PureStorage.CommonUtil.ps1

<#
Common Utility functions.
#>


$DEFAULT_PER_HOST_TIMEOUT_IN_SECONDS = 30
$MIN_TIMEOUT_IN_MINUTES = 10
$MAX_TIMEOUT_IN_MINUTES = 60
$SUCCEEDED_PROVISIONING_STATUS = "Succeeded"

function Get-IScsiAdapter {
    <#
    .SYNOPSIS
      Gets the software iSCSI adapter from an ESXi host
    .DESCRIPTION
      Returns the software iSCSI adapter for the specified ESXi host, or $null if the host does not have one.
    #>


    Param(
        [Parameter(Mandatory = $true, ValueFromPipeline = $True)]
        [VMware.VimAutomation.ViCore.Types.V1.Inventory.VMHost]$Esxi
    )

    return $esxi | Get-VMHostHBA -Type iscsi | Where-Object { $_.Model -eq "iSCSI Software Adapter" }
}

function Test-IScsiAdapter {
    <#
    .SYNOPSIS
      Validates that an ESXi host has a software iSCSI adapter
    .DESCRIPTION
      Throws if the host does not have a software iSCSI adapter. Used to confirm iSCSI was successfully
      enabled on the host before relying on it (e.g. before reading the host IQN to create the FA host).
    #>


    Param(
        [Parameter(Mandatory = $true, ValueFromPipeline = $True)]
        [VMware.VimAutomation.ViCore.Types.V1.Inventory.VMHost]$Esxi
    )

    if ($null -eq (Get-IScsiAdapter -Esxi $esxi)) {
        throw "No Software iSCSI adapter found on host $($Esxi.NetworkInfo.HostName)."
    }
}


function Set-HostHBAISCSITargets {
    <#
    .SYNOPSIS
      Ensures iSCSI targets from the FlashArray are configured on the ESXi host
    .DESCRIPTION
      Checks whether the host already has every FlashArray iSCSI target configured. If so, returns $false
      (nothing to do). Otherwise - the software iSCSI adapter is missing (e.g. a fresh Gen2/AV64 host) or
      some targets are not yet configured - runs the Set-VmfsIscsi AVS run command, which enables and
      validates the adapter and configures the FlashArray targets, and returns $true.
    #>


    Param(
        [Parameter(Mandatory = $true, ValueFromPipeline = $True)]
        [VMware.VimAutomation.ViCore.Types.V1.Inventory.VMHost]$Esxi,

        [Parameter(Mandatory = $true)]
        [ValidateNotNull()]
        $FlashArray,

        [Parameter(Mandatory = $true)]
        [VMware.VimAutomation.ViCore.Types.V1.Inventory.Cluster]$Cluster,

        [Parameter(Mandatory = $false)]
        [String]$AVSCloudName,

        [Parameter(Mandatory = $false)]
        [String]$AVSResourceGroup,

        [Parameter(Mandatory = $false)]
        [int]$TimeoutInMinutes = 10,

        [Parameter(Mandatory = $true)]
        $Logger
    )

    $faiSCSItargets = Get-Pfa2NetworkInterface -Array $FlashArray | Where-Object { $_.services -eq "iscsi" -and $_.enabled -and $_.Eth.address }
    $ipEndpoints = @($faiSCSItargets | ForEach-Object { "$($_.Eth.address):3260" })

    # Look up the software iSCSI adapter (Get-IScsiAdapter returns $null without throwing) - on a fresh
    # Gen2/AV64 host it does not exist yet because there is no MPIO/External Storage step to pre-enable it.
    # If the adapter is present and every FlashArray target is already configured, there is nothing to do.
    $iscsiadapter = Get-IScsiAdapter -Esxi $esxi
    if ($null -ne $iscsiadapter) {
        $iscsiTargets = $iscsiadapter | Get-IScsiHbaTarget -Type Send | Where-Object { $ipEndpoints -contains "$($_.Address):$($_.Port)" }
        if ($iscsiTargets.Count -eq $faiSCSItargets.Count) {
            $Logger.LogDebug("iSCSI targets are already configured for host $($esxi.Name)")
            return $false
        }
    }

    # Adapter missing, or some FlashArray targets are not configured yet. Set-VmfsIscsi enables and
    # validates the adapter and configures the targets.
    $Logger.LogInfo("iSCSI targets are not fully configured for host $($esxi.Name), enabling and configuring iSCSI...")
    Set-VMHostiSCSI -Cluster $Cluster -esxi $esxi -flasharray $FlashArray -TimeoutInMinutes $TimeoutInMinutes `
        -AVSCloudName $AVSCloudName -AVSResourceGroup $AVSResourceGroup -ErrorAction Stop -Logger $Logger | Out-Null
    return $true
}


function Get-PfaHostFromVmHost {
    <#
    .SYNOPSIS
      Gets a FlashArray host object from a ESXi vmhost object
    .DESCRIPTION
      Takes in a vmhost and returns a matching FA host if found
    #>


    Param(
        [Parameter(Mandatory=$true,ValueFromPipeline=$True)]
        [VMware.VimAutomation.ViCore.Types.V1.Inventory.VMHost]$Esxi,

        [Parameter(Mandatory=$true,ValueFromPipeline=$True)]
        $Flasharray
    )
    $iscsiadapter = Get-IScsiAdapter -Esxi $esxi
    $fahosts = Get-Pfa2Host -Array $FlashArray | Where-Object {$_.IsLocal -eq $True}
    $ArrayName = Get-ArrayName -FlashArray $FlashArray
    if ($null -ne $iscsiadapter)
    {
        $iqn = $iscsiadapter.ExtensionData.IScsiName
        foreach ($fahost in $fahosts)
        {
            if ($fahost.iqns.count -ge 1)
            {
                foreach ($fahostiqn in $fahost.iqns)
                {
                    if ($iqn.ToLower() -eq $fahostiqn.ToLower())
                    {
                        $faHostMatch = $fahost
                        break
                    }
                }
            }
        }
    }
    if ($null -ne $faHostMatch)
    {
      return $faHostMatch
    }
    else
    {
        throw "No matching host for $($esxi.Name) could be found on the Pure Cloud Block Store $ArrayName"
    }
}

function Get-PfaHostGroupfromVcCluster {
    <#
    .SYNOPSIS
      Retrieves a FA host group from an ESXi cluster
    .DESCRIPTION
      Takes in a vCenter Cluster and retrieves corresonding host group
    #>


    Param(
        [Parameter(Mandatory=$true,ValueFromPipeline=$True)]
        [VMware.VimAutomation.ViCore.Types.V1.Inventory.Cluster]$Cluster,

        [Parameter(Mandatory=$True)]
        $Flasharray,

        [Parameter(Mandatory=$true)]
        $Logger
    )

    $esxiHosts = $cluster |Get-VMHost
    $faHostGroups = @()
    $faHostGroupNames = @()
    $ArrayName = Get-ArrayName -FlashArray $FlashArray
    foreach ($esxiHost in $esxiHosts)
    {
        try {
            $faHost = $esxiHost | Get-PfaHostFromVmHost -flasharray $flasharray
            if ($null -ne $faHost.HostGroup.Name)
            {
                if ($faHostGroupNames.contains($faHost.HostGroup.Name))
                {
                    continue
                }
                else {
                    $faHostGroupNames += $faHost.HostGroup.Name
                    $faHostGroup = Get-Pfa2HostGroup -Array $Flasharray -Name $($faHost.HostGroup.Name)  -ErrorAction stop | Where-Object {$_.IsLocal -eq $True}
                    $faHostGroups += $faHostGroup
                }
            }
        }
        catch{
            continue
        }
    }
    if ($null -eq $faHostGroup)
    {
        throw "No host group found for cluster $($Cluster.Name) on $ArrayName."
    }
    if ($faHostGroups.count -gt 1)
    {
        $Logger.LogWarning("Cluster $($Cluster.Name) spans more than one host group. The recommendation is to have only one host group per cluster")
    }
    return $faHostGroups
}


function Get-ArrayName {
    Param(
        [Parameter(Mandatory=$true)]
        $FlashArray
    )
    $ArrayName = (Get-Pfa2Array -Array $Flasharray).Name
    return $ArrayName
}

function Get-AzureAuthHeader {
    param (
        $AzContext
    )
    $AzProfile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile
    $ProfileClient = New-Object -TypeName Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient -ArgumentList ($AzProfile)
    $Token = $profileClient.AcquireAccessToken($azContext.Subscription.TenantId)
    if (-not $Token) {
        throw "Failed to acquire Azure access token for tenant $($azContext.Subscription.TenantId)"
    }
    $AuthHeader = @{
        'Content-Type'='application/json'
        'Authorization'='Bearer ' + $token.AccessToken
    }

    return $AuthHeader
}

function Get-AVSvCenterEndpoint {
    param (
        [Hashtable] $AuthHeader,
        [String] $SubscriptionId,
        [String] $AvsResourceGroupName,
        [String] $AvsPrivateCloudName
    )
    $RestUri = "https://management.azure.com/subscriptions/$($subscriptionId)/resourceGroups/$($avsResourceGroupName)/providers/Microsoft.AVS/privateClouds/$($avsPrivateCloudName)?api-version=2022-05-01"
    $Response = Invoke-RestMethod -Uri $restUri -Method Get -Headers $authHeader
    if (-not $Response) {
        throw "Failed to get AVS vCenter endpoint. Please make sure you have the right permission to access the AVS instance with subscriptionId $subscriptionId, resource group $avsResourceGroupName and private cloud $avsPrivateCloudName"
    }
    $VcsaEndpoint = $response.properties.endpoints.vcsa
    $VcsaIPAddress = [System.Uri]::new($vcsaEndpoint).Host

    return $vcsaIPAddress
}

function Get-AVSvCenterCredential {
    param (
        [Hashtable] $AuthHeader,
        [String] $SubscriptionId,
        [String] $AvsResourceGroupName,
        [String] $AvsPrivateCloudName
    )
    $RestUri = "https://management.azure.com/subscriptions/$($subscriptionId)/resourceGroups/$($avsResourceGroupName)/providers/Microsoft.AVS/privateClouds/$($avsPrivateCloudName)/listAdminCredentials?api-version=2022-05-01"
    $Response = Invoke-RestMethod -Uri $restUri -Method Post -Headers $AuthHeader
    if (-not $Response) {
        throw "Failed to get AVS vCenter credential. Please make sure you have the right permission to access the AVS instance with subscriptionId $subscriptionId, resource group $avsResourceGroupName and private cloud $avsPrivateCloudName"
    }
    return $Response
}

function Connect-AVSvCenter {
    param (
        [String] $AVSResourceGroupName,
        [String] $AVSPrivateCloudName,

        [Parameter(Mandatory=$true)]
        $Logger
    )
    $AzContext = Get-AzContext
    $AzureSubscriptionId = $AzContext.Subscription.Id
    $Logger.LogDebug("The default subscriptionId $AzureSubscriptionId of the current Azure context will be used.")
    $AuthHeader = Get-AzureAuthHeader -AzContext $AzContext
    $AVSvCenterCredential = Get-AVSvCenterCredential -AuthHeader $AuthHeader -SubscriptionId $AzureSubscriptionId -AVSResourceGroupName $AVSResourceGroupName -AVSPrivateCloudName $AVSPrivateCloudName
    $AVSvCenterEndpoint = Get-AVSvCenterEndpoint  -AuthHeader $AuthHeader -SubscriptionId $AzureSubscriptionId -AVSResourceGroupName $AVSResourceGroupName -AVSPrivateCloudName $AVSPrivateCloudName
    $Credential = New-Object System.Management.Automation.PSCredential -ArgumentList ($AVSvCenterCredential.vCenterUsername, $(ConvertTo-SecureString $AVSvCenterCredential.vCenterPassword -AsPlainText -Force))
    # Try to connect to vcenter everytime when a cmdlet is invoked by the user to make sure right avs instance is connected
    $vCenterServer = Connect-VIserver -server $AVSvCenterEndpoint -Credential $Credential -ErrorAction Stop
    return $vCenterServer
}

function Connect-PureCloudBlockStore {
    Param (
        [Parameter(Mandatory=$false)]
        $PureCloudBlockStoreConnection
    )

    if (-not $PureCloudBlockStoreConnection) {
        $fa = $global:PURE_AUTH_2_X
        if (-not $fa) {
            throw "Please login to Everpure Cloud Dedicated using: Connect-Pfa2Array"
        }
    }
    else {
        $fa = $PureCloudBlockStoreConnection
    }

    $ClientName = "PureStorage.CBS.AVS"
    $module = Get-Module -Name $ClientName
    if ($module) {
      $Version = $module.Version.ToString()
    } else {
      $Version = "0.0.0.0"
    }

    # if was able to connect, also update the user agent to track backup sdk telemetry
    $success = $fa.UpdateUserAgent($ClientName, $Version );

    # this should not be a show stopper
    if(-not $success){
        Write-Warning -Level WARN -FunctionName $FunctionName -Msg "Failed to set useragent"
    }
    return $fa
}

function Purge-AzureSecretWithRetry {
    Param (
        [String] $KeyVaultName,
        [String] $SecretName
    )
    $errorOccurred = $true
    $retryCount = 0
    # Unfortunately we have to do retry because Remove-AzKeyVaultSecret is asyncronous. If purge happens directly after delete, "Secret is currently being deleted" error is thrown
    do {
        try {
            # To purge, use -InRemovedState parameter
            $retryCount = $retryCount + 1
            Remove-AzkeyVaultSecret -VaultName $KeyVaultName -Name $SecretName -InRemovedState -Force -ErrorAction Stop
            $errorOccurred = $false
        } catch {
            $errorOccurred = $true
            if ($retryCount -gt 3) {
                throw
            }
            Start-Sleep -Seconds 5
        }
    } while ($errorOccurred)
}

function Get-AvsPrivateCloudInformation {
    param (
        [Parameter(Mandatory=$true)]
        [String] $AvsResourceGroupName,
        [Parameter(Mandatory=$true)]
        [String] $AvsPrivateCloudName,

        [Parameter(Mandatory=$true)]
        $Logger
    )
    $AzContext = Get-AzContext
    $AzureSubscriptionId = $AzContext.Subscription.Id
    $Logger.LogDebug("The default subscriptionId $AzureSubscriptionId of the current Azure context will be used.")
    $RestUri = "https://management.azure.com/subscriptions/$($AzureSubscriptionId)/resourceGroups/$($avsResourceGroupName)/providers/Microsoft.AVS/privateClouds/$($avsPrivateCloudName)?api-version=2024-09-01"
    $Response = Invoke-AzRest -Uri $restUri -Method Get
    if (-not $Response -or $Response.StatusCode -ne 200) {
        throw "Failed to get AVS private cloud information. Please make sure private cloud $AvsPrivateCloudName exists in resource group $AvsResourceGroupName."
    }
    $result = $Response.Content | ConvertFrom-Json
    return $result
}

function Get-AvsClusterInformation {
    param (
        [String] $AvsResourceGroupName,
        [String] $AvsPrivateCloudName,
        [String] $AvsClusterName,

        [Parameter(Mandatory=$true)]
        $Logger
    )
    $AzContext = Get-AzContext
    $AzureSubscriptionId = $AzContext.Subscription.Id
    $Logger.LogDebug("The default subscriptionId $AzureSubscriptionId of the current Azure context will be used.")
    $RestUri = "https://management.azure.com/subscriptions/$($AzureSubscriptionId)/resourceGroups/$($avsResourceGroupName)/providers/Microsoft.AVS/privateClouds/$($avsPrivateCloudName)/clusters/$($avsClusterName)?api-version=2022-05-01"
    $Response = Invoke-AzRest -Uri $restUri -Method Get
    if (-not $Response -or $Response.StatusCode -ne 200) {
        throw "Failed to get AVS cluster information. Please make sure cluster $AvsClusterName exists. The cluster name would be case sensitive."
    }
    $result = $Response.Content | ConvertFrom-Json
    return $result
}

function Get-AvsClusterSku {
    param (
        [String] $AvsResourceGroupName,
        [String] $AvsPrivateCloudName,
        [String] $AvsClusterName,

        [Parameter(Mandatory=$true)]
        $Logger
    )

    $result = Get-AvsClusterInformation -AvsResourceGroupName $AvsResourceGroupName -AvsPrivateCloudName $AvsPrivateCloudName -AvsClusterName $AvsClusterName -Logger $Logger
    return $result.sku.name
}

function Test-AVSProvisioningState {
    <#
    .SYNOPSIS
        Validates that both the AVS private cloud and the specified cluster have a 'Succeeded' provisioning status.
    .DESCRIPTION
        Checks the provisioning state of the AVS private cloud via the Azure REST API (api-version 2024-09-01),
        then checks the provisioning state of the specified cluster. Throws a terminating error if either is not 'Succeeded'.
    .PARAMETER AvsResourceGroupName
        The name of the Azure resource group containing the AVS private cloud.
    .PARAMETER AvsPrivateCloudName
        The name of the AVS private cloud.
    .PARAMETER AvsClusterName
        The name of the AVS cluster to validate.
    #>

    param (
        [Parameter(Mandatory=$true)]
        [String] $AvsResourceGroupName,
        [Parameter(Mandatory=$true)]
        [String] $AvsPrivateCloudName,
        [Parameter(Mandatory=$true)]
        [String] $AvsClusterName,
        [Parameter(Mandatory=$true)]
        $Logger
    )

    $privateCloudResult = Get-AvsPrivateCloudInformation -AvsResourceGroupName $AvsResourceGroupName -AvsPrivateCloudName $AvsPrivateCloudName -Logger $Logger
    $privateCloudStatus = $privateCloudResult.properties.provisioningState
    if ($privateCloudStatus -ne $SUCCEEDED_PROVISIONING_STATUS) {
        throw "The current provisioning status of AVS private cloud $AvsPrivateCloudName is $privateCloudStatus. The operation can only proceed when provisioning status is '$SUCCEEDED_PROVISIONING_STATUS'"
    }

    $Logger.LogInfo("The current provisioning status of AVS private cloud $AvsPrivateCloudName is $privateCloudStatus.")

    $clusterResult = Get-AvsClusterInformation -AvsResourceGroupName $AvsResourceGroupName -AvsPrivateCloudName $AvsPrivateCloudName -AvsClusterName $AvsClusterName -Logger $Logger
    $clusterStatus = $clusterResult.properties.provisioningState
    if ($clusterStatus -ne $SUCCEEDED_PROVISIONING_STATUS) {
        throw "The current provisioning status of cluster $AvsClusterName is $clusterStatus. The operation can only proceed when provisioning status is '$SUCCEEDED_PROVISIONING_STATUS'"
    }

    $Logger.LogInfo("The current provisioning status of cluster $AvsClusterName is $clusterStatus.")
}

$MPIO_SKUS = @(
    "av36", "av36t"
    "av36p", "av36pt"
    "av52", "av52t"
)
function Test-MPIOProvisionStatus {
    param (
        [Parameter(Mandatory=$true)]
        [String] $AvsResourceGroupName,
        [Parameter(Mandatory=$true)]
        [String] $AvsPrivateCloudName,
        [Parameter(Mandatory=$true)]
        [VMware.VimAutomation.ViCore.Types.V1.Inventory.Cluster]$Cluster,
        [Parameter(Mandatory=$true)]
        $Logger
    )

    $sku = Get-AvsClusterSku -AvsResourceGroupName $AvsResourceGroupName -AvsPrivateCloudName $AvsPrivateCloudName -AvsClusterName $Cluster.Name -Logger $Logger
    if ($sku -in $MPIO_SKUS) {
        $Logger.LogInfo("MPIO is supported for cluster $Cluster. Checking vmk interfaces....")
        $VMHosts = Get-VMHost -Location $Cluster
        foreach ($VMHost in $VMHosts) {
            $MpioAdapterOne = Get-VMHostNetworkAdapter -VMHost $VMHost | Where-Object {$_.Name -eq "vmk5"}
            $MpioAdapterTwo = Get-VMHostNetworkAdapter -VMHost $VMHost | Where-Object {$_.Name -eq "vmk6"}
            if ($MpioAdapterOne -and $MpioAdapterTwo) {
                $Logger.LogInfo("MPIO is ready on $VMHost...")
            } else {
                throw "The current provisioning status of MPIO is not ready for host $VMHost. Please check if VMkernel adapter 'vmk5' and 'vmk6' are ready for host $VMhost. If not, please wait for twenty minutes and try again."
            }
        }
    } else {
        $Logger.LogInfo("MPIO is not available for SKU $sku. Skipping MPIO check for cluster $Cluster...")
    }
}

function Get-RunCommandNamedOutput {
    param (
        [String] $RunCmdExecutionName,
        [String] $AvsResourceGroupName,
        [String] $AvsPrivateCloudName,

        [Parameter(Mandatory=$true)]
        $Logger
    )
    $AzContext = Get-AzContext
    $AzureSubscriptionId = $AzContext.Subscription.Id
    $Logger.LogDebug("The default subscriptionId $AzureSubscriptionId of the current Azure context will be used.")
    $AuthHeader = Get-AzureAuthHeader -AzContext $AzContext
    $RestUri = “https://management.azure.com/subscriptions/$($AzureSubscriptionId)/resourceGroups/$($avsResourceGroupName)/providers/Microsoft.AVS/privateClouds/$($avsPrivateCloudName)/scriptExecutions/$($RunCmdExecutionName)?api-version=2021-12-01”
    $Response = Invoke-RestMethod -Uri $restUri -Method Get -Headers $AuthHeader
    return $Response.properties.namedOutputs
}

function Get-Timeout {
    param (
        [Parameter(Mandatory=$true)]
        [string]$Cluster,

        [Parameter(Mandatory=$true)]
        $InputParams
    )

    if ($InputParams.ContainsKey("TimeoutInMinutes")) {
        return $InputParams["TimeoutInMinutes"]
    }
    $HostCount = (Get-VMHost -Location $Cluster).Count
    $Timeout = [Math]::Ceiling(($HostCount * $DEFAULT_PER_HOST_TIMEOUT_IN_SECONDS)/60)
    if ($Timeout -lt $MIN_TIMEOUT_IN_MINUTES ) {
        $Timeout = $MIN_TIMEOUT_IN_MINUTES
    }
    elseif ($Timeout -gt $MAX_TIMEOUT_IN_MINUTES){
        $Timeout = $MAX_TIMEOUT_IN_MINUTES
    }

    return $Timeout
}

function Test-RunCommandPackageAvailability {
    param (
        [Parameter(Mandatory = $true)]
        [String] $SubscriptionId,

        [Parameter(Mandatory = $true)]
        [String] $RunCommandModule,

        [Parameter(Mandatory = $true)]
        [String] $RunCommandPackageVersion,

        [Parameter(Mandatory = $false)]
        [String] $AVSCloudName,

        [Parameter(Mandatory = $false)]
        [String] $AVSResourceGroup,

        [Parameter(Mandatory=$true)]
        $Logger
    )

    $Uri = "https://management.azure.com/subscriptions/$($SubscriptionId)/resourceGroups/$($AVSResourceGroup)/providers/Microsoft.AVS/privateClouds/$($AVSCloudName)/scriptPackages/$($RunCommandModule)@$($RunCommandPackageVersion)?api-version=2023-03-01"
    $Res = Invoke-AzRest -Uri $Uri -Method GET
    if ($Res.StatusCode -ne 200) {
        throw "Could not find '$($RunCommandModule)@$($RunCommandPackageVersion)' RunCommand package in Azure. Please make sure the package is available in Azure."
    }
    else {
        $Logger.LogInfo("Found '$($RunCommandModule)@$($RunCommandPackageVersion)' RunCommand package in Azure...")
    }
}

# SIG # Begin signature block
# MIIpRQYJKoZIhvcNAQcCoIIpNjCCKTICAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBFmTz5EG9L34xG
# PdqWIVT9O+l4N1EkalcdLDcfj53fdqCCDfIwggbmMIIEzqADAgECAhB3vQ4DobcI
# +FSrBnIQ2QRHMA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNVBAYTAkJFMRkwFwYDVQQK
# ExBHbG9iYWxTaWduIG52LXNhMSkwJwYDVQQDEyBHbG9iYWxTaWduIENvZGUgU2ln
# bmluZyBSb290IFI0NTAeFw0yMDA3MjgwMDAwMDBaFw0zMDA3MjgwMDAwMDBaMFkx
# CzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMS8wLQYDVQQD
# EyZHbG9iYWxTaWduIEdDQyBSNDUgQ29kZVNpZ25pbmcgQ0EgMjAyMDCCAiIwDQYJ
# KoZIhvcNAQEBBQADggIPADCCAgoCggIBANZCTfnjT8Yj9GwdgaYw90g9z9DljeUg
# IpYHRDVdBs8PHXBg5iZU+lMjYAKoXwIC947Jbj2peAW9jvVPGSSZfM8RFpsfe2vS
# o3toZXer2LEsP9NyBjJcW6xQZywlTVYGNvzBYkx9fYYWlZpdVLpQ0LB/okQZ6dZu
# bD4Twp8R1F80W1FoMWMK+FvQ3rpZXzGviWg4QD4I6FNnTmO2IY7v3Y2FQVWeHLw3
# 3JWgxHGnHxulSW4KIFl+iaNYFZcAJWnf3sJqUGVOU/troZ8YHooOX1ReveBbz/IM
# BNLeCKEQJvey83ouwo6WwT/Opdr0WSiMN2WhMZYLjqR2dxVJhGaCJedDCndSsZlR
# Qv+hst2c0twY2cGGqUAdQZdihryo/6LHYxcG/WZ6NpQBIIl4H5D0e6lSTmpPVAYq
# gK+ex1BC+mUK4wH0sW6sDqjjgRmoOMieAyiGpHSnR5V+cloqexVqHMRp5rC+QBmZ
# y9J9VU4inBDgoVvDsy56i8Te8UsfjCh5MEV/bBO2PSz/LUqKKuwoDy3K1JyYikpt
# WjYsL9+6y+JBSgh3GIitNWGUEvOkcuvuNp6nUSeRPPeiGsz8h+WX4VGHaekizIPA
# tw9FbAfhQ0/UjErOz2OxtaQQevkNDCiwazT+IWgnb+z4+iaEW3VCzYkmeVmda6tj
# cWKQJQ0IIPH/AgMBAAGjggGuMIIBqjAOBgNVHQ8BAf8EBAMCAYYwEwYDVR0lBAww
# CgYIKwYBBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU2rONwCSQ
# o2t30wygWd0hZ2R2C3gwHwYDVR0jBBgwFoAUHwC/RoAK/Hg5t6W0Q9lWULvOljsw
# gZMGCCsGAQUFBwEBBIGGMIGDMDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5nbG9i
# YWxzaWduLmNvbS9jb2Rlc2lnbmluZ3Jvb3RyNDUwRgYIKwYBBQUHMAKGOmh0dHA6
# Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2NvZGVzaWduaW5ncm9vdHI0
# NS5jcnQwQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2NybC5nbG9iYWxzaWduLmNv
# bS9jb2Rlc2lnbmluZ3Jvb3RyNDUuY3JsMFYGA1UdIARPME0wQQYJKwYBBAGgMgEy
# MDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9z
# aXRvcnkvMAgGBmeBDAEEATANBgkqhkiG9w0BAQsFAAOCAgEACIhyJsav+qxfBsCq
# jJDa0LLAopf/bhMyFlT9PvQwEZ+PmPmbUt3yohbu2XiVppp8YbgEtfjry/RhETP2
# ZSW3EUKL2Glux/+VtIFDqX6uv4LWTcwRo4NxahBeGQWn52x/VvSoXMNOCa1Za7j5
# fqUuuPzeDsKg+7AE1BMbxyepuaotMTvPRkyd60zsvC6c8YejfzhpX0FAZ/ZTfepB
# 7449+6nUEThG3zzr9s0ivRPN8OHm5TOgvjzkeNUbzCDyMHOwIhz2hNabXAAC4ShS
# S/8SS0Dq7rAaBgaehObn8NuERvtz2StCtslXNMcWwKbrIbmqDvf+28rrvBfLuGfr
# 4z5P26mUhmRVyQkKwNkEcUoRS1pkw7x4eK1MRyZlB5nVzTZgoTNTs/Z7KtWJQDxx
# pav4mVn945uSS90FvQsMeAYrz1PYvRKaWyeGhT+RvuB4gHNU36cdZytqtq5NiYAk
# CFJwUPMB/0SuL5rg4UkI4eFb1zjRngqKnZQnm8qjudviNmrjb7lYYuA2eDYB+sGn
# iXomU6Ncu9Ky64rLYwgv/h7zViniNZvY/+mlvW1LWSyJLC9Su7UpkNpDR7xy3bzZ
# v4DB3LCrtEsdWDY3ZOub4YUXmimi/eYI0pL/oPh84emn0TCOXyZQK8ei4pd3iu/Y
# TT4m65lAYPM8Zwy2CHIpNVOBNNwwggcEMIIE7KADAgECAgxcuW61kTkv+4t8zgQw
# DQYJKoZIhvcNAQELBQAwWTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNp
# Z24gbnYtc2ExLzAtBgNVBAMTJkdsb2JhbFNpZ24gR0NDIFI0NSBDb2RlU2lnbmlu
# ZyBDQSAyMDIwMB4XDTI0MDMxMTE0MDQxMloXDTI3MDMxMjE0MDQxMlowcjELMAkG
# A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFDASBgNVBAcTC1NhbnRhIENs
# YXJhMRswGQYDVQQKExJQdXJlIFN0b3JhZ2UsIEluYy4xGzAZBgNVBAMTElB1cmUg
# U3RvcmFnZSwgSW5jLjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMCQ
# rioSn48IvHpTg5dofsUYj/pNTDidwjYUrcxVu78NoyhSweG8FhcxDi/SI40+8Fcc
# l3D5ZoqpjkFnGhzSwmpxU3J4AP7+fdTZht9eWD1I5qKY07esYwdPDV4yg+csPfdG
# PqI2XjRfT5UC3YkXQeUrX8KQZldD4KqvgxzpYcuBwsgHbTb/eArpi68YgFR2jgZG
# yZigfy8RuJMrL1thcBOe/VWjUyK21wVT8cuunBYFaStLHhsRBRMDcZBDuTSGC4ev
# E6oaCqlQbdMl9YFJ64mDQsKlCxrr7rmLVtcVzKGwmjp4b2xRwE+RmTh6JtrUL9Wx
# /3a3UzgAnDNimfwp85zoL48kyLtHqQ3FI8tVKGm+aBOgBZfmURoy7fbp4zKhGgqF
# bpOmILO16i4f999YsEEJQgIF3CtyH1R60/ZZWlDmoeeEgjAGrnd14muU5Hk3Cksr
# 43uPUAg+fV78Y0fDV85ibm42ZwwPuz6MI4HhYNUlGzRwIQ31vjaGuAMWHNqFKkcO
# 0JuIeHQ/gFKPnYIxnGC9H9R4Kw/uMezqtnYJwGU2epB/ABl/w7U4NgU2ZOxWB5BF
# y4frZ3f+hNgbjFUjMaXnVFotOJxXntzjdSl4znw8DaKiC5ooChteZMITG9p078p/
# TUsOJQbUtFADSY1hsfCfB7t+gJSNt5peS9GOZIMVAgMBAAGjggGxMIIBrTAOBgNV
# HQ8BAf8EBAMCB4AwgZsGCCsGAQUFBwEBBIGOMIGLMEoGCCsGAQUFBzAChj5odHRw
# Oi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2djY3I0NWNvZGVzaWdu
# Y2EyMDIwLmNydDA9BggrBgEFBQcwAYYxaHR0cDovL29jc3AuZ2xvYmFsc2lnbi5j
# b20vZ3NnY2NyNDVjb2Rlc2lnbmNhMjAyMDBWBgNVHSAETzBNMEEGCSsGAQQBoDIB
# MjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBv
# c2l0b3J5LzAIBgZngQwBBAEwCQYDVR0TBAIwADBFBgNVHR8EPjA8MDqgOKA2hjRo
# dHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2dzZ2NjcjQ1Y29kZXNpZ25jYTIwMjAu
# Y3JsMBMGA1UdJQQMMAoGCCsGAQUFBwMDMB8GA1UdIwQYMBaAFNqzjcAkkKNrd9MM
# oFndIWdkdgt4MB0GA1UdDgQWBBSzJ9KiDCa3UBiAajy+Iioj5kQjzDANBgkqhkiG
# 9w0BAQsFAAOCAgEAHsFQixeQEcoHurq9NWSUt4S39Q+UGP6crmVq3Wwy9g23YbdW
# g+SgMxoLUqdoDfA4k4B6Dyoo0jEQzn2kxnsnT9lNHKrcZHH88dv0hjfiH2qAiQWa
# zPjS3LhK2J6nhpyipJPpyRaSQG4x4aG0NB2D4WUfUz9CGAYsERJGww/wkTaaxMip
# ttKDTaI1C49u1igDfRzIO+Q8vuyyBFLiYTno/df97xtjNC+KxxFhDhl/4tawK6kw
# xaVzCMAfj48I67Wbo4DMH6pM1s19as7c3qp92i3MylGKsB6+u+o7UkbSdLNkS4AL
# I33CJOUc+GoK3Nt5IXXCFJTQFHBXkBdAur3gmlXEm8vlNG/1Sbxr0H7T1e7ABGH/
# 48o/+PeMLuCc72EeK5dJ4cX9NEQ3QnTsZHwGnYzjEOvOvP0s1c7yNsDbcUHoIqQv
# b5xS5aqMU5G+8sdPQ1nwpPf7gGaEEbAVW4w51Pam42qeN9HIPa+ZinXnsN02Kk1Q
# w0QwUqzaQy9W/gIquI0KOjw0LmoW9M/8S0lrjpEq2eEeUw9WQLhhUEIirFxGPtjq
# iCLiiS9CZ+kf2vWLJKUspkYv+OHT3q805Zg1dJsBFAzEYUFLb1mhmigDEO9bsMor
# jECIL2ijE5zHtbGkalrrsPWu8tiDT/B7P9GSYzKfOOy4PoOIfWSK0IxlS7Ixghqp
# MIIapQIBATBpMFkxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52
# LXNhMS8wLQYDVQQDEyZHbG9iYWxTaWduIEdDQyBSNDUgQ29kZVNpZ25pbmcgQ0Eg
# MjAyMAIMXLlutZE5L/uLfM4EMA0GCWCGSAFlAwQCAQUAoIGXMBkGCSqGSIb3DQEJ
# AzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMCsG
# CisGAQQBgjcCAQwxHTAboRmAF2h0dHBzOi8vcHVyZXN0b3JhZ2UuY29tMC8GCSqG
# SIb3DQEJBDEiBCAUsSoF8z3P9nfDzuYikfDzJKlFm6At5G6VnmY6yPi9JDANBgkq
# hkiG9w0BAQEFAASCAgBjE+eecs5J7+SIeDxYOuY2WSazUAXd75orIVlOPmlseiwc
# xnWdbNVTHURQS0HeUKSAXCtgXbfCYtabIZB29aGopdbyoA/JNj9iELfbwTcCfE+I
# gb9GGWf+fmr6k4iGo1vOmvNFaBtn767GxkdHL1xEmptbgpSHUVR1NcSyDUqVMmPg
# ENJNuNgTRfVj7JjleLQ+xE3NMlAY7FT1jQlX30jX4nlP2P1djkEw+OeCgnlO5zEg
# Mfon38VD5wWvYxBwUdQa/EvRR9M6a+Ykt6mPc/YRByaAjeskpf65vI1xF8bDFU9O
# GASayz4x+q6KMJCJhZCPwdo2JH/WLVljY1r+p7OK0nsCPejIZU77VQ/3etsGLBDH
# 6GcNUgzHBFhIONiiEbpWNcNoS8rkBvjDmmCQIEMwOJmqwhimHpEb3W2EbPp1W/Uk
# +67la5b8Ty2dGynUXb/awgNkHyrW6gDzCiqDAYHPnW3c9yjB7XghUban2dKWXhW6
# luqWOE9676zwEJ85kBJIcnNBV3W0JQgD1nTV1svhWwWQ3N1TlA5C4rhKky1u0xhY
# FGwXrMMlbnPl+qt3qc43IwnhHOqZvVMvFABK485VV6R3Owvzd86u2QujUK5e4knM
# xlDypxodnJHXbn2gGZRuei9EfDnb+DOXRk9w7OVRAo9YiJqJ06Ys2BqsnnHEk6GC
# F3cwghdzBgorBgEEAYI3AwMBMYIXYzCCF18GCSqGSIb3DQEHAqCCF1AwghdMAgED
# MQ8wDQYJYIZIAWUDBAIBBQAweAYLKoZIhvcNAQkQAQSgaQRnMGUCAQEGCWCGSAGG
# /WwHATAxMA0GCWCGSAFlAwQCAQUABCCw5Jlz6MWtJMVBQcMbVoqILP8wPDCkVWi4
# YnZIDypGRQIRALDOFS5rV3iSYZlJf9srAaMYDzIwMjYwNjE3MTE0MTU5WqCCEzow
# ggbtMIIE1aADAgECAhAKgO8YS43xBYLRxHanlXRoMA0GCSqGSIb3DQEBCwUAMGkx
# CzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UEAxM4
# RGlnaUNlcnQgVHJ1c3RlZCBHNCBUaW1lU3RhbXBpbmcgUlNBNDA5NiBTSEEyNTYg
# MjAyNSBDQTEwHhcNMjUwNjA0MDAwMDAwWhcNMzYwOTAzMjM1OTU5WjBjMQswCQYD
# VQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xOzA5BgNVBAMTMkRpZ2lD
# ZXJ0IFNIQTI1NiBSU0E0MDk2IFRpbWVzdGFtcCBSZXNwb25kZXIgMjAyNSAxMIIC
# IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0EasLRLGntDqrmBWsytXum9R
# /4ZwCgHfyjfMGUIwYzKomd8U1nH7C8Dr0cVMF3BsfAFI54um8+dnxk36+jx0Tb+k
# +87H9WPxNyFPJIDZHhAqlUPt281mHrBbZHqRK71Em3/hCGC5KyyneqiZ7syvFXJ9
# A72wzHpkBaMUNg7MOLxI6E9RaUueHTQKWXymOtRwJXcrcTTPPT2V1D/+cFllESvi
# H8YjoPFvZSjKs3SKO1QNUdFd2adw44wDcKgH+JRJE5Qg0NP3yiSyi5MxgU6cehGH
# r7zou1znOM8odbkqoK+lJ25LCHBSai25CFyD23DZgPfDrJJJK77epTwMP6eKA0kW
# a3osAe8fcpK40uhktzUd/Yk0xUvhDU6lvJukx7jphx40DQt82yepyekl4i0r8OEp
# s/FNO4ahfvAk12hE5FVs9HVVWcO5J4dVmVzix4A77p3awLbr89A90/nWGjXMGn7F
# QhmSlIUDy9Z2hSgctaepZTd0ILIUbWuhKuAeNIeWrzHKYueMJtItnj2Q+aTyLLKL
# M0MheP/9w6CtjuuVHJOVoIJ/DtpJRE7Ce7vMRHoRon4CWIvuiNN1Lk9Y+xZ66laz
# s2kKFSTnnkrT3pXWETTJkhd76CIDBbTRofOsNyEhzZtCGmnQigpFHti58CSmvEyJ
# cAlDVcKacJ+A9/z7eacCAwEAAaOCAZUwggGRMAwGA1UdEwEB/wQCMAAwHQYDVR0O
# BBYEFOQ7/PIx7f391/ORcWMZUEPPYYzoMB8GA1UdIwQYMBaAFO9vU0rp5AZ8esri
# kFb2L9RJ7MtOMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcD
# CDCBlQYIKwYBBQUHAQEEgYgwgYUwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp
# Z2ljZXJ0LmNvbTBdBggrBgEFBQcwAoZRaHR0cDovL2NhY2VydHMuZGlnaWNlcnQu
# Y29tL0RpZ2lDZXJ0VHJ1c3RlZEc0VGltZVN0YW1waW5nUlNBNDA5NlNIQTI1NjIw
# MjVDQTEuY3J0MF8GA1UdHwRYMFYwVKBSoFCGTmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0
# LmNvbS9EaWdpQ2VydFRydXN0ZWRHNFRpbWVTdGFtcGluZ1JTQTQwOTZTSEEyNTYy
# MDI1Q0ExLmNybDAgBgNVHSAEGTAXMAgGBmeBDAEEAjALBglghkgBhv1sBwEwDQYJ
# KoZIhvcNAQELBQADggIBAGUqrfEcJwS5rmBB7NEIRJ5jQHIh+OT2Ik/bNYulCrVv
# hREafBYF0RkP2AGr181o2YWPoSHz9iZEN/FPsLSTwVQWo2H62yGBvg7ouCODwrx6
# ULj6hYKqdT8wv2UV+Kbz/3ImZlJ7YXwBD9R0oU62PtgxOao872bOySCILdBghQ/Z
# LcdC8cbUUO75ZSpbh1oipOhcUT8lD8QAGB9lctZTTOJM3pHfKBAEcxQFoHlt2s9s
# XoxFizTeHihsQyfFg5fxUFEp7W42fNBVN4ueLaceRf9Cq9ec1v5iQMWTFQa0xNqI
# tH3CPFTG7aEQJmmrJTV3Qhtfparz+BW60OiMEgV5GWoBy4RVPRwqxv7Mk0Sy4QHs
# 7v9y69NBqycz0BZwhB9WOfOu/CIJnzkQTwtSSpGGhLdjnQ4eBpjtP+XB3pQCtv4E
# 5UCSDag6+iX8MmB10nfldPF9SVD7weCC3yXZi/uuhqdwkgVxuiMFzGVFwYbQsiGn
# oa9F5AaAyBjFBtXVLcKtapnMG3VH3EmAp/jsJ3FVF3+d1SVDTmjFjLbNFZUWMXuZ
# yvgLfgyPehwJVxwC+UpX2MSey2ueIu9THFVkT+um1vshETaWyQo8gmBto/m3acaP
# 9QsuLj3FNwFlTxq25+T4QwX9xa6ILs84ZPvmpovq90K8eWyG2N01c4IhSOxqt81n
# MIIGtDCCBJygAwIBAgIQDcesVwX/IZkuQEMiDDpJhjANBgkqhkiG9w0BAQsFADBi
# MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
# d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg
# RzQwHhcNMjUwNTA3MDAwMDAwWhcNMzgwMTE0MjM1OTU5WjBpMQswCQYDVQQGEwJV
# UzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0IFRy
# dXN0ZWQgRzQgVGltZVN0YW1waW5nIFJTQTQwOTYgU0hBMjU2IDIwMjUgQ0ExMIIC
# IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtHgx0wqYQXK+PEbAHKx126NG
# aHS0URedTa2NDZS1mZaDLFTtQ2oRjzUXMmxCqvkbsDpz4aH+qbxeLho8I6jY3xL1
# IusLopuW2qftJYJaDNs1+JH7Z+QdSKWM06qchUP+AbdJgMQB3h2DZ0Mal5kYp77j
# YMVQXSZH++0trj6Ao+xh/AS7sQRuQL37QXbDhAktVJMQbzIBHYJBYgzWIjk8eDrY
# hXDEpKk7RdoX0M980EpLtlrNyHw0Xm+nt5pnYJU3Gmq6bNMI1I7Gb5IBZK4ivbVC
# iZv7PNBYqHEpNVWC2ZQ8BbfnFRQVESYOszFI2Wv82wnJRfN20VRS3hpLgIR4hjzL
# 0hpoYGk81coWJ+KdPvMvaB0WkE/2qHxJ0ucS638ZxqU14lDnki7CcoKCz6eum5A1
# 9WZQHkqUJfdkDjHkccpL6uoG8pbF0LJAQQZxst7VvwDDjAmSFTUms+wV/FbWBqi7
# fTJnjq3hj0XbQcd8hjj/q8d6ylgxCZSKi17yVp2NL+cnT6Toy+rN+nM8M7LnLqCr
# O2JP3oW//1sfuZDKiDEb1AQ8es9Xr/u6bDTnYCTKIsDq1BtmXUqEG1NqzJKS4kOm
# xkYp2WyODi7vQTCBZtVFJfVZ3j7OgWmnhFr4yUozZtqgPrHRVHhGNKlYzyjlroPx
# ul+bgIspzOwbtmsgY1MCAwEAAaOCAV0wggFZMBIGA1UdEwEB/wQIMAYBAf8CAQAw
# HQYDVR0OBBYEFO9vU0rp5AZ8esrikFb2L9RJ7MtOMB8GA1UdIwQYMBaAFOzX44LS
# cV1kTN8uZz/nupiuHA9PMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEF
# BQcDCDB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp
# Z2ljZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNlcnQu
# Y29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcnQwQwYDVR0fBDwwOjA4oDagNIYy
# aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5j
# cmwwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJYIZIAYb9bAcBMA0GCSqGSIb3DQEB
# CwUAA4ICAQAXzvsWgBz+Bz0RdnEwvb4LyLU0pn/N0IfFiBowf0/Dm1wGc/Do7oVM
# Y2mhXZXjDNJQa8j00DNqhCT3t+s8G0iP5kvN2n7Jd2E4/iEIUBO41P5F448rSYJ5
# 9Ib61eoalhnd6ywFLerycvZTAz40y8S4F3/a+Z1jEMK/DMm/axFSgoR8n6c3nuZB
# 9BfBwAQYK9FHaoq2e26MHvVY9gCDA/JYsq7pGdogP8HRtrYfctSLANEBfHU16r3J
# 05qX3kId+ZOczgj5kjatVB+NdADVZKON/gnZruMvNYY2o1f4MXRJDMdTSlOLh0HC
# n2cQLwQCqjFbqrXuvTPSegOOzr4EWj7PtspIHBldNE2K9i697cvaiIo2p61Ed2p8
# xMJb82Yosn0z4y25xUbI7GIN/TpVfHIqQ6Ku/qjTY6hc3hsXMrS+U0yy+GWqAXam
# 4ToWd2UQ1KYT70kZjE4YtL8Pbzg0c1ugMZyZZd/BdHLiRu7hAWE6bTEm4XYRkA6T
# l4KSFLFk43esaUeqGkH/wyW4N7OigizwJWeukcyIPbAvjSabnf7+Pu0VrFgoiovR
# Diyx3zEdmcif/sYQsfch28bZeUz2rtY/9TCA6TD8dC3JE3rYkrhLULy7Dc90G6e8
# BlqmyIjlgp2+VqsS9/wQD7yFylIz0scmbKvFoW2jNrbM1pD2T7m3XDCCBY0wggR1
# oAMCAQICEA6bGI750C3n79tQ4ghAGFowDQYJKoZIhvcNAQEMBQAwZTELMAkGA1UE
# BhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2lj
# ZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENBMB4X
# DTIyMDgwMTAwMDAwMFoXDTMxMTEwOTIzNTk1OVowYjELMAkGA1UEBhMCVVMxFTAT
# BgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEh
# MB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3RlZCBSb290IEc0MIICIjANBgkqhkiG9w0B
# AQEFAAOCAg8AMIICCgKCAgEAv+aQc2jeu+RdSjwwIjBpM+zCpyUuySE98orYWcLh
# Kac9WKt2ms2uexuEDcQwH/MbpDgW61bGl20dq7J58soR0uRf1gU8Ug9SH8aeFaV+
# vp+pVxZZVXKvaJNwwrK6dZlqczKU0RBEEC7fgvMHhOZ0O21x4i0MG+4g1ckgHWMp
# Lc7sXk7Ik/ghYZs06wXGXuxbGrzryc/NrDRAX7F6Zu53yEioZldXn1RYjgwrt0+n
# MNlW7sp7XeOtyU9e5TXnMcvak17cjo+A2raRmECQecN4x7axxLVqGDgDEI3Y1Dek
# LgV9iPWCPhCRcKtVgkEy19sEcypukQF8IUzUvK4bA3VdeGbZOjFEmjNAvwjXWkmk
# wuapoGfdpCe8oU85tRFYF/ckXEaPZPfBaYh2mHY9WV1CdoeJl2l6SPDgohIbZpp0
# yt5LHucOY67m1O+SkjqePdwA5EUlibaaRBkrfsCUtNJhbesz2cXfSwQAzH0clcOP
# 9yGyshG3u3/y1YxwLEFgqrFjGESVGnZifvaAsPvoZKYz0YkH4b235kOkGLimdwHh
# D5QMIR2yVCkliWzlDlJRR3S+Jqy2QXXeeqxfjT/JvNNBERJb5RBQ6zHFynIWIgnf
# fEx1P2PsIV/EIFFrb7GrhotPwtZFX50g/KEexcCPorF+CiaZ9eRpL5gdLfXZqbId
# 5RsCAwEAAaOCATowggE2MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOzX44LS
# cV1kTN8uZz/nupiuHA9PMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MA4GA1UdDwEB/wQEAwIBhjB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0
# dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2Vy
# dHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDBFBgNV
# HR8EPjA8MDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRB
# c3N1cmVkSURSb290Q0EuY3JsMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0B
# AQwFAAOCAQEAcKC/Q1xV5zhfoKN0Gz22Ftf3v1cHvZqsoYcs7IVeqRq7IviHGmlU
# Iu2kiHdtvRoU9BNKei8ttzjv9P+Aufih9/Jy3iS8UgPITtAq3votVs/59PesMHqa
# i7Je1M/RQ0SbQyHrlnKhSLSZy51PpwYDE3cnRNTnf+hZqPC/Lwum6fI0POz3A8eH
# qNJMQBk1RmppVLC4oVaO7KTVPeix3P0c2PR3WlxUjG/voVA9/HYJaISfb8rbII01
# YBwCA8sgsKxYoA5AY8WYIsGyWfVVa88nq2x2zm8jLfR+cWojayL/ErhULSd+2DrZ
# 8LaHlv1b0VysGMNNn3O3AamfV6peKOK5lDGCA3wwggN4AgEBMH0waTELMAkGA1UE
# BhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMUEwPwYDVQQDEzhEaWdpQ2Vy
# dCBUcnVzdGVkIEc0IFRpbWVTdGFtcGluZyBSU0E0MDk2IFNIQTI1NiAyMDI1IENB
# MQIQCoDvGEuN8QWC0cR2p5V0aDANBglghkgBZQMEAgEFAKCB0TAaBgkqhkiG9w0B
# CQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI2MDYxNzExNDE1OVow
# KwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQU3WIwrIYKLTBr2jixaHlSMAf7QX4wLwYJ
# KoZIhvcNAQkEMSIEIHvJYqJVLVRnq8UzkDlrAR1n5pHo1koagHRZCr9J9OxjMDcG
# CyqGSIb3DQEJEAIvMSgwJjAkMCIEIEqgP6Is11yExVyTj4KOZ2ucrsqzP+NtJpqj
# NPFGEQozMA0GCSqGSIb3DQEBAQUABIICALxmCTKwoFW6rYJtf1kvWWiZq6xxoIDA
# hZgxiw6jZUGKGEcE4c8oAjVVn27kVoTFZYte32hWDsg0xzqsygvgtSaetO4Rruw7
# BjG031lWf7kk1neYJFdDFAOoqtOF7OzrmdLXxd/lePK/XquMej/4P/C9u0EDVgvv
# PLc8Q+iG3PN6nqZ2oRNZ6A+9Q6T1uUUjiIJGojx9vmWOs6Ma9itr/wnaut58I09b
# TNX0Rof/CLqvc0lD3SSsV0RCNl77JM3SAvkbP8AFkjFCds6w+HkgBdnWE5gLHS3N
# ZMKTcCKE759HlvkN6Gl0yQbor1+q5xt7qq8GH0VFa5qf1L1NbqIHSBZVUM3iSbi9
# mPQV44YZ8TEQPSws6WTx5t+L2kGhNpn5UbGIc8p4UAmrsyGzyIN1plnVljFouUVk
# I8TkqlEfqPbuYCWbkKTd0eGpc2mKZzwmXgPl8WnO8NBbraHnpXXs/tHWKW3nO2Tk
# X7YJIFwlq0gPOEP78TMvI2T9CpvrP4vzd68kyDApmVc48bGOUJKDmnEBZKLHSrgZ
# FZ8QG+eBp3mXyMpvvh4KI2LZlWEFEURsIJk70DDZMBZQalYLxUAjf+d+ncvsdUOV
# ZbQ8Dr0d+8j+F7zdjddY8O6b35/zFI0FWmnT5NBHAUqumEwwtBWAz1RXOttl5CEy
# Ix6iG3wL7IKR
# SIG # End signature block