Private/AzStackHci.Layer7.Helpers.ps1
|
# //////////////////////////////////////////////////////////////////////////// # Helper function to get certificate details for an endpoint # # Certificate chain validation flow: # 1. If HTTPS: calls Get-SslCertificateChain to retrieve the full X509 chain (leaf, intermediate, root) # 2. Validates the leaf certificate using Test-Certificate -Policy SSL # 3. Then validates the leaf certificate against the specific DNS name # 4. If either validation fails: marks as SSL Inspection detected (sets $script:SSLInspectionDetected) # 5. Extracts Subject, Issuer, and Thumbprint for all three chain levels # 6. If HTTP (port 80): skips all cert checks and fills fields with "Port 80 - SSL not required" # 7. If cert retrieval fails: fills fields with "Error retrieving certificates" # # This is a private helper function for Test-Layer7Connectivity Function Get-Layer7CertificateDetails { param ( [Parameter(Mandatory=$true)] [string]$url, [Parameter(Mandatory=$true)] [string]$Layer7Status, [Parameter(Mandatory=$false)] [string]$ReturnLayer7Response = "" ) # Initialize return hashtable $CertDetails = @{ Layer7Status = $Layer7Status ReturnLayer7Response = $ReturnLayer7Response ReturnCertIssuer = "" ReturnCertSubject = "" ReturnCertThumbprint = "" ReturnCertIntIssuer = "" ReturnCertIntSubject = "" ReturnCertIntThumbprint = "" ReturnCertRootIssuer = "" ReturnCertRootSubject = "" ReturnCertRootThumbprint = "" } try { # Check if the URL is HTTPS if($url -match "https://"){ # Get the certificate chain for the URL # The function will check for SSL inspection, and return the certificate issuer # The function will return the certificate issuer, thumbprint, and subject $Certificates = Get-SslCertificateChain -url $url -AllowAutoRedirect $false -ErrorAction SilentlyContinue # Retry once if cert retrieval failed (intermittent backend pool server issues can cause TLS handshake timeouts) if(-not $Certificates){ Write-Debug "Certificate retrieval failed for '$url', retrying once..." $Certificates = Get-SslCertificateChain -url $url -AllowAutoRedirect $false -ErrorAction SilentlyContinue } } else { # No certificate required for HTTP (port 80) $NoCertificatesRequired = $true Write-Verbose "Port 80: SSL certificate checks not required." } # Get Certificate details if($Certificates){ # Get the certificate chain elements array with bounds safety $chainCerts = $Certificates.ChainElements.Certificate [int]$chainCount = if ($chainCerts) { @($chainCerts).Count } else { 0 } # Check if the certificate chain is not null if($chainCount -gt 0){ Write-Verbose "Certificates Chain found with $chainCount parts" } else { # No certificate found Write-HostAzS "Error: No SSL Certificates found" -ForegroundColor Red } # Leaf certificate (index 0) - only access if chain has at least 1 element if($chainCount -ge 1){ # Check if the certificate subject is not null if(-not([string]::IsNullOrWhiteSpace($chainCerts[0].Subject))){ # Set the certificate subject to the variable $CertDetails.ReturnCertSubject = $chainCerts[0].Subject # Check the certificate using Test-Certificate, to check if the certificate is trusted for SSL # Check if the certificate is trusted for SSL if(Test-Certificate -Cert $chainCerts[0] -Policy SSL -ErrorAction SilentlyContinue -ErrorVariable certError){ # Certificate is valid for SSL Write-Verbose "Certificate is trusted for SSL: $($CertDetails.ReturnCertSubject)" # Check if the certificate is valid for the URL if(Test-Certificate -Cert $chainCerts[0] -Policy SSL -DNSName (Get-DomainFromURL -url $url).Domain -ErrorAction SilentlyContinue -ErrorVariable certError){ # Certificate is a valid for URL Write-Verbose "Certificate is a valid for endpoint: $url" } else { # Certificate is not valid for URL Write-HostAzS "Certificate is not valid for endpoint: $url" -ForegroundColor Red Write-HostAzS "Possible SSL Inspection detected, certificate is not trusted." -ForegroundColor Yellow Write-HostAzS "Returned certificate subject: '$($CertDetails.ReturnCertSubject)'" -ForegroundColor Yellow $CertDetails.Layer7Status = "Failed" $CertDetails.ReturnLayer7Response = $CertDetails.ReturnLayer7Response + " - SSL Inspection detected" $script:SSLInspectionDetected = $true $script:SSLInspectedURLs.Add($url) | Out-Null } } else { # Certificate is not valid for SSL Write-HostAzS "Certificate is not trusted for SSL: $($CertDetails.ReturnCertSubject)" -ForegroundColor Red # SSL inspection detected Write-HostAzS "Possible SSL Inspection detected, certificate is not trusted." -ForegroundColor Yellow $CertDetails.Layer7Status = "Failed" $CertDetails.ReturnLayer7Response = $CertDetails.ReturnLayer7Response + " - SSL Inspection detected" $script:SSLInspectionDetected = $true $script:SSLInspectedURLs.Add($url) | Out-Null } } else { # No certificate subject found $CertDetails.ReturnCertSubject = "No certificate common name found" } # Check if the certificate issuer is not null if(-not([string]::IsNullOrWhiteSpace($chainCerts[0].Issuer))){ # Set the certificate issuer to the variable $CertDetails.ReturnCertIssuer = $chainCerts[0].Issuer } else { # No certificate issuer found $CertDetails.ReturnCertIssuer = "No certificate issuer found" } # Check if the certificate thumbprint is not null if(-not([string]::IsNullOrWhiteSpace($chainCerts[0].Thumbprint))){ # Set the certificate thumbprint to the variable $CertDetails.ReturnCertThumbprint = $chainCerts[0].Thumbprint } else { # No certificate thumbprint found $CertDetails.ReturnCertThumbprint = "No certificate thumbprint found" } } else { $CertDetails.ReturnCertSubject = "No leaf certificate found in chain" $CertDetails.ReturnCertIssuer = "No leaf certificate found in chain" $CertDetails.ReturnCertThumbprint = "No leaf certificate found in chain" } # Intermediate certificate (index 1) - only access if chain has at least 2 elements if($chainCount -ge 2){ # Check if the intermediate certificate subject is not null if(-not([string]::IsNullOrWhiteSpace($chainCerts[1].Subject))){ # Set the certificate issuer to the variable $CertDetails.ReturnCertIntSubject = $chainCerts[1].Subject } else { # No intermediate certificate Subject found $CertDetails.ReturnCertIntSubject = "No intermediate certificate common name found" } # Check if the intermediate certificate issuer is not null if(-not([string]::IsNullOrWhiteSpace($chainCerts[1].Issuer))){ # Set the certificate issuer to the variable $CertDetails.ReturnCertIntIssuer = $chainCerts[1].Issuer } else { # No intermediate certificate issuer found $CertDetails.ReturnCertIntIssuer = "No intermediate certificate issuer found" } # Check if the intermediate certificate thumbprint is not null if(-not([string]::IsNullOrWhiteSpace($chainCerts[1].Thumbprint))){ # Set the certificate thumbprint to the variable $CertDetails.ReturnCertIntThumbprint = $chainCerts[1].Thumbprint } else { # No intermediate certificate thumbprint found $CertDetails.ReturnCertIntThumbprint = "No intermediate certificate thumbprint found" } } else { $CertDetails.ReturnCertIntSubject = "No intermediate certificate in chain" $CertDetails.ReturnCertIntIssuer = "No intermediate certificate in chain" $CertDetails.ReturnCertIntThumbprint = "No intermediate certificate in chain" } # Root certificate (index 2) - only access if chain has at least 3 elements if($chainCount -ge 3){ # Check if the root certificate subject is not null if(-not([string]::IsNullOrWhiteSpace($chainCerts[2].Subject))){ # Set the certificate issuer to the variable $CertDetails.ReturnCertRootSubject = $chainCerts[2].Subject } else { # No root certificate Subject found $CertDetails.ReturnCertRootSubject = "No root certificate common name found" } # Check if the root certificate issuer is not null if(-not([string]::IsNullOrWhiteSpace($chainCerts[2].Issuer))){ # Set the certificate issuer to the variable $CertDetails.ReturnCertRootIssuer = $chainCerts[2].Issuer } else { # No root certificate issuer found $CertDetails.ReturnCertRootIssuer = "No root certificate issuer found" } # Check if the root certificate thumbprint is not null if(-not([string]::IsNullOrWhiteSpace($chainCerts[2].Thumbprint))){ # Set the certificate thumbprint to the variable $CertDetails.ReturnCertRootThumbprint = $chainCerts[2].Thumbprint } else { # No root certificate thumbprint found $CertDetails.ReturnCertRootThumbprint = "No root certificate thumbprint found" } } else { $CertDetails.ReturnCertRootSubject = "No root certificate in chain" $CertDetails.ReturnCertRootIssuer = "No root certificate in chain" $CertDetails.ReturnCertRootThumbprint = "No root certificate in chain" } } elseif($NoCertificatesRequired){ # No certificate found, as the port is 80 $CertDetails.ReturnCertIssuer = "Port 80 - SSL not required" $CertDetails.ReturnCertSubject = "Port 80 - SSL not required" $CertDetails.ReturnCertThumbprint = "Port 80 - SSL not required" $CertDetails.ReturnCertIntIssuer = "Port 80 - SSL not required" $CertDetails.ReturnCertIntSubject = "Port 80 - SSL not required" $CertDetails.ReturnCertIntThumbprint = "Port 80 - SSL not required" $CertDetails.ReturnCertRootIssuer = "Port 80 - SSL not required" $CertDetails.ReturnCertRootSubject = "Port 80 - SSL not required" $CertDetails.ReturnCertRootThumbprint = "Port 80 - SSL not required" Write-Verbose "Port 80: SSL certificate checks not required." } else { # No certificate found, but expected $CertDetails.ReturnCertIssuer = "Error retrieving certificates" $CertDetails.ReturnCertSubject = "Error retrieving certificates" $CertDetails.ReturnCertThumbprint = "Error retrieving certificates" $CertDetails.ReturnCertIntIssuer = "Error retrieving certificates" $CertDetails.ReturnCertIntSubject = "Error retrieving certificates" $CertDetails.ReturnCertIntThumbprint = "Error retrieving certificates" $CertDetails.ReturnCertRootIssuer = "Error retrieving certificates" $CertDetails.ReturnCertRootSubject = "Error retrieving certificates" $CertDetails.ReturnCertRootThumbprint = "Error retrieving certificates" Write-HostAzS "Error retrieving certificates..." -ForegroundColor Red } } catch { # Catch any unexpected errors during certificate chain processing Write-HostAzS "Error processing certificate details for '$url': $($_.Exception.Message)" -ForegroundColor Red $CertDetails.ReturnCertIssuer = "Error: $($_.Exception.Message)" $CertDetails.ReturnCertSubject = "Error: $($_.Exception.Message)" $CertDetails.ReturnCertThumbprint = "Error: $($_.Exception.Message)" $CertDetails.ReturnCertIntIssuer = "Error: $($_.Exception.Message)" $CertDetails.ReturnCertIntSubject = "Error: $($_.Exception.Message)" $CertDetails.ReturnCertIntThumbprint = "Error: $($_.Exception.Message)" $CertDetails.ReturnCertRootIssuer = "Error: $($_.Exception.Message)" $CertDetails.ReturnCertRootSubject = "Error: $($_.Exception.Message)" $CertDetails.ReturnCertRootThumbprint = "Error: $($_.Exception.Message)" } return $CertDetails } # //////////////////////////////////////////////////////////////////////////// # Helper function to get certificate details for failed endpoints # This is a private helper function for Test-Layer7Connectivity Function Get-FailedEndpointCertificateDetails { param ( [Parameter(Mandatory=$true)] [string]$url ) # Initialize return hashtable $CertDetails = @{ ReturnCertIssuer = "" ReturnCertSubject = "" ReturnCertThumbprint = "" ReturnCertIntIssuer = "" ReturnCertIntSubject = "" ReturnCertIntThumbprint = "" ReturnCertRootIssuer = "" ReturnCertRootSubject = "" ReturnCertRootThumbprint = "" } # Check if the URL is HTTPS if($url -match "https://"){ # Do not attempt to check the certificate, as the Layer7Status is not "Success" Write-Debug "Unable to check certificates, as Layer7Status is 'Failed'" $CertDetails.ReturnCertIssuer = "Failed - Certificate not checked" $CertDetails.ReturnCertSubject = "Failed - Certificate not checked" $CertDetails.ReturnCertThumbprint = "Failed - Certificate not checked" $CertDetails.ReturnCertIntIssuer = "Failed - Certificate not checked" $CertDetails.ReturnCertIntSubject = "Failed - Certificate not checked" $CertDetails.ReturnCertIntThumbprint = "Failed - Certificate not checked" $CertDetails.ReturnCertRootIssuer = "Failed - Certificate not checked" $CertDetails.ReturnCertRootSubject = "Failed - Certificate not checked" $CertDetails.ReturnCertRootThumbprint = "Failed - Certificate not checked" } else { # No certificate required for HTTP (port 80) $CertDetails.ReturnCertIssuer = "Failed - (But Certificate not required for port 80)" $CertDetails.ReturnCertSubject = "Failed - (But Certificate not required for port 80)" $CertDetails.ReturnCertThumbprint = "Failed - (But Certificate not required for port 80)" $CertDetails.ReturnCertIntIssuer = "Failed - (But Certificate not required for port 80)" $CertDetails.ReturnCertIntSubject = "Failed - (But Certificate not required for port 80)" $CertDetails.ReturnCertIntThumbprint = "Failed - (But Certificate not required for port 80)" $CertDetails.ReturnCertRootIssuer = "Failed - (But Certificate not required for port 80)" $CertDetails.ReturnCertRootSubject = "Failed - (But Certificate not required for port 80)" $CertDetails.ReturnCertRootThumbprint = "Failed - (But Certificate not required for port 80)" } return $CertDetails } # //////////////////////////////////////////////////////////////////////////// # Helper function to interpret HTTP status codes and exception responses # This is a private helper function for Test-Layer7Connectivity # It determines whether a failed web request should be treated as "Success" (endpoint reachable) # or "Failed" (endpoint unreachable) based on the response string, server headers, and endpoint URL. # Documentation: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status Function Get-HttpStatusInterpretation { param ( [Parameter(Mandatory=$true)] [string]$Layer7Response, [Parameter(Mandatory=$false)] [object]$IwrError, [Parameter(Mandatory=$false)] [string]$OriginalURL ) # Check if the response is a known value if($Layer7Response -eq "Unable to connect to the remote server"){ # Overwrite the Layer7Status to "Failed". return "Failed" } elseif($Layer7Response -eq "The operation has timed out"){ # Overwrite the Layer7Status to "Failed". return "Failed" } elseif($Layer7Response -like "The remote name could not be resolved*"){ # Overwrite the Layer7Status to "Failed". return "Failed" } elseif($Layer7Response -eq "(400) Bad Request"){ # Request was successful, but it was a bad request return "Success" } elseif($Layer7Response -eq "(401) Unauthorized"){ # Request was successful, but the request was not authorized return "Success" } elseif($Layer7Response -eq "(404) Not Found"){ # Request was successful, but the remote server returned no content from the root of the web server (404 page not found). return "Success" # Exception handling for 403 Forbidden responses } elseif($Layer7Response -eq "(403) Forbidden"){ # Additional connectivity test for 403 Forbidden, to check if the URL is accessible if($($IwrError.ErrorRecord.Exception.Response.Server) -like "Microsoft-IIS*") { # Microsoft IIS Server detected, valid connection return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.Server) -like "Microsoft-HTTPAPI*") { # Microsoft HTTPAPI Server detected, valid connection return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.Server) -like "AkamaiGHost*") { # AkamaiGHost detected, valid connection return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.Server) -like "AkamaiNetStorage*") { # AkamaiNetStorage detected, valid connection return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.Server) -like "Qwilt*") { # Qwilt detected, valid connection return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.Server) -like "AzureContainerRegistry") { # AzureContainerRegistry detected, valid connection return "Success" } elseif(($($IwrError.ErrorRecord.Exception.Response.Server) -eq "nginx") -and ($OriginalURL -eq "tlu.dl.delivery.mp.microsoft.com")) { # Windows Update endpoint 'tlu.dl.delivery.mp.microsoft.com', with Server "nginx" can intermittently return a 403 response # Set status to successful connection return "Success" } elseif(($($IwrError.ErrorRecord.Exception.Response.Server) -like "Amazon*") -and ($OriginalURL -eq "download.hitachivantara.com")) { # SBE endpoint: download.hitachivantara.com detected has Server "AmazonS3" # Set status to successful connection return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.StatusDescription) -eq "Forbidden - unexpected URL format") { # "Forbidden - unexpected URL format" detected, valid connection # Example URL: tlu.dl.delivery.mp.microsoft.com on port 80, which intermittently changes between "AkamaiGHost" and a null value for "$_.Exception.Response.Server" return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.Headers) -contains "x-azure-ref") { # Azure Front Door response detected, valid connection return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.Headers) -contains "X-MSEdge-Ref") { # Microsoft Edge response detected, valid connection return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.Headers) -contains "x-ms-request-id") { # Microsoft Edge response detected, valid connection return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.Headers) -contains "Location") { # Additional check for "Location" header in the response # This is used by some Microsoft services to indicate a redirect if($($IwrError.ErrorRecord.Exception.Response.Headers["Location"]) -like "*mscom.errorpage.failover.com*") { # Microsoft web server response detected, valid connection return "Success" } # Location header present but not a known Microsoft redirect - fall through to default Failed return "Failed" } elseif($($IwrError.ErrorRecord.Exception.Response.Server) -like "Zscaler*") { # Zscaler response detected, invalid connection # Known firewall / proxy device intercepting requests # Set status to Failed return "Failed" } elseif($IwrError.Message.ToString().Contains("You do not have permission to view this directory or page using the credentials that you supplied.")){ # Expected response from a couple of endpoints # Response: "403 - Forbidden: Access is denied." # Server Error # Server example: 'https://azurewatsonanalysis-prod.core.windows.net' and key vaults # Response: "403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied." # You do not have permission to view this directory or page using the credentials that you supplied. return "Success" } else { # ////// All other 403 Forbidden responses /////// # Unknown, set Layer7Status to "Failed" return "Failed" } } elseif($Layer7Response -eq "(405) Method Not Allowed"){ # Overwrite the Layer7Status to "Failed". # https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/405 if(($($IwrError.ErrorRecord.Exception.Response.Server) -like "Microsoft*")) { # https://dataonsbe.azurewebsites.net/download returns a 405, valid connection return "Success" } else { return "Failed" } } elseif($Layer7Response -eq "(408) Request Timeout"){ # Overwrite the Layer7Status to "Failed". # https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/408 return "Failed" } elseif($Layer7Response -eq "(429) Too Many Requests"){ # Overwrite the Layer7Status to "Success", as this the server is responding with a "429" Too Many Requests # https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/429 return "Success" } elseif($Layer7Response -eq "(500) Internal Server Error"){ # The server returned a 500 error, but connectivity to the endpoint was established successfully. # This indicates the endpoint is reachable (firewall/proxy rules are correct), even though the service has an internal error. # https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/500 return "Success" } elseif($Layer7Response -eq "(502) Bad Gateway"){ # Overwrite the Layer7Status to "Failed", another device can respond. # https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/502 # Additional check for 502 Bad Gateway, to check for "Microsoft-Azure-Application-Gateway/v2" in the response if($($IwrError.ErrorRecord.Exception.Response.Server) -like 'Microsoft-Azure-Application-Gateway*') { Write-Verbose "Azure Application Gateway response detected, valid connection" return "Success" # Additional check for Arc Gateway response } elseif($IwrError.Message.ToString().Contains("Our services aren't available right now") -and (($OriginalURL -like "*.gw.arc.azure.com") -or ($OriginalURL -eq "dp.stackhci.azure.com"))) { Write-Verbose "Azure Front Door response detected, valid connection" return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.Headers) -contains "x-azure-ref") { # Azure Front Door response detected, valid connection even though the response is 502 Bad Gateway Write-Verbose "Azure Front Door response detected, valid connection" return "Success" } else { return "Failed" } } elseif($Layer7Response -eq "(503) Server Unavailable"){ # Overwrite the Layer7Status to "Success". # 503 status code indicates that the server is not ready to handle the request. # This can be due to the server being overloaded or down for maintenance. # https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/503 return "Success" # Could not 'Could not establish trust relationship for the SSL/TLS secure channel' } elseif($Layer7Response -like "*Could not establish trust relationship for the SSL/TLS secure channel"){ # Overwrite the Layer7Status to "Failed" return "Failed" # ////// All other / unhandled exceptions treat as Failed ////// } else { # Overwrite the Layer7Status to "Failed" return "Failed" } } # //////////////////////////////////////////////////////////////////////////// # Helper function to resolve HTTP redirects # This is a private helper function for Test-Layer7Connectivity Function Resolve-Layer7Redirect { param ( [Parameter(Mandatory=$true)] [object]$IwrResult, [Parameter(Mandatory=$true)] [string]$url, [Parameter(Mandatory=$true)] [int]$RedirectCount ) # Initialize return hashtable $RedirectInfo = @{ RedirectsComplete = $false NextUrl = $url Layer7Status = "Success" ReturnLayer7Response = "" } # Check if the response contains a redirect (HTTP 301 or 302) if ($IwrResult.StatusCode -eq 301 -or $IwrResult.StatusCode -eq 302) { # Redirect detected Write-Verbose "Redirect detected to: $($IwrResult.Headers.Location)" # Check if the redirect count is less than 10 if($RedirectCount -lt 10){ # Set the URL to the redirected URL $RedirectInfo.NextUrl = $IwrResult.Headers.Location # Add the redirected URL to the RedirectedResults array $script:RedirectedResults.Add($IwrResult.Headers.Location) | Out-Null # Set the Layer7Status to Success, as the redirect was successful $RedirectInfo.Layer7Status = "Success" if($IwrResult.StatusCode -eq 301){ $RedirectInfo.ReturnLayer7Response = "HTTP 301 redirect" } else { $RedirectInfo.ReturnLayer7Response = "HTTP 302 redirect" } # Continue with the redirect $RedirectInfo.RedirectsComplete = $false } else { # Redirect count is greater than or equal to 10 Write-HostAzS "Redirect count is greater than or equal to 10, stopping redirects." -ForegroundColor Yellow $RedirectInfo.Layer7Status = "Failed" $RedirectInfo.ReturnLayer7Response = "Too many redirects (10+)" $RedirectInfo.RedirectsComplete = $true } } else { # No redirect detected $RedirectInfo.RedirectsComplete = $true $RedirectInfo.Layer7Status = "Success" $RedirectInfo.ReturnLayer7Response = "HTTP $($IwrResult.StatusCode) $($IwrResult.StatusDescription)" } return $RedirectInfo } # SIG # Begin signature block # MIIoLQYJKoZIhvcNAQcCoIIoHjCCKBoCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAsRKCMrxzEkCIE # t19+PV6tuPjsbIceVgSaPKKd+MB8DqCCDXYwggX0MIID3KADAgECAhMzAAAEhV6Z # 7A5ZL83XAAAAAASFMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjUwNjE5MTgyMTM3WhcNMjYwNjE3MTgyMTM3WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDASkh1cpvuUqfbqxele7LCSHEamVNBfFE4uY1FkGsAdUF/vnjpE1dnAD9vMOqy # 5ZO49ILhP4jiP/P2Pn9ao+5TDtKmcQ+pZdzbG7t43yRXJC3nXvTGQroodPi9USQi # 9rI+0gwuXRKBII7L+k3kMkKLmFrsWUjzgXVCLYa6ZH7BCALAcJWZTwWPoiT4HpqQ # hJcYLB7pfetAVCeBEVZD8itKQ6QA5/LQR+9X6dlSj4Vxta4JnpxvgSrkjXCz+tlJ # 67ABZ551lw23RWU1uyfgCfEFhBfiyPR2WSjskPl9ap6qrf8fNQ1sGYun2p4JdXxe # UAKf1hVa/3TQXjvPTiRXCnJPAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUuCZyGiCuLYE0aU7j5TFqY05kko0w # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzUwNTM1OTAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBACjmqAp2Ci4sTHZci+qk # tEAKsFk5HNVGKyWR2rFGXsd7cggZ04H5U4SV0fAL6fOE9dLvt4I7HBHLhpGdE5Uj # Ly4NxLTG2bDAkeAVmxmd2uKWVGKym1aarDxXfv3GCN4mRX+Pn4c+py3S/6Kkt5eS # DAIIsrzKw3Kh2SW1hCwXX/k1v4b+NH1Fjl+i/xPJspXCFuZB4aC5FLT5fgbRKqns # WeAdn8DsrYQhT3QXLt6Nv3/dMzv7G/Cdpbdcoul8FYl+t3dmXM+SIClC3l2ae0wO # lNrQ42yQEycuPU5OoqLT85jsZ7+4CaScfFINlO7l7Y7r/xauqHbSPQ1r3oIC+e71 # 5s2G3ClZa3y99aYx2lnXYe1srcrIx8NAXTViiypXVn9ZGmEkfNcfDiqGQwkml5z9 # nm3pWiBZ69adaBBbAFEjyJG4y0a76bel/4sDCVvaZzLM3TFbxVO9BQrjZRtbJZbk # C3XArpLqZSfx53SuYdddxPX8pvcqFuEu8wcUeD05t9xNbJ4TtdAECJlEi0vvBxlm # M5tzFXy2qZeqPMXHSQYqPgZ9jvScZ6NwznFD0+33kbzyhOSz/WuGbAu4cHZG8gKn # lQVT4uA2Diex9DMs2WHiokNknYlLoUeWXW1QrJLpqO82TLyKTbBM/oZHAdIc0kzo # STro9b3+vjn2809D0+SOOCVZMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGg0wghoJAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAASFXpnsDlkvzdcAAAAABIUwDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIAZTd+nbwTpVSDHZBNVe5KZT # 7e87FQ36U/eO0+u9EFzUMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEAhKwSwV7DPiC6ApNkci3frjUZt7wGjTqnzZ+V5PJKxJCTT3Kn76LDBSgE # VA401pKO5kzHS+cGGwBC9kpokFgLnOEkjRxmJmZK06lrUze3FJ7a/TXOYpka4jqL # gv5/tVCAqY5LLBmdWcaTHlFYQZ7DAY7sW9CAlP52H/UCzJkdd3hyd9hJIKOGb7we # 1TPwIxjBSI/5tdoayPXSD10G8eYjT7Z1PSSSQs/2vMnbJyO89TIcYGOUQipWqJrf # akUqDNLLTjdoLSZ/wZCkqXtCJLwWW6AnEwEFKvR+ZkBv8wSODAQk570Gz96JrjLz # MOwtXKr/du7VAn07D44s8wpKg9WFLaGCF5cwgheTBgorBgEEAYI3AwMBMYIXgzCC # F38GCSqGSIb3DQEHAqCCF3AwghdsAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFSBgsq # hkiG9w0BCRABBKCCAUEEggE9MIIBOQIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCB5XGD1sOWr9TfRdeY8cbVsuYYXd93S3COnT10PZDYXgQIGadg5FpZr # GBMyMDI2MDQxNzE1MDY0My43MzNaMASAAgH0oIHRpIHOMIHLMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1l # cmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046MzcwMy0w # NUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2Wg # ghHtMIIHIDCCBQigAwIBAgITMwAAAh86cGnkojAulQABAAACHzANBgkqhkiG9w0B # AQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYD # VQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAeFw0yNjAyMTkxOTM5 # NTFaFw0yNzA1MTcxOTM5NTFaMIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz # aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv # cnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25z # MScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046MzcwMy0wNUUwLUQ5NDcxJTAjBgNV # BAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQDLO8XFOcfGqAqgiz0+AmQmFl3dZ0aTG4UFJkqqNdMH # y28DaheCBs6ONufukye5x42CWkzgRIy9kE2VWwEntZ8ZkgyrykC0bIqsID7+6Fxg # useTXf1Vwvm1D8104VmetoBJlJ4uGbuyJZUvXDx55nVh50ygLTzZ24WkQsnPpvRZ # v2kPc39f3bhLyHVtnHsa/W/86Vrftd+AfFveA+qN/EY+XGj5c/DPMXCYECb0arYb # 92dDJWtwzpyBrp4gfHlgY1UEpc4l4AGELrf2J4wrxTzTW+SM8XhV1dOOPrYjD080 # IbZqL8B+IF0RCdn269YXrGK6QIHipznKZcCS8jN30YAHnTJVN5Zzs6t/2YsqBGDq # uvDad7934FFTwzvUcO3VoIyd93XWwvP8/SCFVJh21W8oGQTptGHyly+Fl4henVMV # ZF1v6osOtirX8GFTiEhnf8nRdOg7yZYAJ0xy9CtDfbXaTn/cf3Lq3N/GCYKFjC+5 # mUCE+AJhmxMuMdvSUGmKiAFdiPAjUTqsWWBBZJm0eCwgeGJFmmQA+V7/98BKcE+g # UL7O9eWRDQwKeAcvo6rxNv2Y4jKrHA6Z/wi3a/fKUhLCNZES8qGdrpDAm7qh+6Fj # YxytAbkiKM6uTNy/ULPlwtlYZoAJDDQP7eYCywwVbNTbHXRBSS+NccC0sSB4W7U6 # 7wIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFNk72sGDlH0r5DwvfGR5XwJI8B7bMB8G # A1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8GA1UdHwRYMFYwVKBSoFCG # Tmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUy # MFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBsBggrBgEFBQcBAQRgMF4w # XAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2Vy # dHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3J0MAwG # A1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwDgYDVR0PAQH/BAQD # AgeAMA0GCSqGSIb3DQEBCwUAA4ICAQBlbu3IoynnPz0K1iPbeNnsej2b15l5sdl2 # FAFBBGT9lRdc2gNV8LAIusPYHHhUvRDcsx4lbMNhVKPGu4TDLaqNt/CI+SFtGuqd # RLpVP1XE9cCLyKrKPpcJFJCqPpV+efoAtYBmIUQcxxwT7WIQ7gag8+rkKvrMkCoR # qKS0mKv8J1sKfi85+G2uhZ/1RteSVdYZOZOj+Sb4wzonTCTj7EtgMN/BX35W5dTz # d7wJdGepYkVi871dSrC2Tr1ZFzAR7S44drCWZpJ6phJabVNOsNxFJKgSykugOGWz # Q318Rr3MTPg2s3Bns+pUPVgMijd4bUOH2BlEsLMMwOcolTTZqg1HYrdY1jxpUAI9 # ipjBQRINL/O705Z+/f2LjNmJQooCVJVX24adpZ519SsfazGoqXGt91bmqKo0fI09 # Il4sUHh4ih6rpiQDBlyL7vmvCejwVxYevY4qVwTZ/o3gvl+R0lFxYS9feIM4NeG0 # +WsDZ7jLci5MFeuNwosQY3z26Xg1oj0U9u+ncR9uTU+xBmJ8BtlCdhQ13RNMX5P+ # krRYPB3XCp9Jm6XaO1995q32AIZm1mzBGI6yHlviXaEC5TzGiO1LXuPtXZU2X93o # QJbMoe3v8+5CPKrQalGWyYuh2a3V1pwbj+W0FEmEFPpu8TI+qYO1IIQWUSRvFjXt # h5Ob02hMMjCCB3EwggVZoAMCAQICEzMAAAAVxedrngKbSZkAAAAAABUwDQYJKoZI # hvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAw # DgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x # MjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAy # MDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIyNVowfDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRp # bWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC # AQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXIyjVX9gF/bErg4r25Phdg # M/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjoYH1qUoNEt6aORmsHFPPF # dvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1yaa8dq6z2Nr41JmTamDu6 # GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v3byNpOORj7I5LFGc6XBp # Dco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pGve2krnopN6zL64NF50Zu # yjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg3viSkR4dPf0gz3N9QZpGdc3E # XzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYrbqgSUei/BQOj0XOmTTd0 # lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlMjgK8QmguEOqEUUbi0b1q # GFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSLW6CmgyFdXzB0kZSU2LlQ # +QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AFemzFER1y7435UsSFF5PA # PBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIurQIDAQABo4IB3TCCAdkw # EgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQUKqdS/mTEmr6CkTxG # NSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMFwGA1UdIARV # MFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWlj # cm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTATBgNVHSUEDDAK # BggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMC # AYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbLj+iiXGJo0T2UkFvX # zpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20v # cGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcmwwWgYI # KwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNydDANBgkqhkiG # 9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv6lwUtj5OR2R4sQaTlz0x # M7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZnOlNN3Zi6th542DYunKmC # VgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1bSNU5HhTdSRXud2f8449 # xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4rPf5KYnDvBewVIVCs/wM # nosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU6ZGyqVvfSaN0DLzskYDS # PeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDFNLB62FD+CljdQDzHVG2d # Y3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/HltEAY5aGZFrDZ+kKNxn # GSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2tVdUCbFpAUR+fKFhbHP+Crvs # QWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKiexcdFYmNcP7ntdAoGokL # jzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTmdHRbatGePu1+oDEzfbzL # 6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZqELQdVTNYs6FwZvKhggNQ # MIICOAIBATCB+aGB0aSBzjCByzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp # bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw # b3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEn # MCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOjM3MDMtMDVFMC1EOTQ3MSUwIwYDVQQD # ExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMKAQEwBwYFKw4DAhoDFQBL # IMg1P7sNuCXpmbH2IXT2tXeEEKCBgzCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1w # IFBDQSAyMDEwMA0GCSqGSIb3DQEBCwUAAgUA7YyZqTAiGA8yMDI2MDQxNzExMzYw # OVoYDzIwMjYwNDE4MTEzNjA5WjB3MD0GCisGAQQBhFkKBAExLzAtMAoCBQDtjJmp # AgEAMAoCAQACAgggAgH/MAcCAQACAhM9MAoCBQDtjespAgEAMDYGCisGAQQBhFkK # BAIxKDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSChCjAIAgEAAgMBhqAwDQYJ # KoZIhvcNAQELBQADggEBAIcSNlmLYMZMR+7q2SFni0A1NUfEXqDF8bTAYz2pO9F4 # e56U3baPcKvbkTOYIauLM+uJVH4gnRx2gHLeArY3ABkoJUyA/FOnBRgmGG7wqjol # fXaCUbxyAIzFFKavSsKdVY+lxcxyS3fuKSwkiEdQWzfGrN4Pq4BZ8VeTDW0+sM/9 # xMVKrNgGd/a2RTT1TBuNluGXKfBVhPZfkWV5KOi/psrGjcv6d8lvw/6nV8ftxUhG # Nq9x7juGM8a/knd4SqQmCa8CA5sxlmN8L3N6KAWdBZegwLPm4HkrPaZqbl+UHe1T # 8WBBltD5eyudUGFSyMUwOq0rHlmAijBk9/Am9F+ywnMxggQNMIIECQIBATCBkzB8 # MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVk # bW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1N # aWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAh86cGnkojAulQABAAAC # HzANBglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE # MC8GCSqGSIb3DQEJBDEiBCCWrt9evBBtGKnqYTqY2ME1oJUl4Ka+XCX8tY3KwzH3 # YjCB+gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0EILAkCt9WkCsMtURkFu6TY0P3 # UXdRnCiYuPZhe3ykLfwUMIGYMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgT # Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m # dCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENB # IDIwMTACEzMAAAIfOnBp5KIwLpUAAQAAAh8wIgQg0GOT4Zm9hpJa3ln0tUmdT1I8 # dG5F8d533+J38H2niW8wDQYJKoZIhvcNAQELBQAEggIAKSm6P+whIMvEvTatLDAl # DK1gSjKDe9Uu3njT6lWhIINHgoocSocfGi2Bz1AOF/9Ux5TvRziA6eXJNEruTYKf # kPDsZ0UGF2jQCQ3+eq8ashcZa7YqLdazbZf+Oozncz4OmFqWqJaO2KxLT6r8c6QH # tO9sf1kT7DwFg1LD0sNI50pavJhT18drHfrShKngUTbEcp1PB9KPwdBQyQzg/j7r # thju9re3Zmgz5C92J3r6wxxG4wozDHZ+brvF2EnfyPX9Se34HE9+nla82sDs0lIl # WDAqRKn+amt+VUtJ/Npxzb3XGdcmFBt5txD/gW7MiBxDqXLR1LmWF5eTV24ulPLS # IQPXTSMpMhI6U33Neg/MxNGLy0Pyko4MsI8Xo5l6NbPPEHAwSK5BSTnfcbn4HlFJ # biUICIgm1Lt19uzR02uLZOdX/zrXyzazhBiwzUxjmsMoF9cDv1aLQEma/Rtm+ltR # nyrrLDrqCjVG0oJF+ezXMXW62pY1IMGH8mprjYisn+CSB1M+Y0GYg9GjE2QBaGT8 # UVU9Aj5ufknWCX4/E6dQUuz5T5IG0dOmk3AO16EGR995GC83VEF/1/DgLFR9yeM6 # 3OtyYQQzBshKHBRkId6fCPoYXTNkBhpCNyHdUncz0h77K33FgpYgl9v1DXGvr3DU # rdcojQH7mGifnelHfLFaUiM= # SIG # End signature block |