From 4445d096f575b6985b9bf32a5db7de59ae271b4c Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Thu, 22 Oct 2020 10:56:26 -0400
Subject: [PATCH] reimplement licensing to work with RHSM and entitlement
 uploads

Co-authored-by: Christian Adams <chadams@redhat.com>
---
 .gitignore                                    |   1 +
 Makefile                                      |   4 +-
 awx/api/generics.py                           |   5 +-
 awx/api/parsers.py                            |  25 ++
 awx/api/urls/urls.py                          |   2 +
 awx/api/views/__init__.py                     |   1 +
 awx/api/views/root.py                         |  96 ++++-
 awx/conf/license.py                           |  12 +-
 awx/conf/migrations/0008_subscriptions.py     |  20 +
 awx/conf/migrations/_subscriptions.py         |  17 +
 awx/conf/models.py                            |   8 -
 awx/main/access.py                            |   4 +-
 awx/main/analytics/collectors.py              |   4 +-
 awx/main/analytics/core.py                    |   2 +-
 awx/main/analytics/metrics.py                 |   2 +-
 awx/main/conf.py                              |  43 ++
 awx/main/management/commands/check_license.py |   4 +-
 .../management/commands/inventory_import.py   |   4 +-
 awx/main/tasks.py                             |   2 +-
 .../tests/functional/core/test_licenses.py    |  17 +-
 awx/main/tests/functional/test_licenses.py    |   3 +-
 awx/main/tests/unit/test_tasks.py             |  16 +-
 awx/main/utils/common.py                      |  37 +-
 awx/main/utils/licensing.py                   | 382 ++++++++++++++++++
 awx/main/validators.py                        |   6 +
 awx/settings/defaults.py                      |   4 +
 .../forms/settings-form.route.js              |  10 +-
 .../src/license/checkLicense.factory.js       |  18 +-
 .../client/src/license/license.controller.js  |  82 ++--
 .../client/src/license/license.partial.html   |  51 ++-
 awx/ui/client/src/license/license.route.js    |  20 +-
 .../src/shared/config/config.service.js       |   2 +-
 awxkit/awxkit/api/pages/subscriptions.py      |   3 +
 awxkit/awxkit/api/resources.py                |   1 +
 docs/licenses/iniparse.txt                    |  30 ++
 .../python-rhsm-python3-backport.tar.gz       | Bin 0 -> 56535 bytes
 docs/licenses/python-rhsm.txt                 | 339 ++++++++++++++++
 .../roles/image_build/templates/Dockerfile.j2 |   1 +
 .../kubernetes/templates/configmap.yml.j2     |   2 +
 requirements/requirements.txt                 |   3 +-
 requirements/requirements_git.txt             |   1 +
 requirements/updater.sh                       |   7 +-
 42 files changed, 1117 insertions(+), 174 deletions(-)
 create mode 100644 awx/conf/migrations/0008_subscriptions.py
 create mode 100644 awx/conf/migrations/_subscriptions.py
 create mode 100644 awx/main/utils/licensing.py
 create mode 100644 docs/licenses/iniparse.txt
 create mode 100644 docs/licenses/python-rhsm-python3-backport.tar.gz
 create mode 100644 docs/licenses/python-rhsm.txt

diff --git a/.gitignore b/.gitignore
index 7e0f07a83c..3b0fbc7d59 100644
--- a/.gitignore
+++ b/.gitignore
@@ -147,3 +147,4 @@ use_dev_supervisor.txt
 .idea/*
 *.unison.tmp
 *.#
+/tools/docker-compose/overrides/
diff --git a/Makefile b/Makefile
index ed73f4a5b6..8d891c25b5 100644
--- a/Makefile
+++ b/Makefile
@@ -650,9 +650,11 @@ awx/projects:
 docker-compose-isolated: awx/projects
 	CURRENT_UID=$(shell id -u) TAG=$(COMPOSE_TAG) DEV_DOCKER_TAG_BASE=$(DEV_DOCKER_TAG_BASE) docker-compose -f tools/docker-compose.yml -f tools/docker-isolated-override.yml up
 
+COMPOSE_UP_OPTS ?= ""
+
 # Docker Compose Development environment
 docker-compose: docker-auth awx/projects
-	CURRENT_UID=$(shell id -u) OS="$(shell docker info | grep 'Operating System')" TAG=$(COMPOSE_TAG) DEV_DOCKER_TAG_BASE=$(DEV_DOCKER_TAG_BASE) docker-compose -f tools/docker-compose.yml up --no-recreate awx
+	CURRENT_UID=$(shell id -u) OS="$(shell docker info | grep 'Operating System')" TAG=$(COMPOSE_TAG) DEV_DOCKER_TAG_BASE=$(DEV_DOCKER_TAG_BASE) docker-compose -f tools/docker-compose.yml $(COMPOSE_UP_OPTS) up --no-recreate awx
 
 docker-compose-cluster: docker-auth awx/projects
 	CURRENT_UID=$(shell id -u) TAG=$(COMPOSE_TAG) DEV_DOCKER_TAG_BASE=$(DEV_DOCKER_TAG_BASE) docker-compose -f tools/docker-compose-cluster.yml up
diff --git a/awx/api/generics.py b/awx/api/generics.py
index fce5bb9b49..0c6f2637f6 100644
--- a/awx/api/generics.py
+++ b/awx/api/generics.py
@@ -47,8 +47,6 @@ from awx.main.utils import (
     get_object_or_400,
     decrypt_field,
     get_awx_version,
-    get_licenser,
-    StubLicense
 )
 from awx.main.utils.db import get_all_field_names
 from awx.main.views import ApiErrorView
@@ -225,7 +223,8 @@ class APIView(views.APIView):
         response = super(APIView, self).finalize_response(request, response, *args, **kwargs)
         time_started = getattr(self, 'time_started', None)
         response['X-API-Product-Version'] = get_awx_version()
-        response['X-API-Product-Name'] = 'AWX' if isinstance(get_licenser(), StubLicense) else 'Red Hat Ansible Tower'
+        response['X-API-Product-Name'] = 'AWX' if settings.LICENSE.get('license_type', 'UNLICENSED') in 'open' else 'Red Hat Ansible Tower'
+        
         response['X-API-Node'] = settings.CLUSTER_HOST_ID
         if time_started:
             time_elapsed = time.time() - self.time_started
diff --git a/awx/api/parsers.py b/awx/api/parsers.py
index ce18bce0af..8c9cfede94 100644
--- a/awx/api/parsers.py
+++ b/awx/api/parsers.py
@@ -34,3 +34,28 @@ class JSONParser(parsers.JSONParser):
             return obj
         except ValueError as exc:
             raise ParseError(_('JSON parse error - %s\nPossible cause: trailing comma.' % str(exc)))
+
+
+class ConfigJSONParser(parsers.JSONParser):
+    """
+    Entitlement Certificates have newlines in them which require json.loads to
+    not use strict parsing.
+    """
+
+    def parse(self, stream, media_type=None, parser_context=None):
+        """
+        Parses the incoming bytestream as JSON and returns the resulting data.
+        """
+        parser_context = parser_context or {}
+        encoding = parser_context.get('encoding', settings.DEFAULT_CHARSET)
+
+        try:
+            data = smart_str(stream.read(), encoding=encoding)
+            if not data:
+                return {}
+            obj = json.loads(data, object_pairs_hook=OrderedDict, strict=False)
+            if not isinstance(obj, dict) and obj is not None:
+                raise ParseError(_('JSON parse error - not a JSON object'))
+            return obj
+        except ValueError as exc:
+            raise ParseError(_('JSON parse error - %s\nPossible cause: trailing comma.' % str(exc)))
diff --git a/awx/api/urls/urls.py b/awx/api/urls/urls.py
index 2745f87095..636e68e4bd 100644
--- a/awx/api/urls/urls.py
+++ b/awx/api/urls/urls.py
@@ -15,6 +15,7 @@ from awx.api.views import (
     ApiV2PingView,
     ApiV2ConfigView,
     ApiV2SubscriptionView,
+    ApiV2AttachView,
     AuthView,
     UserMeList,
     DashboardView,
@@ -94,6 +95,7 @@ v2_urls = [
     url(r'^ping/$', ApiV2PingView.as_view(), name='api_v2_ping_view'),
     url(r'^config/$', ApiV2ConfigView.as_view(), name='api_v2_config_view'),
     url(r'^config/subscriptions/$', ApiV2SubscriptionView.as_view(), name='api_v2_subscription_view'),
+    url(r'^config/attach/$', ApiV2AttachView.as_view(), name='api_v2_attach_view'),
     url(r'^auth/$', AuthView.as_view()),
     url(r'^me/$', UserMeList.as_view(), name='user_me_list'),
     url(r'^dashboard/$', DashboardView.as_view(), name='dashboard_view'),
diff --git a/awx/api/views/__init__.py b/awx/api/views/__init__.py
index 3b5ffc9671..df138b8a6d 100644
--- a/awx/api/views/__init__.py
+++ b/awx/api/views/__init__.py
@@ -153,6 +153,7 @@ from awx.api.views.root import ( # noqa
     ApiV2PingView,
     ApiV2ConfigView,
     ApiV2SubscriptionView,
+    ApiV2AttachView,
 )
 from awx.api.views.webhooks import ( # noqa
     WebhookKeyView,
diff --git a/awx/api/views/root.py b/awx/api/views/root.py
index aeda19cdeb..abcd0eed8a 100644
--- a/awx/api/views/root.py
+++ b/awx/api/views/root.py
@@ -1,9 +1,9 @@
 # Copyright (c) 2018 Ansible, Inc.
 # All Rights Reserved.
 
+import json
 import logging
 import operator
-import json
 from collections import OrderedDict
 
 from django.conf import settings
@@ -20,6 +20,7 @@ from rest_framework import status
 import requests
 
 from awx.api.generics import APIView
+from awx.api.parsers import ConfigJSONParser
 from awx.conf.registry import settings_registry
 from awx.main.analytics import all_collectors
 from awx.main.ha import is_ha_environment
@@ -30,7 +31,6 @@ from awx.main.utils import (
     to_python_boolean,
 )
 from awx.api.versioning import reverse, drf_reverse
-from awx.conf.license import get_license
 from awx.main.constants import PRIVILEGE_ESCALATION_METHODS
 from awx.main.models import (
     Project,
@@ -178,7 +178,7 @@ class ApiV2PingView(APIView):
 class ApiV2SubscriptionView(APIView):
 
     permission_classes = (IsAuthenticated,)
-    name = _('Configuration')
+    name = _('Subscriptions')
     swagger_topic = 'System Configuration'
 
     def check_permissions(self, request):
@@ -189,16 +189,16 @@ class ApiV2SubscriptionView(APIView):
     def post(self, request):
         from awx.main.utils.common import get_licenser
         data = request.data.copy()
-        if data.get('rh_password') == '$encrypted$':
-            data['rh_password'] = settings.REDHAT_PASSWORD
+        if data.get('subscriptions_password') == '$encrypted$':
+            data['subscriptions_password'] = settings.SUBSCRIPTIONS_PASSWORD
         try:
-            user, pw = data.get('rh_username'), data.get('rh_password')
+            user, pw = data.get('subscriptions_username'), data.get('subscriptions_password')
             with set_environ(**settings.AWX_TASK_ENV):
                 validated = get_licenser().validate_rh(user, pw)
             if user:
-                settings.REDHAT_USERNAME = data['rh_username']
+                settings.SUBSCRIPTIONS_USERNAME = data['subscriptions_username']
             if pw:
-                settings.REDHAT_PASSWORD = data['rh_password']
+                settings.SUBSCRIPTIONS_PASSWORD = data['subscriptions_password']
         except Exception as exc:
             msg = _("Invalid License")
             if (
@@ -220,11 +220,63 @@ class ApiV2SubscriptionView(APIView):
         return Response(validated)
 
 
+class ApiV2AttachView(APIView):
+
+    permission_classes = (IsAuthenticated,)
+    name = _('Attach Subscription')
+    swagger_topic = 'System Configuration'
+
+    def check_permissions(self, request):
+        super(ApiV2AttachView, self).check_permissions(request)
+        if not request.user.is_superuser and request.method.lower() not in {'options', 'head'}:
+            self.permission_denied(request)  # Raises PermissionDenied exception.
+
+    def post(self, request):
+        data = request.data.copy()
+        pool_id = data.get('pool_id', None)
+        # org = data.get('org', None)  # if we want allow to user to specify the org, we will need to pass this
+        if not pool_id:
+            return Response({"error": _("No subscription pool ID provided.")}, status=status.HTTP_400_BAD_REQUEST)
+        user = getattr(settings, 'SUBSCRIPTIONS_USERNAME', None)
+        pw = getattr(settings, 'SUBSCRIPTIONS_PASSWORD', None)
+        if pool_id and user and pw:
+            from awx.main.utils.common import get_licenser
+            data = request.data.copy()
+            try:
+                with set_environ(**settings.AWX_TASK_ENV):
+                    validated = get_licenser().validate_rh(user, pw)
+            except Exception as exc:
+                msg = _("Invalid License")
+                if (
+                    isinstance(exc, requests.exceptions.HTTPError) and
+                    getattr(getattr(exc, 'response', None), 'status_code', None) == 401
+                ):
+                    msg = _("The provided credentials are invalid (HTTP 401).")
+                elif isinstance(exc, requests.exceptions.ProxyError):
+                    msg = _("Unable to connect to proxy server.")
+                elif isinstance(exc, requests.exceptions.ConnectionError):
+                    msg = _("Could not connect to subscription service.")
+                elif isinstance(exc, (ValueError, OSError)) and exc.args:
+                    msg = exc.args[0]
+                else:
+                    logger.exception(smart_text(u"Invalid license submitted."),
+                                     extra=dict(actor=request.user.username))
+                return Response({"error": msg}, status=status.HTTP_400_BAD_REQUEST)
+        for sub in validated:
+            if sub['pool_id'] == pool_id:
+                sub['valid_key'] = True
+                settings.LICENSE = sub
+                return Response(sub)
+
+        return Response({"error": _("Error processing subscription metadata.")}, status=status.HTTP_400_BAD_REQUEST)
+
+
 class ApiV2ConfigView(APIView):
 
     permission_classes = (IsAuthenticated,)
     name = _('Configuration')
     swagger_topic = 'System Configuration'
+    parser_classes = (ConfigJSONParser,)
 
     def check_permissions(self, request):
         super(ApiV2ConfigView, self).check_permissions(request)
@@ -234,15 +286,11 @@ class ApiV2ConfigView(APIView):
     def get(self, request, format=None):
         '''Return various sitewide configuration settings'''
 
-        if request.user.is_superuser or request.user.is_system_auditor:
-            license_data = get_license(show_key=True)
-        else:
-            license_data = get_license(show_key=False)
+        from awx.main.utils.common import get_licenser
+        license_data = get_licenser().validate(new_cert=False)
+
         if not license_data.get('valid_key', False):
             license_data = {}
-        if license_data and 'features' in license_data and 'activity_streams' in license_data['features']:
-            # FIXME: Make the final setting value dependent on the feature?
-            license_data['features']['activity_streams'] &= settings.ACTIVITY_STREAM_ENABLED
 
         pendo_state = settings.PENDO_TRACKING_STATE if settings.PENDO_TRACKING_STATE in ('off', 'anonymous', 'detailed') else 'off'
 
@@ -281,6 +329,7 @@ class ApiV2ConfigView(APIView):
 
         return Response(data)
 
+
     def post(self, request):
         if not isinstance(request.data, dict):
             return Response({"error": _("Invalid license data")}, status=status.HTTP_400_BAD_REQUEST)
@@ -300,18 +349,26 @@ class ApiV2ConfigView(APIView):
             logger.info(smart_text(u"Invalid JSON submitted for license."),
                         extra=dict(actor=request.user.username))
             return Response({"error": _("Invalid JSON")}, status=status.HTTP_400_BAD_REQUEST)
+
+        # Save Entitlement Cert/Key
+        license_data = json.loads(data_actual)
+        if 'entitlement_cert' in license_data:
+            settings.ENTITLEMENT_CERT = license_data['entitlement_cert']
+
         try:
+            # Validate entitlement cert and get subscription metadata
+            # validate() will clear the entitlement cert if not valid
             from awx.main.utils.common import get_licenser
-            license_data = json.loads(data_actual)
-            license_data_validated = get_licenser(**license_data).validate()
+            license_data_validated = get_licenser().validate(new_cert=True)
         except Exception:
             logger.warning(smart_text(u"Invalid license submitted."),
                            extra=dict(actor=request.user.username))
+            # If License invalid, clear entitlment cert value
+            settings.ENTITLEMENT_CERT = ''
             return Response({"error": _("Invalid License")}, status=status.HTTP_400_BAD_REQUEST)
 
         # If the license is valid, write it to the database.
         if license_data_validated['valid_key']:
-            settings.LICENSE = license_data
             if not settings_registry.is_setting_read_only('TOWER_URL_BASE'):
                 settings.TOWER_URL_BASE = "{}://{}".format(request.scheme, request.get_host())
             return Response(license_data_validated)
@@ -321,9 +378,12 @@ class ApiV2ConfigView(APIView):
         return Response({"error": _("Invalid license")}, status=status.HTTP_400_BAD_REQUEST)
 
     def delete(self, request):
+        # Clear license and entitlement certificate
         try:
             settings.LICENSE = {}
+            settings.ENTITLEMENT_CERT = ''
             return Response(status=status.HTTP_204_NO_CONTENT)
         except Exception:
             # FIX: Log
             return Response({"error": _("Failed to remove license.")}, status=status.HTTP_400_BAD_REQUEST)
+        
diff --git a/awx/conf/license.py b/awx/conf/license.py
index 6ad1042f9a..b9d142a9f1 100644
--- a/awx/conf/license.py
+++ b/awx/conf/license.py
@@ -1,18 +1,14 @@
 # Copyright (c) 2016 Ansible, Inc.
 # All Rights Reserved.
 
-
 __all__ = ['get_license']
 
 
 def _get_validated_license_data():
-    from awx.main.utils.common import get_licenser
-    return get_licenser().validate()
+    from awx.main.utils.licensing import Licenser
+    return Licenser().validate(new_cert=False)
 
 
-def get_license(show_key=False):
+def get_license():
     """Return a dictionary representing the active license on this Tower instance."""
-    license_data = _get_validated_license_data()
-    if not show_key:
-        license_data.pop('license_key', None)
-    return license_data
+    return _get_validated_license_data()
diff --git a/awx/conf/migrations/0008_subscriptions.py b/awx/conf/migrations/0008_subscriptions.py
new file mode 100644
index 0000000000..8b3dff6cf4
--- /dev/null
+++ b/awx/conf/migrations/0008_subscriptions.py
@@ -0,0 +1,20 @@
+# Generated by Django 2.2.11 on 2020-08-04 15:19
+
+import logging
+
+from django.db import migrations
+
+from awx.conf.migrations import _subscriptions as subscriptions
+
+logger = logging.getLogger('awx.conf.migrations')
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('conf', '0007_v380_rename_more_settings'),
+    ]
+
+    operations = [
+        migrations.RunPython(subscriptions.clear_old_license),
+    ]
diff --git a/awx/conf/migrations/_subscriptions.py b/awx/conf/migrations/_subscriptions.py
new file mode 100644
index 0000000000..b28c8dd195
--- /dev/null
+++ b/awx/conf/migrations/_subscriptions.py
@@ -0,0 +1,17 @@
+# -*- coding: utf-8 -*-
+import logging
+from django.conf import settings
+
+from awx.main.utils.licensing import Licenser
+
+logger = logging.getLogger('awx.conf.settings')
+
+__all__ = ['clear_old_license']    
+    
+
+def clear_old_license(apps, schema_editor):
+    # Setting = apps.get_model('conf', 'Organization')
+    # setting.objects.filter(key=LICENSE)
+    licenser = Licenser()
+    if licenser._check_product_cert():
+        settings.LICENSE = licenser.UNLICENSED_DATA.copy()
diff --git a/awx/conf/models.py b/awx/conf/models.py
index 2859650f54..fe28fd89a8 100644
--- a/awx/conf/models.py
+++ b/awx/conf/models.py
@@ -78,14 +78,6 @@ class Setting(CreatedModifiedModel):
     def get_cache_id_key(self, key):
         return '{}_ID'.format(key)
 
-    def display_value(self):
-        if self.key == 'LICENSE' and 'license_key' in self.value:
-            # don't log the license key in activity stream
-            value = self.value.copy()
-            value['license_key'] = '********'
-            return value
-        return self.value
-
 
 import awx.conf.signals  # noqa
 
diff --git a/awx/main/access.py b/awx/main/access.py
index 0ecb025d92..536c8e4699 100644
--- a/awx/main/access.py
+++ b/awx/main/access.py
@@ -307,7 +307,7 @@ class BaseAccess(object):
         return True  # User has access to both, permission check passed
 
     def check_license(self, add_host_name=None, feature=None, check_expiration=True, quiet=False):
-        validation_info = get_licenser().validate()
+        validation_info = get_licenser().validate(new_cert=False)
         if validation_info.get('license_type', 'UNLICENSED') == 'open':
             return
 
@@ -345,7 +345,7 @@ class BaseAccess(object):
             report_violation(_("Host count exceeds available instances."))
 
     def check_org_host_limit(self, data, add_host_name=None):
-        validation_info = get_licenser().validate()
+        validation_info = get_licenser().validate(new_cert=False)
         if validation_info.get('license_type', 'UNLICENSED') == 'open':
             return
 
diff --git a/awx/main/analytics/collectors.py b/awx/main/analytics/collectors.py
index e1dc468d51..bcbc7b0118 100644
--- a/awx/main/analytics/collectors.py
+++ b/awx/main/analytics/collectors.py
@@ -33,9 +33,9 @@ data _since_ the last report date - i.e., new data in the last 24 hours)
 '''
 
 
-@register('config', '1.1', description=_('General platform configuration.'))
+@register('config', '1.2', description=_('General platform configuration.'))
 def config(since, **kwargs):
-    license_info = get_license(show_key=False)
+    license_info = get_license()
     install_type = 'traditional'
     if os.environ.get('container') == 'oci':
         install_type = 'openshift'
diff --git a/awx/main/analytics/core.py b/awx/main/analytics/core.py
index fe48fb30bf..2c77444929 100644
--- a/awx/main/analytics/core.py
+++ b/awx/main/analytics/core.py
@@ -24,7 +24,7 @@ logger = logging.getLogger('awx.main.analytics')
 
 def _valid_license():
     try:
-        if get_license(show_key=False).get('license_type', 'UNLICENSED') == 'open':
+        if get_license().get('license_type', 'UNLICENSED') == 'open':
             return False
         access_registry[Job](None).check_license()
     except PermissionDenied:
diff --git a/awx/main/analytics/metrics.py b/awx/main/analytics/metrics.py
index 1dd85eb6a7..676ccdabf5 100644
--- a/awx/main/analytics/metrics.py
+++ b/awx/main/analytics/metrics.py
@@ -54,7 +54,7 @@ LICENSE_INSTANCE_FREE = Gauge('awx_license_instance_free', 'Number of remaining
 
 
 def metrics():
-    license_info = get_license(show_key=False)
+    license_info = get_license()
     SYSTEM_INFO.info({
         'install_uuid': settings.INSTALL_UUID,
         'insights_analytics': str(settings.INSIGHTS_TRACKING_STATE),
diff --git a/awx/main/conf.py b/awx/main/conf.py
index 3b41c3a19b..95e15e9def 100644
--- a/awx/main/conf.py
+++ b/awx/main/conf.py
@@ -12,6 +12,8 @@ from rest_framework.fields import FloatField
 
 # Tower
 from awx.conf import fields, register, register_validate
+from awx.main.validators import validate_entitlement_cert
+
 
 logger = logging.getLogger('awx.main.conf')
 
@@ -142,6 +144,32 @@ register(
     category_slug='system',
 )
 
+register(
+    'SUBSCRIPTIONS_USERNAME',
+    field_class=fields.CharField,
+    default='',
+    allow_blank=True,
+    encrypted=False,
+    read_only=False,
+    label=_('Red Hat or Satellite username'),
+    help_text=_('This username is used to retrieve subscription and content information'),  # noqa
+    category=_('System'),
+    category_slug='system',
+)
+
+register(
+    'SUBSCRIPTIONS_PASSWORD',
+    field_class=fields.CharField,
+    default='',
+    allow_blank=True,
+    encrypted=True,
+    read_only=False,
+    label=_('Red Hat or Satellite password'),
+    help_text=_('This password is used to retrieve subscription and content information'),  # noqa
+    category=_('System'),
+    category_slug='system',
+)
+
 register(
     'AUTOMATION_ANALYTICS_URL',
     field_class=fields.URLField,
@@ -328,6 +356,21 @@ register(
     category_slug='jobs',
 )
 
+register(
+    'ENTITLEMENT_CERT',
+    field_class=fields.CharField,
+    allow_blank=True,
+    default='',
+    required=False,
+    validators=[validate_entitlement_cert],  # TODO: may need to use/modify `validate_certificate` validator
+    label=_('RHSM Entitlement Public Certificate and Private Key'),
+    help_text=_('Obtain a key pair via subscription-manager, or https://access.redhat.com. Refer to Ansible Tower docs for formatting key pair.'),
+    category=_('SYSTEM'),
+    category_slug='system',
+    encrypted=True,
+)
+
+
 register(
     'AWX_RESOURCE_PROFILING_ENABLED',
     field_class=fields.BooleanField,
diff --git a/awx/main/management/commands/check_license.py b/awx/main/management/commands/check_license.py
index 8c0798cc53..23d51c7e17 100644
--- a/awx/main/management/commands/check_license.py
+++ b/awx/main/management/commands/check_license.py
@@ -16,9 +16,7 @@ class Command(BaseCommand):
 
     def handle(self, *args, **options):
         super(Command, self).__init__()
-        license = get_licenser().validate()
+        license = get_licenser().validate(new_cert=False)
         if options.get('data'):
-            if license.get('license_key', '') != 'UNLICENSED':
-                license['license_key'] = '********'
             return json.dumps(license)
         return license.get('license_type', 'none')
diff --git a/awx/main/management/commands/inventory_import.py b/awx/main/management/commands/inventory_import.py
index f4431b2705..9f97faf45e 100644
--- a/awx/main/management/commands/inventory_import.py
+++ b/awx/main/management/commands/inventory_import.py
@@ -901,7 +901,7 @@ class Command(BaseCommand):
             ))
 
     def check_license(self):
-        license_info = get_licenser().validate()
+        license_info = get_licenser().validate(new_cert=False)
         local_license_type = license_info.get('license_type', 'UNLICENSED')
         if license_info.get('license_key', 'UNLICENSED') == 'UNLICENSED':
             logger.error(LICENSE_NON_EXISTANT_MESSAGE)
@@ -938,7 +938,7 @@ class Command(BaseCommand):
                 logger.warning(LICENSE_MESSAGE % d)
 
     def check_org_host_limit(self):
-        license_info = get_licenser().validate()
+        license_info = get_licenser().validate(new_cert=False)
         if license_info.get('license_type', 'UNLICENSED') == 'open':
             return
 
diff --git a/awx/main/tasks.py b/awx/main/tasks.py
index 19669a0f27..2a1c85e23d 100644
--- a/awx/main/tasks.py
+++ b/awx/main/tasks.py
@@ -2160,7 +2160,7 @@ class RunProjectUpdate(BaseTask):
             'local_path': os.path.basename(project_update.project.local_path),
             'project_path': project_update.get_project_path(check_if_exists=False),  # deprecated
             'insights_url': settings.INSIGHTS_URL_BASE,
-            'awx_license_type': get_license(show_key=False).get('license_type', 'UNLICENSED'),
+            'awx_license_type': get_license().get('license_type', 'UNLICENSED'),
             'awx_version': get_awx_version(),
             'scm_url': scm_url,
             'scm_branch': scm_branch,
diff --git a/awx/main/tests/functional/core/test_licenses.py b/awx/main/tests/functional/core/test_licenses.py
index f59318502c..ba8b1ff9af 100644
--- a/awx/main/tests/functional/core/test_licenses.py
+++ b/awx/main/tests/functional/core/test_licenses.py
@@ -1,13 +1,16 @@
 # Copyright (c) 2015 Ansible, Inc.
 # All Rights Reserved.
 
-from awx.main.utils.common import StubLicense
+# from awx.main.utils.common import StubLicense
+# 
+# 
+# def test_stub_license():
+#     license_actual = StubLicense().validate()
+#     assert license_actual['license_key'] == 'OPEN'
+#     assert license_actual['valid_key']
+#     assert license_actual['compliant']
+#     assert license_actual['license_type'] == 'open'
 
 
-def test_stub_license():
-    license_actual = StubLicense().validate()
-    assert license_actual['license_key'] == 'OPEN'
-    assert license_actual['valid_key']
-    assert license_actual['compliant']
-    assert license_actual['license_type'] == 'open'
 
+# Test license_date is always seconds
diff --git a/awx/main/tests/functional/test_licenses.py b/awx/main/tests/functional/test_licenses.py
index 6c34321f8d..f3e623d281 100644
--- a/awx/main/tests/functional/test_licenses.py
+++ b/awx/main/tests/functional/test_licenses.py
@@ -30,8 +30,7 @@ def test_python_and_js_licenses():
                 # Check variations of '-' and '_' in filenames due to python
                 for fname in [name, name.replace('-','_')]:
                     if entry.startswith(fname) and entry.endswith('.tar.gz'):
-                        entry = entry[:-7]
-                        (n, v) = entry.rsplit('-',1)
+                        v = entry.split(name + '-')[1].split('.tar.gz')[0]
                         return v
             return None
 
diff --git a/awx/main/tests/unit/test_tasks.py b/awx/main/tests/unit/test_tasks.py
index b49af2efd0..93ef41a190 100644
--- a/awx/main/tests/unit/test_tasks.py
+++ b/awx/main/tests/unit/test_tasks.py
@@ -39,6 +39,8 @@ from awx.main import tasks
 from awx.main.utils import encrypt_field, encrypt_value
 from awx.main.utils.safe_yaml import SafeLoader
 
+from awx.main.utils.licensing import Licenser
+
 
 class TestJobExecution(object):
     EXAMPLE_PRIVATE_KEY = '-----BEGIN PRIVATE KEY-----\nxyz==\n-----END PRIVATE KEY-----'
@@ -1830,7 +1832,10 @@ class TestProjectUpdateGalaxyCredentials(TestJobExecution):
 
         task = RunProjectUpdate()
         env = task.build_env(project_update, private_data_dir)
-        task.build_extra_vars_file(project_update, private_data_dir)
+
+        with mock.patch.object(Licenser, 'validate', lambda *args, **kw: {}):
+            task.build_extra_vars_file(project_update, private_data_dir)
+
         assert task.__vars__['roles_enabled'] is False
         assert task.__vars__['collections_enabled'] is False
         for k in env:
@@ -1850,7 +1855,10 @@ class TestProjectUpdateGalaxyCredentials(TestJobExecution):
         project_update.project.organization.galaxy_credentials.add(public_galaxy)
         task = RunProjectUpdate()
         env = task.build_env(project_update, private_data_dir)
-        task.build_extra_vars_file(project_update, private_data_dir)
+
+        with mock.patch.object(Licenser, 'validate', lambda *args, **kw: {}):
+            task.build_extra_vars_file(project_update, private_data_dir)
+
         assert task.__vars__['roles_enabled'] is True
         assert task.__vars__['collections_enabled'] is True
         assert sorted([
@@ -1935,7 +1943,9 @@ class TestProjectUpdateCredentials(TestJobExecution):
         assert settings.PROJECTS_ROOT in process_isolation['process_isolation_show_paths']
 
         task._write_extra_vars_file = mock.Mock()
-        task.build_extra_vars_file(project_update, private_data_dir)
+
+        with mock.patch.object(Licenser, 'validate', lambda *args, **kw: {}):
+            task.build_extra_vars_file(project_update, private_data_dir)
 
         call_args, _ = task._write_extra_vars_file.call_args_list[0]
         _, extra_vars = call_args
diff --git a/awx/main/utils/common.py b/awx/main/utils/common.py
index a65120c8e8..f628d8f831 100644
--- a/awx/main/utils/common.py
+++ b/awx/main/utils/common.py
@@ -55,8 +55,7 @@ __all__ = [
     'model_instance_diff', 'parse_yaml_or_json', 'RequireDebugTrueOrTest',
     'has_model_field_prefetched', 'set_environ', 'IllegalArgumentError',
     'get_custom_venv_choices', 'get_external_account', 'task_manager_bulk_reschedule',
-    'schedule_task_manager', 'classproperty', 'create_temporary_fifo', 'truncate_stdout',
-    'StubLicense'
+    'schedule_task_manager', 'classproperty', 'create_temporary_fifo', 'truncate_stdout'
 ]
 
 
@@ -190,7 +189,7 @@ def get_awx_version():
 
 
 def get_awx_http_client_headers():
-    license = get_license(show_key=False).get('license_type', 'UNLICENSED')
+    license = get_license().get('license_type', 'UNLICENSED')
     headers = {
         'Content-Type': 'application/json',
         'User-Agent': '{} {} ({})'.format(
@@ -202,34 +201,14 @@ def get_awx_http_client_headers():
     return headers
 
 
-class StubLicense(object):
-
-    features = {
-        'activity_streams': True,
-        'ha': True,
-        'ldap': True,
-        'multiple_organizations': True,
-        'surveys': True,
-        'system_tracking': True,
-        'rebranding': True,
-        'enterprise_auth': True,
-        'workflows': True,
-    }
-
-    def validate(self):
-        return dict(license_key='OPEN',
-                    valid_key=True,
-                    compliant=True,
-                    features=self.features,
-                    license_type='open')
-
-
+# Update all references of this function in the codebase to just import `from awx.main.utils.licensing import Licenser` directly
 def get_licenser(*args, **kwargs):
     try:
-        from tower_license import TowerLicense
-        return TowerLicense(*args, **kwargs)
-    except ImportError:
-        return StubLicense(*args, **kwargs)
+        # Get License Config from db?
+        from awx.main.utils.licensing import Licenser
+        return Licenser(*args, **kwargs)
+    except Exception as e:
+        raise ValueError(_('Error importing Tower License: %s') % e)
 
 
 def update_scm_url(scm_type, url, username=True, password=True,
diff --git a/awx/main/utils/licensing.py b/awx/main/utils/licensing.py
new file mode 100644
index 0000000000..1021dcbb8e
--- /dev/null
+++ b/awx/main/utils/licensing.py
@@ -0,0 +1,382 @@
+# Copyright (c) 2015 Ansible, Inc.
+# All Rights Reserved.
+
+'''
+This is intended to be a lightweight license class for verifying subscriptions, and parsing subscription data
+from entitlement certificates.
+
+The Licenser class can do the following:
+ - Parse an Entitlement cert to generate license
+'''
+
+import os
+import configparser
+from datetime import datetime
+import collections
+import copy
+import tempfile
+import logging
+import re
+import requests
+import time
+
+# Django
+from django.conf import settings
+
+# AWX
+from awx.main.models import Host
+
+# RHSM
+from rhsm import certificate
+
+MAX_INSTANCES = 9999999
+
+logger = logging.getLogger(__name__)
+
+
+def rhsm_config():
+    config = configparser.ConfigParser()
+    config.read('/etc/rhsm/rhsm.conf')
+    return config
+
+
+class Licenser(object):
+    # warn when there is a month (30 days) left on the license
+    LICENSE_TIMEOUT = 60 * 60 * 24 * 30
+
+    UNLICENSED_DATA = dict(
+        subscription_name=None,
+        sku=None,
+        support_level=None,
+        instance_count=0,
+        license_date=0,
+        license_type="UNLICENSED",
+        product_name="Red Hat Ansible Tower",
+        valid_key=False
+    )
+
+    def __init__(self, **kwargs):
+        self._attrs = dict(
+            instance_count=0,
+            license_date=0,
+            license_type='UNLICENSED',
+        )
+        self.config = rhsm_config()
+        if not kwargs:
+            license_setting = getattr(settings, 'LICENSE', None)
+            if license_setting is not None:
+                kwargs = license_setting
+
+        if 'company_name' in kwargs:
+            kwargs.pop('company_name')
+        self._attrs.update(kwargs)
+        if self._check_product_cert():
+            if 'license_key' in self._attrs:
+                self._unset_attrs()
+            if 'valid_key' in self._attrs:
+                if not self._attrs['valid_key']:
+                    self._unset_attrs()
+            else:
+                self._unset_attrs()
+        else:
+            self._generate_open_config()
+
+
+    def _check_product_cert(self):
+        # Product Cert Name: ansible-tower-3.7-rhel-7.x86_64.pem
+        # Maybe check validity of Product Cert somehow?
+        if os.path.exists('/etc/tower/certs') and os.path.exists('/var/lib/awx/.tower_version'):
+            return True
+        return False
+
+
+    def _generate_open_config(self):
+        self._attrs.update(dict(license_type='open',
+                                valid_key=True,
+                                subscription_name='OPEN',
+                                product_name="AWX",
+                                ))
+        settings.LICENSE = self._attrs
+
+
+    def _unset_attrs(self):
+        self._attrs = self.UNLICENSED_DATA.copy()
+
+
+    def _clear_license_setting(self):
+        self.unset_attrs()
+        settings.LICENSE = {}
+
+
+    def _generate_product_config(self):
+        raw_cert = getattr(settings, 'ENTITLEMENT_CERT', None)
+        # Fail early if no entitlement cert is available
+        if not raw_cert or raw_cert == '':
+            self._clear_license_setting()
+            return
+
+        # Read certificate
+        certinfo = certificate.create_from_pem(raw_cert)
+        if not certinfo.is_valid():
+            raise ValueError("Could not parse entitlement certificate")
+        if certinfo.is_expired():
+            raise ValueError("Certificate is expired")
+        if not any(map(lambda x: x.id == '480', certinfo.products)):
+            self._clear_license_setting()
+            raise ValueError("Certificate is for another product")
+
+        # Parse output for subscription metadata to build config
+        license = dict()
+        license['sku'] = certinfo.order.sku
+        license['instance_count'] = int(certinfo.order.quantity_used)
+        license['support_level'] = certinfo.order.service_level
+        license['subscription_name'] = certinfo.order.name
+        license['pool_id'] = certinfo.pool.id
+        license['license_date'] = certinfo.end.strftime('%s')
+        license['product_name'] = certinfo.order.name
+        license['valid_key'] = True
+        license['license_type'] = 'enterprise'
+        license['satellite'] = False
+
+        self._attrs.update(license)
+        settings.LICENSE = self._attrs
+        return self._attrs
+
+
+    def update(self, **kwargs):
+        # Update attributes of the current license.
+        if 'instance_count' in kwargs:
+            kwargs['instance_count'] = int(kwargs['instance_count'])
+        if 'license_date' in kwargs:
+            kwargs['license_date'] = int(kwargs['license_date'])
+        self._attrs.update(kwargs)
+
+
+    def validate_rh(self, user, pw):
+        host = 'https://' + str(self.config.get("server", "hostname"))
+        if not host:
+            host = getattr(settings, 'REDHAT_CANDLEPIN_HOST', None)
+        
+        if not user:
+            raise ValueError('subscriptions_username is required')
+
+        if not pw:
+            raise ValueError('subscriptions_password is required')
+
+        if host and user and pw:
+            if 'subscription.rhsm.redhat.com' in host:
+                json = self.get_rhsm_subs(host, user, pw)
+            else:
+                json = self.get_satellite_subs(host, user, pw)
+            return self.generate_license_options_from_entitlements(json)
+        return []
+
+
+    def get_rhsm_subs(self, host, user, pw):
+        verify = getattr(settings, 'REDHAT_CANDLEPIN_VERIFY', False)
+        json = []
+        try:
+            subs = requests.get(
+                '/'.join([host, 'subscription/users/{}/owners'.format(user)]),
+                verify=verify,
+                auth=(user, pw)
+            )
+        except requests.exceptions.ConnectionError as error:
+            raise error
+        except OSError as error:
+            raise OSError('Unable to open certificate bundle {}. Check that Ansible Tower is running on Red Hat Enterprise Linux.'.format(verify)) from error # noqa
+        subs.raise_for_status()
+
+        for sub in subs.json():
+            resp = requests.get(
+                '/'.join([
+                    host,
+                    'subscription/owners/{}/pools/?match=*tower*'.format(sub['key'])
+                ]),
+                verify=verify,
+                auth=(user, pw)
+            )
+            resp.raise_for_status()
+            json.extend(resp.json())
+        return json
+
+
+    def get_satellite_subs(self, host, user, pw):
+        try:
+            verify = str(self.config.get("rhsm", "repo_ca_cert"))
+        except Exception as e:
+            raise OSError('Unable to read rhsm config to get ca_cert location. {}'.format(str(e)))
+        json = []
+        try:
+            orgs = requests.get(
+                '/'.join([host, 'katello/api/organizations']),
+                verify=verify,
+                auth=(user, pw)
+            )
+        except requests.exceptions.ConnectionError as error:
+            raise error
+        except OSError as error:
+            raise OSError('Unable to open certificate bundle {}. Check that Ansible Tower is running on Red Hat Enterprise Linux.'.format(verify)) from error # noqa
+        orgs.raise_for_status()
+        
+        for org in orgs.json()['results']:
+            resp = requests.get(
+                '/'.join([
+                    host,
+                    '/katello/api/organizations/{}/subscriptions/?search=Red Hat Ansible Automation'.format(org['id'])
+                ]),
+                verify=verify,
+                auth=(user, pw)
+            )
+            resp.raise_for_status()
+            results = resp.json()['results']
+            if results != []:
+                for sub in results:
+                    # Parse output for subscription metadata to build config
+                    license = dict()
+                    license['productId'] = sub['product_id']
+                    license['quantity'] = int(sub['quantity'])
+                    license['support_level'] = sub['support_level']
+                    license['subscription_name'] = sub['name']
+                    license['id'] = sub['upstream_pool_id']
+                    license['endDate'] = sub['end_date']
+                    license['productName'] = "Red Hat Ansible Automation"
+                    license['valid_key'] = True
+                    license['license_type'] = 'enterprise'
+                    license['satellite'] = True
+                    json.append(license)
+        return json
+
+
+    def is_appropriate_sat_sub(self, sub):
+        if 'Red Hat Ansible Automation' not in sub['subscription_name']:
+            return False
+        return True
+
+
+    def is_appropriate_sub(self, sub):
+        if sub['activeSubscription'] is False:
+            return False
+        # Products that contain Ansible Tower
+        products = sub.get('providedProducts', [])
+        if any(map(lambda product: product.get('productId', None) == "480", products)):
+            return True
+        return False
+
+
+    def generate_license_options_from_entitlements(self, json):
+        from dateutil.parser import parse
+        ValidSub = collections.namedtuple('ValidSub', 'sku name support_level end_date trial quantity pool_id satellite')
+        valid_subs = []
+        for sub in json:
+            satellite = sub['satellite']
+            if satellite:
+                is_valid = self.is_appropriate_sat_sub(sub)
+            else:
+                is_valid = self.is_appropriate_sub(sub)
+            if is_valid:
+                try:
+                    end_date = parse(sub.get('endDate'))
+                except Exception:
+                    continue
+                now = datetime.utcnow()
+                now = now.replace(tzinfo=end_date.tzinfo)
+                if end_date < now:
+                    # If the sub has a past end date, skip it
+                    continue
+                try:
+                    quantity = int(sub['quantity'])
+                    if quantity == -1:
+                        # effectively, unlimited
+                        quantity = MAX_INSTANCES
+                except Exception:
+                    continue
+
+                sku = sub['productId']
+                trial = sku.startswith('S')  # i.e.,, SER/SVC
+                support_level = ''
+                pool_id = sub['id']
+                if satellite:
+                    support_level = sub['support_level']
+                else:
+                    for attr in sub.get('productAttributes', []):
+                        if attr.get('name') == 'support_level':
+                            support_level = attr.get('value')
+
+                valid_subs.append(ValidSub(
+                    sku, sub['productName'], support_level, end_date, trial, quantity, pool_id, satellite
+                ))
+
+        if valid_subs:
+            licenses = []
+            for sub in valid_subs:
+                license = self.__class__(subscription_name='Ansible Tower by Red Hat')
+                license._attrs['instance_count'] = int(sub.quantity)
+                license._attrs['sku'] = sub.sku
+                license._attrs['support_level'] = sub.support_level
+                license._attrs['license_type'] = 'enterprise'
+                if sub.trial:
+                    license._attrs['trial'] = True
+                license._attrs['instance_count'] = min(
+                    MAX_INSTANCES, license._attrs['instance_count']
+                )
+                human_instances = license._attrs['instance_count']
+                if human_instances == MAX_INSTANCES:
+                    human_instances = 'Unlimited'
+                subscription_name = re.sub(
+                    r' \([\d]+ Managed Nodes',
+                    ' ({} Managed Nodes'.format(human_instances),
+                    sub.name
+                )
+                license._attrs['subscription_name'] = subscription_name
+                license._attrs['satellite'] = satellite
+                license.update(
+                    license_date=int(sub.end_date.strftime('%s'))
+                )
+                license.update(
+                    pool_id=sub.pool_id
+                )
+                licenses.append(license._attrs.copy())
+            return licenses
+
+        raise ValueError(
+            'No valid Red Hat Ansible Automation subscription could be found for this account.'  # noqa
+        )
+
+
+    def validate(self, new_cert=False):
+
+        # Generate Config from Entitlement cert if it exists
+        if new_cert:
+            self._generate_product_config()
+
+        # Return license attributes with additional validation info.
+        attrs = copy.deepcopy(self._attrs)
+        type = attrs.get('license_type', 'none')
+
+        if (type == 'UNLICENSED' or False):
+            attrs.update(dict(valid_key=False, compliant=False))
+            return attrs
+        attrs['valid_key'] = True
+
+        if Host:
+            current_instances = Host.objects.active_count()
+        else:
+            current_instances = 0
+        available_instances = int(attrs.get('instance_count', None) or 0)
+        attrs['current_instances'] = current_instances
+        attrs['available_instances'] = available_instances
+        attrs['free_instances'] = max(0, available_instances - current_instances)
+
+        license_date = int(attrs.get('license_date', None) or 0)
+        current_date = int(time.time())
+        time_remaining = license_date - current_date
+        attrs['time_remaining'] = time_remaining
+        if attrs.setdefault('trial', False):
+            attrs['grace_period_remaining'] = time_remaining
+        else:
+            attrs['grace_period_remaining'] = (license_date + 2592000) - current_date
+        attrs['compliant'] = bool(time_remaining > 0 and attrs['free_instances'] >= 0)
+        attrs['date_warning'] = bool(time_remaining < self.LICENSE_TIMEOUT)
+        attrs['date_expired'] = bool(time_remaining <= 0)
+        return attrs
diff --git a/awx/main/validators.py b/awx/main/validators.py
index 879be056e5..d751b51cbe 100644
--- a/awx/main/validators.py
+++ b/awx/main/validators.py
@@ -17,6 +17,12 @@ from rest_framework.exceptions import ParseError
 from awx.main.utils import parse_yaml_or_json
 
 
+def validate_entitlement_cert(data, min_keys=0, max_keys=None, min_certs=0, max_certs=None):
+    # TODO: replace with more actual robust logic here to allow for multiple certificates in one cert file (because this is how entitlements do)
+    # This is a temporary hack that should not be merged. Look at Ln:92
+    pass
+
+
 def validate_pem(data, min_keys=0, max_keys=None, min_certs=0, max_certs=None):
     """
     Validate the given PEM data is valid and contains the required numbers of
diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py
index 618f5282a4..707f40aa00 100644
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@@ -667,6 +667,10 @@ EC2_ENABLED_VALUE = 'running'
 EC2_INSTANCE_ID_VAR = 'ec2_id'
 EC2_EXCLUDE_EMPTY_GROUPS = True
 
+# Entitlements
+ENTITLEMENT_CERT = ''
+
+
 # ------------
 # -- VMware --
 # ------------
diff --git a/awx/ui/client/src/configuration/forms/settings-form.route.js b/awx/ui/client/src/configuration/forms/settings-form.route.js
index 20ca06fd7f..ea0d04b7e4 100644
--- a/awx/ui/client/src/configuration/forms/settings-form.route.js
+++ b/awx/ui/client/src/configuration/forms/settings-form.route.js
@@ -54,20 +54,20 @@ export default {
             });
     }],
     resolve: {
-        rhCreds: ['Rest', 'GetBasePath', function(Rest, GetBasePath) {
+        subscriptionCreds: ['Rest', 'GetBasePath', function(Rest, GetBasePath) {
             Rest.setUrl(`${GetBasePath('settings')}system/`);
             return Rest.get()
                 .then(({data}) => {
-                    const rhCreds = {};
+                    const subscriptionCreds = {};
                     if (data.REDHAT_USERNAME && data.REDHAT_USERNAME !== "") {
-                        rhCreds.REDHAT_USERNAME = data.REDHAT_USERNAME;
+                        subscriptionCreds.REDHAT_USERNAME = data.REDHAT_USERNAME;
                     }
 
                     if (data.REDHAT_PASSWORD && data.REDHAT_PASSWORD !== "") {
-                        rhCreds.REDHAT_PASSWORD = data.REDHAT_PASSWORD;
+                        subscriptionCreds.REDHAT_PASSWORD = data.REDHAT_PASSWORD;
                     }
                     
-                    return rhCreds;
+                    return subscriptionCreds;
                 }).catch(() => {
                         return {};
                 });
diff --git a/awx/ui/client/src/license/checkLicense.factory.js b/awx/ui/client/src/license/checkLicense.factory.js
index e76f1ea0b7..73fdc5e15e 100644
--- a/awx/ui/client/src/license/checkLicense.factory.js
+++ b/awx/ui/client/src/license/checkLicense.factory.js
@@ -15,14 +15,26 @@ export default
 					return config.license_info;
 				},
 
-				post: function(payload, eula){
-					var defaultUrl = GetBasePath('config');
+				post: function(payload, eula, attach){
+					var defaultUrl = GetBasePath('config') + (attach ? 'attach/' : '');
 					Rest.setUrl(defaultUrl);
 					var data = payload;
-					data.eula_accepted = eula;
+					
+					if (!attach) {
+						data.eula_accepted = eula;
+					}
 
 					return Rest.post(JSON.stringify(data))
 						.then((response) =>{
+							if (attach) {
+								var configPayload = {};
+								configPayload.eula_accepted = eula;
+								Rest.setUrl(GetBasePath('config'));
+								return Rest.post(configPayload)
+									.then((configResponse) => {
+										return configResponse.data;
+									});
+							}
 							return response.data;
 						})
 						.catch(({data}) => {
diff --git a/awx/ui/client/src/license/license.controller.js b/awx/ui/client/src/license/license.controller.js
index 37c1c38364..00d00565ab 100644
--- a/awx/ui/client/src/license/license.controller.js
+++ b/awx/ui/client/src/license/license.controller.js
@@ -8,9 +8,9 @@ import {N_} from "../i18n";
 
 export default
     ['Wait', '$state', '$scope', '$rootScope', 'ProcessErrors', 'CheckLicense', 'moment', '$timeout', 'Rest', 'LicenseStrings',
-    '$window', 'ConfigService', 'pendoService', 'insightsEnablementService', 'i18n', 'config', 'rhCreds', 'GetBasePath',
+    '$window', 'ConfigService', 'pendoService', 'insightsEnablementService', 'i18n', 'config', 'subscriptionCreds', 'GetBasePath',
     function(Wait, $state, $scope, $rootScope, ProcessErrors, CheckLicense, moment, $timeout, Rest, LicenseStrings,
-    $window, ConfigService, pendoService, insightsEnablementService, i18n, config, rhCreds, GetBasePath) {
+    $window, ConfigService, pendoService, insightsEnablementService, i18n, config, subscriptionCreds, GetBasePath) {
 
         $scope.strings = LicenseStrings;
 
@@ -35,7 +35,7 @@ export default
 
         const reset = function() {
             $scope.newLicense.eula = undefined;
-            $scope.rhCreds = {};
+            $scope.subscriptionCreds = {};
             $scope.selectedLicense = {};
         };
 
@@ -44,9 +44,9 @@ export default
             $scope.fileName = N_("No file selected.");
 
             if ($rootScope.licenseMissing) {
-                $scope.title = $rootScope.BRAND_NAME + i18n._(" License");
+                $scope.title = $rootScope.BRAND_NAME + i18n._(" Subscription");
             } else {
-                $scope.title = i18n._("License Management");
+                $scope.title = i18n._("Subscription Management");
             }
 
             $scope.license = config;
@@ -62,32 +62,41 @@ export default
                 insights: true
             };
 
-            $scope.rhCreds = {};
+            $scope.subscriptionCreds = {};
 
-            if (rhCreds.REDHAT_USERNAME && rhCreds.REDHAT_USERNAME !== "") {
-                $scope.rhCreds.username = rhCreds.REDHAT_USERNAME;
+            if (subscriptionCreds.SUBSCRIPTIONS_USERNAME && subscriptionCreds.SUBSCRIPTIONS_USERNAME !== "") {
+                $scope.subscriptionCreds.username = subscriptionCreds.SUBSCRIPTIONS_USERNAME;
             }
 
-            if (rhCreds.REDHAT_PASSWORD && rhCreds.REDHAT_PASSWORD !== "") {
-                $scope.rhCreds.password = rhCreds.REDHAT_PASSWORD;
+            if (subscriptionCreds.SUBSCRIPTIONS_PASSWORD && subscriptionCreds.SUBSCRIPTIONS_PASSWORD !== "") {
+                $scope.subscriptionCreds.password = subscriptionCreds.SUBSCRIPTIONS_PASSWORD;
+                $scope.showPlaceholderPassword = true;
+            }
+
+            if (subscriptionCreds.ORGANIZATION_ID && subscriptionCreds.ORGANIZATION_ID !== "") {
+                $scope.subscriptionCreds.organization_id = subscriptionCreds.ORGANIZATION_ID;
                 $scope.showPlaceholderPassword = true;
             }
         };
 
-        const updateRHCreds = (config) => {
+        const updateSubscriptionCreds = (config) => {
             Rest.setUrl(`${GetBasePath('settings')}system/`);
             Rest.get()
                 .then(({data}) => {
                     initVars(config);
 
-                    if (data.REDHAT_USERNAME && data.REDHAT_USERNAME !== "") {
-                        $scope.rhCreds.username = data.REDHAT_USERNAME;
+                    if (data.SUBSCRIPTIONS_USERNAME && data.SUBSCRIPTIONS_USERNAME !== "") {
+                        $scope.subscriptionCreds.username = data.SUBSCRIPTIONS_USERNAME;
                     }
 
-                    if (data.REDHAT_PASSWORD && data.REDHAT_PASSWORD !== "") {
-                        $scope.rhCreds.password = data.REDHAT_PASSWORD;
+                    if (data.SUBSCRIPTIONS_PASSWORD && data.SUBSCRIPTIONS_PASSWORD !== "") {
+                        $scope.subscriptionCreds.password = data.SUBSCRIPTIONS_PASSWORD;
                         $scope.showPlaceholderPassword = true;
                     }
+
+                    if (data.ENTITLEMENT_CONSUMER && data.ENTITLEMENT_CONSUMER.org && data.ENTITLEMENT_CONSUMER.org !== "") {
+                        $scope.subscriptionCreds.organization_id = data.ENTITLEMENT_CONSUMER.org;
+                    }
                 }).catch(() => {
                     initVars(config);
                 });
@@ -100,28 +109,23 @@ export default
             $scope.fileName = event.target.files[0].name;
             // Grab the key from the raw license file
             const raw = new FileReader();
-            // readAsFoo runs async
+
             raw.onload = function() {
-                try {
-                    $scope.newLicense.file = JSON.parse(raw.result);
-                } catch(err) {
-                    ProcessErrors($rootScope, null, null, null,
-                        {msg: i18n._('Invalid file format. Please upload valid JSON.')});
-                }
+                $scope.newLicense.entitlement_cert = raw.result;
             };
 
             try {
                 raw.readAsText(event.target.files[0]);
             } catch(err) {
                 ProcessErrors($rootScope, null, null, null,
-                    {msg: i18n._('Invalid file format. Please upload valid JSON.')});
+                    {msg: i18n._('Invalid file format. Please upload a certificate/key pair')});
             }
         };
 
         // HTML5 spec doesn't provide a way to customize file input css
         // So we hide the default input, show our own, and simulate clicks to the hidden input
         $scope.fakeClick = function() {
-            if($scope.user_is_superuser && (!$scope.rhCreds.username || $scope.rhCreds.username === '') && (!$scope.rhCreds.password || $scope.rhCreds.password === '')) {
+            if($scope.user_is_superuser && (!$scope.subscriptionCreds.username || $scope.subscriptionCreds.username === '') && (!$scope.subscriptionCreds.password || $scope.subscriptionCreds.password === '')) {
                 $('#License-file').click();
             }
         };
@@ -131,9 +135,9 @@ export default
         };
 
         $scope.replacePassword = () => {
-            if ($scope.user_is_superuser && !$scope.newLicense.file) {
+            if ($scope.user_is_superuser && !$scope.newLicense.entitlement_cert) {
                 $scope.showPlaceholderPassword = false;
-                $scope.rhCreds.password = "";
+                $scope.subscriptionCreds.password = "";
                 $timeout(() => {
                     $('.tooltip').remove();
                     $('#rh-password').focus();
@@ -142,9 +146,9 @@ export default
         };
 
         $scope.lookupLicenses = () => {
-            if ($scope.rhCreds.username && $scope.rhCreds.password) {
+            if ($scope.subscriptionCreds.username && $scope.subscriptionCreds.password) {
                 Wait('start');
-                ConfigService.getSubscriptions($scope.rhCreds.username, $scope.rhCreds.password)
+                ConfigService.getSubscriptions($scope.subscriptionCreds.username, $scope.subscriptionCreds.password)
                     .then(({data}) => {
                         Wait('stop');
                         if (data && data.length > 0) {
@@ -172,29 +176,31 @@ export default
         $scope.confirmLicenseSelection = () => {
             $scope.showLicenseModal = false;
             $scope.selectedLicense.fullLicense = $scope.rhLicenses.find((license) => {
-                return license.license_key === $scope.selectedLicense.modalKey;
+                return license.pool_id === $scope.selectedLicense.modalPoolId;
             });
-            $scope.selectedLicense.modalKey = undefined;
+            $scope.selectedLicense.modalPoolId = undefined;
         };
 
         $scope.cancelLicenseLookup = () => {
             $scope.showLicenseModal = false;
-            $scope.selectedLicense.modalKey = undefined;
+            $scope.selectedLicense.modalPoolId = undefined;
         };
 
         $scope.submit = function() {
             Wait('start');
             let payload = {};
-            if ($scope.newLicense.file) {
-                payload = $scope.newLicense.file;
+            let attach = false;
+            if ($scope.newLicense.entitlement_cert) {
+                payload.entitlement_cert = $scope.newLicense.entitlement_cert;
             } else if ($scope.selectedLicense.fullLicense) {
-                payload = $scope.selectedLicense.fullLicense;
+                payload.pool_id = $scope.selectedLicense.fullLicense.pool_id;
+                payload.org = $scope.subscriptionCreds.organization_id;
+                attach = true;
             }
             
-            CheckLicense.post(payload, $scope.newLicense.eula)
-                .then((licenseInfo) => {
+            CheckLicense.post(payload, $scope.newLicense.eula, attach)
+                .finally((licenseInfo) => {
                     reset();
-
                     ConfigService.delete();
                     ConfigService.getConfig(licenseInfo)
                         .then(function(config) {
@@ -217,7 +223,7 @@ export default
                                         licenseMissing: false
                                 });
                             } else {
-                                updateRHCreds(config);
+                                updateSubscriptionCreds(config);
                                 $scope.success = true;
                                 $rootScope.licenseMissing = false;
                                 // for animation purposes
diff --git a/awx/ui/client/src/license/license.partial.html b/awx/ui/client/src/license/license.partial.html
index 2dc7beeb9c..6958a536e0 100644
--- a/awx/ui/client/src/license/license.partial.html
+++ b/awx/ui/client/src/license/license.partial.html
@@ -5,10 +5,10 @@
 			<div class="List-titleText" translate>Details</div>
 			<div class="License-fields">
 				<div class="License-field">
-					<div class="License-field--label" translate>License</div>
+					<div class="License-field--label" translate>Subscription</div>
 					<div class="License-field--content">
-					<span class="License-greenText" ng-show='compliant'><i class="fa fa-circle License-greenText"></i><translate>Valid License</translate></span>
-					<span class="License-redText" ng-show='compliant !== undefined && !compliant'><i class="fa fa-circle License-redText"></i><translate>Invalid License</translate></span>
+					<span class="License-greenText" ng-show='compliant'><i class="fa fa-circle License-greenText"></i><translate>Valid</translate></span>
+					<span class="License-redText" ng-show='compliant !== undefined && !compliant'><i class="fa fa-circle License-redText"></i><translate>Invalid</translate></span>
 					</div>
 				</div>
 				<div class="License-field">
@@ -18,7 +18,7 @@
 					</div>
 				</div>
 				<div class="License-field">
-					<div class="License-field--label" translate>License Type</div>
+					<div class="License-field--label" translate>Subscription Type</div>
 					<div class="License-field--content">
 					{{license.license_info.license_type}}
 					</div>
@@ -29,12 +29,6 @@
 					{{license.license_info.subscription_name}}
 					</div>
 				</div>
-				<div class="License-field">
-					<div class="License-field--label" translate>License Key</div>
-					<div class="License-field--content License-field--key">
-					{{license.license_info.license_key}}
-					</div>
-				</div>
 				<div class="License-field">
 					<div class="License-field--label" translate>Expires On</div>
 					<div class="License-field--content">
@@ -79,7 +73,7 @@
 		<div class="card at-Panel">
 			<div class="List-titleText">{{title}}</div>
 			<div class="License-body">
-				<div class="License-helperText License-introText" ng-if="licenseMissing" translate>Welcome to Ansible Tower! Please complete the steps below to acquire a license.</div>
+				<div class="License-helperText License-introText" ng-if="licenseMissing" translate>Welcome to Ansible Tower! Please complete the steps below to acquire a subscription.</div>
 				<div class="input-group License-file--container">
 					<div class="License-file--left">
 						<div class="d-block w-100">
@@ -88,12 +82,12 @@
 									1
 								</span>
 								<span class="License-helperText">
-									<translate>Please click the button below to visit Ansible's website to get a Tower license key.</translate>
+									<translate>Please click the button below to visit Ansible's website to get a Tower subscription.</translate>
 								</span>
 							</div>
 			
 								<button class="License-downloadLicenseButton btn btn-primary" ng-if="licenseMissing" ng-click="downloadLicense()">
-									<translate>Request License</translate>
+									<translate>Request Subscription</translate>
 								</button>
 			
 							<div class="AddPermissions-directions">
@@ -101,16 +95,16 @@
 									2
 								</span>
 								<span class="License-helperText">
-									<translate>Choose your license file, agree to the End User License Agreement, and click submit.</translate>
+									<translate>Choose your entitlement certificate and key pair, agree to the End User License Agreement, and click submit.</translate>
 								</span>
 							</div>
 							<div class="License-subTitleText">
 								<span class="Form-requiredAsterisk">*</span>
-								<translate>License</translate>
+								<translate>Entitlement certificate and key</translate>
 							</div>
-							<div class="License-helperText License-licenseStepHelp" translate>Upload a license file</div>
+							<div class="License-helperText License-licenseStepHelp" translate>Upload an entitlement certificate and key pair</div>
 							<div class="License-filePicker">
-								<span class="btn btn-primary" ng-click="fakeClick()" ng-disabled="!user_is_superuser || (rhCreds.username && rhCreds.username.length > 0) || (rhCreds.password && rhCreds.password.length > 0)" translate>Browse</span>
+								<span class="btn btn-primary" ng-click="fakeClick()" ng-disabled="!user_is_superuser || (subscriptionCreds.username && subscriptionCreds.username.length > 0) || (subscriptionCreds.password && subscriptionCreds.password.length > 0)" translate>Browse</span>
 								<span class="License-fileName" ng-class="{'License-helperText' : fileName == 'No file selected.'}">{{fileName|translate}}</span>
 								<input id="License-file" class="form-control" type="file" file-on-change="getKey"/>
 							</div>
@@ -125,12 +119,13 @@
 						<div class="d-block w-100">
 							<div class="AddPermissions-directions">
 								<span class="License-helperText">
-									<translate>Provide your Red Hat customer credentials and you can choose from a list of your available licenses.  The credentials you use will be stored for future use in retrieving renewal or expanded licenses. You can update or remove them in SETTINGS &gt; SYSTEM.</translate>
+<<<<<<< HEAD
+									<translate>Provide your Red Hat or Satellite credentials below and you can choose from a list of your available subscriptions.  If you are a Satellite user please specify the organization ID you wish to associate this Tower Installation to.  The credentials you use will be stored for future use in retrieving renewal or expanded subscriptions.</translate>
 								</span>
 							</div>
 							<div class="License-rhCredField">
 								<label class="License-label d-block" translate>USERNAME</label>
-								<input class="form-control Form-textInput" type="text" ng-model="rhCreds.username" ng-disabled="!user_is_superuser || newLicense.file" />
+								<input class="form-control Form-textInput" type="text" ng-model="subscriptionCreds.username" ng-disabled="!user_is_superuser || newLicense.file" />
 							</div>
 							<div class="License-rhCredField">
 								<label class="License-label d-block" translate>PASSWORD</label>
@@ -143,11 +138,15 @@
 									</span>
 								</div>
 								<div class="input-group" ng-if="!showPlaceholderPassword">
-									<input id="rh-password" class="form-control Form-textInput" type="password" ng-model="rhCreds.password" ng-disabled="!user_is_superuser || newLicense.file" />
+									<input id="rh-password" class="form-control Form-textInput" type="password" ng-model="subscriptionCreds.password" ng-disabled="!user_is_superuser || newLicense.file" />
 								</div>
 							</div>
+							<div class="License-rhCredField">
+								<label class="License-label d-block" translate>(OPTIONAL) ORGANIZATION LABEL</label>
+								<input class="form-control Form-textInput" type="text" ng-model="subscriptionCreds.organization_id" ng-disabled="!user_is_superuser || newLicense.file" />
+							</div>
 							<div class="License-getLicensesButton">
-								<span ng-click="lookupLicenses()" class="btn btn-primary" ng-disabled="!rhCreds.username || !rhCreds.password" translate>GET LICENSES</button>
+								<span ng-click="lookupLicenses()" class="btn btn-primary" ng-disabled="!subscriptionCreds.username || !subscriptionCreds.password" translate>GET LICENSES</button>
 							</div>
 							<div ng-if="selectedLicense.fullLicense">
 								<div class="at-RowItem-label" translate>
@@ -200,7 +199,7 @@
 						<span ng-show="success == true" class="License-greenText License-submit--success pull-right" translate>Save successful!</span>
 					</div>
 					<div>
-						<button ng-click="submit()" class="btn btn-success pull-right" ng-disabled="(!newLicense.file && !selectedLicense.fullLicense) || (newLicense.file && newLicense.file.license_key == null) || newLicense.eula == null || !user_is_superuser" translate>Submit</button>
+						<button ng-click="submit()" class="btn btn-success pull-right" ng-disabled="(!newLicense.entitlement_cert && !selectedLicense.fullLicense) || newLicense.eula == null || !user_is_superuser" translate>Submit</button>
 					</div>
 				</div>
 			</div>
@@ -223,12 +222,12 @@
 						<div class="Modal-body ng-binding">
 							<div class="License-modalBody">
 								<form>
-									<div class="License-modalRow" ng-repeat="license in rhLicenses track by license.license_key">
+									<div class="License-modalRow" ng-repeat="license in rhLicenses track by license.pool_id">
 										<div class="License-modalRowRadio">
-											<input type="radio" id="license-{{license.license_key}}" ng-model="selectedLicense.modalKey" value="{{license.license_key}}" />
+											<input type="radio" id="license-{{license.pool_id}}" ng-model="selectedLicense.modalPoolId" value="{{license.pool_id}}"/>
 										</div>
 										<div class="License-modalRowDetails">
-											<label for="license-{{license.license_key}}" class="License-modalRowDetailsLabel">
+											<label for="license-{{license.pool_id}}" class="License-modalRowDetailsLabel">
 												<div class="License-modalRowDetailsRow">
 													<div class="License-trialTag" ng-if="license.trial" translate>
 														Trial
@@ -260,7 +259,7 @@
 								<button
 										ng-click="confirmLicenseSelection()"
 										class="btn Modal-footerButton btn-success"
-										ng-disabled="!selectedLicense.modalKey"
+										ng-disabled="!selectedLicense.modalPoolId"
 										translate
 								>
 										SELECT
diff --git a/awx/ui/client/src/license/license.route.js b/awx/ui/client/src/license/license.route.js
index 4c1251ca6a..fb2d869795 100644
--- a/awx/ui/client/src/license/license.route.js
+++ b/awx/ui/client/src/license/license.route.js
@@ -15,7 +15,7 @@ export default {
 	controller: 'licenseController',
 	data: {},
 	ncyBreadcrumb: {
-		label: N_('LICENSE')
+		label: N_('SUBSCRIPTION')
 	},
 	onEnter: ['$state', 'ConfigService', (state, configService) => {
 		return configService.getConfig()
@@ -43,20 +43,24 @@ export default {
 				});
 			}
 		],
-		rhCreds: ['Rest', 'GetBasePath', function(Rest, GetBasePath) {
+		subscriptionCreds: ['Rest', 'GetBasePath', function(Rest, GetBasePath) {
 			Rest.setUrl(`${GetBasePath('settings')}system/`);
 			return Rest.get()
 					.then(({data}) => {
-						const rhCreds = {};
-						if (data.REDHAT_USERNAME && data.REDHAT_USERNAME !== "") {
-								rhCreds.REDHAT_USERNAME = data.REDHAT_USERNAME;
+						const subscriptionCreds = {};
+						if (data.SUBSCRIPTIONS_USERNAME && data.SUBSCRIPTIONS_USERNAME !== "") {
+								subscriptionCreds.SUBSCRIPTIONS_USERNAME = data.SUBSCRIPTIONS_USERNAME;
 						}
 
-						if (data.REDHAT_PASSWORD && data.REDHAT_PASSWORD !== "") {
-								rhCreds.REDHAT_PASSWORD = data.REDHAT_PASSWORD;
+						if (data.SUBSCRIPTIONS_PASSWORD && data.SUBSCRIPTIONS_PASSWORD !== "") {
+								subscriptionCreds.SUBSCRIPTIONS_PASSWORD = data.SUBSCRIPTIONS_PASSWORD;
+						}
+
+						if (data.ENTITLEMENT_CONSUMER && data.ENTITLEMENT_CONSUMER.org && data.ENTITLEMENT_CONSUMER.org !== "") {
+							subscriptionCreds.ORGANIZATION_ID = data.ENTITLEMENT_CONSUMER.org;
 						}
 						
-						return rhCreds;
+						return subscriptionCreds;
 					}).catch(() => {
 							return {};
 					});
diff --git a/awx/ui/client/src/shared/config/config.service.js b/awx/ui/client/src/shared/config/config.service.js
index 8432303f8e..3661c6a2dc 100644
--- a/awx/ui/client/src/shared/config/config.service.js
+++ b/awx/ui/client/src/shared/config/config.service.js
@@ -62,7 +62,7 @@ export default
 
             getSubscriptions: function(username, password) {
                 Rest.setUrl(`${GetBasePath('config')}subscriptions`);
-                return Rest.post({ rh_username: username, rh_password: password} );
+                return Rest.post({ subscriptions_username: username, subscriptions_password: password} );
             }
         };
    }
diff --git a/awxkit/awxkit/api/pages/subscriptions.py b/awxkit/awxkit/api/pages/subscriptions.py
index 749776c000..ad0cded9bb 100644
--- a/awxkit/awxkit/api/pages/subscriptions.py
+++ b/awxkit/awxkit/api/pages/subscriptions.py
@@ -7,5 +7,8 @@ class Subscriptions(page.Page):
     def get_possible_licenses(self, **kwargs):
         return self.post(json=kwargs).json
 
+    def attach(self, **kwargs):
+        return self.connection.post(resources.subscriptions_attach, json=kwargs).json
+
 
 page.register_page(resources.subscriptions, Subscriptions)
diff --git a/awxkit/awxkit/api/resources.py b/awxkit/awxkit/api/resources.py
index 25995188f9..ee48399b0c 100644
--- a/awxkit/awxkit/api/resources.py
+++ b/awxkit/awxkit/api/resources.py
@@ -267,6 +267,7 @@ class Resources(object):
     _workflow_job_templates = 'workflow_job_templates/'
     _workflow_job_workflow_nodes = r'workflow_jobs/\d+/workflow_nodes/'
     _subscriptions = 'config/subscriptions/'
+    _subscriptions_attach = 'config/attach/'
     _workflow_jobs = 'workflow_jobs/'
     api = '/api/'
     common = api + r'v\d+/'
diff --git a/docs/licenses/iniparse.txt b/docs/licenses/iniparse.txt
new file mode 100644
index 0000000000..bfe066d485
--- /dev/null
+++ b/docs/licenses/iniparse.txt
@@ -0,0 +1,30 @@
+Copyright (c) 2001, 2002, 2003 Python Software Foundation
+Copyright (c) 2004-2008 Paramjit Oberoi <param.cs.wisc.edu>
+Copyright (c) 2007 Tim Lauridsen <tla@rasmil.dk>
+All Rights Reserved.
+
+iniparse/compat.py and tests/test_compat.py contain code derived from
+lib/python-2.3/ConfigParser.py and lib/python-2.3/test/test_cfgparse.py
+respectively.  Other code may contain small snippets from those two files
+as well.  The Python license (LICENSE-PSF) applies to that code.
+
+---------------------------------------------------------------------------
+The MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
diff --git a/docs/licenses/python-rhsm-python3-backport.tar.gz b/docs/licenses/python-rhsm-python3-backport.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..3933986dd9ac015b0e58a960433781aa13269c3e
GIT binary patch
literal 56535
zcmV)QK(xOfiwFp*T8Cc(|72-%bT4vfb8Rg#E-^VSGA?vsasceTdw<(D(lEOJR-Xc^
zY*vyh)3@B}t-9+bPU?3P+sAg=?Md^pv_#8XQ>2!p?0Ea+yPvrLBmjbvoF;kNQ|Z^n
z5(x}$gTY{~-iEjFkK^FocVRFJvp;>3&nADG{%&sWJgC0o^R2B154Zm$-u>w_d}etO
zWYGM_9^~)jv;9O&if9rJwjOP6Ki+(_`Q$5ab7yPk$<D*ppH`p$-+!{pe6qgfZGGi!
zZ+xmYa6deL{1E?cJ$|^U|J|(70^0u%wjMnClX&<!_kVsFB;jN@YAUzr{qJ=Ddn@|C
zqW>%UzoP#@|BwIqV*TLo`O&A?|BoI$Xr%v-AKUc*;r4^ae-fLYbN~NA>Hn*+2u48>
ztbZS7d6Xu*0+69~7)-)lfw<Aqp97M#PG^%zklpTzJ#l<nT&9VLqw@@&h$0okbTXMG
z(J&}NaT67nA`mCxNPHI*;&l>TMDTq-DWW0{Ct*^E<2WcT(rnWDE}ewy(_jpZUKYi4
zcVpus9Hm)sndU_}^3rU)F$|JX98RO8wKs!ivt98lybcoaB27m(<<s?W5=8N?7>)Vy
zKeBLi85ACLto1S)hDi=hyf}V&z1?~i=EE$S7BslmhyOf0`r)vpdQ?4m8V7lfU56GW
z1hKm-j!qB6-gKI!*Dxmd{o?Soco8OH7R2Isb{<E=vUC^P>lttkk|In-P;qZIio#?_
z5MelBoK9i77neOqu#*AyU7Ur(%Os7{@vTwsI7`P_FquTjSiB69@eF1ctMa0?epBcF
z_M`gwzq303Kg;>QZJqy*AA6gtlm8ES{-5mcJ$tqPY4-oT^Z(()+WC(pVRin0hR>9a
zgLOm$5#?}R=aV3g)zN;F1yeYY1e`Wv5?tX~a<YGVCWcTZ#{)kQPs?-pbaq~zsNz+S
zz=1=j{C+ZylF%~_t>8SJ6{5I=CKdYta5P|W+>7%N8lJ)9px70ymgEd>Zf?Ai8Gr-$
z-{G)84x!aLOT{b?`(l`d$bbL@92T7YNdje{S?~4!@ze5`NYAk@H5|SR;G_(pN1>R6
zF!oX2iVA_}do&7jPn^Mv>mV;+8vdPTQE@BM3vmOig*k}y;sOqEoJoLBZ-#g#d%szV
zy1M_b?*Fy>|MnBO|36-F0e`UbpQvRx9<N70sW(3E{=b|2_tB%Rt(E-u4@3V~_rKrH
z{SWE?it?}M|3{Pt-(CLu`0>{E>i)Nq|E}b}EBWv0{9m2_tIy{@|4)xzpFG_^^@?}J
zr#=6-YWKhG%?D6?b^d>b56k>pd05P*-t@NR<^fxcsA0Vsg;PAOlHsi%N6A(0D3XQ$
znMGOXdR3%TKgMH_-sRbFV;E)y9B9Z;ctd)EH8y-dN}|H|vB%}Z^Qg#+EDR>bQyoIX
z^KJ7*np{L<`;n3$>yMFD$;~ITi;GEMmV%RcRz$J!Y_dJfZl^_x5S%aa+^mq!vVZ4R
z^V6WXgz=ig0*>S&ip^)(yxGrdX6oSC>il1w|Eu$Vb^h1Se-|nLH1~h_X`TPuj~=e<
zzdp-nwblRFpVj%lI{#Pa|LXj&pa1$j?UUaB;g@~>Z*2ohusZ)g!w2rs(;&;k)s|nK
z|Eu$Vb^fo;|JC{L5XOGm^MCW9eg5z4tn9x(+xoAz`|A8(*?<2*&;OPG_v-wY=RYff
zhZo~du>a?t{|{{b|Ka0DEBXIt`Md#s&qsdmZL0{z{`oA5M`9r8#|X{%24b_dq6Dk+
ze|7)=W8D8&{@;J_^M88#DfWM}|JT;$*0#<6KYa9PCI9~{pL>7anC02Vd6aB~$+cj2
z@YcQ7J@GW1-e%GGvJl;2Pi${)ekIo7&(^jw>F<k!Wav@ZGxT)M(~IIJ$U;H>&}92Q
zLZ^V+bS7pAoG#>D-E1h|2SCy=O>C3Z{PlK^Jg*t%;gR@Z@8o3f@a#u&NH6q8`yzZd
z&B8nvX$Ekj$uy3_QC~#KFrJOj2p$`kj|J4of~1JT9NoBI?VmjT4#4hxd+_oAfCKF3
z2WN--r>6kv`OyiwI_#aC9Xx&ga_>YOzdkuWI^Flgk1($MGMxd#bQxTSA`6FMgzf-=
z7{c5kWcD<;CxSSI9*{?b(d)m7=t3kZOl2O1P)>7kA15>Ndyq4kZ=~^Pz5Fqr#_QYO
zCW_{G1(cgbk-<4W39_qP;8FnWYAtvXs860aOvN<JCQ(lF9pwOHjB~<kHp@ethAf2n
zB5w`{`~tn-X}yzSnoZLT%8hXD6LXLVC@OL>N{2Ia`yjUkuLWz7W`#)eR_h{5Ct@6@
z=R!Wj@A7dzJD+Ch5LZ^dJWi)!(ig`E$NQ=b60Ram<FX7r>5Gdf8Tr#-comGpyf60O
z6)+Rfx?K(ZLnc8o@`(TSVeup!^}E%Afk9Wuo4<StLlifmz*q%iLg^x`a2N=wI1g~%
zVSYncdYJnl8|PvQAk;*4*VnV@WL;M23;vmfaR@bgjLX#5K#XTN2dbSBKkkg9LX60h
z<vi>FCU6G<h%aIK5}2<#-Bn+DyDb49SnAAA$qyz6ZeP9ijOSm9pQy0<yy<qdeh)f*
z<E;SfN<#ZtM{RD{7`Pb$03%AoGg{!T?)1!R+>RVWtsO@*9a(lkD{os=Z4_PzG$oFL
zIQnm>hTF}<_(Dz(e#$v%Dq5DrU!FGmFrjJgjYGh@>u%@x$FuK_4*iqwPG9-o@1L9=
z936HXb=3$O>z?et+}}Ihhq~n;pqLN1;456PhcKMrweC$D%C!5Ut%|kZmL=3K8}J6}
zLJc5G#VDN>1Kev>N8!nIRzN{n#narry1h4>Z@s+8qG`A1jly9%3cH<Iak2hH8!Ave
z2IArATjWR?yB#eS$$CfYJAN|Qt63szy@{cJcJXQ?vTSFTTqWsE(y3-Cn<e(d+$+O{
zh<3Ge+f3c~^a%43lVl04Hr}1(mPW#v&N7jNHx-G%Ew7IoDKf3}D7*EcKjtvirX58Y
zFFzW2d;d-&?zf~*adh4XM2CTEbE;QI6L7n}2D)GFMHp%WhzbeYavs}8IT%U}*)fue
zjm5hb6>zq2KVQF}x5a(YwPE&a)fas1_RZ0S@p3&PD78Ih!YZ=cIw-0*xx#7JXS`P{
zc!BGK`%GUmSeToRqpWw6MX<NpCS~c|&pSUQIBnJdTo8tFn%g4?-wnel2I#qtvNXZ7
zc|Xh2tUjtNi1M&b4$JK%&*4#&7vyZ9j?Xw9TW`vfb_hL9R5|_;<ie+Kb{&{NAHS*M
zSvX0rLm!<V;9%w>k1BS#zTDo+5qDZKl!Be}(&L#@zGQgKbiZr|IE}@v0K?%U69$FD
zQCYI1L~xzH;2+o%_)&fD_3R$G+nY=2)Q%0}*j!;`rg5f-?dsNvj_L;VXsy%_L!at+
z0_*MJOTbiIB4oRHUtiQwQd`9CMPEpAIM8WhZPXgVwcvc>l^=*-s9cB2baojP`mOgZ
zc5CXk<N-*<2fuU_{zB1tjM96iJxMSL2W=#_ZGKQPJ$!AJJjtkXCmwV@qHnYWACP<V
zpkp{a8}EE_eI9fiuFtaEEQ8kz{i|hRd21MS=)M3C>8a$Uk)#cNX;nNI9!0yNqa2JR
z3^{{}0UsFbco$16c26F(ehEJ)g27ofliXeSuJ9-6XchyIHzgO}rFK1EbLE0v^QKdC
z9P7NDdyMcRMF_i-=P~X)_QLAC?a7)&m=}IN10p==BtS@ER^vDv7Qjk!fnn)-4N$6y
z`4t}H8n4?~;4r?hsM}v$uQuOZyh8=ws<i^9EslL<APTdltO#+Udn@VTO8&pn|Nox#
z|Eu_Ke@yv5oSUC&|KBnH$K#!ctN3p#{qKtYe|G)vlbx0R_YX|}jeFBa-2ct?UptR?
zwrcU;c2@RZpXal&))H$qU2jdvE2!8<Qu6|&kE7=WKp#ud3!pxNrWc?rr|N}*AExW&
zh4}T_UI6k@)V;U_%jtVH6v9CB2}!^6JT8OGV>tOCsi6M#aPupa`LLKL_ryVgbs{C&
zK&+VMAva!xSrWuC$=E22eVW9#ebPk)(5cz*vJcA<#~4mNpK-`{Y-$>b^DGQd+@w0U
z|1JQ$2>~{SB9sqF7R~YTS^BKYn`D`H*x`Zk#*5Qn)SZTt!Q|G5KR)Wjl5tPgn8J^O
z>XDiutYlhSo8A@>WN+L1%6p8;fH{RpHrbJ*+KUT}+t^V}oTlRD@)ni>b<|0SD-DzX
zcM4^nLqW9(X=`B6e^#goT$A%C!M#Lim2?V1?CT(kgL9ak5Gvl@&~{ajBcL2%EFOyM
zTs(q3S`2%<1b`fQIzb(Ijv9E_n+WSXgnbmDu1soaOA#C*k5m!lVhA*M49|jLmI7L+
z{;K6Vg8KP19O8`2ZctJJSk)2ig=8H_dol{LQH4w5I*4c35kL*r$s?fGXV0GqULSac
zU4ZdZIR9Z07Jz@Rwx5zfkcOo27H~X_FHqVZ%wohTnx#CSO_&N%Zh%m0dm7v#QgEIH
zT2q=%ZkT&UlSZ2}BI!92RfOb~8wZyZp8^#TZO?1t3<HV+e!x^t(!8h**5iGb!X9TL
zk!X#>6lVd9GLsv85?lfPPpRk6_D@8ZpavJ{9^DV14FpzDG6aClq!H~OP$-zqhCF07
zL&G>yi;3&PXv~Qp2o1Q(49|#2lTac$YSTf~iKjCaW6~61BgO4Bq}L;wc)~IiLdt2&
zXmPqobVDR6u$+LB=PK(&kd28rL2W=VB%C*Cc2#x^w}-?!+!^IgVVtRm*$nUn_5i8p
zNcWrGBx>{g8H#MQTKA-ETeMl0>Rq<AhhNLN+6eMw%e(xh;Z5OwCI4Q#-vZTfzaUD|
z_~v>C-)a5kWtxPOa~L}Ho>f@l)!x7SZ(lzb+YcYLS{rLh>9M`BgUddJ)r5n;xD{MH
z$LY8S3v&FU|7!359Gxf|2=UE8?36%{Z%=7M_|Jjx^4Gm&bQ=9P>`I)7!(?1s_QX%E
zFOF|tClO-k!qR`6*8rDogeYGF2snSD3mWSY%-HGaOF-(9kYb43a^R6`<VVN*hfqlk
z+&_H%>RZ@kUyIFmTNDRzbMs~E3)N9P2L1hiok1NejHDm+BHgqny715XH{7kc6*$L9
zRfT_Rb@omVxBSzylY_$-SYfklLVqEjmE*^~hgwFt=YPRzJ0i&bcl&$K{?__}j_@@^
zr@yt{3+-I=`PmX6_P;;&kN>&<qgcBNZxIU6k86ZLKU+C67DI8JMx&Mu-yemrZPOvJ
zv(_82#`?owxQqTp26U8kitFFtdst-Xh=2Cu@jh!B*S{&IvQ$^~P^|Sxl?sL5n;p@*
zSoJ}Bs5P&KXLJFIe0UG4m$>pk)BN)gsA||W3w^D|H5>!kI0tx*z=8`nCO!hJJj|jX
z_LCXXlaB#UGIhTm60pa!F#GjzsuOs5SpC))@TndHCcud_YHR~Fa21RED+eFs$fEvw
zAO-a3Zcr*PuPE)(Gaw1HgJl+`H*ZP5|HUtD6Q|pK0h{6J^I1Z1IeWr<-G{s0*?0c;
zdnbD*FHT`@1=c6NLDv?;{Q&LH1WLf#@B4Z)gzb&3(A%XO36cLXn=m$kvl*kr^5dae
zLc-PB<4xjjiQg^XhJ;l?=Z)h8&aak+Eg@B)OB{DXFW(|ay$SI@{1XW54@W1@%qAtr
z4cFZ)%+(E**v>@bp3i~*k49Qo%q{2ak6EN))PWd9L*mx~{w{O6vKiipHPHOn0Zy7a
z;-GK?*GI%T$f_x>+QGf*Y6zdtZ;5vK;-=tCgUdJGw21MCO9alSyc!T)SWi;C4Xh);
z9{23<^~;y<Tkmzka0Z-$BpkJKo-P3c<{rKeGL3=o4-OB`L>J-p#U?O3ZR2*1hkqLy
z%z;yczSn4058iF|fg*3L!RZU!{RB%QANNIf6f)D2W<Alwc^K9C;)8XoXMhMnQDoNB
z-1(Gv$}F^=;tE)gVEN>+T6>;{|Cy0FNbSuem`-s!m@h7a{L=0QUWKgw*7_>PmAVI(
z)|)?{Va_~yj%?5I^Ot)sPW@;5&-Y%xJnM6@i#Qk)6a7V-7|W*`LSqpDWk$eiX~6MO
zkp;+_hxT(c5X<a`Sv0(KOf<f_34^OR%8T^k0>)v#jfyaHJxg$#;B);v>#Gv-w_TBM
zS+&P7tB#h*V$pg=q{V)QwrL2%{lWnmp)`y(iE7W7&$S++6*N3*+R8eo{K32Un1TE=
zyw&%z271|T?BLs1JNOgrV7X|5R_zP4DEqB%U}Jy&;kGUA7{6#4?3RCiD@6;UTV3`0
zEHpU!_W$fZJriqCpicruv9`vJ8+7r-oit6+ZkKN05-vi7ilWPasP6g}UWOyw(op_u
zAOJ`szL2cQCcJwuukoeOL#*MVnV=O+0D?CT>Oc{Up*rbm;xPG}d^m(JLtxwrF@s@_
z6X036|5F9hA&x=jW&Iocioj_GD#?rJ{&m_He~r;&?XS=%{yXe1fK`gDn5Ov!tpW56
z9c6%}>H;913KXl0?|o_%rPwU5*~Po$FLa@_-oRB1_WOWd@jIl6{wzVmTVBehZt(>b
zK7v>I;B5bupG}Lbdfv5K>*4ajXRY)Yg4UDKY%024o@SoiUQ0o6i=%*(EV8l#XiZ;a
z+AQHiBI^VF#ot`xSHczm$L}RB$@%>P5z3g<qo-&4XTEz{^>={n!{XD=t=?pPb|+Hc
z#9gsw2uRd$dMmoJcweYe*o*3yYgWy7e{;`(oLVkBXLhB&M4QZS501pzd6Ys+@RcY~
z7r*34Rz+8h6DRQd9h^dW9Cx7(>Vsh{o5&sDevzG)TSh`07Fq0LG<!TGv6h6$*ayd#
zHh1NP0N(Xb6#&0waRf!WC2kn%_4U`)I>4K%22V@XsAEpvYeGDOg0?C`LKHWGw)Kqz
z4~V2nm{83x-WA(W0~R70^~IJUAe;vqRf#5Wd{PqZBtri|)d2n?<s*(sYaE_)<M5?H
zG}%HG7%_1|lV;iiB9e#+hcpcPqjwU$rnv6|fn4I>%-47+Rxf~ja%cFJ1c__`3z<Y4
zfuVOKU%|1Kcuxlg;KQGfZ}+mXe~f1CXR~P>?j@st%3g^s_gD22K>SaR0s^fKxy6O}
zYuRNu3!tT*aj3~Lz|57~LLGrHlt1%WxQ4M~aH}9A29y;A(I_7#i2>|I*tJxf_R)KC
zfpgR+m%*;qw|3U<$(~dvJbH&BX@XtgLw%p#@OEGxz4{j`+xX8TVL<v&fNeZDe0s9~
z9C5-&4=ma&a!%wU*_pa@aeB*Nkn}o)k3Hd+s)a+OEq`^25wJxGiB$nGR@POhei+hs
zS#%zf>vI1UuK!MOU8!Z(a6mS?SNF|3BRxU;P@Fe3NPu|+46)sKQAc$9k}Yu@ev+yQ
zhDW-zCIn}_n+w11tmRl5$x}LL9O!Kz{$l(_(Jd@2*7}6_O^57X=_G7IZSElnd8>g*
z9;IZc?0ZvH68lR-H}(S;ah>4mRMwE+RhU?blul{tB{oClJ`_cHD6$>rJ+V@<%In=<
zm0DdNzG5TK|E=zRJavCIJEricLPFT8x8L3tVO}={kT6Ov8&*zZbGgB?FKT!tWOFi?
zpOeOob9dDpDa(izb78MS*><}T36X`1<SiF3+rxC0*w<wF&{T#?`~^&TBdtB&{;j3W
zKglg{>Yqi5>fn5!g<dzp;DLV=5!~EM@bL4?FS(b?T-<e>iI~AhJ`=EGyTJFf|76Gd
zbL=1Jl11FGrDLVO*X%*m)@Xg<-oEDk<vZU}c)y^B>V{kH45Pa^*S_k>U66eqw#$_}
z4U2;UZ(G<15xc&q+EYF8pY1d1OFISqkx`nEPNE^cXgEfe*E|2}9k9$L6VG}w<+6EO
zYfCJ7!@SG&a^Bst&QMhI!c1SY%@owpK}j&P3+>_tAextFS&jZ@Ss&Ux`rZEzx-K7N
zMN_U&^#~ejWQmqoG8R=Gp6$QbKf(5>LqVSCRGgn4%3hjwR^J}HIDGvIRsw72!2BZh
zzdgj_3S`M$tJS*<-{BG;`sc|ue(#<q^cJ4TxlH6#(lWeEE&2|16yLt}2umu{JgyC|
zwUwZGYF>%u?T>!-E}?ln+<UcO^260kb2lU#XwEbp`$<6t*0Kr$@$uQMI`<XlD0zhs
zIpw(t`;4ci_7BfaeuP6FTQvGW=O#Vv@?|Wdlf}UiTfht{J3*)_DxoY%kKHv{u&nCU
z`GOXiV>ws@CFlY~?<!`51Y*du_AC~oI<6g%nuOq@SrCr@_7)x7OP|?yJgzHyp8suR
z=U%LEeTD0v3fIwI56>ZKE5_=Vvjap%d_{=849`;5GZ+^F@f%}VXvCz#`gMGZf-{GR
z+|4$*BqY`v=mY^Eek%c*<UsF~ww!VS=Js%DgXbkXxX185w11U>EcU2wAd52Rnn7Qw
zZRsyIk0j@$z%b#Hu}4W*%$9?;WZT`MR$%#tWhD~4)*7x11Djn)l)(bK6u^v8$S9mK
z4jzU62GY!^d{vnl^)2fnG$|qu5$z*b?@(HCm2c{QsE^RV(K7_<KYxAr6n-8gQQ`ZB
zb>uZ^@9v>w$u5u98t%g6e_=53JT$<h=6U&o%h1N=f%{K6=w<h><;);5a%c47K6aez
zh^{p~1|D*Cb`SZ&sbKM>b;&>)g8Aeh91Y=!m6AUB`~-;CZKIl|v;&zlUW=KK!;(*{
zj?z(}3G|v3L*=~fjYe|fyF5$4!6;i&KF<sx`d>v8NREtV$>;ApMKuBcr<@&^Hev3>
znC5xT>2blF({<VN3g@}2?^h8kR`I`9@n1ex{I8wOohLhwR(t9X82<%-Z+wFNf4BHw
z4*?Tb@xNB_zgG1Bv&a8h<$qeyf1lh1eE%cmf?Aya+4{asDWO;KzgF~rMgKoH{a?j@
zT+#pY2z@xhVDfPefcf-)YxCjuW1IeOKU~Fs{45`mv-|$Vte9n?@2ePhq^p9bEYwF+
zu<M93lm+K`8qbQ*=aMZ)rodH-z*UOCkC`GckKV}yLo(|Ina#?VBlL<cvjDxg42vTD
zHY!eues!U$cTix)yfl;fYT9j1WVJWM<VU#*^+zga3@3*X@Nx`jSOq)`Fkl~3L|if?
zkJ#fh3B~zs!P$avprpm~R2Z}}vK;38h(?%Uj1thT!{~2<+cHw24VtrT0Q{gTCSz@2
zSwK|i5)|}g{5g)hLBoeN$*YilqO;jiusT~E6B5Tk35prvcNh#W2`1|$p5bI5)HH$Z
zh6@hlAf-A0lcos)YQY25TvYRbO5$Y5lS6obsY*Cl$Yd555pFY1tVYUj83>Y=;rtd=
ze*wDY<MSsnlq5zcyycucFstVw=G=)gS|R9Mlw8D=$1RQxVAwMB!z&lR%#oz7IbGK0
zlDR>Z(@5b7es-rY&<T~;r3_da&cJF0GNMdXo+27l<>9pxF6VSZJ6<thOzz?@Bt5s%
z{J|{i!x|}ndsU-nj0jdkjz}Ae@;QX3dSP^MuNT%kC=tN5zKjw9VvQ9HrVn@<6-ZEL
zKtSUXSV1u;Y4;E{JP*SJTgYM0kA$=bkS${E0G1iEX3`$3=9ULT^GY82*nucffqh^j
z^;Nn}#8t+9tu`*ru8^yuFPc7XJyD-F=evs&z|kbh1ai}K>f>*B+O-3qweRL7Tob27
zI%Vpm=Nx1NEOONfHG#GR_>l0&Y|b8pM^@^iE*9^(P{b$<V~E3xLdUXlSaT4kwn~5;
zQ6_Q7TCIS>0RuWYS4n@ax1e{JwvgS`e-KS%^>l^w#$*j+pr15j?ok|P>1Z|#^Kyr~
zVn)e*frT)#!}_+2zU5V5_&_M5h<+`$y+<NOw{V<?HjtBUug#}JM0xOTLZD(n&hbdq
znul?EBibA%70dI`un%SI+C1gsK)$*FVhAT3G*oRuJh^FiiOX~nuAgV&4KY2TcJSJS
z4@XF=F->#W+1IrBaTpID*)*>#YOZI64I2HdPo|p6C+lSKWRq15E#{Hc+Qw8FL4VoY
z-F$NXzT?SBG&hUfmwN@YdJZhEV{hJ5L6T_+`!WIW1TGO6XPKs+L(g7^xvK|&aJah?
zAJ+u=7uf|yShioOVXR*KT?3{bB&ug7mQl!MW{#7z#(zv1zv~B>V`Uh%@lf)rz_&!l
z0T2wHj^|{Cp}2qd2!wT!zP_oF%Hnkbi4>6LWE^%MV{{UVP+}qo+IzmkMCoE}O(b^4
z)LS%T*sPO#YR|(k=s=g@xT<GML~HlkB~qE1kTyFt0^jLyW=ASG7x9Ma1g1G8ikWxk
za7VIW6*C1^E@$3WnsMO~Ety>68dANqjBu!RG@#oUb8pC?kJr)6BS>0}3>mUL#0aJr
z28sce5^Gx`3R6D95{zZt@R=cY>P#Lnu<|B%9;y+K8Uaw`yD|hgU5?i&I5)Kn(|rra
zMZO;8%-TYsq!AYL=2%a%;CRTPn`KVl*7M8gLPpnnA^_=#Iq(|6JqJV%InaGyya62E
zek*QhU}Ky#yozr>d?LEtE%Ei&;z>_@DYko!oNeR8H*Q_MRG-2nr@2aJ9wit+gBfBq
z$1qQgV?jJ>;v44i4s`h*&?w$$iKFqcmxUB^s#|A`W|QtaoRb7*`3Vz*K5R^&2_fJx
zrDg9Th~Dog1>#Enzmos2<o_%AzajtELo9v-4ZwW)|Ko>S4{G|~hYz<_^8eq7{NJSk
z*hCh1r3hFl0zQr+;9jeR?Ay~6o<xb1cEf_;(qi70NX^(g4;^$g`UQ+|>l8V<pp*)$
z%BpSY?Z8uTBe26TfDzsp5CY{ex(KcTR~SG9d|!AY$dfS4;385GEUnRP3DXnbr8n4k
zA8w5#k%W0jS^!$Qcfo8*QKiabgxBXjZ3E1z!<lcO%j~V8f{(H!s7PDEtVl6w4pmd7
zs6v`$Xk#y3263K(<d!&mqo*)C`|zlkaRx1vnOEah6UEJ`99mg8!4&4@#f2w>i?*sl
zajGV-NcDO4XeE{M28zs3L@a-&x%!rctntATEN!l8&~LaHjtX~~;=h<ph@I?4VO#{Q
z`8mAgvp5}(QCJ{<0y-urRBN^11zZ;7Ys|p)62696*C+o|--lZ??W%G34p)peMUKmd
z(|&aDEZ=Rxzy9&w+1dWdA%My-fBa+`#bLM8eY3g#)!Q$B@_JwLx805l9;H`DU^1zb
zkg?Twp(K1ZcSnOwAui*=wulGtU<XO~WLIdRKh+%xXhG}yy_c`|8+zoeQPrRF?oT&s
zy`S>6-L<Z_)|1^jJUZLoMM4YRVHM47iI)-q5h3#8Ha24WOH|D1q6cuS(Ertz0noR!
z8K-eDq|8$p-F)HTDNx%)H81!}PynQxu#<&Ss9D^k5>PJbe#pv-^AOigSjcX40F(Xz
zxayWqcuwtmEfR>(@O&Hqg%ImbVN*+)NQq&d0aKwH1}uLrXA6ahc*#r(F^sa|EDkc<
zb$rW}cTK%Qx97QAhV`(!H4P^e{_JyiO0_GyMA+&V!8pfIwdmAnDPK?FtSIR4n@j>Y
z&`_L%)B>Yx5uL_p(NcJ%BazfOVKL7DNEJ$fT|^MD-AZC5OUUP5jy>qM`|X}SL@ZP)
zlV6`b?J_N?dJoS^9ispL?w=eXNJVG5o0^tnRtz~5vr;b>ZiSpjV5)k>f03%psYHFK
z%8&A8TcD+p?%+f)dF{|E4aIv(38H+XC2jU-F*E+d<s_);sOTc6XzSPE{V*lXyGkub
zoQ6<bC6VwFgv@Y92goqMgD)U3k_;mSfGrtLq5|;*4>Q`=1i6G5<xDV1fsBWu(!!`t
zVYev)Ak^r}pmb|%S2yIrTTPy#{T_blwx6O-8KvCS*{GV_75DSDxKF=5bs+TXVp*s(
zhHW!=CP6^eAGnd4oXOcYR(s2ymkj~(8NcmPz((nX=x41Ade-~iY>G?UH69vULscoa
zhn9q)E7OXZ7;vJ5t~v1vHQr3B33j7vAU24Fbgqb90Ji%xI#vEmsw-lY2tKbRiy*oD
zE_Fqg)}Z+qifb2fFrsCmWR4eFPEqkQoTWeS(qXDWmGxA97VgS^S?g!hh~OU;LNpl_
z3{y;6S_~*q++5=VS(4|Vn@*|QaSsDfmRT5O8P5{OmR0B48TfLEWogT@08bPQa0dO<
zOax>VV=US*qKmR^1Lf!DL#?$hAyFl~yFnM4G~yc0?US|+v!J#~QAdvFh%35}vZmat
zsY_g)L_F%+HWxlermN6^BG_7`w1}}S^9=^(QM&pvhpUX%W49&KH`Pk(!Jd?UyQ~y&
z;#b-Faw%fVCDsEp%~R;VP`Q)z1XB*H48&gE>1N5Ah`tF|^@EE+Xq}a_wnRU5u0dAQ
z)RJ)5g+9E(8!ceWA+XgdhX!(uui<wv8Y#{jL+;DGMV@2CHjz>Bpe~{?9%+ggHF7My
zc;o=28aJ#kW;rgxL&X|2jQ*s`(p1(F6eUMperx2{8cU;{Lmg&qWXmk6MAm9-K!T&u
z2`N>VSXL@cya_8}y#^Glm$N&oj*e$ghMNC*Uf;`7-3A8A+^|)ElWwn9X9t#sK_N&0
zM9-QpNs-fpz|1>caN=$*Ln(bQ_XQAJo+ni9k5C#hYQT%LY!)JorsDOvJWo^1%j@g_
zRq<&N6kXGnyrO^O2@=^+;Q`~Eq&M0dXjcx@B;Z^_zOvxJzaC1Y;0h^u_`!=;XWd?n
z+tRw{T?RS9>OyU8#>02hC<{N{oJ)ACS?5_tO9hNu0hOycKTpTAd=Wutn&Y986A~2G
z;G<wM7i3U)gPg=H$!8Jez}9B|%mOqCZt>P3H^~f*7^Hv;%@(6kNXv+gxR&pwyv)Kq
zIVX!{Ijq`3;&pZ&@qt^dhKwZ_vS4<Gv%G){bXCDg@DrUW*4b<qt+YAed4!(WCT{Vb
zI6HcFw97ZVI8Com=zkTW$xtP2kw$^T^+Fk4;c(FyL~cCb9eqvWQa}3Y(TgHubtR*%
z;P62~d@l(VJdD}NRZRA}s-Pcm+L@^f6Pu<^<6PZyhoOm(%jlNl)U9xlW5$b|M-$R(
zHg%iN>R&_&3ct)M7v3;V4T}f;MxeS=p&*6GU2ai+pv35N7>{{Ng4I5BQOMNUT#H|^
z6n)XT(M+i>ylM)(B83}Tx3^&On&;YSn>`BSaK3@<Gb+Kt(1?5#@^l!HY@*T~8I#^%
z=M0A)=5>?n*}>j+ETgtG_hv~PC0E^YZ1XNwd{wLNXPtz&XqZJ*G4aqw`W=L)Z~-~P
zd$5};UC7g7)dowzWms0?$T(EBX>1Rb=i1trH8F~^Srtc8uS>CWwVThOy6}~h03&Yc
zSM|Fsq+Y#T%9@4Xn;gYjqrTw%)xMv%-*&`((Zx8tB?x0U!^yN1dC(cFHM}e<0&LM1
z6sWNVWdQ>0o8ahKBfM=@!f%EeU2w}^Qw68p@cLG*^f%3=x9kbsEJbD~;pj3bbitYS
zeU9|3RH-_oXG4^Co$NpRZtslArz%Tn29FM&=~6RQPN97%%HkI=U7am&$9v>$c@N<K
z?VYV{@2gIu%S^KbHJ?oZackq{klj76gyWQRR_7S(8`Sy0c0oW|)&yfWHJ7sY7c(YY
zP9dWX)H??h8D27-<2mUqFAmcN>bc8)$nf~(GMD2j8Ad)kFEBKx(t-WVKz^osdp-?@
zjTdK)8<girg;8Z?U^}A8BpiJ#PLX@Jfcs}=eqhY9R#4xf4iXCcd&}Ie%(p93=~G==
z#TNa*lzt<06Y60_o|X6xZ|dF7)5A{B_8l4~^O`$I_)>uiFjy~~SyUw;nH?rI=76sa
zii)sTia|zd8*Le4!q)%A2AV||?Em2)Fb4%*oKW+e4==+>AObSfK#9I|Y|KjqaFMp8
zctZh4w><K-AUlql3m%k|qge*O6-=lZv7PyH=fA4A=z1f&(txp-N$GMWw`8?WvIQ)F
z<vi#g8uEK<-c|?mj_Amt%9`kb8AjEcH=A!w{)=)VP3^~7n$lG~8hIIR$nKUYQ<va;
zs*M?3w%%HPXoc#pBzp+4=Q`8WB2^$M@nX-lk_#`UtiP@1?5@kHl*Hz;IwY;C;8N=w
z=Y{F<F?Yd{uujPx#9nTjcmCg7I~b9oH%;qTqcl)wNitj`IZk4160ilVv*mJAQOlFP
zA9ghgTfG=8{<!KH2esZ8R~xU6p6$Q<sLjj6=ANSXj^oN%OC_3kde}3o)=wh`rczOT
zn_8G!HU#t0oz_vK^HU;yhtO|Go<;lB*`c3D^&@JYZdf#)K(_9F5eHUpw}}y3Zkwms
zh&-*eUH*VcdY`1TrnnRf*Qq)^{zxQ!nQc!aQ5`?Rzm!~R&V}8mVQPSXM}i2JG~R?t
zrg#;GQ|cDR6Q@gWkfpO^gdy>ZdaV&)2AbARfQz9bA}TsL3wm?J8FOLD>{Gi%OM{}0
zXF2a-U}JgXhKuw%{6vu!nv4*L8eWtmR24s}qy@G=W5g2N78^ehTKudGN$+@6CvpQV
zV!WtNi!TZU%ovPDeipMGajX-X59d2{YSlEdmlo@xb#(DKVPH?0P8s9tiJweO;+JLd
zlQa&^vZmzyFh#a&j23%>Gmp@=g#Z4HHywaLo{^F|@+}<=y%`4GEi34rz5=d}E`eO%
z{vz9Y|M}MB4P&(I@y~tFd;1YML8JS|NwJOmpr?ED;#rJ6jEo~McX5pH{8Jnb8c!(a
zp}Uw5bRpOhYrK|0rM1t#zSz}IzqmWh?Ef~G7N=mry1H!FDlzI0aB{!Mf?;?JTxmLL
zl5vxe&&>iVNuME_o!|13jhX^vyHby|_^ira?jqyh8Rv<W$|JPrHdZs`Jcp?~0#Oda
zVvx?qxg9Bf&FWPB-r(Yi-FF@hhZR)wP?>XKK&IN!IKHBuE_t8$XL##2CMBy#nJwaf
zrsNFPL*~jbA~kF%b;C(2ILBbJGU;>$jUk;Y#fn)*2Q697PpIYm^=jj~8j^G2;`G;K
z)x@(l=riS7LXp-26WBXgzdBd$uI8@Q=;gO1>|N*532pBwTHrK(Wu6PJGsy_9LyW38
z3>1&1f0vQkM(I#m+ToQW=Ky9SX|9;sHwc$4t)63v>}vHM)r@QLJ^%$B@v3xk)mCC@
zY!l69<{HqNRe{o}T1qfHYU}rGC$0M+TY^u!yWBPeA8a2m*W7vu`vABR4lgI^NNa2}
zee~eL=dmC#w%>2ha$pG^yxRThgsCh!o#)K6(qy#cGqnTeJRC>TD2~vKe#>Arx*vgF
zPF(?&!Kd!006Ry6CcQ!}SXCJ}q<Jw7tA6xLI5mAJ6)L02$pCy9BW+d;yA_0*@-i7U
zRVtg(I%XB&{^2O{BA84~r-Jga$5w=HPD@Lj$A#yc9y-v?1`y=<{lCysS5~f$2AqdQ
zw;skDDvDUqq+=}$uz@m6{_C@+&C(GhsT5h%T=%&uRcb=B8casZ^&JW}YKD{1()|tZ
z+Ft-(^;U84A87trH*1!`K*_=TBOBT_8_?d-B$no(!2-E_Tt+GlKkB^HPSagsSoiKO
zy}%!1O67!*uOS9Z;}DOu|9Yf%rWao;^9{7-nRB&-xqH?)b<VlhC|3i(!#Z->kgOZ%
z{DTUvLO&JvbN-i2t*TwzueL~aPeL5BeN*9?aTe4(P?1}t#G<thR4%M}2!wi+4|G>n
z(<QYTN(Xw-aeAiSwPmGUstjV#Yo=L;#2!c8>z$s<?0L~CN$y;8uP5wnxR;1s_AcN3
zncS*%ru=8q8Bs~h;Yy8Nw^>i=zF4_BHZfUI9wl%%B|tu~PG4vfVVuWO&1Jf#HRyVL
zcIM@><*dXcdEzNa8s_6A#-77+Vl7!?6-J#Emj{NlrAaTOwglO6sA*3Hly-)CL=e)>
z2+dDE*whHQlwaN(LXH&m-`9AMp?r}y8!+sX94Lu7U86TBljE65dYEhX+QwiVNljIY
zGKj?1;88G(i$!iD(#L5=4qJg{oR2=uYXE6Yo9@F@agOwc+!dtngXpgH(3yHP46>19
ziJ&~;Gr7Sk|Ln%v=7LdOAZPzWl^gx9W~I~FMU>@*Hk1jv)VZw3nlAJ#{-k9h=_}2s
zO9hMGyDk<Fp1;|As~b@?a)WZAs)eK$wUvycNmL9r`yv`AX%>>)ZSXt*cn$0N900KP
zsj{u3DNvz?5XD@pisIrASW~ps`Zz1faB0A((t<x6@r5@wPZ)-R*&N_44_<2_F&VO~
zYiw|as?DA_WsNO#1EbBbXtM@NtHAujJbghqzqGCEnAW9{s`T;I>pX;)Xf#UzG;Xer
zjz)0U8C`}p8z?v7O%(;hR0lw7UCQp<sw7B9Nqj3Myi(vn?n5`BxCs(iSd5g8v4mto
zfG}3r8&n?csvFw0*>WY|4KT7zNdxiG{3}ygDNivkfLYC;u~$f5x%jRvjk=Q4i^Hyq
zq^{*&e{=P=_70|ANu0V@uzbCGs9d!e{P#=E9$U6fI7y78EIN>AS{IIGVQ|%|(-Q4k
zSlJ8rNsBX=29$QWK+NY*0J%dD+y@hBt~`fI@2SpsAM0c_aUMJ1LVBs{LaaA+SWq1w
zyjkCR>#Tu)O1+9EZHrNM5r+wb6YJW7n`eD>epm~|j#SKPuo8|B{5a`Z%z!L)7d}Ap
zS_?VNV~X%(m~rPG0G(3Qq~PwXr(14UO$nXQiUlgYj^Ug#?9dzdB8zm{942y2Z`qk+
z7T#5}bwNSk!pSoHS*2;apR<Wg8}Cn8csYd=4WUWlBr}yCj8LU}5owkznhXz_+v>cQ
zEU_kJrq^#^;QhCn$Hor_FP}Z#J9)-6)i$nDs^}o9vNe5`dWD`FYn?edEDrjOI;=I5
z>Z-}{<lIz8krNJ^IT4_|0h48LCuT%g%TXt8dC96sJ;?qTPUS6c+uO0DP3Mh{m+G`f
zFxtc$Mgi5tHwmD0)2*f}qB&=d8zQk#gfl8eTO*S-r%Ow*4N{bzl{_)`-`I!^7e84G
zidr#5d?28<PZ_^}_T4WogS@Umg9gy1WEo?AD#;E??mL8DqGn(93p{@BY+zcM<z>a2
z-SsU)Z#Q)^{YV9-AAA))_$7J&+qerGN4*2rah%oMB)e~QKcgkad_qB9f7gTFT~G8;
zD?5b+yL^v|aReL=)ybU_7g;c7qquq3v8vSFuhPKo;US-pX3p3Q?PVw8LvACwrK`T9
zfTKnZ3BS4~8lP*^%Y6Q#*?mPZcIuO>qAYNH*ZRfxI4Ce6jbUX4{Ga#0d+0s#9zPIW
z)Elarp~0xE<3DA&2}k)!;6J!|!E_elL9H|w_NvlQlw})MS?s|Y6kZdeTORFG?rd)^
zqR7KAb=b^S2-ActQsgehD|eE)M|6ADZlJI9>j`RSEMo%nN!hd*^?L>iz1c$YQpYg)
zYMwbYY}0k*=m}%qHub7hqiLs}*1Ot0!s;HL3{CwrP7QYlcU1@V{ym>z_BkoxnsXS}
z!0A(eMmau`adC-uA~YU?*B2K-6npwgU>^upPyCrLLG>%O+?*t#GOy^AyMn5lHLfWH
z8O}rW*1kM<-{E~3O8@{WC`X|<QOAWo5?>CiYq&dmjk~MzDWbQ|pTTJBR|z9=8<cPf
zznRs+$ttJ6Zl_Wf)tiJ165cFIt}wzBZVgHxLJ}(QcCq8Xswk}~3_cY3tOWzbBCe52
z77hP&OV~|g#Zr2^;eQ%k`jv*Rgh^O{rhZh==zd%*0#iZxS_881)@aOt5$e@uUdy}9
z!u7^`MtL(NgUa%5xNO8nG`qDdELdJ>$c+G#T(R8r&Y-A^{JFL)4-R**K4;Z!tLo|1
zY^i!XcD>noKFlJv%2@`$0}H_aGs77A#qCm+AKI-Kuw+Zsd}P(!Pex1Cdu-MFKFSJ`
zcP~}@iQV6Hcop8E{#RCgw9H2-z;f8J*)Y|w^Ki5{Rv@Qf{g14pG&Z@m-Yj@rLvt|0
zn4hEVnwR?@_D&8D4qxn&k8c45#U#pOnb0esw7T7Z45x{el&!I#yNoVSLPHU4_q-=^
z6w_kJ^L!c&qjZ)di-rNDD7<%Cz$sLw5w%951*E7(<Sn#Esb<&Sd@^e9ViWZWguMy(
zhLk(t4%>Lk-jB!9^Zr$k1Y=r_<={N1?dvJV0)H7^hw*X{9=ai%0f)I9fJgPsO)-8C
zmYhx3Rz-Ema<!i<VLjOBhRn*UUz{$zKXD9J&-ef!%}rO){9Z$SzAewMKgT`zr{eUV
zudNQ$A>awnR9)ZnP1W^-paG5|Kw?fe%JZP9FG%tQ`j+%W<51{WXaKN}v_r4%0I<)d
zL$2zGRZ`>GSiL$Vng&7VfB~jH2<@zB0HcnBdGlEw84WNb*%C~*gcF8I+8O{!;w3a}
ztpPF#Tmv9Q!bC;GYJePMt`T>M3<;uSq6v33Vz&Se(zE70P?5Z5^yR?i2cvoDs|epb
zBqUX^Hx~(s{5fH~?<}VUQSl+}%<WF;+Ti4R<>iA*G%>`+<AkGF*STM#l*;=waPYcD
z!5|x6)=KTzrIfFNFB3#)xhrZctyLA3zfccRW#C|89c7&(v`@tE=(;x7yzuf)H;Kdu
zxQrV#8_sP3XU;ridCup$<Z%%fn=(36v)Oc4*4My*@GVZ;BIcr6hkD&bb5pHL!`(N#
z%w0EMx&3IZ==uxgst3P<$&g#Ik<Gvc=FkJx{$dX0PRxl!fF_ct@T2L_0DOuHpe(Zt
zI#53^5FO_q6C;5*B$`eL#;^tuga=H~@neIiP;72}n!LvP&2zVq1m9gYRFA!45$-#S
zB~(fe=@PC%UK*rU$8!|?5K12h=V82<&X-rdg|z-64&V8W#UIp9nq-t_i)s5Ti=9N>
zC^VjqYlR-$g~9|QQjcl{pV$Q_VG*ETh|j^qYZbn-D`eq+W*BvR;W3Bugx;?^US8t5
z&8tBRduREOS~#QPb6C=4DjQ30oo%?v^N%(xVN`mZ%^e_Mgi-v(bUd#(;D#l(A~cwL
zrR5?<wO0};_6aBE)wa;b4D}!}WznH+VANd>Pu)oDGFR>mK9L~bXBUsIP5}6Dr60fI
zVATkeD4m>_z0Ke0uq6DSbI|hsSnl?G=bJNb2vGs4)i*Xw<7rQXuldr!Tc)A*>ywva
zo(KZ>PD9lf$1l(az46Y3`>654&!n^Yvd?>}p}N{TVqXzdv%0mn8lb4X!`w=}6UN^9
zT<pRkRg$c6sjeO6PE%2fF`7sNOYm#-7|+7H=@hn2+1=7SI&W2tM^}6I<B$@Ja<eQQ
zxf2=D=0`ZH>eKg`IZtOAuJW6NFolw<O!B|+kGJ7%{Np%y_gxr_!tB$uVW&p7{%&q=
zKQi;bZ*4tzxbr9R?sMjU|JZ~4oqV>p#ROe22V0Lew;yjl+I+I(ZLW6hALfI;1nXPg
z)>q#4MxG5f@b`wEE!dmhevGa0=+OiGyY=|trv4W`kGD5>HqHINz4-`8g4q0=`#--7
zl5jE{HI-ZR{&%|nDaW$!U(8T6=ld!*^fZf-!dFRd(dqa)%IRBho~QAw2z@TuYTawy
z6Hn9WZAPZS-C<8`Z*Fa?AoG23kPJO4MA@J6^rE2n@t6rJ8it9?Z;l!7XNmH6dvW+$
zya<yp3u1B10hC^H;XVLT3V?0VeR2Hqdb>wS!x`q`5!xV}>>Zx{D3c#(jiMw9UB+_(
zxA}WG);L1<#V8rZvyn0@l#ek9aE8~UFh^U0SNkVVzXPy)-yXa?0N?=o`N7%Y{^=<|
zdVX|*X=e6L&JLcwez|udj$fY~AD!-d;zt;lj7NJJT!+9?4Z{f2iev8UDOoAd7yw8R
zr)1`;Lhq<v|4mvt;YAq}lwTIbba!Lp=H|v5Co?b2#v5`b^Nlnft(QN>(|CQ`+w=-x
zplJnE;Qu0n!(OIi&O)-HD%XM+f%@c$!&FSeY=UVrDZ4Vj7~`DqnqiXW6x~2!z9_(i
z13uY~(0V7sG@GWB<{RfeF$YQc*$Rq_HJhjeKiF%DkQlP!(F64>PRC=k`;<S^Tz#9S
zdGw9~D#-^~sJ_7q_4U7Tblz$K5Htg1P;@PauVL0z$&`WJrQM-|T&TUFe)p@`1+pX(
z&oaBZo)oO5Wnxd0B$U~zWygXG*iA{%a;9rnr7G{TK3cH$t2jn|3<lBHV#B(#OZGL9
zU*E~WYaPHTBu7Qr`Z4@IgWvUWrnBtdIVbbRzpWN$P4S_R{^8!M{nO*Ur~BxcRnIHa
zZXKOG+dnajJ!rRD`~QOa<tuvXZMEs~)BTe(|NH%u(}SZ!eDR1M?;oD|$9q4%JlaD~
zsP^OP>DiCR1mOw5MM6cACqT3^m6Y1{Y+ik#M@-3gTgN9y&t5;}b_E)-0?dQ6m;0{}
zwtTqVI(SBpe^gI)TCJx?hi6!3@99&Z5!`Rpm!oV<O6YcZq4IG(o(IDs%^Kn#%9ljc
zh8V}!N_AXiL7?LM?}AB`glye~dv8L?Z86Rl0Kfoyn3GE41ecQL=QGmMaL!U%ZJG5K
zsBWJ`bD3s0275X~4>_cnVYzQP#+?ciTp$HeU2)8^xCuKz07hXDN0I<i&8}u^wjmQ2
z^!kWsH(?y(Uka8W4}*FxFrJ9RqqF^8aU6%34QVDlEHC6_mU&B%O2x1wSuhS|#By4f
zh^^)I*n2><QGAJ!9;r=L))8ie)=6$boO-1*Z;o;Ilxm<;N|wSIOvx;3Ys||M&?@qZ
zCU8LKS8lVmT82Q3hNt4!aqPOR)3XCahC~#^!4c=yhRF`I%oVKdjv2WzZvh5B2WajH
zNIrIi)8RVOhvUrkWk|Rwx_CP08WXjZAqBbkyto^8o^<8Y*x+h|=P5LNhuNA;i`$00
z<;%}aI2quSxTi;}T6rStMQe7|6rskp{->~ofbm%1Bj#yWSWyq?PaYkJu^+!tUQu4l
zvIDx?@EkvdMeXfEXA={RI1BB?1xB{e*7u%xnaZHC=)A4R2+30n_%IBTiinCEq*Qf+
zx!b(mHGl)*S8T+#6)K34jq;FHelo7Z+|IaghTedq^d>=`kbI&{Cw3L<yOu?4PCqpl
zcopxu?3&&F)5~ypRSR||&jq@$gvqdsMN>tgVLm?>*IVAEBTb?NAYBN6ec5c=yP?LA
zM0z&eI@&nkR>j}g(B68Z5M$tWJG0_qy);}copeewC}n(MgRcdFmG8Vs@NZOW5A2L+
zHF_h7>h%_pn{GL$p~j3>gk*7hJ4?2=vs8OJjnmF7*S4es%teqxyY{>)a98lca;JyA
zWeGgR$2Rm0*2FSNUNpVCEi(_OZg_^SNeUdj=vF|qDT*%issmv#u1>cxV__l+gizex
z5gmw#8|~U$^x~#rY|!?vZdm8%mueIl&m~*64%;9ud@XKXJ@m&JaG*dkv9ORSoc3Z?
z7}3$BGXxrkq2R*Omr*;)E_LzEpkspT=*P_umtkTaOlinxD~mxwt1p-;Buq2_Dh$q~
z09M#as|(Xzc5hzH)=p<}AT9;SO$MuZj`DmKX6{**pvrlYWos~02Cb!ll<BtW8`|6;
z%Wi9ZSHr3vNFaJbts31#00V+jdqw;%5y*OICGN{W^{G~Xvycs{vC?lpk*3^^3TT8s
zaElzOs4{?F{&@&@S5$V^frQCuDG<R$K?db@2ntyS8lzlpKw3{n*LfZFDr#vPYB2if
z6(mAA%GX$UTwUi8P?4CsB8--HQj6=TU{aDd{TQ(D%#lZQg=X{7Oik-RefjNTRe4(8
z6{(EGA{9oZDwA9toytrLR+V9uVW?K=j;L$nZbRO|75)H1K)t`t$KSgnCoTJc{;j{1
z3p`MH!#-rcRI5DDQ1g>+k~*rDcFGFj=DW-WiHcEKhM>auo<@#hyzcYO*TCJmSrD~N
zVZ}qEGos4BZCo^$NIz@T{xrF09ar{RiYf((CTAdisjYGcJK5P4y3JS}7dmoZ>IJu*
z1q03TAlHlUIEx#8D0=Y+uHyGt(w9zWF>1B?Ec^&Y=&e9&7G!9GSqikxy4O2)0^@pr
zD#sSRGY_48uN+zQvXAVt?^|Z9%nW06+R*^@b!rH_r>^*1Z=P_@UidfAU>O^*#@sj7
zvKHs9X~RCZs1vH4AFCUU26}qrwKW}PJzl>8<Dx5RnPanos89iafym3!j_H>;&gxid
zUFZ%;$%Jn6=`5S3c_=V7OLRU%EtZ(&0qP0SQZXkT4j?Hp05^CU1QK=2I$8x!3m(Kh
zb#7R-S?$3z?A#8Yj*S&+JGhfy%^FMZ)Jtow$&J-&8@Z!=0vfB-wp-^q$_k%C#x_=Z
zQtuu)`Yx#URjt}kI`%ft^Je3a{8=83nk&{<=!QLj{VBNsH`lB$RlqL4%~k5_B{ymA
zPfG9J=IZrzLzQGS41HAF#myBTHdd5mwV~dldOhi{3)G>x+G97e;K|Tj$v_q}QoVyX
zS39zSG%rV%D=^CuWHY1m+FDh=MjEX=z4Z&h9LiW-CNvI6rr)$#o;GG!1*WInl!kLo
z`b{^hBU|^ISelypK~-qxXjF;n6xSCY0rnf&Agw#|*demlcNO1m;GWQX!&TnRS<Esg
z@JG(V<LTH{__4FFbYgN<c;c*J`7OCBe&wuaI4e14cJqTcC4K!r3a6w4T%J=hYFUG|
zIHkEoolxzB!E0+ej5=pjW?U-?KutL@hXC9YdpU;kp*&#9tWRCIWb*2$5EIN>eI8Pd
z49yz@n=n+_mMzg74V?<(ZK)=-jvZ({N@QYJP8H9Ok%uZTx>XNLKHuydDJL)rUBgYT
z%5c#W--u0TXLWUko<0EkbA$S*8_MfP(}~&ap)WCpj#qMOLkYiFByXsT98#y9J4l>t
zvjbT7g3W2zxb7z8`&2F?a=?AbUT9^e)vWx!SLQh<SRqAIXX`~=nd=~mkpih)Si?9%
z*cfxvyx~?2D@qTYmvNWd>-hP0|HZ+fjy&So-q{|#YWHe4<~lt4kpX=F@L3~hILc57
zGj$m6VDLdUM_AN)6~tL3QnAX|;VW;^prVxBA!(YBWvwq?b=hFkJAd>*(k&aJmASzw
zb=;9RDGAg`o$7TIm*K3{BzN4YghB3lX&O7~z|(s9`u<U)Gs0+_gQ&gIdRl+Sy)l>V
zw;>u`Ql7Vxpnfz7Dk8%G|8cxxqp;5+PTeuY9%@tU>Jj*e6QSpC%<FnRt$A6F9(3O7
z@#?jUUp+K^b-A<O0a;U*zYgUCnVs7)Lrus~;7wWME%S+d-Ru+Op0l<x%WzbtJAkTN
zi=IuhS6eC8Y9cVY6uhmkCGQ!=Fm6XmT4YNOB)*y<NG^<0md27wl%PW|B__@AHCcz&
z5IxPCt0`HB-dHLBSlC69b_^um)Oxz*sA-Bjs*cL%P;1krYGzS~-bp3>XzZgy)=@R5
z$v^rW`?%+%mlbXfj9<-#5#I*-4<}hwQVngTG*L(6m`cG$Rj-nDG!G;TCN^Tgqj^Y?
zg?0seHV2PL&Z&XNpUtI7I9ipapUtINa#|JV-%f(ibJ0jk<y0q={|ovizvAagva9;3
zk>>f@DeOd)*dTXXOUd5r=Tj++f71aZbWuH|i)EQ6+NjtSSx};>R39}jvaU8V>zW#+
zKFoxpex<iDD{K0k#<nXxj;k(>(}iq=a5d9hQWNA?(R7O10i_lZ6axsataQx+1nv~#
zHY~)LeC~>{)u^gMl**|VW+F>M@(Q`RjD}<uPQiTfqDA?R%l7Om8MZ#8<d%TU-tvl-
z9ZP^%-#kv~p^c$+6yL3hdWIS<zfm$gyWkud$z0hEA;$0xvjYyKEzx_}jM!w4igG_J
z!~(#EQY`Kp3>EH^@UId5h$3dODvp<c`Gv>Ru__E-eH0eXEiYw$s*Vx?N>PWqjwSX}
zb!}<j+;$B~mx5r5zZ!P4q6lGGjej+jUq&Kk-XNRMSzhxDo(7-QC;&Q1z;m~Z2wOmU
z3V)fH*7|4WaB^MempQGp+omds4yIXjP4ZIox)cg95Fs`lt%NslsQsVQqr-|Gki#&$
zXhFZ$%c`ux)I8U)n(dmV4Kbg^<Sl3BVV>(FRm}heW5cd{)wA-(KUXFz=N7#p$wMda
z>QH;1!|+@>zf|qQG;H9+;dHc}h~6I7SJ7)%p<k4<f$gLyPAABc++;`yGoqo&LqX=W
z!9E08lv7?qHT#aRg1QI8t~2zj^qtUtnZ@#uk}c(C86{EkEOk+Y$eE!hZMVz`q9F8K
zsn^uYHxY`~BY7O@k9$^jHR%9hRoBdLxKxx-sZBe>i`gadjqSH#)Hd7Lk{4&i3-BTY
z1r(i-!~QvWMPAHexU@~eQE<Ct%6fY}DpywB#b{rb@ZUKl<`KZpfPqk%;3O@;MFZ}E
z+@*BqJW5R*-iW6P3%#c7y_MBPW8O;xMY@&dr&p?eG_n1n9GOskVUEmtXr=ldJLY-d
zlJXLOBQWgwk*k=$!$|UnG+*<LEcc!KCFOJS2g%;(d&?H5$r4g5CZUEC`Ay21r1zzj
z<fxX&)Lc^)zQK8oxmV?ycm<p&pfR>VH=r=rY^exOX^wcYTXwc4@}MQZModp<d66m4
zTC<JH)mQ^|8RUwMJ`ckLa4;&0keuR7=UkbDrl8>17^*-6@_nN>vp`>U%p3d^4!Sr5
zetx$pEVdDeS&|W6&IX^1IR}V-ro#wP?Zu$lHjR@l4CH%#R5}nsr47ubr)03XH4rL+
za0)%eoD6!&3Vb_zC2XN+<P!~t_hn>+ZUwJj0<gn>lQ%T{YY&GJngx0I&3w&xjpU!c
zRJ1M1ed>)$d6bZ>*>*o3PY|-20dH0elk}!*@N=@Jxl~+FzOtafzaGZofSXsh_-~Y4
zq=Of)&bmFfFR?ad7*L!5b^%1s7z#7izpKIEEetbB0falIp;8$3HJ9*8JX86`el3LY
z@_qQG0Ydm|AuP`71=xVLgPew|Pa<>J&mE4-YHam^Y(n4h+)A>rpJ)Zq*b-2Fy`euh
zH#9e*r3Ry_gLHX`NDMz<u^JJs5pyH8wiQ<4#_+p?U2uc?_$(A-xDh2X^HDU85*Q)}
zD!_;&8QzxkgCz=CA_3jF-a%LJ0JA&dvq?~RCXtr}t<lQl!mEbw8P4u?ouyHh_#_|`
z7+OKwgcsg0PJxx{EjZn9;zwZ|7U8^%RL`gcN9e#)8MvHu7*XESDlF1Mp=LP|L187u
zOLK3Q#8Gn9Eep(>fH~)4$8j$5st<z%r=AB(8Kos-=kn^)zRM|baBHP&8*@}^Ygacx
zHr7pMG%$AP^|G{;8l&<dRbTB~Ab0L(sj2*R{j_+*Qs}HAM(OKMB{%~sN*~DzWh5iR
zXmF-kGzqd>Br9zUOBJFxpshd~Tc~Qz#VNTZ;3|cMdQ}N9>w)_9S*=g>oM8K`Mdqnh
zN@K}vqxzS>YP$EvMX0yBB+e+!EL(RPuPU*tl60AKBgI(or<Q@hWdLs_8pn<0V>Bv1
zRXkZGu=)oEZGo{=_g3A|q;O;oQS`yG#MA>u^_pG7=hbQy2Q?a0b-oSqXxM2QN;UL(
zWV1{FEJPWoOI@PQXHi^UkLB*^<gU3^S%Rr|dJHhH4F08+Mbfw{_LPqS%bC>7nsFb#
z7CX*v%ZPxaxVj1W#F8<&aI@<MUbuttHkgX*o%)GaYtBW+&8~JGzCUyY#HquMpe~t(
zSocS)^e96w8_o6H=}2vqwXM>WqJ?;>As*-)9SdjKkVCS0mW6q5tdM85B)xP3)vUG}
zC!==D3n?IxZf-{%DSOcFIdZK!wyDCLuG381U9D*^ls-LJp_Z6{9y-W!1>VE0z_opL
za>6Qgw;p_2zXQR6@mstEDGLUQPdKOo62gSv=7Ul+$)*aXxx>;|sdcjz>t;2?=sPs4
zOGG!rvMjP^7MS*2Fb*)F8a-CpZHam#xvq$k36j>4ipXXP@;q@0`?jQgxNj#Zg-9xb
z2*Hffp`JHhCSE5FQDF~K7gl5j!y(291=@5TqTm{pL}9KwMR6|nsy-S!%19Vasw^|J
zvrvZ`;~edIpN<BZ@Y+R*F=u<7?!xDLlo~SGB`2;W2(LzY^Z(2+jnpWeq4jHLW1}PQ
zCvc{rbv4l6pj4(38(-Dsh<a%9l5xz`RD~ohptHFbg~bI$CA};r@kVwr-1+LsqkB0A
zy<Fe%c65tsJe86wY4;lrFB2d_aeNDCg&3I2;DZx1;~C~kEQZ-t^o>uvg$(@ZC2%hy
zbTrxfWe*D@3Jl>k`U%(JH6H0U*`bxzA!ugP2K?o=4^2Rck>(Bx#PwD^0-_7yO#sW_
z^(R1Ur$tJ2bChPyoehnVBI*S1O~~Z*^Nxap^-=1MO6XEdZ*y&pvU;D>ILU8wReSeX
z2F#Y_0R=xJ`<d4#FYTjP_KVS=i^_n`He3r?n&NorZF!G64K5^%S~LeT$OCk=D?406
z9m57d&Ks_nv%oprov!QyfojR~ILFYQL)O4l7~I&G5#UYZEx(KiDkbSyI7&ElC?=1Q
zSfrwo0>27RHS&FW6HI{^%nDL~`~~`%MQBBki*D$RJ@FUBTh!6_#b4xp@3GbhMmC07
zug*_k35G#7;@c$#0ZoS-dRROsqzcd_w$CDoG>+37q<9)*q))e`mm4EMyN&EJj5j!J
z>W1pXM%l5AG}ng1@u33*4`^{KU4>Zx5muvHsx9x!ztjJE19JDv#o3ia!xFAojx-cw
z7|z}4EXD&AZxBwzA@#YGk{K5Z&!#G6^De5wJw!yP4&;hRo!{bdM9vvD)UwLlGuWV1
z80eP5S{Hc@{pQiFMxuq0wI?ZAIYb2tEOBoaa8^@%Mj&7uI2SFRVS;B;#Pyd7ZDFZ3
zU}%#9D8PQ*<5?VJDsH(7r>JODODA8Hv?vQvbJ5K@KmFy+|J``|Wq0F${?dc?JM;^C
zqUu)EwZ;f$^3>`wSh<^Zsp4IvdbSo9_yw5XRMs@at5@Nzx5%`_(_1vOOhKZ2oo+&o
zwjMAdv87u+L&F5AL%yj(vKN;b&~FV;Wr@K&(I^@v9c`yWFMWAV5k*$NHEzF>G^&@{
zxnGu_GifJUkmU<hQ`#CzgaZ2w-H@CBMp5QVi6na6p*&Rz{Ge}qyplPDLlRoEhQSVN
z0NVHSbzCV9nOe+%LUxTtysR{}K*Q^rsS76Ctl|oPEK?V^a~MzDPtfO|+6seV2eliC
znQadvqnDPhV=Q;a;H>x<=0VdSFAsG{_=lZ24~cY*P}dw4UR#M7%r(()POTrMajKSC
zU!>ZOR@IvmKI`~%qGF@xhKVs=KymE2Gh{U6nlOHj)j_0e1vFu{X>(wj-PX+wjIbWE
zj%I4BKPcPKtqxE!(j1v^4sNNOyp#z6NIF7k8+Qxfu6{MtgJ(6RIx%h0$eBEqg!apt
z0F-H+%lSpozy90yb7kgMN#g?KbEP2{ZEnETzKX$q5ry$ctB<z5`ehDKe1bN3>%`cM
z3{k9>46@$GK4xw3xLI1`++~kt56ez%YP_%C2+iuwRdhD<=51?1CUGOHbxl2Glx}X;
zhFWXZ$U?5A!gdsrn6ohFb%V~fTjHcr$YMAIMN-&*X&HjTngoNKNM2WW3bQ!U7JG-0
zzO;}WsUzmTMRYV;Bi*E=z0%dJvRo>gbkLmA0ZJ0AGW3h8uDd$btCucKT-x+i;%Al@
zQXPhJIFjlfhbvKOvZc8Q)!`UkL8W0=>HVV(ki2^804moVrH3kAbNB%}-tc#Jt8t8m
z9cXOYJfE`h+Tkny0z^i}1EAlQ>CV**Su^+-iUn5zVOFX4Q^#4|-lxL6fr*GHFbl&;
zF5Sjw39g>bdKPH`Tz{EZI!!7x-)+uSE%Ux~)iY_-O)++XRR+Row*!bY(;Ff!#rZ8$
zYv--hXq2$d)iS+6R?W7nDzP2Ul<Eg`#hwIZYNgPL4Y<@VyPURZ^#172Z4-B@Xzmrg
zs`&;z_gZxwCGJG2q{Oe*>B!p*&qe;`Chz*jtBAbu6mvt-6|!a_XS$c_zuiU45Z~2L
zEA=?;GAKcRt&HCk?Q6iB(i$r5K^!T4ajiPJ@eC?*&@`x$Cg_V%K6EZ(MK<(0)l<Vk
zcCjUL`)fLRcA3`S&lRDEZ%F0u=ieYt{ZoxK@0KK|uM?SmNkp`Kr_!sZJlvX&8^gn=
z#_h7dj^cdDD@W4G%tf!!vqtLmrOyoivb|v>?KS*cDuz1DU3_p?XN1Y%s>{i?)uTI@
zh)Okq&Kz$Lu(oRts_ChW1srJIco4{p;5?N!_e)8u2XbnyeL}KbU2&iiucMxAI&Rr|
zT)l61pNlf4x)ejufb+2M+Ga5Ru3TAlE$#BUZBp!)_9k4P+gt749TwvtVNtKr-6;6b
zcA@f|)ONysRm_y9q{(&2Io0wA)kI|)DYAk_8$G@cbT>D)dL-5%5m^`{yXIv=bs{1Q
z=^QT7&~eh`u_&VoQiF0j&$jvH%C^uy(&3g}DobO^j<)^;3L$g{hh4Qm;&IC<!`y68
z$a-RtLwy&LJWl@&-Knwfyhr72EHuh2%a?0+C}~Q`ngXAwm+!N(p{s8o#lWjn-^-F(
ziQu~?r9+}Ci7(T*`*}&T7SLZEPG8t0nV|KJW%>vS&B-HfDai*KE?I){@(Pk$SCIK)
z57PkYgTw{c8T5$L#RX1j!AH2%tuo`T@_(=Lf3Na?uRedo{NHJE5sg1W=I>?lfA4HQ
z+<I*7|Hlt^c2@bne?R%Z*;79q&0@A6B?n05+Y;a6E9Usg=q0&CR+S~VWmdq~Q!;?O
zC-%k|X(Jbmgc7RfPBXqK)>qlaSJ}otUbb;9qc~wFaPp*0Qv2dGxCoyTVjkn;%q-=R
zcYUD>AErmdx|6CKQL_l4Pcb$2ikWz$z+rmIMw0Zqp255bCsWk$QgZ3%2QU2n!|(m?
zVg2E*d-C1sE1w^?TdimN&-Y%xJd+RnX9rYfBP=9=Z@0cXI&FNtewpUQMw`Umw-dBt
zz>LRe!7)PlY({s#Ac75(+btdMoqfj^0xH@01z!H@{V6LRpB(+`NB{VU@@BVpwzi+N
z%Xg>yC*SX%_-6;N_K#lE`>iLNl*jv7coEFvB4^JynNpo?QE?{vEE$JiZM@DEZJDeZ
z7jBkGl@rb+8S)u+Mr2=_qugHg0;fvlA=lLc9u1N6lH$r&{Z^xS@L)%Kc(VWe;9oS+
zIuw1io*f#E4M&L+JeG4dK`*LibkKX8T9lW%Q(?j|*yvQnRLo<e-1I8i&@R9o#+_w~
z5+VV3xsI}xQzK4#2g}HC=k|<O;?NEd(u?SwR))u^mw+vzzlRCZ-m-NZS+J)wy_|_-
zS`9$?a5$qF<DJcp4l0i^%W8CS>yO}Weu)KkI!0g9celPau1@`JKD-S19TM33dqhEZ
zO*u~2n;_3`(rjeEO;Vo<SkK?Lh-kQ11x->o?mKlb-$fJgFNF(LwU&T5r<0Md;y_vb
z7zP{xd=zEc0%)jdLGon<gmb^E)$ZlIE!Jn@6unrjsX*->7Ugy-%#^S6(i*Z>HC($v
zA4Zy>tTJ;oq2B3juwux^5n<%{&X)cXZM)#r1(2yrKTZ7G*`$VWSTn<jdc!LO1j9hu
zRRcARXTWc%9?kM>19;XfWRlJ=^LlwCiux#sDpaq$kzOU36{*j1IP9sfpw_x#b`=K(
zr!*Hdh86)g02`?W08kc>9ANcob>6oKZ*gIsH6Smp4B6I4c;sFOgo)b^HtnGV1^QC!
zg|;4;rSfSU)O$CIa-0J0nclINM=xF+9KLAi)`$-+KTgMG){@S_;qxN{hIY6irxHw=
zKZLU^gw6`-N1>8xOD-8_*=xC*Wzq+2S!7tpFj#abV9*2WHDS9fW6r%+5Jon}z^S{!
zo(X+~Epn_%{F066T2k1(j7&JQS%NBEc1E#T4`ks0dH&AAPEHvh89=t$1ol-R4JKzs
z>+GkEA?==LGMph?1PRo+)o|IODd|OjE@_BIVGQ%G#ZuKJt)=n3{4Ld~QYd`_-PBpj
zuFY#!lk~J&bT)S4cw6;>daAeg#7H3(EAA<4!4(=~0%DbM2bh12&Z9Wey-;g9PH2H_
z4W*h<!L|k6O2Ds*v&v8Xs_fsbftvovJzK#dqtWSrHJw2DzEAVRS?}zQnU=P}$iW)s
zp3Ib7e^Xv#N=+8$NS2wLt-jed?p3dLOLsR%BXt{gY5L+WPHi`ZL#UdZo0ORhq`NjA
zvi7CdH1Ui5p%z1}`ll^q4j0%4j5Ak~B6Z|CB}AOg3%LD_Lr<Ry+#pDGE|7`PENS6a
znW)==Rx;cau5fuoRvKQ~{SpBR&gjkQF!U%M8nuXWXs&B?g-q*-8r0%dOoFQrO5|3B
zmgd2NH+Xq7^e|!f=q$whVvyZFhezE>ItmBvn>Gq@vVj4nFKzG#9IF}4IWJO&f|TQc
zT%<iKOsaPg&vM=D-Dy2e0X(4-JmKg^RG(;g>|+@#uOz3jICA8$(132Hj~+a*=Pe^U
zXy~)9O>`oztT4O;aJ7#0sSyn;(dVC$QXa%)kT*3k@<m9#c<jZ40s@UP*S%0Bpj`ul
z<wMKcr7Wt4JXF4Y(2ZSjg9o4l#4gl?k(gJeuQLqj1!tO9a0?8@0AKphpnWE5{CQ|9
zNLdBZt2xb3WI*-s;KFF0&rMFCBQ5jcu3oVdsCXqublGZ@OPaD|5Kl>fYR5~{8rJit
z%oW(|x?BRQd_|F7TZAm)frB=U%>X~F_Ps$@I<h;QM=iPMTAyXqT+``LZ<uWmD6dcu
z$KCe*pSoRd?eD#xdO1)8*{+pWg<Nmz1{Y<#OoEThk=fF&Bgv`G%A)N@RfDB1l5;>a
zT5%4f4rg#8?ah-A-LQd-IpAW%vXqT8$$f`rJk<Sm*m0P7Wu(>Ex+K+zZ-LA;G)<vP
z$p2j>=?!{5W7$UE%c|LG8F)wyewXu?GuM}s;Ydm~uD|K^+%cug)vEb+Mi=U>YiSN)
zyu>amXDQ`ajOHr5!<jQ48pvFCAJzSyYY1xl%^r|&`4YEtsVGoG=wf3iyvDV<h~B|+
z^Z@!g8%3}aj$Glo(S*HuyO#9T6t2=)7g}4`d2-3ose8;DIl8xRaCBar-r)7+t?S(S
zXL#FiaNRRUW%U&4pmHrDve6L4LytO`*GU?mdmOWLcV31p&T1xUy0uksyYuh=%!0Vj
z!P9K&rFMt0_~eF!k=qDvQy>y!=++YMx}utt+fX*78g%SGW$9Wg+WNp9s?Vsw5%^KE
zG*^J+M&k^s19T2!pq;WG$`|~)qkoSm08oNl3$-gxWxDj#+=I1o*~fl_cTnS?w<D3;
zOhm*s)z&*ipj?ZCv0Daa<;Ij3^(+}Ry5%8llTLWU6h(Syl!%s$G+-y2L12A3_`yQ5
zr!qg5H3k4}cj3@$`;>u1WOI(_rUSK!tfHgrXDcrymlQWvkS57keHjsiqp^!_1USw@
z=^i=G@(lw<h$4dXTcfI?wbdf@E9Xw9)oN9;9)hWTs?hj8oIJ-e01*BX>%@$W;rh#~
zs=P5>wyf4l^c+zQcqUb3Z0VrP8rdr3Jfgv9gbG|)PO3sNEQB{s({W4+zm4gJ(*JEx
zFxY&9!_NFY8V$bE{G^!^s@p1Jc=~$63Qf+Z&K?_UsN$DU(+E%97_Yi^gq5K%-r7@y
zk@CCTfPN$Add)*vL`!A$-rWWol`ShPX>QPUR^xM(ilavEOYe3pRSnBv>gLh#+MZm7
z<*{Xd+O{zcKPO4h94<&^O6z5G(zOh~)KW<6lWTVPm-jsvTB*#lb+!jzv|N1g`~#U#
z!(S3pcr|kOfvpWm2ihDk#TYL}Vkaw<GOm8@wMwVy$hzvDBsUlv?Pw253{@MiTH0#J
z?!}b`Es=IDf<tQ<pjCu4;(#x~Epzik=@rH4OBu1TN}YGN|24wX-b8V%BP(Ug!$R_!
z&Ut;L)}a(8<5fyRS0kuFX3%s^Gj3^GAU~WAn#jT;4tK*{f`crd8F2r9153FpGcs!G
z>R{b?LB-9`+j5RwG^x(kYq+je)QJ)@9u8LAMV{Qmhk}GR_sJD~xklJIaf^0w(qEP|
z#^kM+Yg1oi=LD!0-Jv~~z1|u5ax}%wcWGW2${QPLEDhJ`?0mh<;-JKJtjR&eBzi@&
z>pX^)LQNG)mv1Pb9Y$8fdpp6o2|HPnzDk72b(EzED!1k30=rrA;<=#)t89AkYHZp9
zc~J2NQ+<_jbxZ3WstoPY9?uK>7ZqsX1#phZ5Ia?g%sB!RaHdnK6_GI>BUHBN`hAp>
zRqB7aEe?{rz^ew#0>#?WrKK424X2Ca>_}fC;NN8MM3D}MvkW^VWjiqGRkvvP=71%g
z%R{}3Qqw5%XcA#eo?!IvSzeG&h(VTdn2pvjfT(il<Yuzadt`ZKn~iZ^Go%WLq2VY4
z_0T1%S`L|7sag@bjH~f#$=9?h+NsFe<-TeEp_4%ku&bJ33Ziw`Y)<=C#>}jno%MyS
zrEThm{`12CN=M#?3FzxRo>$2jzH?{r>YXxL;vs!82mh4NJ*^fSLocSOXZq|BYo1PU
zF9*4FXumYc2gy#Q)m@N~?-1&kfIy|1(3Y;Fai}DWr5uC&5y=b{@G+fXbl)^)F+U2N
z#;JsSu1E5wWbM^uHYzY)+GTp<xioFMUS7B5>DAJq&&OMbkx;J|=Fb2!aM}=|4CAMU
zoOnyr{t`|4c3bo7irQ#h`K#s+u5ZBXNrMeMizN-=lghT*Ao*4zcIjN({kft?KMUoa
z$oTpLo)WWM1^Uk_q#|MtjlnrIQoLprb`LovZgSnC*BjM&gwAye%SBf)t<~w)vjJ3f
zjnRzb^gM{g)8{X^)5hfwp2Ae)JN-HrOhW4_$K|SkY0x=*R8zv=6EE>d3*sWo(6!K*
z53~>uODkm+ldNI{m<iBe%`;z7{)Z0h8?)0+uEv%9vOJ!QxKtKZ?6VOOO|u?wu5L9@
zwQjVmH{`H6mXuJkXS8T!NCn62kabOPQDOE3W(9HY{Fc2P*}#f}KIYOgDUzd>tv<Kx
z4rD8i4e|SPoLc$+t^EI1{(md~KimH=;d}5$@d2Fc|F^xlz4g%A|J$1nwjZwi|9&U_
ze{dxx_X0K&xWM~1aOfNgS7x}NHyC?~MGY#0;mWIT<<<8&z539p<<WyyWs)bK>ml>y
zBbCTQ|2+f#(PLImJ;re1aajE#^LNdOP=3p!cjZ?KaaR7iEz9VwVRW+aJQ!ZpUH_=_
zFfq^->`$)7z_Ap`hqfA^N4`6%2>ytpbHIT-mW439CPuE#F+dU~xt6|g6&*mwqVrpH
zEo!J?_(#GsPSk;+4%0&YK}V5X@0SuHaIG3AU0<SfmSG}oluhE_dI6e@R;#?GsR`Cx
z?PQ3yOvOoUvB>`%9{W}3)Oj_$Y&uazTgpn18qzL)HHht5g4Si|>L<rNa9$qxo?Qk+
zBWZn~f75sU4q{wKRTv;usn>Gl6|W2EOUSZm7NbW04M*g?*2RCUOFmgaBcZ(sIFvVT
z;Dh7qM@m=DB7U5D*q#)P|GTrZV{u9M3uz{e^<|zstX|&msRek-7u{hxnaI$f(7*%H
z-FooY+uqsqwjOy~yAOAIOc~jBEj1xkP-OK-1pCc4upYaQx1Q{74dKhyqut#gcnh%j
zax5)oaM-&-`R@tUz64|#1(X&tG%qaR&5dGm$S9LYhQTzSvF#&F&YQOwh!v?pZhMw=
zb~{*tI%2O{=gs~6EheMFx2^gmS_MDCx4f*QEV?K-*+_R*49N*nT8{Lg+$_rnTh=n4
z1y^Ct0)&(2PsP^O_70IiDGKJ;<VsCQVm*?tODaaA$brnG8GI&9<0-nUbY`kt8K`+v
z2#&oqj8CBntJ`z!**F+Ma9hS+gL?nP@L)K2Q*ei16{VNin=~TNf9xsixtf#5vmWtH
zw#w$Fnt|z!)R6#K&jR%W<}b%c;3y51^(p8mMdPQy{}l8TT?{CXduWADhr`Go4`rjO
zrKPgdO6e2f@iTLrlvPRxS*4m{45ELnI&vj}W$bp1sb07GO1gG}X4^<qvG^N8#gi#f
zXv%-6;Zi?$IE&-&h~><>@`U!}Z!MW+IEj>w5%?>ZXCt{7Z1)z%Ue{suS_&Ev^Ox`y
zp0)8vYWGkFt%_mfe<+AC3v0!F@_O<8Dm2+)`aQ<)(}LM|%PFY#=ou-~Z{)sWt~E(z
zmY1+05I(8jD76(5$fwT^)sExgRiQ5B-LDEgX7|9TaEvU%l4UF4r?67fs+OZwSN(5;
zkux@0b9ES_pxH`zx&mp6Puf;eKp1lraiXyq-dDnrH#f923CQc|n#3{o)S0*8JQ$hj
zOLe<Kc0ExrQKO~4FCCrlTN6GSxpR&N6Sg*;d00)I84=GIa7~9`+ivCsu!0<J&=JTK
z&mvbm>O3ZIc2^DFJg$J+0V*XNFO<K&J8yvIkl$FKp)Zv~esfLfdG9EoobMg45M)z_
zngN!XHXQF%4v3~|?wKpnt1xNkpC63N0OM9*b2#wX^P>zNZbIcy3$@_02C|T%RsRh;
z^MoIm8-rM@0drU!@&iqaNlhpHoBLWQ2}_?Uu?g$TZ;c>ioC#YYD=`(X2kI;8N2}Py
zPFNVJp=W`T(;|~K;<v?stl$+rL+{IJqu3SomRVoMIB^{XBA7<iU|Tj)`lS|lP*rQ3
zn=+1smGsntRr6t#b|`Nu0B^PS%6iqH=q~5MI{2!PW)_C0{wO@3jk}%w%D|<}k|hq0
zIHnB7AT4>VJRBj*Tx-*q$;&h$r*b(Dp#!>=D!RNIcS|Jgxl=f3^hap~8;VIhn^y!k
z<{~JPfY`<A3OD5SFf=mFIbKU)+;W!iRacv$<^fp`8Wr6x?O}Zj8sSrV%R<B6zOie+
zT`<ksk0qL!*J0l6%RtdPO10iDSZM9Xuk0j+mAP{#)j>69HY;?q9()8;DC63E5Gs_l
z?ZC_BL8^Ey!&|@1>?KR6uXgx-o*9b3&tI*i0ougKuhw~hhcBK6_}A`XP#HJj7mG5_
zx2q}-E<IL}8F1fu*4WXFdbONHlF=eZ6#i<O7RcAlDQz?ebr(}971PQr=y4gSsaLbg
zv0yd$h-pok0l;T?L-5ZrMY|u&X!gwha)D^X^FOCZX;3q#3}DzWPJ=76j6Ss`wvmiY
zqSLO$v(>t6x*o(hEhXk7Acfg3K-SP2Kmp>pD%*pu*CwQQRki2BTo<T`=KF7|Jem9r
z1L)74jsAim_7`=fzi61{`(Ek!^%jL2TP|lPJ#hewLnRx>>9VG{KsbKNe5Gd&V9GWM
z^^7&fF|Q?=($8heLTR3XyN>IO3Al}V19^$LpYH-&<&NiGi|=lWlN~+k^%qm~Dm#qX
zb8WlhEX|vadnz+0bVgL#?OLFk#J-PId|ltX3G|Jd#S){aZhOYT(XXz0#(A*}M83CG
zr-+v7abTWsRd&FEajq@XigkH*EMi~3KU<5md<%5Jws@bueZO|F9LuyIg$CN8+OOmV
z#u?DBF3P1f`VtM;r{=(U`u599v3?a?Y5?YK+x*$rZ|c?8o^^KAh?%+d9eb#a&j#mV
zkOAi@vwaeqVi0kg$Sw;OD^$CJ!Pl55tp%M>FWCm%@HoE}8Ffo6xSv;R&#iV1#4zxo
z=jw?;@t5q1CY7bSS{j!6ovaZ`0#vPSXJ88Rbe0V%hloM-<fx_r#q)~l1u9BtH`cCS
zbhQ$@HpAwE^5vjjv9-8Pn}mh;bJ8K=UnL5Julj1aX!5ezR~PJMov_!I!X=1kS3*>A
zK8xal((LpbMp+5_&u}yCK?6&Q&;KcRuO_oKMYxt0Pn0!C)H@Q`79t{>yDm(gn1w++
zkyAif-4&|!#oF4{O^}WCe4J85=Qa?)AFNJO(0ZOOF6dM-5G!fj@}NkpZOfJK20@Ad
z9z57-nXw`2v#vY<%jqJVl^Cgn+7+juFu262a`I}S?cxb>An@0{$C*E&ucntAD|UP$
z&p!HE&c>H2u4uWM^oxoZo~2~CPxYC+lji;%M`hu_f?U%g{?bhzBMnoJ^NqInQXdIA
zEC2~8(qS5Jq|-2oM(c7*Y!IlnreVthasmCN&1v3&+P8PjvG+xr42LLH5WH-wu&E5I
zZ$H>IMqK$svnc{K){*Iq))6E|<J647H{Pw^+}y0AUCnxF)-vk6Z&p2HQYhs>g5y-i
zG=K)c{ql76<xu;o8%}R=g!HDPuc;<_k(yB{CZDGuMZXkpNKw)T;=$%-Qxp~l9SXfk
zK6WJEuDl+t=I86+IJpu6kiLuo;_)<1l>2fZm6v4XbDoZFIog*pbgRtTFbi=|%rM@c
z3>U{SKg-PCXyefr+nd|?&x5{rumwLKY=6ZQcp8S(^_M^ksKuZNPgGAZY#_Xsdew++
zS=dXU^jc<fH=2vl;`Fm@3I$Uso%iITHw4NYafHl~b%aB8Ogjeu!d|pBh7~reZ&2u$
z_X~A~qy_bfC&9XG8s@1*$;%*V9uJ}YTG}wx{FmEg-@{7PE`{p252u20Rx=2##eO-k
z>M(o(Q&M4*jb65|kzSZ0%19ef=@%n$Ood~vVoh<t!;wnSTAHE?jBj7Mcrp!Q!p%xz
zvq5R@!Mr^qpi#h+&G<5PH`#B5xpIKxKFwx;@8=;97{I*XirPtTF~=)5(T$_4kh`ml
zN>$C4(&uq3o>7!v^<>vokN^(qdX0l%jW=3r!A|)9+I!c=HjX1vbU)))%tA*2V1wX8
zlAYizW78C6F`-B<A4$A4&)gv}BoP4^WCkF`Wc}Z7z4|#l15lEkc$eI)MFQQ`-PP6A
zRn_${r;fUs<+mv|7rS8XY~{~OFrnp?vXqV_Arw~U07e<H364Iad^vxmlq`CPjv9l6
z=7v-<CXqZD8#K^Dc%3RIKy5s%94M8$5^?O@W@eXEF00WLPVh*u#gE*$|LOQuG<yK1
zJdJFJK+Xy4QeUrX7TyhRri89Ch6c2EM>+?U_5EX*rtQ4I8QNq6VM7vCx`60gJAe=m
zmAZP2c3@)^zX_+@W}lp?@PX5@F`olk_QLM^+H=m~svDd5pBIL|cB5C=<P|n~g<rhd
zczL-JgREnO|6Dd!!@@e&O*qNs=_wtC&$6>rNptDW;;wQq`&6akEXrG4^rMTH`Wmd;
zp}GUt2xLHE(Z&?IEw{0qI99&wY`{`KQ~kN*QGY3|D5Iz|gf@u^lwf*@ChxA0M>0ou
zYz|+><W#U<&sAztEVatmw=Y0@#LuLqhSk-d12!GeMg>Ons%=LjI=FH=T$R(l-~*>d
zDZS)`ftrQeoAKXVy3tpQYn{ENVtk{*F@%oO8SM~1TIz}V>^U4KU12v*$-0z`3sI72
zk9!&oyb2$20LpL<5IzsE;x$eSpbb}+e}s2%E-Z^{(DA3U1su6&M1o10OeK(Fo}oV}
z2pTfsf<0DAI+`TIl)Zj$K<=KBxiaF4>IxY0DbRf4<QiRj;V9&ztHs<(dW*cMNP$TW
z3r@j7`R63JC~`FFxeOfo?@D4mj;t{O;cCUJ%L+?`Z_e^lxfdmEzv}j{62(3KW|q6{
zy=_Q0dELc^Yt*phMC57&JFL57SWLua)l*qRGr;@I@S-zSJkla`r1`FFp;!p0E9K;q
zO*RB?!PX>xK1CBtmg6gsq3()9xe}3=gcuM-ST(E`fV8KpW-Ru+ntHZxvixc^gk$})
zP4&g&r>ZAq=DA0er-%Du-bSC;NBGjxQDJ)qS+LvX$0+F_Mh}<;hfejbzIw@@wOjob
zNBW0)cY3PTVt&2$TcBSMjhzo{ckR}9^c3*CXi+6{8j|Ao-|YY8-Cmznaa3y1XX^^J
z$9r*<C;oDsV8Rg!O(UMkNkjBsS7iA_`$)vmP@>!sCXHV*Zoo3TYLyePcB>4TMO`zo
zJB%fUns*yj&TUP|Vtuo>5w!;sETv5nDZ6UH2QgPIcqn=>=AD6Mr^QjfqK!3N&dcS4
zr8$<3og&t?)?1<1vhZWn<0TVgBy|j(qN=G(d7l5Z5enh1UU%LLl<}2%1aeoFtaiwS
zrB|o1EQw@n&n*UdAeL%VYM%U;tE}4R5&LsAp~}ZGwx4SpW8;{D39v0*6{?pV^wpNH
zB`2%Nx>}dc(giCiq8#Yf2=)N|lJBzL+RD;fZmWWP#+;ZDlSa4sIC(d<%9wYtap}Z+
zIO*8%<cftaT;qKQ=6=6M1(>4y9Fv8D;E`jRV5L7Y#!*aqPvQnX9gacFOOxV(OPGF`
zWs<*!bG>4Cugpj^PgnEZIXHg1gS9GpzpGS*-S>koy6#qs^{(%Doxgac2YkKPd(icL
zxx0JFMcs2tuX9B&x%iu>T5^Z#mS5U8yN;`Q2wuQd-FABS9o>Ch)$%=G>K5)cFk6UW
zQ2Gz2tW2sBG)u%Ph;J0q1E0VtjQHh+qckf|Ze6hJX!Ezz<!SE6$@FFc?W+P{5lZji
zXm{seucz9ElHTtq3BDrry)};Oms}A{Th-6;1ykPzJr2hM=;N^0num94tk>5l6|w+Y
zp_HCfyy85a?N;~_Ik&m>2a4-#b6lg$8~D{4edWLETd!12`;`hGzU)^j6d;?`w<{?J
zv-x9teOR-pU`?oCO)fZmnR9}ie{%O@5Kt#%Jr^>ewF5zN6Jr6!1C?r12PU>+^zB@0
zb$SI%8}y+b{Jq)HtY3S0+Go3N+`p{tnzn2EuW4Yn`_JGY91z87eSBAUwf$WF$9_D@
zatC7XqsC)G0~)Ki;x|@tg>O8@4c%MRBtvWWFfK=0)cIsTizsR_V$Y?-HBF&{t;)gm
zAL+E~5Nc~j6jOprp)$*qwWUtA%LZtD$39+I;?-KT7EFnBk-#Zgv1e_wgBW+Y@|mt{
z2mRJChx05M<%K9_^i-#FRtLN>wbZ0#2^^Y1P@epfRYRY$y7G1xZQm)<Il>(aE>)G*
zryt|4iyp2CE4MiVc1jQKx*Mp#!vdGtZeoqvCZ`=ogG;ChVu_oT?@T)=)Jd}EOvUp4
zELRF*1TKXDN|T-lXijFLJ`e7MC#m;I<=}7Yxp(y(I%RFj?Q9VrX8KjxP9>_fF!^lf
z>4$j*A)e(U4xOi5!Mi(lTr7QldU~Kh_!U#+<9@h}%J|^04X@xL?y_6&&*Jr+auho#
zx|p%C-FmIkr{Y#L`IPvRM{_P0BWr1kd*Wu1E$K#PFia<{Fj}}}Cu};i{IN>%;_}lG
zTIbU95l*$gg!q%Cq%T?-*B-^K>=9AP4Tdryr*Svo+(8f?<`jW18JMce7wCRdQAxl!
z;Z()82j(ThGF-$xAkjU3lqz}ud@R_b(|U-NLHsFJPM{|m*Y(&#U77sFJa)jj&V72P
zXM22k2|4SckjV7ljnb*jGHM?>v;|9AVPY2eHsa2KrqFkuxDu-jCvhsS`5Bw*%r+2K
z>B5fV0=g!>+uF?^X7g+v_H}(%=ygUZY$sa-`YIAnz{DzR#0k9$$>@cyc1RnT)oYjy
zigow{0mi#$e~G8*eeZTY8T*wb@HB#Q10&sK<ck6w?zUdU%5Clbc7!QN#D|6QktAaq
zO7qIp4<4t@NO}Hsqm-VKZqX%?bMvAeGMbMc<ORY4Lari6*qAwt=EWhrx>8^?%jW#*
zMu~mtWr*6pu!B9A0~<jD9q`s>S%x{I6?QPm^)08h?@F~me2a8qM&_x!Vi7~Xz6KGA
z#_F;Y4Ek~)=~$_=?fuLoJ=tQ0LM^}<7n{8;xIufH_@52RR==JJOcG|esq!onPiZ6q
zmb>w|3sto7&*PJ$v!mUkgP1qViDrJyMap>}N%p|sUZ^qXz3?s@VX`K~OHmq96}XV0
zkB;NRBOWOFZ|{>AWsywB+?g14HoOx)5pyO|kP5jHtK{l~y`Jx2PV*6#EoEPE29)Fa
z@aS-_=BO{}eX{qT=ldsnuY(osL^-Q`DATfaSWr<SN+Wdtv2&rDs@&Wr;Wh9m*l2K@
zjHYcjz=zn17H1ou91Lc$=5soi)DZb#Us&-<5neR`T%Ayw4rBNz;ktE>_L3d6m$dr6
zrKN1nXkh|tbnB%Vw<>2$ar^!}l||2+<WE6Dv2;`)twD{iwA_mp<<VJNqWqQOqXHv!
zO3@jXXB2ulo$k7qR4JUxkKt1Ew=MsM<Cx0hVy5|czJS5TPS8de&s`TIof-|6_LUUZ
z&$P2awy_j%!MMN`aaB@*05*U4Exs6!27K`v0fSSr(s`uB3~_P=fMR*AYCA4Qk$&yE
z9!-<6LTQ&gtE)67tMna~MWpc}8js@XF})<Ynd7igLH@D$zODRT(2_mO)WvIF<SYal
z{4rnQH<;}Ru0vJJN-FT8+a^%M9i}EhMCRF81|E(;7fl|>9Yjy6XRRWYIrIFnOa=bJ
zkHw&)V89*w+=cRcM5pK9z1umAU+;Z){(XFWvVX`o#NO!{70gNJW~igZe72YquCC|~
zBij!P93~NAXcSun{-S2c`0d`#>%Ef|8-I87`UhW?wW*>XwZGpx>qf^%r}*D<_)o9b
z>-b%i9~>udT-Pqb>+HzjH+KlEZzp?X`RhtM8u>ku7W>*O2+=4d3Fw;@6mI*1YgHqr
zB`T`ygnP^%QrsvI+mQ}iKW@Buaq+tsla|xw3hPBWEna#pZt^spx=pscCOPURc7si?
z0f?GTgAMO{_W99s`7&z0W2bS!U>~Dz1W2jlm)m**Ut;*Sc25kljZOumdOQoY)}q^*
zkG&F^jYCTxHwQcf-VEqQRv{(Ta-2-dA_y}v>K&dBahG-{@L4H<Ce+j_SHp&)*7|%h
zTQ3$@_~_E=;GF5@vpiwwH+diEQjf0Foj>ixXD2(md*AKs{_%9_Zn2?O(hv8r#>wz3
z#aFr{f55^RZG5VAXV4YrrR|o^W4zW<{`&lmOZB&*PayGxF*`}$9^ZVxeg^N`B;%@%
zVVeu1*&N9)qm}~?q=7rSKKkNvq`>t^EY{l`hW<?8BjWWu>L$|pxLcjw2viZ)$6VRs
z(vn>>Ggb`t<FCKd<D<h<qhk5@puTFT3}<D8iKkwF3R~w1)simbzD10##f*+hcDDEy
zYh89#5zm(Jo7QC~bX-*{amH$0hR?K=2o{eu+zi<l5Dm~-{NWq3=SpN#VVO1uR^}GU
z%35|??Ruti--=|#&U*d_Ukd1kUv#K!YvYI<)O)Qrt&$FF-ely_1s}IDEsOhYCt&<6
zz3H$HU4ChDl~{E#SZthldpQ+}8`nvxl%;RDy;dxoewR4)6+%MY#nD|+7kMnMk(6WC
z_mgyA@+dW1<)tM9;ZuHZxR}fe0;y~JZPOPFzfRE+F#bD%R{cFGW2x*AFgzF?z3y4k
z((QFsUDMNgoO7gvZ3jvZ3nH`~gNwTP%LsG;U1%?hgLHZ`za{s8=0-C>fHhE5#aFGv
zx(~~rQHgUBYBIz1p0c%Tqw}frcw@}bR3yzgmi^^UL!u+|(#i&KWBLvyqA`Z5(#>Ds
zWuGgb1k#z?o#5!bC7450ZR39o8+DKw931ZdB|}>%r&$2!(l>Ue!a~TD5gXqF=|E{c
z+cNB$Uc8rf(b>>{grAa{az{1IC5(~y!*<F0y2A6P$(N(upFgQ;FIa>Qs$x9%0({6<
z?SO3bQzQILW{-%hcWa~K(d-IV^&T%Uvac(DZoIY7u8h@KrkQpSNAJ2x=A}y4EY^7d
z?^nG188fJUDMHsg_TX0&C(cOs=kDu6c`RDu^en<f*SHyWyloG>^i>x+cTLNbPHg$=
zB&&}2C#lTTa+q;B1krPysC?|C7<`5Z`b<n1YIl}Beb$CEbQ%@otgtvvSr9@fRblDf
zB%@Tnb>=mweXQx+U7wdC-6A95mhh{X)scvrtNY47|7=;-R!O+_I52?Fz~QgllD6zg
z$}a2j3f-yQ8j!J$f7q&U9N>o@Wq+ic!12!c+1tItv;Ezjv;CvP@Z(QdO!^qGJ=bm5
zp7}hdFfuBDj(;Gs9zjCbyaKg#seYI8J02`hgdjLIm9<bp!+`JU;N*<7YkAMb7xnDA
zRG2_}hShOP+tTi77Nz#9i(9UCU6!R{uGr8z(afE%rET<(!~OErNk`-?--GSehc&GV
zuZgg-h8ZAQrGoU%44Tgits<U7^KC7An`Yfd4%lg|Fxd8wP2xsBHiP4ZB>#Z+V0Y`d
zs%Q3|YfN(-F_rA#^6fa6Boglo8?AO7o6w3;zJk@&czW!PGqnG_PwypB2+9hxahd?p
z6I?7!lw(z{c{(8pu<6WN)cgBXWdH%@cm=%t0bf2iObz4AR8)y&?BV`JhJDdGpvoUB
z>x@_nt|<XIGIZiF9zFXBYqb1Ou^&r=mg;3vWuLG<t1v{pGqXn*kOjrYE2tbroLR>r
z+NXyZ9hqnPoSvMWMQuvb^JX{t`gbonAv=?qk7aIBqaaqX#!}(FPd(0oujD3Noy^#E
zCU$05!-@l4nbUEk&=;i!Xp?WZH$g)%%{tJ|-JXyFe_~?@S#38uRa=w$-?@h!Kkb&M
zV);FlNYW*mZXi*FpBEx<zEr`#d#)LkspLMH$^o^t@$#F7cb}>;EvBq<LN!5`zzktq
z8(aL(OZ?{r{B!9Cq~!$#y#Ax~(2uZew$s)&!NAR31t%<6JR>dTF1cBx;|G<7iYuAl
zqDLBs2@_0`9GwTUS{2=y3t5EFhorEORbki+2JZ!Y0&RlhVoc2wOCv&h3T(_W5Pvv5
zI@Be4=raW@t(<0ECbZ8zOCyMR3LB=&By@*1`ORoL<O*seX8BpA;D4=`n;R`A@|NTe
z+8?$g^FaWjY+jcNjy`arD9rJ|X%g5`(9eC<YXkrt9-YC#ODIQ_oUz5!5S$Y0$Q!RL
z!ZVCuN)K8ubtBjJL|uHWwTDhZCKGkDWsyo*B}#{m{x--nu$pF_RPE**D??db;o(ic
zXo-8mJCKKyoAjd~=xx6Y*nrq*QN3jRY9-y|5!yzGUiKs4RaEDSWApDRW)b-Hy{S{1
zOikLnXu={9%>F(^JILnHN<*1SfR3*hV=Lz#I+wHn;!QT6yU7F5LJ=Y&?a#>vg7cpg
z8H!n0f-QhpO6|mt?4ms2hTtb`2H^(!YD5;?<~{2?hAi<mYQ5b0UF))L18OqEd<vC@
zSNxIvl|j|L6V+>4CqTSQ(9(RlvDvIZ%QJM>#a)%ubo?m7^&J*D+-?-fH<*tfD!Py6
z%Ggq<a%@5%$nMayi0U?r35wWF1tfB3R%I_!mJLY^sxpcNEHc#=v63;bU%NY>(R^pk
z;4vmVk8u68pr4IgqsTU#QD}Z*MURQ8fkJkSL0BQA`O%57n#Zgj=IPxC)J7&hMR$q5
z;nYO#fOvY%&PT6t^}}Rqqo`4$MVgs#DW9s5@_`oyr3mENSE)`0NEud!8G7MKj>{3|
zn|lb_(O2Jii{(@=bQNit93L>rFi6X2=P!bH%{<F`z1~M~AyN)dc7T6gZOA`c{Lc&i
z=Vh~=e+P2{evY%?=u@ATSI)~z-Fcj_v5aFgBEtEf{wE^hMLi+{sii&{3!e)GpT7Qo
z4T<LQ5&&R8pTEh!hB#gQ+VBjtu=K->6YIK}!|bGC6=r-t+iXb1wOrAb%e!pc5hrrX
zZgVuow3iQKefi*B41c-WkP{Z~Yf6#${RTs~@r$x<WzXOc?q;5WiaqCty$Lri+_CAq
zqJGR~)a1azrWhXb9JK?qamueFH8BBq>DY=@sTFS`<$2h(Ayz>{xznZDMLT&F@0Ri?
zdyE^IjK_MAa<OQBzjxLw!_#gl9!USOrZmM_R`_$|-1znB8pCr#r}m}~s5HsIEbyBe
zOf4N4ot~?)5?c1+Gp_pl;}*>}hR-&Q*Lw$hXL~En#ANjw&Bay#a_4k3NR>)e6l0~C
zS<-zmUtC{9=li6H(3xezMq%=|z+PDAR;O!+;pc^0r=V@61@o(<>{O%yt4IMhQeLe1
zOi{9bcPNfHO>)WX94s7w7Rp3D$FMUurm~q#7E_f^L?_5#T!cyu{EU92CM_N(M`a}H
zRDfZxD;e{#cQ;LuT^B!!r!c#HOR@_-3>1DQ26Rd-yYcpyXG<tq)TNbcN3U`Z7PB-p
zMtk;a^1%xD@I2FL`)B!RlH?-_ZN}K+l;6~Vna|k=lXOwzW~Ae$8fEhrIRZ&Ujnf&&
z87CtSD^{LDG|SLhOA9oqUH6VxEkv|S9prgX5xJ`9fs;L<04o?FzfJ~{+x`Sr|2CO}
z3Sk_OEtiDoc%0196?b_RjzCsU=k-z*Tf9#m$T(!B_VMJhHJ#39UFRCYWs#?SC@)Yi
zYG?OTWG%x9W{1su>&qI|fmm1Gkn6^Y3*kEUC?B+U(AwHo9vX#n8nuZh=`eGQ&N4j4
zI#2Hwg(*gvO~((EWnLbsad#?aVxzU3(e&||Oqu;Slvc_|8qPNw${)&6+Isb|uAEkv
z(ukbo=}}n(OM^XAc?}a3WKt<)?@Uz}$uldtfjmv$r&p2XQVxH&^3*nD0{tzD)Ur??
ziX$UyXZD3c<{lL}NyhCFh?(xeq-)27_LE_7$ZiU#1f*iQhp9cF8L5TdJo5!vRwP#w
zkT87<T*$f~C`;RrUfS~x8fUd}J-W$Y68AZl?3u9h_?+!EbXjzxzb>rjcwkC*=~Dbs
z2t}C8N;UAT7gzl;g%ea}d2Oy+iFhfOyJT{<ItQNbb%Tri0yc5nx<sFG`299dudRYj
z)?2(}%{M6_>`EJEM6MqfxJcb`z0|mmBy24ERfF?h*<+%nb*&?X*_~=Pit4jj_G58@
z8YC#R>dwX+f&L^eQ<b@l+<%k|DlY@-Y|>dmI?gh)cL~XvqrqaF<Ryyhp}{9YXCgeC
z1G;$CTN&`DG^Z0r4;teI{DEXQ@p**?_KRZI!4~-^R-l`KN^Z#5E;PA}pB9nyik$M4
zVJ_;$9qV^(O5KFA^gL=waB?fmA;hDc7Xl~cls>RLi@hS5+<~n}GSOYDMaxa-VfPJZ
zAT{UzOs|Ks>W@;4L>!J-2CFKmtkT?|yJT=ay&tE%q<-sp(V`?p^rx4R!Cj=4_=|&$
ziqRChP2tqoExUB;t>ksqceTq5Oq3Z&)iP1FBR;=$HQ{_tE{jF42ba4#GnWFL)<>lh
zC-#?y=mD-Fb!8DVAABr#QCGanRxH5vJYYEyhKj*jtRZ-ct5Ncx`9c^=#qDDL8U$aT
z5t#dTFwUG{8EXe~dOWeUe`-8zTKC-y{W%%=b*Zo`OcwzOfN5;K=~zo{fL?)wMXr|d
zXsqT!3Q2XTI{S8$eMaF=EJsjm|Klh3`X(hnW@ts;nxtSwAbT|($nhBXwWN<%$~&qI
zN~?#_^Se=z<vO=@Idu>g%}j1oZ&VND*JL<^#mOH?mm}c&l$JxM#s;$RQCZITS=hz)
zaKoy?e(kPS(ND>2T=jO*M4ZF-l%6K^Js}+$(7!*~$D@qHlEWWN;-aP79ZNF`LM-=o
zi)t_YoWlwnd0Ha`{Kbu8wKuFfx>Er%&G#ALKirS{F2J9>?8s*Gmk%Ya&!BPZQsqmO
z-i~{FHcppA!&U?af3dqW%`FE2?T)5A6Yk<>)s=+b^)MFvQb6gE?TqEbH!W&k4oR9H
zU~7p_wfY;ZFY+;!#8s!EaG14q^xa`pH>&~Gudu+V)PqF=YVYXpY1?Y*#SIg)ap422
z%h7Cx9@N{Bi9-HIlN!U(p?`nsgl6@;_(nW~sS30O%MXT6XB<4)Z2Df2$l}UxTs#2&
z_sgjH8!UZ!$H};fBbL23P&q>}2pCHkpbu0{=}QlJ(7P&WgI+_o*;syi&?^R^g(=0l
zKg_|T>wjORgd|MUHNZt5;v0g5UJK-VA$j-exb7(>CQKsfg9-ye+UIPAN>3xW@|oty
z#=1$_nAIhh4%a2MeXlaV1V1afQk5}B_?9xUwi{1Svi4aO$~HEnwhw#fO*6F|2M|{#
zy-F}rAnlNpD4C&#y_H7f!j^hmkp0A^2c4{aw_4aYG%Jxi?sXYpa+TeQWe#KWIVBaY
zp){4s=kEUUifj${ao(@ah8qy5&sHTMs`@vM+}bq6S;R^4Fda1g$e9^{%_S)QjH@vk
z@~_C45D+<QT4RJ2TA|m;9^GmL7%xc&a8iIl(Rpdon`(;1!6}hU$xB})t)%RV;ynsS
z8r5F9a4Etlowfttb)w&g()8*J&9tPc2Ou=6cy8e^UBxLv7l5@d>xS<N%djE(*`AB)
z(&NOQ%ABV2=-u*3qDCWo2C^7tZpDN<z-h94bc2ES5n~JA>q>7HWFy4ahC)$!fffjI
zVM_|D{2w%lso47UC>;+yIAS}QruXzH=*3{w?u&OB0<~$%`)TQJsjd3C_Q+UgLO0CY
z6qLp*5XId)X637dG0TJ;jfRys2Hz1}P1vlR162yDIX%i2#rQ!1``Fv0|Ig>AA!K2Y
zgMKKC0O$BrcWoCk07d?M@0gMpa+JEH+qL=at=cRqr%l~+5oRNsSC#KMJM_Jdqw5ix
zorppT=TZApIb-m}v=PweerkLS>wGlV40FtNz4VoMXSH0npfhQSb4>cm81M!)O;d`1
zK8sP=GZuh~19#3x$SBMO_gGnPw&(0lsvVpO{kL)<%8Fuj(3Q7>)(1E9At4Jp*I5zd
z?K#jtS<Exov2nFE;}I4NmqjnLT$J`f8=S@C!jywgOl@?|QO!o`>&2KZG~mft)Lu!A
zcHB~zUr+IItYJGmsBEhE7@rjA5;7#cgM|4hM?hjU&8WCFY}bAi%;xOQ9oQy1$=1e1
z>_JF2nlz^jn>>N8<*SfP@C96j+;Jpxs0LK4kj_-(kWtm{2w%4*NKE<Tlm^?496mB>
z;FTd9pprPxo^_;5;F1$BV-Z{kV|pPF-#f;aFjbBQlJb3&jWA=Z-*ROKU!ZqG^<-8f
z*f6OmqQdSpG5KM4OH5!(j8@AH6e}CBtZ{52Svr8yCQWuOrA>b?-?S}w&Kn8yx1}Rc
zGXhV)xhWM`XIpM|;)Z_$N+shH|LNGDgypPYfs&SNgOWdfNn75p-IV7(D{*UiP^#9m
zs_lNEw<-k`bHSi4Nxo>SLBHU>m!H9|=v33NBFpH0z#63JZowC0#0E#^-8@cm2RsNP
zo1Eek4m)XKG4UHXZ=4yvi>V~6Bv%9VzC?8?FoBO<8w8}w{x4wq6xrUfey%?cST2!4
zI3ieBEdmM5btnxeLsm8m+}WHjbzw-3Xd~>a<6y!fB>A2xshHyxPqb8c#AJ9J%vw5?
z8|-_r|78U^1V=Mj%aT%o)pcqKjMk}g?4r2q;oS_`Sy2L3_*ckt98NUbH)ytSwQSxi
zkVW--9Rm+er@ZO$BWL!rVKg{%eC@nT|Me#?KI5hNmxKUbf|3@>FR&LO*+Ct@4m-Tc
z5dtQtZP@Vf#pPw?xbCo@e9C36{`vNA9}N!kAF`7~Q$B0r>?w<_e1Me(F&|<$Cs)~b
zsin3wlwaf-s4rBligXY(kp<F42A9CSU;Fk663`Kr!ac(5>O4gw4DiW)+q^r(g<krl
zuWTMCgZFSxf@rG4kxOdx?EOuQXe?^=wZgv^XABzUdUBhsQsOlDNC#B$3rM2hOX%xv
zlqQ2)+jH7}BT%EM^t0^5L7vO7bn>k1QDA^fr#Gwc+^9OoGC+VmI_P>N|2DWSn*k<Q
zqbX?(HCw}9uCy`5oYvApS8sx>cg8}gw`rClN)g^eGJ_SPc}8U%@mLL~*Xs|93D((I
zIMu35(MB`lesq4m|C)m;_+!7h4BU@)y;+vM9$y3ATt|94!8v(;*BEOm_nC+L-1{sW
z<>ey})}S>t(ojIOZ_=P?Xhk<0d+ls1b$vswNE+s<Z0Q93-Z`WW3t*9#mO@fJHd_uh
zTc2B&P#7p|bNXsa)wORQzmS%FX$2nf4J|z{zTqj!ZLjv9KI}9;W#N<Actm%bz4_S`
zA6(K^H(SAQw%htxTp%q&*kg8k-9TEl@rXyBdL1TZaV{={-U04d(y<5nIxnP+MXbh)
zV*4y#q@7Qozte|ew#YHY?Q?91<TDhAKmY#7K=D6spZ=M9cZ6rqY#^mleS;5`4l_Xy
zm+Flp&tSe$z0E5)7OXHv1BzIhGSp?;M2%>V7;G$H%ll&{`H`65P!mFiz3xAz5Axe<
z4(C2pcZ!7#>+K(Apx$Gl>rW*PX+a5FFNUT8zdd=qYS7eL(f!A_Qk1A6tRV*vt8C=Y
zbW!rkKJRtOilM#EYSQMm#pCI<Jmu9$vr21KJ5w8~P`=dBrGe+P+RR&@$VT>o1KX!(
zRq8>`y*e+z))gG!Q~BV*NCzk@0rGJtp!gg|0Eaf@9}*YU+&*!+Z_Qh@&+NU&&03#~
zeeY?3gLbpog5I;_P0{whkU(0zAh0zTO-^MI6>m>LQm`Fb5KVgePJEpA?lJXeOSYQe
zP5vbe_Z#<>H*~n279YDQi)n=izoMJ{DsCLTR(#56F7@TCK1xZk=J83KY}YP298}<8
zwxeWRY+qbftoThT6}?MY+D&b!ESG{C0^8`|rxGb_7$pxFO&60ZG?Rdc0($A36F?5r
zf~q_}PUg3!(kdG`U8UI(EYYV$)*tZjlW*c;j#aZ-U8yFoI#f%e3Z<R~X2JUu{nM=W
zlmV_vx){~zAzzjJ;olPRbt+j#9=i+cveZwc>narNP*DM_B`*$#B@A?7cVks|H7-V=
zXVfuO#EjSuxkLebY9x9b{S5`%hj3+?6Fsxj{;+RYh2_m8%}NvPQ>I{c91(sl7_z6x
zDWK8iIT@3Wc0`>mk2Ta`$|fsvnbgS@#t9~vSM_Px>18^!2YQs{${;LO1&4qF3?dp{
zI<B&JLkStK;|2z?&y&dv{QyWcqmo)wk7@FrGSinJP@$&zVm40Ooeqf_H<LMQa*aTS
zu#4vY_1Zguuy%?NsNR<z`Y~i%mvHB5G#!5TU}dd1&a!cUkZ15Q{`<E@Lirx*=r}rM
zx11}>*#uQU$6W_wX%T3&|N3$EXN&z8-ynqT;DeHN#QkR_UW?0v)w-&+``_rLdkj^5
z-g%TVR@wvciV5Lf9Am2dW6RhcjyTmUIW}|QL&{yOopm^^#wd5NZ~T}{7Ho7C#efY}
z4a0#3c*MlYBe<BwX-UJ9iYt=HmRW&}9^P)ugn@|ujU+X@XiD?#CPm3`S4r#8Zbq2p
z^7+<Ali%aydzAFl8m&Y(E0L0-qIvGp4yWk&gslzis0_T+LUu|f@xrB$ZgjPn!>0(%
z4%g+_TqWPwZ$fNJX%!kbJ)O`8_8Bu-(_ONdXN97rp5?$NX#tFmOhkYQI<By0OL~2c
z?{k=3rsyih4dj8@q&Tkt<#d_5ZYLTV8u{^&OAJLYn`<ONlY-sMTZ9C<H|)Lpcm`6>
zIGp@V$&ha(b`1vUh5gK#z!&-0jiNLATVpSD$l%e&UAuR+mGEOJcbGq%ET-R;>DLJC
z#>J+Be2>!{Cxv7Q;MVfRl!y$e*?k4&nggO=n-~hv)2=lz?Qu#u+2D5TMZ4%Ym={*P
znvr7@=2ZP4mrO=eOy6eW1TbBUa$TMAELql)=?NWY_!K)H4MxaIZ}Q~IAv>dSqUJ@9
zvUH;<rPg-PW#lWhH=&nY`^_$in(7{Dvae{=L}1ODuzJr&s_Y-N$_ZGPomu&ruk0xF
zm|?zgy|0<*f2=92RWTj^PIt-i;}vq|w5-wu7&mJaD|ov&ddOo16ug6Eq)%~tQL8y7
zd8gvx9KMTJ^51cG6T8(fE4)o=xKCcy&Ujp>aIVVxe+F|0c{+}!0pgKwg13Gp9dV!4
z=K8ox%AQWmCFRWe(U+9n`;#uIMOX<(+Ab^`u0o4A0iZMlq_Rz+nB9otx6?SA%GY+%
z3pW46>_ntKTflTeQ6VNg<QhBa9mOY>n{;~vG=Gq|iWu&em_MmXHiY6D3(_Hd9%XHs
zq;;3<4=JyFmr63BUNxq)faveQdr!t`v_*sHx<FFzk<V{79;%%kVUAKz?kPW!5y9cw
znIsQXKf+{KWA{JL7`DU@;8}Do`ook;5~SB@j>duWlLPe90#R;}Q$AIYJxEcnyiknc
zmyq;LbJ;6^@kS>EmL1b<;?~sSsdVb|PQ!Jq3qySt{Q<KP>OIpX>ANhE;Hn*rYfRt3
z?!o3!q{lF+R6b?x-fXpftmbM~<!g0iS0`_xdCACaL$V6cr%`)Nw_duOs2V*PTLAHF
z!#<}tPcOg~qb(M^|I?_A?(VH_)ItN3??&iAeO|<J8Wmi<Tl~4B&YNRd1Ckn*&7(GP
z892+|;c-~SUvxIA)h0sSfGgF{MFC%FDh@lV85^Jgk1pzmc7Rn5iHt7#_if*R?F>iE
zuy!nL;lg!U>CzDt%dH*7h3Q^Fta@xO5gLPOXp7S2B=?fCpP6gBMgpLN7Ys}g(^VtD
z>Gp?pmv{xEt5JPF+Ai)IvP5;S@e)@?iSUB$?jJv=6OOX_7?Du|v{scCKO6DvDEAqe
z`(qwhSP(D{ILcga@-sUe-wxZPGJEHRm)O|_r()eeb1z1I{FA7|?}6ow$5}7hpHkL<
zbZEa#4$^6okFsu{YM>8XERq-tsgtQ=A!lXd^pgzl9Pe{gO^g>s>4&q)>cKmYvli)9
z#|nAPpXWKrvcU)BS>zoG0$IUWr2Sb`9$iY*8qSw^xIpd#GYVkrDodh6kS4||8?mJU
z(`|?XsrKX5q(T=98GgS>KTz=Owyip2NWyP|U*I3j8p+3k+<fHmjJ{O8S30PtR`i**
zbIY9QNb*-EFdcShyUo!dohtc%3DH`Pa}1BcHCOYS`)pim&*c327+l!d#e_*&$tHbG
z=oFa(TM!G9r`>pwQDJI(awK-P5M5|MmP0GO>Qt#w9H>Yp=5oYK)1F_m^N3AxI{x$a
z#NQ85TBiXQ$AI(2)ZQPDJZ;w?%4C7p#?=F7L{v^+g=8n-0uwecY{msBP!ljIG^Qf}
zM%yv6UY<X&uUmQWv!mBX{b*-6)MS9OwCA(`TC_4Ei}C0^7Bs%4>TzV;1uk!fAC9g;
zbH(|A4p(W3)qx90ej2rpQN)bO4qTLG>mVmw9Iz?awH37LEP7Ug%Ad+9O2UNtP0+$;
zh_xcq-ZIjqtR<fRi}azIRvXooFT&J*v2j^-l?uVbZ&kvcW7m8hOk+6z_=`PHZ_?@h
z&~lgg2pRMfC64d|56#TNRGp6&T8hWX-ydS?#HwGFlO!h(C*L&JSxY%+rFH&2k20*+
zyjhHfp4mdrzRK&b`Hi(gvN1Hu)n-WOs;R$HZ@BbwZ81nhreBh!9W2k-Rds)Q-z7uN
zKz%Sm_U-2+=>!UlKZ{;&yfg_xOg<1Levmk466d#fwX}}us<JV9b>`9O&bv-c28Fa@
zj+EpHpEc4R@*^pJz40<o{MyR1Y^tf|=`|qiw$k^nABhwe4Hh{vY+&lvYI@C1%{b|5
zH9b#t{RnI!X;?5wQywOZTY8xUjrA(IO3+^_ScaT$g0vClWh<S}(DAe|^O47uh(Vby
z9ZY}jbNh`2yxw~!4!j|`EA2e`od4$OoIjoOf1Pt~$~}029@a_XaJS|sg^QvA=m^Lx
z$J|nnan?=58z)npH9s)iqU>?Kifu(D{n3zr4%14p!s@$bag|9ZNkdT0*!@X6>QW%c
zKX>hRkhNKi9|W}mCafxp6}aHogMSHhh^dO_+z+Scwd#nh_Lv`tlas{X>APeAoFNUl
z^i7hHN)k9u<OR6`fja^%;1WCG0lIz;K2=MGwcv(TJVAm#oP1;z7`F#AZvtdn_udru
zo%cFgTlIa)OP3<F_`82`w5iA;AcYf<v~e+GDt-*OO@JHn2kj0ha(1?-Kw1%m0&A&*
z&>Ls>nDS3Mi?(8XVO(o@<&{ZV@ZZLQYl|7WED<|>tkQ+d-r9tZG8fvLSZO0$-CAga
z`$a8NoZe#@I=bYO7jv*~Y&&dNV%+j1nm;GjzNtl<pV`k@N_B2Cn+VGoU`o8g_r=ne
z9d!W0a`9?ITFAA=GM}13R-%iLbX;Sx{6lsnbnw^gDqb3sY>IGkVNUbV1l_~CT9abi
z%HQ4Wli2=K(3Kou+ZoV#rqyYDKj)zV{8%z0V@YaIRmgFqxry7UP6*46rv_UZY**#$
zqhx(tY^);PG~AnHxMTzS)#3^z`Ngb^Ff&J0-TgS3-?lD4JBkLVp^R4~A%z%dgejy}
zLJh$O+$`l6LLnA;tVR%?YvHm5TTZYP#+;9t{KQeie<(E7d=tN}G;~Fk?r)2Xy#|xJ
zjM9b{3#yIwo_)G(L+mpksba981i>TDdfQ)L2W_k9%^qO-(_WU}tP_Oaz1Y}v+(lq=
zo>rYqQ*kl@ywEISY();SdRd)1U*rIY%HHbkHeDM3_Vn{F_S0MMt$%x*e0WQtYd_Bz
z8~juC@5aW~SLS#8d~@^Vs~7(kefT91umEP6!|<Pbk-w6kt*vN+QIFf3Uu|rCz46t?
zZ(sB_p3dq2nxFi(n5=E~Hh<UKS}*d!I{v+m*9=}TpYi;E_0>!Kck}C48}`5W^WxR3
zSKj&m`sItQe~UJL$@5>_!aX$^46E8L`~FvY{>kSn7T@1EMz=0})}O(3J%>-HQgVGb
zx*HYrTXI!o;{`|#+_KSl7VS{#uw*`x(x6J}antRKL7PkzMKO*RRA?X_QE3IVdk>R*
z2vX1$r4N~G4f2QCJnJ={!3ewA>>(fB+|Hx+pc8FvY<>mG$uN4G%)8P4bij>B>?*SB
z`F+CGRK}x0IxRTQ=R>xLKm<$KvikkudGtM3VUCU$SI{sz;Kp45B(8DMR@DCf_~34<
zLryIW^YAG8^Ulf1&f(b)CLx9zw2Sd<IR@rtIlw^|IdW6yx&_M7Pd<*IM~)$BDXCTO
z_D*)+0@$7J_7C;}IKY0he|ETcdJ2%<9Gw7`k9SVa_IJ+@c21(>^ONJF)4g8w1FTCd
z=2X}wPY3A;iwdK?aQ1+ZX$=4*8Dm9u$qHc2`u~cV4<CY3XeUDE{r!FKX1X8&Q!rVq
zXXD|T{^MpgUfb$z^yVMtyaTc)SbAZYPLljRyPS}DO6>)20?i47U@<&!0`e={;Q+=B
z;)M4MV-B$xdx|lFXk`e%CmN&u2K_PzilmSWNuO@h16JArePEakC}x8!e>m%gQ2aQ%
zxj_+C{zM8*iYSJE)khiV1kj4iW7HPyV+Zgn=;<*P%Z_8v*W=UEgZO0cKhO71_Fl(t
z_IA$BPxemHP)d?<3%=fECz}=ry|i}sPR`=Pqr*Mt0|i2TczkkncC>qRfbj3OUZ{_c
zj^mw!1M9EDBW_Xt2>V>h1b2@P&-VUuRyR@7QDby2#kDDLQo2X|31?+={eamRQie{)
z8sz;Uon(2J!;=zUr-_P72;+!V4Y4`jCPgv_%>s9zt2<kImOqfZDN+u9>l^M6pB7`m
zIy6O?J+luDmDZ><#Y!yoeG|E!t{Ese>-w3uPTrori_cH@;&)rSCqEpY9kp;SS<w@}
zAqM0FFyCJUAZUv%`|VDnix$4iqS1B}|MQR*t;;IJndiOMIWcUPQ)7HDGkBlBOObSS
zoJJpd80S><uvyHJ=XAiN8#Ts5$Gby+Du~;rmC;B`6H_;ax_(xl9LhXB)m;r9`VOI3
z6Akt=lP-6C(*K_HzbF0g>E~Zw|65#NPm<~9(g5rAzs;=|n_IsA_w~k$C;ji&qW_h&
zv#lrX>`6QO4BDB}yl&HE_BZv%XrAVCjNoiE8iO%L<-cWib%^ha>>MKkw|X}^QO{2J
zCNs^r>T9C<!GzPa*Kk}d@!cnmu@ZP3%e&8giX`5R?vn9BWg{4;*K<{p62H|+3eb11
z?%7<@0y4~gB&izR_c5eKZm>>um(jFBnWyN5*-8f1#{xEy0XDJ{`pG~v={_YPc;G*x
z0T4J6I^`-8kU(S$j6~t2@sq1;%r#OfbF44qVG0NvltM~9fKzV+<H#m-*szANlv+&Y
zNvUiHVz5uHHn*ekkT*wi7vWc3=lJjnqyN}uZ2Jh%ut@S&mzYHz{@}SFEHHS^n;jVa
z_uDj(Ke&dq>flTy{YZWZZmDjw6sS#H^x`SA-Ii&)Uor)3GbOlR;o2f^iS$J-@bWS^
zS;4l<mygi5bU3Z-1oU{!)mGYranY3xCU_OcM2fRS^ZShOQ()q|EN5n&sRP_9=m@V}
zEnpYvWqEvq$K`fHSA$7$#VC=ypR`cga@pjo6e){XmNeldW1AkvU2*@y%Bhz|>E9N~
zn3rO~q0}4*nw?rr@$$bdQb0Vi`ZVV(amLq-d`yT#rT5&Mv{ei@9+9q$00h-&YZzU@
zHH=f`dPPXW<@}`oi_TX$4XR3kr|_w2E^?q7l9sO7OB+aO(%hBjIC|fB9Y5wA(wN&3
z(0Uuet0Va(kI_>Xin&VEVbBn$n?79*hhP{L-|@@)RAc4aS)RdFK7Y^$aa6?PG`X(J
zes7}@t#}}a_;{it!1E_(Znk8Fkca+FON&`EOv$w-)UQ~Qd|I_04p)cGj8USE8854@
zuC>upb=XKU#qqLhl1La3`Rungsa39+2!GWJE*GxC>cnz}V+Pa8v1j{^I^lch`BMQv
zqXs_<hV{YH>hjk}qs>+oUdd@|MKmgTiV8Ao@tZkW!39u7oF3c)e;7~zIpQ978t3px
zOj0;9B14FIIU3t7mj0ydYJ|O7=D4xDo8!_v#gejekZ~+4Um}(?Ghf%$z}2m+eGfO*
zv*?XL9?$3Pjjq)@NaSwRg*{(?SpUqmB-c3&*r~a->0*uXj^&G+uHt&hmYU!Ws)VT)
zvy4=nizo<^wvlpBz>eIdMWwu1A-7xigfnpEl@OYZb3No)Cene(0yx;`xfY(u{j<QL
zfzc#+kG070)q#<L$y{01!K)p`3w1M6##el4%~LBm+%x4g7EQ8ZPAVqF?IgotN{Ku%
z=sp9b!t!e8p|_1L)uYeacCNcWr@Htf>0eTL59KbLGwj2J(gBNRLXwT`|49PoMVr+M
zB*nIj+u@wTN)My8UfM~+XMgMAe@E93ZGzMB4jo=b?y=#^li<Uk2E;6z`5=PvX8J;X
z1Q3Za+Xs#L12LCSu+uc-T+Y0qSg4uzkLouks}Y-bY8~Oo#n^07-11br5uVhZ61Q#P
z!rzRJt?`bHzMJ90e7Sn7tz7&EH<CXcIO(I{Y*zxhdDMh{Uk&F`6Z(DigwnrN0`i^$
z>FaLPVi>J(fmv5#3QT3YdMeZOvrff{pbX69->YW=<J`(zDiF(>rqu;a9hF^Lwn^vt
z5Oa|i&5kMip+si`y7TmA@$~-p^#1qs{`d6r>F<Bz>}D|^jenu{zgI7|zAnB0z5M#=
z{qI-u{ug)w+<3LNwXwPJ^bGhf_Y7F!?x;K(Zz&=xFZ|C3+4OpJV|hX<zpe-UE9t<}
zu5obm{hR%Rz4-P1359CiB{^~xW-m?i{qfG(TXtZZCG%T0M_7G9@FTF$71MCRH!)!O
z-Od@t6t<qXlVX6ESEq<Bp0_C@9~E&dE~Dq|!DJZoU;XEp=M)nuc82|yUk(A`%x`m$
ze-5d2^zCy@$eZfEW6+?cS!Won0n`bmW4wVcT8&1GbBkeav7ilRMK;Q~SX_bh8k2vT
z|0TPS(yu2+M`!Wj&bz(S<DFf0y=>W`uQ33D!SYrxJ9-O;ulZ^X6vCRX$D^x?Zwp<!
zINac}fv^6rvuO*o)|66rj5z2QdcyMLSytR25154BP|C;B`|O*MR3f7+Z=(LnZlTq%
zrM9u9Oem6>B!(|6%DGAk+OalFp_k-0cNZH{p$Gxs7Gg2GNLBZfMxDynUawFoDH=4z
zZTiae<5ZT?3!g#rp`*{>2R*e29gb+$5NayZ<)-qtT`Pyv@Qv_ADw?GEO&T?)*;+oE
ztO-|a;x_}%qasy9@eRqz4{B?D>LvY@==L>|?Xqp7Vvd-*1nHUQj+t-9xNqt7E;>E`
z?%mE|{Ce-Z^Y6K0tAtdZ3$v%ufq@tEVYbkmhKm)BM-iPJ;yrbb^2@f#`2q$58n7qk
zdDpJKt46WKUJdMmj<<lcw|v^$UtnRYZuG?$@9(L^l|fxHm}faxvK1sp(uqEEd8KB5
zLj7s38A-{KrE?+q+`M;^p-TnrW?D7DhGo>!DUc`wl55;5jdD5%<~dPdZ4=@d=dI<J
zO(GPwVB_+s01$s)q-d$Y?m!QNG)iug(bP9(sDsX=WM2}VH6v);gWhPggyG$;0VCTd
z<Ipn@*5Oh&rCn|QgTDR=E}A!soZ@2CseltQTWCvpbf1sr^OOoO!SR7!&7NeeCkWg0
z-?}*7pK(COU@sXCg?9w+0ZNJ5Y<5&1EA+aHvkS2#h4moebt9igg$|d?S@^t@NUAPr
zs>GR2@aa!6H6XwMGjlmdEt3kf0%A*x8LX$gM7C^odKyqAp%D*y6s`lkD%rm2i8nr$
ztn2e-PiPuuRLT8;vw2aSK#EC^wt8QEiN#qdm(DXyQ}TdtOV@fbLyhClNsjfoidHW=
zLi)SMH@lJ09UOb;jqVhnTim2nGMI_t_(657zosx#Z9)Z7Mjup}9+BV*PIo?g=-mq_
zMGhI<lj9i%-otVK+XBm&A?xz{(Mpkv%^q&%@1vFiBQg^|RZxUKl`01UyHUyog5%?3
z=w_T;rIakzno+;`3&|&w;)W&aB6@CBSEf02twx<%>A~F<>!9j5sa<T>?zm@Ej;6J4
z`Wqjg;EbUtj>Qi_Xi#*-N=8pziCm%0aBNWh4)+hgUm10D2K~90P9Rr@cM%R37o{Z^
zY*B5rsxwwavV6p>#q(*Sc>~^JNx)RnHQKU-n{jpp3UcXtB`su*ydalpskK2z>8q}W
z;z>BR4%eyfk63y`#6Gu3!hB+sI`=ZDnn(yaA$`k7P^gWAlTZT-FBLjn;C|}Vclv0A
z1XsY=AR-;}spI2ed!N!lOZ)@GM@xLn7BhW*n8=Ti!=rXrunQ>XbRV*WhS9yEq!|t-
zh(-laWkt%Y^j{dTB{be{s+lBXRJ<Q({-b0(`g=N5`L?<C3eL0SB_p42+cpPeGBN*(
zjuC}Po}`EbNlEbv)2H2%xnL+<si`=J%+e`x@t6oO);9rpis<M;e8nX#ub3qR;$5D8
z@8IHwsHYrB>O!#?E}n+ckzB$eoGf!?(KEcP9%bYlwml(|=ZqXp(YZaPx^^oZ)lzrO
zTA?pJVG5?Y<?ZZYa+z6MzhvWHFqD|H<4adn%5$oApNbTj{qOkuqf~b5FEy5v`^)}%
zHXZ><^;(o`PvR{r$$+&aHl)Dm%I-nz&b?E*$aSq%+#og$@{olG2xRtRG)%QQg(#>X
zQ@}VGO;G;;_<paQagjx%n<=^}(EBcXEZm6Y)t!Yz|5CCd4^C-cobNFK<!EX>FxMOb
z3!#so3ul*onh+lEGo)p)+`O`rx8MEOv(2x6yY;)xjp#T}??&08;OgI^wvs~+R@KR_
zrQk9#H_5uo`ftNH>x5N&=EqbG9KD;nRE-xc+L~ET<=itN%Xt;JS16BTtN%}}h}yQB
zM?g~CO*)VnsM+ZO;juu9F&gL%H-o>)0V%g8n=9A0Tbm}Oevx)wk=>-i=IH9@sAh73
zutU;3vk+nRMe{wUQl2uHAz7D((`zMbD>N{)l1ADSxM!JN?^^U&C3S1o&1Ka&`EWE`
zP(mxTLo8;5clKYRk|~I~LSW-%NxO5KP9%W^o><mf@h`!Hf?mK>(y839T<s3gp!#L^
zQvvMa3k#4V8HvVXVM%JDAnqNeO_kY$+}yo@nI@bTow5iK1N``5F;OCvEnVnS!ECEY
z1tr=9IHQ-G#bh1+ACr*XFvA@#MstU6d2D*=eOb*Tdg!&9+@Os~1=Bx0>^}K_Jo$e-
z`F}k9e2o8xowVXJIDypre{8+n`uc@?{<k)s{6Bt0@!z%izmj1xn-?ZKi^w$i%$-tT
zfSpiAXHQXar7Zfbk%;`13G6A>{AbMshL$XqyI0XLClJC7qojx^$xb;22j8ww-tHZI
z)st$SxHzI)_~I5w6ng6luGuxUrKSlf+;00f=@2FywLzsAq=xKXfV|HoV<lUjRkaRu
z$PsBdrHoJfFoWRlvs{WT9@9a3(W6B+>asF5h$R3lKCdbSA6E}2vm2eB9=J^~la^|R
zq6Da1dVp;3KGlDXrdZL0SO!IlCsecyK_!DZ#<{30PjAo8j^pE_6Lj+l&atOkP}|ex
zjk!sqff>E_56|~18><G5(?9Q@?Y`YV{61Eh*G?-t1==>?H_%~D;ls*qrb*-IkCm;C
z{@B<(+1okWdtE(g{=TuZySsN>*HAS8syd8!&d=T+o$R0OobCT<FWx_7qx1gJVP*H)
zUI3F5rX8Nu08mXDCwr%RXG=Rcts2Dlb`F;I^4c}togbX-$EPso^Xg5s8#VUnNL3?J
zzGukC2Yd1E+oOH<;i`ddHEg^)`qSR)_;?SncL;Ml_@TP1-?H)M==`vHZuD*AbZ;*{
zI(xf!Qcbn01@f5q-O=m)H~Te9wi`8&-vIgkrFz!7MdNJm9UQ)$lON)fz1RCEd%M*e
zS8m$)Zs#@S-`hK_?q;=VoF58>{#VUf>_$LUKfD9H>MVaXWaT!5eK`4U|Mly=!<xO2
z7KG#aebX%(@AhDFuVegR=iuPz&oy%@H>HvIpznNluva^rY1W{<qSFma+~1`my#h+=
zdNpKE;<NpCdq?MWr`&0WT>8zyehr<d2958J4y#v)Up5Z*4!=KpyL=^HJHW>tjPiP)
zR`h0P|DYBNrM7zQh?lb;;<KZp8059@_m(2T@1P-_pX~FeM>Tg!s4<+0)AM7z0D+IZ
zgM+mbpZ##WS93Z-&DA{MLy&sE-y@nkg&jYAvtLVSOZqkT{&EZleP<O!mz%=c<Qhd-
zg1nlQl^Zt>j&}c8M;P>VgNKV>?;Y<Q!g=1U9;DQ=aen;$$<FJ&<wWQ=Z0y4Yc5(<;
z+3DWNpY~4Ty_1upYK|UkP5fa09o#+0yp}L{s~vIP??JBk^Ue>ooLAa3a8S6~VqmU+
z0u<EJM4)X$;4I}9UON^SVY#PB6+~Q$dh6xKU>Csn>G_*C`@8$d=}*t#HmW(Zp~i&o
zy}z8{=GP-zHEJ|KRh(t0N>#SkEgH1mU89H8t<f~2UMB*iwvTE=J>JRtLR|-GL+y>X
zV_gs3s&SajWsd2v8dp}M#{Tp!8IOkNCkNHLqMJ0%r|+lP{q#7`=Gh<{S06mLo$7Z6
zI%sj7=6hJZh>M=o_V?QZ98~hD(q@XTK<PWlB~bw-&>B{Z_7$vIbCM>*npNA)8v7GY
z=3z(xE9_K{UD3X=n@mBKJWZ#=6Rw|AeJT4bt-k!eutHaE*ib|WTYo|xB9)hm*RbIf
zOs(cyb}Q|{7N6V}6QF?)52Q01RJ4`;+Y5aw&tw5#Gt8b{>i|k=Z_tlIG-sIb^*BrB
zZEo7b<O41FuGNj!HhUYsALk5b6yFlwkbl@co$p$lYshr3T~u$SrC45eXh@x7@@7A%
zn|<Z7!FzO<Iz8xFXyvbpaXgrR=$eL|C8dF}4Y~pdV%jA%cKlMnZXTE#kTKgVVtijt
z6}WcwK%M2F(8cLdkQ^wB8R4|z+gJ=zRQoFpw$d#KioD)#^}g1|*7O6KWt5+ndO4rr
zfk>jO3=SV`HQCC{>ph%Qp{lODc9U<ds@hOZS!A4QsO%W?NQw(<GBSXL?r;KrD#g(?
zee7<d9@8h}AjmrJ_*Eg<)PG~`#iY0i<V=!!dg#W1a3jzd4pA4DvSb_yF&!!kIUU`e
zlR2hz7|5))jR_x_o{-eWF@9P)0Q$-eLO8UGj<GjzQ_b&r(SJUqDX(w#Hh;{2oSKT_
zJRq|McUYaM%H}}s*l0DU5|o^da5SZyJ?(Ng@zm-B3YOwrv7#bO5+<rAXTWwEep71X
zJ2JzU?k!Mx0sO1*{z@W!B;OXI4G`>ZHpAD6yEMN_U>b^&sJiD+KVrxPZ8|Nv9qWuj
z;%7!)ErfW0k4y^S<(L8r9e=z#Lh&zlMzz2tv^4T`Gg+W;a_#G6G8zK`#QJ|7q%LO1
z=tP3UVFh5OHO3H=9nf$$+UTmbr=a_RTz|5+^Ufnaxz9{aIy14&moHwu{Q6ZtIvNkH
zM*w=;QD*gFW^+F&_5Gl5YP~Y3wV+SX=-M0UKBX5ADi5t54d@*NnJhUn4U(y5EF<zp
z#J^<J{o}i@dTx!<t(XZVzLS67-=kX({38B+1@Rj)<P#>L75v`z_Ds=W$9Dph1~HQ%
z!1~8eezr83180Tf<x`xVd|u`OC9oH&+a(?;`n9n<Mr;)c<%=&$gOy{*g3#3nD~c_T
z5MO-gpC-XnL3^|i<6i_ts^0c$a^JZlbC0&&y%XFv#Ut9m1Ksf|Q~NS0{!>K_4hwVd
zj8L$junlH_81ENK3PzDm(u3jxbGq%XK=OJ(@>|POjM$~;Vm{8~TY8@cU?o?0kP``_
zHZVCL8whlmYKek8`14*U`jFVQ3;%jFh4ukT#tlW}thSMZaaN>lw@xz;SeN{=z~qOp
z4$j)x+?&ki51dL+UmI5sk;TcImZv;{P_ZJCBHX*poj|e5yBm)^-v~=?ak_}Msh1~!
z3j`&k$)6oUqWX?fr#gf-(4~rOQDC6TMtN!+M@ryVE-n=_B<>}BFFE)Df5+N1RskeE
z=XhY-mcqi2IbhW|@*<&_-Qz#*7y2gPUyNWPa<S|Pr=;vgIs~G6OGcQ*Rb_Q-`)le}
zYx&+4Z-RW9By9E9*HIQOq~x&AY78byF%hL3!Hyue=B7#%x0kNAQJsd6yutteZ1d&T
zi<d871WuRDq}omXOU|TtLd!Io9fY-j<CV`BQ(#FL^a*EfG-h{>F_OK?A5Y%nPML9K
zvRoPlTZIi9MzsK2P;|-F;%2O4@jhlS4@~`dfR3pi%cwt+|6kM=Uu%6975Ae#s>&H_
zcb4R$8;Rn>3`LWe_qDJThwMI%BWZ3_!HKFkLeNNN=H9g?3P{u(Kz*(-q-+S43191e
zzWBmoAht$BSI)=M0r#%n{@G&ga;C=*VS%U}hq3c1!w7`xQA)Ov#}8wHs5>;%;U^qT
z=v;#R<h=Xj|NrFw|K$Jw^z(E1|6`fd&yWLhN&W9vuQtE-{r_Kmz4_$-|7-F8fAYzH
z^2z_XeDXh6bP1**8eK`@`9N$**z0|=MKy{iTjchx3xYRv#cowhTFPKgQFU^vcY6(H
zDa`!8osX_TosLJ>(3ifA2PvE?uh=){t%ELD_PfCazY*?a3tjJH{-9x%{&v4qpIR+m
z1Y5k&=CZ@=Xts;xzx|v_6{a#(_YUU23)6p_6t~_-uSYka?rgV!jc&G9HlJOOuuv8;
zBdjiFfp^;t3A)vUhqF@vq487CSv9j}Usglh%!s;LxIsu2MubE8tJLN;MH333YVRrC
zD%ZkxNF!I-7KDg~=?oahwl@&vM6p}={sCqPAtJX*oT=>&Ei}!$jod2nrkZ(0IU%QY
zUBQ6ZZK|r%I3Lnmie&MrfZp{!^fx6g&EFf>OGD^>8}K7B$e%$YON-@^XgAH_s`Elv
z8C-Q$EZN^$JWCq^A%FRpwE=b2UnN``a#BDm)`BK91yTX4T7yM}b?XQcJ#|u$t<U`B
z`D1kLPb$wbErT1jt@hoTBWhVh##u5{-;J|DVk3BvU@j10p@ReyU+O=wjAp<ehQA0s
zrW|JTedAT=mJ<tOFg!J$l$wvf61=v6CX>-rtpPsZ4)4<kYdPpwgm21$HK?zuZROq^
zag26ppl&oyCRf9xuK{+J*FakxJggjUgFTgj2|2m?``4#9KiPkt>_1QTpC|i|WB<t(
z`CkisK=>u<e{5{QPpSULt5;9<pI?dnCu9M7@nivdvH*Q93(#q%JQ;Dsf<k1FKar!y
zyakK6OGabzTZa$x+jRUD;0iM-;6O!mofLB>EF=LK=sFpXuM*In(BpkE!qjaMF+9T3
zpLwidI>2O#BPmG%%`py2_7b0OM>(acz8fWMbDE_C=#3I$ub~}2=zQ5z=JWLhdIKCD
z{pU_Y`EStYmUka@40n+aK;BRB>X!U%>6B{qW><ezS=$^p82G%ayY$pAWn~K5_2Rgg
zV{yJt6&z4}%00<>8;5Tg-Q(<GCY5)w-XDD%eHk^C@7Nzsj}ECUFs6RR4QxI=>psc<
zPxAkh{QvaxPn7@BzC*>eKaT=XFaN*T`07>Z{daTYDgWEA=KZ$<#$q}`i6kClmGNX;
zfV}*dcY7$rl0chc_V^@!2)-b1J?Rfm`om|?A9U(5Rp?%Q@OR8JX40U^`!Br(UjZCS
z$E*nX``dIr&%PVYIZLzE^p?w1tA<w9YNYD9<dQ?8Xcj3ZKu^a_iFTw{Xq7`787>!q
zr}d7eLqZ65O{chE*yx1XHL%`ByhnM2T2wy~es47n_D|0^*H~*zm1}NVrZ5Y1I|F`R
zs*hvpAE6pF<d`cglx6Ew36-PgnV}S);!+A|HXqzl1DsXSi*~qF0xo5;K*#Wu+hB+v
zhK5s-AVeJ%SHhguDr|-RklKGZ7P|veXG)bl1??)mp#Wq`R8A_4D&B+#H=&q9nkD=P
zYct(t<2!!lw+ae&WkiaonWBq2B{ZkpdIE2=6GeZ{@?nJd>PIRaV50VxaWMh<<h3Al
zd|}|=6wVfir_(%SV~eZwW;C7BT6mTCRueImaXiizjH`yg?OI`c$~8ZvT;>^^BqA&G
z;wF{52H7N)W`YY1y~ofApwzS~GD-Q4=(#eFpJsUE=n>FVHW=YaWOkD#10mn?7;m%t
z6c}#T!H51HX(1h7^K6M<-lTkP2t$(v03MF6uTw0SIDTMUy#QPVaHOb*j~3QTKmt<K
zxo74G=+v`;gC;5O@p*^&8IiCMToJV?uzfTf5~b%vsO!C6Z@oj*glpH(B#;^Ri|7HG
za!Cc+fu25gRh|R5Xg3B||9(!{J@E2L1vzj-XU^f|O+)U9H=M8+eToPVCJd_&YXKHV
zkB0d7)o2QrF+)zU_*pWP+>Bh804p>tr~(Yv@Ebp1Zv9HXePUPmbT+zX-kyG#!v%p%
zIeJaR&zBk&mQm{(Rzf2xyEP<8)ery;DV9pTl9k@Qh>*w5`K7ZGmNhAJTKe;cSsInF
zfmI}?H^KeDLm!V*KsB(H#T02S#+ySqVZ@6m+KgfZ*`|HfU9D@PM|?NNJ#1SLJMJ(<
zq}xQR?KYB9Z$R(N^eacX69&`~3_>#3+O~hAwXOM^4oENpMK6l0f`IgAec9HKmoCxj
z<&9IfM0asP7#!<~-_UUgPnV`pq6<BI*9P4+nD0i`0`<wIb475KPZ2(fhtKZ!AhA*2
z2PHgHV=QGeN9kyq7RJno(i<)TAEJ}dlnU%wae<uRhYvHK`t(CWr!oB-rce#sHW-_Q
zl{0}+F04qKGsQ0H4$v&azM%QOgo8$sWm2fSl<znaMl>H)DQ9mn%6yJBVDWHYW3)ef
zG*`kgeoVZ9hGsO-6!8WKd0_QQEDJl)A$7267(SH`E#~?@@DI7}4|{69<01PRJ2^7)
z>uXa2C1LPg4w7OoC(|22>(0>?h?+r45HBLy4-$$nBJ8%^T5okit{Z>Cv(5I?mJzI|
zBlE=Odb8CD`}L?jWwLh<NLS4Oi{#+os&Enf>eNJLJFw?=!^B6$ublJ82b~WQ+JdQF
zX?D#Yr%kEC3^H>%lxEhjJ{&$@$zaf>{ZyVXi#(6DXH3P(+xsw6LZ%}?$=#_gX_gU6
zlr|^%f_`>bQqb}*-9V1ab3;{ra&v@xKH*v55STw2EKpGpvWfvHGFZ7e6Ia&)ep4C&
ztxAp{$Tqta*j=bQRZb|?3(|qprP)}+;rIS*G<y56cD@Jw)$>Y8VJUQVA7m3OZ=xuL
zR)aa#?eqq>pxdX=J1V+WI9A+zy&bt76<;g&v9AYx9PE<Cq*O8<smSS-Ro%%cc|?~~
z6#W5DB>E&vdJQ3}Lcdv|I~xi>r~uF1!dcI##1TR)Nr~l$7e2R0IGx~<F7V$=ClSgO
z$kV_OM@;mA<U8HyjuNAcK46NSoYU-ZuTC)V|9!N*9VrDg9Q6-$r7Fnj4GQG7DEVR4
zvJ!Ln@9dM`d|s?eG`9Y*8@*S|<XcjIIhNWmHJ33C#sx#>8^5SvByZC(I-N5tBUs1g
z4A2b-lJO!h;JVjxcMVthtUM*eQD{MZIpE0W=mULIb|nuFRlG)DdAtM6(XN!BDdIcD
zy9YK4M*_~&Bdxj6nm_Y)WsOQJVNKB=niOb#e@pQ+{<yf<xU5~)Kj8+~2AJT%qO3e9
z1v%mlbFry0afq%hYrY4rSu6%<q_|#;L;i{6jc!eXk>IqXkK%b2V_kLUdggf@WZ8Ql
zUAh-gXymc|^g9ac;nn%$sH3iWbt=ID<4`s#Dx;Q8xl;$f+3Z&&SrIS%a@r#*mk6@4
zM?6aSvot|nDZ#INSfF(Q5a0Yic?wd0fp&^!uf!#30F|7K4k20!g4xJqy^d)2e_EX|
zqpL!rm#xO0g54#QS>}D3&M?`8s>e-+8DK->vT9A$(D56!&ld>%GCWnhi^qj8Q&M+f
zn-`n?%ZhbY5wUz`#|vN*!_mNJ*d<Lm%%Yzx8jrVV_)K%Y0R6Hbwbg}T>G6@0L|D&z
zNLk#eoE399XIO+dPOs<L9Tqu6Es<_cDsqX%-m5?<vm5eDG~BNl1RLXPB`c>j(Tcq3
zbb@3wOciwCp*UL4e3D)L)e6}#pQl5jPBdWX&#Z2q{pT5w-Vn>#`}Z;-gYC9NLm5Y^
zk*acQsV|OosBlJ=nTS4j)%tOx)hRWnqfYZ1rtQ{Ze!ceFR;SEpE*sXA)9GSDf^543
z-wL5$Q5Z$Uj#ZeUZVU$%FWMGyz!s+aL2z5Wmu3<vKJ>vn)oh5b{v8xi{YcXrWQ*y%
zz1dMRnT<Pz2ojdNbdWH2;%#zAR!%PVIbl(JE@ti&(`S*1nUHHi6Z@8RGn)&5)fhmR
zLzvc)X!BZBrb))2{Sl$kS+53l>GMHZk3~RYmBan4<&PNfg1uu#o3U1f`Q&S5b>byw
z^JE;s=3c=@>L&%k$6{)oG>uI2EHJ*wKxw$0(8{^|EY~(Nd`uv@tc+Net*T5&fOenm
zJie}%)t5&E5R}IFsl1~A7?cT=p~>SDwFzc459viaIQQ$(bhVj>et0$A3QL^KmB%Qe
z+w8s;*aRgU*&^B)dZ>|?8&O7pe)3UzmofvX1xG|#(jgqox=)}z|LwEt;-K^55>X{X
z=904WAaMce8x`bUkMd$3Up-Kwax;xtHlq*Q9p~&8wB~8Fx%FFhet`Z+Zzl>tU=aZW
zbg5?{#=WDJAgt+)rSgElW6k70aDZUckZEMW!r5d}M%&EFn#?>Mk8wV@{k+B07QbV&
z$-<`CXYQmc(Og!kp=HcKx9#Pu;S9aRoWMAA(~A(^>4<;8LqU&pZ4JBQsu_k6IU5Kk
z5$@iUyR@zGIw7<gAa#m-@G*k)`DHAS4f3r0PC#M66H4+3muNOTSaB20A=p~20jVhz
zj-<rT?4)RG<=%QEZC|BWr=4x=R+2b<{iD{nnCZuBqx{$ML}4vJ7qk?!vWi8m#u9%n
zW)YGwHQub(OgXi+lO=1BHb^=q{{ZW$897KS4n>n1RC(c+MTbl47^7o_5;!P{vLn>-
zYw`#5BuZT?qY`}`qs%iUU`x_u(20jsksH$_1L!=ZNAp3-PxjYhMs_nLvut7x^=8*v
zt*6dSISf1`{`}*oPN`|3R9bq$3ko|+g&M%sb&M(-y~DN1o6LWat9@~^#REhyb_U@B
zRRHhJ-%`bpUwau|Ne&=^PMkhaTrseiUbCE&6|#kmI5ir#1hVypXY6}&ZY(zs%v=G&
z2EJ+$iBMrgyv|tj_Kz;p06%e%N8EeN(Kt(UltKz6pQG^tByr_-lFkEf9U8fPdVhFW
z6;~z8z6~d2lyn$~wLhd0Ck}A+<VbiV{Qq3s$l2V~owrR_13m<;mTPBc)4!RFcez5J
zFX=M$jbn-y4AQF1V7kQx{&u<gwP=jok9z11AFCteCpOb6*emfWO{e-UG;VFI;URU}
zj&3fKl;>ZOWfuiMaZR*um_;FQss>~bcdteF0xdbg7)PLNj)FWLr(^-c<)gprH?-g@
zvqQ%#oCTV+=Z6)1BFQb6zoHj<psqba*7o)BLQz_qreEh?k@rm*Z0XI<^SA5}Q$YWM
z>NANcVw&E&UPtwpb8s`H;;SG(gaEz1I#X2WX~03<s{4gsE)|F@3|E?=N{cB?X=R2;
zGnXeCZT}+KPN~<mGe+e?ylmwl7Dg(dyWt*>ty1`FVYzZB-&dlx``SJy2(E=ztywGE
z>M$D=pG8l#xtHuTNM(3tdcyO8Gtm)pU5hO942oe+odSl_10uxy5F1@jjwj2lvi@*e
z@15or&Ch5H55KM0Vx}hog`JYh4*{GUhMoZU1qydL^jslTqK9GA{T0A}ANH6Maj<Hl
z)@4&OQMN~bKq9$PXnkFfnmbB*)MNF$YA(;v<A8-I@vIi46H`*o<0G_~pnLfU&HG7F
zew4EXYC3RY#$OaHcqu0UbVBAMSfrlfy>!C`&-7J4jD!pIsCZc_Dk2g964~bu%zBFd
zdy4;iivN3x|8wL2@{GdRf06tjFE+m3cu~s#vGw99{_j_u|6?;+`&q*HpuYt2;blI<
z&x%_v27?{mpjL9KV86)#6ul<>-zXiChn<A}0hlc%P%C&63y7BcHb@XKlU&l+b;uqv
zCQmE@(4&PsHfB&q3{n8wqhkiK+u_mS+Wz62ll{Z*sZ4X%3M5=9j1U6=>jDXX_Ao-B
zuyJ;CgPsUFLT@rtzvi=v9hxV<W(7HHn&>-4tCFn<2?GDM!t)k$tW=^vEoQV2akiMx
z7ISVknvOsTD^k_yG`UW9v+4Ed<`_TDyOI4@!{qf)IXI@*l^HzXJ1xuk{Xl!H>&jnO
z_I_AQD!amW!G4%ab%^;17vr?u`uoFd7SF~D*aGnn05vhjPpRGw`RP=R;ItI)9Uu+!
zF*iHe1Jc_+J39FxrYObjsJWib<%Z#gy*!=4whq_xbcnWT{Il6G?^snJV2$Cf4WKIY
zC}7&cOppigYnr#?7}IrPJvtQ=DK(;x`KrS_C2d_IvlJkiXZKUo$AQS^bM&dEbDL2F
zVG_x8Njk+8*q4;oLyiVudk!qjNT}!Vj&`GvIV?*o>*t}QRE1Mr2PW2rzxHw$eibP&
z=jtK~meVo)n~qB(_vDJin|d1C+)RD2#HDNWw*}_SWP&6oUl+csa+AX?HKj^`rju9k
zDn-Xf0eaEIJ#SuiBlS0{q4p=j&h3vR1El>?k`Hd1m!+4=3m6X7HEtG6hXcQ};)?!)
zRT%l!XH8}g%$AykTB~<onBWj1*Rblcv8N?7lge^!R|yq_hc><MlEQvsSKs!i_#Y-v
zrc>v&2>K#YH=ycqTqJ|{UJv0cIHImtSM*K*_MR@Bmj|jG!nsyetInsYPO+GTaTs~V
z!%DE|6OPmk%>y+FWs6E4vXr5qAH6<&L+;%8oTh>)W}HS~=Xl>D#>sFwCb%V<od_qw
zf_FK*E6p1pQSA}&09P_T?zWq1vK&|>vsKfJln9q#?)2uWn82-e$xK#(ES0&|F(<?-
z+5vY}={kE)&R-s|K;ca)#E#s3F?~M;R@)3&s?-cd#UAbbux*CHX&qw9=T0|rKa~K-
zPK9r(89HU4%|N7rGx+OKQ9b(7QHIhxutGFxqc>_S*GW-!;a1fb1)MeO@VL*SeRPad
zmA%CU(mWVbV*NZ-0eB$s4HAmiCwWTwV<8i%08jb5H1VmjvLG$bDdZTRBhd>F9WbN*
zTDZ_?aN)!}Et=a`jpVK@!szc*oIWBvWm5b{a2kAB^rIkAg?q?#(yt)7ieBo<@w@$r
zKd<bk?j^sU$|7IYk1j92(++%C*+cCE^tw={0F4Ve;7Z~#cd@|L+tazM0AAj17^eJT
zCCZWXn|(P0rA9w>N_JCM$m)ef54#*T%p+J1+c*~_q)V!YDaGLNZp<aM$$;uM&M>wr
z&F|7coauqvJ2+54%+j)>Fu@bLkOMUuwB+C|L~PNbP4zhOgB0=wSd`#8=<0UixC5Va
zQAo_?g4L-d)(s&eZ$XvTSEYz>L~p>6EMR=<6=UKTFId)Sp5+hGA_pB#M?<scHs-t-
z4Q@RjzS4;75QAK(hn$ezmIrxK+!D95y4u}(`>?2dmW|1DaQXlvtIC?K=Pe!K#O|hS
zd%(|Ob**;G#<Q;xS=C)(Ff6HHjapj@K=<&MX!YVYB&vDaX#g|L#08fSpc|%8b;e=-
z>UZ);AZV&(yCYR*@k2Q07#@`-nCe{&MEWMO+yT{aw3+U0=8fi0tiN2Wa)2w=9%LH-
zsC<iT8ZsLVk*UaPsym<v2Ly?nk(Dlf1dZkMw!x5v8r7-OxeP-7sq|@3TrMf%)h~5&
zWE~t;CLO_VWAEGt;%ZbZFwqr9(9nypa;t?;B+IIBLjV1CX}E8#mcn&ju0&A@C@UnV
zq4lF4!~=pr1HuoBi9m4GYISU&na0d7s(5=OWo;7tS+Pe979Gg$)A3lI=J75PC@Sv9
z-&6&*PacD?ujeNR{DO*>*n42_w6z58vD;b2{@f}ri+N0yP_d*5zS_3+N^AJx1kO8M
z18NJhE4&_J^?5t!RjeT67LSub+HP5af32>DdeO2zzU)}d5t}GaIgRy)m-a4}7xu`F
zl#nU*0>P<>P|e=F#=Sio3>NI@3DU$joXrE2KFX8!aoY_d3CKr}+HMcS7k!OuG&{Ci
z-?Tc)XRXrM;qPIM1ZJ>wt1fe9vn1@2)uU;}bfU|nIIWOd6UN6Pvmpd3_sMj^+(Ypp
z%S~-=1k~O~F)z2^j=RnndOnJc)dGW_wUUG}p|p$%1&f_1^BQ@bP9Gv;#8j!TC&?84
z$)h$*xQkQl^je)j(h}>QYE<qntvbvb|6w1$zGD2yDX)9lJr<<|_ndYka}w)&nFIS%
z%>)sXt55JjhJs#qNxpPuesgC^0SUikBDN`TmsJ)ZQfAaBR3%p!6ej|J5vNC@Y1Abl
z)3@HXXMZo%d-4T5M<+32#YY&GUC?D4bNKsD(c&sm71Y{lTUV)YRg>0P8tI&c_xQvl
zUQG0f)LaRZi;yeSLorV$?u$cUhtbrb%hch96RiRx%qcs<EF0WzZ(xJzFw6b)I<yq2
zmF84PQ#IoXE)%bwT0P;4h9cRDesjOZ3BY&wkNXA93BI9!{Sk4NG$8(BXkebPD_WTb
z0GsOma5Hf5*)dtO*u+T(s~6hVvTD&nl&Di4Pw_mCM}JRazRlYjc>&u?OE9*ix2hHx
z03bMB0zg`Y0N5<5qBk}Pb)}tI(wEwVSB_h^bm7>j(?xy#>hGJcHh=eOa|;9jw6w_P
zn|!gT_)}nW!)RHnu_1e#cf~-8Pbtdgg)Y!j&eub6c`BH8bZrcuXmcIhVn|K3z(8V!
zN$<mxK~byCGYVT_tZWI&8f?y^;*RteN;N+=g4uQSAypmJ2Q_{4$yI&S2Q_{8II9ly
zS50d<<ElCTS<}9rOb}2-Gqq-F*KaIMI#Ndcas{vXAHvS@F^d29d&*O!x2x;yMc2Wy
zT$#@#s}`CO#kP*oeTw$G^y|wPU%mKU-CJvE{p?BWm;{OLB#Iq<K1LsUoGKxv__+{{
z*mu`WBG5%1M9NY*D;>x0sLSr;_}z-n-d%FKk97sXilcgfGA!PK09jv<>dZ>oj~j{#
z<6?eT28J9(W)n$5YsG*Z9-Zy=&A1$zMZdAD`wVXUE}dZcn5vNm=OvlO<R<aoYxNLi
zDSen;EpFOPTo<wwT9&;W>Lo9o8Vuhp4lI1jiLVxzLl?t<bxSf7x=m;AZ|KUzc~U(b
zR1Au?1))=V>r;Kme_r+Phfl0RgEH4Ci6>|k!<B3+h!=dXRy-=m8M0cdtF)qn95btf
zx;iU5An&qTv#1_!%Hor0%NJwi%t^$uCr&qE*-+S7rqy}$g89%;WVYz0=e_^ZJ_G&t
z&hlhhBxJ5UP3QjeJ{5!g)9IUW0!sPXrkCMKi=f-sa(ML)!+Sgs{uyAttTP;@>eZ*M
zp>=A#M*=-z8SyRou=~Cw_F>%79Sbe^n-vf%08vjj|5mIfE^HH$gdO+`Bm93$){<Zs
z(?+QiCjX=o=&v&pNiBF1!R!Fg>YF;XWoHmPo0M_PpNb!uaI4N1Jt*JIZq{attM}<c
zGn8OT_E)?YQ{`L-$b*g&WmS+3GSInrKblDZ1t;{qmxv5<qeO`fAEcqLouSBd2ZmMX
zhYEaDL-`B+1tihFy>r&1$b2+iq$M_IKL}T{A!0$d)x1aXo!eT5qnOQYEteq<b6d??
zn62Dueu5X+MrcaJP;Lz;!G=x&agUqG^{kNcC>`49QHqlJ`jF>3<=twNw{^>&rfJkt
zY@roRQqF53l^s|tkU)6_Ucv??T;GBvM=JWXGZnfBy)z|FEe=cThi_3G!}R{9r<Bn!
z;(2=i1ND<<(SI&RgZJYHiAci)c_}*}CnmAKmC{7t5^RUG6Hq0^1AJ24W9~3cEPbC!
zE@T3Z3o~|dN4&*kgU*h1qJQ6}PgxhxAFr~e)u;f=SwkZ>9!Ksll~LZ_NRBo_MgB0-
zPF;EOFG=VnYmuDGsScIph__?qs!9i_VO?@Iw7wxG_^V;AHMfzKOYSiPs!1Y-EO-i4
z$0tW`_7C>rcRR<HR>hX(vd?a7mmc-8FTOMw5gGmP5$eVB;u7={2U+Zio2zF&Ys3q?
z-KB^z>Y(yh4J_?)Y~iOMI%NH<->`t83oEY}?%-zM(s`I~HywK*GzeIHrKR%cgGR1D
zOXH_c3)Xsy|9gu6dy4;iivM%s|0r(eb4C9xi~rl&diAOl|Mzn1ss7)uIsWgde&195
zzRy(uTZjMY@W50@2R;-HD^jpG$?npkx5&qswU^@h?7Dv9L@DiG@4eYMKRAm)Ui-@r
z@$u2gnTXhVieTabbc#vZUgRSqTc6NZ{L)HabC%vIsxV?=K0n#-DFIhI#h?R1yZQev
zcGmtYS^N8?{JXLCyD!&zmtVkMHoE}68{uHuLVij%j`Ms>o}OF;#*a`77|Yo-0yyYK
zlj0`$c&nR`DNcTOn?P3#`Y3Mdrn85|McRQcWI!j@Ezk_-_6gmOVH-cCJC<(x`0l4n
zA0H0@3x_-o$hnCuJffl^KnR*5LeYy(;9@ku<j0t5E75f(3nyAp((;JqxS=9fu*%6B
z%p~(6!Rk|8vLtxWFfG&&U(w0$jH0A)RDwYXqkyO2ha;=7WH2xiDVlt{QN0CTGx0Rr
zH*zJ(;ZlX|$aKIRqV@<4iISmOm4-?`q=Utr9G+D2cR0I~WIALWudlUWgwfaDcN7%E
z4I7Rp$gu#HFT0H80?RF0V@X{_G!?LGMs$RhfP2(tM|17Rh9@CV9dJ~{0IMBed$q-c
zu_zz@Q9<?qX+}?`=n_rUB;?aBe)5<2=#OGpmk+PSk3&J?tl<jtN=v84eYY$PP0ZaQ
z->$`9Hp(v+WI&O67%*}=y&L7(^rDGAM$Jo^giNVOXC8PMI2OfSO`EDo@rs<emuIXx
zcPdRVszt+Q;T%p)#Ce+(@l`T3_rusw=q}l~5)4@o`xRCqMUw^68>REUUX1zfNW^&g
znqm~VoCSqC08Lp1zWVEQ-}8Tqb-1gi`~m$vLAdx^yXbIx%n%8<S#MZWT}0&aiN2mf
z)=0NF*M{-$q$bL}Q>eV?t12p-4Lqm0Pe{;e0uq`HJIAWT1USc)i{wC4Oq$rHIe&A}
zU%%}9ce}q1|M~IsOSt|zEvxZOmQibN4BxioE&ME{vbGU5VBc3l8)Z_aBhI-~=?v!S
zP5Ob8GbTet$Z!+W7;Q5WUb^G*(K5wh%H059MK4|6!Zqh<y1@a<gu@B(w#_h2y>!G+
z=bI)E*RTw;)UamO&+xSy@g#Bz%9g2eDa}*PfoQiV0q@=9*<#k-?D$5w`m0P&v~0U1
zfed|u+v5ywkC;V|7_OT9!GFk*d|>fyR?O)YhHAc5G{WnvzCoT|k3Q5kfuor(9|-O!
z%ur@aRf^IH8<CnXFd~=~yB6Q4SIKM^@gz(JK{<*EiqV*+ZH^TogemNOn56^BqzSvx
zkJR+~Y6{<~k@`5$Is@m<=hC(tsm44TnvBeXB<>jp2KQ`U5ta9bIR}?N35B)wwKdp=
z<L_X<^hu~S*-)Lo+*?-#lfrD;i@-X4{F~xqYM-7(J3~_SM2(8FsbuSgotf%1i+Ymk
zV3hGf@1@NZjt9%hWdNNz;HBzymEcK?u7v)KPB|Vst#eT=y9uyrra!)pEF*STNBlmE
zV&taupc2z9ZgLe<D$n<HD{u;xTcC1|8qg!!sqCI9S3UGDr!a54yyn1Vurw3$Y-HBi
z4KnkGS=K5*Tb~aUhP-Pxu-p|ebz0e3O%afwq9BSib)Ty&ZfRo(<Y;`<otIE$Pu=GH
zwR5*nS8k_fNp)7a-igcRS?v8QMkwO`nxx>e1ev{nDKeP(yj7^zd@i(}nH^O*5UzD_
zncNU+mce=R^#w<ZeUmDeA;}gbUpdme1iGOu=Nn1^Dih^3z=lu`;L&u*<_09BRB=j^
zNJ6e3s%p1gVHfDBHMZ5nbrzglWMcnj&{~S5==3iIp6fK7!-DBH#|d0)DtWfqZ)z$-
z>JooGJs>e>&Bu6Os3$&%f2($Egb!=PtT_3q%F?^!eqfnD%R=+|*33%|r~<aGSBo&n
z`Zq@<X9)6x6tIFp%mB}r@-TW7ISd{LdYDcMu45GGNvWzmT2?W<oM@I&tJ0_kcS2ru
zVNspv_jdib0bHY0@FL4DHXQ70w+^*O*d(w)7I*^Y4dBrMH32YA;ZphxYv}p8SQJbw
zl?PxqT(B1Tsa65~$(jE~h`>goiQ+yKU14MMoRg#_^EoD#N9{1nG5>ek5_g?vlF-PM
z9R}Q|GdO?u6sD^VO_wTijRuQxk^^w*OZ1##`uoL9ia2V&lV{TA6fcbjOe;;Q5))&O
zMHslM*ENA$i`R<HY3FFp;Od2P*7-`y3R!8-c+DzfE^$0!9du(QciBjC<s$*!a4Z4M
ze7h`m2oW&8Jt{y>NT0*jqccI%^Oq8s80e|n)w%FhURq@4s=2aAla{RKh_P?vb(`e8
zZBGU^Dh+Xgt;=wjnbYFmG2gwnI0ap|;@Rl!+YU>625B4BBbychv|1zRc09HdC62xY
z^c?Ti9BSjIybW^MpcjD`Q~mg@u;7`q^C<vr6>2p>mv*FMxrwCHJ9HKK@DQU1lu954
zXM#UP=Y$r2ui&@(u+afORcWS%T+$5Zv#g0MgPQ%+uy~IYn1|`v!E9P*5>t^=)l;#&
zYhziIkH%Q<RE(OYI2hI5>r0a;dV6+ue9Er?`ZE$>7)?&QKr^Qm4TxL{7z>R`zG$lU
zfrRT$Q=J8$&jk9XZAap3g1ZJQBgeC*H8*@Au%?B7ni;7t<-5y<va+RjoLzxoS{2+i
zU9c4mP!EmT>0QS;LAsTHj;No}=S{<|tCW`?S-j+8Bv>le;Etpz^};7p%(;eb?b5)d
z)|$q2>&=?hnznW8E$2d~k6v6Vt&Co)<fH8}lPXUJ&xFqGU402ucSPPLBRcjK-9t|P
zU^1jshwUW4xicn;9Zp+lau$mEhvrDJU`KrK(lZwH6{`Sgdn^~S;#f#TI<{dhPWnYU
zo*^ud$8zC@@>tMXUljTJ)o8jtdw?r<%863q7>iTIac}m}a^C?E?uKRC#mHE_AYEV>
z{}_&Ps~!ARZiar(AhZHoC>gm0g0NbJHVKiT7(|$d7N<s7H)O2<oX_axI$2C9QC3m_
zPos53YZKKjrgkl?`ljUehoXl7i9-~o2>i3?g7E{2iQs3e_w{-)nx|{ZS#aHfx^83c
z($eHWz#DUY=iHr#;(+M~ehulV<Hl&&#*|D}bBmPANNGBlXgb%F*IMWiE~R*yF^RTI
zc{Q<$#OMR159225heymT999oh%g%wUrh>XXRE~$Bc&GWOc;B_t2eB&vNx-8C7DF<b
zX82fLJs^9CtuegUmuL3mzWc9!wE6Poi_NcInqjH{VTLR`L#%C*3T<iaO6^nYWi<-6
zd*V1vt5rqqw0G0%M_=?L%_*E!p;!%J+j>Kx#4|1RRg01t``;=Iw=9FQfU1<pR09+R
zzi9dO&gEGg9|UD<@CgrdG6D@tl@+xjDWSqE&J1V|qzF^k%*G29V`zTSjM{=;!Dk@`
zZZ%4$=hY+AxN3D<{9JT_uzO=9)>*q1eIW&KX~fY~cM)y@-8x<ZP|P=Vmm1htn1B)}
z)u5jiZt(5&w%)x=2W0d?gxIY$Jf}6EHZQkE8y$EoSAqK+J<{{`7r=`^@%!S7_xJdl
zWqvB9S{kNzQ>?QJR5n9*X)J3@p8#jS_tHNU^C2c3*d}(zfB4_0d2YUkKiuziH_{(y
zm{0=-5^A8Ta>BApi?m9NPVxPtUp;nc?)K1uxyx*NgK?&_63J`?>;IZgl~4Y^PyWA-
z|L@mdKl%UuZ}<OIMGk(E`X5vRq*VXo#aB=MzrV=-&nB_S+0xqR!T+soww^e^)6dh-
k)6dh-)6dh-)6dh-)6dh-)6dh-|FEC`ABA`jngCz~0Bvv*EC2ui

literal 0
HcmV?d00001

diff --git a/docs/licenses/python-rhsm.txt b/docs/licenses/python-rhsm.txt
new file mode 100644
index 0000000000..d511905c16
--- /dev/null
+++ b/docs/licenses/python-rhsm.txt
@@ -0,0 +1,339 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
diff --git a/installer/roles/image_build/templates/Dockerfile.j2 b/installer/roles/image_build/templates/Dockerfile.j2
index 9ffc1c7c69..cf67ed0bc9 100644
--- a/installer/roles/image_build/templates/Dockerfile.j2
+++ b/installer/roles/image_build/templates/Dockerfile.j2
@@ -71,6 +71,7 @@ RUN cd /tmp && make requirements_collections
 {% if build_dev|bool %}
 ADD requirements/requirements_dev.txt /tmp/requirements
 RUN cd /tmp && make requirements_awx_dev requirements_ansible_dev
+RUN setfacl -m u:awx:r /etc/rhsm/rhsm.conf
 {% endif %}
 {% if not build_dev|bool %}
 COPY {{ awx_sdist_file }} /tmp/{{ awx_sdist_file }}
diff --git a/installer/roles/kubernetes/templates/configmap.yml.j2 b/installer/roles/kubernetes/templates/configmap.yml.j2
index b7553811c1..283e805aa7 100644
--- a/installer/roles/kubernetes/templates/configmap.yml.j2
+++ b/installer/roles/kubernetes/templates/configmap.yml.j2
@@ -197,6 +197,8 @@ data:
     AWX_CONTAINER_GROUP_DEFAULT_IMAGE = "{{ container_groups_image }}"
     REDHAT_CANDLEPIN_HOST = "{{ candlepin_host  | default(omit) }}"
     REDHAT_CANDLEPIN_VERIFY = "{{ candlepin_verify | default(omit) }}"
+    REDHAT_CONTENT_URL = "{{ redhat_content_url | default(omit) }}"
+    REDHAT_CONTENT_PATH = "{{ redhat_content_path | default(omit) }}"
     BROADCAST_WEBSOCKET_PORT = 8052
     BROADCAST_WEBSOCKET_PROTOCOL = 'http'
 
diff --git a/requirements/requirements.txt b/requirements/requirements.txt
index dac5c5267d..8bbc446236 100644
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@@ -52,6 +52,7 @@ idna==2.9                 # via hyperlink, idna-ssl, requests, twisted, yarl
 importlib-metadata==1.5.0  # via importlib-resources, irc, jsonschema
 importlib-resources==1.4.0  # via jaraco.text
 incremental==17.5.0       # via twisted
+iniparse==0.5             # via rhsm
 irc==18.0.0               # via -r /awx_devel/requirements/requirements.in
 isodate==0.6.0            # via msrest, python3-saml
 jaraco.classes==3.1.0     # via jaraco.collections
@@ -108,7 +109,7 @@ ruamel.yaml.clib==0.2.0   # via ruamel.yaml
 ruamel.yaml==0.16.10      # via openshift
 schedule==0.6.0           # via -r /awx_devel/requirements/requirements.in
 service-identity==18.1.0  # via twisted
-six==1.14.0               # via ansible-runner, automat, cryptography, django-extensions, django-pglocks, google-auth, isodate, jaraco.collections, jaraco.logging, jaraco.text, jsonschema, kubernetes, openshift, pygerduty, pyopenssl, pyrad, pyrsistent, python-dateutil, slackclient, social-auth-app-django, social-auth-core, tacacs-plus, twilio, txaio, websocket-client
+six==1.14.0               # via ansible-runner, automat, cryptography, django-extensions, django-pglocks, google-auth, iniparse, isodate, jaraco.collections, jaraco.logging, jaraco.text, jsonschema, kubernetes, openshift, pygerduty, pyopenssl, pyrad, pyrsistent, python-dateutil, slackclient, social-auth-app-django, social-auth-core, tacacs-plus, twilio, txaio, websocket-client
 slackclient==1.1.2        # via -r /awx_devel/requirements/requirements.in
 smmap==3.0.1              # via gitdb
 social-auth-app-django==3.1.0  # via -r /awx_devel/requirements/requirements.in
diff --git a/requirements/requirements_git.txt b/requirements/requirements_git.txt
index 340cbfdcc7..ff7a407ae5 100644
--- a/requirements/requirements_git.txt
+++ b/requirements/requirements_git.txt
@@ -1 +1,2 @@
 git+https://github.com/ansible/system-certifi.git@devel#egg=certifi
+git+https://github.com/ansible/python-rhsm.git@python3-backport#egg=rhsm
diff --git a/requirements/updater.sh b/requirements/updater.sh
index 7915ef286c..3d93b4d815 100755
--- a/requirements/updater.sh
+++ b/requirements/updater.sh
@@ -4,6 +4,7 @@ set -ue
 requirements_in="$(readlink -f ./requirements.in)"
 requirements_ansible_in="$(readlink -f ./requirements_ansible.in)"
 requirements="$(readlink -f ./requirements.txt)"
+requirements_git="$(readlink -f ./requirements_git.txt)"
 requirements_ansible="$(readlink -f ./requirements_ansible.txt)"
 pip_compile="pip-compile --no-header --quiet -r --allow-unsafe"
 
@@ -31,7 +32,11 @@ generate_requirements_v3() {
 
   install_deps
 
-  ${pip_compile} --output-file requirements.txt "${requirements_in}"
+  ${pip_compile} --output-file requirements.txt "${requirements_in}" "${requirements_git}"
+  # consider the git requirements for purposes of resolving deps
+  # Then remove any git+ lines from requirements.txt
+  cp requirements.txt requirements_tmp.txt
+  grep -v "^git+" requirements_tmp.txt > requirements.txt && rm requirements_tmp.txt
   ${pip_compile} --output-file requirements_ansible_py3.txt "${requirements_ansible_in}"
 }