SqlVirtualMachine.Autorest/custom/Assert-AzSqlVMEntraAuth.ps1
# ---------------------------------------------------------------------------------- # Copyright (c) Microsoft Corporation. All rights reserved. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # http://www.apache.org/licenses/LICENSE-2.0 # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Code generated by Microsoft (R) AutoRest Code Generator.Changes may cause incorrect behavior and will be lost if the code # is regenerated. # ---------------------------------------------------------------------------------- <# .Synopsis Validates a SQL virtual machine Entra Authentication. .Description Validates a SQL virtual machine Entra Authentication. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.Models.ISqlVirtualMachineIdentity .Outputs Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISqlVirtualMachineIdentity>: Identity Parameter [AvailabilityGroupListenerName <String>]: Name of the availability group listener. [Id <String>]: Resource identity path [ResourceGroupName <String>]: Name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal. [SqlVirtualMachineGroupName <String>]: Name of the SQL virtual machine group. [SqlVirtualMachineName <String>]: Name of the SQL virtual machine. [SubscriptionId <String>]: Subscription ID that identifies an Azure subscription. .Link https://learn.microsoft.com/powershell/module/az.sqlvirtualmachine/Assert-AzSqlVMEntraAuth #> function Assert-AzSqlVMEntraAuth { [CmdletBinding(DefaultParameterSetName = 'AssertExpanded', PositionalBinding = $false, SupportsShouldProcess, ConfirmImpact = 'Medium')] [OutputType([bool])] param( [Parameter(ParameterSetName = 'AssertExpanded', Mandatory)] [Alias('SqlVirtualMachineName', 'SqlVMName')] [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.Category('Path')] [System.String] # Name of the SQL virtual machine. ${Name}, [Parameter(ParameterSetName = 'AssertExpanded', Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.Category('Path')] [System.String] # Name of the resource group that contains the resource. # You can obtain this value from the Azure Resource Manager API or the portal. ${ResourceGroupName}, [Parameter(ParameterSetName = 'AssertExpanded')] [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.Runtime.DefaultInfo(Script = '(Get-AzContext).Subscription.Id')] [System.String] # Subscription ID that identifies an Azure subscription. ${SubscriptionId}, [Parameter(ParameterSetName = 'AssertViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.Category('Path')] [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.Models.ISqlVirtualMachineIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.Category('Body')] [System.String] # The client Id of the Managed Identity to query Microsoft Graph API. ${ManagedIdentityClientId}, [Parameter(Mandatory)] [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.Category('Body')] [System.String] # Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). ${IdentityType}, [Parameter()] [Alias('AzureRMContext', 'AzureCredential')] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.Category('Azure')] [System.Management.Automation.PSObject] # The credentials, account, tenant, and subscription used for communication with Azure. ${DefaultProfile}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Run the command as a job ${AsJob}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.Category('Runtime')] [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Run the command asynchronously ${NoWait}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) process { try { $hasInputObject = $PSBoundParameters.Remove('InputObject') $null = $PSBoundParameters.Remove('ManagedIdentityClientId') $null = $PSBoundParameters.Remove('IdentityType') $hasAsJob = $PSBoundParameters.Remove('AsJob') $null = $PSBoundParameters.Remove('WhatIf') $null = $PSBoundParameters.Remove('Confirm') if ($hasInputObject) { $sqlvm = Get-AzSqlVM -InputObject $InputObject @PSBoundParameters } else { $sqlvm = Get-AzSqlVM @PSBoundParameters } $null = $PSBoundParameters.Remove('InputObject') $null = $PSBoundParameters.Remove('ResourceGroupName') $null = $PSBoundParameters.Remove('Name') $null = $PSBoundParameters.Remove('SubscriptionId') if ($hasAsJob) { $PSBoundParameters.Add('AsJob', $true) } $resourceId = $sqlvm.Id $subId = ($resourceId -split '/')[2] #subscription id from vm object if ($PSCmdlet.ShouldProcess("SQL virtual machine $($sqlvm.Name)", "Assert")) { if ($IdentityType -ne 'SystemAssigned' -and $IdentityType -ne 'UserAssigned') { # If the value is neither 'SystemAssigned' nor 'UserAssigned', throw an error throw "IdentityType is invalid. The supported types are SystemAssigned or UserAssigned." } else { Assert-All -VmName $sqlvm.Name -ResourceGroup $sqlvm.ResourceGroupName -MsiClientId $ManagedIdentityClientId -IdentityType $IdentityType -SubscriptionId $subId Write-Output $true return } } } catch { throw } } } <# .SYNOPSIS Given a VM, check if it's eligible for Azure Entra authentication .Description Given a VM, check if it's eligible for Azure Entra authentication .PARAMETER VmName Name of the VM .PARAMETER ResourceGroup Name of the resource group .PARAMETER SubscriptionId Subscription Id .PARAMETER MsiClientId The client Id of the Managed Identity to query Microsoft Graph API. .PARAMETER IdentityType Type of managed service identity .OUTPUTS bool if the validation passed or not #> function Assert-All { [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.DoNotExportAttribute()] param( [Parameter(Mandatory = $true)] [string] $VmName, [Parameter(Mandatory = $true)] [string] $ResourceGroup, [Parameter(Mandatory = $true)] [string] $SubscriptionId, [Parameter(Mandatory = $false)] [string] $MsiClientId, [Parameter(Mandatory = $false)] [string] $IdentityType) # All validations go here if ($IdentityType -eq 'SystemAssigned' -and -not($null -eq $MsiClientId -or $MsiClientId -eq '')) { Write-Error "Enable Azure Entra authentication with system-assigned managed identity, but the ManagedIdentityClientId is also provided." -ErrorAction Stop } if ($IdentityType -eq 'UserAssigned' -and ($null -eq $MsiClientId -or $MsiClientId -eq '')) { Write-Error "ManagedIdentityClientId should not be empty or null when using UserAssigned type." -ErrorAction Stop } # validate the SQL VM supports Azure Entra authentication, i.e. it is on Windows platform and is SQL 2022 or later $null = Assert-SqlVMversion -ResourceGroupName $ResourceGroup -SqlVirtualMachineName $VmName -SubscriptionId $SubscriptionId # validate the MSI is valid on the Azure virtual machine $PrincipalId = Assert-MsiValidity -ResourceGroupName $ResourceGroup -SqlVirtualMachineName $VmName -MsiClientId $MsiClientId -SubscriptionId $SubscriptionId # validate the MSI has appropriate permission to query Microsoft Graph API $null = Assert-MsiWithEnoughPermission -PrincipalId $PrincipalId Write-Host "Sql virtual machine $($sqlvm.Name) is valid for Azure Entra authentication." } <# .SYNOPSIS Check if SQL VM version is minimum SQL2022 .Description Check if SQL VM version is minimum SQL2022 .PARAMETER SqlVirtualMachineName Name of the VM .PARAMETER ResourceGroupName Name of the resource group .PARAMETER SubscriptionId Subscription Id #> function Assert-SqlVMversion { [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.DoNotExportAttribute()] param( [Parameter(Mandatory = $true)] [string] $SubscriptionId, [Parameter(Mandatory = $true)] [string] $ResourceGroupName, [Parameter(Mandatory = $true)] [string] $SqlVirtualMachineName ) try { # Get the SQL VM instance $vmExtensionName = 'SqlIaasExtension' $path = "/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroupName/providers/Microsoft.Compute/virtualMachines/$SqlVirtualMachineName/extensions/$vmExtensionName" + "?`$expand=instanceView&api-version=2024-03-01" $jsonObject = Invoke-AzRestMethod -Method GET -Path $path | Select-Object -ExpandProperty Content | ConvertFrom-Json $resourceProviderPluginStatus = $jsonObject.properties.instanceView.substatuses | Where-Object { $_.code -like "*Resource Provider Plugin*"} if ($resourceProviderPluginStatus) { $sqlVersion = $resourceProviderPluginStatus | Select-Object @{Name = 'SqlVersion'; Expression = { $_.Message | ConvertFrom-Json | Select-Object -ExpandProperty SqlVersion } } $osVersion = $resourceProviderPluginStatus | Select-Object @{Name = 'OSVersion'; Expression = { $_.Message | ConvertFrom-Json | Select-Object -ExpandProperty OSVersion } } } else { throw "Please make sure the VM is up and running." } } catch { throw "Unable to validate Azure Entra authentication due to an error: $_" } # Construct error message for unsupported SQL server version or OS platform. $unsupportedError = "Azure Entra authentication requires SQL Server 2022 on Windows platform, but the current version of this SQL VM is $($sqlVersion.SqlVersion) - $($osVersion.OSVersion)" if (-not $sqlVersion -or -not $osVersion) { throw $unsupportedError } try { $intVersion = [int]($sqlVersion.SqlVersion.Substring(3)) } catch { throw $unsupportedError } if ($intVersion -lt 2022 -or -not $osVersion.OSVersion.StartsWith("WS")) { $unsupportedError += "`n Recommendation: Upgrade SQL Server to SQL Server 2022 or later." throw $unsupportedError } } <# .SYNOPSIS Validate the provided MSI is associated with SQL VM or not .Description Validate the provided MSI is associated with SQL VM or not .PARAMETER SqlVirtualMachineName Name of the VM .PARAMETER ResourceGroupName Name of the resource group .PARAMETER MsiClientId Msi Client Id .PARAMETER SubscriptionId Subscription Id #> function Assert-MsiValidity { [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.DoNotExportAttribute()] param( [Parameter(Mandatory = $true)] [string] $SubscriptionId, [Parameter(Mandatory = $true)] [string] $ResourceGroupName, [Parameter(Mandatory = $true)] [string] $SqlVirtualMachineName, [Parameter(Mandatory = $false)] [string] $MsiClientId ) try { # Get the VM instance $path = "/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroupName/providers/Microsoft.Compute/virtualMachines/$SqlVirtualMachineName/" + "?`$expand=instanceView&api-version=2024-03-01" $vm = Invoke-AzRestMethod -Method GET -Path $path | Select-Object -ExpandProperty Content | ConvertFrom-Json } catch { throw "Unable to validate Azure Entra authentication due to retrieving the Azure virtual machine instance encountering an error: $_" } # The system-assigned MSI case. if ($IdentityType -eq 'SystemAssigned') { if ($null -eq $vm.Identity -or $null -eq $vm.Identity.PrincipalId) { $azError = "Enable Azure Entra authentication with system-assigned managed identity, but the system-assigned managed identity is not enabled on this Azure virtual machine." $azError += "`n Recommendation: Enable the system-assigned managed identity on the Azure virtual machine: $SqlVirtualMachineName." throw $azError } return $vm.Identity.PrincipalId } # The user-assigned MSI case. if ($IdentityType -eq 'UserAssigned') { if ($null -eq $vm.Identity -or $null -eq $vm.Identity.UserAssignedIdentities) { $azError = "Enable Azure Entra authentication with user-assigned managed identity '$MsiClientId', but the managed identity is not attached to this Azure virtual machine." $azError += "`n Recommendation: Attach the user-assigned managed identity '$MsiClientId' to the Azure virtual machine $SqlVirtualMachineName." throw $azError } foreach ($key in $vm.identity.userAssignedIdentities.PSObject.Properties.Name) { $identity = $vm.identity.userAssignedIdentities.$key if ($identity.clientId -eq $MsiClientId) { return $identity.principalId } } $azError = "Enable Azure Entra authentication with user-assigned managed identity '$MsiClientId', but the managed identity is not attached to this Azure virtual machine." $azError += "`n Recommendation: Attach the user-assigned managed identity '$MsiClientId' to the Azure virtual machine $SqlVirtualMachineName." throw $azError } } <# .SYNOPSIS Validate the provided MSI has required permissions or not .Description Validate the provided MSI has required permissions or not .PARAMETER PrincipalId Msi Principal Id #> function Assert-MsiWithEnoughPermission { [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.DoNotExportAttribute()] param( [Parameter(Mandatory = $true)] [string] $PrincipalId ) # Get directory roles assigned to the MSI $directoryRoles = Get-DirectoryRoleList -PrincipalId $PrincipalId # Check if the MSI has the "Directory Readers" role if ($directoryRoles.displayName -contains "Directory Readers") { return } # Retrieve app role IDs for required roles $appRoleIdMap = Find-RoleId # Retrieve all assigned app role IDs for the MSI $allAssignedRoleIds = Get-AssignedAppRoleList -PrincipalId $PrincipalId # Find missing roles $missingRoles = @("User.Read.All", "Application.Read.All", "GroupMember.Read.All") | Where-Object { $appRoleIdMap[$_] -notin $allAssignedRoleIds } if ($missingRoles.Count -gt 0) { $azError = "The managed identity is lacking the following roles for Azure Entra authentication: $($missingRoles -join ', ')." $azError += "`n Recommendation: Grant the managed identity EITHER the Directory.Readers role OR the three App roles 'User.Read.All', 'Application.Read.All', 'GroupMember.Read.All'" throw $azError } } function Find-RoleId { [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.DoNotExportAttribute()] param() try { $graphurl = (Get-AzContext).Environment.ExtendedProperties.MicrosoftGraphUrl $uri = $graphurl + "/v1.0/servicePrincipals?" + "`$filter=displayName eq 'Microsoft Graph'" $result = Invoke-AzRestMethod -Method GET -Uri $uri | Select-Object -ExpandProperty Content | ConvertFrom-Json $servicePrincipals = $result.value } catch { throw "Querying Microsoft Graph API failed to find the service principal of Microsoft Graph Application: $_" } # If we failed to find the Microsoft Graph service application, fail the validation. if (!$servicePrincipals) { throw "Querying Microsoft Graph API failed to find the service principal of Microsoft Graph Application" } $appRoleIdMap = @{ "User.Read.All" = $null "Application.Read.All" = $null "GroupMember.Read.All" = $null } foreach ($appRole in $servicePrincipals.appRoles) { $roleName = $appRole.value if ($appRoleIdMap.ContainsKey($roleName)) { $appRoleIdMap[$roleName] = $appRole.id } } # If we failed to find all role definitions, fail the validation. $missingRoleDefs = $appRoleIdMap.Keys | Where-Object {$null -eq $appRoleIdMap[$_]} if ($missingRoleDefs) { $errorMessage = "Querying Microsoft Graph API failed to find the following roles: $($missingRoleDefs -join ', ')" Write-Warning $errorMessage throw $errorMessage } return $appRoleIdMap } function Get-DirectoryRoleList { [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.DoNotExportAttribute()] param( [Parameter(Mandatory = $true)] [string] $PrincipalId ) try { $graphurl = (Get-AzContext).Environment.ExtendedProperties.MicrosoftGraphUrl $uri = $graphurl + "/v1.0/servicePrincipals/$PrincipalId/transitiveMemberOf/microsoft.graph.directoryRole" $RoleList = Invoke-AzRestMethod -Method GET -Uri $uri | Select-Object -ExpandProperty Content | ConvertFrom-Json return $RoleList.value } catch { throw "Microsoft Graph API Error: $_" } } function Get-AssignedAppRoleList { [Microsoft.Azure.PowerShell.Cmdlets.SqlVirtualMachine.DoNotExportAttribute()] param( [Parameter(Mandatory = $true)] [string] $PrincipalId ) try { $graphurl = (Get-AzContext).Environment.ExtendedProperties.MicrosoftGraphUrl $uri = $graphurl + "/v1.0/servicePrincipals/$PrincipalId/appRoleAssignments" $RoleList = Invoke-AzRestMethod -Method GET -Uri $uri | Select-Object -ExpandProperty Content | ConvertFrom-Json return $RoleList.value.AppRoleId } catch { throw "Microsoft Graph API Error: $_" } } # SIG # Begin signature block # MIIoOQYJKoZIhvcNAQcCoIIoKjCCKCYCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDNQ7Q/60f3qHAI # GOs1DeBVoyd6J6LnEBav2OgM8iWwg6CCDYUwggYDMIID66ADAgECAhMzAAAEA73V # lV0POxitAAAAAAQDMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjQwOTEyMjAxMTEzWhcNMjUwOTExMjAxMTEzWjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQCfdGddwIOnbRYUyg03O3iz19XXZPmuhEmW/5uyEN+8mgxl+HJGeLGBR8YButGV # LVK38RxcVcPYyFGQXcKcxgih4w4y4zJi3GvawLYHlsNExQwz+v0jgY/aejBS2EJY # oUhLVE+UzRihV8ooxoftsmKLb2xb7BoFS6UAo3Zz4afnOdqI7FGoi7g4vx/0MIdi # kwTn5N56TdIv3mwfkZCFmrsKpN0zR8HD8WYsvH3xKkG7u/xdqmhPPqMmnI2jOFw/ # /n2aL8W7i1Pasja8PnRXH/QaVH0M1nanL+LI9TsMb/enWfXOW65Gne5cqMN9Uofv # ENtdwwEmJ3bZrcI9u4LZAkujAgMBAAGjggGCMIIBfjAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQU6m4qAkpz4641iK2irF8eWsSBcBkw # VAYDVR0RBE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJh # dGlvbnMgTGltaXRlZDEWMBQGA1UEBRMNMjMwMDEyKzUwMjkyNjAfBgNVHSMEGDAW # gBRIbmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIw # MTEtMDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDEx # XzIwMTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB # AFFo/6E4LX51IqFuoKvUsi80QytGI5ASQ9zsPpBa0z78hutiJd6w154JkcIx/f7r # EBK4NhD4DIFNfRiVdI7EacEs7OAS6QHF7Nt+eFRNOTtgHb9PExRy4EI/jnMwzQJV # NokTxu2WgHr/fBsWs6G9AcIgvHjWNN3qRSrhsgEdqHc0bRDUf8UILAdEZOMBvKLC # rmf+kJPEvPldgK7hFO/L9kmcVe67BnKejDKO73Sa56AJOhM7CkeATrJFxO9GLXos # oKvrwBvynxAg18W+pagTAkJefzneuWSmniTurPCUE2JnvW7DalvONDOtG01sIVAB # +ahO2wcUPa2Zm9AiDVBWTMz9XUoKMcvngi2oqbsDLhbK+pYrRUgRpNt0y1sxZsXO # raGRF8lM2cWvtEkV5UL+TQM1ppv5unDHkW8JS+QnfPbB8dZVRyRmMQ4aY/tx5x5+ # sX6semJ//FbiclSMxSI+zINu1jYerdUwuCi+P6p7SmQmClhDM+6Q+btE2FtpsU0W # +r6RdYFf/P+nK6j2otl9Nvr3tWLu+WXmz8MGM+18ynJ+lYbSmFWcAj7SYziAfT0s # IwlQRFkyC71tsIZUhBHtxPliGUu362lIO0Lpe0DOrg8lspnEWOkHnCT5JEnWCbzu # iVt8RX1IV07uIveNZuOBWLVCzWJjEGa+HhaEtavjy6i7MIIHejCCBWKgAwIBAgIK # YQ6Q0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm # aWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEw # OTA5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYD # VQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG # 9w0BAQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+la # UKq4BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc # 6Whe0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4D # dato88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+ # lD3v++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nk # kDstrjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6 # A4aN91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmd # X4jiJV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL # 5zmhD+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zd # sGbiwZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3 # T8HhhUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS # 4NaIjAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRI # bmTlUAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL # BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBD # uRQFTuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jv # c29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEF # BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1h # cnljcHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkA # YwB5AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn # 8oalmOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7 # v0epo/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0b # pdS1HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/ # KmtYSWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvy # CInWH8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBp # mLJZiWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJi # hsMdYzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYb # BL7fQccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbS # oqKfenoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sL # gOppO6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtX # cVZOSEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCGgowghoGAgEBMIGVMH4x # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01p # Y3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAAQDvdWVXQ87GK0AAAAA # BAMwDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQw # HAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIBeZ # t1oXGJewaN5R50Ab/R08PQdOmacrpQ0v26qlF2YhMEIGCisGAQQBgjcCAQwxNDAy # oBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20wDQYJKoZIhvcNAQEBBQAEggEAKEHyBan8m50sl+4dWdhXfeyUnaDhKKzZBoiO # i3wojd+529p+9v4LJ4+d2t9Gh4fq6bXSHsL3ik5hE+nbeezlCa46ePE0a99NdhjS # dH8UOdGXiJrjaGGF0zw8loqVSVBDnhwdx1F6thov/47Kp4wpMIP53LrYpGPpW7H4 # i4bzVMGlQuVQsRK56mwF6oO9273wbA9Fbh/3iPC4iI/zxxL8GgQ6hMAu7yn4yCQ7 # vPFU/J2NmY/q31Eeiwy86nBkJZv49tDsp6J7h53+rm8VxdCKHIDlgjNTXpYNQdjR # 6V/pBI4gk3yWGpuRQMQ73ZJvhC88lYH1L3v9/kMmzmeBt/+UQaGCF5QwgheQBgor # BgEEAYI3AwMBMYIXgDCCF3wGCSqGSIb3DQEHAqCCF20wghdpAgEDMQ8wDQYJYIZI # AWUDBAIBBQAwggFSBgsqhkiG9w0BCRABBKCCAUEEggE9MIIBOQIBAQYKKwYBBAGE # WQoDATAxMA0GCWCGSAFlAwQCAQUABCDBzYetOtPaudCvQjJDBXFeNCdOP4GgtgeD # FXMc5IK4OAIGZ1rLfdN7GBMyMDI1MDEwOTA2MzY0Ny4wNzZaMASAAgH0oIHRpIHO # MIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQL # ExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxk # IFRTUyBFU046QTkzNS0wM0UwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1l # LVN0YW1wIFNlcnZpY2WgghHqMIIHIDCCBQigAwIBAgITMwAAAekPcTB+XfESNgAB # AAAB6TANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz # aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv # cnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAx # MDAeFw0yMzEyMDYxODQ1MjZaFw0yNTAzMDUxODQ1MjZaMIHLMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1l # cmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046QTkzNS0w # M0UwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2Uw # ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsmowxQRVgp4TSc3nTa6yr # APJnV6A7aZYnTw/yx90u1DSH89nvfQNzb+5fmBK8ppH76TmJzjHUcImd845A/pvZ # Y5O8PCBu7Gq+x5Xe6plQt4xwVUUcQITxklOZ1Rm9fJ5nh8gnxOxaezFMM41sDI7L # MpKwIKQMwXDctYKvCyQy6kO2sVLB62kF892ZwcYpiIVx3LT1LPdMt1IeS35KY5Mx # ylRdTS7E1Jocl30NgcBiJfqnMce05eEipIsTO4DIn//TtP1Rx57VXfvCO8NSCh9d # xsyvng0lUVY+urq/G8QRFoOl/7oOI0Rf8Qg+3hyYayHsI9wtvDHGnT30Nr41xzTp # w2I6ZWaIhPwMu5DvdkEGzV7vYT3tb9tTviY3psul1T5D938/AfNLqanVCJtP4yz0 # VJBSGV+h66ZcaUJOxpbSIjImaOLF18NOjmf1nwDatsBouXWXFK7E5S0VLRyoTqDC # xHG4mW3mpNQopM/U1WJnjssWQluK8eb+MDKlk9E/hOBYKs2KfeQ4HG7dOcK+wMOa # mGfwvkIe7dkylzm8BeAUQC8LxrAQykhSHy+FaQ93DAlfQYowYDtzGXqE6wOATeKF # I30u9YlxDTzAuLDK073cndMV4qaD3euXA6xUNCozg7rihiHUaM43Amb9EGuRl022 # +yPwclmykssk30a4Rp3v9QIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFJF+M4nFCHYj # uIj0Wuv+jcjtB+xOMB8GA1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8G # A1UdHwRYMFYwVKBSoFCGTmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMv # Y3JsL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBs # BggrBgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0 # LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUy # MDIwMTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUH # AwgwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4ICAQBWsSp+rmsxFLe6 # 1AE90Ken2XPgQHJDiS4SbLhvzfVjDPDmOdRE75uQohYhFMdGwHKbVmLK0lHV1Apz # /HciZooyeoAvkHQaHmLhwBGkoyAAVxcaaUnHNIUS9LveL00PwmcSDLgN0V/Fyk20 # QpHDEukwKR8kfaBEX83AyvQzlf/boDNoWKEgpdAsL8SzCzXFLnDozzCJGq0RzwQg # eEBr8E4K2wQ2WXI/ZJxZS/+d3FdwG4ErBFzzUiSbV2m3xsMP3cqCRFDtJ1C3/Jnj # XMChnm9bLDD1waJ7TPp5wYdv0Ol9+aN0t1BmOzCj8DmqKuUwzgCK9Tjtw5KUjaO6 # QjegHzndX/tZrY792dfRAXr5dGrKkpssIHq6rrWO4PlL3OS+4ciL/l8pm+oNJXWG # XYJL5H6LNnKyXJVEw/1FbO4+Gz+U4fFFxs2S8UwvrBbYccVQ9O+Flj7xTAeITJsH # ptAvREqCc+/YxzhIKkA88Q8QhJKUDtazatJH7ZOdi0LCKwgqQO4H81KZGDSLktFv # NRhh8ZBAenn1pW+5UBGYz2GpgcxVXKT1CuUYdlHR9D6NrVhGqdhGTg7Og/d/8oMl # PG3YjuqFxidiIsoAw2+MhI1zXrIi56t6JkJ75J69F+lkh9myJJpNkx41sSB1XK2j # JWgq7VlBuP1BuXjZ3qgym9r1wv0MtTCCB3EwggVZoAMCAQICEzMAAAAVxedrngKb # SZkAAAAAABUwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQI # EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv # ZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmlj # YXRlIEF1dGhvcml0eSAyMDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIy # NVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT # B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UE # AxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXI # yjVX9gF/bErg4r25PhdgM/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjo # YH1qUoNEt6aORmsHFPPFdvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1y # aa8dq6z2Nr41JmTamDu6GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v # 3byNpOORj7I5LFGc6XBpDco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pG # ve2krnopN6zL64NF50ZuyjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg3viS # kR4dPf0gz3N9QZpGdc3EXzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYr # bqgSUei/BQOj0XOmTTd0lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlM # jgK8QmguEOqEUUbi0b1qGFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSL # W6CmgyFdXzB0kZSU2LlQ+QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AF # emzFER1y7435UsSFF5PAPBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIu # rQIDAQABo4IB3TCCAdkwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIE # FgQUKqdS/mTEmr6CkTxGNSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWn # G1M1GelyMFwGA1UdIARVMFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEW # M2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5 # Lmh0bTATBgNVHSUEDDAKBggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBi # AEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV # 9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3Js # Lm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAx # MC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2 # LTIzLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv # 6lwUtj5OR2R4sQaTlz0xM7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZn # OlNN3Zi6th542DYunKmCVgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1 # bSNU5HhTdSRXud2f8449xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4 # rPf5KYnDvBewVIVCs/wMnosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU # 6ZGyqVvfSaN0DLzskYDSPeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDF # NLB62FD+CljdQDzHVG2dY3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/ # HltEAY5aGZFrDZ+kKNxnGSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2tVdU # CbFpAUR+fKFhbHP+CrvsQWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKi # excdFYmNcP7ntdAoGokLjzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTm # dHRbatGePu1+oDEzfbzL6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZq # ELQdVTNYs6FwZvKhggNNMIICNQIBATCB+aGB0aSBzjCByzELMAkGA1UEBhMCVVMx # EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT # FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJp # Y2EgT3BlcmF0aW9uczEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOkE5MzUtMDNF # MC1EOTQ3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMK # AQEwBwYFKw4DAhoDFQCraYf1xDk2rMnU/VJo2GGK1nxo8aCBgzCBgKR+MHwxCzAJ # BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jv # c29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMA0GCSqGSIb3DQEBCwUAAgUA6ymJpTAi # GA8yMDI1MDEwODIzMzI1M1oYDzIwMjUwMTA5MjMzMjUzWjB0MDoGCisGAQQBhFkK # BAExLDAqMAoCBQDrKYmlAgEAMAcCAQACAiY0MAcCAQACAhO3MAoCBQDrKtslAgEA # MDYGCisGAQQBhFkKBAIxKDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSChCjAI # AgEAAgMBhqAwDQYJKoZIhvcNAQELBQADggEBAAQlwho/Cpc2tSYw1vt8Nusm/AJf # /Yqg9evZ8PETElVrzhayzWqvq1NvLQUDBF/h2v4OUD3KLxjhCUKlA/o7mMBoFc7q # pe/AyIaAE19CN0TkdcyLEa/SMG0cUnkOoFF+Oo+eSKd3uznYnmYR9I06LuajHlTh # Xy6N7GOr7J6gOB8vBmPsT7MG2CqyCfzRkz32sb2aUq0NAptBFpcJne91zFxwTUaX # k5wQRyQe94HO9RW2NESkZ9EwvsW2ePzGIpcqLVg7IuOBlV/s89WyfkeoQqlWEdJ4 # LeuzNFzcn08O6mzom6HBrpKEVa7+cHp+6zz+CnEsBGgajWh5fn53NsRbIGoxggQN # MIIECQIBATCBkzB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQ # MA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u # MSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAekP # cTB+XfESNgABAAAB6TANBglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcNAQkDMQ0G # CyqGSIb3DQEJEAEEMC8GCSqGSIb3DQEJBDEiBCDoesrLiO76u6m73W00+oADHg9G # M/eu6FQLIvFWzxbKKTCB+gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0EIKSQkniX # aTcmj1TKQWF+x2U4riVorGD8TwmgVbN9qsQlMIGYMIGApH4wfDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRp # bWUtU3RhbXAgUENBIDIwMTACEzMAAAHpD3Ewfl3xEjYAAQAAAekwIgQgVsI9sjr0 # 4+BLBnuWLK2e0f0duiPIfutB9xw9G6dDkcIwDQYJKoZIhvcNAQELBQAEggIAXR55 # dqkjojogP4JVQ5/60o5aJ32XMs6QgBSVZ+gQJvDSb8n11TZ95P0nFP0AB6evHPkd # jx533bb3pqFccTcuqJExHaB58qhH+PUuRZeo/fN9R4565rbQ3oooKX6nZKyO9rnt # d7z+EYKTakJEhdY64X6FWCRq7SReMPxCZ8aCzmIQNi0hgF5XF0lX2sQRaaah8aHw # zFi4ZTutXTIewP30B2TEwPeT5Iv8OGFQ2/GZsz5c/womV/msE4CU0AkyN/SwgHu7 # fDE5X5ElGY+K/g45ZUaZwX+n0IfE3Ue2/At2LjaYz+rRY+X4JZU7c2BhAZGIJGHv # lCcXbm1aU6jO6a9ujuUhVCQy2JtDNRy1NbRQ6xMTeXKgBxvpRysX+RCoHIDyuDi9 # c8Uxk996Z5jSdgmDUrypCx7H2yAdxq+yOOK/yWLYsdyRJhg9qU6S/CD/gsD3wJeb # DwwUOA96ZR0w7pu2ysvBzGwzYdb7nGMCmsoQfAOorn9tG2HH1ZBj7LkxSI9kVVen # yKPJ+yYl6KWYzBSDSdynMOFEqMO4GF9dOBpqL5LllqDT7a3wxAdPwol3BXZrjGaL # DHXhwIaNIws5lbtK2nQeyGnUXX1uuJ19fEk/tfDYSD4IrN9xq+oqhDFMwSzBq4O8 # zSLldv3oi3/pyqU3jdJaavvvP8n3dliRHoOFtaM= # SIG # End signature block |