HP.Firmware.SecurePlatform.psm1
|
# # Copyright 2018-2022 HP Development Company, L.P. # All Rights Reserved. # # NOTICE: All information contained herein is, and remains the property of HP Inc. # # The intellectual and technical concepts contained herein are proprietary to HP Inc # and may be covered by U.S. and Foreign Patents, patents in process, and are protected by # trade secret or copyright law. Dissemination of this information or reproduction of this material # is strictly forbidden unless prior written permission is obtained from HP Inc. Set-StrictMode -Version 3.0 $ErrorActionPreference = "Stop" #requires -Modules "HP.Private" <# .SYNOPSIS Get the HP Secure Platform Management state .DESCRIPTION This function returns the state of the HP Secure Platform Management. .LINK [Blog post: HP Secure Platform Management with the HP Client Management Script Library](https://developers.hp.com/hp-client-management/blog/hp-secure-platform-management-hp-client-management-script-library) .NOTES - Requires HP BIOS with Secure Platform Management support. - This command requires elevated privileges. .EXAMPLE Get-HPSecurePlatformState #> function Get-HPSecurePlatformState { [CmdletBinding(HelpUri = "https://developers.hp.com/hp-client-management/doc/Get-HPSecurePlatformState")] param() $mi_result = 0 $data = New-Object -TypeName provisioning_data_t $c = '[DfmNativeSecurePlatform]::get_secureplatform_provisioning' + (Test-OSBitness) + '([ref]$data,[ref]$mi_result);' $result = Invoke-Expression -Command $c Test-HPPrivateCustomResult -result $result -mi_result $mi_result -Category 0x04 $kek_mod = $data.kek_mod [array]::Reverse($kek_mod) $sk_mod = $data.sk_mod [array]::Reverse($sk_mod) # calculating EndorsementKeyID $kek_encoded = [System.Convert]::ToBase64String($kek_mod) # $kek_decoded = [Convert]::FromBase64String($kek_encoded) # $kek_hash = Get-HPPrivateHash -Data $kek_decoded # $kek_Id = [System.Convert]::ToBase64String($kek_hash) # calculating SigningKeyID $sk_encoded = [System.Convert]::ToBase64String($sk_mod) # $sk_decoded = [Convert]::FromBase64String($sk_encoded) # $sk_hash = Get-HPPrivateHash -Data $sk_decoded # $sk_Id = [System.Convert]::ToBase64String($sk_hash) # get Sure Admin Mode and Local Access values $sure_admin_mode = "" $local_access = "" if ((Get-HPPrivateIsSureAdminSupported) -eq $true) { $sure_admin_state = Get-HPSureAdminState $sure_admin_mode = $sure_admin_state.SureAdminMode $local_access = $sure_admin_state.LocalAccess } # calculate FeaturesInUse $featuresInUse = "" if ($data.features_in_use -eq "SureAdmin") { $featuresInUse = "SureAdmin ($sure_admin_mode, Local Access - $local_access)" } else { $featuresInUse = $data.features_in_use } $obj = [ordered]@{ State = $data.State Version = "$($data.subsystem_version[0]).$($data.subsystem_version[1])" Nonce = $($data.arp_counter) FeaturesInUse = $featuresInUse EndorsementKeyMod = $kek_mod SigningKeyMod = $sk_mod EndorsementKeyID = $kek_encoded SigningKeyID = $sk_encoded } return New-Object -TypeName PSCustomObject -Property $obj } <# .SYNOPSIS Create an HP Secure Platform Management payload to provision a _Key Endorsement_ key. .DESCRIPTION The purpose of the endorsement key is to protect the signing key against unauthorized changes. Only holders of the key endorsement private key may change the signing key. On return, the function writes the created payload to the pipeline, or to the file specified in the OutputFile parameter. This payload can then be passed to the Set-HPSecurePlatformPayload function. Security note: Payloads should only be created on secure servers. Once created, the payload may be transferred to a client and applied via the Set-HPSecurePlatformPayload. Creating the payload and passing it to the Set-HPSecurePlatformPayload function via the pipeline is not a recommended production pattern. .PARAMETER EndorsementKeyFile The _Key Endorsement_ key certificate, as a PFX (PKCS #12) file. .PARAMETER EndorsementKeyPassword The password for the _Endorsement Key_ PFX file. If no password was used when the PFX was created (which is not recommended), this parameter may be omitted. .PARAMETER EndorsementKeyCertificate This parameter is currently reserved for internal use only. .PARAMETER EndorsementKeyCertificatePassword This parameter is currently reserved for internal use only. .PARAMETER BIOSPassword The active BIOS Setup password, if any. Note that the password will be in the clear in the generated payload. .PARAMETER OutputFile Write the resulting output to the specified file, instead of writing it to the pipeline. .LINK [Blog post: HP Secure Platform Management with the HP Client Management Script Library](https://developers.hp.com/hp-client-management/blog/hp-secure-platform-management-hp-client-management-script-library) .NOTES The Key Endorsement private key must never leave a secure server. The payload must be created on a secure server, then may be transferred to a client. - Requires HP BIOS with Secure Platform Management support. .EXAMPLE $payload = New-HPSecurePlatformEndorsementKeyProvisioningPayload -EndorsementKeyFile "$path\endorsement_key.pfx" ... $payload | Set-HPSecurePlatformPayload #> function New-HPSecurePlatformEndorsementKeyProvisioningPayload { [CmdletBinding(DefaultParameterSetName = "EK_FromFile",HelpUri = "https://developers.hp.com/hp-client-management/doc/New-HPSecurePlatformEndorsementKeyProvisioningPayload")] param( [Parameter(ParameterSetName = "EK_FromFile",Mandatory = $true,Position = 0)] [System.IO.FileInfo]$EndorsementKeyFile, [Parameter(ParameterSetName = "EK_FromFile",Mandatory = $false,Position = 1)] [string]$EndorsementKeyPassword, [Parameter(ParameterSetName = "EK_FromBytes",Mandatory = $true,Position = 0)] [System.Security.Cryptography.X509Certificates.X509Certificate2]$EndorsementKeyCertificate, [Parameter(ParameterSetName = "EK_FromFile",Mandatory = $false,Position = 2)] [Parameter(ParameterSetName = "EK_FromBytes",Mandatory = $false,Position = 2)] [string]$BIOSPassword, [Parameter(ParameterSetName = "EK_FromFile",Mandatory = $false,Position = 3)] [Parameter(ParameterSetName = "EK_FromBytes",Mandatory = $false,Position = 3)] [System.IO.FileInfo]$OutputFile ) $crt = (Get-HPPrivateX509CertCoalesce -File $EndorsementKeyFile -cert $EndorsementKeyCertificate -password $EndorsementKeyPassword -Verbose:$VerbosePreference).Certificate Write-Verbose "Creating EK provisioning payload" if ($BIOSPassword) { $passwordLength = $BIOSPassword.Length } else { $passwordLength = 0 } $opaque = New-Object opaque4096_t $opaqueLength = 4096 $mi_result = 0 $cmd = '[DfmNativeSecurePlatform]::get_ek_provisioning_data' + (Test-OSBitness) + '($crt,$($crt.Count),$BIOSPassword, $passwordLength, [ref]$opaque, [ref]$opaqueLength, [ref]$mi_result);' $result = Invoke-Expression -Command $cmd Test-HPPrivateCustomResult -result $result -mi_result $mi_result -Category 0x04 $output = New-Object -TypeName PortableFileFormat $output.Data = $opaque.raw[0..($opaqueLength - 1)] $output.purpose = "hp:provision:endorsementkey" $output.timestamp = Get-Date if ($OutputFile) { Write-Verbose "Will output to file $OutputFile" $f = $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath($OutputFile) $output | ConvertTo-Json -Compress | Out-File $f -Encoding utf8 } else { $output | ConvertTo-Json -Compress } } <# .SYNOPSIS Create an HP Secure Platform Management payload to provision a _Signing Key_ key. .DESCRIPTION The purpose of the signing key is to sign commands for the Secure Platform Management. The Signing key is protected by the endorsement key, therefore the endorsement key private key must be available when provisioning or changing the signing key. On return, the function writes the created payload to the pipeline, or to the file specified in the OutputFile parameter. This payload can then be passed to the Set-HPSecurePlatformPayload function. Security note: Payloads should only be created on secure servers. Once created, the payload may be transferred to a client and applied via the Set-HPSecurePlatformPayload. Creating the payload and passing it to the Set-HPSecurePlatformPayload function via the pipeline is not a recommended production pattern. .PARAMETER EndorsementKeyFile The _Key Endorsement_ key certificate, as a PFX (PKCS #12) file. The endorsement key protects the signing key. .PARAMETER EndorsementKeyPassword The password for the _Endorsement Key_ PFX file. If no password was used when the PFX was created (which is not recommended), this parameter may be omitted. .PARAMETER EndorsementKeyCertificate The endorsement key certificate, as an X509Certificate object. .PARAMETER SigningKeyFile The signing key certificate, as a PFX (PKCS #12) file. The endorsement key protects the signing key. .PARAMETER SigningKeyCertificate The signing key certificate, as an X509Certificate object. .PARAMETER SigningKeyCertificate This parameter is currently reserved for internal use only. .PARAMETER SigningKeyPassword The signing key certificate, as an X509Certificate object. .PARAMETER Nonce The operation nonce. In order to prevent replay attacks, the Secure Platform Management subsystem will only accept commands with a nonce greater or equal to the last nonce sent. If not specified, the nonce is inferred from the current local time. This works okay in most cases, however this approach has a resolution of seconds, so when doing high volume or parallel operations, it is possible to infer the same counter for two or more commands. In those cases, the caller should use its own nonce derivation and provide it through this parameter. .PARAMETER OutputFile Write the resulting output to the specified file, instead of writing it to the pipeline. .LINK [Blog post: HP Secure Platform Management with the HP Client Management Script Library](https://developers.hp.com/hp-client-management/blog/hp-secure-platform-management-hp-client-management-script-library) .NOTES - Requires HP BIOS with Secure Platform Management support. .EXAMPLE $payload = New-HPSecurePlatformSigningKeyProvisioningPayload -EndorsementKeyFile "$path\endorsement_key.pfx" ` -SigningKeyFile "$path\signing_key.pfx" ... $payload | Set-HPSecurePlatformPayload #> function New-HPSecurePlatformSigningKeyProvisioningPayload { [CmdletBinding(DefaultParameterSetName = "EF_SF",HelpUri = "https://developers.hp.com/hp-client-management/doc/New-HPSecurePlatformSigningKeyProvisioningPayload")] param( [Parameter(ParameterSetName = "EF_SF",Mandatory = $true,Position = 0)] [Parameter(ParameterSetName = "EF_SB",Mandatory = $true,Position = 0)] [System.IO.FileInfo]$EndorsementKeyFile, [Parameter(ParameterSetName = "EF_SF",Mandatory = $false,Position = 1)] [Parameter(ParameterSetName = "EF_SB",Mandatory = $false,Position = 1)] [string]$EndorsementKeyPassword, [Parameter(ParameterSetName = "EF_SF",Mandatory = $false,Position = 2)] [Parameter(ParameterSetName = "EB_SF",Mandatory = $false,Position = 2)] [System.IO.FileInfo]$SigningKeyFile, [Parameter(ParameterSetName = "EF_SF",Mandatory = $false,Position = 3)] [Parameter(ParameterSetName = "EB_SF",Mandatory = $false,Position = 3)] [string]$SigningKeyPassword, [Parameter(ParameterSetName = "EB_SF",Mandatory = $true,Position = 0)] [Parameter(ParameterSetName = "EB_SB",Mandatory = $true,Position = 0)] [System.Security.Cryptography.X509Certificates.X509Certificate2]$EndorsementKeyCertificate, [Parameter(ValueFromPipeline = $true,ParameterSetName = "EB_SB",Mandatory = $false,Position = 2)] [Parameter(ValueFromPipeline = $true,ParameterSetName = "EF_SB",Mandatory = $false,Position = 2)] [System.Security.Cryptography.X509Certificates.X509Certificate2]$SigningKeyCertificate, [Parameter(ParameterSetName = "EF_SF",Mandatory = $false,Position = 4)] [Parameter(ParameterSetName = "EB_SF",Mandatory = $false,Position = 4)] [Parameter(ParameterSetName = "EF_SB",Mandatory = $false,Position = 4)] [Parameter(ParameterSetName = "EB_SB",Mandatory = $false,Position = 4)] [uint32]$Nonce = [math]::Floor([decimal](Get-Date (Get-Date).ToUniversalTime() -UFormat "%s").Replace(',','.')), [Parameter(ParameterSetName = "EF_SF",Mandatory = $false,Position = 5)] [Parameter(ParameterSetName = "EB_SF",Mandatory = $false,Position = 5)] [Parameter(ParameterSetName = "EF_SB",Mandatory = $false,Position = 5)] [Parameter(ParameterSetName = "EB_SB",Mandatory = $false,Position = 5)] [System.IO.FileInfo]$OutputFile ) $ek = Get-HPPrivateX509CertCoalesce -File $EndorsementKeyFile -password $EndorsementKeyPassword -cert $EndorsementKeyCertificate -Verbose:$VerbosePreference $sk = $null if ($SigningKeyFile -or $SigningKeyCertificate) { $sk = Get-HPPrivateX509CertCoalesce -File $SigningKeyFile -password $SigningKeyPassword -cert $SigningKeyCertificate -Verbose:$VerbosePreference } Write-Verbose "Creating SK provisioning payload" $payload = New-Object sk_provisioning_t $sub = New-Object sk_provisioning_payload_t $sub.Counter = $nonce if ($sk) { $sub.mod = $Sk.Modulus } else { Write-Verbose "Assuming deprovisioning due to missing signing key update" $sub.mod = New-Object byte[] 256 } $payload.Data = $sub Write-Verbose "Using counter value of $($sub.Counter)" $out = Convert-HPPrivateObjectToBytes -obj $sub -Verbose:$VerbosePreference $payload.sig = Invoke-HPPrivateSignData -Data $out[0] -Certificate $ek.Full -Verbose:$VerbosePreference Write-Verbose "Serializing payload" $out = Convert-HPPrivateObjectToBytes -obj $payload -Verbose:$VerbosePreference $output = New-Object -TypeName PortableFileFormat $output.Data = ($out[0])[0..($out[1] - 1)]; $output.purpose = "hp:provision:signingkey" $output.timestamp = Get-Date if ($OutputFile) { Write-Verbose "Will output to file $OutputFile" $f = $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath($OutputFile) $output | ConvertTo-Json -Compress | Out-File -FilePath $f -Encoding utf8 } else { $output | ConvertTo-Json -Compress } } <# .SYNOPSIS Create a deprovisioning payload .DESCRIPTION This function creates a payload to deprovision the HP Secure Platform Management. The caller must have access to the Endorsement Key private key in order to create this payload. On return, the function writes the created payload to the pipeline, or to the file specified in the OutputFile parameter. This payload can then be passed to the Set-HPSecurePlatformPayload function. Security note: Payloads should only be created on secure servers. Once created, the payload may be transferred to a client and applied via the Set-HPSecurePlatformPayload. Creating the payload and passing it to the Set-HPSecurePlatformPayload function via the pipeline is not a recommended production pattern. .PARAMETER EndorsementKeyFile The _Key Endorsement_ key certificate, as a PFX (PKCS #12) file. .PARAMETER EndorsementKeyPassword The password for the endorsement key certificate file. If no password was used when the PFX was created (which is not recommended), this parameter may be omitted. .PARAMETER EndorsementKeyCertificate The endorsement key certificate, as an X509Certificate object. .PARAMETER Nonce The operation nonce. In order to prevent replay attacks, the Secure Platform Management subsystem will only accept commands with a nonce greater or equal to the last nonce sent. If not specified, the nonce is inferred from the current local time. This works okay in most cases, however this approach has a resolution of seconds, so when doing high volume or parallel operations, it is possible to infer the same counter for two or more commands. In those cases, the caller should use its own nonce derivation and provide it through this parameter. .LINK [Blog post: HP Secure Platform Management with the HP Client Management Script Library](https://developers.hp.com/hp-client-management/blog/hp-secure-platform-management-hp-client-management-script-library) .PARAMETER OutputFile Write the resulting output to the specified file, instead of writing it to the pipeline. .NOTES - Requires HP BIOS with Secure Platform Management support. .EXAMPLE New-HPSecurePlatformDeprovisioningPayload -EndorsementKeyFile kek.pfx | Set-HPSecurePlatformPayload .EXAMPLE New-HPSecurePlatformDeprovisioningPayload -EndorsementKeyFile kek.pfx -OutputFile deprovisioning_payload.dat #> function New-HPSecurePlatformDeprovisioningPayload { [CmdletBinding(DefaultParameterSetName = "EF",HelpUri = "https://developers.hp.com/hp-client-management/doc/New-HPSecurePlatformDeprovisioningPayload")] param( [Parameter(ParameterSetName = "EF",Mandatory = $true,Position = 0)] [string]$EndorsementKeyFile, [Parameter(ParameterSetName = "EF",Mandatory = $false,Position = 1)] [string]$EndorsementKeyPassword, [Parameter(ParameterSetName = "EF",Mandatory = $false,Position = 2)] [Parameter(ParameterSetName = "EB",Mandatory = $false,Position = 2)] [uint32]$nonce = [math]::Floor([decimal](Get-Date (Get-Date).ToUniversalTime() -UFormat "%s").Replace(',','.')), [Parameter(ParameterSetName = "EB",Mandatory = $true,Position = 0)] [System.Security.Cryptography.X509Certificates.X509Certificate2]$EndorsementKeyCertificate, [Parameter(ParameterSetName = "EB",Mandatory = $false,Position = 4)] [Parameter(ParameterSetName = "EF",Mandatory = $false,Position = 4)] [System.IO.FileInfo]$OutputFile ) New-HPSecurePlatformSigningKeyProvisioningPayload @PSBoundParameters } <# .SYNOPSIS Apply a payload to the HP Secure Platform Management .DESCRIPTION This function applies a properly encoded payload created by one of the New-HPSecurePlatform*, New-HPSureRun*, New-HPSureAdmin*, or New-HPSureRecover* functions to the BIOS. For all purposes, payload objects should be considered to be opaque. Payloads created by means other than the functions mentioned above are not supported. Security note: Payloads should only be created on secure servers. Once created, the payload may be transferred to a client and applied via the Set-HPSecurePlatformPayload. Creating the payload and passing it to the Set-HPSecurePlatformPayload function via the pipeline is not a recommended production pattern. .PARAMETER Payload The payload to apply. This parameter can also be specified via the pipeline. .PARAMETER PayloadFile The payload file to apply. This file must contain a properly encoded payload. .LINK [Blog post: HP Secure Platform Management with the HP Client Management Script Library](https://developers.hp.com/hp-client-management/blog/hp-secure-platform-management-hp-client-management-script-library) .NOTES - Requires HP BIOS with Secure Platform Management support. - This command requires elevated privileges. .EXAMPLE Set-HPSecurePlatformPayload -Payload $payload .EXAMPLE Set-HPSecurePlatformPayload -PayloadFile .\payload.dat .EXAMPLE $payload | Set-HPSecurePlatformPayload #> function Set-HPSecurePlatformPayload { [CmdletBinding(DefaultParameterSetName = "FB",HelpUri = "https://developers.hp.com/hp-client-management/doc/Set-HPSecurePlatformPayload")] param( [Parameter(ParameterSetName = "FB",ValueFromPipeline = $true,Position = 0,Mandatory = $True)] [string]$Payload, [Parameter(ParameterSetName = "FF",ValueFromPipeline = $true,Position = 0,Mandatory = $True)] [System.IO.FileInfo]$PayloadFile ) if ($PSCmdlet.ParameterSetName -eq "FB") { Write-Verbose "Setting payload string" [PortableFileFormat]$type = ConvertFrom-Json -InputObject $Payload } else { Write-Verbose "Setting from file $PayloadFile" $Payload = Get-Content -Path $PayloadFile -Encoding UTF8 [PortableFileFormat]$type = ConvertFrom-Json -InputObject $Payload } $mi_result = 0 $pbytes = $type.Data Write-Verbose "Setting payload from document with type $($type.purpose)" $cmd = $null switch ($type.purpose) { "hp:provision:endorsementkey" { $cmd = '[DfmNativeSecurePlatform]::set_ek_provisioning' + (Test-OSBitness) + '($pbytes,$pbytes.length, [ref]$mi_result);' } "hp:provision:signingkey" { $cmd = '[DfmNativeSecurePlatform]::set_sk_provisioning' + (Test-OSBitness) + '($pbytes,$pbytes.length, [ref]$mi_result);' } "hp:surerecover:provision:os_image" { $cmd = '[DfmNativeSureRecover]::set_surerecover_osr_provisioning' + (Test-OSBitness) + '($pbytes,$pbytes.length, [ref]$mi_result);' } "hp:surerecover:provision:recovery_image" { $cmd = '[DfmNativeSureRecover]::set_surerecover_re_provisioning' + (Test-OSBitness) + '($pbytes,$pbytes.length, [ref]$mi_result);' } "hp:surerecover:failover:os_image" { if (-not (Get-HPSureRecoverState).ImageIsProvisioned) { throw [System.IO.InvalidDataException]"Custom OS Recovery Image is required to configure failover" } $cmd = '[DfmNativeSureRecover]::set_surerecover_osr_failover' + (Test-OSBitness) + '($pbytes,$pbytes.length,[ref]$mi_result);' } "hp:surerecover:deprovision" { $cmd = '[DfmNativeSureRecover]::set_surerecover_deprovision_opaque' + (Test-OSBitness) + '($pbytes,$pbytes.length, [ref]$mi_result);' } "hp:surerecover:scheduler" { $cmd = '[DfmNativeSureRecover]::set_surerecover_schedule' + (Test-OSBitness) + '($pbytes,$pbytes.length, [ref]$mi_result);' } "hp:surerecover:configure" { $cmd = '[DfmNativeSureRecover]::set_surerecover_configuration' + (Test-OSBitness) + '($pbytes,$pbytes.length, [ref]$mi_result);' } "hp:surerecover:trigger" { $cmd = '[DfmNativeSureRecover]::set_surerecover_trigger' + (Test-OSBitness) + '($pbytes,$pbytes.length, [ref]$mi_result);' } "hp:surerecover:service_event" { $cmd = '[DfmNativeSureRecover]::raise_surerecover_service_event_opaque' + (Test-OSBitness) + '($null,0, [ref]$mi_result);' } "hp:surerrun:manifest" { $mbytes = $type.Meta1 $cmd = '[DfmNativeSureRun]::set_surererun_manifest' + (Test-OSBitness) + '($pbytes,$pbytes.length, $mbytes, $mbytes.length, [ref]$mi_result);' } "hp:sureadmin:biossetting" { $Payload | Set-HPPrivateBIOSSettingValuePayload -Verbose:$VerbosePreference } "hp:sureadmin:biossettingslist" { $Payload | Set-HPPrivateBIOSSettingsListPayload -Verbose:$VerbosePreference } "hp:sureadmin:resetsettings" { $Payload | Set-HPPrivateBIOSSettingDefaultsPayload -Verbose:$VerbosePreference } "hp:sureadmin:firmwareupdate" { $Payload | Set-HPPrivateFirmwareUpdatePayload -Verbose:$VerbosePreference } default { throw [System.IO.InvalidDataException]"Document type $($type.purpose) not recognized" } } if ($cmd) { $result = Invoke-Expression -Command $cmd Test-HPPrivateCustomResult -result $result -mi_result $mi_result -Category 0x04 } } # SIG # Begin signature block # MIIuBAYJKoZIhvcNAQcCoIIt9TCCLfECAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCMiSgeKrUR1/MS # aHnufOT6kJy2bxgk9OkJAYlwIcDPoaCCE2wwggXAMIIEqKADAgECAhAP0bvKeWvX # +N1MguEKmpYxMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK # EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV # BAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMjIwMTEz # MDAwMDAwWhcNMzExMTA5MjM1OTU5WjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM # RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQD # ExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqGSIb3DQEBAQUAA4IC # DwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3yithZwuEppz1Yq3aa # za57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllV # cq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT # +CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd # 463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+ # EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/CNdaSaTC5qmgZ92k # J7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCiEhtmmnTK3kse5w5j # rubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7 # f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJU # KSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXKchYiCd98THU/Y+wh # X8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQAB # o4IBZjCCAWIwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5n # P+e6mK4cD08wHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8MwDgYDVR0P # AQH/BAQDAgGGMBMGA1UdJQQMMAoGCCsGAQUFBwMDMH8GCCsGAQUFBwEBBHMwcTAk # BggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEkGCCsGAQUFBzAC # hj1odHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRIaWdoQXNzdXJh # bmNlRVZSb290Q0EuY3J0MEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmwzLmRp # Z2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFuY2VFVlJvb3RDQS5jcmwwHAYD # VR0gBBUwEzAHBgVngQwBAzAIBgZngQwBBAEwDQYJKoZIhvcNAQELBQADggEBAEHx # qRH0DxNHecllao3A7pgEpMbjDPKisedfYk/ak1k2zfIe4R7sD+EbP5HU5A/C5pg0 # /xkPZigfT2IxpCrhKhO61z7H0ZL+q93fqpgzRh9Onr3g7QdG64AupP2uU7SkwaT1 # IY1rzAGt9Rnu15ClMlIr28xzDxj4+87eg3Gn77tRWwR2L62t0+od/P1Tk+WMieNg # GbngLyOOLFxJy34riDkruQZhiPOuAnZ2dMFkkbiJUZflhX0901emWG4f7vtpYeJa # 3Cgh6GO6Ps9W7Zrk9wXqyvPsEt84zdp7PiuTUy9cUQBY3pBIowrHC/Q7bVUx8ALM # R3eWUaNetbxcyEMRoacwggawMIIEmKADAgECAhAIrUCyYNKcTJ9ezam9k67ZMA0G # CSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ # bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0 # IFRydXN0ZWQgUm9vdCBHNDAeFw0yMTA0MjkwMDAwMDBaFw0zNjA0MjgyMzU5NTla # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDVtC9C # 0CiteLdd1TlZG7GIQvUzjOs9gZdwxbvEhSYwn6SOaNhc9es0JAfhS0/TeEP0F9ce # 2vnS1WcaUk8OoVf8iJnBkcyBAz5NcCRks43iCH00fUyAVxJrQ5qZ8sU7H/Lvy0da # E6ZMswEgJfMQ04uy+wjwiuCdCcBlp/qYgEk1hz1RGeiQIXhFLqGfLOEYwhrMxe6T # SXBCMo/7xuoc82VokaJNTIIRSFJo3hC9FFdd6BgTZcV/sk+FLEikVoQ11vkunKoA # FdE3/hoGlMJ8yOobMubKwvSnowMOdKWvObarYBLj6Na59zHh3K3kGKDYwSNHR7Oh # D26jq22YBoMbt2pnLdK9RBqSEIGPsDsJ18ebMlrC/2pgVItJwZPt4bRc4G/rJvmM # 1bL5OBDm6s6R9b7T+2+TYTRcvJNFKIM2KmYoX7BzzosmJQayg9Rc9hUZTO1i4F4z # 8ujo7AqnsAMrkbI2eb73rQgedaZlzLvjSFDzd5Ea/ttQokbIYViY9XwCFjyDKK05 # huzUtw1T0PhH5nUwjewwk3YUpltLXXRhTT8SkXbev1jLchApQfDVxW0mdmgRQRNY # mtwmKwH0iU1Z23jPgUo+QEdfyYFQc4UQIyFZYIpkVMHMIRroOBl8ZhzNeDhFMJlP # /2NPTLuqDQhTQXxYPUez+rbsjDIJAsxsPAxWEQIDAQABo4IBWTCCAVUwEgYDVR0T # AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUaDfg67Y7+F8Rhvv+YXsIiGX0TkIwHwYD # VR0jBBgwFoAU7NfjgtJxXWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMG # A1UdJQQMMAoGCCsGAQUFBwMDMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYY # aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2Fj # ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNV # HR8EPDA6MDigNqA0hjJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRU # cnVzdGVkUm9vdEc0LmNybDAcBgNVHSAEFTATMAcGBWeBDAEDMAgGBmeBDAEEATAN # BgkqhkiG9w0BAQwFAAOCAgEAOiNEPY0Idu6PvDqZ01bgAhql+Eg08yy25nRm95Ry # sQDKr2wwJxMSnpBEn0v9nqN8JtU3vDpdSG2V1T9J9Ce7FoFFUP2cvbaF4HZ+N3HL # IvdaqpDP9ZNq4+sg0dVQeYiaiorBtr2hSBh+3NiAGhEZGM1hmYFW9snjdufE5Btf # Q/g+lP92OT2e1JnPSt0o618moZVYSNUa/tcnP/2Q0XaG3RywYFzzDaju4ImhvTnh # OE7abrs2nfvlIVNaw8rpavGiPttDuDPITzgUkpn13c5UbdldAhQfQDN8A+KVssIh # dXNSy0bYxDQcoqVLjc1vdjcshT8azibpGL6QB7BDf5WIIIJw8MzK7/0pNVwfiThV # 9zeKiwmhywvpMRr/LhlcOXHhvpynCgbWJme3kuZOX956rEnPLqR0kq3bPKSchh/j # wVYbKyP/j7XqiHtwa+aguv06P0WmxOgWkVKLQcBIhEuWTatEQOON8BUozu3xGFYH # Ki8QxAwIZDwzj64ojDzLj4gLDb879M4ee47vtevLt/B3E+bnKD+sEq6lLyJsQfmC # XBVmzGwOysWGw/YmMwwHS6DTBwJqakAwSEs0qFEgu60bhQjiWQ1tygVQK+pKHJ6l # /aCnHwZ05/LWUpD9r4VIIflXO7ScA+2GRfS0YW6/aOImYIbqyK+p/pQd52MbOoZW # eE4wggbwMIIE2KADAgECAhAI+qTPsJ3byDJ7SsgX0LBUMA0GCSqGSIb3DQEBCwUA # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTEwHhcNMjIwMzA5MDAwMDAwWhcNMjMwMzA5MjM1OTU5WjB1MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJUGFsbyBB # bHRvMRAwDgYDVQQKEwdIUCBJbmMuMRkwFwYDVQQLExBIUCBDeWJlcnNlY3VyaXR5 # MRAwDgYDVQQDEwdIUCBJbmMuMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC # AYEA2KwFARbsSL8FnMdZ++xo7iVdqg+ZOY0S2KkvYQdNNcvrcfHTdNpNgf65RuIt # VQxdJXzmZcAOXJUPjRQRduvFf/I8jqR4UwBLsNoy/sEuQIDCfezNSQz8TPredjUG # Lr6Y9ie1vYryqJ110Mj6NtXZQidlytEneq3z73Ec7TRFKp8iiiwNpTcbhAq93pq6 # bjnc98ajFUBHJu9Gfk1Or3haR6m7YH0LRLVWm18I2OKrcPLk67hWRj6Aa7/heBkk # F8TfGCUwGBHhblrprBVECR3M4zTnMygBfxVEzYsdyAytPy0DgqzZ7+rHY0yvgDUx # Fi/d1SyqNDCf6FBBudNjzw7TULEBHlJjk96xhd1z4X5ctL1kW4duC7Mba6H8A1lI # qM5qa+8Fr88IJhnl21PlkBp+XAk3lBaeJ/DVpORIv3bhUV8OLae6ElQBGvqQoEY/ # AaNerghhFjiqAhaUG3z3Y7ruhVaCmuw/SMVS79dxESj/J1qHWVnF1tn2a4liq/RY # VeFTAgMBAAGjggIGMIICAjAfBgNVHSMEGDAWgBRoN+Drtjv4XxGG+/5hewiIZfRO # QjAdBgNVHQ4EFgQUAjIiVx974XGZre7F5HqNCJiWZbowDgYDVR0PAQH/BAQDAgeA # MBMGA1UdJQQMMAoGCCsGAQUFBwMDMIG1BgNVHR8Ega0wgaowU6BRoE+GTWh0dHA6 # Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVTaWduaW5n # UlNBNDA5NlNIQTM4NDIwMjFDQTEuY3JsMFOgUaBPhk1odHRwOi8vY3JsNC5kaWdp # Y2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRDb2RlU2lnbmluZ1JTQTQwOTZTSEEz # ODQyMDIxQ0ExLmNybDA+BgNVHSAENzA1MDMGBmeBDAEEATApMCcGCCsGAQUFBwIB # FhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgZQGCCsGAQUFBwEBBIGHMIGE # MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wXAYIKwYBBQUH # MAKGUGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRH # NENvZGVTaWduaW5nUlNBNDA5NlNIQTM4NDIwMjFDQTEuY3J0MAwGA1UdEwEB/wQC # MAAwDQYJKoZIhvcNAQELBQADggIBAFrOPeL4ph8SmHwwcUQO7nPnapyOS0I50w70 # nVZ9CtrgyA7hiZmVm/CsC1JU8zg1dNyfH7wCDaoMAnqtybcdmhIXc4STwfcpiKOH # nL3fRQcZ2zCCXmX5lkWYWni9Nqx603JQ8yiUSl1sMyv0Cd4RasOBHnjQuekDDKNT # QvOiEA3NCZDGEjtIjE+TGqLW2kUEtjxzyr0mnhmidRaHry5C1GKu0mlKExwabOLW # xGrXj4FPtKmWXZh00lMbbdeHm1Zqn9CTsO6xt8CQXSemcpb7lXY80um71wQO23ub # tQGDe4QpShomqPmEIVxM5/B6Yih/0Lb8mt60SLfT5EOVS/Dhd86lSHcncL9JLxaq # WwbQhIwpEa4b3MiZqyemqb0+YIBn5yG43M4oLzRPTo2mPwG19OtnMVZsrcjGEzLz # EiBb9/YXsf8G5LAh86x2kRKDad35NNNojUJYVBtD7MGEsL37XF+6kWXsp92on2b2 # QLEL/5ZzJHmfrJ8m0TXMb4sMSI2KnHtCvEjG2MIAnjFEvNZ1ZFsKS78mwylDyHL0 # yTuv08JqDuommKgjmyvtLEeb6OYsOnSVQIcyV4XCY1kFA8mDuIsIlbWE3Nyv94Of # N+4jNKcDzniYb5LmKlXraIM8PjPpYb34DlNpzCDN7/tJuMFsy/NwArj1SiL630mg # Dm0fS5OgMYIZ7jCCGeoCAQEwfTBpMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGln # aUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0IFRydXN0ZWQgRzQgQ29kZSBT # aWduaW5nIFJTQTQwOTYgU0hBMzg0IDIwMjEgQ0ExAhAI+qTPsJ3byDJ7SsgX0LBU # MA0GCWCGSAFlAwQCAQUAoHwwEAYKKwYBBAGCNwIBDDECMAAwGQYJKoZIhvcNAQkD # MQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJ # KoZIhvcNAQkEMSIEILcD8kp2R0QlhGjImaq2r0s4yws0TJEp/1aa/lHfKMWxMA0G # CSqGSIb3DQEBAQUABIIBgB8sk4LOYvOZMmAS2ZC4PMmfP9vdvHMIJmp0WYTea6C4 # fETeoopqv/oB9BLLu/SBJvPSTp5bGo63AOqYvNibhP9jpBJHybbtRZfDThX1Kdgc # Y86IolsEDKzVTi2djQLMSVg5W3jS8x62bQUBE6+e+LADsL0Pua123XjpxVYQftSA # 989DToNn3bwoIuWEb6DJw7tBnd4XvmDT69VYAHNJNNXwEuV6FThPJ6AXztUnnftH # smJSukQ1CMYda2SRUULKm9LgKxQi6X3vY7j6h/Qs7KG2nbxY/ewsvcKiqpyLoYJ5 # SEB5fofvAPj6o1k4Z7OwxRIzO5QuJZwVMkzVZ3vfTdIvp4FKhK3E5WlcJoF+nBOy # SK9mbe3E63Koht8TvEgv6Ujvq+FC73y6rDOeAOuBYSEwOBJzAN6rkENXn+9W5SRB # IPXG3QqOl85fWwUEdicseYEb4JDnN4pZkyzTIi0dTsUKs/q71ivwrO5n0I/R02Ls # FifnlR9zlo1pQDVMTUMQDaGCF0QwghdABgorBgEEAYI3AwMBMYIXMDCCFywGCSqG # SIb3DQEHAqCCFx0wghcZAgEDMQ8wDQYJYIZIAWUDBAIBBQAweAYLKoZIhvcNAQkQ # AQSgaQRnMGUCAQEGCWCGSAGG/WwHATAxMA0GCWCGSAFlAwQCAQUABCAcUaIeugWN # M2RBncfhazr8XJn0KYXYavZWM2L38ErapAIRAN2sNXnjMnzMaTAd0bNJPucYDzIw # MjIwOTA3MTczNTE2WqCCEw0wggbGMIIErqADAgECAhAKekqInsmZQpAGYzhNhped # MA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2Vy # dCwgSW5jLjE7MDkGA1UEAxMyRGlnaUNlcnQgVHJ1c3RlZCBHNCBSU0E0MDk2IFNI # QTI1NiBUaW1lU3RhbXBpbmcgQ0EwHhcNMjIwMzI5MDAwMDAwWhcNMzMwMzE0MjM1 # OTU5WjBMMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJDAi # BgNVBAMTG0RpZ2lDZXJ0IFRpbWVzdGFtcCAyMDIyIC0gMjCCAiIwDQYJKoZIhvcN # AQEBBQADggIPADCCAgoCggIBALkqliOmXLxf1knwFYIY9DPuzFxs4+AlLtIx5DxA # rvurxON4XX5cNur1JY1Do4HrOGP5PIhp3jzSMFENMQe6Rm7po0tI6IlBfw2y1vmE # 8Zg+C78KhBJxbKFiJgHTzsNs/aw7ftwqHKm9MMYW2Nq867Lxg9GfzQnFuUFqRUIj # QVr4YNNlLD5+Xr2Wp/D8sfT0KM9CeR87x5MHaGjlRDRSXw9Q3tRZLER0wDJHGVvi # mC6P0Mo//8ZnzzyTlU6E6XYYmJkRFMUrDKAz200kheiClOEvA+5/hQLJhuHVGBS3 # BEXz4Di9or16cZjsFef9LuzSmwCKrB2NO4Bo/tBZmCbO4O2ufyguwp7gC0vICNEy # u4P6IzzZ/9KMu/dDI9/nw1oFYn5wLOUrsj1j6siugSBrQ4nIfl+wGt0ZvZ90QQqv # uY4J03ShL7BUdsGQT5TshmH/2xEvkgMwzjC3iw9dRLNDHSNQzZHXL537/M2xwafE # DsTvQD4ZOgLUMalpoEn5deGb6GjkagyP6+SxIXuGZ1h+fx/oK+QUshbWgaHK2jCQ # a+5vdcCwNiayCDv/vb5/bBMY38ZtpHlJrYt/YYcFaPfUcONCleieu5tLsuK2QT3n # r6caKMmtYbCgQRgZTu1Hm2GV7T4LYVrqPnqYklHNP8lE54CLKUJy93my3YTqJ+7+ # fXprAgMBAAGjggGLMIIBhzAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADAW # BgNVHSUBAf8EDDAKBggrBgEFBQcDCDAgBgNVHSAEGTAXMAgGBmeBDAEEAjALBglg # hkgBhv1sBwEwHwYDVR0jBBgwFoAUuhbZbU2FL3MpdpovdYxqII+eyG8wHQYDVR0O # BBYEFI1kt4kh/lZYRIRhp+pvHDaP3a8NMFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6 # Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNFJTQTQwOTZTSEEy # NTZUaW1lU3RhbXBpbmdDQS5jcmwwgZAGCCsGAQUFBwEBBIGDMIGAMCQGCCsGAQUF # BzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wWAYIKwYBBQUHMAKGTGh0dHA6 # Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNFJTQTQwOTZT # SEEyNTZUaW1lU3RhbXBpbmdDQS5jcnQwDQYJKoZIhvcNAQELBQADggIBAA0tI3Sm # 0fX46kuZPwHk9gzkrxad2bOMl4IpnENvAS2rOLVwEb+EGYs/XeWGT76TOt4qOVo5 # TtiEWaW8G5iq6Gzv0UhpGThbz4k5HXBw2U7fIyJs1d/2WcuhwupMdsqh3KErlrib # Vakaa33R9QIJT4LWpXOIxJiA3+5JlbezzMWn7g7h7x44ip/vEckxSli23zh8y/pc # 9+RTv24KfH7X3pjVKWWJD6KcwGX0ASJlx+pedKZbNZJQfPQXpodkTz5GiRZjIGvL # 8nvQNeNKcEiptucdYL0EIhUlcAZyqUQ7aUcR0+7px6A+TxC5MDbk86ppCaiLfmSi # ZZQR+24y8fW7OK3NwJMR1TJ4Sks3KkzzXNy2hcC7cDBVeNaY/lRtf3GpSBp43UZ3 # Lht6wDOK+EoojBKoc88t+dMj8p4Z4A2UKKDr2xpRoJWCjihrpM6ddt6pc6pIallD # rl/q+A8GQp3fBmiW/iqgdFtjZt5rLLh4qk1wbfAs8QcVfjW05rUMopml1xVrNQ6F # 1uAszOAMJLh8UgsemXzvyMjFjFhpr6s94c/MfRWuFL+Kcd/Kl7HYR+ocheBFThIc # FClYzG/Tf8u+wQ5KbyCcrtlzMlkI5y2SoRoR/jKYpl0rl+CL05zMbbUNrkdjOEcX # W28T2moQbh9Jt0RbtAgKh1pZBHYRoad3AhMcMIIGrjCCBJagAwIBAgIQBzY3tyRU # fNhHrP0oZipeWzANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEVMBMGA1UE # ChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEwHwYD # VQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMjIwMzIzMDAwMDAwWhcN # MzcwMzIyMjM1OTU5WjBjMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQs # IEluYy4xOzA5BgNVBAMTMkRpZ2lDZXJ0IFRydXN0ZWQgRzQgUlNBNDA5NiBTSEEy # NTYgVGltZVN0YW1waW5nIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC # AgEAxoY1BkmzwT1ySVFVxyUDxPKRN6mXUaHW0oPRnkyibaCwzIP5WvYRoUQVQl+k # iPNo+n3znIkLf50fng8zH1ATCyZzlm34V6gCff1DtITaEfFzsbPuK4CEiiIY3+va # PcQXf6sZKz5C3GeO6lE98NZW1OcoLevTsbV15x8GZY2UKdPZ7Gnf2ZCHRgB720RB # idx8ald68Dd5n12sy+iEZLRS8nZH92GDGd1ftFQLIWhuNyG7QKxfst5Kfc71ORJn # 7w6lY2zkpsUdzTYNXNXmG6jBZHRAp8ByxbpOH7G1WE15/tePc5OsLDnipUjW8LAx # E6lXKZYnLvWHpo9OdhVVJnCYJn+gGkcgQ+NDY4B7dW4nJZCYOjgRs/b2nuY7W+yB # 3iIU2YIqx5K/oN7jPqJz+ucfWmyU8lKVEStYdEAoq3NDzt9KoRxrOMUp88qqlnNC # aJ+2RrOdOqPVA+C/8KI8ykLcGEh/FDTP0kyr75s9/g64ZCr6dSgkQe1CvwWcZklS # UPRR8zZJTYsg0ixXNXkrqPNFYLwjjVj33GHek/45wPmyMKVM1+mYSlg+0wOI/rOP # 015LdhJRk8mMDDtbiiKowSYI+RQQEgN9XyO7ZONj4KbhPvbCdLI/Hgl27KtdRnXi # YKNYCQEoAA6EVO7O6V3IXjASvUaetdN2udIOa5kM0jO0zbECAwEAAaOCAV0wggFZ # MBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFLoW2W1NhS9zKXaaL3WMaiCP # nshvMB8GA1UdIwQYMBaAFOzX44LScV1kTN8uZz/nupiuHA9PMA4GA1UdDwEB/wQE # AwIBhjATBgNVHSUEDDAKBggrBgEFBQcDCDB3BggrBgEFBQcBAQRrMGkwJAYIKwYB # BQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0 # cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5j # cnQwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp # Z2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcmwwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJ # YIZIAYb9bAcBMA0GCSqGSIb3DQEBCwUAA4ICAQB9WY7Ak7ZvmKlEIgF+ZtbYIULh # sBguEE0TzzBTzr8Y+8dQXeJLKftwig2qKWn8acHPHQfpPmDI2AvlXFvXbYf6hCAl # NDFnzbYSlm/EUExiHQwIgqgWvalWzxVzjQEiJc6VaT9Hd/tydBTX/6tPiix6q4XN # Q1/tYLaqT5Fmniye4Iqs5f2MvGQmh2ySvZ180HAKfO+ovHVPulr3qRCyXen/KFSJ # 8NWKcXZl2szwcqMj+sAngkSumScbqyQeJsG33irr9p6xeZmBo1aGqwpFyd/EjaDn # mPv7pp1yr8THwcFqcdnGE4AJxLafzYeHJLtPo0m5d2aR8XKc6UsCUqc3fpNTrDsd # CEkPlM05et3/JWOZJyw9P2un8WbDQc1PtkCbISFA0LcTJM3cHXg65J6t5TRxktcm # a+Q4c6umAU+9Pzt4rUyt+8SVe+0KXzM5h0F4ejjpnOHdI/0dKNPH+ejxmF/7K9h+ # 8kaddSweJywm228Vex4Ziza4k9Tm8heZWcpw8De/mADfIBZPJ/tgZxahZrrdVcA6 # KYawmKAr7ZVBtzrVFZgxtGIJDwq9gdkT/r+k0fNX2bwE+oLeMt8EifAAzV3C+dAj # fwAL5HYCJtnwZXZCpimHCUcr5n8apIUP/JiW9lVUKx+A+sDyDivl1vupL0QVSucT # Dh3bNzgaoSv27dZ8/DCCBY0wggR1oAMCAQICEA6bGI750C3n79tQ4ghAGFowDQYJ # KoZIhvcNAQEMBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IElu # YzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQg # QXNzdXJlZCBJRCBSb290IENBMB4XDTIyMDgwMTAwMDAwMFoXDTMxMTEwOTIzNTk1 # OVowYjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UE # CxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3RlZCBS # b290IEc0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv+aQc2jeu+Rd # SjwwIjBpM+zCpyUuySE98orYWcLhKac9WKt2ms2uexuEDcQwH/MbpDgW61bGl20d # q7J58soR0uRf1gU8Ug9SH8aeFaV+vp+pVxZZVXKvaJNwwrK6dZlqczKU0RBEEC7f # gvMHhOZ0O21x4i0MG+4g1ckgHWMpLc7sXk7Ik/ghYZs06wXGXuxbGrzryc/NrDRA # X7F6Zu53yEioZldXn1RYjgwrt0+nMNlW7sp7XeOtyU9e5TXnMcvak17cjo+A2raR # mECQecN4x7axxLVqGDgDEI3Y1DekLgV9iPWCPhCRcKtVgkEy19sEcypukQF8IUzU # vK4bA3VdeGbZOjFEmjNAvwjXWkmkwuapoGfdpCe8oU85tRFYF/ckXEaPZPfBaYh2 # mHY9WV1CdoeJl2l6SPDgohIbZpp0yt5LHucOY67m1O+SkjqePdwA5EUlibaaRBkr # fsCUtNJhbesz2cXfSwQAzH0clcOP9yGyshG3u3/y1YxwLEFgqrFjGESVGnZifvaA # sPvoZKYz0YkH4b235kOkGLimdwHhD5QMIR2yVCkliWzlDlJRR3S+Jqy2QXXeeqxf # jT/JvNNBERJb5RBQ6zHFynIWIgnffEx1P2PsIV/EIFFrb7GrhotPwtZFX50g/KEe # xcCPorF+CiaZ9eRpL5gdLfXZqbId5RsCAwEAAaOCATowggE2MA8GA1UdEwEB/wQF # MAMBAf8wHQYDVR0OBBYEFOzX44LScV1kTN8uZz/nupiuHA9PMB8GA1UdIwQYMBaA # FEXroq/0ksuCMS1Ri6enIZ3zbcgPMA4GA1UdDwEB/wQEAwIBhjB5BggrBgEFBQcB # AQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBDBggr # BgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNz # dXJlZElEUm9vdENBLmNydDBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY3JsMy5k # aWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMBEGA1UdIAQK # MAgwBgYEVR0gADANBgkqhkiG9w0BAQwFAAOCAQEAcKC/Q1xV5zhfoKN0Gz22Ftf3 # v1cHvZqsoYcs7IVeqRq7IviHGmlUIu2kiHdtvRoU9BNKei8ttzjv9P+Aufih9/Jy # 3iS8UgPITtAq3votVs/59PesMHqai7Je1M/RQ0SbQyHrlnKhSLSZy51PpwYDE3cn # RNTnf+hZqPC/Lwum6fI0POz3A8eHqNJMQBk1RmppVLC4oVaO7KTVPeix3P0c2PR3 # WlxUjG/voVA9/HYJaISfb8rbII01YBwCA8sgsKxYoA5AY8WYIsGyWfVVa88nq2x2 # zm8jLfR+cWojayL/ErhULSd+2DrZ8LaHlv1b0VysGMNNn3O3AamfV6peKOK5lDGC # A3YwggNyAgEBMHcwYzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJ # bmMuMTswOQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2 # IFRpbWVTdGFtcGluZyBDQQIQCnpKiJ7JmUKQBmM4TYaXnTANBglghkgBZQMEAgEF # AKCB0TAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8X # DTIyMDkwNzE3MzUxNlowKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQUhQjzhlFcs9MH # fba0t8B/G0peQd4wLwYJKoZIhvcNAQkEMSIEIAnJTs7Id0QmKioUFGNA7hSDO9Jx # YP4fhKBMJZ4sD5LIMDcGCyqGSIb3DQEJEAIvMSgwJjAkMCIEIJ2mkBXDScbBiXhF # ujWCrXDIj6QpO9tqvpwr0lOSeeY7MA0GCSqGSIb3DQEBAQUABIICACqaakXtTQHL # nTziiOpe3Agk6DYiZ8QA1QomnD/9UiZzLDuT/eD6HIwC67CrZKTbtLNraXHjLXXp # 52AnJc5Uj3Di9heatoWrhI+EIKkSg5+JtsmJRXfREZHry2q5gyYx0yrgDZpZNFXj # tSTvM5d3OFM1g8OV/kL3PElFyBJ4enR1Qa/FIW9y5vnvI8d32IYj/d5fHStB4mtL # cTmCJiJ1Vbog/plS37IfCmS4/6ypOjnY9tgItmcFYx3EeBnoTSkCb2VyYceHz6au # t3SpFjn70yhq4Y9t1vumOt6eTkADbg8pDFiyv/FMl7gppphl6rqD02hpdnGTw6Ox # QG1PEaiXsGIb8i/W6EHLg5yX6zwmYXRAP69efAddb/OfOJgVqtzLaYMooJ1nEIbY # WRPSo+xbynh7aNHyWy1u4Cb/ob+vIqdC1O4s4x0apBTvDPM59LW6zMO4WhoEYczV # ebK4t0cUAY34IpOV3/hNEEJI8tyyVW5FcrZte97guq7ga4YCa/bhJNZhmaIujfrp # oartOsvWd+ES86OSllP8ns4l7Hm18Mtfr9J/G2A+XdwNfUjNLTpUsM6FiEtQWDb0 # VoXuRY8frwb/MiBwxDzs1RKsMccmNYhIF+Zszw4M3PPkVvutCtl01E9SGKv8lTJx # mE0r4k3XuLiWoK8zGA5JrRBh6CXeyz71 # SIG # End signature block |