From 435ca8e6d0d27b8eb45787e10cab667915549634 Mon Sep 17 00:00:00 2001 From: Giles Westwood Date: Fri, 29 Nov 2024 00:30:55 +0000 Subject: [PATCH 01/19] adding basic docker container --- .github/workflows/bld_docker.yml | 159 + Dockerfile | 100 + certs/DONE.state | 0 certs/ca-certificates.crt | 3163 +++++++++++++++++ certs/cacerts | Bin 0 -> 167385 bytes certs/dhparam.pem | 8 + certs/docker_dev-haproxy.pem | 53 + certs/docker_dev-key.pem | 27 + certs/docker_dev.csr | 20 + certs/docker_dev.jks | Bin 0 -> 4081 bytes certs/docker_dev.p12 | Bin 0 -> 3976 bytes certs/docker_dev.pem | 26 + certs/orcid_rsa_2022.crt | 22 + default.env | 11 + deploy.sh | 1 + docker-compose.yml | 112 + empty.env | 0 entrypoint.sh | 41 + orcid-web-proxy/Dockerfile | 14 + .../nginx/conf.d/0-http-common.conf | 46 + orcid-web-proxy/nginx/conf.d/0-ssl.conf | 7 + orcid-web-proxy/nginx/conf.d/default.conf | 146 + orcid-web-proxy/nginx/nginx.conf | 71 + .../nginx/snippets/proxy_frontend.conf | 22 + orcid-web-proxy/nginx/snippets/proxy_ui.conf | 22 + orcid-web-proxy/nginx/snippets/static_ui.conf | 53 + orcid-web/Dockerfile | 100 + orcid-web/log4j2.xml | 56 + orcid-web/orcid.properties.j2 | 184 + properties/default.frontend.env | 11 + properties/default.misc.env | 12 + properties/default.orcid_core.env | 39 + properties/default.persistence.env | 67 + 33 files changed, 4593 insertions(+) create mode 100644 .github/workflows/bld_docker.yml create mode 100644 Dockerfile create mode 100644 certs/DONE.state create mode 100644 certs/ca-certificates.crt create mode 100755 certs/cacerts create mode 100644 certs/dhparam.pem create mode 100644 certs/docker_dev-haproxy.pem create mode 100644 certs/docker_dev-key.pem create mode 100644 certs/docker_dev.csr create mode 100644 certs/docker_dev.jks create mode 100644 certs/docker_dev.p12 create mode 100644 certs/docker_dev.pem create mode 100644 certs/orcid_rsa_2022.crt create mode 100644 default.env create mode 100644 docker-compose.yml create mode 100644 empty.env create mode 100755 entrypoint.sh create mode 100644 orcid-web-proxy/Dockerfile create mode 100644 orcid-web-proxy/nginx/conf.d/0-http-common.conf create mode 100644 orcid-web-proxy/nginx/conf.d/0-ssl.conf create mode 100644 orcid-web-proxy/nginx/conf.d/default.conf create mode 100644 orcid-web-proxy/nginx/nginx.conf create mode 100644 orcid-web-proxy/nginx/snippets/proxy_frontend.conf create mode 100644 orcid-web-proxy/nginx/snippets/proxy_ui.conf create mode 100644 orcid-web-proxy/nginx/snippets/static_ui.conf create mode 100644 orcid-web/Dockerfile create mode 100644 orcid-web/log4j2.xml create mode 100644 orcid-web/orcid.properties.j2 create mode 100644 properties/default.frontend.env create mode 100644 properties/default.misc.env create mode 100644 properties/default.orcid_core.env create mode 100644 properties/default.persistence.env diff --git a/.github/workflows/bld_docker.yml b/.github/workflows/bld_docker.yml new file mode 100644 index 00000000000..e1fd22d5481 --- /dev/null +++ b/.github/workflows/bld_docker.yml @@ -0,0 +1,159 @@ +name: bld_docker + +permissions: + checks: write + contents: read + issues: read + pull-requests: write + +on: + workflow_call: + inputs: + docker_name: + description: 'Name of the docker image to build' + required: false + default: "orcid/version-bumping-test" + type: string + context: + description: 'Name of the context in the repo' + required: false + default: "." + type: string + build_args: + description: 'build_args e.g wibble=blar' + required: false + default: "" + type: string + file: + description: 'specify a custom dockerfile' + required: false + default: "" + type: string + version_tag: + description: 'Name of the tag to build' + required: false + default: 'latest' + type: string + bump: + description: 'whether to bump the version number by a major minor patch amount or none' + required: false + default: 'patch' + type: string + ref: + description: 'git reference to use with the checkout use default_branch to have that calculated' + required: false + default: "default" + type: string + push: + description: 'Select to push to docker registry' + required: false + default: true + type: boolean + + workflow_dispatch: + inputs: + docker_name: + description: 'Name of the docker image to build' + required: false + default: "orcid/version-bumping-test" + type: string + context: + description: 'Name of the context in the repo' + required: false + default: "." + type: string + build_args: + description: 'build_args e.g wibble=blar' + required: false + default: "" + type: string + file: + description: 'specify a custom dockerfile' + required: false + default: "" + type: string + version_tag: + description: 'Name of the tag to build' + required: false + default: 'latest' + type: string + bump: + description: 'whether to bump the version number by a major minor patch amount or none' + required: false + default: 'patch' + type: string + ref: + description: 'git reference to use with the checkout use default_branch to have that calculated' + required: false + default: "default" + type: string + push: + description: 'Select to push to docker registry' + required: false + default: true + type: boolean + +jobs: + bld_docker: + strategy: + matrix: + include: + - artifact_name: orcid-web + docker_name: orcid/registry/orcid-web + file: orcid-web/Dockerfile + + - artifact_name: orcid-web-proxy + docker_name: orcid/registry/orcid-web-proxy + file: orcid-web-proxy/Dockerfile + + runs-on: ubuntu-latest + steps: + - name: git-checkout-ref-action + id: ref + uses: ORCID/git-checkout-ref-action@main + with: + default_branch: ${{ github.event.repository.default_branch }} + ref: ${{ inputs.ref }} + + - uses: actions/checkout@v4 + with: + ref: ${{ steps.ref.outputs.ref }} + # checkout some history so we can scan commits for bump messages + # NOTE: history does not include tags! + fetch-depth: 100 + + - name: find next version + id: version + uses: ORCID/version-bump-action@main + with: + version_tag: ${{ inputs.version_tag }} + bump: ${{ inputs.bump }} + + - uses: docker/setup-buildx-action@v3 + + - name: Login to private registry + uses: docker/login-action@v3 + with: + registry: ${{ secrets.DOCKER_REG_PRIVATE }} + username: ${{ secrets.DOCKER_USER }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: nasty hack to allow dynamic defaults + id: dynamic_defaults + run: | + FILE="${{ matrix.file }}" + echo "default_file=${FILE:-${{ inputs.context }}/Dockerfile}" >> "$GITHUB_OUTPUT" + + - name: show the dynamic defaults + run: | + echo ${{ steps.dynamic_defaults.outputs.default_file }} + + - uses: docker/build-push-action@v6 + with: + push: ${{ inputs.push }} + tags: ${{ secrets.DOCKER_REG_PRIVATE }}/${{ matrix.docker_name}}:${{ steps.version.outputs.version_tag_numeric }} + context: ${{ inputs.context }} + cache-from: type=registry,ref=${{ secrets.DOCKER_REG_PRIVATE }}/${{ matrix.docker_name }}:cache + cache-to: type=registry,mode=max,image-manifest=true,oci-mediatypes=true,ref=${{ secrets.DOCKER_REG_PRIVATE }}/${{ matrix.docker_name }}:cache + file: ${{ steps.dynamic_defaults.outputs.default_file }} + diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000000..a90b8260ab7 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,100 @@ +# dependencies docker build + +# match version from .tool-versions +FROM maven:3.6.3-jdk-11 AS maven + +ARG tag_numeric + +WORKDIR /build + +# copy only poms for max cachability of just dependency downloads +COPY pom.xml . +COPY orcid-core/pom.xml orcid-core/pom.xml +COPY orcid-persistence/pom.xml orcid-persistence/pom.xml +COPY orcid-utils/pom.xml orcid-utils/pom.xml +COPY orcid-test/pom.xml orcid-test/pom.xml +COPY orcid-api-common/pom.xml orcid-api-common/pom.xml +COPY orcid-scheduler-web/pom.xml orcid-scheduler-web/pom.xml +COPY orcid-api-web/pom.xml orcid-api-web/pom.xml +COPY orcid-message-listener/pom.xml orcid-message-listener/pom.xml +COPY orcid-core/pom.xml orcid-core/pom.xml +COPY orcid-web/pom.xml orcid-web/pom.xml +COPY orcid-internal-api/pom.xml orcid-internal-api/pom.xml +COPY orcid-pub-web/pom.xml orcid-pub-web/pom.xml +COPY orcid-activemq/pom.xml orcid-activemq/pom.xml + +# FIXME: these dont seem required? +#COPY orcid-web-frontend/pom.xml orcid-web-frontend/pom.xml +#COPY orcid-activities-indexer/pom.xml orcid-activities-indexer/pom.xml +#COPY orcid-nodejs/pom.xml orcid-nodejs/pom.xml + +# download maven dependencies and ignore that some components will fail +RUN mvn -T 1C --batch-mode dependency:resolve --fail-never -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn + +# install orcid-parent into our local maven repo because the builds depend a version tagged release +RUN mvn -T 1C --batch-mode --non-recursive clean install -DskipTests \ +-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn + +# install orcid-utils into our local maven repo because the builds depend a version tagged release +COPY orcid-utils/src orcid-utils/src +RUN mvn -T 1C --batch-mode --projects orcid-utils clean install -DskipTests \ +-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn + +# install orcid-test into our local maven repo because orcid-persistence depends on it +COPY orcid-test/src orcid-test/src +RUN mvn -T 1C --batch-mode --projects orcid-test clean install -DskipTests \ +-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn + +# install orcid-persistence into our local maven repo because orcid-core depends on it +COPY orcid-persistence/src orcid-persistence/src +RUN mvn -T 1C --batch-mode --projects orcid-persistence clean install -DskipTests \ +-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn + +# install orcid-core into our local maven repo because the builds depend a version tagged release +COPY orcid-core/src orcid-core/src +RUN mvn -T 1C --batch-mode --projects orcid-core clean install -DskipTests \ +-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn + +# install orcid-api-common into our local maven repo because orcid-web deploy depends a version tagged release +COPY orcid-api-common/src orcid-api-common/src +RUN mvn -T 1C --batch-mode --projects orcid-api-common clean install -DskipTests \ +-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn + +################################################################################## +COPY orcid-web/src orcid-web/src +RUN mvn -T 1C --batch-mode -DgenerateBackupPoms=false \ +--projects orcid-web -am package -DskipTests \ +-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn + +# For Java 11 and Tomcat 9 +FROM tomcat:9.0.93-jdk11-temurin-jammy + +# Focal has no j2cli support +# FROM tomcat:9.0.91-jdk11-temurin-focal + +# copy jar file from build +COPY --from=maven /build/*/target/*.war /usr/local/tomcat/webapps/orcid-web.war + +RUN mkdir -p /usr/local/tomcat/newrelic +COPY newrelic.yml /usr/local/tomcat/newrelic/newrelic.yml +RUN curl -L -s https://download.newrelic.com/newrelic/java-agent/newrelic-agent/8.13.0/newrelic-agent-8.13.0.jar -o /usr/local/tomcat/newrelic/newrelic.jar + +RUN apt-get update +RUN apt-get install -y j2cli + +# add orcid ca to allow Java application to trust other containers +ADD certs/cacerts /opt/java/openjdk/lib/security/cacerts + +# add orcid ca to system to allow curl healthchecks to work +ADD certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt + + +COPY entrypoint.sh . +RUN chmod +x ./entrypoint.sh + +COPY orcid-web/*.j2 . + +COPY orcid-web/log4j2.xml . + +ENTRYPOINT ./entrypoint.sh + diff --git a/certs/DONE.state b/certs/DONE.state new file mode 100644 index 00000000000..e69de29bb2d diff --git a/certs/ca-certificates.crt b/certs/ca-certificates.crt new file mode 100644 index 00000000000..b20f7324d34 --- /dev/null +++ b/certs/ca-certificates.crt @@ -0,0 +1,3163 @@ +-----BEGIN CERTIFICATE----- +MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UE +AwwJQUNDVlJBSVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQsw +CQYDVQQGEwJFUzAeFw0xMTA1MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQ +BgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwHUEtJQUNDVjENMAsGA1UECgwEQUND +VjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCb +qau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gMjmoY +HtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWo +G2ioPej0RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpA +lHPrzg5XPAOBOp0KoVdDaaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhr +IA8wKFSVf+DuzgpmndFALW4ir50awQUZ0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/ +0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDGWuzndN9wrqODJerWx5eH +k6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs78yM2x/47 +4KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMO +m3WR5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpa +cXpkatcnYGMN285J9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPl +uUsXQA+xtrn13k/c4LOsOxFwYIRKQ26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYI +KwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRwOi8vd3d3LmFjY3YuZXMvZmls +ZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEuY3J0MB8GCCsG +AQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 +VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeT +VfZW6oHlNsyMHj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIG +CCsGAQUFBwICMIIBFB6CARAAQQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUA +cgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBhAO0AegAgAGQAZQAgAGwAYQAgAEEA +QwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUAYwBuAG8AbABvAGcA +7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBjAHQA +cgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAA +QwBQAFMAIABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUA +czAwBggrBgEFBQcCARYkaHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2Mu +aHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRt +aW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2MV9kZXIuY3JsMA4GA1Ud +DwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZIhvcNAQEF +BQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdp +D70ER9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gU +JyCpZET/LtZ1qmxNYEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+m +AM/EKXMRNt6GGT6d7hmKG9Ww7Y49nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepD +vV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJTS+xJlsndQAJxGJ3KQhfnlms +tn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3sCPdK6jT2iWH +7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h +I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szA +h1xA2syVP1XgNce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xF +d3+YJ5oyXSrjhO7FmGYvliAd3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2H +pPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3pEfbRD0tVNEYqi4Y7 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsx +CzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJ +WiBGTk1ULVJDTTAeFw0wODEwMjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJ +BgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBG +Tk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALpxgHpMhm5/ +yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcfqQgf +BBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAz +WHFctPVrbtQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxF +tBDXaEAUwED653cXeuYLj2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z +374jNUUeAlz+taibmSXaXvMiwzn15Cou08YfxGyqxRxqAQVKL9LFwag0Jl1mpdIC +IfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mwWsXmo8RZZUc1g16p6DUL +mbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnTtOmlcYF7 +wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peS +MKGJ47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2 +ZSysV4999AeU14ECll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMet +UqIJ5G+GR4of6ygnXYMgrwTJbFaai0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPd9xf3E6Jobd2Sn9R2gzL+H +YJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3 +LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD +nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1 +RXxlDPiyN8+sD8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYM +LVN0V2Ue1bLdI4E7pWYjJ2cJj+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf +77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrTQfv6MooqtyuGC2mDOL7Nii4LcK2N +JpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW+YJF1DngoABd15jm +fZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7Ixjp +6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp +1txyM/1d8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B +9kiABdcPUXmsEKvU7ANm5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wok +RqEIr9baRRmW1FMdW4R58MD3R++Lj8UGrp1MYp3/RgT408m2ECVAdf4WqslKYIYv +uu8wd+RU4riEmViAqhOLUTpPSPaLtrM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICbjCCAfOgAwIBAgIQYvYybOXE42hcG2LdnC6dlTAKBggqhkjOPQQDAzB4MQsw +CQYDVQQGEwJFUzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNlcmVzMRgw +FgYDVQRhDA9WQVRFUy1RMjgyNjAwNEoxLDAqBgNVBAMMI0FDIFJBSVogRk5NVC1S +Q00gU0VSVklET1JFUyBTRUdVUk9TMB4XDTE4MTIyMDA5MzczM1oXDTQzMTIyMDA5 +MzczM1oweDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQtUkNNMQ4wDAYDVQQL +DAVDZXJlczEYMBYGA1UEYQwPVkFURVMtUTI4MjYwMDRKMSwwKgYDVQQDDCNBQyBS +QUlaIEZOTVQtUkNNIFNFUlZJRE9SRVMgU0VHVVJPUzB2MBAGByqGSM49AgEGBSuB +BAAiA2IABPa6V1PIyqvfNkpSIeSX0oNnnvBlUdBeh8dHsVnyV0ebAAKTRBdp20LH +sbI6GA60XYyzZl2hNPk2LEnb80b8s0RpRBNm/dfF/a82Tc4DTQdxz69qBdKiQ1oK +Um8BA06Oi6NCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD +VR0OBBYEFAG5L++/EYZg8k/QQW6rcx/n0m5JMAoGCCqGSM49BAMDA2kAMGYCMQCu +SuMrQMN0EfKVrRYj3k4MGuZdpSRea0R7/DjiT8ucRRcRTBQnJlU5dUoDzBOQn5IC +MQD6SmxgiHPz7riYYqnOK8LZiqZwMR2vsJRM60/G49HzYqc8/5MuB1xJAWdpEgJy +v+c= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF7zCCA9egAwIBAgIIDdPjvGz5a7EwDQYJKoZIhvcNAQELBQAwgYQxEjAQBgNV +BAUTCUc2MzI4NzUxMDELMAkGA1UEBhMCRVMxJzAlBgNVBAoTHkFORiBBdXRvcmlk +YWQgZGUgQ2VydGlmaWNhY2lvbjEUMBIGA1UECxMLQU5GIENBIFJhaXoxIjAgBgNV +BAMTGUFORiBTZWN1cmUgU2VydmVyIFJvb3QgQ0EwHhcNMTkwOTA0MTAwMDM4WhcN +MzkwODMwMTAwMDM4WjCBhDESMBAGA1UEBRMJRzYzMjg3NTEwMQswCQYDVQQGEwJF +UzEnMCUGA1UEChMeQU5GIEF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uMRQwEgYD +VQQLEwtBTkYgQ0EgUmFpejEiMCAGA1UEAxMZQU5GIFNlY3VyZSBTZXJ2ZXIgUm9v +dCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANvrayvmZFSVgpCj +cqQZAZ2cC4Ffc0m6p6zzBE57lgvsEeBbphzOG9INgxwruJ4dfkUyYA8H6XdYfp9q +yGFOtibBTI3/TO80sh9l2Ll49a2pcbnvT1gdpd50IJeh7WhM3pIXS7yr/2WanvtH +2Vdy8wmhrnZEE26cLUQ5vPnHO6RYPUG9tMJJo8gN0pcvB2VSAKduyK9o7PQUlrZX +H1bDOZ8rbeTzPvY1ZNoMHKGESy9LS+IsJJ1tk0DrtSOOMspvRdOoiXsezx76W0OL +zc2oD2rKDF65nkeP8Nm2CgtYZRczuSPkdxl9y0oukntPLxB3sY0vaJxizOBQ+OyR +p1RMVwnVdmPF6GUe7m1qzwmd+nxPrWAI/VaZDxUse6mAq4xhj0oHdkLePfTdsiQz +W7i1o0TJrH93PB0j7IKppuLIBkwC/qxcmZkLLxCKpvR/1Yd0DVlJRfbwcVw5Kda/ +SiOL9V8BY9KHcyi1Swr1+KuCLH5zJTIdC2MKF4EA/7Z2Xue0sUDKIbvVgFHlSFJn +LNJhiQcND85Cd8BEc5xEUKDbEAotlRyBr+Qc5RQe8TZBAQIvfXOn3kLMTOmJDVb3 +n5HUA8ZsyY/b2BzgQJhdZpmYgG4t/wHFzstGH6wCxkPmrqKEPMVOHj1tyRRM4y5B +u8o5vzY8KhmqQYdOpc5LMnndkEl/AgMBAAGjYzBhMB8GA1UdIwQYMBaAFJxf0Gxj +o1+TypOYCK2Mh6UsXME3MB0GA1UdDgQWBBScX9BsY6Nfk8qTmAitjIelLFzBNzAO +BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AgEATh65isagmD9uw2nAalxJUqzLK114OMHVVISfk/CHGT0sZonrDUL8zPB1hT+L +9IBdeeUXZ701guLyPI59WzbLWoAAKfLOKyzxj6ptBZNscsdW699QIyjlRRA96Gej +rw5VD5AJYu9LWaL2U/HANeQvwSS9eS9OICI7/RogsKQOLHDtdD+4E5UGUcjohybK +pFtqFiGS3XNgnhAY3jyB6ugYw3yJ8otQPr0R4hUDqDZ9MwFsSBXXiJCZBMXM5gf0 +vPSQ7RPi6ovDj6MzD8EpTBNO2hVWcXNyglD2mjN8orGoGjR0ZVzO0eurU+AagNjq +OknkJjCb5RyKqKkVMoaZkgoQI1YS4PbOTOK7vtuNknMBZi9iPrJyJ0U27U1W45eZ +/zo1PqVUSlJZS2Db7v54EX9K3BR5YLZrZAPbFYPhor72I5dQ8AkzNqdxliXzuUJ9 +2zg/LFis6ELhDtjTO0wugumDLmsx2d1Hhk9tl5EuT+IocTUW0fJz/iUrB0ckYyfI ++PbZa/wSMVYIwFNCr5zQM378BvAxRAMU8Vjq8moNqRGyg77FGr8H6lnco4g175x2 +MjxNBiLOFeXdntiP2t7SxDnlF4HPOEfrf4htWRvfn0IUrn7PqLBmZdo3r5+qPeoo +tt7VMVgWglvquxl1AnMaykgaIZOQCo6ThKd9OyMYkomgjaw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE +BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w +MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 +IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC +SVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1 +ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv +UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX +4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9 +KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/ +gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb +rxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ +51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F +be8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe +KF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F +v6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn +fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7 +jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz +ezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt +ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL +e3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70 +jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz +WochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V +SM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j +pwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX +X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok +fcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R +K4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU +ZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU +LysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT +LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP +Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr +ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL +MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1 +yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr +VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/ +nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG +XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj +vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt +Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g +N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC +nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y +YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua +kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL +QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp +6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG +yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i +QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO +tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu +QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ +Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u +olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48 +x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz +dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG +A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U +cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf +qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ +JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ ++jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS +s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5 +HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7 +70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG +V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S +qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S +5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia +C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX +OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE +FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2 +KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg +Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B +8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ +MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc +0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ +u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF +u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH +YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8 +GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO +RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e +KeC2uAloGRwYQw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC +VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ +cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ +BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt +VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D +0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9 +ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G +A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs +aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I +flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF +ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 +b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL +MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv +b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj +ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM +9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw +IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6 +VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L +93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm +jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA +A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI +U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs +N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv +o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU +5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy +rqXRfboQnoZsG4q5WTP468SQvvG5 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF +ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 +b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL +MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv +b3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK +gXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ +W0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg +1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K +8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r +2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me +z/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR +8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj +mUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz +7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6 ++XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI +0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm +UjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2 +LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY ++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS +k5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl +7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm +btmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl +urR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+ +fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63 +n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE +76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H +9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT +4PsJYGw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5 +MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g +Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG +A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg +Q0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl +ui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr +ttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr +BqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM +YyRIHN8wfdVoOw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5 +MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g +Um9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG +A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg +Q0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi +9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk +M6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB +MAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw +CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW +1KyLa2tJElMzrdfkviT8tQp21KW8EA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE +AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG +EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM +FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC +REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp +Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM +VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ +SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ +4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L +cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi +eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG +A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 +DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j +vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP +DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc +maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D +lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv +KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE +BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h +cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy +MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg +Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9 +thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM +cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG +L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i +NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h +X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b +m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy +Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja +EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T +KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF +6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh +OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD +VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD +VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp +cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv +ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl +AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF +661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9 +am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1 +ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481 +PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS +3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k +SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF +3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM +ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g +StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz +Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB +jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ +RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD +VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX +DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y +ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy +VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr +mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr +IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK +mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu +XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy +dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye +jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 +BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 +DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 +9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx +jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 +Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz +ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS +R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg +Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow +TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw +HgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1g1Lr +6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPV +L4O2fuPn9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC91 +1K2GScuVr1QGbNgGE41b/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHx +MlAQTn/0hpPshNOOvEu/XAFOBz3cFIqUCqTqc/sLUegTBxj6DvEr0VQVfTzh97QZ +QmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeffawrbD02TTqigzXsu8lkB +arcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgIzRFo1clr +Us3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLi +FRhnBkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRS +P/TizPJhk9H9Z2vXUq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN +9SG9dKpN6nIDSdvHXx1iY8f93ZHsM+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxP +AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMmAd+BikoL1Rpzz +uvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAU18h +9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s +A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3t +OluwlN5E40EIosHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo ++fsicdl9sz1Gv7SEr5AcD48Saq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7 +KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYdDnkM/crqJIByw5c/8nerQyIKx+u2 +DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWDLfJ6v9r9jv6ly0Us +H8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0oyLQ +I+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK7 +5t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h +3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPz +Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg +Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow +TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw +HgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRHsJ8Y +ZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3E +N3coTRiR5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9 +tznDDgFHmV0ST9tD+leh7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX +0DJq1l1sDPGzbjniazEuOQAnFN44wOwZZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c +/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH2xc519woe2v1n/MuwU8X +KhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV/afmiSTY +zIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvS +O1UQRwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D +34xFMFbG02SrZvPAXpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgP +K9Dx2hzLabjKSWJtyNBjYt1gD1iqj6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3 +AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEe4zf/lb+74suwv +Tg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAACAj +QTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV +cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXS +IGrs/CIBKM+GuIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2 +HJLw5QY33KbmkJs4j1xrG0aGQ0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsa +O5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8ZORK15FTAaggiG6cX0S5y2CBNOxv +033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2KSb12tjE8nVhz36u +dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE +kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41 +3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD +u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq +4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV +BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu +MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQy +MDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx +EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjIw +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbCw3Oe +NcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNH +PWSb6WiaxswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3I +x2ymrdMxp7zo5eFm1tL7A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbe +QTg06ov80egEFGEtQX6sx3dOy1FU+16SGBsEWmjGycT6txOgmLcRK7fWV8x8nhfR +yyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqVg8NTEQxzHQuyRpDRQjrO +QG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa5Beny912 +H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJ +QfYEkoopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUD +i/ZnWejBBhG93c+AAk9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORs +nLMOPReisjQS1n6yqEm70XooQL6iFh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1 +rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud +DwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5uQu0wDQYJKoZI +hvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM +tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqf +GopTpti72TVVsRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkb +lvdhuDvEK7Z4bLQjb/D907JedR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka ++elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W81k/BfDxujRNt+3vrMNDcTa/F1bal +TFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjxmHHEt38OFdAlab0i +nSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01utI3 +gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18Dr +G5gPcFw0sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3Os +zMOl6W8KjptlwlCFtaOgUxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8x +L4ysEr3vQCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcL +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJD +TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y +aXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkx +MjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5j +aWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJP +T1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnVBU03 +sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpL +TIpTUnrD7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5 +/ZOkVIBMUtRSqy5J35DNuF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp +7hZZLDRJGqgG16iI0gNyejLi6mhNbiyWZXvKWfry4t3uMCz7zEasxGPrb382KzRz +EpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7xzbh72fROdOXW3NiGUgt +hxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9fpy25IGvP +a931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqot +aK8KgWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNg +TnYGmE69g60dWIolhdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfV +PKPtl8MeNPo4+QgO48BdK4PRVmrJtqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hv +cWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAfBgNVHSMEGDAWgBTj/i39KNAL +tbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd +BgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB +ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObT +ej/tUxPQ4i9qecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdL +jOztUmCypAbqTuv0axn96/Ua4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBS +ESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sGE5uPhnEFtC+NiWYzKXZUmhH4J/qy +P5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfXBDrDMlI1Dlb4pd19 +xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjnaH9d +Ci77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN +5mydLIhyPDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe +/v5WOaHIz16eGWRGENoXkbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+Z +AAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ +5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB +gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV +BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw +MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P +RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 +UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI +2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 +Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp ++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ +DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O +nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW +/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g +PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u +QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY +SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv +IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ +RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 +zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd +BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB +ZQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT +IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw +MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy +ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N +T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR +FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J +cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW +BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm +fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv +GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB +hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV +BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5 +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT +EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR +Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR +6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X +pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC +9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV +/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf +Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z ++pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w +qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah +SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC +u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf +Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq +crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E +FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB +/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl +wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM +4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV +2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna +FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ +CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK +boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke +jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL +S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb +QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl +0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB +NVOFBkpdn627G190 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV +BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X +DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ +BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4 +QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny +gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw +zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q +130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2 +JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw +ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT +AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj +AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG +9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h +bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc +fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu +HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w +t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw +WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAw +WjELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAw +MiA0ODE0NjMwODEwMDAzNjEZMBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0x +MzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjdaMFoxCzAJBgNVBAYTAkZSMRIwEAYD +VQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYzMDgxMDAwMzYxGTAX +BgNVBAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw +ggIKAoICAQDNGDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sO +ty3tRQgXstmzy9YXUnIo245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9M +CiBtnyN6tMbaLOQdLNyzKNAT8kxOAkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPu +I9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8JXrJhFwLrN1CTivngqIkicuQstDuI7pm +TLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16XdG+RCYyKfHx9WzMfgIh +C59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQwFsWq4NYKpkDf +ePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBBe3Yz +IoejwpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWT +Co/1VTp2lc5ZmIoJlXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1k +JWumIWmbat10TWuXekG9qxf5kBdIjzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5 +hwjCxAnxl4YqKE3idMDaxIzb3+KhF1nOJFl0Mdp//TBt2dzhauH8XwIDAQABo4IB +GjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE +FBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1UdIwQYMBaAFBiHVuBud+4kNTxOc5of +1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwczov +L3d3d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBkMC+gLaArhilo +dHRwOi8vY3JsLmNlcnRpZ25hLmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+gLYYr +aHR0cDovL2NybC5kaGlteW90aXMuY29tL2NlcnRpZ25hcm9vdGNhLmNybDANBgkq +hkiG9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOItOoldaDgvUSILSo3L +6btdPrtcPbEo/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxPTGRG +HVyH41neQtGbqH6mid2PHMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH6 +0BGM+RFq7q89w1DTj18zeTyGqHNFkIwgtnJzFyO+B2XleJINugHA64wcZr+shncB +lA2c5uk5jR+mUYyZDDl34bSb+hxnV29qao6pK0xXeXpXIs/NX2NGjVxZOob4Mkdi +o2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd8VRY+WCv2hikLyhF3HqgiIZd8zvn/yk1 +gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS6Cvu5zHbugRqh5jnxV/v +faci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaYtlu3zM63 +Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayh +jWZSaX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw +3kAP+HwV96LOPNdeE4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICZTCCAeugAwIBAgIQeI8nXIESUiClBNAt3bpz9DAKBggqhkjOPQQDAzB0MQsw +CQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScw +JQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGTAXBgNVBAMT +EENlcnR1bSBFQy0zODQgQ0EwHhcNMTgwMzI2MDcyNDU0WhcNNDMwMzI2MDcyNDU0 +WjB0MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBT +LkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGTAX +BgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATE +KI6rGFtqvm5kN2PkzeyrOvfMobgOgknXhimfoZTy42B4mIF4Bk3y7JoOV2CDn7Tm +Fy8as10CW4kjPMIRBSqniBMY81CE1700LCeJVf/OTOffph8oxPBUw7l8t1Ot68Kj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI0GZnQkdjrzife81r1HfS+8 +EF9LMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNoADBlAjADVS2m5hjEfO/J +UG7BJw+ch69u1RsIGL2SKcHvlJF40jocVYli5RsJHrpka/F2tNQCMQC0QoSZ/6vn +nvuRlydd3LBbMHHOXjgaatkl5+r3YZJW+OraNsKHZZYuciUvf9/DE8k= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM +MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D +ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU +cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3 +WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg +Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw +IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH +UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM +TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU +BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM +kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x +AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV +HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y +sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL +I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8 +J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY +VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI +03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCB +gDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu +QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG +A1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMCIYDzIwMTExMDA2MDgz +OTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQTDEiMCAGA1UEChMZ +VW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3 +b3JrIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWA +DGSdhhuWZGc/IjoedQF97/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn +0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+oCgCXhVqqndwpyeI1B+twTUrWwbNWuKFB +OJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40bRr5HMNUuctHFY9rnY3lE +fktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2puTRZCr+E +Sv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1m +o130GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02i +sx7QBlrd9pPPV3WZ9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOW +OZV7bIBaTxNyxtd9KXpEulKkKtVBRgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgez +Tv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pyehizKV/Ma5ciSixqClnrDvFAS +adgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vMBhBgu4M1t15n +3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQ +F/xlhMcQSZDe28cmk4gmb3DWAl45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTf +CVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuAL55MYIR4PSFk1vtBHxgP58l1cb29 +XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMoclm2q8KMZiYcdywm +djWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tMpkT/ +WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jb +AoJnwTnbw3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksq +P/ujmv5zMnHCnsZy4YpoJ/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Ko +b7a6bINDd82Kkhehnlt4Fj1F4jNy3eFmypnTycUm/Q1oBEauttmbjL4ZvrHG8hnj +XALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLXis7VmFxWlgPF7ncGNf/P +5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7zAYspsbi +DrW5viSP +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFwDCCA6igAwIBAgIQHr9ZULjJgDdMBvfrVU+17TANBgkqhkiG9w0BAQ0FADB6 +MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEu +MScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNV +BAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwHhcNMTgwMzE2MTIxMDEzWhcNNDMw +MzE2MTIxMDEzWjB6MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEg +U3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQDRLY67tzbqbTeRn06TpwXkKQMlzhyC93yZ +n0EGze2jusDbCSzBfN8pfktlL5On1AFrAygYo9idBcEq2EXxkd7fO9CAAozPOA/q +p1x4EaTByIVcJdPTsuclzxFUl6s1wB52HO8AU5853BSlLCIls3Jy/I2z5T4IHhQq +NwuIPMqw9MjCoa68wb4pZ1Xi/K1ZXP69VyywkI3C7Te2fJmItdUDmj0VDT06qKhF +8JVOJVkdzZhpu9PMMsmN74H+rX2Ju7pgE8pllWeg8xn2A1bUatMn4qGtg/BKEiJ3 +HAVz4hlxQsDsdUaakFjgao4rpUYwBI4Zshfjvqm6f1bxJAPXsiEodg42MEx51UGa +mqi4NboMOvJEGyCI98Ul1z3G4z5D3Yf+xOr1Uz5MZf87Sst4WmsXXw3Hw09Omiqi +7VdNIuJGmj8PkTQkfVXjjJU30xrwCSss0smNtA0Aq2cpKNgB9RkEth2+dv5yXMSF +ytKAQd8FqKPVhJBPC/PgP5sZ0jeJP/J7UhyM9uH3PAeXjA6iWYEMspA90+NZRu0P +qafegGtaqge2Gcu8V/OXIXoMsSt0Puvap2ctTMSYnjYJdmZm/Bo/6khUHL4wvYBQ +v3y1zgD2DGHZ5yQD4OMBgQ692IU0iL2yNqh7XAjlRICMb/gv1SHKHRzQ+8S1h9E6 +Tsd2tTVItQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSM+xx1 +vALTn04uSNn5YFSqxLNP+jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQAD +ggIBAEii1QALLtA/vBzVtVRJHlpr9OTy4EA34MwUe7nJ+jW1dReTagVphZzNTxl4 +WxmB82M+w85bj/UvXgF2Ez8sALnNllI5SW0ETsXpD4YN4fqzX4IS8TrOZgYkNCvo +zMrnadyHncI013nR03e4qllY/p0m+jiGPp2Kh2RX5Rc64vmNueMzeMGQ2Ljdt4NR +5MTMI9UGfOZR0800McD2RrsLrfw9EAUqO0qRJe6M1ISHgCq8CYyqOhNf6DR5UMEQ +GfnTKB7U0VEwKbOukGfWHwpjscWpxkIxYxeU72nLL/qMFH3EQxiJ2fAyQOaA4kZf +5ePBAFmo+eggvIksDkc0C+pXwlM2/KfUrzHN/gLldfq5Jwn58/U7yn2fqSLLiMmq +0Uc9NneoWWRrJ8/vJ8HjJLWG965+Mk2weWjROeiQWMODvA8s1pfrzgzhIMfatz7D +P78v3DSk+yshzWePS/Tj6tQ/50+6uaWTRRxmHyH6ZF5v4HaUMst19W7l9o/HuKTM +qJZ9ZPskWkoDbGs4xugDQ5r3V7mzKWmTOPQD8rv7gmsHINFSH5pkAnuYZttcTVoP +0ISVoDwUQwbKytu4QTbaakRnh6+v40URFWkIsr4WOZckbxJF0WddCajJFdr60qZf +E2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyRVJ12AMXDuDjb +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb +MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow +GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj +YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM +GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua +BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe +3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 +YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR +rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm +ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU +oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v +QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t +b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF +AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q +GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 +G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi +l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 +smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYG +A1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh +bCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UE +ChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBS +b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mi8vRRQZhP/8NN5 +7CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW0ozS +J8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2y +HLtgwEZLAfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iP +t3sMpTjr3kfb1V05/Iin89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNz +FtApD0mpSPCzqrdsxacwOUBdrsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAY +XSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAw +hi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3Js +MB8GA1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUA +A4IBAQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj +Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUx +XOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+zv+mKts2o +omcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+TX3EJIrduPuoc +A06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW +WL1WMRJOEcgh4LMRkWXbtKaIOM5V +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD +bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha +ME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMM +HkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOADER03 +UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42 +tSHKXzlABF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9R +ySPocq60vFYJfxLLHLGvKZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsM +lFqVlNpQmvH/pStmMaTJOKDfHR+4CS7zp+hnUquVH+BGPtikw8paxTGA6Eian5Rp +/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUCAwEAAaOCARowggEWMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ4PGEMA4G +A1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVj +dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUy +MENBJTIwMiUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRl +cmV2b2NhdGlvbmxpc3QwQ6BBoD+GPWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3Js +L2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAwOS5jcmwwDQYJKoZIhvcNAQEL +BQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm2H6NMLVwMeni +acfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 +o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4K +zCUqNQT4YJEVdT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8 +PIWmawomDeCTmGCufsYkl4phX5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3Y +Johw1+qRzT65ysCQblrGXnRl11z+o+I= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD +bGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUw +NDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV +BAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpn +ljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM0 +3TP1YtHhzRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6Z +qQTMFexgaDbtCHu39b+T7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lR +p75mpoo6Kr3HGrHhFPC+Oh25z1uxav60sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8 +HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure3511H3a6UCAwEAAaOCASQw +ggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyvcop9Ntea +HNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFw +Oi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh +c3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1E +RT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQt +dHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDku +Y3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp +3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 +nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNF +CSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7na +xpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqX +KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c +JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP +mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ +wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 +VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ +AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB +AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun +pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC +dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf +fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm +NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx +H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe ++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSA +n61UQbVH35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4Htecc +biJVMWWXvdMX0h5i89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9Hp +EgjAALAcKxHad3A2m67OeYfcgnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lA +bx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6Yu +YjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+RnlTGNAgMB +AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQW +BBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPI +QW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I +0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni +lmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9 +B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv +ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo +IhNzbM8m9Yop5w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg +RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu +Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf +Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q +RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD +AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY +JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv +6pZjamVFkpUBtA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD +QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB +CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 +nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt +43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P +T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 +gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR +TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw +DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr +hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg +06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF +PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls +YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk +CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH +MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI +2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx +1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ +q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz +tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ +vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV +5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY +1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 +NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG +Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 +8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe +pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl +MrY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe +Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw +EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x +IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF +K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG +fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO +Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd +BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx +AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/ +oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8 +sycX +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j +ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 +LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug +RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm ++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW +PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM +xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB +Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 +hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg +EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA +FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec +nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z +eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF +hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 +Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep ++OkuE6N36B9K +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg +RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu +Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y +ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If +xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV +ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO +DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ +jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/ +CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi +EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM +fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY +uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK +chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t +9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD +ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2 +SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd ++SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc +fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa +sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N +cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N +0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie +4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI +r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1 +/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm +gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNV +BAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBC +aWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNV +BAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQDDB9FLVR1 +Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMwNTEyMDk0OFoXDTIz +MDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+ +BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhp +em1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN +ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4vU/kwVRHoViVF56C/UY +B4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vdhQd2h8y/L5VMzH2nPbxH +D5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5KCKpbknSF +Q9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEo +q1+gElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3D +k14opz8n8Y4e0ypQBaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcH +fC425lAcP9tDJMW/hkd5s3kc91r0E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsut +dEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gzrt48Ue7LE3wBf4QOXVGUnhMM +ti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAqjqFGOjGY5RH8 +zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn +rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUX +U8u3Zg5mTPj5dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6 +Jyr+zE7S6E5UMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5 +XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAF +Nzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAKkEh47U6YA5n+KGCR +HTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jOXKqY +GwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c +77NCR807VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3 ++GbHeJAAFS6LrVE1Uweoa2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WK +vJUawSg5TB9D0pH0clmKuVb8P7Sd2nCcdlqMQ1DujjByTd//SffGqWfZbawCEeI6 +FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl +yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P +AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD +y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d +NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB +8zELMAkGA1UEBhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2Vy +dGlmaWNhY2lvIChOSUYgUS0wODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1 +YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYDVQQLEyxWZWdldSBodHRwczovL3d3 +dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UECxMsSmVyYXJxdWlh +IEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMTBkVD +LUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQG +EwJFUzE7MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8g +KE5JRiBRLTA4MDExNzYtSSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBD +ZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZlZ2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQu +bmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJhcnF1aWEgRW50aXRhdHMg +ZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUNDMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R +85iKw5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm +4CgPukLjbo73FCeTae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaV +HMf5NLWUhdWZXqBIoH7nF2W4onW4HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNd +QlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0aE9jD2z3Il3rucO2n5nzbcc8t +lGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw0JDnJwIDAQAB +o4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4 +opvpXY0wfwYDVR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBo +dHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidW +ZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAwDQYJKoZIhvcN +AQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJlF7W2u++AVtd0x7Y +/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNaAl6k +SBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhy +Rp/7SNVel+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOS +Agu+TGbrIP65y7WZf+a2E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xl +nJ2lYJU6Un/10asIbvPuW/mIPX64b24D5EI= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML +RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp +bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 +IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3 +MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 +LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp +YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG +A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq +K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe +sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX +MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT +XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ +HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH +4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub +j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo +U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf +zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b +u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+ +bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er +fF6adulZkMV8gzURZVE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 +Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW +KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl +cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw +NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw +NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy +ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV +BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo +Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4 +4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9 +KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI +rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi +94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB +sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi +gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo +kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE +vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA +A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t +O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua +AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP +9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/ +eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m +0vdXcDazv/wor3ElhVsT/h5/WrQ8 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG +A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3 +d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu +dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq +RW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy +MTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD +VQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0 +L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g +Zm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi +A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt +ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH +Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC +R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX +hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50 +cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs +IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz +dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy +NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu +dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt +dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0 +aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T +RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN +cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW +wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1 +U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0 +jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP +BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN +BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/ +jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ +Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v +1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R +nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH +VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVlrVgwDQYJKoZIhvcNAQELBQAw +gb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL +Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg +MjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAw +BgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0 +MB4XDTE1MDUyNzExMTExNloXDTM3MTIyNzExNDExNlowgb4xCzAJBgNVBAYTAlVT +MRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1 +c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJ +bmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3Qg +Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0MIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEAsewsQu7i0TD/pZJH4i3DumSXbcr3DbVZwbPLqGgZ +2K+EbTBwXX7zLtJTmeH+H17ZSK9dE43b/2MzTdMAArzE+NEGCJR5WIoV3imz/f3E +T+iq4qA7ec2/a0My3dl0ELn39GjUu9CH1apLiipvKgS1sqbHoHrmSKvS0VnM1n4j +5pds8ELl3FFLFUHtSUrJ3hCX1nbB76W1NhSXNdh4IjVS70O92yfbYVaCNNzLiGAM +C1rlLAHGVK/XqsEQe9IFWrhAnoanw5CGAlZSCXqc0ieCU0plUmr1POeo8pyvi73T +DtTUXm6Hnmo9RR3RXRv06QqsYJn7ibT/mCzPfB3pAqoEmh643IhuJbNsZvc8kPNX +wbMv9W3y+8qh+CmdRouzavbmZwe+LGcKKh9asj5XxNMhIWNlUpEbsZmOeX7m640A +2Vqq6nPopIICR5b+W45UYaPrL0swsIsjdXJ8ITzI9vF01Bx7owVV7rtNOzK+mndm +nqxpkCIHH2E6lr7lmk/MBTwoWdPBDFSoWWG9yHJM6Nyfh3+9nEg2XpWjDrk4JFX8 +dWbrAuMINClKxuMrLzOg2qOGpRKX/YAr2hRC45K9PvJdXmd0LhyIRyk0X+IyqJwl +N4y6mACXi0mWHv0liqzc2thddG5msP9E36EYxr5ILzeUePiVSj9/E15dWf10hkNj +c0kCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD +VR0OBBYEFJ84xFYjwznooHFs6FRM5Og6sb9nMA0GCSqGSIb3DQEBCwUAA4ICAQAS +5UKme4sPDORGpbZgQIeMJX6tuGguW8ZAdjwD+MlZ9POrYs4QjbRaZIxowLByQzTS +Gwv2LFPSypBLhmb8qoMi9IsabyZIrHZ3CL/FmFz0Jomee8O5ZDIBf9PD3Vht7LGr +hFV0d4QEJ1JrhkzO3bll/9bGXp+aEJlLdWr+aumXIOTkdnrG0CSqkM0gkLpHZPt/ +B7NTeLUKYvJzQ85BK4FqLoUWlFPUa19yIqtRLULVAJyZv967lDtX/Zr1hstWO1uI +AeV8KEsD+UmDfLJ/fOPtjqF/YFOOVZ1QNBIPt5d7bIdKROf1beyAN/BYGW5KaHbw +H5Lk6rWS02FREAutp9lfx1/cH6NcjKF+m7ee01ZvZl4HliDtC3T7Zk6LERXpgUl+ +b7DUUH8i119lAg2m9IUe2K4GS0qn0jFmwvjO5QimpAKWRGhXxNUzzxkvFMSUHHuk +2fCfDrGA4tGeEWSpiBE6doLlYsKA2KSD7ZPvfC+QsDJMlhVoSFLUmQjAJOgc47Ol +IQ6SwJAfzyBfyjs4x7dtOvPmRLgOMWuIjnDrnBdSqEGULoe256YSxXXfW8AKbnuk +5F6G+TaU33fD6Q3AOfF5u0aOq0NZJ7cguyPpVkAh7DE9ZapD8j3fcEThuk0mEDuY +n/PIjhs4ViFqUZPTkcpG2om3PVODLAgfi49T3f+sHw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE +BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ +IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 +MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV +BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w +HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj +Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj +TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u +KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj +qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm +MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 +ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP +zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk +L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC +jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA +HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC +AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg +p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm +DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 +COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry +L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf +JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg +IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io +2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV +09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ +XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq +T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe +MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFgjCCA2qgAwIBAgILWku9WvtPilv6ZeUwDQYJKoZIhvcNAQELBQAwTTELMAkG +A1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkw +FwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMB4XDTIwMDIxMDAwMDAwMFoXDTQwMDYx +MDAwMDAwMFowTTELMAkGA1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9u +aXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAri5WrRsc7/aVj6B3GyvTY4+ETUWiD59b +RatZe1E0+eyLinjF3WuvvcTfk0Uev5E4C64OFudBc/jbu9G4UeDLgztzOG53ig9Z +YybNpyrOVPu44sB8R85gfD+yc/LAGbaKkoc1DZAoouQVBGM+uq/ufF7MpotQsjj3 +QWPKzv9pj2gOlTblzLmMCcpL3TGQlsjMH/1WljTbjhzqLL6FLmPdqqmV0/0plRPw +yJiT2S0WR5ARg6I6IqIoV6Lr/sCMKKCmfecqQjuCgGOlYx8ZzHyyZqjC0203b+J+ +BlHZRYQfEs4kUmSFC0iAToexIiIwquuuvuAC4EDosEKAA1GqtH6qRNdDYfOiaxaJ +SaSjpCuKAsR49GiKweR6NrFvG5Ybd0mN1MkGco/PU+PcF4UgStyYJ9ORJitHHmkH +r96i5OTUawuzXnzUJIBHKWk7buis/UDr2O1xcSvy6Fgd60GXIsUf1DnQJ4+H4xj0 +4KlGDfV0OoIu0G4skaMxXDtG6nsEEFZegB31pWXogvziB4xiRfUg3kZwhqG8k9Me +dKZssCz3AwyIDMvUclOGvGBG85hqwvG/Q/lwIHfKN0F5VVJjjVsSn8VoxIidrPIw +q7ejMZdnrY8XD2zHc+0klGvIg5rQmjdJBKuxFshsSUktq6HQjJLyQUp5ISXbY9e2 +nKd+Qmn7OmMCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFNwuH9FhN3nkq9XVsxJxaD1qaJwiMB8GA1UdIwQYMBaAFNwu +H9FhN3nkq9XVsxJxaD1qaJwiMA0GCSqGSIb3DQEBCwUAA4ICAQCR8EICaEDuw2jA +VC/f7GLDw56KoDEoqoOOpFaWEhCGVrqXctJUMHytGdUdaG/7FELYjQ7ztdGl4wJC +XtzoRlgHNQIw4Lx0SsFDKv/bGtCwr2zD/cuz9X9tAy5ZVp0tLTWMstZDFyySCstd +6IwPS3BD0IL/qMy/pJTAvoe9iuOTe8aPmxadJ2W8esVCgmxcB9CpwYhgROmYhRZf ++I/KARDOJcP5YBugxZfD0yyIMaK9MOzQ0MAS8cE54+X1+NZK3TTN+2/BT+MAi1bi +kvcoskJ3ciNnxz8RFbLEAwW+uxF7Cr+obuf/WEPPm2eggAe2HcqtbepBEX4tdJP7 +wry+UUTF72glJ4DjyKDUEuzZpTcdN3y0kcra1LGWge9oXHYQSa9+pTeAsRxSvTOB +TI/53WXZFM2KJVj04sWDpQmQ1GwUY7VA3+vA/MRYfg0UFodUJ25W5HCEuGwyEn6C +MUO+1918oa2u1qsgEu8KwxCMSZY13At1XrFP1U80DhEgB3VDRemjEdqso5nCtnkn +4rnvyOL2NSl6dPrFf4IFYqYK6miyeUcGbvJXqBUzxvd4Sj1Ce2t+/vdG6tHrju+I +aFvowdlxfv1k7/9nR4hYJS8+hge9+6jlgqispdNpQ80xiEmEU5LAsTkbOYMBMMTy +qfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFWjCCA0KgAwIBAgIQbkepxUtHDA3sM9CJuRz04TANBgkqhkiG9w0BAQwFADBH +MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM +QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIy +MDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNl +cnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaM +f/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vX +mX7wCl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7 +zUjwTcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0P +fyblqAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtc +vfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4 +Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUsp +zBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOO +Rc92wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYW +k70paDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+ +DVrNVjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgF +lQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBADiW +Cu49tJYeX++dnAsznyvgyv3SjgofQXSlfKqE1OXyHuY3UjKcC9FhHb8owbZEKTV1 +d5iyfNm9dKyKaOOpMQkpAWBz40d8U6iQSifvS9efk+eCNs6aaAyC58/UEBZvXw6Z +XPYfcX3v73svfuo21pdwCxXu11xWajOl40k4DLh9+42FpLFZXvRq4d2h9mREruZR +gyFmxhE+885H7pwoHyXa/6xmld01D1zvICxi/ZG6qcz8WpyTgYMpl0p8WnK0OdC3 +d8t5/Wk6kjftbjhlRn7pYL15iJdfOBL07q9bgsiG1eGZbYwE8na6SfZu6W0eX6Dv +J4J2QPim01hcDyxC2kLGe4g0x8HYRZvBPsVhHdljUEn2NIVq4BjFbkerQUIpm/Zg +DdIx02OYI5NaAIFItO/Nis3Jz5nu2Z6qNuFoS3FJFDYoOj0dzpqPJeaAcWErtXvM ++SUWgeExX6GjfhaknBZqlxi9dnKlC54dNuYvoS++cJEPqOba+MSSQGwlfnuzCdyy +F62ARPBopY+Udf90WuioAnwMCeKpSwughQtiue+hMZL77/ZRBIls6Kl0obsXs7X9 +SQ98POyDGCBDTtWTurQ0sR8WNh8M5mQ5Fkzc4P4dyKliPUDqysU0ArSuiYgzNdws +E3PYJ/HQcu51OyLemGhmW/HGY0dVHLqlCFF1pkgl +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFWjCCA0KgAwIBAgIQbkepxlqz5yDFMJo/aFLybzANBgkqhkiG9w0BAQwFADBH +MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM +QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIy +MDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNl +cnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3Lv +CvptnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3Kg +GjSY6Dlo7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9Bu +XvAuMC6C/Pq8tBcKSOWIm8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOd +re7kRXuJVfeKH2JShBKzwkCX44ofR5GmdFrS+LFjKBC4swm4VndAoiaYecb+3yXu +PuWgf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7MkogwTZq9TwtImoS1 +mKPV+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJGr61K +8YzodDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqj +x5RWIr9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsR +nTKaG73VululycslaVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0 +kzCqgc7dGtxRcw1PcOnlthYhGXmy5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9Ok +twIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQADggIBALZp +8KZ3/p7uC4Gt4cCpx/k1HUCCq+YEtN/L9x0Pg/B+E02NjO7jMyLDOfxA325BS0JT +vhaI8dI4XsRomRyYUpOM52jtG2pzegVATX9lO9ZY8c6DR2Dj/5epnGB3GFW1fgiT +z9D2PGcDFWEJ+YF59exTpJ/JjwGLc8R3dtyDovUMSRqodt6Sm2T4syzFJ9MHwAiA +pJiS4wGWAqoC7o87xdFtCjMwc3i5T1QWvwsHoaRc5svJXISPD+AVdyx+Jn7axEvb +pxZ3B7DNdehyQtaVhJ2Gg/LkkM0JR9SLA3DaWsYDQvTtN6LwG1BUSw7YhN4ZKJmB +R64JGz9I0cNv4rBgF/XuIwKl2gBbbZCr7qLpGzvpx0QnRY5rn/WkhLx3+WuXrD5R +RaIRpsyF7gpo8j5QOHokYh4XIDdtak23CZvJ/KRY9bb7nE4Yu5UC56GtmwfuNmsk +0jmGwZODUNKBRqhfYlcsu2xkiAhu7xNUX90txGdj08+JN7+dIPT7eoOboB6BAFDC +5AwiWVIQ7UNWhwD4FFKnHYuTjKJNRn8nxnGbJN7k2oaLDX5rIMHAnuFl2GqjpuiF +izoHCBy69Y9Vmhh1fuXsgWbRIXOhNUQLgD1bnF5vKheW0YMjiGZt5obicDIvUiLn +yOd/xCxgXS/Dr55FBcOEArf9LAhST4Ldo/DUhgkC +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICDDCCAZGgAwIBAgIQbkepx2ypcyRAiQ8DVd2NHTAKBggqhkjOPQQDAzBHMQsw +CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU +MBIGA1UEAxMLR1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw +MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp +Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout +736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2A +DDL24CejQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBTB8Sa6oC2uhYHP0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEAgFuk +fCPAlaUs3L6JbyO5o91lAFJekazInXJ0glMLfalAvWhgxeG4VDvBNhcl2MG9AjEA +njWSdIUlUfUk7GRSJFClH9voy8l27OyCbvWFGFPouOOaKaqW04MjyaR7YbPMAuhd +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICCjCCAZGgAwIBAgIQbkepyIuUtui7OyrYorLBmTAKBggqhkjOPQQDAzBHMQsw +CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU +MBIGA1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw +MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp +Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzu +hXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/l +xKvRHYqjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNnADBkAjBqUFJ0 +CMRw3J5QdCHojXohw0+WbhXRIjVhLfoIN+4Zba3bssx9BzT1YBkstTTZbyACMANx +sbqjYAuG7ZoIapVon+Kz4ZNkfF6Tpt95LY2F45TPI11xzPKwTdb+mciUqXWi4w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk +MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH +bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX +DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD +QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ +FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F +uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX +kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs +ewv4n4Q= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk +MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH +bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX +DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD +QSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6SFkc +8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8ke +hOvRnkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYI +KoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg +515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnO +xwy8p2Fp8fc74SrL+SvzZpA3 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw +MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i +YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT +aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ +jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp +xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp +1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG +snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ +U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 +9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B +AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz +yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE +38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP +AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad +DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME +HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 +MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 +RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT +gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm +KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd +QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ +XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o +LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU +RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp +jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK +6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX +mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs +Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH +WD9f +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEg +MB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2Jh +bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQx +MjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjET +MBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQssgrRI +xutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1k +ZguSgMpE3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxD +aNc9PIrFsmbVkJq3MQbFvuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJw +LnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqMPKq0pPbzlUoSB239jLKJz9CgYXfIWHSw +1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+azayOeSsJDa38O+2HBNX +k7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05OWgtH8wY2 +SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/h +bguyCLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4n +WUx2OVvq+aWh2IMP0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpY +rZxCRXluDocZXFSxZba/jJvcE+kNb7gu3GduyYsRtYQUigAZcIN5kZeR1Bonvzce +MgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNVHSMEGDAWgBSu +bAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN +nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGt +Ixg93eFyRJa0lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr61 +55wsTLxDKZmOMNOsIeDjHfrYBzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLj +vUYAGm0CuiVdjaExUd1URhxN25mW7xocBFymFe944Hn+Xds+qkxV/ZoVqW/hpvvf +cDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr3TsTjxKM4kEaSHpz +oHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB10jZp +nOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfs +pA9MRf/TuTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+v +JJUEeKgDu+6B5dpffItKoZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R +8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+tJDfLRVpOoERIyNiwmcUVhAn21klJwGW4 +5hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYx +CzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQD +ExNHbG9iYWxTaWduIFJvb3QgRTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAw +MDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2Ex +HDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkBjtjq +R+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGdd +yXqBPCCjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBQxCpCPtsad0kRLgLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ +7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZkvLtoURMMA/cVi4RguYv/Uo7njLwcAjA8 ++RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+CAezNIm8BZ/3Hobui3A= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUA +MEYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYD +VQQDExNHbG9iYWxTaWduIFJvb3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMy +MDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYt +c2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08EsCVeJ +OaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQG +vGIFAha/r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud +316HCkD7rRlr+/fKYIje2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo +0q3v84RLHIf8E6M6cqJaESvWJ3En7YEtbWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSE +y132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvjK8Cd+RTyG/FWaha/LIWF +zXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD412lPFzYE ++cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCN +I/onccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzs +x2sZy/N78CsHpdlseVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqa +ByFrgY/bxFn63iLABJzjqls2k+g9vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC +4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEMBQADggIBAHx4 +7PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg +JuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti +2kM3S+LGteWygxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIk +pnnpHs6i58FZFZ8d4kuaPp92CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRF +FRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZmOUdkLG5NrmJ7v2B0GbhWrJKsFjLt +rWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qqJZ4d16GLuc1CLgSk +ZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwyeqiv5 +u+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP +4vkYxboznxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6 +N3ec592kD3ZDZopD8p/7DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3 +vouXsXgxT7PntgMTzlSdriVZzH81Xwj3QEUxeCp6 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh +MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE +YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 +MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo +ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg +MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN +ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA +PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w +wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi +EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY +avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ +YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE +sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h +/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 +IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy +OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P +TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ +HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER +dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf +ReYNnyicsbkqWletNw+vHX/bvZ8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT +EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp +ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz +NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH +EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE +AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD +E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH +/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy +DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh +GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR +tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA +AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE +FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX +WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu +9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr +gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo +2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO +LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI +4uJEvlz36hz1 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzAN +BgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hl +bGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgRUNDIFJv +b3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEwMzcxMlowgaoxCzAJ +BgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmljIEFj +YWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5 +MUQwQgYDVQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0 +dXRpb25zIEVDQyBSb290Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKg +QehLgoRc4vgxEZmGZE4JJS+dQS8KrjVPdJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJa +jq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoKVlp8aQuqgAkkbH7BRqNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFLQi +C4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaep +lSTAGiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7Sof +TUwJCA3sS61kFyjndc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix +RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 +dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p +YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw +NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK +EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl +cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz +dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ +fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns +bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD +75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP +FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV +HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp +5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu +b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA +A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p +6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 +TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7 +dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys +Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI +l7WdmplNsDz4SgCbZN2fOUvRJ9e4 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1Ix +DzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5k +IFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMT +N0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9v +dENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAxMTIxWjCBpjELMAkG +A1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh +ZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkx +QDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 +dGlvbnMgUm9vdENBIDIwMTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDC+Kk/G4n8PDwEXT2QNrCROnk8ZlrvbTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA +4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+ehiGsxr/CL0BgzuNtFajT0 +AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+6PAQZe10 +4S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06C +ojXdFPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV +9Cz82XBST3i4vTwri5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrD +gfgXy5I2XdGj2HUb4Ysn6npIQf1FGQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6 +Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2fu/Z8VFRfS0myGlZYeCsargq +NhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9muiNX6hME6wGko +LfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc +Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVd +ctA4GGqd83EkVAswDQYJKoZIhvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0I +XtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+D1hYc2Ryx+hFjtyp8iY/xnmMsVMI +M4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrMd/K4kPFox/la/vot +9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+yd+2V +Z5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/ea +j8GsGsVn82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnh +X9izjFk0WaSrT2y7HxjbdavYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQ +l033DlZdwJVqwjbDG2jJ9SrcR5q+ss7FJej6A7na+RZukYT1HCjI/CbM1xyQVqdf +bzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVtJ94Cj8rDtSvK6evIIVM4 +pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGaJI7ZjnHK +e7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0 +vm9qp/UsQu0yrbYhnr68 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx +FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg +Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG +A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr +b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ +jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn +PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh +ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9 +nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h +q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED +MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC +mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3 +7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB +oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs +EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO +fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi +AmvZWg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQEL +BQAwbzELMAkGA1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJ +SG9uZyBLb25nMRYwFAYDVQQKEw1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25n +a29uZyBQb3N0IFJvb3QgQ0EgMzAeFw0xNzA2MDMwMjI5NDZaFw00MjA2MDMwMjI5 +NDZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtvbmcxEjAQBgNVBAcT +CUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMXSG9u +Z2tvbmcgUG9zdCBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCziNfqzg8gTr7m1gNt7ln8wlffKWihgw4+aMdoWJwcYEuJQwy51BWy7sFO +dem1p+/l6TWZ5Mwc50tfjTMwIDNT2aa71T4Tjukfh0mtUC1Qyhi+AViiE3CWu4mI +VoBc+L0sPOFMV4i707mV78vH9toxdCim5lSJ9UExyuUmGs2C4HDaOym71QP1mbpV +9WTRYA6ziUm4ii8F0oRFKHyPaFASePwLtVPLwpgchKOesL4jpNrcyCse2m5FHomY +2vkALgbpDDtw1VAliJnLzXNg99X/NWfFobxeq81KuEXryGgeDQ0URhLj0mRiikKY +vLTGCAj4/ahMZJx2Ab0vqWwzD9g/KLg8aQFChn5pwckGyuV6RmXpwtZQQS4/t+Tt +bNe/JgERohYpSms0BpDsE9K2+2p20jzt8NYt3eEV7KObLyzJPivkaTv/ciWxNoZb +x39ri1UbSsUgYT2uy1DhCDq+sI9jQVMwCFk8mB13umOResoQUGC/8Ne8lYePl8X+ +l2oBlKN8W4UdKjk60FSh0Tlxnf0h+bV78OLgAo9uliQlLKAeLKjEiafv7ZkGL7YK +TE/bosw3Gq9HhS2KX8Q0NEwA/RiTZxPRN+ZItIsGxVd7GYYKecsAyVKvQv83j+Gj +Hno9UKtjBucVtT+2RTeUN7F+8kjDf8V1/peNRY8apxpyKBpADwIDAQABo2MwYTAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQXnc0e +i9Y5K3DTXNSguB+wAPzFYTAdBgNVHQ4EFgQUF53NHovWOStw01zUoLgfsAD8xWEw +DQYJKoZIhvcNAQELBQADggIBAFbVe27mIgHSQpsY1Q7XZiNc4/6gx5LS6ZStS6LG +7BJ8dNVI0lkUmcDrudHr9EgwW62nV3OZqdPlt9EuWSRY3GguLmLYauRwCy0gUCCk +MpXRAJi70/33MvJJrsZ64Ee+bs7Lo3I6LWldy8joRTnU+kLBEUx3XZL7av9YROXr +gZ6voJmtvqkBZss4HTzfQx/0TW60uhdG/H39h4F5ag0zD/ov+BS5gLNdTaqX4fnk +GMX41TiMJjz98iji7lpJiCzfeT2OnpA8vUFKOt1b9pq0zj8lMH8yfaIDlNDceqFS +3m6TjRgm/VWsvY+b0s+v54Ysyx8Jb6NvqYTUc79NoXQbTiNg8swOqn+knEwlqLJm +Ozj/2ZQw9nKEvmhVEA/GcywWaZMH/rFF7buiVWqw2rVKAiUnhde3t4ZEFolsgCs+ +l6mc1X5VTMbeRRAc6uk7nwNT7u56AQIWeNTowr5GdogTPyK7SBIdUgC0An4hGh6c +JfTzPV4e0hz5sy229zdcxsshTrD3mUcYhcErulWuBurQB7Lcq9CClnXO0lD+mefP +L5/ndtFhKvshuzHQqp9HpLIiyhY6UFfEW0NnxWViA0kB60PZ2Pierc+xYw5F9KBa +LJstxabArahH9CdMOA0uG0k7UvToiIMrVCjU8jVStDKDYmlkDJGcn5fqdBb9HxEG +mpv0 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 +WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu +ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY +MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc +h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ +0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U +A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW +T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH +B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC +B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv +KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn +OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn +jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw +qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI +rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq +hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL +ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ +3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK +NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 +ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur +TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC +jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc +oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq +4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA +mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d +emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu +VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw +MTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw +JQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT +3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU ++ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp +S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1 +bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi +T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL +vYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK +Vsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK +dHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT +c+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv +l7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N +iGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD +ggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH +6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt +LRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93 +nAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3 ++wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK +W2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT +AwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq +l1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG +4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ +mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A +7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBN +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu +VHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN +MzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0 +MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7 +ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGy +RBb06tD6Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlS +bdsHyo+1W/CD80/HLaXIrcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF +/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R +3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZZoY+rfGwyj4GD3vw +EUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFnol57plzy +9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V +GxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ +2fjXctscvG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsV +WaFHVCkugyhfHMKiq3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gD +W/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcN +AQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj +t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHV +DRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9 +TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G +lwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwW +mhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4Df +WN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5 ++bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJ +tshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhA +GaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv +8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4 +MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6 +ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD +VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j +b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq +scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO +xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H +LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX +uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD +yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+ +JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q +rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN +BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L +hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB +QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+ +HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu +Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg +QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB +BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx +MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA +A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb +laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56 +awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo +JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw +LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT +VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk +LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb +UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/ +QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+ +naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls +QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD +VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0 +ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G +CSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2MTYxMTMwMThaFw0y +OTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3Qx +FjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3pp +Z25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o +dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvP +kd6mJviZpWNwrZuuyjNAfW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tc +cbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4U +fIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7 +N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbC +xkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1 ++rUCAwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM +Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqG +SIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5DwpL7v8u8h +mLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfXI/OMn74dseGk +ddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 +tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c +2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5t +HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICWTCCAd+gAwIBAgIQZvI9r4fei7FK6gxXMQHC7DAKBggqhkjOPQQDAzBlMQsw +CQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYD +VQQDEy1NaWNyb3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIw +MTcwHhcNMTkxMjE4MjMwNjQ1WhcNNDIwNzE4MjMxNjA0WjBlMQswCQYDVQQGEwJV +UzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNy +b3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAATUvD0CQnVBEyPNgASGAlEvaqiBYgtlzPbKnR5vSmZR +ogPZnZH6thaxjG7efM3beaYvzrvOcS/lpaso7GMEZpn4+vKTEAXhgShC48Zo9OYb +hGBKia/teQ87zvH2RPUBeMCjVDBSMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBTIy5lycFIM+Oa+sgRXKSrPQhDtNTAQBgkrBgEEAYI3 +FQEEAwIBADAKBggqhkjOPQQDAwNoADBlAjBY8k3qDPlfXu5gKcs68tvWMoQZP3zV +L8KxzJOuULsJMsbG7X7JNpQS5GiFBqIb0C8CMQCZ6Ra0DvpWSNSkMBaReNtUjGUB +iudQZsIxtzm6uBoiB078a1QWIP8rtedMDE2mT3M= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFqDCCA5CgAwIBAgIQHtOXCV/YtLNHcB6qvn9FszANBgkqhkiG9w0BAQwFADBl +MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYw +NAYDVQQDEy1NaWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 +IDIwMTcwHhcNMTkxMjE4MjI1MTIyWhcNNDIwNzE4MjMwMDIzWjBlMQswCQYDVQQG +EwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1N +aWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKW76UM4wplZEWCpW9R2LBifOZ +Nt9GkMml7Xhqb0eRaPgnZ1AzHaGm++DlQ6OEAlcBXZxIQIJTELy/xztokLaCLeX0 +ZdDMbRnMlfl7rEqUrQ7eS0MdhweSE5CAg2Q1OQT85elss7YfUJQ4ZVBcF0a5toW1 +HLUX6NZFndiyJrDKxHBKrmCk3bPZ7Pw71VdyvD/IybLeS2v4I2wDwAW9lcfNcztm +gGTjGqwu+UcF8ga2m3P1eDNbx6H7JyqhtJqRjJHTOoI+dkC0zVJhUXAoP8XFWvLJ +jEm7FFtNyP9nTUwSlq31/niol4fX/V4ggNyhSyL71Imtus5Hl0dVe49FyGcohJUc +aDDv70ngNXtk55iwlNpNhTs+VcQor1fznhPbRiefHqJeRIOkpcrVE7NLP8TjwuaG +YaRSMLl6IE9vDzhTyzMMEyuP1pq9KsgtsRx9S1HKR9FIJ3Jdh+vVReZIZZ2vUpC6 +W6IYZVcSn2i51BVrlMRpIpj0M+Dt+VGOQVDJNE92kKz8OMHY4Xu54+OU4UZpyw4K +UGsTuqwPN1q3ErWQgR5WrlcihtnJ0tHXUeOrO8ZV/R4O03QK0dqq6mm4lyiPSMQH ++FJDOvTKVTUssKZqwJz58oHhEmrARdlns87/I6KJClTUFLkqqNfs+avNJVgyeY+Q +W5g5xAgGwax/Dj0ApQIDAQABo1QwUjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQUCctZf4aycI8awznjwNnpv7tNsiMwEAYJKwYBBAGC +NxUBBAMCAQAwDQYJKoZIhvcNAQEMBQADggIBAKyvPl3CEZaJjqPnktaXFbgToqZC +LgLNFgVZJ8og6Lq46BrsTaiXVq5lQ7GPAJtSzVXNUzltYkyLDVt8LkS/gxCP81OC +gMNPOsduET/m4xaRhPtthH80dK2Jp86519efhGSSvpWhrQlTM93uCupKUY5vVau6 +tZRGrox/2KJQJWVggEbbMwSubLWYdFQl3JPk+ONVFT24bcMKpBLBaYVu32TxU5nh +SnUgnZUP5NbcA/FZGOhHibJXWpS2qdgXKxdJ5XbLwVaZOjex/2kskZGT4d9Mozd2 +TaGf+G0eHdP67Pv0RR0Tbc/3WeUiJ3IrhvNXuzDtJE3cfVa7o7P4NHmJweDyAmH3 +pvwPuxwXC65B2Xy9J6P9LjrRk5Sxcx0ki69bIImtt2dmefU6xqaWM/5TkshGsRGR +xpl/j8nWZjEgQRCHLQzWwa80mMpkg/sTV9HB8Dx6jKXB/ZUhoHHBk2dxEuqPiApp +GWSZI1b7rCoucL5mxAyE7+WL85MB+GqQk2dLsmijtWKP6T+MejteD+eMuMZ87zf9 +dOLITzNy4ZQ5bb0Sr74MTnB8G2+NszKTc0QWbej09+CVgI+WXTik9KveCjCHk9hN +AHFiRSdLOkKEW39lt2c0Ui2cFmuqqNh7o0JMcccMyj6D5KbvtwEwXlGjefVwaaZB +RA+GsCyRxj3qrg+E +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEM +BQAwaTELMAkGA1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRG +T1JNIENvcnAuMTIwMAYDVQQDDClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eTAeFw0xNzA4MTgwODU4NDJaFw0zNzA4MTgyMzU5NTlaMGkx +CzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVTUyBQTEFURk9STSBD +b3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVA +iQqrDZBbUGOukJR0F0Vy1ntlWilLp1agS7gvQnXp2XskWjFlqxcX0TM62RHcQDaH +38dq6SZeWYp34+hInDEW+j6RscrJo+KfziFTowI2MMtSAuXaMl3Dxeb57hHHi8lE +HoSTGEq0n+USZGnQJoViAbbJAh2+g1G7XNr4rRVqmfeSVPc0W+m/6imBEtRTkZaz +kVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2aacp+yPOiNgSnABIqKYP +szuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4Yb8Obtoq +vC8MC3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHf +nZ3zVHbOUzoBppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaG +YQ5fG8Ir4ozVu53BA0K6lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo +0es+nPxdGoMuK8u180SdOqcXYZaicdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3a +CJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv8ejyYhbLgGvtPe31HzClrkvJE+2K +AQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0IwQDAdBgNVHQ4EFgQU0p+I +36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7gyKoN +qo0hV4/GPnrK21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatj +cu3cvuzHV+YwIHHW1xDBE1UBjCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm ++LUx5vR1yblTmXVHIloUFcd4G7ad6Qz4G3bxhYTeodoS76TiEJd6eN4MUZeoIUCL +hr0N8F5OSza7OyAfikJW4Qsav3vQIkMsRIz75Sq0bBwcupTgE34h5prCy8VCZLQe +lHsIJchxzIdFV4XTnyliIoNRlwAYl3dqmJLJfGBs32x9SuRwTMKeuB330DTHD8z7 +p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzyqkn+Zvjp2DXrDige7kgvOtB5CTh8 +piKCk5XQA76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLR +LBT/DShycpWbXgnbiUSYqqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX +5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oGI/hGoiLtk/bdmuYqh7GYVPEi92tF4+KO +dh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmgkpzNNIaRkPpkUZ3+/uul +9XXeifdy +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG +EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3 +MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl +cnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWR +dGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCB +pzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRM +b2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlm +aWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNz +IEdvbGQpIEbFkXRhbsO6c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrT +lF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrz +AZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5 +VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRG +ILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2 +BJtr+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG +AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2M +U9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRh +bvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C ++C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC +bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F +uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2 +XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi +MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu +MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp +dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV +UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO +ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz +c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP +OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl +mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF +BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4 +qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw +gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu +bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp +dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8 +6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/ +h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH +/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv +wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN +pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt +MQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUg +Rm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i +YWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAwMzJaFw0zOTEyMDExNTEwMzFaMG0x +CzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBG +b3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh +bCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3 +HEokKtaXscriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGx +WuR51jIjK+FTzJlFXHtPrby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX +1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNk +u7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4oQnc/nSMbsrY9gBQHTC5P +99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvgGUpuuy9r +M2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUB +BAMCAQAwDQYJKoZIhvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrgh +cViXfa43FK8+5/ea4n32cZiZBKpDdHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5 +gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0VQreUGdNZtGn//3ZwLWoo4rO +ZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEuiHZeeevJuQHHf +aPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic +Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQsw +CQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91 +bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwg +Um9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRaFw00MjA1MDkwOTU4MzNaMG0xCzAJ +BgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBGb3Vu +ZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2JhbCBS +b290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4ni +eUqjFqdrVCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4W +p2OQ0jnUsYd4XxiWD1AbNTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7T +rYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0EAwMDaAAwZQIwJsdpW9zV +57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtkAjEA2zQg +Mgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00 +MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakEPBtV +wedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWe +rNrwU8lmPNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF341 +68Xfuw6cwI2H44g4hWf6Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh +4Pw5qlPafX7PGglTvF0FBM+hSo+LdoINofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXp +UhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/lg6AnhF4EwfWQvTA9xO+o +abw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV7qJZjqlc +3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/G +KubX9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSt +hfbZxbGL0eUQMk1fiyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KO +Tk0k+17kBL5yG6YnLUlamXrXXAkgt3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOt +zCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZIhvcNAQELBQAD +ggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC +MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2 +cDMT/uFPpiN3GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUN +qXsCHKnQO18LwIE6PWThv6ctTr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5 +YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP+V04ikkwj+3x6xn0dxoxGE1nVGwv +b2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh3jRJjehZrJ3ydlo2 +8hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fawx/k +NSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNj +ZgKAvQU6O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhp +q1467HxpvMc7hU6eFbm0FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFt +nh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXD +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa +GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg +Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J +WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB +rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp ++ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 +ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i +Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz +PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og +/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH +oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI +yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud +EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 +A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL +MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT +ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f +BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn +g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl +fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K +WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha +B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc +hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR +TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD +mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z +ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y +4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza +8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00 +MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFhZiFf +qq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMW +n4rjyduYNM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ym +c5GQYaYDFCDy54ejiK2toIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+ +O7q414AB+6XrW7PFXmAqMaCvN+ggOp+oMiwMzAkd056OXbxMmO7FGmh77FOm6RQ1 +o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+lV0POKa2Mq1W/xPtbAd0j +IaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZoL1NesNKq +IcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz +8eQQsSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43eh +vNURG3YBZwjgQQvD6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l +7ZizlWNof/k19N+IxWA1ksB8aRxhlRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALG +cC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZIhvcNAQELBQAD +ggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 +AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RC +roijQ1h5fq7KpVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0Ga +W/ZZGYjeVYg3UQt4XAoeo0L9x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4n +lv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgzdWqTHBLmYF5vHX/JHyPLhGGfHoJE ++V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jwDQHV +csaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtd +dbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNg +KCLjsZWDzYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeM +HVOyToV7BjjHLPj4sHKNJeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4 +WSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM +V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB +4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr +H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd +8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv +vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT +mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe +btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc +T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt +WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ +c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A +4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD +VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG +CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0 +aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 +aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu +dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw +czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G +A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC +TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg +Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0 +7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem +d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd ++LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B +4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN +t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x +DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57 +k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s +zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j +Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT +mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK +4SVhM7JZG+Ju1zdXtg2pEto= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00 +MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286IxSR +/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNu +FoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXR +U7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+c +ra1AdHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERROR +FHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/k +A9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzw +eyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634Ryl +sSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBp +VzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0Q +A4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ +ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQAD +ggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px +KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnI +FUBhynLWcKzSt/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5Wvv +oxXqA/4Ti2Tk08HS6IT7SdEQTXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFg +u/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9DuDcpmvJRPpq3t/O5jrFc/ZSXPsoaP +0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGibIh6BJpsQBJFxwAYf +3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmDhPbl +8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+ +DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HN +PlopNLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ +ywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMC +VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T +U0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNTIzWhcNNDEwMjEyMTgx +NTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv +dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NMLmNv +bSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49 +AgEGBSuBBAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMA +VIbc/R/fALhBYlzccBYy3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1Kthku +WnBaBu2+8KGwytAJKaNjMGEwHQYDVR0OBBYEFFvKXuXe0oGqzagtZFG22XKbl+ZP +MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe5d7SgarNqC1kUbbZcpuX +5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJN+vp1RPZ +ytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZg +h5Mmm7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNV +BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UE +CgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMB4XDTE3MDUzMTE4MTQzN1oXDTQy +MDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4G +A1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQD +DC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvq +M0fNTPl9fb69LT3w23jhhqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssuf +OePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7wcXHswxzpY6IXFJ3vG2fThVUCAtZJycxa +4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTOZw+oz12WGQvE43LrrdF9 +HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+B6KjBSYR +aZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcA +b9ZhCBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQ +Gp8hLH94t2S42Oim9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQV +PWKchjgGAGYS5Fl2WlPAApiiECtoRHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMO +pgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+SlmJuwgUHfbSguPvuUCYHBBXtSu +UDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48+qvWBkofZ6aY +MBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV +HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa4 +9QaAJadz20ZpqJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBW +s47LCp1Jjr+kxJG7ZhcFUZh1++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5 +Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nxY/hoLVUE0fKNsKTPvDxeH3jnpaAg +cLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2GguDKBAdRUNf/ktUM +79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDzOFSz +/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXt +ll9ldDz7CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEm +Kf7GUmG6sXP/wwyc5WxqlD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKK +QbNmC1r7fSOl8hqw/96bg5Qu0T/fkreRrwU7ZcegbLHNYhLDkBvjJc40vG93drEQ +w/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1hlMYegouCRw2n5H9gooi +S9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX9hwJ1C07 +mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMC +VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T +U0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNDAzWhcNNDEwMjEyMTgxNDAz +WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0 +b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBS +b290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB +BAAiA2IABEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI +7Z4INcgn64mMU1jrYor+8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPg +CemB+vNH06NjMGEwHQYDVR0OBBYEFILRhXMw5zUE044CkvvlpNHEIejNMA8GA1Ud +EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTTjgKS++Wk0cQh6M0wDgYD +VR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCWe+0F+S8T +kdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+ +gA0z5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQK +DA9TU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYwMjEyMTczOTM5WhcNNDEwMjEyMTcz +OTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv +dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv +bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2R +xFdHaxh3a3by/ZPkPQ/CFp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aX +qhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcC +C52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/geoeOy3ZExqysdBP+lSgQ3 +6YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkpk8zruFvh +/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrF +YD3ZfBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93E +JNyAKoFBbZQ+yODJgUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVc +US4cK38acijnALXRdMbX5J+tB5O2UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8 +ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi81xtZPCvM8hnIk2snYxnP/Okm ++Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4sbE6x/c+cCbqi +M+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4G +A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGV +cpNxJK1ok1iOMq8bs3AD/CUrdIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBc +Hadm47GUBwwyOabqG7B52B2ccETjit3E+ZUfijhDPwGFpUenPUayvOUiaPd7nNgs +PgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAslu1OJD7OAUN5F7kR/ +q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjqerQ0 +cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jr +a6x+3uxjMxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90I +H37hVZkLId6Tngr75qNJvTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/Y +K9f1JmzJBjSWFupwWRoyeXkLtoh/D1JIPb9s2KJELtFOt3JY04kTlf5Eq/jXixtu +nLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406ywKBjYZC6VWg3dGq2ktuf +oYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NIWuuA8ShY +Ic2wBlX7Jz9TkHCpBB5XJ7k= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQEL +BQAwUTELMAkGA1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6 +ZW5pb3dhIFMuQS4xGDAWBgNVBAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkw +NzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9L +cmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYDVQQDDA9TWkFGSVIg +Uk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5QqEvN +QLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT +3PSQ1hNKDJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw +3gAeqDRHu5rr/gsUvTaE2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr6 +3fE9biCloBK0TXC5ztdyO4mTp4CEHCdJckm1/zuVnsHMyAHs6A6KCpbns6aH5db5 +BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwiieDhZNRnvDF5YTy7ykHN +XGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsF +AAOCAQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw +8PRBEew/R40/cof5O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOG +nXkZ7/e7DDWQw4rtTw/1zBLZpD67oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCP +oky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul4+vJhaAlIDf7js4MNIThPIGy +d05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6+/NNIxuZMzSg +LvWpCz/UXeHPhJ/iGcJfitYgHuNztw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDEr +MCkGA1UEChMiSmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoG +A1UEAxMTU2VjdXJlU2lnbiBSb290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0 +MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZp +Y2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1cmVTaWduIFJvb3RD +QTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvLTJsz +i1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8 +h9uuywGOwvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOV +MdrAG/LuYpmGYz+/3ZMqg6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9 +UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rPO7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni +8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitAbpSACW22s293bzUIUPsC +h8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZXt94wDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB +AKChOBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xm +KbabfSVSSUOrTC4rbnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQ +X5Ucv+2rIrVls4W6ng+4reV6G4pQOh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWr +QbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01y8hSyn+B/tlr0/cR7SXf+Of5 +pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061lgeLKBObjBmN +QSdJQO7e5iNEOdyhIta6A/I= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz +MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv +cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz +Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO +0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao +wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj +7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS +8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT +BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg +JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC +NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3 +6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/ +3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm +D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS +CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR +3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx +MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg +Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ +iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa +/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ +jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI +HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7 +sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w +gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw +KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG +AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L +URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO +H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm +I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY +iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc +f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl +MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe +U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX +DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy +dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj +YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV +OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr +zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM +VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ +hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO +ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw +awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs +OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 +DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF +coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc +okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8 +t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy +1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/ +SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY +MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t +dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 +WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD +VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 +9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ +DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 +Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N +QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ +xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G +A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG +kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr +Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 +Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU +JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot +RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gRVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0y +MjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIg +TmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRlcmxhbmRlbiBFViBS +b290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkkSzrS +M4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nC +UiY4iKTWO0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3d +Z//BYY1jTw+bbRcwJu+r0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46p +rfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13l +pJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gVXJrm0w912fxBmJc+qiXb +j5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr08C+eKxC +KFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS +/ZbV0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0X +cgOPvZuM5l5Tnrmd74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH +1vI4gnPah1vlPNOePqc7nvQDs/nxfRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrP +px9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwaivsnuL8wbqg7 +MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI +eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u +2dfOWBfoqSmuc0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHS +v4ilf0X8rLiltTMMgsT7B/Zq5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTC +wPTxGfARKbalGAKb12NMcIxHowNDXLldRqANb/9Zjr7dn3LDWyvfjFvO5QxGbJKy +CqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tNf1zuacpzEPuKqf2e +vTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi5Dp6 +Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIa +Gl6I6lD4WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeL +eG9QgkRQP2YGiqtDhFZKDyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8 +FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGyeUN51q1veieQA6TqJIc/2b3Z6fJfUEkc +7uzXLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl +MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp +U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw +NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE +ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp +ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 +DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf +8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN ++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 +X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa +K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA +1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G +A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR +zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 +YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD +bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w +DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 +L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D +eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl +xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp +VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY +WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs +ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw +MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 +b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj +aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp +Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg +nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1 +HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N +Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN +dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0 +HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G +CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU +sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3 +4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg +8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K +pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1 +mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs +ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 +MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy +ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy +dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p +OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2 +8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K +Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe +hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk +6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw +DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q +AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI +bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB +ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z +qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd +iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn +0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN +sSi6 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln +biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF +MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT +d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8 +76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+ +bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c +6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE +emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd +MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt +MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y +MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y +FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi +aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM +gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB +qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7 +lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn +8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov +L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6 +45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO +UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5 +O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC +bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv +GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a +77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC +hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3 +92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp +Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w +ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt +Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE +BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu +IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow +RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY +U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv +Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br +YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF +nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH +6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt +eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/ +c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ +MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH +HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf +jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6 +5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB +rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c +wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 +cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB +AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp +WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9 +xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ +2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ +IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8 +aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X +em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR +dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/ +OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+ +hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy +tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx +KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd +BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl +YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1 +OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy +aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 +ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd +AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC +FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi +1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq +jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ +wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/ +WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy +NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC +uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw +IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6 +g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN +9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP +BSeOE6Fuwg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx +KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd +BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl +YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 +OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy +aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 +ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN +8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ +RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 +hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 +ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM +EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 +A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy +WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ +1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 +6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT +91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml +e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p +TpPDpFQUWw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIx +GDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxp +bXNlbCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0w +KwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24gTWVya2V6aSAtIEthbXUgU00xNjA0 +BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRpZmlrYXNpIC0gU3Vy +dW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYDVQQG +EwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXll +IEJpbGltc2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklU +QUsxLTArBgNVBAsTJEthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBT +TTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11IFNNIFNTTCBLb2sgU2VydGlmaWthc2kg +LSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3UwM6q7 +a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y86Ij5iySr +LqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INr +N3wcwv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2X +YacQuFWQfw4tJzh03+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/ +iSIzL+aFCr2lqBs23tPcLG07xxO9WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4f +AJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQUZT/HiobGPN08VFw1+DrtUgxH +V8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh +AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPf +IPP54+M638yclNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4 +lzwDGrpDxpa5RXI4s6ehlj2Re37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c +8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0jq5Rm+K37DwhuJi1/FwcJsoz7UMCf +lo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcx +EjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMT +VFdDQSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5 +NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsT +B1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2CnJfF +10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz +0ALfUPZVr2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfCh +MBwqoJimFb3u/Rk28OKRQ4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbH +zIh1HrtsBv+baz4X7GGqcXzGHaL3SekVtTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc +46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1WKKD+u4ZqyPpcC1jcxkt2 +yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99sy2sbZCi +laLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYP +oA/pyJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQA +BDzfuBSO6N+pjWxnkjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcE +qYSjMq+u7msXi7Kx/mzhkIyIqJdIzshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm +4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6gcFGn90xHNcgL +1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn +LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WF +H6vPNOw/KP4M8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNo +RI2T9GRwoD2dKAXDOXC4Ynsg/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+ +nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlglPx4mI88k1HtQJAH32RjJMtOcQWh +15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryPA9gK8kxkRr05YuWW +6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3mi4TW +nsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5j +wa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWz +aGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmy +KwbQBM0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES +MBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU +V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz +WhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO +LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFE +AcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HH +K3XLfJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeX +RfwZVzsrb+RH9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/z +rX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx +3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkq +hkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeC +MErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdls +XebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62D +lhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvn +aspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ +YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw +NzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv +b3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD +VQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2 +MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+6yfwIaPzaSZVfp3F +VRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA3GV1 +7CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+X +Z75Ljo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+ +/jXh7VB7qTCNGdMJjmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs +81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkm +dtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3F0fUTPHSiXk+TT2YqGHe +Oh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJoWjiUIMu +sDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 +pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fs +slESl1MpWtTwEhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQ +arMCpgKIv7NHfirZ1fpoeDVNAgMBAAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYD +VR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qWDNXr+nuqF+gTEjANBgkqhkiG +9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNmzqjMDfz1mgbl +dxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx +0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1Tj +TQpgcmLNkQfWpb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBed +Y2gea+zDTYa4EzAvXUYNR0PVG6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7 +Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpcc41teyWRyu5FrgZLAMzTsVlQ2jqI +OylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOTJsjrDNYmiLbAJM+7 +vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2qReW +t88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcn +HL/EVlP6Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVx +SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF2jCCA8KgAwIBAgIMBfcOhtpJ80Y1LrqyMA0GCSqGSIb3DQEBCwUAMIGIMQsw +CQYDVQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28x +ITAfBgNVBAoMGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1 +c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMx +OTM0MTJaFw00MjA4MjMxOTM0MTJaMIGIMQswCQYDVQQGEwJVUzERMA8GA1UECAwI +SWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2ZSBI +b2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +ALldUShLPDeS0YLOvR29zd24q88KPuFd5dyqCblXAj7mY2Hf8g+CY66j96xz0Xzn +swuvCAAJWX/NKSqIk4cXGIDtiLK0thAfLdZfVaITXdHG6wZWiYj+rDKd/VzDBcdu +7oaJuogDnXIhhpCujwOl3J+IKMujkkkP7NAP4m1ET4BqstTnoApTAbqOl5F2brz8 +1Ws25kCI1nsvXwXoLG0R8+eyvpJETNKXpP7ScoFDB5zpET71ixpZfR9oWN0EACyW +80OzfpgZdNmcc9kYvkHHNHnZ9GLCQ7mzJ7Aiy/k9UscwR7PJPrhq4ufogXBeQotP +JqX+OsIgbrv4Fo7NDKm0G2x2EOFYeUY+VM6AqFcJNykbmROPDMjWLBz7BegIlT1l +RtzuzWniTY+HKE40Cz7PFNm73bZQmq131BnW2hqIyE4bJ3XYsgjxroMwuREOzYfw +hI0Vcnyh78zyiGG69Gm7DIwLdVcEuE4qFC49DxweMqZiNu5m4iK4BUBjECLzMx10 +coos9TkpoNPnG4CELcU9402x/RpvumUHO1jsQkUm+9jaJXLE9gCxInm943xZYkqc +BW89zubWR2OZxiRvchLIrH+QtAuRcOi35hYQcRfO3gZPSEF9NUqjifLJS3tBEW1n +twiYTOURGa5CgNz7kAXU+FDKvuStx8KU1xad5hePrzb7AgMBAAGjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFJngGWcNYtt2s9o9uFvo/ULSMQ6HMA4GA1Ud +DwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAmHNw4rDT7TnsTGDZqRKGFx6W +0OhUKDtkLSGm+J1WE2pIPU/HPinbbViDVD2HfSMF1OQc3Og4ZYbFdada2zUFvXfe +uyk3QAUHw5RSn8pk3fEbK9xGChACMf1KaA0HZJDmHvUqoai7PF35owgLEQzxPy0Q +lG/+4jSHg9bP5Rs1bdID4bANqKCqRieCNqcVtgimQlRXtpla4gt5kNdXElE1GYhB +aCXUNxeEFfsBctyV3lImIJgm4nb1J2/6ADtKYdkNy1GTKv0WBpanI5ojSP5RvbbE +sLFUzt5sQa0WZ37b/TjNuThOssFgy50X31ieemKyJo90lZvkWx3SD92YHJtZuSPT +MaCm/zjdzyBP6VhWOmfD0faZmZ26NraAL4hHT4a/RDqA5Dccprrql5gR0IRiR2Qe +qu5AvzSxnI9O4fKSTx+O856X3vOmeWqJcU9LJxdI/uz0UA9PSX3MReO9ekDFQdxh +VicGaeVyQYHTtgGJoC86cnn+OjC/QezHYj6RS8fZMXZC+fc8Y+wmjHMMfRod6qh8 +h6jCJ3zhM0EPz8/8AKAigJ5Kp28AsEFFtyLKaEjFQqKu3R3y4G5OBVixwJAWKqQ9 +EEC+j2Jjg6mcgn0tAumDMHzLJ8n9HmYAsC7TIS+OMxZsmO0QqAfWzJPP29FpHOTK +yeC2nOnOcXHebD8WpHk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYD +VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf +BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 +YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x +NzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYDVQQGEwJVUzERMA8G +A1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0 +d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF +Q0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqG +SM49AwEHA0IABH77bOYj43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoN +FWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqmP62jQzBBMA8GA1UdEwEB/wQFMAMBAf8w +DwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt0UrrdaVKEJmzsaGLSvcw +CgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjzRM4q3wgh +DDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICnTCCAiSgAwIBAgIMCL2Fl2yZJ6SAaEc7MAoGCCqGSM49BAMDMIGRMQswCQYD +VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf +BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 +YXZlIEdsb2JhbCBFQ0MgUDM4NCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x +NzA4MjMxOTM2NDNaFw00MjA4MjMxOTM2NDNaMIGRMQswCQYDVQQGEwJVUzERMA8G +A1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0 +d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF +Q0MgUDM4NCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTB2MBAGByqGSM49AgEGBSuB +BAAiA2IABGvaDXU1CDFHBa5FmVXxERMuSvgQMSOjfoPTfygIOiYaOs+Xgh+AtycJ +j9GOMMQKmw6sWASr9zZ9lCOkmwqKi6vr/TklZvFe/oyujUF5nQlgziip04pt89ZF +1PKYhDhloKNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0G +A1UdDgQWBBRVqYSJ0sEyvRjLbKYHTsjnnb6CkDAKBggqhkjOPQQDAwNnADBkAjA3 +AZKXRRJ+oPM+rRk6ct30UJMDEr5E0k9BpIycnR+j9sKS50gU/k6bpZFXrsY3crsC +MGclCrEMXu6pY5Jv5ZAL/mYiykf9ijH3g/56vxC+GCsej/YpHpRZ744hN8tRmKVu +Sw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFWjCCA0KgAwIBAgIQT9Irj/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBH +MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBF +eHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwHhcNMTUwMzEzMDAwMDAwWhcNMzgxMjMx +MDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNV +BAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrsiWog +D4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvS +sPGP2KxFRv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aop +O2z6+I9tTcg1367r3CTueUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dk +sHYf5BA1FxvyDrFspCqjc/wJHx4yGVMR59mzLC52LqGj3n5qiAno8geK+LLNEOfi +c0CTuwjRP+H8C5SzJe98ptfRr5//lpr1kXuYC3fUfugH0mK1lTnj8/FtDw5lhIpj +VMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhTA8ykADNkUVkLo4KRel7sFsLz +KuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fVUbGAIAEBtHoIppB/ +TuDvB0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfblLkWU41G +sx2VYVdWf6/wFlthWG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs +1+lvK9JKBZP8nm9rZ/+I8U6laUpSNwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQD +fwIDAQABo0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS3H5aBZ8eNJr34RQwDwYDVR0T +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBADaN +l8xCFWQpN5smLNb7rhVpLGsaGvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAUR +ap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZLcpHIojG5qtr8nR/zXUACE/xOHAbKsxSQ +VBcZEhrxH9cMaVr2cXj0lH2RC47skFSOvG+hTKv8dGT9cZr4QQehzZHkPJrgmzI5 +c6sq1WnIeJEmMX3ixzDx/BR4dxIOE/TdFpS/S2d7cFOFyrC78zhNLJA5wA3CXWvp +4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb+7lsq+KePRXBOy5nAliRn+/4Qh8s +t2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOWF3sGPjLtx7dCvHaj +2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwiGpWO +vpaQXUJXxPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2C +xR9GUeOcGMyNm43sSet1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmx +cmtpzyKEC2IPrNkZAJSidjzULZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbM +fjKaiJUINlK73nZfdklJrX+9ZSCyycErdhh2n1ax +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIQXd+x2lqj7V2+WmUgZQOQ7zANBgkqhkiG9w0BAQsFADA9 +MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBH +bG9iYWwgRzIgUm9vdDAeFw0xNjAzMTEwMDAwMDBaFw00MDEyMzEwMDAwMDBaMD0x +CzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlUcnVzdDEbMBkGA1UEAwwSVUNBIEds +b2JhbCBHMiBSb290MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxeYr +b3zvJgUno4Ek2m/LAfmZmqkywiKHYUGRO8vDaBsGxUypK8FnFyIdK+35KYmToni9 +kmugow2ifsqTs6bRjDXVdfkX9s9FxeV67HeToI8jrg4aA3++1NDtLnurRiNb/yzm +VHqUwCoV8MmNsHo7JOHXaOIxPAYzRrZUEaalLyJUKlgNAQLx+hVRZ2zA+te2G3/R +VogvGjqNO7uCEeBHANBSh6v7hn4PJGtAnTRnvI3HLYZveT6OqTwXS3+wmeOwcWDc +C/Vkw85DvG1xudLeJ1uK6NjGruFZfc8oLTW4lVYa8bJYS7cSN8h8s+1LgOGN+jIj +tm+3SJUIsUROhYw6AlQgL9+/V087OpAh18EmNVQg7Mc/R+zvWr9LesGtOxdQXGLY +D0tK3Cv6brxzks3sx1DoQZbXqX5t2Okdj4q1uViSukqSKwxW/YDrCPBeKW4bHAyv +j5OJrdu9o54hyokZ7N+1wxrrFv54NkzWbtA+FxyQF2smuvt6L78RHBgOLXMDj6Dl +NaBa4kx1HXHhOThTeEDMg5PXCp6dW4+K5OXgSORIskfNTip1KnvyIvbJvgmRlld6 +iIis7nCs+dwp4wwcOxJORNanTrAmyPPZGpeRaOrvjUYG0lZFWJo8DA+DuAUlwznP +O6Q0ibd5Ei9Hxeepl2n8pndntd978XplFeRhVmUCAwEAAaNCMEAwDgYDVR0PAQH/ +BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIHEjMz15DD/pQwIX4wV +ZyF0Ad/fMA0GCSqGSIb3DQEBCwUAA4ICAQATZSL1jiutROTL/7lo5sOASD0Ee/oj +L3rtNtqyzm325p7lX1iPyzcyochltq44PTUbPrw7tgTQvPlJ9Zv3hcU2tsu8+Mg5 +1eRfB70VVJd0ysrtT7q6ZHafgbiERUlMjW+i67HM0cOU2kTC5uLqGOiiHycFutfl +1qnN3e92mI0ADs0b+gO3joBYDic/UvuUospeZcnWhNq5NXHzJsBPd+aBJ9J3O5oU +b3n09tDh05S60FdRvScFDcH9yBIw7m+NESsIndTUv4BFFJqIRNow6rSn4+7vW4LV +PtateJLbXDzz2K36uGt/xDYotgIVilQsnLAXc47QN6MUPJiVAAwpBVueSUmxX8fj +y88nZY41F7dXyDDZQVu5FLbowg+UMaeUmMxq67XhJ/UQqAHojhJi6IjMtX9Gl8Cb +EGY4GjZGXyJoPd/JxhMnq1MGrKI8hgZlb7F+sSlEmqO6SWkoaY/X5V+tBIZkbxqg +DMUIYs6Ao9Dz7GjevjPHF1t/gMRMTLGmhIrDO7gJzRSBuhjjVFc2/tsvfEehOjPI ++Vg7RE+xygKJBJYoaMVLuCaJu9YzL1DV/pqJuhgyklTGW+Cd+V7lDSKb9triyCGy +YiGqhkCyLmTTX8jjfhFnRR8F/uOi77Oos/N9j/gMHyIfLXC0uAE0djAA5SN4p1bX +UB+K+wb1whnw0A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl +eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT +JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMjAx +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT +Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg +VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqflo +I+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng +o4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G +A1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB +zzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW +RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB +iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl +cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV +BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw +MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV +BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B +3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY +tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ +Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 +VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT +79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 +c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT +Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l +c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee +UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE +Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd +BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF +Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO +VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 +ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs +8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR +iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze +Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ +XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ +qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB +VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB +L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG +jjxDah2nGN59PRbxYvnKkKj9 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB +gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk +MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY +UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx +NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3 +dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy +dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6 +38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP +KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q +DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4 +qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa +JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi +PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P +BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs +jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0 +eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD +ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR +vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt +qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa +IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy +i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ +O+7ETPTsJ3xCwnR8gooJybQDJbw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT +AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD +QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP +MREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7IJUqOtdu0KBuqV5Do +0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHHrfAQ +UySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5d +RdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQ +OA7+j0xbm0bqQfWwCHTD0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwv +JoIQ4uNllAoEwF73XVv4EOLQunpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08C +AwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0O +BBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJ +LjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecY +MnQ8SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ +44gx+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I +Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNw +i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN +9u6wWk5JRFRYX0KD +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFRzCCAy+gAwIBAgIJEQA0tk7GNi02MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV +BAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04g +Uk9PVCBDQSBHMjAeFw0xNzAyMDYwOTI3MzVaFw00MjAyMDYwOTI3MzVaMEExCzAJ +BgNVBAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJ +R04gUk9PVCBDQSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDF +dRmRfUR0dIf+DjuW3NgBFszuY5HnC2/OOwppGnzC46+CjobXXo9X69MhWf05N0Iw +vlDqtg+piNguLWkh59E3GE59kdUWX2tbAMI5Qw02hVK5U2UPHULlj88F0+7cDBrZ +uIt4ImfkabBoxTzkbFpG583H+u/E7Eu9aqSs/cwoUe+StCmrqzWaTOTECMYmzPhp +n+Sc8CnTXPnGFiWeI8MgwT0PPzhAsP6CRDiqWhqKa2NYOLQV07YRaXseVO6MGiKs +cpc/I1mbySKEwQdPzH/iV8oScLumZfNpdWO9lfsbl83kqK/20U6o2YpxJM02PbyW +xPFsqa7lzw1uKA2wDrXKUXt4FMMgL3/7FFXhEZn91QqhngLjYl/rNUssuHLoPj1P +rCy7Lobio3aP5ZMqz6WryFyNSwb/EkaseMsUBzXgqd+L6a8VTxaJW732jcZZroiF +DsGJ6x9nxUWO/203Nit4ZoORUSs9/1F3dmKh7Gc+PoGD4FapUB8fepmrY7+EF3fx +DTvf95xhszWYijqy7DwaNz9+j5LP2RIUZNoQAhVB/0/E6xyjyfqZ90bp4RjZsbgy +LcsUDFDYg2WD7rlcz8sFWkz6GZdr1l0T08JcVLwyc6B49fFtHsufpaafItzRUZ6C +eWRgKRM+o/1Pcmqr4tTluCRVLERLiohEnMqE0yo7AgMBAAGjQjBAMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSCIS1mxteg4BXrzkwJ +d8RgnlRuAzANBgkqhkiG9w0BAQsFAAOCAgEAYN4auOfyYILVAzOBywaK8SJJ6ejq +kX/GM15oGQOGO0MBzwdw5AgeZYWR5hEit/UCI46uuR59H35s5r0l1ZUa8gWmr4UC +b6741jH/JclKyMeKqdmfS0mbEVeZkkMR3rYzpMzXjWR91M08KCy0mpbqTfXERMQl +qiCA2ClV9+BB/AYm/7k29UMUA2Z44RGx2iBfRgB4ACGlHgAoYXhvqAEBj500mv/0 +OJD7uNGzcgbJceaBxXntC6Z58hMLnPddDnskk7RI24Zf3lCGeOdA5jGokHZwYa+c +NywRtYK3qq4kNFtyDGkNzVmf9nGvnAvRCjj5BiKDUyUM/FHE5r7iOZULJK2v0ZXk +ltd0ZGtxTgI8qoXzIKNDOXZbbFD+mpwUHmUUihW9o4JFWklWatKcsWMy5WHgUyIO +pwpJ6st+H6jiYoD2EEVSmAYY3qXNL3+q1Ok+CHLsIwMCPKaq2LxndD0UF/tUSxfj +03k9bWtJySgOLnRQvwzZRjoQhsmnP+mg7H/rpXdYaXHmgwo38oZJar55CJD2AhZk +PuXaTH4MNMn5X7azKFGnpyuqSfqNZSlO42sTp5SjLVFteAxEy9/eCG/Oo2Sr05WE +1LlSVHJ7liXMvGnjSG4N0MedJ5qq+BOS3R7fY581qRY27Iy4g/Q9iY/NtBde17MX +QRBdJ3NghVdJIgc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICQDCCAeWgAwIBAgIMAVRI7yH9l1kN9QQKMAoGCCqGSM49BAMCMHExCzAJBgNV +BAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMgTHRk +LjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25vIFJv +b3QgQ0EgMjAxNzAeFw0xNzA4MjIxMjA3MDZaFw00MjA4MjIxMjA3MDZaMHExCzAJ +BgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMg +THRkLjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25v +IFJvb3QgQ0EgMjAxNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJbcPYrYsHtv +xie+RJCxs1YVe45DJH0ahFnuY2iyxl6H0BVIHqiQrb1TotreOpCmYF9oMrWGQd+H +Wyx7xf58etqjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBSHERUI0arBeAyxr87GyZDvvzAEwDAfBgNVHSMEGDAWgBSHERUI0arB +eAyxr87GyZDvvzAEwDAKBggqhkjOPQQDAgNJADBGAiEAtVfd14pVCzbhhkT61Nlo +jbjcI4qKDdQvfepz7L9NbKgCIQDLpbQS+ue16M9+k/zzNY9vTlp8tLxOsvxyqltZ ++efcMQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe +MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 +ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe +Fw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw +IQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL +SSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH +SyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh +ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X +DZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1 +TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ +fzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA +sgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU +WH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS +nT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH +dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip +NiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC +AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF +MAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH +ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB +uvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl +PwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP +JXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/ +gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2 +j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6 +5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB +o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS +/jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z +Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE +W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D +hNQ+IIX3Sj0rnP0qCglN6oH4EZw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICKzCCAbGgAwIBAgIKe3G2gla4EnycqDAKBggqhkjOPQQDAzBaMQswCQYDVQQG +EwJVUzETMBEGA1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMx +IDAeBgNVBAMTF2VtU2lnbiBFQ0MgUm9vdCBDQSAtIEMzMB4XDTE4MDIxODE4MzAw +MFoXDTQzMDIxODE4MzAwMFowWjELMAkGA1UEBhMCVVMxEzARBgNVBAsTCmVtU2ln +biBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMSAwHgYDVQQDExdlbVNpZ24gRUND +IFJvb3QgQ0EgLSBDMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABP2lYa57JhAd6bci +MK4G9IGzsUJxlTm801Ljr6/58pc1kjZGDoeVjbk5Wum739D+yAdBPLtVb4Ojavti +sIGJAnB9SMVK4+kiVCJNk7tCDK93nCOmfddhEc5lx/h//vXyqaNCMEAwHQYDVR0O +BBYEFPtaSNCAIEDyqOkAB2kZd6fmw/TPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB +Af8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMQC02C8Cif22TGK6Q04ThHK1rt0c +3ta13FaPWEBaLd4gTCKDypOofu4SQMfWh0/434UCMBwUZOR8loMRnLDRWmFLpg9J +0wD8ofzkpf9/rdcw0Md3f76BB1UwUCAU9Vc4CqgxUQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQswCQYDVQQG +EwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNo +bm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0g +RzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBrMQswCQYDVQQGEwJJ +TjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9s +b2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMw +djAQBgcqhkjOPQIBBgUrgQQAIgNiAAQjpQy4LRL1KPOxst3iAhKAnjlfSU2fySU0 +WXTsuwYc58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyzdc6LBtCGI79G1Y4PPwT01xyS +fvalY8L1X44uT6EYGQIrMgqCZH0Wk9GjQjBAMB0GA1UdDgQWBBR8XQKEE9TMipuB +zhccLikenEhjQjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggq +hkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+DCBeQyh+KTOgNG3qxrdWB +CUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7jHvrZQnD ++JbNR6iC8hZVdyR+EhCVBCyj +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDczCCAlugAwIBAgILAK7PALrEzzL4Q7IwDQYJKoZIhvcNAQELBQAwVjELMAkG +A1UEBhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEg +SW5jMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEMxMB4XDTE4MDIxODE4MzAw +MFoXDTQzMDIxODE4MzAwMFowVjELMAkGA1UEBhMCVVMxEzARBgNVBAsTCmVtU2ln +biBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQDExNlbVNpZ24gUm9v +dCBDQSAtIEMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+upufGZ +BczYKCFK83M0UYRWEPWgTywS4/oTmifQz/l5GnRfHXk5/Fv4cI7gklL35CX5VIPZ +HdPIWoU/Xse2B+4+wM6ar6xWQio5JXDWv7V7Nq2s9nPczdcdioOl+yuQFTdrHCZH +3DspVpNqs8FqOp099cGXOFgFixwR4+S0uF2FHYP+eF8LRWgYSKVGczQ7/g/IdrvH +GPMF0Ybzhe3nudkyrVWIzqa2kbBPrH4VI5b2P/AgNBbeCsbEBEV5f6f9vtKppa+c +xSMq9zwhbL2vj07FOrLzNBL834AaSaTUqZX3noleoomslMuoaJuvimUnzYnu3Yy1 +aylwQ6BpC+S5DwIDAQABo0IwQDAdBgNVHQ4EFgQU/qHgcB4qAzlSWkK+XJGFehiq +TbUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBAMJKVvoVIXsoounlHfv4LcQ5lkFMOycsxGwYFYDGrK9HWS8mC+M2sO87 +/kOXSTKZEhVb3xEp/6tT+LvBeA+snFOvV71ojD1pM/CjoCNjO2RnIkSt1XHLVip4 +kqNPEjE2NuLe/gDEo2APJ62gsIq1NnpSob0n9CAnYuhNlCQT5AoE6TyrLshDCUrG +YQTlSTR+08TI9Q/Aqum6VF7zYytPT1DU/rl7mYw9wC68AivTxEDkigcxHpvOJpkT ++xHqmiIMERnHXhuBUDDIlhJu58tBf5E7oke3VIAb3ADMmpDqw8NQBmIMMMAVSKeo +WXzhriKi4gp6D/piq1JM4fHfyr6DDUI= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDlDCCAnygAwIBAgIKMfXkYgxsWO3W2DANBgkqhkiG9w0BAQsFADBnMQswCQYD +VQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBU +ZWNobm9sb2dpZXMgTGltaXRlZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBH +MTAeFw0xODAyMTgxODMwMDBaFw00MzAyMTgxODMwMDBaMGcxCzAJBgNVBAYTAklO +MRMwEQYDVQQLEwplbVNpZ24gUEtJMSUwIwYDVQQKExxlTXVkaHJhIFRlY2hub2xv +Z2llcyBMaW1pdGVkMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEcxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0u76WaK7p1b1TST0Bsew+eeuGQz +f2N4aLTNLnF115sgxk0pvLZoYIr3IZpWNVrzdr3YzZr/k1ZLpVkGoZM0Kd0WNHVO +8oG0x5ZOrRkVUkr+PHB1cM2vK6sVmjM8qrOLqs1D/fXqcP/tzxE7lM5OMhbTI0Aq +d7OvPAEsbO2ZLIvZTmmYsvePQbAyeGHWDV/D+qJAkh1cF+ZwPjXnorfCYuKrpDhM +tTk1b+oDafo6VGiFbdbyL0NVHpENDtjVaqSW0RM8LHhQ6DqS0hdW5TUaQBw+jSzt +Od9C4INBdN+jzcKGYEho42kLVACL5HZpIQ15TjQIXhTCzLG3rdd8cIrHhQIDAQAB +o0IwQDAdBgNVHQ4EFgQU++8Nhp6w492pufEhF38+/PB3KxowDgYDVR0PAQH/BAQD +AgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFn/8oz1h31x +PaOfG1vR2vjTnGs2vZupYeveFix0PZ7mddrXuqe8QhfnPZHr5X3dPpzxz5KsbEjM +wiI/aTvFthUvozXGaCocV685743QNcMYDHsAVhzNixl03r4PEuDQqqE/AjSxcM6d +GNYIAwlG7mDgfrbESQRRfXBgvKqy/3lyeqYdPV8q+Mri/Tm3R7nrft8EI6/6nAYH +6ftjk4BAtcZsCjEozgyfz7MjNYBBjWzEN3uBL4ChQEKF6dk4jeihU80Bv2noWgby +RQuQ+q7hv53yrlc8pa6yVvSLZUDp/TGBLPQ5Cdjua6e0ph0VpZj3AYHYhX3zUVxx +iN66zB+Afko= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDqjCCApKgAwIBAgIUaMXtakNGxHiIxOXhbD1jaiDOu1UwDQYJKoZIhvcNAQEL +BQAwbDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMREwDwYDVQQHEwhC +ZXRoZXNkYTEOMAwGA1UEChMFT1JDSUQxDjAMBgNVBAsTBU9SQ0lEMRcwFQYDVQQD +DA5vcmNpZF9yc2FfMjAyMjAgFw0yMjEyMjgyMjU4MDBaGA8yMDYyMTIxODIyNTgw +MFowbDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMREwDwYDVQQHEwhC +ZXRoZXNkYTEOMAwGA1UEChMFT1JDSUQxDjAMBgNVBAsTBU9SQ0lEMRcwFQYDVQQD +DA5vcmNpZF9yc2FfMjAyMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AM2hgJbabCrVnwHwlFJQuYPWToyNRzLfvfsSjVAEpDcLTHAV5tJkqnT0VflWL9v0 +HJ6r+5krzktbunXePH78O8U9T4Yo6Z2h19ck9vuKkIC+d++LqmUoZwOXlgQ7NJSv +N31NQ9RiUiFvWSyjGhhXLdrcXdYq5EBZtpyTfSgKBPOpsX1P0O77dFIoD/APvVgy +Ye5Snkx2eNR1a+yIJAmA/URAOFqr0dmCMhNWvngAdzXg87jDOwcjdOOEJsVM+h7k +/YJOwriskxdkFyOTCHD0nzqo9vtliYobiVDnISdehg2xNJ1wKfCayNXkCORyojme +DrfHiq5b77DAcyw4ISj1yz8CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFPE3u8YQ9f9nmJAxbIZBFnIBH/nqMA0GCSqG +SIb3DQEBCwUAA4IBAQAPYEV1WW2atdAnLE010ejdDj4gZZ5hMq+We37EDw+uNNp4 +nyndOU7ugjeFTU1jmUevTQLwBYBPvVOzpqVYbJtdysOFQP3vpUnATfEy0XATjoas +6RlD26dwQN9hi+5T35Rpt4BJ01f+vhEc4BFFmJTaOAKmCsFNhLkLeEH3zIfm/s8R +vZMyBJ764Ws8BkkBoaXNwtbg+uCCi4S1XN1D9GOBKYVjh8pjaPWGeNbaQYuDOLDC +83XsoDXbmek27RY5vWDrqJ4JzWDXxjEqoUqayRv2zHN9Qvt+Zfd2Od8sylpZt8/A +iWPlIEKEohFb6/Tpkk019U+bsnolb52EQ7ILVXiZ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICGzCCAcKgAwIBAgIULvxL6M+egpgNZ/fCUmQArpJ8zKUwCgYIKoZIzj0EAwIw +azELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMREwDwYDVQQHEwhCZXRo +ZXNkYTEOMAwGA1UEChMFT1JDSUQxDjAMBgNVBAsTBU9SQ0lEMRYwFAYDVQQDDA1v +cmNpZF9lY18yMDIyMCAXDTIyMTIyODIzMTEwMFoYDzIwNjIxMjE4MjMxMTAwWjBr +MQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxETAPBgNVBAcTCEJldGhl +c2RhMQ4wDAYDVQQKEwVPUkNJRDEOMAwGA1UECxMFT1JDSUQxFjAUBgNVBAMMDW9y +Y2lkX2VjXzIwMjIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATzWR1V0UQNcgVS +LKWSH8I7BWh/h5Dt1OeGXBG5plEIecFmi0MSUOkYB735yktOi0ql6B6bDKr82H/5 +yy1o6VoYo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQU9lYvpzzLfKOFZed4hRmQwJQRng8wCgYIKoZIzj0EAwIDRwAwRAIgT5VT +vPoQlvi6Fn5QfoiHLnEt7ZfP4pcouId1kH3F9fMCIATa+JrWV3iuMfcpARMW2lFW +w/WipdJs1avcce6iZqW6 +-----END CERTIFICATE----- diff --git a/certs/cacerts b/certs/cacerts new file mode 100755 index 0000000000000000000000000000000000000000..bac50e6cd7c0ca36d2166a3958f18fee03581cc7 GIT binary patch literal 167385 zcmdqJ1z43`w=PU~3P^Ve5^K>QAl)e`-61L6-7Vdn5>nEjlz>Gyh@^mYDIjwNp{y??K333EPkG3Q)sjC z?JOOctOblMER7A#?U?KYoE)4Tom>rFOerkvtW7L!%^jI2ENzWhn2c?2JTtepGcvTM zFf}%&uxI1sqA)gfaI!Q5{)UsKoh^l-vy+9LgQb%@6cn^8d2w196uc%2Cx{nVg$XDC z#sGLB=EA~2!@!`SKhj6Ke@919IcY%`go1#?7$Wsv01g%gOsLFQ2n(HsbAZW2DSm_1Myr9fyDv; z9wK?Y8*x!l3Z<*vi2h|a!asKdBEv@qbAx!;*ulK)oM4a^J~{{6jpl#LH9rL5ARt0M zRT$_WA1^F4BCH4$oX@%S8uhXx8`5ioHI>X3r)Yv|x3~v>^E@wQNQX<`CKRS1@VrLH zGkO&R&1jnSbb;dui+|?|dpx-30-3M)er16uNEq^^km5i?e}{ty!2&<7J1`*~u&{^- zP#{v^<0i#`yA6k1AdFBEXEQAG*||stE3K|3FH+{q&F>sm5(*>+LxH%aI)jm`Ra=Ff z6WZJG-SPu%$Jg9Oq(iayj0;GVXxuOq%yh81@a&;niTd9rZ$$&HrGq@487CZPy^WQN=01Va5g+s$b!3Mx!LIGNc0uulO4b^jN zp-lf$cz*skCt~@eVv*l1y=`jG*CUsmaW0xdyNcQFQ^GWt{UeLP80CUsZF9I>EE+rA zI{}?38dFjXI1P&(PvjSZ(NqZ1$!PKwWB2ldQQsUf_>L56?$F5(JT3K1pFZRHAf|!0 z`ZcP5T51XXHa#g>e_$|eW6M)D;kU3lwV+qs2kjBm( z1v>rMI16Ofrmu4d8!YL9$|b{8Jt!qSQr2~+-@VI2G?rT?g56wOL^q{;Po_GkZOC2> zb6IQZ?C%s3suCT;j<~EXMz!qufR2!cjX{oeK7x`0xHHw+b? zdrp(h-!s*JZlBHSmK;dI^}!3%5+|(4nJX2k_|-zi`(@3EM!^p)ho3owrtwC7g=Z4{GuLZbiYNUIulLDhsBgmM@12;*3BmmJ&ifK zi8Lm^r~1NR2viu;4`)=?v(5RzBV`+dM=zc=!M><0)2_rDht%g4l2nbJ`DbM$+Kn|@ zs|O5EGDmnFku*M}A=GPUVIeGbL6tU<$iSfB4s{B@K9Az0^bX)TC{ukx$eEC6^N6pv zcBnNxBw;;c0F$r8qbYCCP2%huH|uId(BZ-*+;pBrE-TFvauULL((6T<wBgPn)t ze@{6wB!7W9OdbGqS-^|t2jxI&4^FX8qc8Ncki2)p{J{Q~neVIJ{GU(`E)Mpal;f)T z-*U|^Agte%1OBc*926C-5fq%&47xKX5?B(xN<2+%9~*~7<|`JMy1*xJ)b|b&9~}|j zU`hbFUn4zo>~IXI2PFfeLKCk13zv5ybzufdL}dBr3tn2YeZ9-5s%T;NEM$ZCcgjX1 zYz`;H#|~11cuaHuKl2f_vY_yhPPTS}H`c|73jLq5Is)Qu3Iwb<6vzYy#0?#vB7Vy! z_fW8skk4WMNGSpKR)^S#qHtkUW)^wDNmu+QDcnnijG`wRRj;@mT46xuv?w)bdOKyt z@ph|msF!9`uO%-cz+VC{JzijS5Zon;Jz*eAe7GA!$^Aw-wa8W$q9dGk&H~r8+R@V7 zmcqf#&WXaNQ2pd9ca8Q1a_}K}2vlBvQ zIKXUR(Dgq+TG?+l|IM@g6R$}^Tz7nJcDjZ8+LQkaI?{fz0|AE+Wb|4O~Uc) zxP^AU8;oyXRfk#iHiQqqs{M}pUKy8iOJ<%}>(xZ)jyxY8!nTPSYP{cTu@8=k3Wp`( zzKU+fNd32zY(&gh<(u8_$Uh*8Ao6P@^vCe&iD)yCqa+cvm=xfT=&dyyk4tX^BlLDG z*{~rLlbtqyep=AgS#q(2JLaU9+l9X2z79!7gvsza} zpO2eS{7>r(PY#o0ZXw!SMAe254&@rU_G>y-k5Th|(dB!cKbwX8L0619Zr}f%M*Nvi zn-ZKc$AVP?L5CGrE$>PN4OipdZUYI9Mnc1f+OJE&jgI+EoKM9MK4x*{*{MeCJE+^T zg!L+mh~Xvf6!h{WXDBFWp-LVia7nv@+8%SS7H?4^Ie%L-ynWwweELaB5Q_B}jJ(rJ z-0chA^S}c=+&s8y)Q!uX*hO2^TBJHdGvr4#2z;i=4`1$aUJT6Ki6+7hwf9FUO?M{E z<_m#`%AWO`pgo;~&!&GU=fbPKd0Lb=6^J?feF21h8a&7@b^O}K1eeJ}Q*l%lNxC=5 zgvc1fUEsJb>a}KNrii$^Ek-Dzj%tl*!;7elIh+l2yC#-7bK8MP?B_wa5m1Eof$mRI zo{SOEzu+cgL!81j=D#EN?3&jYgA5^l;!U1%u)Nll#+kUwJa=>5x0toR5q}^U0zDRoTF8d{1?i0&3ouQx)bCvmu>ymC0 zrm1DxrTn2@FcHJHjkg`w^k1r`jyrX9zFWe6Qb|o9Fu&*^mRz5t_tG;a&F!`*j=Dx& ze%-z2u5&^T6$PI&I0b8vDDyt`h;qBLbv*x+$t2e%%8(WV8m*xGxJ-IBg~;xr3Pr`( zEKk8=Z!xo~@-0wjH0$8I7@C;b!N_vE1Qd}CObe}UbRJlFUR8obel{(6mxu&TrxC>PCH#nI<7dB1TJB4j42ud8 z-R_;^w{v?+&LdownQNYK3$_TB4IfaDr5=WU_QW;tFnMYzy8EP0Zi`^vdRK)xDs55k zz(H_OwZGkbs}NI8{QGD#h#FBY7VAYw@^qS3eVPVI;oDZcaFrG&c+8caY{D7>j&ZrH zmhCU(&uEh1+)80vcl=jp^t~cw^5UFmOX>t=`wLR0wo z3?C>WKGct77Jcwp0xfaz*i6#hbzD`Oypo3djkuOVu9#H+RCQV}UJ&xhgtYWa)220| z$F{kp`vL3Xg4Po-lPKna@LB_fSP)RZckP5a3z*tKP~G0j5&&~k8)p*>2g9ql$`zXb zcy<*``HlL{^*6S{ob_itMBFU zLD?Uk(Ycn?kROH6LFon*q9vhg$y)c(;6DS*@6Z-3tOXRv6b1}cKg9|Ye$gOj)FP^Y z6Xfu`YM$i7#Pd1zSWO`<<_{EdRDrJ(N_}>23H42cDt=uEh5?b_nyh#w2V!Sd4{I69 z7Gp|}LVe5owo>%nw{j9R)aUBk;g6^WQlh{;*5E-Y1uH{DP{>%o)*28xM<+u=Ckhi& z2MSwL;D2jFTN6{;EAji64=7AsehMQ*4oj$?{*ps@CxBwu0~AB^S`Oi$Qj?=^5(`uy zG@^M!2o>bOWFQgObZ1I${C_0&ie2n3s(g z5J5J!A59P&kJf+U%>P68=NKJYj_s_k@bO-rawfnoy^TtC_4eu5=kvS!nF5 z6M7P}MjvmE9}fe|G&f=9v^{VBz0)w-SP?VB1|LMXTRuXLm3!Ljd)v|~O0Pxua=TBw=F@Gl_L7tNKkhL?(35_qBKhw$^hB^EP^xhxJ1mP2d zu1vP-9SU^~K~Rb1k^|@?E`1?6q==&p^{q&5&n!n!r9ZIuR#bL{!FVGya>8^P47})B zPy8@8T82Zbb!nSlvbspvU7T0qY^;>n{`+8}*|*PS7}*t44N zT<8n-c=sa>so^mt~J(u^@ z*|B`>h;<%Oc9GrA#Um{pdW3~+VWrjLK~RPD#$l?xngiP@NBLdp z=kF+tR`@*3jmwkgY^qYWzU8>6hq0IqYBvlNR!_pWEYh4j}7eSNqTD8YcbET*%V)L6#<=)yL34Mxm zvr`HXQ@U@45K%4~q%MO=!5o5dJTg1t5h44oXkB4nkB%1lA$6|L$cYc7#w2|ko`zhZ zMCZpqGBi1PazzBfrPIUSK)l;T(7222i#Yy#Hh_OF3gtmbMk;N>#2L2L>ahz$gI ztL$uSS7DYb#}$aebF*==^8#U({~6o(Cj(VNVcW%+Z$y(6=hDyP<2O>?nPCc_c+`o4 zH4am;os-ZP+Fwn7R|HJ}MNn8P+j&0v^~a1Y3${Ybc#9}he+>0pL85skTHFBElu;9j zBh|7wK2>J$-L!y%X~xOj$52h+!VV7_#BLFagNU(sIAT+EIqR|W216}L>iQ|m`bNGX zCw?^NyeI{iyp37LqI+lWtH1j^x^qEK(qFT|u&-fjQa{v*XM@qff+5kbccgr|i($-n z?{UkZ-NV;t%Ne@TO>#>bHK`FI8ksJ;yY0gkr6Whkt*)FMv;jyxx0%E!)XT)MU3Ycs zNuTOj2}ZJ=AhK$}#lJqj%<9@$uZxkBg#k~m@Jj{Ie<28Pk>Yz?gOkTQ&eF@#MQRkh z0DCEa^h{tuM?3n=ezC}hzAuF3QS7Z(L3*OfN|}TiZfoC8wk3T$1DP)_N-IgJc>77bJxEcjAs{M<@ z`!5IlgMkbA0|y`$EL%Jq?Owy~B45APFqFXH(k8<5TE12USqqOL>J+CErah!7cdbdS zpopnk>BQ6CI`a0tMW^Mf1>xcI&}UooryKDpv(*wJhoeSMlP)GsDZo*XACMHtRYUM6&Y-Wagu95Rp5+3Ph6K=4qE zBo>ylOsEH=y=Dw6B`IQs7Z##!HTh|>-VLnRByuyiG-Dk{iirZmoy z$Fuc+$5ghR*g}R_Ft#6QSxdnCfEb%AtMjWtVQgn(W9ndR2^1In^o7CK4hXHnFY5yj zR1v@fRRpk7*VYFM1zN-p7$r{KFZTRumOrEqBy+rQI;5RG*Y%3%6j=l-ISu=xd%eq`EEip>sMHIwJw%Qm*J5kW z|D1Tbu7k4mJ$2;SfMK(~FEWVybk4o1GOiJ{$(cKp`b}sijTYR+ zdydyMb57L6y6iZ&bbFv_PeAi9x;Y=mCEM#i6X&%`OHbu!!yHDe(8R46DJph8i^Ook zFCBIWd*lHv{kC4h{S|)AOez`T!!u{fVAJ_H_4nuHMFv?tS*H)GBilnyWA9RL0_T_n-jVk@ak}JV z2NW^5H^}oa9xWKLyx~Mpc4z9Rwq>NaQ-;YZ3#7$FD9v3K z79W)dQ4KnXn_(?!kxGe^0e%aH$WRHD=(ua|I}f-M-KzC7>+&6&V&M~b-bD*mH=Vy6 ztU1_XW+r~S^)$WisX+iS^S$mM0gZ@cvP|cuQP4XBq`TJl3IGz%YBZ3 zb>{rg3@pho(o`6EYA{Z27?j8ZYCvp79VwD{hiJ3_VbDO8mcWK>{Lw{%~#ZyQ~R z_pxfvY3BOzuANO@;@}o<3na>jIE{6?K6HE+E776GvwODwgl#iL6OQTwPxsq4n*nyd zM<|x}bNe?PVxx>hsM~G$le3dPO3OXXZ)POUrWi%xepeCSK2)1(!?7WvK6Vv-meMGUZ;Tk&HB zzN-9C`tEj2^d2JjJk0!a<>YZh<1(2$ z!}iv1caAi^60`)_hW-~i9M_OvtoA$R1jhk58z2Dk39ca@8EPhD>+vCMHQ^tk`#*!K zUz?F%9tZfU?guCVy7oBOf#&~|Z3IC7y|xJYsMuun)6 zrTpR3XsCj3etk-wF=G^TEo`@@s8ywDv8YnBBt|+1vK5F~m@s$_iD)fIinZX^$Red) zq$WEFTE56nwIA5EgvYSvxG`( zhWIMw`qoj67j=iF(V0gyvWydH*+o_%3>)Io}sYQ2g=Hl`df!xprQ>{0!5lh_x z0kPW*V?>%_{wv14VfP8TFyg_bD>oI}GNjb;_IM6C&gxvZJ9gtnP1? z7i>L8af<8nb~u>S$$7H-B(iaC+bn-D#_V2O4j;@%`uW?bFO$Yl3RnEoofA1Tj}pEP|HP)nMIsnbs+G|3YRKeC!{BrS!QiaVh-pD_PYgb|^W4W}b~Jcd zv)0wa<(@UG63M686LWX+-Ui<@P7RCa%Up^3*&S&HFkC|g>X)QW;)p0IY6paAt7+cBZ}*^ zIuP-=j(60f|6-i5F9GOj1JW;rKNu&XI#uENSVXw|5l;W!*Uh4vC%fSXjxPL(fFDDxa zfQoqrc&p278Dy-Ek5gxDNSkTldPQ9g+{JL+z6CMt`(Y~oCp@KZ8bF8)gMVt}l zGuUvFfnDx>pBDLO{%v)I150iNW;S)y;s+ZL~eYzw_;hO0#Sla-8FK3+Os zrk3bSvm`C^vYW(^73#;0nDf_8UkW#?l_1ABz>`JJivHdScv{Zqj5F#{A_A}WcI0QTru;1=e z0;?|1$(i@3>=fh2?T^@*{o&55b;dFamUKv$%S4>@JjYyjc~x5mPzZ=`rAf1f$zCWK z4Lg2{^$@+*Xa6jae>zZDi+mRW8V)*u8y5x+fea2x6iOI`3Ve&Cm~dD1a3Oy$nETDb zo{7PA3HwL|&MNT2Y;6U3ti2y71aVxwnH-K8bQi>sOP@;{LT%yXWY5RSYV2UmazlPu z05^$MMN(9l1$Y2BGe6gX2Yod!)E~kKdj-VCL`Xv3g?cLJu2UXW!e5y6^ z4vhpFe%*tj*`g;;2DwM=KG7rbDG-wLm1yeV54zuvTqzl)qt2qk)U^C2=~Fut9hvZg zK@o`SxtPliB1Wyje0jcDFZx`T88_#2jt>1rv7{5iRM;>d11RYI2(Oa<6H6d9OJT_3 z2&r*5Hl(=jfViIyKSG~pqrad4-Ue_!Ede-C{>en*o5E(RBRY+5e(YB%um?B1P8Hdo z6*Gu9C?db6|JjLxgCh2888@&1D8aezhxnflt^<{9S4aTj1#`0hC_(?-{7;$lpS;lg zf*vU3iC|r38{CtwZpUoSuE%OV{^#WqN*_DDq}|ra-8K1VzI&16Or^lM30eumZ3wq_ zz%q%Su$qjO>lR1~m}G2Nq`!Jge7~imHj)E|B~^{^Ta?{X{TaFU^01TzQzIM+>d9~9 z(4cPf>l3}}@3Sth90ixOt*j-OWQaudB&4q4+$#kr$mJ9uJ3r`E$YDV_wXtVjW!HIC;6S(*Y1_m1| zK9Wz)-Y}0b4qtw1e?vH*Wl-B?X3$Urw==L7(wuH4RQd^f+g}_u^2Ge%dM5&Q`~09E zjH0QKn~tPXf5sZQzvqfrsdjMs(g&^azEeIiGuah3Rj(E6%sLDK{QO#uTN6IDrP8g# z9(RN~@^6zbtZ~r&5Cl*`t61O z14lu)QDFQ$?d!AZ#N%a(36#qB3hIR{wj$eqC=kR8r9;rO|76PEA7DG3iO)yuVO9%$ z;&#tck9G6A!s(svR7OL&dYW4i-Zt2{UoxM+UTe#ykC7wnFKhRBImv}#6YOAH`YPY% z_NOw+yyU{a$lW0+pUm=gF-Hk(*5BZI@hf$4!I7 zb<*+oMj0^Dh?Bn{+a?q{z4&dTacs^#KZAzm2YscXzkg4;1uHH>tTGD+&cJo4o^r7KABSFN-5TJU!3ucX~xYfQZbmtp`c}^{k zq8Uw(3gHGB1K#eMO|>tx`Ng3%v9mqw^@w^EUW;iwy?7`w*p=i_I8d= zSH$fv9e+d&i{DxN0&Q5peS`(vN0=Y(BMj{NO<}uYY?3$7T1pmt8-#luBSe?_IjIsb z>5USZzx4mCPN0Bzb|7{TCzum>v4c6T=-PFYgOd#?SNQi$^iN!^;yX{nh8c|Xa(?|{ z+^JBk`{`1<`z1{K4oy5M)yYh-gXQJqedMwEC(mIrhoZF>)w-2Jni=T2mZx*~En)9a z_=!_7tC!qUO;V?NNPcI5oI=1RpR0p9x5oB)4gGyy739tGN9#_tU8XuQFTA?lg5G7{ z{&viwNWqAd<9gUj)|39gj7&;z84DqnDs|B`hFF){>|Rq5n{t21)4Z~5UzfzLV(UiX zz43kop0zQwrNeu2HcC-Ff%Kg?K@SD8ot+w{VD$LnJYI@$Iczk2F42K#Ajfj9>-~^G z2*BAS7--l(N_JlTAr27Egds7`U$qoEt>+&JlPZi9CD%4HyF*VL@ad8G*6m2e;M~Jn z`*yA5me;m6I}(w$pBPz^>j>FD*XNYha_^*;rZliLnA49HOJ9&An7U+(u+C9grz;+4 z;qlfyp1iBPZbOp#a+>idFTitrKscWo+KERk60@1bJf8xNdnOZg6rb{AY>GRFU62$E z1v~K?hgi-N`y)TSAki*{5$jvHD~8b(SaI1wO09dzcH%h^hp(*_&#?LM@Fcq5kq2rs z3*XvSG8e`Xpe#>}c&gylS#w@8@tmGDrQG%->C!L>6S>&Zw~i-yndcJ>DvlvJDpR5u zx)a6$k4gQUUY{(%SWRm|bWiC=z#b?Qaxk+rwKkz}GBviawX?P}w>15EI1tD!|9)<4 zZRqGo!S=te&@YJlrJQg$Kx_vSP|h#cjOuR$7G!ZlH-Y#)Er|MBH%WkEp&yG<{mY^t zNB!79psQi1I1ImsiT+sI?>zC|Uj+>}Yk zsV!*qtH=rxB(l=T)_=M2xEL-t-(^kT<%itl@V_{g}||4fB7`!zgt0$HpX32%w~nO1`%9Ie@BSKm($U&*A= z;;Me8>pS!%90%FQKC6~s{9gH)VS6&?DO_m5*lBnXhyJYSlK`%1Gya;U=75V#K0&Ph zd%FmxW*!-Y1One5EAxX`^g9Gx9cy(Fth=ez)9(h;#gml4)UDh{e}?29(8MLMnK{Z? z*Jk&VFI7C41Ya_h>3GG%saWnp4mfL0Hr1MT}+>iuwJmx_L@7@&VN|hqnT9 zLR0?FT(bi`TJ!skIq+kqv4xJlF)_;H`IZ>zve1q~p;8c$TAboH9koYp-+4GMe>)OC zu)o%{kJ+Q>X`4!j&Adk8>#r2Ts1|!i=T05!x*qPwr=-El%t;-`kK;t&Mw6#Qp@cGQ zs8MM`QEx8a5@pbqM4FEheq@SJx=Q&}xIT$8so8s&qa0_VvTbfjfcIUyptF4*!9&;q zs`}W>aXrS#qJ}XPo3D*R*b?dF?ifZdFjKZZvXbK`La;~V2lkj)np;AOQLZXx0jzO# zb!GY4cjXITQGuWBpHUo$|7Lz&MO%W4`3r4eL;<9^52#V^k5CT0ntI!TULhxEcOm9@ zxwyk$YH1DsiadCL(+|lUqKN@Zg4B;()y@70-k{=O{kgImeBswSenfU4E}i6cNi92w z2go4;fCVY3Wxr~0{%C^!A1vWNsH~kYnQo0}LOn*!=J+qirbZ zWbf?|YKx(^vV>1IbIwkTF&h3BqW$q;5Q|V?=K6hMn|qa`g}4v7+_GRrcd&4*9X?cr zmE>7H7kzI&NBtd^q+m%9Qd#>CK10Y2^{$(hDm=~WovPvzev55vX~fVb`|9Sm^|P|J zvhBe7{wmfL#Aq=ppvZ1tv1xC%1-r%T6m%;CROK-mCo z{okhiWHng9ysn2# zBi3S+?lVzP>hn?6nF78-sWH=-$Qm>^Lrz#TN%rAl^5dJtK<=t7a#4kOPo|M}mLk@b zvZhMDv9!Vl+Kmh=D1&%|?~0Vt1YgYK$_)`RV-H$3>Nn!qtezigtm_iLiy|#gf=iM< zmbRI9T|SqVt*=l+EQ?L5tEX<2vk~7rDXUEa)nCY|MbXP>;CcmQy>pBoy)A=) z7Ns;CONQKmpSMQ&`XX=@t1YkyrN{ivi6btqfP_nTC~i0@`UMLo6 z?Gr-^@#S)&(VDSF$9>4zejq*HKt521F3Bj6#@edW`h1LHF->1Z0&mtLWA6|&E(l(V z4$5ARn3+iyOb)*w`P8C!+WlZ1oMN=%#Md{7gUmS=}kBmDR>jIm!4 zi$ZPk5LbNlqu9}AXcAij#-)nH8B^BxNUCPpX=L%j4~0$Xn)Afo4{~B2iiY_YX48$^ zRnDWo;`ZK#jVE4p)pyz9kM7Y`*Uq0dv#sOgUS(^5D0{gvP#Xz^4$V!CJWPReaaMN5 zhNjk6r#YOQ9jq+fO(~2ltu1XFO|2<_yEB|jt*#jIBTFj^LkB}gC*TGGLkcTr2WJ~+ z;Jr@HMwU*7fJ5snU}XsOI9}g3VP)v(4v94F!}4kl$U}&A`|*~aT@;Rv*1!_1 zZoKvC4UShcQ2fZAs<8b+6*zN%VH*R;BKw13L;vwTgZxKs7&_GlVBo0Jm7zn#!Ib>5 zVcF{qgMoA6*Cvox^~c6VZfsoj_r`^PZCv)}##Plsq*aAw!9alf>TjUp(8ykGQROfD zm;bf@>xc4SE=XV;$c-@n_yZI_o=~W$$Wh1wAH(mzaP={$Tz?FZQXQa%lZ_L&q=S=_ z6Y#`2*ukJ*&HsOH`k$cknKOv}X{*&}8q+QApy_DO6u(j1Pv0|?k_6+D)I}x}pxj#S8|l#8 zu0{Lc%G39IYG3j>#saOly-2z)pTllxyl<<2-n$Kjslv@Df24>OcpftN<}ykFDA*~9 zq}0gtSb#MTXUa-3EWv70i}S@`rsr{5_;fL&aBEo}j|!&$v@kPWwY@rnS|=FH@-7n{h&7rAe&`<3oNN z4H9k`qTZ;IYuaH#5CZGQ9UBdt-IMgj;hDee&oo|y-kOg>4T&ap&30SduO4uZh_+Pba|O?;caH( zl!9Wn6@KFvhxJM`_UE)JtPd|NSb(+vxRo;}s4@=Y{`YO3u+<~XA zBrjRuiKov?N)@@#?E_TRB;|y0sv`7={R9j_RgCJX0fo5(Fq`_O$?4|vtlMTH4u`&@ zHDJ+ig)#X1Hq_;bW?w7MF_CQPn0@gPk!z#Qm0so~M-Mh!KxJv+roVs@JMQetq0-C8 z%v**)B@nGMwg7<9(bdw?5pwL!&>WIw{nd7~v~~dwA{k#DZ#MstVyW2w1y}H$K#HXu zfUBZwxI$7S9%EH)WtF{&T7SmuM5VyL*}2NqRFK1N!jeC41%kyP_}#5?y#mM)XGsXf z0aC0GXkcgKxT?lrzuEjt%^li zJzE-A^KlwJ8ww6t53ik{>1~tNXXkQi=f%I-la9X(Mu8Vxn?_wyY@JKu{`O>pjgxAa zoKJy1II9{jk!{8hT~gjaq$*x=Jy1(Yb0Z?MSvPNPK23(4%e+-;C9r|}vlQPmO!HWL z#C5pWyN|%3V=o&{6CZn;n=~~%krDAUWdS`xJC55)T03|bur-}0vvpD{yDA>MX5*Fs z$C4Rf!&TM;HX#oQL}fhUL~$EX8x*dV+yLdIbr_Z+1U29B(C3*ZF5{^V^mXj)z9+>P zfJvFr^tP02POzge$r73`9Lf!Ddf+IHuw30oJ2He9?@1vR6Ed5hL0!U2#s&h^ zET3rU11uTe({Tw_!uW!;61s}kDE>8!Hc7-eN9BEc6IP_tdP!1{wb&*DcW}IgSz92_ zr6(`TsL~$!xt>8oS@9XY@O}n?!@+Tolgxm5k7|{a$wJhyZ8hm4Vk{C_TIS;oxv8Qr zlDEj6hLy8J4!iQHg-{)5Ws5&KB1CoOZgf7ZkT_do{W|zKQ^KaX2QQk(9adaww?}sp zX(yDIDx?-2Q&aTI<1#6hi_Ho0YjpCj0Qr~wGXVVtF#Ozioh!l(eA@Tkh-bBvbfun! zX#S<7Aj*0O%e9vO%yD^h0Ri5+@J~hzS7+NNvNzBf>!6rudPAb}$8^ z?v_q=4(=?!G#iqL{zEGvX&c8^{vYW_m@z*lftJ#ReU+H>^^FY6LLONXpgBoT=mu>H zKOnHvtW;8`c=W3Mj-}?4xhL41WqhPTHPEv5il9w#|GOQR^+}z zZQ^B64`NdYX%*;UoSr0i*tt~BqY|!p3}Z|bP;FGMr*VsX;my2r?n__!ddg=DFE1uFSGa)^i|pSZKP1kABn!Y132%kDkCTsC*et$Cpn zxpJ09)fd!E98H~af1CE>plR!|A>8gfS*?~Zl~!JkF4Ma9fK3@1n%h%@SL(6QT4)w+ zmW1v-*R0&uc5^08@vwPV z#u)4Qp*u7jD^1$btzV#BnbV1JeBZ~Cn6dRWG^Xr{~>Q6u^ZGChz|ce+WgmBxPBi2x_Jwi!msHeWbwyETmW6X zO53pixQGkV{5Q?=PwcEd=q)=wi&dhvmEnWj&jo|-iE^unera#iOvFrM%}tgNmUXzL zPgpa8g2`^6EOBytbjp>^X8Z$K- zSs}3+;>pFX;Flk;?h9-;ecRusR+)QYnqoJ7D)czoyFF>_eMhbyJ@to+;vqT=D2C7c z5_E~nS~R+5k8$4<1!pva+T=!J~@i_ z=en5X*mv+bM7!NykN2M$NnB-cvCH-_{<&QXz=VOj?IUZlt23)e@l(BKpzy!;O=`P%Kz2u|aa-q}C=N^dUtrY{$f&wH3j*P4*e?78>F z6T5(#4y1%xT*>`>?mqEs{yx`dCZ!1rCzgQ$1_#n29NSt@s=*|;x#H1u&WbBv%tDmX z_*yBigQ#u}hBo$)!Xn_*9VC)!CjjXK97~{D4(Pn{FkOJ)tK-kx3a%gjES0n(!K@l5&glwIf8+{!<7+CSj0O8w*fI4Ta_RfP3#%l>s>5QkXv z0k9>&A^fp?z%#sF{#Bgzhu;Z{LvuaqXN}!ocJW6t2q?S*jsb!>KoCga1OZJDCp%Db z1JvmLcUa^s^wvWLMamqC8>_s0;R4GwbP}ZPrXcIaV2@x zM}*r;8QRn4PFA{pu?$%u#M7DRsWvWHcQjW_t9@ls-E%&6gMIw&K971SbPqdZ=uLhI zmqFn;D8Odgb_nwp9D9nsqM_E_%ITBxPo($S)(4NQm^r+bqzp-74h_ZL+U3fWC05JN zd@AGcaNsEwe#@VT?ftpGII1z^&1?31(*oR)=N^I~OrIPlQ8X${G6+8(VZtFrRKVgB znjC4-Qbltx)t*?8-m)2uAj6&Mi7j5D4j%VFZ-4Z0V`~e)RfO35Debm+Amz8t0k3f* z!Lx&2=Fy8W(;ti~2jrjme^;^hN-s~gx2OiiF)Tx@jWk#KHx~}8N*scxIhlV zy0_CKceF+CCDP^O6%c_uP!CJn2Ei*HV*wM>t1><2>(X6w8zT!yzUN09lIOWjIkR7R zlx$a5R{)t5;I`ST%V$r8e}j-D5CsFWKd^VN2?Z>2;L%OoxeBK%-GCi2@n0S#8k!jM zbEaNEz`!F;C_}KEYB*qH;`&p21`O z1pkfDk*YB!6{?M2pd!!ue8QbpwsP;S$xN6aLlY+QD91eevC;72JHm|}0!2B^swJ`s zG;KVsDZZv20u!=j_S)y+t_o-`rW37jQtWOOT&9)5y~W!yu;AK8@@zbQk+5wB4vc#B zm?KmHfAd-7lV}ok;VLR_J?;b2>0xGcR!ilQ4zuD2KF0PwqMAkAy$(Lo=0WY6N0;?A z5)}F8WcTcM6H>jS9Fq@vcZ2OK8R))|!3mP&PGP=z5NPDJ6RDCESEiA_X$U`cD&IqY zW?Q*^I;s4{s^}UK0-$Mtv;xK7iNtTOYBVuI&IpH*kmc<&hX`-3$#jxA^S^mz{`1!m z;6Dz;6M+nKu76Ojzki6YwTans z0Q_XX`dt|Kj}3T3@Qx_madvyV` zwWXsINFrA(S0qH}2OL52lGhpoSpZNs%=%+N`d1pH578ifc70<*eKvhl7yYX_A=SnI zBFe?F?Wx6Im>9N8gzb#TT6f8RMy5>nIrN0#!^i!xS2V~Qor7w`^`PnZM3)H4#dw9x zyS1_}DDKco4;OQ}a;%#yJgC9$bM$z}o846z^_cQN%j($zzk=Gc+8|Th@MhOHjNp#J z0-HfQsYEsjyHAg!a*Klqxe*Uw#gXrZID0MVTWUbf+D;WaP{}HdIj5>GG!lFl6;-P8 z5cAw~SDq9VC>ix1-5XGBo_UoLG8E9gB4Tq{y=0<*LH9|BgYG#}_#~3CF%P{n8T+Pf z>3mL_qLaLTxS#BNdJ2OMYlpvZbJX`uZv%wvcas96ECqONrE7GncHMJLu#}rQxA&P; zAxBK13?V$~-*S!i?=SIR+@76^@C(4;KLByD834e#t^o`U{tHIPjP#)dCreB1pGf8( zb_2?8T%e8i_Y1Vq{&s;j+JAh3HWx#Nce-nWyszngC=A4Cyc)Lor>irlOLBe-U4xNv|OU|d!3rNVL8 z>r)--GbAYFhraI^7{d}m@d^C4!)ogru*jJw^wsilbcbJkMo{N z!X`Xf_2Ji-$&I8GUXD2Uiy~%jU<)2c5*V{4g z(8}tGtzEDdHQglyRp0xSY9Mnn5U1h9qV-QOk(|S?BP9u#O3dxNvs{vo4ZWklfhstN zJKZ|ppp;(eIz~7#LloApKuqsERg1J=6$om^#&{RH7Zi=>;FY)g_8`o#<;b!XEeh3H z1FlJd5tl^(lZ1?|*obS#Y>BD~UdR}W>X4n($svO2n3o}U^b@gP5Oc4_o)f4VD);tfuZKo5necW3@7E?IjniJy*g4$lukeklM}1oNZO4+x4pw+vYx`&Hs*~;sdB5>gjFJbbLVmJV_%hCcdS(QbtO*T&RWBd zea3bE+dutV-NJ9Xk@k_$9NlQvrEW%`NqhZ5WCV;6`Zv4rC$0kLHc}n!m#Rm%dAH;Y zrps=H;FBc}t*hR-XTnTb{54A*=aH0vVxJ(xtc_-%sz9hWHT>8L$=o`RX-KbgiPkJ9 ze7oz1Rt9b%c*O3+2RW}z=J$#3&PkwP!GJGhEYJ~6;?~HH8S_e8`E^eVkWjJF_U|)e zCE8ssafAj=46YJ$+Kj+1R->2ZK9!&k;3~muKq?kd)o4i5T0(V?o7A|a%t;s~Y(YE5 zjUR+}4(%|P^x**=MJnBr%Q3y(8Pq))!)f$4$_b1Yw-J&{sMD#XE|uFGda7$w-+!xS2QQiR@pqp2K?=nU zO?5u=?%|WPw5%4c20!3VD8-N$Vtjrp+$6;gn> z#~fy-d^jw2e-!>$QI;NG>T>Hy2~$zp`>ptLyN6J(@SLGKJ%Z(`gRuW-19W&UE1!e= zB_HU8@K&FZ;1k)tX|RjP=@)+EExIU2G;bo(%~G$>(k^ z3$UpAu3emzF6k~okQ$_wmhMvN9=cmlT11eNlI{`^r9nzSx>G>9MM4Q_|9ggzC*H^J zJ>PrI`Ofu6y_~&g&+N4~d&O_9d)(ziGFjkg^u=_ z^2F61d;2LXA%aX`TmlRn48Ye0jAsBCU%|F#0WW}gf_A1{?yz$(w>EHi^w0RpH*%M5 z1Kt~O8IOTPn(>+2z$Pjvvp6v?$G>A_RWyFsoOac9K*}mtx!VBG@e2wq3AR0pf`P>} zD-gt-L9%l%5{qCt>Rzve;waYYTZvfbwSMG(skbhB{Z=HTMv0#?-j`_BBkpt!CQ z-{a@d<0qzte#RbcqN*&@d;Z8&1|zT<7KvgwMVl@s(Vjg9p!e>6dT_O{CLJ62A+~9t z#M-o{$x(N<9|Xd%_kP;2h=ChhhktS8Y`y%Y@;(6~LHy2)?z_MS}a?i1_phLM)e!5VRwY(T;G(ipRt6?<#Mo$O)#11 zBzvUyi3GunLK1E%Nq>$z7IwOa>*aKvX{)uX#@(=_k#PK|8c|N{4}1sjZVGyi1UY{! zE{YjUpGsJGRrh3e)u*uB_IMO?e1`Ka28rwPJo2ke^}|H}3htuD>4JeB>}z)RT>oI$ z{+wC+W$2iPl|*9kgSW!C4YXvAEXU&7IbQzhVS<)LHSN5ZCo4D=cLS93=<8%FUw^a5 z_-xRc`h}Ci-4zRgYvpE`Rd{^_!3_yP8HFAuf?+fj@?%QVbU1N##h&d$_?$;csupA8 zMtAnTM+f6(vu5jt?%TiOx>FbV=V#mlx1osx#faMs*F5!0rzOClHOjdnMLWQM?$If{Kd_If1IQq{0=5 z;>9j16-7n0%l=Xj4?up!14RAMG#Aipdb#=E`|{uET?I##XB(YNXxT(51L^CB;Vb<# zgT~c^kt;(50S3Yr`VY<2{N-yb)Zh?*PAA0QdZU9BCey^=wRyyJ_~=_};TE>)jqqTT z_T0eyBFzk#)w*hl4J}6xWI`gH`2{U|g>%?ScL~HxG_NMQG6dp`*2r zJ=a(5E_*b^0|P^%#V|jR=qPym*{ig6Wwz0&0*(^J|FYh-TmeGPyhxa!lP>x8IAEk$ z^ch;8W$M_%-|3y;0NHa^uH${@$t5pv;Esb_JM-vmh3!e=N0POnceNt1l%#LqTH;-E z*hCpjOPd$=Z(k<5?Zhu-gOwsX^n+qBGQe0Z*2qC=_OQkRJ%vk z-PDx5Y%Ddz^MUO98YDg_ZL!%-t@_PcT@OQxoli*NP$o2N9U{$tu#1cY^432qt|fSM z@Oq&xkZ#i8CM{VRI}!qSDM@&3s*}CabL$$sd8~jp-|_`pQ&GAyr21zjjF(@Q^%gnY zvkN|G^5@5W?fEj{p=#uzU1J0$`$2-K&T0&=u3m|wLLk2BRI&@UAywUd^XPjpeDZr6 zZ#5O9#njaGME#(8$93*dFG+?V*`v!1Dm!OGD{~`Az8hGjU+CdEhAQVK`lTi!S^$eL z6F?gk&b{a*=}@o4W5|iF{sJJWB>5{k33$=JBOSWPBjHm2A{|mXlLts(L*#*ign@k0 zRo)>UE)EXJA`0kCfY1<~ZT_cE_q&BqIZf1Yrc}|2q$TRnO_zo5LP2-kWtiD-y$E@m z*Tim_>+0f9UtZuNih;a#U;VxNehv7^_f+fPT**~K7YdvWWW4@jF@l{heTNimx)Ys_ zB5!J7-pViu7Z=Rlm2G56T1ZRyN^*x{3%R6k;RY8{N@8idiuD9iM_8HGmfyBwD@#^e zVP`Z|COgAJb z<)d5SGg)}${`&f>L=BSw!NPBEI|Q#`d2Hdx@}!DcdvxZ$u-_Rji{S3s!f#=kQYL&C zE2kvzE?VO;;u99?VVHVY({x>rZ0+wqXugGGL{7XGQ#R>(;sU>Bk$a1mIMxNjGRWYd zW^cpg#Exl_k$)eRLQ9k^_yOB}QnEDGvQ~nn{nz|2L(R)!Ka>R|J;y@hjZ$0r@;O<6 zu11x9eK?=*^+#bjwfy4Jv9bM8hY7M8>sqkhW+2xs6Sj@L67UvB$m3Tc<`P)<$jlED z%K8i}x;tdY*)AJn&VXlRWe+{1F5bzo&7F#fMXqu*J`Tk&N zQZL$J-CFO56uj2S$6Kj;jj#;OtfN__#ixOcQ_v=tWQR1X(n z4MhkCQ6`)_ZPdb@Pf1dIP#Y&lf1vbfIp8l)pjZfSY*WWC;d>S;4`X1jKM`#R+h~YK z9u^tV#-uj4@ixH3Z>a43D1BX}tL{$M5Gya@6xRu*ZKb!_D*^e`4q@lH;5RW}AA>4Gc$y4vA9c;y2ccAmqdFN=?=XEU>#h=mJfc#MRr(;3t{PRjO zd;FFucCYK7XRQ;8mRC}o-Q@Bm?#B1jBNFMz zJ*#G%t4MNvMjQxBKEkte;kdb_&#Z!8czI8&PxDvbjG6Q1w4Q%8XneCk%9FuWyM@kx zZvQDd_^|mlTh=SYg?%(r0)iIb%G<;T2UU+gQ+BTv46>l~YJshS%^ zJ3m6xy}!gu7L}*Lk=$nQ^vFy3d3l>fC8*7Ux5*}XmWSXAqM@ADb;EW;usnFhn4|AKu0J*ozBS(?eYL{sK6#<ZAq{CRi1ZK-WRC zu-59Tz%mPzWycj9;hg@i4#N(KTZzSxfPHjAO86!3E!D569?V95@IbTX@Gns z)w>D~k=3{ZJnobs$Z!1@`bhs4ckmQlCv?G9*-R8Mb@IL9O*()0+8@RzETf?LOl-on zaYn}SM?x-p#JIGT*r*5UnL`G4wFm|l*MkU$QENZefF6&mqSJ*02rGW=%JAfE;lWW{ zpEP3+l^ZC5b=s(N)1jUfG34maS z{P!z;U~n;j5u)mjRG4FCpU0DQc!#B54(7mAIFOML%a>Z@(0RI02ZzetF2Dej#K5Bcwx@Rzxd z3y1x!^>5KL*ZOgofr7F=yD%phb1dpmXov{RO*-?LC zrkjH+)u8u+C?q-3(VI-dHyUGGb2bv_Hgi#7VxMZhPWsH)KF5W$W+yK*@}cBGWts?Y zLjMuFSJ;f+>^mW>Py%WF(Q6?@2e0X|^KT9I^_zx}O4Lb$hFKl@KN^iM8$A;9lr_5X zJb;x`h*3@@_*PECTm-}Oss^nC^0DQcg+JrrVn4Jfy-a{(uFb3B)IhEGm-#t;T9UFh zmOS%{_G`AKE5WUauEM)yna@5;IO-A`nu$ML2=^6zFFLYiF!Lcpz$8OwhiD_PJ%mu4 zG48fA9Qy_%eVZlRQkkK+7Z1KBt=aP-!6}8CZ?}ZeYvc(#<KduU0(<#ZXaZ=wh)9_CVUl@k+-B;uzsCs9V^t0ku zc=!+DV0oGvA6!$aP-sxi;m|%=cK;pBlYh#S11bs)5ACxsdlpvfg?NXbYc|6f9Lase zBV-9yRJFt=JO=x>VoQflO|;TS2GZNwjlk*hrTz%Zk15N-)%L-&#`N*UAq`S!QOue& zq!61%(b&;)MdMiwrfS(oRbW*oTjS{K4bX2NKk{Zvmecol6QDL8ITE2H!dh;3wy&+# zp5lBaDDoC_uWCdH1vdtdZ7QBzv+6+)*PXX|cJjLOjNfP(95l-F8()~vlesd}yKn_F zN4zX>r zDE2GorRZS&n)Q#@M}vBXUui#xf&aMSdX4L6@4|)&lL23X+|FDGX78m7 zLEr{3BS8NlJjt000npJ`3OA6T(c_BCkQ8Mn1rbAHL1gsnlIL>CU&_UPF|imON%c%V zb`lT~}DX7-EAGctK`vCuk+Hot30A8wrzQHCzS9d76AC zVb7pQjXUAp+q-#N-4y@pFnmf<+5xw*)5M{RazBSf2S2+cgvpliv8rYVYWNVqRXlmkw zXMPehso98`gBte%F*qNcZCm?JuNBXIlxI__!dB{=$L0B88-zX5&-^o*_$|p}-!!B^ z)L?k4udCFKUlZWdW_Suy@rl9?tKoWbnDel4nTHmU>GNq~_4mVdorcomRcpWJna!lz zG>%%m%fL#mUo%^N@cqsAc_!XFC_ZJDPeGzVZ2`M6Ytk zygI|b%K|G{C%_n4n*-C908?aO69i8IhAV^$$MauI$B@{)^4&nnQG673l z5Hw2(0EsR)|IZ5ZyC5~Er8$c+lX-KI=;K?Z3|r;9DX5z5jZ(a*jby1rUJ+%_s)U6m z$;~K{{f1d60#oI@iq!Hu#*ww`vI(cio;)w}{ zo`EvWebRY}`FVjpF2neVBD^-Ow65o*vmpB8)C5YO97#%qwG6(O*HYpJ>j%Fm0%I&r zW1dm)gZDCsZukXYFRKaW-f_91=tKQ+9t&;1w1ljx}Bn`W@a99)6N%RU7> zMGf&ibX^9$w<|*8y}d;VwnzShuA0%d1yTOV8#N6wVKR~XV$^f&;s#0z*q`RP9?KDz zP9fH3TuW&y>t3K7CA@~=9_@4=!;It@o7B)a$$BO_wJ8eeAwVl$i+EI-vNRn$*Rt#x zv#0ven^TEFee1fCJt3%i$<3%{r?@bIsrYo3?}ctP8dcPkhhOE-`3E5tIIDMGe1G>r zCn*z6j%lozXtyjy_RIi721NcUX{vk*ywjHAX0rZ#+k@9GsvQoFyYH_UK}v|ZJs$}9 zx1acPQuK<61auM_#iDsQJZsR;mX-@tUm_3ufoCk0{Yf1aQxTVInu~mB{Th3lkD$fy zbJ9gRt4!r26=FVnu3~RNz)wu>w;#_4 zuG3AZk{STC1QrPE>FC%BSxn zzD^fksv8Hts)13vbS3bIAorUJ!xIX_DLXf8GAXU`noQnm)Ajp;x(}y^;DzOUG6xim za!^E3@Qz{f8oeDASsR4Ma6F{GxWhFJt}(#Ut2=#YaHO%0j6UIe^8VKRp6@(!teyg8 zMAYFabH*nZl1lkvUd4n%aw+{s^mE%Md42IKc45-)Ba5}Dm=i49A@ytXnNK=fqwQD5 zGai3z+;;-T$pjQ+(x?iT7o5tu^d3dsZs1CB5wckfw@J;WPp@RI>t}j;l4I6Z4a@Y- z%89(vF?xBUqLpq7Mh>Rfvm7m$Y`Z}znXYOEd5YWQCr?)Ydo^R`_M2t0FFnCO2U%vT z6l%OOMX19?T(kKoza-D6^qJTqetqrYS#L>@x>nYD{8EjL3FjsqkDHvb#oO&JbsfBK z7E<^>8iETk!L6GduRb-5jkS_B^gCWq z*J|10Bda9ztl1c76bm{pP66eoeJK0RtJD>L0Mw;^Pfbh+!iRVWcw9`NCF7@Bj7R!sMr` z{k;G9hL%Ce3=WP68M)0?<@^1q9G~iJsg@M-+Pcs@5y8r+bw-k*&;fXI_)TjJQ?iGn z*9tq@c26;jOz5N#V$gIlstKBq75gRj@wC6U>B7cYp9FRVlLD7a`;4#LQD*M0neUb{*?ipR${YeV z(=CIyuqFmIgsL5C#BL`GtA2kTO8)n0iA8Uh6C5I(oa)HBH=X>D6DHTZSM+bv607|?w8Wrw zMVVRkJ1P!ZW!V{EqU`s|cU@PLz6_>l&xnIPFgmp6?39Y55b@qfw}yxyU3ZM~M5m=b zsloQr$JTV%eT7-@waRPK-BxFiZ0BbnqPb`uqJ3LM0sRVV=?jaW_Ma=?O~=(drdDHG zP)~pVknv4&UIsBeRvatx+sza6-Z&DJkolYxrgm;lj~gX!a?ymD*XSwAja9hy^i9VS zKO#DzEt}E~ARh;=z6ti41?}*7p0wN^XGs^gDiP6b7Q4h%{tr$K-B?2 zzAmA}HegpO3$TMD_z@5_p1ru7>}Ce0a&`n#i;&vKMcNY*HvZZP86a!)hvegB=Jae` zOR9QlHQ*uvixCF=!#}qg+QD%jHKRTb*gu%+e(v2xf0bA1F96;1k+R6Rs0x6@GEj*x z`Yw@h(av_9O>(;!{E3UN23)~?RdJQGhKci}Cp)Cq7;0STpzlGi4l;H2*Ba$71bx6_ z7f6v_u6UtrS-cl3-aliB|1XOAFIcrm3e+_74$Nqm-G^`3sG?4f^k^o-&yyv#&!G8R+-JH7qkJz=MycIgYZ^!5 zc0H@M>N~xXC%3(VIOiWd`qRAHJF_SOL%qa}F)mKhE}v((T8xb1f4`pm%e-0;w`m#y z^5=zE7!h)Xx>+OG-n*|wag0-wqWIu&9%*}!9~xI}5Qvu42Q{KJe_ePd4@|gSy=5Tz zLPbVafyi!eL~O)n*RR@Iz4pe~1F0{Y&FK<8ffjcp`tuUx+YQG1bsky}L6rf3Yy6x2 zK9E+0Gq?C7>+%6d-~kdh9Dr*iJ$t}`W}oe=p775Ijep(jb3SDd9-ZP}H~TXj9C;{iE4k8Q4ZCEqA6v!ueSuYrKFSuQKu#D2j8@A!j{K~P`UT%*^G_?cNuku z9-lCRo|b1_p6G}G%xbMg$1Q{DptowaM32&pjv7~r|MoMB z$%H+#oi}xwoU#&ybvtLpR3$%}az;Y%Q)W|#=0|q#6{+}?DDzX|$xn`teL7;MLf1=f zBZB=omzGW*VwdT;)U&0yDBp3u5v}yh zH~+tAh|eG-++-0Tq~3&(y~O?*Ex4AIQ`5Z}<1yOBG2K3J~~T>hFP^@Lx6e zc*RbD+NLuTpHRDd+x6gGHxI;%))#{c`-r*t)J`R@5%KTU-eH`Vsif0wOnOHC9uy?oYgbWZuNx^rD9UX|^RQJ;qGrEB!Z~EjMC=4D=#G zOI7zn^gcuDlMF_Tkgh%+s;h4RBsM^<`C^W$J5bRBd@>c#hV=;IpU;k@ zx&UpTr*p0l-!%TbG+J;k0FN99{KGi+%3R0v+GGBT?E>@y4-?*uKKP?o_Wxrf|BL?S zLOLi+n-|)o3XpBF{Y84n`+y`8e=q%&isku5T)?|8P-!ew=iE6wz$$?2UwP#J8Djnm zZ=61y=<5-k^i9R>*=Z0#J>t@I2Am=WQVWc7H9DLM3r(gdU-N0$m-Y{JL-IdU+>__t zJ&rHT2|#gt*1sG-574CA995UtHJApba}5Cj-brEOCi`J-)%Fo`OGN(>WAuN8BcR0RpjB0w*JRg8 z>UdL&%P59%Q!97bEb;mebs<&33Q%bDis1T5DDM|N_BFkRM(_M zm=|EM{~QeXzrJY@OQweaze~e`>QtpfZLp%pG_C;sD_&$I$4|3tqR!}NQ=!Hvsi~uhA%GW~U z44}#bfCM1KcI@XxAArB=Y!meV&XxQwglWE^>sTjijn|a6GanmnGXN5&;NLJEGoB#{ z^6CI}_{~#&nBTcG7^O$@Sj)N|r09QhFNIRNrX>zF{5#gJ*FAq8BjsTCEW2ZO_3qGw z^(F}`e>(LpKmKqMsph)qVA!U4{Ky6Kj^zb zY4@mTf=>+t>^z1q5(QhN`*knm+s{JdQ>yq;?X}ZvN@U}VV3+%a6n7c)S)b9Zye^__ zF_xgJu=C=dlA4H7t>ANAAen0=@OO#TVtY@F|8(E{>26$3-gnNNyz*@LW7_}$wZ|?9 z36=-KIxw8AtZ~jsi-GX3<@ezSL|qz4;oxC%gEJt&r0bCA0~esKN4Q|HNBB#K@++e0 zIy8;kDzEIzYM|IwJ$a!z?Kc|pr{^77rOEf&AS1|2I!Wo~|!uF{V$a`xznUayL(dw;|hEBNF-CPV% zZ~YUmo^MHhwe1o%RM`gx%GK0t9(7sxMrlLQ&%PyBZ9m@@cv@LGQCC*Qcrea`2qPT@ z?=QAoe~-P_Ihd}0C);@U4!2 znQ?b1cv3rdW4N;7xO+=M8K$jU%=h6( zq?%^D|BPjZBgA+#}xBIAbFNG8iU6j-Y4ym=6pnA>G*EHCl7`B zyXtTgo>*l-)?P3Z-*^Ux+Ss83$qyQQvcL#SFO$V43-7l#wxwzb=CQ zT&DPCLdxKOxZE}HwYdJ8NOcXKI;#G(r{nKT$OD1RsNvdi$71!mH{pe^ZpNO%zI&?z zQz^edO6^4I*|4E&ev7V1dxU&^;8FW_EaObTvnd1(tZy1a#!qGAis%q1+9mR0r+kY^ z?NSo=itO1ZJrJ{)2dg?H_d34sEf-cv3Dpo(e6Zg6f>QK#yKEUTIh!I#Re2=Rr^_jF zuWCG-4$|z__$Ue90!Zz|xv+e;bWtXIC#Q z`^zz+d73&D3KBuh;sr}|HTNg?6e^!*d5oqD!~}GGr{`p`c$ow+mw@JU6cFC(1ygyt zeh`TE?U#tZ%kNfco7RV6obE=!s1VtdsfMQoH6e09p%*CdItzfUp?sHimJniKu(h+X znS;R}k&ahDDCY-5(sox?1!s))*}g`XwgOHCuoDWvDt7S9R-p3lA?2CbVU7p;UyTg^ zSX))N0#ycEL#Z&8WTh|k9u=1iEPp259}tZf(3A6`06Z??`DY<1xhqls8EZW+2tYHl z^Kt-zKVTU+Ij(H}pB3g`#P+mV=#?zjcNwA9C>)VQk`%Bq+~ zL=4At8`anN2|;B4pE7Nab>RGQhq{6ie0m7USQ#l2rHn-X;-vqA+_;))JCE(_whemW zu*r?1kt&I70-qwX`5_aAcTfh&tzeM4zbhQ}L6O|NTY!x4SUc|Bx+Ky75ZfnJ-#^Zi zSy^9Sa)A}~XxrBx3sDZffA{Ex#~K)=X+Nf0GS~Mz!F|^op4YLX5tuXnPkFv`hI<69 z%cuGO3D0-N2+Ip`b?hJjUl8f7B_w^CU z;WA4SG`1;%iZ~08F&f9Dh&Rl`+NqAIUn3E(ztt`Px9Y9KJ@$CaLON1i<=sf+OW=QK z@)o&8jn-$OyGmMUPtk@)ih&pFW8Jcu-3ec;{6Oog2&LD}VkNXs_#{_V3`ed<>Q=DF zh$0@j1TE$8DpDaAQWzR^!fZpkSDg7CV;!D8vdt^Z4&uU>wa6t4G~GX*oYebZ3#^dXYDCf@aJ9osVBQP9uQy3&hTK7Gq1FTv{49AjXD+#MmMSnh5k_*u_Ai(1;uNuGGaviCn!Xm5Ym#zIsuR#Xjq=iBcEe z0{`!Q%Z0xM;GmFegW{^VfTnC7b`Zcl2&K>g8Ug@@(zDI~w=U*ixa*gxA}g}K{@Qc< z>^N}&#tJBOY)K+)sBgFwouZ4CjV(hgmxS!1w-Ci7vmJPqT%zGLL*FnYAFwFIZ8A&Q z%F!{d^xJDqlYemLDIGoZa2HLqKz*S3*c|P(H_8nw&kqv+ZYr*n2F*9_1}tXc`vuIC z`lDE?$hccqpCEWs7?3d>$h3#RkT<=+P&_9u`bGoE&BWVx8ybeI^OpA!?x{ZAP@$em z+NJXoOjeg=8#Tqnq=o|_&N{{57+Bc48c><%a#WEZrH21uhhx*M37 zU-mMeyI?lMOT~b90T!PQfMRH#DF&WkkPgz<`vbR!E9T4fVAohaFO2-5pB%CtRlcGv zKx+&Gi2iIjN-29TkTgUfl|KjsZIC%1B>|6)rK%|+A+2)3J8(8wh6?~M^MQCcIiSOA zIj(O0?>Ob}JZ43Wpi-`Ew{TgH!E#JTY1%kC&D+B=4;L8M7ihgtas#^Pl^3W4o}!Pa z&oA%XB1#(Xe?z~qruum&d<0hpJ)FO3XM7+O;t@8137oocFP(eti?tCdM2#VT!T z{9p<{`I$6Ppycfo3`H)d{ z&lX1x5ScJyh3)vO3!F6*hvk#tPzPiaOk^dH2*HIZR)H{|X`au_8V{M)us<^3f8Qa} zt!)9*#?Kq7Ui81@FlzbH%;j}|PEM2a$uy-~btNRUVtByy7(!h|x;V}NhXv#BXwY9AI zwf3i}bW}V?p*`rF{dw9<@W(P_IR|FIX5-&a&1jjSe33-0H2R^ANvkX~Ic>~Ay%vU4uHK*>k6he0 zzlGd;L|_d&@lKKTjr|&X*yL-wkM$@%VBYWWi`M|XA?^f8MX%HFgzU(~JD3O-MmNk5 zz|3G%GO=ThMyU;oa-?#SQ;54vDs~X@e0_@VPK!`V# zqr{9%;Cu*i&MocbYwO{!x$$_(uw%CNNlxuUFxtW?-Fmq>_GbnXiCS3lzSy$aS9cqD zj7J2bHqd5w8Q!2hsJ9QMWfTbw_$aI5@yR})G6+BWuAk+84Zm4WoiPTJP+gAJd;+(-T}{@`y9 z_+#=b;Ht#}^azU4Wp`U@Et{^45^lF|&gJ?lLEiXun?XI`E!uHtF<+S2{d{A8ZF2y; z%FBPaNXfM*Ht+o?$}IDJbBe$$XE#V9SdA$onHKPCVNRy}1aFTkR2=7{zGe7=VLc5HgM#H%33CDYGqJ*bd_>&tf1ul_Q zW3VAo*tti$yaC@PP+MyKGiXJoMqF*54m~APnt7ufR2?GdGFR1c^SfTkri}*1wNFfh znFEh4-|OL#NQIHeEtg1=h02LDQEf;~FHfR`66KByhrFc6Q8jSXS*u-cmS^NKSS#RT zF=Ztf*@f|Yn%3pz()?thLe^vxUR>Y299<>mrN3@=Mp>pH(^%IhQpwlf#l{s6;8(Wr zI)%3Vrusgp%~!0T^2i5MX~2Vs)0o?8aVV$Xw99{w341vdyKZVlpa(c^j)+Q#%nq8&?t7^p& zqe z&`$@9Qb9eAr_4}`tp&B%K&P1#*v-HZSnQbD0vJ47AmJwf8N+2{>tJW=03}|9lmUQU zkUkp-3-MW2@9z3pcK>xCHa_~U1fVY87(D~*cix~g6g#4Y03F8I}&yL79jFzrSj9Y%; zknEN_c=DvKmPKG|!fiGnYpfdOq1pOF!PGuv5x->yksFlr4)}erBuBb-w8fn%eDl2@ z63ul35$X0W&DnQ9Y;UKu z58VwE$xW>7%%8CKK%q>Ra|j=2LO$;0SL-pw%I(#OAx3MScUUXze?oq9^W_?Lz1G^@ zqF(RG4+Aj>TJD~idHlRCnTDaMe7av;dv#zm!c3S2k2b_szdWtLib0cY6P{J7 zW)156ffY})>=n<0+x=Z0*OI!wp^N5wn#7)%d18kF7ZQx^hygOrm+H#B)e`+h`Kqre zcqZ)+)hD{2nePV$T!)veH^Fr&aDBpg7J=+^ckKCNnXQ z&__KSGA^&RdVP+#nOII@l2Syfil6}g&Z&N|mHx+mPF6|D@ z%mJeb{Z}d_*9jT4u)0M!eLE4|p*Ko=G||KMV-_IVuWzaN?(=G?2? zz2;4q<2WHAJw^}g#D9ds#p;oWdqRq((`xN==K)sN-Ps~IHkty74hjBLGPx14Qe9SU zd=r#eddAZh6@%(`jz62w6Bn&4qJ;1|gbAYkw>9z#^yCa8t^4nGrAMRFWSg3bu~v-@ z1c{WGplKdGq0RbE^7iLcf?pJCztHr{iije_yWrMTt9RXo*PFsg=jnPlYiwOz-eEWW zKqP4xDRMHDB6NLe9&SK3747Y$7DhzYv<=@^pLx$YK$XZHl@*1IJ0;@8H;6{IA5)2L zvJ)Piu-y*^S%FJFD0qDfF3N;i%&Rl{W(;8=3aFsmp3o+kaE}aSh~@69Ec-z<+%f&_ zU0D;w!*3f@*F#DR9=;PdN-J>5YdnIw7%rf8WNKv#@Yz7?N59HJ4z~d>^XnamgZZ^} zmhrl4cIiCe>j1}54J_=_&lU%02*9_)z+wf^FJWBuACP5&+(qXH8ZMzE^wiKI(XS$p z%I%915-Kk0uOlvY!e8A9EfjMDm=pkla|HEhd-6}r2_XcJit1UyExM*{} zAhlWo+Mt)e-Qo3;&iZG1EnWeG#USmGlfrKvpBMM_V^CgV@Aj!q9eH><1{SCUddOsV zNN4Nj=Dg6vsd4vRt9!9pQV>Ij6e|;V3yH0i!nHmKs|@ZjX-wtEsyoazBiF0eG@i`$ zT?^3Dm9{A3(+%YOTH}U}{L0@dw_CO}^$GeT`K?NpPU?Er6cz_!aA3T1vlf~STH_3eOfOb9!(Xu!Y=pSa%_pniqX z33EsfP01)4EUryyl*Y46eCk1*u9WpTI-g_d45oqzkqS6bqr;WjKR zOq`GEGcvQ-fQYX%GL>Rz`91|V6-Pc)lHGGFL61NF!pv`DKq@cGxSN7VPXD2D)epu{ zygUy%vMP^5mMFe)|5>2I#H2kZ$p^J@389(6Tlv;%G`n{UyQyre8J~|%Mr;gfrwgWO ziR?}<8sB4C9p=j)NT03b`-T+jF0kBB1P z@7N}N*m}YBLI?J!$+~J&%=(c8yC>>tp6`dBoB1|W%}VWhN%9GVFVGiZ+fzj>990jq zluB*ru#V)2c1~2rLe1Z;;9yM!emWwT{_%P$x|hnWQUCe`o$w2bV^2|DVdLvRl6__) z&k%RI{~cn3bGC!uwSr_<&0ZP}xDdc#JO}<^of!>mO39+vhA?(YYI3m22}Xa&dBTHy zo?b~WT;V&w{U^Qy+`sT0;NsjgP14XrFKG>*8rCV}S%7R;N) zgV$D}x$a+@?QEYzEJa+Cl=MYJayqJ6$~A8A(eEw8)zY*X3$On`TEQeUUWYKi=Eq$0x|Fd zNswLL1pOz@@jFL1-bG{tI@uwlB>|>iPV-ywF4$MNMGV!XeUjVHy;lyuDo>4s95}Ad zX2QoWAXY-boP>M1=&|4H?_}DkV44cu?1j zU2d^5Z=c+C4zEA7|I{kLGf;*YZCI5(^<044gV$9mwji4-j5WI*y|Fk>9HzAgN129Z zChJQ%z7&e_7hOfCABcjjK`Q7I_@%Yh35zZ7)Xehc&BM#%v#=_wgs7gpktwT8Tp%yc zUy925(CSw>v3v6wCW6)Q&&gDs^=B#-O!#nb__8gWR>zx{Yveg8^0ehS^j@N{1)Au% z#z|d>C`dJ{PhJwb?aG4)mxlwFvf4Wg@f4oswJ_dAWp5HG3 zK6-h-uAYPHTyU`CMNu3c_nP=U7Lj}Rpn*Q5?96i;0{enkJpdL1*}Q#@2>t)%UHP4z zE}>~voQoBW4wUp0-Xka6_H(>Jp}hSnsOe?pPvLMxyJ!0CFnMKBU}744!p3`6CSvgz z2!edJS+ef0jVgk~lE#c8{7q&Uu&PDpZ9;$G-HbHfh``Ly!+f`9lJ1~*9X9~%E;ylx zw3CCPKYm9vuC>^!gdm!%^?gjNtZmLwO=Q1IzW*|LxTIMX+oea)_ucn zJ!k3hgnchdl;O1X$S!Z4P}Wma;>z4lD9)mG&0jV#f=U%`H7) zRVM`G1t=jf)YuK=0&=>B223$VfZcTi#u}r7z<(WU>U*oN0~fg(h((Pw;dC>li0(YK{hU-I zl$7}4S*5!H@~SJEmtDU5$^H6QbP^jsbp90wiIgL$VcpoJcWL_z zn-X+UiO(m@dF#GvV?JmFD=#Vq2G)xXGYKpnR422RbnH03ghQ*7Gg+fLt?Dd`^I9s$ zJ?xN`AKOrsxOTTip)gX@$J6STtOcU@i|^E#?BUO>z==s&`q6h(ymtHZk!`j&v@$+QMo67IS2tATLgf# zib!ixUA%RHb_eG3aRJ5*igpJ8fWRN3>?-*+Owj3GbpdCHJgu%FD@$D|$VjXOu zY_@v+k<0=XQHE{cMdL5Ij0XXUdqKa#~3URi%`EtrDy-GwMUEBCjn5AFdj>~;d zNciZj=EtRsW(}|;m!EFl3Kv@3`-N_*mIRq=d}U_GG}RmTUoa_r*?u>FTpkxcEP7}! zkKFr=!ovQ^!C>iXmc5Thqk?2i)}G7L42G~(ZyO)gENi_=se{G??rc`+pOrC6rUKo66M5n=$%Qe{%%Tcq~-I~<@byF8pCj1(` zQDM~>7YkCg3z)g!Vc3%$q^MCJxEP%bBI2uirir?KHDTUe&MVGw<0c zYI-2tTBwqavS1q^8AQ3pa8t*RstBRo>Op+4#O}F?^aFZ}{~a6n;`+jz!4i;PX&Z)yRuBbb1v|1C+Zj2s{Yj~y zX=g{`JUWpF|wO?nXe(``paOZijSxjb|u*m?xhtfW_ZC$PAOU*io|15V2g z2W;e`jvAcBAA`~Ni+OqruzEvm4~Tz+eWmzrm%Php1}h`4E32O_@f~zZ`e)*Qb9tY+k$JaS zZ?l*q28XDk9b88=o00kXkmz8r1~-AvowIsSv#b!>{i z^&>wx?GD~1XN?Nx^H=c*!v5r*;^vVLd)9jP|3B{D0xFAsZx@!3?(UTC?(XjH?rxOs zlJ1i3mXwr|5&;3}?ot{NIX7WE?tS+2zUS=yp7njMrEAUHb2I0eWUC^XeIY1Xbj+Q5-kblEbuGG4+w{c4go z$Hf*vv@9rkj@4Eevsj{Fd#U6OJpEY$~ngxQUGx2FF6N&YQ0$pq`25 zKvYf5ieM&vRKnE?^!VI)A$AlI-3wNkDQ%c}D++o!G0=cO!te4Ot#m+AKbWrNh~8~o zd9^7pRo%A~IYNO`PW(Kgq3#~SDgLmqA#gIdL-D&i=r4I|v&Xt-QuQw&mjVDezNtk(F^=Ws{vj%KkVF*p@jh2A$MLj1WE!7IP_R|WE&b8`R?TR zdmrs=9!HV^HBCl9a)^VGjfv%|$s_B< zRp(=}#WUd!&qi2zT9bOdSeI08jKbQI!&bx94=Ox&N9iV@^SMS*SwT#_nS{#80$wxJ z+hdWUZgSk_<&i6=enT6)n&%q55l=Z3EoTFvg>c@?yXDZafQsJS(8H0fnlw1#R{@)zB@+YJ*?VEnJjJo$;8q%#tKTFvb z}>DG`t&jBnqz_la|r>Bg4?e{;F$!)ZXyyj zo&giTtZc^f!uPh`Y$KUW#5#UjSQP|pS9v+ba7!{E`K~{_WF}imA{|jJHBJa|v4JUn zcsk11>*EMFIrZzbq+OY_9^oF6QUc#k6e<_X0^h($Z<|@qgit_C-B%E6W(o8}pSV9E zEWmq0Zs2ZL3<)S37q1%no+F4Trhs8A7L3sOlz!adg>c*_1_9+!eKK2itRX9!m`~1BIXYkV@`Oc?yhhiZu0t0<&>?fu4^opL z0>1}iKqH|cfJE~+xY)TG7y~i}zm1mt-1noB_&8N&4*V04!E)&R!7>5)j-UrX27cQ2 z`>pn8C!yd^<_v|5px|PsdVk6vsrz4v(w`swC?wvGiUEex85o%v0LIshO!p~+hfR7` zW@gR5bQ1nwoaXNkd00&lO*vyTWnx0+@cTi3wh)J;N!>PDDDxbwMy&H_ToWjN1+WxD zS!-0R`6mK6ETC1a=d$QJtKp4&saPX>24!ze3h^5o+Zv<4-PlJ%zcOnF%GDTk*o3EW zy{%F85TU})@>Jf=qhK-52a@neVZ#bOytr?$4&EPz= z(zL3JYMgwZ@wUA{iVm$N%bW|$uF@;}a&do{q9`SgM2PO_iyrApsLZ9V?eq+aEhdvi z5m#VXe2=ni{G_$=@>hpeR1g%f-SWw=O2;FGZxb zm!~s@9@YC*VfPU!y*uweOh&2hec`V7?(=(FH~qlE9ZFY%19c#D`uH8Jh-D|E8Oyi? z3E9^bl0iLrMD*Vv56p?23PWL32-SO6II}4i23KO1XPnBceVewSjpJWsL}K37jl=B6 zl7@uW<*wLAQ$uZx*qAHq&GJ34YX0dhZ(_ql_1^(TO$S1-L^{7?D} z7##`5@(U0EC^g&*y_f>jU;vNb&kUL~AQ1`}Z@HgyF>wM6!Wfy@10)=b0Gcp&hnf)l z<1_M?FU#8jdip&G=ziOIr-3H#2+$9<0Q?jsK#tSI29WHerKkD1C?GV#-#Gn`=l`Kf zafvjysW;{e^h159!PplUTIpnudTs(A(Y}OAKm8Z{myc z&ko3u$QS!JJ-Yt?h&}gVPOjn=we;7{W4jAel`>-H!!3&0ZmovufSC^;Rtc|9^ozK3 z^p(hR)6XG@D7QLZIc{V;vt+1=@g$oIL<}P|;|^*DZL3RGI9MuX z?kl%3`mFL{m&1UwYD11uYqeGBaX>}Jg&aGr;|5FU%b?peSF}Ns1v#1^sIEOF4&kTh zl{R868fX5v86!+srv-~vL$TInXR6vguXX|K`cBc_9HJpT*)H<9MU0k7O7b^|5$N$L zsrm`p#G{&I$-2-_!Q$EQxGY%rO0o=aqZwyk!b~~yK8JiZ3*;u&!!^PjnR+(3LSn#F ztAV|0JI$un09%4I``-_9kMAAgT|dLzokaH2M!8zsX!&DqAr+`Hx54c}>K zqgS^~Iq)sisHnTib>q49?Z=Txcv#W6*7*i(&B0Dg)5%F$#9sdS(tfKsV=ZQSiQsu; zh=*th&s#+#rE5XQ%Z?^*U=-fVTS72g#m>S+8*77fb4C#G*+!Z1a87;q(h42Wy&g80 zk6?0}5N2e7Gz5)9L->?MCU(t5xOTaRtM!;is;2j=_{SjkzX?=h1O9yhfDsS?{(LI$0{|}+noKsBR&k|+4&75avrS}?fF9QKlTK0? z*m^Nzoy*sb1EK{W7-TA8?q06DNzA_J1oK+~mr>uqn`ZT7Xw7N^Z)SwQxyk!&zIZ(V z3+rN z^lpW0?o5gZ>Xm#3FOMy2jxf9>HH-$Ma#bgb=vr0rM>)Dyuc3-jsl8-8jry#Ug}KM= zx+T$}E@Q^kaxoPOXp#kH!R1QiXJeugL|1q}C)^-BVL#*A=3jYjtBOT1Y^NS|Kr0eG zwG+>`RYSeRIYksXANYpI?!)DJAIA=8D0g?uo{Fc9Z|bu%YoP1Piy_<2nFK*_r zEXKs;O)5DcV={u6^Or6fs(Dw%5+0XTaLtIXUNl-BFn?$uHDt#Mfw|nip`D2F0gt7` zo$}TW3P`PHhv3`Myw{9gZt` z@wmg`q?(ZIAKp*H`l7vdFW?N3jtVcB6iq&+MrdwTCh7!|w-CxYtv#~2+@JljR&%rz z8?8(UP0~e**`tW?)MU~hVfQV=$U{Gr=wmO4v4t6c{Wv<`iSgZKo$l&3Kla@*oV(iY zk8J`2CntbXwK0JOVD=c$l=ibvB!A&&WB|D{PXI&);K#^-0JF8cf&NMKd-R6>H|);< zLC?Ro0MMKKmY4!Gjr@|^69%m8j{Ok;^z?q#7myMDT;OkddOyD*@VHJ1;UDrEkFAsd z-GRrl!(D|H@aMxevv7*6J zHo-LhYR$}d4C8SmExjvs43<{0ksQ`5E1!?m?7Usr-H}W)pXe~Ylf%~)1x$6@3U?Z? zB%yuR$cS*Ynf{V11xs}c?KqpI|KVi}OP{++2tm&1h7Hs^i5CnhOx8p@As-kub6b%8 z5f3=fGgCPob2h)`&rG5-xKsvt5moX5i3XpOd%UZeT~|Zz@y3CxejQh+TGv*ad{A2S zxv{sHFA?p-ZBEi2gdT?5qjB@yVA5X;l)?Xqy1)9cMD}v4PUD9B8E6zDii!v`Pi)@7 z|D_e>pC0hn`|!S^m{8zJC*jlw3ev5qciGytj@&m+x2aLBA!?Y`rB zDPLRk6-tCI_w(^RHPrhLTM9l@BR8ymK?cBca5z!K_llm7qp`u+}A)~>zs99!Og9zY2> zvjUP`vE>JEu_4p(xzM7i)9hE!E6ZmrGze+1g%2L52Ts16wouE#;Lx!&_UHrBDCcI7 zWPdRZIxa=NO`yjGo;xh#GL2LWR6{73f7qiG>5uAy9P(JahNO?#(SYD*$O5%aP{nNzpFC2kz9T@_@ zeRkeEa_}ambv2Mp)aBw29QvnDq=m&5MDKxk3iECaKZs{W=sH%r3$M-NR6*Vli+^pS z>}gg3tw+dd{1A*Y>z=`O-PrS7zneH4poffdDZ8%4>-Y0hWp$sl(I zVZLR;BrVv1b#CNM?sMHHOUg4{SgAY~&>Bop4REqw55^j25NM%mr$N?qwUgbJ^@HQn z0wH>Z)NZPdC^-bu^O};9CJB9+L%CIa!j&vDjRvf6V4q{WY%V(unhcnQqJ}?l>uNhg zB@|P1s*(B3`#ne64Eq;_3%Q4RKK1{|JRhLt`T;K-d4A#ra0&n`5&(Z6-QysrDKfOs z4xT3dE+awj^BZFPU(U!e(=!6nHlQFdRR7gMK0uH49b_=D0>r!S)Vx^k6ST|#y}zHE z|L+(0ziFZ_MG}ii!M;A~<_8ZTko`jMp9?m292abGd`@US_@t+QSLlgy@ca$_(vv0u zL+yEcG{!~z)Q`ix;O`*t4bZ?9c)Ya1mDX6;BbP?9XJ}z18!%}#?KQy;+CS%14}O58 z$os1`kk+8?#^ShN=}0k+u|mU)V|wzY+&>2U-{&6w={NqQ3%|Oofk7U-tiw0?!`SwA zCXr_bKUzIIspbh0Rma+|S+cuUZLzoNXCL0KiIjuC_+sV?7w`d3AsU#T=bV_FRJu<; zB%UVkU==lxd_?m{d-RIL*vcI`~7JQAWphJ#7Kmv>DX#nF9{h}Il$YB++4JO51253mL0>t z-v0l6T1|M*paA|f7(Z$CkGObWgb-uCzr&gCJ5d4Z-4D5$yS7w-|Mvan|HvBtE^*Vb z8RKNW_-0*4lAE50-hyfWZ4n9W03pwD_$Q6GD-=aM>SeBJBbCpw17UmU@lUYx+0ph? z`;u*N%W6H22NB2D^`@S3E5a+{_hq3Lc(-SlsG(`7I98d*+rO=CaY?mwVoVrA5JsR~ z@;?C&+;rx$aag5+!9FCI93a3oqM&)duPgg5{*urjoq6wRpYFaER_ort=twy;zg~@} z>7m;@@nTaowQObemoQX~az*qrs)vKmb=E2dM*Ge-#HR4acyzn> zH`MghTVk+-AVhuo$d*t0)GPGNpBEw4zD&hmfN^>b)QQqI7U%_`^vBjpY!DY6cheb8 z2H`X&{tk#~O^N)sn3p zUd~0rHcfLLT$IAwf-|bz{CE@>$C<@5|72Z+B&;D#7?aAoGvW2Pfz2M%Oz)Bu=#ybD zoW$FDA z@Ch)4xV6d@Bw^MYaEc0I&h4b-4FWEUp5=N`d;_f$0*FXj8wm1y484PnXhe`pFQi@g zjP?ojdI%J(>}tw_BjnyriRfh#e9OV>?TpT?@rEKzJzKY+OTnc%n<=Tq-N61Af&Wj) z_(cTvr`P<)9dwMPmuSuSwpvmuap2|tc);#6DQ^sByh^Ow(R*UCyK{1%M6DT{!>f+E zRoY+Oq)DbW54dZ?!04@SqEM(pvr6a)8!cC4Bw?6h6T|X&?ATaMDPN9rcM0)V;>w>X zev9FHlagv-)!$WAY@SaxpLs=ANgvdFZYIOY8?C`Xq$IreP6uT0K;F~KkPyoEos;R< ztEc*U+Xb(Ss){dcSTbH{hEL_Pr=GY+oXU(7KrezGMy8ATIl^|LFdors&{i%x9ILKd zCfmiy+ayJqd#2U0qIiNGKWm0Wl%IyEX$tcUBsLJF*vK2nB@mb%%P^kVCC!OInU=<^ zl^1Z};ghi^4u+AO_ZuH(ObCR9fK0}b>pZj~aHbz$=3qt$B18p(*j8a&bdZ=KN0*n` zY?m2xDgQ8dEzl%XP&(25R9KFhHGTE#sz?*Dk~Nr}nTn5Sy)>UKxuyr{cz&^A@;Kh= zfn-E0_Klb%?2?(OcdeGd2d?!~u2WE>oujwPPZVB-Qx3d$AD-L|0mZ0$UnLP*brP4_ zP`7CSKOXdCOCD<-J24Y8r#Yi0z2*tt(Fb@rLF)mi)u&3#1}#cYg_#Eu4PAWKx*ZV0o{Y6TG4?FfZj)vM2izOSb6>RRF9m0T!F zcah!J7bE=$E5H%N5Gz7>z{gx#M^8+>@9{qW5$^%5;TCuOI=_4ke(WK*NB5uhLVzsG zqh|ms!H+{8zVxp>4}Kg=@Sxz%^w{qI(*)rzjq}SQ{ijROohibjj9U%!&wv6t4JcAi z+`V``1{93hu`E)r?KhHy>LbHeTz?VgyDMA!4gNKvJo=YGA;YNxF8prFmHIAIL(A|( zB^ep*#|IBDR6iWq893?L@8}dXGQ-bb!;d2$e#E~pPXMTP-%~MU?jK(vc#w5xdTi|n z6!a`?3>-cFDD(Z&SOB;y+zY?m70(~WY9AsOD?kN~^``>!|DP`Q@7@iooa z!<24GammiVXyq2cc|*1QodWnu4Ijeqv-i$&V&5`Jd=fIURFoQz z-nLhe84I&`-fw?iH;?2z_gqIxbt0())h(y`G?(PK3MbACW8)MI^eCoz{mJ?QXFcXE zaLXz8;c~-*f$-ko%XVsFf*RG~V-86QKUCT#L461jezo*|RsTpl z{~9E~=xu(~hJj!}4e0f9bY5xEYtXCFtDr#w?mIIRIx`DXdH{E#2M2pf1qT9*1&R{A zF@Y6a9`(|yd(_wRqc{fjb4*%#5;Wq+%CfbcnH{a`BY4~wm0g|g_uc)ZUopvN!ldZ! z!v34j^pGb)9AAN}m>8ITk4ZnKedC`=((4(He!@zj{*B2E*+f&g}g*T$9`*7nmTSS&wA^JUk; z(wso)auUJ7h%qX=-$24)ZXg9Tvfax$m<1Bxx%>!B;c)@arxudxa{7bb{+7_dr6lMa z^>aR3fhLrR;cdZ-x_)Q@Gzi0sH^u&xHstuQ&^;SlSfrRMr-*h4^@-oM1fMd_z0Xw8 zC2z1A*B?BTo_d;ZJ;gY78LU`T%?sf51l+ zcXd753TjNLH8yY-W@PgEq>m=?zyJR4`s9B%f&AA!H@|ek{-JGwfk5m*2pS+!33yv% zV`Kxg^W00o{M!6Cp6Txh^s9DxgqJ(V*8HzQGlH5K2Ipzk5lcY1u~oXZ)ah}bz3x5= zT8yM#>Ec=P-;}Em3$fnUlIW70d=tGNQtsoQ7QD{`lBx(a&XQF=`&ntgl>1{jFwpF? z39e#b(W-o$wM!>;*T!?W7})yHqr+dX`lL6ygXy87(7jpqdY9h7WpqY`tc9`%nSJH$ zFIz^=c#4rS8h=(3_xc<0#OP!XnZ$AycREB~gbpR)@;8oBrCBfUQ7lNMR-LDyqdAh% z5w8BQIhW)8C~jIYtl)m>ykK7yb&YxppL{RaQN&iPkK=Fzfi!HZ)x^$8xeeJw-NA)EKnD;>nx^?o~P%i*rJs^JwHEb%y8DC6DX;2s7HZ$7pC-<@TEqy zr1rW&TG99prF)bD4=3tjuExs}?Zw`!7^00(5r>7?RBO*{9-fpJy65d^=C5=sp^3j~ z!j}@c(hTGv;I2;y6UT&R_fc+6pQY8QKKd-g=OgFO2(!g z5td4zK@_(ckTVQ8R|K8U^wva-Z6Gkp0OZs;xh3$Kf;3>~h9F&pES#>b9K1d+^+{@pnwA~TAkc>t`Gu3li8WC!tyH3oMRqs310C<5uikmi4LS zQY2UkNX0PuQGwWr(tnvi|K9tOmppZ%n~ShgCX&sKZp?iMWS{Y;gZ4dv#`vn`@{QNC zU(c<7aA{Pp8>xq1=ObfjljZazDynD-alvMc7DlS{T7_VqKLcy%$j)^SXp(pYP=6HA zs1_4glBlUOuG~RaL-T7`gJC1@XPp?<;bJ#BLa0u_CwIOa?~z zP6yEE_xf8qL1}43=`2jUv7^85^G*yVbhtv1z?M7*#wq#0r3c;V$H`;7(osYs+a}ZV ziK34P<3n$`Bd|YTDQ7MxQ8L2Fl5Y>t?BGcuI7053HNnRPa_8PO_awRj8Cr$^Zb}tnH)an zyX(nT1Q0GVOGIsJlxH5hYO)?9pH?kH_8U-IUo2-2mJBuxRb)3X;u2ZGMd^*PZC8K0RQ)W8Hj0VWj(-`ZEpBfu_lFi5CA` z@l-#XEPOCZZlu={@aehFJ{Lw!c`i#e7$+Ge2ELUX!J&N?!lb{^eGk^GMm)B5fR;-` z7Y}sp^mwfO3$k?pkgWlLY=H;J1_J&QpJjie zu(EOtxb)a}WD*JnMey;|0!qJ5{X@wGAW8G%;|HqA_n}PMHl!-w`(E7)6+AH^+QIWxx8Tfbq&~-EtderyW2yWRS6!T#h<8LD8nQpTTQDA^?HH%4Jz9Db2}<3w+AGD#QE;JvnWmQ|*IHSr}g z&N+M?C#hV^cc=c8AtX=XTfcXX-Ag66kI7vsOmVyzbS@t&f+dC$tCYd4KY<}fY2B`n zVrq0gYw>gNh!K`If0m%vREPM5LckzTV2GG?vg-?@Jc6vxX>k00;Ka*TsSa%*S#X|t zl<)+o{9UJOXoYQLaEz~TU#P~EQN6fVE?#2_ni=Z4E$6E2H_TX|PjXfXA4v9Qt$UKa z*l?LH9U|FUvVxj}mx-4xel_x(_E-bRvJtik+|N6L9h-dVxReC z1|`lDRP-qGfN}e542Tg#^T`1##gQJ-==u7SPijthI|&@19TSV}i?5aTEpT$Zd!pB| z?JJIRudXl9j7=@FB@}X3Q8CQGBz-2W>t*VgmJRlF+ILdm8K-fjxM?+k6k{Qemv*B* zf$~z#YsBt)Km0PPQ2eF}bpsngztH^7EK`eTG zD_Q#-0Rg{AO`x{3@|0R*N(>?NgiwKkeo#NSO0*33fK#hFVNrNZ03x?*A9w0Tu3<{- z0}Axu=3xDEH*W!a-GKgvNRFgxz9c^ZJN=l|?W=1dhZ(Or9?_21fmJa$@X<(?RY!+- zo|V9o;pkMZ-^-Q5o>9y3HPjZ#Mi$2=UsLow*QRM6GHqxq)zgoGKhWt!k>Wc06C?F3qV${XB%;%6Ynp;xh z^qLr(P&S*<%j0i0mtNQs`gfUg$h=NbH#HoVjM44>N(Nfvf$E$(++IPjNUD#sr>anx zx4WLlS9EJI|3y>Anvq!Ou)O&2P!b7}TgTyTyT{kJA?CQyH`*4%U?0-Flv61OIIu9Q zq$q_>jC3^BSLxPp*Gr~8Kz+#SnD&GGGSE*7Tb_cZ`s%+=tQmh2YsiLQDE%j~7FJ_^ zrsWrw&T{;|iHb|Bi1f1y`Jcf3Zz0xgs_n(;1$wj{v4SXJdJt+g}C~T8u87B5x>Sc{n8=X^mQ`QL9!pe;=4dvU4YJUpz2Y9n$UZSipVmRj-G2R zpao*W9Q7wJyFXYWA0V$GQTfiBZ6?-^;1StUUJ86X9z+3;3Rgkuvp8!CHm6h4tsXBW z>`K|BUo%tbPq!_{ELJHL0sBDAIk#t`Ly3s^nM-ca=9Ia|Vg2@r=DBtyv3`)#mvw|1 zlFG@rH^^Nu%N(<>In?UQSV|oUxdH$g_9ah3+a^W`FI>i0R7pd}(KWZ6)=5NcS0FQp zWdZ2!JyhGve9W2LvZ_@wMO7-`aB7riR~>@D9i;F2qL*#iy_9G+4pQn8jm&+nSWcHh zd-Yl3I$v1e7yz1D_7}i22xKXG7kBIfbmYu6+ zhyK2VR$qbJ8%H#U^d6o+9+rDz9lPYqCj{y3@b+S_E;M>Yp|+LB<%(SAU2AIkbDh$S z!4;^B?b?a#1v3Wk7NF98O98H!j}Y3m`j#=D-@OMhyoxxuwxyg0li{X-4?_!AmllWL z4m8;1b}V#T7px4;6H@o^t{f~-f-T{(ZzI4o$hT(yCd9bXC3btc{{@kVF)8Eixt2xJ za{?G4fi$gi4b0F*l~6VXXm@QWygb31{>)JL&SQ7rXUg$aVIiRdlD@dRA8dIIXj$K| zz>y{0m@;!2I68en(-s3$mU!Z+j#LeG6m(P5#N=WbkAt+SuWN_vGk{M#6ljo*=P!Jv zS7E5~EKM=xKw&G#JDGEn4j*w=$(K4PtBeIQ|5GBYGF0NgHVY% zroJqdkit)i_tzB?odKFa62-Egw_u>!-AdvITfWCmnMSm{|9m>BLSQ}5jL0Hw$W`IO&_q5r8h{2koS zM+%!>zGR0v9M<#3kJoX(GaPwbRrieH5$m2$kAH{x8unSiO=rL({5d zm?2N8n>9@-tI^Z5@LV$`O&J81_^x}wj<6fNu|!!fjE%U~I53E}%v?|=UDV>(+S)C# zN#&1ONx@=z?SYJKTuoPE=WM|{4SZ>9Y3U;Ei^jOP>tfe!8+y3xkFDd9AxFf#Fgj1( zWWi5GRDw5X!oP=x5i8o@ZEExCPiJ{$kjyFIf<8=@L_3fs0cg%4?& zwmR(OkWc4@k%@5}0xad~qWu>P zGyh0~#irIVx{Pc14^#)(uFdNlDwmfzxJ{+LPo({~YJDJ^TIpZW!Ja8*y}XF4gL;Dd zL^&C3xdwcuA70zUi`zy+ZT+AiYKLDb8&&F+!#Nh=+N?bop*l)Pkef%TzsE1Q|CQ5S z9pKNFdB2^O^I{Z^&!m?k)DrWbXm0&A1^pLA^&i}POhRqBXxLo61qhxBb0n(TK%^Y; zz)0TW65ppCE&3*N54x05%yr!C*+JV2CdOpS{-?pFu;^YWsMsI(Zt&C2b(1X`u}Jcv z>SFoySj!{!)rxty{K7HRID(w91p9ZikoBUkAa>%Mqt3*}%ebbl-A!d#y{>lRc0dZiAvKh$?ctg3h(ZJ=PUU4%f(yAGIsDx@a zAp+@Q+Y+OL2Rh2OgjZ}@6S+xXdGt+O);UG6io%Z8vj5s^%#?v>IQWUTX#kAiX&ZA~ zH`cD)ptqw8w0&fu_?yBUl=EwK;Z&5$Qs{V#R}>_Y1w&K|;ilkd?x<=G*!yQAfu)dWk9%m(#)>tMktME=#xvdXSgsoqOzwYV&Ddw=8V<&g^}-^t9Go_=)XlAHv}#hg&Z<|QNa(NK}lPJ=oR3qy@&c3x+Sa-CnJAtT<4918TLq{d6` z!{N2FB02nL_%?M$gG0qEX;=4;E>`=Y&metog!$Pu%f@E>8Ie`n-JiIzET1%WbAb~( zuLY9!N`J*$zwwuS+f*KpZj4SG4`F|r%~^bYZ4wra9VWj;NTwSMTf>}bPw_eJ-Q+sN zx??U!7F=V0c%{}+b*B?GJ0bbm5Z^CQ`zuI+{bM2R7wUasd(($-c59Xr!(bgOfaVB< zf3^F^ZFk>|4X-caqG6L(|ACBJhGlGf0gjizB+G!YD(Sg*4?KJ&^Q?O|#R7-yp+8%Y zjEqsLSd|R$=cm4MZAx{81?tx6I)mLo{5MAh5}h(%7{~09Uj~=&U<%C@+4CwwD zC0I22N=&GIZ%4#gMifa&m}LhpgzAzBY=(9hxEK!E{631<7S9Np^>xLH8%zQyr(opm z)biJ5|A@eP?FFGzBR`5DqmV%(^Rr<0sab)D0QTy)CocQ1Smsi9SP#%R+VuB|vmi(G zr~4Qvb0pISu+N8`yacbkO)gwHmZ%3cH5x}d!;Cfv1Osyswf0VT;$&FP|6}g@%KjMFc&uYVA*0ItT;T5> z2(0wX5A}MQU!UK*9New*uHE{fVZr2=wcDLD8{0jj12kAO+yMaq4<71YY=BLGJ|3W# z@_%X>e@E&Dwb~PyA}JDM(V!CB#0{~On&nqw>9yMfw8 zDXU9jYmm;TZHfIOPF$wG#%oyRv{zzJkHH$!ozC2uwEAH zS$n$~Y>=-=-|R^sX9v%&G{gjhOcgzq)<*e`rUu7LN?}lJOq|S7CuDC@WK-NEvq~|h zMGGL7r-qbm-uw~ODxt@MDCLxC`QS?7rGWeZvz%*8`8W2iPb<%x*VYnNL@kEkpyaKP zTgu_tG#ioXWBl+`E7gdCX9mW{rWMx8xcXFX@Zct#p~hxQcP*Nd$)m-4z%LbrI8O&v zSg5NDEju%=j{R1UEIUPJ%PO0yGimVe>`~i zZ}sI>ygF|Ylfqu+ZN*I`qc$Pu77Ee=kDxu(AR8puZfV-a+LtL#R;@GG*t~jDH zqQqfiC>;T-^@3KoBLE@#M9JT`TaL5e7Ljjr4J|hC+9uG4*|{RD=za6_batR|Tzg_p z1*8(w!XebIq{2%(m9m!l1kuV!pHI2+BqsX4qH|23mDcqs&dMb7@#~jsDyTe7Hr-J9 zNL>~|woArelu}nDT?jH0;n%0;LB42UY>S1}s%a)Plzc*`LYLTZ9qLj|%aca*o9()HvZji>T5f2&-r`Gxa#*>?=%S`mPlBPP7Iw zwlCEudSJ?wfj|Huga&4+tBN^g&^X{4S#7NAGq-1CLDx+p;VXx(cryp2-RMv#3ryow zV%6(%N?QAN(;k?>qm77@c%Vzmn0Pa(TJyYm!{{BpNKYs4J>3N=@v_n74AaB5W;ZY+Hy{+Cp*QDSc~eF_H459?erJ$E9o z%d8mYzCtTWSM?TPd2okI-KW7sts8oT$N(CUP< zHYWH#&F zQ}h~Ccu(wlQ@!~D=JRu^nofI)Zhk`=E^&)_Vs7!h=a3#HHnYX_DWkrQAfbg?qLq#w zFCah&O)48#a0+TDa~T#*K`%O;w;dL5c{GNTNRc9f64kKEtX!alc@W9DpBpr;Mw`iP z>~l-&`&y{6;{j1`GfTLT^B%034Q5p9kwR2t z7V=maMBn6tJGSZ>7;YC_L$lRzH`INl$n*g|%O5C?Z}fB^w}^IHQH+_LZ0Fo)bhT9V zC0x?k+~LgH;62Z^=%<9L#t@q)u=i5TAaf~_DueMQW5Q=3ZX(KTp|`Z%DIDPJ z&%fzD5yU@XB=ragJm2`-rGV54jR#5$qg)_OC($c8)?lj-YxT`4BIucMV;Ec+iI^7m zsJBF0{|;2&?1eWRI>dx{@&|{w&+r_)%$7J_pN@$t-&mY7y)G128H0x--QI72rYQQ^bJ_h23RNZ*~!4cwef zezgYw%ER7?(A?>F1E#P6veXu?fF9yI6SSW_!t4NXn_u7k*B!zSNB(RGew@+1YXE*! zs_N1G83aIS0S&;E0OpVM$o%zzk{d;fc3;0vo06ith`IhV0Qgn@H5Kq{q~yl}@7sSL zEo=dr+rQ}j-8J4RaNl2}@Z&Wyu;06&0Q!LG9{YfQUFzLW`WIcm&*+IB-YT#kulPsP z@BL&7AVmyl@_kUqVh7j=+)txCH2DHdp6?RFkD}WDU%Q~c%SP08kWpXHebQQRe~z8y zX6iS@+xnvNq>wC)InSKIft|^4{lvl4qo%|puOMPFTAzkbaJbZpv6Fa+T3}&)>6<~u zs#7gdBBBt6UQYwQnl;o@b)t8y(wr{}#zupyLW_ifk)0i!paeC5FR@Xq1efgeTCDtY zGqtuP+wg!K=cJssxqN)Q@IhabrZ2zNEEnTZX_~GkRU`*u;5Yp=^Q`Th^3y({gm(J5 z=Z=pGi+7S$RD3+yP~4l{a{kWjx0k-7I;WcR@127Sd99(92HWD^V}dzu!f3Nw^n*^d zTEEvizcA03CqWet&DklrOvzY2nPeb0K(sbXisDEedMomb9{X`eHQy>OITs44~-e>$WmBg zmkK-_#It*k4~kk5?G=?!Gf51eeF+nZjR+Pw7ujfOH-#Yf5|?x*6SI~;XonS*Nfr4~ z?OAuJ>HFuZhmG%s%(@0LurQi>x+Orq=)=j6i1wbid0aH0F0;?|(~-Y|;d3K(o*_Y+ zWthdno2L+nCE~UydINmipiKr6b_%wezV7J1mIK+f^8|B(_oKa4i$h_ldgbYx9qWdp zkm2+oM<2QT4u;+89(fl+~8u zBR`fQGbB)CiYeq zk6l_n-|+7s;O9ufLmHx8@+TNQeGN!MR0F^$DX;(ERKha$W8*k10{eR?c z8bS9rEK*iuAf_jLs48Iz{aBgu-fr0VPf|2R>&HwoM|Bkt?kiZ{C&4n_#n2l86dvVIzWKPhboESL|0TEiV?FPz& zOOa|p3Rx3oS-zVDIn%d@9{xSk_qsHuizmVFab*(NtBUvC73{;c5dstlFA#Z{gLOB=N0R;gS)?)dP0p=)pXMBj zAy3s2k|iKO%{=33X%|KorRPiL{xm&pdC0}SM)ffnt{Hm^T*8Nq^2*J9RQW(lG&9c^ zE>@^(N=px=CA%={nHaxDha-C}t2Ntg>X;6k22`2FMQ1Ijh^O+C%66sm`mL2q?mUL^ zlJA6y#=V7RpIyMg5>Wh9`pDLSqS3o79j4o*t`pR~yb+md1TPG&F{VZ#&3S#S&+(!S zD+-L}AdB#c1O@QyQp0(tulV>qJ*o?U;>I(1AW#bsfN1I%U5gW8>pau0!4cdM?N*}u zTi{8soGCYOQUp?$2t&3L!7QQbEX7<+&N)Y;4bd^5Ly?bQjR)Wn_EUGX-x`=Vnqj|j zmx+3Bwz1yzvXR(yH8aMAIi-Y^Dm*QrIdgwFyylW5Ok1;oE)w6y<5`iSd3PYos%exF z9Er>%X6>d2TM<#FGQ$JZS<;*THX(oqbJ1XSyb?zWDblIJLF>jRD49zS1GwdJkwKr* zg8%{D0=zUp%_za2fHKh2(bL=|86Y306abGDU|_+F66DDfP!y5sxBXD6FAlZbVG^$} zl)4IWJ|X<^0NyiP$hrU}4Ith`iRLeUEmy7t#PwwQ&L1sPnRTt7D9vOa7uGxj7q+DA zD|qRSv@JHHj*U#I>ye%fMQK(@!Utxd>eL->Dt=Ajr{)Ycn6XQ~&2C0Y^<}c2&m{hm zRp(_?6hA=-=I#+$C(mmRc#`Ml^3Ez5FdAN(JOT+MiV(|U)Tj)YlO5nHeQ%KJlTY;m zf?6E9W~}`XU7?_=JN%O`c6q*j-KQxbPvBBr7+0XJ>}-QTjdW9FPMS(DpTK=-0MGI~ zy^_NM+EAaLfHk`6n)Q$dLK3&BBVGG)w*dQ8R$zAzyc!PMnRT|7y`UI9Z9k>SYDoo#Ku^0s@TA78Q)p00ADD<>%Sk>~t z8$fwRY=qLnJ?RRmh;U9BVA0C7MdZ4|93iSSY;8fp2`eyC)EV7zLCgk2@J;EGLW8DCS*D-qBy8IQaJAv5Gqr322A-Z(}$_2!si5d8=y`H$@@u6j^tR9n@iE8dgU6 z?kGupy7m_?w88?(r zkTSb|mxvknA%WkB$I>1U5-bhu4QzkwFZi9;KJs2bw%WI1#e;X}z$lTMj{6$^WA6EyJqn+O=W28wI4LySoJG z?nb($Q@T@-?(UEV0YOUX20@Sxr9%)wLii@7=yUJ)-cP*y+wTvKgE`k+YmT|r80R>z zIvLd!WDEJglAtq@jjPN9IPKLNE7?WA8x}QV62Z`E`g)x$+$mU4 z2Vcl9a`(#=*ZeLmTa_0$#x=TUket~Jd#GAB_lGC;FCtNYA^ek>#erc=SD-@hFcsl0Z2xyq(s@#rpWTr%TcVo)h6c17balw~TbktU^Hsu&d z%U~9#k5{nLgeR4|*SKd_7Z2#*aapu1)Fe*Bg5`ALa9g%t61_624roY6t}p%UiW4fw zh1Z1m#!X2M{`KQ>7SV?W@N3~8_8VK(%*w&Y4(JL6 zn5DpCHFIzw1Xiq(o}Gayp^2Tfqs?X1$;{r)2)5Lt@pInzK3p_tlAgCFoQ+me}T65Fj=xKG|<*e!r0g%!js3QrIeBg>g%W074Nbo$%win&sgw`_o4~z zNn*r`YaC^=aMpfwK!!+|w?pj|{V+$k8@SCw9LIeIo|A~O*(rmUn;5chU!Y2Q4#BTo zymF>HsB)87kU}Fxun7mJ%v@9?*+T!g^PmN#S|aRGNRFQTTuBgg?16#p7TuDyW}?qx zh!%^Bh0`u~q`u3_bZ#;|S;sKSBGTMPlouGMbw`CqU7x|A6C>DQ;#QZ~;}O{$(@&A? zD)Ca@fFFxPPWsG3)=+&AST6x}ii1O*oF8vOBVeVcz_b`mY%7E{bhZ*@Zx}35*EUV_ zvilIy0VP1mr_MJ^_KlaH2Fc`Wcz^&WPO0#!+Bf#rO-W)Tcl8oDtN{z*{OxVJdgK5#3sjA!?|v1L^z6z zqv@slkH?6H$)7B`oMWxp1eeOJe0yF zwVywM+IzzUcVnv^uBTYtC1SVfKgtAZMQ^GK<%SU|C$Y^4$tht<^c=N9t-kwyHlrUu zRFQmLZ;zt>{$YaWs+8?%)u?VMXCeFs=0lZ$Jvk)x&A|or^@g7NyMbvD{@#b5)}tb4 zFjMq#gufWajk;UE-QeCO80z~_M!r{6(Ove#!!!AW2x9Z%qt`|hHBludQpA2Ji>BJ- z8EB8v>w2>O&|u~eDO!IX-}#+*RmcXK#-sMSE*Wm$X2xzJd;92-x8Av&oG8r1zEV6H zfmOS7@> zUUR=X-pVrtA)c#Vf%ee{&BargxBllOg*hQpCFYA*RF#E-dYbPEX1K$h_G#C`9p^Eb zEqE1A-TDM{E@rZa^*9#e>r0+IXP1iXMMNhwR;SmT=!-`b=@3vuc}gtKOzIP` zn$tSxFYr~f2l&%G^@*nDu*k277@%BlUcgFoGU@s_ki@t;OH2?PK#a+;MzTRtL)3b1T?p1X1Ho6!psH~Pu(8=rh@%%+~)6qx%|_P=W`My zG^-*xS_~oX=xD9p`X~O;kI|{#7^(X5^Qn>y$UP^esD)1+!ZfuID_EPSD-lj@`q;G^g%c~M za%cFbEvWQ%&obyH`Bt#lHK^>4r}QJE<9Z2F*Q}>5FDW z(DI!N&V09IYUL5W%QI_q@T5e3m&CiQSS7*wxYT1x?@^*NPhM0lZW!5=Q8uh)+mh1q z>s~1-?+9l%-DLdv+I=y6qy`x!%fyAnZ0u}jxuJH0=q=F)X`3rg2ivZBrB4ZiPto5~ z$6wH_N$M7#Yb5Vk&-u0WnX&d7*Xoy@-!v!x@&b`dYn%|`5d$v+Hx#UHfCH#HC>UVh z(EVc*J)no4oso^Ty_tixoeSO1MSLX?@W+b0GRDapmSf%b%39|zS3XaUe^aXPJ7^rx zhIEt7a5OIGSyS;mvwOw?{*hWA2junlb=`sfLHW=wIYz5R2~R9~Gxb_tLm%p8KmQe? zpcftsJ77tA_4o(%)WK*N{%;v$IN}-eUvn!ydPfqYqG=Yr)zQ|-0kXV>SyVsMT3NsfAqPumsqD1BOo?5V;>y3oCQokHRF zi|SgM=JK(3%4ko;oH5TEx5}};QOSSd^iPPhu)=vq-R_|4LRtYwK0mKL$~h$L@mO-c zng+k4^GUBVS7xeNa>UebRRvE*kOdmGkv(L zFl+-&U+>K{PedA;)ZM2SumALTk%JZEpxa9J$VX+ZA*Y$RyzGZH_yQO=gVPC)rN9tq z<$8UO@xe6NSFT)#eQ^@ao{C}Bwi70i3e8r;Kgvf3KkZ zlJj#90KX*dCV=HFd*g=1AtzS{YdwE?WdL0fn?ofIcrX8|xpvO#Y4A{GEy2A?KFP z%{n~a9yahIWjm*pE$QI#MggCn3y@?Y58o@y6ASRZ(#V#%ggP``N*cJG2F zb4pb6-L4O9Ipl_enC4eL8R#y{j_Q~pB37;1M~>t=u<-+#=gs^GT4>7OV|;rl*R>z1 zs6OXlI}*m0q8LaQsNYtR^3Ub(uCK_WHnV{+fA@V1jp-QaUF8guzYvXep9u1Xu>i8{ zo?2c$A|kThTweMU52Gv|%+*3=ncd8;?M@*trEfV45ntSui6SU#eR38pWoU4`O}0u2 zGZ6Ik#uF|Cw`tp^o={Q+JSs8T2}FhrkJOpp$v9})!8=X-YNq=uj3J6K#zsQj~(9ZQa~xy0P1k?kHh`GjRTHTq6UE z__FF99ZKNprnlPK;OHpVCvKM|;kCjaE6|Od?OG=rSeQUp_Fsqp&PV?j>XV}{L)m3> z6cNwcLfs?_-9#h}D)bL&ai(ExAC7{o88ju6pMK%Ada}Wr*W**1qe+-3`~+kA#~O;| za_Yizla9asR~tj-%svu&n}*;ls!Yf4K4tn)?LO0-R+JU^Cv;jle_0*f$o8>R+64N>({d{TgVg`q}61w|gxv$-wpe;a-y`YU%Km;sR`bSP-5K(Rqypv?}<)j!~%(BO|jASe?G zIt9F15mVMcaa20@74jNrtI*a)=_XEkIwp%P3G98ixf7pqx-;i>$OOLd#x&IzR`n24 z!>eZhYyz`sJonE|iI=t06Hw{wB@BVkQ8rzv?GGxSwch;#!NoxsM8F<`ECfX7VAh2n zQ$yv&lwc>C>e-zvW(}X>KGV$?OzNm_2QEnk+ue&zt&Tt5?4sx+?4z3HwOf{O&w`00DTNYJsTr?2Vj4{PWm=7xDL4jsPXfJ5v{!|;L*1J2_QfS zlat2CQqRmn&(IKXUeDm4!izD7ziXFH3SZz0sGf81{UP4ryzuk z=%WXB_y0@3osaJwY!OrbSqp*y^Y~`4j6g@~E4V>Gyv_gz27MKcC1)VLJP(e5|MR>N zt>X3AZ__v~$9`oRSa^Io6g8Jm_B|=jz@{{%te2VJ!!q6~3rT2a5j`#Tu|jf_V}Juq zArf9pEmmC^P2td~mhJ1Qt@Aa{h)?u*RfUd0lXY32xrdS@M27tyc(i7r;l^1?987lQ zNi)+0aPm8P-gEaxOO)#pFsaY<)>F#2kRez|LxNuKX<%MGZ&jwC0rM_+@GX5tSrI(J z4O;9X>6AT`q+PvV4#nU_aS?WfKX%};PGhB?2YH$^KVoj&T7G505B zAKn5oPLQAV-2OW0)u#T2>jO};oi}Si7;lK%sSx`Ll0{+#> zs~a=So5AxROGkc3=es&XeaM~jj|KaA`(B9=XJNbMQ#G=f{$_>!Rh8pyT%>C{xmN*`$MEpCJAkmeGt?xtQxXow=lRud)G` zG8gL*ts(o~y=6w$ZvKn91xP2=HeB`n?=7FUN%gh-zj%5QR5u^jJw)vX2UW2tK#9i3 zVe!E)O~rl(!Ltpf_W>X3s}5JtKJ}h(&}ZI~kuFvLrl(~ylgG6<`Zn;qY(0HI zRz|0Jhq{Y;Qf8*rgeI&x%DtYw&nd-rY`|?}bC1Bc#C_)|QpO6If2hU#a7X1!k1r9e ztI|uGcOFDWzBcjyy`AUAr6h~{6GtG00hf{hU{X;2+IdFfSpzfRkUs}L`>sjW7|MPZ zQ7-FC{$;XqE(7va-^5}1*EuqdTV8Uk~ zpqO`&A+S!iS`+%O$5y5UfWOn6mRRfl9_jQ^Q+8Qu4T?>=Ke>b#A(A?J4C;Yy3A>O> zfRAsf2KxeHe_Fnjg42dzS{=lQ+@bQq_-MX(z&iVSuVo0c^okqUw91I2)ELg4Am}SkI9Wr;C(Iud#=LJ=$qWG})C{{Om9Y&9&4r3ie zTTS`N<{KnQ<(+EpJ~VVC)Ug0`DErvg^%3ByFlIpMn5Ot7zol~>V)DoCrbod9o-`X2 zYA|p0IS9rbTbL=Zbx~TMDT8YfoMtqMZmx=p#=*;k5W$KseAC0}L6|;N(Ae^M41gyVSA*;foZ*0i+t3*bnB<3gwdi%f8KFbSIA7WTU zM5#j8u=M?AzT%yc2?=ldN%U!#`F!mUXC}MPSSPRtnK3j^M#CHfoQxt7z+LJXi497h z`N0O7`uAQO50NEDyQ~gKcC6|ZVD^12LW_xcTChg17~QU`R?!b8kEIz9uCH!TTUs-h zd`fl%Lf-mBncX3&N6u?mola<(hID63ipjYq1AATa31P?758NP(PQkUYMzUmK8|@-^ zcEu$TH}W3~BKskA{f}$=D9Efn=JjxO3!v*B$%Wl7tFpwtkFEM_C7SA^QKau93$XGs zG%oUZHi!wlY;S|2l)cXlHSYH+WO^zI9CSDiy2Ri8f<7!dIEkV1C1b8%H4(3U_dNhwOScX6*d=zm=gjZo#FRo`VDoE2GcP<-5C z!gYXsUmw3NqnWpovfLyKZC?%Lfg(5qPCa(WVQNzX_=_CauXq5*ubKaZJCb1p2DPE} z0lnIPH#<)&%$c&lwDoBj|7c;&#=w_wNsiP9$v6~B^&yeFy^cP7`1^(=U0CHZ7ozFV zhpa}q@8MJ~zF`_#>=qJ{ipSK>gJ4dnc|O_cz^ND+(Rql{b^Nsf42~SSWA8)P`-M|j zU5hLDWd&R~*L^2{CQn?u^6i)bKKSdEOB3?f(KWRj`K2QdZUDfs4nXZhuOS&80{CZ1fN5>Sku-4bJ_?atl?Zj7LW<+N|y*4J{eqC{U5*+=`$s3l& z3^YTyvL&xr8sPM~J^T;f?eFMTKdDos3)C|rjBl-ewf?;n=|3QyP&-P4?aoBN1iPw2 z(;#$6`sgGVb$vw^6<#9vh}u}p8jfs!qsc+`R&gFXk`6`W>JCB3Vtx3o z$Mk$~>aAjNe`M(TmnR}&akH*!6xj55a|0mk0ukFnmJ^B;37%g~An@-`gvQsrpOYfb zmBO*NcRIjKdQ0Gnv`hZS$R~c=IA1t-J2?cLMV0#A$;^OiyD$ z3zJr9mJR<@q^-+_dcZlaj98+@-XXN12Qo#4m#vHDf7 zsM;f){~lku$(xXV`;#w$1AGY_;7ee4_|i~POBfvI(wAqUf-CWCn!SH~-~T#ay3LWe z%a;HVLq?$Z_IiQ-J0Jab%dhI0w{7pU@nzd`QExd1539+EV5fs5(<8Nqy2lRwp!6kR zw1Mw41zlyTa);R(K%2v-#k!#}*`yA3f{DBMHrcp{Ij>Tp!M%EZ;J!lj?&xJts3ovF!z~6DCz}I z>hOwtYxXlpkZ2{3Y_+t_E;i!8`Zz+%my#2+5<6M7MP zw|h(Rag&g}0IDaGyNeNjEx&()FZg5i2e53tL5Pi|gHccIszQ;0gZX1RTrI!EeRd6j z$Smv*CwU4&He#f*6^h2<@3CcKxeQ)7XC&d0HQiYWhqZgIHrTkic$aE=(h#z3Q2o}s6`_u<>N{lMFCP-+JQ`5a11)euU#l~J-)xU;-g|wu{N(=5 zX~IOuO2~mWAMmSvzTQd^ zK$XOHAO1*CNBjmjPww=eVX*y|og_Cx8F~mvDgsJk%0EZRc&i_caQ`oyCO7r->m`FuG|M z@v|t*!ouK+)j8Y*?(A-20&XQgcMdSXV+RI!>_DTg=OT)gXi@j`*xI#5ZmP-bs2PF=%Y^ z>;$-H^E+`Db=HecQmsZuncJ^d+Hq!3W@IP6*U?rBG(yhuH-Z|OdEV1y-yH@7=-OY7 z;Dug!hW`nI=j>!`IlI{u)E(pxCsb@AsBw+9ov!NlfM)ro`+(*Z%SUTMFa~hj%7z?W_`vOC81p#O zjHT+u7(;jMnEZJc+VFto*dgL4w*C7R(jU%~x?_tRvzM=C6}JJeu^nI>7@C?{x>!4y z*5_^wvt3TEt9nEeE4^FDyEYuWUjCe6P=L_@r3v_j1+Qlq zDoF1-PRO1zIAYFuhz3X;T!x(xV1;hS!+0ANMnM0IVf~Ct zA)s6(bYG6{#xZ{`<~Me_-dW~Q2A7=2$#224Cli9dbiGh`;M zfA>YA#qee*wm%Ghohk7S@wm;PrMwx+PL}K25hBL7z5%2A%1(0bq^>>wTJR;ak7cM= zeX~hI`XZ}_cZeH|r5g2fj}UY+!&=bs&ZgK#%P_kS}oQUEmsdSu#KsM^S-R|*8rmrKvSObc16&xos+l_V#zF$lOh zF%t#lyp0aDI=0y<3kr(EX?Ja6{5m%JIq9NVY|HW6GYq_Zn>H^VoUG{6p>CcJ9Wihb z-;}wW;s(_dLt*2bnUeh)Xdt)}n#SmxCoEF3dp#`4dX&e9-nl5iz$QVH&>E6H&3|Z? zVm|92{WQTJE%kUOyNtKh7+gFP`aKb30#9Yygfi{uyUBR*=eqmGce> zE02tQGQo$%B^OWX-?pW{yg=yEnN0`*Botj%_W=Kb0IP!jwo3^Z=yjhFdmx<%=$!0K zce~K(jP2-wdOT|&zuU;39%yRz{fz3 z4tSY?F%x)8AoZO${6w6qY^A?=%b!kmpcE;#K3(?9avTiN>VT=h5w7yMJIE3(SI84n z4tjYac!}`7^~NWBjas~w6z885mC=W?B5}a*bc{t{nJE?#NfK<{qY!Ku0+ID6Q>*P^ zvQma3cv?Zr>T{1rQVKouLuMmzdl-DTxl;#P*B>mHPl7qJzdT~0porRsfRkli)+GZy z8Ac5|Mm66l=Y1#lK0=4tg(tAkUN|z0u-48Vleih$=<~B^#0JpT%`jZ!mXbhc&{)LO zm37W=f_(X~Bm_?9#hR28ToYAmbMqHP)KaQ0uBt>s13CsG;acikf!~=#^>a)Rv7%;9 z^Pheb)3Ya5e*sqTMrh+eJZ(=&?O3;b3M-eMLU_hCGdS?cSMJpdN>=YPL&4aUWnAm# zQY0#aBYY`_=>`b%pv2VEn=Lq-03- z-1Nkc*3`W=&4zE4a}L(a-$hf-1Y?jS@r08l)@s)E57x0m{~-IA7(jBNP7I#Bot9Sk zNgK#@Qb4pGePme)`BZ!`G)lz&;E?`Hp}jMbQAt*~v4WYWq$xrdK0CQzURW2{r+Wk9 zpcVGjKRP41tVb=jxp%grnzIF;JO`05CKa-o<46APe*Y+YkY_?0J*3-(@~PxxwAT|J;rK3nD}y%N)c^8Jguk*Vpw>O(0}LC5>7#pc7Au z{EZixyq)z@#)q8Ve&Kr}&r5eb1H-l|J?SrsY}2s(g&_o#t*AH1yc#1xmn9!Gd{T-R zhOHd8h!QIGM}LtVhUksJbhtqN&k~`wJ+g*O+Ohzjq4#@KXifESCO_WX{pP{VKp2dH z90+gCTzBHuxICJf<`8S**EzFBAPU-1CEaOu4!(-;9!303rn()A^-A1rY?!2zZB4*i z(pjS&0!Zb*k!%?%kjUi`Ot1CzIBjkDT73(^Qe3NFPNpo5fA2@!lk28e-4C|*1IihrcLZ&LH?X=O7>eS_A^j zyR~a-^t*P`WyZ9@9V!G6?wi({aOhY{z<5Nh35Bl4b5+oCQ>AtZ;Q(8LN2mDt@@?}8 z!QX1Ce>OI|aZBOAM=q>V)QhX)syV=;05?Oug~H47dQL3#+T5t(P<}Nl)bF&Z@{g=$-^*TE)>&$`Xy2id@D+*LJ0e!_SOr;Mx6y`qQz(_ODumdq`f5`+}7cyO@R7 z*Gdl#N%b-lui*w4r#%<2!ssFV9Fji3J!Ny`nM6i-Pl@!Um3_cU%EL4`3tyzd?{5)K zQ1C6{cY_eyk@cRJ?)Xv1eSZ<{Z^yYwxZ$_$H;`Zj^JY_qtk$0T)B8iIb28f{JyZvY z3svkOWJfW&A$c>*OfWRPxbYGGDio=m_7W7q{JeCy@i_ft#Gzo{4km<8)EUAnh#3^A zm9MEZR7=^B%kjLXn=<~D{p%)V?)>^EmOyF)A#)AD4gC0*A>XM{y-L`@ko?G0Vc+`h z>bi`V|A%b(>*)F2J?sC{7WVhC^uf6w`KMc3_gHwKp)@Sij~=kj9<`+@7r!6i&W*9# zg*&lKJNy#ht(hgJkipqew?k2~+vj9@@AZ5ss6`S%I}u*Sxt;R@jb`~Lh!$D9Ol+3K zHBQs5I8ryKtQE7@0S}r&!p=*#**5IoT=*^Zd9;lVN>qnKrau>tnQzk^w$lDW$3W+M zcJihM6He@Na7stY)47V?8t^Yu2a)wghDTabrE8wX+DQ}jZ~3~1(bGzIJ_);pC?ACq z=qvc6Rlns=SPmr+jmme>82w&pK!H+U4O_3`%%4q`=+b#UPrAeRIn!%Q4_RK4=TX?y zqK(7kThpxLHiY%8C9g(h9w(?BbD93=UrCRuo~WdB!*Ipe4HZK`^+6e^DBWkD}i z5#(V}9D}9agde-{j1h?uP|a*UZ4|2PW42`yDKC}S3tMyGDp|!QviBZkI3j)AMa0dG zRvJ&&`OXQtn6QpjTy;HKe9Z~Nj?siV-ZM0(D^`W5#az-8^kEe-)BLAozzoxT@(m;t zH>LAgLU`mwN_TNhIjTIT_Qz9`(s51HG^S*nrtt>Nyq-Q%Geu=`t%Y8;zF@sm{JP=3 z9gNfW`BHPyd1FiS-=LJ{=+Y!>Vi<~j24}HnqKOES0HNU`;PFC{l0jjONWQ;EHe|m<2>V^w-S(itk{eZ zyf@0B-ENwMo2U>IwraYKV{Y#X$uI3?#Qi~SZ_rOvcljcrC{@=POZk;2Ow7>mA&&|8 zeLdJ?AD3@iin$p*5unfQ+nt?e{Ib6xh+`Kz%|)jeey^tKAb$_t3gexd7`+S{4^|Ae z6T#gvVhP90VE^p3tP(~GJaksB)=FQGmVX5D!hL5NPcqM`cFE}i3}@(y0mn7F#~kqf_gn(-~y|BdtU(}WT}dEso-{QiI)IMaPTISyA6eSAzp zc1v^VI@pw+vs^Wx%TKBdR%0C4YF23q^bXrol2OjUwirLTQ6G^)9eq`rMhnAW7^_`$ zC7oH?b`yj5Lm})fX@m!-u6`+*_&y+VZ$BXrsVkst3#tTxe7~nqfcHEmEL&Q{i@eh| zg=Fs2RN!+&&!>cKt?7$Kljb@3YXQ%>pkZ(uzC|b}V>x<$-tsXXd1#--Dg^J%tC^~8 zO@$dh;zt~8Y`GG+WWz+SK(yMu>eWu8`-J{odAcyxvE9JMik+nE_eXdO&Way@9oZ10Y>(VRRWyx4t5Xm&WTa<$|B|@Y3?VqjPXqV)s{J z-L%k8NCyWDPw)xMsq-{FtfzO$d?@vh`9AeVJrkH-m!A6&=hulOS%mj#q$+{$JB zuNdXuMHX9Z^I|v0qx&8N60>m@OHxB)AWHM`}Z4$ef zKr12npk;OrPGsrT8HiS2K2UkO9@ZOi{Qm`ls4QMc{rX+0CK% z&AsN}-_<_22id#vt`H)YTg06S@hgZiQFpkRC0iIOR^9t5T-_Ru6R@zs_p>6{miRVkWe3FqUJ8+BEpWxS~r!&BD4(3XQ=C!D zOr&~2^cQ;m69EyfxW&Ain-2_~3&yyR9 z(UCTb@P({VP|Z<(>YK@R`r&Dfogs%X`x=hNQ;=@o!5r&<jxc(O>e)K$zZgvP!1*|yCCfO zx9vzXi!!#-Uz(yNsdh%7alz&`3H^Y&&)$~ui798BV{Ov#D~;#9Gq8<}feUC;%xR)X z4qDgn5v4t|WgX^TS6(-`5Zlx&|*T2{mgSZQy?US2*5HnBPhGCm{S4$Lo+3 zML^tQ9u9epd+?hl{XfX@t|R{c100VL06U_)^XJM81Vg^Gk>S960cT$=D%f-U!&Gn*}O{5%IF7WxNS* z{Uci6@VCNiH5~?3vs#p3$$9xNNDV~4CtPQKqmWe2^op{Yl&VJT*lw}c@My&sC44RI zZD{ZbhjHkc!7=FZvmb6+&L>VmCtLHCNG@@zHBDr@A3#SoG2j|sz`yF~2vvUhzGNdx zlCu9nE)%H?)t-^iFxX)6pm@zjhPz({zuT(d%L0p>2#*k-6REt5@fYs~B^O>zR=*G) za%$b?r~aXcTv0I2jaV6)4L-+M+V8w!?Z)?EK8gr!rTJu%=?ul-p1j@MlMfg%O_Zk0 zyIjUw(4l1W=o6|&&&cPr#qWV+gLowuKCCUOjH}3djfjCd)ny^Z!@uB(s4<|zGm-%L zx=(VOQ!=&v(Wo-I6-mVh+mnN~hW>4wZ|6P&lOTz_T-{}^iR@UAalcUNpWt|(%Bjh0 zv8lz#1LzfuX?DMapxg4@on^pMx#D;n@o+o5HSzd5yJ@NL%o)@Ry+1}@z!3;I;!7 zv+Bz>m~4vRyE-(6f?=(Ll%#b?VC%8F>qhUn!S*4+2LAregqDgqbKbHz2SUBaX?Q?x zrMmWk`QmKWp`lROioD-L<4#n*uY;mHsT2gHQx_%1akH$*TDyca`ahx?iu%tqQe%Al zC=(>yHSB6QhwGgCTz;5wMYC^PaTtksuIo0r1SjZlpdIX#Yx;HvjxQ!zhC%E*HHaTt zty|*jWbTstI`Mzcf3K#6O!Ii^ai?1_OBdi0NonKj(8K#^ASZsv5@5c7)nO(2Qs6OV z%AqdeDC2vBMB*3?5FfFc-GR`7o}r|jkLks1i>8vc;`i7nxOnjflOsr1ylwTUU%B-k zlVbQRGU{aIcw*$HVwfjjH96Vk!KdS~tv-Xyu~rD?jsUw%Ywg|Mw34?cAi z$fjGEqOAquT}7|%br^I^Dj2wGhNF-ixoEpQNsB0Beb_DjvGyyrN*Q&n!@bR+Q?h03 z2E2GWb8fZR5K)y2(##keMZYP3hkNf#(jiQ_=3nq@;7P~~2}W_Rs(b*k=~LKo^C;t5 zeZzPxeE3#(2wfeF+Pj}cbpG{Rq>&}q5KUBm{_0!+mbkmIOb(Z2(W@O6x&}n>dggi2 z&B~|Yq#siTeMW>unBr}M=D?7|1p{g=>>CX?^aM(J#+2rR=(~uj$oezXl}t0vnyKj9 zm2n;Ubuk0LlsTV!LH+{Ye}W>W>VV7_gHA9|a|CDCTS}zvqel7N1>akWD9M)Z?`$^9 z{UF1H7{(e&ujhyVjLsyR&%h*(0BwfuY!|la#}TW*#bDwg^f|$yC6;Q4Gy=-;mhal# z<84hl(bh~3`%%91O}>v^OR4GzJ*3~bDx4kTHZ?v)=)l6EJMYS8D$f zKE)BiQn>C#Y)L%(tIXku`=Ut8Yksp4KXwH`o%_j)^aGgp*vCBnSFc0(aOxp2x!=1ahb$@;|4tY6~=@B{A&!r{CQsa=dA%HmTR+*g@G9mxnsS|`@G4^{(1PPgYjR#(cf{xY9)oX z9=`pLGnIXfUM?}RBnPmFALbVz0uJGiNqOOTySe$y_ndNA#PAj_)B1P{7Az3J-A zx>2mL@L?@WHTFwnj)O|95Cb^AmJD?OnS-w@f>Wlo^q>H3=6$GpI(3f++#=NUSZ1hT zj_KZk<`W6wN)o@tlYtREfYU8<8;B@Jfs8Odd9uh zEP`_}#s5~}=zN*$$lRHAcq)8T8_S%r3%`K}hvLIirOsl_iEJ922mRS#hbih!>`wz< zS^73iZuF?UDPmLm!S~?nHUe2u499obwkJeT!wDOUrJc$PKGYO`Tqg%^59L9c6*vY5 zj9m&3d{mZ({a{7qHRa5Qrp2(I@E!FX8XZ~e#eE0kW>WFxbk%I455Z~4s#&}63J;qH z-_w;*LzUXhd4xjkmketEG1k%_gxt8~iw!^QCi6l8b%VWjBM4@&8nAu%wlg*Vx6&Pk`05vXRhiI*_+hrR+j5AZ7OVFgT00&0|vc+ z%$fL=g6{NHdGREd?et5AmcH#a&w(fh%I`T6e|f?0B=ffpdRO5Kz#=hj>m>gAae>ZC zXKkpgqJmVK`a8E;3O@^*+P+1~1oSgw^3Z7K zB^Z1(tepmDGbo#gImN^7{UgKl@^tO@H0IVGEb?{s=TffH`4>YmJabaAr$|)iSO7uP zfB)FyVMZA*SJ?Q8Ga?o>29gfj;u+N|29lu#0|YlU?DM3C$7q#N2kxdz-D~AE8$F(7 zja0md_h(q*YOx#&&5^rm4$#{_X>P-f<|ar{ZPQzzh4Ai?+Z3CFD?H5LFEo+c|EfVS zKTmu(^Gs$XQC68tad~(DAfwBDQmvelD4~9#DT=PbX-gG#XqQsx>w18zuED1#%psT` z8H=Yre8pn58w#SPHz4+Z;ve=%H8c1uDT;#3ENLtvL8$q~xL9Q_1?ArTn#IrQv)?1~ zt;r@}dAM*BudNV@bi1wY{{;>XbhCFdz#w7LcST^Oj6; zEHu9#DwqOv?nP9)xx(D{IjY5S*%9#0kv-XYJ7|OPnxL?R{h%=g zG7NQ!M}qBUAgXCg;Y71RQ2Zc1u!Dm*el7C@+_oZ1AB?*otDVR(BHYsP<2-ii#ByM! zK9sv6a6%b*NjxEVgZces^A5!X(7gUxl6rutl@>9RWQ$Denug`FO^Y*1%Ngilz{f%% z6g8$IN38LY>}Js=a`S^^=I`P#y3faSYPkGcvWg|7JotuWbu65;GbP!h(r1WPEC=sl zzcBARAE>@(h}oq{na`TGPKo@RH@M^#E%87hePW}rG{{*jpAZ@?U5qwULRb@n~(fCWw5)RJ0geu+<<=-;M z{_=vq2_R24=b-gSP^MxfSLZ<*@q zu$oBu67|)xO=i}BRB%#ESd`7uOJv;Un4$}V@lVjY?{iwxG-3C~Uo0ygyf8R46QgMIg2yv^P=vrYDi!p8MbJf;9G=Shy06k!?kpmXQ-HK0+ig<&~MYXp%LJ(PY?QNNvr05uLgc{%x@PA(QD+T3F6oK(qSI?gp3JVI*-nt!`E(P_OnV6Yx1sZ@- zBPI?8b`1uf|J}p?JE$6pSU`Q1QRw6}J&&xkYi~g5TPoU_^K|=Mhxxmp{5m#s6eDJ) zL;F|(=t@;IpLyCg(y>D#|NBSa-cY{$Yn4j{@&$N)WKUntonS^$Pj;5zSEfGz9Z$&L zK&)$5CLnhog&B7upu8W%&pFE>jOsX?T)?u>GSIDn_gd5wvA(er;m}?cL&H-ria?pG z(^3ecIJGFXKq>^&uPg^bTfzG|J{l?Ng9!u=4@Mz@jp_0V++CkxnvUd$DZJZ{x#h_A zw+3zXp!6Rq$#}J;@p%!3dG}FGCg^wjF-Lh+WNRR+u5tJ8lU9wn({D+4W^vtjU9Ek> z`t49mf=$?XtRYeDMnUhAxcx#Rp>(lt{gz^5nUY@T>Lm1j2}#L;zai0IUhogl_9yn; zfvQ`B6OxZr>%L72khiaAZAU%!Hez4!3D{tJ?CV%mKa(d*CKirPEsY4pY@MZ|F$OdE zo*(Au&etC>ae#Z>I|Q+(QLlUmwRl>B6^D>>kraPKO`bAN(vLUW#(l6}`)NRO?a(CnS3MAErEOaV@@q;f+zvDo1Wo zp^Ea*X**Q;66JX)5(saRM|rFgVXU>9vQ2jG$$ASh9WRcI;1$mmzD$KEFC|1WOq9-h z+A5|NZzeqh9VQ=>J)eQh`&_riH@p}|Mqha07=CnNfk$&r%a)wqpF6Hc+ zjER*is0zIyE=E>Ym~!LBx?wIiC+Pr5XBq=Q{SA<1GqVD4%f{MH&%wx$Q2$ck+1SX= z$jShSe*SDc#76l0rvZR<@ z(=t$B+sY(2=WqDZZ_oLAz8yfKnAm~7b<8Z6ElQbg4p}b`|6hEhzeBp(xLU!-C!Lm5 z)?)LqQk<%gJMUaj1x(qtx6YG6BeFOs&W=z-jOnEDu`97n7+ zliCKCHou7|QHYl;mJk1g&iG(WMml4eS*+u4Y3J9lxKN?7JpqJ{1f;rGKv# zdO4Z!P=HOG$Q$TleaW|fP8A>E#P5^kuD+gWK@Rw~;& zvL)0*6LGxgmtm)y7p^-25(RSJUkbD&V(D}slXw&a76xhzhCl@yQvGHkbh*E3)YQ0@ zO~FTUIPUu38IK;R+OSo(oKck9k_Kp^pW}OJ)bL#4rr!;2-gYnpaPf+}{i1Al+gSWn zdp5RzyFJ@=sa1L2FTnhR_o1-JjH?okZ*Peo&=0atQ(OM=a{|h>zk}y5lkxVsuCVjp z=*;%(DK9_i|InF@;A)}*F$aw6TND1#ne8e|8CVKGtIV&`4A~jkerB2cKlChr2bU$8 zUrxQ%$5Oj;htjgt?O{=b5fEvtO!q7_#Z1N3+0WpaAG~$;>PMlCW5He7l!h(99j)(4 zU<0cQ86(kwYV8+_jSUCWx8Bs4MGdD&*7A=;aYbx$Fs3)>$Xps%657Or&VX*P-dX=4 z15f#l&p#7%FZJbjT+fi)wX8{7Bg7nex1BemM7oHtHPhxB&g3=W%M+{C>DD3E^n>Q8 zyC-DYqzv(Ahl11^BxHL{q499jBs$0Gqx#)#?QlCsYE~iYXEjgz(Lpy}rqP_a(A3g;6H!^(|Ky7vYSgo73i8DT8B_vdo54xqSkLO&k z^+HVCJ(XJ(wWQRZ{RRCqtw>YRkGi@mXVAPvgqZC|80+nmcE{cJ?(-P*_lx*`n3LCL zZE7?m5{xfP8^Wcbck4BL(;dl95f?~}Zf#c%zyq&%JA(sDVHjqsN z!lc*h=l>sfUjbItwysTgNJ@9-qNJrH1*E&X8ziMmkZx&^lI{*k0RbfhBt*JI1O=u3 zxd0XS+57B!Zr`8hA!e*K$6$@|<@>!K2TY5|Ko``vd&Xp${v)E}Q$kE`9QXbvv% zv@o@?F}1TaCNnfPG%*Fp0LcvPOn$ZPu(We_v2<|-*D*L>Lf2S+^*n%qpU;1o5tk@;+%DDZl zCWA)-y+F$&)~|xQykMN|q>ctLLqKa!v6pc%Nq3u_1ZvhnddCiBAdUOU(f%ES`!q}e znPct;sOZM|ilC)$jI@~W(_3wLMk$q=+&=9e56BcnwF39zn=NtnjWV)Qc>{79Tv#F| zdXc?YKMf$w3VI-=#S=ZFb8?OqODlXW7aY`7>=KPF+&{NaDq><&i~khL*p|v9`d&5l z)`+ePiZQ#+lhD;`i!B`F|0gZkk--)kIt;ko`b~O(f>_ZrEJGQ}OoV*;)oCmk%8w${ zAW87OBrw2A%N78^20*izJ6--Vbp^o%z_6H_T>Z9pG6%u>UtI-$fv@^sUj=@HuikKB zFLMt-Q4HyxhsctboltdT2)C$=JP|j^6SHP2|CbLi(aAfZlS8O&b;l{_i)?aHi?;>g zv{U)|hr81_eV?NZ$P+DnUzvM_+TKBRZnJLv0(Af`Q~rq|U4hlv>Q|#JJOTM^<&0{+ z^zCQqvAFee0q;>@rHXC73?C0=NY{RXdUoajz5AH_SvgjSbT@}{dnmt4#BFgJS=`vb zb90|pa>nN051=uV+~J;7neRpkwP!tm`ci|)dLSFR$S{=X4LMwT$Fn2X+4Cs6t1c}E zyE>X93w4iT&de*QP5d^Tpuk|$L(b^Itx+MiyUStAe$vzf$#ofNsdAM9$1)I4P3E(B z@4u#f+juF;41WMN>`Wh$Spm6GQx72GcJ;^4h#OEY=YV82cR zIn^8B+<){;3-ObFiYwR;K$dj@5LbQIp?SzNThM9VpkfhWs|gwxH1o|53k<~b54$0~ z05A2L{R#mKNgf!q%;lhe#@euuuTEUW+O7#Zkg#yTHD9XA;z}w?s>&*4@>i2!19t$p z1Zz-VUc1a1D=CYR{R*{#=klBP3B>CG2?b8tUNyG`llSoaw4?s_4E664zkZmex9^~J zzeA`QD^*8z+kHhlE?cG$X!xOoOb(IR1aWR8JZo66c<1YA*WCVi)sz=E9R{Q1EN@>c zAAYTVL7PuTp0Q}X+vj3_#@OQz_G3G^WHE?$KWw+Ffw`Pn+LZahG!K+A<%k` z^(hqF>+1?>)WnKnABMREg5ppJwu(?I$N3|h^b6b!yf(!su7X0d0Vnf!Hj9H=+q90JxSaaAO*-3tP7F&IU_ROq`-kUwhST(!{wJTl)gpXA^?!#TUt;=V_ zrSneYE#_>oH1guK-($phqo_KwQR=W)L5)>H`Ml^eP?_79vWeaY*09BTxPils<{vh& zGKRGS#${`EwJ#P{ol7bCnISs3R9z6Ir=>LreBbiPprUI$DO3~dj7h~2c1yjT|4N(>`0@>P6)RLOtVMyX9Xe4A5{Hqt*-5XBL zah6`H2a%u~Pi-1CPwA_&Z0YpTA;3`cHli^Wf0j)qf)_$n`m(#n8i4-GO#Br;RQBl5 zDq)lvRqG!@R5a8?W_ zD-%jpJqdeXNq{yqfo_+S50X3A?NnKzGw5lbwS03V`GedjRioGgOPuM}u;rc-k^ z&HJhhaAdZs?)3N{^+7uKsW4P8sM7587#Key%VqfnGVofw0uRR|1{2+xj-~elmHes3&Zk51bBda6)~Gi#;)bwY$@WEVPSFvO zcPctiVMiRFtQFXk+7vh%^-hlkI-%^FV}zrmW63&kF1AiOE|xgXFE!aj3SjD*&bFyz z){9wRtS-ozVJMEKmharI-*AkLT#!DW=W@)&p-mtfHC(1?vClK7Cf8k?Cq`zmAmk6I z*a2IiohN`#e+VHo zHaEE=IPtwjXgGMv-nW=}u?gzvOLAHr*KD_WWvEOsT_$DJg$}LtQssjK_>T}Q6Plqz zN+O9{hmvnUnuw@+KhcCroHxpN(ezP^&L!yC(}tLS6!^t2;dflvr|7yWE0N!)%XSk@ zoi1C}NlN&$<_0_;H@@f4^W=h=qq!{FtIi>;{4V~eFx~X&Kun8nD#aJ2HH}`12BqA_cU@jYFVkI$$=t z+LD?93&KEk;|uE z=0twxW>Ie6I14z*R}U8#6T7rT0b&!Nj2B>RV&?=bQE)2^z#6?e{LgyKUlfv~g7gS+ zGN8wDJh&S81mZjgafn_S9i-FfzzeRbe9xO2#@sr@*58Q2f6mGxwN{EJ=3Y9+-Q8CG zifK*q1HqbcqaX{bd(VS+hv@khvZ_wjiNx}FqKWRq+yb#5o|-b!Ulx-8+U98$^q!p< zTwFAYAc$_ObK%MIDS>~4fBc>WfV=r$zh>0Ajd&0mrl3_Z&?(v>ssF{sD&&0+t;-6J z@>^J6LeAwr)|x>?0q%^q>x~loXE`4np+KUVp<)w?i_PPR>{=sXkJJUz^+m0}z%$o< z3W)!vXoUO^Ir(^@A%!S`K#FbulSMjKTenR#&p?!Md^Re z`nOQ~U(Xs$*?wgQG5lMC@W301i(Pqd0Mi*jCd$Rm#R2Xg!vT~ofe*RBhyNeU@GrJ& z5Z24FW?K=j4*>Cxs=gT%0o9>)xTWNB;|rht&rrQt*>OH<(V@1+0%SIE$lJIwj$^KQ|hX&(y zg83(#2nDKv`R}b1L`*S6rEjja>+NdjF}*4(xkyy5oO-+7p2%mZ10&%zbeQYPlkoh< z4<#0C4fmkFoYXB2pUYpI7q1mUfwWWK26MyJc_Ex_(?-Z7d|Ucn7)67y;T>mT>pX2w zQ%VlinA$)iqD^g3J|;!*5$tMn3CY@ zi_V+=12|7_dt;*kE$y!B{E)EV)uok9@0)u3pkhPD!hayGtRhY(@oS*s*8^p{-iFXv zq*wP`zn1JK#z#^VVCcP6B|y#{a0>uvC&y(_gZJu?4Pf5Y`tKgj-^D7XZ#NLhP%%s; zR}Fq3Iq~7yOZigGn<7u!h@tEChB_fE0EfnkkgcUio1C0+8eKk1Yrjfs#bb({l5t6S zI8|K7>p@v-N2m<){bYa{TWZJ03-uK_++rrqnaE?Q2C~B(PeSzxU4@Hg^J&Ud(gC66 zg$sM_hgH^gjW11(mIg&6(C8hRd*)Mhkl{uTVG>Ar7ew}b5ew0zzsQy^d z-0AH^QDdTturu`6t;6keI?;zh8I*+8^@4ub@UkoqjwX?CQQOSKxF1o9d2|bhe37M} zjY=y+eFhU6MiRWdsXX~~AOhOhefvGWj9m+>HHV2te3@lOG~r%=RR5J7tO$Alx)GT8 zld#1v^~r@kaK~8hL*C9eelwgAMWyA~G(mu74UrKJ5(YAW8wU~`+W0L7_akdAEPE1K zo$4R+D5JNslIB&I7bE)qluHe7-uSq{5Vlxwz*oOB>#Gj+9Gy z|IM+d9v4m7opdTUlog8CpI)E>CxskzP8S0a`Fd&SyWYUr@hu7dTzApf+b*g|3kv3P zX0Hn`&SpC6it-+hn0-MPdsWD&?qw`tRl=e)eYm@1TSgz_F4eq5S&|pNQ};Znv-W;2 zadM{TXFFlXMT>n?xe;&JMP<|CXP>H)VH|KIpi?H^bg0y3YxpSH&#KWFO-#QFXR`+q zP%p-fh`3(KTH>e>#H1{2ljsjV>>r8}6thfE(-@=TUnCSxdc;-c-!Jdj9ENo%AM&r& zIe^5r1hZ=YN}K;Ub4|tgBhv6IInGV?`JQ({CEl36`c(SnZnh-;zyq7FXA1*drMyOO@g?AXze9Z{m+6P|36Lk zFI0Y^ny0tYtjSX}W}Ruh(m26$$TfT!L2T&z-wkNVW&*=4zpM16;pwR|m@L43eImnO zc1yriFeVHp{5{C9rd$`Y&}+fFx_!{p5F(^}Hri_}yiAT*GfkwbRnl)R)2RDfo_{sS zzvAzWaN8dgbC4)7h9LbM-E3{3N0T~86&Dd$)aItF=9Xq4fawSX4+qPL1`S03gB`s( zP7qT1B+9yb)X!={3XjPPp9MsHMNkLu(*Y$|_AGAKdl3w?Wp#7DJO_TKUqY`2H}>pf zf!#_Si*$6TyT9MgYE|9MC4b$K%ZwZakH$cY$4gE0ec|byAjMcRCO0`T!5-ou%CXWZ zZ!WlzSC(xtsPAl~M2XQ#L;-54bU`UzN?r{D9868C%)Lp?YGNg(RL58S^oxWHhF*@Z z7Y;gCQTb#_mGna`6B_zyI#x{Kb}$-Bjr8LwCY! zo!)P*3IE_BlZRVqtwQxq@nY)`k*XV+B5TNsHozbCO=kt$ic5gqAoWb7YsUV&v9#R# z`u>*FP%D-d#Vqg(aO&0xvpN5ycjwP~}(=Ba>`{ysSMYXwV%VwWy= zXT})ty&VkyI9?W6t6=sgYWo-AF!c4Brs=oTo|{~+ULQb-jO?EGh$J+ge5sTmFBc%= zOj7L^R7~9|t7R)qZ{Uvg;gQs~39zQ$agwnkT%<`u)rT!$SLoWLIzAx~ig^1z_f7~A zd;p)D^4W{r-94{LzXuxV_mz3CX!y9V6r-ykfNBLa1et@iB@jI^wRJVIa54mg$1a`I zt7}(Pk>IA%*IsBr&@V3(`XQjFoPh;=-FprhqI?vhxo4F9SgiVw#tFU;sSA4;oo$EUfEWuZkN*fH7S=hddy#Hwg5ZzEm2V95)U@ z|5eZZJ9Bq*ySQmT6?S-pcO2n*Iy6+@owixT1BavC<8CG!&FC|*PXJ`ug-I?-V#3!e0IVZ zgTrl2L?b!JPp=klRnuj~mm&D2E15?FHi8Iad8M{dH<&o^++818+yYPPnS?VZ|2g`A zTT4IQ0qpCLgW%ourWy7!)v%F*`q;_`rH^nZlfDXlBICqeKT_-l!6R$+B?(cWjjj-V#(6%shBw0ix~75&y|l`y4=xA)0HdK z+bkjlEjd2rWm6jSo0wDFE1Ps2Qe$wB%X@&ycIVEAg>#6WJOgyvvh2#ob$2|Ka@uGQ z$!Lu>{tBRhBuu;YAraqL{#?lh6+gl`h~c!D zt?q6GI3pBLCyrEMk*4=jIYsUVBv173M$eUGm-ZJ2+XGQWFYQ})V?mdPV4%98!8_RHp|Rm_Ztk^@TX6Bq+Wcb=FDR7uKW<#b8yir{(5WP*t06?Kob6@^Lp*M0?BxGFq0uzkpKams~{*B7cUpD7U;j=k$;z^ zs)T(vupQZB_n3SyN-o_IiB!p9*ES$Mx%aKCytwp`uxK47rw#rKmwYz;V5sCBF%Bf< zH|dd44UHb}7$>bhN163}WQ2r|o2VIsS_E2oRhXd-y_Ym#Wn|~&QsScvJoduv!)r8} zlBA9u`Gk)tS7!WWT*y_Q{!I9~848LF;!P*m_ zVYH8d;9t;JBFfXuE$0@+T9Lkp6%W%{O=)y|hJ*jo+ZAKj!Q}z-Q{vcrXKHlW=Pe;t z1K)L!HRk&6yA3?2m~lpbcBlmvF7zOiBH&}Li!y_tGOZ=CO%ywm2?UL?;T`!ri3TB` z8s<{lnB2tNk|o%Rce36OzrISGe_pM7e4YCf3~%U>Aeo=B6gg>cO1QVRhi zu-J$lwXs?1c2SclNr$V%dgJWp5TmwvTP#$|l z`A6&95!F@aHcK&)VMWPOBLi|n2XLeMR!E{%BqR@6qq5iH(BMvCDc;a5u_^kn&s~cv zO2DN3V>tRBQ0sq`M}QBm&*|^Bmqa|dS~mk_9E96dp6#GmcqA*yHGuqPO{&Q20I08A+tfi&16KXr>c|t^4Hwo9<+`zq6p8jXSq|Zk=cZBH9QTEkC83ZFR8!DfNp)5d7eqHchse5K)NuCT+Qs-ASM;R{?(%| zNY_u(AmP+KC0Za}aaTA7e$m93YDnG@Hs@^uK^Xf!g$qUbvw~?%OId?FsE>?06UK4K zdhM)k)_L_btj3{UkB2 zllnr5hKybOuU2a;496sBipiBMnYUT`w;zra@YO+cJaBuxuA>5}JLG=&5~X7lGwL=o zrA5N}^Yh|rMz}GUSC{e_X!dLdHl&>G?M$5v!4mlDudA>C`%mjXI`OCV4-H^Jp@AA8 zsOuUaNaCB)7mTR7*)UN;`bX&x(A`=2@+m(G1%d9)S0}CXe7TYu&ibjPyh zOwX+?k2!TbMxK(+2hVt4g`XzFO*>h%`l9@k{LVaYqI@8n@4B?`Krdvqik2C%;OVzb z0i;a-Mu$(35i67`-UH>wF(eR4P7^AlhLo*aCmB$Quj`u}`79BH&})}O`@_Bnr4$u5 z6TNqI+|y9^SMb!ac9B2}gih&>Dzf|R#%@O&_`>;M4sWA2e#`ZqHH-n7qk3q@L3?%# zrQl<#rCIWK-B+VK?^d@wzls>=?1tcSGJi>veKhIQVJIT5>W6QAht-fwVjA1=^@q zHff}>Uf;g$i8jm2XAYx0Ntl}vPuJTKRWL3;)a|LloEzjXV#&bPf^}`!d29TknX4WK zA$DUnBmJvc9bPF?feH;L#~Z?~310%fDC81$yLYD#sIz9+`;)XBN*84>cb6W3g){<} z>zO;50(C7;WVVKO#uh-oWK$HXE6Zr7ggIe;N9}KKZxk zq1!b-w|Q`DtzFkc^w3)FpZ-_=ce*Dau9&!UqS% z5U?;MuSYERbHqO^CU`7(<*Sk3p!*YhAot+j17HV}$zIKXjS)nD6vv?kG{3{6tF(oFN!rR&8_U#VcPWtgWZ4p`fVjaady*n;t9kbzOTG1$M1Mb7 zb``1Vf)qk?zI^fLKnd=k?Tul7DKT?-Cx)jwZL)-Pk98=#YM-afe0;AM*o`P5Z+kcO zd*ba`Zw_@4fhUT)$n`oEOvVI@>H|Wpo4P$uE5uVjL43=KHoGCQ1@M9W;csKhv@lZqOJ>r&fwhoQ|~axIKzCFIb$EBh@BwR8faY zA=`=JzoW+gbv*Zjc0)A`g;JtlyyZretm%F%G_!*X)K-K!4!xxkRLk2%1uIpFj_f=- zLtlrn?%Wb4@)F4rx^y^kw~hcj+SqFTPN6==$B5uh0=?mfclQGdS-#iXJ z79A2141ePhJV$HBor1>=Y&v{alJC1cG^fZ2Dn47KlsL7j%e=Xt(Q@mwQdVSjmsn7b zE+c)oqegMIP;xa$`Ok1eEftTT1iu&T3j{@#edI~mnPF$2_?HZ}AGjf;{Yi0T-^r6*GmCMlwA6}RdV4pYV1pI(afSbg;x5(KhhT z-o`6$6F{`M2zn|oIfV?pte%N|^m_ZjKwBtfL%p<^N3c%wb{uj}--bnzEN&G+D$<5B zQ(Q|9BAzRXX_40uWdp$ry5MfYi!nx{y?igk*c9_fY{*v@a8}0TuF!sAkL~>Xf$qq-#-IQZ)DiHAlN+|zXehM5e=w+TMG&@zLc-fa{^-u zJu9oPP>Y6Q8%7d@7(uz~`Ba1x-w^(!y|ZKNSPC7oZe?z!#MMm1029;TSSv(yw8^sSv>F zV1XNL+(f{SxlFj2nq2zG;K#6`UaEeeX%Yy$qmn>7gSMP zhs7wT0cW;dPDZqCTh`m_kB3$6#wd*XO(dRd)CEjn_tqDyQmenKQutbFV4~@1ISSoi zkJ>(X7vN6XDgiM#8?{Tv8V+Ebqd_wqS&_{_;h^f_Se-5hbk+4{m>}BZX{Nx__7f&C z8oD^zi0vP7h2MIgxucrHO_3W41Ir}oQ%lrjL~lkn*sv7;B|iZ=waFp4ZcS?IiNfj3 z!mvF&+B~vTh93wQK2eAc?X1`Jf%23~S}hez6jbb}Tklg6RhM*k@~ThF`^Z@@CX?_; zKdDf7M#5hSA0Lp{jm$*hGq@_I0z`w4uah?&%3JyIZQhapqkVU?)bCGU0cQ0DI{ILM zz-9c%m$}?ZW@s2l$Ug|O-*{|(1iok>imcK|+T=A3&%5&d zu2;37{B9OyTk?Um&fdo};ey4S_#C8=(mk><56Cw6Bm8M9HclAGf@YkwZrZu&2k66i z#uusRXtCC=xJ%@x(=`2(4F#hbPL7Y7m*f&9`CnGp=G1oWgnz9?=c)T(GDkgH@NPRz zCpD)RVc~3Tc5+Hf9Hpn>MIH8DEye{JPTiL;@A}%dwF*C}Q4|Z9s`TL$wS{E93QV%_ zbo38jLSEX!AhbXjw#?kg6v@2DPUHC@6v&$VOTBz+6(d_X~EjWuRZMx z>}gG75GT9Q$oZzahRs zJU|aefHHxd^G{-8|K$VtJCRWN$f+?OI$^DF0g)$G217Ws&|A|4+p7-a*8F+LWM_-o zhhXYME+_P3g>8I1M)X(TTf7iGm7 zp`d#Iqh#?@e06?C`xVKB*m;@rRZU}cK)6oWiWM0N!SgjX8_=bz7O<}Am zkFXAZo`vl>|De#r7veKK`{))Te;gNsa`pK(BkYWg?%LSixRqHZ4qdS4MgT-9Ng<-8 zn&`NNB3`>nTE{(+X6bgaW=oxqjSpXq*pQY5CgJ&@)nW4n?bB^C=Vf}4csgkX)_B0}G^ zCJYNd`4~nm3(#he{DK{=UR3ys*SJkJ#`bW#d>$q zRgWLRErOS*B)NS%gFY;Z%La~}MbhX%8m7bN-kmDP;WjNq=gFDidl#|l)Qfs|q8wi9 zIEoR^%gj8;jT_&z%+-%ln@%~#oL6Lt8 ziHN)Fc-J|EYGtU(25k%%u`EYf@@XB&W%e;=)DHzzh#>ayxVH&qncg3NT9|?qz zghjT0jtz=7<(!6)^=V+ctwryNghvI+hhshPQG|DIgpXjWji+3 zp}4Yq+|6^Re5%lOts+QFH$D!<3Vwl~IE7-Ww2SLqUN-fGQ=J>}g6$@g8Iw}bn0VX> z(dsG(@f^IeN?u6-e;POI+kVrHf!^F2(USv8-{Q89MYhW?f8^f;H7O76oXpzYKvhOT0FBB5e z$pSTBVv&+`E#8{A! z7cdAQIN%o)B+3n|uL*H5o#frP4WD)SuFAf4JRBE`9>{+QY{XH*_|Jg+r~I)0?4BI| z>U;ob^M6Ya1l*8lf6RjjUfHd8fQT~tbtg)&eS-j4u&}W3KqpF~>lTp?_5k?JgXNdF z1&ioE2*^t&Z@(~KhlM!08Q27gix~Cdebz++RO|2FXhhOf9<gASTo}BE{^B;;!&q@o4t@P3CX0wJ$>@}) zf}J}9Y1@JQG}OK8km zwAe+Ejupz*)hQA2iIj0)AEkO+ydGEAlW#~zOc_Q*U(3Ab3)o2NtNI@W(|pgjs+%9WDdF0DELdSA9i4FroP^7?4G|>vq8IC%+)ovVnRCBEeH_xz;B#!XST56}z=Myf&=>&d$dV-C4-2&mScFCg6qGc>}vgH0_273mWy6S@dY|k~R=WkwX4o^LzTuZk3 zB)U4Mcppb(S6b%f!mZ>fx30Zsb$76nxu)GIxRmz9+TPK=GgJ%UoEr)=Kta}8WrFNe zsd!t`b<67wtX89NW=LUoObC>k5~64N8`=P68B-;zF9PdDpVKQM+Q!i)CiLt=Gpz*0 ziC^my9&RF)8l;|t*IuMBjd~MrLY2Uzku=VQ*-_Wnm>mhk9H@8Iuzs=qd@`7GOrIeU zQDgOW%^bd+$sCD+RIB=~de1mHxv{BIEMZk@l*gmB?I#d3S|wY~8~FiHl1b;wEVYcGfG0KNOKM+DdoT%l_PsLFXS0!@|hpw zEVk%!T-)8xx_ag=EJR_F^ql%1*o)Gsxg(oXAd(}blSs~}AD7O}PV2hZnN?ogTg<`h zYnNi>PH;a?lo9g9($m#Ea|sbMc9#AXg#HH@z#sMFF92W`Pmda9H}6Kaqs@kj?8*jT zRmX3{0GGiW05yQQDq7$bfsV2w@vPoJI5d*_QCXt}i*}!|n*j9jOU=WB=SCy9p44iY zL|SxKI*D<Slr2J+u=6;CTX-Oc(VFZCajZ~@ILxhgr6rDqw@Jz4nCKGl@-|_Bw z4cncn=RvA24})N6m8?T#N9LPMFQ)qRveIs)-gmV+x7ti5TUl}Q>>HyhiFrj9(=2In z;tOA+>|Tdt^x0W#M1;}biX|8~L3zSj--+V6BD3fuM0#q+LQ4X_`dQkSkRdgG?J&qy zZ@T-?-=qV*t9`wfccXHA4V0r)GZZ*6(HoMzY(i!3t$(rI@#Frafo~^c;r59%Ze^=3 zZro7u7IInPjDElV9BH0TWX_|f4VmL=_GWtUNo2doE+=O45g0g|{?d=^D<>3uDc7Ipp&m_kvJ}Y)l0+Cn#%%?20D!&h}Gcinx z!!Y>V0#=P)_)X^r?#AzVv&K}i%O>GiNGVOEB6L!15G~g{BS(wtj3FH*(;wvL>2I** zJ6OBdh{k3e7Ui&=ep{(XB!MNge!T#**L6|56Uojie?>3k+nt2Phuxc~oxJ-VEfP`B z#WZOf$XX~j)r84+*aS^W#6AlyI^0`omZQ1FpOSSj5JkwNMsB4TKOQ?MF&o|>s2s?I zKpGLPJbzJ2da3_ZFZCag*K{#;H*^NPUkiJHQr_MU3?y&{_~WmM`~Z4@OGJS)(68Ix z_Mevw{w#8}#rmndpa63WIQMN{w;eUNN$B8R zdNZWjZE6qmD-TS#J>oidB=mfjY?Wn=DqfKy8@KRfoSb?Wn*nbw>mYWrTZ?#NfR^^2r!ysDQIYG3#Z*Xq%r&dE(60Gg`Ko;2ISl0 zW07Z6lr!=iUYqt0zQ<)$8AJ0s^#f@8gjD`C(tu#z2{+gTy(PMMTO(b>7uiJDnY2~Si=pI(i1+qGcO?KG;MTkm0x-hcL;C_%aqCFb5u zST)haBzwp+&VHB2-!;kkyG3->&cO|z*ej}ct2%>W7hY_?YrjH-qZq!~n*QYMw)EMZZ zRLLMr!RY2meIrPGI(EEd? zesbyd9?L-MTS83%#^KNS1M$|h#`vSBn>5FRj!%8#&pFM5oT!c$UmxhZoyIQus|+JNBDuY6S_#m=1BF*>Y6^JPJE+!4_eq$24)e!@cFl^F7}Z zNgwlw2|)%wlPnaJsBT@QusHHcpJuv?L_WaGQQFb#pUURaBD&H5HkBAwCo7WGzp+?GEUC{b6;sYjPd4f7oqPvZL7;h^&`N!|a1x z-d_aKry1XVp|N=h$C-q?<)BHx?%{!4ALfg$Bqi8kGo5>n<+Xf+lg4;BR^s`+=f`g& z2<_5anXP4X6B#=juyf{O2;?G703fQJDe%(xMBZFZ%;qgoJ_vn2*;Zk^eQ4pO{e; zia)*nqgf2tuH?AX3P83G9MxmzxgtB~0Sc>gbTqeZ zdh!)Ff*ERtWjH@q>K~x>6A3Dlgdtc=+Y6Sx$Q%wZho=p-aOBH!O`?#1t=ui^*Un^E zNI&K4ODz0y+Z=D5RT=?BXLN0tbJzVup=!>W{ZsCFy}-(jR&u`(i30*Cd#<;})_yF& z3FG-2e+$ik+YRn<2H%Glgo3u8@NmQ+IZ=M+8m4h%d+kIQH=|8yYgT6qFS=d8F%tK# z^Q(=q`>R2D!MatYr~B>vYbpknW+aHu;m=jVF+^VenpbJLGj9BLMw?6tUs!>5Du z-|izXh~ZDjXfQ=S=FRK~3f;%$zk{+lUOQ-mFQSB)LtJUq5wPc=NX|Y7>lQh5WU>OS zP!Snx{=E0|M~&%)_M>&SQJa_ij$M;sb*8PI8@F%6W7g@sc}^BzyA}}WaHscG-jlM3 zoxCow&^56Sob8DbT)XhRvqi+7S$8rqD^W}_V{i;+XoT-As~J4IHDM)iCNhVnC0W0h zZ0P!6=Dfd}cw$#qx~AA_$SeqJQYU+E(e5GKYe&}sb^8kRhuZ%x3t6S?dw-mI`5;$1 z3+Bm6vo6_Og8Cme)MW|^l$rs{KA?xjp90DEIDZ}f$n$tTZBao?IhjFlP(U(;WeLY? zKkmSAHijD4v@=UZ7Y&+U`yo_%P(5mjKIc5Y@r!Oc{}<`>Ec71+x*)%-@3Z!J0wq2(iVe_ zd2)C{X6us5KJc#AEyDdShA}gELBQuHP36gvgG03 zJ_6g3gL35OMQ%I8Nwwq2JpN~ zEC#qRl9!DOpv&R{EcDAd$sdRR&UgJgKYYMq|K-$F4W}zj0Le~m`ijK zVGeajE=HLeF2>G6g)t^EC;`X^d2v1+^BK-@r99&yNSpi=BbKvWWX~%j+4Ukhu`@}7 zb*n|VelFm&u>Fmt zAa(zTTtL7=lmZXoKJeqmIry9Bei8S9@4FnX0x;a4q?1^;e>?xv!n-o>0FeT;fn^6O z0l{fpfNk>E;eY>t{?6vB346OWf=(vizBUDI`%&}sh591BMNS~vU5kDTjdUV|`{80J zO%piPAG_pTH|q-bRyVm)SB8n!@9RI|0FiMh&lI#w-o=XABn_1=Q(#sY#A}Dt$i;F< zY6%Zh^V2zQV-i@BRS#i;^+=0aDnrV{=|gl%w@hTv7edxu$m`j$!PFR9I{ zUrb&bpw)y+H$G;CeG?>3=N)aKfa!jUT&FzrB84a@FSD|pGJke%fRSX@PMjn>W%e5c z3*06Ozr&;gby(`qD`$hF$qO#?-kesw=dWZM#kU76NKjF+B`}xYm>4}4O=+#|LqIq_ zE0Q%ycY|zWEw|TwHn? zYfiYB9jrI?CsuB61a?17G0!jI?BqRVWqNs+amAAV!il=-PKb8DuXThfp-eBCpeecy0{0j#DR8FV3C7UG?a*RJU)h z>v{4M@o0iVAl^VAd=1b7`}u#HcD;$Wzn$@lBw~t}(P3O?BD;~a65_P?X4kSmz5FMB zzS^Xh-5Let8_}nDlW1?vD0P<4v-{)TY$lZ5&+Xg6^mdt)dZUS*+PU5Idizicq+M31 z?wndYzS{7bMUzTn&Vq%-XxeJU0hyUhfh?ar@ijzB%lO$5`)BF$KF{}(?RFzWc}{%H zmbya&8{)hZ-$lDHWFP9romgFH+*{rD&#cH!Eo(1^G#la}7FZM`J(RPnZN4pW>T?$A z?_q_?f&QKK7`w@@Mpv#RdFk5BAGM^zm=-+*qcURz+C*gd=C!}3 z)s6^JgM8V2a-kE(<~(zh7VP4m;L)6^mbOJdeKT6I9>O$4ifEr_UmP^y+##3aLMTsZ z@Oc=m#5X@(mb$3gjGyOXCIR%-DX85-^%i=cGZU_5Jp6f;_-;$Cs#WD|oeUH;ZSdQM zhLC%>;WmDZcaw|LCm*TG_AQ9tBHG&I&w^I|_|X#*3fFyN<3+oKTNsuQMT-lRnCp+Yb^3Yo1rNT21p_(NpK5@a%!v~)7k^#-1tkXGd*$8}-}F@&yY7bQ=o3<-#`jKIyWL?5nkbTmBB1MK!)_ENM|Nf;`~8RkA#Kv>#iRs zp>LkNbnn^0{`_S{=w&St80*Um&_r^AJ2d|1KT#8e1qaU%A~hliG+#it`~w;i9$FLv zrm@dsJlcjDEsKR0p9ng?JZ+U19uarYxT-1S__2DI`iSUv=bR%`(F>9;h-y1$w2OZ7 zRlNL?8AqX_iKdZA;(wL1RHf3ZOuX@fu3HA|?uJ`Vvitvy>_NNIxFhEZQRO67(ah-EAWx&pTS zScql1opN%K5z^T+A53k?K=h_c{nVw;n1OzBaCa9=E7o(utl26)MU3HbG`#4TM&3Ai$aFg6p!C4Ku}y$6 zA~EI5|D*0Lz^dxnbzwrfLAn-*bS%2NySuwXxlg1n`|Pv#zr8MnG1rVSmt#Er+;`=u)iCI;znq@o`$rqc>_PaP(-`oz7ER+aL&2I5 zJncazxc!M7`lER>ZiFk3sJ6VNgfGPLVN0nVE3`UEzN^j-QpMaTkCxJB7R6nQ?(#NG zm8AhIgeaKc8}JRK#TNuXZf7o^Jc@jGKb=3Z#(!`2Kv~(3fwIS1+jzOe<_#?e#vN~^ zw=5w|ObgDF)5JKE>yj2A!Oy9kuVW#-3(&mHj#2Q!XJ183o`$sYv{+L!9HLk$7p)a| zbmhmRKI44Ed{43!0e;)ztLKyHhvy-n$I|#Um=fh@;_5hsdFCZg;n22h7f2alop-__ zFxMI84Pltp_o2rrS>Fe?4T?O&WkdQ;MZO+jTlVzyzID@g9^t~X$vk>Mp@#H_19Bbt za%-?xlPyBml3+VDna1JJhc}qC>j{5b#VB#eeB!$$Qk{gOzVHkgGiT1&A5BZk#mu?; zgLv#h;UT49msfPTDm-gYnFdzVrn2756GTPXry8nI9~Hl#7;VXmsDJP!BqJLqyU?(t%g9tJ&!9NVH3?U>*jW_oRhiH7 zuF$}u*-f!bTQBb{ZnnAiVIp}|jM}6_c6EPdmByC9$)CbF$wv{IDgiW&y z($|c*))InF%Ogj&u~Qe*=sldWm-!O3C)=1i&Q*ISbpFvQEssLfzA*``slQyXD4$(1 zoT-e~X4B3uRH0oy_mHV_6%6pscyNMq6=xks z4~0sFy>UCIWY{BXg(rQ(0@US$WeQwCEj+K|4>BlXXJa4q`Me36tB89nK#YZgiScQo zc>g1|JJkB}QW1zm*ErNns4zYarBroHhdA5@BF)^Ss>#vj#WB6eE=y?*SyofywYKuQ zuD$_G8FQc;7brWs0{^>aNW8^>8rmKS4)~ZUbk909b$3zI}sl_W$Fl|6QDL zVb#DyimHwnl}7?M=9dHDEiTC6z(==RW92s3x!6 z)te1HngpaFRr%BJL%UPx5LeAdZh39gRPqYe%TWslz?Rs=wvK#(A@AT0 zg&D%n!Io)>|atc+czzr}_|?x7l_ zP|MI##i7SC`i6BtWz8Xbn4^lJBwk!p;&7Z|pb$r+!bRH9Xnb}4{0{r62fKx4F_!8~ zY^zY`G!~AIb9b#ZWQTWoFr<}VjPSE$yw>}A=lkD-p~8JpP=*=d^<;!l1a^XqH!0@( zmQfktDg-nZVvdDF;iR4*BlSxQ`t8(S^v7665)|(?kmNzY!{gFE)MM6{h+;qsd*V7P zel{Ug?p_H(TUYVA6ZCrczwd?q&d7cZ(eK1b7pNn{W9OOdmlr@l`h|V+ z?R-Cqn6m(7MZ8MADKE8_V?m{T^7Es2X2|MazPvvqCl54OG3lzISqZW`Y~Ju=u~Exm z!Povy`e>TpC@hr1aSfx=LjaV@PG(yPKkLM3_BA9?bqcjCJ}PQ0JO+0BZ9MAg<7b3n zsB;;J4M@gHuqp>x0q#5fXd@&j!;iuIL>=PjS|wBCAEr09Iw9darj$3K1EQn~7vKXayJE%Y5d-`D=DHF&clPZV^dmkKSA2Kc%>eP28!UK@&4 zZGu@eLbKf!ltAvYhGh zryt}9$}Bd$PG+1{&%kvs$~3imW7_*FNDq&FIliHZPmzuN?QdSn=F3ZUp*6NIM`tWA!(^px-D;&?>4=yjo6; zA_zNX<)N~0@xeiBH|d|Cd2rB7;N5?A&a$^eYF<+Cj zx8-r~GcJCt{^;o|)gR|wBQzVhpj`5SU;enU=`jQ3EhbGd7j1ZjOEOFT;$hfN(%q^J7fUGFde-b!s05O zePS24BF+|{zqiDMxQ)ciZMTOSFN$+~t*}_XWPIbC8IS~gi5u?1y_@M)=Wk0il{3_YD zVr9*a1uiP@Sz@Eyd9%;ZilEF_VTZk6aBn);b$x@e_j@{(NLO)JR@sOySHTmdMSr~X zYH{8#UR58y68OLdpN%}4Yv_K9R}AmS7icRah>u@y9<|vtsW;9sy(gqXVZ>#5hj}ON z=wa7lo%#_kbArx7H9U5y`+Yw{kr*`J6izt{W&<~HX|k#1trPsI(T4>%awz)oMfbuugt`Co@G zJ}Q^lLe^x4Y}@%QG6)Se|4nxT4#qEzPx+s-`@Q4km$&fi^It*R-zNDJ^yP|Xne#fH z1rYaKk$ZwU*sc=(Kz5GvYRC-SQs=*G8vmldWulQEO2kbV>)v4CoiHe6CYzT*CP?N3 zU-~jh9Azw&bD?K56HaSz%A*|?eFx{go-++K3_W1lC@7}hF}-8)_~i632_0r7h+1T= z%j)wcVTh4T6KCg0!vrdu758_GUmEfC~Pj_2or#= z|M(+L73!&m)I>fQC&6=GE!rG1>b;Uh8*?pp{Tl*uIE8atH5||-UG;l8WclZcF4s%g z$dup29tiwCaC3AwHnVp5i9-n_6#nQ@`3ryTl?(mzntylVO>CDO^5?3CnE*`D5uh>o z&CRO5!&9U5=ub;D;J3vrBL4$777+_w+09YodY(VfCU5&!kg$mUXh-=AMeT2twm
  • Hfur{@EX=TrnWggXAbwsloNA$WT)K+BrKM<+nk$nMK)7X4fL&nZ7`3>dz(d;v*?n%k$=S?--e{D4G; zCJK7NM!Yp2-@uV$usye|_PZX}s!HRDnCNDF!>y$Rr2@!M1u*{)b(8P~t0F<3U-2_1$D&}_90I2E}r6LGOQh@%|N;C(Vc!7)^yg*LI&aS|3 zE-r5N<^Y(Gsj0b>>&*=;u5WOa=>Qo!IROY3#wK>=AfU<@pptVo16>n60=F;&6q19P zwJWd}T&|obfX|Ws4}vErXJb=WYg2O<`s?%mGOz0@FAL!208O3J4NeA_{O4Oi;^5q3 zXk4*P{`lS)P3(WeBY7lizdKG-2aCVM&0V;k7Gl%Cw**+0w>Ic=a8O?0-G6q@v!Iat zprHTpUH0%sIQ?l({+5LY+~(`brKpL!)!#p7B)-6($oF@~i<`CbRiSui>B#NfQDnfs zs#PZMlpbRIfpE zNqv(n5uduAFfm2bLy)BYq?o@qj@6Q%yt0$0CNV3?1=QoG$b*P5iro#d`EI8&_T_=G z2pV-y35>q$w@!O6V0ey9>9^KSma;sC<^f<1?{hN;`CySN*Gt$vYsfmiV<%1N8aL*$ zJpj(#+|niwKS?`Az1SK^%*W|a!P_DmDnHl^3EHSH45L02)zQbyEFqbFxq)c&A|NN6 zX815teqyI{b<=x<<6e}EE62BMWs(Z;vN&9aW*GsNvMYjzKY2(^om>oAz-(Msp?jLX&SGWABodE6g+mrrS(m#>&K-5>y z0*FSh0Q6p-{!~GC7yEg+sDk!Lm`3G$-7Sb&U#nl{`g}?$=@d>26 zoPWF>lc*Vy;5A@#|VO-@KSpWu9V8{kkXtDqx82>w8>+jTEsl03Ej(MWn~7WnPu;oxvOTboQi21ev~AJgB6)wIstE6n9C=g9>B(-VE5vLLWdO zFBBIDQ9uN^CO^xBr>TrUIu7^9R3BV#_n)>gD-OLImZF=+qU6ZmQ*VL1cK-H_bgO%$ zH2y`)%eRqvmP}pQjSujR-Y|Tm?~Ql2@JU{M?Kx$xs?Rs|v|^YB`WsWeQpJSS5DbfY z)J27v9O`;HoZEcBQXRayQ7D+^n~zk!b=VraAW4|Mw>S3NJ&0Iray49tc*>+kRB5Y( z<`c>B%oLGURQV-G%HeiAG7}3?r>V&nxRqa#-am!aKj^Ms^`YwPL8BOfO*4^o@OjMN zo>3s+)H(gJ4X%Y7?~^!dK)qb z#8S5L6rYn0`e~vwJ-LIR6H@IkL(H=>l{ISTW#C10w{vYoE{WHiZ+D5m>G?(qL3=fR z`&$FuhRb_UfRMX9lFCZcJfgkmqgA zs7Uvx)PYt2B#sPVjLbD2VT>n2wtsx}V8I`yHHcV*Vz-aJDz3SC z^i9%8)RFNAjUqG_s+g+U&#D`(o6HUv%zec$1$b;%?UR5J3k-oe8i0mX=l}izf43`_ zUVltef)CcL8Za^c68~_gdz{`D+^4%U+wRvb)QWfa(eejYcWK%+K{Dy25(U)P0#g0v zpU%h0(9FkZXIbK+H@1)Wpvk4bFZ+|4vzCATt=G|?;M3O7Xs&JWKgr&Q(*Lz9 z|6v#YxlMoV%8nQ1`9AayPUlx-nnuV;kyV6zUOve=?7OR0kf37QP_~l+Hf#L3wH6f_B&=hmQ%zVST4{ z7OX|ux{H`aY_xZX~-TAqai!9gm>+WHK;nZ zFa<+hqym>Pr3-LJRmjdw~9|8tYV0LUXS0P+a5+pTGUCo?eh`?r5p68$?% zo2UXa7|eL3rxB56{%TagI>0+^oPm^SEACf&lSD98e zbHZs;x0a8^w$E-xCTv^Ivz$UM876=A+Cz<2RxV0a#k>6z<6`B5`>h}K`9D2l%KJ*o z*L#oHrkMEIi-V(`oJp}^>|tjnV$-w_kH1|c<*NnCsZ6L8GfFST556&M5?p-NCl8vq z{~?4%wYEHh^zw8rJ{z%+L0GW-0FUMqjy64;G{H;Q>6Z~>(9Yg0t6Ns`4)m$!K7HD! zhpX>Cf$7f%BuY9=w;cmG=-6B^lLM9pD6x@^7j?vW zyE#_&EJwM=({x=-@TC~SiD1uM(?QZM`!HjKhFgKQ{aW#FchIEt+S`+flLo2Tn{oFXyrC(R)~ zCO5J%HBxYgO;>muTuQ7Jbw6~h+nj_Uwri=TYb7A+4jDF$>%PF#_)KKRgD3%=B4h-T z?n%D9-L!TRwo|Te@ThAo`gFmg8aBN(FV$2TJy|UI9|pLNoUPQr7}Yt=$0B{h(sF!Y zgsy^K*D8##=S*tJ?0K0A6LTZRt_qxguU}sK&Tv6Jf>d2!liSe@TLcrGbjI}e70|!r z+&{hkH`nS%BlG>PdfV;r{>6vfsr>t5FKk0xpcgag6zf3&jh+?5X=Q{@kEXpCkELqH z&Tu0($Gru2Rk21^nQVYM?t9dmB%GS;ks)pFifjO}eEX0vY((eRPcsB>rjP=ZE|ZFI zWutd?Rg5a~VYd{vKilG8Y#$RW->1!3=oaSq+T#in!kxlBg~XdrbqYVDM{;t8}?w6mzNqiUQKyz}dLgn~h;+D}q} zTVv&+vpmt?1NZ8fhcTA3b_7yZl*S{PJ1y>^&WZ9yWDeeYs{nmO#=# z<}Gx3WN0Rt*sogGpgp8`F@miMIkU7qyXn3+a<756(5rG1ie@k}FBMIO{k?)ni`yXF z@FxAX&rMTICV--TMV({pU~3G}RRNABgR7gKrzxABC$|N_18Qz!2{N&^vjz^aUmdcx z2ZA8B4vuz?Hr93k%rZcc4YIQKwl{aZ9vL&=HAvVl>+KNyzw)L2 zP6@6a3nsxRlZ2Y68F(WdgFF)NM$d@=FB;Tt<6|JYIc+*L*H$ilw zZ}zr5$$HIqk_WncYbeAm0OEJV~FO1`hqim~_# z=gY{ksYE0=FG|tb946^i=|%Ka=QGxh-HG6;HfhQy5rMkWmn@;uX%gRMnd5Z&OI;;N zKPJ>JQQslYnLyKD^-|mdDk$H+d_J^(+P+fxYLQR*Q$Ln3WIzb2zH)LF7IF<^f!sH4 zCl1HdK1O6Q_0GOieW<*pDYIyuN=U@QYD7ug%e@34+Sq3jJk04E80P~G(i&0cbtA?Z zj^=io?fn97(%<7=tVVWPPG?GBDKNY9QdDMPn1>Yy>=93#G`=s<(W}*w)Kec)uOfe- ztBbThypUsTwpBQ7g=qR>8AUMX^?1>k|DJNrrZSy+A~vpSf2{?oh1|(EH@W!tm`>f| zzm(uF6~?$WUm-p6RLx88l#2HIfWp`Z1+{-vfxj!we|p8AzQ8|Gf-syspXF=CSH;~Z z;%YopJ`l~ICz&4|YQyFWkkIVtkB$`kE+fWEdG0EtLqGmbZInO^CVpe;`*M@L`gGjb zeRB#m%xgU9Rz^ z4S|o}&$QnehbWGzrD7Rl3B(0jHzi3{vx|=DH1O-~RfEf}|?gbaJGI%dS{D;l64)tExiO3f`tDms?%*;zZPPUBp#Ds#^1sk=_J zsM4ocu(SNqrS#XXLd#kE5-5yS9-R9xwBY+4RfV5QaYgV)ROj6KH%M0Yt&iK!~45^gm^i6Wb z+vQ_Xz4M+}Xe0=k_Hhu|P;;%Pq~6{L9Wt8{v}xIqk1jY34S9yRw8LayKR~LQIdoFY zX2Du3d!e~8Hz(R3!gfgAv1R|6cCXdeeeTS^A(U@SwN1Y1!HW3k#XUQP*WAgBQP+^Zad%TLb6 z--bU!5AMu2>ImZCr#gb+1H2k8z^eh>cr_RhDNQ&zUl}D1e7GMvpFSE){ar6zm4b2p z41OXbsa-wuhOm*D^g6f?crG}<9sL<|aA&?woN)rp4P1aS0NB?7-M|V29exh~^EduG z`P|mDO|?&!cVtbe?w{GIj+3Bwu}9Xd8tBb1mJn^qyuU-S-(E20?2B&ynX`6d)7NV& zy87XxS5h@45DVsRJGAnKt>MQYbGo3Hk^+(UQouOz0UtEsq~7DdY8JOF=Ol!s{l56E z#4q^Fpng3r&9X^0HpUE2lS|#2je{RcYEN->+=3*3n4s2xgLR?`_AMUdg-3`Ig!pl^ z{)c;w{@>YGc9nbz!2on3LaddgeluSho@xV)NoSvdb8C0%#5_Yz6{$7!&ep2Z0W#ly z$&o6?8E?i zxwV%ldOSvcJcXl@)6mrP3G3Z`21;91-^gf|HisR4G6?S8XI869!Hi`*bVnRHB~0s% z#%;<7+yajPE6#FmLAB0Zn>DnmReIWcb6e=;i~6EWool&4Mr3N?$S&5$UrIto!rFW>tcbU%gnAAY(OfC%Pdht#YURl;ehG_UYSy|H zJ~M=(yqxa-s<5bd@|8%U#amH`o}7IjzkI~jlD_Qaa*Gfr`l zgt&iE-V0Xk^1ejXkYOn{pzXzqDzyW4@kSuBUa)#=E*>LA@C z=pIN3O-ZxN@#PChbq&{v4L8%&io|xOT|Vp$7MMw20!31ElCVe{wN5VvR;tuB+_3wc zSxp#gwVMnzYncRPrNu`yG`=%RtIHhGQ}eLv9vb8w}>hr7p(lQ)PAy>&qXQPPe);ddgTup10_ zFT_o)9Y#q!i^VHUmmbafZY1VRR)@dacFcUhEfo<@;iiUDI`sL(`mP!GS>Bs^C!uaC zqUH__)l*aRks~5hoMYQCEqT0&b(GkGOx=V9cM2uJF50u%+Naf1n76kSeX+ zn$eD!h;PQJoc&m$ZLHQqRNvRyw^9d^i{nX(EXWyX9{=K&@0Mz>aV>k(Zfkwq0cYYW z{!9O}`{2is+h8z|BJyx_w*8U90;C`p;C%dk(Z6p@_;D`C&A}S@9pDPRmF)k<^?2U> zi}CHwTOher2gv$ow_#=>f(|pXN-Q#H)P{9Tg3iB?_FhG^g5Lh-f&i66xM1w-a26J- z1~BcbfHVC~Z^EtYN5aDS@xcvA97y5jm6>_KT-Tlk7W2=Jj2~y-+~VJKFK~f5uC9f~ zV)}6jNd4y*@VBKJ|F(bOfBF0UU68%onA4yfl5O5(8vDtmmQM7&ds9ZS3DfcE!QPu% z_*~JQUpCA_t8yQl?Y^y>8S1sx=(c{4LdwloAqMyK1L~=~Ob6K#jd2_cx$(o! za8ie8Uqc*_ve>ATqUP2b(b|9)0Ih`DRwad!3V_=_$pjU2wEyCa>vH#y5ACl!S7R#*&Pt@^xmi zuAmeR9n|u+iSp;#B?qScZ{&!z<7M{Zai~dkUZI}_DRCj&4IJ>dADgaKu95XpaDTkO zwvhNth%qAXlIJJ!jeqy0p~=L7;K{P9CLLa8P*n%@Tyk20({>4Q6CB3=18S zvfxe4)wt%SXGP8Y#MKjAThnEFJc>4gaV-{hrbQoT^Km{0ji%g1^&3oKn;naDatZQz z>i;&~ct$)tJ-%~04BW-uynorQ9uX|N2a^c<;P6d)Qti&*L*oOkO~tfyTAi3{VG9Df zDz4g*t-Z}1oPfHPTLP?`;njD1ZQ(wj_?6O!IR-4;13>D{-by`)vRWM+DZ}QK{^Li} z_?v!zeAi&E--MpH>TlMrw2rufk~rv^k_rpJt+|fVBT8S-ihc@ckYZ*9I@AFM zyekX$dI$_SS%9qCfBw#YXX5sbd-tJ{l)MQ0fMae`-bN_S@*rjQJG$<`>-Pm-ka3ai zeTV7~zIrryBp*5F(~HeyB|f>!^XxrEJR+h-Z08JR^2)5#3WLBLqVv1F$Jld0x#6FE z94I{^wMwV9kt>9~T^#J^y*-6L!bf2GhcjAWnA)kG@nt%xYX@N7zU?x108QL_4=G3bl7?J&OT#~AE>nf^jYu?<4u;gzr# zeIqv6jdC%ttU9@&8}aNpCVDsu`)j$U&;(WV4=T0j7k!ZC3DC9|$w*;6V4=%;_a2|O z)F~o`QGXw++gh6|XqU9cT%On&$#?(b5!=$5GCvM>m}PiF!OP zbu-XvU%^Oh9K6KYk<7=vF>!;wfP;>}L1nU%-4JctzX$g=pn3Gez zW@iUUaIk<>xqdLhAt3VzyPFvUK$3PKd2^t!%-q@8*umTpBo15)KvS3-gP7TX`(Jgp zgF%1X@$ZH6FKJ0kWRCjs@V-w~!ti=|`Q}@7S38(LcJQ@n?)e-UMF1ul@fRX8elL)lNH2Rh zc$!{Ab9r>=Q%K5~lcY(v7z+K(nzKL4(*~xhli4$J$NNR-N}UhiViSp1$WXQus&*SY zV>~VM?7FzOa6Ti}6E;)}AL(MVv=NDRuS{np)92~Buy3X8XSjo%KCth@j21Pn&G$fU z`CdGnYtvO>f0fQtTF;(z?**yUJ9dfm3UsUW0_HYEEk^tx^j;;m^DP~mA&luydrA=u z#+QO3E-=ZWld*gXkUaPWq!J1qBl;UbQ4NbykO1syQ@!Ge*{WybjasBzoH~Sy*&(2Zx1beqeCE}{#bHgh2NBh zf+909nDAzM-4(fgw6N;0NB@MnLdN~^vFPm#ZtU3`d~0B*0Gkj{B^;QCkN>6Zy++NRX7GIB+Ih#%o;PkoKAYp#GA;GGc9uQ zPc6UvNJKyHiSaSkN*UX^`-nAsJx3o&Z&?$L7JNL|!RbLQkC(97JgIW=fWb-NeOE`+ z+CDYXXZQ4HkHXa}c(BfE1*kY<$=6;g((V~G@Yiy;qe4nP*2h$w7d_Q{w)-u!2}6=n z7c0G3A1A7elSngD{4yeyqq(6E&c`v_bb5rvW=h`<`JmE)d)1biksE^Q?jl#q4!%Vg z=7&sY94s@H?m|wYi-+Ld5Io|~ukjyU5!j z9k9X8<8n_gQ2W>(XCE=PD&o?j9}V<<*uJnWX3WTDc<69vLIpC3fj{ir|9ojrg!sAb zULC0G>)V_cDHks`BPnJEqS@?L?=j6{5|GuYCpaP{c;O?L3Pm6}t$L54&R9t`JjCKg z*ZMd^3)h7?uQfl$tBx)SgKcTzk7xQ^LJ$E}jm4lD#l)LxFYv?stSqb!r_TKmcubE8 zM+Bub{vP7?rD$=mM%TDmvBgn~LF&`?j=gqY+ebWJ0hQ9j{Hu}KIbhk)x~It$UU7c5 zh2mCdbR!3IME%xp`lLAMK#mh$~|r?WX2u?+3cK?LsAciy$K{K9Ka~x zJH)A!%sd|pB|c#~_1jb2ngeNSVpsq-YsTNF$PJ#Eq> z^t|ZYY+YtLK^5{PD8k{Xp;%qNQ4rgXH z+(v3P$A^)WkXFG`xvU?0?<7=Uuwe*njfmotLMO!|Un=u!ein9E>Cb7}?lm2>A6P%( zD6-1jeXF15B!*Ih%D%9ItlyBMoZRn^vyH)&mnhyN_h7cM_pyqm1e4P6TXyTu{MbXV z1@veFUxMnB8`>M1%{|A$ye_4A34)RL7d>}+4&~(t79Y}_wCc?5e%hom_#i%#Nu>PJ zs#t7o4Pq2+H%~&Rg+1+(%*Ropp+Oh|PGEk%om>Xus zW`HsAt6InODy@3Wl3KaDi7VFL-{*2|I{lc- zb+nrspqvAOJgi(mNgdz|T=U-F4*y>~^6zALU#e~F*2&pHF8gwT+}v`z%Cuh%dJmLA zr6_HOqD@5~kv?^XCkBDFw&v?gBUhC>XrrAzFU44uoxZxEHrFj!iMGqD*(dN8T#r>c;7C` z^=?w0OF3#$IQl(pLl6wU*PQv3*u zhj^yNGfvo&k0jabl@C(qhgrx7Zi2KhGvP_zaAb#5w63>OcbmE8C$fZV;!=rCQ zU_F_wvN&OR10%(ax$kuoisfN%5S=7~ZyR5N_P{|q|D-_}@*gDiFTrj;xLwRn0wLf( z>Doe6J?A$JurKo-eRs60XLZ$*uU6xKWnsnZG{6 z!R}yu5VBEyd73Zz){Ld$%l(jCDv@JQSsNBQ#vnR&y+}OmnAl1xWMb zyvVwb_7RCS!5mSieO3+g-RpJ*R8mRxMyn9<8Ir2E2B z-<3nUL|zBp86NRBlU_eu%H1iKYoR56UsZ0N+tGNC{<+8r&a~>y9IxD|5II;E41qM*d*x zt-z$1PC4^dr=T}n=c3FNU!d6}D@xADVf#tm;Yt!2TGWjbAeWMmC+q&`pkN^EB^ngL$ZfgCeFsB41|8wZ^%BTOkUB)2~}ot~>%aQ)AE#AR@rE^{Wu{xgYc| zX8@?whLHfY3gc}+Nq?z)PA6|yze&d&WDXs__xpmo3ZwJ?rd@!d&|9o*L}Yj%jD20J z{e%4+8W~evR2Xyvg9z|sU1v|PYia(xGyK23{oiSg&P_T;-#tng zs=OeIImdp;Z;vwyS=z|MjfE3<``fJuVLRmt=~^vu$%*N9ztKb{<$AtNw9Uyw$@T9` zs(d~g%|7Y&4fo5ic;|-qjz>~X+`U(*1keFZ6C=BfKE)FEbT8>Q)x48iXtDQuW6HdF zDORSfR+;%=StV-JFrF7Mk*m>ap+G_%oMJ0m+O?cc*ANDbYD6#*@Wk*oJj7U*gcwl? zFFp(NN29P6%4D-_jOk_wbMz93E#$+M4JdoOR`$SX0qNMReMq#?{z2W?B9(5`hncQd zE82d;)C}xzQZxt-Dzs#4F*$pDD|clBS7J_C?$tQfN~OS;iz$Rg^FXPAn3kF~6?u8$ z$);N=+0{Th-GY)kdpgas-mRs)xJr5^Gib6h3v{OrjV_6UJKahjgj1&r{q1Ky630bV z*J&lz%OuhvYg`0w!|xl=I1myczm7|aES-OwmqpeWiNCW{-A=HL^WBp}ZpvXq0GB8p z*Os#W%$unhg9s0m!38=lXM;UQXI0LP_`wP{m#U}GKycDDVpgVZT-5r;vedd%h2)?D ztsAY+A^DfyCWM4kP49?^l21-0-xg@rkcoIP6~v}qD3nq59L*A>C0K3k#Yn)8X^3lO z@FAlGzk#{m&OOYV&lXwhg~=q@`MxmC`uw?vW%ZKJfwwvKy0M1&FU$YWVw8X52?TXS z4;-%pbhF6thSAuTWUi1)OMh&OYdMT%PJSFqS1PvNe_3a>*&Zmxf5+$a9+USj$6Upb z{g=(G4MVNCeomHWJ?1s9xcJ!#1sZv4?u;~klRkd(HMEnXroZu|hkJ6}5biCuTAFKL z->zbPy_tJ<(3=o(X}K83-0kv#(e~syv9`_CExZr8q*O5V(;HKTgYWj-(_rb;~%=k@rGW=c=r*amcPP}e|V zN2$?2EyHz*9pTKo%a@)4flLFVnZrHunKTKsF%Z^*C*#n*x)~&l+^PvqbnfXO> z`hd-L^$OK7`b)?Uv6vRr=#T3i?pd#<2Qd@P(zM+h4m||s8n*5#-S&zq(sMe*s zocYaQ1BLv_m$}s*vI-NjqA;NfMze9lo;80AOL0<|?`yexl`kug{NhfKNy$kWoT}bH zvblpHHtu=8(3n;tjXHxpZo}Wd0ZaJz5Vh<;{N_d?Unf@q8U1T?Q_e#2i@gkr9O$AU z0eWupZ)7uuk+$?QC1Zp7H$;!92j667?EZp`@E-$=W&eRj``-pp`+xGpe}Q)(DUO)5Y>1@Z z@3#3^pLJ%+=Q|3ga0T>|glvyyNhgLUha>ZZ%2;G)YA4C38N-Ij{Ga02@^8{eJ=ucm zBNLOMTy$6*3m(bV{{8;~+6n?}4qz2*SY!4&%y%)@BM7ggot#}{tomX0?)sXI_ru(O zq%oWG-auagDfp?bJ53G(C7F#06!^hdb)4Q7?}{fv=u5Xm-X6URsXY`|@|Wjt$^F+PiSPKD=R?!$4oSS z&EzUNcx?}`1NOl0D9G2nAh-6wf7yfn&N3)OfTPBODto+aRzxC-4mMpYjEHl%z6D&BYa;rK#PLPkj45x?5pU2S<~$-Vy6#f5Utb#xKyDB@*!Bwl(mua9wvAj?BKK=(QcZ|(avj|px>9F4MLKH z6NPmOA3IILpz)TH-%jp!l7DSEsazfif`qK{hJPL(ps>6LCmjCTroiCQ*|1VYhT7}) z$a*b?V{m#ohcmao^qmWu7jj z2vAAk2RYcx(M>ES0}bzj3>lDfJQ1y?=%+tA(v8W$B%NnD+FD*l94Hi6%cyX|Y<1zp zjCDL7eMrY!&+hhBSy}6-2kzZ^6?DKa%ix!%IP1!@4(3Psin-vg1Cvd{mhpAv?mvbM z|7uBu{jpW9Ed!32v;h%pGaAk(l=M?)uduD@Z3zgz8rFP+lhfWh>g}m}HBis!z0h)8 z#?Zq1I@<{b!zTN_A|#E|+6MB&X96X&-)cAb;QX$q2PP`k=XW^C&9at0PO71OWerDM^7QfCEhugJwjWnF zCL>~|=$nfPo2se9F>zfT&i&5gM#3q}2+!*5idVDvv0Hf=Eupj$viD9zNa<^>j@?R! ztG`@g__gg*6qJsi=I|As>Ms=J?1|+!O?}u{$4bTZffZoc?XDGRbkCbH=c40cS0+P6 zb!2425?Z0NM7Ea^2IJk+VNrkFi@VIX_+`hdluipjx0IfoASJdbHC|stv*X)cXm&ax z24zk77d(rC>pfM_E^V!pfelC^q@^gYDV^sAnkw^xwNM^*l1eDAJ;fV{c@ncDz3rwn z8BML-=gKx0jYL*VvPHPjeSs~|f?ITU&w)~+|MXkAv#s?oc?gmTTFERvL~^b>-vmR( z?wu?KSQB(k6{1jQLaL2{F6JH19aHTmNW|^~{wx_0DexRB4U6uE?$Xkw0dLJg6}_!= z?s)Fm8s*ng8X!Ee27371_|5IFlt0MH)*7$|%gpK*<2I{L0b0YS8^L{O_B{-_;c*$u@kni29VNJIR(bLP*m7KI@GcYk;YzRn;JX z_A&hg)Fn^TSYu@r^_46`gI(vy{q4+P#$}R*Y=JiHvm`c}cQ|Zr3Wq^e-Kh$t_}D5k z-}#)}oCaUh6=P?x@)cD+DjF2MINox)+#SZ?O&(HU!5P0NMC(!cnh%oRZuc?$qge&( z^op->!euO;##1PU?WegyiNt!in@$4k?{jP0Oje8Yx#X(3*&Vl_txtK>tU~Rl4w*#N zNfJ;{XC`g(Q%AA*=slG_@Fb4mYHY9*2oVXy(C>0Di7W>TyDsGowuKoG~IqBDnAQ6Sg<} z-U&QC7)~s)lNx9v7qsT>tifi=WACz}CDMG&y%#gW-j0Xt1EE1Q_z2&1u?Y=xd8Fu> zAQW4<(@-Yf6g)J7#3!R=|C$czJIa1eMvX-kmtM}^&x!dBX;1oAFSu(Z>$d%u?%aEQ z`V@m9fWMQ{-6VU zD2^0=`f8;)^YE1>U%{&ijn9wFg+5*|2ho4#Mwt0z`=aVOF?K=vSID55P`@K(y$2DC z^#i1V{xa7aU*@)^^0s6Wt@i#;%ME%9 z*!r8m)*rgH+%)@H9ozJ9HYIUz*W#J2mVXxjSJ?rR-vj_q1qsxEUFUYO@NTOcL8?Dz zC&wtqD9ZSw?-v@2>K{+}nMDAgbABSIU8f5;fWr76Q5{?Woa4%<`vJB5-!X^3+xF{? z{)u4wu9;Xmq(+IMWvbN0#c!vW<9w_xm3NpLA4G3t*N__t80rrpTs}l5%urS$pp1Ms zX{?XGfQiO{m@BG}JHnO-+Hx7@qKBnK@OJ)ss>E{AmNagidv8d%d|-W&lw&lC=Oo&6 z^{%${F3Na-?T0te8;Uj?>893FFinh?tTi9gw5?Ap@n0nwr;1^ZJC_MI+W75A1;n%$ z7d@a;wH8)ot1heSghlKq6F(N#cZd}C;pe4{c5T}j8}+Nem^jm7AOO@a5+QTW}nc1XON0GWqiO&9)Cp z0|zDlR=!6D?mdH;R!E-}NDE?teu+?%!5rkw9t4$4Ft=uZ6Zvz4IC)^=QGzvE@a?p{hrv zk-`60-FLuK`M&=j$IKof*?V*By|VWniDXB|mLe1lyOK@z9+6~blM%9ID-tpz65{`y z<5+#x_xJjLzrXR~ypH>M&hy;&<6PHuU-Nwx7P5>2_CCLSKhvklr7N1uH%Po|;(*HCx@FBcRMn!slC)s zNx5VA3NB1y5yAw43v`m7?PhIF^BYnR2h`fu9LfoY$vTy&eT+49crmbF{|$gVVxGTE z&W33vyoc@!mdaz%gmMYU(3S+m6Vst+LQ&BTWjX!5!n3k#&&s2dergD)AVg9&qG}V1 zh+6lL&&hr2IsXVPFG6$XR)77tuu`5wjfNF*1)}2TOiKDOnZooOUPNeA2uPI#vLXfe z5us7oPyjZB`2Amhz<&~?RS(Ks$C9vbOvf!ikg`3#@>WF2Tx=gT*D!MJ-rw@~taCF* z!^~tJE-~wu*Pw76(%@Zp4aWO%pRC9J-aU{!)yvko_&P#EW{ULd+?WA1_BU{^T5nL? z8XR~S=1lv#gm*3^ZSau@xVWNE@%`s^1=G4e;XR(g?59DAUPM)QAx~cY=D65(vK(Tb(^|o z&n3T;a(uBX(BM_Gxb?Mse)bK2HCagEbM3iu-%{OTKDt?lZfEg}JJSiaW%s{_Wfobe zsed#ou;M2~-YyG^v}DL|Inkfa8iHtlv=mP)OM6!)uO6yZpE)r*?Ez?5@>4>a{NGpu zF7iB+DWhA;Jf-Nu0{R1xQLfqFi08T-TY$Rq!Q#q9$0+%nu6BM!9j3yAfQhWAj5gHrFh-;Y=RFs^YYSjj0w zehV)0j__w;xI{3m2v(8;6K61KcXSN4xxn1P=WE*=`RMRLP5`pECk94CK0wAut3;` z2CE}E0`tTo!vB4p$8Erg=#H;Yf-P4DfIvK4E(|IKX7S0wljk6UK%cO~2pPQ65EvZ~ z|C?9yPtu^JbJp$4?!cQ_PEOvesaZd%_AW-{G8eX{!AO4FG)#(@W_DT9#m(ifp7g|K z}D1j{oM}ZAYxyad4W20*K-oJqQY8NZt;+Zm9#R*$7dHffX*AElvfcgYGcOA z$k1t6n+N#GXk~et1Wl5u7!GoMF{RMu@Qv-dh(?le-K~cog~%k;rQg_Ff9$H&C!qj{ z0m>}FYu0;&-#kSE)4&AY%r@nL<+s=0VdeXh>zG3NXE>g+)WyDf7k= zOIx@?wc}74z%WG4N`t?J&n=d0vP0gkQ$!kwWx9v~UbVDhZ#siP@~0m-Wo`jf2^SX> z7tvzIKRizs541tUFr*!$RorH?&8xe>>miMA*buzoH9`QyW_FVHE`h!+={6m^v+Rt%B9A%Qs?pnr z+!~Or6dn@#wz+9*626YQi{vR1+wZQ1@Pu5$2;#&>Gtnt;{)rjeOKg@*SnDllDO@9$ zarZM5J7#l?9nM1NbUnUdMVkj{d zge@iPodM5^n>8R44y)B*N+?WX0Ece6+5uprz!?W1QjP$)fH_wz%@KYT&l3z^WWX(s z47kO?2)Fpz{%kN&pmj|I*oeW(&AyrC_jwzevg+b%E3m~+oz zXGPVihGOsN$BGTl)1|7q2zwU9JhLka^8HGC9WC~JbU>fEV6_9YL6YH0eZ9di-tLT% z$BpzK!g4l-84F@QI}3j=6Mda17Q-Z)o?5MZ*;S1m5`bj1rBO?9-N2@(OUAUVM4e4v zA)k7bYFb)itjnkJ*}dmN6WGyKiQ{xXtU{*DCy66TsE+nPRPc z^nnrBaz}||RWlRohf3_aR1*0M#T%CIF%%bdq;5YiQZL*d)a;IrWy6;d(P^F-Nx)r= zKq`F2_3rv5hD*?wC8CmD3!_TS#2pJi(ea*XDF;vR#F(`&2<3@gwvLJ9Z7)fd6tysV ztNg+O*CmrTkGmzvLspuI$W|gvj}gD)o9Oz;&X}^no2>n88G)vcf#&Ujty6;dbg`Ge zzEs&YAaQdnQ2#-fs`-M_i&LI?7SeEaeUzw!@sf6wB628{w$uI6vhD$2$P+w6BoglK ztd(|Wy7M)^YN1%j@ZBB9$<@-%%FNmlz!c?$SrHGfsF153@6KRqfd9yWAZX*^?tGqW zPj$XK$v+my_D7?R6{zr;cW36Q*c%vf;}lN<9u7o?3I-8|y1A<-6hI3;I)qMyamgA$ z0(P@9=fQgy~4k-*69@vwOFW>=9oPh&y zqNb&Jo9%ar=PayYK2IvknLs2jyluip)Lx;!xV$b_IWOB=(p!6rnOP;21= zdd<&wsv03Gne$W$*m--ycYk(pUSBZ2@Lvs)ZW(ZAi+6aZKeV2^{gCWweI!8=-s!Ii zSrG)01Jh_m=~nOHM{ie=_-gqE25`A>F2{6F$FNic+37{v?39d`JvAdt<2wS4AR;+AbCmxC6YocU zF&+T`{O-^v4o9p!8bbcRZvIbVe7mi>=Dd~-5m4RlxkSHSezEoO!*7IcS!8+mW6#s9 z-HmTaYWo;$jnkJ6ESnh>3#kt(<2r8I2MqOv_A$3i9|$JLTBi_cw6Iwv3_d07K9BZY zY-WI^b{=;-UqdO<;c*lXzR7YLXU(9f!z+q6*Xk8ikv5eJeHDUx+{03_!S7f0=AKmC zu-UjP2dcASJkLIX51~YlmQvrkQSqew4tA#S;-uo(psC1SVD`obHurDy#%W^7T2)!0 z@&b)o)=}e@{;Lypx743ov|GB7^swS7=PIq02 zRiRi&FHs9S-y%eF$%b4oWn|7oIJ`0;erdnyW`Ap`m0{e$@#-v~QF~;-d$l{?@gb+P zAw&w06@bGFDCUOnr|_mg9&w#Og!6Ja-?RXr$~ob*c$gLH3gxzR2YzAX2lsBB#>)BA z8U94MGg!r>PtnteifP{t8kKJtNCz=~rzXlTPk(4+*9dtrOdQNP)86H0yzNGBob8Re z@rzCjw->E>Oi;}YW3u3xd{0s0 zMJg8hc?rb>WV?&lSaNfgjM;ZzwO4pNSf=0dLC=@>?Vl>CTL>=e%1N_j*BLCgUK3HX zObPdl(81H2xc?@(_er*{TT{mYWXT()Vpxtk!p!9yUAd#=R|;f}#EUfMyM97TSNAaG z^FPdy>i494y_S%*H4}P;wGr*w`9#hbwcH5eMDu1OGo>M;8Ur3e4T3h>k0k`*)?=@; z0)^k}!x>!x;r=?d^ZpfE5C$#p3Zy~USsl8uY!6Xuv+>=JWdIn4SPSGqB6T5*K&({b z9m=VcQf0ZKE`}87-!>unuUmi&0Khyvb_Pehh1-m9;}2M*vfQERrw9kOg%#hzTIeF= z1s`kx!y|)t5^s4?#ZPVI%YP$ z)U)H{@}5|oExMSAVW!}b+{=?- zA4*|Zmq3TU{%{KZO=k=SeliopV-Qlk0NmucoT{ft^--0$}|J5;0i&s?sC6J<|iI6mv-9onR|Y32SJZE0^U|11jW^}mr& z5nffCQ?cH7V6%z_h}HLqP$MWrheT|@+S1oG6~%v7J-uVWJgmPp%=ym{3EU6*KToT? z00YyV{s$nz4P!hIa2ylt4+JDf=2*COqy$}+10(o1w(Y5S^zJ3U(32@uoQlpFD7wd4 ziP?SgS5T%8!_EvHHhXmxDHdNHnYs+xQ&0`II{rR-=^TY4oj#9sOie#&AC<+%*jK1l zsMG`O=xYAdUD-FnP^Nn_CC(7R1h&TO#Y;O|lT#XG}#H0o`dNKD| zR?}BT;);;_pIj?nf0kNY6BI-Z>1xX2vfwKu0pF4{p7X;L&z9rztdK&fHc1KiL|&x* zxNC`HXM5jaP1HLtErL818;} zm#H5*(J1aP#S}QrmbEXwpWh8yN|V7=>ufWW?r}uU>%x8<6c-0w6NeNDPdQbm*Rs+u z=er*e(cPYm(b1>6U#drgyi!=NX)r0&*>pD#h51eYtqO}VQt#(1bVP2@Zl=v();T!i zb0Bsoa~oKN$e}_C=%S~FNBt}T0OvzpbgJoiA41jw*jo)?Z~jB}#<+D0jhQL8*!wh9 z!`NExtd(=r!vPyh20pJIOc6fTNU=#y9X;wX2}}=9zk>j!Tp|Egx*$aGxUdT`{5Q?= zPfWQ*u4#+To=UulM%O`&^lHXU9!*Y}72e%9TYE@jB|K>sIM!X)AQQGF^IdUnF{jSOWdnV0v z8$W>}xhg#>3J9-t;urCVt6CafGok~Iofmh1_6Zd-u;m*f)3M+v-@IGSGJ3P_@ys}` zC(lU;;bb>UjA+pfx%#e1DwzszHZH1~VJq^r0Yvb)Y14QBtc?lu~-yILs)q81Gd$QyN=J*jjM7xl7o( zS_5rND6=zW+hI4OE4#*pWi87R=jjn zK!ZUc!ZXnk~iS5s=YxojuDi*N&Ch$GZ z47U_o^jaFLR$SqjSgPSmcWsxhTs2aH$_r9L*n{FZ`lOmE9Hg!;rjy?Ocxa5r4}20etT-TSm1>d zGUf`gw;BAXknTKwedGW|Dd^T@>B6q9gUmv;NDc3Z1^8QWj)bGo^J(ts{xqhLmI{5@ zz)$p&nSBf*_KNwSfz*;*#(f;AY|5&B?FOuj(E{OBeJuu5YlR4YP0p|vEd#Vp8XFw^ zvjMDpXyL*X1<4fg6wyb*r&2l&xx~^OZrmOc)=3@*P|JKwR)3YrAsL&LutmP`L8Sb4 zA*JgD<^F)rvi^%w?RlFyrK|ehv^v&52XQ_@ze|QjxP^0pn>El~oa&zln`7iq`C-;` z({Rg#gpVu9SAT1ntn#?Q*9PL`QBYf+OY9DeJm9N0m}hvzR52_pJjHfng0K^)a3WPp zYeb7aH#D{{C9WVdWi)MoCoa}N5g{-ltW&Vkw!{U|h!l9uK&^V)Zgd?i+!>`4vF6Np z`8kbk^UBWM)-mioZ zro81NMyBp^; z(+xoVKI%zm4wF771tMn=Jp|q#OB`fRK-$~{lm^p7iGy%p5vv+EMgA^q3{T0LOY%oi zN}%PSBGk#k912eYg)ies(qIvx!<<)uR5=n%$beuv`7q)nOoE6ALqtv)tGs}*$_ocb zg&C{=v5EglER5oQi3@w5KBF1zyZbHVKI4tAO4Q%jURFjCpwz5c_D_3R)lJ+-^JKw;4$#5dBvEM#ZJ5G~>kLGiZh8?!4@JqVsrXAnP(v$kg%pob(}d@r z({+6M{*I7)rL$r8h8GElnp3;yN+lTx72OMk-P%>E+^oMi(-dnWS zSHG_7B;SpA+I^y3{H`th!MHwAKd#-exhRhl^Dan>+XtnKKj&cY*BQ(5D1o9&Xq_urOa6Bldo5; zz7Y8&TPd9Wg*%u@Y&Av8;AacwFX66cENAV=m{^plCbP&v;`Z}0&znteS`p(M=tGts zJvqQx<*2k&*vi|Rsq>T?BRm1nl>W4!~o3nJ+%>+RUFC;-0# z#6ThN5PIy+6it#9719Ot<_*E z1{M+I_=(PZ09cEHlPe8kZC-#E3uwUz^nZkU!n)-idb&7|uh2p~*qJ@!Bz+XP86vMr z2neYNz+7E``~V;)V7@OP&LSWpAOhr7{qJ4+U--+2i|2nK6U)vPECvV>SgiKl7u4~Q zH^fp2yQ3#2>S#s`uGh-yX5{vHr&Q6ZWl6zCi{TwFIE=O5%kOlC*tfDVx&7YeLsoF6P3|ylQ?^noKS5X67?n2Fk$GBu7a&f;Tj`L8wO3A)J;rXdm z5DXDDD2jK7ZtdRx$k&fymioN$O0vRGSw}dUWg6NXUx8$fA7M{NRnIf5vZUxd6ue+K z57EPHWJ^mAS93cr9@rKLlt;kEzy=9_g8`}>s@lJnkEtE~1H>P_AE;e>gRqvbHkD_| z-p%+!*7GGELZBZp%;SoEPDWPNKu1Q|n1=_UOJiZ917#1e!#p_fATEF;hXNmBLC(Q0 zLL&mp>%whi7(EIA(Rm?0p<`PaF@*d(=J=;7wS?UKI&+nnBJLQQcz3g&k?3FD)1Pft zsi_tD8s*Zb;wPy~^(KhD?F0y%-n3yqw!c6%{A7fr8ed7!WX-bVsj&%z(1-M)j&m-R z-;i7%y!07Uzt^?b@6^6MT88W2C;u>q{CbYW{C7EMO=@EYa&4$25$M5`ic?fLtnQAC&S77Mi`SkW|>1(lJ0Bn#Y zH9I}K3ar7{%T~Bth)h>;g9Z=6q8D}d&e@9O2C(P zwQ?yrBk<_+TN?159rUCTZ|a_Np*WBydhmtm>h{M#3d}u{vK%+GiZ#mz;FK2Qr8)O0 z=fd>+j9-UZV*(%Q2>R7P~A{PrOC1B@s4>guDdH&&KZuh%37Hu025f1B^#5`OdibMM`OS)&B+ zoq-M9gqz`?t8}=?e0w*$jLG(@(6)AUa#Z6`CboaR4$(^2un1ZUVA#2TsUcuzkdu|o z*u~4r{sZ$hOPsOy%9~--PlI?#x7}nb`ivtUnGb!siTTyj#v@SEWf6sO2-DarVzyG1 zR2r|ita5WwbNpjTff#}FwFfG)j&U^gtS*@Ki28MZa0ejaTOmG2NFzYIUl)iIMD1t{ z0Y8#HiAZt57>LW-joSw35o2!UVCTp!;|g>V^Kf$GKHglcfB}s6V4vjy^mcb30SN(o z0yGaMLfj4BI~Z}hQ#M9l!0VYQA?67EErYLqvx1$WR8lp6bXJ@Wdj07Y{zz^ByTRKH z+XEh38{lPu0Ale+G6F^?U3tO4=scA_5;QNbbKrFZvmy&XsJH^> z>_9fa%Mv(e3A}FrfGad09bmK!@;d(PAtZ|oNEY}p0FJT%_q7GCcZ6R9gKIg2ZqWmd zS;8S(VBjpaz&&8+Jb~BW%_a{(xxlV-2i60d|8O-N@T-(T3c$NIh#w>fhj`%u2>^e| zgIGaa@bg+AUEm$I5*pBT;12E}XOJj}8~C{e|KWl^mn8rp!v%cG4M<@=!K-2T6Cwa| zrS06H<}lbNGfNXA({nM#YG$3jal@z5Eg-3FKa@oI3J7!kau5i2WcWsjtHVpv^ zAawn(VI(AdL`T2JI>AVw7#?u)+%H*MCAssTSp$~USZsQp2#l(mm#f66mySLCh{}cA z;@PtvV~1CRqBv4JR?0e>FjANsH`p%@iP#KF&Dlc>ll%UTB+8p_+#)1LXq$QX94Gl| z+j(Z1Tr0T)uA!TGQ1xrlWXiI7mZQ_1RW`Gla$Z+P?EToK2k-twVm9JvTUHA9mdXNk zH?z7C2u?mClT2J83nm|Yx%^n-Ia@u>u!PNwI8M!Aq{;Mjwg5Q_XiLgC?5k{zSrBDz z!^_UNX>}0hXgl+jIijZ~pEvo^^c}`Oo>S*8X1cZ#GT#@;dJsC~ z1}Yb;{hz{^(HADb=L_gN&?u-fe8O-hnPui*j1rf>q@Q5V=^tebSf1CHQxE(u==&i4 zcEJw-Iv;n4k8$XM)+HznAtl>jZS}gdUxxFwTGY~nBow(?bNYgXOomW`dy&RzX_d-- z4dcDp%RB@eNn}|opY%V~f9=M3@R_tc%{y~apAl`Pvp&E?dbBf2O8=ukYsG`w*QQ-w z_mNyz0=}407M4D2VVe5V5WheLR!nBgamc;Wy(E9@ZY*;=uPNKigO#_jHr&xPloP{E z%pYF<+#m7j>Pdcrb>2ujnLDIOm~(Re$xv88#-@QRNgT)b41?GF73MhmkGg*+02s|50YOyr|+^8|c$4sL)8or?qNZUt{^^|x7lhY_@_`FqDo z1M(ffTD}DcP_sj&;cQkP%(rfON-GAk`Vgh;Kt1HCtUelD#7bl}xj5AHVlvKUF?B8svQz$BHeNVM@J-T{KFlH#r zDm3Tn+6*SekEs|5)xs^)CE8M%{H{u0kL22)l7jpxVhvk71oG|?5{CEQ{tSwHH=A!i zP&z8}6u)6;=u%K)-FIQaC^bFQAA+Cd@83CZJv5H3-aF}woiEl*Tq_E=Rh&HRbaK5a z+ZOHPO?7%WF>eTvoWp<6WB*PR4J4%a+1F50DrC{NA~5f5t*-v7@MfRNmk-I%ZgY*9 zU)*`PsS=(#M>6<0O=K#v!kL;yDr8Uks^xw0`)n8EZgfvxwinxTBKbi5O9g*X!=FU7 zfEio&+lxVlmp72L8aTyCCgk{;FW%fev6oNGVa$iQx2#cPy`}xO@nSfHzhN$kcmJ~! z?UY~x$O`U_R})Q_E2xw&ZjJD5!@|5YW%ZR}ye8wd7fwz5rXf8Dot9KeMWh#187sR?$S>10G>`A9AB%Uk g5A!0ZFifbZky~n~cc&#w#W90zChN1+ddA%U10IBzjQ{`u literal 0 HcmV?d00001 diff --git a/certs/dhparam.pem b/certs/dhparam.pem new file mode 100644 index 00000000000..66253625372 --- /dev/null +++ b/certs/dhparam.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEA0qy/1ZBiX6KgMyDK7fDDjY0DjDGgY0oETTpHuLrfJyheB07F2axt +r5qI9zt7NwYTblhBxK3g+uwZP80hVAQvs1mOkkUNEqAbM94QLRbLKk20N0qRKeDm +LxDC/Fs8eUze+rN0uoaxtkJlSCwAfQe3F1nkOZqyWdN6OQe+a2DwHg0IST7Eiv/n +P4YCo9eg2wqYjhYgnqEHsq4LE2ji+oZAaf1HjE6Cm+VfgcRA4atBa4FRcFh8QKno +/DJy7WISPC4KACLQ5ReyScU/+5kqyvMjKgdZUZSyHMLbE4ZkPQ1nIiEE8Tf+rZZH +1ynaa9hGle0Aq+c9v1SIFyljRJaDhG0QwwIBAg== +-----END DH PARAMETERS----- diff --git a/certs/docker_dev-haproxy.pem b/certs/docker_dev-haproxy.pem new file mode 100644 index 00000000000..7c03790baf3 --- /dev/null +++ b/certs/docker_dev-haproxy.pem @@ -0,0 +1,53 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAxib/Of2wxux3AWnj837qbeoqDQvVaJAcQXc+KZ2RS81gvU3c +tM6LqqhZJ3SfJ3Z7YtgKvyXWBrtP+3wOk9XW4tfUcfYMtguOwy69NvJVOwqI4CEo +fCTQ8fT0mvABSXMLGakrH+6ysSsu9wI+y66d9B8UYwB2HurADrpIfha6HCNxPJJJ +PnCND0NAB5Q9bmbzyaJ3RK8anLnEhF7ybikY96WYa2KJpSNfkbFnekk74pr6QdM9 ++aIJMFiNNPBPM3/IIZGLDUObijZzubn3/Gq+EnvZqS+PwqnyGg0NH+2tTAhzxlTX +V9BiAdDePxfKjFN/kd4epyj5fQarsE1wti5kPwIDAQABAoIBABiwp0CskahXsoRk +k1i1ybQkZ1T00oSS4FJv7zj0PzR4xMMRvpxw2ApNq74009fw9XLdhIlIx6BTGqY1 +UQOus3XUes4wYGkWi5Vab403KNOQfnme6BJ/6+EaKphbq21hflKWN59k+LMGtHVm +vDhY66mNbdbgKde0XHX5VCsR3eK/d2kIJ7dsyOXX+OD5gaSPuRD/okzoasjBKql/ +EtjSaLdSta+rUa9EEEXqMK5rtfBIVavMPrG5q30qqtnKQlnF2Z3thpHN5/BL3PPo +fKk+NCtfkRbfs6If5qp1JoiQjSzcGM/xaJLmUJPxfnUuqAshUB58X8TlZbBQ+ecI +8Fy7sDECgYEA+GAwasFLsexP2FU0dNcs7XMsZg7vpJAoQBB4POr5Zk6/JRjbLlon +x9ywhbM/xGMAPfEsh/v/g9p+HCK1h7ho6AzQthTSN0FcWG+7iYi23nnAcmASQz7z +g2fr52ft7h5jAUQYSVjR/mSOY/KkNSCRf2iHmdKT/QS5AJiA4PuXRxMCgYEAzDwj +JYo7eu/C2ngNUKU6ea5n61KhL+o1/sH4QQVfbSKN40p4xJvfVG6D53bFHRYy6FNZ +k2HA9FlcCjsDCRAeWwpvTsDAVnwFRF0yhDeME/ap1U77vTCmq5C3d+0SMD44vM5I +k6Ea/wl51A/5iHLs+RUyNUnK45ZgyN/oay+Ft6UCgYEAqiVCpa8aypzGqbzcvXm2 +FkfCz3tF4Sa72/8sTxbsmJAzUxdu9pbeD4T4C+8aLM9hGA3B4rnXdRzVLTL9xiam +/ufghgtHYoDM4OxRvUrBczBWjEOR3y0dphQnv5Mro+Z/Dhv2wzAsUqfR/1f180sH +QQ97bP2bUUXN8kGGcBkJra8CgYBpPD9782tMoEhN2/g4arrjwhsn5U7K6qrh1z68 ++jC+gkSMLm5mGE8OKVfsJ4XPxAV9Mp2AVKlg/r5vQxMAU37guFK8SJOSvJrWLBOA +j0Ktcrb2A5mxVWU8F/iBYfWySA1iNASvlR7c9RwCSizwww8aFXLmhFx3wp+iQcV3 +nWgQRQKBgQDwwH+pl+zq8imuU45MTyLYurflCTQWUj8w3jfHO/ZP/NErg7UJ4mX5 +9j3fu0WvXTScc3OXJ+MLq9/+6KLs2Yg35QWMhsGF+CBXKPXyuB+AMTTTKyy868wj +68gd2576uq8P5q6rGukuOFRUVpDIhY0MYhKPqMr5HGxz5UMyrpCn8A== +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIEUTCCAzmgAwIBAgIUGswhqUx+ykK2vupr1WGrrgqMXO4wDQYJKoZIhvcNAQEL +BQAwbDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMREwDwYDVQQHEwhC +ZXRoZXNkYTEOMAwGA1UEChMFT1JDSUQxDjAMBgNVBAsTBU9SQ0lEMRcwFQYDVQQD +DA5vcmNpZF9yc2FfMjAyMjAgFw0yNDA5MTIxNTA1MDBaGA8yMDY0MDkwMjE1MDUw +MFowZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMREwDwYDVQQHEwhC +ZXRoZXNkYTEOMAwGA1UEChMFT1JDSUQxDjAMBgNVBAsTBU9SQ0lEMRIwEAYDVQQD +Ewlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGJv85 +/bDG7HcBaePzfupt6ioNC9VokBxBdz4pnZFLzWC9Tdy0zouqqFkndJ8ndnti2Aq/ +JdYGu0/7fA6T1dbi19Rx9gy2C47DLr028lU7CojgISh8JNDx9PSa8AFJcwsZqSsf +7rKxKy73Aj7Lrp30HxRjAHYe6sAOukh+FrocI3E8kkk+cI0PQ0AHlD1uZvPJondE +rxqcucSEXvJuKRj3pZhrYomlI1+RsWd6STvimvpB0z35ogkwWI008E8zf8ghkYsN +Q5uKNnO5uff8ar4Se9mpL4/CqfIaDQ0f7a1MCHPGVNdX0GIB0N4/F8qMU3+R3h6n +KPl9BquwTXC2LmQ/AgMBAAGjge0wgeowDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQM +MAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCn72N95mzCs7Kpd ++e9Fbdf/N75uMB8GA1UdIwQYMBaAFPE3u8YQ9f9nmJAxbIZBFnIBH/nqMHUGA1Ud +EQRuMGyCCyoubG9jYWxob3N0gglsb2NhbGhvc3SCDWRldi5vcmNpZC5vcmeCDyou +ZGV2Lm9yY2lkLm9yZ4IUZG9ja2VyLWRldi5vcmNpZC5vcmeCFiouZG9ja2VyLWRl +di5vcmNpZC5vcmeHBH8AAAEwDQYJKoZIhvcNAQELBQADggEBAKevcaJYgVtxcFGd +ULZgjdYkdJq20YLxEhATe7n7McfQudazuSSLmrwKO2d42dhVILOGKXM/lzicLZPr +H41gAMSGJ0y8hvwlP7kYf8Psl5JHiKR1pJLx09+Dn+NCRoqOpyiM8pdMjvZxHl6j +HbyKIKEOoyBYfoiztyKSA4Nsa3LnEn+QwAxHCcZtA2j3nN20BjJEsbMsG5nJAOQa +lre41C6lCfIYIblgTNR88x0be15SYCujmYdAblSXfZWaUihREONFQ7Z/Huk36Sum +jmCfSo83tZ2IrklOhV1OztLYgLMnU11j9n7NnAo0iRNhzckE/YtEfCmMxgm3EM+G +mkIagNg= +-----END CERTIFICATE----- diff --git a/certs/docker_dev-key.pem b/certs/docker_dev-key.pem new file mode 100644 index 00000000000..9846a254e0a --- /dev/null +++ b/certs/docker_dev-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAxib/Of2wxux3AWnj837qbeoqDQvVaJAcQXc+KZ2RS81gvU3c +tM6LqqhZJ3SfJ3Z7YtgKvyXWBrtP+3wOk9XW4tfUcfYMtguOwy69NvJVOwqI4CEo +fCTQ8fT0mvABSXMLGakrH+6ysSsu9wI+y66d9B8UYwB2HurADrpIfha6HCNxPJJJ +PnCND0NAB5Q9bmbzyaJ3RK8anLnEhF7ybikY96WYa2KJpSNfkbFnekk74pr6QdM9 ++aIJMFiNNPBPM3/IIZGLDUObijZzubn3/Gq+EnvZqS+PwqnyGg0NH+2tTAhzxlTX +V9BiAdDePxfKjFN/kd4epyj5fQarsE1wti5kPwIDAQABAoIBABiwp0CskahXsoRk +k1i1ybQkZ1T00oSS4FJv7zj0PzR4xMMRvpxw2ApNq74009fw9XLdhIlIx6BTGqY1 +UQOus3XUes4wYGkWi5Vab403KNOQfnme6BJ/6+EaKphbq21hflKWN59k+LMGtHVm +vDhY66mNbdbgKde0XHX5VCsR3eK/d2kIJ7dsyOXX+OD5gaSPuRD/okzoasjBKql/ +EtjSaLdSta+rUa9EEEXqMK5rtfBIVavMPrG5q30qqtnKQlnF2Z3thpHN5/BL3PPo +fKk+NCtfkRbfs6If5qp1JoiQjSzcGM/xaJLmUJPxfnUuqAshUB58X8TlZbBQ+ecI +8Fy7sDECgYEA+GAwasFLsexP2FU0dNcs7XMsZg7vpJAoQBB4POr5Zk6/JRjbLlon +x9ywhbM/xGMAPfEsh/v/g9p+HCK1h7ho6AzQthTSN0FcWG+7iYi23nnAcmASQz7z +g2fr52ft7h5jAUQYSVjR/mSOY/KkNSCRf2iHmdKT/QS5AJiA4PuXRxMCgYEAzDwj +JYo7eu/C2ngNUKU6ea5n61KhL+o1/sH4QQVfbSKN40p4xJvfVG6D53bFHRYy6FNZ +k2HA9FlcCjsDCRAeWwpvTsDAVnwFRF0yhDeME/ap1U77vTCmq5C3d+0SMD44vM5I +k6Ea/wl51A/5iHLs+RUyNUnK45ZgyN/oay+Ft6UCgYEAqiVCpa8aypzGqbzcvXm2 +FkfCz3tF4Sa72/8sTxbsmJAzUxdu9pbeD4T4C+8aLM9hGA3B4rnXdRzVLTL9xiam +/ufghgtHYoDM4OxRvUrBczBWjEOR3y0dphQnv5Mro+Z/Dhv2wzAsUqfR/1f180sH +QQ97bP2bUUXN8kGGcBkJra8CgYBpPD9782tMoEhN2/g4arrjwhsn5U7K6qrh1z68 ++jC+gkSMLm5mGE8OKVfsJ4XPxAV9Mp2AVKlg/r5vQxMAU37guFK8SJOSvJrWLBOA +j0Ktcrb2A5mxVWU8F/iBYfWySA1iNASvlR7c9RwCSizwww8aFXLmhFx3wp+iQcV3 +nWgQRQKBgQDwwH+pl+zq8imuU45MTyLYurflCTQWUj8w3jfHO/ZP/NErg7UJ4mX5 +9j3fu0WvXTScc3OXJ+MLq9/+6KLs2Yg35QWMhsGF+CBXKPXyuB+AMTTTKyy868wj +68gd2576uq8P5q6rGukuOFRUVpDIhY0MYhKPqMr5HGxz5UMyrpCn8A== +-----END RSA PRIVATE KEY----- diff --git a/certs/docker_dev.csr b/certs/docker_dev.csr new file mode 100644 index 00000000000..2ce514e87e8 --- /dev/null +++ b/certs/docker_dev.csr @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIDNjCCAh4CAQAwZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMREw +DwYDVQQHEwhCZXRoZXNkYTEOMAwGA1UEChMFT1JDSUQxDjAMBgNVBAsTBU9SQ0lE +MRIwEAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDGJv85/bDG7HcBaePzfupt6ioNC9VokBxBdz4pnZFLzWC9Tdy0zouqqFkn +dJ8ndnti2Aq/JdYGu0/7fA6T1dbi19Rx9gy2C47DLr028lU7CojgISh8JNDx9PSa +8AFJcwsZqSsf7rKxKy73Aj7Lrp30HxRjAHYe6sAOukh+FrocI3E8kkk+cI0PQ0AH +lD1uZvPJondErxqcucSEXvJuKRj3pZhrYomlI1+RsWd6STvimvpB0z35ogkwWI00 +8E8zf8ghkYsNQ5uKNnO5uff8ar4Se9mpL4/CqfIaDQ0f7a1MCHPGVNdX0GIB0N4/ +F8qMU3+R3h6nKPl9BquwTXC2LmQ/AgMBAAGggYkwgYYGCSqGSIb3DQEJDjF5MHcw +dQYDVR0RBG4wbIILKi5sb2NhbGhvc3SCCWxvY2FsaG9zdIINZGV2Lm9yY2lkLm9y +Z4IPKi5kZXYub3JjaWQub3JnghRkb2NrZXItZGV2Lm9yY2lkLm9yZ4IWKi5kb2Nr +ZXItZGV2Lm9yY2lkLm9yZ4cEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEASLsFEu5r +gLrqlSspZqfgUhVcy4zAqEz4PBN9JaaXwk6ZIdEsU4qq7q2jI6tfChPgWciLa+F+ +Fq/PXKC0GXhS9IvdbLl/w6yqMeCH6xFCWo5wzNpz73ElsNAszFZhxQTyB1MbuZNZ +/sTwd+GR7HlxWV6/qiOZrZ4nu1zUFmtheptPFF6BdAMurHzjdztRRwBsQZkcuR91 +F/+AlGXaJLqKLMp5ZgBrQicbMH5IAGb+RmkMH+BjOUKMBlNL3XIJtOD6hg8TW+nm +q3oh/MBUlJj19KEkvARjyqeF5Sfh8GL6dgZRwN+AT3YyHEuWA3L6veyc1xQG9Rid +Aj0SlqgulD2/CA== +-----END CERTIFICATE REQUEST----- diff --git a/certs/docker_dev.jks b/certs/docker_dev.jks new file mode 100644 index 0000000000000000000000000000000000000000..e2bd9146fd0e433ce2a784c174cab8445be4658b GIT binary patch literal 4081 zcma)+WmFUlw}oe5W?*1o=#uV~p&JoUKw7%H8-^A^O1hEmMi>+Xq(M5RyITZAKsv5# z-Mij*-Cy7L7@Jk#Z1~5Muo(2krC;!Fqh+uHT z|C7LFpkQ#(U!3=MvLM+1mx5sd(ei`AQh%X1!up>C7zd$;5dQasAvi!pX`E*fE(t4r zzj(WD5_`Vos(zAwf`-O|hX$lYz#y3a`wGnATi3%@O^VMr7~`uAlV#@p?+rjTsL zA&N8|eRYD!b-kxA%GXcg274ZIL2%Rl`Gl!7!x-}-whzh|A5gwCwmy5}QUkv1wAKtM zg|_joYPkuY&+OZfYPFM=F>jg`)#fQqungqd_PbCbdqA07@?spxTRCG7ph~KeHxv4S zY$DR~!5EcAhzLX-lR&%AvD{^X1moz*Lw4l-WKIKjGuS8a0u zdFvy{tr_(P(E%pm$joc6S8~s zdoa^m!{@k%a9X9E54{Yuyr*7rd4yJXCg{pb-qD@?Fkh#@HeN26+V{LZDDIne<*P0l znY*woglRisCp|f$H7N&N@C%H+`jhvPu?T81u+JDMVQ1Gt6}1>-ejv7QxuuE;5sDkj zHpO{|?HqGBySk4|(a2sFVq))PLC5$K1c_}})m_KtN_V26jlH9t@8Uo}?CLU!x#gZ` zYeXv!<=T6j)F%@8Q?xsrCSjB;g}WX$FvwJx1cg!(M3$cABDt0&ByO0-`lYBx|{&?AnTmz>9u_ zQ;U5pz9mg%Nk%RII4jVj_ zq;QRv5zBn)h5QYLVNYSDC4Po74qK4IZMH*H8=F9s&W;z%(y6tOv$8;V6r+|HF^d5AB;q6|cSpJE=Tl0vM$5QsRc5$Jly;rn ziK9@4WN!2s6u2^#QozzJ$(YvBc7A=wAM<@7vp<#TqhVu{1pd!o?Ju;w<>kwHtYFK< z`+mq@byGK?&;Lw)b5tEMz5h01E%IqJ{%u(>qYbwdt!=g~{h=yzt91Fd(;2qaU zWzK_?`~%vI-8gftBz6&e0?B-)i2$6#obMJH(nKb2q--VtaKZVf==np%=pIJCp0{gZ`#ZamDjw8 zK7&Q@VLF{zPt}ksrYH3sSJso$c*MM{UkQdQS5d`;&li4z+=utf;wi>ehfk}XoY8U6 zrTB>Xh|%?tR^wx1WdHcBOuRS|b;~<1YTUv4Ucot}qRusiPk4b#{lxPqv?mLz1K)fT zrdO=s|NSeHWjW(AhrF}5u&=Wju2Mih$691TaPHCk*?1#VNLQ=>@k$}@ZlX>Eenl&u zAdiPT)Yd2#6x-JzDJn@?T#+RuJ|(BLh<`Jw94>M-JOlT$+xX4w+ZFIzM4`JD^r!t* ztTNHt)=1;|*T`9QS#ACFAN3q1iwdF#3-$>R5h+oml^7lE*KL<~^mZqBRU9ll@(6~1 z>Jm!CLqbgiumrdOEC3DwD}Xz|81i|5bqhsjhPktGs108A`5ao*I5iBkcS$>@N4;)HPol zU@l(e;q+LinpX(bl^+xgm6CP-tfGl(uL%6kwTxDb?%VNwu4|BW9I)xCA{q0GgB}Yi z@QkwggBFR6*vtIIe5Rk@ns}BdS`eEe&aBdckzBM}Mwz=5V(BN7#U+Bt(r768HpS5?ibR z%N*w_pKnLinBBsouu`ANqf=d-_IghTEkVq;;XxJiACQA#yT#Mo3k0Dp5|kWH^{q)~|yTPPrQU%(e)bGRiVL z*4^aVLNffaX30}(XmOtGEG`W^qesa`WH%ONa*`Qieo6g?v3jykqoHColYDc`5_mzZ zQH0B!w8`Y-7K0TnT6{Q{&B!uUYt`hq@IEfTqk;I*`DeT^vuVcn%X$2wx^sB~wA4__ zHOt#VB8j~S9n*5HPp(l~%$J^GO@D&;9g*eWUWk*2OwgJSV}eYTzUk@H#sA zV)u(NSYh#N;ANIv!!+oqdUiq6c((5c#AU3X{n6vjBc^V~;7u8o$Srsf%bJC$ms7d> z#b#RR^j8{(u&tm%viwn#VOt4ZVdMh~w_6+KTAOzGQe6J2v&FP)2nhoU}^h640K|Hdp=mvYrHE|!Umh6TMz|9`8RljGkQjB zu61%0n!BIak9Eg>NUsvY_YB{uVWij>gTF$>kt{W>G)T}J+{{??7oi;PK)zT3{Yw>= z^8(!!URctHM$gbBTrv+zH7$NJI~z6<;&!($*&8X=OH?{dxa+U{X^$E36TOz5X-2rG z3zPgdkBS^Sl&4~S+adpXy~04v`h9}au6W{EolD5Lz_`UrH#WY0TDI=${V7I+TsUS> zi-tl=s=*wnqDqI!rj!#F)sH<<0z_DDwtqCyS8g?(0g})p%!l~S948!C94ldvj zlW6ySU5O3tZ$QaeXJMJ92MSl~-`ht}mOHe0)W#ktHv$i84)U3ZK>V3mbndSV*^FjlzVOu zV7{6B^m+wM{m1LTfs^sCjUQ2(?tb>7Fgw*^6^%`&_R8}fi;7(*Y_|a%&#r=?&-Z1_ zBE7;GPH0u@EW^_S8$UFAx%+~D%ec!8drU}_o(b%+p=x<_82D*$&$^Bx%JX~otl9If zpW5@@ke2MzP>f(~vFgqEd&b(Y{djeeQL|6D#6TzK-5q2eB&>J*lsq3&X=|<_6sY=o z^bp^m46v&AWqeFNH(ym)g@P%0OcJ0=i8R(AV-Je9zwpk#Q)PKm%O5;sLz*yfzilgh zOo<%MAlzLC4bd5Gc_vv~V$Rrh4@bWzN?o^ zXp|dlvUaErhwMN^);~tmL&omNFEt20MR!^q?#9dZ@NQicHS)!0vtry03665P6<9%=#e zr*;&ua);Z^612B>yxG4^v$Bkg5^{)&h)B`c8UfghxE;|`0}=UAkWU}!0T_x%T-^Fm|xYSd|Frb zB!WJE-$Ea0NUPqPS=D{p2mcPa_S!CvSJZhu0x((=;H=j9re(}mvp5G?j*eGWQL7`% z7Q{bahkj5gz0M6*#yLa2Fit-Du8p2z7k;sqgPku05Gqn zh>_Ty3oaiQtO*xGSAMyrIPiH?{2XSn@sfV;`&itp#>Tki$V2j38)P%}OBm~@S?2ua z#EU$%cB)D7l9~DWLW-ikZd3ZBiTRewIy>oivMhAHgT4Tlo%`v>+@=yaCA?9$4Zgd} zmJ!nx1yK70+bq`?#Bk|)m>EQ%qN!*Er=chOOR9H7yVT+htr2>q3cPxv%1KdS>05oV z?-&cGtFu)QW~{n7Ds0kuDgbA-&MB~-sX#7Z<<$Xh~)k> z^O=l{HG1syGyz@dwGWiQ1tdPtJMGAv_Z!aM@NN~^>B+R#FT<|*n3!=rW&AoLXwr0H zyC=8YN&BMA2O;ePvf8bqs?7l+CS^roOA}ZkKBr>Le>ytvyII~c(S}u+QP>X$Vn78) zRP-7AKI?{p7&A@C-VicjEsbXUvG;&x^=k6x1co6(84yo-h`SGG^Iu!;rNM) zBB1&+P12QE#rq2ptYAmR^ucqwz>{~=Pwxl0)V20g&JI!{N``dGmqt?Ee@Pt3AS4lV z2q*;1fs2kt0S17GtgOyk literal 0 HcmV?d00001 diff --git a/certs/docker_dev.p12 b/certs/docker_dev.p12 new file mode 100644 index 0000000000000000000000000000000000000000..18a896f99f8315ba2e1ca1da5040b6679ed2e213 GIT binary patch literal 3976 zcmai%XEYm(+r|?y6C;mVn^LhQir7@6_9kYjEtI0Fb}Lp(?V7C_LeE@ZSUoxBEws(ZG%2h<_zDoSzh`i5uD?2MjHi z32maxicYpjNGJhtYI4f|-AY1527q&tQ$2{*1UiFAfx@Iv!3!77kbcf{0X8c=Wd5S@ zb1WrM%T6PQU?+@=n3|7GP0%wFTwsD*$G^Nio23{gkSaOP!<99m8YGd`XdLvrs>^9e zH68lavYG~pqs|lLFLJ+ted(!L-;4-k$t|_;9hgk-OyyOiS_1-@j4Zi!T3#SQ#ZZ%c!*Y+ z;_3+wGiLU;Pq>Aqoc$%Vc3REIO+{Z2YN&sFs#{fA`$?~S^Xd%74hz@MjpVcOIkqM_ z6Qp)EW|t&;r(_x+Ji-|*EzvBk-t$9J#f~~ti$B@ze|j_9lMJ%?)Q3@Pnd*ed45cOTK#H2 zf(+_qF6Oyk(!(vuBQMVh-lujy8Y|Q-;9|291c)1i2znNLL(JR_YJZm*-^-MpjXT89 zt!l|hd;<*W-xJ7rSiTBOxTJnJ_TzUCHnCE{eIjr7;$7JAaJ`47k=>`IVd<^CJ;T;qg6vYhF1n?P)ijS;-1oSvYp;C<Yuy{kfyyKWTN_D{9`tPAmSg$uA%?-v0m_S~Wlx(q76*n$$L9bmCPg)i1;;9L zz4DQ<2w67Sbgk`>Zl2KQd+BPs=`6Z=C*m3rQY~W3Kknrjpw;Q^d+)xqeW_~2#X%GP zBoaJ1ZOtw1h&Rh%23hYC-s%bq- zTk2@vpnmV8rV6l@3T2q`8DiNw6PZ!ma%xcBNeMgk)47(Go|0Y`=8vlGTX)FBQ(I zjt8xK8eC%~X1P&9ukZ>d$^#MQ-nY?@ef8G%T9#Gt@ezc-Kp%I`#~QBicfBS}uu5IL zrlz0T0TwPm;JUQ?-1v)X%%UjH!A~;co+(Mr{?w*4- zBKyAcyIeh%{s8s%GG4_e&iWsg#f}z9X zq#Fl6PS-D8XOnO2hWUQ^WiLD8Us(YgZ!_9#DDWnRne1U*W)W z(I4J>kSD}!Xp(euk{RTpwU4}bpNUQ*>XV15mXowHr{~I`ONMF*$%0?wL>xe=eDAx& zxT@|jSgQp*FYPbG=YZA;0|8L-qK$AsfMe*hs2HYBhAluQGM;QR+&@0Z~oAcNi&_PH(lW8g9$Lt%5UpNMBKJ1Zl{_1l#>A z7Od-|NPBqXKWmF{=ik3;l304-u&Dgkp0J6xbKZiCiM9vJMW>25FQuP+W8W|!93hn1 zK9b^n5WSwip42yzBq7pR54KYgApFp&%c7gK$)R zD(U|+E;6i`=W=Mgcu*pesy^i0BhkRX$>nR;>v1wXf3~z=`e~H-f=*(1r^ASm#zKc5 zFXqMTm>7XmM2tH6GVm=c>>fFAi!_PlgbY4=5eMhPuJ-2UjYY#l9T zE)hPYc66uqYNd*7lW(wVQcY5^CId02}G|IB4XmmnI&+GW|b&PQJ zU!m{t+afOjaJ66+~ z&!`{JcLInZ=TN5=L%e#!k&#?>>YAr>i6WajLTwSaJMA1V zg?kw3KAW=|!gSggjkL`z<^$O(jf_^RV^Ar1D?=l=>`KPxw)3T!Z^I$mv;fyLArl+mzg~M4MjGCNb#<$Zz6umC#%O z`TDw+%}(Nv+2?D4k=x9N(&0E0`I|ZW{t5~Xl$co+9qVATZdYV{BJ-Ae>PG}2k{|1%CfVOL02FQ=;SSv*W6a$+$v0JE!A;}cJaHh97 zwlw8K@7*Nal^R4A+B@oUQKb8s44iq%w_;G|muWxP%wt>|f>SFp=v;gRoTbUW)iDtL z{p1g7Zmosewbyq4Z1(Dk?GSL&qZ19YjR1x4?GcjNh2(Z00!p1KBVx{_1FE=%t1Ug{ zw&?q^3=5@u+T2E*D#gi8{9dy}%)!L_FTgz4(8F(-5?-*~m*K1*Nt=$9sy+jgtOZ-f zRv3sQeKgVtS7ggZB1@o@((My^HAMMlCb+|x#)rAQ-!}S;e?&scC>f7MzfqCnam&&< zxQXI-s{8bbOHFbF#^`lF?&oL_-!OzrE6trFWIoP&>DJpvb>)f*>>iyO&E_RKQf5s# zTn(OWf*+$dllUH7qst#J1BJi2o%qR&oCF=BPx0ppLjet1he7wCKR0TgEE*b`KdcaH zD1Ne_EJ@_FlY9Ul)n0hJl+$)*dNJiH7JS^CpS;^U6FiX(WSykDm3|Bn}!dZLa1->wJaT$`G zoD+@?Y8G3G$DLPiRi~pk#FOdOTlt$HGPd`!B8cTS8t>1V8Xga1Ee`6OU<8eCd{5IfgpSK(1*rX;N{x6@>3?RH)fBN}oNj z&4y-VbYlgHv^^d6v|82T%zR-I>X*In>J529r7P#A%8jO&Yj4ZHecsHWu)Q1`Gbtmt$8TMs%AOstV~1)#{F}RgGNcxM z2abT#{PVk#0LcKPJT>)RW_DQrJ5|*44{xc74X^VdevyxI4sWxu1 LkB1KY=N|tL4w*&$ literal 0 HcmV?d00001 diff --git a/certs/docker_dev.pem b/certs/docker_dev.pem new file mode 100644 index 00000000000..5fa5ddae229 --- /dev/null +++ b/certs/docker_dev.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEUTCCAzmgAwIBAgIUGswhqUx+ykK2vupr1WGrrgqMXO4wDQYJKoZIhvcNAQEL +BQAwbDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMREwDwYDVQQHEwhC +ZXRoZXNkYTEOMAwGA1UEChMFT1JDSUQxDjAMBgNVBAsTBU9SQ0lEMRcwFQYDVQQD +DA5vcmNpZF9yc2FfMjAyMjAgFw0yNDA5MTIxNTA1MDBaGA8yMDY0MDkwMjE1MDUw +MFowZzELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMREwDwYDVQQHEwhC +ZXRoZXNkYTEOMAwGA1UEChMFT1JDSUQxDjAMBgNVBAsTBU9SQ0lEMRIwEAYDVQQD +Ewlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGJv85 +/bDG7HcBaePzfupt6ioNC9VokBxBdz4pnZFLzWC9Tdy0zouqqFkndJ8ndnti2Aq/ +JdYGu0/7fA6T1dbi19Rx9gy2C47DLr028lU7CojgISh8JNDx9PSa8AFJcwsZqSsf +7rKxKy73Aj7Lrp30HxRjAHYe6sAOukh+FrocI3E8kkk+cI0PQ0AHlD1uZvPJondE +rxqcucSEXvJuKRj3pZhrYomlI1+RsWd6STvimvpB0z35ogkwWI008E8zf8ghkYsN +Q5uKNnO5uff8ar4Se9mpL4/CqfIaDQ0f7a1MCHPGVNdX0GIB0N4/F8qMU3+R3h6n +KPl9BquwTXC2LmQ/AgMBAAGjge0wgeowDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQM +MAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCn72N95mzCs7Kpd ++e9Fbdf/N75uMB8GA1UdIwQYMBaAFPE3u8YQ9f9nmJAxbIZBFnIBH/nqMHUGA1Ud +EQRuMGyCCyoubG9jYWxob3N0gglsb2NhbGhvc3SCDWRldi5vcmNpZC5vcmeCDyou +ZGV2Lm9yY2lkLm9yZ4IUZG9ja2VyLWRldi5vcmNpZC5vcmeCFiouZG9ja2VyLWRl +di5vcmNpZC5vcmeHBH8AAAEwDQYJKoZIhvcNAQELBQADggEBAKevcaJYgVtxcFGd +ULZgjdYkdJq20YLxEhATe7n7McfQudazuSSLmrwKO2d42dhVILOGKXM/lzicLZPr +H41gAMSGJ0y8hvwlP7kYf8Psl5JHiKR1pJLx09+Dn+NCRoqOpyiM8pdMjvZxHl6j +HbyKIKEOoyBYfoiztyKSA4Nsa3LnEn+QwAxHCcZtA2j3nN20BjJEsbMsG5nJAOQa +lre41C6lCfIYIblgTNR88x0be15SYCujmYdAblSXfZWaUihREONFQ7Z/Huk36Sum +jmCfSo83tZ2IrklOhV1OztLYgLMnU11j9n7NnAo0iRNhzckE/YtEfCmMxgm3EM+G +mkIagNg= +-----END CERTIFICATE----- diff --git a/certs/orcid_rsa_2022.crt b/certs/orcid_rsa_2022.crt new file mode 100644 index 00000000000..dd40f56c75c --- /dev/null +++ b/certs/orcid_rsa_2022.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqjCCApKgAwIBAgIUaMXtakNGxHiIxOXhbD1jaiDOu1UwDQYJKoZIhvcNAQEL +BQAwbDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMREwDwYDVQQHEwhC +ZXRoZXNkYTEOMAwGA1UEChMFT1JDSUQxDjAMBgNVBAsTBU9SQ0lEMRcwFQYDVQQD +DA5vcmNpZF9yc2FfMjAyMjAgFw0yMjEyMjgyMjU4MDBaGA8yMDYyMTIxODIyNTgw +MFowbDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMREwDwYDVQQHEwhC +ZXRoZXNkYTEOMAwGA1UEChMFT1JDSUQxDjAMBgNVBAsTBU9SQ0lEMRcwFQYDVQQD +DA5vcmNpZF9yc2FfMjAyMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AM2hgJbabCrVnwHwlFJQuYPWToyNRzLfvfsSjVAEpDcLTHAV5tJkqnT0VflWL9v0 +HJ6r+5krzktbunXePH78O8U9T4Yo6Z2h19ck9vuKkIC+d++LqmUoZwOXlgQ7NJSv +N31NQ9RiUiFvWSyjGhhXLdrcXdYq5EBZtpyTfSgKBPOpsX1P0O77dFIoD/APvVgy +Ye5Snkx2eNR1a+yIJAmA/URAOFqr0dmCMhNWvngAdzXg87jDOwcjdOOEJsVM+h7k +/YJOwriskxdkFyOTCHD0nzqo9vtliYobiVDnISdehg2xNJ1wKfCayNXkCORyojme +DrfHiq5b77DAcyw4ISj1yz8CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFPE3u8YQ9f9nmJAxbIZBFnIBH/nqMA0GCSqG +SIb3DQEBCwUAA4IBAQAPYEV1WW2atdAnLE010ejdDj4gZZ5hMq+We37EDw+uNNp4 +nyndOU7ugjeFTU1jmUevTQLwBYBPvVOzpqVYbJtdysOFQP3vpUnATfEy0XATjoas +6RlD26dwQN9hi+5T35Rpt4BJ01f+vhEc4BFFmJTaOAKmCsFNhLkLeEH3zIfm/s8R +vZMyBJ764Ws8BkkBoaXNwtbg+uCCi4S1XN1D9GOBKYVjh8pjaPWGeNbaQYuDOLDC +83XsoDXbmek27RY5vWDrqJ4JzWDXxjEqoUqayRv2zHN9Qvt+Zfd2Od8sylpZt8/A +iWPlIEKEohFb6/Tpkk019U+bsnolb52EQ7ILVXiZ +-----END CERTIFICATE----- diff --git a/default.env b/default.env new file mode 100644 index 00000000000..18796fb57b1 --- /dev/null +++ b/default.env @@ -0,0 +1,11 @@ +# defaults and for dev +# if a value is repeated here in a higher env_file it will be overridden +JAVA_OPTS=-Xmx256m +NEW_RELIC_APP_NAME="reg-dev-setme" +NEW_RELIC_LICENSE_KEY="SETME_ELSEWHERE" +NEW_RELIC_LOG_FILE_NAME="STDOUT" +NEW_RELIC_ENABLED=false + +ORG_ORCID_PERSISTENCE_LIQUIBASE_ENABLED="false" +COM_MAILGUN_REGEX_FILTER=.*(orcid\.org|mailinator\.com)$ +COM_MAILGUN_TESTMODE=yes diff --git a/deploy.sh b/deploy.sh index be197c6d1ab..7dab762d69d 100755 --- a/deploy.sh +++ b/deploy.sh @@ -92,6 +92,7 @@ for project in orcid-message-listener orcid-activemq orcid-api-web orcid-interna build_log_file=~/log/orcid-source-${project}-${tag_numeric}.log + echo "log_file: $build_log_file" mvn --batch-mode \ --settings settings-custom-deploy.xml \ --file "${project}/pom.xml" \ diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 00000000000..4cbcc0d201f --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,112 @@ +version: '2' +services: + dependencies: + image: orcid/registry-dependencies:${TAG:-0.0.1} + entrypoint: sleep infinity + build: + context: . + args: + tag_numeric: ${TAG:-0.0.1} + # stop dependencies from being started with a compose up + profiles: + - build + + redis: + image: orcid/registry/redis:7.2.5-alpine + ports: + - '6379:6379' + build: + context: . + dockerfile: redis/Dockerfile + profiles: + - database + - dev + + postgres: + image: postgres:13.13-alpine3.19 + environment: + POSTGRES_DB: postgres + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + volumes: + - postgres_data:/var/lib/postgresql/data + - ./docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d + ports: + - '5432:5432' + profiles: + - database + - dev + + lb: + image: ${DOCKER_REG_PRIVATE}/orcid/registry/orcid-lb:${TAG:-0.0.1} + # entrypoint: sleep infinity + build: + context: . + dockerfile: orcid-lb/Dockerfile + ports: + - 0.0.0.0:80:80 + - 0.0.0.0:443:443 + profiles: + - dev + + # orcid-angular project + frontend: + image: ${DOCKER_REG_PRIVATE}/orcid/registry/orcid-web-frontend-qa:${TAG:-0.0.1} + # entrypoint: sleep infinity + build: + context: . + dockerfile: 'FIXME: must build in the orcid-angular project first Dockerfile.build' + ports: + - 0.0.0.0:13106:80 + profiles: + - dev + - ui + + web_proxy: + image: ${DOCKER_REG_PRIVATE}/orcid/registry/orcid-web-proxy:${TAG:-0.0.1} + # entrypoint: sleep infinity + build: + context: . + dockerfile: orcid-web-proxy/Dockerfile + ports: + - 0.0.0.0:13107:80 + - 0.0.0.0:13108:443 + volumes: + - ./certs/dhparam.pem:/etc/nginx/certs/dhparam.pem + - ${SSL_CERTIFICATE:-./certs/docker_dev.pem}:/etc/nginx/certs/docker.pem + - ${SSL_CERTIFICATE_KEY:-./certs/docker_dev-key.pem}:/etc/nginx/certs/docker-key.pem + profiles: + - dev + - ui + + web: + image: ${DOCKER_REG_PRIVATE}/orcid/registry/orcid-web:${TAG:-0.0.1} + # entrypoint: sleep infinity + build: + cache_from: + - orcid/registry-dependencies:${TAG:-0.0.1} + context: . + dockerfile: orcid-web/Dockerfile + args: + tag_numeric: ${TAG:-0.0.1} + env_file: + # defaults and dev config for all apps + - default.env + - properties/default.orcid_core.env + - properties/default.misc.env + - properties/default.frontend.env + - properties/default.persistence.env + # defaults and dev config per app + - orcid-web/default.env + # config written out by our deployment system + - orcid-web/deployment.env + # anything secure that is non prod separated goes here + - ${DOCKER_DEV_ENV_FILE:-empty.env} + ports: + - 0.0.0.0:13100:8080 + profiles: + - dev + - ui + +volumes: + postgres_data: diff --git a/empty.env b/empty.env new file mode 100644 index 00000000000..e69de29bb2d diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 00000000000..8b25c16ae05 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,41 @@ +#!/usr/bin/env bash + +cd /usr/local/tomcat + +# template any properties files +for j2_file in *.j2;do + j2 $j2_file -o $(basename $j2_file .j2) --undefined +done + +CATALINA_HOME=/usr/local/tomcat +JAVA_ENDORSED_DIRS=${CATALINA_HOME}/endorced +CATALINA_BASE=/usr/local/tomcat +CATALINA_TMPDIR=/usr/local/tomcat/temp/ +CLASSPATH=/usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar + +CATALINA_OPTS=" -Dorg.orcid.config.file=file://${CATALINA_HOME}/orcid.properties -Dlog4j.configurationFile=file://${CATALINA_HOME}/log4j2.xml -Dlog4j2.formatMsgNoLookups=True " +GC_OPTS=" -XX:+UseG1GC -XX:+UseStringDeduplication -XX:+UseAdaptiveSizePolicy -Xlog:gc*,safepoint=info:file=${CATALINA_HOME}/logs/gc.log:time,uptime:filecount=10,filesize=2M " +NETWORK_OPTS=" -Dsun.net.inetaddr.ttl=60 -Djava.net.preferIPv4Stack=true -Djdk.tls.ephemeralDHKeySize=2048 " + +JVM_OPTS=" -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Dfile.encoding=utf-8 -Djdk.module.illegalAccess=warn -Djdk.attach.allowAttachSelf=true " + +JMX_OPTS=" -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8081 -Dcom.sun.management.jmxremote.rmi.port=8082 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false " + +MEM_OPTS=" -Xmx2G " + +JAVA_AGENT_OPTS="-javaagent:${CATALINA_HOME}/newrelic/newrelic.jar" + + +/usr/bin/env java \ +$GC_OPTS $JAVA_AGENT_OPTS $NETWORK_OPTS $JVM_OPTS $JMX_OPTS $MEM_OPTS $CATALINA_OPTS \ +-classpath ${CLASSPATH} \ +-Dcatalina.base=${CATALINA_BASE} \ +-Dcatalina.home=${CATALINA_HOME} \ +-Djava.io.tmpdir=${CATALINA_TMPDIR} \ +-Djava.util.logging.config.file=${CATALINA_BASE}/conf/logging.properties \ +-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ +org.apache.catalina.startup.Bootstrap \ +start + + +# /usr/local/tomcat/bin/catalina.sh run diff --git a/orcid-web-proxy/Dockerfile b/orcid-web-proxy/Dockerfile new file mode 100644 index 00000000000..5dfce280718 --- /dev/null +++ b/orcid-web-proxy/Dockerfile @@ -0,0 +1,14 @@ +# debian:buster-20210408-slim +FROM nginx:1.18.0 + +RUN mkdir -p /etc/nginx/snippets + +RUN mkdir -p /etc/nginx/certs + +COPY orcid-web-proxy/nginx/nginx.conf /etc/nginx/nginx.conf + +COPY orcid-web-proxy/nginx/snippets/* /etc/nginx/snippets/ + +COPY orcid-web-proxy/nginx/conf.d/* /etc/nginx/conf.d/ + +EXPOSE 80 diff --git a/orcid-web-proxy/nginx/conf.d/0-http-common.conf b/orcid-web-proxy/nginx/conf.d/0-http-common.conf new file mode 100644 index 00000000000..45fbd697b2c --- /dev/null +++ b/orcid-web-proxy/nginx/conf.d/0-http-common.conf @@ -0,0 +1,46 @@ +proxy_cache_path /tmp/nginx_static levels=1:2 keys_zone=static_file_zone:10m inactive=60m; +proxy_cache_key "$scheme$request_method$host$request_uri"; + +fastcgi_cache_path /tmp/nginx_shib levels=1:2 keys_zone=shib_zone:10m inactive=60m; +fastcgi_cache_key "$http_accept_encoding$scheme$request_method$host$request_uri"; + +# support aws instance without load balancer in front +set_real_ip_from 0.0.0.0/0; +real_ip_header CF-Connecting-IP; + + +log_format debugging '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for" "$limit"' +; + +# https://serverfault.com/questions/587386/an-upstream-response-is-buffered-to-a-temporary-file +proxy_buffers 128 256k; # (32mb?) +proxy_buffer_size 256k; +client_body_buffer_size 1m; + +geo $limited { + default 1; + 10.0.0.0/8 0; +} + +# https://stackoverflow.com/questions/34572486/nginx-rate-limit-and-real-ip-module +# binary_remote_addr is modified by real_ip_header +map $limited $limit { + 1 $binary_remote_addr; + 0 ""; +} + +# drop these ajax polling requests from our logs as there are so many +map $request_uri $loggable { + "~\/userStatus.json.*" 0; + default 1; +} + + +# Maps ip address to $post_only variable if request is of type POST +map $request_method $post_only { + default ""; + POST $limit; +} + diff --git a/orcid-web-proxy/nginx/conf.d/0-ssl.conf b/orcid-web-proxy/nginx/conf.d/0-ssl.conf new file mode 100644 index 00000000000..158fba17629 --- /dev/null +++ b/orcid-web-proxy/nginx/conf.d/0-ssl.conf @@ -0,0 +1,7 @@ +ssl_dhparam /etc/nginx/certs/dhparam.pem; +ssl_certificate /etc/nginx/certs/docker.pem; +ssl_certificate_key /etc/nginx/certs/docker-key.pem; +ssl_protocols TLSv1 TLSv1.1 TLSv1.2; +ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"; +ssl_prefer_server_ciphers on; +ssl_session_cache shared:SSL:10m; diff --git a/orcid-web-proxy/nginx/conf.d/default.conf b/orcid-web-proxy/nginx/conf.d/default.conf new file mode 100644 index 00000000000..ed673d3a547 --- /dev/null +++ b/orcid-web-proxy/nginx/conf.d/default.conf @@ -0,0 +1,146 @@ +############ +# UI Start # +############ + +# FIXME: explain what this does? +# Take a cookie value and translate it into a langCode which is prepened to urls? +# Why is it needed? + +map $cookie_locale_v3 $langCode { + default "en"; + "ar" "ar"; + "ca" "ca"; + "cs" "cs"; + "en" "en"; + "es" "es"; + "de" "de"; + "fr" "fr"; + "it" "it"; + "ja" "ja"; + "ko" "ko"; + "lr" "lr"; + "pl" "pl"; + "pt" "pt"; + "rl" "rl"; + "ru" "ru"; + "tr" "tr"; + "xx" "xx"; + "zh-CN" "zh_CN"; + "zh-TW" "zh_TW"; +} + +server { + listen 80; + listen 443 ssl; + server_name _; + + #include /etc/nginx/snippets/static_ui.conf; + #include /etc/nginx/snippets/orcid-id.conf; + + # stop someone requesting all the disambiguated orgs as this DOS's the site? + location ~ /orgs/disambiguated(/?)$ { + return 410; + } + + location ~ ^/(lang.json|tomcatUp.json|webStatus.json|messages.json(\?.*)?|/orgs/disambiguated/.*|config.json(\?.*)?|/public/.*)$ { + set $app_path "/orcid-web"; + include /etc/nginx/snippets/proxy_ui.conf; + } + + # We have to serve some http traffic for semantic web reasons + # FIXME: get rid if possible + # Unmatched uris redirect to HTTPS + # force https for non orcid-id + if ($http_x_forwarded_proto = 'http') { + return 301 https://$server_name$request_uri; + } + + +# include /etc/nginx/snippets/tomcat_manager.conf; +# include /etc/nginx/snippets/shibboleth.conf; + + # Forward legacy link paths to the new info site? + location ~ (^/about(?!/trust/integrity/record-corrections)($|/.*$))|(^/(admin|admin_menu|batch|bylaws|blog|blogs|civicrm|category|ckeditor|ckfinder|cron.php|content|db_maintenance/optimize|document|faq-page|file/ajax|file/progress|footer/privacy-policy|help|js|legal|news|newsletter|misc|modules|node|open-source-license.*|orcid-board-meeting-summary-2013-01-22|orcid-dispute-procedures|orcid-outreach-meeting-may-2013|orcid-outreach-meeting-november-2010|orcid-outreach-meeting-symposium-and-codefest-may-2013|orcid-public-data-file|organizations|policies|privacy-policy|principles|sites|search/node|system/ajax|trademark-and-id-display-guidelines|views/ajax|wp-content|update.php|user|users)($|/.*$)) { + return 301 https://info.$host$request_uri; + } + + # FIXME: why does this have a specific location block?? + location ~ ^/(lang.json|social/access|signin/google|signin/facebook)$ { + set $app_path "/orcid-web"; + include /etc/nginx/snippets/proxy_ui.conf; + } + + # Some images are not served by angular + location ~ ^\/(qr-code|ORCID)\.png$ { + set $app_path "/orcid-web"; + include /etc/nginx/snippets/proxy_ui.conf; + } + + # + # Angular matches rather than ui + # + + location ~ ^(\/assets\/.*$|\/([^\/]*)(\.js|\.jpg|\.jpeg|\.png|\.svg|\.woff|\.woff2)$|\/styles.*$|\/runtime.*$|\/polyfills.*$|\/main.*$|\/manifest\.json$|\/assets.*$) { + set $app_path "/orcid-web-frontend/share-assets"; + ## Disable the app from working inside iframes + add_header X-Frame-Options "SAMEORIGIN"; + include /etc/nginx/snippets/proxy_frontend.conf; + } + + location ~ ^(\/$|\/reset-password$|\/orcid-search\/search.*$|\/register$|\/signin$|\/login$|\/institutional-signin$|\/institutional-linking.*$|\/social-linking.*$|\/oauth\/authorize$|\/inbox$|\/2fa-signin$|\/my-orcid$|\/reactivation\/.*$|.*\/third-party-signin-completed.*$|\/account$|\/trusted-parties$|\/2FA\/setup$|\/reset-password-email\/.+$|\/self-service.*$|\/developer-tools$) { + set $app_path "/orcid-web-frontend/${langCode}"; + ## avoid depending on having ETAG by always requesting a fresh angular index file + ## this since cloudflare seems to randomly remove the ETAG header despite of any configuration + add_header "Cache-Control" "no-store"; + ## Disable the app from working inside iframes + add_header X-Frame-Options "SAMEORIGIN"; + include /etc/nginx/snippets/proxy_frontend.conf; + } + + # URLS THAT SHOULD WORK INSIDE IFRAMES + location ~ ^(\/\d\d\d\d-\d\d\d\d-\d\d\d\d-\d\d\d(\d|X)\/summary$) { + set $app_path "/orcid-web-frontend/${langCode}"; + add_header "Cache-Control" "no-store"; + include /etc/nginx/snippets/proxy_frontend.conf; + } + + location ~ ^/\d\d\d\d-\d\d\d\d-\d\d\d\d-\d\d\d(\d|X)/?$ { + # Should be redirected to the public API + if ( $http_accept ~ ^application/.*(xml|json|rdf|n-triples) ) { + return 302 https://pub.$host$request_uri; + } + # Should be redirected to the public API + if ( $http_accept ~ ^text/.*(n3|turtle) ) { + return 302 https://pub.$host$request_uri; + } + set $app_path "/orcid-web-frontend/${langCode}"; + ## avoid depending on having ETAG by always requesting a fresh angular index file + ## this since cloudflare seems to randomly remove the ETAG header despite of any configuration + add_header "Cache-Control" "no-store"; + ## Disable the app from working inside iframes + add_header X-Frame-Options "SAMEORIGIN"; + include /etc/nginx/snippets/proxy_frontend.conf; + } + + location ~ ^\/manage/authorize-delegates.*$ { + return 301 https://$server_name/account/authorize-delegates$is_args$args; + } + + location ~ ^\/manage/.*$ { + return 301 https://$server_name/account$is_args$args; + } + + # + # angular end + # + + location ~ ^\/statistics$ { + return 301 https://info.orcid.org/orcid-statistics/; + } + + location / { + set $app_path "/orcid-web"; + include /etc/nginx/snippets/proxy_ui.conf; + } + +} diff --git a/orcid-web-proxy/nginx/nginx.conf b/orcid-web-proxy/nginx/nginx.conf new file mode 100644 index 00000000000..58723eb64e0 --- /dev/null +++ b/orcid-web-proxy/nginx/nginx.conf @@ -0,0 +1,71 @@ +# user www-data; + +error_log /var/log/nginx/error.log warn; +# pid /run/nginx.pid; + +worker_processes 4; +include /etc/nginx/modules-enabled/*.conf; + + +events { + worker_connections 1024; + multi_accept off; +} + + +http { + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + server_names_hash_bucket_size 64; + + client_max_body_size 64m; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"' +; + + access_log /var/log/nginx/access.log main buffer=16k; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + + keepalive_timeout 65; + keepalive_requests 100; + + server_tokens off; + + gzip on; + gzip_proxied any; + gzip_static on; + gzip_http_version 1.0; + gzip_disable "MSIE [1-6]\."; + gzip_vary on; + gzip_comp_level 6; + gzip_types + text/plain + text/css + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + application/xhtml+xml + application/x-font-ttf + application/x-font-opentype + image/svg+xml + image/x-icon; + gzip_buffers 16 8k; + gzip_min_length 512; + + + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; + + } diff --git a/orcid-web-proxy/nginx/snippets/proxy_frontend.conf b/orcid-web-proxy/nginx/snippets/proxy_frontend.conf new file mode 100644 index 00000000000..d719bfc23be --- /dev/null +++ b/orcid-web-proxy/nginx/snippets/proxy_frontend.conf @@ -0,0 +1,22 @@ +client_max_body_size 60m; + +proxy_read_timeout 120; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header Host $http_host; + +# make cookies secure +proxy_cookie_path / "/; secure;"; +# Tomcat has no trailing slash after the cookie path (by default) from version 8.0.37 onwards +# strip /orcid-web from the cookie path +proxy_cookie_path /orcid-web "/; secure;"; + +resolver 127.0.0.11; + +# reg-ui-1 +proxy_pass http://frontend$app_path$request_uri; + +# Redirect togglz calls from http to https +proxy_redirect http://$host/orcid-web-frontend/togglz/index https://$host/togglz/index; + +proxy_redirect http://$host/orcid-web-frontend/ http://$host/; +proxy_redirect https://$host/orcid-web-frontend/ http://$host/; diff --git a/orcid-web-proxy/nginx/snippets/proxy_ui.conf b/orcid-web-proxy/nginx/snippets/proxy_ui.conf new file mode 100644 index 00000000000..efbfc857743 --- /dev/null +++ b/orcid-web-proxy/nginx/snippets/proxy_ui.conf @@ -0,0 +1,22 @@ +client_max_body_size 60m; + +proxy_read_timeout 120; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header Host $http_host; + +# make cookies secure +proxy_cookie_path / "/; secure;"; +# Tomcat has no trailing slash after the cookie path (by default) from version 8.0.37 onwards +# strip /orcid-web from the cookie path +proxy_cookie_path /orcid-web "/; secure;"; + +resolver 127.0.0.11; + +# reg-ui-1 +proxy_pass http://web:8080$app_path$request_uri; + +# Redirect togglz calls from http to https +proxy_redirect http://$host/orcid-web/togglz/index https://$host/togglz/index; + +proxy_redirect http://$host/orcid-web/ http://$host/; +proxy_redirect https://$host/orcid-web/ http://$host/; diff --git a/orcid-web-proxy/nginx/snippets/static_ui.conf b/orcid-web-proxy/nginx/snippets/static_ui.conf new file mode 100644 index 00000000000..2380b04720f --- /dev/null +++ b/orcid-web-proxy/nginx/snippets/static_ui.conf @@ -0,0 +1,53 @@ +# assumes static_file_zone is defined + +######################################## +# start static files +######################################## + +# serve favicon +location = /favicon.ico { + resolver 127.0.0.11; + proxy_cache static_file_zone; + proxy_cache_valid 200 302 7d; + proxy_cache_valid 404 1m; + proxy_read_timeout 120; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_pass http://web:8080/orcid-web/static/img/favicon.ico; + expires 30d; +} + +location /static/ { + resolver 127.0.0.11; + proxy_cache static_file_zone; + proxy_cache_valid 200 302 7d; + proxy_cache_valid 404 1m; + proxy_read_timeout 120; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $http_host; + proxy_pass http://web:8080/orcid-web/static/; + expires 30d; +} + + +#redirect server error pages to the static page /50x.html +error_page 500 503 504 /50x.html; +location = /50x.html { + root /usr/share/nginx/html; +} + +error_page 404 /404.html; +location = /404.html { + root /usr/share/nginx/html; +} + +# 502 we are assuming we are doing a release +error_page 502 /maintenance.html; +location = /maintenance.html { + root /usr/share/nginx/html; +} + +# redirect self-service to the member portal +location = /self-service { + rewrite ^/self-service(.*)$ https://member-portal.orcid.org/ redirect; +} diff --git a/orcid-web/Dockerfile b/orcid-web/Dockerfile new file mode 100644 index 00000000000..a90b8260ab7 --- /dev/null +++ b/orcid-web/Dockerfile @@ -0,0 +1,100 @@ +# dependencies docker build + +# match version from .tool-versions +FROM maven:3.6.3-jdk-11 AS maven + +ARG tag_numeric + +WORKDIR /build + +# copy only poms for max cachability of just dependency downloads +COPY pom.xml . +COPY orcid-core/pom.xml orcid-core/pom.xml +COPY orcid-persistence/pom.xml orcid-persistence/pom.xml +COPY orcid-utils/pom.xml orcid-utils/pom.xml +COPY orcid-test/pom.xml orcid-test/pom.xml +COPY orcid-api-common/pom.xml orcid-api-common/pom.xml +COPY orcid-scheduler-web/pom.xml orcid-scheduler-web/pom.xml +COPY orcid-api-web/pom.xml orcid-api-web/pom.xml +COPY orcid-message-listener/pom.xml orcid-message-listener/pom.xml +COPY orcid-core/pom.xml orcid-core/pom.xml +COPY orcid-web/pom.xml orcid-web/pom.xml +COPY orcid-internal-api/pom.xml orcid-internal-api/pom.xml +COPY orcid-pub-web/pom.xml orcid-pub-web/pom.xml +COPY orcid-activemq/pom.xml orcid-activemq/pom.xml + +# FIXME: these dont seem required? +#COPY orcid-web-frontend/pom.xml orcid-web-frontend/pom.xml +#COPY orcid-activities-indexer/pom.xml orcid-activities-indexer/pom.xml +#COPY orcid-nodejs/pom.xml orcid-nodejs/pom.xml + +# download maven dependencies and ignore that some components will fail +RUN mvn -T 1C --batch-mode dependency:resolve --fail-never -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn + +# install orcid-parent into our local maven repo because the builds depend a version tagged release +RUN mvn -T 1C --batch-mode --non-recursive clean install -DskipTests \ +-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn + +# install orcid-utils into our local maven repo because the builds depend a version tagged release +COPY orcid-utils/src orcid-utils/src +RUN mvn -T 1C --batch-mode --projects orcid-utils clean install -DskipTests \ +-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn + +# install orcid-test into our local maven repo because orcid-persistence depends on it +COPY orcid-test/src orcid-test/src +RUN mvn -T 1C --batch-mode --projects orcid-test clean install -DskipTests \ +-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn + +# install orcid-persistence into our local maven repo because orcid-core depends on it +COPY orcid-persistence/src orcid-persistence/src +RUN mvn -T 1C --batch-mode --projects orcid-persistence clean install -DskipTests \ +-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn + +# install orcid-core into our local maven repo because the builds depend a version tagged release +COPY orcid-core/src orcid-core/src +RUN mvn -T 1C --batch-mode --projects orcid-core clean install -DskipTests \ +-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn + +# install orcid-api-common into our local maven repo because orcid-web deploy depends a version tagged release +COPY orcid-api-common/src orcid-api-common/src +RUN mvn -T 1C --batch-mode --projects orcid-api-common clean install -DskipTests \ +-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn + +################################################################################## +COPY orcid-web/src orcid-web/src +RUN mvn -T 1C --batch-mode -DgenerateBackupPoms=false \ +--projects orcid-web -am package -DskipTests \ +-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn + +# For Java 11 and Tomcat 9 +FROM tomcat:9.0.93-jdk11-temurin-jammy + +# Focal has no j2cli support +# FROM tomcat:9.0.91-jdk11-temurin-focal + +# copy jar file from build +COPY --from=maven /build/*/target/*.war /usr/local/tomcat/webapps/orcid-web.war + +RUN mkdir -p /usr/local/tomcat/newrelic +COPY newrelic.yml /usr/local/tomcat/newrelic/newrelic.yml +RUN curl -L -s https://download.newrelic.com/newrelic/java-agent/newrelic-agent/8.13.0/newrelic-agent-8.13.0.jar -o /usr/local/tomcat/newrelic/newrelic.jar + +RUN apt-get update +RUN apt-get install -y j2cli + +# add orcid ca to allow Java application to trust other containers +ADD certs/cacerts /opt/java/openjdk/lib/security/cacerts + +# add orcid ca to system to allow curl healthchecks to work +ADD certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt + + +COPY entrypoint.sh . +RUN chmod +x ./entrypoint.sh + +COPY orcid-web/*.j2 . + +COPY orcid-web/log4j2.xml . + +ENTRYPOINT ./entrypoint.sh + diff --git a/orcid-web/log4j2.xml b/orcid-web/log4j2.xml new file mode 100644 index 00000000000..68d71adfa09 --- /dev/null +++ b/orcid-web/log4j2.xml @@ -0,0 +1,56 @@ + + + + /usr/local/tomcat/logs + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/orcid-web/orcid.properties.j2 b/orcid-web/orcid.properties.j2 new file mode 100644 index 00000000000..403886c7931 --- /dev/null +++ b/orcid-web/orcid.properties.j2 @@ -0,0 +1,184 @@ +################ +# DATABASE # +################ + +# Main database +org.orcid.persistence.db.class={{ ORG_ORCID_PERSISTENCE_DB_CLASS }} +org.orcid.persistence.db.dataSource={{ ORG_ORCID_PERSISTENCE_DB_DATA_SOURCE }} +org.orcid.persistence.db.dialect={{ ORG_ORCID_PERSISTENCE_DB_DIALECT }} +org.orcid.persistence.db.generateDdl={{ ORG_ORCID_PERSISTENCE_DB_GENERATE_DDL }} +org.orcid.persistence.db.hibernateStatistics={{ ORG_ORCID_PERSISTENCE_DB_HIBERNATE_STATISTICS }} +org.orcid.persistence.db.idleConnectionTestPeriod={{ ORG_ORCID_PERSISTENCE_DB_IDLE_CONNECTION_TEST_PERIOD }} +org.orcid.persistence.db.initialPoolSize={{ ORG_ORCID_PERSISTENCE_DB_INITIAL_POOL_SIZE }} +org.orcid.persistence.db.maxPoolSize={{ ORG_ORCID_PERSISTENCE_DB_MAX_POOL_SIZE }} +org.orcid.persistence.db.maxStatements={{ ORG_ORCID_PERSISTENCE_DB_MAX_STATEMENTS }} +org.orcid.persistence.db.minPoolSize={{ ORG_ORCID_PERSISTENCE_DB_MIN_POOL_SIZE }} +org.orcid.persistence.db.numHelperThreads={{ ORG_ORCID_PERSISTENCE_DB_NUM_HELPER_THREADS }} +org.orcid.persistence.db.password={{ ORG_ORCID_PERSISTENCE_DB_PASSWORD }} +org.orcid.persistence.db.preferredTestQuery={{ ORG_ORCID_PERSISTENCE_DB_PREFERRED_TEST_QUERY }} +org.orcid.persistence.db.showSql={{ ORG_ORCID_PERSISTENCE_DB_SHOW_SQL }} +org.orcid.persistence.db.testConnectionOnCheckin={{ ORG_ORCID_PERSISTENCE_DB_TEST_CONNECTION_ON_CHECKIN }} +org.orcid.persistence.db.url={{ ORG_ORCID_PERSISTENCE_DB_URL }} +org.orcid.persistence.db.username={{ ORG_ORCID_PERSISTENCE_DB_USERNAME }} + +# Read only database +org.orcid.persistence.db.readonly.class={{ ORG_ORCID_PERSISTENCE_DB_READONLY_CLASS }} +org.orcid.persistence.db.readonly.dataSource={{ ORG_ORCID_PERSISTENCE_DB_READONLY_DATA_SOURCE }} +org.orcid.persistence.db.readonly.dialect={{ ORG_ORCID_PERSISTENCE_DB_READONLY_DIALECT }} +org.orcid.persistence.db.readonly.generateDdl={{ ORG_ORCID_PERSISTENCE_DB_READONLY_GENERATE_DDL }} +org.orcid.persistence.db.readonly.idleConnectionTestPeriod={{ ORG_ORCID_PERSISTENCE_DB_READONLY_IDLE_CONNECTION_TEST_PERIOD }} +org.orcid.persistence.db.readonly.initialPoolSize={{ ORG_ORCID_PERSISTENCE_DB_READONLY_INITIAL_POOL_SIZE }} +org.orcid.persistence.db.readonly.maxPoolSize={{ ORG_ORCID_PERSISTENCE_DB_READONLY_MAX_POOL_SIZE }} +org.orcid.persistence.db.readonly.maxStatements={{ ORG_ORCID_PERSISTENCE_DB_READONLY_MAX_STATEMENTS }} +org.orcid.persistence.db.readonly.minPoolSize={{ ORG_ORCID_PERSISTENCE_DB_READONLY_MIN_POOL_SIZE }} +org.orcid.persistence.db.readonly.password={{ ORG_ORCID_PERSISTENCE_DB_READONLY_PASSWORD }} +org.orcid.persistence.db.readonly.preferredTestQuery={{ ORG_ORCID_PERSISTENCE_DB_READONLY_PREFERRED_TEST_QUERY }} +org.orcid.persistence.db.readonly.showSql={{ ORG_ORCID_PERSISTENCE_DB_READONLY_SHOW_SQL }} +org.orcid.persistence.db.readonly.testConnectionOnCheckin={{ ORG_ORCID_PERSISTENCE_DB_READONLY_TEST_CONNECTION_ON_CHECKIN }} +org.orcid.persistence.db.readonly.url={{ ORG_ORCID_PERSISTENCE_DB_READONLY_URL }} +org.orcid.persistence.db.readonly.username={{ ORG_ORCID_PERSISTENCE_DB_READONLY_USERNAME }} + +# Features database +org.orcid.persistence.togglz.cache.ttl={{ ORG_ORCID_PERSISTENCE_TOGGLZ_CACHE_TTL }} +org.orcid.persistence.togglz.db.class={{ ORG_ORCID_PERSISTENCE_TOGGLZ_DB_CLASS }} +org.orcid.persistence.togglz.db.idleConnectionTestPeriod={{ ORG_ORCID_PERSISTENCE_TOGGLZ_DB_IDLE_CONNECTION_TEST_PERIOD }} +org.orcid.persistence.togglz.db.initialPoolSize={{ ORG_ORCID_PERSISTENCE_TOGGLZ_DB_INITIAL_POOL_SIZE }} +org.orcid.persistence.togglz.db.maxPoolSize={{ ORG_ORCID_PERSISTENCE_TOGGLZ_DB_MAX_POOL_SIZE }} +org.orcid.persistence.togglz.db.maxStatements={{ ORG_ORCID_PERSISTENCE_TOGGLZ_DB_MAX_STATEMENTS }} +org.orcid.persistence.togglz.db.minPoolSize={{ ORG_ORCID_PERSISTENCE_TOGGLZ_DB_MIN_POOL_SIZE }} +org.orcid.persistence.togglz.db.numHelperThreads={{ ORG_ORCID_PERSISTENCE_TOGGLZ_DB_NUM_HELPER_THREADS }} +org.orcid.persistence.togglz.db.password={{ ORG_ORCID_PERSISTENCE_TOGGLZ_DB_PASSWORD }} +org.orcid.persistence.togglz.db.preferredTestQuery={{ ORG_ORCID_PERSISTENCE_TOGGLZ_DB_PREFERRED_TEST_QUERY }} +org.orcid.persistence.togglz.db.testConnectionOnCheckin={{ ORG_ORCID_PERSISTENCE_TOGGLZ_DB_TEST_CONNECTION_ON_CHECKIN }} +org.orcid.persistence.togglz.db.url={{ ORG_ORCID_PERSISTENCE_TOGGLZ_DB_URL }} +org.orcid.persistence.togglz.db.username={{ ORG_ORCID_PERSISTENCE_TOGGLZ_DB_USERNAME }} + +################ +# CORE # +################ + +# ORCID URI's, no trailing slashes, please +org.orcid.core.aboutUri={{ ORG_ORCID_CORE_ABOUT_URI }} +org.orcid.core.apiBaseUri={{ ORG_ORCID_CORE_API_BASE_URI }} +org.orcid.core.baseUri={{ ORG_ORCID_CORE_BASE_URI }} +org.orcid.core.internalApiBaseUri={{ ORG_ORCID_CORE_INTERNAL_API_BASE_URI }} +org.orcid.core.pubBaseUri={{ ORG_ORCID_CORE_PUB_BASE_URI }} + +# Used to encrypt some user data before sending it to the database +org.orcid.core.passPhraseForExternalEncryption={{ ORG_ORCID_CORE_PASS_PHRASE_FOR_EXTERNAL_ENCRYPTION }} +org.orcid.core.passPhraseForInternalEncryption={{ ORG_ORCID_CORE_PASS_PHRASE_FOR_INTERNAL_ENCRYPTION }} + +# Unclaimed records wait period +org.orcid.core.claimWaitPeriodDays={{ ORG_ORCID_CORE_CLAIM_WAIT_PERIOD_DAYS }} + +# Mailgun +com.mailgun.alt.apiUrl={{ COM_MAILGUN_ALT_API_URL }} +com.mailgun.alt.notify.apiUrl={{ COM_MAILGUN_ALT_NOTIFY_API_URL }} +com.mailgun.alt.verify.apiUrl={{ COM_MAILGUN_ALT_VERIFY_API_URL }} +com.mailgun.apiKey={{ COM_MAILGUN_API_KEY }} +com.mailgun.apiUrl={{ COM_MAILGUN_API_URL }} +com.mailgun.marketing.apiUrl={{ COM_MAILGUN_MARKETING_API_URL }} +com.mailgun.notify.apiUrl={{ COM_MAILGUN_NOTIFY_API_URL }} +com.mailgun.regexFilter={{ COM_MAILGUN_REGEX_FILTER }} +com.mailgun.testmode={{ COM_MAILGUN_TESTMODE }} +com.mailgun.verify.apiUrl={{ COM_MAILGUN_VERIFY_API_URL }} + +# Oauth +org.orcid.core.oauth.auth_code.expiration_minutes={{ ORG_ORCID_CORE_OAUTH_AUTH_CODE_EXPIRATION_MINUTES }} +org.orcid.core.oauth.supportRefreshToken={{ ORG_ORCID_CORE_OAUTH_SUPPORT_REFRESH_TOKEN }} +org.orcid.core.token.implicit_validity_seconds={{ ORG_ORCID_CORE_TOKEN_IMPLICIT_VALIDITY_SECONDS }} +org.orcid.core.token.read_validity_seconds={{ ORG_ORCID_CORE_TOKEN_READ_VALIDITY_SECONDS }} +org.orcid.core.token.write_validity_seconds={{ ORG_ORCID_CORE_TOKEN_WRITE_VALIDITY_SECONDS }} + +# OpenID connect JWKS location. Use filesystem location for prod, or an escaped JSON string in jwks_test_key for dev. +# Generate a key here: https://mkjwk.org/ +org.orcid.openid.jwksKeyName={{ ORG_ORCID_OPENID_JWKS_KEY_NAME }} +org.orcid.openid.jwksLocation={{ ORG_ORCID_OPENID_JWKS_LOCATION }} +org.orcid.openid.jwksTestKey={{ ORG_ORCID_OPENID_JWKS_TEST_KEY }} + +# node number and total number of nodes. +org.orcid.core.node={{ ORG_ORCID_CORE_NODE }} +org.orcid.core.numberOfNodes={{ ORG_ORCID_CORE_NUMBER_OF_NODES }} + +# CORS allowed domains +org.orcid.security.cors.allowed_domains={{ ORG_ORCID_SECURITY_CORS_ALLOWED_DOMAINS }} + +# Messaging +# Replace with tcp://domain.com:61616 in live to point at ActiveMQ location +org.orcid.messaging.brokerURL={{ ORG_ORCID_MESSAGING_BROKER_URL }} +org.orcid.persistence.messaging.enabled={{ ORG_ORCID_PERSISTENCE_MESSAGING_ENABLED }} + +# Slack +org.orcid.core.slack.channel={{ ORG_ORCID_CORE_SLACK_CHANNEL }} +org.orcid.core.slack.webhookUrl={{ ORG_ORCID_CORE_SLACK_WEBHOOK_URL }} + +# Crossref finder +org.orcid.core.finder.crossref.clientid={{ ORG_ORCID_CORE_FINDER_CROSSREF_CLIENTID }} +org.orcid.core.finder.crossref.enabled={{ ORG_ORCID_CORE_FINDER_CROSSREF_ENABLED }} +org.orcid.core.finder.crossref.endpoint={{ ORG_ORCID_CORE_FINDER_CROSSREF_ENDPOINT }} + +# Datacite finder +org.orcid.core.finder.datacite.clientid={{ ORG_ORCID_CORE_FINDER_DATACITE_CLIENTID }} +org.orcid.core.finder.datacite.enabled={{ ORG_ORCID_CORE_FINDER_DATACITE_ENABLED }} +org.orcid.core.finder.datacite.endpoint={{ ORG_ORCID_CORE_FINDER_DATACITE_ENDPOINT }} + +# Bulk read max +org.orcid.core.works.bulk.read.max={{ ORG_ORCID_CORE_WORKS_BULK_READ_MAX }} + +# Bulk write max +org.orcid.core.works.bulk.write.max={{ ORG_ORCID_CORE_WORKS_BULK_WRITE_MAX }} + +# Client details id for issn sources +org.orcid.core.issn.source={{ ORG_ORCID_CORE_ISSN_SOURCE }} + +# Orgs grouping +org.orcid.core.orgs.query={{ ORG_ORCID_CORE_ORGS_QUERY }} +org.orcid.core.orgsToGroup.query={{ ORG_ORCID_CORE_ORGS_TO_GROUP_QUERY }} + +# Solr +org.orcid.persistence.solr.read.only.url={{ ORG_ORCID_PERSISTENCE_SOLR_READ_ONLY_URL }} + +# Control where liquibase runs +org.orcid.persistence.liquibase.enabled={{ ORG_ORCID_PERSISTENCE_LIQUIBASE_ENABLED }} + +################ +# UI # +################ + +# General +org.orcid.frontend.web.domainsAllowingRobotsAsWhiteSpaceSeparatedList={{ ORG_ORCID_FRONTEND_WEB_DOMAINS_ALLOWING_ROBOTS_AS_WHITE_SPACE_SEPARATED_LIST }} + +# Shibboleth +org.orcid.shibboleth.enabled={{ ORG_ORCID_SHIBBOLETH_ENABLED }} + +# Recaptcha +org.orcid.recaptcha.secret={{ ORG_ORCID_RECAPTCHA_SECRET }} +org.orcid.recaptcha.verify_url={{ ORG_ORCID_RECAPTCHA_VERIFY_URL }} +org.orcid.recaptcha.web_site_key={{ ORG_ORCID_RECAPTCHA_WEB_SITE_KEY }} + +# spring-social +org.orcid.social.fb.key={{ ORG_ORCID_SOCIAL_FB_KEY }} +org.orcid.social.fb.redirectUri={{ ORG_ORCID_SOCIAL_FB_REDIRECT_URI }} +org.orcid.social.fb.secret={{ ORG_ORCID_SOCIAL_FB_SECRET }} + +# Signing in via Google +org.orcid.social.gg.key={{ ORG_ORCID_SOCIAL_GG_KEY }} +org.orcid.social.gg.secret={{ ORG_ORCID_SOCIAL_GG_SECRET }} + +# Salesforce integration +org.orcid.microservice.gateway.url={{ ORG_ORCID_MICROSERVICE_GATEWAY_URL }} +org.orcid.microservice.salesforce.token={{ ORG_ORCID_MICROSERVICE_SALESFORCE_TOKEN }} + +# Account lockout +org.orcid.core.profile.lockout.threshhold={{ ORG_ORCID_CORE_PROFILE_LOCKOUT_THRESHHOLD }} +org.orcid.core.profile.lockout.window={{ ORG_ORCID_CORE_PROFILE_LOCKOUT_WINDOW }} + +# Redis +org.orcid.core.utils.cache.redis.host={{ ORG_ORCID_CORE_UTILS_CACHE_REDIS_HOST }} +org.orcid.core.utils.cache.redis.port={{ ORG_ORCID_CORE_UTILS_CACHE_REDIS_PORT }} +org.orcid.core.utils.cache.redis.password={{ ORG_ORCID_CORE_UTILS_CACHE_REDIS_PASSWORD }} +org.orcid.core.utils.cache.redis.enabled={{ ORG_ORCID_CORE_UTILS_CACHE_REDIS_ENABLED }} +org.orcid.core.utils.cache.redis.summary.enabled={{ ORG_ORCID_CORE_UTILS_CACHE_REDIS_SUMMARY_ENABLED }} + +# Maintenance message +org.orcid.frontend.web.maintenanceHeaderUrl={{ ORG_ORCID_FRONTEND_WEB_MAINTENANCE_HEADER_URL }} diff --git a/properties/default.frontend.env b/properties/default.frontend.env new file mode 100644 index 00000000000..578de2287fd --- /dev/null +++ b/properties/default.frontend.env @@ -0,0 +1,11 @@ +--- +ORG_ORCID_FRONTEND_WEB_DOMAINS_ALLOWING_ROBOTS_AS_WHITE_SPACE_SEPARATED_LIST: orcid.org localhost localhost:8443/orcid-web +ORG_ORCID_FRONTEND_WEB_MAINTENANCE_HEADER_URL: file:///opt/data/maintenance.html +ORG_ORCID_SHIBBOLETH_ENABLED: "true" +ORG_ORCID_RECAPTCHA_SECRET: "unset" +ORG_ORCID_RECAPTCHA_VERIFY_URL: https://www.google.com/recaptcha/api/siteverify +ORG_ORCID_RECAPTCHA_WEB_SITE_KEY: "unset" +ORG_ORCID_CORE_PROFILE_LOCKOUT_THRESHHOLD: "100" +ORG_ORCID_CORE_PROFILE_LOCKOUT_WINDOW: "1" +ORG_ORCID_MICROSERVICE_GATEWAY_URL: https://localhost:8761 +ORG_ORCID_MICROSERVICE_SALESFORCE_TOKEN: empty diff --git a/properties/default.misc.env b/properties/default.misc.env new file mode 100644 index 00000000000..b7cbd986585 --- /dev/null +++ b/properties/default.misc.env @@ -0,0 +1,12 @@ +--- +ORG_ORCID_LISTENER_PERSISTENCE_SOLR_SOCKET_TIMEOUT="60000" +ORG_ORCID_MESSAGING_BROKER_URL=tcp://localhost:61616?jms.useAsyncSend=true&jms.useCompression=true +ORG_ORCID_OPENID_JWKS_KEY_NAME=OpenIDTestKey1 +ORG_ORCID_OPENID_JWKS_LOCATION= +ORG_ORCID_OPENID_JWKS_TEST_KEY={"keys":[{"kty":"RSA","d":"i6C2Vdr7HDMj9wOBx28epQ7KPpzU_RDfGmQF8c81MoQU2KkpuNcFD49Rixzp3nQa58vtCOzAKeHwglpqm4elcai-uTW0bcdW1DOqYbwzQEk7pVQF-mMEUC-Rvd3Y5SIhCrHQYHGq9Q58uyuolG-Exq4h1AgyhUBX3CETCqzhPshOmB_Y4OuasdhyuVNySBbo-ZOYSd-HMrsrv1lt5WckWz22wmsREjO5AoRPpF17UVp3nMRCTy2v1acUrNtG64MdaFUpmLt9a-RqseFErE2Tm-kEUSBjYucswQ0_ZIs_VUdPWet4twqulB2bJi2ET6pP25DufOtR0x3ijvEPAfvhwQ","e":"AQAB","use":"sig","kid":"OpenIDTestKey1","alg":"RS256","n":"qCtxWP2HppC8PBEXUh6b5RPECAzQS01khDwbxCSndO-YtS1MYpNlmtUgdtoAEoIP9TFMqXOsltKmGFioy0CeWLi53M-iX-Ygjd3zSQAbr0BU0-86somdbIlFxuvGA8v6AC7MNlICTwbGExCufL_hivrzF1XVqi5zIovM1LA8k2bP4BKMEjNwhGBGJ0E9KcQYv65foZr9K0C6YYJDFE6YqsHP_czvbI1ij7MfDvN5cwmHRGMGOyzDCmT_SmjoZAZ4vSXbl2wI5txIj70RLLSK4oahktb-09c0lDVYpCno7LqsLR8E3DuTUniYwYMHlXeBor_G7sJw2alF568m1iZ_zQ"}]} + + +ORG_ORCID_SECURITY_CORS_ALLOWED_DOMAINS=localhost,docker-dev.orcid.org +ORG_ORCID_SWAGGER_AUTHENDPOINT=https://docker-dev.orcid.org/oauth/authorize +# NOTE=this endpoint is always pub. +ORG_ORCID_SWAGGER_TOKENENDPOINT=https://pub.orcid.org/oauth/token diff --git a/properties/default.orcid_core.env b/properties/default.orcid_core.env new file mode 100644 index 00000000000..f4707afd283 --- /dev/null +++ b/properties/default.orcid_core.env @@ -0,0 +1,39 @@ +ORG_ORCID_CORE_ABOUT_URI=https://info.orcid.org +ORG_ORCID_CORE_API_ANALYTICS_ENDPOINT=https://www.google-analytics.com/collect +ORG_ORCID_CORE_API_ANALYTICS_TRACKING_CODE=UA-17492803-10 +ORG_ORCID_CORE_API_BASE_URI=https://api.docker-dev.orcid.org +ORG_ORCID_CORE_BASE_URI=https://docker-dev.orcid.org +ORG_ORCID_CORE_CLAIM_WAIT_PERIOD_DAYS="1" +ORG_ORCID_CORE_FINDER_CROSSREF_CLIENTID=APP-9999999999999901 +ORG_ORCID_CORE_FINDER_CROSSREF_ENABLED="true" +ORG_ORCID_CORE_FINDER_CROSSREF_ENDPOINT=https://search.crossref.org/dois?q= +ORG_ORCID_CORE_FINDER_DATACITE_CLIENTID=APP-9999999999999901 +ORG_ORCID_CORE_FINDER_DATACITE_ENABLED="true" +ORG_ORCID_CORE_FINDER_DATACITE_ENDPOINT=https://api.datacite.org/works?query= +ORG_ORCID_CORE_INTERNAL_API_BASE_URI=http://localhost:8080/orcid-internal-api +ORG_ORCID_CORE_IDP_METADATA_URLS_SPACE_SEPARATED=https://samltest.id/saml/sp http://mds.edugain.org https://engine.surfconext.nl/authentication/idp/metadata +ORG_ORCID_CORE_ISSN_SOURCE=APP-POCQZAUC70YOFL9R +ORG_ORCID_CORE_NODE="1" +ORG_ORCID_CORE_NUMBER_OF_NODES="1" +ORG_ORCID_CORE_OAUTH_AUTH_CODE_EXPIRATION_MINUTES="1440" +ORG_ORCID_CORE_OAUTH_SUPPORT_REFRESH_TOKEN="true" +ORG_ORCID_CORE_PASS_PHRASE_FOR_EXTERNAL_ENCRYPTION="wibbler12345678" +ORG_ORCID_CORE_PASS_PHRASE_FOR_INTERNAL_ENCRYPTION="wibbler12345678" +ORG_ORCID_CORE_PUB_BASE_URI=https://pub.docker-dev.orcid.org +ORG_ORCID_CORE_SLACK_CHANNEL=system-alerts-dev +ORG_ORCID_CORE_SLACK_WEBHOOK_URL=see_overrides +ORG_ORCID_CORE_TOKEN_IMPLICIT_VALIDITY_SECONDS="600" +ORG_ORCID_CORE_TOKEN_READ_VALIDITY_SECONDS="631138519" +ORG_ORCID_CORE_TOKEN_WRITE_VALIDITY_SECONDS="3600" +ORG_ORCID_CORE_UTILS_CACHE_REDIS_ENABLED=false +ORG_ORCID_CORE_UTILS_CACHE_REDIS_HOST=redis +ORG_ORCID_CORE_UTILS_CACHE_REDIS_PASSWORD=wibble +ORG_ORCID_CORE_UTILS_CACHE_REDIS_PORT=6379 +ORG_ORCID_CORE_UTILS_CACHE_REDIS_SUMMARY_ENABLED=false +ORG_ORCID_CORE_WORKS_BULK_READ_MAX="100" +ORG_ORCID_CORE_WORKS_BULK_WRITE_MAX="100" + +ORG_ORCID_CORE_MAX_JOBS_PER_CLIENT="20" +ORG_ORCID_CORE_NUMBER_OF_WEBHOOK_THREADS="60" +ORG_ORCID_CORE_WEBHOOK_MAX_PER_RUN="10000" +ORG_ORCID_CORE_WEBHOOK_RETRY_DELAY_MINUTES="15" diff --git a/properties/default.persistence.env b/properties/default.persistence.env new file mode 100644 index 00000000000..6569d2ea096 --- /dev/null +++ b/properties/default.persistence.env @@ -0,0 +1,67 @@ +ORG_ORCID_PERSISTENCE_DB_CLASS=org.postgresql.Driver +ORG_ORCID_PERSISTENCE_DB_DATA_SOURCE=pooledDataSource +ORG_ORCID_PERSISTENCE_DB_DIALECT=org.hibernate.dialect.PostgreSQLDialect +ORG_ORCID_PERSISTENCE_DB_GENERATE_DDL="false" +ORG_ORCID_PERSISTENCE_DB_HIBERNATE_STATISTICS="true" +ORG_ORCID_PERSISTENCE_DB_IDLE_CONNECTION_TEST_PERIOD="60" +ORG_ORCID_PERSISTENCE_DB_INITIAL_POOL_SIZE="1" +ORG_ORCID_PERSISTENCE_DB_MAX_POOL_SIZE="20" +ORG_ORCID_PERSISTENCE_DB_MAX_STATEMENTS="0" +ORG_ORCID_PERSISTENCE_DB_MIN_POOL_SIZE="5" +ORG_ORCID_PERSISTENCE_DB_NUM_HELPER_THREADS="10" +ORG_ORCID_PERSISTENCE_DB_PASSWORD=orcid +ORG_ORCID_PERSISTENCE_DB_PREFERRED_TEST_QUERY=select 1 +ORG_ORCID_PERSISTENCE_DB_READONLY_CLASS=org.postgresql.Driver +ORG_ORCID_PERSISTENCE_DB_READONLY_DATA_SOURCE=pooledDataSourceReadOnly +ORG_ORCID_PERSISTENCE_DB_READONLY_DIALECT=org.hibernate.dialect.PostgreSQLDialect +ORG_ORCID_PERSISTENCE_DB_READONLY_GENERATE_DDL="false" +ORG_ORCID_PERSISTENCE_DB_READONLY_IDLE_CONNECTION_TEST_PERIOD="60" +ORG_ORCID_PERSISTENCE_DB_READONLY_INITIAL_POOL_SIZE="1" +ORG_ORCID_PERSISTENCE_DB_READONLY_MAX_POOL_SIZE="20" +ORG_ORCID_PERSISTENCE_DB_READONLY_MAX_STATEMENTS="0" +ORG_ORCID_PERSISTENCE_DB_READONLY_MIN_POOL_SIZE="5" +ORG_ORCID_PERSISTENCE_DB_READONLY_PASSWORD=orcidro +ORG_ORCID_PERSISTENCE_DB_READONLY_PREFERRED_TEST_QUERY=select 1 +ORG_ORCID_PERSISTENCE_DB_READONLY_SHOW_SQL="false" +ORG_ORCID_PERSISTENCE_DB_READONLY_TEST_CONNECTION_ON_CHECKIN="true" +ORG_ORCID_PERSISTENCE_DB_READONLY_URL=jdbc:postgresql://postgres:5432/orcid +ORG_ORCID_PERSISTENCE_DB_READONLY_USERNAME=orcidro +ORG_ORCID_PERSISTENCE_DB_SHOW_SQL="false" +ORG_ORCID_PERSISTENCE_DB_TEST_CONNECTION_ON_CHECKIN="true" +ORG_ORCID_PERSISTENCE_DB_URL=jdbc:postgresql://postgres:5432/orcid +ORG_ORCID_PERSISTENCE_DB_USERNAME=orcid +ORG_ORCID_PERSISTENCE_INTERNAL_API_DB_INITIAL_POOL_SIZE="1" +ORG_ORCID_PERSISTENCE_INTERNAL_API_DB_MAX_POOL_SIZE="3" +ORG_ORCID_PERSISTENCE_INTERNAL_API_DB_MIN_POOL_SIZE="1" +ORG_ORCID_PERSISTENCE_INTERNAL_API_DB_READONLY_INITIAL_POOL_SIZE="1" +ORG_ORCID_PERSISTENCE_INTERNAL_API_DB_READONLY_MAX_POOL_SIZE="3" +ORG_ORCID_PERSISTENCE_INTERNAL_API_DB_READONLY_MIN_POOL_SIZE="1" +ORG_ORCID_PERSISTENCE_MESSAGING_ENABLED="false" +ORG_ORCID_PERSISTENCE_MESSAGING_UPDATED_DISAMBIGUATED_ORG_INDEXING_BATCH_SIZE="5000" + +ORG_ORCID_PERSISTENCE_LIQUIBASE_ENABLED="false" +ORG_ORCID_PERSISTENCE_SOLR_ALLOW_COMPRESSION="true" +ORG_ORCID_PERSISTENCE_SOLR_CONNECTION_TIMEOUT="60000" +ORG_ORCID_PERSISTENCE_SOLR_MAX_RETRIES="1" +ORG_ORCID_PERSISTENCE_SOLR_READ_ONLY_URL=http://solr/solr +ORG_ORCID_PERSISTENCE_TOGGLZ_CACHE_TTL="60000" +ORG_ORCID_PERSISTENCE_TOGGLZ_DB_CLASS=org.postgresql.Driver +ORG_ORCID_PERSISTENCE_TOGGLZ_DB_IDLE_CONNECTION_TEST_PERIOD="60" +ORG_ORCID_PERSISTENCE_TOGGLZ_DB_INITIAL_POOL_SIZE="1" +ORG_ORCID_PERSISTENCE_TOGGLZ_DB_MAX_POOL_SIZE="5" +ORG_ORCID_PERSISTENCE_TOGGLZ_DB_MAX_STATEMENTS="0" +ORG_ORCID_PERSISTENCE_TOGGLZ_DB_MIN_POOL_SIZE="3" +ORG_ORCID_PERSISTENCE_TOGGLZ_DB_NUM_HELPER_THREADS="5" +ORG_ORCID_PERSISTENCE_TOGGLZ_DB_PASSWORD=orcid +ORG_ORCID_PERSISTENCE_TOGGLZ_DB_PREFERRED_TEST_QUERY=select 1 +ORG_ORCID_PERSISTENCE_TOGGLZ_DB_TEST_CONNECTION_ON_CHECKIN="true" +ORG_ORCID_PERSISTENCE_TOGGLZ_DB_URL=jdbc:postgresql://postgres:5432/features +ORG_ORCID_PERSISTENCE_TOGGLZ_DB_USERNAME=orcid + +# sched ones +ORG_ORCID_PERSISTENCE_INDEXING_DELAY="60" +ORG_ORCID_PERSISTENCE_MESSAGING_INDEXING_BATCH_SIZE="500" +ORG_ORCID_POSTGRES_QUERY_TIMEOUT="50000" +ORG_ORCID_SCHEDULER_WEB_PROCESS_PROFILES_PENDING_INDEXING_DELAY_SECONDS="300" + +ORG_ORCID_PERSISTENCE_WEBHOOK_MAX_ATTEMPT_COUNT="15" From 5899a7664028855ba35cf3413c7868bef1f79a68 Mon Sep 17 00:00:00 2001 From: Giles Westwood Date: Fri, 29 Nov 2024 00:36:47 +0000 Subject: [PATCH 02/19] missing newrelic config --- newrelic.yml | 289 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 289 insertions(+) create mode 100644 newrelic.yml diff --git a/newrelic.yml b/newrelic.yml new file mode 100644 index 00000000000..99b1dddd9b4 --- /dev/null +++ b/newrelic.yml @@ -0,0 +1,289 @@ +# This file configures the New Relic Agent. New Relic monitors +# Java applications with deep visibility and low overhead. For more details and additional +# configuration options visit https://docs.newrelic.com/docs/java/java-agent-configuration. +# +# <%= generated_for_user %> +# +# This section is for settings common to all environments. +# Do not add anything above this next line. +common: &default_settings + + # ============================== LICENSE KEY =============================== + # You must specify the license key associated with your New Relic + # account. For example, if your license key is 12345 use this: + # license_key: '12345' + # The key binds your Agent's data to your account in the New Relic service. + + # Agent Enabled + # Use this setting to disable the agent instead of removing it from the startup command. + # Default is true. + agent_enabled: True + + # Set the name of your application as you'd like it show up in New Relic. + # If enable_auto_app_naming is false, the agent reports all data to this application. + # Otherwise, the agent reports only background tasks (transactions for non-web applications) + # to this application. To report data to more than one application + # (useful for rollup reporting), separate the application names with ";". + # For example, to report data to "My Application" and "My Application 2" use this: + # app_name: My Application;My Application 2 + # This setting is required. Up to 3 different application names can be specified. + # The first application name must be unique. + + # To enable high security, set this property to true. When in high + # security mode, the agent will use SSL and obfuscated SQL. Additionally, + # request parameters and message parameters will not be sent to New Relic. + high_security: False + + # Set to true to enable support for auto app naming. + # The name of each web app is detected automatically + # and the agent reports data separately for each one. + # This provides a finer-grained performance breakdown for + # web apps in New Relic. + # Default is false. + enable_auto_app_naming: False + + # Set to true to enable component-based transaction naming. + # Set to false to use the URI of a web request as the name of the transaction. + # Default is true. + enable_auto_transaction_naming: True + + # The agent uses its own log file to keep its logging + # separate from that of your application. Specify the log level here. + # This setting is dynamic, so changes do not require restarting your application. + # The levels in increasing order of verboseness are: + # off, severe, warning, info, fine, finer, finest + # Default is info. + log_level: info + + # Log all data sent to and from New Relic in plain text. + # This setting is dynamic, so changes do not require restarting your application. + # Default is false. + audit_mode: False + + # The number of backup log files to save. + # Default is 1. + log_file_count: 1 + + # The maximum number of kbytes to write to any one log file. + # The log_file_count must be set greater than 1. + # Default is 0 (no limit). + log_limit_in_kbytes: 0 + + # Override other log rolling configuration and roll the logs daily. + # Default is false. + log_daily: False + + # The name of the log file. + # Default is newrelic_agent.log. + log_file_name: newrelic_agent.log + + # The log file directory. + # Default is the logs directory in the newrelic.jar parent directory. + + + # Proxy settings for connecting to the New Relic server: + # If a proxy is used, the host setting is required. Other settings + # are optional. Default port is 8080. The username and password + # settings will be used to authenticate to Basic Auth challenges + # from a proxy server. Proxy scheme will allow the agent to + # connect through proxies using the HTTPS scheme. + #proxy_host: hostname + #proxy_port: 8080 + #proxy_user: username + #proxy_password: password + #proxy_scheme: https + + # Limits the number of lines to capture for each stack trace. + # Default is 30 + max_stack_trace_lines: 30 + + # Provides the ability to configure the attributes sent to New Relic. These + # attributes can be found in transaction traces, traced errors, Insight's + # transaction events, and Insight's page views. + attributes: + # When true, attributes will be sent to New Relic. The default is true. + enabled: True + + #A comma separated list of attribute keys whose values should + # be sent to New Relic. + #include: + # A comma separated list of attribute keys whose values should + # not be sent to New Relic. + #exclude: + + # Transaction tracer captures deep information about slow + # transactions and sends this to the New Relic service once a + # minute. Included in the transaction is the exact call sequence of + # the transactions including any SQL statements issued. + transaction_tracer: + + # Transaction tracer is enabled by default. Set this to false to turn it off. + # This feature is not available to Lite accounts and is automatically disabled. + # Default is true. + enabled: True + + # Threshold in seconds for when to collect a transaction + # trace. When the response time of a controller action exceeds + # this threshold, a transaction trace will be recorded and sent to + # New Relic. Valid values are any float value, or (default) "apdex_f", + # which will use the threshold for the "Frustrated" Apdex level + # (greater than four times the apdex_t value). + # Default is apdex_f. + transaction_threshold: apdex_f + + # When transaction tracer is on, SQL statements can optionally be + # recorded. The recorder has three modes, "off" which sends no + # SQL, "raw" which sends the SQL statement in its original form, + # and "obfuscated", which strips out numeric and string literals. + # Default is obfuscated. + record_sql: obfuscated + + # Set this to true to log SQL statements instead of recording them. + # SQL is logged using the record_sql mode. + # Default is false. + log_sql: False + + # Threshold in seconds for when to collect stack trace for a SQL + # call. In other words, when SQL statements exceed this threshold, + # then capture and send to New Relic the current stack trace. This is + # helpful for pinpointing where long SQL calls originate from. + # Default is 0.5 seconds. + stack_trace_threshold: 0.5 + + # Determines whether the agent will capture query plans for slow + # SQL queries. Only supported for MySQL and PostgreSQL. + # Default is true. + explain_enabled: True + + # Threshold for query execution time below which query plans will not + # not be captured. Relevant only when `explain_enabled` is true. + # Default is 0.5 seconds. + explain_threshold: 0.5 + + # Use this setting to control the variety of transaction traces. + # The higher the setting, the greater the variety. + # Set this to 0 to always report the slowest transaction trace. + # Default is 20. + top_n: 20 + + # Error collector captures information about uncaught exceptions and + # sends them to New Relic for viewing. + error_collector: + + # This property enables the collection of errors. If the property is not + # set or the property is set to false, then errors will not be collected. + # Default is true. + enabled: True + + # Use this property to exclude specific exceptions from being reported as errors + # by providing a comma separated list of full class names. + # The default is to exclude akka.actor.ActorKilledException. If you want to override + # this, you must provide any new value as an empty list is ignored. + ignore_errors: akka.actor.ActorKilledException + + # Use this property to exclude specific http status codes from being reported as errors + # by providing a comma separated list of status codes. + # The default is to exclude 404s. If you want to override + # this, you must provide any new value as an empty list is ignored. + ignore_status_codes: 404 + + # Transaction Events are used for Histograms and Percentiles. Unaggregated data is collected + # for each web transaction and sent to the server on harvest. + transaction_events: + + # Set to false to disable transaction events. + # Default is true. + enabled: True + + # Events are collected up to the configured amount. Afterwards, events are sampled to + # maintain an even distribution across the harvest cycle. + # Default is 2000. Setting to 0 will disable. + max_samples_stored: 2000 + + # Distributed tracing lets you see the path that a request takes through your distributed system. + # Enabling distributed tracing changes the behavior of some New Relic features, so carefully consult the transition + # guide before you enable this feature: https://docs.newrelic.com/docs/transition-guide-distributed-tracing + # Default is false. + distributed_tracing: + enabled: False + + # Cross Application Tracing adds request and response headers to + # external calls using supported HTTP libraries to provide better + # performance data when calling applications monitored by other New Relic Agents. + cross_application_tracer: + + # Set to false to disable cross application tracing. + # Default is true. + enabled: True + + # Thread profiler measures wall clock time, CPU time, and method call counts + # in your application's threads as they run. + # This feature is not available to Lite accounts and is automatically disabled. + thread_profiler: + + # Set to false to disable the thread profiler. + # Default is true. + enabled: True + + # New Relic Real User Monitoring gives you insight into the performance real users are + # experiencing with your website. This is accomplished by measuring the time it takes for + # your users' browsers to download and render your web pages by injecting a small amount + # of JavaScript code into the header and footer of each page. + browser_monitoring: + + # By default the agent automatically inserts API calls in compiled JSPs to + # inject the monitoring JavaScript into web pages. Not all rendering engines are supported. + # See https://docs.newrelic.com/docs/java/real-user-monitoring-in-java#manual_instrumentation + # for instructions to add these manually to your pages. + # Set this attribute to false to turn off this behavior. + auto_instrument: True + + class_transformer: + # This instrumentation reports the name of the user principal returned from + # HttpServletRequest.getUserPrincipal() when servlets and filters are invoked. + com.newrelic.instrumentation.servlet-user: + enabled: false + + com.newrelic.instrumentation.spring-aop-2: + enabled: false + + # This instrumentation reports metrics for resultset operations. + com.newrelic.instrumentation.jdbc-resultset: + enabled: false + + # Classes loaded by classloaders in this list will not be instrumented. + # This is a useful optimization for runtimes which use classloaders to + # load dynamic classes which the agent would not instrument. + classloader_excludes: + groovy.lang.GroovyClassLoader$InnerLoader, + org.codehaus.groovy.runtime.callsite.CallSiteClassLoader, + com.collaxa.cube.engine.deployment.BPELClassLoader, + org.springframework.data.convert.ClassGeneratingEntityInstantiator$ObjectInstantiatorClassGenerator, + org.mvel2.optimizers.impl.asm.ASMAccessorOptimizer$ContextClassLoader, + gw.internal.gosu.compiler.SingleServingGosuClassLoader, + + # User-configurable custom labels for this agent. Labels are name-value pairs. + # There is a maximum of 64 labels per agent. Names and values are limited to 255 characters. + # Names and values may not contain colons (:) or semicolons (;). + labels: + + # An example label + #label_name: label_value + + + +# Application Environments +# ------------------------------------------ +# Environment specific settings are in this section. +# You can use the environment to override the default settings. +# For example, to change the app_name setting. +# Use -Dnewrelic.environment= on the Java startup command line +# to set the environment. +# The default environment is production. + +# NOTE if your application has other named environments, you should +# provide configuration settings for these environments here. + +production: + <<: *default_settings + From 6e70747fcaa724344b9f8f17fc04a85b0a3dcb99 Mon Sep 17 00:00:00 2001 From: Giles Westwood Date: Fri, 29 Nov 2024 00:51:52 +0000 Subject: [PATCH 03/19] json entrypoint recommendation --- orcid-web/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/orcid-web/Dockerfile b/orcid-web/Dockerfile index a90b8260ab7..41bfb4f7d88 100644 --- a/orcid-web/Dockerfile +++ b/orcid-web/Dockerfile @@ -96,5 +96,5 @@ COPY orcid-web/*.j2 . COPY orcid-web/log4j2.xml . -ENTRYPOINT ./entrypoint.sh +ENTRYPOINT [ "./entrypoint.sh" ] From 9e067eae3d57f1a4b7cdb9df08c654bb343c930d Mon Sep 17 00:00:00 2001 From: Giles Westwood Date: Fri, 29 Nov 2024 00:57:19 +0000 Subject: [PATCH 04/19] allow frontend to be configured separately to web --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 4cbcc0d201f..6b74f67e798 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -51,7 +51,7 @@ services: # orcid-angular project frontend: - image: ${DOCKER_REG_PRIVATE}/orcid/registry/orcid-web-frontend-qa:${TAG:-0.0.1} + image: ${DOCKER_REG_PRIVATE}/orcid/registry/orcid-web-frontend-${FRONTEND_LABEL:-qa}:${FRONTEND_TAG:-0.0.1} # entrypoint: sleep infinity build: context: . From ecc70cacfa2750bdef5a389d62b69262282388c8 Mon Sep 17 00:00:00 2001 From: Giles Westwood Date: Fri, 29 Nov 2024 00:58:15 +0000 Subject: [PATCH 05/19] add postgres, redis, haproxy lb containers for dev --- docker-entrypoint-initdb.d/1-dev-users.sql | 5 + docker-entrypoint-initdb.d/2-createdb.sql | 8 + docker-entrypoint-initdb.d/4-orcid-schema.sql | 6479 +++++++++++++++++ .../5-orcid-extension.sql | 15 + docker-entrypoint-initdb.d/6-features.sql | 196 + orcid-lb/Dockerfile | 7 + orcid-lb/haproxy.cfg | 113 + redis/Dockerfile | 12 + 8 files changed, 6835 insertions(+) create mode 100644 docker-entrypoint-initdb.d/1-dev-users.sql create mode 100644 docker-entrypoint-initdb.d/2-createdb.sql create mode 100644 docker-entrypoint-initdb.d/4-orcid-schema.sql create mode 100644 docker-entrypoint-initdb.d/5-orcid-extension.sql create mode 100644 docker-entrypoint-initdb.d/6-features.sql create mode 100644 orcid-lb/Dockerfile create mode 100644 orcid-lb/haproxy.cfg create mode 100644 redis/Dockerfile diff --git a/docker-entrypoint-initdb.d/1-dev-users.sql b/docker-entrypoint-initdb.d/1-dev-users.sql new file mode 100644 index 00000000000..2b44dd0fba0 --- /dev/null +++ b/docker-entrypoint-initdb.d/1-dev-users.sql @@ -0,0 +1,5 @@ +CREATE USER orcid WITH PASSWORD 'orcid'; +CREATE USER statistics WITH PASSWORD 'statistics'; +CREATE USER orcidro WITH PASSWORD 'orcidro'; +CREATE USER dw_user WITH PASSWORD 'dw_user'; + diff --git a/docker-entrypoint-initdb.d/2-createdb.sql b/docker-entrypoint-initdb.d/2-createdb.sql new file mode 100644 index 00000000000..f563191811e --- /dev/null +++ b/docker-entrypoint-initdb.d/2-createdb.sql @@ -0,0 +1,8 @@ +CREATE DATABASE orcid; + +CREATE DATABASE statistics; + +CREATE DATABASE features; + +CREATE DATABASE message_listener; + diff --git a/docker-entrypoint-initdb.d/4-orcid-schema.sql b/docker-entrypoint-initdb.d/4-orcid-schema.sql new file mode 100644 index 00000000000..113028002b6 --- /dev/null +++ b/docker-entrypoint-initdb.d/4-orcid-schema.sql @@ -0,0 +1,6479 @@ +-- +-- PostgreSQL database dump +-- + +-- Dumped from database version 13.10 (Ubuntu 13.10-1.pgdg20.04+1) +-- Dumped by pg_dump version 15.2 (Ubuntu 15.2-1.pgdg20.04+1) + +\c orcid + +SET statement_timeout = 0; +SET lock_timeout = 0; +SET idle_in_transaction_session_timeout = 0; +SET client_encoding = 'UTF8'; +SET standard_conforming_strings = on; +SELECT pg_catalog.set_config('search_path', '', false); +SET check_function_bodies = false; +SET xmloption = content; +SET client_min_messages = warning; +SET row_security = off; + +-- +-- Name: public; Type: SCHEMA; Schema: -; Owner: postgres +-- + + +ALTER SCHEMA public OWNER TO postgres; + +-- +-- Name: SCHEMA public; Type: COMMENT; Schema: -; Owner: postgres +-- + +COMMENT ON SCHEMA public IS 'standard public schema'; + + +-- +-- Name: org_disambiguated_descendent; Type: TYPE; Schema: public; Owner: orcid +-- + +CREATE TYPE public.org_disambiguated_descendent AS ( + id bigint, + source_id character varying, + source_parent_id character varying, + org_type character varying, + name character varying, + city character varying, + region character varying, + country character varying, + level integer +); + + +ALTER TYPE public.org_disambiguated_descendent OWNER TO orcid; + +-- +-- Name: json_intext(text); Type: FUNCTION; Schema: public; Owner: orcid +-- + +CREATE FUNCTION public.json_intext(text) RETURNS json + LANGUAGE sql IMMUTABLE + AS $_$ +SELECT json_in($1::cstring); +$_$; + + +ALTER FUNCTION public.json_intext(text) OWNER TO orcid; + +-- +-- Name: extract_doi(json); Type: FUNCTION; Schema: public; Owner: orcid +-- + +CREATE FUNCTION public.extract_doi(json) RETURNS character varying + LANGUAGE sql IMMUTABLE STRICT + AS $_$ +SELECT j->'workExternalIdentifierId'->>'content' +FROM (SELECT json_array_elements(json_extract_path($1, 'workExternalIdentifier')) AS j) AS a +WHERE j->>'workExternalIdentifierType' = 'DOI' +ORDER BY length(j->'workExternalIdentifierId'->>'content') DESC +LIMIT 1; +$_$; + + +ALTER FUNCTION public.extract_doi(json) OWNER TO orcid; + +-- +-- Name: find_org_disambiguated_descendents(character varying, character varying); Type: FUNCTION; Schema: public; Owner: orcid +-- + +CREATE FUNCTION public.find_org_disambiguated_descendents(source_id character varying, source_type character varying) RETURNS SETOF public.org_disambiguated_descendent + LANGUAGE sql IMMUTABLE STRICT + AS $$ +SELECT * FROM find_org_disambiguated_descendents(source_id, source_type, 1) +ORDER BY level, source_parent_id, name; +$$; + + +ALTER FUNCTION public.find_org_disambiguated_descendents(source_id character varying, source_type character varying) OWNER TO orcid; + +-- +-- Name: find_org_disambiguated_descendents(character varying, character varying, integer); Type: FUNCTION; Schema: public; Owner: orcid +-- + +CREATE FUNCTION public.find_org_disambiguated_descendents(required_source_id character varying, required_source_type character varying, current_level integer) RETURNS SETOF public.org_disambiguated_descendent + LANGUAGE plpgsql IMMUTABLE STRICT + AS $$ +DECLARE + current_result org_disambiguated_descendent; +BEGIN +FOR current_result IN SELECT p1.id, p1.source_id, p1.source_parent_id, p1.org_type, p1.name, p1.city, p1.region, p1.country, current_level AS level FROM org_disambiguated p1 WHERE p1.source_parent_id = required_source_id AND p1.source_type = required_source_type LOOP + RETURN NEXT current_result; + RETURN QUERY SELECT * FROM find_org_disambiguated_descendents(current_result.source_id, required_source_type, current_level + 1); +END LOOP; +END +$$; + + +ALTER FUNCTION public.find_org_disambiguated_descendents(required_source_id character varying, required_source_type character varying, current_level integer) OWNER TO orcid; + +-- +-- Name: insert_notification_scope(); Type: FUNCTION; Schema: public; Owner: orcid +-- + +CREATE FUNCTION public.insert_notification_scope() RETURNS void + LANGUAGE plpgsql + AS $_$ +DECLARE + client_id VARCHAR; +BEGIN + RAISE NOTICE 'Inserting notification scopes...'; + + FOR client_id IN SELECT * FROM client_details cd LEFT JOIN client_scope cs ON cs.client_details_id = cd.client_details_id AND cs.scope_type = '/notification' WHERE cd.client_type IS NOT NULL AND cs.client_details_id IS NULL + LOOP + RAISE NOTICE 'Found member % without notification scope', client_id; + EXECUTE 'INSERT INTO client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ($1, ''/notification'', now(), now())' USING client_id; + END LOOP; + + RAISE NOTICE 'Finished inserting notification scopes'; + RETURN; +END; +$_$; + + +ALTER FUNCTION public.insert_notification_scope() OWNER TO orcid; + +-- +-- Name: insert_scope_for_premium_members(character varying); Type: FUNCTION; Schema: public; Owner: orcid +-- + +CREATE FUNCTION public.insert_scope_for_premium_members(scope_to_add character varying) RETURNS void + LANGUAGE plpgsql + AS $_$ +DECLARE + client_id VARCHAR; +BEGIN + RAISE NOTICE 'Inserting scope...'; + + FOR client_id IN SELECT * FROM client_details cd LEFT JOIN client_scope cs ON cs.client_details_id = cd.client_details_id AND cs.scope_type = scope_to_add WHERE cd.client_type IN ('PREMIUM_CREATOR', 'PREMIUM_UPDATER') AND cs.client_details_id IS NULL + LOOP + RAISE NOTICE 'Found member % without % scope', client_id, scope_to_add; + EXECUTE 'INSERT INTO client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ($1, $2, now(), now())' USING client_id, scope_to_add; + END LOOP; + + RAISE NOTICE 'Finished inserting scope'; + RETURN; +END; +$_$; + + +ALTER FUNCTION public.insert_scope_for_premium_members(scope_to_add character varying) OWNER TO orcid; + +-- +-- Name: populate_send_administrative_change_notifications(); Type: FUNCTION; Schema: public; Owner: orcid +-- + +CREATE FUNCTION public.populate_send_administrative_change_notifications() RETURNS void + LANGUAGE plpgsql + AS $_$ +DECLARE + orcid_to_update VARCHAR; + orcid_cursor CURSOR FOR SELECT orcid FROM profile WHERE send_administrative_change_notifications IS NULL AND send_change_notifications IS NOT NULL; +BEGIN + RAISE NOTICE 'Populating send administrative change notifications option...'; + FOR orcid_record IN orcid_cursor + LOOP + orcid_to_update := orcid_record.orcid; + RAISE NOTICE 'Updating % ', orcid_to_update; + EXECUTE 'UPDATE profile set send_administrative_change_notifications = send_change_notifications WHERE orcid = $1' USING orcid_to_update; + END LOOP; + + RAISE NOTICE 'Finished populating send administrative change notifications option.'; + RETURN; +END; +$_$; + + +ALTER FUNCTION public.populate_send_administrative_change_notifications() OWNER TO orcid; + +-- +-- Name: set_sequence_starts(); Type: FUNCTION; Schema: public; Owner: orcid +-- + +CREATE FUNCTION public.set_sequence_starts() RETURNS void + LANGUAGE plpgsql + AS $_$ +DECLARE + seq VARCHAR; + next_val BIGINT; + min_val BIGINT := 1000; +BEGIN + RAISE NOTICE 'Setting values of sequences to minimum value...'; + + FOR seq IN SELECT c.relname FROM pg_class c WHERE c.relkind = 'S' LOOP + next_val := nextval(seq); + RAISE NOTICE 'Found sequence % with next value = %', seq, next_val; + IF next_val < min_val THEN + RAISE NOTICE 'Increasing value of sequence % to %', seq, min_val; + EXECUTE 'SELECT setval($1, $2)' USING seq, min_val; + END IF; + END LOOP; + + RAISE NOTICE 'Finished setting values of sequences to minimum value'; + RETURN; +END; +$_$; + + +ALTER FUNCTION public.set_sequence_starts() OWNER TO orcid; + +-- +-- Name: unix_timestamp(timestamp with time zone); Type: FUNCTION; Schema: public; Owner: orcid +-- + +CREATE FUNCTION public.unix_timestamp(timestamp with time zone) RETURNS double precision + LANGUAGE sql IMMUTABLE STRICT + AS $_$ SELECT EXTRACT(epoch FROM $1) $_$; + + +ALTER FUNCTION public.unix_timestamp(timestamp with time zone) OWNER TO orcid; + +-- +-- Name: access_token_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.access_token_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.access_token_seq OWNER TO orcid; + +SET default_tablespace = ''; + +SET default_table_access_method = heap; + +-- +-- Name: address; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.address ( + id bigint NOT NULL, + date_created timestamp without time zone, + last_modified timestamp without time zone, + address_line_1 character varying(350), + address_line_2 character varying(350), + city character varying(150), + postal_code character varying(15), + state_or_province character varying(150), + orcid character varying(19), + is_primary boolean DEFAULT false NOT NULL, + iso2_country character varying(2), + visibility character varying(19), + source_id character varying(19), + client_source_id character varying(20), + display_index bigint DEFAULT 0, + assertion_origin_source_id character varying(19), + assertion_origin_client_source_id character varying(20) +); + + +ALTER TABLE public.address OWNER TO orcid; + +-- +-- Name: address_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.address_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.address_seq OWNER TO orcid; + +-- +-- Name: affiliation; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.affiliation ( + institution_id bigint NOT NULL, + orcid character varying(255) NOT NULL, + date_created timestamp without time zone, + last_modified timestamp without time zone, + role_title character varying(255), + start_date timestamp without time zone, + affiliation_details_visibility character varying(20), + end_date date, + affiliation_type character varying(100), + department_name character varying(400), + affiliation_address_visibility character varying(20) +); + + +ALTER TABLE public.affiliation OWNER TO orcid; + +-- +-- Name: org; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.org ( + id bigint NOT NULL, + name character varying(4000) NOT NULL, + city character varying(4000) NOT NULL, + region character varying(4000) NOT NULL, + country character varying(2) NOT NULL, + url character varying(2000), + source_id character varying(255), + date_created timestamp with time zone, + last_modified timestamp with time zone, + org_disambiguated_id bigint, + client_source_id character varying(20) +); + + +ALTER TABLE public.org OWNER TO orcid; + +-- +-- Name: org_affiliation_relation; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.org_affiliation_relation ( + id bigint NOT NULL, + org_id bigint NOT NULL, + orcid character varying(255) NOT NULL, + org_affiliation_relation_role text, + org_affiliation_relation_title text, + department text, + start_day integer, + start_month integer, + start_year integer, + end_day integer, + end_month integer, + end_year integer, + visibility character varying(20), + source_id character varying(255), + date_created timestamp with time zone, + last_modified timestamp with time zone, + client_source_id character varying(20), + url text, + external_ids_json json, + display_index bigint DEFAULT 0, + assertion_origin_source_id character varying(19), + assertion_origin_client_source_id character varying(20) +); + + +ALTER TABLE public.org_affiliation_relation OWNER TO orcid; + +-- +-- Name: ambiguous_org; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.ambiguous_org AS + SELECT o.id, + o.name, + o.city, + o.region, + o.country, + o.url, + o.source_id, + o.date_created, + o.last_modified, + count(*) AS used_count + FROM (public.org o + LEFT JOIN public.org_affiliation_relation oar ON ((oar.org_id = o.id))) + WHERE (o.org_disambiguated_id IS NULL) + GROUP BY o.id, o.name, o.city, o.region, o.country, o.url, o.source_id, o.date_created, o.last_modified; + + +ALTER TABLE public.ambiguous_org OWNER TO orcid; + +-- +-- Name: author_other_name_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.author_other_name_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.author_other_name_seq OWNER TO orcid; + +-- +-- Name: backup_code; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.backup_code ( + id bigint NOT NULL, + date_created timestamp with time zone, + last_modified timestamp with time zone, + orcid character varying(19) NOT NULL, + used_date timestamp with time zone, + hashed_code character varying(255) +); + + +ALTER TABLE public.backup_code OWNER TO orcid; + +-- +-- Name: backup_code_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.backup_code_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.backup_code_seq OWNER TO orcid; + +-- +-- Name: biography; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.biography ( + id bigint NOT NULL, + orcid character varying(255) NOT NULL, + biography text, + visibility character varying(20), + date_created timestamp with time zone, + last_modified timestamp with time zone +); + + +ALTER TABLE public.biography OWNER TO orcid; + +-- +-- Name: biography_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.biography_seq + START WITH 1000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.biography_seq OWNER TO orcid; + +-- +-- Name: client_authorised_grant_type; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.client_authorised_grant_type ( + client_details_id character varying(150) NOT NULL, + grant_type character varying(150) NOT NULL, + date_created timestamp without time zone, + last_modified timestamp without time zone +); + + +ALTER TABLE public.client_authorised_grant_type OWNER TO orcid; + +-- +-- Name: client_details; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.client_details ( + client_details_id character varying(150) NOT NULL, + client_secret character varying(150), + date_created timestamp without time zone, + last_modified timestamp without time zone, + client_name text, + webhooks_enabled boolean DEFAULT true NOT NULL, + client_description text, + client_website text, + persistent_tokens_enabled boolean DEFAULT false, + group_orcid character varying(19), + client_type character varying(25), + authentication_provider_id character varying(1000), + allow_auto_deprecate boolean DEFAULT false, + email_access_reason text, + user_obo_enabled boolean DEFAULT false, + deactivated_date timestamp with time zone, + deactivated_by character varying(19) +); + + +ALTER TABLE public.client_details OWNER TO orcid; + +-- +-- Name: client_granted_authority; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.client_granted_authority ( + client_details_id character varying(150) NOT NULL, + granted_authority character varying(150) NOT NULL, + date_created timestamp without time zone, + last_modified timestamp without time zone +); + + +ALTER TABLE public.client_granted_authority OWNER TO orcid; + +-- +-- Name: client_redirect_uri; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.client_redirect_uri ( + client_details_id character varying(150) NOT NULL, + redirect_uri text NOT NULL, + date_created timestamp without time zone, + last_modified timestamp without time zone, + predefined_client_redirect_scope text, + redirect_uri_type text DEFAULT 'default'::character varying NOT NULL, + uri_act_type json DEFAULT '{"import-works-wizard" : ["Articles"]}'::json, + uri_geo_area json DEFAULT '{"import-works-wizard" : ["Global"]}'::json, + status character varying(200) DEFAULT 'OK'::character varying +); + + +ALTER TABLE public.client_redirect_uri OWNER TO orcid; + +-- +-- Name: client_resource_id; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.client_resource_id ( + client_details_id character varying(150) NOT NULL, + resource_id character varying(175) NOT NULL, + date_created timestamp without time zone, + last_modified timestamp without time zone +); + + +ALTER TABLE public.client_resource_id OWNER TO orcid; + +-- +-- Name: client_scope; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.client_scope ( + client_details_id character varying(150) NOT NULL, + scope_type character varying(150) NOT NULL, + date_created timestamp without time zone, + last_modified timestamp without time zone +); + + +ALTER TABLE public.client_scope OWNER TO orcid; + +-- +-- Name: client_secret; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.client_secret ( + client_details_id character varying(255) NOT NULL, + client_secret character varying(150) NOT NULL, + date_created timestamp with time zone NOT NULL, + last_modified timestamp with time zone NOT NULL, + is_primary boolean DEFAULT true +); + + +ALTER TABLE public.client_secret OWNER TO orcid; + +-- +-- Name: country_reference_data; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.country_reference_data ( + country_iso_code character varying(2) NOT NULL, + country_name character varying(255), + date_created timestamp with time zone, + last_modified timestamp with time zone +); + + +ALTER TABLE public.country_reference_data OWNER TO orcid; + +-- +-- Name: custom_email; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.custom_email ( + client_details_id character varying(255) NOT NULL, + email_type character varying(255) NOT NULL, + content text NOT NULL, + sender text, + subject text, + is_html boolean DEFAULT true, + date_created timestamp with time zone, + last_modified timestamp with time zone +); + + +ALTER TABLE public.custom_email OWNER TO orcid; + +-- +-- Name: databasechangelog; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.databasechangelog ( + id character varying(63) NOT NULL, + author character varying(63) NOT NULL, + filename character varying(200) NOT NULL, + dateexecuted timestamp with time zone NOT NULL, + orderexecuted integer NOT NULL, + exectype character varying(10) NOT NULL, + md5sum character varying(35), + description character varying(255), + comments character varying(255), + tag character varying(255), + liquibase character varying(20), + contexts character varying(255), + labels character varying(255), + deployment_id character varying(10) +); + + +ALTER TABLE public.databasechangelog OWNER TO orcid; + +-- +-- Name: databasechangeloglock; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.databasechangeloglock ( + id integer NOT NULL, + locked boolean NOT NULL, + lockgranted timestamp with time zone, + lockedby character varying(255) +); + + +ALTER TABLE public.databasechangeloglock OWNER TO orcid; + +-- +-- Name: dw_active_users; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.dw_active_users ( + date_calculated timestamp without time zone NOT NULL, + last_day integer NOT NULL, + last_thirty_days integer NOT NULL, + last_quarter integer NOT NULL, + last_year integer NOT NULL +); + + +ALTER TABLE public.dw_active_users OWNER TO orcid; + +-- +-- Name: dw_address; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_address AS + SELECT address.id AS db_id, + address.orcid, + address.iso2_country, + address.visibility, + CASE + WHEN ((address.orcid)::text = (address.source_id)::text) THEN true + ELSE false + END AS self_asserted, + address.client_source_id, + address.date_created, + address.last_modified + FROM public.address + WHERE (address.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_address OWNER TO orcid; + +-- +-- Name: dw_biography; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_biography AS + SELECT biography.id AS db_id, + biography.orcid, + biography.biography, + biography.visibility, + (biography.date_created)::timestamp without time zone AS date_created, + (biography.last_modified)::timestamp without time zone AS last_modified + FROM public.biography + WHERE (biography.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_biography OWNER TO orcid; + +-- +-- Name: dw_client_details; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_client_details AS + SELECT client_details.client_details_id, + client_details.client_name, + client_details.client_description, + client_details.client_website, + client_details.group_orcid, + client_details.client_type, + client_details.user_obo_enabled, + client_details.date_created, + client_details.last_modified + FROM public.client_details + WHERE (client_details.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_client_details OWNER TO orcid; + +-- +-- Name: dw_client_redirect_uri; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_client_redirect_uri AS + SELECT client_redirect_uri.client_details_id, + client_redirect_uri.redirect_uri, + client_redirect_uri.date_created, + client_redirect_uri.last_modified + FROM public.client_redirect_uri + WHERE (client_redirect_uri.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_client_redirect_uri OWNER TO orcid; + +-- +-- Name: email; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.email ( + date_created timestamp with time zone, + last_modified timestamp with time zone, + email text, + orcid character varying(255) NOT NULL, + visibility character varying(20) DEFAULT 'PRIVATE'::character varying NOT NULL, + is_primary boolean DEFAULT true NOT NULL, + is_current boolean DEFAULT true NOT NULL, + is_verified boolean DEFAULT false NOT NULL, + source_id character varying(255), + client_source_id character varying(20), + email_hash character varying(256) NOT NULL, + assertion_origin_source_id character varying(19), + assertion_origin_client_source_id character varying(20) +); + + +ALTER TABLE public.email OWNER TO orcid; + +-- +-- Name: dw_email; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_email AS + SELECT "substring"(email.email, '@(.*)$'::text) AS email, + email.orcid, + email.is_primary, + email.is_verified, + email.visibility, + (email.date_created)::timestamp without time zone AS date_created, + (email.last_modified)::timestamp without time zone AS last_modified + FROM public.email + WHERE (email.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_email OWNER TO orcid; + +-- +-- Name: event_stats; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.event_stats ( + id bigint NOT NULL, + event_type character varying(20), + client_id character varying(255), + count bigint, + date timestamp without time zone, + date_created timestamp with time zone, + last_modified timestamp with time zone, + ip character varying(60) +); + + +ALTER TABLE public.event_stats OWNER TO orcid; + +-- +-- Name: dw_event_stats; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_event_stats AS + SELECT event_stats.event_type, + event_stats.client_id, + event_stats.count, + date_trunc('day'::text, event_stats.date) AS date_trunc, + date_trunc('day'::text, event_stats.date) AS last_modified + FROM public.event_stats + WHERE ((event_stats.event_type)::text <> 'Public-API'::text) + ORDER BY (date_trunc('day'::text, event_stats.date_created)) DESC; + + +ALTER TABLE public.dw_event_stats OWNER TO orcid; + +-- +-- Name: external_identifier; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.external_identifier ( + date_created timestamp without time zone, + last_modified timestamp without time zone, + orcid character varying(19) NOT NULL, + external_id_reference text NOT NULL, + external_id_type text, + external_id_url text, + source_id character varying(19), + client_source_id character varying(20), + id bigint NOT NULL, + visibility character varying(19), + display_index bigint DEFAULT 0, + assertion_origin_source_id character varying(19), + assertion_origin_client_source_id character varying(20) +); + + +ALTER TABLE public.external_identifier OWNER TO orcid; + +-- +-- Name: dw_external_identifier; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_external_identifier AS + SELECT external_identifier.id AS db_id, + external_identifier.orcid, + external_identifier.external_id_reference, + external_identifier.external_id_type, + external_identifier.external_id_url, + external_identifier.visibility, + CASE + WHEN ((external_identifier.orcid)::text = (external_identifier.source_id)::text) THEN true + ELSE false + END AS self_asserted, + external_identifier.client_source_id, + external_identifier.date_created, + external_identifier.last_modified + FROM public.external_identifier + WHERE (external_identifier.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_external_identifier OWNER TO orcid; + +-- +-- Name: given_permission_to; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.given_permission_to ( + receiver_orcid character varying(19) NOT NULL, + giver_orcid character varying(19) NOT NULL, + date_created timestamp with time zone, + last_modified timestamp with time zone, + approval_date timestamp with time zone, + given_permission_to_id bigint NOT NULL +); + + +ALTER TABLE public.given_permission_to OWNER TO orcid; + +-- +-- Name: dw_given_permission_to; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_given_permission_to AS + SELECT given_permission_to.given_permission_to_id, + given_permission_to.receiver_orcid, + given_permission_to.giver_orcid, + (given_permission_to.approval_date)::timestamp without time zone AS approval_date, + (given_permission_to.date_created)::timestamp without time zone AS date_created, + (given_permission_to.last_modified)::timestamp without time zone AS last_modified + FROM public.given_permission_to + WHERE (given_permission_to.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_given_permission_to OWNER TO orcid; + +-- +-- Name: group_id_record; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.group_id_record ( + id bigint NOT NULL, + group_id text NOT NULL, + group_name text NOT NULL, + group_description text, + group_type text NOT NULL, + source_id character varying(255), + client_source_id character varying(20), + date_created timestamp with time zone, + last_modified timestamp with time zone, + assertion_origin_source_id character varying(19), + assertion_origin_client_source_id character varying(20), + issn_loader_fail_count integer DEFAULT 0, + fail_reason character varying(50), + sync_date timestamp without time zone +); + + +ALTER TABLE public.group_id_record OWNER TO orcid; + +-- +-- Name: dw_group_id_record; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_group_id_record AS + SELECT group_id_record.id AS db_id, + group_id_record.group_id, + group_id_record.group_name, + group_id_record.group_type, + group_id_record.client_source_id, + (group_id_record.date_created)::timestamp without time zone AS date_created, + (group_id_record.last_modified)::timestamp without time zone AS last_modified + FROM public.group_id_record + WHERE (group_id_record.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_group_id_record OWNER TO orcid; + +-- +-- Name: identifier_type; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.identifier_type ( + id bigint NOT NULL, + id_name text NOT NULL, + id_validation_regex text, + id_resolution_prefix text, + id_deprecated boolean DEFAULT false NOT NULL, + client_source_id character varying(20), + date_created timestamp with time zone, + last_modified timestamp with time zone, + primary_use text DEFAULT 'work'::character varying NOT NULL, + case_sensitive boolean DEFAULT false NOT NULL +); + + +ALTER TABLE public.identifier_type OWNER TO orcid; + +-- +-- Name: dw_identifier_type; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_identifier_type AS + SELECT identifier_type.id AS db_id, + identifier_type.id_name, + identifier_type.id_validation_regex, + identifier_type.id_resolution_prefix, + identifier_type.id_deprecated, + identifier_type.primary_use, + identifier_type.case_sensitive, + (identifier_type.date_created)::timestamp without time zone AS date_created, + (identifier_type.last_modified)::timestamp without time zone AS last_modified + FROM public.identifier_type + WHERE (identifier_type.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_identifier_type OWNER TO orcid; + +-- +-- Name: identity_provider; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.identity_provider ( + id bigint NOT NULL, + date_created timestamp with time zone, + last_modified timestamp with time zone, + providerid text NOT NULL, + display_name text, + support_email text, + admin_email text, + tech_email text, + last_failed timestamp with time zone, + failed_count integer DEFAULT 0 NOT NULL +); + + +ALTER TABLE public.identity_provider OWNER TO orcid; + +-- +-- Name: dw_identity_provider; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_identity_provider AS + SELECT identity_provider.id AS db_id, + identity_provider.providerid, + identity_provider.display_name, + (identity_provider.last_failed)::timestamp without time zone AS last_failed, + identity_provider.failed_count, + (identity_provider.date_created)::timestamp without time zone AS date_created, + (identity_provider.last_modified)::timestamp without time zone AS last_modified + FROM public.identity_provider + WHERE (identity_provider.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_identity_provider OWNER TO orcid; + +-- +-- Name: notification; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.notification ( + id bigint NOT NULL, + date_created timestamp with time zone, + last_modified timestamp with time zone, + orcid character varying(19) NOT NULL, + notification_type text NOT NULL, + subject text, + body_text text, + body_html text, + sent_date timestamp with time zone, + read_date timestamp with time zone, + archived_date timestamp with time zone, + sendable boolean DEFAULT true NOT NULL, + source_id character varying(19), + client_source_id character varying(20), + authorization_url text, + lang text, + amended_section text, + actioned_date timestamp with time zone, + notification_subject text, + notification_intro text, + authentication_provider_id text, + retry_count integer, + notification_family character varying(50), + assertion_origin_source_id character varying(19), + assertion_origin_client_source_id character varying(20) +); + + +ALTER TABLE public.notification OWNER TO orcid; + +-- +-- Name: dw_notification; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_notification AS + SELECT notification.id AS db_id, + notification.notification_type, + notification.orcid, + notification.client_source_id, + notification.date_created, + notification.sent_date, + notification.read_date, + notification.actioned_date, + notification.archived_date, + notification.last_modified + FROM public.notification + WHERE ((notification.notification_type = 'PERMISSION'::text) AND (notification.client_source_id IS NOT NULL) AND (notification.last_modified > date_trunc('day'::text, (now() - '1 year'::interval)))); + + +ALTER TABLE public.dw_notification OWNER TO orcid; + +-- +-- Name: oauth2_token_detail; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.oauth2_token_detail ( + token_value character varying(155), + token_type character varying(50), + token_expiration timestamp without time zone, + user_orcid character varying(19), + client_details_id character varying(20), + is_approved boolean, + redirect_uri character varying(350), + response_type character varying(100), + state character varying(40), + scope_type character varying(500), + resource_id character varying(50), + date_created timestamp without time zone, + last_modified timestamp without time zone, + authentication_key character varying(150), + id bigint DEFAULT nextval('public.access_token_seq'::regclass) NOT NULL, + refresh_token_expiration timestamp without time zone, + refresh_token_value character varying(150), + token_disabled boolean DEFAULT false, + persistent boolean DEFAULT false, + version bigint DEFAULT (0)::bigint, + authorization_code character varying(255), + revocation_date timestamp with time zone, + revoke_reason character varying(30), + obo_client_details_id character varying(20) +); + + +ALTER TABLE public.oauth2_token_detail OWNER TO orcid; + +-- +-- Name: dw_oauth2_token_detail; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_oauth2_token_detail AS + SELECT oauth2_token_detail.id AS db_id, + oauth2_token_detail.token_type, + oauth2_token_detail.user_orcid, + oauth2_token_detail.client_details_id, + "substring"((oauth2_token_detail.redirect_uri)::text, '.*://([^/]*)'::text) AS redirect_uri, + oauth2_token_detail.scope_type, + oauth2_token_detail.obo_client_details_id, + oauth2_token_detail.token_expiration, + oauth2_token_detail.revocation_date, + oauth2_token_detail.date_created, + oauth2_token_detail.last_modified + FROM public.oauth2_token_detail + WHERE (oauth2_token_detail.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_oauth2_token_detail OWNER TO orcid; + +-- +-- Name: dw_org; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_org AS + SELECT org.id AS db_id, + org.name, + org.city, + org.region, + org.country, + org.url, + org.org_disambiguated_id, + (org.date_created)::timestamp without time zone AS date_created, + (org.last_modified)::timestamp without time zone AS last_modified + FROM public.org + WHERE (org.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_org OWNER TO orcid; + +-- +-- Name: dw_org_affiliation_relation; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_org_affiliation_relation AS + SELECT org_affiliation_relation.id AS db_id, + org_affiliation_relation.org_id, + org_affiliation_relation.orcid, + org_affiliation_relation.assertion_origin_client_source_id, + org_affiliation_relation.org_affiliation_relation_role, + org_affiliation_relation.org_affiliation_relation_title, + org_affiliation_relation.department, + org_affiliation_relation.start_day, + org_affiliation_relation.start_month, + org_affiliation_relation.start_year, + org_affiliation_relation.end_day, + org_affiliation_relation.end_month, + org_affiliation_relation.end_year, + org_affiliation_relation.visibility, + CASE + WHEN ((org_affiliation_relation.orcid)::text = (org_affiliation_relation.source_id)::text) THEN true + ELSE false + END AS self_asserted, + org_affiliation_relation.client_source_id, + org_affiliation_relation.url, + org_affiliation_relation.external_ids_json, + (org_affiliation_relation.date_created)::timestamp without time zone AS date_created, + (org_affiliation_relation.last_modified)::timestamp without time zone AS last_modified + FROM public.org_affiliation_relation + WHERE (org_affiliation_relation.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_org_affiliation_relation OWNER TO orcid; + +-- +-- Name: org_disambiguated; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.org_disambiguated ( + id bigint NOT NULL, + source_id character varying(255), + source_url character varying(2000), + source_type character varying(255), + org_type character varying(4000), + name character varying(4000), + city character varying(4000), + region character varying(4000), + country character varying(2), + url character varying(2000), + status character varying(255), + date_created timestamp with time zone, + last_modified timestamp with time zone, + indexing_status character varying(20) DEFAULT 'PENDING'::character varying NOT NULL, + last_indexed_date timestamp with time zone, + popularity integer DEFAULT 0 NOT NULL, + source_parent_id character varying(255), + locations_json json, + names_json json +); + + +ALTER TABLE public.org_disambiguated OWNER TO orcid; + +-- +-- Name: dw_org_disambiguated; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_org_disambiguated AS + SELECT org_disambiguated.id AS db_id, + org_disambiguated.source_id, + org_disambiguated.source_url, + org_disambiguated.source_type, + org_disambiguated.org_type, + org_disambiguated.name, + org_disambiguated.city, + org_disambiguated.region, + org_disambiguated.country, + org_disambiguated.url, + org_disambiguated.status, + (org_disambiguated.date_created)::timestamp without time zone AS date_created, + (org_disambiguated.last_modified)::timestamp without time zone AS last_modified, + org_disambiguated.popularity + FROM public.org_disambiguated + WHERE (org_disambiguated.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_org_disambiguated OWNER TO orcid; + +-- +-- Name: org_disambiguated_external_identifier; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.org_disambiguated_external_identifier ( + id bigint NOT NULL, + org_disambiguated_id bigint, + identifier character varying(4000), + identifier_type character varying(4000), + date_created timestamp with time zone, + last_modified timestamp with time zone, + preferred boolean DEFAULT false +); + + +ALTER TABLE public.org_disambiguated_external_identifier OWNER TO orcid; + +-- +-- Name: dw_org_disambiguated_external_identifier; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_org_disambiguated_external_identifier AS + SELECT org_disambiguated_external_identifier.id AS db_id, + org_disambiguated_external_identifier.org_disambiguated_id, + org_disambiguated_external_identifier.identifier, + org_disambiguated_external_identifier.identifier_type, + org_disambiguated_external_identifier.preferred, + (org_disambiguated_external_identifier.date_created)::timestamp without time zone AS date_created, + (org_disambiguated_external_identifier.last_modified)::timestamp without time zone AS last_modified + FROM public.org_disambiguated_external_identifier + WHERE (org_disambiguated_external_identifier.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_org_disambiguated_external_identifier OWNER TO orcid; + +-- +-- Name: other_name; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.other_name ( + other_name_id bigint NOT NULL, + date_created timestamp without time zone, + last_modified timestamp without time zone, + display_name text, + orcid character varying(19) NOT NULL, + visibility character varying(19), + source_id character varying(19), + client_source_id character varying(20), + display_index bigint DEFAULT 0, + assertion_origin_source_id character varying(19), + assertion_origin_client_source_id character varying(20) +); + + +ALTER TABLE public.other_name OWNER TO orcid; + +-- +-- Name: dw_other_name; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_other_name AS + SELECT other_name.other_name_id, + other_name.orcid, + other_name.display_name, + other_name.visibility, + CASE + WHEN ((other_name.orcid)::text = (other_name.source_id)::text) THEN true + ELSE false + END AS self_asserted, + other_name.client_source_id, + other_name.date_created, + other_name.last_modified + FROM public.other_name + WHERE (other_name.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_other_name OWNER TO orcid; + +-- +-- Name: dw_papi_event_stats; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_papi_event_stats AS + SELECT event_stats.event_type, + event_stats.client_id, + event_stats.count, + date_trunc('day'::text, event_stats.date) AS date_trunc, + date_trunc('day'::text, event_stats.date) AS last_modified + FROM public.event_stats + WHERE ((event_stats.event_type)::text = 'Public-API'::text) + ORDER BY (date_trunc('day'::text, event_stats.date_created)) DESC; + + +ALTER TABLE public.dw_papi_event_stats OWNER TO orcid; + +-- +-- Name: peer_review; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.peer_review ( + id bigint NOT NULL, + orcid character varying(255) NOT NULL, + peer_review_subject_id bigint, + external_identifiers_json json NOT NULL, + org_id bigint NOT NULL, + peer_review_role text NOT NULL, + peer_review_type text NOT NULL, + completion_day integer, + completion_month integer, + completion_year integer, + source_id character varying(255), + url text, + visibility character varying(20), + client_source_id character varying(20), + date_created timestamp with time zone, + last_modified timestamp with time zone, + display_index bigint DEFAULT 0, + subject_external_identifiers_json text, + subject_type text, + subject_container_name text, + subject_name text, + subject_translated_name text, + subject_translated_name_language_code text, + subject_url text, + group_id text, + assertion_origin_source_id character varying(19), + assertion_origin_client_source_id character varying(20) +); + + +ALTER TABLE public.peer_review OWNER TO orcid; + +-- +-- Name: dw_peer_review; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_peer_review AS + SELECT peer_review.id AS db_id, + peer_review.orcid, + peer_review.peer_review_subject_id, + peer_review.external_identifiers_json, + peer_review.org_id, + peer_review.peer_review_role, + peer_review.peer_review_type, + peer_review.completion_day, + peer_review.completion_month, + peer_review.completion_year, + peer_review.url, + peer_review.visibility, + peer_review.subject_external_identifiers_json, + peer_review.subject_type, + peer_review.subject_container_name, + peer_review.subject_name, + peer_review.subject_url, + peer_review.group_id, + peer_review.client_source_id, + (peer_review.date_created)::timestamp without time zone AS date_created, + (peer_review.last_modified)::timestamp without time zone AS last_modified + FROM public.peer_review + WHERE (peer_review.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_peer_review OWNER TO orcid; + +-- +-- Name: profile; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.profile ( + orcid character varying(19) NOT NULL, + date_created timestamp without time zone, + last_modified timestamp without time zone, + account_expiry timestamp without time zone, + completed_date timestamp without time zone, + claimed boolean DEFAULT false, + creation_method character varying(20), + enabled boolean DEFAULT true, + encrypted_password character varying(255), + is_selectable_sponsor boolean, + source_id character varying(19), + orcid_type character varying(20), + submission_date timestamp with time zone DEFAULT now() NOT NULL, + indexing_status character varying(20) DEFAULT 'PENDING'::character varying NOT NULL, + profile_deactivation_date timestamp without time zone, + activities_visibility_default character varying(20) DEFAULT 'PRIVATE'::character varying NOT NULL, + last_indexed_date timestamp with time zone, + locale character varying(12) DEFAULT 'EN'::character varying NOT NULL, + primary_record character varying(19), + deprecated_date timestamp with time zone, + group_type character varying(25), + referred_by character varying(20), + enable_developer_tools boolean DEFAULT false, + salesforce_id character varying(15), + client_source_id character varying(20), + developer_tools_enabled_date timestamp with time zone, + record_locked boolean DEFAULT false NOT NULL, + used_captcha_on_registration boolean, + user_last_ip character varying(50), + reviewed boolean DEFAULT false NOT NULL, + reason_locked text, + reason_locked_description text, + hashed_orcid character varying(256), + last_login timestamp without time zone, + secret_for_2fa character varying(255), + using_2fa boolean DEFAULT false, + deprecating_admin character varying(19), + deprecated_method character varying(20), + record_locked_date timestamp without time zone, + record_locked_admin_id character varying(19), + signin_lock_start timestamp without time zone, + signin_lock_last_attempt timestamp without time zone, + signin_lock_count integer, + auto_lock_date timestamp without time zone +); + + +ALTER TABLE public.profile OWNER TO orcid; + +-- +-- Name: dw_profile; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_profile AS + SELECT profile.orcid, + profile.orcid_type, + profile.record_locked, + profile.group_type, + profile.salesforce_id, + profile.date_created, + profile.last_modified, + profile.profile_deactivation_date, + profile.enable_developer_tools, + profile.last_login, + profile.using_2fa, + profile.reason_locked, + profile.auto_lock_date, + profile.locale, + profile.reviewed, + profile.creation_method + FROM public.profile + WHERE (profile.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_profile OWNER TO orcid; + +-- +-- Name: profile_email_domain; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.profile_email_domain ( + id bigint NOT NULL, + orcid character varying(19) NOT NULL, + email_domain character varying(254) NOT NULL, + visibility character varying(20), + date_created timestamp with time zone, + last_modified timestamp with time zone +); + + +ALTER TABLE public.profile_email_domain OWNER TO orcid; + +-- +-- Name: dw_profile_email_domain; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_profile_email_domain AS + SELECT profile_email_domain.id AS db_id, + profile_email_domain.orcid, + profile_email_domain.email_domain, + profile_email_domain.visibility, + profile_email_domain.date_created, + profile_email_domain.last_modified + FROM public.profile_email_domain + WHERE (profile_email_domain.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_profile_email_domain OWNER TO orcid; + +-- +-- Name: profile_funding; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.profile_funding ( + id bigint NOT NULL, + org_id bigint NOT NULL, + orcid character varying(255) NOT NULL, + title text NOT NULL, + type text NOT NULL, + currency_code character varying(3), + translated_title text, + translated_title_language_code text, + description text, + start_day integer, + start_month integer, + start_year integer, + end_day integer, + end_month integer, + end_year integer, + url text, + contributors_json json, + visibility character varying(20), + source_id character varying(255), + date_created timestamp with time zone, + last_modified timestamp with time zone, + organization_defined_type text DEFAULT 'default'::character varying, + numeric_amount numeric, + display_index bigint DEFAULT (0)::bigint, + client_source_id character varying(20), + external_identifiers_json json, + assertion_origin_source_id character varying(19), + assertion_origin_client_source_id character varying(20) +); + + +ALTER TABLE public.profile_funding OWNER TO orcid; + +-- +-- Name: dw_profile_funding; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_profile_funding AS + SELECT profile_funding.id AS db_id, + profile_funding.orcid, + profile_funding.org_id, + profile_funding.title, + profile_funding.type, + profile_funding.currency_code, + profile_funding.numeric_amount, + profile_funding.description, + profile_funding.start_day, + profile_funding.start_month, + profile_funding.start_year, + profile_funding.end_day, + profile_funding.end_month, + profile_funding.end_year, + profile_funding.url, + profile_funding.contributors_json, + profile_funding.organization_defined_type, + profile_funding.external_identifiers_json, + profile_funding.visibility, + CASE + WHEN ((profile_funding.orcid)::text = (profile_funding.source_id)::text) THEN true + ELSE false + END AS self_asserted, + profile_funding.client_source_id, + (profile_funding.date_created)::timestamp without time zone AS date_created, + (profile_funding.last_modified)::timestamp without time zone AS last_modified + FROM public.profile_funding + WHERE (profile_funding.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_profile_funding OWNER TO orcid; + +-- +-- Name: profile_history_event; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.profile_history_event ( + id bigint NOT NULL, + date_created timestamp with time zone, + last_modified timestamp with time zone, + orcid character varying(19) NOT NULL, + event_type character varying(50), + comment text +); + + +ALTER TABLE public.profile_history_event OWNER TO orcid; + +-- +-- Name: dw_profile_history_event; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_profile_history_event AS + SELECT profile_history_event.id AS db_id, + profile_history_event.orcid, + profile_history_event.event_type, + (profile_history_event.date_created)::timestamp without time zone AS date_created, + (profile_history_event.last_modified)::timestamp without time zone AS last_modified + FROM public.profile_history_event + WHERE (profile_history_event.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_profile_history_event OWNER TO orcid; + +-- +-- Name: profile_keyword; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.profile_keyword ( + profile_orcid character varying(19) NOT NULL, + keywords_name text NOT NULL, + date_created timestamp without time zone, + last_modified timestamp without time zone, + id bigint NOT NULL, + visibility character varying(19), + source_id character varying(19), + client_source_id character varying(20), + display_index bigint DEFAULT 0, + assertion_origin_source_id character varying(19), + assertion_origin_client_source_id character varying(20) +); + + +ALTER TABLE public.profile_keyword OWNER TO orcid; + +-- +-- Name: dw_profile_keyword; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_profile_keyword AS + SELECT profile_keyword.id AS db_id, + profile_keyword.profile_orcid, + btrim(kwc.kwc) AS keyword, + profile_keyword.visibility, + CASE + WHEN ((profile_keyword.profile_orcid)::text = (profile_keyword.source_id)::text) THEN true + ELSE false + END AS self_asserted, + profile_keyword.client_source_id, + profile_keyword.date_created, + profile_keyword.last_modified + FROM public.profile_keyword, + LATERAL regexp_split_to_table(profile_keyword.keywords_name, '[,;\.]'::text) kwc(kwc) + WHERE (profile_keyword.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_profile_keyword OWNER TO orcid; + +-- +-- Name: record_name; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.record_name ( + id bigint NOT NULL, + orcid character varying(255) NOT NULL, + credit_name text, + family_name text, + given_names text, + visibility character varying(20), + date_created timestamp with time zone, + last_modified timestamp with time zone +); + + +ALTER TABLE public.record_name OWNER TO orcid; + +-- +-- Name: dw_record_name; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_record_name AS + SELECT record_name.id AS db_id, + record_name.orcid, + record_name.credit_name, + record_name.family_name, + record_name.given_names, + record_name.visibility, + (record_name.date_created)::timestamp without time zone AS date_created, + (record_name.last_modified)::timestamp without time zone AS last_modified + FROM public.record_name + WHERE (record_name.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_record_name OWNER TO orcid; + +-- +-- Name: research_resource; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.research_resource ( + id bigint NOT NULL, + orcid character varying(255) NOT NULL, + source_id character varying(255), + client_source_id character varying(20), + proposal_type character varying(150) NOT NULL, + external_identifiers_json text NOT NULL, + title character varying(1000) NOT NULL, + translated_title character varying(1000), + translated_title_language_code character varying(10), + url character varying(350), + display_index integer, + start_day integer, + start_month integer, + start_year integer, + end_day integer, + end_month integer, + end_year integer, + visibility character varying(20), + date_created timestamp with time zone, + last_modified timestamp with time zone, + assertion_origin_source_id character varying(19), + assertion_origin_client_source_id character varying(20) +); + + +ALTER TABLE public.research_resource OWNER TO orcid; + +-- +-- Name: dw_research_resource; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_research_resource AS + SELECT research_resource.id AS db_id, + research_resource.orcid, + research_resource.proposal_type, + research_resource.external_identifiers_json, + research_resource.title, + research_resource.url, + research_resource.start_day, + research_resource.start_month, + research_resource.start_year, + research_resource.end_day, + research_resource.end_month, + research_resource.end_year, + research_resource.visibility, + research_resource.client_source_id, + research_resource.date_created, + research_resource.last_modified + FROM public.research_resource + WHERE (research_resource.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_research_resource OWNER TO orcid; + +-- +-- Name: research_resource_item; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.research_resource_item ( + id bigint NOT NULL, + research_resource_id bigint NOT NULL, + resource_name character varying(1000) NOT NULL, + resource_type character varying(150) NOT NULL, + external_identifiers_json text NOT NULL, + url character varying(350), + item_index bigint NOT NULL +); + + +ALTER TABLE public.research_resource_item OWNER TO orcid; + +-- +-- Name: dw_research_resource_item; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_research_resource_item AS + SELECT a.id AS db_id, + a.research_resource_id, + a.resource_name, + a.resource_type, + a.external_identifiers_json, + a.url, + (b.date_created)::timestamp without time zone AS date_created, + (b.last_modified)::timestamp without time zone AS last_modified + FROM (public.research_resource_item a + JOIN public.research_resource b ON ((a.research_resource_id = b.id))) + WHERE (b.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_research_resource_item OWNER TO orcid; + +-- +-- Name: research_resource_item_org; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.research_resource_item_org ( + research_resource_item_id bigint NOT NULL, + org_id bigint NOT NULL, + org_index bigint NOT NULL +); + + +ALTER TABLE public.research_resource_item_org OWNER TO orcid; + +-- +-- Name: dw_research_resource_item_org; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_research_resource_item_org AS + SELECT a.research_resource_item_id, + a.org_id, + c.date_created, + c.last_modified + FROM ((public.research_resource_item_org a + JOIN public.research_resource_item b ON ((a.research_resource_item_id = b.id))) + JOIN public.research_resource c ON ((b.research_resource_id = c.id))) + WHERE (c.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_research_resource_item_org OWNER TO orcid; + +-- +-- Name: research_resource_org; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.research_resource_org ( + research_resource_id bigint NOT NULL, + org_id bigint NOT NULL, + org_index bigint NOT NULL +); + + +ALTER TABLE public.research_resource_org OWNER TO orcid; + +-- +-- Name: dw_research_resource_org; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_research_resource_org AS + SELECT a.research_resource_id, + a.org_id, + (b.date_created)::timestamp without time zone AS date_created, + (b.last_modified)::timestamp without time zone AS last_modified + FROM (public.research_resource_org a + JOIN public.research_resource b ON ((a.research_resource_id = b.id))) + WHERE (b.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_research_resource_org OWNER TO orcid; + +-- +-- Name: researcher_url_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.researcher_url_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.researcher_url_seq OWNER TO orcid; + +-- +-- Name: researcher_url; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.researcher_url ( + url text NOT NULL, + date_created timestamp without time zone, + last_modified timestamp without time zone, + orcid character varying(19) NOT NULL, + id bigint DEFAULT nextval('public.researcher_url_seq'::regclass) NOT NULL, + url_name text, + visibility character varying(19), + source_id character varying(19), + client_source_id character varying(20), + display_index bigint DEFAULT 0, + assertion_origin_source_id character varying(19), + assertion_origin_client_source_id character varying(20) +); + + +ALTER TABLE public.researcher_url OWNER TO orcid; + +-- +-- Name: dw_researcher_url; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_researcher_url AS + SELECT researcher_url.id AS db_id, + researcher_url.orcid, + "substring"(researcher_url.url, '[http[s]*://]?([^/]+)'::text) AS domain, + researcher_url.url_name, + researcher_url.visibility, + CASE + WHEN ((researcher_url.orcid)::text = (researcher_url.source_id)::text) THEN true + ELSE false + END AS self_asserted, + researcher_url.client_source_id, + researcher_url.date_created, + researcher_url.last_modified + FROM public.researcher_url + WHERE (researcher_url.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_researcher_url OWNER TO orcid; + +-- +-- Name: userconnection; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.userconnection ( + userid text NOT NULL, + email text, + orcid character varying(19), + providerid text NOT NULL, + provideruserid text NOT NULL, + rank integer NOT NULL, + displayname text, + profileurl text, + imageurl text, + accesstoken text, + secret text, + refreshtoken text, + expiretime bigint, + is_linked boolean DEFAULT false, + last_login timestamp with time zone, + date_created timestamp with time zone, + last_modified timestamp with time zone, + id_type text, + status text DEFAULT 'STARTED'::character varying, + headers_json json +); + + +ALTER TABLE public.userconnection OWNER TO orcid; + +-- +-- Name: dw_userconnection; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_userconnection AS + SELECT userconnection.orcid, + userconnection.providerid, + userconnection.is_linked, + userconnection.last_login, + userconnection.id_type, + (userconnection.date_created)::timestamp without time zone AS date_created, + (userconnection.last_modified)::timestamp without time zone AS last_modified + FROM public.userconnection + WHERE ((userconnection.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))) AND (btrim((userconnection.orcid)::text) <> ''::text)); + + +ALTER TABLE public.dw_userconnection OWNER TO orcid; + +-- +-- Name: validated_public_profile; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.validated_public_profile ( + orcid character varying(19) NOT NULL, + date_created timestamp with time zone, + last_modified timestamp with time zone, + error text, + valid boolean +); + + +ALTER TABLE public.validated_public_profile OWNER TO orcid; + +-- +-- Name: dw_validated_public_profile; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_validated_public_profile AS + SELECT min(validated_public_profile.date_created) AS date_from, + max(validated_public_profile.date_created) AS date_to, + (((( SELECT count(*) AS count + FROM public.validated_public_profile validated_public_profile_1 + WHERE (validated_public_profile_1.valid IS TRUE)))::double precision / (( SELECT count(*) AS count + FROM public.validated_public_profile validated_public_profile_1))::double precision) * (100)::double precision) AS percent_valid, + ( SELECT dr.error + FROM ( SELECT validated_public_profile_1.error, + count(*) AS errorcount + FROM public.validated_public_profile validated_public_profile_1 + WHERE (validated_public_profile_1.valid IS FALSE) + GROUP BY validated_public_profile_1.error + ORDER BY (count(*)) DESC + LIMIT 1) dr) AS most_common_error, + (((( SELECT count(*) AS count + FROM public.validated_public_profile validated_public_profile_1 + WHERE ((validated_public_profile_1.valid IS FALSE) AND (validated_public_profile_1.error = ( SELECT dr.error + FROM ( SELECT validated_public_profile_2.error, + count(*) AS errorcount + FROM public.validated_public_profile validated_public_profile_2 + WHERE (validated_public_profile_2.valid IS FALSE) + GROUP BY validated_public_profile_2.error + ORDER BY (count(*)) DESC + LIMIT 1) dr)))))::double precision / (( SELECT count(*) AS count + FROM public.validated_public_profile validated_public_profile_1))::double precision) * (100)::double precision) AS percent_affected_by_most_common_error, + max(validated_public_profile.last_modified) AS last_modified + FROM public.validated_public_profile + WHERE (validated_public_profile.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_validated_public_profile OWNER TO orcid; + +-- +-- Name: work; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.work ( + work_id bigint NOT NULL, + date_created timestamp without time zone, + last_modified timestamp without time zone, + publication_day integer, + publication_month integer, + publication_year integer, + title text, + subtitle text, + description text, + work_url text, + citation text, + work_type text, + citation_type text, + contributors_json json, + journal_title text, + language_code text, + translated_title text, + translated_title_language_code text, + iso2_country text, + external_ids_json json, + orcid character varying(19), + added_to_profile_date timestamp without time zone, + visibility character varying(19), + display_index bigint DEFAULT (0)::bigint, + source_id character varying(19), + client_source_id character varying(20), + assertion_origin_source_id character varying(19), + assertion_origin_client_source_id character varying(20), + top_contributors_json text +); + + +ALTER TABLE public.work OWNER TO orcid; + +-- +-- Name: dw_work; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_work AS + SELECT work.work_id, + work.orcid, + work.publication_day, + work.publication_month, + work.publication_year, + work.title, + work.subtitle, + work.description, + work.work_url, + work.citation, + work.citation_type, + work.work_type, + work.journal_title, + work.language_code, + work.translated_title, + work.translated_title_language_code, + work.iso2_country, + work.visibility, + CASE + WHEN ((work.orcid)::text = (work.source_id)::text) THEN true + ELSE false + END AS self_asserted, + work.client_source_id, + work.date_created, + work.last_modified + FROM public.work + WHERE (work.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))); + + +ALTER TABLE public.dw_work OWNER TO orcid; + +-- +-- Name: dw_work_external_id; Type: VIEW; Schema: public; Owner: orcid +-- + +CREATE VIEW public.dw_work_external_id AS + WITH t AS ( + SELECT work.work_id, + work.orcid, + work.date_created, + work.last_modified, + json_array_elements((work.external_ids_json -> 'workExternalIdentifier'::text)) AS external_json + FROM public.work + ) + SELECT t.work_id, + t.orcid, + t.date_created, + t.last_modified, + ((t.external_json -> 'workExternalIdentifierId'::text) ->> 'content'::text) AS workexternalidentifierid, + (t.external_json ->> 'relationship'::text) AS relationship, + ((t.external_json -> 'url'::text) ->> 'value'::text) AS url, + (t.external_json ->> 'workExternalIdentifierType'::text) AS workexternalidentifiertype + FROM t + WHERE (t.last_modified > date_trunc('day'::text, (now() - '4 mons'::interval))) + ORDER BY t.last_modified; + + +ALTER TABLE public.dw_work_external_id OWNER TO orcid; + +-- +-- Name: email_domain; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.email_domain ( + id bigint NOT NULL, + email_domain character varying(254) NOT NULL, + category character varying(16) NOT NULL, + ror_id character varying(30), + date_created timestamp with time zone, + last_modified timestamp with time zone +); + + +ALTER TABLE public.email_domain OWNER TO orcid; + +-- +-- Name: email_domain_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.email_domain_seq + START WITH 1000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.email_domain_seq OWNER TO orcid; + +-- +-- Name: email_domain_to_org_id_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.email_domain_to_org_id_seq + START WITH 1000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.email_domain_to_org_id_seq OWNER TO orcid; + +-- +-- Name: email_event; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.email_event ( + id bigint NOT NULL, + date_created timestamp with time zone, + last_modified timestamp with time zone, + email text NOT NULL, + email_event_type character varying(255) NOT NULL +); + + +ALTER TABLE public.email_event OWNER TO orcid; + +-- +-- Name: email_event_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.email_event_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.email_event_seq OWNER TO orcid; + +-- +-- Name: email_frequency; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.email_frequency ( + id character varying(255) NOT NULL, + orcid character varying(255) NOT NULL, + date_created timestamp with time zone, + last_modified timestamp with time zone, + send_administrative_change_notifications double precision DEFAULT 7.0 NOT NULL, + send_change_notifications double precision DEFAULT 7.0 NOT NULL, + send_member_update_requests double precision DEFAULT 7.0 NOT NULL, + send_quarterly_tips boolean DEFAULT true NOT NULL +); + + +ALTER TABLE public.email_frequency OWNER TO orcid; + +-- +-- Name: email_schedule; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.email_schedule ( + id bigint NOT NULL, + date_created timestamp with time zone, + last_modified timestamp with time zone, + schedule_start timestamp with time zone, + schedule_end timestamp with time zone, + latest_sent timestamp with time zone, + schedule_interval bigint, + comments character varying(100), + paused boolean DEFAULT false NOT NULL +); + + +ALTER TABLE public.email_schedule OWNER TO orcid; + +-- +-- Name: email_schedule_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.email_schedule_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.email_schedule_seq OWNER TO orcid; + +-- +-- Name: event; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.event ( + id bigint NOT NULL, + event_type character varying(20), + client_id character varying(255), + label character varying(255), + date_created timestamp with time zone, + ip character varying(60) +); + + +ALTER TABLE public.event OWNER TO orcid; + +-- +-- Name: event_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.event_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.event_seq OWNER TO orcid; + +-- +-- Name: event_stats_id_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +ALTER TABLE public.event_stats ALTER COLUMN id ADD GENERATED BY DEFAULT AS IDENTITY ( + SEQUENCE NAME public.event_stats_id_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1 +); + + +-- +-- Name: event_stats_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.event_stats_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.event_stats_seq OWNER TO orcid; + +-- +-- Name: external_identifier_id_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.external_identifier_id_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.external_identifier_id_seq OWNER TO orcid; + +-- +-- Name: external_identifier_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: orcid +-- + +ALTER SEQUENCE public.external_identifier_id_seq OWNED BY public.external_identifier.id; + + +-- +-- Name: find_my_stuff_history; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.find_my_stuff_history ( + orcid character varying(255) NOT NULL, + finder_name character varying(255) NOT NULL, + last_count integer, + opt_out boolean, + actioned boolean, + date_created timestamp with time zone, + last_modified timestamp with time zone +); + + +ALTER TABLE public.find_my_stuff_history OWNER TO orcid; + +-- +-- Name: funding_external_identifier; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.funding_external_identifier ( + funding_external_identifier_id bigint NOT NULL, + profile_funding_id bigint NOT NULL, + ext_type character varying(255), + ext_value character varying(2084), + ext_url character varying(350), + date_created timestamp with time zone, + last_modified timestamp with time zone +); + + +ALTER TABLE public.funding_external_identifier OWNER TO orcid; + +-- +-- Name: funding_external_identifier_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.funding_external_identifier_seq + START WITH 1000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.funding_external_identifier_seq OWNER TO orcid; + +-- +-- Name: funding_subtype_to_index; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.funding_subtype_to_index ( + orcid character varying(255) NOT NULL, + subtype text NOT NULL +); + + +ALTER TABLE public.funding_subtype_to_index OWNER TO orcid; + +-- +-- Name: given_permission_to_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.given_permission_to_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.given_permission_to_seq OWNER TO orcid; + +-- +-- Name: grant_contributor_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.grant_contributor_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.grant_contributor_seq OWNER TO orcid; + +-- +-- Name: grant_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.grant_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.grant_seq OWNER TO orcid; + +-- +-- Name: granted_authority; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.granted_authority ( + authority character varying(255) NOT NULL, + orcid character varying(255) NOT NULL, + date_created timestamp without time zone, + last_modified timestamp without time zone +); + + +ALTER TABLE public.granted_authority OWNER TO orcid; + +-- +-- Name: group_id_record_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.group_id_record_seq + START WITH 1000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.group_id_record_seq OWNER TO orcid; + +-- +-- Name: identifier_type_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.identifier_type_seq + START WITH 1000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.identifier_type_seq OWNER TO orcid; + +-- +-- Name: identity_provider_name; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.identity_provider_name ( + id bigint NOT NULL, + date_created timestamp with time zone, + last_modified timestamp with time zone, + identity_provider_id bigint, + display_name text, + lang text +); + + +ALTER TABLE public.identity_provider_name OWNER TO orcid; + +-- +-- Name: identity_provider_name_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.identity_provider_name_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.identity_provider_name_seq OWNER TO orcid; + +-- +-- Name: identity_provider_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.identity_provider_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.identity_provider_seq OWNER TO orcid; + +-- +-- Name: institution; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.institution ( + id bigint NOT NULL, + date_created timestamp without time zone, + last_modified timestamp without time zone, + institution_name character varying(350), + address_id bigint +); + + +ALTER TABLE public.institution OWNER TO orcid; + +-- +-- Name: institution_department_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.institution_department_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.institution_department_seq OWNER TO orcid; + +-- +-- Name: institution_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.institution_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.institution_seq OWNER TO orcid; + +-- +-- Name: internal_sso; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.internal_sso ( + orcid character varying(19) NOT NULL, + token character varying(60) NOT NULL, + date_created timestamp with time zone, + last_modified timestamp with time zone +); + + +ALTER TABLE public.internal_sso OWNER TO orcid; + +-- +-- Name: invalid_issn_group_id_record; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.invalid_issn_group_id_record ( + id bigint NOT NULL, + date_created timestamp with time zone, + last_modified timestamp with time zone, + notes text +); + + +ALTER TABLE public.invalid_issn_group_id_record OWNER TO orcid; + +-- +-- Name: invalid_record_change_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.invalid_record_change_seq + START WITH 1000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.invalid_record_change_seq OWNER TO orcid; + +-- +-- Name: invalid_record_data_changes; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.invalid_record_data_changes ( + sql_used_to_update text NOT NULL, + description text NOT NULL, + num_changed bigint NOT NULL, + type text NOT NULL, + date_created timestamp with time zone, + last_modified timestamp with time zone, + id bigint DEFAULT nextval('public.invalid_record_change_seq'::regclass) NOT NULL +); + + +ALTER TABLE public.invalid_record_data_changes OWNER TO orcid; + +-- +-- Name: key_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.key_seq + START WITH 1000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.key_seq OWNER TO orcid; + +-- +-- Name: keyword_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.keyword_seq + START WITH 1000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.keyword_seq OWNER TO orcid; + +-- +-- Name: member_chosen_org_disambiguated; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.member_chosen_org_disambiguated ( + org_disambiguated_id bigint NOT NULL +); + + +ALTER TABLE public.member_chosen_org_disambiguated OWNER TO orcid; + +-- +-- Name: member_obo_whitelisted_client; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.member_obo_whitelisted_client ( + id bigint NOT NULL, + client_details_id character varying(150), + whitelisted_client_details_id character varying(150), + date_created timestamp with time zone, + last_modified timestamp with time zone +); + + +ALTER TABLE public.member_obo_whitelisted_client OWNER TO orcid; + +-- +-- Name: notification_item; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.notification_item ( + id bigint NOT NULL, + notification_id bigint, + date_created timestamp with time zone, + last_modified timestamp with time zone, + item_type text, + item_name text, + external_id_type text, + external_id_value text, + action_type character varying(10), + additional_info json, + external_id_url character varying(255), + external_id_relationship character varying(255) +); + + +ALTER TABLE public.notification_item OWNER TO orcid; + +-- +-- Name: notification_item_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.notification_item_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.notification_item_seq OWNER TO orcid; + +-- +-- Name: notification_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.notification_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.notification_seq OWNER TO orcid; + +-- +-- Name: notification_work; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.notification_work ( + date_created timestamp with time zone, + last_modified timestamp with time zone, + notification_id bigint NOT NULL, + work_id bigint NOT NULL +); + + +ALTER TABLE public.notification_work OWNER TO orcid; + +-- +-- Name: oauth2_authoriziation_code_detail; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.oauth2_authoriziation_code_detail ( + authoriziation_code_value character varying(255) NOT NULL, + is_aproved boolean, + orcid character varying(19), + redirect_uri character varying(355), + response_type character varying(55), + state character varying(2000), + client_details_id character varying(150), + session_id character varying(100), + is_authenticated boolean, + date_created timestamp with time zone, + last_modified timestamp with time zone, + persistent boolean DEFAULT false, + version bigint DEFAULT (0)::bigint, + nonce character varying(2000) +); + + +ALTER TABLE public.oauth2_authoriziation_code_detail OWNER TO orcid; + +-- +-- Name: orcid_props; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.orcid_props ( + key character varying(255) NOT NULL, + prop_value text, + date_created timestamp with time zone, + last_modified timestamp with time zone +); + + +ALTER TABLE public.orcid_props OWNER TO orcid; + +-- +-- Name: orcid_social; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.orcid_social ( + orcid character varying(255) NOT NULL, + type character varying(255) NOT NULL, + encrypted_credentials text NOT NULL, + date_created timestamp with time zone, + last_modified timestamp with time zone, + last_run timestamp with time zone +); + + +ALTER TABLE public.orcid_social OWNER TO orcid; + +-- +-- Name: orcidoauth2authoriziationcodedetail_authorities; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.orcidoauth2authoriziationcodedetail_authorities ( + orcidoauth2authoriziationcodedetail_authoriziation_code_value character varying(255) NOT NULL, + authorities character varying(255) NOT NULL +); + + +ALTER TABLE public.orcidoauth2authoriziationcodedetail_authorities OWNER TO orcid; + +-- +-- Name: orcidoauth2authoriziationcodedetail_resourceids; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.orcidoauth2authoriziationcodedetail_resourceids ( + orcidoauth2authoriziationcodedetail_authoriziation_code_value character varying(255) NOT NULL, + resourceids character varying(255) NOT NULL +); + + +ALTER TABLE public.orcidoauth2authoriziationcodedetail_resourceids OWNER TO orcid; + +-- +-- Name: orcidoauth2authoriziationcodedetail_scopes; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.orcidoauth2authoriziationcodedetail_scopes ( + orcidoauth2authoriziationcodedetail_authoriziation_code_value character varying(255) NOT NULL, + scopes character varying(255) NOT NULL +); + + +ALTER TABLE public.orcidoauth2authoriziationcodedetail_scopes OWNER TO orcid; + +-- +-- Name: org_affiliation_relation_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.org_affiliation_relation_seq + START WITH 1000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.org_affiliation_relation_seq OWNER TO orcid; + +-- +-- Name: org_disambiguated_external_identifier_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.org_disambiguated_external_identifier_seq + START WITH 1000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.org_disambiguated_external_identifier_seq OWNER TO orcid; + +-- +-- Name: org_disambiguated_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.org_disambiguated_seq + START WITH 1000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.org_disambiguated_seq OWNER TO orcid; + +-- +-- Name: org_import_log; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.org_import_log ( + id bigint NOT NULL, + start_time timestamp with time zone NOT NULL, + end_time timestamp with time zone NOT NULL, + date_created timestamp with time zone, + last_modified timestamp with time zone, + source_type character varying(19) NOT NULL, + successful boolean NOT NULL +); + + +ALTER TABLE public.org_import_log OWNER TO orcid; + +-- +-- Name: org_import_log_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.org_import_log_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.org_import_log_seq OWNER TO orcid; + +-- +-- Name: org_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.org_seq + START WITH 1000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.org_seq OWNER TO orcid; + +-- +-- Name: other_name_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.other_name_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.other_name_seq OWNER TO orcid; + +-- +-- Name: patent; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.patent ( + patent_id bigint NOT NULL, + issuing_country character varying(155), + patent_no character varying(60), + short_description character varying(550), + issue_date date, + date_created timestamp with time zone, + last_modified timestamp with time zone +); + + +ALTER TABLE public.patent OWNER TO orcid; + +-- +-- Name: patent_contributor; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.patent_contributor ( + patent_contributor_id bigint NOT NULL, + orcid character varying(19), + patent_id bigint, + credit_name character varying(450), + contributor_role character varying(90), + contributor_sequence character varying(90), + contributor_email character varying(300), + date_created timestamp with time zone, + last_modified timestamp with time zone +); + + +ALTER TABLE public.patent_contributor OWNER TO orcid; + +-- +-- Name: patent_contributor_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.patent_contributor_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.patent_contributor_seq OWNER TO orcid; + +-- +-- Name: patent_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.patent_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.patent_seq OWNER TO orcid; + +-- +-- Name: patent_source; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.patent_source ( + orcid character varying(19) NOT NULL, + patent_id bigint NOT NULL, + source_orcid character varying(19) NOT NULL, + deposited_date date, + date_created timestamp with time zone, + last_modified timestamp with time zone +); + + +ALTER TABLE public.patent_source OWNER TO orcid; + +-- +-- Name: peer_review_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.peer_review_seq + START WITH 1000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.peer_review_seq OWNER TO orcid; + +-- +-- Name: peer_review_subject; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.peer_review_subject ( + id bigint NOT NULL, + external_identifiers_json json NOT NULL, + title text NOT NULL, + work_type text NOT NULL, + sub_title text, + translated_title text, + translated_title_language_code text, + url text, + journal_title text, + date_created timestamp with time zone, + last_modified timestamp with time zone +); + + +ALTER TABLE public.peer_review_subject OWNER TO orcid; + +-- +-- Name: peer_review_subject_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.peer_review_subject_seq + START WITH 1000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.peer_review_subject_seq OWNER TO orcid; + +-- +-- Name: profile_email_domain_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.profile_email_domain_seq + START WITH 100000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.profile_email_domain_seq OWNER TO orcid; + +-- +-- Name: profile_event; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.profile_event ( + id bigint NOT NULL, + date_created timestamp with time zone, + last_modified timestamp with time zone, + orcid character varying(19) NOT NULL, + profile_event_type character varying(255) NOT NULL, + comment text +); + + +ALTER TABLE public.profile_event OWNER TO orcid; + +-- +-- Name: profile_event_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.profile_event_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.profile_event_seq OWNER TO orcid; + +-- +-- Name: profile_funding_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.profile_funding_seq + START WITH 1000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.profile_funding_seq OWNER TO orcid; + +-- +-- Name: profile_history_event_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.profile_history_event_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.profile_history_event_seq OWNER TO orcid; + +-- +-- Name: profile_patent; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.profile_patent ( + orcid character varying(19) NOT NULL, + patent_id bigint NOT NULL, + added_to_profile_date date, + visibility character varying(20), + date_created timestamp with time zone, + last_modified timestamp with time zone +); + + +ALTER TABLE public.profile_patent OWNER TO orcid; + +-- +-- Name: profile_subject; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.profile_subject ( + profile_orcid character varying(19) NOT NULL, + subjects_name character varying(255) NOT NULL +); + + +ALTER TABLE public.profile_subject OWNER TO orcid; + +-- +-- Name: record_name_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.record_name_seq + START WITH 1000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.record_name_seq OWNER TO orcid; + +-- +-- Name: reference_data; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.reference_data ( + id bigint NOT NULL, + date_created timestamp without time zone, + last_modified timestamp without time zone, + ref_data_key character varying(255), + ref_data_value character varying(255) +); + + +ALTER TABLE public.reference_data OWNER TO orcid; + +-- +-- Name: reference_data_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.reference_data_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.reference_data_seq OWNER TO orcid; + +-- +-- Name: rejected_grouping_suggestion; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.rejected_grouping_suggestion ( + put_codes character varying(255) NOT NULL, + date_created timestamp with time zone, + last_modified timestamp with time zone, + orcid character varying(19) NOT NULL +); + + +ALTER TABLE public.rejected_grouping_suggestion OWNER TO orcid; + +-- +-- Name: related_url_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.related_url_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.related_url_seq OWNER TO orcid; + +-- +-- Name: research_resource_item_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.research_resource_item_seq + START WITH 1000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.research_resource_item_seq OWNER TO orcid; + +-- +-- Name: research_resource_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.research_resource_seq + START WITH 1000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.research_resource_seq OWNER TO orcid; + +-- +-- Name: salesforce_connection; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.salesforce_connection ( + id bigint NOT NULL, + date_created timestamp with time zone, + last_modified timestamp with time zone, + orcid character varying(19) NOT NULL, + email text NOT NULL, + salesforce_account_id text NOT NULL, + is_primary boolean DEFAULT true NOT NULL +); + + +ALTER TABLE public.salesforce_connection OWNER TO orcid; + +-- +-- Name: salesforce_connection_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.salesforce_connection_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.salesforce_connection_seq OWNER TO orcid; + +-- +-- Name: shibboleth_account; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.shibboleth_account ( + id bigint NOT NULL, + date_created timestamp with time zone, + last_modified timestamp with time zone, + orcid character varying(19) NOT NULL, + remote_user text NOT NULL, + shib_identity_provider text NOT NULL +); + + +ALTER TABLE public.shibboleth_account OWNER TO orcid; + +-- +-- Name: shibboleth_account_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.shibboleth_account_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.shibboleth_account_seq OWNER TO orcid; + +-- +-- Name: spam; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.spam ( + id bigint NOT NULL, + orcid character varying(255) NOT NULL, + source_type character varying(20), + spam_counter integer, + date_created timestamp with time zone, + last_modified timestamp with time zone +); + + +ALTER TABLE public.spam OWNER TO orcid; + +-- +-- Name: spam_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.spam_seq + START WITH 1000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.spam_seq OWNER TO orcid; + +-- +-- Name: statistic_key; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.statistic_key ( + id bigint NOT NULL, + generation_date timestamp with time zone +); + + +ALTER TABLE public.statistic_key OWNER TO orcid; + +-- +-- Name: statistic_values; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.statistic_values ( + id bigint NOT NULL, + key_id bigint NOT NULL, + statistic_name character varying(255), + statistic_value bigint +); + + +ALTER TABLE public.statistic_values OWNER TO orcid; + +-- +-- Name: subject; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.subject ( + name text NOT NULL, + date_created timestamp without time zone, + last_modified timestamp without time zone +); + + +ALTER TABLE public.subject OWNER TO orcid; + +-- +-- Name: values_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.values_seq + START WITH 1000 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.values_seq OWNER TO orcid; + +-- +-- Name: webhook; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.webhook ( + orcid character varying(255) NOT NULL, + client_details_id character varying(255) NOT NULL, + uri text NOT NULL, + date_created timestamp with time zone, + last_modified timestamp with time zone, + last_failed timestamp with time zone, + failed_attempt_count integer DEFAULT 0 NOT NULL, + enabled boolean DEFAULT true NOT NULL, + disabled_date timestamp with time zone, + disabled_comments text, + last_sent timestamp with time zone, + profile_last_modified timestamp without time zone +); + + +ALTER TABLE public.webhook OWNER TO orcid; + +-- +-- Name: work_seq; Type: SEQUENCE; Schema: public; Owner: orcid +-- + +CREATE SEQUENCE public.work_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + + +ALTER TABLE public.work_seq OWNER TO orcid; + +-- +-- Name: external_identifier id; Type: DEFAULT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.external_identifier ALTER COLUMN id SET DEFAULT nextval('public.external_identifier_id_seq'::regclass); + + +-- +-- Name: address address_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.address + ADD CONSTRAINT address_pkey PRIMARY KEY (id); + + +-- +-- Name: backup_code backup_code_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.backup_code + ADD CONSTRAINT backup_code_pkey PRIMARY KEY (id); + + +-- +-- Name: biography biography_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.biography + ADD CONSTRAINT biography_pkey PRIMARY KEY (id); + + +-- +-- Name: client_authorised_grant_type client_authorised_grant_type_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.client_authorised_grant_type + ADD CONSTRAINT client_authorised_grant_type_pkey PRIMARY KEY (client_details_id, grant_type); + + +-- +-- Name: client_details client_details_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.client_details + ADD CONSTRAINT client_details_pkey PRIMARY KEY (client_details_id); + + +-- +-- Name: client_granted_authority client_granted_authority_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.client_granted_authority + ADD CONSTRAINT client_granted_authority_pkey PRIMARY KEY (client_details_id, granted_authority); + + +-- +-- Name: client_redirect_uri client_redirect_uri_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.client_redirect_uri + ADD CONSTRAINT client_redirect_uri_pkey PRIMARY KEY (client_details_id, redirect_uri, redirect_uri_type); + + +-- +-- Name: client_resource_id client_resource_id_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.client_resource_id + ADD CONSTRAINT client_resource_id_pkey PRIMARY KEY (client_details_id, resource_id); + + +-- +-- Name: client_scope client_scope_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.client_scope + ADD CONSTRAINT client_scope_pkey PRIMARY KEY (client_details_id, scope_type); + + +-- +-- Name: client_secret client_secret_pk; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.client_secret + ADD CONSTRAINT client_secret_pk PRIMARY KEY (client_details_id, client_secret); + + +-- +-- Name: country_reference_data country_id_id_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.country_reference_data + ADD CONSTRAINT country_id_id_pkey PRIMARY KEY (country_iso_code); + + +-- +-- Name: dw_active_users dw_active_users_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.dw_active_users + ADD CONSTRAINT dw_active_users_pkey PRIMARY KEY (date_calculated); + + +-- +-- Name: email_domain email_domain_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.email_domain + ADD CONSTRAINT email_domain_pkey PRIMARY KEY (id); + + +-- +-- Name: email_event email_event_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.email_event + ADD CONSTRAINT email_event_pkey PRIMARY KEY (id); + + +-- +-- Name: email_frequency email_frequency_orcid_unique; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.email_frequency + ADD CONSTRAINT email_frequency_orcid_unique UNIQUE (orcid); + + +-- +-- Name: email_frequency email_frequency_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.email_frequency + ADD CONSTRAINT email_frequency_pkey PRIMARY KEY (id); + + +-- +-- Name: email email_primary_key; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.email + ADD CONSTRAINT email_primary_key PRIMARY KEY (email_hash); + + +-- +-- Name: email_schedule email_schedule_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.email_schedule + ADD CONSTRAINT email_schedule_pkey PRIMARY KEY (id); + + +-- +-- Name: event event_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.event + ADD CONSTRAINT event_pkey PRIMARY KEY (id); + + +-- +-- Name: event_stats event_stats_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.event_stats + ADD CONSTRAINT event_stats_pkey PRIMARY KEY (id); + + +-- +-- Name: external_identifier external_identifier_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.external_identifier + ADD CONSTRAINT external_identifier_pkey PRIMARY KEY (id); + + +-- +-- Name: find_my_stuff_history find_my_stuff_history_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.find_my_stuff_history + ADD CONSTRAINT find_my_stuff_history_pkey PRIMARY KEY (orcid, finder_name); + + +-- +-- Name: funding_external_identifier funding_external_identifier_constraints; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.funding_external_identifier + ADD CONSTRAINT funding_external_identifier_constraints UNIQUE (profile_funding_id, ext_type, ext_value, ext_url); + + +-- +-- Name: funding_external_identifier funding_external_identifier_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.funding_external_identifier + ADD CONSTRAINT funding_external_identifier_pkey PRIMARY KEY (funding_external_identifier_id); + + +-- +-- Name: given_permission_to given_permission_to_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.given_permission_to + ADD CONSTRAINT given_permission_to_pkey PRIMARY KEY (given_permission_to_id); + + +-- +-- Name: granted_authority granted_authority_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.granted_authority + ADD CONSTRAINT granted_authority_pkey PRIMARY KEY (authority, orcid); + + +-- +-- Name: group_id_record group_id_record_group_id_key; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.group_id_record + ADD CONSTRAINT group_id_record_group_id_key UNIQUE (group_id); + + +-- +-- Name: group_id_record group_id_record_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.group_id_record + ADD CONSTRAINT group_id_record_pkey PRIMARY KEY (id); + + +-- +-- Name: identifier_type identifier_type_id_name_key; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.identifier_type + ADD CONSTRAINT identifier_type_id_name_key UNIQUE (id_name); + + +-- +-- Name: identifier_type identifier_type_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.identifier_type + ADD CONSTRAINT identifier_type_pkey PRIMARY KEY (id); + + +-- +-- Name: identity_provider_name identity_provider_name_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.identity_provider_name + ADD CONSTRAINT identity_provider_name_pkey PRIMARY KEY (id); + + +-- +-- Name: identity_provider identity_provider_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.identity_provider + ADD CONSTRAINT identity_provider_pkey PRIMARY KEY (id); + + +-- +-- Name: identity_provider identity_provider_providerid_unique; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.identity_provider + ADD CONSTRAINT identity_provider_providerid_unique UNIQUE (providerid); + + +-- +-- Name: institution institution_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.institution + ADD CONSTRAINT institution_pkey PRIMARY KEY (id); + + +-- +-- Name: internal_sso internal_sso_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.internal_sso + ADD CONSTRAINT internal_sso_pkey PRIMARY KEY (orcid); + + +-- +-- Name: invalid_issn_group_id_record invalid_issn_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.invalid_issn_group_id_record + ADD CONSTRAINT invalid_issn_pkey PRIMARY KEY (id); + + +-- +-- Name: invalid_record_data_changes invalid_record_data_changes_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.invalid_record_data_changes + ADD CONSTRAINT invalid_record_data_changes_pkey PRIMARY KEY (id); + + +-- +-- Name: member_chosen_org_disambiguated member_chosen_org_disambiguated_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.member_chosen_org_disambiguated + ADD CONSTRAINT member_chosen_org_disambiguated_pkey PRIMARY KEY (org_disambiguated_id); + + +-- +-- Name: member_obo_whitelisted_client member_obo_whitelisted_client_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.member_obo_whitelisted_client + ADD CONSTRAINT member_obo_whitelisted_client_pkey PRIMARY KEY (id); + + +-- +-- Name: member_obo_whitelisted_client member_obo_whitelisted_clients_unique_constraint; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.member_obo_whitelisted_client + ADD CONSTRAINT member_obo_whitelisted_clients_unique_constraint UNIQUE (client_details_id, whitelisted_client_details_id); + + +-- +-- Name: notification_item notification_activity_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.notification_item + ADD CONSTRAINT notification_activity_pkey PRIMARY KEY (id); + + +-- +-- Name: notification notification_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.notification + ADD CONSTRAINT notification_pkey PRIMARY KEY (id); + + +-- +-- Name: notification_work notification_work_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.notification_work + ADD CONSTRAINT notification_work_pkey PRIMARY KEY (notification_id, work_id); + + +-- +-- Name: oauth2_authoriziation_code_detail oauth2_authoriziation_code_detail_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.oauth2_authoriziation_code_detail + ADD CONSTRAINT oauth2_authoriziation_code_detail_pkey PRIMARY KEY (authoriziation_code_value); + + +-- +-- Name: oauth2_token_detail oauth2_token_detail_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.oauth2_token_detail + ADD CONSTRAINT oauth2_token_detail_pkey PRIMARY KEY (id); + + +-- +-- Name: oauth2_token_detail oauth2_token_detail_refresh_token_value_key; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.oauth2_token_detail + ADD CONSTRAINT oauth2_token_detail_refresh_token_value_key UNIQUE (refresh_token_value); + + +-- +-- Name: orcidoauth2authoriziationcodedetail_authorities orcidoauth2authoriziationcodedetail_authorities_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.orcidoauth2authoriziationcodedetail_authorities + ADD CONSTRAINT orcidoauth2authoriziationcodedetail_authorities_pkey PRIMARY KEY (orcidoauth2authoriziationcodedetail_authoriziation_code_value, authorities); + + +-- +-- Name: orcidoauth2authoriziationcodedetail_resourceids orcidoauth2authoriziationcodedetail_resourceids_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.orcidoauth2authoriziationcodedetail_resourceids + ADD CONSTRAINT orcidoauth2authoriziationcodedetail_resourceids_pkey PRIMARY KEY (orcidoauth2authoriziationcodedetail_authoriziation_code_value, resourceids); + + +-- +-- Name: orcidoauth2authoriziationcodedetail_scopes orcidoauth2authoriziationcodedetail_scopes_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.orcidoauth2authoriziationcodedetail_scopes + ADD CONSTRAINT orcidoauth2authoriziationcodedetail_scopes_pkey PRIMARY KEY (orcidoauth2authoriziationcodedetail_authoriziation_code_value, scopes); + + +-- +-- Name: org_affiliation_relation org_affiliation_relation_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.org_affiliation_relation + ADD CONSTRAINT org_affiliation_relation_pkey PRIMARY KEY (id); + + +-- +-- Name: org_disambiguated_external_identifier org_disambiguated_external_identifier_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.org_disambiguated_external_identifier + ADD CONSTRAINT org_disambiguated_external_identifier_pkey PRIMARY KEY (id); + + +-- +-- Name: org_disambiguated org_disambiguated_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.org_disambiguated + ADD CONSTRAINT org_disambiguated_pkey PRIMARY KEY (id); + + +-- +-- Name: org_import_log org_import_log_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.org_import_log + ADD CONSTRAINT org_import_log_pkey PRIMARY KEY (id); + + +-- +-- Name: org org_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.org + ADD CONSTRAINT org_pkey PRIMARY KEY (id); + + +-- +-- Name: org org_unique_constraints; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.org + ADD CONSTRAINT org_unique_constraints UNIQUE (name, city, region, country, org_disambiguated_id); + + +-- +-- Name: other_name other_name_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.other_name + ADD CONSTRAINT other_name_pkey PRIMARY KEY (other_name_id); + + +-- +-- Name: patent_contributor patent_contributor_pk; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.patent_contributor + ADD CONSTRAINT patent_contributor_pk PRIMARY KEY (patent_contributor_id); + + +-- +-- Name: patent patent_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.patent + ADD CONSTRAINT patent_pkey PRIMARY KEY (patent_id); + + +-- +-- Name: patent_source patent_source_pk; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.patent_source + ADD CONSTRAINT patent_source_pk PRIMARY KEY (orcid, patent_id, source_orcid); + + +-- +-- Name: peer_review peer_review_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.peer_review + ADD CONSTRAINT peer_review_pkey PRIMARY KEY (id); + + +-- +-- Name: peer_review_subject peer_review_subject_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.peer_review_subject + ADD CONSTRAINT peer_review_subject_pkey PRIMARY KEY (id); + + +-- +-- Name: custom_email pk_custom_email; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.custom_email + ADD CONSTRAINT pk_custom_email PRIMARY KEY (client_details_id, email_type); + + +-- +-- Name: databasechangelog pk_databasechangelog; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.databasechangelog + ADD CONSTRAINT pk_databasechangelog PRIMARY KEY (id, author, filename); + + +-- +-- Name: databasechangeloglock pk_databasechangeloglock; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.databasechangeloglock + ADD CONSTRAINT pk_databasechangeloglock PRIMARY KEY (id); + + +-- +-- Name: funding_subtype_to_index pk_funding_subtype_to_index; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.funding_subtype_to_index + ADD CONSTRAINT pk_funding_subtype_to_index PRIMARY KEY (orcid, subtype); + + +-- +-- Name: orcid_social pk_orcid_social; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.orcid_social + ADD CONSTRAINT pk_orcid_social PRIMARY KEY (orcid, type); + + +-- +-- Name: affiliation primary_profile_institution_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.affiliation + ADD CONSTRAINT primary_profile_institution_pkey PRIMARY KEY (institution_id, orcid); + + +-- +-- Name: profile_email_domain profile_email_domain_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile_email_domain + ADD CONSTRAINT profile_email_domain_pkey PRIMARY KEY (id); + + +-- +-- Name: profile_event profile_event_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile_event + ADD CONSTRAINT profile_event_pkey PRIMARY KEY (id); + + +-- +-- Name: profile_funding profile_funding_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile_funding + ADD CONSTRAINT profile_funding_pkey PRIMARY KEY (id); + + +-- +-- Name: profile_history_event profile_history_event_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile_history_event + ADD CONSTRAINT profile_history_event_pkey PRIMARY KEY (id); + + +-- +-- Name: profile_keyword profile_keyword_numeric_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile_keyword + ADD CONSTRAINT profile_keyword_numeric_pkey PRIMARY KEY (id); + + +-- +-- Name: profile_patent profile_patent_pk; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile_patent + ADD CONSTRAINT profile_patent_pk PRIMARY KEY (orcid, patent_id); + + +-- +-- Name: profile profile_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile + ADD CONSTRAINT profile_pkey PRIMARY KEY (orcid); + + +-- +-- Name: profile_subject profile_subject_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile_subject + ADD CONSTRAINT profile_subject_pkey PRIMARY KEY (profile_orcid, subjects_name); + + +-- +-- Name: record_name record_name_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.record_name + ADD CONSTRAINT record_name_pkey PRIMARY KEY (id); + + +-- +-- Name: reference_data reference_data_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.reference_data + ADD CONSTRAINT reference_data_pkey PRIMARY KEY (id); + + +-- +-- Name: rejected_grouping_suggestion rejected_grouping_suggestion_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.rejected_grouping_suggestion + ADD CONSTRAINT rejected_grouping_suggestion_pkey PRIMARY KEY (put_codes); + + +-- +-- Name: research_resource_item_org research_resource_item_org_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.research_resource_item_org + ADD CONSTRAINT research_resource_item_org_pkey PRIMARY KEY (research_resource_item_id, org_id); + + +-- +-- Name: research_resource_item research_resource_item_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.research_resource_item + ADD CONSTRAINT research_resource_item_pkey PRIMARY KEY (id); + + +-- +-- Name: research_resource_org research_resource_org_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.research_resource_org + ADD CONSTRAINT research_resource_org_pkey PRIMARY KEY (research_resource_id, org_id); + + +-- +-- Name: research_resource research_resource_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.research_resource + ADD CONSTRAINT research_resource_pkey PRIMARY KEY (id); + + +-- +-- Name: researcher_url researcher_url_orcid_client_source_unique_key; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.researcher_url + ADD CONSTRAINT researcher_url_orcid_client_source_unique_key UNIQUE (url, orcid, client_source_id); + + +-- +-- Name: researcher_url researcher_url_orcid_source_unique_key; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.researcher_url + ADD CONSTRAINT researcher_url_orcid_source_unique_key UNIQUE (url, orcid, source_id); + + +-- +-- Name: researcher_url researcher_url_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.researcher_url + ADD CONSTRAINT researcher_url_pkey PRIMARY KEY (id); + + +-- +-- Name: salesforce_connection salesforce_connection_orcid_salesforce_account_id_unique; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.salesforce_connection + ADD CONSTRAINT salesforce_connection_orcid_salesforce_account_id_unique UNIQUE (orcid, salesforce_account_id); + + +-- +-- Name: salesforce_connection salesforce_connection_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.salesforce_connection + ADD CONSTRAINT salesforce_connection_pkey PRIMARY KEY (id); + + +-- +-- Name: shibboleth_account shibboleth_account_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.shibboleth_account + ADD CONSTRAINT shibboleth_account_pkey PRIMARY KEY (id); + + +-- +-- Name: shibboleth_account shibboleth_account_remote_user_idp_unique; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.shibboleth_account + ADD CONSTRAINT shibboleth_account_remote_user_idp_unique UNIQUE (remote_user, shib_identity_provider); + + +-- +-- Name: spam spam_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.spam + ADD CONSTRAINT spam_pkey PRIMARY KEY (id); + + +-- +-- Name: orcid_props statistic_key_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.orcid_props + ADD CONSTRAINT statistic_key_pkey PRIMARY KEY (key); + + +-- +-- Name: statistic_values statistic_values_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.statistic_values + ADD CONSTRAINT statistic_values_pkey PRIMARY KEY (id); + + +-- +-- Name: statistic_key stats_key_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.statistic_key + ADD CONSTRAINT stats_key_pkey PRIMARY KEY (id); + + +-- +-- Name: subject subject_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.subject + ADD CONSTRAINT subject_pkey PRIMARY KEY (name); + + +-- +-- Name: external_identifier unique_external_identifiers_allowing_multiple_sources; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.external_identifier + ADD CONSTRAINT unique_external_identifiers_allowing_multiple_sources UNIQUE (orcid, external_id_reference, external_id_type, source_id, client_source_id); + + +-- +-- Name: oauth2_token_detail unique_token_value; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.oauth2_token_detail + ADD CONSTRAINT unique_token_value UNIQUE (token_value); + + +-- +-- Name: org_disambiguated_external_identifier uq_org_disambiguated_identifier_type; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.org_disambiguated_external_identifier + ADD CONSTRAINT uq_org_disambiguated_identifier_type UNIQUE (org_disambiguated_id, identifier, identifier_type); + + +-- +-- Name: userconnection userconnection_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.userconnection + ADD CONSTRAINT userconnection_pkey PRIMARY KEY (userid, providerid, provideruserid); + + +-- +-- Name: validated_public_profile validated_public_profile_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.validated_public_profile + ADD CONSTRAINT validated_public_profile_pkey PRIMARY KEY (orcid); + + +-- +-- Name: webhook webhook_pk; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.webhook + ADD CONSTRAINT webhook_pk PRIMARY KEY (orcid, uri); + + +-- +-- Name: work work_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.work + ADD CONSTRAINT work_pkey PRIMARY KEY (work_id); + + +-- +-- Name: address_orcid_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX address_orcid_idx ON public.address USING btree (orcid); + + +-- +-- Name: biography_orcid_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX biography_orcid_index ON public.biography USING btree (orcid); + + +-- +-- Name: client_authorised_grant_type_id_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX client_authorised_grant_type_id_idx ON public.client_authorised_grant_type USING btree (client_details_id, grant_type); + + +-- +-- Name: client_details_group_orcid_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX client_details_group_orcid_idx ON public.client_details USING btree (group_orcid); + + +-- +-- Name: client_details_id_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX client_details_id_idx ON public.client_details USING btree (client_details_id, client_secret); + + +-- +-- Name: client_granted_authority_client_details_id_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX client_granted_authority_client_details_id_idx ON public.client_granted_authority USING btree (client_details_id); + + +-- +-- Name: client_granted_authority_id_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX client_granted_authority_id_idx ON public.client_granted_authority USING btree (client_details_id, granted_authority); + + +-- +-- Name: client_redirect_uri_id_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX client_redirect_uri_id_idx ON public.client_redirect_uri USING btree (client_details_id, redirect_uri); + + +-- +-- Name: client_resource_id_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX client_resource_id_idx ON public.client_resource_id USING btree (client_details_id, resource_id); + + +-- +-- Name: client_scope_id_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX client_scope_id_idx ON public.client_scope USING btree (client_details_id, scope_type); + + +-- +-- Name: email_domain_domain_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX email_domain_domain_index ON public.email_domain USING btree (email_domain); + + +-- +-- Name: email_domain_ror_id_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX email_domain_ror_id_index ON public.email_domain USING btree (ror_id); + + +-- +-- Name: email_event_email_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX email_event_email_idx ON public.email_event USING btree (email); + + +-- +-- Name: email_frequency_orcid_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX email_frequency_orcid_index ON public.email_frequency USING btree (orcid); + + +-- +-- Name: event_client_id_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX event_client_id_index ON public.event USING btree (client_id); + + +-- +-- Name: event_date_created_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX event_date_created_idx ON public.event USING btree (date_created); + + +-- +-- Name: event_type_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX event_type_index ON public.event USING btree (event_type); + + +-- +-- Name: external_identifier_orcid_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX external_identifier_orcid_idx ON public.external_identifier USING btree (orcid); + + +-- +-- Name: given_permission_to_giver_orcid_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX given_permission_to_giver_orcid_idx ON public.given_permission_to USING btree (giver_orcid); + + +-- +-- Name: given_permission_to_receiver_orcid_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX given_permission_to_receiver_orcid_idx ON public.given_permission_to USING btree (receiver_orcid); + + +-- +-- Name: granted_authority_orcid_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX granted_authority_orcid_idx ON public.granted_authority USING btree (orcid); + + +-- +-- Name: group_id_lowercase_unique_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE UNIQUE INDEX group_id_lowercase_unique_idx ON public.group_id_record USING btree (lower(group_id)); + + +-- +-- Name: group_id_record_date_created_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX group_id_record_date_created_idx ON public.group_id_record USING btree (date_created); + + +-- +-- Name: group_id_record_group_type_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX group_id_record_group_type_idx ON public.group_id_record USING btree (group_type); + + +-- +-- Name: group_id_record_issn_loader_fail_count_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX group_id_record_issn_loader_fail_count_index ON public.group_id_record USING btree (issn_loader_fail_count); + + +-- +-- Name: group_id_record_sync_date_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX group_id_record_sync_date_index ON public.group_id_record USING btree (sync_date); + + +-- +-- Name: internal_sso_orcid_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX internal_sso_orcid_idx ON public.internal_sso USING btree (orcid); + + +-- +-- Name: invalid_record_data_changes_date_created_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX invalid_record_data_changes_date_created_index ON public.invalid_record_data_changes USING btree (date_created); + + +-- +-- Name: invalid_record_data_changes_seq_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX invalid_record_data_changes_seq_index ON public.invalid_record_data_changes USING btree (id); + + +-- +-- Name: lower_case_email_unique2; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE UNIQUE INDEX lower_case_email_unique2 ON public.email USING btree (lower(email)); + + +-- +-- Name: notification_archived_date_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX notification_archived_date_index ON public.notification USING btree (archived_date); + + +-- +-- Name: notification_authentication_provider_id; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX notification_authentication_provider_id ON public.notification USING btree (authentication_provider_id); + + +-- +-- Name: notification_client_source_id; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX notification_client_source_id ON public.notification USING btree (client_source_id); + + +-- +-- Name: notification_date_created_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX notification_date_created_index ON public.notification USING btree (date_created); + + +-- +-- Name: notification_item_notification_id_index_v2; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX notification_item_notification_id_index_v2 ON public.notification_item USING btree (notification_id); + + +-- +-- Name: notification_orcid_index_v2; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX notification_orcid_index_v2 ON public.notification USING btree (orcid); + + +-- +-- Name: notification_read_date_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX notification_read_date_index ON public.notification USING btree (read_date); + + +-- +-- Name: notification_sent_date_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX notification_sent_date_index ON public.notification USING btree (sent_date); + + +-- +-- Name: notification_type_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX notification_type_index ON public.notification USING btree (notification_type); + + +-- +-- Name: oauth2_token_detail_authorization_code_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX oauth2_token_detail_authorization_code_idx ON public.oauth2_token_detail USING btree (authorization_code); + + +-- +-- Name: oauth2_token_detail_last_modified_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX oauth2_token_detail_last_modified_idx ON public.oauth2_token_detail USING btree (last_modified); + + +-- +-- Name: oauth2_token_detail_obo_client_details_id_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX oauth2_token_detail_obo_client_details_id_index ON public.oauth2_token_detail USING btree (obo_client_details_id); + + +-- +-- Name: orcidoauth2authoriziationcodedetail_authoriziation_code_value_i; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX orcidoauth2authoriziationcodedetail_authoriziation_code_value_i ON public.orcidoauth2authoriziationcodedetail_authorities USING btree (orcidoauth2authoriziationcodedetail_authoriziation_code_value); + + +-- +-- Name: orcidoauth2authoriziationcodedetail_resourceids_code_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX orcidoauth2authoriziationcodedetail_resourceids_code_idx ON public.orcidoauth2authoriziationcodedetail_resourceids USING btree (orcidoauth2authoriziationcodedetail_authoriziation_code_value); + + +-- +-- Name: orcidoauth2authoriziationcodedetail_scopes_code_value_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX orcidoauth2authoriziationcodedetail_scopes_code_value_idx ON public.orcidoauth2authoriziationcodedetail_scopes USING btree (orcidoauth2authoriziationcodedetail_authoriziation_code_value); + + +-- +-- Name: org_affiliation_relation_orcid_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX org_affiliation_relation_orcid_idx ON public.org_affiliation_relation USING btree (orcid); + + +-- +-- Name: org_disambiguated_external_identifier_org_disambiguated_id_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX org_disambiguated_external_identifier_org_disambiguated_id_idx ON public.org_disambiguated_external_identifier USING btree (org_disambiguated_id); + + +-- +-- Name: org_disambiguated_source_id_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX org_disambiguated_source_id_idx ON public.org_disambiguated USING btree (source_id); + + +-- +-- Name: org_disambiguated_source_parent_id_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX org_disambiguated_source_parent_id_idx ON public.org_disambiguated USING btree (source_parent_id); + + +-- +-- Name: org_disambiguated_source_type_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX org_disambiguated_source_type_idx ON public.org_disambiguated USING btree (source_type); + + +-- +-- Name: other_name_orcid_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX other_name_orcid_index ON public.other_name USING btree (orcid); + + +-- +-- Name: peer_review_display_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX peer_review_display_index ON public.peer_review USING btree (display_index); + + +-- +-- Name: peer_review_orcid_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX peer_review_orcid_index ON public.peer_review USING btree (orcid); + + +-- +-- Name: primary_profile_institution_orcid_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX primary_profile_institution_orcid_idx ON public.affiliation USING btree (orcid); + + +-- +-- Name: profile_email_domain_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX profile_email_domain_index ON public.profile_email_domain USING btree (email_domain); + + +-- +-- Name: profile_email_domain_orcid_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX profile_email_domain_orcid_index ON public.profile_email_domain USING btree (orcid); + + +-- +-- Name: profile_funding_display_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX profile_funding_display_index ON public.profile_funding USING btree (display_index); + + +-- +-- Name: profile_funding_orcid_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX profile_funding_orcid_index ON public.profile_funding USING btree (orcid); + + +-- +-- Name: profile_funding_org_id_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX profile_funding_org_id_idx ON public.profile_funding USING btree (org_id); + + +-- +-- Name: profile_indexing_status_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX profile_indexing_status_idx ON public.profile USING btree (indexing_status); + + +-- +-- Name: profile_keyword_orcid_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX profile_keyword_orcid_idx ON public.profile_keyword USING btree (profile_orcid); + + +-- +-- Name: profile_orcid_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX profile_orcid_idx ON public.profile USING btree (orcid); + + +-- +-- Name: profile_orcid_type_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX profile_orcid_type_idx ON public.profile USING btree (orcid_type); + + +-- +-- Name: profile_subject_orcid_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX profile_subject_orcid_idx ON public.profile_subject USING btree (profile_orcid); + + +-- +-- Name: record_name_credit_name_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX record_name_credit_name_idx ON public.record_name USING btree (credit_name); + + +-- +-- Name: record_name_orcid_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX record_name_orcid_index ON public.record_name USING btree (orcid); + + +-- +-- Name: rejected_grouping_suggestion_orcid_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX rejected_grouping_suggestion_orcid_idx ON public.rejected_grouping_suggestion USING btree (orcid); + + +-- +-- Name: research_resource_item_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX research_resource_item_index ON public.research_resource_item USING btree (research_resource_id); + + +-- +-- Name: research_resource_orcid_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX research_resource_orcid_index ON public.research_resource USING btree (orcid); + + +-- +-- Name: researcher_url_orcid_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX researcher_url_orcid_idx ON public.researcher_url USING btree (orcid); + + +-- +-- Name: salesforce_connection_account_id_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX salesforce_connection_account_id_idx ON public.salesforce_connection USING btree (salesforce_account_id); + + +-- +-- Name: spam_orcid_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX spam_orcid_index ON public.spam USING btree (orcid); + + +-- +-- Name: statistic_values_key_id_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX statistic_values_key_id_idx ON public.statistic_values USING btree (key_id); + + +-- +-- Name: token_authentication_key_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX token_authentication_key_index ON public.oauth2_token_detail USING btree (authentication_key); + + +-- +-- Name: token_client_details_id_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX token_client_details_id_index ON public.oauth2_token_detail USING btree (client_details_id); + + +-- +-- Name: token_orcid_index; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX token_orcid_index ON public.oauth2_token_detail USING btree (user_orcid); + + +-- +-- Name: userconnectionrank; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX userconnectionrank ON public.userconnection USING btree (userid, providerid, rank); + + +-- +-- Name: work_doi_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX work_doi_idx ON public.work USING btree (public.extract_doi(external_ids_json)); + + +-- +-- Name: work_language_code_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX work_language_code_idx ON public.work USING btree (language_code); + + +-- +-- Name: work_orcid_display_index_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX work_orcid_display_index_idx ON public.work USING btree (orcid, display_index); + + +-- +-- Name: work_orcid_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX work_orcid_idx ON public.work USING btree (orcid); + + +-- +-- Name: work_translated_title_language_code_idx; Type: INDEX; Schema: public; Owner: orcid +-- + +CREATE INDEX work_translated_title_language_code_idx ON public.work USING btree (translated_title_language_code); + + +-- +-- Name: address address_client_source_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.address + ADD CONSTRAINT address_client_source_id_fk FOREIGN KEY (client_source_id) REFERENCES public.client_details(client_details_id); + + +-- +-- Name: address address_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.address + ADD CONSTRAINT address_orcid_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: address address_source_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.address + ADD CONSTRAINT address_source_id_fk FOREIGN KEY (source_id) REFERENCES public.profile(orcid); + + +-- +-- Name: biography biography_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.biography + ADD CONSTRAINT biography_orcid_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: client_authorised_grant_type client_details_authorised_grant_type_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.client_authorised_grant_type + ADD CONSTRAINT client_details_authorised_grant_type_fk FOREIGN KEY (client_details_id) REFERENCES public.client_details(client_details_id) ON DELETE CASCADE; + + +-- +-- Name: client_granted_authority client_details_client_granted_authority_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.client_granted_authority + ADD CONSTRAINT client_details_client_granted_authority_fk FOREIGN KEY (client_details_id) REFERENCES public.client_details(client_details_id) ON DELETE CASCADE; + + +-- +-- Name: client_details client_details_group_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.client_details + ADD CONSTRAINT client_details_group_orcid_fk FOREIGN KEY (group_orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: client_redirect_uri client_redirect_uri_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.client_redirect_uri + ADD CONSTRAINT client_redirect_uri_fk FOREIGN KEY (client_details_id) REFERENCES public.client_details(client_details_id) ON DELETE CASCADE; + + +-- +-- Name: client_resource_id client_resource_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.client_resource_id + ADD CONSTRAINT client_resource_id_fk FOREIGN KEY (client_details_id) REFERENCES public.client_details(client_details_id) ON DELETE CASCADE; + + +-- +-- Name: client_scope client_scope_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.client_scope + ADD CONSTRAINT client_scope_fk FOREIGN KEY (client_details_id) REFERENCES public.client_details(client_details_id) ON DELETE CASCADE; + + +-- +-- Name: client_secret client_secret_client_details_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.client_secret + ADD CONSTRAINT client_secret_client_details_id_fk FOREIGN KEY (client_details_id) REFERENCES public.client_details(client_details_id); + + +-- +-- Name: email email_client_source_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.email + ADD CONSTRAINT email_client_source_id_fk FOREIGN KEY (client_source_id) REFERENCES public.client_details(client_details_id); + + +-- +-- Name: email_frequency email_frequency_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.email_frequency + ADD CONSTRAINT email_frequency_orcid_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: email email_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.email + ADD CONSTRAINT email_orcid_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: email email_source_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.email + ADD CONSTRAINT email_source_orcid_fk FOREIGN KEY (source_id) REFERENCES public.profile(orcid); + + +-- +-- Name: external_identifier external_identifier_client_source_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.external_identifier + ADD CONSTRAINT external_identifier_client_source_id_fk FOREIGN KEY (client_source_id) REFERENCES public.client_details(client_details_id); + + +-- +-- Name: external_identifier external_identifier_source_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.external_identifier + ADD CONSTRAINT external_identifier_source_id_fk FOREIGN KEY (source_id) REFERENCES public.profile(orcid); + + +-- +-- Name: find_my_stuff_history find_my_stuff_history_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.find_my_stuff_history + ADD CONSTRAINT find_my_stuff_history_orcid_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: profile_subject fk1d5ccc962d6b1fe4; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile_subject + ADD CONSTRAINT fk1d5ccc962d6b1fe4 FOREIGN KEY (subjects_name) REFERENCES public.subject(name); + + +-- +-- Name: profile_subject fk1d5ccc9680ddc983; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile_subject + ADD CONSTRAINT fk1d5ccc9680ddc983 FOREIGN KEY (profile_orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: institution fk3529a5b8e84caef; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.institution + ADD CONSTRAINT fk3529a5b8e84caef FOREIGN KEY (address_id) REFERENCES public.address(id); + + +-- +-- Name: affiliation fk408de65b2007f99; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.affiliation + ADD CONSTRAINT fk408de65b2007f99 FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: affiliation fk408de65cf1a386f; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.affiliation + ADD CONSTRAINT fk408de65cf1a386f FOREIGN KEY (institution_id) REFERENCES public.institution(id); + + +-- +-- Name: profile_keyword fk5c27955380ddc983; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile_keyword + ADD CONSTRAINT fk5c27955380ddc983 FOREIGN KEY (profile_orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: external_identifier fk641fe19db2007f99; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.external_identifier + ADD CONSTRAINT fk641fe19db2007f99 FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: statistic_values fk9bb60ebf14b94af; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.statistic_values + ADD CONSTRAINT fk9bb60ebf14b94af FOREIGN KEY (key_id) REFERENCES public.statistic_key(id); + + +-- +-- Name: researcher_url fkd433c438b2007f99; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.researcher_url + ADD CONSTRAINT fkd433c438b2007f99 FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: profile fked8e89a9d6bc0bfe; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile + ADD CONSTRAINT fked8e89a9d6bc0bfe FOREIGN KEY (source_id) REFERENCES public.profile(orcid); + + +-- +-- Name: other_name fkf5209e5ab2007f99; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.other_name + ADD CONSTRAINT fkf5209e5ab2007f99 FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: funding_external_identifier funding_external_identifiers_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.funding_external_identifier + ADD CONSTRAINT funding_external_identifiers_fk FOREIGN KEY (profile_funding_id) REFERENCES public.profile_funding(id) ON DELETE CASCADE; + + +-- +-- Name: funding_subtype_to_index funding_subtype_to_index_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.funding_subtype_to_index + ADD CONSTRAINT funding_subtype_to_index_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: given_permission_to giver_orcid_to_profile_orcid; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.given_permission_to + ADD CONSTRAINT giver_orcid_to_profile_orcid FOREIGN KEY (giver_orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: identity_provider_name identity_provider_name_identity_provider_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.identity_provider_name + ADD CONSTRAINT identity_provider_name_identity_provider_id_fk FOREIGN KEY (identity_provider_id) REFERENCES public.identity_provider(id); + + +-- +-- Name: profile_keyword keyword_client_source_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile_keyword + ADD CONSTRAINT keyword_client_source_id_fk FOREIGN KEY (client_source_id) REFERENCES public.client_details(client_details_id); + + +-- +-- Name: profile_keyword keyword_source_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile_keyword + ADD CONSTRAINT keyword_source_id_fk FOREIGN KEY (source_id) REFERENCES public.profile(orcid); + + +-- +-- Name: custom_email member_custom_email_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.custom_email + ADD CONSTRAINT member_custom_email_fk FOREIGN KEY (client_details_id) REFERENCES public.client_details(client_details_id); + + +-- +-- Name: member_obo_whitelisted_client member_obo_client_details_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.member_obo_whitelisted_client + ADD CONSTRAINT member_obo_client_details_fk FOREIGN KEY (client_details_id) REFERENCES public.client_details(client_details_id); + + +-- +-- Name: member_obo_whitelisted_client member_obo_whitelisted_client_details_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.member_obo_whitelisted_client + ADD CONSTRAINT member_obo_whitelisted_client_details_fk FOREIGN KEY (whitelisted_client_details_id) REFERENCES public.client_details(client_details_id); + + +-- +-- Name: notification_item notification_activity_notification_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.notification_item + ADD CONSTRAINT notification_activity_notification_fk FOREIGN KEY (notification_id) REFERENCES public.notification(id); + + +-- +-- Name: notification notification_client_source_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.notification + ADD CONSTRAINT notification_client_source_id_fk FOREIGN KEY (client_source_id) REFERENCES public.client_details(client_details_id); + + +-- +-- Name: notification notification_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.notification + ADD CONSTRAINT notification_orcid_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: notification notification_source_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.notification + ADD CONSTRAINT notification_source_id_fk FOREIGN KEY (source_id) REFERENCES public.profile(orcid); + + +-- +-- Name: notification_work notification_work; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.notification_work + ADD CONSTRAINT notification_work FOREIGN KEY (work_id) REFERENCES public.work(work_id); + + +-- +-- Name: notification_work notification_work_notification_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.notification_work + ADD CONSTRAINT notification_work_notification_id_fk FOREIGN KEY (notification_id) REFERENCES public.notification(id); + + +-- +-- Name: oauth2_authoriziation_code_detail oauth2_authoriziation_code_detail_client_details_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.oauth2_authoriziation_code_detail + ADD CONSTRAINT oauth2_authoriziation_code_detail_client_details_fk FOREIGN KEY (client_details_id) REFERENCES public.client_details(client_details_id) ON DELETE CASCADE; + + +-- +-- Name: oauth2_authoriziation_code_detail oauth2_authoriziation_code_detail_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.oauth2_authoriziation_code_detail + ADD CONSTRAINT oauth2_authoriziation_code_detail_orcid_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid) ON DELETE CASCADE; + + +-- +-- Name: oauth2_token_detail oauth2_token_detail_client_details_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.oauth2_token_detail + ADD CONSTRAINT oauth2_token_detail_client_details_fk FOREIGN KEY (client_details_id) REFERENCES public.client_details(client_details_id); + + +-- +-- Name: oauth2_token_detail oauth2_token_detail_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.oauth2_token_detail + ADD CONSTRAINT oauth2_token_detail_orcid_fk FOREIGN KEY (user_orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: orcidoauth2authoriziationcodedetail_authorities oauth2authoriziationcodedetail_authorities_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.orcidoauth2authoriziationcodedetail_authorities + ADD CONSTRAINT oauth2authoriziationcodedetail_authorities_fk FOREIGN KEY (orcidoauth2authoriziationcodedetail_authoriziation_code_value) REFERENCES public.oauth2_authoriziation_code_detail(authoriziation_code_value) ON DELETE CASCADE; + + +-- +-- Name: orcidoauth2authoriziationcodedetail_resourceids oauth2authoriziationcodedetail_resourceids_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.orcidoauth2authoriziationcodedetail_resourceids + ADD CONSTRAINT oauth2authoriziationcodedetail_resourceids_fk FOREIGN KEY (orcidoauth2authoriziationcodedetail_authoriziation_code_value) REFERENCES public.oauth2_authoriziation_code_detail(authoriziation_code_value) ON DELETE CASCADE; + + +-- +-- Name: orcidoauth2authoriziationcodedetail_scopes oauth2authoriziationcodedetail_scopes_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.orcidoauth2authoriziationcodedetail_scopes + ADD CONSTRAINT oauth2authoriziationcodedetail_scopes_fk FOREIGN KEY (orcidoauth2authoriziationcodedetail_authoriziation_code_value) REFERENCES public.oauth2_authoriziation_code_detail(authoriziation_code_value) ON DELETE CASCADE; + + +-- +-- Name: oauth2_token_detail obo_client_details_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.oauth2_token_detail + ADD CONSTRAINT obo_client_details_id_fk FOREIGN KEY (obo_client_details_id) REFERENCES public.client_details(client_details_id); + + +-- +-- Name: orcid_social orcid_social_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.orcid_social + ADD CONSTRAINT orcid_social_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: org_affiliation_relation org_affiliation_relation_client_source_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.org_affiliation_relation + ADD CONSTRAINT org_affiliation_relation_client_source_id_fk FOREIGN KEY (client_source_id) REFERENCES public.client_details(client_details_id); + + +-- +-- Name: org_affiliation_relation org_affiliation_relation_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.org_affiliation_relation + ADD CONSTRAINT org_affiliation_relation_orcid_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: org_affiliation_relation org_affiliation_relation_org_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.org_affiliation_relation + ADD CONSTRAINT org_affiliation_relation_org_id_fk FOREIGN KEY (org_id) REFERENCES public.org(id); + + +-- +-- Name: org org_client_source_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.org + ADD CONSTRAINT org_client_source_id_fk FOREIGN KEY (client_source_id) REFERENCES public.client_details(client_details_id); + + +-- +-- Name: org_disambiguated_external_identifier org_disambiguated_external_identifier_org_disambiguated_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.org_disambiguated_external_identifier + ADD CONSTRAINT org_disambiguated_external_identifier_org_disambiguated_fk FOREIGN KEY (org_disambiguated_id) REFERENCES public.org_disambiguated(id); + + +-- +-- Name: org org_org_disambiguated_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.org + ADD CONSTRAINT org_org_disambiguated_fk FOREIGN KEY (org_disambiguated_id) REFERENCES public.org_disambiguated(id); + + +-- +-- Name: other_name other_name_client_source_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.other_name + ADD CONSTRAINT other_name_client_source_id_fk FOREIGN KEY (client_source_id) REFERENCES public.client_details(client_details_id); + + +-- +-- Name: other_name other_name_source_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.other_name + ADD CONSTRAINT other_name_source_id_fk FOREIGN KEY (source_id) REFERENCES public.profile(orcid); + + +-- +-- Name: patent_contributor patent_contributor_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.patent_contributor + ADD CONSTRAINT patent_contributor_orcid_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: patent_contributor patent_contributor_patent_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.patent_contributor + ADD CONSTRAINT patent_contributor_patent_fk FOREIGN KEY (patent_id) REFERENCES public.patent(patent_id); + + +-- +-- Name: patent_source patent_source_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.patent_source + ADD CONSTRAINT patent_source_orcid_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: patent_source patent_source_patent_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.patent_source + ADD CONSTRAINT patent_source_patent_fk FOREIGN KEY (patent_id) REFERENCES public.patent(patent_id); + + +-- +-- Name: patent_source patent_source_source_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.patent_source + ADD CONSTRAINT patent_source_source_orcid_fk FOREIGN KEY (source_orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: peer_review peer_review_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.peer_review + ADD CONSTRAINT peer_review_orcid_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: peer_review peer_review_org_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.peer_review + ADD CONSTRAINT peer_review_org_id_fk FOREIGN KEY (org_id) REFERENCES public.org(id); + + +-- +-- Name: profile profile_client_source_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile + ADD CONSTRAINT profile_client_source_id_fk FOREIGN KEY (client_source_id) REFERENCES public.client_details(client_details_id); + + +-- +-- Name: profile profile_deprecating_admin_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile + ADD CONSTRAINT profile_deprecating_admin_fk FOREIGN KEY (deprecating_admin) REFERENCES public.profile(orcid); + + +-- +-- Name: profile_email_domain profile_email_domain_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile_email_domain + ADD CONSTRAINT profile_email_domain_orcid_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: profile_event profile_event_orcid; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile_event + ADD CONSTRAINT profile_event_orcid FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: profile_funding profile_funding_client_source_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile_funding + ADD CONSTRAINT profile_funding_client_source_id_fk FOREIGN KEY (client_source_id) REFERENCES public.client_details(client_details_id); + + +-- +-- Name: profile_funding profile_funding_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile_funding + ADD CONSTRAINT profile_funding_orcid_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: profile_funding profile_funding_org_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile_funding + ADD CONSTRAINT profile_funding_org_id_fk FOREIGN KEY (org_id) REFERENCES public.org(id); + + +-- +-- Name: profile_patent profile_patent_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile_patent + ADD CONSTRAINT profile_patent_orcid_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: profile_patent profile_patent_patent_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.profile_patent + ADD CONSTRAINT profile_patent_patent_fk FOREIGN KEY (patent_id) REFERENCES public.patent(patent_id); + + +-- +-- Name: given_permission_to receiver_orcid_to_profile_orcid; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.given_permission_to + ADD CONSTRAINT receiver_orcid_to_profile_orcid FOREIGN KEY (receiver_orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: record_name record_name_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.record_name + ADD CONSTRAINT record_name_orcid_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: research_resource_item research_resource_item_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.research_resource_item + ADD CONSTRAINT research_resource_item_fk FOREIGN KEY (research_resource_id) REFERENCES public.research_resource(id); + + +-- +-- Name: research_resource_item_org research_resource_item_org_fk1; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.research_resource_item_org + ADD CONSTRAINT research_resource_item_org_fk1 FOREIGN KEY (research_resource_item_id) REFERENCES public.research_resource_item(id); + + +-- +-- Name: research_resource_item_org research_resource_item_org_fk2; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.research_resource_item_org + ADD CONSTRAINT research_resource_item_org_fk2 FOREIGN KEY (org_id) REFERENCES public.org(id); + + +-- +-- Name: research_resource research_resource_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.research_resource + ADD CONSTRAINT research_resource_orcid_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: research_resource_org research_resource_org_fk1; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.research_resource_org + ADD CONSTRAINT research_resource_org_fk1 FOREIGN KEY (research_resource_id) REFERENCES public.research_resource(id); + + +-- +-- Name: research_resource_org research_resource_org_fk2; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.research_resource_org + ADD CONSTRAINT research_resource_org_fk2 FOREIGN KEY (org_id) REFERENCES public.org(id); + + +-- +-- Name: researcher_url researcher_url_client_source_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.researcher_url + ADD CONSTRAINT researcher_url_client_source_id_fk FOREIGN KEY (client_source_id) REFERENCES public.client_details(client_details_id); + + +-- +-- Name: researcher_url researcher_url_source_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.researcher_url + ADD CONSTRAINT researcher_url_source_id_fk FOREIGN KEY (source_id) REFERENCES public.profile(orcid); + + +-- +-- Name: shibboleth_account shibboleth_account_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.shibboleth_account + ADD CONSTRAINT shibboleth_account_orcid_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: spam spam_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.spam + ADD CONSTRAINT spam_orcid_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: webhook webhook_client_details_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.webhook + ADD CONSTRAINT webhook_client_details_fk FOREIGN KEY (client_details_id) REFERENCES public.client_details(client_details_id); + + +-- +-- Name: webhook webhook_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.webhook + ADD CONSTRAINT webhook_orcid_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: work work_client_source_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.work + ADD CONSTRAINT work_client_source_id_fk FOREIGN KEY (client_source_id) REFERENCES public.client_details(client_details_id); + + +-- +-- Name: work work_orcid_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.work + ADD CONSTRAINT work_orcid_fk FOREIGN KEY (orcid) REFERENCES public.profile(orcid); + + +-- +-- Name: work work_source_id_fk; Type: FK CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.work + ADD CONSTRAINT work_source_id_fk FOREIGN KEY (source_id) REFERENCES public.profile(orcid); + + +-- +-- Name: SCHEMA public; Type: ACL; Schema: -; Owner: postgres +-- + +REVOKE USAGE ON SCHEMA public FROM PUBLIC; +GRANT ALL ON SCHEMA public TO PUBLIC; + + +-- +-- Name: TABLE address; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.address TO orcidro; + + +-- +-- Name: TABLE affiliation; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.affiliation TO orcidro; + + +-- +-- Name: TABLE org; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.org TO orcidro; + + +-- +-- Name: TABLE org_affiliation_relation; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.org_affiliation_relation TO orcidro; + + +-- +-- Name: TABLE ambiguous_org; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.ambiguous_org TO orcidro; + + +-- +-- Name: TABLE backup_code; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.backup_code TO orcidro; + + +-- +-- Name: TABLE biography; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.biography TO orcidro; + + +-- +-- Name: TABLE client_authorised_grant_type; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.client_authorised_grant_type TO orcidro; + + +-- +-- Name: TABLE client_details; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.client_details TO orcidro; + + +-- +-- Name: TABLE client_granted_authority; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.client_granted_authority TO orcidro; + + +-- +-- Name: TABLE client_redirect_uri; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.client_redirect_uri TO orcidro; + + +-- +-- Name: TABLE client_resource_id; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.client_resource_id TO orcidro; + + +-- +-- Name: TABLE client_scope; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.client_scope TO orcidro; + + +-- +-- Name: TABLE client_secret; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.client_secret TO orcidro; + + +-- +-- Name: TABLE country_reference_data; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.country_reference_data TO orcidro; + + +-- +-- Name: TABLE custom_email; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.custom_email TO orcidro; + + +-- +-- Name: TABLE databasechangelog; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.databasechangelog TO orcidro; + + +-- +-- Name: TABLE databasechangeloglock; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.databasechangeloglock TO orcidro; + + +-- +-- Name: TABLE dw_active_users; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT,INSERT,DELETE,UPDATE ON TABLE public.dw_active_users TO dw_user; +GRANT SELECT ON TABLE public.dw_active_users TO orcidro; + + +-- +-- Name: TABLE dw_address; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_address TO dw_user; +GRANT SELECT ON TABLE public.dw_address TO orcidro; + + +-- +-- Name: TABLE dw_biography; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_biography TO dw_user; +GRANT SELECT ON TABLE public.dw_biography TO orcidro; + + +-- +-- Name: TABLE dw_client_details; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_client_details TO dw_user; +GRANT SELECT ON TABLE public.dw_client_details TO orcidro; + + +-- +-- Name: TABLE dw_client_redirect_uri; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_client_redirect_uri TO dw_user; +GRANT SELECT ON TABLE public.dw_client_redirect_uri TO orcidro; + + +-- +-- Name: TABLE email; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.email TO orcidro; + + +-- +-- Name: TABLE dw_email; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_email TO dw_user; +GRANT SELECT ON TABLE public.dw_email TO orcidro; + + +-- +-- Name: TABLE event_stats; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.event_stats TO orcidro; + + +-- +-- Name: TABLE dw_event_stats; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_event_stats TO dw_user; +GRANT SELECT ON TABLE public.dw_event_stats TO orcidro; + + +-- +-- Name: TABLE external_identifier; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.external_identifier TO orcidro; + + +-- +-- Name: TABLE dw_external_identifier; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_external_identifier TO dw_user; +GRANT SELECT ON TABLE public.dw_external_identifier TO orcidro; + + +-- +-- Name: TABLE given_permission_to; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.given_permission_to TO orcidro; + + +-- +-- Name: TABLE dw_given_permission_to; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_given_permission_to TO dw_user; +GRANT SELECT ON TABLE public.dw_given_permission_to TO orcidro; + + +-- +-- Name: TABLE group_id_record; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.group_id_record TO orcidro; + + +-- +-- Name: TABLE dw_group_id_record; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_group_id_record TO dw_user; +GRANT SELECT ON TABLE public.dw_group_id_record TO orcidro; + + +-- +-- Name: TABLE identifier_type; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.identifier_type TO orcidro; + + +-- +-- Name: TABLE dw_identifier_type; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_identifier_type TO dw_user; +GRANT SELECT ON TABLE public.dw_identifier_type TO orcidro; + + +-- +-- Name: TABLE identity_provider; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.identity_provider TO orcidro; + + +-- +-- Name: TABLE dw_identity_provider; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_identity_provider TO dw_user; +GRANT SELECT ON TABLE public.dw_identity_provider TO orcidro; + + +-- +-- Name: TABLE notification; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.notification TO orcidro; + + +-- +-- Name: TABLE dw_notification; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_notification TO dw_user; +GRANT SELECT ON TABLE public.dw_notification TO orcidro; + + +-- +-- Name: TABLE oauth2_token_detail; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.oauth2_token_detail TO orcidro; + + +-- +-- Name: TABLE dw_oauth2_token_detail; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_oauth2_token_detail TO dw_user; +GRANT SELECT ON TABLE public.dw_oauth2_token_detail TO orcidro; + + +-- +-- Name: TABLE dw_org; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_org TO dw_user; +GRANT SELECT ON TABLE public.dw_org TO orcidro; + + +-- +-- Name: TABLE dw_org_affiliation_relation; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_org_affiliation_relation TO dw_user; +GRANT SELECT ON TABLE public.dw_org_affiliation_relation TO orcidro; + + +-- +-- Name: TABLE org_disambiguated; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.org_disambiguated TO orcidro; + + +-- +-- Name: TABLE dw_org_disambiguated; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_org_disambiguated TO dw_user; +GRANT SELECT ON TABLE public.dw_org_disambiguated TO orcidro; + + +-- +-- Name: TABLE org_disambiguated_external_identifier; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.org_disambiguated_external_identifier TO orcidro; + + +-- +-- Name: TABLE dw_org_disambiguated_external_identifier; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_org_disambiguated_external_identifier TO dw_user; +GRANT SELECT ON TABLE public.dw_org_disambiguated_external_identifier TO orcidro; + + +-- +-- Name: TABLE other_name; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.other_name TO orcidro; + + +-- +-- Name: TABLE dw_other_name; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_other_name TO dw_user; +GRANT SELECT ON TABLE public.dw_other_name TO orcidro; + + +-- +-- Name: TABLE dw_papi_event_stats; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_papi_event_stats TO dw_user; +GRANT SELECT ON TABLE public.dw_papi_event_stats TO orcidro; + + +-- +-- Name: TABLE peer_review; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.peer_review TO orcidro; + + +-- +-- Name: TABLE dw_peer_review; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_peer_review TO dw_user; +GRANT SELECT ON TABLE public.dw_peer_review TO orcidro; + + +-- +-- Name: TABLE profile; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.profile TO orcidro; +GRANT SELECT ON TABLE public.profile TO dw_user; + + +-- +-- Name: TABLE dw_profile; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_profile TO dw_user; +GRANT SELECT ON TABLE public.dw_profile TO orcidro; + + +-- +-- Name: TABLE profile_email_domain; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.profile_email_domain TO orcidro; + + +-- +-- Name: TABLE dw_profile_email_domain; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_profile_email_domain TO dw_user; +GRANT SELECT ON TABLE public.dw_profile_email_domain TO orcidro; + + +-- +-- Name: TABLE profile_funding; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.profile_funding TO orcidro; + + +-- +-- Name: TABLE dw_profile_funding; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_profile_funding TO dw_user; +GRANT SELECT ON TABLE public.dw_profile_funding TO orcidro; + + +-- +-- Name: TABLE profile_history_event; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.profile_history_event TO orcidro; + + +-- +-- Name: TABLE dw_profile_history_event; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_profile_history_event TO dw_user; +GRANT SELECT ON TABLE public.dw_profile_history_event TO orcidro; + + +-- +-- Name: TABLE profile_keyword; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.profile_keyword TO orcidro; + + +-- +-- Name: TABLE dw_profile_keyword; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_profile_keyword TO dw_user; +GRANT SELECT ON TABLE public.dw_profile_keyword TO orcidro; + + +-- +-- Name: TABLE record_name; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.record_name TO orcidro; + + +-- +-- Name: TABLE dw_record_name; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_record_name TO dw_user; +GRANT SELECT ON TABLE public.dw_record_name TO orcidro; + + +-- +-- Name: TABLE research_resource; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.research_resource TO orcidro; + + +-- +-- Name: TABLE dw_research_resource; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_research_resource TO dw_user; +GRANT SELECT ON TABLE public.dw_research_resource TO orcidro; + + +-- +-- Name: TABLE research_resource_item; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.research_resource_item TO orcidro; + + +-- +-- Name: TABLE dw_research_resource_item; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_research_resource_item TO dw_user; +GRANT SELECT ON TABLE public.dw_research_resource_item TO orcidro; + + +-- +-- Name: TABLE research_resource_item_org; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.research_resource_item_org TO orcidro; + + +-- +-- Name: TABLE dw_research_resource_item_org; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_research_resource_item_org TO dw_user; +GRANT SELECT ON TABLE public.dw_research_resource_item_org TO orcidro; + + +-- +-- Name: TABLE research_resource_org; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.research_resource_org TO orcidro; + + +-- +-- Name: TABLE dw_research_resource_org; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_research_resource_org TO dw_user; +GRANT SELECT ON TABLE public.dw_research_resource_org TO orcidro; + + +-- +-- Name: TABLE researcher_url; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.researcher_url TO orcidro; + + +-- +-- Name: TABLE dw_researcher_url; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_researcher_url TO dw_user; +GRANT SELECT ON TABLE public.dw_researcher_url TO orcidro; + + +-- +-- Name: TABLE userconnection; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.userconnection TO orcidro; + + +-- +-- Name: TABLE dw_userconnection; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_userconnection TO dw_user; +GRANT SELECT ON TABLE public.dw_userconnection TO orcidro; + + +-- +-- Name: TABLE validated_public_profile; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.validated_public_profile TO orcidro; + + +-- +-- Name: TABLE dw_validated_public_profile; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_validated_public_profile TO dw_user; +GRANT SELECT ON TABLE public.dw_validated_public_profile TO orcidro; + + +-- +-- Name: TABLE work; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.work TO orcidro; +GRANT SELECT ON TABLE public.work TO dw_user; + + +-- +-- Name: TABLE dw_work; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_work TO dw_user; +GRANT SELECT ON TABLE public.dw_work TO orcidro; + + +-- +-- Name: TABLE dw_work_external_id; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.dw_work_external_id TO dw_user; +GRANT SELECT ON TABLE public.dw_work_external_id TO orcidro; + + +-- +-- Name: TABLE email_domain; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.email_domain TO orcidro; + + +-- +-- Name: TABLE email_event; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.email_event TO orcidro; + + +-- +-- Name: TABLE email_frequency; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.email_frequency TO orcidro; + + +-- +-- Name: TABLE email_schedule; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.email_schedule TO orcidro; + + +-- +-- Name: TABLE event; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.event TO orcidro; + + +-- +-- Name: TABLE find_my_stuff_history; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.find_my_stuff_history TO orcidro; + + +-- +-- Name: TABLE funding_external_identifier; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.funding_external_identifier TO orcidro; + + +-- +-- Name: TABLE funding_subtype_to_index; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.funding_subtype_to_index TO orcidro; + + +-- +-- Name: TABLE granted_authority; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.granted_authority TO orcidro; + + +-- +-- Name: TABLE identity_provider_name; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.identity_provider_name TO orcidro; + + +-- +-- Name: TABLE institution; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.institution TO orcidro; + + +-- +-- Name: TABLE internal_sso; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.internal_sso TO orcidro; + + +-- +-- Name: TABLE invalid_issn_group_id_record; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.invalid_issn_group_id_record TO orcidro; + + +-- +-- Name: TABLE invalid_record_data_changes; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.invalid_record_data_changes TO orcidro; + + +-- +-- Name: TABLE member_chosen_org_disambiguated; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.member_chosen_org_disambiguated TO orcidro; + + +-- +-- Name: TABLE member_obo_whitelisted_client; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.member_obo_whitelisted_client TO orcidro; + + +-- +-- Name: TABLE notification_item; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.notification_item TO orcidro; + + +-- +-- Name: TABLE notification_work; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.notification_work TO orcidro; + + +-- +-- Name: TABLE oauth2_authoriziation_code_detail; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.oauth2_authoriziation_code_detail TO orcidro; + + +-- +-- Name: TABLE orcid_props; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.orcid_props TO orcidro; + + +-- +-- Name: TABLE orcid_social; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.orcid_social TO orcidro; + + +-- +-- Name: TABLE orcidoauth2authoriziationcodedetail_authorities; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.orcidoauth2authoriziationcodedetail_authorities TO orcidro; + + +-- +-- Name: TABLE orcidoauth2authoriziationcodedetail_resourceids; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.orcidoauth2authoriziationcodedetail_resourceids TO orcidro; + + +-- +-- Name: TABLE orcidoauth2authoriziationcodedetail_scopes; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.orcidoauth2authoriziationcodedetail_scopes TO orcidro; + + +-- +-- Name: TABLE org_import_log; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.org_import_log TO orcidro; + + +-- +-- Name: TABLE patent; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.patent TO orcidro; +GRANT SELECT,INSERT,DELETE,UPDATE ON TABLE public.patent TO dw_user; + + +-- +-- Name: TABLE patent_contributor; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.patent_contributor TO orcidro; + + +-- +-- Name: TABLE patent_source; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.patent_source TO orcidro; + + +-- +-- Name: TABLE peer_review_subject; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.peer_review_subject TO orcidro; + + +-- +-- Name: TABLE profile_event; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.profile_event TO orcidro; + + +-- +-- Name: TABLE profile_patent; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.profile_patent TO orcidro; + + +-- +-- Name: TABLE profile_subject; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.profile_subject TO orcidro; + + +-- +-- Name: TABLE reference_data; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.reference_data TO orcidro; + + +-- +-- Name: TABLE rejected_grouping_suggestion; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.rejected_grouping_suggestion TO orcidro; + + +-- +-- Name: TABLE salesforce_connection; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.salesforce_connection TO orcidro; + + +-- +-- Name: TABLE shibboleth_account; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.shibboleth_account TO orcidro; + + +-- +-- Name: TABLE spam; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.spam TO orcidro; + + +-- +-- Name: TABLE statistic_key; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.statistic_key TO orcidro; + + +-- +-- Name: TABLE statistic_values; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.statistic_values TO orcidro; + + +-- +-- Name: TABLE subject; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.subject TO orcidro; + + +-- +-- Name: TABLE webhook; Type: ACL; Schema: public; Owner: orcid +-- + +GRANT SELECT ON TABLE public.webhook TO orcidro; + + +-- +-- PostgreSQL database dump complete +-- + diff --git a/docker-entrypoint-initdb.d/5-orcid-extension.sql b/docker-entrypoint-initdb.d/5-orcid-extension.sql new file mode 100644 index 00000000000..3179badfdcb --- /dev/null +++ b/docker-entrypoint-initdb.d/5-orcid-extension.sql @@ -0,0 +1,15 @@ +-- +-- Name: uuid-ossp; Type: EXTENSION; Schema: -; Owner: - +-- + +\c orcid + +CREATE EXTENSION IF NOT EXISTS "uuid-ossp" WITH SCHEMA public; + + +-- +-- Name: EXTENSION "uuid-ossp"; Type: COMMENT; Schema: -; Owner: +-- + +COMMENT ON EXTENSION "uuid-ossp" IS 'generate universally unique identifiers (UUIDs)'; + diff --git a/docker-entrypoint-initdb.d/6-features.sql b/docker-entrypoint-initdb.d/6-features.sql new file mode 100644 index 00000000000..758c03ba29d --- /dev/null +++ b/docker-entrypoint-initdb.d/6-features.sql @@ -0,0 +1,196 @@ +-- +-- PostgreSQL database dump +-- + +-- Dumped from database version 13.10 (Ubuntu 13.10-1.pgdg20.04+1) +-- Dumped by pg_dump version 15.2 (Ubuntu 15.2-1.pgdg20.04+1) + +\c features + +SET statement_timeout = 0; +SET lock_timeout = 0; +SET idle_in_transaction_session_timeout = 0; +SET client_encoding = 'UTF8'; +SET standard_conforming_strings = on; +SELECT pg_catalog.set_config('search_path', '', false); +SET check_function_bodies = false; +SET xmloption = content; +SET client_min_messages = warning; +SET row_security = off; + +-- +-- Name: public; Type: SCHEMA; Schema: -; Owner: postgres +-- + +-- *not* creating schema, since initdb creates it + + +ALTER SCHEMA public OWNER TO postgres; + +-- +-- Name: uuid-ossp; Type: EXTENSION; Schema: -; Owner: - +-- + +CREATE EXTENSION IF NOT EXISTS "uuid-ossp" WITH SCHEMA public; + + +-- +-- Name: EXTENSION "uuid-ossp"; Type: COMMENT; Schema: -; Owner: +-- + +COMMENT ON EXTENSION "uuid-ossp" IS 'generate universally unique identifiers (UUIDs)'; + + +SET default_tablespace = ''; + +SET default_table_access_method = heap; + +-- +-- Name: togglz; Type: TABLE; Schema: public; Owner: orcid +-- + +CREATE TABLE public.togglz ( + feature_name character varying(100) NOT NULL, + feature_enabled integer, + strategy_id character varying(200), + strategy_params character varying(2000) +); + + +ALTER TABLE public.togglz OWNER TO orcid; + +-- +-- Data for Name: togglz; Type: TABLE DATA; Schema: public; Owner: orcid +-- + +COPY public.togglz (feature_name, feature_enabled, strategy_id, strategy_params) FROM stdin; +AFFILIATION_ORG_ID 1 \N \N +AFFILIATION_SEARCH 1 \N \N +COOKIE_BANNER 1 \N \N +GDPR_UI 1 \N \N +HTTPS_IDS 1 \N \N +REG_MULTI_EMAIL 1 \N \N +REVOKE_TOKEN_ON_CODE_REUSE 1 \N \N +TWO_FACTOR_AUTHENTICATION 1 \N \N +SELF_SERVICE_ORG_IDS 1 \N \N +PUB_API_2_0_BY_DEFAULT 1 \N \N +DISABLE_1_2_ON_PUB_API 1 \N \N +GET_MY_DATA 1 \N \N +DISABLE_1_1 1 \N \N +MANUAL_WORK_GROUPING 1 \N \N +GROUPING_SUGGESTIONS 1 \N \N +WORKS_FAILURE_DEBUG 1 \N \N +BADGES 1 \N \N +RESEARCH_RESOURCE 1 \N \N +RESET_PASSWORD_EMAIL 1 \N \N +MEMBER_API_2_0_BY_DEFAULT 1 \N \N +GDPR_EMAIL_NOTIFICATIONS 1 \N \N +GDPR_DEACTIVATE 1 \N \N +ANGULAR2_QA 0 \N \N +DISPLAY_NEW_AFFILIATION_TYPES 1 \N \N +SUPPORT_MIGRATION 1 \N \N +DIALOG_PRIVACY_OPTION 1 \N \N +EX_ID_RESOLVER 1 \N \N +LAST_MOD 1 \N \N +OPENID_SIMPLE_SUBJECT 1 \N \N +RE_LOGGIN_ALERT 1 \N \N +LANG_AR 1 \N \N +VERBOSE_NOTIFICATIONS 1 \N \N +DISABLE_1_2_ON_MEMBER_API 1 \N \N +ADD_WORKS_WITH_EXTERNAL_ID 1 \N \N +SEARCH_RESULTS_AFFILIATIONS 1 \N \N +ORCID_ANGULAR_APP_CUES 1 \N \N +NEW_INFO_SITE 1 \N \N +SALESFORCE_MICROSERVICE 1 \N \N +ORCID_ANGULAR_INBOX 1 \N \N +GROUP_AFFILIATIONS 0 \N \N +HIDE_UNVERIFIED_EMAILS 1 \N \N +ORCID_ANGULAR_MY_ORCID 0 \N \N +TWO_FA_DEACTIVATE_EMAIL 1 \N \N +UPGRADE_PUBLIC_CLIENT 1 \N \N +V2_DISABLE_RELEASE_CANDIDATES 1 \N \N +ENABLE_NEW_NOTIFICATIONS 1 \N \N +ORCID_ANGULAR_WORKS_CONTRIBUTORS 1 \N \N +WORKS_PAGINATION 1 \N \N +READ_BULK_WORKS_DIRECTLY_FROM_DB 0 \N \N +ID_TOKEN_24_HOURS_LIFESPAN 1 \N \N +V3_DISABLE_RELEASE_CANDIDATES 1 \N \N +SF_ENABLE_OPP_ORG_RECORD_TYPES 1 \N \N +ORCID_ANGULAR_SEARCH 1 \N \N +USER_OBO 1 \N \N +ENABLE_NEW_IDS 1 \N \N +ENABLE_DE_PL_TR 0 \N \N +RESTRICTED_DELEGATORS 1 \N \N +ACCOUNT_LOCKOUT_SIMULATION 0 \N \N +STOP_SENDING_NOTIFICATION_WORK_NOT_UPDATED 1 \N \N +ALLOW_DELETE_WITH_REVOKED_TOKENS 1 \N \N +PUB_API_DEFAULT_TO_V3 1 \N \N +MEMBER_API_DEFAULT_TO_V3 1 \N \N +ENABLE_ACCOUNT_LOCKOUT 1 \N \N +DELETE_EVENTS 1 \N \N +ENABLE_USER_MENU 1 \N \N +ENABLE_HEADER2 1 \N \N +EMAIL_STATUS_DROPDOWN_OPTION 0 \N \N +ORCID_ANGULAR_CURRENT_EMPLOYMENT_AFFILIATIONS_WORK_CONTRIBUTORS 0 \N \N +WIDE_GRID 1 \N \N +NEW_BADGES 1 \N \N +NEW_FOOTER 1 \N \N +SEND_ALL_VERIFICATION_EMAILS 1 \N \N +ENABLE_PROMOTION_OF_CHOSEN_ORGS 0 \N \N +PROFESSIONAL_ACTIVITIES 1 \N \N +REGISTRATION_2_0 1 \N \N +SPAM_BUTTON 0 \N \N +NEW_DEVELOPER_TOOLS 1 \N \N +REDIRECT_PUT_TOKEN_ENDPOINT 1 \N \N +SEND_ADD_WORKS_EMAILS 1 \N \N +SOURCE_SORTING 1 \N \N +REGISTRATION_2_1 1 \N \N +ADD_OTHER_WORK_CONTRIBUTORS 1 \N \N +ORG_SEARCH_SORT_BY_POPULARITY 1 \N \N +CRAZY_EGG 1 \N \N +ORCID_ANGULAR_SIGNIN 1 \N \N +HOTJAR 0 \N \N +STORE_TOP_CONTRIBUTORS 1 \N \N +PAPI_EVENTS 1 \N \N +ORCID_ANGULAR_HELP_HERO 1 \N \N +DISABLE_MATCHING_SUBDOMAINS 1 \N \N +ADD_OTHER_WORK_CONTRIBUTORS_WITH_BIBTEX 1 \N \N +ORCID_ANGULAR_LAZY_LOAD_PEER_REVIEWS 1 \N \N +ORCID_ANGULAR_ACCOUNT_SETTINGS 1 \N \N +EVENTS 1 \N \N +MOVE_CLIENT 1 \N \N +NEW_RECORD_HEADER 1 \N \N +ADD_OTHER_WORK_CONTRIBUTORS_WITH_DOI_PUBMED 1 \N \N +WORDPRESS_HOME_PAGE 1 \N \N +EMAIL_DOMAINS 1 \N \N +SIGN_IN_UPDATES_V1 1 \N \N +NEW_RELIC_BROWSER_MONITORING 1 \N \N +MAPI_SUMMARY_ENDPOINT 1 \N \N +NEW_RECORD_HEADER_WITH_SUMMARY 1 \N \N +EMAIL_DOMAINS_UI 1 \N \N +LOGIN_DOMAINS_INTERSTITIAL 0 \N \N +ENABLE_PAPI_RATE_LIMITING 1 \N \N +OAUTH_DOMAINS_INTERSTITIAL 0 \N \N +\. + + +-- +-- Name: togglz togglz_pkey; Type: CONSTRAINT; Schema: public; Owner: orcid +-- + +ALTER TABLE ONLY public.togglz + ADD CONSTRAINT togglz_pkey PRIMARY KEY (feature_name); + + +-- +-- Name: SCHEMA public; Type: ACL; Schema: -; Owner: postgres +-- + +REVOKE USAGE ON SCHEMA public FROM PUBLIC; +GRANT ALL ON SCHEMA public TO PUBLIC; + + +-- +-- PostgreSQL database dump complete +-- + diff --git a/orcid-lb/Dockerfile b/orcid-lb/Dockerfile new file mode 100644 index 00000000000..5884e097b79 --- /dev/null +++ b/orcid-lb/Dockerfile @@ -0,0 +1,7 @@ +FROM haproxy:2.4.24-bullseye + + +COPY certs/* /etc/ssl/private/ + +COPY orcid-lb/haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg + diff --git a/orcid-lb/haproxy.cfg b/orcid-lb/haproxy.cfg new file mode 100644 index 00000000000..28fb394d3c1 --- /dev/null +++ b/orcid-lb/haproxy.cfg @@ -0,0 +1,113 @@ +global + stats timeout 30s + daemon + maxconn 6000 + # Default SSL material locations + ca-base /etc/ssl/certs + crt-base /etc/ssl/private + # Default ciphers to use on SSL-enabled listening sockets. + # For more information, see ciphers(1SSL). This list is from: + # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ + ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL + ssl-default-bind-options no-sslv3 + # Default ciphers to use on SSL-enabled listening sockets. + # For more information, see ciphers(1SSL). This list is from: + # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ + ssl-default-server-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL + ssl-default-server-options no-sslv3 + nbproc 1 + + + tune.ssl.default-dh-param 2048 + ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS + ssl-default-bind-options no-sslv3 + +defaults + log global + mode http + option httplog + option dontlognull + option log-separate-errors + timeout connect 5s + timeout client 100s + timeout server 100s + stats show-modules + stats show-legends + +listen stats-1936 + description haproute Loadbalancer + bind 0.0.0.0:1936 + mode http + stats enable + stats uri / + stats hide-version + stats show-node + +frontend http + description redirect to https + bind 0.0.0.0:80 + mode http + timeout client 100s + redirect scheme https code 301 if !{ ssl_fc } + +frontend https-443 + description Frontend for HTTPS Traffic + bind 0.0.0.0:443 ssl crt /etc/ssl/private/docker_dev-haproxy.pem + mode http + maxconn 6000 + option httplog + timeout client 100s + + monitor-uri /haproxy-status + + http-request set-src req.hdr(CF-Connecting-IP) + http-response add-header X-Via %[env(HOSTNAME)] + + acl host_pub hdr(host) -i pub. + acl host_api hdr(host) -i api. + + use_backend reg-papi if host_pub + use_backend reg-mapi if host_api + default_backend reg-ui + +backend reg-papi + description reg-papi + mode http + balance leastconn + option forwardfor + option httpchk GET /static/swagger2/favicon-16x16.png + option redispatch + http-check expect status 200 + timeout server 300s + http-response set-header X-Target %[srv_name] + default-server init-addr libc,last,none + server papi papi:443 ssl check verify none weight 100 + +backend reg-mapi + description reg-mapi + mode http + balance leastconn + option forwardfor + option httpchk GET /static/swagger2/favicon-32x32.png + option redispatch + http-check expect status 200 + timeout server 300s + http-response set-header X-Target %[srv_name] + default-server init-addr libc,last,none + server mapi mapi:443 ssl check verify none weight 100 + +backend reg-ui + description reg-ui + mode http + balance leastconn + cookie STICKY insert + option forwardfor + option httpchk GET /tomcatUp.json + option redispatch + http-check expect status 200 + timeout server 300s + http-response set-header X-Target %[srv_name] + default-server init-addr libc,last,none + server web_proxy web_proxy:443 ssl check verify none weight 100 + + diff --git a/redis/Dockerfile b/redis/Dockerfile new file mode 100644 index 00000000000..41df4c61d46 --- /dev/null +++ b/redis/Dockerfile @@ -0,0 +1,12 @@ +FROM redis:7.2.5-alpine + +RUN mkdir -p /opt/certs + +COPY ./certs/* /opt/certs + +RUN chown -R redis:redis /opt/certs + +CMD ["redis-server", "--save", "20", "1", "--loglevel", "warning", "--requirepass", "wibble", \ + "--tls-port", "6379", "--port", "0", "--tls-cert-file", "/opt/certs/docker_dev.pem", \ + "--tls-key-file", "/opt/certs/docker_dev-key.pem", "--tls-ca-cert-file", "/opt/certs/orcid_rsa_2022.crt", \ + "--tls-auth-clients", "no", "--tls-replication", "yes"] From 036c286ac438aeb16fef63ea80c6cf813cfb1f07 Mon Sep 17 00:00:00 2001 From: Giles Westwood Date: Wed, 4 Dec 2024 12:19:44 +0000 Subject: [PATCH 06/19] missing env files --- orcid-web/default.env | 6 ++++++ orcid-web/deployment.env | 2 ++ 2 files changed, 8 insertions(+) create mode 100644 orcid-web/default.env create mode 100644 orcid-web/deployment.env diff --git a/orcid-web/default.env b/orcid-web/default.env new file mode 100644 index 00000000000..46bb816e8c0 --- /dev/null +++ b/orcid-web/default.env @@ -0,0 +1,6 @@ +# defaults and for dev +# if a value is repeated here in a higher env_file it will be overridden +JAVA_OPTS=-Xmx256m +NEW_RELIC_APP_NAME="orcid-web-dev" +NEW_RELIC_LICENSE_KEY="SETME_ELSEWHERE" +NEW_RELIC_LOG_FILE_NAME="STDOUT" diff --git a/orcid-web/deployment.env b/orcid-web/deployment.env new file mode 100644 index 00000000000..6d31c84de3a --- /dev/null +++ b/orcid-web/deployment.env @@ -0,0 +1,2 @@ +# empty file that is templated by deployment systems +# docker-compose won't start if this file is missing From 58795ec4d4553c72cf0c4b5a39e7693ec891a127 Mon Sep 17 00:00:00 2001 From: Giles Westwood Date: Wed, 4 Dec 2024 12:50:42 +0000 Subject: [PATCH 07/19] ro only perms as full write causes startup error --- docker-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 6b74f67e798..0ce338c9e77 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -72,9 +72,9 @@ services: - 0.0.0.0:13107:80 - 0.0.0.0:13108:443 volumes: - - ./certs/dhparam.pem:/etc/nginx/certs/dhparam.pem - - ${SSL_CERTIFICATE:-./certs/docker_dev.pem}:/etc/nginx/certs/docker.pem - - ${SSL_CERTIFICATE_KEY:-./certs/docker_dev-key.pem}:/etc/nginx/certs/docker-key.pem + - ./certs/dhparam.pem:/etc/nginx/certs/dhparam.pem:ro + - ${SSL_CERTIFICATE:-./certs/docker_dev.pem}:/etc/nginx/certs/docker.pem:ro + - ${SSL_CERTIFICATE_KEY:-./certs/docker_dev-key.pem}:/etc/nginx/certs/docker-key.pem:ro profiles: - dev - ui From f8923a7f82ea4a07fac99e48b06bed5e3bc64b61 Mon Sep 17 00:00:00 2001 From: Giles Westwood Date: Thu, 5 Dec 2024 12:33:56 +0000 Subject: [PATCH 08/19] drop yaml markers in env files --- properties/default.frontend.env | 1 - properties/default.misc.env | 1 - 2 files changed, 2 deletions(-) diff --git a/properties/default.frontend.env b/properties/default.frontend.env index 578de2287fd..5de251b18b2 100644 --- a/properties/default.frontend.env +++ b/properties/default.frontend.env @@ -1,4 +1,3 @@ ---- ORG_ORCID_FRONTEND_WEB_DOMAINS_ALLOWING_ROBOTS_AS_WHITE_SPACE_SEPARATED_LIST: orcid.org localhost localhost:8443/orcid-web ORG_ORCID_FRONTEND_WEB_MAINTENANCE_HEADER_URL: file:///opt/data/maintenance.html ORG_ORCID_SHIBBOLETH_ENABLED: "true" diff --git a/properties/default.misc.env b/properties/default.misc.env index b7cbd986585..fc99ce34444 100644 --- a/properties/default.misc.env +++ b/properties/default.misc.env @@ -1,4 +1,3 @@ ---- ORG_ORCID_LISTENER_PERSISTENCE_SOLR_SOCKET_TIMEOUT="60000" ORG_ORCID_MESSAGING_BROKER_URL=tcp://localhost:61616?jms.useAsyncSend=true&jms.useCompression=true ORG_ORCID_OPENID_JWKS_KEY_NAME=OpenIDTestKey1 From d8dad88e6f904907b4d436e16f34faab14157da7 Mon Sep 17 00:00:00 2001 From: Giles Westwood Date: Thu, 5 Dec 2024 15:53:21 +0000 Subject: [PATCH 09/19] feat: add haproxy router for database connections and use static ips and host file records to not require docker dns --- docker-compose-cleandb.sh | 10 +++ docker-compose.yml | 82 ++++++++++++++--- orcid-haprouter/Dockerfile | 4 + orcid-haprouter/haproxy.cfg | 169 ++++++++++++++++++++++++++++++++++++ 4 files changed, 252 insertions(+), 13 deletions(-) create mode 100755 docker-compose-cleandb.sh create mode 100644 orcid-haprouter/Dockerfile create mode 100644 orcid-haprouter/haproxy.cfg diff --git a/docker-compose-cleandb.sh b/docker-compose-cleandb.sh new file mode 100755 index 00000000000..b1e554bbc0f --- /dev/null +++ b/docker-compose-cleandb.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash + +# Use this to test and initdb script sql file changes +# +docker compose down --volumes postgres + +volume_name=$(basename `pwd` | tr '[:upper:]' '[:lower:]')_postgres_data + +docker volume rm $volume_name -f + diff --git a/docker-compose.yml b/docker-compose.yml index 0ce338c9e77..df203b57718 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,4 +1,3 @@ -version: '2' services: dependencies: image: orcid/registry-dependencies:${TAG:-0.0.1} @@ -7,9 +6,16 @@ services: context: . args: tag_numeric: ${TAG:-0.0.1} - # stop dependencies from being started with a compose up profiles: - build + networks: + custom_network: + ipv4_address: 10.20.0.2 + extra_hosts: + - "dependencies:10.20.0.2" + - "redis:10.20.0.3" + - "postgres:10.20.0.4" + - "haprouter:10.20.0.5" redis: image: orcid/registry/redis:7.2.5-alpine @@ -19,8 +25,16 @@ services: context: . dockerfile: redis/Dockerfile profiles: - - database + - db - dev + networks: + custom_network: + ipv4_address: 10.20.0.3 + extra_hosts: + - "dependencies:10.20.0.2" + - "redis:10.20.0.3" + - "postgres:10.20.0.4" + - "haprouter:10.20.0.5" postgres: image: postgres:13.13-alpine3.19 @@ -34,12 +48,55 @@ services: ports: - '5432:5432' profiles: - - database + - db + - dev + networks: + custom_network: + ipv4_address: 10.20.0.4 + extra_hosts: + - "dependencies:10.20.0.2" + - "redis:10.20.0.3" + - "postgres:10.20.0.4" + - "haprouter:10.20.0.5" + + haprouter: + image: ${DOCKER_REG_PRIVATE}/orcid/registry/orcid-haprouter:${TAG:-0.0.1} + build: + context: . + dockerfile: orcid-haprouter/Dockerfile + extra_hosts: + - "nowhere:127.0.0.1" + - "dependencies:10.20.0.2" + - "redis:10.20.0.3" + - "postgres:10.20.0.4" + - "haprouter:10.20.0.5" + environment: + POSTGRES_READ_FQDN_A: postgres + POSTGRES_READ_FQDN_B: nowhere + POSTGRES_READ_FQDN_C: nowhere + POSTGRES_WRITE_FQDN_A: postgres + POSTGRES_WRITE_FQDN_B: nowhere + POSTGRES_WRITE_FQDN_C: nowhere + SOLR_READ_FQDN_A: solr + SOLR_READ_FQDN_B: nowhere + SOLR_READ_FQDN_C: nowhere + SOLR_WRITE_FQDN_A: solr + SOLR_WRITE_FQDN_B: nowhere.local + SOLR_WRITE_FQDN_C: nowhere.local + ports: + - 0.0.0.0:8888:1936 # stats + - 0.0.0.0:7432:7432 # solr read + - 0.0.0.0:7983:7983 # solr write + - 0.0.0.0:7432:7432 # postgres read + - 0.0.0.0:6432:6432 # postgres write + networks: + custom_network: + ipv4_address: 10.20.0.5 + profiles: - dev lb: image: ${DOCKER_REG_PRIVATE}/orcid/registry/orcid-lb:${TAG:-0.0.1} - # entrypoint: sleep infinity build: context: . dockerfile: orcid-lb/Dockerfile @@ -49,10 +106,8 @@ services: profiles: - dev - # orcid-angular project frontend: image: ${DOCKER_REG_PRIVATE}/orcid/registry/orcid-web-frontend-${FRONTEND_LABEL:-qa}:${FRONTEND_TAG:-0.0.1} - # entrypoint: sleep infinity build: context: . dockerfile: 'FIXME: must build in the orcid-angular project first Dockerfile.build' @@ -64,7 +119,6 @@ services: web_proxy: image: ${DOCKER_REG_PRIVATE}/orcid/registry/orcid-web-proxy:${TAG:-0.0.1} - # entrypoint: sleep infinity build: context: . dockerfile: orcid-web-proxy/Dockerfile @@ -81,7 +135,6 @@ services: web: image: ${DOCKER_REG_PRIVATE}/orcid/registry/orcid-web:${TAG:-0.0.1} - # entrypoint: sleep infinity build: cache_from: - orcid/registry-dependencies:${TAG:-0.0.1} @@ -90,17 +143,13 @@ services: args: tag_numeric: ${TAG:-0.0.1} env_file: - # defaults and dev config for all apps - default.env - properties/default.orcid_core.env - properties/default.misc.env - properties/default.frontend.env - properties/default.persistence.env - # defaults and dev config per app - orcid-web/default.env - # config written out by our deployment system - orcid-web/deployment.env - # anything secure that is non prod separated goes here - ${DOCKER_DEV_ENV_FILE:-empty.env} ports: - 0.0.0.0:13100:8080 @@ -108,5 +157,12 @@ services: - dev - ui +networks: + custom_network: + driver: bridge + ipam: + config: + - subnet: 10.20.0.0/16 + volumes: postgres_data: diff --git a/orcid-haprouter/Dockerfile b/orcid-haprouter/Dockerfile new file mode 100644 index 00000000000..b29bb359a2c --- /dev/null +++ b/orcid-haprouter/Dockerfile @@ -0,0 +1,4 @@ +FROM haproxy:2.4.24-bullseye + +COPY orcid-haprouter/haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg + diff --git a/orcid-haprouter/haproxy.cfg b/orcid-haprouter/haproxy.cfg new file mode 100644 index 00000000000..2683b87a687 --- /dev/null +++ b/orcid-haprouter/haproxy.cfg @@ -0,0 +1,169 @@ +resolvers docker + nameserver dns 127.0.0.11:53 + parse-resolv-conf + accepted_payload_size 8192 + hold valid 10s + hold other 30s + hold refused 30s + hold nx 30s + hold timeout 30s + hold obsolete 30s + + # How many times to retry a query + resolve_retries 3 + + # How long to wait between retries when no valid response has been received + timeout retry 1s + + # How long to wait for a successful resolution + timeout resolve 1s + +global + stats timeout 30s + daemon + maxconn 6000 + # Default SSL material locations + ca-base /etc/ssl/certs + crt-base /etc/ssl/private + # Default ciphers to use on SSL-enabled listening sockets. + # For more information, see ciphers(1SSL). This list is from: + # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ + ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL + ssl-default-bind-options no-sslv3 + # Default ciphers to use on SSL-enabled listening sockets. + # For more information, see ciphers(1SSL). This list is from: + # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ + ssl-default-server-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL + ssl-default-server-options no-sslv3 + nbproc 1 + + tune.ssl.default-dh-param 2048 + ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS + ssl-default-bind-options no-sslv3 + +defaults + log global + mode http + option httplog + option dontlognull + option log-separate-errors + timeout connect 5s + timeout client 100s + timeout server 100s + stats show-modules + stats show-legends + +listen stats-1936 + description haproute Loadbalancer + bind 0.0.0.0:1936 + mode http + stats enable + stats uri / + stats hide-version + stats show-node + +##################################################################################### + +# +# Frontends +# + +# Solr + +frontend solr-read-7983 + description Frontend for Solr + bind 0.0.0.0:7983 + mode http + timeout client 300s + monitor-uri /haproxy-status + acl solrs_dead nbsrv(reg-solr-read) lt 1 + http-request set-log-level silent + default_backend reg-solr-read + +frontend solr-write-6983 + description Frontend for Solr writes + bind 0.0.0.0:6983 + mode http + timeout client 300s + monitor-uri /haproxy-status + acl solrs_dead nbsrv(reg-solr-write) lt 1 + http-request set-log-level silent + default_backend reg-solr-write + +# Postgres + +frontend reg-postgres-read-7432 + description Frontend for Postgres read + bind 0.0.0.0:7432 + mode tcp + timeout client 70m + monitor-uri /haproxy-status + acl postgres_dead nbsrv(reg-postgres-read) lt 1 + http-request set-log-level silent + default_backend reg-postgres-read + +frontend reg-postgres-write-6432 + description Frontend for Postgres writes + bind 0.0.0.0:6432 + mode tcp + timeout client 70m + monitor-uri /haproxy-status + acl postgres_dead nbsrv(reg-postgres-write) lt 1 + http-request set-log-level silent + default_backend reg-postgres-write + +# +# Backends +# + +# Solr + +backend reg-solr-read + description backend for solr cluster + mode http + balance leastconn + option httpchk GET /solr/profile/admin/ping + option redispatch 2 + http-check expect status 200 + timeout server 300s + timeout check 20s + default-server check maxconn 500 inter 20s init-addr libc,last,none + server "${SOLR_READ_FQDN_A}-read-a" "${SOLR_READ_FQDN_A}":8983 + server "${SOLR_READ_FQDN_B}-read-b" "${SOLR_READ_FQDN_B}":8983 + server "${SOLR_READ_FQDN_C}-read-c" "${SOLR_READ_FQDN_C}":8983 + +backend reg-solr-write + description Solr master running in tomcat statically set + mode http + balance leastconn + option httpchk GET /solr/profile/admin/ping + option redispatch 2 + http-check expect status 200 + timeout server 300s + timeout check 20s + default-server check maxconn 500 inter 20s init-addr libc,last,none + server "${SOLR_WRITE_FQDN_A}-write-a" "${SOLR_WRITE_FQDN_A}":8983 + server "${SOLR_WRITE_FQDN_B}-write-b" "${SOLR_WRITE_FQDN_B}":8983 + server "${SOLR_WRITE_FQDN_C}-write-c" "${SOLR_WRITE_FQDN_C}":8983 + +# Postgres + +backend reg-postgres-read + mode tcp + balance leastconn + option pgsql-check user pgc + timeout server 70m + default-server inter 5000 fastinter 2000 downinter 5000 rise 2 fall 3 port 5432 init-addr libc,last,none + server "${POSTGRES_READ_FQDN_A}-read-a" "${POSTGRES_READ_FQDN_A}":5432 check port 5432 + server "${POSTGRES_READ_FQDN_B}-read-b" "${POSTGRES_READ_FQDN_B}":5432 check port 5432 + server "${POSTGRES_READ_FQDN_C}-read-c" "${POSTGRES_READ_FQDN_C}":5432 check port 5432 + +backend reg-postgres-write + mode tcp + balance leastconn + option pgsql-check user pgc + timeout server 70m + default-server inter 5000 fastinter 2000 downinter 5000 rise 2 fall 3 port 5432 init-addr libc,last,none + server "${POSTGRES_WRITE_FQDN_A}-write-a" "${POSTGRES_WRITE_FQDN_A}":5432 check port 5432 + server "${POSTGRES_WRITE_FQDN_B}-write-b" "${POSTGRES_WRITE_FQDN_B}":5432 check port 5432 + server "${POSTGRES_WRITE_FQDN_C}-write-c" "${POSTGRES_WRITE_FQDN_C}":5432 check port 5432 From b3382816c96d99dba2e141b375aeb453bd487cf6 Mon Sep 17 00:00:00 2001 From: amontenegro Date: Thu, 5 Dec 2024 12:52:25 -0600 Subject: [PATCH 10/19] Fix the code so the app can start with an empty identifer_type table --- docker-entrypoint-initdb.d/4-orcid-schema.sql | 52 +++++++++++++++++++ .../core/manager/IdentifierTypeManager.java | 4 +- .../v3/identifiers/PIDResolverService.java | 37 +++++++------ 3 files changed, 74 insertions(+), 19 deletions(-) diff --git a/docker-entrypoint-initdb.d/4-orcid-schema.sql b/docker-entrypoint-initdb.d/4-orcid-schema.sql index 113028002b6..670d56907a6 100644 --- a/docker-entrypoint-initdb.d/4-orcid-schema.sql +++ b/docker-entrypoint-initdb.d/4-orcid-schema.sql @@ -957,6 +957,58 @@ CREATE TABLE public.identifier_type ( case_sensitive boolean DEFAULT false NOT NULL ); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (1, 'OTHER_ID', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (2, 'ASIN_TLD', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (3, 'EID', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (4, 'CBA', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (5, 'CIT', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (6, 'CTX', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (7, 'HIR', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (8, 'PAT', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (9, 'SOURCE_WORK_ID', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (10, 'URN', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (11, 'WOSUID', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (12, 'ASIN', NULL, 'http://www.amazon.com/dp/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (13, 'JFM', NULL, 'http://zbmath.org/?format=complete&q=an%3A', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (14, 'JSTOR', NULL, 'http://www.jstor.org/stable/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (15, 'LCCN', NULL, 'http://lccn.loc.gov/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (16, 'MR', NULL, 'http://www.ams.org/mathscinet-getitem?mr=', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (17, 'OCLC', NULL, 'http://www.worldcat.org/oclc/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (18, 'SSRN', NULL, 'http://papers.ssrn.com/abstract_id=', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (19, 'ZBL', NULL, 'http://zbmath.org/?format=complete&q=', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (20, 'LENSID', NULL, 'https://www.lens.org/', false, NULL, '2016-11-09 15:58:48.048155+00', '2016-11-09 15:58:48.048155+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (21, 'PDB', NULL, 'http://identifiers.org/pdb/', false, NULL, '2016-10-13 21:08:32.999427+00', '2016-10-13 21:08:32.999427+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (22, 'CIENCIAIUL', NULL, 'https://ciencia.iscte-iul.pt/id/', false, NULL, '2017-01-27 18:19:06.455101+00', '2017-01-27 18:19:06.455101+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (23, 'DOI', NULL, 'https://doi.org/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (24, 'KUID', NULL, 'https://koreamed.org/article/', false, NULL, '2016-11-03 16:47:12.334209+00', '2016-11-03 16:47:12.334209+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (25, 'AUTHENTICUSID', NULL, 'https://www.authenticus.pt/', false, NULL, '2017-10-10 16:54:48.278545+00', '2017-10-10 16:54:48.278545+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (26, 'BIBCODE', NULL, 'http://adsabs.harvard.edu/abs/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', true); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (27, 'ARK', NULL, NULL, false, NULL, '2018-01-31 22:36:09.661795+00', '2018-01-31 22:36:09.661795+00', 'work', true); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (28, 'ARXIV', NULL, 'https://arxiv.org/abs/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (29, 'RRID', NULL, 'https://identifiers.org/rrid/', false, NULL, '2017-05-18 20:59:37.276411+00', '2017-05-18 20:59:37.276411+00', 'work', true); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (30, 'RFC', NULL, 'https://tools.ietf.org/html/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (31, 'DNB', NULL, 'https://d-nb.info/', false, NULL, '2018-06-21 16:27:54.505109+00', '2018-06-21 16:27:54.505109+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (32, 'URI', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', true); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (33, 'ISSN', NULL, 'https://portal.issn.org/resource/ISSN/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (34, 'HANDLE', NULL, 'http://hdl.handle.net/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (35, 'HAL', NULL, 'https://hal.archives-ouvertes.fr/view/resolver/', false, NULL, '2020-10-28 23:27:05.258004+00', '2020-10-28 23:27:05.258004+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (36, 'OSTI', NULL, 'https://www.osti.gov/biblio/', false, NULL, '2016-05-20 11:17:37.775534+00', '2021-02-23 17:22:47.289413+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (37, 'PPR', NULL, 'https://europepmc.org/article/PPR/', false, NULL, '2021-03-13 17:48:30.572269+00', '2021-03-13 17:48:30.572269+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (38, 'GRANT_NUMBER', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2021-04-20 14:41:36.898489+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (39, 'PROPOSAL_ID', NULL, NULL, false, NULL, '2019-01-15 20:43:10.21477+00', '2021-04-20 14:41:36.910654+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (40, 'ETHOS', NULL, 'http://ethos.bl.uk/OrderDetails.do?uin=', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', true); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (41, 'OL', NULL, 'http://openlibrary.org/b/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', true); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (42, 'EMPIAR', NULL, 'https://www.ebi.ac.uk/empiar/', false, NULL, '2021-08-25 01:33:13.522236+00', '2021-08-25 01:33:13.522236+00', 'work', true); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (43, 'AGR', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (44, 'ISMN', NULL, NULL, false, NULL, '2021-11-18 23:04:00.197881+00', '2021-11-18 23:04:00.197881+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (45, 'EMDB', NULL, 'https://www.ebi.ac.uk/emdb/', false, NULL, '2021-11-22 22:30:13.66811+00', '2021-11-22 22:30:13.66811+00', 'work', true); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (46, 'PMID', NULL, 'https://pubmed.ncbi.nlm.nih.gov/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (47, 'PMC', NULL, 'https://europepmc.org/article/pmc/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (48, 'CSTR', NULL, 'https://www.cstr.cn/', false, NULL, '2022-06-07 18:54:40.806959+00', '2022-06-07 18:54:40.806959+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (49, 'ISBN', '', 'https://www.worldcat.org/isbn/', false, NULL, '2016-05-25 11:17:37.775+00', '2016-05-25 11:17:37.775+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (50, 'K10PLUS', NULL, 'https://opac.k10plus.de/DB=2.299/PPNSET?PPN=', false, NULL, '2022-09-01 08:43:11.796091+00', '2022-09-01 08:43:11.796091+00', 'work', true); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (51, 'CGN', NULL, 'https://id.culturegraph.org/', false, NULL, '2022-09-20 01:50:54.126735+00', '2022-09-20 01:50:54.126735+00', 'work', true); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (52, 'RAiD', NULL, 'https://raid.org/', false, NULL, '2024-06-20 16:59:23.95768+00', '2024-06-20 16:59:23.95768+00', 'work', false); ALTER TABLE public.identifier_type OWNER TO orcid; diff --git a/orcid-core/src/main/java/org/orcid/core/manager/IdentifierTypeManager.java b/orcid-core/src/main/java/org/orcid/core/manager/IdentifierTypeManager.java index b8379934a99..6f816c5ca95 100644 --- a/orcid-core/src/main/java/org/orcid/core/manager/IdentifierTypeManager.java +++ b/orcid-core/src/main/java/org/orcid/core/manager/IdentifierTypeManager.java @@ -16,7 +16,7 @@ public interface IdentifierTypeManager { Map fetchIdentifierTypesByAPITypeName(Locale loc); - List queryByPrefix(String query, Locale loc); + List queryByPrefix(String query, Locale loc); - List fetchDefaultIdentifierTypes(Locale loc); + List fetchDefaultIdentifierTypes(Locale loc); } diff --git a/orcid-core/src/main/java/org/orcid/core/utils/v3/identifiers/PIDResolverService.java b/orcid-core/src/main/java/org/orcid/core/utils/v3/identifiers/PIDResolverService.java index c4cb2cd32c4..2dd73c21389 100644 --- a/orcid-core/src/main/java/org/orcid/core/utils/v3/identifiers/PIDResolverService.java +++ b/orcid-core/src/main/java/org/orcid/core/utils/v3/identifiers/PIDResolverService.java @@ -48,31 +48,34 @@ public void init() { } // populate lookup maps for link checking - for (LinkResolver n : linkResolvers) { - List supported = n.canHandle(); - if (supported.equals(LinkResolver.CAN_HANDLE_EVERYTHING)) { - for (String type : linkResolverMap.keySet()) - linkResolverMap.get(type).add(n); - } else { - for (String type : supported) { - linkResolverMap.get(type).add(n); + if(!linkResolverMap.isEmpty()) { + for (LinkResolver n : linkResolvers) { + List supported = n.canHandle(); + if (supported.equals(LinkResolver.CAN_HANDLE_EVERYTHING)) { + for (String type : linkResolverMap.keySet()) + linkResolverMap.get(type).add(n); + } else { + for (String type : supported) { + linkResolverMap.get(type).add(n); + } } } } // populate lookup maps for metadata resolution - for (MetadataResolver n : metaResolvers) { - List supported = n.canHandle(); - if (supported.equals(MetadataResolver.CAN_HANDLE_EVERYTHING)) { - for (String type : metaResolverMap.keySet()) - metaResolverMap.get(type).add(n); - } else { - for (String type : supported) { - metaResolverMap.get(type).add(n); + if(!metaResolverMap.isEmpty()) { + for (MetadataResolver n : metaResolvers) { + List supported = n.canHandle(); + if (supported.equals(MetadataResolver.CAN_HANDLE_EVERYTHING)) { + for (String type : metaResolverMap.keySet()) + metaResolverMap.get(type).add(n); + } else { + for (String type : supported) { + metaResolverMap.get(type).add(n); + } } } } - } /** From 97f89bc3766a94d70a16e618735532f0e27ac705 Mon Sep 17 00:00:00 2001 From: amontenegro Date: Thu, 5 Dec 2024 15:00:16 -0600 Subject: [PATCH 11/19] Adding users --- docker-entrypoint-initdb.d/4-orcid-schema.sql | 123 ++++++++++-------- 1 file changed, 69 insertions(+), 54 deletions(-) diff --git a/docker-entrypoint-initdb.d/4-orcid-schema.sql b/docker-entrypoint-initdb.d/4-orcid-schema.sql index 670d56907a6..e1dd5d7ce93 100644 --- a/docker-entrypoint-initdb.d/4-orcid-schema.sql +++ b/docker-entrypoint-initdb.d/4-orcid-schema.sql @@ -759,7 +759,8 @@ CREATE TABLE public.email ( client_source_id character varying(20), email_hash character varying(256) NOT NULL, assertion_origin_source_id character varying(19), - assertion_origin_client_source_id character varying(20) + assertion_origin_client_source_id character varying(20), + date_verified timestamp with time zone ); @@ -957,59 +958,6 @@ CREATE TABLE public.identifier_type ( case_sensitive boolean DEFAULT false NOT NULL ); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (1, 'OTHER_ID', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (2, 'ASIN_TLD', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (3, 'EID', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (4, 'CBA', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (5, 'CIT', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (6, 'CTX', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (7, 'HIR', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (8, 'PAT', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (9, 'SOURCE_WORK_ID', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (10, 'URN', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (11, 'WOSUID', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (12, 'ASIN', NULL, 'http://www.amazon.com/dp/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (13, 'JFM', NULL, 'http://zbmath.org/?format=complete&q=an%3A', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (14, 'JSTOR', NULL, 'http://www.jstor.org/stable/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (15, 'LCCN', NULL, 'http://lccn.loc.gov/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (16, 'MR', NULL, 'http://www.ams.org/mathscinet-getitem?mr=', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (17, 'OCLC', NULL, 'http://www.worldcat.org/oclc/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (18, 'SSRN', NULL, 'http://papers.ssrn.com/abstract_id=', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (19, 'ZBL', NULL, 'http://zbmath.org/?format=complete&q=', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (20, 'LENSID', NULL, 'https://www.lens.org/', false, NULL, '2016-11-09 15:58:48.048155+00', '2016-11-09 15:58:48.048155+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (21, 'PDB', NULL, 'http://identifiers.org/pdb/', false, NULL, '2016-10-13 21:08:32.999427+00', '2016-10-13 21:08:32.999427+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (22, 'CIENCIAIUL', NULL, 'https://ciencia.iscte-iul.pt/id/', false, NULL, '2017-01-27 18:19:06.455101+00', '2017-01-27 18:19:06.455101+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (23, 'DOI', NULL, 'https://doi.org/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (24, 'KUID', NULL, 'https://koreamed.org/article/', false, NULL, '2016-11-03 16:47:12.334209+00', '2016-11-03 16:47:12.334209+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (25, 'AUTHENTICUSID', NULL, 'https://www.authenticus.pt/', false, NULL, '2017-10-10 16:54:48.278545+00', '2017-10-10 16:54:48.278545+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (26, 'BIBCODE', NULL, 'http://adsabs.harvard.edu/abs/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', true); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (27, 'ARK', NULL, NULL, false, NULL, '2018-01-31 22:36:09.661795+00', '2018-01-31 22:36:09.661795+00', 'work', true); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (28, 'ARXIV', NULL, 'https://arxiv.org/abs/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (29, 'RRID', NULL, 'https://identifiers.org/rrid/', false, NULL, '2017-05-18 20:59:37.276411+00', '2017-05-18 20:59:37.276411+00', 'work', true); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (30, 'RFC', NULL, 'https://tools.ietf.org/html/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (31, 'DNB', NULL, 'https://d-nb.info/', false, NULL, '2018-06-21 16:27:54.505109+00', '2018-06-21 16:27:54.505109+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (32, 'URI', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', true); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (33, 'ISSN', NULL, 'https://portal.issn.org/resource/ISSN/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (34, 'HANDLE', NULL, 'http://hdl.handle.net/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (35, 'HAL', NULL, 'https://hal.archives-ouvertes.fr/view/resolver/', false, NULL, '2020-10-28 23:27:05.258004+00', '2020-10-28 23:27:05.258004+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (36, 'OSTI', NULL, 'https://www.osti.gov/biblio/', false, NULL, '2016-05-20 11:17:37.775534+00', '2021-02-23 17:22:47.289413+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (37, 'PPR', NULL, 'https://europepmc.org/article/PPR/', false, NULL, '2021-03-13 17:48:30.572269+00', '2021-03-13 17:48:30.572269+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (38, 'GRANT_NUMBER', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2021-04-20 14:41:36.898489+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (39, 'PROPOSAL_ID', NULL, NULL, false, NULL, '2019-01-15 20:43:10.21477+00', '2021-04-20 14:41:36.910654+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (40, 'ETHOS', NULL, 'http://ethos.bl.uk/OrderDetails.do?uin=', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', true); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (41, 'OL', NULL, 'http://openlibrary.org/b/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', true); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (42, 'EMPIAR', NULL, 'https://www.ebi.ac.uk/empiar/', false, NULL, '2021-08-25 01:33:13.522236+00', '2021-08-25 01:33:13.522236+00', 'work', true); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (43, 'AGR', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (44, 'ISMN', NULL, NULL, false, NULL, '2021-11-18 23:04:00.197881+00', '2021-11-18 23:04:00.197881+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (45, 'EMDB', NULL, 'https://www.ebi.ac.uk/emdb/', false, NULL, '2021-11-22 22:30:13.66811+00', '2021-11-22 22:30:13.66811+00', 'work', true); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (46, 'PMID', NULL, 'https://pubmed.ncbi.nlm.nih.gov/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (47, 'PMC', NULL, 'https://europepmc.org/article/pmc/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (48, 'CSTR', NULL, 'https://www.cstr.cn/', false, NULL, '2022-06-07 18:54:40.806959+00', '2022-06-07 18:54:40.806959+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (49, 'ISBN', '', 'https://www.worldcat.org/isbn/', false, NULL, '2016-05-25 11:17:37.775+00', '2016-05-25 11:17:37.775+00', 'work', false); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (50, 'K10PLUS', NULL, 'https://opac.k10plus.de/DB=2.299/PPNSET?PPN=', false, NULL, '2022-09-01 08:43:11.796091+00', '2022-09-01 08:43:11.796091+00', 'work', true); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (51, 'CGN', NULL, 'https://id.culturegraph.org/', false, NULL, '2022-09-20 01:50:54.126735+00', '2022-09-20 01:50:54.126735+00', 'work', true); -INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (52, 'RAiD', NULL, 'https://raid.org/', false, NULL, '2024-06-20 16:59:23.95768+00', '2024-06-20 16:59:23.95768+00', 'work', false); - ALTER TABLE public.identifier_type OWNER TO orcid; -- @@ -6529,3 +6477,70 @@ GRANT SELECT ON TABLE public.webhook TO orcidro; -- PostgreSQL database dump complete -- +-- +-- Populate identifier types +-- +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (1, 'OTHER_ID', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (2, 'ASIN_TLD', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (3, 'EID', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (4, 'CBA', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (5, 'CIT', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (6, 'CTX', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (7, 'HIR', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (8, 'PAT', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (9, 'SOURCE_WORK_ID', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (10, 'URN', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (11, 'WOSUID', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (12, 'ASIN', NULL, 'http://www.amazon.com/dp/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (13, 'JFM', NULL, 'http://zbmath.org/?format=complete&q=an%3A', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (14, 'JSTOR', NULL, 'http://www.jstor.org/stable/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (15, 'LCCN', NULL, 'http://lccn.loc.gov/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (16, 'MR', NULL, 'http://www.ams.org/mathscinet-getitem?mr=', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (17, 'OCLC', NULL, 'http://www.worldcat.org/oclc/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (18, 'SSRN', NULL, 'http://papers.ssrn.com/abstract_id=', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (19, 'ZBL', NULL, 'http://zbmath.org/?format=complete&q=', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (20, 'LENSID', NULL, 'https://www.lens.org/', false, NULL, '2016-11-09 15:58:48.048155+00', '2016-11-09 15:58:48.048155+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (21, 'PDB', NULL, 'http://identifiers.org/pdb/', false, NULL, '2016-10-13 21:08:32.999427+00', '2016-10-13 21:08:32.999427+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (22, 'CIENCIAIUL', NULL, 'https://ciencia.iscte-iul.pt/id/', false, NULL, '2017-01-27 18:19:06.455101+00', '2017-01-27 18:19:06.455101+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (23, 'DOI', NULL, 'https://doi.org/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (24, 'KUID', NULL, 'https://koreamed.org/article/', false, NULL, '2016-11-03 16:47:12.334209+00', '2016-11-03 16:47:12.334209+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (25, 'AUTHENTICUSID', NULL, 'https://www.authenticus.pt/', false, NULL, '2017-10-10 16:54:48.278545+00', '2017-10-10 16:54:48.278545+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (26, 'BIBCODE', NULL, 'http://adsabs.harvard.edu/abs/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', true); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (27, 'ARK', NULL, NULL, false, NULL, '2018-01-31 22:36:09.661795+00', '2018-01-31 22:36:09.661795+00', 'work', true); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (28, 'ARXIV', NULL, 'https://arxiv.org/abs/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (29, 'RRID', NULL, 'https://identifiers.org/rrid/', false, NULL, '2017-05-18 20:59:37.276411+00', '2017-05-18 20:59:37.276411+00', 'work', true); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (30, 'RFC', NULL, 'https://tools.ietf.org/html/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (31, 'DNB', NULL, 'https://d-nb.info/', false, NULL, '2018-06-21 16:27:54.505109+00', '2018-06-21 16:27:54.505109+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (32, 'URI', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', true); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (33, 'ISSN', NULL, 'https://portal.issn.org/resource/ISSN/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (34, 'HANDLE', NULL, 'http://hdl.handle.net/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (35, 'HAL', NULL, 'https://hal.archives-ouvertes.fr/view/resolver/', false, NULL, '2020-10-28 23:27:05.258004+00', '2020-10-28 23:27:05.258004+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (36, 'OSTI', NULL, 'https://www.osti.gov/biblio/', false, NULL, '2016-05-20 11:17:37.775534+00', '2021-02-23 17:22:47.289413+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (37, 'PPR', NULL, 'https://europepmc.org/article/PPR/', false, NULL, '2021-03-13 17:48:30.572269+00', '2021-03-13 17:48:30.572269+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (38, 'GRANT_NUMBER', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775534+00', '2021-04-20 14:41:36.898489+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (39, 'PROPOSAL_ID', NULL, NULL, false, NULL, '2019-01-15 20:43:10.21477+00', '2021-04-20 14:41:36.910654+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (40, 'ETHOS', NULL, 'http://ethos.bl.uk/OrderDetails.do?uin=', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', true); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (41, 'OL', NULL, 'http://openlibrary.org/b/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', true); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (42, 'EMPIAR', NULL, 'https://www.ebi.ac.uk/empiar/', false, NULL, '2021-08-25 01:33:13.522236+00', '2021-08-25 01:33:13.522236+00', 'work', true); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (43, 'AGR', NULL, NULL, false, NULL, '2016-05-20 11:17:37.775+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (44, 'ISMN', NULL, NULL, false, NULL, '2021-11-18 23:04:00.197881+00', '2021-11-18 23:04:00.197881+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (45, 'EMDB', NULL, 'https://www.ebi.ac.uk/emdb/', false, NULL, '2021-11-22 22:30:13.66811+00', '2021-11-22 22:30:13.66811+00', 'work', true); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (46, 'PMID', NULL, 'https://pubmed.ncbi.nlm.nih.gov/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (47, 'PMC', NULL, 'https://europepmc.org/article/pmc/', false, NULL, '2016-05-20 11:17:37.775534+00', '2016-05-20 11:17:37.775534+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (48, 'CSTR', NULL, 'https://www.cstr.cn/', false, NULL, '2022-06-07 18:54:40.806959+00', '2022-06-07 18:54:40.806959+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (49, 'ISBN', '', 'https://www.worldcat.org/isbn/', false, NULL, '2016-05-25 11:17:37.775+00', '2016-05-25 11:17:37.775+00', 'work', false); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (50, 'K10PLUS', NULL, 'https://opac.k10plus.de/DB=2.299/PPNSET?PPN=', false, NULL, '2022-09-01 08:43:11.796091+00', '2022-09-01 08:43:11.796091+00', 'work', true); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (51, 'CGN', NULL, 'https://id.culturegraph.org/', false, NULL, '2022-09-20 01:50:54.126735+00', '2022-09-20 01:50:54.126735+00', 'work', true); +INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (52, 'RAiD', NULL, 'https://raid.org/', false, NULL, '2024-06-20 16:59:23.95768+00', '2024-06-20 16:59:23.95768+00', 'work', false); + +-- +-- Create users +-- +INSERT INTO public.profile (orcid, date_created, last_modified, account_expiry, completed_date, claimed, creation_method, enabled, encrypted_password, is_selectable_sponsor, source_id, orcid_type, submission_date, indexing_status, profile_deactivation_date, activities_visibility_default, last_indexed_date, locale, primary_record, deprecated_date, group_type, referred_by, enable_developer_tools, salesforce_id, client_source_id, developer_tools_enabled_date, record_locked, used_captcha_on_registration, user_last_ip, reviewed, reason_locked, reason_locked_description, hashed_orcid, last_login, secret_for_2fa, using_2fa, deprecating_admin, deprecated_method, record_locked_date, record_locked_admin_id, signin_lock_start, signin_lock_last_attempt, signin_lock_count, auto_lock_date) VALUES ('0000-0000-0000-0000', '2024-12-05 20:17:30.31', '2024-12-05 20:17:30.037982', NULL, NULL, true, 'Direct', true, 'yuDgrpyC1FBhUjVoNUCSby/XKUt5fyqappN8CeC+jOZ0LDBmt+9UyWwkNistBHhAfd2SlGRQ7m+J6khv6D2OjYO/Hm/cSvVUlzVuE21RD48=', NULL, NULL, 'USER', '2024-12-05 20:17:30.038+00', 'DONE', NULL, 'PUBLIC', '2024-12-05 20:17:38.210127+00', 'EN', NULL, NULL, NULL, NULL, false, NULL, NULL, NULL, false, true, '186.5.174.177', false, NULL, NULL, '92642c5c8e7d21de97aadf4c913a0817be9a1ee9a04091a22be7870489734b89', '2024-12-05 20:20:18.633868', NULL, false, NULL, NULL, NULL, NULL, NULL, NULL, 0, NULL); +INSERT INTO public.profile (orcid, date_created, last_modified, account_expiry, completed_date, claimed, creation_method, enabled, encrypted_password, is_selectable_sponsor, source_id, orcid_type, submission_date, indexing_status, profile_deactivation_date, activities_visibility_default, last_indexed_date, locale, primary_record, deprecated_date, group_type, referred_by, enable_developer_tools, salesforce_id, client_source_id, developer_tools_enabled_date, record_locked, used_captcha_on_registration, user_last_ip, reviewed, reason_locked, reason_locked_description, hashed_orcid, last_login, secret_for_2fa, using_2fa, deprecating_admin, deprecated_method, record_locked_date, record_locked_admin_id, signin_lock_start, signin_lock_last_attempt, signin_lock_count, auto_lock_date) VALUES ('0000-0000-0000-0001', '2024-12-05 20:18:52.782', '2024-12-05 20:18:52.523386', NULL, NULL, true, 'Direct', true, 'X7VnXb6WRFdy1cI3DV4UPSn55SUOr9Tmy5wVjrwohsoOu+5JIWg2BZm3RQeR1gtyw/74YPJ+SUyUAPskoTdGw36oRlCQ1bKheRhpHy4QnpU=', NULL, NULL, 'ADMIN', '2024-12-05 20:18:52.524+00', 'DONE', NULL, 'PUBLIC', '2024-12-05 20:18:58.276245+00', 'EN', NULL, NULL, NULL, NULL, false, NULL, NULL, NULL, false, true, '186.5.174.177', false, NULL, NULL, '43a7ac7d5ccde49654ec71a1d5d3a7829517086206d9c0366fc9b64316e51002', '2024-12-05 20:20:32.078858', NULL, false, NULL, NULL, NULL, NULL, NULL, NULL, 0, NULL); +INSERT INTO public.email (date_created, last_modified, email, orcid, visibility, is_primary, is_current, is_verified, source_id, client_source_id, email_hash, assertion_origin_source_id, assertion_origin_client_source_id, date_verified) VALUES ('2024-12-05 20:18:52.785+00', '2024-12-05 20:18:52.785+00', 'admin@orcid.org', '0000-0000-0000-0001', 'PRIVATE', true, true, false, '0000-0000-0000-0001', NULL, 'c9fb16d78d4f44c1ff05ca7cf81a8b267c525bc2144886c1e0af89c374484af9', NULL, NULL, NULL); +INSERT INTO public.email (date_created, last_modified, email, orcid, visibility, is_primary, is_current, is_verified, source_id, client_source_id, email_hash, assertion_origin_source_id, assertion_origin_client_source_id, date_verified) VALUES ('2024-12-05 20:17:30.313+00', '2024-12-05 20:17:30.313+00', 'user@orcid.org', '0000-0000-0000-0000', 'PRIVATE', true, true, false, '0000-0000-0000-0000', NULL, '9167d11d8fd4253671d7cf74b80d8053b267fad86e36e891b4b8a5d90db45cb8', NULL, NULL, NULL); +INSERT INTO public.record_name (id, orcid, credit_name, family_name, given_names, visibility, date_created, last_modified) VALUES (10463, '0000-0000-0000-0000', NULL, 'Orcid', 'User', 'PUBLIC', '2024-12-05 20:17:30.316+00', '2024-12-05 20:17:30.316+00'); +INSERT INTO public.record_name (id, orcid, credit_name, family_name, given_names, visibility, date_created, last_modified) VALUES (10464, '0000-0000-0000-0001', NULL, 'User', 'Admin', 'PUBLIC', '2024-12-05 20:18:52.788+00', '2024-12-05 20:18:52.788+00'); +INSERT INTO public.granted_authority (authority, orcid, date_created, last_modified) VALUES ('ROLE_USER', '0000-0000-0000-0000', '2024-12-05 20:17:30.31', '2024-12-05 20:17:30.31'); +INSERT INTO public.granted_authority (authority, orcid, date_created, last_modified) VALUES ('ROLE_USER', '0000-0000-0000-0001', '2024-12-05 20:18:52.783', '2024-12-05 20:18:52.783'); \ No newline at end of file From a99373dfdc0e34c44f342533c0028af95bf91281 Mon Sep 17 00:00:00 2001 From: amontenegro Date: Thu, 5 Dec 2024 15:27:35 -0600 Subject: [PATCH 12/19] Client added --- docker-entrypoint-initdb.d/4-orcid-schema.sql | 59 ++++++++++++++++++- 1 file changed, 58 insertions(+), 1 deletion(-) diff --git a/docker-entrypoint-initdb.d/4-orcid-schema.sql b/docker-entrypoint-initdb.d/4-orcid-schema.sql index e1dd5d7ce93..d69c75e8c39 100644 --- a/docker-entrypoint-initdb.d/4-orcid-schema.sql +++ b/docker-entrypoint-initdb.d/4-orcid-schema.sql @@ -6533,6 +6533,12 @@ INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolut INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (51, 'CGN', NULL, 'https://id.culturegraph.org/', false, NULL, '2022-09-20 01:50:54.126735+00', '2022-09-20 01:50:54.126735+00', 'work', true); INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolution_prefix, id_deprecated, client_source_id, date_created, last_modified, primary_use, case_sensitive) VALUES (52, 'RAiD', NULL, 'https://raid.org/', false, NULL, '2024-06-20 16:59:23.95768+00', '2024-06-20 16:59:23.95768+00', 'work', false); +-- +-- NOTE! The following users and clients have their passwords encrypted using the QA passphrases, so, for this to work, you will need to add the following properties env variables to tomcat: +-- -Dorg.orcid.core.passPhraseForInternalEncryption=XeZa8wUkuchusp8saWaW +-- -Dorg.orcid.core.passPhraseForExternalEncryption=spAbusa3ubRase7udEpr +-- + -- -- Create users -- @@ -6543,4 +6549,55 @@ INSERT INTO public.email (date_created, last_modified, email, orcid, visibility, INSERT INTO public.record_name (id, orcid, credit_name, family_name, given_names, visibility, date_created, last_modified) VALUES (10463, '0000-0000-0000-0000', NULL, 'Orcid', 'User', 'PUBLIC', '2024-12-05 20:17:30.316+00', '2024-12-05 20:17:30.316+00'); INSERT INTO public.record_name (id, orcid, credit_name, family_name, given_names, visibility, date_created, last_modified) VALUES (10464, '0000-0000-0000-0001', NULL, 'User', 'Admin', 'PUBLIC', '2024-12-05 20:18:52.788+00', '2024-12-05 20:18:52.788+00'); INSERT INTO public.granted_authority (authority, orcid, date_created, last_modified) VALUES ('ROLE_USER', '0000-0000-0000-0000', '2024-12-05 20:17:30.31', '2024-12-05 20:17:30.31'); -INSERT INTO public.granted_authority (authority, orcid, date_created, last_modified) VALUES ('ROLE_USER', '0000-0000-0000-0001', '2024-12-05 20:18:52.783', '2024-12-05 20:18:52.783'); \ No newline at end of file +INSERT INTO public.granted_authority (authority, orcid, date_created, last_modified) VALUES ('ROLE_USER', '0000-0000-0000-0001', '2024-12-05 20:18:52.783', '2024-12-05 20:18:52.783'); + +-- +-- Create premium member +-- +INSERT INTO public.profile (orcid, date_created, last_modified, account_expiry, completed_date, claimed, creation_method, enabled, encrypted_password, is_selectable_sponsor, source_id, orcid_type, submission_date, indexing_status, profile_deactivation_date, activities_visibility_default, last_indexed_date, locale, primary_record, deprecated_date, group_type, referred_by, enable_developer_tools, salesforce_id, client_source_id, developer_tools_enabled_date, record_locked, used_captcha_on_registration, user_last_ip, reviewed, reason_locked, reason_locked_description, hashed_orcid, last_login, secret_for_2fa, using_2fa, deprecating_admin, deprecated_method, record_locked_date, record_locked_admin_id, signin_lock_start, signin_lock_last_attempt, signin_lock_count, auto_lock_date) VALUES ('0009-0000-0000-0000', '2024-04-22 14:28:28.872', '2024-04-22 14:28:46.537', NULL, NULL, true, 'Direct', true, NULL, NULL, NULL, 'GROUP', '2024-04-22 14:28:28.865+00', 'DONE', NULL, 'PRIVATE', '2024-04-22 15:28:39.641078+00', 'EN', NULL, NULL, 'PREMIUM', NULL, false, '123456789012345', NULL, NULL, false, false, NULL, true, NULL, NULL, '716ba0ab70d546a7b7578118a7aec863564e555ebc21caa0b3d9fc17dec87383', NULL, NULL, false, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); +INSERT INTO public.email (date_created, last_modified, email, orcid, visibility, is_primary, is_current, is_verified, source_id, client_source_id, email_hash, assertion_origin_source_id, assertion_origin_client_source_id, date_verified) VALUES ('2024-04-22 14:28:28.889+00', '2024-04-22 14:28:28.889+00', 'member@orcid.org', '0009-0000-0000-0000', 'PRIVATE', true, true, true, '0009-0000-0000-0000', NULL, '31f4018550531879ff9f02f3b0670cf6abc13524bc2c94d8eb25149085f31a52', NULL, NULL, NULL); +INSERT INTO public.granted_authority (authority, orcid, date_created, last_modified) VALUES ('ROLE_GROUP', '0009-0000-0000-0000', '2024-04-22 14:28:28.873', '2024-04-22 14:28:28.873'); +INSERT INTO public.record_name (id, orcid, credit_name, family_name, given_names, visibility, date_created, last_modified) VALUES (9281, '0009-0000-0000-0000', 'Member', NULL, NULL, 'PUBLIC', '2024-04-22 14:28:28.904+00', '2024-04-22 14:28:28.904+00'); + +-- +-- Create premium client +-- Client secret: 9db18cce-aa3b-4398-acef-2c661c38b24b +-- Client redirect uri: https://qa.orcid.org +-- +INSERT INTO public.client_details (client_details_id, client_secret, date_created, last_modified, client_name, webhooks_enabled, client_description, client_website, persistent_tokens_enabled, group_orcid, client_type, authentication_provider_id, allow_auto_deprecate, email_access_reason, user_obo_enabled, deactivated_date, deactivated_by) VALUES ('APP-0000000000000000000', NULL, '2024-04-22 14:29:52.29', '2024-04-22 14:30:46.541', 'Test', true, 'Just a test', 'http://www.orcid.org', true, '0009-0000-0000-0000', 'PREMIUM_UPDATER', '', false, NULL, false, NULL, NULL); +INSERT INTO public.client_secret (client_details_id, client_secret, date_created, last_modified, is_primary) VALUES ('APP-0000000000000000000', 'v7XOuWET5Qx6noSQgkt9n0HaBe0Z+QS+0jNREQXDARAky8HA7ZYLZ05p8bLCUxvQ', '2024-04-22 14:29:52.296+00', '2024-04-22 14:29:52.296+00', true); +INSERT INTO public.client_redirect_uri (client_details_id, redirect_uri, date_created, last_modified, predefined_client_redirect_scope, redirect_uri_type, uri_act_type, uri_geo_area, status) VALUES ('APP-0000000000000000000', 'https://qa.orcid.org', '2024-04-22 14:29:52.293', '2024-04-22 14:29:52.293', '', 'default', '{"import-works-wizard":["Articles"]}', '{"import-works-wizard":["Global"]}', 'OK'); +INSERT INTO public.client_authorised_grant_type (client_details_id, grant_type, date_created, last_modified) VALUES ('APP-0000000000000000000', 'refresh_token', '2024-04-22 14:29:52.291', '2024-04-22 14:29:52.291'); +INSERT INTO public.client_authorised_grant_type (client_details_id, grant_type, date_created, last_modified) VALUES ('APP-0000000000000000000', 'implicit', '2024-04-22 14:29:52.292', '2024-04-22 14:29:52.292'); +INSERT INTO public.client_authorised_grant_type (client_details_id, grant_type, date_created, last_modified) VALUES ('APP-0000000000000000000', 'authorization_code', '2024-04-22 14:29:52.293', '2024-04-22 14:29:52.293'); +INSERT INTO public.client_authorised_grant_type (client_details_id, grant_type, date_created, last_modified) VALUES ('APP-0000000000000000000', 'client_credentials', '2024-04-22 14:29:52.293', '2024-04-22 14:29:52.293'); +INSERT INTO public.client_authorised_grant_type (client_details_id, grant_type, date_created, last_modified) VALUES ('APP-0000000000000000000', 'urn:ietf:params:oauth:grant-type:token-exchange', '2024-04-22 14:30:46.536', '2024-04-22 14:30:46.536'); +INSERT INTO public.client_granted_authority (client_details_id, granted_authority, date_created, last_modified) VALUES ('APP-0000000000000000000', 'ROLE_CLIENT', '2024-04-22 14:29:52.293', '2024-04-22 14:29:52.293'); +INSERT INTO public.client_resource_id (client_details_id, resource_id, date_created, last_modified) VALUES ('APP-0000000000000000000', 'orcid', '2024-04-22 14:29:52.294', '2024-04-22 14:29:52.294'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/group-id-record/update', '2024-04-22 14:29:52.294', '2024-04-22 14:29:52.294'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/peer-review/update', '2024-04-22 14:29:52.294', '2024-04-22 14:29:52.294'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/orcid-bio/update', '2024-04-22 14:29:52.294', '2024-04-22 14:29:52.294'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/authenticate', '2024-04-22 14:29:52.294', '2024-04-22 14:29:52.294'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', 'openid', '2024-04-22 14:29:52.294', '2024-04-22 14:29:52.294'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/webhook', '2024-04-22 14:29:52.294', '2024-04-22 14:29:52.294'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/orcid-profile/read-limited', '2024-04-22 14:29:52.294', '2024-04-22 14:29:52.294'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/orcid-works/create', '2024-04-22 14:29:52.294', '2024-04-22 14:29:52.294'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/read-public', '2024-04-22 14:29:52.294', '2024-04-22 14:29:52.294'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/peer-review/create', '2024-04-22 14:29:52.295', '2024-04-22 14:29:52.295'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/funding/read-limited', '2024-04-22 14:29:52.295', '2024-04-22 14:29:52.295'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/activities/update', '2024-04-22 14:29:52.295', '2024-04-22 14:29:52.295'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/person/read-limited', '2024-04-22 14:29:52.295', '2024-04-22 14:29:52.295'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/funding/create', '2024-04-22 14:29:52.295', '2024-04-22 14:29:52.295'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/affiliations/read-limited', '2024-04-22 14:29:52.295', '2024-04-22 14:29:52.295'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/orcid-bio/read-limited', '2024-04-22 14:29:52.295', '2024-04-22 14:29:52.295'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/group-id-record/read', '2024-04-22 14:29:52.295', '2024-04-22 14:29:52.295'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/affiliations/update', '2024-04-22 14:29:52.295', '2024-04-22 14:29:52.295'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/affiliations/create', '2024-04-22 14:29:52.295', '2024-04-22 14:29:52.295'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/peer-review/read-limited', '2024-04-22 14:29:52.295', '2024-04-22 14:29:52.295'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/orcid-works/update', '2024-04-22 14:29:52.295', '2024-04-22 14:29:52.295'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/orcid-bio/external-identifiers/create', '2024-04-22 14:29:52.296', '2024-04-22 14:29:52.296'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/funding/update', '2024-04-22 14:29:52.296', '2024-04-22 14:29:52.296'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/activities/read-limited', '2024-04-22 14:29:52.296', '2024-04-22 14:29:52.296'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/read-limited', '2024-04-22 14:29:52.296', '2024-04-22 14:29:52.296'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/person/update', '2024-04-22 14:29:52.296', '2024-04-22 14:29:52.296'); +INSERT INTO public.client_scope (client_details_id, scope_type, date_created, last_modified) VALUES ('APP-0000000000000000000', '/orcid-works/read-limited', '2024-04-22 14:29:52.296', '2024-04-22 14:29:52.296'); \ No newline at end of file From 5485d4d28ae7d506dafde6b798aebc0eac9d16e1 Mon Sep 17 00:00:00 2001 From: Giles Westwood Date: Fri, 6 Dec 2024 17:20:22 +0000 Subject: [PATCH 13/19] migrating back to a defined bridged network --- docker-compose.yml | 63 ++++++++++++++++------------------------------ docker-up.sh | 7 ++++++ 2 files changed, 29 insertions(+), 41 deletions(-) create mode 100755 docker-up.sh diff --git a/docker-compose.yml b/docker-compose.yml index df203b57718..c2217f6fee7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,13 +9,7 @@ services: profiles: - build networks: - custom_network: - ipv4_address: 10.20.0.2 - extra_hosts: - - "dependencies:10.20.0.2" - - "redis:10.20.0.3" - - "postgres:10.20.0.4" - - "haprouter:10.20.0.5" + app: redis: image: orcid/registry/redis:7.2.5-alpine @@ -28,13 +22,7 @@ services: - db - dev networks: - custom_network: - ipv4_address: 10.20.0.3 - extra_hosts: - - "dependencies:10.20.0.2" - - "redis:10.20.0.3" - - "postgres:10.20.0.4" - - "haprouter:10.20.0.5" + app: postgres: image: postgres:13.13-alpine3.19 @@ -51,38 +39,26 @@ services: - db - dev networks: - custom_network: - ipv4_address: 10.20.0.4 - extra_hosts: - - "dependencies:10.20.0.2" - - "redis:10.20.0.3" - - "postgres:10.20.0.4" - - "haprouter:10.20.0.5" + app: haprouter: image: ${DOCKER_REG_PRIVATE}/orcid/registry/orcid-haprouter:${TAG:-0.0.1} build: context: . dockerfile: orcid-haprouter/Dockerfile - extra_hosts: - - "nowhere:127.0.0.1" - - "dependencies:10.20.0.2" - - "redis:10.20.0.3" - - "postgres:10.20.0.4" - - "haprouter:10.20.0.5" environment: POSTGRES_READ_FQDN_A: postgres - POSTGRES_READ_FQDN_B: nowhere - POSTGRES_READ_FQDN_C: nowhere + POSTGRES_READ_FQDN_B: localhost + POSTGRES_READ_FQDN_C: localhost POSTGRES_WRITE_FQDN_A: postgres - POSTGRES_WRITE_FQDN_B: nowhere - POSTGRES_WRITE_FQDN_C: nowhere + POSTGRES_WRITE_FQDN_B: localhost + POSTGRES_WRITE_FQDN_C: localhost SOLR_READ_FQDN_A: solr - SOLR_READ_FQDN_B: nowhere - SOLR_READ_FQDN_C: nowhere + SOLR_READ_FQDN_B: localhost + SOLR_READ_FQDN_C: localhost SOLR_WRITE_FQDN_A: solr - SOLR_WRITE_FQDN_B: nowhere.local - SOLR_WRITE_FQDN_C: nowhere.local + SOLR_WRITE_FQDN_B: localhost + SOLR_WRITE_FQDN_C: localhost ports: - 0.0.0.0:8888:1936 # stats - 0.0.0.0:7432:7432 # solr read @@ -90,10 +66,10 @@ services: - 0.0.0.0:7432:7432 # postgres read - 0.0.0.0:6432:6432 # postgres write networks: - custom_network: - ipv4_address: 10.20.0.5 + app: profiles: - dev + - ui lb: image: ${DOCKER_REG_PRIVATE}/orcid/registry/orcid-lb:${TAG:-0.0.1} @@ -103,6 +79,8 @@ services: ports: - 0.0.0.0:80:80 - 0.0.0.0:443:443 + networks: + app: profiles: - dev @@ -116,6 +94,8 @@ services: profiles: - dev - ui + networks: + app: web_proxy: image: ${DOCKER_REG_PRIVATE}/orcid/registry/orcid-web-proxy:${TAG:-0.0.1} @@ -129,6 +109,8 @@ services: - ./certs/dhparam.pem:/etc/nginx/certs/dhparam.pem:ro - ${SSL_CERTIFICATE:-./certs/docker_dev.pem}:/etc/nginx/certs/docker.pem:ro - ${SSL_CERTIFICATE_KEY:-./certs/docker_dev-key.pem}:/etc/nginx/certs/docker-key.pem:ro + networks: + app: profiles: - dev - ui @@ -153,16 +135,15 @@ services: - ${DOCKER_DEV_ENV_FILE:-empty.env} ports: - 0.0.0.0:13100:8080 + networks: + app: profiles: - dev - ui networks: - custom_network: + app: driver: bridge - ipam: - config: - - subnet: 10.20.0.0/16 volumes: postgres_data: diff --git a/docker-up.sh b/docker-up.sh new file mode 100755 index 00000000000..61e2b54f4ef --- /dev/null +++ b/docker-up.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +docker compose --profile db up -d + +sleep 20 + +docker compose --profile dev up -d From 991c8727974cc3d6dbddb711e37cf43f4410d6dc Mon Sep 17 00:00:00 2001 From: Giles Westwood Date: Fri, 6 Dec 2024 17:21:52 +0000 Subject: [PATCH 14/19] adding orcid-haprouter to the builds --- .github/workflows/bld_docker.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/bld_docker.yml b/.github/workflows/bld_docker.yml index e1fd22d5481..db63fd4fd80 100644 --- a/.github/workflows/bld_docker.yml +++ b/.github/workflows/bld_docker.yml @@ -106,6 +106,10 @@ jobs: docker_name: orcid/registry/orcid-web-proxy file: orcid-web-proxy/Dockerfile + - artifact_name: orcid-haprouter + docker_name: orcid/registry/orcid-haprouter + file: orcid-haprouter/Dockerfile + runs-on: ubuntu-latest steps: - name: git-checkout-ref-action From 34085f5efb8e9b1d8cd60f28e7e94070ac4aa3c5 Mon Sep 17 00:00:00 2001 From: Giles Westwood Date: Fri, 6 Dec 2024 17:59:37 +0000 Subject: [PATCH 15/19] adding in haprouter as default postgres connection --- docker-compose.yml | 5 +++-- docker-entrypoint-initdb.d/1-dev-users.sql | 1 + docker-entrypoint-initdb.d/2-pgc-allow.sh | 4 ++++ properties/default.persistence.env | 8 ++++---- 4 files changed, 12 insertions(+), 6 deletions(-) create mode 100644 docker-entrypoint-initdb.d/2-pgc-allow.sh diff --git a/docker-compose.yml b/docker-compose.yml index c2217f6fee7..24f3901ea39 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -61,8 +61,8 @@ services: SOLR_WRITE_FQDN_C: localhost ports: - 0.0.0.0:8888:1936 # stats - - 0.0.0.0:7432:7432 # solr read - - 0.0.0.0:7983:7983 # solr write + - 0.0.0.0:7983:7983 # solr read + - 0.0.0.0:6983:6983 # solr write - 0.0.0.0:7432:7432 # postgres read - 0.0.0.0:6432:6432 # postgres write networks: @@ -77,6 +77,7 @@ services: context: . dockerfile: orcid-lb/Dockerfile ports: + - 0.0.0.0:9999:1936 # stats - 0.0.0.0:80:80 - 0.0.0.0:443:443 networks: diff --git a/docker-entrypoint-initdb.d/1-dev-users.sql b/docker-entrypoint-initdb.d/1-dev-users.sql index 2b44dd0fba0..300f27b142c 100644 --- a/docker-entrypoint-initdb.d/1-dev-users.sql +++ b/docker-entrypoint-initdb.d/1-dev-users.sql @@ -2,4 +2,5 @@ CREATE USER orcid WITH PASSWORD 'orcid'; CREATE USER statistics WITH PASSWORD 'statistics'; CREATE USER orcidro WITH PASSWORD 'orcidro'; CREATE USER dw_user WITH PASSWORD 'dw_user'; +CREATE USER pgc WITH PASSWORD 'pgc'; diff --git a/docker-entrypoint-initdb.d/2-pgc-allow.sh b/docker-entrypoint-initdb.d/2-pgc-allow.sh new file mode 100644 index 00000000000..0b44cf6d252 --- /dev/null +++ b/docker-entrypoint-initdb.d/2-pgc-allow.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +echo "host template1 pgc 0.0.0.0/0 trust" >> /var/lib/postgresql/data/pg_hba.conf + diff --git a/properties/default.persistence.env b/properties/default.persistence.env index 6569d2ea096..a900ec5bb4b 100644 --- a/properties/default.persistence.env +++ b/properties/default.persistence.env @@ -24,11 +24,11 @@ ORG_ORCID_PERSISTENCE_DB_READONLY_PASSWORD=orcidro ORG_ORCID_PERSISTENCE_DB_READONLY_PREFERRED_TEST_QUERY=select 1 ORG_ORCID_PERSISTENCE_DB_READONLY_SHOW_SQL="false" ORG_ORCID_PERSISTENCE_DB_READONLY_TEST_CONNECTION_ON_CHECKIN="true" -ORG_ORCID_PERSISTENCE_DB_READONLY_URL=jdbc:postgresql://postgres:5432/orcid +ORG_ORCID_PERSISTENCE_DB_READONLY_URL=jdbc:postgresql://haprouter:7432/orcid ORG_ORCID_PERSISTENCE_DB_READONLY_USERNAME=orcidro ORG_ORCID_PERSISTENCE_DB_SHOW_SQL="false" ORG_ORCID_PERSISTENCE_DB_TEST_CONNECTION_ON_CHECKIN="true" -ORG_ORCID_PERSISTENCE_DB_URL=jdbc:postgresql://postgres:5432/orcid +ORG_ORCID_PERSISTENCE_DB_URL=jdbc:postgresql://haprouter:6432/orcid ORG_ORCID_PERSISTENCE_DB_USERNAME=orcid ORG_ORCID_PERSISTENCE_INTERNAL_API_DB_INITIAL_POOL_SIZE="1" ORG_ORCID_PERSISTENCE_INTERNAL_API_DB_MAX_POOL_SIZE="3" @@ -43,7 +43,7 @@ ORG_ORCID_PERSISTENCE_LIQUIBASE_ENABLED="false" ORG_ORCID_PERSISTENCE_SOLR_ALLOW_COMPRESSION="true" ORG_ORCID_PERSISTENCE_SOLR_CONNECTION_TIMEOUT="60000" ORG_ORCID_PERSISTENCE_SOLR_MAX_RETRIES="1" -ORG_ORCID_PERSISTENCE_SOLR_READ_ONLY_URL=http://solr/solr +ORG_ORCID_PERSISTENCE_SOLR_READ_ONLY_URL=http://haprouter:7983/solr ORG_ORCID_PERSISTENCE_TOGGLZ_CACHE_TTL="60000" ORG_ORCID_PERSISTENCE_TOGGLZ_DB_CLASS=org.postgresql.Driver ORG_ORCID_PERSISTENCE_TOGGLZ_DB_IDLE_CONNECTION_TEST_PERIOD="60" @@ -55,7 +55,7 @@ ORG_ORCID_PERSISTENCE_TOGGLZ_DB_NUM_HELPER_THREADS="5" ORG_ORCID_PERSISTENCE_TOGGLZ_DB_PASSWORD=orcid ORG_ORCID_PERSISTENCE_TOGGLZ_DB_PREFERRED_TEST_QUERY=select 1 ORG_ORCID_PERSISTENCE_TOGGLZ_DB_TEST_CONNECTION_ON_CHECKIN="true" -ORG_ORCID_PERSISTENCE_TOGGLZ_DB_URL=jdbc:postgresql://postgres:5432/features +ORG_ORCID_PERSISTENCE_TOGGLZ_DB_URL=jdbc:postgresql://haprouter:6432/features ORG_ORCID_PERSISTENCE_TOGGLZ_DB_USERNAME=orcid # sched ones From 8ae0c47c4c9d84fe1ee425bee1deff6ed4999119 Mon Sep 17 00:00:00 2001 From: Giles Westwood Date: Mon, 9 Dec 2024 15:37:24 +0000 Subject: [PATCH 16/19] cleaner overridable haprouter config --- docker-compose.yml | 16 +++------------- orcid-haprouter/deployment.env | 1 + orcid-haprouter/dev.env | 12 ++++++++++++ 3 files changed, 16 insertions(+), 13 deletions(-) create mode 100644 orcid-haprouter/deployment.env create mode 100644 orcid-haprouter/dev.env diff --git a/docker-compose.yml b/docker-compose.yml index 24f3901ea39..92525ac0734 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -46,19 +46,9 @@ services: build: context: . dockerfile: orcid-haprouter/Dockerfile - environment: - POSTGRES_READ_FQDN_A: postgres - POSTGRES_READ_FQDN_B: localhost - POSTGRES_READ_FQDN_C: localhost - POSTGRES_WRITE_FQDN_A: postgres - POSTGRES_WRITE_FQDN_B: localhost - POSTGRES_WRITE_FQDN_C: localhost - SOLR_READ_FQDN_A: solr - SOLR_READ_FQDN_B: localhost - SOLR_READ_FQDN_C: localhost - SOLR_WRITE_FQDN_A: solr - SOLR_WRITE_FQDN_B: localhost - SOLR_WRITE_FQDN_C: localhost + env_file: + - orcid-haprouter/dev.env + - orcid-haprouter/deployment.env ports: - 0.0.0.0:8888:1936 # stats - 0.0.0.0:7983:7983 # solr read diff --git a/orcid-haprouter/deployment.env b/orcid-haprouter/deployment.env new file mode 100644 index 00000000000..34094e6dbf4 --- /dev/null +++ b/orcid-haprouter/deployment.env @@ -0,0 +1 @@ +# empty file that is written out by deployment systems diff --git a/orcid-haprouter/dev.env b/orcid-haprouter/dev.env new file mode 100644 index 00000000000..87a0fe519c0 --- /dev/null +++ b/orcid-haprouter/dev.env @@ -0,0 +1,12 @@ +POSTGRES_READ_FQDN_A=postgres +POSTGRES_READ_FQDN_B=localhost +POSTGRES_READ_FQDN_C=localhost +POSTGRES_WRITE_FQDN_A=postgres +POSTGRES_WRITE_FQDN_B=localhost +POSTGRES_WRITE_FQDN_C=localhost +SOLR_READ_FQDN_A=solr +SOLR_READ_FQDN_B=localhost +SOLR_READ_FQDN_C=localhost +SOLR_WRITE_FQDN_A=solr +SOLR_WRITE_FQDN_B=localhost +SOLR_WRITE_FQDN_C=localhost From 935a3915bb2c81d64e7e8638b0bf2048429b9309 Mon Sep 17 00:00:00 2001 From: Giles Westwood Date: Mon, 9 Dec 2024 15:39:58 +0000 Subject: [PATCH 17/19] default.env is transfered via anisble not dev.env --- orcid-haprouter/{dev.env => default.env} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename orcid-haprouter/{dev.env => default.env} (100%) diff --git a/orcid-haprouter/dev.env b/orcid-haprouter/default.env similarity index 100% rename from orcid-haprouter/dev.env rename to orcid-haprouter/default.env From 4de984cace25865de5553331e2c810969aaecdb5 Mon Sep 17 00:00:00 2001 From: Giles Westwood Date: Mon, 9 Dec 2024 15:41:33 +0000 Subject: [PATCH 18/19] default.env is transfered via anisble not dev.env --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 92525ac0734..81746d623a9 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -47,7 +47,7 @@ services: context: . dockerfile: orcid-haprouter/Dockerfile env_file: - - orcid-haprouter/dev.env + - orcid-haprouter/default.env - orcid-haprouter/deployment.env ports: - 0.0.0.0:8888:1936 # stats From 37453e22e4f1d5a69a6d72622c397e6193a4a6db Mon Sep 17 00:00:00 2001 From: amontenegro Date: Mon, 9 Dec 2024 10:45:02 -0600 Subject: [PATCH 19/19] Update passphrase --- docker-entrypoint-initdb.d/4-orcid-schema.sql | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docker-entrypoint-initdb.d/4-orcid-schema.sql b/docker-entrypoint-initdb.d/4-orcid-schema.sql index d69c75e8c39..03354f2ce4c 100644 --- a/docker-entrypoint-initdb.d/4-orcid-schema.sql +++ b/docker-entrypoint-initdb.d/4-orcid-schema.sql @@ -6535,15 +6535,15 @@ INSERT INTO public.identifier_type (id, id_name, id_validation_regex, id_resolut -- -- NOTE! The following users and clients have their passwords encrypted using the QA passphrases, so, for this to work, you will need to add the following properties env variables to tomcat: --- -Dorg.orcid.core.passPhraseForInternalEncryption=XeZa8wUkuchusp8saWaW --- -Dorg.orcid.core.passPhraseForExternalEncryption=spAbusa3ubRase7udEpr +-- -Dorg.orcid.core.passPhraseForInternalEncryption=wibbler12345678 +-- -Dorg.orcid.core.passPhraseForExternalEncryption=wibbler12345678 -- -- -- Create users -- -INSERT INTO public.profile (orcid, date_created, last_modified, account_expiry, completed_date, claimed, creation_method, enabled, encrypted_password, is_selectable_sponsor, source_id, orcid_type, submission_date, indexing_status, profile_deactivation_date, activities_visibility_default, last_indexed_date, locale, primary_record, deprecated_date, group_type, referred_by, enable_developer_tools, salesforce_id, client_source_id, developer_tools_enabled_date, record_locked, used_captcha_on_registration, user_last_ip, reviewed, reason_locked, reason_locked_description, hashed_orcid, last_login, secret_for_2fa, using_2fa, deprecating_admin, deprecated_method, record_locked_date, record_locked_admin_id, signin_lock_start, signin_lock_last_attempt, signin_lock_count, auto_lock_date) VALUES ('0000-0000-0000-0000', '2024-12-05 20:17:30.31', '2024-12-05 20:17:30.037982', NULL, NULL, true, 'Direct', true, 'yuDgrpyC1FBhUjVoNUCSby/XKUt5fyqappN8CeC+jOZ0LDBmt+9UyWwkNistBHhAfd2SlGRQ7m+J6khv6D2OjYO/Hm/cSvVUlzVuE21RD48=', NULL, NULL, 'USER', '2024-12-05 20:17:30.038+00', 'DONE', NULL, 'PUBLIC', '2024-12-05 20:17:38.210127+00', 'EN', NULL, NULL, NULL, NULL, false, NULL, NULL, NULL, false, true, '186.5.174.177', false, NULL, NULL, '92642c5c8e7d21de97aadf4c913a0817be9a1ee9a04091a22be7870489734b89', '2024-12-05 20:20:18.633868', NULL, false, NULL, NULL, NULL, NULL, NULL, NULL, 0, NULL); -INSERT INTO public.profile (orcid, date_created, last_modified, account_expiry, completed_date, claimed, creation_method, enabled, encrypted_password, is_selectable_sponsor, source_id, orcid_type, submission_date, indexing_status, profile_deactivation_date, activities_visibility_default, last_indexed_date, locale, primary_record, deprecated_date, group_type, referred_by, enable_developer_tools, salesforce_id, client_source_id, developer_tools_enabled_date, record_locked, used_captcha_on_registration, user_last_ip, reviewed, reason_locked, reason_locked_description, hashed_orcid, last_login, secret_for_2fa, using_2fa, deprecating_admin, deprecated_method, record_locked_date, record_locked_admin_id, signin_lock_start, signin_lock_last_attempt, signin_lock_count, auto_lock_date) VALUES ('0000-0000-0000-0001', '2024-12-05 20:18:52.782', '2024-12-05 20:18:52.523386', NULL, NULL, true, 'Direct', true, 'X7VnXb6WRFdy1cI3DV4UPSn55SUOr9Tmy5wVjrwohsoOu+5JIWg2BZm3RQeR1gtyw/74YPJ+SUyUAPskoTdGw36oRlCQ1bKheRhpHy4QnpU=', NULL, NULL, 'ADMIN', '2024-12-05 20:18:52.524+00', 'DONE', NULL, 'PUBLIC', '2024-12-05 20:18:58.276245+00', 'EN', NULL, NULL, NULL, NULL, false, NULL, NULL, NULL, false, true, '186.5.174.177', false, NULL, NULL, '43a7ac7d5ccde49654ec71a1d5d3a7829517086206d9c0366fc9b64316e51002', '2024-12-05 20:20:32.078858', NULL, false, NULL, NULL, NULL, NULL, NULL, NULL, 0, NULL); +INSERT INTO public.profile (orcid, date_created, last_modified, account_expiry, completed_date, claimed, creation_method, enabled, encrypted_password, is_selectable_sponsor, source_id, orcid_type, submission_date, indexing_status, profile_deactivation_date, activities_visibility_default, last_indexed_date, locale, primary_record, deprecated_date, group_type, referred_by, enable_developer_tools, salesforce_id, client_source_id, developer_tools_enabled_date, record_locked, used_captcha_on_registration, user_last_ip, reviewed, reason_locked, reason_locked_description, hashed_orcid, last_login, secret_for_2fa, using_2fa, deprecating_admin, deprecated_method, record_locked_date, record_locked_admin_id, signin_lock_start, signin_lock_last_attempt, signin_lock_count, auto_lock_date) VALUES ('0000-0000-0000-0000', '2024-12-05 20:17:30.31', '2024-12-05 20:17:30.037982', NULL, NULL, true, 'Direct', true, '7wc70RIAw5b2P5DS15Rpllw2UbNNZl0pU71ITWbeG7MB28AOZcidpzscwCBuql/k/O9TUKN6EQ1gz615fhKF+1Z7MrNWlXli4pyaXRyzgOQ=', NULL, NULL, 'USER', '2024-12-05 20:17:30.038+00', 'DONE', NULL, 'PUBLIC', '2024-12-05 20:17:38.210127+00', 'EN', NULL, NULL, NULL, NULL, false, NULL, NULL, NULL, false, true, '186.5.174.177', false, NULL, NULL, '92642c5c8e7d21de97aadf4c913a0817be9a1ee9a04091a22be7870489734b89', '2024-12-05 20:20:18.633868', NULL, false, NULL, NULL, NULL, NULL, NULL, NULL, 0, NULL); +INSERT INTO public.profile (orcid, date_created, last_modified, account_expiry, completed_date, claimed, creation_method, enabled, encrypted_password, is_selectable_sponsor, source_id, orcid_type, submission_date, indexing_status, profile_deactivation_date, activities_visibility_default, last_indexed_date, locale, primary_record, deprecated_date, group_type, referred_by, enable_developer_tools, salesforce_id, client_source_id, developer_tools_enabled_date, record_locked, used_captcha_on_registration, user_last_ip, reviewed, reason_locked, reason_locked_description, hashed_orcid, last_login, secret_for_2fa, using_2fa, deprecating_admin, deprecated_method, record_locked_date, record_locked_admin_id, signin_lock_start, signin_lock_last_attempt, signin_lock_count, auto_lock_date) VALUES ('0000-0000-0000-0001', '2024-12-05 20:18:52.782', '2024-12-05 20:18:52.523386', NULL, NULL, true, 'Direct', true, '7wc70RIAw5b2P5DS15Rpllw2UbNNZl0pU71ITWbeG7MB28AOZcidpzscwCBuql/k/O9TUKN6EQ1gz615fhKF+1Z7MrNWlXli4pyaXRyzgOQ=', NULL, NULL, 'ADMIN', '2024-12-05 20:18:52.524+00', 'DONE', NULL, 'PUBLIC', '2024-12-05 20:18:58.276245+00', 'EN', NULL, NULL, NULL, NULL, false, NULL, NULL, NULL, false, true, '186.5.174.177', false, NULL, NULL, '43a7ac7d5ccde49654ec71a1d5d3a7829517086206d9c0366fc9b64316e51002', '2024-12-05 20:20:32.078858', NULL, false, NULL, NULL, NULL, NULL, NULL, NULL, 0, NULL); INSERT INTO public.email (date_created, last_modified, email, orcid, visibility, is_primary, is_current, is_verified, source_id, client_source_id, email_hash, assertion_origin_source_id, assertion_origin_client_source_id, date_verified) VALUES ('2024-12-05 20:18:52.785+00', '2024-12-05 20:18:52.785+00', 'admin@orcid.org', '0000-0000-0000-0001', 'PRIVATE', true, true, false, '0000-0000-0000-0001', NULL, 'c9fb16d78d4f44c1ff05ca7cf81a8b267c525bc2144886c1e0af89c374484af9', NULL, NULL, NULL); INSERT INTO public.email (date_created, last_modified, email, orcid, visibility, is_primary, is_current, is_verified, source_id, client_source_id, email_hash, assertion_origin_source_id, assertion_origin_client_source_id, date_verified) VALUES ('2024-12-05 20:17:30.313+00', '2024-12-05 20:17:30.313+00', 'user@orcid.org', '0000-0000-0000-0000', 'PRIVATE', true, true, false, '0000-0000-0000-0000', NULL, '9167d11d8fd4253671d7cf74b80d8053b267fad86e36e891b4b8a5d90db45cb8', NULL, NULL, NULL); INSERT INTO public.record_name (id, orcid, credit_name, family_name, given_names, visibility, date_created, last_modified) VALUES (10463, '0000-0000-0000-0000', NULL, 'Orcid', 'User', 'PUBLIC', '2024-12-05 20:17:30.316+00', '2024-12-05 20:17:30.316+00'); @@ -6554,7 +6554,7 @@ INSERT INTO public.granted_authority (authority, orcid, date_created, last_modif -- -- Create premium member -- -INSERT INTO public.profile (orcid, date_created, last_modified, account_expiry, completed_date, claimed, creation_method, enabled, encrypted_password, is_selectable_sponsor, source_id, orcid_type, submission_date, indexing_status, profile_deactivation_date, activities_visibility_default, last_indexed_date, locale, primary_record, deprecated_date, group_type, referred_by, enable_developer_tools, salesforce_id, client_source_id, developer_tools_enabled_date, record_locked, used_captcha_on_registration, user_last_ip, reviewed, reason_locked, reason_locked_description, hashed_orcid, last_login, secret_for_2fa, using_2fa, deprecating_admin, deprecated_method, record_locked_date, record_locked_admin_id, signin_lock_start, signin_lock_last_attempt, signin_lock_count, auto_lock_date) VALUES ('0009-0000-0000-0000', '2024-04-22 14:28:28.872', '2024-04-22 14:28:46.537', NULL, NULL, true, 'Direct', true, NULL, NULL, NULL, 'GROUP', '2024-04-22 14:28:28.865+00', 'DONE', NULL, 'PRIVATE', '2024-04-22 15:28:39.641078+00', 'EN', NULL, NULL, 'PREMIUM', NULL, false, '123456789012345', NULL, NULL, false, false, NULL, true, NULL, NULL, '716ba0ab70d546a7b7578118a7aec863564e555ebc21caa0b3d9fc17dec87383', NULL, NULL, false, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); +INSERT INTO public.profile (orcid, date_created, last_modified, account_expiry, completed_date, claimed, creation_method, enabled, encrypted_password, is_selectable_sponsor, source_id, orcid_type, submission_date, indexing_status, profile_deactivation_date, activities_visibility_default, last_indexed_date, locale, primary_record, deprecated_date, group_type, referred_by, enable_developer_tools, salesforce_id, client_source_id, developer_tools_enabled_date, record_locked, used_captcha_on_registration, user_last_ip, reviewed, reason_locked, reason_locked_description, hashed_orcid, last_login, secret_for_2fa, using_2fa, deprecating_admin, deprecated_method, record_locked_date, record_locked_admin_id, signin_lock_start, signin_lock_last_attempt, signin_lock_count, auto_lock_date) VALUES ('0009-0000-0000-0000', '2024-04-22 14:28:28.872', '2024-04-22 14:28:46.537', NULL, NULL, true, 'Direct', true, '7wc70RIAw5b2P5DS15Rpllw2UbNNZl0pU71ITWbeG7MB28AOZcidpzscwCBuql/k/O9TUKN6EQ1gz615fhKF+1Z7MrNWlXli4pyaXRyzgOQ=', NULL, NULL, 'GROUP', '2024-04-22 14:28:28.865+00', 'DONE', NULL, 'PRIVATE', '2024-04-22 15:28:39.641078+00', 'EN', NULL, NULL, 'PREMIUM', NULL, false, '123456789012345', NULL, NULL, false, false, NULL, true, NULL, NULL, '716ba0ab70d546a7b7578118a7aec863564e555ebc21caa0b3d9fc17dec87383', NULL, NULL, false, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); INSERT INTO public.email (date_created, last_modified, email, orcid, visibility, is_primary, is_current, is_verified, source_id, client_source_id, email_hash, assertion_origin_source_id, assertion_origin_client_source_id, date_verified) VALUES ('2024-04-22 14:28:28.889+00', '2024-04-22 14:28:28.889+00', 'member@orcid.org', '0009-0000-0000-0000', 'PRIVATE', true, true, true, '0009-0000-0000-0000', NULL, '31f4018550531879ff9f02f3b0670cf6abc13524bc2c94d8eb25149085f31a52', NULL, NULL, NULL); INSERT INTO public.granted_authority (authority, orcid, date_created, last_modified) VALUES ('ROLE_GROUP', '0009-0000-0000-0000', '2024-04-22 14:28:28.873', '2024-04-22 14:28:28.873'); INSERT INTO public.record_name (id, orcid, credit_name, family_name, given_names, visibility, date_created, last_modified) VALUES (9281, '0009-0000-0000-0000', 'Member', NULL, NULL, 'PUBLIC', '2024-04-22 14:28:28.904+00', '2024-04-22 14:28:28.904+00'); @@ -6565,7 +6565,7 @@ INSERT INTO public.record_name (id, orcid, credit_name, family_name, given_names -- Client redirect uri: https://qa.orcid.org -- INSERT INTO public.client_details (client_details_id, client_secret, date_created, last_modified, client_name, webhooks_enabled, client_description, client_website, persistent_tokens_enabled, group_orcid, client_type, authentication_provider_id, allow_auto_deprecate, email_access_reason, user_obo_enabled, deactivated_date, deactivated_by) VALUES ('APP-0000000000000000000', NULL, '2024-04-22 14:29:52.29', '2024-04-22 14:30:46.541', 'Test', true, 'Just a test', 'http://www.orcid.org', true, '0009-0000-0000-0000', 'PREMIUM_UPDATER', '', false, NULL, false, NULL, NULL); -INSERT INTO public.client_secret (client_details_id, client_secret, date_created, last_modified, is_primary) VALUES ('APP-0000000000000000000', 'v7XOuWET5Qx6noSQgkt9n0HaBe0Z+QS+0jNREQXDARAky8HA7ZYLZ05p8bLCUxvQ', '2024-04-22 14:29:52.296+00', '2024-04-22 14:29:52.296+00', true); +INSERT INTO public.client_secret (client_details_id, client_secret, date_created, last_modified, is_primary) VALUES ('APP-0000000000000000000', '/yDskPX+DCU3aMoNHgyvyiMpPLF4cqErwG4vKHqmKu3diCjdYJKyH30u9Ue+7RTm', '2024-04-22 14:29:52.296+00', '2024-04-22 14:29:52.296+00', true); INSERT INTO public.client_redirect_uri (client_details_id, redirect_uri, date_created, last_modified, predefined_client_redirect_scope, redirect_uri_type, uri_act_type, uri_geo_area, status) VALUES ('APP-0000000000000000000', 'https://qa.orcid.org', '2024-04-22 14:29:52.293', '2024-04-22 14:29:52.293', '', 'default', '{"import-works-wizard":["Articles"]}', '{"import-works-wizard":["Global"]}', 'OK'); INSERT INTO public.client_authorised_grant_type (client_details_id, grant_type, date_created, last_modified) VALUES ('APP-0000000000000000000', 'refresh_token', '2024-04-22 14:29:52.291', '2024-04-22 14:29:52.291'); INSERT INTO public.client_authorised_grant_type (client_details_id, grant_type, date_created, last_modified) VALUES ('APP-0000000000000000000', 'implicit', '2024-04-22 14:29:52.292', '2024-04-22 14:29:52.292');