From f637b458e6c4b4763ee307adbc1a9fe76a2cecf5 Mon Sep 17 00:00:00 2001 From: miloschwartz Date: Sun, 21 Dec 2025 16:27:05 -0500 Subject: [PATCH 1/9] add pangctl commands --- self-host/advanced/container-cli-tool.mdx | 49 +++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/self-host/advanced/container-cli-tool.mdx b/self-host/advanced/container-cli-tool.mdx index 9bf768d..8cd8d10 100644 --- a/self-host/advanced/container-cli-tool.mdx +++ b/self-host/advanced/container-cli-tool.mdx @@ -32,3 +32,52 @@ docker exec -it pangolin pangctl set-admin-credentials --email "admin@example.co Use a strong password and keep your admin credentials secure. + +## Clear Exit Nodes + +Clear all exit nodes from the database: + +```bash +docker exec -it pangolin pangctl clear-exit-nodes +``` + + +This command permanently deletes all exit nodes from the database. This action cannot be undone. + + +## Reset User Security Keys + +Reset a user's security keys (passkeys) by deleting all their webauthn credentials: + +```bash +docker exec -it pangolin pangctl reset-user-security-keys --email "user@example.com" +``` + + +This command permanently deletes all security keys for the specified user. The user will need to re-register their security keys to use passkey authentication again. + + +## Rotate Server Secret + +Rotate the server secret by decrypting all encrypted values with the old secret and re-encrypting with a new secret. This command updates OIDC IdP configurations and license keys in the database, as well as the config file. + +```bash +docker exec -it pangolin pangctl rotate-server-secret --old-secret "current-secret" --new-secret "new-secret" +``` + +### Options + +- `--old-secret` (required): The current server secret (for verification) +- `--new-secret` (required): The new server secret to use (must be at least 8 characters long) +- `--force` (optional): Force rotation even if the old secret doesn't match the config file. Use this if you know the old secret is correct but the config file is out of sync. + + +This command performs a critical operation that affects all encrypted data in your database. Ensure you have a backup before running this command. + +**Important considerations:** +- The new secret must be at least 8 characters long +- The new secret must be different from the old secret +- The command verifies the old secret matches the config file (unless `--force` is used) +- After rotation, you must restart the server for the new secret to take effect +- Using `--force` with an incorrect old secret will cause the rotation to fail or corrupt encrypted data + From dc36018747dfd5641882a0c3f606c0044517053b Mon Sep 17 00:00:00 2001 From: miloschwartz Date: Sun, 21 Dec 2025 16:30:44 -0500 Subject: [PATCH 2/9] update branding --- manage/branding.mdx | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/manage/branding.mdx b/manage/branding.mdx index 5d25819..9519b62 100644 --- a/manage/branding.mdx +++ b/manage/branding.mdx @@ -200,6 +200,14 @@ volumes: +### Hide Auth Page Footer + + + Hide the horizontal footer text that appears in the bottom layout of all authentication pages. + + **Default**: `false` + + ### Login Page From 7ac8cfd5c750a505b0d3ceac6f0a29a544380930 Mon Sep 17 00:00:00 2001 From: miloschwartz Date: Sun, 21 Dec 2025 16:41:54 -0500 Subject: [PATCH 3/9] update cloudflare proxy docs --- self-host/advanced/cloudflare-proxy.mdx | 77 +++++++++++++++++++------ 1 file changed, 60 insertions(+), 17 deletions(-) diff --git a/self-host/advanced/cloudflare-proxy.mdx b/self-host/advanced/cloudflare-proxy.mdx index 63729b3..96ef504 100644 --- a/self-host/advanced/cloudflare-proxy.mdx +++ b/self-host/advanced/cloudflare-proxy.mdx @@ -57,34 +57,77 @@ gerbil: ### Getting the Real Client IP -Pangolin needs to know the original client IP address for features like rate limiting. When Cloudflare proxy is enabled, the API server sees Cloudflare's IP instead of the real client IP. +Pangolin needs to know the original client IP address for features like rate limiting and logging. When Cloudflare proxy is enabled, the API server sees Cloudflare's IP instead of the real client IP. -Cloudflare sets special headers with the real IP that need to be processed by Traefik before forwarding to Pangolin. Configure Traefik to parse these headers using a community plugin for Traefik: [Real IP from Cloudflare Proxy Tunnel](https://plugins.traefik.io/plugins/62e97498e2bf06d4675b9443/real-ip-from-cloudflare-proxy-tunnel). +**Badger**, Pangolin's middleware for Traefik, automatically handles Cloudflare proxy IP extraction. Badger versions 1.3.0 and later automatically: +- Trust Cloudflare IP ranges +- Extract the real client IP from the `CF-Connecting-IP` header +- Set `X-Real-IP` and `X-Forwarded-For` headers for downstream services -Add the plugin to your Traefik configuration: + +**Automatic Configuration**: Pangolin installer versions 1.14.0 and greater automatically add Badger to all Pangolin routes in Traefik. If you're using a newer installer, no manual configuration is needed. + -```yaml -experimental: - plugins: - cloudflarewarp: - moduleName: github.com/BetterCorp/cloudflarewarp - version: v1.3.0 +#### Manual Configuration -entryPoints: - websecure: - address: ':443' - http: +If you're using an older installer or need to manually configure Badger, add it to your Traefik configuration. Badger must be applied to all routers that handle Pangolin traffic (API, dashboard, and WebSocket routes): + +```yaml title="dynamic_config.yml" +http: + middlewares: + badger: + plugin: + badger: + disableForwardAuth: true + + routers: + # Next.js router (handles dashboard) + next-router: + rule: "Host(`pangolin.example.com`) && !PathPrefix(`/api/v1`)" + service: next-service + entryPoints: + - websecure middlewares: - - cloudflarewarp@file + - badger + tls: + certResolver: letsencrypt + + # API router (handles /api/v1 paths) + api-router: + rule: "Host(`pangolin.example.com`) && PathPrefix(`/api/v1`)" + service: api-service + entryPoints: + - websecure + middlewares: + - badger + tls: + certResolver: letsencrypt + + # WebSocket router + ws-router: + rule: "Host(`pangolin.example.com`)" + service: api-service + entryPoints: + - websecure + middlewares: + - badger + tls: + certResolver: letsencrypt ``` -This creates a middleware called `cloudflarewarp` and applies it to the `websecure` entrypoint. +**Why Badger is needed**: When `disableForwardAuth: true` is set, Badger extracts the real client IP from Cloudflare proxy headers without performing authentication. This is necessary because forward authentication is only needed for resources controlled by Pangolin, not for the main application routes. However, the main Pangolin containers and APIs still need the real client IP for proper rate limiting and IP tracking. + +#### Pangolin Configuration + +Set `trust_proxy: 2` in your Pangolin config file. This tells Pangolin to trust the second-level proxy (Traefik is proxy 1, Cloudflare is proxy 2): -Then set `trust_proxy: 2` in your Pangolin config file. This tells Pangolin to trust the second-level proxy (Traefik is proxy 1, Cloudflare is proxy 2): -1 ```yaml server: trust_proxy: 2 ``` + +**Update Badger**: Ensure you're running Badger version 1.3.0 or later to get real IP addresses in logs for Public resources. Update Badger if you're using an older version. + + After making these changes, restart both Traefik and Pangolin for the configuration to take effect. From f2ab7264ea938689ff4a54c0b06980d832105492 Mon Sep 17 00:00:00 2001 From: miloschwartz Date: Sun, 21 Dec 2025 16:43:59 -0500 Subject: [PATCH 4/9] update branding docs --- manage/branding.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manage/branding.mdx b/manage/branding.mdx index 9519b62..87d0ad0 100644 --- a/manage/branding.mdx +++ b/manage/branding.mdx @@ -10,9 +10,9 @@ Branding is only available in Enterprise Edition. Pangolin allows you to customize the appearance of your dashboard with your own branding, including colors, logos, and custom text for authentication pages. Branding is configured through the `privateConfig.yml` file. - -Branding is currently available for the entire application only. Organization-specific branding will be available in a future release. Let us know if this is a priority for you. - +## Organization Branding + +In the settings of each organization, there is an Authentication Page branding settings section. These settings enable you to brand the resource authentication page and organization authentication page for that specific organization. These settings will override anything set in the configuration file. ## Setting up Branding From 14255a6b749842f6578b798a013e92542f313a73 Mon Sep 17 00:00:00 2001 From: miloschwartz Date: Sun, 21 Dec 2025 16:47:56 -0500 Subject: [PATCH 5/9] update badger version --- self-host/how-to-update.mdx | 2 +- self-host/manual/docker-compose.mdx | 2 +- self-host/manual/manual-install.mdx | 2 +- self-host/manual/unraid.mdx | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/self-host/how-to-update.mdx b/self-host/how-to-update.mdx index 42046b6..af1eac5 100644 --- a/self-host/how-to-update.mdx +++ b/self-host/how-to-update.mdx @@ -64,7 +64,7 @@ services: plugins: badger: moduleName: github.com/fosrl/badger - version: v1.2.0 # Update to latest version + version: v1.3.0 # Update to latest version ``` diff --git a/self-host/manual/docker-compose.mdx b/self-host/manual/docker-compose.mdx index 03aa833..9954d1a 100644 --- a/self-host/manual/docker-compose.mdx +++ b/self-host/manual/docker-compose.mdx @@ -213,7 +213,7 @@ experimental: plugins: badger: moduleName: "github.com/fosrl/badger" - version: "v1.2.0" + version: "v1.3.0" log: level: "INFO" diff --git a/self-host/manual/manual-install.mdx b/self-host/manual/manual-install.mdx index dfcb0b4..3a4c0df 100644 --- a/self-host/manual/manual-install.mdx +++ b/self-host/manual/manual-install.mdx @@ -199,7 +199,7 @@ experimental: plugins: badger: moduleName: "github.com/fosrl/badger" - version: "v1.2.0" + version: "v1.3.0" log: level: "INFO" diff --git a/self-host/manual/unraid.mdx b/self-host/manual/unraid.mdx index 6444805..79e29f1 100644 --- a/self-host/manual/unraid.mdx +++ b/self-host/manual/unraid.mdx @@ -130,7 +130,7 @@ experimental: plugins: badger: moduleName: "github.com/fosrl/badger" - version: "v1.2.0" + version: "v1.3.0" log: level: "INFO" From 0ec73abcf3a55128ef2ca6eccbcfe6e643b49543 Mon Sep 17 00:00:00 2001 From: Thomas Wilde Date: Sun, 21 Dec 2025 22:59:09 -0700 Subject: [PATCH 6/9] Add ASN blocking documentation and configuration guides - Add manage/asnblocking.mdx documentation page covering ASN-based access control - Explains benefits of blocking by Autonomous System Number - Documents common ASNs (cloud providers, ISPs, VPN services, CDNs) - Provides configuration patterns for VPN/proxy blocking, datacenter filtering - Includes manual ASN entry support and ASN lookup resources - Add self-host/advanced/enable-asnblocking.mdx setup guide - Documents GeoLite2-ASN database installation steps - Includes config.yml parameter (maxmind_asn_db_path) - Mirrors enable-geoblocking.mdx structure for consistency - Update docs.json navigation - Add asnblocking to Access Control group (after geoblocking) - Add enable-asnblocking to Advanced Configuration section - Update self-host/community-guides/geolite2automation.mdx - Add GeoLite2-ASN to GEOIPUPDATE_EDITION_IDS - Add maxmind_asn_path configuration example - Update text to reference both geoblocking and ASN blocking features --- docs.json | 2 + images/asn_rules.png | Bin 0 -> 92242 bytes manage/asnblocking.mdx | 114 ++++++++++++++++++ self-host/advanced/enable-asnblocking.mdx | 65 ++++++++++ .../community-guides/geolite2automation.mdx | 23 ++-- 5 files changed, 193 insertions(+), 11 deletions(-) create mode 100644 images/asn_rules.png create mode 100644 manage/asnblocking.mdx create mode 100644 self-host/advanced/enable-asnblocking.mdx diff --git a/docs.json b/docs.json index 6fcc451..e86a682 100644 --- a/docs.json +++ b/docs.json @@ -81,6 +81,7 @@ "manage/access-control/forwarded-headers", "manage/access-control/login-page", "manage/geoblocking", + "manage/asnblocking", "manage/access-control/mfa", "manage/access-control/password-rotation", "manage/access-control/session-length", @@ -150,6 +151,7 @@ "self-host/advanced/database-options", "self-host/advanced/integration-api", "self-host/advanced/enable-geoblocking", + "self-host/advanced/enable-asnblocking", "self-host/advanced/metrics", "self-host/telemetry" ] diff --git a/images/asn_rules.png b/images/asn_rules.png new file mode 100644 index 0000000000000000000000000000000000000000..c9c30cd37c9f58ee194ff294543d4e286d0fd76b GIT binary patch literal 92242 zcmeEuXH=6*v?#}hO0&=e0i}1OcTkZMs+3SdlMbOul@g+&AYFO~DWM0Xgcgd5NGFsK zAT*UuC<=i{D0w;e-Q)4zpKrZC@2&f-WM$2K^X-}0eec=%q95yP(p+V^N`+*m0i{FoC6ybi_?Tv*}{JEjz52J zFJC^rC5EZ+B9(ji$SeKl zdj5b>W}4=o*5AL^?*5Imf39nSe`E6Z_5AJqH-G(ZQBb_P@R0hC<{j>9_J1@f?!LHo z{*U(ME3cUUXx`VlLng+**TZxFb?O`cGd0Ek3BtqJAMv;@OE0B*NMAzoBvbd;NI$s6 zb<^=%?X};?e);O5G_G;IOScQM@<(cpHj(tJ~DV8))(qkBMA3@OSXpflh)8XL+ zOmyulJJAs;H@9s!Ve`@j1%9dq8bYIyq@+tGyK$`rfI6`Tx4-EQ z^VCI#rwL1AGW|m<0HTXMQY`-<=7ftX{+gP3oKcrA(ko~6Eo_iAQh4mCc3gsSkwc@# zws{%N>nOC;blO8JUTXDT9svbWK!rnZ-yzZ^4Z3VU;By&Zm!!?Eh~;?lwxqmD`l;i~ zffyo}$rJw7%Km{7?c@YRc_TOf=W8$H#Nx)5YaIm+OLP#sl&_hwmgvWe`~pULGzS^0 zw^$e}mVeGN6Lm1(S?D_ev<2$-RKy7&P zP$VAaTCge?Ml{Wp`WCA)TqV8HT=H8Ze4t=Gxu%9@*2|K4FqW)TBNF0fU6@cHs?=2e z{nVjSuEhY@z_@{Nw@=N^Dn=7*CzDD?tj&{o*9VPDUE8_T>kN~dD>N7=sSp8{qgsxD zv86TKNBJekikZ^2sU5SefZ*)!?V#v%<4U+f^%F^x+GmOz`SR>buJnBtjJlTmkq8?G%ZSi{AA&pgUw0RkeZ)>gIyjQnGG4F)G3 zX(oGgb2>ewxGLWdQwwWfC`H8WFQMILmgCW70o30rd$Jo+Jrdw=ogH(|Ixc7e4)YgimC$ zVtz6pn79L71`Jc;v659lmfMk6Bdo%k-OuzVX8S+uROG^y>VJ<+zbQs@vfIJ$ItNKgk~R!H#l zPcOCFMVBvMP}lr5yFazZxjk=OQdwFv+)Q0ivN2KWy8Pxsj|OXUnGKL33J5YOx6kO> z)wGqgr3;75ZDa-5li5hMp4+>J@iauQkR>YbNQHS!U?4LY9__%U&CV#`?bngOF;muo zyb2^f9X(a($kmJ;u(ho?DHR{c$4222Roo7=SNL>^q(dDH4$?OB-Po%g;LZyB;u&+=HA(_zf*QNgnr55z#snaLJ^<$txZ1Jf1+OM_kb~ z3TSrX8)DqB>{nU&a-7O2k~LehsgYu%Xg?my_Y(Wt;)+^Eu-m`UXD`Fc0k(S^_YIIQ z&rv^UKM;f*TS&Ka@Dfsmn z%=TiH*Fa+6o2`#tT(64DSsRoYdaK{mH!)Y&K<|WVwVW{KI_(N&nJi(RsbS%p1ujX2 ze+Da)R$sj1GQLppylW{NyFlR-~>Rn zc_YYuQRUsG+U2A7kB^YO>ov990-m7!aUmPv#+80%74_g50SR;w7Zh7Gu8`QiaD&Y) zkY7YleWSuO4Ko!K=^Q5qOQ0Fj`i`yQI-s{j^}m_u`+4S$dHl_2@+Tt@4e0MqNtF== zC{|gwjYiA1FNCnwRvO~duEfMAmoQ4Br3NM*7k}|;{vyGtxtJ^SAX+0*UvhID=KO<;`3Rgb3GB4xb)p* z=i#$8+a3lfy^HyAwI%#qBI-C(Zv}0+lic2+uMV@Nw4;uMmFF-1| zK2MkwS2`SM-)1jczX!+36H3XnsqlEJ{g4>PoSv9I7mhL$K1Ro?>Jw}|cKhj-dIe|TxDEY9fQc-6e zb8B;A*iFSL{A0;6ZKlb>Dpc|8YC(P=QOfQOiJ+0FihjbeIzgz}?>D_&N~%^}8vDmG zeQ>gWt41AZpJIIS*Q;zb1>YvawPEQ>-%0;d{}b*NNI-7U3UG47>_Fq&Uy~u+I^*0c z^9q_bm-t-2=s}GqcY~_#KAY;ktu4A(Zrk-$jFIK%O{t~BS!r<Qa zLLjLXTa#CcGv=6X(3A<(C2r5*}PUCkO`0Mly^_|NO2ZI78!Zp_Q0c<>v4Jv3GD_m-F&WC z^eGWHE3J*nD@9-K_mi_d+NHc&yQ3CD(kdRWi8kDv9*YU?YVc;kjAExfozUi1n~O?xQ#KEXgIIe`JZ zO*LyWJNBAWzxiRb8!ekan4!V8Qc2_?Gc5claQ+Y&CEU%o5z^}g+#;BnI!x@PuIavQ zmlh1)2d?a@@*0Gec(?_(1q7zwnDD}gOqp%MRD-M~dVSN>7F6Nrn~Fj!ZnE@>3I>ZO z8cjF2jHH6?V`3JSO1{Sn0ar8O$6a}_=@d~<>(lBO1OKhN^;5=i?0IE5wKR<`#+sqj zJqq>GOSoW`TdIIyW4dztiMzq{#YwV`LLv%3l;%v<3s&w3Yg9}y{!&vScOL!F0JiKQ zO6#>!x(?0{`!Iv~Ey@-+34qN@a|5==-JR@0 zHg}Ek477EAxXqXsjNb?g*%D0Isd~$zXEXvlqfo=~@y;J~0*JofD^_-xsyAlf5M z4?3N&~-EX&g1JjVyr0+_ecD*xDr^M$n|9S5cjl0H9K-+~oP8|_@y-ckt0q8Yv8=$(r>$rEUFo>2 zMQ@x{X<>(9uc}-n2vE=4hk-PusMK>CU_Mt-_lN54dI@dKk@`c}X3}aq0?t;VcwOSw zufKFvXaOo(vn@_&0NZB=4|;=R$$GOZeqSK;O^Hm()y}fo8{YYfz5<;t{slfT^&oBvZdL@#5lTGYWnwF(pyyG z67*8z%^ik(D$3m+SNT{c?F0U{Oij~Tx9rp$qy6~1SzLpr-|i!w*Xh&WZS4vJ1HE^H z6Wz=n6jrv?ii{3+)K7Poe;Z3~=h&zP?$j7hHOp=~Olj^}Nou5jrsvTBAYNF=DKX48 zuFQ+K2?;&8m2!g{vEJ7tBDgKn{idw)(Ta466wh7t4Xz~JUz>t#txMvhtv;qM;- zb)itN^y}Ij8JqyHobOk>^gibHIoFS?0t%GaAIf3yS-_I`QCN zXrUg~djFy6YiaMqW~c!+78<%^cvhs$05jv|d+I#`3J}}BOTBh`cf}*eQtGpc{>>E4K1K&EmZIs@EA{=P zIT=xY78iaD`?CcMhcX+pBK#=x3^Y?N@Ke0rI<17c*ofw%=Qf!~*YaqoTP;cAU z0QX~YOQ(b%0?I$ul)qmsU<^{Mk(YR@aZiVfnnWlp!IWs^7>Jt@@!(XG$9%2XCCMQv zhX+mc4F9O07GWB%H-#PQ`K62i@p`N4d^$cqt2zuB~{u z3ig#K(*o|0>1z>XkWC!)zK!%GaI+Q`iokW8S6DzdYd6_N;|)4@-Ap3N)?8km7fZhk zHB|VKPIT zMNn@}PKKFNi+dD0vHneE>NGn$lBv1hB)h-366cQ2V5Tpn@?291MQ88)RlGam4>pg0 z%CJ&{^M&zR?o(Y1o3jVK7s0X{JvUOqEyNCR;2U{-wee&7Ll`jkF1{5^yC(pSc+S>LFY0PDduA zr;cIRqbIMnUCK%V6O}~H>Sum>cA@tb6At{o5mJ>3j-nohTC*PD7PnQ_Tz495hTh9L z4RsncC&VY|W6DoDIMdSD9?wJ_>}kkLEiD{NwH{Z}%c+uM^RTC|rts{E0X>7GE4{Rg ze8-=`dYCr)`hIH5aHEoLqy=%jPRRdcpQ;qt2wm>v=2Cdjv~JTBt7WJGdKp8S%UFvL ze@C_TtRsFeHcDstz+X# zl;-_*rFd+7+!YF%zl_>Ey!!EOR5~N6n(9?2alVu8lfM~Ewffr4?TLnzu*!zZYBq0yxAJLsY|rW130U-sVtPu2|)(*-rkN@QT9yUQE*Lm zr+D~xPWL~quj9Ay5|521|4N(GxvDe1T&r(n@7=)iDA91ljE`*l2uo^b6<<0;6vBtP zUPXxTsMpQA``9JLG}(NW!X@9eVHQ^#(=rUNgfUw|dNNkSLx z$=agZnyG+9yACM6o=3kfoyv=!n6;LYXfm}W_Pi`H4u_43lY_WbtC4kKK$=3hLf(_U z)!f33VlG%4C)_fnwlXDon|N#BslV+F^*s#7_y`;YIajF*WTwD=UmB?H9`deD} zduX|hB`fQK542x%)|bSpt=xR1T;bHcfIJb;_t zHYK~HClzN7->6}Sm+#>9jDgVuo80P&#tV8AQW7eU&8cDy_YRtIXS=6biAwcaGXMy` zQd4tZm&AjT@5VJo9-4(boDXi<(y(+Seq2*2G0Nzo$X5tx;^hmVH=&vNvL@hNtr}-! z7@|egQ7HpK^5n?gQYX ztv~~z6{y2{`kYO4xhpx;Hwi4ySRuP52UDk_P{Xia7o6fQ*2gXfd!E8;39(ioY{ z13B$-OV^wQ>N5C>%36E6ps~O)CgVE?7@XFIVK6t(!acR%5qfn>b~bV_u`+*jUc{ze zH`XN)`4#5WF5*QJzNk@BgkpGe8EmkHkd%UWxIF1)&WGP>D0Taen91I{+`dCI^!&-^ z4V{X-yVP7>xuwv6mm#{Z#=^DZhtJ-2zg?g9yVR+#>fN0z<@7}g7PvL~#t@6Xb(RHg z?==Z|S3f(%%gnzU?mC_$a`xoYOOt}zY=luhAas>9md`Kp>!oA5W5V0c0EB@oVP)3> z*|^jKh)*8xT%SmO1eJS`Y+n>cY>wUz@dG2zQ04_&ya2T@qMI|)1_hpi!u%uIhprpx z=NdR4@eMzfr22jCkkRqLM*mZ-9VrKUPgujRRG!`wH7-JM-biP+l&-X&t-|`gZ|K7* zo07v}_CoIkC4F*kGys~gEN>|0?Qiu?Zn}u8ho=(U`5{so*?15iHsggd27~f&02s zTwT3Q+&*673AgJk<(5w+i0MeRmKxe{88yj4H>wXi;;}|XOJZJ{+^*l_&+fz!y5R%R zE^>rgQFPB1#^r6M@i5)lkz;)SV$_NH*XNhaq6g-dq@J3;EaI7DZ-3KC47TTXUH&Cr zueE2oYZh$1yVzAaa3gKfV05`f4we|?s@e0GbTBz&uG6{c?cbOD7B<_N!DG;1md>x1 zzj?mWC(*c4`k9!Gv?<&8&lFmoUZ;(O*R;|tLco^r2yN7{O)$`MFS3dI3po{QEERmn zsh7VEG={_qKNUZV`q{6|z=TBmzj$r#4S@-6mVAE2t=F|rIp8C^sr3=O!m+WA##5s-0HUj}(QT;E` zEWxRx0WwjCjF2s&R{l>1dgbsM#)Qn8FH1-~7KfZ1wOooQXa>x*;X?H%^IemKpVnK@ z01gD9p&fy24lI#6u!9mnm0(G(e}R1se&cM3_q5y;d;kblk*El3F>s4C2r|HLSe9|q zBn`2rTva^~IF9k#?K;T>48m1T{a=wyFWJmLHL`A?zqvxEUOrqRTcuZd2vBeu#|jF# zq#E3;@tP{wHi8?}Q|e*s$_7f5`6%~d{!v@cb?kn)*uU*^wW?dPP~QKfvAr#EW4@}i zO*^d%sqUVC_Sy#fZPVyNdb@&6Bd81FjA%-4F_~RXbIMfx@b&1|^QM}kG)zZm^&0>7 z{?{X)92?@WcE`^(NM)saQqlRpE(O727C{wjwu@7}8>9|}vmFKavELJXxOs{F(h}PD zS!_P3fJQLL_7T?@X)Y?2^hpdqZix(7cBr-ge$z2F9c-;WKq4oBXZ6?!^KZAaZ)K}U z7?E8tHs~BAB>Kv3^m*)I*?F+h6N_lHm+`V}s|kpGeK+pjt|XUNoP-hCfd;0r$tkmH z&<&>vDq3*?V%Rs(8P!+A=*)1iDJtNZT?aXjHfB@2$5wT4LbR^jcCuYa4B9|UHCLRN z7dz^`_55{trid%lYno{xB+ZKm%O}n=ZY%rh>haO2_xAKXjs?>(f#*p|RiEfAMLiai zm!G=zy0bRoeB!g?D{2?WC`;K-RDL5h@YF9j9 z@XWy5@?@3Fiq$^}6K|MjzL!*bifvBeVohe3pqv1vpt1MRNSwp#CpjGM#Tf#wAY^e21N0r zHRy}Qm%pgvrrlR@BXjiX8a;hCc!RB83o2PHMj4#@J@SL9%tPuAJPZ}TmbrU0dbRc{ z3zckZJq1m+`#*Xy{T@a^t&%dI|DAP9%sUL-HgG1;$hSL_}f3V02G&4NV4pIAn4VFzmcXmd+CaqP4EWjPh5#o zNkd7YUAz0ag8=H!5B?=B1x1^K{FOg|T>GD6bBh0?WAlG;`2TL5!V`S2{-^G4DMzhW zoSc#TN?~uPxpcpMJFR#BcXt%`o@24?dm*!vm_ThlgZ%LdW4=iYMup$AwY=no9do_8 zutbi?RVvB;rJv=kN0Nx<<|;TGP6GYOWkl;|&sw+zgoSmlU%ws`6O-Ie5674$DzPWF z+wAgqqAtE>*5ys%rOpmO)aACG-dEpKX)$&-8fkPK5?T>L7PV(puc7v*cY zsM!=uBJKWu;8qLcAHwzg?dWyKd(>*=1+x8EI*|W-je&uuVW#>fpFXum>>r@-_qn>e z8#_1@4>>m!6%}2=n?tUOGe;Ko^=V1V$k4hv{5f`gsXee1@9=YMRLLhFSSPbBrN zl4}um%nHGK%g=A${sVxOjefq8K=-{%j*F1Y=#Ni$|Ev?b0|0w_Prbbxan1f-mhM$5 zDq~B_+5h%@_@_@J@-ClVZxcMciD8|8$@BjKy+w&;`O)R`H{<{4qmVQBpMoKZ{|jYO zqIo`5<1S*D6!)`t^F2`kc-M-U=9&p__K`F$?fUumkGp2tjVX14z^5_6zF%kqBh)CT z{-tgK<(DV2Ux$Y3Q5J=Is;IOBVarzcDxh_f<}8&Aj*vqrZ#%jnbDgPo6U~LgY$z6w z)azAQPNs>n%^APb!^!e@&CNr5Ir6LcFv{@O!wVcJ?%wc?w$@uZ)&qpt2g&t%~ddW0=l0xUpf_?t7+FX>znr}OZPeni@z^RhZ;L? z03R*FjmU@r?zdPQGpWMUp3=FG?Y+EqMIzG)H8lD8E6=q#C$iUmX@w(TkUam+s;Os) z7u-wN_D&hF65^7UzetpCMg81pb6QZ6KY#ZUWVCXd_2onA;TqH~;tr zHr26R;A%FLu-sn{+ZSHm*$z$>-Sv~vV4d9s}RKTx15}OiYccixJ5p^41P~(@5cow`bct zA@53bb!4L+*3DL52=zGz0qZxPD&ujD3LV?3=ex;_n&q@aaBfiW9T&GS{q-VMKo0fM{|8{9bO>w=U_+!MytL&-X`i%mG z?j0tp-}Hwezue%9ZN`*z9GJ0gb?g~NL7BAQlbv%*X}n9w9jmL1-*-WT?3-?jDpwb4 z(pCM+Yi>My%>WAV_R6rh6A~6^Qo|?`YH>6h>;Gfjj!hX<`8{Z1e6v8z#0G?N`m0)2 z*znAbB%Z*oTpfX96jZLn$*iWzhjf5rO2EZdw#YzhyK6oI$pc0PX3!=6Qz9rWEU^Kfb7e}Sua?HL?^mi0l~ z$MXgje^lpNNf;Qjxg32Bc2C14R^g8!AD0f`^|Q5aTYKd>OwW>a1G?&)=A5u>je0*D z{2Wyid2Oa!vsW^k?&}nUTjc25E*fo*kRnV~J9J~63r>moj5xFiDR%}2#dulPs3&@_ zU)S}?@E#rKP=Y1D`;j0oVkVog39GesT%0>gxot6Q3Pafxtu10V7JEN(uGCr-s*{%A zN-Oz<^(w*t1BQuqs8Xp2eD?BX~vEzxb~)rj9_iwdQz*oKw%!(?vjt6cUuMWvCqVTPP{; zWrJYeNXe&Dn1OlTnRBm=vpnlB0U@5U!srxIhq;CIIZD$RO?k2cL!;%Xq)1SXNkWF_ zPHxBDIl;AdC*rQApA(%K6XqMOe3atyP*#QFDue6BcTI$|?PGQMxk~&j`@}%6bKr5c z1$m6qutjw>G{5+ymxHXv2bR5XyF%Yx0QnU#f(Z4i+imquqUf9CX^lOtZDlQ&oHz=q zc2AVd8oa_a=uUrB)C|hJvRpYilz@jxnOUo_Fo^ZOx-HMU?237L5!<+BCt__muDXWV zH1+I&Mn~Tl3Q*UDUg8<~`Vb{OP}rKN42SvMp8q87Jac=aUVc37z`)NRwN-}yKvy7- zt7pcH$!Bj~4k>JXRAuI+vLwv4vv;ne&gDh!#JP*^4QeC)IYZE=#~GgMwViI}(oerl zgzO<7*ike96Na)v_$AF`JAb|JY$&>asxbAi+Bnwq1Vp!TfoXRsExcP7w)nQVdQo(0 z=S*qA!rc2;P{(_p(%WoP_kP&oUImAIXG#{|A3uO*OLPWf@GkfdgaYD;@XBwu_qonaeL?htbhmiP=AuBUjBgcI@RadQtb-{LP8C9P&s>sevp-Fl3~t8DyqpgzA?7M` zxoUh3zHWiuC7T$FMEEF|Y+i6=?7n@|03%a-nJEN&Z&c^H)z{WY%QS?my4c_95P6Y~ ztX?qVuk#=^d<`DO<4Allrk)LZ_R(UbV-hA!&>NpLOQby+96d3!B3DJI9_r!N<;j{0 zHAAg{%?l^oP?j2Az#*BwkU5bj?@W z!__77IN-5tH~E7Ri1bE_Y%v;q7=d@WjAm>t{2vWi=`ve$=3(a3c76 z(Js1x%(S;2xVF?+Rn>#1@+7~_f=;)*w*sMlSu&@At?4RlRzkAr<+!h5$USH00n-lC zeMt@6W)+{?nb1c`x<)WzN!D#^@{F)!fm6VpO3nI7kz`z^zK42d?b(KD>trYwA1GRZ zf$dvsmsjyjRTf5SY3a1a|_|L_OxahU3 zA;Om5e_?ff2v{C>CK6Zlo>3lQQYj<kQTA|!4`DZ zO#Fcw@&SW-`f!1nF%naC>mwnKlbU>L!F;Ss&AP81`n{SClTx|#%8MI&tLNBGmM!2= zDapt8nuLUKV2hw!^yeJkh>>CV_8MkWxf!4D|`l6kY>u=x4mySi36W ziCQe)bOwNd2a4_p{Fv!53l9)E;QxMzXR22jbj?-s)sUezYHa>%x~OAx!r4v^+$rSS zF<~=0=o|zGm0c&XLrmS-cc@v+yIeDdtEp(MFEk{e3{8JjbJB$3KSSs?UniV96>?7{ ztqX;m%_c~07eOKKAJ7ShSskT4;B#51ve<=BPLI*fMCAZGJR|lLorixtYsiO=6jsOz zn}qawh?yxmO6nk7%vnkdME5!mPn?^;guT#%4}NTS^AOlZzi3SR`*(h;(Q;8+bt>em@eV2CWOkIR@Fy5BBC^+gDPtovDjpMLXjQkFpPDBETyG8Tw*fQNVSx#EKo-8oxjYR60IUW#c~ zS$V6#V3EeFk>FNZq(6EkIkdb1*E+c~R?0T7foe9bdgfjSCJEdVRGJfAdxjhe9U#iN zzqAgft9`sMBjZ+uA-c$xSAX+hwJs@4pi-Tx2TjUc@?=V@pbT%)H9IN1PYQCW8?Xwf zT&Ob@qP)}KYdVkGus?QQVehbJK{qd(&Wx}LhK>rjXvTc>m|!?flDyIk_HagpBUPTo zJa1Ciwn3WCx~P;^xL7Ncs***%4T!awftxkA0j)bVCs#s4j^Zqu=ruE7YUC`&5YzF6 z&c0*NI0QQEggr~B(rGC?{7UOdnms44Kjm#>pR(KgK&^y=eDcQD z!}aDAKp>Hz=A=_Nf(JyhYTjG@;kD*GIGJLpbFge-`NY(>2zY9`<57hvb)v&XH&;?N zg<(%s@=>jAI`~7JqJM9(eBSlUpOOgI6J3$y5}D>oLWV0L|C}eN%L0jH`V@i4GjaEu zBEaiR1+3OoS=Cet!=}xa@C7e1nW@c*)pu7UKJoaqi00d+4P)So>8)sN@nU*KH7MiG z=h1R3)&Mn1Ib82Dg09Z>=b81WPt>296gV8g%`E=S`lFla$Bw8e6;D^1wz^g5`>ubJ zE|+=iBIci;eLowNB#wMq$(uk%Svn!|N%wsGQh{cfJV9fEr&}9rn-;XGP!mLVMSF1U z!E&T5KIb^EK2pcI0oYXdAP3PDNOL`Rfl7OFe4~DpcPAnLE zT!DH(&kXz4;cstG&$SKkY~;)zTS7Nri%sFH8@D)rG;L0xM2EL1=Fih7bCYA~nqLun zQ^FH!gprB4nbrYq)(;fj_vfcxv?cy)*Ey_Am)zzrCW0{p+444Ey}o%llZ{1KNa+P! zfaF0uz}>{?TITo8VUcFVXZZJ)P8Tl<)+mQ2H6Yp^0pVw;3?;%lXNDE9X}+;pFHsYi zsMkD*h4FLLR?yXsjwkM*xzxQT!+9$lxLanbZT#rxZAsOpI~Wy4Td~!IgBITF^%@pL z{1^t~MRruj4~IkBL{MYK!?q(1m{&3xrVGJ2`EyI@LxIDf!}|POPeK=y*A!a5)tA27 z$YS5(aBTMAifUISNxh(I7IvWHHSzJKe4F@$XwGm=m1aD!t=RI($4zw6imLH&J0)T@ z!bS*HdHPOw(lg8V0x?%!+00ne^YM&Ikl3t_1eqx(aE<=i2Y8i0)iYFE+1DHR;TPkW zN(`pv6yt$k@E(TH6yViVHv%2yoy9O*4Q$psb;l9PSR0elVvf`bkiPN{(nv}%$G$d6 zHI%^47692jCZ#zJ={}U;6~FZ`ll#@(3!h*B>U8s@Smd`itkn!?##BZ$`{rt@=P4T) znE5WginY!Un?iW{D zZ9f!3R50HY!`2iFP{)2*V$iUKMN}Eesw4T!?}{jj^O7WC-X)DiE^U6cNTaF~cPfVTU)shVL;ApMF>3%z5y=QptO$vUq{ z%yz3Q5R>emwa*52{dp9!E;U^LT8ByGagJw2_Udt9piac*EV1)1&$ult!$XzW!!JKF z&zfIwB&a~_F^v|cS$<*)Mx4CXRh?;~4k>Dfg2+n2EwHQm;|TA)`#EZ%1rV#+8L_d4 z<+FvSia}NPX88=A&cO2>_YCN|wp)B`H5Zo{<2n*7?+x6($`b?t>buj!fO@@M0WRwxl27ZQ7nUbfwg2|2 z{7hRwr-A!?AVa!L-@G&X?A(bqM8Kt1l6EMjxu;J!D$H0u&QL}#_SPM>uSP>RZ3|^Y z2J)fbj@be`nu3d)PBuQZu&kK}5L^d2v@E-)zZ~4yx$#>&Q^b8q3(b8+&Wl(hQ+JUc z3R*P?qK$zaSLVlxj9hK@wcox<)c)0p)H$j@h>A&Y|St_Uq?07k+@FymuY`EF+;P_vv&}i zLweyG-t<^pdC}dEpG25Nz|A=04Zn;&D01hYEbzM;+WfTNS^2afO}oRjXI{w#(WLV9 z?uJ_OoKtW}^QW1~Qt_eT+Ek=E5C-fZ-Z@xZ8Hnj{T@ba{Nij#y@?`OK4vA;4hK}?` zpIf=To|kz;(&>Wc3+f=VH$uTyze)2v+^Q8ootz7k$7aoj{^h;VmNxJvmAiRsch@xG z^i$a?Poit@M53!+V5R+#^Gtg61ZF$Yb$ECN6tKwa2_dSVf;}sTzA!t@BObV?qs+ke zjrObFqhcHuaQseldwleMK(9y#lM)+4p!_UL8cCx@8)7QzP|q=uz$fdbo(;q_u7vm; zdn2T0`NTh3SLVuIMUUQXWz_-hWf>Gckb#pX8$!VQ3h-9%l&0+v_1TeKC25o;Do<|_WI#i{w4BGbN6YI*3(e}Khpi5}+o*!h^*@ReX>)u<8Yvh~|Y?!I6 z4rL#!WuJWqn;ArePjH2R*HS`!!u<>QBRRZ^4|lP!u!3qT2dvoaNl@KA>!wUs*uwssra4(#YvbPX zO#BLHvdVzPv9_FJxsRsos_je-TTh3PvmE;r8rJS)aA(Uce3NQ&2NY@EXT zxbDWbS}Ugb$9Z~%Bj)P6p!YSyf?mCcW70LJ0{A4Doshu|;YXvN{t7f|d9+_*#^5Cn zS;~>H)$v}>FZ)8Cza3y1-rjD;`9N%2AF_eGIY{RDfHhx{VViRNM+uIa^{4+P5Q%N} zi79W}7=Ik@&cRM{WQD3i560zO(lCx|n|(rot+=cBxx;x-BV^@h`xq`;jY(%Ub=QHe z%=jIQv%-930Ny)86P3O7NG7)UdI;`%$01ykm{@$*Kx`#&*XQxC_NLDFk5Q*6^ge(V z^P08M^IK$i=ep^}F8h?<>-j2tnGS-ajKoZPFnNiWk;Ci?5O%-0`2JCLZS~ly1Rmd? zA~b3IYAhX2Suli&IPD=EZ--PUs;m{RAr6A54(1@rp0TFHyqvV~wbj4coHA^brIMEv ziM|=Du9`dAPVk+L6ju=t(&*N%Qq2i(e{lPKsA!;&^u!uGWcDFE*!A0MIa-dlej^WO zG~R0{W1HF(eH$f%5cNA-JM(v{(pB(9=_*q9kFN&eCO_RJmRH{bGfH|5#Hu)V)QR5D4L^bH==uObw z3cTv>cs3vFr5fT@cC+99%2#_cygv1&#oS5CF6P`As4Wm7Vb9$!(mR_7K2<}SOiMkJ zr@4q)UpPnutv`SS@7->>%k8pSj1M%=;?6G ze8{gg6rDV6^0IJ<4PDKAc^N@IQrOH_kfbULKD|ka{u;V(zPf4#FE%_vQSZ&ZwS;vY zr`d?Gy$ceZRQegeJJX9OE)P0gou;}%od7{17RN|aE5g8$k@oQ39)*B64i+`bf5?ca zZx5e1zPS&+F^D)TFh+66KS4oEs_MNbB4+*4Y{&S^PzuGzjxPdL+DwHo-c#X=aj$8~ zvOZnT(Cmqx@Xk1#59#QyIYqKh&I@6{xEEg*s0KZ0x1sj%bkW&z&szGv9iKqxPI|*g z&B^@i!H2z^0K&~+U#s@M#mDbF35%tn9J8>Km>u6)7AGh)gWV>mpb0X1Cs;~`O+W2y z!w?P%$zVSTsJXfw-@z!&DoE?vYp^pO!*ST~VJFa)bcg`8;ln*4E6=r2&G0HnLU$`R zknBnmgKM@N^q#B>AUMqwLwPDQ5$pMr12NmgL5p@By6ScvOB=a&<2&O1vhpS^$4}=w z&J4HNByKvri_x4hb*Zp9p0NgnkOEh3@8tM@RkC1p0QWKQ@^P+Fo`Vr=bPuNL&fx;tc(ALupFPr95N}24$a6Q54{%4IaI9W zTwnI`X=mNr2YePgnIo*F(Q4jwGK; zLnr<5{s}99mOaH+0$KVeLx&W)P!G4l;72`we<^HT1xJl%{hause%ow{mLi|r3lyX^ z;mL#orINBm@7u(MwsXp-qlt)yzF>LIe~WkSC7i3qd>;Ae^(Hz10Lj zeVgy!MNv?koCEyMmyscS5PSQ_7XRP6&D^<35!qX^zOkSB6EUOR1futp0oWvha&QMT z(d7Tgg+88y+deRl)Ec&WR+T=45Wsr8wF=yx`DrUCH8jB%Bx;=8Y!!O;qy8$Zvh4$( zGn7=o>u{f-bn4!~OQK)s)3zptdX1QIFm1U7#lA_?-@@RNlnc+BYg$lL)M8x5D zmCSRUUQ!D4OA+lZCxqz`BDZT9?3u(TXJu#jR68NY*!QJ+?b$cIw7kytSoiCaUSsvF zM)bV>E7fL8(KmpK$`a-d^f&F^eq=4yN_oISTG5Eh_;9UfsLjw~B5!Y+igcF3d^UzX zCUA4APtCu-Z^v*TC<+JeKjS;SV414q{bHP<$XFAS{QLC^6we3yP$|s1_2EnUB026! zxhq&gVE)xA@Fccl2ON_J!+Ey>sY;zTXPcYXdouQxeXL7I&vi=+$Um_2t=NhujaF&q zh=v7*B?g|9KDxdTGC65m^ZZ{frD&-?3b+w*SHW6mwYUFk#pK5+8_dU833{sl9xOo{ z&XT@Z=8YO2kC&v~AgHVKUx@VKfr*%65DjULS28|M6t&&#_2(wNyJ{eHw3Ybe@m4%5 zKBC7^Fm(SSL*$4tCYQd)^3#f2jbT8~-HxCi?>DjB7x`TKi8LS|JBQ1|?b}e?S~DO& zTbVelLpjNuUF1|X6F2DXHY>Z@?imDgq*n!(XY56l7b}E(UAjyCbOzKFURPwWyk4QYOlL9m z<~z0C;}FyIRo!NR{u`pLAhfxkd9e4c@yZ>B*TdGulwLVJ#%A%LAEyQGFG|{i^3e%| z&?a&Lg*__Hg{@WN!Yvi#^n5tjhnBCNv+O8leh1eMy@QRmT z8K>bi)YQ*nmt2OhDHEg>B1MD&i92%k`7p&D%i=8f?q-m8fvGP>iHGmAfWoipP4EDa zIHs~<=0AK;h;?6ASx{52*hakFT9YLlH@ z`dNT;nu`oAZKVs=&J{5Pi!G3s^qNXMLv0(mC)u113kkY!*TyGT)tRRC>~3@<>Y(LZ zMbiNNgQSekoa-~EL8YC?OS%BP0q9TF|Ha;0zcs!8f56yBL^vufh)Q?I$b)pp7^4Q# z4bs906#)Se83Uvx2OEs;QYq;gOh!q=Mo7b`d*^)OoX`Ca-1iUPT^HBb_1^a0>-Bne zJf85?Uk&0y78Ct9%ytia*;N=Y7LMTMIZAvBtN+1fmpZ#W-!BH%6h>F_gL#=io)TtN zZ}8BxhfLAjb}4uiTP5b`l0hL3AnFW>+9~_JFS(4G$(Hjv+-n9G>GVy^p#s0k56xTG zxW3(k@(q!6(!U=H59}n=+!!_@%gco_0X{3cD!y5Y$<^l7PQ-B+nZrVF%CN%2!BCIA zM&HI(Q?!pG2DjVbLKymvLaU722sqcDYZTDHUawoX12y0W(`Y=kj5TpJG22DPfdeTs zv5K$BwK5R>`7a`!@P^jGi{gEEk+)&xyg!CoLJ6kJ0UFzXRs? zkBcQkE(EZ0;H$qMGdKW1h zo^kTpcTq#eALW0Fey~(RH0jLFN{|#%PF%I)KEaD31*A*TXtQZ*$?`Y~Lm{HJ%}6<7 z0#CZE;n4ZWlSXN79iRK{OR|32_B2UIc~g{eyyA#6YX5xvGM~EddLW+H{&HUnLX%X~ zvF@yyem_5vdD*=z5)zn0cv$3B#SsE&3=miQKx+P*86{bG@k z0cV@q*pFSwwR<-(3Yjy{BP8;RG`WC`m-Wqmv9ar<7X#Ks?MiqP&wY>Z^%YQbDu zvTv&Nx9YfJ&!`4sTFho6HIuT>o+)D4xSd^ML>!dYeN`IpP~-Az?czR@H$xPlXpYnt z7g^H+Aflx)$Q$NXwc^}ZY`i>fm61Jluei>2bLLX1ibF-i%Bc6kIsHxUf*8Q7c171E zrKMT5lo@taN0W$PaXRN`NDCeSxyYHK6Lnt4ypID0Yc>{M#}sWSEA%kJsD}^wofRB0 z9iLv@keC9!tXAek@{oGbKi5)*KXoV@C5lg`1-8cNkjK>aB#VHt1Mh~{dwcJ=Z*12+ zF5b%kKM@`wKbSyOt`+fYBq7o0k#&Dttchyla-&P6M}J!3tDq)biCa7zPYj}a7}7kv zi;j=!cK6R#l-$jBXYQIMq!zipX~py)AGo+tjpTRO4KyE;g3_^upou0iCrbUHX-Z+< zP~Aw_fa8I4rvZprAty0gqFB!Ey5IYvOSK=_T^HF$uzXZ5JR>2eNAWHXz}qNpYrfjm zZV%f3H;=zENE5PtV`gsN-C}V$6a7TULU@Ok0h8McW4v2?6Aysoo&{(Iqd$>u50cas z?g2ve+b-K5fdY;oKdSA`LRPP`^Ea#PeQ5g}-ZDEO&h>OZ|Dt};k0ziE^M-FYnp)@Tr4qkB)PU6F)W!B1q7O1T>SZpXL+!nS=_H zI=j$Z=IwC`)|d-|P@K{}YwTG5u`8WZp(zr231~U~01@yLG!d}KqbZ(`i6&3bt=l(G zLA0vhy7V?2xCdD@IWfpOJb9nzjJL5LickD%51vJ5_HNJK?)W{a(0;A~xGq|mB!@+V zsg9}=-{_T5h|$pqYt30Usrt~)Aqjf2c_EbXcI8~>g>LNW1zoH%HH1wVTC(_>PNij= zD$28x+jZRrG+}wx6#%!`K2PyyDi3Hg@G#ssaIHQ}ml$aFugz5e6m>npL9Hn$kkhB{ zz2y%BWoDj_G>>$MQ&?9>bTXPP9skm4+0{KcnQMF^4Gajr^k*OHGc+6_Al)9SgsJvV zz&sszq{~(88-~{7)q=Wu^M5>SEjy4b;66=XMuxVims)bWnblT`@_T1~A46kjlkyP! z))Mw%tI*!GFqB8h#_Tzpl&(+ZC^hqse5J6Ls!*QBRnr$4l^#}k1nq>F+oDBVzF;O( z1}~B7q3ore^ngbCX9fN8Y-?bSg(BZ!8 z(B=KtwCvrq+^dp9$oh&VI)uO&ZktbkV}p-LO)_*kK zFRIrhpX?fWvnHt;xo0Z3aH5L!)Wa!PWOUK)MUv~#!$3OP*K9S$%j*X%%iaw4;R#tk z9OqkhoI=YY0`+_vVuc@mCt~N8uI3=E3zp1gCAuyUHxo5O0%zc6r>!eI> z5&mvr&Fb#PW;d{rXdjen7P$exwGnd=>Ka8~`v90M1as9SzRUo{N5yj-0zp zsZhA(g8gmf=vW^6Ux)Q9{Bo;9=w{?QWgQW%tTb=X5#aafyp;#b#1c6bjR|Fy>nSMo z`8P*?tHTh{8J|LxN2b*GW%1NEBRV;Fr1f27t-*Vpu}PZ<5X8rd@VXE&={14{uYgE)O;-Qhx|L+)rCq?T!h=Gt z?>#({+T@X$H{5-%9ddNb3wgHmDMm}v$P`$ns2fO+(|30}HL~YS6BG2Qgz-I*Hd5%# zf26USHQ`9N?Xn=p3r<%fac<#O#O|K05!9H&H3lZ=Vr2r2m5l-R=NHWnBpp_T5S=>w zDC#Z+9m6Om(DQ@aJHhDxhCYsOU+UQW$^yEgw8$yIb|&xg=LKmQv^i3*vV*5OV=ExC zn~qJjcc~<}J0ABqejQodT>bT{f=|R>G$Nw!ar|J`x@W}{E0zIUFtsH!{5Y|PgiPU+ zj2_8&y|wrDJGI-#R%Bea+C2oyA=@&Hgi__1#z}yS@qdC9-jLKP{qQs-_!nduOyQ4d ze@t;R;zod=*dh4UQHdE&7RJ7Gw&32@Ng+&kI?FODr$@BH9aICBVRpaWP53G)Y|XT? z#vbiz5)s8qDxD_bHUiyDj%p5R#j`vT5G_Zc!lZ-BI$4tA#gb`ov@HI%&bT*B&EFtr z|MT>XlAVYz`yPfl6jG*J59$*E+UX3y#KpBHy^GOeRxFQ#^*ZG|yP;`D#}m4#&Ah&g z@1@usySM?OO}q&U-xXVqzFGrReJqAQy6>;K^_gnSi$p|z|C~H>*?4PXdv>TlOIXB& zZf$DLROq=^p*|36!O%I)?8V%^dD%Ca9bWCKyf-zMP56%pCSzUd)}Y{bkpc-0y}!;r z$tMD;ra10GKXFN3Dd6lK*3VZ`b6xgoSlZPbk-LMWYujX;ZuvEhAD!&0MlX70CaK+w z&|bUTxH5Jfco{DI^UW_%yA^ylsF7|-78$&%!;BSv9MJja{SqtQ&Ac3KYhz`2dLJ$u zQtL3NIhKLxBp!;Tf3plWKB<{GsKq5+;>zHH;oofBHM0QbJ`M=(z>7`IESr&SOI#lQ z3Z5zC;a&3ERO_0@&N5Kb3^2boUz%es`7fvVhMvTT69FXD#o(ZVPU(x{;$ z2KO!fGG}Jzbg924#6(MI;KN3cRNJN@ha?cH;@jj@C15|$CcA0>{!7{2mjyyTaP8Ol znsRztdxH-B*ucD)vB!x3J^R&M3 zXyoqe`82!OL=AyVVs$7+P2&AD`+Hs~Lk-|lc5uV&R64?Dj(_{w-5Jl1r^+I^7tKQ1 zFc_Z*bJ;qx`HOs5VfT7QyMS7imUreB<6hB=R5Lx~?y-=WjSzP~TTN}_5-B<~*)7f^ z6Rh7^=SHHK1-LZ3W|T`)qSKpp8rmNuNvu}tx6D(*3%0&^LW<>wSMqUd#>^t{Y4<)L z1Kvrb@oDP5gUgCbk4yEhcG3rCa5i;u@hPJly+P9F`5&wgF1d(fgmqjgyO`#^udv|z z1{Bt`oo^3kHywZZ$9aTW^{z_)hw;8FON_?N3G(XM<{Z*sdTlGYPi0)IpS!#)E4h9anQ!6O zZDh*HaNh$1tCq_4r>9P6G{Ne%aAkKujdkL5HRjU-H{Dc@f|=;i`6cFJLn1JooC{jI z5V&c$A?X2{fWOEdqKNs_s!a&nZ}S@(HEkif* zFN8Z7+zcjg*{*x>TjMb2)}u5#@;eFhXOvgNvFke-iC2}V?*)xV^v!aBQhtmh)eGjT zO?s^5t!~$ntabLvn_7O^Ou(7vgu(EE&LS~>^BUE;)>B=G=O&&Rd@h_ct{M53y*JBs zU3{*+P{82T#8PUfu^Z3;H8YI7zU;E>I5-^tJocOOC*Fmg_kxp(%s ziH)Sy;bll(Kg4I6O`-e0^bWqbo5mcbgSIyVXxf4*V4kx@EJG** zKS=C1TlY%UOd!NPmYQx9wdvP+1KDqpv$W2;|D{U|ByC20KjkT^*fL36fSr?~El4k< z^{|-+A>*kt2CGpRKZx@OVH@n;>FRsC)i1dl?yTOmol5;?idO2zCk1D!mOPh+wUxB~ph-80#VFJ{F->a@lhuR=Ryqvo>VHBQpEP(P>jRhCMU9}h{E8Py2GyihpWpc|wS8%b{!YQNi+=tB0!Quc zWMGS;UTOLu`|V;Mv+6oDA=t@ssyq-gnqMzv%0F-D6MeWLm%p;5=q3;X z1SCH7>ptTPIa1rhSlD8@5!8v#fhCiVYm!kpvy)_$E%&s5Ler{KR{ItV=b;E+#7nF!t2miO+D*JW9-nGTZ{;hip~Z%LP_%Y;AL| zzbr*kEf<%2y|u;3sh;LyoqDE8Inej)NEt7~yR%%KdOG^bV4R(>gyuI^* zRK?RVU|FS7w{OU^v=T}8;dqB60>(MqrVvLxVutQrp=PH#3d4=`Z)=_Z?GM)Xzv*9j z#~(iPJ1uRYsNpOu7FIB&6lAVwPoPV$=E-Ye^^MHd3L(f$+fjs^~2m%~IK#<^- zqlQ2AQEnP-_|uY}G{8(@$EV+GCYVN`m*;60yLDzY0f*B}MdclVz1nG?$7oJ?PWqR9 zr~^MgTO5T0H1u zgZ57*3=2nDSoZv$n%iI2$yhY3^qTSR;OB-YuJ<* z+M_1@sZNb0(}hsS-EvxBNEuL%u3+Qg7B&!O9w(ZsgyUpz<0gK}o!Jd`?=@lWT@;fX zYTQK)hEcO2kg#cRaOe(Hf0g8IfyoE~YfJWJxgz`m+H&ta zuA6IdH7S&CK;JI&YKd_n>W46KDM=Gjvo8zx0;ua#!VCW)U=DSMJH5^=1e2O z#Y~p2#w*eg#=$#!8qurJJHB-p3g#rrQV~bi4bP(!T|`x#Z8CJCcOK9jn@0D_AGwVF z(RTXZ7&={+%FJddH{j`MilO>jmBjlnF~EvT>fktPqg`?zZ+;_u`+4q@l|yv`y}_lG ztYhSs9yp|-SANgw+uIi^y1E!UE%;T!?!jC`)VOn>zRinp%@0hVJm||!#*wo}1Rv)A zm@UuY9NM2gPfSdB2}*u((b-_yi2U)xWE_i)hj#w5|2r$UsIZS88F}<~StlvkT;Nz? zVgv?DZY|&Z0F9=9r8qK1=Q=rhLzBE|EpJ$=pwNU(uSMRq`MsLOe{M&5{;3uTHI(e? z{T;2r?VOfkJ<{CI2jJNt_6O>Ue4?Fe!^1^oYPvv;NI#oTlLu6}z;b2d=ZuKQd{P}cA(?}f_O$vJ`_fa^1F zR~bYOM<1uzvaOP2l!S6A4~xpeAe9%n2=uQ%JMo_{%OH_F*aT*j{X^BHu2jN4Zp0e| z+8k+@{M0S{Ns(B1_VI8#&~!+yRx!2-nEhB?2Z}ZoDus#0!cfGo|Ltu+c z=M1vH%P=QWW_AW)SecO}ZVNVQMV9ez`3*3R((nr8J+3Ml8>?9x)Ct<^!wGemffG8ot-XCNh&&Y{&4Fxsnn(N>`xv~E4@Vmk%RlEwOxE=ud)j*^5+%ZpO*{5Y(fS(!&)N5UA(L zX2^+#T(byh<#TK+t;^V`jvl_Ig=I}$qXCKhz!SFJhpP=N7`45HcgkBx@tn|t%CAX} z<}6)XKJ%|KwpVqnSF+W%C^~36F7=*O!1+;hj8IhvbUT!O0z}$!N@utfabadJgVisI zZpG6un-xc1)-I_IFM5Xpg?&{pQ$sqOQF?GE-QA2RNGd9x*8F=@u;d_1v?-o?MOs>r|*5;JfGoxCc>cTg( zvQSM+$D@b76vIxa_QUexcKN41MpFn&x{VG>hN7atf<`VS1|A4=@;FixgtYtAd1bAg zc~mBa@W-1`N*)?%&yD+qVE0vR*mfS4PU0#FcjaoF3up^W3&!HSZ!yp$enNxdn~M;V z{oCm#|7}YqBU|evt;_8}*AZ9rt0I#d9g|(9&7bRwL(p*n{Yo*JWu_lC&BVjdm6a>p zwkJbyA46EbS+z@p$kQedQAF8D3$MFK<7V&438eS?Cqzj}LvQ`2!KUX&v5VW;cuAm-IHB;gX7i6cYP)gdKzj8z33c*kOTjbei+-AtT7z#$jnkEZ zX-UGQ&T=!9`za%Po{sCI$^3$7TXoytL|n{bbR0CK7mbvr)?yjW&r~N{8_ZA+j0KU` zf?iHq*xQ9DRf#08f1RW0oqS>{y6S3-k?Q(yK8lPiEb2^zl$QN@pH2As4c;$Op=J16 z%I2pQ4}JP8`VKG`yJ*`x0>qRmZb%5F(2Ep&0U`iZUQEz)G(~3xReW}Jd}EScvVy*T z#qq0uY1+|UelxH5N1+Y+x&cS$G&gWo_zh`^r=7R}#H+$MT*X)-X*y2&W8DHeYY%}qlqc5_0Ew8fWYMP(N3JvexDf+_EwGB7j=|Z0_lnRUV&gwDHMMKbtL&5FKs>BA|Awd=}4eMI| z9+}YXDJb>%n_sbJod6bCHd!5J_4)&R3S?GqbOYRs>TYRmDNX8$v(0(o@nH(cHeu}d2H$F3SWGW35bo_ zs??MGKI1h)!goEeYGh}yrx5RRTH}m)H=A1lU}WWe-SF7y`i#bY}t)S`b!=xescn; zsv_UR7%%okOXrU3{m+X3phU3QzF*+KCWwFdU@Xac^SlAzmqV+Q!iGThKD_zk*0*Bd zvcI^x2yRr|byUUgIs=VuRj({ghklxJGvp$0(-TJBpno)*UAkxOU)?vE`QmwP$3D8< zDOp^&u^3!ybAx-TbIaRu)JH>SO_oKx6Rfh)YWnn%4&!e*uf31=PLX_ab_Pr-UECR}xFgx$N1(9r#p!-=U)Z_UyE@t|K>Co#gBBIcy}?t!4^ z^S|&94bD{4jpcS~4_kLC{pD-Tise9WaqxpUU(;~5buGXYPHo)yZ-P2jn@=GT*5@k&&u#)A+N12#8_e`JA>4>OMP1wXBy|E{@<=T`=M<5Or7C*jlW2)+(-`Ea z>ra?D@{@w^9WVA)P^2P4B6X-O>4%q8s`}52zIa|Y%jfr@ zTyZrIIKSn%kK3Jdi5n;se`vfu6fsmZyq>)H#bZ;hK_7L0pcl8FySp9G>nzsC7qvTA z$Lo-zqvUZ_7Pb*y^kVHeH2dj6b3^$$Ufo}~Kz5X7Tdca|4)k$VTNZIGkc zT4Qs|@4$Ht1odPl*|0t`qk9{RjPmcBm57WSr&%j-+-v+0^4$V)D>;Cjvz|E+=Y6T_ zJ_UIU4L2tj?=`JAH{WivGN1FL_upZSZkzwIXx2tFXfgizaf*rG)utM=q(A@KV)Lb2 z-h}6D!DvPGKb-1|E7wg*qccenvxg5+L?W?|E+O8PRr+8}yR7gnCF8=o>&n{j9rK6w z^;^jXA#LY+mpO;cbU_fA5!%m}K-wZ!+nMNpm}#$gUv=6TKp->qDFo6EszbU(&t`>N zqpxHRWTQg1_jZ|rpmtWiHN|qP*pU15Z0koK$nO7LLQF zKZ62utnv?~{3(BFPTqNUe$=M>gIEdO`abYSKC;cS62 z1u42WihlJyKKCgB*J;CZ-w1l%{JMTf)^gCWKj-&adWE9C#P4reME2`wD@Ma+&8wf` zv+dyH^NLzv>b=Y~+byHf>&}`^h;Q8$;;YTDKHf~HJNgF<#XlH6w+~!FI4x>mGxI(x*znsoQ71lRZr__CL}C|@u=CEP$? z6u6dlTZ~odgI&|T2w+d)m42S*t2W_BZGoVMPec(Rh@u6tzqw9e*E~d^3lzm(9(jM;r^_aFwqk6xzh8~ zjqShH_5V%~{mA{lV?5vg?*vi1|JMXj*8iO#%J9DvM8E&`zkq)MVT0$XO$$W`ya+jor{R7k<(J$k#b?hhI;_7(bTeb2chgF=N<{js&WFK!+AXc`~ZI*KnT?3GI&$e%1 zU(mXq_Ecf(Jb!>Wuptwxv-nH7EtSF1%yqve)^rd&EDS2#f})m&E{4optX5lw4a((D z9Ni?N@T~d?L!o*#0v8B5ds!KGgCMbxCj(Rs7cOQW2>RQA}HJ#Gm1vtQ64*G6U zBjqyDJ&t%9Kr;{(3lZ@ggDi{@S0t_A(lSCuMob%C>1r$?)!p5BBSo#}n{9Bm5Q4cY z(evZK_9^EUXU9jv#Dl6CY?yfA%>(;@xqSNmq0<9|l_2n>N>NAH)8edL5CJE3%1vsD z7ueMu^~{rz{o%=EnRJ}lqCNc3n;1(|KlJ&JfR^zvGP2>LjXi@1JikUD`SlR*L;aw; zDPTQqQ8sp(+mc-438B-%u1WrzbA{}R@fIhAn9&lr{dd54*$Jw)IOvk+WJ~7bOG%0b zO-a=5Plr;j!`@{fy8^z+NbXh4XXEBz^`>O#Df@SQ6Dg(FudKFPPd&<*=^usc8>r-Q z?#Fq`&MoeNK$rPeXHRoUi#D>izbx3k^%ooe!2*5$jDk{6UnP-ETm=-;3#**wArB%R zc-*SNI78RPbTXuL_5wQW{Pq_s$jDxPpX|wZOWjSn4z=v!?k@OZQKmhqnZ;r@P*B>) z%oB9xrIYb;6QQp~#WAMW+M>31$0O7uEh~^+7wS&-CA>hq822KRPlM7^|HjD-kRo#W z;`1~BHmE`qBaUDhJaS#O;!hC-SL$vJi;`x1XwGY&kRzNmM;Jkz>^cJDum*G}!O*Tg zre-U>)7wGAc;-tHv2x^LC0*9BSB z?R|WDux=dh=n}tnkOFqT*l*sCh_EP|Ut7h9AHWl@Q}UjtgtA@3D>L`KgV% zr}JhX`L@s}*!M!3HK%w#6dh^@rQ=vh^AH=h9tcX-q{>$s%crRANp9%WWy=D~hI2B_ z!1%2>AyNj1ii{vBEMBeNg|U$XY)(*zuT$bR;-3`QAkPO19vxXrwU||GzIv80Xgo$D z?qXbV+z@fOe|>sQ_uvxO%JCA^YF&n8&Fq7SH5cQms9X071T|oxhgFL$9(%LU?RC$~!|i?2KL?FEZ1=|t zv{FcKIDbtM&iGd@?z4S#lfK?N4{MH1i71vXHtdw1b%1O(VC}7A?Xd(K>Yn8;IJuf9FJ9JoPg$0R_VT8T!L7x4 z?bE$=sgS|#mLNAC-8yt@EOGl6dK3k^RlQ@{HmwWvk7b|gPlOr=@o$6(?hlLLULc*$ z=bZbn=j)66=9zU#QumDAW7)<~xv4W-vIAbdl2fce7zmvAT}Cp*#B`Cyrq-?r5%_xRg8}rFuU*D=Zvf5D;Pr1y6M{&*nK8BNB_bFSauj_ zV%Ei#%4jX}=%kKjw`a%i$JX<6>$L`6 zm`{v~aiqA++))JB@m}BT=?0AyzgCBq?)i%#@r@1|k>o2cn|uv~ zIF3O^P9)nTzfiYFU{5a4yGfvEVM-76`7>!r5j-dUN%w2*f>K;(79P%1v_p{Nedm&c zh~UgsnLCmNb179Ogo)&WsnBa=FC;e{#NQI&aJ#|ZdL`%0N+reFf2K@*+^B1p_D4sx zbysOOI2?oajZ%$0e-uJ4U#O4gJV2U^Pl{J$H$G&{_Uc{#$cE6AXf7O1V68hd^2ihn zaD3&}JQ?sLG9!b@-rl~aGN?&D;gBo#^0kKOmt8LRCdnoFHDUyH4`qz=4KiN~F z0O;OmUC^1+dC7ys?bTw^^x3Er`Fr+n(j0%&p}SqFO#`RybJUc!%G-pxPWz#T;Yx=1jz^ow7;bySQ8rSh2yzQQss-ui1^(Qd5wQH> z)zaF8CuTk*eH>c{Zq*u;Z~k$Gq{7x_fRZ@vl>XKU>n|VstV&)14S}W4D&TPO<|$tH zPAhW`t9d4xq_UCL#DR4pk9joEKwPXqhP__ibGCx@OgDmE->n40KWNES@G-n!ZCcJ~e-a9LvSYQv`zl-x0ys_miuerH- z&~E_NQ@b!$wGSK9o(f?Of1O^i=480sD;Z(V8wbj-pY#}R?zjd#z-cx!kR%oOHHp|i zEgCOR37cx_>DMC~*))pB{3ItvHtaHSWuz=6`Aj!2`AaCF$xBT%QljbQh>G@k8{F!%zheu1&4cI0xc^1 zQ?7P~rovz&jN`4Iyu*Eco5^rK1bDA)VWgv5o53_v8=%@))BfK zc7F6Eb#AmAa2`_YHpYMIT(h6UuOaMiRj=MO$5>DHrJE(JB=z;|C!90B*S-~)hz?B=~ z%g^~*Bz$XgDl+RdOmw&>LqbBHbYosB!T1UcS!TTh@=EdrOkhmy%R*}3hYJMsrs`Tr zUu-cpLXv*g?3#3a;^Sq4dbqN;o8u40D2iEg^mVk0KUi*^NzU-hmFp0)y!}#Nl>;>< znPFa%?uAv6ecyGq=R7q0b#Y_hN7JCf3|6eVOd0h;PUcgqEAGKv-k@#}JpO-jq#)=BYUHt{012*C;k&GYOW5UzwnU zu`Vv4LtPTB8*h%CCX67g;{~v5_H#|iyD+k{DjN#f625Wu%K5LTs4b|%qj)vSD5ag3 zXCL~2f3bql4-qKfc9glwU*1KgWR0sYz%PW{)=*z1Yw$2`vsQj1!%Ikeaf^d*O9fSM zr*@QXbKqW`C0~!1ujPI{5E~XLRJ;{W@Mu+ub*gm~HC|53op@fyqY-_xAr1&`2IUlP&qg z&yaXdtegrAk@G^ym*|r~Z{w2yD-(maRne>=y0+$(0+WzI#KN3a{+sA{SDSc+2s6_$ zS+Z>!G9kFhYOeHQEkA(VXz5@*Iu-3PLsup&W@8k@%{7Ie=eW^cd^P(NtwiDPs=0mw zjUp$X5oxjz6k1ASFjDlWqYD`>`d*x$FMEX!;0l&3uUGxm_e zmXsV?igic(8LM+Zx68|)e+||ct+35$Wq$lG?eI8HiR8$5H5TN1g5+z5tZIc*J|1Rjf`x+KZbXA?30^@Kv;$5#Sea^TE)eiRu=%$?<`v#_08Uat`10=uG0kaaDDpWH`?{0myYkF5-e>&Gx&J`Alq9f zAV6j=!EUK%xtDNS&PDcf{&^?O?M{1My;g)4%_lqcV(AEcV*sGsZ(j1YDXc%$KFFbV zFX;K#jGyCYpoi7ohY-5J^>EP`4Ch!_Q&>niK`53&|FDIPH*F@?D^3rCqwasu=6re;`v;5p<{MPVYmB5 z_vLZhL8)hm`Q_PA6f`(=q9m1v|2z$C*@BduJvLy8|NYOCdexfJ@Z=_|UhDJ6EgT0Y z(h)Xt)5|F?`fJM1U`zXS2+jx6e3`eSXzEBV-x!|eDTOocpT^d-W z`1!G(iRB&tqg&7CCl+3@z4P={ZNrhY|Wp>L^_n11Nc{ zwFVnp4~RQKnZ*id^`(3l-iboj`4dL>NwWfF1&f<6PnIvWVAa;`mjZ2bbBhwBX&Is0 zNAhL-<`P=4TKChe(9CIBvh<{as=DlPfd>+E)5{%Iz-d2jvE8RgB*Z*rnM3 z%{)7Z?cQ?y5kW>KSF`8iDnW)Oh6%hxis@ubqu7CWdvuGu^^zFPMw=?`3yZU{**8?% z99gS8i>j{Jv$-gB>!k7+O=jU_TP}8Lw^n(oMorEPUK-{(@n%0Q4ae1&7MefQCL?=M zw_&F|KC*N$2jp}$f;N34Dq1K2(za%Q2D?-t2?P-ItllLrs@g-(iQS-w0JvqXQnCvb zc6!BxBt8a15xO}*tQj9E;DhBE2Rhd*;Eooal};NMd^gvaq(o#iL~ht=C#72s2Yj1p zlANBeUqx1LHHagn#sl+|lb^^KAbJP-s_k5>SB1YD=Q<>=2wLQAf($wnli>vTST%Lo z9h6OXkX)5h3(qO**T>w9ah6mf8&h>hwOU%!ZX{L=+N=p1c2qbuWtKm)-JH9mIv4r3 zD`ggm-go;B;N{9zGE{q(@SuV~hiR%>u#Q-;HxnL*duCaok#84DlWoeHKf_Eak_C7` z30Qta`$x0H7?pP7$mC?NWKU>_Z#nsd6O&Y93B0u7(b{caq%Z=X+*fVc(PD#lv7VN zSrSy;hw%z~z0RM!wT0kPjY_D1Zkpp+Oa4^MrZ_3KCeBMULz=lGJz!N$a-F7FkFJxv zer1S}LZEFM&xa1EoFs$O;b{%IN+OTxPxwatGc_B{1L;~Szm=cH%v$KtUc~53e#xFN zDa43HV;eKue0{U@#_0&DgL~ZIRv_M@E7xX~a#K1eeT$TJoc@rh-&y$#G(Avj{48g? z47_$KCufRygY=-P>8fe+P4hphZK`vv_OgzXIQ%u892oDa1wuBaf&6;m4@bqA1NZmb3b~vvb1|~W+Wl4INOn4guJsqxTZ)MUCjl;V znX26$dHq+qZ`iXdo~5j?uuy)^Gt%FNbjvR@LYy?H<{#|ErU~uV>_H~dq`)=BU4`@Y zd*}NIH6!CgD>2f<+K_dvu+ML<>ZQ0Z?9_i?zOx=D8Ja(LaTu=n@LvFFN3nm#@V{K^ z{^c&tA$mEF{jCMao{RQdgqi%IraiJA1r5SerPfjq(>PqnyoU;?_`!r7O* z_*b#y&#$U~PHX(Bm?*CLK+Xf;v&Tk?MgGW(dw9s(l|e$Zq@tOs_1l^*y9NDMzIeY_ zEo1O@_OwU%*;z28{)P2V)qm8|k%{1rcNWJn7|iM^^TaCjpO@;X{(q6=`||4LQi9q| zD9Ip^{r%BOTB_WSYxOLXlcv2r3b7Rl}k_7!Rjtep+ zy$YAhH`m|3LU!z1bVNEdcdBQlDf#p5cjK6xojTs#6L~*RO8JBqaoUrS)thGr??y{Y zfwF$`}egeNJ_k?A0wz zfB#yF_TlddtOrePrwpbOq;~h02F%RiVPC_8sL1}9`#gJ%OsLx4yEKKZT}UiwpDT`0 zToa70UdNB4h?|}Ye_nr)QduZkk(*RmJr{-?@n< zQWWXEgh&@5^depQU3}l(=kEQSd;gsu=XuUqPfTPbSy{7a+4 zKT(!dnX6u-PKk+8A)-(5@WLWDHyxrW`StSTaI5Xa+=h(@BPPU(i(N6=U@$mq=lI>~ z_vcpq6u9N(^>3jG%m+zbZ8j z&~0I8m6Ai408l7^v(dUbawZ?2m=Iz!$HOyW19H}BEBDD7HjEZt{ig4<|53?x&4-0Z zlm@%!gor*J~aK;h(K z=v0G&0UR#|_~rT=B6Npzc){=FuPkP>%dlEoYmi|3S<}nw zYOd<_^;LdfS1oX3hzaG<-wR=K(NqPAiHU(yKr`0o6cotj$wdR_WsuY|onaJiZgOj* z1u+M^UG&8NT+jb}w+raRjJTx(=lAi~z2axi-(B<}1Q;K2j1R9H=*Fuj_mvQoRnp#?3t#p8;ote`> zc2H7ZoA7^*lr12&!;d$XT{=v>IThJ3^Iz_ImN9ahk87aOD8D3WB;m|W!0FK`r7!)>mEr=JptwRPm+J7;;iwQNY( zkR_JQFJYi;FRowF9Vg@Kx$ky|Wu~j%S+aMj10f!u6%E8>c6z%13eV}#zbU z>;m_As;|7)DbjY5@6gVUC2U=;m_@-T&y(`2 zRYX{QNOdZeD(HR`o*a|3;RQDx#D-G95Hr6^BbNu1uWnn}^(LhFTDe2mQ}(zy;)i_5 zn|zY}JM(h0_3iNO=NCRC>}dC>tb~9efIT9Ws+ZfZ$hg&?lK0*=rcb*?2E`4l@qi}| z_ET>%-2A5+Kl1GbaHOmyh{Et`qx%wb-aiY%s$o*{OXN6j#n}J)-X*xZD}A!eJ>KhR z%Iv5(n61T2>;`@m9JmkMnXid3@~G>KOetUN*2^vmkXB}-5WTkfqAj#yJx5GNEA!^O zM0sat4Z>&<&JNBL49EP?snE_kL|R-Jg{pb+7;6T-sc5aOUzrfqEi~vr)?N%h#t7w4 z?+VaJ>{TSzwdk@8+lnC{mvx7AJEqx@6Zq#Y{095985-g1>5=$C*S&kJ> z>do+TrjK!#(~u>}U+ST{Sh9gc5P@47B$L|@dW;%pA?}HH+1B_Tw-^!l^+Yln< z689IOEv<6AEl-lTdlnud+D!B3_1Dw{ubJ~6M~-!`n%{sQ^eTBwVJ3lWX%@#CM6*)!oWvj znxS^zM9n1%+uVVQ0=D=$o$?6-(2F+ahNHg_+i`LJGuGV5pyzTtS7wg$t*W^A3P=0y z!*L;KYn85YWHVoyd1U%WcFUJI{YqUjUf!e?rx3z0aEs3kkp#$A#9d}}c`^~!lsm7< zR8L7eau;D#^Q9WHP=SmeHSv+>f3i6OH43Kolbjrq9D7kFX{XVpktg2H|4{jBqL+Ae9jZn(hWL zeO)u*OE1a(L~0l2Ta>CjbjFk%eaYuaifs9{w$Mo>GuS{4@v%uu1gu;N<76UtcpuO| z?GKk$x@LR{$MTrP=7*6$*L6?f6Xntk18+AVYh6={j(@gGC^5%ZGutMx%hS)htS6(C z$ik293{#A^{bkUW$|62%4V4I)DT;jX%iopW-7G(dmZYnsZi z+w%CYZqFX!0S3;;6N#g`_z65?z2wHj`~~WExUU}sa&(6L3*5Q$xxjY{qR6_Feo5&R z24C578=_U1Wou9e@MIXeq)T!~!P&m?a49!CT~`s>@>2fYFIl}thn$=4Pwo5!*zIe< zBs*?L^T|K8*?R>6)Fa{QL6hYRwk^SL3{cr;92Ff)k14JwA*wmjFELD6{9+FcyxP3d+2UM+u zVRa@V@@Qen9Oj;%q!&OOd4O>7G;V4x-7jrD0}RzN4Yt`+_v-aY4Ap$jUyCpm5HikA zOrbrN-{?eyM&WebUt!)AOLw)4KK;z$)iUi71s~@9+*NCVkXOFEWZjdM5%qdjI=q|w zg!@=SMWrq?c_l6fz#*wcrAT^2$tSAnp7u%PDKPUNak>fk5NBOUtShj`sd!$LigFc5 zRu*u{SPlNZ6cfTDgrU)#re6M73x$^t3Wu)r)toVPV0@1{+$5K!lY~Wsl(E9<{V$S=QJ4> zw9r!LM0nCMMaI5;(y%W$b@|qm`HZXG#O_z^pwnYrwL6Jr(AQ_G>egw#T(h4IVnk^9 z5*|H-zRTGH22ei4Z`IOKd}Icv*;R_0y4>R+E4#=X-z(M9E@(Z!)?v*#Xqh;@k_}Z0 zwF9{gsJvxW82WQ`PNUVfME!sfMh`S-Li*P%_3Esul)eaq%(eJ(5(3y~ zRTq}yvS#wgg_BRW2|D)r@7wi!%1$hWgPcR54M8zR5^iN|x{+JP6`tn8HitJWX1?+@ zgjnivD@Tw(eLasQp;y%>pN+SdYqKL~!Yq^rf00eSJe%SVqY1lKFPK%Nvm#C_6+FkB zl(*hi(c%%lXjXMFILmkteKrn*{L&k(Y@Y}{CW*v`9p=%8!?R_C@l1lRmkYq$6p~k| zBO5PzwPlQqOod{z_(hWjgb1R@T%hc`iQJYClSV|6Ec6p4Hzn_lnf5h~JJQ+KmsCx{ zJfJ0MO&)KnrD{(dC@~Q4_(cD+>|X&sQW_I3lvXQeuHKO9wy}*uIidiH;P9_9Pt8_! z*OvkvCs(v_R5AEpcv8Yi)&_5Rfl%_#lm@urysL5h7Sb)xVhF{`hvRhWn9@cWLgxi7 z6buR8Ot_>ptjSB&j?S+yAK<3yg5ctlu283d*HWT-MLK*J>5TQdm?q_>?Z$S{dGulG zRi`f{QJsHa>&>s(N>=w!zbq?e8lr0VP~NBYWe=dvM)~UlVJb=T?kSxyD63t^Z!)$bTT=!Iiay!{ZRT?4>~zr!+K{3{X1?#uSqBq zP5*SDipc~8{9WRd}d}! zHMswAFgi&T$991Ht5s>&PeFFZHLMu8TH+v%aUE@US$z>%H@7B>7glWwu;%?HeRk^x z=$}(hh%#VB-|#b%X!zgblb#-an2x>BivE1~^d_+}@pFYR!m%%h1QLC*=I_B)T8&VRe7hJS9{u8z`G{Uv$<0>zL3`fb zp7=4_-dJu<&7yT}w4LQ-yxzs46?+$V7S?n6y{SL?6|;LfjCSm3R9ZFtk2f}p-MzN4 zP?t}_*X<}eV6tq@lCOVA)WQpx&AM(U(dfS2HNJsYzdiN66PTgJf~=))0W?P#uto(C zC_}jxby@y>CdCMPF3{J-y1}|q0(}@^L&$5@9ypW!PNpgwvm#IH&9S}4?XiW#o!#;p zaW7@*-F)sI$XA+*bP-`G`(EAEhPnc##+rEit@#RtsC_{<c71+(^QZS6W9e-;#?+(}2Vcir)J#6!`X#98fPGR+a(UkCBfszNHg8jqRDi@Okz1*{40pdZki_ zb8Lv^B~Y2sW-Cfz678T5`Yb~MYY#u0HI)PL@S@O7e7(YWYRCu(Lt%gstq`dYouk%4`?Fe0M&LX;F8P@d{tT{ zAMvPjatF9I&i!7~{FP#Zj=sZL>)EW+*&i!*wHvQg&`j35ZW8We;;|Qj&zcXsKg$o5 zvcXyF_J6o1*&jX|$^bU?C{1A5+>Bt1#c=y1q>Y==si$0~|BxftaWd8aPzUhm2RvlnGi$v2`%vFzmJw8%T6h6}PNmsUIn3EBGXWo< z+p3d3i=ltXoBM8t-a`Bi#r$ruQ2SkMlc+3*P@5Ls(Jpl#*s?H$ORv1=ICj>sRMp7Q zQCePtO4~>%YJ?2TsgSCY1G^)W=2h>dJ$2MP$mDkuL+fp z$4|J6!gVWhmqnF~2nlv9#*L}8c130#3I!?xlBCNT?LscuZ_VL?*Mgb|5L}&Ty~ma; zQZ~(!RR%%Gt7Y;|8P^okt4$8hOWz}FwCGw-=sxyRJ=IkdOn00(&(_{JqKmEIDW8%N zgSc*QU&-J2X*vwd!m6s;cdyawZ2EsJJOj%=qFcoyea(y9E~0rf43N6RI#PE$I5aln z_kpykL*b|ZdwAg&2nTkFZwnvZ<5Xp_lnSyph%?s1S84U(n+I*SX>Fx8Y9lXv@Jl7K zr=W?YL}07W2?!)OcbF4fCHxhhxg9RgIspR*8C*nN?#u?t=XW-iZ^K%22oNI5pyn7l|>%J8;KU& zqR^wORwE2Es8NO*X(e9jYLq^!(Et4T!?OyZPS^UFab%B8v|W62 z#s0o&J6*t;pC;uT2%ZE-SVWF%prFd+JY(Bn;eaY3S=2?^2GkXy+j+Y}DU(C%CxK(6 zgJJ$&Sw>0I2EZb=Wbct5bGpqXnpbPfzK)^sGKdpCvYCaE*Gf#yG}wYLX-{p}K36{B zE;KM|jkIbQT?o?_vR$h#!=JS}59_O7B~U40E*ws)dm!fj2)z2n0H*w|;m%sYvrVf| zA>PqZM<_z#EmW<-Sk|ZrB#*W`{A@$~p#1|vH~_4VFjGpQBZEIhb}xQGzPVmE{(ZbE zr=Ap%yot zRN$A?)YMb|R$^V&u(L%rwu!8#RMqqN8$WEP#{XSs!0Rym^==hP&c1||NtB-6&*ASW zfeqEEP(w|OU(>%pv%f$7yX2AC>Hu4jzcIJgh=)w|6MV<%d~W%8E)u{?`uFilisAb( zHD~#3!C39twvd*?^jKe*H`OKckZT1^)lv8dlF6Bfj@h z@?n%>O~~+EL-#V%uf|W+B~RYa z(r#V*A9oc2J_R6R01_*J!(4_?yTS-=N)aLf+y|XrnCU7&nq2r2UVk$r>fgw(5zOI? zgW(!Z?*V8Si|GsFoqHev`v#~WLARyufBkqIqdWqILjBK(GYG)o-Q3;JE?xqwF)aYh zg6Qi{|BYF@d|ar$CQD4)`Mf>?6S!`B*u$~p7kL1|)LIefpZ@HeVI+N4@XBt05gPJ{!G1@gNOHfxMzTtwXad&FMA8{HJDHHFZ>*F2=h2Z zl%a*voPYuoJ`Zot=}Y3>Scggz-dg_E5k)28E8qyE8=`o1&0?;OiGYl7y#x- zS68w_Ada}cSpJ!Lhfi#jo35hI{Kiz)(CL!x-sg7bu zgjE!^JCOAojd4n?Z)lhdtg-UjsXOuVL#NI89eEuG`ZX1$IZwn7_)=4kEhqJir2pWY zwRsXh{7|dJffN%|G0XZyab z^YN|#OR>G}lp*$3jR&jB#R*LPxA_TWgy%OC=jU^_x7P#-LUJX(|E0Jx=-Ion-?O;; z+zfES9*~lgv&M8WW(^g&uZUJ`R5bu)a|v*{ZbaX-e*0#oJ2zhg4{5~q=a`_n_iNbDSc(7Q_UFmOIUPu(mbLLpAK$1 zqBW)gXYS;_+>L>u*O)%3XA0Hdb8yr;g^vaC4l$F0HA9Q`edZFv*Xa;W(K z{xlxm|E=)rnel(?ZswwzKKQ+d=O04r@3CW&`q%g8EMe)kp&UA^i6ZZ^vg2xX?wq8! zO|fiKV4q0@yhA&jlmq{^i_yyJ#xAqHcRvxdGpHZ&;k^5Mc>YIDwdC6)mtTmIKY!}s zY5Nd0G(I&Dl=CY;hgbJ?1u)%?|7p7LZSCZ=PiPVt>#N;OD{$-h06ANh+Q2Zj?DC*2 zhQ_ACg-Y07@6r3e9=brNY>(byQ`O*KbExy_bgM%u?76$ z#Kq{c3YOHV@PM1l#>(=-zh)Si$mJU`xS0ZpK>b zhdxdL0{&aE`9>8)4)cfrRdbulj^sTq-4bSDYJ34marK<=I(i)sONbksH!u1Vst_@1 zb`W2}CwK^n#U0K}km%;I{9SK|l{)XpUPr_zz5T&R4om213qPZH#jWR6POB*tgiZP- z1O!mu9THy~%TzhBi7EWkB?86jDa^!(;ET|jn|mkRiVP?IH+19hM-=o*admLSQeSAQ zm|{r#**%KWgFBSL4<4J_85w!KY|D0eSz?pp=MU1cs>W}DAYl619IWi+^8|^~v|IQ} zpy48uk37l%HZuNRI{M}7n3UX^_qDqXk{#b|jb4{1X(ibCEVH!(Gjz!BtWv_a9$oot ztSgC+cW@7}W`NS4DRf-NkpC3#n)wbcwqU|>vTp6s26NVFxG#2D4pkR%gV!QK@TZo& zb60C?_lGv{R7%&RNZOf0K*5DFJZ}pV=Neu!+ZKXa{p%t>OI1WpAdl^I9LY{QuJm72 zbvzVYYa6=My2oO*a}vW!`!PpXW+5}dEW*Jt&Vc!}Gj9X_ zcq})dB7w8E9@6K|kE=!;tnXK>exURLLX5~(nyQ0e_b71>3_uWL379poeE?jt+}jv) zfeow|=m06O2BKub9s3~Xp$?WzKtSh?AT1x|(KhyEq7=P`6IXcS*<4o1p?+Zg;auK)PDk}EBV z5)xePb|x;~tJh9cu`D~|3^2Ey=VL9zZ@Coah#fz@)N-7jXWGXfOHIj?p49{8riZe- zbx`A@giCgH3M3K5Aot&H6utG3ECJggbkd=%Qi)a)DLZ42#;~6rD}s3SBE)k~-Gl=0 z{fJ6~snk77*yhX9b5*vG6;vv`ggog3jM(o?&bUn$Ic@R{EZhmHNn5j5nh8jx2j!L@ab} zpeD4}@@}2oMHig?cmhXxpdwoV`gvOeP-I)7x|3pdP#cZBvTc=kDc*w`e2JKN8HWhoQ_mVG3f zZq%JYt9KkLo~ur12|zr)YW$v_G>`WWRXM+bJ9&qpic&p#bR|1;I&iob9yRT{iaRV>wr=enhSfH0GkjjuE|j zdWhU~70Y}e^$Do*qSlV{$i^5-(5Gjj*W@Zg_*kn_HtTKyO_PP_FAIeWjw~kb2ETX% zHJSAX>>hB>fPrz4#P35???)9wbI-8+KW_?nbPL9rLwkKU?rcd4cuTN>-J|FsiG2)* zdibG(#I5^tvHskub~Obb`WV@NEJL4rXtl&z_{6L$jM@2&()RW$$2YfJQK^R+5bWcs z6!)-(WA_u@&R@I@I7%^wLR+D}r|*@ej?V(7S}uG776_C*PdyfskBJFQnK+PtfeV?g zO73RZZh_3x64n(p)#kWQiyKV4eYLIDIe;6jW?0F!9^vzOisRhK$Xde?f5AVmk}Y!# zGvJZ`Gqdx%cb;;zsD-mE+p-&VU_VvQqdxe1j%>Zwf~A0cWkLYQ#SS^)eOqkiV$RqJ znaG$2O-k35n!M8b#NNaTmd#YLWZD@<*XblZ#LG=%HZ~8La+`JI)+tQSr-A~(@Lr@x zL2HK@4t+6y&Vu>&!nePsG`*(YG4@(JeZ08}ONq@bEnx5M9fF(;8EMEOnK@T6DT$;5 zhfHB1j~KG1L>ozeqr;211fBpGVckL7s6r!3INzi@VHRHaetHxVD*+^Xt5rsYJe7=Y zDu57|b0l=#XCLQG86>sjHm)eGeRFZ%A<_QHj4p3*exsY!h-`j2(SBt3@n|8du?StL zwGKj3;-{#SuTrh4W~zY@`#2@+@lGsj9pu=8cj8M1Z}EA2;Mdz{X7GT3cqP!YIspj= zT_Nz`xOCZEa>b{&nOG$Kr=iAVyj=C-0yz|S0f(w98`8w4s2~MaM3cmH0@0s+6gZ#) zUTY?{_w;3Ad5X`*7H(kc!=c&-{>m*@yS3%<dlDQGcf2SoGU1gSPscr`L#K3@4{~ z9lBNbMGk*I05cuDFzjeN&Jiz|x{0r+_2)#^sRTqmnAC7#opdJ9HSWY`F~l`?dLS@q z$xaGWY0}r_oZ#dX12-A_>V{WTw_sf^8s)yoWNt!%_-tm-FMIEMH+aLfw+OKIiy_Q= z6amxv)lK|Rw>p{Vt(wl`_V#>!Fn;^R1Bq5_1WU!>fdG3gllsw}&|bHRRhP5u9jwin zdZ|~y)Fym(E0Ny_CcWn;M!M%$LF0zDMr?j{F3IP;c!bYx;oglhN$GvcH8vU|b}%}Z zM>Q_Nf4c9Y(JIeIq0zk^I}0!Q4f2xv@^xKS6D_Z`Q79PSU{NJ{3_=aHa7TO zpMz$HeTB{Zi=6^br%ww{XKD+I|8Oou*;lq0IDhf{OFVZVvAA@!V(lH!8(dcO1ckOJ z+;Y%ORwcU^Z&VaH zinW`+6mE8f+ZGXO=k#v($Ac47rF?b8=EXRI)L$|fRByj7GfFPO*ei|y84W}o?R@;? z%Gu|m;Vi!Y2{FyxqoTPR=4|VTmKmIRg7eoA{%J~q_t&Y8qo?So9s_h|#v zA3G~LRxN|M{2j=rgbj0Ex{yb$3>b>ekj7dnLne}TFcO^n@TzsAGKWdTUi^28VB3-+ z*(@4IkfKuRCILP?PJ^t3{@aaTK0cER!^w4W@_N!qR_(f(PGK9-8BLH$n)}#=2I_<1 zi@qg;YCYN3vaxrGyY@+9HGL2*ijtc7ZDfsVLv^3WPS_KlYOG!R-q_UTjSK)lG5M8Z zn<9EOsCBU@uexy7EovT$PTCme70*9g)_K8eGwu9sNVGq}Qt!o1(%>cGmD5(CPNOH9qO=?mS?Y6p28Q5H2ArL7S{Z$2m(Bbs89qqdj_V^gysG>YZ*kd=+bw+HE39IWWA|b;e z9O6k^b@~WEVNCMp^sS}Z$Hp5Tdx__)$Z-n7qE`ITC%nyO_51LR2T5DqBV(WB+DV@n zEpiC*MJYJCzk&f-qo`1NFkq&sYXH_ z(M-&&Grv>#@ID4g7-bYc41XYgr%!;FkM9kdl$*UffkC+p<+*oE$Ul`=^BOmFp>g$R zENivkEswDjsoh9Km<#pzc8ly0(vXO-&aEYxw<-T8D{e}AOxQD<`KssERLyZPf_Mun zFCQQ?Rq-{|aO&c@9#5x6M9ZWSRr3xxqFb2h84(a_D4=# z$A3J2wE=l&h!tNr;g$xHd}QW#@y1dL(2Gz}68w7|_)i;ovF5ue96A&&tWFYodB5!h z5~qlov#$>Gu5z-R{6t0{(_c2Umau%8`4E@ipy;}&{ieOFly|w0M|ohUIadP8jjy}# z*u*hwbEF)|tkk1n_c}-Xpb9{VUp%h?LNB#m#9eOh+`T#}?;Q=dHSy*|?U;<=&bm); zO=*)jkxv>b@;x*JH}#03)cqtI&r2D{-867#NYVt0LSFD^za=qs{<7yY71Npp5=}?Q zs*Ak<(~jw;Z?{A-N*vWP9C|)@_H+T8V&#GrHpZa2l~qv8$0BxoI0G6lgpj zl@GLg7XCd4K74%KI=xVR*k!z?Vz-uSV13Zy_jh%k^*iEg4@=4l4bCJVD7Y2>j0$yo zcsUibE}o#`uJwnmYaLWvG|%5JPhWSDY3uQn>Xg4v1bsZ z^VSd7zb7%ixfR=L{sBjOcWXLDR7$)zuX$m#;}AADkE~+Pev%|pUaM~*oa$kF^Nue5 zX{T-T9B_NsdkNrG4LPI2^emc$R&0W`Yo_=Mm?uIBWz^|qg5OZv316zHXb_0{h?77t zawBny?ttS_mEJ`pS7^~V)$k)bvW}|Lh^{@yrzFnPGi~EwE&J|!obzymSI?r__!plD zzV$O!F0t{6IYF1R!Qh(=ibpR~I=Lb~KE`{~z=NVij;4$XSk~`BW6{RZT{ro_1n~H0 z>>hgIpZ&v?qCQNM{ zgSA@4%oS5!{QaK9w1v|QOJZMN;Gx+hZQ>~M#IewMtEYuRA5_f2-@Ll!0&~iy?^>`9(4!B z!z?;K3O;*h+iNFP*k06|5a-Cj=vJxU%q2(atyiW~XWHZt_z?-uYFQP%T@n zMU~2s|3I`~5P1%IG_YmY+pPOl0#1{YIeHlBuTaecBG*-U_7% zs}}uYS6VT;a8;~PcC4r7E#q3#ULwP}N^KQQqx^2@8CmRFa{Y)&^9?~QY`3w_Gi$vT zzI3SQj8BwX&Fq5aPmCa=I_CBp2L1w#JDI<)rfaZv?o(6B6_jx)1pNonmLkY!$}bGI z48F*{aOGos(QP7cVk13<&-SR6sg8kPQf*T5VyGs^&a%INrbU>O$+J)Gpfb<; zQ3FN|^mFF-NcSi6%A8r+Gp-9)o zrA$twRZQh_tMU2TuTs(a9vc_xHa_$AFI?k(N9l{)**^>fd)p4!uS-#?#+{xrOW!z= zkvY@9h5-RH>b`m$n6Q$AsW#?y+(*=V6eO+`vRnJ4x}6@)8{`1yvp6+8FuBtyTT()K zz%Og$Xr7RESCH;(TNKO8t|@o!!VnrrtR-W(@OkpVdiH%3q-07z7j*28%V%BtAf+zC zqe$BYF_bdept*&8Z4u3By;Ko4%bgUEyydWuVwx^%r?2f^58_dKV^UlPaAJQLA}Mz$ zC_uw)u`G$d+v$1DS%?q;q5c9t^t-?Ll8IAmA z?kOt@USwsgo}4!XUkVx(a`<_3i_qlGA$iJIW+*coIvI zcCYTw*d?f=XM48hBhvuv&d=<}!d`y$i@+N1!Q-&TZy7hf=J_6;&@LQm+?a`dUxe_; zZPt)gWbai~2U%KISC959#9sZt#Rb2J;P~;Iypa{laOe&7Tg|q!w}(tG#gk=~pwh0S zI~21P+uCRC`)U4Q`#jO=aNf(Bqx4U|M5zI#%~0~RY8XvTc-UP+eS;;_J)b*b^1jLb z4aV4iuxGRGPedUx7_xOg77}3(t#%3-tMli|5@t$#ussx0*-n#X?;4$C`Y!`W@u%Z; z2zC0OOA=&-@i(hpC+fZYzs{Qpohfwj%^YIPW#;lkEBA|uHr=}6XdMxe6TNDSDuWW{ z#+9$S_>S`>BwsZ*?%h9=)slR7wRYOq%~k#k}%TJ+9%-Mq)8 zTF_1(*V#>97QTLWBOHG_K>Bz|G$A#Kcj)U=!SK_JsB(b;<>%v5QV}+V#eW7t%=f4~ zmWE#o2F2~&ECSD0nu4o6HUmVAeo zyyxu)Rf9qL(TKG0v?pK~;Ut*9-Tp7%Xqe z6hQ;}k-7S_dluY@MeSuiUW#AMf!*x9-Oi2hxL>iPpsi`%RSaX2F@OIX5qUv{q0y7f z-wt+#64hFc#u6kXMHblXxpQStuiWK=M$2>>4|Q|*Zd;F@dBt-|fEkRlw-FWruk_gp z9Hu>6JsAsHZQ#+P%&pQthrT@f4fN@q59?Nhwysnt#m>G?SI+Py)r)0O3I zCU!|#N=EV3PKbFo+^`sumj6?;8IZaoE<(@>>|@IV$R)r7`uhG2hHh8Y`%1C6!uVNW zi`!F{H5dKX0E&p-?mogHBCMBhclCJQ6-HGgLlIP@eK{Bm%rWEd;_pFEn)oCReslO3 zr1b73i)yOtP>qq0JpCLGG@acvQ%8RBQaL86=z$PTZ$p6N%M=^bD&Wdv6OJ1NI?5lj z`klMX&L&QM#;mHuSQK)Pl}$zf$#^grtk=vCBfy^tIn=9PlT~Wgzk;#pgKr!s_Y56> zxXj05gDw;-jAUJ zV&oKl85|P@%|7eNDaHA?DcN1*D_M)m`-YHZ&VgW0MuDKz2EH9FE~wtbrtp>mY@>j5 zMKUc8 zHv!C7xsoGeD8a9N2)Ynb5=T%P7h3{1W`}phk~(NOg7f!F^VGuC?=mqXya(=*6&+u+ zgl!UNt-b4NL0;`Ow~h(lRSm#55yf9q+0sNEDak3dBtEr}ODv-#UE0~gCuWN+SvuLr zZBpx)xFdfK@>zBew;sRax-)e8?RbKnS+7}u+dzt%$dXGR36Hw#nQ)A(kuYx2w+yvS z+NS@MFAfjb7n|A(x_aw487sW4tP8M2pC$!s(>@(w^!zr=L>L|E_)%{xk>B`<^#%m( z9OzFpcMAdy{W5#E^$NJO^Bu_+HP-hk)~Z-9<y^OI`Ywd9s~@Dke0tTBis@Y! zv++-jY;~){f6}?K*v7;UPDo37rih=3pbWI_MN`q*qM1^9*}92>t~!T<+-$up#~8XW zcb~llBC%M!f&ox87WuMZ$EYoqvsJ~iVc{ppz>GSA&(+)EN`jYsQ z3&{*oPte*L!NIUh%=&mqJS<?&GZ>Biln%^%VWee`7gw zSl@C{K$LMYtJZw_daSamR*%RAJEvc}yDi?32n0cqH98SvZeJr3US;fZrrCY{6whS6 zX56b(DcV>~GfWkR$!A2h-`+mm%_@bI1yx0+r|4b$p0}|aW(`tLH&6_F?|7pJNAV|Y zjwfJhI9KD+Y;u1GW6q8wb-0N3YSGO>BMhh9`|3Q@bM!logS78#8HK9Ur3cU|Zrwvw zf6vuHr-i3- zg|nxOcOaqe0Q^dTI?9nQ+j`JFFQPoyV)}Zn9g)5{$%bb@o>-?OpQ?;gR0eCJza7tG ziWu__o=J0yy45Ro7%RrxuZ2v3>R(?T5m7#Hn)GY7BM@1l>M)TA3J66^KSlnq1k%ea z`r1Ji7}^uqv(#vumCedl^B0Qh@kF$Aff2O8 zngIFY?=@}n+aK7{WeH!Wvm4RFDADQ{b!l8Ex~pcGc7U?JmM(rMVM@TXCk-aEnM|8U z`6_UBlP`d=Nkt1_YE^y}oEcv2;zRuy#U9XMT8yDKa~I5R1qtia`bw6bVHV%hK4G zM>fVHfYrdpH|QRhUWN0OXUWw2u=Mi28lSr{w8J?Q#j6)LSZ?cHxsuvVRTw+WB4+7n zq3$bO4Kq$6(ZQ)Pn^@|hiy9*dZ`|P42yOoBoz@00SywYYRfJmucuA2;z;|YE?alms zPhG&p7DeY{DS+XzHFemimLbYs#IG3|YMj6{>)Ms207D=Gk;ij>E2m`l!Jh$5h4SdP z4TX%7=5NP!`?Yp4e$0wTp|ZUn^Xde_|Sw`cM>KYgek_jL)+4A>^4eL2b$qyjT=s_Qq2x09MGanv^+e#ZiYetkZx zyCsN_BrD&MDMH8*&KQomLU0vZ6ARsZ_+b*7JZaiw72!7zf+_|mnGYclL5!HZo0DSb3sO7LKY&36i_A8_hMJEB*h9_F#EYj^R-5-Y5RIa{4wfs#&T2;|=WZBe_75sD_bT?*a0=@Ef^_6P;xdiO7bMKyT@vkxfznu_N z%eu#+`blPg@0)UApK;MtVVso|8bCNe<_fU5LS~UTliig~sVY6r+WmnGgyRE+2Tl#* z>`G{3hWlfhMSEEnZ=|lEp=!06Nwc`bJ|0wtc=4X`WqhWe{m-o%sQda=+9??DG{ckd|(I!#@obnRi%_c zvGox)RN^f1F)lH5Rf;j>{&V0fGu~z@17~I>)hdeIP|;EG(c*tAhwk&sRXr@c577F~ z{>_k{LK!dqY8HrWdz=G z5(b#66Qj`7loxj*}gi~PF>T%YPtTh+ zz|x*9GAWyi=Gu7g>+3r{Iax9|=w4k)5O2t&Vw&EB_gql5?g$Udh&T4t1DVF$BVcZs zTIe8@W@hdf8Ie+w!e5eiLnSkcoOk{FWM34>q$Hi=(S&UUHs zDtfcgdpC0Op-L>!YzQP$8K?la1{h{~T6vvD`+EZc-q;Ytf!Iaj=JQ$Ajz(SBG7zvN zKmQF1brGi~ga?*(cCL`li5<+UTXJjg*!?Bz`Ig_49}iDEJ~sB%bkNO1lqOdn$gNtL zoHz3SVec!v;%b(CNk|}q1PK}-!QEX$7$C?%fZ*=I-8}>g?hXm=1b4T=T?cm=26ua# zeCOQz&VBDccyF(ju-EL~y}PTb>sMV})y?@z%?2g*OnT@yI=uiSA(<;!!?VKUqCZf&D`9m)$K zCfL^3*Pq@j)ljpH(gbt}&UQUPcwYcSpHoosZk(lM?+dj71t#Wi-FQ;%04h>8aM${P zZ{BnO=T&V0Ee6^{!}4=oYz&AVuP`3&+pskOdI*pmgg>N-P|E^xbMxNA@FtY2oF0tA zCNvvQ;dyDV_cURQzCUW(P04PP9AZ=fcC-O>v?M2?#lzmdEumqUp1w(@j;-{~8{hGr zugrK^dcpDlKLK&DUbt|$1bsN<10n#mUhoaNB_ZU%s;bNo@V8%1F z0L_JkEt4B<;}uTH8knPze(QR|)CZ)Fg!~`R0^9{33~-+-FP~h+Ml46@g0^0eXm|k> zvtA48{)b}q--?po;s+Vl495*`CBrfhT5Aul+-va1q}rL$*P>HV9pfAb2SD~~{-g&*JNU0%*UcHreBagIRx|8zi;eF`8B z2}$nI5Tj}w$E@fRZyR0JI9JypI>wt4&Uf&{MO2~lPkldfldUS z+pYn;hr7@VL7&J3BYKMmiOrL%w}et7nA7QxO6@a{8nCdi5Uq(4^2y1m#0$pc;zOb?*SqrNf%bkb}W0yFA5cUC)3Q=e>YUe|fBZI2{Z=$iE5mRmNO)Ul(K zLmPg8naUjnNi3?Az+uQs{k#+Nfy^V&nvr&Jh_#)vZ%UEnQD z;D6+c{?F>adcj-nknWCT4f6gp`p@(425J#>tv5=)`oV-YUm=8aZSxTO2ZpA4rj3kp7#6Np0>)N^y&P`CcM+`yp7RXO!RY3g znZjvxz0ozJS?|24^b;b1J-I0Vx3r3!h#RXqZuk>_ybJfPk~`U?I`{p& z>hwgXLZi*1k*j3+i94@*i&nGnfrCksdgE_B_;Gzt5ZpakqBZ~3BAvd3oiU=NrOfMV zUZS~bxx}Mr&0i+;f(psiiUrNhGHxwi4VXq+=^d2h(n^+Sw`J*2D4#r+%YwIxfNnYUIi-(n(IclzQe^JZmc1&hmE&fxvYYj_0=7kK_ipL7y{=;IpSB}vH) z{BL`l(N~iuOc=Foon%P!hu4Ir$Isb4~L9zUZ=FR}xKc{X3Iy)1$-%jN^ zTV)d(*(@Ir&cwXYya{V8Iw->XeH;d!yn9f~zrL0fxS5~T;n z$G*76=I|hNTj+V*(J~#Zp8i!r&pFPALYUhss>b^n2O?64tB5$@%wDh_nz zp)I`1XoP~+@&1*C>u%3=&Gbdy>St%|w{A-l!4Ib~oC|Th?SeOp4Kl+@ryf%zyHtDK zws%rr;7K=??80M5w)-XKgq{_b8WxK->tii@izG$0ee_SuBpEew4{q<+T=$Ee?DI-w z&cx}?;K|T47&`H2l4!@BTQ{vsmzcmE6O-8i@`^r@t5dj^`zG?7{mo&zXnTf(>-9$e z(y-IRZ|UB&2J#C4=F9 z*Ykkz@Go#k%i4uk5$=*Z5cn{ae?P)E*R+N&aQ7{d6}f2x)>d;0w~+{qZgi+h#m(k z&{%099?OqE@C0*zi0+-9?#0GiIUm@99U~D!;!0IfdkEXT2$Ci-_T)FqSuL*bTXw6w z8pCNm21II9$~YNF?#Aia^;haP%A<&tANO&Zj;Al>X4{$gJgGhE%qba3dds-;sV3%2 zmQd5lE23jSmQx?@atB3X@*?W?QQU!K@0+D?mk9B402ggqGlAe_4-wYV=0 z&!e`{^CCfLeM??Ca*aVu9l%F5y@NLFz@#|iH*8;hRYbmHZdW0=mzHH4B7bZlYuW=a z^E7kMUR*aPYVECOM0#RjltcLT4lYnHmH4aIowR4w4zv>Rn+7Qgr{c@oww)i+vGZ~H zDiWw9&AFLGWaib|j(0mz{d~iX9;tDZ=q<&Mqixi<^5%?WkBNj{K~Bc>(kT%9#kB2J z@zqK0DGd0cz3Rh(ToLQRjgO=GgAZryTbgmKLU@=ZMV3*)dP%6OE7b9ByYLRsbiXn} zy-KIG9?Ccw2v?ddjlN5!T`KQi=Js@0gf(}IHcBP-!^bbuZtBwRO*dN)Y|RU%+`Sqc zZ#&4;DoB;{UoPx!hbbOskQUEgW~F)T^vtopFTyXJC@0yjs;S=F37F2$daqcPYQbxk zMe8J*$SH6Z;@EPozpx}EFn%9&exLK#_Ui`HpOIqs*T?GdlV zVy#^A0Sy5j?{mvHKk&o~9|pBnvZl2Vx|gHl?+fAD4N7KHC6h@UPNq9i6!rQiN<{F8 zr~_9JI{n5x@q121iaq$3T|cCz^Ap?D)Wm!~xSFu`*#ghD@%7mOjD-NogBn3>#rcubL<+WcJ2l6OUX#giDFq##gfg}^2a|} z7mj%1M+2L(KT`zjQE=>i5pCjSL{V2UT$IbnaL!*_R(GvY9J}SKynir0xcAMhhw~q_ z$n|TGFMl`Z=(cg|t$nGLl#u;4p|YDloSoYQzg!*`ihbjf)rs{7U*DfrdZwMg^kvS^ zH>UW~Z&?QPM34v_4<-2wvR;L;o0V3gYxRwHE17#HI^WT)d&N$d#scWR5hp2rzXG^Bx(?=wJHB}TsVS(qIHaFC! z{OTx2{YT%0f}`W*QgWREMfNZsi?74(n`{a?h}JQl%dok@QZFZSBeun?t)~2U<5>bp zukDW34ER|nHofX+r76r;oWvO=L=cGX{_b*>L8Lv?^TO9h*@(EbG@4}*&!vdT+*Ur> zYV(62j*C#cu6wgyY7ZQSGcX82U&|YYEG~rMY5i2he_e|~iVD2Lo%eZ6;Ss2S)TW(JIEZ{}$6MgBP{tK;b`XgB;&$%1gXn+@98+Nxd~-yLVi zey?bgvWtS0Ms*=SZ5y^pMt79$%aR*0O)xZStM}TaU#Yx-UkR;ZgPo)2LSAjVCxop> zkC8UZeu>3YkAgROPv&r{B#z^S=v&OJYJS zW~4^nVI7Pke=`?sn|g<(p`~;etFVxxcQ-<4j+6hZkk{k

mFx5F85c9K3tvH`(|Xf>r}IIjfCW@3M#JB+K)P8Jjnvzk8 z{9u|Hu$Co0cem4upemRC(=qX`G>h_S!jtBP0XM>F38XZ?CpcM%qi-BmFg%U%1=C(! zBLr_2*cK$sc}v@#tSNgkH+kY1Ab5O0vz+a2bJ~4bQ;or+F59JTx!L8_lAgq-+n%0W zd*C3m?8)BaBICx;;6$83Y5s(BRAB=);~DscQ9J2#fs+~8R=@A9g-L;DMG8osJ57MMIk=v**JH8U&_}DK4lOZBdw;6MFxX;}wR;z+@alr{W?(S^e5%1A z9;PHey?e{2p*a-Eg?>~6mP0Ci&N}~u6E-Uogq~z(_Hvf^wqLn?ZA43HM=S-B_ww0& z;76SuhJ{BhzAoC6n0eLj6;HFGQxl%Iu&WO=-W&py6npBf+H<<^f^UDek8C1ckkE$Yrp0 z>Ak5DQL?LJ?NwWuXRrQrR@uqWsk3^s!blrtVLWLol!o$W&O$moe4fN|rFae5ndOaD zaz8#j^&-fmnMAfe)X?*@4MQ&LQ{3HrzVXkRz7=Cb@wkm= zN27*^BV=0At@q?0DR$2@lp3MWi~PUnqzCiggi;ZfA=udn)}i-EypnC=HT2jQK*JQM z3)o6i6JBIX&VRvIiZ9?0IEFiYG%v-MPasd)S#1H+THaks2A{4ID+yF25gq(U?eUl7 zuxT(x&`CARsPllh-FUnX9h4dKcZyt^?aLg_xtcMWYOW32s*cz6@<5rtBAE6x zR(c(Zs=LL{b7kOG+T=7G<$jEl@R2a|Y-O)NV`h~3_Y3b{jivZHN+L$BryXxau<(i9 z58LG24KX62@vJY6z{Cp$NYOc=wkSLv&gQGc8=S%O7>+-ZL~ioGIbc$yL+Yx}a#^S# zQ<*(37WyA%Pgq&%>CHPjPrgOqUht?VEfm>yFr;VFedljv**pv>(|gariDO-aErpK%yu5mU4%p~&6K6^I?FZZvSNP-(+Q zXe&*+;pSY}mbhK+1^wLBfI;;Izg)bIh3aFQ9+sL}zOxr(kaRq_!3ABECtTr>YEMPI z{QLY{!u&uy=XB4+vA1QdZLz)c-smS6x_w$&!j6k<{56(jW>RSxI{FlH9pa;Gb;`=Z z_;$zCE@J^0#fE10^2ceagLZ&HFtjA5$o;CK$yqPjGA-K=`?)ksL5AA8RX@Zd zKV`(KZT~Ffj}YulPWb%6CChdD#ALu97$HUdJwI#H-ZEjCU*3Jg4n{N*?==O6B&OM3f)--ICes#HUF#Aa)N^4 z8YNU?CX&*$pfH~Yznj4Q!vk>m7#y7$zM0FLt4IWf>dL5| zR-x%H_yX3~$&{?kWrFf?vWeT<;aN5O=6iR?m~gTojs~}CD$A-4rgnDl?%so-B{1}q zG4X+0&rW?12p)I;q}Iu~?KcqHf@fYKE$wI)9sMK3$LaU9s`+Xkxzib?u~hMA4n8G; zp{Ea+I0nT!`+Hy&yvu2GT??7U_0$@V&vLDY?U#lKoR=_-mXP*`s^t&Eg+CkYP4Ke{Ea?((@XJP9LsQcAY zI#Fg>7mdr@7+@bp_sqz_a*UvC*mqgSa|MyjoCFUgN!IB;2S+Kwg|;Y-Ji_JDffGvd z7tjw_A3b#Y?vJU#zMEnD)*PixTEU`}v;B4{W4}EtCiYdqTJTqr{m8NdGoWGiQFEW2 zBUZD+b?pL$Ia=O4wS13rYO@pK+~sVMX|3^%XOz{3s7a9Wps$uW@133x@8?swzV=Am zd40Sfj{0I+ejFz4Dw>EL)7x?>*$vzTeT}_5j6v^H9vUXHM1ejM7q-MLQ_n+!cm7~!qetE3KXH# ze0;v&L*4RC`NjL|kWBk7+;!0XSj2d71gAS%D^dGPU_)8=I+ zdoN7PztzH9>XYI9J9PlC1&_y?W_KamZs>19+4pj9}5iLds@CeGK9rUV!RiBg-$}NN(XslkI4 zifOcNq;G}hhv2xkc%Zz?s}IH*H%b82nw7y2q{c4T<*ci1lmCfROJxF4>BIBFlCQ{I zDAH?4sFD}*m4>+4Qs8f;8=-fT8rt-L0Z}wl^~c984EG>*z#ZCs&o5IhYQ-hjFHz1c zjinzGHOJ7u>WeN|Yhv3Ty9NS92^%;5Skp{J9Xzp75fc zMN`L}BR=C7a-g*Vlx|3`QLy!uLX{I+gPDHp^s3T~eMmP?i8b;ujq`-}lw`H#qO79% zp4`nR0pyyyfqZfnzAY)GuQ(F?3r{g4Uv}^+fG2mhCvD^4Jf7uJWFVpeCEuHS47e9e;_?(*=f>K{H1;Y%l8Xf1Q1{K}_o5=jSO1DaMmIIliwlWv-&#VTXBiJ3y^I5K`~ zEi~u)k}g~<=*%V|JRpv&ioQtj5U=~!SRU!Ip}mv#YWh7*XUqMxpwUoDZ-(g7atHc@ z4;(J_i_jo*pcU&y)ZUXl0}2jhq-Oxi1QC$-zwTAT=)CE_Q|`%}c>>xCmsfL+DJB+j z>GxgVT#q1pQEn<1p}3dCUF$;DP#9oEWpjp7T-8{Xn=&upSEQ-@d7(S=N9-@UsEG+7 zDyojtwHy14hLe6TKH7ISB~WOTwpb=DzVvf+}Zxq5Eygx?fIi)IHXS z-95uk9xk3cTSi}87cb{@N3o%Bp%2#ENipnCxuTV*3ny}YTs(e1E68L=aVqkeAB>QIFwPC-p&&`in};>Q1RYC7d&6CGy_ z9j9W&ok!iPF}l2h%-njH_2|JG_l9$e8%hG79hh2MQEx$eR#bo2c&mVZQ~m6SUbBNx z(X2#ZX0kIflK~qWnc2+(wumv50?+;ied5T!^MtRn4eT}4#^yU`eyviq$DGYWSvhTI zz2$k|-}`3jE0gM#8TDPoyJJqG<=^;)G%gM!9LCz{8g)-NyGDLA217aSA^G7hW6Eo!V6|@D|XKK6br6f8&)Z*H#KlyuBE-@ z8(M4I|NbpSA+(!EPn_B5_fn9BCNMv+A~my)`clv<;%_%ELd=C!gNy!?9E*Y_5b^^f zU!XHg0F07$%(D56W}zZDs(l}}S3x}|zfVr30%+_)N+pI@5rn5FY9b5+ua7(35pSd^ zS_FxVS0UA9Fzye+@mvoKV;yq@1Vnk zR#RxuT>FGVLko)pWr)A>ajAzEx;LtG{6@6LpR@vX&B>GJGag6nbbcD7PVJw$`buuq zxgcUej}t<`jg{nhhx%T>0QtK05ZR^ODdvmEEg`mJR?yGsmt@&JvrKrZ zX}cfYkzi5>$uJ*i2JNu(6C$8-6ge^WgQK5BnlkJA+da{(62o`Q*A>6wHuarug;*=) zXbWT=uoZ=+tsE@(?K;H=MS2p}_$Z(nNjrpbZ6VVn361$|=EYvMV9;sE&JORdWb$*cX;ul$8?okO{sg%wOh4W*v+^nPb@GigG_dU-@V=QI|!kkFU z#FO&o8Zi2~yVZx?jyy^e8rQ%vniALc;7!RRGjp1tNR&>o6a`X$1N~og$sRLTobnS6)q31iD>HVx1+1kWWXXQ7V7lB6^Td- zvN9o-rGFiTi}I!N2yg+JXRU8YifQQ>EWccj-nY45!lm!TJ@~^@xBi@e;?{Ouv4xbi z8l_1N=f$lYY^z?FQ!OOGj#>q#5t0=A9h>2&Q%rc{uk;!MQ>*5?@V7aexX?@XNs-wc zgy&bPjTi_1khhLM3hvzUUcfSR1__R3_8-cvBtY<|j}AD8`lJ>Cg#mw2L0h}K2?r#= zM|r2q(Sn95rSEt;=YF1usv#v`3-@;^aN+1}vm_~ho@0izdAjlzBLt7NA71li zoI*+zQ>ksH^lSrV0kR3iS{7*gZo8_*xp&Zx-ev7Z(ohky-u~@;`}OT+ZdH5LyLqFN zk;aY~XODHplOr`v0i~s1eJ>Dz>FQ<|^t^-I%>_Z$@UmNC$%9kL4OvHL=v*g9Ysu42 z3r+U2R2nDQS#0K{H#%CjIydg;Yp#Z*@}LP4!yY z?CcmWi@{r3Om++1Rr3DbDD%pe)b=6pxKeb%%lAY?L@Jb@@QeN(3or%on#?gdUiL+| zJ%=4mc9D`gLGjHnuPVe#F%ds53Eg|4&=2X4HKDubpPX{ub6ww0=j#dy>E~nmhM;zv z3)Oj!*9nbmfBnSSKySRF>&B7oM@ZA4ih@h^tkUY@9of!an`O8KiCjx`#$>=Gdb^xB z`HlyD;B^Gwg_?nZD}U{{PYLIzN%7gc;|lEJd68(;GzuPiyt&RjEr^JvC*XwR5K?XX zUKh@MQU8DwRZ~nHEN!d&>`;Rt+mwf{gLU57pT3FJ*e%g5a~eA`%VtAt7T7Rd|6vNX zd{lqgjsJ7p%TaAha<{gT`!kI4v{_k*W5I$!*ELvQMo>NcUGD0#tF8F9)IQ@)99AFf z^(5@xg+fkN&@3Ijv!Mhhl056)<=vl86SoDu`KEEvvTZf)cr)zx1-zc$*=3GZw;L-Y z7qB27_Iy6roVUMsIYF5Fh9>Gy{?;HWmIK%B5Xam<0HzaXhgin}y1b}ivEj{QSQHiH z-vL0A^~jYi6%9hRKP8p7%Qtae}Z=Zj$Vz?{gwBXA_=-CS40y1rP7<0 zCzaFkNj27&D%!S?*`Z#dU+>>QGiMIJRF?Y00gDMFszFxU#)NKGHtL-AuY=M{?=fGZ z_zJH1BX$Vt+j$BuX`4Q^n3&|$d?4_}!mI!E&c(zbwC6(Y# z)g|mi*f?QVR~UvE?oT%K)JIMyiPF#SA?(28VCe{u;V|ccnwC3;?`>A0&LM%2g^3Zt zp!2j*@T+Yzll5a{s^)nK*ZLiSGqlrlt&6quGzs=fx**|hgbtC#q_g$9)Z$7{&Am>x zDe(_#b3P~}s^QWk=j`KaM4VKD6W>zE94Q3_aVcNnX$igd?;Z!HLDP211(`wfCX#w@ zB7+7GBh=+TJMyZK_+2?44x|(PE-CkaArq84&-13ZxUt@$!#WYWNL3$O}3X zb7Zy%S$Id;xjKfLnguhW`vc8GRj+(adXxj;pLq`ER8mH-HCpavuS(DVj9F)!2}{4< zDYA?R%|Q|JO4;gp{|W4%IiLJmDKAMoy{s)7+$O)(?Y}_0GESrA&O@hqV~z&j+Y4{B!$*@#L9^13Nvtj?RZuO3r7g zw9kIesU=zE#@-xG2c|9;=IMQ+uQ!hkF3 zb*>=U_)$Bdeh#Ooxh)pMoS<;kqSzR#q}XvN8NL<7{{Y6kr6&yq*6sK`%SrItbb? z=}#)BtIJC$=9^xV zMZW1^T`VB7FXrat3-_#A7l{6!H*VQJBo$<(w_0Fp8 zA{BpOZ+cSBkD$9N5y4I0pV54Oz%sb=%y)@6F3Xz2r)|w8;`2Jzu7Jmv z3GTi{?s?WQDrBX7w=@Pl++#XlU(|AyX_Pq#I6!sVR&KGIqmODtnGb$Vb0=$6(J+Ge z=n9mby_&%p!Zpn=utMa=22v-K7*4u3TTmO@&Ki{*zbAD^Hy)8K1)j{;c%c#AXzTT+ zk1q@mU^|Kt(B{`IcXpX^6@ReuG@|F>jD~GF$tj&NhNAY&{85ooHZUJ|#3W_ab+%QK zPr?WV=inuvJF6UiLn!6r6n3oKHO=m$dvx*rcuk|4gb3oc&9GcA##7tN|8qQJ(st(sNKGGxuL-^~6`8RlnU!ixQ2LRFI*kLJ0}&MD z^Ck}$WG7P>GUVh7b{glz)3;!4g9`hvpb^hKMpP6f#xJJUyjGYw9ymdo)ZdT3;HaLk zvHZ!SE6ify{dB`}w6PH#i#F=CCR=Zl{i&;$)ArE4)%%hCV^IH7)+_=*%&Kq;wc5IruwCBx|i>v$VL&#$LoZf-+CcuE@wfNE4 zt`h4L%_SM(r~)8yFEPmt=f*P4yr}4qE9pLGPS4(at5vD-lB`yCfdd5VhIAs8lV;W- zC2AiBXLE8=Wh(y;#{KnxyczKRx4*FHy&rY#^QAo2M=eRqvHYD0W+kdx!?x#e2b zb@d({nF{!86N!*+XY&^+(I!#Hk+*mWO&9*KHK3y5V%!4&!~q^+@yZ)8`i;?cXXv)b6gU%ueGiYu;~!IKQ5!cL}~#$ zoGl&oQl$gN<7Mf?nU&a?gD9vuq;Cp4ZgF~8d0gB|J*auR2jzB`DUp37d=FiD{u=A% zrp|p;XjH-D+l&Y>h0iEgG&7-?byhu7MlJezlK`%DCuAbYYpMRy8TO@Y?=6nAqulW~ z!EC_$RRs;Kl=4hK`ZQJRt6i{T5e2UPD^K=EL*;r_KvF zzjsBg}JlGf6oo3p&4j1FWy}4AC|8y zj`}=ZwMOe%A4$}LqMHaff=+s0*9N^?5*zKi8>0Qyre-#KcWdf+%L=MFHlu==}B2V4H$;o5PvKc<{Vv+5gB5+v?SG2CrBOlhQ`{2O~HS!=Nr#n zyHaqF_?I1=t)^~~GplTw&0dTt#M~CSu6yz=(xsLfT->W=GX)0DgB=M&4<=T#_QmoF z8ifZuMAJpb_x7lrjo6TvOh}V2&X*93{9ayMu>%tO zqMeE^)l9Hs7|W$h65o-~!A(iwk13US!QM;FZ-l4r!C%fir*H)M^4fiTR?eBP8_s8c z&~Yi0n^L_sMizgG^IIF9wLWX{HHGAKNFF?&Skc^SW}ca6O@?gNF$2tar-PkjDE*0k z!}l$)1u7!RjFFm}p*>FeE&U^Ilk7F&?&nOqkN)El(heYJCARfFsl+}>vBbOJko*1A zds(It%_BQT<;L#ThpRzw_<`Adx;@D~`b>)_8GNmWl;$=wn-+zY6Z9Aa(UnU*qakQ6 z2yOl{IJKJVYe!KeghQ()OL{U{z>PEA^Ll5& zY?K;^{S{i~YPs4P6)Ic#{q4ZUk$&&D-h$KY;Sj2&X&*y_ehU-6UDU2sn_*Pb5wn%R zLAJ>>TgaR6AxpdLJJvwn-a$hMZ#d^Ko=`QmnE(ran| z8Pb^*sV$#Iv`$k^daT{`0pv=7|HNA07%abK6nT93i4xrJ-Oq`*UwrB>ly#ti=wZBv zw;htM>A3yrm0LT_X{c7&i$rgBPDT{%xU!cF2!KXjN%C>(RBj&d})&&!NFBUS@b{uoF+-NEy_|`S1gw$1kNhoUn|2RzVQjgXvJkph_QTeC`1}%u zl=Qgk(P2Z5<}~Cg`MRmrgU7(_{q5$50{F5iI>z4%pX{1`*HN%*J~hY^@@(Yo=5jjy z%Ce?=FQCi4f&3CZ)j4M=P?WYf6YOQ~VT0wR7xC^E`WO~8%?tj$<(}KG<(}NnlY%)g z5EB2390?=xw+5wMJQ9rx{Q2CA*n@Q{H?yEcdn@ICzJ`In7XwJFzQhBEI`5v{uRAyz4i63vgw$sJtrKWtb*T>gT%B*e`ODB8#fDS8 zBI$o!HXK?hpfyokuM;n%%kF_EI7x_?(zQ!?I@i=oFL$^7mS&@0s9Mh@bqZ;ubY96& z02&IiEr;nF_}>?V+q!vNg8Fg~#079;UFx%hJ>oxn`S1U~{Kp%Q?~=a;+`s=^kOXE4 zb%tOFHzzZ5#5U#Q!?&TKq*&9nGJ4zl`(zv(9HWB~>Jdpvl2%sQ8Oa|cJ}qftL z?Hm~&_tnJ%p3gt+VBX%5qoPLha1sSk<`@Jcvl9mel4~!a0A>0GF6N`RjRFHh3TPB^ zr~z3383Y2SqR^eo{sDdfN+fR^L7uUfMB@QTN1vsnr0m(&ak8?rf#jChZKKaoBTmX7 z13k%V=Z|ZVfuE1h1`(!M_y8*;vKydEuyh?06O$Q7C!m8^ zBiyojmnl2rxsg$$!GmT*gaL&4}DpB8< zq%A%^TUk+9)|{~-rqo}mQsJ*XQk8X-LVroxynzH--3x(ywpRdw#QdQ9IhmQ!X~c?p zk98O2_T)6&L;>WrX;`p#^h~o?N9pTi1_*+{sMQFmG#UT;idzEcD2v4$JMc@wcFyOh z(MPJRe%|~`73r_N^IVAbj*iQ=brV9tkc9ZSIDg%F5pi+jjAVc?Q8B=2F*bGb*f&dt zG9j#qLqlO8E>X%noAl0+>1lCwbwbOURgM0>mTEMK&U6ucQ2dnJy65s7hn%3b!* zbg@`C^T3GzE_0?@4_g8y-ehRrH4`xhoZP*YPBncWU$X}Y*y+W^nq$Mx&d%?e8m>`r z(&5Fq+;X3SiBw-) zO^pDZpE>#bJlNj;n_ng{yns^(PMJ-{$h+>Hgn_5pSAB>YjhFawh7>?Ak)%_3V~2)D zOKCYjMBxQGST{Ar1HI15ssCe@p|v+`T5w=Qu?-0P+$l(2S+S$RtmFzw>_iQ*QdZRhZNVd z;zp;XbqicjpOaW9>%{<4N#`SM*`F$@m#}^`P`3ix1J0JYIvtl4zw^WD+OTB-5;>*q zc!`KoHR|nOLaVDX;AoOya2GQQK%xXe4}!SKHo)l?T}_`)PW3qSx~q>c(ZBIyMjjb7 zo(>}Tvm}~~=jh@o)Vg1>#xrVWG&HE+RRogH$Cgiz=gK1MbfZv(!M3+2a4-QG(QXA8 zp9s_n#DgX+sjLLYNue)h)miA4xXR|SSOvv zp9n0mW+by)o}HfqZ;L1^<7#TAk3;#+DLctswj1b3Svf;%{t9ad@>;PKQUYt2P9JtI zt*@>$B}JECf3~0+2-8?c#~V-$c2~!S^$iw`n!7ozcfd1>|@37W;piw}9*KH9$ z{-XpZ#cUge;(K^_01~7N6#%$BvakSls?o!)^8ox$|I+sV`V*ODog0NGFLoF5Un=`w zH`?A&c>k?n|K5?){8dx`@oUug|EG&(QPw{pOLTa+3$pzFFSz;FpU-1Ar%o+W_E=)z zF-n$@Ty)j{pc@EeDFc=G&sP9E`M&_!^Zx>}f0zFM#r{o+f74q2GuR#xlY(PX)b;u+ zkbaxU@4}j&UjpJXnFlhaGjnqTN=g{(>jiUbYM4gBQ7qDrP*i5p*o8}!v+`i` z?%&Xxt2D{V1_zxDV>!-=fGicPteAilW{vs@u(2_fhlhTPEH;2k!`L@oEkYl{xdMd zVvXW2YOM7-?<7CbD8V)w8UWNzbXb^-c|$;TwU^ujJ!#E)A2=K^1tQ|&x>I-_ehv#( z)H;`?HaFjcxMTrgLXv|C@nS!GE>8y3B!2Da6Tl|i9G4Ypa$~6X1wfjLjV&5D#A*)8 zG`3XAw6YKv74=E1TN=O_F#y@py%uA)DSPpL{RI(LrGHR4Ep)OuvGA^fu)qA9m6fc$ z9mwF_XE50C`gA8DM?ziQUivHuP!Ma0dJlZ!N8#>r6-I*@z=2v5!+WfQiRxDNtpF@v z-kuBty856RP~~<9O&1uUVr4~WNJy3m4Ii8!t*r=;N*CbCfHc?L-5sEy$bnq&&PO=? zA1IQL(+j|-=S9QP=;&zV_GTc2dvs|@7C0dcV9P+7Kyq`lr#bW=O-RWO09xEC$yG*< zOsb@@@m5|sm*K>4!jDHvkdgULO(`*I*2ipbzOddIqX6>40kcDAcj6SpB_0*i+yL|m zsuJ{Qpg};aO4mjuCGGX$OZQ3uFwElv?OpYHI0)|@Xk^;C0Rc#UBwhBfka;N{)m1C2 zXI-aZU}S_DD%R6U8x@oV^z0kEq>&LNV?5pHU?llpnC^^#{bNl9Mm1ScR-;=Q<)}v| zklOYDz;Fx&4ggKu>E0l?P{;?UDvO)I$G}DSCheGfv_xJaK?*>Z02W|!u zbSW+T2p%c%xy(zC<~|ZcFfD^1t?1LKMT_krd_b!S+#Y4*P7FH0sU%KCXmRa@3=BJs%e%k?GYuDwqrTjD16u zwn`!qGXdgSmPrCsMD?SAZ2Q_Ax(SR?z`iDz_>0Ia6zYFX8S<-ZBfUF2r;8SHz>a2p zqS@@8_}3Z)jA|}+FJAhj(c$UAC&Y=It@Ma+!mg4%TOpOE!+g{&UaF(;DRRMEdcO*y z%nJfiWq|hl0PU&&p?x+cn?A_O%4%%Cf;Q+M@rW`1D;|;Sd&y7a6?)FT`UjHpoC%Xg z6#-KwcVkDPrL^Z4gosWs2e^by6e&CzR9`rwEWq52|&zbIpg$g%AJi9;sG$t+) zZ>pAwI7z(X{75P3g_(}l9$T!_}nnX1=H9IEUb0B%-ri@iEQY zKJBQY%CR2)DP(ACz40gDRm<3LOCk%iYbfxkmm(5?U*MlB%09%!rRX{hH}K1uQGaLvumF1@)G-&EfRnaL-fvrQ1y|tOcNgAD2USi0&41+my&zMqcp~ z6teDZRJp7!T_;(LYK{xxEu0qK2lJ)Cv>oHGDHv%pM9x=jYdqr>dZ6H7&ZO=Y<4bjS zy>-b&oSVJDZgmH7a#9-2a#M9!XAdbs0CwVdk01dO{>m`eGyBIm#;9@rNwpHsLDkiz z>uu6!EDQ-^|A6nxOW~p70jeAil$qfA0N5%RCg>beP(KdPEazxpt+C4Kb>Vj{>FH%( z53xfwblL`eMeoI|7V zjdir;JW5gS?mUm0n#`Aad-kU%bkp=@&MoeP;583@8Sf}?gLCHXGl$&a(J|Yk`hvB_ zvt3HbIJA6XW7tWytr0dyuMn3`0!%D<#QS?S*B8vU8?NzFa$v)^T+NKIif<(aS^2L+ zM6cYHakZT$0M{SjWPkqg{b7Kl!JEjJJzPZ10%rDw%(a_FHp5(26;C_9MCV4-JM&~| zwFF<)7@w^r-*3n;uo9GXt&80AIVII6sc1BsZ@=rub@?EaO=Zav_Ab(g%9tX%)cp6U zI8UwOt`y~aAkm=&h2;5O%}Mu>lZm;Yc>m4}c!UJ$Fb`mazRn%8R(jASauM zs6k|EsA@uGwnPhcjZnGvNJF@{IL1w^dVl z)c1Eni}^$#b&CNW!SZ-qh57?-aV_GN@0<(61)+3D#`CimWTdQ&c!>tZkd@u0{SX8f zp2hWfg7+OgSpDwG4<`Hs>)}>^ZkL+u1;oQhjP_2h))|jiWssSz-8>AoN)7h3iMAlu z7?$_BH!ha?D+{HJI-N~g{uF! zQDoKztF@b+&5_Sq%s#!$_dYcwIK@>FEu+z7%gLIOISp1s6rQEHe>(03iT*|U+o+p7 ziOT%A`q$iC!Zq(UA#uNeys;>i?QOB2N=5Ijx?UY06H}Q1IhxA*xxG&>j${8zarYv@-GX!O zzV9P_zH`<(|9t;^>-)`um8{I%qkFDBv+vn+`ABol# zUb!I-X!UPjPyLtTHY%*e+~aH9uU&@yq5JwiiOQKe(rU=`{^|M);Ub;ylflukb*{Hu zD5bhdE1>sQ1h&r`){eh@F&9eSM(}azwTI-LM`XQFd$th8XK4lA{z!1b45_>Sz2y&1 zUiMoL_(EMygBH530q!i1Edo2`jet8zTB=u;2-dX4;50=KqU`kLUrd{sOJ5N8*iWlB zQ+HB3YL(=%b|<5`X#r;ok{OILbk#HhI6u=P5O6cnja$ceCyIY(5q~Ey$gKdDq-CPU zb3^%_#>=*_-oZOpzG7GdJXWV1zrPWA9GF>q=J?qAkgMUS`K1PP(0diW|36<;K95b7 zABJDvO`cilp2kViiBi8_v`d?8>KT5;W60VU-{jOuT+2DUJ!yLF^v4U~1#UK^xsY_5 ze?-xDdkFgNQoE4PWglzG)ScL)6FcSu`8S0XBu?|6?5BM+yZ_@)Iwh~BG2#=I;6gG; zC;i0w^&c06qc2<2b2pn_y4T)m^5&chj#WHtF%zsv$*T6bUtQ*CKi<22{oze>nW}`a zFr`)IpY84Jr}&?=ejWbQzpe3NKEB!B;Y}jSH~FDn3N_B<5hXe5XvKp;pg% zIDDb|gG>1e+g9*Kt=pV$o{z1|HKEoD@V)mgo1<10^T;UheNLAN9ha1;p4Q`t0m%ia zhG3D7nVg*zm+6|0Iy;?3#cpyJX2n+>@#W%PwM{R*+Pn75+=GwYEZE3ZDSi;amZHHS z6Ha9&nUq1o1-I!w&z)sh%U%WcL-rwOsDMJnO()A4>8y*I`T8y;fHhTot(- z{J>^Rxbl?tUM8XW?02?@$&!WZhHR(_rPbY>-`r2qE}E1gXHb6Xp+8e z11~D^Omu&FY?^=fG>@;e{3v*C^q(`ssk{fqU5tlieGX-9`K8>ZV_mzf()^dj;Mloq`1855oNd<9$i{|Y@BT<#+Y4`}TKg`>Q zYVrER@v1}?WJ&E#0Z-zGOL_lqw!BA=y6G$$Pb3G+r@sVi8;$DDCSS?K*;rqwvOu@w zztU%zEE`omTKo*JbwA_N_x~8gDv<4M_jAE^?7b%qqb@? zx^Mg$)J?JvA>|w{vU6GHf$MuQg{#|=-ph`BC-|H~_E7}sx5jULWD$^{oOjPatgy_x zfspIzM8e#o4v${aM_31bp=g=3y+0%N(d}05YhncBtM#u4`azlO>)JM07HWeJANlXx zzON$rxQXQ|!!1SqBv76ZcV^a+Ai44FVexUn237VRs)Dy}r8v83!Ace5>W+e|u!+L4 zLgS$*@@nmSUslHSj#n{W_6Jw7k?=Es#OBPt%wT@+VDL~Iof$L#sF!?f%vj6)u$+g) zPc`j~y`%dA6+-;d;qAoi{^Hu~hmar9%Fva)LR7gDQ#D+KvoPpM3L<8Vi$k>}lm6WX zGaBT*qS(b_kWJDY=)P3?R8^|(I4HHC)XH{Dz*mEi?ko5F(PXFQWXI|AiWJyYA!vb= zW=_Wd%#MNFho!Wm(x`+gGbT!FXn9#4yDOyNykza}PT*^j%rxIWICywCA)uaU(`fty z`gE4r-m9VF{Azll&4joVhop9A0_AE5_4Q=%Cw04_>B?c-_8)eh{i-*5lKE3)v8nZt z33mzPn8^71uHHJF_d>jR+Rlpkm-(%yiJY2(N6^Dq^&#>hLPcjOo&4HUugi%iZCeBF z_=+4jo9~HK#Vcy`H>h~3h1>W5_IN347QB7@LOGg*!8#}j7h-BMRK=FD*Tc;vIgsHc zKBU40bC?E?pBrkd)&|8=XYHb2YM;^IMl<TNhLWlTd3^jjFeCF-~&+ww8qphseNK4=4UDIWd zK>jNI%m50w7X>Xl;)AGE42l??%|K*wUW>rH7x+j5yr(6JgjcKGIJE0a9`UO{&UP3U zpowbvWrV!2yp{zfv(DW5{Mt8y*UE9_3rY15+lhD`H`T2-$0;e*BPLJTU$0`AEIJ=oD06Dp=EI&)M)Rs6cQ3fW&zq1PpmZ6_;)2dXvKX+afD2a9y5X!A zstjL(UEL}MKfN%JtoNyA;QshICC|Ox5%+3#HK&7?!GA^~Sg-oChJ$`_M_PK}ThZ|H zb%Y$KE$y@XW&QJ9jE1c?S<9vmN)(PZ4^B`?IKw1x@>+!~N>&?0_oQal2J1rxeh#mb zbMhEB2|g!(HA{z#FsT+MQv-ivQD5B&E{g|OyUwv%|hp`;|j3oE15Vk;yx4JsAMgW^Ipo zq(BJW99%S%63yct>JY8d2PQxK4b11*)K}Jl2(&efE8ws?#Xwseh=8q?EC6Empb%*YGjl1JU?YLg(dTs%3eQ>%A zX1h3`C%lJG`ONUsN%vcWYSv>vl!9nn?nA2%GAvhwf8J{^xJMT4lXafzIr_`qyuheD z*eh`CcZnAzs{>3oq{33c*dK$H&W>|YRSu?Uqz~^vxO|owT0|?8AE&B8q4eu~U!B@> z{s4Gyzo{i&2@ro;4y`#I|E_rc`y_3$@sIiv}vfI0Hj_KS+*$alrWGf<^ZT&0Lab9k5+>v>7dX6l2MvQWq zwmnqQ%||RtQXhR-I!PN!!wfJK*Bd$>r*`Pq%j~u6u~96OK9<5g$dfSc(Y6fBE`x(a z$zqt9=(%~}J@JAPl>=dxbtS6J?|bF31rqix1$W{H+u|2~bUPXcW_&|V(Wdw1p8I`r z?htn=6|OrEjPg4RRGRkVaOYXs$N%w$oWLI;+yE)c2(dZb&DoIkupjv%jum8WkN513 zr~YtGS2T{W@Qf3DV4I*-KkyBgQDGNi&@Fs^?nH1}Z4moCeoGs>8$1^nS)gOWve&a~ zHq+%5=edIUkcrvkzc+vRgZ>XP!j(o+>Drf%XZxM;obn2{e%8Jb*IUDg-qattcwV~c zAkb^}Bj&1=*~nld#?X13bza#sDRC=-tQRm44@B)gDT=1uEi_*fv*#gg235J~ycEb4 zuXz1|6QfbaPSZbTYOhmi$hL!!?;3!Pm+qXFD&70APmfob>OlnceCUjUQ&$Yg` z@r&lN2(&<=4r1hyTiZwiO>@Nfe3{zKZ7{%`)33KWvNTm8yggG^ura5ma?2 zjkCcxEm<;Sm9$_Y^m_Lx1l8(sti6=TFZ7M=lN7jw;}}%6N)*my)wslu9il?&hjbw| zGL+b$Ojs4(!3qyakhn$(3ZT99`8j|lHxFWj7x2d*#|B1hahPL}cLRitjSVDjp!|`z z>Xxc%q?q4i-s|~V8h-Ql57aO2(@UK(+Su5{Q~j}K88SI`+~J~}8DK$H|30qvj=hYcd&Or&t~HdOomUMuzmH3Y1$)@v2A5-cCcK}8eBnPZ#dEY4X*y>V=Nulim3)uS>w(HQ@Je9oAp!wD08t-$##crl{`P2 zXD%hkN*=D%4RR0dol>LbCqI#0ZaFO##nw*5Fz3o-F479OI*D0~vYO3ZwSVLJbg6S{ zBYuD9j9l^0=>qr!W!-?9{6oFA7-_>i*!6UG;Asuj5n%%CWY`Z zIq%KQ7uQ~H@f;V3G0Z-?CNzFJPqT5p6Al~5s+Be_f~!+nw|63y)FpFOQ*RG`B&=;P zOrGf)Ui_R_j{2g+IWup|6|)S$?d_3x8S;q8%M^^BBRR6_Eafip@y`^^e2E^0XzZBItP=A|*#3?eXG_BbiCN#+3Y~CD!(P2@TZU32f13oHHd|)W4~$zrSEJ9X6yV zE&x_G8V3z=_vePGY2sTx@vdwrs$E}#ZnqIiUihIaeEa%5vI5+Z$;h9r%4qYKna(I8 zYhPp^T(Gs+!myxAdNe16J{;@G2R2K| zA#~r?74C|Wp=2X*Z?~o@jd`LU0&Yxs&h=wE*mE8$?ihRKZ8TV+?u>p3EuoOYy;bw8 zF>s_`>o@^mDY)ZxtKZ=wW&1>*Y1S?zWcgVM=o^JR+$c44V`(;Q}AHMv_Qro+=* z=-357Uu>alUtI?l`fZ<6(kE{s>o)J}s4nfNi?^Zm{_}*_nf$BW?F8MnMn}-S^U!Hm zWCc{q?S!W5e)ITQqYqXhu`rmEqF|RGm3UC(I^;0U4RqT6T(s2^npC^ zau~|ZmD4-Kjd=31~yXluD!vsX;)u(9_<7!nW+F@tu(c_YStk2l+_eoo}Rj?LfW+N+wW2O`s086zHnFUdt-E-9w0{@MYcm}uj%8teCmxSR()RM^yb<)C(z55- zefY&cD?y^p5I!<2O3>^0ap~>JWP~c##Fb)0Y-{9&zk*VFMv7vIyNjZzJir7KpFMND zfE049s(l2~-dkMg@ZPwtoomeI9froS)1uuIjh(SJ8$_I@7MhMtPMkwf&CS*48Q0CcLmKvb$J&?FbvKGLRHam8SjVh1%ijaPW=jmi}EC>&oza#ZIn*vM#4i{K?1 z(mcdC&B~np0?ufrtq30r(VU;&h4BKj<7WHk9bV=bAIlg{9Y4j(k={O3uiEGoRQo2FzswU)>Ph+@wbW_JqRL?mRwb53tM;h zt*#q(RgyJ02SvgT{}Uq6BiH+R1BlO`9oKp;&n5sVHP7qxnWr_@_PZDnH^j%=Bn$1< zcdf7Xmc0@iH)M0{G_zq3aNf>FA1colZkdYB*!5-Zy`$oiM{#inp zTz2_>x>{Pax~Q+e9%d-TA$qcV4fhyhM!UnkGB9&Q9&i4JUuZVXcDR(<*>iHWKR4jI z{QFtUoGKyj116c5X~ZkRT%zy#!A)}TQ$BJG9Z ziM&;m@AwYH{p_l}&)7>I(T!4~bP<6#f`E_8*DPA28O;KU#B;1x)rt5m9%i8WmE7X} zNsg5c!dY?`y8G6xORrGw`8-J{-EB+8=yXzGS6A1QnQ-Md^iH3Zq!d6cs*yzCqEN@J2ef!~@8@0A`4-Z&sECN=eL$kU-(C+A7dZQS+Nq6~9w()Wmd~pm zya7)@A|4y&z>;nka9uBi?$#UE7zF+?>`zJu(somTaT;@K^A4>WIC9;z6Ikfx=^x)} z$OvXoyxRckRG&UF=>IvOuU}EfzX0hrrfB!>!jV~Z6K?SMYGZJALmkwKSFeW{%$LDM zgpHDL;cuEN)Pl+KOI~or#UfHpCwyW7GXt{@)XTG`x^VaqUa;_Knys!n2sjL^J@Iy z6@G!mO*Kp@4E2yp?T72@i_&TB)iZMX9G$zXpLcGV+2h|!WCDz$dZ$?)<<)K6?eSZY z8{@vrQpGzf&Tz<(lC$l!fNi;X4Z9!7R1CX+aK*-S9%_}a?l5s$t+7m`fdsr*eYD?W z%|l{4K!2MKq&2ppbLls>nggPe7OaSR1QAuQ&7NW-fcP%k7yHEMYxg!hN^R=mn*`~g zp~)0)$hg?P;_ZuUPB!Z$GenSX(mGGi55M~`R_a`utB&!2x6Q0%RB~KmXwlzJ3xvCj zGwdC`p_-du4Yg{4J-EoQ#uuOPG+#8xuMZi7+oPLUPID2 zi@wKU@T0bI|N8fXlZ%yr1iRwZh0mYC({E)gaumK@qc?7gV-?WIsUt^saQ+x<6sR5d zEqb150^ z3`S4Cu(XC>b+(T1c*`#-n^TrEzCXusObd`*!nkSC^UA!|?LQ92#m_m8Z$sAx-YehF zHE(%)JG2vfn$6=Eh=#DW5~9t=Z8ms}Gm=2*^-f;#aO$SIE1T)!(!A znmTOor*?ZiNbspl}T{=cLOx{z#3~K#@1$#1byWwZ+Nxns( zOqUA=uKke(N6=jQ?clN1rWc&faAvj!PP??aBXVZXu=lE6nyw!fHSXe-$l!0D)giXr zNYl6n><1t6Zd9eyBA{;8)n`N!yPz8{T>d%>P=yi_A1Q{3oDtGb=b+any|B$UcGZjv zx&{*6zc?$v^+jy-p(FUyT`b<^$3q5nXb@&9cwED+beb!@m}Edw@2EqHJmq$WYt4dM zG_UnZ`Dx^uFD~pB1Bdn}|3C^aiH_qi?e4HqK}v0q=3oJ;yr9t}Lq_WSb5kB$oPdS- zBB$dz!}0A(U8gsh6>xI*+L<|MQf2PO%&5jZbtD&HaSN5z43iffFr`er z22DMSbn28k+m=<-bU%b(m;7aOavBCd30RHapt=~jJjttf0O9S2&6R1XcD`R#=9m&G ze#Ux)(7VKLSy)GQ2)k*GXh%FBLT$<0@Jx+uBGhTPKvJD`*b>@i?1%lEif>U5*{g|PZKY?k)4zK!YVhSAnhYD#VQ`L z6&vkZf9Pb5XcZ4Q_*V-{V+=PF6G2udn)b={kj3MGx6a0C<6Jrn4NASTS;k97K7*^-54CF{1`;9@T~j8agxZ+xV-Exe6!CMxv9}UOKb4O z_U5at6M0vZX&{5KMt+JY(E=)zY#VCbS|)xlo@UFFVTkd08EX(?o>tO7&5hX~r_B)| zmicr6n0%J{>X1Cp#r`GqaDxJEm^f9o5^iQT;&uCN`Or0Mc@F0B`k)CTU#*38zb$9b$+iF?@Kpm2Jb-3`4QPx-?AWf*f;npSqo z{?X+6)_SkLxCf%Bi(GNfu3DHot+3-b9PQ*@f^y!)qMH*hciipAjkqpzaI-+P^iH;v zFD&eqi!uhch`0gCik@1pboN!s_Ss^wn#fD^z#1zA|nw?i-<(Me=D! z3mcjDv0k>P;a>LX4Mb3?@%5EwrNWLq+QTOXx$$^>CZes2tFu3J&{t=WB?BU)T7}sX z8JNKOD~}3I2SpO z7HobYx4$+5lI_Z~?@I#=!50M@cSMc$! z_4|i#d5N10C6$Wo$bBLDoSv>VFwF>BS?3sIOyTH!e_Dd^Sy;Z*>ip*a;z*+v{Gyir z%c`_2Ju^aN)c1tFjEl+iE08NdNu5m!HuDlC4w?PbQ{ykhS}I z8@^ukS`;`Nuk1BDHEgk`KJq+AesPvtuj&oPMgfBR7|P(KFg6C}y_}x7f*W-bu1Cgk)f>%nIX+ftW5A;HMjLBxP%#)cnaOcP+s4vyS*7 z8OPQwByfThdT??(G*MIG4 z$g7|4J_p{n5#3%?MPla5q0$%c@UG$g90n+6{u7?eeRu~so->H_EJe~f`!24Sa(8lU zu2~X4Wb`}AjG`CM)p*}@Ga#^-hs%CP|KRk&ivJ|-&~kjeeGdYEB`;m?U_d}i?iRqX z=WvbbFW#1OLO`hAf2dHxT-Bm4tbFLN1MwFthi)!R+skIWI2q9kSCXzQIC-1n;c*+U zisi4m02NwpE#TFG_HFaIod_>rQ}#W;r}y9R^S0AxDT;?j*2W^&@d74*t1)ILQ;~Wlj&*_nFnzx*;$3-2{4XguKkJuC4}hyZ+6J5)VK3*&3;n z)YX6{abZqBANR*}K<;?gdNZB|-P`v!NI|= zYU1G&pIrDxUyz=3(EG{>(?vZbD`3fi{{+egzA0CEYV~;>tzZ56HSYcSm2P=F{F-MH z!pfSg_g=`#1_3AfPir{v@b4sc=J3|vHk!Ch|)M^q&HKRgPSNrer&^i%B9C?Xc(XT!?V*GQ9L~2$NT5rjOUE3 zSCa=s%^MFWfaCQ;&EX$}F0oxU*48fsY2ck$O&6E4@3T(EBGzA()zpR=&-(y+qT{^+ zN_6Z&{UZGMr=`7XVnJ;4{p%;SyWK}@$onpoF__(lOUOmME)%T97 z&bWfNEDMxNdd@gm^eu=0*LDfNa$gtVXaft<^nH2BGc+=?c6Lk@_FR$lK)7(IV1J(p zaH)dY+ZXc~*)6XRx(Og?dIn8t_yEc z7&BE;UM>jm?44iW8n#4QpW)$cngbPIh)a0-+cg840{inL8rRQ09T>swpeSvF7BF_E8$YbDjO}sr2v~ zUX01|sRt=A*?9f|&TBkPP9LTmz)Bq^Kt2ySI27G6#mHpWR$vO-I5=nlGDt(i1ESmX zr)-LO40QjKOV_-EU)^7If6}_uvboU`kT)eY1~O?W(vMf;@f^U9>9l}Bq@hg)=EDr{ zHGl$&n05c$5g2(_g5S8WfORy}KIHwk@eTd!f58y&S#{%o0hhn1o&KBV-qpY1^4AYB zcW(Zdsq4S70q>stgK5A|tk?gS0{>0(c`NYWxOVe@iU!d9e`|*uh%}j$>Ubgl!W_GfrY36j+%H;kxX9KKSb+0H7Z{ z;c4pazo(_CsTsXa_gmaPF91?D*0*qN6_`7wuZ98r;AOt_TY?P#*N^D{tl0!|=WFVn zoGf}J2nucNV45s?rm#;D~`14zkclO`f5=flkPbKl@i^>2* zkY*!x1IX+Tz&$#bi-KqfpauIoP-W2F4&_SF3CYNF5JU4Y$n-|eI0{mkv=zwra+QCUX5a90<2I!o>!{jUv)Z{&YRc}f&TX7y>rjS>H1vNEZfa~{a31$=4 zIJ;b(@LR(Iq~@I-yW*xi3UhLF-P{hso@YtctDkn2IB~Syxh)@`B&HLq0QrSA)+^Pb zynmMiECaT_jM*sxu+wb%;vw1U4hQRa&B~odw$h(6I>5Oc094^aHc(~da2i@#^2q0a zR;a1W`R(}(eE<;^VL%#9O&C52O*Swz1A;??<^cFiy~PLCu#mM4hlT#|*N}HSzdavQ1*k0GPfzbVFv0)?xgb^O`(pJ=ntHW>!32Zjl9G~Y%z*v--@ybAb?El{ z$_DS*zu|-Mf8YZ^>HjN0vn>tp)>Us~k-vol5AQ@A3HEwe2aVgb8CoU_e@@~slyRNv z4!%PRC3k-{#mbvhIe8w1A!7wb|CcL6!a9?iFN*7G)k;RZjY4cR^O>^cef^+N|ov3`1YR4O~UX+WJ}op5&TB+h_kX-j%wU10N`U zZrnc^2PBtoH=tKBxEH=xt~EZhDjbeZ?5CrsJ2sZY@LIn7XFdlcZ*SbaPQ|y)I+4vT zFE6x|mX^ByFRka=S5-brb`MB%heQ=d;g5jc_i`d6|6TBV(@8?biP9 zG8Mq{aUq-Vnvws0f9tYf*`ZqzKlSCU=tpx9u#_4`%{SjDq;E>k=Ec!t!lWG{66X6DJ3hud@O4k8skGC|z8FsCi}_clPn)a8*|!kU z2zn%OjYv4q3qglpfGsXNxX@?j@E?so9ykLD^ zUa3!jkg+6A(l*5|F0WndwLxr)!?gD2`b6#}GQZP_0)I^6p$7p|(?630uda>%?20a! zO)k3dI4^l{E?QmPX*T6^U{KhZb}@ce8k6#4)r3J-gp{9$e+z`o*X6^ySxaY9>;v>* zbAt4KnjVOgOo)x-6Vv=k;)0W69|~(T3CXjMGyIe&@7;Veiffvw$W z`y<_aYx_OPthRQ-VA3-kZuV}&bLL`2l$w`{qQGLCu$UC|d4>#k!zkd`qa`}o6;_K; zh-|O}uY4C$jiPojXB5}1n5Bm4<}Hr}5nk?f+DIjh4oUvL{C>iV(utdsrbdm9OV4=O zCDTOPV@{qfLDh&||o|0Sj6l4lkwH)u2+mAlr}#cB7a^`k4w{c4}*&^D?v98$c8FSetQ=?Nz>K zRuQo%Nj@lrVjnn^Ow=$>Vf(eNd_=-VAc6U@s@zD$fL!IiQAP6G&$`8tim1o(oriEC zB?er;j}6*E=L+58r6>*>I^IG~2J!L4 zg33xZBMF7X$t-4Lf@5@UHulyDn(`gOuj}p1T02qa7#pd(q-Ht-=E-Q?AWPMneyxER zw|y1rnRborES&inKZ)1b>oM4TXXvW=>z2zj<*hiZyn362b4ifU{U9_^=WnuGqqsll z7aRmD%EIcL)W8}9jD<%I@ay8tySyN`)nTqBGK<5=!i!JHwK)M&#Owi%3=Tx899||o zkXs{@^m)>kFgkT~c*TCR!zTkr%A64LA zU$x;(r&tNLF)O5$6!SXu(C{VoBiX}K7;7qcfAlqam=S#Rst6Y3rdcZ^D^hce)9kNv ziQnHA)Ez8(HHI7fvRGJi^h37hC}^v-0{#fB=(5zgnh!RgaTYq;4ka8>)=d3=S*}2G z*~2V!zDsE{R;>^zJ&~8s`iWqu_WZ6;ZPl3)-mDl`7GuoC2GVuMu^~6y{}d{;?!$g4 zBJiO7q8Fk&$8wyo6K*acv7)4ZdB|kw^Q%mc9z=5r*96+1qE%t6K}?#$Wq+bzg#m=Mc zB8g@G7UJM?B73{qlEX8FZpQOzi|hz-O=x$%Pyy!j&H&=yPa8a7{EF~&5G`Eo5?o}H#T%75$QON!= zokI^=>3lp>|2M;kY)Nct=hY{Ob?d5Xh2%@Lh+ z)F|TBS9M}?g~nj;fi27>#qNGyyOedp`hEG%B(!EwQJ0NRop<3&S9V*<-?zc81g#39 zX=fri^_p3O5ezz6E+W1MsY$DWg6k<9l6WM`6BBlq-Zacv^E71=o#aN03zD-k>H1~lw; zk3vN3enQ4)s~{NbT0X(}c`7$BdE68T)&Os9F|YqDBwERje+qq?V0R!3(9(wN za%+R*tcupC2+u!+A9E`r;uemE@1xi}Y72*FHnkUuSeGE8xy`w-_Y7mmSH8)?Z^;SM zAG2F$)0L&in$0aA4Uz%N4Wrzr{(I_5$KR0g626meMi5xhyjA;RJeg$4c5AEYm2g{Q z4>!4Wx9E>Nr^~j=@{@1%eR#7%Nt-|~4D_rNe4fmRDn?zdwJPaea_0Css&ef!DRQH2 zgvg1WWn)SlWM%D(#NIZtg_kvwH5Z4cfwOC5`tq~y?pgduq9*lcZRfX%f-QF2OaGKM zf4=T`D1z*4OZT!!ij8PTMN?CsiW=k%Cpe^aXVE@N{mm}5pJXXV>YxesO2Y3-0!{2& z!Czi5pWxvUko~$BK%y?F`NzD?@tAOMP#5gr7 z79nK>gS%@p?ia9#Q}fQSU{==}nOOBTF~2Ex06!ga>8M#O()pp>t+=)EqQhniQd?A4Ogfa1_{XkVA8)f_Vv(=PMbg z^qYOEH(9TnW4EVssLH-f?=~Yu@J&fqoLd-!pQ@@qF8fF0jy2EmVZ10eIQ4r3UWNNX^v+W>6#)RboFo>NgW$o`J%*3XuI)P{p5HO z-zW`tS?`jvCDF6tAegXnQ7_1j^p%)OL6ob)yo=qyFN@9JU#*EMs-Pm(eAQ~2i@Od@jXs>T+V$R zx{tgabNs5L2eJ+z%9d9{hBb^=867*CE-w5{qgzaJ59?FgWzRpQ8N`qG3n94mV{MFJ zeb*3Mqp+5p!15Zc+zKCio6dx332cLiFH@JVhRZ16+e_vS8Otp zQF$+UL||v-P_QS8O_CG5W*9#leBYX3`qN3pi1R^<6{iN;W@uF_FZ54TcsR9VMRW09!$-^8gprTjHN;$IzyxJq9t)g+|%43=;s80#vs zn$D(wczc=Ec)a{x+^D2}&ib&bDgm*9%V}H&t;t-&CSU;(~#CRlC1y z_0S)9>=te&bCLJ#FHzC>+{Y+z+_zYs<|}HrHk?;sZegRmYMm)ymFx zZL0~&z4w1-x6-5or}r1rdV4x>?1kEh2DOe;?fxCT`881%D)pGd{O1M#w2Bm6z6H+7 zI~uZLv$pzY({UL+YTDH4N=9DgaCR>-Ns{uBzCKWTx|%y_<)zV30klwmqv20G_}4nC zjn7&}2C=o<3Y_6f9$qvb^_SM#N37x`8_^XEOs`q~Zo7YZ3A^s42B$iYgGJXhsFw6- z$6LL;ytm>4{R%vSu={4vC?ln)2-b6!4N0jv%fDKRmvM8P@z0uN-2Cm=|M~i>SN@Og b68~#=W4S<@DM`w|nxZJD_N+w4 +ASN blocking is available in Pangolin community! Protect your resources by blocking or allowing specific networks and service providers. + + +## Benefits of ASN Blocking + +ASN blocking provides several important security and operational advantages: + +### Security Benefits +- **Block Malicious Networks**: Prevent access from autonomous systems known for hosting malicious activity, botnets, or spam operations +- **Control Cloud Provider Access**: Restrict or allow access from specific cloud providers (AWS, Azure, GCP, etc.) +- **Block VPN/Proxy Services**: Deny access from commercial VPN and proxy service providers to prevent anonymous access +- **Datacenter Filtering**: Block traffic from datacenter networks while allowing residential ISPs +- **Compliance Requirements**: Meet regulatory requirements that restrict access from certain network types or providers + +## Implementing ASN Blocking with Bypass Rules + +ASN blocking in Pangolin is implemented using [bypass rules](/manage/access-control/rules) with ASN-based matching. You can create rules that either allow or deny access based on the visitor's Autonomous System Number. + + + Pangolin Dashboard + + +### Setting Up ASN Blocking Rules + +1. Navigate to your target resource and select the **Rules** tab +2. Create a new rule and select **ASN** as the match type +3. Choose an ASN from the dropdown of common providers, or manually enter a specific ASN number +4. Choose your rule action: + - **Allow**: Bypass authentication for users from specific ASNs + - **Deny**: Block all access from specific ASNs + - **Pass to Auth**: Let users from specific ASNs proceed to authentication + +### Common ASNs + +The dropdown includes many commonly-used ASNs such as: + +- **Cloud Providers**: Amazon (AS16509), Google Cloud (AS15169), Microsoft Azure (AS8075), DigitalOcean (AS14061) +- **Major ISPs**: Comcast (AS7922), AT&T (AS7018), Verizon (AS701), Deutsche Telekom (AS3320) +- **VPN/Proxy Services**: NordVPN (various), ExpressVPN (various), Mullvad (AS42831) +- **CDN Providers**: Cloudflare (AS13335), Fastly (AS54113), Akamai (various) + +If the ASN you need isn't in the dropdown, you can manually enter the ASN number (e.g., AS12345 or just 12345). + +### Common ASN Blocking Patterns + +#### Block VPN and Proxy Services +Create deny rules for known VPN and proxy ASNs to prevent anonymous access: + +1. Create **Deny** rules for each VPN/proxy provider ASN +2. Select ASNs from the dropdown or enter them manually +3. Set appropriate priorities + +#### Block Datacenter Traffic +Block access from datacenter and hosting provider ASNs while allowing residential users: + +1. Create **Deny** rules for major cloud and hosting provider ASNs +2. Include providers like AWS, GCP, Azure, DigitalOcean, etc. +3. This helps ensure only real users from residential ISPs can access your resources + +#### Allow Only Specific Networks +Create a default deny rule and explicitly allow only approved ASNs: + +1. Create a **Deny** rule matching all traffic with priority 100 +2. Create **Allow** rules for specific approved ASNs with higher priority (e.g., 10, 20, 30) + +#### Regional ISP Control +Allow access only from specific country ISPs while blocking others: + +1. **Combine with Country Rules**: Use ASN rules to specify which ISPs are allowed +2. Create **Allow** rules for major residential ISPs in your target countries +3. Block datacenter and VPN ASNs that might circumvent country restrictions + +### Best Practices + + +ASN blocking affects all users from that network. Be careful when blocking large ISPs or cloud providers, as legitimate users or your own infrastructure may be affected. + + + +### Finding ASN Numbers + +If you need to find the ASN for a specific network or provider: + +1. Use online tools like [bgp.he.net](https://bgp.he.net/) or [ipinfo.io](https://ipinfo.io/) +2. Search by company name, IP address, or ASN number +3. Enter the ASN in the rule configuration (with or without the "AS" prefix) + +### Rule Priority Example + +``` +Priority 1: Allow - ASN: AS7922 (Comcast) +Priority 2: Allow - ASN: AS7018 (AT&T) +Priority 3: Deny - ASN: AS13335 (Cloudflare - VPN) +Priority 4: Deny - ASN: AS16509 (Amazon - Datacenter) +``` + +This configuration allows access from residential users on Comcast and AT&T while blocking Cloudflare's VPN service and Amazon datacenters. + +### Advanced Patterns + +#### Block Bot Networks +Identify and block ASNs associated with automated bot traffic: + +1. Monitor your access logs for suspicious ASNs +2. Create **Deny** rules for ASNs showing bot-like behavior +3. Regularly review and update your blocklist + + diff --git a/self-host/advanced/enable-asnblocking.mdx b/self-host/advanced/enable-asnblocking.mdx new file mode 100644 index 0000000..bd832d9 --- /dev/null +++ b/self-host/advanced/enable-asnblocking.mdx @@ -0,0 +1,65 @@ +--- +title: "Enable ASN Blocking" +description: "Configuration requirements to enable ASN blocking in Pangolin" +--- + +To enable ASN blocking in Pangolin Community you must download and place the Maxmind ASN database into the `config/` directory and update the config file. This can be done for free. + + +Remember to keep the ASN database updated regularly, as ASN assignments and network mappings can change over time. You can just repeat the download and extraction steps periodically to ensure your database is current. + + + +It is possible to automate this process with a Docker container from Maxmind themself. +Have a look at this [Community guide](/self-host/community-guides/geolite2automation) on how to implement this! + + +You can use the installer to download and place the database for you, just grab the latest installer: + + ```bash + curl -fsSL https://static.pangolin.net/get-installer.sh | bash + ``` +Then run the installer again: + + ```bash + ./installer + ``` + +### Manual Installation Steps + + + + Download and extract the GeoLite2 ASN database using the following commands: + + ```bash + # Download the GeoLite2 ASN database + curl -L -o GeoLite2-ASN.tar.gz https://github.com/GitSquared/node-geolite2-redist/raw/refs/heads/master/redist/GeoLite2-ASN.tar.gz + + # Extract the database + tar -xzf GeoLite2-ASN.tar.gz + + # Move the .mmdb file to the config directory + mv GeoLite2-ASN_*/GeoLite2-ASN.mmdb config/ + + # Clean up the downloaded files + rm -rf GeoLite2-ASN.tar.gz GeoLite2-ASN_* + ``` + + + Update your Pangolin configuration to point to the new ASN database file. Edit your `config/config.yml` file to include the following entry: + + ```yaml + server: + maxmind_asn_db_path: "./config/GeoLite2-ASN.mmdb" + ``` + + + Restart your Pangolin instance to apply the changes: + + ```bash + docker compose restart pangolin + ``` + + + +Alternativly you can create an account at [Maxmind](https://www.maxmind.com/en/geolite2/signup) to get a license key and download the database directly from them. diff --git a/self-host/community-guides/geolite2automation.mdx b/self-host/community-guides/geolite2automation.mdx index 7c72bea..ebb8da1 100644 --- a/self-host/community-guides/geolite2automation.mdx +++ b/self-host/community-guides/geolite2automation.mdx @@ -1,13 +1,13 @@ --- title: "GeoLite2 Automation" -description: "A simple automation to download & update your GeoLite2 database with geoipupdate" +description: "A simple automation to download & update your GeoLite2 databases with geoipupdate" --- This is a community guide and is not officially supported. If you have any issues, please reach out to the [author](https://github.com/txwgnd). -This automation lets your system automatically download & upgrade the `GeoLite2-Country` database from Maxmind to use for geoblocking on your Pangolin host. It's utilizing Maxmind's [geoipupdate](https://github.com/maxmind/geoipupdate/tree/main) Docker container to achieve this. +This automation lets your system automatically download & upgrade the `GeoLite2-Country` and `GeoLite2-ASN` databases from Maxmind to use for geoblocking and ASN blocking on your Pangolin host. It's utilizing Maxmind's [geoipupdate](https://github.com/maxmind/geoipupdate/tree/main) Docker container to achieve this. Maxmind's service is free of charge for development, personal or community use. [Quote](https://support.maxmind.com/knowledge-base/articles/create-a-maxmind-account#h_01G4G4NG5C63BQ6HRG6MSS50T3) @@ -23,7 +23,7 @@ Maxmind's service is free of charge for development, personal or community use. * Pangolin version 1.11.0 or higher ## 2. Maxmind Account -To be able to use Maxmind's service you need to request access to the GeoLite2 database and create an account on their [website](https://www.maxmind.com/en/geolite2/signup?utm_source=kb&utm_medium=kb-link&utm_campaign=kb-create-account). +To be able to use Maxmind's service you need to request access to the GeoLite2 databases and create an account on their [website](https://www.maxmind.com/en/geolite2/signup?utm_source=kb&utm_medium=kb-link&utm_campaign=kb-create-account). After you successfully created an account visit the mainpage again and login to your new account. @@ -72,10 +72,10 @@ services: image: ghcr.io/maxmind/geoipupdate restart: unless-stopped environment: - - 'GEOIPUPDATE_ACCOUNT_ID=' # Account ID - - 'GEOIPUPDATE_LICENSE_KEY=' # API key - - 'GEOIPUPDATE_EDITION_IDS=GeoLite2-Country' # Which db should be downloaded - - 'GEOIPUPDATE_FREQUENCY=72' # Update intervall in hours + - 'GEOIPUPDATE_ACCOUNT_ID=' # Account ID + - 'GEOIPUPDATE_LICENSE_KEY=' # API key + - 'GEOIPUPDATE_EDITION_IDS=GeoLite2-Country GeoLite2-ASN' # Which dbs should be downloaded + - 'GEOIPUPDATE_FREQUENCY=72' # Update intervall in hours volumes: - './config/GeoLite2:/usr/share/GeoIP' ``` @@ -91,13 +91,14 @@ Navigate to `/config` within the same folder and open it with a text editor. cd config ``` -Add this line to the `server` object +Add these lines to the `server` object ```yaml server: maxmind_db_path: "./config/GeoLite2/GeoLite2-Country.mmdb" + maxmind_asn_path: "./config/GeoLite2/GeoLite2-ASN.mmdb" ``` -This entry tells the Pangolin application where to find the database. +These entries tell the Pangolin application where to find the databases. Save and close the file then navigate to the `pangolin` folder one level higher. @@ -106,6 +107,6 @@ Restart your Pangolin stack with: docker compose up -d ``` -Et voilà, you are now able to define country rules for your ressources! 🏁 +Et voilà, you are now able to define country rules and ASN rules for your ressources! 🏁 -btw: you can use this exact database for your Traefik dashboard too -> [Community Guide](/self-host/community-guides/traefiklogsdashboard) \ No newline at end of file +btw: you can use these exact databases for your Traefik dashboard too -> [Community Guide](/self-host/community-guides/traefiklogsdashboard) \ No newline at end of file From b6861f903100345cf4ef83595a58f0c81655423a Mon Sep 17 00:00:00 2001 From: Owen Schwartz Date: Mon, 22 Dec 2025 10:10:26 -0500 Subject: [PATCH 7/9] Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- self-host/advanced/enable-asnblocking.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/self-host/advanced/enable-asnblocking.mdx b/self-host/advanced/enable-asnblocking.mdx index bd832d9..0593413 100644 --- a/self-host/advanced/enable-asnblocking.mdx +++ b/self-host/advanced/enable-asnblocking.mdx @@ -50,7 +50,7 @@ Then run the installer again: ```yaml server: - maxmind_asn_db_path: "./config/GeoLite2-ASN.mmdb" + maxmind_asn_path: "./config/GeoLite2-ASN.mmdb" ``` From 12b366301b3790c78699b2842a6a38586a5799da Mon Sep 17 00:00:00 2001 From: Owen Schwartz Date: Mon, 22 Dec 2025 10:10:51 -0500 Subject: [PATCH 8/9] Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- self-host/advanced/enable-asnblocking.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/self-host/advanced/enable-asnblocking.mdx b/self-host/advanced/enable-asnblocking.mdx index 0593413..62850c3 100644 --- a/self-host/advanced/enable-asnblocking.mdx +++ b/self-host/advanced/enable-asnblocking.mdx @@ -62,4 +62,4 @@ Then run the installer again: -Alternativly you can create an account at [Maxmind](https://www.maxmind.com/en/geolite2/signup) to get a license key and download the database directly from them. +Alternatively you can create an account at [Maxmind](https://www.maxmind.com/en/geolite2/signup) to get a license key and download the database directly from them. From eb5af0a0d2f676393bf2c6bc4f68dfa2bdcec2d9 Mon Sep 17 00:00:00 2001 From: miloschwartz Date: Mon, 22 Dec 2025 16:10:22 -0500 Subject: [PATCH 9/9] add org id explanation --- docs.json | 7 +++++++ manage/organizations/org-id.mdx | 16 ++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 manage/organizations/org-id.mdx diff --git a/docs.json b/docs.json index e86a682..bd89a23 100644 --- a/docs.json +++ b/docs.json @@ -72,6 +72,13 @@ ] }, "manage/domains", + { + "group": "Organizations", + "icon": "building", + "pages": [ + "manage/organizations/org-id" + ] + }, { "group": "Access Control", "icon": "user-group", diff --git a/manage/organizations/org-id.mdx b/manage/organizations/org-id.mdx new file mode 100644 index 0000000..989a796 --- /dev/null +++ b/manage/organizations/org-id.mdx @@ -0,0 +1,16 @@ +--- +title: "Organization ID" +description: "Understand organization IDs and how to locate yours in the dashboard" +--- + +Pangolin is multi-tenant. All sites, resources, clients, and other items belong to an organization, and a server can host more than one organization. + +Each organization has a unique ID that Pangolin generates when you create the organization. You cannot change the ID after creation, and it is separate from the display name. + +## Finding your organization ID + +You can find your organization ID in two ways: + +1. Check the general settings page for your organization. The ID appears at the top of the info card. + +2. Check the URL path when viewing your dashboard. The org ID is the first slug in the URL. For example, in `https://app.pangolin.net/home-lab/settings/sites`, the org ID is `home-lab`.