DataProtection.Autorest/custom/Cmdlets/Platform/Vault/Set-AzDataProtectionMSIPermission.ps1
|
function Get-VaultIdentity { [Microsoft.Azure.PowerShell.Cmdlets.DataProtection.DoNotExportAttribute()] param ( [Parameter(Mandatory=$true)] [System.Object] $vault, [Parameter(Mandatory=$false)] [System.String] $UserAssignedIdentityARMId ) #Determine the vault MSI to be used $vaultIdentity = $null if ($UserAssignedIdentityARMId) { $vaultIdentity = $vault.Identity.UserAssignedIdentity[$UserAssignedIdentityARMId].PrincipalID Write-Host "Using Vault UAMI with ARMId: $UserAssignedIdentityARMId with Principal ID: $vaultIdentity" } else { $vaultIdentity = $vault.Identity.PrincipalId Write-Host "Using system-assigned identity with Principal ID: $vaultIdentity" } if (-not $vaultIdentity) { throw "Vault identity could not be determined. Please check the UserAssignedIdentityARMId or the vault configuration." } return $vaultIdentity } function Set-AzDataProtectionMSIPermission { [OutputType('System.Object')] [CmdletBinding(PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact = 'High')] [Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Description('Grants required permissions to the backup vault and other resources for configure backup and restore scenarios')] [Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Runtime.PreviewMessage("**********************************************************************************************`n * This cmdlet will undergo a breaking change in Az v16.0.0, to be released on May 2026. *`n * At least one change applies to this cmdlet. *`n * See all possible breaking changes at https://go.microsoft.com/fwlink/?linkid=2333486 *`n ***************************************************************************************************")] param( [Parameter(ParameterSetName="SetPermissionsForBackup", Mandatory, HelpMessage='Backup instance request object which will be used to configure backup')] [Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Models.Api20260301.IBackupInstanceResource] ${BackupInstance}, [Parameter(ParameterSetName="SetPermissionsForBackup", Mandatory=$false, HelpMessage='ID of the keyvault')] [ValidatePattern("/subscriptions/([A-z0-9\-]+)/resourceGroups/(?<rg>.+)/(?<id>.+)")] [System.String] ${KeyVaultId}, [Parameter(ParameterSetName="SetPermissionsForRestore", Mandatory=$false, HelpMessage='Subscription Id of the backup vault')] [System.String] ${SubscriptionId}, [Parameter(Mandatory, HelpMessage='Resource group of the backup vault')] [Alias('ResourceGroupName')] [System.String] ${VaultResourceGroup}, [Parameter(Mandatory, HelpMessage='Name of the backup vault')] [System.String] ${VaultName}, [Parameter(Mandatory, HelpMessage='Scope at which the permissions need to be granted')] [System.String] [ValidateSet("Resource","ResourceGroup","Subscription")] ${PermissionsScope}, [Parameter(ParameterSetName="SetPermissionsForRestore", Mandatory=$false, HelpMessage='Datasource Type')] [Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Support.DatasourceTypes] ${DatasourceType}, [Parameter(ParameterSetName="SetPermissionsForRestore", Mandatory, HelpMessage='Restore request object which will be used for restore')] [Microsoft.Azure.PowerShell.Cmdlets.DataProtection.Models.Api20260301.IAzureBackupRestoreRequest] ${RestoreRequest}, [Parameter(ParameterSetName="SetPermissionsForRestore", Mandatory=$false, HelpMessage='Snapshot Resource Group')] [System.String] [ValidatePattern("/subscriptions/([A-z0-9\-]+)/resourceGroups/(?<rg>.+)")] ${SnapshotResourceGroupId}, [Parameter(ParameterSetName="SetPermissionsForRestore", Mandatory=$false, HelpMessage='Target storage account ARM Id. Use this parameter for DatasourceType AzureDatabaseForMySQL, AzureDatabaseForPGFlexServer.')] [System.String] ${StorageAccountARMId}, [Parameter(Mandatory=$false, HelpMessage='User Assigned Identity ARM ID of the backup vault to be used for assigning permissions')] [Alias('AssignUserIdentity')] [System.String] ${UserAssignedIdentityARMId} ) process { CheckResourcesModuleDependency $OriginalWarningPreference = $WarningPreference $WarningPreference = 'SilentlyContinue' $MissingRolesInitially = $false if($PsCmdlet.ParameterSetName -eq "SetPermissionsForRestore"){ $DatasourceId = $RestoreRequest.RestoreTargetInfo.DatasourceInfo.ResourceId $DatasourceTypeInternal = "" $subscriptionIdInternal = "" if($DataSourceId -ne $null){ $DatasourceTypeInternal = GetClientDatasourceType -ServiceDatasourceType $RestoreRequest.RestoreTargetInfo.DatasourceInfo.Type $ResourceArray = $DataSourceId.Split("/") $ResourceRG = GetResourceGroupIdFromArmId -Id $DataSourceId $SubscriptionName = GetSubscriptionNameFromArmId -Id $DataSourceId $subscriptionIdInternal = $ResourceArray[2] if($DatasourceType -ne $null -and $DatasourceTypeInternal -ne $DatasourceType){ throw "DatasourceType is not compatible with the RestoreRequest" } } elseif($DatasourceType -ne $null){ $DatasourceTypeInternal = $DatasourceType if($SubscriptionId -eq ""){ $err = "SubscriptionId can't be identified. Please provide the value for parameter SubscriptionId" throw $err } else{ $subscriptionIdInternal = $SubscriptionId } } else{ $err = "DatasourceType can't be identified since DataSourceInfo is null. Please provide the value for parameter DatasourceType" throw $err } $manifest = LoadManifest -DatasourceType $DatasourceTypeInternal.ToString() $vault = Az.DataProtection\Get-AzDataProtectionBackupVault -VaultName $VaultName -ResourceGroupName $VaultResourceGroup -SubscriptionId $subscriptionIdInternal $vaultIdentity = Get-VaultIdentity -vault $vault -UserAssignedIdentityARMId $UserAssignedIdentityARMId if(-not $manifest.supportRestoreGrantPermission){ $err = "Set permissions for restore is currently not supported for given DataSourceType" throw $err } if(($manifest.dataSourceOverSnapshotRGPermissions.Length -gt 0 -or $manifest.snapshotRGPermissions.Length -gt 0) -and $SnapshotResourceGroupId -eq ""){ $warning = "SnapshotResourceGroupId parameter is required to assign permissions over snapshot resource group, skipping" Write-Warning $warning } else{ foreach($Permission in $manifest.dataSourceOverSnapshotRGPermissions) { if($DatasourceTypeInternal -eq "AzureKubernetesService"){ CheckAksModuleDependency $aksCluster = Get-AzAksCluster -Id $RestoreRequest.RestoreTargetInfo.DataSourceInfo.ResourceId -SubscriptionId $subscriptionIdInternal $dataSourceMSI = "" if($aksCluster.Identity.Type -match "UserAssigned"){ $UAMIKey = $aksCluster.Identity.UserAssignedIdentities.Keys[0] if($UAMIKey -eq "" -or $UAMIKey -eq $null){ Write-Error "User assigned identity not found for AKS cluster." } $dataSourceMSI = $aksCluster.Identity.UserAssignedIdentities[$UAMIKey].PrincipalId } else{ $dataSourceMSI = $aksCluster.Identity.PrincipalId } $dataSourceMSIRoles = Az.Resources\Get-AzRoleAssignment -ObjectId $dataSourceMSI } # CSR: $SubscriptionName might be different when we add cross subscription restore $CheckPermission = $dataSourceMSIRoles | Where-Object { ($_.Scope -eq $SnapshotResourceGroupId -or $_.Scope -eq $SubscriptionName) -and $_.RoleDefinitionName -eq $Permission} if($CheckPermission -ne $null) { Write-Host "Required permission $($Permission) is already assigned to target resource with Id $($RestoreRequest.RestoreTargetInfo.DataSourceInfo.ResourceId) over snapshot resource group with Id $($SnapshotResourceGroupId)" } else { # can add snapshot resource group name in allow statement if ($PSCmdlet.ShouldProcess("$($RestoreRequest.RestoreTargetInfo.DataSourceInfo.ResourceId)","Allow $($Permission) permission over snapshot resource group")) { $MissingRolesInitially = $true AssignMissingRoles -ObjectId $dataSourceMSI -Permission $Permission -PermissionsScope $PermissionsScope -Resource $SnapshotResourceGroupId -ResourceGroup $SnapshotResourceGroupId -Subscription $SubscriptionName Write-Host "Assigned $($Permission) permission to target resource with Id $($RestoreRequest.RestoreTargetInfo.DataSourceInfo.ResourceId) over snapshot resource group with Id $($SnapshotResourceGroupId)" } } } foreach($Permission in $manifest.snapshotRGPermissions) { $AllRoles = Az.Resources\Get-AzRoleAssignment -ObjectId $vaultIdentity # CSR: $SubscriptionName might be different when we add cross subscription restore $CheckPermission = $AllRoles | Where-Object { ($_.Scope -eq $SnapshotResourceGroupId -or $_.Scope -eq $SubscriptionName) -and $_.RoleDefinitionName -eq $Permission} if($CheckPermission -ne $null) { Write-Host "Required permission $($Permission) is already assigned to backup vault over snapshot resource group with Id $($SnapshotResourceGroupId)" } else { $MissingRolesInitially = $true AssignMissingRoles -ObjectId $vaultIdentity -Permission $Permission -PermissionsScope $PermissionsScope -Resource $SnapshotResourceGroupId -ResourceGroup $SnapshotResourceGroupId -Subscription $SubscriptionName Write-Host "Assigned $($Permission) permission to the backup vault over snapshot resource group with Id $($SnapshotResourceGroupId)" } } } foreach($Permission in $manifest.datasourcePermissionsForRestore) { # set context to the subscription where ObjectId is present $AllRoles = Az.Resources\Get-AzRoleAssignment -ObjectId $vaultIdentity $CheckPermission = $AllRoles | Where-Object { ($_.Scope -eq $DataSourceId -or $_.Scope -eq $ResourceRG -or $_.Scope -eq $SubscriptionName) -and $_.RoleDefinitionName -eq $Permission} if($CheckPermission -ne $null) { Write-Host "Required permission $($Permission) is already assigned to backup vault over DataSource with Id $($DataSourceId)" } else { $MissingRolesInitially = $true AssignMissingRoles -ObjectId $vaultIdentity -Permission $Permission -PermissionsScope $PermissionsScope -Resource $DataSourceId -ResourceGroup $ResourceRG -Subscription $SubscriptionName Write-Host "Assigned $($Permission) permission to the backup vault over DataSource with Id $($DataSourceId)" } } foreach($Permission in $manifest.storageAccountPermissionsForRestore) { # set context to the subscription where ObjectId is present $AllRoles = Az.Resources\Get-AzRoleAssignment -ObjectId $vaultIdentity $targetResourceArmId = $restoreRequest.RestoreTargetInfo.TargetDetail.TargetResourceArmId if($targetResourceArmId -ne $null -and $targetResourceArmId -ne ""){ if(-not $targetResourceArmId.Contains("/blobServices/")){ $err = "restoreRequest.RestoreTargetInfo.TargetDetail.TargetResourceArmId is not in the correct format" throw $err } $storageAccId = ($targetResourceArmId -split "/blobServices/")[0] $storageAccResourceGroupId = ($targetResourceArmId -split "/providers/")[0] $storageAccountSubId = ($targetResourceArmId -split "/resourceGroups/")[0] } else{ if($StorageAccountARMId -eq ""){ $err = "Permissions can't be assigned to target storage account. Please input parameter StorageAccountARMId" throw $err } # storage Account subscription and resource group $storageAccountSubId = ($StorageAccountARMId -split "/resourceGroups/")[0] $storageAccResourceGroupId = ($StorageAccountARMId -split "/providers/")[0] # storage Account ID $storageAccId = $StorageAccountARMId } $CheckPermission = $AllRoles | Where-Object { ($_.Scope -eq $storageAccId -or $_.Scope -eq $storageAccResourceGroupId -or $_.Scope -eq $storageAccountSubId) -and $_.RoleDefinitionName -eq $Permission} if($CheckPermission -ne $null) { Write-Host "Required permission $($Permission) is already assigned to backup vault over storage account with Id $($storageAccId)" } else { $MissingRolesInitially = $true AssignMissingRoles -ObjectId $vaultIdentity -Permission $Permission -PermissionsScope $PermissionsScope -Resource $storageAccId -ResourceGroup $storageAccResourceGroupId -Subscription $storageAccountSubId Write-Host "Assigned $($Permission) permission to the backup vault over storage account with Id $($storageAccId)" } } } elseif($PsCmdlet.ParameterSetName -eq "SetPermissionsForBackup"){ $DatasourceId = $BackupInstance.Property.DataSourceInfo.ResourceId $DatasourceType = GetClientDatasourceType -ServiceDatasourceType $BackupInstance.Property.DataSourceInfo.Type $manifest = LoadManifest -DatasourceType $DatasourceType.ToString() $ResourceArray = $DataSourceId.Split("/") $ResourceRG = GetResourceGroupIdFromArmId -Id $DataSourceId $SubscriptionName = GetSubscriptionNameFromArmId -Id $DataSourceId $subscriptionId = $ResourceArray[2] $vault = Az.DataProtection\Get-AzDataProtectionBackupVault -VaultName $VaultName -ResourceGroupName $VaultResourceGroup -SubscriptionId $ResourceArray[2] $vaultIdentity = Get-VaultIdentity -vault $vault -UserAssignedIdentityARMId $UserAssignedIdentityARMId $AllRoles = Az.Resources\Get-AzRoleAssignment -ObjectId $vaultIdentity # If more DataSourceTypes support this then we can make it manifest driven if($DatasourceType -eq "AzureDatabaseForPostgreSQL") { CheckPostgreSqlModuleDependency CheckKeyVaultModuleDependency if($KeyVaultId -eq "" -or $KeyVaultId -eq $null) { Write-Error "KeyVaultId not provided. Please provide the KeyVaultId parameter to successfully assign the permissions on the keyvault" } $KeyvaultName = GetResourceNameFromArmId -Id $KeyVaultId $KeyvaultRGName = GetResourceGroupNameFromArmId -Id $KeyVaultId $ServerName = GetResourceNameFromArmId -Id $DataSourceId $ServerRG = GetResourceGroupNameFromArmId -Id $DataSourceId $KeyvaultArray = $KeyVaultId.Split("/") $KeyvaultRG = GetResourceGroupIdFromArmId -Id $KeyVaultId $KeyvaultSubscriptionName = GetSubscriptionNameFromArmId -Id $KeyVaultId if ($PSCmdlet.ShouldProcess("KeyVault: $($KeyvaultName) and PostgreSQLServer: $($ServerName)"," 1.'Allow All Azure services' under network connectivity in the Postgres Server 2.'Allow Trusted Azure services' under network connectivity in the Key vault")) { Update-AzPostgreSqlServer -ResourceGroupName $ServerRG -ServerName $ServerName -PublicNetworkAccess Enabled| Out-Null New-AzPostgreSqlFirewallRule -Name AllowAllAzureIps -ResourceGroupName $ServerRG -ServerName $ServerName -EndIPAddress 0.0.0.0 -StartIPAddress 0.0.0.0 | Out-Null $SecretsList = "" try{$SecretsList = Get-AzKeyVaultSecret -VaultName $KeyvaultName} catch{ $err = $_ throw $err } $SecretValid = $false $GivenSecretUri = $BackupInstance.Property.DatasourceAuthCredentials.SecretStoreResource.Uri foreach($Secret in $SecretsList) { $SecretArray = $Secret.Id.Split("/") $SecretArray[2] = $SecretArray[2] -replace "....$" $SecretUri = $SecretArray[0] + "/" + $SecretArray[1] + "/"+ $SecretArray[2] + "/" + $SecretArray[3] + "/" + $SecretArray[4] if($Secret.Enabled -eq "true" -and $SecretUri -eq $GivenSecretUri) { $SecretValid = $true } } if($SecretValid -eq $false) { $err = "The Secret URI provided in the backup instance is not associated with the keyvault Id provided. Please provide a valid combination of Secret URI and keyvault Id" throw $err } if($KeyVault.PublicNetworkAccess -eq "Disabled") { $err = "Keyvault needs to have public network access enabled" throw $err } try{$KeyVault = Get-AzKeyVault -VaultName $KeyvaultName} catch{ $err = $_ throw $err } try{Update-AzKeyVaultNetworkRuleSet -VaultName $KeyvaultName -Bypass AzureServices -Confirm:$False} catch{ $err = $_ throw $err } } } foreach($Permission in $manifest.keyVaultPermissions) { if($KeyVault.EnableRbacAuthorization -eq $false ) { try{ $KeyVault = Get-AzKeyVault -VaultName $KeyvaultName $KeyVaultAccessPolicies = $KeyVault.AccessPolicies $KeyVaultAccessPolicy = $KeyVaultAccessPolicies | Where-Object {$_.ObjectID -eq $vaultIdentity} if($KeyVaultAccessPolicy -eq $null) { Set-AzKeyVaultAccessPolicy -VaultName $KeyvaultName -ObjectId $vaultIdentity -PermissionsToSecrets Get,List -Confirm:$False break } $KeyvaultAccessPolicyPermissions = $KeyVaultAccessPolicy."PermissionsToSecrets" $KeyvaultAccessPolicyPermissions+="Get" $KeyvaultAccessPolicyPermissions+="List" [String[]]$FinalKeyvaultAccessPolicyPermissions = $KeyvaultAccessPolicyPermissions $FinalKeyvaultAccessPolicyPermissions = $FinalKeyvaultAccessPolicyPermissions | select -uniq Set-AzKeyVaultAccessPolicy -VaultName $KeyvaultName -ObjectId $vaultIdentity -PermissionsToSecrets $FinalKeyvaultAccessPolicyPermissions -Confirm:$False } catch{ $err = $_ throw $err } } else { $CheckPermission = $AllRoles | Where-Object { ($_.Scope -eq $KeyVaultId -or $_.Scope -eq $KeyvaultRG -or $_.Scope -eq $KeyvaultSubscription) -and $_.RoleDefinitionName -eq $Permission} if($CheckPermission -ne $null) { Write-Host "Required permission $($Permission) is already assigned to backup vault over KeyVault with Id $($KeyVaultId)" } else { $MissingRolesInitially = $true AssignMissingRoles -ObjectId $vaultIdentity -Permission $Permission -PermissionsScope $PermissionsScope -Resource $KeyVaultId -ResourceGroup $KeyvaultRG -Subscription $KeyvaultSubscriptionName Write-Host "Assigned $($Permission) permission to the backup vault over key vault with Id $($KeyVaultId)" } } } foreach($Permission in $manifest.dataSourceOverSnapshotRGPermissions) { $SnapshotResourceGroupId = $BackupInstance.Property.PolicyInfo.PolicyParameter.DataStoreParametersList[0].ResourceGroupId if($DatasourceType -eq "AzureKubernetesService"){ CheckAksModuleDependency $aksCluster = Get-AzAksCluster -Id $BackupInstance.Property.DataSourceInfo.ResourceId -SubscriptionId $subscriptionId $dataSourceMSI = "" if($aksCluster.Identity.Type -match "UserAssigned"){ $UAMIKey = $aksCluster.Identity.UserAssignedIdentities.Keys[0] if($UAMIKey -eq "" -or $UAMIKey -eq $null){ Write-Error "User assigned identity not found for AKS cluster." } $dataSourceMSI = $aksCluster.Identity.UserAssignedIdentities[$UAMIKey].PrincipalId } else{ $dataSourceMSI = $aksCluster.Identity.PrincipalId } $dataSourceMSIRoles = Az.Resources\Get-AzRoleAssignment -ObjectId $dataSourceMSI } # CSR: $SubscriptionName might be different when we add cross subscription restore $CheckPermission = $dataSourceMSIRoles | Where-Object { ($_.Scope -eq $SnapshotResourceGroupId -or $_.Scope -eq $SubscriptionName) -and $_.RoleDefinitionName -eq $Permission} if($CheckPermission -ne $null) { Write-Host "Required permission $($Permission) is already assigned to DataSource with Id $($BackupInstance.Property.DataSourceInfo.ResourceId) over snapshot resource group with Id $($SnapshotResourceGroupId)" } else { # can add snapshot resource group name in allow statement if ($PSCmdlet.ShouldProcess("$($BackupInstance.Property.DataSourceInfo.ResourceId)","Allow $($Permission) permission over snapshot resource group")) { $MissingRolesInitially = $true AssignMissingRoles -ObjectId $dataSourceMSI -Permission $Permission -PermissionsScope $PermissionsScope -Resource $SnapshotResourceGroupId -ResourceGroup $SnapshotResourceGroupId -Subscription $SubscriptionName Write-Host "Assigned $($Permission) permission to DataSource with Id $($BackupInstance.Property.DataSourceInfo.ResourceId) over snapshot resource group with Id $($SnapshotResourceGroupId)" } } } foreach($Permission in $manifest.snapshotRGPermissions) { $SnapshotResourceGroupId = $BackupInstance.Property.PolicyInfo.PolicyParameter.DataStoreParametersList[0].ResourceGroupId # CSR: $SubscriptionName might be different when we add cross subscription restore $AllRoles = Az.Resources\Get-AzRoleAssignment -ObjectId $vaultIdentity $CheckPermission = $AllRoles | Where-Object { ($_.Scope -eq $SnapshotResourceGroupId -or $_.Scope -eq $SubscriptionName) -and $_.RoleDefinitionName -eq $Permission} if($CheckPermission -ne $null) { Write-Host "Required permission $($Permission) is already assigned to backup vault over snapshot resource group with Id $($SnapshotResourceGroupId)" } else { $MissingRolesInitially = $true AssignMissingRoles -ObjectId $vaultIdentity -Permission $Permission -PermissionsScope $PermissionsScope -Resource $SnapshotResourceGroupId -ResourceGroup $SnapshotResourceGroupId -Subscription $SubscriptionName Write-Host "Assigned $($Permission) permission to the backup vault over snapshot resource group with Id $($SnapshotResourceGroupId)" } } foreach($Permission in $manifest.datasourcePermissions) { $AllRoles = Az.Resources\Get-AzRoleAssignment -ObjectId $vaultIdentity $CheckPermission = $AllRoles | Where-Object { ($_.Scope -eq $DataSourceId -or $_.Scope -eq $ResourceRG -or $_.Scope -eq $SubscriptionName) -and $_.RoleDefinitionName -eq $Permission} if($CheckPermission -ne $null) { Write-Host "Required permission $($Permission) is already assigned to backup vault over DataSource with Id $($DataSourceId)" } else { $MissingRolesInitially = $true AssignMissingRoles -ObjectId $vaultIdentity -Permission $Permission -PermissionsScope $PermissionsScope -Resource $DataSourceId -ResourceGroup $ResourceRG -Subscription $SubscriptionName Write-Host "Assigned $($Permission) permission to the backup vault over DataSource with Id $($DataSourceId)" } } foreach($Permission in $manifest.datasourceRGPermissions) { $AllRoles = Az.Resources\Get-AzRoleAssignment -ObjectId $vaultIdentity $CheckPermission = $AllRoles | Where-Object { ($_.Scope -eq $ResourceRG -or $_.Scope -eq $SubscriptionName) -and $_.RoleDefinitionName -eq $Permission} if($CheckPermission -ne $null) { Write-Host "Required permission $($Permission) is already assigned to backup vault over DataSource resource group with name $($ResourceRG)" } else { $MissingRolesInitially = $true # "Resource","ResourceGroup","Subscription" $DatasourceRGScope = $PermissionsScope if($PermissionsScope -eq "Resource"){ $DatasourceRGScope = "ResourceGroup" } AssignMissingRoles -ObjectId $vaultIdentity -Permission $Permission -PermissionsScope $DatasourceRGScope -Resource $DataSourceId -ResourceGroup $ResourceRG -Subscription $SubscriptionName Write-Host "Assigned $($Permission) permission to the backup vault over DataSource resource group with name $($ResourceRG)" } } } if($MissingRolesInitially -eq $true) { Write-Host "Waiting for 60 seconds for roles to propagate" Start-Sleep -Seconds 60 } $WarningPreference = $OriginalWarningPreference } } # SIG # Begin signature block # MIInbgYJKoZIhvcNAQcCoIInXzCCJ1sCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCB/NrUlYPe4PdKZ # 0sDpvxUpRfd6Efg4b+iYgukx6Lb69aCCDMkwggYEMIID7KADAgECAhMzAAACHPrN # xZvoL37EAAAAAAIcMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMR4wHAYD # VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBD # b2RlIFNpZ25pbmcgUENBIDIwMjQwHhcNMjYwNDE2MTg1OTQxWhcNMjcwNDE1MTg1 # OTQxWjB0MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYD # VQQDExVNaWNyb3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IB # DwAwggEKAoIBAQDVsZfgOKmM31HPfoWOoNEiw0SlCiIxUMC0I9NMWbucKOw/e9lP # oAoehQVu6SG65V4EPzrYsnBnFPNoi4/HoOdjhz1qkrEt4I6tEcxXU6oOeY9zGveC # /3iBeuhLYxM3M/PkcUoebF+Nednm8OkdSPoDu8imViHPQq/8CQUu0WRR4rE+dMRf # rpVqfmNi2qWCX94T4MsepijGVkwE//tJg0ryAiYdHT34LSnlG/RSBZmQRGWZ5g8j # qnKjRParSqMft1gvjuUTVgtWNZfgcLFSK5Wa0myrq8OPcgTGGsRgun+tnSS+IxDT # xVsAPH1OzvPjwomguByhUe/OcvUN0D5Wmp7xAgMBAAGjggGqMIIBpjAOBgNVHQ8B # Af8EBAMCB4AwHwYDVR0lBBgwFgYKKwYBBAGCN0wIAQYIKwYBBQUHAwMwHQYDVR0O # BBYEFNoH7a2YDjOSwpkp6DHcmUS7J+0yMFQGA1UdEQRNMEukSTBHMS0wKwYDVQQL # EyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxFjAUBgNVBAUT # DTIzMDAxMis1MDc1NjkwHwYDVR0jBBgwFoAUf1k/VCHarU/vBeXmo9ctBpQSCDEw # YAYDVR0fBFkwVzBVoFOgUYZPaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9w # cy9jcmwvTWljcm9zb2Z0JTIwQ29kZSUyMFNpZ25pbmclMjBQQ0ElMjAyMDI0LmNy # bDBtBggrBgEFBQcBAQRhMF8wXQYIKwYBBQUHMAKGUWh0dHA6Ly93d3cubWljcm9z # b2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwQ29kZSUyMFNpZ25pbmcl # MjBQQ0ElMjAyMDI0LmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IC # AQAUnEqhaRXe0T3hIJjvdQErEkrA/7bByjn6t5IArODkkRjzkYwtKMc2yYj2quaN # rLutWw2YZcngKPy1b71YyDJQTy4NDRwaSh9Tw5thrk3NmcPrAHia5vtcBJ1CgtKK # 7mQbIcQ22d/N3813ayCDDFewu1+jsZmX+r/aTEqaOM4TVxVtRSkuCy8nAXKuChOK # Li/zA4XuH8iEYqIsj2YoNaeSxVmeGiERXpKdo3dDmYi0kO5w2D8VS4c3+9h6gElY # BaAAg/dYErBg27qT3vv0zRDJhJufvCNylA8S7/+8H5E/PV5cng6na9VV/w9OV3qu # uND6zdGa2EX38Glp50F9AIQk3p2xXmcvorDeM4XJ7UlWYBi6g80J1SSOQnInCYFE # msfUNn3+1AaTJKSJL83quKArTac2pKhu0Yzzzrzo6HrsRiQKzpnRBb1/dMa6P3hz # 75XbMRBctNsFhZC07WCmjExdLg2eHW5uV0TY8D5+6wozJf7vF3+WHkYPO85Z+BC6 # U4FkNbYNycZ9cE4j1tXRdyDCfml6c0HWPHjNVDObrv9lKt3qUqFpX38VCqVCyNOO # 1UcXfQiVjJw32U2WUKZjt/neJKHEBsm9kFsLuWzkQ53+qcaSaytmsCnk2gOglrlD # 5d3kKyvvAw+rzm0lT8K38P6PLxfZQHhu4W8dV7Av8N2ZmDCCBr0wggSloAMCAQIC # EzMAAAA5O7Y3Gb8GHWcAAAAAADkwDQYJKoZIhvcNAQEMBQAwgYgxCzAJBgNVBAYT # AlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYD # VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBS # b290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDExMB4XDTI0MDgwODIwNTQxOFoX # DTM2MDMyMjIyMTMwNFowVzELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jvc29m # dCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9zb2Z0IENvZGUgU2lnbmluZyBQ # Q0EgMjAyNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANgBnB7jOMeq # lRYHNa265v4IY9fH8TKhemHfPINe1gpLaV3dhg324WwH06LcHbpnsBukCDNitryo # 0dtS/EW6I/yEL/bLSY8hKpbfQuWusBPr9qazYcDxCW/qnjb5JsI1s8bNOg3bVATv # QVL4tcf03aTycsz8QeCdM0l/yHRObJ9QqazM1r6VPEOJ7LL+uEEb73w6QCuhs89a # 1uv1zerOYMnsneRRwCbpyW11IcggU0cRKDDq1pjVJzIbIF6+oiXXbReOsgeI8zu1 # FyQfK0fVkaya8SmVHQ/tOf23mZ4W9k0Ri22QW9p3UgSC5OUDktKxxcCmGL6tXLfO # GSWHIIV4YrTJTT6PNty5REojHJuZHArkF9VnHTERWoTjAzfI3kP+5b4alUdhgAZ7 # ttOu1bVnXfHaqPYl2rPs20ji03LOVWsh/radgE17es5hL+t6lV0eVHrVhsssROWJ # uz2MXMCt7iw7lFPG9LXKGjsmonn2gotGdHIuEg5JnJMJVmixd5LRlkmgYRZKzhxS # CwyoGIq0PhaA7Y+VPct5pCHkijcIIDm0nlkK+0KyepolcqGm0T/GYQRMhHJlGOOm # VQop36wUVUYklUy++vDWeEgEo4s7hxN6mIbf2MSIQ/iIfMZgJxC69oukMUXCrOC3 # SkE/xIkgpfl22MM1itkZ35nNXkMolU1lAgMBAAGjggFOMIIBSjAOBgNVHQ8BAf8E # BAMCAYYwEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFH9ZP1Qh2q1P7wXl5qPX # LQaUEggxMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMA8GA1UdEwEB/wQFMAMB # Af8wHwYDVR0jBBgwFoAUci06AjGQQ7kUBU7h6qfHMdEjiTQwWgYDVR0fBFMwUTBP # oE2gS4ZJaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMv # TWljUm9vQ2VyQXV0MjAxMV8yMDExXzAzXzIyLmNybDBeBggrBgEFBQcBAQRSMFAw # TgYIKwYBBQUHMAKGQmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMv # TWljUm9vQ2VyQXV0MjAxMV8yMDExXzAzXzIyLmNydDANBgkqhkiG9w0BAQwFAAOC # AgEAFJQfOChP7onn6fLIMKrSlN1WYKwDFgAddymOUO3FrM8d7B/W/iQ6DxXsDn7D # 5W4wMwYeLystcEqfkjz4NURRgazyMu5yRzQh4LqjA4tStTcJh1opExo7nn5PuPBY # nbu0+THSuVHTe0VTTPVhily/piFrDo3axQ9P4C+Ol5yet+2gTfekICS5xS+cYfSI # vgn0JksVBVMYVI5QFu/qhnLhsEFEUzG8fvv0hjgkO+lkpV9ty6GkN4vdnd7ya6Q6 # aR9y34aiM1qmxaxBi6OUnyNl6fkuun/diTFnYDLTppOkr/mg5WSfCiDVMNCxtj4w # PKC5OmHm1DQIt/MNokbbH3UGsFP1QbzsLocuSqLCvH09Io3fDPTmscR9Y75G4qX7 # RTX8AdBPo0I6OEojf39zuFZt0qOHm65YWQE69cZM2ueE1MB05dNNgHK9gTE7zKvK # /fg8B2qjW88MT/WF5V5uvZGtqa9FSL2RazArA+rDPuf6JGYz4HpgMZHB4S6szWSK # YBv0VisCzfxgeU+dquXW9bd0auYlOB58DPcOYKdc3Se94g+xL4pcEhbB54JOgAkw # YTu/9dLeH2pDqeJZAABVDWRQCaXfO5LgyKwKCLYXpigrZYCjUSBcr+Ve8PFWMhVT # Ql0v4q8J/AUmQN5W4n101cY2L4A7GTQG1h32HHAvfQESWP0xghn7MIIZ9wIBATBu # MFcxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x # KDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMjQCEzMAAAIc # +s3Fm+gvfsQAAAAAAhwwDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwG # CisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZI # hvcNAQkEMSIEIBaUZBl6AgdvbT0Nq3T+WUcxTyZKCnPrqerGfxNCEVnIMEIGCisG # AQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3 # Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEBBQAEggEAHOFMTOsSpP8dDbR7LHDh # UBCQE97rf5lFpQ4i4f4nrSv0lHCF1v5/ycr0r/lxYA2o3FbAwU3XNvVtCprFu/FT # 88AYQW6wX+meTuw3CBfqY7S9Av/JofUJDHCw/Tx1I5Z4FVl8cpnnfIkuM3KsfvZ1 # d+9r5Da7/cdh5pId0T5l8LZs3G3X31uVcDo0gd8r+fE7hpKNhQmWu09Gbn8likSv # NWzKOQhj7lKkohBukbCtMVXEEpqxxOc5bKNDGKUD0XSh3pWxWYASx4m0uFmQkBKz # 7QRBByf7DpbMC1VOMsfF443392OjEnHI7jYgIAbqbGThz/VGnlm11je5hrLuuOEE # AKGCF60wghepBgorBgEEAYI3AwMBMYIXmTCCF5UGCSqGSIb3DQEHAqCCF4YwgheC # AgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFaBgsqhkiG9w0BCRABBKCCAUkEggFFMIIB # QQIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFlAwQCAQUABCAyb9OOX8fBga4vGNCw # uVtPO7cS3suo+eP8lK5cXwSWjAIGaewOMcS+GBMyMDI2MDUwNjA4NTYwNy4zODVa # MASAAgH0oIHZpIHWMIHTMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv # bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 # aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0 # ZWQxJzAlBgNVBAsTHm5TaGllbGQgVFNTIEVTTjo1MjFBLTA1RTAtRDk0NzElMCMG # A1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZaCCEfswggcoMIIFEKAD # AgECAhMzAAACF3H7LqWvAR3qAAEAAAIXMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNV # BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4w # HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29m # dCBUaW1lLVN0YW1wIFBDQSAyMDEwMB4XDTI1MDgxNDE4NDgyM1oXDTI2MTExMzE4 # NDgyM1owgdMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYD # VQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLTAr # BgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJhdGlvbnMgTGltaXRlZDEnMCUG # A1UECxMeblNoaWVsZCBUU1MgRVNOOjUyMUEtMDVFMC1EOTQ3MSUwIwYDVQQDExxN # aWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNlMIICIjANBgkqhkiG9w0BAQEFAAOC # Ag8AMIICCgKCAgEAwM82sEw+39vYR7iGCIFDnYNhRM+BzF2AYiq5dUpZpJFPRjCc # ipQ6RUbI+RAYNRApExx5ygrXbaWtuwvqsqAVSWbU/W6fecujjILkPqn9pngtWRkf # QgbYgvaXALl6PY2yOH9f72MD+6AyxQenSpAMdUzY/Qk/jtjsHdFXVBe+tshlIkSJ # 3GZw8VVKqTg3GZElztwbJWNtrhBEvhf6anxMegQMJP7tO8/BJ7ITs4/AV3D2bv8e # Hk81Y+fOmQ8mQ61WLq2wItvlzIT5bzelK9LvEycf5x1lXxAwEw5a7dpS+CKTanht # v+Q2mwebAybjf9io4k48stTaq1rtcrOiDwddqVm1S9e8h1TszXFzjLLvE9EmjnNf # IewsY+RChUaHnY4FFwwJEnEv/JS76oHT0oGdy7+J60fGOl7A1UoUyAkhpb2Bja+S # wSIiHbQ4FDyJiLlZ6drZZ84MoJ852JSxM0hBjGO6FZlPO8iuNyk680Di8VnbSNpI # dJN+DhlepeTUMBDHqCmd0mVWRWZPm1pvgty93asNt/Ng6o4m2dnooWOdM3yKsJaW # jyHqic9gfTrZBM+PCXqeTaO1oEiaQ+h4w0nHVdV+XSvI2m1yN4iibqjm5HPaAO3O # J+OmNLftNVmr4Z6U2T6pIcLBysoKcDUvCqycXj4C/+n1KFBpDGdDMw9gmu8CAwEA # AaOCAUkwggFFMB0GA1UdDgQWBBRQrN9jlwNOoeE5ZQqnF5x8S1bJQzAfBgNVHSME # GDAWgBSfpxVdAF5iXYP05dJlpxtTNRnpcjBfBgNVHR8EWDBWMFSgUqBQhk5odHRw # Oi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBUaW1l # LVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcmwwbAYIKwYBBQUHAQEEYDBeMFwGCCsG # AQUFBzAChlBodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01p # Y3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNydDAMBgNVHRMB # Af8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMA4GA1UdDwEB/wQEAwIHgDAN # BgkqhkiG9w0BAQsFAAOCAgEARmgFdhB7xIAIHEEg5I/5S+gx67aR6RiW8ZAwtE3m # z8o0dyn+pIP+lidNR1IKQQ0r+RjYgI9cZ6mbvAyvh3e2q/BV8rjHE3ud9PyYyq32 # euFgdZ3vX4b5QXePWlpBAYrdziR27rHz6WwpH5dZsSypbXDBbQkWkNl6g82yTy3A # bBbKDXBdzxZsEauaOplatK7Er4dhglKBex8JQ2dMSkSZweCNDXqd9r/9W2VdRZsD # JKP/Xc4UyQlVsboBotKtYESXFkjwR1HVsH+Q0C69/N5CP/Tq3YgI1ub4b9+3MJFK # WhJXCcJGFZkcLwUmYwoFg1XLo7DLJdGjrIH1jsI2NFXJFQHef6AdRe1ERvYQeqty # rBvxIvR+P/83FNYyzx04inUT9TF2AwTOuqCC6Z67oNwR4pEEJyAIEREvkdhjjfWc # gsk/nGTlfahvNY/SOHrNRKo49KDlccNzRCJQyQ+D59r7/qebNSyQPTfwI9++jEY0 # Q/UWKVNLhio55GYBseJ99s7NzkdxOr9Uftp597HEovbA69qGlZ3OpUE3H1RBGDVp # /FvM2uXTum8LrMkPXx5Ap/kbPASsC9ju9oMCe2IEXO2SeD1aD3IqvAOdHFKHg1vp # bPUQSWb6g2xfBV30wFcqaPYgzcbxPWPyZqK+S8l7zw64aO5hmJ7eQwoMfTu0Vay6 # r48wggdxMIIFWaADAgECAhMzAAAAFcXna54Cm0mZAAAAAAAVMA0GCSqGSIb3DQEB # CwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTIwMAYD # VQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxMDAe # Fw0yMTA5MzAxODIyMjVaFw0zMDA5MzAxODMyMjVaMHwxCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0 # YW1wIFBDQSAyMDEwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5OGm # TOe0ciELeaLL1yR5vQ7VgtP97pwHB9KpbE51yMo1V/YBf2xK4OK9uT4XYDP/XE/H # ZveVU3Fa4n5KWv64NmeFRiMMtY0Tz3cywBAY6GB9alKDRLemjkZrBxTzxXb1hlDc # wUTIcVxRMTegCjhuje3XD9gmU3w5YQJ6xKr9cmmvHaus9ja+NSZk2pg7uhp7M62A # W36MEBydUv626GIl3GoPz130/o5Tz9bshVZN7928jaTjkY+yOSxRnOlwaQ3KNi1w # jjHINSi947SHJMPgyY9+tVSP3PoFVZhtaDuaRr3tpK56KTesy+uDRedGbsoy1cCG # MFxPLOJiss254o2I5JasAUq7vnGpF1tnYN74kpEeHT39IM9zfUGaRnXNxF803RKJ # 1v2lIH1+/NmeRd+2ci/bfV+AutuqfjbsNkz2K26oElHovwUDo9Fzpk03dJQcNIIP # 8BDyt0cY7afomXw/TNuvXsLz1dhzPUNOwTM5TI4CvEJoLhDqhFFG4tG9ahhaYQFz # ymeiXtcodgLiMxhy16cg8ML6EgrXY28MyTZki1ugpoMhXV8wdJGUlNi5UPkLiWHz # NgY1GIRH29wb0f2y1BzFa/ZcUlFdEtsluq9QBXpsxREdcu+N+VLEhReTwDwV2xo3 # xwgVGD94q0W29R6HXtqPnhZyacaue7e3PmriLq0CAwEAAaOCAd0wggHZMBIGCSsG # AQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFCqnUv5kxJq+gpE8RjUpzxD/ # LwTuMB0GA1UdDgQWBBSfpxVdAF5iXYP05dJlpxtTNRnpcjBcBgNVHSAEVTBTMFEG # DCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29m # dC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5odG0wEwYDVR0lBAwwCgYIKwYB # BQUHAwgwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8G # A1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9lJBb186aGMQw # VgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9j # cmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3JsMFoGCCsGAQUF # BwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3Br # aS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcnQwDQYJKoZIhvcNAQEL # BQADggIBAJ1VffwqreEsH2cBMSRb4Z5yS/ypb+pcFLY+TkdkeLEGk5c9MTO1OdfC # cTY/2mRsfNB1OW27DzHkwo/7bNGhlBgi7ulmZzpTTd2YurYeeNg2LpypglYAA7AF # vonoaeC6Ce5732pvvinLbtg/SHUB2RjebYIM9W0jVOR4U3UkV7ndn/OOPcbzaN9l # 9qRWqveVtihVJ9AkvUCgvxm2EhIRXT0n4ECWOKz3+SmJw7wXsFSFQrP8DJ6LGYnn # 8AtqgcKBGUIZUnWKNsIdw2FzLixre24/LAl4FOmRsqlb30mjdAy87JGA0j3mSj5m # O0+7hvoyGtmW9I/2kQH2zsZ0/fZMcm8Qq3UwxTSwethQ/gpY3UA8x1RtnWN0SCyx # TkctwRQEcb9k+SS+c23Kjgm9swFXSVRk2XPXfx5bRAGOWhmRaw2fpCjcZxkoJLo4 # S5pu+yFUa2pFEUep8beuyOiJXk+d0tBMdrVXVAmxaQFEfnyhYWxz/gq77EFmPWn9 # y8FBSX5+k77L+DvktxW/tM4+pTFRhLy/AsGConsXHRWJjXD+57XQKBqJC4822rpM # +Zv/Cuk0+CQ1ZyvgDbjmjJnW4SLq8CdCPSWU5nR0W2rRnj7tfqAxM328y+l7vzhw # RNGQ8cirOoo6CGJ/2XBjU02N7oJtpQUQwXEGahC0HVUzWLOhcGbyoYIDVjCCAj4C # AQEwggEBoYHZpIHWMIHTMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv # bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 # aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0 # ZWQxJzAlBgNVBAsTHm5TaGllbGQgVFNTIEVTTjo1MjFBLTA1RTAtRDk0NzElMCMG # A1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZaIjCgEBMAcGBSsOAwIa # AxUAabKAFaKt2haUdqkHfFYzAzfgSMuggYMwgYCkfjB8MQswCQYDVQQGEwJVUzET # MBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMV # TWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1T # dGFtcCBQQ0EgMjAxMDANBgkqhkiG9w0BAQsFAAIFAO2lDG8wIhgPMjAyNjA1MDYw # MDQwMTVaGA8yMDI2MDUwNzAwNDAxNVowdDA6BgorBgEEAYRZCgQBMSwwKjAKAgUA # 7aUMbwIBADAHAgEAAgIIMDAHAgEAAgITFDAKAgUA7aZd7wIBADA2BgorBgEEAYRZ # CgQCMSgwJjAMBgorBgEEAYRZCgMCoAowCAIBAAIDB6EgoQowCAIBAAIDAYagMA0G # CSqGSIb3DQEBCwUAA4IBAQA5qyU0hq6Gy+mwCkmVKnIrVczaEIZOXZqh9zphm7U8 # ZsDV75KVb/vJKmJss4x3fVZFm25HLAhjZ6EGKxXduWJ4OxNYRp2tod0bYg7VLMiS # 8PVkQyjuN2/Ef3aGEIaxCfoDCC6e4fvTxuII1UfShFRVQJbdjAJYksFR66aRK6WQ # /0+toqLayIgWfTD9FOi64Kp9r9y5/ikAljIxJ3JpPOn3A5ayCUamQuqyiC33Hef2 # DhzKerWZ9wTaORPM3ab/7gagO9TsGbK1Fn2R4hXtJ3oy9FLCOb4Nl7jCm5chl1dj # QcULmYq/CV8tvDT1Mk3NqDaQ/rL30o1YWi7fr5sOF9P9MYIEDTCCBAkCAQEwgZMw # fDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl # ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMd # TWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAAIXcfsupa8BHeoAAQAA # AhcwDQYJYIZIAWUDBAIBBQCgggFKMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB # BDAvBgkqhkiG9w0BCQQxIgQghhDefBtB8Y3XElqtCJPlFCp/xYWP6oyszrDb1sKV # Nf0wgfoGCyqGSIb3DQEJEAIvMYHqMIHnMIHkMIG9BCDQ8lBgPl23yZ0SzUSt5phO # IegHPywrkNwevxe2k+RaWzCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQI # EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv # ZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBD # QSAyMDEwAhMzAAACF3H7LqWvAR3qAAEAAAIXMCIEIIbJDM3U5GOmXcjumD3hjHne # Z2aIiuWMXSY7ekNFjrbRMA0GCSqGSIb3DQEBCwUABIICAApJEpaQeo/TK9/2NcCq # HK+7PqNoB8VhCTkKGqEWeRO0JGm+F2D8Djcy8WMqZ/Ibyspbrb326MX0HHKSIz+T # Bj8zM26j/L6+MPUxgBX3z8lHnU0sLmqIXM+XJn502QP5Izo/LdjLKKk5n9dhxcq9 # TGTWJ+XAkQA9hCDpOWBXfLAUvBhxJWC/ycIrnFXuAmANL0PLJGldBJrS7c/gc/1h # THuEKV/WhG+k8UrlftygGyoZR3eH6VuvUGkF3kXDkfvnUrAbSS7Mvv4/lyP34ZAl # Yzk6Fs9DJL+gjeI6jOiikBAYHlJhAHL41FKN2MPaojTan8CWysTz/kSDokSsCE9e # j1CM+rMvn+pmiusyibn0YmQef+YmIUbPfL5u3+D+nds2sMx5A+8uoBumoOoWj+fW # 6lJuR3HcCpb7EQ/ncnwkjgONoPuPH2YMFkcE680fM2uVuudFtggyAK2D3e2UyzuJ # hFy3hB8dBG2JtZCGRaTuoUOghrNC2ifW65PikmJdhQj5ANqpuutHgdTjoWOrvjOB # 6blOJ8WuUXiNliWkiaK/U49ZS0fLAEuWxF0jD6O7UJKgxbFCqfdxKOGjY2mDQOCJ # 8YcuUot3v/Ml+vd4ftRHz39xUP3L8K2UguT70xCVktn8k92C4qGD3+OF3Fk0JCKy # VIe/sUqAqdVNlKUD+KYlXqMT # SIG # End signature block |