdConfigResponse.body().string(), OpenIdConfiguration.class);
+        OpenIdConfiguration openIdConfiguration = OBJECT_MAPPER.readValue(openIdConfigResponse.body().string(), OpenIdConfiguration.class);
+        openIdConfigResponse.body().close();
+        return openIdConfiguration;
     }
 
 
diff --git a/it/src/test/java/org/fiware/dataspace/it/components/model/Policy.java b/it/src/test/java/org/fiware/dataspace/it/components/model/Policy.java
new file mode 100644
index 0000000..d14fae8
--- /dev/null
+++ b/it/src/test/java/org/fiware/dataspace/it/components/model/Policy.java
@@ -0,0 +1,18 @@
+package org.fiware.dataspace.it.components.model;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+/**
+ * @author <a href="https://github.com/wistefan">Stefan Wiedemann</a>
+ */
+@NoArgsConstructor
+@AllArgsConstructor
+@Data
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class Policy {
+
+    private String id;
+}
diff --git a/it/src/test/resources/it/mvds_basic.feature b/it/src/test/resources/it/mvds_basic.feature
index 84825d1..cd37df6 100644
--- a/it/src/test/resources/it/mvds_basic.feature
+++ b/it/src/test/resources/it/mvds_basic.feature
@@ -5,5 +5,21 @@ Feature: The Data Space should support a basic data exchange between registered
     And Fancy Marketplace is registered as a participant in the data space.
     When M&P Operations registers a policy to allow every participant access to its energy reports.
     And M&P Operations creates an energy report.
-    And Fancy Marketplace issues a credential to its employee.
-    Then Fancy Marketplace' employee can access the EnergyReport.
\ No newline at end of file
+    And Fancy Marketplace issues a user credential to its employee.
+    Then Fancy Marketplace' employee can access the EnergyReport.
+
+  Scenario: A registered operator can create a k8s cluster.
+    Given M&P Operations is registered as a participant in the data space.
+    And  M&P Operations offers a managed kubernetes.
+    And M&P Operations allows self-registration of organizations.
+    And M&P Operations allows to buy its offerings.
+    And M&P Operations allows operators to create clusters.
+    And Fancy Marketplace is registered as a participant in the data space.
+    And Fancy Marketplace issues an operator credential to its employee.
+    And Fancy Marketplace issues a user credential to its employee.
+    And Fancy Marketplace is not allowed to create a cluster at M&P Operations.
+    When Fancy Marketplace registers itself at M&P Operations.
+    And Fancy Marketplace buys access to M&P's k8s services.
+    Then Fancy Marketplace operators can create clusters.
+
+
diff --git a/it/src/test/resources/policies/allowProductOffering.json b/it/src/test/resources/policies/allowProductOffering.json
new file mode 100644
index 0000000..ba2c170
--- /dev/null
+++ b/it/src/test/resources/policies/allowProductOffering.json
@@ -0,0 +1,37 @@
+{
+  "@context": {
+    "dc": "http://purl.org/dc/elements/1.1/",
+    "dct": "http://purl.org/dc/terms/",
+    "owl": "http://www.w3.org/2002/07/owl#",
+    "odrl": "http://www.w3.org/ns/odrl/2/",
+    "rdfs": "http://www.w3.org/2000/01/rdf-schema#",
+    "skos": "http://www.w3.org/2004/02/skos/core#"
+  },
+  "@id": "https://mp-operation.org/policy/common/type",
+  "@type": "odrl:Policy",
+  "odrl:permission": {
+    "odrl:assigner": {
+      "@id": "https://www.mp-operation.org/"
+    },
+    "odrl:target": {
+      "@type": "odrl:AssetCollection",
+      "odrl:source": "urn:asset",
+      "odrl:refinement": [
+        {
+          "@type": "odrl:Constraint",
+          "odrl:leftOperand": "tmf:resource",
+          "odrl:operator": {
+            "@id": "odrl:eq"
+          },
+          "odrl:rightOperand": "productOffering"
+        }
+      ]
+    },
+    "odrl:assignee": {
+      "@id": "vc:any"
+    },
+    "odrl:action": {
+      "@id": "odrl:read"
+    }
+  }
+}
diff --git a/it/src/test/resources/policies/allowProductOrder.json b/it/src/test/resources/policies/allowProductOrder.json
new file mode 100644
index 0000000..8233c36
--- /dev/null
+++ b/it/src/test/resources/policies/allowProductOrder.json
@@ -0,0 +1,37 @@
+{
+  "@context": {
+    "dc": "http://purl.org/dc/elements/1.1/",
+    "dct": "http://purl.org/dc/terms/",
+    "owl": "http://www.w3.org/2002/07/owl#",
+    "odrl": "http://www.w3.org/ns/odrl/2/",
+    "rdfs": "http://www.w3.org/2000/01/rdf-schema#",
+    "skos": "http://www.w3.org/2004/02/skos/core#"
+  },
+  "@id": "https://mp-operation.org/policy/common/type",
+  "@type": "odrl:Policy",
+  "odrl:permission": {
+    "odrl:assigner": {
+      "@id": "https://www.mp-operation.org/"
+    },
+    "odrl:target": {
+      "@type": "odrl:AssetCollection",
+      "odrl:source": "urn:asset",
+      "odrl:refinement": [
+        {
+          "@type": "odrl:Constraint",
+          "odrl:leftOperand": "tmf:resource",
+          "odrl:operator": {
+            "@id": "odrl:eq"
+          },
+          "odrl:rightOperand": "productOrder"
+        }
+      ]
+    },
+    "odrl:assignee": {
+      "@id": "vc:any"
+    },
+    "odrl:action": {
+      "@id": "tmf:create"
+    }
+  }
+}
diff --git a/it/src/test/resources/policies/allowSelfRegistration.json b/it/src/test/resources/policies/allowSelfRegistration.json
new file mode 100644
index 0000000..994e068
--- /dev/null
+++ b/it/src/test/resources/policies/allowSelfRegistration.json
@@ -0,0 +1,37 @@
+{
+  "@context": {
+    "dc": "http://purl.org/dc/elements/1.1/",
+    "dct": "http://purl.org/dc/terms/",
+    "owl": "http://www.w3.org/2002/07/owl#",
+    "odrl": "http://www.w3.org/ns/odrl/2/",
+    "rdfs": "http://www.w3.org/2000/01/rdf-schema#",
+    "skos": "http://www.w3.org/2004/02/skos/core#"
+  },
+  "@id": "https://mp-operation.org/policy/common/type",
+  "@type": "odrl:Policy",
+  "odrl:permission": {
+    "odrl:assigner": {
+      "@id": "https://www.mp-operation.org/"
+    },
+    "odrl:target": {
+      "@type": "odrl:AssetCollection",
+      "odrl:source": "urn:asset",
+      "odrl:refinement": [
+        {
+          "@type": "odrl:Constraint",
+          "odrl:leftOperand": "tmf:resource",
+          "odrl:operator": {
+            "@id": "odrl:eq"
+          },
+          "odrl:rightOperand": "organization"
+        }
+      ]
+    },
+    "odrl:assignee": {
+      "@id": "vc:any"
+    },
+    "odrl:action": {
+      "@id": "tmf:create"
+    }
+  }
+}
diff --git a/it/src/test/resources/policies/clusterCreate.json b/it/src/test/resources/policies/clusterCreate.json
new file mode 100644
index 0000000..47301aa
--- /dev/null
+++ b/it/src/test/resources/policies/clusterCreate.json
@@ -0,0 +1,69 @@
+{
+  "@context": {
+    "dc": "http://purl.org/dc/elements/1.1/",
+    "dct": "http://purl.org/dc/terms/",
+    "owl": "http://www.w3.org/2002/07/owl#",
+    "odrl": "http://www.w3.org/ns/odrl/2/",
+    "rdfs": "http://www.w3.org/2000/01/rdf-schema#",
+    "skos": "http://www.w3.org/2004/02/skos/core#"
+  },
+  "@id": "https://mp-operation.org/policy/common/type",
+  "@type": "odrl:Policy",
+  "odrl:permission": {
+    "odrl:assigner": {
+      "@id": "https://www.mp-operation.org/"
+    },
+    "odrl:target": {
+      "@type": "odrl:AssetCollection",
+      "odrl:source": "urn:asset",
+      "odrl:refinement": [
+        {
+          "@type": "odrl:Constraint",
+          "odrl:leftOperand": "ngsi-ld:entityType",
+          "odrl:operator": {
+            "@id": "odrl:eq"
+          },
+          "odrl:rightOperand": "K8SCluster"
+        }
+      ]
+    },
+    "odrl:assignee": {
+      "@type": "odrl:PartyCollection",
+      "odrl:source": "urn:user",
+      "odrl:refinement": {
+        "@type": "odrl:LogicalConstraint",
+        "odrl:and": [
+          {
+            "@type": "odrl:Constraint",
+            "odrl:leftOperand": {
+              "@id": "vc:role"
+            },
+            "odrl:operator": {
+              "@id": "odrl:hasPart"
+            },
+            "odrl:rightOperand": {
+              "@value": "OPERATOR",
+              "@type": "xsd:string"
+            }
+          },
+          {
+            "@type": "odrl:Constraint",
+            "odrl:leftOperand": {
+              "@id": "vc:type"
+            },
+            "odrl:operator": {
+              "@id": "odrl:hasPart"
+            },
+            "odrl:rightOperand": {
+              "@value": "OperatorCredential",
+              "@type": "xsd:string"
+            }
+          }
+        ]
+      }
+    },
+    "odrl:action": {
+      "@id": "odrl:use"
+    }
+  }
+}
diff --git a/it/src/test/resources/policies/energyReport.json b/it/src/test/resources/policies/energyReport.json
index eb1c4e6..df69d53 100644
--- a/it/src/test/resources/policies/energyReport.json
+++ b/it/src/test/resources/policies/energyReport.json
@@ -28,7 +28,7 @@
       ]
     },
     "odrl:assignee": {
-      "@id": "odrl:any"
+      "@id": "vc:any"
     },
     "odrl:action": {
       "@id": "odrl:read"
diff --git a/k3s/consumer.yaml b/k3s/consumer.yaml
index 9acb910..a72f472 100644
--- a/k3s/consumer.yaml
+++ b/k3s/consumer.yaml
@@ -14,7 +14,10 @@ scorpio:
   enabled: false
 postgis:
   enabled: false
-
+tm-forum-api:
+  enabled: false
+contract-management:
+  enabled: false
 
 postgresql:
   primary:
@@ -127,12 +130,12 @@ keycloak:
       "${CLIENT_DID}": [
         {
           "name": "READER",
-          "description": "Is allowed to register",
+          "description": "Is allowed to see offers etc.",
           "clientRole": true
         },
         {
-          "name": "WRITER",
-          "description": "Is allowed to see",
+          "name": "OPERATOR",
+          "description": "Is allowed to operate clusters.",
           "clientRole": true
         }
       ]
@@ -152,7 +155,7 @@ keycloak:
         ],
         "clientRoles": {
           "${CLIENT_DID}": [
-            "READER"
+            "OPERATOR"
           ],
           "account": [
             "view-profile",
@@ -188,7 +191,9 @@ keycloak:
           "vc.user-credential.format": "jwt_vc",
           "vc.user-credential.scope": "UserCredential",
           "vc.verifiable-credential.format": "jwt_vc",
-          "vc.verifiable-credential.scope": "VerifiableCredential"
+          "vc.verifiable-credential.scope": "VerifiableCredential",
+          "vc.operator-credential.format": "jwt_vc",
+          "vc.operator-credential.scope": "OperatorCredential"
         },
         "protocolMappers": [
           {
@@ -198,17 +203,7 @@ keycloak:
             "config": {
               "subjectProperty": "roles",
               "clientId": "${CLIENT_DID}",
-              "supportedCredentialTypes": "VerifiableCredential"
-            }
-          },
-          {
-            "name": "target-vc-role-mapper",
-            "protocol": "oid4vc",
-            "protocolMapper": "oid4vc-target-role-mapper",
-            "config": {
-              "subjectProperty": "roles",
-              "clientId": "${CLIENT_DID}",
-              "supportedCredentialTypes": "UserCredential"
+              "supportedCredentialTypes": "OperatorCredential"
             }
           },
           {
@@ -217,7 +212,7 @@ keycloak:
             "protocolMapper": "oid4vc-context-mapper",
             "config": {
               "context": "https://www.w3.org/2018/credentials/v1",
-              "supportedCredentialTypes": "VerifiableCredential,UserCredential"
+              "supportedCredentialTypes": "VerifiableCredential,UserCredential,OperatorCredential"
             }
           },
           {
@@ -227,7 +222,7 @@ keycloak:
             "config": {
               "subjectProperty": "email",
               "userAttribute": "email",
-              "supportedCredentialTypes": "UserCredential"
+              "supportedCredentialTypes": "UserCredential,OperatorCredential"
             }
           },
           {
@@ -237,7 +232,7 @@ keycloak:
             "config": {
               "subjectProperty": "firstName",
               "userAttribute": "firstName",
-              "supportedCredentialTypes": "UserCredential"
+              "supportedCredentialTypes": "UserCredential,OperatorCredential"
             }
           },
           {
@@ -247,7 +242,7 @@ keycloak:
             "config": {
               "subjectProperty": "lastName",
               "userAttribute": "lastName",
-              "supportedCredentialTypes": "UserCredential"
+              "supportedCredentialTypes": "UserCredential,OperatorCredential"
             }
           }
         ],
diff --git a/k3s/provider.yaml b/k3s/provider.yaml
index 0bab8c9..af10f16 100644
--- a/k3s/provider.yaml
+++ b/k3s/provider.yaml
@@ -8,10 +8,14 @@ apisix:
     ingress:
       enabled: true
       hostname: mp-data-service.127.0.0.1.nip.io
+      extraHosts:
+        - name: mp-tmf-api.127.0.0.1.nip.io
+          path: /
   catchAllRoute:
     enabled: false
   routes: |-
     - uri: /.well-known/openid-configuration
+      host: mp-data-service.127.0.0.1.nip.io
       upstream:
         nodes:
           verifier:3000: 1
@@ -32,6 +36,7 @@ apisix:
             set:
               content-type: application/json
     - uri: /*
+      host: mp-data-service.127.0.0.1.nip.io
       upstream:
         nodes:
           data-service-scorpio:9090: 1
@@ -47,6 +52,34 @@ apisix:
         opa:
           host: "http://localhost:8181"
           policy: policy/main
+          with_body: true
+    - uri: /.well-known/openid-configuration
+      host: mp-tmf-api.127.0.0.1.nip.io
+      upstream:
+        nodes:
+          verifier:3000: 1
+        type: roundrobin
+      plugins:
+        proxy-rewrite:
+          uri: /services/tmf-api/.well-known/openid-configuration
+    - uri: /*
+      host: mp-tmf-api.127.0.0.1.nip.io
+      upstream:
+        nodes:
+          tm-forum-api:8080: 1
+        type: roundrobin
+      plugins:
+        openid-connect:
+          bearer_only: true
+          use_jwks: true
+          client_id: contract-management
+          client_secret: unused
+          ssl_verify: false
+          discovery: http://verifier:3000/services/tmf-api/.well-known/openid-configuration
+        opa:
+          host: "http://localhost:8181"
+          policy: policy/main
+          with_body: true
 
 vcverifier:
   ingress:
@@ -174,8 +207,21 @@ scorpio:
         - "/"
   ccs:
     defaultOidcScope:
-      credentialType: UserCredential
-      trustedParticipantsLists: http://tir.trust-anchor.svc.cluster.local:8080
+      name: default
+    oidcScopes:
+      default:
+        - type: UserCredential
+          trustedParticipantsLists:
+            - http://tir.trust-anchor.svc.cluster.local:8080
+          trustedIssuersLists:
+            - http://trusted-issuers-list:8080
+      operator:
+        - type: OperatorCredential
+          trustedParticipantsLists:
+            - http://tir.trust-anchor.svc.cluster.local:8080
+          trustedIssuersLists:
+            - http://trusted-issuers-list:8080
+
 
 odrl-pap:
   deployment:
@@ -216,3 +262,31 @@ odrl-pap:
       - host: pap-provider.127.0.0.1.nip.io
         paths:
           - "/"
+
+tm-forum-api:
+  registration:
+    ccs:
+      defaultOidcScope:
+        credentialType: UserCredential
+        trustedParticipantsLists: http://tir.trust-anchor.svc.cluster.local:8080
+
+  ingress:
+    enabled: true
+    hosts:
+      - host: tm-forum-api.127.0.0.1.nip.io
+        paths:
+          - /
+
+contract-management:
+  til:
+    credentialType: OperatorCredential
+
+trusted-issuers-list:
+  # only open for clean up in the tests
+  ingress:
+    til:
+      enabled: true
+      hosts:
+        - host: til-provider.127.0.0.1.nip.io
+          paths:
+            - /
diff --git a/pom.xml b/pom.xml
index 3432f8a..23c94f6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -17,7 +17,7 @@
         <release.version>17</release.version>
 
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <version.io.kokuwa.maven.k3s-plugin>1.2.4</version.io.kokuwa.maven.k3s-plugin>
+        <version.io.kokuwa.maven.k3s-plugin>1.3.0</version.io.kokuwa.maven.k3s-plugin>
         <version.io.kokuwa.helm-maven-plugin>6.13.0</version.io.kokuwa.helm-maven-plugin>
         <version.org.apache.maven.plugins.maven-install>3.1.1</version.org.apache.maven.plugins.maven-install>
         <version.org.apache.maven.plugins.maven-source>2.4</version.org.apache.maven.plugins.maven-source>
@@ -308,9 +308,17 @@
                             <skip>false</skip>
                         </configuration>
                     </plugin>
+                    <plugin>
+                        <groupId>org.apache.maven.plugins</groupId>
+                        <artifactId>maven-compiler-plugin</artifactId>
+                        <configuration>
+                            <skip>true</skip>
+                        </configuration>
+                    </plugin>
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-failsafe-plugin</artifactId>
+                        <version>${version.org.apache.maven.plugins.maven-failsafe}</version>
                         <configuration>
                             <skip>true</skip>
                         </configuration>

From c15e21028b0a73946066b93445d3528ed0d2a070 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Mon, 29 Jul 2024 13:56:30 +0000
Subject: [PATCH 2/3] Update helm chart versions

---
 charts/data-space-connector/Chart.yaml | 2 +-
 charts/trust-anchor/Chart.yaml         | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/charts/data-space-connector/Chart.yaml b/charts/data-space-connector/Chart.yaml
index 454575c..ca5c3af 100644
--- a/charts/data-space-connector/Chart.yaml
+++ b/charts/data-space-connector/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: data-space-connector
 description: Umbrella Chart for the FIWARE Data Space Connector, combining all essential parts to be used by a participant.
 type: application
-version: 7.1.0
+version: 7.2.0
 dependencies:
   - name: postgresql
     condition: postgresql.enabled
diff --git a/charts/trust-anchor/Chart.yaml b/charts/trust-anchor/Chart.yaml
index cd9df7b..9d5a784 100644
--- a/charts/trust-anchor/Chart.yaml
+++ b/charts/trust-anchor/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: trust-anchor
 description: Umbrella Chart to provide a minimal trust anchor for a FIWARE Dataspace
-version: 0.0.1
+version: 0.1.0
 dependencies:
   - name: trusted-issuers-list
     condition: trusted-issuers-list.enabled
@@ -10,4 +10,4 @@ dependencies:
   - name: mysql
     condition: mysql.enabled
     version: 9.4.4
-    repository: https://charts.bitnami.com/bitnami
\ No newline at end of file
+    repository: https://charts.bitnami.com/bitnami

From 0afce8f10cfda05bde11416afd3579596d6ae576 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Mon, 29 Jul 2024 13:56:34 +0000
Subject: [PATCH 3/3] Update helm chart versions

---
 charts/data-space-connector/Chart.yaml | 2 +-
 charts/trust-anchor/Chart.yaml         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/charts/data-space-connector/Chart.yaml b/charts/data-space-connector/Chart.yaml
index ca5c3af..cc24af8 100644
--- a/charts/data-space-connector/Chart.yaml
+++ b/charts/data-space-connector/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: data-space-connector
 description: Umbrella Chart for the FIWARE Data Space Connector, combining all essential parts to be used by a participant.
 type: application
-version: 7.2.0
+version: 7.3.0
 dependencies:
   - name: postgresql
     condition: postgresql.enabled
diff --git a/charts/trust-anchor/Chart.yaml b/charts/trust-anchor/Chart.yaml
index 9d5a784..a340c85 100644
--- a/charts/trust-anchor/Chart.yaml
+++ b/charts/trust-anchor/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: trust-anchor
 description: Umbrella Chart to provide a minimal trust anchor for a FIWARE Dataspace
-version: 0.1.0
+version: 0.2.0
 dependencies:
   - name: trusted-issuers-list
     condition: trusted-issuers-list.enabled