rules/Azure.Template.Rule.ps1
|
# Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # # Validation rules for Azure template and parameter files # #region Template # Synopsis: Use ARM template file structure. Rule 'Azure.Template.TemplateFile' -Ref 'AZR-000212' -Type '.json' -If { (IsTemplateFile) } -Tag @{ release = 'GA'; ruleSet = '2020_06' } { $jsonObject = $PSRule.GetContentFirstOrDefault($TargetObject); $Assert.HasFields($jsonObject, @('$schema', 'contentVersion', 'resources')); $jsonObject.PSObject.Properties | Within 'Name' '$schema', 'contentVersion', 'metadata', 'parameters', 'functions', 'variables', 'resources', 'outputs'; } # Synopsis: Use a more recent version of the Azure template schema. Rule 'Azure.Template.TemplateSchema' -Ref 'AZR-000213' -Type '.json' -If { (IsTemplateFile) } -Tag @{ release = 'GA'; ruleSet = '2021_09'; } { $jsonObject = $PSRule.GetContentFirstOrDefault($TargetObject); $Assert.HasJsonSchema($jsonObject, @( 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json' 'https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json' 'https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json' 'https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json' ), $True); } # Synopsis: Use a Azure template schema with the https scheme. Rule 'Azure.Template.TemplateScheme' -Ref 'AZR-000214' -Type '.json' -If { (IsTemplateFile) } -Tag @{ release = 'GA'; ruleSet = '2021_09'; } { $jsonObject = $PSRule.GetContentFirstOrDefault($TargetObject); $Assert.StartsWith($jsonObject, '$schema', 'https://'); } # Synopsis: Use template parameter descriptions. Rule 'Azure.Template.ParameterMetadata' -Ref 'AZR-000215' -Type '.json' -If { (IsTemplateFile) } -Tag @{ release = 'GA'; ruleSet = '2020_09' } { $parameters = @(GetTemplateParameters); if ($parameters.Length -eq 0) { return $Assert.Pass(); } foreach ($parameter in $parameters) { $Assert.HasFieldValue($parameter.value, 'metadata.description'). Reason($LocalizedData.TemplateParameterDescription, $parameter.name); } } # Synopsis: ARM templates should include at least one resource. Rule 'Azure.Template.Resources' -Ref 'AZR-000216' -Type '.json' -If { (IsTemplateFile) } -Tag @{ release = 'GA'; ruleSet = '2020_09' } { $jsonObject = $PSRule.GetContent($TargetObject)[0]; $Assert.GreaterOrEqual($jsonObject, 'resources', 1); } # Synopsis: ARM template parameters should be used at least once. Rule 'Azure.Template.UseParameters' -Ref 'AZR-000217' -Type '.json' -If { (IsTemplateFile) } -Tag @{ release = 'GA'; ruleSet = '2020_09' } { $jsonContent = Get-Content -Path $TargetObject.FullName -Raw; $parameters = @(GetTemplateParameters); if ($parameters.Length -eq 0) { return $Assert.Pass(); } foreach ($parameter in $parameters) { $Assert.Match($jsonContent, '.', "\`"\[[\s\S]*parameters\(\s{0,}'$($parameter.name.Replace('$', '\$'))'\s{0,}\)[\s\S]*\]\`""). Reason($LocalizedData.ParameterNotFound, $parameter.name); } } # Synopsis: Each Azure Resource Manager (ARM) template file should contain a minimal number of parameters. Rule 'Azure.Template.DefineParameters' -Ref 'AZR-000218' -Type '.json' -If { (IsTemplateFile) -and !(IsGenerated) } -Tag @{ release = 'GA'; ruleSet = '2021_03'; } { $parameters = @(GetTemplateParameters); $Assert.GreaterOrEqual($parameters, '.', 1); } # Synopsis: ARM template variables should be used at least once. Rule 'Azure.Template.UseVariables' -Ref 'AZR-000219' -Type '.json' -If { (IsTemplateFile) } -Tag @{ release = 'GA'; ruleSet = '2020_09' } { $jsonObject = $PSRule.GetContent($TargetObject)[0]; $jsonContent = Get-Content -Path $TargetObject.FullName -Raw; $variableNames = @($jsonObject.variables.PSObject.Properties | Where-Object { $_.MemberType -eq 'NoteProperty' } | ForEach-Object { $variable = $_; if ($variable.name -eq 'copy') { $variable.value | ForEach-Object { $_.name; } } else { $variable.name; } }); if ($variableNames.Length -eq 0) { return $Assert.Pass(); } foreach ($variableName in $variableNames) { $Assert.Match($jsonContent, '.', "\`"\[[\s\S]*variables\(\s{0,}'$([System.Text.RegularExpressions.Regex]::Escape($variableName))'\s{0,}\)[\s\S]*\]\`""). Reason($LocalizedData.VariableNotFound, $variableName); } } # Synopsis: Set the default value for location parameters within ARM template to the default value to `[resourceGroup().location]`. Rule 'Azure.Template.LocationDefault' -Ref 'AZR-000220' -Type '.json' -If { (HasLocationParameter) } -Tag @{ release = 'GA'; ruleSet = '2021_03' } { # https://github.com/Azure/arm-ttk/blob/master/arm-ttk/testcases/deploymentTemplate/Location-Should-Not-Be-Hardcoded.test.ps1 $parameters = @(GetTemplateParameters -Name 'location'); foreach ($parameter in $parameters) { if ($Assert.HasFieldValue($parameter.Value, 'defaultValue', 'global').Result) { $Assert.Pass(); } else { $defaultValue = [PSRule.Rules.Azure.Runtime.Helper]::CompressExpression($parameter.Value.defaultValue); $Assert.HasFieldValue($defaultValue, '.', '[resourceGroup().location]'). Reason($LocalizedData.ParameterInvalidDefaultValue, $parameter.Name, $parameter.Value.defaultValue); } } } # Synopsis: Location parameters should use a string value. Rule 'Azure.Template.LocationType' -Ref 'AZR-000221' -Type '.json' -If { (HasLocationParameter) } -Tag @{ release = 'GA'; ruleSet = '2021_03'; } { # https://github.com/Azure/arm-ttk/blob/master/arm-ttk/testcases/deploymentTemplate/Location-Should-Not-Be-Hardcoded.test.ps1 $parameters = @(GetTemplateParameters -Name 'location'); foreach ($parameter in $parameters) { $Assert.HasFieldValue($parameter.Value, 'type', 'string'); } } # Synopsis: Template resource location should be an expression or `global`. Rule 'Azure.Template.ResourceLocation' -Ref 'AZR-000222' -Type '.json' -If { (HasTemplateResources) } -Tag @{ release = 'GA'; ruleSet = '2021_03'; } { # https://github.com/Azure/arm-ttk/blob/master/arm-ttk/testcases/deploymentTemplate/Resources-Should-Have-Location.test.ps1 $resources = @(GetTemplateResources); if ($resources.Length -eq 0) { return $Assert.Pass(); } foreach ($resource in $resources) { AnyOf { $Assert.NotHasField($resource, 'location'); $Assert.HasFieldValue($resource, 'location', 'global'); $Assert.Match($resource, 'location', '^\[.*\]$'); } } } # Synopsis: Template should reference a location parameter to specify resource location. Rule 'Azure.Template.UseLocationParameter' -Ref 'AZR-000223' -Level Warning -Type '.json' -If { (IsTemplateFile -Suffix '/deploymentTemplate.json') -and !(IsGenerated) } -Tag @{ release = 'GA'; ruleSet = '2021_03'; } { $jsonObject = $PSRule.GetContent($TargetObject)[0]; if ($Assert.HasField($jsonObject, 'parameters.location').Result) { $jsonObject.parameters.PSObject.Properties.Remove('location') } $content = $jsonObject | ConvertTo-Json -Depth 100; $Assert.NotMatch($content, '.', 'resourceGroup\(\s{0,}\)\.location'). Reason($LocalizedData.ExpressionInTemplate, 'resourceGroup().location'); } # Synopsis: Template parameters `minValue` and `maxValue` constraints must be valid. Rule 'Azure.Template.ParameterMinMaxValue' -Ref 'AZR-000224' -Type '.json' -If { (HasTemplateParameters) } -Tag @{ release = 'GA'; ruleSet = '2021_03'; } { # https://github.com/Azure/arm-ttk/blob/master/arm-ttk/testcases/deploymentTemplate/Min-And-Max-Value-Are-Numbers.test.ps1 # Get parameters with either minValue or maxValue $parameters = @(GetTemplateParameters | Where-Object { $Assert.HasField($_.Value, @('minValue', 'maxValue')).Result }); if ($parameters.Length -eq 0) { return $Assert.Pass(); } foreach ($parameter in $parameters) { $Assert.HasFieldValue($parameter.Value, 'type', 'int'); if ($Assert.HasField($parameter.Value, 'minValue').Result) { $Assert.IsInteger($parameter.Value, 'minValue'). Reason($LocalizedData.ParameterTypeMismatch, 'minValue', $parameter.Name, 'int'); } if ($Assert.HasField($parameter.Value, 'maxValue').Result) { $Assert.IsInteger($parameter.Value, 'maxValue'). Reason($LocalizedData.ParameterTypeMismatch, 'maxValue', $parameter.Name, 'int'); } } } # Synopsis: Use default deployment detail level for nested deployments. Rule 'Azure.Template.DebugDeployment' -Ref 'AZR-000225' -Type '.json' -If { (HasTemplateResources) } -Tag @{ release = 'GA'; ruleSet = '2021_03'; } { # https://github.com/Azure/arm-ttk/blob/master/arm-ttk/testcases/deploymentTemplate/Deployment-Resources-Must-Not-Be-Debug.test.ps1 # Get deployments $resources = @($PSRule.GetContent($TargetObject)[0].resources | Where-Object { $Assert.HasFieldValue($_, 'type', 'Microsoft.Resources/deployments').Result }); if ($resources.Length -eq 0) { return $Assert.Pass(); } foreach ($resource in $resources) { $Assert.HasDefaultValue($resource, 'properties.debugSetting.detailLevel', 'None'); } } # Synopsis: Set the parameter default value to a value of the same type. Rule 'Azure.Template.ParameterDataTypes' -Ref 'AZR-000226' -Type '.json' -If { (HasTemplateParameters) } -Tag @{ release = 'GA'; ruleSet = '2021_03'; } { $jsonObject = $PSRule.GetContent($TargetObject)[0]; $parameters = @($jsonObject.parameters.PSObject.Properties); if ($parameters.Length -eq 0) { return $Assert.Pass(); } foreach ($parameter in $parameters) { if (!$Assert.HasField($parameter.Value, 'defaultValue').Result) { # No defaultValue $Assert.Pass(); } elseif ($parameter.Value.defaultValue -is [string] -and $parameter.Value.defaultValue.StartsWith('[') -and $parameter.Value.defaultValue.EndsWith(']')) { # Is function $Assert.Pass(); } elseif ($Null -eq $parameter.Value.defaultValue) { # defaultValue is null $Assert.Pass(); } elseif ($parameter.Value.type -eq 'bool') { $Assert.IsBoolean($parameter.Value, 'defaultValue'). Reason($LocalizedData.ParameterTypeMismatch, 'defaultValue', $parameter.Name, $parameter.Value.type); } elseif ($parameter.Value.type -eq 'int') { $Assert.IsInteger($parameter.Value, 'defaultValue'). Reason($LocalizedData.ParameterTypeMismatch, 'defaultValue', $parameter.Name, $parameter.Value.type); } elseif ($parameter.Value.type -eq 'array') { $Assert.IsArray($parameter.Value, 'defaultValue'). Reason($LocalizedData.ParameterTypeMismatch, 'defaultValue', $parameter.Name, $parameter.Value.type); } elseif ($parameter.Value.type -eq 'string' -or $parameter.Value.type -eq 'secureString') { $Assert.IsString($parameter.Value, 'defaultValue'). Reason($LocalizedData.ParameterTypeMismatch, 'defaultValue', $parameter.Name, $parameter.Value.type); } elseif ($parameter.Value.type -eq 'object' -or $parameter.Value.type -eq 'secureObject') { $Assert.TypeOf($parameter.Value, 'defaultValue', [PSObject]). Reason($LocalizedData.ParameterTypeMismatch, 'defaultValue', $parameter.Name, $parameter.Value.type); } } } # Synopsis: Set the parameter value to a value that matches the specified strong type. Rule 'Azure.Template.ParameterStrongType' -Ref 'AZR-000227' -Type 'Microsoft.Resources/deployments' -Tag @{ release = 'GA'; ruleSet = '2021_12'; } { $Assert.Create($PSRule.Issue.Get('PSRule.Rules.Azure.Template.ParameterStrongType')); } # Synopsis: Template expressions should not exceed the maximum length. Rule 'Azure.Template.ExpressionLength' -Ref 'AZR-000228' -Type 'Microsoft.Resources/deployments' -Tag @{ release = 'GA'; ruleSet = '2021_12'; } { $Assert.Create($PSRule.Issue.Get('PSRule.Rules.Azure.Template.ExpressionLength')); } #endregion Template #region Parameters # Synopsis: Use ARM parameter file structure. Rule 'Azure.Template.ParameterFile' -Ref 'AZR-000229' -Type '.json' -If { (IsParameterFile) } -Tag @{ release = 'GA'; ruleSet = '2020_06' } { $jsonObject = $PSRule.GetContentFirstOrDefault($TargetObject); $Assert.HasFields($jsonObject, @('$schema', 'contentVersion', 'parameters')); $jsonObject.PSObject.Properties | Within 'Name' '$schema', 'contentVersion', 'metadata', 'parameters'; } # Synopsis: Use a Azure template parameter schema with the https scheme. Rule 'Azure.Template.ParameterScheme' -Ref 'AZR-000230' -Type '.json' -If { (IsParameterFile) } -Tag @{ release = 'GA'; ruleSet = '2021_09'; } { $jsonObject = $PSRule.GetContentFirstOrDefault($TargetObject); $Assert.StartsWith($jsonObject, '$schema', 'https://'); } # Synopsis: Configure a metadata link for each parameter file. Rule 'Azure.Template.MetadataLink' -Ref 'AZR-000231' -Type '.json' -If { $Configuration.AZURE_PARAMETER_FILE_METADATA_LINK -eq $True -and (IsParameterFile) } -Tag @{ release = 'GA'; ruleSet = '2021_09' } { $jsonObject = $PSRule.GetContentFirstOrDefault($TargetObject); $field = $Assert.HasFieldValue($jsonObject, 'metadata.template'); if (!$field.Result) { return $field; } $path = [PSRule.Rules.Azure.Runtime.Helper]::GetMetadataLinkPath($TargetObject.FullName, $jsonObject.metadata.template) $Assert.FilePath($path, '.'); $Assert.WithinPath($path, '.', @($PWD)); } # Synopsis: Specify a value for each parameter in template parameter files. Rule 'Azure.Template.ParameterValue' -Ref 'AZR-000232' -Type '.json' -If { (IsParameterFile) } -Tag @{ release = 'GA'; ruleSet = '2021_09'; } { $jsonObject = $PSRule.GetContentFirstOrDefault($TargetObject); $parameters = @($jsonObject.parameters.PSObject.Properties | Where-Object { $_.MemberType -eq 'NoteProperty' }); if ($parameters.Length -eq 0) { return $Assert.Pass(); } foreach ($parameter in $parameters) { if ($Assert.HasField($parameter.Value, 'value').Result -or $Assert.HasFieldValue($parameter.Value, 'reference').Result) { $Assert.Pass(); } else { $Assert.Fail($LocalizedData.ParameterValueNotSet, $parameter.Name); } } } # Synopsis: Use a valid secret reference within parameter files. Rule 'Azure.Template.ValidSecretRef' -Ref 'AZR-000233' -Type '.json' -If { (IsParameterFile) } -Tag @{ release = 'GA'; ruleSet = '2021_09'; } { $jsonObject = $PSRule.GetContentFirstOrDefault($TargetObject); $parameters = @($jsonObject.parameters.PSObject.Properties | Where-Object { $_.MemberType -eq 'NoteProperty' -and $Assert.HasField($_.Value, 'reference').Result }); if ($parameters.Length -eq 0) { return $Assert.Pass(); } foreach ($parameter in $parameters) { $Assert.Match($parameter.Value, 'reference.keyVault.id', '^\/subscriptions\/(.+?)\/resourceGroups\/(.+?)\/providers\/Microsoft\.KeyVault\/vaults\/[A-Za-z](-|[A-Za-z0-9])*[A-Za-z0-9]$'); $Assert.Match($parameter.Value, 'reference.secretName', '^[A-Za-z0-9-]{1,127}$'); } } # Synopsis: Use comments for each resource in ARM template to communicate purpose. Rule 'Azure.Template.UseComments' -Ref 'AZR-000234' -Level Information -Type '.json' -If { (IsTemplateFile) -and !(IsGenerated) } -Tag @{ release = 'GA'; ruleSet = '2021_12'; } { $resources = @(GetTemplateResources | Where-Object { $Assert.NullOrEmpty($_, 'comments').Result }); $Assert.Count($resources, '.', 0).Reason( $LocalizedData.TemplateResourceWithoutComment, $TargetObject.FullName, $resources.Length ); } # Synopsis: Use descriptions for each resource in generated template(bicep, psarm, AzOps) to communicate purpose. Rule 'Azure.Template.UseDescriptions' -Ref 'AZR-000235' -Level Information -Type '.json' -If { (IsTemplateFile) -and (IsGenerated) } -Tag @{ release = 'GA'; ruleSet = '2021_12'; } { $resources = @(GetTemplateResources | Where-Object { $Assert.NullOrEmpty($_, 'metadata.description').Result }); $Assert.Count($resources, '.', 0).Reason( $LocalizedData.TemplateResourceWithoutDescription, $TargetObject.FullName, $resources.Length ); } #endregion Parameters #region Helper functions # Determines if the object is a Azure Resource Manager template file function global:IsTemplateFile { [CmdletBinding()] [OutputType([System.Boolean])] param ( [Parameter(Mandatory = $False)] [String]$Suffix ) process { if ($PSRule.TargetType -ne '.json') { return $False; } try { $jsonObject = $PSRule.GetContent($TargetObject)[0]; [String]$targetSchema = $jsonObject.'$schema'; $schemas = @( # Https "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json`#" "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json`#" "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json`#" "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json`#" "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json`#" # Http "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json`#" "http://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json`#" "http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json`#" "http://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json`#" "http://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json`#" ) return $targetSchema -in $schemas -and ([String]::IsNullOrEmpty($Suffix) -or $targetSchema.Trim("`#").EndsWith($Suffix)); } catch { return $False; } } } # Determines if the object is a Azure Resource Manager parameter file function global:IsParameterFile { [CmdletBinding()] [OutputType([System.Boolean])] param () process { if ($PSRule.TargetType -ne '.json') { return $False; } try { $jsonObject = $PSRule.GetContent($TargetObject)[0]; $schemas = @( # Https "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json`#" "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json`#" "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json`#" "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentParameters.json`#" "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentParameters.json`#" "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentParameters.json`#" # Http "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json`#" "http://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json`#" "http://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentParameters.json`#" "http://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentParameters.json`#" "http://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentParameters.json`#" ) return $jsonObject.'$schema' -in $schemas; } catch { return $False; } } } function global:HasLocationParameter { [CmdletBinding()] [OutputType([System.Boolean])] param () process { if (!(IsTemplateFile -Suffix '/deploymentTemplate.json')) { return $False; } $jsonObject = $PSRule.GetContent($TargetObject)[0]; return $Assert.HasField($jsonObject, 'parameters.location').Result; } } function global:HasTemplateParameters { [CmdletBinding()] [OutputType([System.Boolean])] param () process { if (!(IsTemplateFile)) { return $False; } $parameters = @($PSRule.GetContent($TargetObject)[0].parameters.PSObject.Properties | Where-Object { $_.MemberType -eq 'NoteProperty' }); return $Assert.GreaterOrEqual($parameters, '.', 1).Result; } } function global:HasTemplateResources { [CmdletBinding()] [OutputType([System.Boolean])] param () process { if (!(IsTemplateFile)) { return $False; } $jsonObject = $PSRule.GetContent($TargetObject)[0].resources; return $Assert.GreaterOrEqual($jsonObject, '.', 1).Result; } } function global:GetTemplateParameters { [CmdletBinding()] [OutputType([PSObject])] param ( [Parameter(Mandatory = $False)] [String[]]$Name ) process { $parameters = @($PSRule.GetContent($TargetObject)[0].parameters.PSObject.Properties | Where-Object { $_.MemberType -eq 'NoteProperty' }); return $parameters | Where-Object { $Null -eq $Name -or $_.Name -in $Name }; } } function global:GetTemplateResources { [CmdletBinding()] [OutputType([PSObject])] param () process { $PSRule.GetContent($TargetObject)[0].resources | ForEach-Object { # Emit each resource $_; # Emit resources in nested templates if ($Assert.HasFieldValue($_, 'type', 'Microsoft.Resources/deployments').Result -and $Assert.GreaterOrEqual($_, 'properties.template.resources', 1).Result) { $_.properties.template.resources; } # Emit sub-resources elseif ($Assert.GreaterOrEqual($_, 'resources', 1).Result) { $_.resources; } } } } function global:IsGenerated { [CmdletBinding()] param () process { if ($PSRule.TargetType -ne '.json') { return $False; } try { $jsonObject = $PSRule.GetContentFirstOrDefault($TargetObject); return $Assert.In($jsonObject, 'metadata._generator.name', @('bicep', 'psarm', 'AzOps')).Result; } catch { return $False; } } } #endregion Helper functions # SIG # Begin signature block # MIInwgYJKoZIhvcNAQcCoIInszCCJ68CAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDO/dQ2M49C6jRb # p+ChM3V6gt2/AAjo3JMCDPkfYs56eqCCDXYwggX0MIID3KADAgECAhMzAAACy7d1 # OfsCcUI2AAAAAALLMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjIwNTEyMjA0NTU5WhcNMjMwNTExMjA0NTU5WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQC3sN0WcdGpGXPZIb5iNfFB0xZ8rnJvYnxD6Uf2BHXglpbTEfoe+mO//oLWkRxA # wppditsSVOD0oglKbtnh9Wp2DARLcxbGaW4YanOWSB1LyLRpHnnQ5POlh2U5trg4 # 3gQjvlNZlQB3lL+zrPtbNvMA7E0Wkmo+Z6YFnsf7aek+KGzaGboAeFO4uKZjQXY5 # RmMzE70Bwaz7hvA05jDURdRKH0i/1yK96TDuP7JyRFLOvA3UXNWz00R9w7ppMDcN # lXtrmbPigv3xE9FfpfmJRtiOZQKd73K72Wujmj6/Su3+DBTpOq7NgdntW2lJfX3X # a6oe4F9Pk9xRhkwHsk7Ju9E/AgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUrg/nt/gj+BBLd1jZWYhok7v5/w4w # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzQ3MDUyODAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAJL5t6pVjIRlQ8j4dAFJ # ZnMke3rRHeQDOPFxswM47HRvgQa2E1jea2aYiMk1WmdqWnYw1bal4IzRlSVf4czf # zx2vjOIOiaGllW2ByHkfKApngOzJmAQ8F15xSHPRvNMmvpC3PFLvKMf3y5SyPJxh # 922TTq0q5epJv1SgZDWlUlHL/Ex1nX8kzBRhHvc6D6F5la+oAO4A3o/ZC05OOgm4 # EJxZP9MqUi5iid2dw4Jg/HvtDpCcLj1GLIhCDaebKegajCJlMhhxnDXrGFLJfX8j # 7k7LUvrZDsQniJZ3D66K+3SZTLhvwK7dMGVFuUUJUfDifrlCTjKG9mxsPDllfyck # 4zGnRZv8Jw9RgE1zAghnU14L0vVUNOzi/4bE7wIsiRyIcCcVoXRneBA3n/frLXvd # jDsbb2lpGu78+s1zbO5N0bhHWq4j5WMutrspBxEhqG2PSBjC5Ypi+jhtfu3+x76N # mBvsyKuxx9+Hm/ALnlzKxr4KyMR3/z4IRMzA1QyppNk65Ui+jB14g+w4vole33M1 # pVqVckrmSebUkmjnCshCiH12IFgHZF7gRwE4YZrJ7QjxZeoZqHaKsQLRMp653beB # fHfeva9zJPhBSdVcCW7x9q0c2HVPLJHX9YCUU714I+qtLpDGrdbZxD9mikPqL/To # /1lDZ0ch8FtePhME7houuoPcMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGaIwghmeAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAALLt3U5+wJxQjYAAAAAAsswDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIOWwH/zcXKPXAwkKqE5ICjrU # Gb78h9GsY5fbfPq5yIPdMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEAElVs9FurVTPcPjAedMkst+uGPg5BcD2o00uwJnuFrfbfc22TwaFDZhJH # em/d1MxMWfh9gWdAgC9prGkIpby2bOOQlH2Nw9t5gCSGNYdEZgnG/Ed7FsLGarUo # 894MPinCk3qjLlpWcJ2EOZzXPc8hLC3Q3tE18BtIkeuCqVRyqYsWVaVQzZoZmY3e # 81H15Zj0r5oycmKkdVK0EyQ7Qn6d/BYMN50Y1Yhqfb/+dhiQjD/cn2/+fOsCZYul # 9FT5fctG+cGZO9rIx2Ead+DhrluABEiEom0OCd7e1oPGS6NaNM0JLq1OrEmW8zzB # z41o6M5OOHas3GoU7DB7OUj0BJtBzqGCFywwghcoBgorBgEEAYI3AwMBMYIXGDCC # FxQGCSqGSIb3DQEHAqCCFwUwghcBAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFZBgsq # hkiG9w0BCRABBKCCAUgEggFEMIIBQAIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCA+gHK2gfVPPGRuYprbtR5zIRJdTS0m4X9c5K9p05LSywIGY6Q2nvqj # GBMyMDIzMDEwOTA0MDcyOC40NTFaMASAAgH0oIHYpIHVMIHSMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJl # bGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNO # OkEyNDAtNEI4Mi0xMzBFMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBT # ZXJ2aWNloIIRezCCBycwggUPoAMCAQICEzMAAAG4CNTBuHngUUkAAQAAAbgwDQYJ # KoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwHhcNMjIw # OTIwMjAyMjE2WhcNMjMxMjE0MjAyMjE2WjCB0jELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9zb2Z0IElyZWxhbmQgT3Bl # cmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjpBMjQwLTRC # ODItMTMwRTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZTCC # AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJwbsfwRHERn5C95QPGn37tJ # 5vOiY9aWjeIDxpgaXaYGiqsw0G0cvCK3YulrqemEf2CkGSdcOJAF++EqhOSqrO13 # nGcjqw6hFNnsGwKANyzddwnOO0jz1lfBIIu77TbfNvnaWbwSRu0DTGHA7n7PR0MY # J9bC/HopStpbFf606LKcTWnwaUuEdAhx6FAqg1rkgugiuuaaxKyxRkdjFZLKFXEX # L9p01PtwS0fG6vZiRVnEKgeal2TeLvdAIqapBwltPYifgqnp7Z4VJMcPo0TWmRNV # FOcHRNwWHehN9xg6ugIGXPo7hMpWrPgg4moHO2epc0T36rgm9hlDrl28bG5TakmV # 7NJ98kbF5lgtlrowT6ecwEVtuLd4a0gzYqhanW7zaFZnDft5yMexy59ifETdzpwA # rj2nJAyIsiq1PY3XPm2mUMLlACksqelHKfWihK/Fehw/mziovBVwkkr/G0F19OWg # R+MBUKifwpOyQiLAxrqvVnfCY4QjJCZiHIuS15HCQ/TIt/Qj4x1WvRa1UqjnmpLu # 4/yBYWZsdvZoq8SXI7iOs7muecAJeEkYlM6iOkMighzEhjQK9ThPpoAtluXbL7qI # HGrfFlHmX/4soc7jj1j8uB31U34gJlB2XphjMaT+E+O9SImk/6GRV9Sm8C88Fnmm # 2VdwMluCNAUzPFjfvHx3AgMBAAGjggFJMIIBRTAdBgNVHQ4EFgQUxP1HJTeFwzNY # o1njfucXuUfQaW4wHwYDVR0jBBgwFoAUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXwYD # VR0fBFgwVjBUoFKgUIZOaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9j # cmwvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3JsMGwG # CCsGAQUFBwEBBGAwXjBcBggrBgEFBQcwAoZQaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIw # MjAxMCgxKS5jcnQwDAYDVR0TAQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcD # CDAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAJ9uk8miwpMoKw3D # 996piEzbegAGxkABHYn2vP2hbqnkS9U97s/6QlyZOhGFsVudaiLeRZZTsaG5hR0o # CuBINZ/lelo5xzHc+mBOpBXpxSaW1hqoxaCLsVH1EBtz7in25Hjy+ejuBcilH6EZ # 0ZtNxmWGIQz8R0AuS0Tj4VgJXHIlXP9dVOiyGo9Velrk+FGx/BC+iEuCaKd/Isyp # HPiCUCh52DGc91s2S7ldQx1H4CljOAtanDfbvSejASWLo/s3w0XMAbDurWNns0Xi # dAF2RnL1PaxoOyz9VYakNGK4F3/uJRZnVgbsCYuwNX1BmSwM1ZbPSnggNSGTZx/F # Q20Jj/ulrK0ryAbvNbNb4kkaS4a767ifCqvUOFLlUT8PN43hhldxI6yHPMOWItJp # EHIZBiTNKblBsYbIrghb1Ym9tfSsLa5ZJDzVZNndRfhUqJOyXF+CVm9OtVmFDG9k # IwM6QAX8Q0if721z4VOzZNvD8ktg1lI+XjXgXDJVs3h47sMu9GXSYzky+7dtgmc3 # iRPkda3YVRdmPJtNFN0NLybcssE7vhFCij75eDGQBFq0A4KVG6uBdr6UTWwE0VKH # xBz2BpGvn7BCs+5yxnF+HV6CUickDqqPi/II7Zssd9EbP9uzj4luldXDAPrWGtdG # q+wK0odlGNVuCMxsL3hn8+KiO9UiMIIHcTCCBVmgAwIBAgITMwAAABXF52ueAptJ # mQAAAAAAFTANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT # Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m # dCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNh # dGUgQXV0aG9yaXR5IDIwMTAwHhcNMjEwOTMwMTgyMjI1WhcNMzAwOTMwMTgzMjI1 # WjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQD # Ex1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDCCAiIwDQYJKoZIhvcNAQEB # BQADggIPADCCAgoCggIBAOThpkzntHIhC3miy9ckeb0O1YLT/e6cBwfSqWxOdcjK # NVf2AX9sSuDivbk+F2Az/1xPx2b3lVNxWuJ+Slr+uDZnhUYjDLWNE893MsAQGOhg # fWpSg0S3po5GawcU88V29YZQ3MFEyHFcUTE3oAo4bo3t1w/YJlN8OWECesSq/XJp # rx2rrPY2vjUmZNqYO7oaezOtgFt+jBAcnVL+tuhiJdxqD89d9P6OU8/W7IVWTe/d # vI2k45GPsjksUZzpcGkNyjYtcI4xyDUoveO0hyTD4MmPfrVUj9z6BVWYbWg7mka9 # 7aSueik3rMvrg0XnRm7KMtXAhjBcTyziYrLNueKNiOSWrAFKu75xqRdbZ2De+JKR # Hh09/SDPc31BmkZ1zcRfNN0Sidb9pSB9fvzZnkXftnIv231fgLrbqn427DZM9itu # qBJR6L8FA6PRc6ZNN3SUHDSCD/AQ8rdHGO2n6Jl8P0zbr17C89XYcz1DTsEzOUyO # ArxCaC4Q6oRRRuLRvWoYWmEBc8pnol7XKHYC4jMYctenIPDC+hIK12NvDMk2ZItb # oKaDIV1fMHSRlJTYuVD5C4lh8zYGNRiER9vcG9H9stQcxWv2XFJRXRLbJbqvUAV6 # bMURHXLvjflSxIUXk8A8FdsaN8cIFRg/eKtFtvUeh17aj54WcmnGrnu3tz5q4i6t # AgMBAAGjggHdMIIB2TASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQBgjcVAgQW # BBQqp1L+ZMSavoKRPEY1Kc8Q/y8E7jAdBgNVHQ4EFgQUn6cVXQBeYl2D9OXSZacb # UzUZ6XIwXAYDVR0gBFUwUzBRBgwrBgEEAYI3TIN9AQEwQTA/BggrBgEFBQcCARYz # aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9Eb2NzL1JlcG9zaXRvcnku # aHRtMBMGA1UdJQQMMAoGCCsGAQUFBwMIMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIA # QwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNX2 # VsuP6KJcYmjRPZSQW9fOmhjEMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9jcmwu # bWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1dF8yMDEw # LTA2LTIzLmNybDBaBggrBgEFBQcBAQROMEwwSgYIKwYBBQUHMAKGPmh0dHA6Ly93 # d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYt # MjMuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQCdVX38Kq3hLB9nATEkW+Geckv8qW/q # XBS2Pk5HZHixBpOXPTEztTnXwnE2P9pkbHzQdTltuw8x5MKP+2zRoZQYIu7pZmc6 # U03dmLq2HnjYNi6cqYJWAAOwBb6J6Gngugnue99qb74py27YP0h1AdkY3m2CDPVt # I1TkeFN1JFe53Z/zjj3G82jfZfakVqr3lbYoVSfQJL1AoL8ZthISEV09J+BAljis # 9/kpicO8F7BUhUKz/AyeixmJ5/ALaoHCgRlCGVJ1ijbCHcNhcy4sa3tuPywJeBTp # kbKpW99Jo3QMvOyRgNI95ko+ZjtPu4b6MhrZlvSP9pEB9s7GdP32THJvEKt1MMU0 # sHrYUP4KWN1APMdUbZ1jdEgssU5HLcEUBHG/ZPkkvnNtyo4JvbMBV0lUZNlz138e # W0QBjloZkWsNn6Qo3GcZKCS6OEuabvshVGtqRRFHqfG3rsjoiV5PndLQTHa1V1QJ # sWkBRH58oWFsc/4Ku+xBZj1p/cvBQUl+fpO+y/g75LcVv7TOPqUxUYS8vwLBgqJ7 # Fx0ViY1w/ue10CgaiQuPNtq6TPmb/wrpNPgkNWcr4A245oyZ1uEi6vAnQj0llOZ0 # dFtq0Z4+7X6gMTN9vMvpe784cETRkPHIqzqKOghif9lwY1NNje6CbaUFEMFxBmoQ # tB1VM1izoXBm8qGCAtcwggJAAgEBMIIBAKGB2KSB1TCB0jELMAkGA1UEBhMCVVMx # EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT # FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9zb2Z0IElyZWxh # bmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjpB # MjQwLTRCODItMTMwRTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2Vy # dmljZaIjCgEBMAcGBSsOAwIaAxUAcGteVqFx/IbTKXHLeuXCPRPMD7uggYMwgYCk # fjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQD # Ex1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDANBgkqhkiG9w0BAQUFAAIF # AOdlxuAwIhgPMjAyMzAxMDkwNjQ5MDRaGA8yMDIzMDExMDA2NDkwNFowdzA9Bgor # BgEEAYRZCgQBMS8wLTAKAgUA52XG4AIBADAKAgEAAgIHCQIB/zAHAgEAAgIRSjAK # AgUA52cYYAIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgorBgEEAYRZCgMCoAowCAIB # AAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBBQUAA4GBAGUg87OJvHaEFHjZ # f0gxSeZZA9uwdA0xoa4dzu3NtNcIN+sBl1aWFho+6Rvz/pq2cKF1UGnaS2p88Snw # JmiHwBx2+H1wMEVu8lRL/5KcEPjDEcEWw20CAa6saIpOuZUlC1ohrnjlcG/656GQ # A/eaFqv2LPBya9vLpj+h0hgHmMuaMYIEDTCCBAkCAQEwgZMwfDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRp # bWUtU3RhbXAgUENBIDIwMTACEzMAAAG4CNTBuHngUUkAAQAAAbgwDQYJYIZIAWUD # BAIBBQCgggFKMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0B # CQQxIgQglkvhqEze5ZJxaV1PR7QEjJG3jKLRemeYJnOXGgHAQAowgfoGCyqGSIb3 # DQEJEAIvMYHqMIHnMIHkMIG9BCAo69Y4oHA7Q4pS+Y1NsBfrpIYTeWsPeGTami0X # 0PD7HzCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u # MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp # b24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAB # uAjUwbh54FFJAAEAAAG4MCIEIKEUZL9laO0Y+YlfC8LwlPXxXLYDduHCgiiKMm/Z # LcEqMA0GCSqGSIb3DQEBCwUABIICAHXWnr0HIDESkBNmqKIGBcnLorRLQX0JhqL/ # hMxMoc1HDhQU0vQvGU/LhNwreVqUE6I0RLYvDzyG+8KXTotkD16lkXQsUC3RQWeS # xCpZSjWswMV4oYGWca8FJgqOl+DKMEkoUOBfh+vsBfYJh9u3Ct/oOCVX3zgMp+Z0 # RKKDQM8ZmqgCjC7nlhgt+vx9eYpN7XNNUGZMePSPUlnRp0wE1AMz7KoMk2MM3fn9 # RmSs87d+B/zigW/GXLOiVj3WbU/LWTnQtm75h1NOv7aeSJsMTUaWEul6mFZP/jVO # OHABSZnEIUFeqKd2YkpproOPkPLC8f9NVfLvhy/TSoaMZGxlqO/FO0G5s3i+K346 # HkRerh87iLwRX4SyjBOvK3UT1h51CePoVdP2oaA20ZxBwDmPIoM+jd5RgoJFJwVh # yzJ9K1SzQTN3QftF1JbSUn6pe+nqg9OLcTaUdcP7B7CMkeqRwY9ALVT4Tqxt/ilJ # Uv1eof6Les2jkWn35548+av+rkko+IkWuLH8pzdEt56lyEjwn/9YCkV4giDCNPMQ # E935FTLcU+J8uZreBjjL+fT2LrKEd6r+hG1m18qv3VMN2bhMEgD5LK0HP6tE0UjN # XDySvlOXOyWoy3lNdn+kxR/sR97P+KXxM+makGaclFRRvTpERWacAALkweikUkq2 # 3murastp # SIG # End signature block |