From c173bd4d9902d798d75683247d13c89dda6861d2 Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Thu, 13 Jun 2024 11:41:48 +0530
Subject: [PATCH 01/48] feat: intial revocation service added

---
 miw/DEPENDENCIES => DEPENDENCIES              |  43 +-
 README.md                                     | 367 +---------------
 build.gradle                                  | 152 +++++++
 docs/api/{ => miw}/openapi_v001.json          |   2 +-
 gradle.properties                             |  10 +-
 Dockerfile => miw/Dockerfile                  |   4 +-
 miw/README.md                                 | 373 ++++++++++++++++
 miw/build.gradle                              | 132 +-----
 revocation-service/Dockerfile                 |  15 +
 revocation-service/README.md                  | 130 ++++++
 revocation-service/build.gradle               | 134 ++++++
 ...edentialsRevocationServiceApplication.java |  35 ++
 .../RevocationApiControllerApiDocs.java       | 199 +++++++++
 .../revocation/config/ApplicationConfig.java  |  51 +++
 .../revocation/config/ExceptionHandling.java  |  67 +++
 .../revocation/config/MIWSettings.java        |  40 ++
 .../revocation/config/OpenApiConfig.java      | 106 +++++
 .../CustomAuthenticationConverter.java        |  78 ++++
 .../config/security/SecurityConfig.java       | 119 +++++
 .../security/SecurityConfigProperties.java    |  37 ++
 .../revocation/constant/ApplicationRole.java  |  33 ++
 .../revocation/constant/PurposeType.java      |  27 ++
 .../constant/RevocationApiEndpoints.java      |  37 ++
 .../controllers/BaseController.java           |  52 +++
 .../controllers/RevocationApiController.java  | 136 ++++++
 .../revocation/domain/BPN.java                |  62 +++
 .../revocation/dto/CredentialStatusDto.java   |  48 ++
 .../revocation/dto/StatusEntryDto.java        |  41 ++
 .../dto/StatusListCredentialSubject.java      |  42 ++
 .../revocation/dto/TokenResponse.java         |  34 ++
 .../exception/BitSetManagerException.java     |  45 ++
 .../CredentialAlreadyRevokedException.java    |  29 ++
 .../exception/ForbiddenException.java         |  59 +++
 .../exception/RevocationServiceException.java |  62 +++
 .../revocation/jpa/StatusListCredential.java  |  95 ++++
 .../revocation/jpa/StatusListIndex.java       |  79 ++++
 .../jpa/StringToCredentialConverter.java      |  52 +++
 .../StatusListCredentialRepository.java       |  38 ++
 .../repository/StatusListIndexRepository.java |  37 ++
 .../services/HttpClientService.java           |  90 ++++
 .../services/RevocationService.java           | 365 ++++++++++++++++
 .../revocation/utils/BitSetManager.java       | 105 +++++
 .../revocation/utils/StringPool.java          |  27 ++
 .../revocation/utils/Validate.java            | 153 +++++++
 .../validation/ValidVerifiableCredential.java |  43 ++
 .../VerifiableCredentialValidator.java        |  95 ++++
 .../src/main/resources/application.yaml       | 130 ++++++
 .../db/changelog/changelog-master.xml         |  28 ++
 .../resources/db/changelog/changes/init.sql   |  69 +++
 .../revocation/TestUtil.java                  | 189 ++++++++
 ...edentialsRevocationServiceApplication.java |  45 ++
 .../config/ExceptionHandlingTest.java         |  73 ++++
 .../revocation/config/MIWSettingsTest.java    |  55 +++
 .../revocation/config/OpenApiConfigTest.java  |  73 ++++
 .../CustomAuthenticationConverterTest.java    | 111 +++++
 .../RevocationApiControllerTest.java          | 223 ++++++++++
 .../revocation/domain/BPNTest.java            |  79 ++++
 .../dto/CredentialStatusDtoTest.java          | 154 +++++++
 .../revocation/dto/StatusEntryDtoTest.java    |  88 ++++
 .../dto/StatusListCredentialSubjectTest.java  | 144 ++++++
 .../revocation/dto/TokenResponeTest.java      |  70 +++
 .../exception/BitSetManagerExceptionTest.java |  39 ++
 .../RevocationServiceExceptionTest.java       |  36 ++
 .../jpa/StatusListCredentialTest.java         | 159 +++++++
 .../revocation/jpa/StatusListIndexTest.java   | 165 +++++++
 .../services/HttpClientServiceTest.java       | 159 +++++++
 .../services/RevocationServiceTest.java       | 410 ++++++++++++++++++
 .../revocation/utils/BitSetManagerTest.java   | 109 +++++
 .../revocation/utils/ValidateTest.java        |  49 +++
 settings.gradle                               |   1 +
 70 files changed, 6139 insertions(+), 499 deletions(-)
 rename miw/DEPENDENCIES => DEPENDENCIES (88%)
 create mode 100644 build.gradle
 rename docs/api/{ => miw}/openapi_v001.json (99%)
 rename Dockerfile => miw/Dockerfile (88%)
 create mode 100644 miw/README.md
 create mode 100644 revocation-service/Dockerfile
 create mode 100644 revocation-service/README.md
 create mode 100644 revocation-service/build.gradle
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/VerifiableCredentialsRevocationServiceApplication.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/apidocs/RevocationApiControllerApiDocs.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/ApplicationConfig.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/ExceptionHandling.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/MIWSettings.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/OpenApiConfig.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/CustomAuthenticationConverter.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/SecurityConfig.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/SecurityConfigProperties.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/ApplicationRole.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/PurposeType.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/RevocationApiEndpoints.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/BaseController.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiController.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/domain/BPN.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/CredentialStatusDto.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusEntryDto.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusListCredentialSubject.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/TokenResponse.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/BitSetManagerException.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/CredentialAlreadyRevokedException.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/ForbiddenException.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/RevocationServiceException.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StatusListCredential.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StatusListIndex.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StringToCredentialConverter.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/repository/StatusListCredentialRepository.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/repository/StatusListIndexRepository.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientService.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/BitSetManager.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/StringPool.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/Validate.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/validation/ValidVerifiableCredential.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/validation/VerifiableCredentialValidator.java
 create mode 100644 revocation-service/src/main/resources/application.yaml
 create mode 100755 revocation-service/src/main/resources/db/changelog/changelog-master.xml
 create mode 100755 revocation-service/src/main/resources/db/changelog/changes/init.sql
 create mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/TestUtil.java
 create mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/TestVerifiableCredentialsRevocationServiceApplication.java
 create mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/ExceptionHandlingTest.java
 create mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/MIWSettingsTest.java
 create mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/OpenApiConfigTest.java
 create mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/CustomAuthenticationConverterTest.java
 create mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiControllerTest.java
 create mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/domain/BPNTest.java
 create mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/CredentialStatusDtoTest.java
 create mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusEntryDtoTest.java
 create mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusListCredentialSubjectTest.java
 create mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/TokenResponeTest.java
 create mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/BitSetManagerExceptionTest.java
 create mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/RevocationServiceExceptionTest.java
 create mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StatusListCredentialTest.java
 create mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StatusListIndexTest.java
 create mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientServiceTest.java
 create mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationServiceTest.java
 create mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/BitSetManagerTest.java
 create mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/ValidateTest.java

diff --git a/miw/DEPENDENCIES b/DEPENDENCIES
similarity index 88%
rename from miw/DEPENDENCIES
rename to DEPENDENCIES
index 5b080ebb..5ef621c7 100644
--- a/miw/DEPENDENCIES
+++ b/DEPENDENCIES
@@ -19,8 +19,11 @@ maven/mavencentral/com.github.ben-manes.caffeine/caffeine/3.1.8, Apache-2.0, app
 maven/mavencentral/com.github.curious-odd-man/rgxgen/1.4, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.github.dasniko/testcontainers-keycloak/2.5.0, Apache-2.0, approved, #9175
 maven/mavencentral/com.github.docker-java/docker-java-api/3.3.4, Apache-2.0, approved, #10346
+maven/mavencentral/com.github.docker-java/docker-java-api/3.3.6, Apache-2.0, approved, #10346
 maven/mavencentral/com.github.docker-java/docker-java-transport-zerodep/3.3.4, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #15251
+maven/mavencentral/com.github.docker-java/docker-java-transport-zerodep/3.3.6, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #15251
 maven/mavencentral/com.github.docker-java/docker-java-transport/3.3.4, Apache-2.0, approved, #7942
+maven/mavencentral/com.github.docker-java/docker-java-transport/3.3.6, Apache-2.0, approved, #7942
 maven/mavencentral/com.github.java-json-tools/btf/1.3, Apache-2.0 OR LGPL-3.0-only, approved, #15201
 maven/mavencentral/com.github.java-json-tools/jackson-coreutils/2.0, Apache-2.0 OR LGPL-3.0-or-later, approved, #15186
 maven/mavencentral/com.github.java-json-tools/json-patch/1.13, Apache-2.0 OR LGPL-3.0-or-later, approved, CQ23929
@@ -33,9 +36,13 @@ maven/mavencentral/com.google.crypto.tink/tink/1.11.0, Apache-2.0, approved, #10
 maven/mavencentral/com.google.errorprone/error_prone_annotations/2.21.1, Apache-2.0, approved, #9834
 maven/mavencentral/com.google.protobuf/protobuf-java/3.19.6, BSD-3-Clause, approved, clearlydefined
 maven/mavencentral/com.h2database/h2/2.2.220, (EPL-1.0 OR MPL-2.0) AND (LGPL-3.0-or-later OR EPL-1.0 OR MPL-2.0), approved, #9322
+maven/mavencentral/com.h2database/h2/2.2.224, (EPL-1.0 OR MPL-2.0) AND (LGPL-3.0-or-later OR EPL-1.0 OR MPL-2.0), approved, #9322
 maven/mavencentral/com.ibm.async/asyncutil/0.1.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.jayway.jsonpath/json-path/2.9.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/com.nimbusds/content-type/2.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/com.nimbusds/lang-tag/1.7, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.37.3, Apache-2.0, approved, #11701
+maven/mavencentral/com.nimbusds/oauth2-oidc-sdk/9.43.4, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.opencsv/opencsv/5.9, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.smartsensesolutions/commons-dao/0.0.5, Apache-2.0, approved, #9176
 maven/mavencentral/com.sun.activation/jakarta.activation/1.2.1, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
@@ -70,9 +77,9 @@ maven/mavencentral/io.smallrye.config/smallrye-config-common/2.3.0, Apache-2.0,
 maven/mavencentral/io.smallrye.config/smallrye-config-core/2.3.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.smallrye.config/smallrye-config/2.3.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/io.smallrye/jandex/3.1.2, Apache-2.0, approved, clearlydefined
-maven/mavencentral/io.swagger.core.v3/swagger-annotations-jakarta/2.2.9, Apache-2.0, approved, #5947
-maven/mavencentral/io.swagger.core.v3/swagger-core-jakarta/2.2.9, Apache-2.0, approved, #5929
-maven/mavencentral/io.swagger.core.v3/swagger-models-jakarta/2.2.9, Apache-2.0, approved, #5919
+maven/mavencentral/io.swagger.core.v3/swagger-annotations-jakarta/2.2.21, Apache-2.0, approved, #5947
+maven/mavencentral/io.swagger.core.v3/swagger-core-jakarta/2.2.21, Apache-2.0, approved, #5929
+maven/mavencentral/io.swagger.core.v3/swagger-models-jakarta/2.2.21, Apache-2.0, approved, #5919
 maven/mavencentral/jakarta.activation/jakarta.activation-api/2.1.3, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
 maven/mavencentral/jakarta.annotation/jakarta.annotation-api/2.1.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.ca
 maven/mavencentral/jakarta.inject/jakarta.inject-api/2.0.1, Apache-2.0, approved, ee4j.cdi
@@ -125,9 +132,13 @@ maven/mavencentral/org.hdrhistogram/HdrHistogram/2.2.2, BSD-2-Clause AND CC0-1.0
 maven/mavencentral/org.hibernate.common/hibernate-commons-annotations/6.0.6.Final, LGPL-2.1-only, approved, #6962
 maven/mavencentral/org.hibernate.orm/hibernate-core/6.5.2.Final, LGPL-2.1-only AND (EPL-2.0 OR BSD-3-Clause) AND LGPL-2.1-or-later AND MIT, approved, #15118
 maven/mavencentral/org.hibernate.validator/hibernate-validator/8.0.1.Final, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.jacoco/org.jacoco.agent/0.8.8, EPL-2.0, approved, CQ23285
 maven/mavencentral/org.jacoco/org.jacoco.agent/0.8.9, EPL-2.0, approved, CQ23285
+maven/mavencentral/org.jacoco/org.jacoco.ant/0.8.8, EPL-2.0, approved, #1068
 maven/mavencentral/org.jacoco/org.jacoco.ant/0.8.9, EPL-2.0, approved, #1068
+maven/mavencentral/org.jacoco/org.jacoco.core/0.8.8, EPL-2.0, approved, CQ23283
 maven/mavencentral/org.jacoco/org.jacoco.core/0.8.9, EPL-2.0, approved, CQ23283
+maven/mavencentral/org.jacoco/org.jacoco.report/0.8.8, EPL-2.0 AND Apache-2.0, approved, CQ23284
 maven/mavencentral/org.jacoco/org.jacoco.report/0.8.9, EPL-2.0 AND Apache-2.0, approved, CQ23284
 maven/mavencentral/org.jboss.logging/jboss-logging/3.5.3.Final, Apache-2.0, approved, #9471
 maven/mavencentral/org.jboss.resteasy/resteasy-client-api/4.7.7.Final, Apache-2.0, approved, clearlydefined
@@ -162,21 +173,25 @@ maven/mavencentral/org.mockito/mockito-inline/5.2.0, MIT, approved, clearlydefin
 maven/mavencentral/org.mockito/mockito-junit-jupiter/5.11.0, MIT, approved, #13504
 maven/mavencentral/org.objenesis/objenesis/3.3, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.opentest4j/opentest4j/1.3.0, Apache-2.0, approved, #9713
+maven/mavencentral/org.ow2.asm/asm-analysis/9.2, BSD-3-Clause, approved, clearlydefined
+maven/mavencentral/org.ow2.asm/asm-commons/9.2, BSD-3-Clause, approved, clearlydefined
 maven/mavencentral/org.ow2.asm/asm-commons/9.5, BSD-3-Clause, approved, #7553
+maven/mavencentral/org.ow2.asm/asm-tree/9.2, BSD-3-Clause, approved, clearlydefined
 maven/mavencentral/org.ow2.asm/asm-tree/9.5, BSD-3-Clause, approved, #7555
+maven/mavencentral/org.ow2.asm/asm/9.2, BSD-3-Clause, approved, CQ23635
 maven/mavencentral/org.ow2.asm/asm/9.5, BSD-3-Clause, approved, #7554
 maven/mavencentral/org.ow2.asm/asm/9.6, BSD-3-Clause, approved, #10776
 maven/mavencentral/org.postgresql/postgresql/42.7.3, BSD-2-Clause AND Apache-2.0, approved, #11681
-maven/mavencentral/org.projectlombok/lombok/1.18.28, MIT, approved, #15192
+maven/mavencentral/org.projectlombok/lombok/1.18.32, MIT, approved, #15192
 maven/mavencentral/org.projectlombok/lombok/1.18.34, MIT, approved, #15192
 maven/mavencentral/org.reactivestreams/reactive-streams/1.0.4, CC0-1.0, approved, CQ16332
 maven/mavencentral/org.rnorth.duct-tape/duct-tape/1.0.8, MIT, approved, clearlydefined
 maven/mavencentral/org.skyscreamer/jsonassert/1.5.3, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.slf4j/jul-to-slf4j/2.0.13, MIT, approved, #7698
 maven/mavencentral/org.slf4j/slf4j-api/2.0.13, MIT, approved, #5915
-maven/mavencentral/org.springdoc/springdoc-openapi-starter-common/2.1.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-api/2.1.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-ui/2.1.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springdoc/springdoc-openapi-starter-common/2.5.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-api/2.5.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-ui/2.5.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.boot/spring-boot-actuator-autoconfigure/3.3.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.boot/spring-boot-actuator/3.3.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.3.2, Apache-2.0, approved, clearlydefined
@@ -187,6 +202,8 @@ maven/mavencentral/org.springframework.boot/spring-boot-starter-data-jpa/3.3.2,
 maven/mavencentral/org.springframework.boot/spring-boot-starter-jdbc/3.3.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.boot/spring-boot-starter-json/3.3.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.boot/spring-boot-starter-logging/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-starter-oauth2-client/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-starter-oauth2-resource-server/3.3.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.boot/spring-boot-starter-security/3.3.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.boot/spring-boot-starter-test/3.3.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.boot/spring-boot-starter-tomcat/3.3.2, Apache-2.0, approved, clearlydefined
@@ -195,6 +212,7 @@ maven/mavencentral/org.springframework.boot/spring-boot-starter-web/3.3.2, Apach
 maven/mavencentral/org.springframework.boot/spring-boot-starter/3.3.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.boot/spring-boot-test-autoconfigure/3.3.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.boot/spring-boot-test/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-testcontainers/3.3.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.boot/spring-boot/3.3.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.cloud/spring-cloud-commons/4.1.4, Apache-2.0, approved, #13495
 maven/mavencentral/org.springframework.cloud/spring-cloud-context/4.1.4, Apache-2.0, approved, #13494
@@ -206,10 +224,12 @@ maven/mavencentral/org.springframework.data/spring-data-jpa/3.3.2, Apache-2.0, a
 maven/mavencentral/org.springframework.security/spring-security-config/6.3.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.security/spring-security-core/6.3.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.security/spring-security-crypto/6.3.1, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.security/spring-security-oauth2-client/6.3.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.security/spring-security-oauth2-core/6.3.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.security/spring-security-oauth2-jose/6.3.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.security/spring-security-oauth2-resource-server/6.3.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.security/spring-security-rsa/1.1.3, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.security/spring-security-test/6.3.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.security/spring-security-web/6.3.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework/spring-aop/6.1.11, Apache-2.0, approved, #15221
 maven/mavencentral/org.springframework/spring-aspects/6.1.11, Apache-2.0, approved, #15193
@@ -225,11 +245,16 @@ maven/mavencentral/org.springframework/spring-tx/6.1.11, Apache-2.0, approved, #
 maven/mavencentral/org.springframework/spring-web/6.1.11, Apache-2.0, approved, #15188
 maven/mavencentral/org.springframework/spring-webmvc/6.1.11, Apache-2.0, approved, #15182
 maven/mavencentral/org.testcontainers/database-commons/1.19.3, Apache-2.0, approved, #10345
+maven/mavencentral/org.testcontainers/database-commons/1.19.8, Apache-2.0, approved, #10345
 maven/mavencentral/org.testcontainers/jdbc/1.19.3, Apache-2.0, approved, #10348
+maven/mavencentral/org.testcontainers/jdbc/1.19.8, Apache-2.0, approved, #10348
 maven/mavencentral/org.testcontainers/junit-jupiter/1.19.3, MIT, approved, #10344
+maven/mavencentral/org.testcontainers/junit-jupiter/1.19.8, MIT, approved, #10344
 maven/mavencentral/org.testcontainers/postgresql/1.19.3, MIT, approved, #10350
+maven/mavencentral/org.testcontainers/postgresql/1.19.8, MIT, approved, #10350
 maven/mavencentral/org.testcontainers/testcontainers/1.19.3, Apache-2.0 AND MIT, approved, #10347
-maven/mavencentral/org.webjars/swagger-ui/4.18.2, Apache-2.0, approved, #15184
+maven/mavencentral/org.testcontainers/testcontainers/1.19.8, MIT, approved, #15203
+maven/mavencentral/org.webjars/swagger-ui/5.13.0, Apache-2.0, approved, #14547
 maven/mavencentral/org.wiremock/wiremock-standalone/3.4.2, MIT AND Apache-2.0, approved, #14889
 maven/mavencentral/org.xmlunit/xmlunit-core/2.9.1, Apache-2.0, approved, #6272
-maven/mavencentral/org.yaml/snakeyaml/2.0, Apache-2.0 AND (Apache-2.0 OR BSD-3-Clause OR EPL-1.0 OR GPL-2.0-or-later OR LGPL-2.1-or-later), approved, #7275
+maven/mavencentral/org.yaml/snakeyaml/2.2, Apache-2.0 AND (Apache-2.0 OR BSD-3-Clause OR EPL-1.0 OR GPL-2.0-or-later OR LGPL-2.1-or-later), approved, #10232
diff --git a/README.md b/README.md
index a4c2920d..244d2c3a 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,10 @@
-# Managed Identity Wallets
-
 The Managed Identity Wallets (MIW) service implements the Self-Sovereign-Identity (SSI) using `did:web`.
 
-# Usage
+This is a gradle multi-module project containing two applications:
 
-See [INSTALL.md](INSTALL.md)
+1. **miw**: This is a wallet application. Please refer [README.md](miw%2FREADME.md) for more information
+2. **revocation-service**: This is verifiable credential revocation service. Please
+   refer [README.md](revocation-service%2FREADME.md) for more information
 
 # Committer Documentation
 
@@ -42,361 +42,14 @@ At this point your repository will behave exactly like upstream when doing a rel
 
 # Developer Documentation
 
-To run MIW locally, this section describes the tooling as well as the local development setup.
-
-There are two possible flows, which can be used for development:
-
-1. **local**: Run the postgresql and keycloak server inside docker. Start MIW from within your IDE (recommended for
-   actual development)
-2. **docker**: Run everything inside docker (use to test or check behavior inside a docker environment)
-
-## Tooling
-
-Following tools the MIW development team used successfully:
-
-| Area     | Tool     | Download Link                                   | Comment                                                                                          |
-|----------|----------|-------------------------------------------------|--------------------------------------------------------------------------------------------------|
-| IDE      | IntelliJ | https://www.jetbrains.com/idea/download/        | Use[envfile plugin](https://plugins.jetbrains.com/plugin/7861-envfile) to use the **local** flow |
-| Build    | Gradle   | https://gradle.org/install/                     |                                                                                                  |
-| Runtime  | Docker   | https://www.docker.com/products/docker-desktop/ |                                                                                                  |
-| Database | DBeaver  | https://dbeaver.io/                             |                                                                                                  |
-| IAM      | Keycloak | https://www.keycloak.org/                       |                                                                                                  |
-
-## Eclipse Dash Tool
-
-[Eclipse Dash Homepage](https://projects.eclipse.org/projects/technology.dash)
-
-The Eclipse Dash tool is used to analyze the dependencies used in the project and ensure all legal requirements are met.
-We've added a gradle tasks to download the latest version of Dash locally, resolve all project dependencies and then run
-the tool and update the summary in the DEPENDENCIES file.
-
-To run the license check:
-
-```bash
-./gradlew dashLicenseCheck
-```
-
-To clean all files created by the dash tasks:
-
-```bash
-./gradlew dashClean
-```
-
-This command will output all dependencies, save the to file `deps.txt`. Dash will read from the file and update the
-summary in the `DEPENDENCIES` file. A committer can open and issue to resolve any problems with the dependencies.
-
-# Administrator Documentation
-
-## Manual Keycloak Configuration
-
-Within the development setup the Keycloak instance is initially prepared with the values
-in `./dev-assets/docker-environment/keycloak`. The realm could also be manually added and configured
-at http://localhost:8080 via the "Add realm" button. It can be for example named `localkeycloak`. Also add an additional
-client, e.g. named `miw_private_client` with *valid redirect url* set to `http://localhost:8080/*`. The roles
-
-- add_wallets
-- view_wallets
-- update_wallets
-- delete_wallets
-- view_wallet
-- update_wallet
-- manage_app
-
-Roles can be added under *Clients > miw_private_client > Roles* and then assigned to the client using *Clients >
-miw_private_client > Client Scopes* *> Service Account Roles > Client Roles > miw_private_client*.
-
-The available scopes/roles are:
-
-1. Role `add_wallets` to create a new wallet
-2. Role `view_wallets`:
-    - to get a list of all wallets
-    - to retrieve one wallet by its identifier
-    - to validate a Verifiable Credential
-    - to validate a Verifiable Presentation
-    - to get all stored Verifiable Credentials
-3. Role `update_wallets` for the following actions:
-    - to store Verifiable Credential
-    - to issue a Verifiable Credential
-    - to issue a Verifiable Presentation
-4. Role `update_wallet`:
-    - to remove a Verifiable Credential
-    - to store a Verifiable Credential
-    - to issue a Verifiable Credential
-    - to issue a Verifiable Presentation
-5. Role `view_wallet` requires the BPN of Caller and it can be used:
-    - to get the Wallet of the related BPN
-    - to get stored Verifiable Credentials of the related BPN
-    - to validate any Verifiable Credential
-    - to validate any Verifiable Presentation
-6. Role `manage_app` used to change the log level of the application at runtime. Check Logging in the application
-   section for more details
-
-Overview by Endpoint
-
-| Artefact                                  | CRUD   | HTTP Verb/ Request | Endpoint                              | Roles                                        | Constraints                                                |
-|-------------------------------------------|--------|--------------------|---------------------------------------|----------------------------------------------|------------------------------------------------------------|
-| **Wallets**                               | Read   | GET                | /api/wallets                          | **view_wallets**                             |                                                            |
-| **Wallets**                               | Create | POST               | /api/wallets                          | **add_wallets**                              | **1 BPN : 1 WALLET**(PER ONE [1] BPN ONLY ONE [1] WALLET!) |
-| **Wallets**                               | Create | POST               | /api/wallets/{identifier}/credentials | **update_wallets** <br />OR**update_wallet** |                                                            |
-| **Wallets**                               | Read   | GET                | /api/wallets/{identifier}             | **view_wallets** OR<br />**view_wallet**     |                                                            |
-| **Verifiable Presentations - Generation** | Create | POST               | /api/presentation                     | **update_wallets** OR<br />**update_wallet** |                                                            |
-| **Verifiable Presentations - Validation** | Create | POST               | /api/presentations/validation         | **view_wallets** OR<br />**view_wallet**     |                                                            |
-| **Verifiable Credential - Holder**        | Read   | GET                | /api/credentials                      | **view_wallets** OR<br />**view_wallet**     |                                                            |
-| **Verifiable Credential - Holder**        | Create | POST               | /api/credentials                      | **update_wallet** OR<br />**update_wallet**  |                                                            |
-| **Verifiable Credential - Holder**        | Delete | DELETE             | /api/credentials                      | **update_wallet**                            |                                                            |
-| **Verfiable Credential - Validation**     | Create | POST               | /api/credentials/validation           | **view_wallets** OR<br />**view_wallet**     |                                                            |
-| **Verfiable Credential - Issuer**         | Read   | GET                | /api/credentials/issuer               | **view_wallets**                             |                                                            |
-| **Verfiable Credential - Issuer**         | Create | POST               | /api/credentials/issuer               | **update_wallets**                           |                                                            |
-| **DIDDocument**                           | Read   | GET                | /{bpn}/did.json                       | N/A                                          |                                                            |
-| **DIDDocument**                           | Read   | GET                | /api/didDocuments/{identifier}        | N/A                                          |                                                            |
-
-Additionally, a Token mapper can be created under *Clients* &gt; *ManagedIdentityWallets* &gt; *Mappers* &gt; *create*
-with the following configuration (using as an example `BPNL000000001`):
-
-| Key                                | Value           |
-|------------------------------------|-----------------|
-| Name                               | StaticBPN       |
-| Mapper Type                        | Hardcoded claim |
-| Token Claim Name                   | BPN             |
-| Claim value                        | BPNL000000001   |
-| Claim JSON Type                    | String          |
-| Add to ID token                    | OFF             |
-| Add to access token                | ON              |
-| Add to userinfo                    | OFF             |
-| includeInAccessTokenResponse.label | ON              |
-
-If you receive an error message that the client secret is not valid, please go into keycloak admin and within *Clients >
-Credentials* recreate the secret.
-
-## Development Setup
-
-NOTE: The MIW requires access to the internet in order to validate the JSON-LD schema of DID documents.
-
-### Prerequisites
-
-To simplify the dev environment, [Taskfile](https://taskfile.dev) is used as a task executor. You have to install it
-first.
-
-> **IMPORTANT**: Before executing any of th tasks, you have to choose your flow (*local* or *docker*). *local* is
-> default. To change that, you need to edit the variable **ENV** in the *Taskfile.yaml*. (see below)
-
-After that, run `task check-prereqs` to see, if any other required tool is installed or missing. If something is
-missing, a link to the install docs is provided.
-
-Now, you have to adjust the *env* files (located in *dev-assets/env-files*). To do that, copy every file to the same
-directory, but without ".dist" at the end.
-
-Description of the env files:
-
-- **env.local**: Set up everything to get ready for flow "local". You need to fill in the passwords.
-- **env.docker**: Set up everything to get ready for flow "docker". You need to fill in the passwords.
-
-> **IMPORTANT**: ssi-lib is resolving DID documents over the network. There are two endpoints that rely on this resolution:
-> - Verifiable Credentials - Validation
-> - Verifiable Presentations - Validation
->
-> The following parameters are set in env.local or env.docker file per default:
-> ENFORCE_HTTPS_IN_DID_RESOLUTION=false
-> MIW_HOST_NAME=localhost
-> APPLICATION_PORT=80
-> If you intend to change them, the DID resolving may not work properly anymore!
-
-> **IMPORTANT**: When you are using macOS and the MIW docker container won't start up (stuck somewhere or doesn't start
-> at all), you can enable the docker-desktop feature "Use Rosetta for x86/amd64 emulation on Apple Silicon" in your
-> Docker settings (under "features in development"). This should fix the issue.
-
-Note: *SKIP_GRADLE_TASKS_PARAM* is used to pass parameters to the build process of the MIW jar. Currently, it skips the
-tests and code coverage, but speeds up the build time. If you want to activate it, just comment it out
-like `SKIP_GRADLE_TASKS_PARAM="" #"-x jacocoTestCoverageVerification -x test"`
-
-After every execution (either *local* or *docker* flow), run the matching "stop" task (
-e.g.: `task docker:start-app` -> `task docker:stop-app`)
-
-When you just run `task` without parameters, you will see all tasks available.
-
-### local
-
-1. Run `task docker:start-middleware` and wait until it shows "(main) Running the server in development mode. DO NOT use
-   this configuration in production." in the terminal
-2. Run `task app:build` to build the MIW application
-3. Run
-   [ManagedIdentityWalletsApplication.java](src/main/java/org/eclipse/tractusx/managedidentitywallets/ManagedIdentityWalletsApplication.java)
-   via IDE and use the local.env file to populate environment vars (e.g. EnvFile plugin for IntelliJ)
-4. Run `task app:get-token` and copy the token (including "BEARER" prefix) (Mac users have the token already in their
-   clipboard)
-5. Open API doc on http://localhost:8000 (or what port you configured in the *env.local* file)
-6. Click on Authorize on swagger UI and on the dialog paste the token into the "value" input
-7. Click on "Authorize" and "close"
-8. MIW is up and running
-
-### docker
-
-1. Run `task docker:start-app` and wait until it shows "Started ManagedIdentityWalletsApplication in ... seconds"
-2. Run `task app:get-token` and copy the token (including "BEARER" prefix) (Mac users have the token already in their
-   clipboard)
-3. Open API doc on http://localhost:8000 (or what port you configured in the *env.local* file)
-4. Click on Authorize on swagger UI and on the dialog paste the token into the "value" input
-5. Click on "Authorize" and "close"
-6. MIW is up and running
-
-### pgAdmin
-
-This local environment contains [pgAdmin](https://www.pgadmin.org/), which is also started (
-default: http://localhost:8888).
-The default login is:
-
-```
-user: pg@admin.com (you can change it in the env.* files)
-password: the one you set for "POSTGRES_PASSWORD" in the env.* files
-```
-
-#### DB connection password
-
-When you log in into pgAdmin, the local Postgresql server is already configured.
-But you will be asked to enter the DB password on the first time you connect to the DB.
-(password: POSTGRES_PASSWORD in the env.* files)
-
-#### Storage folder
-
-The storage folder of pgAdmin is mounted to `dev-assets/docker-environment/pgAdmin/storage/`.
-For example, You can save DB backups there, so you can access them on your local machine.
-
-# End Users
-
-See OpenAPI documentation, which is automatically created from the source and available on each deployment at
-the `/docs/api-docs/docs` endpoint (e.g. locally at http://localhost:8087/docs/api-docs/docs). An export of the JSON
-document can be also found in [docs/openapi_v001.json](docs/api/openapi_v001.json).
-
-# Test Coverage
-
-Jacoco is used to generate the coverage report. The report generation and the coverage verification are automatically
-executed after tests.
-
-The generated HTML report can be found under `jacoco-report/html/`
-
-To generate the report run the command:
-
-```
-task app:test-report
-```
-
-To check the coverage run the command:
-
-```
-task app:coverage
-```
-
-Currently, the minimum is 80% coverage.
-
-# Common issues and solutions during local setup
-
-## 1. Can not build with test cases
-
-Test cases are written using the Spring Boot integration test frameworks. These test frameworks start the Spring Boot
-test context, which allows us to perform integration testing. In our tests, we utilize the Testcontainers
-library (https://java.testcontainers.org/) for managing Docker containers. Specifically, we use Testcontainers to start
-PostgreSQL and Keycloak Docker containers locally.
-
-Before running the tests, please ensure that you have Docker runtime installed and that you have the necessary
-permissions to run containers.
-
-Alternative, you can skip test during the build with `` ./gradlew clean build -x test``
-
-## 2. Database migration related issue
-
-We have implemented database migration using Liquibase (https://www.liquibase.org/). Liquibase allows us to manage
-database schema changes effectively.
-
-In case you encounter any database-related issues, you can resolve them by following these steps:
-
-1. Delete all tables from the database.
-2. Restart the application.
-3. Upon restart, the application will recreate the database schema from scratch.
-
-This process ensures that any issues with the database schema are resolved by recreating it in a fresh state.
-
-# Environment Variables
-
-| name                            | description                                                                                  | default value                                                                                                                                       |
-|---------------------------------|----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
-| APPLICATION_PORT                | port number of application                                                                   | 8080                                                                                                                                                |
-| APPLICATION_ENVIRONMENT         | Environment of the application ie. local, dev, int and prod                                  | local                                                                                                                                               |
-| DB_HOST                         | Database host                                                                                | localhost                                                                                                                                           |
-| DB_PORT                         | Port of database                                                                             | 5432                                                                                                                                                |
-| DB_NAME                         | Database name                                                                                | miw                                                                                                                                                 |
-| USE_SSL                         | Whether SSL is enabled in database server                                                    | false                                                                                                                                               |
-| DB_USER_NAME                    | Database username                                                                            |                                                                                                                                                     |
-| DB_PASSWORD                     | Database password                                                                            |                                                                                                                                                     |
-| DB_POOL_SIZE                    | Max number of database connection acquired by application                                    | 10                                                                                                                                                  |
-| KEYCLOAK_MIW_PUBLIC_CLIENT      | Only needed if we want enable login with keyalock in swagger                                 | miw_public                                                                                                                                          |
-| MANAGEMENT_PORT                 | Spring actuator port                                                                         | 8090                                                                                                                                                |
-| MIW_HOST_NAME                   | Application host name, this will be used in creation of did ie. did:web:MIW_HOST_NAME:BPN    | localhost                                                                                                                                           |
-| ENCRYPTION_KEY                  | encryption key used to encrypt and decrypt private and public key of wallet                  |                                                                                                                                                     |
-| AUTHORITY_WALLET_BPN            | base wallet BPN number                                                                       | BPNL000000000000                                                                                                                                    |
-| AUTHORITY_WALLET_NAME           | Base wallet name                                                                             | Catena-X                                                                                                                                            |
-| AUTHORITY_WALLET_DID            | Base wallet web did                                                                          | web:did:host:BPNL000000000000                                                                                                                       |
-| VC_SCHEMA_LINK                  | Comma separated list of VC schema URL                                                        | https://www.w3.org/2018/credentials/v1, https://catenax-ng.github.io/product-core-schemas/businessPartnerData.json                                  |
-| VC_EXPIRY_DATE                  | Expiry date of VC (dd-MM-yyyy ie. 01-01-2025 expiry date will be 2024-12-31T18:30:00Z in VC) | 01-01-2025                                                                                                                                          |
-| KEYCLOAK_REALM                  | Realm name of keycloak                                                                       | miw_test                                                                                                                                            |
-| KEYCLOAK_CLIENT_ID              | Keycloak private client id                                                                   |                                                                                                                                                     |
-| AUTH_SERVER_URL                 | Keycloak server url                                                                          |                                                                                                                                                     |
-| ENFORCE_HTTPS_IN_DID_RESOLUTION | Enforce https during web did resolution                                                      | true                                                                                                                                                |
-| APP_LOG_LEVEL                   | Log level of application                                                                     | INFO                                                                                                                                                |
-| AUTHORITY_SIGNING_SERVICE_TYPE  | Base wallet signing type, Currency only LOCAL is supported                                   | Local                                                                                                                                               |
-| LOCAL_SIGNING_KEY_STORAGE_TYPE  | Key storage type, currently only DB is supported                                             | DB                                                                                                                                                  |
-|                                 |                                                                                              |                                                                                                                                                     |
-
-# Technical Debts and Known issue
-
-1. Keys are stored in database in encrypted format, need to store keys in more secure place ie. Vault
-2. Policies can be validated dynamically as per request while validating VP and
-   VC. [Check this for more details](https://docs.walt.id/v/ssikit/concepts/verification-policies)
-
-# Logging in application
-
-Log level in application can be set using environment variable ``APP_LOG_LEVEL``. Possible values
-are ``OFF, ERROR, WARN, INFO, DEBUG, TRACE`` and default value set to ``INFO``
-
-## Change log level at runtime using Spring actuator
-
-We can use ``/actuator/loggers`` API endpoint of actuator for log related things. This end point can be accessible with
-role ``manage_app``. We can add this role to authority wallet client using keycloak as below:
-
-![manage_app.png](docs%2Fmanage_app.png)
-
-1. API to get current log settings
-   ```bash
-   curl --location 'http://localhost:8090/actuator/loggers' \
-   --header 'Authorization: Bearer access_token'
-   ```
-2. Change log level at runtime
-   ```bash
-   curl --location 'http://localhost:8090/actuator/loggers/{java package name}' \
-   --header 'Content-Type: application/json' \
-   --header 'Authorization: Bearer access_token' \
-   --data '{"configuredLevel":"INFO"}'
-   ```
-   i.e.
-   ```bash
-   curl --location 'http://localhost:8090/actuator/loggers/org.eclipse.tractusx.managedidentitywallets' \
-   --header 'Content-Type: application/json' \
-   --header 'Authorization: Bearer access_token' \
-   --data '{"configuredLevel":"INFO"}'
-   ```
-
-## Reference of external lib
-
-1. https://www.testcontainers.org/modules/databases/postgres/
-2. https://github.com/dasniko/testcontainers-keycloak
-3. https://github.com/smartSenseSolutions/smartsense-java-commons
-4. https://github.com/catenax-ng/product-lab-ssi
+For end-to-end testing both the application should be running.
 
-## Notice for Docker image
+### Common gradle task
 
-See [Docker-hub-notice.md](./Docker-hub-notice.md)
+1. Build both the application
 
-## Acknowledgments
+``./gradlew clean build``
 
-We would like to give credit to these projects, which we use in our project.
+2. Run tests
 
-[![semantic-release: angular](https://img.shields.io/badge/semantic--release-angular-e10079?logo=semantic-release)](https://github.com/semantic-release/semantic-release)
+``./gradlew clean test`
diff --git a/build.gradle b/build.gradle
new file mode 100644
index 00000000..34271e88
--- /dev/null
+++ b/build.gradle
@@ -0,0 +1,152 @@
+/********************************************************************************
+ * Copyright (c) 2024 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License, Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ********************************************************************************/
+
+buildscript {
+    repositories {
+        mavenCentral()
+    }
+    dependencies {
+        classpath "org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}"
+    }
+}
+
+plugins {
+    id "de.undercouch.download" version "5.5.0"
+}
+
+group = "${appGroup}"
+
+subprojects {
+    apply {
+        plugin "java"
+        plugin "org.springframework.boot"
+        plugin "io.spring.dependency-management"
+        plugin 'jacoco-report-aggregation'
+
+    }
+
+    java {
+        sourceCompatibility = JavaVersion.VERSION_17
+    }
+
+    repositories {
+        mavenLocal()
+        mavenCentral()
+        maven {
+            url = uri("https://repo.danubetech.com/repository/maven-public")
+        }
+        maven { url 'https://jitpack.io' }
+        maven {
+            url = uri("https://repo.eclipse.org/content/repositories/dash-licenses/")
+        }
+    }
+
+    dependencies {
+        compileOnly 'org.projectlombok:lombok'
+        annotationProcessor 'org.projectlombok:lombok'
+
+        developmentOnly 'org.springframework.boot:spring-boot-devtools'
+
+        testCompileOnly 'org.projectlombok:lombok'
+        testAnnotationProcessor 'org.projectlombok:lombok'
+    }
+
+
+    tasks.named('test') {
+        useJUnitPlatform()
+
+    }
+    bootJar {
+        enabled = false
+    }
+
+}
+
+
+tasks.register('dashDownload', Download) {
+    description = 'Download the Dash License Tool standalone jar'
+    group = 'License'
+    src 'https://repo.eclipse.org/service/local/artifact/maven/redirect?r=dash-licenses&g=org.eclipse.dash&a=org.eclipse.dash.licenses&v=LATEST'
+    dest rootProject.file('dash.jar')
+    overwrite false
+}
+
+// This task is primarily used by CIs
+tasks.register('dashClean') {
+    description = "Clean all files used by the 'License' group"
+    group = 'License'
+    logger.lifecycle("Removing 'dash.jar'")
+    rootProject.file('dash.jar').delete()
+    logger.lifecycle("Removing 'deps.txt'")
+    file('deps.txt').delete()
+}
+
+tasks.register('dashDependencies') { dashDependencies ->
+    description = "Output all project dependencies as a flat list and save an intermediate file 'deps.txt'."
+    group = 'License'
+    dashDependencies.dependsOn('dashDownload')
+    doLast {
+        def deps = []
+        project.allprojects.each { project ->
+            project.configurations.each { conf ->
+                // resolving 'archives' or 'default' is deprecated
+                if (conf.canBeResolved && conf.getName() != 'archives' && conf.getName() != 'default') {
+                    deps.addAll(
+                            conf.incoming.resolutionResult.allDependencies
+                                    .findAll({ it instanceof ResolvedDependencyResult })
+                                    .collect { ResolvedDependencyResult dep ->
+                                "${dep.selected}"
+                            }
+                    )
+                }
+            }
+        }
+
+        def finalDeps = []
+        for (final def d in deps) {
+            //skip main module dependencies
+            if(d.toString() =="project :miw" || d.toString() =="project :revocation-service"){
+                println(" - "+d.toString() + " -")
+
+            }else{
+                finalDeps.add(d)
+            }
+        }
+
+        def uniqueSorted = finalDeps.unique().sort()
+        uniqueSorted.each { logger.quiet("{}", it) }
+        file("deps.txt").write(uniqueSorted.join('\n'))
+    }
+}
+
+tasks.register('dashLicenseCheck', JavaExec) { dashLicenseCheck ->
+    description = "Run the Dash License Tool and save the summary in the 'DEPENDENCIES' file"
+    group = 'License'
+    dashLicenseCheck.dependsOn('dashDownload')
+    dashLicenseCheck.dependsOn('dashDependencies')
+    doFirst {
+        classpath = rootProject.files('dash.jar')
+        // docs: https://eclipse-tractusx.github.io/docs/release/trg-7/trg-7-04
+        args('-project', 'automotive.tractusx',  '-summary', 'DEPENDENCIES', 'deps.txt')
+    }
+    doLast {
+        logger.lifecycle("Removing 'deps.txt' now.")
+        file('deps.txt').delete()
+    }
+}
diff --git a/docs/api/openapi_v001.json b/docs/api/miw/openapi_v001.json
similarity index 99%
rename from docs/api/openapi_v001.json
rename to docs/api/miw/openapi_v001.json
index d2989025..e15bb262 100644
--- a/docs/api/openapi_v001.json
+++ b/docs/api/miw/openapi_v001.json
@@ -1805,7 +1805,7 @@
                         ],
                         "@context": [
                           "https://www.w3.org/2018/credentials/v1",
-                          "https://cofinity-x.github.io/schema-registry/v1.1/DismantlerVC.json",
+                          "https://eclipse=tractusx.github.io/schema-registry/v1.1/DismantlerVC.json",
                           "https://w3id.org/security/suites/jws-2020/v1",
                           "https://w3id.org/vc/status-list/2021/v1"
                         ],
diff --git a/gradle.properties b/gradle.properties
index 903e4072..6481bbad 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -4,5 +4,11 @@ jacocoVersion=0.8.9
 springBootVersion=3.3.2
 springDependencyVersion=1.1.0
 groupName=org.eclipse.tractusx
-applicationVersion=1.0.0-develop.4
-openApiVersion=2.1.0
+applicationVersion=0.5.0-develop.20
+openApiVersion=2.5.0
+lombokVersion=1.18.32
+gsonVersion=2.10.1
+ssiLibVersion=0.0.19
+wiremockVersion=3.4.2
+commonsDaoVersion=0.0.5
+appGroup=org.eclipse.tractusx.managedidentitywallets
diff --git a/Dockerfile b/miw/Dockerfile
similarity index 88%
rename from Dockerfile
rename to miw/Dockerfile
index 59c6d84d..589b41d7 100644
--- a/Dockerfile
+++ b/miw/Dockerfile
@@ -1,5 +1,5 @@
 # /********************************************************************************
-# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+# * Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
 # *
 # * See the NOTICE file(s) distributed with this work for additional
 # * information regarding copyright ownership.
@@ -27,7 +27,7 @@ RUN apk add curl
 
 USER miw
 
-COPY LICENSE NOTICE.md miw/DEPENDENCIES SECURITY.md miw/build/libs/miw-latest.jar /app/
+COPY ../LICENSE NOTICE.md miw/DEPENDENCIES SECURITY.md ./build/libs/miw-latest.jar /app/
 
 WORKDIR /app
 
diff --git a/miw/README.md b/miw/README.md
new file mode 100644
index 00000000..25f6e815
--- /dev/null
+++ b/miw/README.md
@@ -0,0 +1,373 @@
+# Managed Identity Wallets
+
+The Managed Identity Wallets (MIW) service implements the Self-Sovereign-Identity (SSI) using `did:web`.
+
+# Usage
+
+See [INSTALL.md](INSTALL.md)
+
+# Developer Documentation
+
+To run MIW locally, this section describes the tooling as well as the local development setup.
+
+There are two possible flows, which can be used for development:
+
+1. **local**: Run the postgresql and keycloak server inside docker. Start MIW from within your IDE (recommended for
+   actual development)
+2. **docker**: Run everything inside docker (use to test or check behavior inside a docker environment)
+
+## Tooling
+
+Following tools the MIW development team used successfully:
+
+| Area     | Tool     | Download Link                                   | Comment                                                                                          |
+|----------|----------|-------------------------------------------------|--------------------------------------------------------------------------------------------------|
+| IDE      | IntelliJ | https://www.jetbrains.com/idea/download/        | Use[envfile plugin](https://plugins.jetbrains.com/plugin/7861-envfile) to use the **local** flow |
+| Build    | Gradle   | https://gradle.org/install/                     |                                                                                                  |
+| Runtime  | Docker   | https://www.docker.com/products/docker-desktop/ |                                                                                                  |
+| Database | DBeaver  | https://dbeaver.io/                             |                                                                                                  |
+| IAM      | Keycloak | https://www.keycloak.org/                       |                                                                                                  |
+
+## Eclipse Dash Tool
+
+[Eclipse Dash Homepage](https://projects.eclipse.org/projects/technology.dash)
+
+The Eclipse Dash tool is used to analyze the dependencies used in the project and ensure all legal requirements are met.
+We've added a gradle tasks to download the latest version of Dash locally, resolve all project dependencies and then run
+the tool and update the summary in the DEPENDENCIES file.
+
+To run the license check:
+
+```bash
+./gradlew dashLicenseCheck
+```
+
+To clean all files created by the dash tasks:
+
+```bash
+./gradlew dashClean
+```
+
+This command will output all dependencies, save the to file `deps.txt`. Dash will read from the file and update the
+summary in the `DEPENDENCIES` file. A committer can open and issue to resolve any problems with the dependencies.
+
+# Administrator Documentation
+
+## Manual Keycloak Configuration
+
+Within the development setup the Keycloak instance is initially prepared with the values
+in `./dev-assets/docker-environment/keycloak`. The realm could also be manually added and configured
+at http://localhost:8080 via the "Add realm" button. It can be for example named `localkeycloak`. Also add an additional
+client, e.g. named `miw_private_client` with *valid redirect url* set to `http://localhost:8080/*`. The roles
+
+- add_wallets
+- view_wallets
+- update_wallets
+- delete_wallets
+- view_wallet
+- update_wallet
+- manage_app
+
+Roles can be added under *Clients > miw_private_client > Roles* and then assigned to the client using *Clients >
+miw_private_client > Client Scopes* *> Service Account Roles > Client Roles > miw_private_client*.
+
+The available scopes/roles are:
+
+1. Role `add_wallets` to create a new wallet
+2. Role `view_wallets`:
+    - to get a list of all wallets
+    - to retrieve one wallet by its identifier
+    - to validate a Verifiable Credential
+    - to validate a Verifiable Presentation
+    - to get all stored Verifiable Credentials
+3. Role `update_wallets` for the following actions:
+    - to store Verifiable Credential
+    - to issue a Verifiable Credential
+    - to issue a Verifiable Presentation
+4. Role `update_wallet`:
+    - to remove a Verifiable Credential
+    - to store a Verifiable Credential
+    - to issue a Verifiable Credential
+    - to issue a Verifiable Presentation
+5. Role `view_wallet` requires the BPN of Caller and it can be used:
+    - to get the Wallet of the related BPN
+    - to get stored Verifiable Credentials of the related BPN
+    - to validate any Verifiable Credential
+    - to validate any Verifiable Presentation
+6. Role `manage_app` used to change the log level of the application at runtime. Check Logging in the application
+   section for more details
+
+Overview by Endpoint
+
+| Artefact                                  | CRUD   | HTTP Verb/ Request | Endpoint                              | Roles                                        | Constraints                                                |
+|-------------------------------------------|--------|--------------------|---------------------------------------|----------------------------------------------|------------------------------------------------------------|
+| **Wallets**                               | Read   | GET                | /api/wallets                          | **view_wallets**                             |                                                            |
+| **Wallets**                               | Create | POST               | /api/wallets                          | **add_wallets**                              | **1 BPN : 1 WALLET**(PER ONE [1] BPN ONLY ONE [1] WALLET!) |
+| **Wallets**                               | Create | POST               | /api/wallets/{identifier}/credentials | **update_wallets** <br />OR**update_wallet** |                                                            |
+| **Wallets**                               | Read   | GET                | /api/wallets/{identifier}             | **view_wallets** OR<br />**view_wallet**     |                                                            |
+| **Verifiable Presentations - Generation** | Create | POST               | /api/presentation                     | **update_wallets** OR<br />**update_wallet** |                                                            |
+| **Verifiable Presentations - Validation** | Create | POST               | /api/presentations/validation         | **view_wallets** OR<br />**view_wallet**     |                                                            |
+| **Verifiable Credential - Holder**        | Read   | GET                | /api/credentials                      | **view_wallets** OR<br />**view_wallet**     |                                                            |
+| **Verifiable Credential - Holder**        | Create | POST               | /api/credentials                      | **update_wallet** OR<br />**update_wallet**  |                                                            |
+| **Verifiable Credential - Holder**        | Delete | DELETE             | /api/credentials                      | **update_wallet**                            |                                                            |
+| **Verfiable Credential - Validation**     | Create | POST               | /api/credentials/validation           | **view_wallets** OR<br />**view_wallet**     |                                                            |
+| **Verfiable Credential - Issuer**         | Read   | GET                | /api/credentials/issuer               | **view_wallets**                             |                                                            |
+| **Verfiable Credential - Issuer**         | Create | POST               | /api/credentials/issuer               | **update_wallets**                           |                                                            |
+| **Verfiable Credential - Issuer**         | Create | POST               | /api/credentials/issuer/membership    | **update_wallets**                           |                                                            |
+| **Verfiable Credential - Issuer**         | Create | POST               | /api/credentials/issuer/framework     | **update_wallets**                           |                                                            |
+| **Verfiable Credential - Issuer**         | Create | POST               | /api/credentials/issuer/distmantler   | **update_wallets**                           |                                                            |
+| **DIDDocument**                           | Read   | GET                | /{bpn}/did.json                       | N/A                                          |                                                            |
+| **DIDDocument**                           | Read   | GET                | /api/didDocuments/{identifier}        | N/A                                          |                                                            |
+
+Additionally, a Token mapper can be created under *Clients* &gt; *ManagedIdentityWallets* &gt; *Mappers* &gt; *create*
+with the following configuration (using as an example `BPNL000000001`):
+
+| Key                                | Value           |
+|------------------------------------|-----------------|
+| Name                               | StaticBPN       |
+| Mapper Type                        | Hardcoded claim |
+| Token Claim Name                   | BPN             |
+| Claim value                        | BPNL000000001   |
+| Claim JSON Type                    | String          |
+| Add to ID token                    | OFF             |
+| Add to access token                | ON              |
+| Add to userinfo                    | OFF             |
+| includeInAccessTokenResponse.label | ON              |
+
+If you receive an error message that the client secret is not valid, please go into keycloak admin and within *Clients >
+Credentials* recreate the secret.
+
+## Development Setup
+
+NOTE: The MIW requires access to the internet in order to validate the JSON-LD schema of DID documents.
+
+### Prerequisites
+
+To simplify the dev environment, [Taskfile](https://taskfile.dev) is used as a task executor. You have to install it
+first.
+
+> **IMPORTANT**: Before executing any of th tasks, you have to choose your flow (*local* or *docker*). *local* is
+> default. To change that, you need to edit the variable **ENV** in the *Taskfile.yaml*. (see below)
+
+After that, run `task check-prereqs` to see, if any other required tool is installed or missing. If something is
+missing, a link to the install docs is provided.
+
+Now, you have to adjust the *env* files (located in *dev-assets/env-files*). To do that, copy every file to the same
+directory, but without ".dist" at the end.
+
+Description of the env files:
+
+- **env.local**: Set up everything to get ready for flow "local". You need to fill in the passwords.
+- **env.docker**: Set up everything to get ready for flow "docker". You need to fill in the passwords.
+
+> **IMPORTANT**: ssi-lib is resolving DID documents over the network. There are two endpoints that rely on this resolution:
+> - Verifiable Credentials - Validation
+> - Verifiable Presentations - Validation
+>
+> The following parameters are set in env.local or env.docker file per default:
+> ENFORCE_HTTPS_IN_DID_RESOLUTION=false
+> MIW_HOST_NAME=localhost
+> APPLICATION_PORT=80
+> If you intend to change them, the DID resolving may not work properly anymore!
+
+> **IMPORTANT**: When you are using macOS and the MIW docker container won't start up (stuck somewhere or doesn't start
+> at all), you can enable the docker-desktop feature "Use Rosetta for x86/amd64 emulation on Apple Silicon" in your
+> Docker settings (under "features in development"). This should fix the issue.
+
+Note: *SKIP_GRADLE_TASKS_PARAM* is used to pass parameters to the build process of the MIW jar. Currently, it skips the
+tests and code coverage, but speeds up the build time. If you want to activate it, just comment it out
+like `SKIP_GRADLE_TASKS_PARAM="" #"-x jacocoTestCoverageVerification -x test"`
+
+After every execution (either *local* or *docker* flow), run the matching "stop" task (
+e.g.: `task docker:start-app` -> `task docker:stop-app`)
+
+When you just run `task` without parameters, you will see all tasks available.
+
+### local
+
+1. Run `task docker:start-middleware` and wait until it shows "(main) Running the server in development mode. DO NOT use
+   this configuration in production." in the terminal
+2. Run `task app:build` to build the MIW application
+3. Run
+   [ManagedIdentityWalletsApplication.java](src/main/java/org/eclipse/tractusx/managedidentitywallets/ManagedIdentityWalletsApplication.java)
+   via IDE and use the local.env file to populate environment vars (e.g. EnvFile plugin for IntelliJ)
+4. Run `task app:get-token` and copy the token (including "BEARER" prefix) (Mac users have the token already in their
+   clipboard)
+5. Open API doc on http://localhost:8000 (or what port you configured in the *env.local* file)
+6. Click on Authorize on swagger UI and on the dialog paste the token into the "value" input
+7. Click on "Authorize" and "close"
+8. MIW is up and running
+
+### docker
+
+1. Run `task docker:start-app` and wait until it shows "Started ManagedIdentityWalletsApplication in ... seconds"
+2. Run `task app:get-token` and copy the token (including "BEARER" prefix) (Mac users have the token already in their
+   clipboard)
+3. Open API doc on http://localhost:8000 (or what port you configured in the *env.local* file)
+4. Click on Authorize on swagger UI and on the dialog paste the token into the "value" input
+5. Click on "Authorize" and "close"
+6. MIW is up and running
+
+### pgAdmin
+
+This local environment contains [pgAdmin](https://www.pgadmin.org/), which is also started (
+default: http://localhost:8888).
+The default login is:
+
+```
+user: pg@admin.com (you can change it in the env.* files)
+password: the one you set for "POSTGRES_PASSWORD" in the env.* files
+```
+
+#### DB connection password
+
+When you log in into pgAdmin, the local Postgresql server is already configured.
+But you will be asked to enter the DB password on the first time you connect to the DB.
+(password: POSTGRES_PASSWORD in the env.* files)
+
+#### Storage folder
+
+The storage folder of pgAdmin is mounted to `dev-assets/docker-environment/pgAdmin/storage/`.
+For example, You can save DB backups there, so you can access them on your local machine.
+
+# End Users
+
+See OpenAPI documentation, which is automatically created from the source and available on each deployment at
+the `/docs/api-docs/docs` endpoint (e.g. locally at http://localhost:8087/docs/api-docs/docs). An export of the JSON
+document can be also found in [docs/openapi_v001.json](docs/api/openapi_v001.json).
+
+# Test Coverage
+
+Jacoco is used to generate the coverage report. The report generation and the coverage verification are automatically
+executed after tests.
+
+The generated HTML report can be found under `jacoco-report/html/`
+
+To generate the report run the command:
+
+```
+task app:test-report
+```
+
+To check the coverage run the command:
+
+```
+task app:coverage
+```
+
+Currently, the minimum is 80% coverage.
+
+# Common issues and solutions during local setup
+
+## 1. Can not build with test cases
+
+Test cases are written using the Spring Boot integration test frameworks. These test frameworks start the Spring Boot
+test context, which allows us to perform integration testing. In our tests, we utilize the Testcontainers
+library (https://java.testcontainers.org/) for managing Docker containers. Specifically, we use Testcontainers to start
+PostgreSQL and Keycloak Docker containers locally.
+
+Before running the tests, please ensure that you have Docker runtime installed and that you have the necessary
+permissions to run containers.
+
+Alternative, you can skip test during the build with `` ./gradlew clean build -x test``
+
+## 2. Database migration related issue
+
+We have implemented database migration using Liquibase (https://www.liquibase.org/). Liquibase allows us to manage
+database schema changes effectively.
+
+In case you encounter any database-related issues, you can resolve them by following these steps:
+
+1. Delete all tables from the database.
+2. Restart the application.
+3. Upon restart, the application will recreate the database schema from scratch.
+
+This process ensures that any issues with the database schema are resolved by recreating it in a fresh state.
+
+# Environment Variables
+
+| name                            | description                                                                                  | default value                                                                                                                                       |
+|---------------------------------|----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
+| APPLICATION_PORT                | port number of application                                                                   | 8080                                                                                                                                                |
+| APPLICATION_ENVIRONMENT         | Environment of the application ie. local, dev, int and prod                                  | local                                                                                                                                               |
+| DB_HOST                         | Database host                                                                                | localhost                                                                                                                                           |
+| DB_PORT                         | Port of database                                                                             | 5432                                                                                                                                                |
+| DB_NAME                         | Database name                                                                                | miw                                                                                                                                                 |
+| USE_SSL                         | Whether SSL is enabled in database server                                                    | false                                                                                                                                               |
+| DB_USER_NAME                    | Database username                                                                            |                                                                                                                                                     |
+| DB_PASSWORD                     | Database password                                                                            |                                                                                                                                                     |
+| DB_POOL_SIZE                    | Max number of database connection acquired by application                                    | 10                                                                                                                                                  |
+| KEYCLOAK_MIW_PUBLIC_CLIENT      | Only needed if we want enable login with keyalock in swagger                                 | miw_public                                                                                                                                          |
+| MANAGEMENT_PORT                 | Spring actuator port                                                                         | 8090                                                                                                                                                |
+| MIW_HOST_NAME                   | Application host name, this will be used in creation of did ie. did:web:MIW_HOST_NAME:BPN    | localhost                                                                                                                                           |
+| ENCRYPTION_KEY                  | encryption key used to encrypt and decrypt private and public key of wallet                  |                                                                                                                                                     |
+| AUTHORITY_WALLET_BPN            | base wallet BPN number                                                                       | BPNL000000000000                                                                                                                                    |
+| AUTHORITY_WALLET_NAME           | Base wallet name                                                                             | Catena-X                                                                                                                                            |
+| AUTHORITY_WALLET_DID            | Base wallet web did                                                                          | web:did:host:BPNL000000000000                                                                                                                       |
+| VC_SCHEMA_LINK                  | Comma separated list of VC schema URL                                                        | https://www.w3.org/2018/credentials/v1, https://catenax-ng.github.io/product-core-schemas/businessPartnerData.json                                  |
+| VC_EXPIRY_DATE                  | Expiry date of VC (dd-MM-yyyy ie. 01-01-2025 expiry date will be 2024-12-31T18:30:00Z in VC) | 01-01-2025                                                                                                                                          |
+| KEYCLOAK_REALM                  | Realm name of keycloak                                                                       | miw_test                                                                                                                                            |
+| KEYCLOAK_CLIENT_ID              | Keycloak private client id                                                                   |                                                                                                                                                     |
+| AUTH_SERVER_URL                 | Keycloak server url                                                                          |                                                                                                                                                     |
+| SUPPORTED_FRAMEWORK_VC_TYPES    | Supported framework VC, provide values ie type1=value1,type2=value2                          | cx-behavior-twin=Behavior Twin,cx-pcf=PCF,cx-quality=Quality,cx-resiliency=Resiliency,cx-sustainability=Sustainability,cx-traceability=ID_3.0_Trace |
+| ENFORCE_HTTPS_IN_DID_RESOLUTION | Enforce https during web did resolution                                                      | true                                                                                                                                                |
+| CONTRACT_TEMPLATES_URL          | Contract templates URL used in summary VC                                                    | https://public.catena-x.org/contracts/                                                                                                              |
+| APP_LOG_LEVEL                   | Log level of application                                                                     | INFO                                                                                                                                                |
+| AUTHORITY_SIGNING_SERVICE_TYPE  | Base wallet signing type, Currency only LOCAL is supported                                   | Local                                                                                                                                               |
+| LOCAL_SIGNING_KEY_STORAGE_TYPE  | Key storage type, currently only DB is supported                                             | DB                                                                                                                                                  |
+|                                 |                                                                                              |                                                                                                                                                     |
+
+# Technical Debts and Known issue
+
+1. Keys are stored in database in encrypted format, need to store keys in more secure place ie. Vault
+2. Policies can be validated dynamically as per request while validating VP and
+   VC. [Check this for more details](https://docs.walt.id/v/ssikit/concepts/verification-policies)
+
+# Logging in application
+
+Log level in application can be set using environment variable ``APP_LOG_LEVEL``. Possible values
+are ``OFF, ERROR, WARN, INFO, DEBUG, TRACE`` and default value set to ``INFO``
+
+## Change log level at runtime using Spring actuator
+
+We can use ``/actuator/loggers`` API endpoint of actuator for log related things. This end point can be accessible with
+role ``manage_app``. We can add this role to authority wallet client using keycloak as below:
+
+![manage_app.png](docs%2Fmanage_app.png)
+
+1. API to get current log settings
+   ```bash
+   curl --location 'http://localhost:8090/actuator/loggers' \
+   --header 'Authorization: Bearer access_token'
+   ```
+2. Change log level at runtime
+   ```bash
+   curl --location 'http://localhost:8090/actuator/loggers/{java package name}' \
+   --header 'Content-Type: application/json' \
+   --header 'Authorization: Bearer access_token' \
+   --data '{"configuredLevel":"INFO"}'
+   ```
+   i.e.
+   ```bash
+   curl --location 'http://localhost:8090/actuator/loggers/org.eclipse.tractusx.managedidentitywallets' \
+   --header 'Content-Type: application/json' \
+   --header 'Authorization: Bearer access_token' \
+   --data '{"configuredLevel":"INFO"}'
+   ```
+
+## Reference of external lib
+
+1. https://www.testcontainers.org/modules/databases/postgres/
+2. https://github.com/dasniko/testcontainers-keycloak
+3. https://github.com/smartSenseSolutions/smartsense-java-commons
+4. https://github.com/catenax-ng/product-lab-ssi
+
+## Notice for Docker image
+
+See [Docker-hub-notice.md](./Docker-hub-notice.md)
+
+## Acknowledgments
+
+We would like to give credit to these projects, which we use in our project.
+
+[![semantic-release: angular](https://img.shields.io/badge/semantic--release-angular-e10079?logo=semantic-release)](https://github.com/semantic-release/semantic-release)
diff --git a/miw/build.gradle b/miw/build.gradle
index 3ff75754..7e4239c0 100644
--- a/miw/build.gradle
+++ b/miw/build.gradle
@@ -19,13 +19,8 @@
 
 plugins {
     id 'java'
-    id 'org.springframework.boot' version "${springBootVersion}"
-    id 'io.spring.dependency-management' version "${springDependencyVersion}"
     id "jacoco"
     id 'project-report'
-
-    // used to download the 'dash.jar' for license checks
-    // docs: https://github.com/michel-kraemer/gradle-download-task
     id "de.undercouch.download" version "5.5.0"
 }
 
@@ -43,31 +38,8 @@ configurations {
     compileOnly.extendsFrom(annotaionProcessor)
 }
 
-repositories {
-    // delegate is RepositoryHandler
-    // docs: https://docs.gradle.org/7.6/dsl/org.gradle.api.artifacts.dsl.RepositoryHandler.html
-    mavenLocal()
-    mavenCentral()
-    maven {
-        url = uri("https://repo.danubetech.com/repository/maven-public")
-    }
-    maven { url 'https://jitpack.io' }
-    maven {
-        // Used to resolve Dash License Tool
-        // Dash has a maven plugin, BUT is not resolvable through mavenCentral()
-        url = uri("https://repo.eclipse.org/content/repositories/dash-licenses/")
-    }
-}
-
-ext {
-
-}
 
-// comes from gradle directly
 dependencies {
-    // 'implementation', 'testImplementation', 'runtimeOnly', 'compileOnly', 'annotationProcessor' and
-    // 'testAnnotationProcessor' configuration come from the java-plugin
-    // docs: https://docs.gradle.org/current/userguide/java_plugin.html#sec:java_plugin_and_dependency_management
     implementation 'org.springframework.boot:spring-boot-starter-actuator'
     implementation 'org.springframework.boot:spring-boot-starter-validation'
     implementation 'org.springframework.boot:spring-boot-starter-web'
@@ -78,25 +50,13 @@ dependencies {
     implementation 'org.springframework.cloud:spring-cloud-starter-openfeign'
     implementation "org.springdoc:springdoc-openapi-starter-common:${openApiVersion}"
     implementation "org.springdoc:springdoc-openapi-starter-webmvc-ui:${openApiVersion}"
-    implementation group: 'com.smartsensesolutions', name: 'commons-dao', version: '0.0.5'
+    implementation "com.smartsensesolutions:commons-dao:${commonsDaoVersion}"
     implementation 'org.liquibase:liquibase-core'
-    implementation 'org.eclipse.tractusx.ssi:cx-ssi-lib:0.0.19'
-
-    //Added explicitly to mitigate CVE 2022-1471
-    implementation group: 'org.yaml', name: 'snakeyaml', version: '2.0'
-
-    //Added explicitly to mitigate CVE 2023-24998
-    implementation group: 'commons-fileupload', name: 'commons-fileupload', version: '1.5'
+    implementation "org.eclipse.tractusx.ssi:cx-ssi-lib:${ssiLibVersion}"
 
     runtimeOnly 'org.postgresql:postgresql'
-    compileOnly 'org.projectlombok:lombok'
-    // custom 'developmentOnly' config
-    // https://docs.spring.io/spring-boot/docs/2.0.6.RELEASE/reference/html/using-boot-devtools.html#using-boot-devtools
-    developmentOnly 'org.springframework.boot:spring-boot-devtools'
-    annotationProcessor 'org.projectlombok:lombok'
-    testAnnotationProcessor 'org.projectlombok:lombok'
+
     testImplementation 'org.wiremock:wiremock-standalone:3.4.2'
-    testImplementation 'org.projectlombok:lombok:1.18.28'
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
     testImplementation "org.testcontainers:testcontainers"
     testImplementation 'com.h2database:h2:2.2.220'
@@ -109,76 +69,6 @@ dependencies {
 
 }
 
-// uses the 'download' plugin
-// docs: https://plugins.gradle.org/plugin/de.undercouch.download
-tasks.register('dashDownload', Download) {
-    description = 'Download the Dash License Tool standalone jar'
-    group = 'License'
-    src 'https://repo.eclipse.org/service/local/artifact/maven/redirect?r=dash-licenses&g=org.eclipse.dash&a=org.eclipse.dash.licenses&v=LATEST'
-    dest rootProject.file('dash.jar')
-    // will not replace an existing file. If you know you need a new version
-    // then manually delete the file yourself, or run `dashClean`
-    overwrite false
-}
-
-// This task is primarily used by CIs
-tasks.register('dashClean') {
-    description = "Clean all files used by the 'License' group"
-    group = 'License'
-    logger.lifecycle("Removing 'dash.jar'")
-    rootProject.file('dash.jar').delete()
-    logger.lifecycle("Removing 'deps.txt'")
-    file('deps.txt').delete()
-}
-
-// Usage: in the root of the project: `./gradlew -q dashDependencies`
-// The `-q` option is important if you want to use the output in a pipe.
-tasks.register('dashDependencies') { dashDependencies ->
-    description = "Output all project dependencies as a flat list and save an intermediate file 'deps.txt'."
-    group = 'License'
-    dashDependencies.dependsOn('dashDownload')
-    doLast {
-        def deps = []
-        project.configurations.each { conf ->
-            // resolving 'archives' or 'default' is deprecated
-            if (conf.canBeResolved && conf.getName() != 'archives' && conf.getName() != 'default') {
-                deps.addAll(conf.incoming.resolutionResult.allDependencies
-                        // the 'allDependencies' method return a 'DependencyResult'
-                        // we're only interested in the 'ResolvedDependencyResult' sub-interface
-                        // docs: https://docs.gradle.org/current/javadoc/org/gradle/api/artifacts/result/ResolutionResult.html#allDependencies-groovy.lang.Closure-
-                        // docs: https://docs.gradle.org/current/javadoc/org/gradle/api/artifacts/result/DependencyResult.html
-                        // docs: https://docs.gradle.org/current/javadoc/org/gradle/api/artifacts/result/ResolvedDependencyResult.html
-                        .findAll({ it instanceof ResolvedDependencyResult })
-                        .collect { ResolvedDependencyResult dep ->
-                            "${dep.selected}"
-                        })
-            }
-        }
-
-        def uniqueSorted = deps.unique().sort()
-        uniqueSorted.each { logger.quiet("{}", it) }
-        file("deps.txt").write(uniqueSorted.join('\n'))
-    }
-}
-
-tasks.register('dashLicenseCheck', JavaExec) { dashLicenseCheck ->
-    description = "Run the Dash License Tool and save the summary in the 'DEPENDENCIES' file"
-    group = 'License'
-    dashLicenseCheck.dependsOn('dashDownload')
-    dashLicenseCheck.dependsOn('dashDependencies')
-    doFirst {
-        classpath = rootProject.files('dash.jar')
-        // docs: https://eclipse-tractusx.github.io/docs/release/trg-7/trg-7-04
-        args('-project', 'automotive.tractusx',  '-summary', 'DEPENDENCIES', 'deps.txt')
-    }
-    doLast {
-        logger.lifecycle("Removing 'deps.txt' now.")
-        file('deps.txt').delete()
-    }
-}
-
-// 'dependencyManagement' comes from the 'io.spring.dependency-management' plugin
-// docs: https://docs.spring.io/dependency-management-plugin/docs/current/reference/html/
 dependencyManagement {
     imports {
         mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}"
@@ -186,17 +76,13 @@ dependencyManagement {
     }
 }
 
-// 'build' task comes from the 'java' plugin
-// docs: https://docs.gradle.org/current/userguide/java_plugin.html
 build {
     archivesBaseName = "miw"
     version = "latest"
 }
 
-// 'bootJar' comes from the 'org.springframework.boot' plugin
-// 'bootJar' is a subclass of the 'jar' task type
-// docs: https://docs.gradle.org/current/dsl/org.gradle.jvm.tasks.Jar.html#org.gradle.jvm.tasks.Jar
 bootJar {
+    enabled = true
     metaInf {
         from 'DEPENDENCIES'
         from '../SECURITY.md'
@@ -205,21 +91,15 @@ bootJar {
     }
 }
 
-// 'test' comes from the 'java' plugin
-// docs: https://docs.gradle.org/current/userguide/java_plugin.html
 test {
     useJUnitPlatform()
     finalizedBy jacocoTestReport
 }
 
-// standard gradle class
-// docs: https://docs.gradle.org/current/dsl/org.gradle.api.reporting.dependencies.HtmlDependencyReportTask.html
 htmlDependencyReport {
     projects = project.allprojects
 }
 
-// 'jacocoTestReport' is provided by the 'jacoco' plugin
-// docs: https://docs.gradle.org/current/userguide/jacoco_plugin.html
 jacocoTestReport {
 
     reports {
@@ -244,15 +124,11 @@ jacocoTestReport {
     }
 }
 
-// 'jacoco' is provided by the 'jacoco' plugin
-// docs: https://docs.gradle.org/current/userguide/jacoco_plugin.html#sec:configuring_the_jacoco_plugin
 jacoco {
     toolVersion = "${jacocoVersion}"
 }
 
 
-// 'jacocoTestCoverageVerification' is provided by the 'jacoco' plugin
-// docs: https://docs.gradle.org/current/userguide/jacoco_plugin.html#sec:jacoco_report_violation_rules
 jacocoTestCoverageVerification {
     afterEvaluate {
         classDirectories.setFrom(files(classDirectories.files.collect {
diff --git a/revocation-service/Dockerfile b/revocation-service/Dockerfile
new file mode 100644
index 00000000..f2367884
--- /dev/null
+++ b/revocation-service/Dockerfile
@@ -0,0 +1,15 @@
+FROM eclipse-temurin:latest
+
+# run as non-root user
+#RUN addgroup -g 11111 -S miw && adduser -u 11111 -S -s /bin/false -G miw miw
+
+# add curl for healthcheck
+RUN apt-get update && apt-get install -y curl
+
+COPY ./revocation-service/build/libs/revocation-service-latest.jar /app/
+
+WORKDIR /app
+
+HEALTHCHECK --start-period=30s CMD curl --fail http://localhost:8090/actuator/health/liveness || exit 1
+
+CMD ["java", "-jar", "revocation-service-latest.jar"]
diff --git a/revocation-service/README.md b/revocation-service/README.md
new file mode 100644
index 00000000..2f27eec6
--- /dev/null
+++ b/revocation-service/README.md
@@ -0,0 +1,130 @@
+# Bitstring Statuslist Service
+
+This service is responsible for managing the status of credentials using a Bitstring status list. It supports operations such as creating, revoking, and retrieving credential statuses.
+
+## Prerequisites
+
+Before you begin, ensure you have met the following requirements:
+
+- Java JDK 17 is installed.
+- Docker is running if you are using containers for services like Keycloak and Postgres.
+- Keycloak service is operational and accessible.
+- Postgres database service is running and accessible.
+- Environment variables are configured according to the application's requirements.
+- MIW is deployed and accessable
+- Be sure the right ssi-lib version is installed
+
+## Environment Configuration
+
+The application can be configured using environment variables. Below are the available configuration properties with their default values (if any). Ensure these variables are set in your environment before starting the service.
+
+### Application Configuration
+
+- **APPLICATION_NAME**: The name of the Spring Boot application. Defaults to "Revocation".
+- **APPLICATION_PORT**: The HTTP port for the application. Defaults to 8080.
+- **APPLICATION_PROFILE**: The active Spring profile. Defaults to "local".
+
+### Database Configuration
+
+- **DATABASE_HOST**: The hostname or IP address of the Postgres database.
+- **DATABASE_PORT**: The port number on which the Postgres server is running. Defaults to 5432.
+- **DATABASE_NAME**: The name of the database to connect to.
+- **DATABASE_USERNAME**: The username for accessing the database.
+- **DATABASE_USE_SSL_COMMUNICATION**: Whether to use SSL for database communication. Defaults to false.
+- **DATABASE_PASSWORD**: The password for accessing the database.
+- **DATABASE_CONNECTION_POOL_SIZE**: The size of the database connection pool. Defaults to 10.
+
+### Swagger Configuration
+
+- **ENABLE_SWAGGER_UI**: Flag to enable or disable Swagger UI. Defaults to false.
+- **ENABLE_API_DOC**: Flag to enable or disable API documentation. Defaults to false.
+
+### Logging Configuration
+
+- **APPLICATION_LOG_LEVEL**: The application-wide log level. Defaults to "DEBUG".
+
+### Security Configuration
+
+The application integrates with Keycloak for OAuth2 authentication and authorization:
+
+- **SERVICE_SECURITY_ENABLED**: Flag to enable or disable Servive Security integration for Disabling Swagger and other Endpoints. Defaults to true, false only for test purposes recommended.
+
+The application integrates with Keycloak for OAuth2 authentication and authorization:
+
+- **KEYCLOAK_ENABLED**: Flag to enable or disable Keycloak integration. Defaults to true.
+- **KEYCLOAK_REALM**: The Keycloak realm to connect to.
+- **KEYCLOAK_CLIENT_ID**: The Keycloak client ID for the application.
+- **KEYCLOAK_PUBLIC_CLIENT_ID**: The Keycloak public client ID, used for Swagger UI authentication.
+- **AUTH_SERVER_URL**: The URL for the Keycloak authentication server.
+
+Keycloak URLs for token and authentication management:
+
+- **KEYCLOAK_AUTH_URL**: Constructed from `AUTH_SERVER_URL`, `KEYCLOAK_REALM`.
+- **KEYCLOAK_TOKEN_URL**: Constructed from `AUTH_SERVER_URL`, `KEYCLOAK_REALM`.
+- **KEYCLOAK_REFRESH_TOKEN_URL**: Same as `KEYCLOAK_TOKEN_URL`.
+- **KEYCLOAK_USERNAME**: The username for accessing the Keycloak management APIs.
+- **KEYCLOAK_PASSWORD**: The password for accessing the Keycloak management APIs.
+
+### External Service URLs
+
+- **MIW_URL**: The URL for the Middleware (MIW) used for signing status list credentials.
+- **DOMAIN_URL**: The base URL for your domain, which may be used for service-to-service communication or callbacks.
+
+## Spring Boot Configuration
+
+The `server`, `spring`, `springdoc`, `management`, and `logging` sections of the YAML are Spring Boot-specific configurations. They configure the application's behavior, data source, OpenAPI documentation, and logging levels, among other things.
+
+Be sure to replace placeholder values in the environment variables with actual data according to your application's specific requirements.
+
+## Middleware (MIW) Setup
+
+Ensure that the middleware (MIW) is running, as it is used to sign the status list credentials.
+
+An Overview how to start the middleware can be found under the Readme.md in here:[README.md](..%2Fmiw%2FREADME.md)
+
+## Starting Services
+
+To start the Bitstring Statuslist Service, follow these steps:
+
+1. **Start Keycloak and Postgres:**
+
+   Ensure that both Keycloak and Postgres services are running. For development purposes the Keycloak and
+   Postgres from the MIW Dev Setup can be used if not
+   already running with the MIW Task deployment.
+
+   [dev-assets](..%2Fdev-assets)
+
+   For starting it, follow the Guidelines in the MIW-Repo Readme.md -> Development Setup -> local
+   with `task docker:start-middleware` or manually
+   call start the docker compose file.
+
+2. **Start the Service:**
+
+Execute the following command from the root of the project to start the service:
+./gradlew bootRun
+
+## Access Swagger UI
+
+After starting the service, access the Swagger UI to test API endpoints by navigating to the following URL:
+http://localhost:8080/ui/swagger-ui/
+
+Replace `localhost` and `8080` with your service's host and port if they are different.
+
+## Build and Run Using Gradle
+
+- To build the project, run the following command:
+
+```
+cd revpcation-service
+./../gradlew clean build
+```
+
+- To run the tests:
+```
+cd revpcation-service
+./../gradlew clean test
+```
+
+## Additional Information
+
+For more information on how to configure and use the service, refer to the provided documentation or contact the development team.
diff --git a/revocation-service/build.gradle b/revocation-service/build.gradle
new file mode 100644
index 00000000..a5f0ef39
--- /dev/null
+++ b/revocation-service/build.gradle
@@ -0,0 +1,134 @@
+/********************************************************************************
+ * Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License, Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ********************************************************************************/
+
+plugins {
+    id 'java'
+    id 'jacoco'
+    id 'project-report'
+}
+
+group = "${groupName}"
+version = "${applicationVersion}"
+sourceCompatibility = JavaVersion.VERSION_17
+
+jar {
+    enabled = false
+}
+
+java {
+    sourceCompatibility = '17'
+}
+
+dependencies {
+    implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
+    implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
+    implementation 'org.springframework.boot:spring-boot-starter-oauth2-resource-server'
+    implementation 'org.springframework.boot:spring-boot-starter-security'
+    implementation 'org.springframework.boot:spring-boot-starter-validation'
+    implementation 'org.springframework.boot:spring-boot-starter-web'
+    implementation 'org.springframework.boot:spring-boot-starter-actuator'
+    implementation 'org.springframework.cloud:spring-cloud-starter-openfeign'
+    implementation "org.springdoc:springdoc-openapi-starter-common:${openApiVersion}"
+    implementation "org.springdoc:springdoc-openapi-starter-webmvc-ui:${openApiVersion}"
+    implementation  "com.google.code.gson:gson:${gsonVersion}"
+    implementation 'org.liquibase:liquibase-core'
+    implementation "org.eclipse.tractusx.ssi:cx-ssi-lib:${ssiLibVersion}"
+    compileOnly "org.projectlombok:lombok:${lombokVersion}"
+    developmentOnly 'org.springframework.boot:spring-boot-devtools'
+    annotationProcessor "org.projectlombok:lombok:${lombokVersion}"
+    developmentOnly 'org.springframework.boot:spring-boot-devtools'
+    runtimeOnly 'org.postgresql:postgresql'
+
+    testAnnotationProcessor "org.projectlombok:lombok:${lombokVersion}"
+    testImplementation "org.wiremock:wiremock-standalone:${wiremockVersion}"
+    testImplementation "org.projectlombok:lombok:${lombokVersion}"
+    testImplementation 'org.springframework.boot:spring-boot-starter-test'
+    testImplementation 'org.springframework.boot:spring-boot-testcontainers'
+    testImplementation 'org.springframework.security:spring-security-test'
+    testImplementation 'org.testcontainers:junit-jupiter'
+    testImplementation 'org.testcontainers:postgresql'
+    testImplementation 'com.h2database:h2'
+}
+
+dependencyManagement {
+    imports {
+        mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}"
+    }
+}
+
+build {
+    archivesBaseName = "revocation-service"
+    version = "latest"
+
+}
+
+tasks.named('test') {
+    useJUnitPlatform()
+}
+
+tasks.test {
+    finalizedBy(tasks.jacocoTestReport) // report is always generated after tests run
+    testLogging {
+        events("passed", "skipped", "failed")
+    }
+}
+tasks.jacocoTestReport {
+    dependsOn(tasks.test)
+    reports {
+        xml.required = true
+        csv.required = false
+        html.required = true
+    }
+
+    afterEvaluate {
+        classDirectories.setFrom(files(classDirectories.files.collect {
+            fileTree(dir: it, exclude: [
+                    "org/eclipse/tractusx/managedidentitywallets/revocation/utils/StringPool.class",
+                    "org/eclipse/tractusx/managedidentitywallets/revocation/config/security/SecurityConfigProperties.class"
+            ])
+        }))
+    }
+}
+
+htmlDependencyReport {
+    projects = project.allprojects
+}
+
+
+
+
+jacocoTestCoverageVerification {
+    afterEvaluate {
+        classDirectories.setFrom(files(classDirectories.files.collect {
+            fileTree(dir: it, exclude: [
+                    "org/eclipse/tractusx/managedidentitywallets/revocation/utils/StringPool.class",
+                    "org/eclipse/tractusx/managedidentitywallets/revocation/config/security/SecurityConfigProperties.class"
+            ])
+        }))
+    }
+    violationRules {
+        rule {
+            limit {
+                minimum = 0.8
+            }
+        }
+    }
+}
+
+check.dependsOn jacocoTestCoverageVerification
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/VerifiableCredentialsRevocationServiceApplication.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/VerifiableCredentialsRevocationServiceApplication.java
new file mode 100644
index 00000000..d25d7868
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/VerifiableCredentialsRevocationServiceApplication.java
@@ -0,0 +1,35 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.context.properties.ConfigurationPropertiesScan;
+
+@SpringBootApplication
+@ConfigurationPropertiesScan
+public class VerifiableCredentialsRevocationServiceApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(VerifiableCredentialsRevocationServiceApplication.class, args);
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/apidocs/RevocationApiControllerApiDocs.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/apidocs/RevocationApiControllerApiDocs.java
new file mode 100644
index 00000000..168e094a
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/apidocs/RevocationApiControllerApiDocs.java
@@ -0,0 +1,199 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.apidocs;
+
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.ExampleObject;
+import io.swagger.v3.oas.annotations.parameters.RequestBody;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.responses.ApiResponses;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+public class RevocationApiControllerApiDocs {
+
+    @Target(ElementType.METHOD)
+    @Retention(RetentionPolicy.RUNTIME)
+    @ApiResponses(
+            value = {
+                    @ApiResponse(
+                            responseCode = "200",
+                            description = "Verifiable credential revoked successfully.",
+                            content = @Content()),
+                    @ApiResponse(
+                            responseCode = "401",
+                            description = "UnauthorizedException: invalid token",
+                            content = @Content()),
+                    @ApiResponse(
+                            responseCode = "403",
+                            description = "ForbiddenException: invalid caller",
+                            content = @Content()),
+                    @ApiResponse(
+                            responseCode = "409",
+                            description = "ConflictException: Revocation service error",
+                            content =
+                            @Content(
+                                    examples =
+                                    @ExampleObject(
+                                            value =
+                                                    "{\n"
+                                                            + "  \"type\": \"about:blank\",\n"
+                                                            + "  \"title\": \"Revocation service error\",\n"
+                                                            + "  \"status\": 409,\n"
+                                                            + "  \"detail\": \"Credential already revoked\",\n"
+                                                            + "  \"type\": \"BitstringStatusListEntry\",\n"
+                                                            + "  \"instance\": \"/api/v1/revocations/revoke\",\n"
+                                                            + "  \"timestamp\": 1707133388128\n"
+                                                            + "}"),
+                                    mediaType = "application/json")),
+                    @ApiResponse(
+                            responseCode = "500",
+                            description = "RevocationServiceException: Internal Server Error",
+                            content = @Content())
+            })
+    @RequestBody(
+            content = {
+                    @Content(
+                            examples =
+                            @ExampleObject(
+                                    value =
+                                            "{\n"
+                                                    + "  \"id\": \"http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1#0\",\n"
+                                                    + "  \"statusPurpose\": \"revocation\",\n"
+                                                    + "  \"statusListIndex\": \"0\",\n"
+                                                    + "  \"statusListCredential\": \"http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1\",\n"
+                                                    + "  \"type\": \"BitstringStatusListEntry\"\n"
+                                                    + "}"),
+                            mediaType = "application/json")
+            })
+    @Operation(
+            summary = "Revoke a VerifiableCredential",
+            description = "Revoke a VerifiableCredential using the provided Credential Status")
+    public @interface revokeCredentialDocs {
+    }
+
+    @Target(ElementType.METHOD)
+    @Retention(RetentionPolicy.RUNTIME)
+    @ApiResponses(
+            value = {
+                    @ApiResponse(
+                            responseCode = "200",
+                            description = "Status list credential created/updated successfully.",
+                            content = {
+                                    @Content(
+                                            examples =
+                                            @ExampleObject(
+                                                    value =
+                                                            "{\n"
+                                                                    + "  \"id\": \"http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1#0\",\n"
+                                                                    + "  \"statusPurpose\": \"revocation\",\n"
+                                                                    + "  \"statusListIndex\": \"0\",\n"
+                                                                    + "  \"statusListCredential\": \"http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1\",\n"
+                                                                    + "  \"type\": \"BitstringStatusListEntry\"\n"
+                                                                    + "}"),
+                                            mediaType = "application/json")
+                            }),
+                    @ApiResponse(
+                            responseCode = "401",
+                            description = "UnauthorizedException: invalid token",
+                            content = @Content()),
+                    @ApiResponse(
+                            responseCode = "403",
+                            description = "ForbiddenException: invalid caller",
+                            content = @Content()),
+                    @ApiResponse(
+                            responseCode = "500",
+                            description = "RevocationServiceException: Internal Server Error",
+                            content = @Content())
+            })
+    @RequestBody(
+            content = {
+                    @Content(
+                            examples =
+                            @ExampleObject(
+                                    value =
+                                            "{\n"
+                                                    + "  \"purpose\": \"revocation\",\n"
+                                                    + "  \"issuerId\": \"did:web:localhost:BPNL000000000000\"\n"
+                                                    + "}"),
+                            mediaType = "application/json")
+            })
+    @Operation(
+            summary = "Create or Update a Status List Credential",
+            description = "Create the status list credential if it does not exist, else update it.")
+    public @interface StatusEntryApiDocs {
+    }
+
+    @Target(ElementType.METHOD)
+    @Retention(RetentionPolicy.RUNTIME)
+    @ApiResponses(
+            value = {
+                    @ApiResponse(
+                            responseCode = "200",
+                            description = "Get Status list credential ",
+                            content = {
+                                    @Content(
+                                            examples =
+                                            @ExampleObject(
+                                                    value =
+                                                            "{\"@context\": [\"https://www.w3.org/2018/credentials/v1\", \"https://eclipse-tractusx.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json\", \"https://w3id.org/security/suites/jws-2020/v1\"], \"id\": \"http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1\", \"type\": [\"VerifiableCredential\", \"BitstringStatusListCredential\"], \"issuer\": \"did:web:localhost:BPNL000000000000\", \"issuanceDate\": \"2024-02-05T09:39:58Z\", \"credentialSubject\": [{\"statusPurpose\": \"revocation\", \"id\": \"http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1\", \"type\": \"BitstringStatusList\", \"encodedList\": \"H4sIAAAAAAAA/wMAAAAAAAAAAAA=\"}], \"proof\": {\"proofPurpose\": \"assertionMethod\", \"type\": \"JsonWebSignature2020\", \"verificationMethod\": \"did:web:localhost:BPNL000000000000#ed463e4c-b900-481a-b5d0-9ae439c434ae\", \"created\": \"2024-02-05T09:39:58Z\", \"jws\": \"eyJhbGciOiJFZERTQSJ9..swX1PLJkSlxB6JMmY4a2uUzR-uszlyLrVdNppoYSx4PTV1LzQrDb0afzp_dvTNUWEYDI57a8iPh78BDjqMjSDQ\"}}"),
+                                            mediaType = "application/json")
+                            }),
+                    @ApiResponse(
+                            responseCode = "404",
+                            description = "Status list credential not found",
+                            content = @Content()),
+                    @ApiResponse(
+                            responseCode = "500",
+                            description = "RevocationServiceException: Internal Server Error",
+                            content = @Content())
+            })
+    @Operation(
+            summary = "Get status list credential",
+            description =
+                    "Get status list credential using the provided issuer BPN and status purpose and status list index")
+    public @interface GetStatusListCredentialDocs {
+    }
+
+    @Parameter(description = "Issuer BPN", example = "BPNL000000000000")
+    @Target(ElementType.PARAMETER)
+    @Retention(RetentionPolicy.RUNTIME)
+    public @interface IssuerBPNPathParamDoc {
+    }
+
+    @Parameter(description = "Status Purpose ( Revocation or Suspension)", example = "revocation")
+    @Target(ElementType.PARAMETER)
+    @Retention(RetentionPolicy.RUNTIME)
+    public @interface StatusPathParamDoc {
+    }
+
+    @Parameter(description = "status list index", example = "1")
+    @Target(ElementType.PARAMETER)
+    @Retention(RetentionPolicy.RUNTIME)
+    public @interface IndexPathParamDoc {
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/ApplicationConfig.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/ApplicationConfig.java
new file mode 100644
index 00000000..6664b30e
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/ApplicationConfig.java
@@ -0,0 +1,51 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.config;
+
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.text.StringEscapeUtils;
+import org.springdoc.core.properties.SwaggerUiConfigProperties;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+@ConditionalOnProperty(name = "springdoc.swagger-ui.enabled", havingValue = "true")
+@Slf4j
+public class ApplicationConfig implements WebMvcConfigurer {
+
+    private final SwaggerUiConfigProperties properties;
+
+    @Autowired
+    public ApplicationConfig(SwaggerUiConfigProperties properties) {
+        this.properties = properties;
+    }
+
+    @Override
+    public void addViewControllers(ViewControllerRegistry registry) {
+        String redirectUri = properties.getPath();
+        log.info("Set landing page to path {}", StringEscapeUtils.escapeJava(redirectUri));
+        registry.addRedirectViewController("/", redirectUri);
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/ExceptionHandling.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/ExceptionHandling.java
new file mode 100644
index 00000000..e237b86a
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/ExceptionHandling.java
@@ -0,0 +1,67 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.config;
+
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.exception.ExceptionUtils;
+import org.eclipse.tractusx.managedidentitywallets.revocation.exception.CredentialAlreadyRevokedException;
+import org.eclipse.tractusx.managedidentitywallets.revocation.exception.ForbiddenException;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ProblemDetail;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
+
+@RestControllerAdvice
+@Slf4j
+public class ExceptionHandling {
+
+    public static final String TIMESTAMP_KEY = "timestamp";
+
+    @ExceptionHandler(CredentialAlreadyRevokedException.class)
+    ProblemDetail handleCredentialAlreadyRevokedException(CredentialAlreadyRevokedException e) {
+        String errorMsg = e.getMessage();
+        ProblemDetail problemDetail = ProblemDetail.forStatusAndDetail(HttpStatus.CONFLICT, errorMsg);
+        problemDetail.setTitle("Revocation service error");
+        problemDetail.setProperty(TIMESTAMP_KEY, System.currentTimeMillis());
+        return problemDetail;
+    }
+
+
+    @ExceptionHandler(ForbiddenException.class)
+    ProblemDetail handleForbiddenException(ForbiddenException e) {
+        String errorMsg = ExceptionUtils.getMessage(e);
+        ProblemDetail problemDetail = ProblemDetail.forStatusAndDetail(HttpStatus.FORBIDDEN, errorMsg);
+        problemDetail.setTitle(errorMsg);
+        problemDetail.setProperty(TIMESTAMP_KEY, System.currentTimeMillis());
+        return problemDetail;
+    }
+
+    @ExceptionHandler(IllegalArgumentException.class)
+    ProblemDetail handleIllegalArgumentException(IllegalArgumentException e) {
+        String errorMsg = ExceptionUtils.getMessage(e);
+        ProblemDetail problemDetail =
+                ProblemDetail.forStatusAndDetail(HttpStatus.BAD_REQUEST, errorMsg);
+        problemDetail.setTitle(errorMsg);
+        problemDetail.setProperty(TIMESTAMP_KEY, System.currentTimeMillis());
+        return problemDetail;
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/MIWSettings.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/MIWSettings.java
new file mode 100644
index 00000000..67a71e9f
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/MIWSettings.java
@@ -0,0 +1,40 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.config;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+import java.net.URI;
+import java.util.List;
+
+@ConfigurationProperties(prefix = "revocation.miw")
+public record MIWSettings(List<URI> vcContexts) {
+
+    public MIWSettings {
+        if (vcContexts == null) {
+            throw new NullPointerException("vcContexts cannot be null");
+        }
+        if (vcContexts.isEmpty()) {
+            throw new IllegalArgumentException("vcContexts cannot be empty");
+        }
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/OpenApiConfig.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/OpenApiConfig.java
new file mode 100644
index 00000000..0f09edc7
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/OpenApiConfig.java
@@ -0,0 +1,106 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.config;
+
+import io.swagger.v3.oas.models.Components;
+import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.info.Contact;
+import io.swagger.v3.oas.models.info.Info;
+import io.swagger.v3.oas.models.security.SecurityRequirement;
+import io.swagger.v3.oas.models.security.SecurityScheme;
+import lombok.AllArgsConstructor;
+import org.eclipse.tractusx.managedidentitywallets.revocation.config.security.SecurityConfigProperties;
+import org.springdoc.core.models.GroupedOpenApi;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpHeaders;
+
+import java.util.Collections;
+
+/**
+ * OpenApiConfig is used for managing the swagger with basic security setup if security is enabled.
+ */
+@Configuration
+@AllArgsConstructor
+public class OpenApiConfig {
+
+    private final SecurityConfigProperties properties;
+
+    /**
+     * Open api open api.
+     *
+     * @return the open api
+     */
+    @Bean
+    public OpenAPI openAPI() {
+        Info info = new Info();
+        info.setTitle("Reovcation Service API");
+        info.setDescription("Revocation Service API");
+        info.setVersion("0.0.1");
+
+        Contact contact = new Contact();
+        contact.name("eclipse-tractusx");
+        contact.email("tractusx-dev@eclipse.org");
+        contact.url("https://projects.eclipse.org/projects/automotive.tractusx");
+        info.contact(contact);
+
+        OpenAPI openAPI = new OpenAPI();
+        if (Boolean.TRUE.equals(properties.enabled())) {
+            openAPI = enableSecurity(openAPI);
+        }
+        return openAPI.info(info);
+    }
+
+    /**
+     * Open api definition grouped open api.
+     *
+     * @return the grouped open api
+     */
+    @Bean
+    public GroupedOpenApi openApiDefinition() {
+        return GroupedOpenApi.builder().group("docs").pathsToMatch("/**").displayName("Docs").build();
+    }
+
+    private OpenAPI enableSecurity(OpenAPI openAPI) {
+        Components components = new Components();
+
+        // Auth using access_token
+        String accessTokenAuth = "Authenticate using access_token";
+        components.addSecuritySchemes(
+                accessTokenAuth,
+                new SecurityScheme()
+                        .name(accessTokenAuth)
+                        .description(
+                                """
+                                        **Bearer (apiKey)**
+                                        JWT Authorization header using the Bearer scheme.
+                                        Enter **Bearer** [space] and then your token in the text input below.
+                                        Example: Bearer 12345abcdef""")
+                        .type(SecurityScheme.Type.APIKEY)
+                        .in(SecurityScheme.In.HEADER)
+                        .name(HttpHeaders.AUTHORIZATION));
+        return openAPI
+                .components(components)
+                .addSecurityItem(
+                        new SecurityRequirement().addList(accessTokenAuth, Collections.emptyList()));
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/CustomAuthenticationConverter.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/CustomAuthenticationConverter.java
new file mode 100644
index 00000000..92bca9d8
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/CustomAuthenticationConverter.java
@@ -0,0 +1,78 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.config.security;
+
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
+import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
+
+import java.util.Collection;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+/**
+ * The type Custom authentication converter.
+ */
+public class CustomAuthenticationConverter implements Converter<Jwt, AbstractAuthenticationToken> {
+
+    private final JwtGrantedAuthoritiesConverter grantedAuthoritiesConverter;
+    private final String resourceId;
+
+    /**
+     * Instantiates a new Custom authentication converter.
+     *
+     * @param resourceId the resource id
+     */
+    public CustomAuthenticationConverter(String resourceId) {
+        this.resourceId = resourceId;
+        grantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
+    }
+
+    @Override
+    public AbstractAuthenticationToken convert(Jwt source) {
+        Collection<GrantedAuthority> authorities = grantedAuthoritiesConverter.convert(source);
+        Optional.of(authorities).ifPresent(a -> a.addAll(extractResourceRoles(source, resourceId)));
+        return new JwtAuthenticationToken(source, authorities);
+    }
+
+    private Collection<? extends GrantedAuthority> extractResourceRoles(Jwt jwt, String resourceId) {
+        Map<String, Object> resourceAccess = jwt.getClaim("resource_access");
+        Map<String, Object> resource = (Map<String, Object>) resourceAccess.get(resourceId);
+        if (Objects.isNull(resource)) {
+            return Set.of();
+        }
+        Collection<String> resourceRoles = (Collection<String>) resource.get("roles");
+        if (Objects.isNull(resourceRoles)) {
+            return Set.of();
+        }
+        return resourceRoles.stream()
+                .map(role -> new SimpleGrantedAuthority("ROLE_" + role))
+                .collect(Collectors.toSet());
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/SecurityConfig.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/SecurityConfig.java
new file mode 100644
index 00000000..1424ba96
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/SecurityConfig.java
@@ -0,0 +1,119 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.config.security;
+
+import lombok.AllArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.eclipse.tractusx.managedidentitywallets.revocation.constant.ApplicationRole;
+import org.eclipse.tractusx.managedidentitywallets.revocation.constant.RevocationApiEndpoints;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+
+import static org.springframework.security.authorization.AuthorityAuthorizationManager.hasAnyRole;
+
+@Slf4j
+@EnableWebSecurity
+@EnableMethodSecurity(securedEnabled = true)
+@Configuration
+@AllArgsConstructor
+public class SecurityConfig {
+
+    private final SecurityConfigProperties securityConfigProperties;
+
+    /**
+     * Filter chain security filter chain.
+     *
+     * @param http the http
+     * @return the security filter chain
+     * @throws Exception the exception
+     */
+    @Bean
+    @ConditionalOnProperty(
+            value = "service.security.enabled",
+            havingValue = "true",
+            matchIfMissing = true)
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.cors(Customizer.withDefaults())
+                .csrf(AbstractHttpConfigurer::disable)
+                .headers(
+                        httpSecurityHeadersConfigurer ->
+                                httpSecurityHeadersConfigurer
+                                        .xssProtection(Customizer.withDefaults())
+                                        .contentSecurityPolicy(
+                                                contentSecurityPolicyConfig ->
+                                                        contentSecurityPolicyConfig.policyDirectives("script-src 'self'")))
+                .sessionManagement(
+                        sessionManagement ->
+                                sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .authorizeHttpRequests(
+                        authorizeHttpRequests ->
+                                authorizeHttpRequests
+                                        .requestMatchers("/")
+                                        .permitAll() // forwards to swagger
+                                        .requestMatchers("/docs/api-docs/**")
+                                        .permitAll()
+                                        .requestMatchers("/ui/swagger-ui/**")
+                                        .permitAll()
+                                        .requestMatchers("/error")
+                                        .permitAll()
+                                        .requestMatchers(new AntPathRequestMatcher("/actuator/health/**"))
+                                        .permitAll()
+                                        .requestMatchers(new AntPathRequestMatcher("/actuator/loggers/**"))
+                                        .hasRole(ApplicationRole.ROLE_MANAGE_APP)
+                                        .requestMatchers(
+                                                HttpMethod.GET, RevocationApiEndpoints.REVOCATION_API + "/credentials/**")
+                                        .permitAll()
+                                        .requestMatchers(RevocationApiEndpoints.REVOCATION_API + "/**")
+                                        .access(hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLET)))
+                .oauth2ResourceServer(
+                        resourceServer ->
+                                resourceServer.jwt(
+                                        jwt ->
+                                                jwt.jwtAuthenticationConverter(
+                                                        new CustomAuthenticationConverter(
+                                                                securityConfigProperties.clientId()))));
+        return http.build();
+    }
+
+    /**
+     * Security customizer web security customizer.
+     *
+     * @return the web security customizer
+     */
+    @Bean
+    @ConditionalOnProperty(value = "service.security.enabled", havingValue = "false")
+    public WebSecurityCustomizer securityCustomizer() {
+        log.warn("Disable security : This is not recommended to use in production environments.");
+        return web -> web.ignoring().requestMatchers(new AntPathRequestMatcher("**"));
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/SecurityConfigProperties.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/SecurityConfigProperties.java
new file mode 100644
index 00000000..0c981ed1
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/SecurityConfigProperties.java
@@ -0,0 +1,37 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.config.security;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+/**
+ * The type Security config properties.
+ */
+@ConfigurationProperties("revocation.security.keycloak")
+public record SecurityConfigProperties(
+        Boolean enabled,
+        String clientId,
+        String publicClientId,
+        String authUrl,
+        String tokenUrl,
+        String refreshTokenUrl) {
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/ApplicationRole.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/ApplicationRole.java
new file mode 100644
index 00000000..11722b79
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/ApplicationRole.java
@@ -0,0 +1,33 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.constant;
+
+public class ApplicationRole {
+
+    public static final String ROLE_MANAGE_APP = "manage_app";
+
+    public static final String ROLE_UPDATE_WALLET = "update_wallet";
+
+    private ApplicationRole() {
+        // static
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/PurposeType.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/PurposeType.java
new file mode 100644
index 00000000..00f90ef8
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/PurposeType.java
@@ -0,0 +1,27 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.constant;
+
+public enum PurposeType {
+    REVOCATION,
+    SUSPENSION,
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/RevocationApiEndpoints.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/RevocationApiEndpoints.java
new file mode 100644
index 00000000..b91f949e
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/RevocationApiEndpoints.java
@@ -0,0 +1,37 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.constant;
+
+public class RevocationApiEndpoints {
+
+    public static final String REVOCATION_API = "/api/v1/revocations";
+    public static final String CREDENTIALS = "/api/credentials";
+    public static final String REVOKE = "/revoke";
+    public static final String STATUS_ENTRY = "/status-entry";
+    public static final String CREDENTIALS_BY_ISSUER = "/credentials";
+    public static final String CREDENTIALS_STATUS_INDEX =
+            CREDENTIALS_BY_ISSUER + "/{issuerBPN}/{status}/{index}";
+
+    private RevocationApiEndpoints() {
+        // static
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/BaseController.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/BaseController.java
new file mode 100644
index 00000000..0c982b91
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/BaseController.java
@@ -0,0 +1,52 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.controllers;
+
+import org.eclipse.tractusx.managedidentitywallets.revocation.utils.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.revocation.utils.Validate;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
+
+import java.security.Principal;
+import java.util.Map;
+import java.util.TreeMap;
+
+public class BaseController {
+
+    /**
+     * Gets bpn from token.
+     *
+     * @param principal the principal
+     * @return the bpn from token
+     */
+    public String getBPNFromToken(Principal principal) {
+        Object principal1 = ((JwtAuthenticationToken) principal).getPrincipal();
+        Jwt jwt = (Jwt) principal1;
+        // this will misbehave if we have more then one claims with different case
+        // ie. BPN=123456 and bpn=789456
+        Map<String, Object> claims = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
+        claims.putAll(jwt.getClaims());
+        Validate.isFalse(claims.containsKey(StringPool.BPN))
+                .launch(new SecurityException("Invalid token, BPN not found"));
+        return claims.get(StringPool.BPN).toString();
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiController.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiController.java
new file mode 100644
index 00000000..f4b0d82f
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiController.java
@@ -0,0 +1,136 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.controllers;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.validation.Valid;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.eclipse.tractusx.managedidentitywallets.revocation.apidocs.RevocationApiControllerApiDocs;
+import org.eclipse.tractusx.managedidentitywallets.revocation.constant.RevocationApiEndpoints;
+import org.eclipse.tractusx.managedidentitywallets.revocation.dto.CredentialStatusDto;
+import org.eclipse.tractusx.managedidentitywallets.revocation.dto.StatusEntryDto;
+import org.eclipse.tractusx.managedidentitywallets.revocation.exception.ForbiddenException;
+import org.eclipse.tractusx.managedidentitywallets.revocation.exception.RevocationServiceException;
+import org.eclipse.tractusx.managedidentitywallets.revocation.services.RevocationService;
+import org.eclipse.tractusx.managedidentitywallets.revocation.utils.Validate;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestHeader;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.security.Principal;
+
+/**
+ * The RevocationApiController class is a REST controller that handles revocation-related API
+ * endpoints.
+ */
+@RestController
+@RequestMapping(RevocationApiEndpoints.REVOCATION_API)
+@RequiredArgsConstructor
+@Slf4j
+@Tag(name = "Revocation Service", description = "Revocation Service API")
+public class RevocationApiController extends BaseController {
+
+    private final RevocationService revocationService;
+
+    /**
+     * The above function is a Java POST endpoint that creates a status list for a credential using
+     * the provided DTO.
+     *
+     * @param dto   The parameter "dto" is of type "StatusEntryDto" and is annotated with
+     *              "@RequestBody". It is used to receive the request body data from the client. The "@Valid"
+     *              annotation is used to perform validation on the "dto" object based on the validation
+     *              constraints defined in the "StatusEntry
+     * @param token The authentication token
+     * @return The method is returning a CredentialStatusDto object.
+     */
+    @RevocationApiControllerApiDocs.StatusEntryApiDocs
+    @PostMapping(
+            value = RevocationApiEndpoints.STATUS_ENTRY,
+            produces = MediaType.APPLICATION_JSON_VALUE)
+    public CredentialStatusDto createStatusListVC(
+            @Valid @RequestBody StatusEntryDto dto,
+            @Parameter(hidden = true) @RequestHeader(name = HttpHeaders.AUTHORIZATION) String token,
+            Principal principal) {
+        Validate.isFalse(
+                        getBPNFromToken(principal).equals(revocationService.extractBpnFromDid(dto.issuerId())))
+                .launch(new ForbiddenException("invalid caller"));
+        return revocationService.createStatusList(dto, token);
+    }
+
+    /**
+     * The above function is a Java POST endpoint that revokes a credential and returns an HTTP status
+     * code.
+     *
+     * @param dto   The `dto` parameter is of type `CredentialStatusDto` and is annotated with
+     *              `@RequestBody`. This means that it is expected to be the request body of the HTTP POST
+     *              request. The `@Valid` annotation indicates that the `dto` object should be validated before
+     *              being processed further.
+     * @param token The authentication token
+     * @return The method is returning a ResponseEntity object with a HttpStatus of OK.
+     */
+    @RevocationApiControllerApiDocs.revokeCredentialDocs
+    @PostMapping(RevocationApiEndpoints.REVOKE)
+    public ResponseEntity<HttpStatus> revokeCredential(
+            @Valid @RequestBody CredentialStatusDto dto,
+            @Parameter(hidden = true) @RequestHeader(name = HttpHeaders.AUTHORIZATION) String token,
+            Principal principal)
+            throws RevocationServiceException {
+        Validate.isFalse(
+                        getBPNFromToken(principal).equals(revocationService.extractBpnFromURL(dto.id())))
+                .launch(new ForbiddenException("Invalid caller"));
+        revocationService.revoke(dto, token);
+        return new ResponseEntity<>(HttpStatus.OK);
+    }
+
+    /**
+     * The function `getCredentialsByIssuerId` retrieves a list of credentials by their issuer ID.
+     *
+     * @param issuerId The `issuerId` parameter is a string that represents the identifier of the
+     *                 issuer.
+     * @return The method is returning a ResponseEntity object that wraps a VerifiableCredential
+     * object.
+     */
+    @RevocationApiControllerApiDocs.GetStatusListCredentialDocs
+    @GetMapping(
+            path = RevocationApiEndpoints.CREDENTIALS_STATUS_INDEX,
+            produces = MediaType.APPLICATION_JSON_VALUE)
+    public ResponseEntity<VerifiableCredential> getStatusListCredential(
+            @RevocationApiControllerApiDocs.IssuerBPNPathParamDoc @PathVariable(name = "issuerBPN") String issuerBPN,
+            @RevocationApiControllerApiDocs.StatusPathParamDoc @PathVariable(name = "status") String status,
+            @RevocationApiControllerApiDocs.IndexPathParamDoc @PathVariable(name = "index") String index) {
+        log.debug("received get list for {}", issuerBPN);
+        return ResponseEntity.ofNullable(
+                revocationService.getStatusListCredential(
+                        issuerBPN.toUpperCase(), status.toLowerCase(), index));
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/domain/BPN.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/domain/BPN.java
new file mode 100644
index 00000000..9a53b007
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/domain/BPN.java
@@ -0,0 +1,62 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.domain;
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+public class BPN {
+
+    private static final String PATTERN = "^(BPN)([LSA])[0-9A-Z]{12}";
+
+    private final String value;
+
+    public BPN(final String bpn) {
+
+        Pattern pattern = Pattern.compile(PATTERN);
+        Matcher matcher = pattern.matcher(bpn);
+        if (!matcher.matches()) {
+            throw new IllegalArgumentException("BPN %s is not valid".formatted(bpn));
+        }
+
+        this.value = bpn;
+    }
+
+    public String value() {
+        return value;
+    }
+
+    @Override
+    public boolean equals(final Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+
+        final BPN bpn = (BPN) o;
+
+        return value.equals(bpn.value);
+    }
+
+    @Override
+    public int hashCode() {
+        return value.hashCode();
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/CredentialStatusDto.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/CredentialStatusDto.java
new file mode 100644
index 00000000..cf3ce0b1
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/CredentialStatusDto.java
@@ -0,0 +1,48 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.dto;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotNull;
+import org.eclipse.tractusx.managedidentitywallets.revocation.constant.PurposeType;
+import org.eclipse.tractusx.managedidentitywallets.revocation.utils.BitSetManager;
+
+public record CredentialStatusDto(
+        @NotBlank @NotNull @JsonProperty("id") String id,
+        @NotBlank @NotNull @JsonProperty("statusPurpose") String statusPurpose,
+        @NotBlank @NotNull @JsonProperty("statusListIndex") String statusListIndex,
+        @NotBlank @NotNull @JsonProperty("statusListCredential") String statusListCredential,
+        @NotBlank @NotNull @JsonProperty("type") String type) {
+    public CredentialStatusDto {
+        if (Integer.parseInt(statusListIndex) < 0
+                || Integer.parseInt(statusListIndex) > BitSetManager.BITSET_SIZE - 1) {
+            throw new IllegalArgumentException("statusListIndex is out of range");
+        }
+        if (!statusPurpose.equalsIgnoreCase(PurposeType.REVOCATION.toString())) {
+            throw new IllegalArgumentException("invalid statusPurpose");
+        }
+        if (!type.equals(StatusListCredentialSubject.TYPE_ENTRY)) {
+            throw new IllegalArgumentException("invalid type");
+        }
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusEntryDto.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusEntryDto.java
new file mode 100644
index 00000000..9a77d39e
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusEntryDto.java
@@ -0,0 +1,41 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.dto;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import jakarta.validation.Valid;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotNull;
+import org.eclipse.tractusx.managedidentitywallets.revocation.constant.PurposeType;
+
+@Valid
+public record StatusEntryDto(
+        // #TODO should be an Identifier (add validation)
+        @NotNull @NotBlank @JsonProperty("purpose") String purpose,
+        @NotNull @NotBlank @JsonProperty("issuerId") String issuerId) {
+
+    public StatusEntryDto {
+        if (!purpose.equalsIgnoreCase(PurposeType.REVOCATION.toString())) {
+            throw new IllegalArgumentException("purpose should only be revocation at this time");
+        }
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusListCredentialSubject.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusListCredentialSubject.java
new file mode 100644
index 00000000..0482d48b
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusListCredentialSubject.java
@@ -0,0 +1,42 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.dto;
+
+import lombok.Builder;
+import lombok.Getter;
+
+@Getter
+@Builder()
+public class StatusListCredentialSubject {
+    public static final String TYPE_ENTRY = "BitstringStatusListEntry";
+    public static final String TYPE_CREDENTIAL = "BitstringStatusListCredential";
+    public static final String TYPE_LIST = "BitstringStatusList";
+
+    public static final String SUBJECT_ID = "id";
+    public static final String SUBJECT_TYPE = "type";
+    public static final String SUBJECT_STATUS_PURPOSE = "statusPurpose";
+    public static final String SUBJECT_ENCODED_LIST = "encodedList";
+    private final String type;
+    private String id;
+    private String statusPurpose;
+    private String encodedList;
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/TokenResponse.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/TokenResponse.java
new file mode 100644
index 00000000..9dc3def9
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/TokenResponse.java
@@ -0,0 +1,34 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.dto;
+
+import com.fasterxml.jackson.annotation.JsonAlias;
+import lombok.Getter;
+import lombok.Setter;
+
+@Getter
+@Setter
+public class TokenResponse {
+
+    @JsonAlias("access_token")
+    private String accessToken;
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/BitSetManagerException.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/BitSetManagerException.java
new file mode 100644
index 00000000..c20bbc12
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/BitSetManagerException.java
@@ -0,0 +1,45 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.exception;
+
+public class BitSetManagerException extends RuntimeException {
+
+    public BitSetManagerException() {
+    }
+
+    public BitSetManagerException(String message) {
+        super(message);
+    }
+
+    public BitSetManagerException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    public BitSetManagerException(Throwable cause) {
+        super(cause);
+    }
+
+    public BitSetManagerException(
+            String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
+        super(message, cause, enableSuppression, writableStackTrace);
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/CredentialAlreadyRevokedException.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/CredentialAlreadyRevokedException.java
new file mode 100644
index 00000000..7d8ac72c
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/CredentialAlreadyRevokedException.java
@@ -0,0 +1,29 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.exception;
+
+public class CredentialAlreadyRevokedException extends BitSetManagerException {
+
+    public CredentialAlreadyRevokedException(String message) {
+        super(message);
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/ForbiddenException.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/ForbiddenException.java
new file mode 100644
index 00000000..a5420c34
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/ForbiddenException.java
@@ -0,0 +1,59 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.exception;
+
+public class ForbiddenException extends RuntimeException {
+
+    /**
+     * Instantiates a new Forbidden exception.
+     */
+    public ForbiddenException() {
+    }
+
+    /**
+     * Instantiates a new Forbidden exception.
+     *
+     * @param message the message
+     */
+    public ForbiddenException(String message) {
+        super(message);
+    }
+
+    /**
+     * Instantiates a new Forbidden exception.
+     *
+     * @param message the message
+     * @param cause   the cause
+     */
+    public ForbiddenException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    /**
+     * Instantiates a new Forbidden exception.
+     *
+     * @param cause the cause
+     */
+    public ForbiddenException(Throwable cause) {
+        super(cause);
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/RevocationServiceException.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/RevocationServiceException.java
new file mode 100644
index 00000000..3e0672fd
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/RevocationServiceException.java
@@ -0,0 +1,62 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.exception;
+
+/**
+ * Custom exception class to encapsulate service-related exceptions.
+ */
+public class RevocationServiceException extends Exception {
+
+    /**
+     * Constructs a new exception with the specified detail message. The cause is not initialized.
+     *
+     * @param message the detail message. The detail message is saved for later retrieval by the
+     *                {@link #getMessage()} method.
+     */
+    public RevocationServiceException(String message) {
+        super(message);
+    }
+
+    /**
+     * Constructs a new exception with the specified detail message and cause.
+     *
+     * @param message the detail message. The detail message is saved for later retrieval by the
+     *                {@link #getMessage()} method.
+     * @param cause   the cause (which is saved for later retrieval by the {@link #getCause()} method).
+     *                A null value is permitted, and indicates that the cause is nonexistent or unknown.
+     */
+    public RevocationServiceException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    /**
+     * Constructs a new exception with the specified cause and a detail message of (cause==null ? null
+     * : cause.toString()) (which typically contains the class and detail message of cause). This
+     * constructor is useful for exceptions that are little more than wrappers for other throwables.
+     *
+     * @param cause the cause (which is saved for later retrieval by the {@link #getCause()} method).
+     *              A null value is permitted, and indicates that the cause is nonexistent or unknown.
+     */
+    public RevocationServiceException(Throwable cause) {
+        super(cause);
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StatusListCredential.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StatusListCredential.java
new file mode 100644
index 00000000..654c6dd8
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StatusListCredential.java
@@ -0,0 +1,95 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.jpa;
+
+import jakarta.persistence.Column;
+import jakarta.persistence.Convert;
+import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.Id;
+import jakarta.persistence.Lob;
+import jakarta.persistence.OneToOne;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Size;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import org.eclipse.tractusx.managedidentitywallets.revocation.validation.ValidVerifiableCredential;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
+import org.hibernate.annotations.CreationTimestamp;
+import org.hibernate.annotations.UpdateTimestamp;
+
+import java.time.LocalDateTime;
+
+@Entity
+@Builder
+@Getter
+@AllArgsConstructor
+@NoArgsConstructor
+public class StatusListCredential {
+    @Id
+    @Column(name = "id", length = 256) // Adjust length as per your schema constraints
+    @NotBlank(message = "ID cannot be blank")
+    @Size(max = 256, message = "ID cannot exceed 256 characters")
+    private String id;
+
+    /**
+     * issuerBpn is a string field that represents the issuer' BPN with the status Purpose at the end
+     *
+     * <p>Example: "BPNL123456789123"
+     */
+    @Column(name = "issuer_bpn", length = 16) // Adjust length as per your schema constraints
+    @NotBlank(message = "Issuer BPN cannot be blank")
+    @Size(max = 16, message = "Issuer Bpn cannot exceed 16 characters")
+    private String issuerBpn;
+
+    // Annotation @Lob indicates that the field should be persisted as a large object to the database.
+    @Lob
+    @ValidVerifiableCredential // Custom validation annotation
+    @NotNull(message = "Credential cannot be null")
+    @Column(name = "credential", columnDefinition = "TEXT")
+    @Convert(converter = StringToCredentialConverter.class)
+    private VerifiableCredential credential;
+
+    @CreationTimestamp
+    @Column(name = "created_at", updatable = false, nullable = false)
+    private LocalDateTime createdAt;
+
+    @UpdateTimestamp
+    @Column(name = "modified_at", nullable = false)
+    private LocalDateTime updatedAt;
+
+    // FetchType.LAZY should be used for large objects as Lob
+    @OneToOne(mappedBy = "statusListCredential", fetch = FetchType.LAZY)
+    private StatusListIndex index;
+
+    // Ensure proper validation inside the setter if additional rules are needed
+    public void setCredential(VerifiableCredential vc) {
+        if (vc != null) {
+            credential = vc;
+        } else {
+            throw new IllegalArgumentException("Credential cannot be null");
+        }
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StatusListIndex.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StatusListIndex.java
new file mode 100644
index 00000000..7ead8470
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StatusListIndex.java
@@ -0,0 +1,79 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.jpa;
+
+import jakarta.persistence.CascadeType;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.FetchType;
+import jakarta.persistence.Id;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.OneToOne;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.Pattern;
+import jakarta.validation.constraints.Size;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+@Entity
+@Builder
+@Getter
+@AllArgsConstructor
+@NoArgsConstructor
+public class StatusListIndex {
+    @Id
+    @Column(name = "id", length = 256) // Adjust length as per your schema constraints
+    @NotBlank(message = "ID cannot be blank")
+    @Size(max = 256, message = "ID cannot exceed 256 characters")
+    private String id;
+
+    /**
+     * issuerBpn is a string field that represents the issuer' BPN with the status Purpose at the end
+     *
+     * <p>Example: "issuerBpn-revocation"
+     */
+    @Column(name = "issuer_bpn_status", length = 27) // Adjust length as per your schema constraints
+    @NotBlank(message = "Issuer BPN with status cannot be blank")
+    @Size(max = 27, message = "Issuer Bpn with status cannot exceed 27 characters")
+    private String issuerBpnStatus;
+
+    @Column(name = "current_index", length = 16) // Adjust length as per your schema constraints
+    @NotBlank(message = "Current index cannot be blank")
+    @Pattern(regexp = "^[0-9]+$", message = "Current index must be numeric")
+    @Size(max = 16, message = "Current index cannot exceed 16 characters")
+    private String currentIndex;
+
+    // Using LAZY fetching strategy to fetch statusListCredential on-demand
+    @OneToOne(fetch = FetchType.LAZY, cascade = CascadeType.ALL, orphanRemoval = true)
+    @JoinColumn(name = "status_list_credential_id", referencedColumnName = "id")
+    private StatusListCredential statusListCredential;
+
+    public void setCurrentIndex(String index) {
+        if (index != null && !index.trim().isEmpty() && index.matches("^[0-9]+$")) {
+            this.currentIndex = index;
+        } else {
+            throw new IllegalArgumentException("Invalid index value");
+        }
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StringToCredentialConverter.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StringToCredentialConverter.java
new file mode 100644
index 00000000..b4c7c84e
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StringToCredentialConverter.java
@@ -0,0 +1,52 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.jpa;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import jakarta.persistence.AttributeConverter;
+import jakarta.persistence.Converter;
+import lombok.SneakyThrows;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
+
+import java.util.Map;
+
+@Converter
+public class StringToCredentialConverter
+        implements AttributeConverter<VerifiableCredential, String> {
+
+    private final ObjectMapper objectMapper;
+
+    public StringToCredentialConverter(ObjectMapper objectMapper) {
+        this.objectMapper = objectMapper;
+    }
+
+    @Override
+    public String convertToDatabaseColumn(VerifiableCredential attribute) {
+        return attribute.toJson();
+    }
+
+    @SneakyThrows
+    @Override
+    public VerifiableCredential convertToEntityAttribute(String data) {
+        return new VerifiableCredential(objectMapper.readValue(data, Map.class));
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/repository/StatusListCredentialRepository.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/repository/StatusListCredentialRepository.java
new file mode 100644
index 00000000..9ded87a5
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/repository/StatusListCredentialRepository.java
@@ -0,0 +1,38 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.repository;
+
+import jakarta.persistence.LockModeType;
+import org.eclipse.tractusx.managedidentitywallets.revocation.jpa.StatusListCredential;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Lock;
+import org.springframework.stereotype.Repository;
+
+import java.util.Optional;
+
+@Repository
+public interface StatusListCredentialRepository
+        extends JpaRepository<StatusListCredential, String> {
+
+    @Lock(LockModeType.PESSIMISTIC_WRITE)
+    Optional<StatusListCredential> findById(String id);
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/repository/StatusListIndexRepository.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/repository/StatusListIndexRepository.java
new file mode 100644
index 00000000..4a51da96
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/repository/StatusListIndexRepository.java
@@ -0,0 +1,37 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.repository;
+
+import jakarta.persistence.LockModeType;
+import org.eclipse.tractusx.managedidentitywallets.revocation.jpa.StatusListIndex;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Lock;
+import org.springframework.stereotype.Repository;
+
+import java.util.List;
+
+@Repository
+public interface StatusListIndexRepository extends JpaRepository<StatusListIndex, String> {
+
+    @Lock(LockModeType.PESSIMISTIC_WRITE)
+    List<StatusListIndex> findByIssuerBpnStatus(String issuerBpnStatus);
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientService.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientService.java
new file mode 100644
index 00000000..e2fde5e8
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientService.java
@@ -0,0 +1,90 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.services;
+
+import lombok.RequiredArgsConstructor;
+import org.eclipse.tractusx.managedidentitywallets.revocation.config.security.SecurityConfigProperties;
+import org.eclipse.tractusx.managedidentitywallets.revocation.dto.TokenResponse;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+import org.springframework.stereotype.Service;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
+import org.springframework.web.client.RestClient;
+import org.springframework.web.util.UriComponentsBuilder;
+
+@Service
+@RequiredArgsConstructor
+public class HttpClientService {
+
+    private final RestClient restClient = RestClient.create();
+
+    private final SecurityConfigProperties securityConfigProperties;
+
+    @Value("${revocation.domain.url}")
+    public String domainUrl;
+
+    @Value("${revocation.miw.url}")
+    private String miwUrl;
+
+    public String getBearerToken() {
+        MultiValueMap<String, Object> data = new LinkedMultiValueMap<>();
+        data.add("client_id", securityConfigProperties.publicClientId());
+        data.add("client_secret", securityConfigProperties.clientId());
+        data.add("grant_type", "client_credentials");
+        var result =
+                restClient
+                        .post()
+                        .uri(securityConfigProperties.tokenUrl())
+                        .accept(MediaType.APPLICATION_FORM_URLENCODED)
+                        .body(data)
+                        .retrieve();
+        TokenResponse tokenResponse = result.toEntity(TokenResponse.class).getBody();
+        if (tokenResponse == null) {
+            return null;
+        }
+        return tokenResponse.getAccessToken();
+
+    }
+
+    public VerifiableCredential signStatusListVC(VerifiableCredential vc, String token) {
+        String uri =
+                UriComponentsBuilder.fromHttpUrl(miwUrl)
+                        .path("/api/credentials")
+                        .queryParam("isRevocable", "false")
+                        .build()
+                        .toUriString();
+
+        var result =
+                restClient
+                        .post()
+                        .uri(uri)
+                        .accept(MediaType.APPLICATION_JSON)
+                        .contentType(MediaType.APPLICATION_JSON)
+                        .header(HttpHeaders.AUTHORIZATION, token)
+                        .body(vc.toJson())
+                        .retrieve();
+        return result.toEntity(VerifiableCredential.class).getBody();
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java
new file mode 100644
index 00000000..1704295b
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java
@@ -0,0 +1,365 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.services;
+
+
+import lombok.RequiredArgsConstructor;
+import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
+import org.eclipse.tractusx.managedidentitywallets.revocation.config.MIWSettings;
+import org.eclipse.tractusx.managedidentitywallets.revocation.constant.RevocationApiEndpoints;
+import org.eclipse.tractusx.managedidentitywallets.revocation.domain.BPN;
+import org.eclipse.tractusx.managedidentitywallets.revocation.dto.CredentialStatusDto;
+import org.eclipse.tractusx.managedidentitywallets.revocation.dto.StatusEntryDto;
+import org.eclipse.tractusx.managedidentitywallets.revocation.dto.StatusListCredentialSubject;
+import org.eclipse.tractusx.managedidentitywallets.revocation.exception.BitSetManagerException;
+import org.eclipse.tractusx.managedidentitywallets.revocation.exception.RevocationServiceException;
+import org.eclipse.tractusx.managedidentitywallets.revocation.jpa.StatusListCredential;
+import org.eclipse.tractusx.managedidentitywallets.revocation.jpa.StatusListIndex;
+import org.eclipse.tractusx.managedidentitywallets.revocation.repository.StatusListCredentialRepository;
+import org.eclipse.tractusx.managedidentitywallets.revocation.repository.StatusListIndexRepository;
+import org.eclipse.tractusx.managedidentitywallets.revocation.utils.BitSetManager;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialBuilder;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialSubject;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialType;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.net.URI;
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * The `RevocationService` class is a Java service that handles the revocation of credentials and
+ * the creation of status lists.
+ */
+@Service
+@Slf4j
+@RequiredArgsConstructor
+public class RevocationService {
+
+    private final StatusListCredentialRepository statusListCredentialRepository;
+
+    private final StatusListIndexRepository statusListIndexRepository;
+
+    private final HttpClientService httpClientService;
+
+    private final MIWSettings miwSettings;
+
+    /**
+     * The `revoke` function revokes a credential by updating the status list credential with a new
+     * subject and saving it to the repository.
+     *
+     * @param dto   The `dto` parameter is an instance of the `CredentialStatusDto` class.
+     * @param token the token
+     * @throws RevocationServiceException the revocation service exception
+     */
+    @Transactional
+    public void revoke(CredentialStatusDto dto, String token) throws RevocationServiceException {
+        StatusListCredential statusListCredential;
+        StatusListCredentialSubject newSubject;
+        VerifiableCredential statusListVC;
+        VerifiableCredential signedStatusListVC;
+        String encodedList;
+        VerifiableCredentialSubject subjectCredential;
+
+        validateCredentialStatus(dto);
+
+        statusListCredential =
+                statusListCredentialRepository
+                        .findById(extractIdFromURL(dto.statusListCredential()))
+                        .orElseThrow(() -> new RevocationServiceException("Status list credential not found"));
+        statusListVC = statusListCredential.getCredential();
+        subjectCredential = statusListVC.getCredentialSubject().get(0);
+        encodedList = (String) subjectCredential.get(StatusListCredentialSubject.SUBJECT_ENCODED_LIST);
+        String newEncodedList;
+        try {
+            newEncodedList =
+                    BitSetManager.revokeCredential(encodedList, Integer.parseInt(dto.statusListIndex()));
+        } catch (BitSetManagerException e) {
+            log.error(null, e);
+            throw new RevocationServiceException(e);
+        }
+        newSubject =
+                StatusListCredentialSubject.builder()
+                        .id((String) subjectCredential.get(StatusListCredentialSubject.SUBJECT_ID))
+                        .type(StatusListCredentialSubject.TYPE_LIST)
+                        .statusPurpose(
+                                (String) subjectCredential.get(StatusListCredentialSubject.SUBJECT_STATUS_PURPOSE))
+                        .encodedList(newEncodedList)
+                        .build();
+        statusListVC.remove("proof");
+        // #TODO credentialSubject should not be a list fix that in SSI LIB
+        statusListVC.put("credentialSubject", List.of(createCredentialSubject(newSubject)));
+        signedStatusListVC = httpClientService.signStatusListVC(statusListVC, token);
+        statusListCredential.setCredential(signedStatusListVC);
+        log.info("Revoked credential with id:{} , index->{}", dto.id(), dto.statusListIndex());
+        statusListCredentialRepository.saveAndFlush(statusListCredential);
+    }
+
+    /**
+     * The function creates or updates a status list for a given issuer and purpose, and returns a
+     * CredentialStatusDto object.
+     *
+     * @param dto   The parameter "dto" is of type "StatusEntryDto".
+     * @param token the token
+     * @return The method is returning a CredentialStatusDto object.
+     */
+    @Transactional
+    public CredentialStatusDto createStatusList(StatusEntryDto dto, String token) {
+        StatusListIndex statusListIndex;
+        String vcUrl;
+        List<StatusListIndex> statusListIndexs;
+        String bpn;
+
+        bpn = extractBpnFromDid(dto.issuerId());
+        statusListIndexs =
+                statusListIndexRepository.findByIssuerBpnStatus(bpn + "-" + dto.purpose().toLowerCase());
+        statusListIndex =
+                statusListIndexs.stream()
+                        .filter(li -> Integer.parseInt(li.getCurrentIndex()) + 1 < BitSetManager.BITSET_SIZE)
+                        .findFirst()
+                        .orElseGet(
+                                () ->
+                                        createStatusListIndex(
+                                                dto,
+                                                statusListIndexs.size() + 1,
+                                                createStatusListCredential(dto, statusListIndexs.size() + 1, token)));
+        if (statusListIndex.getCurrentIndex().equals("-1")) {
+            statusListIndex.setCurrentIndex("0");
+            statusListIndexRepository.save(statusListIndex);
+            log.info("Created new status list for issuer: " + bpn);
+        } else {
+            statusListIndex.setCurrentIndex(
+                    String.valueOf(Integer.parseInt(statusListIndex.getCurrentIndex()) + 1));
+            statusListIndexRepository.save(statusListIndex);
+            log.info("Updated status list for issuer: " + bpn);
+        }
+        vcUrl =
+                httpClientService.domainUrl
+                        + RevocationApiEndpoints.REVOCATION_API
+                        + RevocationApiEndpoints.CREDENTIALS_STATUS_INDEX
+                        .replace("{issuerBPN}", bpn)
+                        .replace("{status}", dto.purpose().toLowerCase())
+                        .replace("{index}", String.valueOf(statusListIndex.getId().split("#")[1]));
+        return new CredentialStatusDto(
+                vcUrl + "#" + statusListIndex.getCurrentIndex(),
+                dto.purpose(),
+                statusListIndex.getCurrentIndex(),
+                vcUrl,
+                StatusListCredentialSubject.TYPE_ENTRY);
+    }
+
+
+    /**
+     * The function `getStatusLisCredential` retrieves a `VerifiableCredential` object from the
+     * `statusListCredentialRepository` based on identity
+     *
+     * @param issuerBpn the issuer bpn
+     * @param status    the status
+     * @param index     the index
+     * @return the status list credential
+     */
+    @Transactional
+    public VerifiableCredential getStatusListCredential(
+            String issuerBpn, String status, String index) {
+        return statusListCredentialRepository
+                .findById(issuerBpn + "-" + status + "#" + index)
+                .map(StatusListCredential::getCredential)
+                .orElse(null);
+    }
+
+    /**
+     * The function creates a map of key-value pairs representing the properties of a
+     * StatusListCredentialSubject object.
+     *
+     * @param subject The `subject` parameter is an instance of the `StatusListCredentialSubject`
+     *                class.
+     * @return The method is returning a Map<String, Object> object.
+     */
+    private Map<String, Object> createCredentialSubject(StatusListCredentialSubject subject) {
+        Map<String, Object> credentialSubjectMap = new HashMap<>();
+        credentialSubjectMap.put(StatusListCredentialSubject.SUBJECT_ID, subject.getId());
+        credentialSubjectMap.put(StatusListCredentialSubject.SUBJECT_TYPE, subject.getType());
+        credentialSubjectMap.put(
+                StatusListCredentialSubject.SUBJECT_STATUS_PURPOSE, subject.getStatusPurpose());
+        credentialSubjectMap.put(
+                StatusListCredentialSubject.SUBJECT_ENCODED_LIST, subject.getEncodedList());
+        return credentialSubjectMap;
+    }
+
+    /**
+     * The function creates a status list credential with a given status entry DTO.
+     *
+     * @param dto The "dto" parameter is an object of type "StatusEntryDto". It contains information
+     *            about the status entry, such as the issuer ID and the purpose of the status.
+     * @return The method `createStatusListCredential` returns a `StatusListCredential` object.
+     */
+    @SneakyThrows
+    private StatusListCredential createStatusListCredential(
+            StatusEntryDto dto, Integer size, String token) {
+        String id;
+        String bpn;
+        List<String> types = new ArrayList<>();
+        VerifiableCredential statusListVC;
+        StatusListCredentialSubject subject;
+        types.add(VerifiableCredentialType.VERIFIABLE_CREDENTIAL);
+        types.add(StatusListCredentialSubject.TYPE_CREDENTIAL);
+
+        bpn = extractBpnFromDid(dto.issuerId());
+        id =
+                httpClientService.domainUrl
+                        + RevocationApiEndpoints.REVOCATION_API
+                        + RevocationApiEndpoints.CREDENTIALS_STATUS_INDEX
+                        .replace("{issuerBPN}", bpn)
+                        .replace("{status}", dto.purpose().toLowerCase())
+                        .replace("{index}", String.valueOf(size));
+        subject =
+                StatusListCredentialSubject.builder()
+                        .id(id)
+                        .statusPurpose(dto.purpose().toLowerCase())
+                        .type(StatusListCredentialSubject.TYPE_LIST)
+                        .encodedList(BitSetManager.initializeEncodedListString())
+                        .build();
+
+        // TODO credentialSubject should not be a list fix that in SSI LIB
+        statusListVC =
+                new VerifiableCredentialBuilder()
+                        .context(miwSettings.vcContexts())
+                        .id(URI.create(id))
+                        .type(types)
+                        .issuer(URI.create(dto.issuerId()))
+                        .issuanceDate(Instant.now())
+                        .credentialSubject(new VerifiableCredentialSubject(createCredentialSubject(subject)))
+                        .build();
+        return StatusListCredential.builder()
+                .id(bpn + "-" + dto.purpose().toLowerCase() + "#" + size)
+                .issuerBpn(bpn)
+                .credential(httpClientService.signStatusListVC(statusListVC, token))
+                .build();
+    }
+
+
+    private StatusListIndex createStatusListIndex(
+            StatusEntryDto dto, Integer size, StatusListCredential statusListCredential) {
+        String bpn = extractBpnFromDid(dto.issuerId());
+        return StatusListIndex.builder()
+                .id(bpn + "-" + dto.purpose().toLowerCase() + "#" + size)
+                .currentIndex("-1")
+                .statusListCredential(statusListCredential)
+                .issuerBpnStatus(bpn + "-" + dto.purpose().toLowerCase())
+                .build();
+    }
+
+    /**
+     * The function extracts a BPN from a credential status.
+     *
+     * @param url The `url` parameter is a string that represents a credential status.
+     * @return The method is returning a string that is a combination of the first part of the "id"
+     */
+    @SneakyThrows
+    public String extractBpnFromURL(String url) {
+        Pattern pattern = Pattern.compile("/credentials/(B\\w+)/", Pattern.CASE_INSENSITIVE);
+        Matcher matcher = pattern.matcher(url);
+        if (matcher.find()) {
+            return matcher.group(1).toUpperCase();
+        } else {
+            throw new Exception("No match found");
+        }
+    }
+
+    /**
+     * The function extracts an ID from a status credential id .
+     *
+     * @param url The `url` parameter is a string that represents a credential status.
+     * @return The method is returning a string that is a combination of the first part of the "id"
+     */
+    public String extractIdFromURL(String url) {
+        Pattern pattern =
+                Pattern.compile("/credentials/(B\\w+)/(.*?)/(\\d+)", Pattern.CASE_INSENSITIVE);
+        // Create a Matcher object and find the first match in the URL
+        Matcher matcher = pattern.matcher(url);
+        if (matcher.find()) {
+            String bpnlNumber = matcher.group(1);
+            String purpose = matcher.group(2);
+            String credentialIndex = matcher.group(3);
+            return bpnlNumber.toUpperCase() + "-" + purpose + "#" + credentialIndex;
+        } else {
+            throw new IllegalArgumentException("No match found");
+        }
+    }
+
+    /**
+     * The function extracts an ID from a credential status.
+     *
+     * @param did The `did` parameter is a string that represents a credential status.
+     * @return The method is returning a string that is a combination of the first part of the "id"
+     */
+    public String extractBpnFromDid(String did) {
+        return new BPN(did.substring(did.lastIndexOf(":") + 1).toUpperCase()).value();
+    }
+
+    /**
+     * The function should validate the Credential Status group(1) = BPN Number group(2) = Purpose
+     * group(3) = status list credential Index group(4) = index of the verifiable credential in the
+     * status list
+     *
+     * @param dto the dto
+     * @throws IllegalArgumentException if the Credential Status is invalid
+     */
+    public void validateCredentialStatus(CredentialStatusDto dto) {
+        String domainUrl = httpClientService.domainUrl + RevocationApiEndpoints.REVOCATION_API;
+        String urlPattern = domainUrl + "/credentials/(B\\w+)/(.*?)/(\\d+)";
+        Pattern pattern0 = Pattern.compile(urlPattern, Pattern.CASE_INSENSITIVE);
+        Pattern pattern1 = Pattern.compile(urlPattern + "#(\\d+)", Pattern.CASE_INSENSITIVE);
+        Matcher matcher0 = pattern0.matcher(dto.statusListCredential());
+        Matcher matcher1 = pattern1.matcher(dto.id());
+        if (!matcher0.find()) {
+            throw new IllegalArgumentException("Invalid credential status url");
+        }
+        if (!matcher1.find()) {
+            throw new IllegalArgumentException("Invalid credential status id");
+        }
+
+        if (!matcher0.group(1).equals(matcher1.group(1))
+                || !matcher0.group(2).equals(matcher1.group(2))
+                || !matcher0.group(3).equals(matcher1.group(3))) {
+            throw new IllegalArgumentException("Credential status url and id do not match");
+        }
+
+        if (!matcher1.group(4).equals(dto.statusListIndex())) {
+            throw new IllegalArgumentException(
+                    "Credential status index in the id does not match the current index in the dto");
+        }
+
+        if (!matcher0.group(2).equals(dto.statusPurpose())) {
+            throw new IllegalArgumentException(
+                    "Credential status purpose does not match the statusPurpose in the dto");
+        }
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/BitSetManager.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/BitSetManager.java
new file mode 100644
index 00000000..a195a358
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/BitSetManager.java
@@ -0,0 +1,105 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.utils;
+
+import org.eclipse.tractusx.managedidentitywallets.revocation.exception.BitSetManagerException;
+import org.eclipse.tractusx.managedidentitywallets.revocation.exception.CredentialAlreadyRevokedException;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.Base64;
+import java.util.BitSet;
+import java.util.zip.GZIPInputStream;
+import java.util.zip.GZIPOutputStream;
+
+public class BitSetManager {
+
+    public static final int BITSET_SIZE = 131072;
+
+    private BitSetManager() {
+        // static methods only
+    }
+
+    public static String initializeEncodedListString() {
+        BitSet bitSet = new BitSet(BITSET_SIZE);
+        byte[] compressedBitSet = compress(bitSet);
+        return encodeToString(compressedBitSet);
+    }
+
+    public static byte[] compress(BitSet bitSet) {
+        byte[] byteArray = bitSet.toByteArray();
+        ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
+        try {
+            GZIPOutputStream gzipOutputStream = new GZIPOutputStream(outputStream);
+            gzipOutputStream.write(byteArray);
+            gzipOutputStream.close();
+            return outputStream.toByteArray();
+        } catch (IOException e) {
+            throw new BitSetManagerException(e);
+        }
+    }
+
+    public static String revokeCredential(String encodedList, int index)
+            throws BitSetManagerException {
+        BitSet bitSet = decompress(decodeFromString(encodedList));
+        if (bitSet.get(index)) {
+            throw new CredentialAlreadyRevokedException("Credential already revoked");
+        }
+        bitSet.set(index);
+        byte[] compressedBitSet = compress(bitSet);
+        return encodeToString(compressedBitSet);
+    }
+
+    public static String suspendCredential(String encodedList, int index) {
+        BitSet bitSet = decompress(decodeFromString(encodedList));
+        bitSet.flip(index);
+        byte[] compressedBitSet = compress(bitSet);
+        return encodeToString(compressedBitSet);
+    }
+
+    public static BitSet decompress(byte[] data) {
+        try (ByteArrayInputStream inputStream = new ByteArrayInputStream(data);
+             GZIPInputStream gzipInputStream = new GZIPInputStream(inputStream)) {
+            byte[] buffer = new byte[1024];
+            ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
+            int len;
+            while ((len = gzipInputStream.read(buffer)) > 0) {
+                outputStream.write(buffer, 0, len);
+            }
+            BitSet bitSet = BitSet.valueOf(outputStream.toByteArray());
+            outputStream.close();
+            return bitSet;
+
+        } catch (IOException e) {
+            throw new BitSetManagerException(e);
+        }
+    }
+
+    public static String encodeToString(byte[] data) {
+        return Base64.getEncoder().encodeToString(data);
+    }
+
+    public static byte[] decodeFromString(String data) {
+        return Base64.getDecoder().decode(data);
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/StringPool.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/StringPool.java
new file mode 100644
index 00000000..1aeb1f42
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/StringPool.java
@@ -0,0 +1,27 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.utils;
+
+public class StringPool {
+
+    public static final String BPN = "bpn";
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/Validate.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/Validate.java
new file mode 100644
index 00000000..724153dc
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/Validate.java
@@ -0,0 +1,153 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.utils;
+
+import java.util.Objects;
+
+/**
+ * The type Validate.
+ *
+ * @param <T> the type parameter
+ */
+public class Validate<T> {
+    private T value;
+    private boolean match = false;
+
+    private Validate() {
+    }
+
+    private Validate(T value) {
+        this.value = value;
+    }
+
+    /**
+     * Value validate.
+     *
+     * @param <V>   the type parameter
+     * @param value the value
+     * @return the validate
+     */
+    public static <V> Validate<V> value(V value) {
+        return new Validate<>(value);
+    }
+
+    /**
+     * Is true validate.
+     *
+     * @param <V>       the type parameter
+     * @param condition the condition
+     * @return the validate
+     */
+    public static <V> Validate<V> isTrue(boolean condition) {
+        Validate<V> validate = new Validate<>();
+        if (condition) {
+            validate.match = true;
+        }
+        return validate;
+    }
+
+    /**
+     * Throws if {@code condition} is false
+     *
+     * @param <V>       the type parameter
+     * @param condition the condition
+     * @return validate validate
+     */
+    public static <V> Validate<V> isFalse(boolean condition) {
+        Validate<V> validate = new Validate<>();
+        if (!condition) {
+            validate.match = true;
+        }
+        return validate;
+    }
+
+    /**
+     * Is null validate.
+     *
+     * @param <T>   the type parameter
+     * @param value the value
+     * @return the validate
+     */
+    public static <T> Validate<T> isNull(T value) {
+        return new Validate<>(value).isNull();
+    }
+
+    /**
+     * Is not null validate.
+     *
+     * @param <T>   the type parameter
+     * @param value the value
+     * @return the validate
+     */
+    public static <T> Validate<T> isNotNull(T value) {
+        return new Validate<>(value).isNotNull();
+    }
+
+    /**
+     * Is not empty validate.
+     *
+     * @return the validate
+     */
+    public Validate<T> isNotEmpty() {
+        if (match || Objects.isNull(value) || String.valueOf(value).trim().isEmpty()) {
+            match = true;
+        }
+        return this;
+    }
+
+    /**
+     * Is null validate.
+     *
+     * @return the validate
+     */
+    public Validate<T> isNull() {
+        if (match || Objects.isNull(value)) {
+            match = true;
+        }
+        return this;
+    }
+
+    /**
+     * Is not null validate.
+     *
+     * @return the validate
+     */
+    public Validate<T> isNotNull() {
+        if (match || !Objects.isNull(value)) {
+            match = true;
+        }
+        return this;
+    }
+
+    /**
+     * Throw passed exception if expression is match
+     *
+     * @param e exception to throw
+     * @return the t
+     */
+    public T launch(RuntimeException e) {
+        if (match) {
+            throw e;
+        }
+        return value;
+    }
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/validation/ValidVerifiableCredential.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/validation/ValidVerifiableCredential.java
new file mode 100644
index 00000000..2df9f535
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/validation/ValidVerifiableCredential.java
@@ -0,0 +1,43 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.validation;
+
+import jakarta.validation.Constraint;
+import jakarta.validation.Payload;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Documented
+@Constraint(validatedBy = VerifiableCredentialValidator.class)
+@Target({ ElementType.FIELD })
+@Retention(RetentionPolicy.RUNTIME)
+public @interface ValidVerifiableCredential {
+    String message() default "Invalid Verifiable Credential data";
+
+    Class<?>[] groups() default {};
+
+    Class<? extends Payload>[] payload() default {};
+}
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/validation/VerifiableCredentialValidator.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/validation/VerifiableCredentialValidator.java
new file mode 100644
index 00000000..66372d57
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/validation/VerifiableCredentialValidator.java
@@ -0,0 +1,95 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.validation;
+
+import jakarta.validation.ConstraintValidator;
+import jakarta.validation.ConstraintValidatorContext;
+import lombok.NonNull;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialSubject;
+
+import java.net.URI;
+import java.util.List;
+import java.util.Map;
+
+public class VerifiableCredentialValidator
+        implements ConstraintValidator<ValidVerifiableCredential, VerifiableCredential> {
+
+    @Override
+    public void initialize(ValidVerifiableCredential constraintAnnotation) {
+        // You can add initialization logic here if needed.
+    }
+
+    @Override
+    public boolean isValid(VerifiableCredential credential, ConstraintValidatorContext context) {
+        if (credential == null) {
+            return true; // @NotNull should handle null cases
+        }
+
+        // Assuming 'id' within 'credentialSubject' is the field to be validated as a URI
+        @NonNull
+        List<VerifiableCredentialSubject> credentialSubject = credential.getCredentialSubject();
+        if (credentialSubject != null) {
+            if (!validateCredentialSubject(credentialSubject, context)) {
+                return false;
+            }
+        }
+
+        // Additional validation checks can be added here, e.g., checking the proof object
+
+        return true;
+    }
+
+    private boolean validateCredentialSubject(
+            List<VerifiableCredentialSubject> credentialSubjects, ConstraintValidatorContext context) {
+        // We iterate over the list of credential subjects to validate each one
+        for (Map<String, Object> subject : credentialSubjects) {
+            // Extract the 'id' of the credential subject if it exists
+            Object subjectId = subject.get("id");
+            if (subjectId == null || !(subjectId instanceof String)) {
+                addConstraintViolation(context, "credentialSubject.id must be a valid String");
+                return false;
+            }
+
+            // Check for a valid URI in the subject ID
+            if (!isValidUri((String) subjectId)) {
+                addConstraintViolation(context, "credentialSubject.id must be a valid URI");
+                return false;
+            }
+        }
+        return true;
+    }
+
+    private void addConstraintViolation(ConstraintValidatorContext context, String message) {
+        context.disableDefaultConstraintViolation();
+        context.buildConstraintViolationWithTemplate(message).addConstraintViolation();
+    }
+
+    private boolean isValidUri(String uriStr) {
+        try {
+            URI uri = new URI(uriStr);
+            return uri.isAbsolute();
+        } catch (Exception e) {
+            return false;
+        }
+    }
+}
diff --git a/revocation-service/src/main/resources/application.yaml b/revocation-service/src/main/resources/application.yaml
new file mode 100644
index 00000000..98f4296f
--- /dev/null
+++ b/revocation-service/src/main/resources/application.yaml
@@ -0,0 +1,130 @@
+################################################################################
+# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+################################################################################
+
+#set all env here
+revocation:
+  application:
+    name: ${APPLICATION_NAME:Revocation}
+    port: ${APPLICATION_PORT:8080}
+    profile: ${APPLICATION_PROFILE:local}
+  database:
+    host: ${DATABASE_HOST:localhost}
+    port: ${DATABASE_PORT:5434}
+    name: ${DATABASE_NAME:revocation}
+    useSSL: ${DATABASE_USE_SSL_COMMUNICATION:false}
+    username: ${DATABASE_USERNAME:admin}
+    password: ${DATABASE_PASSWORD:admin}
+    connectionPoolSize: ${DATABASE_CONNECTION_POOL_SIZE:10}
+  swagger:
+    enableSwaggerUi: ${ENABLE_SWAGGER_UI:true}
+    enableApiDoc: ${ENABLE_API_DOC:true}
+  config:
+    applicationLogLevel: ${APPLICATION_LOG_LEVEL:DEBUG}
+  security:
+    service:
+      enabled: ${SERVICE_SECURITY_ENABLED:true}
+    keycloak:
+      enabled: ${KEYCLOAK_ENABLED:true}
+      realm: ${KEYCLOAK_REALM:miw_test}
+      clientId: ${KEYCLOAK_CLIENT_ID:miw_private_client}
+      publicClientId: ${KEYCLOAK_PUBLIC_CLIENT_ID:miw_public_client}  #used for swagger login
+      auth-server-url: ${AUTH_SERVER_URL:http://localhost:28080}
+      auth-url: ${revocation.security.keycloak.auth-server-url}/realms/${revocation.security.keycloak.realm}/protocol/openid-connect/auth
+      token-url: ${revocation.security.keycloak.auth-server-url}/realms/${revocation.security.keycloak.realm}/protocol/openid-connect/token
+      refresh-token-url: ${revocation.security.keycloak.token-url}
+  miw:
+    url: ${MIW_URL:https://b366-203-129-213-107.ngrok-free.app}
+    vcContexts: ${VC_SCHEMA_LINK:https://www.w3.org/2018/credentials/v1, https://eclipse-tractusx.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json}
+  domain:
+    url: ${DOMAIN_URL:http://localhost:8080}
+
+
+
+#Spring boot configuration
+server:
+  port: ${revocation.application.port}
+  shutdown: graceful
+  compression:
+    enabled: true
+spring:
+  profiles:
+    active: ${revocation.application.profile}
+  liquibase:
+    change-log: classpath:/db/changelog/changelog-master.xml
+  application:
+    name: revocation
+  datasource:
+    url: jdbc:postgresql://${revocation.database.host}:${revocation.database.port}/${revocation.database.name}?useSSL=${revocation.database.useSSL}
+    username: ${revocation.database.username}
+    password: ${revocation.database.password}
+    initialization-mode: always
+    hikari:
+      maximumPoolSize: ${revocation.database.connectionPoolSize}
+  jpa:
+    show-sql: false
+  security:
+    oauth2:
+      resourceserver:
+        jwt:
+          #Issuer-uri indicates the iss claims from jwt token
+          issuer-uri: ${revocation.security.keycloak.auth-server-url}/realms/${revocation.security.keycloak.realm}
+          jwk-set-uri: ${revocation.security.keycloak.auth-server-url}/realms/${revocation.security.keycloak.realm}/protocol/openid-connect/certs
+
+## only needed if you want to enable API doc
+springdoc:
+  swagger-ui:
+    enabled: ${revocation.swagger.enableSwaggerUi}
+    oauth:
+      clientId: ${revocation.security.keycloak.publicClientId} #It should be public client created in keycloak
+    disable-swagger-default-url: true
+    path: /ui/swagger-ui
+    show-common-extensions: true
+    csrf:
+      enabled: true
+  api-docs:
+    enabled: ${revocation.swagger.enableApiDoc}
+    path: /docs/api-docs
+
+management:
+  endpoint:
+    loggers:
+      enabled: true
+    health:
+      probes:
+        enabled: true
+  endpoints:
+    web:
+      exposure:
+        include: '*, pre-stop, loggers'
+  health:
+    db:
+      enabled: true
+    livenessState:
+      enabled: true
+    readinessState:
+      enabled: true
+
+# log level
+logging:
+  level:
+    org:
+      eclipse:
+        tractusx:
+          managedidentitywallets:
+            revocation: ${APP_LOG_LEVEL:INFO}
diff --git a/revocation-service/src/main/resources/db/changelog/changelog-master.xml b/revocation-service/src/main/resources/db/changelog/changelog-master.xml
new file mode 100755
index 00000000..01cb2640
--- /dev/null
+++ b/revocation-service/src/main/resources/db/changelog/changelog-master.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ /********************************************************************************
+  ~  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+  ~
+  ~  See the NOTICE file(s) distributed with this work for additional
+  ~  information regarding copyright ownership.
+  ~
+  ~  This program and the accompanying materials are made available under the
+  ~  terms of the Apache License, Version 2.0 which is available at
+  ~  https://www.apache.org/licenses/LICENSE-2.0.
+  ~
+  ~  Unless required by applicable law or agreed to in writing, software
+  ~  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+  ~  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+  ~  License for the specific language governing permissions and limitations
+  ~  under the License.
+  ~
+  ~  SPDX-License-Identifier: Apache-2.0
+  ~ ********************************************************************************/
+  -->
+
+<databaseChangeLog
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
+    <include file="db/changelog/changes/init.sql"/>
+</databaseChangeLog>
diff --git a/revocation-service/src/main/resources/db/changelog/changes/init.sql b/revocation-service/src/main/resources/db/changelog/changes/init.sql
new file mode 100755
index 00000000..696ad8b2
--- /dev/null
+++ b/revocation-service/src/main/resources/db/changelog/changes/init.sql
@@ -0,0 +1,69 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+-- liquibase formatted sql
+
+-- changeset pmanaras:1.0 dbms:postgresql
+CREATE TABLE status_list_credential (
+  id VARCHAR(256) NOT NULL,
+   issuer_bpn VARCHAR(16),
+   credential TEXT NOT NULL,
+   created_at TIMESTAMP WITHOUT TIME ZONE NOT NULL,
+   modified_at TIMESTAMP WITHOUT TIME ZONE NOT NULL,
+   CONSTRAINT pk_statuslistcredential PRIMARY KEY (id)
+);
+
+CREATE TABLE status_list_index (
+  id VARCHAR(256) NOT NULL,
+   issuer_bpn_status VARCHAR(27),
+   current_index VARCHAR(16),
+   status_list_credential_id VARCHAR(256),
+   CONSTRAINT pk_statuslistindex PRIMARY KEY (id)
+);
+
+ALTER TABLE status_list_index ADD CONSTRAINT uc_statuslistindex_status_list_credential UNIQUE (status_list_credential_id);
+
+ALTER TABLE status_list_index ADD CONSTRAINT FK_STATUSLISTINDEX_ON_STATUS_LIST_CREDENTIAL FOREIGN KEY (status_list_credential_id) REFERENCES status_list_credential (id);
+
+-- changeset pmanaras:1.0  dbms:h2
+CREATE TABLE IF NOT EXISTS status_list_credential (
+  id VARCHAR(256) NOT NULL,
+   issuer_bpn VARCHAR(16),
+   credential CLOB NOT NULL,
+   created_at TIMESTAMP NOT NULL,
+   modified_at TIMESTAMP NOT NULL,
+   CONSTRAINT pk_statuslistcredential PRIMARY KEY (id)
+);
+
+CREATE TABLE IF NOT EXISTS status_list_index (
+  id VARCHAR(256) NOT NULL,
+   issuer_bpn_status VARCHAR(27),
+   current_index VARCHAR(16),
+   status_list_credential_id VARCHAR(256),
+   CONSTRAINT pk_statuslistindex PRIMARY KEY (id)
+);
+
+ALTER TABLE status_list_index DROP CONSTRAINT IF EXISTS uc_statuslistindex_status_list_credential;
+ALTER TABLE status_list_index DROP CONSTRAINT IF EXISTS FK_STATUSLISTINDEX_ON_STATUS_LIST_CREDENTIAL;
+
+ALTER TABLE status_list_index ADD CONSTRAINT uc_statuslistindex_status_list_credential UNIQUE (status_list_credential_id);
+
+ALTER TABLE status_list_index ADD CONSTRAINT FK_STATUSLISTINDEX_ON_STATUS_LIST_CREDENTIAL FOREIGN KEY (status_list_credential_id) REFERENCES status_list_credential (id);
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/TestUtil.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/TestUtil.java
new file mode 100644
index 00000000..bbb67685
--- /dev/null
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/TestUtil.java
@@ -0,0 +1,189 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation;
+
+import org.eclipse.tractusx.managedidentitywallets.revocation.dto.StatusListCredentialSubject;
+import org.eclipse.tractusx.managedidentitywallets.revocation.jpa.StatusListCredential;
+import org.eclipse.tractusx.managedidentitywallets.revocation.jpa.StatusListIndex;
+import org.eclipse.tractusx.ssi.lib.crypt.KeyPair;
+import org.eclipse.tractusx.ssi.lib.crypt.x25519.X25519Generator;
+import org.eclipse.tractusx.ssi.lib.exception.json.TransformJsonLdException;
+import org.eclipse.tractusx.ssi.lib.exception.key.InvalidPrivateKeyFormatException;
+import org.eclipse.tractusx.ssi.lib.exception.key.KeyGenerationException;
+import org.eclipse.tractusx.ssi.lib.exception.proof.SignatureGenerateFailedException;
+import org.eclipse.tractusx.ssi.lib.exception.proof.UnsupportedSignatureTypeException;
+import org.eclipse.tractusx.ssi.lib.model.proof.Proof;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialBuilder;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialSubject;
+import org.eclipse.tractusx.ssi.lib.proof.LinkedDataProofGenerator;
+import org.eclipse.tractusx.ssi.lib.proof.SignatureType;
+import org.mockito.Mockito;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.net.URI;
+import java.time.Instant;
+import java.time.LocalDateTime;
+import java.util.Base64;
+import java.util.BitSet;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.zip.GZIPInputStream;
+import java.util.zip.GZIPOutputStream;
+
+import static org.mockito.Mockito.when;
+
+public class TestUtil {
+
+    public static final int BITSET_SIZE = 131072;
+
+    public static final String STATUS_LIST_ID = "https://example.com/credentials/status/3";
+
+    public static final String BPN = "BPNL123456789000";
+
+    public static final String DID = "did:web:example:BPNL123456789000";
+
+    public static final List<URI> VC_CONTEXTS =
+            List.of(URI.create("https://w3id.org/vc/status-list/2021/v1"));
+
+    public static final String STATUS_LIST_CREDENTIAL_SUBJECT_ID =
+            "https://example.com/status/3#list";
+
+    public static StatusListIndex mockStatusListIndex(
+            String issuerBpnStatus, StatusListCredential statusListCredential, String currentIndex) {
+        var statusListIndex = Mockito.mock(StatusListIndex.class);
+        when(statusListIndex.getStatusListCredential()).thenReturn(statusListCredential);
+        when(statusListIndex.getCurrentIndex()).thenReturn(currentIndex);
+        when(statusListIndex.getIssuerBpnStatus()).thenReturn(issuerBpnStatus);
+        return statusListIndex;
+    }
+
+    public static String mockEmptyEncodedList() {
+        BitSet bitSet = new BitSet(BITSET_SIZE);
+        return Base64.getEncoder().encodeToString(gzipCompress(bitSet));
+    }
+
+    public static VerifiableCredentialBuilder mockStatusListVC(
+            String issuer, String index, String encodedList) {
+        var builder =
+                new VerifiableCredentialBuilder()
+                        .context(VC_CONTEXTS)
+                        .id(URI.create(issuer + "#" + index))
+                        .type(List.of("VerifiableCredential", "BitstringStatusListCredential"))
+                        .issuer(URI.create(issuer))
+                        .expirationDate(Instant.now().plusSeconds(200000000L))
+                        .issuanceDate(Instant.now())
+                        .credentialSubject(new VerifiableCredentialSubject(mockStatusList(encodedList)));
+        return builder;
+    }
+
+    public static StatusListCredential mockStatusListCredential(
+            String issuer, VerifiableCredentialBuilder builder) {
+
+        final LinkedDataProofGenerator generator;
+        try {
+            generator = LinkedDataProofGenerator.newInstance(SignatureType.ED25519);
+        } catch (UnsupportedSignatureTypeException e) {
+            throw new AssertionError(e);
+        }
+
+        final Proof proof;
+        try {
+            proof =
+                    generator.createProof(
+                            builder.build(), URI.create(issuer + "#key-1"), generateKeys().getPrivateKey());
+        } catch (InvalidPrivateKeyFormatException
+                 | SignatureGenerateFailedException
+                 | TransformJsonLdException e) {
+            throw new AssertionError(e);
+        }
+
+        // Adding Proof to VC
+        builder.proof(proof);
+
+        StatusListCredential statusListCredential = Mockito.mock(StatusListCredential.class);
+        when(statusListCredential.getCredential()).thenReturn(builder.build());
+        when(statusListCredential.getId()).thenReturn(STATUS_LIST_ID);
+        when(statusListCredential.getIssuerBpn()).thenReturn(issuer);
+        when(statusListCredential.getCreatedAt()).thenReturn(LocalDateTime.now());
+
+        return statusListCredential;
+    }
+
+    public static KeyPair generateKeys() {
+        X25519Generator gen = new X25519Generator();
+        KeyPair baseWalletKeys;
+        try {
+            baseWalletKeys = gen.generateKey();
+        } catch (KeyGenerationException e) {
+            throw new AssertionError(e);
+        }
+        return baseWalletKeys;
+    }
+
+    public static Map<String, Object> mockStatusList(String encodedList) {
+        Map<String, Object> credentialSubjectMap = new HashMap<String, Object>();
+        credentialSubjectMap.put(
+                StatusListCredentialSubject.SUBJECT_ID, STATUS_LIST_CREDENTIAL_SUBJECT_ID);
+        credentialSubjectMap.put(StatusListCredentialSubject.SUBJECT_TYPE, "BitstringStatusList");
+        credentialSubjectMap.put(StatusListCredentialSubject.SUBJECT_STATUS_PURPOSE, "revocation");
+        credentialSubjectMap.put(StatusListCredentialSubject.SUBJECT_ENCODED_LIST, encodedList);
+        return credentialSubjectMap;
+    }
+
+    public static byte[] gzipCompress(BitSet bitSet) {
+        ByteArrayOutputStream out = new ByteArrayOutputStream();
+        try (GZIPOutputStream gzipOut = new GZIPOutputStream(out)) {
+            gzipOut.write(bitSet.toByteArray());
+        } catch (IOException e) {
+            throw new AssertionError("failed.");
+        }
+
+        return out.toByteArray();
+    }
+
+    public static BitSet decompressGzip(byte[] bytes) {
+        ByteArrayInputStream in = new ByteArrayInputStream(bytes);
+        try (GZIPInputStream gzipIn = new GZIPInputStream(in)) {
+            byte[] buffer = new byte[1024];
+            ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
+
+            int len;
+            while ((len = gzipIn.read(buffer)) > 0) {
+                outputStream.write(buffer, 0, len);
+            }
+
+            BitSet bitSet = BitSet.valueOf(outputStream.toByteArray());
+            outputStream.close();
+            return bitSet;
+
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    public static String extractBpnFromDid(String did) {
+        return did.substring(did.lastIndexOf(":") + 1).toUpperCase();
+    }
+}
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/TestVerifiableCredentialsRevocationServiceApplication.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/TestVerifiableCredentialsRevocationServiceApplication.java
new file mode 100644
index 00000000..e7d5f139
--- /dev/null
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/TestVerifiableCredentialsRevocationServiceApplication.java
@@ -0,0 +1,45 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.boot.testcontainers.service.connection.ServiceConnection;
+import org.springframework.context.annotation.Bean;
+import org.testcontainers.containers.PostgreSQLContainer;
+import org.testcontainers.utility.DockerImageName;
+
+@TestConfiguration(proxyBeanMethods = false)
+public class TestVerifiableCredentialsRevocationServiceApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.from(VerifiableCredentialsRevocationServiceApplication::main)
+                .with(TestVerifiableCredentialsRevocationServiceApplication.class)
+                .run(args);
+    }
+
+    @Bean
+    @ServiceConnection
+    PostgreSQLContainer<?> postgresContainer() {
+        return new PostgreSQLContainer<>(DockerImageName.parse("postgres:latest"));
+    }
+}
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/ExceptionHandlingTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/ExceptionHandlingTest.java
new file mode 100644
index 00000000..9e4e07c0
--- /dev/null
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/ExceptionHandlingTest.java
@@ -0,0 +1,73 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.config;
+
+import org.eclipse.tractusx.managedidentitywallets.revocation.exception.CredentialAlreadyRevokedException;
+import org.eclipse.tractusx.managedidentitywallets.revocation.exception.ForbiddenException;
+import org.junit.jupiter.api.Test;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ProblemDetail;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+class ExceptionHandlingTest {
+
+    private static final ExceptionHandling exceptionHandling = new ExceptionHandling();
+
+    @Test
+    void handleCredentialAlreadyRevokedException() {
+        CredentialAlreadyRevokedException credentialAlreadyRevokedException =
+                new CredentialAlreadyRevokedException("credential xyz was already revoked");
+        ProblemDetail problemDetail =
+                exceptionHandling.handleCredentialAlreadyRevokedException(
+                        credentialAlreadyRevokedException);
+
+        assertNotNull(problemDetail);
+        assertNotNull(problemDetail.getTitle());
+        assertEquals("Revocation service error", problemDetail.getTitle());
+        assertEquals(HttpStatus.CONFLICT.value(), problemDetail.getStatus());
+    }
+
+    @Test
+    void handleForbiddenException() {
+        ForbiddenException forbiddenException = new ForbiddenException("no!");
+        ProblemDetail problemDetail = exceptionHandling.handleForbiddenException(forbiddenException);
+
+        assertNotNull(problemDetail);
+        assertNotNull(problemDetail.getTitle());
+        assertEquals("ForbiddenException: no!", problemDetail.getTitle());
+        assertEquals(HttpStatus.FORBIDDEN.value(), problemDetail.getStatus());
+    }
+
+    @Test
+    void handleIllegalArgumentException() {
+        IllegalArgumentException illegalArgumentException = new IllegalArgumentException("illegal");
+        ProblemDetail problemDetail =
+                exceptionHandling.handleIllegalArgumentException(illegalArgumentException);
+
+        assertNotNull(problemDetail);
+        assertNotNull(problemDetail.getTitle());
+        assertEquals("IllegalArgumentException: illegal", problemDetail.getTitle());
+        assertEquals(HttpStatus.BAD_REQUEST.value(), problemDetail.getStatus());
+    }
+}
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/MIWSettingsTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/MIWSettingsTest.java
new file mode 100644
index 00000000..c04163e8
--- /dev/null
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/MIWSettingsTest.java
@@ -0,0 +1,55 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.config;
+
+import org.junit.jupiter.api.Test;
+
+import java.net.URI;
+import java.util.Arrays;
+import java.util.List;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+class MIWSettingsTest {
+
+    @Test
+    void testMIWSettingsWithValidData() {
+        List<URI> vcContexts =
+                Arrays.asList(
+                        URI.create("https://example.com/context1"), URI.create("https://example.com/context2"));
+
+        MIWSettings miwSettings = new MIWSettings(vcContexts);
+
+        assertEquals(vcContexts, miwSettings.vcContexts());
+    }
+
+    @Test
+    void testMIWSettingsWithNullVCContexts() {
+        assertThrows(NullPointerException.class, () -> new MIWSettings(null));
+    }
+
+    @Test
+    void testMIWSettingsWithEmptyVCContexts() {
+        assertThrows(IllegalArgumentException.class, () -> new MIWSettings(List.of()));
+    }
+}
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/OpenApiConfigTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/OpenApiConfigTest.java
new file mode 100644
index 00000000..db45d705
--- /dev/null
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/OpenApiConfigTest.java
@@ -0,0 +1,73 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.config;
+
+import io.swagger.v3.oas.models.OpenAPI;
+import org.eclipse.tractusx.managedidentitywallets.revocation.config.security.SecurityConfigProperties;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mockito;
+import org.springdoc.core.models.GroupedOpenApi;
+
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.Mockito.when;
+
+class OpenApiConfigTest {
+
+    private static SecurityConfigProperties securityConfigProperties;
+
+    private static OpenApiConfig openApiconfig;
+
+    @BeforeAll
+    public static void beforeAll() {
+        securityConfigProperties = Mockito.mock(SecurityConfigProperties.class);
+        openApiconfig = new OpenApiConfig(securityConfigProperties);
+    }
+
+    @Test
+    void testOpenApiSecurityEnabled() {
+        when(securityConfigProperties.enabled()).thenReturn(true);
+        OpenAPI openAPI = assertDoesNotThrow(() -> openApiconfig.openAPI());
+
+        assertFalse(openAPI.getSecurity().isEmpty());
+        openAPI
+                .getSecurity()
+                .forEach(s -> assertTrue(s.containsKey("Authenticate using access_token")));
+    }
+
+    @Test
+    void testOpenApiSecurityDisabled() {
+        when(securityConfigProperties.enabled()).thenReturn(false);
+        OpenAPI openAPI = assertDoesNotThrow(() -> openApiconfig.openAPI());
+        assertNull(openAPI.getSecurity());
+    }
+
+    @Test
+    void testOpenApiDefinition() {
+        GroupedOpenApi groupedOpenApi = assertDoesNotThrow(() -> openApiconfig.openApiDefinition());
+        assertNotNull(groupedOpenApi);
+    }
+}
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/CustomAuthenticationConverterTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/CustomAuthenticationConverterTest.java
new file mode 100644
index 00000000..29de8663
--- /dev/null
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/CustomAuthenticationConverterTest.java
@@ -0,0 +1,111 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.config.security;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.oauth2.jwt.Jwt;
+
+import java.time.Duration;
+import java.time.Instant;
+import java.util.List;
+import java.util.Map;
+
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+class CustomAuthenticationConverterTest {
+
+    private static String VALID =
+            "eyJhbGciOiJSUzI1NiIsImFscGhhIjoiZzB1ZjNycjlycnN2cHlhcTVuamg4In0.eyJpc3MiOiJEaW5vQ2hpZXNhLmdpdGh1Yi5pbyIsInN1YiI6Im1heGluZSIsImF1ZCI6ImlkcmlzIiwiaWF0IjoxNzAyNjUwMTc2LCJleHAiOjE3MDI2NTA3NzYsInJlc291cmNlX2FjY2VzcyI6eyJyZXNvdXJjZUlkIjp7InJvbGVzIjpbImRlaV9tdWRhIl19fX0.wTv9GBX3AuRO8UIsAuu2YJU77ai-wchDyxRn-_yX9PeHt23vCmp_JAbkkdMdyLAWWOKncjgNeG-4lB9RCBsjmbdb1imujUrAocp3VZQqNg6OVaNV58kdsIpNNF9S8XlFI4hr1BANrw2rWJDkTRu1id-Fu-BVE1BF7ySCKHS_NaY3e7yXQM-jtU63z5FBpPvfMF-La3blPle93rgut7V3LlG-tNOp93TgFzGrQQXuJUsew34T0u4OlQa3TjQuMdZMTy0SVSLSpIzAqDsAkHv34W6SdY1p6FVQ14TfawRLkrI2QY-YM_dCFAEE7KqqnUrVVyw6XG1ydeFDuX8SJuQX7g";
+
+    private static String MISSING_RESOURCE_ID =
+            "{\n" + "    \"resource_access\": {\n" + "    }\n" + "}";
+
+    private static String MISSING_ROLES =
+            "{\n"
+                    + "    \"resource_access\": {\n"
+                    + "        \"resourceId\": {\n"
+                    + "        }\n"
+                    + "    }\n"
+                    + "}";
+
+    @Test
+    void shouldConvertSuccessfullyWithAuthorities() {
+
+        Map<String, Object> roles = Map.of("roles", List.of("dei_muda"));
+        Map<String, Object> resourceId = Map.of("resourceId", roles);
+        Map<String, Object> resourceAccess = Map.of("resource_access", resourceId);
+
+        Jwt jwt =
+                new Jwt(
+                        "32453453",
+                        Instant.now(),
+                        Instant.now().plus(Duration.ofDays(12)),
+                        Map.of("kid", "1234"),
+                        resourceAccess);
+
+        CustomAuthenticationConverter converter = new CustomAuthenticationConverter("resourceId");
+        AbstractAuthenticationToken abstractAuthenticationToken =
+                assertDoesNotThrow(() -> converter.convert(jwt));
+        assertFalse(abstractAuthenticationToken.getAuthorities().isEmpty());
+    }
+
+    @Test
+    void shouldConvertSuccessfullyWithoutAuthoritiesWhenRolesMissing() {
+        Map<String, Object> resourceId = Map.of("resourceId", Map.of());
+        Map<String, Object> resourceAccess = Map.of("resource_access", resourceId);
+
+        Jwt jwt =
+                new Jwt(
+                        "32453453",
+                        Instant.now(),
+                        Instant.now().plus(Duration.ofDays(12)),
+                        Map.of("kid", "1234"),
+                        resourceAccess);
+
+        CustomAuthenticationConverter converter = new CustomAuthenticationConverter("resourceId");
+        AbstractAuthenticationToken abstractAuthenticationToken =
+                assertDoesNotThrow(() -> converter.convert(jwt));
+        assertTrue(abstractAuthenticationToken.getAuthorities().isEmpty());
+    }
+
+    @Test
+    void shouldConvertSuccessfullyWithoutAuthoritiesWhenResourceAccessMissing() {
+        Map<String, Object> resourceId = Map.of("resourceId", Map.of());
+        Map<String, Object> resourceAccess = Map.of("resource_access", Map.of());
+
+        Jwt jwt =
+                new Jwt(
+                        "32453453",
+                        Instant.now(),
+                        Instant.now().plus(Duration.ofDays(12)),
+                        Map.of("kid", "1234"),
+                        resourceAccess);
+
+        CustomAuthenticationConverter converter = new CustomAuthenticationConverter("resourceId");
+        AbstractAuthenticationToken abstractAuthenticationToken =
+                assertDoesNotThrow(() -> converter.convert(jwt));
+        assertTrue(abstractAuthenticationToken.getAuthorities().isEmpty());
+    }
+}
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiControllerTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiControllerTest.java
new file mode 100644
index 00000000..4d0740c7
--- /dev/null
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiControllerTest.java
@@ -0,0 +1,223 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.controllers;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.eclipse.tractusx.managedidentitywallets.revocation.constant.PurposeType;
+import org.eclipse.tractusx.managedidentitywallets.revocation.constant.RevocationApiEndpoints;
+import org.eclipse.tractusx.managedidentitywallets.revocation.dto.CredentialStatusDto;
+import org.eclipse.tractusx.managedidentitywallets.revocation.dto.StatusEntryDto;
+import org.eclipse.tractusx.managedidentitywallets.revocation.services.RevocationService;
+import org.eclipse.tractusx.managedidentitywallets.revocation.utils.BitSetManager;
+import org.eclipse.tractusx.managedidentitywallets.revocation.utils.StringPool;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+
+import java.security.Principal;
+import java.time.Instant;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+
+import static org.eclipse.tractusx.managedidentitywallets.revocation.TestUtil.BPN;
+import static org.eclipse.tractusx.managedidentitywallets.revocation.TestUtil.DID;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.doNothing;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+@ExtendWith(MockitoExtension.class)
+public class RevocationApiControllerTest {
+
+    private static final String CALLER_BPN = UUID.randomUUID().toString();
+
+    private MockMvc mockMvc;
+
+    private ObjectMapper objectMapper;
+
+    @Mock
+    private RevocationService revocationService;
+
+    @InjectMocks
+    private RevocationApiController revocationApiController;
+
+    @BeforeEach
+    public void setup() {
+        mockMvc = MockMvcBuilders.standaloneSetup(revocationApiController).build();
+        objectMapper = new ObjectMapper();
+        Mockito.reset(revocationService);
+    }
+
+    @Test
+    public void whenPostCreateStatusListVC_thenReturnStatus() throws Exception {
+        // Given
+        String validPurpose = PurposeType.REVOCATION.toString();
+        StatusEntryDto statusEntryDto = new StatusEntryDto(validPurpose, DID);
+        String validIndex =
+                String.valueOf(BitSetManager.BITSET_SIZE / 2); // any valid index within range
+        CredentialStatusDto credentialStatusDto =
+                new CredentialStatusDto(
+                        "https://example.com/revocations/credentials/" + BPN + "/revocation/1#" + validIndex,
+                        PurposeType.REVOCATION.toString(),
+                        validIndex, // this value is within the range [0, BitSetManager.BITSET_SIZE - 1]
+                        "https://example.com/revocations/credentials/" + BPN + "/revocation/1",
+                        "BitstringStatusListEntry");
+        given(revocationService.createStatusList(statusEntryDto, "token"))
+                .willReturn(credentialStatusDto);
+        when(revocationService.extractBpnFromDid(DID)).thenReturn(BPN);
+
+        Principal mockPrincipal = mockPrincipal(BPN);
+        var name = mockPrincipal.getName();
+        // When & Then
+        mockMvc
+                .perform(
+                        MockMvcRequestBuilders.post(RevocationApiEndpoints.REVOCATION_API + RevocationApiEndpoints.STATUS_ENTRY)
+                                .contentType(MediaType.APPLICATION_JSON)
+                                .header(HttpHeaders.AUTHORIZATION, "token")
+                                .principal(mockPrincipal)
+                                .content(objectMapper.writeValueAsString(statusEntryDto)))
+                .andExpect(status().isOk())
+                .andExpect(content().contentType(MediaType.APPLICATION_JSON))
+                .andExpect(jsonPath("$.id").value(credentialStatusDto.id()));
+    }
+
+    private Principal mockPrincipal(String name) {
+
+        Jwt jwt = mock(Jwt.class);
+        when(jwt.getClaims()).thenReturn(Map.of(StringPool.BPN, BPN));
+
+        JwtAuthenticationToken principal = Mockito.mock(JwtAuthenticationToken.class);
+        when(principal.getName()).thenReturn(name);
+        when(principal.getPrincipal()).thenReturn(jwt);
+
+        return principal;
+    }
+
+    @Test
+    public void whenPostRevokeCredential_thenReturnOkStatus() throws Exception {
+        // Given
+        String validIndex =
+                String.valueOf(BitSetManager.BITSET_SIZE / 2); // any valid index within range
+        CredentialStatusDto credentialStatusDto =
+                new CredentialStatusDto(
+                        "http://example.com/credentials/" + BPN + "/revocation/1#" + validIndex,
+                        "revocation",
+                        validIndex, // this value is within the range [0, BitSetManager.BITSET_SIZE - 1]
+                        "http://example.com/credentials/" + BPN + "/revocation/1",
+                        "BitstringStatusListEntry");
+        doNothing().when(revocationService).revoke(credentialStatusDto, "token");
+        when(revocationService.extractBpnFromURL(any())).thenReturn(BPN);
+
+        Principal mockPrincipal = mockPrincipal(BPN);
+        // When & Then
+        mockMvc
+                .perform(
+                        MockMvcRequestBuilders.post(RevocationApiEndpoints.REVOCATION_API + RevocationApiEndpoints.REVOKE)
+                                .contentType(MediaType.APPLICATION_JSON)
+                                .header(HttpHeaders.AUTHORIZATION, "token")
+                                .principal(mockPrincipal)
+                                .content(objectMapper.writeValueAsString(credentialStatusDto)))
+                .andExpect(status().isOk());
+        verify(revocationService).revoke(credentialStatusDto, "token");
+    }
+
+    @Test
+    public void whenGetCredential_thenReturnCredentials() throws Exception {
+        // Given
+        String validPurpose = PurposeType.REVOCATION.toString();
+        VerifiableCredential verifiableCredential =
+                new VerifiableCredential(
+                        createVerifiableCredentialTestData()); // Populate with valid test data
+        given(revocationService.getStatusListCredential(any(), any(), any()))
+                .willReturn(verifiableCredential);
+        // When & Then
+        mockMvc
+                .perform(
+                        MockMvcRequestBuilders.get(
+                                RevocationApiEndpoints.REVOCATION_API
+                                        + RevocationApiEndpoints.CREDENTIALS_STATUS_INDEX
+                                        .replace("{issuerBPN}", BPN)
+                                        .replace("{status}", validPurpose)
+                                        .replace("{index}", "1")))
+                .andExpect(status().isOk())
+                .andExpect(content().contentType(MediaType.APPLICATION_JSON))
+                .andExpect(jsonPath("$.id").value(verifiableCredential.getId().toString()));
+    }
+
+    private VerifiableCredential createVerifiableCredentialTestData() {
+        Map<String, Object> credentialData = new HashMap<>();
+        credentialData.put(
+                "id", "http://example/api/v1/revocations/credentials/" + BPN + "/revocation/1");
+        credentialData.put("issuer", "https://issuer.example.com");
+        credentialData.put("issuanceDate", Instant.now().toString());
+        // Include 'type' field as a list because VerifiableCredential expects it to be non-null and a
+        // list
+        credentialData.put("type", List.of("VerifiableCredential", "StatusListCredential"));
+        Map<String, Object> subjectData = new HashMap<>();
+        subjectData.put("id", "subjectId");
+        subjectData.put("type", "StatusList2021Credential");
+        // 'credentialSubject' can be either a List or a single Map according to the code, so I'm
+        // keeping it as a single Map
+        credentialData.put("credentialSubject", subjectData);
+        credentialData.put("@context", VerifiableCredential.DEFAULT_CONTEXT.toString());
+        VerifiableCredential credential = new VerifiableCredential(credentialData);
+        return credential;
+    }
+
+    private VerifiableCredential createVerifiableCredentialTestDataInvalidDID() {
+        Map<String, Object> credentialData = new HashMap<>();
+        credentialData.put("id", UUID.randomUUID().toString());
+        credentialData.put("issuer", "https://issuer.example.com");
+        credentialData.put("issuanceDate", Instant.now().toString());
+        // Include 'type' field as a list because VerifiableCredential expects it to be non-null and a
+        // list
+        credentialData.put("type", List.of("VerifiableCredential", "StatusListCredential"));
+        Map<String, Object> subjectData = new HashMap<>();
+        subjectData.put("id", "subjectId");
+        subjectData.put("type", "StatusList2021Credential");
+        // 'credentialSubject' can be either a List or a single Map according to the code, so I'm
+        // keeping it as a single Map
+        credentialData.put("credentialSubject", subjectData);
+        credentialData.put("@context", VerifiableCredential.DEFAULT_CONTEXT.toString());
+        VerifiableCredential credential = new VerifiableCredential(credentialData);
+        return credential;
+    }
+}
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/domain/BPNTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/domain/BPNTest.java
new file mode 100644
index 00000000..cdec1660
--- /dev/null
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/domain/BPNTest.java
@@ -0,0 +1,79 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.domain;
+
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+
+import static org.eclipse.tractusx.managedidentitywallets.revocation.TestUtil.BPN;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+public class BPNTest {
+
+    @Test
+    @DisplayName("BPN Should not be valid")
+    public void invalidBPN() {
+        String bpn = "thisnotbpn";
+
+        assertThrows(
+                IllegalArgumentException.class,
+                () -> {
+                    new BPN(bpn);
+                });
+    }
+
+    @Test
+    @DisplayName("BPN Should be valid")
+    public void validBPN() {
+        assertDoesNotThrow(
+                () -> {
+                    new BPN(BPN);
+                });
+    }
+
+    @Test
+    @DisplayName("BPN Should return value")
+    public void bpnValue() {
+        BPN bpn = new BPN(BPN);
+        assertEquals(BPN, bpn.value());
+    }
+
+    @Test
+    @DisplayName("BPN Should be equal")
+    public void bpnEqual() {
+        BPN bpn1 = new BPN(BPN);
+        BPN bpn2 = new BPN(BPN);
+        assertTrue(bpn1.equals(bpn2));
+    }
+
+    @Test
+    @DisplayName("BPN Should not be equal")
+    public void bpnNotEqual() {
+        BPN bpn1 = new BPN(BPN);
+        BPN bpn2 = new BPN("BPNL000000000000");
+        assertFalse(bpn1.equals(bpn2));
+    }
+}
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/CredentialStatusDtoTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/CredentialStatusDtoTest.java
new file mode 100644
index 00000000..43235a50
--- /dev/null
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/CredentialStatusDtoTest.java
@@ -0,0 +1,154 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.dto;
+
+import jakarta.validation.Validation;
+import jakarta.validation.Validator;
+import org.eclipse.tractusx.managedidentitywallets.revocation.utils.BitSetManager;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+class CredentialStatusDtoTest {
+
+    @Test
+    void validCredentialStatusDto_CreatesSuccessfully() {
+        // Arrange
+        String validIndex =
+                String.valueOf(BitSetManager.BITSET_SIZE / 2); // any valid index within range
+
+        // Act
+        CredentialStatusDto dto =
+                new CredentialStatusDto(
+                        "id",
+                        "revocation",
+                        validIndex, // this value is within the range [0, BitSetManager.BITSET_SIZE - 1]
+                        "statusListCredential",
+                        "BitstringStatusListEntry");
+
+        // Assert
+        assertNotNull(dto);
+        assertEquals("id", dto.id());
+        assertEquals("revocation", dto.statusPurpose());
+        assertEquals(validIndex, dto.statusListIndex());
+        assertEquals("statusListCredential", dto.statusListCredential());
+        assertEquals("BitstringStatusListEntry", dto.type());
+    }
+
+    @ParameterizedTest
+    @ValueSource(ints = { BitSetManager.BITSET_SIZE, -6 })
+    void statusListIndexOutOfRange_ThrowsIllegalArgumentException(int value) {
+        // Arrange
+        String outOfRangeIndex = String.valueOf(value); // one more than the max index
+
+        // Act & Assert
+        assertThrows(
+                IllegalArgumentException.class,
+                () -> {
+                    new CredentialStatusDto(
+                            "id", "statusPurpose", outOfRangeIndex, "statusListCredential", "type");
+                });
+    }
+
+    @Test
+    void anyParameterIsBlank_ThrowsValidationException() {
+
+        Validator validator = Validation.buildDefaultValidatorFactory().getValidator();
+
+        assertFalse(
+                validator
+                        .validate(
+                                new CredentialStatusDto(
+                                        "", // id is blank
+                                        "revocation",
+                                        "0",
+                                        "statusListCredential",
+                                        "BitstringStatusListEntry"))
+                        .isEmpty());
+
+        assertFalse(
+                validator
+                        .validate(
+                                new CredentialStatusDto(
+                                        "id",
+                                        "revocation",
+                                        "0",
+                                        "", // statusListCredential is blank
+                                        "BitstringStatusListEntry"))
+                        .isEmpty());
+    }
+
+    @Test
+    @DisplayName("statusPurpose is invalid")
+    void invalidStatusPurpose_ThrowsIllegalArgumentException() {
+        String invalidPurpose = "invalidPurpose";
+
+        assertThrows(
+                IllegalArgumentException.class,
+                () -> {
+                    new CredentialStatusDto(
+                            "id", invalidPurpose, "0", "statusListCredential", "BitstringStatusListEntry");
+                });
+    }
+
+    @Test
+    @DisplayName("type is invalid")
+    void invalidType_ThrowsIllegalArgumentException() {
+        String invalidType = "invalidType";
+
+        assertThrows(
+                IllegalArgumentException.class,
+                () -> {
+                    new CredentialStatusDto("id", "revocation", "0", "statusListCredential", invalidType);
+                });
+    }
+
+    @Test
+    @DisplayName("statusPurpose is valid")
+    void validStatusPurpose_DoesNotThrowException() {
+        String validPurpose = "revocation";
+
+        assertDoesNotThrow(
+                () -> {
+                    new CredentialStatusDto(
+                            "id", validPurpose, "0", "statusListCredential", "BitstringStatusListEntry");
+                });
+    }
+
+    @Test
+    @DisplayName("type is valid")
+    void validType_DoesNotThrowException() {
+        String validType = "BitstringStatusListEntry";
+
+        assertDoesNotThrow(
+                () -> {
+                    new CredentialStatusDto("id", "revocation", "0", "statusListCredential", validType);
+                });
+    }
+}
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusEntryDtoTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusEntryDtoTest.java
new file mode 100644
index 00000000..5e95b108
--- /dev/null
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusEntryDtoTest.java
@@ -0,0 +1,88 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.dto;
+
+import jakarta.validation.Validation;
+import jakarta.validation.Validator;
+import org.eclipse.tractusx.managedidentitywallets.revocation.constant.PurposeType;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+class StatusEntryDtoTest {
+
+    @Test
+    void validStatusEntryDto_CreatesSuccessfully() {
+        // Arrange
+        String validPurpose = PurposeType.REVOCATION.toString();
+
+        // Act
+        StatusEntryDto dto = new StatusEntryDto(validPurpose, "issuerId");
+
+        // Assert
+        assertNotNull(dto);
+        assertEquals(validPurpose, dto.purpose());
+        assertEquals("issuerId", dto.issuerId());
+    }
+
+    @Test
+    void purposeIsInvalid_ThrowsIllegalArgumentException() {
+        // Arrange
+        String invalidPurpose = "invalidPurpose";
+
+        // Act & Assert
+        assertThrows(
+                IllegalArgumentException.class,
+                () -> {
+                    new StatusEntryDto(invalidPurpose, "issuerId");
+                });
+    }
+
+    @Test
+    void anyParameterIsBlank_ThrowsValidationException() {
+        Validator validator = Validation.buildDefaultValidatorFactory().getValidator();
+
+        // Act & Assert for each field that should not be blank or null
+        assertThrows(
+                IllegalArgumentException.class,
+                () ->
+                        new StatusEntryDto(
+                                "", // purpose is blank
+                                "issuerId"));
+        assertThrows(
+                IllegalArgumentException.class,
+                () ->
+                        new StatusEntryDto(
+                                "suspension", // purpose is blank
+                                "issuerId"));
+        assertFalse(
+                validator
+                        .validate(
+                                new StatusEntryDto(
+                                        PurposeType.REVOCATION.toString(), "" // issuerId is blank
+                                ))
+                        .isEmpty());
+    }
+}
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusListCredentialSubjectTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusListCredentialSubjectTest.java
new file mode 100644
index 00000000..d1fa870c
--- /dev/null
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusListCredentialSubjectTest.java
@@ -0,0 +1,144 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.dto;
+
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+
+public class StatusListCredentialSubjectTest {
+
+    @Test
+    void builderCreatesObjectWithCorrectValues() {
+        // Arrange
+        String id = "12345";
+        String statusPurpose = "SomeStatusPurpose";
+        String encodedList = "EncodedListData";
+        // Act
+        StatusListCredentialSubject subject =
+                StatusListCredentialSubject.builder()
+                        .id(id)
+                        .type(StatusListCredentialSubject.TYPE_ENTRY)
+                        .statusPurpose(statusPurpose)
+                        .encodedList(encodedList)
+                        .build();
+        // Assert
+        assertNotNull(subject);
+        assertEquals(id, subject.getId());
+        assertEquals(StatusListCredentialSubject.TYPE_ENTRY, subject.getType());
+        assertEquals(statusPurpose, subject.getStatusPurpose());
+        assertEquals(encodedList, subject.getEncodedList());
+    }
+
+    @Test
+    void defaultConstantsAreCorrect() {
+        // Assert
+        assertEquals("BitstringStatusListEntry", StatusListCredentialSubject.TYPE_ENTRY);
+        assertEquals("BitstringStatusList", StatusListCredentialSubject.TYPE_LIST);
+        assertEquals("id", StatusListCredentialSubject.SUBJECT_ID);
+        assertEquals("type", StatusListCredentialSubject.SUBJECT_TYPE);
+        assertEquals("statusPurpose", StatusListCredentialSubject.SUBJECT_STATUS_PURPOSE);
+        assertEquals("encodedList", StatusListCredentialSubject.SUBJECT_ENCODED_LIST);
+    }
+
+    @Test
+    void builderCreatesCredentialTypeObject() {
+        // Arrange
+        String id = "67890";
+        String statusPurpose = "AnotherStatusPurpose";
+        String encodedList = "AnotherEncodedListData";
+        // Act
+        StatusListCredentialSubject subject =
+                StatusListCredentialSubject.builder()
+                        .id(id)
+                        .type(StatusListCredentialSubject.TYPE_LIST)
+                        .statusPurpose(statusPurpose)
+                        .encodedList(encodedList)
+                        .build();
+        // Assert
+        assertNotNull(subject);
+        assertEquals(id, subject.getId());
+        assertEquals(StatusListCredentialSubject.TYPE_LIST, subject.getType());
+        assertEquals(statusPurpose, subject.getStatusPurpose());
+        assertEquals(encodedList, subject.getEncodedList());
+    }
+
+    @Test
+    void builderWithNullValuesForOptionalFields() {
+        // Arrange and Act
+        StatusListCredentialSubject subject =
+                StatusListCredentialSubject.builder()
+                        .id("idWithNulls")
+                        .type(StatusListCredentialSubject.TYPE_ENTRY)
+                        // Optional fields are not set (statusPurpose, encodedList)
+                        .build();
+        // Assert
+        assertNotNull(subject);
+        assertEquals("idWithNulls", subject.getId());
+        assertEquals(StatusListCredentialSubject.TYPE_ENTRY, subject.getType());
+        assertNull(subject.getStatusPurpose()); // Checks if the field is truly optional and nullable
+        assertNull(subject.getEncodedList());
+    }
+
+    @Test
+    void objectsAreImmutable() {
+        // Arrange
+        StatusListCredentialSubject subject =
+                StatusListCredentialSubject.builder()
+                        .id("immutableId")
+                        .type(StatusListCredentialSubject.TYPE_ENTRY)
+                        .statusPurpose("PurposeBeforeChange")
+                        .encodedList("ListBeforeChange")
+                        .build();
+        // Act
+        // Attempt to change the properties after creation to check if the object is immutable
+        // This attempt should not change the object since the class is expected to be immutable
+        // Since the class doesn't provide setters, this test ensures that the builder pattern itself
+        // does not introduce mutability
+        // Assert
+        assertEquals("immutableId", subject.getId());
+        assertEquals(StatusListCredentialSubject.TYPE_ENTRY, subject.getType());
+        assertEquals("PurposeBeforeChange", subject.getStatusPurpose());
+        assertEquals("ListBeforeChange", subject.getEncodedList());
+    }
+
+    @Test
+    void testToString() {
+        // Arrange
+        String id = "12345";
+        String statusPurpose = "SomeStatusPurpose";
+        String encodedList = "EncodedListData";
+        // Act
+        String s =
+                StatusListCredentialSubject.builder()
+                        .id(id)
+                        .type(StatusListCredentialSubject.TYPE_ENTRY)
+                        .statusPurpose(statusPurpose)
+                        .encodedList(encodedList)
+                        .toString();
+        assertNotNull(s);
+        assertFalse(s.isEmpty());
+    }
+}
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/TokenResponeTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/TokenResponeTest.java
new file mode 100644
index 00000000..6b040616
--- /dev/null
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/TokenResponeTest.java
@@ -0,0 +1,70 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.dto;
+
+import org.junit.jupiter.api.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+
+public class TokenResponeTest {
+    @Test
+    void getAndSetAccessToken() {
+        // Arrange
+        TokenResponse tokenResponse = new TokenResponse();
+        String expectedToken = "someAccessToken123";
+
+        // Act
+        tokenResponse.setAccessToken(expectedToken);
+
+        // Assert
+        String actualToken = tokenResponse.getAccessToken();
+        assertEquals(expectedToken, actualToken, "someAccessToken123");
+    }
+
+    @Test
+    void setAccessTokenWithNullValue() {
+        // Arrange
+        TokenResponse tokenResponse = new TokenResponse();
+
+        // Act
+        tokenResponse.setAccessToken(null);
+
+        // Assert
+        String actualToken = tokenResponse.getAccessToken();
+        assertNull(actualToken);
+    }
+
+    @Test
+    void setAccessTokenWithEmptyString() {
+        // Arrange
+        TokenResponse tokenResponse = new TokenResponse();
+        String expectedToken = "";
+
+        // Act
+        tokenResponse.setAccessToken(expectedToken);
+
+        // Assert
+        String actualToken = tokenResponse.getAccessToken();
+        assertEquals(expectedToken, actualToken, "");
+    }
+}
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/BitSetManagerExceptionTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/BitSetManagerExceptionTest.java
new file mode 100644
index 00000000..87e0dc2e
--- /dev/null
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/BitSetManagerExceptionTest.java
@@ -0,0 +1,39 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.exception;
+
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+
+class BitSetManagerExceptionTest {
+
+    @Test
+    void testConstructors() {
+        assertDoesNotThrow(() -> new BitSetManagerException());
+        assertDoesNotThrow(() -> new BitSetManagerException("hallo"));
+        assertDoesNotThrow(() -> new BitSetManagerException("hallo", new IllegalArgumentException()));
+        assertDoesNotThrow(
+                () -> new BitSetManagerException("hallo", new IllegalArgumentException(), false, false));
+        assertDoesNotThrow(() -> new BitSetManagerException(new IllegalArgumentException()));
+    }
+}
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/RevocationServiceExceptionTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/RevocationServiceExceptionTest.java
new file mode 100644
index 00000000..82be0a15
--- /dev/null
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/RevocationServiceExceptionTest.java
@@ -0,0 +1,36 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.exception;
+
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+
+class RevocationServiceExceptionTest {
+    @Test
+    void testConstructors() {
+        assertDoesNotThrow(() -> new RevocationServiceException("hallo"));
+        assertDoesNotThrow(
+                () -> new RevocationServiceException("hallo", new IllegalArgumentException()));
+        assertDoesNotThrow(() -> new RevocationServiceException(new IllegalArgumentException()));
+    }
+}
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StatusListCredentialTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StatusListCredentialTest.java
new file mode 100644
index 00000000..53f30f4d
--- /dev/null
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StatusListCredentialTest.java
@@ -0,0 +1,159 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.jpa;
+
+import jakarta.validation.ConstraintViolation;
+import jakarta.validation.ConstraintViolationException;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.json.AutoConfigureJson;
+import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
+import org.springframework.boot.test.autoconfigure.orm.jpa.TestEntityManager;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.validation.beanvalidation.LocalValidatorFactoryBean;
+import org.testcontainers.shaded.com.fasterxml.jackson.databind.ObjectMapper;
+
+import java.time.Instant;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.UUID;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.eclipse.tractusx.managedidentitywallets.revocation.TestUtil.BPN;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+@DataJpaTest
+@AutoConfigureJson
+class StatusListCredentialTest {
+
+    @MockBean
+    ObjectMapper objectMapper;
+
+    @Autowired
+    private TestEntityManager entityManager;
+
+    private LocalValidatorFactoryBean validator;
+
+    @BeforeEach
+    public void setUp() {
+        validator = new LocalValidatorFactoryBean();
+        validator.afterPropertiesSet(); // Initializes the validator
+    }
+
+    private VerifiableCredential createVerifiableCredentialTestData(String subjectId) {
+        Map<String, Object> credentialData = new HashMap<>();
+        credentialData.put("id", "urn:uuid:" + UUID.randomUUID());
+        credentialData.put("issuer", "https://issuer.example.com");
+        credentialData.put("issuanceDate", Instant.now().toString());
+        credentialData.put("type", List.of("VerifiableCredential", "StatusListCredential"));
+
+        Map<String, Object> subjectData = new HashMap<>();
+        subjectData.put("id", subjectId);
+        subjectData.put("type", "StatusList2021Credential");
+        credentialData.put("credentialSubject", subjectData);
+        credentialData.put("@context", VerifiableCredential.DEFAULT_CONTEXT.toString());
+
+        return new VerifiableCredential(credentialData);
+    }
+
+    @Test
+    void testStatusListCredentialPersistence() {
+        // Arrange
+        VerifiableCredential credential =
+                createVerifiableCredentialTestData("urn:uuid:" + UUID.randomUUID());
+
+        StatusListCredential statusListCredential =
+                StatusListCredential.builder()
+                        .id(BPN + "revocation#1")
+                        .issuerBpn(BPN)
+                        .credential(credential)
+                        .build();
+
+        // Act
+        StatusListCredential persistedStatusListCredential =
+                entityManager.persistFlushFind(statusListCredential);
+
+        // Assert
+        assertNotNull(persistedStatusListCredential);
+        assertEquals(BPN + "revocation#1", persistedStatusListCredential.getId());
+        assertEquals(BPN, persistedStatusListCredential.getIssuerBpn());
+        assertEquals(credential, persistedStatusListCredential.getCredential());
+    }
+
+    @Test
+    void givenInvalidId_whenSaving_thenValidationFails() {
+        // Arrange
+        StatusListCredential statusListCredential =
+                StatusListCredential.builder()
+                        .issuerBpn("") // Invalid issuerId
+                        .credential(createVerifiableCredentialTestData("urn:uuid:" + UUID.randomUUID()))
+                        .build();
+
+        // Act and Assert
+        Set<ConstraintViolation<StatusListCredential>> violations =
+                validator.validate(statusListCredential);
+        assertThat(violations).isNotEmpty();
+        assertThat(violations.toString()).contains("ID cannot be blank");
+    }
+
+    @Test
+    void givenNullCredential_whenSaving_thenThrowsException() {
+        // Arrange
+        StatusListCredential statusListCredential =
+                StatusListCredential.builder()
+                        .id(BPN + "revocation#1")
+                        .issuerBpn(BPN)
+                        .credential(null) // Null Credential
+                        .build();
+
+        // Act and Assert
+        Exception exception =
+                assertThrows(
+                        ConstraintViolationException.class,
+                        () -> {
+                            entityManager.persistFlushFind(statusListCredential);
+                        });
+        String expectedMessage = "Credential cannot be null";
+        assertThat(exception.getMessage()).contains(expectedMessage);
+    }
+
+    @Test
+    void givenInvalidCredentialId_whenSaving_thenValidationFails() {
+        // Arrange
+        VerifiableCredential invalidCredential =
+                createVerifiableCredentialTestData(UUID.randomUUID().toString());
+
+        StatusListCredential statusListCredential =
+                StatusListCredential.builder().issuerBpn(BPN).credential(invalidCredential).build();
+
+        // Act and Assert
+        Set<ConstraintViolation<StatusListCredential>> violations =
+                validator.validate(statusListCredential);
+        assertThat(violations).isNotEmpty(); // Because the `credential` field validation would fail
+    }
+}
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StatusListIndexTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StatusListIndexTest.java
new file mode 100644
index 00000000..e163cce0
--- /dev/null
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StatusListIndexTest.java
@@ -0,0 +1,165 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.jpa;
+
+import jakarta.validation.ConstraintViolation;
+import org.eclipse.tractusx.managedidentitywallets.revocation.TestUtil;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.json.AutoConfigureJson;
+import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
+import org.springframework.boot.test.autoconfigure.orm.jpa.TestEntityManager;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.validation.beanvalidation.LocalValidatorFactoryBean;
+
+import java.util.Set;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.eclipse.tractusx.managedidentitywallets.revocation.TestUtil.BPN;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+@ExtendWith(SpringExtension.class)
+@AutoConfigureJson
+@DataJpaTest
+public class StatusListIndexTest {
+
+    @Autowired
+    private TestEntityManager entityManager;
+
+    private LocalValidatorFactoryBean validator;
+
+    @BeforeEach
+    public void setUp() {
+        validator = new LocalValidatorFactoryBean();
+        validator.afterPropertiesSet(); // Initializes the validator
+    }
+
+    @Test
+    public void whenFieldsAreValid_thenNoConstraintViolationsAndEntityPersists() {
+        String id = BPN + "-revocation#1";
+        String issuerBpnStatus = BPN + "-revocation";
+
+        StatusListIndex statusListIndex =
+                StatusListIndex.builder()
+                        .id(id)
+                        .issuerBpnStatus(issuerBpnStatus)
+                        .currentIndex("123456") // using numeric string only as index
+                        .build();
+
+        Set<ConstraintViolation<StatusListIndex>> violations = validator.validate(statusListIndex);
+        assertThat(violations).isEmpty();
+
+        entityManager.persistAndFlush(statusListIndex);
+
+        StatusListIndex found = entityManager.find(StatusListIndex.class, statusListIndex.getId());
+        assertThat(found).isNotNull();
+        assertThat(found.getIssuerBpnStatus()).isEqualTo(statusListIndex.getIssuerBpnStatus());
+        assertThat(found.getCurrentIndex()).isEqualTo(statusListIndex.getCurrentIndex());
+    }
+
+    @Test
+    public void whenIdIsBlank_thenConstraintViolationOccurs() {
+        StatusListIndex statusListIndex =
+                StatusListIndex.builder().id(" ").currentIndex("123456").build();
+        Set<ConstraintViolation<StatusListIndex>> violations = validator.validate(statusListIndex);
+
+        assertThat(violations).isNotEmpty();
+        assertThat(violations.toString()).contains("ID cannot be blank");
+    }
+
+    @Test
+    public void whenIssuerBpnStatusIsBlank_thenConstraintViolationOccurs() {
+        StatusListIndex statusListIndex =
+                StatusListIndex.builder()
+                        .issuerBpnStatus(" ")
+                        .id(BPN + "-revocation#1")
+                        .currentIndex("123456")
+                        .build();
+        Set<ConstraintViolation<StatusListIndex>> violations = validator.validate(statusListIndex);
+
+        assertThat(violations).isNotEmpty();
+        assertThat(violations.toString()).contains("Issuer BPN with status cannot be blank");
+    }
+
+    @Test
+    public void whenCurrentIndexIsBlank_thenConstraintViolationOccurs() {
+        StatusListIndex statusListIndex =
+                StatusListIndex.builder().issuerBpnStatus(TestUtil.BPN).currentIndex(" ").build();
+        Set<ConstraintViolation<StatusListIndex>> violations = validator.validate(statusListIndex);
+
+        assertThat(violations).isNotEmpty();
+        assertThat(violations.toString()).contains("Current index cannot be blank");
+    }
+
+    @Test
+    public void whenCurrentIndexIsNotNumeric_thenConstraintViolationOccurs() {
+        String id = BPN + "-revocation#1";
+        String issuerBpnStatus = BPN + "-revocation";
+        String wrongIndex = "indexABC";
+
+        StatusListIndex statusListIndex =
+                StatusListIndex.builder()
+                        .id(id)
+                        .issuerBpnStatus(issuerBpnStatus)
+                        .currentIndex(wrongIndex) // invalid non-numeric currentIndex
+                        .build();
+        Set<ConstraintViolation<StatusListIndex>> violations = validator.validate(statusListIndex);
+
+        assertThat(violations).isNotEmpty();
+        assertThat(violations.toString()).contains("Current index must be numeric");
+    }
+
+    @Test
+    public void whenSetInvalidCurrentIndex_thenIllegalArgumentExceptionIsThrown() {
+        // Constructing StatusListIndex using the builder pattern
+        // with a valid issuerId and leaving currentIndex unset initially
+        StatusListIndex statusListIndex =
+                StatusListIndex.builder().issuerBpnStatus(BPN + "-revocation").build();
+
+        // Now we attempt to set an invalid (non-numeric) currentIndex
+        // using the setCurrentIndex method which includes validation
+        assertThrows(IllegalArgumentException.class, () -> statusListIndex.setCurrentIndex("indexABC"));
+    }
+
+    @Test
+    public void whenFieldsExceedSizeLimit_thenConstraintViolationOccurs() {
+        String longIssuerBpnStatus = BPN + "-revocation1";
+        String longCurrentIndex =
+                "12345".repeat(4); // The repeat count adjusts on the max size of Index
+        String id = "normalid".repeat(76); // The repeat count adjusts on the max length of ID
+        StatusListIndex statusListIndex =
+                StatusListIndex.builder()
+                        .issuerBpnStatus(longIssuerBpnStatus)
+                        .currentIndex(longCurrentIndex)
+                        .id(id)
+                        .build();
+
+        Set<ConstraintViolation<StatusListIndex>> violations = validator.validate(statusListIndex);
+
+        assertThat(violations).isNotEmpty();
+
+        assertThat(violations.toString()).contains("ID cannot exceed 256 characters");
+        assertThat(violations.toString()).contains("Current index cannot exceed 16 characters");
+    }
+}
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientServiceTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientServiceTest.java
new file mode 100644
index 00000000..6f530935
--- /dev/null
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientServiceTest.java
@@ -0,0 +1,159 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.services;
+
+import com.github.tomakehurst.wiremock.junit5.WireMockExtension;
+import org.eclipse.tractusx.managedidentitywallets.revocation.config.security.SecurityConfigProperties;
+import org.eclipse.tractusx.managedidentitywallets.revocation.dto.TokenResponse;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.springframework.test.util.ReflectionTestUtils;
+import org.springframework.web.client.HttpClientErrorException;
+import org.springframework.web.client.HttpServerErrorException;
+import org.springframework.web.client.RestClient;
+
+import java.util.UUID;
+
+import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
+import static com.github.tomakehurst.wiremock.client.WireMock.jsonResponse;
+import static com.github.tomakehurst.wiremock.client.WireMock.post;
+import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.eclipse.tractusx.managedidentitywallets.revocation.TestUtil.mockEmptyEncodedList;
+import static org.eclipse.tractusx.managedidentitywallets.revocation.TestUtil.mockStatusListCredential;
+import static org.eclipse.tractusx.managedidentitywallets.revocation.TestUtil.mockStatusListVC;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.Mockito.when;
+
+class HttpClientServiceTest {
+
+    @RegisterExtension
+    static WireMockExtension wm1 =
+            WireMockExtension.newInstance().options(wireMockConfig().dynamicPort()).build();
+
+    private static SecurityConfigProperties securityConfigProperties;
+
+    private static HttpClientService httpClientService; // The service to test
+
+    @Mock
+    private RestClient.Builder webClientBuilder; // Assuming RestClient is using WebClient.Builder
+
+    @Mock
+    private RestClient webClient;
+
+    @Mock
+    private RestClient.RequestBodyUriSpec requestBodyUriSpec;
+
+    @Mock
+    private RestClient.RequestBodySpec requestBodySpec;
+
+    @Mock
+    private RestClient.RequestHeadersSpec requestHeadersSpec;
+
+    @Mock
+    private RestClient.ResponseSpec responseSpec;
+
+    @BeforeAll
+    public static void beforeAll() {
+        securityConfigProperties = Mockito.mock(SecurityConfigProperties.class);
+        when(securityConfigProperties.publicClientId()).thenReturn("public-client-id");
+        when(securityConfigProperties.clientId()).thenReturn("client-id");
+        when(securityConfigProperties.tokenUrl()).thenReturn(wm1.baseUrl() + "/token");
+        httpClientService = new HttpClientService(securityConfigProperties);
+        ReflectionTestUtils.setField(httpClientService, "miwUrl", wm1.baseUrl());
+    }
+
+    @BeforeEach
+    void setUp() {
+    }
+
+    @Test
+    void testGetBearerToken_Success() {
+        String expectedToken = "mockToken";
+        TokenResponse mockTokenResponse = new TokenResponse();
+        mockTokenResponse.setAccessToken(expectedToken);
+        wm1.stubFor(post("/token").willReturn(jsonResponse(mockTokenResponse, 200)));
+        String token = httpClientService.getBearerToken();
+        assertEquals(expectedToken, token);
+    }
+
+    // 4XX HttpClientErrorException
+    // 5XX HttpServerErrorException
+    @ParameterizedTest
+    @ValueSource(ints = { 500, 400 })
+    void testGetBearerToken_Error(int code) {
+        String expectedToken = "mockToken";
+        TokenResponse mockTokenResponse = new TokenResponse();
+        mockTokenResponse.setAccessToken(expectedToken);
+        wm1.stubFor(post("/token").willReturn(jsonResponse(mockTokenResponse, code)));
+        if (code == 400)
+            assertThrows(HttpClientErrorException.class, () -> httpClientService.getBearerToken());
+        else assertThrows(HttpServerErrorException.class, () -> httpClientService.getBearerToken());
+    }
+
+    @Test
+    void testSignStatusListVC_Success() {
+        final var issuer = "did:web:localhost:BPNL345345345345";
+        var fragment = UUID.randomUUID().toString();
+        var encodedList = mockEmptyEncodedList();
+        var credentialBuilder = mockStatusListVC(issuer, fragment, encodedList);
+        var unsignedCredential = credentialBuilder.build();
+        var statusListCredential = mockStatusListCredential(issuer, credentialBuilder);
+        TokenResponse tokenResponse = new TokenResponse();
+        tokenResponse.setAccessToken("123456");
+        wm1.stubFor(post("/token").willReturn(jsonResponse(tokenResponse, 200)));
+        wm1.stubFor(
+                post("/api/credentials?isRevocable=false")
+                        .willReturn(jsonResponse(statusListCredential.getCredential(), 200)));
+        VerifiableCredential signedCredential =
+                assertDoesNotThrow(
+                        () ->
+                                httpClientService.signStatusListVC(
+                                        unsignedCredential, httpClientService.getBearerToken()));
+        assertThat(signedCredential).hasFieldOrProperty("proof");
+    }
+
+    @Test
+    void testSignStatusListVC_Error() {
+        wm1.stubFor(post("/api/credentials").willReturn(aResponse().withStatus(400)));
+
+        final var issuer = "did:web:localhost:BPNL345345345345";
+        var fragment = UUID.randomUUID().toString();
+        var encodedList = mockEmptyEncodedList();
+        var credentialBuilder = mockStatusListVC(issuer, fragment, encodedList);
+        var unsignedCredential = credentialBuilder.build();
+
+        // HttpClientErrorException extends RestClientException
+        assertThrows(
+                HttpClientErrorException.class,
+                () -> httpClientService.signStatusListVC(unsignedCredential, "dummy"));
+    }
+}
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationServiceTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationServiceTest.java
new file mode 100644
index 00000000..3d98c148
--- /dev/null
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationServiceTest.java
@@ -0,0 +1,410 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.services;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import org.eclipse.tractusx.managedidentitywallets.revocation.TestUtil;
+import org.eclipse.tractusx.managedidentitywallets.revocation.config.MIWSettings;
+import org.eclipse.tractusx.managedidentitywallets.revocation.dto.CredentialStatusDto;
+import org.eclipse.tractusx.managedidentitywallets.revocation.dto.StatusEntryDto;
+import org.eclipse.tractusx.managedidentitywallets.revocation.dto.StatusListCredentialSubject;
+import org.eclipse.tractusx.managedidentitywallets.revocation.exception.BitSetManagerException;
+import org.eclipse.tractusx.managedidentitywallets.revocation.exception.RevocationServiceException;
+import org.eclipse.tractusx.managedidentitywallets.revocation.jpa.StatusListIndex;
+import org.eclipse.tractusx.managedidentitywallets.revocation.repository.StatusListCredentialRepository;
+import org.eclipse.tractusx.managedidentitywallets.revocation.repository.StatusListIndexRepository;
+import org.eclipse.tractusx.managedidentitywallets.revocation.utils.BitSetManager;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialSubject;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+import org.mockito.ArgumentCaptor;
+import org.mockito.MockedStatic;
+import org.mockito.Mockito;
+import org.springframework.test.util.ReflectionTestUtils;
+
+import java.net.URI;
+import java.util.Base64;
+import java.util.BitSet;
+import java.util.List;
+import java.util.Optional;
+import java.util.UUID;
+
+import static org.eclipse.tractusx.managedidentitywallets.revocation.TestUtil.BITSET_SIZE;
+import static org.eclipse.tractusx.managedidentitywallets.revocation.TestUtil.BPN;
+import static org.eclipse.tractusx.managedidentitywallets.revocation.TestUtil.DID;
+import static org.eclipse.tractusx.managedidentitywallets.revocation.TestUtil.VC_CONTEXTS;
+import static org.eclipse.tractusx.managedidentitywallets.revocation.TestUtil.decompressGzip;
+import static org.eclipse.tractusx.managedidentitywallets.revocation.TestUtil.mockEmptyEncodedList;
+import static org.eclipse.tractusx.managedidentitywallets.revocation.TestUtil.mockStatusListCredential;
+import static org.eclipse.tractusx.managedidentitywallets.revocation.TestUtil.mockStatusListIndex;
+import static org.eclipse.tractusx.managedidentitywallets.revocation.TestUtil.mockStatusListVC;
+import static org.junit.Assert.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.when;
+
+class RevocationServiceTest {
+
+    private static final String CALLER_BPN = UUID.randomUUID().toString();
+
+    private static StatusListCredentialRepository statusListCredentialRepository;
+
+    private static StatusListIndexRepository statusListIndexRepository;
+
+    private static HttpClientService httpClientService;
+
+    private static RevocationService revocationService;
+
+    private static MIWSettings miwSettings;
+
+    @BeforeAll
+    public static void beforeAll() {
+        statusListCredentialRepository = Mockito.mock(StatusListCredentialRepository.class);
+        statusListIndexRepository = Mockito.mock(StatusListIndexRepository.class);
+        httpClientService = Mockito.mock(HttpClientService.class);
+        miwSettings = new MIWSettings(VC_CONTEXTS);
+        httpClientService.domainUrl = "http://example.com";
+        revocationService =
+                new RevocationService(
+                        statusListCredentialRepository,
+                        statusListIndexRepository,
+                        httpClientService,
+                        miwSettings);
+    }
+
+    @BeforeEach
+    public void beforeEach() {
+        Mockito.reset(statusListCredentialRepository, statusListIndexRepository, httpClientService);
+    }
+
+    @Nested
+    class RevokeTest {
+
+        @Test
+        void shouldRevokeCredential() {
+            final var issuer = DID;
+            var encodedList = mockEmptyEncodedList();
+            var credentialBuilder = mockStatusListVC(issuer, "1", encodedList);
+            var statusListCredential = mockStatusListCredential(issuer, credentialBuilder);
+            // 1. create status list with the credential
+            var statusListIndex = mockStatusListIndex(issuer, statusListCredential, "0");
+            when(statusListIndex.getStatusListCredential()).thenReturn(statusListCredential);
+            when(statusListCredentialRepository.findById(any(String.class)))
+                    .thenReturn(Optional.of(statusListCredential));
+            CredentialStatusDto credentialStatusDto = Mockito.mock(CredentialStatusDto.class);
+            when(credentialStatusDto.id())
+                    .thenReturn(
+                            "http://this-is-my-domain/api/v1/revocations/credentials/"
+                                    + TestUtil.extractBpnFromDid(issuer)
+                                    + "/revocation/1#0");
+            when(credentialStatusDto.statusPurpose()).thenReturn("revocation");
+            when(credentialStatusDto.statusListIndex()).thenReturn("0");
+            when(credentialStatusDto.statusListCredential())
+                    .thenReturn(
+                            "http://this-is-my-domain/api/v1/revocations/credentials/"
+                                    + TestUtil.extractBpnFromDid(issuer)
+                                    + "/revocation/1");
+            when(credentialStatusDto.type()).thenReturn("BitstringStatusListEntry");
+            assertDoesNotThrow(() -> revocationService.revoke(credentialStatusDto, "token"));
+            Mockito.verify(statusListCredentialRepository, Mockito.times(1))
+                    .saveAndFlush(eq(statusListCredential));
+            ArgumentCaptor<VerifiableCredential> captor =
+                    ArgumentCaptor.forClass(VerifiableCredential.class);
+            Mockito.verify(httpClientService)
+                    .signStatusListVC(captor.capture(), Mockito.any(String.class));
+            VerifiableCredential newList = captor.getValue();
+            VerifiableCredentialSubject verifiableCredentialSubject =
+                    newList.getCredentialSubject().get(0);
+            String encodedNewList = (String) verifiableCredentialSubject.get("encodedList");
+            byte[] decodedNewList = Base64.getDecoder().decode(encodedNewList);
+            BitSet decompressedNewList = decompressGzip(decodedNewList);
+            byte[] decodedList = Base64.getDecoder().decode(encodedList);
+            BitSet decompressedList = decompressGzip(decodedList);
+            assertFalse(decompressedList.get(0));
+            assertTrue(decompressedNewList.get(0));
+        }
+
+        @Test
+        void shouldThrowRevocationServiceException() {
+            final var issuer = DID;
+            var encodedList = mockEmptyEncodedList();
+            var credentialBuilder = mockStatusListVC(issuer, "1", encodedList);
+            var statusListCredential = mockStatusListCredential(issuer, credentialBuilder);
+            // 1. create status list with the credential
+            var statusListIndex = mockStatusListIndex(issuer, statusListCredential, "0");
+            when(statusListIndex.getStatusListCredential()).thenReturn(statusListCredential);
+            when(statusListCredentialRepository.findById(any(String.class)))
+                    .thenReturn(Optional.of(statusListCredential));
+            CredentialStatusDto credentialStatusDto = Mockito.mock(CredentialStatusDto.class);
+            when(credentialStatusDto.id())
+                    .thenReturn(
+                            "http://this-is-my-domain/api/v1/revocations/credentials/"
+                                    + TestUtil.extractBpnFromDid(issuer)
+                                    + "/revocation/1#0");
+            when(credentialStatusDto.statusPurpose()).thenReturn("revocation");
+            when(credentialStatusDto.statusListIndex()).thenReturn("0");
+            when(credentialStatusDto.statusListCredential())
+                    .thenReturn(
+                            "http://this-is-my-domain/api/v1/revocations/credentials/"
+                                    + TestUtil.extractBpnFromDid(issuer)
+                                    + "/revocation/1");
+            when(credentialStatusDto.type()).thenReturn("BitstringStatusListEntry");
+            try (MockedStatic<BitSetManager> utilities = Mockito.mockStatic(BitSetManager.class)) {
+                utilities
+                        .when(() -> BitSetManager.revokeCredential(any(String.class), any(Integer.class)))
+                        .thenThrow(new BitSetManagerException());
+                assertThrows(
+                        RevocationServiceException.class,
+                        () -> revocationService.revoke(credentialStatusDto, "token"));
+            }
+        }
+    }
+
+    @Nested
+    class CreateStatusListTest {
+
+        @Test
+        void shouldCreateNewStatusList() {
+            ReflectionTestUtils.setField(httpClientService, "domainUrl", "http://this-is-my-domain");
+            StatusEntryDto mockStatus = Mockito.mock(StatusEntryDto.class);
+            when(mockStatus.issuerId()).thenReturn(DID);
+            when(mockStatus.purpose()).thenReturn("revocation");
+            CredentialStatusDto credentialStatusDto =
+                    assertDoesNotThrow(() -> revocationService.createStatusList(mockStatus, "token"));
+            assertEquals("revocation", credentialStatusDto.statusPurpose());
+            assertEquals(
+                    "http://this-is-my-domain/api/v1/revocations/credentials/" + BPN + "/revocation/1#0",
+                    credentialStatusDto.id());
+            assertEquals("0", credentialStatusDto.statusListIndex());
+            assertEquals(
+                    "http://this-is-my-domain/api/v1/revocations/credentials/" + BPN + "/revocation/1",
+                    credentialStatusDto.statusListCredential());
+            assertEquals(StatusListCredentialSubject.TYPE_ENTRY, credentialStatusDto.type());
+            Mockito.verify(statusListIndexRepository, times(1)).save(any(StatusListIndex.class));
+        }
+
+        @Test
+        void shouldUpdateExistingStatusList() {
+            ReflectionTestUtils.setField(httpClientService, "domainUrl", "http://this-is-my-domain");
+            StatusListIndex statusListIndex =
+                    StatusListIndex.builder()
+                            .currentIndex("0")
+                            .id(BPN + "-revocation#1")
+                            .issuerBpnStatus(BPN + "-revocation")
+                            .build();
+            when(statusListIndexRepository.findByIssuerBpnStatus(BPN + "-revocation"))
+                    .thenReturn(List.of(statusListIndex));
+            StatusEntryDto mockStatus = Mockito.mock(StatusEntryDto.class);
+            when(mockStatus.issuerId()).thenReturn(DID);
+            when(mockStatus.purpose()).thenReturn("revocation");
+            CredentialStatusDto credentialStatusDto =
+                    assertDoesNotThrow(() -> revocationService.createStatusList(mockStatus, "token"));
+            assertEquals("revocation", credentialStatusDto.statusPurpose());
+            assertEquals(
+                    "http://this-is-my-domain/api/v1/revocations/credentials/" + BPN + "/revocation/1#1",
+                    credentialStatusDto.id());
+            assertEquals("1", credentialStatusDto.statusListIndex());
+            assertEquals(
+                    "http://this-is-my-domain/api/v1/revocations/credentials/" + BPN + "/revocation/1",
+                    credentialStatusDto.statusListCredential());
+            assertEquals(StatusListCredentialSubject.TYPE_ENTRY, credentialStatusDto.type());
+            Mockito.verify(statusListIndexRepository, times(1)).save(any(StatusListIndex.class));
+        }
+
+        @Test
+        void shouldCreateNewStatusListWhenFirstFull() {
+            ReflectionTestUtils.setField(httpClientService, "domainUrl", "http://this-is-my-domain");
+            StatusListIndex statusListIndex =
+                    StatusListIndex.builder()
+                            .currentIndex(String.valueOf(BITSET_SIZE - 1))
+                            .id(BPN + "-revocation#1")
+                            .issuerBpnStatus(BPN + "-revocation")
+                            .build();
+            when(statusListIndexRepository.findByIssuerBpnStatus(BPN + "-revocation"))
+                    .thenReturn(List.of(statusListIndex));
+            StatusEntryDto mockStatus = Mockito.mock(StatusEntryDto.class);
+            when(mockStatus.issuerId()).thenReturn(DID);
+            when(mockStatus.purpose()).thenReturn("revocation");
+            CredentialStatusDto credentialStatusDto =
+                    assertDoesNotThrow(() -> revocationService.createStatusList(mockStatus, "token"));
+            assertEquals("revocation", credentialStatusDto.statusPurpose());
+            assertEquals(
+                    "http://this-is-my-domain/api/v1/revocations/credentials/" + BPN + "/revocation/2#0",
+                    credentialStatusDto.id());
+            assertEquals("0", credentialStatusDto.statusListIndex());
+            assertEquals(
+                    "http://this-is-my-domain/api/v1/revocations/credentials/" + BPN + "/revocation/2",
+                    credentialStatusDto.statusListCredential());
+            assertEquals(StatusListCredentialSubject.TYPE_ENTRY, credentialStatusDto.type());
+            Mockito.verify(statusListIndexRepository, times(1)).save(any(StatusListIndex.class));
+        }
+    }
+
+    @Nested
+    class GetStatusListCredential {
+
+        @Test
+        void shouldGetList() throws JsonProcessingException {
+            final var issuer = DID;
+            var fragment = UUID.randomUUID().toString();
+            var encodedList = mockEmptyEncodedList();
+            var credentialBuilder = mockStatusListVC(issuer, fragment, encodedList);
+            var statusListCredential = mockStatusListCredential(issuer, credentialBuilder);
+            when(statusListCredentialRepository.findById(any(String.class)))
+                    .thenReturn(Optional.of(statusListCredential));
+            VerifiableCredential verifiableCredential =
+                    assertDoesNotThrow(
+                            () -> revocationService.getStatusListCredential(BPN, "revocation", "1"));
+            assertNotNull(verifiableCredential);
+            assertEquals(
+                    URI.create(TestUtil.STATUS_LIST_CREDENTIAL_SUBJECT_ID),
+                    verifiableCredential.getCredentialSubject().get(0).getId());
+            assertEquals(URI.create(issuer), verifiableCredential.getIssuer());
+            assertEquals(URI.create(issuer + "#" + fragment), verifiableCredential.getId());
+            assertEquals(verifiableCredential.getContext(), miwSettings.vcContexts());
+        }
+
+        @Test
+        void shouldReturnNull() {
+            when(statusListCredentialRepository.findById(any(String.class))).thenReturn(Optional.empty());
+            VerifiableCredential verifiableCredential =
+                    assertDoesNotThrow(() -> revocationService.getStatusListCredential("", "", ""));
+            assertNull(verifiableCredential);
+        }
+    }
+
+    @Nested
+    class CheckSubStringExtraction {
+        @Test
+        void shouldExtractBpnFromDid() {
+            assertEquals(revocationService.extractBpnFromDid(DID), BPN);
+        }
+
+        @Test
+        void shouldExtractIdFromURL() {
+            assertEquals(
+                    revocationService.extractIdFromURL(
+                            "http://this-is-my-domain/api/v1/revocations/credentials/BPNL123456789000/revocation/1"),
+                    "BPNL123456789000-revocation#1");
+        }
+
+        @Test
+        void shouldExtractIdFromURLCaseSensitive() {
+            assertEquals(
+                    revocationService.extractIdFromURL(
+                            "http://this-is-my-domain/api/v1/revocations/credentials/bpnl123456789000/revocation/1"),
+                    "BPNL123456789000-revocation#1");
+        }
+
+        @Test
+        void shouldExtractBpnFromURL() {
+            assertEquals(
+                    revocationService.extractBpnFromURL(
+                            "http://this-is-my-domain/api/v1/revocations/credentials/BPNL123456789000/revocation/1"),
+                    BPN);
+        }
+
+        @Test
+        void shouldExtractBpnFromURLCaseSensitive() {
+            assertEquals(
+                    revocationService.extractBpnFromURL(
+                            "http://this-is-my-domain/api/v1/revocations/creDENTials/bpNl123456789000/revocation/1"),
+                    BPN);
+        }
+    }
+
+    @Nested
+    class ValidateCredentialStatus {
+
+        @Test
+        @DisplayName("statusPurpose is valid")
+        void validCredentialStatusDto() {
+            String statusIndex = "1";
+            String statusListCredential =
+                    "http://example.com/api/v1/revocations/credentials/" + BPN + "/revocation/1";
+            String id = statusListCredential + "#" + statusIndex;
+
+            CredentialStatusDto dto =
+                    new CredentialStatusDto(
+                            id, "revocation", statusIndex, statusListCredential, "BitstringStatusListEntry");
+
+            assertDoesNotThrow(() -> revocationService.validateCredentialStatus(dto));
+        }
+
+        @Test
+        @DisplayName("statusPurpose from dto is not matching the credential status list url")
+        void invalidStatusPurpose_ThrowsIllegalArgumentException() {
+            String statusIndex = "1";
+            String invalidPurpose = "/break/";
+            String statusListCredential =
+                    "http://example.com/api/v1/revocations/credentials/" + BPN + invalidPurpose + "1";
+            String id = statusListCredential + "#" + statusIndex;
+
+            CredentialStatusDto dto =
+                    new CredentialStatusDto(
+                            id, "revocation", statusIndex, statusListCredential, "BitstringStatusListEntry");
+            assertThrows(
+                    IllegalArgumentException.class, () -> revocationService.validateCredentialStatus(dto));
+        }
+
+        @Test
+        @DisplayName("id url from dto is not matching the credential status list url")
+        void invalidId_ThrowsIllegalArgumentException() {
+            String statusIndex = "1";
+            String statusListCredential =
+                    "http://example.com/api/v1/revocations/credentials/" + BPN + "/revocation/1";
+            String id = statusListCredential.replace(BPN, "BPN0101010101010") + "#2";
+
+            CredentialStatusDto dto =
+                    new CredentialStatusDto(
+                            id, "revocation", statusIndex, statusListCredential, "BitstringStatusListEntry");
+            assertThrows(
+                    IllegalArgumentException.class, () -> revocationService.validateCredentialStatus(dto));
+        }
+
+        @Test
+        @DisplayName("credential status index is not matching the index in the url")
+        void invalidStatusIndex_ThrowsIllegalArgumentException() {
+            String statusIndex = "1";
+            String statusListCredential =
+                    "http://example.com/api/v1/revocations/credentials/" + BPN + "/revocation/1";
+            String id = statusListCredential + "#2";
+
+            CredentialStatusDto dto =
+                    new CredentialStatusDto(
+                            id, "revocation", statusIndex, statusListCredential, "BitstringStatusListEntry");
+            assertThrows(
+                    IllegalArgumentException.class, () -> revocationService.validateCredentialStatus(dto));
+        }
+    }
+}
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/BitSetManagerTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/BitSetManagerTest.java
new file mode 100644
index 00000000..6e41da99
--- /dev/null
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/BitSetManagerTest.java
@@ -0,0 +1,109 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.utils;
+
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+
+import java.util.Arrays;
+import java.util.BitSet;
+
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+class BitSetManagerTest {
+
+    @Test
+    void initializeEncodedListString_ReturnsValidBase64() {
+        String encoded = BitSetManager.initializeEncodedListString();
+        assertNotNull(encoded);
+        // Attempt to decode to verify it's valid Base64.
+        assertDoesNotThrow(() -> BitSetManager.decodeFromString(encoded));
+    }
+
+    @Test
+    void compress_And_Decompress_ReturnsOriginalBitSet() {
+        BitSet originalBitSet = new BitSet(BitSetManager.BITSET_SIZE);
+        originalBitSet.set(100);
+        originalBitSet.set(10000);
+
+        byte[] compressedBytes = BitSetManager.compress(originalBitSet);
+        assertNotNull(compressedBytes);
+
+        BitSet decompressedBitSet = BitSetManager.decompress(compressedBytes);
+        assertNotNull(decompressedBitSet);
+        assertEquals(originalBitSet, decompressedBitSet);
+    }
+
+    @Test
+    void revokeCredential_SetsBitAndReturnsUpdatedEncodedList() throws Exception {
+        String encodedList = BitSetManager.initializeEncodedListString();
+        int indexToRevoke = 99;
+
+        String updatedEncodedList = BitSetManager.revokeCredential(encodedList, indexToRevoke);
+        assertNotNull(updatedEncodedList);
+
+        BitSet updatedBitSet =
+                BitSetManager.decompress(BitSetManager.decodeFromString(updatedEncodedList));
+        assertTrue(updatedBitSet.get(indexToRevoke));
+    }
+
+    @Test
+    @Disabled("should this even be checked here?")
+    void revokeCredential_AlreadyRevoked_ThrowsException() {
+        String encodedList = BitSetManager.initializeEncodedListString();
+        int indexToRevoke = 99;
+
+        // First time revoking should be fine
+        assertDoesNotThrow(() -> BitSetManager.revokeCredential(encodedList, indexToRevoke));
+
+        // Second time revoking should throw Exception
+        assertThrows(Exception.class, () -> BitSetManager.revokeCredential(encodedList, indexToRevoke));
+    }
+
+    @Test
+    void suspendCredential_FlipsBitAndReturnsUpdatedEncodedList() {
+        String encodedList = BitSetManager.initializeEncodedListString();
+        int indexToSuspend = 99;
+
+        String updatedEncodedList = BitSetManager.suspendCredential(encodedList, indexToSuspend);
+        assertNotNull(updatedEncodedList);
+
+        BitSet updatedBitSet =
+                BitSetManager.decompress(BitSetManager.decodeFromString(updatedEncodedList));
+        assertTrue(updatedBitSet.get(indexToSuspend)); // Suspend should flip the bit to true
+    }
+
+    @Test
+    void encodeToStringAndDecodeFromString_AreReversible() {
+        byte[] originalData = new byte[]{ 1, 2, 3, 4, 5 };
+        String encoded = BitSetManager.encodeToString(originalData);
+        assertNotNull(encoded);
+
+        byte[] decodedData = BitSetManager.decodeFromString(encoded);
+        assertNotNull(decodedData);
+        assertTrue(Arrays.equals(originalData, decodedData));
+    }
+}
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/ValidateTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/ValidateTest.java
new file mode 100644
index 00000000..159e1fd6
--- /dev/null
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/ValidateTest.java
@@ -0,0 +1,49 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.utils;
+
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+public class ValidateTest {
+
+    @Test
+    void validateTest() {
+        Assertions.assertThrows(
+                RuntimeException.class, () -> Validate.isFalse(false).launch(new RuntimeException()));
+        Assertions.assertThrows(
+                RuntimeException.class, () -> Validate.isTrue(true).launch(new RuntimeException()));
+        Assertions.assertThrows(
+                RuntimeException.class, () -> Validate.isNull(null).launch(new RuntimeException()));
+        Assertions.assertThrows(
+                RuntimeException.class, () -> Validate.isNotNull("Test").launch(new RuntimeException()));
+        Assertions.assertThrows(
+                RuntimeException.class,
+                () -> Validate.value("").isNotEmpty().launch(new RuntimeException()));
+        Assertions.assertDoesNotThrow(() -> Validate.isFalse(true).launch(new RuntimeException()));
+        Assertions.assertDoesNotThrow(() -> Validate.isTrue(false).launch(new RuntimeException()));
+        Assertions.assertDoesNotThrow(() -> Validate.isNull("").launch(new RuntimeException()));
+        Assertions.assertDoesNotThrow(() -> Validate.isNotNull(null).launch(new RuntimeException()));
+        Assertions.assertDoesNotThrow(
+                () -> Validate.value("Test").isNotEmpty().launch(new RuntimeException()));
+    }
+}
diff --git a/settings.gradle b/settings.gradle
index b2cb866c..f93bc271 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -4,3 +4,4 @@ rootProject.name = 'managedidentitywallets'
 // for example:
 // include '<sub-project-name>'
 include 'miw'
+include 'revocation-service'

From 042179741fced9a6119ca29568ff88cf54b93b49 Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Thu, 13 Jun 2024 15:25:59 +0530
Subject: [PATCH 02/48] doc: API doc added for revocation

---
 docs/api/revocation-service/openapi_v001.json | 277 ++++++++++++++++++
 1 file changed, 277 insertions(+)
 create mode 100644 docs/api/revocation-service/openapi_v001.json

diff --git a/docs/api/revocation-service/openapi_v001.json b/docs/api/revocation-service/openapi_v001.json
new file mode 100644
index 00000000..ba06ff8d
--- /dev/null
+++ b/docs/api/revocation-service/openapi_v001.json
@@ -0,0 +1,277 @@
+{
+  "openapi": "3.0.1",
+  "info": {
+    "title": "Reovcation Service API",
+    "description": "Revocation Service API",
+    "contact": {
+      "name": "eclipse-tractusx",
+      "url": "https://projects.eclipse.org/projects/automotive.tractusx",
+      "email": "tractusx-dev@eclipse.org"
+    },
+    "version": "0.0.1"
+  },
+  "servers": [
+    {
+      "url": "http://localhost:8080",
+      "description": "Generated server url"
+    }
+  ],
+  "security": [
+    {
+      "Authenticate using access_token": []
+    }
+  ],
+  "tags": [
+    {
+      "name": "Revocation Service",
+      "description": "Revocation Service API"
+    }
+  ],
+  "paths": {
+    "/api/v1/revocations/status-entry": {
+      "post": {
+        "tags": [
+          "Revocation Service"
+        ],
+        "summary": "Create or Update a Status List Credential",
+        "description": "Create the status list credential if it does not exist, else update it.",
+        "operationId": "createStatusListVC",
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/StatusEntryDto"
+              },
+              "example": {
+                "purpose": "revocation",
+                "issuerId": "did:web:localhost:BPNL000000000000"
+              }
+            }
+          },
+          "required": true
+        },
+        "responses": {
+          "403": {
+            "description": "ForbiddenException: invalid caller"
+          },
+          "200": {
+            "description": "Status list credential created/updated successfully.",
+            "content": {
+              "application/json": {
+                "example": {
+                  "id": "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1#0",
+                  "statusPurpose": "revocation",
+                  "statusListIndex": "0",
+                  "statusListCredential": "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
+                  "type": "BitstringStatusListEntry"
+                }
+              }
+            }
+          },
+          "401": {
+            "description": "UnauthorizedException: invalid token"
+          },
+          "500": {
+            "description": "RevocationServiceException: Internal Server Error"
+          }
+        }
+      }
+    },
+    "/api/v1/revocations/revoke": {
+      "post": {
+        "tags": [
+          "Revocation Service"
+        ],
+        "summary": "Revoke a VerifiableCredential",
+        "description": "Revoke a VerifiableCredential using the provided Credential Status",
+        "operationId": "revokeCredential",
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/CredentialStatusDto"
+              },
+              "example": {
+                "id": "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1#0",
+                "statusPurpose": "revocation",
+                "statusListIndex": "0",
+                "statusListCredential": "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
+                "type": "BitstringStatusListEntry"
+              }
+            }
+          },
+          "required": true
+        },
+        "responses": {
+          "403": {
+            "description": "ForbiddenException: invalid caller"
+          },
+          "200": {
+            "description": "Verifiable credential revoked successfully."
+          },
+          "401": {
+            "description": "UnauthorizedException: invalid token"
+          },
+          "500": {
+            "description": "RevocationServiceException: Internal Server Error"
+          },
+          "409": {
+            "description": "ConflictException: Revocation service error",
+            "content": {
+              "application/json": {
+                "example": {
+                  "type": "BitstringStatusListEntry",
+                  "title": "Revocation service error",
+                  "status": 409,
+                  "detail": "Credential already revoked",
+                  "instance": "/api/v1/revocations/revoke",
+                  "timestamp": 1707133388128
+                }
+              }
+            }
+          }
+        }
+      }
+    },
+    "/api/v1/revocations/credentials/{issuerBPN}/{status}/{index}": {
+      "get": {
+        "tags": [
+          "Revocation Service"
+        ],
+        "summary": "Get status list credential",
+        "description": "Get status list credential using the provided issuer BPN and status purpose and status list index",
+        "operationId": "getStatusListCredential",
+        "parameters": [
+          {
+            "name": "issuerBPN",
+            "in": "path",
+            "description": "Issuer BPN",
+            "required": true,
+            "schema": {
+              "type": "string"
+            },
+            "example": "BPNL000000000000"
+          },
+          {
+            "name": "status",
+            "in": "path",
+            "description": "Status Purpose ( Revocation or Suspension)",
+            "required": true,
+            "schema": {
+              "type": "string"
+            },
+            "example": "revocation"
+          },
+          {
+            "name": "index",
+            "in": "path",
+            "description": "status list index",
+            "required": true,
+            "schema": {
+              "type": "string"
+            },
+            "example": 1
+          }
+        ],
+        "responses": {
+          "404": {
+            "description": "Status list credential not found"
+          },
+          "500": {
+            "description": "RevocationServiceException: Internal Server Error"
+          },
+          "200": {
+            "description": "Get Status list credential ",
+            "content": {
+              "application/json": {
+                "example": {
+                  "@context": [
+                    "https://www.w3.org/2018/credentials/v1",
+                    "https://eclipse-tractusx.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json",
+                    "https://w3id.org/security/suites/jws-2020/v1"
+                  ],
+                  "id": "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
+                  "type": [
+                    "VerifiableCredential",
+                    "BitstringStatusListCredential"
+                  ],
+                  "issuer": "did:web:localhost:BPNL000000000000",
+                  "issuanceDate": "2024-02-05T09:39:58Z",
+                  "credentialSubject": [
+                    {
+                      "statusPurpose": "revocation",
+                      "id": "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
+                      "type": "BitstringStatusList",
+                      "encodedList": "H4sIAAAAAAAA/wMAAAAAAAAAAAA="
+                    }
+                  ],
+                  "proof": {
+                    "proofPurpose": "assertionMethod",
+                    "type": "JsonWebSignature2020",
+                    "verificationMethod": "did:web:localhost:BPNL000000000000#ed463e4c-b900-481a-b5d0-9ae439c434ae",
+                    "created": "2024-02-05T09:39:58Z",
+                    "jws": "eyJhbGciOiJFZERTQSJ9..swX1PLJkSlxB6JMmY4a2uUzR-uszlyLrVdNppoYSx4PTV1LzQrDb0afzp_dvTNUWEYDI57a8iPh78BDjqMjSDQ"
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  },
+  "components": {
+    "schemas": {
+      "StatusEntryDto": {
+        "required": [
+          "issuerId",
+          "purpose"
+        ],
+        "type": "object",
+        "properties": {
+          "purpose": {
+            "type": "string"
+          },
+          "issuerId": {
+            "type": "string"
+          }
+        }
+      },
+      "CredentialStatusDto": {
+        "required": [
+          "id",
+          "statusListCredential",
+          "statusListIndex",
+          "statusPurpose",
+          "type"
+        ],
+        "type": "object",
+        "properties": {
+          "id": {
+            "type": "string"
+          },
+          "statusPurpose": {
+            "type": "string"
+          },
+          "statusListIndex": {
+            "type": "string"
+          },
+          "statusListCredential": {
+            "type": "string"
+          },
+          "type": {
+            "type": "string"
+          }
+        }
+      }
+    },
+    "securitySchemes": {
+      "Authenticate using access_token": {
+        "type": "apiKey",
+        "description": "**Bearer (apiKey)**\nJWT Authorization header using the Bearer scheme.\nEnter **Bearer** [space] and then your token in the text input below.\nExample: Bearer 12345abcdef",
+        "name": "Authorization",
+        "in": "header"
+      }
+    }
+  }
+}

From 190ed6ddc6a640484e35aad5f557fe971d687c59 Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Thu, 13 Jun 2024 16:11:55 +0530
Subject: [PATCH 03/48] doc: uml added to issue and verify revocable VC

---
 README.md                                 |   2 +-
 docs/arc42/images/issue_revocable_vc.png  | Bin 0 -> 43766 bytes
 docs/arc42/images/verify_revocable_vc.png | Bin 0 -> 36718 bytes
 docs/arc42/main.md                        |  66 ++++++++++++++++++++++
 4 files changed, 67 insertions(+), 1 deletion(-)
 create mode 100644 docs/arc42/images/issue_revocable_vc.png
 create mode 100644 docs/arc42/images/verify_revocable_vc.png

diff --git a/README.md b/README.md
index 244d2c3a..58d13261 100644
--- a/README.md
+++ b/README.md
@@ -52,4 +52,4 @@ For end-to-end testing both the application should be running.
 
 2. Run tests
 
-``./gradlew clean test`
+``./gradlew clean test``
diff --git a/docs/arc42/images/issue_revocable_vc.png b/docs/arc42/images/issue_revocable_vc.png
new file mode 100644
index 0000000000000000000000000000000000000000..2174a51ed1c8c29259cad5000d7a4064ad8bedc4
GIT binary patch
literal 43766
zcmbTeby!u~+6M}#C|d<ZNfDHkP!txRNU1a|=}zhH2Ejln5ouTmDBVa&he!w#E>e(?
zmM-bK?*#Wb`<(CG`^V*Z3|7uL#~APXt1<m#ABvs*i}EiV9GtTf;==McILBPzkK-vk
zcqAdDtr7lVaS%~;(6_d6wJ<btz!5XFGPHZ-U}$hf&-IFlgM*DdFFU)9#Um>RM@x$v
z`qq|CZOt?|IC$KqimDEOKaPV7pX2h@Q2}k;FLbVQF_(NRjOrBbi)%&O!42PhFJ=a7
z{c_DaSr9^zxR%3wAW&dVCEXQw^RD$!1rJS7QE>lvE#_Ao49_ym1K#DObCgaVWQu=j
zQKXFEGJ8{WK;qse7u_$#ajq`J;OU(-DnE(WHg6357;S#J>`xKDbumh0!DBR2d`TUd
zl<+Nl@WIUuJY~5n9`&D88qeRq8RpK_g4(9d&+^euC;a)YWu0v^089FUt+dOdbM?_j
zaoKmKXU%kfH1x=3^dEo5T5?~azuQ#w!QPER>W@DuC?5arY8m)yoF^2HOUiV1a#%RT
z$s*Y6S=VziLU+3>O0Lgbozq!Pog$(!x%=q4D7VXb6@!en*S3t&%d5KI61XTcOB*x3
zub2pYi#w6R*MIu)oXC0U_~Y_JpZV>lXfwH_789q!#&o_fxozf6Yd5^*2y;v=@zJJv
zbUZ{gjI)c>-ZZv7NohzKH~v@s+x4+7d9k16libO}DGC+6QwMC%TUNcSo*HkpeX7En
z_{)`ojL!5#iSyD*|23b%g({8Gk`&JMV8Ou=zupiTeG2w>_q58tk`KPJZgl1e&Fmts
zTRAo6Ub1)bHRH%QZbUVm&4{_}+HTpCvV7hLU(}M7&1Xs1)hoV;-q+ibcOtLN<?s0V
z+js+q(=05<q;c;&d*<eulIlx*%+xn&7#F)(NEHUezs|?VDNp$OzsWox=ktA$RJ(%p
zc|xDiT=w;+D$5Yg{ath7E6sUDI5<ymB!urNy7bS*5~wOoRFxcKs*%M#`KC1skC5E(
znckgXgNP?lmn)SUV^UI>vd8!xIauVee2<LMwfGt@uBA<QKQ*LCnQppsmPAZe)>b@B
z_|uu4gPd8f-a%ucfcke9KOe{MEqTmp3~x^sRreP4st;}4g;|PIqxDmu4EYbvIW+RO
z5DJ;RIN0O==NI7%$U}dgIr`=3Eja)D<<I;7_lMOeSF0@u2`WlBW214NnBd|36y>JJ
zynp}Ru4{e%2YR&nVBg)(Yw6R;?x@`AeYbD#?qzEfTYY=?X>VhAacXL#OF`z=wZk`F
z!9;9rjs;DmO~tvl(eL*e$A@p0+E1~>Tws)b(@Li8GV(o7pMima>EYYWxq|lX-_xJp
z!4fCH;i`Gt_V&)|?rQs`GcQF0DYv$^&R*iSnC;0nT;M2X4UJl?J`mvG=;-S!l?Y`V
zEO(ZXk?GB8X%1&Ccbx4hvDN3gV1DOXFP=)adh+Db)>Ql@of8A_a1b^B+qZA2E?=gj
zr8Vd*DQRhGF^+R>7#!51T>JKb2+rf-AeVU$TT|oEkoNj(O0Jnm9nV`iBct^J$)}pQ
zuUye>3SkJh*bHY?Npd43Bs_8Agjtd|gXn0kb|p)Ue8M=N%}*gCHk>OM99cS%0^{~L
zV(oIL`M^s&uW1DLr&Hqvc9%XIE`+$;y?fW()oQ4s)N^k;NMQSy-vuV&xUfuz1T<y%
z`Kg`dMjEf3`C<-x*_;ysTjQZ-gvapD$mZhtEBiD17sT;8&itP4Bz}YL=5n6zXP}&#
zm?$#sOfm1xng3BNGpE)%73(~7$KjW(t?jbl{xVUM4V-)fm*PrGYb%Lsc<ZZIuOzv5
z1^34U4HoD63c90+1U7~AUJ}vdSiF4kqG|G@<&UU5WCVo*FQO-CM|-k0tcR;CL!|X1
z>v}U)+STLq)QOSP32Qw~cH@f?oFa+^&X#&iJdi3!vvl<5&np7X`@61vVb#Q>kHcL0
z6xn1eH{{sR-0r`By|;jAq{1DTtEVpPp%UWi?tZCPwp9TyzpvbRQIcCTOK~0l<jKri
z#1T=8RXY#+9PI2u&|^|@I5@tHI9>GEiv$YXBIeXCKc5m@V0_E({;@@?KOvnwgn)4x
zO}M+(s}o39gj_gA1_p^un3FtJe_d-}j_J+OQsDO5njq^7`@+$Eor!4*PQc08xwyDk
z#Xt0k?OF7SgS~yG!Do@-ABCogX%!Y$efc7_#QGfs@V&^0Du{6M@Hp4`p4Zma&LB_k
zJwQ28xJTKnPNMCH%UqWATv_!;ReS8deEIUGGM3jd<ijpk)n6vG7-CuBzS|lT{iy^&
zd@H_l+rJWnBqb&5+yc!FX)%&<lnLntBlq?65|YTQBbGiq`b^LFc-z6z8V-1CnhII*
zX`d3(<yBQnJhtrotYIjl%PF}nuEq4`>Zou#FASKzHHP^o9oNfjZCGeu@_5HdNazW@
z_``?FId~a@3o*M6IlC>{+qUrnj}17vxVrgdCIp^d;;|BUIoRKuOh}(fUA5!VyzRW8
zxwpM`iObAk{LA?*){)&^4@Y*QW4MP4QUe7m>!aO7GpwH&9&4-bAMTCP(b0V!NFI0<
z6&2+&-(Pg>B;hrgXPK^6KR%+RyV~2W8(&|hO;l4;)AQCUbHK7=3@2||_M;|vY(q1j
zG=COKh)I=+SEe4g<w-7XXK!P(w7lH(<;yh|7UK6*d@djIS^4-h^VL6E^wkHD(YVju
zvd5y@6u5aT`wg@Y;CM&UQ{zHDKY#X&jd$WJdv#XTkhti*2EA4c*W;aaL&9T+hb@Hi
z+8ptD|G>xJoy)B2%h#{7f(NUD;XW3H&W6Uu0ar`Q%D6523*9#snoqxc_1Jb}Ver<i
zTUJ(9wA%2n>;BdhEU;u9)Yq1gfl~XmnQn!JCt)9!pEl11QY~I_+?mPDeYN3FD!BK%
z^SZ{zFj4-^pU-EW-}51&iKru<o}cHp9^$jdY8INvO|```$SjMGoor$quzAtdrMTAS
zy*Aq$!}MmduA#xr#pPN%pTt_6%P7I*O=Pyg4^n&K2kPN}{{j;d`8j&#=$E6nAWH;(
z{^R}s@k@eQ(fH)#4b2jp$(HJ-DOeslaD`u-CL=$FyivGd)K`{~UOM`&^QZm2Mtl3*
zW+wLBrJARS_EVl5`VFrV5@<yaj|$7i1Is>+Z!7i!(~WEXrYlWt0yH!<Ub~yN_=g{b
zWjpEWYCP<*sukd$?%DRXls2cy@vwUd7f?xKe!DrXxA!M7$9JZ(w?y4~zKndm5Xv#n
zekx8RK!CNABfNcgD}Kr19P&g$dO%%WwOTn>=dS&)Z_9>XBW}?nkNX<+Rjl=(Vk4O2
zSEq6-5B7J?9A2#iHSXnQg|&dmQv2$o^Y>*ux?0^#80%_&bUWQt^VHJFTR3x$zdy-i
zO{u{+K6(0L>-hMK($dm@eN^?nI<M`h&TmyCr}g@Dh16Trhu@u|?KIyn_;~xIq5tF$
z>*}vkhh6zx>q?#x8uQZJ$oOEl?XJScT;FG1<n>oD6Gj^g$8sxHBHIO|I6b+4)%l%f
zW{$7k-@XL1L;vtF&b9uv^255gdTX-W+q=$rNP>#@cc1ex`t2P~)8Q%_ia(>&{PS@%
z@|l01)!)PJz>hqd;P=m&^Y?RZYNd7)JG|s5lQ(e&A(!Y7@bJVW;#kh%i?3k*ejV}&
zPfR-2kbnRC^N*gR{lC-m|K|(4n6YduEZbu=2QITc*WCc519r*csAIoCO#IP$xJ~5G
zgkg!krQfhT*2wU|eyVMJ+yEaZBbLVV`z_1<SIi12tLX*tb#)uc+3HH>o<__pEb0|5
z1fR{u;?ot3VS3z!8stH6EJ4kXO|wLHSAI~s{FpvY_ZNQ>*8TP3JAHkEQ<K^g3Xy_3
zkBb~(jTh-F1H2Kt>rAaDZFyk7X)`puAK|dIVp!#mi_OBT+FkhyC?i^!k%?)sufXTg
zlbO+0o?*SBu|$s)nRvCkMr%K;W%N<z%~LJWtk4!GGs(}jHq&yO&ikxTa2gpH8*>uN
zUYCyHexCd~XeGEw_O6km$F8Di0sdnbJzRKcNKDLKsFddJ)`Mkh4VSDhl9F<eKQURk
zhdPf27zZm$@6Bj%zjGfM3CZ3ByVuAIv41?<6;P5$p5$T>&D<V)H}cJ!8W)^|rjuA<
zcr%W$0@>(my*IoUX!u-~5`zTv#Bs3W&!I=b;3ufzuTHfOS9^Jt5^hb#Sevz868-b6
z$2qhRYVohp0KGtx+ctgqh5+~sbz!8wPgU(KbW*5I=47z!4HXuzh|pm^^7)wCo;?rm
z_}U7cUO`@-#iQh{WAg#^aoNBGX7i@!L;@DnG?e}I5oERQY#2r#mG|p|XR%!m6=p?N
zs}7PMeHIlE@YHX7$Y(eH_UuD-<dnPaQ{}CsqCGrzky=Harj0#w%4DO@c)B5&RV78j
zAn-zKd9i`|T`FuL8moxMB%{4M8AIc?K6lsRJ58x~lgtzjmjtSw5at!jK?3~H+M@Y`
zGLH@LV|RZgR&OlqMcEqUY6n9BBXZQ*T`1?5;k)%gjg!oHiZMuVe|&$Bsav1yhUW6O
z2U-k6t=aYO?zL0hev|#!*TbkK%JQa5Z|-nSJG+oSxAx<M<)DenybfmHKLi&SFD6NZ
z1|GDxYz)V<29pNmm%K4gDpvL{njF|zOgj->S8O)nIa+t3C@d?hAScI4a4#&eVeY$a
zn(J!BjFH9MIR=~U-y}T6lQ0{57R*+;)h&EoEoZY#SmFoEgUFrB>pcN2j@`JC)A%}8
zrBhs0bfl3+W?-v2OaS_6Xeqsyam(g6`pk#1)FxeDu3mXJ|Mt#l6k~Of+VAQEt<VWt
z)Wch2?LFB$2?_XL*vtk>^60e-O_JmK_J`c<`S{d-^!2Hkmp2)3TBony2{6G+P_qpQ
z4b5yOtXGS?uF-Jn9+&@Qy21&|ANZC7C3{{6cjqkU`%g$Dm9-o{>8zSJdRons@N)Cs
z7>y1TvO8<4cWmnY*JzdU-!|6qUB1k(x^qqqubxA2hfRwxxH>LQ+l<+~$AdwvX*f}A
z)o{e)H&(!FOR6H@yeXu6Mh-^W)s3=HM1ihSl$o*>yV~hGTou&*b}Kk<dVhqd9n*F5
z%Dcf{odYSnA0Ou<^^-3WcrA;(4AU@Di8)?)sg?w-kG;4j&y&3tb0$7d@bTuO75$*K
zNFlow`Mg`vBtAs(!GKp+6`1V5Ml8g8mW?ir@KGoSOT|7n$xoN_Zg`8@cbNNrN5E6v
zXp*_<QFjKr`}$m_afrj>{ud%asxFgq^#|tHyT8z2k0Wz-x4PSEVc^9K9=DC|K!t0(
z`YMT<slipnpuLr^*)umL^53jq)hc%iosb-4IGv#`8AM&#(ZQWr?zF%+H#?i_{kgU*
zQ!3Yklub3|I)-wZOA>4Hni_jCmm~-PqJKUGHTCjD<Zw*alHh@Ti-t9Wq|ko<j~}dh
z+cTM7k4IkQ89Eh72$f&;O<9(i+S?IKUMT9Zj`zsl3>I^{#I!RWdXa$dw`^1k4VQM(
z2dPLKhFzH36W8X41FjP$G^L21=atFZS*+G6rL|hY#?jAIU(YTYOnVujkr6DIfMDW;
zEw9W$82tGk&I46@Pdw<~eGe&X*<E^&!q#nN)f%p|H`ASI?7`JF+HX4lCIuaHna@QX
z9Utu~$zRvqojr89u4Zm-?p2UkPfLBj9H~^Vc&?nksJ(;0nTy24+d*Dzkxv{FzvQ@{
zCA+?zB@=&5<iWv`k1+|Z+tMc=1$pK0zHUa``Ik#K-$<@bUaxQOs_faGhnAWzh2`2}
zeYC7-*wDOtD^7|y(fcwL)hp{jSwX|26Qi{6*j(+9$`yZcFeWJKvGj?_eVvNAAWu?2
z@)%ctPK050GUXN>2JqJv%)v*i*7)jQrBk8;J9DRJl21FT6kG8dF#ITDWxcyIHP+Z}
z&KD&=d6hAN`H`baq9|d5dD61j1DWjXfu0WYummhsY{J%Z<AKZO$U!M7m+h!|v(lr`
zc5LESKKJ4e=a!}>iGBZoFFImkVrzt@9OY$tXVYU;P|3%tH)-jvrR~KZ?7l2hNgRGj
zbkN?b?Jk9ftcSO!de~(5DH8YH8xlOH`E*di3fJ%JKg4)&TMg_tTv`-Z7A_o5(d1(9
zrO*5BH0D*RW|1zs@5=~K$ak_jn;}(3$Mxq^pYg=~&CCU2*5+p3OmD#hkLT3bLMLCS
zmBh-<j?=_(QMbS9F=Q^K+6T&`FbdV4dvD)<HEak_b#Zgc)+(2i%v)C!-dG4CytFPh
z5!p=5?<S$TpW*&>&W!);t#qZ!)nfKPKJGzjf`!FgFx-=~#|!l*R>Sm1N{W@dSMUDL
z@PR2`WY=(!$hGkJD6~KiKDM8&<J$ddlZ^QJA4IqB@-Q!26eB0VqyF~^Oz`bj?Kp_y
zb;)A8zIVTW@C7D5H9sakZeJ^g`>C67Xa7~b2yJbFOy$R}<6rK;L~!g~nMiNNl(t~F
z4r-px(RlIYxhzi&mJ24#h1ir*<98fQyNb%kk!)(&`@W{vwM(};8XMa;i7`!6xnAfG
zzz}op)Hlk6E?u&&$XvKykhzAct59}SLrtvKUBGsxddV79H#H7d2mY=G&ZjRw8Pr1S
zcq9GbWiZ;=ISAnFg@8S1M@bjw?-g<fp!~lvV`!hr2k!02ND_9YFud^gR@VI(Q>=y7
z&ra@-1@wj>xP){mRQ0Z%ITZFwD3fbay7z0{56`bTMw5@fa;De%=j<#XUVDbX<yBO^
z?43JzxGekUV0GuJ=4lUd*-wf!O9hW#<Im;k5Vy|07&y7R;l+NQDMuwYt|`D&dUTO*
z*EYp=tYK&UazRfffFCq5h?`Qi6cl$E*lx`Xag?jeJZLdjY80`b?%?XkbW7>;+Ut$s
zFdolc9`W-lSg3GMtJ<0kOv((8-0_udMs-pPn-_>Do{CLiuI)_}%iURYc5-x_9X?2h
z(NsjvaPW3ueT11aU~ylgaKA}FbozRF>V+n@2YVaNfB>&wN25bAnC+TlL@3~E!^2+9
zVazj`JQLqfoF*kdgAcmN%aa*$sLT!fsgvbSMbp_`P^b02y%SvWid9K8Ss8gTk5hz3
z(ZHfkN=kb6?3s?|mLcdya&mH#yP#{_zkh#x5qOt~=+4?Ka7onK_n}I6V8)odr)7+o
z=lJ}qtvrHMFrhGI%(qLPFB3I#?G?Ch1lQE)2C!oe5m;!ho)C)l8m6tS&DGU)l7N<u
z&UtYt+e#7xTr#bZ`nJuJr%!pWVG4{|$u8MDI3P%+N5ikjiXqFE=1zL-+qbU{6i9_H
zAjk_E>WPG{?b%!&>miTdzpw#h>;ldUZ!to&t;4rcsNF$az{j6?_iyaC%d-FiT&7Ac
zWus=P9bl!GGm}q`oiqZy%w<WJj4V>Ez=$~*w5f(6wUkmQV1V7=tB$AHC-fytMS^12
ze|s`Bw`!&<J=C=s>Mzt~mJwfH->uatq~sle%)?X6&Ii5^*UW05WV!h={ke1JmOwIL
zad%&v36G2OobE^l#i=!hM<z?rZ@ADjG&6HHK_tKvNHd%TC<O1}svtGz&k+cr4g$L~
zReXGW$_L&9fP^<IIs3_qii&cZb|ks3PCmy!+uYWs?EH9R(3v(8M6-xQYWKN3>*_sH
zXsDq?uqc3e_%aGzzj|w#zvqs?!A|XNG@$kBy>*mmL5fFPe056IAQ7maX_j*^tkWIc
zSxz47b4{QksLe-pgKGFGm~M)^lX4k!$*qQia01}avOiR-_X8qz;%*x@I|w+ghemA<
zRk*JD`}><UhE>^&)SjgA`0}BD-?+bU8tCj<o!TcR%KSfyty5=lEsnQ|=_cR_WfP+p
z9^-$we4FN}-(Ls`w-La*KmyuL6+4b<HEvWIJT^>*lQryscT*1c-MTO1hQqP%gl~gt
zgikzCXZR<d`Y*b^W+TJ%WWHwWl(ZsFno>fO1`CeG$-^&2=>Opd;0T8<p2q31#$jXu
zq`z?jXO<@x2YESvLKFWW&c|a@bjX)d3a_Tdds3d<h^VWpBSM&#85^+NGGT>^DFNhH
zoIwu|OD4{>GR1pvoL>+~6b%d+q89Yr^+BHGdILI-T|mlhS=@ogJ-IsUm6fimMhjE$
z)Dz4XxJFNq(c#m_g>M!DuJNRt$T|=g4yo%5HthF|&X{;;lzRhcIsE+m$-mjFcROwi
z@bhcY8b;E;X$4kS37i8|Gdl+di>@>|Sh9%b6G(a$Q?q>*xk_a>Ftz22RjkQ~*wPUE
z{3KDt7vO&4n_cM&SFc_LeK@T3Gjy8Uwt65&!Fu;){NQ;EIdMk6$zC0=!AkcHMl=Rx
z-jfAlW~Op>$7`No#j)0}k?iep{N*4TJ$(4k^2f*6JN7AcQ7RIAEBiZ()?I1A<VnQ#
zplX0@*qJKxbrO-Rkxq>E3Ru8zR+t+0I^gfT_-BxfM1(tgdsS+sB5#l!Xp}oy!bca4
zF?2ww&{JMXrW*mdS(GpuWg6mb+=?;GQ}&kx0#)8@bpQS{3(2JX^xcnDuxiXMqLW`<
zV0viqy0+5CnC%J7DXs^o>{1Mi8R%Q)-#?5L4|~SM$6LQ`P_Lj;&DG`)P%AR;eOL>4
zG}z|h!`I%&jvc$MtPA>Hh+lQ}!Ngs0A#Nh7+wbNqzrA}(WiG!^dHgHF|Ah<w66R!P
zZUPj7ZT$A_8}M4wMsr^y7<%a;VfJQ|Y(gv+8=?zW6s}vakcCB7nbeLyV+5kI$Z`rR
zd}(h#SpQ+oBooILys)s)zr4P_p1-x)E-1D6?fruWwXMxfaaG#2u8|n)s^B`A!FzZy
z+?MjrffSsgdfHxlj%<iu@eV)0Xt?TeXJ_Z?%8KwBJ;#+RLU*;d9(#<`zJRXw`Q=&8
zHc1x7k$cbaFT-^Fg-wL(JKvKXBg$1<TRSs+m5*=Wwzk~@d?Oq<6tsx&aL1MLrmn6o
z5Ynj*&ooUUq10-y45|WD{X%dJ_}zYkQv2=o0cdz2sE_~rdG6xH-&ir4XiX}u54!hE
zOwtMp>;p)zBbuC?QlJ_1lWRUwH3q$X1;)cJV`s5w<}@h3+3H0zovB0-1dhk!@{lFi
zrHehzcEN&Ti1OIsQpl5rwTTpodE!>NMA2*?miw-(cOwY0hLJ@oY(MZ=wp%y)XqJOs
zsX{%AthvdI$*~~8Ax)+cuc+gfypJY9_Z7@!`l0pnKdhS%TG*@;8xB(KUHQ*u9!3rY
zO7{GEG)i&$s6Ms2FGcv5S1ze2?Hf)eR=>lH@^bZen<bm9^pGR3h&_ikEaKKKAfo0Y
zKX*>HX*7dAG=n%`g<92UyBu3)*PWeFmhd{jh>JUZ?GmC%CnhjEl5-kKPsC_#Nn0qR
z7DZ=~P6NgFNk2PAhHtqJ&_9C>^t6(a+bSx(Ff0uX4ccW668r`W1Eu@>`yjK9H3XKs
zuBL3|XB*kUlHc5Pv9`8$c6Poai7wUsg!lZDuCXywOmcFvLW=bA+M1)SEyXQ8VL7?r
z5NSKl>Ey^HJX~Dd)yY<c)#3<kVi=)9>*1lMCT2c9K2A;rKgC<=siMciYv8-@KX`EY
z^5y5xp95_*8seP~Bc;nuj}uLNwbP6-kt74YE>6I%UMNl=PE=^x*|2$SHRtBytyPKy
ze$_~J9k6O#@7;Uq=37^2(I>A5@;#$;)RhOr8A_}KUs6J9MzhkEJPLXo4b@Xzt)rZa
z_Jj5I@Zn<2<d~?Jr~VMu^xRwPh3W$>Tcj4M6$J$a542UcwVBQ3F|pTF>D0s&6t0tm
z#4cdnNGt1&NvAxF?T0Q8MPPhtD(LcEWi-X*%a7OR)C^(0rb7km>+4Hkgo5X_)~yo0
z3H3mO`5HTWE>b=Adpe|^LA3^}OKk@f4_aE<!oi1$PbF(Uf7b8LP^z!52TAOK4<VOz
ztdnFwa1To&_S#rgJ|jkNd~}rfO_iOK)BZ%H4n3PEqmj|up$dlpexs0-mQR$NMlG)>
zIJ+Kz&Xu!U9IqG30bcT(^B%L=#bL)ujYVEe#fbK*)%BC01GKWek}}3Uj(=cAx}Oor
z>Y(%Rix)4V8_7sXDbL_L)+@2cQ4D9N<<vDqBUgNvH#&*WaVD&c;^IZbfne|e0|^x6
z)l7#FKTLJe?+~Fn5dxiR&p|9!?gu%FGVORpMa5)GbZAVBd3Hddg8HjMWr{#iij8nC
zc?E@d*GUQj-=!iGtlp<*Cy1#z48Cly%@&Dt>IH>6f2d2UtgJ-TwVl|^a8FOq=BqFt
z8|cy=k^~ea)ULLw_lEnqT9X$SR?wX|R7pRLH-$p;M>AA_S0M0syQHM#TJKYs;i)+#
za5*Ja@c?o$vgX+`=BuDBDv)xfF?g~1R@F}fn9-hD$Gdj3lZ%b;dq%n7z}FWBFI~7W
zHaXb?@CrItRPn>R$@Svq;aHO}TOGAAsJ01i#J`}ksjI7lCjoGrI5(9Qby0IlcWrUl
ztKOf4ShdPy3(O+6*Y9|h*xLO6YUeRm%6MWz`R`-C2M$uPMPGvVF+4m{c5RQXm5E``
zo$Pn-YE+d8X#}#oi7xXRc)n=5eZiJ3Km`@Z15Lx;&aQ=(?oQ?j;Oesc&FXIEM(+mf
zjHz?6LSw&aX%eiU$WLZ>J~X{0&o>PhRPwf<V0A@c$2*l=ZB~_>uo>oXO=x?ILzRwB
zFFu;gP-Fp)bDHfz<Bg1r?5xi#&}M643vaWs@C~EN9`2;t&ktQ&6o-;_1*86DW(dSG
z9j`s5zKcA>YRt^ccU)HtG&SEY*V2%XBoA<c;U&1%aF^k!1Y>6k`T}kUmGlA@b;Egm
zt}i$^nD#<`&LUj7pEXY<Jv=-r)Zfs{2IWT#VYp!u+~*=0a|y&}dHU;@iEYa0sNO9R
zA|j&I9@C^kQi}8EgWtT7Ra6X%jlIsrZk>pVx~2azHFfIk9ea8<g)h1{D>jDQdCP&9
zs%NG`lR3$(wVrV+lu1T;5j)qJ8sx_C9SXpAkItMB?*2--p<r-G(#pYDi(632R6a|7
zQ)p0HMuzCj84KvX;5VM~Ual1cyG>9~P(?*0@A#UW9&%2j2G$kJFU5nRdUm%~ujl-N
zvKQhdEBhuiR3Y+)7R>2zmnK*6O62{ktE;KZcfaS>|E83&21L^`K!;4Lo-DP_QhQ@D
zF{G8hdUfXL^rEAqK`OezMMOyWP(p$kPHz+Z<=Ng`ujNr#P$f3^YIimkd;3VXMLN~_
zUjWhi{^JMOjB<hJoAx{7_q%2YiDkWTi($~XhYK^40-dbGoRcoL#olE)$dP4Li(Wnd
zuK!U2Pz^WiYJ@*FQ4GOTEe8EFiJYO7lJi!V6$xlDQ1l202pWTEa$B}e$<6~VJJ*`A
zTXnN4F{d^m{qGl&ELLu4Ln9a*96WiJve0UfclGq!tYO58j=g}6?fP|~Px*7`rtPRO
z5m68<!{3X;)qva>$!@Dv<6@5^AqSQT%!2c&)2A=-x!8aM*?s!$+aToq0MVUs(v)Fl
zP(S`HCnMAT=FJ;$5~`>^t&cpqg1plr%xiB}hc+_9#Ld<91U^0^BcpbS&C@oRoyg~!
zM^jT%<3E1{^9wLcf(8H==ylENDJv1OHy*)|10GjufXlMCyIbN70Lf7tRhoL~C$$Z<
zJ5a47TnR!~&zl`bn!W;iMKWHE(@&4%02l!AL-#+#3R_h;x_kK0j}Psb|Bd67{r-4-
z|7qCZDH0&axCA4kr#E^M4vx!vU_dj56umJ0GUGnmJOc4cd{jdpXj>mIQb5IftTfeO
zn$qMFllI3NgAP7y`vwN?ovWFIk^GJaCa5oC*B$Ideb%(-ES+lYnQ9<tW^)hP#L~{g
z*jeCO-VsLOf~jza=IFY=;}upY-KlF3>D&~J=D3iWl7fHyI7}oBDb2vC#3IID7V54A
zMdvLl+%~E%I5_zh`Kjl0;^NGBo2=YC*L4b8ak4{=0*e|_Jist5t*=KceR_V<a>*l$
z1&dmIW9Cd4$ooBocsff-NvTRRA)Q{9DPzl9Y#0}ih;RX@A`xUi%a{Qgvn@O|QTD8*
zLwMp7OTS6zEaO7%?mH3JH3T*W?1Aqv+L^Af_>|LQj<EZl7BM<hS+zxMa1C7KSJeFd
zgM*b2rU2Lr<Q`hTlbxMeXG$w1D;S>co;`KS1T=Da*XiO(XP5OpV?%|eRj4^YXYxPk
zekds5%nbq5C@fqD^8n3q#qV=%?ZbEh%ORmvb<@Jyif+4~D-&Of3ZN_@-8ubzM;b?F
zYU+>hB{+7xW5+<~ku^#x`Vc1?tysh76+psG!(pzKU7*#&dv8Z5;Kd>TeS!{{G|#PE
z|4bwZ*uV=gYslv>!E}pzB&~V+jgtG2u1Q<TyvLhs!cq=mJxP$q$O|%q)d2RY@0ISw
z$3d=OkWV*ob1U=i?C79pdwk<jo-{!~=yk0!MZEm<@$|G+orCS(kPzZk;vlL!wC;Bu
ze(7rBa)o~XuDZ&rkrf`tia};i9KSpL&ykV$vEdkPKb6i)bc9Uh5o~H9At4E=ZoFQ+
zkzP~2ijM*JG!U?fvK-v#7#3uFp2-9!_3^fWVNbK(dAAgk(wUct%8J9yf?<Io7eaLg
z|1&>n>t7m1;Q>arwt4w|6|VMUQeuIWTp?fd8(;fL@a=Do5x@5L4_QL|z`4muMpHmi
zwtL%-1Yhzb8Lz7szG;O{L{0`npK?R13}rQ-+SDhE?vmEj)NGlx$WwL`R>%jXsXH{h
z=ywBDPwCOz;d@?jhOb|zrlxv7e*BmTjY-meRY=Z!3*5j?<gm?O73~JHX7L*|Smvp+
z28jHMPH;Oqa>JU>Lb8<!Ti^ixp6gRklyD{0P!n5BHc@Wi$kar2ugclhfgFONcb`d5
z1-Yf8qhs9K!J&{??FRN@P~;ad0Q@$hdeIuF?CuO{Y*&1E+=9HYLbh4yO4s)yz<E(o
z<P(vj-@eHPig&Lk5r$_yfkWvuCyL%8L5HfVvE7%6H}68bk3gpDT<gK}-b?q^{8Lu0
ztiwEG*DQGx8EK5Zu^3{a-0|mdwz_xPz4i;53_pN$Bee?&0Cq0~B?y}xI0!($9gA<%
z_-Mf#eAj6%>aKH+>tL63-A%Y|*~$$l(+=SdXo{lcTRr(5om$N@Q>@BavKi_|ag0hG
z)K#%}oh7BAdUMf2{Wi1*5CFt-!ZJ)mdW9$bL(x@E38QRf%K47YDbiU|8k!(v<e|*q
zV8c#Gzg7pi47_!1k7W^ayL8P$5Ln{TYLkN(T0tn1s0Xaqb-L25*@xOqoO>ddGLi4h
zxYNm1pQn8M{DCz1+mIFG=i|%bw@TnU(*;}@R@W-8d6%RiAjD=}Q^EIo*ID@o4d)+S
zF?Yo%O1L{vqD;P3J>CKIWg>h-<6{<d>dD7xsdA*Ox*^pPFS5@@OK_MM<*RzfF=wP&
zA$EtK$uo3-5g;;XE09Jrxk+xot$qRBmpp`Hd^cjtU8(v#W>roQ+II7rmX3~&+Zgrd
z(?6g@k#eU|B&c0i3^%kBP$u(lhU+*EL~}4t|K#Ob;S)kAOGT6``KcL<Nq-i+<USfi
zBxqTRK_(DEGpjtC$d~gd2BF;Wpow3~{BuL3+xVH>KTCJ(mYmTva0s3sHz)RJ7@<``
zMbwB#(iE~&!lCYExY)u!s#K9A%2n#b70e$!2%47=O0D`xuNo$MVv>KTmLMGN9J*)G
zT~=~_e-U@9od|5>h{0hvzH{hny<2IUp?M+z4sTw$@-BoSBHFL$psY+%GWWbu`k;Jl
zvPw$G<l?hzr*5MWB&B$+RsBV&iKI^u1!u}iVhYm*d*}3!4s&l4v*O=FzA0$OQ%Lvo
zHJT@DWr}mrgXKni+wHdrV7|;ubHI4|`uglzWl7W=fR?<xym)wuL9ZUHaP8C-rVj-z
z2~^XHckhG(D<B&6HR5`pe#@Z9buFjssvl}}Z+`FVYceu5oepDG@Ob=KOH)(y6}g<E
zB7Lda*XpDsgIaF_0JA{fL!MZ$5P&v7LPN7SKYzVEi9j-`-Uy>JrEsi=Bl0-lP$>S+
zc6NUe5w*9pD2{@FaFLR7=GQNBDyj;LK91E04AV{a%8GDQU!m$r^HGz$tE6A$PyPxP
zqgJc(D8+o9?o5TbnWJ6VymbPuv-dF=yZw0kU66f2kb+c(zxRXt_c=H?ppac{xaqmO
z8B8aZ;Ug?68dv)K_>k+=<qNiQoDdy2BwzVJz61aP1uz<Dm(BUVel6g>o|Vt~FIG4j
z{D&1Xbg1v^h05nu-2J^UxRYHxBu^|I%Uc9U9Rimi+|b;0$|6q3N(U$vMU>L}`uV|X
zJx}mZTpZM3*-?>FBu@b&5gyJ3QNq;-b!lCBH&<5E{PfgQV~K3sb$s@YPpY<OSmji=
z8lU9Pz97@SNlgZ$u2zeS^*$H@vF`Ng)0{!<Y-}j<GZ~Ml5Q=?i*d)#07vpCVSX{gT
zc}ve~doFBy`yx;sN<9P3vN?{2RR78U0(bZJ_PQyJjEpk4EILyH-QHtq8CwfgmCU21
z@Rn5=JfQM}dB!j|F~Mcr_7*UY`SqeGp)qGOeq=zDz3bgk*<5h2W4LZ0Z-$#E!}4AI
z{X6W~ofudw)cAP91rOgHc)aCvT>+6Q-5VJ6V5$ra85vpqeT3jqib5YEj(7svfuAqA
zaYwb+0ST+JxGvBsM44i4tJ8W#6sA>dJ*@2Pw?NJs4AfF|U!Ea=3-wwBYm!o*q5gG1
zeH-M*hPt|v($XT!A5QSbNjS<H`r;L3d6~;7kO>A*K|Iv&K!5|}xet;W&~uV>Lu3^#
zE)chY><bI|cYF}^i@|)u0Aj*Zr&KFkmM6YO)>HrW*I%z*j4h3PmPACiNuY9^eUNr7
zwi={AM@?O2JuG0EdQ0G&L8Q1eXoIdVu1{LeCnTCgKnF2zRa`jBm7CE(f(}ga3x(QM
zT3#Mg+@*&X+To}ypQTb678M_#tL3xepHf69$4Nv$u$6nT%?{;ltxAcM5Rfrqc4K!B
zd_N&&4TM%D?t1Z_94*!k8<5~Y`_ad~^7oftz|QsN#xJA&C!<e+*b>EQ{LsK4>0@UU
zmC5KW2+2fH3EPMyL7<8YBD8_KASh-HiT1%bto4sTCkLg3q4idkSf@ItMxn`j0R9J_
zl|6csJ-ckYyy|Cwj;qqQfByWrB6*UaMXFb=3Fff3w>Jbm=H@J>X#;r`g;3d!zRi&N
zp<h{qoWkjohcPKwiI{w|?hM>x_-QfI)6-9%K0Ql`0su-H%1PP^Vdd?uEeHwv=THbb
zS;qN&08t9iByd{HuYjh(r;H~tF4Cr^>0MW^UHj71ln%ONdU`tLR)E~zw2YUT<4J<F
zYKMRymCFs6@Soo^FyG(Z>Ti{nlr-zfiryk>?BOV$GzMXHdZ4r*F;U;d#6(o|rK?oy
zg{a7!f)F5XK$<&5K7INGHHgx2Q)`tP9dI_U=PFCQ*S_nIkCx#YMryZV5+fyBcy*W@
zG)>6!ew9wy6A+1wRvdZC^}4^mBQ?%#25jV1*IhUtz#qSN<JxL*pP0<NIBE|LaX}5v
zG|H+dM<e+cCwp$2=}5uP!A|u-IUuf?ORuHRVbA>a7bU2Y0J#po5Qd%Q8b+2U)jKzL
zabd8Wt0O5T<)hUgfM<SMTD^(pa1u}5Q%ElY=EPQ#5)>3vk^<=JcymP!0pgDUSDLUv
z!z|i3sQ>yk;Pl(W2i3-GPkxYqXfN&|KRajj4SLj9TpfxhCjDTR=+d>s@&EYz`N3{J
z2=%tMw*2nvh-D!Nky;2MA96~&nxmz1o92@fTLFwmLKKMCm+sh&PqxNHBR<UOO9<)^
zN``>!`pU}6`Z{-&cN5Zu)xP5Zp}}RT2kd@byVd|<VQdzMwg$-*#6RIH3S9_7k>0F)
zZebc<xbqKz>taEA>0$4UusO=sV~-p0K@Ucn8^YESnm!9XG3hZn@`wJvJF)I1&V9tF
zQCXFcmfrnoMSSVf4(^lI&%!S<7<hOhxh{ge)%A)@svJC=nlqk%Wws(Vj}5!XY7<ku
zbXN2$N-oJ67^_X9MMel4Hv8ak6I~$5@CP6%To4h!SW|fsee2^hOcTgA$@>uIHF}4O
zv(Q?L3m2uxFJ<L<Kwv=1vh@STa*!NAI+~lGZ*}g&YjFIi>XqivI1_&z&glxK=2b5D
zAJ$e_0#VoNBVfrWYs<2{$ua{W;o0lUcO^YwI_H;~b~5(Of!&zz`s>^Ks}Ej+gqjah
zJ|dh$YD%lS#N8rr`|d~3(qX0ppcI;Y`r_Cju`?4cs1T3~Oi&xC;}{@5XlBj576XcC
zSS$2GaTmasun<XqAk{KgtNbIx?FDy7h#b)<5)MvIhKBBL66|qO!n7C2)z=+MxC3_Y
zoo_=!RS+L-=ikt@vdZz(#PC(B(g}AawJ}bO{fmRWi`6Cot65A~cy6GyQ;);k%v{@B
zw6%z+u!nR6T9uQN6PO5c+zeNc40FVieh@#SUvIWXYU(kPfx$swjX8B+eZLr(c={N}
zKUU^0GN<)zLvn*q1ZH$QP+WUJ7&!pwFsJ>CYBF+R7c9+vrpCv;U%X(Rz;w+w1YUxs
z5fKHRQ3}2v<LQ$yZ&S2gD$jo}F{xVbHy4Dcji=|n7|mn)JFlqj<g4eHu*k%Eft9XA
zi|O&We}^VqClu19=KN&suYt%dL*4zLoN&8r>jp5G^R0H>=yTUYwLl6+^2#-IL3{~y
zph~M!aPVK=gt-J3ss<it9+DNRDHi_Dz@>m6su`if&hO6Z9H`67>xFpP*{uLLGF*k`
z|E86_YV$tx4GxZc%}UF8o8X6I{ggB-0L;Hm{`~YD)K;bE!lB5>B7S8WLqfXUbO%Gz
zC*7L^?pP|oBIAO#qjf9m67|C11SvReZEruspd>0;j6ysC3POfl&Y=~9W{Clm$T@77
zcZxqDJ=LnA1q^7Xy?JY|7%=XRPqxSF;9@Im$3&qj+cJa2Ah`>6Kf^b0bUDmB5=2h-
zIZiZ_tnLN`1calT8aHVT!7^&@{?S8d4K>-;GLWbgG8JgE7bbYf1;^PCM?n}j2FR|z
z(lr@lR`cB>dip}d9yDIiNt)X`VQ&m+XMoMu$sDb6;Sf~5Qnol-qf2Bx?Qh?dxH5`W
z#10#UVfqb-Fc`q*^2GM^0H0=2f@#PkY%O7IoSB1>2iq;$9v|tZ=fFH=z%(cJfj3!g
zGjd;BJC3Wg!aYHa;%n9i6Bd}03dEp|srOlQB>7py0U_&yC6#Qk0Nx~MO$}<%^!Coq
zk*$d1$;1>BX(I1U{kc<t=K}s2a@j>f8G)@N%2L>_!NkNwF$|kQpi4sT(f0d?N86c?
z<{|Ebxh5DZ6UW!Ln`$45^4edG?>2usF$2d49^$utnW@Rg5CuGa66)S~oYe<I?8Wfl
zL=YeCAyh!7<AKF!vh)^1^wU@&LJb$I*d}JE0^WXqv32#M&-jMDEzz9eMl52FAt(T|
zYqGs6iXIrJ8d$Pf{Ne_GAM5^ByBAA2y)Kp4($7y&56eUXNMR%+KZA;#SxpHW2&|lC
zY4AI8{8nzhf!4D1S*XDjT$!H}6Uo~5R7M@wKNfv1C@7%u+<X*3bgWwzYcO(%R?^NU
zL`OvQfK>AG>?O)GFE@t0hA}41H`dl~|Hx|@c0Iv!Q{%9w))<Ktl%)|P_923Dgizq*
zA^$U=$HCTd;KFNuKDwgY5EC#7Dq7Evo6QQJyG^3s2FcQafCs>0=0&k0Qfz;uy5%CY
zE)aZN$Vr1k|GnpxjI?xEB?xcB7N5g5yrRG;fldkS2NXb!x66lqzwU^xDZ-)9ht@tU
zext3CI4fX_NB;le^*`)8Gp9D@4q`jh&Pg3hAOMaCyJVU&8+g+o!*<kam86xGd*0o9
zuBoLJ8ygFopE^1_Go^xnk!%A8DYpF419F${%`?<|E`TZ~nzK0`DnHd<41B3v61GC^
zdlb9CQDgw*Y~G#G4XHpc*sKNKD{OiY77<a3q?W)UX#tk-u(0v*aW+t0*x1e>k>gf(
ze&T`7v%V=vgn`Q~fe?r@%#xl$eQ;&)pMPp=d&mu7BUL(jbar-jbd*D{&KJVD41FLY
zkByGP0fW{`dFc{lIT$8XNf@GwJ_p)5I8?Z;Wz=J$##0JpFWAfT95FJM`V%KlvTJ;l
zeo%lSyv5!Y1tF9A#zuE{_ww>`$U+xuYPo?|7^&?hp-y)0+)dz)96PfA$2Igy-D{JX
z@=dt|674zkkEfv7{uZ``({2i7%JwsIaQF=daCj@2jUXQw85@&bym*F2V7FUEM``rm
zH1757BO0e(NNVnLsS`*8bUq8%8e><$=rO_4)t}<y)0m-@=^qeKke~mO@N$M2YK<o0
z%J$GdUB8c-THDaw#DEFjv1j~a?=k<|-jizwkPA@P-;oj~T>b}K_#01gLO5Hey6Q_P
z7xsS|Y7hQ8efli^a}jf_s|(2Cu=fD+k-)MJWv`!IHdg}gXIp{<-Wtux#KWUPXZwOk
z&IFj3onaoH7Uj8fHov}IWnha=OIDR)ClEFcUxH-`-YRR4DKfij@sYg%vf&q$cKj!y
zH*}-1WMew|^YioJo3K-FW4g1kzFx#H7gA^<=6OyfB9c;4U^;I?pCBT?S)*sgd%Eaj
zDUdM0E5P@W{1I$63No1y6uzg~H}KQZDSbJQSXL@8Vo06y>yQ8ZPDiL=etv#E!ksRh
zH*el#Vrt}56B4R{BFnB*wF{dxNG@JX6JsvE8sS=kuacu_>*Vw?DyHpz{r4Q5>KyOY
z)m5}QeOqKi#N@(4ju`4XwVwRjTce4jxh6An9YCvDADy>ayJkL}?U&N_@ByS;6kIl;
z4*Z!U{2-Z`bY`g)0IY;-4E$>wwm)igy@m+`L+Fp=SB3;B5QD0MstULcXr<sHHPqLq
ziy<CW5kuhTK!Ve!HS!Jo#_eIMf?f#gU}JH37`ZHgzP{q(;;=y~WFSeHOARI>OhA}F
z^^~A4K&z>LAnng-)L&>?>9!U!6Frcao+>pqHkO!>&^B<7I897V${LMwbV6ndBDvZW
zpCj`N477x{2a+{xjm+A+p{cIU3ncp8yDLmgsnGBN)w3-BlNLoBZ;;6mk86;T*5Dhc
zd+BqAVicbK`Sa)06k=#Y!_sI$8^1rIF7kRdHa3!y{*={5tr!5+cX@eVzI<t9V30P?
z^{M0n+u_v(fHDiQ%11ZJ>m;Y3d*|FBA*13ndX<@(iP&5kMl_(Y#m2t;Q-pB3o*aQg
z2#z4c2V|_nqFfP4_v!P=Bc1?pA%J}lmYP*WSo0z1W}||_cm<O+EbDBWYekNSbXnbo
zRm)mPR&|vpl%BywGR-%~wzx+SQw9kr4kF&kzfeBRY+L~Dh~toU4`C1p1U5e0XNF98
zr0gP}kkBNKkQ-md*e52ni+pE}x42ZHZ_~WDde{YR7V>Xkf73$FuE!BO?#Oa<yt184
zGXNbxo;puVoDW&3az$QbkP-;~yqOS<yg8cF*lF&&9NV|y;e!P=#{YOlj&v6&1K>ov
zy1DruKphM)A5!{??D-HvJ*8+bCYYk@TJg)!uC*8}D_S`Sa-Qy(pjJgb<NnzTXlenR
zLo(w{c~4$G#J#BY+!f5y-CQ0#BR+fbcOQ}cD6T8xkZ#=E+`P830qIPKg@G-Q9UTaf
zD}kJF_yp_{H8nMb;MLI35GXs4#yOUQToB~a2q`6K|GYRj_dSp9pO0z&d=(gYmVn?B
z7h)wHocz~u^xu-Rx3>=s4PERwICC5{V)}nyt;5m%(-;3ZW&f5hk)8vmtX4gJ9G-&~
zNsS#JIrcw#Cemvu2oA{_0=c4=TOOqmd?`%2fXu4UVCeJb(#yXKI$T6#0<fsAV2Yyu
ziVp(u46!tzOU{Cme3KlXh`Iu}XuoBH(!`5!<^{+m#l^+Jo@T~nC@<5%6(Ba^4HX{$
zEamvj%*@;z6}Zi?(IJwF1xM-un3_ZKxX>MCM^<mKu$V#e4SMW_X;9+S${b8pRml@v
ziTp35$~=6??e`W8Pw;sduF!Qr?u4QT;%G3LkX@>x88>7UaUzh!2{y}hwm30y3}#x<
zSqUl!@QZVDav<FR(~4`q={5sH@=??cqy<=|q?~zCDTRd&5VNhSs=9IG2A$|Dq{4i8
z^5h99P|O6R*VU7bkH3Mjk1{9+vI0g#x(965%s2cR_DnGhB^E>-7!VL@hGc2Exz{_A
zrAR}geczRtYI_&$V{g}0+ztmA`Vqou+xG%XA?x!=_qN@*ueT2f?~XHyNM!M_9C5kq
zEeuy5yt(=SD!$WL!&!6MHQ0nCnP1@i3xuOQ-TJyZfEK=tjP&%v!osSBw*pL|d~UDL
z$Hc~J$;#gJ*j!T4d8|aM<2IcPUZunpcJ}tZzAf0m9sD6}zQlG+I)80xNwvsK34{ZH
zL!gvhXVHg(3LLdiO4@CAbGbSE{@DUV#Px>cLVEbEj_45W!QJ1TGT=ogd21AzL8wgP
zpGSOyjqO!X&?2ZeAPz##4&n=4r{88=m8ggcB^Ge_^(IeuVrq(Y1k84*ed@?DLnJv&
z%DEQOwvRnL=-)urxrMV`T({vB1vpo#A9SC3*FT4xgLO!DWMnUREq3<yTw&OxX#D5z
zH4{wpPFZ5vth2eThX#twRU8WxQXhg(BU=j{nCy`uB3L-8Af_|4r1vXR`XGLTjS6DX
z7U)}1<RQ1yw!iy-mx&hSoyFe1^>8dc9NIF&3iKpcv;KCV{y8oVY1I<bEi?9ks>8#`
z*wEUV4f7jN+XvMicxdPMG{CZii*m5z*v>Ddo)&iF$Ye{OA|fIi46A{Q-IuAt&Q<kM
z`){-@gqpo^)M&YH(Fd|(NJv|2YHAR7<~OYd_;iXnt4+h;*FYrZhq@*BUDpL>p!Ztz
z_w`XMg5CN@<V3c^KYNB(WD;tSfJHVw*TOvk7)iL9?`xpex|+R@qJElqqjjSgvt7u=
z5MQ_u{RZdPS)}~*=mJy)Ytjw`Nks23Him9j=5?^oxQ_zIYmK@!EiH}ZeCtu0rWWu}
zrAKyO!-i(XQR9}Vk?H9>#%)vtU*Eyq2p|d4&iCWjuV1i=NXW<nI$UAvZZP6Hp6Ny<
zxQ(X6+V3a>*%LX`^XJb)=s`q8q{AcqC8kC1JZw}?Ri4Zl0P+EJ26F%8jiACy&j^AD
z2o4t<CR9!qfxmFr&LU-1P5(Qzcvus4^Hc!Qc6UJ%aE6VD7rcn=-InXgz|)|AnkEC}
ziiI5mqo)^o@7_I#u>x0?K%<pLy>^!yLFLh@aFMHp&1-L#_V;#L3$zN1&<N<eeEGqH
z2b>%nVP62tLWfQlNlHyUiH|R72?};H8`luM8mR6rE+vX|w{Jt?5D6^)voh|`Zg;dm
znjBLX5C@^Y<~+!^g7)}fbCn<G^hvF!NT=n#Cntvm{Tw_1*3c%1s0;H<OC!nP*7Cc5
zD8akO0<h-2AR-9qkh{(cS*rV>?zFVG3qoZ8cCF(&LBdO=dK;<LiwojQ5q}|tJYY&6
zJ{cl15c0nVSwRRO{iQLv=xmh^HUkh6DlW6I?O$i$K#<;qH1b%DYQRtj1NQA;=@)@Y
zIXqkq#Vs8894R4^Rfb~UT2|$m8F^FW*5Kkf*ezrT&G)Fqi=kK@1yYie;XVcB$G+c0
za0D&J?GF)~@PJz?#NK@LEIvLSIB0&3;K~;|BEF>>5K5<MKg1$hA>!E^p^^3o$bO-(
zAoY{(x!$>s<kL9_OgKUjDhx9x+Taz=GhGC|NQ?ymC!9W+#1nW^HBXNLt*}8Oei|Yx
z+Lz2UwYH)kKFk@1-Uyx`EoMWHzT|Mx16hemt2qQJ|M2?$$Z4T#mkxvI2m?is5X4Xa
zoIEg0UI?ipZxs7eKK}7Z2;@Nq4lN3N=<wzvhlfGV^0bAN_q|#9>l-Kju;SyJJggZX
zs0YvHW}MFfV?RM+aj)&OP|YhJyV(Di*2%5$EwbEzbK_kJC6jjeTquhL``<#>p;`I7
zVT+uE1UB!dffoJW^fFTf1#&dZ4q(l~1<HOYM~(0L0`LDd5n%)G1W3TZ*3wMrQ$PYF
zhHxFPVe>^0p<&y^c{<UHBqY(sB}YAu`PS{*F0j$nKQT>}wM&oVLa7{2YrqF15lWvZ
zGUMw$VPRn)aNNCf=Y@}tv5}EFpYj>ce;SHr<EDB05HVeQQuOrA@zbPiH_6X{YRGtU
zh60aa0>or6wFU<Uko62(JYq!(Y>+;92n^-0bN|r@L$!_qqr~ityhof;avTC`u<i7H
zN;E)%I=>4HZ^FX5z<>g;Be-qkvrjc_0h~01%9N#ElmWGfmDL=iSJD?vdhaQ<4f7A%
zNS6Yu`5o8^fHYM(hNGs+$1NZL_f_FoB!r&r387BZN}(zRKbIm;_E~Rw-y^G0blQ;c
zDQdjsGW}B9-Nj#Qm_tbqv4IL+`x`xa^gc@VpOn&I884Ndll%<vxn2l|S2@l`cu(ZU
z#}9+oPye^ow|vwNTR4|jRxscUfinAYLX}Ms0(Wds;J<3Hj!~_wuKvw5uT!&Dx*;U=
zEkxVSoqHFYTHpLD{e79K<rVs;9P)<#DGle+&cc3}cl~cT0>Fue={f%BiV(`2)2*$s
zqeDK=XDZ&yv*rn|WXr#M+HQ_I1nC*7pf7+3{iX&26aZ3Eg#C>u4o;avic`A|(&MmS
zX<%TW|D$C&XjuUf`q{FvM{OCd=R8&6Sp82#S^RL^K!HvsARMdkz_GJmNPH6}3&c+J
zPqA?)wIm$PSp<EKc$I+r3o6w={JcM{uA2!q^L@|O;34q#@mYlXy7-+ra|X5xViml9
zJyci6fTodeYWMYB(S3A?--KqhrxwA~)KpAbh{Sm}2ibDv3CK0+e{~d5NZe-(?s2Q>
z7lJ^0+toKUFh9aS6n@$DPuah7SUsRT#a>}!vw(Zsfb9lCsgaY@IsjQn1?J8Xr>a4o
zQ$oUT4qzT9cR1l?UeNEDI5^}3qv75w7XH4zdviymcG6HpOe`RZ6uRQgzq_LBnn<GT
zKN_LDF|!of2w)7lOCb{gL{r|sVwCNO`-%*u>Z`(@V?FryAD|owpB@L|6XuSB-CC(b
z7V1V=D4B;8OHHirs5L_V1CcNO)f){}+}zxBb#<XBR#aAsum++HL280+32?^~MSTz(
z7|{RBRJMMF;K~1PhtV3WU4OU0FcK=Nw~%aV(0~bfVXZ3zz?fausnPiT->J&ZZ=P(=
z7S!usS8mWtDx&_teGcyFVt*<uwaqZ3q^t~_5aq`nRV@inNROxmLR}BF!z2C)fxv<r
z0gTq^M=T8J=LaYU09+uF0lSF)u5Y5*!wcPK6LF4OkcSSqO50j%&_EFDCP6J6b_zkd
z<3Uk;5Nv%ptS8Wh4|%D?B5b1pvI?=dKghz*q=Vqk;6n?7|8=<k;i_g|wtSDYZ(k#&
z+CRSY+aLfj(7pih3Zp(n0Cz!H(PLa_Z0bmFMU;EUQ$he}DEY6ykLa+?IGXI;fEzNv
z9Z*0Hsl$V8<U$<W_U7oAk6vN8Hw5w+ut`9~5Y(uwsCf4L`C`VuUZqxlbY{=(1TrFT
z!Y8N~TV-p0sW=${%;BiZ15}EUkdm^`RVK$fY*lbYd+bK*{NVOSL4a*Db|Hm(1%>*3
z$XUUbgUiAhcSlnVVjpW8)dzbcJ~Zn~OVF3QGs*r(U-t3#{)t?re=+)uB@e|LHiYCi
zae9wy#38m~!j|<PfWkke555C9BU;<>PjQam3(}yV{~jv9l|IOqTVFWb#q|LNm*1Ch
zmIvno2~3ZI=AZvl;{6|V^{6L9Z95b~LVcbB_iOE{T9w1Eq$DctbGjvmt4cZJZ?bX-
zn|vsp1tO+3inLL)DYp5Cv*U35v^1+NTiq9;O=hIkl=c*&M_*I(&rDCNfxAQO1wQV>
zSYFV~#E}*PclrV<2~ZDUEr>n{c0n#9HO$ZRt@)v6srhc-xzk5)2huQ|*z2$w0J-W#
zW(=VtaI-2%{)5Kv=kI?X0Wk>Q_MIH$rAgj^-R-(J$wBBcDEPlLRK6ok_2T6*m$3l@
z&i^8=lO*2@O%-614*2FrbX1yyjhPvY!6W790D5fT>HMgI`t8%m-b&akLLU#L7O0`x
zMXps$6c4hG2&iC)%)fF*iaGmv-&M`|)2o$PAm(q`n-lBsjFRqb<j6lLYghjsJ1tJc
z%Q9Nbk+A*FRzPwQDqlRmyK*0R`!kSSgI0g<-X}<8=saFivb5*ur9(~u0>w;BV&3e~
z&uM9ED-drDOb?bDH`<z;DR~{zBwkuqZ5hF)t@fe!u+gF6gj!3V`W|HV=V7N3r*Yf(
z#KaoVqy!VQUg4|s^z?Leuz%(fND{Css=_W=*6TnOX_vr<$fp@3a;-eKr&FN}%GZL`
z$_qs2Z0zAgMHmrZ(guudvK9V`6U-{r-f-iOoz2ZKNRHTtw!)2{{!Z1b{^jzw4&1Bv
z5>y0Q)x(U*pF;z8c-#i*!lrUvh30w>q4|H(y{2+>7+*CqAz=vjPf{8L_qP+OV3-Zu
zU`j+adi8Mi<0QB)3a>(AoJk>%S!OSQ5<NkJ9vdhOlK)=rY%MMQDkeq)gccr)@46u!
zpFZ7tTqZ)F-ZGq$-L11CclqmWnmsN#NVGb`?p=s>hV9OR<^d!4hocaHz>yF`yt(p~
z9X6~cH~iQqLDC3_k7FKVLTQbUk3Ts+9>t`vP^x&|y4-WGjJU16oxSs*xr+|lSy+ey
zY7rVnse-ybX_37T+l;^@RjxfrMBSxxA@rq`0E9YW2gVBQPF0qbeK(m{;KfGz{yN6Z
z%<#UM*$nL6x`At}XN%_YJd&haTy+r~0&A2S3pXuug7C}jXqOI<{qPB?(&~yq{w3jp
zX+eAS>ie{`Yj^KzbSR3V5)%_Q;AUx>nryTaBO{MO5C%K*|Frhz;Z*Kz|FDXrLZxJ=
z)DDG2S|o)u$*>SoD3YONN)tj+L<3UB%*#BdjAbk$W09HCAcQDnp5D*3RJ;3rp6B=1
zdmQ_|_in{n*Sd!9d7hu?D;)%o&6wRNWp;3I@Zxyjo+Arq#CMoJjc-RCR#H?{3ERuL
zc5U3>hcr;Jevb_iLj`fyg=svP(X)_SR#a9BZQJ%P$2#eA6xN{ny#$>{j9C4*Zg}hh
zErS3Xw$-cAA=YEqLuM793{++?7@K`Ya^8<0=M~s!RZ*R@_T+yRQDybJr}M`@y8}^z
zz2?jjh-zwH<7V~@*9(_*Dwqv=NJ8P378O-X`~>X)L&Bic)T`g~@iy(WXawUyydi#P
zt+c17r=KBcD@4Z`40cZm5>kva<y|7<^L$>i<UCIkVH4uT$g*z5dn1zhKY#fR&eGaH
zBZEb__8DvVRYIU=asmZ~?xA3)Lde5}xwAj}1L{C#ZtfH~GE8A-2N!PnGd=Q0+Nlzq
z&WqEOmb6YVef3)`sBW{tatC1xAAs)!9LKK0=Rk*10|?L-|I@4xcSWPL7twt~P2&r<
z(3W-$k@@vvV|UcHPiZ+q%XS+SHE>JtZ`)Q?SGSXw*Jx_Jq%MJj(jev~kYE?09%@$p
z92sF|VPT)jJO626=puXw4Nx@}21#Cr3%Gr|$^?(cZ!G+}qIT?y(?5Rv__zwo^Dp*~
zW=fcud3KY4W3`Rvt0`Q;nw!z6>pndn5vKHTeiqFCRl;bci8uwc(nJVrXrw&>tYS_i
zMowb&pSLq(x-|2mT%<K0G^;W3f**}ypmi7?^mrTm7Y)uvxEZSN{BaRQ^DkYD&a(U8
zbEHm?Z~}GQvNh=<P4}D!X&M&)e_*b;!u$M0GQ_Nto<Ct{-EIFfJ}&Mo`c#E!q%*?M
zsi~&6@l$egGL$9|a7oeB9Kbh@w<|L2*^>(|9;Wm~P|>$SMoJzPWJ0MLxg|TjNkoJd
z*Wi~HDDiCM;X{WYKJNv!{*N-usJJPamo3X}i`1UjZz)G&IEtsk$fpbvPiW=U7rx#1
zM7n3<Uu2d`&kk`!Xr6GdT$|_&03|7Wjgpp~kwGZ62x=X-^$ncQUqYjXokxMo09-RW
zO40P?cu<6l!>75q?t2yX<$G^o`co}emjsF#-%U+Tb$744y>j!*TY?%WXa9pTbuU*w
zsP_Kde5G8yc3!W_Y+g^`vTKg!gMw1<X?O@sO!4@--4_oQL6;aTWu53~>$?vgM=<RO
zD<~>1-nnz<$W|+aFQK9d5BRD0yAjv$myl{ixgM|*E2o$du~?sbS7XDqG6)6hU)ib8
z|5hDuEU7^ZfllE5dCrtKP_hoqnV*m=mx*aw&!<mMpvwFF`7^E{;`@46l4ovh{n^)~
z`Zg&z9CZy3s_$ct2~e_?d_hoQ;L4oo2G)kw#Qxwg8jdq_{0=48K<Mc^^k+i7fjidZ
z*&q5mzLqWX@nf~+1la=P9txWeKUqChJV?^>n>29SRj;e6mM>YN<^xB%BAI>l>gbbi
z*j|Ure(&he2;5J;C&sZH^A-5m-IuzMr)QR{Q^Inz8CC_rh7HxIto_YT4ln_y)W4Z|
zGE%@M{$}c2;phOv_6o7NIj0RrHYzM&U3d7)#sz|g5BY?%>^9bJ>-^YMQP|LGrjrxg
z7W7Pzi?b`s%p@u6X<+0d?Yr94XU}vVor~ycjf{uz`T^(GfsGtzkO(t1mTzmrva49Z
z?bFEBs^VATP4Bv=a-O!gzZ+9KYA|>vdcuDi93(Ko-nddole~CjRcd%C3+c&p)yc83
zhxeD)sme;5)o*nVJiI@GD>!<iRYN(5ya*Nk!7|Cd3}C;TgrtG311{$i6;Of}|5T`R
z7xc+z3=Oe>1NSBpD3xk5uCX6OO?yceAf`b`Hq5R`Kccj5xP1(*A3E@^a7PG}aJv1X
z<bNH2%_p!0ghEIAS+{!3g+p~$((d11G1B7ema5s9h5`VsB9QX{Kfi=Nu|Q>Yt3!ue
z)wc@>>}cUFe}M+Ht5Cmj$$9?thsm#BqPqZnwuwQ(+FQI~66hPeyzvPxCh$V}sLGfQ
z)&Xih@5L|2wh<C~2_U=g9vd9c(`yIv3}6BB1F?%=j&w$$90MIr(g0a`JYQa8RRgBs
zZEnF(*;X2fMe!1-p(mi@O+tS0*#LkO69oe$H*JzT6;N)3nyjFp0D+f3zq#fXZiuz<
zJPHX3@rmo?eLK71<F?ml(xlkDiH9l|zP5ZltCQhAKAYPLp&;LVrn9pX<M#0(N)$bL
zcV1ekNZt?UlDO9;tg_P^IZ0w--c*Ge`XxbhL9YPlzw+enhFSt#5>yNjq5;w9j6#LB
z8F;5%z1=(CaU@CKx=>+hZ)z=hNR3RchUyjm=ToOnF)rtL3>?iZnS}68Uf!4Bnclon
zWlw4hR)%Mu?~Y<42RpleP*7rHTucl|g*PQ7e9&`3Y1g|rShRhaJ8`l@zI35$gF~=3
zTJN(d6yjBVU0o8CnvEm2gUn1p6-`D2O__BGiXec_q7$0v#5M&^0XCo~JDXf{+<rcB
zUrk2%g&-F?E<p~-kCJjesTvF9>Kto$<PI<_V#L>!^BLqOX<o;d{?g5`B*^0f9rGIe
zGOiyzxzvhf;kWSPmpWFjAPusyF1o?~MwM-HGbNt9^3rYwdh+zkChi;Ts@#kB)zA;R
zQJGetppxW%-E;Kh6{Owv^yHe)rp0tif;P5iv{TEA88=c|S&6rxCog7^)U5f^r->uv
z`6*wc#uT)C9qt+8!zuAvoXg$tMEC^+u+iR8?C}lax^TrsY}jLCf$wXdFSB!J`khAN
z8FQvG>FkvyfAyjqVs1Ds3Mw7q7iD#7VWCr9j56_Egtt+Kek@oLH0m;Yo4rZRPw64#
z$1_u7V<RK|=w*FkfBzKmxLU{P6)k6G?nj{++EQjESHVkJg@d3M4wG0enfCMN<y4ar
zfsON@YRPf_1j2M3zed~w2Ga0j7m_=n5`i|Jg=I+)J^4D7i5jsTiio#LBH)UJv@Zd>
zG{UK23Yv4h#XA4pGiuxt^*+}3T(-{-OJ>6H4$po1eO@xYx+R|cNN8`%gErzgIGgto
zCz$+J%^g~Ab@iaHB8zTN@k^A!X;Or&v)fYQy{Ge@3tJ36dGf@nh+s%q7E<CV(ne|<
zDN<Kzz|y{}U}vSf&g2}snUValF=HIaPc|K$=;lTAhFj&>C~EF-HPViqj*j*m(>;G|
zo-K#L_xH70K)ZCFfBuLo@66w^ixQ73J)K9psi+aOOG(^P>*#CL7D%eppyypd>Svr;
zNz$ZaSws8^@iA`a@!P})Wn7`VzS)~+g!yC<0VY7|;3jg*Ab_~IbX4Ong}PahXfZ&(
zT&U1F^zWMq=STSa`tF^Z9!7D2J3m(?&H+xnLiEIL(f)+$1Ii?DE6<*xIWRUdYF4<M
zi*W)?0hUzoI!3A>f*l|gk?MTx_A=AHDrtw(ser~GR68UDXdOG&;uOtKkyuy|gYPpX
z=XB8hTs)e&zLxZEE2pV8%+tuPfvlbg<9%z8f8YQr0F30u)>w_P)_7|J$Na`isqj}0
z+pC?Wwh%P+3(S&eppVq#i7OG;RL&jeB;`?r%y8At!m0P)ldF$uXrx1q2qTWI?HD4f
zVdLl95npwd6KZ1^5>1rq)jlX1AfZGm^bt8&qRUG7oQs&YnVA{Z4=g@dazKQey_W#o
zP6$QbiTXT)IWqMAeb@+Vfd@mykEu#0q^fm8e@pt7fBxC81%f*Z`eD!Lm>uq;1sql`
z6BkyX1UW!EXuK9&Dm*GNDprG6P;#xIt?4cLfb<~5jjMF5P*6uO=3207Uu4&)tEFBJ
z3fa@fdQVth*<o!)lS+-z=|yrrR3_4a10%4Tsu^28!U~EfbQ}1j<YWsx5RkJ*9yU=w
zGKAdVB=Z`GQmTMc3l}sryEQjAgN-cb#ERd0?1ZN!p)Uu;%(71M{7CPye#^SP5j1>$
z<-8B^1+Tr0R%p#VJ*0K77sCZg0;H7_FWFR^SCK5kOQyeS?_~i&K%nbzIU%wed|!Q!
z@P;?gWDa)A&P~9(8og~!QQM5fauhMq+w#WwwZ{pIc-Wq{v3mdaP3;W*nQXtG!Ri_{
z01#FoIm+83T;1Fd7Op7ZghVB1<&(wf$`|r&uNSAFA!>ZuKAuu40U~27qVJdDn&@Pw
z<mH`QrA`FBg@z&w07{?)tN>w3adiy>6hOj;2p+)g%Ei{?z&;#xc2JU@fgx1#!hV6X
z#>NfyDltSoau~IkI9|~jr+P1Ju*mon`<u{y2eZn7wzu0-QbMWPyY^nCbB>*%%0?dA
zr70pJGAtC-dwY9A$+&GSR@M}8x`yv}yCCcK==1#0`jolRG1T%XDi|s{(e@!fMLVPq
zT__5%wXN-OtyWZQDTZp`O+<>ay*-k{LC4qmQ%$F~wN51!_=%?QI||g>tCZk`#gw+r
zDR>+=N;_|7KKQPsATH}$fpGQP)>bA|9JYNs?>`pD(VGWu<mHV<O2XCco(>;Ny?6>K
zwg0&DD6C6}k5{Vzy_<QMuix^qL_q&oH;7hnan+wsf_Fu$A|foD?>J+xtsR)@s@t~N
z^=25><vT-J^knyR$~UDHc~zTDnCu0V5+99(pkye=)nVa4Mh?+KTET=<t+T87bC^zY
zhRqdAi&gUrbzmrfC1=;6`U%toKFw=G<y(5M=VPsa0HyQB&-s=_Cjrq1NnB@?F^(Kj
zI{`T@pe;MQ33TT29vl%@!EJ#&GZN)Mw_|)%Vlmmg?X=}~+_;kGKSBlz!5U5^f19Xr
zg)e$Loe(7(12igdTZ>&lG!gM_qL9G5PTD>rElvH54?+xt<?23f<C;?Mt5pJ2bLY-(
zTc36N`Y#FQ!g7SCGh9iVYagJjOe;g6!jJ5|y3j#(R|lVUsL6O5$1aqzUXMGNe!d@b
z#G>?O@36;9GE`@{HL*0#Are?kCNUvF`^lL@K>3g@c74Gj^c4~HFa&0xk8CWpR-nU|
z6uS`|+=g+W{=-cZW8*`I4_8EjMu&C5a(Pf=mRyIzO7k`w^rJ8iLQ#%6kddAq*}Ewj
z8TFq}B8LTF+{JyM4~+U7+0R*eq2~l+-i;WPl`Egve%G^JM&_`}D$yp5#xzE45wHVt
z0N4(78fdtLqfy)R6`7HG4fu0<_kWpV0)1V-B*=S-)4v^<B~uXlSpAup%wlsxA6h3t
zN5^5)|8MDE!X-#|YiZEc(519afcT>`|GpZd>BY=zP_x3<Zls7gE}HL#=+PJjyU<N_
zH@uT%c&-Y_UT5!DFKUFup{mZ+bh3jZhp8ot=Bp!G2HO2YYkwBFog!*69a<tCE27r^
zu6WM;AJzVDzxaq&hv>WLnHvOMUOdJ#IW%;Uc09k<%l!vZ9z8;kgdOg~5&LUU2(aO~
zMwc~TFXAHzJ^GL_6c)S;Ko`YNp;1}*cc<guKy*69h6b}@U!Z3S{;7jrh+;>(7vhCF
zlpfxNX=0Q;8r=_$S9rtq%}T1OV`f?*3(>cr>fSnrsE&}3cd%aI_8#kPP$~*fO|?34
z;>5Xg+ZoZz5$zK5F=(B`!e*Ndy%ZXKU-oo#9B4!X{on1)mmGY?w8-z1f1CZin%}Yz
zB>q0tOWk6QH(D$~bT0ckb`c6ZESCI}mHW_6P)l59=dYBk2<=*-$(V0NE?W?7BhiWw
z{W{$W5@!**G@_-b`AlmlaD2E9;3HR%)^ieF2Wk7nlXu^g9(U(&rbtYzc%6;L*Ho6c
ztlo1=f`resef#v7=wRtlj^iV;UREkeoV#?uCS}90S(SQIjJQ=zUjLlr`PTFqNjT-Y
zK+5JJQw+g}od~>ZpWa$d58W*x1pzZjtaPY)T!Q%jmXHgN85qbhz~5mH8G@&y_0_95
zEPP+;f`Wno3D1pY7p^B!RuESP{lJ0Dy+Mkb#Kkiq&IJ(w=nK{n#cS5q)~HGlKtQmB
z9XJ|ZSR=LzO%KeqgjeUmi3DV%U&bnO>y~_+N+@Rf?Rt6f^@z?!g)hQ@0qPMDeCx6u
zCNdqChe=vyGJy&OM?dJilW;dUV#q$+(9p9{A7S%YR02*dS-KQRjo*daJ7f<+{RGit
zO3n{kRQ+e&VLSDsLXw|9-v{#;Sp4##n4uet8!(lpOOb(0!*Gf@u8)f`CA2eVAawLj
z*3(El?NGV;V#3_1NCrU_UFzSZ*>|T#X5rhF@DiLJ)Y$EjHh7PX5Jmjyvq}$GSy)&=
z*XL1#`j5F!aR%Lw#FZZ(fzjg@iN9fjY(zjQm2chzEYNdnhbQ7_LKCeefHXJJBNzBk
zI5ObWMQ)hDF7M~(2j2DS=Q~?6)}E>Q?7?rCm+7aY<j-$qseLH_?32NbA}1bil#-eR
z@Ck+I0k`Ex<Fc>Zh8yn{Y<=C}RUV{G3mGTu(2q*nx5@Rmp4}lqM1g4Bxv;9t*VJ*M
zQXeP$X``h?+=b_T8Mc{W6n7!-5X-z4gh5Us&dI_;B{OVE|K^RgCuehwhZ5GQ_He<U
zG=!Y)uafgC^y<<BsU87}&mtrD=kKk9#A~=u8m<>yPW1|$`%_4KsSY@)r}wC?$M+&0
zeXZmZa9V3Nxt<6)x_J?2YJDjRvS9BHcTdLMTel+ko=s8vUY1mT<^kSLkTMWnRTipe
zJw0rF0|_w!okE=s-}8?@(|hRS)6v%_)TZV|P5A5Bd3(FNkDod<Q&(Ntf06!mn6$a!
zrNohg6rKf4KmQ;dosw*%1v&zBNe5C(?9ZO<uBcG-d1iE4VuLYYs-$`znX6Zzi4glL
zID)=WqZjBMjCOrJJ)8i^E_JK)yK<yUMwQ3v=q7l|)%hQ*cks7gXCx3m!gY%R7pHpE
z1^JtU3ymifClI5)l!=Mh$%RdI@1_^8{oM>6Jz{*<+TLIvnUX@m5{JjIU^O&*dmX2*
zv;}LVY}ucy{;cKsbRGV}5r&<#1gyDQOR47$q%NO^eU~peUiA>iGTiBfj@RI0IvALi
zCgx+@{`A6TBqq*uMrFD_+!^=;Ep}FNy^+|RJ-rNhi0kOLOy{$sSRD&xN&B`R!gh5T
z$LXg!R{bl0{r}x*=$wqod5%Xj{y51vc*K52NhJTv_wV{B_Jvf_{_9QF-_4|J8?}gC
zF^K%<rFhVx^32TNEiOs{g+**g!!DZ--NJ$QQN(opE{GZ!5`sYak9m1}I~+)`zin8*
zUbsgtvJKGPVXqA-^-2dJWXt8{2$Uhvk}}9wcvom@X(@WBr7~&j-rnK96Hw$a=IvZU
z;(^!@KoF6Hr$rHNQkj#HP2OYIoOaAws?7WJnKNhVbp;#j-ESSSLFgYW1F``_NUJ0~
z*{H`ssYg$JL~{rkd8*@2#5Y#P5eTcL1xHu%`X4z1r&6}Gw%$F6jvV*rCM6AX3saSm
zWkG5CTC%Vi(TmR--JfsqINrbJTi*vv;?ErX)lH|bW(thX>%g7zadqWC3hhVCV$y(~
zxlKS0i)=fnD<N$@knpCgYzY(71yH}k!#+&)uF?Mmq7ZA`h0<S0&8erEenB+Y<><b~
zHS@4bzGZgc4jKL|3*sUgC1579zjB3s@!|?O3CEh3(<`KZ_ZpZ9B#;3xEROAVh`2<5
zfjMc>f-4i?vC#qxjY;a5uWDtj)!p;a`aNQNGcwoQ!Nx{_^K38$nt2LWCp?nVm<Xx@
zZdQ?niLI~5bs4*t_qU)gtysi}srdJ(U!zv*ycY&rC#)lqETg->(NG7XZe<)17Z-P$
ztP6(-H_5Sh<zGW~<jOKt2PdaFSSBuQ{p<CG^wnJ)MRwz;h8SAunb%xDz(7MIRPutj
z<LCfi00JPdy0m-A{Nzom<*54jX9bD-n$YiMn4Z~>%0x{2x`Mx_eOeDcU#DnI3{ki_
z3o*?T$b>Vse7sujI=ZO8dYYP67k*Zr`C3cqVIIMQY>$wZpZ_*B8PPQOh@=J~?J|+P
z6&xH}1w^-Qjqg#XA&EFxYUVh$^MMLHdD^&)al;j=LaOm90z;q-W~e_O<kT<HeEI6t
z2WMXze23=jyb+K~z3RIfbki@3_tDx2dCPbVRe<8Kq9W1?q~3!c-QT~9bONur2QX%u
zwLk^97BS^ln#DJu9QO18>P8O=zbx1_Bb>qV=ZgtMiBd&iHh2rTNH+h~z8FeqLP>}T
z^{2hGHmdn=;Hof!9m#6Z(WF}a#S3e^o&TH<;3VhcX<r@}MeL>v73m{H*Mt2>Xk8f{
zKC*ZpkQ*@qHltf7NExyg{EedFCuv{{02O+&qaJ>AoOz`Cn`QQe6|^>q0ERkj-w*i|
z)zw{s<Q?FBwO=;ysJ+N9{rC|n#%n`WcA?n^PFrsp<C$qWa)M=t?~O$pDH39^WB@9x
z&y`JN>cP``L|HixhRtB1qY#J_V21ZOEM$M78PO37DKSJ9lcMXmc^TeMynD>a|AAz<
zg?nswO1u<EzpY~uPs-QJ#Ku5dtu!<=unhM1_HuD@2KxCK7x1O^(y)vDK7L^`*Q7RW
zdQn^)g+>IE$XXG-<hrc?LN2&9u%AO$(qh_ad+9W!fm;cn@<8r)na+OT-;kL3hllHH
zX-OCq-6R@?J^6u*)tI$HWS#V`adUI)g2%ccjsZhZu;QxHVRUMM=W$|A=G!0JGto0L
z38`L%(JE!M6f($Bma+^+qw^m)1Ll35kkH%n50Swp*#zGG3hbJ_5dW$|0^nPSW)VYI
z<1bX8AUgV>z;R8@_$IO^fX*%a{G-5uTUvIDiek^8z+MIwPmV2@dM@WkS?c~<>CMNp
zuGs)NBW{kHozs^gOn^*o9vBlC@n-PcNkQ4|<02UcW~!L{_e4MY??j)4WO*Cw)~x@U
z=+hrz-26t&G}VVorQhRD^Kz42&I^|n<U&{j|LG*CgWlL3oncCTurvLl3KB+UkF*&Q
z!PhvNZI4J>w^ATMz|0M5Mnp(RBfz91OMsUV(%s5goB*AW_eKq;KjQvnE}8GbxrRm#
zml8W!O`)wmVgL;(oRWy%^lkvZOM=SO*cpSfVvN)^v^((5yf}?ul>k$&RU|-ZPYsIQ
zfIopVDSsO~PcgU)`Ca)B<{-$kO#)KRD0wd})I;^3qoa?^YceEr%M)Kb2W~xKhqa_5
z+cdrvLI;e~PB{}(eTW~q>E@P`lLP(HX&hSxJy^+pxDcd{<4wTAD6`SZN$Y*8-TyK9
zDnj>-EcB3&5MuP*++fe0jYurm1|7lJgG9qkpLs=DnZqi*q=l@-yqE<K@tb8UNV-kq
zmZBW6XlUu_z5cXNj_q_a9~Nz|(jG7H7YJXD)JsK3&X*HFe?`B+H$xeuP@Evl2Ew(3
znRx`pxaG@vjf-Ts=cil?g;6N8%Qkz#S#;zjgs)Clu1E^75reAmhLJeEBAk%X98+{^
z(J<c<XsnK@3uxS_i3z)zT?tU=R(kU(MJK=8ARl<~k{{040%wzDTAG?a5f(tt$Vg0w
zOhot~I0%Hlty@R8PiZM3+yMq9I^Z?Gm||PDBj{kk#BPf4NoLw(K>)@&<Hwd@ATK`S
zq$zTKa(o<|;;m$+Dcau=U~+oQy$=-(uMt_Bucz7wB!hNzBu6LoFNz8ZpJ)KMC{Zm5
z92HApia0@%b7hyjDlILzGa0nQa53Woyq<M`K|t!R{YlF(Eq?UhM2XCV0mptB9o@VA
zV&kYKbadyFoT`ryGvsxb#YAAuw?AO@g#Xg#^Rx+0*z<8_8g?KnLRV^aeI9bB>)1v6
zkoghjF^$ro&87&YAO=DFi@>|_efLF;Hx<r`GgHnW^VpuP`c<p`vBfB^9u7IRCwS@K
zEq)#$P`qLhBVJnbLH$N4a}Z8j**{b!V$tPl#_9R6{}M6;kKNit+${<<2Z!m&O!UV4
z*v3IX#@v8R!mFV1n+rSf7DPpES-7?EUY_`+mBeUEuo4-Ms0sA^!_7aT$9NsQO9ZLT
zB_%Pyw;)PpmHv5O`evSP7Bkj4L==5}8{-ap7(BFym3@CucNRHjQ<IYw3!yhMJ{kVt
z!6v_<2g=lIhm%7O5`}S}IV*A1_bd-WN<>572oU)xv^-GWz6sf#4k{0Exms&TJa%7J
zPQdF*MhiIy;}2Hn#>>Hjh={JpneBF(ef9Jr8a;J^IBMh0{WTVr^WTPE=X}l8foI*(
zT?ox>TyhpMo`>Ol#K;;=c&o5zV2#F32!4taN6hMbaNNd|gv+U~u^*e*q1{zq8>t>!
zuXm5h-Thd=^efrfCs@q!AmXN7#n$l5Xu|frb<=v=ceSbdg~%y0rLV?}uOZ{DdE9*O
zsV8S#GmXuxJT9bthe+WT%X(fpL2=ycLt29HURdtlOkb@fNm+naN?42{SXeF%`_<u^
zb&!m`+#F*9(XaY20g_aMpNk>ltgP+t$OAkuR!}I1VOE$25mn`_4F~%>AJ*u7Ll>+E
z`K-71KgJ3-D&*g~cJ^cKR&D2H@TB&1cW>c=@E6g~Y^(V24J>z16mR<?(f#r$8B^;H
z)*$v>r8igc5u&(GORSc8eu~_0%7m8?S&U9|Qy+TFX{gl-Qr{aSlC$%1s%)kxs%e<>
z?p3HpvXHQ`f~GnP6Vs0HK{$Gc9;n2nvy&`O-V=70zVP{`FXHZ~Cr318mNGN@W#c@k
zw=2qRroe7W=mzq;S}}~sB9^C1cLO^+e`i&da%YN>{xH?_f}t`IKY_Y~mMUhKf?T^J
zHi5_rd7!(m`~^UNYShYk3ejSP?js6U(~%`RCyqU(-`pAX27AK1VC4CUG^y(`SEKn;
zq=aAH>~|M;gp>Wux~6EgzH5;fX!Ub0CqS;P+||*c(PV69;qeUhy(|tey{eLu&wend
zo@Z|o9pe1sW^hZ6NK#0P$5@P@WAsD`dfDmY%f3QRhq%@VWF2k3X(|%ejt}Bqwd%|i
z_BE>T1p$&~b7&Y>1DZ8ppWb1eb@Eo;MOfD?_HK@@YLuYtIFEizcTjlE<6^3|npzDW
zB~&rqEnC9(+KGvX5M>VbzsLUmMltGaJUrpS!4A-J0*r5WnwzPR$748jR7a;3hXs62
zyTcCre+)LQII8P!xZm&zSBpwdnM8Y(9kNyOhF|XiG$9K$8nIP?Pf2O1POd!B>j5&r
zCJ!5=E>rSdVmTzwpPmXvAf=`3Uq|T7kLPJMp1|;(XYbwQ#_W#!5Kqv+stD5Cw+Ly0
zN)F{b$EJVsM=|SJBcrV&=!o$Q`|*9fEY+#aW36Y`7NfM*Cq`TM9+PK@+1Xq)02qsM
zpFS=71|dNG5yw>>FuZ?%+QEVh41N6%h*;s5mHqHptaFP?P8C7-%U2YSk1Pp7no|Wy
z{qc;)eK8Cev{fpadS{aG7KFI!<=bceT)&BE_-S=#*a3vA3_@4|Pa|uE0>SJ>b}&?j
zDo`G%Z%_@F1X1E)QF;f!3XeCm4?vILt=niEslX^qESpRu)fys+?A5+&0v{?=DlAsI
zuw#WjpX9<{vyVVT@rToj6X&Q99DQHZ>s}~IyKU$xF?8$Kp(sgUkt^LqBLu&GBrs!B
zp?@jD`B#383Rn+*YCH4eh*D;bwtBdv+$P2>yc>ZG3OdK;TqV{`blk-&Ueg*b*8bTm
zkRPJpAvw8Igbt)-#_jl~gXXDy9_Y%xeO!(MAo^@zvmvlmh(N{n`0?YsylEtlB3*71
zFvK3Bw>rIU{{c_zhnv}?m(Csm);y}N2d?$aR_11A?AuR%{r>&?zyOhO=kkK8Y=b-S
z=1qFU{et2H`gICkw!q^t$|jaJhN#{!`(pyq(<8#Clj}^7JxzlNtLI_DV<~-pOrQe(
zqlLeaE<EsFb-Fi%g{9^!6LB;tIkw-!5R@rQxyQM)3q(-`ZlC|j1*)eu^<jF3nzR8U
z0M<8x*kfmVnAzf~@CA{GKVZ;?YAVcO;F*+VsWZc}$fzj9PC&i6*QjiTb$?@Q025R*
zz;$@-u{kYfKJ9nkbjI#c6&Rs;_<3HG<wY8V73kq~mJwy@*ax`f|K{&V;V~fS;_9@O
zPiIvjCqksN;*7M!=HGxCd*q|{tv|(Xywr|4dGzR~&!5%J&u2Wfr6)^C?yIqI+kne>
zdR-b1*UV8QGvKMN&t6sH;gtR^%ThPyuMWJoEz|t$jvLy+?;oN(+Vy5$*y+*j=bU3>
zUKeZ;mih5SU;9cD_Y;?$zgH7t?DL!@@-E<M)Ls@;Y6VFbGU=+e{DH7~pe3oSsHlJD
zt1D<8`u@cE^N&k}f+Wrz{tZ(}1z;~92C`3eR+cS&b?jH#&4m8MIracUHQb_*TEVh~
z*)1R-0GZED*oBuJj`q$<C}jDnKnNgRkOCv2Vty5boe<_EqVdLkWBmy2d1AS$p^YI1
zY+}=p&WG=!Oe;-z;cb2SG9*`lU#&Y$B0rOAn%2@difd6r|23UZi5zus@;!+UY(k<o
zawss$pu?^^bMt@Yq_7Cxym=Gyceql^5s~nzOw2QUHcK-12}s-v*qcWx^mSVsapzdK
zE-!b+ya+GylI6>N?aWW5{?E?_G$O}#y_kW>AE4=CYX6avWL`r<L+CD_zb>OxL*KE2
zPD&E1!9F2Nb-ij&4g3i`Ajhp5-W>rhv_Dvo<`;w7Z!-_5OuAB%znixOXnrZ9vqx%f
z3a<|#rfLGx`6VZr|MKX_XbtWBUwyfbx)BW7C_zx&x>19JA>Im2+daT^2sHt3971KH
z9S#ma5}?v((K3;*Ba@H`^Xo9kvEi6853pqZgZym3tuWE1Mn4De8><uuUgQO4oad7D
zI;g_muu1sH@NgfrQ}FQM5ep(=d6gp`5KnZXFC>j*eP`qKihOS;OwSBrdC?^n=Ewha
zH}-hVgDmOSb@tE>mDX?m;}ScqtEou>$BCk7@8BTx={pF5r<i{cHn963PA>o`2~W4t
zS8(bBUBweh>|fHjPV_XLHk3y=3pKH|4`+_%KNq;ObMM{|LKbtK{Wm)hQOg7F2#T%8
z1a}l^H~-PZSpsvs75;@gvtldu5nqMw_r>G5MTc*X;!(PZxUSR|3VfU%2WWzz+83ta
zl<KsuDnSAD*DF3Zm<cr!&i}7#Mcgd3m6y1Tf3DRza?Lc+(5G}FFtIk6Yzm9H)xzpT
zSe+YLUK6wBf~loJ-fzz>Iz5(bZQ!;ESE$*c=IWOR^6Z()5UBX~<MdDJUU#|c=}AM>
zs0@r`1q%p|v8l?ownD^8s*rTft~KFUNW*(*XweU%#xX~|Q#I+9s~d03*4fgIo)qjH
zrhm)8arX4AWfB8Ar`ERZx9#?~ycD(0X4tiP1BnxNa%{@D|5Dt;c?=QhoAApilc^K*
zSlnqac4%CP8}H8HMQ<;<#Co#rYLsadpftAr*tY%UD6lVl87AnEvK~`g)VIg2Bn3-T
zB=SC?Ya>b+ef6AQNXWLG=(w{Wzg3kU(ZmKK3QtKB7ybE{{%$>kw^D+>xt4Us^PGBi
z5qF3HY6@B^?0BIJXa^uX0%;-3r6sh^x!TatZQZSKP)?JrtPs?{?Yj%N(grWS%X#<n
zi;rrBu5sYp>{ua@Cf`THksewhLIby+rin>x`QoydfN!=T74?JMaLU`}WyAUYoUo`Q
z=WjKy(>?j1eEaIvtIPa__L%3jH1>J|tbk7(ON(i^$nc0xn=ynJ1xr1%qNSrs{LpzU
zHYSQVdmhr|{_5J59wLo1r7&^=rswh@nAmH-9*?ldi%huc3m4m$GX2@1fT2-HBX?gN
zf4mxnDn`Af3|j^W018pkzW2<R&sb4gtOb&wn2lC`#)7pIwuMutjve!x-~wpG7e0y@
zpDT;%U0;@z1Og*SN$b4Zg_&d++pjCVK<c~0(cYhm`BM3Z_;WYjXt=VrzWTA2mGZ35
zW`%)Nr<o+-Elr;zc7`d<HW|%6C^^>rR<k$5k|3V#(CCa^E`IG2+lv-IjXqSx*4@P<
zU&ADdu^J3crzJwdJw&vvzt+eJVy_C`7aklt_E$gvtp2*X+Aj@9uS{&y4MB@QSzg6{
z^oW915DXaQMMD3woI~{Ey*&eJ{uZn5)Vo4f9ZWlPK1#(Iv>q1PzL`CiEw0dha({Q0
zO3k!4L?nhfx)Iq+UCKU{NfH~RI!>K~DQH5T{kVaW#uMW<E@_GwQ3ju{bnYUW;*Tz@
zikj+SC0eE5bva4g-eTO+lte2(4`LtsVC7Lj#e|v(B+l%57?squ<ER3=^#rjG2X92<
z)wT?m*vynfaY}2!R$Z2W%u|#jHG2UuVbi6dzMk8+m$-9NuYIjbrBrZv%BDSCsyq7L
z-_rai4IP)<U!%F<C9!WAb{aq?P>O3M?rmn}K=N9W-v@hw$vu{OK@jc5mJ!fFzD^LL
zEsIf~I^K<5ReZL=jvzmW2thVBm7B;)SoXlku)v@(tD-s7wq2kuWRI<i!&r)Ng@3WJ
z<yufWmV?K?H1<{-o0wF@VJ=`FD`~YS^JDua?`&*m16p*4erUO%#RuDd%gvO9%PWYA
zDt!NjMi&g2doa<YzmYK)J}J1iA9gdd;{xeD&RuZfeFqH_0j{anRc|B;ZIpa_MWLA|
z^4+@0U95{B-{6v6{u2}j)^1&gszY`hU$J|Z(AKS@A4EM<)QObUit@LPVx_H-7Q0V2
z+H8`QoojdaF7EX8l}`S|AR?T5-{+3u`U(%YXO09Z<66X`QPtg3#GmvyCZRcvxCP|`
ziLQfTexk^q8EvzcdJl*xnSnfUBtPkmqk5OB^>mTV$41Kd+AP%0*1HZl25;ojwMkkP
z(XvGkazt4dEugQS{79oFe0&w04g!H9T5&Yq4$FhEvd%W&6L>=<9mmf@B#L#nUY62Y
zXrdhWQy#1G3et_qjJIf|%HzNje>nT9cXBO%j~A^vnL)w+Zu02TpYj=Bw<{k&VZg#q
zcZ!25&qjK&mErpK<wTuTTyWU{H|6!CiQ;d^_xP_{SL3?Cxl6eJ6Z(O}0#mhHXKEif
zo8)H)YQB#?^^j-)TJOSqO2F!^Jj5KHZQeA%>NI}9km1+%XnQ0jn~~ZTSLcb+jz9wI
z3Nz0&J-tst+)~k>*Woz<=*~ZahZ7;$09Jj5pv*`16oRQRsX;jbQ~B2-VnCqvbWse|
zP#7QwgxI!d*6(5zeKqhG{0h=9k2DKz-P#PQ0w1HRTC>_a1v^M93u0TC5$xKfAa_q0
zJ$Ppx_QduN2yj9O#>JQa`OcWeAq!FZL|plTN8lARVfJn>E=HeB!RAM1(`i~(RV5{z
zXdc;jhA1ZNo>wPqOZkK1XGjK?>(poCHobHE_WcH^lOVD#FRhQ?kvown{CcY^(neqf
z&&|of=7kU)1uA2!(FeH$IhB%6D=*abT*i>=Jp?xcya(brqQp={l;+DnsE`SkL2|D6
zDSxb;8#xs^g{NOQBTNJjAzDp%C=OPiXzV5X|KAw@qmw`CjzAiapP!FMR!3VK!A#}I
zPLHGk<QV-uT}<ZH2`^3`LH5?&yJF#2#(#WDJ3o@Lt{uZ$%sY(IAZq82tC4N&vJ2EE
zq{*n4p#+ls)*D)aPFMgtqo`CWSmLdn$;sQq4YiYY0rCxd_^=t9@L(jz#lyIhxK>j9
zOh{EsT~F_767bU}XG-qkYU@Nr^rr*5!1(Wb5l}pYClfCT;rsW3srqc7T0nsO)X#k=
z$iG<CQv?+gF+Rr@doQ`t=HvjUrmq+8=0t-dOU+7gt^OqoOh<GQ%74O#2lybK@V}4Z
z>Oz^gVfRH|35iCys1Vu!6|6OL5c}Ee9h6pYGBl@r=M)Vf870zb`<_KAtX+(UCd$`E
zW4i%-9r5C&Yb9Nrozv3O{p^|COJVnGG=F-z2lYBw{TxE?2IbQ-FuWiVPOs20KRH?X
zR8YB*_c<X!LEnpT8<i_U2ai0bfzHljO@NYYe2(qnr4T`!m{8R3iwbLNr0_r<i;XeA
z7F{-=J)OIg(f@u&7U+%ym~Ou0SocL^Z$%C^wo3!C(DaEb;ap3c|M(mUNk=T;(a}N3
zD>Cejo>a)MGHM7B<ZZXanM+Jm<OdL{7GNT#{hNEZ9|L!SPN)S!pRkJh8EsRjZEMS=
z-5LBz=Z@6)E&=AGzdOu6zx}BUtf)3u0ia{3h9a2eKG=GS1MA6Y--|0C&k~)p9!95k
z6<hKs$`yS;log(4>`?+cR*H#$`A8`X48P~zNg_W3_XC=Ftfqec{(?N%NQ4mR^`4wp
z*FlkiE{@nJqL0jvA@Ht;$7O44n5dKxQPYPlNd7}_=U!WL^TKu-0m8kC<VrvA$7+yf
z0iZ0othyR|7|O9beOF!k3!Z+l)fj3i%F0s@3C!E_7jyIPE5F3)SP(amiMi(2Dhr~(
zXE8aot5lo13{nwilPD~%(8bB8kI6gppLz&GHLc6W^g^trqKdU{OhMFTSS=TNsMC{K
z7M^;zeK~I2!vYXztzCTjgB-S7Adck<#}eVlWq*&yUMAnY=*c;v`c}BpX`O02)$})w
zqVj9j!kbouMga&HEN<>kqfsm(nKx42y8aSvIhzPA4O;911s2+$2=9e(-v({RbktKs
zbWSa07#+Y88@%Pgc5xDyx~lMqLX?84>2~ub$rLiYx31X5fi^@kf?4r3g4AW(r|*pf
ztn}x*$ou1FZb+77xNMLkN(_`S>l#0xn+4U{{OXlFvlDigft3K4q4VQ>xoIU?K8?V(
zEdV@VGVx2EK$qh!jx$nI<cwa<<!FWDiEm!u4RNCoRLQ|~TLS{>`i)He8k?kluFz(y
zZg(X{0itUsLlc?!ujX$48qwPMMsA|9$4^n}*k#}jy~fsvd-%eNnv>BE1ov*TxdT<Q
zg39##^`Phqd<Px98jv#f%dWroc~l{aOK^joowVRT1}_Y!3#cxO9=B1ErA?qDsIa$L
zREP?j_4&8R;P)%bEr<mj$FMIP<QJ7`ax<2cUo((1KO;Tr=}m_mIhupy_wNvOdi^@;
zn^mM2lJwVE2&k_{aRF^)#^@_pX3)J6uRh;Ew7)JF${Z;_UjbwSEA`){*AqLh#HoVo
zfC(V59?&v2JIuqnQ~?bc!pO#8%e{07E{uw@vX4fYUGt;f?}vgkX{fARg}v;E-gza~
zKMQP~1CxPgrrw<taLoLEgeD9zX3-mk`rGq!Ep!bG3?L&0F};bqxZJGzU%cRQJhkWZ
z=Zi?Aa_31XlnPi*crF3c;jV)LGjT-y2$|gfJ~tb4laY~;mX?3{Dsa~qn@-s_)Yr$0
zV@3Y2Liw6yJwSx{=R?Y*hFBW^mDHQdT|#p!)-n<7#>#VU9SIwQ09;zW_yEi%P=n$q
zCXt+#X!QZYvA>Gkf4%265fS9>5*rbKB0hckBPb8-4`xR7okUkA*okV#!B`C?)i3<)
zOu;m;BoIv3dfQ;BO)Z#I6hO*OL0X!3`T@o*(3w_C;a0<%aZ7mSNo;HvO1>(TcQ6Sn
zJI5NSjRbDE<5ntHcZI1jOx?@F!}qCxD_8~uC7ej<zRU0U*<d4X1CXj-;BUd$1k%eR
zAuWr(8XY<@*DMA1<(Hh$2-BWpZRDYKm!u@u6J{ij1NTgE(EuF7nE=G|SAl>wz;x9*
z)W4+mC{8vujV7ucXn4S3k94zDQk%G&&|SgK5Bxb9PK&&}tKgFrH!u*mG27{N7wO?`
zU$^UA2u!6oJ4j81m=xVQ+1b$8xD)+)-@w3jwj<jwU%Z&8fws&TrKAu!+dh*po8bM>
zR_8u@2A?+tM-Z~|_nobH4P45qUAtNEbp34UT28QV0H|w!%u2$PgakjBRN%V!wySW0
z`POQ3?TbH90I?JoPj#S8vz9uAUWZ>b46x>lO@}ltpPy$K>E+VJ7ZdU!{Nv2OZA_k6
z%<*M@wOduxmOO4e{xlSue;!IBIXLlBiu`{8AjITM92anKj$8Oi+Nq#oss`XhtbOyZ
zQQt`D6UH7<mKN3xi}$<FgOk63nPUH0<Ur0d;wm)<FIoRNxVl>BE?Di6tQOPM2McX5
zWf2@_^IozgK`C1)2%knLi98;qr7)XPatI3O_t9Gj%V|8jiM=pab8>=MYl6IupA4{!
z=#*#+9C6pZ<!MlQh<2_3ju&59Imcy$E=j_Mb_B$I75&Q=hLwkQ+pzRO)5$@i+=qUj
zYZkHtF#QjLgDYPwpndZUQ&K$~E^*}GuJ7MdjjG{2zArw1DlEA?74n}a)b-E=M3>Lg
z3G)+dHpi`Rw+=fY2}R~-%>g4a$${}Kf$;xcGP8cZ`gaAt{ukJIxr&AstsvDZwq3Tc
z_!b<WN;8Cg^SNwE6kT3QWMCVKj`1)7GFlf)zo%>i7-tn>;5Z!o;rxozZ=!=~^%cxD
zv0&g|_<rEW=Lv0-^u+{n`u`tIZtC?V54wNa2M}~QSP}Ug^(*%F*q=!do&`r!531ed
zPg5{Su!Q;$$py#-gK<@10&6V<U9b$ylRapOe)7=K)hu*2nHlKO(x?Yqi01DKys>Pg
zzWhp<Gszg96Rsj;6nV_N3`~O%Z|kQSDg0T8SF*7kn7g2fownzV10z%ZOFLE*srLVG
zWz$X3|EIF)f|AGC9UrdGE26gsEMB8thw!O{gv3Pqc^egPxq@7N@`+QYgnL?G8kHfC
z0(E@r|3S~Zrwim46|I4`3#<;-`JF8S?yp`p!&fqp)3-fPIpu+C*#^Q`U4i^_r~b^Q
zuc9gRAGj6~;)O0Jb>Ev=2x%c!-M?rU{WI@wGO-bxgY_GkZXmt#;Jk$GVMi?IN1dDL
zNH7G(>aKfcuX_peLzE(*M-AH8VS0qvDnjn95lHAkf`kr4`h?gG`dlIx6B`CZM}L8E
zTtg5tSWI*P`0T;fgIf~{;Pzv_?+SikDfZB~TdtzLhrbl12l-`MBmF2cYk7E5efj9S
zJ3DI)I0|tou4}C(9fQ%?o561qs?biUka38-?6G4n)?xgAhy5M<c>(n~GqKdcZS1=~
z;@&`K3>HiFeVz^xWLC9`gX7BQmrTZl?HwV^G4DX~xF1(Nh6Y_KROLOL^(N5C$Ja&<
z_+}cOu|Pzk*@?A(jZ@c*jrrEQ4RS-hM>!;?F`JL|`P{hyxMOfxeeKJgOF0QgH|C?X
zDxEDm6G&ktt&6dB#1P=AfFh*h5&Ls$!XuN!sj_saF;CALlOt&JoZMU?B?9@%S-`$F
z@?1(LS!^XIr@#e`rKmn!d#^m!d9wz-Txd?HF^j7g%lxmxti_6c(N6%(#hgUV?#mBu
zB{1Gh=4R|kIP}u{%QHxz1pOKxQ9#rN>(~0K67G2&9ee1tpnmSKMDCDQMH&fyu||pV
zKYs5!>E7ZE_IFC4S&1ypSoQBiVYuph>3^!WR^{=^6TCB6q6&JH;bV0VZ{NKO!VYGB
z&^BV^&2U9=Z^R9qex_vUgl0-0&9@Z$5<66P35?9sN3Sa@cNWNNK$g_smXw$n4L$RV
zE5R^RBBKn0>7(|q2`bbl3Z=k_YtbrTJExuz`;JL4SlT1dDj99AtgJ*{R_d3dSWL85
zl8DWwAYKkXCu1ONu$@GzZ)mVaE*%l-%6|e0z^J7S&(hM;z>ymVf$l)PI1FEt#6F~q
z6Nb681T!+qb1E#~15hr^FptB#B8jxpP?hffez*<HV#NNodTSZv5xXOz+@PVkubC*5
zb8fo+8LsCOXx09VTKml~YOUM%hxYQBh3<3RCZb^BGocE+^cqVpD4ETeMUb*ZvpxH;
zEk-0&O)~eeLk<RhtX}o$XH`Mm;YL>HKVSL7gJE7N%H^bV2&Pcz)SAeU`F+vhKkq)6
zvV)MEW>8J9GHDC~9`qJl@JqzReNZgspfd9JL^dO1v>BUUO>cdWHnhl9%(x<(S~bp$
z6&bU_&~PMHfZe-^=y<Fh*%wdMH8t%5%#J;ChUrD;9aP$?z0&XJMPF!*&_M#O8XFwk
zWWF$)<IM@&zt1C_V|R}%j00mqp={MgwiYI<hrX}`Nsm6HS%Qd)!>v!aJ`|TaaW46{
z=&UDzmv6zImNcT}F)PgmL|V$^Y0W|usOz2<%t1sE6Zb^7lug&nNK?*oJ)l1l>}*o^
z$-#EPyd-)b+a|PlALd;|YBgV2_tJs=`Q;M(UFk58;y=+05U1SYDw?Whnt`3B#1&q1
z9R^F7u8G#@k4@>fC=8N9QO8Rw_8nj#ocGuQ>R%=H{97{GetaH)W_Qw=p*&Bg-~3Zi
zlkE7%;@)1fSCqHMA5A;-w~nOdrQP0X{zhcC9AfI<yp}0vHNe5#%CsAvvdVk%kL=v7
z$jHh(ondGnMX)ba7e|VHOWK;iz%7z-qjMFnx6jUe5AgN(ABy4tc)p`LbWeEgy?`P6
znUN2B4kv}l$_A#lT+}nh1k^3RV@XhBcVWK-x6pz;z9D%JBk+UXr5`y`q;?F7zcyKB
zKS+`$gc&PHb}P{f<Shxh9?DP+*bydOAX<<S55fwds;YWCt_AHFp%=rFhA{<5d1Cgb
z$~<K6*7jTm#P{hZKw5WDz_fsjN<Wy(FkhK!YqwycfliT!jV-F4NAmo>)TYY9HEY(a
zI*dm?EF>iP^&X?L`$a|jUo$TuK7XE`%h2iR>e4!S(n3ZKQT^!h8nVU6s4(?**ieRB
zW%*w}TE8?1ZScU`m`dP05X{U$0hh>j#5gw?L6dE<WbQz{irzew(vFw^9$|_!h4^mh
zk4wb?yygI^Zpg+S<<&^j-(mCZ1U%ZH%mw_gaF#wxZ~Q`FBUcqz)1IU?dU2WeXPY>2
z7nnK6N@p7|w(lo8VI6D_^8=J&!_zK=f-tkP?g|%!85*#t;%;P<gI1v@H(#ppjcqQR
z%kLUlxpL7ryN!7za&<<dhdr*5SCTU0E{s#{+UB0kjIu~OEZ#fz&O;-vAhY-|=xSK+
zp5Sm`pC|g69EGKz&44V04fSAeAc#?6Q5wg-Yz{zZy%qf?!PZ<sd?{k&0X&T3`XOax
zH&hhP{NIEriy7XJykO)k_0!FYRx);97DV1<q!S!UH4T^35ctx0ZLa04zRdW?$AcYC
zFZh%lty!9_YgU7RbO-WO*n>Ai;mn<UKwkmm6{HohOBi}I)PP=jWMx0QS-EH6>47eL
zh<Rqgo2(=mSji3dXU{>!aiG-Cg;9QP(Cd3*$7jIGGe3%>_So9kUdp}n^0xfF^_3dk
zr*cPUKwV&=k<KlBB|BQZYoay1%zW@OD!BgCsLFx`a%pBAwQywb8tY+0w%d9raN)Ez
zpWd}IV4JppAA5J2<b88xD@)-<o9?W+*hgj21rD~UJI`*9H^+wPdADwL7tS7|HeMZR
zxP!}{VAb)tRKT^UNGUArl-SPnOxDZ^8J%}4hf^#w<uvTp%UrD(f2_Or+}!lpN4dH3
zDz9yON$URTKi)WnJ)6k(ZU5G?b6>0XbncZwU4HkatcAG;7`v&|k86Y)DI`bpl&^EM
zCw)4PQ7-T3XqugoH#~D#LCE{bVSc^rbMC?^Gh>DN$nSz+lG}Xh+}q}=G0j{+95g}a
z+@AIjX<hbp>v9~%<YI73vA(lD9<P~LtbF1`_}GWJgKpt$Tkbjzx}Ocd@>#%IFK}>X
zOx9nGuh`Dw+Z=3ZS`O^U$~AWUA?H^0&)nqXs9KY^|7b!L-&~l?secxAzj2be+?af@
zGm4ozE8&u5i}yfZQXNYWSDktCAwye>iH3>C2AkWjbXayoPmOn|23Z)W)tmw+D;o`L
zbw}Xw#(z3hWm<&#QbyE*S7+GX6bdSp)A$@P+1Pr)r|xV>c)Pt&XT+_;iktY1qoQ}1
zu4!rM{-Q6SG^D|ODf^rr?p;S4n<pV!OaT&M2Ys@+l4>YErKy;<`S|(I8i)GvVW)+@
z7mT-B-X3urO=raJUr$R5l5{DSs^b2t^K;(p*$mxh7gMCJdu|AQY}Vk=ICR&8B(@@P
zc%U^?f9A-uZPC(|h%*o=_M3dLJib>4dkBPt6{yZ^-MO>vgRGhW>$>rs)?fXag2aPC
z9hUy&GOul3uj?H9MW_6Mt80L7_JapUb8Tkc8!ZdBGwGe4aF5<NM+~Y=v4}Rv1qJ*}
zhc#0{&Ov@jP-&qQ&+eh4BO2zf`a^9SWq&+h(NW%Rx8>N<v3EPwTD^2cBF;a*ekA59
z#C_!_TMI?9uB;-rn<W>OZpTha@||~|mMi5xh@Z>O$ohU*mtyxHUviH_R<iB)0!CKH
z%_0I@O%>Lg6ikaLxtXcH*<N8agSeoxSH<f;H=A1eL*vCGs~4{l?q{tPT2fqGH{JK#
z*GtOQCR-w)B-30u^$EM@`zM128}ns8;{j5VV~M(XYFPMW_JB*o0YhI7?6;ySxF8<u
zh=xXXqkTMiY3rV%;(dvDP84J`WHW8vy$*S{kw@SHdDbuOi)KuT;?$0FO6pO*$d~i9
z@>J8${OekFhtGLh{Fob?BV$puEts9uOxcsPO}<6W^V;zy<KNdYoe7nIFfEkNwE!_e
zQITYP+)WioZAfZ@T`PJ^_;ieY&;FUOvr~-aM{K^<luu9dT)b3RcSSU&Q5!gsZ-bZA
z<?|97Hhb!G4c51oSz6kAW>UW0^OPI*a=HqtU~WvO-h)#_=(sCcFHSX}toiCs$~|n4
zGA*QiaMt?5g`?l^Cyl5zS;^~kuOaWg9)2}#7b#=R%4v`MjAqAE^1~lhl_GBfijuYO
zyj__bvv0!6V{(queXz20HgYAY;TR=D!KZ29J!5y3-N>g~ugc!~CUsex@v@J-A9p&(
zKBj3nLDbgZoAedfU%_&u*LH3sbuND@_v!dWg>t`+SC@{b&embvVqU!H>_QuE(z0bD
z@2`zX52-s%BsuaXeEm{BtT<83YTLSslu~_WDCv?w5)U)Sif5EsF?a5k+l5k1C)`U1
zGJva5sTqy-OzZ^((pgp?gw3CfYQB8qI691FJYqWbVh#0$y1!F{s=0K1*0<Z`TA4!*
zB<x3qoq8UGUVGHok#%iKA54x_yCQd<;j0ZJW34d%>3g(!PdZpK`BtPpB<nS*L}qG5
zKUv!55<4k%<p=k!>^*(0t-=GjgLB-%0|})=1U4^G0N2`^;IX@dhH-N<lQIw&poR2V
zFtt30i)W-K3i*Y#J#~DXoZ(}=YtA6~O2VDDa)Y!zA_V*D6RbM*@%=2@^P(=DMg7%s
z8Ya)m&e@sFOtLy*8SwRrJ{foG1}T>IrN<{GtePK_XZT_>?K`_F!=x8^h(rYDIgaH<
z<2e;<3R%VG6SMd1>!jYe%nfF`HZQLx>7W2N6|;KT&5Z0amp%tO#W%iJ`m^E%hU%?e
z8UJJoC(PY?kd0)kzQ$`C1xC}~6!>OR!Vj9K95Gyj*as%(G|pG|I?Gpi`vmlktQ?{A
zcTGJ~F|<_8WTj#2rI%rDefjcu=A7(t^?y1P|7jAh{p^g5?WREAb$_{>yZnZNLSZ%^
zMJM>s1piw74;zqzJ~73(T{}%Zc86ow;l+aRL*g;U3UVKd{E3;bp1az$3RWw0rFHgs
zl47&7@B~lPg-aaaCkD#$wRI2cKU^K}cn5j=1>Dz}Q3x$%H2QpPibcWhd%LoLlINsp
z%B@!a^*cT!YHc9xI;ZRtWu~+fG@;#FlP~%mEo+5!Y=(1hwFW!oKUinhS$U0DO>t+P
z%$-J^2c?1*%Y#;pW8HlBBq|t%v+RM_hP~rtX`S4O0&Z2q3xB@$&$mj2b>p+5Bgalo
z&){a>&GR@M@L_6j;p5!O2L*nUAZ)$7oI(n%+dbrb*6KI2Nb1z=z5KN-$C{_PxdnSP
ztM28#*|?6>(ZMtIEgkC6?PxYtPn_WC&|jDRv*}ZD-2VMV+Z=0`g8@gX717m>K$pdn
z{2|D6QtHA#wy2>Yt1?=t&n#NZ6bzvbhODSMys)e_<)-j}b(>{2QVhA~j<SOs@mWi#
znhrlcEtl3G+F!)5XofjuH)ZG_kP-w{l%C+&er>9M%_R3<EhfzaN%Xc~4%N^HiBPtm
zxNlLpxqHsm%j5-C;N5&1|9S%(Y_~V&!ur<on}vXYImiS_zNdb`YB{^FtR&fqcetmH
zE|N>1MRzS@Sh`KuUPrIp)pePE$JLMQ4xN6kr5`?3B{dYNgihML4zaseo7i3L;K$ag
zuE)vg)N$Mnk677p{q-7iF9S=lBku8uRpfW}KsX?^=QSVFdGa|FBt+{Doe}-nG~;47
z%MgtzCv5PjpFchH4MT|IY8R@u6M_cEe-x{d(o7s@Sz#`^{E%mmaz}fofT@AHIt;jH
z^iqa1uMBbnR=-!Dh#g2WPrpbC(ROgmpEMidnf-AKK%L_f7i!Co<OvOvt|x$ruKke9
z8BCWu`}*XG!daI9{V+6rA1=<jV@7^<cr{_N9IFs=?|P#O?>&<`wk9bDsI?ohRD><9
zID0p3e)=1ZERVon(#RrWPJ@Gopn>qyWL--zuXmU~cXU_=D*Kmm0=(QvX<Tre80d%r
zg7!|d;qFTfX7B$6<iz7jd#8VY5>v~cX>|Um|9&6ZhyUgH(K%KFTUOzCiAZ8n((Xy(
zy{Zpyo)8ldAUg7s_4s*Qs92<9c6W6tZUTPI$LC6XB<4+ejCFoj6AH+McP`Dpavufo
z8uG39{lFqYt05kTgTGGIR`upjnTfm#zXsat5Srb{BoqacZ_5_lsf?T)duU^E=|h&|
zZJbTkA940wmoQ^|7&1}l!moZ>iI*XP^j^;=r+6>fx&mpt5&{BuhG}Oe<BpNM!hH#q
ztJt~+LXuz&e0|^#CD?QX45(I|HryHMz$-3j;a!#lX({OW)}Qd=#7;#SPIHbb#7D~2
zIYSo^8ynl`Fv_Roztu?^13gZ}+<lMcABBdHJ6!ox#GrzmcIgm*_TchE?6dGgL=cFP
zx45O<$@O?W<sS-AM3R=2Z&ePoU9VRVKTDjazY%HTa?q~-K8?w_1#A!R=P}u-N#aF1
Og+nR_AMHQw{Qm(M7%mF{

literal 0
HcmV?d00001

diff --git a/docs/arc42/images/verify_revocable_vc.png b/docs/arc42/images/verify_revocable_vc.png
new file mode 100644
index 0000000000000000000000000000000000000000..e5b58d88bca9d4628af334b6678843476d58995b
GIT binary patch
literal 36718
zcmb?@c_5T~`~FnopmI)9ktn-tktKVZJ^Pl#RMuoEOZK5fTI_4Gj6%p(gY1Too$Q7z
zS;N>F%NTz5(0RY_`+eW<``52O&Z$|Rd7jU6fA0Ibuj{&>ms%Q1hiRB-5D3I!73FI>
z2n0ns0<r)7AN%2zF!7Ur!vD@WE8K84b9mrxYhme(P_nSMaJ=JeVSeVW`x$Fz=Lb$w
zLP8I0@7O!L*x3r2IoLgFX<&szFy7O<;r#dOh<$Jzw>WQI6NipVe|lk&pO+5U__d2_
z>oTZa@}oaTWvnOu5KZS99`|4_lXyPx&z<-(S`}s%H_TXkOnm%+r)bpunMVSn`T9%-
zlwuF)%QKV0(iCb_{CFnA96mkHyL``Ypo-SPI4@Lba;lNDu)?(K2My=rXCB&S6%3s0
zHm|kb9iNfaqux69h}Hv9@I$If{ASUS_w<5yD{;S`&NEyUorpi#!}OGK@a@A^<2H(y
z!KNaTk;il5zY`@3)(36;9lTa;g|=Rwbf|YOe%{E|E1;TIaAOB?CxHC`mFIUFGj>IT
z(xmq?Ow-(>%RCcbhjPw@h-29eB9yx6Zz{)iQ#=vjvEn$CZo9zHofjnPd^lkA*TI{q
z<A0iR9<p!>z{^PLrC!%CeOf(~`QT!pA>-W_jdY3Slz$!a(|?z#f7R;Gi#8<rmmCxl
z3+#uKE%uQVKW!8Yyz57li>g{KtM&e5p-j}V<&gaT>w<4c<>Sl8d_+<!u23z+G@O?&
zO`%CWjt_maeely{RFG?=)%PTE)J}Np)a=Tf<s*G5YRRFh6&CxUns6f-Pv5Qr3a^c~
zCbF_tw<9{lu3Wury*RMZnS%>kW2R9ua6MVob7b6cdwl)Cam<OE^``^BM(Lv{e+&i6
zQA<&KNI5&{w@egH1lc?P>^R{_ue;WoL>2Y0=-~>#Ss$(1v8id<E>!|mz-6`7_q<hJ
z2!t;}<=SOEw?6y;wevBH!TE<(Zz;ZpeKMz0`9tN#lgkmewf1RWqBwf#^hpWJ+m|dN
zX4cPD*--2kv3=s}a1!Uf&+oSAzP~6b?nLN|;vZA&$1t5?5;rQ{QHwWrP<Pc&If`+1
zEk}3wFYCDowCZ;0uWqHyHF#qWKrA9|4S3s<V;pgYNRCZJ9g6&41O`GE&I?aP{@;Ij
z%UquP0R)bY{NGE2-9v_u$p1k6A8#ezjhmU*q3URF|5{bWr~fhe^wceNp7xUL0;+xF
zU-ET&9T*rXxc$Yh-}al&a<ha;xqgNLXBhL7r%x>&43&GQ=oRFYZ+<k)G2PzYhPSee
zaxJZ`t=HxT)Xs19Qk^~VS~2K*1zT3AH4XV3F12~B|MYM7M=jQzu=|Ex_)05+>drK>
z7|If|85ndMJ<PbZjNb7Ys|%g!$zhfCSP9pZo9g|X^jd+vw%&w%5pZ#Ftto2JGBPqh
z1_p#oOVffPFae>9(LzXrZ(eYQ@lq~JOG_X1GrFtj<l{m^?{v^2Ki^g8|6+H)Gwt0<
z-K@jg^qU3t0z0ZQy3wB=&E90Br>EBqC>FR?s5LR$mgHYUc<%4txH9CkQx-A*qevHv
zB2gY@Qoc;NhR3lxC|tYNn@k(Kd4I^H$Z<R=SPqV5;@~hpH&9|_Wfe=o5UXyE(T_Zp
zfO+6TjYe&z6AUJcU1s|7?@vxm@%EpUlQX5v&uDCF@|r7}^z!!3FwEJmI6&t`z*$Wj
z>!xZ%j_ZBYQyDyc@xibVcI)ooB^SkTvE%o2<D^`sQ=(024jqap_Iv)EFw^7E7$u<S
zQW#CsA0T{FXg53<>R5Nym8RG<(Q+oIFWB{oGA?f|xAHxW6}S7Slk#c>AIu_qu1&3I
zmg}8be^pe#*~in}S;obuAI=VMZ7kch_YGG*wP;FK34f(sAa2)JHw^Czh(D?eIV)1e
zLBl&gSZ195CRvU#PQ>C>1k#7(LX<i+{whkqST%z)B;d5P0VS&^UN{_YmHYDgmyeEB
z%TuXngXr&B#uBRrsbhlmSB|m=v&y4Js;PPF5}Cd|!uOtC<mchBu6lkLyS<qqs_qz6
z9OpXZ?Ygr~>d7`Cu8#&=JkBX2yp0?-FaO47N5d#IpKV&UIo*|EWMs5-$8DjKDsWn>
zlcuDoh*7N4yli)`=p8$HCE1wy^y#diP)xwa=1flH<$7)rIGFsor;{!5;gwwKZ>>Fh
zOCHUNOh4*Bq$)qy-(O<W_0iqk9XnLEas1Ce&lrt#rt8+E#ipjF9<p&b^tQ3CPRmT+
z(GjEbnVO!fE-@ft32teY6?VRysKFS~#QwA^!%(6gB_3O6o?%+-Tt6^i68009Yh|Ie
z9f{$PVibD1xVYGdzN|VIS@~$TkN0V?{C43XoB7qLus_a)AEcr(u18JW&%+%%dQn~6
z&#~VL?ruYwL3rzR;d8f&94(R#zRf&A-qgOYu6R@ho{})|_$E^5zHG_cc+zD*ClaSc
z#5D{%U`dw3#Fqtw9%_`6O)<;F0ivExRJEg!OKt)QR_@&Aj|N#c!#G(y@t@)Rd(w4N
zulgSm;jySU6nVUgcOCt9I6r}_O~I8u#zBAl`D6sIZnBK~lKE_wMtbrg)#~<d8jME2
zDC_I%-6vwKAbcaKvd;~r<b{!%dTu1EpM9zAZaD3}Lt4Wwemf;kS_#)a{p#i&2ndYn
z?$$l`=lGE~V~2UyW_mQs7(N8jPqv~ZsKqDP?I?p!OHWKpeE4yZN%-!wQZb+Ht&y(T
zcm6Er+Fj)o;I3IjkuN&KU^b>CIq}DBd|!TseSDV8Ov-n>)rEGi4As@Kf#U)<m5sK$
z2B-5>?lyRf8@+w>x#9GcQ^7JzFG|InCYm6rsQsBgcxjouqsAsC2=hboJUq&QCE{yz
z^C@3#M2>|i<afOJz0fpcD^nf%ANA59;@(~LA4Bq@C7l$#3%rR0@nDvsT0A$0h00cA
zef_<`(xPj$<BTjdX~x><RkjbBXu({bA+w04qT7}Gd3l7*z6CHAyF`7AawA+A`sh0M
zLz_h{JS^<}k7+$@ruFjS>%7+C*K31LTbvgVXhy{}tg%F%iuGKZ+dI|yvuPU}8xRlS
z^~nZ`E<8GZoE434_zbgop7s|w^kh9JdF&%6*R&hOuJeMYN7B-Gh&=f&GX_&P{GUHZ
ztqr)g7s$CSBvORIb{<kA5Jz4MMaVau*^yiO;Z&0y>qc7b>B25PfSX?*o}Qkrh-72%
zr(-pkX5aXU$K}G>>ppo_*U-?Om5aq<Bj}hfYCXZVdS$#?9IfR;X5|%irOUW0EcL#m
z=XP{*N=fuydd1&7Fd)mpVLtjT@ZiCNM`Jcurjkk-PMqL=eY4nkYGZj4?KVO^b66B<
z7Aj6o&4!sb&JvXgoo~hNn`1QMr5L;3DKi+L<YVIEwq|m$+Y4264Y@j9Q|jHc<g#?B
zCM+uI1M2kLa;toSyDOX_H8r)IoZL}ECJFnkb~T~d-p`|^n4#JJ0!{+YXh%oKe2Ts5
zMV0H<SC*G`6J8!=X5Q-5)r{fSDoP<h_T_ona6-u<S(|>M6+QInPSxF=eAlFc>tCkl
zT^-yEvTqq}FvdpM_4Q|)NC%g&pw@pvYStlUbD*sf+&^4?N(p=4q3dJh=8qF9sv@5Q
zB4#gm67Xzd-^~LR`i>2uh;~pZIp3;^J$dqEdnHw#w>7sd>uTt^H~^7lo~}?mU@tb_
zYCzU#4T%};rE(sV2D**uo*bX$3H2|Oy9L~rw%Bo8_3qvG=Ge7C&)_V82v7}&pG06U
z8$ywi81f2_1;Fs%EB?QMf&YRr&M6Zbo15b$90rqBc0zi_>cgW2O+4m)ND_9@Nue?!
zJRmwk^ig+ak>{G__=IUxPks1?{MG}v?#y5=jkp_HS``Vq@ME$CCH)A`EIcxhq}0lr
z-Z~K(@BOGVO&hW}{t)>S54!QLOJkbsO694so1KuCqB*u7uI&PuI5A?`YWF8R9^IUa
zF4c&;DDiOQ8eta;T|^T4%e{M^97G>u+KT9jlVn}|bz=8$<@o5hExIK11`bP@Z-t=a
zEukR45ywvqWRV@byAa-k%f)IW$i$fJ0xpdxl42l}l`Jt{jzqf$pnfk*Z6gY{Z^2TC
z=D5r7rIu3n<z7zmk%rB2^Nm6hs3n!+8hmt^h>(Ot^goV;BF+-NzjH9AM&WRiwSlKv
zx5-~YOg5tK)&`Z)b6w{XB?dAsv-te@`x0Mvb~=ZzN5_+vOXh?6^Y5RK-i2>*7l|+9
zrG3`rcP3{w<y3m)HphRpIlVsaEoIxg(2=T{%S}FR#Z)f3&}F7&a}~+W$%!S}I}Vi#
zm9CjCC9CKX@EZx<<PRaT!%2DT(hwp46&%)~_ORj^V(2b(OuS-+W#BWo{v{DWo&i^Q
z%4dJ_5h{LS&<a1+c2DyE#;2DE?0ZNS7rcjF&E@w#975V#-v5G9|M!Xb;+6IwEr#`9
zZqSK36yzA#kxR|761YwB$qm27X|f@8blL&87Ow7wieM}WBJxdSB&Q!_h1BHaPX`dg
zEZ)Rf*U?%{X6Z-!b7;0zHBdg|4Ut}1lm^F+9pk@M_$KLFC35teI<xHNz*8!^rI&uX
zmRR@Y36(Kjs*d@)tcXjW1(4-itUGT)<4I2Ta~7th<y(%806s4YYNg%lu(Tg4M_>K6
zh@?6aw^b|uVQhSS@tt3|1r|y#3J{+-yRME7pn)2DgzpHWq@$=eyJ=s~GwN{i*P&`S
zeY)5<)0wUYH+u3atyKf+=t4mGPsxWP)p)!ufdX-?YJHJ@>f~a3`51fU!^c+wnZ$yg
z*1R;8;X2R~L4ssl8_epkG6(Ad`8)xQZfzk0Bq0oI9jder1$&PBoyPn44b4_s8k#{!
zQ>cU^P)JP8<wHnrp`_smoaRW}GpU!4{50GlgC{3*z_#0c>k?s9f$((MLjI-G(P@5-
zQiq}Pm<v`IH9(=Yuklp7zY)hvY=##BG%CEcAZ@P7#4$lb1HXHQxX4DVyoW(wyGZR=
z^XB1Hdy4TF+dH+0OEpd8YK2VKKt`$Yee;+v+ixzf_Y7}n>Tl!T6@sVoZ$Uw^FwV2q
z{%jT9>S|zcoJfh7<0PuICh2ET&DPd_`|@baKHPrb`Z=#)yU#IYZjAgK9L`nG=Q}F_
zsq^IethBMYG-0<_O_CJva7L1vQqK~9LZR^9LFU_ZjXxzd@Li=lEj8<FMTub@=D}&+
z?Jx7Wq!h^H0$J}79pZ-?ftJo;sh*p$FO<(9xltK|e3yIT-e;jQ(FbF7JF_Zl^YT1r
z&Mb^a@4OFkpD$DCyNqFFmL&4}nbo%BAa`cXf@KGDh8lnT8kI($Ax?!?L`6h6&--M(
zOH8~pf{vtmwjY6OP0J8<nvj=vcDo{t@g{1pqSin6z24lMG0~LmO45igHZ{#Jc6Rre
zA2gdTU7ir|8Gh_<UK*@PGA&CW{`9w9HX0LqII>bvF?>${<MZdw8$afI=LgH1LZkH>
zP%agfgvU(QUpSon{Y}wa^W?c(#RGETQ-R%gJL8Dk;l*sRi-%8bvdDU9m^4;Cm3Q|f
zZmpXINm*7tVF;FKzkJ%ZFVEd^sk5%m+9kj??I5k3@X#<ppvx}EJH8&p6NpbOeKaSd
zmt%Th_9QWQd~L|8D{IDktj@@ViMP>zi#Q*w>i+fFy|ZWEIaV}a>A6w2bJLCs%;lI4
z$jZpv{T5KfWpy&?s=hm8*4Hta58ie-OsdnQy`0>tO=sF!`o^EO;}J{S#0y(nTLV9S
z1oYWE@%I;WZdEH2o;sOhBO)TgXl#$NL!D}1+3$PT3OiaWq<HOGmT`eP<MMd4ajfXe
zuuz*+4yj_?(l}Dt%3^2xM>KL<4f5s3<%WR9XdgjIB`F_j>edxJuGZ`L)OnQ!;#l~h
z7=`V_fBd1-6ZUp9rHONgMb1mH*eF=8Z*jIjiPu5Ev{W_ze$A^DU*Aj1cq@^z`kU9^
znvF}NgXIS;+LL4Y7B>9lOB3VOx_RQ&HVhkxg!qtzq0eTM76I*ck%tARwB38mpY|VX
zimmdNk1!&HUrRp1<jp^RvQ6<Vot(1!$jfXUWfdc~eJV%F4p3>-V|Aj=e@GB!5?zRw
z_t|)SfE&9xJruS^Bg;G0-C@qaMO9AdDs^wvPWonL$r8<(d8>%<xt68C@sQls0{alE
zq&0cg=5XLm8;lo*HI551G&47`9-C{~tXm=tO?QH<XSudp2<oMCY^Qrq_Q3n{lr3!e
z20xu_r-78jv~fF0r>7m-vy~O~Y2*F^RxO{c?hnmXHcINIPLqOStthUJ*vy(_Ndws8
z%?k@$+#0uZC`U&|da_C1K0L<|{AlI%nFiB!Pw+b9*OQmRv10ed)pD}GAGX&$?{EZ1
zml99vocDsfXhM|iA>BZ&v|X9aa)`OUu^_*2>6D~$*J4=5&4M7^20EFAkS2?51*HMA
zYRm8D498o|#O`-TJns#bkf-e0(Y;_(^5OZWfS8dSj*iSeJj4twj-G&SxZJLvZYk`^
z(c7IG^#wzgs<kb(sR>K!9~&b1?$0w$6Y>Hq(@jcR%DuTer!HIw&d7E1B<huC=%lFH
z+uQdQO?Rf>7mc3lQ~w}g^jgJ<Uv7qzi;FNC9IbL$JZVgm$P~mRR_?P?sdG~FS5A@=
zx7wZcg|&#G^}v(D28?Fqm3A}}&1Z@4RxoITGLOR?BI)yRx1l%ZcHpH}g?{mx(s<q(
zs&s;Hq_8RuI!R*9y;c2R!gnuNV`#z;Ac-EUT|4Xy+oP;R%~(QPwuwKDT_%P(<uR9?
zVUI<pPWX5@iCkEZ!Ck%I5_eFj{Nk|RiS5koq1;V_{x7r1L%C+Pl>n%6F)eRp9wvV`
zvc;eyx(YrTy7my#@`S>xtvg#Uyd5+b;A;N-h6F(~O2xY6BSHWCh__OatIhIe54N0^
z_CCKKwEnyWOy%o$li)5MIi1j3_^_nruxaT;2nl)wP2RdmUAZc4ZS@^O!O!UuF4o3L
z^iGHLd_dIKeuv<&+(7N~8M>+2n>!baU)GJN)N>HiGtNsc*qP3B+ntizDoah6=2g?(
zN&U7doYwzncIU>_mrnBya(O}^pjJR!74K|QjisROYkN0#bSw{7q9c}4(b=EFNCB3g
zH(FBRq99PzG!i}<*B{+#NhR+~-4xZxxVX|QwQ3TgXU<r!PP<@^Crt|1QOxxC%#7-4
z7ImG;?fIw=?N?QwfBCWE$}G{^5BBEr5sCy|Q{#fUEaM(x#baGR6hBZm=VWBA&@4IJ
z?4w+zjoI0n+_9#+0e=fy%=4j2`EFMIOH0hiZxx?f{>6@1*_dIVt;t(#*R$;tW3Q$j
zrAc@?YAL^AZp=)L;EBdtEg9rm3PZTC%6W0IkIsAxWY02}Pcq`bA3W$s-oxMDbu8t;
zB}ECS!LrSDraPh5&k`Y{3f@|u0=DaYDd#ww>`aZhM|l1lQSOU{Z6h@qokGtU1EZt!
zq&PVAJn5<@x}f}+6w8pt!Zp*)q#k)W4p;PSuh(u*zquk&7&+0~6NvZMX+SM`Os6N1
zf$EAGZ_cMr-<B2)?0qw^<>62Dj_9xY>hH`eQhIxnj`OcydosScI@EBpDfq9Xt6i`O
zbJ6A((!ULs)tXZSwtD&UrNB4dn)2CcQAGi<p*MSXk28+cojuSFNeaM{ia#&!ls6x)
z)%y6j%FMofm!avl>*TRr8Z#0JBs}D8&stnr$%OsL9_)Ohe9LJyOC{X$oDbub3CxlN
z%k>WuH(?WQ6R{`Mu4mmU!Zbe}wfi>Yjjv8;60^bMoT{xe&PklD4Twn$VidlcSyEC$
zxO~jd{sCX}=bTfJZK6q0{3?-jS&?QN*zNnt%x{)*9udaI(p`5DR~d-d#WQI0aUo{q
zZ{cRRt&_r1dg=yugo!GY_j|Ivo8Oua4$7I7JR15k>wh;+2j8C^uUL>WaVi{7mD+@Y
z_68c$RiGV!76s%2jcC`s_V)HU?9MiDSpI%~fk2v(!hJ=6XmmPo-~g1gURi_|9&cEl
zQ-XYAGotEa?7qD<UgklnT%1uMRFwfd+p=>FA-zJAZsyyFSu{kvJ|VQd)F=cHYU)Q(
zt_W(TJ4;wtcxgV8&ya&vZeuKbv^Lmqa`yYXDrnGqB@n~6a5;uKlifKxgoU3M?%g}}
zJ}LGv>vlq;Gr4ddV`R)Co^ksP5zi1w@}{Py+?ok_=tN*ArCsOrs4U)o3p|yvOm52Y
zClL>d@e(f6%+$&(EG$2Nsw)O-h;Lqg+fg?5b!=)1_z#-YGy!t<#jtA0;T(ED-C3RP
zIwflT{i`1>(3DvkXV_<Vl3z;A1H02Jj2L#t1)m^)96)HHBO${mcVfITI^Rstq*yQO
zrkKluKP&2u=sg{@oHtOH(k|0_7Rhi!#c7T+agj-oUF=$iy5w$&1+v3uwac(i7>U}j
zczs*|pW4*Yl5JA*MJFgY7=6JC3e7*`QAy0uD+WF`Ha7U4>y#kxGk^b9v^>(CO!qJ{
zGM<1vw%UWVYE2Nhtj&nMQ$-1F`$5{{TR^Y^iG|FyRQEq}8k(A2XnbJzDvrD*RYQ1>
zjEqbVc0nrwG(m=g$~Qptx>+~#Apm-S{RJeyngtZc%_UQS@8;Ru32r0EolRJTe?Gg1
zxvYr9QVwpcX3mRfg4ms}96_|lY?|IIGV`}ANqG_sR~_E%BXdB7kLG?9nb)7&R4k1E
z3YChCgrGA}PmqBK=wKGnSlnEwlAM~F^0K}RC1PuPV-i`qz4`sK8TZ1+;heFtHMm3*
zXxuM9z7j9(YTuVfchQD<M+~*~4B~kCrJs`()~^4{=c#>&TLy>+=McAKh>NfF5r}98
zL>$eoRI&Fuxxag0w67w4SF!lDuy0rok+_x1img8Q`}GH;|69@cw@=p6yZ!x(|9a#K
zi-U;N{bX?@v5Lx9cc1T4D{AZL3B=y(6|1mt@aI2?C;$FQ&Edb#jjXc#&yoM<;(U*=
zA~X&n8sv$KYPbHr=$_WyruskXH2?NVna6*h+wM92r)87!LR@4(@a*7gg&zKW(YNIP
zZ%GI~Ik_KOT?SlqoQHy+;Fl(*I+lkqCR&eMV)0D1RR>teH;P%57+Fd0rdHx)pwlRn
zbLfL$xAlgCi9-=LTk30bi_)2wd@bvD%;u##f3K)vn9_&#%WaQz3A6ntSXfZO8GNCB
z5qijv)fe;^Z@SJ`CMA1>Lj>Cc^_7}xWowIvt@C<-B7Bos#_bcZ1%rcwkUW6*hW*o$
zKQo`JOR0Uiu&Ai(qyEe`ao%S#-n9iSKYua3FzwO&pa8K9C>ZEfcUC$y=gU;NVzhpa
zj&=ZaXIBa;^y=jc+<C_{C^EGhNf*5d0OQDd#r#7TPRyVF&8V9D@uTM0)C3Qk)&yAy
zeR7+qtgQUfwKipE;M1L}8+Gv)AF|2I1Ebaqk^QI``pSB8-}R&eD8{+@d31RAXfjTS
zjco*!f~eMBVCdK3RHAJNx-{}TTgz$MNqt}J)X0<ugon9&22S%yCG79y2kQ$z2g^L+
z5B#jOu<#<}wrPHV(=@cS%ZrQdv-v&tKML;*v1^}j1Uhdj1n7R^=4QjK=?JIEmcxe*
zIXgLpR|1y{9QYUQBt@5*?%5$McEvlg-n^bHuj!qUk?|tnannnIAEK!_nndmTIy*Wp
z2nq^bxUjsoQ~KCUS2LXQoZsP7;?>{2dAPY<Q&JLwjM-o8M|+|>!*G72=Jj-4X=y14
zS#@u&oX9vHz?4=(5&rxZ@P>gBgCPR^FV$#7tTC5uuiVtq3OSa%pSU(}s3>^j(<R=z
z6-dq9C}lifV#yYYv<d%e`L#T8ti-f{kN>gHV5$3bqIs;Lse4VsU+?Tz*@I;;wm1=&
zvqytTTU&z2a$BsT<bwpC?F}|>j({(k@5+3Lhf@aB6@{D3UD|nwt+DUT<!$?lNl?Qa
z^O(BSgS3*&x_|xAF6$kM`)MRD4SWLZl)~GD3!9wT&3-!tL#PZ;_do+oW~QgleK`6J
zVo<f#8C0qRl!vseraIF*(o2#T=1S)KoJI0zLl1o~_a-JO1t$P|KgGibj2Lb?6^+uN
zOuZhn1ga3|c52+$rAi#iH$I4<n%)REyaHkn_wFi{%Z6e{BL$RjNlD4}EEQGNSHZzO
zv$Yvdxen_QbAW*_g(ju)DHV}0d%r_UWj{T)hTaM3J71rHTyWDU^X7S*+wasqF-FX#
z^G}YMVB*@6lwuwJ^utHIc=4j<^$9hjCsEh<dFzhCok^w>u$aQDh6$@&Q*4ZuoBM25
z8zASP@p;Cj<SS-|)qAB4NH`ETA~6A<9j{p%lg6Wwib_gqO1Io+T79;2mv}MAr0Ofw
zhZHuI-`KL65R4UFB^d1#le%6;BT+`}br8+gSVlEM)dvl(%l4qK(#fubs0;)I86~kR
zudV3!`CBp0XL{D7WQO-aLan%*i&h{@e6Y>%wUd*RYML6ed}%v&Ii&H}KF{xh$*}N*
z9khThi#+Pq>3~<Sq?~_+=*W2zGB*XT&64&Ry(sodnzGnG^`3VeRw~UEk?G~$^x?7U
zSrGg{4=E}tDvnj&f9Ju21=#aGSWllbqM~~JJmEDT4<=C_FQ$mC{PgMktYe<%HP@$U
zCO207Z``|guT^#}?pU%FIc|%bCRI0ZR%jAb;O3Ii;>H}1I4LZX@RP?%2Gb@5_##is
z+V-A@cKdknAF&4V>%&hQ?8YFMP*6}P`?<_;Rbqe*f#o`BhyL2C`skFZ@tve*>pUq*
z8$bb|;ml1=7ToLLvPgc$JkI4*kLt}MDjTGt)C>yj6>Brw{z~@TJQrJ)+w|x-0_rZ#
zq58#NaCE%}07>}X&t?O~E|DmG;1j!Ap7rHMKLMDc&V9AyPxl@<%DM=$2t<|Aku+NY
zV7DG+%A3|G@pdq+!%TEA`LXI95YYD|jrLHJT+2Z3nc_#Y#a<hZy!^&rGLcx+@!dUq
z<JZxqXfv#mGgYL+3tkjy)o_Yl?VZBw<51t}<hMRWSOf$VU^wk4o9Bs=HQ5qHhebSA
ztlbTX4AED}YvKbOWN2t;f&IXAe?d+)N0Qh%B$YtB(pPKZF?J1WKHEITK!eHodF=fj
z!SO%B(w6JF(OamsmO(Y4GQAO2@su<9%?%AUko9bAKDrM$2mg*Gaeu3rS$+gU>tXKD
zRXW)`kSSC6<G(;MniwBf;a-Jw)YsDe_y849IV9rjyrcCAwse)Xa`Ypu&C24|yb#U|
zzP<tnv{ZE4iefyAUEKyr-l2q1OiQ|KB_rAYBZ{ce52AWEZ)?<x*RT6?t%7T6Z1@uU
zFC}rF6ssQl_GGoi0`?@RO7FZZG`3C3JX`>r@!PA!UY^q7=H@n@`XYtTmgqBpCJ)kY
zgzwo!#jnq6*uQSmGtkp7BX?GjfW_LkHybU1C=B%Y>38DQO6Yl<+ys(cbSU?zVMJ{B
zNK?!Ozqun04h~{ljVq1;UZ6$W_2p^LOGgg-t4o`1L}e~<>Le9UvE(W$h0IN5<k7W?
z3>qO2iBBx$r)oPt>Z@%~hliL(tkfqvoEs>F0&>5E3ks6~YG4JLGaH}syVwwr*wo}T
zqi!#I%FlYFYNCNP;hvIJi?#r@5SSV*V)^td^ZhP@NmGHFIsniNOD6gjAv@8?dJ^;!
z{CRPjMF-3}q}no#av3jJDtmVd`w1Elubvs8WD=-MJIk&Zpyi|0`Pocq^-FS%H1{iL
z5hy7rcnaPnrwUR}lGcU_3L$)gnI+lO-$=Q9?Bs^}2}-0%vGc=hlbl!*4GqoBJnKb3
z#%dd{h03kFK6U}hrIlrKj{XAS%D4f!siWM!U38<f3?$*cNw1q*<PCQvW*)b`z7CY~
zJ=CK|U-)ys4+vX-Pb6b@V1OO*%Jk-gs*&fq(zLJ2(Q$6y$z>dZs}Gjjtn<?CW&ORP
zwnth;`e8*Y4(6gGkt5mA`xzJ5Pv2HlR5Uj?2bA&j>C=>q<XPM1w_<#vqMiNy#+z5g
zB?N7cvkBjWn%!Oyju*9RVIF8{08PMRLt9%rAt9mN;<}oe?zhG;DmoVa`_#0w;qLi#
znH}+iV`r&craM2+^S>3<;!XbW;fpP<y{d{`T>KHpoP;cTsO6EUS%}L_TZz~w+6Mxo
zZg>7Ub!TTa$H&es`dFvX8wOsYH;Ch~<F&UxK*u+kT<SV+`r5c1rB(a}8fB5s(b0xr
zOXzfHl4{KEDVtdWsrEy1a@zgS2mM%|9oV!3_9UoXOn?3LZfoIsiK2u=0cfTTsdKXh
zLs4Z~zx*3MJXY*a)tc}Wzi<Hnf<_eM>C<J_ZSSuba);hH8YKE1=%gcFI4;-^Vafmv
za*pnN!UaULYl{?ZeE1}985neCpu-TyoM7=K*EwF!TS`{egv2q_XmQZDaa0d+@h%~E
ziDD2mPj$3h*#hMof;PWkwMx;W8Lg(P#lKpW@q=Z=ovqfLPgBF6IEXdX)f}9h=|gsc
zgMT03KA~e<Fr`=4<TdR>o$LXrh|7c$Xt8{D)_g!{yhXY|=WFHxi$o%kyuH0WSEpAY
z$K!@5lXubma5XMR)T0<ka?24wi?ct9!e=RKC7ge0$;)GdPD?{Q&cE03LA+q!9!@Mo
zL6f5ww?64<2!#wpjE+)wr&aMY0J~St@1tr)l_L;8Vnaeglvuri4LZZcrAYk6jsPan
zV;{3HKyEF)o$WO&=X^R&h=+$qL_|bV(ul}>b5BAmyt1&oyi9xO5WX#`_W9vcy^!<B
z+>{{0Rs`0rE>LdI!qt-p7x?|Vmi@{;1c)lZ$dUbs%!}TeD<CG)l(p6F;%z9ntpA_;
z58wOii?yssClvTKI^c}m>zbPdCU?7v3L0vSHBfPn^-!^TX|>>jxfk~PuHx4K?{Z70
zLS|Ma`5$6jy3DI~{rVQ-l3#5);=8J{GT9OqZXr*teImYN673_nI+S;hes?V&ivS!K
z1#xdz*@G4h7tBtNxFtd4MUq?>@TsK8EAQx2Q&Rl={lTnb6m!E>LBYFGI8w*2(N;R5
z?iG#6i;mgu_QB4z!ppCm)7q;j&e;=2K@8WL!{r=u90uZJHgPkDL{V8;sbh*USE+yW
zB(ONwMzg@O`7Jc01LfW&PoI^AP5VT*->pZjnP#;2)+h|zB~T?L+39<{@nyFpyT@{_
zVUUbgEG}EHYm&d`-P5I_J7g|jYZ!!^AEf&>R1`}?zJKGfq;J8jLKh6c`~jgZ1O%tO
zeYW~wt~<h+*Ft_=5<TR#tPX#RHR$C}y;JqP-HZ47TTzukQmy><S)jva0Nx)jW}Z#F
zjs+|nYXtEB>_Iv@I*TpPDMhTmpNYXhq(Y7+n`=x>6QF&990DW|JAEDY=g*&FHl12u
z0`L(Yu4QD8TpIsa57NgQd>X(J*_D6&nAzFb$Ol%kq7G}lI~E>E<EO+LEENpCJoWYz
z$o`rZqhJzRe<k@7Bo`l_9Z-Rq-ikH;N{W2@mWh$k2$ZfXN=%ViwiK~n`h}2d7jAXR
znp)Ebh(Fl~DCXlNw>Ai0GYhQip!;OM16CG{Gf?X+r~zH`5Q(UqQt)@|K-a)ylks{*
zRy6!&iSrbj15_?SDXE(@kVJt&h`a)zfYu~PWW7y^751bW4GM)459eJYC7?F%S!|(q
zwyYSpAiDuw!RrT(k9uVbT1eW;l8|p2FjrIfE3Y>kb%^3OVmrvFcl`aeaqJFhz9$D+
z;Lt+$;tarDkI}oqdrAOl7onq)uRT#|>?-~1OV7wT=UAgoh8TWxFqOfTe$-6`S$szQ
zW>4bf1ND+f@72gh`v*cBe3E*FD!tf~laqNq4>c^g$XEHzJsh|>mHoBhr*3jFXx|Xa
z71|i|G&FOVXB8C{A}y$zBPh-{B-rR&4$uW@Y(v$^*@}&b;Mh6BD)-|qp~Pc#8eW^_
z)}^4LLQA=*G9q(KWoM0{Bu0lS1u=&X7G2Zg1?Xqg0MwukVR2FWIBL9sfw!)-;R={N
zgq{Lj)Bfd3*mWTB$aY13qk<BL3)XpFNs0__NqDO^yPO*RU*frGd?H3KC{D)AEc~pR
z$fEt@j}S+|DT5v}0;^H+bIOdm;20xvzHxX4Bqh$U!g{0cu!VQ<Ot-2lgTWD2J{M?V
z&9NiH(S-;t51a#tv%#{2Hx!5|v5y0_7!YBPZoP^oIScXe8DwgeU*v8xlp0yeX-97Z
zF5$P7Pg(+`0R`k^Sy$4v(B;Y2{?2!Rq(B-0+_~fc?RRr-jD13=O=BHoWMz7OgI*b8
zjDz{>{>rp61A{w9`!jRu%+JD~rFr5!)?u(1b^-?n2M_XLKwzL4V>;z|T(ZKzAL0Q~
zIq`#=EInC~bLTQ`ZTMWAw(v@H^be}>WI8Aj^pmAujTVhj5PNgrPEmBviNFlWQesCe
z<OdoXLfMrfTtNXBdfIUK(z_pCxkeg5yCr81*7B`PnjX!F=$C779gE00vpwtJlUvlE
z3t)fzUE<RGM00Fp=)}+lGdR%*o&krML_<P{yw?T*M8TzONuwuD;YJ>vx5<h8`(D%m
zPCF%LlRW3T9NZ0biA4Z7rRtTDNF?JAaQLXIs%lF-5sV%0w{?2$`6JDMYZikEZkm}`
z#|5)+?V9=`Ny$T8PAMNgsB*6h`E0z_9@L#XGK<TtefI=OZHa{obaQvt&oMPAy1>4p
zYV<7)`?X!rsy$hyfl}Bf<oTCO8Ldg!Y9!KJl2UTl<;$0+%M9|FKp^uy)PS8nIc~%+
z=Zce`;XHHZ5^*a`Q=Zh>+S<DP@C+A&_|5Xj+m;WdPv-YD{N6l5W7RL|-@SX+P~g=p
zFA26@0Jc+*F|R8E51R-1j!;t3p!l8itB-%kGS>LVsA7J*iC-k%Dg|^BumFToBZ4AH
z?HwJl5)P)Y<`or}B!`$R<lWUsm0_b4*rC^}R7pjd2#a9s?2!=CMUj1pak<DMp7i10
zwJ-&<%M%(lpvF&a6=ouUJG^KQmHb94>HyV|tsjqhHA{JFhr!tam1dX**Sh%E)}A%`
zl@Ju@mcFac58=it$~PuX5svMer!J`^<U_p!Qv#W|J41Z9OHBd=Nsc5q<$th<f4@a$
z0C9A;49>AgGT*XQ&`Z$WN7mFrNX&DXkv<cfRBICzea!dqV`d7_oonB|eLM1;euKBC
zjiE`pP734*u!;EtBkJ)Nb{PzXXNX0J@Wxl|blrsKYrpxl`~1#lr&;Csrvn7(393mc
zHQ7$uR{YK$#BMR`@3#SF7dQ+FuF0mI7Fykyh;>M|pP*7u0A_H74K?W?1J$fGALr_1
zk#U4YW_{2#Fw(ErHAl^SRwI-I2MY=(;f)Om+6}4%ddN7R8ArbYrM$~3n`3v%24z<}
zb-}M4_Vs6#KWyIF*;$Y=W~-~KX-^2I<wC*W<L7Uxt)0y8F)evG`rJGE=5fq}pI;%v
znUuO|pN@%+CTCR8_~-JAAGzNL*7@<{$B+WRK`Va&oV|d~x`4a$+1Unn4n{O-9J*FA
z*R-&@YS;Ve-7#~mm|@sxkhW-!9EmDOrfyIkupCUiqpP3f*GK_;y-i<UI@HBmw{BTl
z0xtvU{PX9}ATqSIwW&o5<~yX@XVKV|i^SM&86v&)&#|(w0Qq2>AEwwbW6+-bnG3z|
zb(ZdrVi&c0FG$%vCQs&+2cB6D-dN5`4l7nUT#rJO{c*$-?u&jRehtbTnUri#QPT-}
z`4U(7a1>Iu5VBmxye?$l0m`&o=jqO=P7@tBXin^k`=+l@(y_>Z4b8;_B(jrI&S~~*
z1E|?014w;7n^WB5S-iR*WVY8waX8%3Su*zp<~&_RCIRI82tE9m$!RI)ld>LpB9-t%
z(C7NB{A#;k)l$0Dz}KK0ZaHnxW&Km+@|7!BG&F+DgP}yNue({4qR~SjPv^j0S{SYb
zMysztufV|Itq^c2NqE{65gX3H4-y}fwasV;F8Y1Zpe_(m2P$vwoO5)dbbDGDSD@IC
z>bdmTOpR$3!T~aejzKDr8#mxMzM;IJJm0>Z*mq$N>x0$l-p*8;<;$QA4f1^O;8S}_
zl+V?xSHZb$A4bZ%A6<|~ucV*=*PzUcmh}|p;HWm=xO3-@&0**`x|qc6f7~cLo!a;z
zrdVI>X5sZSKh=4WMUFL9RacuCE?71J1{Je`dzUGStn15<)aJV<TBgkz$YlKM8*iRV
zLp6kuS`>eqiQn8&XC)?mxRVpcD*0}Uchk?_p-VhbnQIDU{^Uv~(m*lbq_E?da!M&Q
zUI6`}cQo7(zfC4w1Xsae6@fVh69RCz`uv<{`&>4b#&vFdu{DAy#M1}0^^IpiPEB)A
zQEfwseFkBlt1<fARJWG2sYUzsfsafAKdd(gN?f@)IG|0vcI_JE{%_?e#rc?Cuh@n(
zJ~7~G!W2h$mwIlk1X&a(>15gQK|RZXbs$tRl0WaWqOl66OE}ZVA=3#x$QljD$lxA>
zEV^aD;_>SpP+olF3kwT-ln78oGh|LA?!j=yzLZj*9TecKKEF)kf^2}cI=?v%cS1*t
z^|Aq=B!~-dKbL3+=ldE@o{>(ACs{I)<eJCI(JCDrbt$Q-fIfGl<9MvleZ#dH2$s&G
zfW6>QmpgFWI2BqMt)1ehk(|GRBK~j%1d`%4(Zo0tDAq>~kxjnKpmFR1_&QYf(9iG|
zZ%E?cX_T<g+WY}MV>!^kKu~(D&1KE5k>Sin*$_->q?0ORNms4`@om}krVW^iWuChi
zlGLf7)0x6hOjWAQ`|Qyc=Z&_3E9*p$x!`-X%cwwHT8E;k=9GucykKJqaHOkZf#@^X
z)oD_wojHxmO?}o5Kt?5Cad|nHyzlwNeZV|AT^>UHuh(U0jn6|qX{*~~7O3yR_G@R`
zy(&c)XkK?K4Fu1~>2eT9AI)^DpKhwFdl3+j2~sKq`ZGQ|tPi-Ppz?uq5vHF<SDc4@
z@di{duna(WS#|V(aW7474iFz$1h!u7^!xYkWn^W6bBK?Mvc!1RAMzp1AWsc)9$Y1&
zjw(N=V`VvclIP*wmN?0YW|)~!h1nE*M^M|>K#aPLjSVDtvgOIlOv3($^^nfMO(WZK
z+by7z8-xDXWgUXcJArk0$XgsJwsGi&ZTv^a@diR`d#4FpVpCI7Vd2Gl+Rn}^?-gEW
zN_1QE@g^HgyBbL{fD9URot)TS92rWy{1li>(_iKj5-R+H$rM)3QrQDKN!=<QTfn#H
zFSh=r><w4U?&36Uhl1O*vf{kzbLZEc{a}b)=M*Fd?l$H<iPQLVF1p4qVmLsfHs9E$
zvl!TG|7Xv7x2AJ`0Fev!bO`8HoJ5H^HZ3jf?A7Py78Y$)6yUbq2Nn9rYo(tDj_`oD
zeQ0Q?r$<6g4psAt!NC5&{uMSzMC7uX8sGzP@aWF|{ri)(e%W2}HKo`sRfyrt#T<}C
z%6E`jT7MSo+qc_co;!|2Fth_Z#ro%;f6~)e1(Oia$}`82#aGP!#I!x~mOB)*ocFHt
zg8*)OpVG-)ghmEZ#lu}GY>~or4+Uri4EGef+*k2de=Ev({&vL&^;jse&;somU<-r5
zQkIyQI6QoNHc*bdE6B1eyqj$X1Y@zp=0AV-1^6^uV<j}#6j^~lr{2Rb7}h<BZ&xHF
zn_tPmf}DQI@*f;%cVuPPvt9N_!s>o_Df;Wb5CVT60KWS-PC54Ymhk*TYBDpy&c-(9
zE&2P7?}8d%<%vSR-<&M%+TH>uRZ&&cXdbj`iE{@@9FQuA>43^AU~0)>uyn)pNi~EW
za4q8i1IEW0SXt4bp+C>un_e1kgu46s#S2JPAyI^>4l8I(6kaK=g(bcc&Z*~DFzG9^
z!ouz`!J-Bhb+dsRK)s}eYY^l^G)(9{0HYLeD_GL31Jx1cLI_{L$%a`sIUi^BlGcGN
z7q#uxdOrcA<I?gnry}%%xXT!Hr}=QjW1Xw@=RtLWQUG+$VO)-F)E@dmB+8JcG<`OS
zLp$~>bI@!-M(GD-4l*cAb6`Qvo2t&hTTS)k3_)?tT-olr%-a+%Eph(*_vYqilvcr!
z2J`;~E-c@<EH5k+dTn6rYiuW^yw)FpXBGZH%87sT#_i|Vg9G&eH_5QKxA%sT3G6t)
z3F=>i>-i__+PW)I(l1U)*q3fjXS6?qWrCTXjE))mR#;GSESRj<vifW_@a4R*WutC&
zC|!J>lan*%#hbQvz>W~V8fa$mI!2<>Yj!u__FYl{rG;Cv_SeAw0EiPpre2`ZlNpEb
zlSv`xAAq><-VzHYy=`D?il1`1fXZ1{Umu$7qoWh%k<*@R4;aB4sD0q|0j}vU7XuAv
z`=d~sD?Ib!9-w(6QE935W%^(6#LaqCx7Ft%kK+D2pn*ZEf{C-v`fzS(=U<5$IVG|_
zMDRMYdOO3`)rs;+;WxW3-UbVA{*!w?%n!_KH(iH}9MU5vV*mMa3{zAY?Eb_QwH;$%
zaQXH9YzkS%gpjy$;U&M8$AUsL3L3PYpq?XdJAVSnpt=F41Q^e+TR>hOc|{FU<iNl{
z)z`1Pt*v<C#w`Gu3JoaeZ+=6Gn8M!NUI*EM**{rWz;cI5iHnIb`Xv|XXl?xqCOKee
zCw5*A=h5faSnRwOzZ!M(UU_72N?RY`zums8rKhK7yBytDA9dy(34?@0Pt(j%Q!)=j
zC8uZIW)o|qPI}Yn_CTNkYF~rV5|AC#U9-soGTaCIf#L>LP`7R+;|l;pKYK<2TL;8F
za3S6xFQ>3Wjug*^!Qr1eJkID>ApbR<Osd^~&(J*g0b}QYYqzmY%7%ell;VBYANbnf
zrM*Vv5-yI0W9QH*@usv`7DmRH@NhHv==%9|pfRH3;xdU*9M9k<dBy=U9(!xrG;>=t
zI&#Q^7g{s$m#0V@y1A_bXR*Ar1ZU^6IHHi`cPd}`tRx38EA9D__*CiFD#kPe9_`Pd
zmEy6WF7})2DDzySq@?`t;ln18Xk}p$W7suTj(o?^ZI?c$oYZ`Ok^Lt#F4+I!0RRP!
zG`<)~24)cbK*4sB%YmUX$w{F8wTRy#{mpl#hcEr{9ol}tv{xAc^LvXK_Fi-xd$BT*
zsuAz8G*%DJT>;}S&Qt9Q?m%J5@$#l8CZ3U&Ha>14Ol0h;v=$661`5}5aij*eHo5ia
zyz@QrGK6$jyxQAO5YS+!YOIDc7Qb1j{n~?oF9N=a3=hJ{@F0xjY$be8?VYg$AOyHe
zaxT%fmzKTHsRIXI10<S&#RekJrmJC#J9Jn4nC}4~15ClqR#dS-*XetC?gA)|-J%3J
z(^t3B=OVc6(c3HBD!$MMAEu_B0^1I7Q4Zr-00COx2(zC%*U-_C3t<8BWWze_Td?=k
zrez4kFI87xi>YXA%z$&BHe46EZ~;89=GxG|Kmx+NAq7m|UOMw<QZYchS>U+AU;Mz;
zmG1CiZ}1Di2&?mC!!9_9I1J-T{P!iuSF59|OZIvF{Q1|ZQ?N9O`On4ky1L_Qk_G(i
zWvR1aMu9*e9HFI+y<inYI2%LgU#>ZUyso06eS)p63|cWRoaU82a2NGFcU8Ge+D?UN
z=+^<j8rw6X^klal?Rigr*X7+MfVP+K)D{mb6s_NmAF>tY?+Qk)W@M_2T)}qg3rauJ
z{?5}CtKr<IfJ!_~HskDmwXi)MY90nHmr(J$MBJLvgHPjvUyH)`q0NVbkt-rO$l#dd
z1GV(+){;7uZ?2_0DuQmWwEX@a-7a+S*V5AZ1VrD~7Py(orv+zIm<U#gQlL)32?w`H
zC`CVH*AWY6ndo(^+-qarXU8*~OP%A5pPyf(=>j|PF<d?T{3S_ns9lADGVm^Ngpv6}
zP*YQww#ZWpj3Y`LzY#{Y=E3PeInLFW(04>#-u=4Oi+}8ou+?bnR!zYz@>-0t9sXSo
zNAyBsV~K;F^9qA0W5T?7)@^Kje6ME@c>J}S`+;#R>`W)O#6Y3}A7<-p2$b+kpTrYn
zpB8!M#kVnmrnBD{2CYHQV&8s@H$1YgEw{IFJh8fu9ZxO9SS5grbQa#*y&B)wFu$d)
zqEg@5YNboY8-L#|^51uFA*>a=ND}(T(gL2zMw8r5O6(mMh!^sm-MtBaL!HNPcm75~
z&g*1r(JzICJ&NO)AYaO5IZs;(cyaeupkG&?@(T{ugi;j5EU9Dq@Yg>>ia$U(=}2t_
zX#F~`-80=-c%mzQ94O6w`}UEkUPd1n4S|`?TR=E8fEtJI%7`u~C;*Mj%gakqkrI7%
z_kyhKFvxT(`IH5i1`K8r`w07KJdz~kIw$jB_!2exXq=;?BM`~$AJk8!HlnWR+y@^=
za~+KF9y)pc5>0yra5dof*Z|54a4axZQO}npDacXupqq;rsZF4V(W2M>{{A}9M-f2S
zC&MSW9#F1N96Pp^U8IuMViE3>Hwsa6>g35^FvNOD@Ma#2|9k*7@!`XVF)=X&u~2<v
zxtCGFb8$Y|e+L+TY+ZJH{064@*RNk-ZFx%}8E%9(Ozi{q5aQJQz(+H(h7ddQ{oPfa
zxjk^R4n_@tqp&^E_~__p3CFQIe-;mA@^p3sIG7UR<Gmq?f=sjBEHNZXr$@l$K&B*5
z<x0JQ5*!}R&M3mm%PS{0SkCpYh#}nf+}*o(p_AtcS217~F@NDG-|R5}i5q4i-GR*~
z=b7359#ulF-0KnW1Vl`ARl-o`+H{v1uLKOH!6JDrAQJcgjRutpGp*;5Dqln0J_H26
zdZja``!d(6_4%`B$Ha)Ip^`{%|6Tj12Nbg4cL4F{gSrYsr2PE&tb#!uhXZeu`D6Ib
zpZ}!n0>esgh0PQ}k*Tk)Nl^F<w5=HIQh}RZz|N=^fovRhcBA?U3zybo%&w${L9^d7
zh(G}LkI&4^1mOi})^nqr3HQwIK)rwUmSi5|r}1G1E(tKb=Tu5GfXNTiq?UMT7+Smm
z^ZhCI&@T$=41h~5J|tv#bd>(Dzdl<wGl6A!lm8?1VJf~lH%cDa!PmPMVJJ@a`rc-X
zG$!cAU3~bpr)LdJIH8W_=E)v(T521lgoc3u5<nf*4YG@1ySqizM&}kxjW;%`xu$^r
z0~}maV`B*v6=<}&Qj9WVue`tK;Zd9iYu*uGW9cFeE@GIZWjpvX{pe2TBDBnE8X6Py
zv>tDMheQE>jW}SX2eT7OI&b8>J)rm=VZL}~@!oIa09P6kTOOd78Vs9LRrMSXPhCq(
z)IFG``q$daZ}+?QnxrS^04D|o-GmFehJs?z*Df<K91JiNJhfbxTYygf``kEq#2p5`
zDxVyL?Ay0U);%^g<E2)Cp@$6y^-G(L?Ghb5ITw+)F3tiA*9ob18hDh_IJmQVdJ#bU
zL8k%FrHG*Za6LvRRpYcv_Fl^y!zCr<(e_?pEsO+~S^_?|6$}f7B_%NGTu$h_@9yqi
z%-8(SUA>;pX@}4DFxL#IV`X9CMPT4S;lrexoTvIcrd#gjN_if&$k0p2nAabTT?{)3
z4}-8U6%xvUC`m`M9fVFeJLd0Bcpanjk5VIkLMv2rw;jAha5928`89;~xqiI~f(Xa7
zTZ4dT&;fe{JZqp6G-o7o2<%Kx$UPi64Hrd_A=2D{H1P2{NN4A~YI*W|zq?++D`jn9
zyP5Yighil+lIHQ(_}^!tO2C9AB(N|u<B4eVCa^4XX(sSnjPLV>S^Y;pMP#p6{Iw?}
zV~{VA1~3Dt6mYT)TA`4TKRJm5K072>hNgywyY%}QCiV83P%KT`&l2$HczAfg76H=)
zXz#IN_Z7FuG-25vkO@Obx4u-R4pK%?^uo1_kV|tNia7>yj}z_)+VRwRxYJx*&)2D-
zSYVJwqaZ9nS{iL6kIR7gfkMf}(x%nz*>wM|L5W)}ec*8dVH)x3$|iX}=K+RXmb7HZ
ze?0=U0@NnNvFH`f2FZVN+xlXvhujc|i?YyS?o}kjX*sg>m|Um!%F*trA@-1rIri=d
zoDE{{(@@&rnE&~4C=osc@_GNyC*Af7A#N-}CM~C=WpN+-OZ>`|iiSo4<;AA}>|%xC
z1aGO5%f!WfQ;&wI5Ios*a_hco)MVI_T8{#W#aTp)h4Kh954r*v5%Bbqzn32u60*B`
z<N;#M;^7mImlifA(T&^>fIVamctF#~GLd($0|3ue^W9!LJAxE3ZxGoiqUPB((I`ad
zQ%eF&bg93JgSam!3@!)e7b3LounK6P<z%4*Kpu2+bA$Q2fuW(Dm)r>tLhx4DXW;7t
zmpUB?g^K`{yMkKl>Ow-7qONO2;c|Mj_`aFK6c|~$p+Yc7kyEk^7uN@9>&<F|WPy`}
z#s%!W14T|&;Im!3IO;iH#yyI5pJ1G=lk?uJQ^xJ*)Q?#zliVYgcPWxD>BEtRrlG>~
zrOQDo7h}M(4<ssZvliD)O$Wh-0d9<GcpwV<xBz34hLD5Uz4l~K3?Me+WIex#_rGaM
zyH5D&&nkYuyQ!)w3DP^b_*0}zQ(~jZ%KTH%T5P^2RzlzLCN}myO9sabuvod!9E3SW
z3WK&P!o#i^ckzyQjCiBOy~4Krv~~ln;Nb<=apPT!*t+Af=kGiT5FWa_d(99zzW7u$
zO~m}Axxuo24kE~#nrz`Bme8$;OcYHfgbO>Atwu#a4*gil>CMaN1rwljK=av!3CC#1
z;OTtUuWD#$0IZ1MT)44ikeu8N58@y|YKImrVv($yuSC5)>N?~(FKcn0msf?-!aOu8
zT_9GXR5`LUD3ruE4s1cA<whfNo6X{-kHME4jOM>x28XHGVH4tV-nhY|4<bwn9s2n;
z`bH7eN5k>l?uw_`8LxhWM`5Tn9F<9CW@Jn+Wnf_7d<yAEi!voqU4-kxxp1%&BO72}
z>)MAhte$uXgA5^y&_(-MVxfnEf-cF=&p$87TQ>}jL9Jv9o5qR5LOPuJW?+I$hQVGr
zUMovW5FC#c*EIMZO#s=qA@mO`G7YcPgxU&(xF5w^je~XXIt+H$m1pw6Fk>T-{ioPd
z65|KV6=U<?$m=LblUZG|$PD#{gVmx`#k!Ns>z0xg^Uh8^UJfp<j}At+z*9B2z^1Pw
z{S9nN4M%5_fi5uOZG1&DaF;^9qSSvcz_c#s4w0W!qYaoT_YDbzl1^z2aW-~#b$g$f
zrW<(t322zcK^IoJB;~%8ygK<nl_lJ@WQdb&kWTyOpW%Y12yK-kaaNFh$;(WhQg3-n
z0>B7rC(P!p0$;@{<3<KF(A|OSO_+wEA^1C-bYx_t3s}fF)uQt3`VHLGrnDJJ_-1p(
zaE{T@QTA~F@W0Au=I4dRJ3BjJ0EZ9z0?zarME%Df@EnZP(+&?~`Y`TQ>c_1Ii=q8I
zhh5XP(pz&YGXJMD(TF2eLmCkUz^LLoH#Y|o)qQABpn|JksR8?#nVDHxX({*ycHm(a
z7Ut$@4(c%?oNR3HET<%xQU@L$6Ek29r^Mdl2dB*Fmkso;QD~>+`SV)tQ30#?0_Z_3
zn0T#gjc<KuUQ%bW$6Q+OhLKVfSXlvuV36=Q4gQ}$CM3}oF{D4B1p?Q=(Qk0;6Y;sM
zmlmGh2ZPRUV+|dJeBuf@`|q}bd#ec#r*OkL0GWqAkfOM8V2*-3xCb8qv6oe=@AvWA
zzryh<XvXI`4>5|E(_i-n+0^#gT_Omc7rTd<Anb=<;DWJ>2!z3R*Pp=dx~1-KLH~n?
z-PM~F$dlzzHU8}%Rt(_dLSWDbObyKM4~<f^^qndUo<vo3X&j7`-=_p55WLB*bS8;^
zYzY_q=O23qzBH7w-vZkno0x1faxp_1mjBYF3djj|-;l-5>5z+nl8ab^E&IP1(@Out
za8$TJ-*Q@9YYYbc3mB1qX*K{0-Ru4I6Oa&Or%*JS{4fE4nag($Olp#oZ{oa;2(<n%
z8kG9ORi_rlq%M79mh&nE5*z-2sHJiJdg+6oPt?C?(}HT?24t>9!*9}Y)Ft`>`nd@1
zKX9TI<q4<6Z2|eL0{#gKg69*Z&pGmEw{XR#KP6<Gr*YxR?ak512L=n!in3XkFlJ!?
zfdeoI&oRDd_z$AvxahN=L6o=%eIA@7WppH5K3s$L>A3TEzCu%y0zCY0FTQEHmphp8
z8)kV2{tyKv2;4ouCQidegJ!5zd!m@42Cxc?&(<Q$K2gV!^Kz_1`8}ixSoi>En}Q4t
zyBm6~E|Z{|F2=*t*<WRdM(L5=ATjZFWIP4K$vkv|I`*)VK;EoJybsX)eLH0WPC+DC
zJTMCV0i=l+3|sIvVnNOUlCdC$OI}_cXkecG;6Veb7)efS)6ZE4IC((FiSR^@z{74p
zgdpTn9X!|!#EyhS4@ZsBt@yUYxpPgqNbUP%XCb-6I&BMF5<I3VH3EPm8)KLzZ^OD?
z#l|k8#pOWP(*}16#@5vC;4tJTALuHAIu0YZL4b4h%PVh?ALsPP*xX$9#BtuVQCgEH
zuwkzf_3NQ?!Sy`&hxPlfzy7-4o!R!UixBwl-3E@145{i+DKKvc%?ivJMw(-+T3Ia2
z|2Gpz97`&jciq((A+gW84RFFV&b^-BBx4FSNO>xnnro}8yDP7vQ|37SN=MFVB0ya)
z*T~PEkgLOYYA+9lKB?Aw=`-#2@&|Yey;Oms*lqWbQ>F%xImO|LDR9@*%{ZDe;o(U@
zTtd#8fv!P?KyIF)7-<f0s%h1p5_kvkWn*v*_DOV+dB8Qy9&uPz?g0rjLd#>ePfW!K
zr0L?u|JT@;$3xk+VNXf>^0rV&o>mo6){<zWY>6zHY?Xa$5u!qA6DoVwX_M?4OWD$9
zU$YO16pBGvvyAzUdqzDy&-;Gg@0)*$88dTV_jO(8aUSP!9@n!MnXIbbV|eIb+UNz#
zgb;Uy5=f>M)Ppn;J(^62H+N1J`mWVv!q+NN)>(`#R#x6W108|a3SDKpIf>cfs2B3P
zq!)d==+9i?-Cl&%Gu9}uW4WQGjf#;5zUA@afK4F7-^+C#`RH@&R{!9j4X9NzIrP%d
zzZtpa_M`d+W@cvk`r+|H>`bNWe6#jFb9tdO>htqI+Mvc0)}y{N%U+jH@PqYielW9T
zC#Ui-F^NtGU>_iE=&v1NI*GlhR60!~ou0&{kao9llD4~@ot!~5m$4TlHJGcVKi`nF
z@)PSlUeF5&kW8fr8R!5?K8l!&<vT?)5pfPP27D9Ys6r^gfcpq*6>v<5f5a9|(Pj@-
z;yJz5K$(u4TPNmhSH??_2h5=@!cTY=Y0v;~#eQGXrC>3Q-?<T0U}`aZ&3bVkAY&oF
zjKqcwX2_1CQs+)R`Hj$aVxvtJ6@orw9=EVXQ+mRTl*-D=s(IMTUrqb9qzQ=e*LdJZ
zQ&UuBAnQTOU<qm$q~E!7=VE4}ue8<u?}#AM^y$c{K^WwL$QF7&Ui{ZjmXeR{LqkjQ
z77+rw_Oks}4v{XfjASq&&gkuM8T?uzn!9r4%J>d~)X&S$H#0ST=1D{=c2O=mIw$@E
z^tuo(cA}Q}6=j+qN!X*_$={zINsKNFi<{(DJ^46uaAf2T!NN`Z6%D*fH0?N0Z}#~)
zi+u-4V<L$#3>smkJ4v6`2y|u^Tza)cO6#z{;Nm?qwDPysZ;T(hyuV3v1~ZLX*Ws2>
zYUR)*rmGOVOk=6NWi_|7z+q`yu9F;PWlyv12Ue>vpFW+j(c<V#8OgbdjZ7zd!wbC`
z<{jZYk+Xhg8+EpKhk6a1ju02G&v+RbB8~x2eB`@tS|w{nkWOMlXJS?@xN#wegr5!x
zk$97Y@T>6k<3IQadg*iO^!q<Dr;o8B6wAPe;ATIsBZy6m&wu@3zs#t37JePgMe?cV
z!pD>oX$oc^>vKq?e33FIE1UX6&*e55Ss&V@8r^%I?Qr|tQv+JP4~5pwi#|Kd<G!*Y
zDSQN4F2~o+FBhL~cXvf~gO6o1E$Q`$9iSIzwL_CZXJR`8CZ~4Z1Zb*LlafwpYX>SY
zu>Zb=r{(6&yt1=vcSxkaXsG_{m}N;lqbs=&K<=6Awt9QUf}v$K=JvO<)gj{sIgesK
z%1w_RJ_G>#Dt|dBfbmmPj<nU$@=A3vToEB?+p-ysJtz^^t>8F;>67$huWkaj<sMo^
z@Ax3_J`f}M*@-+T`@I!`9No~M_W7XhZswfrD#M@6K437d@m9clV<UZTgxOvP_D1Y)
z$SlTUI<D-ycrhEy2c)xthr-W)t6J~1IJTL`#1^%#yFA$Vbdn4ca*cP27u!@N1BP(U
zn1NJJHA1G=L@Y%5CA!EC+*#F8FBsJ^+;l29w5zKNJB*u~8|VyFJ`Bw7Zn@^|?F~H>
zc6|j!MfBo)d;Y=9AJy`gcFi&l?P!4Os8*M^eYr!g2sPP&elVi}S8U=y`dFQecQT5z
z?MPkdTSt|;qpGc4i_48tTyu3<jf!fT%xswfYkub_D2_kgyg6G}w>~*J8OdCO?6MA<
zbRF}>2kQD-=V=OsA3OE%_z0PKDfI5$WNd~q=Qszau$=A2aZgwt*|fYgxby;10dX$M
zX6p(N7=+{rnWH)7l1|Qwr?=I5%99~P15XMd5F8W)Ub*TACl?4F^!SNv-t4zs8eQ?A
zJwHDDu_QA{#2{7<6_5}~>!4*O8)Z+ty9o(4H9o#{&2_yyd4SMfUS8{8p-VwQL4h?K
zgl=!VH|rGQD67sX*%9Wyf1TdJxl}19rxC*Mv3N;NB>WF4sk!r?)Jh#-4~h5VJy4tQ
zQd6*(J$<{UGQ>!p)A_=M5}{-&l?X)0C8ZW!+mTRbwWY0ajQ`>ut6ixXp4XeLBSvCO
zTHn0c%Px3O1?b^AaNKx{a&ycg%wX8<8Se^vZvp4JYMuv;;jbrLbfFmkJa6;feft81
z_}U;Gg23k4QJwrUlm=>RYvpV8-=m+a50&Vs4@pMyVY)>&xAWF>Zfb{gCo?m%>$!fM
zl4ejsMTqzT^b_WFP^nac-`I3e6N1xDc+o}S^A|C(*VR<GN;P#9uC5~2b@<MiKVPCn
zk2aFYKjT28U3Wwe^igCoSxL$BQ1RKvX=JY&M}~~(!Gs%9((jWmBn-$ooH^q=pPjPp
z9`;~VD}(>^7LG~=&Ro1!@#zpusa8o^1%O)b-;s(+3fcQ`PkAL+1_!OpoCV9Z4xZS?
z{7WAhXFQ)g*l(x_l|O+DMjt}*$3%~lXJ#EstbUBxanPr19|LL-6-DjqbZCBHYj`Ih
zO0kRI()-ZXN~=3-$D^nXdd^3md)$}Io%EH5Xw1gO1~>~;ms3xpsWhi$nvV6<9PNHk
zrY1o*?9Nut=$)1NlU|TR2+rzFq65Jl18yqsxt=Q)uhs2w<q9EnGc=q8L!_gnb@YxA
ze+Yr>l}CU6`0ThG6FJBEEppRaUS2~^wonEFF+LX)n?$=}pfZp8PS@rNvmBk0w9s>d
zUo`-IOG{NzJic;edN+?rG7M^@+N*pfvOroB)k&M06C?aZuH>Hg#GQDb(W@IrT+G@7
zlfXWHw~z+fteSg(948PySWm39vmGF71JCN|g-nXDuV(3zB`AVu-bi$xTzWc)g)t;~
zc-$BAN)Yy|Gd*5s8(x3BL?bpf7G2B8VG|0H9L*1^s(O2R?l4*_Bh%P>1(;0ht;f+c
zt3cuPl47lL=e}0rQf<@Skm3Oriba$C!^4I3RCIa^M;JDB)@j&WR5u&}3WaW9T{~gy
zio5{3TS`M4Bot`xiHgt+(v6>yhg@Cn*CpOKXss7^z>MfCmj1d<x0E8EyKvSXb63V%
z`QvY9%;`bq?RO<RC&zZxTzhgtZL#a^_?FkpO|-PMAb*f;#xkbXk7ZS|W*~YOyi*BJ
zx3jykA)|g1aPuIO053?k_|UNOrLBz$;&Y%lJRH2-U0~MH@o^Q4XRC4>BlgU!1}q&J
z9GpLYzCL;|n>mjhIRZ-F%vD}#)Y`)0X;@ej5}y<*)kew{MG+)74d_H955S29iWA-b
zK<`-7EQdl@@|Nec#|5h{lumF@h|NV?Kx`g&?$5S)JKjLk;S&JoTkB2mI<7hKh&!wA
z;Bd9fesW2pteD^KNQ7}i$;bCyA5wMLBR~lW*>V26G4@x83_g6&54-UuT*o>MIc&Gn
zcTQ+>m-Fy!y1>uP9pvl#Aa~w^ta_QgBda}8!uF)X_+%WlHCxx-UjcIw2|<<^jA!#m
z1RBWAe@jgEXY>Ay+&@|P>kN5X<#~f?3_*h3q#AXv{O&9%9m$DdWcB+XuC+&Vv34+4
zBF=)BcNy;Kp{xjcmqD(!yhfk3{n%72B#<O|DPGUI86<B4NwNbzJ{|la`*ZR|rk=PQ
z6v}u}KaYsSZPmAmOd6k^yz$-w1gPzUe;^fWYIQNVN~80iI6YpU28vg-0@gj9PRw}%
zQqz)PsN-K0;OqOt%V=Wn6}{cNcYo#th+#3ZEPO2a))EejkKBH~6&M@t;p67+K(%Md
zlB%b#r?4?$K3M3g=0w&I9Rw$k1QQd#0yyD@{f3&=@7P;LGRo_8n<TTm6w>y6tP3|_
zL1^9&%Z)BBUcS7uyF0Gq83Y4hM&UPj`ZQ@woq$Qk^r~1bU0pc32+PXqd%B@f`#(Px
z0Xz|7pD&US<ic}!#r&CI;eU-Dc}u%kE5{<)-4h(dC>n{k8j6x$HAH!;3$0(jo(=fk
za;9FJTKfeo@%WwUx$gPhbARD1+yNppxZ_XM;{VqV6&fE{`BS(KNy6}t`$(D^+!a}*
z-}jA#OCk6SZv$iIvWCP6|M+)1o;M6;)pZ$d!G$!Q82+p>N_<0_x{$5xIL+Wr84uZR
zMyz>Bk?WSkse5`x+z!ZJl4iLciMxnMIoxwl5Zt_Zv!GzKX9`7!BXs-K8pqcg4(&X&
zDzR|t@9@nr8IRHW*l5g;2lR@$1TU-{KHs}{?@6hv%mQL^vMG3s<^p@N(!qmAv(G=P
zvyfZ6_T($~X{cGCDH??&Wd^!@z^5<!&wpA!ecA@I894CP=<4bUZrFhQ;)1ht&g57(
zw{L4og&cey&{(CNz)M()V>d?~sM}@)=nmNJJN6Lt$>zAEWhx|$+V<-16zAR|e`)L-
z;9fj>s}tcHkbUl(-=RhgAw(s<#fv|6b@6g@r<;~=7c2stC9qce3gvY{S7cLZvi4FV
z=OEQYY3N9&GaS$1GHz+A-A|t}b0!Lu3}^s+ADO@JcUk55caBqjkFm~p88^3;LQ+FR
zLtEPko?bYGVz1mZ^cy(EK7D!*rDIgllWJ71@@+fuj&Kgp(RuQ2zNAJrAQATei}38Q
zYH~;MT>r)CJ#JYjRC?dOE$23Q(bDo8Qt#UTJe16>bJcsieCWYzV`#l|P)Gx*6A3*U
z*pnT84D8%!YcND)qEO_~{Z_Cj>5Dln0?276kW(csygZU{7D6ev1@*nh!f1A}3K-gW
zL*?Kn$o~8thT|%Z&mt1o+Jz$ow`Wuxu7e(dbrcH)QKd7=qu|aG6BCtpNJtDqh@(8p
zhDRF31P>!>7?Sjb=&reQrvhDMU6t-AL&q*kOXpj*>>OOlql6b6-gmQZf;=7tZ%7^=
zMNGT{R3jvws6?WUC2?Q{Zy7`j5-t3+omn(>YxSrPxR@RG9fi4?I`xkdnTUsV-ASFt
z52$=2R+c%7VKl0)%%z(RJb1ip;Lcx;Un}>-pwlnK;g&zoy3&asciiHSaoBy#j*&ZO
zlBJp4bSQyQ6)S)7=XZ$f;Bp@@bdKKe-k0tK%Ld#!)Lv)Jngzq)k{@rapY80gv>UE&
zJn{@a(=pp}8`my^pughnLiXx2rnh-7VTb)V`tl`9H1+jucI94O8CK6wR#8Ef<N3wW
zeiy0T)>+Wg393hG6%#xe@dY$rel#->?S_Q%q_guVtRs$UXgmnyvei+(SzKN|+~0pT
zn}=M_5Dx7u^hNIcltM8=lLku3d-hz;Ts?HU=(>&J2yvs>8~IkpGm6lj`kGK-V60@J
z_~;A_k->-6E)qlw%B|bCgU&F4S3o#QxK5mplH0Mv84NU}Idv@~S)e=j&kp0M_%YMM
zR+?33RAfvKYj(8i(FLfg-Fnhcw5$oB5m_Idj1}cUJN4%39H<_gO--Xr<k6sCkkW$8
zy{2y*P5oAr6QfdL<|BpoRG)x2MMwG9=+M4n3wgx80QeSPuX!tJR=T3QZ)x2?vIjeA
ztjOBFiKh-^=QAk1LBqeju}D|`{!^|)z@)xGLEOB&T^$`#07LQd!cmiiLDf#DL<)tn
zKZ1|}3a`Js6(R=MbtKwzq^1kS*kJ8K7=jWE)gY^<rZEZi4@(b+8O4xrwl+dFkBm+4
zfd@@gT-+WZ43il|Ac~E*&E-A4;D4c?#H)E&Uf1%yY}SDe*gC4HtLt|9p4$b2iZW?W
zsQ}6;UhID}@xuWv!SUK*_EoSKOTI|BPUXh6e0zC`P~NIVyTf9Mkg4Bg{1M&};#e+i
zQ~^Ot?7(19SQ`oJhaH{n6>%9qgjrm>IR`7#H?o#Vz$?sI!DMR6Tkjoa#Uha5e?;`H
zj^LBnG{CEdYg12DYNiMfOBtc<TPpr6JmH@~U5!8%tu}w7556+j4gQ3X0Xznquwn=0
zgstN+MK}kA=}eDLppboPSmXq#Np@(ju*@?NL!HDMV%2}e{!jv5+-30gr9RaEiiU1N
z^a3UU%_6*#1cf9>|6@6O91$fbCg>?D;}n<9An?PlNE~_)ZU(w3ZJU0>8I>bIg%!w7
z`g(d2I-bD@4o67*JKV$Jza2`w`3o27w6%a7zv+fh>Q0%$Je)R>IyEKk;0b1WT>d#L
zHRd02JjwEqP_gN&S*y;w|9Xy%b!<)LwUv~VARBpa@#Xa2G@nsi+5d?3NsCV>5p8O}
zkzT7XOI*Y;70Qk2(@E@Hoe1=7)UefY8lD|fzdxEHK+FVUe*Fy&*o23DWA&|-11{yQ
z%LIQuu`==6&THZE`&J6jD&B8>6lm3`HEhkVv;wz@b*IuA=}u#Vme5SZ#%}f+D+v}w
zj;O1pC1KbYb8KaCMa3O2uL0DuoSdL0!n&~xqU$zs+LpH@Up{QT^dV?DFgzKbZ|^j8
z`4$CM<NC<--ydld1`}@dO#&5h2SWaYvb%MSh3<_n;Ce$0b6kpUhwpSMx4=g9qX4^&
ziTnYn<6<Eo8TzwY807^8(Jx-yd(OdHKl-#gqV3ScCe1k{v}Dfzq;%dG{}-i$Q-4fi
zV8&4xj$IcSxlXrj;)4htQz^?==;S~H1UCIAhaxuX<z>cz?1a5vow6K2LZBHDH_dIy
zJ~g36W`%`?E4CWDhlL$OKM?qUvi$D8_-5nue-SVn1GTlaQH37t@ArEl#5vR$U$$Y#
zDp9ChV1D$b=`w33C9<<YpZ^c~#e)9=w}}1<e*R0?N1;JNZW=q}SbzVZni{e6(EP2S
zaP6u;!M<ch_+3FNnMQ57I%lbf{)_v$QVEJyWuoG+sN!C}T!mK^rLkMLsI;Grz3~cB
z5caKP78e&o{RPo^+-kK@GI?KUrt#}5WJ#sCev~`?1f9#Kw&at+>0gm%t(3C4H?~z)
zcH-4#j=B_fyiTA)mB$L^;laV?;<p;~J=VZjD5Gklh+%d^w7Nido&n&(UzVo1SeK0k
zVLEHmI)Zud$pQU{K?Vi}Ln#!Goz@z(ET_KI)KoveB?Gw-M~6yllMUlGSZWjK1of;o
z$wj{~ZsXI!!h?{2HGu0T`kKZNAs|F7Mpb9@Cc+$l8r29jk6PmmoM|6>d6)SeFO^pz
z{H3}TyNpJlym```W+|y@?V8{nt=-pJPS#qr<Lo*qsdNw}usc9Kj7rmTK1zIeB<5yQ
zQ`mCZUklLk5!jpj+x$YDo+40!jiFZspfxBsm<eYqhym)9-cDq;U_=A^QOhpFT-!5x
zB62gD_Ih_6WP^i;fsB=UtYN61OXl`@o|STYhImmTh?K5bVh)MpwSwcYw?&|Ql-;@q
zRHp9mXLfo~glR7eOR-eAA$q(vHWbw`!DV8?A#%g@O$K6P1xTVsc_DeW%BkapRy!tt
z>ocp`&3ejKIE}>RYvlucsbkXpz_-+Nz{H@SAYPw*tlv$}wK88U64c^+$phA$TfFj{
zn)MjQQn1!SxiFhb)ud8fGys~MyG9u6?!u@sSB|DWtRl6|zC*QlU{3GQ^zA2yKTEG7
zsGET3K(#Qbj2AC#K4#Oh#o+(5Zrx*;S%NJCYk_Y$y#j)iUAuO{T%kT*?@^s~!fHv$
zGz9w&r^bL>IA~{PWGnzS5fUmfTf6>@8p@vB*n42p`eJO3lGm3<X{?!@#FZ+{d&<dt
z$V1P}tOM}}a|!J^U@!xfJ+J(Z+{_q%hVX>R@VM*qX2&p_69`xE*^=zz{7tdvN<}a#
z17Mvdyg1<VAN=|up@cf5oWWa;Il>^tej_W134cs<4Om9iqSvN6!s%nor0`BW(dfdu
zOMkHUuk?t@G?qGh7f15tm>tTeKJ9nxB7>v+>-V!r*OAy+__O!8lfiZ8$cWwLbyI}?
z3m!rt{AXHE5DEXcf)YDE6XgQdcfQ?*34}E5|B}oT#Z0wFnVB-Xb}`V?F1cbp#J@I=
z35@Xz*jCBDoak5ayoePSWX!#6S<QJOKmS$I2!8TJ|0^Hba&>*+QYP8O^^Xu8FnUcc
z54B|4jNgBwMx?eYvLxu1>v!&KiqiwWDX%21^iVK^O@K)Lw2XpV5s)d!E|j6rU_|+{
zjiu^K24}Z$ai!xQ_itM(l92N9a@Q}u2i8q0%^v*m1LdIK;Vpd{MLB1FVJ#uJBJPMu
zu1*+Z8G^VGqf3_+;|aiJbc9%EtYK3ABaZ*(JXj+9-*@j<8jgC--)Z=6rV?|G1cYs@
z1$*sx#t)D-kx!5?+Y?9@*}v%#3?aS_eyc=udeEakwJ;~0&=@JZw#@#GU2Kn3{X$d`
zS>IS5RUBusMoJ|pCG`D<^;~V<?OWRGVwJU;O7xu3)EBX_;Yo@PlxaQP-N&@GO*P!m
zh6~t@eZSETGG~!G>uSg#1VDx$9{2XH;^GSQ_pcVFCGDYpz<z*`yc9}DR5Cg{r6Cbh
zmm7UobVQ`_{2%;7sQdl^U;(dUbm}3+lyuyHd`uO6DLU~-&%n0-(R;!Lr{LYY)DLt)
zAGbD7L6hip3`8KJ^DQx}cg^_a-#GsodeR2_T9`1nwJO6>Ll*!z!S$vwMlh4yz1#i9
zjRGW<Y8(7Rchw~t2&JSUBKxfADg6LN93c_QJf!4=$}t*(wzZtwyY~%}&orvf=vZ3l
zYPE=MC$FQpbNFy2Qq<c0kE`kbD#qwZG_BDiESF&HQr7|r0ctRiYA6Z1WMpQN>GvJ9
z{Ewo-bx!ZNv2iObEA3t?bYHiW+#UUzdlA2^_kHG<!&CIp25;aClv}&r;u;F_@-`7F
zBoJfExwy2ov{XaH+95gA-IvD>%*Omu0dH^t%elFqC>FO&4nHUQ>l^Gaghc#)<41h|
zXa6d>Xf|gaN|~yj3{O>0%mqDOqsQR_s`hgnD&)rFUAEMi4Wl{k17h_AbmD~*WZEeJ
z2eGDWyk{HA?u3<H-_bydpm!D?pTQ8kF`dAzCxfLv{VTK+$-Gtu=~n=k)PhE^&aC0E
zklW+{<rIzD9vxcYI5swhh*EnZ3$B=;h{-sih(Ru!J$J6mnYOE%<s~IYo+nn*QHzNZ
z?m6S&;IK}4legj{q-m4$(J}!=J2V>h7}$BD+4l`+YIO#Wp`j#7c#E{WofKb(F~>QO
ztTz@9QdZ8rAMz_-QFA1FdV2@V*mw=4kUJ~3?M(>&&xy%7Z&C1m`k)QW{1~kdTQX4G
zD5fAX>~Qo6=V&mxT|2t#t*$>7mfWShhZx8-F~71uP=lU2K!XFkXD|<uk~7Orxeh=Z
zSarhHGTB9R<-pAPlxZ^K?S;qphxJV5CG6!KN>B9*43vawebd3JyFa7rRL%>Dh@^*<
z(XVe*;zw3QBpI`3Cp!;RT)lb~;x!9X`GFhkVS-XlGw4N>h<1~ikkO5l#NeS*A6`7m
z&emUI15Br*mGTX(8%Te-2fFn~;<P!0d4+v7bK=P$h|<UjZ?8x-5gR5Ozh}?|cM!^P
zsE+QYni=MzkLK%Fiz3}6TL>)xa{Pi6N<*eYT+IZ_dWCR5fV~M}-kq9SV<FMo^jy7&
zQrG?7N)desEC?ayk*Q@H)|_IlF1atXUS)vr4SJmhNi`OW{CKlNy#cg!emjzkat*b#
z2BC)o3MxM_34K*e%ZPtaQ<*DyL9)eZc9o#W#IL8g+$uq*I~lR__%t?YC`3~~Xor3c
zTDEhFb36VX_!c!bcyeD~$R8RQs2xWix#KpmcKh}hSdZ3^{Py8QnFbtghq53{Gzd<n
z!zDHJxNB1>690QGohdqHht$*prH=L~Kpu)NO_X^j7!1>EW3*E^;f`=<M2-o_grz!O
zDqax~9DJ<QNKX%*-RdxLEu6o^#k6c}LA8~;f(P39AaFD_M=vBy$Wj|)9F8KkCr{-|
z59swP2wMT7g1+)%7;0%7=G>iv4(u56Iyw*waROd+{1O&-M@47tg~dl)d^{bZC)7<R
z8GUXQ)Aoovq8{s>f}4n}hLf_hDGlC2+b{mydgIL-INbu9+d<e0i|RLHPNKhq@&8H;
zFYDTWW+%av1?=FO`lNd9FESnlC^iY5BpE>nR8ky%*MWb71lCOQC8+5CmaBAb1j0ku
z{1+&J${@Gy>fbnEd9<-u2>LXSOYnk-`^80BUW2h!1W}MN-by$X`$|E+#KzO^&r}9B
zii+Z#H#4|l%t!&6&L`w3EQ;HbKrMhxKMn~&)m#pwpKV2K{5~#u2%Ou^r()6+>THeX
z8kl$K){7S}Hq0gjEir$?gF4yP60m4iI<oWrzP9>h(Sd$`eqX+Pfd&Q!Y-2xv9$dw8
zcG|ON+Kt)R8rfOB_JW_Wad9arDX7r_u(H+qo^E)fSL$qnKEb`L`j!h%WkG?Uu(0<p
zPT*I~ZvjdL*k4gvXORrRV?<e{9qcCL4L*u%Z%qF!(;!WOi?VHwo<2U8xJZZjs_dcV
zh%R&`K4~RvuiY~N3d<-gkaT)KI?X7b+!40U{)cqbiL=V<>}FzZxz~AA&n0EDOuCI<
z&2mq~>{>*6<-UkyfaXH$b;O&!vgE{1m1F-8yY7w(*NaPGp8flkPJ~@IdD?DW0*QXU
zY*(KcDPCzqYE7MvkN9gm?H)avD=1ucJT2aggZ;U?=aswmOg=(hl{?WcS`ohEv$37!
zZa7O04-F;6#!{c=!n6{a3J~KFeAR~&Y#VYC-BS2N9_XkGk+!yS;G<IS(RH7nYKz^}
z2GbZd$T2~Thslk5D*11K^TshP*fpw#NhN5AYYLUSrn!)(-G2Z{%~v!uQc}`ug%yY<
zC4!(H#omslrMa_b0}m12nnfmKMRY5_x@hjQZq!J-J3H%NUb@hJTv0LKeHzDy4<E4p
zu?q-?o&gh#=CcyT+EAhuwv8<w`ERD7yDUZpI>vn+Q^kieZ!K+Y9D}F|JqSXj(w>};
z7Vpgx7}N$|Xijn9&po5?fKXhOffa8$&0*mUM~Y6wS~ye^k`6stVPPAzV>>RoKbb-t
z*>;x^DnG7tB1GP85`ESIH-489{N{_Z^%sWnbiL@%sZznE6?}Zh^!0_0uLb9Vmf6hp
z&<N6C+BbF@%sh5oWt#C;9LY$iKhYS)LJ!+2W%lD()~zx!V>q5PDk=)-EH%V;30ia_
zt9ZpKu5iw?N!PQ^jdwBurwY)bZGMQQ^w9B;&a$IbypGn6ivb+#f2^gW)6v<f4p-;i
zX{qDF#HnQ_xn?D<n|Z#LyfTPE)2()5h9{^NSR6#B)B3O}b_|)CnzG6XU8WoDaR$=^
zUXA@IWn*c^n~U@MfQ=)sM&Hy|^bIQS5EZR3Q^et{5|jhn&uGM;eq3Cnz}90xMS>09
zIwx{WIx8Z5Og@3E_P2DxV^(GFukqZ1LwMkUi4##*$Xz@SLS0jo!)agwMdllgX7YN`
z%{1Ztii*n91KywtfVQ3obx1+aLkx$Gd1ajCL4V5i5N(h8dU`PdQO5TBxCaXNh1u3M
ziiQoLl@yM-am&z0pMc1pZ;`%sR&u#|oX!z=yDs75YeFK`+S&@G4Q-cun$<cC(C*<l
zFPD$q3IrWiQqrB(_tO9D!Gkwlo)w1YIejwu;09}fD199rGwHS8qObfCN1VO+PCiWz
z7SH&^_V#wv-A)2M4C$1L-j9%V*4%{SU$fKe8T3`_6Zj!expP*Y%QJ}}>rYB#ErgF3
zam(fw-39qT^&|7|rV3P6o$;7OI>+hmZ<Z^=%=Z|5i<L%r$!bD~ppDL{8B07Jp%LN5
z8;k8DDgps(py$O_3h9A{hHvSS3c4WANj4bSx?+CEke>{|gC1y#qeoW=2qZ0ihzWJ_
z#EJ6yyTeT%Dv3%#Qk+s@IArjQ6v~S2r;Q=>jL+~5HRuFTt&Xj&!IVB2kPsgqK<|WW
zRvgE{VGgp49ep8o9g8v=;eUq&aWtmm`dvShKLJEk>D|!KMgRtf7-+S?8HHej7GAsd
zQ6x<rr)m}D<(a~pz9SI67tkStW9lCn3D)^`b)%B#Ka>b%3zYnvaeS~#?cFP5Kk{76
zi1Xx#y3#`9wUSwK5Tg;_676!(XlG?+;`}Qtthz1|w(gl1SzD3OK(@HrhHBshZ^gA0
z{~@_g6Ttp_pUW&4+>06nWvs|}H+t68E?s#gg)$_427dx)0eC?{Zvuh%9Bl1lV0<gN
zNT+Yn&2iY>CA2`@M~lbfm*{xH2^ve`$_B^dKoj|)y%aEfx<2UaB&^!-%OR6ol*du*
zNMfp4q12atB5&>{A%S}I`=JUMz`qHrRItqT;p4|&Q20A?`t)hA@c~2~YssorhB%=j
zg>`ac!s_vumUjv4bQ>Pb<KS|#oK6*8euo2}BCu^^>jh<%GI{ehD<+yFe<z;0#NL&+
zTMi%D7(5N)zxgvce*B6`l`<)mSfu;V16oM*&!0wG@qOBTArjdZ(bAn2%kJly%fE!x
z2|L(WFc8r2AfhQA$li$u0i*D{fq%X7&d%@CNl3i$h6s+oBN&b?oC;jOKCW_tcIQ;v
z^xgYL2dg=Xid2?wQMN3p4&O1*^mFlD%OXEhh`gRACU&Sz%TnD?o$nL&b#C}Ya`yRe
zZ?3t4B=6+%3W~rtS#ScS;-qXp9j!rIr6R5kPewjAJwI8n@Z<92?pj@=o#(&LIK|UR
zITR^;sXed;wLQaBK#kqUq}?W`=PRmqR98inI2*l6yap%al+=K46QelDD4|VZ9&iA3
zFZRhxNR_RA{=s5fPl!>ztbaW|-EsW}k&d#eD;r)G5Z!~o*!zh#e}JR|!$KQ3q7i`*
zn%RQ?LNJ8=e%t{3f|}11@Z;cOYvf?y!E5@Slu*HX4-E`hx4hh?z6gVQuMjOLzKrwl
zA99-HVuHbg8Nw?fpkjaZ^7Pc`k{|uD)Z_JEOoTV>{!jO|o%HkfuQf&2g)@kNNIrmq
zZA9(=<eKpZrY7>h?NwEp-8>H;Jz69n7cUp!jCy^v$OU@Cw#XHKzBbP!7n}kdEk4IY
zM>e9F5{`3G<$ne8Tchgt082(JH=x!Oxkvd@4&3z(gb#tLiTrkr;jEtYCiqgHFti8p
zam+45;nI27hCrLD9x74v_U%bXlax)70hB$u-@J7W$zm-{y?nZljN6gKgoRBBZYW(@
z%%de`e2gutg+LIJT=0;CFmMQVE+aDbRjcfFnS*o(UI;v^rA3^diz!uk9-W2NtM|Fu
z83-)iRughVO{(chb*oFSS6-V#i80iI%~>PvW8ZzGrHb25W&1v;gL(O7clTG<i(SVC
zAi1T`>wD$xGTL>VkE2~Y{z&x8vu`5dDIlRf3{~VYSoWjsSET;#UXU3WvcTNiE4Hl>
z6zqhks|6jV;5XK9+&l!7H8eQ*0q6inHjJYO9gS+%z%E!877bwOYnVOH?MsE8+m-|=
zQz^}P)@h9`6CIwT15EREsAe8{`O+1Y=f~uM{*sb10Y64-DNYny#_c*VIZl~uTmES2
zl2x611t_C4Xnk%N)U{$_Rgdx^8_2QmJT#>4_XD>T&a_p?ZUDj`K3p@T4x>ijFF6z#
zsZwiDkz>A|C4i-R|9DD^brQq&OW}B#&;jq8lO;wUwax^5eNH0HFIU>XN9%wF{*cD8
z$h)tu>}_*SNyD>6s31NS$+By%+u65r!w`nk+v~!YhG%OS3MM#gHV~aXUMkTqFL{_$
zcbrUv`JZ*`tM9n|wJq{EiLHZ+>yow96K8|Xwj!qX4bkGcbvmhz(ap>!c7+dL>WU^o
zp-OI6cAex@ujpm=F}dO-kw|BaeDv*l3-#_6J*wEcb*c%z9BIejHjT~t;G%BZd)pzb
z$koD|9<6#~5vA+>XU75F?%?+2M$3R^BX`(qL>wsYU&DmqZdABmzZH&8YF{A46fqbx
z_tL(0qvcF@LIebj)m3#}gImd`v`woTuO5;&lY`}rvudd*Dj};qG(+@0mft?NsU#>0
zXF{fe`Lb@=^0B1uLTt-6+?;IefUV&Kbh_2rS_!F$kYr!Zh!S)1fo9A?<u`9;+BJ_Q
z&eu5<zR`K&hoGRktEzzx_lL|Oil4p7_vL)!ZW~nZJ<h#3|K7TvISj|!!fTjgW5YVn
z{X#|~h1WA9<qS5wjUVsjlf2;gus>QY%<-v;ZBr0v#b^rSTt_|aR(bFC{*VgzaElmC
zhC2V8s7+cWX{4OK(StZ}vEUBH-`D8)Cuz+`^N+Q=tGH-Q#@fHyGIuQNt%JM->%c|1
z8W+9d3-4sBCPpj1jkL%gn)~fr*!sVUj`e*h8o;q@>%C)k<@Y?lkYJRHPWCD|z2U?~
zx}&mGQ%uU72<exjXx3_d_wGw}b_(@+Pm>c9GnC(X(MS7=9Ez)pzIjV6w^dI}`B)Lr
zMn|%WV0>w*H!_M|=#+owj!}+Fj?VeJXFTVJ)tCZrM^7q^!tPn&`hu)uGo`yICO@O>
zOn-jInVkZ$ZZhY;KOSp;p4FRqfd6Sxs$&l~gN`Xwu5-?@z?UwlA-?e`Gs8YO@P@Ci
zMwSyZSYe)NH=p$6KH873U!Q5NkhJpd56m^lk_*y^Xy&lfsBGb<3h?e6kD-jNl<r+U
zP@hp2+|GB(Mk04`OUfqE$(?=KDjy$P<$Otfuy1W(e}vOQ|ENLvuNDKlPW(7*zI5U6
zNurEFzv+-OdEqcaUNYg5wDp6YUA21h>@yb)s4cV<F7&`Q<}&Z8Y95~M4M(KGYFVBJ
zhrW;dM%QVB>MBd(X<TV(xuq)2`uXRAikN}U_6Y6eKL+V`j4ZigN~Xg=CAqkx&SC04
zpHEuuvAPW#ir<x$ir|U1sH&<)$~a^$i*)JA;G7q9@ObZs;K070Wns?`#=Mtr<>q8G
z<G95iR7%FGU3S5Rk0-UeO-G@~D4_(*SPy~G!$(zH3d3q976?fyL%UzzArP)3nANw~
z>xN8NrSs=7b#b!^L*9vQBlSx|wbF9q^nm6F?Yc+w`{gg=nyMO)L=3SHT&!6?UX*H9
zcD-O#*zng!xi}<Gk5S$1v?%xt<VK?k3N75r^lLIc-)vS8CJtPbZ+5XZA6OhX`q+O(
zTD~)RpxZ{l+-YU0tJ`Qvm^^dT%}Dj0WcT{^#+bap*Ry6#=NMNy{=Ic|anyCEmNM;^
z{c!wXWMs_Zmu+=uB5vZ=@lBl0mx`^oOPqTpFu7Hi5m#Pvwm5(}UZpbc@m4IHK`HX<
z_+!$GhL~q;HmsSobA1Fo+HP;B&#7&Q$8H!jf%C>!;?)=w-hvhnsgdRhw|JXg)||Ci
zK<fj*h(5#xlLbB{B^48w(e?nS+e8c}LOV$$UdeHoEsfsZ*&Cq5sChUhh=U0xCgv%R
z3NRbmp=l+*YZIqv>M$kFS$y$ZFJvo4ohCmJlfo6zjMQ(Fh{*F}qHhlywS0spr*DEq
z^PN3r=a~$3>^l$it?uSw8+Z9qXgLt}vSC;2ZTfA6Cd5TzucKT%Tl4nq09L4@QP57O
zNq~!^IF3=L&Txn$#BIE(rK}|xMa=b|LzoM1HILk^JEm>E6hayYVlrl32yS%TL|i7b
z<kw~Xpy9B?b2u{-)Upx0k0B!U)HPJXSyG-wCT$@kcg12?88_bTmC44h{i>r&&YqR)
zsuz9dOOH;wc{K-TA3*j!UK5i9-?2D1<XZ7|&9dmRwx=I`57B4Fna}dT?S}2@nu)bJ
zhEx02&+%D6|N9um_jGbpsr3lYlDRWaY+JuhR?d;`aWY@_ew{b3WCwcrM~9N4V<jCI
zy;z%dvRMjueA9T*;46-$nwo}b<J5pnTazi-*@5#~yPo%bQQLe<duT!2WQ&h1ivJ&z
zKiSR+>dR%u*eEb}Jsi@hrCs%)sZ&EFK7W0`S8w0hv$3!Lqj5td&!wf-IdxczY3#=U
z=x@R40R5OfrKj%N{!sWxOJNdcy8BNfsf9D3HI&AdcPPTnciIunDzO7pO5K{`h&mkF
zkoDpmcn$q$Z4My?6ONn2;?LOIcQ>Xr<&4}WcKj|%kf@v5sOfCIV&9hY=#;P)lF1sV
z&$aWr2W9U8FTR3fHTB^M<xIM{{P@IxIQf8f#_WvK$8V9vPknp{L1$RY%{RT%oJ^eJ
zn-quleKyT43lncw=q|i4nzy{Ogzw0tq|wD9zd%X(SFI-)e2e;(bzDE~7K_Xd9%@;O
z=oX>29dbyI1p;zy=}jMY?aI2tH&QvtDCnw;I@*^tDl0X@zJAS=mT%R0_MIEP85N3b
z9&;=Y&(LRZxX&zgE!$apadxbm^_XotRCM`yjN;KIrQv;-r~*sjXiYV0*4AygCuyBt
zuC5(h9do4fh~{=sT_B&%oVk<DoQy`hqp4}nf_Z$~oq9_W%v#Y(4x_}aVbWIw;Y7tk
z%YC_wdN=+?+_zaqbxAqtW8Fy^L-R<fHT36a+j-|41c$U|4`aFT(T79VQn{s(0hX7Q
z!9~b+%fmE6y@i&?0h8Q3uVBkdWfd+mE`v2Vto6Jy>Hamd-vBkWnXVfb*&dhl@^c{3
z&Gieo68X#2Phc)bsV!GHi*Dz}iyBTu>Pr0r;y}`s{nVBc(dg}G{nbrDg`oSCUwzJ>
z&%dD>+4UBj%8lsxt}bZ1anq(xo2HQp0ARc|7W<C|_))`0IO*gUTSKH(R6?+oK=~K4
zd<%K^@KOk{R~Eda>%K1GC0TXj@X9dhK4Y7AgOrxlrJc8Fr{4)BWxI6M=w_Re-wife
zTT@d~oZmk*HNlC}heVDI$4**j#?y0|@*V;s9PTndJLOv#&3$HD$N_I^@}s|eiGuJ(
zDnvDVlX39;Or69D@xIWY?=KB;vUK0TEd{S4*Ao?yZaCXrdHhyOU_d|=<<c;Z`b;97
zOKqhSZk3&-A?VGp8>$nHiqb8oh*p%AD&we(uDGQ08;F+?`C%SdIwNP(y#Dqi!VDT_
z`k*XoQHOJ0$a;yksXUicEGO}QWJ!1sl~p_lfPe>)91<xdS~Q9Ou*?bYudU2Dl4aX#
z95`2UWr$i`zW5B{X;i9LzH?w@od5Xyf4()rt`o0jNxbpzf4w_9XC?Sq*0X=4v+O2O
z{Fc==iGNwLI{eF02;$$VZ*Rd#t1uDUg$qV6(#lJCf@BdvQ(t4Gsab^q$rxl^V}jH;
zP7z9lU*}vD_f^%^JLeFubgv6yzz$5%SN+mG0}liiJjlp8Ku-aPoYV-3jGTm5-VX`l
ziQPzcmV8f@`;-Bg4}c%ZdJ790Es0gB*XvHgH$XU-<n@u|A^reLLke-8{aEf-6b8&H
zBFmEGSa0N2>bj(JU5!#|%Fa&YcDUp323Ui>MRZ&#-2ZTAYbok*ZZPJ<3c}<5dQ%))
zUAGb@-a1}b(Bp92Xw@VB!ac~BvF?r1-MF_`;B-WLeo8={U`t8cFAU=ZA2%FL6tUds
z*$D-Z`V|XUPn;U|Z`klDAyP;Q^9QTk*@gJ^E1nd}jC6Q^k1@#}s8{{$EL^ac^_A2j
z2xoo1&B;pMAE>7Dz~11oooFq<;~&h!Kks70cjmPCl9LIR@w{ckOO+H3?N8imeC7WD
DYnFjH

literal 0
HcmV?d00001

diff --git a/docs/arc42/main.md b/docs/arc42/main.md
index ba5f7fe2..67422f20 100644
--- a/docs/arc42/main.md
+++ b/docs/arc42/main.md
@@ -177,6 +177,72 @@ group "Create Wallet"
 end group
 ```
 
+### Issue revocable credential
+
+![issue_revocable_vc.png](images%2Fissue_revocable_vc.png)
+
+```
+@startuml
+title issue revocable VC
+actor User as User
+participant "Managed identity wallet" as MIW
+participant "Revocation service" as RS
+group "Issue VC"
+User -> MIW: "/api/credentials/issuer" with revocable=true
+alt "If revocable then get issuer status list"
+MIW -> RS: "/api/v1/revocations/statusEntry
+alt If status list VC not created?
+RS -> RS: Create StatusList credentail
+RS -> MIW: Sign new status list VC
+MIW -> MIW: Save status list into issuer table
+RS<-- MIW: return sighed status list VC
+RS -> RS: Store StatusList VC in DB
+end
+RS -> RS: Get Current StatusList Index for Issuer
+RS -> RS: Incease statusList Index by 1 and save in DB
+RS --> MIW: Return Status List
+end
+group "Create and Sign VC"
+MIW -> MIW: Create credentail
+alt "If revocable then add status list"
+MIW -> MIW: Add Status List in VC
+end
+MIW -> MIW: Sign VC
+end group
+MIW --> User: Return revocable VC
+end group
+@enduml
+
+```
+
+### Verify revocable credential
+
+![verify_revocable_vc.png](images%2Fverify_revocable_vc.png)
+
+```
+@startuml
+actor User as User
+participant "Managed Identity Wallet" as MIW
+participant "Revocation service" as RS
+title Verify VC with revocation status
+group "Verify VC"
+User -> MIW: "/api/credentials/validation?withCredentialExpiryDate=true&withRevocation=true"
+alt "If withRevocation then check issuer status list"
+MIW -> RS: "/api/v1/revocations/credentials/{issueId}"
+RS -> RS: Get Current StatusList Index for Issuer
+RS --> MIW: Return StatusList VC
+end
+group "Credential Validation"
+MIW -> MIW: validate status list VC
+MIW -> MIW: Valaidate vc index with encoded list of status list VC
+MIW -> MIW: Check Credential is not expired
+MIW -> MIW: Validate Credential JsonLD
+MIW -> MIW: Verify Credential Signature
+end group
+MIW --> User: Return Valid or Invalid + Reason
+@enduml
+```
+
 ### Validate Verifiable Presentation
 
 ```plantuml

From ce29cb8287293a88745ec2c9bbb5d938564c568a Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Fri, 14 Jun 2024 10:14:03 +0530
Subject: [PATCH 04/48] fix: docker context path

---
 .github/workflows/release.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 1751418f..f4d31cbf 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -171,7 +171,7 @@ jobs:
       - name: Push image
         uses: docker/build-push-action@v5
         with:
-          context: .
+          context: ./miw
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
@@ -222,7 +222,7 @@ jobs:
           # Package MIW chart
           helm_package_path=$(helm package -u -d helm-charts ./charts/managed-identity-wallet | grep -o 'to: .*' | cut -d' ' -f2-)
           echo "HELM_PACKAGE_PATH=$helm_package_path" >> $GITHUB_ENV
-          
+
           # Commit and push to gh-pages
           git add helm-charts
           git stash -- helm-charts
@@ -230,13 +230,13 @@ jobs:
           git fetch origin
           git checkout gh-pages
           git stash pop
-          
+
           # Generate helm repo index.yaml
           helm repo index . --merge index.yaml --url https://${GITHUB_REPOSITORY_OWNER}.github.io/${GITHUB_REPOSITORY#*/}/
           git add index.yaml
-          
+
           git commit -s -m "Release ${{ needs.semantic_release.outputs.next_release }}"
-          
+
           git push origin gh-pages
 
       - name: Upload chart to GitHub release

From ec8bb008746ee901acccc8eaccda3e5793aea775 Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Fri, 14 Jun 2024 18:46:23 +0530
Subject: [PATCH 05/48] feat: revoke API, revocation support in issue VC API,
 wallet-commons module for common classes

---
 build.gradle                                  |   5 +
 miw/Dockerfile                                |   2 +-
 miw/build.gradle                              |   4 +
 .../ManagedIdentityWalletsApplication.java    |   2 +
 .../IssuersCredentialControllerApiDocs.java   |   7 +-
 .../apidocs/RevocationAPIDoc.java             | 159 ++++++++++++++++++
 .../config/ExceptionHandling.java             |   4 +-
 .../config/RevocationSettings.java            |  11 +-
 .../security/PresentationIatpFilter.java      |  82 +++++++++
 .../config/security/SecurityConfig.java       |   6 +-
 .../constant/RestURI.java                     |   2 +
 .../HoldersCredentialController.java          |  53 +++---
 .../IssuersCredentialController.java          |  63 ++++---
 .../controller/RevocationController.java      |  75 +++++++++
 .../controller/SecureTokenController.java     |   2 +-
 .../HoldersCredentialRepository.java          |  20 ---
 .../domain/CredentialCreationConfig.java      |   4 +-
 .../domain/PresentationCreationConfig.java    |   2 +-
 .../dto/CreateWalletRequest.java              |   2 +-
 .../dto/CredentialVerificationRequest.java    |   4 +-
 .../dto/CredentialsResponse.java              |   2 +-
 .../dto/StatusListRequest.java                |  16 +-
 .../dto/ValidationResult.java                 |   2 +-
 .../exception/ForbiddenException.java         |  62 -------
 .../exception/RevocationException.java        |  53 ++++++
 .../revocation/RevocationClient.java          |  95 +++++++++++
 .../revocation/RevocationClientConfig.java    |  43 +++++
 .../revocation/RevocationErrorDecoder.java    |  62 +++++++
 .../service/CommonService.java                |   4 +-
 .../service/DidDocumentResolverService.java   |   6 +-
 .../service/HoldersCredentialService.java     |  34 ++--
 .../service/IdpAuthorization.java             |   8 +-
 .../service/IssuersCredentialService.java     |  70 +++++---
 .../service/JwtPresentationES256KService.java |  14 +-
 .../service/PresentationService.java          |  20 +--
 .../service/STSTokenValidationService.java    |   4 +-
 .../service/WalletKeyService.java             |   5 +-
 .../service/WalletService.java                |  26 ++-
 .../service/revocation/RevocationService.java | 125 ++++++++++++++
 .../signing/KeyProvider.java                  |   5 +-
 .../signing/LocalKeyProvider.java             |   2 +-
 .../signing/LocalSigningServiceImpl.java      |  19 ++-
 .../utils/BpnValidator.java                   |   4 +-
 .../utils/CommonUtils.java                    |   5 +-
 .../utils/CustomSignedJWTVerifier.java        |   4 +-
 .../utils/TokenParsingUtils.java              |   8 +-
 .../utils/TokenValidationUtils.java           |   2 +-
 .../utils/Validate.java                       | 154 -----------------
 .../SecureTokenRequestValidator.java          |  14 +-
 miw/src/main/resources/application.yaml       |  20 ++-
 .../PresentationIatpFilterTest.java           |   6 +-
 .../controller/SecureTokenControllerTest.java |   8 +-
 .../did/DidDocumentsTest.java                 |   6 +-
 .../domain/CredentialCreationConfigTest.java  |   4 +-
 .../service/IssuersCredentialServiceTest.java |  22 ++-
 .../STSTokenValidationServiceTest.java        |   2 +-
 .../utils/AuthenticationUtils.java            |   2 +-
 .../utils/TestUtils.java                      |   6 +-
 .../utils/TokenValidationUtilsTest.java       |   2 +-
 .../vc/HoldersCredentialTest.java             |  16 +-
 .../vc/IssuersCredentialTest.java             |   7 +-
 .../vc/PresentationValidationTest.java        |  14 +-
 ...eCredentialIssuerEqualProofSignerTest.java |   8 +-
 .../vp/PresentationServiceTest.java           |   6 +-
 .../vp/PresentationTest.java                  |   4 +-
 .../wallet/WalletTest.java                    |  32 ++--
 revocation-service/build.gradle               |   8 +-
 .../RevocationApiControllerApiDocs.java       | 128 ++++++++++----
 .../revocation/config/ExceptionHandling.java  |   2 +-
 .../config/security/SecurityConfig.java       |   2 +-
 .../constant/RevocationApiEndpoints.java      |   1 +
 .../controllers/BaseController.java           |   4 +-
 .../controllers/RevocationApiController.java  |  20 ++-
 .../revocation/dto/CredentialStatusDto.java   |   4 +-
 .../revocation/dto/StatusEntryDto.java        |   4 +-
 .../services/RevocationService.java           |  64 +++++++
 .../revocation/utils/CommonUtils.java         |  53 ++++++
 .../src/main/resources/application.yaml       |   8 +-
 .../revocation/TestUtil.java                  |  14 ++
 .../config/ExceptionHandlingTest.java         |   2 +-
 .../RevocationApiControllerTest.java          |  18 +-
 .../revocation/domain/BPNTest.java            |  19 +--
 .../revocation/dto/StatusEntryDtoTest.java    |   6 +-
 .../dto/StatusListCredentialSubjectTest.java  |   2 +-
 .../revocation/jpa/StatusListIndexTest.java   |  16 +-
 .../revocation/utils/ValidateTest.java        |  49 ------
 settings.gradle                               |   1 +
 wallet-commons/build.gradle                   |  43 +++++
 .../commons}/constant/ApplicationRole.java    |   4 +-
 .../commons/constant/CredentialStatus.java    |  15 +-
 .../commons/constant/RevocationPurpose.java   |  32 ++++
 .../commons}/constant/StringPool.java         |  18 +-
 .../constant/SupportedAlgorithms.java         |   4 +-
 .../constant/TokenValidationErrors.java       |   2 +-
 .../commons}/exception/BadDataException.java  |   4 +-
 .../exception/ForbiddenException.java         |   5 +-
 .../commons}/utils/Validate.java              |   3 +-
 .../commons}/ValidateTest.java                |   5 +-
 98 files changed, 1445 insertions(+), 657 deletions(-)
 create mode 100644 miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/apidocs/RevocationAPIDoc.java
 rename revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/PurposeType.java => miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/RevocationSettings.java (78%)
 create mode 100644 miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/PresentationIatpFilter.java
 create mode 100644 miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/RevocationController.java
 rename revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/StringPool.java => miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dto/StatusListRequest.java (80%)
 delete mode 100644 miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/exception/ForbiddenException.java
 create mode 100644 miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/exception/RevocationException.java
 create mode 100644 miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/RevocationClient.java
 create mode 100644 miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/RevocationClientConfig.java
 create mode 100644 miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/RevocationErrorDecoder.java
 create mode 100644 miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/revocation/RevocationService.java
 delete mode 100644 miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/Validate.java
 create mode 100644 revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/CommonUtils.java
 delete mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/ValidateTest.java
 create mode 100644 wallet-commons/build.gradle
 rename {miw/src/main/java/org/eclipse/tractusx/managedidentitywallets => wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons}/constant/ApplicationRole.java (92%)
 rename revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/ApplicationRole.java => wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/CredentialStatus.java (76%)
 create mode 100644 wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/RevocationPurpose.java
 rename {miw/src/main/java/org/eclipse/tractusx/managedidentitywallets => wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons}/constant/StringPool.java (93%)
 rename {miw/src/main/java/org/eclipse/tractusx/managedidentitywallets => wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons}/constant/SupportedAlgorithms.java (91%)
 rename {miw/src/main/java/org/eclipse/tractusx/managedidentitywallets => wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons}/constant/TokenValidationErrors.java (94%)
 rename {miw/src/main/java/org/eclipse/tractusx/managedidentitywallets => wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons}/exception/BadDataException.java (92%)
 rename {revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation => wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons}/exception/ForbiddenException.java (93%)
 rename {revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation => wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons}/utils/Validate.java (98%)
 rename {miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils => wallet-commons/src/test/java/org/eclipse/tractusx/managedidentitywallets/commons}/ValidateTest.java (91%)

diff --git a/build.gradle b/build.gradle
index 34271e88..a0a9fac8 100644
--- a/build.gradle
+++ b/build.gradle
@@ -65,6 +65,11 @@ subprojects {
 
         testCompileOnly 'org.projectlombok:lombok'
         testAnnotationProcessor 'org.projectlombok:lombok'
+
+        testImplementation "org.testcontainers:junit-jupiter"
+        testImplementation 'org.junit.jupiter:junit-jupiter-api'
+        testImplementation 'org.junit.jupiter:junit-jupiter-engine'
+
     }
 
 
diff --git a/miw/Dockerfile b/miw/Dockerfile
index 589b41d7..c92d9245 100644
--- a/miw/Dockerfile
+++ b/miw/Dockerfile
@@ -27,7 +27,7 @@ RUN apk add curl
 
 USER miw
 
-COPY ../LICENSE NOTICE.md miw/DEPENDENCIES SECURITY.md ./build/libs/miw-latest.jar /app/
+COPY ../LICENSE ../NOTICE.md ../DEPENDENCIES ../SECURITY.md ./build/libs/miw-latest.jar /app/
 
 WORKDIR /app
 
diff --git a/miw/build.gradle b/miw/build.gradle
index 7e4239c0..590d9f2f 100644
--- a/miw/build.gradle
+++ b/miw/build.gradle
@@ -40,6 +40,10 @@ configurations {
 
 
 dependencies {
+
+    //project deps
+    implementation project(":wallet-commons")
+
     implementation 'org.springframework.boot:spring-boot-starter-actuator'
     implementation 'org.springframework.boot:spring-boot-starter-validation'
     implementation 'org.springframework.boot:spring-boot-starter-web'
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/ManagedIdentityWalletsApplication.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/ManagedIdentityWalletsApplication.java
index f67053ad..9fc948c8 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/ManagedIdentityWalletsApplication.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/ManagedIdentityWalletsApplication.java
@@ -24,6 +24,7 @@
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.context.properties.ConfigurationPropertiesScan;
+import org.springframework.cloud.openfeign.EnableFeignClients;
 import org.springframework.transaction.annotation.EnableTransactionManagement;
 
 /**
@@ -32,6 +33,7 @@
 @SpringBootApplication
 @ConfigurationPropertiesScan
 @EnableTransactionManagement
+@EnableFeignClients
 public class ManagedIdentityWalletsApplication {
 
     /**
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/apidocs/IssuersCredentialControllerApiDocs.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/apidocs/IssuersCredentialControllerApiDocs.java
index 6f8571ef..5ad56101 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/apidocs/IssuersCredentialControllerApiDocs.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/apidocs/IssuersCredentialControllerApiDocs.java
@@ -615,11 +615,12 @@ public class IssuersCredentialControllerApiDocs {
             +
             "Setting this parameter to false will result in the VC being created as JSON-LD " +
             "Defaults to false if not specified.", examples = {
-                    @ExampleObject(name = "Create VC as JWT", value = "true"),
-                    @ExampleObject(name = "Do not create VC as JWT", value = "false")
-            })
+            @ExampleObject(name = "Create VC as JWT", value = "true"),
+            @ExampleObject(name = "Do not create VC as JWT", value = "false")
+    })
     @Target(ElementType.PARAMETER)
     @Retention(RetentionPolicy.RUNTIME)
     public @interface AsJwtParam {
     }
+
 }
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/apidocs/RevocationAPIDoc.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/apidocs/RevocationAPIDoc.java
new file mode 100644
index 00000000..ed03dbaf
--- /dev/null
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/apidocs/RevocationAPIDoc.java
@@ -0,0 +1,159 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.apidocs;
+
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.ExampleObject;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+public class RevocationAPIDoc {
+
+    @Parameter(description = "Specifies whether the VC (Verifiable Credential) should revocable. The default value will be true")
+    @Target(ElementType.PARAMETER)
+    @Retention(RetentionPolicy.RUNTIME)
+    public @interface Revocable {
+
+    }
+
+    @Tag(name = "Verifiable Credential - Revoke")
+    @ApiResponse(responseCode = "201", description = "Issuer credential", content = {
+            @Content(examples = {
+                    @ExampleObject(name = "Success response", value = """
+                            {
+                                "message": "Credential has been revoked"
+                            }
+                            """)
+            })
+    })
+    @ApiResponse(responseCode = "404", description = "Wallet not found with credential issuer", content = { @Content(examples = {
+            @ExampleObject(name = "Wallet not found with credential issuer", value = """
+                    {
+                      "type": "about:blank",
+                      "title": "Wallet not found for identifier web:did:localhost:BPN",
+                      "status": 404,
+                      "detail": "Error Details",
+                      "instance": "API endpoint",
+                      "properties": {
+                        "timestamp": 1689762476720
+                      }
+                    }
+                    """)
+    }) })
+    @ApiResponse(responseCode = "500", description = "Any other internal server error", content = { @Content(examples = {
+            @ExampleObject(name = "Internal server error", value = """
+                    {
+                      "type": "about:blank",
+                      "title": "Error Title",
+                      "status": 500,
+                      "detail": "Error Details",
+                      "instance": "API endpoint",
+                      "properties": {
+                        "timestamp": 1689762476720
+                      }
+                    }
+                    """)
+    }) })
+    @ApiResponse(responseCode = "409", description = "Credential is already revoked", content = { @Content(examples = {
+            @ExampleObject(name = "Credential is already revoked", value = """
+                    {
+                       "type": "about:blank",
+                       "title": "Revocation service error",
+                       "status": 409,
+                       "detail": "RevocationProblem: Credential already revoked",
+                       "instance": "/api/credentials/revoke",
+                       "properties": {
+                         "timestamp": "1704438069232",
+                         "type": "about:blank",
+                         "title": "Revocation service error",
+                         "status": "409",
+                         "detail": "Credential already revoked",
+                         "instance": "/api/v1/revocations/revoke"
+                       }
+                     }
+                    """)
+    }) })
+    @ApiResponse(responseCode = "403", description = "The request could not be completed due to a forbidden access", content = { @Content(examples = {}) })
+    @io.swagger.v3.oas.annotations.parameters.RequestBody(content = {
+            @Content(examples = @ExampleObject("""
+                                {
+                                    "issuanceDate": "2023-12-26T10:58:02Z",
+                                    "credentialSubject":
+                                    [
+                                        {
+                                            "holderIdentifier": "BPNL000000000002",
+                                            "id": "did:web:localhost:BPNL000000000002",
+                                            "type": "SummaryCredential",
+                                            "items":
+                                            [
+                                                "BpnCredential"
+                                            ],
+                                            "contractTemplate": "https://public.catena-x.org/contracts/"
+                                        }
+                                    ],
+                                    "id": "did:web:localhost:BPNL000000000000#6b680abe-8869-435f-9d83-ad5ac336b8da",
+                                    "proof":
+                                    {
+                                        "proofPurpose": "assertionMethod",
+                                        "type": "JsonWebSignature2020",
+                                        "verificationMethod": "did:web:localhost:BPNL000000000000#a8233b68-f41e-4f14-8dff-fe16a63e0b19",
+                                        "created": "2023-12-26T10:58:02Z",
+                                        "jws": "eyJhbGciOiJFZERTQSJ9..uFqnCMbcOJneZDl7mCg8PeUjhWdUN53C8dB1E3EoWx7_hVgxsU8L7WkRYxvxIEa_DddViOoKs8E95ymYK081Aw"
+                                    },
+                                    "type":
+                                    [
+                                        "VerifiableCredential",
+                                        "SummaryCredential"
+                                    ],
+                                    "@context":
+                                    [
+                                        "https://www.w3.org/2018/credentials/v1",
+                                        "https://cofinity-x.github.io/schema-registry/v1.1/SummaryVC.json",
+                                        "https://w3id.org/security/suites/jws-2020/v1",
+                                        "https://w3id.org/vc/status-list/2021/v1"
+                                    ],
+                                    "issuer": "did:web:localhost:BPNL000000000000",
+                                    "expirationDate": "2024-12-31T18:30:00Z",
+                                    "credentialStatus":
+                                    {
+                                        "id": "did:web:localhost:BPNL000000000000#1",
+                                        "statusPurpose": "revocation",
+                                        "statusListIndex": "1",
+                                        "statusListCredential": "https://7337-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials?issuerId=did:web:localhost:BPNL000000000000",
+                                        "type": "BitstringStatusListEntry"
+                                    }
+                                }
+                    """))
+    })
+    @Target(ElementType.METHOD)
+    @Retention(RetentionPolicy.RUNTIME)
+    public @interface RevokeCredentialDoc {
+
+    }
+}
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ExceptionHandling.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ExceptionHandling.java
index 95b00550..3e73396a 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ExceptionHandling.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ExceptionHandling.java
@@ -26,10 +26,10 @@
 import jakarta.validation.ConstraintViolationException;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.exception.ExceptionUtils;
-import org.eclipse.tractusx.managedidentitywallets.exception.BadDataException;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.BadDataException;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.ForbiddenException;
 import org.eclipse.tractusx.managedidentitywallets.exception.CredentialNotFoundProblem;
 import org.eclipse.tractusx.managedidentitywallets.exception.DuplicateWalletProblem;
-import org.eclipse.tractusx.managedidentitywallets.exception.ForbiddenException;
 import org.eclipse.tractusx.managedidentitywallets.exception.MissingVcTypesException;
 import org.eclipse.tractusx.managedidentitywallets.exception.PermissionViolationException;
 import org.eclipse.tractusx.managedidentitywallets.exception.WalletNotFoundProblem;
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/PurposeType.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/RevocationSettings.java
similarity index 78%
rename from revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/PurposeType.java
rename to miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/RevocationSettings.java
index 00f90ef8..c36bb2ec 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/PurposeType.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/RevocationSettings.java
@@ -19,9 +19,12 @@
  * ******************************************************************************
  */
 
-package org.eclipse.tractusx.managedidentitywallets.revocation.constant;
+package org.eclipse.tractusx.managedidentitywallets.config;
 
-public enum PurposeType {
-    REVOCATION,
-    SUSPENSION,
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+import java.net.URI;
+
+@ConfigurationProperties(prefix = "miw.revocation")
+public record RevocationSettings(URI url) {
 }
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/PresentationIatpFilter.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/PresentationIatpFilter.java
new file mode 100644
index 00000000..6099e12a
--- /dev/null
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/PresentationIatpFilter.java
@@ -0,0 +1,82 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.config.security;
+
+import io.micrometer.common.util.StringUtils;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
+import org.eclipse.tractusx.managedidentitywallets.dto.ValidationResult;
+import org.eclipse.tractusx.managedidentitywallets.service.STSTokenValidationService;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.web.filter.GenericFilterBean;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+
+public class PresentationIatpFilter extends GenericFilterBean {
+
+    RequestMatcher customFilterUrl = new AntPathRequestMatcher(RestURI.API_PRESENTATIONS_IATP);
+
+    STSTokenValidationService validationService;
+
+    public PresentationIatpFilter(STSTokenValidationService validationService) {
+        this.validationService = validationService;
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+
+        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+        HttpServletResponse httpServletResponse = (HttpServletResponse) response;
+
+        if (customFilterUrl.matches(httpServletRequest)) {
+            String authHeader = httpServletRequest.getHeader("Authorization");
+            if (StringUtils.isEmpty(authHeader)) {
+                httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            } else {
+                ValidationResult result = validationService.validateToken(authHeader);
+                if (!result.isValid()) {
+                    List<String> errorValues = new ArrayList<>();
+                    result.getErrors().forEach(c -> errorValues.add(c.name()));
+                    String content = String.join(StringPool.COMA_SEPARATOR, errorValues);
+
+                    httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                    httpServletResponse.setContentLength(content.length());
+                    httpServletResponse.getWriter().write(content);
+                } else {
+                    chain.doFilter(request, response);
+                }
+            }
+        } else {
+            chain.doFilter(request, response);
+        }
+    }
+}
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java
index a0a6178e..708a1f37 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java
@@ -23,7 +23,7 @@
 
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.eclipse.tractusx.managedidentitywallets.constant.ApplicationRole;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.ApplicationRole;
 import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
 import org.eclipse.tractusx.managedidentitywallets.service.STSTokenValidationService;
 import org.eclipse.tractusx.managedidentitywallets.utils.BpnValidator;
@@ -56,6 +56,7 @@
 
 import static org.springframework.http.HttpMethod.GET;
 import static org.springframework.http.HttpMethod.POST;
+import static org.springframework.http.HttpMethod.PUT;
 
 /**
  * The type Security config.
@@ -115,6 +116,9 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                         //VP - Validation
                         .requestMatchers(new AntPathRequestMatcher(RestURI.API_PRESENTATIONS_VALIDATION, POST.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLETS, ApplicationRole.ROLE_VIEW_WALLET) //validate VP
 
+                        //VC - revoke
+                        .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS_REVOKE, PUT.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLET, ApplicationRole.ROLE_UPDATE_WALLETS) //revoke credentials
+
                         //VC - Holder
                         .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS, GET.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLET, ApplicationRole.ROLE_VIEW_WALLETS) //get credentials
                         .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLET, ApplicationRole.ROLE_UPDATE_WALLETS) //issue credential
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/RestURI.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/RestURI.java
index 97e73c97..27c8ad27 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/RestURI.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/RestURI.java
@@ -62,6 +62,8 @@ private RestURI() {
      */
     public static final String CREDENTIALS_VALIDATION = "/api/credentials/validation";
 
+    public static final String CREDENTIALS_REVOKE = "/api/credentials/revoke";
+
     /**
      * The constant ISSUERS_CREDENTIALS.
      */
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/HoldersCredentialController.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/HoldersCredentialController.java
index 8d85d87d..71495142 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/HoldersCredentialController.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/HoldersCredentialController.java
@@ -32,13 +32,15 @@
 import org.eclipse.tractusx.managedidentitywallets.apidocs.HoldersCredentialControllerApiDocs.GetCredentialsApiDocs;
 import org.eclipse.tractusx.managedidentitywallets.apidocs.HoldersCredentialControllerApiDocs.IssueCredentialApiDoc;
 import org.eclipse.tractusx.managedidentitywallets.apidocs.IssuersCredentialControllerApiDocs.AsJwtParam;
+import org.eclipse.tractusx.managedidentitywallets.apidocs.RevocationAPIDoc;
 import org.eclipse.tractusx.managedidentitywallets.command.GetCredentialsCommand;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.dto.CredentialsResponse;
 import org.eclipse.tractusx.managedidentitywallets.service.HoldersCredentialService;
 import org.eclipse.tractusx.managedidentitywallets.utils.TokenParsingUtils;
 import org.springframework.data.domain.PageImpl;
+import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -46,6 +48,7 @@
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -74,27 +77,26 @@ public class HoldersCredentialController {
      * @param sortTpe          the sort tpe
      * @param authentication   the authentication
      * @return the credentials
-    */
+     */
     @GetCredentialsApiDocs
     @GetMapping(path = RestURI.CREDENTIALS, produces = MediaType.APPLICATION_JSON_VALUE)
-    public ResponseEntity<PageImpl<CredentialsResponse>> getCredentials(@Parameter(name = "credentialId", description = "Credential Id", examples = {@ExampleObject(name = "Credential Id", value = "did:web:localhost:BPNL000000000000#12528899-160a-48bd-ba15-f396c3959ae9")}) @RequestParam(required = false) String credentialId,
-                                                                         @Parameter(name = "issuerIdentifier", description = "Issuer identifier(did of BPN)", examples = {@ExampleObject(name = "bpn", value = "BPNL000000000000", description = "bpn"), @ExampleObject(description = "did", name = "did", value = "did:web:localhost:BPNL000000000000")}) @RequestParam(required = false) String issuerIdentifier,
-                                                                         @Parameter(name = "type", description = "Type of VC", examples = {@ExampleObject(name = "SummaryCredential", value = "SummaryCredential", description = "SummaryCredential"), @ExampleObject(description = "BpnCredential", name = "BpnCredential", value = "BpnCredential")}) @RequestParam(required = false) List<String> type,
-                                                                         @Parameter(name = "sortColumn", description = "Sort column name",
-                                                                                 examples = {
-                                                                                         @ExampleObject(value = "createdAt", name = "creation date"),
-                                                                                         @ExampleObject(value = "issuerDid", name = "Issuer did"),
-                                                                                         @ExampleObject(value = "type", name = "Credential type"),
-                                                                                         @ExampleObject(value = "credentialId", name = "Credential id"),
-                                                                                         @ExampleObject(value = "selfIssued", name = "Self issued credential"),
-                                                                                         @ExampleObject(value = "stored", name = "Stored credential")
-                                                                                 }
-                                                                         ) @RequestParam(required = false, defaultValue = "createdAt") String sortColumn,
-                                                                         @Parameter(name = "sortTpe", description = "Sort order", examples = {@ExampleObject(value = "desc", name = "Descending order"), @ExampleObject(value = "asc", name = "Ascending order")}) @RequestParam(required = false, defaultValue = "desc") String sortTpe,
-                                                                         @Min(0) @Max(Integer.MAX_VALUE) @Parameter(description = "Page number, Page number start with zero") @RequestParam(required = false, defaultValue = "0") int pageNumber,
-                                                                         @Min(0) @Max(Integer.MAX_VALUE) @Parameter(description = "Number of records per page") @RequestParam(required = false, defaultValue = Integer.MAX_VALUE + "") int size,
-                                                                         @AsJwtParam @RequestParam(name = StringPool.AS_JWT, defaultValue = "true") boolean asJwt,
-
+    public ResponseEntity<PageImpl<CredentialsResponse>> getCredentials(@Parameter(name = "credentialId", description = "Credential Id", examples = { @ExampleObject(name = "Credential Id", value = "did:web:localhost:BPNL000000000000#12528899-160a-48bd-ba15-f396c3959ae9") }) @RequestParam(required = false) String credentialId,
+                                                                        @Parameter(name = "issuerIdentifier", description = "Issuer identifier(did of BPN)", examples = { @ExampleObject(name = "bpn", value = "BPNL000000000000", description = "bpn"), @ExampleObject(description = "did", name = "did", value = "did:web:localhost:BPNL000000000000") }) @RequestParam(required = false) String issuerIdentifier,
+                                                                        @Parameter(name = "type", description = "Type of VC", examples = { @ExampleObject(name = "SummaryCredential", value = "SummaryCredential", description = "SummaryCredential"), @ExampleObject(description = "BpnCredential", name = "BpnCredential", value = "BpnCredential") }) @RequestParam(required = false) List<String> type,
+                                                                        @Parameter(name = "sortColumn", description = "Sort column name",
+                                                                                examples = {
+                                                                                        @ExampleObject(value = "createdAt", name = "creation date"),
+                                                                                        @ExampleObject(value = "issuerDid", name = "Issuer did"),
+                                                                                        @ExampleObject(value = "type", name = "Credential type"),
+                                                                                        @ExampleObject(value = "credentialId", name = "Credential id"),
+                                                                                        @ExampleObject(value = "selfIssued", name = "Self issued credential"),
+                                                                                        @ExampleObject(value = "stored", name = "Stored credential")
+                                                                                }
+                                                                        ) @RequestParam(required = false, defaultValue = "createdAt") String sortColumn,
+                                                                        @Parameter(name = "sortTpe", description = "Sort order", examples = { @ExampleObject(value = "desc", name = "Descending order"), @ExampleObject(value = "asc", name = "Ascending order") }) @RequestParam(required = false, defaultValue = "desc") String sortTpe,
+                                                                        @Min(0) @Max(Integer.MAX_VALUE) @Parameter(description = "Page number, Page number start with zero") @RequestParam(required = false, defaultValue = "0") int pageNumber,
+                                                                        @Min(0) @Max(Integer.MAX_VALUE) @Parameter(description = "Number of records per page") @RequestParam(required = false, defaultValue = Integer.MAX_VALUE + "") int size,
+                                                                        @AsJwtParam @RequestParam(name = StringPool.AS_JWT, defaultValue = "true") boolean asJwt,
                                                                         Authentication authentication) {
         log.debug("Received request to get credentials. BPN: {}", TokenParsingUtils.getBPNFromToken(authentication));
         final GetCredentialsCommand command;
@@ -116,17 +118,20 @@ public ResponseEntity<PageImpl<CredentialsResponse>> getCredentials(@Parameter(n
     /**
      * Issue credential response entity.
      *
-     * @param data              the data
-     * @param authentication    the authentication
+     * @param data           the data
+     * @param authentication the authentication
      * @return the response entity
      */
 
     @IssueCredentialApiDoc
     @PostMapping(path = RestURI.CREDENTIALS, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
+
     public ResponseEntity<CredentialsResponse> issueCredential(@RequestBody Map<String, Object> data, Authentication authentication,
-                                                                @AsJwtParam @RequestParam(name = "asJwt", defaultValue = "true") boolean asJwt
+                                                               @AsJwtParam @RequestParam(name = "asJwt", defaultValue = "true") boolean asJwt,
+                                                               @RevocationAPIDoc.Revocable @RequestParam(name = StringPool.REVOCABLE, defaultValue = "true") boolean revocable,
+                                                               @Parameter(hidden = true) @RequestHeader(name = HttpHeaders.AUTHORIZATION) String token
     ) {
         log.debug("Received request to issue credential. BPN: {}", TokenParsingUtils.getBPNFromToken(authentication));
-        return ResponseEntity.status(HttpStatus.CREATED).body(holdersCredentialService.issueCredential(data, TokenParsingUtils.getBPNFromToken(authentication), asJwt));
+        return ResponseEntity.status(HttpStatus.CREATED).body(holdersCredentialService.issueCredential(data, TokenParsingUtils.getBPNFromToken(authentication), asJwt, revocable, token));
     }
 }
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java
index 55592d09..42f003e9 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java
@@ -31,14 +31,16 @@
 import org.eclipse.tractusx.managedidentitywallets.apidocs.IssuersCredentialControllerApiDocs.GetCredentialsApiDocs;
 import org.eclipse.tractusx.managedidentitywallets.apidocs.IssuersCredentialControllerApiDocs.IssueVerifiableCredentialUsingBaseWalletApiDocs;
 import org.eclipse.tractusx.managedidentitywallets.apidocs.IssuersCredentialControllerApiDocs.ValidateVerifiableCredentialApiDocs;
+import org.eclipse.tractusx.managedidentitywallets.apidocs.RevocationAPIDoc;
 import org.eclipse.tractusx.managedidentitywallets.command.GetCredentialsCommand;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.dto.CredentialVerificationRequest;
 import org.eclipse.tractusx.managedidentitywallets.dto.CredentialsResponse;
 import org.eclipse.tractusx.managedidentitywallets.service.IssuersCredentialService;
 import org.eclipse.tractusx.managedidentitywallets.utils.TokenParsingUtils;
 import org.springframework.data.domain.PageImpl;
+import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -46,6 +48,7 @@
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -60,15 +63,6 @@
 @Slf4j
 public class IssuersCredentialController {
 
-    /**
-     * The constant API_TAG_VERIFIABLE_CREDENTIAL_ISSUER.
-     */
-    public static final String API_TAG_VERIFIABLE_CREDENTIAL_ISSUER = "Verifiable Credential - Issuer";
-    /**
-     * The constant API_TAG_VERIFIABLE_CREDENTIAL_VALIDATION.
-     */
-    public static final String API_TAG_VERIFIABLE_CREDENTIAL_VALIDATION = "Verifiable Credential - Validation";
-
     private final IssuersCredentialService issuersCredentialService;
 
 
@@ -87,19 +81,19 @@ public class IssuersCredentialController {
      */
     @GetCredentialsApiDocs
     @GetMapping(path = RestURI.ISSUERS_CREDENTIALS, produces = MediaType.APPLICATION_JSON_VALUE)
-    public ResponseEntity<PageImpl<CredentialsResponse>> getCredentials(@Parameter(name = "credentialId", description = "Credential Id", examples = {@ExampleObject(name = "Credential Id", value = "did:web:localhost:BPNL000000000000#12528899-160a-48bd-ba15-f396c3959ae9")}) @RequestParam(required = false) String credentialId,
-                                                                         @Parameter(name = "holderIdentifier", description = "Holder identifier(did of BPN)", examples = {@ExampleObject(name = "bpn", value = "BPNL000000000001", description = "bpn"), @ExampleObject(description = "did", name = "did", value = "did:web:localhost:BPNL000000000001")}) @RequestParam(required = false) String holderIdentifier,
-                                                                         @Parameter(name = "type", description = "Type of VC", examples = {@ExampleObject(name = "SummaryCredential", value = "SummaryCredential", description = "SummaryCredential"), @ExampleObject(description = "BpnCredential", name = "BpnCredential", value = "BpnCredential")}) @RequestParam(required = false) List<String> type,
-                                                                         @Min(0) @Max(Integer.MAX_VALUE) @Parameter(description = "Page number, Page number start with zero") @RequestParam(required = false, defaultValue = "0") int pageNumber,
-                                                                         @Min(0) @Max(Integer.MAX_VALUE) @Parameter(description = "Number of records per page") @RequestParam(required = false, defaultValue = Integer.MAX_VALUE + "") int size,
-                                                                         @Parameter(name = "sortColumn", description = "Sort column name",
-                                                                                 examples = {
-                                                                                         @ExampleObject(value = "createdAt", name = "creation date"),
-                                                                                         @ExampleObject(value = "holderDid", name = "Holder did"),
-                                                                                         @ExampleObject(value = "type", name = "Credential type"),
-                                                                                         @ExampleObject(value = "credentialId", name = "Credential id")
-                                                                                 }
-                                                                         ) @RequestParam(required = false, defaultValue = "createdAt") String sortColumn,
+    public ResponseEntity<PageImpl<CredentialsResponse>> getCredentials(@Parameter(name = "credentialId", description = "Credential Id", examples = { @ExampleObject(name = "Credential Id", value = "did:web:localhost:BPNL000000000000#12528899-160a-48bd-ba15-f396c3959ae9") }) @RequestParam(required = false) String credentialId,
+                                                                        @Parameter(name = "holderIdentifier", description = "Holder identifier(did of BPN)", examples = { @ExampleObject(name = "bpn", value = "BPNL000000000001", description = "bpn"), @ExampleObject(description = "did", name = "did", value = "did:web:localhost:BPNL000000000001") }) @RequestParam(required = false) String holderIdentifier,
+                                                                        @Parameter(name = "type", description = "Type of VC", examples = { @ExampleObject(name = "SummaryCredential", value = "SummaryCredential", description = "SummaryCredential"), @ExampleObject(description = "BpnCredential", name = "BpnCredential", value = "BpnCredential") }) @RequestParam(required = false) List<String> type,
+                                                                        @Min(0) @Max(Integer.MAX_VALUE) @Parameter(description = "Page number, Page number start with zero") @RequestParam(required = false, defaultValue = "0") int pageNumber,
+                                                                        @Min(0) @Max(Integer.MAX_VALUE) @Parameter(description = "Number of records per page") @RequestParam(required = false, defaultValue = Integer.MAX_VALUE + "") int size,
+                                                                        @Parameter(name = "sortColumn", description = "Sort column name",
+                                                                                examples = {
+                                                                                        @ExampleObject(value = "createdAt", name = "creation date"),
+                                                                                        @ExampleObject(value = "holderDid", name = "Holder did"),
+                                                                                        @ExampleObject(value = "type", name = "Credential type"),
+                                                                                        @ExampleObject(value = "credentialId", name = "Credential id")
+                                                                                }
+                                                                        ) @RequestParam(required = false, defaultValue = "createdAt") String sortColumn,
                                                                         @Parameter(name = "sortTpe", description = "Sort order", examples = { @ExampleObject(value = "desc", name = "Descending order"), @ExampleObject(value = "asc", name = "Ascending order") }) @RequestParam(required = false, defaultValue = "desc") String sortTpe,
                                                                          @AsJwtParam @RequestParam(name = StringPool.AS_JWT, defaultValue = "true") boolean asJwt,
                                                                         Authentication authentication) {
@@ -123,31 +117,36 @@ public ResponseEntity<PageImpl<CredentialsResponse>> getCredentials(@Parameter(n
     /**
      * Credentials validation response entity.
      *
-     * @param credentialVerificationRequest                     the request
-     * @param withCredentialExpiryDate the with credential expiry date
+     * @param credentialVerificationRequest the request
+     * @param withCredentialExpiryDate      the with credential expiry date
      * @return the response entity
      */
     @PostMapping(path = RestURI.CREDENTIALS_VALIDATION, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
     @ValidateVerifiableCredentialApiDocs
     public ResponseEntity<Map<String, Object>> credentialsValidation(@RequestBody CredentialVerificationRequest credentialVerificationRequest,
-                                                                     @Parameter(description = "Check expiry of VC") @RequestParam(name = "withCredentialExpiryDate", defaultValue = "false", required = false) boolean withCredentialExpiryDate) {
+                                                                     @Parameter(description = "Check expiry of VC") @RequestParam(name = "withCredentialExpiryDate", defaultValue = "false", required = false) boolean withCredentialExpiryDate,
+                                                                     @Parameter(hidden = true) @RequestHeader(name = HttpHeaders.AUTHORIZATION) String token) {
         log.debug("Received request to validate verifiable credentials");
-        return ResponseEntity.status(HttpStatus.OK).body(issuersCredentialService.credentialsValidation(credentialVerificationRequest, withCredentialExpiryDate));
+        return ResponseEntity.status(HttpStatus.OK).body(issuersCredentialService.credentialsValidation(credentialVerificationRequest, withCredentialExpiryDate, token));
     }
 
     /**
      * Issue credential response entity.
      *
-     * @param holderDid the holder did
-     * @param data      the data
+     * @param holderDid      the holder did
+     * @param data           the data
      * @param authentication the authentication
      * @return the response entity
      */
     @PostMapping(path = RestURI.ISSUERS_CREDENTIALS, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
     @IssueVerifiableCredentialUsingBaseWalletApiDocs
-    public ResponseEntity<CredentialsResponse> issueCredentialUsingBaseWallet(@Parameter(description = "Holder DID", examples = {@ExampleObject(description = "did", name = "did", value = "did:web:localhost:BPNL000000000000")}) @RequestParam(name = "holderDid") String holderDid, @RequestBody Map<String, Object> data, Authentication authentication,
-                                                                            @AsJwtParam @RequestParam(name = StringPool.AS_JWT, defaultValue = "true") boolean asJwt) {
+
+
+    public ResponseEntity<CredentialsResponse> issueCredentialUsingBaseWallet(@Parameter(description = "Holder DID", examples = { @ExampleObject(description = "did", name = "did", value = "did:web:localhost:BPNL000000000000") }) @RequestParam(name = "holderDid") String holderDid, @RequestBody Map<String, Object> data, Authentication authentication,
+                                                                              @AsJwtParam @RequestParam(name = StringPool.AS_JWT, defaultValue = "true") boolean asJwt,
+                                                                              @RevocationAPIDoc.Revocable @RequestParam(name = StringPool.REVOCABLE, defaultValue = "true") boolean revocable,
+                                                                              @Parameter(hidden = true) @RequestHeader(name = HttpHeaders.AUTHORIZATION) String token) {
         log.debug("Received request to issue verifiable credential. BPN: {}", TokenParsingUtils.getBPNFromToken(authentication));
-        return ResponseEntity.status(HttpStatus.CREATED).body(issuersCredentialService.issueCredentialUsingBaseWallet(holderDid, data, asJwt, TokenParsingUtils.getBPNFromToken(authentication)));
+        return ResponseEntity.status(HttpStatus.CREATED).body(issuersCredentialService.issueCredentialUsingBaseWallet(holderDid, data, asJwt, revocable, TokenParsingUtils.getBPNFromToken(authentication), token));
     }
 }
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/RevocationController.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/RevocationController.java
new file mode 100644
index 00000000..7647d1a3
--- /dev/null
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/RevocationController.java
@@ -0,0 +1,75 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.controller;
+
+
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.eclipse.tractusx.managedidentitywallets.apidocs.IssuersCredentialControllerApiDocs;
+import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
+import org.eclipse.tractusx.managedidentitywallets.dto.CredentialVerificationRequest;
+import org.eclipse.tractusx.managedidentitywallets.service.revocation.RevocationService;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestHeader;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.security.Principal;
+import java.util.Map;
+
+/**
+ * The type Revocation controller.
+ */
+@RestController
+@Slf4j
+@RequiredArgsConstructor
+@Tag(name = "Verifiable Credential - Revoke")
+public class RevocationController extends BaseController {
+
+
+    private final RevocationService revocationService;
+
+
+    /**
+     * Revoke credential .
+     *
+     * @param credentialVerificationRequest the credential verification request
+     * @param token                         the token
+     * @param principal                     the principal
+     * @return the response entity
+     */
+    @PutMapping(path = RestURI.CREDENTIALS_REVOKE, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
+    @IssuersCredentialControllerApiDocs.ValidateVerifiableCredentialApiDocs
+    public ResponseEntity<Map<String, Object>> revokeCredential(@RequestBody CredentialVerificationRequest credentialVerificationRequest,
+                                                                @Parameter(hidden = true) @RequestHeader(name = HttpHeaders.AUTHORIZATION) String token, Principal principal) {
+        revocationService.revokeCredential(credentialVerificationRequest, getBPNFromToken(principal), token);
+        return ResponseEntity.status(HttpStatus.OK).body(Map.of("message", "Credential has been revoked"));
+
+    }
+
+}
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/SecureTokenController.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/SecureTokenController.java
index 3cfd7865..641378a3 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/SecureTokenController.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/SecureTokenController.java
@@ -30,7 +30,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.eclipse.tractusx.managedidentitywallets.apidocs.SecureTokenControllerApiDoc;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository;
 import org.eclipse.tractusx.managedidentitywallets.domain.BusinessPartnerNumber;
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/HoldersCredentialRepository.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/HoldersCredentialRepository.java
index f3459d9e..ee462db3 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/HoldersCredentialRepository.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/HoldersCredentialRepository.java
@@ -58,24 +58,4 @@ public interface HoldersCredentialRepository extends BaseRepository<HoldersCrede
      * @return the by holder did and type
      */
     List<HoldersCredential> getByHolderDidAndType(String holderDid, String type);
-
-    List<HoldersCredential> getByHolderDidAndIssuerDidAndTypeAndStored(String holderDid, String issuerDid, String type, boolean stored);
-
-    /**
-     * Exists by holder did and type boolean.
-     *
-     * @param holderDid the holder did
-     * @param type      the type
-     * @return the boolean
-     */
-    boolean existsByHolderDidAndType(String holderDid, String type);
-
-    /**
-     * Exists by holder did and credential id boolean.
-     *
-     * @param holderDid    the holder did
-     * @param credentialId the credential id
-     * @return the boolean
-     */
-    boolean existsByHolderDidAndCredentialId(String holderDid, String credentialId);
 }
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/domain/CredentialCreationConfig.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/domain/CredentialCreationConfig.java
index f75ae464..0661ae1c 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/domain/CredentialCreationConfig.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/domain/CredentialCreationConfig.java
@@ -25,7 +25,7 @@
 import lombok.Getter;
 import lombok.NonNull;
 import lombok.Setter;
-import org.eclipse.tractusx.managedidentitywallets.constant.SupportedAlgorithms;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.SupportedAlgorithms;
 import org.eclipse.tractusx.ssi.lib.model.did.DidDocument;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialStatus;
@@ -65,6 +65,8 @@ public class CredentialCreationConfig {
 
     private boolean selfIssued;
 
+    private boolean revocable;
+
     // this will be used by the DB-Impl of storage to retrieve privateKey
     @NonNull
     private String keyName;
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/domain/PresentationCreationConfig.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/domain/PresentationCreationConfig.java
index 0ff581e0..b2479f4a 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/domain/PresentationCreationConfig.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/domain/PresentationCreationConfig.java
@@ -24,7 +24,7 @@
 import lombok.Builder;
 import lombok.Getter;
 import lombok.NonNull;
-import org.eclipse.tractusx.managedidentitywallets.constant.SupportedAlgorithms;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.SupportedAlgorithms;
 import org.eclipse.tractusx.ssi.lib.model.did.Did;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
 
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dto/CreateWalletRequest.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dto/CreateWalletRequest.java
index 4d5b253d..b2038989 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dto/CreateWalletRequest.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dto/CreateWalletRequest.java
@@ -29,7 +29,7 @@
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 import lombok.Setter;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.domain.SigningServiceType;
 
 
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dto/CredentialVerificationRequest.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dto/CredentialVerificationRequest.java
index c4f9dd4a..73d15872 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dto/CredentialVerificationRequest.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dto/CredentialVerificationRequest.java
@@ -21,11 +21,11 @@
 
 package org.eclipse.tractusx.managedidentitywallets.dto;
 
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 
 import java.util.LinkedHashMap;
 import java.util.Map;
- 
+
 public class CredentialVerificationRequest extends LinkedHashMap<String, Object> {
 
 
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dto/CredentialsResponse.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dto/CredentialsResponse.java
index d90d7e44..d1dc365a 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dto/CredentialsResponse.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dto/CredentialsResponse.java
@@ -21,7 +21,7 @@
 
 package org.eclipse.tractusx.managedidentitywallets.dto;
 
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 
 import java.util.LinkedHashMap;
 import java.util.Map;
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/StringPool.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dto/StatusListRequest.java
similarity index 80%
rename from revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/StringPool.java
rename to miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dto/StatusListRequest.java
index 1aeb1f42..2c6c2e3f 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/StringPool.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dto/StatusListRequest.java
@@ -19,9 +19,19 @@
  * ******************************************************************************
  */
 
-package org.eclipse.tractusx.managedidentitywallets.revocation.utils;
+package org.eclipse.tractusx.managedidentitywallets.dto;
 
-public class StringPool {
 
-    public static final String BPN = "bpn";
+import lombok.*;
+
+@Getter
+@Setter
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class StatusListRequest {
+
+    private String issuerId;
+
+    private String purpose;
 }
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dto/ValidationResult.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dto/ValidationResult.java
index 8929fada..97700284 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dto/ValidationResult.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dto/ValidationResult.java
@@ -26,7 +26,7 @@
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 import lombok.Setter;
-import org.eclipse.tractusx.managedidentitywallets.constant.TokenValidationErrors;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.TokenValidationErrors;
 
 import java.util.List;
 
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/exception/ForbiddenException.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/exception/ForbiddenException.java
deleted file mode 100644
index 51938e2b..00000000
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/exception/ForbiddenException.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * *******************************************************************************
- *  Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
- *
- *  See the NOTICE file(s) distributed with this work for additional
- *  information regarding copyright ownership.
- *
- *  This program and the accompanying materials are made available under the
- *  terms of the Apache License, Version 2.0 which is available at
- *  https://www.apache.org/licenses/LICENSE-2.0.
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- *  License for the specific language governing permissions and limitations
- *  under the License.
- *
- *  SPDX-License-Identifier: Apache-2.0
- * ******************************************************************************
- */
-
-package org.eclipse.tractusx.managedidentitywallets.exception;
-
-/**
- * The type Forbidden exception.
- */
-public class ForbiddenException extends RuntimeException {
-
-    /**
-     * Instantiates a new Forbidden exception.
-     */
-    public ForbiddenException() {
-    }
-
-    /**
-     * Instantiates a new Forbidden exception.
-     *
-     * @param message the message
-     */
-    public ForbiddenException(String message) {
-        super(message);
-    }
-
-    /**
-     * Instantiates a new Forbidden exception.
-     *
-     * @param message the message
-     * @param cause   the cause
-     */
-    public ForbiddenException(String message, Throwable cause) {
-        super(message, cause);
-    }
-
-    /**
-     * Instantiates a new Forbidden exception.
-     *
-     * @param cause the cause
-     */
-    public ForbiddenException(Throwable cause) {
-        super(cause);
-    }
-}
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/exception/RevocationException.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/exception/RevocationException.java
new file mode 100644
index 00000000..9b11bbf8
--- /dev/null
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/exception/RevocationException.java
@@ -0,0 +1,53 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.exception;
+
+import lombok.Getter;
+
+import java.util.Map;
+
+/**
+ * The type Revocation problem.
+ */
+@Getter
+public class RevocationException extends RuntimeException {
+
+
+    private final int status;
+
+    private final String message;
+
+    private final Map<String, Object> details;
+
+    /**
+     * Instantiates a new Revocation problem.
+     *
+     * @param status  the status
+     * @param message the message
+     */
+    public RevocationException(int status, String message, Map<String, Object> details) {
+        super(message);
+        this.status = status;
+        this.message = message;
+        this.details = details;
+    }
+}
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/RevocationClient.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/RevocationClient.java
new file mode 100644
index 00000000..6d27e8af
--- /dev/null
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/RevocationClient.java
@@ -0,0 +1,95 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation;
+
+import io.swagger.v3.oas.annotations.Parameter;
+import org.eclipse.tractusx.managedidentitywallets.dto.StatusListRequest;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialStatus;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestHeader;
+
+import java.util.Map;
+
+/**
+ * The interface Revocation client.
+ */
+@FeignClient(value = "RevocationService", url = "${miw.revocation.url}", configuration = RevocationClientConfig.class)
+public interface RevocationClient {
+
+    /**
+     * Gets status list credential.
+     *
+     * @param issuerBpn the issuer BPN
+     * @param status    the status
+     * @param index     the index
+     * @param token     the token
+     * @return the status list credential
+     */
+    @GetMapping(path = "/api/v1/revocations/credentials/{issuerBpn}/{status}/{index}", produces = MediaType.APPLICATION_JSON_VALUE)
+    VerifiableCredential getStatusListCredential(@PathVariable(name = "issuerBpn") String issuerBpn,
+                                                 @PathVariable(name = "status") String status,
+                                                 @PathVariable(name = "index") String index,
+                                                 @RequestHeader(name = HttpHeaders.AUTHORIZATION) String token);
+
+
+    /**
+     * Gets status list entry.
+     *
+     * @param statusListRequest the status list request
+     * @param token             the token
+     * @return the status list entry
+     */
+    @PostMapping(path = "/api/v1/revocations/status-entry", consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
+    Map<String, Object> getStatusListEntry(@RequestBody StatusListRequest statusListRequest,
+                                           @RequestHeader(name = HttpHeaders.AUTHORIZATION) String token);
+
+
+    /**
+     * Revoke credential.
+     *
+     * @param verifiableCredentialStatus the verifiable credential status
+     * @param token                      the token
+     */
+    @PostMapping(path = "/api/v1/revocations/revoke", consumes = MediaType.APPLICATION_JSON_VALUE)
+    void revokeCredential(@RequestBody VerifiableCredentialStatus verifiableCredentialStatus,
+                          @Parameter(hidden = true) @RequestHeader(name = HttpHeaders.AUTHORIZATION) String token);
+
+
+    /**
+     * Verify credential status map.
+     *
+     * @param verifiableCredentialStatus the verifiable credential status
+     * @param token                      the token
+     * @return the map
+     */
+    @PostMapping(path = "/api/v1/revocations/verify", consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
+    Map<String, String> verifyCredentialStatus(@RequestBody VerifiableCredentialStatus verifiableCredentialStatus,
+                                               @Parameter(hidden = true) @RequestHeader(name = HttpHeaders.AUTHORIZATION) String token);
+
+}
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/RevocationClientConfig.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/RevocationClientConfig.java
new file mode 100644
index 00000000..b440bc8a
--- /dev/null
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/RevocationClientConfig.java
@@ -0,0 +1,43 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation;
+
+import feign.codec.ErrorDecoder;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * The type Revocation client config.
+ */
+@Configuration
+public class RevocationClientConfig {
+
+    /**
+     * Error decoder error decoder.
+     *
+     * @return the error decoder
+     */
+    @Bean
+    public ErrorDecoder errorDecoder() {
+        return new RevocationErrorDecoder();
+    }
+}
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/RevocationErrorDecoder.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/RevocationErrorDecoder.java
new file mode 100644
index 00000000..572f1a22
--- /dev/null
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/RevocationErrorDecoder.java
@@ -0,0 +1,62 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import feign.Response;
+import feign.codec.ErrorDecoder;
+import lombok.SneakyThrows;
+import org.eclipse.tractusx.managedidentitywallets.exception.RevocationException;
+import org.springframework.http.HttpStatus;
+import org.springframework.util.StreamUtils;
+
+import java.nio.charset.Charset;
+import java.util.Map;
+
+/**
+ * The type Revocation error decoder.
+ */
+public class RevocationErrorDecoder implements ErrorDecoder {
+    @SneakyThrows
+    @Override
+    public Exception decode(String methodKey, Response response) {
+        Response.Body responseBody = response.body();
+        HttpStatus responseStatus = HttpStatus.valueOf(response.status());
+        if (responseBody != null && response.body() != null) {
+            String data = StreamUtils.copyToString(response.body().asInputStream(), Charset.defaultCharset());
+            if (responseStatus.value() == HttpStatus.CONFLICT.value()) {
+                ObjectMapper objectMapper = new ObjectMapper();
+                Map<String, Object> map = objectMapper.readValue(data, Map.class);
+                if (map.containsKey("detail")) {
+                    throw new RevocationException(responseStatus.value(), map.get("detail").toString(), map);
+                } else {
+                    throw new RevocationException(responseStatus.value(), data, map);
+                }
+            } else {
+                throw new RevocationException(responseStatus.value(), data, Map.of());
+
+            }
+        } else {
+            throw new RevocationException(responseStatus.value(), "Error in revocation service", Map.of());
+        }
+    }
+}
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java
index 1acf3215..8e6228c3 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java
@@ -23,12 +23,12 @@
 
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.utils.Validate;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository;
 import org.eclipse.tractusx.managedidentitywallets.exception.WalletNotFoundProblem;
 import org.eclipse.tractusx.managedidentitywallets.utils.CommonUtils;
-import org.eclipse.tractusx.managedidentitywallets.utils.Validate;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
 import org.springframework.stereotype.Service;
 
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/DidDocumentResolverService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/DidDocumentResolverService.java
index 3ffcccf8..eccb6b11 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/DidDocumentResolverService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/DidDocumentResolverService.java
@@ -33,7 +33,7 @@
 @Service
 public class DidDocumentResolverService {
 
-    final static HttpClient httpClient = HttpClient.newHttpClient();
+    private static final HttpClient HTTP_CLIENT = HttpClient.newHttpClient();
 
     @Getter
     private final DidWebResolver didDocumentResolverRegistry;
@@ -47,10 +47,10 @@ public DidDocumentResolverService(MIWSettings miwSettings) {
         final DidWebParser didParser = new DidWebParser();
 
         didDocumentResolverRegistry =
-                new DidWebResolver(httpClient, didParser, enforceHttps);
+                new DidWebResolver(HTTP_CLIENT, didParser, enforceHttps);
 
         compositeDidResolver = new CompositeDidResolver(
-                new DidWebResolver(httpClient, didParser, enforceHttps)
+                new DidWebResolver(HTTP_CLIENT, didParser, enforceHttps)
         );
     }
 }
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java
index a69ad465..4eae8b25 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java
@@ -33,8 +33,10 @@
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.text.StringEscapeUtils;
 import org.eclipse.tractusx.managedidentitywallets.command.GetCredentialsCommand;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
-import org.eclipse.tractusx.managedidentitywallets.constant.SupportedAlgorithms;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.SupportedAlgorithms;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.ForbiddenException;
+import org.eclipse.tractusx.managedidentitywallets.commons.utils.Validate;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.HoldersCredentialRepository;
@@ -42,13 +44,12 @@
 import org.eclipse.tractusx.managedidentitywallets.domain.SigningServiceType;
 import org.eclipse.tractusx.managedidentitywallets.domain.VerifiableEncoding;
 import org.eclipse.tractusx.managedidentitywallets.dto.CredentialsResponse;
-import org.eclipse.tractusx.managedidentitywallets.exception.CredentialNotFoundProblem;
-import org.eclipse.tractusx.managedidentitywallets.exception.ForbiddenException;
+import org.eclipse.tractusx.managedidentitywallets.service.revocation.RevocationService;
 import org.eclipse.tractusx.managedidentitywallets.signing.SignerResult;
 import org.eclipse.tractusx.managedidentitywallets.signing.SigningService;
 import org.eclipse.tractusx.managedidentitywallets.utils.CommonUtils;
-import org.eclipse.tractusx.managedidentitywallets.utils.Validate;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialStatusList2021Entry;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageImpl;
 import org.springframework.stereotype.Service;
@@ -81,6 +82,8 @@ public class HoldersCredentialService extends BaseService<HoldersCredential, Lon
 
     private final Map<SigningServiceType, SigningService> availableSigningServices;
 
+    private final RevocationService revocationService;
+
 
     @Override
     protected BaseRepository<HoldersCredential, Long> getRepository() {
@@ -172,7 +175,7 @@ public PageImpl<CredentialsResponse> getCredentials(GetCredentialsCommand comman
      * @param asJwt     the as jwt
      * @return the verifiable credential
      */
-    public CredentialsResponse issueCredential(Map<String, Object> data, String callerBpn, boolean asJwt) {
+    public CredentialsResponse issueCredential(Map<String, Object> data, String callerBpn, boolean asJwt, boolean revocable, String token) {
         VerifiableCredential verifiableCredential = new VerifiableCredential(data);
         Wallet issuerWallet = commonService.getWalletByIdentifier(verifiableCredential.getIssuer().toString());
 
@@ -185,7 +188,7 @@ public CredentialsResponse issueCredential(Map<String, Object> data, String call
             expiryDate = Date.from(verifiableCredential.getExpirationDate());
         }
 
-        CredentialCreationConfig holdersCredentialCreationConfig = CredentialCreationConfig.builder()
+        CredentialCreationConfig.CredentialCreationConfigBuilder builder = CredentialCreationConfig.builder()
                 .encoding(VerifiableEncoding.JSON_LD)
                 .subject(verifiableCredential.getCredentialSubject().get(0))
                 .types(verifiableCredential.getTypes())
@@ -194,12 +197,19 @@ public CredentialsResponse issueCredential(Map<String, Object> data, String call
                 .contexts(verifiableCredential.getContext())
                 .expiryDate(expiryDate)
                 .selfIssued(true)
+                .revocable(revocable)
                 .keyName(issuerWallet.getBpn())
-                .algorithm(SupportedAlgorithms.valueOf(issuerWallet.getAlgorithm()))
-                .build();
+                .algorithm(SupportedAlgorithms.valueOf(issuerWallet.getAlgorithm()));
 
-        // Create Credential
+        if (revocable) {
+            //get credential status in case of revocation
+            VerifiableCredentialStatusList2021Entry statusListEntry = revocationService.getStatusListEntry(issuerWallet.getBpn(), token);
+            builder.verifiableCredentialStatus(statusListEntry);
+        }
+
+        CredentialCreationConfig holdersCredentialCreationConfig = builder.build();
 
+        // Create Credential
         SignerResult signerResult = availableSigningServices.get(issuerWallet.getSigningServiceType()).createCredential(holdersCredentialCreationConfig);
         VerifiableCredential vc = (VerifiableCredential) signerResult.getJsonLd();
         HoldersCredential credential = CommonUtils.convertVerifiableCredential(vc, holdersCredentialCreationConfig);
@@ -224,8 +234,4 @@ public CredentialsResponse issueCredential(Map<String, Object> data, String call
 
         return cr;
     }
-
-    private void isCredentialExistWithId(String holderDid, String credentialId) {
-        Validate.isFalse(holdersCredentialRepository.existsByHolderDidAndCredentialId(holderDid, credentialId)).launch(new CredentialNotFoundProblem("Credential ID: " + credentialId + " is not exists "));
-    }
 }
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IdpAuthorization.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IdpAuthorization.java
index 956a938c..da0e819f 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IdpAuthorization.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IdpAuthorization.java
@@ -22,11 +22,12 @@
 package org.eclipse.tractusx.managedidentitywallets.service;
 
 import lombok.extern.slf4j.Slf4j;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.config.security.SecurityConfigProperties;
 import org.eclipse.tractusx.managedidentitywallets.domain.IdpTokenResponse;
 import org.eclipse.tractusx.managedidentitywallets.dto.SecureTokenRequest;
-import org.eclipse.tractusx.managedidentitywallets.exception.UnsupportedGrantTypeException;
 import org.eclipse.tractusx.managedidentitywallets.exception.InvalidIdpTokenResponseException;
+import org.eclipse.tractusx.managedidentitywallets.exception.UnsupportedGrantTypeException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.web.client.RestTemplateBuilder;
 import org.springframework.http.HttpHeaders;
@@ -37,7 +38,6 @@
 import org.springframework.web.client.RestTemplate;
 import org.springframework.web.util.UriComponentsBuilder;
 
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.CLIENT_CREDENTIALS;
 import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.CLIENT_ID;
 import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.CLIENT_SECRET;
 import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.GRANT_TYPE;
@@ -64,11 +64,11 @@ public IdpAuthorization(final SecurityConfigProperties properties, final RestTem
 
     public IdpTokenResponse fromSecureTokenRequest(SecureTokenRequest secureTokenRequest) throws UnsupportedGrantTypeException, InvalidIdpTokenResponseException {
         // we're ignoring the input, but the protocol requires us to check.
-        if (!secureTokenRequest.getGrantType().equals(CLIENT_CREDENTIALS)) {
+        if (!secureTokenRequest.getGrantType().equals(StringPool.CLIENT_CREDENTIALS)) {
             throw new UnsupportedGrantTypeException("The provided 'grant_type' is not valid. Use 'client_credentials'.");
         }
         MultiValueMap<String, String> tokenRequest = new LinkedMultiValueMap<>();
-        tokenRequest.add(GRANT_TYPE, CLIENT_CREDENTIALS);
+        tokenRequest.add(GRANT_TYPE, StringPool.CLIENT_CREDENTIALS);
         tokenRequest.add(SCOPE, OPENID);
         tokenRequest.add(CLIENT_ID, secureTokenRequest.getClientId());
         tokenRequest.add(CLIENT_SECRET, secureTokenRequest.getClientSecret());
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java
index 8d6fb6d2..dba5f6a9 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java
@@ -36,9 +36,12 @@
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.text.StringEscapeUtils;
 import org.eclipse.tractusx.managedidentitywallets.command.GetCredentialsCommand;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.CredentialStatus;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.SupportedAlgorithms;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.ForbiddenException;
+import org.eclipse.tractusx.managedidentitywallets.commons.utils.Validate;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
-import org.eclipse.tractusx.managedidentitywallets.constant.SupportedAlgorithms;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.IssuersCredential;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
@@ -49,11 +52,10 @@
 import org.eclipse.tractusx.managedidentitywallets.domain.VerifiableEncoding;
 import org.eclipse.tractusx.managedidentitywallets.dto.CredentialVerificationRequest;
 import org.eclipse.tractusx.managedidentitywallets.dto.CredentialsResponse;
-import org.eclipse.tractusx.managedidentitywallets.exception.ForbiddenException;
+import org.eclipse.tractusx.managedidentitywallets.service.revocation.RevocationService;
 import org.eclipse.tractusx.managedidentitywallets.signing.SignerResult;
 import org.eclipse.tractusx.managedidentitywallets.signing.SigningService;
 import org.eclipse.tractusx.managedidentitywallets.utils.CommonUtils;
-import org.eclipse.tractusx.managedidentitywallets.utils.Validate;
 import org.eclipse.tractusx.ssi.lib.did.resolver.DidResolver;
 import org.eclipse.tractusx.ssi.lib.did.web.DidWebResolver;
 import org.eclipse.tractusx.ssi.lib.did.web.util.DidWebParser;
@@ -61,6 +63,7 @@
 import org.eclipse.tractusx.ssi.lib.jwt.SignedJwtValidator;
 import org.eclipse.tractusx.ssi.lib.jwt.SignedJwtVerifier;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialStatusList2021Entry;
 import org.eclipse.tractusx.ssi.lib.proof.LinkedDataProofValidation;
 import org.eclipse.tractusx.ssi.lib.serialization.SerializeUtil;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -78,8 +81,10 @@
 import java.text.ParseException;
 import java.util.ArrayList;
 import java.util.Date;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.TreeMap;
 
 /**
@@ -108,6 +113,8 @@ public class IssuersCredentialService extends BaseService<IssuersCredential, Lon
 
     private Map<SigningServiceType, SigningService> availableSigningServices;
 
+    private final RevocationService revocationService;
+
 
     @Override
     protected BaseRepository<IssuersCredential, Long> getRepository() {
@@ -190,18 +197,19 @@ public PageImpl<CredentialsResponse> getCredentials(GetCredentialsCommand comman
     }
 
 
-
     /**
      * Issue credential using base wallet
      *
      * @param holderDid the holder did
      * @param data      the data
      * @param asJwt     the as jwt
+     * @param revocable the revocable
      * @param callerBpn the caller bpn
+     * @param token     the token
      * @return the verifiable credential
      */
     @Transactional(isolation = Isolation.READ_UNCOMMITTED, propagation = Propagation.REQUIRED)
-    public CredentialsResponse issueCredentialUsingBaseWallet(String holderDid, Map<String, Object> data, boolean asJwt, String callerBpn) {
+    public CredentialsResponse issueCredentialUsingBaseWallet(String holderDid, Map<String, Object> data, boolean asJwt, boolean revocable, String callerBpn, String token) {
         //Fetch Holder Wallet
         Wallet holderWallet = commonService.getWalletByIdentifier(holderDid);
 
@@ -213,7 +221,8 @@ public CredentialsResponse issueCredentialUsingBaseWallet(String holderDid, Map<
 
         boolean isSelfIssued = isSelfIssued(holderWallet.getBpn());
 
-        CredentialCreationConfig holdersCredentialCreationConfig = CredentialCreationConfig.builder()
+
+        CredentialCreationConfig.CredentialCreationConfigBuilder builder = CredentialCreationConfig.builder()
                 .encoding(VerifiableEncoding.JSON_LD)
                 .subject(verifiableCredential.getCredentialSubject().get(0))
                 .types(verifiableCredential.getTypes())
@@ -223,9 +232,16 @@ public CredentialsResponse issueCredentialUsingBaseWallet(String holderDid, Map<
                 .contexts(verifiableCredential.getContext())
                 .expiryDate(Date.from(verifiableCredential.getExpirationDate()))
                 .selfIssued(isSelfIssued)
-                .algorithm(SupportedAlgorithms.valueOf(issuerWallet.getAlgorithm()))
-                .build();
+                .revocable(revocable)
+                .algorithm(SupportedAlgorithms.valueOf(issuerWallet.getAlgorithm()));
 
+        if (revocable) {
+            //get credential status in case of revocation
+            VerifiableCredentialStatusList2021Entry statusListEntry = revocationService.getStatusListEntry(issuerWallet.getBpn(), token);
+            builder.verifiableCredentialStatus(statusListEntry);
+        }
+
+        CredentialCreationConfig holdersCredentialCreationConfig = builder.build();
 
         // Create Credential
         SignerResult result = availableSigningServices.get(issuerWallet.getSigningServiceType()).createCredential(holdersCredentialCreationConfig);
@@ -258,7 +274,7 @@ public CredentialsResponse issueCredentialUsingBaseWallet(String holderDid, Map<
     }
 
 
-    private JWTVerificationResult verifyVCAsJWT(String jwt, DidResolver didResolver, boolean withCredentialsValidation, boolean withCredentialExpiryDate) throws IOException, ParseException {
+    private JWTVerificationResult verifyVCAsJWT(String jwt, DidResolver didResolver, boolean withCredentialsValidation, boolean withCredentialExpiryDate, String token) throws IOException, ParseException {
         SignedJWT signedJWT = SignedJWT.parse(jwt);
         Map<String, Object> claims = objectMapper.readValue(signedJWT.getPayload().toBytes(), Map.class);
         String vcClaim = objectMapper.writeValueAsString(claims.get("vc"));
@@ -266,7 +282,10 @@ private JWTVerificationResult verifyVCAsJWT(String jwt, DidResolver didResolver,
         VerifiableCredential verifiableCredential = new VerifiableCredential(map);
 
         //took this approach to avoid issues in sonarQube
-        return new JWTVerificationResult(validateSignature(withCredentialsValidation, signedJWT, didResolver) && validateJWTExpiryDate(withCredentialExpiryDate, signedJWT), verifiableCredential);
+        return new JWTVerificationResult(validateSignature(withCredentialsValidation, signedJWT, didResolver)
+                && validateJWTExpiryDate(withCredentialExpiryDate, signedJWT)
+                && !checkRevocationStatus(token, verifiableCredential, new HashMap<>())
+                , verifiableCredential);
 
     }
 
@@ -310,10 +329,11 @@ private boolean validateJWTExpiryDate(boolean withExpiryDate, SignedJWT signedJW
      *
      * @param verificationRequest      the verification request
      * @param withCredentialExpiryDate the with credential expiry date
+     * @param token                    the token
      * @return the map
      */
-    public Map<String, Object> credentialsValidation(CredentialVerificationRequest verificationRequest, boolean withCredentialExpiryDate) {
-        return credentialsValidation(verificationRequest, true, withCredentialExpiryDate);
+    public Map<String, Object> credentialsValidation(CredentialVerificationRequest verificationRequest, boolean withCredentialExpiryDate, String token) {
+        return credentialsValidation(verificationRequest, true, withCredentialExpiryDate, token);
     }
 
     /**
@@ -322,10 +342,12 @@ public Map<String, Object> credentialsValidation(CredentialVerificationRequest v
      * @param verificationRequest       the verification request
      * @param withCredentialsValidation the with credentials validation
      * @param withCredentialExpiryDate  the with credential expiry date
+     * @param token                     the token
      * @return the map
      */
     @SneakyThrows
-    public Map<String, Object> credentialsValidation(CredentialVerificationRequest verificationRequest, boolean withCredentialsValidation, boolean withCredentialExpiryDate) {
+    public Map<String, Object> credentialsValidation(CredentialVerificationRequest verificationRequest, boolean withCredentialsValidation,
+                                                     boolean withCredentialExpiryDate, String token) {
         HttpClient httpClient = HttpClient.newBuilder()
                 .followRedirects(HttpClient.Redirect.ALWAYS)
                 .build();
@@ -337,31 +359,41 @@ public Map<String, Object> credentialsValidation(CredentialVerificationRequest v
         VerifiableCredential verifiableCredential;
         boolean dateValidation = true;
 
+        boolean revoked = false;
         if (verificationRequest.containsKey(StringPool.VC_JWT_KEY)) {
-            JWTVerificationResult result = verifyVCAsJWT((String) verificationRequest.get(StringPool.VC_JWT_KEY), didResolver, withCredentialsValidation, withCredentialExpiryDate);
+            JWTVerificationResult result = verifyVCAsJWT((String) verificationRequest.get(StringPool.VC_JWT_KEY), didResolver, withCredentialsValidation, withCredentialExpiryDate, token);
             valid = result.valid;
         } else {
-
             verifiableCredential = new VerifiableCredential(verificationRequest);
             LinkedDataProofValidation proofValidation = LinkedDataProofValidation.newInstance(didResolver);
-
-
             if (withCredentialsValidation) {
                 valid = proofValidation.verify(verifiableCredential);
             } else {
                 valid = true;
             }
 
+            revoked = checkRevocationStatus(token, verifiableCredential, response);
+
             dateValidation = CommonService.validateExpiry(withCredentialExpiryDate, verifiableCredential,
                     response);
         }
 
-        response.put(StringPool.VALID, valid && dateValidation);
+        response.put(StringPool.VALID, valid && dateValidation && !revoked);
         response.put(StringPool.VC, verificationRequest);
 
         return response;
     }
 
+    private boolean checkRevocationStatus(String token, VerifiableCredential verifiableCredential, Map<String, Object> response) {
+        //check revocation
+        if (verifiableCredential.getVerifiableCredentialStatus() != null) {
+            CredentialStatus credentialStatus = revocationService.checkRevocation(verifiableCredential, token);
+            response.put(StringPool.CREDENTIAL_STATUS, credentialStatus.getName());
+            return !Objects.equals(credentialStatus.getName(), CredentialStatus.ACTIVE.getName());
+        }
+        return false;
+    }
+
 
     private void validateAccess(String callerBpn, Wallet issuerWallet) {
         //validate BPN access, VC must be issued by base wallet
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/JwtPresentationES256KService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/JwtPresentationES256KService.java
index 084e06b1..5126108e 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/JwtPresentationES256KService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/JwtPresentationES256KService.java
@@ -35,9 +35,9 @@
 import com.nimbusds.jwt.SignedJWT;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.text.StringEscapeUtils;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.BadDataException;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
-import org.eclipse.tractusx.managedidentitywallets.exception.BadDataException;
 import org.eclipse.tractusx.managedidentitywallets.exception.SignatureFailureException;
 import org.eclipse.tractusx.managedidentitywallets.exception.UnsupportedAlgorithmException;
 import org.eclipse.tractusx.ssi.lib.model.JsonLdObject;
@@ -141,13 +141,13 @@ public DidDocument buildDidDocument(String bpn, Did did, List<VerificationMethod
         });
         didDocument.put(StringPool.ASSERTION_METHOD, ids);
         //add service
-        Map<String, Object> tokenServiceData = Map.of(Verifiable.ID, did.toUri()+"#"+StringPool.SECURITY_TOKEN_SERVICE, Verifiable.TYPE, StringPool.SECURITY_TOKEN_SERVICE,
-                StringPool.SERVICE_ENDPOINT,  StringPool.HTTPS_SCHEME + miwSettings.host() + "/api/token");
+        Map<String, Object> tokenServiceData = Map.of(Verifiable.ID, did.toUri() + "#" + StringPool.SECURITY_TOKEN_SERVICE, Verifiable.TYPE, StringPool.SECURITY_TOKEN_SERVICE,
+                StringPool.SERVICE_ENDPOINT, StringPool.HTTPS_SCHEME + miwSettings.host() + "/api/token");
         org.eclipse.tractusx.ssi.lib.model.did.Service tokenService = new org.eclipse.tractusx.ssi.lib.model.did.Service(tokenServiceData);
-        Map<String, Object> credentialServiceData = Map.of(Verifiable.ID, did.toUri()+"#"+StringPool.CREDENTIAL_SERVICE, Verifiable.TYPE, StringPool.CREDENTIAL_SERVICE,
-                StringPool.SERVICE_ENDPOINT,  StringPool.HTTPS_SCHEME + miwSettings.host());
+        Map<String, Object> credentialServiceData = Map.of(Verifiable.ID, did.toUri() + "#" + StringPool.CREDENTIAL_SERVICE, Verifiable.TYPE, StringPool.CREDENTIAL_SERVICE,
+                StringPool.SERVICE_ENDPOINT, StringPool.HTTPS_SCHEME + miwSettings.host());
         org.eclipse.tractusx.ssi.lib.model.did.Service credentialService = new org.eclipse.tractusx.ssi.lib.model.did.Service(credentialServiceData);
-        didDocument.put(StringPool.SERVICE, List.of(tokenService,credentialService));
+        didDocument.put(StringPool.SERVICE, List.of(tokenService, credentialService));
 
         didDocument = DidDocument.fromJson(didDocument.toJson());
         log.debug("did document created for bpn ->{}", StringEscapeUtils.escapeJava(bpn));
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java
index a121b84a..57e7d41f 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java
@@ -30,9 +30,11 @@
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.SupportedAlgorithms;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.BadDataException;
+import org.eclipse.tractusx.managedidentitywallets.commons.utils.Validate;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
-import org.eclipse.tractusx.managedidentitywallets.constant.SupportedAlgorithms;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.JtiRecord;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
@@ -41,12 +43,10 @@
 import org.eclipse.tractusx.managedidentitywallets.domain.PresentationCreationConfig;
 import org.eclipse.tractusx.managedidentitywallets.domain.SigningServiceType;
 import org.eclipse.tractusx.managedidentitywallets.domain.VerifiableEncoding;
-import org.eclipse.tractusx.managedidentitywallets.exception.BadDataException;
 import org.eclipse.tractusx.managedidentitywallets.exception.MissingVcTypesException;
 import org.eclipse.tractusx.managedidentitywallets.exception.PermissionViolationException;
 import org.eclipse.tractusx.managedidentitywallets.signing.SignerResult;
 import org.eclipse.tractusx.managedidentitywallets.signing.SigningService;
-import org.eclipse.tractusx.managedidentitywallets.utils.Validate;
 import org.eclipse.tractusx.ssi.lib.did.resolver.DidResolver;
 import org.eclipse.tractusx.ssi.lib.exception.json.InvalidJsonLdException;
 import org.eclipse.tractusx.ssi.lib.exception.proof.JwtExpiredException;
@@ -70,10 +70,6 @@
 import java.util.Objects;
 import java.util.UUID;
 
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.BLANK_SEPARATOR;
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.COLON_SEPARATOR;
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.COMA_SEPARATOR;
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.UNDERSCORE;
 import static org.eclipse.tractusx.managedidentitywallets.utils.TokenParsingUtils.getClaimsSet;
 import static org.eclipse.tractusx.managedidentitywallets.utils.TokenParsingUtils.getScope;
 import static org.eclipse.tractusx.managedidentitywallets.utils.TokenParsingUtils.getStringClaim;
@@ -298,10 +294,10 @@ public Map<String, Object> createVpWithRequiredScopes(SignedJWT innerJWT, boolea
         List<VerifiableCredential> verifiableCredentials = new ArrayList<>();
 
         String scopeValue = getScope(jwtClaimsSet);
-        String[] scopes = scopeValue.split(BLANK_SEPARATOR);
+        String[] scopes = scopeValue.split(StringPool.BLANK_SEPARATOR);
 
         for (String scope : scopes) {
-            String[] scopeParts = scope.split(COLON_SEPARATOR);
+            String[] scopeParts = scope.split(StringPool.COLON_SEPARATOR);
             String vcType = scopeParts[1];
             checkReadPermission(scopeParts[2]);
             String vcTypeNoVersion = removeVersion(vcType);
@@ -357,12 +353,12 @@ private void checkReadPermission(String permission) {
     private void checkMissingVcs(List<String> missingVCTypes) {
         if (!missingVCTypes.isEmpty()) {
             throw new MissingVcTypesException(String.format("Missing VC types: %s",
-                    String.join(COMA_SEPARATOR, missingVCTypes)));
+                    String.join(StringPool.COMA_SEPARATOR, missingVCTypes)));
         }
     }
 
     private String removeVersion(String vcType) {
-        String[] parts = vcType.split(UNDERSCORE);
+        String[] parts = vcType.split(StringPool.UNDERSCORE);
         return (parts.length > 1) ? parts[0] : vcType;
     }
 
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/STSTokenValidationService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/STSTokenValidationService.java
index af991729..d9e67078 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/STSTokenValidationService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/STSTokenValidationService.java
@@ -26,9 +26,9 @@
 import com.nimbusds.jwt.SignedJWT;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.eclipse.tractusx.managedidentitywallets.constant.TokenValidationErrors;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.TokenValidationErrors;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.BadDataException;
 import org.eclipse.tractusx.managedidentitywallets.dto.ValidationResult;
-import org.eclipse.tractusx.managedidentitywallets.exception.BadDataException;
 import org.eclipse.tractusx.managedidentitywallets.utils.CustomSignedJWTVerifier;
 import org.eclipse.tractusx.managedidentitywallets.utils.TokenValidationUtils;
 import org.springframework.stereotype.Service;
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletKeyService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletKeyService.java
index ab7a636a..548a8bfe 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletKeyService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletKeyService.java
@@ -27,7 +27,7 @@
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 import org.bouncycastle.util.io.pem.PemReader;
-import org.eclipse.tractusx.managedidentitywallets.constant.SupportedAlgorithms;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.SupportedAlgorithms;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.WalletKey;
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletKeyRepository;
 import org.eclipse.tractusx.managedidentitywallets.exception.UnsupportedAlgorithmException;
@@ -97,6 +97,7 @@ public Object getPrivateKeyByKeyId(String keyId, SupportedAlgorithms supportedAl
             return privateKey;
         }
     }
+
     /**
      * Gets private key by wallet identifier.
      *
@@ -126,7 +127,7 @@ private static Object getKeyObject(SupportedAlgorithms algorithm, String private
     /**
      * Gets wallet key by wallet id.
      *
-     * @param walletId the wallet id
+     * @param walletId            the wallet id
      * @param supportedAlgorithms the algorithm  of private key
      * @return the wallet key by wallet identifier
      */
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java
index 0ca388ac..e3a835b3 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java
@@ -37,9 +37,12 @@
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.text.StringEscapeUtils;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.SupportedAlgorithms;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.BadDataException;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.ForbiddenException;
+import org.eclipse.tractusx.managedidentitywallets.commons.utils.Validate;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
-import org.eclipse.tractusx.managedidentitywallets.constant.SupportedAlgorithms;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.WalletKey;
@@ -48,13 +51,10 @@
 import org.eclipse.tractusx.managedidentitywallets.domain.KeyCreationConfig;
 import org.eclipse.tractusx.managedidentitywallets.domain.SigningServiceType;
 import org.eclipse.tractusx.managedidentitywallets.dto.CreateWalletRequest;
-import org.eclipse.tractusx.managedidentitywallets.exception.BadDataException;
 import org.eclipse.tractusx.managedidentitywallets.exception.DuplicateWalletProblem;
-import org.eclipse.tractusx.managedidentitywallets.exception.ForbiddenException;
 import org.eclipse.tractusx.managedidentitywallets.signing.SigningService;
 import org.eclipse.tractusx.managedidentitywallets.utils.CommonUtils;
 import org.eclipse.tractusx.managedidentitywallets.utils.EncryptionUtils;
-import org.eclipse.tractusx.managedidentitywallets.utils.Validate;
 import org.eclipse.tractusx.ssi.lib.crypt.KeyPair;
 import org.eclipse.tractusx.ssi.lib.crypt.jwk.JsonWebKey;
 import org.eclipse.tractusx.ssi.lib.did.web.DidWebFactory;
@@ -78,10 +78,6 @@
 import java.util.Map;
 import java.util.UUID;
 
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.COLON_SEPARATOR;
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.REFERENCE_KEY;
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.VAULT_ACCESS_TOKEN;
-
 /**
  * The type Wallet service.
  */
@@ -105,8 +101,6 @@ public class WalletService extends BaseService<Wallet, Long> {
 
     private final SpecificationUtil<Wallet> walletSpecificationUtil;
 
-    private final IssuersCredentialService issuersCredentialService;
-
     private final CommonService commonService;
 
     private final Map<SigningServiceType, SigningService> availableSigningServices;
@@ -302,8 +296,8 @@ private Wallet createWallet(CreateWalletRequest request, boolean authority, Stri
                 WalletKey.builder()
                         .wallet(wallet)
                         .keyId(e.keyId)
-                        .referenceKey(REFERENCE_KEY)
-                        .vaultAccessToken(VAULT_ACCESS_TOKEN)
+                        .referenceKey(StringPool.REFERENCE_KEY)
+                        .vaultAccessToken(StringPool.VAULT_ACCESS_TOKEN)
                         .privateKey(encryptionUtils.encrypt(CommonUtils.getKeyString(e.keyPair.getPrivateKey().asByte(), StringPool.PRIVATE_KEY)))
                         .publicKey(encryptionUtils.encrypt(CommonUtils.getKeyString(e.keyPair.getPublicKey().asByte(), StringPool.PUBLIC_KEY)))
                         .algorithm(e.algorithm.name())
@@ -319,13 +313,13 @@ private Wallet createWallet(CreateWalletRequest request, boolean authority, Stri
     }
 
     private Did createDidJson(String didUrl) {
-        String[] split = didUrl.split(COLON_SEPARATOR);
+        String[] split = didUrl.split(StringPool.COLON_SEPARATOR);
         if (split.length == 1) {
             return DidWebFactory.fromHostname(didUrl);
         } else if (split.length == 2) {
             return DidWebFactory.fromHostnameAndPath(split[0], split[1]);
         } else {
-            int i = didUrl.lastIndexOf(COLON_SEPARATOR);
+            int i = didUrl.lastIndexOf(StringPool.COLON_SEPARATOR);
             String[] splitByLast = { didUrl.substring(0, i), didUrl.substring(i + 1) };
             return DidWebFactory.fromHostnameAndPath(splitByLast[0], splitByLast[1]);
         }
@@ -345,7 +339,7 @@ protected void doInTransactionWithoutResult(TransactionStatus status) {
                     CreateWalletRequest request = CreateWalletRequest.builder()
                             .companyName(miwSettings.authorityWalletName())
                             .businessPartnerNumber(miwSettings.authorityWalletBpn())
-                            .didUrl(miwSettings.host() + COLON_SEPARATOR + miwSettings.authorityWalletBpn())
+                            .didUrl(miwSettings.host() + StringPool.COLON_SEPARATOR + miwSettings.authorityWalletBpn())
                             .build();
                     wallets[0] = createWallet(request, true, miwSettings.authorityWalletBpn());
                     log.info("Authority wallet created with bpn {}", StringEscapeUtils.escapeJava(miwSettings.authorityWalletBpn()));
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/revocation/RevocationService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/revocation/RevocationService.java
new file mode 100644
index 00000000..bd808834
--- /dev/null
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/revocation/RevocationService.java
@@ -0,0 +1,125 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.service.revocation;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.nimbusds.jwt.SignedJWT;
+import jakarta.validation.constraints.NotNull;
+import lombok.RequiredArgsConstructor;
+import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.CredentialStatus;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.RevocationPurpose;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.BadDataException;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.ForbiddenException;
+import org.eclipse.tractusx.managedidentitywallets.commons.utils.Validate;
+import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
+import org.eclipse.tractusx.managedidentitywallets.dto.CredentialVerificationRequest;
+import org.eclipse.tractusx.managedidentitywallets.dto.StatusListRequest;
+import org.eclipse.tractusx.managedidentitywallets.exception.RevocationException;
+import org.eclipse.tractusx.managedidentitywallets.revocation.RevocationClient;
+import org.eclipse.tractusx.managedidentitywallets.service.CommonService;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialStatusList2021Entry;
+import org.eclipse.tractusx.ssi.lib.serialization.SerializeUtil;
+import org.springframework.http.HttpStatus;
+import org.springframework.stereotype.Service;
+
+import java.util.Map;
+
+/**
+ * The `RevocationService` class is a Java service that handles the revocation of credentials and
+ * the creation of status lists.
+ */
+@Service
+@Slf4j
+@RequiredArgsConstructor
+public class RevocationService {
+
+    private final RevocationClient revocationClient;
+
+    private final CommonService commonService;
+
+    private final ObjectMapper objectMapper;
+
+
+    @SneakyThrows
+    public void revokeCredential(CredentialVerificationRequest verificationRequest, String callerBpn, String token) {
+        VerifiableCredential verifiableCredential;
+        if (verificationRequest.containsKey(StringPool.VC_JWT_KEY)) {
+            SignedJWT signedJWT = SignedJWT.parse((String) verificationRequest.get(StringPool.VC_JWT_KEY));
+            Map<String, Object> claims = objectMapper.readValue(signedJWT.getPayload().toBytes(), Map.class);
+            String vcClaim = objectMapper.writeValueAsString(claims.get("vc"));
+            Map<String, Object> map = SerializeUtil.fromJson(vcClaim);
+            verifiableCredential = new VerifiableCredential(map);
+        } else {
+            verifiableCredential = new VerifiableCredential(verificationRequest);
+        }
+        //check if credential status is not null
+        Validate.isTrue(verifiableCredential.getVerifiableCredentialStatus().isEmpty()).launch(new BadDataException("Provided credential is not revocable"));
+
+        //Fetch issuer waller
+        Wallet issuerWallet = commonService.getWalletByIdentifier(verifiableCredential.getIssuer().toString());
+
+        //check caller must be issuer of VC
+        Validate.isFalse(issuerWallet.getBpn().equals(callerBpn)).launch(new ForbiddenException("Invalid credential access"));
+
+        //check if VC is already Revoked
+        CredentialStatus credentialStatus = checkRevocation(verifiableCredential, token);
+
+        if (credentialStatus.getName().equals(CredentialStatus.REVOKED.getName())) {
+            throw new RevocationException(HttpStatus.CONFLICT.value(), "Credential is already revoked", Map.of("message", "Credential is already revoked"));
+        }
+        revocationClient.revokeCredential(verifiableCredential.getVerifiableCredentialStatus(), token);
+        log.info("Credential with id {} is revoked by caller bpn {}", verifiableCredential.getId(), callerBpn);
+    }
+
+    /**
+     * Gets status list entry.
+     *
+     * @param issuerId the issuer id
+     * @param token    the token
+     * @return the status list entry
+     */
+    public VerifiableCredentialStatusList2021Entry getStatusListEntry(@NotNull String issuerId, String token) {
+        StatusListRequest statusListRequest = StatusListRequest.builder()
+                .issuerId(issuerId)
+                .purpose(RevocationPurpose.REVOCATION.name().toLowerCase())
+                .build();
+
+        return new VerifiableCredentialStatusList2021Entry(revocationClient.getStatusListEntry(statusListRequest, token));
+    }
+
+    /**
+     * Check revocation credential status.
+     *
+     * @param verifiableCredential the verifiable credential
+     * @param token                the token
+     * @return the credential status
+     */
+    public CredentialStatus checkRevocation(@NotNull VerifiableCredential verifiableCredential, String token) {
+        Map<String, String> response = revocationClient.verifyCredentialStatus(verifiableCredential.getVerifiableCredentialStatus(), token);
+        log.debug("Revocation status for VC id->{}  -> {}", verifiableCredential.getId(), response.get("status"));
+        return CredentialStatus.valueOf(response.get("status").toUpperCase());
+    }
+}
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/KeyProvider.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/KeyProvider.java
index e8b925da..a2b45c27 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/KeyProvider.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/KeyProvider.java
@@ -21,7 +21,7 @@
 
 package org.eclipse.tractusx.managedidentitywallets.signing;
 
-import org.eclipse.tractusx.managedidentitywallets.constant.SupportedAlgorithms;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.SupportedAlgorithms;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.WalletKey;
 import org.eclipse.tractusx.managedidentitywallets.domain.DID;
 import org.eclipse.tractusx.managedidentitywallets.domain.KeyPair;
@@ -39,7 +39,6 @@ public interface KeyProvider {
     /**
      * @param keyName the name of the key that is to be retrieved
      * @return the key as a byte-array
-     *
      */
     Object getPrivateKey(String keyName, SupportedAlgorithms algorithm);
 
@@ -54,11 +53,11 @@ public interface KeyProvider {
 
     /**
      * @return the type of KeyProvider
-     *
      * @see KeyStorageType
      */
     KeyStorageType getKeyStorageType();
 
     KeyPair getKeyPair(DID self);
+
     KeyPair getKeyPair(String bpn);
 }
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/LocalKeyProvider.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/LocalKeyProvider.java
index 93353361..b1c39b19 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/LocalKeyProvider.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/LocalKeyProvider.java
@@ -22,7 +22,7 @@
 package org.eclipse.tractusx.managedidentitywallets.signing;
 
 import lombok.RequiredArgsConstructor;
-import org.eclipse.tractusx.managedidentitywallets.constant.SupportedAlgorithms;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.SupportedAlgorithms;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.WalletKey;
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletKeyRepository;
 import org.eclipse.tractusx.managedidentitywallets.domain.DID;
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/LocalSigningServiceImpl.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/LocalSigningServiceImpl.java
index 1b1198ff..d3f6ae05 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/LocalSigningServiceImpl.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/LocalSigningServiceImpl.java
@@ -32,8 +32,10 @@
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 import org.apache.commons.lang3.NotImplementedException;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
-import org.eclipse.tractusx.managedidentitywallets.constant.SupportedAlgorithms;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.SupportedAlgorithms;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.BadDataException;
+import org.eclipse.tractusx.managedidentitywallets.config.RevocationSettings;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.WalletKey;
 import org.eclipse.tractusx.managedidentitywallets.domain.BusinessPartnerNumber;
 import org.eclipse.tractusx.managedidentitywallets.domain.CredentialCreationConfig;
@@ -42,7 +44,6 @@
 import org.eclipse.tractusx.managedidentitywallets.domain.PresentationCreationConfig;
 import org.eclipse.tractusx.managedidentitywallets.domain.SigningServiceType;
 import org.eclipse.tractusx.managedidentitywallets.domain.VerifiableEncoding;
-import org.eclipse.tractusx.managedidentitywallets.exception.BadDataException;
 import org.eclipse.tractusx.managedidentitywallets.interfaces.SecureTokenService;
 import org.eclipse.tractusx.managedidentitywallets.service.JwtPresentationES256KService;
 import org.eclipse.tractusx.ssi.lib.crypt.IKeyGenerator;
@@ -101,6 +102,8 @@ public class LocalSigningServiceImpl implements LocalSigningService {
     // Autowired by name!!!
     private final SecureTokenService localSecureTokenService;
 
+    private final RevocationSettings revocationSettings;
+
     @Override
     public SignerResult createCredential(CredentialCreationConfig config) {
 
@@ -112,6 +115,9 @@ public SignerResult createCredential(CredentialCreationConfig config) {
                 return resultBuilder.jsonLd(createVerifiableCredential(config, privateKeyBytes)).build();
             }
             case JWT -> {
+
+                //TODO maybe this we want, currently in VC as JET, we are putting signed VC(VC with proof) as a JWT claim
+                //instead of this we should put VC without proof and utilize JWT signature as a proof
                 SignedJWT verifiableCredentialAsJwt = createVerifiableCredentialAsJwt(config);
                 return resultBuilder.jwt(verifiableCredentialAsJwt.serialize()).build();
             }
@@ -295,15 +301,12 @@ private VerifiablePresentation generateJsonLdPresentation(PresentationCreationCo
 
     @SneakyThrows
     private static VerifiableCredential createVerifiableCredential(CredentialCreationConfig config, byte[] privateKeyBytes) {
-        //VC Builder
-
         // if the credential does not contain the JWS proof-context add it
         URI jwsUri = URI.create("https://w3id.org/security/suites/jws-2020/v1");
         if (!config.getContexts().contains(jwsUri)) {
             config.getContexts().add(jwsUri);
         }
 
-
         URI id = URI.create(UUID.randomUUID().toString());
         VerifiableCredentialBuilder builder = new VerifiableCredentialBuilder()
                 .context(config.getContexts())
@@ -314,6 +317,10 @@ private static VerifiableCredential createVerifiableCredential(CredentialCreatio
                 .issuanceDate(Instant.now())
                 .credentialSubject(config.getSubject());
 
+        //set status list
+        if (config.isRevocable()) {
+            builder.verifiableCredentialStatus(config.getVerifiableCredentialStatus());
+        }
 
         LinkedDataProofGenerator generator = LinkedDataProofGenerator.newInstance(SignatureType.JWS);
         URI verificationMethod = config.getIssuerDoc().getVerificationMethods().get(0).getId();
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/BpnValidator.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/BpnValidator.java
index b701cf3b..9c262a85 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/BpnValidator.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/BpnValidator.java
@@ -21,12 +21,12 @@
 
 package org.eclipse.tractusx.managedidentitywallets.utils;
 
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
-import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.core.OAuth2TokenValidator;
 import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
+import org.springframework.security.oauth2.jwt.Jwt;
 
 import java.util.Map;
 import java.util.TreeMap;
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CommonUtils.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CommonUtils.java
index c38a50d6..b3514e7c 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CommonUtils.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CommonUtils.java
@@ -26,11 +26,12 @@
 import lombok.experimental.UtilityClass;
 import org.bouncycastle.util.io.pem.PemObject;
 import org.bouncycastle.util.io.pem.PemWriter;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.BadDataException;
+import org.eclipse.tractusx.managedidentitywallets.commons.utils.Validate;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential;
 import org.eclipse.tractusx.managedidentitywallets.domain.CredentialCreationConfig;
 import org.eclipse.tractusx.managedidentitywallets.dto.SecureTokenRequest;
-import org.eclipse.tractusx.managedidentitywallets.exception.BadDataException;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialType;
 import org.springframework.util.MultiValueMap;
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CustomSignedJWTVerifier.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CustomSignedJWTVerifier.java
index 903faceb..4df8e3a1 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CustomSignedJWTVerifier.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CustomSignedJWTVerifier.java
@@ -31,7 +31,7 @@
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters;
-import org.eclipse.tractusx.managedidentitywallets.exception.BadDataException;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.BadDataException;
 import org.eclipse.tractusx.managedidentitywallets.service.DidDocumentService;
 import org.eclipse.tractusx.ssi.lib.did.resolver.DidResolver;
 import org.eclipse.tractusx.ssi.lib.exception.proof.UnsupportedVerificationMethodException;
@@ -52,7 +52,7 @@ public class CustomSignedJWTVerifier {
     private final DidDocumentService didDocumentService;
     public static final String KID = "kid";
 
-    @SneakyThrows({UnsupportedVerificationMethodException.class})
+    @SneakyThrows({ UnsupportedVerificationMethodException.class })
     public boolean verify(String did, SignedJWT jwt) throws JOSEException {
         VerificationMethod verificationMethod = checkVerificationMethod(did, jwt);
         if (JWKVerificationMethod.isInstance(verificationMethod)) {
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenParsingUtils.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenParsingUtils.java
index 7e6d3cad..1a2eca48 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenParsingUtils.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenParsingUtils.java
@@ -25,8 +25,8 @@
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
 import lombok.experimental.UtilityClass;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
-import org.eclipse.tractusx.managedidentitywallets.exception.BadDataException;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.BadDataException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
@@ -36,10 +36,10 @@
 import java.util.Optional;
 import java.util.TreeMap;
 
-import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.NONCE;
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.JTI;
 import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.ACCESS_TOKEN;
 import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.SCOPE;
+import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.NONCE;
+import static org.springframework.security.oauth2.jwt.JwtClaimNames.JTI;
 
 /**
  * The type Token parsing utils.
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenValidationUtils.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenValidationUtils.java
index cea94cb5..3c58b839 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenValidationUtils.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenValidationUtils.java
@@ -23,7 +23,7 @@
 
 import com.nimbusds.jwt.JWTClaimsSet;
 import lombok.RequiredArgsConstructor;
-import org.eclipse.tractusx.managedidentitywallets.constant.TokenValidationErrors;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.TokenValidationErrors;
 import org.eclipse.tractusx.managedidentitywallets.dto.ValidationResult;
 import org.eclipse.tractusx.managedidentitywallets.service.DidDocumentService;
 import org.springframework.stereotype.Component;
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/Validate.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/Validate.java
deleted file mode 100644
index a33fb97c..00000000
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/Validate.java
+++ /dev/null
@@ -1,154 +0,0 @@
-/*
- * *******************************************************************************
- *  Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
- *
- *  See the NOTICE file(s) distributed with this work for additional
- *  information regarding copyright ownership.
- *
- *  This program and the accompanying materials are made available under the
- *  terms of the Apache License, Version 2.0 which is available at
- *  https://www.apache.org/licenses/LICENSE-2.0.
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- *  License for the specific language governing permissions and limitations
- *  under the License.
- *
- *  SPDX-License-Identifier: Apache-2.0
- * ******************************************************************************
- */
-
-package org.eclipse.tractusx.managedidentitywallets.utils;
-
-import java.util.Objects;
-
-/**
- * The type Validate.
- *
- * @param <T> the type parameter
- */
-public class Validate<T> {
-    private T value;
-    private boolean match = false;
-
-    private Validate() {
-    }
-
-    private Validate(T value) {
-        this.value = value;
-    }
-
-    /**
-     * Value validate.
-     *
-     * @param <V>   the type parameter
-     * @param value the value
-     * @return the validate
-     */
-    public static <V> Validate<V> value(V value) {
-        return new Validate<>(value);
-    }
-
-    /**
-     * Is true validate.
-     *
-     * @param <V>       the type parameter
-     * @param condition the condition
-     * @return the validate
-     */
-    public static <V> Validate<V> isTrue(boolean condition) {
-        Validate<V> validate = new Validate<>();
-        if (condition) {
-            validate.match = true;
-        }
-        return validate;
-    }
-
-    /**
-     * Throws if {@code condition} is false
-     *
-     * @param <V>       the type parameter
-     * @param condition the condition
-     * @return validate validate
-     */
-    public static <V> Validate<V> isFalse(boolean condition) {
-        Validate<V> validate = new Validate<>();
-        if (!condition) {
-            validate.match = true;
-        }
-        return validate;
-    }
-
-    /**
-     * Is null validate.
-     *
-     * @param <T>   the type parameter
-     * @param value the value
-     * @return the validate
-     */
-    public static <T> Validate<T> isNull(T value) {
-        return new Validate<>(value).isNull();
-    }
-
-    /**
-     * Is not null validate.
-     *
-     * @param <T>   the type parameter
-     * @param value the value
-     * @return the validate
-     */
-    public static <T> Validate<T> isNotNull(T value) {
-        return new Validate<>(value).isNotNull();
-    }
-
-
-    /**
-     * Is not empty validate.
-     *
-     * @return the validate
-     */
-    public Validate<T> isNotEmpty() {
-        if (match || Objects.isNull(value) || String.valueOf(value).trim().isEmpty()) {
-            match = true;
-        }
-        return this;
-    }
-
-    /**
-     * Is null validate.
-     *
-     * @return the validate
-     */
-    public Validate<T> isNull() {
-        if (match || Objects.isNull(value)) {
-            match = true;
-        }
-        return this;
-    }
-
-    /**
-     * Is not null validate.
-     *
-     * @return the validate
-     */
-    public Validate<T> isNotNull() {
-        if (match || !Objects.isNull(value)) {
-            match = true;
-        }
-        return this;
-    }
-
-    /**
-     * Throw passed exception if expression is match
-     *
-     * @param e exception to throw
-     * @return the t
-     */
-    public T launch(RuntimeException e) {
-        if (match) {
-            throw e;
-        }
-        return value;
-    }
-}
\ No newline at end of file
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/validator/SecureTokenRequestValidator.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/validator/SecureTokenRequestValidator.java
index 1f6dd6e4..5ecd58f0 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/validator/SecureTokenRequestValidator.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/validator/SecureTokenRequestValidator.java
@@ -33,6 +33,8 @@
 public class SecureTokenRequestValidator implements Validator {
 
     public static final String LINKED_MULTI_VALUE_MAP_CLASS_NAME = "org.springframework.util.LinkedMultiValueMap";
+    public static final String ACCESS_TOKEN = "accessToken";
+    public static final String BEARER_ACCESS_SCOPE = "bearerAccessScope";
 
     @Override
     public boolean supports(Class<?> clazz) {
@@ -53,18 +55,18 @@ public void validate(Object target, Errors errors) {
         ValidationUtils.rejectIfEmptyOrWhitespace(errorsHandled, "grantType", "grant_type.empty", "The 'grant_type' cannot be empty or missing.");
 
         if (secureTokenRequest.getAccessToken() != null && secureTokenRequest.getBearerAccessScope() != null) {
-            errorsHandled.rejectValue("accessToken", "access_token.incompatible", "The 'access_token' and the 'bearer_access_token' cannot be set together.");
-            errorsHandled.rejectValue("bearerAccessScope", "bearer_access_scope.incompatible", "The 'access_token' and the 'bearer_access_token' cannot be set together.");
+            errorsHandled.rejectValue(ACCESS_TOKEN, "access_token.incompatible", "The 'access_token' and the 'bearer_access_token' cannot be set together.");
+            errorsHandled.rejectValue(BEARER_ACCESS_SCOPE, "bearer_access_scope.incompatible", "The 'access_token' and the 'bearer_access_token' cannot be set together.");
         }
         if (secureTokenRequest.getAccessToken() == null && secureTokenRequest.getBearerAccessScope() == null) {
-            errorsHandled.rejectValue("accessToken", "access_token.incompatible", "Both the 'access_token' and the 'bearer_access_scope' are missing. At least one must be set.");
-            errorsHandled.rejectValue("bearerAccessScope", "bearer_access_scope.incompatible", "Both the 'access_token' and the 'bearer_access_scope' are missing. At least one must be set.");
+            errorsHandled.rejectValue(ACCESS_TOKEN, "access_token.incompatible", "Both the 'access_token' and the 'bearer_access_scope' are missing. At least one must be set.");
+            errorsHandled.rejectValue(BEARER_ACCESS_SCOPE, "bearer_access_scope.incompatible", "Both the 'access_token' and the 'bearer_access_scope' are missing. At least one must be set.");
         }
         if (secureTokenRequest.getAccessToken() != null) {
-            ValidationUtils.rejectIfEmptyOrWhitespace(errorsHandled, "accessToken", "access_token.empty", "The 'access_token' cannot be empty or missing.");
+            ValidationUtils.rejectIfEmptyOrWhitespace(errorsHandled, ACCESS_TOKEN, "access_token.empty", "The 'access_token' cannot be empty or missing.");
         }
         if (secureTokenRequest.getBearerAccessScope() != null) {
-            ValidationUtils.rejectIfEmptyOrWhitespace(errorsHandled, "bearerAccessScope", "bearer_access_scope.empty", "The 'bearer_access_scope' cannot be empty or missing.");
+            ValidationUtils.rejectIfEmptyOrWhitespace(errorsHandled, BEARER_ACCESS_SCOPE, "bearer_access_scope.empty", "The 'bearer_access_scope' cannot be empty or missing.");
         }
     }
 }
diff --git a/miw/src/main/resources/application.yaml b/miw/src/main/resources/application.yaml
index aa638730..d705efe1 100644
--- a/miw/src/main/resources/application.yaml
+++ b/miw/src/main/resources/application.yaml
@@ -18,7 +18,7 @@
 ################################################################################
 
 server:
-  port: ${APPLICATION_PORT:8087}
+  port: ${APPLICATION_PORT:8080}
   shutdown: graceful
   compression:
     enabled: true
@@ -30,9 +30,9 @@ spring:
   application:
     name: miw
   datasource:
-    url: jdbc:postgresql://${DB_HOST}:${DB_PORT:5432}/${DB_NAME}?useSSL=${USE_SSL}
-    username: ${DB_USER_NAME}
-    password: ${DB_PASSWORD}
+    url: jdbc:postgresql://${DB_HOST:localhost}:${DB_PORT:5434}/${DB_NAME:miw}?useSSL=${USE_SSL:false}
+    username: ${DB_USER_NAME:admin}
+    password: ${DB_PASSWORD:admin}
     initialization-mode: always
     hikari:
       maximumPoolSize: ${DB_POOL_SIZE:10}
@@ -89,11 +89,11 @@ logging:
           managedidentitywallets: ${APP_LOG_LEVEL:INFO}
 
 miw:
-  host: ${MIW_HOST_NAME:localhost}
-  encryptionKey: ${ENCRYPTION_KEY}
+  host: ${MIW_HOST_NAME:a888-203-129-213-107.ngrok-free.app}
+  encryptionKey: ${ENCRYPTION_KEY:PQL+9tK5jaKXR+9hepTsNg==}
   authorityWalletBpn: ${AUTHORITY_WALLET_BPN:BPNL000000000000}
   authorityWalletName: ${AUTHORITY_WALLET_NAME:Catena-X}
-  authorityWalletDid: ${AUTHORITY_WALLET_DID:did:web:localhost:BPNL000000000000}
+  authorityWalletDid: ${AUTHORITY_WALLET_DID:did:web:a888-203-129-213-107.ngrok-free.app:BPNL000000000000}
   authoritySigningServiceType: ${AUTHORITY_SIGNING_SERVICE_TYPE:LOCAL}
   localSigningKeyStorageType: ${LOCAL_SIGNING_KEY_STORAGE_TYPE:DB}
   vcContexts: ${VC_SCHEMA_LINK:https://www.w3.org/2018/credentials/v1, https://catenax-ng.github.io/product-core-schemas/businessPartnerData.json}
@@ -103,11 +103,13 @@ miw:
   security:
     enabled: true
     realm: ${KEYCLOAK_REALM:miw_test}
-    clientId: ${KEYCLOAK_CLIENT_ID}
-    auth-server-url: ${AUTH_SERVER_URL:http://localhost:8081}
+    clientId: ${KEYCLOAK_CLIENT_ID:miw_private_client}
+    auth-server-url: ${AUTH_SERVER_URL:http://localhost:28080}
     auth-url: ${miw.security.auth-server-url}/realms/${miw.security.realm}/protocol/openid-connect/auth
     token-url: ${miw.security.auth-server-url}/realms/${miw.security.realm}/protocol/openid-connect/token
     refresh-token-url: ${miw.security.token-url}
+  revocation:
+    url: ${REVOCATION_SERVICE_URL:http://localhost:8081}
 
 
 sts:
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationIatpFilterTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationIatpFilterTest.java
index d85994f1..a181c2e1 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationIatpFilterTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationIatpFilterTest.java
@@ -22,9 +22,9 @@
 package org.eclipse.tractusx.managedidentitywallets.controller;
 
 import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer;
 import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.dto.ValidationResult;
 import org.eclipse.tractusx.managedidentitywallets.service.STSTokenValidationService;
 import org.junit.jupiter.api.Assertions;
@@ -47,8 +47,8 @@
 import java.util.List;
 import java.util.Map;
 
-import static org.eclipse.tractusx.managedidentitywallets.constant.TokenValidationErrors.NONCE_MISSING;
-import static org.eclipse.tractusx.managedidentitywallets.constant.TokenValidationErrors.TOKEN_ALREADY_EXPIRED;
+import static org.eclipse.tractusx.managedidentitywallets.commons.constant.TokenValidationErrors.NONCE_MISSING;
+import static org.eclipse.tractusx.managedidentitywallets.commons.constant.TokenValidationErrors.TOKEN_ALREADY_EXPIRED;
 
 @DirtiesContext
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = { ManagedIdentityWalletsApplication.class })
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/controller/SecureTokenControllerTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/controller/SecureTokenControllerTest.java
index 58dc1165..bcf1e431 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/controller/SecureTokenControllerTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/controller/SecureTokenControllerTest.java
@@ -45,7 +45,7 @@
 import java.util.List;
 import java.util.Map;
 
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.COLON_SEPARATOR;
+import static org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool.COLON_SEPARATOR;
 
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = { ManagedIdentityWalletsApplication.class })
 @ContextConfiguration(initializers = { TestContextInitializer.class })
@@ -104,8 +104,8 @@ void tokenJSON() {
                 new ParameterizedTypeReference<>() {
                 }
         );
-        Assertions.assertEquals(response.getStatusCode(), HttpStatus.OK);
-        Assertions.assertEquals(response.getHeaders().getContentType(), MediaType.APPLICATION_JSON);
+        Assertions.assertEquals(HttpStatus.OK, response.getStatusCode());
+        Assertions.assertEquals(MediaType.APPLICATION_JSON, response.getHeaders().getContentType());
         Assertions.assertNotNull(response.getBody());
         Assertions.assertNotNull(response.getBody().getOrDefault("access_token", null));
         Assertions.assertNotNull(response.getBody().getOrDefault("expiresAt", null));
@@ -127,7 +127,7 @@ void tokenFormUrlencoded() {
                 new ParameterizedTypeReference<>() {
                 }
         );
-        Assertions.assertEquals(response.getStatusCode(), HttpStatus.OK);
+        Assertions.assertEquals(HttpStatus.OK, response.getStatusCode());
         Assertions.assertEquals(response.getHeaders().getContentType(), MediaType.APPLICATION_JSON);
         Assertions.assertNotNull(response.getBody());
         Assertions.assertNotNull(response.getBody().getOrDefault("access_token", null));
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/did/DidDocumentsTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/did/DidDocumentsTest.java
index 4e902df7..5645132f 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/did/DidDocumentsTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/did/DidDocumentsTest.java
@@ -38,10 +38,10 @@
 import org.springframework.http.ResponseEntity;
 import org.springframework.test.context.ContextConfiguration;
 
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.COLON_SEPARATOR;
+import static org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool.COLON_SEPARATOR;
 
-@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = {ManagedIdentityWalletsApplication.class})
-@ContextConfiguration(initializers = {TestContextInitializer.class})
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = { ManagedIdentityWalletsApplication.class })
+@ContextConfiguration(initializers = { TestContextInitializer.class })
 class DidDocumentsTest {
 
     @Autowired
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/domain/CredentialCreationConfigTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/domain/CredentialCreationConfigTest.java
index 07ccba5a..10da4a2e 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/domain/CredentialCreationConfigTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/domain/CredentialCreationConfigTest.java
@@ -21,7 +21,7 @@
 
 package org.eclipse.tractusx.managedidentitywallets.domain;
 
-import org.eclipse.tractusx.managedidentitywallets.constant.SupportedAlgorithms;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.SupportedAlgorithms;
 import org.eclipse.tractusx.ssi.lib.model.did.Did;
 import org.eclipse.tractusx.ssi.lib.model.did.DidDocument;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialStatus;
@@ -115,7 +115,7 @@ void shouldThrowWhenSettingIllegalVcId() {
     }
 
     @Test
-    void shouldNotThrowWhenVcIdValid(){
+    void shouldNotThrowWhenVcIdValid() {
         CredentialCreationConfig.CredentialCreationConfigBuilder builder = CredentialCreationConfig.builder();
         assertDoesNotThrow(() -> builder.vcId("https://test.com"));
         assertDoesNotThrow(() -> builder.vcId(URI.create("https://test.com")));
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialServiceTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialServiceTest.java
index 6be2a0c3..4c52d70c 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialServiceTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialServiceTest.java
@@ -28,9 +28,10 @@
 import com.smartsensesolutions.java.commons.specification.SpecificationUtil;
 import lombok.SneakyThrows;
 import org.apache.commons.lang3.time.DateUtils;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.SupportedAlgorithms;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
-import org.eclipse.tractusx.managedidentitywallets.constant.SupportedAlgorithms;
+import org.eclipse.tractusx.managedidentitywallets.config.RevocationSettings;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.IssuersCredential;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
@@ -42,6 +43,7 @@
 import org.eclipse.tractusx.managedidentitywallets.dto.CredentialVerificationRequest;
 import org.eclipse.tractusx.managedidentitywallets.dto.CredentialsResponse;
 import org.eclipse.tractusx.managedidentitywallets.interfaces.SecureTokenService;
+import org.eclipse.tractusx.managedidentitywallets.service.revocation.RevocationService;
 import org.eclipse.tractusx.managedidentitywallets.signing.LocalKeyProvider;
 import org.eclipse.tractusx.managedidentitywallets.signing.LocalSigningServiceImpl;
 import org.eclipse.tractusx.managedidentitywallets.signing.SigningService;
@@ -119,6 +121,10 @@ class IssuersCredentialServiceTest {
 
     private static EncryptionUtils encryptionUtils;
 
+    private static RevocationService revocationService;
+
+    private static RevocationSettings revocationSettings;
+
     private static final ObjectMapper objectMapper = new ObjectMapper();
 
     @BeforeAll
@@ -131,6 +137,8 @@ public static void beforeAll() throws SQLException {
         issuersCredentialRepository = mock(IssuersCredentialRepository.class);
         secureTokenService = mock(SecureTokenService.class);
         walletKeyRepository = mock(WalletKeyRepository.class);
+        revocationService = mock(RevocationService.class);
+        revocationSettings = mock(RevocationSettings.class);
 
         Connection connection = mock(Connection.class);
 
@@ -145,7 +153,7 @@ public static void beforeAll() throws SQLException {
                 issuersCredentialRepository,
                 miwSettings,
                 new SpecificationUtil<IssuersCredential>(),
-                holdersCredentialRepository, commonService, objectMapper);
+                holdersCredentialRepository, commonService, objectMapper, revocationService);
     }
 
     @BeforeEach
@@ -208,7 +216,7 @@ public HoldersCredential answer(InvocationOnMock invocation) {
             when(walletKeyService.getPrivateKeyByKeyId(anyString(), any())).thenReturn(keyPair.getPrivateKey());
             when(walletKeyRepository.getByAlgorithmAndWallet_Bpn(anyString(), anyString())).thenReturn(walletKey);
 
-            LocalSigningServiceImpl localSigningService = new LocalSigningServiceImpl(secureTokenService);
+            LocalSigningServiceImpl localSigningService = new LocalSigningServiceImpl(secureTokenService, revocationSettings);
             localSigningService.setKeyProvider(new LocalKeyProvider(walletKeyService, walletKeyRepository, encryptionUtils));
 
             Map<SigningServiceType, SigningService> map = new HashMap<>();
@@ -220,8 +228,8 @@ public HoldersCredential answer(InvocationOnMock invocation) {
                     () -> issuersCredentialService.issueCredentialUsingBaseWallet(
                             holderWalletBpn,
                             verifiableCredential,
-                            true,
-                            baseWalletBpn));
+                            true, false,
+                            baseWalletBpn, "dummy token"));
 
             validateCredentialResponse(credentialsResponse, MockUtil.buildDidDocument(new Did(new DidMethod("web"),
                     new DidMethodIdentifier("basewallet"),
@@ -274,7 +282,7 @@ void shouldValidateAsJWT() throws DidParseException {
             credentialVerificationRequest.setJwt(serialized);
 
             Map<String, Object> stringObjectMap = assertDoesNotThrow(
-                    () -> issuersCredentialService.credentialsValidation(credentialVerificationRequest, true));
+                    () -> issuersCredentialService.credentialsValidation(credentialVerificationRequest, true, "dummy token"));
             assertTrue((Boolean) stringObjectMap.get(StringPool.VALID));
         }
     }
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/service/STSTokenValidationServiceTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/service/STSTokenValidationServiceTest.java
index 4614ea02..d357b96f 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/service/STSTokenValidationServiceTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/service/STSTokenValidationServiceTest.java
@@ -27,9 +27,9 @@
 import com.nimbusds.jose.jwk.gen.OctetKeyPairGenerator;
 import com.nimbusds.jwt.JWTClaimsSet;
 import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.TokenValidationErrors;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
 import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer;
-import org.eclipse.tractusx.managedidentitywallets.constant.TokenValidationErrors;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository;
 import org.eclipse.tractusx.managedidentitywallets.dto.ValidationResult;
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/AuthenticationUtils.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/AuthenticationUtils.java
index 1f4be3d3..6f2a31ce 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/AuthenticationUtils.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/AuthenticationUtils.java
@@ -21,8 +21,8 @@
 
 package org.eclipse.tractusx.managedidentitywallets.utils;
 
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
 import org.jetbrains.annotations.NotNull;
 import org.keycloak.admin.client.Keycloak;
 import org.keycloak.admin.client.KeycloakBuilder;
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java
index 005efcea..5e9a7e34 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java
@@ -33,14 +33,14 @@
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
 import lombok.SneakyThrows;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.ForbiddenException;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
 import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository;
 import org.eclipse.tractusx.managedidentitywallets.domain.SigningServiceType;
 import org.eclipse.tractusx.managedidentitywallets.dto.CreateWalletRequest;
-import org.eclipse.tractusx.managedidentitywallets.exception.ForbiddenException;
 import org.eclipse.tractusx.ssi.lib.model.did.DidDocument;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.Verifiable;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
@@ -160,8 +160,6 @@ public static Wallet getWalletFromString(String body) throws JsonProcessingExcep
     }
 
 
-
-
     @NotNull
     public static List<VerifiableCredential> getVerifiableCredentials(ResponseEntity<String> response, ObjectMapper objectMapper) throws JsonProcessingException {
         Map<String, Object> map = objectMapper.readValue(response.getBody(), Map.class);
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenValidationUtilsTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenValidationUtilsTest.java
index 6f9c0091..ef5c52c2 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenValidationUtilsTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenValidationUtilsTest.java
@@ -23,7 +23,7 @@
 
 import com.nimbusds.jwt.JWTClaimsSet;
 import lombok.SneakyThrows;
-import org.eclipse.tractusx.managedidentitywallets.constant.TokenValidationErrors;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.TokenValidationErrors;
 import org.eclipse.tractusx.managedidentitywallets.dto.ValidationResult;
 import org.eclipse.tractusx.managedidentitywallets.service.DidDocumentService;
 import org.eclipse.tractusx.ssi.lib.model.did.DidDocument;
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java
index 7da209a7..fa74e9c0 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java
@@ -25,10 +25,10 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import lombok.SneakyThrows;
 import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
 import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer;
 import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.controller.IssuersCredentialController;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
@@ -79,8 +79,6 @@
 import java.util.Objects;
 import java.util.UUID;
 
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.COLON_SEPARATOR;
-
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = { ManagedIdentityWalletsApplication.class })
 @ContextConfiguration(initializers = { TestContextInitializer.class })
 @ExtendWith(MockitoExtension.class)
@@ -252,7 +250,7 @@ void validateCredentialsWithInvalidVC() throws com.fasterxml.jackson.core.JsonPr
             }).thenReturn(mock);
             Mockito.when(mock.verify(Mockito.any(VerifiableCredential.class))).thenReturn(false);
 
-            Map<String, Object> stringObjectMap = credentialController.credentialsValidation(request, false).getBody();
+            Map<String, Object> stringObjectMap = credentialController.credentialsValidation(request, false, "dummy token").getBody();
             Assertions.assertFalse(Boolean.parseBoolean(stringObjectMap.get(StringPool.VALID).toString()));
         }
     }
@@ -275,7 +273,7 @@ void validateCredentialsWithExpiryCheckTrue() {
             }).thenReturn(mock);
             Mockito.when(mock.verify(Mockito.any(VerifiableCredential.class))).thenReturn(true);
 
-            Map<String, Object> stringObjectMap = credentialController.credentialsValidation(request, true).getBody();
+            Map<String, Object> stringObjectMap = credentialController.credentialsValidation(request, true, "dummy token").getBody();
             Assertions.assertTrue(Boolean.parseBoolean(stringObjectMap.get(StringPool.VALID).toString()));
             Assertions.assertTrue(Boolean.parseBoolean(stringObjectMap.get(StringPool.VALIDATE_EXPIRY_DATE).toString()));
         }
@@ -302,7 +300,7 @@ void validateCredentialsWithExpiryCheckFalse() throws com.fasterxml.jackson.core
             }).thenReturn(mock);
             Mockito.when(mock.verify(Mockito.any(VerifiableCredential.class))).thenReturn(true);
 
-            Map<String, Object> stringObjectMap = credentialController.credentialsValidation(request, false).getBody();
+            Map<String, Object> stringObjectMap = credentialController.credentialsValidation(request, false, "dummt token").getBody();
             Assertions.assertTrue(Boolean.parseBoolean(stringObjectMap.get(StringPool.VALID).toString()));
         }
     }
@@ -330,7 +328,7 @@ void validateExpiredCredentialsWithExpiryCheckTrue() throws com.fasterxml.jackso
             }).thenReturn(mock);
             Mockito.when(mock.verify(Mockito.any(VerifiableCredential.class))).thenReturn(true);
 
-            Map<String, Object> stringObjectMap = credentialController.credentialsValidation(request, true).getBody();
+            Map<String, Object> stringObjectMap = credentialController.credentialsValidation(request, true, "dummy token").getBody();
             Assertions.assertFalse(Boolean.parseBoolean(stringObjectMap.get(StringPool.VALID).toString()));
             Assertions.assertFalse(Boolean.parseBoolean(stringObjectMap.get(StringPool.VALIDATE_EXPIRY_DATE).toString()));
 
@@ -341,7 +339,7 @@ void validateExpiredCredentialsWithExpiryCheckTrue() throws com.fasterxml.jackso
     private Map<String, Object> issueVC() throws JsonProcessingException {
         String bpn = TestUtils.getRandomBpmNumber();
         String baseBpn = miwSettings.authorityWalletBpn();
-        String defaultLocation = miwSettings.host() + COLON_SEPARATOR + bpn;
+        String defaultLocation = miwSettings.host() + StringPool.COLON_SEPARATOR + bpn;
         ResponseEntity<String> response = TestUtils.createWallet(bpn, "Test Wallet", restTemplate, baseBpn, defaultLocation);
         Wallet wallet = TestUtils.getWalletFromString(response.getBody());
         VerifiableCredential verifiableCredential = TestUtils.issueCustomVCUsingBaseWallet(bpn, wallet.getDid(), miwSettings.authorityWalletDid(), "Type1", AuthenticationUtils.getValidUserHttpHeaders(miwSettings.authorityWalletBpn()), miwSettings, objectMapper, restTemplate);
@@ -353,7 +351,7 @@ private Map<String, Object> issueVC() throws JsonProcessingException {
     private ResponseEntity<String> issueVC(String bpn, String did, String type, HttpHeaders headers) throws JsonProcessingException {
         String baseBpn = miwSettings.authorityWalletBpn();
         //save wallet
-        String defaultLocation = miwSettings.host() + COLON_SEPARATOR + bpn;
+        String defaultLocation = miwSettings.host() + StringPool.COLON_SEPARATOR + bpn;
         TestUtils.createWallet(bpn, did, restTemplate, baseBpn, defaultLocation);
 
         // Create VC without proof
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java
index 7f6473bc..712dcf5c 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java
@@ -25,10 +25,11 @@
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.ForbiddenException;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
 import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer;
 import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.IssuersCredential;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
@@ -36,7 +37,6 @@
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.IssuersCredentialRepository;
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository;
 import org.eclipse.tractusx.managedidentitywallets.dto.CreateWalletRequest;
-import org.eclipse.tractusx.managedidentitywallets.exception.ForbiddenException;
 import org.eclipse.tractusx.managedidentitywallets.utils.AuthenticationUtils;
 import org.eclipse.tractusx.managedidentitywallets.utils.TestUtils;
 import org.eclipse.tractusx.ssi.lib.did.web.DidWebFactory;
@@ -61,7 +61,7 @@
 import java.util.Map;
 import java.util.Objects;
 
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.COLON_SEPARATOR;
+import static org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool.COLON_SEPARATOR;
 
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = { ManagedIdentityWalletsApplication.class })
 @ContextConfiguration(initializers = { TestContextInitializer.class })
@@ -246,5 +246,4 @@ void issueCredentials200() throws com.fasterxml.jackson.core.JsonProcessingExcep
     }
 
 
-
 }
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/PresentationValidationTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/PresentationValidationTest.java
index 4441d638..cd316f02 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/PresentationValidationTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/PresentationValidationTest.java
@@ -28,10 +28,10 @@
 import lombok.Setter;
 import lombok.SneakyThrows;
 import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
 import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer;
 import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
 import org.eclipse.tractusx.managedidentitywallets.dto.CreateWalletRequest;
 import org.eclipse.tractusx.managedidentitywallets.dto.CredentialsResponse;
@@ -68,7 +68,7 @@
 import java.util.Map;
 import java.util.UUID;
 
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.COLON_SEPARATOR;
+import static org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool.COLON_SEPARATOR;
 
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = { ManagedIdentityWalletsApplication.class })
 @ContextConfiguration(initializers = { TestContextInitializer.class })
@@ -120,13 +120,13 @@ public void setup() throws DidParseException {
 
         Map<String, Object> type1 = TestUtils.getCredentialAsMap(miwSettings.authorityWalletBpn(), miwSettings.authorityWalletDid(), miwSettings.authorityWalletDid(), "Type1", miwSettings, new com.fasterxml.jackson.databind.ObjectMapper());
 
-        CredentialsResponse rs1 = issuersCredentialService.issueCredentialUsingBaseWallet(tenantWallet.getDid(), type1, false, bpnOperator);
+        CredentialsResponse rs1 = issuersCredentialService.issueCredentialUsingBaseWallet(tenantWallet.getDid(), type1, false, false, bpnOperator, "dummy token");
         vc_1 = new ObjectMapper().convertValue(rs1, VerifiableCredential.class);
 
 
         Map<String, Object> type2 = TestUtils.getCredentialAsMap(miwSettings.authorityWalletBpn(), miwSettings.authorityWalletDid(), miwSettings.authorityWalletDid(), "Type2", miwSettings, new com.fasterxml.jackson.databind.ObjectMapper());
 
-        CredentialsResponse rs2 = issuersCredentialService.issueCredentialUsingBaseWallet(tenantWallet.getDid(), type2, false, bpnOperator);
+        CredentialsResponse rs2 = issuersCredentialService.issueCredentialUsingBaseWallet(tenantWallet.getDid(), type2, false, false, bpnOperator, "dummy token");
         vc_2 = new ObjectMapper().convertValue(rs2, VerifiableCredential.class);
     }
 
@@ -139,7 +139,7 @@ void testSuccessfulValidation() {
 
     @Test
     @SneakyThrows
-    public void testSuccessfulValidationForMultipleVC() {
+    void testSuccessfulValidationForMultipleVC() {
         Map<String, Object> creationResponse = createPresentationJwt(List.of(vc_1, vc_2), tenant_1);
         // get the payload of the json web token
         String encodedJwtPayload = ((String) creationResponse.get("vp")).split("\\.")[1];
@@ -153,7 +153,7 @@ public void testSuccessfulValidationForMultipleVC() {
     }
 
     @Test
-    public void testValidationFailureOfCredentialWitInvalidExpirationDate() {
+    void testValidationFailureOfCredentialWitInvalidExpirationDate() {
         // test is related to this old issue where the signature check still succeeded
         // https://github.com/eclipse-tractusx/SSI-agent-lib/issues/4
         VerifiableCredential copyCredential = new VerifiableCredential(vc_1);
@@ -166,7 +166,7 @@ public void testValidationFailureOfCredentialWitInvalidExpirationDate() {
 
 
     @Test
-    public void testValidationFailureOfCredentialWitInvalidExpirationDateInSecondCredential() {
+    void testValidationFailureOfCredentialWitInvalidExpirationDateInSecondCredential() {
         // test is related to this old issue where the signature check still succeeded
         // https://github.com/eclipse-tractusx/SSI-agent-lib/issues/4
         VerifiableCredential copyCredential = new VerifiableCredential(vc_1);
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/VerifiableCredentialIssuerEqualProofSignerTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/VerifiableCredentialIssuerEqualProofSignerTest.java
index 4537be00..5c9c44f4 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/VerifiableCredentialIssuerEqualProofSignerTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/VerifiableCredentialIssuerEqualProofSignerTest.java
@@ -23,9 +23,9 @@
 
 import lombok.SneakyThrows;
 import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
 import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
 import org.eclipse.tractusx.managedidentitywallets.service.CommonService;
 import org.eclipse.tractusx.managedidentitywallets.service.PresentationService;
@@ -53,11 +53,11 @@
 import java.util.Map;
 import java.util.UUID;
 
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.COLON_SEPARATOR;
+import static org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool.COLON_SEPARATOR;
 
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = { ManagedIdentityWalletsApplication.class })
 @ContextConfiguration(initializers = { TestContextInitializer.class })
-public class VerifiableCredentialIssuerEqualProofSignerTest {
+class VerifiableCredentialIssuerEqualProofSignerTest {
 
     @Autowired
     private MIWSettings miwSettings;
@@ -76,7 +76,7 @@ public class VerifiableCredentialIssuerEqualProofSignerTest {
 
     @SneakyThrows
     @Test
-    public void test() {
+    void test() {
         var bpn1 = "BPNL000000000FOO";
         String defaultLocation = miwSettings.host() + COLON_SEPARATOR + bpn1;
         var response1 = TestUtils.createWallet(bpn1, "did:web:localhost%3A8080:BPNL000000000FOO", restTemplate, miwSettings.authorityWalletBpn(), defaultLocation);
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationServiceTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationServiceTest.java
index 31768e04..df45f40a 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationServiceTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationServiceTest.java
@@ -28,14 +28,14 @@
 import com.nimbusds.jwt.SignedJWT;
 import lombok.SneakyThrows;
 import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.BadDataException;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
 import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.JtiRecord;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.JtiRepository;
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository;
-import org.eclipse.tractusx.managedidentitywallets.exception.BadDataException;
 import org.eclipse.tractusx.managedidentitywallets.exception.MissingVcTypesException;
 import org.eclipse.tractusx.managedidentitywallets.exception.PermissionViolationException;
 import org.eclipse.tractusx.managedidentitywallets.service.IssuersCredentialService;
@@ -58,7 +58,7 @@
 import java.util.Map;
 import java.util.UUID;
 
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.COLON_SEPARATOR;
+import static org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool.COLON_SEPARATOR;
 import static org.eclipse.tractusx.managedidentitywallets.utils.TestConstants.BPN_CREDENTIAL_READ;
 import static org.eclipse.tractusx.managedidentitywallets.utils.TestConstants.BPN_CREDENTIAL_WRITE;
 import static org.eclipse.tractusx.managedidentitywallets.utils.TestConstants.DID_BPN_1;
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java
index f7495895..e0b8e2f2 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java
@@ -27,10 +27,10 @@
 import com.nimbusds.jwt.SignedJWT;
 import lombok.SneakyThrows;
 import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
 import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer;
 import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.controller.PresentationController;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
@@ -74,7 +74,7 @@
 import java.util.Objects;
 import java.util.UUID;
 
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.COLON_SEPARATOR;
+import static org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool.COLON_SEPARATOR;
 
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = { ManagedIdentityWalletsApplication.class })
 @ContextConfiguration(initializers = { TestContextInitializer.class })
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/wallet/WalletTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/wallet/WalletTest.java
index 7095a256..61d18ee4 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/wallet/WalletTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/wallet/WalletTest.java
@@ -25,11 +25,11 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.nimbusds.jose.jwk.Curve;
 import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.SupportedAlgorithms;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
 import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer;
 import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
-import org.eclipse.tractusx.managedidentitywallets.constant.SupportedAlgorithms;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.WalletKey;
@@ -70,8 +70,6 @@
 import java.util.Map;
 import java.util.Objects;
 
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.COLON_SEPARATOR;
-
 
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = { ManagedIdentityWalletsApplication.class })
 @ContextConfiguration(initializers = { TestContextInitializer.class })
@@ -139,7 +137,7 @@ void createWalletTestWithUserToken403() {
         String name = "Sample Wallet";
         HttpHeaders headers = AuthenticationUtils.getValidUserHttpHeaders(bpn);
 
-        String defaultLocation = miwSettings.host() + COLON_SEPARATOR + bpn;
+        String defaultLocation = miwSettings.host() + StringPool.COLON_SEPARATOR + bpn;
         CreateWalletRequest request = CreateWalletRequest.builder().businessPartnerNumber(bpn).companyName(name).didUrl(defaultLocation).build();
 
         HttpEntity<CreateWalletRequest> entity = new HttpEntity<>(request, headers);
@@ -155,7 +153,7 @@ void createWalletWithInvalidBPNTest400() throws JSONException {
         String name = "Sample Wallet";
         String baseBpn = miwSettings.authorityWalletBpn();
 
-        String defaultLocation = miwSettings.host() + COLON_SEPARATOR + bpn;
+        String defaultLocation = miwSettings.host() + StringPool.COLON_SEPARATOR + bpn;
         ResponseEntity<String> response = TestUtils.createWallet(bpn, name, restTemplate, baseBpn, defaultLocation);
         Assertions.assertEquals(HttpStatus.BAD_REQUEST.value(), response.getStatusCode().value());
     }
@@ -167,7 +165,7 @@ void createWalletTest201() throws JsonProcessingException, JSONException {
         String name = "Sample Wallet";
         String baseBpn = miwSettings.authorityWalletBpn();
 
-        String defaultLocation = miwSettings.host() + COLON_SEPARATOR + bpn;
+        String defaultLocation = miwSettings.host() + StringPool.COLON_SEPARATOR + bpn;
         ResponseEntity<String> response = TestUtils.createWallet(bpn, name, restTemplate, baseBpn, defaultLocation);
         Assertions.assertEquals(HttpStatus.CREATED.value(), response.getStatusCode().value());
         Wallet wallet = TestUtils.getWalletFromString(response.getBody());
@@ -180,10 +178,10 @@ void createWalletTest201() throws JsonProcessingException, JSONException {
         // both public keys will include the publicKeyJwk format to express the public key
         List<String> curves = verificationMethods.stream().map(vm -> (LinkedHashMap) vm.get(JWKVerificationMethod.PUBLIC_KEY_JWK))
                 .map(lhm -> lhm.get(JWKVerificationMethod.JWK_CURVE).toString()).toList();
-        List<String> algorithms = Arrays.asList(Curve.SECP256K1.toString(),Curve.Ed25519.toString());
+        List<String> algorithms = Arrays.asList(Curve.SECP256K1.toString(), Curve.Ed25519.toString());
         // both the Ed25519 and the secp256k1 curve keys must be present in the verificationMethod of a did document
         Assertions.assertTrue(curves.containsAll(algorithms));
-        List<URI> assertionMethod = (List<URI>)wallet.getDidDocument().get(StringPool.ASSERTION_METHOD);
+        List<URI> assertionMethod = (List<URI>) wallet.getDidDocument().get(StringPool.ASSERTION_METHOD);
         // both public keys must be expressed in the assertionMethod
         Assertions.assertEquals(2, assertionMethod.size());
         // both public keys will use the JsonWebKey2020 verification method type
@@ -242,7 +240,7 @@ void storeCredentialsTest201() throws JsonProcessingException {
         String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString();
         String baseBpn = miwSettings.authorityWalletBpn();
 
-        String defaultLocation = miwSettings.host() + COLON_SEPARATOR + bpn;
+        String defaultLocation = miwSettings.host() + StringPool.COLON_SEPARATOR + bpn;
         TestUtils.createWallet(bpn, "name", restTemplate, baseBpn, defaultLocation);
 
         ResponseEntity<Map> response = storeCredential(bpn, did);
@@ -320,7 +318,7 @@ void storeCredentialsWithDifferentHolder403() throws JsonProcessingException {
         String bpn = TestUtils.getRandomBpmNumber();
         String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString();
         String baseBpn = miwSettings.authorityWalletBpn();
-        String defaultLocation = miwSettings.host() + COLON_SEPARATOR + bpn;
+        String defaultLocation = miwSettings.host() + StringPool.COLON_SEPARATOR + bpn;
         TestUtils.createWallet(bpn, "name", restTemplate, baseBpn, defaultLocation);
 
         HttpHeaders headers = AuthenticationUtils.getValidUserHttpHeaders("Some random pbn");
@@ -339,7 +337,7 @@ void createWalletWithDuplicateBpn409() throws JsonProcessingException, JSONExcep
         String baseBpn = miwSettings.authorityWalletBpn();
 
         //save wallet
-        String defaultLocation = miwSettings.host() + COLON_SEPARATOR + bpn;
+        String defaultLocation = miwSettings.host() + StringPool.COLON_SEPARATOR + bpn;
         ResponseEntity<String> response = TestUtils.createWallet(bpn, name, restTemplate, baseBpn, defaultLocation);
         TestUtils.getWalletFromString(response.getBody());
         Assertions.assertEquals(HttpStatus.CREATED.value(), response.getStatusCode().value());
@@ -366,7 +364,7 @@ void getWalletByIdentifierWithInvalidBPNTest403() {
         String bpn = TestUtils.getRandomBpmNumber();
         String baseBpn = miwSettings.authorityWalletBpn();
 
-        String defaultLocation = miwSettings.host() + COLON_SEPARATOR + bpn;
+        String defaultLocation = miwSettings.host() + StringPool.COLON_SEPARATOR + bpn;
         TestUtils.createWallet(bpn, "sample name", restTemplate, baseBpn, defaultLocation);
 
         //create token with different BPN
@@ -385,7 +383,7 @@ void getWalletByIdentifierBPNTest200() throws JsonProcessingException, JSONExcep
         String baseBpn = miwSettings.authorityWalletBpn();
 
         //Create entry
-        String defaultLocation = miwSettings.host() + COLON_SEPARATOR + bpn;
+        String defaultLocation = miwSettings.host() + StringPool.COLON_SEPARATOR + bpn;
         Wallet wallet = TestUtils.getWalletFromString(TestUtils.createWallet(bpn, name, restTemplate, baseBpn, defaultLocation).getBody());
 
         //get wallet without credentials
@@ -410,7 +408,7 @@ void getWalletByIdentifierBPNWithCredentialsTest200() throws JsonProcessingExcep
         String baseBpn = miwSettings.authorityWalletBpn();
 
         //Create entry
-        String defaultLocation = miwSettings.host() + COLON_SEPARATOR + bpn;
+        String defaultLocation = miwSettings.host() + StringPool.COLON_SEPARATOR + bpn;
         Wallet wallet = TestUtils.getWalletFromString(TestUtils.createWallet(bpn, name, restTemplate, baseBpn, defaultLocation).getBody());
 
         //store credentials
@@ -440,7 +438,7 @@ void getWalletByIdentifierDidTest200() throws JsonProcessingException, JSONExcep
         String baseBpn = miwSettings.authorityWalletBpn();
 
         //Create entry
-        String defaultLocation = miwSettings.host() + COLON_SEPARATOR + bpn;
+        String defaultLocation = miwSettings.host() + StringPool.COLON_SEPARATOR + bpn;
         Wallet wallet = TestUtils.getWalletFromString(TestUtils.createWallet(bpn, name, restTemplate, baseBpn, defaultLocation).getBody());
 
         HttpHeaders headers = AuthenticationUtils.getValidUserHttpHeaders(bpn);
@@ -485,7 +483,7 @@ void getWallets200() throws JsonProcessingException, JSONException {
         String name = "Sample Name";
         String baseBpn = miwSettings.authorityWalletBpn();
         //Create entry
-        String defaultLocation = miwSettings.host() + COLON_SEPARATOR + bpn;
+        String defaultLocation = miwSettings.host() + StringPool.COLON_SEPARATOR + bpn;
         TestUtils.createWallet(bpn, name, restTemplate, baseBpn, defaultLocation);
 
         HttpHeaders headers = AuthenticationUtils.getValidUserHttpHeaders();
diff --git a/revocation-service/build.gradle b/revocation-service/build.gradle
index a5f0ef39..edb64565 100644
--- a/revocation-service/build.gradle
+++ b/revocation-service/build.gradle
@@ -36,6 +36,10 @@ java {
 }
 
 dependencies {
+
+    //project deps
+    implementation project(":wallet-commons")
+
     implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
     implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
     implementation 'org.springframework.boot:spring-boot-starter-oauth2-resource-server'
@@ -46,7 +50,7 @@ dependencies {
     implementation 'org.springframework.cloud:spring-cloud-starter-openfeign'
     implementation "org.springdoc:springdoc-openapi-starter-common:${openApiVersion}"
     implementation "org.springdoc:springdoc-openapi-starter-webmvc-ui:${openApiVersion}"
-    implementation  "com.google.code.gson:gson:${gsonVersion}"
+    implementation "com.google.code.gson:gson:${gsonVersion}"
     implementation 'org.liquibase:liquibase-core'
     implementation "org.eclipse.tractusx.ssi:cx-ssi-lib:${ssiLibVersion}"
     compileOnly "org.projectlombok:lombok:${lombokVersion}"
@@ -111,8 +115,6 @@ htmlDependencyReport {
 }
 
 
-
-
 jacocoTestCoverageVerification {
     afterEvaluate {
         classDirectories.setFrom(files(classDirectories.files.collect {
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/apidocs/RevocationApiControllerApiDocs.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/apidocs/RevocationApiControllerApiDocs.java
index 168e094a..13c521ee 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/apidocs/RevocationApiControllerApiDocs.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/apidocs/RevocationApiControllerApiDocs.java
@@ -36,6 +36,7 @@
 
 public class RevocationApiControllerApiDocs {
 
+
     @Target(ElementType.METHOD)
     @Retention(RetentionPolicy.RUNTIME)
     @ApiResponses(
@@ -43,7 +44,16 @@ public class RevocationApiControllerApiDocs {
                     @ApiResponse(
                             responseCode = "200",
                             description = "Verifiable credential revoked successfully.",
-                            content = @Content()),
+                            content = @Content(examples = { @ExampleObject(description = "if credential is revoked", value = """
+                                    {
+                                        "status":"revoked"
+                                    }
+                                    """),
+                                    @ExampleObject(description = "if credential is is active", value = """
+                                            {
+                                                "status":"active"
+                                            }
+                                            """) })),
                     @ApiResponse(
                             responseCode = "401",
                             description = "UnauthorizedException: invalid token",
@@ -60,15 +70,68 @@ public class RevocationApiControllerApiDocs {
                                     examples =
                                     @ExampleObject(
                                             value =
-                                                    "{\n"
-                                                            + "  \"type\": \"about:blank\",\n"
-                                                            + "  \"title\": \"Revocation service error\",\n"
-                                                            + "  \"status\": 409,\n"
-                                                            + "  \"detail\": \"Credential already revoked\",\n"
-                                                            + "  \"type\": \"BitstringStatusListEntry\",\n"
-                                                            + "  \"instance\": \"/api/v1/revocations/revoke\",\n"
-                                                            + "  \"timestamp\": 1707133388128\n"
-                                                            + "}"),
+                                                    ""),
+                                    mediaType = "application/json")),
+                    @ApiResponse(
+                            responseCode = "500",
+                            description = "RevocationServiceException: Internal Server Error",
+                            content = @Content())
+            })
+    @RequestBody(
+            content = {
+                    @Content(
+                            examples =
+                            @ExampleObject(
+                                    value = """
+                                            {
+                                                "id": "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1#12",
+                                                "statusPurpose": "revocation",
+                                                "statusListIndex": "12",
+                                                "statusListCredential": "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
+                                                "type": "BitstringStatusListEntry"
+                                            }
+                                            """),
+                            mediaType = "application/json")
+            })
+    @Operation(
+            summary = "Verify Revocation status",
+            description = "Verify revocation status of Credential")
+    public @interface verifyCredentialDocs {
+    }
+
+    @Target(ElementType.METHOD)
+    @Retention(RetentionPolicy.RUNTIME)
+    @ApiResponses(
+            value = {
+                    @ApiResponse(
+                            responseCode = "200",
+                            description = "Verifiable credential revoked successfully.",
+                            content = @Content()),
+                    @ApiResponse(
+                            responseCode = "401",
+                            description = "UnauthorizedException: invalid token",
+                            content = @Content()),
+                    @ApiResponse(
+                            responseCode = "403",
+                            description = "ForbiddenException: invalid caller",
+                            content = @Content()),
+                    @ApiResponse(
+                            responseCode = "409",
+                            description = "ConflictException: Revocation service error",
+                            content =
+                            @Content(
+                                    examples =
+                                    @ExampleObject(
+                                            value = """
+                                                    {
+                                                        "type": "BitstringStatusListEntry",
+                                                        "title": "Revocation service error",
+                                                        "status": "409",
+                                                        "detail": "Credential already revoked",
+                                                        "instance": "/api/v1/revocations/revoke",
+                                                        "timestamp": 1707133388128
+                                                    }
+                                                    """),
                                     mediaType = "application/json")),
                     @ApiResponse(
                             responseCode = "500",
@@ -80,14 +143,15 @@ public class RevocationApiControllerApiDocs {
                     @Content(
                             examples =
                             @ExampleObject(
-                                    value =
-                                            "{\n"
-                                                    + "  \"id\": \"http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1#0\",\n"
-                                                    + "  \"statusPurpose\": \"revocation\",\n"
-                                                    + "  \"statusListIndex\": \"0\",\n"
-                                                    + "  \"statusListCredential\": \"http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1\",\n"
-                                                    + "  \"type\": \"BitstringStatusListEntry\"\n"
-                                                    + "}"),
+                                    value = """
+                                            {
+                                                "id": "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1#12",
+                                                "statusPurpose": "revocation",
+                                                "statusListIndex": "12",
+                                                "statusListCredential": "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
+                                                "type": "BitstringStatusListEntry"
+                                            }
+                                            """),
                             mediaType = "application/json")
             })
     @Operation(
@@ -107,14 +171,15 @@ public class RevocationApiControllerApiDocs {
                                     @Content(
                                             examples =
                                             @ExampleObject(
-                                                    value =
-                                                            "{\n"
-                                                                    + "  \"id\": \"http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1#0\",\n"
-                                                                    + "  \"statusPurpose\": \"revocation\",\n"
-                                                                    + "  \"statusListIndex\": \"0\",\n"
-                                                                    + "  \"statusListCredential\": \"http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1\",\n"
-                                                                    + "  \"type\": \"BitstringStatusListEntry\"\n"
-                                                                    + "}"),
+                                                    value = """
+                                                            {
+                                                                "id": "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1#17",
+                                                                "statusPurpose": "revocation",
+                                                                "statusListIndex": "17",
+                                                                "statusListCredential": "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
+                                                                "type": "BitstringStatusListEntry"
+                                                            }
+                                                            """),
                                             mediaType = "application/json")
                             }),
                     @ApiResponse(
@@ -135,11 +200,12 @@ public class RevocationApiControllerApiDocs {
                     @Content(
                             examples =
                             @ExampleObject(
-                                    value =
-                                            "{\n"
-                                                    + "  \"purpose\": \"revocation\",\n"
-                                                    + "  \"issuerId\": \"did:web:localhost:BPNL000000000000\"\n"
-                                                    + "}"),
+                                    value = """
+                                            {
+                                              "purpose": "revocation",
+                                              "issuerId": "did:web:localhost:BPNL000000000000"
+                                            }
+                                            """),
                             mediaType = "application/json")
             })
     @Operation(
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/ExceptionHandling.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/ExceptionHandling.java
index e237b86a..f8b22a5f 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/ExceptionHandling.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/ExceptionHandling.java
@@ -23,8 +23,8 @@
 
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.exception.ExceptionUtils;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.ForbiddenException;
 import org.eclipse.tractusx.managedidentitywallets.revocation.exception.CredentialAlreadyRevokedException;
-import org.eclipse.tractusx.managedidentitywallets.revocation.exception.ForbiddenException;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ProblemDetail;
 import org.springframework.web.bind.annotation.ExceptionHandler;
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/SecurityConfig.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/SecurityConfig.java
index 1424ba96..ca9e786f 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/SecurityConfig.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/SecurityConfig.java
@@ -23,7 +23,7 @@
 
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.eclipse.tractusx.managedidentitywallets.revocation.constant.ApplicationRole;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.ApplicationRole;
 import org.eclipse.tractusx.managedidentitywallets.revocation.constant.RevocationApiEndpoints;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/RevocationApiEndpoints.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/RevocationApiEndpoints.java
index b91f949e..25f040c9 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/RevocationApiEndpoints.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/RevocationApiEndpoints.java
@@ -26,6 +26,7 @@ public class RevocationApiEndpoints {
     public static final String REVOCATION_API = "/api/v1/revocations";
     public static final String CREDENTIALS = "/api/credentials";
     public static final String REVOKE = "/revoke";
+    public static final String VERIFY = "/verify";
     public static final String STATUS_ENTRY = "/status-entry";
     public static final String CREDENTIALS_BY_ISSUER = "/credentials";
     public static final String CREDENTIALS_STATUS_INDEX =
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/BaseController.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/BaseController.java
index 0c982b91..341a4780 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/BaseController.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/BaseController.java
@@ -21,8 +21,8 @@
 
 package org.eclipse.tractusx.managedidentitywallets.revocation.controllers;
 
-import org.eclipse.tractusx.managedidentitywallets.revocation.utils.StringPool;
-import org.eclipse.tractusx.managedidentitywallets.revocation.utils.Validate;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.utils.Validate;
 import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiController.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiController.java
index f4b0d82f..580ff2af 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiController.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiController.java
@@ -26,14 +26,14 @@
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.ForbiddenException;
+import org.eclipse.tractusx.managedidentitywallets.commons.utils.Validate;
 import org.eclipse.tractusx.managedidentitywallets.revocation.apidocs.RevocationApiControllerApiDocs;
 import org.eclipse.tractusx.managedidentitywallets.revocation.constant.RevocationApiEndpoints;
 import org.eclipse.tractusx.managedidentitywallets.revocation.dto.CredentialStatusDto;
 import org.eclipse.tractusx.managedidentitywallets.revocation.dto.StatusEntryDto;
-import org.eclipse.tractusx.managedidentitywallets.revocation.exception.ForbiddenException;
 import org.eclipse.tractusx.managedidentitywallets.revocation.exception.RevocationServiceException;
 import org.eclipse.tractusx.managedidentitywallets.revocation.services.RevocationService;
-import org.eclipse.tractusx.managedidentitywallets.revocation.utils.Validate;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
@@ -48,6 +48,7 @@
 import org.springframework.web.bind.annotation.RestController;
 
 import java.security.Principal;
+import java.util.Map;
 
 /**
  * The RevocationApiController class is a REST controller that handles revocation-related API
@@ -112,6 +113,21 @@ public ResponseEntity<HttpStatus> revokeCredential(
         return new ResponseEntity<>(HttpStatus.OK);
     }
 
+
+    @RevocationApiControllerApiDocs.verifyCredentialDocs
+    @PostMapping(RevocationApiEndpoints.VERIFY)
+    public ResponseEntity<Map<String, String>> verifyRevocation(
+            @Valid @RequestBody CredentialStatusDto dto,
+            @Parameter(hidden = true) @RequestHeader(name = HttpHeaders.AUTHORIZATION) String token,
+            Principal principal) {
+        Validate.isFalse(
+                        getBPNFromToken(principal).equals(revocationService.extractBpnFromURL(dto.id())))
+                .launch(new ForbiddenException("Invalid caller"));
+
+
+        return ResponseEntity.ofNullable(revocationService.verifyStatus(dto));
+    }
+
     /**
      * The function `getCredentialsByIssuerId` retrieves a list of credentials by their issuer ID.
      *
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/CredentialStatusDto.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/CredentialStatusDto.java
index cf3ce0b1..e3f0bdc1 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/CredentialStatusDto.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/CredentialStatusDto.java
@@ -24,7 +24,7 @@
 import com.fasterxml.jackson.annotation.JsonProperty;
 import jakarta.validation.constraints.NotBlank;
 import jakarta.validation.constraints.NotNull;
-import org.eclipse.tractusx.managedidentitywallets.revocation.constant.PurposeType;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.RevocationPurpose;
 import org.eclipse.tractusx.managedidentitywallets.revocation.utils.BitSetManager;
 
 public record CredentialStatusDto(
@@ -38,7 +38,7 @@ public record CredentialStatusDto(
                 || Integer.parseInt(statusListIndex) > BitSetManager.BITSET_SIZE - 1) {
             throw new IllegalArgumentException("statusListIndex is out of range");
         }
-        if (!statusPurpose.equalsIgnoreCase(PurposeType.REVOCATION.toString())) {
+        if (!statusPurpose.equalsIgnoreCase(RevocationPurpose.REVOCATION.name())) {
             throw new IllegalArgumentException("invalid statusPurpose");
         }
         if (!type.equals(StatusListCredentialSubject.TYPE_ENTRY)) {
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusEntryDto.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusEntryDto.java
index 9a77d39e..8c033c24 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusEntryDto.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusEntryDto.java
@@ -25,7 +25,7 @@
 import jakarta.validation.Valid;
 import jakarta.validation.constraints.NotBlank;
 import jakarta.validation.constraints.NotNull;
-import org.eclipse.tractusx.managedidentitywallets.revocation.constant.PurposeType;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.RevocationPurpose;
 
 @Valid
 public record StatusEntryDto(
@@ -34,7 +34,7 @@ public record StatusEntryDto(
         @NotNull @NotBlank @JsonProperty("issuerId") String issuerId) {
 
     public StatusEntryDto {
-        if (!purpose.equalsIgnoreCase(PurposeType.REVOCATION.toString())) {
+        if (!purpose.equalsIgnoreCase(RevocationPurpose.REVOCATION.name())) {
             throw new IllegalArgumentException("purpose should only be revocation at this time");
         }
     }
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java
index 1704295b..f0ebd35c 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java
@@ -25,6 +25,7 @@
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.BadDataException;
 import org.eclipse.tractusx.managedidentitywallets.revocation.config.MIWSettings;
 import org.eclipse.tractusx.managedidentitywallets.revocation.constant.RevocationApiEndpoints;
 import org.eclipse.tractusx.managedidentitywallets.revocation.domain.BPN;
@@ -38,19 +39,34 @@
 import org.eclipse.tractusx.managedidentitywallets.revocation.repository.StatusListCredentialRepository;
 import org.eclipse.tractusx.managedidentitywallets.revocation.repository.StatusListIndexRepository;
 import org.eclipse.tractusx.managedidentitywallets.revocation.utils.BitSetManager;
+import org.eclipse.tractusx.managedidentitywallets.revocation.utils.CommonUtils;
+import org.eclipse.tractusx.ssi.lib.did.resolver.DidResolver;
+import org.eclipse.tractusx.ssi.lib.did.web.DidWebResolver;
+import org.eclipse.tractusx.ssi.lib.did.web.util.DidWebParser;
+import org.eclipse.tractusx.ssi.lib.exception.did.DidParseException;
+import org.eclipse.tractusx.ssi.lib.exception.json.TransformJsonLdException;
+import org.eclipse.tractusx.ssi.lib.exception.key.InvalidPublicKeyFormatException;
+import org.eclipse.tractusx.ssi.lib.exception.proof.NoVerificationKeyFoundException;
+import org.eclipse.tractusx.ssi.lib.exception.proof.SignatureParseException;
+import org.eclipse.tractusx.ssi.lib.exception.proof.SignatureVerificationFailedException;
+import org.eclipse.tractusx.ssi.lib.exception.proof.UnsupportedSignatureTypeException;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialBuilder;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialSubject;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialType;
+import org.eclipse.tractusx.ssi.lib.proof.LinkedDataProofValidation;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
 import java.net.URI;
+import java.net.http.HttpClient;
 import java.time.Instant;
 import java.util.ArrayList;
+import java.util.BitSet;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -63,6 +79,8 @@
 @RequiredArgsConstructor
 public class RevocationService {
 
+    public static final String ENCODED_LIST = "encodedList";
+
     private final StatusListCredentialRepository statusListCredentialRepository;
 
     private final StatusListIndexRepository statusListIndexRepository;
@@ -71,6 +89,52 @@ public class RevocationService {
 
     private final MIWSettings miwSettings;
 
+    @Transactional
+
+    public Map<String, String> verifyStatus(CredentialStatusDto statusDto) {
+
+        String url = statusDto.statusListCredential();
+
+        String[] values = CommonUtils.extractValuesFromURL(url);
+        VerifiableCredential statusListCredential = getStatusListCredential(values[0], values[1], values[2]);
+        if (Objects.isNull(statusListCredential)) {
+            log.error("Status list VC not found for issuer -> {}",
+                    values[0]);
+            throw new BadDataException("Status list VC not found for issuer -> " + values[0]);
+        }
+
+        //validate status list VC
+        validateStatusListVC(statusListCredential);
+
+
+        String encodedList = statusListCredential.getCredentialSubject().get(0).get(ENCODED_LIST).toString();
+
+        BitSet bitSet = BitSetManager.decompress(BitSetManager.decodeFromString(encodedList));
+        int index = Integer.parseInt(statusDto.statusListIndex());
+        boolean status = bitSet.get(index);
+        return Map.of("status", status ? "revoked" : "active");
+    }
+
+
+    private void validateStatusListVC(VerifiableCredential statusListCredential) {
+        HttpClient httpClient = HttpClient.newBuilder()
+                .followRedirects(HttpClient.Redirect.ALWAYS)
+                .build();
+        DidResolver didResolver = new DidWebResolver(httpClient, new DidWebParser(), true);
+        LinkedDataProofValidation proofValidation = LinkedDataProofValidation.newInstance(didResolver);
+        boolean valid = false;
+        try {
+            valid = proofValidation.verify(statusListCredential);
+        } catch (UnsupportedSignatureTypeException | SignatureParseException | DidParseException |
+                 InvalidPublicKeyFormatException | SignatureVerificationFailedException |
+                 NoVerificationKeyFoundException | TransformJsonLdException e) {
+            log.error("Verification failed with error -> {}", e.getMessage(), e);
+        }
+        if (!valid) {
+            throw new BadDataException("Status list credential is not valid");
+        }
+    }
+
     /**
      * The `revoke` function revokes a credential by updating the status list credential with a new
      * subject and saving it to the repository.
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/CommonUtils.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/CommonUtils.java
new file mode 100644
index 00000000..767d0c0d
--- /dev/null
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/CommonUtils.java
@@ -0,0 +1,53 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.utils;
+
+import lombok.experimental.UtilityClass;
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+@UtilityClass
+public class CommonUtils {
+
+    /**
+     * Extracts the BPN number, purpose and credential index from the URL
+     *
+     * @param url the URL to extract the values from
+     * @return an array containing the BPN number [0], purpose [1] and credential index [2]
+     */
+    public String[] extractValuesFromURL(String url) {
+        // Define a regular expression pattern to match the desired parts
+        Pattern pattern =
+                Pattern.compile("/credentials/(B\\w+)/(.*?)/(\\d+)", Pattern.CASE_INSENSITIVE);
+        // Create a Matcher object and find the first match in the URL
+        Matcher matcher = pattern.matcher(url);
+        if (matcher.find()) {
+            String bpnlNumber = matcher.group(1);
+            String purpose = matcher.group(2);
+            String credentialIndex = matcher.group(3);
+            return new String[]{ bpnlNumber.toUpperCase(), purpose, credentialIndex };
+        } else {
+            throw new IllegalArgumentException("No match found");
+        }
+    }
+}
diff --git a/revocation-service/src/main/resources/application.yaml b/revocation-service/src/main/resources/application.yaml
index 98f4296f..35065c0b 100644
--- a/revocation-service/src/main/resources/application.yaml
+++ b/revocation-service/src/main/resources/application.yaml
@@ -21,7 +21,7 @@
 revocation:
   application:
     name: ${APPLICATION_NAME:Revocation}
-    port: ${APPLICATION_PORT:8080}
+    port: ${APPLICATION_PORT:8081}
     profile: ${APPLICATION_PROFILE:local}
   database:
     host: ${DATABASE_HOST:localhost}
@@ -49,10 +49,10 @@ revocation:
       token-url: ${revocation.security.keycloak.auth-server-url}/realms/${revocation.security.keycloak.realm}/protocol/openid-connect/token
       refresh-token-url: ${revocation.security.keycloak.token-url}
   miw:
-    url: ${MIW_URL:https://b366-203-129-213-107.ngrok-free.app}
-    vcContexts: ${VC_SCHEMA_LINK:https://www.w3.org/2018/credentials/v1, https://eclipse-tractusx.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json}
+    url: ${MIW_URL:https://a888-203-129-213-107.ngrok-free.app}
+    vcContexts: ${VC_SCHEMA_LINK:https://www.w3.org/2018/credentials/v1, https://cofinity-x.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json}
   domain:
-    url: ${DOMAIN_URL:http://localhost:8080}
+    url: ${DOMAIN_URL:https://977d-203-129-213-107.ngrok-free.app}
 
 
 
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/TestUtil.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/TestUtil.java
index bbb67685..6dc27476 100644
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/TestUtil.java
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/TestUtil.java
@@ -21,6 +21,7 @@
 
 package org.eclipse.tractusx.managedidentitywallets.revocation;
 
+import lombok.SneakyThrows;
 import org.eclipse.tractusx.managedidentitywallets.revocation.dto.StatusListCredentialSubject;
 import org.eclipse.tractusx.managedidentitywallets.revocation.jpa.StatusListCredential;
 import org.eclipse.tractusx.managedidentitywallets.revocation.jpa.StatusListIndex;
@@ -51,6 +52,8 @@
 import java.util.Map;
 import java.util.zip.GZIPInputStream;
 import java.util.zip.GZIPOutputStream;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
 
 import static org.mockito.Mockito.when;
 
@@ -186,4 +189,15 @@ public static BitSet decompressGzip(byte[] bytes) {
     public static String extractBpnFromDid(String did) {
         return did.substring(did.lastIndexOf(":") + 1).toUpperCase();
     }
+
+    @SneakyThrows
+    public static void main(String[] args) {
+        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+        // use explicit initialization as the platform default might fail
+        keyGen.init(128);
+        SecretKey secretKey = keyGen.generateKey();
+        String s = Base64.getEncoder().encodeToString(secretKey.getEncoded());
+
+        System.out.println(s);
+    }
 }
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/ExceptionHandlingTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/ExceptionHandlingTest.java
index 9e4e07c0..8beebbd0 100644
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/ExceptionHandlingTest.java
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/ExceptionHandlingTest.java
@@ -21,8 +21,8 @@
 
 package org.eclipse.tractusx.managedidentitywallets.revocation.config;
 
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.ForbiddenException;
 import org.eclipse.tractusx.managedidentitywallets.revocation.exception.CredentialAlreadyRevokedException;
-import org.eclipse.tractusx.managedidentitywallets.revocation.exception.ForbiddenException;
 import org.junit.jupiter.api.Test;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ProblemDetail;
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiControllerTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiControllerTest.java
index 4d0740c7..ff11b541 100644
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiControllerTest.java
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiControllerTest.java
@@ -22,13 +22,13 @@
 package org.eclipse.tractusx.managedidentitywallets.revocation.controllers;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import org.eclipse.tractusx.managedidentitywallets.revocation.constant.PurposeType;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.RevocationPurpose;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.revocation.constant.RevocationApiEndpoints;
 import org.eclipse.tractusx.managedidentitywallets.revocation.dto.CredentialStatusDto;
 import org.eclipse.tractusx.managedidentitywallets.revocation.dto.StatusEntryDto;
 import org.eclipse.tractusx.managedidentitywallets.revocation.services.RevocationService;
 import org.eclipse.tractusx.managedidentitywallets.revocation.utils.BitSetManager;
-import org.eclipse.tractusx.managedidentitywallets.revocation.utils.StringPool;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -65,7 +65,7 @@
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 @ExtendWith(MockitoExtension.class)
-public class RevocationApiControllerTest {
+class RevocationApiControllerTest {
 
     private static final String CALLER_BPN = UUID.randomUUID().toString();
 
@@ -87,16 +87,16 @@ public void setup() {
     }
 
     @Test
-    public void whenPostCreateStatusListVC_thenReturnStatus() throws Exception {
+    void whenPostCreateStatusListVC_thenReturnStatus() throws Exception {
         // Given
-        String validPurpose = PurposeType.REVOCATION.toString();
+        String validPurpose = RevocationPurpose.REVOCATION.name();
         StatusEntryDto statusEntryDto = new StatusEntryDto(validPurpose, DID);
         String validIndex =
                 String.valueOf(BitSetManager.BITSET_SIZE / 2); // any valid index within range
         CredentialStatusDto credentialStatusDto =
                 new CredentialStatusDto(
                         "https://example.com/revocations/credentials/" + BPN + "/revocation/1#" + validIndex,
-                        PurposeType.REVOCATION.toString(),
+                        RevocationPurpose.REVOCATION.name(),
                         validIndex, // this value is within the range [0, BitSetManager.BITSET_SIZE - 1]
                         "https://example.com/revocations/credentials/" + BPN + "/revocation/1",
                         "BitstringStatusListEntry");
@@ -132,7 +132,7 @@ private Principal mockPrincipal(String name) {
     }
 
     @Test
-    public void whenPostRevokeCredential_thenReturnOkStatus() throws Exception {
+    void whenPostRevokeCredential_thenReturnOkStatus() throws Exception {
         // Given
         String validIndex =
                 String.valueOf(BitSetManager.BITSET_SIZE / 2); // any valid index within range
@@ -160,9 +160,9 @@ public void whenPostRevokeCredential_thenReturnOkStatus() throws Exception {
     }
 
     @Test
-    public void whenGetCredential_thenReturnCredentials() throws Exception {
+    void whenGetCredential_thenReturnCredentials() throws Exception {
         // Given
-        String validPurpose = PurposeType.REVOCATION.toString();
+        String validPurpose = RevocationPurpose.REVOCATION.name();
         VerifiableCredential verifiableCredential =
                 new VerifiableCredential(
                         createVerifiableCredentialTestData()); // Populate with valid test data
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/domain/BPNTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/domain/BPNTest.java
index cdec1660..017d06b7 100644
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/domain/BPNTest.java
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/domain/BPNTest.java
@@ -27,15 +27,14 @@
 import static org.eclipse.tractusx.managedidentitywallets.revocation.TestUtil.BPN;
 import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotEquals;
 import static org.junit.jupiter.api.Assertions.assertThrows;
-import static org.junit.jupiter.api.Assertions.assertTrue;
 
-public class BPNTest {
+class BPNTest {
 
     @Test
     @DisplayName("BPN Should not be valid")
-    public void invalidBPN() {
+    void invalidBPN() {
         String bpn = "thisnotbpn";
 
         assertThrows(
@@ -47,7 +46,7 @@ public void invalidBPN() {
 
     @Test
     @DisplayName("BPN Should be valid")
-    public void validBPN() {
+    void validBPN() {
         assertDoesNotThrow(
                 () -> {
                     new BPN(BPN);
@@ -56,24 +55,24 @@ public void validBPN() {
 
     @Test
     @DisplayName("BPN Should return value")
-    public void bpnValue() {
+    void bpnValue() {
         BPN bpn = new BPN(BPN);
         assertEquals(BPN, bpn.value());
     }
 
     @Test
     @DisplayName("BPN Should be equal")
-    public void bpnEqual() {
+    void bpnEqual() {
         BPN bpn1 = new BPN(BPN);
         BPN bpn2 = new BPN(BPN);
-        assertTrue(bpn1.equals(bpn2));
+        assertEquals(bpn1, bpn2);
     }
 
     @Test
     @DisplayName("BPN Should not be equal")
-    public void bpnNotEqual() {
+    void bpnNotEqual() {
         BPN bpn1 = new BPN(BPN);
         BPN bpn2 = new BPN("BPNL000000000000");
-        assertFalse(bpn1.equals(bpn2));
+        assertNotEquals(bpn1, bpn2);
     }
 }
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusEntryDtoTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusEntryDtoTest.java
index 5e95b108..ff11b2fc 100644
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusEntryDtoTest.java
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusEntryDtoTest.java
@@ -23,7 +23,7 @@
 
 import jakarta.validation.Validation;
 import jakarta.validation.Validator;
-import org.eclipse.tractusx.managedidentitywallets.revocation.constant.PurposeType;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.RevocationPurpose;
 import org.junit.jupiter.api.Test;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -36,7 +36,7 @@ class StatusEntryDtoTest {
     @Test
     void validStatusEntryDto_CreatesSuccessfully() {
         // Arrange
-        String validPurpose = PurposeType.REVOCATION.toString();
+        String validPurpose = RevocationPurpose.REVOCATION.name();
 
         // Act
         StatusEntryDto dto = new StatusEntryDto(validPurpose, "issuerId");
@@ -81,7 +81,7 @@ void anyParameterIsBlank_ThrowsValidationException() {
                 validator
                         .validate(
                                 new StatusEntryDto(
-                                        PurposeType.REVOCATION.toString(), "" // issuerId is blank
+                                        RevocationPurpose.REVOCATION.name(), "" // issuerId is blank
                                 ))
                         .isEmpty());
     }
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusListCredentialSubjectTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusListCredentialSubjectTest.java
index d1fa870c..246c8473 100644
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusListCredentialSubjectTest.java
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusListCredentialSubjectTest.java
@@ -28,7 +28,7 @@
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertNull;
 
-public class StatusListCredentialSubjectTest {
+class StatusListCredentialSubjectTest {
 
     @Test
     void builderCreatesObjectWithCorrectValues() {
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StatusListIndexTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StatusListIndexTest.java
index e163cce0..39c1a035 100644
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StatusListIndexTest.java
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/jpa/StatusListIndexTest.java
@@ -42,7 +42,7 @@
 @ExtendWith(SpringExtension.class)
 @AutoConfigureJson
 @DataJpaTest
-public class StatusListIndexTest {
+class StatusListIndexTest {
 
     @Autowired
     private TestEntityManager entityManager;
@@ -56,7 +56,7 @@ public void setUp() {
     }
 
     @Test
-    public void whenFieldsAreValid_thenNoConstraintViolationsAndEntityPersists() {
+    void whenFieldsAreValid_thenNoConstraintViolationsAndEntityPersists() {
         String id = BPN + "-revocation#1";
         String issuerBpnStatus = BPN + "-revocation";
 
@@ -79,7 +79,7 @@ public void whenFieldsAreValid_thenNoConstraintViolationsAndEntityPersists() {
     }
 
     @Test
-    public void whenIdIsBlank_thenConstraintViolationOccurs() {
+    void whenIdIsBlank_thenConstraintViolationOccurs() {
         StatusListIndex statusListIndex =
                 StatusListIndex.builder().id(" ").currentIndex("123456").build();
         Set<ConstraintViolation<StatusListIndex>> violations = validator.validate(statusListIndex);
@@ -89,7 +89,7 @@ public void whenIdIsBlank_thenConstraintViolationOccurs() {
     }
 
     @Test
-    public void whenIssuerBpnStatusIsBlank_thenConstraintViolationOccurs() {
+    void whenIssuerBpnStatusIsBlank_thenConstraintViolationOccurs() {
         StatusListIndex statusListIndex =
                 StatusListIndex.builder()
                         .issuerBpnStatus(" ")
@@ -103,7 +103,7 @@ public void whenIssuerBpnStatusIsBlank_thenConstraintViolationOccurs() {
     }
 
     @Test
-    public void whenCurrentIndexIsBlank_thenConstraintViolationOccurs() {
+    void whenCurrentIndexIsBlank_thenConstraintViolationOccurs() {
         StatusListIndex statusListIndex =
                 StatusListIndex.builder().issuerBpnStatus(TestUtil.BPN).currentIndex(" ").build();
         Set<ConstraintViolation<StatusListIndex>> violations = validator.validate(statusListIndex);
@@ -113,7 +113,7 @@ public void whenCurrentIndexIsBlank_thenConstraintViolationOccurs() {
     }
 
     @Test
-    public void whenCurrentIndexIsNotNumeric_thenConstraintViolationOccurs() {
+    void whenCurrentIndexIsNotNumeric_thenConstraintViolationOccurs() {
         String id = BPN + "-revocation#1";
         String issuerBpnStatus = BPN + "-revocation";
         String wrongIndex = "indexABC";
@@ -131,7 +131,7 @@ public void whenCurrentIndexIsNotNumeric_thenConstraintViolationOccurs() {
     }
 
     @Test
-    public void whenSetInvalidCurrentIndex_thenIllegalArgumentExceptionIsThrown() {
+    void whenSetInvalidCurrentIndex_thenIllegalArgumentExceptionIsThrown() {
         // Constructing StatusListIndex using the builder pattern
         // with a valid issuerId and leaving currentIndex unset initially
         StatusListIndex statusListIndex =
@@ -143,7 +143,7 @@ public void whenSetInvalidCurrentIndex_thenIllegalArgumentExceptionIsThrown() {
     }
 
     @Test
-    public void whenFieldsExceedSizeLimit_thenConstraintViolationOccurs() {
+    void whenFieldsExceedSizeLimit_thenConstraintViolationOccurs() {
         String longIssuerBpnStatus = BPN + "-revocation1";
         String longCurrentIndex =
                 "12345".repeat(4); // The repeat count adjusts on the max size of Index
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/ValidateTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/ValidateTest.java
deleted file mode 100644
index 159e1fd6..00000000
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/ValidateTest.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * *******************************************************************************
- *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
- *
- *  See the NOTICE file(s) distributed with this work for additional
- *  information regarding copyright ownership.
- *
- *  This program and the accompanying materials are made available under the
- *  terms of the Apache License, Version 2.0 which is available at
- *  https://www.apache.org/licenses/LICENSE-2.0.
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- *  License for the specific language governing permissions and limitations
- *  under the License.
- *
- *  SPDX-License-Identifier: Apache-2.0
- * ******************************************************************************
- */
-
-package org.eclipse.tractusx.managedidentitywallets.revocation.utils;
-
-import org.junit.jupiter.api.Assertions;
-import org.junit.jupiter.api.Test;
-
-public class ValidateTest {
-
-    @Test
-    void validateTest() {
-        Assertions.assertThrows(
-                RuntimeException.class, () -> Validate.isFalse(false).launch(new RuntimeException()));
-        Assertions.assertThrows(
-                RuntimeException.class, () -> Validate.isTrue(true).launch(new RuntimeException()));
-        Assertions.assertThrows(
-                RuntimeException.class, () -> Validate.isNull(null).launch(new RuntimeException()));
-        Assertions.assertThrows(
-                RuntimeException.class, () -> Validate.isNotNull("Test").launch(new RuntimeException()));
-        Assertions.assertThrows(
-                RuntimeException.class,
-                () -> Validate.value("").isNotEmpty().launch(new RuntimeException()));
-        Assertions.assertDoesNotThrow(() -> Validate.isFalse(true).launch(new RuntimeException()));
-        Assertions.assertDoesNotThrow(() -> Validate.isTrue(false).launch(new RuntimeException()));
-        Assertions.assertDoesNotThrow(() -> Validate.isNull("").launch(new RuntimeException()));
-        Assertions.assertDoesNotThrow(() -> Validate.isNotNull(null).launch(new RuntimeException()));
-        Assertions.assertDoesNotThrow(
-                () -> Validate.value("Test").isNotEmpty().launch(new RuntimeException()));
-    }
-}
diff --git a/settings.gradle b/settings.gradle
index f93bc271..b50d694b 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -5,3 +5,4 @@ rootProject.name = 'managedidentitywallets'
 // include '<sub-project-name>'
 include 'miw'
 include 'revocation-service'
+include 'wallet-commons'
diff --git a/wallet-commons/build.gradle b/wallet-commons/build.gradle
new file mode 100644
index 00000000..45119542
--- /dev/null
+++ b/wallet-commons/build.gradle
@@ -0,0 +1,43 @@
+/********************************************************************************
+ * Copyright (c) 2024 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License, Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ********************************************************************************/
+
+plugins {
+    id 'java-library'
+    id 'jacoco'
+    id 'maven-publish'
+}
+
+dependencies {
+
+    testImplementation "org.testcontainers:junit-jupiter"
+    testImplementation 'org.junit.jupiter:junit-jupiter-api'
+}
+
+dependencyManagement {
+    imports {
+        mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}"
+        mavenBom("org.testcontainers:testcontainers-bom:${testContainerVersion}")
+    }
+}
+
+
+jar {
+    enabled = true
+    archiveClassifier = ''
+}
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/ApplicationRole.java b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/ApplicationRole.java
similarity index 92%
rename from miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/ApplicationRole.java
rename to wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/ApplicationRole.java
index a534ad42..581d285a 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/ApplicationRole.java
+++ b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/ApplicationRole.java
@@ -1,6 +1,6 @@
 /*
  * *******************************************************************************
- *  Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
  *
  *  See the NOTICE file(s) distributed with this work for additional
  *  information regarding copyright ownership.
@@ -19,7 +19,7 @@
  * ******************************************************************************
  */
 
-package org.eclipse.tractusx.managedidentitywallets.constant;
+package org.eclipse.tractusx.managedidentitywallets.commons.constant;
 
 public class ApplicationRole {
 
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/ApplicationRole.java b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/CredentialStatus.java
similarity index 76%
rename from revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/ApplicationRole.java
rename to wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/CredentialStatus.java
index 11722b79..ea5503f9 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/constant/ApplicationRole.java
+++ b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/CredentialStatus.java
@@ -19,15 +19,18 @@
  * ******************************************************************************
  */
 
-package org.eclipse.tractusx.managedidentitywallets.revocation.constant;
+package org.eclipse.tractusx.managedidentitywallets.commons.constant;
 
-public class ApplicationRole {
+import lombok.Getter;
 
-    public static final String ROLE_MANAGE_APP = "manage_app";
+@Getter
+public enum CredentialStatus {
 
-    public static final String ROLE_UPDATE_WALLET = "update_wallet";
+    ACTIVE("active"), REVOKED("revoked");
 
-    private ApplicationRole() {
-        // static
+    private final String name;
+
+    CredentialStatus(String name) {
+        this.name = name;
     }
 }
diff --git a/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/RevocationPurpose.java b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/RevocationPurpose.java
new file mode 100644
index 00000000..608ec2f5
--- /dev/null
+++ b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/RevocationPurpose.java
@@ -0,0 +1,32 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.commons.constant;
+
+public enum RevocationPurpose {
+    REVOCATION("revocation"), SUSPENSION("suspension");
+
+    private final String name;
+
+    RevocationPurpose(String name) {
+        this.name = name;
+    }
+}
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/StringPool.java
similarity index 93%
rename from miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java
rename to wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/StringPool.java
index f63ae081..d6695fdd 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java
+++ b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/StringPool.java
@@ -19,13 +19,14 @@
  * ******************************************************************************
  */
 
-package org.eclipse.tractusx.managedidentitywallets.constant;
+package org.eclipse.tractusx.managedidentitywallets.commons.constant;
 
-/**
- * The type Application constant.
- */
+import lombok.experimental.UtilityClass;
+
+@UtilityClass
 public class StringPool {
 
+
     public static final String CREDENTIAL_ID = "credentialId";
 
     public static final String VERIFIABLE_CREDENTIALS = "verifiableCredentials";
@@ -37,10 +38,6 @@ public class StringPool {
     public static final String VALIDATE_JWT_EXPIRY_DATE = "validateJWTExpiryDate";
     public static final String DID_DOCUMENT = "didDocument";
 
-    private StringPool() {
-        throw new IllegalStateException("Constant class");
-    }
-
     public static final String ISSUER_DID = "issuerDid";
     public static final String HOLDER_DID = "holderDid";
     public static final String HOLDER_IDENTIFIER = "holderIdentifier";
@@ -102,4 +99,9 @@ private StringPool() {
     public static final String CREDENTIAL_SERVICE = "CredentialService";
     public static final String HTTPS_SCHEME = "https://";
     public static final String BPN_NOT_FOUND = "BPN not found";
+
+    public static final String REVOCABLE = "revocable";
+
+    public static final String CREDENTIAL_STATUS = "credentialStatus";
+
 }
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/SupportedAlgorithms.java b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/SupportedAlgorithms.java
similarity index 91%
rename from miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/SupportedAlgorithms.java
rename to wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/SupportedAlgorithms.java
index 227fa134..7787937b 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/SupportedAlgorithms.java
+++ b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/SupportedAlgorithms.java
@@ -19,7 +19,7 @@
  * ******************************************************************************
  */
 
-package org.eclipse.tractusx.managedidentitywallets.constant;
+package org.eclipse.tractusx.managedidentitywallets.commons.constant;
 
 public enum SupportedAlgorithms {
 
@@ -28,7 +28,7 @@ public enum SupportedAlgorithms {
 
     private String value;
 
-    SupportedAlgorithms(String value){
+    SupportedAlgorithms(String value) {
         this.value = value;
     }
 
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/TokenValidationErrors.java b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/TokenValidationErrors.java
similarity index 94%
rename from miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/TokenValidationErrors.java
rename to wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/TokenValidationErrors.java
index e90b784c..571a3cd2 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/TokenValidationErrors.java
+++ b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/TokenValidationErrors.java
@@ -19,7 +19,7 @@
  * ******************************************************************************
  */
 
-package org.eclipse.tractusx.managedidentitywallets.constant;
+package org.eclipse.tractusx.managedidentitywallets.commons.constant;
 
 
 public enum TokenValidationErrors {
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/exception/BadDataException.java b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/exception/BadDataException.java
similarity index 92%
rename from miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/exception/BadDataException.java
rename to wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/exception/BadDataException.java
index 79cd5791..050923ee 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/exception/BadDataException.java
+++ b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/exception/BadDataException.java
@@ -1,6 +1,6 @@
 /*
  * *******************************************************************************
- *  Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
  *
  *  See the NOTICE file(s) distributed with this work for additional
  *  information regarding copyright ownership.
@@ -19,7 +19,7 @@
  * ******************************************************************************
  */
 
-package org.eclipse.tractusx.managedidentitywallets.exception;
+package org.eclipse.tractusx.managedidentitywallets.commons.exception;
 
 /**
  * The type Bad data exception.
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/ForbiddenException.java b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/exception/ForbiddenException.java
similarity index 93%
rename from revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/ForbiddenException.java
rename to wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/exception/ForbiddenException.java
index a5420c34..81840357 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/exception/ForbiddenException.java
+++ b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/exception/ForbiddenException.java
@@ -19,8 +19,11 @@
  * ******************************************************************************
  */
 
-package org.eclipse.tractusx.managedidentitywallets.revocation.exception;
+package org.eclipse.tractusx.managedidentitywallets.commons.exception;
 
+/**
+ * The type Forbidden exception.
+ */
 public class ForbiddenException extends RuntimeException {
 
     /**
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/Validate.java b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/utils/Validate.java
similarity index 98%
rename from revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/Validate.java
rename to wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/utils/Validate.java
index 724153dc..e32fe86c 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/Validate.java
+++ b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/utils/Validate.java
@@ -19,7 +19,7 @@
  * ******************************************************************************
  */
 
-package org.eclipse.tractusx.managedidentitywallets.revocation.utils;
+package org.eclipse.tractusx.managedidentitywallets.commons.utils;
 
 import java.util.Objects;
 
@@ -102,6 +102,7 @@ public static <T> Validate<T> isNotNull(T value) {
         return new Validate<>(value).isNotNull();
     }
 
+
     /**
      * Is not empty validate.
      *
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/ValidateTest.java b/wallet-commons/src/test/java/org/eclipse/tractusx/managedidentitywallets/commons/ValidateTest.java
similarity index 91%
rename from miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/ValidateTest.java
rename to wallet-commons/src/test/java/org/eclipse/tractusx/managedidentitywallets/commons/ValidateTest.java
index 9ba28ec8..4a65cb34 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/ValidateTest.java
+++ b/wallet-commons/src/test/java/org/eclipse/tractusx/managedidentitywallets/commons/ValidateTest.java
@@ -1,6 +1,6 @@
 /*
  * *******************************************************************************
- *  Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
  *
  *  See the NOTICE file(s) distributed with this work for additional
  *  information regarding copyright ownership.
@@ -19,8 +19,9 @@
  * ******************************************************************************
  */
 
-package org.eclipse.tractusx.managedidentitywallets.utils;
+package org.eclipse.tractusx.managedidentitywallets.commons;
 
+import org.eclipse.tractusx.managedidentitywallets.commons.utils.Validate;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 

From b1c54176cfba899fbcfed32dc1d028cc028e0a68 Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Fri, 14 Jun 2024 19:08:12 +0530
Subject: [PATCH 06/48] fix: sonar issues

---
 .../service/PresentationService.java                      | 7 +------
 .../managedidentitywallets/service/WalletService.java     | 8 ++------
 .../signing/LocalSigningServiceImpl.java                  | 4 ++--
 .../managedidentitywallets/utils/AuthenticationUtils.java | 7 ++++++-
 .../revocation/controllers/RevocationApiController.java   | 2 +-
 .../validation/VerifiableCredentialValidator.java         | 8 +-------
 .../security/CustomAuthenticationConverterTest.java       | 6 +++---
 .../revocation/utils/BitSetManagerTest.java               | 4 ++--
 .../commons/constant/StringPool.java                      | 3 ---
 .../commons/constant/SupportedAlgorithms.java             | 2 +-
 10 files changed, 19 insertions(+), 32 deletions(-)

diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java
index 57e7d41f..e5c1b169 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java
@@ -274,12 +274,7 @@ private boolean validateCredential(VerifiableCredential credential) {
         final DidResolver resolver = didDocumentResolverService.getCompositeDidResolver();
         final LinkedDataProofValidation linkedDataProofValidation = LinkedDataProofValidation.newInstance(resolver);
         final boolean isValid = linkedDataProofValidation.verify(credential);
-
-        if (isValid) {
-            log.debug("Credential validation result: (valid: {}, credential-id: {})", isValid, credential.getId());
-        } else {
-            log.info("Credential validation result: (valid: {}, credential-id: {})", isValid, credential.getId());
-        }
+        log.info("Credential validation result: (valid: {}, credential-id: {})", isValid, credential.getId());
         return isValid;
     }
 
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java
index e3a835b3..76237e05 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java
@@ -363,11 +363,7 @@ private void validateCreateWallet(CreateWalletRequest request, String callerBpn)
     }
 
 
-    @RequiredArgsConstructor
-    private class WalletKeyInfo {
-        private final String keyId;
-        private final KeyPair keyPair;
-        private final SupportedAlgorithms algorithm;
-        private final VerificationMethod verificationMethod;
+    private record WalletKeyInfo(String keyId, KeyPair keyPair, SupportedAlgorithms algorithm,
+                                 VerificationMethod verificationMethod) {
     }
 }
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/LocalSigningServiceImpl.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/LocalSigningServiceImpl.java
index d3f6ae05..5317ec82 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/LocalSigningServiceImpl.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/LocalSigningServiceImpl.java
@@ -278,7 +278,7 @@ private SignedJWT generateJwtPresentation(PresentationCreationConfig config, byt
 
     private VerifiablePresentation generateJsonLdPresentation(PresentationCreationConfig config, byte[] privateKeyBytes) throws UnsupportedSignatureTypeException, InvalidPrivateKeyFormatException, SignatureGenerateFailedException, TransformJsonLdException {
         VerifiablePresentationBuilder verifiablePresentationBuilder =
-                new VerifiablePresentationBuilder().id(URI.create(config.getVpIssuerDid() + "#" + UUID.randomUUID().toString()))
+                new VerifiablePresentationBuilder().id(URI.create(config.getVpIssuerDid() + "#" + UUID.randomUUID()))
                         .type(List.of(VerifiablePresentationType.VERIFIABLE_PRESENTATION))
                         .verifiableCredentials(config.getVerifiableCredentials());
 
@@ -339,7 +339,7 @@ private SignedJWT buildED25519(PresentationCreationConfig config, byte[] private
         SerializedJwtPresentationFactory presentationFactory = new SerializedJwtPresentationFactoryImpl(
                 new SignedJwtFactory(new OctetKeyPairFactory()), new JsonLdSerializerImpl(), config.getVpIssuerDid());
 
-        X25519PrivateKey privateKey = null;
+        X25519PrivateKey privateKey;
         try {
             privateKey = new X25519PrivateKey(privateKeyBytes);
         } catch (InvalidPrivateKeyFormatException e) {
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/AuthenticationUtils.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/AuthenticationUtils.java
index 6f2a31ce..6a11009a 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/AuthenticationUtils.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/AuthenticationUtils.java
@@ -157,10 +157,15 @@ private static String getJwtToken(String username) {
                 .clientId(StringPool.CLIENT_ID)
                 .clientSecret(StringPool.CLIENT_SECRET)
                 .username(username)
-                .password(StringPool.USER_PASSWORD)
+                .password(getUserPassword())
                 .build();
         String access_token = keycloakAdminClient.tokenManager().getAccessToken().getToken();
 
         return StringPool.BEARER_SPACE + access_token;
     }
+
+    @NotNull
+    private static String getUserPassword() {
+        return "s3cr3t";
+    }
 }
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiController.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiController.java
index 580ff2af..8c1ed619 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiController.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiController.java
@@ -131,7 +131,7 @@ public ResponseEntity<Map<String, String>> verifyRevocation(
     /**
      * The function `getCredentialsByIssuerId` retrieves a list of credentials by their issuer ID.
      *
-     * @param issuerId The `issuerId` parameter is a string that represents the identifier of the
+     * @param issuerBPN The `issuerBPN` parameter is a string that represents the BPn of the
      *                 issuer.
      * @return The method is returning a ResponseEntity object that wraps a VerifiableCredential
      * object.
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/validation/VerifiableCredentialValidator.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/validation/VerifiableCredentialValidator.java
index 66372d57..00947e53 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/validation/VerifiableCredentialValidator.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/validation/VerifiableCredentialValidator.java
@@ -48,15 +48,9 @@ public boolean isValid(VerifiableCredential credential, ConstraintValidatorConte
         // Assuming 'id' within 'credentialSubject' is the field to be validated as a URI
         @NonNull
         List<VerifiableCredentialSubject> credentialSubject = credential.getCredentialSubject();
-        if (credentialSubject != null) {
-            if (!validateCredentialSubject(credentialSubject, context)) {
-                return false;
-            }
-        }
+        return validateCredentialSubject(credentialSubject, context);
 
         // Additional validation checks can be added here, e.g., checking the proof object
-
-        return true;
     }
 
     private boolean validateCredentialSubject(
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/CustomAuthenticationConverterTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/CustomAuthenticationConverterTest.java
index 29de8663..a918b0fe 100644
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/CustomAuthenticationConverterTest.java
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/CustomAuthenticationConverterTest.java
@@ -36,13 +36,13 @@
 
 class CustomAuthenticationConverterTest {
 
-    private static String VALID =
+    private static final String VALID =
             "eyJhbGciOiJSUzI1NiIsImFscGhhIjoiZzB1ZjNycjlycnN2cHlhcTVuamg4In0.eyJpc3MiOiJEaW5vQ2hpZXNhLmdpdGh1Yi5pbyIsInN1YiI6Im1heGluZSIsImF1ZCI6ImlkcmlzIiwiaWF0IjoxNzAyNjUwMTc2LCJleHAiOjE3MDI2NTA3NzYsInJlc291cmNlX2FjY2VzcyI6eyJyZXNvdXJjZUlkIjp7InJvbGVzIjpbImRlaV9tdWRhIl19fX0.wTv9GBX3AuRO8UIsAuu2YJU77ai-wchDyxRn-_yX9PeHt23vCmp_JAbkkdMdyLAWWOKncjgNeG-4lB9RCBsjmbdb1imujUrAocp3VZQqNg6OVaNV58kdsIpNNF9S8XlFI4hr1BANrw2rWJDkTRu1id-Fu-BVE1BF7ySCKHS_NaY3e7yXQM-jtU63z5FBpPvfMF-La3blPle93rgut7V3LlG-tNOp93TgFzGrQQXuJUsew34T0u4OlQa3TjQuMdZMTy0SVSLSpIzAqDsAkHv34W6SdY1p6FVQ14TfawRLkrI2QY-YM_dCFAEE7KqqnUrVVyw6XG1ydeFDuX8SJuQX7g";
 
-    private static String MISSING_RESOURCE_ID =
+    private static final String MISSING_RESOURCE_ID =
             "{\n" + "    \"resource_access\": {\n" + "    }\n" + "}";
 
-    private static String MISSING_ROLES =
+    private static final String MISSING_ROLES =
             "{\n"
                     + "    \"resource_access\": {\n"
                     + "        \"resourceId\": {\n"
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/BitSetManagerTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/BitSetManagerTest.java
index 6e41da99..67f9c813 100644
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/BitSetManagerTest.java
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/utils/BitSetManagerTest.java
@@ -24,9 +24,9 @@
 import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
 
-import java.util.Arrays;
 import java.util.BitSet;
 
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
@@ -104,6 +104,6 @@ void encodeToStringAndDecodeFromString_AreReversible() {
 
         byte[] decodedData = BitSetManager.decodeFromString(encoded);
         assertNotNull(decodedData);
-        assertTrue(Arrays.equals(originalData, decodedData));
+        assertArrayEquals(originalData, decodedData);
     }
 }
diff --git a/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/StringPool.java b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/StringPool.java
index d6695fdd..5ee3fd5e 100644
--- a/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/StringPool.java
+++ b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/StringPool.java
@@ -62,9 +62,6 @@ public class StringPool {
     public static final String CLIENT_SECRET = "miw_private_client_secret";
 
     public static final String REALM = "miw_test";
-
-    public static final String USER_PASSWORD = "s3cr3t";
-
     public static final String VALID_USER_NAME = "valid_user";
 
     public static final String INVALID_USER_NAME = "invalid_user";
diff --git a/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/SupportedAlgorithms.java b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/SupportedAlgorithms.java
index 7787937b..b9750cfe 100644
--- a/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/SupportedAlgorithms.java
+++ b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/SupportedAlgorithms.java
@@ -26,7 +26,7 @@ public enum SupportedAlgorithms {
     ED25519("ED25519"),
     ES256K("ES256K");
 
-    private String value;
+    private final String value;
 
     SupportedAlgorithms(String value) {
         this.value = value;

From 02ccd3112bbed9ff14f8f487a5df40eaced79eba Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Fri, 14 Jun 2024 19:54:06 +0530
Subject: [PATCH 07/48] fix: test cases due to revocation client

---
 gradle.properties                             |   1 +
 miw/build.gradle                              |   2 +-
 .../utils/TestUtils.java                      | 142 ++++++++++++++++++
 .../vc/HoldersCredentialTest.java             |  22 ++-
 .../vc/IssuersCredentialTest.java             |  24 +++
 .../vp/PresentationServiceTest.java           |  24 +++
 .../vp/PresentationTest.java                  |  22 +++
 7 files changed, 235 insertions(+), 2 deletions(-)

diff --git a/gradle.properties b/gradle.properties
index 6481bbad..9b250fba 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -12,3 +12,4 @@ ssiLibVersion=0.0.19
 wiremockVersion=3.4.2
 commonsDaoVersion=0.0.5
 appGroup=org.eclipse.tractusx.managedidentitywallets
+mockInBeanVersion=boot2-v1.5.2
diff --git a/miw/build.gradle b/miw/build.gradle
index 590d9f2f..9b70d146 100644
--- a/miw/build.gradle
+++ b/miw/build.gradle
@@ -70,7 +70,7 @@ dependencies {
     testImplementation group: 'org.mockito', name: 'mockito-inline', version: '5.2.0'
     testImplementation group: 'org.json', name: 'json', version: '20230227'
     testImplementation group: 'com.github.curious-odd-man', name: 'rgxgen', version: '1.4'
-
+    testImplementation "com.teketik:mock-in-bean:${mockInBeanVersion}"
 }
 
 dependencyManagement {
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java
index 5e9a7e34..5f1d85b7 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java
@@ -33,6 +33,8 @@
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
 import lombok.SneakyThrows;
+import org.apache.commons.lang3.RandomUtils;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.CredentialStatus;
 import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.commons.exception.ForbiddenException;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
@@ -41,10 +43,13 @@
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository;
 import org.eclipse.tractusx.managedidentitywallets.domain.SigningServiceType;
 import org.eclipse.tractusx.managedidentitywallets.dto.CreateWalletRequest;
+import org.eclipse.tractusx.managedidentitywallets.dto.StatusListRequest;
+import org.eclipse.tractusx.managedidentitywallets.revocation.RevocationClient;
 import org.eclipse.tractusx.ssi.lib.model.did.DidDocument;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.Verifiable;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialBuilder;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialStatusList2021Entry;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialSubject;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialType;
 import org.jetbrains.annotations.NotNull;
@@ -52,6 +57,7 @@
 import org.json.JSONException;
 import org.json.JSONObject;
 import org.junit.jupiter.api.Assertions;
+import org.mockito.Mockito;
 import org.springframework.boot.test.web.client.TestRestTemplate;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
@@ -59,14 +65,19 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
 import java.net.URI;
 import java.time.Instant;
 import java.util.ArrayList;
+import java.util.Base64;
+import java.util.BitSet;
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 import java.util.UUID;
+import java.util.zip.GZIPOutputStream;
 
 import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.ACCESS_TOKEN;
 import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.SCOPE;
@@ -265,4 +276,135 @@ public static Map<String, Object> getCredentialAsMap(String holderBpn, String ho
 
         return objectMapper.readValue(credentialWithoutProof.toJson(), Map.class);
     }
+
+
+    public static VerifiableCredentialStatusList2021Entry getStatusListEntry(int index) {
+        return new VerifiableCredentialStatusList2021Entry(Map.of(
+                "id", "https://example.com/credentials/bpn123456789000/revocation/3#" + index,
+                "type", "BitstringStatusListEntry",
+                "statusPurpose", "revocation",
+                "statusListIndex", String.valueOf(index),
+                "statusListCredential", "https://example.com/credentials/bpn123456789000/revocation/3"
+        ));
+    }
+
+    public static VerifiableCredentialStatusList2021Entry getStatusListEntry() {
+        int index = RandomUtils.nextInt(1, 100);
+        return new VerifiableCredentialStatusList2021Entry(Map.of(
+                "id", "https://example.com/credentials/bpn123456789000/revocation/3#" + index,
+                "type", "BitstringStatusListEntry",
+                "statusPurpose", "revocation",
+                "statusListIndex", String.valueOf(index),
+                "statusListCredential", "https://example.com/credentials/bpn123456789000/revocation/3"
+        ));
+    }
+
+    public static void mockGetStatusListEntry(RevocationClient revocationClient, int statusIndex) {
+        //mock revocation service
+        Mockito.when(revocationClient.getStatusListEntry(Mockito.any(StatusListRequest.class), Mockito.any(String.class))).thenReturn(TestUtils.getStatusListEntry(statusIndex));
+    }
+
+    public static void mockGetStatusListEntry(RevocationClient revocationClient) {
+        //mock revocation service
+        Mockito.when(revocationClient.getStatusListEntry(Mockito.any(StatusListRequest.class), Mockito.any(String.class))).thenReturn(TestUtils.getStatusListEntry());
+    }
+
+
+    public static void mockRevocationVerification(RevocationClient revocationClient, CredentialStatus credentialStatus) {
+        Mockito.when(revocationClient.verifyCredentialStatus(Mockito.any(), Mockito.anyString())).thenReturn(Map.of("status", credentialStatus.getName().toLowerCase()));
+    }
+
+    @SneakyThrows
+    public static void mockGetStatusListVC(RevocationClient revocationClient, ObjectMapper objectMapper, String encodedList) {
+        String vcString = """
+                {
+                  "type": [
+                    "VerifiableCredential"
+                  ],
+                  "@context": [
+                    "https://www.w3.org/2018/credentials/v1",
+                    "https://w3id.org/vc/status-list/2021/v1",
+                    "https://w3id.org/security/suites/jws-2020/v1"
+                  ],
+                  "id": "http://localhost:8085/api/v1/revocations/credentials/did:web:BPNL01-revocation",
+                  "issuer": "did:key:z6MkhGTzcvb8BXh5aeoaFvb3XJ3MBmfLRamdYdXyV1pxJBce",
+                  "issuanceDate": "2023-11-30T11:29:17Z",
+                  "issued": "2023-11-30T11:29:17Z",
+                  "validFrom": "2023-11-30T11:29:17Z",
+                  "proof": {
+                    "type": "JsonWebSignature2020",
+                    "created": "2023-11-30T11:29:17Z",
+                    "verificationMethod": "did:key:z6MkhGTzcvb8BXh5aeoaFvb3XJ3MBmfLRamdYdXyV1pxJBce#z6MkhGTzcvb8BXh5aeoaFvb3XJ3MBmfLRamdYdXyV1pxJBce",
+                    "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..Iv6H_e4kfLj9dr0COsB2D_ZPpkMoFj3BVXW2iyKFC3q5QtvPWraWfzEDJ5fxtfd5bARJQIP6YhaXdfSRgJpACQ"
+                  },
+                  "credentialSubject": {
+                    "id": "did:key:z6MkhGTzcvb8BXh5aeoaFvb3XJ3MBmfLRamdYdXyV1pxJBce",
+                    "type": "BitstringStatusList",
+                    "statusPurpose": "revocation",
+                    "encodedList": "##encodedList"
+                  }
+                }
+                """;
+        vcString = vcString.replace("##encodedList", encodedList);
+
+        VerifiableCredential verifiableCredential = new VerifiableCredential(objectMapper.readValue(vcString, Map.class));
+        Mockito.when(revocationClient.getStatusListCredential(Mockito.any(String.class), Mockito.any(String.class), Mockito.any(String.class), Mockito.any(String.class))).thenReturn(verifiableCredential);
+    }
+
+    @SneakyThrows
+    public static void mockGetStatusListVC(RevocationClient revocationClient, ObjectMapper objectMapper) {
+        String vcString = """
+                {
+                  "type": [
+                    "VerifiableCredential",
+                    "StatusList2021Credential"
+                  ],
+                  "@context": [
+                    "https://www.w3.org/2018/credentials/v1",
+                    "https://w3id.org/vc/status-list/2021/v1",
+                    "https://w3id.org/security/suites/jws-2020/v1"
+                  ],
+                  "id": "http://localhost:8085/api/v1/revocations/credentials/did:web:BPNL01-revocation",
+                  "issuer": "did:key:z6MkhGTzcvb8BXh5aeoaFvb3XJ3MBmfLRamdYdXyV1pxJBce",
+                  "issuanceDate": "2023-11-30T11:29:17Z",
+                  "issued": "2023-11-30T11:29:17Z",
+                  "validFrom": "2023-11-30T11:29:17Z",
+                  "proof": {
+                    "type": "JsonWebSignature2020",
+                    "creator": "did:key:z6MkhGTzcvb8BXh5aeoaFvb3XJ3MBmfLRamdYdXyV1pxJBce",
+                    "created": "2023-11-30T11:29:17Z",
+                    "verificationMethod": "did:key:z6MkhGTzcvb8BXh5aeoaFvb3XJ3MBmfLRamdYdXyV1pxJBce#z6MkhGTzcvb8BXh5aeoaFvb3XJ3MBmfLRamdYdXyV1pxJBce",
+                    "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..Iv6H_e4kfLj9dr0COsB2D_ZPpkMoFj3BVXW2iyKFC3q5QtvPWraWfzEDJ5fxtfd5bARJQIP6YhaXdfSRgJpACQ"
+                  },
+                  "credentialSubject": {
+                    "id": "did:key:z6MkhGTzcvb8BXh5aeoaFvb3XJ3MBmfLRamdYdXyV1pxJBce",
+                    "type": "StatusList2021Credential",
+                    "statusPurpose": "revocation",
+                    "encodedList": "H4sIAAAAAAAA/+3BMQEAAAjAoEqzfzk/SwjUmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDXFiqoX4AAAAIA"
+                  }
+                }
+                """;
+
+        VerifiableCredential verifiableCredential = new VerifiableCredential(objectMapper.readValue(vcString, Map.class));
+        Mockito.when(revocationClient.getStatusListCredential(Mockito.any(String.class), Mockito.any(String.class), Mockito.any(String.class), Mockito.any(String.class))).thenReturn(verifiableCredential);
+    }
+
+    public static String createEncodedList() throws IOException {
+        BitSet bitSet = new BitSet(16 * 1024 * 8);
+
+        byte[] bitstringBytes = bitSet.toByteArray();
+        // Perform GZIP compression
+        ByteArrayOutputStream gzipOutput = new ByteArrayOutputStream();
+        try (GZIPOutputStream gzipStream = new GZIPOutputStream(gzipOutput)) {
+            gzipStream.write(bitstringBytes);
+        }
+
+
+        // Base64 encode the compressed byte array
+        byte[] compressedBytes = gzipOutput.toByteArray();
+        String encodedList = Base64.getEncoder().encodeToString(compressedBytes);
+
+
+        return encodedList;
+    }
 }
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java
index fa74e9c0..624eb5d6 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java
@@ -23,8 +23,10 @@
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.teketik.test.mockinbean.MockInBean;
 import lombok.SneakyThrows;
 import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.CredentialStatus;
 import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
 import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer;
@@ -36,6 +38,8 @@
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository;
 import org.eclipse.tractusx.managedidentitywallets.dto.CreateWalletRequest;
 import org.eclipse.tractusx.managedidentitywallets.dto.CredentialVerificationRequest;
+import org.eclipse.tractusx.managedidentitywallets.revocation.RevocationClient;
+import org.eclipse.tractusx.managedidentitywallets.service.revocation.RevocationService;
 import org.eclipse.tractusx.managedidentitywallets.utils.AuthenticationUtils;
 import org.eclipse.tractusx.managedidentitywallets.utils.TestUtils;
 import org.eclipse.tractusx.ssi.lib.did.resolver.DidResolver;
@@ -54,7 +58,9 @@
 import org.eclipse.tractusx.ssi.lib.proof.LinkedDataProofValidation;
 import org.eclipse.tractusx.ssi.lib.serialization.SerializeUtil;
 import org.json.JSONException;
+import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
@@ -95,9 +101,24 @@ class HoldersCredentialTest {
     @Autowired
     private TestRestTemplate restTemplate;
 
+    @MockInBean(RevocationService.class)
+    private RevocationClient revocationClient;
+
     @Autowired
     private IssuersCredentialController credentialController;
 
+    @SneakyThrows
+    @BeforeEach
+    void beforeEach() {
+        TestUtils.mockGetStatusListEntry(revocationClient);
+        TestUtils.mockGetStatusListVC(revocationClient, objectMapper, TestUtils.createEncodedList());
+        TestUtils.mockRevocationVerification(revocationClient, CredentialStatus.ACTIVE);
+    }
+
+    @AfterEach
+    void afterEach() {
+        Mockito.reset(revocationClient);
+    }
 
     @Test
     void issueCredentialTestWithInvalidBPNAccess403() throws JsonProcessingException {
@@ -122,7 +143,6 @@ void issueCredentialTest200() throws JsonProcessingException {
 
         ResponseEntity<String> response = issueVC(bpn, did, type, headers);
 
-
         Assertions.assertEquals(HttpStatus.CREATED.value(), response.getStatusCode().value());
         VerifiableCredential verifiableCredential = new VerifiableCredential(new ObjectMapper().readValue(response.getBody(), Map.class));
         Assertions.assertNotNull(verifiableCredential.getProof());
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java
index 712dcf5c..92fc8b40 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java
@@ -24,7 +24,10 @@
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.teketik.test.mockinbean.MockInBean;
+import lombok.SneakyThrows;
 import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.CredentialStatus;
 import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.commons.exception.ForbiddenException;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
@@ -37,15 +40,20 @@
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.IssuersCredentialRepository;
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository;
 import org.eclipse.tractusx.managedidentitywallets.dto.CreateWalletRequest;
+import org.eclipse.tractusx.managedidentitywallets.revocation.RevocationClient;
+import org.eclipse.tractusx.managedidentitywallets.service.revocation.RevocationService;
 import org.eclipse.tractusx.managedidentitywallets.utils.AuthenticationUtils;
 import org.eclipse.tractusx.managedidentitywallets.utils.TestUtils;
 import org.eclipse.tractusx.ssi.lib.did.web.DidWebFactory;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
 import org.eclipse.tractusx.ssi.lib.serialization.SerializeUtil;
 import org.json.JSONException;
+import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
+import org.mockito.Mockito;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.web.client.TestRestTemplate;
@@ -82,6 +90,22 @@ class IssuersCredentialTest {
     private IssuersCredentialRepository issuersCredentialRepository;
 
 
+    @MockInBean(RevocationService.class)
+    private RevocationClient revocationClient;
+
+    @SneakyThrows
+    @BeforeEach
+    void beforeEach() {
+        TestUtils.mockGetStatusListEntry(revocationClient);
+        TestUtils.mockGetStatusListVC(revocationClient, objectMapper, TestUtils.createEncodedList());
+        TestUtils.mockRevocationVerification(revocationClient, CredentialStatus.ACTIVE);
+    }
+
+    @AfterEach
+    void afterEach() {
+        Mockito.reset(revocationClient);
+    }
+
     @Test
     void getCredentials200() throws com.fasterxml.jackson.core.JsonProcessingException, JSONException {
         String baseBPN = miwSettings.authorityWalletBpn();
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationServiceTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationServiceTest.java
index df45f40a..3e92c03d 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationServiceTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationServiceTest.java
@@ -26,8 +26,10 @@
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.JWTParser;
 import com.nimbusds.jwt.SignedJWT;
+import com.teketik.test.mockinbean.MockInBean;
 import lombok.SneakyThrows;
 import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.CredentialStatus;
 import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.commons.exception.BadDataException;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
@@ -38,8 +40,10 @@
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository;
 import org.eclipse.tractusx.managedidentitywallets.exception.MissingVcTypesException;
 import org.eclipse.tractusx.managedidentitywallets.exception.PermissionViolationException;
+import org.eclipse.tractusx.managedidentitywallets.revocation.RevocationClient;
 import org.eclipse.tractusx.managedidentitywallets.service.IssuersCredentialService;
 import org.eclipse.tractusx.managedidentitywallets.service.PresentationService;
+import org.eclipse.tractusx.managedidentitywallets.service.revocation.RevocationService;
 import org.eclipse.tractusx.managedidentitywallets.utils.AuthenticationUtils;
 import org.eclipse.tractusx.managedidentitywallets.utils.TestConstants;
 import org.eclipse.tractusx.managedidentitywallets.utils.TestUtils;
@@ -47,8 +51,11 @@
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialSubject;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.presentation.VerifiablePresentation;
+import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
+import org.mockito.Mockito;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.web.client.TestRestTemplate;
@@ -98,6 +105,23 @@ class PresentationServiceTest {
     @Autowired
     private WalletRepository walletRepository;
 
+    @MockInBean(RevocationService.class)
+    private RevocationClient revocationClient;
+
+    @SneakyThrows
+    @BeforeEach
+    void beforeEach() {
+        TestUtils.mockGetStatusListEntry(revocationClient);
+        TestUtils.mockGetStatusListVC(revocationClient, objectMapper, TestUtils.createEncodedList());
+        TestUtils.mockRevocationVerification(revocationClient, CredentialStatus.ACTIVE);
+    }
+
+    @AfterEach
+    void afterEach() {
+        Mockito.reset(revocationClient);
+    }
+
+
     @SneakyThrows
     @Test
     void createPresentation200ResponseAsJWT() {
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java
index e0b8e2f2..81fe85a5 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java
@@ -25,8 +25,10 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
+import com.teketik.test.mockinbean.MockInBean;
 import lombok.SneakyThrows;
 import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.CredentialStatus;
 import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
 import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer;
@@ -36,7 +38,9 @@
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.HoldersCredentialRepository;
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository;
+import org.eclipse.tractusx.managedidentitywallets.revocation.RevocationClient;
 import org.eclipse.tractusx.managedidentitywallets.service.IssuersCredentialService;
+import org.eclipse.tractusx.managedidentitywallets.service.revocation.RevocationService;
 import org.eclipse.tractusx.managedidentitywallets.utils.AuthenticationUtils;
 import org.eclipse.tractusx.managedidentitywallets.utils.TestUtils;
 import org.eclipse.tractusx.ssi.lib.did.resolver.DidResolver;
@@ -48,7 +52,9 @@
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialType;
 import org.jetbrains.annotations.NotNull;
 import org.json.JSONException;
+import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.mockito.MockedConstruction;
 import org.mockito.Mockito;
@@ -101,6 +107,22 @@ class PresentationTest {
     @Autowired
     private WalletRepository walletRepository;
 
+    @MockInBean(RevocationService.class)
+    private RevocationClient revocationClient;
+
+    @SneakyThrows
+    @BeforeEach
+    void beforeEach() {
+        TestUtils.mockGetStatusListEntry(revocationClient);
+        TestUtils.mockGetStatusListVC(revocationClient, objectMapper, TestUtils.createEncodedList());
+        TestUtils.mockRevocationVerification(revocationClient, CredentialStatus.ACTIVE);
+    }
+
+    @AfterEach
+    void afterEach() {
+        Mockito.reset(revocationClient);
+    }
+
 
     @Test
     void validateVPAssJsonLd400() throws JsonProcessingException, JSONException {

From e91b6a0330b65d09bc24b6c38086d17ee16a761c Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Mon, 17 Jun 2024 14:00:51 +0530
Subject: [PATCH 08/48] fix: failing test cases

---
 .../config/RevocationSettings.java                   |  2 +-
 .../service/IssuersCredentialService.java            | 12 ++++++++++++
 miw/src/main/resources/application.yaml              |  1 +
 .../service/IssuersCredentialServiceTest.java        |  2 +-
 .../managedidentitywallets/utils/TestUtils.java      | 10 +++++-----
 .../vc/HoldersCredentialTest.java                    |  6 +++++-
 .../vc/IssuersCredentialTest.java                    |  6 +++++-
 7 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/RevocationSettings.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/RevocationSettings.java
index c36bb2ec..43b2a3a1 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/RevocationSettings.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/RevocationSettings.java
@@ -26,5 +26,5 @@
 import java.net.URI;
 
 @ConfigurationProperties(prefix = "miw.revocation")
-public record RevocationSettings(URI url) {
+public record RevocationSettings(URI url, URI bitStringStatusListContext) {
 }
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java
index dba5f6a9..6f1592dc 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java
@@ -42,6 +42,7 @@
 import org.eclipse.tractusx.managedidentitywallets.commons.exception.ForbiddenException;
 import org.eclipse.tractusx.managedidentitywallets.commons.utils.Validate;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
+import org.eclipse.tractusx.managedidentitywallets.config.RevocationSettings;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.IssuersCredential;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
@@ -77,6 +78,7 @@
 import org.springframework.util.StringUtils;
 
 import java.io.IOException;
+import java.net.URI;
 import java.net.http.HttpClient;
 import java.text.ParseException;
 import java.util.ArrayList;
@@ -115,6 +117,8 @@ public class IssuersCredentialService extends BaseService<IssuersCredential, Lon
 
     private final RevocationService revocationService;
 
+    private final RevocationSettings revocationSettings;
+
 
     @Override
     protected BaseRepository<IssuersCredential, Long> getRepository() {
@@ -239,6 +243,14 @@ public CredentialsResponse issueCredentialUsingBaseWallet(String holderDid, Map<
             //get credential status in case of revocation
             VerifiableCredentialStatusList2021Entry statusListEntry = revocationService.getStatusListEntry(issuerWallet.getBpn(), token);
             builder.verifiableCredentialStatus(statusListEntry);
+
+            //add revocation context if missing
+            List<URI> uris = miwSettings.vcContexts();
+            if (!uris.contains(revocationSettings.bitStringStatusListContext())) {
+                uris.add(revocationSettings.bitStringStatusListContext());
+                builder.contexts(uris);
+            }
+
         }
 
         CredentialCreationConfig holdersCredentialCreationConfig = builder.build();
diff --git a/miw/src/main/resources/application.yaml b/miw/src/main/resources/application.yaml
index d705efe1..c40961bb 100644
--- a/miw/src/main/resources/application.yaml
+++ b/miw/src/main/resources/application.yaml
@@ -110,6 +110,7 @@ miw:
     refresh-token-url: ${miw.security.token-url}
   revocation:
     url: ${REVOCATION_SERVICE_URL:http://localhost:8081}
+    bitStringStatusListContext: ${BITSTRING_STATUS_LIST_CONTEXT_URL:https://w3c.github.io/vc-bitstring-status-list/contexts/v1.jsonld}
 
 
 sts:
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialServiceTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialServiceTest.java
index 4c52d70c..4127dc59 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialServiceTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialServiceTest.java
@@ -153,7 +153,7 @@ public static void beforeAll() throws SQLException {
                 issuersCredentialRepository,
                 miwSettings,
                 new SpecificationUtil<IssuersCredential>(),
-                holdersCredentialRepository, commonService, objectMapper, revocationService);
+                holdersCredentialRepository, commonService, objectMapper, revocationService, revocationSettings);
     }
 
     @BeforeEach
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java
index 5f1d85b7..3eb7ed69 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java
@@ -38,6 +38,7 @@
 import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.commons.exception.ForbiddenException;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
+import org.eclipse.tractusx.managedidentitywallets.config.RevocationSettings;
 import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository;
@@ -129,14 +130,14 @@ public static Wallet createWallet(String bpn, String did, WalletRepository walle
         return walletRepository.save(wallet);
     }
 
-    public static void checkVC(VerifiableCredential verifiableCredential, MIWSettings miwSettings) {
-        //text context URL
-        Assertions.assertEquals(verifiableCredential.getContext().size(), miwSettings.vcContexts().size() + 1);
-
+    public static void checkVC(VerifiableCredential verifiableCredential, MIWSettings miwSettings, RevocationSettings revocationSettings) {
         for (URI link : miwSettings.vcContexts()) {
             Assertions.assertTrue(verifiableCredential.getContext().contains(link));
         }
 
+        if (verifiableCredential.getVerifiableCredentialStatus() != null) {
+            Assertions.assertTrue(verifiableCredential.getContext().contains(revocationSettings.bitStringStatusListContext()));
+        }
         //check expiry date
         Assertions.assertEquals(0, verifiableCredential.getExpirationDate().compareTo(miwSettings.vcExpiryDate().toInstant()));
     }
@@ -261,7 +262,6 @@ public static Map<String, Object> getCredentialAsMap(String holderBpn, String ho
         //VC Subject
         VerifiableCredentialSubject verifiableCredentialSubject =
                 new VerifiableCredentialSubject(subjectData);
-
         //Using Builder
         VerifiableCredential credentialWithoutProof =
                 verifiableCredentialBuilder
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java
index 624eb5d6..16efe6b5 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java
@@ -29,6 +29,7 @@
 import org.eclipse.tractusx.managedidentitywallets.commons.constant.CredentialStatus;
 import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
+import org.eclipse.tractusx.managedidentitywallets.config.RevocationSettings;
 import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer;
 import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
 import org.eclipse.tractusx.managedidentitywallets.controller.IssuersCredentialController;
@@ -101,6 +102,9 @@ class HoldersCredentialTest {
     @Autowired
     private TestRestTemplate restTemplate;
 
+    @Autowired
+    private RevocationSettings revocationSettings;
+
     @MockInBean(RevocationService.class)
     private RevocationClient revocationClient;
 
@@ -149,7 +153,7 @@ void issueCredentialTest200() throws JsonProcessingException {
 
         List<HoldersCredential> credentials = holdersCredentialRepository.getByHolderDidAndType(did, type);
         Assertions.assertFalse(credentials.isEmpty());
-        TestUtils.checkVC(credentials.get(0).getData(), miwSettings);
+        TestUtils.checkVC(credentials.get(0).getData(), miwSettings, revocationSettings);
         Assertions.assertTrue(credentials.get(0).isSelfIssued());
         Assertions.assertFalse(credentials.get(0).isStored());
     }
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java
index 92fc8b40..52f73c4d 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java
@@ -31,6 +31,7 @@
 import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.commons.exception.ForbiddenException;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
+import org.eclipse.tractusx.managedidentitywallets.config.RevocationSettings;
 import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer;
 import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential;
@@ -89,6 +90,9 @@ class IssuersCredentialTest {
     @Autowired
     private IssuersCredentialRepository issuersCredentialRepository;
 
+    @Autowired
+    private RevocationSettings revocationSettings;
+
 
     @MockInBean(RevocationService.class)
     private RevocationClient revocationClient;
@@ -259,7 +263,7 @@ void issueCredentials200() throws com.fasterxml.jackson.core.JsonProcessingExcep
 
         List<HoldersCredential> credentials = holdersCredentialRepository.getByHolderDidAndType(did, type);
         Assertions.assertFalse(credentials.isEmpty());
-        TestUtils.checkVC(credentials.get(0).getData(), miwSettings);
+        TestUtils.checkVC(credentials.get(0).getData(), miwSettings, revocationSettings);
         Assertions.assertFalse(credentials.get(0).isStored());  //stored must be false
         Assertions.assertFalse(credentials.get(0).isSelfIssued());  //stored must be false
 

From e739cdc6be1cc8c0c9d3cf2dde8b1b2ef0055b22 Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Mon, 17 Jun 2024 15:48:25 +0530
Subject: [PATCH 09/48] fix: more test added

---
 .../services/RevocationService.java           | 14 ++-
 .../services/RevocationServiceTest.java       | 96 +++++++++++++++++++
 .../services/StatusVerificationTest.java      | 33 +++++++
 .../commons/constant/StringPool.java          |  2 +
 4 files changed, 143 insertions(+), 2 deletions(-)
 create mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/StatusVerificationTest.java

diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java
index f0ebd35c..ab273c17 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java
@@ -25,6 +25,8 @@
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.CredentialStatus;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.commons.exception.BadDataException;
 import org.eclipse.tractusx.managedidentitywallets.revocation.config.MIWSettings;
 import org.eclipse.tractusx.managedidentitywallets.revocation.constant.RevocationApiEndpoints;
@@ -89,10 +91,19 @@ public class RevocationService {
 
     private final MIWSettings miwSettings;
 
+    /**
+     * Verifies the status of a credential based on the provided CredentialStatusDto object.
+     *
+     * @param statusDto The CredentialStatusDto object containing the necessary information for status verification.
+     * @return A Map object with the key "status" and the value "revoked" or "active" indicating the status of the credential.
+     * @throws BadDataException If the status list VC is not found for the issuer.
+     */
     @Transactional
 
     public Map<String, String> verifyStatus(CredentialStatusDto statusDto) {
 
+        validateCredentialStatus(statusDto);
+
         String url = statusDto.statusListCredential();
 
         String[] values = CommonUtils.extractValuesFromURL(url);
@@ -106,13 +117,12 @@ public Map<String, String> verifyStatus(CredentialStatusDto statusDto) {
         //validate status list VC
         validateStatusListVC(statusListCredential);
 
-
         String encodedList = statusListCredential.getCredentialSubject().get(0).get(ENCODED_LIST).toString();
 
         BitSet bitSet = BitSetManager.decompress(BitSetManager.decodeFromString(encodedList));
         int index = Integer.parseInt(statusDto.statusListIndex());
         boolean status = bitSet.get(index);
-        return Map.of("status", status ? "revoked" : "active");
+        return Map.of(StringPool.STATUS, status ? CredentialStatus.REVOKED.getName() : CredentialStatus.ACTIVE.getName());
     }
 
 
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationServiceTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationServiceTest.java
index 3d98c148..728ec0d2 100644
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationServiceTest.java
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationServiceTest.java
@@ -22,6 +22,9 @@
 package org.eclipse.tractusx.managedidentitywallets.revocation.services;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
+import lombok.SneakyThrows;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.CredentialStatus;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.revocation.TestUtil;
 import org.eclipse.tractusx.managedidentitywallets.revocation.config.MIWSettings;
 import org.eclipse.tractusx.managedidentitywallets.revocation.dto.CredentialStatusDto;
@@ -33,8 +36,11 @@
 import org.eclipse.tractusx.managedidentitywallets.revocation.repository.StatusListCredentialRepository;
 import org.eclipse.tractusx.managedidentitywallets.revocation.repository.StatusListIndexRepository;
 import org.eclipse.tractusx.managedidentitywallets.revocation.utils.BitSetManager;
+import org.eclipse.tractusx.ssi.lib.did.resolver.DidResolver;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialSubject;
+import org.eclipse.tractusx.ssi.lib.proof.LinkedDataProofValidation;
+import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.DisplayName;
@@ -49,6 +55,7 @@
 import java.util.Base64;
 import java.util.BitSet;
 import java.util.List;
+import java.util.Map;
 import java.util.Optional;
 import java.util.UUID;
 
@@ -107,6 +114,95 @@ public void beforeEach() {
         Mockito.reset(statusListCredentialRepository, statusListIndexRepository, httpClientService);
     }
 
+
+    @Nested
+    class VerifyStatusTest {
+        @SneakyThrows
+        @Test
+        void shouldVerifyStatusActive() {
+            final var issuer = DID;
+            var encodedList = mockEmptyEncodedList();
+            var credentialBuilder = mockStatusListVC(issuer, "1", encodedList);
+            var statusListCredential = mockStatusListCredential(issuer, credentialBuilder);
+            // 1. create status list with the credential
+            var statusListIndex = mockStatusListIndex(issuer, statusListCredential, "0");
+            when(statusListIndex.getStatusListCredential()).thenReturn(statusListCredential);
+            when(statusListCredentialRepository.findById(any(String.class)))
+                    .thenReturn(Optional.of(statusListCredential));
+            CredentialStatusDto credentialStatusDto = Mockito.mock(CredentialStatusDto.class);
+            when(credentialStatusDto.id())
+                    .thenReturn(
+                            "http://this-is-my-domain/api/v1/revocations/credentials/"
+                                    + TestUtil.extractBpnFromDid(issuer)
+                                    + "/revocation/1#0");
+            when(credentialStatusDto.statusPurpose()).thenReturn("revocation");
+            when(credentialStatusDto.statusListIndex()).thenReturn("0");
+            when(credentialStatusDto.statusListCredential())
+                    .thenReturn(
+                            "http://this-is-my-domain/api/v1/revocations/credentials/"
+                                    + TestUtil.extractBpnFromDid(issuer)
+                                    + "/revocation/1");
+            when(credentialStatusDto.type()).thenReturn("BitstringStatusListEntry");
+
+
+            try (MockedStatic<LinkedDataProofValidation> utils = Mockito.mockStatic(LinkedDataProofValidation.class)) {
+                LinkedDataProofValidation mock = Mockito.mock(LinkedDataProofValidation.class);
+                utils.when(() -> {
+                    LinkedDataProofValidation.newInstance(Mockito.any(DidResolver.class));
+                }).thenReturn(mock);
+                Mockito.when(mock.verify(Mockito.any(VerifiableCredential.class))).thenReturn(true);
+                Map<String, String> status = revocationService.verifyStatus(credentialStatusDto);
+                Assertions.assertTrue(status.get(StringPool.STATUS).equals(CredentialStatus.ACTIVE.getName()));
+            }
+        }
+
+        @SneakyThrows
+        @Test
+        void shouldVerifyStatusRevoke() {
+
+            String indexTORevoke = "0";
+            final var issuer = DID;
+
+            //set bit at index
+            String encodedList = mockEmptyEncodedList();
+            encodedList = BitSetManager.revokeCredential(encodedList, Integer.parseInt(indexTORevoke));
+
+
+            var credentialBuilder = mockStatusListVC(issuer, "1", encodedList);
+            var statusListCredential = mockStatusListCredential(issuer, credentialBuilder);
+            // 1. create status list with the credential
+            var statusListIndex = mockStatusListIndex(issuer, statusListCredential, "0");
+            when(statusListIndex.getStatusListCredential()).thenReturn(statusListCredential);
+            when(statusListCredentialRepository.findById(any(String.class)))
+                    .thenReturn(Optional.of(statusListCredential));
+            CredentialStatusDto credentialStatusDto = Mockito.mock(CredentialStatusDto.class);
+            when(credentialStatusDto.id())
+                    .thenReturn(
+                            "http://this-is-my-domain/api/v1/revocations/credentials/"
+                                    + TestUtil.extractBpnFromDid(issuer)
+                                    + "/revocation/1#0");
+            when(credentialStatusDto.statusPurpose()).thenReturn("revocation");
+            when(credentialStatusDto.statusListIndex()).thenReturn(indexTORevoke);
+            when(credentialStatusDto.statusListCredential())
+                    .thenReturn(
+                            "http://this-is-my-domain/api/v1/revocations/credentials/"
+                                    + TestUtil.extractBpnFromDid(issuer)
+                                    + "/revocation/1");
+            when(credentialStatusDto.type()).thenReturn("BitstringStatusListEntry");
+            try (MockedStatic<LinkedDataProofValidation> utils = Mockito.mockStatic(LinkedDataProofValidation.class)) {
+                LinkedDataProofValidation mock = Mockito.mock(LinkedDataProofValidation.class);
+                utils.when(() -> {
+                    LinkedDataProofValidation.newInstance(Mockito.any(DidResolver.class));
+                }).thenReturn(mock);
+                Mockito.when(mock.verify(Mockito.any(VerifiableCredential.class))).thenReturn(true);
+                Map<String, String> status = revocationService.verifyStatus(credentialStatusDto);
+
+                Assertions.assertTrue(status.get(StringPool.STATUS).equals(CredentialStatus.REVOKED.getName()));
+            }
+        }
+    }
+
+
     @Nested
     class RevokeTest {
 
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/StatusVerificationTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/StatusVerificationTest.java
new file mode 100644
index 00000000..80a83706
--- /dev/null
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/StatusVerificationTest.java
@@ -0,0 +1,33 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.revocation.services;
+
+import org.junit.jupiter.api.Test;
+
+public class StatusVerificationTest {
+
+
+    @Test
+    void testVerification() {
+
+    }
+}
diff --git a/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/StringPool.java b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/StringPool.java
index 5ee3fd5e..531b59a7 100644
--- a/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/StringPool.java
+++ b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/StringPool.java
@@ -101,4 +101,6 @@ public class StringPool {
 
     public static final String CREDENTIAL_STATUS = "credentialStatus";
 
+    public static final String STATUS = "status";
+
 }

From 042292f1d4ebf6018721af1f748f3598ee619aa9 Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Mon, 17 Jun 2024 16:28:49 +0530
Subject: [PATCH 10/48] fix: dockerfile and dockerfile location

---
 .github/workflows/release.yml | 3 ++-
 miw/Dockerfile                | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f4d31cbf..41ec6790 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -171,10 +171,11 @@ jobs:
       - name: Push image
         uses: docker/build-push-action@v5
         with:
-          context: ./miw
+          context: .
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          file: ./miw/Dockerfile
 
       # https://github.com/peter-evans/dockerhub-description
       # Important step to push image description to DockerHub
diff --git a/miw/Dockerfile b/miw/Dockerfile
index c92d9245..d0860a6f 100644
--- a/miw/Dockerfile
+++ b/miw/Dockerfile
@@ -27,7 +27,7 @@ RUN apk add curl
 
 USER miw
 
-COPY ../LICENSE ../NOTICE.md ../DEPENDENCIES ../SECURITY.md ./build/libs/miw-latest.jar /app/
+COPY LICENSE NOTICE.md DEPENDENCIES SECURITY.md ./miw/build/libs/miw-latest.jar /app/
 
 WORKDIR /app
 

From 6a7cff2acb846fa9b664b359ec8fc179673df459 Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Mon, 17 Jun 2024 19:06:06 +0530
Subject: [PATCH 11/48] feat: test coverage verification added at root gradle
 level and javadoc for miw-commons

---
 build.gradle                                  |  77 ++++++++++-
 miw/build.gradle                              |  63 ---------
 revocation-service/build.gradle               |  55 --------
 wallet-commons/build.gradle                   |   1 -
 .../commons/constant/ApplicationRole.java     |   7 +-
 .../commons/constant/CredentialStatus.java    |  12 +-
 .../commons/constant/RevocationPurpose.java   |  15 ++-
 .../commons/constant/StringPool.java          | 120 ++++++++++++++++++
 .../commons/constant/SupportedAlgorithms.java |   9 ++
 .../exception/BadDataExceptionTest.java       |  56 ++++++++
 .../exception/ForbiddenExceptionTest.java     |  58 +++++++++
 11 files changed, 341 insertions(+), 132 deletions(-)
 create mode 100644 wallet-commons/src/test/java/org/eclipse/tractusx/managedidentitywallets/commons/exception/BadDataExceptionTest.java
 create mode 100644 wallet-commons/src/test/java/org/eclipse/tractusx/managedidentitywallets/commons/exception/ForbiddenExceptionTest.java

diff --git a/build.gradle b/build.gradle
index a0a9fac8..dfa23d53 100644
--- a/build.gradle
+++ b/build.gradle
@@ -37,7 +37,8 @@ subprojects {
         plugin "java"
         plugin "org.springframework.boot"
         plugin "io.spring.dependency-management"
-        plugin 'jacoco-report-aggregation'
+        plugin "jacoco"
+        plugin 'project-report'
 
     }
 
@@ -81,6 +82,68 @@ subprojects {
         enabled = false
     }
 
+
+    test {
+        useJUnitPlatform()
+        finalizedBy jacocoTestReport
+    }
+
+    jacocoTestReport {
+
+        reports {
+            xml.enabled true
+            xml.outputLocation = file("./build/reports/xml/jacoco.xml")
+
+            csv.enabled false
+
+            html.enabled true
+            html.outputLocation = file("./build/reports/html/jacoco")
+        }
+
+        afterEvaluate {
+            classDirectories.setFrom(files(classDirectories.files.collect {
+                fileTree(dir: it, exclude: [
+                        "org/eclipse/tractusx/managedidentitywallets/dto/*",
+                        "org/eclipse/tractusx/managedidentitywallets/dao/entity/*",
+                        "org/eclipse/tractusx/managedidentitywallets/constant/*",
+                        "org/eclipse/tractusx/managedidentitywallets/commons/constant/*",
+                        "org/eclipse/tractusx/managedidentitywallets/exception/*"
+                ])
+            }))
+        }
+    }
+
+    jacoco {
+        toolVersion = "${jacocoVersion}"
+    }
+
+
+    jacocoTestCoverageVerification {
+        afterEvaluate {
+            classDirectories.setFrom(files(classDirectories.files.collect {
+                fileTree(dir: it, exclude: [
+                        "org/eclipse/tractusx/managedidentitywallets/dto/*",
+                        "org/eclipse/tractusx/managedidentitywallets/dao/entity/*",
+                        "org/eclipse/tractusx/managedidentitywallets/constant/*",
+                        "org/eclipse/tractusx/managedidentitywallets/commons/constant/*",
+                        "org/eclipse/tractusx/managedidentitywallets/exception/*"
+                ])
+            }))
+        }
+        violationRules {
+            rule {
+                limit {
+                    minimum = 0.80
+                }
+            }
+        }
+    }
+
+    htmlDependencyReport {
+        projects = project.allprojects
+    }
+
+    check.dependsOn jacocoTestCoverageVerification
 }
 
 
@@ -116,8 +179,8 @@ tasks.register('dashDependencies') { dashDependencies ->
                             conf.incoming.resolutionResult.allDependencies
                                     .findAll({ it instanceof ResolvedDependencyResult })
                                     .collect { ResolvedDependencyResult dep ->
-                                "${dep.selected}"
-                            }
+                                        "${dep.selected}"
+                                    }
                     )
                 }
             }
@@ -126,10 +189,10 @@ tasks.register('dashDependencies') { dashDependencies ->
         def finalDeps = []
         for (final def d in deps) {
             //skip main module dependencies
-            if(d.toString() =="project :miw" || d.toString() =="project :revocation-service"){
-                println(" - "+d.toString() + " -")
+            if (d.toString() == "project :miw" || d.toString() == "project :revocation-service") {
+                println(" - " + d.toString() + " -")
 
-            }else{
+            } else {
                 finalDeps.add(d)
             }
         }
@@ -148,7 +211,7 @@ tasks.register('dashLicenseCheck', JavaExec) { dashLicenseCheck ->
     doFirst {
         classpath = rootProject.files('dash.jar')
         // docs: https://eclipse-tractusx.github.io/docs/release/trg-7/trg-7-04
-        args('-project', 'automotive.tractusx',  '-summary', 'DEPENDENCIES', 'deps.txt')
+        args('-project', 'automotive.tractusx', '-summary', 'DEPENDENCIES', 'deps.txt')
     }
     doLast {
         logger.lifecycle("Removing 'deps.txt' now.")
diff --git a/miw/build.gradle b/miw/build.gradle
index 9b70d146..5b3c6c45 100644
--- a/miw/build.gradle
+++ b/miw/build.gradle
@@ -19,8 +19,6 @@
 
 plugins {
     id 'java'
-    id "jacoco"
-    id 'project-report'
     id "de.undercouch.download" version "5.5.0"
 }
 
@@ -94,64 +92,3 @@ bootJar {
         from '../LICENSE'
     }
 }
-
-test {
-    useJUnitPlatform()
-    finalizedBy jacocoTestReport
-}
-
-htmlDependencyReport {
-    projects = project.allprojects
-}
-
-jacocoTestReport {
-
-    reports {
-        xml.enabled true
-        xml.outputLocation = file("./build/reports/xml/jacoco.xml")
-
-        csv.enabled false
-
-        html.enabled true
-        html.outputLocation = file("./build/reports/html/jacoco")
-    }
-
-    afterEvaluate {
-        classDirectories.setFrom(files(classDirectories.files.collect {
-            fileTree(dir: it, exclude: [
-                    "org/eclipse/tractusx/managedidentitywallets/dto/*",
-                    "org/eclipse/tractusx/managedidentitywallets/dao/entity/*",
-                    "org/eclipse/tractusx/managedidentitywallets/constant/*",
-                    "org/eclipse/tractusx/managedidentitywallets/exception/*"
-            ])
-        }))
-    }
-}
-
-jacoco {
-    toolVersion = "${jacocoVersion}"
-}
-
-
-jacocoTestCoverageVerification {
-    afterEvaluate {
-        classDirectories.setFrom(files(classDirectories.files.collect {
-            fileTree(dir: it, exclude: [
-                    "org/eclipse/tractusx/managedidentitywallets/dto/*",
-                    "org/eclipse/tractusx/managedidentitywallets/dao/entity/*",
-                    "org/eclipse/tractusx/managedidentitywallets/constant/*",
-                    "org/eclipse/tractusx/managedidentitywallets/exception/*"
-            ])
-        }))
-    }
-    violationRules {
-        rule {
-            limit {
-                // disabled for now
-                minimum = 0.00
-            }
-        }
-    }
-}
-
-check.dependsOn jacocoTestCoverageVerification
diff --git a/revocation-service/build.gradle b/revocation-service/build.gradle
index edb64565..477bbefc 100644
--- a/revocation-service/build.gradle
+++ b/revocation-service/build.gradle
@@ -19,8 +19,6 @@
 
 plugins {
     id 'java'
-    id 'jacoco'
-    id 'project-report'
 }
 
 group = "${groupName}"
@@ -81,56 +79,3 @@ build {
     version = "latest"
 
 }
-
-tasks.named('test') {
-    useJUnitPlatform()
-}
-
-tasks.test {
-    finalizedBy(tasks.jacocoTestReport) // report is always generated after tests run
-    testLogging {
-        events("passed", "skipped", "failed")
-    }
-}
-tasks.jacocoTestReport {
-    dependsOn(tasks.test)
-    reports {
-        xml.required = true
-        csv.required = false
-        html.required = true
-    }
-
-    afterEvaluate {
-        classDirectories.setFrom(files(classDirectories.files.collect {
-            fileTree(dir: it, exclude: [
-                    "org/eclipse/tractusx/managedidentitywallets/revocation/utils/StringPool.class",
-                    "org/eclipse/tractusx/managedidentitywallets/revocation/config/security/SecurityConfigProperties.class"
-            ])
-        }))
-    }
-}
-
-htmlDependencyReport {
-    projects = project.allprojects
-}
-
-
-jacocoTestCoverageVerification {
-    afterEvaluate {
-        classDirectories.setFrom(files(classDirectories.files.collect {
-            fileTree(dir: it, exclude: [
-                    "org/eclipse/tractusx/managedidentitywallets/revocation/utils/StringPool.class",
-                    "org/eclipse/tractusx/managedidentitywallets/revocation/config/security/SecurityConfigProperties.class"
-            ])
-        }))
-    }
-    violationRules {
-        rule {
-            limit {
-                minimum = 0.8
-            }
-        }
-    }
-}
-
-check.dependsOn jacocoTestCoverageVerification
diff --git a/wallet-commons/build.gradle b/wallet-commons/build.gradle
index 45119542..87f366a4 100644
--- a/wallet-commons/build.gradle
+++ b/wallet-commons/build.gradle
@@ -19,7 +19,6 @@
 
 plugins {
     id 'java-library'
-    id 'jacoco'
     id 'maven-publish'
 }
 
diff --git a/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/ApplicationRole.java b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/ApplicationRole.java
index 581d285a..9ef1870d 100644
--- a/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/ApplicationRole.java
+++ b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/ApplicationRole.java
@@ -21,11 +21,10 @@
 
 package org.eclipse.tractusx.managedidentitywallets.commons.constant;
 
-public class ApplicationRole {
+import lombok.experimental.UtilityClass;
 
-    private ApplicationRole() {
-        throw new IllegalStateException("Constant class");
-    }
+@UtilityClass
+public class ApplicationRole {
 
     /**
      * The constant ROLE_VIEW_WALLETS.
diff --git a/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/CredentialStatus.java b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/CredentialStatus.java
index ea5503f9..faa46f84 100644
--- a/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/CredentialStatus.java
+++ b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/CredentialStatus.java
@@ -23,10 +23,20 @@
 
 import lombok.Getter;
 
+/**
+ * The enum Credential status.
+ */
 @Getter
 public enum CredentialStatus {
 
-    ACTIVE("active"), REVOKED("revoked");
+    /**
+     * Active credential status.
+     */
+    ACTIVE("active"),
+    /**
+     * Revoked credential status.
+     */
+    REVOKED("revoked");
 
     private final String name;
 
diff --git a/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/RevocationPurpose.java b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/RevocationPurpose.java
index 608ec2f5..794de68b 100644
--- a/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/RevocationPurpose.java
+++ b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/RevocationPurpose.java
@@ -21,8 +21,21 @@
 
 package org.eclipse.tractusx.managedidentitywallets.commons.constant;
 
+import lombok.Getter;
+
+/**
+ * The enum Revocation purpose.
+ */
+@Getter
 public enum RevocationPurpose {
-    REVOCATION("revocation"), SUSPENSION("suspension");
+    /**
+     * revocation purpose.
+     */
+    REVOCATION("revocation"),
+    /**
+     * Suspension  purpose.
+     */
+    SUSPENSION("suspension");
 
     private final String name;
 
diff --git a/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/StringPool.java b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/StringPool.java
index 531b59a7..d73feea1 100644
--- a/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/StringPool.java
+++ b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/StringPool.java
@@ -23,25 +23,70 @@
 
 import lombok.experimental.UtilityClass;
 
+/**
+ * The type String pool.
+ */
 @UtilityClass
 public class StringPool {
 
 
+    /**
+     * The constant CREDENTIAL_ID.
+     */
     public static final String CREDENTIAL_ID = "credentialId";
 
+    /**
+     * The constant VERIFIABLE_CREDENTIALS.
+     */
     public static final String VERIFIABLE_CREDENTIALS = "verifiableCredentials";
+    /**
+     * The constant VP.
+     */
     public static final String VP = "vp";
+    /**
+     * The constant VC.
+     */
     public static final String VC = "vc";
+    /**
+     * The constant VALID.
+     */
     public static final String VALID = "valid";
+    /**
+     * The constant VALIDATE_AUDIENCE.
+     */
     public static final String VALIDATE_AUDIENCE = "validateAudience";
+    /**
+     * The constant VALIDATE_EXPIRY_DATE.
+     */
     public static final String VALIDATE_EXPIRY_DATE = "validateExpiryDate";
+    /**
+     * The constant VALIDATE_JWT_EXPIRY_DATE.
+     */
     public static final String VALIDATE_JWT_EXPIRY_DATE = "validateJWTExpiryDate";
+    /**
+     * The constant DID_DOCUMENT.
+     */
     public static final String DID_DOCUMENT = "didDocument";
 
+    /**
+     * The constant ISSUER_DID.
+     */
     public static final String ISSUER_DID = "issuerDid";
+    /**
+     * The constant HOLDER_DID.
+     */
     public static final String HOLDER_DID = "holderDid";
+    /**
+     * The constant HOLDER_IDENTIFIER.
+     */
     public static final String HOLDER_IDENTIFIER = "holderIdentifier";
+    /**
+     * The constant TYPE.
+     */
     public static final String TYPE = "type";
+    /**
+     * The constant ED_25519.
+     */
     public static final String ED_25519 = "ED25519";
 
 
@@ -55,38 +100,104 @@ public class StringPool {
      */
     public static final String BPN = "bpn";
 
+    /**
+     * The constant ID.
+     */
     public static final String ID = "id";
 
+    /**
+     * The constant CLIENT_ID.
+     */
     public static final String CLIENT_ID = "miw_private_client";
 
+    /**
+     * The constant CLIENT_SECRET.
+     */
     public static final String CLIENT_SECRET = "miw_private_client_secret";
 
+    /**
+     * The constant REALM.
+     */
     public static final String REALM = "miw_test";
+    /**
+     * The constant VALID_USER_NAME.
+     */
     public static final String VALID_USER_NAME = "valid_user";
 
+    /**
+     * The constant INVALID_USER_NAME.
+     */
     public static final String INVALID_USER_NAME = "invalid_user";
+    /**
+     * The constant CLIENT_CREDENTIALS.
+     */
     public static final String CLIENT_CREDENTIALS = "client_credentials";
+    /**
+     * The constant OPENID.
+     */
     public static final String OPENID = "openid";
+    /**
+     * The constant BEARER_SPACE.
+     */
     public static final String BEARER_SPACE = "Bearer ";
 
+    /**
+     * The constant BPN_NUMBER_REGEX.
+     */
     public static final String BPN_NUMBER_REGEX = "^(BPN)(L|S|A)[0-9A-Z]{12}";
 
+    /**
+     * The constant W3_ID_JWS_2020_V1_CONTEXT_URL.
+     */
     public static final String W3_ID_JWS_2020_V1_CONTEXT_URL = "https://w3id.org/security/suites/jws-2020/v1";
 
+    /**
+     * The constant COMA_SEPARATOR.
+     */
     public static final String COMA_SEPARATOR = ", ";
+    /**
+     * The constant BLANK_SEPARATOR.
+     */
     public static final String BLANK_SEPARATOR = " ";
+    /**
+     * The constant COLON_SEPARATOR.
+     */
     public static final String COLON_SEPARATOR = ":";
+    /**
+     * The constant UNDERSCORE.
+     */
     public static final String UNDERSCORE = "_";
 
+    /**
+     * The constant REFERENCE_KEY.
+     */
     public static final String REFERENCE_KEY = "dummy ref key, removed once vault setup is ready";
+    /**
+     * The constant VAULT_ACCESS_TOKEN.
+     */
     public static final String VAULT_ACCESS_TOKEN = "dummy vault access token, removed once vault setup is ready";
 
+    /**
+     * The constant PRIVATE_KEY.
+     */
     public static final String PRIVATE_KEY = "PRIVATE KEY";
+    /**
+     * The constant PUBLIC_KEY.
+     */
     public static final String PUBLIC_KEY = "PUBLIC KEY";
+    /**
+     * The constant VC_JWT_KEY.
+     */
     public static final String VC_JWT_KEY = "jwt";
 
+    /**
+     * The constant AS_JWT.
+     */
     public static final String AS_JWT = "asJwt";
 
+    /**
+     * The constant BPN_CREDENTIAL.
+     */
     public static final String BPN_CREDENTIAL = "BpnCredential";
 
     public static final String ASSERTION_METHOD = "assertionMethod";
@@ -97,10 +208,19 @@ public class StringPool {
     public static final String HTTPS_SCHEME = "https://";
     public static final String BPN_NOT_FOUND = "BPN not found";
 
+    /**
+     * The constant REVOCABLE.
+     */
     public static final String REVOCABLE = "revocable";
 
+    /**
+     * The constant CREDENTIAL_STATUS.
+     */
     public static final String CREDENTIAL_STATUS = "credentialStatus";
 
+    /**
+     * The constant STATUS.
+     */
     public static final String STATUS = "status";
 
 }
diff --git a/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/SupportedAlgorithms.java b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/SupportedAlgorithms.java
index b9750cfe..adc2295a 100644
--- a/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/SupportedAlgorithms.java
+++ b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/constant/SupportedAlgorithms.java
@@ -21,9 +21,18 @@
 
 package org.eclipse.tractusx.managedidentitywallets.commons.constant;
 
+/**
+ * The enum Supported algorithms.
+ */
 public enum SupportedAlgorithms {
 
+    /**
+     * Ed 25519 supported algorithms.
+     */
     ED25519("ED25519"),
+    /**
+     * Es 256 k supported algorithms.
+     */
     ES256K("ES256K");
 
     private final String value;
diff --git a/wallet-commons/src/test/java/org/eclipse/tractusx/managedidentitywallets/commons/exception/BadDataExceptionTest.java b/wallet-commons/src/test/java/org/eclipse/tractusx/managedidentitywallets/commons/exception/BadDataExceptionTest.java
new file mode 100644
index 00000000..feb1ba5a
--- /dev/null
+++ b/wallet-commons/src/test/java/org/eclipse/tractusx/managedidentitywallets/commons/exception/BadDataExceptionTest.java
@@ -0,0 +1,56 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.commons.exception;
+
+
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+class BadDataExceptionTest {
+
+    public static final String ERROR_MSG = "This is a bad data exception";
+
+    @Test
+    void testConstructorWithMessage() {
+        String message = ERROR_MSG;
+        BadDataException exception = new BadDataException(message);
+        Assertions.assertEquals(message, exception.getMessage());
+        Assertions.assertNull(exception.getCause());
+    }
+
+    @Test
+    void testConstructorWithMessageAndCause() {
+        String message = ERROR_MSG;
+        Throwable cause = new IllegalArgumentException("Invalid argument");
+        BadDataException exception = new BadDataException(message, cause);
+        Assertions.assertEquals(message, exception.getMessage());
+        Assertions.assertEquals(cause, exception.getCause());
+    }
+
+    @Test
+    void testConstructorWithCause() {
+        Throwable cause = new IllegalArgumentException("Invalid argument");
+        BadDataException exception = new BadDataException(cause);
+        Assertions.assertEquals(cause.toString(), exception.getMessage());
+        Assertions.assertEquals(cause, exception.getCause());
+    }
+}
diff --git a/wallet-commons/src/test/java/org/eclipse/tractusx/managedidentitywallets/commons/exception/ForbiddenExceptionTest.java b/wallet-commons/src/test/java/org/eclipse/tractusx/managedidentitywallets/commons/exception/ForbiddenExceptionTest.java
new file mode 100644
index 00000000..4dcfd20a
--- /dev/null
+++ b/wallet-commons/src/test/java/org/eclipse/tractusx/managedidentitywallets/commons/exception/ForbiddenExceptionTest.java
@@ -0,0 +1,58 @@
+/*
+ * *******************************************************************************
+ *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+ *
+ *  See the NOTICE file(s) distributed with this work for additional
+ *  information regarding copyright ownership.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ *  License for the specific language governing permissions and limitations
+ *  under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ * ******************************************************************************
+ */
+
+package org.eclipse.tractusx.managedidentitywallets.commons.exception;
+
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+class ForbiddenExceptionTest {
+
+    @Test
+    void testConstructorWithMessage() {
+        String message = "Forbidden access!";
+        ForbiddenException exception = new ForbiddenException(message);
+        Assertions.assertEquals(message, exception.getMessage());
+    }
+
+    @Test
+    void testConstructorWithMessageAndCause() {
+        String message = "Forbidden access!";
+        Throwable cause = new IllegalArgumentException("Illegal argument");
+        ForbiddenException exception = new ForbiddenException(message, cause);
+        Assertions.assertEquals(message, exception.getMessage());
+        Assertions.assertEquals(cause, exception.getCause());
+    }
+
+    @Test
+    void testConstructorWithCause() {
+        Throwable cause = new IllegalArgumentException("Illegal argument");
+        ForbiddenException exception = new ForbiddenException(cause);
+        Assertions.assertEquals(cause, exception.getCause());
+    }
+
+    @Test
+    void testDefaultConstructor() {
+        ForbiddenException exception = new ForbiddenException();
+        Assertions.assertNull(exception.getMessage());
+        Assertions.assertNull(exception.getCause());
+    }
+}

From 168493aa90319611188b99a8be6f85568931537c Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Mon, 17 Jun 2024 19:10:15 +0530
Subject: [PATCH 12/48] doc: env updated for MIW

---
 miw/README.md | 64 ++++++++++++++++++++++++++-------------------------
 1 file changed, 33 insertions(+), 31 deletions(-)

diff --git a/miw/README.md b/miw/README.md
index 25f6e815..0ea651ac 100644
--- a/miw/README.md
+++ b/miw/README.md
@@ -160,7 +160,8 @@ Description of the env files:
 - **env.local**: Set up everything to get ready for flow "local". You need to fill in the passwords.
 - **env.docker**: Set up everything to get ready for flow "docker". You need to fill in the passwords.
 
-> **IMPORTANT**: ssi-lib is resolving DID documents over the network. There are two endpoints that rely on this resolution:
+> **IMPORTANT**: ssi-lib is resolving DID documents over the network. There are two endpoints that rely on this
+> resolution:
 > - Verifiable Credentials - Validation
 > - Verifiable Presentations - Validation
 >
@@ -286,36 +287,37 @@ This process ensures that any issues with the database schema are resolved by re
 
 # Environment Variables
 
-| name                            | description                                                                                  | default value                                                                                                                                       |
-|---------------------------------|----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
-| APPLICATION_PORT                | port number of application                                                                   | 8080                                                                                                                                                |
-| APPLICATION_ENVIRONMENT         | Environment of the application ie. local, dev, int and prod                                  | local                                                                                                                                               |
-| DB_HOST                         | Database host                                                                                | localhost                                                                                                                                           |
-| DB_PORT                         | Port of database                                                                             | 5432                                                                                                                                                |
-| DB_NAME                         | Database name                                                                                | miw                                                                                                                                                 |
-| USE_SSL                         | Whether SSL is enabled in database server                                                    | false                                                                                                                                               |
-| DB_USER_NAME                    | Database username                                                                            |                                                                                                                                                     |
-| DB_PASSWORD                     | Database password                                                                            |                                                                                                                                                     |
-| DB_POOL_SIZE                    | Max number of database connection acquired by application                                    | 10                                                                                                                                                  |
-| KEYCLOAK_MIW_PUBLIC_CLIENT      | Only needed if we want enable login with keyalock in swagger                                 | miw_public                                                                                                                                          |
-| MANAGEMENT_PORT                 | Spring actuator port                                                                         | 8090                                                                                                                                                |
-| MIW_HOST_NAME                   | Application host name, this will be used in creation of did ie. did:web:MIW_HOST_NAME:BPN    | localhost                                                                                                                                           |
-| ENCRYPTION_KEY                  | encryption key used to encrypt and decrypt private and public key of wallet                  |                                                                                                                                                     |
-| AUTHORITY_WALLET_BPN            | base wallet BPN number                                                                       | BPNL000000000000                                                                                                                                    |
-| AUTHORITY_WALLET_NAME           | Base wallet name                                                                             | Catena-X                                                                                                                                            |
-| AUTHORITY_WALLET_DID            | Base wallet web did                                                                          | web:did:host:BPNL000000000000                                                                                                                       |
-| VC_SCHEMA_LINK                  | Comma separated list of VC schema URL                                                        | https://www.w3.org/2018/credentials/v1, https://catenax-ng.github.io/product-core-schemas/businessPartnerData.json                                  |
-| VC_EXPIRY_DATE                  | Expiry date of VC (dd-MM-yyyy ie. 01-01-2025 expiry date will be 2024-12-31T18:30:00Z in VC) | 01-01-2025                                                                                                                                          |
-| KEYCLOAK_REALM                  | Realm name of keycloak                                                                       | miw_test                                                                                                                                            |
-| KEYCLOAK_CLIENT_ID              | Keycloak private client id                                                                   |                                                                                                                                                     |
-| AUTH_SERVER_URL                 | Keycloak server url                                                                          |                                                                                                                                                     |
-| SUPPORTED_FRAMEWORK_VC_TYPES    | Supported framework VC, provide values ie type1=value1,type2=value2                          | cx-behavior-twin=Behavior Twin,cx-pcf=PCF,cx-quality=Quality,cx-resiliency=Resiliency,cx-sustainability=Sustainability,cx-traceability=ID_3.0_Trace |
-| ENFORCE_HTTPS_IN_DID_RESOLUTION | Enforce https during web did resolution                                                      | true                                                                                                                                                |
-| CONTRACT_TEMPLATES_URL          | Contract templates URL used in summary VC                                                    | https://public.catena-x.org/contracts/                                                                                                              |
-| APP_LOG_LEVEL                   | Log level of application                                                                     | INFO                                                                                                                                                |
-| AUTHORITY_SIGNING_SERVICE_TYPE  | Base wallet signing type, Currency only LOCAL is supported                                   | Local                                                                                                                                               |
-| LOCAL_SIGNING_KEY_STORAGE_TYPE  | Key storage type, currently only DB is supported                                             | DB                                                                                                                                                  |
-|                                 |                                                                                              |                                                                                                                                                     |
+| name                              | description                                                                                  | default value                                                                                                                                       |
+|-----------------------------------|----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
+| APPLICATION_PORT                  | port number of application                                                                   | 8080                                                                                                                                                |
+| APPLICATION_ENVIRONMENT           | Environment of the application ie. local, dev, int and prod                                  | local                                                                                                                                               |
+| DB_HOST                           | Database host                                                                                | localhost                                                                                                                                           |
+| DB_PORT                           | Port of database                                                                             | 5432                                                                                                                                                |
+| DB_NAME                           | Database name                                                                                | miw                                                                                                                                                 |
+| USE_SSL                           | Whether SSL is enabled in database server                                                    | false                                                                                                                                               |
+| DB_USER_NAME                      | Database username                                                                            |                                                                                                                                                     |
+| DB_PASSWORD                       | Database password                                                                            |                                                                                                                                                     |
+| DB_POOL_SIZE                      | Max number of database connection acquired by application                                    | 10                                                                                                                                                  |
+| KEYCLOAK_MIW_PUBLIC_CLIENT        | Only needed if we want enable login with keyalock in swagger                                 | miw_public                                                                                                                                          |
+| MANAGEMENT_PORT                   | Spring actuator port                                                                         | 8090                                                                                                                                                |
+| MIW_HOST_NAME                     | Application host name, this will be used in creation of did ie. did:web:MIW_HOST_NAME:BPN    | localhost                                                                                                                                           |
+| ENCRYPTION_KEY                    | encryption key used to encrypt and decrypt private and public key of wallet                  |                                                                                                                                                     |
+| AUTHORITY_WALLET_BPN              | base wallet BPN number                                                                       | BPNL000000000000                                                                                                                                    |
+| AUTHORITY_WALLET_NAME             | Base wallet name                                                                             | Catena-X                                                                                                                                            |
+| AUTHORITY_WALLET_DID              | Base wallet web did                                                                          | web:did:host:BPNL000000000000                                                                                                                       |
+| VC_SCHEMA_LINK                    | Comma separated list of VC schema URL                                                        | https://www.w3.org/2018/credentials/v1, https://catenax-ng.github.io/product-core-schemas/businessPartnerData.json                                  |
+| VC_EXPIRY_DATE                    | Expiry date of VC (dd-MM-yyyy ie. 01-01-2025 expiry date will be 2024-12-31T18:30:00Z in VC) | 01-01-2025                                                                                                                                          |
+| KEYCLOAK_REALM                    | Realm name of keycloak                                                                       | miw_test                                                                                                                                            |
+| KEYCLOAK_CLIENT_ID                | Keycloak private client id                                                                   |                                                                                                                                                     |
+| AUTH_SERVER_URL                   | Keycloak server url                                                                          |                                                                                                                                                     |
+| SUPPORTED_FRAMEWORK_VC_TYPES      | Supported framework VC, provide values ie type1=value1,type2=value2                          | cx-behavior-twin=Behavior Twin,cx-pcf=PCF,cx-quality=Quality,cx-resiliency=Resiliency,cx-sustainability=Sustainability,cx-traceability=ID_3.0_Trace |
+| ENFORCE_HTTPS_IN_DID_RESOLUTION   | Enforce https during web did resolution                                                      | true                                                                                                                                                |
+| CONTRACT_TEMPLATES_URL            | Contract templates URL used in summary VC                                                    | https://public.catena-x.org/contracts/                                                                                                              |
+| APP_LOG_LEVEL                     | Log level of application                                                                     | INFO                                                                                                                                                |
+| AUTHORITY_SIGNING_SERVICE_TYPE    | Base wallet signing type, Currency only LOCAL is supported                                   | Local                                                                                                                                               |
+| LOCAL_SIGNING_KEY_STORAGE_TYPE    | Key storage type, currently only DB is supported                                             | DB                                                                                                                                                  |
+| BITSTRING_STATUS_LIST_CONTEXT_URL | Context URI for bitstring status list                                                        | https://w3c.github.io/vc-bitstring-status-list/contexts/v1.jsonld                                                                                   |
+|                                   |                                                                                              |                                                                                                                                                     |
 
 # Technical Debts and Known issue
 

From 107538cc8bcb59ff2b95f787a63329862a020a92 Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Mon, 17 Jun 2024 20:27:43 +0530
Subject: [PATCH 13/48] doc: docs added for revocation service

---
 docs/api/revocation-service/openapi_v001.json | 409 ++++++++++--------
 .../images/SingleInstanceDomainView.png       | Bin
 docs/arc42/{ => miw}/images/VPP-Flow.png      | Bin
 docs/arc42/{ => miw}/images/VVP-Flow.puml     |   0
 .../{ => miw}/images/business_context.png     | Bin
 .../{ => miw}/images/issue_revocable_vc.png   | Bin
 .../{ => miw}/images/technical_context.png    | Bin
 .../{ => miw}/images/verify_revocable_vc.png  | Bin
 docs/arc42/{ => miw}/main.md                  |   6 +-
 .../images/business_context.png               | Bin 0 -> 255837 bytes
 .../images/get_status_list_entry_api.png      | Bin 0 -> 6537 bytes
 .../images/get_status_list_vc.png             | Bin 0 -> 7005 bytes
 .../images/issue_revocable_vc.png             | Bin 0 -> 43766 bytes
 .../images/revocation-tech_context.png        | Bin 0 -> 38707 bytes
 .../revocation-service/images/revoke_vc.png   | Bin 0 -> 6054 bytes
 .../images/technical_context.png              | Bin 0 -> 280380 bytes
 .../images/verify_revocable_vc.png            | Bin 0 -> 36718 bytes
 .../images/verify_status.png                  | Bin 0 -> 7252 bytes
 docs/arc42/revocation-service/main.md         | 405 +++++++++++++++++
 docs/{ => database/miw}/ArchitectureWebDID.md |   0
 .../miw}/MIW_DB_Schema_v0.0.1.md              |   0
 .../revocation/revocation_DB_Schema_v0.0.1.md |  24 +
 .../security-assessment-23-12.md              |  60 +--
 .../RevocationApiControllerApiDocs.java       |  65 ++-
 24 files changed, 743 insertions(+), 226 deletions(-)
 rename docs/arc42/{ => miw}/images/SingleInstanceDomainView.png (100%)
 rename docs/arc42/{ => miw}/images/VPP-Flow.png (100%)
 rename docs/arc42/{ => miw}/images/VVP-Flow.puml (100%)
 rename docs/arc42/{ => miw}/images/business_context.png (100%)
 rename docs/arc42/{ => miw}/images/issue_revocable_vc.png (100%)
 rename docs/arc42/{ => miw}/images/technical_context.png (100%)
 rename docs/arc42/{ => miw}/images/verify_revocable_vc.png (100%)
 rename docs/arc42/{ => miw}/main.md (99%)
 create mode 100644 docs/arc42/revocation-service/images/business_context.png
 create mode 100644 docs/arc42/revocation-service/images/get_status_list_entry_api.png
 create mode 100644 docs/arc42/revocation-service/images/get_status_list_vc.png
 create mode 100644 docs/arc42/revocation-service/images/issue_revocable_vc.png
 create mode 100644 docs/arc42/revocation-service/images/revocation-tech_context.png
 create mode 100644 docs/arc42/revocation-service/images/revoke_vc.png
 create mode 100644 docs/arc42/revocation-service/images/technical_context.png
 create mode 100644 docs/arc42/revocation-service/images/verify_revocable_vc.png
 create mode 100644 docs/arc42/revocation-service/images/verify_status.png
 create mode 100644 docs/arc42/revocation-service/main.md
 rename docs/{ => database/miw}/ArchitectureWebDID.md (100%)
 rename docs/{ => database/miw}/MIW_DB_Schema_v0.0.1.md (100%)
 create mode 100644 docs/database/revocation/revocation_DB_Schema_v0.0.1.md

diff --git a/docs/api/revocation-service/openapi_v001.json b/docs/api/revocation-service/openapi_v001.json
index ba06ff8d..0886659c 100644
--- a/docs/api/revocation-service/openapi_v001.json
+++ b/docs/api/revocation-service/openapi_v001.json
@@ -1,131 +1,178 @@
 {
-  "openapi": "3.0.1",
-  "info": {
-    "title": "Reovcation Service API",
-    "description": "Revocation Service API",
-    "contact": {
-      "name": "eclipse-tractusx",
-      "url": "https://projects.eclipse.org/projects/automotive.tractusx",
-      "email": "tractusx-dev@eclipse.org"
+  "openapi" : "3.0.1",
+  "info" : {
+    "title" : "Reovcation Service API",
+    "description" : "Revocation Service API",
+    "contact" : {
+      "name" : "eclipse-tractusx",
+      "url" : "https://projects.eclipse.org/projects/automotive.tractusx",
+      "email" : "tractusx-dev@eclipse.org"
     },
-    "version": "0.0.1"
+    "version" : "0.0.1"
   },
-  "servers": [
+  "servers" : [
     {
-      "url": "http://localhost:8080",
-      "description": "Generated server url"
+      "url" : "http://localhost:8081",
+      "description" : "Generated server url"
     }
   ],
-  "security": [
+  "security" : [
     {
-      "Authenticate using access_token": []
+      "Authenticate using access_token" : []
     }
   ],
-  "tags": [
+  "tags" : [
     {
-      "name": "Revocation Service",
-      "description": "Revocation Service API"
+      "name" : "Revocation Service",
+      "description" : "Revocation Service API"
     }
   ],
-  "paths": {
-    "/api/v1/revocations/status-entry": {
-      "post": {
-        "tags": [
+  "paths" : {
+    "/api/v1/revocations/verify" : {
+      "post" : {
+        "tags" : [
           "Revocation Service"
         ],
-        "summary": "Create or Update a Status List Credential",
-        "description": "Create the status list credential if it does not exist, else update it.",
-        "operationId": "createStatusListVC",
-        "requestBody": {
-          "content": {
-            "application/json": {
-              "schema": {
-                "$ref": "#/components/schemas/StatusEntryDto"
+        "summary" : "Verify Revocation status",
+        "description" : "Verify revocation status of Credential",
+        "operationId" : "verifyRevocation",
+        "requestBody" : {
+          "content" : {
+            "application/json" : {
+              "schema" : {
+                "$ref" : "#/components/schemas/CredentialStatusDto"
               },
-              "example": {
-                "purpose": "revocation",
-                "issuerId": "did:web:localhost:BPNL000000000000"
+              "example" : {
+                "id" : "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1#12",
+                "statusPurpose" : "revocation",
+                "statusListIndex" : "12",
+                "statusListCredential" : "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
+                "type" : "BitstringStatusListEntry"
               }
             }
           },
-          "required": true
+          "required" : true
         },
-        "responses": {
-          "403": {
-            "description": "ForbiddenException: invalid caller"
+        "responses" : {
+          "401" : {
+            "description" : "UnauthorizedException: invalid token"
           },
-          "200": {
-            "description": "Status list credential created/updated successfully.",
-            "content": {
-              "application/json": {
-                "example": {
-                  "id": "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1#0",
-                  "statusPurpose": "revocation",
-                  "statusListIndex": "0",
-                  "statusListCredential": "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
-                  "type": "BitstringStatusListEntry"
-                }
+          "200" : {
+            "description" : "if credential is revoked"
+          },
+          "500" : {
+            "description" : "RevocationServiceException: Internal Server Error"
+          },
+          "409" : {
+            "description" : "ConflictException: Revocation service error",
+            "content" : {
+              "application/json" : {}
+            }
+          },
+          "403" : {
+            "description" : "ForbiddenException: invalid caller"
+          }
+        }
+      }
+    },
+    "/api/v1/revocations/status-entry" : {
+      "post" : {
+        "tags" : [
+          "Revocation Service"
+        ],
+        "summary" : "Create or Update a Status List Credential",
+        "description" : "Create the status list credential if it does not exist, else update it.",
+        "operationId" : "createStatusListVC",
+        "requestBody" : {
+          "content" : {
+            "application/json" : {
+              "schema" : {
+                "$ref" : "#/components/schemas/StatusEntryDto"
+              },
+              "example" : {
+                "purpose" : "revocation",
+                "issuerId" : "did:web:localhost:BPNL000000000000"
               }
             }
           },
-          "401": {
-            "description": "UnauthorizedException: invalid token"
+          "required" : true
+        },
+        "responses" : {
+          "401" : {
+            "description" : "UnauthorizedException: invalid token"
+          },
+          "500" : {
+            "description" : "RevocationServiceException: Internal Server Error"
+          },
+          "403" : {
+            "description" : "ForbiddenException: invalid caller"
           },
-          "500": {
-            "description": "RevocationServiceException: Internal Server Error"
+          "200" : {
+            "description" : "Status list credential created/updated successfully.",
+            "content" : {
+              "application/json" : {
+                "example" : {
+                  "id" : "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1#17",
+                  "statusPurpose" : "revocation",
+                  "statusListIndex" : "17",
+                  "statusListCredential" : "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
+                  "type" : "BitstringStatusListEntry"
+                }
+              }
+            }
           }
         }
       }
     },
-    "/api/v1/revocations/revoke": {
-      "post": {
-        "tags": [
+    "/api/v1/revocations/revoke" : {
+      "post" : {
+        "tags" : [
           "Revocation Service"
         ],
-        "summary": "Revoke a VerifiableCredential",
-        "description": "Revoke a VerifiableCredential using the provided Credential Status",
-        "operationId": "revokeCredential",
-        "requestBody": {
-          "content": {
-            "application/json": {
-              "schema": {
-                "$ref": "#/components/schemas/CredentialStatusDto"
+        "summary" : "Revoke a VerifiableCredential",
+        "description" : "Revoke a VerifiableCredential using the provided Credential Status",
+        "operationId" : "revokeCredential",
+        "requestBody" : {
+          "content" : {
+            "application/json" : {
+              "schema" : {
+                "$ref" : "#/components/schemas/CredentialStatusDto"
               },
-              "example": {
-                "id": "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1#0",
-                "statusPurpose": "revocation",
-                "statusListIndex": "0",
-                "statusListCredential": "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
-                "type": "BitstringStatusListEntry"
+              "example" : {
+                "id" : "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1#12",
+                "statusPurpose" : "revocation",
+                "statusListIndex" : "12",
+                "statusListCredential" : "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
+                "type" : "BitstringStatusListEntry"
               }
             }
           },
-          "required": true
+          "required" : true
         },
-        "responses": {
-          "403": {
-            "description": "ForbiddenException: invalid caller"
+        "responses" : {
+          "200" : {
+            "description" : "Verifiable credential revoked successfully."
           },
-          "200": {
-            "description": "Verifiable credential revoked successfully."
+          "401" : {
+            "description" : "UnauthorizedException: invalid token"
           },
-          "401": {
-            "description": "UnauthorizedException: invalid token"
+          "500" : {
+            "description" : "RevocationServiceException: Internal Server Error"
           },
-          "500": {
-            "description": "RevocationServiceException: Internal Server Error"
+          "403" : {
+            "description" : "ForbiddenException: invalid caller"
           },
-          "409": {
-            "description": "ConflictException: Revocation service error",
-            "content": {
-              "application/json": {
-                "example": {
-                  "type": "BitstringStatusListEntry",
-                  "title": "Revocation service error",
-                  "status": 409,
-                  "detail": "Credential already revoked",
-                  "instance": "/api/v1/revocations/revoke",
-                  "timestamp": 1707133388128
+          "409" : {
+            "description" : "ConflictException: Revocation service error",
+            "content" : {
+              "application/json" : {
+                "example" : {
+                  "type" : "BitstringStatusListEntry",
+                  "title" : "Revocation service error",
+                  "status" : "409",
+                  "detail" : "Credential already revoked",
+                  "instance" : "/api/v1/revocations/revoke",
+                  "timestamp" : 1707133388128
                 }
               }
             }
@@ -133,144 +180,144 @@
         }
       }
     },
-    "/api/v1/revocations/credentials/{issuerBPN}/{status}/{index}": {
-      "get": {
-        "tags": [
+    "/api/v1/revocations/credentials/{issuerBPN}/{status}/{index}" : {
+      "get" : {
+        "tags" : [
           "Revocation Service"
         ],
-        "summary": "Get status list credential",
-        "description": "Get status list credential using the provided issuer BPN and status purpose and status list index",
-        "operationId": "getStatusListCredential",
-        "parameters": [
+        "summary" : "Get status list credential",
+        "description" : "Get status list credential using the provided issuer BPN and status purpose and status list index",
+        "operationId" : "getStatusListCredential",
+        "parameters" : [
           {
-            "name": "issuerBPN",
-            "in": "path",
-            "description": "Issuer BPN",
-            "required": true,
-            "schema": {
-              "type": "string"
+            "name" : "issuerBPN",
+            "in" : "path",
+            "description" : "Issuer BPN",
+            "required" : true,
+            "schema" : {
+              "type" : "string"
             },
-            "example": "BPNL000000000000"
+            "example" : "BPNL000000000000"
           },
           {
-            "name": "status",
-            "in": "path",
-            "description": "Status Purpose ( Revocation or Suspension)",
-            "required": true,
-            "schema": {
-              "type": "string"
+            "name" : "status",
+            "in" : "path",
+            "description" : "Status Purpose ( Revocation or Suspension)",
+            "required" : true,
+            "schema" : {
+              "type" : "string"
             },
-            "example": "revocation"
+            "example" : "revocation"
           },
           {
-            "name": "index",
-            "in": "path",
-            "description": "status list index",
-            "required": true,
-            "schema": {
-              "type": "string"
+            "name" : "index",
+            "in" : "path",
+            "description" : "status list index",
+            "required" : true,
+            "schema" : {
+              "type" : "string"
             },
-            "example": 1
+            "example" : 1
           }
         ],
-        "responses": {
-          "404": {
-            "description": "Status list credential not found"
-          },
-          "500": {
-            "description": "RevocationServiceException: Internal Server Error"
+        "responses" : {
+          "500" : {
+            "description" : "RevocationServiceException: Internal Server Error"
           },
-          "200": {
-            "description": "Get Status list credential ",
-            "content": {
-              "application/json": {
-                "example": {
-                  "@context": [
+          "200" : {
+            "description" : "Get Status list credential ",
+            "content" : {
+              "application/json" : {
+                "example" : {
+                  "@context" : [
                     "https://www.w3.org/2018/credentials/v1",
                     "https://eclipse-tractusx.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json",
                     "https://w3id.org/security/suites/jws-2020/v1"
                   ],
-                  "id": "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
-                  "type": [
+                  "id" : "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
+                  "type" : [
                     "VerifiableCredential",
                     "BitstringStatusListCredential"
                   ],
-                  "issuer": "did:web:localhost:BPNL000000000000",
-                  "issuanceDate": "2024-02-05T09:39:58Z",
-                  "credentialSubject": [
+                  "issuer" : "did:web:localhost:BPNL000000000000",
+                  "issuanceDate" : "2024-02-05T09:39:58Z",
+                  "credentialSubject" : [
                     {
-                      "statusPurpose": "revocation",
-                      "id": "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
-                      "type": "BitstringStatusList",
-                      "encodedList": "H4sIAAAAAAAA/wMAAAAAAAAAAAA="
+                      "statusPurpose" : "revocation",
+                      "id" : "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
+                      "type" : "BitstringStatusList",
+                      "encodedList" : "H4sIAAAAAAAA/wMAAAAAAAAAAAA="
                     }
                   ],
-                  "proof": {
-                    "proofPurpose": "assertionMethod",
-                    "type": "JsonWebSignature2020",
-                    "verificationMethod": "did:web:localhost:BPNL000000000000#ed463e4c-b900-481a-b5d0-9ae439c434ae",
-                    "created": "2024-02-05T09:39:58Z",
-                    "jws": "eyJhbGciOiJFZERTQSJ9..swX1PLJkSlxB6JMmY4a2uUzR-uszlyLrVdNppoYSx4PTV1LzQrDb0afzp_dvTNUWEYDI57a8iPh78BDjqMjSDQ"
+                  "proof" : {
+                    "proofPurpose" : "assertionMethod",
+                    "type" : "JsonWebSignature2020",
+                    "verificationMethod" : "did:web:localhost:BPNL000000000000#ed463e4c-b900-481a-b5d0-9ae439c434ae",
+                    "created" : "2024-02-05T09:39:58Z",
+                    "jws" : "eyJhbGciOiJFZERTQSJ9..swX1PLJkSlxB6JMmY4a2uUzR-uszlyLrVdNppoYSx4PTV1LzQrDb0afzp_dvTNUWEYDI57a8iPh78BDjqMjSDQ"
                   }
                 }
               }
             }
+          },
+          "404" : {
+            "description" : "Status list credential not found"
           }
         }
       }
     }
   },
-  "components": {
-    "schemas": {
-      "StatusEntryDto": {
-        "required": [
-          "issuerId",
-          "purpose"
-        ],
-        "type": "object",
-        "properties": {
-          "purpose": {
-            "type": "string"
-          },
-          "issuerId": {
-            "type": "string"
-          }
-        }
-      },
-      "CredentialStatusDto": {
-        "required": [
+  "components" : {
+    "schemas" : {
+      "CredentialStatusDto" : {
+        "required" : [
           "id",
           "statusListCredential",
           "statusListIndex",
           "statusPurpose",
           "type"
         ],
-        "type": "object",
-        "properties": {
-          "id": {
-            "type": "string"
+        "type" : "object",
+        "properties" : {
+          "id" : {
+            "type" : "string"
+          },
+          "statusPurpose" : {
+            "type" : "string"
           },
-          "statusPurpose": {
-            "type": "string"
+          "statusListIndex" : {
+            "type" : "string"
           },
-          "statusListIndex": {
-            "type": "string"
+          "statusListCredential" : {
+            "type" : "string"
           },
-          "statusListCredential": {
-            "type": "string"
+          "type" : {
+            "type" : "string"
+          }
+        }
+      },
+      "StatusEntryDto" : {
+        "required" : [
+          "issuerId",
+          "purpose"
+        ],
+        "type" : "object",
+        "properties" : {
+          "purpose" : {
+            "type" : "string"
           },
-          "type": {
-            "type": "string"
+          "issuerId" : {
+            "type" : "string"
           }
         }
       }
     },
-    "securitySchemes": {
-      "Authenticate using access_token": {
-        "type": "apiKey",
-        "description": "**Bearer (apiKey)**\nJWT Authorization header using the Bearer scheme.\nEnter **Bearer** [space] and then your token in the text input below.\nExample: Bearer 12345abcdef",
-        "name": "Authorization",
-        "in": "header"
+    "securitySchemes" : {
+      "Authenticate using access_token" : {
+        "type" : "apiKey",
+        "description" : "**Bearer (apiKey)**\nJWT Authorization header using the Bearer scheme.\nEnter **Bearer** [space] and then your token in the text input below.\nExample: Bearer 12345abcdef",
+        "name" : "Authorization",
+        "in" : "header"
       }
     }
   }
diff --git a/docs/arc42/images/SingleInstanceDomainView.png b/docs/arc42/miw/images/SingleInstanceDomainView.png
similarity index 100%
rename from docs/arc42/images/SingleInstanceDomainView.png
rename to docs/arc42/miw/images/SingleInstanceDomainView.png
diff --git a/docs/arc42/images/VPP-Flow.png b/docs/arc42/miw/images/VPP-Flow.png
similarity index 100%
rename from docs/arc42/images/VPP-Flow.png
rename to docs/arc42/miw/images/VPP-Flow.png
diff --git a/docs/arc42/images/VVP-Flow.puml b/docs/arc42/miw/images/VVP-Flow.puml
similarity index 100%
rename from docs/arc42/images/VVP-Flow.puml
rename to docs/arc42/miw/images/VVP-Flow.puml
diff --git a/docs/arc42/images/business_context.png b/docs/arc42/miw/images/business_context.png
similarity index 100%
rename from docs/arc42/images/business_context.png
rename to docs/arc42/miw/images/business_context.png
diff --git a/docs/arc42/images/issue_revocable_vc.png b/docs/arc42/miw/images/issue_revocable_vc.png
similarity index 100%
rename from docs/arc42/images/issue_revocable_vc.png
rename to docs/arc42/miw/images/issue_revocable_vc.png
diff --git a/docs/arc42/images/technical_context.png b/docs/arc42/miw/images/technical_context.png
similarity index 100%
rename from docs/arc42/images/technical_context.png
rename to docs/arc42/miw/images/technical_context.png
diff --git a/docs/arc42/images/verify_revocable_vc.png b/docs/arc42/miw/images/verify_revocable_vc.png
similarity index 100%
rename from docs/arc42/images/verify_revocable_vc.png
rename to docs/arc42/miw/images/verify_revocable_vc.png
diff --git a/docs/arc42/main.md b/docs/arc42/miw/main.md
similarity index 99%
rename from docs/arc42/main.md
rename to docs/arc42/miw/main.md
index 67422f20..da8faeb3 100644
--- a/docs/arc42/main.md
+++ b/docs/arc42/miw/main.md
@@ -89,11 +89,11 @@ with other DID agents.
 
 ## Business Context
 
-![](./images/business_context.png)
+![](images/business_context.png)
 
 ## Technical Context
 
-![](./images/technical_context.png)
+![](images/technical_context.png)
 
 # Solution Strategy
 
@@ -114,7 +114,7 @@ service using the following technology stack:
 This diagram is a zoomed out view of the MIW and the components it interacts
 with.
 
-![](./images/SingleInstanceDomainView.png)
+![](images/SingleInstanceDomainView.png)
 
 ## Overall System
 
diff --git a/docs/arc42/revocation-service/images/business_context.png b/docs/arc42/revocation-service/images/business_context.png
new file mode 100644
index 0000000000000000000000000000000000000000..61229f67028a0b5f5b9f59ded5a9636e80c9de9e
GIT binary patch
literal 255837
zcmeFaXIN9)7B#Gh5=D_HMMM-qMX4f4Z=wMkpwdeKMVfR7y(1{nE%e?M2neBuCZM2{
z(4+~W3IqZHq=e45w&$FC&v{?D_rB-;`F`AA@{q9h-fPV@=a^%RwS93<QU1uGlZW=~
z*>mL9%^MH)?4dE<vxl-Db^!dQ+uCas{Il2YfxPUVT->RtJ$qR9+`4g1#YuMtPxS_A
z*e6V)qUbmtppt&`rJ_tgGF2F-Ds33&gZ(P9bF2ul8!lEp7kwib(;R*8(WfnT#NLcN
z=2B%pw<ErmD2iznbxjl%u)9!3Dk_+7k+9HnO?3Z(Uf!BW&~J|7H+aP+<F#im1tpA@
z^>6)f@!Vx^YooIqPyg-!zg;%k%Q}O~`@gvn)_bxtA{feu<iGtWKksDZZtH(_7cxn{
zUe-njxvwAmn-lumeAGrK{1=M?#*jI<ccl54#<OF;jrTVv#aBRb-{1Vx-{Qgh7)5RL
z`S*v<|E=Kq<KAJ$E(iX*_&QJND{x1j>GppW>$JF~!~fN)Qr?Eaj3Yi=dGlX|7;D@V
z(;qYQ_ipD6EiI1Q+wkIl6=E_XodW;Ws?uIO%NnOi(RA<cXCE*PAaNM~SF8HJ#POFP
z`d{MsOEmoliGx*1e~HjOHJzQO$X78htL3pa-r1IX{TlpVZ_*DU+^lh;G($R(a(}tv
zU-E6+B88s&vg$W;OiRbpqf#Ocn0-ejE?ZP@tw>gvvHY8yn4|=<-i9we<1a)0b<d6k
zeE7tu7e^yTNaBrL91Y~l*t_pQ5Le`s*uNVbl-tg+zYg}->m)H#P@S@t!G3>r2b(kB
z$d!jOP*wgnWics!zpp_58cBqC_uM4YPd!u6#5;v0<`Pl3XyXLY;FDLgW?M;K;QA&U
z-g#B)oUVyd8#5TwwxnyO+34ci%6It@;w(0C64YdyAH~><zs@*>{h(&*$`tS4{n{T&
zxoAg{%SqVm&i%Z_y^p41%yO9=`M!mN#ZIE41iuMHwMvqMkZYOJTc%=LOP#Lz9Cy?X
zS(7FHvdjKi0K6x_BE{MX1pf0^f4%&Pqx&sON1iPW*tMpoM`&^KR4#RF$qv8ZNcb!k
z=04{-bm#iB!&9h<k|7Uq_tlZ-rmt>Yxb<2|$~gwrajWx#_rCshtkgOo6*X5$&gju~
z<!QNGci5EBmTdaXG;_97AP+pvRDQ#0BI;R}nl?|o9ZuBUg*Wy%c%bTo-0we7Om!+r
z&!T2vSovY(a@-zr0;cH7UvKe`Ko9B%)qZSc%ijL4k?_y>mI<Vk3po|-u^2lPgtQnB
zS67rj?ff{#FhcXt9PQrM{08-Dq7zZ<Et2E`)2w$HoDwB2!&GP7!bqiKA%e?al`}!G
zN*p;U__j%_-C`!nAcSdy+{9Py7GqP-)Y)*xGw!s<>d4Zd>zsYG-BP=Jrrzc#qe5af
z2Zz-Bhkd587R6I^1JREHE*0cHfp^SgAL>!pb1&*#0Uv0JO}|ZDpT4;Qpo&a2U6lJu
zUwNEs@B4?QC3pv7WKX9aO-p6<z@^D^zl?crhvT$3^Ahn<iCrIE`;d9%a`zNYd~OC+
z3_CDr--9$=pUSjyngCBAF<aE58()9qjFg1M`<eqsCe@DmD@OHOl;C@1^y3UtgN1G%
zSCX(15~N6K|H4lZ)$+B^I5A!gBnP96mEO4aRQXK9NTiVPJ+W4a#WZcJ%A$r9%R+12
zhJ4r$QrToeaK^eQv}h`@?|zgZ3T9DY^=+oF?IlV2o0<N4Kb*(}o3UZ4pE$Z(F7Q@^
zxoxjanhrWowjiH;qF2AmsO$7F#=7>PndS0wk6tDeu)-Qn!`@UGvn4}S^ZYw&t)3an
z-P(Ect40SDh4HAV<mabv?>lgqaAhlyuj=L*_oe$W4&O{WZyZ<n+WbSIWvxMa`(?MD
z=T?jz`+KpewAVsK4vrVxH)czwsH9h~MV=248TBt5kI;57HnroTOlcwp3lBz(iblEp
z_@eAvG%An|qdieV`9s#H{oT3`HSdWM-olpLXRfh$+J>{gUP=#k*0??^%kZbWf@k;h
zZ5K~CHD1b01B+NPv7qZT;zu{~O3S{1#W78EG7d8`j*xGrSJQZC-q8H)IF?`k>)ZRL
z6Vb+}%WFM%Hiim^JT}sax#heY<uL2hsJ3eg_S@zY8j-p#rr$hww#*cRUFp2r2XmFA
z*3R*i4*MXBEgDFvl@^^@TZ7<p?yyZzZ5*@;+9z{WH?*Jc@g6+>nff3vruoVg$c)6w
z>p{=OZO$CE!rr;?>qm?LK(yGmoo%;Z{ZPtn4VE(v>_g1Nc{%@ustr<hpXB29#+*{D
zCDycMO`gSG1u9D?k9jP%2>Z##9btTOSwG-X#!Z`vYfldZvy`<6^{4e)RaZ7OkA;Zy
zT2w65<M9O}n;@ix@GeAj+1UD((#39VtMs$ipP@v1uJ-7>X3#dzf7W9tW8hs!BhDS~
zIOtrqFEw^zbFp>E3C<3(yQ{a>kPS6Y;XUm3I<bFyb8FdaV1pQMXZh<0HlYF;-Jz5k
z_sdy;_CsOOhj#fh@i>vOAgpo4$~UvlltA7X@rfTzd`hmfMd~eU;1S%#K=z<!y73&>
zaN0Get@p}Pwy?5}+g#~I-CA7ef<{i$j$0fo;+49kg1F->hg}Px;)C5=Q8n{mZK+c!
z^J=$7YSZ}hK5k5N$7}AfmT%xO5!lHDSKB<t;y$B0?D8RZJMRj#IE{_S9t_H+0MTv_
z3QL(S-yA4!w_Ym<_4OvY&(}~*N$;#FxlG18KG>YQbs_rPky9d<H%I|C3)}HevfkCJ
zW<}^Sk|S)jf_`00>IJ}bEX+JB*ZK8yfs|h%<I7=HwKjo0?g?`A*O^@B&4q@ZBbOtl
zHl6B@2&ct6e0#TvNPE)_Qivdm&?ZP8u*;mvOq6n;6d$^E{O;vzF}97D#Qk)$7>68(
z+&e*1iYPa>@)fYcPGuB=RsBwqcA6iiLvnJ&S=VOV#fndXY^@M$RplIMnBcj+)~s%?
zH{5ppr~;#o^|cni2#rTCP+!hReszCV?s<rdmbI;uLeFghu|9ItGpbwx)fzMmrB9tz
zM!GmxQkiL&s`~7d0eNG&jJ%;up!jv-N;(P>+Xn4W_io`YvqS42@`|r&^%1@f2ln$+
zh&bsp%ki38*op2e7rVuY0q4p1sgdVr6jS9x6+!&##n^XicA`2JA}=Jm{aBj8v}RZo
z_g!$zCj2;I(AW(gF@Af!r+Pw>7;HV!>bbqRH2n1F1WEeQNB=^Ak0L75B7#Fh-c@hS
zT8X0>kv9`vrr$-(@>lUKt&W9eg0VAs>%dltrxBldzYyQJe4J476BxRH%xYUlYSI1L
zEYKP!7ksj7W@+KkY4XCTQ2EVYFEZg82!hieiv)jN!@&&i><0l5OE>a`%^nmWL*yl{
zY<3w<D-W)H=ZeJiTcme3r|OxlxNVt`^-G2#7~RWO%U$Y9#)<9@$~|ARZh`RBjl8Fi
zaw-RVRJ+K}{=w}~i61w`R)?Q<f*SUc2p{==;&{A1{a%V$4%(q~tLiO>bub+T(g308
zu6Q=^(K-G2!lAtR!%I!Qg7LKbQo9;oe_r?4V4h`U-LG@9j5HlBZsxgg%gfyWCP<M^
zTgyG2AU|rG)NPT6q-O!9h_9DxXePvI=4mmpuFZMw#4><X&f5<qt10j?7mB6p>H3v8
zCgi15aYJ21W=Bd*Uj}c*hctr_(F^e&>r?S^+uu2)Z^6H*#P4Sl*#seBgw*ATF-hr=
zFsKjug6&KIi&uu9-zIzR2rEb|d`$0Q(c^Ffo9YtjOJS#C>;<q5bPfF9_m<C9#U7wJ
z6?Gxjyg;|VN6wvN9_*_Oq$B<+-eY67(#4;^=1xd{zA~LKTgXIqz%t`x{|T)Ayy3^P
zysRfmU5t^8yDsrDZvYXlT9nTg`*oj`aI!urYWp}df4SC=WuG<^&W(sJ=?FV}9UDhZ
zdP;K}1OYOc`1bTy^^s=bK__+|P-n`FbuEgzI>6rO{JLCd+mYZ(iq0(^4N$yeng5Al
z>N9(&`MA)QB^s)BKTAB+8o2-@QjqHe_SI-FF$!!DkVDaLYWZYc47s|&_Sg;wS*1u2
z6!{EI<M^ux4%KkJc@Wr-b>aH6t3&N&?^9DSq-V^QQI$k3rmvgdUn@afQ52LnW|SnT
z!tqLD_>$Gpz|5_c{=C+w-3jpt@KsPMJJyMLdKjWbwnMNn1XdKJH%E?k>e#h}Z@u#Q
z#Gsv{+C(n5FC~|2Pki`wPH0ntQpQxUo%yeK6-b?ql!{Vo-%+&(Ip_w>f3NqrdQSjD
zO<y7yOhrn<N19=^XzX+ra;0L}hq?o_L<95O&imFm<JO)_Z=NN-ic*I+2YDIk^+0=_
zRI!LtZ0H4<rW4eY&K`N<@)r9==O&(#G-6)0l;q}oo!`ok{?j8J^CNZC!B^jw%AlBn
zFHf`x55?IhxPv`Otsu41YtRWI>Vb(l`r5)^AWf#{M*q+Q6b<hKcy};nI!*INwrB9#
z#?VfJP`^1Q;*86?^oZMcc*`C$d<dHBV=|7*A9r1v++RkXET5d&Woi<kHnS6NtG4UZ
z^z8Ro2-Hj4AeHCMSHUk1xGlC|764p#6B~b{d=eLY+1OW1`~Fdhd6{ocW5MOz_5j`)
z<3Gl{gUOz@`3Nsl?g86CwnxKZ2moDUmSri>Sn(>eH=pbgUHEuB5?MSx)}vt%oWrbd
zh+zBx)u?gTqA?#EPqt0Rsq{!8Jk#8Gq@E&Fp2T%^L*p)CJ?a;kk%-hz3sh+!E)mlz
z<yum{RSDAGRG#OS*$PKDulDulGzyGJ)crowDKOuPj(B@@sF!_EVHWca6z2>*2eD0%
zojWVZgRzx$dM;DxGx79z{pt<;oKgI#NIj3Wnd&h!#7!~?Z2J;E>4X-Tojk386kp}?
zc4*Qfd#J>#)2=i5OCSu=b~Y!aO+R?;?VGd@5uLaRKNh@Gti9|=c34E6-ep$r-2n|a
z=Gw1Q09dKFXKDA=fCtKZqeN-LmPEHVgfOj|rp1J-7<tBQ`_#Mrz8&ZkFWJWN8h{-U
zU-<FZo$olFW4NGsO-hL~E`(&kE*0f;2(2ACEm2C+%&l6VF6_4~9}i&?GS_HHylU@_
zk1G5?L5(^Xrgi{To{#ER3~v1dGHaqG$SX6NbC!skHYqPIOp~tQ6Lz3F1|eRkMV$ie
z=`D~%?tC+fwdf#Mkt;3pSf~fw$@nP{^TZC*B9{f{iD(WeLr+ag?>HyB54p}&n$N-v
z5achUuUDG5U-OpF6v*BIfh2sXnJvf}fK@^I1Ly&hkN$AKp=dvv-nyr3zRsY($|T&5
zV`R%4@Cf87zDaf3Nxww=sobi-U@$c2%9J)^N;53+^2RZy898Q)0BI%y)b2M^eOyuG
zVJPQEvJNE%fc4oW&~ByQ;)oX{R-CL^4+*fuLRqn-72f(S>Dp6lrDFU3s?8rwblxK%
zmc%7@HW%$P5!NUWw-(cDM@pPRYA<)MO(}V5E&1CwEUS|vbSe<P1}9!Je1~AhD{RH+
zT|VFAy?vfGzKzY~L2*i5H{by@O84REl<&Sw0HC3u|9eO^$bg;Ks93&E8N&xa@8^mw
z+J+JeGba~V-pk{v>c}qB9he}x;z#4vR=S!(&|zODPr?re4eRKs`#xdYql#?jFEV+b
z+h^v#=OM~4c$i48-r4$z^<doykt_}_>}NUQKD91TBno&#B~{@%ZXn-aCJpPEjC0Bq
z;vRxhPWrL9YA&Y__=HLGb^p1l4NIuE=~NKLt2_yY@yjRW>3$#u3E*zZpK(XMvnL)I
zGzgXKumTC{84+>uvKXa2W1E_4#lE_7X%z|O>h-R?lh0N-^UhO{CKEk9l=s%bhUzCP
zyT$oixy264GmgVf^ti5MPkMlcR8x2uCc8aMCH=OqOQ>pc6dA^NH+a$(UDVweu}w$~
z{aFvlnwp^6V7yFG%#t(j>uk?>lQw<43tGQIAZ3ffOD?&2+FnU=`D-Cgj7T@gD~79|
zd|P0*0wV9#1}|rY$?Z#|hm=KQmB-_eW~$|7k!5lQyPyx5a;V>GinpfOWi!hp%~FN{
z1_A|o#EAs6A$KyGDIlQjA?h`kGWyU37Q1GCO~%~DfW;dp3dEN|OUzFlr>352ZRA@T
zq3bfmyT~R&cebg*GGVTI$3x3J|C4QK`L`$8hDeeAWVR2ld&bRI=SNJR9uXqsv&)@$
z0+4(&g-SU6NFG;SMZuIi6fxZAPT>{UXEc%RBL%ui#h>fpRm>vR`Y|A=It4rLz8)12
zYB*&_7p>*e3}PylMtXBTe{ob(a>Vy|hhx=ZyrS9GIG^V&(D^8}EVD;3v6#jltdff&
zMOJSb*5Lw*ghIoteEAl|0_BE9eOmGFO3y542D$Qs?`MMkFn7dWj#VV#DeR&{=A$9g
z%y=Q{y>gjttLEhA0c15wV`lrN=JE(az{&UvfzQtCfrXo4;$@ye54uA99+Yzn<_#*d
zJaoq@;H!Bwb<%6!UmMg#7Ig>Wuq<;g2~`!HisI?d&v=M1pC)^RtE%0~&Z~0KvMd`H
zle7cXMsIyFac97=52WofqkDzntu20xx=}Qu-@`H@gXV@o&=$6BI_ZHZCL!yE`rSpP
zV&Q_JbJMVlo@{`8i_rtr-b^=kNygvq0crAxRRH_0l(0J=EekqA>&d$Tuj`al@<AtF
zGH5=2nL#1utnLVMNYS~pmDr)p3&E#E3pyE~j<nl5Pn_O6g;1-C46coat4ILQWLvV`
zKeQdepkrObD;>DlVE?@<aeFDVu=WraYVv`W5IKM=_a<nPj3bvJq*6HOLM$>*oc7Bt
zn~32y30Du5S~p>E<J1QE&Z2vNUg}eA-;B{JRfj7<inf3!vmZ%kH!lH6E)z_R2vLG5
zxzz>9O3kOEudk!ztD3#<b|lh4v-@FT>NX&G7_jPqSTy@)mREUbW^?E0Paenq@Qmdr
z0kth>f3mXgH*kG)ZIczii>3>o7?r5G-^+BTTLb9NCsAUnkLFD+VqgZ?l;OL!NwQxD
zs0^|DuPxSQD6nKia&)aXM~cd!FhR8DmFu8c?*xD`JcZgSn^UR@K5#}1Wzup!)odD&
zYW-7_@I4`|9`Xo|W+!PumzB{)$F=duOu%zLRvwEECU+hdXud}-=k+)%>sy@7h1F1_
z%GNgQ%vaQ%oHAPRCvGo<dJb4Wsbn=l%>+9dzg(Y)wJM;g9_c1jeRNsStN>k(I1fIO
zgvf0_vCH;u%LT;ftc!8nt}HJ>*&9?iVGGcCl^Odh8nwTe@ju=FuI3Lf0DFjuCSwC^
z>&A(~a{BmFsi_8rSNr|4ZG#B|#h|N3iRxBb8&!Ilanqg6gZLCpf!Z|TAve3o>O@dU
zJBN0*$@vcxNm}-f+ci{Y;&`!y6yByAG8bx1_$rqkK<(E9-{?`L&AHX%EaZ$h+s2$g
zBxQI?pf05|)R4%^e*?+6z}i|Dp<X@B>xf`DGH0EaL%2}3h!YRp%09D2kUvtM|7lon
zXT9f=j~8^kKy&1iyAsN97dOy%VZt8zZvEh_Zviw9(qjn#PATGJrsXdjiD}?B7;CD}
zSBk-(R(F7_b-bE)@SRQ>(>IK|f`vg{#gSRIx6CzI!uOLSy=p4Hh%xuBw-5tSh<E7k
zn(^s3@hIQg1OamAIg5kFoe=stf)<%QVGc$ie<GiQQ)&`k*h+m{US<RAUSgqzeaR@&
zq3=931;aaKCCRI33{DL3EQICw-f6;JB+^jIGhJx2y2kK&!}5y%9`ixR>&tO2Bh9N-
zfpd5Qw{{+c%X7*t?K#G^?AQdEM}}d|>S}sr!ghJhza|txpL-54ii(bPn!A?tVz|HM
zLv^IRD#<yeT%VHTwCCnRN6l+keH^Ht$Zko1lOIsBlq*9`<?KxcBwuQiuH*De`O~+g
zH~Lz!-1qt7oIx7P1Wi@OM6vTovr96jg2o45mO;V=zklLutfdM!3cNQ7z^0Dy+p_wT
zW?v7F3igW%@L4mC#EX+k4Q9sa4;l*{ujd?7XBjxM1CS%1<BN(#IpYto61mJWf}AE^
zGIvl@Otvo=$9(qP5#fRNmX`&@j@B<8-`fdcDb12vn4PNQ`b=;3I_6l-kP8c~_=F_H
zyJtijJwbhcAe~3HoY61=4NP+_aqKqz5fUPdU$)2Q46%~=N#$G~fFp&VMTmS9ILVrj
zN+@QE*JuCS|CTMu4Ya)(2QNe=b+%QIWl#YjmX-Gxg5)k%ntbA;_P2~Toc7$F^n8HI
zLg!wIKi4$FXpqWoZRprmu?80l4f$->D(SdFP0PmW2@y#H)1Z9ad42cFEqtorH{mMk
z(IIN*cq4X#=jXG}QBx=_v$|D}K9HI^U)|yD8?S1JtFq>EO$_4Lg+rXZ2-Y^l@l*7!
zYb!<XM8-RI0&y+D^;u)m?ZX<T>ERuK?baYvz_BlQAMs~mM~$Hxb_lI(cF(th&FMZ8
z@M=miU^THt4(PVWmGcT{nkW{k7c$=fKlyD+2ks>fzG2tu0!GdR*tAl+r@iq@aBf~-
zB^w=-Yx#K!KC_kGxk1Z?wNmRDu6f$|`6c@uD{+@4!b~*O;A5NJf&NmzjR%cbBAbd@
zUP`Qigc;l`&M3z8c4B(F@AQTqzAMkx1C<-ZYHx_>sfH!7Sbx|%1?Vfg)LF4Dw`jwN
zTkXhP-A~4sYi*s$91{q}=EYWN=@Nq(fY1``V}e@E>=AAJ6rtfoAW0e{ZxB^|Wm37!
zd<%Y1=%(-4wz77k$!>j6iGyG_Kt2g{4|`XwJagI3ZaOi3OeFa9--qxF)Dzl?>vtbo
zpRmu(F=VV+B?Rc;y#=HiK(%%jBj#YH5BRd1Yv7ZA07gI&5R0;zJmP~~!9Ko4xHZ5Z
z(2)+EGP}X?*-1B>%O@E@@x?H)$OTzofc9h1x`=5eQf`8jo&l4b@XI3ZZxF|wIJ*GI
z>zpRntaV9;X8s1$A(dzMH)E64qRL&i6~$-2rYjp2DO;6CRw~s4o$Oat-`jy6=s`W=
zV>-WXnt{lacrXqK9aFsqp)Gi6>@$drG4ON%y;wR(=s9hg>^HB1T|e<Gyc-Y|5HMuW
z%Ir?!NOZeGtk6J0d`ihv%`={xHVhBm<q}x6SiA!H^NmqkS?WinR`oM4cLJOc{}WSO
z0t(@+_R8FN&V;8wrJ)eI_~xvAG4SD7K(X7AC4lr*kfhWX;MLx7hc8|neI;(KOI<G=
z5b&aS&|)1a@uz*{rslD|m<W|k!BcvVKlJE%#!mo}n)f<atHxSg#rz}6j#16ro&{c<
zE|<<4c&hYwnF-hl8#1_!nB-O%dK<JqjkA{h`TA(<AAoDypu^K}amhNtw_QQ+!2AOt
zbA=*dLG%eC9*B8U0HyO5s!-OY+%c`#Sl31fj}jtIkSo<bxrz@CIn&Q=I?-fjue+v=
zO}5(<-JEQKEs&~rw(X_0Aq9zn^0btjQwv63zIoMe9}9g=Gt5Ly%~v3GpKT@X6=*?_
zElI=s8Fkv`%ad%YH|DCPEdV`@#OXN1v$bkfD61juyJD*K&sNo?Fk4p~|G_!Yun3PA
z%qD{FL|e<cW<T?3_A2tD;0kNEhVQU&(CiFOfxfRv$`P(&p#o0|AumH*zlq7p;vk9-
z#k!k2PDUCIXiE;^M*dwI2cYc0{of-fDb4KD0`^=t>>UApm=%Ll7X8Guh&_se2(#HH
z$V*Qbcu<!75Ss`uo36mAx7Uy$ein1LCBF!(CbiUd-Siog5kZiz_8h>HNW6RMn2DkF
zT-bG*Taa8wiUR_#Bq9>$kX4%ba8Q}vJ5$4R_=C4WiPQI&@*S-nE0_TuFsto!c8zK%
zr~Ze}S+IATh#vun(#v>Q_v~s#2}|IoMaD7DAFmTp;%S;(ahgQzn4Koy{F}+I@Pr^4
z<e)gK><j0;1PvmfG!@Nq^5u9vHRMWj2De`1rnScl=CMV^G3IQ7CNn;z|4}=svfWhB
z=T#B5Ai~)J;@`RFHPc41fPv|u!{0UAj}OS{>^C@Re-KTUK*e3<vu29dUX-$f`&0nl
zkEm;eVhE9W*d8!%UpndM1hpdk98vl{=4G%w5l3p|sTxWnSR4oV!DvWii0T?%{d;qf
znC8lj$!3^oL*?gepmb|s)f)O>jSXZSw3kP8NOG(6jvGT;4tdU>r?{6550s4~(nMy9
z!u#F%#paPyV3B{EI&uA1i2zWr>w&-$=vk(WyS2*~U`qiqsPX`ki!*&q2JD=wy07-M
zJ$>LpyT$v|v4?1qiDB(2=gD#ay*mNu>6(%UOsLv$Ha7tP-$ds5cO=>f#$)I~E($HE
zUG1&*0Ag~7Z4*zVYuX8B7Q%(-$FB<HN$m@Upi}S(;C<3wV-2xPLvD)-3<YbT@zD`B
z#{g;T@wM2H0N!+XVOFlu^-@UM;6fKZu=M9oh;{P#!HIQ|iz-(0FLS{GP!jDf$EL5%
zHKX#~XncPN8)e0OEwy8`u27r`({_ND4&``Ow%S|XdW2J!+6S?Ok<uObW{5u0>EjT>
zxE`=bJn=waw->)4wY@q9*)+;-K&no+J^ABtC2rZMU?zaz86tFSznrIT{la{LWgi(7
zxdEKF^VnF7!O;7x!z_+OT1gR6pHDwQ6U~BTKIqMa2DT!!EpN3?6{NDgbpfz5lOU#p
zge!)&s-jQwKf0kz=Ee%hneg!?F^$YX2&ccmTzGhXYL&DB5O4=nTE__sIrLLYz5Myz
zWO>wHq+z(~Nf$<zHUcBp$8s?bcpYe>qAJ;q<80~$L62#?x6$ds=nzE_wp(aXDuk2+
zI4;ZfF-IoGxi?P65Yw%IZr3I$u;9+^)*IA=-oV1m?o{xfIs89Y4T8J3R?QcYTc|GW
zhko?fQ=AlP+LmR8E&APm5MlX?Y|Y2Kano5eq7jwr6*$-SH8ao`bC#=+R$(DGywb3o
zNNA?Hn>#KRGVV<$IQ8C#8bR!60GBN}*wV5+IR~G0Ke8N_@~JW;!~{O`C7V#iu(#O-
zDaZBH86xqOQK;<PaCKc#VzWlEA`s#Q-B#y$J4a{Q)9nhrT*xl_4rrV=Kqo7mvAbW$
z7FG-z1LJG?FtKoSg=G}{E~sHw#d+xWX6<LtNSgoAg<NBsKjHmtTG8PTfweqG`&^jL
z>Sfh^pxIpJuIPKqHd77><*<1M^!W%4wppN;TuMl6<Sj-_Hk1-fPO`v=euoyj0bHcO
z3A6|*gBHu)TsLw|M5bbljax&|<kZLyP~bSIzsu1Us8Mwhw3z0~D>(c4F)qO(*HOOc
zTu8=&Qh%Rbk4wX3{G?;`1~MQwIy{_FgO6DyNbfOiB4#?ERmP1$OBJH20&tm<_uJ2l
zb2qA?UB8;duX2CdiUK|x<|F8}#X(!Eb*~G*7O3`k3qgROlX*<z&rADf@E|isEde6R
z6k@6HPLM7PQO=N=!p;-Gr@Tx;jwZ`QKn*-5a9&v+@w{9bbf(B|QSdhyRy_=TasrI3
zqK1|+6>z=rS>SLMmuxZ%OZ5+2Sc$stl9=q{R;dkhqeykQQGm^CuOT1B4Y<jd?0Nq-
z<(GR#fq5u4h1~$v-kc3vk^3M#O)8(m`F!YF#w2cWBiah?0@KkQO{z~7e~3lN<7^+D
zr{85}5QH=fN2?%zj;5C>_yw;RkFW#-o;tf652=WzfPUvKv_ySqa@}U5)nSPVZZ&pO
z<l-Xfp_T%zA1i$YeztoeA5L6b07QWhF%8no8Ko3a_&~3o1I*_4M65L`ouU!}P}01I
zxeMuXeOrM7h00yjt8xu(?=oVt#v9P|xWlm^@KUumK4IWUSJ1;pop%2IvQKZ)FL6-_
zP5&Uo^~_vBV;1Sv0D&zf+e9L;i~d@p)=;Z+>mxVyo<rLa&eDQnR?Dqpc&7NPfd?G3
zCnJxzG?Y8W+jn1bZRQ<wt*h*RUbx%-G`S8GRiTPYV59Bwm8B{f${a`n`8p%!*mjL7
zeYUtimsG=+#&EW*5i%ZOQDPN4+ZzoIoY|+!K?=#JT=|wg6&Sh*iRkeYjwQ^-<Byyl
z7OgtVi}2Puw<{FfMD#8L(e2AK8fGDGYRq?4lu=-a{;UQNh_8cyj<pS4sio$7b7=BL
zLpua>9np<A2j^CeyPU@}W_r)%H6a^XBY;NHakd<wXi*|9v-faCnC;*vgf*9s^TNPg
z(eXD&tn74Ih4Rcyd?!8DI}?R;_*OzDh4X&+*ur(QX=Hk^97lxtF0;xGIOA!k?<yRX
zT)OAL$Cd*E!j36k2XYxbXtf$&Z@<3`+RkR#Dd5a|(vF7os8^5!EDdlrMe}h9r!=@e
zsIQTpEN>UpMlV=~Du&|U!HBu}^(T=LZ`~SjK>Y#;)H2%!S26#P@{PKdX*#dj8|O2F
zpv0986+t@EI$)f1$!?I8{0#usPSA!V24^pC*#H5+cw`Oe$gL?{E1+@jU+RFT1naK>
z7~EwYe21@6kf&t8_DBOgQyVi0fqQs(7s-@h1+w(kY=|h|E?;16W2bOtspb@3hYU*@
zK!bYbD!*p}I010Aws7lMpcrAB*T6RJWDDf(IRAkG4`(0fHXpZ_bOpwaPQZir&b*4B
z04^zyGCWHU1o;PS8q(?2b@&0gboE=AhKW=z)H55D%c>~_CEcOaq&jj^#iV8MG#wtF
z(yyV5xCseJ=^;z66E`25zkO@_h_ZVHm<DI^rtRIh?DC*mMCU!GMZY%()_YYs(S1d8
z;tKE|#5|m=aIFNvXIzs7_1F`|kVwKHl9M|<ul|x`2V@fshk7j*(x`wQOHiC8cB&&a
zRO*}Q#`U9;g4Aqk>b_+L9+bBODbbvh4VW`{K6Rj<7+GG+6oqR9&fB4kcuqzHDF(y2
zLmh8pmVr3=c<&6Dj0@B`^k_(3qJF0&)b|*Xx%9czDH6~~0L(h*`3fvz>mn)%rHKo7
zReK<A&rb-VbPIuQ+Km)SXoBSH7Eu1m#zxC|=EV7=LZw%0jvituQ}Y*;+E~!cQg1K9
zVC~Fu)bTYU6lu=!mZ^c3A|Lq<U({ZRE(2Ia`K6axWl`$J46r`-TW_fCjQR{(TRGi7
zu$xcQ1M2gSTE(#M((&!3K-2r{tD}apRol^AScjs5A7Xpz*F&YZos=JbB&d`^Qkm!@
z6m1-^>S)<6jnqBQe61*U$q@}paX{5_7ijvrjcT!@P(aH1uK2=B4Rze2=TP9~FWE35
zxexg!UDG0ri(KX6-G`(<l>!GHUp#QQ9VrR2%*r>ai~%GcH5C^TecZd<I*UZmGE+pA
z2ZcBkCG-)_Igh^JaERWP-dU8^94<>8jh==TPRw>)e9T}s2oxE*y|`&C2r+Sc$DloW
z_7_FF&s=??auRU=>p(g$@Om^5%Qo^kSm@hDMC3P^Yf-^y-@(jzF58e^ajB<p*#uCa
z%I)8%>pGuD5OT0Y6EtEHwDR2F2cJB>!g!w;f70yZqz8~5E@E_&^NYlcNuX2eb2lj-
z)eOR=Id`=qMa72XK2+%<U}b}jhRrS1(UA)fA^95|JFyVm3z$)20$<g>?D7>|R67DP
zuNq8tVR5A^Ftj`*C|;UCSQp)A9A3@Y`4L&&Jopa3mKz)rJ)%MsKR;K?Zq8hNDw)2k
zlY|yYy}AocBO?w}x8gCR&4pcXnoLp;<sgtKxgRU@<p8ITa5^Y&dFjRh!|i~E>oaUo
zRunyt2Ap>~Ig7putcS5yw>JqO^wwG}Lr&}|QgOd!8Ov4nJsR1m`jonCy~3cokLb%)
zZx{snBIHf|f)}VYgn#C;-R7&_yh6QlLmpcZpl?m-E6$1Kms4-3$YS&fu-5g>hAfY=
zijZ6mRLkf?!4`r9U_8OqzJLHjYO*Hl6|97sV|m~U$WRzS6We7EQcNbHwD<n9&qw|X
zQl60ZQHS~NSIH@zT14Rn=gi&C@%5w>-&xM{H1uSPJ9QNZn3+Ho7XBn~yrwvTM8`bo
zFQe;gw1}lrOZ_Nt8h=gueqQB@R(EASw*2AXw*{I~5|+5mox~I`4SLFvn2`zroCrIB
zGFoVTrt*5gJt?Ca(Ydg9^^#ou3WB*KAQv}n<-U*{6`<Ywk)X!BcN+5QUd`hWtLY{d
z_w)11zOfnNGy~b^t@E>rBa2w2`o0k0V~&{&q{+X-Q=}4^*x-22km?)o&4^o+jYk}5
z_~ZpPn+V>ffn^F%54RTrX-2CT)`G~gZn}(GCdu4wV!$lmNEG#NeT+I_kzwb+wJ%0;
zYLJKZ^)B7F3^O%|iG>y$!Chlwa=#iVM_2%<Z_|%FS5v1v%C*mtg(!bnpjOY2OYGjn
zesN&I2<4VJRuc}9q*H)X`LfL%zYSTkmmvBZ+^QJFieJL&$!S0`^cQ@U+S~MQP4*il
zKo~PhF4L;1)3RfiiDFE;MC^DyR>xZ_QzVw{XY9LYQT7?jWPq2hFN$49J3EDa3K%kl
zRvMs|=p-c4FFa&qxtIxRk$E$O@b>4i>5~E1#&|&#m`6I*v@OELw?U~?f|my6zFf}D
zbFuZk%`O7g-LYFz9)%6O*9X~fO$Q)LNea>2-U2c(zptZV-spj>YMnq{i7l5$Z3l)u
zc^M$1Vc*kActwV|{n*n9@V7a+gn6d3-v+aw{z0=%wAQ!Fs0c?}Q^{;q!B0Fia50UE
zg_<1|slG5H=VT2iii>V#z<X%4q8m)|UFM`1usH*@S+!<B4f5T~?yH&2mUE(2*Rjr-
zh1eioR<O@}ysDjv?0a1CVnq)q<!=DvI2Th914`5b%I2}HGs{4GJdb#e(=r&_(mQAF
z0pV3hYwWzT;CAD4zR3}$D`|JErMGi+C%d$2x_e6s_L)&uLxdHt{EOB#$e55KZ{AnB
zdisTo<v^ejmrwV?oeOM_`{So?kx6k)yV)q)Z~!dKx;e(}-qPLohD9M7urBoYMo6!V
zNF0OsBe98bRmv(Lrp^ft2v9`8!vcp5P(|hlMA#xo#W;Mmnj@~lo&E92_+#wc$F3Ct
zr8<9pf$gRp;MD18qUm)@sSe1!N9#s8%n#RSa(son^wifBK({spwtQo4luheNzfm^-
z6D(bvT-Y2mK$%m3k;!#MzzIPg2Ee-9$6Pn9+@E6iFwPE8K*(pGt~M0OBa+DK)$6JO
z`bzCCfD$TL>#AvJT<c=FK4uIjHB(Efi6iFA)GqR19qYF)K3F&`&zf71VxTMEyZVP;
zI5Iuvh$f?`@-jGbTAv2URc=g>E5lhd2+d0^fWh^PAQIA;ys<7UzS-9;^PN!YctHAM
z+#&mC;g<`skCPWu&gKKoQ4$fAr`zxWRHL^|k{3}Ac}_t78Pqg3s^oD+o(H*n$Z%u@
zCgD($GWG;bUV|EB8j)eI8SzW4A|yS^s8l;cGzrTxS^lGu3**{-e|fNTS?q_Jo)voT
zg@}^8e#Ogn$Y17OqN*m*4>xM1KGWd%a8;dZe2nEpa>wm#tsdvE_vH-}QwMXLLT`8p
z;q<cE-kyHAA&1N!t1JYPd-^Kwg`U{`??bd*t}AJ-R@iU5X?{x?fEKcP(!bm1v?g5M
z1U5}3#dlIVsE>gpcS%)e<l3V=>8&ZHGVi32%SMzbY}OAls2@d}y(N9^<rl_AAi~n_
zBW|9<M%klOa_HY?7b&7T17&V|zAfd*&c!~#TPt9C;MZ~>mL8ajA0s220RAaxGv?xy
zb%rMd<DkaqJ&Qwca;Khr!zV(U28-`Hs0r~7z>)AEImsy`6ok|g;Al{N;y#veksui}
zc|?>|pJC+e6$fzer5W35uhQ##-+mV4_p9amCN#Sb>D3Rlf_2c8aR|QJ{kif8Bs1Ts
zbqOXdfRK;%E6B>eo5VXIcT)g+sJ^1&y#}R^lK5<)V*d@{78r$^nwtZ=hB)wh35%`w
zCRPLFrYYP3`#x@;QVF`84gmJmohsF6f_MW*9;C6IC~4%(P6MX_c!?SkU(UUzi|#gU
z2KrBArSh~YiY_>}sQt?oF~0gqw(YOfYxX&eXB&XNmf19Uad02}4LY|p1A?XsA|t+j
zxrX3WR~ebp2iLxZxrr!U1#v;Rf&%^`Qy?SFERk(mfMZU9G$|=|yTSEc0WXBFS(LK5
zNIl@>gWh*1{ORL+yXSLhlGJ!lkuOOdhbx9yo4Vmr@0bm`V%KF_p4GW_RQ8)N{Fwvz
zbN^_;2>@q?aDDzRh~+0Y>~#k%(*&hq1|+KewD?Wm%h}~@^+wg3<9wKVa`s)~W?V-#
zv+Fcbc4l8IxhT%JTND-uj6lTz(7K6NXTCG^&?3oVVpocP#JJd^VZApR^3}Q@+~Eml
zOZx`5ZqXJebpmlDf!T=5CE|~g4rvy%$0`D^rj$dcEqYDMz?xqCDL850xJ*9kxq3Zd
zkrBPR`3V!R-W6|_N+f_r1aD|U880R#Qh)R)@Q$E>7u4Y-W2=!bC)CI+nY>eb-Vd8W
zguP4n1hPh=1L%HgU9XDIuk>5B)|xugBNf>F)d~ZRa%><|a{RqTPO)2RYN(|q>h5RD
z;1EfSJMV$RC+-nC*p`@)(u=Z1kQU5vmlzme_h~~!D%6lm>L}bYsP(?@PRiK0in2nN
zb#&=q!s@3z@adqrcoB7b#GYa?e-?w$%AK(@JEbGhTvXrfbCEWm=#?qi1HVGDIS~)n
z2y*-Y)f&H&JRnRDoHsB>wFd7oGwgD$V)w;@^I!C$kCY8Y%P-fqwpU_w5tp~JvU8_9
zMu1K?r0~;8JJ+$Q%XvI3WN|6YRayVSE}jr?4_2t(uzbb-lTgyUZx{227vNVNs3ZsN
z-dvcisyfQk>_U+8L|Xe^v(I5?kr_8Gv&)`8t{~Xnn^+0h@pK9+LtHz*5XBAX%oE60
zXxmJA*ab1V?rdt_QdY<khJ1FTCl97OZvTmR;#3dIH4LQVM30fD;-IDrlBsw^uS*<n
z=NG6&1WyAI00++2)a2hqI9-u_54N<c5D##Nd945iX|~|5ZxUzuggej*%0_Y<U*vnB
zw1Q~6AmcN>(|aG45zBCW5YubF(__()*iew`2AS?j3yav#6ZW5SNW~|Stf_&<lsV#@
zK5Y<D$dq9|1G<Z7$SkF}I4aPwF!+`+Cd3lsoVd{O{H;K;nqzC@C3s4Z;)kJ)L2?J=
zT-tikrZo__3LRd_%uI0MM5qr!`{Sx~=0cq6foF@dPT?Dn%AonY2UhXPj&`FSLpxUt
z%R=-DCFH?Q%8OhUJ2at+LRc)3Ow&!5wH`tq-!uUC)BF2xT)t8p0{<37Q@G%%UPUx`
z>f{0VgeGpc-mCy?A}~Tm;Gb*RgM^Vri0Hq+z#Ho5(ihNbU!lZl1~Gi?;bk|w)<5k>
zOgIF+xMxerl+8654X10#hUL|Z8vrvMH%2u%f1zRy%&TT^k?tq*Fql@!6}*n*3J{P#
zQ}irYzEg+Gwon)J#CE<W`Gp<c?S&3okO}F`prHJ(j|73B(&C`KhJhVXbMOqbzCn4h
z@c?s-s4Ci8nR0T}n8hA|!r}@$9m<T9eUE$_*tqF>ka=vSkRPb$RL5IoeO>)bgM1j9
zT<^Ks+gnADCA$zv3f~>Jxoj2gaOd9$pw*&$&h}BGkS*tUJbNpc?`O)R+X&<Ca5b%W
zcjW6}JP5{?#yu7Tk+50S9tvviHgrh*k)!LL`%+x>eGhSQ)joyWX63*x;y^Kp-_E^~
z#AFr+9Qe?A$4l7dUYmSHN(HWc@8QieFn(}?X4w?nF%BubnX+#XsuC_kDaWC6S_3ku
z_BF$LgnCos{1W6gRNUKp#VnkOIr&=!Z=GSc$){exuAe6!*5<l9(0qDfFqkGEB9}9#
z+QXNB(m5}eWoLs|f<g*_1@%rOZ&1+$5{x?q>1pts;5Iv7&e(U;q{Q}5S93FOep==&
z`~FHn&#_{1R4nUy9*e7dX}%g`>+1Ra>~cYb4jatpGGg!=u*YIZ@0K|e{9xIP{Gq_S
z^)<`Mit*s8I&RLCOgb5(v<tWR?LJsmmbn0dUGm6Yib~FT;KE9W&Z9sEXU&p4*yrUN
zlQ|WESzYfqWly#n=CJE5K>l3loXMp~SVjwf!zoQCi*8NhpGJAi4$X<nNlPw2yGdFj
zdxUWf0o(Vsb~Wv_;`CQZZl8<r+CaNyasZ91&5$BE;{bfvF9Ud?Uf7I5Zd%dLLP80o
zd}|kA?ZW6QOGxK?_=ZPl8b!z8d&O3QWi(JBfie$$ZP@*bfiDFm+6}rzOzSNrb>EE4
zm?v3^{m>ahO^qwH@9)ETEx#gi%O`_e%OFQVldmzVGtRu=OTmsf$ys8f2z#pDShQYV
zxZQ{dEJ%*ffrAIAwk_yn2gF9tNC-4vzFzzt<nn>Bc#pBocFB^0(YrPwBwwn)s2i-1
zS)BJuVMD_W4dGL4v|HfZPSNA))ooFrq1yEX+|#4<8ml~Z_Pd;G{f1ydyQ-Szc>%Kv
zVFLky0h59__+&6C2_C|`7y?mM7|V1+E{`c0N-a?F(LV_d=<La2S+KF>;K+hx-`!8*
zXJtF#PM)ANU|P-HhUD~%bRpP#sWutGC1&0rz5|_&Y=0p>NM5jt1k{5t;zV&YXg!Q@
z1~k7a0zg?XafD91RbR)+?-DPtpiYXpibchMkQdJM_*G7EN;$85wNiF$oT`IepiD2|
zGNSES;+#fbXg^s6-fK|=RT<$n!?h#`a;qerqk+<>@wHUgmm35W5bk&+4aB)upaV~<
zi_lSxv+;yyOyu)E1q&QARXbaAnZPt%$P%Kxe%J;Hr{Fv(%Ts>MH&tlBx^BP}-gXKw
zP3!Y@M=@=t@;CEmP8-(CuiArim3Q}1(ac=o@k!}ok;<k*mkhd?f-~=T1X?BR>MYpz
ztOAoh7asD918hS2+E-#=YoEkd|7pvFZqTgM8RrFaM>>y(mnAN)a?AUdh?Vv=OF7#C
z!222n>>O{VFZ5?s643&X7e>+vm=7{RX{prK&IQ#^GwJ<Jh-cNbUI#7HZO985U_359
zw5G`LC`4b^o~n<{Y~^c|Q?<O~w2?>OHA)Y572PH05Mx2HTfnf&R_(+}fd_<@BmNG+
z%=k`lV(YSyKc3(W9fEy;DhmlS^gR!<{PF^+F}sPkoZB^W*?zguRZlN*Yd0Dq8=O7S
z=6NEy8w=qjbIW@yR9Y$?9K9>Uunnj)4F>AtfM@lMpAzKJfQ;M5HIcAw1cANw$$emY
zv#&m~75-hI;^_XArv|=p5TO)duN1V$3<cK#B+|xwW1|&N{N*zN<Vzj-NWh7MLwnqW
z6Uozr4@@j~^uXi-L5R;VUTI8V@GY}p&T*s(7ZKR{zig8L)U$93N!iB$I2XE}Vu09t
z;*UM-gC(jx16|C0GaZyM9uU6;tWM(Ul;={lEl`((ET7pN4SaTJ44bksa)>LZ4HwzV
zVI25j0f0X}$GO$<1MuNsODuG%eZ;Q5+zhaZH$x>?H1MJeQUOI{cC?9ou&)h^C#p5h
z%97j93ScJ~4ie-_aKJ1vhg=ENx1>b%r@M4iB6HhCcR|xK+29n5_IXp5-6#1q1w2b)
z*lS;hKb#%B(Eun_k%!_0ohdtEs5`6)BLp@lQ0E`B@Wj3&oI8n}^H|Q-ODFjB3~^Gp
zw42U>96TGII_W1ME)=3a3<#gs_)w#|S8&!~SNPe!gB)@1+rWvZ1{jB&J{dqpPQgr<
zdjlJUD<^B39i}NXS01rlJj0@zT4x?L;LvY@q$mN~O-T&malk?#9o80%+<bM}m$aEu
zg2KK7ogvZh0y}q~c_nbvnF6-5g`{ky;?{cfj8sLZ9qqMga0sACxR|d<UI`m1=3ldm
zD4Em(La%@GfavL6@(t_dZJ3V7+PG%Jhma8Gx@Sk4u=STHwr&CbR_e2l3e@Yl05?Jb
zjSmZwG8Kc|e6eQ`_-(_0$t*(<IJYt&=O}bCnxqsN?b;19Ic@v-tmegn%xsgAPf)+V
z1+e&M(iZ?d!`Z?ZScFnHEK##T8~osKis5#<pD@<Be(MC_s!Mnuf__a?_=^(_+a|+C
zy&WwJbt<!U!yquXxEEW^obhfW9MBOw{0+Tt<;Qo3g&+@kN)t;@Y};%BsoJXFasRAg
zMohmuup;+uoD<Vj1Vx`mTumYp0_`hIQ(ppFyAX`XH<BCeOu`hi**OKbSDeizr!SEm
zs*H@;f9V3-OJNA2s>y`u&TiS5mhjLU=7`WZH(frol{>6>)Kxn{MhOO;FV$ph3Ay)#
zi|n84otfz2(*GQ*<=oQE*7llWq0)84kI@Ku*EJ=jZW21b?3V;iQ~r7lFIygj8HZ?-
zJG*vKHh%lVwgVLHHkRK%ztjx-0ba5&)BOU_gGGgHvefCT;P@^W9?j@~c{x2&HwGuM
z*qqOj6Wezl>k7GZO@V{ENea_`R%2HTG6uMgiBe}h<gT~*bN(z?=Yas00a3c~06<RV
zmXkP9DUkM$eqVdY6wnL`PpOV70@}+a+4%sRwawiddh-F)vxD{*0dZNDrNhu!7>~`d
zGnvWPpJ#v@7Ha`@!_?>C1rw3hJ-f`3OwtbEdRKN_35Rw`5WltN1S$$(!Mz1lP$;fD
zK#hojQ~^Q#4_<;Tf}Lr7MzK5_i}*PY_4nCl2JXn8lBTQzP-O`mz%fkhSzQFTX!LN3
z$tddVMg=%ml4A;JwlS(_*}s0R1Xvp^I6C5T@n7E5ZVbXd0^&b-i_NY9`j5f?_xh_p
zZ=nCZ{^~Co?|<*j`*Z&N-+S}^k$S)n|4SVIOB}n_um2^E|34*;Hb#n6x!~zQ3vKKq
zILSTKvF!3FA3!K9N5pK=)#rzqI?P=A{6DPnf>+m7N$<@~{Ig*3=RN-q)bNWR+7!Ii
z4p3<`4V#UZ{qT2j*|HpD=sZ}ck`!LkO3LZF>s2hiQAF4NXzUFDjUx8q$lXj?zZm-;
zMX8O3qUG5N_V`_Mht~ON+<?RU=`*;?yuM8_2fLP6Dra%V?@L-^N)lUb$#b#-iA8dD
z0TLU*-GuFM&Ezg1-=Z0ccI|ooagqP~2gn7MoNDBwVpw;_uz~#fQ^{Hi`Y=8HL4Nvi
z6Y#hzGgHffx|ueVF4vR7=W4;@GS6)d&U2T`za%T9^0!pzF{3qC#Ol)*z?;-M@F<@D
zbW;C$D@ln5Z^&d`F;Qmfol<nlOym!ev`nSFTdA**TDE)_D^OCcB`yqt?gyn<m20CL
zRXp&ojtLqyIDUNpu<nqjUT`Ptj-w5@d>zsu_-|bP=>8uRQHHX7Eb?=TUhku~*28iP
zwS~>PXDW=a1**E{n2qAY&9am*x?=>Acu_Pdl7-65XwGPY&c_6E4ej=vfj^tZqS$sv
zD78g01Q_Q_@8E9!dvyAL#=`nb8Tk_e+x-^@;MYPLW%LZ+r}AAt9gK^26mP_tUWik1
z2=!R%Eu48PxjeA+6&uW3QSRL%N8E6(k`YL3RnuJgI$4p~ZP8_4(l2Hxwb<gO7?`Vv
z(otGdbvQP=s`J$)g0n8h-JO*1<E@Um2uAqL?C!5(_&@LMAIY%(p?4!Ls_yyG*2<1X
zTBFUmg|mh2G$j>%m(?(fSY{J5harde4hJa4UduQRjkNeOiMz%2l}C$?b#9qYXk}lI
zb)K8EJ|kq_E3y&K7uVPPdRJa>*INK@M{C^=`MK{V-9MpBYbW7(Z+-ZOE9Y>ZGEs<a
z+H$z4ecdC0uPuIF-%-Jp^JcFy(ShvJa>kKzRFY{&>V%$83<wn*hIsoQPxT-FAQMV`
zgOH-eDu6XW07tB)qz4W2@1=6~QX9M@s8f~dYD2muxWeq(rs%)!9e)|ACd}S2wHxHB
zihD+sSN!<<C)7k?Kl3fn*0u104Sr!6)<)WrPiS^KyYVlc<(oV!_OaaC6f7~ECVJK`
zG|u;DGF)QxUOj(w!78wEy7jEWNb~lO@1h)k&hh_Z$Ul8VIPdL}d>47eb?QRzv!4S8
zJ*6lTGp(=Y6Z2TR?pbCIhPKU&d;R~OftP$_C<Rh6s)h&+*^3y)d5hm7xBj?yMVOH%
zG38R6Xo5rz@81~t>v7t~CAZ&~u#$(inwD+*$OFx-^guApR?<8xyU`@ST)f|6*5blF
zmgcXQFfEp0V?Rgsw$VuvOY1v>H92G)GIlh*>2C~LM2TuzGXEpi*xH7m!HSz+kDdA#
zce2YzNsRkZO*05{?cdoCKT7Z(u5gHKRy1$~<PjaRvL6jtwAm1mqkkg~9`3DaK7F8A
z;<rC-<MD=>$lb%Fe&bKN6xWB=Hs9r4oWDQYFYlS4N6}T&T)n-VX9_gpEh1Z7#BWh_
zVsihpqh}IEhj>`JEcb%owb_QFyni{yzep&oGQ&H^-ySxSV-@g;4){Gj!4de`Q*CtM
zOk`$#*`MP4Uyk$7v@b)wpHe{E-}KUN{0;D8e!B`yfLW+l@ZT712&QsC;Q0~e2tcKl
zREhc{|DfI#U@BCCsT+={y>m^+a5Hz@U3azn?m8{rrx{KFUE|y1*9rwlN&(js{Xc&D
zu1x4bFgiq@pYG58Tw5EBcoVeSk?~ze-wR9}-~aJ{1Z=6W`b5Lqf=CbA4R8NJzpZD>
zG*p|7Znhtk@L0H^7jA8&_ocr?o^o`j=5ns8UP%v2j|B4nEf&2OZVdyu?{>Q(C#O&J
z_6|p=lH*X(Pium=jk5kqpYa*jhwe;ZfoJ4f)!T<hAoTcEl^$8$J&KRt+377mez7b|
z%yYQ<oXiKWL-5*|Jq71Z7O=`bl{uzD;dA4@{~e7tsuHg(xBahC3dik5T$j-d-FFsN
z2xEIHFT?sYh?ds-=4E}kq^GnD`x@B-`M0FWE$<Sh6*-W2q$+ZG+OBn~b1D~*-DEpG
z&Tz3g?P@87Z`bTO?j7BU&h8Q=fusLdD~F1v)jCZs?5d6ZV$-}$lEF5Jt47}DQ4PO6
zvi}c9-@Q4CPkA;STHn5XJMj2cZM3`o9Ivm&ZB|=_5kyVBl)3M95S495y(Ro^Efz*3
z6c>u54csJ>zI+<{7YqB>kCMc_WmPZL-0h+IZR>{#d#f->sKS(Z#;G6p%|8(yY33ch
zbWRhdl_5>7ptkV}CG~T2+{4P)$Ovqe(GJoLaO3YO?Z$Zib94Q+ML%cCWJN`jo}YR9
zURFvK{rkp!d)|B0%P5OBK`JaI2K}%udi>BshUd}&+0LqV#}{pLA7q727^0UeXuQW=
z1}p31%ENT+S1PM_4lwL6-^-nhE+qSX$RH+(^>|}`F}uIq{W2D?G}na(A_7G!h(>o*
zQ9hs1@7U^%Uediw62SxA-D=y%a~^(tcE~v6N_x6l9d~Y3_~s!#xyp;^>E)@%&_uQk
zQy`zlAf<JZg(aqj=4&(cSIHH^w(Gl`&-%YIvrOedx-6rNjfn^Jm;PAwFm-S5oP_8N
zYa=D^W|C|a1+(*3wh<D#T$sGKtQV%FrbSkxvwFk1f-~pEe^{A=x$fy)#eC~ZJ*kdw
z{4Ec8d(&N{F;QDwR^qLTmfU}ZS{36)@mWUq2TtMVs&R6K4eH#^JNSU8<&9ZwmW>I=
zQ>Ff=iAu(P{~=X@&Mg}>8r>yXhWR6F9JmR+rM53x+30=PnVcmR+v7NHU%m&8MP^(o
z4R?oB8?u(p8@l}#Vy+Z^)<z@yPGMt{!;EHUW10RK<lp6DnK{aUY@-bQjEzax$xNsX
z0e^9?nquF5Nernj`qJZeB&)K0^ZHhx{>0Dikkmmj)snen56p!*4^%Pp4{5sA(}Hg2
zb*=vV`2P&zUj$T}2t}5W5KdS7(r;ILpCwb2ZQN}kf}wp&IN5yn+9CQYTV21~W^U8p
z%)5lme*5l~(L0~@|M;nRU~gkIsmt|ge!Hm;GKW;kU5t>=1j@4`qGh97T3Ys%IsU$Q
zu&?<are$NMmi;(m>?`s!6#s)~0NtJU0r<VEm}^4cuKXS&R}ZORz%~2?{H|=Z{9Z;l
zdD@USmFZh<XEXoDt@%28(i0=krBlCaRNrqU#dHY(OmOK<bY@e(*3T7{*@DqYA#yGo
zs0tE|=bHc1|G*;n+`Uscb2Bruv~+E*-*=ckz4sH<)|@qKqaOW?M%C@&-_t@D-9?W&
z&iEd)mrtg}cYSl^Kik~jX6+5zy^C^TBpWje3!ZUW_dmj~jQ*lZYYxggBZkJ<;fPUj
zVc`vm_CG%CVjyTC1S*}w2S0ZF@w<N;Odn*Z>9VdLG^SZn6p{WtY^f=_vN&}yBh90G
zeD4|Y=)9Wv{r2djBvV=MPbsyt{)dYT26Q=gk><=riMH1f4Zkn29Q>l26XN{bMqZh<
z(E@c{VY^Rsux*+4Z{5V(quxte=T*u7A7|eIPj%b>pA#kSN@bLYwoO*3IB6S^eT*a=
z8IfH^oJvbZg&Y~DVQ;cCQbrsjTSQT0mR&^u&y{oB_uX?>e*gRRdU`VYp6h#EpLKo4
z`+dAqJ^npo#x&C|#l>3s^+yR^#YfMcJ-bwzrI*?c)^H2^KuUf4r?1Je=kN?Nj}Nhh
zoWfV>d+(s2j5@60xhNKYN4TkIv4&;|L1G2-u$iTW#Z3)q^@S+?dIGn)OIUzzq-@bc
zd@=D7QRu?_!bu&p45rofPwB)5&Q6i<Ez*2`W#VbC47x<*CB-hN>$ha=J4dz1;i=>s
zKg5j9OUQ%r8JlQt${pKUm8B-!(*LZOgBth!>HJC4n3Ac~oYjTXbJT1^LuL^m$!z4!
z(}`v1Ub?Azklo_*rIbwJqv@1am0@&n7gUe6>uq1`r+8wu34Qg^M{@lHC8m;dWU0~_
zMtAemRPqbUNSc*q4ES8i^9XzCnG2(08+KZ}fA*4{`n!L8lc!+2qg<OS1}rFJE!=V_
z=~uy8-`>t4C@5%Z(BgSj%v&z<KnXc*IR4rEg9&_$%oSnU{fG1d?{z!;=|iX{O?5fO
zD+LImIIV(sDUNsP7S(c*9==c<2U+Px{SzswZ&j_qU_vIIy7nwmWeC&jVobKjOxKGT
zQ{=uV4&ycRjeo?5b*Y-P{p4WlZPq~D?W`ZRP+KDZ3c$YeNphIW%*-T&Tpe3<Bv4Jq
zDxkv@dq&LyTxM(jS9Xdi^Te7Fy0$0*Mo?it7y&lVleD=F6y<%oA|{-e#hLLd_|BgV
zSp%8|I6Lf(qX==vcGZ{7N}8+9Sheqt_Hkr5J|M27n4L{DG*zQg>|Tph5Lzu^)t4k1
zXUZ;N!)Y0ar9C}8XUxrc+v?)jt3&s>Iz3L2w=iF0zKi;5+<ur6uA?W0>v}JYr~Psy
zj(W`0m-!fmwcSiJ6+2OV+=ilWskBil5u5rh3--%|;^=wBB_s~Tg)C_5C?ClMf6}=r
zcahSox)I~$Pna3AG?pV@nt%To148la?1zhQG%_lPC7NRDB4UCEsmA6#4m&~K`za}7
z!8H6n2t9QQ`dyYcb+%GYae7URM#)Ir6*2XfHRHv?8FtZ%17?g>6#sWdoTgE1<Jq#r
z#oDSyAc;r_&!F~dP6(=o+6b7vdkG)FC_G)q8el&<kspbt^m>Y4^6V%2q*OL7GW|*D
zXJj5$v9z}K4GIeCS1H;+H9L;mRL>7-RJ$3MJSWECn_jWt<K`6@+e)WVBd{lyhWeX-
z(rfN542J@)h#64goF#;CI=+!-tSqa|;zC--O8Y5s`g?7XR47rawW%qnvqX0TRbBoh
zuo}wH%WBbZoH9rM9!nZ7h6VS$jZ3Gch*Kvf&TR62?UFw&lq#9EhoDfuotm2EF(9o?
z4&&36R&ONN?bfDTjkpUT-~aWE9zRuTelH`QMc5S@TTY3nTH2nZ>Qp3b!|T|G@5u78
zHMI3`Ju&C%rn*TBt)hX4A#d2%E%NbL0|t1!>OH0%^T9qn6VHB<szYo}j<l|>u7cFV
zULh7nGa;Q6?mF-MhLDhuhZz|ey{#XqFIgT7Vk7-Vr;=*+{`5Laph0LA)6;s2J#^$%
z1)%R@#{6wz|MIHrns7QNoI7$CDJ-fRpcS<un>}#;*x`ElE_}|8^<jd}2XYr=UG?;2
zonORJ6+fQ|<xGy)B>TD0L{no$>M2s~%l}0830r^-?IHEs0Ya*9DW+p&J?Qe_p04!W
z$C2uNRLq^2eKdh3mNqKn>wl6$%63igsb=p?%*c?)voTyaIh}m$<}sb>r^bi)%osLh
z-=c0sJOi_=`PO}P^By#q`ci+CQtS`x>=!-U6!G2<=4Ycrx8Qxso?XM*I*vSf2oB3l
zfXuhp$CCO%pfz_o%Tu0OO@}g)i6s50(R=xJc-xPp(CxAVZk<ZhJA(fT=9A<|xvb30
z!!G%c7ilZuO45OlinWxevDIz5oA!Q=YpR*0&b+T|d_BK8gkjohpb-fMCo`#PZ*TwP
z$rH~-N+xVVJ}UrZNf4LLzdB(VYm7HsJn2rp-uaHatUy;VY<{CYYJr-2Q8j=n55E-r
z4~PKo+QVIxrygDtlXniEQ{gIEv5XR3bNhP`y4W0)m6cns;m-W=9H}xz%7UHGXQ`)b
z>=_e6E;Qc(J(aN^9PC%S45#@cIpv5sDV!s@=mRapc)7k(yX~nVfc>W|!sSo%k{vJA
z(&Vx+RXdpe@~wY*3#<nS+YJB5^Ast$O=}?=irc&Y9r<vscp^n>Kl&7n_tkIBw^pdy
z88mVDxZ(US|4}iSc%W@9mzDa0k&F$RQtGv&ai2y?S>cQT0p{{{<7>jh1as$28#`l>
z1y!MbS}S#b7e1HNi82siLki18sXyfYgpuH?7FfkjZ`Lzw_hddBh9xD#k+=uib1c>i
zF+<Cy0V8DrggOYlyM>#t>HTG4V`C%i&R{t#?LIwzbVXf5g~T(vswye!Z|bh$nS0?A
z6%}=q%i_V}bx4hl@5I;G2KxbORx;)YA$Nrt!-j_L52n@g564Q-F+}JDRrehbjN|?E
zOGrWLMo@Ms#sduSbmswniax~gtB!$(DhD&3%XXET_nFv9>N-C=MBG4?BI=p_;s{7u
zus@cjJIR;lKQ4w1Emv~)?jwqdiuu_g)LIu9p%URiT|K?6?%7_yp}70WwkrT4p1`4F
zTogGg`VP)1cj0m)4L>EnJgmEHk%zeqi<PopQX6)MvQ|sjk=zd1yHqgGZxO&B8NX=a
z*=aPAsV!YbIb9$0Wy~I%H<VKvroGv@9x@R~2-*{0UHZdL{w>U+Ak6!7rv%<yj#?0$
z1l+0V@xI%`-70YDNEFb&{JO2Jtx{C&;4O9uzKse+B>jh_l&sGvtb^DbmLarA<<vL{
zA~0G?Wkq@qOafwtGv*SM*SO61<&^ib!X*M!_wdsZ{m*N;Bl4B4q0i@kK)8yKu38ea
z&do0et`eZC^Opa;?Tw~iq9pxnxLCkSCoGBEOz|W7(4gDn;wtDnf0ht@gQaS-9ato{
zEcOCw#qK`CJijWEEquArEIE-H%P%1md+!Mp+juHn@b*uN^eca2%FNU5(bUku3<qS&
z(W*+(7=jx^gR)e5VxnNgo>Q9CZ;C>QkfS7(ek<ncBHbT$DcDfSq8)l$C>K91c;hrX
zb}GA*ND5fCr30US!OQVKrxv3P|K8<|^cW@OvrGY$gY-U(dV5i&fuA#w*eS~LtGA}S
z5DjJ}nowPG-|7ZMZgAjFDl5!IsH$58(ZQ;O!t})&mXq-B2ON9Jl;CGQ58=e4!;Yc3
zNc`*9H*|D#oD90X<)O$kJLM$(F;VIW6p59N;T;)N?#$V<i6y)t>lSGn=o?6I<z8uh
zlb51%5`w@-3&4_g)FbNv+cR0MNV&=`sOvBP^2LxKpN+L$qD@O#0!f?z3CJIzdbG{s
zC_B9Q#yCo9v$h2e&nN%8)~^Qpe$p~R0gAOWt8FQp{RqC4?620Nq|p5p;q3IS;}0#^
zkDs+^;n;rsh13Nf&$81AL(x$)_)@w}wUS~{*!4(E)k+L}e!C|#PEGv#pZ@aoKl&g*
zgD2xug**tBd!d_NdM#M)S9o29MV?L^k19Qz_`FwPsTtIutbs5MwkDy*UCfdqWmpt(
z3H?R+>W_;15n*u}HgHh-J;c-C%dMXZGAJ^d0~d7in;>1L#jX<WA2=5LPRh2~0nRt^
zQPmTQjq$|VN~OaM0`6#}-yg?6_LQ&*)WCIH9n~q-9)r-9jvCsQ--ZSIO4h6WBp$z7
zuj(O?3%=8PD7`bPQy4~8f$NZCbWV7L^vaU`hhF*KzPVE;>1Ckt$x^D?Hvo$iK5_Wg
zg~du#Cal}i)q_m2&oP385XfF#V}$PxbnV(We?lZl^jr3ZWNKf)|5z#N=TkN;16mDn
z1A9y^&I<rm5OlJs&N`Tps$zd(Vg+1WZr{^|G6Q6n0*y2dEOxK49k7_Og6B<?&?`V4
z{9<TGDb+qV0J}7PrPU?gMLv+U3Z6G`u3m{aFNf<zVDo7nIiIG=Dw+o3@3zobq_n;_
z0LT1kkCi*+-KF92m9gdm)W@x)rw@Nkmr2D1Fl#E>5sdkjB>c3|{b(F~)$XbQig%>}
z$>$Jp*-0%2XdH&0izXeWD)S$<02@ws^En;Vxn9-P-Rb?HOXcr{I2~~Fc8F6Ilaxt&
z^Et7DJ3cX=DiZ&Y{r_J3&ytwIhvL|-bNeCuPm~Fv){01Y6qw@qmFD}f{;*(JkR$MX
z;&$tqKBR1~54hW=^25Q@;F6>dYyWUZoa$))v{3dVuw}NBuN5d;IttGVDtpC4HC-VP
zye1G6Mb<3x_#2QtePb1PgOZq$K*nb4Mk99W1MNT;f)wkhH<16{y}$S23<ro~X{#ka
z<xDHk`)@k(i255A=*aPz#RnH_TXw_#IHqgvP?+DDhU>6iAFC_o)CX2<hYt`sHs7}O
zr_}+2+D{=FkKd01OS)Oj@cIN~td_3+aR)0qTJr7^!~h&)q6<f*h0Kbh8TprBIzO8g
zepp(bt1+H(_GiJJHuV$)Q+o_aHSlikQTE(_UiOcdXNLqtx=~g~G3D%Kk+)t`ZA3jP
zU5JSj8pC!8FYfF|`91@b{b7dPvM{=Pd(I6I#!ElGdSu)~ChofU?Mtps<~h89)!k!M
z$pF8DJ8<8KkNR<TNc0Z8T2J}<PcQNDBq@)(2QVf!4h;>p()77bhlrXgfcGuCvSMBT
zB{ivZq0E=tD6hs2o;=|}l?V&f3`wJgx5iycF2>1`k&ztF*(o=}pSJve*Rpb}KPEVq
zp$F#qUd6KGrwul{5k+o(*Dpf!3&u?eIE3k33fu+8Flg@hZbvANt<B`l{By7?S2Vau
zrAz78LbmmQLll(@F-94L{B=89I@O3%h4H_Inj}e^yG*z~q3#nxtN=_UTNd*8d0Toh
zFX2uY#Xs68nrC@;r%JV~M&U_5JZlr|^Ty_A98-B7mLaDQfVytMkYSH|EVz)L!}VGn
z5Fww8POV=LfBs{KNU!J^j4I!&#yH?ac&`X~a}BURRq}J3HDEXecxF+zhszLvHNtmG
z1^Dcet`hHVfLQYOVq{Ay4);CgE(@qoX3rimPbw8EmNg$(SDkRpK=cS^g8ws29+m)R
zJ8NIgj*RE4<@O>xIs~a`4CL0DxR#1Q{_fp{UzPU)y>=>)BsCgbFW@_RT;3C#4EEHu
zBvOnbJ)}vbV;+8Ff2uM6ok7HIWq3?_51`$gFuZT+S1EjDt9Em$)D;}PR#ZWW$MCd$
zbJ@+ZVfIoE@iVHE=ia%3F>eR3TU-X2dAQFyLB8|Z<>k&Hld!ZZ0e_7FxKK4Ymw%&g
z$SQ)D;P^r0=6$qK?jz}P8mR~5MLX3iDy|ephTY4)s7D|75%&06nF@$E+Jm9Xc3`=Y
zANty12u!B)`ik5i&F(jM=7stX3erHpGKimaYBjZm>0q<XWfB?kwYHA#P0UXQ84rzo
z&E4ZHV`x|{ePQ(dQ6tidbvwpQbv5@LmP(InKYp0>j#eu{XAJ_w5HKuo^RfI6grOUb
zaM&KawQ+Y+!eQXwsk4aiu78TaTGz{6baU!JPzwpYlIv+OU%_mUKXp(`D77Sbi<P+}
zLDb5?KLqH14})}=Zf>A(jvtK1I*%{Uxzgh9_E{<?TC!BicOo>9!$31N8yt6TlKJx>
ze;EK1ZeU~+(jR)qd+w{R^V6-vfIDlo3h}dZ08L>kply|Y`#OfCuF_X!Hst>ObP-h*
zqxypCjL@<bW<l!pI<%vk{pI@*E~QmQqgE>5wmIlFeC>_k>J7C&ZUw+WFm`<lfl3hf
z)yM%Hc`6LRzNme0AicM2=_)BwclLODFrP_Ko!Y5Upmx6j2=P0cbS)FrR^f~z#@+Hk
z?gPcETT+eF$A$s&Diy}I?|t~TJxpgOhPMAWDG7!)5))rFG-x=N?@*#_M+_>fN@RpB
z&My$cVOVz}xvV|Meh;5Y)MrzMa^_1xybi>R$KRE9HA&RAO!O9Lr0Lh|t6v`nj)hwQ
zq8{D$){H@~I#gP06Oblm14HEL)-+Sx=Z}D>;s+E=Vs*2_yW7tln4CFwcSob9h*%DI
z28Zpgp;+S;0B60?7ElRG0WmB>&<!9B$}jcB0*1eO>X}y$?_d!#R|`xR@0pf`Y5$Q&
zT(dj~qvDP)7x1;RdddMTNqUi)VH=u`_xgZX(N3=1Wz~`*_1^zL*H*5tM+X6NWS2>~
z|4GhdP~)$VOeasx>2l7Cd#xvurtH2T>Sq03ny%8Rv1BmE@UAjsT`pK3u{<r!<UyKQ
z+{d6e7pIl(tn$R}GC#l0Z#}zjTNkU)RLP5s!DM<B-{mNnR?w@DR`D~hk17GeM@iB^
z|Iqf$p{;tmW>>t|dkc=v7r?(WJH7XIUEkWJ*E!w9*DYX>D-P4&xxu?_PJ-GzEgO66
z--B#H!b4NTHo$DYL$`0{bsYzqT=)W@!EqsY!!?{oxPQ9Gf*Z_T_TQHOXMKT2M`kCE
z^3Nao1zgruZ~*Zb8p7v%MrM{&U=d@4|8G)i6je8^(jW>>Bxiv$ve|<#pylIFL2}3(
zGHA{!h9_VD<kq_<eke$O1Z<hJ8(^#rna2!{Fjw#Gz9qIr(_mN;bgAq#K!XfbKHw}v
zN^!e59+;aV6hdb2IEWCYA%~yvecuzx#oQCSljfZg8#STu^P+z~v0OGpoxIhH39M;4
z@UiimM)485OMSd~)uRr^1rX(fcy&T9g?im2dY!_@6*+-9D@!x2Ogn}0bFAcq5^f9L
z=F8{syb9AyXE+Ezg1PzP*Gj{nr*Chp+lgnngD|~y09$D*-THd_en98w>|Spc=BT9)
z07#s($3b$xwANf?RSXiq4W$}R*WF9Qy2%*YyaueQ_2x+>XUW04M!3F@aN$0@N31J|
zC^Q>%z?H)ZWdAyX<JL<)?1?o-$&H=@J&Aci^*1I!!O&%CYHTcTS$qbiZRJmUK|e0w
zUmVDLOWI@Z+n_7M+sDcB{8vQP4`nh}DA82Pm#0~Z*q3oS-$KCiYRK#C9WCG54M6tZ
zi2TR;GV$epsr24~qpLAK+dcz_tAyH_Q7~qH0FSuY)fZH5qAPbGsS<O`OA@FMvLRGC
z4S2WxVl{v|`r!+Z-MqH_271l)$+dH)3lN8(O%p(pO|y)nT}_06f34-*^OcIS&br#{
zdD#X)bg|2^zu|bHD^N3aAsT{jz!>ce+EjSskT<KNtM9l?DVQZ!iEDRu#&4y;NC-nH
zGNxy8i5l|#-;!0M{Qj2$?R&_5%;kgZ6-t54H<uDi0)+v1c+|H)IQBH20Ux#G1pHw^
z>}$~w6w_=;m;#aiwCBtmZQNG>aCMK*m$@852R)arx(>i`B*UE%5|&!}z&gxn{5b9f
z2()2YP31jdKL{%K#JjX-0Ck}#;%se!Ggk;Xz~FXq(3oqW!Fi;sWF#{y|Ey2h_aPe(
z@6Nf&tP%Ljp7>z>cD2A-1nmHR>O>uf!xk(wDuEMkRph6nTj)*TYavQ&z@Nl{-GC$&
zK#bF4T`qc8IW7Q4ZyI&V)RsH_lr}vcSy!ARIq4Z0`eFovTi>Kkd=w7F`Q_oOY2$?b
z<IE9o80St|Ky2>vHvD$FaEIM%^JvF7Ut*jQq8*CAMZ6RU&~g@!MNDls0`jibetX1#
zYP%_RbOb<t+g}NLjoE;;-{i;da30~Ic;an?#rH`%4Yqu#`Tng&|H_17Y3=PL1SsIG
zp+>BBJ0P2szA}Sjad!rVwLf&9?k{!I3<wJk8y+C`nUsLtdauM%Klk~XoXO@Ija_0k
z&&W@DK%Lap)w5Xo6<*Va(KD52V4Jx=z?>&LG|<}=Hn{=v+zaFcOTWBSxwsZlg=85g
z>7;H+0`_Vt0OQoY;MVc<!oFqVHGl<j)L!TbbAuc(P`XHbAOBPdST;<Eu2qKfUYr?f
zyw7J>Gy@l{2O(F%RLvkY<cdeud6CE#XSNYEwu^b~>aB^0a95$J=u#kp209MH)YwR@
ziaVd0*ONxg3V~pj<zn@z2t;@<5R2X(t_lIEWR>qXzvVK{R-I60AZCVXWRrprxEqLK
z`lLnxS}H`7by#J9z4{xdY{)*F<k(2Qkcinqv#pwG0@i3q#uy<<4m|)DR#W`ZD>I7w
z%m{biUJpPR*&4Q6vkH;9YfB$t2#&%Qg6-;txB5r7aqSXJiH&dMhbR?K#fVdXmv^X#
z{NK)r+XllMAZ=D1dYnM+QpGcrL#!wir9@o2ZimwK{g;=S8d_QyTqc4@9cCpf8AtY8
ztlN2f(Ds&#BWra+bC{S7rjbPog~q*a<Xr*B$ryl}2b#AP0PNur1`}3YUKSDcPH{gK
zkLmg_Ovu(FzGOb#q{6xBcrvf%({^yuGP85YFGIj)GP@f_nbwP%97Q*T+i|<(07X01
z<mDZmCudH~N3=@cW%VKUNS%CbIaOH<SV9f=AnI}-y4Ol=v1<bG{5}j-ZU6A@Fk10|
z%>0CRl}S_v+ogb51^j0JR&^dR&a9{(e(Fe(SaLxz@xmM2z!ue$1PEMnw#H-w@QP!c
zd~36qJMe7Wx^JBu+x;1c%(q1y57VtXhmfGU0hDOCVfXA_*U3RmU&CAn^FatBxBIl+
zKMtYgS;SDY3kVT9IHG{$K^lrr<Yzl{srfV#6g&EKfA+V(I6Xg1>?K^TTpZ+n;{%%1
zdF%m>IX~_kYI(fKOU?oG{xYbl8^3;Hej9T%l6LPv>q)8faOax#6&gq0g3s^+R2%0|
ztGdU>0DV+@eCGWTPDc#{`^4G(IHev4CPwa*Ax4&NKwKMa_zppyHw4Sk^`9=z4j7g}
z*kv%9z0Z*Y3=s#=r`rPl|74!a8I|5qDH==$FF20-GpDtvjzbnzIc`+#|KI!he|@JR
z1{-&WSR6doTT@dI%}2D13utXq#p^mXpMneggXtc~7;N!rrHA|48mCtF72_&zfnmWL
zg4ir${~GsU`w<@-w?`hA55I^8AmePXH+xFIW_iqHeHk>9(;Lm^P4W1_xOaXS-pUp@
zx*XZNFEI*T2S1Yc-ZsyPV~>*+>+v_>MIJ&lQ0lXh4an{K#?G(Wh9%9>)h)m9xLMV!
z3338KhgMpAn!cH}`Z)vJI8D{&`Io^SU_3wD08pYM|MhbJBbatu{pE@CZc?D&&_1u7
z>OA<00A7@X5x}<Is|bo`#G}$T1AfvJN^7)~`kLxK0`SpnRpU;tEdZSKGC=3=__Trp
zpsj2n@^id3mXYi($f!3N<+#!}%Gf6R-PK?z+tXzteL1smJNn9gO*!xm;1^Dn0Vvck
z>WjJs-ZK+$MO$E|jJ?0}N=M6pBI!2V$2VS>N~H9_l!t-R4QDniuIwxxfVJfj)07`b
zQs{YNUY~Z;6ja8XHK5PZGcE5_55NF!fZ#~~@wwxMWr@uzA)hdBR@On4%?Dwhc3(l9
zz=%F$HoWN82C*&(*ZbG^G8%r7Cx=MHH+OFWvPg7|@$H7TwJk8jGIW4zT2%m-2Aq9B
zeqpA$N8J<BEb8?3k9;KiCoXUTCt^1W{DwR9q$z<PV%FiXj@!Pd8bo;xmcc|wKU;*M
zQ=6?KRN5Y27-zyN2L1n03ZdrTP!#jd>cx)G*6VrJRkSWU&jGAt8Q_rC+twmF!t>2}
z9gTVWbNj;LOb|6Or{CiglQ@^wHYWhWECJ5r7TXp8WMoIUvS|_82|Bkmp9@$6+N<KN
zP5W}QqF<qMIVXxpmQgcfzK}t&e?knRCZ~RDKDc`^ULrkk#ZEtmkGs=q5J|SXDjESK
zA4dZ_)jlFljh9!Txm8n3@frDWd=Sp<#tO5ZZ^EG;*6>^|0*qdE1p6;p2SfZ_ejeY9
zHyrl)GVENqQEvK`pN!8$(bCli<E(HNdYM+Z#}z~f%|1!J2a-i!ME*DP6|yCYZf}=z
zeH3qx0G<LJ%ft+YeO{>OqJugp5B>kupWbV5dx`dviS@kxIF1S>qnEbbr6mEp>J?hN
zVkf|u$HfKlMMn0A#;(B6bspLgN~|wD7j%ep3xjS_aQoxmXbU$6+p((M_e{r`gH`r_
z>v96DxKc=GY1Mr}q<oJ(8vyyRBldgY_nE>nGubiXpfjSsbVJeQc{iBu^cjD*1a&n}
zL$<q>YhM}FC0QszI8rM4!r{Md_|M_wM<$+CrcviioHa$GmG84cV;IVa;57v*HD9JN
z!4%O$hYkoPWbjoXEGUTjYt!CrtKQh&A#ljOZ^WE2jcbn9)Wpi0THM{C3><RV4+VB!
z1jyqb*YxPrRkB~+LW|radzoRH$uZ=LYyp?D4DKdPv7Z1BwHxkQet^%qbH?3eP7dg{
zWTqj*YdY|kJn0=W19NMafcor5&ZFj}fBt~Mr%NDogj|$%Zc7xiT~r8}!+exLMxo=o
znSOa<?CIBEM!Nae1`NWGRHJD9*B!@0c>-__jUaZT$)rPTc<vVgu-ZC6YjZ6-k5X>n
zZXXMDM|*5kYq9UEi{$J^e6hCA=-3iOfqmv{%@=@@=d|yw_8EVgkvj=IMcYu$%l8^$
z{*?lDH<^nakl<`O?}lT=Ght}$gi#~ve5d-$*(e>z#W%7Y6|P1!AcHTA%Y1#tV-*q9
zCepv@yS9hnCC3lIsdAlPwYahs$?6{}r-f8b;i_o;>0Cyb`>Wfj6wDpmYMPbT;eq@~
z=D;&7L^fGim$|uDeixaM8IWNWMcEdVwg4P#Um${)L^p-=U|7;4fNS%Oz!HxZqics4
zUfiog_vlgxjcZ>`08;Rcakp7W5S2mddrhoD52SO`lan+>^L!&N-8ZN~@P4Jhdej&@
z0GEUBF918zpkjO+;-|mM-3MQsIKs)21q|4Htg#vw_^uWFAP{RiTZT%j62fn*QbRho
ztotRd+&{(M-;%&w5h`YOJQ|A!ui#~h{Hl7CQmjrS8Iy7f|4B$<Dq;e4LR?@wswn`Z
zymQ&T;jUdsC_hx*n=*e1fn>yK;N=PPbw_O9OudMlP9Qs?I1~o=^jX98)g{Q`JI(<H
zYH0#4{WOph>P8MA-eQIA)dR_evK>ISF(ICSMxRo2QN{xey>96OAk3QxuGEJWfq!#c
z{PJ$(hKk#kx@flsc}3yF-zT#QO8^4)BxC)q<rrEEY|(vViIf#lKh-+_`Ko{ah(tqo
z^8k@wJ83ZUhYLjUgyb8C`UDHp={OBAvT*8OfLCl&WssovR=>TXh}^IR1eDLELm@Gm
zy*u}N0((XEev&M$nirW1Zdj&7D_h43fCQ9@FKBHh_4e-wkS8MAK&?c3$Dxg#Uk>X-
z4moVoaeD+PT$y(KGK{GPgU9g6`J|=HeGdaU1uc|?7y)bj0tnZG0uOnB88H6x`Q7bH
zfk4RV3)uS4QQ9;iZH|Rs>jm5`LuZ#ijfVNBKDm!zHDh#nM5`bbG3*UJ!-Fdc<1aUx
z8vq;g#mSju_aRGLh^@xO9sSmE!@Z<~!_reZ^WdUPgTxkp3=z`9w~D74y+q++f*au@
zmTZGW(hmm+EolX#fypl#V%3cy)|J?zeZT(PcifM8mi6?6B%?<i)kcFYsW`9qtKB~y
z*kx3FW$?2`@ENe~`J5IRv(5nR_~q?#xnLGUROayOuD-up7z|4`oQE>1N=%$jKr;tA
z5aUEyUIxR)dLG!TyWslgz0o>*^NgRnilF=2!_!Z^ftdVUU{c>og5hkxHjZ~(<5GUW
z<cOcg-WlddyMm(vvNj?0!obCMbbCX6v}9sZWYHNHdt<nh3z@#2hB;niYG3M`)MDoT
zrvH|mpS=UO>T!bndi%L=UxA(wYG`k?DiWM{#1d1P$WH-xI{j1+l6rtJRu@da!U!gc
zcAEjc`1PXw%Q*w~6;3r|f*Q8~agi}1M`z$00*;;5DX`@pfd^0-D#6B3H`h?kJ#qwD
zol^K;!O^MOsi;T~t{uuD4Yo%aoKHHx>8;wonc55Bn7=_D_3Ba^<Vihr;c!JbYKS;1
z9<!N1hVCVwaTEiw?=GK9n_A8&f=SJ|7ReU~+z_rm{11eG0pj0K<!EP^gPPToSBJMx
z2uG^NeY*e`-ZGf)H&mF)?vIP_TFUhWd(7Pt@-zRZK?;%DzwfxrWPv9y@9r$iw(U-{
zFo#5P4WH&JcJUaCdRFovSH?N~_ir4^+$xy9@L6H^KE>4YBV7Wt#5hH3uzw?P33>sk
zLuNgz)I-o+Zc;d)Jm3;x`L2a|v>g=^!Prz3fJ=ffqNZ95a&>95dUyEvqE8=3VP7|p
z5qLX4?dHrU78Lv=-oaKed>b(Qelywa1HUbZN06g$#JBf5yMf;5;xXeWHs3z=`@>KS
z*)$W)7KUW4TRmc0BLNt%_Dve9UmNc!f}9@*#96`@Lg$;)1ak^~Y3biXlZjZwj0LqZ
za6Z!g+bsQCw3ews)+)#DLxpv`Nt9|2P$Ay+5>@9;4|zZ~x!V&w904_lYZ~Oi?vgE`
ztw*G;ttn3};!l3McB56wew_9ffYvSp`x&U&+zy6o3!NB1c&RnnuSYF}ji`<r^kfWd
zkR^f5&}|p^_m=o>C%AJBuDe&aQ|BpMU20@)`(T$`k>TRpU)BMWP*QdPtUnz598$q7
z0AYU}<x1kiwE6DM0qW`Q`$r6Qb*JD)aT+3kcn(>+_vKdY^JS8rrx(UfqqJD1Ip+aS
z>~Rzvr`-;shL*n#j!${gsXe&C+@$EWl~qW8eLSOS)Ry%n1hU07(RFuk5<leW{HQ_e
zK;HZ7GRd`+P367@##OpqLvf2g8v%I9Hp5%olMvde8Lwni3CyD+Gk&vBf65y&)W0zb
zc+P&nY?!+(irHU@K$gERZmy;e_ix<WG05ne!r9CHNX71Hg1W#xF9Fy3laL7qLZid&
zz@itnN-=^S8O9cbZQU8Yq!$IF2}*9Z8{x*<4rWaA`;*v?gcG2Ze5m;VXSleDeW*0Y
zVW}7HtgI|&J>GPt3MDV`Wn27lEz6&gM^D~{HkAo+%IKcI4cwXBJ|#D<iLoT0B-QOW
zRi|b(x|fKb4w514fVzDA*nocO=|fF6kg(>9_2?gmcL%bD!B?;30+m#3B$=}yxh7F9
z)qP7R)2fxPI~?HPQDcwhXMxB_+n(yMw%7si{alDnTx;c%>`2cZ;3D0C7~!HjkyG}8
z3Qbx-eIFb%>WQ+?jtyE=+b@X$Yyy$t81r&bb&>Si9V+1*l<I{Eoy0Pk09<f01X`Qe
z3>;24arO4fPUT2J9nl!@trIWl$f}&+s8-TczaJ7Znxh&|Z2$<^5BB!2>sO({#10c{
zVH$T5*N&=uW{ukwSDH?mIrYi)mwb;M6bdDls;~$PXTQCK%Kn*P;p8qtmit9p$7H6&
z@ein)RUB1v7MwB8t6D=kJ#RA6#+@G_4LiG>fplmpkSI=>wfb(yl6>K%2hNWvQLg5{
z6>ZO=CG^bKM75LjTh9iPnJd~Mj7(F7E1<N0ps4o^HIcC{Z((1v@C!S9AvO>Q&dGHZ
zTJD)Cq{17DyVr)Vn@?mE{XNB{8d3yA%^QICP4`GITm`#tUpmrgf#R@1C|Gbt--lcS
z;P0=D2XJjax$vqfAp0F|*s0n16zHH&gQ+_?l#1%pk9SKkoP{QV5nu@4i}-jNH=%-w
zNyMl|J2kCwQgBP}W-O@`blKACfYLRvEA#95&0nxS3;}C@+|ME0OuQnx&OGG%U~76e
zT&~xW1-d1m&Tv@i0OiV`1NAWSEUO+jVVd<v%!#aQ*%mdX5fo1~vNlSD664N5u#+_M
zjbAI_I$*?0GitGBjbE7obClI)d`|$kmTS89n#?{Ybl(S$`=rz!h|erX!l#}_t4I8>
z??C9HQB{6}o+(BUwU4}BoxZ4CrK%!^w>JCSyJCTs;DY2NHT>oPX#mO(iM@jx`~vw?
z6vMMX4cJ~OM4T5Y=380b)=op=rq$!XR!XkP2VG00T+c?*_N$RBrN#hc=jJ%qTw?}g
zS0pw8X~2)d5>!cEH8rs!avW4MzJ2LdEc=Jg@1CcB_pAw#;Fkm{cZpn7Gllm`_LW7I
zSRivtJyOYBtF-wgve04E7kl?~-q;|9Pq6z2)vSqZU~buS5kiu-GEmmFD2q0t&zlm$
zcZT&f<Qg`hq_<yLA6z+PL72yKlC=)~+co`nWJHp~lxT{=sKTSqn(OVMnB@zhjUa!_
z?cu<LMpb->jjf0n-3r80A1vc&p?vk|OuE@p$Aoh|*q3`K+`6iMV6`W*Eqjzm1lruI
zV(O$(lvUbEKzB%6a6WjN5=aijn}i`Ext^K`F8G)Z3%{@R5p&Ea4&Sp$<-tox=_Wq5
z|KY+Rl6DH5<8_b*!iVF=kNfZO?$tdb_wC*4Zm6iAIo6AVOtu?v6#Btsa<}Yf!s-{0
zJnA}Y<EnS8tpA`Vb`GR_EGt@TaV9JorLP+`UvliW)>k5mZr`C4>`%v0uPvCR@mDuc
z%-=Mv3_8Sj&K5;cQTMHNE7g<Yb5@u&H98Rm=Cwzp2osp=;i2j}Efsh%6U{R!__6Bp
z?e46rtE)M|dE67bZv~KL7G8(jW2$jQZ2t$8A%NSI5A@o^KiYyfY<7TPrwn|Pmg^U4
zyG&U(Z!IzWzQS4PI8k#0!*&a<Zq6K{P=m^bREA8)(=U~Vb9cP>y!9CLty7*Yiwr+3
z2ioiaC<ECD!~rhBGJjO=A9^nyjOBemCW@KiHANW-WZl)KQG!a($WR5A3I}G?;Jp{@
z9?w+ngm~jro?hz*1~aXu=8yA_#ulK>&WO-D!0n8IR)DN7NO#*7HV0yYA<#E^obn#-
z%6m!?X|gfo4RwdU6oR66A=2ZrZr~sAMi<ZgkQx-)Nqu>Hc@L*ON~C~uyFDwU*|itQ
zwq-VTLSCf{cmoF;r5&K*6$>7sKI2y**uUhQw2LkrQgR7P4ozdHAXQS@&u0p)4}eOa
z^c5~ddx)55=vVZ;w#kJDS!*fC)NEmS6LU?~e4oMXl6Oiaf&J#aWXf<I+>CM=%;M(6
zneJV;U%Ot1favJ0p;U8Hd5hOZ#27Ys*B|Nj(MCx)lrs<j0-XpG&=Y-NFB{f<w%gI#
z(sH2DO|2JQXrOaSUNNFc+<CZtunext`(!~~ocBteef>lV@akRMS1kvd!wuQ~+*SX2
zr(dbHco3FBFls&}`3W@!YTGJK2{u{6y=E(&N)22>v*B*jeSNF%b;Lfxh`0Cv##*2-
zb`7Od@Ec@vdz@_&Z()UKW#Quf0)c{c>mowN7NF`r4fTx?=rnp%HW%siF{%H<!$aPu
z5mB(?^#ntg?ydP7RNLX)QgwilBwZyoMAqG<>;SKh3y}0oTDXP5hp0l4#zF9ZviAS=
zc4z(~IM{T7UdzyldLJP2`b%54X9q)<<1H>Z+5SW|{D@GL<31>D?Q-~7D-b|zdZ_vD
z4(L&+n-FW<Gx#t$YmO2sOT5{f^TH8<^>JVeY=H>S7!n`J<sn?aJpZNqh-{tt;DxcC
z5}*)z6F-&@bd$S4(T<n3J2o5af}r@QQ4O<@;FIw@R48bISo&nx0VtBvZ-eAVGtDBr
z=n{e(<9yhVQ_4rYylmyoV(t9+$DVjyZ!H`+v5IMSYGL3WR{5IPI>!<3y!nerRr4wx
z0F$r;#GO?~IaQ#A<~;DE8y8<$fy;Qg`M^~TjnBX`=7ac8!>Vned{_po1s(BYPVQ;S
z%jH0+QePe3SaOqv|1<;@x4@h^-nxJ)#*mO|jJN*??L-7<NbQsPeb_^Z5d2jL9alsL
zauo2g&dC?G0*7l1Qcmrcd^ex>i;Z}BpMu+jB~^f5&|Ky$gP~PmI}cKj#)N+`1O*6`
zD!nI*CAvhNI&XW<4uve&<i2f2y<>N(ML-{p8dY{tn>1ufQIA#^V)TiYjph6Jea7Q^
z^82v>@eQaDo{!DHBKCc{xv&)I&6#;=<?!U-1k5P(dU2q*d3dTELoHwb))WTtE#ynW
z`Aiv1gZSb*`@ymqY^3}%7%aUarkGWCcL^Y?2<SfHL0aLPe*C_qVD+9)Px)%LbU~k{
z59oSi{e}Ab9B^;1vgkz%c>!#^9QO<_UeMZ{Zn+0q>$)JH*!N`utZT4ljT^*oGLCPM
zfrC9TdI~M73Ddb@{!3tTCg$F`9!O-Zg#gnDXu8&+#7fDsjaE#MORXx1PQknQvNR;r
zSk@*i<{hVnRq2hZBjn^5%`&sH%nZFGq5p9`#p#v$adF8LXLs)|{tiYUcP&*VBVmXy
z$T|{+L^WBV)n-qZeZ-7@8E&=AN0LDK7|_<3Z7v-Tl=uHp!Uq!S5nz@og+XC9-jBh2
zsreAI;5t2^$e9Xs)1__DEt0_326a)kJ%cF+P>{83C3{1699Toc7dLi>x5OGUSo&_-
z=Mrd)3Mtt@h6EvQlFs%sxR0THo{(g+3A`B$VY>|n+@s@fNrPgd_J;J`sz@a_^~Nuy
z!T1QO3cn+dKMmt!jP56TF@&H?FLeFljjG1=^MPv=Z^IEE*V@wjq;V0GZtTYvN+PWW
zJoXXplP`x8k4^0lvJ*Dhx<S|SI|#{4Z||A;Fq)JKUv9K4Obo&rtUxt(TWIgnwyHLq
zdEMLvJ(7L4-<X%ozSt?dCiafmgUE9|pp;!T9&`4S6Hs2|Mb`5?#2L*}C#N6Bc?;$8
zKr?W@^$cVy3U7kVE@&&ex^g2c3iUYLK0h0QdeNS_xv4_b6V?SfUtOS9YYunBo6Ob<
zHrbC=5MI`qy#$vPW>I0sYV?5ou8MCZ;$$6xN)o>25z1d?+V*|5x@X|@GR_=u2`wc%
zCag++t13UtHvzz|R+%R0=cK6zl1==F<xu%98XKjGf27aZXb^o4@0cG(feMO2H{9tC
zx%8cow??d$@d3D4s+*Hp84+j28fP7KGc>jfKYj80>{J<VbZA{~>|b26dr^m)fQ~eD
zL`wMH?KmY3Ju9cbj(%{LHI(@bNz=+=CAdZVY*$qQ0F3I#{&<%pL@#gr^3HbL+r6_-
zqf&ZM`)O?tL{=J2Rtbvjiy2tYS^H7>M+-olNsq;prTwmwg>l8I8zBo52g~57El;ge
zA}k>c)A6mThQJ*-dbiCeXi76SZdYfifO8$g(Wi%=g(h(CN4_$AkYK1e80Utwm;p^-
zMNPKk`@54H4rujFp>m(@k5;-B4aQRG1FIa_n)I{J89}9mALmu2ffMtpxweXv9hi32
zS?ieLT?Q8QE)zoB0nh~&-1(Jp-nGwLah^h`J%3g9IqHce(jrbEq(zFG1iiR^BrIWc
zp&M>v&Q@@F!O@Qyd~(sA3@qLgZ~5V`OHtVOP!a4xkvM9{*r!#YUyorEKFNU!MUYF+
z)n0|NYtT8oVLR6&=zROSro4NjF>eB~cnsRr?DoQh1kP01sOp=3y4E5Jt!J1C%;ic`
z`OF2$`Z=O7RJ|ui4h&bq$Ah`cZNGgPd7uU&w;>~=dT+;NExlqqWm51xjNyr?<e3Z7
z+U@X<!yONkkq8phYZ|Ih)2vtxX#(65yRH{Ea4Z=Gna~d^jHvIXrav>kP-=Yb1SOy!
z$z8a*_@amb8L5HPCWj)#9z=H+wMglJ&x7V1j~hQ?^0a}ZJbZ5l{O%7Ai+C9mdUr!V
z_{7#)dYfA-ESqX3&P4rLt7tH<)|7_Id0b?zhK$y*JQ13rR9GvNrnrM<WDm|@Ng9O1
z*~=3(7-y;Wc^_&9+4dglh0CCJyB1xZfAC*jMdb+APZw%j)B1k|;;lWCs3&p~;v3Y^
zCgVdazK3$lsPmiC@V-sK1uLM1x?TJLUd6h#r?!oNy5PTmDU;ix`4=a26WOe8j#xqn
zWf1S$Xj~j3ogXZ?h#qa#UQDcf&wLb@cNL}ET6z6>18}|f!!P&k?%H=ox<yiv5_T**
z3ggY5Z^MF?5MHl4y1!O~D4IWln$lmyoOpB^?hbMJH$v7xq}9az)+hD)aB+x=+^hq0
z0jm8cydH(TpfRLSZmyJU;hwpG^70)YQNqu-+h@0yS4-z&x=;zSD=3*AXkubNH~RkN
z33}62oA&Ail4W`K#HeA0_s0h$*iypfy(nC^)lQ@Uhn~@)vALC)JHeZf<Iq=k9@@my
zKJh+=h})(V(v<9ea&zY&r{FDkNjX3xNN*`Q*tv<3ifizjka%1L%aiVL(Kl%&%@nDz
zR5qAyKG;;{!Z@;2D?J8Sz=_S4LDVpXhUs&uPR&Q8ZbU@liTXFxb;cmUbOR++8Lgby
zn%aS1)!17wv%CO0CBnj0qEPXUDp9}s3wD_9il}{I$;yl(1-if38D5>HY{S(xF%6c{
z`{BYd^g$I7L`ECI*y95W%8V~J!t==QZ0$<vsT3~c@Y_3j^zo<IG<<VP4=|Ro^jQLj
zSt@wtt10+T`J9VLE|*{ayKN*%e?v)@ic0uiX-Wn3#z=Qr8D#?Lf=;f)dwr4`&E?Q^
z9EBVLCNctDhPH*alGp-FDeiwMKSI5nhv6cGsd9$rTk4DfRA6PCC94MupQY1E%P5Nw
zFlaYm3gfV8l}x*<I(6*wcL%p^A>N9@;+-Fm(R>8t!I6_xiQAOCodEl2VeZpIHG(|%
zu#qSCz-Wf$wObS`#`Mt(47G5I%PR>w$$LTu?2w4jnA}Gv0hi3G<BbwfJA1xf#^KB$
z6h%@Yabp@N!Dv(kg(x}6j`PNZs*}M3lwrT$ER+da>DA=n_Fp~7T+UpP5XmWi4^U26
zM0h5?EkLUFA3OEz65Z|LcfwB~d6%YSD3va7YZ*1`Hhvs(w$3Nrhu&o5{s>u7W3t8b
z5LDK<#kohaZb}2Eu9KcT>bn4k^XtoohBhVS0wru#AbP3xz=3MMOc<V&(xU^X%kOD%
zbY5P$(J*<=8(l`~ln{{X+Mjaz*ZFBTDQ&J=v-PkE>=x`AFn$ZBC2N@fjc@tug)pr@
zPv}zZfr+a}QvO8zZg4wH6&zpOMK6z{u(-3~`n<AWFQSZFUX~UGHboo(6%1LqFjxse
ziZ9%yKNkAgEfAq?yhd|7aCmQVNA1;&mQkKj{UI6Yet4<~{CX|oL7u93<Dsm^BmfWT
zi=+Nx02;T>4GgEMe+U{!cq7=aYcK{aVK>mVBQT|hY8y2S?4hXJ>TFc?`i-{OuaDxJ
z$K)_=d)&zP@84%a)gH=+1l(b|edo@XZOWooj&2qY_Sz;|BfsH5&jY2+2Y5yA-t<4p
zXG+hqvg<(PYOm_=E^oefzV6Iu4zFpQ3Ej8%(|`=yWKMJb@QiJ;d#LVAMh88&=MoJ3
zfxSrog3&Zi0S^`XL<k?6;xzgBg@iI6K79C1M=Bo6&5f11tB9eYWx_6jKaQS+Z5`Db
zKZw3S-$_H?XtFtR=F+p2o;b~TeaEUC``*{NjssQ`{f(KBZ48!6z$KsDr)`kF|MIe?
z6r%%EkqY<4DbM@y(BJ$)s9UjZUBzHsq&K4}pZ_tQbcbq=z&#i!kC-I~^P(4kx6pWs
zZMr5lOS9Bg5G-w1V=xWn2i*RV@T=(##&<%4F!v$J<isM8pAv<+-_Z=VN|~k#3Sc?O
z@Yg)}W{5_!(psW5bz^?)&aeJZ{fv?O_W5$(fd)t$JFl+mcw&AxFd*QHz6P&7&;u9|
zl;nwY9<9uOEqO=2)M~+clky;QCP;`ZJ9u^BjnfXn_GJzpbm@7J(o+|ycoycMh9l-k
zQFCt?EvMrxGtay#wrGgiuOqfkuZU++Yx6&XiMtak(gS@3Z{%3YZ?RMe2nj_g;5QBJ
zQ#|(b@zI;vt)xi863m5dZ@+t|j@8I@UR}i*awOiE_f>HSwC1P4G({`S=CDa5#46m6
zOKK(UUuxNs@?b_SQkk8))$`)?%MIhfToGk7jmDYD(2BB%94%{KzmzId<&p%Y*<lTh
zE{|JE8?=U!=N=ouER5RKS5nLizhXlJQw;fq&l-6XV$Y$X=pckkwt;Y(Jrq%UP=p6W
zRwYB9jk}$Ul<CCbo@(6~ubn01*w54=kf3<2am(+Q==m)?=`pnz0KJDQ6NbU`c!>DR
zaYA1pzqT50I=55Up&(6eb(+g*)!yA}D5prUVlHp^bQ}cDHjB89vLEmB;pm@sc4ae;
zUz2D~GOz>;36WX#K#9vnRiGxXq4sAkVbPGnDyW<7v9?KIaNt_w);}x|Ey`aQ7S#a>
zF-hlP{WcIgM$>7%=;L8lAa?)IT{oP}0G33?Jo9`84QYw)Gn1y9?$ONaFc#8aED&FF
z$}1{r8!5oXx@4pXQ53S=0(Kggzwd)=PTf_BfyVgWI7`VhwMFcbRv!yA%<o?P)d~N5
z?I!6<9+0g%ID3Nlk+Pab2k)e8jEOgFj8*H39s>1A0VhBQHqeZH`+Q2rzA;X768b7~
zq7P2<Ti)FNw~DT7B9B>K{;>JqpR*vl|5OeCO3a8n5&A*XOce*(bHoBg?JwLVy5_8)
zeNOC)o71pne0z}k`&em4$iJGMJARG291{gtPL#=*vp$`qSxxv^%jTpEjpre8QLRre
z*tbE$No)eK@E$$?0jde4?kZJS7nGX`%WX+_XN9R#UtNipsQ1mA?QAP)XuIG8-!tr|
z{%f^$U=l*u@)x8jfd#&ip?6nooi}TfhNJQ)ODN}B3&thjGAuOPAg^;4?nF*V^zmR}
z6X8}xD`}5!Ch|}=_&>LVx@$Sx{dodf)6G;YI}7p~lMN$O@z!Sr)2lG()KgX{(NJE(
z4sF8mvut+{QP+7IExZ3{mS=GY<S;TIgPG$oeK}-$>WonpyM%>~H>;r1cMVhJ;*h=$
zmeR#+4oQS=t(PctS9C$kF&mru_H+^9HCkcIU@7KU6MBk3^6<ddbQy01SSd>z#lg~K
zKUq5^Bt9`x)_e_H^k&KC1R|&FOM%}U1@%3c%2{aSiI6iPi*eDy<>9$d+A``#slZ2l
zh^@+@K8ElY15{GEg$^8HIVzbDdzq!ysx31yKBmu0Vx#z(Q!6)0Iv8rkY3$$dA4k9N
zd4G!o{R*av_ouO>)3l;%L}G#i&uLM;Aomyss>GpvG;9{oWpu1^g|`CySGVhqhh1Oj
zDVd(q^$YTvxdN7y$;tcl>tpsNtA?1{eeuvCoRqf1sH!**ud{10Qm`L(Kz|**Mgpkf
z&57PY%ESHjkgi%51`ARj!ldqbZU@^D_{=8wOe0z9DyX{hU$SPB45~l)W+Prp2Oh_0
zS%{-PE<l+({yA~ZlMqBqstY&W+I?o>{rAw(o8fy4MB=}%<4$<lNEO%Le;(yEOzy#J
z48C5Czf4(Ht03eZ@}{n}E*OhrAiPQ;H+^wim;@7~!E)+lS%)Q_%zrIu-M&7=Jl|y^
z0dTX1(N1PUbyp8c0|`dYuMWp61oGk1_@WkU)qlP4!uMX%LzBtj8?y8Pg|MR0-MzP{
z8=HqV*7;Mg^uosOfUt^jOEVpF6F^C4CK}{5X(j5K%FT}7UDHIKFfg6_{j1Oa^a>*g
z)J-gR9@@RBIgve-{VW#(L2k|9A}^x~CQk;eNUh%XR1gCkWu1?a?qZ%FAP)gAZ><z9
zfdK*+9L>kjwN(3{RrGzs+;+vF$EKWzw!?pY>tD)A``k-f5oK(BYhk-g?!(7gwXNy7
zYfa;!V-L5Nq~abZSy{cwb<A{`uxQJ+HU1a?W-Of=iM2tGj7_3$Mp}Pkyk3}$V*;E&
zU-+i(g`@o4y0OeiuvzKf2YIqpTY-i1fkIW*jvA{4<7&qW?@|3WbQN`D$^&49N-ssN
zB^h{Pa*UoYgSa7_(Hur1YQ4l^y30}zW}b9Z)yK4T($BVKYNg|q<MpzVB)}!YMBHk&
zrUcD+R--Dbc9Whfztf6&A@Q%rq{<VOL&Q^IxTo0{(h*an4_#fS`T6)N`Z7c>(2gEM
z#%*YaCB;7wlt6OHPei&GVuKIc;F=dol2+DYfXu$IP(rMK574r6t*QR&c&^jX>r9w8
zK5<Np-}&yb&8q7$&#$e{f+2F;_qo|O$oo)D+kgFy;I`&EOT}PA?A;8j);byI;lbfn
zeh9k744uLp-`_0)-)F|<K7RXzv{-~wU<O6*v5-_V!z%>Y{$i5}Y77ZFsl{(zjJ}3e
z#e@UbRz-67JpbJ~U~T2A2nQdK;p&#HK)fQFZd@2lhe?Icu{-;>wjrJFxEW3r2&@*`
zs{SD(JBo79UV2A{j)p3LguKi|RlHwV7HM8AkJ!#EpJQ8@)QcF+5U`1)!$;M}e=oC(
zKBg=CqKBFu%o^w>+@#oNxl{htzYzI(YlL+mXvS;d@|=d`JD&on`Pm{*nsa{;W`A`E
zmhCO_f(0;C!$o~b&o$NWw=8&+(St?by*X6`EAJ|sZh&9Gu3~@=f-*>sTI*$>d!U(o
z@(r{mYP0PfzqZEy9L_v!6tpT4#Q4E3Ao9W^Uibm&^?&`BEd2dFf)cnba)3bh7Jp7K
zW9i0Ra2E6Hd4Cm@r@dt-{svX_w=qNT;(vYBkDqT~MGZX(&YwC?)Yw5uw9WLM0g72F
zKMT~!eFHO~-|_^aE6}Mb(TGz}9BnFapQ)7s<C_M(sZYq=qSVJO96EI$C_f-Fa|aNQ
z8I&I8cBOrKt_MQh=fh{sYW^awpq{t?KD1^t;oybusO|vcXxi0%3h4qtl)<V!`xT6m
zoPr6IPp5sK0IA|@Xoxb0GSHC?HCh+14J=FN^N7o^XsigoIBl-I=83>rsBJW*8kf~F
z!TfTZ0Ss`PZn$Gi75~3??q7c^4+gh*>y@Yo2FDBTi9gHh7)1=Qtc-)uylm|>ZFNdU
z_rx*yPi9#zWW>(`x6p$JbrR1U$UeKMl1Q*Z0pr;{#cpW%#cONVi9w4~*JIX1&nUUj
z;D-Gy4Y4+z1(Gm<SKA8n7^k3@fw$g@RrsWpL9W9JA6wuZYukQLUoC2v^!k6Ta6zmV
zKFR_7i&7R(_h$c%m=3ca!$TV((`Bs`f?K#uv261f3lwY1vay*a?fl!oaOW<0r<C*;
zX!33X<mcO<!L}<10#3Pj@N)%%yONvip)A)1{puT2qoA3pt|{4&Yh)S<Y}R1)D_kxg
zSS9@ewXKFkH)TW3HPF0+U8UOv_0~y3yO^lY%V$5y!p~nmR^-;=QSTnu6oJu04&~v)
zEmMaMEFpYb3;Sm{^U{Lyn%wCa9B1{o3h<`lg=r5TnGf6u?QHOCGp^+f5XI}ig_-@7
zNX2`(Y$|((#Pgtoo4evP!TL>ZE9A4*g&6s5+BXP}D+|&cWabx0&$r^`tlOmqAnU`L
zT%qK_m3q45W-W)@%%B*my;h3%O569eplKBL?*91XOlUaHP%^d?p^EJ<%#<n1QRWH`
zQIqS8rVuf&s}SIqEZgc|f<*kheK7SdZW0D+nb5X&$AU)+I1X;5uU(1(5;oeWpi5?T
ze0KKvk<;<|Id+rBrM!r<aO<ChB6<tlO|760YB$|R%f`6CV*1u*iEKlzi(ejq$Kw`%
zg-ge`77><ijXQ&P#o9v=l>YhgGRKeKJu;U8zRKf?p|;&Kl7Sn3Z{V1(fGS*S!L#1L
z)?rRc-R)91cK6j9iYzkdz*1>!WEH6g@on8_%r+RuC|JoUBmSMW{3a8YM54W9R0uO`
zMVXx!XBc+t6kg0nGc=hXC^(p3R}WV?cI?K=^&&-4Fn1=C3Hggj@RfNx$#^|<XPyNh
zjU)^{A=CPeOg;P4rhHdtSEyNT&5cj%K~4_&{g$axUrtL<8QbLT_64J&YS*=91~ZVP
z7J%OsjX1eG%W>uTAut-5;rm>JF6b}&AN~2ac5$P7N9>tbY=q)9pE1iIG&ZZjQBzm}
zC^6GFBt?y{n960qO5w7$E78-?R&X;V=)@@8g&qg{4TlA09)NDAA^<Q=4-M5%kV#nK
z#c-Ds-rq0_hRehr=3yeh=O{Y`+x10zet^nNy9>(>RK-k$U}{b89IQD3Qhg7a8>gUq
zz)$7~o!HFOCmR?~UOh7hHuNks<{k@6)@QZB!_-n9m_9xS89LQyC8AnSeIZO@I{}h|
zSLy9^OyZyNcohdAg1o?EzlzpQn|mG2<@Ux?Jyb=-x)GGVLEh(~D7X2UxtAmFeZ)OQ
zX{oMdK7VqW^*VMxy0-(M*eb>fP1?htYQ^$i3}*m6s6G?wPLHGQ%Qs(ZDfVJ~KFyzS
z;p>NcJNF&F;Gmy!iU6o1Mn=)ls&jV`0S`&dMn_z<fLNa)U-taxQwVc{Y|ck&&2zR<
zkEyrRJDU-hh)drQI~G_r?dS^^TpUz;<)ghd*N8WMeF|NoXsFd|)kbL7Xt|)q>G!7)
zecM)&Y7Zbnob7Ljodgt=``^0@z_z79w@|igT1iQXmWD<E*?)Zh62e~Q@`FX(tBE>m
zsRrOJEeuK=*A9?J&c^)2=1?N*;bng(4Ulol-Eah4{v-qJ4sw}WeWi*oej7Og0c&ic
zeoo!RxvyrR-)W68C!TAjp^K~I&}#`}Z-(k)JJlwXs`!bMLs^}N$;ogRnyfvr8W*V$
zcxS`I_GzUE**DV@18lYhFy8!9bM?gTH!n0Zl#&ggvEK>xEQJj~)$e^fbHlCXhhfQ2
znZW&cr{w!+uMrQFM(rj}!#TZIR}n>wE@hb4?+D!d(fjv)9IU{cYE&_i!PMm$Bu<Zs
z)vY01TKid+3uea8tKZ&EwQKOU4xknKDAf7!MC>MX8Gck{!b{Jb?Rm)+)Y>DK87hvB
zmLS5hzRC`@AnVox&B?0=kj%DfY8wQ8RGo6)$9c?yY3emtVl%*lxEgC=l9>U?!ZyP4
zP3u!nR*9V-`v84+s~N3)Ii%~RCx`BzJLbY}Qxm@Lz^r7OmDmh?&{p60nEU&l)%KOJ
z8Csz}f?~(*{h#X;g>#};xeDHGwtATJ+5Pw7_BR%YUJ6|+E11fkpj!x|m@HNLQIgE9
z^;pxwO)7Z9J0+o|;7%n7$aBD$(^)9*c*m1sD(;}}Np^ZAr?W8K`!vI{S*UfGcfu8l
zpGumWXA{8`pe~~;-3VDH6B>7}B@RJfzJz8qxoHx5)`)!C{ZWa9bo@szLX3ub*1d9h
zuDp)dPQFt4I>qR+gk_UJ!zXB*v2EV}aBMq=lrpD-Af!G7#9u?P9S^|%ykj2$O5+K*
z5ION`7-LBQ)UJP~8~<$w7ZM|%X&q{mxz<Lh?PvzA4>;^u^C0lBk1@q9lbGOA%i5Kc
zj;Cy5xgO1&nt)AKkk@8^F$~NgK7oG1JYhP)-Dh9FztnAz=ad1~{%Rs>>dinX7J`;-
zc9nt#8DwZ?Y5}K}n4K*p*u88ysG`RpO!;I%FX~ly%U2H%K}eF3-RlO(PD6m3KtFLC
z^@5%a<kPGu*RPlU2=nDbFw33-y@@#$K@2>T1I@w?H^CKpd9hww&1F41Go@m|&>wy7
zVF;fB_>|Xc!-QiA^|gH<PAO3Kx^mbBVx2_j7&F}@y?!*%5NuGzUZJJGifSq14b}t3
zVL!+da}D*>)Vfq5lWhVm=ezc~X-%m^HnB(^w(>N?XK8VvRa8OamL`O*FpGPLAmZ-o
zvE(m=au^oXMo~@SZs%xB{*qCvR)%Np(AqEQKJB1a;Fc2~rTyseO3PXjVMYymQ^CG9
zwU2=h70ZNlP)lt|Xn>q&lxHUd2>ShW9MECklzCRK4I1XG;Ky07Gc519BxtPuOG~|B
z1khGept0x$hr;fCdCs4#q28w)Qv=P`i4c{>h8Hx<YA2sO3!~4D&yHyFX*O1Xsex0}
zTP^i=NxW``MQo`yT?6XWaY%?$hPuC0Y$}9?pE`OOvih%{lgxmQ=4YE=sI@i##`xYR
z<)mev`iK$>TCk~Ut13sRw&A}`4xIp0@;!G)L~iw`p^?27M5A$)QpzGcW&V88#)6VG
z5VREF8`+euUiyw%pq93getp22yU!^RK8c(5i(=}fmYz#Gk1r9SF)%Y9VbV3{!7%at
zVs+FWR3|iTUkcqHctiJzKoG797*^D?Y=R^u;8`SXIsLHz+OY_p$~{St_kkuIW0*os
zfeGOb2polbQ$R=a7_Ku6lvu*3!F^?-Xvrq`@mJXdrSI!e2Lq2=G&Wp5F!o7DzH6I#
zbQm5WqP#Ve^rZt2)W6o=ZzTP-4O$J%!P&Wx$6(rSk5dJ2^p%2Sg@_2az^FC1K~KV4
z%%%Q9hd#A7s9}e_xi~Y_I~fPz?26_o7>^D9)+JGOZ1o|TukY{P9c^@TSlK64b!=up
z0$0ARxeX?{%ot2ul;1U-qHC#37(sC_gz<YEV)&|}?34%09%G(?w{~K&n79c2!l|yE
zX!T9d{dY^#Pq4~GdLb$Gp8*rMJzRdp%qq+2nbWX4<d=C3zI;vDcy13m(Gk~m@5tZs
zPwH%-m`alzFqHzG+)?)eiXd9CjLVIFdm?QJrl9SfWp#CR1z&?s(Q<2mH*y78HJ)q*
z7?eR6)=1@aZr|0a9v#^U&dh}26E9CLBnu*$C6yg9;Nl%D1H3SIQeOksg)xjy-DY87
z@pAk+QpWXW0E+ZV6AhCPI$e{Gh}(7nN-4xR>t%Xy$F~9yFTd<%&}f;I(tnFrh1+L2
z2lO^Wt){*9dPq8-MX5y`Uu^%KlZrhw2N?*^2$V0hWMlF^m|u3P-M_qKP}HVlFWcVZ
zndrJnw|t#u6sO23&%VPpPonrjojWd=<!FgF?j1j=n`uQvKHkCSEVRC(Dr<H!WYB)N
zaMN?MzS2GG?*n<z$6z?>TFqfW%RC5Q&O+V!0V=KC8TX&YJy3Od%9k<f0Yd=>=YoD;
z*71*kGa0it#Iaynw~$=tpwMPlf9ylJQzkj$!h#k1upMr(d$QHHkLA>w^d6KF!|_fp
zTm;M^@kYd}UX5p>@$%K!F4E`(bM3hzI-nd|R!w~OvVCaFf)A0heK-VrcOy6I!;Htb
zk!y|vO;xA|irogf%usgVajEu%ycaEOwM7Tl=hK`qg#rjfOMjxoB&66GyyE|3?5zW$
zTDSjUK~NkFR8mO`7zB|PDY21~nW0lD2|+rfOGU&0rArxLNa;>NX^?Id=~Ngx-nBh)
z?)Sd8e*bxn3OIW|>sjkl%Ox?HK;$H&zd$`^`>-|6CwW2@Dq9~A{+jWh;S2aiDu26*
zGuecvr$zGx$P=~krpQ!Cph(lnFhMqO&yz;>v`|x*fY7!Q{|hen{G5G#`&l0AvPW1-
zch>_}k?BO7s@8la{fVF(YIaiGDVvk`gc%CW3~JCvUilxJV%=dwkNAE0E6%|a>Ma|$
zaW{yrN(RcfNbG6>0CcrH+)1vewJE$}u}KjjUlh(r{@gY~A9sWH^r&G%j3IQ1ufs6K
z@~9YRJ#C*%m>RRZ??btc{vE4w@YBBi#sh^pNaiI{^}O%5?b0^8<^G><TvmIs?>>Bx
zV)6jSnUCP(;`)B2xFAc~5NPQh*5RELIZ>~DJsCn{e@~qs?hJ!oiqFMWhda1=`<$rc
zw}xxdk6CuV?3b5t<_=cynH3y34?EQiSJMDf;&DhaaUf{ZrB2-k!fF<zuy!=RifOs8
zy)(W7hW>0yr?+?n=f-YXgYGE<2F-Jf(j8}zG_(v?1g6~H+F%!3hRZn@QR%c>K-AO4
zWF{V+(th~BX=q9197y@YMQsU`?MZTfTGT~eoKbr*O%0;-e$629F#6T$n_;A(+C?B{
zl6HH-y*O;ZD23z29cmkbMo?lJGNL|xfsW;(&&85X==+NR?7!c{`pP<cFU<nRl2=uH
z`8j{nlM|}gU{&&S$=IZO&;}h&o|<IYfyN*MI`{4&w;gl9F!-3panVcL(U=o5K0<&Q
z&s7GZ`lm#fRdSx&m8y<ALN6h=D2tz5F9G#*3fyZ4inu<dpn|rSp@tNpBap!grj42<
z*RFT{G$I`;TkFK*FJ_16w)(>md+dE7vu<6{bIS2wRredUIiF)gG5!08yW38EM@?wI
zV(w3N&X0E6E|}DNZ{kFeMptJBQ#_@?ls|I7gRYme2mt;~d;7&7TF>J#?U!{+{6b0H
zg-O}Ku|<5Q(4S6%!wfoYpOT%m3@10iOBUizgapsm+t0jFl2e9lUPmP8kBVXF+bA2w
z7s~evK>`>>7`)mAF>laxQ#Bn3ibME5VF7o40A*UW3F;}KH?lI=pYDPXj-&lz1)eIb
zQbqLL_T%?5uTb`ma%|!_j-@<c^m_mjU-i}?5FAipj&iO5P`(h6j};{+eUED>2F*0m
zL-9DQfWSQrEwsLS%@sONg1-OYmh-|H#LUG6(A|OY2pK=9u3gkTcd|>dHL@x?xT771
z<lSzmvLT=__YC#6q=WO2Vu+&Nh%vXi8xg~y)b#@WdaBnAdNsNGLhK2<T7ZsITjpT9
znLCiLjfuz3nr8$sUGBtj5QkoN5O)B)DO~Y)lM_uJWI>&uwsjNiK-3b*mRn+>LWdfT
z+xAdW?+7>(X^4+oYp}suxIVe~2Xcj-;FUhMlCicpe)CY@Inj56^C;>1^PQKd?<t3<
z%Q=f0)CGl9p%a||t}9y6$(R(kha8H05EHE#sBpFoEiGa;<o-L$`o)}toZogx^P4Pe
zyRMM+!BZHFEpPKVlV#${HyGVEmS?rja{Qm!D&M`VH(w$vH0^C}U1%89w+0(?%8}hk
zi;cpeZ1`t(rgZo0rp9~HcSydWDz9wE9spp>RW9-?hhMVBb9yHcJWzq0DII{QsOZUG
z$<!@cpGux>$0!_fb{wq>&V`r_-;!lyN{Ug<UIt}-4-6$Nf-@n;M%4XEF_>7n9Dsh?
z5yx9b6_z0zBtuVqt)^cFcI`XNXpDHLyC0!mp;HLqHrsgKek2O!Q50x78*nVdu&7Le
zWmGS`{*weoSGeqtTDLhZmB1+Q2`2D2mUFc>Et^OhqoRt>H5%H+w|1@9>3R^OMA(ai
zFvC(JXxK!KuI=sFGW7i$&Pu6h)f<%NuoSn=2aD*|TJlkT%r-4o^qe07%;1O9!@2WM
z#7~<;()z^%I568AkqhQD7s?}Ml#G^if;-wQ1@Bl4Z6VN%`H9~uuq#ubzs!b<oPBJq
z_@_;lnw~tlgO?nenvVjJS&0hM^<Mh<I>WadeQAFumUG8nzsRcrUa}y@FoRQZvXQ-2
z?z~S9F1TaJCN+S8zs4q|j58*A>zDBC`!e(cg0r;S?ijFJ6#l7Xcsx7a;$k5lqq^d3
zJKx3f4;&H0ne{#Q3IFMrU8LL1VjuX;UUnIu-(|>9GOU=g3rCyIC)Piy{)75T2_bVg
zen6Ke2?cS6{m=rI!Q=8#yppURj&1;nrXde6?ZLDM2Yp12h%dEde4|E{fRRM=th5_u
z7@=DA(m8*8upEaBwAYbJ?XIXLN4*v#FXp^R0eoCHy#?PNiW5Y;kEQ!MLKafU!}7Jh
zAGL2z6CO-4qJ}$C)c8}<(HGGIW9bozk|OKLD%+cj&352O{*>}Iu_a{865{*R5vJis
z&@8<EX1^~PK{Rhyj;YFudbVYBWjYeUi>1R|IixIs)gjlmz1lGZVGhQq?;GLUEHNel
z+LSL6V&c+F-5dl4_f4L_Ji&Io+|hJ8VaQ8OKP#Rv{fSa!dMkCM8MH`ozRrS2$W@4g
zs5I{0HJhzLNG{N8>k2R``Rr9OW{i`!)h*tWTe<_`7Wt+nDRMYbFUdae)#?!%lJL9*
z(xa_mgG2inEv35ivICtg1YqEvA;LW~K;04r0YekEM4X`VKMv}@n{1>WA|y@f*1cSc
zAIa`z$FSMXD{F-hJAHQl@ENXQAO7Ps4{q6srL%l%z*bKL?*7&XgmVmIWxz|5Nv!=i
zK0Q!m-(3K1f(V<J4Q?@n)ud;-8G`1$?LKwXK}x)LY4{Pl-jkSEQeV(CQHX0{6<C>|
z3mO3A^ub5u;=4+7j3#4AB@PKwycWXOd)uqxI`QuH8YBg{T`QPJa2qT)r+kgO(ju9l
zX-X?2O+`{URjXy^-C<n5M%IqZK`ONh3dR8)`iZ)+gm(`?A|G#s#Byr+D5XaNn4=dg
za7WPi#1W<7+c;;Uu-o+;ZnoFb1JR~879nNxRbQYkCO-{8yv|e&;bg6%Two3=sF&Ls
zyLB-%I9%b9`cSEhT(Ch2{^d9T29cTNFwN4^a&&A+nNsEsJ3;247BXC&T2Ix;YbxDZ
z*1+guy6~i5p(V97g;&`3tmqK*o3oW&+npc`3J0{y9Mt<q$1x&z-AIm^LE3%{<)s=E
zR3=)VF*)hf7?`6*JE7kdY-1jTfomBeoNhG81>f2t(b(D0_E6v2xvY*@(`FEz`0CqE
zu5?5jCJ0RAI8Vsb5#?!CpE6?B?~DBJmiu3ZT_9?JI=mkpa+cKR)bJ6bsn{kUT)Bhd
zv*dSc11l%VJb#fl|C{e|yJ9ugms<#h;1(F7XXasyqW}xTYrarV9fAzQLC$!-7RU$E
zh5m$+DQ?d=IOy*mj%AJWR44Q&WVA!AGXtlr{59Nl3wM}KyQjL+=eIGqpPL;Q5JTE!
z$eI|Dw}-Qc*9~<GK#g)nj9Z{gIW^UK@wzdcvBc}9NSBa&X6neE8`Hvo%U*`5(;N&G
zau3iIYg`kPM@;bos=lIJGa_&$X0(p}geLta*#>-Lu_9;*-Zy=4+u25}OiIm4!SpmC
z#5~;vm9C7YHzwf_WUETvrz))Jsi&Bl0H{<_RMWA@c`%go;i8FQX$n66UcnDb=5+x2
z!LvKuFl{BMJ8j*=HDTS=X$0SEHKQWXEt5wyO^bDdn;_c%GWGYMK7cY#;}cLJNWN&D
z>-OFyYupw2|8Y9)fJkeY+tRb6peDHQ=zRh3pNQ5S`1AOv?y$Zo<1+XFyUrwn8khg3
z`h7qolGS1-R@RxE5iG5ujTuI+4_U`oC_T>SxZchr4Esrb!{?wt;uP?XGCrQVt`CEU
z7DpC5ay=Rex3y8aX}}1sk&7Qn<c&ttJIQs-Q(G;CRXU@7R+~;OR#IN@w!O=110IXm
zE^L5hw9E2SQ9pfi{iGar6G}RsY@j#mT&hh89~=QeP=!(B*rCbN9e~clJu|g0gZ^O_
zZtwu76vEy?fKu^NNd#&{gP3F;l=Fsg740x(f$HOQKY4Hh8hWF<dtIgySPdS8cczr6
z5O2FJ?%zXn%0?&FMqp^na7WusKceO9t}tt3&ep@zJY)SVL*i)@o#s3A=#)5pYEs;X
z!Gw=tp8lw=^`Uv~AsB3VPjRH0t|CFMMd!5K00Ku%^P9ADtYlT1Zbx(avAE_BKnHmA
z{!~rpr>Dm;%ZrEeA^-LC*xjiL5vtu$=HFuwr$J=d6nVJ|vR_OJ^KgK^HND^H<krZw
zS($`M`U0ZY__D@;=u>Z<8OC`jNlG+F-}0aT^XR154y;y%*18S~sj*as*2=UV+5L96
zvS4x&@Z!@fK#8qSyw}4Wy>qfj3>@#WZo@x&Z?i}KK&ui=hM^T^u$TMIF1xOc>RqV^
zRcjbQX+0c0#z{q+dMc8jj*b{VqUrS6L=Ie<w^h%|M7HVt%mk&!!>DlcT($NBB%d4K
zg3HJOJQ6p)7*^?l;$QEB2wigkoa{ht_UVv0dM3dnmOvUNqmgA8faH7Nqp!DCrVOeQ
za+6*f#+`fu7J|%3X!T+_Ild64&vfe#=9>4l)W@e%h1RK;l!AjhFF7PEQOT4yXj<|e
z-Fc#R8*v$;S9$?7oLy$q?t?!u3k22E6YEPutgZAAeC9v7^~wZblA-=XI?#jmS)5L5
z)eYgLza_g|{Ih8Vs$y7WsJ6eY+{8v9&k{3*ufEr!;;`_l_T6YmbwFgRw4E-)<sL}p
zQnl8z$~r$rt6Qqkx{6lN@g33PpY6@bf*DdGWe37w%brAED3mwpN}F|+pJM!}{$Tda
z!0CU068};@kpVbJOR7S4Km&H~#>%?!VpaxiSd><<#|KonH)QFNLHh~F%ie&?^-n>4
z!ZYlmtyX=4x=GgPbVR7UTn&QD{_eb#5V<!gtyY%&F!<H7;Hh3R(<a2IKseQhaY8r_
zgg^(T)1~58=&DfyoaL(s+Hg`6r8Wl{ZFBfeK<Ui^Xn*d+<MvX9sa<70Pq%Fq^{pD^
z1^>5U-w|d;yAV?A3W6i*%zE;ZsXe$#Eb9^y{|AhoWDZX=7rotVTS8#+`J`pIsd_%#
zej^)9GMWK&9vvBmV<E=tFdy!QY_+&ZEL<|5ahsTYO9-I4JD$uNv0MaT`Pg<-m|(qt
zMLPN3#KGyp2bXlq-4)9mu6+4$0Z%OoKpWw4jp;{%;Z%sOl*+drNMfitl;9pqsGH&}
z0H`s^S+47SS|7qoX%)4qXRmmo>!PfiE^(&J?93MeGlYm~t6sEi+}ikNfqJ^m6@Hk3
z?-LJX31vqq;2vysh}aHHpE&Fr`i@(}5HR*YhYM5U>Fx<-&{pbs>6xZ##Ok=Y5pf0$
z!_5p9VodK(jyk!mg%3J!oA&JRU-vK*KhQHY));O?NSqXG)YwQrIp5m{C!`1byarPV
zF=hZ$zzA-L&v*!=VhZ4AoJH2VP0_!<Vx`t7Cboa0@^jXc+pi^qlAO&7_a|;7dh^vA
zNs3UCQhcIYkUXQcQU%l@Y8Rqp1-rmDAry-Kw$+~9cjJ%J%kW!jb&=~9mkRMS0O9Nb
zM-M)nEXVGRYL!Q*wr)tIIl9bEz8?`{Yi~d%@(jXmAbTL@G~bi=3Y39F>KbFhvuLKv
zb~YZZ>80y+%x;^H?5%mUk*fh1zYg1iUF>fz{?J&pXmq6+qKiMwB<hVLC9bI4!gO4q
z5qeJhwOyxs`oi3O!2&eLltt?@#&l8A_Eu~&l2b7`jZb09k%Z1L@Y3_jcLdrK$+mO-
zm(E|~&~Q83^0mPNQbc%C#x0;p;3vO*r)}xo{%w;))IBugl!a5^M9FtSA2OOk9yx#8
zQs|$qV{K-8vJ#S?7gf`0h<t_+yCRdg3cTs<SOYDV*2-+BKv?U*IfGCq-H<p&wH)U8
z(y45ts=u(4_>TL8ig25kIV|YW+wz)j%b6=HfNn9p=vkTeWsqsiK&mhL(Am%b{`u`b
zUHzx-bL^8*bDrdsnjCGW$S#pcFuTvOL9|kqepbjnQVMS}&**WrO#K6*yH!G}f)c9w
z`X)i*cu3RRS9PJGA;zL~jjDhDz7U0j0(ykgpeN&G0~^i*hN1zS`cfWLqd|lsSyDs=
zlJB@5=e7)9a^FdRPpZ-?Z5|e0=~*H3_+w2p$Ur;bM*rSdi`9NEWSD`9K`)emD2eBX
zEd-i-`xK~W8|y*9=xy7{yBpINdTAJmVFb6SafKB8aM-dEj>bzFD1=fl6>v<&0_ABh
z%(^8PE9mBP)khNdpnVAG?LoTuP`xv3h83EZpvF*sb`yIaqGvGs786bJqMyqCLnrj#
zX*)g0OnA{d4`iZEhv1eRjwTwWaixHhnmXAlI9_AM)KmJI?1A<YxEpdr_0C?~_eB72
zrJ+)vdwG~PnuC?FGtXkEMF4kb1qp2xHTMyqVO9xNBe%J~#n|H9%A($(i)=_z?G|+i
z;Ltshl9@b>h=OX5ef|5I{P(wVJsFm*jiqi0pRiFhsPa}WbP{>W^16r&<@Q2>01s-n
z$1U$SGNft2)_<zv`byi>VDl`<|8I!&i!jMNoj9}ED~rn-^wW3C=K+O3q+yn=h!H#F
zv&SB2;tU>w_X;FQ_~7F2;IJL5*a6<2TtE~Hw;^>`rkf3<?pEJ2blZw)Q2xq|7kV$z
z)M0V5TOK_0!%D_-S7dSLu|866$V7nf-#rGOW`u!f!_eGt!;~+iWHn_%TD0WF)b~)Y
ztE&L@{4Dlv=fY~oZBtB(IjC2JY^ShvH;BSGMub<YFRsDvS6sCL;nPt+<TA%z6x42u
zFlq=nIu$p4(~UU|N*JMyf*43^)*)=mtpeTP=%Z%nj*&3F2@#+D8aXC3LNC%rz<V9m
zG@FxNw%tomP7Ui^oV;C$#29?Nj}SC?RLJ&9RAuts{f7^3jXrVX#dR0M$Sy5;#}jw{
zjl{>$+F9rqpNm}Uzyjnm+cI5fXv^d<3to*J?Gh&+riAh|>G=O82l;&~)?vz7Bmjnt
z`V~R>=b}UqDYIl$-GueV<U@u7M!)<u3-g}-`~zRGvH%r4Hj+l$6h<9`Wvv^+-UiA$
zij(aiD15L!O+)v{KPWM%x;Yer5aBqp6##fe<v+j|B+GWe?aq=7qtB}EL55>1j3~<o
z%!tf`^I$^GS~3NJFOEP)sEZ;TSr3<vL_G(e3+p%0@3yPZ;m#tfsCq%LXm^qPm@QA^
zUAZgyU~IcF<6kNa!qB$pm3xAY`}T%>Tt~OB!YtAa4X_HH7(6x%eEap(Uj!=CY(nz3
zwHQRd*g@8wPo%PQ;#3gQt2f&8=NvsKQ&;V*gduqCOW%P9s0PjTDc=LiW*vj%d)sOw
zF1M~hkQoVGzHB>euaW^yu`O<&@6PJTk;~t_k5{5qogkSCm^gc1-!5lan#*s@3u%cG
zxIF^ul*%JG8u_jMU!GZE;poM6ue1~FOu_DNwDxZO`8aoPpnv<HFWu*&10kB$`_;ta
zg~Y$<o3-<b%+(x_V!cT7sdx9WB$F2>SSnuPPtJQ<TTP`}WS5#$Hwv%UiK(A(OBKA-
zL31ky-@!#*hG2tK$m2ZV$HmF{5#c%CUeI|6ZhyB_pw#g#v7~{hmuTY&i?H`K5-?R<
zT|A`BgH@eIh8>4FklpnHH1r+KX~He~5ExPGE6u>@Uvq#M=?WxevE_|Dw$&0i1<Ucf
zXK&(cmhwOc&<k-BX3*uziqP4%l%Cfv?p6lc8EIG%3O4uA$PJYO#YHYtguh_|JmaDt
zjGe!=s<$Hz`|}?meC3CA!?-sDKa-tJ?oi9P<qRmEM?agC;qD6dpu#|aU~?Z)VCRA$
zDjY4l?iGuuK$J*EjD-rLa#l|0%<sp&dEU8+<EDXsj7aE;re%tLQ^Lv!Ih`ieBc>^F
zSdPNd<}}@zdeS}_elUAF%P1jpbydld{YbP+Mi-WR3DI^Xvz}nol%%8<>Rfw|t0k_R
z28!Cv(9@Q}b-n6U{gLny3j3S6ZvC*qtgyVnGWBHF7r=%H)iTPk?3Tm-_Qa)02gkoI
zkzRk7&->@O#=Ioo#8vYXTTs9NJofo$_vgzbDgq?{ks7satVq^TK}H7%BeZa0xEwAy
zgm9UGLK+}~jm-okrL#BJ{Nz!34E+qW4|W~XSgo%t$8f_kSMH{BW+zz&OY3U;d;yQ?
zlf~bCgh(y~0xDW&3QWro>B%#xYf#EVZ6c_&q&QuKAoRu2W4^UO%5L8lAm3*`LBZ*P
z?p_jO(1x@^9S?lgL1a9@6wOhbFg%S6Pm5xxO3o+hWv*LF&1aeR%L8A8<!m!e!d_~(
zO(3L0vw`F~W+A&BPt7Dug`iNTfz)r?iK7-LtRd6sVYJOGSN=SXANXoWL($oQnMQN8
z!x+b3a*<|u6QV!0Lh`eNB?XoF#xXCQK)TE$n@V_tV)`7ekz&h5zlK14Yg2_ta@GA~
zNiqaiWfxFYK70X<%}3BJ04Euc0))x!HY9;O?HHc41#bHE<gjU6Q#)(8kh#^oppT;0
zEXcBKuW0zBdd)%;VP|@mS2b84jt%)2NR8?IFn;Ui|H~6TGkk<C+hRy!iRzKf?wR+H
zKE5E49$h>1l<!zm!w+xD*;BeDe;OHJd$*5GhB~2cy4HOpm{G5SuxCU$@{WL!&nt-G
zpuT&k*)4)J3^7_(ob^fhj`NVsoiec0CS<N5m!`HW#Ouz$-WYj-t!&pFh#9nEYfzO7
zUI)^8(i0B^&->(DdhUivCdtREmeWIJZpQgQnH0G9z+Do#R7_)xJBuN2K1R+jm`Hes
zWW)2AjpYE0S5&sDLf)K7cKA({&1)vxS#)uN$-7q1^q;<Wjpc(G?hBHi2gGNrbPJy9
zHLT?!=7e(mi@OH$mo~iIZu9s(q&XiGeFv4q<$fY{(xs?bVk2KMk#qzVP&1W0LK9K~
z)CAfA7s0$c*Ztcb<o8Kp?fNawYuj5=QZwFWWxhZ3!XGihhpSR$M<!QJ3DPtu4qiMS
zU}<;`%W!=6E8hC;r6%*RB*D=zf?8I5bD_!rj|A!<`b1gB2w;gie6E$?r6wpZ6zjGU
z%<y6ksQnz4j>x{lL*{4sBcy|2XtDMv)5XLr!l-OVa}ei<+1Z3sU=D$fc5K(lIcQih
zR9KQKkUr?kGjtjutczI>A02^P&h}G~f-1>=$b71W8>^Tvx&ZE~Wguq?UUG2fkyFbn
z$M-=5!CObR^*gahtZ%~z?{3HZU;1gOZwDN3aoNBA7>CszC{lKX<tX(SF@hmV#Qd9V
zRL0$wE-wFFRWCJM>3E78E1pLo*)S7{ERRQ>n|dn59_0{+)Z_SH>%ezw;V!!&rA4#)
z^Do#dwVn*QjR=+_kwaKSXg-7wSA(GgBN4S%>3E2wTWQkN6y%~}F1Iv<37MM!)%!@V
zAE;*hW3m1E3GS6+1Oj2I=qI|bCTt6)sX6on;rsc2sMh~;q4fAlF|o+A{yeNJF-q;k
z^%uMT98DUIbVBGa&}SyA99X>Z*B9`Jpj}`#i{%Zi`_M)uHM~PcZ3Y1;c{4~Hz)1&C
zocTZ<s1>!D(1m!ackmEW8=j*CN?}gZ8xaG*bWV(>6_Iknzwq-65a}-%eksvsfn*mE
zP4q(dWfX8iknkjlcJmT!3K>C{$wOu)-iPqSB-*ACi0)EE5kg(8A+Z;NtXPnR5j~K>
zWDdjq#dl8SB>VHH??F||19e#kS|u%_`FzU%!$%OqNapGD4*vCrCn9$905WgH6cY?h
zDgZn-><gv%a|)<myRYc;!R3)XodTN&Q6{hktrEIVLx33)IG-dg=s~x`cT88wUFJ%X
z?w>vxFL38p-$l?!UGx!D0V^EnW1DngFv|mT>4#aygIGI{*RPLhlsM%S8M<xE3MVVY
zKkG|?C@v+YteN6Vmn(JLwnhib*4M!dl?vm;oRJzpLDqJ1vW&au?_W-|hcvC?*-Yp`
zdLSfxg!#;!zX(;<ljOyUp2ETeBf}A%i|l`D?5#X0N9D%$etz1fACo60O9kk6$CbZL
zTeZR-pxtWTcaWYcHwBC&O%j_6R}ri*Z#0wnf0gQ6cM)NJ9&x&>=sj#U*}Ializ@e=
zlOq0h(d`->N7)pkaQr#U;8y*Z9Pu|2ML_`;-Ped6&}J_YI95U2*QH*#HBAvj&`u%Z
zAAZQ)k@cTXx8e&@1oZ_wNhO%S%wSUI{>-m3leGD*0Tv7Q!Im7fopglw$ZvhrivQxM
zN9kH_)N`FZ5qmrsX(^POKkUIAwm65`J>%Y_qgsNP<8`VcSztgHf(20C{`kFrUJ_Qt
zC!~WqPLnHVw+63)Eo0{RD%^215LJzk#7z+4X$>CRmo#*AMnl&^kM91hza=XFT##ta
z#3+7;0%U<`;Q&^vMK(X7!fvlcb+R<g43-ojwRZF}Nt5zJQiwdx0M@q)R66Ez;X*k8
zGyGT@7yD%{K5EBid5X+Rl~q+7a|dSs+lSMiB%Nk*P_o+90_=YKR&rRVavDQ&HV68|
zFlL#%%-m4pEJ#pv6GLm&sbaZ-)_;CLDIV0S+fM)n{V#us_#Yl2<OMxr`G=Jr=LJ~!
z@a3_P`zTU8qR|G8Lw*i0$=#5zc$aFL=hJmCBuy?uxREcn3ozU~iJ|`7L!EE@oy#MR
zCQ^_PjFi1a$9Lt8zi1VCG0|-o<~`p)G>~(`C6?XOTI{~_Kwr!!W%$DWJ-hwEe?Br1
zGz)&e?E)a#Y3|AS!1t46?>=NVHl66TD~)Iz;R7F;i}khP#P=^UL8<KBs9ezim_luC
zuSqhaTJ??`Km3T+C(FH$CbA+wB9&Oet{BDYIPC2TnzU!m`Nb0zlxvAUH!qH>N{&(+
z^ykcD8u^E3pMeZLmBeTe!sqw54e8&%(Z3%T6`LhQ*dyJ=thNQnVdSF33Rr_6;=%;9
zsuZcVpfl<OY}8ZLIhI?AMsFS(!zTtXrED+5mV_USH%n95$A#PvoL2OJIE68|l`PhG
z82&DpUu;Qm_3h(}9q3c_A+Id)u6HrtgLHbWwtngF8U$V*Alcc=y+q0S_h0&#O7xG<
z+e4EY$y`L1gi*@5K!~+6pv9V+GBVbsz;+=zWC|uE-CVsd*Bo=gtEqr(0e)6w-03&E
z*99gjp~*k<q}6@49gDYcLL(}TGAXbbQrT0Xk2}jeg?-v~d5Tc-%?jC32I7XCqc9W`
z?xwZf86bvyvuw|=cN*j_oEZ-Pt8_`Rj+4X2Q9WdhwJ{USHNx{A)tAchMJOqJ`B?yu
zoQ5zGi3<h8U3lFw_^4-qOUnX;xHh-@9wlV`r+`yYJhl-kxB<}KB`#3*@p~45O`MR9
zL{h5}BS-vU0SKS_8jx@ypaf8rmF?-?oMfP-1?GzDGNZgHn>-JP@-=(LUnD21J43}C
zqjt0-zAl^M@SiK0gzPaXAtb4J9I&ZDTw}_UxA3fJ-&f;)RH8}WSpWSVJtadInmNU-
z{rvCR{Xfs^H4Qz&e8cP?I|mJA3eXy^waigjTb`ggSSqxcJZ3Kr>n!r%AcSluDQbUy
z!DMZ>6&kV%K1{?GBILIHcmqnF8Q`bNWv(tO9Y7@`FlLHL2O(6%_D0Pn%ui<UhAxB9
zs25Ch#}*m?_#*`-FP#UM@*wD|ogvtD2CjX7M@=4OqU;H_8=qxE-`Q$221?}~a3I;Y
zQ;euS&D-=Pc8`gaG|A4qAkA9&(`;Y<lIxD&WH}e=)hkUs{&H?Y_=yy0&#ybWB(Jit
z|MThZ@em;e3-~h77u}%JFo#e-gx&6ib)gTCDWQWE^cS*yup%?=#lolK3f*ACpjjV;
zv{-!*R$A5+yRClPj~K9iqe;lT4>j!}{CkQhy_YB3K2LR~hA$zy5R34O_kAe~N<g)T
zm+@53^K^&xU)jjUWy9-L`c<I>{Z&L=Hx)<7pRj<-G@3ZkdU|s0ZO(g%`ZYMXeSit2
zASpzkUQb3&iC+%bC6Kcd5l^^ExTgo|PBYlHVds3R`PwYFKtBR~`gs;#!XRpshycX#
zX#%0f%m!Pf%g%HC1yGAcoPnNyb0Q4}7$Kmi^IeeEq-z|Qn}CyFmX5rBYLW&&cRDvn
zkg*>Z%XYTXlbO{M<eB=Qi5n0MPQ#nZ=xJ%)`K{niQaU@<63VC0rB1)!!;FSPxd6|K
z$(^HK{KF@CsFL<9g>E7bOlchM%2KWagbQ0m+fuUs(1G!)Xla(6PWnkjnYJ6C@!x9A
zGip^}{thvVb>mk3JAie%><p>KsX&q()uNU{98wcRcn*E!C))<7>EYBmYl(1cJHrmP
z8DNiO9M%!SK^`oTbPLZrut`5*?6vV|)V)Iun_&~8XP{W|lK&7`F-|S^<W+yad{$jG
z!+B-S4%lD~z&(zKkzYpKx1jc7C<3#AR)(PRZv_Mp^kCPFOVmQx8z6EWzK$b>TSEc%
zz`d5hi;1EI9wQ;8{qw5UBCr-p%RyLu1D<^30N9@~+LiF~MPYe`LOp0ET%eF@PT0VN
ze)q@&5S)NRvCAjxeTmWLengiKPmcwnjPyRKB0iwVM>PzwT}11fT@RsmJiTsMDaLSQ
zo%Q7r()G<SiO*vekH;ig?A{9gb+v=Le!F>uD=Ts6K04Fjd_<DuEkMqmSsGrS;~C$b
z1X7MKM2RYE3#(-wc0cepoVI%m|GED{ZYzDCatLcT2ZHm_-e-f?XmXW&ZsV>k<>`tn
z0@t1co&uq%b!sx)Xg&1BA#;%k+{@_);Y?k)JF>X}%;LRBhI+`rkkd3bU4ty1lVTOr
zl7%RbZCdV#o{#r$(plkN;(|qv=fH<F2%YN7M2*nWbVB6E<toVxQcn;V79_t7lWnU?
zL_)4Vq%j2~*qW47{GK7l{ORVN3r6dEm4gOPQx)cxM3TF>S!9--1;yjsmSR{-!r)0T
zsocJmhZw1m{g#7!5y&-JlVGY5%<d)k?K*it8Gs$$BZPH4p~h*15SHTk+Q6J3bLqj?
zGbbe;JIKVgxo)k)m90f9_#p|M4647#@G$fux_l-_b>22rVKEVedWjb28tSL2e^UGi
zb5{wfm9!uYE6DY4p!;2!!52*-p?m72XK1g-?*iwfxA($hDO_S@VfWv0B-iK`cBF3s
zl}q-I+xI{HDkhE$kQ!%1Kr9oRj~FkY)H4f>BHUG7xHjeqAb8t)F4TO#r&Su6^c?fP
zPG+YGHjFB_cDRH~A?HM}Oj`)R*10g4KdJJ>t-WSgfdiK%;j->+d&n2M`Oq53?eY@5
zKz^3yMn71q5Y=#PL}|MVa9#HiwaM4drmlo#hE!>S+e`3NYou$J+*4M3Zd;jzNx1Pm
z74@|DjV>lf*@ym*a9Jqzta{O~C#7bKatGsYVq+nm@E&cGR306cW=}4<MN$UC(vUpl
zTDP>I*c8BMg4n+j$B`?k|0l96x_f1m(e#CSJ)Gt_f>&p<%7w|TTQ;+%VkKP=V`}kR
zcg@^2bg|Q^{bp<nBDDl5J&y1ZQA88W!MGzi<52Q$^ZwM(Xx#8JVy|1&?9#Ljh_tHX
zjGZ^CEXGofvXWV8y1N^`uwZTbYjTKjC-bamfE3AaiNNSX+^OGWxxcV{S=ts4r;Ru?
z(Xh+ppfKe+(vd@fsKpby9sl`6?e^i<DN~?-@L8rdrp(o{>#26he}sfh!BunP@eXix
zhbTSClNGfcM}v8uj0xh-i-D|3n&i@sJAf-?h}Qlhm+?MHhe@X7jBvvJ#IQjq!4DNA
z);@5<`c$(tLS`N$Z}^lT#`};CG8&XAWb+_(pZxNc+>kQ}5-YVSeff{iPQpS%UFe9D
zlHaOobJKg?87oE^%ZKo?84_=4(V-@hyuy1Tp@~k3>xsRIbkCMV_oW}A*;3rmMLMP5
zaH(-p%QWQRnn0>H1ts;gx}u^Itg2HQwg-&S{_1b}p@(kCSo#d1?)O%jYf@{_%G%(r
zdC6_8z_0R6URLZe%6m9~q^LbzcXa~M-kqFzr=7K-JKGf_xI{U_=nnQlC(qap<NJuA
z4H}U91le@}c(0e7vk{-%DuC?}-o7G`?~VizQ*I%;jX88KI$z9fdo!d>1%g<0(hVxb
z)Gn{Hy|jQjneAx$-qWyjmT&qm<b*Yk90+#<r$q0r%vtNz2S<#Y%3>zpAuj#nd&*))
zm#;U>?Am_BNe8{S1Wp83x81M%f62hBr9`L!9M!>nwbUXQTm`tSe5D_uG{F$gYG&z^
z0D*c(ow!v8ETHhm%7hWT?GeTZ_4s2iz}n`Zx-t2bhvUB6!Qqt(G*cQXfv&u51sA#q
zS03teV5Kdp$5HM|F~Yn*PvD(`Bo`xK?I>O5;Z?Fr2Q|B*&(BTn9!or_7eQj;NW$4N
zjrjRc4$TBXL`s7+4baBi=zgmI3)q93*yVmC#f=DZBjLER%H%^Q1Sp)hK-H851}@Ph
zXci)8;A%Uvl_%|tGFuNP^@9HIS-}D{E`{aso?(S)0xCN>DVBKj8#F7yeH>H-RW)C`
zML)wDcg?f)#%!1pIxKk>^pkp@k@do{+fF)~kjWc6&*h$kj%p2)_JKuaADJM`ozr{*
z#M2KDPOyC?a4d0tvX=lxJ(&@w$dOcb^^6X;V<nPH)}Ks~W)Eq!>Iz%Y=4kgMnJ^QA
zd(yKoZOls*mP}>(%Xb07R_73jIIwtae0+oAN7f#a#>azNoqySkq#jbPdWAZL1bK$`
zbbe)STB-}@dRYLhVyLSc=Cu1ubB$&s+ybe^F=FJK3QG;0ItT09ysX(?nvxbiNMJ9T
z+7~id<z)4L@+ST*a_6CWT#-t~BTW|*Tnb>9;CG@f@j8xxENhqEqW+}BlFqqc594-$
zR4Dp9;k#Zj{v{AsF0{0{*d16mTZ!vf62|qn_51t#S7}FsIf;w)o5ecg2())hPPaQQ
z<K)_gsArJwI|VE%dg)wykabJG+L%PyZ+vdh1tIQ><kCcEf0|Zm#>b#ueIHc_MpYrh
z270<oTn5fVonigAg%8<7+--`O+{rCUEE3m~Dqn-|_TY4~%-he5*0QQ1O3`O=8J(sT
z;>t9#J~BW)MNo&1rIjZxx0<57r$nFT4o$tc#CIl3WmJCt7&gehzL{M1;6jN>R;$EH
zY<aAw-^Z}ZmxNV<$(!0-c*s3iTS0Z4d_e3<^Gmj?GtiVj&wp_|^7Nn+HgpjYY|%>x
z^U_QZJ>RxA#coWY4EE0!A5r|=d(zF#$FEsr<X~RlHh#L7g}&L_@sx0Bpp*pVHA>@O
zm+~GDKH7cCc9dkv28N6CXBjAsocx#3*N!$d%=y3FMWLh&$v52`gU#dH`HQS>++<xL
zr*3G+V73&N#KG?*Cw#_s@u{){DKb8(XggMO7weR{9#uHhM1GV!fGE%duS?^S_XE<;
z1sSFdyWtW43SW3+QgZML!}j_Nk75(A)*C9S@@$-fOqXG$Va7v3oCCD7zS?c#0t1qh
zpo+Q1i@Cy=qbpbiHGc?4veb)&)DWw5F%IefM@pQ8N|d%~m9~R@EOs2(E6~+nI3<fO
zKq3OhTuLuGq(PSe0@i`CN(*6#09I|mxX>&hgTnoXPdxpiG<xj0iAOzS)psaR?Z}n7
z^c67`AsZvFjY`j61@E7x<ba0KS(ytF6D$gP3bXId3xn(28B(+>(S}YgH=omg^Yqo8
z?#oMWjJU+VG=v(Qk}yNh!dDT*;g`ZXTOph#WLX<0uVwwS7sR{6Y4_dQ)=Qjg3Kdcm
zA7yYBr_@ED5<r`rjkcjb=vFhe1NyK6nKW1$qtbBEHWD2~82%2)(81Jt#YE#HUR~*(
zDel(5Ssi<^1D!x&G|BcDuH@jHvn4M%KkgB3y2V*>{(3s+k|V^L`!c;gu;@+sVK1rU
z`C*y|zb@Pj-Q!cwHRZ9_v7zznpC`on%pG-#GbG8)Nv_PFjHNC}&H=6flSkW9__Eh{
zUgO>CT#5~~YB90U@=UszRMnb?vKYu#o+k{cNV&>|iMtzA)dn!3ILrGkSvgvuP3D{k
zvyh`YF!^3wFh6cAxXy7);Z)}va|o}v2ZnAL1B&&(XZ_u8@{cZD>cxS?ufs6VPz#x+
ze>HgU?$|*kv;*RjzfQ(qV&V(N&}>A!p+_QzyI2g?maCYFp|Ud0FQCSKfAa{P;bJcY
zt<M1Vg*rJ0PFfqb(yzI?#^*&|R9c~~>`S(KyZktbF~Q_DY_PfCe)Zl!pL(&wN88D-
zXJ<k_v$*wx#ruc0Gl2ZE-|D^!k(&-Vjx*8O5yK=I6T7H4I|dWJLZ;QV&r_QfmKoB1
z1RKJ$K<$$vmN8J=Z1t+hulf`=Ax4!am?;+_yBXCLz3;;Xn~{JNO%t@I2Jhd!dp9nr
zXe!hxdUbDV>){h(4jIXsp%YiCes+R**r1roKHHHjxqc9?w7J-iD3#A3kJxyN(nQ$C
zhhGp}_ysI(Zds^U$z2JM4Q21A7G-^zK-x+grj8~*@XMx3jrK24QSA&>%G*hC)>C~f
z$6f)@qQW3k=I!{j!;FU|?0VNx%r1K(M%^-hb$#nrz|hlQmR@Q~gOtTUspG@H)(Q-W
zTn1~|fC`M{uP=E^T;hmfP20Iac&H3Z|1Kpc$0huns?F7IE927tKjZJe%(@<%G$7=V
zGz%18rqCD$Ymq+4`FV(Obmvv6l!<)3QWY(c+Z({k9I(Z)PJ<W8ekZlg8#No8%Sk5U
z_)8xVOc_()I<eQUxNU52%tMAies;n~@H4ij0UwqB8Ig|LHC-AHT4#(Gw}iw|L^zP>
z_n9(&UzHPqo*)y1lA7|!K@w#iBv1>sWFY|z0SqZAp$)Z4hm7`p#=1lErDL<QO})7o
zhW0=|pRlOdFx_?0N8kwoQ`(DwP<&VZisi-L=VA<R5KJOOKnQuz#<MQ!ClaGUm`cKj
zb45|c-(=m+cIYqHY%qT8T7gkK8_7@-UlLI_##N|oF&cxc!PsFI35;QwN|#Dr=2ET?
za^#ziKSH{8jw<zDaA)E(9JOg3ggS`-bu=JYnKvkj!N563woLs-WoU&-sCGPuD_im^
z<y(f`zIu&vb*D0v{Yh|{q|vpQ6w=y$#TRxj5D5mNUnQg=QTsu*Cm5rzlUAJcWqG{d
zVGbe=HG!&6nAZIyNWZOkbL*0Jm+6CEU~>@QEB;c@ZVJS|yVheE$q|1@A8_kcO%8wq
zupd;Z36I;+t8QJ_vZ_6czzcpZT)h_y*%Q!jU<0%eE`BL&E{pSdJi&Qe$|&19$z)u7
zrT_Tdi;62&$SSIgtJscA5EaCCs*qpBy<G~EpyNf75n$hEcL==v$_0|`#6L=>>soz+
zU791L&aGjkzeQrDw%}08uX_PF=SPH-)ble=Mg088lB$Qs7(KOF4G@f-lAm-*Yu~6r
z_69mF*k+!5!x53>oQvALVT#&2<r=yU%Z_V+A!nGvuOV#SOvc|q2c{rG3gz4rD!TzD
zC%KAlWQTyEy^nzH)_T>`pEaEkI?l6#Z7!w5w&RlWU4&&Z)kuEm-M`7IxqwZr_IwBN
zsd6fk^<qb(<<;R_a;0R!aN!I>jpB?u1OkEnLVV-Ln$8{{JD?!5pX`?+D}DCz+gs;Y
zj|hjK{R^{DBq1$eu3P#7YJv9QL6!(`h<x8(VCQu`n(WRMjM?>t`B1J}a7@^r20O%$
zsB$1IkbDT8B=*5Ht;<CdasIM9A4W^17H<3m`uRQ*XC%)pEBwqhtJC!K%@+dVhb{%<
zkML>2wz6EvCIHa*4MGe<W_T6WH)fY(|MTAcqiDmgg5FC(;FBN#2s6)7my!NKuOb_Z
z|4`lma?le*ssTxQ*eH8Vu-usKZhGANny(?+nAP8zCOZWXLkVs9xNIyJIaSA!Vk4lr
zjZo$&F!|i-;jjlp6?ctzH>U}@@m_d0gX^rcbZ|Uaaw)gA5-HqtyX2N!FaymO%$|&5
z^<wd#`;Toc_CP~VoF5t@=PAK&NFnWd;xR%-1YJyrHWDX|kb>ct?b8tasRxa92IGGZ
zOvc8LG5tc-Dckg;K=6$bAAVblToAS3AH5g!am77tHLcj6y)QW#Eta^U2P*s7BNOMc
z%23ayN*96lV#z65zBxpxoF5>(EV;9JAL3YSNDK$^{5z@BI>as944NFK@2=)T2c>sa
z4%V<FO{)f*(9953)H{eV8Oho({%)PZC)VYDM7L@~%#R*U8m^JXCodhvqGdzav$~e9
zutt;J!?hxzn#soTZoBvR9uF*8oDZMvV;)@nQo8W{Zw;y){0Gi_uqtT%3yC2iv(hTx
z`J}LQJqT?Ce~VR^9K!fH+XA99v-chrDd#C(kT!)hP&MCg-6&e13)o?Q?V_O@xq{%>
zB(hwjE#OYN78D75*K6~_+T?`&={jW+HcuXAPuEyLr}Uc1*Y#iT@xNaV#U@f{t%Jp3
zbC;eGj#U<SoW}Dx?FWD1>jNhhTYYsg9Cuevfj@wWxS&gcVUzM9xokhjs65F_AH#L%
zou@k(=AS0UB$j`uv}>)r_p`}*SCrj(-J=LpXd*Y=h_}<<Fh_v1Umb}BnnecfZ`HDb
z<f>k5cXtZ1g;98P`&7=iD!-f9b2wG`*aAcz<zrT&97bhenF<)|lSB>zZw%oQ{_A%i
zewt%Q9xM{CbMK4sN)5GqBur9?7QD~ti#u`OzOop0ctA&N&vwm63B)e6)|^NVJ>qlW
zF=L!9dGD99&Q&z!5>uDSBx+;Xar(XBK$$aC0WHBcW46X&zlf34aS--qgTuyqfU<qV
z0Fk=IT=7aA-$4=)RB<aEUX97DCsR$*(ry-XCEh(fm5+L8S_YHRBusoP>+`aq306#B
z={%&5E@YBa5RZL5AH?Nu`&R)_6e1z#>sY$%Q#RR*Hfh~{7;9#9zU)0eb5pw#2nSqG
z)`jl&e???3F3*Xy>F^|ThSa{P%rtciIYgR7F){Xtw-~>Y|M1uj499aNY2o@v+=fWX
zLmnL{?MPx)#s#KK1y=f|cGsx~4Tzeks1+D8nGL}A2mI)4j^7o&MQk5{ncuMSo+pa~
zvSx5VPEP!hx~b~Ndp;U|4~@H0)Y?+7;4UhNd?U-_@!=yb4eL&WAbq3$_zuQC%dl1U
zzafHV5Ex_!sTnteyOAgn$h^pU!F0J76a>fl$;KodKmctAm(tDW2+|TVC;7<)_3F2W
z#$uZ7C8#3{C-oAxbwlZT&rf$gkSI*2OHKNYpBphAKrGdj?gWA%!3kdmh(f*3B=t+^
z?sTsiHxK0j!@yJiE@>IIhSj7<Pe>*-oD?+qL3p{I%;@A|vxDinmSLqQI+nf=Ey+l*
zo^ooHi2r)ehhNah#~A0sNB<WI4p{lo6%!gUq|3UR!171?7`ub4{F;R!@ZeTn+DY+G
z9YfTbMCRU9A_oU&m8u+$2_}xC%ZfOn_#ds3jo;*AUZGHl9qjlCnZtZGDcqMchwQ(;
zr<1d9wm?0O$dR8i6}F9c_64bj)rtf_#Zz<K+aR2KxUGIC8-KA_CaZO>V0v%w34Uct
zWkN@ku|@IQ1B=+SE9<8~8Q?8I`KU{c|F3Q`{`eD`FYU%_RCP;OKH8@C1I4_aUz4R5
zCCX)p4PUi_7<XN+1!t)qe`hJ%JKDK@QG?8rw2&bsp?f{t{!PbDFTf%F0q1=Lez(+C
zP#CS+jvHfK)_E^uK9Uv|(9e63{WMH4y(L`0Rk#JO`dsrg1mY<;q6-a)?Ye^E;u;Dk
z4-4U1%S3mz00YC!Vh)yd_y4PBBq*>P#uHQa=*L!-ZzfB9JssASjPLH0fb+qd$sQWV
zZiLiZ4x78mAw`>>WOWaCkt*~er+2(mWZ8+>O5MVhG{4(#b2vHd0S7<Jc%y<p)e*W`
z%W06-?ud(vmn$8~Tna1Q0VkE;w#Eu27~>WaJ19%!QJIL?_?xCo+c)TMAFZ&J;1vmI
zff`iv^~-+XGJ72#M(`x4$Ck;3@K)fI&zt)bSzEALaZrQ8+BdU}2$lrXI#ZO)RMY@4
z4@?({pi}ytW1D{Dk4>k=4cM+cy(9O*p6qu0t}WKm5?Ha=`!-u>-4y340u@8@<aQWo
z@b;KXjXtFC#+EFUrc-4RK5mao?mS(S(#4Hq$raodho<jjGlMVvN~dwffc~<UsY=J4
z9ou6E{icncdDi_Lr0l(4a%5}%QUC_rv%&#8fhEo)ZAFB6vh8p>`k*j7J<dmD`Zpd<
zlk>gOJgCb+?$vcDu{%S<^t^E~)=>SzHGf=2(J_nW=QOhpOhL+R_YP&NDqXq4Ec<kl
z@8~lQ)al&A($fajY5nImHn#`tmm}@x-V_wSYj$L2ZfMwX+a7=1Bw0J`ST>$VHO3zr
zZAwA48c0wXEx#Urv*5L%s~p>23)JuBO~w))Nu;4kuhuG^(q3O`ea2%flC^nNWm`8m
zfh5>X>#(WN5SL-ipM5p_2e8VGW}jHjgg@YJ43<Lum`oaNyS>;|z`0R<!S#`PL<&BH
zM$me1R^ce#Y}@`T$$my&b4eamO%LRpmBIpFTHIahs*A$x{7+O1CWZTsj{2I6`p%in
zN6!+GMa`%8e!8?Bz4?Q^+IJ(bl$d&ZZx#P!8J`2P@;STPxByDP=l=De1hKQF%Q@+d
zA1-(O$NfZi&RD`hr;h#DvoD=5J47#8?9;`omhUvJZtKU_)Y$<pal_epBb&cIMt|SA
z`dQzT4>`~a2Gyl?Z}%IGxn6^XyV)-C_7z5w8$AxNQTx(>!ANOzv`52Mg-Xd3uDWyx
z2w_1dIa{CV%^Ul+GEw&pjI$nJ_3Z=!%nP+ZJ-jg1kKa0)|8vxS%cdU-O)1`CG}wCX
zmBuF6r+YE5IY!UdDthSyd!vo&{j~b27oZ{h9#WEbP~MQrK9{=-|Es+Jp#Ixrt1;_L
zY16qbiM3jV7akrSB4EH|ce$pVa^BBN*sPlhS%ZBuy|L6PJ$=*poH*Cj499N}|Ad)o
zmTS+vXWn#i_Lo*u%eO$+rT5=khMsz66{v)Ea6+^b1Hb|i8O;ax8GX65u^BM58t^?V
zMJ9}-b#n_lfR-%cd$V@%@L}4DuRSxb@Yc$KE^GBV5~BFJM_A>VP5-i0|5Li6TFGhd
zVI!j87Vz(*t$bYgb5(+bbVrAEr=Mp(@40n;O~tl8X?J9E;0c|WUq&9a+u>=i2>SBb
zag-;T8uq^hq>VKzKHgwyKX35+6Fb5o498fd-1m4G(kcpOg{lnopTrF}TDV$kLM!#Y
z&AIC2AQj9J-<~IgUnxjA7ZUz1cvcXwYfYQh>-=*Gv==rz(p_m_O`yV2-A(XOvM}7z
zDt+w82%${XHRdI_{aclEkk+3QX(DH3Ew1p`rPW^>YbO0xCjPowWr10cykJJeRo4YJ
zH<lj}=sv&`R3dUCPBt=hH()*_Tt4J{mrBh0&oW#1DgSx(S%}i`(9YJ-2)w5@#o!W%
z&cXUt@Cm%#xE72%mF(q$v5oLZhiS}3K=s|mp~y&twKaO4EE?*}4YbPSb1vht?P}nv
zH5fmI;*MEIzwhUxddI@tINq2$D&ji7;+js8U|63q24lC_17al*DWaKH1_t@5nltxu
zo1-R)9gv<o7lLEv&we-U0z6~@WuHL|&yg4j_&nHC7DVnEd=|^#-<Y152x)EEUfJ0m
zs@DFF7}b!)YMb?CoAn`8kFrqHeS^!n3`CscU1g*5^Lb<2=5r&;xvyTmI;9xep~62S
zf~z-qqlOczdJSwD4{2`jEbLi*BDwxv5?vY;`{S_+mqsbZ!ev^+NZfDgq?LH)Jww+q
zp)T$fO(V>jO(qF;|I>tUh2=NR%`zVt1ez3A^sh7?j5d79pX?;BLL)TfrRfje%X>GJ
zfpX_wR_C`2Bk8TX8cbLD_=cAiEb$v5`?YAbrm+2(HF1*suPtH$oQm5;5=QTQZsSb?
zn7^b%Y<T+dCnp;aqIyEgDjJ^s^`z*z6x9Uzxt@%VJ-gv9<w7Y2OS1zl+&22&zgb<B
z+*uR>vdl;@DSB(h=;!Nq#rpk*za+QXB&&}{EqGsa88vi>IuYiP2hFl1vUHaEWUS-5
zS(LzL#JHHzl0b{vp?gt0uFzneRuJF*^{z}a;@M@j`s44cs|vK$ACj?HH(a!4o`Yxx
z<p{9|7Dk8OwkTTI9X=7U(fjV?;)g-a=z?sqQPG{jI*c8^u_MSz6pB1V-;L+{{r}!G
z<b3>o^AZnvL<6e#2*AslE+~elsD#?kj>sbQXLSya4kL2|MgGsc8M?#eHa@#;evVt$
z^)1+*Y2H5Xx+v_HMWJgj@v(4}<TZnL1MkEL%g*Y>p(eDu8aHn;^Oz=jh4`!TDZ$au
zfq$joS5ykb9lza>(t%a<{)#5PhpdYkV!{aqyu8WghG#zkr*p%X%6iBmR^3*FzskRi
zs8J@ko}bbkQY~mTkh!j_Y@M>4!mP0mZOvj9XMcL!8bIaGY<`S<4`moC?+hJW4(3vN
zd!dey#NgX7738RB?3x>=x%DVl2vS%S#Xti2(X1!4XHax*{qZ}is5b#;ljFwpa@4Na
z#Vtc|$f5|HyA#5<*KaK?NMnvE0plAz-U}SAPQQ*z#+=P!(qrwlf!cCI(b4(7{_&=l
zqtYzh;m!3!_8l8jmr8wjqm#2X;Bq|TVI{(U<Z4KYr}EmO&DuQZNNHBqo)3I4y<(lD
zDjt2hfz={4H$FEs`A*3T=d?xh?2Qv^&E-B(8f){f)|}XBor)I)n|!7cHjQqNMz^(*
zU#xcv99RFKlf}T}Aj0p#m27m*#+N4Z0Q!8p1^L$RI!8i!hx6r5g3_8_i;u)lE6(xB
z9<s38tip>hW#nJPltP+Y4UQ_}%Nd0cL_OrcleLxw@2B_4x1#~mzqS}^8rtlvuR0Lk
zvIiP2Ji><u73c*ggpD02Q5)qGe!ke=(LW;wsDgjSBsQ375!=(>-lRLFv(=%~I6>o3
z!yk1NNbSbwX{n_g!uKU%ZTq!{bqUoY%q#h)7D9Hk9HGzq1kQD#1lL8pW}6tzC1F16
ztPHb|lc{UZd$Qk^ZH`v^E`s8(XgK@@KU0_6R{BnkYI10<W`cd$#=v!YgnA5{G`BA0
z5jI;~QGEDg+&P3@dEAfg*WQ!-F40E67W!qIjs)q~6GP{!j`B~o3I2x_k}<Eytt2^C
zUh(xifO(7-x*Omrl(EbyW?NfZul&M!u=OTUENfqGo|~0e$*bG2FGvs=D802$Xfdi*
zeU52VvkaDFQ(HH0l^l#v&h1w@Nl(uqotV>a<;GnFr0rU>o2%?-OTmjRE}b=*kL*Hf
z^)JU^skG`$tf9ljBZ-mdiSXEdF-w72{%&Edoa%xX&YW}gd-cFqS(lGAB;-B`ClvMt
z@^`CkH<%N1)|~k^e&3J`3S3_01qqv9-<4(?F7p|Qt*U9}D~@FWeSUx{M4DBS|4npK
zy^xlJStjpiB|kCz$(6??d;EzJYbVlOk+qt-P9AI9m(5ByxON8k!^^w~M^r-QFUqB>
zYp9%;5y{fz=1++7X!vzRwGx#><fDgG@5m>}D@hu>!(LFuG4>gIf$Xh1tMFl+)k?Y-
z3^g|;*IU1n^&EU{aEn*?(4u#b7>VFct=#ma5Mx#qEZVdExtv$#l0Bc27OGbU8b;F_
zZB32Yn-*zxZ4cQCf5NbRK?t&`V~IV@u693eI6Vwe&g=iw_y(ISJeY9u2c`Cc=l7tI
zp6tgphz=%ty*&Y6%&oBHGPoEe{7sNywO-fk;cJ!XuVL&<zi*)X4h{}WgR^~kbit<<
z_wFy~>`34o_W?OQr)LC%WvZEri_0T0OEelj!)S-kmjnFCe}Z|7sIx=--u``)Jz8?0
zwz|jhp<#l8Z9SEtvUX#+>F6e`s_#cKGsevizp)KsdGW=z@pwFY-}7eO2fh{{efaS}
z_(@jTQs~5)v6Yf}muhG1!-CLA)0~!sWgd~Z{r{n#^f*iPWh=aYr*1DjOyJ(+shg@%
zgNP)MPSdhNqS+3#S^z<*P&=ct9u!yv`ME#~$-D<}x+!CG^GG?mJ67hlBGwX;c`rAj
z;UyjnalseJ@~wz0N_8iZW?4_>(azVdBozBaY(NFHV1BDUxKqD1)?ZdH6TvV3NnoWX
z^O)%zr(yKk{6Y3HkHi9tw_C_6^XsZYR~s-)EgJrY8=`n0-l49G1+Z=RCu#7NmsSR8
zJ>JqG#}e&543F?N+H8##o%${t-IvnUVRgOFMeVp-S%X~q<~Y{C$JEVE&a8j~;+t(Q
z#i$+DS5|J@^paflDoD*P+THIecrM1oFo65XH>wbJkAoxJpWN~yz+?T2t=UTTJeS7U
z)A+W?nai!&d_UGY^Ga<s7tRZRS#(AgjXoFPiwOyDQ*fv}ej~kk_@2G}O7_b5xhVvj
zfensaLYr1z8_>Gh9_5I5umLN})%*F|mJ{686JF_+*4cpx<%RFrMeo6~weT`d0-s?$
zDuUrd%HdE$RzZagL?iD%Kk78@Yq-rqsimd$6S<OYsw5=IUb5`t$UB&->}PKzx?MM&
z`ApyUzID~(%(o+(O9_%pZClZdYdj_J5(HdunY?p-LZGV1DB{tLi)CiWdHD{`VMdpR
zWNjiL|Htb)V|+6V18-<#_&<by`x2V_IC^lwSD5<b=5bu{<3>~M<8C`EZaOyaNX8#G
z*PCayWiLj-8g^s+RZFISZWRB%z*#dsk*Zbvf*sji`RKR&44s&$UqRoczVw@l0Ec8`
zb?2%khN-Cm?Vk`~Rae}|z4G-}OiRCCn0b9kno99^n(ES~<I$_1dIsm5kYjI5>QR85
zHz9p{5fd@Te>z~e^`Nzxw=Lg(QnGV&s)<q)(nO7I>#pcBYv*J-?ugK;<b(QS`?=~z
zYsVM$@dX$2cegTU%#*I|owwLowg|NQVHDva+_Bd~{pgoxZ!qLzhL@ZADO|Uvb#%=3
zsrWWYZ1gnOTpn6$dNeS4Zj?WIts(B-Jzs8%!b$uAmQc3JK)212_u=(wjf*+yF0;?Q
zLPzDZzUz)g8!;F*l#g8Ft_oyus3&*>HW<xa9Wq_EO-%m`HMmZV_==?TcW%S1;9hr@
z^%lPy8?}38{I!?j;tD5$a5<OqER+r~)&GyN?~bSPfB%mVp_I%dQYxE6M#(8rWR)$U
zaIA_#WjiUAQA*?(QASpXC_>8S*rP~P%1%kh{#`fc;2ga_-`_ty<T&^J8rOVY%TswU
zl7$}?B#V2W%KvL#q*mK^)FUi4+`=;2CC{<&?)2Bw+pZzVy1!ybPvh_AKBQn#=F^oY
z$&Yf=?A<<o>~X(#i6#`1isX8B4nWeT%pLjh4-H>1H=2L{^tVgPO`vtwXq8BfcuHmW
zAIixaJxlw|M0fb^w}V9%!V~lmhkb$AlID<%S=y<D${A3U+buWbbkKNiGJ0N?hK6QG
zadhyHi{B4gabF7`ynpivH&l*|j#zt;N*-+ZCWB@NjHTJ*r%#{$Wx7NoS=}OOr(B9A
z@}nbD1&{XRk<AKSc#3*qDqDlkS3G;K@G~CKkRIxAaGz?5Hi1t4UYAg>Vq?ua&VxN2
z7_1>@W2{uJFjK4`bPWT|+lu<+zk6e7nBL6(u)o_sxV7uA@`-IDfV}J-7Sv}=&EKOL
z>(N$iqUXNX$JTIfR;K(!Ze3uVdk-qsw93yP;<xW#iCf7G`<u?3J+aHt^ptZ^L5HcY
zLYCim)T5CAb}p`fI*(z;?w&|pq5b>!AHAuy?NUv!o7cn@FX_3yyK~kZ#wq1dhw3hc
z)KvC3fzzTyV^IA=*xu!Me!seXIO?s1V{}?^YK#ly_iA2gyWUmj6555${|rUXcj~<6
zMze+myGkGCf7?|$J<|O2pj2An)POi|)kd$s#UpPwdOB2jj(SvgZB>{XxeGlww=rMn
zOgGF*pyk&0y!F*a)2%(s&g+-Y_L7OhiGnBh2XuJfr{brEue@<<b#z|)pIrNgGWY3t
z(b|nA$ZP)gYkC<C9p}1OvZ-{=0Hs?VX}c?VWB*LI!d&+g*S^C!h>d>lOijnny&<Zl
zys^0=An;CAln+FZ+Vw)YMNfQDjyZ<6V~xd83NnU<>L>+=luZO_F>rzhssvMI5^OQ@
zX-~wN!;E8KfMP=khg!9*J4Zf#zP2*hW%S#791R;J0M^Pt8>Moms1PyKPTbZo=4^=k
zN<u|`)mO=O$UWcka3+0z?9Gl86-@lwRCdEQi9O-iLWUsy90q9<hqu(`g_j`!Ru0MD
z`tHJO!6%POv}CDI_4|8`E#Is*UF$+jIwW~^%z~Av7<AXIqg(mSLq|{0@och%m)y$t
zcWwgL5Y%+n?5D2ML6eER22)e;(3SeKGuyvg_{<iqJE*0T5t*!eQz7e;^+9tH;o>Y8
zFX!s)I@{<;Zc8+nBwE(ryQFd-abzCoi}AtC_A!hd1b1zFfoNA31R^fC&d&55RS?jS
z6?rM?`Gww8W@^w~+1dNmOiiSAVb|o)rE0B<GzYq%+WKzF3*1kmN4}>Y*+0rOp5*Sh
z+8uaLcc0_4r?!*R;P#AcFV}e%HCFP8=vFO@XX0-XPasWE3O-l~ynGK5>N(`paBh2c
zhIloL?1-IWHTdIzxfBA!_Y|0n)5JnrB&j6_r*B9s2xp%90LqrP_!$>|ue1h`)eKk!
z<9ZJ51;m3Z#oDS(=YGooZsaH655v$${+26vM)OBvUknWRn@+dC-?7#PW#gjy3-YL0
z!2$K^fXK<nkd=ZP{yfL^YOOPOax=keRq%(puu`a8mYe#XpEJ{C^IdcU14GH{&apI=
zoA>Lg73MRide414!Xk_^cKLFH?GAl{Xa8|i&Izk?G^~)7GSpCxp|0rP7l!%}#<C3=
z&m_)U#882`QI^#1eglQ#2|M$yDzv+*=qvPvDQD!>lq`gn;brdfKTKeawW0a6YPCmY
zP@3_zwi(~Yd!*mEsMSlS7=-#1hxkM$ZpM6{KwXa*4C3vs(rfc_ww6<T2qyw1Z7*eT
zxf0Fcvk1T>BG7L8UvhR0R++hCAS9Pf`vOOE>cQshhMsc=N&na^i7IqwBraHZo#d#O
z)iG_fW0DC)-LA!(99QD;@~w=vt5O$pG?n~xJZ2wt@>(a3N7G=f=w9dP&GPuhw|#Fi
zHB6M>mj3FipRD}XKzn!dnIBzqKVG?^bX)<jDM7^Alc~?2Kby_8Mb8?}fUD2tc%Eip
z?vLiYQ^%}}hcEZ;l<Q&Akx+M`B$J*Q{#7S9Eb*+hNi;=6>XGnn=qsw&{rD!gpQ!s6
z`isSk(gA}aYyBZFb*S&X<B%bRV`iw`UwyAJeI=QngQoMY`M*Qbxe6qUGdTRBl062r
zqx~RV+2YTA2%jo+PS#$jwS6{MH$SQH9Fos>96QxkIMtF~1}O~kY3atX419VoBdZ~(
z^py^5uhd6gkl$4bvifU-TVuN1U)kUdDJhRIEe)#E6ZyUJBbAz-m(=tp=P4{cT;a#|
zXu5x89@*{ndw1-F)f!YvG3Kh{j;B@YzIW9DU}dxEmptUrmQe*wPfwR$*S3<-|8FFg
zYT%IB6ORWSz54+v96a;4>=-F}HlS)&`3{#PX^3`&tRE#aZQ_9O=DZ@9HYFujGBdf$
z>kh&=Lf8S-Krr%<Ubc19JG*9wuduN&SO1_Ey?SU<WaRnk^<f-GK0dq*sE9I+>~7m!
zTtqiM`EASN+Nwb)&}I4b>5~$5U1(^i%FWT&Z>C>g1Q@v1<rQ<(pZzCzGG@H1%rKt9
zy}`Wozm0!SUxB>x2i=v<E<fG6_Pf>~mZ12V8k|~B`utS7ziMoVuwp=+TjwZ$zQ+^4
z$KUDae{G!4$atil;;D(*tQs}sk;tIZljj9+5psq1woiX3FY9mxP`U&$+&CDe1>a$$
zTC4oRAbcADP@LGKNxYRt`%&K`Spz+Y_%#mBnKXHDisqo8VlIj^z@Mo4NvR$=Oy?az
zZq`u8HQi^8aPEf}Hri1Eonmw(HU(HJLN+oeoU5Cg|Hd&)N@~pB7()fod-n*aD@)=*
z>%(GMhFw&n7o4z@v|npV_V~DRd=PwDnXIqzUSCsF(;~<|O<2&p5G=Lm@$uA|ztUc#
z(j%Y*U8_{Xp+<F&fXzX$5rhTU^>QGDwExj)WUtzEYNbfUKsYoCaOQ%dICGK8-qX%4
zy3C#9BX_+H)Iu+H@h-O?cBYUjKEyuTex-0U>S{+fw{-uj<P_P$uPo{8+G8(%mtA71
z;~GR@2bpg{ihlNQz6;y$O}-NP@f3hwe`f)GrHh^f>fV7^VB!>|1N2$<9S@o(oQL+3
z_kJ4W0?MS}<fS)?AHkr1i_ZTRMJzOPk!rt3A%{Nw^!Vv^5sJ*Wya&`ir8uG~P`WE?
z{<rB|by#&~_>Vfz@hll=2(vq1zAG1EUlK;AP91#{-C}~M_q%g)UeP)?&7W@d|H-^s
ze-Kr;63@nDy!^9E)jo2LbymrWx`UP%%2Y@>!B)krvKV)pH^%UI`t|38%R_CdDBktk
zD(sSDMu}Rpv0}_Y>SRHq+IZEkY8cN>m)=syDUx<Y%;K-b5Drkgu&tm6!J^A`^YIR!
zLD(4ST*iC1>j=-Ea|3}dmtxgZ>f_@xl3VAIMq8rZDj_y;@2>mKN1&1Jnw;Dq68gpg
z>W^4;*&I6!`yG-mL!LR?tYu<Gp001N;F}5X&*U!2r<^i1HFfV(+|D_B$#+lm+@GhK
zQ-2xa^=S4&qHVxm#2Oo(f_Abz5&;Gm40FW=Z(yq3kP#CNKR<!c?|zpuS(7@1(-j9l
zWB#)0UE`O(-yTI77J-3oZ(Q+vox<O@*I(-0aem^L#^IXk{xZkDiyIP%g{G1>Sk>-x
zGCn<$Y1}56VvpIAllOfh>$lx^x6t<oK)PN8rVTWCMDdAX;D4!-Eq|xpzu``I|1Mar
zCcM!Pi4k*N%<DNqdLN-`G5qgvveQ-Gn0Viq;`;?#xz!f`LT!iEHax!Slp*#wA38>y
zy7O<D^c}h~%U=j3b>(Z0BgXjGgoq2AKPC{g#2C<lEZ159u2@9@KtB4j^7C0e4m`8N
z#PFxBNWv|w#PoK)NXk}>xA0m!4kvdAPHX{VF`{KOS+rI)Z2N5A(Q=*Zsrmdqj)uaS
zT<)nG;((AXMcoW99;exwrD{&2;JBeJ^RT(z3HQq5CYw3NBU9xE4eR{AeEA~Y<q5jO
zNT=xlxR&LgLR+M}{v=2Tdd_;y+@0T)%N?8z3Erg;H$qMQVAz4-d7k&lp_uXBna)eZ
zpv#$&>Qwe{lkcI}cU<O{)wT~Nuc%q-*3Edz>FFg4bp=0eWf-fCv+Ns%P(Qb0Kg=mP
z@#l0KGG0RbP>YjhdR3?+J~#B^{?3s*AD~=xq<W+K=e75Eq2OH`H$VJy?m|^noXZce
zaP)L6YqX;TKYC5u&kJ`>cTTX{;aE<loGSF16wz${J<*H=N!$f{CpG8)XlmSiR9XF%
za{=}u+G{H~FlLzQQhIz!ik*}F&fN}>vRDooeghXoXb6``l#aHBF_?F_+n|6@#TzEE
zI)Mb^JfoTN8t!-j<s(hA5$epwGrpYF(9=r89}x$m2ZI=P4MS1Yi!KHYJzpuS-$e|6
zLliH%%o<ZZ(w6T9tnCEAt5Wx9LUd_UesXYf`aw=%Dy_cWONIc9jQ!;A@7<JshEiFX
zjo;LIj6G_g0SuQRHY-mT@bbA%fQUE@Ri1Ywq!@*d9`~slhYmUl<B%*ZZVGN|C#%b6
zt=#jU@}!_L!(c{2@YpcSNB`r-fuH$MevlQZyNVk{q5|(S<Sg1-TUlL_FVfIM4$aKD
zz+?2pT!4$C?t`bg<Pws5b$k)0t{W_!E@jb5znFz!<f+0x@uGpU-ex-@23&gf;=gNI
z(%7Y>JjYy>@Og#U{bh`zim@)5p7Y!1zHBdZSMZ6NoZAMi=9QdVHhTW@F)y6&=shTX
za1>XkCik78yl3|NID+yRqn$;5M!NmCGRxi*G_8|+SNp=`BwkxXHvWU1%S`w7?GUy%
z72fbMjP#4>({#-`GN|vriyv~hCe8s2c(BqNGk1z;LkQhK>s6=Ba441H;|-|mc4qvg
zY~ju0dW&Gxbb?~T)qO}n_7$XPmph4n?A6it#@A-nK@zHksqa2ldrMkTh;n#~6kiL@
zPG!L9ZkV6@Iq!+zWf&rnqOGSVfu}c_pL$;oPTjaossaRQcL*Bl<skUX2t**g8a+q9
zeTG`!GcPzTX^y>_tg+X~<Bif4%<{9cOi6Rc9V$m8^>#<~abzM7i|I6+7#oc4X-Mq}
z@2<+Qpn)zFzk{O#5Cg4yN(N$i{^{GHAVz!KboN58JcqK#OQhC3vBc0YeiRAggz?y!
zMDSKJ91lHZd80n{LwJiZq{)qon^*oq`kQTogl+eLfPfMNnnCJ5{3g|PSR{KN>FQUv
z9CS>Tov#XQ*}q>-jz7xLHyMzfD|b8<x@uBOl1TlXmEJMu37!cJ;Oi?T5JY@)<oNO9
z7aeR_s~~YniBIEwB<Xb(-KT9fmdQ$u@$0#tzmZ#&AWeC+P79+%H{t&zGg)(EJL2#`
zXDlN`sP?f%-98+nt?L%q$HA<-7oTD7%iSBRdw1l$=a2V(g{aS=UvewkPj&td-C>~L
z1~j+*h_9qziVwz%<Jvre6U%O#K&)+4tqk8V2#$t>nRQ8r<6O=->y~o;gzOsrZAWE!
z3=2PV)Lm81hm3+iM4>CSRHs%Mv{hl7f4`UT4*SwvRTZMGE+=S*2vI-aQ+K>2VgsMJ
zn3ZQ4QhB9d@N`2<i<HgFbe9^tGAgSk1?j%gxNlMWuiQD6H8hGKTCdhWMxI=L-4^8(
z?(y){R4>Ik$MZJRU^(R_<``Wt43SE?9*T^qVuN6v*MaYRg#gKvkHVK4>?F)0&EJzA
z<4W`(aA%Mk4xsYqQ1|sU2!B8gH4z{Y*4EZ$NF^mjCK}B=sciQ};+i6o{d%A)a?eq;
zD8ZP-?xjlh!6m!6ou-wHMmt-Ju04kY6U(TZ$8{6r_B@=mL=UTIx;6&9M#7x_=rhjW
z-$JiD_o|>ywe1c_tOy(p{`?up9}}Vs;%Gc~{(NAn@?`Ax**%3Lf%XCPFEQ&3S)9zw
zc;<TNXQIugs*8;8NKc2^RrfB)8PHM{W_=Nze-dn7PjyZdvO(_ZRG+h9$cPKr*l`mD
z;Ms7q6-5qxb+<yY*e_BvKpkK%t+<BH-ptH&r#FDneuan==ftfJwK^tDxb92$VPsrZ
zKi5HsZIwjNR7R`WX%~J5m{RQk*r?mCc=$d<l^9<@G;6n#sB1&m;M`2zd_JvbZ33jZ
z3LsH;QKTC544@yaINklDQPuT*Iuu`iJ9f?VNS8y)d&3!twdsZ<Iz(YZR4B`rCFzHz
zL1l@Rfy-#UC+qd=*NLHq0wGkWt(K2#d{*8fm9272LNU%VzB2jTHx&)TY*pez@h{Q7
z5?S99lyZ|oWxJ}T__VfDf-OB3=FoL`_DThK{G2csqIHkzg`l1+tB;vq&1p8LeC!1~
z{O_}_sb?I{6BT@Sw|uEYtT9kr(WMZEW<`1!=;#YZp0Hvz{_}0Of-GXvmm{s^(yA;?
z9=$D0rIl@3AC6=~pV&JJoMhUqF#B|V3&$_~bI?MwBY>cLlojLGKbY)DZ4RR-Oy!X^
zoCdF-L)2@s+N${q4Krl>H`ArpJV(IAXt6%r;}Z9-gb2k)S0lTJfBxJ)8h}Kcl)8em
zk-+kEXe?(_{Mcn4%I^(y*rHNT0}^$yMOUAtt9FgOWk~gJc?8DmrZ@e2`1v@@=zElr
z!eCJNnObyD@^cO8pF=!eU0l!+6y>S!2?BG=Ph&ly+4`FYw}`s6RbyWGitPA@eXuBe
zn)A@y0pZh1F5XGDxa>lsvZEwMVBiidwl8>z%f5V7hi+F<8zgQ#DqXcBVjUsa=7_z0
z80YfRtOw6{S|w%^btj-s<%pN^gwvd+85uG{jl&%5hVB4<rn3Y3_ppVKGF>|*%h6nY
z5o7%<&$92wd3(202fpvs<d`U6kihIJPxl;4Q3@%qvb~djwN!8iW2WUE@#zZN+m7cs
ze&e;wat;(s=%%~2yh_U)=!Sd{F2tZLzp)dh+&6s4veN8;^mC=}#Yk?0`S2U)#u{5t
z;Gt1m{i_oRy2rZhPQGm9Vy>5uj~PPzP@C!MUeEdIuDg(rum>rXk%7T(R<n=3hr{SK
zJ_#orMN1{+;}D-p^{Lc+S;K121=%9|gA1|dzlMX!cDdbdblY|?aEz;GdI1>~q6{_M
zn*(`0?b8$Auera3dhPkIIL?(iW0^sKWnwz1FTHt|o}Qi<igUXG-u+`EOhJ0`2#GU=
zE}(7JmB|VS50OO4+?!83SLfQA<@fo>vZlxD0Z5vd`T#faFvY3&3={G~Rz)5k+gzLW
z_IA16a?4|)f*X61UNL7g985DQklO%g%#-$Sh`*_lUNfC_|2q;OZAi<^#OQ@0*{0>x
zd`~%@XoOK8T$)cD4a^ntiCzdZ7mOuodf0LSK2SP=s(<(vpJaptn{Qm;NOT{K=sJ)v
zU`b=^HT}|SzX=4A%Is&#?1la?jpxq0cV%At2C>n7?fR!qof?_5*!4d3Qu2SRR@&wS
z5FewC8#wSf!dd&?S0s`i+;i#yiAY0}&Ac^bp0YJ}7UYRgsJB+nSrxYp6qNpZgWkTC
z2Js65*xfvOd&Jf}s1zN)K5JnhQ5-X=sppAbAGvOulNJ})>7@!BT6lp_sOW2aaHcdR
zEl&XHYVN^32y;(h99SCUdyD9SPe1+jrozmbO%}$5?vrQbFPlV<f|klRC^k;NbLS3q
zx`}MM&wGylzUxY=suqb+t)>HirF?KuaqCwTA$^p)q^+^B(PBr!aT3;}3RR9t1DTk~
zVAG=jAW7tlaEu9Le>CP>JX*9IY)|m4#kJ{FrIxmc^HWmw9Op^dfl;bLteX))RWG%E
z!o*i2U|A;Tx3e#R8RY>Ey;2IvF;=s$o&wWdL^Kzoc0oFRPW^f1KXHE$A6QqWutX!w
zl`B`AE?-to(n-F#mz|Gvr`GIPUs@}@H09iI0FvgfI9Gf3Y@d0%eTyk;>$$Lr4@Va6
zuPA_upWY(WzBYQ3tE(%f`5}VrXlYWyaB#Dk@1}E>V2nrK29)<o<6}rath)mv!i6;;
zbS(pY_RJye+4Q~*Op$&Ddd+=DT5eCcN_4cYfMY6B1)d6HV-g$xhq(qQngt{hV*7sn
zybDVAi4jI$Uw=gQCIcopw5>wW{sIZQq?JO+$Og%aA~#W}TjD3QQ0WM`+64)}f*07@
zQ(NA*yjtAS5OtNpI<@gE^khBFV|?4kJfAh#sV#qzjJ$c!s>U;;&}Xw0B+zE0k2Vs!
zmXdzlq2&p6g9`+Ogk%F-TU$W@@qL9}#`@c`di1KjN$8!FI9OGAQY^>E#!3N=1(WuO
zo0}UX3hhF2e{`z1;EngV5YudkCQcGHr(C3={MaSkn#y+^A@B8l_l*vI|BRWl|Dyip
z*}|*P=jk5IU+Btpv=Yyl8PoCVqPJ*mor2C;WQG*!QsAp%&w*263I1l7+yxqe#tkR;
zG#ytY{mW2;n51{Okk;=-%5$$JD#Rnk5;xe0=vh1Re`##P7iW(NXBhnaWE>*kQ{(u<
z+;lj_Iobmk;YK%<Qgn94<K*1_%ckXW4YN(uVuC;S>Q~fyO*@|9)l-ZnxwL<&x+3@W
z42+DW(2^7hg(+p@FNtM6eY#t2|9)yzFY_r=(g&E`p;X^m8;Q3&csRn*nEvG^o_aLp
zagI5oDy#R?n?;ljE(*lPdwLe6o8EadGpA2e?5KU1Xs@g`f|h>M>|bQjBB2k%G2>6F
zh-I0uHp-AdlrdkZucLZ1N|<k0VVDyQD+JDlG~sH(dWt@?E}XxZfLMgquX6$e8sk?m
zmfMrhxNai(KIvI6(hgR6Q`nxcBqL00YMRT^N{}DWv2?Un``Z0PzPQ`&VlWcy4y!yV
zq^EU--~1vYc5+LY%HOnxu6Z0g{;5lDdfWA#PhIES$Fi6ln|J@8)PRm@pptmd_WnH^
zRB_*i^hue4#MraY2KD)wVqa@JJ8j{t2G$OD66%iOrMiyVdX_`|8i`#<@;BrgOgxIc
zoospe%9W#5R#p#G<6R@~i<79$HP{3urrL9UmituxFA83!nwVB9h*Lj#^G3n<=1udT
zodw|Dut3_rk{D#`#<%*~9U!F^Z}bgshlKZ7vUMk(!XlB!-_fxD2H9_Pjfe+71U>2w
zzR-FpX!n`yA;fRTJg3ey!T`L8<R4FSK|~CRxfwvGu@l1DVp-4McMXx8NsKshZsyx+
z$j(hN9yk&i`}GRCS(yV0d=XNEw!Eoz=z+9!CJ6sForMWcNOEDqA90)iI-QttDlm9H
zemq5ms&0`01Ku2((;miUzcf}R0}J_Cm}>uABB3zYlCx;g7d+%LltZr!^Y>||FCwv3
z1nWUYvqEOa-iy#-p&WGVlh{~3fRzV53;CCCg6zJVpB5Drq5n)wl>hqm%X*oC2OU)c
z!-?m&@SSi27{hd%t*e=oKY--bSQ|lgyFjBJ0T2dkkZrZ8@!X3W(%b*z1hl#-4TZB7
ztTR~&iOpc1-2(;gP<b+GXP9C4pw(5<Yc$(I@kQ+?H5rH0J5U}DXM7pQPj+TY7dfEE
z<AW<GC{Pk}1bR~v)6T}{oz_^poAfARDPhbG4cS6t&QM>M+<MtYJ%Ho{mL5&poL^L5
zuXXNYjxd5E7Z(>_!%4k4OG6fg!tCaWl-)0?Ps%=UfqQu33~%~lDoFRabTct`sKKI{
z7;0nY<KqLlIy^j#Kp()2);2at-EAClWM>fso9J9iz6l$u>yi<eB=raXu?Zm@S~g5p
zMkdjy=l-*6>qu9Ly}`y*YkbvQa|QUhus~Ziv%H`l@p3L^NI8EF*=Pni=L`b_I~|r!
zhm>HkMqAjyl84c_rQ<(7LV})wSQaZ=B^l^ebYMNLRV`ma8rfs8Q=1bRY>-m?d%F!3
zAlg^D6Dd`efpYJ&5N&B_XxM~wMthNy)B2t&F!VpR%4Dzwdnp?asR|_(6~~;Mot41k
zN;P=CLpA>7ix)41s$^E>;Ts&F_<}FZ8sABNtjg39aW2puuMAASZs_fI8-VUWIvdQc
z8c2rO+nQ>qO(k_h($0yOk(mEPN^w-QLRdI>+)Xq*;3X|){Lh~wR#s27dN!xtJW9yo
zB@hO-bTeFnkWJlUTKY1%3>^LpO|$#~u5d9v<_N&=bEwHRczGcz2y;3$?hxrymWTy=
zg9W(>DE%*kQawLg+%+8i;Ik{F8`QD`V#?0hQATEF&^BN94#KDl`5Yp>-sPu<Zz0&S
ziwAq(4=0stOQW<z)(b!M=%ZyEJ>|!gNq<c%8HSdPb3r88BYC$S^Rr;D-Bb-{%&AWx
zUkCB^m_1@Ai1O-&gq3xl1nEZVX<;LQ8Gb#hj{j8=%+A{m9{(Kx)XD&4x-Q9P+_9F7
z@`xJ)`wcO30NXkXvtq>$9N<C{pVHFOnDD93oF&LY1sMkLR{vc;WS1{%;kjr<T3VZZ
zB@*FO#OIQcYFG$5*Qf_Jf7ZexjuuhC3nE-cASp~%P@Rp8JIfFi9N;WTPr7Hc**%b4
zY#bfk|FM~(&2$fZa1g6YwiIdLyedSxm_#L@c_U*Mb8={7K=~g`{|R4>Ce;N?TS8~i
zlb)GSSlf{3^+~c_2!LQuUv(g6+~CXDVBQne82~v(yfrQvt>h|zc(Df7|C71@F#XXa
zqqgQ(FzYiA^eDNbJhn?LIH(8G9ZtJnjU}j0yKBm1PUO<zavH~Q;kmfDz?FXczWvYA
z?-zb3Dx{^g8uowWw(5|AY1LR(tIR*F<f|cy0nSbA?CiJZ=H}SBxmoe4_oT!bNbend
zDqz|?i83;7qm@LMR#7Ncg~&CeOGNw7TV&%43kxf3aiD7&Iy<>xKKgBFzI`-F#}ASk
zXxPN$NneFF%Yk=gu{g?;(hlU7Zvc(#h<2nW|A27#22@xE%=q{?>sx$*+k`Ush)zJ{
zRUv{mB-q||@sX{p0Q5oYU=@cn+0(Qh!dskk&(Wxp-6>&*i~`GIff}{dsYabl4C5bq
zJM_4#46Ley5u>NztuZvq{V#oq&jQqRdTQz{7=Gds5+`-=(6UVXTxY&4fI(EK-nLU$
zNSPk6J1`?J>ek#|VvNNf61T#e@(cym5)z3>x4s5Tvxy){PY7q}2uM{3sgnY`v`hxp
zz^OM_TNTJo2W>_J$Ady&q9gx+a9SV0yuXGcTHco1-LC8>`^$PYxZj!=?LCA@$`a)?
z=L0R(h~A_4w|YTuTj>tM0c~EElf|Wy7NlgP#RqSZ%4G6AM1GBlTlU<PM7mES$(~3M
z8OE#|7-zaq{x-<A)lG%IHF9!tXCXTt>}&~d(i2~PRuL5?vu^d!@UY0-{MgB)xU&f_
zeaUViEEotO@<Yce1Jd9C7MYEHp>VS26--?yyCDe`Z52Bbp}9djjQ`9I>iH_{zx&_J
zirz-6wgrLKHn7$*kupAf1SI`-2geSw6G!t<gTU*VAR0E;B?|=pV_%===@=Loj(B-_
zF>Kse4zc3cloUbe$;3_e_eJjDh}J%gTPXTiJ{33t|D9q@L71aQk8*kb{nF6ho_CCI
zl%4c$h;o%D<Ikd@E=sd*ow<d@&i0QV%^`sRNe$Z*qT0~dnEA&?l9KGpF~dOhgPwG&
z_|sYs+kZG5>EjmZ)Tr_tI%HPFBm`ly3itM``dh^6#P)2eFvHl}+i$`P=_6Np2XOB7
zmiy}L%o0eqYjy(sHMSdVie!vLK}o+`OqbL^>Uk%OeMEXOM7oHfq2gapw8zXajH!2d
zmxzDi2gnx$wfllairlk_u>rLkak*bTlK3o=GglWDla$;7J(L1rJ|SX(o)C9zN>G0e
zJ!imkXU3l!cv<|7bWKI?-~vS=pRHc%@f|#IxjTo5flksDLID_$*og&~0bsZ!9iwZT
zTy~O?TfGp%;F*m*WT`^5l2O3mO~Sc!q-vV*^_V2W>1=t62hEU>DP~A^^JXIyIbm;z
zxd1=~Y+W79q}xIWP(W+Lf<cc&7c0D=PQSR69VTIMLvsW_D3U9MAS%IgWpj4tCN~s`
z`^E4fXA0SU{!r}$&a1=Fr`OVXd3lG$9QXO9kqg#wT`)UMsXvh$0!)d_Sfm2;^3Tp~
zNX{I{8#<fT$~+E!vO^>A#EchWY8(h~AaKJ9{6)N}da*KjnFxi#LBc#a;l@P%u$X<|
zo7tIf3m^j+mNvIrYXfG(h7EW07U;gVwifs;YY^W;O83Ac9$T1dJC34XuDY@TUG%Xm
z6aCs(t1bX}M!h>FGd0T1)z!}o1L5^iY?wIN8Z*8Dl^idmqFIs##2*ZdKzqfHO*oNV
zKY`@KjLodA_dvT;PDsAHg#a~v;AnJ`*~w_LBp{H7uG9yj$yo+e!{P9Ms)j{h^ak2F
z8xMBGhfK@ksn7*SH6C1zPG+*zn5iJof6!IDYX8~0!Tol#J9~uuFc(h1dLMSc3<0p0
zjFX5TmSU!)PuD_V1F1YQUvhhk$-ovl9LNzS!x<Leg?3y|D!%!A5MA8R*0wjSEi(PO
zA?Y<@!{K&QD=o$MkiH&(#vio!opCOB@$xO({a|XIv(TxW)XOyXJO8;S9xZ7SK_16G
z0clHTM|)}-T3h+U45bBaVo1LjBMTBW!aS<xKKbor)KO~RkjxrI+Rbaoet&?>y9??$
zXg5eA@s^%evn%K=zO%D)N0?z+Xxpbxr@0sm1VX~;i_ekW3pNj2npA&FiDUoRE3Hjy
ztr7dbZ5mEU1vbM#Cg~>pIU5_B>wCk=BQEvca9fP85))QydIq?yQmt_^bDBWul4)cp
zPb>=xOv)=YHDtJu<b7}__?{)?68U#Y1cai|#~kVE<yRf!!YiCbw9-OzK@75UaNI^H
z`qf2q=-JB)_M{Fzb#zS1o%Af~84$^xQPo2RG=V)xg>Abo30XEspyMtCJ(SpSM^~+8
zVOeNlf(sbC06xZMWuX8C5oT;LSXwplhhVV5U1f>?Te?%K9$hnj-WnKm%&!5>(V=&~
zx`meZF-Mb!XshKvTJg0+!<9y7Jf{4-8TsE~Z4r=fl`rUBbd6SxZKbcYJ1&<;Fh-m7
zU<eo1d}rapAc^hr(1%Un&@5b-omF4}d6$K-D3HuU`Npda53%Dw5{B1u|E<Xx`5~<+
ztDrz08o_Ud>9Thb(-PzJ>}5acVPi3yz)}be*{4aq(4x)sv^F9mlvfXs3Eag!grZ~Q
z!rA~FhrDvA=1_f%-(|4z?oPr6i7)BV1a&qiG`5PMdBoPj@;P{N$v3<xIvIJy#Kf4O
z#+e9XfJ3$jKbc|Hrl#*DK7aA<uo%Dq&y7nL&5-dbSQ$IP2s!eL`=5?6mYNm(Nyr}(
zmyuzITPSU!Lb0)*o*=vPq9^oV;>hK$TkTKitf#ec-M)f?mQl!h8A=ZP(2pO&*KhzL
zlix(QP&STi6A8#Bru5g43o`Wop@bb-5;tHli|A|arFg9#;}f4q^Ejwzn^S@DYeWLE
ztDJ#wZBW0m??0ukIyyLoMEjND(z6%{^SQb{$;yIQMB&5MKC-W1RX`ROaFU%KY)5J@
zD6-({vs$Y^g5R+71+^@=s}2rg%F4=qKj|>8Dr85B#UMD6ukOC1<YbE824vbg@^ux~
zyg-SJ!bGW#YmxW}UcpK`DC@C)*Eg~kA<Vt%0=&_u0TgR3mEa&ZQ5RmKzK{@Yivvyo
z1<4VAGD&5NS}@sDtTEsSV@y08SLxg4#|WZ0)}mjoF8yf>1j0Xu848&e9)O`}ED&t=
zhsM%Jzzsr><1cEAII`z15?uD)WqvW%!Q+?pOj6CEtt{jmZ1xCjj$RHOG8_QWjQ)HM
zNUaR?g5-MHaq0L_d-m~Tju$`3-}uLSvHYa`bK|-hhWQOsf(EII4L62>Or`0Xrqx@2
z4TgL{dJJj43*k*#8_5_55`Ni{{(Ct&`&dweXEp`iBU@9LKAf@3_vY0(7)2-PK$wN(
z_pWAPurd3P3bj;3>u-Zt!3lv7PLHV`au#9=(?ZKM`LBWjc<Qyl3}noX<o_1{3{rI2
zkYZy&p~BjlnzX4<r;Ln3uR3wBGV=}OU<>hC6J#g^&>5C`3sa*p+W0i7>9u&Z^}k5%
zrm%D~OtI)|I`Zvi0UJe9he8vEWkIzlvIjIl4$QUUZ>|0aw6@U_A_m6<;2U&M3V^1E
zM^2rJ@WUN{ec%z<mD4ugLV!!5>t|NIh*l`oJE-T~)Ib#3?IA0|mN6{}v%aCBfRjnh
z?7^$RWACB^fKb$~eIi26y_8e~M`0hHtyRbVxew!i$g>5{qWbHGvZhr}lM;cs*WL6M
zWPv_}yy^Ksv52L)k~?t7Gh*hbmcqDY;6;m5yv0wQI?6{L-DE{#3>ORJiAnd1H?i=9
zGQ{sXcZgvX_=g;l5(^P;z}w>5pf}_eC_BBgz!q%IQU}P4KBmOoKvS+p!se^jY9Iz$
zm^!wF+^JeviIf0R=&@3+DIYy=KrX|v?T9@b=q$FLTr{u2a&7{MEFH3RUX9l7?}h=M
z+^9^Lgi;O@KF>lEQ3P7)>+8D(W*{d=!9Pd^&e9A+xpwW^hOVyd5WR#<_60*=(X+=n
ze-$8qCz=^_^}dm>5#*sqw0F@rN@$zz@hxfO_2nOakj{1L*lJH0Ay){25b{O3+wIZ=
z!81IoaSg}#`~^Qb^9yByb+*IDjf-5sBBk*ikSqEepv4clj!%OyvqBMz#b#uGDs~&q
zeeC_mk6R(u0U^|L#JsQt&g$eM-(Qgs=vXW4_mkuw015^2;ash=wB4$YC@2GW!d0HL
zx4$cVDyIZz^$1Z?_Y!PHR$ZnNn1jY!FdNAOd5}6q1*D>EpyWs{Ie=clODDM`2s-sG
z!eEeC<(}@tK`ygKcS6KjGbryLui=K*^cdQqRue0aRvo3HqT+MFUS2`(egOL7!c<q7
zB#+qMe<0&}>@Fla{CgM7#a*>kSC%k=IOwY}83E`bXZ*>%$Y33aO`e9<&inw~`lbK7
z@qxiHEcANjg;GLu2Zszu+=QxH-qJC03tch-Bw*IFSCiy2n2Hwvy66aR4Zy`R8=xxb
ztK`(oX9(uxXAK7ZOC+iw+383s$i?n5n1G`AB0D=NtiNW}(cyi77!U9a`~#{%BWCKx
zRpJef#K0Co5th)KuS~M5g%M=VgSAk8f|xJAl7f{1Pb^>{KU?H4gmTDyoafLU8RQnx
z0X7`sb>Uw5s0F$A7z~rGt}g0}37spIhuL0u)x(orS!7p?JVNp=0<}cunqfv$-{8m(
z{5T&^WUk~eA#ZZ!DbybU)vf;GLjrjS0TDd+r~zcX(EeiYKKo9t^XJbCU_^eqUL|Ms
z`U8loo7IY0{RrrCaya~W{+iWV9#q6z;;ll057M+C7UCx#&Z)1G_gbgm`Ptdr%B!u5
zdMae~85IeuylhxK1+}lQ?^%EypTjIy2*=$a4Q1(88>8J;n-W#<vQFw%yn^^qVur^?
zZ}Hu^1?{**Az>7I6_R(lkwGM+Q0PPJl7Bi|MJMSWq*y|&)^5bc|6)Omh*JZ$hFyiN
zS#yHQN-(r#UM&R@b+H3MJxHp(0n*_RDuPBJy%NCCfp;8i<n)9nOV&N>Q0vyM^9NN4
z?w!k~1FLB3*F565tp5iU+a3XHLYeiQ*h;D)sOjbyw6oYM$Br=#$4l;H1q$;-wtX11
zyS(}h|0~6YRm%)&My95xAs6LUVi<TZOF3BdeQB%2e31@vc^m(6c~S!4f5p<9uhQLc
zT&yZY6col`orh%7Et)k8ObUs<>oFpYa#tD15B1-9PKaT`$;Q-}IzlaR;2(>i=YhIP
z=_3#(L6X~AB(mr*B5PiVtm0-zfD$A5B0v7)#D#LeT_|}oH~6Lu3V+#<!AGf(%nlW3
zIUlM&yR1H4Dpq5_+<KNV#Dudw*V4ULce+A+@5s&ymVZ3LRy78v7%n>j7EF5LmS50Z
zMeGi=u?{!d>a$7&Gx21kBfbOy^hKIPfj2Rp?KVNK06_^LQN06)2FRm*pk9m4(!+G^
ztURM0C;~0~3*CVRU%@chZkP<HC-3;&^g!L}gi`}1?BmCeKjb;vA+-w#kFBkOD8rN2
zulMVv87CR_TuU5W6)+aN0&JH1F_+v~MT{VI+6RgYh3iOB#faUTal4B!e5VXaAcTI#
z21q&W2-4gd+QqSxxv3?8pKd*(xBlwH>#l7`>#MIY2;pw=hW)93o$r{A;rsu%ufo#N
zG2B$iDV9B93l0*JvULqNmT`-`Ujh>ParlqWk7RNYQezAQRUDzVR`|Ky`!ruVo1T26
ze=I^T`qx#v=Eh%^BdyDjnRWxXz$uA{RU#wiHWd{r!uq*-2$?dr-UEl_YornUk85XY
zxW!vj<=vC@Xe<?JXM$wlj6~0mdg;kG9be_-@o2pyQV9u=`Y}YxfsAuvI6yQ-oC&ER
z_jN&q?4{-uj>C=SLdQ4%<QOCa9-_Z|7olkw^#6Qd|59ZY(G8d`OB9)LD8Gi3#)c)Y
zcfji!h9KLP6|c1e?3%{ZtZ6mL@zfvVt${&u2M>-vzgr5KZ*0)c>h4d^iPsmQW~3Av
zyl;m}HdjFW@z+)@1;8a6EI5;pCk&P^lBN&<RT0E^e|$o@y~Ao|oag0<>{tJn0lJei
zaC0NxyJy!!<IP|r#tL3}N4L8Ksij8>2O=z_)K}AZ3^z3~zctGUv+ph5)mX)x+(!dP
z({<fHWRYYPn(w+~R%Q{*UgSn9`S;~{{)BqHuM13?)!%8&yy{WSH;azE#Us6HU{Gr8
zvuEn1_$dSBSaQ&mHeh{XWWVLVwi!qHJ*WrfnJ{1Jbg@E8SN?x_QY7~S<dT_QM=2o9
zUuh(>T#?Dx$o=Gb_uNkpqFBCh;(K*ggn$6KK+rRYsbB2DSwR8FwdH`4*&%8uf}T4Q
zJq5J`y$3&;7P^?0i;Mb%#RQjfzDGFXM)<pH6R!=->+1N0j+{yz5iR*Jrs9o053XA4
z_!Rp;+QeaDL<<a!;nV!lm2Icr0kq}Jj9l-!gTJs94*f``g^VS7^oPBd8)$$${=;$f
zg;%*(5igHc6S>F0ZnqpV)2&YJZ$ZfrSgvS@I)Q$&hX0$)X;axeoH1(J@D)^Y^i%bq
zhGb1WYOFGx3(F*<Vt+D&EA$2bAFfcwT}lq8jsmwU-!NwK5PzEL-3_(Tub^T~d2KjU
z9bbT^iPR%;yX9@R>voW%CWzTNOzFa7w5%m9mkp&}jX@3KT2mntLtKL;G;-*XE5ngt
zyL#Kg!=}@6cML^m80-yFFSc~Q*5;piGxUkheaqPF{D>yywZyBB&t|Biw`i(uVLI2c
zN5GF&fZJR5wx4o*c-&R0yRL#K1Uqj%p-~cllxXIo(0moUqn+pE#x2Zn*9Qbzuic;7
z9^LPilNJ1_h8wlNys+@@&5b*8leH7mGqt{z!}-0z&z?WsY^HI^C9oz_YEGx@0sTk0
z+4f6$3Qs+AN{x;`Egxu^JX?7Aoy2x&E;_5c$Ewk^f3<k<Y|Jx36JO}cgUE)#Q3^7Z
z1SQDFw82^8#Liq}*t$<G@A41M57}m)|20A6EelT=M@P2#H^PUXH7Q0-tnD1CJ-wWm
zh97EtFYL8AteEuYVO7rD0ebcjeab^u&s%=vXTJ3+v4EHh!0fh0D!4FH-u_OnCRWX>
z@ad%u?RPEbKFvrAHa-8VEi;lxYejRh<*;Orj!99^izwI4hvmvI-0ciJ_;Ejf*Tw{I
zw)xMmT<{j2lgF*%JGdO>y3cGUna9oZkZSV{N&5Bc<DeGhHy|QanhLW!XQ#%PXFoZ>
z6yZi>WGhTxZ%rDas6qNYlm%|x4Fh_4V{l_FpS@Ra9ELNNtj9o}gQ}q+uFuWR#l<C;
zv4l8_6B+dlQwsMLns)}*6tqPOEIxor6Ya<o5)x8Y<jBi>SO#^q*ZSS2-HsIDs;|Ux
zb9jpQ%<~l=a2qIT{~8x1dDTbt?QY^pVK)CYc}e`h%I*BZp;Ln}U4<U;n$ZUvA1khF
z%Q)j>e>j}8K2p-=z7Vv0g_0yuDoKya65?DdzldHK6veZS%GTD_0tTx$c610md-m+4
zfx#YKU0n&MKCQ~Sx;hGqgj>YXFgth0OgxI1$c915&s2U`q}Rspk9Re-+&Ao^`Q39i
zj(@mbxh?FqqGJ5kXu7y5xzV;?9@3F&KX*@jy6%3Er?#tv-eUIU+h@sXXExext_`?&
zr&PctEh2t;tr*TfWn9FmeY&vDE0nOk?X(t`&fta%`{zD#_zQj#|LgsTmj@a5y!a2(
zdTh*fNmJMUT{sC#KOvKRna%Z)Fm958U92eB@6lrecYf^BA1{BcJ`HVd9;>6TfBf|6
zD9Gk!|M>91gJW=CTiDp3D(3W|eT&Dk2Ae@|kaCtkPrB2@#@}sSu_s1M0XaP^53NCp
zQG{%+Q|1MX7D{a%NLr?8>H(uXcCXv;Otnmf=;qx%M{295V#_Tk%jei_recrvZomEK
zZrLMRo}gs!$)5ppHgg>te!r1Vs*V0Z7}$#3#jle*w7lw!)+QcfEl;FNY__5>0g+yF
zlZ`MYPqbfVA93r;yYWUJqaGL>R7#PTl9Xg`k;t|Y%X;$Uu%DkFEymaB6OJ%ij`oG9
z8I44@ZrKYO@!WM89-29en=G=Y#Eh3sG5KCKZ}u8|X1L9xt0bTG*T?*m9GV)}Q6FC?
z9)Ho7WR{Tk4D79^BFa$%yLIVvj;_Ieqncso9P5Twm$^**8pA^)^LiSQ$H(jW=hG&=
zK5_6atrYD*J;U9Y4|A=NVHTN~8qWUCg4b$cVuz46nvg)lC?dyq^dA$;enqW$tJWn<
zxArjM!@Ja*KfSi65t9r!q`3GitiyV15p?>xp~*FFGEI>l^(i*K5|Oxbm5!&6*p&*8
z{-lz9H~AH#w?Hs&H)ogz;Jh@m8C>f{Td!r?2Cy#8t>$5)p5bh4zGx!@bBJ-uXh%rc
z4+Ws762^SeTK9atT@|_FmI(Ag!A5nK8U^Vv@u{h5>({SO4C}updzvuR%iD|k5BHn_
ziv*p;)Rh``j>Yr1Kp%EUU0%bjH1e8jmzVWB9OlWshQk-n^o}3*om+fEMIkylzJAQr
zd!4w2SCq_-<%9f7J;UDEEdB{bOi5VPa=}y)VTzhx(Y|=5rF|?NV}&1q$g4YY9ie1O
z2?~4S<Km7~RaeI+CLa4eI+`W1VZ${dd;C4bqqnCiU-Pcp*i6RZ0E)#2deQcI%uhwL
z+NnO6Z(9EmLsP$<PxF9Z(M?ph{29fk=k-dP6>>A^-}P6pFRtA|Bc|Z#IjXTr&RV(#
z=B1Udp&X|DD;$?=QMnnn?|e8uLRxf*Q_;xq#toDOgkvKvXo178>+$Git1)5*0)05~
z`08r<A00S$;#1Am_sP$+r-n%EjVqZX@_FU@u!*S%UiE^PU7R19-@J!(m5)(RKT_|D
zRB3b6tlPTb&cX}OF;uB7Qa?1?c;Yw`<1I3l<vGRXTWpP7FyZlBW+i{7ZHs`7wRI5m
zflz?~!Mmr%uxr<;!u)Wqjq2@d!_CVA?m=a*sq3G<O*|)j{YcinD55@R0}ZF^dw26K
za;*1zO4p5V49BXt{Cy?H4zWlQr7@2#h1;>F!Z$RMvnCnhT3^(%oRY@qwi-9byS8V_
z6ZTw^oUC#zc$9L*bzh+x;#Eflw7tG!-(UY&vGs6xt9K7HeG-6Ch(S>4rve3EpKvn&
zK3-LCGfZM=aOL7!z0rP@Bg5Uh!*DxxMiADER>L0QRez)3z@R3BIuWn-=*3$>X2R<m
zS#CM=K7G$Rm9U9%#fqpRnSUuBYvQbLULOTv-e6uuU#5De3%Gu|m4CEoWzfc>)zt&l
zqU3bLBO>Cnvvt?g(_8-OYmhiwLc4d*o}m2ve689DmBnFtaDoC%g9kki<07{bF6^_f
zcjre17)-tI^t5bD|Fi@DV>M|F-Kir4K6nj!F(F#?tHB}SIl~9n1U@?-3--on)p3;t
zuD&x1)0pSaPb8<L#HXcc7#SG_P&^>02No6;PfySBb)}n#vH&YY$5e&iEP0bSnR6c{
z?0b6pSxx%H__SPPCH1y+5yGo0au6kb{`|APQZDlIl8945H|09V?Ow4=;>fR5%CWJr
zOW;kaDk}Ow{b2+RN>D%`z>L2|qB!q2o}O^3Iz^t_-<TFNr4j}Hb$xW#!v?#}cB9==
zw?&I_&kt{UaB$;K{~Nf)<NSP-V!AZavnb&`-x3uf$L63{l!6$1vKPM|;Se+Pb{c4|
zY@=)3O60qhss{=vF*Fw{*~JJS%Irj6+;x+upN6m~u1&W>#Q&T^H(mLnCep_xJJClR
z5yr)oVT$j+5lJJN^rU}{$Y}xzBG+NY{A)*C5=9LiGk*m%3lai+DJ;^lR<;oup-_fL
zMlCZd@h9|#6~@<=EnBq2Q8()t69~Nif%?^5g&{%w41wlg{PT&}BR_vgM?_PG7p}Lu
zbcn4ZIP%^i#WP_jlC6DRoN>$h_3om|+(x3nD8oJXbFgn*eIh|h*s?O^q-W1U46`sQ
zj*eN7Euebl%wrv0-AdrjT?z^c{;^-Qmeze4S=#H)C3-l?_G?gnwvf)MU9|6ofUc5~
z(m>-7QMS>(;)&60uit$ktVUDwqr(}PvA0aU-o2D<>um-uLJ~R#hqAf@MfjoK3B7`K
zYY22i;0T1kutW4=EfQ>^CPKo(!ewhzRaN8i^Ns!d{gXm*v%9|BA}lXRiDKGg#??Nu
zvpRiwav_BR-CyyTet(CAf){(<swqU}1W*%hJC(9^kQHu-$ejqKyb=ux4C=YR>$pYx
z3mXah&I6R;!=ihS5;f=wdUxMtMuXbQ$r)gaYnKd5x<S2Q!c5s_vojE>OBjva^;D^U
zBjJ4=tQqSh?d<I2Jrb|?A_UfP@O$5O!iSNp87B3c>Ya=p&aF6sTf(0&AJbkN9?Y+P
z{{}r<6-f2K_2CaqJ#)9PvS#iiUd-~juA$^b9Gb=(mPW*5dEi}8w0Yv)uF^7P!mmEB
zrBL`(_tQou*eqdVt+FqXMQrH)_FofuMwhWt6;iM`pyDP0E3X8Yj2}7*N;-j3wgkAa
z5i0GxZN<;6I27X2u~#Xjq@*OA2Xt&MT)3lyhnow@%#;8b8FQBZDR>Br`qBsy=no%O
zE^>GfGiB@aBnXSR%*@7M7dO`0onifzu8vxS7dU7YiLyCu(72sOd<~o(ZGiVyUiBZN
zJrVYyvW`6!&}ugxqNmC-jv$w*B-c7(#E9Qtafv+7$!zMaY^<!Ry1F3@+vIe>*x)5f
zWU9l$W*adB7I1A!g2-gcMY_cD(Ea`5>8be+2XkXX`;?;EByq`fx-bxRQ7|w`QYaYL
zQ`ZEHtgsV4$9XsL*6cbSTJgfB$)Ypgg-SBYc+V8kTwHOC?mSwirlM0E_JB#n8DU`P
z>4S$4k6*kf-Xh_Vq0B%qcc?m8GT00nV>jWQ-bZ#4WPH(SEEL%(Z>Vo>{x<yf?4My3
zF!f(BLN=MH;|8Kzw1FN}9Q%V|;&v#g4h#N*+?|R%=Rpg|;|bA-l9QFwgnRFBtg8g9
zP9)+&UeceRU8b%uWC&(X2Emj#4(U(O;8PP3a~xoRFmTCeLAh)TMhM(EaJ=1TM#{_B
zlVbY&PBsv%Ny6bQklW|m=zOyTR+c>i0z2TAlO2e+RFQyAHRGT7ZRJQUL(~ngct4L7
z%ouL8G7=ql@hA77jgK#p<f%><xt=HwF1c119zf(JCUg-acB8_K7N+izFlT)Sbij@S
zST_?|WmaP%&i7awX#0fN7fvSRLsTl$;mf<ris3LQSNuZZR!|_~{8^_xC%^xOy=`ql
zWdl!kr^aZmxE;c&@$9FhLS=R1PZ0iJ^o9~425amtJHD{~uCcQgg#8AEdykpSozt(w
z+sZU~o;d2jo6UUV8S%clC{0Y7Cr|k{EHVLdINvg1u25EPuHm1z=cB#ma=-QVZVjOw
z?{u^0V@i5kj`Y$}rau0ZGNRH~@}a1y2!!fF5R5t#%Jz>Q4$qq>&=*WdXPX4Dz#`>Y
z&V3jbU)9$T8xLg~x%sL1Z3MZqOaj14MC<0yY*K5ho_Plt;wSa=_^GL>b?^*$Rf(lL
zI)e7Wxr)ANqs3sJR2CBU`S~b9dYr|{iHS@Ft(AJ!uwA$t>eD%)VckTVZ69@hUSf3*
zmn`vakq;`@=L2l_8`35!p<%cvpZ6q`D00lt!*uJ4vaR;#sJP#!o7y`)?fMDc0luhb
z-^X)&`-d`oHg$Gf{&+r6A^1EF3fi}BwQP)2d7|0ev~^+*X4G&l>g0?w#ZLsz^Y7=*
zA$VaVJFmFoUHDS_^l4#dXJ_cBbC&BxMut{$a<WBV{o}H=CCek~MQHoh>SX`&&bEC0
zL`Oshb(BC6zrg-DeB6*8p-mb_&Yeb5!Arz>T^)$?;g6>muGie3B%A=;FO}(Mm;w|G
ztsZn<xb_URqy(D9(ug6$!`mPN@f`{_9wO1vs6>tr9WZ><qI}yG$#M0URhT?p^=GLr
z(9WhBd{K+oz<m-hlikJ<rn^d5R4`G7zg1AjQ4nPiQL58k*NQ1D?4;$9l$1P@Y#F)&
zJV0Hyt9?Ku=Nxan>SoI0tqBt&gR?VBHWtr0%ASImw*0#af?w38mA0`to!Re<BN`J1
z)cLLhG$~8(;_(LaL$czPb;FKWqXZg>H&X*C$Jn*kMoeAFx|HB6T{CZQ&t0k0CMkHn
zeOgs2uI;Jjb{A+V9pI3}{SwAg{O)x7sdATFp4K|&rI!0LLob;FztB7;V%qjqpe8_W
zybX6aM!W|N0!{A8{PxMn!GiE>2h$?|>AzW<YhRc&Up&-1ce`X0kzd^w$knH!M_W2S
zT8fWEJ$U;{)u`e)TW7xdi$0l4>uRb`nAK!FpTpMqLcgs8`oVpZelr;ewx&u>8)mC`
zaX3`eJsZi^0e_~x54s~+T~~*^cXf0yGdBsjExhCx4!o>rVcKGX8BU=|ofzJ~S799y
zR=7)*d0M_{%z<AQB`+5&BSg5;s{&>o12h!snh&q}5F8$an$(II9Bi*@D~6B1iTI)(
z6)IK1Ay{Oy@!aL%j<!V4BrhYyaAaz^J9Ge7-c|Q3r(Jbw;-@GC_Cq&pldFKFs<_9G
z4?%^}1)XuEQNHD`&u`1R#tQ0SRQicSD6?MnVx^_yC+fdnbdvk_se*Ta50^T==nS=l
zSwQ=S2O%LUhYnG&po(7(;b{qbZ{HMS%m0*?u#Im|&^akqdECgA=<4Zlw#2UFGK=YV
zB5Z0nz7=FVJ`hn!B_rizv(Y}BSDob(@WeOhiV(yisCPubWniKvs0TWE3#zNDD<5-&
zt_jLTj=(YxV02MQ;*%t74FMQIbb!$270)H=BQz^D<g59!i2@$V+Ffzu#*LG@y1Nu_
zZU~u~nGw3<tGFbZ=a_EkN@*+ne6sYLT%LO9AZH%l24v?7m`;GkE&4oT8IPq6gi-3$
zeKTG`Tt!<c+`LEqMGM6aKQs!|_6c{5?Yyfnw<kqEec$1T+u<A~&9)K8LxsfOg+1q_
zP`7Ulk6mFzEOHvaw_$J9JfJnAa25e2dG#vH7MJVcD(1FG`In4}Or(N$9GCTw6LTT_
zN`ogtDb$$J$|(AkxOF`b82&Z6r55jqdg>$Pfy5mz-$%DC6W3o&v`+*KwwE{@+J9Y&
zx#rl~aF{y&fMPApv8NhQGtw^6caC)(-S_btHNCr(>fi@=sSE}h<}z8!qPJ;)9mY~l
z<?dp{I#J17X*^+$VA?!xls@Y=?%PmSH#mfI^N73pR_)m>EghXBVoih8U;h$S39jf{
zWw6p(I!yOL&$`fSYY8jzzDe1Z{HPxk%Tx&?Bj$I{)0<XXZYmSVQ<Ez3Q9s@Obt}k~
z#|Eob91b1Zf~>bgm{B^}!2}wqUxJp`2+|PDt!N<K%oM|s^MZzwZk?}lDUOYVK0a@!
z80FqI8(g2@)mmD4uerIo0#Nq&++5k@v;1$>c8By6{n={*X2N@796ukNi%HwrO;{0D
zjS6oZ`*CBkgK(ru3tlZW+Jm6>dDMU`7@BM)*a&h8+#G;!i^GpU6p<1*=LuOd_kP8D
z%psT!^wFq>iP8c<Affm8j;da~_}po@Lv~2##AwrQF}tRT8%>O+M)qM+`=8#&XhbQi
zv0}q05BzOX*sUDay5o~q%1jn#K#3ql?Y8u9vLckUSHYTkGmD8i*?VF3lUP%9sa$$h
zm8wtkpsefjv@<do614e9f{u}qfTgA7Ni8jODPBxS(vc_wUQnk_{ECQ@l#+`7w0-{)
zjUHmjU^TondWI$K1}Z6>qgngzMdIx>!KR&z9<20mK>yN6y?=IUH&FaNNNTEtMx88U
z(Rx+QW|;Z8StLSGR^xS)>*95%!B*k@YybS(gJIY9>H@i2{BY{Zh3o2iqT`owoev`0
z8hlU*S4aPx`uqO&*spHcFD3bXYY77A3H3XtZRZ(3PufHk>>Ho@>uKa~VE)`>VqiYv
z{dkhe#)w1e`Ll&z=eL@Acog)xZDM3(yl0Ce6$GEveD5u7QiRSx@JPQ@=EsmH#^E%d
zmVSSSHcTm00CdyF^Nw-m$9E%V!1Vpk$%gF&x}q}lwu|LS=QbzGdbt13ZzwrijbUuL
zJ9OMGi{@-?{*_>8m}TEp`1@nmoE|i>_F6zTezZ&JI3-a@JUgW3;S+&a8F7L^1B~PS
z+&5?2+02C7rO(n+-DlyUdXW0S@#C4{$X)WhOjHyF7sS18s*iK}#w5(^@6!__kr;EP
zhn0zLf#GJcpW01!#s%D$vs86L6H3kytwZb!YW$Al7Y=5;3vo!u=E{rk(L5EpZ5dXg
z*OEt7f9Be-tn08sv<8B9wjp;AxAph;Y9+;R0=h<ZFvdoY$0q$S#?msLSAz*fznlB!
z3i*gI^Dz~kkPN87dSIQEa}oT6!i^^o5rMK3e2XQj@1K;dZhxIqJIa4fu$a3O1xJqe
z824O40>A!-UR9YUp_^%ZJvLj@QnyACt_WR3mCANm&grGdFlE_02jUjsowR{KiEP3~
zI{{et?zy#z?;CW1eE?q3fgs1`^?Xwlp84zfFqUew!2(CH#%F0rvAA!k-W;uJI=aC@
z30@j^!^1goa?Z(;($dH6>{7(Vo`tE1H7VGY93w7XVPWw)u=wcgGekfBbCkECp>da{
z#P);3->i){T5Ueya4ENMNyG@5nSAKy>d1RVpSf`*{qQhQayBCLGX!k~up2OC$q#I3
zB$DoM_@Y8&m(9+FpTaioYFxLa)XqJj_mfNGhYx#NT3Sx(>+eRO6*K|PEK_{G7#{fa
zd&!RamE=7(C%J9M7qw`SEyV<%6`Q)AN+Qx`L-@%)LwS7}BGwJzzbOlegB4?wXGsEo
zm$cCK%7H9ZlF^*U_Mp~ju1^R68eU%Dw_E5Zw&6Mr_&F8uf9>;+Hq_TM=?Z5dXpf)Y
zPC%okeZCUm9&hhD>ObLnKQ&QXCq|~--?DQP9%Z49?y{2DUf-j<Nwr)M%<`eD?aHmS
z%p0x~UPi%`0q5xO>D4RxHER`@JbmP9qUlOrQ|Kz<s3bgc3>elelQZ&DkuCx*a~BQ>
zc*Ko@-Wq#vhA}ZQxlHqp=mM_6dea%uuj{MNy{lkGUqPg<A}NYN`I!sGe6rlNPHshM
zDox_VZGX=6mXGW&D~+nwjv*-SMG~Qf7^yApx`bj*g&Ns9cr3A3dDW9Q#;f5PH&CIp
zzn(QGDiI#l7%)3ecs+Gkvzusc@%%ESu;W#g<}T{F3VO4dQDi_SkVyAfYl^`LvkS%@
zUr5P$r=XeFwanpiMT`3_=KG0{U(~Z$W2OuRcirAp3U!Z+dvhv|%78#OT-7`a&7lYp
zS>^IwyLKHeRkI4{C!%fdgv}Va!rrI4dMGXXVSm%TT{gbiy3y3}KxBW9nJh1XKh|Jl
z=nWK#oV&k@^c`H`*TVub`2dhPDU8}b%td@O;Y&PMDMym6e|z&;wKk@P=3X5+3-z+%
za>7DF50aAwWT8zakdW!`-@hYe*$bAaj+Z6lCTcGyQ{xTH5@d!55znXoC*(N6M*T2C
zW6?fXbB92vOlK*ko1CKxU(t(i(<bbseb0P2F&AKwX4X*+ZLhU^NQK(w9ZyeoeD(At
zQ&Hj5u@a{)L)zLhiTnH0Sz^kn!Bbl>@`4m8$K4uVY1BL}wMr)b?!lTb__(kSM8lei
z*4Nw6#`tKpcGb1#n1Id81dGi8`HR`WDOo{_8Hir;<_MM&NLY=csn^-VZ;K6r9kc9N
zM8lGzqgh#4HsRIoh7=GF^eFW!<(h^YR_(;szwnNr-n;EtWdHvo>@9$@{GRt=KtK!-
zR7Cm#6crGqLsFFPE(z(B4v|(Ar4*6w?oJU9loAQ)P(Zp-QV@CfRvz^G`Tb|!8OBk3
z;@s!#*|_%FUE`<hW>+~6@6H2eC~}%P@op7;ey|X{OfUY3OgWjfLtpveQ@n)cv3>@{
zRz*7gqbJ2w+Ac&yMl!k`_zFVH$8FrBUR!ju9f&H*6<jem6h<DhcJ^zF>k<ni1ED{^
z7F|5JN|UcJ?)gpi-DlJKXS;u*>Q-nx)NvaB2~ZI&KuC|dAhH-+lgKD7+gFK%GLDX=
zJ-xjWkR6@W`XAV1;Vav<gHN<ksncZg+TFgBnr46SE4%_Y5R7Y7B8TQ2P~}tR8w(JO
zVEpfc=N+qtnF&ddDx34&Sod{31Pc$>W=Jn2#O7MNvvXe|A86R(rET@~H#4)cUL=Y<
zmV{K!_t--8)1thDUV3rFw9E*_P#kWnC1&|kMMa)awnIDITm;Kw^0nvwXHV?3>j0xT
zHEI9TP;UqQ-UHPb1h;N?0*X(n3w<Kt3M=a9Fu#BQUipK=&zuyIgAZxGh)MM+QY!nS
zHu`AJV6M6Ir85S;KHZ*^krC3`+A2N$0Syaz37O)!h%l8%eR%hebgafA9)4if*`alQ
zE%%jIhnUIX#cV&WP8|Rq_oU?v=E_wF`bU$0gN3B48%Bq5!W)3r*wcM+zjOo<{e9;#
zb?Tz&NjH}uKemrAW*@S}YPsA;n=G5-5&bf}H{ue=+c^$0?SD4G<*MG^^*Ft>{_MBk
z(CYEvKGien?NP?;ru};TDKIdwaVDYI_~VP|X=5`hD~_5xVzy((em{EaM$p%07^^P?
zs9u%}_GsD*-V3h{e!fd9qs|v&<|Z+GOT+_+(RWo`wT`TP^2m^3@4(@?A?}bO1kGX$
znwHQ0$40`z8)I4Xy9yR7xE7adT($r9^*!KLr%7-98+^afAPYk0cWKTR=sdQg*2E);
zxN;zoUIth-r%b9igqpDD4pqtObFU40voB}Yy6Uf={YPGI(q4D{ZrF8dqV(JKHz7<6
z-T(2`R^NF2Ak|~`{AKbxACd$R6M)qU3eN$y-1VR&MWJmS;RQ?!?$C~hJ|%XCPhU-V
z{R9)wk6*C{VQj}t?%PV*NFRJPUKWNN(~0?37VCf3;zOfX6UhgmD_xAlUn_!M&=v$F
zay+iS;k$Is(|F%}BFz)uwpCa2nGoE%_E*q}FfE>A)JMjgNB>Ibu6G@<Wuv0hr4GN!
z8yl<7hMr5xKI>4b;N@PSSbX9g5;Fe>vqy1YuG!aV@1873OA}3#jb-@w@uLDF7imtv
z3OLXk5RwJAQThD<8WOV8sH=9e`~KEEPq`hY@O?<XVt=4UybZB)xTF>~wFNIGH*%sE
ziU>kTfY%REyS&fXQ33eF|E}%#f8t|u#nr_J+NRqFAc?)ayjN9KykG_W9TfhJ;vDn_
z4}A)8MMV6lN-lH_oIDUoJ5^vyw=?sfL9eFZn0iCx$aTuHUL%2j7UObBs8@Prk%txi
zfM`vY=B2@}v`;lnKDhu?pP3=Bahb0){)eSClY%}qNa1QgGu#h#4#5YKo_PBDXnC?7
z<od%7bN$T63ESJ=tC+O^^Zgaq5XqcK6Q{zOsNoR%`+<M{hI%eEkZsZkG`D{s&(QFr
z=+%Z?#AJ(UF%i+gnz?@Psf4DO^^x8>0=Vd<;N3bALEZel@w^Ex`fbQVa$nT*z|hsw
zvcP6H`)5Ia&SNali=6AeD_dxpSRhGT&(kB27sY1VE0PaDhog2kVS{Cv*h0|;^f7kZ
z)?!Sxr(k|*X=$(jH;rsT$e;0aU35P@;>2^P7}EJEBfEdT&+ty&4%O9h=%ryVbSSz9
zhnR$2?{ZD$Pb`ln)wB(_mms)>4hH%|ytuHShQ)R!1HA##umNwixkL}$!FOj-F)jXw
zNnK<;vd34)Ux!AmKRP%s^oI#eV@<EjlWFJV<g`_boN{{tzB{1lqQO*G=|lrUe0;DN
zjPF+nP>`YJObsR7A5;1IX&c4CZ;CGJ3CIVwMh>2y;YNR|*E6gU?j>60JAY9rRERIu
z^bx&`s7T*u9WVc*tRGy_6Yv+D9dA<yXz7&(STNZC7xD2cQl7YnE1vWL$CE7n)KtCs
zA(G#$T-QG?9UJ4iCa0vNlxA<_iQZGxI_#22?K|mzm`mO{$0F`gEnvEOa#}1>9BR=6
zA@p{_@$nE;fzTCKmLnoEJiI>-ll<^3@hUEXzr?R~AB_{)9OvHixT6DE#%v{J*;DPA
zwq0n19R<XPHHk{uSGTt&_(=cF%tEqytTA+Ng!=y>`aiLRbK?dfywh|yJ8;XVuNrHz
zgz6b@cW4=-BmTEUAXG7>cT)~Fd+Zcu`daWqw!Ol<05omKP9B7nfSFeb4YR?n)Lq0B
zaB)8N%KAThPuMJvdIBDf=JeP1&%lkkNGt!Z-Z|NE!s*aaia9;TMw@<N4y}poZo~KF
z<*=_ETng{b6WHH;2Rg4EKZCv|@Xe?MtOu)9osSF#(DHF0ggi83>-f6XNs({cz<0_p
zkDQvCQdCyH@Z-l1YpS@KzYA47JI0oD_U!;#=InIp=C<ZDVj|bl&!X?eSQrMh?);6G
z9Uj{F8JnHJiPd8)bZD_aJJZ!?u6y3g2Ns2}FRm+Bh*J>7wFnIb1$}I`weQ~_+;GA@
zbZ#aQ3!r_+bsBxW=8ki_2L~FAx0QdnFSY(vRtqGrYR%v`Zxgu_C=={9n=}uMZ0dK1
z$>-m91u)gNE#n`bX({<P(P;$qy6W69*Zf@Zc~n(Zt32z@26z4m^I4sjwGms81z-f*
zZE4QKlPF>m;{F%D!MX<jUX^M_e;$VSK4{-b>Hkr%m$30ncoW5`|8oo=+Ik+$vrRU}
z5WX_}YjvczWbx4gkBQ9+>MW9lhVo#0g$RySD8#&IjpT8_Vo^Ex;?;0C1<%~0$^Sec
zDg(<SzlKOz?f-D0yp*s!_O!46#kc<O24iUx5Zw9TtioZ{RoGJH2dgHO#MFJv_K}N7
zr6x1;%F7dVDTlATg!6NUCMVQB1?~O+{s<dguT!5tb4}y@_puEbkUT*0iP{l0B$(>u
z|9$Jj=Uxu}O=6)=U_Fq1iDO8B)~1Qb^@~b1q(y(47v8vZJJ#Rjf^EE6caO`Nm*vt9
z`Vr9oizMb&R={4cf<M%e*8e|;{2a;OG9mXp&E!M9H(L4u$HOy8lW9T+v!F+72uz|#
zoT`{TT<f(6;^?GF4^%PMg|Wu>cf8U%<k4?N{-X{P(<9#o<2m!;J{>Hl*~jb0m@2*y
z$ei)`6RT51*_y@&Od=vN3L3bD%5Ce0M%<UtW;CP*uEP4#0Ggg>Cs!A^Yx!OCV^h4*
ztOPfkh!9#;c*mTv0U%(8FcQt%LWG8gS?`xlA~9FVcijJ>r~O{o&nsh&+-$1Xm9l?3
zqrjX<l=h6{3^;!9aD=96pln{>vP63<c(<@eDm>$D=r5r`EY#R@FLDxRDw#(Ohv+UG
zlb0Bn0)C&F0`!rgZD7jfF(dBczwX~%fhJwwNX_@f85vLXjGtPxOrzi76_0&?bJ6Ui
z81>i8Q)?-Iqr`V4HWR<xo9ZK{AH@>XW@h?3{#AUYVs(MfZgl>87N~L%=IQ@Lyzuzm
zW5*-LrQhi5+>7ZDwXn2&IX`cnnVo&+P5Hu1yyq*RZb<x%72dX4GGR9z%9b`*`?<fi
zR%rImwiwUKo}owMXTn6taa^`Hi9tURvIk=UUg0WSF_D;mp_POG4k5?VdB~>gIz`+y
zVO=@(3JEH;EDIl5R)1?0z03x%9@kjpVPH#W2ObEGu3p;XgPjdJUSYd0FfJ_?{-hl(
zb>5RWIV8?I4%+UL%>R4(;)oUbe?(1Q&REkXzJob2gF{0MkO>NBzEgGHTiOZ=AHL8W
zqMWb~O>jeaWhEaUEFRz<SdNZ%8d`@}g6U@4>Wd-$#~m3f0Y&u>(+j;!OlRzBJd=58
z_5=x3cPvM$8v5?modPM^D>#m3E@S)9jt$$SIqE$f?CCjsR;lrjD(6BEo&wu_f`5=w
zAyaJ8K(dQFuWv*C)pQE~{{jiyN_BzcwLf{3L=PPvREP{b$Y9U3I{LvJFuA@Yf3WCn
zN;Vq6Gcm?%UPhl+C@jw2ZZMMl&s~i>#&oAjnO-*LGLq!hcAW|<nh3gapYt5DsP<!o
z?GEiP;tn7A;1O-K>Z)zyj*h;*Dzks^xn4rcc;LjxmKvv_zo`;*KpXxXn$SeJ8VDOX
z%7k;|kH$w`!e)N6t{BN;;K$Pc_3Pb84hvP;wrB}jLMM0_eO>)&w2+`5iXQpBrp)wT
zrnm^i7J_}=3TQ)f9WD*7LG1ZMfeZN$rbcnPz>n><;{rW!>f=QCyYV4ocBM`xR%hP+
z|4`i&&x~zt_f!v{Jz7Gc1b0}$5_usGTF>bn-{y>Q1wL#m;2m^~y*)kevi@HA5;`I7
zP$e|WwCKtz3_`n|CKunn%QbjwMjg*k*eja1*sJXj7)2{E8*#7E2}++7a<oWcct3%?
zlf^~<8}PFF$QG@?h|!oE{Gvve7WcRFM@Z-mil7C0M;R*n{M_i*MKW!6&~ULCs40w~
zt}!DY?KV`y9IF(_rr0IGynAV0r^VS{-aJ@9lVpGm$@~6^2mO?2JsNa;)vY=?#sPg>
z@K7k)hip9fXz_rHi)TWA@BJ&ZOn9xpFLpfq&!do!62ic)+5hFn17nGeK1Oj^iN1#K
zZ7%KCVT4+z6Lr!_kGFxr{sG1)GQnu7H;a(=4+_}-By}x}l+F0oj%Jaeza_La4qBJF
z1R5z8gUj*0Nyqbll_uf`h^xTfDG?j|1>C(iu`3!a<({k@Uh4fbt5)3hJsAo~zHH!>
zomu$%M4ds%Mic$nXjYO80O)|iO226OeX@nsZnC-U)T>mglAW0d76Zfa`bUjKD-{z2
zqyi6I8pUeId`?V4>GPBI<S<c?u~)XW4zP7!j<0&ZF8@XGUs9I0GIoaf%ctjt|5~66
zbaf`TTP_!ZRQ{1@K=%R6IELO&p(h~Uex@vu$B`F!UBZI#WswRTY>`e~w@F&IzfFV=
z_N-aK5Nt{wsBop5;D&<iWCoqI8+Ax&K%D#LVDmEMpu;|L4l{jT9sus@1KPTy%K{pB
zerT`d@T+cMJ>YD<a(LBHV}2O%#Fa>e-k+rrs>0Ir?`TY;wGhvhx}ya=m5b7FU$9W}
zkaj|dDJRL;#gRe17y;bQk6lLHw_4!9hjE3nh4VCu(?0fh+*sl3nt$$b4;p%gB7;d;
z+lc5yo0rN*<GvMi@GdY#-f*@~p~f$Vu81rX9&>QS)x={*obT=N@S=AKEuSsNR|oZq
z6fOVijgY6X=+vb5We1B6SwOVk-buY*=%--76!60DwPPg(OxwQ>W^rF48)HKl4=G~7
zR5X!yw$p5(4ciA~=t87A%wm~(E=I-Dms3-t^Xun~VEHjKStuSV@kxmvX6xXiBPJ$(
zP7_4VCCgm<^LxN!KBq<XhWC~L7n5#D90j3$gF#*4R*MVWn9w)*&))zN+P1t-da>-U
zGYoRv@l^4z95)-mepgoS9FqHPUV{Bj)KWxDHw~c+3@M)kK2uQJWYGuaP*@BbHrwvX
zS(rX@N2AIib8>2`1?u!sH&&|c6K0&2D`#3`c<gEIkuFSATebV{lPl1}_{FDBia($W
zXYzDrFIz5+b}bDuL|j3??ZmZed6;T0XvEhB%~OTXF>9Ny7tf_dw<2RG19nr6K)INX
z*Qt>=x<{bt@&6u-5G#mMM8N5P5Umsj5cJHah3I0ENd(H))^VTyLzBnAN<1@mWT5lv
zl`}Unyb1A4d*4ejS6*NZRY(?X3FP`R`=iZcZ$phvZva@zC5*0Lpp@TgI%)qL@!7L3
z0=4Q#kZ~dijbeNtNMOhG$C&S_04sLO?O(eqQZVi-dGp7&ChDo2;`SFm)@H=q?_`^p
z6U!9m>elLT4w=%?Rm?lS1|v8LwBw+Y$yHUF0CL2BEATr-%?vyu&YdpD{*81RFQEdQ
z5tjz;0onjG=7&~<nEN1!37-9a&kv1(F!5M%QbHaDnmvM<56+iIs|7TX`RH(S`V3c_
zM^sc4>(Yxov_gXrc@@)gHay}OEvQbMMdA};0q1EzDZWl;14e(Kskp;nkx?TzyL`sm
zdgURQMSzgItejk7LcLL)7iOlz)J_>fghdGdFi|N5xI{22_Wq#$W6HZ!&TtipH@f<u
zRtIdp+Fk4PaaH`!&~;1HeIKTCz5p%?naUN&m>aI!LXVE-1Yuw8c$1_f+HOmwcJSWY
zoUSnVcB)h4)JGR-WQJYJ(^=-%i?nc!KUB!^g0FQC*`0x5Qd@`rm32()dd4~v-|;(I
z#)oRx<s!&~PK&+v!AtS7yvY0I9<uq~=e&-Fi1Dg1sOxY&jzxla0qYT*@w|$!Pn+A=
z3De(lUmH%52sLbdc|}3Q<*WZCLnxb-IQ4;QvzzkSvuC#(A~z*NC7kE${m7CQ`}5;}
z0{!>-7uW)4=*D4^0xD5KYy`?wiPG4k+f4vcu@y^ox5#j8kKs`m&X}lwbRxMXjYiI5
zlv$cXKb(xL6j#Er4K_lpv4MLsM8pt=*oX@5?QVrb!v%&3fj>&hW&+>fp2@o|^m(GM
zJYIes45?*6N^t2jR`y-@LMm1z+1SvVgmT8-&bjQ|7ZrJ67rfZ8thEJ++8vCoW)G91
z;()3ew;C=Ycddf?y44UnbX2pTZ5o8e97a$z_#G6!l#)`YDNZY-GU)g!eoRL{^YHv|
zwfrTEL8ExN^=EC;(aiKXhWwfxbLG+W7`vyYW2}*BiMQ}kQN;9)@qp*irOft4gp#V|
zSoJtUdk@pKtGRkvT+CB5Gh#I+qpI1Kvhf1^<B15r2hbo^&tE^AowTe<!ydpS9EDx8
z>q@?H5DDC_Qfe`+MKpU>R;r&EGOJc0zG}_;D3z)5g<dCQda~-%)c>E`1PC>#Rz(es
zxzV?*tmv)6@D{>b)lfja@)t($RWNd^Xk+G*af~mcb-os&^DW*)UWM9a-7%=Ic)pPL
znmJc85;(dgNFRYbX}h1>-&kQbT}F-bpiy|ns!r08TG%nWPZF1ITYZOCCFH~mdjml?
zmbo=bOckONk#W3sU}taF<arN%b{f9=-5KBJi^uNLlB^lRQB?2EX(wfj$&5vM5s6;!
zf0j1W4Ks!bdDda#=(PAFCHK>{e$PrN9eWh)U<{iJ3x5y<1q8<{zWEjUHY771J|S9Y
z3c$IZbU2LU2yHaMI>ekyMPo^Lum4<_29Lf!b;0n))m+5iX2w4vg5e!<!u0Yzs7eqm
zeFrK*v}R|XQ3L!b=)=LZ6#1HTau<~T6i{L;*~(I-!drnz-?tpm!M7&u3all%;knUk
zuNRA)w${v#+zD?9y;Pp*liAAzQD0bd0lV~Yx?Ftos2tz7Ta{oEUXX1byA*@c3{;H9
zy(1P#W<=3_(lRQRTcwaSQ&@v@2(BGnm~3g)9MDn2%}H3w%l+7ZBI)vDL3e*%yw(9+
zjxWcMjc_g=Z$3D~LzD7Q3*^3{KYZ{|vFd;bJSUl_Ktl~aOk<53XU5x5@k9Y=mkaAE
zgms-Cn#PEP>cp_1+lA*O+>dZ5vsW&uM<n73jHC;%ao=tI%_k=S*F;nn<~3(zJ&cq#
zN{@AVft1}dSIznormLd40JK+_nA%dZAMWbFHdry-2i^J9Z|QU?<Ysta)>krTq@ZWb
zVnG8zUSMx#kXo+hMR>{zqNJX>={UFLD_mb(3{rM=J@-_cK#-b89}`eAY(W)(;^TNI
zAeW9}ZyDG`eBa`B-Vb=j0=tXFia?vecH$Z|Jk!7ziD9XDRK_kDIIVNN*=mLh;M<A8
z$5vk0lC2)3a$6)imH>0IRP*3^i|wSI0cnt}119#HXne7Mpx)o!2WkW^NW+_&w!;kN
z>P?WYYWbN6w3lRv$(0w+3Sg4&C-R#c`=yY-z!{7zJaniv0PBh*HYV^9YQ;jRu32mD
zaIr;I-UHRW1*SgV`&o|EXTYVu3}dTgD|MZ0RQ2GZe4o$GZw221Rcz7`H2i~SCWa1b
z{hzOlf+J=JW+#Q?JpSEZ%g(iDa?LZmrE@0-GL_Oxb|f9s)oG++!`rVZygmqGidqm-
z7kri6#;V!9e9TrqKU~+P(tbmjPbkXK41=;Hfq5RVPry5y5O6aWrl|!4$c%<})|s<f
zHTdBd>Al7J0q+jXN*UB_GHgr}?nz2YYEFYG(5674Vci=jhkS5gk-*l7{S>%avgwQn
zGE4niP=nK&<PS~%!PUhJLn`}dw^UV>mBoQ!nK9jD`1dtM*TCKla?LzJZ?Gk%1p({e
zF8**d%Xr)7!)*by3pMrv<6clD0%{tfR@-l^G=t|7U+@@0yPgXDuO;2G&$5~$Ow&F0
z7IeSEu<2%~=do6H>5&Y6y<C+|^!>*8!!rS$CVA|8gX#KjK>*cjpb}xOFE?605wjAy
zpo>;H%$*Lu$#|Sur&^uLb&|*x%;yW*VJNFH1oQXY>R#0xeI+=Fp+o&6;{CD>cD$<B
zhQWoPhsH0@PA0zTjKdAw-CCjMFw8w^hX3n*bg&--)F_)J-%VD%&}*;Wka<53<grjx
zoCClhn#Y@on03$-hJIw(>j*&zd<|#TapP)Aq^6@4_;^f$`#+0qzs&AO%QUH~sm)BC
z=CQNP{gq{5Q3fsv5@xe4Ykh>mkaBTB5^Wpr80dO)Wh0wr9OO&xx3ddWIRt!4>g7Iq
zipugQ6W|(4iu1vNMB-vX*>nrF)S5IJ`@^QmfuH8+*>_iO+%|pn!v6q3Kzpu}Uf_>X
zs2irCb18U+8gM0wPPUI993pBJF3pkJhth|x{B}H?lr1M}?3y=}ft??(GaQCnYoLr`
zVqyw-{Q;``5W}np)hL2{>q;X_jltB{NOW8h!85<;<|0<sofS$}HEi2NnOaey&Iz|%
zY$vd{1#FZdH!^+OHdsMkUe5)Ju(CgLlHo;zl2CAE33GzBO8%-J*rRcAAX>`dyfa%^
zN|uI826NYI#cJ|(`{VmPOhMNqkARP?Ac8pe6M50NBoMX+HE)vjJebc+ABt_2y7tEK
z;YFx7qH@;CMcshfzODkhoV2hj96!@BI}C@RqY*RGxT(H#22>$q{~hN$ZOo2LnzvPS
zLzi&GLMfG4hs_2wkK{lQ!OCDe&s{cT&Nv~+?^y<Yw+yTNE!jMOJ%BJ?dUEAb`~$lY
zp7c+Js#ss{)$Y;0)&|nHqNZk)GRaO=xBUt@>2ei&P~|iUYn98A<GhKw;|*_8T(7<3
zH26NFCj0H8Hi6mq8@H=WPVXMt0kpM8Aew(}mY2`~4){}lOKyeg%)GVkz3ILD>N-H{
ziFRq-RqKZVBb+i<)9+IjN3Fsz`DQ4TJ%f9BVkr;vBZQ?TKb#PsDnl~+!^LixL&ykx
zW=Ga&-lC7|bKO(We^4qVU)iIp=lBD%fI(<V68JP6>gmL}>DR&s4RQ0{mYKx4itcPK
zkq<rqCljF3FU!lCgNj=VL#5f4h40T5fzLrsEb9qV({C+h@9Elq<PgPE_T`6WFVFe6
zM!NBuhO*B=k1j35<TwS#2IA-JTSqjxfv!!?Vv5p*60w!rN8a_Ny%pu}nBch6U)&*}
z1r0euqk?eno3usHL|c_<L@#lSWO@%N4?_VK)BT#+O5*H0@Nr4@*7<V->;<VazIlni
z(uG?#+j}>6N<DN%A`!dA^5s^dzI$w}Z6m3K^B%bU{<tb1(=a9R6^(~V=2Lf~WU`y%
z!1Z2o%Jw#Qr@T1KPRRFQd)1K3<Oa6lIrRcPZz6*Jc>iI`;y?<!W*Q#KPm|71U&_%q
z{q<@7{H=}+4lu6EUhhDW3ZY7{9;lujN;SHBaKxYz$ECyd<_<e%fVtvo`faY>o$Hi*
zs;SWRg}p6xJP!&TOEWV}KW}z;{<2qgu>n&65RN!ht;+gqi+GXIN|o;IEaZQO`Lp6P
z?XlqaFiYTcvbWvM56JNTWEjQa;taQgOt{Gf8irVhYFSrajI^d3ra-jW*hfpx?FQ<k
zEDg;Y-5k8oturtyU6bc(cUsu3QlGRzcBUN|yH3|_O*yE`SZJQgZSjm`zVvl=H~GD4
z8knRM!1D@hBPsFiP<-R4SW^zUH;K(dubA&JfH8XJN|E~|^X&&P?p<CgIZumjER}@v
z?aU?@LBqWBy_ZX|QserE*tgS(g}bewwZuNbjm7J9J?5Jho9Vq5do$jcheL!Go3RIZ
z+F{D4aU#6&V9cD#d+|%2=J^SHbZWhlem<YYJ#fMEe$ae8Sz0e)k>3k9sHrt(-t;vK
zQ^8k?URr*=@+vu4fOkAX$8CwDYa;!V10U3iw3=^xQf_Q28z=0HrzU&wYcf<W;FuYX
z>7KJphZ%m_u<r19gyW(HsMQFy@XG((&WAGKy$z_o{97*f<pg+dTNZVAXtk;iYSp(?
z=Wja{@ym751~DkSZ4sd({+j$<UrKo6arsN4k_Jn7zaXvy*NBaXa)z|;y`8AOO~5)o
zfQ6(kzB~Q!*qH!>IZlXNB1~`dT7duhAs|6NDa`<CW2jcL^J`vo2=4P4_X<#k`VE(j
zdbrVDHo@25+a2BK#4_)DC5dMXZ+#NA4;uI^8y+|$Tjy0bIc>&-=<qW1CGk_tiRIj;
z-a=IaX`;FnSxR^9a5OG){QdbWbP3bS!_bsB+ABx3JAlO8VZNee(;khuL|YIpe|8=X
z<dx&7;Br|V%iyS*O?qYs0SL>fHNZZfZ0>@8QTC%oRh19A1_tDVL0l6}mA2^iN`CWV
z3Wr1+g?QT0OY1WD3!0gZNFxT!4yvHOtRT%frT#k|z0gstotv6HA|pRp-9V<Vb40eo
z6`#!Fyt?iT(n!gETDmJgyHHg%u$SGz9U`34V_fCV5aS4ro_BNmc;EMxV@{z@PG3zB
z@BHP7(!Blmyr5XNYM<f8eoV`M{o=)oiUxm`Ock!a_^Z$_st9_7k}hn4u6~9qn7cG+
z5--CWFa*f~F;v`d7NDot#%K>HdewE4NLBB?{uv09On#CVcZrfeqUzL)<sE#?^pNTi
zpd4uH`^OlMDS;voxO3hQ4KU(it9$KsU{$-EMEmu8;CB8`P0$F@*hdy;?Kxs^WgK?(
zltgih?vOt4D$kTN;y*D<koJwzbXOGd0g!?%3)6hNMMp-ib{~`(Y41{w)z^3aqPO{r
z&EzGIC>2Kek#IaonvhAq<GHu-y-Dy_*MN#h>`@9EA!RNwMn&4rpB<N+D6<)oR9l9@
z9ZBBoJszN`(fOt1(;%ry4AF*BZV)nQTg=@GQT5u|mJei(L}<pct9DB!lkxTFMJeSX
zZ0<W|7&6&hJBj>IZY_GfeQ17uKB>N}Fe|J*UT_p|q0t;D{7EWjb7hV^J;k@`MdVP#
ziT~NGxpQcp18mdL2`RFQp4Q|(R3fhU#zrDB+XM$?yr1ia_9u5oX%gKBwuWn0l+tdg
zOgw<X(!jcDh<3xj70p^migX{Pa?!h>Oqoxc*{<TNyO~u%hUz8ERvqf?uf#pSQQc*g
zE7O#tvUi$eNsRK7m1gWZ7?*oWdrE;#0i<W<RI}}ebe*TU)be$%4h6pnJkN5oL~|bM
zc`1IpQeEbU!Dz|#S>f7t{!lZRdIM)u1Z9Sqn~=FbZ7zN%o5Dg~iCQw@lv-zhX$@xs
z)h8gxt<Tl_9VqxiL2yBs$7>h$(98`lNLg0wGdW1LK0MGDbqFfTe54x<BqEuxFBBir
zIGb*wYU)zMb;wlk<waEPReuxx6n2^;B1L73JtpmKHaN7`=Jm*YdQdZf@=<L#=CY^L
zFj+j2x!2Y?7FueyPc{ba$`pIbGV?P17R@az0zcoyfph;Z0mV8(uRk{)mo!I-HaswX
zM%?#l#caEsDyirCD6yJ$7rjH4MFF6PqB}X6nJi_``q|af6L06fdSzCuhTA*V0aKSF
z&B}uosTtuLx$zs!o~dxG0YJ%F|F&=lV7dVLq|!MHq4H7i*OF^~0q`sZ30+eh(PEA4
z#`%6|+-j!0R8j`xlQoc;izzety({bmyRS$0n2Ul{V@e+1+=$-n&u^cC#>^oA^ta85
z%%snx^Ix~3Y(t9u5nDoZi$f&5um4$PZo4kyqoM3-9q=^lz}A&T#^YW9NN7GI|I%^2
zXmazqVe=UF7$XtNTGg3S)nC2GeIXjwG-S*r$m+dj!0|fU+J1A;gxq@&iYYVh#JNtB
zW<pAQC#uFfl~}?I&roU%R2qAh>HGpuKa|hfr2V>a?^Lge1wJ>rPsCr(y9Agi#qM+m
z&A<@9T3iM$yyDtj3$!obWkWx6s3iz#;iyk^-DM3EI$?T|C-<@mCq8v7#K2cN<{%f&
z$>2E1IBzC)<S4;Q;8;IZH5>t_-*9=P63Ck$eLq9%VTG_wft^{pF8Lt<XF|TaEZ#6R
zwQ39?Z458{n*N4$7QmW5Ym|y_%1|&zj1vS#t;jeQ#|pqZFPuJC;vtf)ZEkw2!HrC{
zcNONTb{hg9tFUX)sl@1@>1$NwtxDUIl}2V6*w214n?}G*=sK~G+f*Aw`En&Y$+}Ve
z)#*CCqPfPV_;V2xy&*b$!QUpDJ}eFv4@=8rf24F8&=+;N7b?TavdE!rfq!N}w&C%q
z@Egk&bVd6B<I_Pung`0BEiqb~m;)jiWXnAv>2J(9G-8VfOTJD+H-KTwa*w_HUADgq
z&s?`Af(6NXbxQ40D!=UP^tMI}IlSrZ8DjsL9VV5#1fefUE<I`XTm%WT_Q14OUsgfk
zrqtQ?p8n1i&waPK?(|?HoxbaNK@yBnL(w&5B}u7+>;YzbgPX04`A;@Y?(Nu%dFl*C
z<J#_SESSWQAbuW<J8j4FG9MWJQlglpdNPeB#0rxwCDVHmsomY)y4|7X?oL8XOsc|u
z;=~CN6`4>Q<FXFcphIW;Kr)1Oz$NG|H~8D7!FvE}#IrH-FlCiOKlZ^UjpuUi3%xId
zkYj&2)b=-N+boPIgtxa%T5HZ0;1)S}eajjv<#NH#Gpk_zoc1<7T<883MQ=qBHC|4)
zFae8wvYj3)cA<3rDyXGy&EP!Gh=R=MfH<+B+ao#rEwj|Z%_!B4YCsT^IA6m_Ci`fU
z-S4i8=6~0(GupSJi@@XHUcDQ+ooxqWdwi1;t8X>Uj@H&flMixzMYrbSH-!TYk!0LR
z@&C~9Rf|#2?eWJ`kh6Kl8|R1Zm<Nn}1>OEyi}Tl2yXOPQu-j6=0+7zc4X&?fwsa4D
zat#*hhZ=O}Acy3IOckxAB>)8ijvr0eOzj?u=g-&!?}yx5&8m<g0B&QXRo~miYkiy3
zTkDRy(3t(5QUB8_@Zz5C{Q4c6=Ju@G=B#OCujzo5Q`j9~OdHDnVt&~j+8mj(5#(Y)
zfq#CQyC#MEdY2uby6JBOZ_tjttb_EJAp$akkJt+HGp=fesfm2tS(z3-N@@6W@l!#X
z06R@{pp9{eTJT?t=#O%rgnk)sOx|=zQsasJL-IzQ!CV&na4Yz*gq8#{$J1Z4*h~(t
zK3=ZZkLd{2=h?Zr_)C1ydCh}l0FcCFtdPz5u$BN%aGP26>bxEbw{Grq#UI&OtFzQR
zCdVi=6s=m-oo->V!RJ;Wc|<{zr}GQ@gG`n0><^QcAiz6||4Jj8<H<RT98Jena0IN@
zazWOmBqSsz7kGo8F;`{0nQPpu+1vnZMI0cy)0>H5lF+up)nNEm7&}K#S`hChs6MBr
z-k~9LWtHMG*p53+LuTomyXM5Ajy)3=>YuEKmfwCF8H1d*)tUMpuRK4}CE~M73kLit
zUw%T|(2>G(oFyw_h_OHblD2l^k4Qv!q&c_AEeIjb5L3q3>Xs9<I+IkjQnP!jq1srg
z{Cn<l{)~UG9HZhgWP?Qe$<nGJ^Gw^+wT77JU@fanfQ3Q<)#S;`<?pfl+_|&<U~OTg
zcE1LRF^~1PQn8n-?U(FJ!#+WGk-&K+#>eJ@bDa2*7Td#e`qK_G^&aDd*BQ;`J8a$Y
zy!lf|{mi2PA+*h7{cp9?2qEBp<O^*~=p=`?B|_y!%<n;B6T0NLpKM@YJ&IQ0WBVrn
z%2pPtqsH1~@YkeNY*5H7f#=XdMr~x=`5kOrZ@yYS^5S|)rhb}PcN%H$wOk|sW7{m{
z#NRhV<w2WNE59u`trn!wvi-p3*cdc*nv5_A@*h(59Ov5{FfdpKe`gd41+D>3WwEvg
zD*IhVpBblH!6Jk#oD5gYZ!6;aUNkp}vGvooYq@B9<leVUD^pX#T>2mIg2p8sktj_g
z7S-lYHKD2rJ*|(8qxs#+76JUQ+5!8R9q1LuiBDth#oRZPV#j>(HRAYQ_1qmEJ#C$5
z-zTJ#Bl!$*nj!mcF6KO9``EJhBd6%2-do;kpH&&dgD7~4K7Q*J+2YcoA8(@z=3_Od
z(8TP~A?=~U?du;0EAx`cpvQ^qdrv|7AVSWW&ynfSb&oA`mYv<=xc;D5MeQPmZ`@<e
zE9FY*vQ}j`7IKPzTQ*%!Ahz6Uc;!D-ITObS{UiN{QVI)Mihk{A_5y0Y=xwt`(K(-N
zJZuzxC*WzSW@In#zWPLGR@@Gm#l0A_s{}V_LK20lL(-hc*O5bK<Kr1Xd)sLE(wphH
zx?u3wc&^678F{qJCiDa@te=Z*B$}{PK?}Ycu`2Ijy?!;~tOwo@yIsdXm@S#4>P{i(
z@jz03Q)mcD7Z}&gK^y8|q7W^B3ZQ-JK*mrhKzh&o;s^wP+8}_s0qzc!`?^AxO+@LN
zZ;j-lPu>kdC)s=0N$hQ;`JkZ0pd(Irb2+HfqjS(vre~Tg2}U5rK~zgOzd*M9>8TIz
zrux!T#=H=?P@lI|ndI;@qqt&B$K;MUk=^b2#s01ophAB?JdX3``PfmPXrDY$-RquD
z)SLoM%rn2W3GI>|-U%jU6P@merydmbjfc(y^3m>)7N(jia+p&bgfmv8bkZDN&@_wS
zP>@pQ=%(uIEp-9K8HkF{n}Cp$VSmeW|58<~YEIAf@x0f|3}kgTAg)h^<`pcbD6{Wp
ztKN~hR00M^Ju^Q)m_p3=5!rfa89<y(cm&b8p8LN<Bd*7C0y<ZTbi#gZ?kLUC;{@s3
zR_K0x{zsf2ha8f%Xn;nt&43r3DZjr2IgYcXZ<h1-hO*xcWjoBvYWgdc2llU*rs}I&
z6sxr(YM}H}X$dEP`uYfKH14}#NODc&1BibvHy}&jlwYmH%u&f5-{PXKJ7qWF>T4lZ
znvV%8-4|l!wu*zk{U^XjtqOua9)pjT3MeNyVY46EopcDX>65HFax2BprjfYt4PISL
zr&&W=fplya`?f0*JHjY;Zv-0gX0y04^-}2;<811u#kaW*SaF*ZW}Ww7+>L^6U#klQ
zH-+CyK^1G1+)Y=V?Uuh=ZHynGQJ$HT^AeCsUUM$|F|%!%2325UJR|A^yj1e$@!ahn
z5a>#Ic+^1OQm&#=kKNl=@z&R`^$DvXel>27P`3N$oMDTEbvPVWAH&TwZ;o7UXg9r8
zu@-e*|E4mrY_2%3^+-j=(#CmSf?^{@8rCrTk0YC)_QRkbXJc+_*0?UdT4PpJraP1z
z-o~LU)tn6=W&1=b*(1;w67mC|Uk;Sr?#tc2{^zRB>{>bf(=apI5bzpDLrS#&yq=nW
zG}j|rCfn8=Z>Z`ExEc8;srb}OiWZY@KMUw@9R=0Gxz_VEj4VrFJ|p=ZRVM|nLq^6R
zeYEB2!4()|bq4?OpjJ*iBZ9{2cxtw=t8Ocaq!@SWIRGVcaz%4o`A9*ZQ!~xuTYG$6
z3E8+hW_S-}PzvHoGv>KznWqRkJ#UnKxo<HD4)X&sVeW2csd_K;^+%^9pD+TuEfih#
z0_<TkFyZ!p8$h5Ik+f1xeH*$(o}DDXbav*IkvVcW>|+_iw=B9_z1U3JrOn=f6K1Ad
zAampy8EspN*|s(KH`d*^g@wHp^c5TQT1tSHLRV*Y4+^gu8ypp_;5@9);P#q(lkq+4
zHA$Ke%%mD7>+5#>l;tr`ly7Fb;YV&A0s_Kf9vUhqpaExDRk8coWg<|tqT7;}D>ix1
z<L5WA9~0F3=b_^ZBf&4gZY3NgNv-mGH4tDt!hLqD#K)o<x$-UGY>{kO;h!_#z8t#Q
zU;9hNx^{0fgSq5%3a*5b)n-l3xS@rv=9?}uY3&Ld{rXj_YFkqy%{ywvW*5aBKc)4W
zaEM2mcbi8;Dk-BdS~Z%2$IdXCd7T@EsE2}CWB$$`YmpOALx#27n;ni2+!|vhR7!gL
zA1&v5vlg2XYvET!$uuP;$^w?L3;`moF7Hf?eF{`P_nH;+V|f#a)2C$WJ3}!MZdmE}
zQor53vk*^{Msx>y{})n00bB3b-*b#PH};F|A7*PkgxhTYAmu3JN;0Ltif-9a7HW_o
zTP)(j-*BAmq?uCydHoEj49e0ss;MPv&!wvx_G`g&(K%ndV^HnEUXUSt#-d^#?ixuh
zHfgq*qbxqLc?R$c-ZJN&&g$LBY2t>8?a7+m<xq8R#oQ4MAmNq!7_c^Rlp|a^<?}MW
z=44bi=2AkFZklciT&ozv>helJ(vI)>OM<pQi9gw?;Wg(rX?bx`R7ECtz|@Ltv0Kt&
z&=P5>mT@m<6FQ@bsu+~qJHvQ6gNARTEoIO*cPQL197&SAeBB#T!g1aOQvEG3_-rtZ
zddUsK!sq!Gr5_!9njm|Xd6Ja%!Y9aNacG-y?%JM~5%2g2ox4Uea?Gp{@JPpgGi}&{
zLu)TiHL*8dhAgKq!7NMWNTlXPB}Pxp=(yKS6!y}SQdO~=qtKeIxu3nlQuRddwfTzm
z`?nhs*s<%GI(6W(S*v#Uw3d-|LWXGlwmif?5gpRghoqQ4@ed&<XjFYIg=t@O;Ola&
zZqMXPJ|?=UmABrp05Xo&ic5J(N%a*b9saNSVF+`SgjnCZ3<BAEUOnVA|J1Sh<G9!d
zuwi4a;IK;%<m=XEWVvbD%Id~vvgdMdKNkE+V@`rE@G%bRm)2*WOR6ah{{m<)sTR+?
zlUboVO9z2;6cXipBgm-OwW@`pf4Jk5{+g5XM3_`f{0~(>Ah{|!VvMD=Uh}(Pjb0Y+
z4-^`t*3<}O<=?{WQno2MZCG6prOMG$s<Z_FeGAg;41oE@YIaMDdjPQbBfPEY@lvux
zT;WhF9aWN^gdBGdveshU#k(I35OM{Fl*N0A&&=JD>4iSIniBT!o)ERziI#P{&i!ml
zqk;J|0#!1Cn+yqLFRA$NJG3@+#~(Gni+c|iqx_pBvuFB5!?&)m{nEnQlGD?%&R+)U
zDa@?TWSeLHc%!D{dV75%O{QPG;l<8<sWLNlHO47()3z^2(|R(7;=D?CE2IPz^!<yG
zu0=E#z`ZArY^QJSrmh;CEwi2<`^G5dp7U40TV5f^Cv+SP&&Z4x{^(1<+q`Cu;2@#*
z$R4}rMxr~%9HJmP;4iP=j5RpCy5n$3i*53+6{GFs3^-c6_auYSHrC4otD0w;l>ewG
zN>YeX037Jj=lOxuf;zxgNO~D|SH+|!r1!`vKGd808<JVIzca<)thOMn=}^r;XEgii
z3i&*Lzl=p0M%6e7UPK*hps;pgnCr7cDA7r_=yn-K9eQ&zNjJFRFz<(og+avJMXD)J
zUoQ7T#;NfxbC14Fh&-O*R<cW{snBnbs9J3b#a0HZ3iV_??qhKO)|k>k_$e!dEU!nt
z4Pr)SG9h<pAbC66-*||<dK)?eUd)*`%SWAGi9q`6j)$~Wvr;<e>~TCmXenaujDy!x
zRL}IT^?fN3#HYB}z5cTYBQ&lUSfy_k!Ptq)4{B<xgJ&+KKFHo>%RT^Hi4L-8)9Y&4
zy@Szl`8%3j=6RZP3fW3&<WJ*(Zmuw=6s=m*vr$^M4;;=U;S7LCOGqC>6YQDCHOwFT
z4XP{6jHK|DwR~T|W`^?t0I!hGfv;@7`UAocDfMwx#=8jDq6m<7dhIgc!;nvKMaRt`
zS<%TA7<|MwZJ8U8J=!C`2&}Xhc?p%!yE{1;A>KebRI1DC625oBF(&nbx{SV@Fu(n8
z!Jg-ZKSJA&YuRR}+fNQfzIQ>#QwPS@4xxK7=L?`qh%vDN>HfurAl(PAs0VAzR&DX2
z?LfVwj^gAHH)rz2`Ch_M+Jx>mnD;8D&e8qMpb>KCw}v?IO0Zmm8NgmP(UK2`p5vAw
zLnR<D>KN_85s;}uz#(s(@01~&h427(O`k|H-Z#5`Yj+TcL3dS)Ak6ti58#;7BsUb|
zeV-BB=b8FpSkwU2OjB&hB^mep>hF?WlF^&jliOE-%FCH$ZT?=tqCzfP-@Hz47{Duo
zhbF_>IuWKn$-W~qG0(_;0}u9zMrzlHL_@ZDHZjfciLXX?2fx&i>Gj&*%I1xl(JUJO
z3JEcTQS~s=V8~1~4CZ__rEG$rLCzI?xhV(*Um;k|e2n0?cV`0a?{x5RRFC_S2bhOO
zmLOT0*A_xtI^7J#ym6y@%g#k$dX4S4>AX_&OOf$))`Cd57KqvaP{D*kF7~U+-N1hT
z<?O^+V8{;|1oH=Y%^~Qvy*(Rtwy-+BfH|IuNaM~Zq~1c-3po}u!&so|gaIM0$9U|_
z0pL&JDD94Kj-&0?ZD6h<i|^w!_vzyNFxhG!Vf3$)+1c3^N=sY4YPx|MAK8*0-8I23
zx}XQXSAK0{W8*_%8T|5v1x4yMJ<r?<7Q^~T>x@sA5K2hhzQKxg-M!1B`<~f&wS*F>
zFKKT%5fN!H8l@MNYC@5kVW6e1n?}(}(b=NgG<UAta%xdEydqJ?xxcXYVBfxm&EB{@
zlE<Wd#&Tu1N`ORQ#x>40uD^|Ex^1s|h3i-d#^0Y?ei-i~pO3dHNO)n3|M@{h9+QuW
zY%__sxP*Bc_4^0!5xgo<-hlex-|*Wf3Rq`N8fX2-OJ2OfpqN0N2Q~(|h;f0_lIBI}
z;%DHDNgXF<NO`D2=q7|pb#7<dS^#{E-D;?(_W>%#4K&OHca*8`D%-^)7UsQKVL~BB
zB!s3n)&0r{M{!PT`H*OTDDjfF>PouJ>b~P3NTi<NcvBhoZKB5!>4Z&2)f{>2hnjj+
z5JIT<h*qTBR(hEk&-Kuj&@4?NRJ6$G!}N?DnQ7n{!8aHX!e0J9%9daF<Vliu025<7
z*gS0b3N-rO>ktk|5a}yQ>I}EoF%=)lcl}JLInxp<wnui81CQ+p4tDfx1IpXwQo=C~
znp=Lu9KWobdfJ}TJw6@U;7*415vbJ+{iD!LPR#JfSrbug#-kU}8}?`0kUzbj5GHW5
z(W>)Y{=4ZHI53~Gh3>4|f4hJhV8a%{TqHSe(xJtaDE*G({b}9yN7&**55G$5;9L;G
zBBEP`4CaM48I5-+TRmj|S0msssE$n8Tp*;wMpZlj=K7K212NLX*3W@pMIh0+4jAD1
zcR_#)Ja3|MYirTxx9~k`1U>s+Nrcir;x~paUPeHjeKjF;9@m@3W6TiG)*J?9T!c5w
zA7#!UY^=j!IV;u!(P5VDctI4`y)RGvE$aQwHex`7(`-BE&qYR3=aYYyGyb}l4bwCR
zCTzTB&#0GKMwVFgGcWp|W!6@Q`Mwu{2y)Vmi9iUe@Fqr*H1{m+Aiix;Y%=}BsBJ+~
z>nOs@VmDJHY>jiYiDQob-J3(<#J(hCYiuKGDU1cXaPTu01dqP#Qpj=a!f9{lVkiz3
zCZG~Lh!)uzer2&5wc;J0Zb(2;(Gm5Z4W99~r}w^fi7@o5^j=B<=`1v)4Fmt>(oW^r
zjyNh2Z+)R(E=@Wzi6W*zzszCollg?+ub)4rkd!z=0!Zxp@E%!=P!4i{s_ob_!dPF<
z)QMcH&|%gndbcrFamk`H!MntAP;t3>O}2lpD-q_LwyG#TgPfZXg7RgI^dpD`6n7?s
zyvy457|c+h%LH<}IK@B<59SjyAgMFLL!6wQHs_+%mKZ0~0@~@!QKJtLmkJ>ELEv~K
zfX$nE+7S!HBF4fUpiV7T3El`1;v?#$;Mlk+Q*pH6&Kc{DDDg9S9|%p2TVCA0*tBX=
z5flY?vpcN5^2P6~{*Dgwr)LmF3qIEfVQ_cwK#XmEC=|~<3GDDbxb`TbW2Vv5rKPr>
zDztG%dH!f!;DxOi2U~unBS!3kw>pj2oBd9V2$5m8P2g5%-`)H+nGyNK;%V5zqcsrB
zZE6r}R}R>;TMz3XB)bB$@QNwPxy)=_n!~Tf+ns0)y%fv`AdfknJ|8ycG3_b`31m9U
zsqQHXSjUSe@J$j9MU_1%7cmMOA=8509#%nJcznd-txEQTAK$aYaj_}JaYt@^^OB*?
z2=J@CC2|30d=&bH8$sO;=4~Bl7+s*8Aurte>MA2)flabWg__UqFVCOf9)lScLOi;r
zVCr(p1no+@`Kb4fk5=%$Y1(%1Cr&Pc|4uOF^ZM@l<60O<AYMhk`s=Dn)=RrQqYxq1
z)142aF86rVTI4~8ku#4-R;6(|R9BNL&62p!#l*82HjhabfF!f(7-_TpmSiDGqB`dv
z;FxA;H`jR|nF0>>aTn7Ou8G$QK)37NpOgIx2U_I5>$Jgy(kip`V@A3}!tjh^$Kw;e
z@;nt-94eLa0E`PRY~YRuQXVA%oUmAm)=*A(`EwAWD@Sc@-u`4z&6#Z(pm=z2UZ-PW
z3;jL(Dh2*g)C6!U$qlh$7roU{HmhU8nTn~Bb(v#4%RmOmk7I%SH2=9YN*e<IinNHw
z?Z;jSojwf$e@u=yTpH_&Fe-w(+nRvzG%{gOvD93}(ca_>H=*S+;pH5tq$m(3QlTk~
z>|gN0!ypjAv)p{_enVTBhTZ7*%_#vxLb}9OHxVk-db+}9+~>4ejDWi)kF`($Z2K1X
zmx4K`-^B~ig7!mau4bt@tH;mnjN@~t9zMtUmoQoB=I5hd<4#A*zxBluEH~jPTFTdX
zla;6O6CpCRj^ocfy)8%kf&Z0QQ{y+#eOX&8aKU^1Y#sy&E1$z3cV;U7IwCGamq20x
z9XQoiecdphFcNNS-)6z$BY8W+_(kcyvkbQd?rBTKm==q`gH5CrOR$@2wSx$F6ccF&
z9Z1Ge#5Y!EHJk#GOie%1c^4-6;dApmnDN<0n)hT;J{^Us1c^P$tr43d=hF~7D!q@R
zr39j#>Lb1l@0In-gkcOSS>n`j6QO@>uh7UD*yCk68j?fZCWOTz;q|pGg70d~*<&f^
zy$6d;q~K^MDf69{hQ31rPCW7EBZ^YzA-vsM2&r$B%2DI^m)5aOAuWKx%~vU0kql#K
zfk-6n_&HjWI8H0gmI#*Q`?7hSn-nK3?5do~=)i2tA!d8Vbs|RsHGQlaz*klPx(a6e
z$<sHNh8a(+>tX6oLtRla1D{0~%oM$tvi|A$8h9{aU}}HJ91Tk=RKN<$v!7|Fw5)m%
zi)<O~O<495y{QCH();lkR1Y{T`lMkty`dh~<7aTD&(9oa_Y3^q;LYEWXRlkRtBBfG
z6fC3fdAI*@`?U&r$zwew`~F+skNbSQ`~GRBAWdJ-(f5%$@%%wz2fBa%qRn(0sY=Wz
z3UV&%m$2@Rl`UWyzk=qJWFCU|*G*Nfe`3zrd04*>37?l9dpkd>tiM!i$XA@kQI29a
zOIp5KjmPb)$uH-1J?!>_YE&D`A9v^f@5<16nUq6Dc59f<n5zjA5R#B-2vcVr;dcF=
zG8CUiOn$3N<ZAjG#|2dg|8#w*ux?{~TfDO$!xLq3oL8R{)Z!C2WXt!iOk#<noQ^%%
zT`DgEJ6Y+p6qTU(9w>#Bp9wW`@q(l?>YuZj$PVKyP+t8Qh>CcZ_L%neQ*kg!VZOIA
zSYZ5;iUOUyUIQJ2Iuv85@o=RY)(J~xKa73RG*t-Ca@W_($^K|~3=*O@rf{DC*W)2A
z42So^JaUpCDwfw#5r^aaA3OR@tj>ZZG4{!I3RayCB76ULd@Rh^FSctxEqHYk$K?*Z
zM@G{DulD3X<48FeHN{#FcNHFG>if3zwQ4Tz^gL95v>fZ1fg+=4)i9yf0}muHowG9H
z$d5-50X42Jfb*B3{p?P{woho_mACC82Tn)UASgb>jo)+>Za;#<1h<yTG9n>A7(!XU
zlcaY|oguZ+3W<GYgz?q+%MyJ*T4X`W3~R9}JpNH_CqcE*HH0O<5aK)Sl|ZyB4+Osj
z(;cJMm(PLcFB!+@N>R$i<ui?Ow{4;+_;HW!=&_D?@N1U2WF_;jEIzWqfL*FUfuo@v
zLofRR`?Rl@2OTEo`o#1cB<Rg2XmgtMuLNClbn<?<52R!qE^F0qkZqER=Cq=C%b=DQ
zQ^eL3JWMXct(UN~4#MF>b;90bE;SsRoD^~!go|E)WQ0OkA^~pf6krf6>P6AJcPYo*
zK?oST7#Vcf;NZT-gVO%yNl=Lelc2C3pQ3&RT>lU6pON4^VwcDE{q6sJ6CHzno41!<
zahNSN?Xb{K>|a~cls+$g>wGH**0?@O|L$djyPtJ}{auA-O`VcX8hK0$kg^)ua4_eE
zLis`OCy6z1Y|d4fIL&qngVo6Rm3QhX+Z%2J3f}{@_w!g=4384be=zc&2AlN)^hblm
zWp-BxXc|@^jm;S*RrstgSL*|ylN1wT%;S)fR^B2lAF+Fej0DEQynI~V+*`XHSQsY_
z+M~JTB*U4Pwz-|~EqXF&Za6QqR|otg8sQ;5^yc0o)**&S>(Jwazd%<V+cY=hMPV#|
zS&XC>$P2bWO&Y~j;`Z=?ZfoYV6gg{M$zr`<Jg(h^l#gPuvCMFyqPdJt&LabO_d5ZQ
z2ZMbITfYk-*Rj`$qiL)yhs$zDhYD!Uy_z5tV1{7aZfT%yb$cRs_e~jyp6kwB`kl3U
zV_$G0PK<DDkP~3xuR{{G6<9#D;4wRC#~x`ih0_yyo3hZdz#9W~4Npm~S)ae#o263L
z<Ocaicdiz~=j{<JB9bpJ6Sbcm2*(yj;o`xg9l7MKghT+pf1Z$IZ4&?sU(tJ8?nM6k
zM>;1?yg5gF|0=x$Bdvp7p$oql1>5PhcNI{15F9_y)k5Z5`nCen_2I(emdnY<oNYe}
z3+X$3dU*Lv2S2L$VZjlf<3G&^p0fGI;@8L?sK`VjuUQ+IpYSSn-0zq|%DHXNH+pY<
zURiCej9#1jlv?}%-xX`}DmWm?$CZ#`%B&@5!ES0Z{*E8Rjs;*KrOx*w5Ey${RTG-r
zrM$eEa;n0(K9lYAduAWzm-v6wr8tTJIkv}_0+r~|&xZ2mMy?P=%mvx!*hxYd%rBw-
zOI56q&3IAeeX*7Ob73p<foK926R_|U9p~J*K{puQNOMI|B*WwmxHji1A%yRVKgGWu
zqMW5H5lMpc?4`O=0ne%<T+esNXWxwx%k#m$8;4>23T*RK^revt`dU<%QDsP>Uutw(
z?5s_52n`nbcll()mKVs>jJNT!SPMJgrs9wj73kMVBz(1pcIQ3#3E_oyQ<7#7aq5fX
z$w3Eki^{h*uf6K!h1wbuJ2+1_o~uE(u`YzvV_$BU)*s`eIIvzJLfU79F1`ay@bj3!
z<Ug12$+yLKSkuqmXJ%)F@>DsV#pg`xuEcRWQW2|`@Xe<(#=QRSg*MM0QzWDE_Z1M^
zYH+2whdTUgo1RHnKH48J#g@PF0HT>!v0&bqAWU6<W4uwV>t+ipd~rpIUM=)IhxyBZ
z^DOoKN6BSlrWI)~wu6(H-3A200)i)MkOP`Gx3ZKz5QP?LL|Y2%YTrPw9-ML{czSN|
z;kg7V?pVZDEVaM`^*r5LW^ztT`HuTwQ%owWf#xX#knnhhItmvM-Ny_LPxdGXHH|;K
zlA%1>QMuu26G2Z?PAQwx6ICBcw+rFLyQ7#_<NJW5I5$w3d?{4ckuu&x|Dg`c(^GB0
zsqMMOL(;gqD2a7}5C;o9O^yoIzHBu)B%A6$zs>!22KXMCaKBpbu&HDzdl(?I2);nj
zlVEVvTs}{m2N^7Z-DFEP(-9vI{>cY03{)j27#!CZ2bJQ0pwYw?{T8?PUR+N(C8uRX
zPrmMG=N{C^zPP3<P)oydsltsFQLy2Nf^}Qwwnv)|@0XX5sJa=b(>O_7SAG0Xe15ta
z1Kk&%%(D9grUy<q#k~z$No|(Dp?bYgzkp{>H&~@f=~}ETM`C`cJ*KcRgv&Ud^;f$6
zFDp$**rr7@23s9OQgu9-lQ-mId5s1!d5%0`=C~wvmQbVSL8TFZMtiC-MRD<G9c`<O
zef`5@H3Ed9U(d_Zp8nd_oi4Xa-0}cOLcLMB-vwl+TR0E&WJmxahmFPU90#I;grt+m
z9dvEv!#W0`-5T4n)o_^v5K!Hv2Fvfoug~{NL4t|Ac1i_eA*6uevM8mw-nE~gyxl(^
zJ$W8=UHbT?q&I0c)9p3zErqv*KBNoh1a+Ld=JQqh+GV?wr^T;h4P4MDv(y;PlK*jD
z<!X#5G;&9REWhaiA+2f`+gciVS2E&^4a`Ett>w>CFw>>ge+@#u=U27Lu=)97E<<O8
zX;U_gEZYPhzjK5xU!dZp2quaQPb4HY0h*i5G|&)uU`&4cUD2(nZi`@PSly-e*cOHY
zgJZR26}FEeLc#VC*241#jM_Iv9zK5xpEsb1YW&svKm@0x9+48JA($`Ckk@KP{1))K
zovQQn@ZX#zHE;U<Nu|d^Od)@Ida4?wT<6N~vYN0|+56h?3$S?=K_4f`Mo!z`WB%m;
z)3EfykLvz~yl!G_MZbM23{lwQtmY{=JbG|7%P4KZ#Xx4`RoxBpd3D(`^AY*uR`Dln
zVnGyhYA@|O6NEoOl&`jM*Wf_b#GSzVqu(X2+c;c*h>#&-A4u~k!mz)_Vr;&r7W5b?
zKl$W3e2G&-QNd9IU>LR<g36Zi>!)%V!$d|{s`J}B)u(}ZE&^ykS7|A-DzwJQ>fcj@
z8$ZBH9fN=D0+TnLSP)*8j;TVLG%2)J$eY;sYK-qg=l=c#qnP-~3IM7Fx5U<c<rS%c
z2pIA)nv3!IG^EqbwF;{s2*t9^P%Rv?{!}skPA2MH)aBDn-lle&i-UgAH}|-c#e!c!
zE}M5+zjw9eQv6wE%EIHyBkeD*gs!A+Ec7FdJr?`Vk_*}tw<5l;F5>&HR8F)tTpCLi
zi8v$1@S60fz4i&uR0{9kjz=9M7N|I-u(L2{hOtTH{>7ngg4t9Tx!NZ#5$Q@K@|P|(
zE$n;RPd3xQe%Ra1dRf)qp}SRR^U5c|0FtY%GRNO1t`h}GrS(o;X+ODJVh=9eZ^N`o
zw|d~JVZAULEJ_7`0V-@rX~7XJx3ci~vV!dlftnG7)ir6C?IOAE>0G)q1<B1-MkgMa
z8mEF?&k#h#&tT){357RTb;W9qR^qMk%UoWtE5YET{bT#Q|3Ajw1Dfjpk00mS``UzD
zdt_#3U89hlQDiGSU6hfLE8|iLk-deGQIwUfR7N5sWrnC^6<Yu2yY>10{^OkgInL*N
zzMaqccHQ^;^?E*^kM$%KhT??Ex0CuiJi>KTqz_L*v}>u*0252q!9ux+wS7O`KCM`m
z_+S%46wO?W!V5ZN{NKQU7xduR-6Vg&fsi6NKEJH08*1!qoR<rCiAw@pTC(R4DRVOE
z+o3>|mIC+MS2hCmFc?_QH_W_w5c(8`hwyNCiCvm9ok7=r5Nr#Ms%23+KEct&!ajoo
z>!3R;7as&S<-J_FDbP5+K(T5l`b;=^T%%(+@d*C>+e6Rs>RfpF&3zkZ$&cGT+krMS
z1sOvk5JY01g4d3N(%n&qU^oSmua)dg2|UPecm#gK^1?6QI_mi4>upa|4GtKJ+%>cB
zpYeFn79I*z$+e|%QVKz0Cd%9n_|;CqdZU#Hp6uKQXuB8<uFqG5P!sZrE-DDOGw&I5
z;GP_BpSO9TV%zaK?K5gM;~zMJnG{DqdVb0w?oFFXJpJ|tl{rG;iNX1<-;-lWH#*P?
zhidllBcb1iN;iin?`N@Xa6uzTHc6-LK|(Yf`2j|DVaQN8ui(Bwfio>UTwpA>h?gyc
zd6^^PjL6_O&|{athK34B>Ok#Ndlx~q6Wdl^>TuuJzI$z-lCMwSYNIVT*PmmHWkM$Q
zcvFq^zwH)Wos6)3(v5W1--C(ZigM$dpY4vjw2v3cxM7pW%6wtm{$oe97u_FqK3nEd
z8iqmYL1!~*xcVeahFZTSLoVcW4BVR2HNdn{bqq5OCfd$Cq^3{zo%=g+HzT(>oVP`#
z9>h}ws?Lq?Z7_<%=02rIaZwz_aP>ze?Az<8!x^<i&Kzs^>^hng-v-FGITuqc@dP)*
z&Q`FbXoO#Qw0T&^XDSRLM0~z>Jh88=2kqQNLjV=Ny`LLaN!^_DDnj}Pv>$46fJfsR
zqJLVS4+$Ys?Q~S8kHs&tSE6*z4Ax=f>*py7JKjD`S6BIdqU^Y9$U8J!#bwT(Ok~{-
zjI6<3ahISO57xmtsxxF4t>@x@jWBh(L|;mAkD^CdNHgIMWfp83NIcd!t+j2+;!$y;
zuBdq_@<7_FB})95iJzN<J!cNh?;(>PjRXcs+6%6Z-V#8PIV2cS#+7r4dq?_i&)BqO
zi&|G@thJ#Yb%e)`bdYmR1ub_U%?a6FvFh{#jB~+z64uBg?Ox&8e2wsL6*p^6)M=Zk
zrTqF#NR9muQ~qxdfiwmd_e1kN)`Cesq+3Iob%6wdTuKS}*aw2Gs~9qb3;UW!Is%ry
z?QVX}QdRJ!R*aAzXYuhx01-?Za=AM$UA`-XZxkYmiv#3mXYs6vUH!=!&<HI+EX2W9
zwb0K#VkhraIkFS5eB>{>s_iiuAUMfZ16C7a3jB2Lf_E9wN4mV+hEsm*&MAXw@6IVL
z=MRZq2w*6Cg+ht9N-4>(EChvHsAsBJdF7c_tK>T+YMdosXGhYT>GzdwzQ>?L5983A
ziC*qJ!@>1@fU)9|bL~@pYqHqM)?y*~bNse+R*i&)%ts9F5}PVxsu%2AgUx4R*}O>o
zWoZOCN(0==dtP26<u}Ai4^|zo$)n}fP`g91u>9+5OCtJsX?7}MNq7e@Ga}K~W0qy;
z23bi~&#6%HAh8>mHJ?%_RvzJzzV~NPz&nvDo_!+$aN0q6?}^&NnHDP2EMHe>rJkfc
z_bhNa)fToJHUPnHHU4N5l3k{$OURR?ayMh?9@c|1MHeGpW8Wg&m%B`s!|@da0RD$~
z5J>Cyb^na9K>2z)$$#x`5>^m-5L6Z1*O3u>V|35G<<<SOK{<CLpvylEm71JV1`F6c
zUO)z_x2zibMR0E|fNSggsFGQ+N441d$4D{3XYj)zH_D|qDZZ{K@>dHGOUjf^6iul8
zF*XPL&e8x7B(s-M6x2?QuXw!IL9XlLA)~5;smm8J-LG@9EKOzRXdTpTE7^Tq%v(xH
zlaVcfA5x4m584dAk{CQUXG_8UbTC)-DcqH`uFVfTql=gNGv!D&a$p0=A&Lpwx_~8<
zr}xT@&baYx3Dyxq2WZ4d5b-N@D7k-O+lx~*u*x5$7<V$c$fC^n{`_RF2e-6+^SNr>
zZ4;?|51yev<W@iRdXLrC2?!M_vQnBS<I>EjL;0P%Loc$_Sz(O1Z%U9e|4<1WNFn`D
z1ahxoBELF?iD+3?S{s8fl>=Xl(?`B%9PBCAfApQYCj%bSeU?+D(NK4<hz*_#-2XD+
z4~~$-giU@3*Dhz)P`;)kK$5=_5ge2C!*v$4%|h%P^_jR#l5}wUDCoJ9V0GDE7HIdL
zZh$vI^@9|6scI0aIQFykoKgSd_kA|SN9ce^x>6%O_PW9Qc=rik#Tn&1d9L5YMiMp!
zA!iIs<kJoQazt2^7&82@kPmhzV{_2YK9_opd<U}~Y3R=!(mc8DXph&;=VKSA!#1x@
zfk{m(PKI48n%Nx&sHo30V;F$#6qS&X8tsTQo;91jFH^8nOdSu28((<f>BwH)J9C|e
zT}mG?#V~$DOPt1qt#Z)i>Cb!ufLr^i!mBeHk$2xBYVKvZh;P9{S@`mUa9~lyOTaOV
zF8X}yC`5g)>dDx{+urjLQ@^lPt4^_~aOn1DTD%(swwwa2A+`>_8qup<O7s^7f9@{v
zh5%VAq2#}!>guWsA{vrIKF#Ol=?<wNB}Cs3waz~n{S2|aqMTJxA2R}_v{d{T%<|_=
z1d?zjnz66^J|te7pZ%$z6mYJYEnKy1mHM<#IB$(^W#Hzg=VEftYz3MUoxGP}d~>WL
z;D%_vKH5*LEDc!-)~xLv;YIeu*Cw(<{0H@=2hSbT70MI)4&Zy#z(BbfVQn9H{BIz3
zXRq;UNd&M{lfD`tf^QUdVmnoYWnp?1D3!^eu~X2T-(f0ffADs}u^i6v^nD_xzaAFa
zmGl#B6+jfRHd;RM+DV8Kg-ME@OR+z2tnvPI`^9!RA-&_|Tqn$GhdpO9xkxi@kqxF<
zif2~pTfE}d%weM6*v^#qOwsxjpF_XFu!wyTP(_Si6WQ@CWzU-X(l-Rgbjj+)?uW>g
z_3P)S5Y|t)hV;*^f!rN<edHZtvQ!bK>QN$oZ}n(@K)BO%>Ps`RXX5Y*O9OO&aG|em
zs2b{<)@%V0KQ*5hvB)4GL<c?Ev2@Ua*9s2}!vDLh9=vxMszNzvDnVg9ME~rm=sS}{
z2@|5r$@q=K{ihR273rKdBdtLBd;(Xzc)r7)g5T8VM(t%ln&6;Vg-N>#+-&NKvv-`D
zQ8@c%szyC$0TwT@<5W}w-zNc-&N-PXVRNi@*dl=9xx=X3eJ++RD{{CEz5#ORCv0~W
zY&jx3@3#&`Q7yG<I0zn&+-oWwZSGIZb=XWuwI~hAbBI5CdyLofh=bfx@Ehg{m=<S=
z9U+*H#J6-if}DF;l9(l7SdmEN&dF~Gk)Ug5?IO)`4Ov~qB5v6ysc{eHBg$l=9u9;F
z7S|>-*OmD-3?r<m^_nZ8V!cXmpEH|#*DQ4uEqt=yY)51$3I^PCXj!=qwe8GZUTNY$
z#XS9_HZ6{mj=YM4hBggK^-fl*w4;Mtf5vR^LAU!);MF>sdGIv%7d@Q?Ow#3Nb1>{F
zDLdWs9yhrmd2&&yv~Bq<APj=g04daKnH#XopZZt8qmc&nSz{gh-%o%H%}!9$H>mlD
znPixEK(l4(hYO#{l>S`QNOiZ5>FeZdUc6mM0SD~CHOi3b96tpB-v+o3npEl?UwPDs
zRXx57+#a?c%8cBi36+R0D&ByI3k?m){?Bu@Dt<6t_ybsBn;0|juzcdZRlySqpP{;0
z4S+R><G#b!GrDLX`LTIbs==?z^Mn;?=fibqp(xZ8?Xo*`d3TgZ>l!)Fb5$MtaD(I3
zb*v8~@<4Mgz0Wz=EtGX^PV-D&G7IsFjTxHbV_N4A!5JRn%}ZU7t#cfRmW9{E$|*~v
zfXgm2OEilW&F$*)t2x13PR4bcq_;0w;3g1PjCoXXBKQTN0`^lyXsU?!A4B<iMrjW6
zb%;Wx7}d?3v?*4W3#oCe&iOr-okWQ~IZ>!hrdigPcHsC?Jc=xgLMLVo^09Y$TEUL+
z92$KXQ-7iVZR2$|WHCcIu`hE2;C@VjjL)*yR;n!Ny0Qk6$kov3j`aaD2F8g~D*M}t
zF^^DeqES?F#^KmtTj0Ep2RQ#7mofOCNFhJ||5eDdJ7CBZav#izJzSv7mxphmdY>kJ
ztb|Z_`Fd0oZrl#yj%ucVeE%v0zm+fjhjB${w!JsrBYkZEa-TO@bWtT^U6?u+d%)im
z`=C*}{oAoS?nAz+CcseWyy3V;M>l~^hG}ry0`QL}C`dd*yNJXOM(^Fpme&}3;slHH
z8&RI+Qf8%CBs5`qk-kx-Gj|?RH))iAG6@|mPY~Dx0sE!=?N(PxAAR_%&m))gl|!N?
zzZ5oI7@~1zHK$RE*N?i1vQYM$OG8MQ?J+&=7aEpphV{x}JGK6=0+>Ks!K(aP1_rKH
zfyg-lTpNJY=>^N?tyBlM1w{w9J~q$j|Gv~78_z%p1asr56%uV-N~Y~~q_c;X=`_3q
zvD0T?H(P<poF2*oVVXSs!>jwMQp?YZ^%#(~?fX<yTgmojRY|#(8$^N8D8LOvq9Y$X
z^BeG#ZSs6rlA>$30NP<}^jIMooZ6GU{?%)C<*#l)9_8jItXPTUHr97eT>jGoz(+oo
z(ScAHDki!xbdLrkA(Dz1_s(t`<nfM^Q6)vP5}!F+@!1w$n43T+Ry$kOIK2L(Hf4~!
zj(FSMGf3x!-k<-%U(_Tly*PxhbuMvOqswy1soiw@dG|jYB<s#h!j_X(+coh+G#gDr
zOAW7Gd@bXCC2Q-#>2qg-WF|7$#Vz%zq}TZfva=U%fc~#`(cL7>sn$&Ko$Gb^se=tz
zE5^;miyssMdVRj_SGo<*z;WX(rDE&L-2-Cc4y%<`rkMv1pDA^Mi={^dxP|%6R=+X$
z%GVDQRj*74R$epv_|@gi3+NqE0J5cQyPPg=B|cWlJ{GpcV8MKz<P(xt2Pu6KIWs+9
z02$f&t}z<7;G9btD2yi+D4;rM&P_%C1jrFflT5&^6szQ|c@BOs0qT<~u+U%S_ro>k
za}sIf2K0Bd!s_W+lg4}xXr2o`@w)(oh^)A-Y<HDdkgt!D+j$Mf0Ytj#SFaduZn&WL
z>GjYVq+kl0=DlByZKeKrajVO;QWi-V#J#MtZK%liUW8M?^s%MvWVO%lqKrk&BJ{sq
z)ce2xTM$i$LZ2>r#=Iep-kt(O?aE8NOXPH^P2@3I!^#I9x<XO^9?-#=gq2`|G^E(Q
z_hWOAI+6-gYE#zA;z0IIkSoM$Osqw@_u)~Y;r0CZj7N~HYR5BP?I%CJ@ED~`iQKG6
z6?QWr6VXP+8xv(yAUOYHe)E@{zA3oYVG2d*f|YuW+F@V-LN*qX0Zp~HsfhD-^}SDd
zVBFBM`C&Io$=S-7D|-P@p;aZ?=rrK@6u<57GNP1c^d75921%05{vV*kNI|T*R)cn}
z!F4spa6oQCimq>I|2?FF>q6b&IK-JlO(lrIU;MGFXOg2_NPTh&Tm@8(+U|yT#3@lC
z%z{_v6lMge>hjn+xmV}U<N_~Bom_x1C_3C8@tt;6TPqtO?*TC*o0dIveq}-Ac^H(2
z5;)KCu~Dmh#HLi=KuLQPjo19Sw<@jh8DNbP(hPm0lT-&4WZl4;4ADXoD0eYRB&_7a
z#O#xi!;Rcm=8V!iCVt<}k)#roS0MN+mY&Ben5>CT*}+zQ73!q&OqYF;E|q3F;SaVN
zHV;q1_>-zg;dK46wy+Q+hxxj1tm4G-L7xek?lnwn&zCD$yyA%<Ko)2Rm>N71y=&k9
z?UkI7H^C_K{XfJbX^s@U>W&R%j6)`$zQBmevFIc+sw>d!RXX*qNLlXfiA{Y$v?*zA
zJNMTw+j#Z&CIi`3pI^FGHF%F#g#QS19>dIp1c0hRU5ov;Ldd}odTqEJ<zU2K2DqW7
zU$&KC39hd8{e#%75w2Xh?!vw{L3Ai-|JZc7BC#_@T;eBSdS3IL&>SoP7hoOuw(;d2
zxBw*BqfTikCc%LI>Pz!(Dczac<k`|}-=mBi!Da<kcgE<IArK=3<jD3sylI8|BX*p1
zcr6RaMZ&Qh=5Wn-uhlLh@H~)b^IyNiV&8H_*KD1yGfHQhby>Z?B_cTVMba&$ps5*_
zi%Zw!gz+Z?KEb3Y_N4|)U5`PQRmH>uG;2eFtxazN>syeyCRyG();n1*ppg&LLU~2*
zB0{Gy&GdNp12tOPbo?^xW`4=GOSrF~ZFKYJ8#ACXIYG$YDk-oWHjv$r{45OksPONf
z)K?+jU_)iyL%Lw!ZHEl5Ei6#tR7Z)VG7$7Ee^n^r;@c;zRyo*!o}Tdgi~5yRGH`E8
zy2%PBa2D8lz;r#IkhQC#1qkBkCf9#0nH&nyQ3xAn?I_SM{j}T+Qe>&oO%yzlqZV?E
zmGG<x5##vH^*Fu$=HS?fEA+oZ$s(E;zvkGt=7A68TZpI+75VUmqXyWv>ZMNl-!~Qf
z^9a&pCHx-A;hzL0lqe;g^ALz6U*ws8c;v;CWp)?D85L#+^MstPb@2pEX%)Ifo2vC@
zGLrYt8emMQjPf<?FMRoUCPO`erE7OW3e)q*{YjP0U0O2AhR-ri`@lJZ<zM{10i#nA
zG=dkjWo^ATPHi9>D2y92@ynG(G4tUUFa<S(S6I6X$xI~ibAX{B^aH1oZw{!=9zSDY
zTSQZM)SY_F)VWA5DQ;PgY4kjLtK(7>ij10r{tL3k9%RyQy{H$Bla_rNUS34l#dM?a
z6SBQWj@3Tj?2e@*IIh>abViXOWaG3<;Y5FnEd~J#b*}($%c%1dZ-BW)SuoQJ{PhCl
zI8Zfygl1vlSV_im?Tjd5Q2Q#m31gxHCDHs<5^lC_tG8zI@8F%H^W=n!rwm)da$wGW
zGyDR0o)PH)mFF4XLpSB)Kxgq)QR@|Jg%)21+^wKSIT;mk4R_c2o)9QiiH;i)SirPB
zFTyQTLsy*vrou9&h55T5LCJ1zr8aWYuq@~1y!jPR2LYwPhhJF-cK-mV*E>Kra#KH<
z|AqzDxfj5PIQa(v^;6qPZ?6LudFv}v3s%y8!Fr26Z>Ksk3Q|wBh|@v5@dSE^(e~M8
zD!fqi&AyuDZWCNZ1Kw~4;m?_cjm)wSkdRRab;To8&hKjltw9_S$B@sb_wOaq4?$(Q
z3R52`?qkmLn^7VEoWOtIn-w_dvx}fLFW1HHghCG?I(p^VJLplhom3>KdQ|XW;4y$G
zSl1K1pm346%v!Yb9UjH$$$HOwM~s83TS3d$1ZXfS1$eB?=iDB{HIACwIj=4g#<E&7
zR39NPCl3O@4mQmg>0`twp}HEz(>4Ty{oxcu>?V#SUL}UK*W=pS;WMR10hwVSOrg!L
z@|%z0s!gT6OZ4J)Xqgom{ZyFm>*g0TL|*6R2<IapN7Ku-Tm|;Fi_OsCg&&gW4XF1$
zS!ed;n>h8050OUx%JJPf9|O!7WyfpOmy;%!Pe#x0FnW6j$?+0`$mzM4$4>)7aWsj!
z20~nEb<C5^ri6e{6go3mZ{GC=5tqKsp8ugd>HLP9=O{6&k~e`Z4n$MCx~FH_ox91O
zdLpLiqXbpRV(VUonv;f5)&s|0-XLX)B}&*g8-PZAgHcwj%t%sR2{a!8;uJ<<)mpe@
zN`9jj=Dw@BQ~{m=e7~QTIi~jF&j`HgO%+_t)zFW)B9KlZ_~bNNbjCw!fAsizF6|cu
zQT|hbRp%~zgE1CK_j~W%1`Lzua8b;eAfG$<TIR!i>$wNaFw?|wH2*Fj><;M;k49MR
z9~uZ6V@xwCW^}40sHVf5IdmW2m~Q7wthRCgiGUaKGz#mJ0ERNXJ}lHREH-EqdA(04
z2^&q>p<>Z~pSG8{&hafs8PM<5_1bub($_;k8PM0W^aI=?T(vyZ#q%$>fYu2AkW~37
zAo!aje(uub5NK>(?B4|`q?o($nfx#r7O@AVPMfo<@O!W8VSirv2={fKB<98WR2eFP
znP>RN&UcxA7>yaXJ7Z2AXCfG&puN5hO1GWG#j%%6jvaNwMDd}L&9HO;(yFb0A~G*J
z*34qQ!DyNRIJ0!$G{3%=L&k|SLsY)xb#=rqw6^A~Zg)c#X$f42Z9jrB!}XpPFY7(8
zJNE<C^E6e=!spthYzIqzF}ucEt!1ieG8#5{Wp5<H5hN)4ua7f|fKI{5G!m5JJn*p#
znIb8{CG4;sFhV20Kf%oDt~<z^wbgy>KCixc(9)l)I)3(}Q!-TTMmuKVtD(ah;d?ua
zj&&}*1->GSy;*Bt)(??Jp{b9^&5&9^7ctE;dH<|52*(m8Qj0o?zieF?oM5>+FdRsX
z7p|Z#nz*X5qmFS&C!<JYMnU(0gh^Md^rKz6gqW){b~=~%nN%L5rzSFK-7~#`3PKJX
z3$fZIY0L7Y=}&;fGJJJFO~3r~+L&hZi=s~yC!m-jhH~t<o}d^AHMLDthvYub(emUA
zbkoL3UxzR2Z|ByMt6fBz@!vneI+4?}4`%z!VK(^v;}S>o`AC<!T!tAUCrFVzsVLMx
z9Gx}c8sDA{z{#gW2|DKGoRdvAmF47p-ycTBA0hI6D093^BS@KD09w7-(EZ#i7wR0z
zq6{mCJl?yj;ASGlwJE!cfFkAkd|y>vm|Nra=b*!`#wJVsfyk?32o2+odQgrERgVyH
z!0C9buT&sS^azqm7AC#Q6K)oA0fv*dam-c(IK(Yd(_S9pp@=&n=hzk&v8fE$A<_;s
z1#}EQ7smx4P0FPVf3Uh8^codyU;LxsmnhkuJHj3?-gR004WDszF8r=t2qt}EXCjjn
z+!u-_z;un7mXKl4PIEs{3}c{_Sb9YH{ZP=y9Lx6(;oDYt!%~%*#1sHo8c)l@!o9aS
z6=Z|z`;TciUiLB(G0kI9)}Cu)mGTe%K6dh~)yMZ)CvI8awvFgLf*WE;c9K8bisW@x
zB$Sbn-UAI!!bDR7IYmx7!hVb`l%NNpyIX)R<sjh>qV)peFrI^p-UwA^LZlr^xMA+e
zoPP#7S^AT@jH}-FvUs8L%-hW8{2n1);$c1_IR%|pn^<9oAhmHU*Pq6OBX+pO%&YgT
zj`|>E_enq=T66(gFsEyqnBC-nxzLmthWbU^u7h?cU5o(VMk|C8Yv=NRP5%3KWKe!m
zRg<Rr1@z%h@ymqm;A~m~Z|{AiR;uz?<h>prDnGtYznm)B3|?_$%R>sE4tZL8><oF)
zuS=0J`K8r$ZQ~_(@DD6iO@KHs84FDHX%J-QNzvtx&~YhR4rP+Cwm)i110iZ`xX)%=
zCc+x@{!$fYh@kJz^&{4^ilYzM&JAAK^^Rv2B-SHEf*xR4l&_D$GCC4+NfjAfT^9g_
znDee?XY4XYGQGb%u!de;D9q?F_IwgtDf`|}@D1t;T>~9zCGSK-aRr6M6bYFx?R4mx
zdbjY!MqC%;D0gR$UzBWz4)udtl;XOZ`=FESFZt9mLR;=FMaqGZMbPPue8ufq=qAj&
zRHrIu9ZF&SLB*k)Do9+cRq{cbt`$Daehg@(m3$eIjUp==;VYxJs>jV9TsY6E8PU4p
zeq6VwdSCA9rI?9X5DYN&YtazQ)?f1-W2B=;53kU4Enl7>wH0AXE$6Oey-am8(xgP$
z-wrU=WyYC@gUfYG$-kdE(<P#hL+iP&FbY)cDQ$2#P%^E*=C01!bGbIrAGNkdS(a^$
zo6ZLq1`;kpEzPMLqvwaPTr7S*Y66iQmNbp#1qG!qCINQfgK(2=)=!;5cL4KnWc}*=
z-}Rt}To0~~lmFZe*+kS-nh^UDyH<k4FMcox2+U)uW%hDt3$ro9Q8yj46X|>HYATLu
zGHXp-5@YddR^?%FZ=UZR6HL-4g(Ftlv*tjSKx_@92;$*406ww9xsbVIa|MT*#KXM$
z82UL$P|)4qCk`}%yX1RAm>V<^*eO4tH!}qb+jdj-XK%H`eiW<MD8~q7tB6gL|IK_I
zIy*6xRmU?n`jh8;iWF&3X33n6IgHj^44CLvhzk|yVvw@PdZ6M<3B&Dy9cJs5@>)i(
zj$D#Cim53t#ZQwbaKrDxSU&v>a8`DLiVmGJpVm&rHNeUY0Uy!kN%;<6LJ<}&D^ctc
zp8;l&>cs1OXM>$^!1ZV=yB{zl=w{F;7c`oHV0Atxdh?yYJNH1wUSaD4O2$jYrACH6
zGrejE7>+Qv1h#h2pR1f(HtS=4MkDQaH4GFI6%#2hIUUv(nKnAL-%~D)g9mHxf`IvD
z<DTRM4_su2V$jE_HX)m)@rm2)67_Ur>;95@D^q^RyYZ80=AnrL)$fi&5ZyvrMJ?eu
zJ-hz88nE5As|2Wfmeb6izVS|z)G^+KT$tE3dS7emVKHiT7Yl(lSH3UI5@xl>zM3q?
zU==3TcMkoj4}t=CL??dVhppZ8;ekkR;31zecjPr7PJymFi|WVMkBWm)=t)zCg7*#N
zYi_HS-%lCiGPgw~JPN|PcDwcndniSv5g77A;d}BiSyEB}0@-)CSRe|iMZ3C@w_4mt
zvfwRVN{RKbeVV>`G%(TEpziXEm_tl}7GD?S0PG~7=cYZMm#nYuA5c)Sp?QU%Nty_n
z^po4448bKa*2u8;-Hy-iZnQXy+fqN=E#=t)l^y9G%0@25p8!>%P0aMT7AJwbIV$c6
z5jxBfk77m^pwC+qD}(t`^yGPh%!4b4=?=N>Prpjcwydo6AMBx9gy+Dmnlw4^vY&zf
z8DJnGO}dD@5$z0(=n)PXz=TN!B8}5_e*T0REjA52;jb{KM%oFXH85RpO}fsPy}_$?
z%Ir!~ym*nwtLeL=o^Yz*#1RRKsioN|M2lov8XxMXrhC{t1zO2{52Iz6zmzow#SpQ4
zS;f7jUFe#7T;fCC8I*ufeGV}rBHWq+JYtWD<3qxoSuJ_M<55&BgsfL-dW}gMRcwF6
zL)Uc#UInVd@Uli9%C)2Y^)#_jjFEjzF+51{%k&eN4{!U^*aC!Oe(+RZlGA}D|KEok
z{`nqez{lRdRLwsOiDI0+#;R_8PA`;+0DPD1@DamQ(b=OcXhSt-KjXrU-XO;S4Yndx
zaw<}0FR$t>QQsKUL-d(r<(%J|3zg-R1@2++x<Zk^<2H{koIEM=xxrOaqbF%X?i@H+
z%6U2DXGNgk<zZ|ZywX6GI1*$Ur@q0#8*46O*7e{u0LM}=Aq9rDdel5#*L|4;ZLTjO
z-n(Cx$Si`N5Skg=<5Dufy)a6b%B`>_PS1qc5aTm*8UWSi&nHH_1%BZMs1(0OyZ|$X
z4WwSLO*b-50S>&xFj1Qs3S((r4yhV#v?wad+GmTwx`8fi23;|2$y@DRdJnBkd6iS{
z;e9Df=}w(^F5kw^>ka;BIB|VQQP{W=Ldv8sh(a=>V1Z9xZHbdqhUhW#ax*?1UL}4R
zHPK6|N*_0qcJ$N4(=M3B@v{Q7VWGKWFF~<LD5=%}WJ?gR<ZEv|p8^pfvIZtN{eT`F
ztHvUy59m{qR#`NjpIDab!C7_7s`AE~zQb$HvW`)E9_@Cj)jwW5)s<^&9F7sYHw#dF
zInK8$C=cx;T!m){g9<>P0pd;YVG)LoR49@^Q#3lhNEsC2X~3IQ4v5kIrSR|zhziF)
zFQ__;RKFv?0~+TN$M%Q_X{Vnj5S;QB(dSIESJ|wFKEED0EP!dt*N>j-H}e$s)if@T
zS9=Em&u>L~dd^3OSJ1FY6coE9J%yLACp;f_T5u+sh&p;cfGCFO?y1K`p95b*CWcA#
zh1}rz{=Zs)=j4y#&?AG(qN$fazg5_u84ka~TpS`g4X9SOU;^#8^<bid>3*e?5QHL6
zDd%_Pn#P{~%v8x?KxIncLUZ7CKvwKReGgKXiq0tSA#M5G8nRh2@L^)&qjh9t!UV|F
zt^*rt06f8Hw~n+66wU}&=iBAtzXn+bWU71=GAChxVWXVETR>n29lws{HHDU(lLHMf
zppsMgv1GtCXZ`Fn2t*9XX*tlfJi3ukJJWzRBIhyn#%(Q|cTR{hq4W%Wj0WKHOO>*>
zO|pA@Lo$25E=Rs+0;fAlK^;A#G2}V3c>$*ECqnzJRQ&P@p}LgwNI6VHQ!B{q*R3aj
z-TYZl4N@MEmcG(ib7zJ`3@Dl`N3}<P(BL*93A;u!`=9IRz$NAY&49%#1s&9OIKS^R
zYqkZ?s4J*0a0b`Rs*^h_P&XnZeZ@0+Zq?TjW$XS9+`ut(AdZ>~L#YCPQ~-ZlKBV+x
zOAri5><%}g!+%4`trl!nVR?%QH`y1W4i^6>R&x6jrUd7*v>#Mg`PYk58jax1;)Me>
z3Gx61S6<P^jOxB22|2zX56$<jAG#5|5BWQzvk)8wp^{fbGNV9Pedv|lfxpxuwh;<E
zZ93*FASpYH%6@av{x9M!5mzu3(}(>@&Lb*Q`-kaGvXaXKV+Z<v5k{q9Y8@jIubf{c
z^7b>o(4HYDE5ue&kP?Gma?_aEdk@qKT}+fcds!-)$N>eZ+w+$Tw)&Vmq#C;m%!rtA
z7K0lMNQsueECDFD6poF71+<LU;X$i7u;`{CI?@hOim3yS!0unp!6ga=0Jl72<=VB9
ze)s^Qa3it#c*#zit|&DZ@P16k(4OZvc?EpCzf)Xjx&2I=9|WbWv^^KcBs~QSS%r~%
zB6Ky!WrtDPLx}ZIWEZAqL--rN@680`x<SlT)!}@M=G*?CH6^F)9$c`RsosM&_5iyc
z%jwRL4u-`55X{EP^AK3T;X1o|d5wmQnuXF+qDD35f`;t1cxI7F>WWVKk1G07vDZ^$
zlem1<a9ppO0?OWQ@Kwa_uzoDjH~A&x&X2UodH3+D(vRaqtpEDF|NaFVhOo13gY51|
z<7I<_LVqJqJ@n8aeQ0Zt(KuN<hFZmIt)4N#3mM0b?xcY(&hb8oS!k}1C*3^&I%LFv
z0B@Yq%eL?qrmN15oc@u3G@@B%NBP;t7S4T0_KNGOw_c)ZGOo<=ELrUIo4+2pSQ?LN
z+i3weTPTytJb)Ih`T3zARnknQ!9pr-mo33Rpif0Rw<$hX^@le@;0_tQ{%h5n%`p6L
z<7R$Byh1We(0j3j)UWo+0jC_{dJ9D%DK#J(dsy3~%IyI9;~QX=zm*Si>o~bo_wb)P
z^9%?FJ2Ox3Yos46*wwvXt-kA_*8?sV#q;yTBv1q~pOI?wb%`K{_;;UG+p7vSJ}&}W
zsg}KD!#(t2dPtnY4N-J*x3zZ`4oi(y+aIWT@HuPsrp~8r5H{H)EMt7bz}d!gEk1Mv
z_}htldh2vm^YC<!4@T}SkKVdo@Acv+OmD>>zheSN^zOP1lt5ar){@JQJg#z*=<~p2
znES3Sy55FuE8nT(Z60)t4RTs&YF>HSe(|EvH{Ci$!SIIY5l~LjCEmmZPeY{kv-2Ut
z;25_QBonZ63>-$5SAoafo|h^99*CsA?m63^aI7a;63*GABHo09c1fxjECk~5*H)=k
zA2PgY>7;&%Jx99;CKUP$w6}@v&JI5^v3nnkQ3Mo%AP$XJaY8=DKcV+O7!pH#98U7N
zn9En;A*DnTeb%7k)v!bOb&m!hWGq#b76!Vmf~<pjL(|sxCiMF$ht7K`ya%d<WU;f}
zRlu~-Z~n;REQQLmhlcGe8jV_)ukm-|)D$Q-Uew)5e|Gu2{}pJMqqF*q=ff|o&mA_@
z8vs|c*d;W}WUq!fr3xQ9)=bVuH!GQmL-&WoCgq=o7+}++4O0H|Yr1}JPx1}-CzHCQ
z5ZPHHJ|4TXX76aCG{eka{OFlpf6JO3H5*IfClDbY#H~C(Bf?#lo<YhyfBg`26M%s0
zA+CUicrFHks54WE>q34P1e4_9S2oJB7>G&1PLR$-o?jUin^uM@W$B_`L-HjQXLX-x
zYF2}Ue!g-1(#bh6SUZITD}M%KLFbo!Daq*T%~Xvi=iWSAX=5T&f}+4I!$~bN1RC<k
z5YhBbL^tLWgTX5-@s}sCSD`WUPJyj-Pl9d6HM;eR8<q~x&G=uve;IBhWseurKxe!*
zOCpJ%hTN~_th;Tpq&2wrw2OfuKfZ+^`-#rjb8fr3m>`%4h)f%^#{Y;ZH@3AlxU7sV
z_}?oB`)TkUdU&4GYet>G>q8q^eh^duUZR$~u{5i|AZYK~w?wt}3PK_UOMbl9g)1T)
zX@Y-p<H-N}s{e9df-|X5z)cM5c%Y`-VT>&BgTWu!zpZB|ZBcq<>%*(#;D?wmf6z1x
z@Q3AKuN|dgYA3Sp1MbEzt69&zsZW1QUY7Hl)8$mg6-+;a#2A_ry2?xevl;O^9fRh~
z2YNIp8mF~On!ty)P4dXdxa4Jl7Ks(<E@G@}H`P@_E)Aw7>bax;dRzUOi@#q4;hKYg
z+aGwRQN-T|cyb>V<50o+Oax|>Xcn=%e>k@?4*MLq&|PYcZ=ZDVn<W}E6LEs&FKrm+
zj96kaWSpZ4zeBWsLCzsYw>rWY+7+g0b0Ph<@1IZNC(cc`g~$5Muz0a;1LAWOR2s7$
zuaQNRr}{I@p=EIMV7PC5H@mcrcuI2`R#CRQVxPTi4G9opioPz;<KxD-3O>M8*D^Ms
z6_k{7cvS<9s7}sOR|IJ&@zP2a<7{YIpc-Gx&la4L=c_%(1*@5kFLCgzQ|f)NW8p*l
z0>yn>X8dC#E+QPLQ*P6zVf1EX3LxN5{2DhY!x4uY5+QAvDQG$yd&qRFyJ;UNl#oQw
zjZq6zGL{269JIp<d)TcjSBb2N&Hdpw=*nb6+)BFf@KDWBL*4&xodYFO$cgv0KtT~?
zB_;@$8D|Sa1L<GytL(_n9@AQo9og*wXx{5{b!Sw;aeNDQTYgv-YY;YNoA1Qf4i2cX
za4SH~`Pj**tb2!9hDHJLG&DtgZ}xu?y-S&ZEnb$?&9d!yk21-Enbt`E*Aq_pZacsC
zuPiWK$CiA|g)`Z|8dLelWdKju4~09yrQ%<bB?P8`h&#&aOay-7#yM6HWhq_4@i37{
zlKCd0m)?;?4S)b;B2Z_JsYpt21oH->jmA?~XMvBF{K_Xwm9F`qk%j&vfTOa6AIJ)8
zw95~mqMk@TJ330}NwAqx@q8|bl)n66mLg--bv}nn2TD|6+>(U6@QT^-3{yxCplv_d
zeC`&Dr0wXJ7LmN*u3BMA9S~<To9V|5;^<%BJCj`kYPOlQvgw{nvFPTm7jMp_9ymUD
zoRwpB4eWZ;X!N{x#;qXSVS(D3llQ9^2C|O}S@5;?sy(yj<qh9T&hMM>&D;CQJ1lHD
zd~2M$^-w;jWtl#8DD3ma8u9eKZ2-dlc~gM<C66y4ZaU~YrHsE^r2<^Icsch|1ZMt^
zWcdpW|2sh`+3*594*$_~0nU#*>5O*#TrTCp0H$1f*0N=;tS?`?|6M7i(8l$?PIB?`
zihRjLd{i?mQ8Vw7{uZxhbMt5#vVMx8xfTqH&kRb;NEWPSQ#=!aC^AIcogQpzMt9JW
zW&xn}kD7ZZDs^=z5k|PZ=qxw-;Gc63t_`s+d^OKeVa$;i5R%cqu}WC|4UNOc)|Wyh
zHwOWW-c&76edDi^26F`IX9Yx}Mlg5|k;on=z;kHtMw7S-YD+)w-a+O9sGX`BEQ<*V
z*U_wS#b+P%9+S|S24e6i2udxxj`1QjnE!nEjNBcF5@>VOlBZlR(MY<I3$r&9er^Jt
ztEEd=xjQj~iaQ#R@#uxaeI~-3LZfn5rWvpPd!%rvM69?%yO$!MM?YQDZ*n=K=H(e?
zlVbfHCx^Wg0AR6*nqe@Zn>(OnNk!J~tnWVG2bt@|8pA?AG!Pz&19vt?W=!o1D6<R!
z!up=5bovR4Cf+@Un$`08ltD)m%TxnlblW%2P=?+i-*hvSbgdl#gNg;-o_5IWI3BN?
zbG)VF>&Rf5{E0NT*5gUskMeDuTsz^H)NW49$vJrsbbW+>cJTil2!8+j|A@i$F~gKB
z2dw*((zW?a8|ThU)M~x0tBStp6v=-FT0I$-+q6Ay;K`}T5ca?P*ZUabxg8?AATiLS
zcE8`k%h-2`HU4woaMtF@WC<*HyaKL&0z<@Z)KVKt=VHwA^gCEfQUgluRgFvHyBe%R
zb|GnS=fenrPJHYxA+-Z@W4yoVA5e{mn0{CHa`$Kir~C7Rp@r%cOMK1V0P~nKgNJFh
zBLj>%reY`JvFy?g5}>XM3g@;|zioXx%TcpYyomZVXn=)4>LNaj7??DNg%0uG+JjG0
zA&UfIhJf*dc0LUxmQ4&gpFCLq@>dT?3vW8?lqqCD@^Q!Q5pHAw1-AZp^Epo>K7wh$
zI8V(6EHkG(5~BH2RI^^)WHsHKD1WFD{K-kk`mm6rU}QruFph7*3`X1cCd|G=Y&21?
z0Kb)(w0zBPYq-u;ud|`x8n&w)D7dH4D}AT;3}kD_X3jaPz~_Ec*o(xE(6igKU1_?&
zz<E#?F?DK6AOyHSgF4Jo%|FcEv9e~EKW5c75!@V*g;ZRjaymAEAuaelD76|m!1g)A
z{cAY*Z{Yr)mhMlLL^Nl=UIbE+0_pPjF%X?uG#!=%qC^A&^HPw=g0nI#w6L<L3VVXp
zD<i<3gq$`B)Dh8#a#q+sD8wj)q~|8j_ozIl*k}tZvQ6*48^S^fUr3KUU*NrfGP<pO
zdtQkd)=zuA`vzW-IXqI}sLHj!xUlBOW11nuM_sR@da8t!yl^1)!T&tqdsNF`)<QkG
zwfx+C@`DBw|2=svXxcLiL~cCg$5WzZF3)3pqg4yjiIZ>G5RjBPE1|J79mb5P=VryA
zN`%amV8<^YlJ7$#3tztg>sgr+q%<9N_buPdHwwL@Ez00}ER^o?MK`|`ip{C&&PhG2
zV1HmZN0BY189m?W$wJ&Ik|WxHOIc93EC<S7Z>!<)Gm)$ro_;eO#0J@lxA#PJLviOu
zDWYrigHOg-h2FLYgyA%BCR%0Va1lGIQeH^bKN?Tj!^gD5%tZoM@ybbC(V{*i?t_|5
z!lQ#k$%xV}mwb>a!+RJye0-=FGMhvoSDWTif}GG_7svlRIfxRX`!&$xP<_VlXbiQZ
z<Ga%KBA2~j;@N<89(!+h%)-t?&*?IFlT35t;z`W$Cd3-K2~DaQc=2cJTTZw967IIV
z_i;GTtRr8^>V95@JA0L~r&9m<ir^telOnU*Y>N%6jw9D<8sysd6LQCRV=_RDcsoI{
zxLnFkVO|KZ`*gY9kbmt$4+`c7*I5bNf07r$8AkXsb<|^LeGC<4hdJY5!d@_JoK4M;
zhKn~3tqk4w(S&z8YYy+WFq+>!UFyKgj7D;-frI5Bfp$PD1J@Q!QfdXv`e9h!ZKLUK
z7=BXl$Ch_4Y?eItVNzjKtg;T443OkMV<HKMlXmRZF`=ijfci=xtgF1|^Bo7hw<ZrP
z+yG1>EwXFD3Yp&xT`4urChf8c=<s8tZ4mF;Y0&`jXj#g*?J|$WK$m(IYu8M+Z}Ve+
zFJPYTK$6d!z&8*@Re#RvMG!2NhywwL-gj}KT)AJT6PBc;V52J!Lpdn{Jy~_N&H+E+
ziOgI#61qcf{Tz51OPZW+2t0oELTw@go@+BSQdgud?*A1J^WXda>t>q*ncoPV<UM%g
z`qrpE1^%V--amTX8_H64jhH_c$tf`C-U-|Ff1Ib@;(f)<kI%nhcJWm41L1LW*K#E4
zo@iLbHIOwM0A|w7q42r6wBGDFjfla41QXqq<RS**n>>1r$Js>9usoA$df&bGnmj-B
z*QnaN0-tqyp)c91U8|K00J^}3%E+Ys>j&?F=-slmLVW)I$^V9}CC!kojNLv^PF=}B
z$qB}TeJL$BImZDP5kZHoxB{aT_2iCkm&DcuAVbJroC0R;_7oq<VUVzs`bO#BSm}Q6
zLFhq^`6j{vGeiRLcOk%%R=V>$bC<3pe5&FUaa%Qre;^Nf2q}$*@N83e&ch{5yhNMc
z1t`W|JS);pK0TU+=ITlwl_+Y31Q`e=c@$Iypa50$6?|6?$C0R)?~4dO08-dgxjnZ7
zebd2yc9a$+Swo~UFabAK@|_Aa&jvoio}{#dZ;lH$c;X9U{6&{$skTDexVTL<S#+{~
z^x;D&<XV=$9AzG2wN~=()C2J2C>446oak^P3XkHh&cqENa{C?zc=hL(?EFgqUnVHT
zXaQB34h5TI+0+E|FzICX>rW+stf*q@8SrVTI*3|F2v!P%6Wj9^;If4TFZsrdm@5#1
za!-=GV&E*8+MgV@;O%4NH;w<6k^StVb*PoT{G_-4-5<DDbGFcOr8sA>9<c5MhM4=D
zhh27~@KCO*2zsJZb{iJ?Cc&YK`KEE0p7XFT65QBV?Ch&t)2M-P0vj%iUG<`=mzzBD
znHS?lip&l!KVEMn9+V#Jgm0Vss?SpDtu-H^t)8XOdp<8o^S|zOtRWb8_Y%pXC1?hb
zc(!7d-eUrAAH4IyN&Wi*>P#?hy_t)2*iLQ@7asYgzX?Y0ABbrIuAExX@0x_2Lj&7?
zWwhK}2j1eh_eCj}laxWuWYI@+WP`Qna5%=s1~eGQUA3zSB{$g0Eoq#^<{*>i?+R0^
zJM8!cJ8;ZdZW|~cwI#Cyoscz6C8-3r95i7*=<P!Fo~-hog!yGxXhp?`UEX4w0G$|4
zsYajYH>c2=2P7p8$FkXL2Li@loaNh`SzRiTBLP<+iKpUtjqgi6>3cm>Nd)S8&JGFN
zT$O-QHORD!aGh`NoNDN3+*^17S;^8cA8kCK4>D@J%s*2=NnFd;I0p6{FJ<zSYdATc
zgQp17b#?Rs8?4`DKO(uIj|+j)d!lZ28ALJ_CEg_h=s5kHp_=v|wxE$&I?49NJ9wyx
zs#d}A6|S@AVZ0MQVI(-BxLxrX#oQwNb($xFep$10kPD{pdgrbGu)lvT9~O<;bHR(w
ze1?qR6izA#okEmiAnxEpL=66VE!$%!e?=XNfa~wxZZviVQ}F~kotv*_A(-F*utb~Z
z_12#Q&Pm4l^WC*Cpfr9Az}x~HHUHg>)8{453?d;dx1YM!n<^$KxO}iEHKI~xW%*bI
zVxrMf??8vqjSHQ^@&FaQ1KCX>=U~l`Fbb~joKPyEi>~LdfJ9&->vbD_@+$y7%Bw>b
zEC*CzDr0pOXiu1`wSTh-d<@&dTvERL((U@DLL#5yBUed7Tq##_9zyoKWgAD7X$v-y
zEkyePfjw#v;HmPWmd9+Jx=G5{Oh|_u?%fS|($l2X#{2UkLXVl@*zvC3yQl5)VQAWZ
z+p1tLY<J$zv9u|mh&R!7@WI2UyJgC94udR9{|t0!8syuJx!a-g-?tm72Y<FjDHz9x
z7vv|BWo06`)n&&Lxo8pYz^Hd~5+fU1B9r2}qne_xAMq9jx|w6QYKWRoKV`#DnDXN4
zqCK7)XH>Su@_&-&WiYu>?p8sT^Ihh+B%Y$q9a?R&uq|`&fxz1BWLtMQsHsp<jO7z5
zDxt|$+6p)puEfEt97E5mG4-qpq;BMe#UWRqm87Y7=v4>XkF3bXq}~M2(=}*FzPYd}
znPxXip~wqnqBma-RIarBnts$Jlcq+4yB{--<Jp!O^h_;H9zG;#Yy#r36O;F1auA}h
z&twI|a;$IFHp-Xges;px^Hq|;AV6@a0hw_4#MrKcm)B6tq2o8>>CpN;t1n#w@UJ2#
zwgC!NI!9A~i$?pbVB;){7kycm$^C#+p$N@})RQ}5Dt`&-|GrPKM?=_~k+i3ORVqJG
z=K`F73f=2&K`Q;kMHv9&i}49=SoUeDP_gs@gIrSO@L=+uik)QgS)4^r9hfVT*hB?4
z*mYb2mwMa!KnTMJvMpps^fS+5w3x0PF1Ma$;TY02nD&gLc?xj{qECa}{{~RB6?TrI
z_|_35r=f8bWcZe|6CTkoL;Ro|B#xhvdKkYu->T&CtYi2Xrui_Rh2*CuI<2#fi~|ZW
zszF<NCag{B3nl&9dMr=QfT<e%4G-_g_!fL&*Ubjp?gqd(s(Hfx)yvFP6U)$XeD^O4
zq|kDH6SBFu>z^(rG-zbNSHfI(3d30P&?KOhHn1z_N{p;FtFBj((fhcLCLO%Xf-T>h
zm`_af8508dpWXd62y2t5$sBcC&e{Q9)!#v!e=b`z1M;fI-R)8N*Ptau>cH4^h_u%Y
z{u^>spl^_`Y$gvkgqT)UTwNhCNyW*YW4-|C7drfdc7<aD!5%aeM+uL&h>7{43-tB9
zsRF;R>Ko~dmRXr7s9w_8dZttHTx>7<!1ZGBN{x3bfo&cPaR!#GV|p@rUC?t=lHRbz
zMo&Ud`>H$pfT|8D6@{Us84t^nrK2<3V5z?KN_W`D<gn4414s%J`dBkv;~9S0gj)a8
zy=#8lGLTf6?Hs)MkWz^%;Qr>hCw#}2Msf%Yy+YvY&;-IFr1$JQoJY)c@d`E_{mb5n
zG#$;|Ee>!TAL#gKDfs?>gIW-gV7J<aC{JXVP*_Rmv<h@RMSTfH1?ZyyC0iiYG)FE<
zIk+r6wY0P)%|;p9X;?%*QfZ}M_jq0skLV*3r$pglm@1e`Zjp(ZW0+$Oewc%WV>f_R
zdD%wq$Iw$2c-V5ACz%8vIdZk!a{4ELz>NLwpr&2fZPQ3%(5|MK6DX^LIz+6egty~L
zIH#?g_S`wpK{tXVvBU(WEkPhga)>+<8~#{xmj;rSblc>n2#Z-=xvB}@x(*-vsiAZ&
z{tJ0RWY+X0kNe=c6|=chQh53EF2EjDNu?Bw^8U@&)HVpGFA~~dHOxmZpKwMCf?V?b
z*I>z-=IGQ->~t6>KgaK|b&Qg;g7P_Q52aEphB?ac8<n{*^^du|CrNyl{5PWwg+Df6
z`bQl`R8I>RiCXADDnYcg2K_%*Op+PAdq(9WkAJ1a{whC$s?ZHx|4u!#XMj0}(ofOp
z8^3>cI*CF{8zNUK+J2zv5%**4I>t=**i+*Sd#PknEq)Bh2Yh2?>kr>Fw6qJ{r{8?(
znu-`*&;VS0Ut{qtPVr1a-=@UsJ_7T-o1>Du|M)b$R4#6HwCgB~=YDq9B4l0Rbd9-<
z?Hb0@_nOM*cO#EJc~jbKE<6^1{SCSPFXTlGlFeeXZ)()e7D0(>bIjz?NN%LHY_Qd2
z8~g$-N9x^DjU*xpl7IsBK^ljVl&{Ovpp|yCXzWeoQj$s?nW-?v&?g_tce{t@mj1wY
z$(S5BG}`jC*|w2D%dKqo=?#+h`G5GM{v6N0So&im*m6N_t**`MHkPj^SoBSK{7h8>
z$rzBNP4@hVg9~u1&4AVs>Qj@qxl}5MNyr<!P+FoJhjEFtY>Qn4s1X)(7L8bPChIP%
z4G0^*$NlCTt<(f}{rGIbt)WikcS}76Xf=c$wJMN3F)_g7iqYGIT=}OkmQ+UH@3VSG
z(ra;<MU3e^I<Jl1d4+^Q&547Vp3rwu<tq5^4t(5G;~bj=%(_4aD?uq+%Z8g9U0REx
zcN)fkgYfjAEiX&UVZ5mbK1|NP3v>{2@^P<9e>@0<Ov+wNO47BzS^)W^3Fa;@%J)fz
z(Y1l_sc%>yxm}2J>(joT66w}YQK!FxrMJ>fjC$0?E__B|A%n56-8lz_ubr#RMwXeB
z{Q4qGszR@p?GGm3?+vAH!m)V8eigN|^cw*C3NI*06XRr<L&=$JQg7u_B*<B8BrMeZ
zo3S8H2!@&na+Qn!jWGX`5rC;qYK#hIFwhdQy3jEHVC%Wzb8rD71O8d+^3UGYF0|uE
z8kL%<`jK>mSSd88_Cltx@jfM;-N_<<@tz2iF@mczy|s&(;LgnZTUSRak4syruoqbh
z(rgna&qF>5<MXfv6X@@603=DHD2MU9qIrodF<zI6e`1kL*~LWwKT;bY8#BTF!mEK)
zG&*8}P)H_zaNai3+q(eEx(p8aik@^UC!M%l<^vUjUh#pI=WXJT=2pM*Y;oe|_tO|K
z0wX|C$|YZt!Hi}1H}Z@g+=6%c`g)qq-^uL#kTa17!{=Md45j1FmlzfIA)dki=a0)Z
z_=@U+Oq2!8`GpBdXxlmiN=KONRz(O=NeuL<=qH%;sHG|EIv761PSh663T<)1-ksB0
zM;bq>gYxRAF3B*4o1RPF!wGGgdD(C>SM^HqkSAnmn|osTI38;6r|8lrglyG8iB2;;
zNRbe3UE^T?_OOimw}J`5&%_>uR8OCmnXWA#lVh)?9i=K#Sx7<k0zhw7cr0MF%EqFp
zXeA(~?>gci>Zpdyw8WT@M7HGuMs6BFCeC=ouhNEyDmk;+98zb;9f<i_$!4NVk$t=#
z@<$>9Yq~kv*HkOHC9Bl~9H_fiL7&65<LtBG%$GOPRb5{B`H+7WlA4Ol{^Lu4p09i-
zOV<sU2_Va7Cm`}tm28sUa6nwoqIdbF<EA|e!`ot>T>joFQow%NR>c{KwMMdvtQtAK
z^1zPrO496|cG90U9R?OHimmzfK3DYt%gSXKjQ#t~W9}gY^sA+~yZ@p({tu!Rg~r}t
ziMof_aN%;K(ekH`IwYCIeZZl$@n{=AXBuSRJsmb<42F>w-u-f2mzTzNErG@mz9|78
zQ|X+J|GvjYW%OD4pPjG3_wyLyRm2hO3viJh>w@^`AkgfloiNWYmmB(y)GDN5cJyA=
ziP|53A>iEF8+)NwBv;F}wOlBtO!L&l5MTSzSb@iJ;?+(5Z~a?+x5zYo&>XTZ(UUu9
z(SDPgfoEieAv(c(Sfo68M=vxSkvp6bekM}fFrG{cfsNy7%#|VCQ6U;&-D4Hp*fy{e
zJmlvfzhqRad-F_q!z6e*8kvfko7}d~T=M(07Zyb#PBL%%sFX;scp$OHWIT$x4c!#=
z79fB#N|`eOL|h#+`YY$;2qP-B2ore@fy{V5s)_%VpZuG9h^V5GAYQZbI@1!W<=)J!
z0B&8GzUvt}%+gwdWPbVf=T=4yK+%6T_+>?hh(9gZS@Ndu`Yp6U8skDbyLMh7km$t8
z8M$(N&GIyIb#9Fn?_yFp&H<==tN=?qy@U4Fp18#TDo_X|Nfozxa&|xZ{+vy_#!S})
zXq5`e7|ArvMW0LI?7}0+9%)HYyVxk7)26*V#PPt1`O%S&I=qk#mkPb@?#97MZ)nQb
z18$J!Lyt(2+mcR~Byx~FjaJB=>Wk6cRgr3MmJ4(&q7f8qwjIv0K;k+}%EC2#e#4r~
zcReBtc#9{h^Wh2KME!5~F-`*pb7NO+^L(@#+eVu;{tHo0cOc$%HoTPGY5oB*Ud8_j
z`fB&O6>o6<%v}=t%X>SZo2294aEb}gdD|E9k#gp{|K66T6)90uQ0rOqDUSS?l$28I
zHWcnw-@P9%q<9`qoihp==REl*2@2RjC8W-O{T8tOuh3B;i36mng?98*JsiY>2jHAA
zq)D9Pm+ILX-fyK3x?^UcL>(sORP45e;A%g<=L8U}X`=l(J)@+h5GTuIS)g#-_OR7F
z@YGMBOSkMbBygB3aHdHo7sQA%qfA8nAdp%G3<DKED#;YlP6Bw9r07s^nOH>)_cKy`
z0)FnORp?<dk8l^>cmvB=Iw2XU#J8u^ktj~9%nvBv)QNAAf^IUif+=>IKX!_lHYR&P
zNN3e+BUs<bJFl8q7NNG)yBG^<G%7`XY)*Mi|CM_pCOKx~ygzzWu>1-TVp2GB?)4)o
z3Z+Zrs`<Fs7}0%Hx-#41NmZoYmP&dv-{Zc}{6Ih<!TrQO7lxw-Gvk9In)v@KM1Ntn
z9zM|P&E-7RwT*Ykp<>r3?B>Bj^`}vpX!kZ)A`umpk4H7pJP>%@d5MB9gmbHR^CvVz
zC)t?f*#$=uZ^r9=NW2=xoZv=I-O6BY#&TG|`$ffR97RkdO9)L57}qVGj|ONRQyaN|
zh<t;%FEoQ>=q(_ZD<ZTb_fLWYp!M^lcSN`!1h*{nLFmS@T@J!yvni$!LFI=a6EZ|F
zSe<ql!X1u*j}pxaa_@n&Ml5PEpIBoKC5K)rhgj(l@#)j_#za}q$6J1ch$I5#c`~j0
z99JWKvf+pepo<YMCpR<phCCNK%{WFbL-VSgsp%h!EU7O%@aCcuL9N`XU|BN9Z2&*S
zOsH+ZnlzlKbBXwXxp2?_fxMEgpCci5du;$@6t{A2y)<T9(_Cm9_|_n6j$sQQ_J!3A
zVp2!w-%bg7@fxSb5BcS=FDUap(T!jxD_DPdMNLZk=RRtScBt+KZ&N(a(*c!GzD8U9
z&zp~7LWU+%tHgg3KNe+<_(@VbHf!O9)}q2jvR4<sfz9KmAr<l7BW)K6xEfc^Qwq&~
z;}peA$cv0bN%b5i5$r$N;3b5{Pm+;l=|>eylIHCtR4r=g&uHmpG2s*X0OR@0L;War
zURYeEm>(x&?sgP5Qv7}k2oi9F1fHfB|2tIw4abp)4rePt@X>loq(ctpN~7o=72{Pl
zH}jJK4V(hYWvtypfQy6xzqt|jHw1M<fszWY+%vmbxyy#$pxh3J_+tXoItH|F5<t&>
zxvJpQL6l$28(j=6k32WUhwWa?ZE0H-Q?HtnD)C-5TBo-91g`Bgg?90=xHJF&{wnVV
zfarT~@5z_xRgO>PINt3TGoHr1DiW>K2%=olxhvpV>-sm=!b1^=bD>5$7EpGU=NvkJ
zRH0K1!?X$M1*K+-n&9IL0SR1~eX>BWO6`G3>ZPM$HzvqPCv6??x(e-e(A|Y_xWuw%
zm}V|H-G}G?9F!nJjbo4CW27ZzGPaOno_yO~%1<*C{*nJIIvw{Un$QMQmsdVf&$99w
z{HA6uUjQ9EKw;cSev)e5HK;c^lk@+!*oEmjG(Pbm4o%{Jk0f3Y!f@PD@`9zZVf#V{
z0K}>D&W(t2-RdSMtE>QLc~|_=$NK%TTo6WN{ldyZyc**7xh0cZpJXf5R1o@qKTG}n
zh(vLyY4PYk8N<J}Yc4xdLzD9V;_EuVseIpm&X+P8WNVQ`2q8O;iX@_}$f$7a6$u%g
zO2bHla_q{Ul`SHL(y>D-yNoijH~;(PJt+Nu*Y&%8*U9&s_kEt{9?v~LcRTA*?8dFP
z#qjn3M#f+44QS?JH)FO-I}<1Da=yz;B$UA7W2~EAK02`g>Gc?>Q_niXUMt_Ota>iN
zj<QiHM@5ffSe5o3Om``r7zS)__mhN4Q%HEYUsI7dc$hMpf;<-bBVTNvfnsTlj{F>3
z#U_q0yj6^38&nO4PV<0|s1hosnmg500>QjM^W(ephSV8YJYd}S;nx{LRY*ZD?4N0v
zrQN9y?UoZFf0qyC9*&}Y5Ul3kA>6K>$QY2x_P#Iw%TooK-lp`pXU6NT7*Y;Wgg$Qm
zg=1EcFe)ai<82eB*`ULao#_h^;+a$(K8G&Q=d)o_|5X?`=70K9RKYxW3&s}KRBsxj
zr<`SZaSSV1{%*!#CSRfby!(22O`0crJp)?b$kP|zVxbqPr0o=*2Vfx;!%fSV&7QU}
zAZ4ZQ3$7I_;GGNzl<_=+!!`KYPTJ1}SF(}J{k=2J+u{@bs7vDmEp@!>`-4w@;cSwD
z&N?G4eQu8ovCm4^dGq5vk+KQofA~N|5h&m9a#*I|$_I8CBq3cEP;i|d0JP;WVzq^y
zb*kbB@@&x89r}aGm|Ql>xxNm#UMKEsYtOiye~-yt5*isFZsk85mOybM3__(ZwhsfX
zmF?+!f_o&OM)<_}N+`cJow{<HNhd{*%YLD*4C<*iUMK*M`NO+A^jh>p4MDMVdRO`C
zMu40FC|y_VIFzX^7E5Nz8zw?P`DSZ2Okn|ieqMU#yC{gI<waWIK$lZQis0JW!nh&n
zb_AO1GcM9>VnDFr!OtkS$!=zvz2>V<Lpenh@Nw?e4=ski96nm^CvAN1UUgl4_3L;0
z+y5#jVF~MNgeu7@y_xA!4th&n9_hXoo-+wAd4PZ=!+>o-DPVtkb5fUPZp@CW@&+Gw
zss^`1docx<Y=iF;q&Dh}<3$PcpT<xChS{K~*hl+(t7$Qn#>@g$@fCeR+Pcnf^1)P(
zi2!F1agDex?v!Aq3E92Rxh<0P%X0d84>Xghv~{eH`kZer!ME~vM1K1swt+fFilPA}
zO8su2_6PNTbEVtQ5`}oV0FOi&!5p4Dy8Z6$qf&|8yXAK%o$*Nwi!b((WZrlBD6~v>
z|E9E7M7y(F=-SeC2hUvGLwd!k#O&=oh{`@L{-bR3-W%`y!ZPscKj7zCG?e3c4RjqD
z5dZsf_j)7fp=XAT`tREqEVwIgM9~fS^F&)P;@b5f8D#>w+t;!0sW<{I4t$f`2R8oT
z1j}Ve<|CDqZ=cha9)$T&YQa?Zqnhq-HO5*~k_F4!yA$7T2V@rJ+s9H!?Z;zVODQ;i
z<0nrDZuQQobC(IrhBh5){T*X?hvdqA@9yJts*#{S`)$z;N1xLA{`_w$2{f28fEe$m
zNaoW?4TLuT_~JO)R~82@yrYbi<|cm*h5xh?fyL*y-k0<8{Gm)WaYVvTQ93zzBa09g
zu--bv4^oaj5-><i)sj9Xn989apj{b*PmP4?-6_cfH_P|xfqD8m)3Sc+_sf|GfDg7h
zWs3x^_<RGu%FQ$B0Lkz(uXclMWX8nJsZ3DtO`Z)sWkr&u-AuAaM#&s_S{%D3BwNz$
ze-OdFis$)U#ffn~Nw60yajl*ALLySwWGeZ+^9%Sh4+RKs)G#H4H>@uJMTcbmo5Pj)
zJ(Co00Tn=nK$(zB5%j46YR4F(l*iudOFjeDcwEo`a1nY}-UHS^_|t*lyWIS{m7Kt+
zSFT_^uDE9tK<z%^y%h5Bo^7e=S(FWaBVe?K_rFW5sG#LnL7g>dh0?}5MK#B_aqm9H
zZS&mc++n2@|Gi>V85jLxE(eQb*ZcAw;p}Op={RzGh+QIs-mJrIzg|W>Z?eVa9Ob7x
z+(!@U0qB<e`Yk*AX0p4SC?6lYEjmVq-%WlKbg0fXshnfQDK*<A#Pr2(f&YKkY;z9X
z)7!C3v~nTMbTA8y2aY#Wp%FS{jyTkyJ#W#9{%q^XSl%5u!x>Q$4xko*d&>^V9SzAn
z9@up`E<+c%M6W4TYzOD!KKO(zo^vn|T+i@79&0^lfZ^hO=kR)V_=Mb(L^0Z<7PL=x
z6N^t%>LSfU^*<i&?ktj|@7AHwSF=A?GBynQj!&l!n%~*J>80#l?@aqF#6Y9M1__lS
zP4I2AR%G1AC{5HNW%t9qH#CR1jFP@jKl6tj1dp}<_HpI34>i%&YzJ+>ok7ZtuP{~y
zP9_(bZNPLGQa-G>cE%l7G(;<@ssHO-nz!MejU3~kD{Lj)*t6w+-<o9GZQy8LeA3;s
zbIvw`e*4u8FtP^ew%tHAb5p74WMIOslYA`e&Ue8~Im4@?QopA0azO|6i?i-!z1qaF
zO+$ps=2-=Ua|qjMk-E&-y@txl|D6`(?Dy+<Z^FmByS&Ixf;Ys?_-FO0Tul`Y%uit|
z>-)4B-c2v*ZEVaBn_u|iWQ^GpeWdQmce%o6W((YQ&gp}=){m}LGm;|GSERcot43TS
zR4ZR!dEL!C!mwaQX;QgaU&7JZaC|TJ>N+wEdEQy9MEa}l)*dQacK8e4hl<in+xqaP
zTgZQ;ME-^iCHHA3IyM*8#tumCC;b)u&%eDerkl(f=&k)YKD{zJL{{cDe#bFOn4A!q
z7J)S-FkRAQ3AOZnenQ6nV%{K(W`W5$p~7K=4Q!Dv9e2`;33SfB%J-QKoN8EAkEsuo
zdG?j<Eo5p>ZC#jat&&aKgl*_#uHUoJWjDXKV6sH;B!I@dPX`%I1*P+9DoWE)`d6Q^
zrkl(MM4>8kS>B)fft$W)c=jCGrCd1ks!)1rj`GP|U)8+z^zU18VJ%aYmmBKpKX~kZ
zK5<9QeK(DLDU-(?*?QZW)=4+RL!!mGbk$)W#|c&LdkcPQrIm;9X#eM5^>(1&&TB?L
z#O~*dA-j*zD{=b9&S%Po)<e~w#0z>=9i{9vPx%-9(3ImGvTsQ9980pWw&tJvS~z!h
zx`VmUrII?U?$Vxy-eYppHR-RL?;fb2O6qF+qMS3-Pno0mTl`w_ix$i5GYh8*#$J9D
z`1qPJNY`j0uTgb?iL9IQM%j4Le_NuBrelnxlKd%ITLJy47se>NPB&yj*E3&N_eZ1o
z;lQ`PQyyi~EeECwf_-}%+%&zB(e3HuUOl%w-yd<=mU}MN+$vTbH@k~*%aOYir??!U
z1h6UpleU)4MRC5me0!W}Y%O+?*6Z+0l$2&!>zej0{gVunvX!>dIw)ggkvkTNAD;zd
zGBdjydq`hdWRoZ<j473wBG=nAkA5pw>qG5j?uBkgd_}abh1pyQe~GE&-a`nmiDm!c
z#PKm+A89C1JI>JREA&b8Y?xqi5QL0I0^5o4)hy=;-~yZ0Q~Q49mYe#J{IpB+?28M=
znwEY({x3?tOx=l`yptC<3?t%>(>?GzhkNbOE!}#&aMHIhc=y%QuN1s1E*JbV&}HFI
z9Q*M#v~{+Np`N-bvwl72$n$2H{qWFx``f69{mIYDy8*1L^7EnMXQv#}oqa7mYr6B1
z8Ji<=ky@wHBSuPP>7;yrKAX}$J0{eimSX_8Bx7Pt59T~a#JxmH-gdF&mYm_#-}a{P
z%-cGf%%D?M*;@{Hl~70aZ?BuWdp@yqzJ1p`$6SNmoOZLSVo(jGRAb1oOBL~ZLhYvB
zQgkldiI31tuGF3QFmG2z=~bqe*8KEvcjR1CWW{Iw*=>xBY@MyuloX{bPdnmlY%yau
zggJ}0S^XGG^YUPNug&FX+vSj9-}P-%=8_OoIt2htCWx8$w<1DJhB07g4{M@$XnlK0
zgb`uYL;i#@iCg-@^4~Yn@*I&6!5lc1%g@`ZbxFGQ-uJ2Xd)^MYA9*mfo#^B)!gptG
z+-|{ndZut;=EIMBI(LbM>dEsgyO@)V8&aPXPA3&AdyO9R3iOaXd~spSXyIV)$3qj}
z9#ROHeR-<)0|18ZYiT4kKV>^lKIlBy;?Xd%yP8$b*lWJqD`Nh;+WZ~`#=<Jk@${w{
zLY5KyUTxRHWLbK%PyO7}3$4&8FKMh$LdjCleQ5BwpzDVdl~P*dLA!70Zv6d2x}Htp
z_Sj>usmFB?s4)9E%-R|t>DM{jpSCcaR(GX!rbT4@PPN78d59OJTfWkjZq(Ka`{jD`
z=FQrGg~@<8X!2E&+)^?Q*e*e-IUPQd;lh|VbS?hX4m;o5bO(2d2JhP}3$=ZDP?uw-
zKjUDYoN~rd!`qAV+xC-m&Ug2FzV0;R&5HM%x+$K|p@7Y6+3$(leUEiv^K8+U*`kbF
z_1f=JvgaV}A46#~59P~;fByQFG$Aw-6IjVuo}BW4bwuD^(`Qr8u%<I=DRfI@sb`|C
zOdg+Q+p(l(t4%S*1Ou`5n<o}^H6n0P$1x@LT~LV-;>1*eQhS-0j*L8S{UIR^O0wse
zT!`%Wi+~u2D#zWqb0>H6ujI}+nq#GRyQ#5a9Wx@{+vAe<uy#lEe#WievrU#N-Tb%Q
ze5YKk8c+py>}Xrx;QYX#ux|$wM`FBf!`H7@Djz}rLDOgwklez_Y1HqYv1j$<q)Q%v
z{M14PS(Q0AMu*Pc&)AImsDe=oXsB3-bVt-E9*|(`o_e!u_Dvq2f@kNpRwcRtUv^#1
z=C9DMWAYWS*PMKQcXrE8<ffM*?o13|eW;x+5S3#;TysiZ1Y=#Y9}`sL>@YKMxiECj
zy41DPBVXZQVZ1PNeOJeRj7dqqM&z`n9z=`3Ki=)m(wVTy6{f1l{yJ8`DEe$mO)1PP
zs{3d-{*wPjV|>cwV7v7fzs#+2WkXD4ALCtE?9vllSVj&Rj5U6FeN?M9{$ifXP)G91
z3t=L%k-Xo(R34}(ecs~1X+7;IH{n>fUKHjv1V24(uE}xevDXV;Yw{Z-mM>}oCYvT3
zz2+JjX58CpjDoXH+mP=SxA~%}Gby&KRYUDi5EL*y7y$Ri?Uqcg(QI=5!rWlwm_xHm
zk;)SlE#b52yyf=(O(FNCXwcjB+yKzsQT!7I{dbfo{5ys~y@LalcUt!98u-(WLmpCU
z%dD{|_<Pi2w{?%)>uR0vZ;g#t47PLJq!z)~#?pOzFwzbyEcZH*<Ad`&&rx<E-meOi
zFU5jgW#@d>nUb%Iv*f!bLnkpi-B=hwAq$b7km;EjGmnr-SD*4nbPs&*eNQqROVrIi
zCBt62i!7b_^>1&DEPDKFMBneb7LextgD?HL;i#9`*&C-X_kF(qdamEjOunq~^>}8w
zq|8@wOf>jw{oftvwEeEy*hmbFL@u~%&!sv0&LNY6%{a1|3nxp=+@%}jHMtO|Y3=jb
zSx?WCU#QYbu@}33N8Rv7|LfTwf{_kqMg<#=PHx_~(WGIBsr{2nlK2@Z4WkS0gDz##
z!d3C9Y#c;$FNp3oZ9m2$R9r0RHTBWV(sFpFf2T(Cj_{JZLkmYV8~k~5hD7XPR2Yt|
z{mcfs^00yKm~n<H69cM%bMj7-Z?N<LUHoj9cp;%<A^!7)L+_?K=B8}vgys=_V{Nbi
z+VF}&#k*NMm~WNp@#<1s?_olsNtT&HU@u$xAxxz*N|kt{s88+0Nd-xPfeXHI@|(77
zX_OO&+LR?a=Bb16MZ?{EZ^`&Vs4XhbzQwGRegq<>Uv7w)KUg-ymOhx@z&6>21+dpZ
z^=imYK&JlCUQeIOaM${sW%YXe2>tEED7g_4IT6?200b2Vfa($Zw#{^cV2>^;$_Sn`
zSyt(z_5#-k-CuTByQJEWSs!CKUp;yGKrzyL{r+$;6h4O7h;$ctg~?qDcBGoGkH~K}
zma_8`kQC~Yz7}gV_fseRx5Mm$xR{u8X%8pEcE%gerc-S!@s$0FlyU=Ce3ZYvP~g!B
zB95m7zcet;QY$8qb|*qZX;x`%vV~+=mVvF|Ow{b<LD?M4&(rXgM{aITcmLeC3U!V{
z%LR7qxm3);sM<oHXMdxo%}c_>>j^Ny?A+=yDm;H`L@L{P{5sq1_9gk{_hYid_it*Y
zhB@96#YV|vhN7;;e`Y27LCLat^JW~QtBo1W(M;lVw>JESmp%n_ME;w?t-o)IM+0#F
zCWCF{`o>vg&HGS`_%0)DW#8w7ItO&wMNJ@i+7!!cCd2sCf{k?Jsn{O|(N*jS#W#so
zcVjbl^-FlfKv5cmOKI<|sirDVF$0GZ#_sLTnj733U$tD)_AYWu762UfQII~_f~g9-
zlY*d1eo4NQC8yL>XXpKfB>sAz?V5{M$5C}R9>h^`D?DC$9ln+tj?CH8$qzj;p)2?f
z8e=HEIQjPN+jP5kbj#NRIi*tp*a?k-Wb0P_4Ri?yrlfGoPH2-m;+7IhP8oQ-&BpG^
zSth^oY(%;f;^N{`1?~m}#BFhJ`_IC}#N^A|hV|=f1Lk`IViEc7g*)H`B4@uWzn+8z
z>#!&K+P1zvRPbZJ-SN4(Io(X6PJRdD@fhMTG1ngF+I3hBUHdSN=&!L{nv=&;rX+14
z4WnH1=JO4juG_u#ONSlBM}9-()rF8vD{_FXqZqc2Z8Qx%*-!q*F0kh+F;la3AIC|x
z0E0uIL}Nd#!>2M#CPYprWPo^E_d!vQDN}GrKU22veAU9N+VtSU{NQMXou>#~Jc0$o
zL1`)=0;hL4W(ALPS5sh++f@6&$gYK<UFphsf-Y}pY9V&jK*2c}#zAf7T&dr?Z;2JE
zJ;~aM<5l>bBvYAfFIZec%A3%;9TwYTiJy(Fgt&Yxm<5+Iz2DIPVU6KmBHZtBb2I?!
zO0k>$67>D5ISU;=jqpwR*Yk%sL2KY2AqM)5rsL=d`cMW+g}FjAbsVJkOg=?a8{TI$
zV_7;FtOmsmk<jua66XSg7;wUx4r<s${c&{aWUzE<m8TrE<`0T47tS<~MlMW6_JZ~}
zk>*-q_421vNk4?+%w)p)!w22X@<uA9LqBa>G(WI$h!B^n^l~qqg8F)RlrZs{?D8q>
zfj6=%RgnG-r*ILzB4D)c=AT#B4lelOsk)eSa=pFwki;1s0c*S$P@O+kx<d1KEK+}p
znBfmSkZCw|zYHhxK2*s~zS$BB0n4o9fRjfNo%@6FclOiaO8*G-)PI2g!r$oLvk8^g
zb0?9jwZl<pmHaMnw{01CM7nHI&E2ydR#{2lJH%D3jF+2zE2lE(wJ=j9@grdNeL(aU
zkDepFh)JBD*6LVwsCUbJ+m^i(Q^m}$?+trt=r!qd??#9<Of`A-)Ku5e0F+u65m|LK
z9Q8qE)!q<R(_PZVj_MZV&z9uhK3N=JIWB}n@RfAGuef&;gCe$?#}s{S8P6Jh5#Z66
ztkL3Br`ikX=1ZP&Z{&P$hS$RU2alaFb$Jw4^E{~8NdS2`PXb8(ac;$IlGXq}|B<b-
z({0j9=8=`ybt|n}$$a5extz0`{$Leslp~0wv{~wCAeN5;F=|G)6%K9Fh`0#-xxECl
z2+7VX5M6heF4uWoTP`5QjGS}enW9!7Wf{pl#ihdyREB#`v+juq`e=MEtfsP}s%F)z
zX48rw{d0QO^92+yipt3Nd7~>`x;kM;FJMP^xQ{hbW}IpR2{A<2vaYAc+@RpLM=Rp%
zXQqWCyN#NLt<^^wbM9ICDI2GHzLyt-gJCR<)+UR|YXI658DVvzn8K0KNoI*Js%<c-
zk$E<y{*Ra6ibXaa+L@@e>V)9&)f<6NaPgK8u?NXJ#42+Rj2;?vt<nt=wmOyr_#RHc
zy4uEVit@<L9l^X06M3>8rGda!^U_R>w{Hpe+5DNQtd}=m2WmiX$MQeHC^!s8ftx`V
zUC5U|6b2clf}UsI<2TF;t&qO|h>Ety91q@eOm;!PO|N6*%(uYK9H<+t1Ba}x#`u#f
zvU2letO#bkfB%z)rB#5)(7`euB6?Yeq?ZLiYWkjj5Yt@Qt183$w*&`jac40)y}DIv
zg9AQy7m+D)Cked3*2$KM*N<gq+qcBE&J?st8-IdE85IbOD?yOw6te{jFLJ)bJ=K0!
z->7ttdZ5q8#!-uQemO3YuAy_?6IF^k_JcmCsf!y~d6_b&JxSBe(N*$SWb{xjk&DC=
z5+|?{bx&bMS(w(zQt_9(gk4kbkJVOJt51iwPKAGJZI%0q>s!=2jLh%<TaVt7jJs0W
zNm{xKw6>(U+%b}BR_1E+esNm$R^^IB_9)>mNI0Slv_o=pI2ubM9jF#FcyZGkx9vg~
z7j+0TAa51$Djl`^!uP3vvB%kWh5Lqjb?jx|M%qJBE=9f&&U@uW>_R%gT)EUz5zAb-
z_#s0P<mX^z<zbSp5+j?4y7bj=o8Z!;gqZO-eQ5)GKp(Di?A7#4w#RWYWG=EG*Z>c)
zA_4=TJI|2pGB{wR1eVHg&_B+$b7v{(sU%hlM6A>s51*bu34y1k%-N8Fd1y|#^at!m
z@(_pqJz-5RdmVS91T7+9Dspm+RnP^(qp+7j#+@78xBVGHbV|hzU7iF$KBocfXc%dm
zQJQdKeDzK}8<#euei08Neqvm1>v8V7DiEeSe7y0{(wn04ForBi1K-$KNvF6DuTA~E
z@a#Lu=5I~Pu8Vqj`9G0i#%R8adqP7xuT67a=KO#C$Cp>wwjJJ?E<+;X7zkm5ov9j$
zLwkWX+SB`L<<URDQg?6whtkzWKV0EZ_;vLUkOqU->o!KByQ$s-)Hz6{osJ$C7lrbU
z%2CV(uEsEVl<QO(eixsicQ~lJyqYLq^5I6D@q3g*4Mg3JaFMuti7??DZFbkg52(43
zw$LMrpB+4UD*RAl##hoV$YX&QGo(oWWCV><V&Ltvag{Q~OHm9!ST+MH*{$u`iBdIv
zsFo)2p&rj~z*vi!{CdvXHpGr2UxOqnd051K+1o^mTFN)6zE6A>9i9)NISJT&d31*~
zCDZAANGdDuID9)4_jMK9iK<1hRQja@QbLp~cb)JmG9gDLWChHx`%rS_Oiscdq@FCV
zPibF}R2bp1K>3q0`j!>-*$rAY<1lH<@Fep<WD4Hi(9`&5rxL%c_|S{z=}*Tad*;KD
zAU5MfMiOc93t;nSY$ZKnj7F4m;q&uyLPd}Moai`ujZiv8zy;J@LD)%B6>ujdVGo4m
zE?rpq4XHmDZ$HvGg5@Ix6uP$4t@V<IT@lJO_*h^xvGC7SOK-zdQ^Cu4!gQZdT;M?&
z#tf012KU|-$-xWLd@nRQy31SSqm0J%pY&?x0j~5<w<VHZ(12KsrA@l%3oI#}j!KBc
zZ-LU`O%BgULN0m=sB<SLWJQ%h@M+4oZ0dP|;#X6eBKuX!0<P2y3``4F_bH?)&4P|Z
zhI$bj^ld;xHpGzQIo^-%8*t?cwVBguN~|vVe`Yh36p{K-8mXw_kGf0vMA*N!$4&nL
zlJH-}T2VaW*A;d>TrYCgYH)?Hi?28bXJ~hA$fI55*A3DyqL5&SKU4kAB@R+I#h<<<
z;;ZILUzt2CEGmX-ic=U@({19a;>w!RD~ruL8+GPT-5_go0h8aKTDF|?UMqj=`?#UU
zW=?L)I<eXoc+k1(>Ih2oaKyYlo*t7%I&D_4686)PI0-q9ed-&{6kqLp+Nfk;LlPa7
z7ELq^yPVT3yZYv~quLqRKK-hF7g2GXM49iH3Z9d$Zy*z=CVnl4HQefGVFu~TJW0TU
zx@L-nBvu9Wp1R2F(rIqE?#gEoE4+#5;DhAD+kO~}?tH50FL{s}T_m;%mi$qSbNa}V
zqy_3mu}&QWE50h{HM-s)BrZ8R%C>!3MDbaa@exf-&fI@#B@OEDTTTIZy_Qco0X=x+
zss8W)>x}qubl<!*;I**+o}%%I7}fq^YL3zv`wUjHjVocts^jy)B%0}MSs@tmgs3@8
z$+m*s!K`Ge%a`Xmydok<dYV_3zKab4=O;<#RVgYRPT_D=jjFk1D<@)p2m8V;wtV}3
zj>}tDy%FAE{|M{(Fu%28|7OzP@i^-5jp3*^u8;}JBFV!JL12I(4Rex9jbDI2SR7mt
zdaw||ToC!96aI{~{0m8Wp#Qy&CO*XC((;!x5W`rjwi2a;rhJr(S_K4q*@UB)bSlUG
zn7}{<yTE8?^dxN|_Rx1zS4@$#P%=zE9nb6FzT+SI3ICb>K^^=6qx!-0E8Q*cNsCWG
z$dZ{ef|5C$zxqJCiujDvuyEbwr3Xf7!ToCWM*^tlBp&dXR5pLJ%4*JC?-xRn!bR@U
z6MPOA34^$638EMPoGP*5axp9EedKwHMTg7{MC#Y00Wwi6d!e&Wtg^18##r2X;>*40
zwo>WfLTpsY#FIj0pv8T$Ll$2C?x%A1Uw1gYvR#DS)nuqXA}bY>kqPTKe|#11RWQ8Y
z)zB*+UZL3_hAId~5aL8)v;*njPnXXNZS#s6D-Qm#>XOB#llzdV7G4oOq5JAj25j@9
z7%p5;$Rq;w5U+gcvDMb_SR9QNdhy3Uz?R(*DJVJ<V`|2aGG#jXu<xtMx7PY{O-nmP
zf4LDq8!%jxbrmOaBa?KWqYB{kxOzjrWo+Ss?n)%*udJLFEzeDnZDVXL6yV9oHuHqd
zDk!!S74KN0S={)S*!ki!&jk7stxZ>})38Di09?jJC}|wABi{dWk5`KVF;lJcH*eia
zzs0#~wHb$jM;Xg2Q5~eI5H)#qM6vm8YoI;u>Z><#ydNtiP%7f!;u1Tdz54JzQ8Pr&
z#<|6gkyIGEOE$iH3oZTlasNy8Y$PR9L<F@ivaRVldcOB)0%f84x<Yzim_<8@F)G1L
zuvl#~gS*~AL&Sun1YTbBd`Wtg7EWOZujKFc#WSb?kcrT@M7@Arddcuazev?XNtwvK
zXz;k~7i?t<@~}4lLF@^;CqKp%Nr%dbKQoWvw<%7WPLE6_67jKDAuyOJC_H2Ej`uGU
z!;zk6y~wRww=`rneptDyqk=FcR<(*08}*vJmaWtb<*3eLLPUN`VobXX$}`*$G;r=n
z?iC@O3xorhX{-BYB}FlRhyl;7tLJc%UGjn?)@l|2-PF%lG`S>yc()ZxZ$eRfhn>q0
z;w(l@BE2Oc6ZKW9{o%-)C4QBzSng5VF_@4a!5a#e4-)x+uVkbp_I=B(b3~Vbtta>4
zxDK%`ocw>wN*Ru%q;V9?U83M`xE77k?-q?>N|;MFZ<n}A3WO}m(0)eRYU_R35C6C%
zu?plJAEt*czjk*VxuUSQL5Q@u9sKI~TPo&ecF5e%JGn#!Q3J3it-oK=c*|!-%_i!x
zUxIAu%+$&7vmL4T)tcki`Erni9v)PE7*A<lsv0vSo2B^r_qXEn5{%1-y!gTV4jk!;
z;P7Qr<J==Spmg$d>80;gXJVj~p0NE2=dQel-}bnnJHHaKm-^ifq5;fv>*2*GCF)ME
zVu`3`ObPdYrGq>WpWWB8VydG;6L{!z{F(hCo_2RPY+ogIf%337CqX?{+|ga=H-)Jg
zM()-Wg01uHy6fkt`#bh`zU!e!H_+xz?!$c9kXCw^eA((9o8von4Lq~a65X~x8TFx1
z7VbGp_J(*e?4Sq926TFiwW-EB#0-RZJwq>&pY%OB_PF`zOX9yjiN6^~f?V*vyc1C_
z4&81Euew^ymsLGwpf0<o&YjScogUVS=8s&nMwex7@kb$Cw1vz7PI^7jRE*}#ijLR>
zwzoA;Tq(LqAL{SAW$rHi?olO6+RZ$BcHgh!_5P2R%{>ZyM@hJHr&jPO;}srN-;e*o
z8*(_LKE&wRs>27)O`zz&E4(NfEGe;ZagiuFq`vB|Fl9XR(&U3l<F`Vi2Hjf0C4P+x
z$CS)Wbjk+j+$ubER^u(ff57_L`V^9tf|UkK<7>j;w^jP{6Q}xF1(CaSwaLdSA%?%2
z02Ua!^5jh>r7SmurET_(kpfKB1@Mv@h<0Dz!6LatL!kof(0L~RN@+2!FkSwDmiNMu
zOjIa&qo^?@zS51#e{I?T+4Pjs-1)*hM_ZHCFYZ~7?@cr*{p>CL>O2JtC+RVIm`txK
z2Q|ISu10h8#B-?_9Pieg)~xWmihGt7dqd=zqiau5iNUj2Woc9;F_K#f4(Rh~o!9oq
zlN9My>=;FCVl?Zs$|Q@fT{=d^lq;+N`;Vfh7#70KdTz7JJUi=o1v+)&Tv+a}umm=a
z>eEe;Lni5UICU>nU*V`lXXfW(y+uZbdjtkTa%D152iYkEJLLUb@$u0?QJT3`Hcr$C
zc`S`Z7bjgqU%q5LN!={2Q1jHeSRtHjSNsFk!jEFZ$EUPLMfZ}_Cw`dbyLZsjxPex|
z1@~T#rNgO~!pn5Bm|2(3&8X6tb-nqI`Etrx{>sHLGsHBFqMDd5|6r~@LV5`NDsi`v
zhPsH?Dd{xX2LWF<rD^Gsg-hQ}Nc`?JV9wS!0?@qA9sDg4EHDjrb>;{4$;cX6`Xk@P
zOPI|Vk^QPsX0K+$&wk-4d{iM9*&DJCLwJ$!pee-lA`|Hq_y$S_h{BaZyd<OR-E#bg
z=LOcLo(Q^EZ1&(R9G7qSWe1%Otyn9RTp!8x92^>7zLB6q$-XFn^J-BpBUayNrR!9m
zOX~M;`W5c--<1O6{u?EyV_rC2%a$cwv5D-}cN%{?UV@}(Ref?zS=pdK`qW&^WD)y$
zqGHue)ToC?m+!g9tX)3y$*)bGP?{u&vLD`!+;XthPO<cbMLUt@+&uYa=F4L$*&Zmn
zCDJe?;Y!bhIymTDI?}mfO<|)%z*{ke(&7h~T*SmHol7alR?<KSP0RP*yJhz5ft@?Q
z%GoT|+Fi@1grf#l>TKWRT0e=4(D_PQhcFGpU~51l4QJ=)o|J@k;_U7!;OaQlE9fzC
zQ)hH^q|zIV5|(*-9e!YI{3grFgE_4AQa0p?yh4qU0f~7mh-06~&#t8Tqv@a+<_Gg_
zbz^SpsluT7ioP37wa1oMqD}Ql+uLV^cV{)PM>nd5%6ZhUczjCkc(|X+OpH%guk=nG
zH~NDjO-v^9<(-D-!&hmHW&849AHZb-U-_b<#=t47z+{qFaFQXuz^hPqORBl0gh<<n
zZ$55Q6g{_2Bq~<}^gP-Xel_C1K5T2|wt9!2&uZRSt+AG0OA5Y*k+tvi{B>>Vkb1Q7
z9dk1k{4!0W_BdHuwU(ZS7;97&Vktk#1`&M?8&+pa|L5C8PqP=QA!?b%GVfO5{k$*e
z4I_0t%4NY*gof|np)i6R{uzO)?qtXr4^;H?)S|NX<o$X&aP~jN6~kqb$^W?#*byE_
z1OBV^`F@fg&rZ7~;r6empF=zbJ?q{QN`$Uap9+6IJ9>X<o8}qV7kk_?nu*+YqIrW~
zR<Y^Y*MJrRP?;d8i3V&4f4k_%`QN#Ehd&Aq=F9gSAf0kiGKEjOO1+3#MfbWT>PPLy
zq$Gy0>Z?Kl!0}<SeZG*&vm~YRnlYJLBAwWFV%}8WDw}hKQJ0_VN(qn^d-^}W;Joq*
znvm*lZrWDMXE@{|DkO9dru=#B+%L6k%|vOC`<%a#U**Gpsl1Pr!V}WLU#KU#oKg7B
z8k(EACrsBJbBpE`?qnS5^WtApeb*9sw%v{VV5k98fpur&vgDB#@yD|C1np-hhemtV
zyrevSU*Dy&VaraHLx&Do*xL&M7`$wXVS&`x#6<RMjmqVXRd2=5w#-rP*0+B{u@6J-
z!=HJhg_QB!O3AQGv&Lt;@rhzWd!ieTO8c<@DlPjN-$&-r;fbGjhb36zPQ(>``2Wa{
zEYv9lOD<YgT3QP^Beq?;st$)B6%dK$sk-TVA(^V8ly0SS3y<=L7W4bT<^ao64!h1;
z4;Um(CzGQ4)jtyn94#;HV}BBuB$oDHt%{+0=a)!$QKC`Sp{G<&wACXkB~^s1SSZVK
zg#{D4&RbO6_FFKZsyto~xpkQB^RY&E#pE`>U8Gqr@~mB3Gr;owI#E(MDmVr^G(V@^
zlHK~qKK5l#y8aGl?xn{{on*g8aKOh|;>uLRH?PDz*1kSI8hap`)$5~-bKe=Z?b}t3
z964eEO{a%Lg2FCcCmDFU>}e6K69Z*qM)|n`g`qk(UMxNmZ%OlgVz7+otnPt)Q&8?_
zJn_uCuKZNYWX`BrwBqr$OgyreI0gEKsY6n|@?5o8P{Vm;^Q+_sf06R2(g=RTP9>xY
zunq=R*8ytE4bhJW4!V*2Me}&9;UN(=|0|6?=PTOV+iymkFeWK@XX=b3OPpVBOgpiI
zB4T~?y=GD^K%8xc;|ED`ls+o>*@SIFm<E^=DWNMbaxG+)1^6%Z6e!=;_U1ZNKJ4+o
zdpEXh=N103(NRi^N9Qk$lFXlKEPi%=F6Z*XH5vgW=+*q7XJ>jaVg2S~8l=VTqZo#9
zb}4#62HhDKtt=!&*2lWx_yE8Uy$7{v-udbbUDNhF|JZ28<v>!sNW1&L7PEXaeB%5K
z9dpqzV@1#(iZdv!yErPK`aTX|XyWGQ=iNeHY$3@b_BaJ#CX8IgNnfMk`cbnVRXA^v
zB^k5y=a?1#Ky;C`d&y7PrQZmpU|(!^)BjxJZRlP>qsv6fpRb}8>ER&krc4r0Dap2N
z+s8z6SOuW#MnidJG|Xp10CK1-9=T%1NT#0sX5_-yuz9<Zt7$@ftfY(#kyPzd{Q^^R
z4yWJvZcH^P`_U~C<Ete<3H?gZS!_*H=qdfAVYp6kIM0kHy3p~7HA>e<dXe(F|CDug
z3ViS35EyBt0{OZV|NZx$1>~u<SP~DAjxkRe0>C3MH6}7YTNRt0^a%fE(eA-3Q+;YF
zY`uF9cQp&lZ};h&%BO?$8rLs{=JK@Jy+Y1-+C21XN#(Y8>OabY%Kkt38p-^|Z?Y)u
z)-kxG#m2^_3_UOmwPESc(M&LuSu^t7WZs>lzR^4{vM|%JofHr?UNoIllG5#B_O}yz
za1gKLwk3LYkix}*$D+oI1q1^I6q1IC_ajJ~`sYzVVUSF;q_FS<K%osnE~xbzHh7Dg
zsr6E#)(7@0g%8Cea?!7{JEYKk5apxz-w;_2e=R1I_`d47eYI=5cHj}zjL4$;E>G+!
z0-cra`L4up-j!T*RT|)5Yv?h-L!U;hOjIs3T#6hHX*9TOkT*O0QQFmI8uj66d)V+D
zhi0edY#p}fYc^>5MOi(<FNFc|cNw81KR_PI7xf!koRtt!G)#`rWxAJDb$c_q^&On*
z+lYS5al>);8@FsR+Y<Twk7&Xl7Zb9=C|(R*?Kfy3{sKs;J^@$U+-d<RE!ehTtRVv$
zA|YdJ6!e5`1Ip`BFEN>96&)USLk{0&VtM3E<64Ur_lYf|W`O%a{@wMx<@Ob|4ajw{
z<5k3^rHrN%IC32VTP}1NjgY@cHQKrEUuQ$o%$nM5lS7?I7XhMdhK7dtqjS%_xt0N4
zOQNEpfvNe!<)VPuSAG|LHEc<XRze3WQmXUl`4Prsl1CQ&3Tq>juHqf|g{^X<9$7`M
zpwNEwkWv^WbcE_?G*ZH8%>K6}a|om1Es7L_+7`}@X8`6tSP|^eO%VwW+9aki0Kat-
z@SVc6h~Hp>qFc|CTQ55q_r?3xKrI;ZLhM6|a=im0yPUtiCDhQ7RqRbWT!CIlo9J#c
zhj*03xqpn@ET(lPorC++Um1PUsh}$-R~As;R_j-lmiIF;*(dfM?gO{l#L{WvQ<-^M
z$|7$ah<l}$`s>9y^cVXXZ(BXcQ7i1*a+gN|CS2nHI@L@?eSXycQDw+-s412%Sm5fu
zV2cl=_rNnDZjTgCLlH*|OdY^g$jyz`C1hud!zhKlV6cdH2L2t*hsuWI>{~4E`uQQl
zremNjD(1}_d5#Ln1gT(@^QztP3B|z<4JRp&h#Hl#qDyzC{G|QSkGl2#LH<td5PO`>
z7_n$;HGk)WnkCPm+5>Zq&@A4)%DRnW#Ar|mjbOW=C8ZWAa)vUb$CtQdjR4EhZRTrh
zgy-ZfuN=l^$K@0TNnaPaQo&djp&w)w&@vc7SDO#mQ?)-H8+jV`OOeWfuu-`fsK*OQ
zRtah?GrAJ6079;z`8k6mOd%ZV+sgeM10{o5=lE15M5H*Qn*2-?RF|0IoB+i4!hD#W
zd2y8r^)FU#vAiSf#gD6GMpS$zPLYWu8ZpU5@?O>5Xu=f41clWDIh}W%KJL$s2AHiJ
z>2>~pdV7#QHOEt0*nZ90j~KTlWne@0mTt3C$!>A8(gQ@upM!&gJwv@{1rIjL2N-jT
z^9Jh#u|yk!F|P%pbxRn}sVuGrN-`W$=+5f<GGw205jvVsOpv^=Im9?Iswu*|KY8gZ
zp<tkYoK=XOE!p#iXluw?O43m5*fteBA<;<j$4AQZC&y$lj~zHWz+y{R<jimS`ZW|O
zz7jof;DGB>tF!{KW<XMf;fS_di5csb6eo!g>+pBCqW9*BXV0ElxVy{HSO}bX&JLK^
z9LT^9rSxYw4Kq~R+S0jzXq{#__+Ff&!j|CLxs*!kr|WrVNl-|r^@cc&hE{d*CWQ>M
zyzrnUev8k;_LmsE(8J~TXu4z0G@Xdn@ksSsm1<3=u;eo;o!X7fwQGHyycK6XrdjAm
zi|b?75&_=IE}ZKhy~do+PIGprv@`#VVc*D8<^rA_k{3;0&V61;eKnvAojZ<9-<BC;
ziJ@VKQm4-4-RlAzl{%Q9SX)$7^!>kNDF^pyl7ANe6x)AjuAAC|sZd9O#uzm;*#xV5
zpAhw<p%<v<n<iPsWFBvbzY$RnO`Dx&%Hw||AJAs%*-tlErFHxvsl)~`OTxK@41NnA
zelS!(Y1E*d?{})<=7C?VQ{K#m!2l}Jl<bCccmKfkSj96Uo3%C6@(T1K1h))7$~F<_
z`Leuh(ueRBJ%ean?Nt4J(M`Sd$qT4X<Dz)#gJTeTpPdtljGU{I-OnU_yNb~y@%vUG
zo<%9B7Q*K^-%fF9^>lCfpzu(6TP5*{<7fweslrzfrfp&`*ht2;&bdUI{4c(*I($!r
zySFzMq+5Sq78%H%-`a1S?3yFI>$2u6{+j}wzv?IiIrk8}>;!C24GqT#di0vmKQ?gI
z)t);K45X@}@~Ivfw_As_-e@PExeqg+bQ%vhqc0=v58R(?*qyc8Sy_)mW3Vy+>MCEq
ze*JJrxRC2K>V`SRU~h=T(Og*nUbEFVt!&QOVXzQ2;(846Id@$EX}5~nq^ps7sO{Ft
z7Krk1{M^fHUOKTms`o<5!^e@YmwbeAs!#OgVTmEQIHTE2wQtMi;GiuH+W3s7l)r!;
z(v|;cp34%Syh-OI<2xB0yI2}+rht6|^t+Dzewm}-O_Wh*ZLfBjseSx9@WRGZL5{Ji
zLXLYmT2XIjc~^<-_5gPmxB;0a#TTvXef;41C6yFai`-<!MGk6Snst6{3f3jcp;L47
z*Fu5}+14Lhv}!B2#uqRb<{Sy4-WwzvMlcGimsRDAq>ZVX8$}~wW7H}WpZvf0N<SgG
zDfBP>3VC%@CT7rc;#D2snb%n-p6%i&&%bEe(&^~U=liDobK&^Nmo(L}xzF6!f}!~i
z+O2zG{+jB{#9-tBP@j4ISzk}z5P?fJ@dD23ad0|G$C5T>v-S49E`UI&g@D3o_iuG|
z54CFj8kGRnDjZrgzJ3ykTaJJRpF9^Eh5L4kd19LRdPt47`~EGCyq`=wmVB|Fl;0<Q
zmdzy0F9d9m)O?|S`q&MT5mP4mbilUTrxSh;cgd5*e<?N~s>km2{z$(<i^>yX&#|D0
z@)~oU{*{H9XBHvdc^Lp++t)wydT^%pgwb@Z=0<}q{KpGiA7vz5Q;U8$wU>|VFoM>#
zqtk!{XLg<lQ?J7r%Mtt+4I?8X#O20>y(nqi9qfwq{eaS+bXOacK<x_jz6A5(81;5J
zPZ@uI|CpMZn!bY%DOc-A)Klj)(~d*+WFokvKU8)6EMkYc$yD(bglPArglymu_ATcX
z?P94fbQKU6?9wi<r%TZ9V5}rcBg3fTa$G_!>1+ARwuBfi8Uc7`n(vL&4$bP{c3TtV
zT=`zh)_cBCv(_r4wVv26DYv4;o2X%m;_e-X+(eVGtnEao{s})-e=(1}%eu-@cBWfP
zxU=*PrRe}bjD5l4ZU`CAKwoIER-@lKGxvS~Nmdg7W`E>ofB&IK0g0Q-yGB2#Q~kqz
z31Uf-C)p{9d(}5umVUOR;r%4tazUYDwlh8}$d1>xfzLv2@g&s?u|o^}5PAOX_g@ub
zG5`ER*n(HH>O}ix6A6(*_0Zm4wre3{3+tL5F22$!54-ba*w5lLF>A@@*NG<1)4bJQ
zD<nx_j?Y%ceUo4zBT^bF#vn0gq|J*Om*rU=hK9<PO|~Aurn!f6_pH~_iFxwm37C({
z92J`h$C^=Xo_Cggi|cpBtV;1@$?yyHheNcssa;O<e8ycZfmdAk+LRMvkx)m`^)hQX
zG5CD7sys2FE8qAnVd~rk4kAOXpT`Kb?){=mHMPBR^V3VU<guwPx=#BZ$qT-IE>f=$
ztscv$u;Q>5S(D?=a)}%!z`U_42#)jtQa@j?<Tm>mQlOh8aR&SE-4Z>fs92k7@TwLf
z5VdV>QTK2<Y1G$A(G}e&md}0;41A6iTzhIi>_wfI^4;p8xk)Md`yXB&SGnXakuDMK
zc0I&F#ZXH`uBC(LW5CeV#Iru;&P*<kDzE5fM-$!dPle2NX>U5b@=bLUx{~-s96aaV
zFYI`~u<4MF<Y-5oI8@Swhui1Pjd+aQ5)U&P+`ei<*lem#XSqf~tWuAIAgUsl03ef|
zVk-CRuZx^_(mvn_PDD~LOu(6T`f8IMqf<Ct|8T}BG-2rP4U_+5gdqjz%Kr<29tp<U
zWadgw^ajFjW;8GLc-Q^4OMmb`xz-Wqo=?4tRTQ5%guaHowN7Un%P^{vy|gjr*X0CF
z36aPOnP}F?s;<MaIq^PZ0l4G`xrR~oU*nqm3R}eDzNQ6rhgccy0BYf#DFcT(VhA1~
z6%^<CAEvR*dHKBT?LRYAxl;cS#fAYW@{<6K`!P{iX7=}63z)m8`~0P|@6TYwogb3L
z5FYDaJRSn>$9G#g;%w0d*?UM=loJfBibJ9g;t+tf0K7=EKAlYmmy6v<!b2&l#(p>i
zhEbeADwKyD)YPg>xGJEbQNX}+>PLliE|gT0xH;o^)Ts$AvBdCm=FWSc-uJMn%Rsu}
zH7G@==f|49rOP(oAjYUUN;Y5;ZeqFK5;8R&>QwkF%+75v@b|W2SUk=)ede+f-#%zG
zdAs^LhEVWR<*s+{j(&k*4sN40$Lf%NN@`O@+Vr$EK^l|NuK-zDm3Wo4y%K4HNc#C3
z8i5bd;94BYc37C3^AvP2rqL3^#)uLt%#P}hd$mKIWp$rFpJCgvL$$NB^C3qC;6xs1
zcKekAa|}%r3JZ7rk@5bymB*?wI(aUUrvBt5n!tVEbYfqB+GKtVW5d+rV~<O5nBS$D
zpXQ<Wc51f!$F4}Rv<q>OnOM$<jY7X3X7yaPopSAa<d9|FB>F?Ndt~8*zI5$f$1V@s
z@wxy@8=r-{B~{lW@8qWLEL#<jyhn4C#}P=Z8$^u1=h{>KWZw~jYY?%er6u_^E<ddq
zt_Q%%i&b;)pzr<s!q@`FUg!#qKm+)P!~cleK`Vg@W3B%4bMgo%@VI?4Us}E}%+vI;
z<#rHV*4fJ+@D}8G!eNr3_39h*C_Raam9LjAuayr{N7&OIuxc^w4un}@5$PDhfd}z-
z3Acpf5+CSpx3Litxmy5tc&(~<^Pb=)){ln;SGZ>BCfU3-m^V7tskhb%0OR5SA}tn=
zCj(U&qGqssb(8qa$p`Ax;)sEsYh)C(Q?)wYEy-kjY|Qix(Is?WAnOi4XMjqZA4Nb5
zl7d;w6iSFNXZCzKb?BxYfoKYSd9%>|!@owcozqs(P)he@zWHPoO_riRAxLfGo-=FO
zjFFR3m&M1MBR)f4S3a_&@$py%U#5D-WWRG=pjShk2fh)sS{aD^t!&ktEBD9Zp+Z9j
zk^^wXIs!I6WauL=t_|U3C_t6b{=Sp{3Y$aY$!<{?HZqW$_=8?e=KlC#Yos@~@7H2)
znmPcHstq}4^)vN>u8g5jdXUIZ{S`tk>32MVVs~^d;1<Db+`A0BCPqi&qa{T`50SM0
z%J+XVK-nXGx$VkdR=(pDfhFGy@WK&VAKU@AoaBOEF2z30GX?Vo@OEtSrhg{Y0Y=X+
zU=-`4Lg^z7H&+!4FHyXi1Idnviitf^Ja(*Za&nUOk0|ayk&yCV#|OIeCX@t;1!|B2
z->WE0PML9*{n`V1ditgcXS(ulFb_>vOZZs;UAca?t-<(fh+hEoi+RHnqWLkQ^k$KP
z*}pdj#}iAv*2HqeDPCDthRYuqkZRWrYZeF#;^k0Je&7l-`kX+d(+?A%4}@r&;k#`B
zqzJ|?j)3EE?iwNJjMREkWPe!#?iV?6Q~+QQZp$zm3yTuq0}t+|`@8%dmMvif^>!mc
zjw@BEs}9138DN0y0dUg@FfJSYw1j7-r)%M3UA>M`I3Nj0#i`>q>I<d!*QNcp<_JcZ
z-X96!<m7C!I)Qpdh@MT+&poX)l5e_WIZs83_V(<Al?)K9IM;|XND3>SQt_mUN;KF>
zvB!3Ki1xP@E+q334t$Qk%gVR~f{Au^K#`iTBZQjNb2!sS5Ae&!i+(T=K)f0TvI;PO
zM?V_}#6(2w<fsrZqW`Of4)zhR19D@yZ)U|-Cmkzj4`)230@9e7w3;xGs^TRK$+kQK
z!2Ww!oUF?mVwT{4J63*%Zc<dg?f$Wy$H7!aOm{W9&kVKJ5--;OrR&HrLG&Or-vZfa
zR}lj}V7w({4#6DGLCs-aLZiN;>Y}9dz5K|g&6OU%FIYDv(^PZ~MV=O+7n!y~x>z(~
z(qzEwB?!-MA>|cFw19<Up@+v}b)DDpe^Xb+yCs?^mOYc|g0RHP3260HMlA@#w`HKd
z?N4u7qj;6~327-g0`Q>)jG3{3nJ~!Jc{n5n;J{a3<BL~rhBlmkW=rKto!`oxT(l8W
zqTZF8xTwG(fpHeV)WGn!2}wDJgK`j3WMui|c~T%VH-+?G0Dxi~U~rmoRDd0gw3NjH
zlGNj@1*x^Ksn!Qp?3%U=M=gNmt-}Yr6#4F1i311jmzI^)!N`^{K%yWfnJBV|@S2K=
z1hN`16O)ZG{iN*T@<QUDV{eG=a%sbl4h4A0^f$i}hX~M~lrt}OH^Z!6BwJ{4?i^Mr
zy?DgVd=2G#K}Do&`j?9MvUin=U>LN@Uc6O94Y<->Y=H^)Z{j9ZqAd$V;K_ev;-cTY
zd9xS{?u|WhYehq&KT?Gb7;C8)^vlm!^+BB>ST%_F`t@rDxKFK2c|@l9f-RcYFaV_r
z*I%hNY70H?H9H-E>!PpHRowC)o88ZR`+4U;^Q$_*n3)=d@dAxnT<J^7n5Se$+x8kE
z<&*QD^{NOXcT=Ihuc?-(x2Uw;{3t1qyiC_>N+7r*k0q%}cKJUb1h=5r-Gj6tj)Dgs
z7Z>5ii@2%K4(MpszpMTLfc-Z<;w6++QsVT8e{TnRrKrRBR*RaEo#Xi0bU_b0ynk~D
z|5{T9G|oN@oqbqv@cYE|VB~@E-V0+~%r41c2p%3Dy6hs0N@o~WaFPn=Tuxm_>b6?u
zU2HD-@V&10@0CDv>%bgcCB1wX2gI_|OUJ1~(3fxzmm8~Mw}$9{c3S?aiQZHAXbE%r
zA*QAU$<ze>`!wsO@Uw+$gofo3jpbDo=~KX<=HTJ0U67LIKC+lj9CG_yRD=zY^P1OJ
z>vUN|ar{>3x_NYNs}m_fyoxMXZkp|~?h*hFE|^4Vp9)t&=_2QU1<p6$X*^jcH&?e<
zE<y7U=0pfJUurbyg^6pnSIjdWHr`x{s;%Bqp4MMpjM^W0{N_9%ztH8qEPaR%1S>Np
zw(i`TlLG_dBs;I_KudvilEl<IdbMa!K5A#V7F`is=~=>I!V|_f#4CdZ;vOCJkxBrv
z575Dvzd0Ps`|;>(Z3(l{Hz{?qHF}XYK9HorQC9>C3_=X9|52KWY$|$Bm<8i15nVnv
zAwE2%@zU)z1!HDo0OvloJL1YfvKWx_%9Sg10O+Kw;|-7|tk-Y*5Mc1Yt8-n++TP*F
z4K+E7J4mVpSW(ExS;W%Q)@F#UIfi<~^y|uJ`@=h0`W9GUN7)@OT-bf3*z1Nc;4O-n
zg6krc3+ciPKu$fa{el0f3L_E0z-6lRJMekUv!S8)beld$g^PhD%v}H<tnhx^C#KaD
zUHl1_9%<jdon*0wxggdpuu64;!*ptqJ}CyT#0)&f>MeR}V`7pX=!W_BE|Es>#RUa$
zk`3e3!spkR`ILd0tCCin$L>bMRfE7InQS@ayWtjO@12I7eE(t~c6Dex$=Lpnz0pb>
zVZY{!`0TbDrFDXc5<G_q;H-aanOO1>f}{djJtBA^@)_VmfCO;(x!B0H79`*ttR$&U
z-drq>Dd-Ygs$pt<@LGaY2)jbfqCPk;GrKNQI(zksgBWh}62K_7SRH+RsoVuFLwejq
znZ_*VryQ_KYc~jwP=yKvvoea<<+R_t%X*B9If~SzxuPKRH2<f-8RQ9U{9E973PIqe
zx|O!9v6p}wKz<2dv+b%9O(JAmg?C6fnU|~M$Pc9Dc7=@o)G3tOulsTjVB2LpEB3oa
zP&H6w`#bDSNgI59jd(decUnPKLAeXsd5Q@s51e=YgQvK*zE3hK^*3Dd8Updeo{Kkx
z;fi=%U<6U6yzdWA)B@1FvS`S39x}^rw0(=01YkMyOS6|gyMXg>CRKy4;t6yAtM_nL
zVd1OVO_vt(KQ1loElOgnG7elQrgMJTfRTP#Gl-ZF+X-X2RU)T|W-smbuTqKwlMa{O
z*Vdtl#}#H+hu5W~w5Y^<OkE+{(!%g!(3O%!)nf4vN@SdlVkr+xQ0_X|sQ<7b)gV;h
zRo_bpLx73S_v%ZAqet%vBjxtz;P#G&H0JMZM$i{Jd<AX4Oo^_s-k=LT72~Sp2vtLX
zh0BLnOn`H!@K@Pe)tKnrwbYc@0(a^N*6|<7aQsQy+w2_>EJBQMn6+u|qu#}+qklib
zefUG)uaf<V#;Iqs1(F`H;)y2&a`!;2DUJT7WRh$I8lyIF>x~Jb3a_Lts{H$8prd);
zO8O+!TNLKph5>HpJwO<K2%~=YMmOCTNviwnXK<TAf68!Q?>{QL@cYO?IRkn*0Y=yc
zcFZ9jI+Bm`7U>+Jynw_p20Lv4;~C?t&9FxQt;27nIjZCc;W-PqWcJB=!cfnbiz&tQ
zTWOm%Zj453U>9g9TSfK7hs56nS-aF#tF(#}QCl|e%(+Bf0$mY5L<`-=o6PE9mipes
z@C7bNxU=9Nz65}H(5%Woh|0=Fc#9%sB5iHwmP>i~7es%eRpZO|)e5M}vK>wO;FN~F
zAq*8T;j#-;RdFx?QVQrL{}G1Jn5b0<+Me1W5)qN6jGIVh=3L7gusg`qtlb^H5-~rC
zu60&xWE(F41<GAWb_y~20qsA*X|$(i^qXT<j5iH4P8hkvWdqm|nHx9cN&m>~-@f*i
z&^!$m{)0M8^}p%A0YQK%+S9xH9~7j$jYR^RNUrBF;mUa5aUFdJ1-Ic3-05j$&h6gJ
zv1XATV&F(zc&UujtknlSqkXDw4M7o0_#nlfhG1ULQ(uGzdT`C^6}Vl3?0;HUoBtmT
zMaW945kMNTC~2;LtgeZYA&I1N!3u}gfb&F3v#v<NvswH|{ym7;wC*dZL1US)uo!Rh
z6?-uKUKfC#BW1QP8#i|zJjzi)t(x=XZwtl-ykhHZ1@vprl{VP04Zw9Q5Xdt6fsrNd
zEa62gWD8Iny+4!EP6D#N7FS)zTB`~{8(3Yx6zSSUfO;W^&e9AR^?{cBw*F9F8z_+Q
zLR3t)<DP$<%T1c2K}47(7w58o8h~+psX4oo?n)jw;7~f1S}^{lZ*QVYE7UqL?bq8A
z*z}vVhW#JUsbpMJ-Y`BoinwblIrZGSr0%~tDimp`ks&+zCqU5Rx7f*d`{jZ|ldRl@
zAnV=Tc_;*Iz+8S8)~|qx9`W=d&V46@7(DX#8@<+NuiN^MBg3|ZVGf5dt<kMfLvT0x
zi`V~)kMqa@+Ob}!^Um1f?Wo3-A>+_-)D6){Vo%v1A;wrQf?U@bP+RBJWcoPaf$rny
zi|8|dD<>XmN{heynZZ#jMOq~*Pm?e<Rv#wB<h4KeSq1~#e)(Yn<oi#g{|rV%HW63K
zwCKb=E(nO~;(DzAU@_P4+K0BN{K<p(guh%Vk^~`Ij8urX41=<wI>U|trpho$b**}4
zHHK6lWhyT916-=xtY^supXqgFzaC5Jn*+^y8c`@?i*XL7mbE1!$UCC$uZjh)%})H&
zGL8}kLIn|&|6Aic(DFRPYJLERQwgT9s=!bI^Dl*7UU?lpe6<hNWC<RJvf^*EswD=b
zK~|R2kJX5|oWC>qC#hv_6{#Rn_4n0Ni%K~XUcMokbg)?w?b2R85>X|H{m9=7S-UKD
zb%rGcoX$%)#W4b-J(_0XZ!EE_$Ii2mrZ-J|V6o$$LA%X(m#g1aGB{>8mTcjhlBg|w
zcR&)w-dfR6QBH6|F`-*`tY!ZmO?*CNaB~=*5MhL&Nsypgn8ba7{NKfWa|lf4hegGs
zD<ska?P-@9#{RZr5mlT?4guo71z9&`pE%oJH&2@k2yzvD<@vt^9I?zV;u8{03;_nO
z7be%MAb3r+=~c3!hNDlJO$T+7&m7R@61f%%@wswL*uTrO1CPUnq>}!G)MrGJ87wQj
z^`ive^ja}ccO$WE3>4_8YJZS%9X4qgB$1-SYABbN5EFTN2b!T?kpdv{Icl_iwqU0l
z;FEzZ$D9ytk-1EM^n(Ec2rzbH-D>w^Y5$ObUYqCBFys<>z4NT*Tfc3OI)1H=hXNyS
z%JBGyl}gJKR0NQ>8au1M!FZuR^985Jbj|))HNw;tU>R7)rY>U^tdN73llBP_0ug4A
zBVg--`Fp34XfzblA*u}wqtdI-PA^4D=|1J79ssZLdG?hjth@}dYDBYbzCLmW_|J|`
z7Z0bQjuKMHw8<*=a7gnjS-)kBpCxH?dI+|fctzHWwLv$cGNj!k5qk@9vL8|iBb*8t
zq&lX9g%bsXrfRnXmY8)Zjug>vwKh0~uxmZ}-Cc4KrAv(-K8<R=XmTNK+fs5N?Mt=)
z3fwtLHlckGLS8NsU)dyWJY8_2GK`|+ybYJ(eWb@n04Dh{h_jb8B6oMGpE5*99{t0b
zCBrncLmW9hE{=QC=FPFo1rfGqC`<oJDCB8^B00g`@_a4vD;ZX&HB5qtNNK9H0vGXf
zgy(cGV%9C@zQI3>f&6#;0}GCSDwQ#~0SyYtNky_KIRPmVOvrKzar3_f87?S&_CymT
zC{!}T9pSPYau{++H>UuzAEza3>}wee8CwXWE?$3t?HvaQ_@L1C{p;P>wgvPe8fVW(
zq7A+Rc}iTWe9KKqs2Yxs2F~D$tB+cB_~<Q!+j?6FF=s)WsvR2B)TVQU6#u^B#}03+
z5hK7SNCa_PwLbLq&w2GVQ{|{$npqf<HsLu<;N^I*vHMP7{CgROC$-q8yH8sPR9xS?
ziOqcPX-(ccwBCX18SmV_7j5k4<F{|Vv3sVlVLqjxa%WYO*~ONLOW_}l2Qy#)dSz&p
zlG2?#r+axHbHk@d1`H+p)ph^)Kdd4idND#VApqTy4Uie1Vaaa~hd^Wn!Nrijwe~mP
zt;mWAQ`5f>xRTRi*OC4Ce|QsehWDD{L~wgvsdqtI(ct|>2&_26T*_BZK<3W(_V%V;
ziM<v=ZSpe?0#W3`58vQ)|9l4NkvzXKpjuxd)9_k9@ILSL7KNS_3xLmm0h681dQ&q}
z=hLrSv#on_6kr}#b(SX6tyvuz`2*VDmp^EVs|dP7b-y8V1K^3JL$13L(2qL~6P!M%
zU>+;{>vynIJPT&J;MccYM+0V6FQs%CliKj)$Ofz0XetiXO7=Bdc>fp!m1{rF8`rK`
zA`oJTeD|dfnnD^eCxa8AALc8-2=>7wT!%E*Cn|X+rFB0%);w@&H|&!5GaMCwB3L!&
znFY1(&QRdUEiQC|b1ijq_h2PN9=A2||BLM7lsth@vX2QpX!VH3$jv~wF<I9b&h#Zz
zOMQ8AYbV>!2gn>9=KrJYyW^?u-~US~9YRG&iiVk;O+-WX-p9zy7RRiNLIWw4y~;Y~
zk(Gn2wwW!C6dC7OWrgs)-re{8`6S(+$M5%F#PNQ=#x<VL=XG6;9W<$p6B6uUw>O`J
zpC`(jY%LO*UgQW2iyr8@9a>WYVaCZj*rW4`QSIda?B;(q<6H2SPmNdHVq%W{>A9r0
z1`7e5X+JyCR0NzTJ|gDQrArwzKZhLxqs5m{?$FH#!v~HR!SG8xfDGIJ$JuVC;7pT%
z!CHPm2qG!`)Z()nC*5Bq<!!nPa`xLPY%^Zn)7*Tdw{E|DS}w2=ZbT30r_r4509@)l
zIk#IoT7{fX7eqM}n3gnU8@_|bL~s4e8oi)3sPZjQO_J`-P)~M-W(<Yk&i1tphn?PZ
zf3C2>rkNdNXaCb@4Kl##MG8R-zPFL?V>xn3Z%HTzQ0jI=yk~R%pxbt|ki^43y#jK6
zr8#kS?~gDG+l2WsCX>alMcM!WItesS88Y6nHdgrfrZdNx1&5fDc+a+a^Q8#9!cL1-
z&IpRl1|@HWY!zRuFS-D>ta%m77YDYz1hDRrqADBwpUyvgPp)=P>$b&_=0p<SZdoA?
z#_T->0LCDST{Rb2(;Fu#o4IO}j{J74BQufPJzifw{HM2kjCpHPWD`!$t@EbTnP4A!
z$k#4Q*#<Tq&8jU6uBI3+ZQ#v+*(BD;yW1}YpKOtumR>Y}{_Y`9U+vDr33nH6V}E~$
zfSNUSIdOM?smBvEo6j)rFh#C$Su@C*EkM{%3R25nu!Bvc5bSTKSXo(_5{v+&cB0TO
z>#3a_WEH=?>_1<U8`T_cOAxk=0CK-g2?p5hK5!DJmuF;H<vUMtY5$n;jl}c69VAvS
zWS#P5jeq|S<mYB~WhsvYkyEPp=Npy0yZSx@=HO)T#iC5I|F+Om7`)Zx<xQ95?}b~b
z4v>!%wrRw{P|a>&<fje|o>z2Vmz|nm`+YTh(BL0UW#t=bHkkoh&MjmpODOT`giV8y
zi!hq)EvA0X>um>v(;WH1V4=Pe2U{?WUIfAM`-WT8Xg&9A{*0eSMW6^gSRasfPS8uT
z)avctzUNn^z$Q~|I?iuIz;%^FJAgl&<{;h_xe)+J9HI7(?*Sr&%0df4q&QL+18@_#
zD!!NtZ2#=Y??;+WIuMjay)lB8{nOF(JyanlnMED#pmi&cx4?wp@2f&FoCPNE;1?Uq
z-#-Ug@-^5AbVg<-_)lQ+oPZ1{g)za4Y3>Ee8F*Xn80=yB*aX=>{pQc_?QNZogx`Tn
zwL>8eN`#B~(0Bu&aPnXlV89<<p!WzE9Ag6}x<9OL4gX&^{QM!Gw3W+YN%qgLt@`#A
zUy53V0S*>up-#4<i!X0`yc>QX|J(Wd&zEmlX?fEOv0BGTt*O@$zW`B%H7I=rd^f*=
zoDv+`j0aJ*f4bX0$ll|vvZXS}qK(U(F)YGRi9Ck4Z95({yYmlE{`2p%3X_>Cx`Vt&
z)NjFY(a%=b$S4joJwO20WD8E8JuQ~Wq-(PYz6mx@Lhw(|pv6s_r)&dbhSA@(%x)S2
zwfm3{{bA0U>E~%3#ap)>7fufi`s4E>7MP3!=R0pdOBM&}Ua#t?uIVQ*B6<*Sx3}$t
zYvy*Tu-`0`93(@{jiN?7&i!XO|Kmkbj{-oiwEqOou*jwt3^1>Z41t^<jBp$14@3RX
zY>h~e1jf|l=i!|aLH*k*Z3)yt+@y2AI8sbC?hnKP$n3eznYL~E4S8f`nEtdfPmiT&
zjC5eNonVkjspq5-a!AtC)6Y)cHv~zS)OcD{uF^wpJ?Ob7A8XiVYrW}e{{3Qsc4QFb
z6_&e?e&9&HauF~^Om#I}124|BUTFQgI8!5J{SKhmmjP!sugU$rtO>Dn43vL}g(wt%
zb>Z4(_P4r@BdC48lns=Y^e5Bv=oJHDWc2>=+1fvR^53t_+D8tW!AnpX>rve>0JFsG
z{EjO<z`>F3g}Lj~WbqJY4_DSeY2+mIB`<1MlWKyRM9+52Z<b@}ESSY>5?YP>HZ3vj
zn{B^X0K|7W!9+3$PlXoA_sfL$`=J9>R>#JN(v=>*+vZnG_ovPH@Atk1$-xnDgzN9j
z4Wljc5HiTe!l-fUhQF(*2#+JLa^l8s=MTQ5GYM2g3(-G40mCs_++OS{y}IJr2M3JO
zen*9sy#(gnu?L2(Er%BlZur3eoYKFZ<R<$djjiW++e;YUMzw!~HH>tDxN9U{;pLe>
znB)Zdo3Kluztn?qqkRymBaR)@2*FnKA?DJM%}@JZj|GkySfw(!<#_ZZn14|P1-vWu
z&V@9;S{)5J_~ZK{w>3F$^6*>8Zc&^e-XF)*pD=q~NqG^*wG6B+jUMj9V{+hJ8^WQ<
z1$|e(6gygIpQa7dzny1TmY$E~(9*(1A%v<B@+$)<?VN<sm}N;aejm6p6P{L2`)aL>
z(%6dHcf5HO!4luGd;;u%F5{u2|7ZbzdF0^?a2)*|wtc^R@9&qEJG2K`El_^(xniME
zI5Ztx2(1lb`7cDV^F07Np}Ke=_<t=LtNFrY*+(O&@;RcF;NC3Z2})oj&-%vF2?Abc
zh-N$&Ln9<cVjeV_EyhD_&*ZB%h0`4BNeTDen6_^?0dIDJr<F);6#eg6{O4Z~hej$!
zH$sGH2$8f?!y{fKn$9sU%TM%ZyP%h@M4tn#k5e0^y-i~GZa6F(z3*^RjqLglOVG%c
zz&4*tJQFKqJu%;HRwjud4iB7(>i-7nxm<wZAq2CLf*xK@pkd8tw$oEStsah*ghEb7
zh!+f5?$2*HdVvS`ffcdrfWeZRHuViN*;@}J0FU=ucKc~Jh>yVw81jHNa-fIFCh&i)
z?l4;*3>EzV!{_5#!{}P2hr)#S8i|%M_yWZ@3Fd=F)v_jFt0xqqSo;_u;{qT@sBoK$
zY=z=k8y}S&8!y#mCAhO{7m8RmJ)|5f1Nq#^A+TsYFh%vJLG~EenhlBunz{@Wt428G
z3{(BT0%9a@IV39@{%_B%;ri3yfdwjpwQh%%wSu+gd&anA-ojroArvp+ZW9ul-IvB7
zKUXbb-@)ksG%Spa2M6B@vDE&!QJ4W^kF-^PG>Qh3)yf!tKtw3mm}|pRvqEcF=)QOU
zw$C5#VJxjibR#rth*>i!v44m}!1f(k7Vvl6&;m&Ig`1n3(=cc!-8anE;VKJTOZ(@X
zZQedPR<G?-m9uKhFz2<;8yajoLTmuG<x_twm2o&vD}-x^+|jNaFpxfIrZEYF?M{*l
zLK}z}i!gv83}79GA`;^%vzW7F#h0L4jxo59BI)D);@X}CmEV*ey|&u2@y#+3^Y-9m
z-=-)7vPwnPp5yMoo|Rr|XNO!s7;iPwdfHrg^VR-mchVFGKR6VW?AphE<6QfCzJ7t}
z?Q<;zi?!87vv@(v5U9wlz0JVyj2dOR_We`26!wI36;M4EEJD@GL>?(())V<B*Jhi<
zJdu$?V~=CIx5Zsuo-2gHy5NN&nDkk)WA_283l5-w(}TpKm61p#W%VZVMEKix8y-nc
z4F$V(!Kw5Qw#4d50N#?=KnasovAm|0;vGNDcmB#3SkdwOvEge}|9aE{<UA=%Ko<l<
zveQ~yVdPeEBAB4wLTuWrj;o<yEqY<hhC}GV%Zgeg`%iGK4dFovS9cf8rM#s%^}Pmi
z*avgoy;VU|Wj_`_`sZ)6DPD$36hggFm3@0gIHd0<>OT{6eSpyY02EaH0JFs9v=T^&
z=RSbs5utZ`s~mQP7c4c$3Ud@sz*KEQVT%%2mnLEdcHe==5Opp<D-$bg#jdj(LXXQj
za1$dg7YT0I`M(0tc`}qWlH$N0w8h^_OiFSVvF~t23xUww5no%tq3+TT!x(%aqEtol
zQ;%BJe-G2PZvU21^HAUP(&200E$l8|-?95Clzxp6twzDSz&MLSKY?M$SRGqVtvDKF
z3EX=-K5!2BTHzDfHMXX^j`>Du*L=ffCS6|1ksC*Q5v(C$X%bk3>udyAi$Z}zFZA#|
zH>@F0bpGz4Qji+r7J<Jb$)}VNJmaDN(FX)#04)bj7kH07U5>^Xz)nE6b-(pHGCMg#
zzI<&Lc*tZ6v^i8gI6-dcRXVwC+s0T7yB}<;z2+;04J-Kb#$J}I0Z4;i7GNnbR}BA&
zI8ymyVd+btwSIZ#Nm52RS*($o*vu~Lk($7Z`!*cRf3C?-hiIiac$+652lN`}$=gAJ
zzPw^NaAqu0<;hRN3?pT!xmJaJNqPbkne_Bsl|vCydk-Du*l$wlU6_dJGPH;%!hCNT
z_!%bA0zXku@HvmoL%mZU46Hhci9^{T!3-U7E?Xs5s1)!huY%X$v+R2z@XI@MYp+CM
z!=AGDS(-=T!O>$?X8x-p4em=Y0(KIxXzFlx5KHzV4LrWMF>PFjH(ZF<Jl^EF*@gwu
zQJf*&{|Q<?Lk!_$e>qI~<-*xeY(94Xd?-YJ1*TPqmrKPacz(E)@BSpniI|&J(+>#)
zy6mL_wZsd|(+-*IK*Jl}J974^HAA)z_P&J)rbT*XqG;cT0pLe-;p$m5ltSiadTq&?
z$K;u-yyb9*Jj~gPMPGh<oJlm(`4RCDu>j(W^5!^Gg3oAT7j*cI(MAIj;|`q$^<WbB
zTLAtq@#th}s7?Czc>Z`@39GdLoSK!-AxRfVl^GA5C&;hNlcN8>mP7>wO9CJWW|903
zI5s>#nvUO8n(iHVHTFWo-G6WZf2~ZQ^f8=MpJ>HQ9c4XUhh4I2=OOPJ7!7`J?DGX)
zeemnJ<_IIC`->;wh8!oGfyDn36k^H(MSC!N_aqNM(DJ0wVR=+7@@4&+Jv9{Rh+rPf
z5g{$6p>(7^aPke_bMk-}{-ghT71xz<T?pd|GRfvx%1pf5h{q}%g-4Gb?f>A21m{49
z7$$`TVNuL}4--cnA8|Bn1hwV1!=Xsnzxk-k9iqS4eOy~zV~tc$eFE}7$gr$Y4n!Mo
zuqSzdSp2V~53I@a8kg!-8yIRDPD=Xz`mlcwU|vp8xt7mkW5XkL{R(OX%ac}3?8<Wh
z(NCBZ0q%Rb9}{Q*X?R!O@f5^J+KzNCk7p*UBnovhwVM&|OSlf!v?{xgG`d+B70}5e
z67Hd?F2uS5z?Aw0(nA)Z^Wg{ROP#YN^<E`vm<Pg$sq%nqeVA4JT;}VGeQ&9wEPN6d
zVK1qx@&!diH+q<123UxtFN%Wdn~ppuEm`b1SP!X$4Iw0%TLvy_^TPdYD0~dfA^7Ao
zFTeN_wKxmUU<46L?&<40EE4yZ&=BK#01CgE$Ru2J7jTQq1PT}YI6D$Y3Jag<#~@A@
zfiw`=qhl{nNk+H!9>16`3u$x(Otw{M;B*zgy6l16m;T9-g`Z3Yf|r43-q}}VdzW%A
zx8nFiveGqI3!y~T&MyGN%3>6%*4I`%Ki}f`02g!;VsXz}bfN;>A8>tsCtfolc?4AG
zP&+L`J#C?}bNTUxS&cEoHm15I`LFpnfW3e8+WP-J2DwOKm9A_9#8e&#gY`h!6t*E2
z{`CeeC~OU0v1v}Y1m^P&0@hKB4{niK9(ytgUeSYvV*W{YRzJN)v~n;NhiaS^F@-Vj
zT*SdkP{>75HA(a3c*RcN0Lv%m!c8L8Yh?(+Z?KU=Qqz@|#OCn=WHhpjhL8~yZFC2J
z1w`?XkyUHT=`IL@t-NH~8(>kU5o-|>^a!8SQS$BP(Fj*rR4GIXFTg-O!hXHZ_R0z$
zogFm>O0AK)Jjj6>Iu?o?((lTy_4qDMu^d=~E+9`4c~C<<r7u?7&a`jw#PqRk|IHU!
z18T1E0;XGis&eAsrle!odMgBHU!K(WZ#K+7*C?=(O~A27zz@h6OSKGymRVn23?*Ot
z+;j~<z>LCC@c%jb1*IU*FouY4613r%#PxU4{D)m`u6|xcIG3Ayjyf((^z!|{gG0&D
zd=f%g`R=qul|lL!`YgZ6lJ0)STRPR(RwqjPoGE#cMo`93KYAnwFsHV*37C!IZqaz1
zT9WhAyjIm9gd2%b)t`eGY#L*rQ`<EkJ9^AQhXi9mUxwZrVqqKO$7?HjnDMsb?7<@*
z^}EG-tfSF3XK&NpYRFh39c=T(N6-n(DQ!I$JG=-*xMhxzm!uNBfy0}G&T((PIbQ`w
z?+NA0p|3Ot7awS=U9dMHPc^$budB__41tybWMcgy{rPCAZi2`?cOLBSrve++bP!Uk
zx8obrxu1J6jFT(oi$#Kavu~{o5-`=4Us+upP}tIPe$lZVPuIY-Qy)Gd`UhI_uit+x
zCqPT@!j0O;U91mHlC$n`Yk(DM>4gg0z3$IG)rT4b8#&}8ls-*b9D;D(-6A_%HwUzN
z^H1}Rjv@J^%k!lS893G%5y9_?pld5du35eG$!<_^y+#uB;@WLA(&ofR;}6&Prp>u-
z_%sT>em3(Mf7v&kFN!D{%fQWeLKmmDwZg6wN~N{S&J^TVulX|E2-7u`(HrQ2VCgy~
z>9`S5Nz&>KtryirU5I0yAZ^;ipvlk-I?E659`VMH*=Rpam=fl4tVF;x$mUrtzhU$2
zu?Q_cj3KCs;<B!KLqVs!JF}!m)_9L?Nd{165Z~<HEo}XcjzLl_4XOu;`DPgU2t6WS
zF3BXBV<Q6`$pTPbk-|g4&G$VpKrW3h)^tWo{qV<UZchM0ZbUc-faToO=Q>G$6SsPh
zZJBKT<-aWk>Shf%6i4WpqUP(;d3F{mF2WdHwQgP@Y}uEmLyp@^Foo$mjvtCIrM^VW
zY6bM$*k^>Mk?z2wIub!8EZDsSseB$plKGZ)N782qFg~n)zwW4V@bk~QV2*Qv$(i!{
zfqKK0)(z?@BmuYU^j}}?hRXUq%(B-i6Jd6{=PM>#gB-oQ{%y><wUN$gOE2QjdseMC
z3b*ut(uzs+2S|Mhs}bf`;V1)%R)&kNUK(M}(MXl=7*GFfaA^jvNz;c?CuZTB%uahD
z>LYe=5f8$A4QD_A!!G3J$KgM^Bh0p+oFqRTqYB1u7BY{rXj9*}n3v&tad#xI0;<FL
zsr@s!%VLO~1&S+ASvE`0Hs0vITbdG7iS#8Jn^Zrw^rH7gj=90fu5TaA(8f<QH&~fK
z9ZK3}l@iXOKY;hA0u9hYRs6bRw_e`ETM_RZFbdIN&)m4x|Gj1!xb1U(aOj!i@g_T9
zU5uu@UL%w*Km})Z2SaB54r2WMMysH4DnfMGTyFqu?E%J{P<lTP{0=_iDzP;)c^kDj
z>j*9CAvtuRX-9xHH?b<0kEgo#xB+_V+zXC$07_a9yUAeoO2g%=m(+Yk2#8%$up|~E
zxLH;Xm$}bNdVK?!@NVfTsA^SV#Lk#4Gn(LTBKE3MgBXN$j#;}sQqY`_vh?jtS7u<A
z_IB+cD84NGwu5Gee^qy<p=PQ~ur-Eyxx#mu!*eKH>;qIE*@AMn5R6Yu7x-M9@o*g_
zf3bx7h!xS5Q#{MTh;XDul5_&d>C<*5yPpB~Z(Mz?isa2y(Dwz5vg)fs$y(niotuVR
zn+<9W)~UG+i0je_GJ_V^ra3sjZudNn^eOc4)TzwdbX<Gezm#;F7FA3?mnv4N#O3b~
zqoarjO^(iw^>*J#+`ln{Yc|{c^<wF!C?t|*``G<h8tT2;|Asez!_~m}X%!0re=e#F
zwQyqTC_iSx4=}k&kf&4lRY5-uQM*>w#ke3#R3y2w<$!DbZU`%Fkf5^)Oed0@;a;+<
z#FzsJcn6y<p#lUn9kq67o!Pae;|g*rY$wTUBg8*bEIz>{$X_!3k5zX%Pe65+2$(`I
zIrT13CbVA6O!PE*k^czQ$wkYEwambKWLu^`(#%vMKe7r-?^RxtuEZu1+<D|-of{%(
zG^pVl_%T#f5HJDR0E5^1=kO?&=^WDNE{+6R&r0hV5bWM?;%k%0nw2(+Zr5SqQI#i%
zVH~fEK=GV*x3a&h!E4WV54iH9u(HEh4rc>xgMZB7tNj2jRGvg4A3(BfW4}Wuwj!`H
z{TL11nx%=N7SAD~QLMPzMT6J6>#rW8hrY6>Q6mgkSb0puSBRjPU9zaANpbqLcnH@$
z-*IK0F)?Eix1M}R)>U}O=zz(9vHB26_-wKuN{eJbUO#zx&MQ~dH`HJwSbmdLPCTle
z?AOrfuj{IKZwp#Td;42~O<Vof4V2r;@Qj$9W76~9tT4#Y$Qc5I{3reTW>>%9<rk(1
zeVDX69rv^vc)ov!>S;rer76T~QslsZ8ViE>^s^yq5=7oFjy`4`RiJ?m^tLU{9ed(W
zUb?>uBR}0q&ml(27f!7Xp=Kclp}*RHpZT-^=+%w=aLwZ=?Us~TRy#hqL3yx60S{H?
z)YbDW7@ZyxQh!zj(Q0aUN3c#He}VJ!B^$rdL@yzgCejUY*Fm}N-GcPTM*&0%4$;zZ
z0U!j+D0$qn|8fH_AM3<JDrktu*d-#^gMJDjPlj{;J<05hWdkmcT-Us6=ZZ;DQg?w_
z$LdGG%t3yp%$J3oDQu2{esf*Ri_?dVUVr?e*&RXl%JNlMA(E#z<jbyoe?n690nZll
zN^6TTLF9V+q))BIx}T(N=V`qzR5WoEcoj+#9**D4^y!@}beLvP7nU9nvA4RE3>lmS
z*kAt;zDnYj6$r6{Um<|R6VJW`MC9^v2MJWzg{D=$!Bx4=Pry`A`KiKYS7~k7Fgb37
zgw%>E++c)}?M|uL1(X1mV;PWdf`<ZPNfBNK(!t`2Tlw+bNEwiNN0&N;pO&Y#KC20Q
zTEF3wf5j)d(k?{drXq+7(9&k`hBX}>VzelqBiXYkyax`0z=_NP=5iq^9SEHS?b~RK
z^*(W7DCeTDeau_>UVnR+dUII{S%hhiDuErOLrXXdI;AlB1GD?7cO36L%g>mg(|y_>
zr$)-I&mi+gaI=ufZ0+=F_s4a?s3PCvmKc`KXYaGY!}4wMhJG%#AsoeOrZl$PoCm08
zmZgNa1+IX2G?<C=NA|3MR{F95dBN6TI{LH|T4{>%ug|_V>b^hnrTP>^L=NCNP|QcQ
zYRUocNYxmGGFWuaZ0O-@6qKh|c523G1=?a#o%)}-jqzf<bmcnC0B>?9aIL1VXcJKf
zs5tDIf*AoZI8<7Br2`{mguR|QWoun>q{$3sFzs&V!AOMb+%qXj=#rUj6t34>0xDu+
zz;7Cp7_gddX^PcK&z;&q+6XgQAUq}8rVZQ@sDgkf*h~q~?!Fgw8F2JposR~d1W?>Q
z6IyNclCETwi#^loZ*<+SyEw?8K`{;&bhiT1@ns?{N=@m2Js74g_y{TzSAu8VE)FE-
z$c2O|quJY~YW@*c7>%PF*6Nlk09$H<>Kb1hG|V%0sp`yszHBcRhX1%!pM+9-4nt7g
z#0tH?ex@R9@4VG=*g*SPE{I3+pV+}~KhOky%mji*PbODeW|URRTcLWFkbF<nqHepk
zm!^ND@Uz|IQqUI(pq2jBTg3rESD;9bqAGo84^@w~{UBXl8ef#@P92vwP!91dAVul4
zKE`$~TGD}7`>6I^gk>ibFRuWktq`vzU`V(Wm50PDCp4A;vcg}b)N}Q>ZBB^&6xSsQ
zQC1nirFC>Y9pzY!)I&2^lGb8m5ZVQqLhT31t9*QvE>OvJLH)kM9~L|!phiuq{tEqw
z4nr%9I6Qak7DKa6%n$G_UMmLqCK6?`D4CrV9rmvNW$y<u1wL7pc4=DYwa~V;TG1xt
zR-G0)Yz~-49S#EAuTb9X!g<3zSZ#-=qgxv`Zu&I@CfUI6{cU%H$ZmPO?NI#)e!e0C
z(fH9mdb#;*{B6+Xk(Q$GXkX~q*1<v^&+B+{o@ND}HOjQbI2Az<2`3P|6{4XCi6r?O
z#2)=jH5MtDe6Ct6L!No$p`^7vbGErxJ)pk5k!%VVot0@+bSSiEzeQh5Hp@_nZB-`b
zXS!P3C|h(f3ERYwnch>Pakv6Oq_79)ZoVAqG!!{;?X(cRhd%2h1gRHnZaSLjt%yLA
z65J#w?NS4Obq@s72N&>o+3Y(P(_rJ$&GYfPzVmQ4V)DbSlxyY5k5y?gsAAN2>j_Y0
zJIusbMqKc8-%n+q3~{xnbN{neag@`}vI6sqkP01j=Fze>ajAudOYb2^#@{4yRkDmH
zbS_<K66r={Bf`05kdJm->jdiglS^eRR}2s(<ArV2LJH|FcG@cCZt;-rN7x>|^5Og5
zcc9tTua_mV80gBhx4(H%gvdh0fwQFiu*cT_Uvh}R{(TxTP~T)@v5&&DK*h=v^@Que
zqh2iy`_C_K<wqs!qx8-axv_lFs0-QK((&Cs>8`y{V)#jNiJS!Cg~#b42<|J&=wh^S
zjXaooW+_j{#_?*<O=h_2<2u+{NMu>gH$X@AMk`ajNn!SuKA?~|@P~bvu&_=;oj@H7
zm2QB@J*}N}AfFD|uREi&$amynuJz+d2R>BEmot|tkXB|r8FX4dz&6(h-7{ikOq$nw
zmv5;HSvqcL50=vY$T>(Ti?Bzt^Z}uPh|!O?KKt@a@@(wnm7KuN@wUTCI+>~%Z{4Nq
z;ma$$W&NM)?%z||dcH}l%Li+omcL?tmN*g*5gl6?vx$25b;<T+66D{mr)>&;By+u&
zv?VTUM-v(!ol-v^#<*uW_w9su?#9IU3<x6L`uu^FJVV>cux-wICt=tW?}1(6(#?M0
zw_M;%og)l<wgl#1Z-*8y^k|Tc!K*JTqxW|53dSCQ{1ZX$QgxwApg2Q_j+l}^g-}}z
z%J>u@$QA^Sk_7yYY`>K19|Zo@0-o0N{A(!hbJ;*)fg*BV-lgi>J04Mh4RL2JF$cqj
zhx2kjjz@E9)~)J(k|VGCG2d&O+zTw`B%nWGOnTZHs(Pr$$F(8U7j#k(g*KJp_-yHt
zmYpmf8jYVYvPT%7{(!XcXny-&R9?B?G$eZ`F^?N>wVeXFwV1P)0;cC6xYZY2*4>5K
zkVN(@9P*nGM4;d(n<ap6>zfUC57H?6Zp*ez!|V9YLl{v$bJ-^QAF?AG+|P5ap4@MT
z9ahn`Qy{9c?g`63i+P!F@{(2~mt91h1Fj=guRB2YSe)Xbp3~xueQFfO{ET+GioLQ0
zib;}sYY|Xm;8phg>Iz<N5qj;=xhI3((HgoFgwk_q9TWbMd;Ql)f#Suv_MPwl(E`x3
zCNM?cB;T|_DJefihlDfT3_=Lm1i8Ua%7nQY|J4LkvWv&VtJjtr+S=O{ESlI=<6@HV
zxicA$-v7IJb_-eTp4REi>!<mGxgkRxP7BfIyucz>rA7O-a<<vs9|5t^`Y&NQ23Aj*
zq*Gr-^p%h~_61KI(Oq9#t*?9ZUXn2GMM4cOl}#V!*V1o<+l-KQ^`bdnI%09axLFkV
zFMWybf)Fn2bj{l+j!?3PwXK<C_e||D-TCN@$T1{3KGc(?<_{^q5V;}57n72^ZA3cK
z%eiOvQ<eBirA=am&B6UXIrLF6krH|upI;QX;175aZ!U9Ygk`a-qZWsD5G69g3yOqs
zG0NvjaoC4XhYWyRZ$YFCI0-D}6ZycmkEZB#^Nd6sMf?rg{1j?!{Jj*(kGfQTePty!
z`lwqZ)uEn;d^f#{4pul{a@bb{L)7tFTUHKK3Qo&Zjo-h3Z)WlDY4g+mGzo^^I>rH~
zoVni{cvh89@9ji<=j<xL^3)GZwWZ(LeMnk-&S*yXZ1)Aoz2&FROI|~r@(VO3*T*37
z^jN+H=3(b(O!F$RpRWmJPd03I-~=5IXo+|j4Y<M3f~Q-ONBA>Y7~b&3*{VBBvz}at
zzPO`l+&o%^&>;f?to|l5!cC6ISbl1esDDj4D+B7Tz){~FpIK*$Qf1e!9n`ZSORAkj
zz=0`<y>ZdNW?`g2yU_38Tazl;i+zGl8;mY{OlAyR@-F7{TVEjf!lAS=ei>HHR4oj#
z4=^Oki!VuAvS#As9kXE)L<``;Ob3LDYAfv)P*GS*3s6_q$y?Wc>7>_6ZB=Ab4b}is
zqUk1@rV8W_ic7xpKx;nBzp<uOb`Ik-r^F@|Jb5`ADoHpT07B?!;u1J0?f-+)_H`jN
z=`E`m9V!6u;sxEYCY5o6rIz=K-5EiVYqJ&Lyz}qa+bE6Z)K!=+jSc{W%Ah!>RNKg4
z>Rn5yXxpaP>9z>3*x;&)JvsrsLu~Ib@O!e2niC-1@dS5xqe|L+L<NfN8-z|s*)%eG
z5#Rv4^&0Sb9qe?Sexle9`d5~_f6U?1&bUDyMnBiJD(=7fW46VRTGe*M07t!H$7nAE
zxU!FuZ}=V(uh1zXkPherU7+f@6hfZ(=TwjR{Wz~6Jl8B>JQphd)>iLVl=VEYISu_w
zCc^5s{nYvo_lobI@6_+m@0P^GC}+&AOn^`}RBybyAeoEe;X^H2l|Y<1sF`BrU6-qT
zkIX}tfDf^@NwF51m=8Ju{Jq&G<(GS&+phwQ5+iSi3d+8otRI&n>5%al0C`y{fCm&l
zi3N9e2o?kBsTtb+RhL50P6T?X-7FoDt7T0h!^!y0Q8=9+;tCt5dHEcWA|y)InXs?3
z^qA`J1vcZbn-3;{$}?$>KZfPCJ;+w`qaIhQNlg~x<jm`&Y;9^+wapD{P5il}dq7Rz
zs*Kvt!x<Z^6@9_KW+6K#|MF;zQtcRoEj(C@PD3p=(}LMyC{sqqNE)DSlI8)YZLLZt
zA*tYQN(w)coeKIoNU(~*Qr*DJ&fVpS+H>?=&(@s>X?+b@&e6NhEBRLs22slUcdts5
zUtFbsE6ufi|3>Yl7AL4>gJY;RGE)fl>|-WJ5QNGF;`6zb%*k`a`{kCesS&xDpP5;k
zU3Y#W^tyKA3%d~ASm_@YyGbeici0q}OipJ`f;PN8e4Ibh<+Ox4LHigl<L7Dj5C*~Y
zkng9F7>=|G*=4Lpb5iHLn*W&afH}%%NowfQk|JTD(v4j$Ax4K**Mbi-rR@qTtpUFR
zq)lkP<tGs099T%g@7PiC^=02(#c3DBMm8ir(xg>K@09WwGY1yvj(9HFb=yRYp21C3
zHl<*$C!I)0g}?8cK7^f0K?PldvZ;LS)asLWfmsoMEk$L22(@qL&v*;1ZmH{ekSACd
zJWrxU5neWJCx+b^(HyGA2(T5$HFtv=%jTI{M`y?32WZetb<DDL9rT#|uF#3HB${Yk
zx)O|AWzn?^Pj8MR+F*A^E+bf7{*VpMgL+)@TV19Q3DBRqzS+B(KHL=0Vd*Qb$?g=)
zn4_x7Ae|$es%o=sMlhbzh>=-9?L&g4qhumZ+}&U%(-6&6_A#c-g5htu0c5cd0lKQ&
zCyBWvK_8Qjx!_ws!Wjb;jz~5NNLN?KZoMNW{EyTyl0b%7j9M9g0BxF(7O!cdt8L2s
zy$~`TERB%d!98pUJ)F{BedDim{Ul!j%>n9yZ13%G=*)hI*qAA=iDh(!tXzhxF~mlX
zn@{f`reO1Z-YZ$~V^VTWtMJBWRxm9xi#PUHe+prqfUwhRaYx5ws~K@l>{8n?MBpPd
znL@t~GQ~yL*NW**C!IcY%#B)vve<y95h8Dzn^DA2%<o(*UW0JT5#WnElF2Z!qZdwA
z%*>VZV3oV71V7OiJxiH-opAXb7t=Wi>Xkn?%SuH&Y`lK@0!BwyLqb>tW-wLEcNr_>
zAYvlDRQX^k1@el3<^&00g*O8CCV6PFa>e>6Tq$6}bBoY0yDnJd`lz<+1VmRKgIQ@L
z$5N=`31u$Hlosbu0X*A(Ksj7U*R76Jk%4Pj^*Id3sQH+&%mw%cgkmVpsw1NER+QO#
z<DKzb0~tPtH(0zko{;qQsx|J|;3bhCVJ+M4QEw#nZT>iQupm;~1m#KYW?SAzv(23x
z2e6F4<M`~@le?la<%a4SdW_oY)a(ypjnChm{DTDT=iMaNAAH)tCmdW}sb%+$WE!3I
z4v1~lt#8evmB}kQxcJ{w#{t~sWeKFlTWXj)uU(^E!1aB6nsuy+1cyK*xbO#IO44(}
z4rSpZ0<r;y4`I3x&tO<Y=^sN+iF?L6TVDw`i`N4^pwfPQ|8)_B$Pv&EKqQScm=Yb1
z*NTb9A<(w~&Rq4T&g>FETayUg02R^(0IQpfo+W=VaCMPz<JHZQNXf)gpkC2rSON)D
z9_+E3g7*P)pz;2a7pldw$kp}^`b67_3&P$`(JVO?JYOc_0<48ru(W9rRSW8goM6ii
zxMBR?7+L6IY7o>%C?3U2n(kuaqRJ+HUFdV6S!tZna|Ue{C093An`5LD`q`6CG0+hg
zx<RHi{%Rq5s%ZR!4}j>F5xoUwvhB8pX*1bnkAqT)uOz&t`dba4*}BM88*h55EZ>5h
zCs{$*ThHvJ5Plh&M0G(<P2)B3m^?=q6KSyP*KJ4TLRv}YH`eR+yAWW(e=Ff&*X~6K
zVS+vNQdJ1z-BH)(ZD(Z2h2UyFUmwDS{+gfu1rYpgBYgDaXb$QqPQq>Vs7;63Wn24v
zqG)Emdu`kF8whi+A#}fAWNLNCC5_YXz(iLJ_5z+!H?R)yz$9eZZUy6uGpG<Oj};WE
zp+ny&p60@Q@dJ~oFvRK6i$M94+BSMxDO%_gM==aK8U={L<ol;kTSg-b6^X3&^tHKe
zkeXP7+$f)GE`2Z)@BNBo%IGu&8ZA$>FvJ9h-50Gm8|=~tbAw_F@%L?B@%LgN&l1+o
zR4KT>ivc1aq-}{4Aj_h_Ei$~*UTgrP$x&gP`elAl9TTZL+G$X$KrRk+^r$4-Cfzts
zG`FUZTQ5Z;RUxqmWkU)~Bc8%;aT7{sO{;51Z6jT|jY%ZBD<#u_P{O@|rxG-r^zBP0
zqR+@j#r1)DWaQM)TxP`Gx~y7<PhfqE;L-W&^X+`lekkXiWtpU}piJ>Zi_w2u@S5&i
zt($(n!pC&r(MJ8;5s(uOzu2g5-E^J*ku?4NAFMQ}iJroGYOp0InkGOzd$;$K+9&n`
z%5*ZvHR|Yl@LCyN7c%ICba$RApbM#ls56S`NJGOl09yENFy%!^e^ZqDbYowCJxhCg
zyJ{khWiT)Fj@;VK*1<zw-H|s7**Ya<;LG^$&}3=I5rj4LE}Gh|dZ!iq6;)@ay7J;N
z5Woa~{-y*vtaivO1|^Hnp`O2rv-M=*3EodXs4R+$(O04TChftSy)U!w(|e_@s_1P-
zdKP-*s!tx~&mQ*wQOFwgbo$rR7<mMY8CQ@M<L{^Xf3L>3$2B*0?K2U>=jsvg5Fd}d
z=W~r#0lfA7fs=N$MrUg|F^_c?@d+o$`TQWy1kk6U%|^rpvmQpLr5m7Civu?3B}TC0
zE*|B}b{6BP6M8x?N5BqhEbb@4wi}zws8~X3)CqczfV9_dNIb(Y3g3}-H1eCsb$6wl
zz7A=Xg<;0{--0>AL!nzYJ};nh+kSn`4VUhZ|1mN8Q!WD`csG;>#?K|`<>)mv1G>oI
z*r*bt!R!b{CI%c8FifZ$6WBOzo+@dQP5J^bd6cI{)*J$nB=X%A|9ms8+ctQ3ySUz4
zANmLB9BK)6NGqxg`7TIip28%D9<as+8qaz*$cf(AARdLPapt!t>*c`tEjlv`S=~g`
zB_8gjfE^(Gat{n8a>h%ju?5Jj(e;$OXZi)Lz~)*2Kv)X$Oe2uheH(2SaQK%!Wxczr
zF<JH_CMjOp=W<7^ZoWxxoT!sMD4<F~Km7rG_oFXW-XQ;&n5vkjX3q3qU-Ja7YwI)7
zNEHckQZU=u2!jK484EWR#;!%lr#}@3(1K9K$vsLgt|#G=)LoXv7l)j;-G@&}+YCzc
z^1>T9jGSsf%AlZp<qfIg)sJ7dj1@+(HaFVt3>*K=7yj@Mgg=9%@ROicYLe5+P+_V7
zUpfioTL@*~jqP+hpb$92@7??bj>HG8k|!QqC9CBhlLmZf>ej@+vC;u@#O)phUl3P@
z@a=0qX4Qet&tkbc_a5qdU#fV$4ik|I#u}A5vvkR5H}K$k0Wav7G+;mX;i>f<t}V|j
z>UV&&Fj6;5qt@^Nw=Va-CxuF$DA(Ml+G73@c`c718Y^!RBFt)M8J)IAzn1<X?0-nx
z=9dgw4*HlU#3o1Vci(84XeoA8!s~g0Uh^g0`1>cJ1UQoY9z&J4xKfx)iH+Yu4*Kj1
zP;U0nV(ttt133cd11G0tw*x_Vp!}4R!S+SQzaX4jw`;K><zN+%a+pNEGlOfGP8qzB
zjQZ)C{`K)($x!Wy5T_wErq7OmCaaK5A;bW5XrK8S$jG$^!9tfn_1_K8=THHH&`LqK
z?ww!2!%thNt94_f;pR#UNoD*2AN)%g6-mF9{Nzq5Mst*vFB0`RbYyAjg;=9EpJmq9
zNV%!F1oN-JLSQ8)4yZ$o=u*hXZ?Kw~N-I8>;Dymq7j5f7Sa62Qk=s!W`d{;yR(ki#
z44K?iF8;_X0HQe(q^Wk*NEruNmCh8!#D|iG2%rXW;rp5!6D@1?{$)V{9Qh9E_Roq3
z+m=I+MImkM`J}{N_xyI5;Y+!92+f!9VC%0R#wv^Atjx@u%LdWdPX+U}{%|tkQBcSm
zf?TC;VKLEbz>RQHKi}k1x0!zxSIu|<$SivSly^k3r|}o%k*k^SfsDHZ&bkbcl1^%g
zVOlBVJ|>sz4!yqXH5#UWWyf&Wz3=ONkOak+I1?lt_x^(pdvUz#`t@;sb9#UHat3bd
zu*XK<*_aE9j@X09m%zw4f~>2S{Vu8!1Oc8v)d$;TI%k4j-h6C&{m1NGWXM8BYhpF%
zXDs+DXXK$tZUQA%W(-7}g&^X8ixdPy6Nby`HKw3t4hiQp$eFr{v|y;GmO4=qbyGM_
z-hWMQ0l@2vNL!eQ=D_gP<eD%h;R&FUXpTxim5mCE+QxE^KfK4rH~4lN;=9Vr$6|K=
z3XcqD%Lzm-0{PJclZg^@+%FEjCx?oKVfja<s<A>Z5tV*v9h3@A!he^59$s()gBkP#
z3@#VYi9KR9<&km1)1ZwgfzYlGa*^b@0OG}7=)EpAmU8{RshBVi6^mp?66l6nvn5^l
zpz~BC)k{e(T5sqwGXV(`74!Jub(&JJq=FMAaKB$q-iQwx7uf#mGyZjN{+EZ_1IO<2
z#f?8_14T~{1$JVbb70J{sE^KI2(vQ|Qg{B76`)3Y#jTS?>sAWURw;Jh<7%+oHb>8e
z;eg(-H3)TQBke?|mY=%1+>>iqBqW1K?<OGnE`*r_g6)>a@Q?BN)KL0R{Qb?nqpD~<
zZ2z7y2wg+mUmtGP@m>QlAyPaYpZ^8u+8%Db+!(1S>zvKEWkVXh@!`q!AgK<NnVS&*
zbs@f!2L)C_;gS)AB&Xj!Aw%pT{M}HSG7zQ2p!b6e*c!A!>OBMfFd!sf$`U8e@YJ&v
zdgxf{oBE`yCZCd-l0)@7K_mE)%P`@v4D?yAS$KFT`{BTf!l`Vfg{Cs4#l^+BRB!Qy
zw00d?_dvnL=Xe7|%oPr%EQadhpKjo0GeG4edhN&eEP`v10KMLC_I=~A`_%{jJfp1H
zTRy3%QExDJtn#CcQ25si#Do*l%S5UVPy(bxQ!h<%4-fDtTsoc*gBwHS^tFLJ5Xhqs
zP-!o3Yzmrv7T21sg0@01#0KIBMLQ;zdZb^v0Y78&u!-W-mYh4El=-XZFvo)@rXbyL
z=zms7&ui3yTtOr!;*ulLC@${=B%8*BmA@hz%6}{@+6)p6iX5oJR{Y6o9W<uLW<7yt
zhhjfS2&qgGB{5GCK_QgJY(M_%?rhva3RavM$`J}(^6^A&1hE?b^aKPyAFh=r|K_wK
zlaX?!%qK55DF0ZEw}X5!YMfaghDnNGoSt0P8w84=2#R>|;oMeBkl(*btO33Qu?c0d
z!nPrgIvF7yr(8{RXXCSMBnLv;3h?;5_{LitNp{FVr?fuD9c)eifXY+#gmy+4gaYUF
zKx>h!D)8<@T+zr>Cs?+LpdOuO$}^N^L`E4fWzO<zq>r-o@h;DML0ytO8)b9nf1P7F
zY6_JEalr}GH*k^ipxR#oXD#}hC!|$HFxnlzt{fd>AhfpWgHmBfz@CxHLgT`V!Ia;*
zs2=qCf^ud8)Ua<Sh`G@h0ui{QgP@T<H~_lu=vGA-DH$dM-H1}H>4&vO&ou|%_<oUZ
z4id{aJj1d=#2P)KVgX$38P?q<S1a^G17F37dU1U7fcMaDshOH>MW=deD3FE-$-CYr
zsdFV$Z2N$C8sKOfSW{c4Ky5!{+ARdVh8~bgi3LbaGE`6p9r^X?|FG}d>tm5(Ef)7i
z!Idx1pK5PdGr4PffNvU7Y=V-g5w{KoWo_NBr4O?w?GhmF<bGH$sCSA1i8g1K4jntS
zs$*Jo%jMzmzde{78NeZ8n8)pR<y}E!Qo^m9Z2*@-)gmq-3#MT<?4V+dyswJYeuB5o
zj_ON~Hnj(kO6l!0s{7C6fc%*Rr%IJK1NkF+@i%DcI{_+QRlD9Z`#+m}mrVyDZy%t$
zk%2Ir{TiR6A%IY46bV8ol^m(hNKW3R8KXzoqiwh>oeeC$-5bCj<D4C}%a5k`^B)j(
zjIkI3*gkW9yq#kL!<(a)i?Zjz83K{-H&OWdvh8O_`d{IO-|fO1n?T^I`gHZt^dCT_
zrrp1~=eMdY*2V28M{#WnMSsQjl;=mR6onS4rHm0IxsIG7|MEF+GN1X6wTh!zrn6)t
z3H1r}6vL`pgR@U9j~(>`;kXlA4owcMhN@6%UgN|hR0<;<QDO}{^V(r}trVOgv{)Ia
zY>WYC5SH1`lW{HuYPK>sYJJlOT_EB3O#Qq%k&?KKKtvU;agu6Ktne{EYE1Jy%a^44
zP)O}AHG!-DjJLuB&dqrsIKD8|EJRKfwC*-a$!s7{r!>~JFu+`Z5<YL6kg#WJIBiRa
z0vw^E92c{{KcgaA69)SD0mIwk2tS?QU<WdsexHnF0I-f)t6L++Zl!T|7qlV>Umxi^
z+|0hPQAGEP;brCDr4ldN1Px!gpa{}EwK~BU=WHtUM%{f0xaLVv&Qhrw(iDcxwKn`H
zR&U(6GjFEJ$k`LHW~^Csl5cZrqkdcy67>JeUSHO(S+~B*|LiTpclX(wxXB>yl*p*0
zt|j=u7gScuSD_@u8cF5oV%PfCVBSgz67C?Gy!<5u@D0pIn$bWk-T#bOm#JYbgeXx-
zgo-i*#@`jZcArT~w}IR4JD_uY{MA1$0<Yk)lD{fF7_d#N<d(E>M4iR*ItFFIZI?6K
zcz79&GY@2evBPeo@%qi=lP!=)j7px&j-LR(mIvaw{G%j^(F9A#`y%@8=~}2@qD_GB
zX<S9124pxZbXFRFb}AM<2)J9B*nsy@M+{3rt|!-3AmxNS<W<<yGFyT{>-fxP+$h4s
zX)HmDwVkJ_cZEgXM&?K!<W}oQ6B;zfCy1jF*n|}n%n3+}#WxtEuRNOlJS>&p_C+?*
zvEa~^nbT4WJ(fkqJaAu&-~mI!Q#Gc*Olq$g=2||+jRT1@5vf332*npRm!@)mZ(H%-
zU;#3h)~Z)<`S5;NZh}Lnf)KWnC&lj$bnB;4)c{@X$I*8c!nQUWj84rO5AI`#@KCVe
zDxtJEcP&ZLuAS1yI}z_;?_KaEbBp4U75sYA!g`tQQg7|YC6VewIX@<n&6;Apns-@s
zSMOT$_t&Zt>lGQzjbI)xs{6QAYQXkZsXvrCv|i%s<e(a2qovj8t^`^CPf9Ay3AFP>
zvP*9tkg0(RF{=r1Y@$8V@uUhASxCo<z6!4bq$)5&?MkiWmj~J=;!39_{1G);7q~d9
z40<C^=oteglSkSQdMIdb&DD8Cc6J}Tifd{Kq@KaM^PIAChQYuQ>&(j0&~m8=SiK6l
zxS-2Wfr&{xNT2rL&PcrC+ml^i83ixiAeAx{_}Qo>Q{G!}dKJdR_hNs}6QoXT0zN?~
zn9_i8<{vFU+mTL4F|1Lv4Wjqjn&uEsj}ceFAc&NGS1yxiE?8Cv8$A+)cCM!#{ISf_
z;9kc}wW7}k6RDvLfhxXjKGii-|G@cf%*?^}qk3R=6&jERDTm;s=BmjQKgY*%pE(6Z
zBvjowWs#>sPlm$QpOYCWWPgxNI`M4x)vkUZYMD+Qwru(W_(Un#Y-#&v2JX5kCaH!P
zRq7qu^Sw+HrM@7;>_diN%?ZAbR=T!2ug`#=t6LsmU4DE46l_jV_LAxbRn~R@Wvlo~
z<^Fs8EO(8rb(<?R7uhF@xw`Y{`xUPxx8&KCgxBHBws0#f?Zl8GMKAwbzxAVeBNMpF
zoiI)=G8f!#zEmHxd?bat?ec&x$}Q`g<&4mx8b>Ld;$B`_{u_@7eRsvK=_z=BeKmS@
z`^8<}-Jy#gx82KU2#QNkps>0dfX~J@80MzLmVGHMKFI^!AwZe;4)awz`n*3U_dO<J
z_0Yaa`%LpbM7D`EdVoF@6}VFTQ?7}8=S29ztCp`5;6)PIUDGO%o$$5BI$|sOAf99~
zQgv^=F0yyh=sQAq^EspLzvVJOvb4Utkifr8h^zBPHJU<C&+@hl+UwQIpAZk<My~s$
z6Ik0zz_eU6u?hC3PrI#8jL4c*L7(ZgC<6DFe>7b_)$~h8Ic-9Yd>9g5gWcm9aDKK(
zFLw}1;YqiN{AhRLRF-q<+ef7ZvqwyCip08sBGVaYD3tNpf^h?@k{~p%NRnjuAsDdZ
z3F7@85Uvc1rZy*j5G#OD(r$i$@(VkflKMdoZc$JT<s2Dusro2UFg&Y<iFnFjlJJ+n
zorheLWp8ys6X4Ga97Y1&vTE4{MS}<Fj~o(pG<d8{!<(5>d@5%()sWn2zC3&OqaRtB
zUMqt%l<YURj*dVOAmm}9D>ecl{c#Z*Cj~a!mVu9Mh*HE8x*4Cnk`k~W_WkSwJLayE
ztmYEbTavIT%{Im1XU9v9A}uvG7@7ZmDJQxM(ZxgTn~i%vA2(H^>7zXeO&XqV-L~Tf
zyBO4Oczulj!*M#2Fn(3A?{Mi{UCgq!tkF5PaJ$pH3-<MbLrC^Jf1USlaU%3Inwx%J
z9bfA28WhKsZi6G^n}NNKtvmBxiA@1>IoGWEIi-$uddIw)MYR<X+HTxhGT-lllp&T6
zM(PvsUQn>kUc^;40o0Byw4$Uk=6^qxvKARHAH3`b)tdFMi0zqo0Yc#Y<Z~AF<ap&}
zb_N~uaYP|oTX#l@<txl2sLV=SIQa@73nvB>*V9Mp&zhXus*16b0nd-te-6RyITjw>
z(IEeAfUJqKRGhgUTi9H09@A>9mnwj^CDLZGW>rJz#D_nflR37ZNAE;?(i%OzjrPqJ
zp2P}}6<$z!)m6?XRzNr0UOkQCTB%Q#d_J&tZuv-{zYt0;*|lz0YBZhRRVZCh@b4at
zC3{Gm$V!HE4KHh*y(KBAg}A^t@nY;_NF5O`xCWq_)w|Q9*?6Zz&~QexyCs6uSX~I2
z()rz4h=h^P8@naDZgdToE*28;7KDqRB=?c-Y+Y8lsk?koBUB|kQ=`1PgID5yS!qFj
zCGi#W6<P6!HI_CvU9PYk5~tSqccRH{`llUh+yasyzNS(b6V@Nq$<8lONtDa|Lkpb0
zgJwB0vU^iiYJVXOQ8gcYyzW7LV#pznoRw3BQ{%&gs+-b9gIDDVL-qiOU+ddFa_7H?
z4E{BtPqrkPfW@7~t)xr7@!r~?n5xPm<FBuRubk8$6_)x-^d+aWb((GW^5bhW7Q5Hf
zlxU9x$bBOtnq&$nrD-kVbGH+JSY}szK6+RBzJ+jR!sXkPE(q*NUPniU^28#|D-1?o
zD7qt2fl8ptPdz{BW3_)9D*{JD;u4ydNqrw`NgewO0jnh9B4Va1XCp4HSKg*Gx-FFz
z3+Y7*2=`0R>~H!eglZaJkK$sDR>8IpAc^VxNS5SwZVE);VHFaN&&|bLIZ6mq?JOU3
zx&oN+6t><p`uuvD$5qalY%MzhMmr~{2Qui<r{+lX&<b(?@rv2Sqi<$sN>xAxSrart
z+*R})62d&_AjVaA1$Zz*;cPZEeA=Vn5Zh}YAU?jRF^cx*oPlGDL5o1A4@SWgV@_r)
z`{*ApD6vfp`ZIIJFmSn!ecXw;s_TVb{VsLy+TV4Fulv!Mvz=}o^N(xt@%%fK*=pfK
zWIi*nJ|#)cwwz85T&DUK{bSyb(Vt@w0Nxg;p78Uc-hO>(Su0c$3Jgz4PkriMLnbae
zQ~9%Y`^kt0G`nE9x<)JNa-kNQY9*mt;v=B@t@fZa!=zgAGE5htS3a9{Gaq~JoK;H_
zooX)Hu=&3xUUCtXW7j@|>SXZHIRgzIZx=0UP?9HAgx*We0W+WK#}8$5o-|JVW=e|!
z9xlzuH+$FD7OPjS7kg+nf)Qq@;RaV5fd}IlXqy)>L@qQQ7R%qF&Hfj-4YsFpOGvk&
z@%8o#!s#!l^lG-#MQVy)Nc<d>9uPI4y|Wx5Piv!dpVA@4urXNwPkBT>pM7oSb)=>w
zLqI1Nb;|l=5evt>&r|3V(3;U9GX>~>crU#cWe%mOKn+$do6Ovl>xCFlx>*%&kObr7
z->mV44Ad<*N&&_re3fdip{7MC001^)Jz1^~$z1XGa+*VzH94OGdTLQW06s(W`tyMx
zz*G2!v-teJ*13Nj$qjf!W>>2Orz?B~i24tZP9H91LNf#Q<+{H1-J$NrE>GY^LaH(x
z8b~SG)Iq4&CFMkc&b$(+-`nG5INAmEStL9op8>9h_X%x6gfcfbV}jnI0!wo4qvv#~
zYAI{q%x1wK)2#Hr$7HxmGd5E<E3C-43`l$BWqn5Le_c>OAL~5(6=vIE?(C?~uARs5
zW%=dkqx!RjbL(E;lXTi4H9hhIlTnlIJiJmMSdNW%$>qm#&gIOWPS!SB#FO%c$xmKS
zpEV0y9;{}T<fl)XZ`RIZ;7!10nkK`1i`3N4C4=<=?|I<p<0HaBxmR+TMPmMVm^VF_
zc_pZ>5tW5%w_Ro1+A0JRU-u9FTT|FAfd^@OfDBowDw+C-U`DHBUdz5?>DQuJt{B);
zt8leA%F}RDof>op(}YxXNejPjR5|uNpal>FiHXzku}s1Rx%(zOC81d=fRMhXv4>`V
z$<ZKjMWx9-N7?RBh&A1*!vBB?dnY4;JFt<=$GNEeFUNZ9SV{^zThom!1B$>HGG;Mn
zWVk~)waq=H)AYd}9jf^N{9U-jZO{ej02N!3xvS=NZVeAO`FLmdH7$+`;8<VwJ9Cry
zfGDDA#!3sbRxuLi@Oi2Tzn19sipip(3RWX^Ml&rX&fmgc-~xIA2!aRDsiV@TL-YL0
zL}i=(8Z`*QB!<~FA06b2y0ageK>!Ba4!pfWkAtN8^VJ38_T;bJJ*#SLJ%?m`4G@}M
zT%D~M$^7W{-_e84DY>LdhFqNl%7GZ-&8*DXW#vygPEfRdz@lIs96QoECj?{K`E)Hm
z;vRktYv~BO)X(?I7cmJQiQlDU*o!ZQ1%t@{Grq_-oi?HFwjr;~O9QpFZ^`ww%p}xT
z^6RmnOu(?!3{F#?9EIn9mU<LZq3St>>LvQ>4r;Sp$2gNK&mt{aN#7XrJXSdq#`weY
z_&yGNZMa1`!FZ*kl>S-ge1hG$!B~-$w+da%gS*X6!7G@=e8Zww<dO4>iq-W?Amf{W
z8$;bUhxB*&*-XI`hSvv^$9JAB0r8+)W=;!7`HF1C98+2gCqG@@R2jgtEv*(J9|ldu
zwOQ2Ww>w-Fl<y9f`~tQ3r=}7N{uQxjC6S>_x$VY8{BDX~%${<vy822&D(D)=;VY5Z
zHUdzb*uMJkhe@rU;=L*1V^9472f{3NQcKU&oY~)U&pL=ExT$%iTH>jK<Hqh`VCKH5
zinkwb)ZuJjd1{)=7q?RT)q>$~Aci$`JKYsceX)YEv{;21N1N)s8v25m8+SU6H}z?f
z>*Yh`R5y7MKzh3-tLs#dsc#|H^yk`3vYRhK8PrXz<p^j5g}0w6X@a046hC~nFRRY#
zr;;ph${rPZTpNW&>M9){o=Gm{iT+u(n;)c%*BlGJ?qR8l{&++e1`a~J>-qM0^bKAZ
zE?FkEK9Pmg4$z&MkFHap0rk&|Ch}w=k@vyaLF*@SIDOO;Y9^s$^`#!|I<@+%z`G%x
zLx!890l&^7=xDp~dG9NSIlNA7X&0DA(gTv57aR_Os6CQPBd5j<$7~0kc${DqVCp=*
zz4rGO9&%a0dlFefPks`-e!9;b$NMSp3MF@1&Q$Q4mcGg~CEY#ArX6KZ{JZDL$uM-g
zcL>nOw6~||7S_csCuj!fs~^;>F;?%s2AA)Mr+UZe-MX6qW)=a7a6|QctqR5@jA3uL
z5|PL>aXBYH<@G`LurD2${cmM^GnMWhmOZ7=s+BCeoN$wlx~sfkRzhpE9qFGET(C+%
z5ymvplg*d*wJyzc@T3;b^z~^Amxp8t%Vg@flV-v4fXQ!PG|cl4Elz4?Mi14t?8TI`
zh}i4c@a@{%hw~o@PEp<*((5j0pK!C<J>p~|2tjk9_wxluwsn5)qlBZox*#0d>q)~W
zJ9P<CvAT@J*s1%bIQ>O_50@3FX}OHncdrOqJmGN=wsNLFX@B3wp17!Dxg;9fb5PKa
zdDn4o)~k9ZRFrZ~(|Yu8Ad|J7Y}ti!JxX|$kS!#`$#X=bW_yRsEI7+sy@eXb0L$=V
z`3&Kc9#R-30$m^!%z2r#2q~x#x}$jo<_XTCzUlFfYdD)DePJC=YJ{E$nT4L1oEE^I
z2pzN0&WsK3b3o_bi6IZyL9t<_%yD!Fd?EBu;D?HZ?hYS8scaw|EX1CvOMgAXaO{pp
zlvXVsH2(2;r5(z(r^xwf0L_bOrwVx;RGXVSVaeT0?j-v`b<%1?6gr3C)b7A%C5IoB
z5IXq+(!_E3#BxL8cdUDZSsa4t35oCqV=>a#PwTGx94d&)?dp!YUgcU86ovZk^JU#c
z9O6UAss3^c_s%scMu8ecn|rg?IamssP<_H-K&wEMyn2p!?Vo07`xYonD^Q1c0ur>l
zW1B0$=Z7@uZymMbW)#2c6~1Ggxv`qJrEA?tASEXv0az1C-o0GMNM>eiwwR}LO3CHW
zg`URPOr6TC{BrtACF)V#C{oec!B;HlPv5ne{Ce5s3IL>07FPe#Gaj0(9wVoFQ2|=x
zC?gUKr1V_mqtqH->_mpggrK_=6y|4I!6Lb4Ox@ivZT<3tEFnjdlv`A{|JJ<5hlJv`
z)r$nN1*D))@9~*i2?=C<zomW@6vMr)8F+oHa2Uh$uuk464fauyzjMnpBRN9p+{dHb
zc)JXv=&z{THGoB%oUisquhI>^-`%G8sqUW+fR}_YT+D(O&v2&DJFv>E>ICu@(0%yo
z#W`1y6MvuhEMw}Cc81C>neaIv1m3iUYp$fU+_NhI1xoj6K}MZQq>fm;kw?NV*Zd`F
zWxLdCuI~^b$l81m{%{+L4~2p=EAQXIZ$BrQVZ?67a!`y>CA=7oiPJG?%F*$RRC!sR
z;xk?=PdpUUi-)Q3kb_>c$RVw-XS+YquWgQtCFtpOLA7x*i8xjOy|J3v)sql{TiM=@
zaIpK@&g-!#rIl@sJbJk}&<CA6Xe`!Eue7l9`n=CD=G|OG_zB%L|Jkao3{V|hR#8Ca
zhnn(9Pgw#Mgh4PNb|U=iU;^C^T@8WE{37$v=Ef_Y+pE8)Y;lBO^vIziyRC}rbx2=Z
zsB%8(xC$tDXd;g!Kllu}vPK|x#+%a>>Boi7)f)Mi4Flv;uO_?d0j)Vk0l7a!$$YL>
z7qcV-AnfC$kN5Bi=SVa09cSz6{w4R{LZ(T6QAS)CBr$Up4utBPI?F8nxuNf-TqbIF
z8vCw@fyy6fIJf5mgh3e;!9@xX@Abp~N7;ABQ{BJ+=j0SeLs^AHLm@jt#Ysy>GLAhX
zGP7r9NfRaEAbTCFtn67<R%S+7MP!wg{kz_Bbl3O3@6Y|a|F|D5yv}P}*YkQ_*Y&)d
z?NR%cadU1<m9)>)JSlgdm0%9qqI#T{GVy7Ij^EX2)EO-H%$eEP^R)W|wmO`9L({Et
zUa<{DLUN1NlWdp%C5E>LBFW#ta1EAYFUh5LEx5TfOchUc=LTOIKa|lhRG>8_X*6zC
zzxXkxJaqB27)$`MuukVLoPM%>`}SP)9vm-jidl`cDa09AI`6AoD@k4_eNTO_df1uZ
zIRsFeZur)q(Gh%F)pbK*;on$~E6ga>z4eNe;yVvG)lq0yBt@w*x8K)Yukyj-(Vi2R
zsMEiBG8&Cz;?FY2qc2>zFe>Y|;IHm*&BB6bTt)G)Jd4cgCpn&o7@A8o_vO$9z+>Bs
z(|JLfy6#3riZN~XJi-G)6{EoSc8s)^b)CRK{Wkz*`PIT{iQL*N-vd9mRbUd0ww3Dm
zzM6oqHZ*+hXi&SU2Xv&&3D1WF!Ull*Vr<_pL(47^S6!|{F^lU_zSgYLdMw`BAI;G+
ztX3nYqz*c5`)*E_`ad^MzaL%76G-<kWV(b!P@<x65~9p=xPlfVnh{PmHcJ{+8rsl=
z;Z-+1VRX{sHL3Ss)q57&a+tFTm)XB86wMXhke@*k;H>_7%NiyRzfTf$Ms$2n&#EZ4
zo}D0FaJ<r5Ngxmstl3F5)zum1PvTxG3P@$aQ~PMMb5T8LD-U(V4$+cG@=3%6;?T2m
zY>%(lByYW__)c!FU|}RnaV2!vKD^k<BC4-e2PdWJTVG!vH0QCRDFj6a70ZheE=!R!
zI<Zpwq&?JE8=ff5E9rb#bX2%2`hI%yk$7`y&#lrq7cFL?w!+h@*WM%28mB{dEuD~E
zrTrl`fuG)bYx|$ssSVgJPVt4`33qZE*QUgIjEk0roLryJT02{V@vSbSGpd}m%133w
zRZTp~bed1S1;hR{V;gXYQNwuISVz5f#w6O>Z66Pc4C+%%UH)8fZ#3GAEejjl4!ZV_
ztHw=#CpVb=P#(z?h6|fPxg%)BJ3aAfu;)pSv&5UFK|;80WzFozNaAHneRqDo!A&$(
zGRA%jE@`QBr>hPm`CMxwqLtWYltggM7tb)Fsc>>KeW!5G6k1QAT?)wCUKH+B3Vx{k
z_<Ne$vWX(PSjS5W$EWDFG-hAC7?yZHz8E@1E4-jivAo4Dd}TUb^F^IWDdm$@6^y5*
zMJamV4n3p4pv0SzM0|qc^){2Oj27;iFxF{cf$Bzps%AcLqKA#0=ijE}<OmHOz6l|0
za$Fqii1R(ABM<Fw92(GSeC-O!sZZ4O(V)||pW}5>#2C<VLrj~lWQn2QQ8TsZe*=25
zo4xQQ9#ymAr_RT5=gzX~y)4ZaPJ~yF2nkv@zr7h4cbizmyj+3t<Ti6RlF7|wZgL#`
zf;&4st8h&T9dv69%FC@?U*eMsUWAw3L9)g9Opqu|LQ)TM`L7p)zYAiN`dfOON%~ag
za#0~j4lm~Q!g5qe_Uce+k~lOhejSqbS<oE4fnlt`cvRB2AokLAzq3s1ExqMbbx6ul
z@Gfxp8Sh6M&SXsN<f{<5LrAQtHNkvxzTo73p_Thq-Ri{MRcDO+LK5TGA?2O1UwVR(
zl->wWUK^pFz94R)Fm)tt<l+mXaHL*D5agsUO>7q2xN?8qMG0x_lpkKI`9SQ7T@{OW
z5bbJncXaU^HBxzNdbO&wE1l=*G^qvXh98}*MLp}#iFv~n$f<5nUS4jlb$-fBQ&W?7
zD5Pvw+4{o%#rKungV6gBnkXOV#w6~RmP@{h3e@!tOCGC-#939S6dzrhjMAzQ(q-j$
z%tL(Pgd@RVWqvG?>DKbvviP|Ds@<kmfJdoB-)-lf=n40ATN;pCq+KYMQl+VXNK?B_
ziK}Y5=4|llyXdX!4#SU}1h>@eOq2HQ`5`K059>isth#zg(vw%v*b-bO`x4K35f?le
zFScw{>lgQG&jZ#b$kn|{ID2UK4#^e{rJQ4J^Gj4(BHk!z*e{1qHm|y^9)!8fb_`rj
zTNYjF+nL`OChmk0LvOxU8U~d|<Q$xwwr(F98+rO>OC=*QC)qTpw-v-*ooP|gJ&v1M
zYzi#W$H=i)%`Wz=exy#I5QMuICy$k)id%{6ZNA~Q*d@VyA}5UyvT&rsKkLa2zHu)d
z9RXFAnzpvKqw)9Hce5_=^L!YidG^ruk*$W;G2F5(L@)OKpBA98np4HGsb{O#v6+%{
z$vuZLj;o)Jh}|3c4$@*KgzJ0K&>Wght*YA2V**KOX}<IP&WM1@@-h&EpIqIBPoJ4I
zlp0XzRVzKWJpSEHd+z)86WuyprWrD|<HLO<UXRnD{nWBY`L1&52b+~pbkAIZg431H
zoA>{~CUhNA5mq?)0m^x^q2}S-tg?zWj_sDuf=h%&G&==H@@Sf9;+2eXmNc~6{;&2v
zOssMgN?L6_i6URyi)OQe^cv?Cam`<Sl{t?qp|4JC>eSL}Dt2D@K)}R*!xz_B9X%)b
z2ZsA~U&%Nl8hUS0482j`)O7N?#q&#UX~HRWf?da^9jzVDx)``Z>E|N`kP<53;i|=(
z4HQ61a15zLkbHG~e}rTtK2T&ZNU!42GPo~03PIyiT%EIPABDDsbwsc+KEJ6f-Wc!J
z)c^cm=Hth^UR{qXOLj7Po}8ZEM9;twP5V;%Q_z|rmBy7&xHyzjF59ziW>?s^bum^u
zqH!~}nzE8-@BLiohvLhc>Inmv=fXyoUEf)k7<+wRWHl)Ze(4$fjc`3~aj^F$5#YF!
zdY<tDqBmr2a2E?HB@dl+2RPY-)M9Yiq6yE@kElPs8;QnfqtD)l+tQ=qmEF4<^oD>9
zKIV+Jvis;blu(W?cg0)_1Aa=b>&ND&3wJ7PLDkMT>AA3~7)|;VVZpJ>7zKGNZkyF%
z+_tbULikhNdcLPedw`<MiHM#(2_=7{kg*9#<{)>|rg|(gp|9KA>mlF>%pZRCG!(K_
z?!7LJzoLA&PKV+S$q@oRs4C)#C3k|;N2B;KT3fZ0-h3F+&e{}U*;OM^`RxRHQ4mUC
zjP{+_d(zj(C$F~)!acsR@?nzuh#SUbKWwG8S)568+c(3RqM@Owxo@r;L$)}v3c5Ip
zcCU9`%o)2?Dl@^Hw`x-hsfBK@Sx=m0;aDa<+cQorQbmS?P22HvfSk*_m(%&W5GvWX
zOGOq#`QW?p!nu!@0S62B*=|djPI*=z&X3lnai2M{YWz-@>xFChmRo@f!b*)AKBYX_
zK8ahexlV=joMX4y!r?Ho(o}vxi(<A}yISbSl}E0X?0yW%Wh46^jORki_xy^at`v?d
zZ2T-!9yhgl*q3fy>5eVLX!qCM{P`=L0(a2|N-t_xgEMK{n?2vEX>e;HU7ce9s(csh
z-g{wtpgySi<{)f_`Ps8)ky#-pE=HWE&#LN$)(|~p7cv&C5GP`u+Sa2e!1u$xLy)X4
zu%)F%I#(V4pi$!y?RbmEg-e&JpZW&e+n1%1K%1eMl$69@cj<ClCS}~<De95XFCI3W
zo`g47jNqbS38d2}CC*5nzI7r@Fu-rCN9gd~3~mHzV!1H4=jZrTmigL*ZdH<VrAD~0
zF4$*ZDZ{Josy`GI{6LH_y?5=CdX!O<Db27(s0PiEMEh`3CJ{miXr%U15M)MjSdvt5
z7#e7_8o9N9NvEY+biP_PPxAgZlzMZaVCkk9R&$!RcbF(OTg6f)H>B@vG{0wgJf|5_
z8cA`zy6^q)C@CmMeU!vHk`@}z6DTf?nf|dD=l8fiWs}PLI2URrg{osToO^DDj4~3E
z6OF@H;+)U)WvQ^preKq3EO3r3CZ*N{%+OxLP~MKjvo3CVbDo4~<6|qck8a#7zbrBw
zb7jc))w?0lxm-(<Qsiy%mM1lfyrZ^v1-V3xqd1T9#N#Q_$&LESJgKV=rI@U|KpR<^
zmdws9I-3?dLX89Pak-k)C3ngio$elZ7w64svwfO>Pyn}ec{*M!%tEK5OIvJFEk#7-
zw2-Elq0^qv%Eb#fYA=Gu$eiwbLAk@NDwS7yEGIT}0b;e6cT8`6g!5ALS?SGFN|<%s
z`DI~vsK#WaCP)oC097NtHz%NDHXSN~+{(tcy3FX@r%U&tA=_cnw=>H7gZJ2<zI)>$
zmXUWm3_P0EUY*gFW8e@<G<K&Fs2gzk_CWh#=ecl>tzscNna=9gf{U@F@Y(XJStDMw
zoQsQVhX5t#rlctj)A;*$)E?rjcj8Y91LieNE1Z=yJ}>2lzL0hc@NALGOp^BYR&BGG
z+`^=^qR!*oaSh*3bm&vjIkappBJilHsnIW}lx~OC05b%^u#rJ}s_O!y9%s5p$0ek^
z`qkYOTKyJOX>RutMef2-o~K?@XxQL{z}&lzj=jcJ_{!;q{M()P9>E9nxJ3GN*A)t?
zDn*C#{kz|}d6Pdo^!31Pa*NB^kCf3iQKB+-5A`1%*;g4{GZS1RS~}UNxGmo5qs<<J
z5k>{xT19P&u>xIJ-`l+8RL?k`_TY32;__tP_i*Zp`;D9p8u02cAPfYLyMA;T;;f>a
z5N+8rZK^EjdsyzlLvMa^16HT%_e|^WoR1TW<!@GYpE68x7u_SYG+C}^CrhP?QD=Mo
zNe0Vq6Wtq0_<#;ssg&wNB=nuS=V*S+FSHjw-+d?T=4XxpRM5A}F_SHDnl}hRbV)`i
z97~3dt=MX|$ejwpl<|Qpk>_M~aA_BvN>`PY^)<^Ij+5(?b~Lta*1>XWY10_vXbN8V
z7b}#uIv|`}d)htxILXX;s;ZZ2H*Tc4tW1UPSGJVx+LH9rSiEhu)N7VPX)&ZmC9}b1
z0*!mzGE!Dr<I$Y5La6a5?TvPw&D?FBor$R1o<0>pzSR3;U`B2y-IpOvlIj=!{Qw<9
z6P!l?M?6qW39UL)d=ilcdv%Y=pb_(4t64zdi?B+tP1L}!p;W6`7RK(y^1%L83zn%D
zTROFO@HI|&sEDNvF9<hJ7;1{S`M+|lD9i3$jJ-G8Jh4M&7J(H5f)t{R)=1u|HMw;<
zUp~p#xla4E@=mj((gZiXX$w!L`ru>l)3(yUD=4noEKn*L_L9B-&bO+#O}0TR>Dzyc
zk$=^m_;H}1SIRp4tFddf$wH`R_y^fGkTUvO=Cp#;`Ybkji&ERSLt^oR%bf|ao^wO*
z81IxF1#dfd`@_4?fi-A*aZmS|2mM;$VB+TA@W@Otjl`q;@s*7?0R`i&<<D2BSTmJQ
z8C_O*aLV{w$36VuC0m!P0$#FN?_&oqcv_!@GS>n`b~^69uhx{Pi5q<LQU37xhemSs
zI?dgoo}nvm7_#abTxa<e5_rSLpg2AgS{^z9l<AL5(W;yF5fVpYdndOrnDWGqU)Opa
zBGrZp#8fVX42on%B(hhsc4l6QWw&lZ-o`NIC_}`2|2@w$PD&Lf!#i{@+ut01FJ@}N
zRcm)|OJNx!|Gq69u0E#Z)YqiMnk);`KYy%!<{DFeDr`t%T5AV`-Lx;usBoEi;N@@)
z(ZIRq*i|O9o9lPBnBaF7ajR!ePxO67ng&qg%bHw064U$EU&40<EY;DEHCps6G{>i=
zMED7>NvQ|loeL6E33|V4<;GX-rGC0N4BWFvue`)h;d!=E^*6<g0wU{GQo@~=LZ^FD
zrF^su2k?9%l0NPOXdqf{zO%AyTZ`z-Jv*k_&q^sko^&Zg_GUj->VZ(!bIWE>G8>1v
zfe5a2UGC!-a65bvH?2q`Er8a*o#AiWDpprl$E7bM_qmBjZ+rfuWPuJx07j1}V%T02
zOycgf^akCkbVHf~Kv&>VUf}U}$ycIS6_@LZ2@^KAd?EY$!MU$Z{e}SUBZVODT&U^p
zk6my%KfZ+2%UY`lezN^`ikp09YHEE-MCc=#GvX;vlkaEXncF3soY-s<E*YXFXQqxm
z7#SI1+kWPZB<}ro^<7HEo2RWKy|*aF%5kVKhA_RpZen8XKfOY}sxzec`5UNoWg}%U
zWv*Z6qFh<2)m(uO>)#@Pdnb41@@W;`4*i=VuJxZ1dlQTAr?`3#&nX{}nad-nR+wPM
zk`5T^=?&cWZaqu7Ft0>0Tdp0c5Fq=urshCp(`GWHpje%exwe?DQ?9bn_#=IiYr|Kj
znG>1{9~c%+oY%IMeJeFLwN-SIWKE@bLfEbO>>=HT@Vneyf3%NnB*DG7A{w*-YV{o5
zQWyM2T|?lDE&MLuB7_|WVmvRYxG0kxeG$2Xy1K)imx1+0c(+OyrR0XtnL?EZ9Tg(p
zq7y~X&@$#S;jCTDbzN&1wEis~D2PHqi(J=rk_&ZxW{@r%pUBdQEsnZsA@|lnucg3u
zaDO?7zO@$@4%!#Ih)E4dz17Z*>us4^vZn4-w)Rp>&WMUCbCGR$X1qgY=QWedXQv1s
zZ$5S#$1Xxu*=KX6llx?>uR1+Dcc#Zd#<~@MYqG)U_Lw?=uGbglqE~Zi_MM&jasp!F
z81F7<-0Qyi0ftC~sb9Ku4~prHloS<@4;Pst_T@FzB%SH~tVeWJE!K9KOO!#95@zg+
zhv<18#hwh98mz=!rOsvbOV;UCEPLRZlsKzLSp3{+8&#}8*Epd!v8uOJ95S<loij`Q
zcy{l0L#H#fIz0U0O=$|npWhP)N~LSMyBlO{vn&LXdmt<+j;n>VT`>gpptFY}JwYu>
zNo%{H45b!uBiYa!>l;#~7%PH~JpOpTQf!6S`1@rK1~2FSES03!3$Jk3FM6ExvS{j9
z>Z?`pD1bnQ&OmX}@-649Opu<wl=M25u!;{|X)j*+TqcEYlsa^3Xy%fCB}NZKgZ#Os
zW5^Y5$hY;}2$O18rF!L${=9qN1bC4Y&!kK5R08(wL{!8<`&F7Myfp4bJ2YR9ia%0g
z>(F*wOT7EP#T2kP#NAVudEHz_QKe9<jRXTZCmjK~kC>d-llfut*`V<Fu-LnzZ#xM0
zqkxm<Iek5HQHe$R^r^^_Z;GDIi7Ucu{4gj%+3dWLfO%0CtzhJIS9~YQ7m~fXBlhuH
z3#a4!7W7+>6<QmopD*sY`eEWD=JPktxqGwfXRe>VOPTa!NWZeFoR;u@7`8-7)^1zT
z@4^xrH=B%^@-p^8*urL}g>Aq*D!g-DUF^xX(0gID<BW$eF0O^qU2O78j}nPEXX8j6
zZ^80x*Z9<@7p2k@D)^JF)`6vQ4Fg#}hR^lM)kztRE4s9W#?u~~#t(|o)Q2P>^C)Ix
zxn0;;wCd{YY;DiG45psv%eor}l>#t|2Xrf{&#^SA;CQpl-ZyjumDiszKjL7ZyCo`j
zJ7;QAZdEny`xaCLUY)%8Qv&+fEgG34UF~9q$!Ja7Sd$5Ua~FtD4ls#}?Z>aSEJ+u*
zPv{Q~Eh4D?n1@58^k<R+zw@bEICJ{p{#HGEVVFIAaG$+o_7YPy;srv1-ZLiQ2C7x_
zS(0PfLofb9ow!~^(CA4TMkrypcs@2@q$_BESQf`eN_L&~>|?!8(O3W|NmhuA?;WP+
ztb>_P;>%1|BA&252Aq8eQB)sbk|L4uipxw97ooyUwCE3rt<E>(RLWl~1UB$1*PbB(
z8O7mMU200j)?(@7tLH*0lB!Ru8KWVn{Gz3pz^O%Z;e#)MKB4uxx3{;9N6tNVLF21x
zR4tf6wx#Nkti-~tLV3AcFYR{WiSYX{ty2e_;s-Jhru&o1`JDO;6+Zt^$#Y1(H|hbG
zRRDKkoENXG@aL!c;T2FUZHVC09Ah6$KcZuu{q6$8`TAk>aT?KWced>Zaq3rOF(|iA
zS&D!yA+#f=W@ff-Dfgcco(|t2P&+|A%Z24I&tOE@3?!nM%6wg?4>k+qLqa|j5ZYar
z2KMKd7!<^LU(@pvr%_Y1^np1ptq7s`9(aEkh=?>bw6?cj+_7(4o>O=%NAe!V8!yB#
zP8Dj6t;J!qD>&w66J5{vmlY|F`5+cwmCFPb;Im?@Q(~4bHv30hrDLkcA!n8ilLtgw
z%=30GcNy={ocgMza9$4Wr6-`-wSTF1tN#}1v$nSpI8Blv@rGlf!%ghIawhpvVr3HZ
zLu|5N9PQQb1aoiU3vsWiC4~6*yjGmq>=_(fL?a}&4!3~w*dNryt8)D+;mK&AFAAR^
z|2Y?tV#3KZE6WI)zkEZRniuWqgNb$dba4O6&d$ypTn+WPW=#A_b!(#2KHC;Kxzb>V
zO1Z28fINAPhN`L^in4*3%S**31?SD5*jem29$5mG#_QA!vpZ{deAo19J)SfU8nx{(
zr283jL5!fg_{MSKvj41c@c2Y=bHceN1C-<WtaQ8@kc#P;a0!ZL=*?P@tHd3a_BsUM
zZ#ihFd1=t>)rUdaj2VI|mumX!Or4a4#5Y3AG89fLgC~mjDz}K2RzS(rX=8QH9V0l)
z7DsBl;&tBlifjtF{Q`zxvyc=U9*@^}-`G>oXpmf50NKm9H+r{Za9lK=-TMAA2YTe)
z5b&Dt#-<n&EuDyta>pQ&nL%XEAFr;=zA7H`OarC=`IvU|bjrjXl-t}0YBBYXujhYF
z&5t77BQ#yN_^9G>se_G@-V}3g9E94kf#=Gp3Bd%g@A+D+^s+4b+d^VZ)QYgTN~FT_
z2dID*8K=xE2G4bbj^_gm2-qE~;|!a{d>~?*JAI_IIc9z5B(kwQF~L%}<IPO<(`gYg
zy`K12QM);=9a?Pr<gm_5`R(vf;W(G7^76pG_(4W8>QHyqlH=7Pa@R^7jxOxa0!F6^
zV(Es@F$@9x*5A|5i=^E9f+UOL2u>^HlP{u;jf{9@o+aJqfT1qw%Ghwr;lfBflMT|E
zX$p@1?Z+L>{Qq!}%-(2Mh-bQFUBCNRks&GqizCX#_~~8fvrZywQvMjRJ4TqvLhysx
zpsRx?Xs|O5-@uHsUD=~CIssKbuk?I`EAsO54~CeiPgq}Hjx9^Xi)|NN4ja7C3bn}B
zFhM>(KAoU{_{H-v#$h2uv}aa1WZI2e>Acjw0U!(a(OoWtBbKJQyu_LF<BQCR57fAC
zyw4&<_1d$L3h?N`J2X#PZ+4yIRPC$nRk_O9vhQs%fWy?BehgjB^ocq;<9GeN8h!g$
zCcUp%yB|Dw(A+KUO<s@fj?>;r&VpLaS1Sm4xnOnf<hra8Nq5P9Jm7b9OEk0;1>@km
z_+cjlF~;G+dFV*+(*bLEI&}E-l~FWrp?4dZ!R483J+bu-tlB~%!|K3sD^V<W@&XS-
z_m|Bmg<XxepRhk(h5*zj7nN*Zi`bpat7BTuW7lS8X0nIlLN0%{QO#(8T4ToG1O<Tx
zNOL6*GwdVhj<_^|bXuguBv;Ql$oPK`|MB{WDG>QK{-5y4@$eXDDUKgMp3_>`I&FP(
zd8XaaEq?eP#j&DMYpf3G7Xci*;<Y#WCpb$INA7Bc)DIOS#jwj@2^rhZ;{;62%?0Z$
z&9gfUW`X1{M=yDv5#>C$_&|H9Y%C1~26<P!%mjQBmiuuRm&R_mnP6tnA!UAu%3+Rh
zq6+S8R+@Me2195#eE4u2!3R|OGnNs8(SFp&X9o;SSNb&3x(Xts3sED!^yP>gxAsC)
z;DJSU$|Rl9bDR#^*GXDH?~l8$>wrq%6l4byv$C@<_+)@swDRGW9-Dnomt|+a{T63i
zSx@H$YfsG6%WaD28NL0BD*F6hMulZZS6pnh6Z#44&n{<PPoBj|WaQ;Jr7KJ!^?xPH
zMc=r0L=3I8dV1VUAhI?d`s6>t>l$X+@kW3MISk0oCy_bcXen5|+=lKIT7QM^SXS`5
z2I67Xw0Z8Hc)Tg-yTu}1E~%2L*RI6|1O$B63_{xHXF<{CB9}0YllAJj8!`YyN2jDP
zQ|<dRb@SnIZ5f?rFavX>)9$xCr?u8(RBrA3XFJ+Lmas4YR3w${B%+v4$kXAgzgdc=
z%ker<XjekAHD{B4lnf2ePNXW#{z2zTgWF05+optBXfEr7*#pr<VshsjkOCP_QwHuA
z@mKnQKA^QN;C7pTI}5$AmvbBN0|g+;7d5+DZ(lS(+yAI_sZ`oUOvOyTXLU$yRan=}
z#;j;{dE#QWFwFIc7BA4<ItA4dA*f<43a%!|#u(<GS1pVyf>AY9b#rfw0gd`Nn+qx_
zyuh95f|%SJTCpdpSj84Q8dwX$6&-Pr{nfNjP63%U3Sk$Ma;`u!RTtc3SBlq!XP3^z
zEfozu-0_p;G~G?cW#ymp#=nWaewtt~;>Lp%@`j+ck@9B@XUB4{9}JHs$;7gcJ!6?d
zGtD*VUz;R_#70^N5YP-Ha#x@iKX}vH@CW^S?n>0FqlRJ(!;h4fXT>rfAN~--Ks?<)
za0*t7{HViFT3f<>pPnBTC*t;bP9J2u9n~AvzSPP=RoZek1}Tj@kbllB$uhAivfUHM
z<10M42a!S@U~-GHh_GvVX}crs4W^j2$x-tGsO-I!l#+_JL;3|ZuT`pyt<#BOBkG{S
zUqEr%X>I7Oj9|whb7e#c0}(ho&?5$@HJUwq!G4<HKuCjnU|)6VRuhES7=!EZcy)(T
zj_LL5FOU@M_hkn2oKi1sJpr8f^3ssl{#Ol{?(A2ux`4l+v=0H{tMh0f0A~}O(8(w;
zd|2*{jF$ur&+OcZoM_KX!YF;($VkkQtD8wFt4@08@c3Ub_^5ex%g>U2Y(3eJBnLx1
zEWcTwv|E65p>VTX5?ex|JL|@ru&S*j1jE5{oc=a4{rD2M)j7AW3D>!NiJ_&Wegi|_
zVHz-^e%dItOBy?6zm#sffwNjAn{ls3vKI3k%l442bY<b8|0g%}mXrzR_MPm%d$3|g
z@=SR~y~ta^Zi{lGIYjP13p_}bC3X5Dq{g2&S^}m2$TFOhV~>iwd_O^ifEhd|LlO)T
zv5+wpx5}60*cJ8CcPgAYDcKzW{A4J~oXnC^veS<|cQ~+{a@#n+N!u|Kpa=APmFJsI
zwn3#D3~l<%EmOHoaP@4~%7n{j4sBi>+jc?R-KAk!H~M)KucJpWlmy86#6PF+D9X+4
zNX;F@TUNS&I;$Ck=DtgX>`nyv1ju^+O#gMJrKL3pc3wY7XQe3AZ1Sx>a^mYL%w6_T
z5jlkbDKok>Xhp1DquX9VB3l~K3l;D2MtTj9ASU&Rk+QOK_j2ZB%y{)$w(VsHB@85!
zVpfTij6N6?tlb{;?q^Kp_W-qGIGw>65&R5DBpEz3+eBd9F1FTc6od`)6QLw4W%Bc2
zvm2X^d==}txCzk#X-#vzhVb$S!<q@PY9F4h4GZ>j@_^ol+UYBIQFvn~A@O4Wc93DO
zs-EE~-|0GetIBP4Dtt8)WVvICtV92)VfCnm2ei3$b3u4zi6Ph|@Z3Y$tu$CueU`T^
z1Fu(QE+Zpj2afEBO;G%Ery4aiwF8SsGjkliU2RW;c0fdI?>cO0xY0@UrX&I(IXk<J
z+Dh?!IrPQ*oa{kRN`hYk;ovxwGs$%gzlU5r$0g&<oLmlIhx2%%o`0UkukI<mLO?x9
zNl7tRK<~&(p%rKmYJudPA;L-OhcAyB9?>Yc((q`<jvW_f6doKP;0K{9=9GD8>6=|g
zlJ?B68NWMPi(f8^8N2-`-(Rs$nMN7s*lGgpWa(iLEI(dFYD1Ir@<fcq_Fb%GU}DOK
zCREPvr|Y&J18GF`iDjfkxn5{bZOhC~rI#(d)UJ=RurWRzU0o&^4<{KH<-1nwV~;N~
zSvGvDVOLVvKb?HT((;?)js{V9LggsMx3zr_F1G(Husphn#7&ep<avXvl#o9m7;WLr
ze{TH|-6bPUG8|!mpdO1%;|+RN0-%tNZrgV}>(KEIRbW(72GZAVLCGhSnvup%+z<81
z&7!9@BE1b;rmwt#@;g>B9`(P3=fCJ(<X4BzV_C9PT6ft_?z4MeifdPV^OiIFeVJE3
z0_%`km_-8S9$|M5f|Pmm&!0c97)~uQtxT_I(X_v98^1deh$4dj=LEwfOZXk0_x7hE
z6~^l48k1=AK-y=q;zW@y-Vh)hKVf%51v0xOe^XLBweb=lmC+Sz7@~L&#2JLXq#fUD
z&|PW<^s)(|WUr~#7v45rXD269sCD$cX_8(Oy9&@t8iY`tp~IyTC)X;TgJE`(u|ui~
zT3kz+6A2#dH}fF%r|j6$)54AGX(^21i4%|Q6n)=v0xBGPpuzd{_#$FENBzT>KIIg*
zFB2A<P55%5lJKh57B4Pshd#7@XnJ~jPN3uig%PJpjFIsukXimIz_2Uiwv0l5lJHS1
z5C2wfdd;7js1cjc>AVra-z^LZ2*FQJaF>K{y7RNo4ogB#x*6Y*DRPlSbIYCk;EArw
zt0XNfgb*@~Vm0WIXNxsP)6>&er0AsZKZo3;9he?G)3)G~_U18EYt<h22mTpSOp_ss
zZd{Xbg!|1#7%NdoD$98b!T(e8^G}XUKv5!XMvY#9_0}XY<CFWWfvO6%vWFVA!30TP
z5kJqs@cCN9Zr+L9Atna+&wdF}zXvBfu%gv-!_@R)=jAgk5dU;iGmlM7_>Q_YT{@Ec
zV#uZw@>3)1vI||2-b}_~3-5gUnUvaR%lEHX#Q3T)e}m@Q7uyBjGY^W=`x77xD0{hb
z|0yIzUM=42>9MH=u8cgbP)sOMGGuIQjNJ05#(YT6QU%n|C^YBj=fS{L%gQT<-*dZu
zdm!hwpHaEM>wv9>rgoZ0BJC!n^H;+7wIE-=VgL<%9!d4XH;R9};g+UQ0p^~06%BaD
zD`O_KxCkNg*O3SHq*#3T_J%L<r$UEub<-bXhKpMhm;xTXI^wck4uN1sx`aue>cw#V
zVJk*bj54#(w~&W4wiL?#j}e}x4?UgxOlhZYYo>VKY9F;3f5)vueGRqG{sC|xGt;MM
zW;$LK&2Tn{E-T`}a}i>S*+R3S7C)glB%w(!d5TM`;QbEKAH4}T*uErKd{hh}oPmnL
zqDXsX3x(1Wo%e%)F<(M-deSNsVR!6cz+@MAdm0>z;^JFdkUrb#Qr~+A(FhSZapIy&
zYO3C|z(84tS{+JxibKYcuN};Qe|fO*jGzH+sow<o`1;FUl^RFUn<VR`F(RF$RWGU2
zQ<9RbSC@ehJm>jB7mKvRF9IyvPxA!2nNJ{6j`tjk31x#IpKt?VJPvyA^!W-HFbjJB
zc}J$BqodafRhGlVD>2caLGyY$O%gX|mM{|E&Pu4?Yfx(nk0qCda+|?I5@x7^><dwR
zg*pl=h(4|WSkQYn^@T}Kyi;?9F};_=SAK(^77rukJ`(I@Tez1KHB1TfjZR7@E&X69
zov^901{s>8HXab-cbq;>wN1CedLBX&Gq5Pykr}+M|AaaYA~~$JaonkevucZ9wO8r$
zc4A&6UhM;>eOFckRL}@0kk$7fbx~b{U8YnE?=iJ((tDEihtpo~S<orkUTDa7q)Qn`
zi!;i|&bI501IO^(IeQ8;7wvl#dKK)Deqx~EdmeOZ1?+Dfii(P=zPxvC5vq`_!gG_-
z2UHEit|4kNF_rRPW);F06!r6~MZJ}?s&qE-f4oF3f{eV>+j4Fu84*CB>cCyNcJ12Z
z)uR6U92&h=>9Y`?bs?h#z){asm=T-@VEE%6x=n3&Fg7C{RB7nS*k#Wl?R>iwHhspV
zVbLpJ6ts~_lrB)my#dzQP2-KU*OOawLvYE=&CJaFxBE^UbjR+X_z^zSp0P~IZ~fzH
zlkNKEUnyBlc4f`DZ$xhB^to<EY_h<Tqa;6!<tJx(r36)qqac@~nXD^m+$G`ZuJoi;
zKbV!hHIqF_$&j;U7Jg(Gl6kWVPBsJf%A7_;hHnI6EGQ)udtu(M#ZK%O-KY2PO#O|R
z5eBnNxv2OxM&(cD>E{DJL;;e&oyc&4wRaEwlDz26g`4oA4a+|&#mph>Zfj}zH2CqV
z*AQ?Md@1QEL|p)6Z27}!Q-ZY(VK#y1>I(?gZL=YU@ur_gCT@bL13xEwLM|WfHZp^L
z6iSzT@>h`#asWrkg%d6l5Aq)o4igAbri!uOfxob|wkTx}6e)oUM~%Azrf8YEA){~Q
zeSNykp<$@!Bdd*#jX4-!Di#e$l8hJ7PXQT5i}T>i>4BDiU1adk(PjkKLr-{GP*;r}
zbQ7emLK}hqG8_-ntFZB%dlxw_8z20jt^K2n4iV6KiP*};D3e6?FbvJ2I?wF|Py)$k
zj&Fxj+$chblUv$IJRjctfwG)UUL_JQRqY^g<FSV6Rs*yY4L({;6vXGCbCtvm%dgNd
z9Dh7?IPGboSkg7Vdo|nd5ksXIb$D;Xv_m(^J{6a&<rEEDUneP@X+5OFA|Qk3n2u?+
z6fnvM$NCCylHAtV*vl$1gVfBug7UUTnWmq|8$>AKZ#bm~aBn2X`&hw%%h1W5mq>i7
zaQf8Z-%RcMX+L9Bu#so$vSg^0w%PRoM(4$e-2{v$ty=`FZ#4OwJPkXJS6;VB=OmP~
zcQZy1?6-u7Kg4`a+#SPyY9WaM5ozFhkpS#{ox+(afRB0XeqHAIDHQVNK#4^zEP&EU
z&eT!A+zx|~To*;hY3K=KdR6S{4J2zMg^lq_UC(j*`1ykR`pa|%Hz5j+E=t=JH8>vE
zqy>{ayFifo>==Dgf1=w(^bwk8%OzVydHTM6beYq127N2dSVgy1>D9}GHUipCATYml
z3xkTSt!=m25s_d|c^LU2y#SF#ryZz!S%xH8C5~?n8?p{x3{6ViYdYdvRswFUG{-n7
za<W#sR2EkkdQ63W*1;5}mvkHkjFF$ZweZZkBO4}nc=Hq)e5+=2-~;EiKIzpEK{Q_?
zK6qT}?fkmCV`czdDuZ%d1dRXj`-)n@8bD4#{hbQOS7_3;>uy}~kX}~xZ=j)}8UOhn
zpSd&Loc}miWC#qdOA8CqW1_6e-&QkHEpnoA{U@(I!{7c__0V118>7N5bfPtG<UZkM
z0<(5<T%(?zUUb0Ir#bU45cS*f>`v{zw@}AuO87vY)q@cDi=VmO_S&m+vZ|}Ae=S-C
zxAqpzf5aGL8mC91h8D)1k&jeLV^d5rR27>FZcwqbv`qLm^!)<#neu&w@-64)@Nz*;
zc}JM6#8*jA`*4i1>I_NRre+w6qS<$N4NM`|+3ziCWoU+9PLc2D9%(Xr3GnllXcP&5
zIk_Guee!mHMeltAFP&2Jct8Fj%&^0p!TP@=JRB}0)2A)N89pTY6o-WZkm1Ousi|Cx
z{dC3G4MQy}GMQ?sWzbH4QOqR1pY<T^uDkdxgn&E!z3Sk-QCe&D)9&<1R{fbf8HGw9
z^KAsuBnz24)s>ZpXhjjlka(Bm7hA6gyhDh4NxyIG+ILPXrJBd<yc|5P*f9le*FFt2
z`g6WUNXB3YNG5>m_~K*Vo3D}FpT<7+<qMlUC{ckLR`-T`c4oo!%G>X6$!s8>QMySK
zK3L`EfzN%?X~uC}oBL`<i}!Ajiifn}$ycBFd>6LN4W-4Lk&)3Xv(5Oh&cu1I+NJ!D
z50OY?qxk91Umeva@%pUz=sUuFynOlcHXFouqu{9dah}r3&Hz@%Ku5`*f|j)thP7^8
zETb#Z0jqkfwD{b&wb~zvDEIrEiJScC8)lB|dUkf*IAE2?9MAzxni6b>`=loxg*3%M
z2aLsye!j=2>h5z$9a&#RL@#=2zp>+<WD%vwS7?|Lu4C{L6^uwtzI*pBNEF&b;#zGC
z>+sjIva$qWR7Fxkf`v9xvG@CN{r=lec=y3K=DD9~kr}Kh#l>Rgb0K*AC{_56+X$bN
z4Ircw^az7qM%vlicR?Is2JqE#F@il{WCG!TAz|-b2<%#eikmPma?wgwF+aj}o2QmB
zoQ=fo^SHTtl1@=_NSvCD+>rfY;t30o6umJB6CiKq@$RAcbwB4;su*PQls{GNJbwYy
z*yfpeK49a@f`EvH{Q1+Jj1T`QEGM4Wkx3}M=qM?1cU~j(p^{V$sLc?Dw-wo-wdsry
z8W6f7z9@G-A3RkXXKEhk=Njq-4pYH0t~A0cTAa}k`^5@fB;k$-t~Z<k*w%tQepG;P
z_VWPe+o1K2#+>Z#c6i5_fBlJ@x{FnI@cE%UayPj?pi*@inMcl!G<@XxaU(Sr8vk;u
zh>HhLX77PaUi~gDh7SC`Y|JmZ{#EaR^kfvzd)_X4NvN6O_QwLFfbF<OeXs52=Ij6B
zs13=)=_f-a{WM;#7kOMszpLv&gEq7=K$XEr@y7?y9`6#)Bl4eCArV#rMQ0<=hm>K+
zv<C&-U(S(M!hWVU#+$zoIYPp4v8wLD@EfWXYy1jaEM2r`E5D;JwUW;mL?+6}P6!@9
zu3}`AIGjXRm7JQI4UTHC#$x!$`kDXx<z)72MPUp^99{2oUYofVWxalv{q#xF668hh
zv&9|@9X@fX68q%lcA<^2-F`M6Izs%Ku}%J>lsoRi-Ty%vM_;9QRN+kR{rebHaJSt5
zcoOSt!ahMS;rQ7O`RQxyAkNiN<@Bo`3BI(`&?(8}sA+`9i<%2cJtj6k>0T1jrenP+
zWs%L_McL|pgu)*_VSS-ry&J|kWZBx=tAl0TzH?{S_s?(5Y;0`0g_n@K!8*3vg84t4
z3RXv)gkWHGi@3Z<%#R1`v3XzgYs!K@zR?SKBwqMv?}_z&eZ70qn}23mvAAP^9r=Rl
z-IH7S=(x2;J%cuH-fX!!7`(M0@PtVzDY4=P>0GFPc6+~WC-N(CvMU1oq`O0itI(ow
zXc$Y{^chqx<ptZ2o8gnR`{~D)UG>r(Spy}+6T5|4!3nh>>v?<TKpxNps)r~A{ZzHI
z%moAl0LkhD>{o&oC9U<Re*Rz-$A3Jg6$)6<Y8vmsb@5@3d+36p*#Jw$B3>M4VxRO4
zukGAHiI)|&v*QAN28caLTp&AN`zGl^_^zYJJYIOz-np{{x-SG=a9+}AUMPRo43OUN
zt-o8$^-sQLRIwxIHAsZSjR5gqtO9L4a5)FE{<*^42o*jP*0&8jjQ~oqt`;wK<|5H-
zl%uqE)hN=2OB+LWTu{O`{djr1ck_C6#3mFu#SgI`P4$ZP(m{Uv;3c6^3gr6iPZKYl
z!c`se3-)|a#_~Uvf}z?K>elu-e-2PK1)G<BbKYvs*2d;|dOPUzntJcEdjY<=12DDp
zs?6C<9!qqS1Oww3YPFixuXSX^=I0{!KwIh0{EKYc4dc=Wx__mTQZWu37744z3?3&b
zKXyInw}>L;vtFg=L;cUYj732Tv#quD+P;1J+CF?RTV7rk6cik^xc}fm%FCDUpxPm&
zsOY&L>#J=jN3LFOrWZP;DCJY`L=!_sO>i%!yhfl+kuVl&F0Q%5rN%DhN;@J`nnPUl
z9CR`U%g<cko{QZ>0yLjG)}uC7Do{;ZJA7t(I)_GK>y|B1N|!mgxnJS&^m8Do`>eIC
zO`e6ngU<8s#%%v_5!oo2V}enNJMLk9$l>Z$a_#xBE-dTul)}L)Kz^pyRkA!dam1#k
zRTzH$&kN%xPO^$&6xj|dyIU8z3tQspQ41-Jj>*XvFz!My3e;P`@oF$<#Kau>&d$y*
zzU$wB$j?U!QV0cp2F}j;wsv-%jg41g<`kQ1BPlK^?+WsCrxOi2?VQb#dG0JR!o+Bn
zs27OSyuqoS>Oi3M$Hv2p@|LI8Pppa#?54l*z`WJ9y<1To2Ps+oIvN|10a0;jfRpm_
zI&sx8{}|5vdKI6Fux@U}jwE#-KYk2isROz34v>XUPEI~Hx3!jx5(sn<4{M<oy)qD-
zi7MW^hd49x9BF~!9J!&D!p669Jk*<VrDChDqmA5N3~Dd+9!AE@q9V~({llPLZw5)p
ztGKG^t$Z_vXkHF>b~1f~$xch-|9StI!KWByXJvJOl7O@uP=F5*-m?jiTykP!wXv}=
znNi%rRg0UX@<)4dUQKLB$7314<#pmWX0|6?qELzHKP@lMVYr*GDvaU5bD~u-Krc;%
z$Y)_L8eFXE*oB23wStXP650n0I;j42efe_zQ_JVipUuBZbK@$LQ&JB51&>gafBWBW
z`55({y?b8*D*yWB%Zu^xaoE_lHl>i0_Nh1=t^*!)x&^fjOi5wgJy{kE)1mDG`2T|Z
zRylf4=ZD`P>A%gN`*s7AZ6o`k%yuv|*n^^kZC90?2WVL4)CA#=h8*)t#L3W99b;p=
zS8)ISeJh(!HVpsaGVVoDc^!Z7`zto!D-qs;GTJ?<d|UGT7iO9A-s8mAgq0-aDx8+j
zhZ#f1Xd1?->ZPj>4@40Ew&XSHBf}}PfcqyLe*j~%LiS^GFfv{#fERhZ?0>)tI~?C%
zJ}&Wl{9oKliY7C%l10*ZD_2QiH2c?1K4Qi$s0e%cHve*x+4U+&I0UU!38OZiZaiwm
zVh{o@nf-U)A=@X*{0<u@9*nsPsFbqm(?2(u{qmh;oV{MhySlnkAl|rh=gxse`AhuA
z4>BC^vn1gTt<Jc<x0u?7_)gOmb%4dRJ}qT8$ZHh9Pi|;19Cr2<(RFZugt)=yYmo|M
z`ieT~SOZ7L+}4(soIrve^kD3+s{KMU@adm-VEu8yhEC7Th0ryQj*T6T2^I@{_L$n;
zeO1`C3^FjKdx^5a(wCUy%Yq9MLz)B(j;ud`qs%0tlpGNc>aOex!v1Di-+%d%uzlOM
zoHS#?U1;1GDPs3im6zY`2!Xfm9}UBQ>r%1uXzC_Y6O#;RlL}rrB`8QMT%>%-8Y&W?
zEr^kWgF|X0S9lMKOj@R7^;jn;lFBrEhgt;Uwnd=}BnPTpi=RHJ35JXALVQ&K2tah*
zoB2u*>ej7WTz7{HsjD=gmjnT0ATY4+zL;O4SVO3AGg#ej<^SOIH=z<~e}9gaEOj+C
zk|st*F9C5UB_^`Oz`HK{wkzmdFARUmLIx6=WnF!PDfqS8t7Hxn!3ePdv7Q88uBj||
z<gxNce+z@A)SX+26#XgM-a-W?ZH+s3++|BB^zH2IkOmEkt4`c#zPE4Re$WrlBKWAP
zt4lHapZwRrb=_YKpmfFYkT?{yAJ>5FV>%=|^$QwoHhG9sPZF?3qqq4fzU|PdUB5n*
z7m(AhzU+60<SN64`D;f+z&mN8i^*=&sif=QO97rTg?R+c7s#z`4&?Ya^U6pNM*rE<
zr{}aFXVxeC`kylff4QeIDmqbq29}mD1q21vtgSPkkddlM`de1-BpHC&vS4bJ{*{fR
z?x%3*tJN<yl)Uu076v8aMI<+z9OYf^67Q?s`^Y{8x{LYcLgJO~HRGN=clTB)3L&Kw
z2+I7GDET+D2Ghm3V>&*5G!F|4gD8f2n2)8-wAg8yI~;v<w_k&D;7elso=ystlyc2e
zi?{jx57$@{57}cIEK{1`WB5bd!U;+bdE}Tg3JSWx#dJ%x@<NK9T>o-8UXyrF|79)d
zXCsP>dkWkQZrtEzsT<8XHXY@TF0f!lKg0ZB)%ij^FUb<;o=gzbyVB*|aknN|_v!nM
z#zF}XcV+r83j>UW@F5f%^%Z7o5IJdUZ#O)B`m`JkA8uDhW@gJY&ZG9plP6Wc931s3
z>~H+b@oYHdKmRO78Ou_aoh_&iL(GO7fDL=R!y(`}jF>V+hDd;CowoDIU;*t3E%edt
zfiNpT!{!c=fK{Na3brudYmQcEyLxfsg1toy+&ntUnG7b*l$M^Mdp)g%(N9&&s=4Fs
zZ3cqV@PyHPGeZzcs+~XYwfL8_-?$*eBiPte=5R#LA~`APt%!(7a(=$EhD636UVm_^
zuH-%60hsW3a5R*9{VS~$dta3A;4gHO9E_r6OANgv#D8&uCyz*m8No!}U?ua*cd+8?
zWRjD!vnFM;vsqTFl6jfLhMV`}V%R|Ue{SKgz5Nt|4e~QEF-fWmJBiTUrXT@4f1$*I
zvg)q;+&28>dj6%oxum}qC&5h9FacvxA{pFMi5SF{Jf^=+)0Lc;p0tUB7=Nl)H&f_C
zLs<8Pix;B_dcO>F?5pU|4YK2(w{MfjF`A&GF{&CGrjH&yYU}Pcg$%^);~CTRO)1^G
zCkbM8&rf&Z+@pTs!`E~YZ;%I(J3u@Ok8Nu!yK|?^Xjhdgi5s)^xBfR=cZGR)c(@R#
ziM6c_Ev&I&+&D9$VJCirjlW?2fYOr4C@lOSa`L3v_3KBQ(Bk;vBKlBxnP8iyTCbU|
zZ?T`LhvKPXSt0%o<$J%7Jqud?+aTAc#Exwqo-{u}Wl>d9eEgB!RmcFNzk1VS?@xMp
z{D*@(^xFf~kFeTCdJ_d79)h=@pTc7jmFVCaZeifymc210=LvhS3y+}N%1z)|&dB@L
zl~Q7RS4o#zc?I6_pE||ph+HDBhaHgUK?Or#{8(8|Zr8(qzCFM05wjmD3BZlcPE*j}
zj1%*H^ys{g<l(wQo2>78()8}l^emj-M%?E(U|ITV5llWkc-aheeiZgF<!^i|ufwp!
zY?xPxOd-|X{`}nmKS-*q9o^%RATalk6+vQz@t^$8e+6R9e)JyDO7eANBpr$>zmAXl
zFf@fi3j>TAsH~}}k#FARb05nD<85lAA5>pi-$drmC=jS?82`F=ML#nJSAQrp_~F}9
z-u1tY@B_z0+tg~14Bq)?r0{igG!x`qx=Kp0-G2dW(lcItKmN-$l9IAg7%3?!sYyva
z0G>isMrJ#U%s4YCD<uq8AKMrgahq=PyYFrO@{pIrOfR!v7My;@Y*XV)#$A)jm4LFc
zAY%p!t+^D}2=g5JfYTm7kUa4pOh4uVv$RA;R#q#_LNfudFQ`}X(DS8k1let57`W1X
zAlla7Nk%BSAt5<_cg(NK36CGhB|J$fAzhN>lZXj+g826wuJRZ+w>^i!2$1aS1klyj
zrbLVOZ~KDnME@Rd?tJs+P22nT*X!!)l(e;FCHTjby{QcHVSbNkvH0}P^#_{{!;TFE
zHMcK#5)rwy!WzQ8sH6M9NIczH3rZ)~mWK>}EWjElDEL!s00>93^4^WlNOTf^V;ZWC
zc&x0rPNDFHg@w0|PYw6;J$nilNO~{l*7YI29;cA;+1_*kEJVlM2Q1LBZj*+pBeXyH
zF-F`z1?P3jauG1ie`bQ<lYPo|7so@Ac})sFyt1O=z~-nY2Iku8PT@CUs@%_{!y54Q
zD~4m4n(O4_BVuYS`~$SZyS-M@ByM}Gp+iv+tfDTnLL{(JYq71B>@U;0@i_m_S^0VY
zPOj`b5hDzWrXf&VhLrb4qRxuzSV6#%`}0B1emePLV+J)OxB>qC=;yatUsRPC@-G2S
zEHN-16xZ49QBBY@w)f(JN2_65+u5lGTq^GWEa7jEJ#|ot{{I2UsycI9%LNXGR%>p2
z#UWO|QNthYpaA+I?{yxfvkA8_VIuwe1-^3-L;n0hpEBH63#s~QZx%H@tfTsi?KXrZ
zegAHCLM|$hu1e7sV9ajVHx#iU?%yvEMv>W6A_M9kk#>g=UcCz*lDwnhRLr5O*Of!R
ztvl8d8&dgi+r;{6hc$N1ZcGx2JL-4;gq^}DCZENRkHpQk_Txt_D46ppKzfDizoPlF
zJY!K1DLQeZg4yzqGw#`NVt;dmiM}F~dQuz@d6u@04kPF<lp8=Ae8v)@ebN^eoB+2U
zhza&r4!(Q@!795rvx)4JIJjK?rH9Oo+laLQmnaOioQ7i&smdIabDwL)i*b85I&fH#
zmHUVJPaO0!_TXvdZT0?1g4${qVhwC<vyf2;t(u?ylci+#+lm4rZxDSvOD9u|h!f)2
z@$eFRukzm}M?x?nb&Zr3{oKmQ6;mP>Bs(O-Omk!ONt^JF+aR{BOVAs!0P<udnc3j{
zd9+6@X>tb<ll}W)M*SH?cDVbo+DoyJLCAm%?*XP7qg(ZGgI)_t$Fe`~I}$4V`E98W
z@j92ZzzQqOM+$XiNq1BIv<;@<?ciDV7CEK-f#O*!YTJlkNi=bP`$#Fpb@cUL=jG)k
zM@N@K-3GbQ9UeXZB^a|4EY|+y@%q;QtNe3&TC`8pZ@i9&R1$9(P6q9g2q@|8jR5$i
zYG@b_!I#MH*AMBcOpT4Let~z~hk=~`v><nPukA+lAtxFjGSUMMK7qw=3e14@%5J_*
z>t;YA`se-xS5Q<XZfw0Qa#)S$nS)Uf?SaJ=Jax(xQjxx3$EO5-rhNW??I*LJxkt4)
z9t>4mQ`1$on|X0@cl-?UxG9IE2qhq_G~{#QH>k7@tZq`}OgBl5J(1$FELVGZ^}PI@
zi$eTt4;eQ!WhJD+{an>D4Raz%6NzKjA8BoF9`Fn*9SIt_hlKtdcU9%&&M@=O1m5HS
z+f&;(0^<2d{2mx)#s3*p-#*0`!s2%tb~0l~t&xgoP+dvfgsefdU(k7W)W{xhF_=j%
zym4Rra=>lAu6uuQ9`%x-M-Y$Gf?4X1L?Xq5AXk$rVqj**=~4ShdxsB_)B4}*WTX5t
zF>!)B0*Z1OXqt|3ab;IjTre>=&ju4Bj%S-3@=HWw7d34kVu$1WVK67fsYjxTwHGK_
zuz)3WVz<u9#)xe2On))2HN8iLi0YUBV?};Be>%slK$7Gfan|>Sk3E{RV;bra)^3;8
zSvW3pjU!GQmO+{wD`YKyKv3cdHma2ul-Oi&d^A;x5M}MEl5Rrx@%)GFfFum>?}(E%
zCio>s={<ksQ>#8<Bu<6LoLLL_PFJR_qu$v}@4}CuTHPkIc+}w8{rbbv+KiitR=ny0
z_{hW)HcomM&oZl`?kQHb2-CctMg=cSLHD-|4c|<_M&jb%cj!|z_5e#AXv3C6>45i5
zeI02>W?0!yt^;R@ZXuIA=D;enQ<?=rxfStJt{&+PIClix=;Li3=fG&*#OOkDC3hqU
zssKp&{4IA05q;<X`1zp_dJe{m&aj>Q<aZVX@G1a@TbVz!5h_N4s=1kKHtXB$r-7iE
znNQb=+m5Y3>Te#3-ncxvQy;1Dgdh{4=UujEBQE(&#9v)<4FlDd4IKFIOOifcLSY0A
zAnIV~pt|AwzPOEu{hr^TqI<`YYw*GpF1+<v$I;9?k)`&Xzb3K1G@$$d(@f>b8n&$P
z3_{l6;F($n4{1QaptSbu5{1?W=xDD$QX-oE``=b6{{or3XaAtmK5?K2YDj*jH+Zgu
zh`ALZ<4(6a$<PsTzDF$*(uAHiTt}pkB8I!opBU=s`~nUSQ@X#ZB^)G>j0k>-X}@4R
z@wWZ_+B{$o?C%MUQI$X9^zz5)I1C(8+@^rDM4mv40+#ai?OP(aCdN-Y#M*##`TF(i
zg90b0L5GZ?{9*pK$JAv&o>;HbR(FOBr2c+`{#+t+YDrbqU9e!P7cY847M!Z-lUB6|
zTp(5ZOJ6A04ViwfyI5#&a?QY3m<nR9$yX8ff1eqQWp=>vH6QsMVx3G?fP9LQg2I57
z7PA5v2T93fAg}mu^(GT<=f7J^>~jodQ*ARv$ky@$p}||}9<!|9Nvs+g#$)DJ&BLw*
zJon#tZ`Fv^)M(HU=~PV8d-m)Zo}ka}m&hD9cfc=LN;$k}eS81MPff+#{>|^^iYP9G
z9Yj3uC-HYO>swnzkL;5*+ZQsT!RI**f6_elHmi^-#V7F_+XfMa2e-CX+xF-F{~gL?
z=Kq~OAsk%yxzM`;TX|N3pFc2>xn5EzgPDu}7BQ`U2x2Aa1FYT~YI=NZaCQ9`62;~e
z!Cxu=W_J|a5`{JsS4}ike}5u8hyUeCNe`bIy^TEupSpXa(G7bQ_K9lh>c&uQW)pb!
z24k_oR+Vw``w)sX#V;XXH%ORhT$3)8T)Pt2Yg}|UD8|3rl)wC$$28f|n2xqK14JNu
z+0oSWm{os&|5X!H)6Bs^1JFM_5)=GfN}k7%B~+Cs5br^JQBUB7v64S2->_=I;6Q_i
zIs8JWIQ(*LhUMW=Wjue*#ISE)mWKz)oPd^sEi?wmD<4*%;iGvC<uU)6K7lRGJ;KAs
zcNN;s+TOj>{qW(#?c>%Hy9f1s3k@4v=GTF)l@+56J<)nd1Y(uE`4!&f+LT%`5nnG*
zX}9^CIiH74%_r%l0+o;Eg-I0GK!h_J<_PB;`SvrvievG|8d#-LT>QuC$lots`WbgW
z13?Y1vf*1|p~B9yrs_Esx_#T8Ki+sA3X~G(S1b#`ucm~EYgddt`G+Teb*_4Ul}3Ss
zWx`01$dli|P<QU9>HiiJK=05dmO7(vFRdluDzQYq-$vY&AFHUuDzV-5pJspEYsBwv
z{=y<FEF^T@#l_{ZvaGCZ0x{910^|fdm)x2lCn)<=k&~0F%E;LJ->$klwusDurEYfC
z4q>JuBO?<cY3S(Gp@I|!ksuI!;JI)l3nemASA{KmBc)M`WET*<*8|kmgj1J={PQV@
z%dc_=^t3HP)<W_xb}_rtm}7CSc-0Kp_yM1Yks#pbQY8WTvfowJ)Epz|Z}f=}zs>K5
zw*m4=DgA!t@?}nk?A}IX!qllX9^3*uUPOKnHtON-u8sS?%7GQ~Ke<t(S9K6JJGd~2
z3RkK4LSA=Gf6?WG&aLgE$bc;vpOklbadYrOMz*q-Gz$J<Tqsc$>Mtw!yQM*9W`o`2
zda+mIn8yD}hr38jbKioi&40Hck%$h4NUhk{s1F4r*<WcstSPK=xR{@n;FAk#37rqP
zi@u0I!|0EcPe29FYcD>WumZ>Kk=S)a)$BGebnw3&w;$c_Y|LpcVqm;MpilJ^;tePP
z#0=EP5tk{3fS4iMYl=h=6M^~|a+33Uq!;J)YPz5VkwM6_1_TCPWY;H1#=%er3-$f(
zNf@Y;1pCdkk#ap;oWZye<o?|*{^idiB1pgU#()I7q%(A4b@K}$RUd{{fB-Qgd2!Y+
zz(ge0<*uI!b33xY1)7*uqCt0;g&S*Z?tKsZ04k1f6*NG7xb8w{`Hj4qAT2LxTtka@
z86ddFYrF!5@qfR65?=0NF^PuvVG;?GEnb5V;|Ssb?~%?NXxe&-NQ3a6_HFL$l*IDW
zobU;Ts<U0kyor2B0Ydi$1_qoV(tVML3;P%_w^j;gO1KZHhu$Lg>xl@(;6-6DJ2%$_
z<)dQ+J*S>IRB)%#8EG>qW`4(Z?}HoepZJmg!M{s$MGUDT<C_r~nB-Tl+9B5;W%pei
zKQ&mFA#6RUf2~)pVGvPNgk=5Tg0`xv(M3i}Qj)rA?$xK+%%Q@E1?`B*Ulbq>)d;%h
zy6gD|tSc-(bisDt8o5o(SSTi>16GF#%mb)r@ZMoeGGDWI^TMXC#iH!spOsCJ)>w$u
zktLe^zj(U8d;cDXD312NhqNcuXCYnqc|+PuG9H!Bp3#~B$IwvyG$7z`?$-a;-j@ba
zy?$+HDp8?~k+H!nAyU|7p2-x7O17y)hRTq3C1r>PnIke}EJI{YA+u~lRD_Z-WXSAY
zH+y%^bN=U?{NMM>`{6ksI(FK>-#x5*4cA)tweSZc=e&Th2BqOobhUKd*OIQf12psl
zJ3@;p!O4Y6a^ic+z|q`vzWi4f7}E-Wp)tG_434d3X?J(`TRUjakONm#8oUMJO0EoI
z5?kqFj?Q0N={HFB;j({aKy**<IQ7f)6W{TV3Zsd04A=}lAUa~OkqM<10ANFQc_bUJ
zg^+adN&b&~%|FqVUg&K|(l$!AMXFS|aI7qq`rb`e&1ri@DKYnq%`yaCj2qrICRdUn
zmy&ku`RR@wC(eI@zz_&U#lTY>;r4l_wg+l&v?@;h!Yet0LO==aDM_U|BMet(p<c<T
zk`2s1h=mHL9>?cmfG&jnXF=*-HYSipz_GJGC=!IU^tJG{`u`;47Y-9(rQ-~Bm$)=#
z_BcULBx6s{BFGn5YO3Hl8b88)juE&!^$e<pNW)bN$H7yfyZ@^Iy%WU(^Xj$h2s&sb
z7PwQ=u~IM54k#qFUwHv8%L<9OsXe5nz)##ZJ9dmgv<NV|VT%3mzh4D0f=@UED}4Xq
zg#0oVt0(EpV}uQ_dRO8G?`ji*5=g^QZ9jDgBwjiY?<ul;nY%IJL%CGlwZ}`YO>z*#
zwuuiiR~i{k?3BS`_{(+<!XV+L$9V@38y@i9cDVvK_<Oiovk@xH&%6Xfxm<(+e2O!{
zaC&HD#N}`;)MP1p3*~$QMP(1@CAz{@ut@(A!uLNxE`lYa1MF*4_*VfoT!8iWdh+e;
zf)J~GI9viUA3oSMduJ#m*#osA^H#CJGr=+Ul)pptioL;#W;vuw@F2Cdl`#)&&@f1+
z-|$bEN4V^n$G|NyO+|k}N^hl#F`qvSQue}Uo<57`KangAC{b(bbKoe!8&tBfvN|y}
zm1zElhca#E;I>8>0t(pgk<&L7!nHimVD?Vbu{0?1J`iyvd~gVwj9VC;a0#ZiMwd1b
zUv&GHgTp~P1IlDJb=Q^^P5Tp*id$ilVR<a>XtybNXg68GozLqpfbWc{c7}zQ^d+y3
zN_Xu_Zhv@q*cl@6OjMDRa_?!&7_dwrd=-wwiXs49AMO~Idv=v*%FAC*flv!!)6^@Z
zm4Bzc{`2p6^-+Lfcm8}Xq#9ADQXan;cXl%sVqsA(v)k@)(s1bDRDd`Xr-8WO19YJ{
zi~1H;%-!F3T|W}aa`^QR>?TOTmlTjCkD^R}<c7gbK-uF5fa{J&xrtw|U^r8K>z!II
zsM$3jon^1rcYy>>K|#SMz-5eWzaBKG(tmptr;&rM9>6_iEL>}R=w42B#@3xebj8O`
z{;qOoEwxhUbOoi5YRfHVBht(7#ycqXL&_=k=20*yLPA2QrW#U~EE^S*&4B?h4$z=>
zU;#J_*5(G#(O{p5ymX7YzPLLwOvLD(BjHeDq!C6SALfKUAK*vK_EkW@_(o;)JlqiZ
z06gCpoW-44ab>h`D;*Mu)iwIT8lbX_jI59(q6_pC`yi9>v3&Y`Tq8Io<ol?5zg^Y+
z<@o=`g6>qtwD1+==YuM{eI%Spq5h9bh^hmZ-^S54ZraFjLF|8e@q6L($Mq{ucBJ^8
zKO_tn4DsAus1fbCF3+Ee;O=K0<K!p{1BC`fFHDzF9+WgJ+2N_dbaqE4xO~=dBlB(%
zXk&ZJV&s`(5^@7x0ND?rGT3j_IREcX(Ae_(0vg_fDHpsJ4!*?jzG@VoY^1y8?7U9?
zJSh|I>iC71F`O#Fn>3|W#!j!>Sj04NN8k7}#m>XkyXg4JVpVraT|FG`j1$<qJXI*y
zH6bS!RuviMRA0*%U1Z33->LIriM!YIsUP*Ji=G^$<dn3Wn5*kZh(F*unEHjD960^v
zR(7Y`P&}+WcN*|^kg+$>H>Q5HQjyBK@X(EW^&8vGIZG~Xm%HNOn-Q0jn;RlC&IRUu
z$Jgn5KGZ+10K3{zfK^|9l8#1?SEJ7Z-whA<+)bqB09RLq+qW*atq%IH!@Z(SYIDG{
zzlH8A8}O3@cs%^dU`EVsvj2fmu|HK9UFib!pUZT>nki;UWwYRF6&a16j9CGn$aepD
z2TkJ8f6d|Ve%QQ6hpoxKNKFh|+b>@EYLg9>wP9cH?nq-6<s!lg)Nye}wzCbLeMr7u
z<0QmQ129%K=pb;h13W9eg`l*Sj8b$1a}v0O^Y-FW()0PxWmfH;I>^Pdr;(hroF+Hv
z%{Iwo)oI|uNJPy+WyarZ^TuEoGWU~)0CTJ>R}hQEtv0!(nO?ylmgQE3OE8<T4f{es
zL8PiBDE(;{{%!`VJB67d=YDeF@{cdhK=*Cw?gh8k0<@S|Q-iSN;u(cMs_7MRj3(BP
zv%z<WhsIC|cX^ZzY2seFG1i}bMj^3db**BONz1!y-`8+>@$1GM{aTwW98tfqIiVCL
z8v+DZ5oMpjcojPX3&j(-WzDylb${yq4KkQG-_N=?3`35czMTzJR5XnSH6^uhc`ND;
zOzDVn$y`fDlVtIDz>kBiWF({p+mfI#OTYRM^fbpq^PXUXvRbk*yVU1O+hsj2ZI^bo
zX6%5@#0T^ixN{3ISaK<zTP$6skQ|@B+a&tW^Z%2ivQuzx0(!}d3BZpmSuWdzI<4cM
zmvhy<_sRp;#NfmPTtn7^o2jSrftN4yY9CxJ3$6%Y4LNO|(pmt)#i-I9qU?VmEen&S
zCa2Wb_zahYRYM@bDY#fplLc;qydlMio%y_p?;zHxR#dq>-E?S&VvIG=v50J%APRCC
z%|X^Kph}KhnlD){*xL#n3wTWB1J>a>7+@Lt;2LmHJs7%4ATxWyV0i2??OW*H!h{Ed
z7t!gpyqIc&ZQ~Co4a=Et7lYdle>s!?xf-}WhFh2~kiQL)frL=RCvR~u))U!qMfA+P
zck+p<eHCIhO-}^HrQr-Y10U8CaC#LmSvLZ$$&D>IOtJxDO#N~Hm&7#|U3Ey%UQa^G
zuuTfWtR{)J<9ItSx>kRVXObP(aoKR0EfG<K7d_Hz*r3p8omIDAK!dBe_(!$C&}lWR
zXirzecH#5)_h{E&;ftl?)F~jH+FI{F_7!ffKe)Mx<=zt9%1!`@6hdrj^lwu?1wOn>
zM_l^<sek_GTtm}JVRJ(erKBKjyPk^E)A)yKKw9XzT@0(yA|DP7%~ZGT)_6O;bEEac
zrEZ3L!B5q9iObim5e-k{-#rE#ZQO{|(DS><qvUPD61g3=DU)!4_GQDjwz-YEJM4kX
zLvWK5+zAypq?^=QDeKtt#u?be=x-i?Zg<(x8KG_NSwJ90kGff1D(lkSe8YGCR5b!=
z*+;{@mS*u=)dlY^8u9#Di~i49{As2!vgB%;ZSL$ixc?k1q7C%^OjlE^VXhR){djNW
zx(5)JHbIZqh&xg}w^Fx1Y0X0WvVril7-y31+NLx%)vFj0QVwX44i^rKnt<K*<M|Z0
zk1v6`SJ^Zt=`MbcYt{0A_GOvo>|ccVeSjw|D`$VLeWeq$S9t<^l09a2sLJ-SH)FEj
zbJm?WEaTe}AIONbQOG+o)PZi@Sso24KSj909;%=Ib9>6Se3B>D0{rK1okftM^{H2;
zsOj1NS2JR;(WV%PC<nkN)&_}nnu9P34_Vj{aG;{I;m{htU?;yJ<|$5mZ9Fxl)kFKQ
zDqufoXW$yF9u&CF0ZGM)vUf5ZnLyZ*NJew$8CSBnET|b9=#w)d-tM+hLvdGg(yj1Z
z=mj8K2iNE=)6(v5q)jTu6nTrKi1a|x;y=gzpMSIIA?Ako9_>ew_CR$n?m0J^>TB6~
zb2IBhMzc%Z*+6n*DD;Fcrad>9seU*jByQu%6L5WuwDo7dPf5Cy8qkIAJ#{1>Xyl})
zJOKg0l9Yp9;rj&VeE@n$s_E)x=DLCwxR@;6{$V_4W(jG@rNyr0B77riu$~Q<7!oLL
zPy>nqpp4W;(FY!NLFt1IyW$=*W0Ps;Jq6M-tNE`>$HSFc;S<mr&07>$xx7^6;n+2c
zzLX*%ErJ!Cw*Nx82CV{ew%(BQ$UUHZwaSOcIZNgV2Y`gWgJH-Dz6i_=4;C+2FAl%{
zmJP0aBG{HKf=6~77ouVQBA*s=ZKn&y?$+wsV#uhP4W#e^C&;dlYCh$nK>aP8;nEmm
zA0x@@u7y5H8)!Wm)yMky%?1vSy@<eT0Lc7nuDt!8jym(&K<u8To&t19-1CZMhd1nK
z{x;qK0>hVVzXi+u1BzDEBtJUHpBgTv`FWWo3Ug8iq-KNnC&krG_{ZZ%FtNOcKO@rs
zFFD}`SKyD{*gdfrr>p36=Rn`vrBrB;WdlfyIuJ~pDkptVPEwcG3X%B3iaR?@pD(G0
zx}9L-jx=VfIYT%dm;g#jtJb$inAhW!w!Vj@!Xt{evIo#eBFGuq>D9aX!iHUT>-J`9
z%4su;SRClklIp&Z4J+IxsHd!~9KO#|E&PBJ){tZZ?)#|#kDZ6x<U8e>?GxZbhA!Sa
z^{fMUufo8g%B&Fq7-0a2QaDl{=LwULdeYL?50gEVU)#Ky9dPhckq;Iu2I3Pz*x``c
z6zhts4^3>JW<wN}C~8r$Vw||Sswu6NNbbF7ec5<~dZV>#){n9<vZa#i)LU0onTwzf
zTfKkJ+55XStG`Q_nwV6Fw*=i$;SX+yKF|-r#2WQ0mcQ6{I7;i}Rq|FayOR+9Fr~Y;
z7#PKaC3^BDrE+;58m3_qWqZB=OmYZuo9y~2rn5om*(9)qJEH5;0vD<%52xo3Cfk6s
zt%<lz6z7J|?}4UxC-XttGw~rn0-9R(ROu>a1Z2E*X*&zo?>2sQ_<Sx*O|=3xeX^HT
z#HNGN;Q-kHkCT9(F#pAhgjvd)N?rWcu6^|Nf<wJu&k#JOD)M}4t2@xC7UG<TyL9h5
zB(N4_ww6|ruUGsGR~}XE(qCc|?c_k!dM+K7dUP!thUhx@4ajla%1MLbKLgM5vI^?r
z>-OcYa;91+hsW4qLzxS3{IzQYvot!uox@+F77mqp{&eV=`heV>+vc<ia?nLo%fv1%
zrwO>|LvPY>m<<jX$k{_LK@~(V;Tk2;dW`22bPF~pNuZ|X)G5ZW*QbIHTFnu_z9tn%
z%emJb*As-LpACi07u@5|E+ahx2eDnYB|gL~zrkJ4?_ea7PEcg7QIyu-L4J*OA78j0
z9q_DvdQ7s6KO9^=bmaHyfCojkYebqnTp`A;`~xLhC+PK}`Xvxy6>v<|5D{SJ-jf#%
zc-^TtTv-^e<hvFF^jTOp;3LD6QVRwZgW|Gc;86BwemBJIOLJ>)-}~nlcqAPkCVFgC
zbw6DwS)3lyTdv%3@i-Xpv`q6Y3hg~6=jfyZ#%!_?OBRY*bENfqxiK*+7%6-u?hj}2
zUjzf^Mt>`)?@QHvaHu~$NYIXc#L)Kk!?RPbGr3v8$G7$65C3{YyjL3ftf}XJzDAvC
zmkPX<1Au#}KuA3G*6^JuwUyxmJu8CdyAHy*e}*)I9fxDg11r%4%*r}>XUTz(_{ZB}
z)g!u=`>ycb8C-#JG7~qKM}vpTB?APQMO&s|n^nN`o)xTAGzVIy%lRl|LRHk~<d7%Y
z0Ulr0)owQMLqFIdE&>~f9jdM*iNu!|ax>3W?TL1lKGau;0yi+=0;v62RHyq)w-54B
zbk%<D+Of^z3iupNP)4Gszpwzk-yU49jNTP;d>=BCyQc6{F-e1Aa-RHUPry{!l*~D9
zB_Smf0Bq@5XZkO9@n1b1j3q^EUIiS9Fx2d761aXW=jG#cl<B`Cw!zGznCHq_kwMtw
zz2E~hOaqC>K%xye@mkQZ-fR1T3ui3%=vftQv}$d?#sd0nMYNJYw60f=_K<Ja=6tk$
zGR1r`xo6wK>Gu|R5Y-P)yC}KLoZl%90IV!L>qfUl2DojSfLiO*x$<ggzb-i6jaEkR
zWy3=0%wsuz7yH8T3Y+_y`}xQZAC#7E0#Rz^lbZ99Ti`+@mID(K`HyG~jv%i4_M5wT
zc5Z*wx^$?{2H;~Y#Iftz?hqz!bF|%}m4t+}g^9L4wfMQfe>x9;_cuD8INl{kX#W<E
zSTz+x_Z?X=tiG{~<1Q}&ue^%Y@B0WKP7?@zgmesFr14@y4)NImJP@5q+1czSw>@$)
z;@pd>M>_gXUjQtT094Yu(}4RkD&ONXZbPPTB(y^^DG_Ek{QCB`Jy-)FKg6)H5~LZ=
z`CqjlXNV)U)UQIpc0rN-jeR07zucpji($$IXf9pPr4htRMA6{gg$|I2`vznqPfe^H
zyHMQ5_<48;ANk{|(PR$rk38A9ZTADQGvBsy?!};^Pd)<l`+qm<ze<b#iO(Py>JY72
z8$vw)1Z)w|pue7kJ)%Dn{@mQ@^=8Ro{1sJ_x_WiqNaLx%Y--x1Bn<slH&7b*qv}Eu
z>f<pW*^<anXfK|Eo*y!cK(eU;T}AZ6q0aV2pzL&^7tn{Pj~D47w;Z>$5qzMAI%9H5
zXC7LEJ&4o%$_E95nhehoJDYL_BaJxaKrI07RmV-*5Wf2)8t&X@71d)S&OJ1QPCJtz
ztBDY+6?|CN3q2{O1XW&wBEWi<2iV-eOsL(RrPu;4Oln6T1hmF^SoTH~^jd9<lZAQN
z+}`!DU%WUkOlXTU3fB43ySkuJd$zd!$2{3+c7~P6?Or`~pyfm31c%|J`O)Y*(t}C&
z>Ro6_NUx)#m$#IzwKi<vD@FcI@!rwbJ~Z0nUGGJ<3zey&VClsM7jFhb-UClqNa_&v
zJivDG-i#)^<&UbC7aEpR7j_QDD0kONAKNLvb4&zBnFwCry8$50t1@ec#A?$mI-bl7
z)X`3>+#BmNU1Pqq4>33%M@~l!2W<W##)*oA^b_@)ZQ`hZr`cuh2T1cJ0K@x!A;7=d
zY0BWX;u*u>%m@1m1|$81UL2c#J<gw!dbFSa(U>D}UnK&Uz2`%<h;jNL@O;JU;Ew@F
z$Y~>xD3MEHS8e}!a2P*r5h8sG1d@9B(5MA}Ut2b8$2M*Df$jVt1D;ty)}7F_A~PHK
zSsw2DWPAshX55<~_z|la5^cR?s~UP!e&N9K!i1hjT!X3px`0IGau0Vq&_FgOHu1q!
zK0BcO_yDj!e;*Ma-Nvay1{0HbMtSqE^85EPjxiwjl@He)=AO=QJ@;JFW%&JbzUjz{
z;_CNu?WTyt2k*^f7K#w=Y#?%o2foZbyL=A14;4J>WU5b1Y}wa}WxBQaNmo4S;|myf
z0!;4ZNBc-^klqA(h$yNpC2dGs==z1lLpQAF;mv-_?e}D66fA*m>pE21cZ4=GFD^ZJ
zZ-Lp)YY%k!oO<5ej_Q<#Bu5is{t_&0m+)YgJE?p%>j7i%ZaG*5`)^Fal04+$xkUdf
z-uc5oC?Xabffyso%+H)z;p!wS&^!w+j=+H(0F62_IR_N75!`|urhevTsSufXzeZ4Q
zHjwyExrYCQ7>fjA)a}Q}<^L4({)_Aa5cRyl@yC}c<GTR^_{2m6DmxUNdVSN<dw*=G
z$}mu~*GZ^T*;L5Z@vi?dn39ozIAf_V-C;YBnLLq{Q|~QicTUmY2h%``05&&}q?+9w
z&_)*zjSTRa^Y1`MlZWfZ*q4QYtu_w3w1UXw!Qqvr;E40JC^Q_{f2!;TeefPXQ;$HP
zzr3P*bgB+QWbvpA)qLLgUZ2q<SJbJ=QcmaFx!O?C0f@QN-i{UA+{v@EBS+2ZJkuPY
zeRxCDbHS*ekCu;C*uGstB?~{YBA4DNb6A$>_jhpD&c5XdeA4~er(yaYG#7L8Ew$@J
zP4AHk=)5`LNlI>ufppD!##gj!(x9}=w7B<1EEM9gq2-_mLryP$fg{?4oG7Gm=nvN&
zl@F(zDTITNxtQT-CbnMOTWrG@iy>}ue(uJct2*bS(sNo(Y~Cp{X#xUg^&;euFSDX(
z0)x@<=ec@CAaf+7G7!_uS%Xh0iUY?bQ}5OsP*|!W`eT7sug-VS9xTfl0vgxBpHLIx
z=^A%T&5tSsxvPnZH#DN8B~p@E7<eb9QG|K|jB~tm`;aKmIw|Kv;7DCrK9dU@Y1SYh
z%X#Jf`E%z+oV9M~gM(FLKmT&7)f7K7-do@~+9*$>30!|~&t`OWc0K}X=(sXb1U7Xz
zR_>S=$8OlhxmOCg2EE^t*JgS)Jt_q~69vI{{^Xl&+Go7?LZ{U`se@mEOe`F{rnKQv
z@KMY%g2j73LIY{pPrxgt$<jz)&sNy*Oki7o3dZBSU(uBAflKkhhH6NS84mLnd&vL=
zy!ZFmP+j_;w@0sUM_!A*A#7;oBR8JLX3`U6x5k@ek{%fkv`R$21dEN842pk|gqa0G
z=^T7F>I`n^D?=J|8FhGS0<C3go0|p9x?Rgxe5pb%M}W7{0XV1Cfp5TJs*e1me9#b?
z97`e~XJw*@uNTEj)LwEx1m1*#<q;P-$c!P_uHl8oVzv!FlXdJ-2RMCrFl6SJ4tm6%
zDf(~2CY%!EEzFtW+mYa&u6GXCo!v*Os*CJ*n9;ihNGhsP*(hPes5}(juYh!rZa3Nv
z?PIPsSYgJOTtp!;r*l!0G??L5>><>i{W1PMp2K}!0(p2zg#gBW)tpj^v7tcrLmW(T
z*}}Zuj!gQ(^zPc?o4j!yUv6yNMit`Au>kzW?I?7%lJoyI0_?S}(!i~+#&R^Hk`1`$
z2g2>r`PeQ3a($+4sN*~MhuMJrGMW`b0<;MX&b>vMvT%H&wn*VmxI-WRSl*|;NqJ!(
zPx9$b5UQ*lMmOZ)VC%VqXiFP>6^!q|X3%co#GJ&C10}J3!-$FFMa=ro+-nmz@iYv%
z*fKC{V%^2!E_{WMqG_!AwOHVc8(?pPlRs_Ar3#R}7QI>M+Xr6$10{dvy9Q1EjZKIg
zEg&av5n8>dg0Fbm@UH!2|GRdx)b};*{hCr)?~L9rgddI>x-t)kbKj0jpK%OfZXR+0
zwWY{&8EydcdEfhe@4O8pU`o=*!ICCUPfyd&_r^6q8(PsiFaS1TmJe0$GTa(%Ljr4S
z5F-`ILebQNV;^692ABC$xo8IZ`}=uQd>$Mf4>+-Fy}|cOV2w(LDGX1zw9w0?_6aR<
z01ICff4yr3i<NV-^-DOu@yoN(%c`K0exA)>kUVE}+)+{b>jORM9l0nU0r-|g3e_x_
zSjJ9P0C4jmlP0ilDXEmDx8790(7!t5#D_Pxw;hxT{sLThY7u8MRb7v@joCRmh>h-9
z==E8qyv&$8Q?5AP@nuwTM*K+9ryR;_jLTb3!TU6TXZ(WVA?G7kF)kE0#8QS*F0KR*
zzqQ_OjJNh$&}ZiXESXj0N0(f6J#ZYwVWEtmw^FZ*cn+vXkw%tx*UjXA{ET%}aq7sn
z8GvR+_0tikU7Ytug(Pb*JKE3BJ0mB{Un1Gc%xiIK05T}`q~YMG8%smNM{n5l+?U;v
z?Qc`;?CZE4ppl+y#|AG5#S+q9bR>7-QPoQ(w~Fo|-r|ty=5$Ep47*$M2~llD^oM-Y
zZ<I^M7he{<sMv1z1XeQbL#$H#@x<0Z)LQK>BJHf@UP?m?+XPLNBN@#-#swp{vs|NK
zI{vIR@stO7xCyAEry*TmHtK7AMiDt8lT6$KK6rmNbU`)v&b>T10H$4Ccj|dwxt?F_
zq}xS+y&V0VdKS|quaA@cKmlDJ{2}f-{2sA>GUlIvJ75RBC2GRn0%#SAS{WT-qI2^%
zm!{8Mh9rpkit9EQhah@zF+5z49h&MzaaiP528lRnn;Xxt^^sx7A#w)(@x;7YA$z1y
z^TB8}p~wTs^Eqnw1yJ5rI+ksRNQT4rzdw1stVZ+&xROuU*8lf`M=f{I2JX0%O5|)7
zffnRisFj>OwWh*`%U83c3XQ8iWBqNw6M?=n_G-F?+!gn8DRK3pm2Ad}4e!<Sfv)|@
zd-?6J8kxOr1jPQ(W!pAy1Q^V+aq`*yO_i{^cMb8!!wpUXRyCqO4Ep)ID!AGgqNRG=
zrvai4g60*2_kK24{;Z6<BW?Sl4Qe=+?s<1ktn=c#?gs8*mRfjD^GYhnL4U!Ni9znQ
z9kMaVt3gq}-tg3DT6u}$_^8%`saOGHc~Y4H#k)?0BJGn72>Pu2WUx^@vJ`AVDEJ~d
zS`*1<zE<_ziQ9Yr&|_ZvOkdLlPPSm_-U`vO*m3>1ym!dT7A&5UeZ))mxa!aXqJ>TX
zMH8zR4FKa2Uyl5mbBNgesQ#l`(}hy@UJl6DO&_ft0IR8?%O`ez{7llNGL_CAzM}|^
ziN3kj$$$3S;WQ8{K}|rtAIdKE$}RD@dqOZJSjeQE;%l39*{>MUXUm@GdPPpT>CRP$
zzR!6D{K#1Ty+{3L@Ft4lM@%1r$0@k2YD4e#<WR=Gku5)JqW!Awy`(fi;b)_*$OR@c
ztc=cyrL!u^oc8JiC1jK|{IZmk`pJ80R?qUzD&Df^ec^Ukt~!(!hyvijX0Z7wU-DTc
zmEC3Hmn9mH_UUL>0+5KeWf8!Ar^sid@Ex^)Ku%lrINiQO-8Z&n>bRMk4l8#-$wI!2
z(6vWM<uC?~s{4%&jGtE_|Ke_|`+%2p=6Tm5KoquI9E~AE58TeupUH<7P)(rNtma4G
z<2JB|#@=cQ;*!rFnS-!J6BTz<v5V%;EEPgv5G<`<Nrxh8T?KFs9iPU>?*hP)vG{w#
z&v!kbl5aiH4NIG;5MF=mdrURk9sEYx(121nX~C_)iLIrqFIF4kH8D6Ei-0`$ql)7+
z6(`Ogi5um`6}Ot$P5s>GJrQgB6-sbEJdLIdt*{&SyE$`M?#f#cdyrUrLm}8$^;?vM
z)B2f3L!7-ftm6uIcRf57i#J7$YBGHzPMGS`1zhdl9dY*PB>|dCUqvRrJ>|3P9e^lB
z7UdbjYB#QBJHbCP<~$Ond#N|r$gGM#fMJ6;&!$OmBxR`cYtzfH<Fx9V&sAJ$O~=*o
zK0|<sC2T1h-CWhr2NhEYV?6@Et<h39jn`W$2Zhq?cVyvZVFpVahkuf<$8aV~_PN(H
znVx-4?>?%2PWQ2BnNLy9Oeb>}O<b&{zO>nyyNXRviW3RKkZ!CMU>gQipN{8GV7pQ*
zXgtXK;u>bQwfLhpZ0rpICq2mr&B2!`6TK_ryXh$32vU;J)agtIxQ5gecip5jii%_q
zWLjjHU)vDaqeZ7O($Uiun)HUPZNv_u@5Ri<Z^LEDo+J2ia>@sLp!)Jrbk;`NnGlSA
zvVW<?xSoH{?mcC=7Ta<8anLsS#P5)n_=F;=cw`#%g5UO^0iQ>ePFB!<{6QS#m<zSr
z`oDh;lv|Rb&UiTYAQ6GUDVJu?FHfJ3$_KA;vFmJP(bTs1#$F|R2wkEqr9K%9)YAB}
zc7XHz!l544c~RW5`axM&uZ=bkOxw1zOG6-^53Y2}RLjA&oyf1$UryEa^A+E*wWaH<
zHD88A9`*dLiBjyiouk>s!}aNp>w*nU_)@O6=Tu`OS-mA<eX;CK{#21jE23nFFRj)M
zbEwBEqW63w`aDD2gl7XpDK*Pyhj67QsooS%C9#L)QYr#(bjz;IeA7wFQ=cE1(98H1
z4ZpMU&=$%;=no$i(^PY8Ly~kZSnot|<{oyObNvX*7kp*rHHWLTl`F#`KN|m1PmjQc
z575^-`k^s4%szu-Sy&+^Q;OWA8Z!#^hyHMD595#{pi2!G+=jmfo;;_2Ai%|c1B-K8
zEHfU!(R&8&t(3IP9=QCCD=7ehk*6z3ZU~moA|HmD%zx~QBy`bB-Xe8{avAb(VX?Kd
zz;@a(lGAfrxofU9_b55F5$I+1%58Guqo8fQfAVl%2DicJ>;h<`E7DL|<TfI5g~S0e
zzzNXiIs1dfGBn_ehlk|rS?`nEdn9pu@q+7wzXgv5D}y)!C$-vc?Xgkly6m^tI`6Ac
zMJry@EMuD!Xic)+02-Za7FPI|!26G1VS>r?Z%SG;^h00~O(8YWsuv`dQN~iKNGX=#
z&+@7cf<n;`aV!k&r_H~>P#;0=)4MFXU+jo79eIH7+1Xi8v=<ZYl)?AEsSuN7XIamG
zcauskAcAGX+~mo-QN0(Rz?lcRysb{q^di`~DCq@Dcj<Q%dYW)4#~#6QAGHCgvU>nz
z8|V5cVPuO%e&(V^P1@krYbD|>BD)s9UvwYYmq~LM_x3}#562^e<zYBsQBXA#|G_s5
zI46%mWEha?#lhXCbDWuP?f{f9WMb?(V;hgsdsYiX^kr~>hcs}NY)ilXRel=lN0<A;
z+Fz6Vet^_@<U^=tG5glPj+8uE1kR?Xg%M|?I4P7Ve58F7P=?Sr3hoV=<uoO_KMqxU
zR7PLgs<7~xEm*{76U)&iohuU&U1uaQ?~HD!_YSZJ+m7$N3we~<3p~L;Ipjhs^$t#h
ziXXON0{v6|Y9*OBRsvaFtoErv6Pv7DSu7Yc6r@aoK6(NvjF=C5M+}Tk1n-8d^HdSE
zwnp_gPjl@dCNJd#1-s=3Y2Kl=9Z)j<Mm>glW`)9^KWap*45Tc)tcOedi_*t`7FJ_#
zh(q(UDZ%60ScfgVuuEo+T_^TPK&?pXx_8jwTQp`Ot*;!M=%*>?0ph;paFTrAgrO}%
z)xr!VuhQek=|a=_8IU!Dn%FJxu2K?f0kps81nIOn6|7hC>k2%gAvg1iW(9`NPzzGt
z;i8YMp!A7-$!y9uV{#eW{2i=2i+>i4u0UZ?T7I!Ay6XnPKOCNPBUg(f#kLJ8JbnT}
zc(KD-{g?iWGnY}D8aybBPfs(X`hbUi__?k186K3IPwnzx19f<b>L9>7uK<!~TaegG
z3PFtqr@dLvZd)i6OP+b#bDM##*q`Ia1f!%8>{H&;aKJtUu4wMq%Gu~aI==HoUX|YE
z!r9hN|FtDkLk&1-j#YRiLc++Ps+KHbyaTm-vGA_#JS6$yY?d?VlSFW4({tsAdOW*p
z^N;PmzOyk71BC6;;L}r&Dm#e!&OGQiE#i5j9?ZlvyLLMOS6QdEbWbKVPlJn{0QYuz
zs4FhEaqr~ly+f+2JCfJTSnlI{{k~{h`l-6_bH10+?4zcql&7lYw;Xta@9u8Q35V1Q
zRLj*<sWRlgrSji#@CBaDLVFY<HAAV?f+gf|-&@{%yE;O5{H2IeyovOkKjY)H{kfQr
zo1mC45wiSy(jX48nHlR|{9bb#?0UZzWYxZ1`?F*AFV;Sb=`C3VG4n^o0Bn1a#*}u`
z^xXX45AdHwZBvYOY`(m`>(U?`Y5Y^&np9KR0g6@<#OkHuV#c6>Sv)H9)8?mJw*Unn
zQIMMtWq<wP-Kk-tfKg8rzo;%MyYwV!pc1g@OCC4G<D{x`OBP4&k=~+v772NP$0bP%
z?GhU8pUPtgEy;)cJ|I6_DPX(7rGef+xq4ERC+QG8;juVm-oSsdVq7<709NO_zNna7
zH?(2bgc<<T?gi9z5jl(AC4nqryH9{Guxs|fEhy{)R5rEFMU<c5z+y@u?3~y9rm!Z5
zmOT6zCuxN4C!w-%T}?4kxp5OS%d9=&@efV-sk;=)v)yQ{sjT*oFRx4Jq$LGtz?o~O
z6jXS{BMaU&;RemVvN%tj?|y~K^L99tk^q2h$Uk6$f-Qs>Bqj%+&^~_ld3k0Kc2ef-
z`)BO)0S*=(f%Pc9#-nD$?RR?XB)c?_>y!8ywK@+)={l`%2(05P3tl`Y>Qi-pPvSA3
z!YJn^)d4tff(tVI-W4w5q~wD}5bs=RtA9&8D4(bREIj#pH-1H0Vh-VYs>A8tqviux
zQ(duZG8=X{>mW?8reKUSI%>nFAE&Z&b7_9uI{s)Ku9$Kd^y2{N$6768%V2{hu<k7(
z_yU>z{ANqgbhY}3H_FNdE<)bSbpX1QXh7FGlZ>_nC>F|cG;?V&;42H4$pP?PirNOS
zw{#n%{=Ys$g{_*=vPENa0J=Q{h@7Ktdd{&HQozjvp~SShciU;yKBM#Ow+|n70`V29
zXH9%<Vrq(qdaa|E&VlVw(H+s}!NgpF%^$ir;vY#k9F1vExkUpNb^mfe{`eLDp2nP5
zEV)F1A)dZIH8S@RoV60n4HD#ere06la(Sx7=x0fmuoX0&UDklEmY9`9H2-Uv9Ll4Q
zpe3{o_<2GD9pj6W06S>uzRXQz<f@|-wa@Fm8MUPyO6U$66dngc{wAnFypOU}_5~|J
z3F>)R;|>J|hWU{Fqsl;?B(=L{>n}?0U~&q?3_u5$10Nc(`n9MTW>f#WIIEXhZR1y<
zdyEz`&#GEmAlJU1Vi1sx6Q>LJs|NTI=D#<O^s<!LmC`%zya8*}7v%grK^r7^Vz%L8
zQJGX-s3;G0w}N7JQjcMS=GR&`GZ~BXt~lW5OMqgilG0}o!6qUofM1YCZowfOP*PM{
zkv}4r>{`LzO2?!0z+(~8LXs&@E<=??BB~DkFi|hn>!0e2U4h>b?r>3he=;+N;~P3i
zc&LS<f*^#}6pUPif)MqUgd${DGk+qaRq$kZZXWjd!43%f?p*<;k@!?EF#$g8Q?z^+
zdj7^F!mkDCBYxtiPL~I3_7<UX8i?OtoZ;E9l~czZ-0Pg&-AY8Sj8`2Fk)Z6JZEMVw
z?8H&pYCSr1;1e7aV}_i7{T;l}VD8keDASY;kS-srW@f^*Qv(P58Ln~wxr@MPZ-LI3
z4U^!*B!XHzKY-5r`NDCf>7RfxA5_eFyF8b%j8L{J!6@baeP!RqJKx^raWA~2AL`$D
z`XW~y@4l_U{61TDghwqyd7dT1uHJlv@CTAq%ye$&s`C@hPx=sqy&;JDM`Jy~CH1p`
zqQ(eI54vmqqgCpH&lTqI(Mu1em=0IB=Ln?dai4=#ZRbK)Ao8Jfl-dV+m)}KaR&d@z
z3UDPY17%cro4P#_!0AQMDXpU&EI@X>sy0kXx-~d9t?fWjZi>W^-$t&gI4HktsGy_y
z=$+!QtGkvzX7C=kys>Vh;97?pIQYk0y76Wn|6|mA_NA`n1;{;Xp!E546N-{hrMDES
zjF53%hGc{#t^$%&7p41PSv65T#&icLhwzF(j%d%K_ow|VPc>26Og95R7r8j9)6()0
z1eq8BqjZkz<7Hy;WrH5{#q&NGrdWcsH5BTpqBtVa_o42NSt$D(M)e2Jh<FUX=EP!6
z@vSWoe(2zO0D|7cE@7+hx(H})W`*bzp3^@qUqI?#K){JjXg$-@%fAlW$!U-`S*|~H
z%)g^7jU14-TS_|MQ(8)`;9UzwFN2#2X`4u-EsmITK%Y?)U=Ea?+VQF!+Pw3g1CPa+
zwy0nlYS9uw_wI-D8aFl#{#leT6ch}PehN6ie_UzC2|&?)M`2X#DGgPA2aCMmki{Dq
z8t-x!;=iy2eP;y@#IQWBP4Z=V^%VM8=INEtmHKn`0dyI(TPyPYKoL}VS-v>cbd-_j
zTJi~jOQ@{KSV9*(y*Xro8(hR}2{M5RL{nz_znStEcg1=4uaum~pRxfMQe~x_%YJEe
zc}XNKugCY3>yB3y0CP%}d!a5v;?Dhzf@~}dV$is(6DsvMT%^wfN})-Y?(Yhftcf5o
zSs$)Q0$xc^(ugwcaP&L|5bla<IJ2r_P6%i!Z9o-_zD~ZTH`r*PQn3A=0`nx~2{m|>
z{NGkA#&Ikr=_%G0cI9F9UkcibenS=ILU6_wEwupv(MBmC=_rn1?V5qCuIrB6P`gbB
z%Rw2ZMcn8dC>Sw5Xm@Jo8W$vK4~T%9iIBxPEbcr1Ue|AQxJrO$4hX?^8h^e34o3CT
zL4exYe;~bsU{d}Fsj?us#R2WCD}Z;t%m$3~!6z%{G3cz72(Z!Vhs7u->fCM_5|64p
zQ$DjCZUEgaNBzJajJ0u6cAh67p97HA)dGgQ_8Pb><sJ@xXI2Ji^f6}$g<Yj(4`smm
zXM_29C>{uat6UMNnH5!r+9KdVVd0@#hWcCj^NQ{55|B>%e{)W*V!QxOosa8dBPA1|
z4d$nTD`tXY%p`ACN<~1HRm807HK6IN7US`==g!rc4QT^;`rB)_L8&zfw(M00JsTfV
zpNzc%r9^y@KcHGfBFdp`qj7NE(hF3mvpD7>H#|D9E1C&cP3hvAwto8#Hb~zLY>=Bd
zY&ei*=eHMoL*C-fcvsJUsNfd|4W0<PK-d%dV-0}!qK<5JmBj^464D%mCAr(3Rv_#z
zE)zyx)8n*njZQ~6N>SQ`biNtVhs1%b%0z>lSBugzRB9%I^zTj)W-$-xfIfyXC_^wM
z^#aA=11K*8YKt$YhTdQ|PiQ+3P5e0Um3;;har>!HO*cdI_#CNQE0T7IFePLFKF!*k
zr4_oD3n6C%D1iyd2}MBOURLjjo!Cgrd<LN^P<>9bFSv$i3kT(4XtJ$UyhI1{HzKTK
zhm7kB?h5&s{p8#l%q`O9ker|o=IYfZmoJ%&7qM*Nfx5!GjK@ymva9)1&YUWT8iQc*
zF(~yFKrQ3y=MX`k8+7u)gSrc2gfpJnFf)pz3zg%egv!0S)XBqic^|=<!h=;eG;D)Q
z9S(+kV*cO}Z&!u^JGM4y5D#A%a{oxzxD%9<=<9N}^<0>kcNDR<*7`+-;N8q0YDr3-
zjT-gXld>}(`d&}ZdhCIO{0B7GB3UJ60*2EMmjtlURgu5VbP>mf8bWc9fzq559781)
z<_kScD;4>u*gJQF60;LjLTaMOzyuOmsN%}|!8+V}#-srUETjV6-QCGVt^)$L`a*sr
zh6mJTh@XjX`G+lw2?HsOu*s<lUWdCt4mBl3^r!03WvR_Oq{Rc+4(vnf#s)kykwjBS
z@#y%F#wi6<EA5!A?8&GJs}6#u)^{#Q-*N(|kil7Yb%7iGVM*%p2KzMrfVKY3>BRj2
zZ@oscnNYggcpQB_rxUBb`gQR<SkUVt&j!{yC129ZrJTZa3^5=HtJB9lf;V_d6W3z%
zPN?0(_}TFP!=n6k*vuz!hfX#&HQj@f@AWf-!o;mk62XPjSmi%W$)I`gj!=vJ-<621
z!@0rzgw$^>Vy>%WJsATd-C*)@ia1sSWL3G-)7N<P8b8D0Z7wcNAdFF8A4EAeQkr-j
zW>Y#!^vo4VukkDl8pHP=88y6LeLvLD0-R&**hYMwzApUUH!pwp+Qc36s~UIp{W`i}
z<a{p-`u`E9SVg%QqUgca#zqy)(Dj4NMtj!w@O8NSt*}@rU-um&EM^c|%*!MYxDsBc
z3a?YM9rXJ*as1QD)a?R6IX-mm#j2oSF2mw}ojnjie4HM9mdIgSFaKAG`THQ^f5%5E
z!BOu&fG(#>s#_7wOSl5akSb$`_!?zghXQsH1rDp*V0{d?(D^hiO(=j>QaC3&`^ijx
z<o+kX;~5vZrRU?JW3=YfRu5AKJXU2Q#uzC)%lNwcYm|XtR8w5|6nLu9rs66Xp!)A)
zj)WNDaT`IzA{^dnhOO~&3`j(2pV$)=Qv&TR+c12Brh0E>V1utga%4MwjXiKop_gIe
zAm-XXSRKyvCz1R&mGuiUUp+7XVFlaq`*&-G>)+jD|9R(Hk5u2*w`A*sljfR_U-+ev
z<3J&crRN_YY~W_7ifw<UZg=|M#zxd<@Nbgx;rlJOffIOTUe=tjo$F0B^tcFP0`O|n
z8o?{@4`Kc11->03YzGV44#$={!gg36gJ<77VX}>=uYU7fObdKJMQeEVX;(31P^rAX
z@pL$p)2>Vo09UKEopt!a99kFi1K$XCtBw~w`lr~}uPzhjHQL?brf_IqwWftj76!}i
za+-;tTehpj2$zL{hJ>VaJnp@wH$eb(cEFSe^9F<0D3EoWFsw}}XYUY(6%Xe_VAoUP
zRdmc|bepP_n|ZC?(;%`qT1@rN2nXgc#6fKIu1vcKyQ`0!E9rDM;^*J(h#0(o|7-pT
zp4Da2;lqV*w$h5&FI4_H7FABe-C4CdV>!YS;%=hz`95AkbZv`Dseb~7Gx$cBFgo!d
zkWDh7gr~$|f#0zHPqO>>ik+~7F(qIR7K5GGS3m#N4-!v>XTKIsyS-LNW)L1{u*a47
zbR7AQ#rfF>2;TtAvnITI#rw*1Q{mG@%MoxQTWwSF$8o8Z`~5Ix9UA!l)HAgTm9>d1
zVCcN*OZxWDV)k2E>k}8W8jgTr{ZVb==ffzWGr4Oor0CYPF3kYFVm}E-;RxE|I;T!n
zckMG~z)h55FZ6MG>^n|S<Vorvx%tQUUtg;;p@~HE%|2#wf@ti4`MPB4+*BpZmsb(?
zmVQ?yaW8*2Ud%;!fGiVnrcIy=)N?QFB(8rSe73uCdsEOFPnHCnf8#85i<7Gl#B8Q=
z-fRU;$&koqDoL-Hs8sePmmf*GahVx}Z54PIFH0QfW+6D5jWu=`*0$2LNy)I(2A5q3
z*Av7;;p26oqyfVG>(Jvq4xOJ~<KuYINoA7(w}0hu)a};6ch@dd2&-LIQq}&yMz+jh
zlb5Ow1QL|L5`4rScX1-@`F0cqp9*PxLtKO3j8(@4zMs6UfUqTv7*dHH_4LBlG1}q8
zBTUBqdC3M7dg8_!w{0^YEK^X8?a|d&13C#Nfjq^OAn&CoLF%^L%(o*f%WnpVi4leG
zvs&z^BP8mWnPJ2@M^^^o^RA-jQD*tAQA%UDKnz(g7;6%+{iJ&sVC#S=u-#~T6Eq3d
zbrs=@x4|dG=e_hZyp1zBtuaSbTFsdt5JDMup08B_y+9K0?&*JLb?K6XVCWqtG;u^r
z{a{y6*T(?DEzFh>xYSL2)xZA`^Ab5>c13j$S0Bu)9g`<zIjMge3X)SIS;)47a@hY`
zZByzY{$F0AtvN`>blY3XHNHeA1rBpg{=N#uRc+85izc7$D@vUF9NK4XsYK%E-$@*1
zYyBh_aefbk;mYmV)et2<`s3@n{8kS&lTZ|oW{z2g`OSap6I`Q?q*VdELr#z+oGb{$
zG)c{4;%5`4vF1z@bFSXCIx!<u@2?vcoL4_gL#zd`vp7Q-*~rFbO(`)oHzk`tj&O_>
zNeT1B0C8^rzIW*U7CgW8-y9qN?GpSEAK=yi;s<zLkAL&KwIv?Sm>;ld!ICWmW8avE
zh*8u=x;a)Pn=kXw$(Re+c!eoKz$K0ZnkOUu<r??!FGW?2$KY)NIghZ!$34eL*bj$?
z;+xkfV~x&`R?~BgPcU`cMo?gLTsnn5B}ad1^IJ_@a77*=nj(~=J%0EbG3NQrg2cRp
zlNaH>SVxFl`y*hYU4?9#gvTWr<7_{^Zy7$bnHV_}{Fi^;JAULoIv$1cij{x5Sx_fH
zX2IZT<bf*-GtB^Ol&YVyB}&{6@_Ol^RB=E&Q}3$<D~Oy|s9&Q^20#M^IB<c=a8>qC
zK7*NTaHlx_%PZjmB|>$0@FsE32~+wf>C@zgWBP>pd<Q{*OUQj+he6+r#lg5CRemeO
z8@hXl!!F+VrG(xuOCR_jq6qvC1l#>D@8AUZEgGs*Ru66$IaDMBN5Ly4C6$SrWvj+n
z^3?Azr1hGcm^c0Ykt=T-JOVo|{IH61RhDquw<5sqic=flNZy<NfToNod}|(876iKu
zuD4sOy0B)4HS9CC6C*g$)l9sdmF7=n7UZGvnRGQr$MO(Y$xFWs0f|zz0L@>%u?b2^
z1PAZkvc~r`XMof#rbpc+ECiW|&O~=D%5Q0gi}T&5t7n^`xg|gls3|U;1q?Mq<&Z_4
zKf$5<r!6Jy7hvYQgGLoufw9W=+_|)zZWbD%tCc{WeAhG8`fF_u338YyS*?G4Cko`r
zllwR4=huG69EX*<KoPZaiHe+3{61z}c1evPA=N|*kCzM|h_gv2?7TVJc>}4BGJ57;
z*a*<$Kc6Pz`(FaE+&~PCVw@2kxDuOi#%<jGp!nGxLYy7095Zu;51ZC;X(F{KY^|Qd
zJ){hqn+f56V?U`21F|_)W$RZiHKEa!E{o`R$TMY7S<N~Bezb(C{>rJWe2y`uKr;`8
zrgrX%%r_xr?X3SK(aYs%z+uA+9&-e8G0IH|fE=D2EZDzB`Tq<0fE%RN=lKa2h!<U)
zD2S)+aLmk2VYAfcZIZOavqoIlU;F)+A23cRByV$z5Lz8aqZe+)*|}J48b3X5bSUyN
zlwQZH-rsH6%eE?5Bg?5##E8I}6PGUO40jI!FG|B<t=EbG|A|jwRZk!qm)3cz?Q(=s
zOp?xulyN^`k-S(Irn!7~-EY<L>O65*P?>f_Ju2sd-NfAANYC`d|7qLVueG-EDiLRk
zG(%R^r1f50kNcBDkt_ycy>`ER?_Xm6Pd`jTQ5*{|eWTHVO2Puy?GBP_=I%RD<(|00
z4i{X(2F}*wn(^MsM4+oxGe6=*SaCorLji~NHNWxoRV}ke{G%7TMzrhKd@>m5c+=Ne
z%9$vtxDbq>coN33^LgLvuyV=E08-E078hC-gcxno+57u@I(cbql)h^G7qk17r&*bQ
zxaLW?48%7*@hvUAEKJl|yW9FjVCpR4w3U<2)*b)&M$xat{i=5Z<r<}!@&S(yoA|BM
zB(v-}7v`J^6bO(Pf+}4xftMj(DnJ;c9RDhR%liPcc<(6!?B0AIV<rI&-6S;O?j^NV
zzFcx5gE+w={?lIlI=;=1FyqCGYBx98o=;FB)~7%LQgO80=;M3tvnfF4g}bv|B6+Wc
zq}!sohZRu+iv)Esm1`b1+j7Eke9qiR?6>-Nb*D>DQh%Ap54Up+2Rp#!S0srsh7^PQ
zejOzS4GLP@sb0(D1SyrE__60cLRym|StMP@UC2?QcU7Q&yR15J(*%3Kt)5`H!Vhzn
znEQGzJTEB`=C^X)Y~{99S<FMf?(VAC_wxtIS@PI_?s>%!TpY%;wtM&R)j9zkw*5Nd
zF_+~wU<qFWBCO+Qp+MfSiu=KenN0SM?&|-#XmsIo%l51*M2|0c>#e=mL(gLKY_XFk
zs`i}Iw@sZRhC9D@=pTN-&28fqPCip|Wic(9j&R;u7?Oq@5(dLs79IMdRwtEo4!3Za
zfvzG_+QpVDX<*<?PLchu^x<#z4ChA2+nJT&fGJ81cO>jP*{;2CIfb624$iQVrJR?6
zfYthYgJEP-x{gGG!H48OBJz^LSxUzEx7b$L{W2e`1NxVD@)~hwtY=tM=#K%c?V~W!
zj?!8)<2*RLKJp+(;OqRnfW)h0A2EZ5)aIiDK7?5^;d;znzZ&f0Ni`l|ed#v7S8J_8
zlJp3}F8xe7&8@<X;C2pbb9S{wGa31o809xzY5^6}eZym8$A=F?=Oz3@3A50Ng+nLy
zD4kB5yJp!8-nrGMckf!?X?+ss5on_E&TMhLne_@y1&H$8PMyL)x#IMSqNDImQR^15
z`Rwmoh+{eyGxLgmTs^%f@!S^!@u5p@H`gqm61#N@&E=@56i$&4)m`H->1CJk_mv#o
zwYK^!91k3@f~k8hh|gDkSXhxwj0M%CzJyptY<p<deu1@4i&+r-pI7%To>=_?oNHe{
z!E)x_(UwcM%CFuKvmm|PB)%a-sVUo#37<zWN`16Q@f(UBDrp!nQOr6(U%OU^j(ojI
z%%zgzBWh%6qizIkk+$)RVo0nlc6cJNXmQ+Scq-!z>oZ7Q<E4IV)aN;8qRQq;4Bylk
z-d+!L^tgg=&GE%P^*lhp9sWf=iNBgu<m}2|{HD)ysWIfa6aiM?-20w%_PRh%G4J>L
zu?D>)jAV@U{u{rL)Tx9jb%=*w?K|n!OpHr-jbieSKv!NnS1&xg{AHU1A)CDhOWv;<
zlNWkVW=@t6iD1M)q0aNXW`;i^S<IDnvYO6eKz?R=E)2|`ITRMxRFf>Xx*;byDSpgH
z911mNYjutm3liuyS)(GgHpBH4&9x+LYAMVlsyJkIbPrAcP<|KxzRNt#bCHa_UhoRH
zGCA|<Yb|PzTJf>00;>vICz^CNz;t|3W66ZQHMJp(MdG)Lo3IYe_pc6yO=X)@sIA&D
zefgMz<S@r5TbaDmr7*{^g#?l6_{tl-fmg8-vRZQl2RNCJmL}}he0a}%=y$V}KITbc
zBum`De^99~tRv_uv{!~9C64HNf)wYcgd5j=?1{M{MkXf`#txTbH~Jga-EJMc#!7IP
zVTzY2#gw8$q#B|#br(!L>+6$<O8$3i9K%lW!*fn_`h7|lw7?9+@5K_%8z!2<Hw9b4
zzPwP(+cnztZHv0psm8Lfa_z6Tbg<cl*RUVg^<@O_-QYu<&U*crf|J-yoL<#RA8X!-
z<ot^Je!Jd#gGf*O98hLHOhkReuVcoqEJ3|RYRs7&Kh-TJQeuqRGZiBCbKL#3Bz4v;
z8c+7W_Nii9og{9Ml754jpM2<S!10{(oylSXMQaQ@u3~s7=||rM&L%x-r%bWkLO90f
zNiVn5N~ISSd18{W6*=oA0H^EU-ni)&rA!{(@CZ*Y!F7NN1~)3~w7#lSOyxI%4*0E^
z0gvNSU@?SJ#2S!Iq~!);ai5PacydySY<7dG8ey_nWPAEna~XrCoF&G7#`H$D^tGv@
zE)s5Q)Q94+r2w{5;kP!PeZ#PS&+4~0nfgs6#Jc9YT3a7dh^MsMa!0ak6Wns>&6|m~
zo)R1_*DYHM{cR>)goW^=qVGy_@w{;JB-S(isqPvB7pNrirRLqN(2}I|Q=D-4V_YeI
z_#9Q(?FbiNjk&6D`O8nCRl1-y-1VlEQQ+kc-{ac+-RJ$=)!2ZCirz=WFU7LrIE5Ii
zV|m@}HLNN+qX9fIZrI+`_%MP@exm+z`AwnJnFW~+jDDT}P_w?2*n0hi8+Q)*8?$xz
zTig&|93^<2`g)w~o9@bq@}%pr)%ySR<zRm&k!@V(I6$m`_`Py`z^_v%DOb;u6m;Zi
zuM-<V>|@w)??0HcRn(TSzm-{%V5;BLn7*r-Y^RAMEw^@7g%{DE#Ke>P3Y=DoE|<if
z=$i0LR(m=`a4&wZH<Gz@j?0KmcUBfl{<5)@q_dt{!?S@s8g#8}{qs@bo2)8&T+`Ho
zjcSJH@`JEE3mGR@1^(n11(vDW{~be#T#$AXvj+>$@83u;pKc8OCNg4OA?6tqqV`0^
zL8%a2d&r+<e%?>OddnHnw~)l_<GBAl*?PT>WBWTPLlyk;F@k`3k^iXv=y;wk&2B6+
zw-M`=KESp{@m}HmBMo2S{aYDKDF%-6c;E)@H$__6uXxM!0l&FA@YEMu*fymkYPPMJ
z?N;D(yA{E}%`x6$&0H|!j;<QM7Ixh+&akUYi2$1rwb|+f|4wz~aPPHkPSTRMIe$JQ
z_%X{bj@&c2o@;^6E4@I%y{S;+<Xu1Yo{|kg8#e9zB9h_DGBl_9ycz_|U4AZM9`d9$
z_w*Cp$3je-TBxIU&u2@%$92_#YJtB~+P~te7&p@L!#DHP^uv6MoQSS&j2XGDP$-K%
zKq&qs7t>-{G8l}iYr7f(>*UyyZCY!VcUP=}1pFdFa;03~xA~g3>0r(356LOz)K+JB
z6Y4+yZtnkcU_bzHI`FtzDW?)=%mJyP&jc<UOc#Z%XedioQh@_jtIJeH?9R~l&`UBI
zv0-up@&<LqUNKRJS7xwOGX1?@+L4Wl%;BhN2W4=h(oxl>^}#xZ(;tW5rB>LLmhF4n
z^ev=YL(q6`=UMidmub|s2BrR@l@oH076)d%Qtn}gCd6geEHTgYF&L+(4<-o0`;fe|
zv-672w#!#1W)~t@{WVGloZSZZUSzGWZAsvu?LGhWDAvuBFDYzJl`G(N_t>7)@#bJh
z$JN)xsBn6V_J+wBafwO$na}1so6WtuDOI^Tv40kxKNir9L5e-l%d<g?qRz~yqj2Rb
z7!J~bEOq|IX0^Ry&IQoB;M@hFt6@G8_}R-+7Wpkrr^`#|-uugY*U5GU#nqkOt}}RQ
z>8`^?T9u!DhC2`OuorA~Jg;8j>Np@9@~B%*POjv71ogR!Wo-c)S=ZfbWKl$_mR*3h
zE731V{tBhFtn23E1f7y6wD)J&E|VM`QL%vH6bEd$K9$XJD)YWqHP#bzb8{cW>jO(Z
zQDuE4i45<qGi@s>`Z^f-?(|q1L&WjCa?zG{5;v$aRm6pNH{^JxZLBaWaLv!qik6>U
zbge3qEUEZ7JJ24LjLpsKtRNx*zt=-A=xG~29yKButWp!)+gVR9ujPyg-g<gD{&&^y
zETx=$BYY%6Zb+LLv-NW7$e%n%nNq=Q`}6s3W<z(uIrm2xyTcb6LcWc7n;J1z6z=*m
z`o|vq`#$cC#d!P_y+$*8k<&C;L82!-RBZLkjGZT`kRcbdNV`dCr6p-OHzsBDSUoSH
zDAys);nWDGEBl(Q`voP17!F+c&pwmK^%52)_!rRzX_EJy<?2T#@civl=?Mgj{p+az
z^AC+7rQ??t1Y%gS4n}E-<P=wa3VGO0&|{`lwVuMa8+Pi7W|cSWmcJ<$a`x)3S7Gjq
z&Z;F&y#<LU0@gLjw4LY~ioAexpEjK}s5Z%#O2}lHbaJI0ZDFivZ16RER8=%ukV7)%
zp1~?+jGt~QHo<?RoPR^`zJ9MJu3~Ou^b>vg4Q9vTKh_%#L>>Er@x5M7?Z+chPD4?m
z4$C>$OmgO)(is+IN9I&Wjk$`tkQ!0gt{-o`Nsq_0`P*okni4C2es7FvIiGo#9>-*T
zRWmSU?k7~hT}s8A$>g43h?Y-KUQkh3IHpkJ<AAM6u{cY<564IrBXq~6SrdQceTKKF
zfBsV6+8uYO^x~rJqPbITfFIqM5^F4P#IY(x7~yAawqdhuH^fG4)~u)gnBC{VtNh{n
z37+D!U<}RU+A}<nFI$A)iL7DW|Kc^he_9&PA3i!dDiR$XEi#^Qo$&i-`Z0+**zhce
zzNVIogo2(whVajFNBlR;8Yk0zv9y#nTVBv<tb({7xoB~<Qauw2SKfTP1*-GM__(8T
z#)vpw{aGs^|FxDU{OKTy^U*%`1vL!}J`?gPSyf;6@vbcAm^e-ySIexET>MF$!oIsU
z@thdbTJv{*TEY3Pw;ZrHgcG>xLKVq{j_yh|JHj+?vLkMnLrLjJ_qnCc)*OG%JPTG_
zlK#xC*J7XPsz;9VeCHV0z}EMD7u{Qbi&2Ap-`;qOeQ5VlBIZGVue^S#7gsI^p(iZc
zR9;2ubJ;Q7-}e?vZo7dZmukL+-Kuz<>GY@CBdnA-R??q04~4uC*q9<blJ!$j^Kfmb
zRbla@#pbFPl^ASsMOj$U=%oo_3`IO-zh3gsKd@4Lq_VAu*E6WQ6h+D!x8X$V%~4y5
zEp2yr&ZU_wp3O6G(L5<hYWj(zNIUlvse0>3$APx8SoOJdiGpnHCa1omlwu`j$&sJj
znVoC}BaQ9ah``u?u>_Qxgo8+Tn46ntwPg2QI{JAh#las=wiL99Z6~(rnBZN<Mo!Hk
zd3c5^&H3Dyreo!n5Payvk8dtZz0|B4X|uxKViD%tWIHk6&j?*vw~iuCRpGGy?`8Kd
zBb=vKX?gKu&~!esDm1Q`VX*yrb&i^|J9CNX9lmD<dl$pPcXgLo-NEN9Z&PWw>ddht
zjlb_+5ohE}g{lL8lGe4ZJw^g|=*hMW^=m4Dn?A_wi=26DXJD$b12Cc(GMwSHxCUnB
zrQvZl{;pam#>Seg^|60B_p5UxLnID`GYM-3?*48*58xpWBW%|0<@}A%Z4v~Mkg=YK
zwbteT%_E@T52g6+6Da<4hW~E7|GHv(pFx_h)bIS@fBj9O=7W{RKw1?0GK}&6<r$@=
zko_bRDSo=f0Q>L7`YSx-e}&}F((=DT^5@l95!(Ncgk*v2(qL;-tiaUzb?~36qLxDX
Ik(1Z{503j8DgXcg

literal 0
HcmV?d00001

diff --git a/docs/arc42/revocation-service/images/get_status_list_entry_api.png b/docs/arc42/revocation-service/images/get_status_list_entry_api.png
new file mode 100644
index 0000000000000000000000000000000000000000..d135c4a580d3eb6d48b56ea19b24f0c52ebb265a
GIT binary patch
literal 6537
zcmb7pcRXBO_iuEfcY=sSNrE7RXd`MK(bIHBuR{b;MmKtpD1)exh$Mp1+i0Ubj37EQ
zW0VMD7@aZ7CFT9S_xHK~+<*2tpS@Q(>#VcB`>gMdGt|FNfAP}A3l}cXYyYG1@WKT$
z*xCI(YRa?mT2Hptg$vw<+8U~l{jJt=<1(IThV&e_{t#Re^imdf%;Bx#l9tj>;g(*w
z%bJ{|@GeQql#+y*$<Y3_Ca<CDYfT4sd*(~8_3k;pcva-mm`!O`Fr4oiI`Ok{9|N}D
z?+C#Yj&rx=cS=5+KdJM;+z(zgeu5VkN$s`2ouw;$elaDR)bk4aegAuE*O>+OclB(>
zjXE_f{lDbZGs(aFm-r=wAkg7|#K)P0Nksq0d}TCDjihOP<f|IB0EFpm=q%v=!hX@@
zkMm!bpY8w4!qW$BR;?iz@3rYWzm*_Ng)$#R+-w?1$2C^RN{lTH43e9kFUB_o5h~A(
zo?AAezQiIP_d!NVk*nl7P!Iml#Lus86^HX#TU#qDE&b}fj+Xyx?P}DDmW-eoi(XtU
z@0ZxpbMY6xz72y0{5}SF%jFRC?RHGXqR?OQLZ&~$GR%sGNH*AYTMPI{`-_D`0U|2i
zJ-71xoWPC0f;$^x)rMX<Ys&~tvn0li^M2&4EezA-_Ve-auh9+n()^Fq?SdQMpw7D0
zj(QYgw=88*l~&wEVuK}rf{6`}_@H54DD~|PnWdJ6QQLD{wrmg6I$q9Oe+@h)`{e*G
zKnfjsCkTxCqe#b5Ep*BIUvk{?_~QCHH11RC2MyV3b`VG1yFU^#iq3@stT5^dlY+SC
z|8!pb9b<@dK~%JETi>?AGv}sy<v->Mvs7v6v%(TJvpy#M_av2eo9uNj@E=_b=}3l@
zFp%N=9^3C!#5z*)36h`+I@fOed0bPR5*%APc@W2Q+=tAQ#}Dk=cr^x6{gE;)&w)>_
z1Eyi^+hY?wk2VV{CTl~>L!qkxEHs|=m(5)&wK0gBZcgot>L2IhqD1}6zAA?$P09(z
zrTSe7-SdQRtVdNxOT^Ih|7gvO53OG0h&Gnhw;n8r6a@05)hm}cbbZjXid7<@KR&h)
z=Z*~vo^8J$d<e2$)9G4NJxK;AqcK5C&DvRD177VSq-}wNEEzb7?}eRk^EzS6KLmUy
zB8<-+o40>L)gnG)1{Y*E7B8s_`mr6jGPd%m-mwr05<dSBrfqHSSlo8EGM%5_*`-tX
zxI&Km7>Pt@jx(}G^P9}CPb&b@8A2-Dpytn9OHj|}UYQ4blxGLo*ED&r)<13xojUoP
z9qO8Z8VwmL1)-L@`3~>K5tI2w4%0c+gXfQ2Rnd84TeF^_cq#(Vi=fx>B|`TH^1bYe
zb@$ydbt3HiRkcN36RUGr<?MLT`3fg3LB!Z~7JJFe+u7j;t&@4x#zvtg@W8}S=m<7Y
zk=<B=uGaJPutH`0i;8Y8ap^s1;a4b6b!vkeP>FdmW5*{1P7Dt%N8=jRs#E#k4@?s}
zq6m46)om%AY7|P>IxEAE6zNb}<BR1^L#lcrz$#pzM2tl4w(ZEUIG`C5(=+b7TS;78
zm)CAIDn$m46g{#!_<+Jxfl{(VpX>0ZSJo%hT=5umove3@;dehdniF~G)tx1p`w51R
z#42s(l=I}3+%2Of7t2$n{5D2C>Dt%tmI1GK{UlsIlA-v}Mk;{t<QlL<puFF8Bwd@V
zW*IdWTTux2fP{(Pth)5MS5yLY2gH$*u>^FP+Ak^}vD`oESC(^y6Y(*Z_w$QersPI+
zr-H1%oX&5L)=0(b4d>w$^5c1~Q~wMNo}D=HoTg`dkt6*6&EeCI#Co~2!bxlglH=Zm
z`Xi2)B~GuhTSaT~OYBah+~+kWSNP~cfty0+dSIhi*LR9&wI}D+TMl*a!f(?kh87{k
zm21C(097ilKXJA+r1{&nHiV4D)L1txLwP}7Jo<Q@GR#x}njS@LQJf^y#K<^u)Se=G
zAM?4LCw=3f>e}(W^^V>AJ=)Oyj%17kf51)C2xRMEQs5Ln+RjCIAam_x+ql*HbbsC-
zA7%IKpT^e<#r5T2)bwyE8a`D_dxIrbb{2lhnJj3-dt^T$VciO#aT;=%^EahdoSFJ@
zS|jw{f!zIRRyY6smhap7GTvpJSNGBT1qR4_lYMGR`q_1Dj2a+Vzpr&JU~Zx0lghJu
zEH>YLmoTU6CmRUoy3^5$#~7~8=)riB<$emh@TSG~QD&TWZn#1VVTNk`u^-mk?BLr)
zYmN!CODDB~Q8PE83(<oqfnB~4e5F+AQvd;8&S}_V!e)NC3L89FT=RS(oG{Qqg@L$K
z9aUBA0Sox|dNLmb6PKf^T3P`+%hKA|4-Eck;`Dju2*in}FMSuqeuq8H;Pf;-Nl#Uk
z%=@KA$;3rXd8kMCkzWuO!F2LbhZYfL?9}??$#F^eo|Ni+t7^AN#<%_6H&Kp;I{<nf
zVtjIs`6Vm4^%`yf+{{ZiMAsg2m0LiEk46zg3?*OO4raFI+3u}vd2(rQW+K9{Z41L4
z66$EA7hE!@h0Z=hfNr29DF@SAIgC##=X);;p?{Ef$k<z#3qG*JQujh}9;V6&4E%W}
z>P6XD%&tY#&k>&x@2Sw1Ng`fcG^WXX;<y*n_~JcJv$xmt<Nk&GMq;gj9)J<ma9z9Z
z$LRWuTY3F>ne_Tz;yW;sdp#@Q87O52@loBP$Be1Y$&`sgmMO8B|A!_?XT<T>FuXI7
zJD+mSc1~(8%=cS-`lo|JWf<MFs^O`78UD0(Ozwp4yhvAa_oCZ##izTdQDv@}f#9_f
zCFw%^As2+UFjB^0b&y;whjByfi_$&n9+z4E_2YmP;hoRX;0Th<dzT=7Irph&bdeHl
zh*vdKFM8gReNuXPN8CKs$15j%vPOpPN5|gM3=Uu9R>jEk?<y+vl8R76-d?pV_no;h
zL?DS(pblr?la76IXTRZ0<5m_ZC#y;jLw>H_bxG~VddJAyp}m!lgXx5yidphHK?ZLm
z(bAyk;%AEGX|V<X)OVV~K16h@%ne_OfT1L6yyVLu>pX>#++|lCVX|eEE`Ui3yp^@o
zPMi+hOG5=$-&r|Dlche4T`<LqJ=k)%+Ab{M&zO0z!0pAydcg~Gg$)+uXV&;&qGva8
z+pdW+^=Z)lD~V&aZ#ulkFKL*C{g+j61Z<_B!H;IC8&ZDXY)|pu<$fGi&wb}{V0And
zImbc+M1KDb<UIzT&sv=fPvNA$AR$e?Bn76-ClWL%*GvjMhB@*K;P8HHSdYLPn+OkA
z#o6@(_b*K$%@W^#?z(w^dyMeS$Gy=R7;Ml{1n0-O-KwN723tw1Pu%AB#AqY$QHpv>
z5GC1r!d?cO)C#7zf1$se@x^qtLybhy7HzKr<`3N9B2Qs3s>Oeo!k1Roi@kP!Hp$|`
zb+=o`b`!ze(}sl5T;@hpDup{xxLaj0G1N1&(j5R)V1wYd+;9+@fN5?%n%3p74Mai(
z`<0v>ekL1_b~3GLHw~B`Sfym>F-TsyBh_;uL&o2nV47{XAxW)O@J577)fo%{4F!E!
z$O+Y=RugraYV-xrsU;7EON#_?%}ABlp{<}QySAi};bj3=Ty%7t9GL4|_VukjX{9Az
ziBnLng3*e*s75^U@zkq{I&ld|LDaX_j&S+4f0gHJu8EWRyCtZDjzyR@tjsL~*7tB?
zp~K#MF><C;P~&AI2~i+&w3Tjjs#AjX=_rMf(^bmXY#CYmIeoR<Y|RESgZcXNBKrAj
z<#UQ12!HH6vDfZs)$?HWBg)NtW($m2Bht91#Oy;(zJmL_O%8h%P63;|{`h*waTIOv
zbb7WN!7rUi$M|Dj`8_=$TUO)xRuI!Ci;S9mSu3@ED-3*f;jo*qsq|@^C~6$wKcJgt
zdSa1qW%1;rC@Zt+J_q31fcUIc2RrF#V&(kS*{{|pXT@D{og4%1zSv2#SmS$CcS^&Q
zvEJYKegalA$g)dSnkSAO2jSnh|7}iqG?CvhI=7G%(u6)(>&Q;odCS+}Q--xN{pd%M
zkZA)%02SRDE=3Abj?%evQAb(HZOcMP#~o)uuPCUCB?l{unWPN`>7`G-EUv%j-kC4e
z-s(3|Gkx0jBb`QewpP`VPDi0Mr?+ZmhfH-E(b;cjz_`ECH<}*~kNRqP5b`iOH_2Tm
zN6$z7x}&Xsi~sc9^endk=-ll=NzffIa9dxX_NZedlz9(Yx64V?wO)``n?N}8Bh&_Y
z2r1B|OW>!8g)N{NQQ(E7x~Acj-ooP?C6zq6&7H&z<q9VcwzY8a^W0%)Fb{OIlm}^z
zkTHH)09xUD9W6F1TY0HQqvy~ZUK)E(X8Q~1p<qcXdpm@Rm44?wSfoKkF-*)VCBb>o
zvgi~C2>ci936k)I_sbfzZMAsufi$?OJ(U`~j&IUTo|iSfjj6Ji(lz0Q*>rC2ln~7m
z8|?RLXYlxD^QPbOlw7j1=!3A<l~6CfvtPNh1WBGJ$aG7?y|h!bAo9)Aw(jn{NusR5
z^V7+#2Q0Gtlij1c8D)D1^^umv$4llD$<G-*bJoX$j~!Z-%O;E5l#k0w&oX2j*-k}V
zpTA4FxcP8|X<PVB7(Epl=U3xHN7@mDq&88y)A=Z5SwM>G-!~%o-2hrNxP8kW9_w{@
zo3!?$E{sGjLLiBZl|Nnbo9TxWe-$w?w%1Ri>1AE4b&OqZh(mPJs;EcC)!L#XQo+?5
zLy?YP<27kAe?V37Fai;rIoBE6E^UK-Zcz?zp%=4B${=pZyO9bSyxbIHj`V7NITT4#
z!vb^o>1lQRU}HT6z>pj#aw$HK^?Oa0(GH-?0cJ39Qnq6u8XjgR?|wHc{7SX*@Tdw0
z1Wr|peY2mqca}VtYpk$XAd1xhASO5P=J6*%pr|GPgq)y-CbJzO##{-f7~8r4UcfVs
z2ThclywT+<xjAEA(RZ4=+bnw4<+a2{xtPueeHPH^9Dn!+GRLc^(AB}Bn0iYcG&WRe
z7$4=JEeYf0a%=YgfUQwMNnL9=>3F1wHfZ(7d{t;^|9ZD^26L$Gd08~NA^!{4qHI3l
zruM!{lcUJQL{*r>kDPWU`!!43+8IhE{|tsa`IQV3GZQgj`<}-Z&npfNe%K?ewn})i
zzmkSmj?K(N$|T-S1h%3MdHos?ndU;aUL2jM-9@ryzxXVS#VYZYA&_G%pQL7yJy5QH
z+c824?bJ7ntk-9X*M>;9f{+(7!(mY|D{cb7_ATlt&f{*x$|IY`+X(8xn=_>wA}NUG
zPQ%eU`a{vkXL~f$_K5+92%iAkmqL3_8R01ZpY;GYnp<o%CMZ<A$-H!cDF*QZQh3-}
zb#%?zO2{OHPd{u!Yym)AVuT9YB8Srh^aDVSXBZbvbMQ><D-@B@)zUOCG#<pyG~j1+
zotlvC6gx2n^>01s8;vK0YQHpOy3O3aD<V-#d@*mmC50C{?e^_wfdxz~(U_Fv2fPXg
z*X(B<skd7S0zp$P?fZb^T)f!cQuiY5*#@U#Yhwnzo9{}a>0a9PyDIb*U<l0KO2T?A
zy~G~P#1;BtGP@(Cfdw#DA2GGyy7zs6u>RK4J7sVrsdQCmB70&R%po+#=$@ZvVLeDX
z4mZWoCM*DP-(7lv-}c<15HdP#DI(wsoS$6y)S)EyDhaXxt)#P=*YN7uhC3O`pPNTy
zwo>J`5?!>AFJw*rMg7m)36yARQc<e%cl1Yu3~-k;$R**Yr_S~Tsj&M>XqA2&BWRsv
z^27iGy~4048pme4of)=Pv6$Dv>eWGnrDldZU7~G#r9|R(99HX~Ei*VXJw$#9;;<>N
z!zGouZq7ikwCp$U4Tdao?1I{|Id3)4E5B|^s@~Iav(0)wf5LmYpo^%=g-?j;B9+A@
z%#mnoEjwt@#gIy~!Nx{a7=@W}3hUBvl|z=R;{fwU_>%qa;^M9q8S($lDDi$cjl_$3
z$McXGuTYq#B)^dmGJuU$C%+b)MwUnI^yyB%yg(KlHv>u_AB=_v>?s+~Xp@WKML=y3
z5<D+4uvY}l0ko%?gs*lSM&l_qj#U+=p?LefvU$B98g9tel(0m6Vyhhq&n<o@39lfD
zv+nw5vPmXXXu#=8W^8GVKZTFs$i>MGrsB*{)ZH8MIW!A()@w`8VSJ$b=(X(bdX!wU
zSFSR4?d{r%-pIJOl>D;GKEbZprG>R;_a+cz*f|^N;OnI%39KNwIN!-|ELlnJuIpdG
z5_w}gKFURmE?ixKvL7N1d%4Pn2>Ys0+&+6tmo@J(4=Y0i5^5?l`$2!R^6N&yCCYi5
z>B2+rwg(oT*U;wupWfT#Eb`n^uMvt3tB*x8ARXj^2RS(IDZqWDf`GwcrQ1Jxdu`i?
z7qtU8pdv3f0GnAM$SPWc-5OQ-v=tN(9G1mPjf#|2heKR8`(k{T6jo7lpUDv*?a$1#
zlZLOR@4U^t?+n=#cpFyw;Y4$zO2$ThhaFry_xVD?AXs0^Dw|sqpK607(hJAW%Q(#D
z#$gTi(qafx``oG8xTrdx>T<r8ZdZC?MjVl1@I%~FfH{ASQ0LC>hUHtlBj`~q#g_n|
z?J~wyo~53jVH?UzGixxBt)&KYGsW+5XNY)BX(q1?tTpo<nLW#LMrNsWBC5r_0Av(%
zW^S7of42<Y<YHE%BIYwYDp9PcGgQP_u67H$@J~v1<>CPRBHqP~C`@p+@Gf$KT#Qui
ziDP0MN}7>)_C79mdkN5~sWUsz$ntc)?xr;CUyng5aC1c?kHp|C!B(%6>{lF$idqEb
z@<zTC#Rrf=7d_v9`k;$qbeb6y+i-R`PGfL@TsFD>StYX5AAfTnB1tzQ5WR`(inwiI
zmN3CBW$Q%;=vZRUNOXElq~GqO)wJ+8dBQPAQ$!cE5ZE;%LOaN&g^hRA(7leJKjgkT
zymb>*x3=@02|^Wla#wsttkZ6}f*~|1>NxzZ<h<vqsA+N4d@dtnAZda+9Yn=Cim7j!
z%v|p{p&);X<&Y_lM+9xAKzp7Sqiofz{a#p$PHyF1GBj#$QMsqdqE}kiy6VxtS^cU9
zZ~nP9poE1)sW@piyVC^Zh!9{Ag%7hdzgzN;%SAte5IhnYM?|l-)Nz>$^Y1a9HTAoC
zV!B9{rAMA;+q{0;$?mX|a>&XvEqHiLdOo5dbWKBUJ|Sv7PTU)V4VFP*Dqq;2`egSs
zW*gJ{omRVk0e@Z;-^bMw)@Q~R0y|nTk9giY^j1oQPI-UYa@9lUr2}Ve)CzC~(LSbR
zB9do#mOB_rqu-r4l1?IU&r0)hmf7=nefG2eG*w_n_W~K%D7(e<=%UOxs7)z{(o9zZ
zm<OKs`uENyLIC%h5Bt7ecFu@89O0nen(QzGVY?soJ~!{=EOeAaP~$}G=Qmte+{(v8
zRLWB|OIHo@ukcSpi3b4UKbNUxvdL-ov*O=|)5z3jZs=~+TAa5m62B2Wkc@BChqTs=
z>0=#;ca36=FTZGkHL&aF+WS=@jxzN#4k8_xb@Ot;Gnyq}ECmkOwt64Kq~L{4w7uTP
zCKqkC50a{eiDi%t^qVIFZ?f#pcXx1*hQw1d2JwoVZSo<e6`QGPcg1Z7nzkPiMtPPC
z_~Buo$MbtfEgy@**wv`79rX(RtI%M4PV6pD1^Bme7F8G~3eZQ$wX|IRO8|yg&k9xK
zFT^fDm~0DR8aX3SLRRJjo%wU_a<k)qGmu~D6#gNtRgFVEIyZWTdT+RWUXi;;veXs-
zB}S!}uh2|V3V9g(7JxWA4ymdO1MwbNnJf;4yw#TIyx;sL^|$_CY-y5*Wgd&;|7(R*
zO*e0HYv?IU`EQL_{;OxKD?99uzJLa|M|~K`%`Npj+F$OZoQI&!{XAEJ<rWR|(<l@s
z*<85ZE@QCxBIjSFzOX->@Evy8M7gz}va)j7yLTPR&3<pQ{kEzeQ~ZkSY>53!E(^c$
zzVg(l&8j(Y%-7Ga>5Sgqd5}fA828ty5yu~1Tf?sKj@wP3lttt9g|f0+)=aKhY742p
ze_7>NvHx(|@<WRqCYmG(S7n(K9<1YVJFDqaKD0TPh5kD4%=FMuFBJNgCTvCZGq~&K
zMU#FFv0GLb?W)8@v}pdkS|-f`fp00!eeLnaV#aN6jAG+V|E?5@ofG{<|JM<Ny*lXs
e??mE+pXALIDU6}E%GnXi1#L}zjWRW0#Qy;uYP1ai

literal 0
HcmV?d00001

diff --git a/docs/arc42/revocation-service/images/get_status_list_vc.png b/docs/arc42/revocation-service/images/get_status_list_vc.png
new file mode 100644
index 0000000000000000000000000000000000000000..ef8d8446b4e0ae459a634758c38276b1f50fd3ee
GIT binary patch
literal 7005
zcmbVxcQo5?|F@PZRccggt6DWGwTV@#_K4b}M%60O8Zm1%w6<!g8M7ir`P$TKON<~v
zj1r>+F=_-g8-Dt|eee4|=l7iFoag!Hx<2Q<KkxT-uJL}wfDANgudrPqBO{~L)>3~&
zMn+zG_N`1sc{bj5TpA-IW9QRWS2YQ+U5Bl`=R^i}9k##I;pg7&<$hFQ!Z`Z`Dne-^
zBNId2iA4H^+kaWQy`d2f7Q0Bns70kqMK9~6X+uH7NEtzYi^3|hmddSeviHO}FmWct
z1)VJ)oQ&pDdOm6hRG7wMvD1>pxuMO+*`V(pGFb!8H4}d(nfrcf%J%>I{+ooWlA<yF
zH`}>}HpLP#`5y&vUccJtx$d8d-04Q?f2=vP-&xZ|7#J9Q;81?~oy9R;yz6XmOW1wN
z?#^$*Zy+cj5KANy=YM>KA|uEz|BEf&m7bHwGxW|?CuU4wO~{1*k+$#Y2?^O2avZA^
zym!5@u#msme^cg<sXz9FwPXwa7O!;zR81NqbUr2~BrsQQvWSSy${A%>KdY8=EBf2<
z*??u2;<IAZkEu_wSa(iPV~&b*zcH%&itpshhl20&X4iAWoc@Vomy$N-gSv6S-Jx{X
z0Z-e}95v>mGru#BNbg>><^9_rr4;`pV?xYWb}9(T+*e?}#8milU0eD*I!Wun6jxm-
z0jnC^?re@)Drcs}Z&b_tONR4Yh{L%DKe+1EE@ejwH%nV0*v{!0B4=7luV_Y#0QxtI
zg9Lw!fy`1Y#Wc^^tbT*)G-4(UHkQ#Deir5DT8XlQYG>4SZJ1KZV==>jWS#$})*MKX
zlKZgdNqf!e`!;Gd{QdtA!3Q)^w+|xrbfxLekd}9J8ZB*FK05_lrWrmDDr0oMakIOx
zCa`6y_$);}is5wCAkG)wfpo%Q(^bs}Sz!mxz0f2@V`|yBIGQm35X-dLldl+I2Y5!>
z?90jne6=ZmZi2qaw<H;#5E+#zk`p16;>o>kYc0R9z{Y^pDB0M>GA^M?41vR?V!!G8
zcjAOav2uM&dzs?ic8@Qv`S|2bACN6_&*iL){gmfFSz{-oxbtknOW{~H&HUTa`w3sh
zumgMz>Yx%#%3~a(Sji3C;76*2;uT=-ZKSU*sR5Awz08g;W9!YaeU&7iUK~#4Q>5k%
zC`ic)+-&!uGPD*erji4E+d+sE%n55P@8g%9vZapeUz&)&^~$&HU^Gfsn7D*84Qnja
zJ4UCji8v7Kyr<*Wd}ig*Hk&&Z#2raYWlCjZ*!ug_gC`5qNeV=%7k_ymKeG~YLzgb4
z?wm!RjwA!RE=R5kl?lZCSp|lzcGoc;fLH}t!yAIdv))R_b1QPw2fgH@jv3f7lgd{5
zh3%hd+_|B)6ApnJqYWYsJJhymB9-l*D3Tu0VLV=XJssmLsX;f_4(G4&x7dq~b5Q04
zJGmFP<OD<9`4zW+6k<L=4!fPoL>!>shMwU_-nEgd`VG_LO$KyvyT=~Ra;HnUO~7H7
ztf6S7?5tX<`@Jm+g?$c0q&sLez6KzMBL*w9BRVtILbyZ>6!2jpo03D7AY|Xs{E~m{
z4xr6%X7Wb`psVjIlt!$zjpNJb{Rmp50(YX>JS`KT?ZmU{$$;Y`fnXQhY(e~iPn82t
zNL7E@^~NguusAg>&GABoasKOfPhO5^ZXaG$9#^{duLZ^?oPTtj@E#cvligP!Ck1&v
zt`x>M<HN1DbVt&ow`O4O`!Al>D84iom6okZyS_wJiHbroqkzUfW}U5OQRS5IP2zb#
zl(z+dzBJ&7K6^F3j-ixfQ&VD-`R%AEw>JGGJ;^C^cuf<r_W&z>oG>mxSL=ow#Ef*q
z-DRT|<-n28vUY=z?jk0~`71$NByLhci!FQpq{t^K&cNZ;jiqK02j3A$?vC_gBY0-A
z%l$z^Z8~eXz5M1Ye%Nsfex`1*O15FWywe;AQ8V=j4b~Ja7fYzWrPY4if$j4R*j$D6
zeNn}IB~#z|<X>6B@%&Zr0_W+^K5JnIR&{<ah7oy>`l<TgU$@&1`^jk6mAhl47Sp^7
z`nU5snvI?MymA~*LKi>n$AulGo!;r&8^8H@n)S=U_$KM2*#etm|ImDSO_=HL^;uHL
zVgS2YB@UFM%O+obb2%@cq12@uCMwWAmWF3~kHl_n0CJAj(vY2VE70G^vukj?ax-ag
zx2gn+)9e<>t~mh_cDn8Kx{-ci@<Z|`S!cvR3o7rxy$(Pa>3BPCV@^<ZKn{I#$?$Y-
zoD*>A6q{jB&WX(LI4I2hUCr^Zy9^E()U9X<)F7M^UF<~g4}+*x+uk;9XcuQs$agIX
z0>em507xR1dWfjci$giGIgE`MF7unLRS1Rd;M`HW&kyiQPQ?+47rYFW*MFkx=wp20
zqi%(Ya?f$y!Kkg!?Q6cG@)}kFCFs^4s1m7C+bcljs*2^SNCR#d?DTk=7N$rZ*s|94
z3t4<jm+EEqDY&%d20@rEHx&S^(@AoxtrF`sM>Dk$(V9p=XrNIyjRsfEfhn8s=a{m!
zCG=F5G3SQ+hZ)PU1Qe9c%Ofen6U?4|QKxN@R9NBKFeK@9tmNL;GM8W2W^ywH4^IZe
z0zMil+=@TuvlHi#vs-_)TM!<vmMXz(bNGbqh<q(KC)q4Z!f{f>s}b;6lQ8FG)>4mg
z&f1S~<u%bx^1F@`#h4`ux)uw+-&ZLK(h+(v?J~V&3*M{&D>#zYo&(yejN5)21|KcN
zL7n6ZRLAEyKl=FUZBigxm#f+1!cNdhE-6tt15~!U(}Xw8`{v&m;F%Ba<MOkaRcK5p
z;NRo`#iKWrG_xAG0yTdOz&+h^<wH4Z@4_Jjy#7`j|EBP)fK1!2GpoO{Qj!tkU79Vq
zZR@tKRa47{PcIRQZ#Kmu#UMJzKVTJd<?;ds?Tcrd@(%5jok%8wJ5erlYm{E{F7>x>
za!N_5{elfuURoIm69nK)e;>n+b;N9Bt+;r1zkb4c@tbthaf!7B9}}1jTKo%k4tG<7
zf&0No{IOd0gH%OPiY7(e_ENKg0%xJ(JMMAy5-63g@`!2yv;d#csO<6UC?R#rcCCXx
z07B%ery3UrLUd%4()W2ynjbTb99B3USA;lmXf*n;491XLeXZha2f}{ZYanPIU!%V-
zPdB(?n!U`QdXJv1B(0&8JwPzk_IeAbK|?yoTf*yo7Kgxcqc9!k7mJhC!H&<}wg?;c
z%t;x}T^qXF^$e3Q=rH5R!qg55a{A7|#etOzZ#}gT)dIjb)IcQ4oQ|ogUrI8MJ$8I=
z!ed97zBO`nk`{xJvs)>_+Fdpljp?vgqa&w$k>bp?5H7PnQ4d=@iYM-R+=fH+Y^&Qn
z0xEp;*5e6EDu%D5_YRdaBZU>%x<B_yQJcaq65Q(|q}Q`ClxFfj^SkZtT<($TgQ~Jj
z@&`V(fAb>IE(BjKL7R9wXSi=RJoorp9u+vM`bqd}{7@Dm7%%T|E4&sB+#mMV*|6RW
z85VL}O}p@bl9DBQSlXg1Ts9pOZ3%yET>0@q7M4t%?~3Vay5e5eER}Hpwac^mMDgXk
z2>#Y??x1-js;OLoYk{AoD;@tPv~$(wp>Q7bwFV*-;%bFx+nbA+|H%ACq1&*<rR8Ak
zE;sY+=fjTqWB+wPk~YFXZ+fR|U9t&Zm$8ylwbx@aUzQ^eoR@mnS93Rj;$Xha+PWj{
z;60{&X65PNidpgNM1k%CQ0qZ#(INt}+q2RKL$kncx42#DgLP76aWT9}RLeodHavi_
zQPTqjILdZ@)-jjrk4JuwKtlWP$Z%1#pnO?Y=!LSA!HIKKLsdl$6|S(;Wu*c|q4CBG
zv6L5jih;epvC$n`3S9i#h!(7uS~M!|!5bU*fYBi}Q6o*?9tbB;odddj_lxznDj#%v
z!TW9-Tb<mOJdDffy~o#!dseI>hb#qVfdZRv;9IXIx%LfC=xGlp2S@7hlZwFJfFXn~
zaCFF+Axapc-o$v*OQ$&bxAxZU1$y0poKYdTqYltFHkB^Nvt``qjxIvS=F$Gt%|+45
zdqh(%U}Z_a@_}!8Ij@Y-qx4mYphcW=7I@}zK^kZ@M8iRcYqgW^g?_8~XMLjtHL0<D
zSD#!kZUVgjyNJnf&0feqM<q4PI-l)wbfW;d)etV{q5peOg435gR@;RGW%PWsi<QFy
z@9VlKDS7U%rH(0($o=fGn|N_PyM`(8klCwN#Qs6&fYZ@Hzre%*I#-|Q2WUJ8wd}Tm
z(p#}GN#n@IfS<(p9i@-JV2{<~@O_bafag7pY2ws&hQyNO+GNJSmz^HEUU|D|_(}c1
za|1)@-5?hpL|=Qm?d396aYLeX*Hs|6bM<Ak$^FZ;382x^VTd)IUm}>~p~LbrFjCqY
zzQdbu<<i{c3~y$M5-x}WD78hd!9|Hkl$L}o8&JV(#Ey5!2vLgt2ypI!CDto=>f9Px
z|H-P*6a7$;1t!HEQqS1_2?YKufY_NHSnF`DuYj6|Co(wkeC=IUCQdGJ4}EmhBMnQ}
zvRA<cbZt6{bXS%1?~{gmzdq<_8YzloJne2Il^cO4f0?gzPy5w5iXd8-p9i8wh?h`r
z9KA?9D~xGD138a|%D}o){$;uhQO_QCGbSTm<V01Yi|zHxw{;ZtX%ZLJo0e@Nh4%~E
zOL&WzAJ%ogJMk2jWO!(Z4*NJ>GqDtMD~Q^Z66`DHgbW$ece_dTaDHrkDqe2L#N7Tq
z&)L~O?Sk`r9blq}nme-oV2*121R5OyR}=%27T@>PYa?ufv5#T*>df^yqeM+2fRE%h
zZ&Dh0XA983$QA+EUvGa!P$vg_P(&VFUQPJQgLcn6>f5=mkRLCfq^er<ATv{^Z=ZI*
z$BR+~ar0ZRan2Er&x8nn#GRzl(6svqPwgBoOeo6&fwN|TEL%@*y}^{aQyT}`tj)M}
zu}Hc~#f%;@mW0!>apfP?J(}J^Gl<LQ$e6JmKAps}DV1iaDBgn}%Y;euP9yJ_jF!yx
z0p9TB6m$#nZstWk%XTg`0{6HhGl4M|4e94>+C4ur!!!bySW;a&t=-1JI#><F-k<Uf
zXa&-d1M8~dB^cAd+ZaT9;=?M0yB3*ITkJUaiYTIEEP=&eIr7=hEuSQy0c@>t?DxuZ
zeQ?5Udu&fVy2*=79VA#Tf<Aoq47V!!ZL{KY5hGVJXyA$My}#b>q^Rm?vEU=dnslFA
zPsBWE<rUp-V*OM%I@^l6y7T~1AHp4NtHz9hQ$D`kFVo|ts%B?g!n@iM2gI0vTv5)~
zSHQDYSnquiy%-Z)uO=O&xOQI(`CFRWRGquqF*pHSXn^Q)`#uPM29ezjO>p06l2t6P
zHUCCms_1?=6aMRaHkQw%#Q)Rg(oA}OxJBQ$q_1?8_>_7|<4G#h)yHbgL!7d6yh%fj
z9GDWOQt*!TW%5g%a|$sMF*T7=_8qMYI|u0d9t8Z^#aXn3scc8+(S^TH-##c-cI$+o
z2`Aa^4ib>eNgHCa=HF(%%iop4vyE;}6OmV?lq^JL@=?1IZTETn{cc@hZ-M%LUbb1a
zxKWx{m&)ewrsaZmrNM0kc^E#|#V?eXk=|Ek7Z<Z_;XFw-Dl`6b^bnry%L(_FNDya?
zdRqDWIorgTw#dfC5@`d**It~i(*_9ohrAavAa8v$=Y2<5!jvP0?<B}wk`Icl<w-p8
z<o&#rGRzvMqI7-yNUgG-cH4V@lGfsv`fm<Oue|W;9taxUmQtr~xx0s4`Ajvs9CO<)
zwH7|ONw#n7yu)LHYr7T+ukMpHx%?za^=_xyF1kABUKh62jScb|t-@8g9Ee^U;nm+4
znyi()-?F{&_ARA8wi60>tR+u;m|Wt|@FcR`&9SMCM+K^{CT*}YmU#dlNVyMn4)9yN
z(C?KAQa~^@20*DDb)?s}0tHIgCxL%q??N=EJk^+!1i;~^3<a4ds8h=WqCp`C@dVpu
zL9QDB11$!5abMa7<i`#^{Sm$WkYhX4Q5b@@hJn@v+aa#T_gY09VJi)>JI`<XR4%mQ
z{KLh&ICKjvV9%4U{Cz<Oc&L2u9k;8$fo+EcZ3a{wed1NC5jH7Xd3qxYlscZ5br~PK
z=DF_cS&MVOo(EA&l{)lJ!ftI_W!l2jf#Qq|@plL>7!;PacNf5<6*6&CiHh|F-CV~&
zCDSbTJ;qYDb;_3L%pBzDlnBflxt<yZ%(&tr%)<4lvEBeCFg$h`uuh-BQ9M<*2FQiv
zXb_qRjqDyR*VbQN9dXOqV{v0FeRkQY+iNYcdc*X!(E-w(=nq>i@F@`r0UFLYZSdMQ
znByq*8z@#aI9=e{T?wT@)T7JNaWhhRV)Se;6EW1kdNd5HelKd9AJV@j16lck@QICJ
zlwRka9U=L;KE@fhA7MWjg|8j>EcAXs*5Fsd;+=fK1)dJa6l{zu0oycnwjFkn8QHSm
z#ULo|x-CyUy?14fQMU0NsP$(iFSd{MU~osnx*(MK+69bs9g!ZC$bqf3p3M3tCmT#z
z14`(lE6}X9+s%FvLIK>gr8Z9FHK}`T*M1md!E19nXP?6<t+;Mm)(I0%vw3$ThLG%H
zie2Qtn8Aj=b<G{*W|#R2K<sh3tLczOm8=~MZ+&}{+BC=989gZ0qzwMcb29MnO3N$d
z>yuVLh%H-wEVt}HHLGJA@CL(YJEoRaIl4jXlJDRk)hPE}ZV|c=lCczvaYRRMkyHNU
zfLS|)Z#GUFu^N{GkZD`?mg`)x_x<w3<??FeGXVq3c^Y%u3Kq@o-5SbO*T;Upa)kq9
zxA*~GLh}YO^#1exuAePc#((mg^uAZrRwIzPW1dXe9wsSVaG9U9^Gk_$(2+Ih9+Q%~
z4_b8ZUb~(7M5!dPmh##h)+BB6@DW!$uz+Q#N?@pHmht2CBmb%n%%+a;CmAq%0U{y*
z0BJt)V=AR@wYYC7q7>MRH`xI4nc%IA^YG=zJo=A~=k%Qf3dYS>I*;9UJkEAaDw&#I
zH#aLj*Fq7+WU6pElJv>dccFy$K3SA{w@wsk7n3`1e`*O|IU1417;|L5-+Hy2Jb-|C
z4WtWhv-Ul}z?_Xo@>Rv|IxK74C>;{X*=Jh59O-g>>dWyPOTOQgoKe!zd;#WKe+h}A
zztFb;p0FALtP1isZ=u3f^A0>61;_|IuX+pHnC=9}7@wGh=psDXCS>r(P$zbX?$xt|
zsvHiiP>*#n3I@HrG@nMIN~zzr+c(zzQ>9xVg7wFXKv&nuRc(=LH;ZSF-M&7DX(+sK
zt!^Ym0Z<su{G-qsP;1yi^sNLnNN+fess1Ibz>R5pHjm%cANH@NZ)k9YtZYBzQgG6P
z#1}Rbb?fMW7kn+GF8zhOKCNZLq|+_`MwZ%?^z(tr_{gU4nEnN(_%Gumb=vW0F4N`I
zFm-cVYn0OBFYPI4r(-;OvG6=3IgMtyA9;it?`r-=>XI6rh|kg(&Cd-W1D49$dHLKK
zBm#$u41k<lcj_;#iw1Gw>cRGxaZ?(Ngk{sT{Q_;oBSWv&k{@k&gHo?T_Tf0rV0}#r
zb%)*h*yW+2D!4@4kGUkQJ5TW_Eo2baa*e|2)wmYss(KRNA$t9yuZkMB(7bZiqN!Lf
zd)}77**}hYadzWm#n?aQ6pv<Ba$@B8Lej~D!oA2bF4@YWa<4C^%Ml3?5=OfVxn;5B
zwt*<OY$frV`N9bDNjvN<hMf7cH~%w#XZY`CeVp^HSC0dBL^)x_-h?np&V?90!%Y6K
z_L|w^svOQDBebvH(rqfHhPBrYY<lp7Ob&SLoIO1|&MFigx%$*=J~n1vp<zSJz;e&4
zYN2Xqp3vuiWA+3qh}_>iDLrV&@=I|C#dL3$ZTrj415JlVh}=^?Pc`QXABtf-x1!1u
zEpUm{#ML$rRW(!h&9fxaS*W-cCVO)AMcL<9^o~fP5`N`b#mQSQ>&;olaxMaw4+dA}
zGpASM@OsQy?t&%Uu09Ly$`!gNLNq|vCP~GtdRjemmrphZm3ED?lnOoU5L5rk@<85G
zhy&{+t(%db-sAqc?pXM~s!GbD^skB^T-uT}*GVRqU)?hd`}tb^CRFMp4C|q5tPnTo
zXYnTK-l~~^9)A4u7RLu3u@xgOD@P#vE_&JTG?Mo^-h&MOb1C4gKi!`Pr911L2^-jW
zH6DE3h8FeoJH#c}<V@QK3C*Oo(0SB9%?IAxqIfGyp-*RhClM(<@a^6#7{_7FqL`<A
zoH3kUJUONhlad_23-#lZJ+pX&{p?V>UfQ89hABk8ykhDYpFyLy^Ash{?j}C)ft5)<
zQ7AS6keIRv)l4lp(9h~&J?l|JuL672AYXbH18eOcT=8ojXis}~-h-#1K4-a|6FUBp
z{eL33evMi!DJz}ttA$qgE&fN<>JMW$t@L95|A8TVtMR8L_?nYb@_97!T&hf*%=!Ps
z)>Z2;6S=y)jEE{d#{$yjq4nyHXl(?SV!&VDYg`PyP^G<32o}F?pMwF8dhF+DfRC9P
z#M`@?g_|3&w=r#P)8<tWV6Xd2?SBa}4OqG;MXh#rs#k@bp3MK^bS&EDcL+91IQLn5
z>Aye<OKQ`r=At_O9v<a-^uKiH0|l+mF#vHm-8t@|?&z1b7x(LW=^dLGQ<KdzPz80^
zDH?jo&t2jl=MuvSu3EKxnU8MQWyvz1Au!@GrZzQvr~-38*MAEIMZ8wmEf5NhF)2?4
zr6#AVm;D<Nxv|nKGnNLb`x{XD7d8aWANaq+L^b~{j=P@`Rr(Jib!LDPC29ix52_>s
b+B<doSOjn;MzEa0W@OqA4b&^t>|gy4@l5`^

literal 0
HcmV?d00001

diff --git a/docs/arc42/revocation-service/images/issue_revocable_vc.png b/docs/arc42/revocation-service/images/issue_revocable_vc.png
new file mode 100644
index 0000000000000000000000000000000000000000..2174a51ed1c8c29259cad5000d7a4064ad8bedc4
GIT binary patch
literal 43766
zcmbTeby!u~+6M}#C|d<ZNfDHkP!txRNU1a|=}zhH2Ejln5ouTmDBVa&he!w#E>e(?
zmM-bK?*#Wb`<(CG`^V*Z3|7uL#~APXt1<m#ABvs*i}EiV9GtTf;==McILBPzkK-vk
zcqAdDtr7lVaS%~;(6_d6wJ<btz!5XFGPHZ-U}$hf&-IFlgM*DdFFU)9#Um>RM@x$v
z`qq|CZOt?|IC$KqimDEOKaPV7pX2h@Q2}k;FLbVQF_(NRjOrBbi)%&O!42PhFJ=a7
z{c_DaSr9^zxR%3wAW&dVCEXQw^RD$!1rJS7QE>lvE#_Ao49_ym1K#DObCgaVWQu=j
zQKXFEGJ8{WK;qse7u_$#ajq`J;OU(-DnE(WHg6357;S#J>`xKDbumh0!DBR2d`TUd
zl<+Nl@WIUuJY~5n9`&D88qeRq8RpK_g4(9d&+^euC;a)YWu0v^089FUt+dOdbM?_j
zaoKmKXU%kfH1x=3^dEo5T5?~azuQ#w!QPER>W@DuC?5arY8m)yoF^2HOUiV1a#%RT
z$s*Y6S=VziLU+3>O0Lgbozq!Pog$(!x%=q4D7VXb6@!en*S3t&%d5KI61XTcOB*x3
zub2pYi#w6R*MIu)oXC0U_~Y_JpZV>lXfwH_789q!#&o_fxozf6Yd5^*2y;v=@zJJv
zbUZ{gjI)c>-ZZv7NohzKH~v@s+x4+7d9k16libO}DGC+6QwMC%TUNcSo*HkpeX7En
z_{)`ojL!5#iSyD*|23b%g({8Gk`&JMV8Ou=zupiTeG2w>_q58tk`KPJZgl1e&Fmts
zTRAo6Ub1)bHRH%QZbUVm&4{_}+HTpCvV7hLU(}M7&1Xs1)hoV;-q+ibcOtLN<?s0V
z+js+q(=05<q;c;&d*<eulIlx*%+xn&7#F)(NEHUezs|?VDNp$OzsWox=ktA$RJ(%p
zc|xDiT=w;+D$5Yg{ath7E6sUDI5<ymB!urNy7bS*5~wOoRFxcKs*%M#`KC1skC5E(
znckgXgNP?lmn)SUV^UI>vd8!xIauVee2<LMwfGt@uBA<QKQ*LCnQppsmPAZe)>b@B
z_|uu4gPd8f-a%ucfcke9KOe{MEqTmp3~x^sRreP4st;}4g;|PIqxDmu4EYbvIW+RO
z5DJ;RIN0O==NI7%$U}dgIr`=3Eja)D<<I;7_lMOeSF0@u2`WlBW214NnBd|36y>JJ
zynp}Ru4{e%2YR&nVBg)(Yw6R;?x@`AeYbD#?qzEfTYY=?X>VhAacXL#OF`z=wZk`F
z!9;9rjs;DmO~tvl(eL*e$A@p0+E1~>Tws)b(@Li8GV(o7pMima>EYYWxq|lX-_xJp
z!4fCH;i`Gt_V&)|?rQs`GcQF0DYv$^&R*iSnC;0nT;M2X4UJl?J`mvG=;-S!l?Y`V
zEO(ZXk?GB8X%1&Ccbx4hvDN3gV1DOXFP=)adh+Db)>Ql@of8A_a1b^B+qZA2E?=gj
zr8Vd*DQRhGF^+R>7#!51T>JKb2+rf-AeVU$TT|oEkoNj(O0Jnm9nV`iBct^J$)}pQ
zuUye>3SkJh*bHY?Npd43Bs_8Agjtd|gXn0kb|p)Ue8M=N%}*gCHk>OM99cS%0^{~L
zV(oIL`M^s&uW1DLr&Hqvc9%XIE`+$;y?fW()oQ4s)N^k;NMQSy-vuV&xUfuz1T<y%
z`Kg`dMjEf3`C<-x*_;ysTjQZ-gvapD$mZhtEBiD17sT;8&itP4Bz}YL=5n6zXP}&#
zm?$#sOfm1xng3BNGpE)%73(~7$KjW(t?jbl{xVUM4V-)fm*PrGYb%Lsc<ZZIuOzv5
z1^34U4HoD63c90+1U7~AUJ}vdSiF4kqG|G@<&UU5WCVo*FQO-CM|-k0tcR;CL!|X1
z>v}U)+STLq)QOSP32Qw~cH@f?oFa+^&X#&iJdi3!vvl<5&np7X`@61vVb#Q>kHcL0
z6xn1eH{{sR-0r`By|;jAq{1DTtEVpPp%UWi?tZCPwp9TyzpvbRQIcCTOK~0l<jKri
z#1T=8RXY#+9PI2u&|^|@I5@tHI9>GEiv$YXBIeXCKc5m@V0_E({;@@?KOvnwgn)4x
zO}M+(s}o39gj_gA1_p^un3FtJe_d-}j_J+OQsDO5njq^7`@+$Eor!4*PQc08xwyDk
z#Xt0k?OF7SgS~yG!Do@-ABCogX%!Y$efc7_#QGfs@V&^0Du{6M@Hp4`p4Zma&LB_k
zJwQ28xJTKnPNMCH%UqWATv_!;ReS8deEIUGGM3jd<ijpk)n6vG7-CuBzS|lT{iy^&
zd@H_l+rJWnBqb&5+yc!FX)%&<lnLntBlq?65|YTQBbGiq`b^LFc-z6z8V-1CnhII*
zX`d3(<yBQnJhtrotYIjl%PF}nuEq4`>Zou#FASKzHHP^o9oNfjZCGeu@_5HdNazW@
z_``?FId~a@3o*M6IlC>{+qUrnj}17vxVrgdCIp^d;;|BUIoRKuOh}(fUA5!VyzRW8
zxwpM`iObAk{LA?*){)&^4@Y*QW4MP4QUe7m>!aO7GpwH&9&4-bAMTCP(b0V!NFI0<
z6&2+&-(Pg>B;hrgXPK^6KR%+RyV~2W8(&|hO;l4;)AQCUbHK7=3@2||_M;|vY(q1j
zG=COKh)I=+SEe4g<w-7XXK!P(w7lH(<;yh|7UK6*d@djIS^4-h^VL6E^wkHD(YVju
zvd5y@6u5aT`wg@Y;CM&UQ{zHDKY#X&jd$WJdv#XTkhti*2EA4c*W;aaL&9T+hb@Hi
z+8ptD|G>xJoy)B2%h#{7f(NUD;XW3H&W6Uu0ar`Q%D6523*9#snoqxc_1Jb}Ver<i
zTUJ(9wA%2n>;BdhEU;u9)Yq1gfl~XmnQn!JCt)9!pEl11QY~I_+?mPDeYN3FD!BK%
z^SZ{zFj4-^pU-EW-}51&iKru<o}cHp9^$jdY8INvO|```$SjMGoor$quzAtdrMTAS
zy*Aq$!}MmduA#xr#pPN%pTt_6%P7I*O=Pyg4^n&K2kPN}{{j;d`8j&#=$E6nAWH;(
z{^R}s@k@eQ(fH)#4b2jp$(HJ-DOeslaD`u-CL=$FyivGd)K`{~UOM`&^QZm2Mtl3*
zW+wLBrJARS_EVl5`VFrV5@<yaj|$7i1Is>+Z!7i!(~WEXrYlWt0yH!<Ub~yN_=g{b
zWjpEWYCP<*sukd$?%DRXls2cy@vwUd7f?xKe!DrXxA!M7$9JZ(w?y4~zKndm5Xv#n
zekx8RK!CNABfNcgD}Kr19P&g$dO%%WwOTn>=dS&)Z_9>XBW}?nkNX<+Rjl=(Vk4O2
zSEq6-5B7J?9A2#iHSXnQg|&dmQv2$o^Y>*ux?0^#80%_&bUWQt^VHJFTR3x$zdy-i
zO{u{+K6(0L>-hMK($dm@eN^?nI<M`h&TmyCr}g@Dh16Trhu@u|?KIyn_;~xIq5tF$
z>*}vkhh6zx>q?#x8uQZJ$oOEl?XJScT;FG1<n>oD6Gj^g$8sxHBHIO|I6b+4)%l%f
zW{$7k-@XL1L;vtF&b9uv^255gdTX-W+q=$rNP>#@cc1ex`t2P~)8Q%_ia(>&{PS@%
z@|l01)!)PJz>hqd;P=m&^Y?RZYNd7)JG|s5lQ(e&A(!Y7@bJVW;#kh%i?3k*ejV}&
zPfR-2kbnRC^N*gR{lC-m|K|(4n6YduEZbu=2QITc*WCc519r*csAIoCO#IP$xJ~5G
zgkg!krQfhT*2wU|eyVMJ+yEaZBbLVV`z_1<SIi12tLX*tb#)uc+3HH>o<__pEb0|5
z1fR{u;?ot3VS3z!8stH6EJ4kXO|wLHSAI~s{FpvY_ZNQ>*8TP3JAHkEQ<K^g3Xy_3
zkBb~(jTh-F1H2Kt>rAaDZFyk7X)`puAK|dIVp!#mi_OBT+FkhyC?i^!k%?)sufXTg
zlbO+0o?*SBu|$s)nRvCkMr%K;W%N<z%~LJWtk4!GGs(}jHq&yO&ikxTa2gpH8*>uN
zUYCyHexCd~XeGEw_O6km$F8Di0sdnbJzRKcNKDLKsFddJ)`Mkh4VSDhl9F<eKQURk
zhdPf27zZm$@6Bj%zjGfM3CZ3ByVuAIv41?<6;P5$p5$T>&D<V)H}cJ!8W)^|rjuA<
zcr%W$0@>(my*IoUX!u-~5`zTv#Bs3W&!I=b;3ufzuTHfOS9^Jt5^hb#Sevz868-b6
z$2qhRYVohp0KGtx+ctgqh5+~sbz!8wPgU(KbW*5I=47z!4HXuzh|pm^^7)wCo;?rm
z_}U7cUO`@-#iQh{WAg#^aoNBGX7i@!L;@DnG?e}I5oERQY#2r#mG|p|XR%!m6=p?N
zs}7PMeHIlE@YHX7$Y(eH_UuD-<dnPaQ{}CsqCGrzky=Harj0#w%4DO@c)B5&RV78j
zAn-zKd9i`|T`FuL8moxMB%{4M8AIc?K6lsRJ58x~lgtzjmjtSw5at!jK?3~H+M@Y`
zGLH@LV|RZgR&OlqMcEqUY6n9BBXZQ*T`1?5;k)%gjg!oHiZMuVe|&$Bsav1yhUW6O
z2U-k6t=aYO?zL0hev|#!*TbkK%JQa5Z|-nSJG+oSxAx<M<)DenybfmHKLi&SFD6NZ
z1|GDxYz)V<29pNmm%K4gDpvL{njF|zOgj->S8O)nIa+t3C@d?hAScI4a4#&eVeY$a
zn(J!BjFH9MIR=~U-y}T6lQ0{57R*+;)h&EoEoZY#SmFoEgUFrB>pcN2j@`JC)A%}8
zrBhs0bfl3+W?-v2OaS_6Xeqsyam(g6`pk#1)FxeDu3mXJ|Mt#l6k~Of+VAQEt<VWt
z)Wch2?LFB$2?_XL*vtk>^60e-O_JmK_J`c<`S{d-^!2Hkmp2)3TBony2{6G+P_qpQ
z4b5yOtXGS?uF-Jn9+&@Qy21&|ANZC7C3{{6cjqkU`%g$Dm9-o{>8zSJdRons@N)Cs
z7>y1TvO8<4cWmnY*JzdU-!|6qUB1k(x^qqqubxA2hfRwxxH>LQ+l<+~$AdwvX*f}A
z)o{e)H&(!FOR6H@yeXu6Mh-^W)s3=HM1ihSl$o*>yV~hGTou&*b}Kk<dVhqd9n*F5
z%Dcf{odYSnA0Ou<^^-3WcrA;(4AU@Di8)?)sg?w-kG;4j&y&3tb0$7d@bTuO75$*K
zNFlow`Mg`vBtAs(!GKp+6`1V5Ml8g8mW?ir@KGoSOT|7n$xoN_Zg`8@cbNNrN5E6v
zXp*_<QFjKr`}$m_afrj>{ud%asxFgq^#|tHyT8z2k0Wz-x4PSEVc^9K9=DC|K!t0(
z`YMT<slipnpuLr^*)umL^53jq)hc%iosb-4IGv#`8AM&#(ZQWr?zF%+H#?i_{kgU*
zQ!3Yklub3|I)-wZOA>4Hni_jCmm~-PqJKUGHTCjD<Zw*alHh@Ti-t9Wq|ko<j~}dh
z+cTM7k4IkQ89Eh72$f&;O<9(i+S?IKUMT9Zj`zsl3>I^{#I!RWdXa$dw`^1k4VQM(
z2dPLKhFzH36W8X41FjP$G^L21=atFZS*+G6rL|hY#?jAIU(YTYOnVujkr6DIfMDW;
zEw9W$82tGk&I46@Pdw<~eGe&X*<E^&!q#nN)f%p|H`ASI?7`JF+HX4lCIuaHna@QX
z9Utu~$zRvqojr89u4Zm-?p2UkPfLBj9H~^Vc&?nksJ(;0nTy24+d*Dzkxv{FzvQ@{
zCA+?zB@=&5<iWv`k1+|Z+tMc=1$pK0zHUa``Ik#K-$<@bUaxQOs_faGhnAWzh2`2}
zeYC7-*wDOtD^7|y(fcwL)hp{jSwX|26Qi{6*j(+9$`yZcFeWJKvGj?_eVvNAAWu?2
z@)%ctPK050GUXN>2JqJv%)v*i*7)jQrBk8;J9DRJl21FT6kG8dF#ITDWxcyIHP+Z}
z&KD&=d6hAN`H`baq9|d5dD61j1DWjXfu0WYummhsY{J%Z<AKZO$U!M7m+h!|v(lr`
zc5LESKKJ4e=a!}>iGBZoFFImkVrzt@9OY$tXVYU;P|3%tH)-jvrR~KZ?7l2hNgRGj
zbkN?b?Jk9ftcSO!de~(5DH8YH8xlOH`E*di3fJ%JKg4)&TMg_tTv`-Z7A_o5(d1(9
zrO*5BH0D*RW|1zs@5=~K$ak_jn;}(3$Mxq^pYg=~&CCU2*5+p3OmD#hkLT3bLMLCS
zmBh-<j?=_(QMbS9F=Q^K+6T&`FbdV4dvD)<HEak_b#Zgc)+(2i%v)C!-dG4CytFPh
z5!p=5?<S$TpW*&>&W!);t#qZ!)nfKPKJGzjf`!FgFx-=~#|!l*R>Sm1N{W@dSMUDL
z@PR2`WY=(!$hGkJD6~KiKDM8&<J$ddlZ^QJA4IqB@-Q!26eB0VqyF~^Oz`bj?Kp_y
zb;)A8zIVTW@C7D5H9sakZeJ^g`>C67Xa7~b2yJbFOy$R}<6rK;L~!g~nMiNNl(t~F
z4r-px(RlIYxhzi&mJ24#h1ir*<98fQyNb%kk!)(&`@W{vwM(};8XMa;i7`!6xnAfG
zzz}op)Hlk6E?u&&$XvKykhzAct59}SLrtvKUBGsxddV79H#H7d2mY=G&ZjRw8Pr1S
zcq9GbWiZ;=ISAnFg@8S1M@bjw?-g<fp!~lvV`!hr2k!02ND_9YFud^gR@VI(Q>=y7
z&ra@-1@wj>xP){mRQ0Z%ITZFwD3fbay7z0{56`bTMw5@fa;De%=j<#XUVDbX<yBO^
z?43JzxGekUV0GuJ=4lUd*-wf!O9hW#<Im;k5Vy|07&y7R;l+NQDMuwYt|`D&dUTO*
z*EYp=tYK&UazRfffFCq5h?`Qi6cl$E*lx`Xag?jeJZLdjY80`b?%?XkbW7>;+Ut$s
zFdolc9`W-lSg3GMtJ<0kOv((8-0_udMs-pPn-_>Do{CLiuI)_}%iURYc5-x_9X?2h
z(NsjvaPW3ueT11aU~ylgaKA}FbozRF>V+n@2YVaNfB>&wN25bAnC+TlL@3~E!^2+9
zVazj`JQLqfoF*kdgAcmN%aa*$sLT!fsgvbSMbp_`P^b02y%SvWid9K8Ss8gTk5hz3
z(ZHfkN=kb6?3s?|mLcdya&mH#yP#{_zkh#x5qOt~=+4?Ka7onK_n}I6V8)odr)7+o
z=lJ}qtvrHMFrhGI%(qLPFB3I#?G?Ch1lQE)2C!oe5m;!ho)C)l8m6tS&DGU)l7N<u
z&UtYt+e#7xTr#bZ`nJuJr%!pWVG4{|$u8MDI3P%+N5ikjiXqFE=1zL-+qbU{6i9_H
zAjk_E>WPG{?b%!&>miTdzpw#h>;ldUZ!to&t;4rcsNF$az{j6?_iyaC%d-FiT&7Ac
zWus=P9bl!GGm}q`oiqZy%w<WJj4V>Ez=$~*w5f(6wUkmQV1V7=tB$AHC-fytMS^12
ze|s`Bw`!&<J=C=s>Mzt~mJwfH->uatq~sle%)?X6&Ii5^*UW05WV!h={ke1JmOwIL
zad%&v36G2OobE^l#i=!hM<z?rZ@ADjG&6HHK_tKvNHd%TC<O1}svtGz&k+cr4g$L~
zReXGW$_L&9fP^<IIs3_qii&cZb|ks3PCmy!+uYWs?EH9R(3v(8M6-xQYWKN3>*_sH
zXsDq?uqc3e_%aGzzj|w#zvqs?!A|XNG@$kBy>*mmL5fFPe056IAQ7maX_j*^tkWIc
zSxz47b4{QksLe-pgKGFGm~M)^lX4k!$*qQia01}avOiR-_X8qz;%*x@I|w+ghemA<
zRk*JD`}><UhE>^&)SjgA`0}BD-?+bU8tCj<o!TcR%KSfyty5=lEsnQ|=_cR_WfP+p
z9^-$we4FN}-(Ls`w-La*KmyuL6+4b<HEvWIJT^>*lQryscT*1c-MTO1hQqP%gl~gt
zgikzCXZR<d`Y*b^W+TJ%WWHwWl(ZsFno>fO1`CeG$-^&2=>Opd;0T8<p2q31#$jXu
zq`z?jXO<@x2YESvLKFWW&c|a@bjX)d3a_Tdds3d<h^VWpBSM&#85^+NGGT>^DFNhH
zoIwu|OD4{>GR1pvoL>+~6b%d+q89Yr^+BHGdILI-T|mlhS=@ogJ-IsUm6fimMhjE$
z)Dz4XxJFNq(c#m_g>M!DuJNRt$T|=g4yo%5HthF|&X{;;lzRhcIsE+m$-mjFcROwi
z@bhcY8b;E;X$4kS37i8|Gdl+di>@>|Sh9%b6G(a$Q?q>*xk_a>Ftz22RjkQ~*wPUE
z{3KDt7vO&4n_cM&SFc_LeK@T3Gjy8Uwt65&!Fu;){NQ;EIdMk6$zC0=!AkcHMl=Rx
z-jfAlW~Op>$7`No#j)0}k?iep{N*4TJ$(4k^2f*6JN7AcQ7RIAEBiZ()?I1A<VnQ#
zplX0@*qJKxbrO-Rkxq>E3Ru8zR+t+0I^gfT_-BxfM1(tgdsS+sB5#l!Xp}oy!bca4
zF?2ww&{JMXrW*mdS(GpuWg6mb+=?;GQ}&kx0#)8@bpQS{3(2JX^xcnDuxiXMqLW`<
zV0viqy0+5CnC%J7DXs^o>{1Mi8R%Q)-#?5L4|~SM$6LQ`P_Lj;&DG`)P%AR;eOL>4
zG}z|h!`I%&jvc$MtPA>Hh+lQ}!Ngs0A#Nh7+wbNqzrA}(WiG!^dHgHF|Ah<w66R!P
zZUPj7ZT$A_8}M4wMsr^y7<%a;VfJQ|Y(gv+8=?zW6s}vakcCB7nbeLyV+5kI$Z`rR
zd}(h#SpQ+oBooILys)s)zr4P_p1-x)E-1D6?fruWwXMxfaaG#2u8|n)s^B`A!FzZy
z+?MjrffSsgdfHxlj%<iu@eV)0Xt?TeXJ_Z?%8KwBJ;#+RLU*;d9(#<`zJRXw`Q=&8
zHc1x7k$cbaFT-^Fg-wL(JKvKXBg$1<TRSs+m5*=Wwzk~@d?Oq<6tsx&aL1MLrmn6o
z5Ynj*&ooUUq10-y45|WD{X%dJ_}zYkQv2=o0cdz2sE_~rdG6xH-&ir4XiX}u54!hE
zOwtMp>;p)zBbuC?QlJ_1lWRUwH3q$X1;)cJV`s5w<}@h3+3H0zovB0-1dhk!@{lFi
zrHehzcEN&Ti1OIsQpl5rwTTpodE!>NMA2*?miw-(cOwY0hLJ@oY(MZ=wp%y)XqJOs
zsX{%AthvdI$*~~8Ax)+cuc+gfypJY9_Z7@!`l0pnKdhS%TG*@;8xB(KUHQ*u9!3rY
zO7{GEG)i&$s6Ms2FGcv5S1ze2?Hf)eR=>lH@^bZen<bm9^pGR3h&_ikEaKKKAfo0Y
zKX*>HX*7dAG=n%`g<92UyBu3)*PWeFmhd{jh>JUZ?GmC%CnhjEl5-kKPsC_#Nn0qR
z7DZ=~P6NgFNk2PAhHtqJ&_9C>^t6(a+bSx(Ff0uX4ccW668r`W1Eu@>`yjK9H3XKs
zuBL3|XB*kUlHc5Pv9`8$c6Poai7wUsg!lZDuCXywOmcFvLW=bA+M1)SEyXQ8VL7?r
z5NSKl>Ey^HJX~Dd)yY<c)#3<kVi=)9>*1lMCT2c9K2A;rKgC<=siMciYv8-@KX`EY
z^5y5xp95_*8seP~Bc;nuj}uLNwbP6-kt74YE>6I%UMNl=PE=^x*|2$SHRtBytyPKy
ze$_~J9k6O#@7;Uq=37^2(I>A5@;#$;)RhOr8A_}KUs6J9MzhkEJPLXo4b@Xzt)rZa
z_Jj5I@Zn<2<d~?Jr~VMu^xRwPh3W$>Tcj4M6$J$a542UcwVBQ3F|pTF>D0s&6t0tm
z#4cdnNGt1&NvAxF?T0Q8MPPhtD(LcEWi-X*%a7OR)C^(0rb7km>+4Hkgo5X_)~yo0
z3H3mO`5HTWE>b=Adpe|^LA3^}OKk@f4_aE<!oi1$PbF(Uf7b8LP^z!52TAOK4<VOz
ztdnFwa1To&_S#rgJ|jkNd~}rfO_iOK)BZ%H4n3PEqmj|up$dlpexs0-mQR$NMlG)>
zIJ+Kz&Xu!U9IqG30bcT(^B%L=#bL)ujYVEe#fbK*)%BC01GKWek}}3Uj(=cAx}Oor
z>Y(%Rix)4V8_7sXDbL_L)+@2cQ4D9N<<vDqBUgNvH#&*WaVD&c;^IZbfne|e0|^x6
z)l7#FKTLJe?+~Fn5dxiR&p|9!?gu%FGVORpMa5)GbZAVBd3Hddg8HjMWr{#iij8nC
zc?E@d*GUQj-=!iGtlp<*Cy1#z48Cly%@&Dt>IH>6f2d2UtgJ-TwVl|^a8FOq=BqFt
z8|cy=k^~ea)ULLw_lEnqT9X$SR?wX|R7pRLH-$p;M>AA_S0M0syQHM#TJKYs;i)+#
za5*Ja@c?o$vgX+`=BuDBDv)xfF?g~1R@F}fn9-hD$Gdj3lZ%b;dq%n7z}FWBFI~7W
zHaXb?@CrItRPn>R$@Svq;aHO}TOGAAsJ01i#J`}ksjI7lCjoGrI5(9Qby0IlcWrUl
ztKOf4ShdPy3(O+6*Y9|h*xLO6YUeRm%6MWz`R`-C2M$uPMPGvVF+4m{c5RQXm5E``
zo$Pn-YE+d8X#}#oi7xXRc)n=5eZiJ3Km`@Z15Lx;&aQ=(?oQ?j;Oesc&FXIEM(+mf
zjHz?6LSw&aX%eiU$WLZ>J~X{0&o>PhRPwf<V0A@c$2*l=ZB~_>uo>oXO=x?ILzRwB
zFFu;gP-Fp)bDHfz<Bg1r?5xi#&}M643vaWs@C~EN9`2;t&ktQ&6o-;_1*86DW(dSG
z9j`s5zKcA>YRt^ccU)HtG&SEY*V2%XBoA<c;U&1%aF^k!1Y>6k`T}kUmGlA@b;Egm
zt}i$^nD#<`&LUj7pEXY<Jv=-r)Zfs{2IWT#VYp!u+~*=0a|y&}dHU;@iEYa0sNO9R
zA|j&I9@C^kQi}8EgWtT7Ra6X%jlIsrZk>pVx~2azHFfIk9ea8<g)h1{D>jDQdCP&9
zs%NG`lR3$(wVrV+lu1T;5j)qJ8sx_C9SXpAkItMB?*2--p<r-G(#pYDi(632R6a|7
zQ)p0HMuzCj84KvX;5VM~Ual1cyG>9~P(?*0@A#UW9&%2j2G$kJFU5nRdUm%~ujl-N
zvKQhdEBhuiR3Y+)7R>2zmnK*6O62{ktE;KZcfaS>|E83&21L^`K!;4Lo-DP_QhQ@D
zF{G8hdUfXL^rEAqK`OezMMOyWP(p$kPHz+Z<=Ng`ujNr#P$f3^YIimkd;3VXMLN~_
zUjWhi{^JMOjB<hJoAx{7_q%2YiDkWTi($~XhYK^40-dbGoRcoL#olE)$dP4Li(Wnd
zuK!U2Pz^WiYJ@*FQ4GOTEe8EFiJYO7lJi!V6$xlDQ1l202pWTEa$B}e$<6~VJJ*`A
zTXnN4F{d^m{qGl&ELLu4Ln9a*96WiJve0UfclGq!tYO58j=g}6?fP|~Px*7`rtPRO
z5m68<!{3X;)qva>$!@Dv<6@5^AqSQT%!2c&)2A=-x!8aM*?s!$+aToq0MVUs(v)Fl
zP(S`HCnMAT=FJ;$5~`>^t&cpqg1plr%xiB}hc+_9#Ld<91U^0^BcpbS&C@oRoyg~!
zM^jT%<3E1{^9wLcf(8H==ylENDJv1OHy*)|10GjufXlMCyIbN70Lf7tRhoL~C$$Z<
zJ5a47TnR!~&zl`bn!W;iMKWHE(@&4%02l!AL-#+#3R_h;x_kK0j}Psb|Bd67{r-4-
z|7qCZDH0&axCA4kr#E^M4vx!vU_dj56umJ0GUGnmJOc4cd{jdpXj>mIQb5IftTfeO
zn$qMFllI3NgAP7y`vwN?ovWFIk^GJaCa5oC*B$Ideb%(-ES+lYnQ9<tW^)hP#L~{g
z*jeCO-VsLOf~jza=IFY=;}upY-KlF3>D&~J=D3iWl7fHyI7}oBDb2vC#3IID7V54A
zMdvLl+%~E%I5_zh`Kjl0;^NGBo2=YC*L4b8ak4{=0*e|_Jist5t*=KceR_V<a>*l$
z1&dmIW9Cd4$ooBocsff-NvTRRA)Q{9DPzl9Y#0}ih;RX@A`xUi%a{Qgvn@O|QTD8*
zLwMp7OTS6zEaO7%?mH3JH3T*W?1Aqv+L^Af_>|LQj<EZl7BM<hS+zxMa1C7KSJeFd
zgM*b2rU2Lr<Q`hTlbxMeXG$w1D;S>co;`KS1T=Da*XiO(XP5OpV?%|eRj4^YXYxPk
zekds5%nbq5C@fqD^8n3q#qV=%?ZbEh%ORmvb<@Jyif+4~D-&Of3ZN_@-8ubzM;b?F
zYU+>hB{+7xW5+<~ku^#x`Vc1?tysh76+psG!(pzKU7*#&dv8Z5;Kd>TeS!{{G|#PE
z|4bwZ*uV=gYslv>!E}pzB&~V+jgtG2u1Q<TyvLhs!cq=mJxP$q$O|%q)d2RY@0ISw
z$3d=OkWV*ob1U=i?C79pdwk<jo-{!~=yk0!MZEm<@$|G+orCS(kPzZk;vlL!wC;Bu
ze(7rBa)o~XuDZ&rkrf`tia};i9KSpL&ykV$vEdkPKb6i)bc9Uh5o~H9At4E=ZoFQ+
zkzP~2ijM*JG!U?fvK-v#7#3uFp2-9!_3^fWVNbK(dAAgk(wUct%8J9yf?<Io7eaLg
z|1&>n>t7m1;Q>arwt4w|6|VMUQeuIWTp?fd8(;fL@a=Do5x@5L4_QL|z`4muMpHmi
zwtL%-1Yhzb8Lz7szG;O{L{0`npK?R13}rQ-+SDhE?vmEj)NGlx$WwL`R>%jXsXH{h
z=ywBDPwCOz;d@?jhOb|zrlxv7e*BmTjY-meRY=Z!3*5j?<gm?O73~JHX7L*|Smvp+
z28jHMPH;Oqa>JU>Lb8<!Ti^ixp6gRklyD{0P!n5BHc@Wi$kar2ugclhfgFONcb`d5
z1-Yf8qhs9K!J&{??FRN@P~;ad0Q@$hdeIuF?CuO{Y*&1E+=9HYLbh4yO4s)yz<E(o
z<P(vj-@eHPig&Lk5r$_yfkWvuCyL%8L5HfVvE7%6H}68bk3gpDT<gK}-b?q^{8Lu0
ztiwEG*DQGx8EK5Zu^3{a-0|mdwz_xPz4i;53_pN$Bee?&0Cq0~B?y}xI0!($9gA<%
z_-Mf#eAj6%>aKH+>tL63-A%Y|*~$$l(+=SdXo{lcTRr(5om$N@Q>@BavKi_|ag0hG
z)K#%}oh7BAdUMf2{Wi1*5CFt-!ZJ)mdW9$bL(x@E38QRf%K47YDbiU|8k!(v<e|*q
zV8c#Gzg7pi47_!1k7W^ayL8P$5Ln{TYLkN(T0tn1s0Xaqb-L25*@xOqoO>ddGLi4h
zxYNm1pQn8M{DCz1+mIFG=i|%bw@TnU(*;}@R@W-8d6%RiAjD=}Q^EIo*ID@o4d)+S
zF?Yo%O1L{vqD;P3J>CKIWg>h-<6{<d>dD7xsdA*Ox*^pPFS5@@OK_MM<*RzfF=wP&
zA$EtK$uo3-5g;;XE09Jrxk+xot$qRBmpp`Hd^cjtU8(v#W>roQ+II7rmX3~&+Zgrd
z(?6g@k#eU|B&c0i3^%kBP$u(lhU+*EL~}4t|K#Ob;S)kAOGT6``KcL<Nq-i+<USfi
zBxqTRK_(DEGpjtC$d~gd2BF;Wpow3~{BuL3+xVH>KTCJ(mYmTva0s3sHz)RJ7@<``
zMbwB#(iE~&!lCYExY)u!s#K9A%2n#b70e$!2%47=O0D`xuNo$MVv>KTmLMGN9J*)G
zT~=~_e-U@9od|5>h{0hvzH{hny<2IUp?M+z4sTw$@-BoSBHFL$psY+%GWWbu`k;Jl
zvPw$G<l?hzr*5MWB&B$+RsBV&iKI^u1!u}iVhYm*d*}3!4s&l4v*O=FzA0$OQ%Lvo
zHJT@DWr}mrgXKni+wHdrV7|;ubHI4|`uglzWl7W=fR?<xym)wuL9ZUHaP8C-rVj-z
z2~^XHckhG(D<B&6HR5`pe#@Z9buFjssvl}}Z+`FVYceu5oepDG@Ob=KOH)(y6}g<E
zB7Lda*XpDsgIaF_0JA{fL!MZ$5P&v7LPN7SKYzVEi9j-`-Uy>JrEsi=Bl0-lP$>S+
zc6NUe5w*9pD2{@FaFLR7=GQNBDyj;LK91E04AV{a%8GDQU!m$r^HGz$tE6A$PyPxP
zqgJc(D8+o9?o5TbnWJ6VymbPuv-dF=yZw0kU66f2kb+c(zxRXt_c=H?ppac{xaqmO
z8B8aZ;Ug?68dv)K_>k+=<qNiQoDdy2BwzVJz61aP1uz<Dm(BUVel6g>o|Vt~FIG4j
z{D&1Xbg1v^h05nu-2J^UxRYHxBu^|I%Uc9U9Rimi+|b;0$|6q3N(U$vMU>L}`uV|X
zJx}mZTpZM3*-?>FBu@b&5gyJ3QNq;-b!lCBH&<5E{PfgQV~K3sb$s@YPpY<OSmji=
z8lU9Pz97@SNlgZ$u2zeS^*$H@vF`Ng)0{!<Y-}j<GZ~Ml5Q=?i*d)#07vpCVSX{gT
zc}ve~doFBy`yx;sN<9P3vN?{2RR78U0(bZJ_PQyJjEpk4EILyH-QHtq8CwfgmCU21
z@Rn5=JfQM}dB!j|F~Mcr_7*UY`SqeGp)qGOeq=zDz3bgk*<5h2W4LZ0Z-$#E!}4AI
z{X6W~ofudw)cAP91rOgHc)aCvT>+6Q-5VJ6V5$ra85vpqeT3jqib5YEj(7svfuAqA
zaYwb+0ST+JxGvBsM44i4tJ8W#6sA>dJ*@2Pw?NJs4AfF|U!Ea=3-wwBYm!o*q5gG1
zeH-M*hPt|v($XT!A5QSbNjS<H`r;L3d6~;7kO>A*K|Iv&K!5|}xet;W&~uV>Lu3^#
zE)chY><bI|cYF}^i@|)u0Aj*Zr&KFkmM6YO)>HrW*I%z*j4h3PmPACiNuY9^eUNr7
zwi={AM@?O2JuG0EdQ0G&L8Q1eXoIdVu1{LeCnTCgKnF2zRa`jBm7CE(f(}ga3x(QM
zT3#Mg+@*&X+To}ypQTb678M_#tL3xepHf69$4Nv$u$6nT%?{;ltxAcM5Rfrqc4K!B
zd_N&&4TM%D?t1Z_94*!k8<5~Y`_ad~^7oftz|QsN#xJA&C!<e+*b>EQ{LsK4>0@UU
zmC5KW2+2fH3EPMyL7<8YBD8_KASh-HiT1%bto4sTCkLg3q4idkSf@ItMxn`j0R9J_
zl|6csJ-ckYyy|Cwj;qqQfByWrB6*UaMXFb=3Fff3w>Jbm=H@J>X#;r`g;3d!zRi&N
zp<h{qoWkjohcPKwiI{w|?hM>x_-QfI)6-9%K0Ql`0su-H%1PP^Vdd?uEeHwv=THbb
zS;qN&08t9iByd{HuYjh(r;H~tF4Cr^>0MW^UHj71ln%ONdU`tLR)E~zw2YUT<4J<F
zYKMRymCFs6@Soo^FyG(Z>Ti{nlr-zfiryk>?BOV$GzMXHdZ4r*F;U;d#6(o|rK?oy
zg{a7!f)F5XK$<&5K7INGHHgx2Q)`tP9dI_U=PFCQ*S_nIkCx#YMryZV5+fyBcy*W@
zG)>6!ew9wy6A+1wRvdZC^}4^mBQ?%#25jV1*IhUtz#qSN<JxL*pP0<NIBE|LaX}5v
zG|H+dM<e+cCwp$2=}5uP!A|u-IUuf?ORuHRVbA>a7bU2Y0J#po5Qd%Q8b+2U)jKzL
zabd8Wt0O5T<)hUgfM<SMTD^(pa1u}5Q%ElY=EPQ#5)>3vk^<=JcymP!0pgDUSDLUv
z!z|i3sQ>yk;Pl(W2i3-GPkxYqXfN&|KRajj4SLj9TpfxhCjDTR=+d>s@&EYz`N3{J
z2=%tMw*2nvh-D!Nky;2MA96~&nxmz1o92@fTLFwmLKKMCm+sh&PqxNHBR<UOO9<)^
zN``>!`pU}6`Z{-&cN5Zu)xP5Zp}}RT2kd@byVd|<VQdzMwg$-*#6RIH3S9_7k>0F)
zZebc<xbqKz>taEA>0$4UusO=sV~-p0K@Ucn8^YESnm!9XG3hZn@`wJvJF)I1&V9tF
zQCXFcmfrnoMSSVf4(^lI&%!S<7<hOhxh{ge)%A)@svJC=nlqk%Wws(Vj}5!XY7<ku
zbXN2$N-oJ67^_X9MMel4Hv8ak6I~$5@CP6%To4h!SW|fsee2^hOcTgA$@>uIHF}4O
zv(Q?L3m2uxFJ<L<Kwv=1vh@STa*!NAI+~lGZ*}g&YjFIi>XqivI1_&z&glxK=2b5D
zAJ$e_0#VoNBVfrWYs<2{$ua{W;o0lUcO^YwI_H;~b~5(Of!&zz`s>^Ks}Ej+gqjah
zJ|dh$YD%lS#N8rr`|d~3(qX0ppcI;Y`r_Cju`?4cs1T3~Oi&xC;}{@5XlBj576XcC
zSS$2GaTmasun<XqAk{KgtNbIx?FDy7h#b)<5)MvIhKBBL66|qO!n7C2)z=+MxC3_Y
zoo_=!RS+L-=ikt@vdZz(#PC(B(g}AawJ}bO{fmRWi`6Cot65A~cy6GyQ;);k%v{@B
zw6%z+u!nR6T9uQN6PO5c+zeNc40FVieh@#SUvIWXYU(kPfx$swjX8B+eZLr(c={N}
zKUU^0GN<)zLvn*q1ZH$QP+WUJ7&!pwFsJ>CYBF+R7c9+vrpCv;U%X(Rz;w+w1YUxs
z5fKHRQ3}2v<LQ$yZ&S2gD$jo}F{xVbHy4Dcji=|n7|mn)JFlqj<g4eHu*k%Eft9XA
zi|O&We}^VqClu19=KN&suYt%dL*4zLoN&8r>jp5G^R0H>=yTUYwLl6+^2#-IL3{~y
zph~M!aPVK=gt-J3ss<it9+DNRDHi_Dz@>m6su`if&hO6Z9H`67>xFpP*{uLLGF*k`
z|E86_YV$tx4GxZc%}UF8o8X6I{ggB-0L;Hm{`~YD)K;bE!lB5>B7S8WLqfXUbO%Gz
zC*7L^?pP|oBIAO#qjf9m67|C11SvReZEruspd>0;j6ysC3POfl&Y=~9W{Clm$T@77
zcZxqDJ=LnA1q^7Xy?JY|7%=XRPqxSF;9@Im$3&qj+cJa2Ah`>6Kf^b0bUDmB5=2h-
zIZiZ_tnLN`1calT8aHVT!7^&@{?S8d4K>-;GLWbgG8JgE7bbYf1;^PCM?n}j2FR|z
z(lr@lR`cB>dip}d9yDIiNt)X`VQ&m+XMoMu$sDb6;Sf~5Qnol-qf2Bx?Qh?dxH5`W
z#10#UVfqb-Fc`q*^2GM^0H0=2f@#PkY%O7IoSB1>2iq;$9v|tZ=fFH=z%(cJfj3!g
zGjd;BJC3Wg!aYHa;%n9i6Bd}03dEp|srOlQB>7py0U_&yC6#Qk0Nx~MO$}<%^!Coq
zk*$d1$;1>BX(I1U{kc<t=K}s2a@j>f8G)@N%2L>_!NkNwF$|kQpi4sT(f0d?N86c?
z<{|Ebxh5DZ6UW!Ln`$45^4edG?>2usF$2d49^$utnW@Rg5CuGa66)S~oYe<I?8Wfl
zL=YeCAyh!7<AKF!vh)^1^wU@&LJb$I*d}JE0^WXqv32#M&-jMDEzz9eMl52FAt(T|
zYqGs6iXIrJ8d$Pf{Ne_GAM5^ByBAA2y)Kp4($7y&56eUXNMR%+KZA;#SxpHW2&|lC
zY4AI8{8nzhf!4D1S*XDjT$!H}6Uo~5R7M@wKNfv1C@7%u+<X*3bgWwzYcO(%R?^NU
zL`OvQfK>AG>?O)GFE@t0hA}41H`dl~|Hx|@c0Iv!Q{%9w))<Ktl%)|P_923Dgizq*
zA^$U=$HCTd;KFNuKDwgY5EC#7Dq7Evo6QQJyG^3s2FcQafCs>0=0&k0Qfz;uy5%CY
zE)aZN$Vr1k|GnpxjI?xEB?xcB7N5g5yrRG;fldkS2NXb!x66lqzwU^xDZ-)9ht@tU
zext3CI4fX_NB;le^*`)8Gp9D@4q`jh&Pg3hAOMaCyJVU&8+g+o!*<kam86xGd*0o9
zuBoLJ8ygFopE^1_Go^xnk!%A8DYpF419F${%`?<|E`TZ~nzK0`DnHd<41B3v61GC^
zdlb9CQDgw*Y~G#G4XHpc*sKNKD{OiY77<a3q?W)UX#tk-u(0v*aW+t0*x1e>k>gf(
ze&T`7v%V=vgn`Q~fe?r@%#xl$eQ;&)pMPp=d&mu7BUL(jbar-jbd*D{&KJVD41FLY
zkByGP0fW{`dFc{lIT$8XNf@GwJ_p)5I8?Z;Wz=J$##0JpFWAfT95FJM`V%KlvTJ;l
zeo%lSyv5!Y1tF9A#zuE{_ww>`$U+xuYPo?|7^&?hp-y)0+)dz)96PfA$2Igy-D{JX
z@=dt|674zkkEfv7{uZ``({2i7%JwsIaQF=daCj@2jUXQw85@&bym*F2V7FUEM``rm
zH1757BO0e(NNVnLsS`*8bUq8%8e><$=rO_4)t}<y)0m-@=^qeKke~mO@N$M2YK<o0
z%J$GdUB8c-THDaw#DEFjv1j~a?=k<|-jizwkPA@P-;oj~T>b}K_#01gLO5Hey6Q_P
z7xsS|Y7hQ8efli^a}jf_s|(2Cu=fD+k-)MJWv`!IHdg}gXIp{<-Wtux#KWUPXZwOk
z&IFj3onaoH7Uj8fHov}IWnha=OIDR)ClEFcUxH-`-YRR4DKfij@sYg%vf&q$cKj!y
zH*}-1WMew|^YioJo3K-FW4g1kzFx#H7gA^<=6OyfB9c;4U^;I?pCBT?S)*sgd%Eaj
zDUdM0E5P@W{1I$63No1y6uzg~H}KQZDSbJQSXL@8Vo06y>yQ8ZPDiL=etv#E!ksRh
zH*el#Vrt}56B4R{BFnB*wF{dxNG@JX6JsvE8sS=kuacu_>*Vw?DyHpz{r4Q5>KyOY
z)m5}QeOqKi#N@(4ju`4XwVwRjTce4jxh6An9YCvDADy>ayJkL}?U&N_@ByS;6kIl;
z4*Z!U{2-Z`bY`g)0IY;-4E$>wwm)igy@m+`L+Fp=SB3;B5QD0MstULcXr<sHHPqLq
ziy<CW5kuhTK!Ve!HS!Jo#_eIMf?f#gU}JH37`ZHgzP{q(;;=y~WFSeHOARI>OhA}F
z^^~A4K&z>LAnng-)L&>?>9!U!6Frcao+>pqHkO!>&^B<7I897V${LMwbV6ndBDvZW
zpCj`N477x{2a+{xjm+A+p{cIU3ncp8yDLmgsnGBN)w3-BlNLoBZ;;6mk86;T*5Dhc
zd+BqAVicbK`Sa)06k=#Y!_sI$8^1rIF7kRdHa3!y{*={5tr!5+cX@eVzI<t9V30P?
z^{M0n+u_v(fHDiQ%11ZJ>m;Y3d*|FBA*13ndX<@(iP&5kMl_(Y#m2t;Q-pB3o*aQg
z2#z4c2V|_nqFfP4_v!P=Bc1?pA%J}lmYP*WSo0z1W}||_cm<O+EbDBWYekNSbXnbo
zRm)mPR&|vpl%BywGR-%~wzx+SQw9kr4kF&kzfeBRY+L~Dh~toU4`C1p1U5e0XNF98
zr0gP}kkBNKkQ-md*e52ni+pE}x42ZHZ_~WDde{YR7V>Xkf73$FuE!BO?#Oa<yt184
zGXNbxo;puVoDW&3az$QbkP-;~yqOS<yg8cF*lF&&9NV|y;e!P=#{YOlj&v6&1K>ov
zy1DruKphM)A5!{??D-HvJ*8+bCYYk@TJg)!uC*8}D_S`Sa-Qy(pjJgb<NnzTXlenR
zLo(w{c~4$G#J#BY+!f5y-CQ0#BR+fbcOQ}cD6T8xkZ#=E+`P830qIPKg@G-Q9UTaf
zD}kJF_yp_{H8nMb;MLI35GXs4#yOUQToB~a2q`6K|GYRj_dSp9pO0z&d=(gYmVn?B
z7h)wHocz~u^xu-Rx3>=s4PERwICC5{V)}nyt;5m%(-;3ZW&f5hk)8vmtX4gJ9G-&~
zNsS#JIrcw#Cemvu2oA{_0=c4=TOOqmd?`%2fXu4UVCeJb(#yXKI$T6#0<fsAV2Yyu
ziVp(u46!tzOU{Cme3KlXh`Iu}XuoBH(!`5!<^{+m#l^+Jo@T~nC@<5%6(Ba^4HX{$
zEamvj%*@;z6}Zi?(IJwF1xM-un3_ZKxX>MCM^<mKu$V#e4SMW_X;9+S${b8pRml@v
ziTp35$~=6??e`W8Pw;sduF!Qr?u4QT;%G3LkX@>x88>7UaUzh!2{y}hwm30y3}#x<
zSqUl!@QZVDav<FR(~4`q={5sH@=??cqy<=|q?~zCDTRd&5VNhSs=9IG2A$|Dq{4i8
z^5h99P|O6R*VU7bkH3Mjk1{9+vI0g#x(965%s2cR_DnGhB^E>-7!VL@hGc2Exz{_A
zrAR}geczRtYI_&$V{g}0+ztmA`Vqou+xG%XA?x!=_qN@*ueT2f?~XHyNM!M_9C5kq
zEeuy5yt(=SD!$WL!&!6MHQ0nCnP1@i3xuOQ-TJyZfEK=tjP&%v!osSBw*pL|d~UDL
z$Hc~J$;#gJ*j!T4d8|aM<2IcPUZunpcJ}tZzAf0m9sD6}zQlG+I)80xNwvsK34{ZH
zL!gvhXVHg(3LLdiO4@CAbGbSE{@DUV#Px>cLVEbEj_45W!QJ1TGT=ogd21AzL8wgP
zpGSOyjqO!X&?2ZeAPz##4&n=4r{88=m8ggcB^Ge_^(IeuVrq(Y1k84*ed@?DLnJv&
z%DEQOwvRnL=-)urxrMV`T({vB1vpo#A9SC3*FT4xgLO!DWMnUREq3<yTw&OxX#D5z
zH4{wpPFZ5vth2eThX#twRU8WxQXhg(BU=j{nCy`uB3L-8Af_|4r1vXR`XGLTjS6DX
z7U)}1<RQ1yw!iy-mx&hSoyFe1^>8dc9NIF&3iKpcv;KCV{y8oVY1I<bEi?9ks>8#`
z*wEUV4f7jN+XvMicxdPMG{CZii*m5z*v>Ddo)&iF$Ye{OA|fIi46A{Q-IuAt&Q<kM
z`){-@gqpo^)M&YH(Fd|(NJv|2YHAR7<~OYd_;iXnt4+h;*FYrZhq@*BUDpL>p!Ztz
z_w`XMg5CN@<V3c^KYNB(WD;tSfJHVw*TOvk7)iL9?`xpex|+R@qJElqqjjSgvt7u=
z5MQ_u{RZdPS)}~*=mJy)Ytjw`Nks23Him9j=5?^oxQ_zIYmK@!EiH}ZeCtu0rWWu}
zrAKyO!-i(XQR9}Vk?H9>#%)vtU*Eyq2p|d4&iCWjuV1i=NXW<nI$UAvZZP6Hp6Ny<
zxQ(X6+V3a>*%LX`^XJb)=s`q8q{AcqC8kC1JZw}?Ri4Zl0P+EJ26F%8jiACy&j^AD
z2o4t<CR9!qfxmFr&LU-1P5(Qzcvus4^Hc!Qc6UJ%aE6VD7rcn=-InXgz|)|AnkEC}
ziiI5mqo)^o@7_I#u>x0?K%<pLy>^!yLFLh@aFMHp&1-L#_V;#L3$zN1&<N<eeEGqH
z2b>%nVP62tLWfQlNlHyUiH|R72?};H8`luM8mR6rE+vX|w{Jt?5D6^)voh|`Zg;dm
znjBLX5C@^Y<~+!^g7)}fbCn<G^hvF!NT=n#Cntvm{Tw_1*3c%1s0;H<OC!nP*7Cc5
zD8akO0<h-2AR-9qkh{(cS*rV>?zFVG3qoZ8cCF(&LBdO=dK;<LiwojQ5q}|tJYY&6
zJ{cl15c0nVSwRRO{iQLv=xmh^HUkh6DlW6I?O$i$K#<;qH1b%DYQRtj1NQA;=@)@Y
zIXqkq#Vs8894R4^Rfb~UT2|$m8F^FW*5Kkf*ezrT&G)Fqi=kK@1yYie;XVcB$G+c0
za0D&J?GF)~@PJz?#NK@LEIvLSIB0&3;K~;|BEF>>5K5<MKg1$hA>!E^p^^3o$bO-(
zAoY{(x!$>s<kL9_OgKUjDhx9x+Taz=GhGC|NQ?ymC!9W+#1nW^HBXNLt*}8Oei|Yx
z+Lz2UwYH)kKFk@1-Uyx`EoMWHzT|Mx16hemt2qQJ|M2?$$Z4T#mkxvI2m?is5X4Xa
zoIEg0UI?ipZxs7eKK}7Z2;@Nq4lN3N=<wzvhlfGV^0bAN_q|#9>l-Kju;SyJJggZX
zs0YvHW}MFfV?RM+aj)&OP|YhJyV(Di*2%5$EwbEzbK_kJC6jjeTquhL``<#>p;`I7
zVT+uE1UB!dffoJW^fFTf1#&dZ4q(l~1<HOYM~(0L0`LDd5n%)G1W3TZ*3wMrQ$PYF
zhHxFPVe>^0p<&y^c{<UHBqY(sB}YAu`PS{*F0j$nKQT>}wM&oVLa7{2YrqF15lWvZ
zGUMw$VPRn)aNNCf=Y@}tv5}EFpYj>ce;SHr<EDB05HVeQQuOrA@zbPiH_6X{YRGtU
zh60aa0>or6wFU<Uko62(JYq!(Y>+;92n^-0bN|r@L$!_qqr~ityhof;avTC`u<i7H
zN;E)%I=>4HZ^FX5z<>g;Be-qkvrjc_0h~01%9N#ElmWGfmDL=iSJD?vdhaQ<4f7A%
zNS6Yu`5o8^fHYM(hNGs+$1NZL_f_FoB!r&r387BZN}(zRKbIm;_E~Rw-y^G0blQ;c
zDQdjsGW}B9-Nj#Qm_tbqv4IL+`x`xa^gc@VpOn&I884Ndll%<vxn2l|S2@l`cu(ZU
z#}9+oPye^ow|vwNTR4|jRxscUfinAYLX}Ms0(Wds;J<3Hj!~_wuKvw5uT!&Dx*;U=
zEkxVSoqHFYTHpLD{e79K<rVs;9P)<#DGle+&cc3}cl~cT0>Fue={f%BiV(`2)2*$s
zqeDK=XDZ&yv*rn|WXr#M+HQ_I1nC*7pf7+3{iX&26aZ3Eg#C>u4o;avic`A|(&MmS
zX<%TW|D$C&XjuUf`q{FvM{OCd=R8&6Sp82#S^RL^K!HvsARMdkz_GJmNPH6}3&c+J
zPqA?)wIm$PSp<EKc$I+r3o6w={JcM{uA2!q^L@|O;34q#@mYlXy7-+ra|X5xViml9
zJyci6fTodeYWMYB(S3A?--KqhrxwA~)KpAbh{Sm}2ibDv3CK0+e{~d5NZe-(?s2Q>
z7lJ^0+toKUFh9aS6n@$DPuah7SUsRT#a>}!vw(Zsfb9lCsgaY@IsjQn1?J8Xr>a4o
zQ$oUT4qzT9cR1l?UeNEDI5^}3qv75w7XH4zdviymcG6HpOe`RZ6uRQgzq_LBnn<GT
zKN_LDF|!of2w)7lOCb{gL{r|sVwCNO`-%*u>Z`(@V?FryAD|owpB@L|6XuSB-CC(b
z7V1V=D4B;8OHHirs5L_V1CcNO)f){}+}zxBb#<XBR#aAsum++HL280+32?^~MSTz(
z7|{RBRJMMF;K~1PhtV3WU4OU0FcK=Nw~%aV(0~bfVXZ3zz?fausnPiT->J&ZZ=P(=
z7S!usS8mWtDx&_teGcyFVt*<uwaqZ3q^t~_5aq`nRV@inNROxmLR}BF!z2C)fxv<r
z0gTq^M=T8J=LaYU09+uF0lSF)u5Y5*!wcPK6LF4OkcSSqO50j%&_EFDCP6J6b_zkd
z<3Uk;5Nv%ptS8Wh4|%D?B5b1pvI?=dKghz*q=Vqk;6n?7|8=<k;i_g|wtSDYZ(k#&
z+CRSY+aLfj(7pih3Zp(n0Cz!H(PLa_Z0bmFMU;EUQ$he}DEY6ykLa+?IGXI;fEzNv
z9Z*0Hsl$V8<U$<W_U7oAk6vN8Hw5w+ut`9~5Y(uwsCf4L`C`VuUZqxlbY{=(1TrFT
z!Y8N~TV-p0sW=${%;BiZ15}EUkdm^`RVK$fY*lbYd+bK*{NVOSL4a*Db|Hm(1%>*3
z$XUUbgUiAhcSlnVVjpW8)dzbcJ~Zn~OVF3QGs*r(U-t3#{)t?re=+)uB@e|LHiYCi
zae9wy#38m~!j|<PfWkke555C9BU;<>PjQam3(}yV{~jv9l|IOqTVFWb#q|LNm*1Ch
zmIvno2~3ZI=AZvl;{6|V^{6L9Z95b~LVcbB_iOE{T9w1Eq$DctbGjvmt4cZJZ?bX-
zn|vsp1tO+3inLL)DYp5Cv*U35v^1+NTiq9;O=hIkl=c*&M_*I(&rDCNfxAQO1wQV>
zSYFV~#E}*PclrV<2~ZDUEr>n{c0n#9HO$ZRt@)v6srhc-xzk5)2huQ|*z2$w0J-W#
zW(=VtaI-2%{)5Kv=kI?X0Wk>Q_MIH$rAgj^-R-(J$wBBcDEPlLRK6ok_2T6*m$3l@
z&i^8=lO*2@O%-614*2FrbX1yyjhPvY!6W790D5fT>HMgI`t8%m-b&akLLU#L7O0`x
zMXps$6c4hG2&iC)%)fF*iaGmv-&M`|)2o$PAm(q`n-lBsjFRqb<j6lLYghjsJ1tJc
z%Q9Nbk+A*FRzPwQDqlRmyK*0R`!kSSgI0g<-X}<8=saFivb5*ur9(~u0>w;BV&3e~
z&uM9ED-drDOb?bDH`<z;DR~{zBwkuqZ5hF)t@fe!u+gF6gj!3V`W|HV=V7N3r*Yf(
z#KaoVqy!VQUg4|s^z?Leuz%(fND{Css=_W=*6TnOX_vr<$fp@3a;-eKr&FN}%GZL`
z$_qs2Z0zAgMHmrZ(guudvK9V`6U-{r-f-iOoz2ZKNRHTtw!)2{{!Z1b{^jzw4&1Bv
z5>y0Q)x(U*pF;z8c-#i*!lrUvh30w>q4|H(y{2+>7+*CqAz=vjPf{8L_qP+OV3-Zu
zU`j+adi8Mi<0QB)3a>(AoJk>%S!OSQ5<NkJ9vdhOlK)=rY%MMQDkeq)gccr)@46u!
zpFZ7tTqZ)F-ZGq$-L11CclqmWnmsN#NVGb`?p=s>hV9OR<^d!4hocaHz>yF`yt(p~
z9X6~cH~iQqLDC3_k7FKVLTQbUk3Ts+9>t`vP^x&|y4-WGjJU16oxSs*xr+|lSy+ey
zY7rVnse-ybX_37T+l;^@RjxfrMBSxxA@rq`0E9YW2gVBQPF0qbeK(m{;KfGz{yN6Z
z%<#UM*$nL6x`At}XN%_YJd&haTy+r~0&A2S3pXuug7C}jXqOI<{qPB?(&~yq{w3jp
zX+eAS>ie{`Yj^KzbSR3V5)%_Q;AUx>nryTaBO{MO5C%K*|Frhz;Z*Kz|FDXrLZxJ=
z)DDG2S|o)u$*>SoD3YONN)tj+L<3UB%*#BdjAbk$W09HCAcQDnp5D*3RJ;3rp6B=1
zdmQ_|_in{n*Sd!9d7hu?D;)%o&6wRNWp;3I@Zxyjo+Arq#CMoJjc-RCR#H?{3ERuL
zc5U3>hcr;Jevb_iLj`fyg=svP(X)_SR#a9BZQJ%P$2#eA6xN{ny#$>{j9C4*Zg}hh
zErS3Xw$-cAA=YEqLuM793{++?7@K`Ya^8<0=M~s!RZ*R@_T+yRQDybJr}M`@y8}^z
zz2?jjh-zwH<7V~@*9(_*Dwqv=NJ8P378O-X`~>X)L&Bic)T`g~@iy(WXawUyydi#P
zt+c17r=KBcD@4Z`40cZm5>kva<y|7<^L$>i<UCIkVH4uT$g*z5dn1zhKY#fR&eGaH
zBZEb__8DvVRYIU=asmZ~?xA3)Lde5}xwAj}1L{C#ZtfH~GE8A-2N!PnGd=Q0+Nlzq
z&WqEOmb6YVef3)`sBW{tatC1xAAs)!9LKK0=Rk*10|?L-|I@4xcSWPL7twt~P2&r<
z(3W-$k@@vvV|UcHPiZ+q%XS+SHE>JtZ`)Q?SGSXw*Jx_Jq%MJj(jev~kYE?09%@$p
z92sF|VPT)jJO626=puXw4Nx@}21#Cr3%Gr|$^?(cZ!G+}qIT?y(?5Rv__zwo^Dp*~
zW=fcud3KY4W3`Rvt0`Q;nw!z6>pndn5vKHTeiqFCRl;bci8uwc(nJVrXrw&>tYS_i
zMowb&pSLq(x-|2mT%<K0G^;W3f**}ypmi7?^mrTm7Y)uvxEZSN{BaRQ^DkYD&a(U8
zbEHm?Z~}GQvNh=<P4}D!X&M&)e_*b;!u$M0GQ_Nto<Ct{-EIFfJ}&Mo`c#E!q%*?M
zsi~&6@l$egGL$9|a7oeB9Kbh@w<|L2*^>(|9;Wm~P|>$SMoJzPWJ0MLxg|TjNkoJd
z*Wi~HDDiCM;X{WYKJNv!{*N-usJJPamo3X}i`1UjZz)G&IEtsk$fpbvPiW=U7rx#1
zM7n3<Uu2d`&kk`!Xr6GdT$|_&03|7Wjgpp~kwGZ62x=X-^$ncQUqYjXokxMo09-RW
zO40P?cu<6l!>75q?t2yX<$G^o`co}emjsF#-%U+Tb$744y>j!*TY?%WXa9pTbuU*w
zsP_Kde5G8yc3!W_Y+g^`vTKg!gMw1<X?O@sO!4@--4_oQL6;aTWu53~>$?vgM=<RO
zD<~>1-nnz<$W|+aFQK9d5BRD0yAjv$myl{ixgM|*E2o$du~?sbS7XDqG6)6hU)ib8
z|5hDuEU7^ZfllE5dCrtKP_hoqnV*m=mx*aw&!<mMpvwFF`7^E{;`@46l4ovh{n^)~
z`Zg&z9CZy3s_$ct2~e_?d_hoQ;L4oo2G)kw#Qxwg8jdq_{0=48K<Mc^^k+i7fjidZ
z*&q5mzLqWX@nf~+1la=P9txWeKUqChJV?^>n>29SRj;e6mM>YN<^xB%BAI>l>gbbi
z*j|Ure(&he2;5J;C&sZH^A-5m-IuzMr)QR{Q^Inz8CC_rh7HxIto_YT4ln_y)W4Z|
zGE%@M{$}c2;phOv_6o7NIj0RrHYzM&U3d7)#sz|g5BY?%>^9bJ>-^YMQP|LGrjrxg
z7W7Pzi?b`s%p@u6X<+0d?Yr94XU}vVor~ycjf{uz`T^(GfsGtzkO(t1mTzmrva49Z
z?bFEBs^VATP4Bv=a-O!gzZ+9KYA|>vdcuDi93(Ko-nddole~CjRcd%C3+c&p)yc83
zhxeD)sme;5)o*nVJiI@GD>!<iRYN(5ya*Nk!7|Cd3}C;TgrtG311{$i6;Of}|5T`R
z7xc+z3=Oe>1NSBpD3xk5uCX6OO?yceAf`b`Hq5R`Kccj5xP1(*A3E@^a7PG}aJv1X
z<bNH2%_p!0ghEIAS+{!3g+p~$((d11G1B7ema5s9h5`VsB9QX{Kfi=Nu|Q>Yt3!ue
z)wc@>>}cUFe}M+Ht5Cmj$$9?thsm#BqPqZnwuwQ(+FQI~66hPeyzvPxCh$V}sLGfQ
z)&Xih@5L|2wh<C~2_U=g9vd9c(`yIv3}6BB1F?%=j&w$$90MIr(g0a`JYQa8RRgBs
zZEnF(*;X2fMe!1-p(mi@O+tS0*#LkO69oe$H*JzT6;N)3nyjFp0D+f3zq#fXZiuz<
zJPHX3@rmo?eLK71<F?ml(xlkDiH9l|zP5ZltCQhAKAYPLp&;LVrn9pX<M#0(N)$bL
zcV1ekNZt?UlDO9;tg_P^IZ0w--c*Ge`XxbhL9YPlzw+enhFSt#5>yNjq5;w9j6#LB
z8F;5%z1=(CaU@CKx=>+hZ)z=hNR3RchUyjm=ToOnF)rtL3>?iZnS}68Uf!4Bnclon
zWlw4hR)%Mu?~Y<42RpleP*7rHTucl|g*PQ7e9&`3Y1g|rShRhaJ8`l@zI35$gF~=3
zTJN(d6yjBVU0o8CnvEm2gUn1p6-`D2O__BGiXec_q7$0v#5M&^0XCo~JDXf{+<rcB
zUrk2%g&-F?E<p~-kCJjesTvF9>Kto$<PI<_V#L>!^BLqOX<o;d{?g5`B*^0f9rGIe
zGOiyzxzvhf;kWSPmpWFjAPusyF1o?~MwM-HGbNt9^3rYwdh+zkChi;Ts@#kB)zA;R
zQJGetppxW%-E;Kh6{Owv^yHe)rp0tif;P5iv{TEA88=c|S&6rxCog7^)U5f^r->uv
z`6*wc#uT)C9qt+8!zuAvoXg$tMEC^+u+iR8?C}lax^TrsY}jLCf$wXdFSB!J`khAN
z8FQvG>FkvyfAyjqVs1Ds3Mw7q7iD#7VWCr9j56_Egtt+Kek@oLH0m;Yo4rZRPw64#
z$1_u7V<RK|=w*FkfBzKmxLU{P6)k6G?nj{++EQjESHVkJg@d3M4wG0enfCMN<y4ar
zfsON@YRPf_1j2M3zed~w2Ga0j7m_=n5`i|Jg=I+)J^4D7i5jsTiio#LBH)UJv@Zd>
zG{UK23Yv4h#XA4pGiuxt^*+}3T(-{-OJ>6H4$po1eO@xYx+R|cNN8`%gErzgIGgto
zCz$+J%^g~Ab@iaHB8zTN@k^A!X;Or&v)fYQy{Ge@3tJ36dGf@nh+s%q7E<CV(ne|<
zDN<Kzz|y{}U}vSf&g2}snUValF=HIaPc|K$=;lTAhFj&>C~EF-HPViqj*j*m(>;G|
zo-K#L_xH70K)ZCFfBuLo@66w^ixQ73J)K9psi+aOOG(^P>*#CL7D%eppyypd>Svr;
zNz$ZaSws8^@iA`a@!P})Wn7`VzS)~+g!yC<0VY7|;3jg*Ab_~IbX4Ong}PahXfZ&(
zT&U1F^zWMq=STSa`tF^Z9!7D2J3m(?&H+xnLiEIL(f)+$1Ii?DE6<*xIWRUdYF4<M
zi*W)?0hUzoI!3A>f*l|gk?MTx_A=AHDrtw(ser~GR68UDXdOG&;uOtKkyuy|gYPpX
z=XB8hTs)e&zLxZEE2pV8%+tuPfvlbg<9%z8f8YQr0F30u)>w_P)_7|J$Na`isqj}0
z+pC?Wwh%P+3(S&eppVq#i7OG;RL&jeB;`?r%y8At!m0P)ldF$uXrx1q2qTWI?HD4f
zVdLl95npwd6KZ1^5>1rq)jlX1AfZGm^bt8&qRUG7oQs&YnVA{Z4=g@dazKQey_W#o
zP6$QbiTXT)IWqMAeb@+Vfd@mykEu#0q^fm8e@pt7fBxC81%f*Z`eD!Lm>uq;1sql`
z6BkyX1UW!EXuK9&Dm*GNDprG6P;#xIt?4cLfb<~5jjMF5P*6uO=3207Uu4&)tEFBJ
z3fa@fdQVth*<o!)lS+-z=|yrrR3_4a10%4Tsu^28!U~EfbQ}1j<YWsx5RkJ*9yU=w
zGKAdVB=Z`GQmTMc3l}sryEQjAgN-cb#ERd0?1ZN!p)Uu;%(71M{7CPye#^SP5j1>$
z<-8B^1+Tr0R%p#VJ*0K77sCZg0;H7_FWFR^SCK5kOQyeS?_~i&K%nbzIU%wed|!Q!
z@P;?gWDa)A&P~9(8og~!QQM5fauhMq+w#WwwZ{pIc-Wq{v3mdaP3;W*nQXtG!Ri_{
z01#FoIm+83T;1Fd7Op7ZghVB1<&(wf$`|r&uNSAFA!>ZuKAuu40U~27qVJdDn&@Pw
z<mH`QrA`FBg@z&w07{?)tN>w3adiy>6hOj;2p+)g%Ei{?z&;#xc2JU@fgx1#!hV6X
z#>NfyDltSoau~IkI9|~jr+P1Ju*mon`<u{y2eZn7wzu0-QbMWPyY^nCbB>*%%0?dA
zr70pJGAtC-dwY9A$+&GSR@M}8x`yv}yCCcK==1#0`jolRG1T%XDi|s{(e@!fMLVPq
zT__5%wXN-OtyWZQDTZp`O+<>ay*-k{LC4qmQ%$F~wN51!_=%?QI||g>tCZk`#gw+r
zDR>+=N;_|7KKQPsATH}$fpGQP)>bA|9JYNs?>`pD(VGWu<mHV<O2XCco(>;Ny?6>K
zwg0&DD6C6}k5{Vzy_<QMuix^qL_q&oH;7hnan+wsf_Fu$A|foD?>J+xtsR)@s@t~N
z^=25><vT-J^knyR$~UDHc~zTDnCu0V5+99(pkye=)nVa4Mh?+KTET=<t+T87bC^zY
zhRqdAi&gUrbzmrfC1=;6`U%toKFw=G<y(5M=VPsa0HyQB&-s=_Cjrq1NnB@?F^(Kj
zI{`T@pe;MQ33TT29vl%@!EJ#&GZN)Mw_|)%Vlmmg?X=}~+_;kGKSBlz!5U5^f19Xr
zg)e$Loe(7(12igdTZ>&lG!gM_qL9G5PTD>rElvH54?+xt<?23f<C;?Mt5pJ2bLY-(
zTc36N`Y#FQ!g7SCGh9iVYagJjOe;g6!jJ5|y3j#(R|lVUsL6O5$1aqzUXMGNe!d@b
z#G>?O@36;9GE`@{HL*0#Are?kCNUvF`^lL@K>3g@c74Gj^c4~HFa&0xk8CWpR-nU|
z6uS`|+=g+W{=-cZW8*`I4_8EjMu&C5a(Pf=mRyIzO7k`w^rJ8iLQ#%6kddAq*}Ewj
z8TFq}B8LTF+{JyM4~+U7+0R*eq2~l+-i;WPl`Egve%G^JM&_`}D$yp5#xzE45wHVt
z0N4(78fdtLqfy)R6`7HG4fu0<_kWpV0)1V-B*=S-)4v^<B~uXlSpAup%wlsxA6h3t
zN5^5)|8MDE!X-#|YiZEc(519afcT>`|GpZd>BY=zP_x3<Zls7gE}HL#=+PJjyU<N_
zH@uT%c&-Y_UT5!DFKUFup{mZ+bh3jZhp8ot=Bp!G2HO2YYkwBFog!*69a<tCE27r^
zu6WM;AJzVDzxaq&hv>WLnHvOMUOdJ#IW%;Uc09k<%l!vZ9z8;kgdOg~5&LUU2(aO~
zMwc~TFXAHzJ^GL_6c)S;Ko`YNp;1}*cc<guKy*69h6b}@U!Z3S{;7jrh+;>(7vhCF
zlpfxNX=0Q;8r=_$S9rtq%}T1OV`f?*3(>cr>fSnrsE&}3cd%aI_8#kPP$~*fO|?34
z;>5Xg+ZoZz5$zK5F=(B`!e*Ndy%ZXKU-oo#9B4!X{on1)mmGY?w8-z1f1CZin%}Yz
zB>q0tOWk6QH(D$~bT0ckb`c6ZESCI}mHW_6P)l59=dYBk2<=*-$(V0NE?W?7BhiWw
z{W{$W5@!**G@_-b`AlmlaD2E9;3HR%)^ieF2Wk7nlXu^g9(U(&rbtYzc%6;L*Ho6c
ztlo1=f`resef#v7=wRtlj^iV;UREkeoV#?uCS}90S(SQIjJQ=zUjLlr`PTFqNjT-Y
zK+5JJQw+g}od~>ZpWa$d58W*x1pzZjtaPY)T!Q%jmXHgN85qbhz~5mH8G@&y_0_95
zEPP+;f`Wno3D1pY7p^B!RuESP{lJ0Dy+Mkb#Kkiq&IJ(w=nK{n#cS5q)~HGlKtQmB
z9XJ|ZSR=LzO%KeqgjeUmi3DV%U&bnO>y~_+N+@Rf?Rt6f^@z?!g)hQ@0qPMDeCx6u
zCNdqChe=vyGJy&OM?dJilW;dUV#q$+(9p9{A7S%YR02*dS-KQRjo*daJ7f<+{RGit
zO3n{kRQ+e&VLSDsLXw|9-v{#;Sp4##n4uet8!(lpOOb(0!*Gf@u8)f`CA2eVAawLj
z*3(El?NGV;V#3_1NCrU_UFzSZ*>|T#X5rhF@DiLJ)Y$EjHh7PX5Jmjyvq}$GSy)&=
z*XL1#`j5F!aR%Lw#FZZ(fzjg@iN9fjY(zjQm2chzEYNdnhbQ7_LKCeefHXJJBNzBk
zI5ObWMQ)hDF7M~(2j2DS=Q~?6)}E>Q?7?rCm+7aY<j-$qseLH_?32NbA}1bil#-eR
z@Ck+I0k`Ex<Fc>Zh8yn{Y<=C}RUV{G3mGTu(2q*nx5@Rmp4}lqM1g4Bxv;9t*VJ*M
zQXeP$X``h?+=b_T8Mc{W6n7!-5X-z4gh5Us&dI_;B{OVE|K^RgCuehwhZ5GQ_He<U
zG=!Y)uafgC^y<<BsU87}&mtrD=kKk9#A~=u8m<>yPW1|$`%_4KsSY@)r}wC?$M+&0
zeXZmZa9V3Nxt<6)x_J?2YJDjRvS9BHcTdLMTel+ko=s8vUY1mT<^kSLkTMWnRTipe
zJw0rF0|_w!okE=s-}8?@(|hRS)6v%_)TZV|P5A5Bd3(FNkDod<Q&(Ntf06!mn6$a!
zrNohg6rKf4KmQ;dosw*%1v&zBNe5C(?9ZO<uBcG-d1iE4VuLYYs-$`znX6Zzi4glL
zID)=WqZjBMjCOrJJ)8i^E_JK)yK<yUMwQ3v=q7l|)%hQ*cks7gXCx3m!gY%R7pHpE
z1^JtU3ymifClI5)l!=Mh$%RdI@1_^8{oM>6Jz{*<+TLIvnUX@m5{JjIU^O&*dmX2*
zv;}LVY}ucy{;cKsbRGV}5r&<#1gyDQOR47$q%NO^eU~peUiA>iGTiBfj@RI0IvALi
zCgx+@{`A6TBqq*uMrFD_+!^=;Ep}FNy^+|RJ-rNhi0kOLOy{$sSRD&xN&B`R!gh5T
z$LXg!R{bl0{r}x*=$wqod5%Xj{y51vc*K52NhJTv_wV{B_Jvf_{_9QF-_4|J8?}gC
zF^K%<rFhVx^32TNEiOs{g+**g!!DZ--NJ$QQN(opE{GZ!5`sYak9m1}I~+)`zin8*
zUbsgtvJKGPVXqA-^-2dJWXt8{2$Uhvk}}9wcvom@X(@WBr7~&j-rnK96Hw$a=IvZU
z;(^!@KoF6Hr$rHNQkj#HP2OYIoOaAws?7WJnKNhVbp;#j-ESSSLFgYW1F``_NUJ0~
z*{H`ssYg$JL~{rkd8*@2#5Y#P5eTcL1xHu%`X4z1r&6}Gw%$F6jvV*rCM6AX3saSm
zWkG5CTC%Vi(TmR--JfsqINrbJTi*vv;?ErX)lH|bW(thX>%g7zadqWC3hhVCV$y(~
zxlKS0i)=fnD<N$@knpCgYzY(71yH}k!#+&)uF?Mmq7ZA`h0<S0&8erEenB+Y<><b~
zHS@4bzGZgc4jKL|3*sUgC1579zjB3s@!|?O3CEh3(<`KZ_ZpZ9B#;3xEROAVh`2<5
zfjMc>f-4i?vC#qxjY;a5uWDtj)!p;a`aNQNGcwoQ!Nx{_^K38$nt2LWCp?nVm<Xx@
zZdQ?niLI~5bs4*t_qU)gtysi}srdJ(U!zv*ycY&rC#)lqETg->(NG7XZe<)17Z-P$
ztP6(-H_5Sh<zGW~<jOKt2PdaFSSBuQ{p<CG^wnJ)MRwz;h8SAunb%xDz(7MIRPutj
z<LCfi00JPdy0m-A{Nzom<*54jX9bD-n$YiMn4Z~>%0x{2x`Mx_eOeDcU#DnI3{ki_
z3o*?T$b>Vse7sujI=ZO8dYYP67k*Zr`C3cqVIIMQY>$wZpZ_*B8PPQOh@=J~?J|+P
z6&xH}1w^-Qjqg#XA&EFxYUVh$^MMLHdD^&)al;j=LaOm90z;q-W~e_O<kT<HeEI6t
z2WMXze23=jyb+K~z3RIfbki@3_tDx2dCPbVRe<8Kq9W1?q~3!c-QT~9bONur2QX%u
zwLk^97BS^ln#DJu9QO18>P8O=zbx1_Bb>qV=ZgtMiBd&iHh2rTNH+h~z8FeqLP>}T
z^{2hGHmdn=;Hof!9m#6Z(WF}a#S3e^o&TH<;3VhcX<r@}MeL>v73m{H*Mt2>Xk8f{
zKC*ZpkQ*@qHltf7NExyg{EedFCuv{{02O+&qaJ>AoOz`Cn`QQe6|^>q0ERkj-w*i|
z)zw{s<Q?FBwO=;ysJ+N9{rC|n#%n`WcA?n^PFrsp<C$qWa)M=t?~O$pDH39^WB@9x
z&y`JN>cP``L|HixhRtB1qY#J_V21ZOEM$M78PO37DKSJ9lcMXmc^TeMynD>a|AAz<
zg?nswO1u<EzpY~uPs-QJ#Ku5dtu!<=unhM1_HuD@2KxCK7x1O^(y)vDK7L^`*Q7RW
zdQn^)g+>IE$XXG-<hrc?LN2&9u%AO$(qh_ad+9W!fm;cn@<8r)na+OT-;kL3hllHH
zX-OCq-6R@?J^6u*)tI$HWS#V`adUI)g2%ccjsZhZu;QxHVRUMM=W$|A=G!0JGto0L
z38`L%(JE!M6f($Bma+^+qw^m)1Ll35kkH%n50Swp*#zGG3hbJ_5dW$|0^nPSW)VYI
z<1bX8AUgV>z;R8@_$IO^fX*%a{G-5uTUvIDiek^8z+MIwPmV2@dM@WkS?c~<>CMNp
zuGs)NBW{kHozs^gOn^*o9vBlC@n-PcNkQ4|<02UcW~!L{_e4MY??j)4WO*Cw)~x@U
z=+hrz-26t&G}VVorQhRD^Kz42&I^|n<U&{j|LG*CgWlL3oncCTurvLl3KB+UkF*&Q
z!PhvNZI4J>w^ATMz|0M5Mnp(RBfz91OMsUV(%s5goB*AW_eKq;KjQvnE}8GbxrRm#
zml8W!O`)wmVgL;(oRWy%^lkvZOM=SO*cpSfVvN)^v^((5yf}?ul>k$&RU|-ZPYsIQ
zfIopVDSsO~PcgU)`Ca)B<{-$kO#)KRD0wd})I;^3qoa?^YceEr%M)Kb2W~xKhqa_5
z+cdrvLI;e~PB{}(eTW~q>E@P`lLP(HX&hSxJy^+pxDcd{<4wTAD6`SZN$Y*8-TyK9
zDnj>-EcB3&5MuP*++fe0jYurm1|7lJgG9qkpLs=DnZqi*q=l@-yqE<K@tb8UNV-kq
zmZBW6XlUu_z5cXNj_q_a9~Nz|(jG7H7YJXD)JsK3&X*HFe?`B+H$xeuP@Evl2Ew(3
znRx`pxaG@vjf-Ts=cil?g;6N8%Qkz#S#;zjgs)Clu1E^75reAmhLJeEBAk%X98+{^
z(J<c<XsnK@3uxS_i3z)zT?tU=R(kU(MJK=8ARl<~k{{040%wzDTAG?a5f(tt$Vg0w
zOhot~I0%Hlty@R8PiZM3+yMq9I^Z?Gm||PDBj{kk#BPf4NoLw(K>)@&<Hwd@ATK`S
zq$zTKa(o<|;;m$+Dcau=U~+oQy$=-(uMt_Bucz7wB!hNzBu6LoFNz8ZpJ)KMC{Zm5
z92HApia0@%b7hyjDlILzGa0nQa53Woyq<M`K|t!R{YlF(Eq?UhM2XCV0mptB9o@VA
zV&kYKbadyFoT`ryGvsxb#YAAuw?AO@g#Xg#^Rx+0*z<8_8g?KnLRV^aeI9bB>)1v6
zkoghjF^$ro&87&YAO=DFi@>|_efLF;Hx<r`GgHnW^VpuP`c<p`vBfB^9u7IRCwS@K
zEq)#$P`qLhBVJnbLH$N4a}Z8j**{b!V$tPl#_9R6{}M6;kKNit+${<<2Z!m&O!UV4
z*v3IX#@v8R!mFV1n+rSf7DPpES-7?EUY_`+mBeUEuo4-Ms0sA^!_7aT$9NsQO9ZLT
zB_%Pyw;)PpmHv5O`evSP7Bkj4L==5}8{-ap7(BFym3@CucNRHjQ<IYw3!yhMJ{kVt
z!6v_<2g=lIhm%7O5`}S}IV*A1_bd-WN<>572oU)xv^-GWz6sf#4k{0Exms&TJa%7J
zPQdF*MhiIy;}2Hn#>>Hjh={JpneBF(ef9Jr8a;J^IBMh0{WTVr^WTPE=X}l8foI*(
zT?ox>TyhpMo`>Ol#K;;=c&o5zV2#F32!4taN6hMbaNNd|gv+U~u^*e*q1{zq8>t>!
zuXm5h-Thd=^efrfCs@q!AmXN7#n$l5Xu|frb<=v=ceSbdg~%y0rLV?}uOZ{DdE9*O
zsV8S#GmXuxJT9bthe+WT%X(fpL2=ycLt29HURdtlOkb@fNm+naN?42{SXeF%`_<u^
zb&!m`+#F*9(XaY20g_aMpNk>ltgP+t$OAkuR!}I1VOE$25mn`_4F~%>AJ*u7Ll>+E
z`K-71KgJ3-D&*g~cJ^cKR&D2H@TB&1cW>c=@E6g~Y^(V24J>z16mR<?(f#r$8B^;H
z)*$v>r8igc5u&(GORSc8eu~_0%7m8?S&U9|Qy+TFX{gl-Qr{aSlC$%1s%)kxs%e<>
z?p3HpvXHQ`f~GnP6Vs0HK{$Gc9;n2nvy&`O-V=70zVP{`FXHZ~Cr318mNGN@W#c@k
zw=2qRroe7W=mzq;S}}~sB9^C1cLO^+e`i&da%YN>{xH?_f}t`IKY_Y~mMUhKf?T^J
zHi5_rd7!(m`~^UNYShYk3ejSP?js6U(~%`RCyqU(-`pAX27AK1VC4CUG^y(`SEKn;
zq=aAH>~|M;gp>Wux~6EgzH5;fX!Ub0CqS;P+||*c(PV69;qeUhy(|tey{eLu&wend
zo@Z|o9pe1sW^hZ6NK#0P$5@P@WAsD`dfDmY%f3QRhq%@VWF2k3X(|%ejt}Bqwd%|i
z_BE>T1p$&~b7&Y>1DZ8ppWb1eb@Eo;MOfD?_HK@@YLuYtIFEizcTjlE<6^3|npzDW
zB~&rqEnC9(+KGvX5M>VbzsLUmMltGaJUrpS!4A-J0*r5WnwzPR$748jR7a;3hXs62
zyTcCre+)LQII8P!xZm&zSBpwdnM8Y(9kNyOhF|XiG$9K$8nIP?Pf2O1POd!B>j5&r
zCJ!5=E>rSdVmTzwpPmXvAf=`3Uq|T7kLPJMp1|;(XYbwQ#_W#!5Kqv+stD5Cw+Ly0
zN)F{b$EJVsM=|SJBcrV&=!o$Q`|*9fEY+#aW36Y`7NfM*Cq`TM9+PK@+1Xq)02qsM
zpFS=71|dNG5yw>>FuZ?%+QEVh41N6%h*;s5mHqHptaFP?P8C7-%U2YSk1Pp7no|Wy
z{qc;)eK8Cev{fpadS{aG7KFI!<=bceT)&BE_-S=#*a3vA3_@4|Pa|uE0>SJ>b}&?j
zDo`G%Z%_@F1X1E)QF;f!3XeCm4?vILt=niEslX^qESpRu)fys+?A5+&0v{?=DlAsI
zuw#WjpX9<{vyVVT@rToj6X&Q99DQHZ>s}~IyKU$xF?8$Kp(sgUkt^LqBLu&GBrs!B
zp?@jD`B#383Rn+*YCH4eh*D;bwtBdv+$P2>yc>ZG3OdK;TqV{`blk-&Ueg*b*8bTm
zkRPJpAvw8Igbt)-#_jl~gXXDy9_Y%xeO!(MAo^@zvmvlmh(N{n`0?YsylEtlB3*71
zFvK3Bw>rIU{{c_zhnv}?m(Csm);y}N2d?$aR_11A?AuR%{r>&?zyOhO=kkK8Y=b-S
z=1qFU{et2H`gICkw!q^t$|jaJhN#{!`(pyq(<8#Clj}^7JxzlNtLI_DV<~-pOrQe(
zqlLeaE<EsFb-Fi%g{9^!6LB;tIkw-!5R@rQxyQM)3q(-`ZlC|j1*)eu^<jF3nzR8U
z0M<8x*kfmVnAzf~@CA{GKVZ;?YAVcO;F*+VsWZc}$fzj9PC&i6*QjiTb$?@Q025R*
zz;$@-u{kYfKJ9nkbjI#c6&Rs;_<3HG<wY8V73kq~mJwy@*ax`f|K{&V;V~fS;_9@O
zPiIvjCqksN;*7M!=HGxCd*q|{tv|(Xywr|4dGzR~&!5%J&u2Wfr6)^C?yIqI+kne>
zdR-b1*UV8QGvKMN&t6sH;gtR^%ThPyuMWJoEz|t$jvLy+?;oN(+Vy5$*y+*j=bU3>
zUKeZ;mih5SU;9cD_Y;?$zgH7t?DL!@@-E<M)Ls@;Y6VFbGU=+e{DH7~pe3oSsHlJD
zt1D<8`u@cE^N&k}f+Wrz{tZ(}1z;~92C`3eR+cS&b?jH#&4m8MIracUHQb_*TEVh~
z*)1R-0GZED*oBuJj`q$<C}jDnKnNgRkOCv2Vty5boe<_EqVdLkWBmy2d1AS$p^YI1
zY+}=p&WG=!Oe;-z;cb2SG9*`lU#&Y$B0rOAn%2@difd6r|23UZi5zus@;!+UY(k<o
zawss$pu?^^bMt@Yq_7Cxym=Gyceql^5s~nzOw2QUHcK-12}s-v*qcWx^mSVsapzdK
zE-!b+ya+GylI6>N?aWW5{?E?_G$O}#y_kW>AE4=CYX6avWL`r<L+CD_zb>OxL*KE2
zPD&E1!9F2Nb-ij&4g3i`Ajhp5-W>rhv_Dvo<`;w7Z!-_5OuAB%znixOXnrZ9vqx%f
z3a<|#rfLGx`6VZr|MKX_XbtWBUwyfbx)BW7C_zx&x>19JA>Im2+daT^2sHt3971KH
z9S#ma5}?v((K3;*Ba@H`^Xo9kvEi6853pqZgZym3tuWE1Mn4De8><uuUgQO4oad7D
zI;g_muu1sH@NgfrQ}FQM5ep(=d6gp`5KnZXFC>j*eP`qKihOS;OwSBrdC?^n=Ewha
zH}-hVgDmOSb@tE>mDX?m;}ScqtEou>$BCk7@8BTx={pF5r<i{cHn963PA>o`2~W4t
zS8(bBUBweh>|fHjPV_XLHk3y=3pKH|4`+_%KNq;ObMM{|LKbtK{Wm)hQOg7F2#T%8
z1a}l^H~-PZSpsvs75;@gvtldu5nqMw_r>G5MTc*X;!(PZxUSR|3VfU%2WWzz+83ta
zl<KsuDnSAD*DF3Zm<cr!&i}7#Mcgd3m6y1Tf3DRza?Lc+(5G}FFtIk6Yzm9H)xzpT
zSe+YLUK6wBf~loJ-fzz>Iz5(bZQ!;ESE$*c=IWOR^6Z()5UBX~<MdDJUU#|c=}AM>
zs0@r`1q%p|v8l?ownD^8s*rTft~KFUNW*(*XweU%#xX~|Q#I+9s~d03*4fgIo)qjH
zrhm)8arX4AWfB8Ar`ERZx9#?~ycD(0X4tiP1BnxNa%{@D|5Dt;c?=QhoAApilc^K*
zSlnqac4%CP8}H8HMQ<;<#Co#rYLsadpftAr*tY%UD6lVl87AnEvK~`g)VIg2Bn3-T
zB=SC?Ya>b+ef6AQNXWLG=(w{Wzg3kU(ZmKK3QtKB7ybE{{%$>kw^D+>xt4Us^PGBi
z5qF3HY6@B^?0BIJXa^uX0%;-3r6sh^x!TatZQZSKP)?JrtPs?{?Yj%N(grWS%X#<n
zi;rrBu5sYp>{ua@Cf`THksewhLIby+rin>x`QoydfN!=T74?JMaLU`}WyAUYoUo`Q
z=WjKy(>?j1eEaIvtIPa__L%3jH1>J|tbk7(ON(i^$nc0xn=ynJ1xr1%qNSrs{LpzU
zHYSQVdmhr|{_5J59wLo1r7&^=rswh@nAmH-9*?ldi%huc3m4m$GX2@1fT2-HBX?gN
zf4mxnDn`Af3|j^W018pkzW2<R&sb4gtOb&wn2lC`#)7pIwuMutjve!x-~wpG7e0y@
zpDT;%U0;@z1Og*SN$b4Zg_&d++pjCVK<c~0(cYhm`BM3Z_;WYjXt=VrzWTA2mGZ35
zW`%)Nr<o+-Elr;zc7`d<HW|%6C^^>rR<k$5k|3V#(CCa^E`IG2+lv-IjXqSx*4@P<
zU&ADdu^J3crzJwdJw&vvzt+eJVy_C`7aklt_E$gvtp2*X+Aj@9uS{&y4MB@QSzg6{
z^oW915DXaQMMD3woI~{Ey*&eJ{uZn5)Vo4f9ZWlPK1#(Iv>q1PzL`CiEw0dha({Q0
zO3k!4L?nhfx)Iq+UCKU{NfH~RI!>K~DQH5T{kVaW#uMW<E@_GwQ3ju{bnYUW;*Tz@
zikj+SC0eE5bva4g-eTO+lte2(4`LtsVC7Lj#e|v(B+l%57?squ<ER3=^#rjG2X92<
z)wT?m*vynfaY}2!R$Z2W%u|#jHG2UuVbi6dzMk8+m$-9NuYIjbrBrZv%BDSCsyq7L
z-_rai4IP)<U!%F<C9!WAb{aq?P>O3M?rmn}K=N9W-v@hw$vu{OK@jc5mJ!fFzD^LL
zEsIf~I^K<5ReZL=jvzmW2thVBm7B;)SoXlku)v@(tD-s7wq2kuWRI<i!&r)Ng@3WJ
z<yufWmV?K?H1<{-o0wF@VJ=`FD`~YS^JDua?`&*m16p*4erUO%#RuDd%gvO9%PWYA
zDt!NjMi&g2doa<YzmYK)J}J1iA9gdd;{xeD&RuZfeFqH_0j{anRc|B;ZIpa_MWLA|
z^4+@0U95{B-{6v6{u2}j)^1&gszY`hU$J|Z(AKS@A4EM<)QObUit@LPVx_H-7Q0V2
z+H8`QoojdaF7EX8l}`S|AR?T5-{+3u`U(%YXO09Z<66X`QPtg3#GmvyCZRcvxCP|`
ziLQfTexk^q8EvzcdJl*xnSnfUBtPkmqk5OB^>mTV$41Kd+AP%0*1HZl25;ojwMkkP
z(XvGkazt4dEugQS{79oFe0&w04g!H9T5&Yq4$FhEvd%W&6L>=<9mmf@B#L#nUY62Y
zXrdhWQy#1G3et_qjJIf|%HzNje>nT9cXBO%j~A^vnL)w+Zu02TpYj=Bw<{k&VZg#q
zcZ!25&qjK&mErpK<wTuTTyWU{H|6!CiQ;d^_xP_{SL3?Cxl6eJ6Z(O}0#mhHXKEif
zo8)H)YQB#?^^j-)TJOSqO2F!^Jj5KHZQeA%>NI}9km1+%XnQ0jn~~ZTSLcb+jz9wI
z3Nz0&J-tst+)~k>*Woz<=*~ZahZ7;$09Jj5pv*`16oRQRsX;jbQ~B2-VnCqvbWse|
zP#7QwgxI!d*6(5zeKqhG{0h=9k2DKz-P#PQ0w1HRTC>_a1v^M93u0TC5$xKfAa_q0
zJ$Ppx_QduN2yj9O#>JQa`OcWeAq!FZL|plTN8lARVfJn>E=HeB!RAM1(`i~(RV5{z
zXdc;jhA1ZNo>wPqOZkK1XGjK?>(poCHobHE_WcH^lOVD#FRhQ?kvown{CcY^(neqf
z&&|of=7kU)1uA2!(FeH$IhB%6D=*abT*i>=Jp?xcya(brqQp={l;+DnsE`SkL2|D6
zDSxb;8#xs^g{NOQBTNJjAzDp%C=OPiXzV5X|KAw@qmw`CjzAiapP!FMR!3VK!A#}I
zPLHGk<QV-uT}<ZH2`^3`LH5?&yJF#2#(#WDJ3o@Lt{uZ$%sY(IAZq82tC4N&vJ2EE
zq{*n4p#+ls)*D)aPFMgtqo`CWSmLdn$;sQq4YiYY0rCxd_^=t9@L(jz#lyIhxK>j9
zOh{EsT~F_767bU}XG-qkYU@Nr^rr*5!1(Wb5l}pYClfCT;rsW3srqc7T0nsO)X#k=
z$iG<CQv?+gF+Rr@doQ`t=HvjUrmq+8=0t-dOU+7gt^OqoOh<GQ%74O#2lybK@V}4Z
z>Oz^gVfRH|35iCys1Vu!6|6OL5c}Ee9h6pYGBl@r=M)Vf870zb`<_KAtX+(UCd$`E
zW4i%-9r5C&Yb9Nrozv3O{p^|COJVnGG=F-z2lYBw{TxE?2IbQ-FuWiVPOs20KRH?X
zR8YB*_c<X!LEnpT8<i_U2ai0bfzHljO@NYYe2(qnr4T`!m{8R3iwbLNr0_r<i;XeA
z7F{-=J)OIg(f@u&7U+%ym~Ou0SocL^Z$%C^wo3!C(DaEb;ap3c|M(mUNk=T;(a}N3
zD>Cejo>a)MGHM7B<ZZXanM+Jm<OdL{7GNT#{hNEZ9|L!SPN)S!pRkJh8EsRjZEMS=
z-5LBz=Z@6)E&=AGzdOu6zx}BUtf)3u0ia{3h9a2eKG=GS1MA6Y--|0C&k~)p9!95k
z6<hKs$`yS;log(4>`?+cR*H#$`A8`X48P~zNg_W3_XC=Ftfqec{(?N%NQ4mR^`4wp
z*FlkiE{@nJqL0jvA@Ht;$7O44n5dKxQPYPlNd7}_=U!WL^TKu-0m8kC<VrvA$7+yf
z0iZ0othyR|7|O9beOF!k3!Z+l)fj3i%F0s@3C!E_7jyIPE5F3)SP(amiMi(2Dhr~(
zXE8aot5lo13{nwilPD~%(8bB8kI6gppLz&GHLc6W^g^trqKdU{OhMFTSS=TNsMC{K
z7M^;zeK~I2!vYXztzCTjgB-S7Adck<#}eVlWq*&yUMAnY=*c;v`c}BpX`O02)$})w
zqVj9j!kbouMga&HEN<>kqfsm(nKx42y8aSvIhzPA4O;911s2+$2=9e(-v({RbktKs
zbWSa07#+Y88@%Pgc5xDyx~lMqLX?84>2~ub$rLiYx31X5fi^@kf?4r3g4AW(r|*pf
ztn}x*$ou1FZb+77xNMLkN(_`S>l#0xn+4U{{OXlFvlDigft3K4q4VQ>xoIU?K8?V(
zEdV@VGVx2EK$qh!jx$nI<cwa<<!FWDiEm!u4RNCoRLQ|~TLS{>`i)He8k?kluFz(y
zZg(X{0itUsLlc?!ujX$48qwPMMsA|9$4^n}*k#}jy~fsvd-%eNnv>BE1ov*TxdT<Q
zg39##^`Phqd<Px98jv#f%dWroc~l{aOK^joowVRT1}_Y!3#cxO9=B1ErA?qDsIa$L
zREP?j_4&8R;P)%bEr<mj$FMIP<QJ7`ax<2cUo((1KO;Tr=}m_mIhupy_wNvOdi^@;
zn^mM2lJwVE2&k_{aRF^)#^@_pX3)J6uRh;Ew7)JF${Z;_UjbwSEA`){*AqLh#HoVo
zfC(V59?&v2JIuqnQ~?bc!pO#8%e{07E{uw@vX4fYUGt;f?}vgkX{fARg}v;E-gza~
zKMQP~1CxPgrrw<taLoLEgeD9zX3-mk`rGq!Ep!bG3?L&0F};bqxZJGzU%cRQJhkWZ
z=Zi?Aa_31XlnPi*crF3c;jV)LGjT-y2$|gfJ~tb4laY~;mX?3{Dsa~qn@-s_)Yr$0
zV@3Y2Liw6yJwSx{=R?Y*hFBW^mDHQdT|#p!)-n<7#>#VU9SIwQ09;zW_yEi%P=n$q
zCXt+#X!QZYvA>Gkf4%265fS9>5*rbKB0hckBPb8-4`xR7okUkA*okV#!B`C?)i3<)
zOu;m;BoIv3dfQ;BO)Z#I6hO*OL0X!3`T@o*(3w_C;a0<%aZ7mSNo;HvO1>(TcQ6Sn
zJI5NSjRbDE<5ntHcZI1jOx?@F!}qCxD_8~uC7ej<zRU0U*<d4X1CXj-;BUd$1k%eR
zAuWr(8XY<@*DMA1<(Hh$2-BWpZRDYKm!u@u6J{ij1NTgE(EuF7nE=G|SAl>wz;x9*
z)W4+mC{8vujV7ucXn4S3k94zDQk%G&&|SgK5Bxb9PK&&}tKgFrH!u*mG27{N7wO?`
zU$^UA2u!6oJ4j81m=xVQ+1b$8xD)+)-@w3jwj<jwU%Z&8fws&TrKAu!+dh*po8bM>
zR_8u@2A?+tM-Z~|_nobH4P45qUAtNEbp34UT28QV0H|w!%u2$PgakjBRN%V!wySW0
z`POQ3?TbH90I?JoPj#S8vz9uAUWZ>b46x>lO@}ltpPy$K>E+VJ7ZdU!{Nv2OZA_k6
z%<*M@wOduxmOO4e{xlSue;!IBIXLlBiu`{8AjITM92anKj$8Oi+Nq#oss`XhtbOyZ
zQQt`D6UH7<mKN3xi}$<FgOk63nPUH0<Ur0d;wm)<FIoRNxVl>BE?Di6tQOPM2McX5
zWf2@_^IozgK`C1)2%knLi98;qr7)XPatI3O_t9Gj%V|8jiM=pab8>=MYl6IupA4{!
z=#*#+9C6pZ<!MlQh<2_3ju&59Imcy$E=j_Mb_B$I75&Q=hLwkQ+pzRO)5$@i+=qUj
zYZkHtF#QjLgDYPwpndZUQ&K$~E^*}GuJ7MdjjG{2zArw1DlEA?74n}a)b-E=M3>Lg
z3G)+dHpi`Rw+=fY2}R~-%>g4a$${}Kf$;xcGP8cZ`gaAt{ukJIxr&AstsvDZwq3Tc
z_!b<WN;8Cg^SNwE6kT3QWMCVKj`1)7GFlf)zo%>i7-tn>;5Z!o;rxozZ=!=~^%cxD
zv0&g|_<rEW=Lv0-^u+{n`u`tIZtC?V54wNa2M}~QSP}Ug^(*%F*q=!do&`r!531ed
zPg5{Su!Q;$$py#-gK<@10&6V<U9b$ylRapOe)7=K)hu*2nHlKO(x?Yqi01DKys>Pg
zzWhp<Gszg96Rsj;6nV_N3`~O%Z|kQSDg0T8SF*7kn7g2fownzV10z%ZOFLE*srLVG
zWz$X3|EIF)f|AGC9UrdGE26gsEMB8thw!O{gv3Pqc^egPxq@7N@`+QYgnL?G8kHfC
z0(E@r|3S~Zrwim46|I4`3#<;-`JF8S?yp`p!&fqp)3-fPIpu+C*#^Q`U4i^_r~b^Q
zuc9gRAGj6~;)O0Jb>Ev=2x%c!-M?rU{WI@wGO-bxgY_GkZXmt#;Jk$GVMi?IN1dDL
zNH7G(>aKfcuX_peLzE(*M-AH8VS0qvDnjn95lHAkf`kr4`h?gG`dlIx6B`CZM}L8E
zTtg5tSWI*P`0T;fgIf~{;Pzv_?+SikDfZB~TdtzLhrbl12l-`MBmF2cYk7E5efj9S
zJ3DI)I0|tou4}C(9fQ%?o561qs?biUka38-?6G4n)?xgAhy5M<c>(n~GqKdcZS1=~
z;@&`K3>HiFeVz^xWLC9`gX7BQmrTZl?HwV^G4DX~xF1(Nh6Y_KROLOL^(N5C$Ja&<
z_+}cOu|Pzk*@?A(jZ@c*jrrEQ4RS-hM>!;?F`JL|`P{hyxMOfxeeKJgOF0QgH|C?X
zDxEDm6G&ktt&6dB#1P=AfFh*h5&Ls$!XuN!sj_saF;CALlOt&JoZMU?B?9@%S-`$F
z@?1(LS!^XIr@#e`rKmn!d#^m!d9wz-Txd?HF^j7g%lxmxti_6c(N6%(#hgUV?#mBu
zB{1Gh=4R|kIP}u{%QHxz1pOKxQ9#rN>(~0K67G2&9ee1tpnmSKMDCDQMH&fyu||pV
zKYs5!>E7ZE_IFC4S&1ypSoQBiVYuph>3^!WR^{=^6TCB6q6&JH;bV0VZ{NKO!VYGB
z&^BV^&2U9=Z^R9qex_vUgl0-0&9@Z$5<66P35?9sN3Sa@cNWNNK$g_smXw$n4L$RV
zE5R^RBBKn0>7(|q2`bbl3Z=k_YtbrTJExuz`;JL4SlT1dDj99AtgJ*{R_d3dSWL85
zl8DWwAYKkXCu1ONu$@GzZ)mVaE*%l-%6|e0z^J7S&(hM;z>ymVf$l)PI1FEt#6F~q
z6Nb681T!+qb1E#~15hr^FptB#B8jxpP?hffez*<HV#NNodTSZv5xXOz+@PVkubC*5
zb8fo+8LsCOXx09VTKml~YOUM%hxYQBh3<3RCZb^BGocE+^cqVpD4ETeMUb*ZvpxH;
zEk-0&O)~eeLk<RhtX}o$XH`Mm;YL>HKVSL7gJE7N%H^bV2&Pcz)SAeU`F+vhKkq)6
zvV)MEW>8J9GHDC~9`qJl@JqzReNZgspfd9JL^dO1v>BUUO>cdWHnhl9%(x<(S~bp$
z6&bU_&~PMHfZe-^=y<Fh*%wdMH8t%5%#J;ChUrD;9aP$?z0&XJMPF!*&_M#O8XFwk
zWWF$)<IM@&zt1C_V|R}%j00mqp={MgwiYI<hrX}`Nsm6HS%Qd)!>v!aJ`|TaaW46{
z=&UDzmv6zImNcT}F)PgmL|V$^Y0W|usOz2<%t1sE6Zb^7lug&nNK?*oJ)l1l>}*o^
z$-#EPyd-)b+a|PlALd;|YBgV2_tJs=`Q;M(UFk58;y=+05U1SYDw?Whnt`3B#1&q1
z9R^F7u8G#@k4@>fC=8N9QO8Rw_8nj#ocGuQ>R%=H{97{GetaH)W_Qw=p*&Bg-~3Zi
zlkE7%;@)1fSCqHMA5A;-w~nOdrQP0X{zhcC9AfI<yp}0vHNe5#%CsAvvdVk%kL=v7
z$jHh(ondGnMX)ba7e|VHOWK;iz%7z-qjMFnx6jUe5AgN(ABy4tc)p`LbWeEgy?`P6
znUN2B4kv}l$_A#lT+}nh1k^3RV@XhBcVWK-x6pz;z9D%JBk+UXr5`y`q;?F7zcyKB
zKS+`$gc&PHb}P{f<Shxh9?DP+*bydOAX<<S55fwds;YWCt_AHFp%=rFhA{<5d1Cgb
z$~<K6*7jTm#P{hZKw5WDz_fsjN<Wy(FkhK!YqwycfliT!jV-F4NAmo>)TYY9HEY(a
zI*dm?EF>iP^&X?L`$a|jUo$TuK7XE`%h2iR>e4!S(n3ZKQT^!h8nVU6s4(?**ieRB
zW%*w}TE8?1ZScU`m`dP05X{U$0hh>j#5gw?L6dE<WbQz{irzew(vFw^9$|_!h4^mh
zk4wb?yygI^Zpg+S<<&^j-(mCZ1U%ZH%mw_gaF#wxZ~Q`FBUcqz)1IU?dU2WeXPY>2
z7nnK6N@p7|w(lo8VI6D_^8=J&!_zK=f-tkP?g|%!85*#t;%;P<gI1v@H(#ppjcqQR
z%kLUlxpL7ryN!7za&<<dhdr*5SCTU0E{s#{+UB0kjIu~OEZ#fz&O;-vAhY-|=xSK+
zp5Sm`pC|g69EGKz&44V04fSAeAc#?6Q5wg-Yz{zZy%qf?!PZ<sd?{k&0X&T3`XOax
zH&hhP{NIEriy7XJykO)k_0!FYRx);97DV1<q!S!UH4T^35ctx0ZLa04zRdW?$AcYC
zFZh%lty!9_YgU7RbO-WO*n>Ai;mn<UKwkmm6{HohOBi}I)PP=jWMx0QS-EH6>47eL
zh<Rqgo2(=mSji3dXU{>!aiG-Cg;9QP(Cd3*$7jIGGe3%>_So9kUdp}n^0xfF^_3dk
zr*cPUKwV&=k<KlBB|BQZYoay1%zW@OD!BgCsLFx`a%pBAwQywb8tY+0w%d9raN)Ez
zpWd}IV4JppAA5J2<b88xD@)-<o9?W+*hgj21rD~UJI`*9H^+wPdADwL7tS7|HeMZR
zxP!}{VAb)tRKT^UNGUArl-SPnOxDZ^8J%}4hf^#w<uvTp%UrD(f2_Or+}!lpN4dH3
zDz9yON$URTKi)WnJ)6k(ZU5G?b6>0XbncZwU4HkatcAG;7`v&|k86Y)DI`bpl&^EM
zCw)4PQ7-T3XqugoH#~D#LCE{bVSc^rbMC?^Gh>DN$nSz+lG}Xh+}q}=G0j{+95g}a
z+@AIjX<hbp>v9~%<YI73vA(lD9<P~LtbF1`_}GWJgKpt$Tkbjzx}Ocd@>#%IFK}>X
zOx9nGuh`Dw+Z=3ZS`O^U$~AWUA?H^0&)nqXs9KY^|7b!L-&~l?secxAzj2be+?af@
zGm4ozE8&u5i}yfZQXNYWSDktCAwye>iH3>C2AkWjbXayoPmOn|23Z)W)tmw+D;o`L
zbw}Xw#(z3hWm<&#QbyE*S7+GX6bdSp)A$@P+1Pr)r|xV>c)Pt&XT+_;iktY1qoQ}1
zu4!rM{-Q6SG^D|ODf^rr?p;S4n<pV!OaT&M2Ys@+l4>YErKy;<`S|(I8i)GvVW)+@
z7mT-B-X3urO=raJUr$R5l5{DSs^b2t^K;(p*$mxh7gMCJdu|AQY}Vk=ICR&8B(@@P
zc%U^?f9A-uZPC(|h%*o=_M3dLJib>4dkBPt6{yZ^-MO>vgRGhW>$>rs)?fXag2aPC
z9hUy&GOul3uj?H9MW_6Mt80L7_JapUb8Tkc8!ZdBGwGe4aF5<NM+~Y=v4}Rv1qJ*}
zhc#0{&Ov@jP-&qQ&+eh4BO2zf`a^9SWq&+h(NW%Rx8>N<v3EPwTD^2cBF;a*ekA59
z#C_!_TMI?9uB;-rn<W>OZpTha@||~|mMi5xh@Z>O$ohU*mtyxHUviH_R<iB)0!CKH
z%_0I@O%>Lg6ikaLxtXcH*<N8agSeoxSH<f;H=A1eL*vCGs~4{l?q{tPT2fqGH{JK#
z*GtOQCR-w)B-30u^$EM@`zM128}ns8;{j5VV~M(XYFPMW_JB*o0YhI7?6;ySxF8<u
zh=xXXqkTMiY3rV%;(dvDP84J`WHW8vy$*S{kw@SHdDbuOi)KuT;?$0FO6pO*$d~i9
z@>J8${OekFhtGLh{Fob?BV$puEts9uOxcsPO}<6W^V;zy<KNdYoe7nIFfEkNwE!_e
zQITYP+)WioZAfZ@T`PJ^_;ieY&;FUOvr~-aM{K^<luu9dT)b3RcSSU&Q5!gsZ-bZA
z<?|97Hhb!G4c51oSz6kAW>UW0^OPI*a=HqtU~WvO-h)#_=(sCcFHSX}toiCs$~|n4
zGA*QiaMt?5g`?l^Cyl5zS;^~kuOaWg9)2}#7b#=R%4v`MjAqAE^1~lhl_GBfijuYO
zyj__bvv0!6V{(queXz20HgYAY;TR=D!KZ29J!5y3-N>g~ugc!~CUsex@v@J-A9p&(
zKBj3nLDbgZoAedfU%_&u*LH3sbuND@_v!dWg>t`+SC@{b&embvVqU!H>_QuE(z0bD
z@2`zX52-s%BsuaXeEm{BtT<83YTLSslu~_WDCv?w5)U)Sif5EsF?a5k+l5k1C)`U1
zGJva5sTqy-OzZ^((pgp?gw3CfYQB8qI691FJYqWbVh#0$y1!F{s=0K1*0<Z`TA4!*
zB<x3qoq8UGUVGHok#%iKA54x_yCQd<;j0ZJW34d%>3g(!PdZpK`BtPpB<nS*L}qG5
zKUv!55<4k%<p=k!>^*(0t-=GjgLB-%0|})=1U4^G0N2`^;IX@dhH-N<lQIw&poR2V
zFtt30i)W-K3i*Y#J#~DXoZ(}=YtA6~O2VDDa)Y!zA_V*D6RbM*@%=2@^P(=DMg7%s
z8Ya)m&e@sFOtLy*8SwRrJ{foG1}T>IrN<{GtePK_XZT_>?K`_F!=x8^h(rYDIgaH<
z<2e;<3R%VG6SMd1>!jYe%nfF`HZQLx>7W2N6|;KT&5Z0amp%tO#W%iJ`m^E%hU%?e
z8UJJoC(PY?kd0)kzQ$`C1xC}~6!>OR!Vj9K95Gyj*as%(G|pG|I?Gpi`vmlktQ?{A
zcTGJ~F|<_8WTj#2rI%rDefjcu=A7(t^?y1P|7jAh{p^g5?WREAb$_{>yZnZNLSZ%^
zMJM>s1piw74;zqzJ~73(T{}%Zc86ow;l+aRL*g;U3UVKd{E3;bp1az$3RWw0rFHgs
zl47&7@B~lPg-aaaCkD#$wRI2cKU^K}cn5j=1>Dz}Q3x$%H2QpPibcWhd%LoLlINsp
z%B@!a^*cT!YHc9xI;ZRtWu~+fG@;#FlP~%mEo+5!Y=(1hwFW!oKUinhS$U0DO>t+P
z%$-J^2c?1*%Y#;pW8HlBBq|t%v+RM_hP~rtX`S4O0&Z2q3xB@$&$mj2b>p+5Bgalo
z&){a>&GR@M@L_6j;p5!O2L*nUAZ)$7oI(n%+dbrb*6KI2Nb1z=z5KN-$C{_PxdnSP
ztM28#*|?6>(ZMtIEgkC6?PxYtPn_WC&|jDRv*}ZD-2VMV+Z=0`g8@gX717m>K$pdn
z{2|D6QtHA#wy2>Yt1?=t&n#NZ6bzvbhODSMys)e_<)-j}b(>{2QVhA~j<SOs@mWi#
znhrlcEtl3G+F!)5XofjuH)ZG_kP-w{l%C+&er>9M%_R3<EhfzaN%Xc~4%N^HiBPtm
zxNlLpxqHsm%j5-C;N5&1|9S%(Y_~V&!ur<on}vXYImiS_zNdb`YB{^FtR&fqcetmH
zE|N>1MRzS@Sh`KuUPrIp)pePE$JLMQ4xN6kr5`?3B{dYNgihML4zaseo7i3L;K$ag
zuE)vg)N$Mnk677p{q-7iF9S=lBku8uRpfW}KsX?^=QSVFdGa|FBt+{Doe}-nG~;47
z%MgtzCv5PjpFchH4MT|IY8R@u6M_cEe-x{d(o7s@Sz#`^{E%mmaz}fofT@AHIt;jH
z^iqa1uMBbnR=-!Dh#g2WPrpbC(ROgmpEMidnf-AKK%L_f7i!Co<OvOvt|x$ruKke9
z8BCWu`}*XG!daI9{V+6rA1=<jV@7^<cr{_N9IFs=?|P#O?>&<`wk9bDsI?ohRD><9
zID0p3e)=1ZERVon(#RrWPJ@Gopn>qyWL--zuXmU~cXU_=D*Kmm0=(QvX<Tre80d%r
zg7!|d;qFTfX7B$6<iz7jd#8VY5>v~cX>|Um|9&6ZhyUgH(K%KFTUOzCiAZ8n((Xy(
zy{Zpyo)8ldAUg7s_4s*Qs92<9c6W6tZUTPI$LC6XB<4+ejCFoj6AH+McP`Dpavufo
z8uG39{lFqYt05kTgTGGIR`upjnTfm#zXsat5Srb{BoqacZ_5_lsf?T)duU^E=|h&|
zZJbTkA940wmoQ^|7&1}l!moZ>iI*XP^j^;=r+6>fx&mpt5&{BuhG}Oe<BpNM!hH#q
ztJt~+LXuz&e0|^#CD?QX45(I|HryHMz$-3j;a!#lX({OW)}Qd=#7;#SPIHbb#7D~2
zIYSo^8ynl`Fv_Roztu?^13gZ}+<lMcABBdHJ6!ox#GrzmcIgm*_TchE?6dGgL=cFP
zx45O<$@O?W<sS-AM3R=2Z&ePoU9VRVKTDjazY%HTa?q~-K8?w_1#A!R=P}u-N#aF1
Og+nR_AMHQw{Qm(M7%mF{

literal 0
HcmV?d00001

diff --git a/docs/arc42/revocation-service/images/revocation-tech_context.png b/docs/arc42/revocation-service/images/revocation-tech_context.png
new file mode 100644
index 0000000000000000000000000000000000000000..3c7b22b2d452eaac0a340170dbefbe2f9899bfb1
GIT binary patch
literal 38707
zcmagGbzD_z7d5&z4I-^{r>KA+(j^E2(jX#8NC_w+A#8FJlG5EJor0t^A}L+cz3J|}
z&pzjUzx&0#zwfW(*{rqpv!0l9j4{XD0jkP!xACa(APBlG|6E2Lg3!P}(E@R>z<(4q
z7G)p^0m;iqX*%g|PUBA9HocM9_33!|?VCC=38Q?#{*Tw?6_e{~@>$7uIm1~Qtymta
zWIemrtsx)ygOfzXKT1sVGb7&E&CS{I&upQ^B)e48l^%Y+)RPSd{S!B{l_Wl7PmhCJ
zi35R}jEoGKke?tq5izma=_81Ni7Ai)3j&`K|AG+y{v2Mm)DVpg7x<h>V(AI$?@Y|q
zR8T2G1>A^V{LiIi`1p{&|I;rH-=nCoAhJxIa<la?X@c)`n78g~M&H+dnJE|g*?Rq_
zX?IMXTBfW{Uw72KOs<C0x082Q0%9Nkte@?i*;&g;jafYZYo02kP0RB4V*H^_naoVN
zN~(CTR`GL32|Bk!HDvyeZ|87#yOf*G)y3<*c6t~0x(tRH2O1fCh{KlvqVu@?#Q(0J
zL7qif>_}7RiSciI<VwT(L`6aV%c6v%%VftHwN&@>ybrhdHfI}WYdCx-FOnai>o&O7
zB=8t{P5iKkv>TC%s1HpZqg1H9AdZHb;MeTNgwW^BaYiKM&Rw-RS=CqLkA{FjZT+w&
zdXGz^hb}wyCxvN{`}rEX!&+8s{@b>|JiI%cxp^8nUHj#|!iuzZJ&)F#JR27m!Mt>C
z5Ix_V{;4gt+l0RUi&RBZj^>k3o%`Bg)~Gpyk?=tepH?{2GtHvc6@?`01|C;gwf1Wn
zA;Rk%@HZF7TO%oAF2lhBGZY#co>vZRQ{0W0Wx`uOhBOB<o{dnNCo#^VU!OGIbXsBI
zQ!q>}@+As<EdIPTVOsxkvfibt_WFEd`C!j2@v%k5Xo&&$2FVq{`4v5UiCF9V+h<4p
z(uDF#UD4Y57WE%X^y^I$YwVD8KW3R_zpCaW*#_2q9LiQ2>65s5&`s)=LON3dR&xFN
zVkdS-zuwv5{&&YwD9sExZX6ojKK|X<^i3$8*uE>hh&dGYP9idy9?{62>RLt<TKQqJ
z>my<BY&*eh&ilV*>(z@P8Y-fDGA~fq9q!d2Q(T6HkV(v`WBFS5k1lo^yPc6pR^d>t
znk5pgI;T%URWKyajAKU_qvh%D{QgZ4cLN8~HBUWj_;hb^x!TxcSNHvRsg!=~nEP)L
zmBr+n&(+q#j@u8$UIbI|v%G5hyk`m7aLpx%T<*5Aj^E6A6BeGxe|C?0priiAWvjwA
z#PDW5-aJK(J=s2D)5;s`Hp`rky*ptSE!f!7*ic83cCp^QfM<RLv?hN&ZY~Vu>%wss
zm{R!6L)OQ?XR`2$IBrKlut`P@Z|mvWPP@9kRzisfHz!+@+Dh@f&qy{EqB-*<ZZ0*h
z_Pe<ws=+cCD5Z+OA@ODo6;&rO(fqXFpdx<u?dYZ>oOvW)tAIsKRyLro)%`E&cBuII
z^UC^_1S=M)pL1TfSV(0n@|2-aiEF2$<H?VT2v4N(@2}r)$k5`|uP@KCqC$R=&R)#8
z>?oa!te&)AGibD2Glu_iX6ZrfylQZTpUpPRp3>AE$LLyz&r+8(*P5gveNOJbsr^xh
zO=5K=f)ImVeSiB!_^@AED_PiK$&R~rl}RUuuis?H*t}0QV#~bj0KFY{!~Cvg=j+!y
zNIXG46Q!LSuz&^Pm%Gv<rAE?LH<4R@SEsI5M`O0u^YBLZt0gxLu~2=dc}yKYySufH
zJH`9U-8rL$I>uMM<LoqYCbk_spSI_c6wD<SlXLcZJw!}?j32KgevCn&#q*|!phLsT
zjCOK1CvD^gxe5GMU60x?vTWTA4L-RWUS&KBTDo9%N))oo#(-(-efsh~aeYUs#`H5p
z6yqBMeL99UW!lWQsN>0Gq>+YV)4Qrx-hlnPER;_c&arUQPUrGsR4Y&YS+d*l-~Ah0
z_M|irH7wl-NF3jbxE#MPFnI*uH_`F)!N%>1d8o_6I92^AlSLB;r<7LViR#bKTXCGK
zE-k?cXzwp3KQ?wAfRmz^!c00i3&SN(^9e>e&cJhy^b@$WGLF$M@(Y9`uLzu{9md|6
z*N0w*<gUxfW8<>AYn1K?kf^+``Y`zf9`cKpwfCPz8EVF4*ps_Qv<XAZ<W$YND~_fI
zVE1j|x@MewFE{7tJm&j*=81o|F@WpH!0l*c^t%!nw0f2L*dju7j300O#^fS>j8Phs
zM#JP~#~j1R!8;I2Y(K0XU?GjCYaNz7u0$G-MrRv~2$XFI77xO{S6U3QWnI0nPZ93(
z5OJgXFkP#avO&de4k4_l#$t=F`uQ;h<!*!|W?~%ndI^(AsVtxF>gT4TZ_-<mF^tT5
z+jeh42wP=r=wriKHcKIgY1+9iJBx6**k)<#x8V@%6hb=DSEHFMo+Om{*N3(&ywy#g
z2CTq@)kRmY{=%g!B;}Qik_?k1=hS>&DSgB)NGb_tHiGI{ZRo<To!0Re3t|rc!Dd(o
zv)$7?!pXFig=xpxf4BL`V3=nb8!SuaYP#`kg<1zW_0d%&=igb3r~IYpPYfOI%o<$Z
zfa7O6O(=26@ZWj7Nr7*f*Bzkm*6-;xVl@gV1cY%w{TC&D)EC$6lZ5q+!bC6{?I`zV
zxF|`ooXy#Ctl~WyH%_9av?s76rH352#`KRbLrwEG%`*;$;n$P%ugg>AaueFE7BL}?
zFN-3^^fn=Hrza|`G=wE~FW#Nr?w9eL5OICtPI&nw47E|)AjDh23y9%u`@zNbPnDDn
znK^K-wI!}kGmpmW;N^vK*?uw@0k<lpwOG@zno?dJZBOftX5zhMS0-gwj&k6@Oi!TK
z%HvRDgwBq}46^c|$t)5`P|-Tobw5B<E<n7*X9Sm(Y*?laY<pfNG%2;R+2*rrDiXy_
zJ`&*{N0!G|viERGo^4^LSzhGjq?9T6?uqwx#v8HWL8{U3Z>Aj_s>D214#hto?<8(I
zddeWN8w9*$>SC`P=B5ahQUz+Uni_68kEM6G^V?xaVcrKn)}-^1#H$<VTZgAVosTSa
zQY?LAyWH7?Rg#g7$>O2*bH#~sNwB6L7DG!nAhjv*ASSRx<)E<bGtbxfg=5KI)LL7i
zruV4q&Id_mAbR1?8Ny#J3MqW*XbNLUBl|)i6GYA(vqjFO$5A53PH$g2XpiROLxLM<
z?I^QSYdtNzhVbd3+sZ>GJEm}|W%#go<=V=+@Z{@%te(d@qfZV}9r54VrJ;oKX}54A
zii>5mI3}zI8lhBA3}G-`1l_8C0(JtQs1M7|g>O3AG&K6AVa3x-C=Gl|`+Gv&cw66P
zNJ&7R4`<Y9HqtF6lFvw)3}QHtx_5hIH+Q6Zx8+tO+io5P1a?-&0Xo0(tB?k)cM{iQ
zjn`S*4Hwp6cM{%K!W;J(=3roMed3G?moo+!F}ap<(ZVSk6aJcg%uR5=#em-6S|N1x
zKfCIG`(%)L2bWbY$A8UDCzX?h<%g)wDduYUpnfEEf;7=w1}R%g<KAy-i&Xk^N0}RR
zdy}>uFYFoQT8>=Kp^K{ZBPflc7lIBsAQmqKf!A|<n}G}y3Hw!5D_zNZl#?6ls*)EB
z6LsIk@^QF-Zt_;xE-P4x@w#g^XDHo?zpjHHm<W+@W8CWC*%f;3s;VXQew=5`=ZocA
zlYX4LNw|ZG-1RJ3M4Rlw(~NuGbtErEqI{?XtRLV$oWag=GI<-e`p+Cb(PPPdmD5Ns
z2&Ryl<n86%(`2Ge$&5Zb+XjOS2<nI3qBN?pU0xDs6P~sY-*nqdniVLy`s(P;z%0Wq
zYNGjWTgpN&mA?0?wAE$xYE0>Vt(e$=`|4HwR^=oMPP0(d`(de!gXhxiVs)u>f1uu3
zAst_U2mal6w8aAUGi@#l)$>(tR>T~CXURR$i{VLDN9!YzA^zjom)T*xXPyZBW_&c3
zLk}r)30Lt1`N1<W4o3=z=oy7D^?J`@K}kb|jPOXOsh5H|!Z}K+l4v}`OisYuN1m)N
z^ee`XR$+7~!~bb&AQ~p#^GGZOvm)K97-R=SYmZJ@FPSArzjBDW6NO@lk)Q-x0yh#L
z9g(znPku#mQY3##4fAVnuoK;9YfPx5;XMDbT>4I63JvG`3@3LPTy%(uDFf#%BniN`
z6h4Hg*q3Q;--zRQhyvjLO#Uzkz<3N4jBhRFO64F2LnbDEM)bek_P<^Fza#$t>rI#p
z&|Gpec*@jW1d1g1PyPOvEBs&Yd<5~_MM~^WY?L$>14KXIO$RXacRLNw<=zi9R}vYO
zSLa6?Bef12NkIW<-Z1FPV75{s3fYZpRm~Qou&t1G5Xipy(gZ?FY1kxJPNh>d536qE
zhAVgemgf|5gEKC?Q+F_ofT0hsj}#;)5>p0&$6zTKqhOWr$&{Tj$*xhWuaLl<LfG8#
z=QZou0&Q-sZ_mTM(R_1KoV#l7g@;o>s_#SrK!3^Px}KMlU;O50{>iL|!PZ1YH~6zv
z47Wk?jO&5YNR6Gj!=OBS9;;%Epa3H;2|9##dl;JfJo#ZA>=4^xrv2&BBHiR5f7dps
z$$WENj?5i|tCwwocQjCp2>ksvxP>e#1Duh<hMQ{_Bqx(`x_6p&O6_V!(6>m=@L38d
z%ww?d`qhtj;hY8ybu1aTsh`*v69hl@xQpix(wC}MuBue;EUB`f)I+`M{u*30WpKnL
z<HX%+HPe~)3U$h}Ujr0p7a8_ekce$HEO71)@=-5xYqCm20GB(Z>$edk`P&5~v!eAO
zz!ZeENtb;R&$I!&9R_E4N$<U&fCr2hh7R%007S}q0Dyw-h$s3BAF$|65CYBU_gBi^
zXD0q&*$O@_{?_RmsC3)>-k#qle(@rO`&FqVo4N3El!hiaT_eMJ8pf5+qMhP-O*H}G
z8PPFMX8j`;P<JxpvYuqutM=s<`O7SYXmxN{UZS#IVWNabgR5+Izii{@t=Gu6F)sIh
zfE}jxauWuvycIlKiX8bBKw5MJaB`#$IV}EhcJI~I$?P&5JY+cTk@4{L)kW54Y|?eI
zhp#n1%+&pLu0QS-*~wjK3n~CKL)m!%g#u6<M!TKH?(0OEsp2S1GU)EZ;myD0$w8zo
z;-r|A;OKM(68yseX&(dfXkkUmdvtkrP!LQl@VXnt%qV}KAyYl_r3u9}t@Dkm-v8yT
z_&D1TXNowX6Ll)J`;LKugS823S`3xo;ybW7MgmTue&_znD7rIL$cew?c~PR8{<Lfp
z?C_Ya^W&}id<riC40Tu=e6|IcVhl6R+H7N^@O}sLNN=)8QD4VhO9q}_(SP)!?t@d$
zaUTal0qTFarysrhc+KlKu6u2x7=rKaHmNF`TqCG?(<g2KtrOxPDxIwSka&o$Q(+lx
z7tI<CL7vY$BUo8qdEQ(iB`k+?)%GPUIqh#ZEp<j}fmvO)BmVlsazx=ay|~_J`dYef
zm36WCu#<snyUa;3gDo}K6?pl!eWC|1_^n1CAUS!-&=9uEU7eX4Im*2wwgR$I=L5e(
zD=*|D*>pCDaMB{p!MlIM2vNWG!6kiPa!tKm=GU_a7>rGE**6ksbEaNbVLLa=M)^13
z+`^wXIV#X5e(p3Ba8=Ktozc&-CTDwTrpIH<?(Mb`R-N+`!2@6rC1%ymGbVo$a!hnI
z1PV7Pbax<9J+9$ko!%ef#y$CvAle>m3m`kSfVcF@*97PgW;4?V)7lc`UZ_`AWQ7nP
z8?RozaTw7e!O^qrWF1W+Ifl{zRgV~0ToHFNTu1?!ty}nk9N!o6-I~)B6tl3q6TSgX
z=A*Fc%=&7>X0N&uXT-P&jLA-H!Jm0pVAj=GOwRYCUp89LR;k&agg9c@>rC0;Z^mgu
zIu5-NlLx{_n}0RT0)Aja=-33B;QI0kCBT>8qM=D{wStZGEkWQTSKk(_32^;fUjkao
z*(ooGL5CsYcG3wZ9+~Rd{<4N*ESEzuo9!L22(kdrXB~PUYvB<fc_cMUGKar%exCXX
z<C|F{5t}#z#PJ<2epqw5G_5TDsv3mCgFn6)ucnduVrMwheAsKeJ}(fpx%F<CCrxRV
z4yrp}FDNrWBw#*%$N))Vg{FJg-h)N%r48RUPx|CLB~F$7BA$uWeOh}C5asY|v^i4<
z8do{g=uajVTeK#}!b_9HghUNmty+C=kG}V4ygE*_<EQMQge1ZC%VG)rO1p*ZK!gir
zYS&+dICTsUkkZGC^NtETtp7SBwt1>@cF-%Ll7L$(X6E~=U%C_<inApjx#$>vRJYTN
zO|L01Z6CSWCw4NGsSI?3wXgntzmw0?9Cv1TWj_7#C*H3!Xmrm9+pvtbA?TW>1RXl`
zX6*U`hD4^nN*mH?SX{TS00J%3K7`u8zwJng!%zN?#6{*en;h~e5UrJRKq$PWb?2Zf
z1O~Ah4q7O<&+E+5<469=rRXVrzJ!SdE#1e5x0K$W*^XT`d=^L+&H$A^AgKw4L1*jT
z+>KEf1Sd}H8Lu2RMx!^3x2I})wPbXRA;|{kt%@-g&!1qflMDQrb|$P!qBqbZ?-7GL
z5sxzdP6S%K32&Nr-;g2OKvDFKR(Ee!rYatY!C*e7;Q1U+jtFsEi)Lpvj3l88m4F$v
z1|Foj6l<60lR&?Ic2g4*!~MV*@El)V0K92BZ4vD6ZwpfDe*waOvc6|quY8mcO2+d&
zKV1yX@_umr&)|u})5Ff}qVVBgz(XvTyQ0-=n+=!(0ZFL?!k}v#MhM3veflL<)cdp9
z$OP=2GjIdkVerV4S>fv#HtJ~BFt-joe=+Azvd97LgXFjm_9_#T2M^?*gdem{H(w7h
z%VqQb4{{LaD=-L@7sUJL>-;-ZX;`K80q$v70C$mq`TOU8-lEAxQIrt=`*2dhj9*S}
zVX@#~mc%s?v;N-j{(pxWg7%-`0cf<3jT*}irliag;r}9ag1rCj6UjvGLO44LVwrIK
z=dP}%!7RlQAmkLTj}{duL~$@OQ=al1crJP``Ye7~yvy?M;KB$-scO0WPtdA2ihr_b
ztc?~W0*xYOqSm3nj+7TCgfN6Oggk^g#6T6S;y;sxdCwEX)Z{1@5wQ1PNTk_J*<9Mt
zcwFDK57|rAigOU#DTd%f9okX~b72;TYeVfdacDU0#Q*uL6Y5R9BAU`CC|Kq22x(M?
z64AYE-DDDLSTE~P8wHcmQ@Z`p58Cnx2|XLpPkKt*6dh_%R0Yc(0FwJ!L}<_<og6kV
z9zBgVjX?$nYI^Zn>Y@IZU-g%widmi!O3zherE^2!C>*)$IdU_fl?e0C04P(9u3tuK
zzHL!aZFw!8z7dV*TAfMbkvEP2ok1XH%9#w@5R2HFjott?f$=UY8l_)yGuoH%y~@n@
z_indvP(GB2bv20te_+9w*N525iK4_JLqCS0L3ng_eXfB%3@kSP{g9}b5RdDB`cUZ3
zps+r;_<#TWpC|kuAJ*&9&)RdUqxMnMBwuQWC)mxw?Xekw=Hh3ZI45YRaf&vOX^9>L
z>^I>vO*y&V%XeBKUG}7usopzP*WBx2??UJEw^`iF%3X-xNw;^th^UE^@=5G$kIjTS
z6j#8@`tk^Qr)|c&x_a{{_<D6u@ue~`J~%<kHE3+$d{vspshJxl3N}qTO7T7d07XRL
zDA?`WGn8hVP+@hW6L0D^@=ZPxCHf8z$k9Ix1(-J<AOt~yZi-{a4?Wkl?9q!G<lv;S
z{&yboOo(ux-@(-8VzVe=cc<ZE7|6dylU)+n1T?CqT~XgtZq7GKEN`x_Dj)JzS&ndO
zm6^!%oA=Vd8_fIY9Drt>Z`Ui-{@wH~d@CsNVk4?+??~}~nLY3ofGE0O?#XGTNy0i^
z=YhteHBz9h4N!8v<>0q~*NyJ=sJ+dpS6zAzz)RuSG#r_{?uktohQE{UN2d;y{}?$S
zj13=eO`0Y?3%Z*JfPFr|LHfxa*Jm#+sN-z_q}KX^cSjR|jgg*sK2vzX%OcGN*E7uu
z%aLJlc-|@uqco%k?dFf)^-H2k0x^WtPhL#hwBFADFj*N9zvveJR|F6Vx&7Ba0cK>*
zewhQn*M5D0W?lwLIzQf?zTXW%ck%hjPDzO9{&S$XIp&FMSGPL<0n@Ar#P(qzNxwZl
zDXN-@IB9VNch_Uk5bc~OJ>zU2<Cdxx=cw)xJGe*U71op$Ati{8c=PkKyzl23II{Bq
zfbr*SRW|ca;o?rahJd$Noizd!y#9q;zf|7^MGfEwD|urE9&hqT9Ji<LNn!9V07={6
zT25Br(}K+3>j3r?RiH~p+@L_z5uneVHzoDQ2`0X!pB7~;68i0ZYk_X^mmA~$ZVz8y
zZh4=$?lrxT?Kk1|+)R_%bUS2kzFa8XsLMN%&zq_sNNbGg*###EJLHR2C5pn!Fqk_!
zfb`7X+_5{~YWfDK<eF91(@P>iB-GxY=D%e7lPC~-b97y-Tcw;pL8LcV&jm>T5y%7V
zS8fLp|6h9o2U2~FLODyGgU5HY^^Brlhu>q)9CN?9a?GQZWILX+>yyvM={QvpS|&TA
z&zh9-#?mQ?2Po|Ey)?3rzW(dW0~NT0<PiD{sVbUmBgS(wXs$ew-^%QvTqo@;c|1QF
z;_k!OuQtLg3>>E&M(sp~4efVk-k_1XvY|zs9U!}FLuf_vVdz+|CNsXdH)E1_+~Dw-
z^`(3$650DjI^u<SYstgpS~z#`;$k6)`}Za(+QVUp<<jls=1P|(61>qZIapZiKP!4k
z0PWV~#>o2m;A3RTM*a9$w<ntyB709f8oxycT{TCU_Gq)b?{!~zI5Vj<uC|2g+h?73
zw5B`y!_UM48h?53Cm@oK_|bD`<SGQNnKHj(S77Bj^lKf1Va6^8ph23AB76=Qyt%}Z
z5W)=m&zUGO20Gwur6$`QX~c$e9#{1$g7X-E1)BCjWlX1}9>CWT<4`fS3c6M8G%M1>
zYXTa<-L$JOCXFBUZCv-JXWTD79Dxd19=-diRDzj*3)fCmaEG+}>@5`hSubrRh$Io=
zMY}*}eXf~qP6GABJ(8w%+5G;plV;;}<$H@F$J(U`#cw9A=W98-tcJr-nzMoQk#PR0
z8oFxXt49SIG!sJu);B=9R`fs<+lMI4^kI-C)URL6*!uhA+3$^>-Q>OsP!>}7^MyA5
z5WI>_h5ed3ZZ?3ZROR~8P+B7W9JpKCJlP@U$HB&H;?gl_{KT<4=HXxtW67)lrK`c$
z3CTa0;@Chn7QDuJ8X~k37iSp4@nB#1um4kmc=n0haM)@OJxmHf+$@#^c?jZY&LpM3
z1VnA{bCKdtj<!jWx?oB^Szb{W^ICx!C+Yl4umQ^(_q*<A`9kscg}2tyaFdTzmqU(s
zK-N}_7EFNg;K63m|Dfd#%JCp}(1oSj&?^XqN$DQF^|9x~F!$YYEf%}EJQ#eRj!ynq
zUi4^KBOg?z_HUx@X?*)tqIj@so^~=#3C;aXmw@G;4fsh7T?8>;U;K31dwUjgs??9o
zfO<8WS)lOCc|qnx{>p*ToLUi*0UYoDeJ#p|ykb$O_AMT(>3#~GcX@9^s+_V8!V0-*
zE_ux5GQUIC&2EpZoVsczTOF%G9X_fNqm-wPvu^CkM?63J#POh!#oTLIq}1?J!#DNL
zM<&x*vHF~p+aRvc4i&h!_~4SL&hha$HiKe{X$@biqj;6{4Pr=HL@9q-?X7Hu#If4O
zSV^iYA%+&t%l>%6BpAf7D7)oZEC#!{UT`upP-`XmNG4eaUc$|F@`nX8KL>z<Mmye8
zWKZBZ?`0VIKX1O$%9OoLdG4ETLm`}_=!PmhR=nYaL71`P4Y|)G=RA=(Q=BggIh6Qt
z;{03u?@>R)%WqZ7m%c|i(leB!QZ<@xN5$)bUr}xh5m_HEidYVFSl~%2VadLk6S{5}
z+5_+MS3jDX1``0gF4=Iz%v`Rr+{GuLLoCFs_kSm-fGOicEq~yykG#<MVa^oHW{ffi
zw=DgChtkuR7mZ!gu}aVXjtX{NJ_7jV))f%WV`a!bbW<!u<4kN0)bw=5OQ}{1hH?uN
zW!#l?v>cxCxN%$4^$hVlP7gvsNz}JC>~ngy7TT^d_^#{P7fN4PXD3l&d{L}zC#R))
zREuWE;q<3q!y9K%<bd?dCEqUNM@@2*+io*9uQ$!a>A+}cr$bq^HI`I!MCabKKO|<(
zzjkGl?DRifoHLXu-t@5BhU?<e`1+<_H2_LjtTGWH53UXWv)87FNii{=r@<cozVpNR
z`D*;~krbKAin)0Bt+LxtlJr?!m=c!MO84>U+cM^<ew=bF@vFn3-VvR70IStMn~ST(
z@Zv(MMXB#NQpwByFm$}PrZqSesR0s_32&BD<_nIyx*=D{-guR$bo*`0ur5_`?&@eM
z8M)Gk&sCv2s{@&C$s!02t!)5h=t>EfTW3wccg}srk}}&{IDNZ~NVKl)jIBZUS6{x4
zS6Lzv@Y^?S4Z`>8nP1*(n}St)8*?EE7!;x%!AN}TD7s>AbMxWs8*qhiuMjjLm)>qe
z8Jcj971Au6`qO%<uGnBb6QU?e0cYx^_0tI?L6aMndb1j|lr@!fCL_P}mc!tQZM0OF
zgsq$FmL2xoll}nOj(1V`YWcP<E2LNSVo^IFJ;h#(fFhe!f*wGQy6!Zynn(geu!vn(
z@hY7)YB?4>NLBH}s3&5c2h84SQ+o%eEBuat?(Ii-n2SFPwBw*pktQM$lmO#Q!EM*>
zqqUiJJ8A2oCGy$u_UgXjOMQBql_u(t^!D<tr)Yk<t)P@UQWN(SYQNJyhOxIofYWj$
z)eNYRX!yEn1Hh_)+-a4Y{jufBCTjZBw#Ogfwv7NdptAz?VknB3Z|}E{$q0eaC;VRR
zbgp{gG{N5vJ8TRf`1`!HU9r9O(52Tk-g_(@`Zrf47nyN5L;5))j*wbD;3U5{9hapY
z8pj-$4~E`2PO~mn-V;T^d2faz)T*>Yh`|+_F7l73>J;fk)hNeAn@Iwh@8E)9!su}-
zc@Hf@4GsQ>Rx*kc3yLa}kv_|K3(9^G7HMR^R}hU^VPjO7?YG+r0k7cm-%mho1yFEN
zd2SMMdwIw!hSCIY<o7!fS!~`zCUYLcCp7dl>@?goRcV?R(q%3%!)<67OAxgI0J~G*
z7)f_k^O+#TkmitQ(vT{`p*It^akWXZsq=bi6+Om5c`*emX}qqr<5yG1hgKP!Iq02_
za(JV-sqbqSM-AS-j<`X2E$VysVlQL0p|rnXe{^^@1uF1oFoL;a9ZGlo`<&l1a|-NQ
zKNPsWWWC99akJTm6tK||{&ob*(iI+DS&2>Ij;ib20C>|7UYb5c-0;?jA5Ot?iRY$Z
zQ9y0?e<~;bBj8*tiaQb`q|Q_Q#>kJBtsUJ%=hj@~`(naF+@>kmDsxi}ItLvVL~J~v
z+VGx4@T7EpK>vJ<a1`y7`!5GV6ZNIOFiDwj!cp8~JvdOV%gOf3wMI}hfB6uK(bzTG
zhI**MGde<Gk{$8lQQUxT;D|)+59|?U{o*z4dcNY(^QgVU?t%G3Nhk2IG7uWokJDXO
zr&X+PsgyU*HG8AHAj73btxG~^P?Oz*c4s`oLu|=L=#UV+$N=E{CYKal<_Wtdf3Ew1
z%1tec;{%Rc7e&b-(XI;z{g+$lh<Ec-u<glm^Uwql$6}x}Cmnt~2QqpQ)sy$Ry@HGQ
z@;L+e-pZAJbk4b#$0%(H;PmM1DqvIS?1_G;Td7$!{W+0J&?YTG@KeU?GLwJ<<FeoP
z#hMOP#qBo_z)1pM0@;~};4x?=i7<#HKKY;yaFp-*U{=tjFG%8%Jq=2UPx8(CQr3Y?
z8awL%ya|>-__Xy1tamxdN5{S{E}5$Om<mL;*vEYjbSq!{NfFakN_Z?EOe3W3ur;BD
z_Zg*@GQixj>73?ZN5Ih_pB8>we+_0bp(>6CXwgc?5eFqHl7Oc|p0JUS_ubb*4nRpv
z22qN?$xKIoeJLoXAI<yG=g-u;6x`yjQ(f*$H4rC<{RYG&IT0D4?TlDWca5vVX1xK3
zUQhs+X69CtC_dB^z5zj-cGv(ZwIu*sf#qan(bq63XHj4TsPMRPN16$F5(}dM`{AM_
zj}5Rn6sSmC4cF*Ats6vdIs|)lm)SFOi2{mi?b~P-cZ9A(Yi~diV?85?OC3-ijaENG
z0c)oR35=@fYFP?*gv`cg>vk0cUXl6kpT#$+xq=}WwHz6xia-_UY6pO0Dfrcasz!mf
zf!j#U#Pi%cl4)M<w1D1xF0KUk5m`4=N2j~8vDnPV>fh%C>k<d#0EcZ*48eM?brZ%Y
zom7AZy9mvO9cuaeY1cAl2uJlrVT4>aLrpX_RG4A;xgc1~9HB@=?ct!}2mlnx1?Z;p
zEnn6Fu1DEGY>NXGpfG)0j@S(Gs8ARJ4&swOk2%yE$<s?)YKK&|*l5Qo;IRNK>M`#4
zp27*P-~Ltb2^tR}hz^*RkSZxrWexi4AMet)>reEN3#v^Vo&eCl?hCFSJbI;I|5$3l
zyU{5ncbchVQ~Hd~c{N=Xe>u|zR4LXZQxU*d^_<=l*rG;igjLTE*O+OqTMFH;&PR*V
z-RcKt;YeDcPyM4_jJGI$L#IK=S0P8^T&vkCsdN+Ru4G&ws=cW$H|$3eyaJ-ji$Bzd
zPj2ech@1g?RHR#)j1Ccs_*AyU|B`s)J8dOl2FHKCIR5Dh$#4xiN}0FYk%MJ(xPzk5
zB`(x(u`MER(r~(P3z=VCN?X~!;e{rBW;t3&8SwA7^%zZnFoF4L8`2E+0AJGEmhN+b
z|JZW4BNc+gh#wiN376KFV`o}`We9Eg0z(LSi7K$Yv%^j^7zH)1q#$Wrx4wS-u!H-w
zj!&PO#NpNvln4adaTxUHH(dU5fyMcuZlQtRId4N`b1#xbAjjpP33%vE;=#wSm9F;N
z-5C1j>IM+Oa<@JONp)$!>!<I^c;3)EZzI5*329TpF78HCL9QwWXb^sR({9y^IR~fu
zS;442F(ZY!7BBGhmd|eENCKyutCQpcw=c6ooNmyr7$x)#SNe=c9>Z_HhW$OR9t97?
zBloI=5FEj#9hzu0=rpAP1Cn}=hI6GVPH(P2V1-6*0=6>ouo{%t4_<F43KwMdy3iI;
z=+yn+i`OyU(RZEvrv50X9eE2J7$99PN8J1Osuzg=TxGb=BMDyS;lHP|gD@^-w66yJ
z5Kh110-JN0zwrDBLj;h*{`&3D7t6cLX5{UDA5D1*gxfPr@TAI$IFY%EF@3w@<0$c+
zR%Zc8S9(`&SBVZLs6+gsb40TVRh&Cm`D4dbnWnu?>o~<IAu9;Ljz=NKYmj_qc^oBy
zUXe8_plwlhRW}P_>Y>n2a7@r=*`bTj9nT%_oh(ygsG6Bv0R8Ea?f18BNkKwUp&T$Q
z$Rtp&mzHR!j-JO5fl6Ccye9s3S`3Db-)~OolpC<21nnwxPyxKq+FNKF0p26Shl{G>
z8A}VSK1-oIp=i%X%1pa$c^xG)4z2<4i4L(tDKV(}uw6xXY3jJarogcToiQ5pQwE#y
z4GNu`Tsuh&Gx@l4(1$Bd)neUqp<z7;-CJyT5q6Z+M~Ycy4fyI8z2@h4J+-MYZYMyp
zHMCqCHkNvf_thngNmD~T$s#AIpF(bK)PVZqaD9ff<4E;%;)V{YKi!THp@4q1fPDJ*
z2*5+lzKeK1^L(J9D2xavgtM!p6dv!)?o2&k2jvpiP3&Xri!WD-&p3b(ZzDrE=z6xV
z1B2WtWS%L;Josd-EN+Zup7Op#%9gMs^b{m%j<s6;xA&(H=$P-?A2@)}V>&MAThIrR
z0w`Mc)zsYIZE*5%B@ib}ElBMCF0qDV3fX`IsSsdbetqtVm;)?W17w!Z4L+{FFnUG*
z>U%HI>C<<v)u03QDduPj_BZKdwK{}qh3if2a|6sJ0aQ`Lawt1^9TbqA!Hb%jw1WDc
zDeq5Ehs+00>Ux6%^Vp;5{!TY(<N}Uh`^DVVf5xEVnAGQE4wD3SNrEnf-Ch&&$%hHe
z3ac^YX{W{D{Y;=@DezkkKbJ+<1Qk88<8kBOX;%72o_vHM*zt^eN6qu~6F|j#6ED*A
z=YXzttDh`*enapxDo1F6;t4CM9JW2iLm-fqCFJjs_kE{9MW*(RUFSN&nLhEa+`17T
zg~`t!CVC^*Z<wA1K1Vj9DwBbC?so~Q<FkS~Yan3ysY%?7sjSL#9o&EQyqCB_(4N1k
zw8NI!sv~>@LAeVOzzAt<iPf*{RRi^tL#<FJ4LGZjTl~+L*vU>+wNkdHU}_>e(v(md
zZLUlJ$s-t)5_?}e<lqlAkh*zPD#sYYXCwa5mKrvrb&{_1#FLhbS|Z)Ra#H}*5OwOX
zc5^tSa$+*Yp+-^j={8BcWFIX;+(?*E5?f@LBo(NTk0!HSXKoBmf<OUSLB#EUDi7bu
zrCRC7f^3G><T_pMfGTeGdE0vgT<Pl^|L4hc2Ad5k7G6()wSg5?-T-zP`Wg})8x-5Q
zua*A|)TNn?_XdLKBmXcq{ss0aJB_hwp;^gXbm(i)ujX7(7#EdW@wnV;@20)+r})ac
zGRpsaC1}tAQG<^1ny%4=^ezbYsgWW?nx6_I#S#(*>^y)w;ZgU%VHy&0I+=Df71qaB
z`UsTJiicj9OVTKR>tiL9wJioHk&F32oEvrdo0@4Xa{h$DM#|iA>KB1hj?+hb*B3{<
zwV!V=AgpA}H5#9~Ia!I*d45gU8~3wiTXU8W9EQNYKUQI7t!mJA%auXcr;T~XcTB%+
zK0QCFYZtx9J@#0R)+WHiu(1;|8GXkFne3zNB{#Fq8xJkq$AKO^d^gQ7u+uF969Sd+
zh#G>!IvCiAW!XRE415<uM3h&EpUe4MLD$#eJX$On;yLUoPEYeayljoJGxThcR4f8E
zQC~$;T(*Vs%EnIozDtCW&xMq)rJUqqN-FVfKk|NbnfoCH7^VwdfZ<tl@po|12M?hC
z#itQepi_YG^m7iS_`=H|NNECx1R}*u|2#QEgOD@<PS4Q;O&>w1gWA0iB~YLg<6f;O
z={j-*+}7c?`V132RIMp;1$4K3;}9WPwh1ZOuR2EI0Slh<^Uh1JvQ-o0l%N?x4bseP
z*p0C|{gq@eWQoP2GYw$foNJIMI`o(uV#8<=6*xYTWtX9K{l+;6gXYp0siYlVWazR*
zR57JCEo)llS#Xs|DTIvq3Ggg)O$<m}Z1Vl%qLmj<K5+k&z;C%eoY&jNyYWC6>+Op8
zW8z=lqSzJv69A=V-Geg6tQ*eEtl<BYY!Sf0GB82+XYy~LE0ks=ZsE#xt!@p@cqsiC
zLmP7TDExIP1>0KENt^}IA6($n`ymT+-S1={d>IPI>i@pGni*QDu=Osd5v<IT$Je_}
zAJ){48cn<JQf8kn#~LU^+JjwZN=>Fb@QsKYf_grt<%s=OLiC5i{@||}LWX=FXGHUG
zCGC&f={*FsZyq|2`5-S9=QxNPi=~7qN<ydP!LEtBaXwm?&kn_}1)eb=-ph|Vi{Z^h
zX()%+T&Yb$I26E(%OyQD03%}c7zarFt9n!A!`DAl3B^y-YS*$8O_G8CZmSKGT#sQV
zxZ!p@nLZ`-%ah}_8~Wgus#LrYnmJu#iPSl^9BfH>xYq>>!cF7D&Uf70dc1TS0Q5)m
zR4iQ;xydK^P=utzt$bq}^Lxt7o3yAzo~`FCQ$tp9kOGs$dl4@i$D#e=Csu$hqa{)d
z9YOYq$|#V8v_y&t_!8@YmmKTjam(>cT&GPxgc+U(LQia+;0{oUI31ZD6Qd*WF)XQ!
zWErAhLnX}|^Bjn&y#>@=zMzO8yB+4!$hP>nW#G=2xUL|dFy2-*-kQZW_(wvB$9oni
z@wq@((SXlXeKe>^Gyn>oW-Qm6B{OlL_ebCGzaaAwxobUDJ@9(v?jjmAHCpO+alAif
zpCmg@i`u<)&vEYY;X}6VK?nN4Ce9sJViaf?2Q>Kn*A@8_z;-c(ldDzm5@lNFWu)EK
z*#(MM=jZA?qHOYGFEwCjksLi>n7k37%^~h3AQe1t3MW!Gb8=f!ZaEMSvXr2O^ng44
zQG2Ozdx&Kd0yb*bL**ZT1@WT+SAOKpCkam{0Rmg^N3bToK2bZ>Jo>)xqB!aavT+M<
zL3;JUWn88yA#^M<Xw-MxYa{3VtGhE(pJnU_!ot$$TK%LG9LR=TQgd-J=GSW=WSBS`
zxCuz$^N+z9jyGyIiX-zpKMm18Mt5rVhoG&iabokI9vRDQ(y5R#a}ph!&B`7V<F}sO
za~o{yByZi-yZ6*(tZ~1_>mMw4vo}7p#-6H!+o|-rU_j(=?8DDzZ?4$|uwMfc$^*F~
zXtd2+&205uh+D&ES$9&w8)F$LtneFsi5bJoyAFJGQYHc3?G`>7tss}{v-m_&hM?KB
z0|(D?2pr@^b--I!XX9sY#E5V%L7GWPIyqKGTwR>R8bXc)Ngx3(eE_AAFo%wf&GPgN
zSu|QKhg2B%DIN4}a5S~+N%p`HPNs9f5Dt4g)P#Dz3|k!F$@XQ^(W1Qvz){}y=A<d;
zV1^D#E2rP45PbU!2R>6`AfZ)bYpMlI^lPi2o+7;AAnl8fvM<HxV!5=9K@2;CR}v8;
zBynGdaF8hS6H1QD7(Q#(6PFH5HjHB10~m+{nm;fKcWk!glicgZ_56aQpf}69P?+_F
zd+lVR&k&AAe_Rw1NewLP5+xP<4(xSUB}9qz{AN8AR@553E>Y(N+9lS1$mj0Nq9I-=
z9Ig#h#IZ$M_yk<ORe1V5stB-OnPm7%e7>|F!K28vG(JO+4BqP|e40@K<XRScDWhps
z5eidEY`CgebGT9bXjOtbJb@2LNuFlBXC!@Qb`C^$5p8+T_j662kGeBH&mcu1n@qA)
z`7KX*!C;<vE=%0>PC+~dHwvT&@S`f0{KKBL*}-8J&w(Lyw@$6=LsNNlh;oS8G@d<V
zd`v0V`7H++6nNpvY~@IBp!+PKIkV2`-~<d(8!96Z4P?|5ag>0r!4EiIMZR`P%3)Hw
zk|Xc@Z#ez8ffquzpfZaSm0v+8htk72#AYDs2#`Fr#V!f0n=f{z=#v0CHRusqa+pDm
zMB<ZP8h(=!<`F;`*pfg_I<FneUp9YKOO}npO@i+$;Mg&i{CdLa<i_ILq5*74nj51<
z<;7AmE6MBdP&m5H*aRS(9irEu${79g%E%qo!|CsG3;5||-9YMBzwbGKMKPL#^lo+^
zE7Z{dkgvBEMznpN!;aZf$KfQFrs{vvjx@Y0m4pordVS#qkRMERr_?FnjOXItS`VP6
zjbrDMS&6X>Fq7c8e@h^WIB|0O<tMUc^m=w6Q%*$N^uY-A&Wku6DKqD1{iQ%|7^$$*
zJ^~_2H;?otsi6>_eVii%YGo`IB9&5x2&y1}?z?M2MX$TiqdS&67Mc4O*iFhWLs#ZO
zO~$~Q@M}EUBeBvHozj;@uU{6mCkfdNe`=>SSF(&EcU5sUP$@aoi|Vg0G}@IO&i-d|
zLFAs}K)kBXBT#6mhKEkt<qv~?6;!pgw+;IY<Y*IHfvJ|UnfF$Nkj+Qfi^o0;QU$tI
z#R(wny{@)NfAQ=qgVfLo283}tjt|R*dVapuPj`cef&qF}?_7aFe0<V$g|1#C_50-4
z$<d}lpDDE)m&AST4BlWKbm#y$7)WmeG-b9sWViP7wi~YX&#foOg=*DXh;^5!3}BgH
zDZe#=jsR>&U18%hP?@xV>#z_5;wZA}_=Rd~qOA4DPQXW%-F5sVo7|-trX(O3v~7Wy
zeLAa55emvf-R@avv!t_Qk@u%V)!|&0)V2@thHwt_p%tJwur()NqGU3ZJ2U2i&Vt?+
zmFD+FWzSkp@jJk_5$)yz()i*iG_JVXF%_Q83`y1&r~mQ*kh|Lj#_I|~Hhei6P?MCh
z%KGIPT^6Y6IW`7;eA7uQ>V20K<Se+xw)Ri!cw(4@f_avyfE}p~h<)FTX}3dSZ@HZx
zssa7Yo-4$Y6TZZsJJY`COKq)+at{I<RiyeEFaw&xfr?b5V}R^SEdh!h>xZ3Q$Z)A6
ze7&rjEAr+$UA%;>FU;(|Oe7Cl0Pw`=SQ6ONLoYrRUQk?u3JLGtz)mCJ8i{P4JAOO3
zDf(-hof~w@%r9zMAjG9F-F7ao+=?GQU+n*oYu?^cIPWM`Yx4jv-aUmby!cG&_7I`5
zKAIRFRDUtB;Q=(6vS0ueR)X>AwQk7uozj87sbu(jJ6(bE;VPpPrn?_-X63OdC3GkS
zTi33!!D-!@A4@0McHP^b&|HaZK501_a>~NS$sx|x1B$-;(`d(LFHFLO0tszZFFCnZ
zfG($Ny2y{sFos2^K#8ofBCqx2zjuA@9KtF8%}xXK17?LxsQ*du;5~(kT;7u*RNox`
zm>x6hx&1jt^@pygd+N1v?9#)$hT@(9r0l{1ig^EF@TTqe#nQl;1imMPPzJ982-=T$
z9~XPvT=!}<w78<@26t%DW3cy-Ic*eGb@}rg9_|2-Z%=<q-M?ghZ&!hkXBfh8`zM~E
zL`33a2wMC*&`B9NZTK!RAgniIkw#%wYR&u0)vxQfjgcc{2MPjuoZt1sa)=3B(8xhE
zV-NAl#v<sX(r61J*A5jsj<bsn=kX!@uo|~c&J5d(Jc)xYysuiWjU+VUrG2%XpJO;s
z85xsQYcdu214u|<TuexAba^(SZBW!JcB01*+Lw@)i+_@YG**yuBhCOXnS7RTk*n8h
zK`tD8ryr-^BtPcXsvDHXIKW6NmkY}#CNM@Lw?_@6a$^xRTWJD|v!<BKv3)Tf4gPE^
zh5OgZcD?Jk6be!_#@xMiE)OSzItg*?RKLD9q_IS)#G0@Pz$Lu*`++aG=nKklm}F1=
z<b7!jV}7ZM0R^EMTMPcP)#iZj0q`?m=3JclNhu)SgcKROO)LDkPo7G0$4?{w;*Pyk
zf~?^GP?%(4X_8)p_f`tp_0EmFT@QgdQuR%(eK@W&4}1XC{TO+`Fb)R{egrg>un<0N
z#O^uwqdr+BaQlxINHDqR;3PJKz2kS%cCl!;3qPHD-w_>RVXyY35J=LBv>>#NK9EM#
z1Rj0BA(a<^n!-Yzv?Q}JAa|{eYAF@wuZB%1A*&TaO!?Gdp5d}p2H@dWN$1GE*a-S@
zo3`SSDG%?b!xg!QIN7&l=c&i2uNQ=3jKwNjkDX}sLr<D7g#7kQ6^reAxQ4$Q%ULmQ
zfB$M)-RbEof;}(Ew9wQeQ%%lmCRH|@$Dt1)LU7-uHocO45uEE+v^FWU;D##yZ-_Af
z+isPrj0njL`HA%Q^v|k_WHG3zl%yxaCqB;R0Nn*bAe}w{_{x$oSfwu0PFA<w!5sQE
z{xRb_FP>nY9ZW+|(^$g#HUNw;$tGq}CCxbZYX;4G;uzJiQ4ZV;eobl3!dGfBjHIHV
zUuzhIS0)YIx7)@|{SSXgrD<UQx&@({S4JA#T=EtqcM)ku;DnYD)ZgJNf;D|0KB9%H
zKF)Gco&me}a?MOA2r>G+pB|ge9ZXhOnQxH`D>E=OYX-g3wiwBezSCpayJFw2oA5$~
z`F+VUqk<0%GQD+D%dJ~k2&D3h<bn<c+pNqb-EYr{YrKgkmVr}*?LINYz<dQdH#LEE
z#)OjB90QkXMd%vXJ(g~qV3MHdU}|lAoAQ1F1w#qS;tT|ZLTrT<VMvm?%593n@&VC%
z#0=r^lX0Y&Y+~RH_psAAyIfO!@+0&+hFnOei#sMsvT^F5yvO^cg#ypN`X}u^32&l9
z*5b<`fWD)j7*GAhu^CH`HE`GA9Rtk)UA$8cgi4UZ`f#}XJ06$F?O|eWh~xE-+#k<2
zT<$KiVFM#eY+?6(s0jm$qkaSXchEWn@sr$tSy-y?4bN0-!LFyTb}Xx(Z2>8{@ak!p
z_gDQLax^@*TgDFzD&NN+)t2(Wsf>7mZL#Z@?#Fu8KSiC^-=xjH7u)0Cmoy7F_IOh!
z+m5bTZd}Kv(1#$AV6*8DOJ}<U?FtOk^};cs&IBmTXfZ^QDnH>cAm_yRaCP8OG8RfM
zw`wGsn!8$%f($JaYp6lkV+H+IG*T3p2>5!qN*ebFa4YTTDPfft+fQW>X<bvS=d|-M
zk+w-a^9}UI@1Rk;1>q3&R~8aF*FkeYF$h0){*iM7Fv`AOBVDreLNX8Neu|^lIe|5a
zMeV^?yCG+Z{xPVY^U*Kj*|os?#ihr$1au?=4Ek0Mfx+n&?LZ41BuSA?%=Qt8%GkUf
zk#e1B+;<Y-13y+r#!q;7vmAALqC=FatNXsw^1hhLd_~P~85Px_=G-2P)o+5}bhoGa
zN)9o2KT}Z^mD3V&o@6G14yWXxM*z8RTrq;P6W`!Q)&y#6MO&Mh5RWVIAA)hLlCfl3
zm=Z?rKojm%t{QUzpD`I4^k>Jy2Mz>JFc7~y7<3*y4H`St-^u*3jEakZ|Mb)rJ`)Zu
z&BN7;0$nYB0b|(0FEZ!8Kuuep*2w()h_OrTN!*o~-@ip8caXw?L|>2wza2dC3>Z)~
z_D`RRWK*&&&W3nz6mpUVm4s^&WXFLq{`#&D#K8HYM!X-FM(N9{<DI3>fsPeWxDG^*
zmpF$ny`?hJAQ3#53qwPcj$y>{;6a%MVRQf^HrE8AaS3XJR*Mwb(+EYby&uvn077Bh
z16;%v;I(`}|9QU?n!U){osU+Qhl~9;5ct5gc%0WkyP#un1`+rZd;t*T7KowNrU*1(
zEBacSyA<f~(wEpP;N}pA5MV(AK9ff=TyI{pIc2_^i&nOnf7~+P4l%qIzqz!lsZs>c
zWI3dSjJ9s@-iIVv!6{VjYeNkJsUu1^yPQz@@g7Kzjee46U<7b)kYekoSiN<BEV6x!
zQ@#Ri6rYQ;{pX_T(A=@mfVyq@^1oorkboPI?w9qTy1EV=P!7cz{$R8^-DXrq+$4fs
z1fbSc4R@R4Dg@7H(8~cfLNL8J3(?BO@Y8v}p%mHiKNulXs5+PR8+yPGwE<f*L%s=Y
zzMrfYz5TeQ6Sx5qpJZTE4RWb}^9QIePIL?ioyIj+FDIjPJBvd#AAn{SYvfGEvs*_)
zDiT848oz+uc`S=B*rpO!k0}1`_~!U`={pZzsYZiV^5}aSvLV?2M*lPBM74i>{;29I
zvs{RMv2C;kk}nI?CE#q)7CxC^j#h!OJ*o$-J;P~lVIK&+NnWPF9y-XLV=<I%33_FE
zM`Z4TsGV1rO}tVM^&r&U)1Q7}SsWu2HD8l><%>_r)NZ}npANj`*Z{bul&dg{0$B)Y
z$%~<Ik-IO4<<<D$3L9JD9Mo0SK#4Po3V1SjptK~gdS>NgXr+hrG@#EvY$XBM^@Oya
zJ?C;^TG}tK12NDxa0n++=>*eoZPs;lWEK#4hk<A0@*h1i?7{mR0NTcvKJ3wUN4xa!
zqrXfhBpXWiaPb^yVtaARGC-e_Z0P(<Wh9aQ=ME|TNRh5~gLnM_4ZWGzzpjAG%{!^`
zZQp^<+-%osy0*fyKh3jeQ!WaKMoagHq2b~;y8PBtf?F0oSGFKu$!8B1=?eV40eYvf
z0HgQZ>73xa(|q;(Ddrb3h(hFZVbA<*jtV`}OokFnL&G30jl$zKAW>KWau*q4lB1j)
zw}wpyEZFoR%po~zhev7^mRedR`eHRf^x?WFJM|`Ol08sh_)VxDxP3wY=PKZwyElft
z(#7+PO^MQk4K*@zYI9*g?Md>3)oj1*HtjvG5Sjz&K<&fCkMP%zE{>#@{=E!J%i;~T
zDNb9YIQ}wnJ@2&`u()pC-sGh3erBpwYj2T<tN0iX(QzB)@dkdu{vn)Mz{q;Fgucuy
zu1d<zdoKnqT6qCxlSe=+oC}nl$X4Tf?5J_>*ODV}fp$?8hifZ1U!BlTjw)?wfF|}r
z=Q&U8qym3YfKt$!`z(BPuITk^DVw;#(bS+7`K$>F5~}oWhv9bo;W?msYdD@m4C>-l
zb`|DCPO45d9<CZ2>^Gq2zAHBtBsXDg;$@#nU`9gPiUpTmP-4WhjI}!=dy{$5V8$0Y
zN{K6aN>O|@Vg~_w5#1I(cF9tz*30{+%0OdC1~Mn_<!+N_ofY0c2JD}}fNdJbJ_mfR
z(Qx!S5FcVGF_!hYLUvI292ju(Ikk%mXWUNSAlH2&f+HBaVordmh~z)s5Hq~iYSc~S
zlo)628;d~)W#G3q@<AWWI%plYFIEl&2dWd8yg3N1S#9)zzUY7@b-llSx;<H?vQnC>
zn(l=nrgjbrQ?=s$3wtX)><ZzDxHJhc8*Z1X9O7e6Zw5Z6Pp)8><mUtXF!<Goq!Ir+
z0wsh@>?eJ$8IPU9o6?O9L4oc~qU`uT2B_n`derY#ptQpopuPj`0shI2$O7f0vH)f>
zJ3A_)Dn1<EAl>#8&^@4;lj>eu3z~CBK*c+$fRE&l8UzmwVQ{RrTOl>=D1e|TkOqo?
zvuf%0UOmdw4K_m#aJcR0Ju@lX1VebR<iHIHn1}?IQiFxKpSTzlaRz{IdU4~ma|Mu$
zk(NxErtT}Gn9rXK;h0BCg`M$=HBA3>{HMRo%1z1N_F*}gpETZhS-~NEFE7UF#S2g%
z%18Z7394#^^38!z;~72^uR?~_nN19SF{ES!cx{YhvJ$0KOM!uIWnE<{T#gRd6{6L-
z8%{Iq?x@Z2m}Wjl6`B^5nZb`D7(4tTmK(1W74%NC`9wF1+PPqz+8!i|xm4x@b)Xjf
zgvBu61;(TBdkL8khjv_<+Bcyb;@@t6LGN9@YzU3Ths7R-4yzhkEHjA)P$g6YhFWb9
zJxgOyE$^0JQKbnhonj{;1z-PriMY0jGn8$?E-;gB@n9R^m|<yt2!6$)LVO7Du9m$C
zCuSPd&%tOly1Sjxm)~U?@<drEfGRURK_Cz=gerf<7&#e(fI19{tc9kZ!IBo|gZhx&
z_ktBbtd&ttW{>_fDc)l-jpJGD<}pwO0Iq%X<Hbpk4TSCr67nPhFqO<+u2`&7{`)v^
z3Ireht_P;fwgLB0`->+)5mm?ZP{kCrnUmCsRf1HD^@QRR#tE27c+5ogp?;w3IDk%a
zoym;y1<(Re^iO@^?^jB`VR`ms6R|2?(En*UUYc(Cw=4@K%OwMy6#OjB)<jn2$Jy<1
zCjM$xYZS~y3KCqL>{NZ27jtvXQAy?Ed%hsl>)lEq@&b5fe}8wdj<<DF6*P@0Bd+=7
zgF(QmYBHR=($=twowB(7Apjk*q$Pj@g;6eE@BG8oj0Y(W8A8dS7l}`lqPY!bCMr=r
z9#j(+;1^{v>DeuGEaSlZrc@7F-Pch8sA|eKsNyp5V}lwHyQ44q7wrnP3d}0*qsn3x
z7DKWX*3+*?@-*cB=>WJ#<JpgD)CG2Vj*7cLLk(XJu!M*ZX+<=DIGs{~?Wbd3$ZjPU
z%y)P2|I^r822>SpTf=K_8dOrc5d=XgX=y}Mq(M+bkW^ASWfLmWC<sbRqtX)6p@ayi
zNK1+!jY!u!m&bG7bMAZZ{XTveo4waw>&ZFh9Ai9pi`Yc1yJDw7C82}ziuM)xhE4ER
z(1pr*M5zKcE*)8ND4Oa@j5r0MOr0Z(ExQHR-dyUlRAL*0Y_n180a)C``86JJ=ihE8
zpaxw@p$Z?9w#L>!Xq@>V<a_+-=jZx+X>%-#^=NBQAjY7joLj11Hh?T@oF(rnC$;ZX
zgv2Bvl8}LX-F<rzU%v<Hd~w6=z-#X=c?DKDzr0V5_#Io0_$+y8Iw6Yn3Nh{o6T|6C
zRk-ReKhv<g2B5>RRb$$?N<=?P@#r2EuFJ8F26Cb-fHpmpso#U5)ly2;2v{O&2l8MC
z^c9uVA96`53SpQe9AcMW{zQ<}yD$Z>Nw|6ccxK%T(a`C`4FC7q7g#I_^eZPcpeprh
zQ;jZCFp$SLWq)g40jW>CIg>NiPjvsf6(3W~Wpz-GahgI7Bp<RGpGU(wX&FTFgWOVa
z>az%vbu;!AnlFsMhKa2M>k3?dS~CNH+VcwUBagVl^cGP$%J2iE6R#HEfN)pSJI@vc
zl5Wb376Tifj{5Jf$6MI7;V6-`#p}CJ+sgbNL3*r)@Cq#>_Av=HPYZCLNh|yb?`Wcm
zfo-;cqjf~=(F#2Tu>JWS0x{O;!>46Ts~K!oR48>E_4v6VniV9AkJ}1UuLoW>l??!`
zi#&UZX|qI;SmLMO-2#8K|Cwtf7zIwCa6G*;>uW>^q)74n#~|%=XHZTNKosI+@+(%o
zlSw$&fUN(VSZkW4TmR|}ZU$ZvvvVu{!1}NRy{L6P247;}BtVu91LcN5Ia1tau}6>H
zP+1<MjJw?kf)pyhRz5e|5;CrMb#Q(;krz=A`q9~2T)*|20!bq|?;@v3*Cl@zFTI}N
z4r|B@&QhS~b5~W;DU_GI#vo<WoAdpeJ9ufKaz+S_iH@W6y=`<AR^+^1V#e7}IgAFH
zRO|`_8sVF#>9JAA+;fL6JcwXCs`mx&IpIpJxZ|h*rol4)hE?sctQ&gMcp%?m>k(=i
z2VPht6Ou-VT;Y35&9*_XxMA~F;pYxOxA^I;Gl2hcF*azGn)waKz|9fM?q?G+sX6>#
zrY_UCUhLjW)3>HzX}SLdHUz+40yp03NxwIn<WQqU*q^9cMM{w@JQIA*BUD44fg}m}
zq}T4;ROVyU|K3)#%8*+})XS?TR=-nCjtteiJ(RWhf#zclq4THM1#Z?EUz*5mg5|@s
zel<lpLD^dNH^vas!e=enXB9*dX~h@Y7?hRYdhh4prYnLYlDoc%q5r?E{FDOqC_(KW
zRDz|P%@8b$Ag;k*7@VN2Tu{4ltsQZzmSTT$p6Siffc3+Cw_Rh*5U8j!J6IURpL3w>
zvY+}<L-@ZhAovLI<=&i?NPB=46L}lNvVm#l5LTh$;#Q4d<o*C-d<CRU7p-M`&kbC_
zuu~|$CiEWS!Zk{l72{c1sN~40H`}oh;KoQX1RG5CTv!SxtF5k?pB=xqs0dhKQ$82W
z5u^b96zoZXoM1EvK@_6ofC2}KI`tLw*6BrveI9*-!TI9Z9tHB<+p5l3bbHI02G?qA
z!+AsmBwd`!2}z2Xp%{f*AejTitF;1}xf#P2JjJmDCqY~d{8np2U9JwoL{xA_L!ziQ
zuHMDYdzq+HuI@h+O3(hj^S^x&kdNJDrsp5+%gCki8VhGa#lb(f0&x?nTKf-iT<0b>
z&2;>a>`jy7yF=K?f2rU!V~MONCf<Yi?;RR!b+R|1in@+X(XnqG*Ely(8Q_yB!M`$_
zM@P*5ehr~n>=A<aD(ic14dW=(YUq&dkKd<0fS%N1>6vB>MKFHXzXXE7uD1N&UMv6}
z${mR5yWY`YB?~0$vPu6EvVD&S;}-y18(4To|N7<RU->Br9&w<MN2RzQ|FXH`c|*}?
zIuKep>vDVv1ADORx_qRdHVt5#ON~Ib&H`2PcVl(T0|?zO(Eu?zL?^g>QqFHjl1>+y
zkbFL}p&3htzFG!#!1l9R&K52TLMS4ckeu}VK{~_7MJ<ek(DSGaD!&mPiu@FCq_&OW
zNW#%pqE?btvewgTUl0Ch9uS3Cj4QM9^4-`IF?psZ@cu7vx^F^|IKzUs^6z~job{-B
zlt2zKjdL&hr`ncp1*8~Er~>wLotz=(i?i^an_0;Xl;?^6%479R2p$JfRo0j&&~W_y
z#yV+UM2&iifb&Hs`gQ_PVydW^{k8r3uZrjgrXF&fCs948Fj8dBs-i;J?hdSc5fr)v
z)Y2hA=R1Js7W?)$^}k7iofLPrZ&{!h|L2W@EO<MV#F$f{oC0o)78T;6cl}rA3qBdR
zkTy2-nlL^nW8~p32#!`0QN#cz5S&a1f)iKeQ4#S!JW&26(2c4z(mqdf<)0d1(ghF+
zJA+9dszQdZW6t8fb^LOTT-#;z%6}Be>x%!qfcXEt5umr|qC4Dku+(rl4yx*ZGg<i$
z=ae=rG&BKwu4)(I7=HAA8EgQ=izsD7_zTFq00qO~$d>{l;>71rns$kM$tfNtKmgQQ
z*^?MVwVlEXoq-OJo_pMbl7ZkuF>b*1>2M2}4{C#9*5+Z`Ul12u0N1@UR_6zydQ7R$
zrh^-#I6k-)TYY4lxwBmSR)7k|3ME=;e)J7iM8JZa)-WHOWx-@a3cV2sPgQ5ZQ{sdt
zm{@=fNoXcWHS+;PjZ`JHiNV(pqndqu#M2H;Gpe44gcyUrOE}2uG;<-FJ6e?x5^@gA
zKR{0&TuXKZibbeT<evu~hfq!nC64?_z;OP;hnm*VA1-T%k~KtaBIJb9jT$NE;HquZ
z@I`8<ZV^pN01@HwMeUHLJAf?np_KJ_+heY`9o_|;iZ(TRTElWXql+|mFPwcL)YKUt
zZ|wXiX=eIE{8h*^JanPv?1nLBei||~$IloWQnf;o^lQ~~-W3zy)$>yIsQi;w&}6~*
z%6C4XVwN$8S{W)LOQG)L$U{nPPq2c#`Nn?OAp3y3Lkxa@4j+Tc_*p-z2|Wto^#Rr}
zMcvLEe|Z!YLztM0B04{KiGU6K@=r}r{W}vl1KI!z)d%$Ae1=ElJqTI#L5rEib{UvE
z$uA%IqDcHT1gMXT%IyYqphDXX4<?Z?LbPx2`^K5eAPr9O+c1KxMIH1^z<oIkJwqC`
z;kh$4D@tO1JFYX?DpFS=Y@DyL>wEQV2ePZli4@y_b_qtI0!F9%SsI9i@Y3`Ml%{k3
zU_p?i&YZeLw@dFG2(|^sGv^&(7^4Osa{$xa3#jNXI)VK_K9mn$USRX<^{xTSg{~{_
zMyg!Q%cnMqU)1<P6qz}g2P5|mSS@y4d4z?bdHy{(JDNWy`<($XZ`Tz9EXhpy$N`)7
z@I4r^MD}4!TkL5kNI9WB7$CVFeZ4>qZtQmaR^@)<i^_eFpnkP2tmTp2g>ZLqB$!tV
z9WvWIY7urc;{Wt7!nGSpvU74qL4W?I6RA?f>Dwx+uq^-Q%YO&nUymbFVRyVMP(t_*
zkAtd~=e(SpA}|y=J2+GuV-d}WB=dhdD223L#|R7(IK@Bu3}gHs<5<hHnErxF?0<Dl
z@@-+f1FjJuclhV}^T&hf|1ncaGbKP4#5GkOn3bp~9)ATh2Nnh~w>FN4ZByV`>QTTG
zg=TDbzL6b2_1*Z2%I^xAjL!;02wJ?3W9RXv0rreO6kuTYaYG#>T<Zud*=;Zl5OZ6|
z3xXAjezrP8`#CaNfn3yn#;r?gCKq)xd~H%Yv@J4)ww%O$IiyG)^;QI4*OD(&=v4Wz
z!;`Uv=e7lR3v|#G4TUqU(A~)|BSc(&sDnDZJ*bOd1}|U|3|HoTtF%$!_q+$HHFgoB
z)V`*496=!o_`Gy_kE2y*@=FWA(Quo&9`muzZ#OeDi5DRbg`xdYC+m_?Yb~r$b6{zq
zkIG%~1JN0dDoozgL4NZNe1BI32PY}_CKg9C%sle_2vY9wZEi#buoj(8)0g3|g*V5l
zE)rYbQ$U?0=PNpRkTzfPkyU_L*T=a05BBcBy4rQ67Z$f$UFnTML^2X^xmdj~CYxA<
zEt3&ZfK}x6BE=EOi8nytH9!}a$EE<m(P^m<B^&cg_p3dYpRVuJLLS1}C*I$6Vc^qH
zHpGL%^T1=~DOBEFgCqyv;wRJ?2nF8W6Zh$Q;en5r)_#L3jUM0=-~dhcf^aAs)%O1>
zv%&<cER=B?$1%#^tLc3(E=o$n%f1`c%_{3%HdOCl|K@c5+G2gqTDt#O%?{8u_rY=2
zy!Pa!S=<rkR=id+?(LTaZ!dwkPc!l=&jx^}Ys*GJGMc$_85aAmPc-HD8XG#|_>*5|
z&F!O}Aay4s1y^=aI1M>n^?g_vx<2X;mRP>-P8K$Q@LN{#3e6oR?~R3LtJ_a5vEf|1
z$<;P@DYYe4c#tA%!Y*VSq9Lu5$*ww`K7(v0lbn>)-+xJ0CbInon9|-Sr#_vu*7fJ-
zK5;OqDeFU5*U|26h7F=Sys(Vj@@cI<%6L|7M_96=qTT@<XoL$v^|7xwJjezcKv5tf
z0kow0v5yjCcCS%x<E_Z}{ebL8(1v0^-aKM&_*AI;Lk6`C;_*V$a?+58As-^&M@{p-
zLi(6;?Kx}%M)Nm;Ly>?>163PCsytwsXGv_&eC0VwAGQIT?51z=n;XE^d_ApZ2g(~)
zTb4^50Oe3`oVai`!3%ts5<v_9hM8mutwX!vBCWk;MN&{E#8a*>rPh(WagiV;rkWsP
z^;Ebt<9!2!%I2dk&?|k?=d_gemi-T3s)p02N6PKYCQLt<ZEm<XUW&>-_>4023i{I@
zASj4M71{09^KM(;ijI))8GvhK+mBsvZ+ds_p*rR8twg|KHzCLT?b<^k@5P*3&_BYd
zkH!#8H{^3OP}i?KmWx)fH-2_hsAt^`G^GsqTz{}GXj@fko>x2eXmklIa-TdtC%t0n
zeQ<&d5s{J?*}tbkb1eNBqE&JO%)Nl1SADBo`9*Fmm~-_x>s^((tk$-*?rjl>%h&TE
zIm!^4EbF8|m_K;=4Qf3GA;g>7x#iLIjr~2yp1g9))#(3#n*9yGjP(Yi#8+-M^L^ak
zIg}q5vT&|44RCPv7AijK?HV<vDkN8Ufv_hoTazOzJs&~TPN%0i@0OdQaeSlupl*XG
z(gRxmE0jn4v?B0F?(Hu2mGhDeryCKEQO;|9th4PuW1GCc*=P;~#`3FH_x|&7ND&>c
zG>cNOr<j)oYDjj1TkcYsd^F|Hb#mF?(d*J>&*rAvOc#3&^85E^<PVFV4qq-wh;Ja_
zw%d&s`+X5P@qS}@1r#JLHOCk_pwS&=dv;|7H`EF3*W8~GBG2y0gOw0(+|odC^Tws)
zF3eibHHa>?qGR})Y^3@U@N`1Gl4WN-A-8f&T4E)|TUJ`*&c@hGudZgq^)J!w+fSfp
zfA6*Z{yT*fPKxN=eR1}-b>Up+{3mcLo_9mdrQa~K<hX;^!-vJiS)1!$85l$$k@EYk
zO6|u*v17BH1RLE==AeO#yvn@+i8M7nI{TT8?h5&ZEcLb%=*S6>MI<5bV_&#647=^?
z^@N6#)R2se7WcBK%Z-epqey#-)$*}m<4owsWBGA*cR8p#^yIfSBC0=gWAM-1&>}#f
zXb|UazF!nCzWA)-2Iy8`!KRX>5U^=mS>S#HoR^MYuq+vV5c*-PjCJ%Ew0=|Q-p(Cw
zILtmpsIF!1e|qS)Zb193g+gUMI&K{ctu~c)XPD7;b!-D5<Y;y(kzli6L?qKsF>@h3
z*G=j-Z|5ZQ%=fT09r*q7PTN*4J(SzHcC6a9n++TuES&FItnG(jC&oi1oQd_3@dZ3n
zHlj$Pq1|L5*;gjZ3kgr-0kwez!o&k6sOVGFcFL79Q~CNlEK}jOaK(KYP9u`{1+KpE
z7+x~XS|I+Y+$QGI@P?V`#>UNm+?6K-V#<5H=8or4<<;LlQvq|1c8-D^8EYo_llyY3
znJx$D$bGWLmAHICWr6|<@Q;i^O8;t|KJvcsoI5DnO8R74=Vu5=Uf(<IU7yikbuTid
zzw2(lr+@9};Oa5(5n&QlHTGat7QDN=sUlWREy8$2xY-=+)8=4de&iKVdX2tx{HL1(
zJ`(+N6R!eQyVQeifj-K_5V~uX?QUb;zZ~(9b;F9S%LAsFv`L)di?LR|Z)+#D5g1(<
z7@)AMX%Qi~yFWL|Z(D4+gBgIQ<Ymp=Cj0(^WOZViWh<pzo&Lf%9t%n*WpW_bXf*$+
z`5O81XCVuX!V5n;P2$4R!@N;<fIB{Mk5?BrmT@uU8-sf*Tad<oy(qjIRy#B-CHi9D
zM=}UcEw<5eZGYq#68&g62czmH(?xLdES_lzM=eWaj#VMIA{(jCA*HL0%4^aGU(F0B
zK|S-z?a{qd&(Bi+FxJ4M_3s_`5Fw^)gdvePH%QF1I!dlqvx4QsuR8j$h+s_*8s+Za
zo{!RGzm#4L7#21DD5b$#Tl7gi;4|NQDAi0upboo1mjc1p8Ty%sl=%VcT4vEX%*NNz
z_M?l7WOQfrbhFj9kDt<ueq3zwP-h#A`Cd<$5qtlZ_C2XC6tsI1HHIjW(<Y4nxalH;
zAU+N0Y_n?t3<NP%X0wTYsVkmKRWq;pxwJ|&AL~{)+-MIL&To*rij_V+lt@qYkAVSe
z>StMb_Ah@1#v=qV-(4&%HVeJEyI_S1!hlxqi|&u@OEeF4Ub*<x_;d2!=h+oF2R>pQ
z3F)DX5AH}+ypacE!I}h<DJUzz7C0WzeG}--M{-I9`&nuMJ-iGu33^z!cC+NjnJ>%n
z(BDca!5jN38EgyWc0rv3KVg?V$E#K(Pod7i_2%-%u4I-Ax;V0bTf-CCMi=`SVq_fX
zToHqPQq>Gg3{k~DY+6-svytm{bDDR&yef7{ZDUiTckO!fy%(o9UX^w|PT5X~BhNY;
z`&P)-M8szJ0txLi0h5P!9Ktme+P}&b%BOu~dDhf^GF4!BQY^vwYWKN^R#@K)vFEg%
z`$e(XOG`Ffsy}c?HX-Dy_|e|YAN1k-t|bkUN&H1J!$Wo_$P~-EK+d|w)=Z@>6Yz|U
zy75&2m~muu+J%JEWnAvD!;N!}CXspV%W34LpxZWhs-|b{?uYO)V_8rnuWbdvKZC%1
zgJYart0Q7;Xi)tNKL{y>2>%6Q_EhOR)VsmtRG5S8gy^0$z=M&e6YtbiVgbVcjksfe
z8fGY{umY<7hZ$;MV3q<Wr!(b$iO=_%PWi#L(U(c-Rl8Lj-~&?47KtIe5;_+h8PJ>g
zpA1qNxZ@)ERa9bS|BFi)1*LZAfEpbS+zKyy!Zt<L>2^!Ncqn?nG9hQ}2L1?)SsyYx
zhpfx9qIK5`EN-zo5d0?#l9i!ei+zV6v(|^5c;7lJ9ej?mK?OEryzmG>Vjh!YjrM^f
z6ncD@K+W})FDGeoK!@8nB@%4<F4uz3$*;qv`($6?YRdzhn<IO*K<B%&pW;w-XkzlE
zm93=8Ao_tX@Uef@@9%ZokKwwIj~aW@h3Q4Q(0^(0T<9;^uhbod8y(=7NS5_+?-Y^H
zJOD9+6y5Yl03MOvpE?q135bTQ_GE`AhNDm=9B7)Fs|KjS&q-&v!ZH5Pg%a`IU989l
z?bWY(5)2X<lvrOejKS@1{(3IU)%N2W185w*Va=ZQ-`$QQYscdBB1;o*r?o?t*}{7%
zo3j_wkgJ`6Iz53nE=v#G;a|By(X$}mr1q^en6T&rM+U7E+86E(gYmE)#Cg-$8gRb1
zFskXFP!jl;?G#us{lj(&ZxaeUc@QCgz+29uj{fU7)lmll-}W5{eM)@0lBCeq$XB{g
znt$hO{vD93mDE6`3cOW)fB8X@gjzS>Ywe?irIcI-^u--m-b;K3ip=Iv>Mc;g^=Fb?
zB5RhxnBOA#8+?%^8<?KtcEk%7g1?mG>-ph|Lf^4d`uVvaF3d%>gTH=!OniyLY>0q0
zP>$g}x@tzTJGtN|E1#YDtM9sFyU&CS5avu42TLzJZQZ?*tO1@t{K8BCAyB30iMEyR
zPc-wvv5IREw7O$(+{9JL)@Xo<wAhKA(IF@$e|JN}Iy4x@M^F*k+?SlFy>|y1iQ*rJ
z<O(-~R9eke#vAh?BFKl-XFe!^N+RSoHl~E!=Je(_O^QqdlIkT7oiz0F_1cHnESM!v
zYDoV)fzmwkAUU9S18O?n5(30XLDdh&uTbCBhg=L=O`Ug<a2$PA05l!1o4$p>A-G-`
z<{>BTF9@sv@jQU59bQpmj!?nrldk!3_{M`)%bn)>@cVCA{F9Z{)i*}CD`kvFSk5eI
zIGt$(aw7ca8~n`grgqdPK7a92BlX!u5$helzK)KcqB+$sJ@gm%`wHfkGNR;$P8YXO
z9T?+Vwhd+pfSrTfI1X=bm5*!}Z)_Q;&!ayE@UKU|Ms4_NmK8jg!8Xf&=<3o=E2FJ|
zN1u^(73`2h6}3H^^jm?Dd+YZ<fF|~(U4!cP=I|El4j$GNocY~sU%z=;ameh_sr`Gb
z=w_Dh#V(=;s5hoV@jKeJ{(vY?@P66f<bPeJV`f{D9~<BvSL)MsW+1Bk3JbvWz$IAJ
ze~;yKu|4?}p^uLoJgK|L)Ld>i+;GO@z{;=BzT(>ts}wIQ|K!-!>_mr-d#SdY@Mv#0
zF=Z!jk=|?G0^;-tFgF)~S+zD<z0vcU03pn9L5+^iH*A3iO0DAE0R{7Hj@EPFYCL+E
z!j8Ry?bt6^umv~XJ?eP`yiMn^+x}Y<L^qEmEt&W%F3NxLL<=W}yP&Mgrf2vF$80P$
zkqQ1zMT7sb23#oX-4;rsl!pDqUX+7z^9)&}b*f)^BKR8ZTQd{8r!5qH6d$exl0c#4
zgMj2&W`zsOz&|~#hcaSa@vmoHN;$=ZZ{IW8RzenV0EMw~2@zoMbbo5XpScTlS(VI(
zd_WJFpMD{dioEY)W)W9v+osB7|NRV{EphnlmvaO>O4Qho&Db|a7@-lT=Hu(`VDaUd
zLr^t;tO`^zLl#Ib8$Z`N?nzL7>*cR_0hM5XcE9a}p?%f#(*qYna?_3MbLtN{nsDVd
z(^3#d*M8w?(-wqC?-a{V7n8tc)YP~F97MlN)|6!d<7CKRwfD0IC41Ed{SZGP#{)xx
zA>tR$OEC6f4M!!f4av>44`!(&<DHaE1EC6*_og6_+FTD3YHH*%DW=mp`4mGue06Ro
zK+bx9A&6Ygi7Q-4iNhcQ74W`WzeQ&kOo2B<*spY$#rABU<gL5$%b6s>i`xzKzUUbz
zQ}Wanluv%&CS)WwTDa`BF=Q)vn3(iU*S*odm|Te>p-Ux6VQx>DZ_MyK(i2boYwN@g
z`?`G~zuUpamO#tXD-0Y@JI~}TyDX->9W#%T_1&k`1o(4q%o-z;xuYZMYKy^rI>N{n
zK+;TE6oDpgi2@}*YEHi>64-w{3?|uKYZ@$)Iby0bTpG=$_~N?@r9Q`_bVY4qnaQ0r
z3}};Bl4*6YIG3p-N0R6>NU%i5EaLPH_zoVJ4}!Qk%s%K7U-A@?73`ll4B3@_+-v)w
zuzpQE_?TrRWu<}0v4)Tl<}9gGSUW>nX38#c>wXICdi~+P;~_&_mz%DGsYTPeI6qR9
zp8T*R+N`k)I`|O*68g;(b}m2D`+s`(m_*q(IJ4&`3u((b1u0JWJ$=TOoB(-7hZb(U
zOc%@kib+-2-2~f=S_<w(P>KYw_p`cSkya~C!Zy|cweY&8-vI&R6NXaNu_Oq7c!W&=
za(;ix^z|VI)2aG_4-@_NUc+YawAdJR)5a0e&T)Csw;5~#Z+dm^B~l(9l^7Y{6=Y!L
zTBtYZmb&@)R{#ew-vV`c1@Q8RzriwmAnNyAnrq<N{`ZBH60%*Yvy`df-Vv%Z<QKQ!
z=flnUV8!LQJ<z_IbE;k}cR}stRz1}GV4nBhr0;KIy+#`~e}pJ`G3z=R&gtMo`Og+T
z$qd)s3(aNPB>{NnNf@j4ZF*dllD>hZqG7Hp?WqTG!EZBP?KyTyK8PVY)}^x%KFQ9F
zs8POC^o!M2UF~P==6F9$7(sEeRV~mp$BicGh<oXLmWwV=n)0(dgsN4UPXaz=<=MLE
z0ZnW{zJo-n`axPGrKWn7DHAh8p2TMl@g_S1q{R*Q4VH^H3vLfvu<XWo6b@HqP4Zct
zD$PPiRrx6Tm3a}JX$~<K>5G9kE+N5gv?=l0_VntxH-`)gWPji{P-~u>&`r;b&AZuB
z5s@%^y|=z`x$;NSjShTdH%{t`Y6<g0_m-;STFYBHSa!Gl=wGtJ>Qd1i+~YzbJRwvn
zHt``(D(fE%qm53LDltkJC??0V;1By}K_P#darmWGTh*>5scQC63W?v2Sk8J|*MsO-
z$5*EiyAJM=uH<@Ixv+H}nT4XDWm~hS9P54s-*j(oaRvRP=?J1o*X(hZzO;ysL<FgR
z4jBj#ABrOU*cR!<s&lR(Hz77j@l^O(+Wh3+{5*}%S2~|OK9gB$)Ipx}RSglE<fLFc
zdrZ~XbtDPzqGHh0TL!7|h1mtm78X)V^^VZ}yJ=7JNktJesoOP~^h|?d!5Wd&MKQEo
zyalOJPBsRJkdoDJqFxLGqSFjxJ?|8f&nkH0710LwzKsx7g&5skSv^X`wxB9|9{kc)
zD`0yN=R=w(c{M(Cg@thFnnknnBtNr_lEO5!J@h*|CqRQpUNR3LpmhSbmMeW{EU~yF
z3IlB0kvmo`nhK?#xXW!$AUgfzd}GwgUJ19(3b%QaW%E_ah3wisL)5mZLb{n8@x+Nm
ziG?BITU|lkZ=3fs>6?qYaGOq%`2F&)vwNyt67DL<_pUMR)cf@(=cxoI$?Ch`>{ixo
zg?HcD;VSdLkeiH{HXdD*&VHp;D8L@}h{Yyj-|%<yS>*Vg-}C+5QP=JU>WN3vabM|C
zToffId}=k7l&cxY*JT6l&A$~N(NOZ~F`k<zX-Il5W?J2+t10_6s)1uhK}n5d*jU);
z2$sLY6Ea1kQiC-tYgGn6DwQ#<jfCPv#6NOp8)DZ$mh!v*!D**g5etk;r;^`kh)c6a
zwAP68sX=SQbQY3}Mk;cQ7)3q4aahRmlCLvV#5+~bt?I1fnk|FPxcCb`(c-^b*E){~
zl_(Z{=E<W|b>zb|c-c=dtUYx%$u@tLayNV+;k?VAz2U*ZZN-#dQ?s44%#MKGH&Trx
zRaFCMoVw7KfA^?!S@dmor$7xD);z2^YOlyXnH(b(=7}l3o!Yz+_x7IJb_%^t`#^Jt
zdT8o~-8{?W!8IO4rw)H|4Q6Z*RUm2fQM1>W+xB*iFU0o9`@6iU+XiJV>GnkTzb+Y%
z583DQx*bF(IWB}CxZdr=b)zjW)zvbw2Dydq;*PqU!|5SEBfpr_oKw2)5sT^WSj3Lt
zWW)o+K9v82ds_5x)Pv@8(QYQh%UII@29|eN$*?0Ar9`eBySnsvk|V37iAMUEf9bpH
znGRLQXv(F;*x4uXC5iZ7*}K_y1q2VwT{B3Zq_G#Kie}B;lRVEH7J;2SMu4xY>O&jd
z$b6hVgm(&`T3zeyi}KC_4uPVnt@6pI3aSPzNtZ;iIE{xN>64xOI`7KCfeP=&bo*J9
zI-<JNWF8G)uDLPondjXwQBuNq{g*@^$pFnoV{(X;ZapsJ;-6rc5Yn^_d#pqp+N(S0
zb$4mvjw4xG^qr{m+FOPc?`LE76L!+ZR%CwI+<n?BHYnC%7uM?R&PR>>zEE;L>7luc
zx@lLOc;GlEwG+g0+equALJ8}uMN^F9K%H}c>Y6M^IM3~FTHjp%a(g$Qk((dzkxbu<
zzN4PQri>9{d;_?7vlQ0rch&7M;X}pboM)^zV{b@~7E~|I&8N!YG`WhhyKbs>NVw~v
zGvrmbQpl=LK}@+_n5gd94B8p1Od=e~ZZdZ&C=exAYo|&}%v-MD+ZTfgx$+B0vA9o$
zooPj3HsK3$-xUN(B43n7BNQ*ff|^fX{!~GieS$tBy5xi`!>DTCaYe+ioIkU4ku#s8
znw)`t{ma#5n6X=$i>g?KkTV+AGR8kdpS|Q>SG)9eNo*-!4RJkfvDrwjE38futlOC!
zfRCe4BGy(ufdo@1g)n|D0hjzvBjFFHoOWAZGrXdCGyED&F#Ff=^&Bu{8W`$#)a{wO
zmA!s3ov^XHB56r}7n3sj&Yn5m#QS#Qve97sJp&EapOs$?t{?ZnFJgSNusz!#7Mmr1
zJ)+TzB`>Z)-)!2x)Dd?%E3cZ-Og5OmU52!R|LHgT7_KrG-+ra})lHg9o;QSRGy~$+
zR%6M+s#k=2$%}?kttp+XBV>Q|jRy#=dJwU=M%U{qhFIBnVJM_;IGpE*9tyfOt1gw(
zvj6d1bilA9?)tgP)8Rhi%CkKa%APt-w(Y=!ok&IK0}<jN;_2^w4A;GqsgZM`B6aVI
z<BGoiV5y4SDsG6F%|&dwnZ_AOa9d{V%ArN9`8C=Fr+&9u-BhO<@=_ziRo<Iiv?4C#
zC&V<o4xc!kqfonY?tvjPuqNMB&0c94(RgX=vw*`RexLGS3aPho2u>(LoC+B!WR<HV
zatfI+zmOh^j6b@?OlH}=Uozo0T8tnc&M90%R`xu*KFCgl<2ySJkzTCz3f=8q<UYCT
z?lW5XlwWg;=Ox(wmwj{#HZ3fXC|i}oq{O~wT3q<lktZ>yee;~w{VA8QBb()kh+6GW
z{`G7XAG{GyZb#gQ+A4l-L`f!km5*Q3XN<S~p0S{N#>c^_^SaaF!@9nLQk#0Z@vqMQ
zVD)UP)fYO^iF_Zev1)M~QbsaIv(;3i;uY^Y47tq7t;WhaFUl39dRD)xW4DaodV7lk
zDLa`$=BVXBYyOLO(GWrGhfM;TgB&HrH66>;xj5r4tUP^F&!N<RL-Q0TG=!<e73;FN
z#}W9r+841GoPK$#CQ66oaUz~&r@9bg&y8qGUg(csUsB9csgMRdPP>+;-d_xk?8er5
zothygG5uI~_w?12l`94mCKuG^j@qA7jMR>lRpHrGl~oCmx{hUVvkW-Bo-N3l-;_U8
zBEg-_didPO<?1D*#a%5fr%K||F<*YBZrX~I-&dV@18K41SG$T>)e&|P;)D$aMiapg
zdbC{LSW&K?k_yrX!BCr`S1eulXv>kFEJeO<upxeah?(4MVuw<K7~f~aU9E$)%AKuW
zvnDyeFzH6qe5fMQ^VBOKPWDWq1m3R`Qg#MBh^Ke1tWT;U+4}n@{IA(=UH2)Druf+N
z3yWO1zh;U5flJBD{f+GFM_nyboXu|7y{VWI!hndJAYq+}MIA|^6oKP9u=PlnTRW9L
zXh?}TT8ywKKjbQ+bkWB|L(8boebkk@5OOrpZ|YjXIsAU1@f>^wXcv4NpG>~*qq(gi
zyaF;@JlN|?S8g)PuV=T!B5i+1!}pFa3rySr3iKuwwah23c8OpVWYQ0V*FFzKE1XZe
zj1B}^#M03u>=A*&oPFpy*+sP2d7z4u+ZqoFv*)smGOmsqzWsHlV=yZQQAm2iQryYB
zA9sN&2Op`=Da6zTZ{Wy<eWvQ$=t({aoEAhnfBy2dqNyh^vx&uoC>{|aeNPg+{L$eA
z;+e^vfeFOzn-813yO?v74)e?KB2E3rdV}Lgm4yBM%+YgkF2S+SKE2SMj<BuzW!en=
z4{^D-G80DHxL2iUG9f&Co32iqe1bMUx#6kLm#a&{FX0W)@ft`1i}UpDjfls%@uQ25
z-#d(W5MsHzTGswUmggkc9GQv{HCcBtc+$Kzir{TK@r=U(HTe^NpDkl&Zu@Ya|LW)|
zEROQrVq#r~9!n-ZQg`gGO4Y!aip1`!q*)6iS@eCIrw&{Q(t2Ak0jG+^Mbgv>GSL%E
z2%%-k$!d5d)^22i0W*<FultSxmynN5>qsoW)g+-g(R=zMS*Cz8re}ev-+B5`s(CUM
zk|$C24#T($hOLz^IXj2gj}Y52hs~ejlDl{O-<~PJYLu5G+*5h?i&gu*Y4o`S@F*f(
zpQYSlQ8?3c|Hvgw!`-P@#teKu--rB0G+y>yEvSKQQ&-xepzYk?uz)TW@pNIeWlNwX
z8@r|^J5{LjC0^<KtN|AHTbS$Ayh;Q<;^MgXE$Ot&)6Qv8`BrPLlgMm%ct~?6o)8s>
zkakxjG4i=qygLC#q1s%8o}`C^Y?&LWF*R4V7IJp?{TpMiTdj=$n5B1dUA5X#`iJF&
zI6dKKB-im^=w9{RbCOvnlq}#||50!X3uxib6REEW^>=R)8wIm61RF~=dkbN3v)sBC
zVI9Qfo%eOwsubuxvtlTQq~shbKVG&l%utm28E^OS)>pMbuKuN|oktbA>v8;!uy^nv
zxC;3a@_7UHlZZ{Kfb@}fl5Q9LhK6a+f86#VEEM^62|+MnxIpSO(X13a(~60-1|tRK
zXfD$!n%ByVQW%_Q#B#gXY*FS9X->rOBo5D7+j#EEb>Tb-&Em?iPcj)k9nJHy7tdoc
zuLdOwraP!*KCehC<>tV`485o0*lV68K8bL=7o&7iXU-h`eVk2xM57jSX7fh@;68m;
z8yJ%VskYqQk^Ajk3I$1Kva#O?8oX>O#O-6rTsamgk@V!LsRzR$a(&iLzMof!d$iJ+
z{&c3X{Hl9?o%8h3LVg~oni<;39*rf#1(+n;5!MMTn3qY^UH*3TgbLR+10<yDK9Vg_
z@UBc*hm1odj2**%E|2n+$=;_bH63D(x1>}^6BmX(n1b(Zj%z#uAppmnkpBz?I5F%h
zM6)TPK}sRg@NozadMQW{j$n!x57ZE1_*+Z`s{nuJa!?`gah0Pn|KnvO6v?@%l+FhI
zKVR^#i_QkxTzN>}>q>?xYQU0J4q7F?{^$WE`?AD4`FVRYPc)?4?IEpZe{ih+@SwUH
zY|8g$K*~3I<=kq^C&8f$MqZNrTFOVKRhjRq96CaYcB8%uPJ0U-bAscW>g5MsN@qk$
z=lg(BA^#1Jx!uMqHisKMqx&+>`}_r!FRHgD!}e!@r$Rfnx%6!~*=MQhoxAlaB+=;B
z8B83v{H%*WY+O;?4t%N^t5iRCkCD5r1od;0X1jKRXtvC8KKaT>%6kTD=1s@|5!KJq
z!#gf$FBP$fT{hO3-&Hz$`2!ga{0<sVmv)LceAU0|21RSFRlhieEvO$?0c*R@e@Orn
zeJY9sna{ODmk$TfWqP2}_`?D&>^Kz7-5^bEoi(rFH#P`qbGFs1_QZ>0tV7lQ7YYvH
zz%+L_HnwyZ{xJggebZMy7av*t4ov;c)aLo4^~*<;Fb&00-4LNN?&nXrT4E?Fa=K`d
zm#<1feSjahZ*6;Fk>gCxx*x~$tZ9M<$N)@q$shW93|hul0oW|xs?%n-2p0XB`Q+^<
zRi=-ptG+)rLDc28zb}EK-rAw2Nc)K;NLQb}2Pwse)!+%$bwz&vw*!;_JfK)$>r_^M
zG43QSLTH4#jc#>YVi6)0qa%@3JxXN9hxrR@N~%Hk^Sldz;*_)lWb0hu%(8U(l(=~)
zYq^D;E>EcMtNQW$gDh-8pGNVFZfC`fKo(-!UIMas)mOv^TTpS*5>%{y_m?#iGF1Zn
z8#$y+7yY6xS_QS|zSD4K+7cLM9X#BhfHasZ^h22ZCX@%4fxW?XDBHM!!#lRJ-Xw<>
z^mKQpZ2GS|%J#$IZ~m_#xjrSop!2m$-1)lwo3A5KMOZAHuiYG7!;Yr~9s4zy3PP;@
z!&-GjdnrPEsO^gA$FmMF7+kGWys{5dY&jL^A+J~_11Zn2n0vmpW`yIAP<96uOx1Nr
zo`3UQ`#3Yd2$`%^e;;Tszh_&Eknx@CgXa@}M#e>hFq8S1d2s1FbipZ9SC7|MgY3%h
z2ZCnSZ_<^`Lnf*RJucXO=%ixU+UGM{7ZSIjE%wJy@6n1TQvOP)5q<98g+FzY;A-#{
zsg7ZHk<LX;!X?O!Ih0=6Z(RfeI*V2-<O$1V;P{46KPCU78{_1;9=^mg*{83`NbbyL
z?0fNQ4n*P<n<0t3yja%88CF>_>ixn05KeXW+ASd$uZI%~4nG}h*tyr0lIQ%$`^#r6
zj!=CjE#?r0<Y?oRMcO6ymb>>E5b4?TbT__N0Hw{Y0xC8;-5|N$WLbe0S)IvT3qJO)
zE$$>YLY#sgeRXII3;Hq5=m0dab~sfjISXpQx2T8ZZ43_23oPdL!~@JeoUZttI+I|2
z%mestTiudrk9eNv>McZ1uqRBpR*HA1T>Ax|U$d;54CUWjM)TJaeTL@8x%d{)^8k0c
z)A#ST?L~Sc*h$E%FUeD@5!=D=eNu0*(4v+<cYvBeUiX~1?<bYl%wUy}-g`!W!7eiK
zlf>dX1!TM>&!^*}44U~4t7ocSC<!Bf!2E>$yb~(G@g05!wA%exip2<Xvtgm0hy6_V
z{D*GmY@1pt+9%qVuLe+3ctdVA>d+VR20J40St(Z#X5W>@rJIL4@pLX6dCsX$O(ge|
z%}PItyP$=_U0_1hexzVGW>S2<+`Qohr}OP@Y=D4pYl_p9BCcrIq1uZB%WR$*qx!2A
zpBgC>-hkC>nJDEPdxifq#8jqC&{VfY&e8{{!y|C5<z2Tfww_}YJp)not1`Ak#3UaO
zLz&3|{O>@=?DI!msA(+IWR2nR4@B`u@rhcd%j!}~tqY7_)RmPXl`z+9f<(nfJ<Zt!
zpo7B+ke{AYKzdroFgxAh^$d#1j&M+h5QhL^Sp{k5I#(D-w>$jfsSxHIIEzaT5mp+w
z^YZlw9{IU(l#wg1gtH<*GW>(mf?PNaU6P#6o~J+$0SvRp!#GVoI!QYm-gEcqK+O74
z_i*5)cFV{FeUfx<@OrS(`su!9Qyw`eyhe>Uw3=KfEw=0C4tg(E%43Q<p~sS_5q#yK
zG&LSxt5Cjdrzkk@rTEJGkTfz2O^V>~Q<OSd`bh8~ULa*ZmRemX!0`j2;t6hqLZQq{
zL^32HTCa*EKO<b^66KNhdo|lX5|;wW&e-VkV6Brd3R=OoN7^clHgE@2PXj1lTV_xo
z79X=yyzguRi-)G3q<wKL97)p%2U5+}Coi<Uo62d+gCO+IelRb*LdIjmTOaYc-HJnj
z9TwsJBw3efs`acaf`)6hucw*hSwj4MdGyKjv1S5DlNd4~o_yR|Xwc$GtkicY1fgBJ
zsG_L1?VlNXnmzb?hdH)^7BhL4qyU_#ZWjArLVhm}_eV9*do92esGAbeF+FQfT5p6g
z#bE6+HMJPr2h76ezq1{aRbOQ!Mmj8+fuM1(CE%OnQ&dP+E=A|GXo0V^J5^cvU}YqH
z_HJk9=?_WzU-vKOv|64ny?k6|24A6)kbP8~muub5@`M6fJ9szNF3lkqo{z=37E(G;
zpKW?YU9LugbcHEgcljvh_g4PI)g|tyhE2nvH0$TqI;ZNJ-`}lO9*{HQr|#ol?AaMX
z)5P=1Q!)FBde_F%9EIJ^Yen4;jTx?Iz)%!miWZaPL*`{i&QK%9rAN=+qW|=ys^m7y
z4$r@j%~yyi<x#%(Lb6w)EzSC%R%O6P0mx$EgRt}2Q<_N_UM_Bgo_ieMeaz2;EeQlj
zuJ@mmR}()!j_|1C^w@8!ZIEB!lA=H|2P1$v-QWGX)%^rsgKtfv8ikBdJi`#1b(`=9
zc02`kao&>|zw>uRms$GQ+y&4U@z6uGBzm<O!cROiFbfUt?$O5JaORPN?A6g!h!wSn
zKzPCK@1MGRvR54no;YhC_VKhK!Rs1N!+yp|;!*VR>zZZO28?SA3lE&6LC~UC{rhD1
zp}egtY7YMRxv$C7>r0+yFkqtBi0;-(P$6Yf*;4}Ms$Mo87UBuzMYpAge7P{uf2Sxk
zgNcNC1yi`RT7Usbuy}umuMu-)ll|uiUZ+4>A<iQgVtaDWu}~tosccbdPhP>{&M8W*
zbR$f|>;P@3@S)}ot0d7{1kTA!*l>`UzmaxW7;E0EHpkdXGyF;AzSL*P%)X(Yc(5^}
zL5$xEYsQbm_p|qLSOLx?w>~33Q_g6i`Ysk){mmI~sgpnT7cMyQmy(?=DV1{28I`p7
zah=0GceT8+!~4gql=!q+;-^!s>7#1<y6!&)w$B{-J+Tg579L10^_}AI8Q&?@CV(eB
zk?-lv!zVSK>Qx0uo9%>aOMOvOKr%+3$#FznG2k%4Yj7pwyJL45`7Qy}&9p<N#=b~R
zFFx2KMkXulk0PAWcGS1nc`D?|7^=9t55zl#nmqwp^hav*AkGKu1)ENZwr@m&Z4nB>
za(OaolBM5VElgi{2BN}gl<ptU#(zOKxGLvIJ7~HrhLNu%0ZPeT9$lvbqBS&kB5=ov
z3Oo~!H-w)`Aj=9G3gpbt_L4q@81}SmA7z#a^A5MdM>5W;l1Xx4kG2-a@_Jx|Qrm@{
zV#|kQ2r&xRl0KbsX$>JR5H4q8KjP%f92NJWlTz8nzes;CiRpq>dBd|9Gxo0?ju!<b
zO63DwBgFbvZrgTzU__R#@n*y%H-8<@{6azsr#jBcGvBGPr#MS-KQ`vKa8nrWQXfYW
zY1(K)Br%?!XRST~vL0}yNY+C<dYjM3T}c4Jy-Q098}8JZ7H^9kcwrQTYw;@f$*4xQ
zSY{*?-_7~VCAv3{h}CBZ5QndvK>~&C2Lg*@hEtuj3A4{6NGnyc8%}P-QX$d5U{pRF
zCKe7R=9IL%5F$6kJ=g>vScrISG~fYZneBSBsmi3jO_z<%xXZoqPmd$F+5!<?vJ)@n
zDbLKQbVifR+Le!b+p@Xdr+5vh!G?|)SE5&9)6!73I3C!E4HI275LfM<z*ctQ#0bO7
z7gJm~RBQpH4Bf|9ux%I$$$EONgUF^&&T0O(bqQ=8yS-v-pOwnO8ecv-kHc4xNZ;_w
z-5`X7=MTuMDurC*cq2dvc;{bm<liw)8h;v}6u_MzhQH{?H4y1p(Ff#XBPOkg5DQzx
z;2(!80sMKvqsB|Zq4YPG`afL|1x@r8uHU9B{u4N<K`xj~pa=&+!QhbZCg7Ip^aqR`
z5t5T32V-cZ-`{1}zT$ZOGtbFK-{71$wgoYYjaq<0lZ8YifHxkZ@Mfy86jpnQgZ$Y1
z`j<`lFAL^Sf4fbHzpC@HpPxE#Vba;ChCt<8Ftx@k*bqmFkD-1%b!V1p)->wTFmiV-
z0xGEv;Hm6JcBaxa(cAVxQ4O%b9}nLOJH2OJos!VIsT>Mtdwq(BW5ZJ&Y&_KB>gNtv
zxII#O4%}}nreBhEmoS02R_Eqd%J)Ez$oA9hj4tuNFw~v)LblFV?aMDLssnQRAW$0a
z81e@P)si4DDas4s<V^{PGpoUyvIUI~G-cOgue%RgPQe5I6R1oTKG_358V7(tQS}Ez
z`u<ms&(9950?>&%9C;ACPy8Fe;!pWNsepRWksK`d_DfEMPoYcvCUEd7(K`1Hr$z#k
zBPe~_w)E!lre6jm%z4X1B*(J}QKYg7m$JsQRm<Pg-(2RcS_|H&n7>1=KUaJ_t@i3P
zh@4y@2-DkhdkAHu*tm+&{SO=Syq1gBT1hz!&)27K1U#ifU;}+91H6oH0PKF0gE7$L
zt|3BifgwCXKQ13nf&(5?7g63nanylKaI?DT$M4z6?$;{dSe_lqI}EN`8_7`Z8-X}#
zktflvWYQ7H_?2+f&d(7bPAr#?-SgQ5toIgWyI7yhPIA8F@lmXQ&oAwe$bSruzuO;^
z>;fpdd~fIH$%>&nFRS3hy`lIS04*-4VVpc$ed68s4BtT6y0{tTe?g%Rn37>r!|rqE
zge@6xpi&z?UDC$s0QQ9Ly6VFBW#B-w%Zqd+WA}Ee0OI6+^nhE*lR<ek5VejDzApQG
z3BWn3tw+zEANKVCV&&VT;sa>|@5`CloCsyTf3Hlw7(CJd=W{Hg5L%)UpSlt(+6IP+
z9iZ|p0i$8d+Za@B-+)v^vnU%4j?Fz4$L&f6ZiRX6P8F##-afGjt#Q157~tGq6@@Jt
zXdlYD6}9suZf%gkU5_m5PDkOn82N-t!N~sRJ^y;f;HICO1RS2X^|t&V_Ks%K!wob%
z-ga-WwtbR!qyezy;s+)F%+m)j@DFxHWZt(Hd#eaJv%CjM@O0@tsp6sck+nlZlrho(
zGk1S|DMXp)Hp?}BvqWWUx3izUU-pL>pLSQ6IK41jtj}->dWpC0VaeJk93<!fCtYs@
z-b?k{Xz!EXKLDKU!vCr$(D9|+_4kW_mDgL}^`WvCdHLy&ERGP3y90hIOtg9NXau-H
z3%h$L&f0&6Mu5ADM)IMX9|pP3&>1Op1<8N2O0*9hyFYBU`)F|+5X;U+)9OkDYR7!|
z4KVP6-%+;*_C=KUECETc^}7I9>-fy2^{7}sm%18$fMrOt`3f*@`u1T3xJPrl3nHOe
z<Fjgzf_Fk8Cf5LDI{GC9bet4SQ-R;poa$rZ{gZp_BC!0-#|&-Qe>j1U#4^)90JNzO
z>KRgShWFkWagSwwj0j4QsB@v}baEm;w}SJqIeXR|AldIoDhkE3*FyZ`od@#PT7YmN
zO_+?SEC*WH?xFJTyBeUkm@sSI#0{9bI&LIGQe`iso)kUYvCyBrNJlVCu&#1URe%D2
zSd>74;nfvwd39^8!m=PV33PaDCTc2b8@kXhEyu11R1S0+WEX-A#hl8~GhY6{<y})1
z<=te6N5bBoqDHF5ayr<SQf;F+2FNHaU)*Oe1_REW?!1i_FJSUjPD<xpPLhiy!Tpnt
zB;(r=xYhh=X2H-PYT$0o>U(}Hoge2{!iXf6;>7I-D9*23ica#|3QtJCi8?4dfCJ`c
zD`pQLkM4k0bfso<yL-axr|nZrTU?@?+6qAMu^QQJ7F|bQ9(roKiEz;_r{*J~;hRxa
zQ?HBPGdh5r=nNqN#8TyS94jCI^<vZQi<;cm*(h>0GAIJI%lWE&QrtjF*&%vNr@s}h
zWp%YZC)xcu9bL%XE}8ZdPiPiH7G7+386T<*(&_x|bhnx=>3N#raCiDE3Ia%O5o9HL
zC1_QNpvIj9y<At!;7S#Fd5TzS{#EG^KE8Cc)Ce%TI{8(CVloNx^)k|pW243%<P}I3
zeQ8vm5andKw>5G3|MsY!Nb<xV!q2@AB#5cTSRb(#A@lu4-tQnr;wxtgnB9e?>l@gB
z%x{eO`=?H%7oegXL8~Dyr0MM~nxHlAG>V3!**wIqtKNjBW#;T1Pob)K_^dow6oWO8
zd@<um*titJ6}gi70bgNhGw;{K-I*bC;tkH%x1+D5*DB@9-ev8xPq;zMYw^M+3NlOq
z6e)P0ZgI+4w(7}>Tq{LdH`51BaamtbSp}=MnNgrAO)d*d?e;{18*I#^BYrM$v<CdG
zLSMe>R-UU#N1(Hicdh{!$$Y8Y*=;X&j0wqG!7{Vjlt)xTp}xvsf!DF4U2_v^LC*Te
zk#t#xqE81({%0XxuLc58KN$`@MN79>>%V{{^x-yKd<BoPZJoTd&}`#=tl)A7pl5c1
z^Oj$5TdmeQniPUqX3JP@U**c>x_~*xd}2iBGI1D1q$QU@&@poj5;d7;%~{2t)fiS+
z$)_*gA$5*;;M}uPS^m0ws6(bzvgkUJ4D)4A_#unC;i2DNb!_v4l0P%ePCe(u@dxHb
zk)PC%w64<$x0tXQil^dw@9C>ueKEjb#!j5ak56)2PDB=R&t~J2pvv4YYlEED%y9fy
zj>9(MXa?fORc6oe06C^cdDVLH<4tWuOjF;tBCcE&3j8j;CA%JS`gExd1kd%Faq=Vb
z{jADGbTh(sX9>_5MPbSDn@&U?co4td?UOmXtACy1c*r~%b$<6<7te3q?+YQhBcPM3
zi6Xw>#R0uxFwk$;>3ZbLb=+d{1%|w}2Uzy24p_Ybe>*0B6)B}$I;?%h)SwL`y=nAo
z;WpQ&>lvQ)P@bH=qlzTR{#@QtkRd;O&*EXc{DcBA^Aq+oBSmIgV=0~Yxh!wCZT~8`
z^nn!lESY(%x#}{ODk7ec#Tx0z<wS@zI$anf(F2$@aJ~AuX9_DPLz^ZhUpdiQ>fJtT
z%umJwr*Q_02e5p-^gQ+_(fBo8sP}a6c9_zzN;?sEQ|s~|O0&3uCo%S17zOX=UNS%C
zoO;twGcfcBoAXv%dMME=ip)efHB5+Bgixf1hu=Ym{rpL_Whk#7RP4Q`jD2#O$Btxy
zuHe3DaBE25nBk=aO1j8))sL~lC;znU*s{Fk)CPT%W79f)=50!!Xmmr1iOn+qnQDQk
z{fs9;<^&gR_HwxFOUY!<QEGQp4OZB(TvYFh<RHGNv%kt&n&g+uZ>LSz$jzz{OPL};
zgH$=^U}@wynQwoQ=#&?CIhSqJG|wsYw@D|RC&*qIhbVVg^*q(ZHY~K?n^;wXWykn1
zr0_D<l(>=EAmKoQ9wT(~3niu@<Z&;pMkiyeSP{z95!`sBxX-0VKOGbJ{!?PJ)h7<%
zm9WecgD`qtUR3kO(_cRr57tr-w?tMPfl$4fp_R=_{7b;yOpej*az|`eHMlH!TYo51
z*pe}|&<tg+q}3BYCgYZpAc84cdOJ^RX{{#%E9O@H!;Q<0xik;EYD|e)C}l)8+xG;g
zPwsd19u<$|n7*)5F|6=x_ayybnG)E`SHwBX?r{-w*i^a%I}fS_l~5R(JBiTJ5L+2@
zWt<Ai<IKhwj#!PW80sP+*w0xZjIba6+g1@KfGWqQD~gj(mtB5yva6Z7;B@e<{MOHt
zu+~ssKJ<o#-;YUEg?iT6z4I%Vk(>yHr5n?e5-!eEmuJi4JACFqts1lj0JPp1Du<Id
z-34c`75~d5xDl^*CnJ`e4tsxoGOgHv4cq-Vxk&$U<B!bbKEsTN&JIc(&3irdX9M5}
zok%c`<m-4ByQoBV`g?tA&Zkx;Sa5H|KGG!&vcRJ}r%#|z;NQ}J+#$!;>uR<oB;L4L
z8=D{^nc*+w!s6cJs3(?jc<&w=F@C1yc_%cZP8vPl%6yjp`q6A+yYr$M=Ctyd+m}^O
z!|J2DBB{{P7|4(<W0w+HrNt<l=YUUs`xI?m(KY(JN=UeW>*C{Z4dP>xr)YnUC%Md!
z0L8|g2)kQMPtJiU-tQPsF`8>#+9x+Vc%q=tW8FATby?uk587_}4s$MoB<{icLC2)q
z93_D1c|R+~=v^d5@qJ5oI;1tDH2w_>^D+A;<w{j|A7{!myUN=VEff$H{p7@_ITk9e
zZfbVd;2F}kFQ<Rt<gfOom15!D3&9QrmMJ0o4z8~$PIJGHFJZ^G1YVV#&w}nrc=*m_
zpnVD3HYj{G%EG@bG{*9dN>`+$Z&!q0C2L<o%l8H4l{80Z-<^|9I8&m#4Wt*7<MWUq
zu_mdjOU5{*1YM1eW@5IR=cVhPO~t&)=q?p>>l*veVqSBzi#0ZEd4=H>Kj(bFm@0*E
z^ozpcKJ0{97^e#sCnA#7UR9L!?JlGi74rYRQxvYAVCF!*9qw72QhBL_<G;Q?8fW(X
zVF*ia^zfbYy9&~R{bKC%F-(<@x|FeLPfS|^m8>oBU!9nibL6-d=al)4RA}xbKjoR<
zEU{(J{jL#^;1n+i9GpO;DSw2j6~}mUi?w?r@J<6#r_9$E2_EY52R%0^(d6gA2yLOT
z_ixFMV&*;6^b-G61OM9+-zUFML&vnQo+|VExALC~U0M_FN{GgJr~zs-5b$xlB?mMc
z@>CJ45(2mT|F1Ck-{S56@uMM25hk44q4>Djq1-7_juv*s|BtUx5i6tDgktCM|HRpU
z>YO2w>3mI3|K|$k>H9p_?^7iIFD1)=&k_8Wd#1<EYB)g3K$-DhEf&%k{)<hC_|x%d
zWR{2b6)9v72><oV|D~GR#!iV`i#Y==<!Vp(=ufYy^aHi)zb(8fe6e|y0r`x+3;)9#
zaDTX74_+ZX-qLV?w?c$02+-F!9>6&~aCeiu&rS{fZ_gY=clz2a)&E-mReOk!>$^+*
zi6QqS2?wD(%b&&%wz={@XGK&#ydcPYvH$N^Rl${zy8ZY4+jfXqyndl*sopsVfuD=#
LHB<_eOauQ9W1n=w

literal 0
HcmV?d00001

diff --git a/docs/arc42/revocation-service/images/revoke_vc.png b/docs/arc42/revocation-service/images/revoke_vc.png
new file mode 100644
index 0000000000000000000000000000000000000000..5548249c0a2465de88e9d62d0803f728e0000e5c
GIT binary patch
literal 6054
zcmai2c{r5q+pd%)`w*2iQG}2(vNtIEp6uSpQuckP7`rSnmWCN4OJs?$jD5*YhAd;v
zHjG_N42JRPt@rnPkMH~AyZ*S3=Q!^3xt{C3&ilFU`#Pg_w4TsjzJB@KxpTCtDoT3i
z&XFO`p6^qVpN#=m<(`~7$Lgf2^vJ;1Vlyk+=czKR>!kUpKa;cTQi8bFln1*VdqG#Z
zUH;T+^(JRRz12GZo5u<U7fqE@lpW0!7<DEtO@J7TnYcGDGEv^3IuBC$N;Eh&UmFeT
z3lh=ZrJUUjjL$9F+I4=KEk}6vbep^&_uu9T`9|v&@$TRDEdj!dQ2Vz%6IKO5QvPM7
zCU@>2!otE}eQ6@pH^2-a%CjLu3@((S2Y9vcP*im8h)A62h-IA#r)K>#4T`FmOGNQ%
zy#!s)m!W!ae(7~nlN@Gvc(Jao&dkoP0QYls_-{XFgVJUEV|GAVyMSAtkrJMF<YHw_
z4JK&n`&y@jh^M@R|JRwZgNol@1ySm<{D!JC>8eMAt@6R@<xlT;%pF$?Z;gkGZyAJ?
z{U0Pd6Q<JM9tO7hI5RWz-Q*#^T*g0`q)VBAnsza_uPI;vr_Ff*ypNcnvO@TuX#;Al
zXw!vsRK8}<*JK^<dsa6D@V<*onYAOhBMOS?Y{7=FrT@z1x4lePzDz2gn4mTPOMiRK
z0rZwWE(h;2_+<w`3H4pDSFXVL+Nl$)%NFyW)hCfXX@j`lnpWkJy67BjZ775om!a3+
z75J0Kj@As<+w6B(D%O*V_?VNs*8D!o2mL$`wEfyXBGHg@KbbB#=@r9oQrcJM6uPK@
z)z4#mZcS4~#;ltq%z>V&^7rIq0|wVn$d@KXkN&v*K%q2}gUCf4`(I=&G64xUu=hc_
zwWhg$2Ng9G?w8E#NhzZOkP2<5<@x>6RdW>(zBP;&aZ}}AK;HXY{~I=<2J+$jjx%&T
zp49X|xq_b7W;tj;Su}=GsDhp(q8_b5sy)oNKGCwt5S!&;cUUnjQ~M8y)n<gvYJ=a*
zd=#!q)Oj(C6~9$#x;^*k-5?{cbE1D<-lqMx@3GHHv>>q#v8=Zmm#22&+eD`#4TFJB
zbLr{+L#{ewYB?<k)vtVvfI!jy5kuOaWpX~ao%oZ}zXQi}yM-C_#%MwV*<=on+YO9`
z3m=2FL*^JQL#9Zn2F3!Cr#G$HrZsD3lg*Ha?MViWAcKIfLoG1t$QkUaOTa#-$Vo%#
zC8|b~pn8^uEGC`xPi}t)tR&2LKQq{2NVj+4Xpe@|APpc@?v()z{Lu%FAXA^_FtyYi
z4YS;SzbPkEJNf`7i#3EhdyB^xd)K&Ry)Pn&Or379WIB36>r7@Q2Uvi6gS)vK^4|UZ
z^%gV)CU_Z3JFT7o{qelOEIFHZVA`Eed`|{EQ35UvixZO-x1Vw%s|$N(F^UPYX?Fy>
zKA_{Zk5YBDivE(su+s+OXZEpvkahalXJtE1hXWK`dA)1lpGIpOT2)l+t?`^(L9`h)
z_T^Iz0ndt@g%R+fkcDG4`|0|rS&@*kb{pzcArE+o8RWQsWM_4Iz#~B(*xD%S_ujP9
zDsLS%o-CzxRt!Gcy}E(u$p6mLS7!GkyDnuA^is5I9$(NXYSP%TITaL~=}&PNHM;?W
zjzE1~jY}=+mM7GMwo09bXF{txQT&jFfZ|JM)LhU%=SOPxUx_xz5Yr2*nw8&aXs#K3
zYpQ3nqyUN@ypar1vFF1G?U|`To~rTTUNsM9^~MT#HL3Ad0@Tcr-~5f&6jGbAAjOz|
zP`Ss`n~0792*i(C9*?<s<T4$MYbG`Talwg2mVyjz^Gz%B$}EJ#p0qyvE+I>189)1;
zz<P==5Hvi5Z`Tpd6GB89*GPM$*+Y0)_zLQ*BrsYnUeq&_FpIc}NRT-J6MHOApWczD
zj!hNW>vE4r6|?*5n5(Z8Qp=VuZBSu?NsjM)P%bOM7Sav(dZazdF~YLdU!Atb(>|W9
z9+w=olGl13j`7;bG<C1+ak6(&jh~tDn11U(>aW@l+(yLn^-cLy3wtG0aXTlfao=mf
zpSqs_{SIk1g7H7Zdpr$Er_=4v0+m|VG@uW<PH-+<crxjn=RVVW>Xt5TpIlJe9_Y!n
zlIeyC47I>*KTY9)6R&OJ-WOF)=(UL*%VJA7mZ_>dFy|(gV|(@IY0YZ7juwd8eE47y
zoOW_}O-3ALqo6)>8vJ7iYeLDLbd3$WD<kO~LZq^^=s6*Sk`lXW8Nv!IGqDuoJB=l$
zTT>0ypr+ZAAIZ6y)={K!Su(-_sQ_M|9Hh8e`Qy_Sk_o$m*8y?{vp*)NFLAXY(y1q?
zgK$xrj??v&h@~bqy$*=$7#k47C2I$n*WZN;6xZNgKLt1~JI+e%%Os|MmhWU<pX#d9
zzKv1Vfx!=6@mMSt45+NRozlynSm{M%>(2I;1ZC%Ks?{Ga;q&C^536R$a=aGv8@5P0
zFiXCmID2zn%W|;0P_t=fY_RQ6kNZh6Km)WGC@1JN7W~}zooSqj3jYt972tDN(5>KE
zde6)sA^B(%%g9>!k@@Y&gUnw?RpWp6z-yK7u3u;^?krYV>7-c~T``jRSjy*l)U>p<
zJi0ieDcDu(R6u{!K<XoF(n9A^lW-ojr?U+etuqx{+FPkrOw+kpvB`_GvZS~5K19<V
z^rH7&wY8FmwbDKt%08cKzPz1~6!6I+N7t7)Bp;=A$+i=Ws29k4E|UeoWWz|3IlJ{w
zPSY#j(zd;MvpQ6YSas=+T<ZFqKRD1aQiE!key>A58orjHqU-EOW53zp)M&T6_KXM7
zQA*W(P$r)%7v{F|lh8DPT#SrQcm#-t$u6zGXbiEq(2hGl*;Y!??Px}k$nlBkG4RWS
ziob?<a&O5!q108Dw&X|Z*lVuDD^lp;M91zsX|8qHkhi_^N-Y0z2<>kDRu#@Vn6@_c
z<ZQ1t!QPDMMDDe?W$b*9qz>X}AKsNSJ5qKJhF<93W{|%rkC=|^Pd^EEH{(ZiTaLrq
z>@8D+Qz2G>S10G6<Ls0;ujQZK2-?>R%^(|#oSQ35w)iV!EI6lTxH)m*>d}n8NJC14
z5*1%cnxx8t_~I>M_2Y5Bmu)zNtYnDTHCv|JTlgOt`@9J_`r{01fdrq$WvOG1D@`<j
zGalDCh(I`V8ieOqDz(@EsjADzBV~5}(k}*ozE%A6u0eL@cHsBCOmKzV$hV02Aipls
zOnzFj{Yw4-*;ci%{`B0O&OpnYO-&>5V?quo@QdJ<OIq^^pSVo$e$rk~?IN-0fm_&%
zy!oY7(nLt*MxVjNMgnW?15>u-)hwmw#U-i5#_M<x6<_Gjz3TjiR*5j3wHt;s<I$nU
z#y5t<#}%Tax*y9lrr2M#p>fo_D`aBC&y)5Pq;AdxqT-S2FsXB)uRO39)oXIYLD2iX
z(Cwp!(YJ3^zr%4fnoj-hrz)}0^5|rol+S!YPp!s}Yw6HLvF-x8u)wB!;Q^HaPbiZv
z$EJv#t9gLDW!_Eh1Rk02N-Z(P;kn}+nap|U3qJ?M!PBzf#09>Kx{A4>GO)Z+q=Rnt
zOM+I&Y^oijE!2>DjBv0qJv)}#Sm>Zw*u<gEuWOwHGwaG7%(oe)GYdmICOwr)o`F_n
zX>KZIZ#3ZLiPJda5!w}zK&_nIRJ%}SHU3@O5W0|O75m8IbnrLeYtongOOqoO7a1V=
zbSLpmQ9`>kzVX<dI1NB_seb3ST#{vPl)DFAPP39{p#z}z1TVD0RKnpzV(*s5*lFH&
zm0Rl~&`Io#O=j5jp!fA&2MFIsJ~}&|P%Pyk+p2EH0#>d4YJo7J7mPzDl>Bp#yo3>U
zN9bC`pn~HO6ZQ2e=*%{uUpp8!*dXZ@*mdY^>HRaZu%3(Kd&&s?a1y=%KNb&aROctt
zf=P$9>xk0uaL|CSMcw13`Cv(T#|uPNwZgB<)2A5R=3zU-k@iN|Yn+?!F15{7M&3K=
znaGyMw~hHKM;^5Dj^qkQtaf{IDB12mp*}&1W(0aVhLxo)k&;aN6agF8s~yT{i!?Lm
zwQH+mwtKRJGLCwjTiMl3BZiB=)Io}=gsY@Wv*gWuBJWSsmNbu}e?AC)Y$%+7Q{-&3
z^UF-Dt8`$Wzu&vJsRN>x1r9hY$%sq>(&L>EZ#7dE&#+=ZaV7CReCU?7aoNa|Z~4@b
zfLHB$8C7tb4&F+JF;X`$C?QQ;p%UV5ad*5<11k4cXBQO1s*Uvs@fNmtmGmU#dLeeg
z-Qp-g`Cf*FCdbhm^X)xj4?GW1Ohr(H_88Z5LUM0#GE^Foh%5TlE@1BMyWAJJE2u1#
zW*m)9hUoE_2>$-n?rRk@Hu~T_3EG-vxBc+(P8u8`!P&EERr}RMxQns;kZk1+N6i+o
z(a%9n6(>T#ahPrcq&Bl2l4@Cxv_S3ru<C18WY)=puCG;?JJuMJsL@bm5WN?jYKF4@
zf;;&Ri>~z`>80o>CZ8_iMbe-<=3=rAIo9nOIO!88UDCGp6ap=q_TUfore%5pD;pJ*
z5Wdp3+7wQ?J_Z6QzQl@~$T>M5R;LaJR|}M~c!jwJIUcxw$<{RLVw-(d*hGr}17zd-
zoH(8fXt4Wm$);m>8iX#eIY+!0`sPZT8}05(AI_V?O8y+)KZ&le0`zXbzD=k{#{!Ph
zHD6X$6^M=5n&I;>v%AffSf*9J3dfLY2jho9{YSi*^QQW2j~A>L0)R$nNBH@98at)&
zzC2JfhD*p|!3H?M`m2UrAp(<r)v(mQ;&xmi7{p_u{yVRp>xE>_wtZ?qFARV{-*@|<
z3ZYSUDSzx89c;Z@dOuCtmai+s&pndZ;p0+2(FH^qKf%<SHVtH1cSsWOSD0p&<4;r@
zPbVJSe%J)#OHqlSB?<9d0byGw!|kbuv2A-U<>1f~n-`aJmO7xFFOqb;vAM@@AL8|G
zB4~xK@gfUpLhiDh@8v-lm%aq_{%k_g_-c7`<XF?VDuPsnd``R5vINbj59V&7k7SaY
zTxa-(WflWMbtsc8$D{z|)<wBXk$Vm|5P#t)3oZ@22+ihOOrn=~nHhj!;p3w$S0~|=
z^(h85`-X=MKLU%{GvcNIZQGeuO>c}Qs3Sx#bT2=~hKo3~p$`w=BPf0O5%cfo3S9=&
z;y>lWZ4l${b&ir7HxxDwXk=K!Sh*z{p{t!rR<r&gkM8NW@Jb)QXO4BR$y(n<$J9mL
zM0fCHXb|$~cpNbcglYpz>=JF4(dp%mZ!l{is6=e`H2KS4w*uMc*5~xh3}cM$A_4FM
zJrH9_)$0qK1{i?UNy}xQb)ZPCDX`%_FZ>aQcM0Fls9*vxBn69H9{!dr&5EM%`KlQV
z^K+chX`HUL7)SE=G=~tSdv^AO5G+sq_cjT7HljA2{ki6jWbbtDQmgXgctc-6D-@1T
zg3gkXRP{2PMr+aiCVPu%y9DVyIggk|1`TFWjDgPuUH;{YB{CBnF)W%y1tsr2JuFs=
zDsiqQ)~v?27%1lG&-<H5<d=I)?a*KuRd$nvrZ|9RAM6=<<d8i8F#L-*CHZ9Kc*-+=
zKExQkZ?%R<{^sVjcXoSi4m%z<sFZUf^X)8ZSz{@8AGWQhu1}raA6vH|_(<v5EjfSw
zD!CyGD=?Cxjg|8`um37${TNrS`T6x~;Yh4c7j52*cW22jKGMOHm4>idC%yJsMmcDx
zV+ate->Z1Ie2r&k#5zlSxYh5Cf-y>Ls7ToKxST6w2eM84Ngs?pAc9w$luY2)(k!+)
ztkB}H(68`lrQ!H~(K(;Y6(IsksV2)AGo_a{W=;Rg%ykVV2jT436r)w(2sWmU<EhTo
zo(M(WCbp5LnDELE_$W5y%L+E6U&Z=rb47lo{Ide&sab{J(3W_YyH_ctbE6u6*gd91
z-!7G~ua?E;3~@i|B@l_=PO$#M)vG3+cZ#k3R4(sDVH43KO$RX0)vHj+>+@Ub3|raP
z6%D%9Y#MDJQZ2z8C-WGcZJFr?kkhAegcxlEEoQP}Ro%!INBhBf-cya2yUE+vocE^V
zZHJqta8=$41JerUcm6Cxca%`c#Y>QPI#YoW!Rk{J`HvWSRa2X2jd|~zK`(2>R(Y6$
z2Nf#X>WV#R`WWE{e%GG!0#kK(BE}L{)dQQ<j*MAiRQcDFd+Z2CrF|ZBW!JQ=t2Lo*
zSx`R&BZ+g@4$AT9l&;`5-YVQq37lE=;W^h5o+o!lHX^+{qTZcNNp`XMi?3>%!5XUc
ztRK=vk2hQAqKcWz&20JPw5zz`RV+F!VQVHJyOczooD6M=#_eWXJ}p!2sygX0O|7->
z&GWRFF`rwd%Ub(hwE;j)v~-y&|GW2fwr``^a+xJ$-<Byv^?}mgU#H_1Uc0o<w|@(v
zbf-<=9ZlPpZ6O+pknq1g_mcBgAL^FBMBbR6M1f|3MrxqwZk>X64wD3Z6XpsAnr!Nz
zAaYF9O@pN^_?wW1)MPYxI(#n?kkeR>1-mQ$Oj~U->^vv$SavWOMF9uO6qIaI13Lx4
z%5|>`5j#QQY{GArSW^bM+F7FoEAJ)+vpg0+?r(}pnQ4IDq=`LmAEyMG-fJ^QeDV5B
zzI&yY=X3Cg_eA&)2X~=_s)E!f5B(rNktS_@=PYQLq045JM`9uwzHWLO4u+Q>VN;q}
z7ruUtAhYCJ1d<7gE&jTle6-t`4gBvG{eG4}J&=ppQD&F+7hxS|hE=SC;g+fN*SDw6
zh=3e77?D`kSr5f%b(hun#niui8de`L%1qE0rr4@=qMnxhRIt1oY-D|X#OA21nN)$(
z$9y`wi86;3LL}1BQm79WG9_c8RD61^Xv#+@!%~0|YgcWI^7Rm!;9`e+ua|4fN#Dlg
z45`C>d7KcAS3=Lr=_}XTmhbbx3*nIN7FPt?%~BDwsRem<fq+IT6fLUQJqVH(th|B2
zdN5?g^$EW57<#-zm@rfnCjKprtZ}K@%bhjGYW8{D88yzC*u0<B!mGRBOxJjXMZA&R
zlTg&7nAQ~Socr^h-SZ6UE3Vu}osAPms86jbX8OmHBXur+YmOsqqiQQLZ!HThBH2CU
zjT5D`8{bg8y-d|;7|n)#rK?VL<?MGqlYN*AOsK-MA_;!waW>)+QYsFCfwG~0gr`!L
zjqx7mtR2Fe%fFzMH(vF*@_OF?XZp9y#qfdpSHy|Do)@Fpl>YWfDOQ&VUj9eE`hQ_h
zg%Q70KKXtzhg<nrwG`Yy{>wsg#^3S9anhYNmIGjERZwJ0c+tDT*6EN0+0i+!6>Y8{
z1s;=2$#iQ0jK3Agt0mmo)@=E{c5PX%A5jB)ly?mv;C*^JRO44-vi-+DDrMAtNv18Z
zVh6}uR<8;SI};~0VUf|J>W}}(m<yLB0i|H^c`Zo;p%<8&8N8K9q&Od<MX`O^FZ<uZ
zui7Eiv$hQ0>}M^)Zv8m`|D6S8%;@M+@Yv7y(%$nLYZrg7;Ox9(aaEfJbhSUw2S`b#
zBlk(cn3<W)UurFWsybKek6y?CdU3v>UD!>-j0vZqy3*3}dVPJ}W45}+-+GB#S?M2<
z^~I&gc0RX%{HgKC#31(f_m6sw1SvW#f&cNveBmEhWg#k8hN?qDQ>lCu2IG_uNej<y
uDSiB(;Ntvl(nYH;q}<A8xx{xOZ}%;(F89?g!<qhmPE}b;sTA~A=>Gu5WZa|x

literal 0
HcmV?d00001

diff --git a/docs/arc42/revocation-service/images/technical_context.png b/docs/arc42/revocation-service/images/technical_context.png
new file mode 100644
index 0000000000000000000000000000000000000000..e307375b300fe8cef2f6ba5d0fddc62c2944ca72
GIT binary patch
literal 280380
zcmeFZXIxY1+BL2S5=D@V6agv1SdgkzLq`KvRC-4QsnR46dJ{xL)3H!P6_DNqLK6^B
zdO(^G5D^FjLMKT5-`jI${%6i}GSBmz_rv>sI3H#vKeA_M@4H;ry4G6P{q(kmI^$u^
z!~6E_W4wChvgW>hOxFAM(GJ57g1_`T2Ydtn+3%{UuDUP3^Tf=)eSG__URKfeFr6cy
zOO5aUP?`%hy|j;&StUC;V0F~{IsZ+>*&vmB0hiw##;~Z^!f9zV4_sN`R$VYrzV?-&
z$D3ZT$B#6+AZH-qx}NAh_3~mRxvco5gtyY<m;0ScNv^jRJ7mUuUa;(^p@lK?DF^KP
zw>~IeqB#b$mj3>o@Bi#Jr}+|Q)c)<K`1$OTC;1YFXkTAC^zXk7xKBeY`QI9dKZZ~F
z7`VsHyBA;n@t1$+0~ijT{|v_;tMWg?@uyAtpW*nwGaSiiI>o*1mDTSrZe_$;CtmCj
zZ#+^XS2^@o0h9#>v&KpN)fFIKC7T`g*<Na~ZDQ5Cu~5CD@vgRJ{fiJIH=@)mzc2MK
z{^w?~{p0ORB(GtSzm8f6wXeTj7rojTdbB`)AuBU6PS?nxEOO{k$S>5R%#j=5-hrMb
z^O(PmVBBKPOHJ&VZ~-;#xd}?$o-gMG%PTDl9S8s7xe-RnvLz)2Nqxtt|2`O(yYCMh
zd(EWVmJ{4_2F*}Cxl9k3^!ITI{1F)b%LigP2){e)J^IK0dO(_;0^7vu<mZdqL|I{S
z<O+)~{(CzuPRFax{Fht)@q|QIFd&L`v~1Kb`P;RgG<qg(I-CfUO_O@O!#e}S_F`io
z{Ez$m*AGN3=+2We7ytU9VJwG?U7A>J2Mf(vc?(K95w@S--s%2}VTP?{1vpzJEypMP
z^%T-#Xhmx`zDeHu@B|a3XK0%)>9uNO^QTSrPw%{`4JPo`kDD6*4RAoxOk>feUtGHs
zgcMC5emd1l$8NkY;xC>?Iq5LWdR?&Y(|?o4ldte0EXj3yyI>>=8xGIpmUITG{l&v1
z-=Yha*m^nk{jc5%4CU=#om&Mn-yAq9U-)gJtlv-wi|V=he>%p=T6E2k-0_apOU<ie
zd%H3sRddC*m6NYYpY!x(0{w)X!RF7b+ny9-B@KH_MD*g-c?nJf56l&WoLjijZ??!)
zVmD>SgJ&|8c5LG;A}@NmtEOd&)o$>ccuu|&tfd@0%9HSJ*s)5oPh0Ex$$y%v-`B@P
zO@Q;1hd;x<|GNJE_=}D1*F<mf)p(~`&n8<vGheqj|J@()+^tKru+Pj-n5RBI7Z8dZ
zbRTx;t*7U0caUd!%S7^{RE>40E(ZlEcuPDe>5!gTA9muE`Gh0o$A2?CO9dB-*D}DY
zBNxyCJ5(dU1Z{rhRNU%n@2$*J(Z&}<O4={%m`;I5yIMZ#W$(36L+PPm5Ps&j_=q>$
zXeHXrFV@s|t#5V6Iw@T+GvUHb#LOGp?qn5Pj9><FU~BX1qobNAr1wmEbk7lq_Gh}L
zo|BS0tG$#esU**-Slhat^&EY@+_i9tP9oaAjE@E@>`Y7v&A5}Mrt@HYpl;Xgi*=GO
z!qcdKH1&OV%B5Z%Jrf<5_1Z0Ry!#j1Og43tp#aTFhm2YODO|N^&1z5SNB%I$hd7Jh
zhyS0}-TMGm=FSs^(f!R-F4z}nMJrmjy<FNRS`{vLzfVW+X6T8BSK`3Ka`BuFIt-6V
z@LeD39dYf#hMY9YvrhCpt*}05F|-{fR_hVx@$IS5<IU}ruHHiP#-6nSGbQpg*MmY8
zwgw+kUU_l1m76cgXzbeFMvGF<y)cpf*<!ENYVU;_83!;Btoxr4AF~lE`8NiW&Z)-u
zZ#44agl9n7n5FC=-2HANLOXltgR3sL*Y3QNe>_+X<zAVaKKl+I;kfXt37X)>Di^l!
zF-#O^vyc34?}6>RAuCdG49E{}#v4N^Nl3#(RKgtb02Bt5WlmA~p09h4)^B$uDbvWY
zGX0)8{7Cq-33TlW7RLak<z61|xjQZ+V2SpsaXDyHMrIG>*KW?1u5`*pZ7n6ZcE<7x
z8)iehhTyZ(G1J6u_P}dyP>a^c3hUON(KY|+m?BsYr6Uj9($S-ynQfAIII2D7yuwA_
zUW=rMt%5V}4;-C)ILat9@@xuZ|BM!{v0G0>3-J5bx5oDT%2hiiswR|2_Q3v$?UY-n
z#^fOfzL@RI>K$;YTGv*;8_MlYT=r!iv%e+3L|etf@{z$hA1vgViit>4y#eD*DzR&`
z4n*+1IyK!ZR4#z67QP27^Ys)KJvw5b3xYRlb0#zM(3ylnXI3-6ANLJG*mZpr(((97
zr~FDg%k-)x@~&i1nkOswMWv0ekDyI}p6MTYVehpu9@_hu%TZspX|Twm7oeQc7uRj<
z=7`E(i}m#Ai_;)kUS|-icGj|pSfFoNkr*&`y?+GWS-sf6&<pmBET2BPayk*!dsF5<
z;lTuV3Bi3B+KLaA=km&>i%9uZ86NqqLO4z*5G88LXjfJR0*U!2y0qPDz#VpMUL9}}
z^c-*BNP}l$-M_pa&gG_(GXqc421~@he|VPKIuRGAo25Gt1@=Q}{Xs4k$6XK<@`w)%
zeD9(v!^zQWv#<0_uY!H`pr#SG<4OC~5iEL)iy}zVrCo|!Z-fe}FKqoNuU*S4-P_$N
z|NNum6<s3OY_?;*6cKr;{5!O2Th}8vrOt7C5mQWFyVldOTdJ7!RVdR2wN*ukmUgSo
z^jsIq<9Ooevsx>6p`dCO3REGtGGp#xYK`<mJLFNsZWP$jI=Q&M{14pk+}b+ePXb&~
zrTO_AJc(fM#;!e6HkFm|GrKsQ;Ob?g)<^}X1$Htscg}^AEMNUoc=;p4Djz+3Ihl;E
z+cFtHGPXlT_ks<obDXUT<dj}EqX&09{DL>$eX+~I$-QO&B~MQI5xp=7UNhAzojJ0&
zw_HQxp}dLG!w*Uhsypr!a=Q<njNp(sjSkp7zV8QE_K6J{xYRIx)G@6H2JKLZiFW&f
z8tEOPx{{sGGe7t5!%lTr@FPVdI(@Uo!(H$2Vy{<n%y!P1`0uQ-+FxAyaIE)>eE~tN
z-x^*cR5<zC$ZD*mZ;hB1l~MnQo<hFY{9*{~;G7X9ak%-)?AKKf)qC+&Ui5B4fOAHC
z;2-b(Palpi&@su)6`~pro%xKam@97UX<!gb@NWMxos<NkW>mw9fN|-V-&UX7F8F!P
zU~aEe{=2xTIQtB@0TUUKq7T2Ys`MI;_YjYBVlR0YEB^TYB2K0Hg$6<}4}b)P%HWI^
z#i<yJp6BX3LzC4NM;|kCNt37H@;{@kzf<iGtIg#$v0iPho39Qsa=tvB<g+Zf_E{^F
zXo;w&JtkT6IPjsWsccEPYQ4gJuqlsbM97R*IBzKJ%-ot`uiHT0x~Y`h+`$m}GgpB!
z;l%B&(%5EN=`o)bRF?t;bx{`4(~LIC+69whwJ@^5ZaxDdfVlTU^OnqL4W8TUF^84S
zgPx`Bw;Q8z_W6|$SrffxvoIR(K^ir+;u-T?+B*~fpjfg)ve$A7f8GN`xX%1X{8XUC
z0i?35YqIgxtv`UnKYuV}`$%fnRTvbln$sLKS$QH5`Ih7EgN&7l{q!fErEc95Dg$9T
z6M#YS4zRjxaWfg$U);EGm2DHsroA7I-7=Q_KI*-I?F1WOq{~|%!IR)Nkbd&g<L{ky
z-Kq@f*Trf|3+-)%H0EWkzkhr_1161pL7UcJ*WmuE)uk5R%p!}Hi~&>cJTmIKXr(2m
zf)@(;KAn8^05Jf{038aH5mvb`j#cwLD)ii+i>h+_E|!#L?H)&vqrSR`jd+prSg+?W
zeOqgBGt%mUJt+QkdM1#bhj_tbdw&q|F!#bp3y-%jQntjj32o)Gm-U6lbN^-!#}fT1
z{)!(U>t?F+c)mH=`r?-2#k`_sPDXALHG-^r48o;bti_5{kdkt83myLr3dr+)3D#gZ
zZUEZOm3$s993EhPrw>uSnLxbFTA!xhb@|xMmu@`?wi&U-qGosWj9rizaT_-gfa_;c
z!$j>q*@1O(1485E${Kj*_E4AKYjV{>?Z}TU3z$$4+IzlCk5j_x#`RIpGsrWYNxQ3=
z4qOE<4sHU-)iYPpWm@zdHfiejV-i~$fhqIbSsVCSmQ{rk4Y{!2wTs@rHgb$51JsB4
znRX>XMz-LJqWu=@H6FsQ87wj8IgNccKO&(Yf1zQ8GV1O01q|}A6_3i7YI3GS{Cj08
z8#|dD43IZ`SewfC0m^&FHfD1QG=tA@WpO!G7hMmnyQQ=vxw9Cml<Vmw_Xq~p#1v|}
z&6oCSKmpvrlFKA=rp<XOElM%2-^_n!#H|2qVL=?jy1OsPfPyqJ3jozs`0xGb^6vpN
z80+@H{*8c9iM`_N+qB|t{DvWZz6=NDgE(%pttuT<d>A?VOoFrOxaLu%?Zwg|tN1la
z-s;TeaziZqrPFE+Au~+IQ;Wu_W=)r^+GlTvQi67>4uy8|Dp=^>-P<16Ee1Vus+xb7
zJG{DKxFpvNUgJ4f{WWuD8!i6o)6*@y{_<O+_UI<wcn<(dzbND`Q9+H$Nq}!yKU8&<
zTKN>X%fARBQ6>ns`6-i^H_od*n`GsdNOQHyv$JL%&xm)t2BNla^b9}kyQO9>nbN4)
zN1GQCDxvHRGNv$^;0u3`*+&-h|IzmPgpq=6c2-6!BDGU$z&MWyzcdZ8$|kA><s%QT
zLzN1`&j~Io2gbf<CNpXDeiV2q^cS!a<ou!(DgyzQ5?26OmsRWXKn<)WC-5XQ!Bsu-
zMC=Z!!_e|MvIp$`7a1UHjwZYtYiIShxeH2PLB9fG2WHHiN%m{NXhM%Mm35Ka0ziUy
zc>jAU-v=n4frW!yHecAt#3<sH62f*3)DWIcMP&^k=?8{6I>UdUhwev<k|LbPf*3>x
zyA`vK&gM8z0dVl!YZLdO5vc-Dp3Ly>ZKz-0vR!+VQ&5Z33wo%uQGc{2%5OC-m%%>x
z=+9c(WAUqQv;tqJ5ekniiFBBBYv!<i0}zO(@|>9T(x)>?mM0sDSJ+LY&VX7I0xWM9
ze5U0NSVbumJ@3;qQy?Yko8n#2KK@o-4Y-2l@MKfk7;hYZ_{A>y6-$*3kD~<@-!R++
zY`L7Nna>gu^L3?eZ)bsgM2j-Av12{zIn6!2JHfjr+vIke%2?b@2CIhYrI0Nzl?wut
zuhX=gaJ_+8{wTnuSYB;0Owa4neVeZsJKkQ>r6`A_@0y*}(9bGpi1h~mz4z&v#29<t
z`gWMjx|PG<gQpGYC7$3Ed;j%SxMH}oQ}Bf|v6jER>pahVu#Mqs(@xP^ztPd)`JqcP
zw69IQW>x_(&<S4zfhV#&1?PBsy-h34+XB_;fNrXC|8y$4Jt$y_jD;$o;A0wtWLt!L
zH2~cb4rP714rcx_VjyG3dT-Z1;jm69ns+_^?4R(!@A+!=3@ABvQBt`fR4!m9x&?}q
zk6Zxh$Aq!Vi08Q6w<iKUMJ+r=lo1#a`L=|cb)~6#QVLYw>1Pr>QYXg+V4eUjPbczX
zcQ}VEN?!N_IBr|i#C9Fto|O+Pf%bI`&pqS&uXK6<Eiy2ti!%-biR}&8k)j=7!3(bU
z7_EWGoB;}Yk)5%<9WzY+8(#lym(BI^I&7W*?n6`D7uF*?U>BFzv+VKsZ!fLxZY^XA
zf{ilb<KkdZt0p9Nyb1!cW_z0h5lrVtPq2?Jbz(#leuf~~Fp_+maEYb)TNqA5ddTuX
zvp|q{-@;RNQ;!sjbqe4f(g7hRu*I~|<-hx4{(hWo#;1G(6pOKW2y5{kw;2g+@%9EE
zLY_y91Bh9+fc)zUidm`|<XQvYya5YCTmdW-L2}#R&zxihD6j|IaNY2|d8fX74LqLU
zkrpA{I;sE&Ec@YFi_Q4xH7c4-ApidH8<c}oVgBgh%gP|kZ<}jvMe%hQSYuz&iE}c(
zER{(3(W10_9_zO`!)hP7*aC1y_h-e{qmco6w1&&s&z+~(&3vBofAs{xI8)`(!E^}N
zlC*VmL@U4lCh4=WIC4oX{P>*>gSPkwUq6%$n93;tz{hyPz~@TvApz~d_%(=?=+%%D
z*;z^2%f0A8i-eYaCM-(rS@EmQO;SNG1T57ePYk8Uo3DA`m&AiUzz4JR>NfidplaOA
zWiY>r9On-5kyqw=>oh)gy;Z27UG**83k&i>FQ8D8YAH1fYpvVoKM~MlSkHbEd2?sM
zUukDj%>QTUQjnLIc^dQ8$gMCBi+$p4M>y{oEFPt_yD>M^&X5w_RRe(4o1OLHg30M(
z$$qftqVqwRKyA&JXF|k|@o~v^{%X128xrXtj0uSVreR2~F7s0Lk^%=IaSX6fs~|GH
z0sqK5)c%+<5U<mQpNkR=Bjh=oy7lQ)$=zt2-dphByB=-oWecd57d;YP@>(m^FmWa>
z>D=)#j#hex@`|Vi@n!?S2ymHN<Q;IT7=K(k5h>^Hol8c|lh?l={CyYx^Yrg119p+u
znD#og3urgh_z<zk+i!+2Oa|)QZrX^6a0yOCSrt~K?F<JXUU9S8Ip?M#?slCFJ<-!`
zh+)EXkAiL7GdZCKvT{cC#<wt`&OG*)KmLG0lb2y44Nf&Cpy1N@0)~qr)8uX-T@Qdx
zadZi(-sWp=PmXy@=yQ%IgI5q`xF)RyZ^e*~5w_y8V29>GKrpycgvZ?04^|_EB>S(#
zkD)lwppLx;3N5EJEh*m-5T0I``YbignZ~;`b1-x%0j9qPumwYtD<1ic{D>FpmPln#
z65YBH%Hw6D)qA;R*u!u54nAUSGTN+@#=oF$*9+tA1fX)x274EhcHgi8+%CK`c9L}z
zf`oFJwp;oxW;@H#b-7$$gpy<v+q7;eNHOxrSIn$kZW;49YV1CA|0Z^;H)&V0$yFNQ
zGZ~*zh&c!uw7|NypI48&8+7PlSH!|6;teeO4TbUGV?DS0mS4C`BblrEzd)%hcgtxz
z<q?QlG6PbhV>PT-b^+gy-Ps@LmC|k(17#gsfD4@l5eOC#YWi8R<r5~c6h%9a?w6Xz
zjj+a+Eh$75TOR;^(fo7VCZ<Q_7vGOGev3M=iuza{TXXR>l_0$O4v-*DVewH^zGo)N
z(7@d}rR=oHUi@#+gXW==et^Gn1Y?!44h`uWn5$bk{{z;P=w(c#J>IiWZmqm-M}#3k
zSFgs|D!A;mfmN*NH1e#N>TA!G2t#a7zp-maE`zn1jvKQW?zenUAq(Q{UZWR<zEDiP
z=U?$F5BIW~eCEGBY?s*ui;Lt@Ks348y#bu!t6Tv)p_L|Ie^5c`qS|s2CB#rCwuBDT
zN)=BTwj}s0f0{{t#KeidGBOQn1j{(UE(>Xd@#!1)rec!60u=Sajdt!ShFpt(Duw8H
zN9U2`^1By6v#4eM-EjUZtrAy=7(}(7Z;?EqYGj{RR?KXhM$xGWY4YXiy6cIIZX)Ur
znhA}1FXetFy^by4h4HCnelj#4UtYNv3EM_mH<7hbmf`QsYMxoq&iXHfnS~D<<;si-
z^qFtM3Zg^BR{Gs1B4jcEnIpG#R`m&<6@k-?K3B`ouWu1i3JUT}0OtHgx&%IOn0L-%
zl$dXiJ};5uDeH{r>?`Wm6~cXS1o@5;>xW0Or;qKfmzzXFaWWx9IzEs1kbBH!$%J=&
z)lkZPZV*E;tPWkqNhpEk7_y&WH8AZ#r4H(T3X~nJM_+C%)kW}5Iaq~%^#%LwCyQMn
z?4~hn#?JMxX{0^FssOeSYVgf-<imZ`3H9T*VLSPntW6uVjAQ9%uvRO72WkNX8Wa(=
z2${KKfdv5GouVYbmhwQvBn(|E@A8Fe7}_hKdK#6Se5o}RNdZCJ+GHYIC`c0IK%?@3
z+x7t!)-nWCFAHHArv=JW6x-)4JwQR}_nW_aRcK&4NAy4sn4r_4vK)=8Cg+@=hSGCf
zTNvL6lq~K=z+<q0#qEKJb2pI$o7AU=3rtXgxqj<8atk{ov%PD0gF;ilD+rU$ej#JL
z#e<yt%;&78D?yMiA)`CAQN3Z_7jYyhqa~iFj^XofD_ZnGHH=B&zcOeu@Xb9pCHA~%
z#n+(Ks<EB?SS{R%Dp0AUHy%~0CLdq&i@57o^UQ=0*vj<8z8pk2Hbps4Zqb}7I)4CW
z1XXbbHS2~QSrZ)L*5%t5BO+hopGu6@9J?j&LjD1&9_KI4jf_=3Y$~(WN-W*&yCiNd
zmCrkrvAR)nH>D_Fv9iyaZc#a`v=R9=O1n!@q)0fu&sv|JLG&0*W1vdZ#V44OBX_BV
zxA-Gzl#6gF=h8f*NUI7JFnTutLaWahY`Lgh5TNWzgC22FH=oYZEU$cYRI$Rr<b*(}
z7GZyWC2J;2N;E87cL3sXLwaypU`|XR#WMP&U5JD|ov}qSY!|t&5SQ9!ZAuiP@c~@0
zwYm6Pxh>LD*Oj1RK!x2ze1CSy>mKewJ7vsYiG=IFM&DMAMAA3F1lV;@ty>_a^uONG
z4&`m5-vKGx3@;_77<ShZ<<Oo(+{d2s70Mr!72-Sex2I>O4px7w#R5VGmp}pPjv&J&
zHD5>x29)$wKvdkj<Q?_Q#*OlR`50h&I#2+wSl5>jVfrlcLfB*60uu<dOaRw}PU!Tk
z0})CSC-_l)c1Y`b2(sQh-^7x~^c>5cG7Q##!M*T}g;dgL-Y1;rGGJwU-f0xTHBU&|
z+$LlAjVS;{rKEp-AYcS#i4tpTfcj=0dKmY@45Ibi$|uIQr(_J63!h{1lSl=1egdJ9
za#MS|3wy<m&3$fjMJ*W{wX<2-<m?fwCnw|afy36#l>0tTM?vzL(sTq$S1yA`+875s
zF2dOvMJHO|;jgZ~G@DH!lOkWZQYlqIeFn33Z_p`LqY@F6ljmtXv76Uk0B%G<Fz9HM
z;-*b+{c{)(RP7LpN8M@F`3sMk?9U-V(uF&07HC#CKxyp~U1T330VUE>uyxo?<Ex#g
zR=SjuAnts`HFd)Hj(W$tv3(B5okLi4iNB17-M$-K>Xi!7!@`Sf6qP#=!P(m20WW+S
ziNf#9CGBlnk6#2-iZ{m5!;{rK5dg+2vhKZn7(ImjXMi#%H1}OksDd+)NZe;++Luz$
zV-4|c?qf*$8bc|7H{1CO*i2A(QPPpn#V4Y!F1)(v$Q&s>!EP-2hFfMGtcu6w13aV=
zDK1H4zZMjWXOuwDsj&|bmkn4l!Y5L_tpwIKCZep(N64tFA|1yF6b*&7&yoNWNndaS
zT#-$LXwhWf74^Q?XC5qlP<!O<a?5{fc&w9L1M6qi!BZf<zr@)|f_0qK#AYOX^TMZJ
zhZHVYwa4HxTQ1^ndV(51TUL4$zZ80~RVXsz8Cn}98S&L7jdjc#P!m3Bq1G)myPKp+
zlQR~h07|E16>%zTK!$@Q#Vj3wdtBMhCV7)9ODGPgF-1~t$>Cd`U|@PJU)<DnZTDKq
z2WV|*fy>i;!Q+<Nl}#Ws*xSUzy><ZsllWTy-c#YrrY1l6EYbSDz8myikJ-LarPIto
zmf&`;7mlWyC2HS8v~-Bha<;t9FG&T(t>@e>X{NjQfdR2f$(GH;eS?IHJfpBWkm<B&
zm0N*Owy6u4{!pBhV}dbDTrO*(;B0__;f-KbHdBvrOxa|};x+oqg-(#rwQlNVA5fUZ
zbnT}M0BSU+tzY;9*i%Z0mIm79P$HUk=Yi@Y*Q(oWCS$}NPIIgwRv>N52&EaOY?B2c
zs&ropq5OJ)kYa(G*v?vk|9lVQdDZGP^{D(oM^y5NT}~b+dDa7HEmr%RXAif*%%k;C
z+hL0asHJdadkI#;!L$-%QzUzX5}>eHd7Db)L2^Z3+=isnqDaH~ZkSPXS){Wwt#jJ9
z>KOkd-}RXbR<v`F?tmM%{WXTeRh|AT07R#J7re*Xa3QaQ<~+yC3<<YLqG!{E=Rm$2
z);+;lKXQOcHu-t4_hgKk>h@B8xc{U|A9~DJ#sLgNCFS9rK^eqNHN8f)bBS%oG-OY9
zoNqb78mhiQ0rc~yQTnpPg^Es)?yTYfBx=F(PJgI+Q+;ir+DoM&RZ3>7g-&skn8s2+
zHVfG(02ffhnPNK|V`%cuB3b{s{KV1??E#Rk<7(6e!i`Meojc=4{q<c%;4D!TleMbs
z?Kd9LP^FXw(^e~Q-@pnujm{pL*oG3W3F5vkFS~`BM+uJq8P^ycHFryR0a!^Bq*vum
zRKkxq55ozNWds}Udg>5-g>Za49$y0)ZIPkXAlx8!zS1iZA8sQ^xi8crIQzO~k@QeG
zYH%iZxs{=??84PMUrz<;dDcGz2wWODkZ;JU(y%Pv12KPeRm*ljrq;mw=D#?HIHDVR
zO5knpjg}@g3YW@2DpU0NX4_1x?uwT&P*DtIb8#4)7LWU&xj|vhTYea;O0%YH;dTWP
zcbqVgT_x5(dyW%JlT&q7O}!J6WJkK8OwMMN!+JKy)QR>p{}WxpA;(5WnYkWMiJ-2f
z6Q5_@*;QIn^M8wyU%nCt*!Zevlk*~@f}SdwUId#7&!{EHZQyNtuN`(rX8_27w^wv?
z*xQXE7<$(uIBx|vi=@<oq$`V#te`-uq?*$jW@4E<3@d=-L6L|7@(X?zuKk}Y){(3W
zJ05$}I&OM>J?D`od=T{)2__yl{Dd-d^$b?qBk99FNW;W|dad`4I`^w@L#;WmEj8x?
zZO@YnFl)8D?{uv{Z3xgHRqDMK@@L(U`{Wnoq{&^du=0`yn+U1?v)cz4m$;7y4$U&9
zrAvMI;o|?@O-}T%jb4FLt&Bx@sy$0fbmG%nia&mBs*<C5v35?iYl$Z+z)ir7LO^GV
zyc<kyOX)DJQ=58tgbEEo{1s408aTuLYt$54lo4OUFK}kz!<ftaQsi?Nfu@!L!?Dm6
zUt_@B))xFwNlXoM=TJg)68yI235Nct7R2txgi!M!nCD`RkomW%`L6)f@Q*Wp%yBN`
ziTFoA9vZlQnNIZ1=dWh3?}5ck>C6csgxocM=i1)tKfDzzq4ak>dvde{ei#$^6#nd7
zb~X7?y2T0tr>0&<<TKKqq<G=ad!8(YT|hoNQ?T6NJNf!&ohkl6qQ1RH9xP6GL%{h9
zWkguxbO!~UBJfD(^&#t9@VRzx|I0CJXOw<ijn-Oei2dC|Rdu2Yl3Wk&Gzc_gPhyYc
z&{qKJxCe*>L-$7v$J=2j<VNvFX~a{tLK(4_261ouw~}>RK6`a}qf!X>qfO2+h23^u
z>za+|)k+%hdUvlg)jQQk!E@ocI4=a!?hhQUf6Wxh)UhNcCX1b31jsqlyzy~5tYNAT
ztht!lop~o~UgX(#L(IO_7Wc%KOx%Fq!96zhIpyjPkdE3(vO~wfQ`ohXeas=+aByn?
z((c<xm(tc;iLm5Fkn%>l;%AO;wo7zb?(Z<H3xymlf{A+@qj@^<jyPMkRi}5?-R{ue
z!Af|~&fhcs*Rg@f0xgM3&Hk&@mP9F%52u5CB2a+A!609hR8>%u{v=_1xk1|HhJ<-|
z^;*R7^ZX=~t|{I@T-AR5Evv5nNtt9F!nhD(Wzua&$m~+^!6Xo|U6g=9E*eMs{Tgp`
z5nja+kgfJD(q0bXFsu&xa+pR05WyUb2AJ#nU{h>5v=Y-v{=33=%fALOWB{e;G{cdf
zl|^QvmmMZQ9?6<i07_j}UU1P5TTr}wR5*n*031c7?Qd64XH~WU=12-M;;^=SKD-pp
zqky}v@AA7Qh3RyGpS3#`!@=;8G&uA?Jj-VuNf3!Y^m#H*P*o=<xA<DVy}ST?IeTD|
z3^1eygd>}LIk*`o2zRvUPdF=^+pIhJZyB+v<>?^JE0<lr#Xhl48)~g$55rxPmUEYj
z?D9Sn-RvMK>;b~n8yM;JIou633V~>7Y=R$`6x(Nv$k&O7)ICya410HY<Ximx^LD^?
zarOw;l;`7HS!q)c3+85;mk;(&Wr{{r`U(aoU%qmb^@H)+uJ|R?LiqG~+)%SCmq{vc
zEwl<NbBy)E--viwmn|#62?hey1iPj!Nk23F2SrVWoT)@_r3JY+>4y?7Q<-H1WRkli
zmT;e{$0_d+3*8xuQet@dH;j-w#|B8zpBe;_Sg~kOg64XgXYq&s64*JL&2&+^>Jea9
z<p}`lvSyZXdbP$^y|p*1yiRMuAFlb?vsBWNHk=256qnx1<y8!#6@2J6e1r%h+|3aA
zUKA1cN{`kZgGetct^=MEAtYb%nREGfMtb4fLItVs4NmY<jNI7!Qp*$oQkVh7eJ4Ue
zZF-Q1FaTk;8kUKi{!p<HhO2LiOZ7G}4kKoG06Kh9;|@=F<l<*gmkfy8y1kV|FsfPO
zXGPudCJ%w1f^@;rw4#bdUPP%v_pCHcQJ?uhD&u9CXhY|najl%3S&Jxz*ZoFLH6tmU
z^S3!D-ofj3I(HUpMv)&G=Ajo6#Idc1wvv83LBgOdgZnYKbGiiz`FirCC1Ewaj}?xd
zIzsP_P<v9dEDP)DuMM-?e7U)~qApIwJcu#Gn&eDBC1deYCDr_&c~90Y+eyFG|2$Ow
zmdhb+t3Z(qB%d}!()wj&^t_k<S3alFid(ZG=_{RKUmc923{B9ad5NGZmnfY9kb_?C
znD0YUnc!wUu+Nv)T8Cw*<c8x%>FnIN!xjhg%17f)Cpb44#{!Y*BJ%xP#4}d<B#>Qg
zfenNkJqqPEP<gl^-=7K+&FcsD5iH=D$}qiYa`)XT^81#`ff~@BjEe-G78mX+{wtn9
z*XhIZ2f3y5%>eW+QB{p8YjMHP7xkXQrR#(qTv0_Mw=j{9TokN<<RS?O+9@73>>~e(
z!DBj~mvYa(H)b()Z21B?)r94>O~wsa+D8ECtA$z<BJ9DBM;02JzA8{C$g#%rq;8pv
z)^M4B1IkzNx6);1qaXCZkULz_`DjwfA0z{z25$lN$Q$aszNqN*BY^!ad|`{8pHN_3
z$eG0y_CZ?E>6p7gaaxz1eZxfF5r5(Ak`o-|T4J)#0MO_af4G4u9w|LFN6Kbhj)=rP
zI>>0Z^$V!b7J$3+@uOZOL)#Y9lZECU-qRnqm|D4V&Ytz^H?U48ii1+h<TWV;d4>QC
zg2ip-aQE<T3jx;sQ%4my_>lC3YVYb;^kspSSG>o}XNb8&HqPZ<+iD2C=%f{ZvK2@f
z!vu_DK72VhA6D2uJ7wtSQ_;MjFVP{Xg^r%^`PZSHuiFXeid!A&h0IhgP)<HWR|~44
zQXuHCJ$|x2=D){+Ew}rbp7@!8@6cp~3<Tzp#oK6AT?pJjehi%O0${9cxQtA{3LhK;
zajF-1$Pyp|6RJ^VB+WdNGv6MwIKqPMTUPaCyxG%2p9ehRGk~AZ)knIubf=zDOFo4t
zK{j2)FD=Q9{m^I{hmVGfdMVubow0ZrDth=X&=P!Yf&Mu6bn=a%iNMO~5s=_6)IB{N
z_x9TaECd-^K8wkZ!ymeEF31(+ZAXId2L)b=pDD6iJg9Y&)zPzlGWE6xicVy~t`bt1
zAlbttLk_?dE<+~*<K&5F>>nb?1wczOhp;1wiQ{C6M=e(t@!9eH1+(_Lq>*ZIv*4}A
zM>u*uzEtqKaVMZ)n=nA8V+oOHYh29h<QO{-g4f+>C1qxnkD3D$Fp2&g;wo2{is?q7
z%}$@nq@nBO!iRv3BR~Au<+omf`T$q|Y&;6`(ktKSSBN>a0TR$7tJ-+)Kd}~7eLtTM
zOI15V0D^P*WQqVYw+Sj|@Ajq9fTD6hmefvGw%)29f6VpJU;Xe(VSx_(Edfx|EpBn-
z?+ZKc?s5kI>l*UlOJJl8z$Hjuq7oK>Py2g_PiqupC+G!Akr}&qg9i|IHQBNafr$3-
zzzgKbXjl-iBwloz{wT*M2K!8AzI{jb0mS-*^7?rIBI1=M>db>T*X+F~U+HPi$rbRw
z{Y9l8xT0h(Sk}p%rn#5??ADKOvvgKz45Wu`B6>whFebHt!s>jmD1gyH&TWVSdCpQv
zlR!yS%uh3skcA8$Y`4$NVk$sg8^wTs35oHPb^VqS$fm-L>Q-TNumIk@oBjY2xL)#u
z`*14yctpFTmN=j)BJAF*jPQpE|3=3Wh8u3$x(8BlZcOIcm@Oc7W&Vu6aoGpPi}sw~
z=DWMq=I~GeqjGDdUE)^s5B^{*J8glY_&RI8Cm}dY)KWktf7x{f;oX0@LmG9UY$iEX
zBX8bMELyDm?8xzjDSVnb+TI#Dz6JZv>->KI%tVxu2DqDl$Hi}0MS##G!EL8`^j6gm
zev3^29s^EOf72_a+Z<w?XKC<#3q!C(UG%qh66S;jn0jX$$!Es3kwh9Fz&KbF5LH^h
zQEj}wo1-_+q};rqxI}*_+a9E=>u?OT03yfgTZNkAf!&kj&^S$nUrZhY=H>OR>z093
zE(lOY)1?aO(aK=5pGO*X<fpuSGzKW<FPg`f02y>0gmQ<b3;b``vBWPrzlTn;GyHN5
z*y~)0=Ts3z14McKS)8u#GBCA1PmQ<9><8pkLWo;7353%tMSH0j@)LNlNC8v}y{+c=
z;n-h4i*XDA;Z=WqqKb?YLI%tO+?LgLd|(kWFB3HEAp5V^_vh-kaCWS9n%09mZ%fED
zb|-F=Mun6_a0pYVvjBLdKXT85WOWT+S%7PO^uk5yHO^*=QB&+L+jKRMvIJ=o`rIH-
zIuKjSzO^7veuUL0g3+3YjM#^wJ)a|l&@cry2dRZD-8m(wf?s%MNYTSrz;UC%X50h3
z$%CIiyKsL~&?Nmh%PTIHz+s}*m|Y;Gngw~M$rrx)joPF|e5w7A>TD%H+&5lsbvkO=
z3V7^V8OQc!ZuwuU+h`K&f!I2_ReK%UWP9I%=1R};1*@869NTowrJMoI`u17M9B^oB
z(e_{0DeYR`H@CG=m((dc5sm_cYd_<emKq*E_&FZHd`d*8e;XvmaA+(Q;34%0qm<tr
zd2Uvple;{p3Z~b^-gVXOiQG2i6?YfzI8J4@|J&9A<y#EZU}g=jWavIQi{sq|lJx_U
zW@^<GBu?IM2S`X7xsf;2${>h@iKrUQXM^`sLf$QoMSzuFq7mZBEmgNgSb+R&BIpWO
z?g$jbXR|ULt#E#B4`@kDKt>a_$Grbe0h)0`*)HHhJ_adFvZ~ZUHo0%so+m%0?$Znw
z<OKu;OMUmo9-JqfZvt36<EOwH5vD!Hy~CLWb2fGDkg5zN14FVPK#Fq72A`#hz2GvV
z9v1JC40S%Q<+CK@veQOb%LLi2ofC7`UiF#g=9*A<uKtXbK=7)`bW~%k6%?H$KkGZq
zFL~aPl~An!=v#lB*`g)#Cd5TCB+bK$0N}VT7!>RY_zqZv)bboJkRE3~3Pj}|&)_!U
z=UU1_w?om~Z+n85{qc$hXnR<Fk+l70RQ#rI;($t}q_RMl+NdSI>;g`ht)_8e>pYID
z#ao0Nk%~cI!tWUQX$1esuU>A&m;)Lreq^C7wGwb6p}Ci=J)0;uYo2+HR-L4YpERGZ
zRtjcb`G6*1g!1*zTgzX9G}QIcou7iHlYY|*&%zi?sbvT8>DL#MZrGfok&$UjqYmjS
z?s5m>JWZ5HHDaRxFNtEWhRIije7B?m2D;S&i{wk|WJu+E<zzH1Cde>-C@n`jnEi_h
zTs}N9p^r7N3g#@O1#bs>n-ne>%m0>je>ahT16c7Qx7ba(`E8EXKZi_iz^-}2HqmqH
zYEIre!~VY9vu8C~t_d2Fes4>7$^J5{ybj=a!lBa9i#zixkcDd=C`=}=-2i}0PmeZ5
zperHQkRh1-D&scDc6xoFr&`&phVO=4IDandcvUK93y}|~gj-{gGsWlmPw0F$FO&QP
zS3mK5>xPaPe^3ZKJSV^BhfBw|FOxd*y!f4h=NNl<VA(Q;$rEo|h+D?dHJ@Kfi~*{5
zNn;q!<#jXWuH)Rv#7TGUyv`^%W*h8l!}B+34}dpX%{97v2Xes}d<2BH($6B%@vB&8
zgkv&Pqe9&e_Kv5-_Hn0_&)zkalQ-l@Bbo|Du$nh{yvA{L3YiT91A7dQ-^RFT8)G!F
zRj%=fgk<R}2oRE#Ia3-_G4=+t%%Gs1)<wk#E1f~4HdE9E0*8rAMuZ=d<apRcX+ylH
z?7E=|co<Y1Fn&G^efl19%#BT!=wC-!i0GJFPi*9x5^M2gGTz4W*Wr9MGa2!53T`7y
zc(~l|6(su7+ER_~4n6xf>m{t7Ha<(T-^|3NW&$TfWes%CK+2{cU0%|^#v3r^vn(6H
z2vyt}ST+kp%Ad(_m{kc_QiKCu>H!zn4M;{NbwbWl>+w8dq(OmzKB0bh?*OL3V#%ew
z=*LvNjHGt(4T1Np=26x8iDd_$DmO#syL^kgmyWGBK1w|{0ctVA{rmWvB_IdakH7|X
z^p2|$v$gktp}4ryzK`|f+ln*S2yEU#rw}xvz}^>vg<EvO4yw0&hQ)O%Zp{%)n*mLW
zO$2mqgUfP54w7D-z6zM8%G+Af&+{8|KK6u|80qSy>ikG#eSHNl|Ei%0;A880poRf*
z3%*hsG1#Ad-2TN)=})6Zgqow6e%6(ivWUnAI47iuxgH3dB!y2SR1MRe@1mUZ`cBD`
zCn2!6sK8-i1~`-<UtN=13TxVI*A_^S=@f_3$~D!hm;)(S5b?M<vC0Uzeq1=u-@8l}
z$17Z*Nn6^UqEiL%d`Fm;W6XQN%-^>o{qnvGIO6N<es4t_UTve``MJ%+r|)gk0vFOE
z5$Co>v+`3HRschW@Yd4{&6?PTJZBvj+JxOGo=~??-n%c^&qdzN$G}c50IoCS<aEqg
z9DmDJzUctTL#9cB`{cq#8f(NhlV;6xkA=&jQ_GlzAW%3-QcPI<f8{4{!GZvn?-D8Q
zgl<fAcqGmIk9FnZ;d!s$y#W7U|0F&J<_MX^1giAos#745uM#k*?4lQNLrCj)iP_bi
zUgz~t=Zrwkue!ly-VQRP62n!sfYU*Y05a1ntae|jY*Z^e7sLk$Q64;_J?M#RXNtIe
z)3dN}^oMnViyGV6nN^IqdGO&Jd*G713AtvXlhlc#V#>$HUssTq>L#T?;W7CO(z=DX
zIQW8<dxigY{}p8SX<Tu$Le1d4uyhE_KKxQ)k=jTCQ1!NlM!5fc*?{{}mef_#mXQhy
zug_wAu7D*ieU3e`J0%3We`N~y_pSx}WZH(OoBBtO{AFC50-)|#Q!-$VEt}bmH#}Eb
zc78F>d8KP8NczlKUu`9XTY`F;IuiRQH!9RXVKQDJnw)+B*spMsmLH$RP3!@+@Z<V(
zJ*0`TK=N^lq5s=d(MV7Gu)D_cLiqag<R7V`QDy6__45^@WwpHDM)j>??-z^PoY(`7
ztvAFI286Xjn?y~$@5^0jjh3jI-26eUYB8wRe=Mqwa*gbEa+`Fs7vXeXCE^8fzv=2#
zn}srR=`KwW<+)p?+`fccpJ_f<kXkh1WdeLvjPpfR^i2!<#!a|`g?VN2T~IT?Q*g87
z*#sofDIM<qDCL;`2;I(YP5@P7M%((gA+vi=Po4AQp;%WNEsvG~O#jnhTh;cRY6U9>
zRj^I>3t?0Ol5%n;EhI-aFt-6l_BAAOCB`8b%*o|rekRRbB-0;2^32qu3Bz|t1OXz3
zg-2LPn&u=Pn_F#k4|OUmKN#MVtA{TWFL1T2S=pSJhWa0(m9N=i;e}zM_V6PZ@dq)i
zZjXfzXS2Ay2)}DjYwQhF47UDw8P%XAW5_~mfNp_FbpXs3l8Ll#MzR^aSzIw3uStEu
z|AaNAau(AWvt$f~8X#}^a;LOf1*IbiE;({c&6hp7wZejWT#_z_;?!v3`ns%w@r??*
zA>Q(tWvZ_DQ&LlQ--kqsBgL0pTDbKF*9xC^ql3RU<l%;$QEU;`SvW`sls>_ekFIm4
ztcZs{GZyNyq$LQ99N&s0v39j3t2~+&&3fK#Pf$6`Bn!Mnu9v2fuFaHY&Fdn4pHZF!
z`<0;IkdK<TO3#jzgXL;X;GEbwkwSqjv(Xu>sMbPoY7;0^v2t#~x9w|k;#5Cgl&!s<
z#$aoz*S*|0L4eyAkPWwi0WgyrJyMi1eK9C$>_;a$&Ttt5jw4&uEG$@%zqGbRk8xiU
z1AdN?qKQGGu{`J|k&!BYL`_Wh2knM)1$xc6e~27^a@PgEgI$J^fH!IOg02(oNa`aU
zlx$8uO!u;^Ie^VPlsl;Jm`+~>19<8e5Y<Z}?SRsafjWw$qHljLJCAdBD8;Ku9k^e#
zK>REN4BzYDrM(^IV5X4e<Yp+bm0ka{ltkoHQD?YMYYy?lM*P@zMhgW2>bcTJCOMRM
zV#Ru!NVzfFgL5JHYgj#j;N#{E)tGKW+9J;RRy|IEpcioMTqfD(9WHJ~ff4rcIZfn~
zO<<_h>D@X3pgRJDETK+NS<U0BUBSQKmHw0|*_rTx(gplqS+HoXnIJuTyo*0ly^45&
zgEAZCzdex~f6tTEEx>_R0I`O=o3m~58a)cN$I~4r^#S+XE698963R;8Dk>lb8Tvh_
zDe_)k0jv2mx99ig2C(uf*1!&!T=NcmKxkL4OGecPBEis^Txh>wfiw#%Q@yqx6>F@U
z?oaC`If3|<t4q6tbwHG6XOfkm=LF)?<HwjSOHkj~5eHKrVG!2p^rXU%Ik3bQ?=;=P
z>OLe=+!Y9R=X|E4n<J)Wf>w~&SCCgKSIfpUb9A{336pAg*`bZ+O|Y>F*EgcQ!upRH
z;~(bw_*nol4oqJALQmxazGp&<z`-ZRzzFpa@lZU2x%gN6ABd;0eye6OKd*s`3h%nM
z25LzulHx!<W>FKx7!hzQ_`E=Zj@ZZ5Z((9q+%1@ML2|(CuQfjH85rMFUz7+7yF6&a
z*9RJMl6HYHv9vm!xOhCJsT$HOdH|?0lXVX+`8G<P!7Q56GN+L&<%EJ1;V;9#fVlJU
z5ylfc&uMbWw7hjtJuA&tFqz|IUPUCp2L@@EqU1zrZ~#!4BK1DQ9;qvrRDY|0Sisar
zX1QsIK?6Sx)K(aiS02hTx9mCSJN<b+!3jW>l)r%)N*e+vN@M~2p;PH{zWR^KrAQCp
zVd()KG}`Aa@ii`hx5)(d*<AdL_hbc^W5vlGU`5aX{WHeHQ(+4^u(MqNce7fk#Vi00
z=Mzl|;n0#A^LgBDwvhE4nTLRA$b?)@wm=zaCwIVf-f7bFc-%z*<5)A6)4UCIjb)9e
zK;_Bf#)Q5{k7t1EPwRMb_`Y!>KFxLD7s@W60teSSqj-H+@ANB_={DigysZVMigpLp
z?<jzfBbZoeb*`ZYzV7%g$H_KwV~3xd<Yi8_>i@1!C8Bo^KxK$8UHdI+l+|j5a`4DI
z&;hp!5T+FY$3NG53|p`)t@+vZoGKgsR4z-TO=*eo+KKeYU?2cp-yEgXMq2^zKyI&L
z&Xyd=!6jtCWgjl<tI{_=K^SS3Q&fBQtEwzS0oC-%kyjuH&LCCxi*6PZamu0AG+87l
z1-_ieR4R3tBQO~@Qw=E78DJT^g?G6?Bk6fE1u~&?0}Q~b@<DC-lbmRS$<Gq)&ITlM
zvRbI$eF#Jd2Tu&7_~g~?Zn9deUmkb|=rdUdU^E^=2;?3oNUj8R<L5<#o~L69ADUVd
zW*ODH#Ttg;r|tES)1$NK%cvva0UmeC`(xw~Not{Zw|;}n8OID4KiX!fU2tT2^4TS(
ztMH1p;k|P?xjmE9_(_@3$(=m@CtM~^1mrpQ54&so_;Ul6s`65k51#HkuB5pRHZ+jE
z(Rrv#s$XBA%4{q9#S(a^m=0dGB`j-~x5OA6G;`hh0%Vi;sfdMk7)<TVP%6~UUfk`2
z_f`n%hy2WO;7Q^Wl{B7c<N%uW0mhm<Up}T`4qsS=<@RSoU6x4MQaol_-jBW#^r)8X
zb28rYAOqBIH;o6B*lE%)!w;IO1aP?;z?0aKI7`)4Spc=4txXomQdv35$-Q)=fE6tT
z_;K3N0w6J45RY0F!$fVC#yt1uY9^;va~XwmsFV=HFM?La(pQ4Gi)!>0L`T;8)|)bf
z(k$gG!c%~Dz6nSRH0IfL+V8+WFw!rzo>?Eq*biBMK>4?+b%_Ap6KJrPb%dN*DazsO
z<I!rffHb(pc7z9Xr8&y9FLzt6dAKA&{S$%+L&$_K5~A7G67H-yvm4<|1cuC{dtKK>
z%CzHvWshq}qr>87YXl$<EJx0Ry1HoC1bz+bdh7+8SId<MvuujvXV#nL{6aKL1lA0e
z{ar8{w{nSz-!acfR-+R6dCWrZEv1eIZFpiBT15^q+9Y=}C=0$GaoaFgfTp<&H{0wM
z=6p|3n0<U4mfHzpbHwu6ri(fI0=~iujJ;O*R1{i`c9=8EBN7zqv8#|`4RiE^+>eV+
z;CzCivhaO-P!G$;+X{X+Mi}q}T%XcuW|eUdYe_>FA5?_H8w<;kG?4PGJ5tiN$j?q*
znsrZ)RQcxj1Z|DVim;X~7@h&W+KDxL%ja-!K*MEmgkxDtWSF%$&344Ws78dJ-c!-?
zyj^%8&v1AkHGIGYFyU~34OK`OpezyyNPKSQ6}!2?B0(CCbcjpr0rrmAj3mEJVP+7-
zTq8&i*i<rz4~|QLvU@c?pku>t4fNFlAtVDtz~pEAH0R(CBPQZzeAo`C6$&Ay`*L8;
zA~<5I!CjG{2slf4fG#RBqR=FmM&P4%L5V5qwKu4$W^YEj`G>h!jNwz}0So%zoFrr^
z$N+1qhAdA|NM?}^w?4ft%{&V=rsUtL2=%X);mjj$qCu7KZh8Bh>KKT)wrs)kZ!pg+
z<^A#Xg{Tfr#_}e`v@P=z^HGguTemzoInr^kOjtns1h=%nzL6U+N!2_qhtfL)YoSp=
zD9!Xc$d1nAn-Hq)OQ9V1eBmE!!833kCaRTpZtNE1!={?IYU;FoqAquXc+L9^Mk$O1
zwCGk_Pu?RcReh-mP>1K=9Q>6^lPxVw`|xGiIY3DH;y{0VRku7S_=6Y@e0}_Mu@9Vb
zpoPMNvNKG13Iy!LkWhY<1fZ%)t9t=`ZcS+MO5<d-p2|CgYeXIw#EGhTEP?`m{+EM{
z(H=ZdzxO+|?>uADuB`fqKODzMfof3FwOIDS2N|w+{YR#i4YjfwCm{$#C+!4|EfK}q
z2qgP=tI((42VQwThnhU^r+2NYxzb)ZWqspjTOcq>5Aulss3+1zfv_tu&hV2if8k<X
zXxiWr^bP%xa3;y;VZTCUolbBB1+?R1C^v$&WJa7Dg`aVp)S)V{(nA94__<*LYN(}K
zj27B-sQ3Hn!x>D&foXz~SFzeGw}b!7nZ;%<C(8j3kZJAh(G5iR3P7NiIi=7EK<ygP
zDLM}E(}0$5#eJ*+4XFm|mBfR?w%DV?kMUs#kZ0vb1n#m)f&3-Ycd?K?+AjNLu|_GL
zLo$B|cpeiVWSD!vQC=duRvCr!`7s$?!t66bn$Py|b02YOSzT;AT5kVw#AON~1QZb5
zEU~2ppyXufS^)OF*WadhDz6b@1(@YPb+<O1ZpcOD{fKZd06gYWRF67P<}>3%jJ#^l
zgnagNP9tY;9+C(7MX=!oXs%G!nwEO#j4G7}E$$`C&!Behz`a|1wdFsVwlLdU+Ne1B
zxx&UCP}O+d^RS?D%D{dag|pyry+;*~Pg7m1%zWLBfy6>Iu*hdXZSjzjM&R@Voq9JI
zL`rWPLhWv#L^>rrB69Q0F+TBUbbx=vqJVsy365BaAO#Rw{nFaLUlYoE$!1{rycBA^
zkF|=+dS#wKRc2d-&I|E#h6__|`v(<{vJee$cUeN{s|R#b5^n1g>6JEA3<34g3lL}$
zFqj^~elb)*Gwr9DD0>eY8{!~Q9GbH?9`pk_#A_$UDZnst5%RqVjy4{<A+A!>>qGV6
zBUAvOW9W^4y-s~!gHwiXeFet*8)7x9nh;af0}}dcZbj%o0HCW#`2y0d3s-Vee(A&7
z<E5X6LP?%o1d65A!Z4t)&TmnmLxdogt}STm|2SH;w2QThv*kR|VNOM&2vE*E1kBW5
zSW8T)<#}qr@E?1#{#&JkN~rtCd;I57{#17VzVH7tLH{bW{AX1DGb(=y9)A&F{<Bv8
zvsV7IR;U4hzt}i`eD(jt4yqA!21MKH1`6T}qPp%Vs5s5#49MJX5T${-Dhu8U103dn
z%`ERH^dq^#mASzY0p+mY)94@X@;~@+ci-Vs&VGBn!ot2EIbz7FW{!a9!Pl^GJ(`Y#
z^6?jIUy0jEOhoCi+sS{)1t%w>iX2}35AOQUIO;8njr7KVopaHU=e<{X2@{+B?8FFV
z9U+y1O`!tc%i!gz>`{IcIxkX9_iR<ZO=wLSnaog*4pvKS^J<Y?R?L!7^G4q<{SBON
z<^5Mcm)f&|-ss8wiPg@x^8&gyIClkc9(j-5I1kZCJ!~vR_^%Dlb7nr5l6$-_a95~%
zPOf%nBA)S$w49$=tNXM90-Ol?V1~evCPo>3;mTmW{wBYO3WGrH=OMHcC`tpj5j<M|
z!5^*pF}+;WRuI<vfG?xZ`F_dD>gz|IfTzCwYj-PJz2szjOx2KQoI<TuzVi>t<?X$V
zT8^YTxnK#o$<8v3|2=l?Hm8|9*=|J>GpQ0an`|y|@|jiR`5O4(OyTvx?uYS}r~3}L
zPmlEI=RLk-?~u<;vV(Q0&~mcato!zVEX=E3!8FfzZsJ@W1-9lES|m4XZKq5Ih%uhh
zNbX#Flgu6;{QVL+R|>^mr$!Mt{;TfwU;pR%|Cea*PlL5t^d20#fz5LS2U&&W2-C@2
zQ+ctmuym>&e+`y3<Z8%hEG2hKsg_aB%66j7ckDd-o2MaOrg86Q>n|C3K8`zd@%8J`
zIr$Eru}7C3xN)d4y}hN7*{k>V;Ge@e-?A0SjJLlVH9hzjhvrgy#EEF-8gZ-O3(YOe
zQyVCD)R{N^Sl8>#&{&zIx#!yZ;OOVdrs=%+zxH3dQe=}!Ffc=R&U<=FNb)l;v~T$G
zEf5Sg4;)D^v=W$bYdsH44iD3FU;OFa|3RUk_7t?R)nkEPf$f_6EH)O$cPyJ;t0em$
zh6S#7k$OI6(;nu!^RRv6>}|2P9CZRmUQVmay82W%&Qt9Yr~Wgge9S5B&jr-oFKQhx
zp}Ud!GnoYL7ro8$Iox?l8D@LfnrV@1aQ%Pu%zw&6%4k|Uw@=}BL&z}%yqoCHV0C<h
z2Hqn~C)I`?o;i6FoV4t}@a5$HIE>+4GBbbo0{rntHimqvvFYN-AD?iR(l=*l|F&KD
z(p~m<Z0w{~^S^;i<8BGhovm6-E-?I6E&s2O1eiAkA?A8$gmiDDUbpIs<HG)&%WyH8
zbkVrJlN~S{wc90H*JMky@?W}9<r1i7s6ZYz=GHm$yN!QumzbdCPpAae6}=}YP4=7P
zH)JIK$HVi-knlareiVzij}!dcqy>&LKXD{1d0+8#Qw6tdAFYsUSNS(~Y*v6{?9OU~
zKHJ}>GKw}e%xYWXmp!9wNNU=!fbWz6TAlQ&Nc7(bS&cNf`|IL`<9`dZff+wf`NITE
zK}`YRcl?FHiA5edxljL%jZ~=Yxp5MwiQG83EBN;(Q#Lyse&XT<QmR4r#?G77s%vKX
zIbM$c>QJOzUT+GG)qS0Xquc5MGAv@xWM1C+<uX$A+x_Z*@|Q<?OJ832d`+_C40h?Q
zZH8NG=cnRD%~83>F|x7I2ro^oBH>f4NdB8wP?EHal1rO<zwMQbuFPHZe%xj}C{aT3
zQzCgzna3C`cnxgk4s?+GMi+Leod5afWk9qH<dCqk3=CbhwiBGYt*1Be$y!SO@7I79
zaUlkq*G6<;vfnLaCQ@B|f4=AczkZaHQ|UDMBy`$^CF|QUqZ%*%c0jm}NcVE>DV=WN
z%zzAMD;+aGHueAgGTPNs7Vmxa_r0c_s=RskscO^0!^1X*t#!ZkS$6&#56evx6g&UE
z=kGw}tXyDRTwKP*zP>(W_AY^NQ?{fE{r<=QK7%WtVPMfqxMu#C#qN)@uwU_aFF!in
zdNNrs!9Y+i%JbjY@Jz59iSierqsQkyK7Rc8ZC>8|`?E~HA7G6tP{t))rAUSJ6ZV7Y
zBiHaG{4L=8DYpK1y8soZ?D9&GRYERe=<i3tDYG9cJz^s*E$xnv)sv5KwkpR*Q=axR
zdI)|2q?|FvJp9f{8c1&$>iV3y{c?vbmXGS{_!pC|e2DJ!jTq*cAB(Fe9J1rGeqY4r
zOp;}jhp>GTAre&^*X;g3?%q5e>a~p@uZa_*JxkG|MKPA_p<>daEG7GzWZ$zEk*1O&
zOA8qkijjSptc6l2#*%#(%3eyAkbJM38Rt1YPbc5+U%%JypYw8LKJ&Tn``WMTe!uxg
z8|wv)th$+l>*_D*Q{Fq#F+5$vJyB(zQ<?HYn{jDpy}(cTG+Ud^mwwx`{qKEnDtPhX
z?cE&!Rx(%-uhO>1@UM9p!e=ltOJClel<*7_T1ZUDiO0SyR;S;k$?DF0Ju!1uG07Wk
zqm*joW5e1)doR4LTuDDAV`JE#Hh19-oMQ2AnFqXBRTNl64p=ojc-GlU{bn<U+S*#t
zl`Wem_5t#e_RVqGB_bYs&NOYjpDQ#ci1=P6=5`5rPttqR-aAqqts58XUnBR^V-3Bg
zrlt}@@6n*&pNJE>RzL3ZA0Xy1nYoDG(BAZ!Tdg0bcPoMEl9~?pVZjVxgR?`rCZEH!
zH6!pbc|G?BS0%<fILjFfR_90W4OSt`eas!~`CUKazg{hdIb^@9gC4*-H90!Q`TYGJ
z8U&}xyPrK&1_v&i3KSCQTj|<#c-5NaXR0S;HznPiJTNCxeL4i$W8{y^1)e&ydZm&)
zyIXLit&0^lwNQMNr770b?R0XrOQk#2U5sOyKYKtgk2lNbr`L<(0SvK7{b}pDV1{<V
zxf6*Dqmx?K%v?J}DtGwpRPwK4-6y(K9W;mrridqEoixWN@d@GD*|+tYq}k%n#^2B;
z&9a2dJH$RZ0&}zC#B#4MJ@KE{R(p$oPrZJkamk^@nh5-T?32)@nAQ{2W4(71e_pLJ
z(dV4$wsUFeRY#(vOmWBKsfsnpdTavgHPFoa%ue~ZNJoSBA4nw@))rY!@8i2!Ok7-J
z%7H?gy{$4Oe17s!`&}nRHhcR^mc0auxPhb8+=~<Rm=fdTNr9%xdzgIxg(u=aoX2H+
z5mqroa2xO0z=v^~@1LB_diR=oPOGrYn9zRdCxJpk@0D$&63@OO7De=((z3uP82XIH
z(5yx?E;TpM^w6P0y58@83xD;W-#DkTPGNXARsk;&RaG%^OXka))bF%q=FZ<b;B(ou
z$V)_%rF1lIOWTDyDX}?$d$Nw8?j@><ukn^qd%H{bx1f8!gog2Ik;-Bs2Zl+42ZL<W
zO{lM(gmp3*qxdkIVNEjK+WM%Uxp(Z0$u=cBjUa}Gd0AXIir@dB>_F(kox-lW7v6B0
zYEirx!J-(8d>*pwVp&_k=YB=baP{Ee;Gq}__Sqw)dEgJV$QPxuq57wqpJU<_7o7{_
zo{IcVoUT~4&8b`XK`7PuRqY}q$3N7r@1%5{9Oiz)XqwqS^^O{RaYx}hixUN-FPk#j
zuUxdzu;No@FsrYxKN=st;2lQz0;kXQAmhD_IaJy7;jCk-%Upz3HG|<#Fn3#)Fg@{l
z#ednK`7QY`GtK!Zn_C5IO6qM9rG<Iz^p=*E!dEI1ai@cWMCe7nUFz4BnLBxI143b}
zZ_GxldGN3_apNM*&&YPpaN_+3nbf2_@&HEv)B*BPA+hMCBEfrHPhg6w?fP8G*~b-n
z9Sf?}2P%Hs%Ukdy)E{`)b2D%LvOjE));|B@i7Bd_Ij=EBNynPSAO1K()j-@4Jf5uL
zQo4U$#{c;C%54}iF|j6$mq^0Jh$R2{tursccS^@aMQwYgiF4)+J7;PyNY2lf9vB#q
z&(r9p>7qQ2Gg4dS#8uk=|LHXF`{-f3ac#f$k6I~Sr>Y8`ep=U%n}bj&GRu<?BJ3Mu
zYqGY2nZh@g$xhYpJ{+OzvZ+~Hs&k!A_?%<@(-)yd;1nXiZ_F$%E-npy-b6FBQreN^
z;h@|D;gYT+ACCDdDiu*q<cF@HMifpymoJ;frm`=Zt4wDtH?w?vQc^k2%yL2U%8_8D
zZ*@8v^woBy8S8S9wiUTURD&bW%Du|mrC3Rqt0iRLACHD=CY=1CgW8+TP7Pw8Y$3=>
zkdu=Icm=de>uowI5bYn%UCSrRRjZJbR7}Mv&pi}*uBPYE?%YEil8cmtK$)eLNgwSh
zlR~IM5P|P}#TUOTyh%7DE>~?@fFX~%j1gw;<cCcg_u78Uu_XTv6n$Yss6P-suj`}8
zE4O9r>gA#tK$XZZ;htv9h6BN+M6ah7vhp!_)e8q{r5UxWa2{eqkHmgehF>2|-O0!w
z;J|kAgsA<THn~3kH~0w#W|{7e#zw8`<4&#;jw2u5-e$e0V-~HX5N{+%vjxlPun~uY
zSMiUP>n<mC|MnvDuU7eqEcDxPt!fI?Es#1A`Q?^poJ`dt1#n(_J&zyPic(Exxk{D3
zHoizV)4g_=YkmuV@XvK|E(Z<oy(liToWu4ebvfSj*iK4rZtjzml;JND{Huqm&-Gkm
zT)(|-2}xt%p2ge4D`?;g+yuN?u=JjnqbnAj(6b1<m(0L+;A^O+Bv&yq&?>R<oaxtC
zhuZpj(@sSiQ;~8KCf-bAutJAzkwRR0C~}SP7xzo9L*Cld)BMP*d?CM}c0x&CLsGSl
zGLn}~xiv3%eVYhf(-EM$6_PhkEmC;#ocCd*GpE(Xms-b>;;hnUDS5UtJkHW|xl8Ld
z>IN1uK{WGK*L>+e_xjhPU5FsKb*b7mFgRG|@^BX|u;yNlQb}v}l`B`?#+e5{ay~8r
zi%_u+5}G$o1bJre))z532@kbz?lWI(>dJi*Bx<CUjiywks*&4Y5#vpRdy9-Us4Hk-
zc=E7GtfE5px9`00^5_S`bC`7Ku_;NSB7kYFM+>^AUa~LGffP@)O8@9jRmb>)_%VuQ
z;}NTWeE#<bjCX}62RB>_SvmhV%Iz2ywhA=>nb^Zkrs{C+QFvyuy$dT<)#eZQ_h0bg
zI9@{J<TIP3`Nh5n#X1$|sm5x+V;z;UT7h>7Ne^C(;rk1p|GQUpI{G5=xrVto_1p>7
zjB`)EF2WQeZDnQkI4Ua2Y28tpF;fe{cjj{|JxfbVD>SvsrGDu5dqG{7vMuJpT0!nC
zvC!4jzl~JGpj%cbuLtk>C_g`c=PMT-301ErcZLEEQe_3Vmb>*$%*T5prpfXb_-G!U
zY9xPe{F-@S3h9Jk8`Uc7F)=^v-(#|^^aPU`tL<pDe@r~lqMDuhBAh9hqE3oRJLO|t
zP3|I<D)2mr<8y<h^;8G>R4(#SArZm_B`YgyYwJp>F`6Y;i@7}gIKEZGm$rewf9v@Z
z%wk|JB>M0;GZoyWnn#vhf=0!+j!m45;mfS$2@+viuaqAXZteByem~89hcYs2RwgDS
z_)bl^$u9Ox@R5hWGHgEUNWDB3s7io9oYi)uT6&V%Km2r3FqLa4krRj{AN^i7|G6ZB
z3X*>LY6+@HZlS~N3fERut$DiD&(F`bk;95M@bvWf3lEjB5T`|M%@TqJ%%19RrwQsf
zBlE-FJ?cGaB_kip?q}Iy6NdGV1(Hr@WMpW6T(HRa_n!1Vytf*lvgP4%fPInbhNjfu
zh+XbVQjN)*G`#)iH0xJHn$Wh8m??@&m1u^4?rVmF;Qd$@yZ=?E;2Zo)C8?q1o5%Pg
z*F=014l<hcd=<_xoqy9a&TvM_s~7v)++Gk8@i6;QUE7BvkzIwv7~C-N{>p^_e2U)3
zu2045>!=|sO$YvLG0jup!5520sUC2IPkC)81sVE)Yb!_G<8-J&TdEYHa7JaI`xT!a
z@1pl%EuoNX9(N4ycFBMi;jGchz&Ck|s9$lIq{+Ar8@IcT_CUW<T7BN=qJ@zK#?}{(
zgpkRkrZyKMg41frmpVXGcgeNcFt%<4K~R%ro5)Aw8vez0pSW1LuZeJQa476g@0>SU
zOEGo3l}~jlsz=5TW1eoGKe<RzIK~)zQS2Wr<-Bnl;e({9w=HWvwZli|VNAAG@U3EJ
zFv~oDag25d+m+o_V;xLSyR=EsR`Q2USJnZUt9E0jitQ6yLf4Q{94=r&E8l%`L?ulL
zY7i=ooEa)gscMcQFzGn=yvT4mtesCCB%)KwObZhKN1=JD9w~y8$rx*$q9sDOQ;}y2
ziL!qMU2r8*n>1BH7_W1tQn9Nu`s7`E7ikLc9|2fH<L4HgrSorCm4Wt0ZE3vK9tJb2
z4B<5KMPEzX_K8q;i*`D{+adgUc&5w5Dv9}Ims8mS!?M0&-l$H=e-ksH>LC6;BXdWi
zn5gLC`2ESWh5hN_OW@WVoZXS*Td7ZZF$-2Qm!0-Gbx4x6xi~B~{_gF5i4Xezf^)RR
zpO>c|&?69YUbkt*ht$7=BpA%bU(_%A<-`B2Jbh0<yX8J^qV^^}sGljk#(4X4lnQt=
zKE^`<U|;v_d3$W_DOJ_GE7dhM*~Z4kV%Y1cCVmMaem(akqeMuHEv>8)Z2eeivG#v|
z(=WeyutS-9P2j@=3YC!-3rkO6dlGVvbeW()tH-3e!R&_SqGvap5S-d$2Y;#{jNm|*
z8XjcXQuhi+k5w=6NIjx%n{s54=NDN6p65TxnnA!ls?lGpGhfBz3_SUFEd1@}nYx9Q
z{NaaReM}CVLdBjXWmJicSBO04xI0{1f7(*)4^N_nM19sE7Zt4H((`(uYy)CYm-)D!
zT2A?(15so{iybvw{Igu7;yWkF&CSi`=H`80Bv#QpH~1CMW8}`8)(_Ht>7*6;<*f<M
z%q66Xu*lba69X$2$ZC5;jnu?|rA}|zes7x1FI9q*Y;}3<PScY=JXd)mtT!m_q$w3o
z@m>Hte{#r+NDEQwwSbV!k8ve!zkU(NUms7<gM;pIXyK>U__WX<x!4Ow+LV1{D;=br
z^ZUb{)lZ}aw|_K^_YmJM(e{=FRRB$Rl_5eB&4S$S4uw1y(A+nUzQL`Ss&<#R?)fcR
zIgDElUcjN1#c{EQauSSM@az^Mniz<^E$2>~1%M4zJ`J1oF=MMK?crKG(CWGz1*vBL
zPpfd?Rc2s={P!qSoozSs(YS-FGzjUd%ql{Jc2vjOMUxy%b+goD=5>#=628*4-NS0J
zHn{}s+CJOfW7LmFz{e+B&nHk**?6_cH5H0w-#S^<bKeFpvaCutfv6Da)M!lxb$&3t
zbuCu*^M{Xb2UY);*}d2S9YQq(?DWpg&Zi6v3_=h3(X!7cXJIpO?Rp9{E3_M|P{Dz$
zvx~IJ_hdoznSF|>5<0RIJ|5easX;Yj1F$g(mwfqu$5%uXc$(ro00+~=llT`cr3F18
z`|NF~p8t2k50nf4UE%tJS}euHz#j5>J)-6G`_acOvXW?(I5$GqIn;{);n0`~UGz)R
z)$4(Jmap`qs^<p<FjofCHW}2T2|`|f@-N*jixf~PNSeua&#a`*TB*gn03xrm;M(TW
zG`_b|7x@hG-CcQ(;#RTUvvi0FxlditQp`ti8rsSGj86Y*5`Od5+;(u>Bkfyh`F$z8
zI{EqdD{I;TSn&l)yY6WF5K~`OwFXiYtNo;<w14~4cSKI1)AkHVqMkPQ1F#<be10@H
z%gqE|p5FM^-9Mfibt8-5yfj*aiBwIm@&mnUyD?l#eUW*#&=u;xzvuJMH~#<p`{mO6
zyrSu78&jqfRR>?NgLzNh7Ws-6J%8M#ys2XJFYTO9{*%9I&_9>FU>l*id`+ax(SSn5
z2j@0Gg3!hxLQ7?wj)5c`vR<`Vi=7P5bIhAzrPbc?kwZ{4?Ysi6VHMvyYPoI+!5yib
zRYB74sBnIL{eRckHz;ou$ZXn9+lk+-mbPqV6<FmR2X<;<@(lq#zDm4l9o3Kj|NG@o
z7heeaBqXlA;^M)^lLvzL800@^-ofI{BrleuLMfvGz!4k(OoOlCfzY1C8hw;yPk#0z
zQp19eP{`7LIDM8{;#@*lg>saTibcm)N$@<|toB0cxvT<tcUe<mNYnHG%lC^{Khs|w
zlV<+z(FLFfd;Dc)SD5uWz$Lu(b7oreb-I@b@7XZLJM&Q`Hwq?%n^&mPrgVOBXn(SO
zFG}e(SYQ7@5EBSbft7-IV7lQ_bO792mDAVPXRS)S28AWYXU6{X%fU;6N(9%~hA>fW
zbR->^H7>j;-EVC6FV-@L_1LyDSr$r{Wk~-tbH4S)*NQVtNp>Cih>^M&SY0;&`jO{~
z4T6!|`F>d{A$_%3Jxs6I!;nDm+6Qqo<%2Ty_n$l-13Dfa9<C>96aTbmYCvAK62pJ>
zz6F-wGZ+)nZ>A8;XQ8oDWQNac&wYN~V6VNJ^}sr}7Lg)=KO=EyG<;RXnz^)A+@@}X
zG?<WYIl~&%`kh)DNCAso^1`gZzrRN675p|W;-ynRJjx2#E;R^WAWp?Z<N?R0k|Blp
zg&q)grE{8gRw9(?!3n_gC@%D3B0I8V)$SeJD09jE7RO!zae%xdb@LjwKvrsapK=@W
z_2)lE%F^B)<tPI1Fa1g1Gz^B$VGqPK(+W$dtNt}vp>5*-e%nYXI+YOn9t!bYV`JmM
z6>QWSb!Wa+hOC9baduJFCY{-`eGVoCyjz}`Y#<vHTuKA5`NN%+?RghV0M(A;TW@7R
ze@$%36?!I(5S@W%0OIi)KsCtu7XJNa%QrhIuh=a0v`*~&`Q<QA*1oiNH*|v$6U(NH
zLut29Td4r%ME6<1H}C=a;G+@J9=XO}0fy?}4`Ah}lpRM*CNL|Ru23<!6K-cCr5^j7
z6hu{ONiYhO{$gG6#fT+AnC;lhw?Iw2(-zqEklJbPYhkujB)nD62;N2!(|7B12R`QG
ztfkgXDsR4lei%gQm|FF=!R_HL;DU0~P$IWNpE_qaaB}SvYXX8-w1>O$$xdtgdlBj)
zYpr7Ec!eb-^!5mLZDmCKCd4=^1Z1QYQZe?7Yo0iOBI7#Fl>I*ivLE@rAP8mC@=z9E
zwmlU%(#+QYPd%GAX(lXXh0Q(*7Oa{Td}GZu?lpRvbt>;20O7{xh%c+jwi-Y+5(0K?
zR&=SJIYn%2A7a%_S-R}6dv2jzTTe=mKcFk|k;l$7rJJN703{ZG%?4@U!7c$5nXRw9
zSMQ1Ifa|iErSe3J(|{Op65aXUXNMiI0xdE3#UJq!;b3Qfl$n{yKUhuco(Jl}Vq0zV
zycX4p<W?ZWsm2zwXzHzHV&!|&b6++XfZ1JHP4${OR9VW@^3uPU8J;St6IIZc6nU_N
zp0~F$Vk_XAoS}s6wWBX%&fFyFU~CO=NM8}j9D<xUCKD!Vp)wwR5o^^B=t=f)OZsTQ
zmIF9k2$7XHTswGnGK866%L3Ip*ZqK{jJQxsfQq--S^$9Hwe<i|Rmi+5GDO1u>~lc-
z5V|-%G~_Hw-w5~FKYjnvE7Ota@C7jytG}^UP$0YoS}q~Pj@wt4psBk`+a_X^JrDS*
zpIU@7XP@ld3~(AifG)r#=^1t+as5&Z3#2gG_PVBpH1|;l-Y8f0f9oeLQlMqp+`9=D
zH6)YHhq4<)y!f&J)Q0aeQKxg5=V{aCB;`*dz;#h^<w&K>tUI~%p_eiO9Nl<z`D%ZJ
z?qUo0N2D{R@!^v|-(8GoE;ol=iR~`-E5jTQQWheg5eRSEtQq0B4klFKHqc(c(+SUp
ztsx)(3=~UgfZS}_Q2+&AA+w5baiyQIVLqc%+UDq1^^Xs`Wo`m;Pn1&0>P-@YCxD?+
z0^n%LFU;gx06^qE{ZI#7P<L7RF7{*upY<#V?|v76lj&<Bn?3VyATA*cu&${{{5+FE
zjVU?3!RJV}Iw>q_YF@b*6IW_7+@44FA%3j&IYg|9J!uy|q#a^p&+P~tUIA(cKLeI$
zMZOB2N1dYhlA^{BZa}?EF{oa8JT0IIu)p<O25riL5ngOt!S2941d$4f9l+yI;{rg4
zB_LIwSgyOm#qloS)wrpqFFCXCosPn`a?jZb&&tzg`<hj5NYfwK*Id2n1VCzjf4y5e
zD%4bN?Pj^iQpkc6tPk<i6azXy?7#R+sucW}6$8&5ETGTs%gXPQ<JfyN{$7*tJtBrU
zGd)omf0iU~$8(PuZ$RQSD?4L4;0Q*w7-56Zi>R7pjH(~66ZVBB%8cfr%lNbxfKgIS
zsxr2+T)+Fot>H@(&k}~l0odd9q16YNBc@w>bvSU-9$2%7KthoQC|;Ryo@FNx%H<|N
z1KKQ=c@9uhu5S0zRNY{}RWA0(Ns!>f28Z>X|LGEHJcf5fg~dh22XvuK(dRyP75N&C
z4>f&7l1L$ngsGSET@zN_;Q0E+S|NZ5Bn6tly0G2WfXMz82=oMgelL+RJy@~BUt)W4
zz*d8_my~F(@csg5METI4ko<U$&%M1~+_LsbBjEgy<=-N*i|8fY!0*Ba(r@d0V;IPl
z0D?eMbZj4BCwAR0_+f&qM^MS7u>=D@L@m3|;9@gS9I;y@7ukSCzcD+NGFyt<DFavz
z+FyPmQ0IhKNDu7G#TtwU>loI&i3NuwJ<%3VjS6uvd}AgK1#KG}8<v!MYE9t3&h^)7
zVX7s8IWb(!N<)K7#3SO0G?+khDNcG`M9!oBR*_|o?;&Db4S?co1}X_FR%Jx}N5)yq
zf*tAxu<?p`6Oz$tK#*(%J$npc7E2yWA(17|W7o;Z4;Y@Rhq8B5o{z|nH)j{I>b^!!
z8*zoRp5c3XX=bWuN5KAdd2V9^Up7_j|3(3<=S%OL+}+wXA8>O5G=%lq$G!o+t5$zw
z|HdYuBM?RbiFm}mBwj!L*5v%Dfem|Y^~e!(XdWT6t3AITLY_N7(y=FTbQ4dNj7jM|
zm-49cyLGph5Yj<r_@?=V57K028dRgDH|BR#4!>v#G=nykhD&?6k@2QFHul^ipuI0C
z!Tj_h5I!_#12<3lPyVY!gyj^S60}+O<|C+JW?S_rMh?;=mf`R30xs1$b*YJcM=)rQ
zZ-xVvwUABoQ<4yZL>dyystV@QUWah>qaShcx4a-M>xRAZMFgNqj>ia<h?%u~iqtR-
z_Rub)B=*du_~0K8hTV6w3g|T^+QqMP160)_;9jmLN%kGSj30wOg+}FR9Y*T;bFN=g
z;k51FV=<bo50oRsDBLf8bj0`U=hhtU7>fUO;k)|wf+Fg#6<LI3Mx$02fy#ibt7D}o
zTCrA8x;@3}6(eUbaiKlnMBh2R2UH6dgUM3OW*OyoYhiC}$payA><Irly)cAF%M~oU
zamu@*q>~ZS+VtfRd}T@nfXkIcsNJMXaU&m70F+)MfY<2)gbnGJP3=QOXKVq$<txx*
zcQh5SK*Mu#Eref{r*(Pe7Z|u6Jbt+KQxjUv`QP1HAY(L+2$76GIDitsgbAhRX5-VU
zioRPIgk1lMjlw&}fo4!kJ%&=awCE*elx&mLCeASnc*!^P&$o#o2yTs%C$E!uR-wtx
z<fpRwT*+nOjBB`)@MWAI0UT*P5MzH~fA9e?dINY=NuqvVff98;;GaYU`R7<SrDsDV
zjxf1(J110QPuPe>y1t}mI~?j5^#FJj>;Y3Q%jzeJMS+-x=PLqFY_gAYGo3nrbO)YO
z2AtDmlNB$u3h01FGw=FkDlRHLm1H{>MbRe1#UA0BiElmSR;;CnV(yXW>`x(}CTxU-
zo(1eup))To*TrY7Ftr7AwXcBsFNeLb1%S`&frj=qfTbx1jT92qbCOt(fSMz+gH~X%
zQ|fL9!kRPyKTmn*s&icgam~I4Nc*&AAyt<0N{`Quw{hC6SqQsEdxNLC4b<?oW8TZ^
z>aTfv;g-`wfPBVPyTY8&<hS0Gb3V+1Z2*~A|EBOIMBl++>`Xr0Ul?`N;8p(7qczY7
zWw`$J6x!J9uf~lQw$QX$%@+?Yd1|!397DA5<GCm4@Zn9On>N;n6nMfaisIBdaD}SF
znYUEqDnN&G9eb1_t>_Uv+=Y?1yTeWZgz-<YdL#s)uZd<4H}V8(o7==)CQgxD-N(rh
zHmp^fB+i}Dc;^7r$OeWd;<`-Yuj{oU$>wv4m_js^@5pAA7l1~6E)53l5McUQNfg-)
z1|Ypz%%5EhhjN6zwr3OU+7cm42&L=5+a=Bj>r#*Rg(c*L`kcS>+yC4GwZ|{2V-$?u
zJvt(E{&Q=hiYcrT5w+?cEbTgDDy3O)X(m1O9Rw#^AP)2W+Fg=m^<2JnStmulRm^c$
z)ffiw#S~PP?SW~)T*E8<F&VTve;s05t?2~ZcIWZtmSAzm9*P7|9ELe7c}DDa9l?4R
z0DzSc%)(}_Xi1g^f)^j)(&7;ZfMA!+vCuFMf{amn@}fCCEdt#I{+n&tA6?blY1Zuw
zj5iiI{anJd^5JI00UEug0`k95{<Lfr(~F0Q7Lmb7UqySCF5k3f>vUtuS%|*<^F5|D
z)(^@zY!BBS)3qkh)oZ<nc;#l)A#ZU%@^JoiF&tJwareV>g^czP%!vElEj%H&$^LLy
zNghBGbzNZ+Ft48li(GcP#J2@#t6D-Jzz-|2Niu@8u?w)v0{}eB*)PF6(?y_QHy+A~
za4D#YFS;E@Gw<9SpYO}xQbXM##rcYQ@L4S*nmvwJf#M=AtM1XiTP<2W{RF3%uvvL%
z5V+@#%CNmD+T0>uyQe3HBfPi)3#zj37`I4NGA_im_LSU_DR#j#c-tW_5l3<zt9;}u
z3@x%!D)H=OGPq&qF{rzFOUk+TW-`-F7a*k!EuIXR{T}eWwO6{K$6n_9`>P1{HjI8h
z@VYl-1GZbJpFO}|l_1c{9(!GvP2$#CtS8z4gEif~=1b?R$7XOYTPmTprIwG^_7?GC
z!p&mHP$xiZ15Ij`aZbu2FRo*&tV8Hh?iuZ`(bVB`gfI}v)Q0^R&VhZ7ezmkTh+YIF
zu_RHa<@?v}efw=Kj^x^kc2bhbF1s*6xN{JB%VCXKo6qNedmsUse*FbWo)xpeJs|4$
z&Ckw#2a|4QY{m+Ik`V%C-2kAnHG<FpvTw1;N^)sLh-NPE<M%gm((B^hw}M9|uf{Y2
zI5QA)ZuvyKlTXL+0eI_0mWNr>rdKbao)fu2<G0Y<wDX?Z3LQEXPRFlZMcQ5zH6BOx
zxx2`w>cXlq=|HKuYij&ci{TXzW#;F{ySD;CRvKWIrMzq0{7`N0R_^eoa*p?-bU1t@
zbn7dCb&^Cp5hl(*4pkYkhm)^wuJ1<3dF;Jq20tB8sPSpbUi!ga3bDpX4{BJ^c+)74
z(Z^fMaYAf5U;(zPe^Ojp!JMx+%L)kiyFN*$EQ9b8)jKXtw3pJtOJ*=bg-RJa7v*Kt
zamoxPB*C6UZF2ex3ewM{%r&8kbH>NhFF{*CKUZ{LCAiZK2pu!JAl5ND-lpH`#pR{y
z@oiJ-*F<#pR$s-p(<6MtY~V`_-C$Y~z7diS1EXLyE|I)lY&uv4QvCf-HXYOL6TqgH
zY%Vnf!My+0AMckpb)W*9`YS$L1S)}QKzXt6(2XA@aGV0PaSA*OYM;C_)mhXu4*|yl
zev`Ra5xGtNLqr}vVxe?@rHYsEdK2tf(w9o`o2+2iSt-``9*i(n;CU|iNaQsPLP}?~
zJ&8h{ueGWtgN#RqJ!hxCB94nDtpJ&y7otmpZETp>1a7HGI=;QbrR1#`D#`;H;q#&4
z{*ExUjXBu}@%&waW=iHmS=502=NzBfZ8#<t8&b@F$`&n>`_=uec_Iu7Wf~uxla3=I
zyDVf>{QCXNt441Ew{ayHYcrT47P7Cv{UFzo?_mU7*?!Ab?@!&yBAH;A0GXsATM_}^
zi&YGl5ZVIC+0ah#iicXE!oekJ7=OpL*&<eqV-RfR4d6J*RO&7mDdoM5QGqI*UHz=g
z>^GV25F`J$m&RYOKlvJ%B;S%cVm<Au3yz@qwfe)*GgKPgL<3ad7D0vQmNhlB!t=kb
zFVK;|{6_Ej1$&J&KJ`*Pb#6xhSI`ck!1e4B@H=<Cb}Q8B{3W7#qykuMIhlr{&)ps`
z0AWamOY=JG;UcP^T9j}GL@;}k0a~_xl|{|)EC3k4E&*U)QxBj<eFOLYMl1tP2Hi&<
zJVe|^=Q%{;<x{Jm+5lNlz82y`jfmy!zn?!ELy|5e+BCC2fCAMKG*LR=R<=_GO{(I-
z3_t&N!sSqXf#>XrjUAC-7W=TU)MRCsRg2Orcwg?hRJA@)`*z84mTKB807jHI;hr{w
z$!FkE<4U-ry*~@=V}R7alVb+U{#s#fvoUANqpY`*orA+M<B~5I{>&H#l}=b6?Rje7
zU0eiUdHU-z=U{s;=7axM>h{|zBP~$yV}zv`I1?tip$uW8NEGH`3QCEef$T2;>`H8Z
z1Asan3Ww{nN}e4+`J-{s{Wz;BTrr404K8gUs}aM9s&u)Ms32DF3^6=HTP^`~dxR}(
zBdLcbsqXn*-dj>?%By(opTW!jK61POy$U!yA=Mzts7Dz{vknn!5iO(oCYCHqWHb;Y
zd)$xgt!#$Wj<BB*I>Y-Rb&7bs`qG!HB$J8$n%({~Kfe!UxIjn*WuPBBfb1t|Xc$<k
zPuzmg3lZ)$f<I_J><nQ;F(OW{-Rsq-dOHhZ(h>-6@6TKu0sSyD;7>5l+<y>jo4J1&
zRSuCE3U!`o>G;W-cX7hD<_DUGeSzvP`fPB<H*O$O<j;_*vhb<Iji{}f0i@xZkly(t
z1n<(*FT#vW3XbeL_FK)RMX<0ZkvMv&F~#Zhl*SvAdWB1FZCsB^Y}*c9ce4Cg%DhUx
zQdJ)oB?MtvBcR@Q-`L@QL+vKq1qw2_@=zwBbXJt#2k%X<!cqoRLO!OJ4zQAG#&7Se
z@)Ls?Q41_U*yd@lK*rlDfB|5i$`=tYNg%HK$hSWy*D@qY>3!9q)qcRlu`d&lf?0Bb
zF2IXdtqbXc5hM;tD+ecF!CEjAMDj(m-fQi<{q`0^Esw0@J9_j5yb)W(RBh~bk5W0w
zr%obMm7YIEGFu(W976mhVVvbJO#3F@t4f0Oi_!+kwZ{mQB40K$7Gc#3W(!W#d-c{W
zhzM`=Q%jbr7nViD4j|$${G9A1bM^uF%4S5H5F7DKm975m)r&t9?-Ev?jJ!gp;zijy
z`@MvVXm9UaiprdId-t)A>eXFS;dZQ!KCYcnp`L-_C3}d3#HO7?6{aT8Wgfg71myd0
zy@07)dg47Cv2VeTk9)pCP*@^Tx&Lm^5l<kydJNr*rrmriH%p1GlIn{@_Ch0MI^CqK
z>y}8xjZvA-qzq=t4^XSEP$e5mS2hmqK*bRl&Voi+z|h@8)w#$Q4)u0?FW%b)7S!5i
z0IrJTSJ6F}48E$Ad3aIV)dp7)sc!jf`*T-7-=rE0eT}5_HI(NNK#(Q<p!I`@n1DxV
zbFOyMkCVfb<dKdYB0H<pG5oKNemXFmYWQk<-nb`(5PqX}2QA|SPw^P|qWDna%Zp{?
zE`>0gOzi~Ka4BcY@m3G}XWjn$P!MiArnMO&pHv(~`wej6l!YH5w!Vf9;{Z9k2r2cl
zq+~9Sbw{V3`a)!I!7G2R8Pl`3;H`XA?7ATv3lx#N_bV9S`jyUpb*%|U#j_*0sQh!C
zh3Y4G=#NGKMFb>H=XFU*FvF$JcMh_w61Zd;rV%3Bw%93Y`E7x+M4nqjP_AL!>%v)p
zp4-<^;0YEchLXI(gfzxzn%pG7WR^^fc+9AF_XX@y@PUYS9S&d^vxZ2rY48&6$vqrP
ztPD`h%&@EiuX3K8zuAJPmY84t9pU8zlde>?$ml1FxH}_2-PGcA412yEu<Ac;lr?~3
zq&fJ=A$nGR9p-*32t)mx4h8>|lU6T=3QWyz^`}`e4j*Al+i|NE)N#Y$fU<#=sO#tS
zuwBg;&}!>&K)6nOyDRKzoTsi-Olbsy<3+HrHvL-=CB+bIy3IfWbOY*mAs5TLXk{`N
zpa04H<SIl;K;74b<a4hmX-%o3A!Y53qsE;?=;t`~JJoEeag6A9l?U{NqkF=eg!am<
zeR7mAO8E)A4Rsfwra@j~950XqWTHiY?Zph0Go5jEn74|UNj#AB(J|S}NcD{)$j(h*
zq?4MKpG~&T`54^fIyE-PcED}aywXCWX#$lTeI&tf+S&u&b1^Cp-mzaPdl`QTbxWU3
zXq<p;`#F~4S=5j}o{<fBG73@+fH+?B_0`s&sY*s9juKRDg(`GMMzc(t(<NX(45)PP
z5kV1_#&k;Zp(!<g&^%#C$E$nnVG<TyohhGjh9;F1d_{tzLDKIy<p1HX@S04~xO;Kg
z#jQDxWO-r&*2EuhR}$_JF`{j2OBDqyl50pxzEB!^4J7buQTB~IL_#_#V-6@<!)@Ig
zU%Z=A+nK8?<#St6!|y9%U8obw0ydpvFDVZXTnrxFgm9klnh?mk1U>yW2g(asxfr6L
zPwsZ<@R-;DoQ~s+tRB<jeyctD4xvI$3B+p+%ud!PB}BY-oCh`^k|gw>ccJwBJ1~{x
zl)A>u-kya*YDD?t9sEht0BszA3X@*1map0r;uqHbK}-9b<3Mekkjqe`e|WtRWO_Ft
z2o181Hu=X6{LY#8?INfV93b;Sjjao#@8pc2|2uDrNR~u>eJ*myE_x9}sFV%%2%uPA
zim9T+S>DLVi1Fyc96+QSI*#*pNw@GtOh6wuiz;)@8H2~_aH@?X$VY)}zJ`n_uli?E
z5O*bn)N@I@y9!>IUYN-ScE=Cu^wLc32%31VJO}SVu1=dH$u(|zI1WDWHOi#`KHADf
zYwB<yYT$wr1q}7_yl{m=n6XKhZwna1F6eJ@Yd4LLQ}jWBOAkTlvw!?0-=ea4fOWu{
zRD_E0@^aqJkJxK>nylQTp=-kexlX{S8MIy6q9|8}5g81sA>Z>lRwEJtZC)X_(LVX^
zJz<krv*2=#5b9L5@=^$DSyGRaj=_B>2xDA81bMCEu6#fhStMf_^*RYkhs%Qb%cjN#
z>JpS@RAcFxSYJcfUso#=qzJ_fH*$APEdK-4i~+OCQhWelipjHYPqOT9sjik#B`I3e
zJAZlq(jKTajO*~ex>)ni5DR>Tvb5OrByyiaeyjapunCRaI(8({uGRlnD)Juz4f3E6
z(e!V8J33@+&x@j45tix=KmebmQOfsF7w2#rXG$`Ytl6*n)&J@$DQ=V;pYm_rs=2Ac
z+T8pGOzyUZEulRyQ64W*lX37eUYjZUq@a8quW!rVg30p4Tw~osa3Ammb2i`4h|(Z0
zk(%#uT^|8vc}tv*X_?ELZQjNaZ=NFZ0~Z|PL?x$M*bg?O7-&R^s8{G|PmgC6Y?gt>
zbl8j~RrtlUGmW6Leg?vKZ2NxIMNPw2d0}iAsir^@YOLv4lU*dy*@Wa=9P~$BUQ*Vb
z-V5U{uSJ>X%VEl6aH8r3MXbjn)9FzyRss^{FjjjY!aa=L;;eoVYB5IOVeF*Zo}7A|
zK6}$ZJxs>)l6Z&r7Plwb_tiYUfyxKKz(mSOBQWeqZvj$BQU{8I5o=B(bf`34QAKd8
z!S_P8(3zizOL!AhRrHU1*bk985fqzfbEAJzip{-)z-*4PFji}Ki1LlpgM^u)P_vU>
zq%4UaGJcX$7%NE7%`FGqUIUf!CLqel_91dLa(7bJak5{THyCgH;5%(In`If*NcgF(
zv&c9r-935mH444-Ged$qDQZW^QBj5&y#|@q+Tp-6sGXXg9mCd&GHc!gE)dv!1yy<4
zG>jr92>?9TxR{K1&=FF*sRy`)lp++^n;bm>oswT}dH$=ME+IIq;ZD9o%s*MlFQAng
zX<>;BD;l9m@F(I-f~~kklqCK(U1Tv-5%yE#e7xyU^vBeRPY<sC^Y#_g?dNU>v2a!i
zhr5D<EU}1vkXcGB0Jk+4KcWy2F%yc4ix;EjAXF-CqdAS@k2a+k6dYp_L?jxGh!8jd
zGPXUhLxhY%r_g`|@@iSQ`<PIkos&=lO4sf{eODp-uGcL7vk*{igkoQ1=p|_w56On1
z3skd9ddN$!p-Nva`|SM{rY<mYHe(VHu01&c(ml|snXstA$EvlcU>6^6JU-kZa~*<k
zkTG2dcXEdg`FnnUwY5u5X6h6rTvFs>F#=o&%hF(n$5%_Rdr{Bc8_r&Oya~ssmWVGq
zXNpz31n+N~`OqxFLmc^Rlchz_SV=9nYJ+5Rd)~X$&rp;d34soE@xkSrYe%P<L!U#T
zti{P6sjz+Z@!d&PGF}4St2Q@V-%^_q_L5`z1WCQUd)N91^BPw$`0HhUbgu43oFphH
zvIhkF*I)t~NJh@v@sU$>KCg&2apSrk7!BH(F3ryTZ<WC7$`WCgjsnr6&)vAQrd(<d
z6}|SU6j9V9MbxJer$aY5)XMw@`5h2=vCBQCK4x-FUt*X1+zg_-5~CU5NbnrcF^9@Q
z)9x^HC^gExN90%GFkGU<bV7X(xZ(|{HIIsdaobJhj-Y)&0lS9lcVKJll>mOMuuBn`
z2mKjwNx-vr+7}8rf+(hOdP8+sH$V%GWfbf#M=P7yD-g<n(jhV_b`EvsA9b?dx$*gZ
zm}J(<b+Q<DH^C|1_AyF~S25jo4^h-;9_A#chV{FaQ7zkeBN}BwsVFoVG;7&$ou$kb
ziP!Xn<>nKYNIg0nE<A2ZHAhdp=V0U@UH;4`yAl+*iAft`&)5Pf#qGj7{i=7dpMVni
zhLU)baZop+9R3P?GP(T|9#f+?p??&w|BWc=Xu1jby2|~DP^KAzwKr9&a8*Eb71cih
zS8(U%MD%;B(6uCbl!{;$(|CYM-RP<=>e#^ThZhy+Ex<-utcZpsw+R1E`ja)}`^dN<
zqRm}Oq0BIU7U)BKa4wF`TZBb(fbPt~RRu0MdG!_xA-edJ?;(@B1=W*SeI|v@;;XBr
zB_MWV(Y4JniM9+Y;-?o?<#vSPT+{B|Ny!<B@5815$1KxII_{fh{zy=wj%gI|1YK(4
zpo@cX8jr8gKTqpFk0{0UfO6}Tv^UgoIRjA*V)>%N`w^7-kWI@`VPUwpJgkB59`WJr
zA;^Bl6F;C)o*)e#@&&g0(5gmV{LErhO&f2&X!nwGBA4PNvX8Mob^eR+>frx1K4$7L
z69(3PuZ@*v2{<sWmB7RfqlNB6Mq7PRt!?^nv`R*hdS1AQ*$L~^mw$bdDgr581AH6q
zWFy3$qXlGYk4%<`(krCo^n|+jrJ&n}SX8%LTy>z1f4*x!Wtm{SYJ(sruj%cdiKD@o
zP$<!`mJWUJW3Cu7UI3s}=TZjLpPl;dj+(l<9DsbFp0Skm(B&5c^eXR1`eP$bTf`o`
z`WJE?>%2EP97}{s;RD%880FxS2KukP92co!fy;wo)F(E4bzN*<57gmr5tc1KioHlW
zXAu<>(FV1&CJqLaj5b5+)pS~DX1>7w2O(6uj=v~N4ASEw3%fjaGXoI5zmqn6KSaU`
zc9u{BkmpwZA#=f^5#}`xOkaxy@Xlhu&v*p(ooj!K&!IeUENPJch)owoAHUlL{b#EN
zSKa(Z($$CyT{jzz?<$=|b9mrZUc)$OSn+<~p6dp-BJ&1GCm4mouX}RsTo268Zbg+t
zL_CrP@lp{aV;nHW;RCB~+_ks{yz<UK%v=M0v=>15HYKT-GM73{CdT32q|X=M+Sr6T
zF>n>9fOJTTb{SGR14Tm5GFXpBj?kkzHQzODbHsA57$%-n#ugku&boZ}^l1NjsKQrV
zIc#Hrl#w};&vs^N%vWxUYqZ5JaG_H9K&>r4csKsa&z6E2-LT4<;G8}fQyODZla&ym
z@0jiN{J9%3N;d*A`B@080ua>=)2rCj9w?O4izUpeWXLX})<URbU`AyGNvrzA5QyqE
zS|3#*BA)qD0&3H(DRq(zf>@QTcBhzH<Q{=5`b2O2%%d0<oFGiOZ2)bl8Cos#<4ZQs
zXg_loqcz&gE2dv8TWuWFu2I(xnuG|Fx}brlt+9=4@(kJ~T~8kSTTXq2^@gffy2B7f
zs56=a`~g!;6@?0O!na+Sv6C{&J{c=B!-Hl}NZ3$R1ckw9&Wm{*`&_J}OW*bn$6IEa
zG>k2#2LFVWz>Eq4(4Fxph*vhn8u>#Ya(%_dI|s}jujLK`#~!!Sk9LFcAau@FKeP6u
z!>PT8sztya_f94yvJAv(T@c9J0!pvlOhTj-<}Z_;v%|ARF#NL)xx4!Ymn2oHgw#!R
z!Rgdb7|c#-MpvDLUPU)#_vfs$+FY8#)<QsI2ZhMT>JJQN1~lz~IbD44eqrb#?^XJp
zjlB_`(zZ~-&j$WEO$HrSsaR|z3}EO-Z8yc@HhYY|<Gm$$?)?i1sM4pO%ou=TQo^@7
z0^~Du^6^R8ZRQdTadboUO2K^TA9I5VncMNZVuMd-sdAO8sRPzwB5`=Id0-JrT_*t6
zNfAcn5{yY1u~=HzAV^X+%`jNomIV;gpULN`2m+BKV8(gvDk&j&TRJo#00RXgQZ{)D
z<v`~j%$!hGm1c>%V-^*|`3_2p>1R$&$rB#Ig!!(X%7}vIuRzsQkPS^4BPiABTNHHs
z=-F!zLk%gT=aKtF#Pt5q>X>VJ0_m|EpI)}$#bvuZVlG>zoX$H-E*CG8UTFoW%t^^g
z%b~=7GExPg4kt(1!%n}dwrWP<_pxmg%vE~&T8>v&iodxM29o!%G_>wKqwd;2*f$7+
zI5jb!7)?mqSH~Oo42<*z7qNPaP@zk7dpe`39*iIlm)7P32T7J}7)OWV%7eO9R2>O}
z$!BZUcw3TBc$|*z)Hg`oeaRJ439nT9A(aDiCP~N@z#1lO?uDxWH;|b`K~d+om}Ofb
zX5f1gx0Vy;FXfrcGFu-6d5IZ-AH4vDrY=a4DzAj~XGrF~eGc>QCP89eV&9zobou|h
zu1I#eYr@bwOK@BX*LZVMG^ke`{|3GytYdIG3gwucz#vyM#H;?1Pwl=UOG`cs#F=iR
zsAQsMG^)r-^n@5~SI@V$n(mdE-N>fzbV~7oR7R3_V%0EAO9wnXjS_E0H8%<JN86ax
zo;g0RikgYIbW*BmezHXZ4bJ3$hpuyh9!$t!=f*3lBf##QgNncbR+x->`W(2faZ?k+
zTl?W2N2`chX=3n$ltgE6^7WU9)J>?$0}I_YI6MS3%%ks7-ubO!UrPB=o*&uZbBd~>
z4t4L?I(f_;5`hZYkbXa((I8wxQhbmwLn!8U|H|7ZAu2~LehpreWLpBtdr-d#lE!)g
zZ!{5x@)z-~kAWPlZin(GyIYJ_8kHHATz?L22+#jvjN9d**wFL}m4|>{?<_Q(T|3h%
zgx5bAH>)bW)#5Z?w;^EBnCX|5q8^w!zQA~Ge<+K?v|V<!2`T;_V)$gejF@Pxfp2Vc
z53<kQ-ZDQ7p9P#eNCDSxVs{M{gVV|cp1p?o)kkP(V2hRW^5@`zwbd&jJLiU#-uAGp
zzr&>vx~d7RIN5O+#C6X3>R2VISAXNU1=Bxk-?VTT6@~^m+JsVP-To~_<+Q`}YZp-4
z)Vxfznqy&zEYbCuY^h_O>&3s4_Md-Ay~9F~hcUXudk=(9VkDuz{d&~&H4HtlAqFj&
z#}r9}%Driw5LAr2@5J%J%uTWXW)8SHqCpl?{qBIu(om_*?YDwj5T%{&cxM$N)HHT9
zAI3w4$#<@KR8$3p%FKy#5am2kAv`Y-%1lq~LFODPMKb9rFw)L{@zaTvZp6M9eeUAa
zMI|Mraq?(r2b5#){NzxLxgSbHnf%vtPL!RmOrx}1yAla27L^`UgB0(pNHTty+4$6<
znaPpr$Vv^s?f#f}vx0F=-*y5sol+3b{XGU-U`ok?wYCYOpxnNp6X2@gR`3O*#2h26
z6(Xx_YWOkv4GnEoVnR_9m-1lW-f8I!=Bif6+OLTzIBuk+vHzAL1}ZF#qUhOPtmAJM
zF;~xuVWsAkPLIGt?(Slz70jyYFzp+3^DbbmNGG?u!!TL*#B4;~^yNE`n%fHsPTh-)
z<UA!PNVg2TVJ*uV^0kBwf@Ui=94rbK+PxwKKN?EEtl`#LuLSO0_}2-?Hqak_zZ;9=
zWV_Jd_%mxNDY?J3?!e}Jvn1_OMK9He_$}9)X2K6#a#z!GgrVq6%eweu=gZG%slJ>k
z_TzXKAoy%=@ASq_cLvVOOE8Q0PbYRw>57KCkJVF_3?EE5?OEYZ{a6u~vRbF&I}HsD
z*876wBTJUjt--^8Mz~+>DXxAs?k%=kDbyH5hYZcPoQlwwsiuSVNlA|$6*fP$=+5O`
zU$0mhnzR;uWbSkS_8)@EI_0_X8q(~EaEW)Yj$YQ46G!3UNkBkHnsw=~E`k!OA-~R3
zZZ1r6%wc*57D4V)0s>6bhnMPcYRc@Z(|YFesaeo^toZyaXZXhJxDx8O6I58fc#A+9
zZVq!4xH^UMx6bshLZ`lkOFCM27J6lxzuP_mP1SV?`p+`q9|lO;S+@FCEt&ie#2g*Y
zOK>k{9~n56XE3L^RShX`@9u6vm!7W+vlIg#=i>~k27hJKu?}(5!0Y&A%wHCY1SQeC
z5^=Oy0NNfA9<6;-S9t;eiF($ac|<)rWqHgskyiy_So4Z-$r=wzs92eo7)#aY`G(qA
zE0b3!iqCZ(?2)o^Gc4Cg($Ovt6=Sr%?r9~leQ_@xxR;<NOMD>Z?4U0^CcO?>9<gw4
zV}c(23fYIdybsZi4=amy7$9A5w3O|no+UsrK;8JK|MF*60=k(LR509|m;>Rh4kQ?f
zP;E;l?=mcJ?buPVI8kJ{#ucedk}^gzFglwiW#Sg4=v<~Ic$a_|V)}qPqfFUF*-R6s
z8@s<iTo=;*YS^!|v{X5j!R&hBn}akdBaFhUk$PE*>tCjlekOhng`u6NaLFlWwWpbq
zmzY&U@~2!Yaf|BL?0ap8q-!ni5*DQ_aL5}lKb3p3?Ypg^a(QaKRa1J*+ETt-7mN4`
zSwQBJcgs<?j8M%Am4oJq`w6sP2(O1<Y}l)}w45knmKy+Ly*a5p;85b78m!xLGt|}8
zw8F$~^t4o$D&<<S79TKXU4;6=8$HBa6E6Ff?^rimu%uJ*;a@a;<8)qHNQ~1><DyA|
z@)wXLrf;nD3+JW5mDu#?2vf_2Za<|qvBA0oGw8wZPSg&`x~IKuF^7h~$+#1160cwi
zJdujCpQ>Yg$NJvA8kJuC7bb=q>^Ac-uHhPWYjf5?!o;iX?@QZiwW~`yDVF%k_xGrW
z1j9#JFy!45ub!ZHu4Zd}BIx5_a#Qs2^;WIfY17KFN`KMT@`snh_h90#{X_qHYKOFU
z!uowb92HWcZV@*F;mT^WsbznyOGr%QW02UjAO*~i;MHWG^Tw4QUs?{g7F!?#r!ZMT
zL{SB8-Vf3chn~fnXWF(k<8Zh{r7&@U#JI~q&F!3|o}i&YHdVre#o3ct7WKCG($Lti
z&C4tF;}E#EKoiTRHQQd?uKoFq8&bwD1GR6R-_~|D!y$h+<awn4=rq^&K2SJ1ubG5f
z^bBUEiY5LuS-}H0MFrpUi+B2OF;{_sBTa{hSp^R!ZsbkuA5PXzIeoyYBmaP5x#GK~
z)ihoDS0gR2gVz^k+jH6)GOr9MHc)^Pz&9IdX6>}_28MfKuu~4ty7l%@7i+u&(nXE~
z;|m@GtN3EpHx244%@A8*t*<NYRwZZ|DmmBa<-6zT7QGux>|bpaUqkwTQpkIEFSC`Z
zdDDz8gGq4BvKJX7E_eri0dd+U3A2If^{ifUKY%KGG4KcEr=QIpC7jZ71Wg`?Itdy~
z)i+bxlPGy{+*&uoQhjG?Q?9dB!jmVd;x^6MsU%FO^I(0(f|U)fG<p@Z{SShOzE4>L
zGuJgNgE8axtOdL7X=`Lf_?9bkYA(IHBKDQ-!qFXM`Y>P?%MR8_pQAVk<v66{ZjaN`
zg>SubSV2?k$enQF!5?gt`XBu;EI)pC7ZicYtikCflT8KxdB*qdH8CvejC~H`;XvPn
zOV~eBdLUKD@0RD(U;U<5H`CezTthkxfNH^&NX6lpGn|)S%&vc<{$h#2!uzPv*X}Rj
zFf`f9XcjzBQ|L@J9QcDwAc%b}cN^ZCu>ZfSvU1;l8eCP_yuR~+lPp*8g5i>uwcHTb
zwqXq|DNAYV<UR&gkKR=`gqfy%f%zbzqvfS00T3m5*2f2;o5%x+JgezNb+c@3SXfx<
zNlF}rp&v&A&pn`>1<gkNuPBN+4*y7*gdzH|iwV!%KS4a=c9rOI8cwArDC{n6^^6R#
zdP3M6u7xLn`Fraa=zkd#3Re!Z;NY}#krpKCW+i9Xv;<d#_D7QWX)pb+Vs&j-pgcDj
zvXuHXBRP<k2N@8-Jau&Bq?1?Y+yEC468Y*BKISesLuGJ=|L~3jNFQb<B16p9@FwP*
z>y*`fYJPiKE8Y0!v;EHXYH4R-3Ji=}F2r@Gwa5!5t>_1*;Cb4)(;@@fx6lp%8567?
zr#3ekV!>ROPXnwE;LzUhz1z<c4hM1N8J8kWD6x7FMiV+XN#3;Wj>duFs`F$j9Kjnd
zxXC6kV|?0Ljxgey0r$_KyZZ_Bv@kU87<uKQ_A7dOAm6>FIMv;Q;GmrQs$Rkfn?eE%
zdEvZGIOx`V0gL&;e!&P<gP$foWYgV2I|F)NFcxR*l#VO%)ufW7YzDS&9>_edMc%oE
zUI6o-%l=<m0ly<W$40Z44!wKqebE!MY$+YGM#P-W7pb-b?}`OcshqA*r+y=z5&hz2
zn9hs)_bjzk??+xH<yyp(No@7j)zLS_Y+D;WMB&Qu<&=AIi*wS>3~NdgS2<VQyqx3J
zn0HEBn~`y0-|!fM-j5+QqfgBlR<D$0;A)6cg58%_`Wr$w!K==#NM0Y+13Nkk^Yfiv
zg(m4{W%~GFt!hYq(_R9G<%RhLlvRt_1$V|ZrIh=ky$3ln@dB8?v=;U^2KT;F=6Xgd
zJz&Cm=wu5}C5+n~X|l(~Qd@^>Vr8F$9bYa+IgPpS+#<ZvE=M^<;p0)K95`u@TSmCD
z3OV~+Hp3XXviJE8H>uB4z7BCg*%uPqJFfNhe2>D4)Mz33zb)&{<0Vm){bwC<bSi7$
zJTdFS7BqbpB<Ss9n)oo>y8&{)F6Xw1!^X72(EkW>tYL<H?M>Kt-M>>Oqbd4xcXufz
z!kF*p$I!wsc~oq&C?_KYVW2|qX$LN<Z`-YTm8w-a5SbEn4g6`D9m5ADIMDVdlBZVD
zG1tRI$y}vS(YK?sFoP;o7%F+WCvY(vtwx6RTjnnf-$FofmFr=e^b=~q6q0O<f@x2o
zd4g9Ts+l<xiMuw0EgU`VPiXqTu!Z0?-@}5Ke*7hLfbQpRyu@9(1rvV^$>V^A^-bER
zn4coUl7B!^Kw+t;mLoVsaM+@{5MGo&JkSCT+XV1DZiYuec3A(nM-RDV*b2d~Rb6~g
zU7~gkyQq2KN9)Fg1Y^M-(AM>z!l1&!38Qt)E!!X;I4$7_wQMqEsw~CPA@nrOQjWy@
zocN-tp>bWfjOx;F|F~Q8wJ`L|2FLCVw3XwdP`vhZU!l7LS7c<*bJuS}6CIw&JrE0#
zqd0F^jxvSHX}Khw43tzsMEorDN*J^qW5jHlYrVu->RX}x;UK2|cVzt^+qfWw)ZgKo
zu&<d+>Qf9lLdC31LF>s>@80^T3}OuK6`(a<_FEU$!R!rt+m(HivW~X?W5`DHtmU}(
z<V9%^?<XkIXTlZKW)!zV49l3JW>^j-ol=)Z!{s%zdm)THY?94KRl<MW)R8@F_S}QR
zQ?ROiavPaxmnIXo7O2-SnDoq!pF2u-2a9^e<B<1lcp!3DC2c8fug`$|G0@J5ux>4Q
zx9xlHl>O_s(f)iXosTkjE7i@y`&@?lq)e-M$P9LZssbFa5hjiaIm*;mXE+E_$8clQ
zg2m^iLtAx@Eo2$(HGbV|ntaZ0J%Il~3_p0uF(YOVIF!+0A<Y}qzd$kjipo1X7R-4a
z>@itqQc`k}kJdns9&m9?GuipxYoXHdn73DjX37Yo^wN_b*4I>?WDg1o>fg#)yhW@&
zS^t^%tsRrg{xUovcq_;L?-;WRA_msx&4$u6G5zOKeqAWOA8b2c-o;XuZSTRkz5TZE
z2hjo`EY7@{hiTygR_Dd+)y)aPETc(h9TxfYcj)Q4y2aPlzBvYmaMXH;mQ$LbeNwdB
zf8US#f-zt!$fKWmG--eFhp$k}dI1-nhTtM`8q~0Bq4Z=1_iP<iE!&^xh*>vQK>%Y3
zjhH+r;#BB7H9yr>^YI4*XJE`_whAaH-$S#l+FShE7Iyi+vwjHsw2$r$Q&`A{{uaFd
z_0z~sK}bKsAQI<^?%xVJpAJAS#EFjmO5Qb`m+}7eec?o-GplHc4A<^dxT~LS6`z>6
z;$yQVWXvu$8{~4Kt!4vvHf|sC5_>7wQ!GULCW0&~LYSYwHVMz-!Tx{(={U6XS^&<w
zZ6FX`r{+1mYawI*_q{X0z0dRZeE)(V4#9}9`up^SO{k^wAvu!TN8{`J7DQ?Zp%Hlr
zVR#clE0#N?>DhU^FhDZ+a2VzWg2#qCI$%oVZtKJF$2%al277Ivk^=>sCLb1FRGTNG
zi5Eq&Z0kQ763z+u9!ERMM(Ua)o#?Pq;r$VtV0Ov1FMA#J0dM@kuC-<dSD$J~)b7rm
zsf$-HvxI9p^7o4~uJL{8nElxRi7rzM4BaI`B)n~F-i6f@Fl3s|X_{zXb#QqT%&VP6
z$q^(V^)O7J`kbwlQl@hTo+Iw?;aJVLe77;nXK=eZ$)+XKRcsRG`G%lcmkQ>x9Zj4#
z+tQ1`Rl#lG`E^hCzJ5zPA)1x_FWW_MSo@`r_}sHV@3TY$&Gj`wmO(ih;IXjvnDsDm
z%-?$JFKV$fwMpoKI~K&E-fQr*``07W0|_ap<~i;OcqF%Zo|G9tx3Jaw((O|Gi}l|j
z3;qOsw=@{QEAy~~zHEJtquFK35ZpI%7LU6H=0a!Ub6cAn)LB)UylmD$0R<+!s%&BO
z`;8ueJXr370aQony)$`Yt|P`50R?3!F7~1P1!=D+mMY_a@k%uFat$n_h`Xvk%`nEG
z(A#O4U-LTkFHBHXX@#BJEd>qkZ!kthhN0|ex^y%~1_xmZ*C9?=TolJ`SxWDKM%F>X
zf;T(Yo^lyVD`|$Smv_HlnEUczXl{Fp(@^6(bf4(fo+;$QSa>zE{gVdXOoFyIK||FN
zTG$S=v#=v!xgXH=aMI`G&<M<<fp(A=krtRjRyvrd=<UB}`2zzZfN1+%DK!hlyzRXW
zo5s+fMHBeOHaVy_TPGxCrtb*YU;Swoh7YwWA0DWAD1YRL*Vw0)27S5weQQVuv|YF_
z5cCR2Xy);Wpl9;3W(X3`cNoEV(Z_tv7~$~_Pfre^vxjkE>5E8s@S&I-h7Hk@^x|?f
zqw8~&lMU6!6I_;WTQU2=+;<Cx+nXw3ggYo19LbXCr<aBiErAf?XXV}H(CaA|hX$w9
zd6Q`js{{;#LGE$<_Qv>cMlheZuHri|o@SsyzjVOyvNkd*@mF#S!k&&llyF7Ev9}^)
zxL~$j`sa6}h8(dLdl(y+a~|<^-ajLv7FFr`ttTe{l|UT}z)UqgYzG^<55}r`6Hn*4
zxj+}X83v02zY4*CxF*N`3#t7DE9llSsx?^27kHjpQp<s|XEf(A8WuCG^y>ObGW0$L
z`_snQQMu3q?hV-rz);^)2y1q>1+4s|UM;1oW_xqw1?P-*>T;U5Ro;Zj`QCIBxTab!
zn$mQQ3yB_`ohAEyCm2U>0<f&x#arHmeNKI~Y8-Zh>r-OLSH?!66wJVejVsRL)Ec2H
zcI}(Qr>8YTF!<$fO@`IVd5Puic`_Yc7%)&P1szgl*^ryN#GMD!S|Ehm9`>Y$Bs~FB
z&dsqAmn<VZ#)&gvpe02vf%Gcsn~DKk70)xcKbtP42_>RWFnl4J_jv=uvB+El)pq?x
zm@2b@d7RGyao5Q;Iadep2?Yu5Fv1l5Y;3Tha`ZqPI0su@`V<avYjfv;+T*!<IQ~^7
zy>>?GkOp=D5cyvIV8r&zRy`WR1beiGE714y($_TifRDo>KnZcDKIQYS5L`s*?dqf`
zZ;)i5Z6~z?BX6>rz6Le_L+(G0EJv4~!8AHQC{g>e5rkXKOw_IfW=5K%U^{SpCLWsy
za$`T=!n(U2B5*s`D2iSI;@g?&7IjU1lLWW{#khV~quf@H4^nNeok{N723vE3VOp`J
zV0LEsiGSo|$km^n?r=puSC!{EZucz0JW$e?Lv>7?3hL`7JDR5hZpM;lAMPk5f}*_@
z|2W9COPL`h?#w%blr#i|w%w!a=I&-t{fLa`xdZtyivi<v!!e_|Xq;mx`tFHGVUG19
zn`lb*za$NN5dV?_1Kllfw|aYxBn<5+W;DV)Wb_)+n@#Wm0uIwYU4`^q_T&F@m2=*J
zunxr#vU^3!6~4}%8SW4}z2Rh0#LKJ8Ti{B>7H878N|_FU?DtnhD=T`uaFL(=VIac~
z@`ECOQ0QwlbqzC7vIkb{<c+~FCPR`)491YdI+Y-1S^EaMAJ!|`MN=Ua$i4iCO-1jS
zOHx>@l(8jO)K<?Q?+|JOHUk?D>0ufaUUFs!D&ZURlb(If{rvr>B<O3iC>zUBz()F<
zFYPj<rFwxP1HR1|>fwG<;koy5$8aaTsxN^`hJ2HOaR_Uej;y$RY6=6HW*UHLBsZT{
zbt8cXw1VqVr-RH+yqp1Cux$?OM|+_XE|U=UsNrb3a`uVHVJ7T>39y%W;u~o~NAnm9
z6701j^2kBWWW9dYD`NvZFyCmZatx!x-~dBE_4ytbEe-NHV8UTI+s$afe|NE-YKInj
z(uoIBUQP-`5bb+uONI~ec868Q&}uO{5KYu{oi(Dx9g(T@-($24J0kQdK0_k%6hR#g
zFk@eFhi|lda-$hQDxSR1Pxo+eUAbwW`%?O!TOeb3L$J%AG*w+A_zvB<`ve}w&swG6
zk_Q@$D!r@Pr(!5azjB7RU|`ArVeHKVq3pZ=@lsMqDua?JC5<eRY+2$)3&I%t64^@>
zV=E>KMM#vaQMQ?}ui3XmvV|eLvX8Zpo!_~-)ARj2&*y$VzyI1BuJ?7`=e*8qL5mr|
z&|{4<rP+Jf4B_q7jdu9Zsv}wgY~j7zFlSEd<l2z0Ot@48fNt_Oq7NHt1+`3e383<q
zg9vgt5;iMUc73XPr?od_jbZ=){HX6<KW$DerEW9rgFkPgKlkrJ0(3PW>-5tx4b@xh
zEc(7HD51=mskZG3sW|QwoAtk-`+qyqmHU5n2=Hv2MP5ME+ZTbdwFB5|Jz!<@t49Nq
zur|G18&u<E@hg{i*T0tO2a3|A{4pX02bXb#e##4zpU{7Ffxa~4fC7}T)O(B5({G_H
zot~;vgeNP@zte?7k6%-q`*-OGMfNZn#Uz7+TfdO{fR-JkgHQGz5o>0$G7SwXhw^_N
zF&k{72L1D=+qj0m<fB`2qD4W9W{GGOm&;!)z1US1PH=40ltml)*60|ZQ;6Ap;B{ld
zF6op5{k6jR*19xG3uP}gE6PmSa`N3^U?R$Ca4&Vo&t7L^Ot3~bMP(bjyn)>Y{d9<i
zw{rpXU3rMEHoCQ@=O<L+9FScd`;iO$rB8^5RA|sD@Rd427j@IveF57hO`AzA-+r1S
zC*r*3VlS|MzW_aDOfIRAWjqjCk5`44iF3(?$uEC2NA90b;XYj8p;9fm2pfqh#INMO
zF6o>Mu*7xy1M#4qIuB-9=$g-q{y-TmoG$oR;rO@a(X)~f(b1~-yK@s8mMkTp++lhj
zRiC08-0&9nhco#B6!dQT*%kr!W-36e7c)N#Jf-0ALq8M?Mb2&Rf%$NPqC{LBU)GSa
z2COR2<-6%B)WhD*o1UG(sQm;kywgswqxV_GuR8<f%t1t%%q7H545t+9En(^GH-N-8
z-SelD>V~57b%gU&1NQ3(fXW3C1j-v?zEv%dKx3@0B>-N`cb71jW7~axYP}PIdukOQ
zEXJ9?tttKe)~l&f^);!uZBBuFMy_D~@XZB*K}H`h>WJ7~+aEH@itpSyCB@syn0S}<
zqh_gI-<uW(VMDh;rY3JY`rL~YI@p1gAp4TwLCT?)vwnB1PHIuBV7GnBYu0+&!Ev(@
zM0vSV;Pe<Q&<oOIr`ZacQ^gnThUM+JygAmlUv)R~E(5X_xzKUk6ybjN44zI-LcJ(C
zd%H&rv;Ayz+*~nS^y)=cs<fiSPp_$BzsESBo}xB>_{7-G^uHRfKlaWxqi76H$JEI4
zMzxB(l02HHTU-Eep13`HeN)Xu%TUJO1l%P)wk<Sora(?@1x{53cLvt%63){{Tt5K0
zXQC88?3VmM8aizZr+UBSyn8k@P<fy&EewK*<>dW5;po?X-`x(%;z|?0HLN3MWI%=D
z{4osge+`59&@*KLku2jk)A_W|co~VJmj(arb^q5-iPvO3g{UXi{0kE$*h;>u<vxcS
zBe9UK8};r1B^7qYK@r1~o!MM;@gE{R?Du~GOT;R~jUZmT=<e{9e3wapwUqs%Hh>BD
z%NpehJKwmc=`BI%7&?YUKCAU!q6;QkoO7NwScPeH3TCCWtY#bTQA9JKLN{i!^XA#{
zqjm`X54T?A#xGz8`0xJDE=rFyh;MyP;C&8#8|4PSty2G}Kg-Rf*RT~o>J5IIMK8or
z(^r_C)Wy!c)3DmySf3)2((1(H+Z{d|RH0kY+mc87^{Yiw0_~n~YQ|%dWKp|NBj8RM
za-8=ych@!EWSe7$sjJ$KUE_^LGrjajjK8||?MhJMIa)*&%@oXMi~`2)7SKJNz%%WY
zgsRP06Ucj0qQR#~EB|(HJVwj@+IDHXu}w1j+2~_QHv+{!cy}_@X>Okj#i(Y&UipO7
z(@Jxs?KP96ZeqIBXpt<|12b2$JTUuu8~8e#uawftPi)A5#}AgutqTuhXCCkyPfBX?
z7<b%MtDXXR;5)1b?i#r|!~E0B>2THaLxkg5czO=$9>jFitVpr+Xt7cayK_`8to-jR
zc1%nsgc)UN8@X1uoz>wzK2e|<i%CD}ZC27q_|EX=hE;;a=1s2lJiYCD>EB^cO}Z~d
zxRv}OlQ<`WvJ0$e&MY)U#2y3#jY?a`Be<rgqVtQ-n1?7JgKsIz&x)a^`HwMnt3)Lq
zkM*X;a;*(K+$YqoE_FHXtfKX9#6i^wNUlnT%4l5a!0`;)HJb|ZfSOW$dg)3XGLNr<
zZ_F(i)5RZlgC?%$&4-P+h%D!gCkIdY9H>-w+`h5W4=<;=w!s|*t&Z;8o7x?jPT<g3
zOA(uV3N6ElgNTGm<(M-<8ZnEU!~MC|Z&4TH_xX0ddTwvgDXnTC_Pdg3=EDU<Dcw<x
z^Pmo4>YEEf%u$I4jlO8dU;hRY5GxS;BeUZx3CW`{XX-{PRu=(@PLaB|5ol<amOe_p
zt4!AWjOC3%mxFze`_1N9&s8;6q~)+~sN%@@;iTEj_xTP|NDJLoicS)(egb=vH`O7j
zFtf0akTJFwC5lV^?&CLoD#pch=#!p;R+*Kytj5Jsq(e=e)tp@mck*sS7r;moP1lzS
zRheK^I__Eu>a*kBB>yoW-@o{=k$JvNWXyGLpEnb(A4NpgNT<sQm5*pYuBbg$Tcs{K
zxhn`i5^mXL9%lHGyr$8q+lvMfGrka;f~pM=Vfuz;)Vlb|r2^Ag_eCbHVB|1MjEZ^k
zY^r6QjH=|+xgvz7Je|gwQ~CS}?L1l$TKuXzqbZ|0c01L|g~@T{g=wdC$Arm))<qN#
z73xtm#+$3;m{N&2XG)xG7X87JU2VbIyjHxmy3p8Xs5ac$dZV`v%b!#9d^bJY`Fg~h
z_LY7#=&RDC-+CWFeFJxR7F)y)G@oor9B;ex?yNU&?7af`9w@4Sf=eccFTY3VYy88n
z%2K?<0HR`wL{OnRdTE^RUF1GbXvg16ug_y51x>u@yeJZm?#o9c@{QyVgC;kRaCC&j
z?R5>jB{q6vSdkZ^{r6iTH402xG7y1r>WXdFjUUJ<Di;{oXGxI~+NdrKmisdjEa9nE
zoTD}jllG4^DFggfx%HKK+8{l>%B+H$UaAxETNoZ*BR1$$SECGr3(3^l+}KNwFbX%0
zMWLy9w<X_xwDBFxun-C8s5G+eWoh@*=4n4q`&tT0r1ko7-DBsdd)Byg#W1Dl=hRAR
zTC8mXAJ)GX!JN%KsYM)^gzvzC@IJV_IZ*A&i`=INhWEYUmc$p<T+1tw^FT<XX2RZH
zlFrjnxAGquYbV=*g_kZnS9>GvMfA`iEzwS$Q5|R$N}$C$52mX*etjVQDW(h9B_BaC
zI%F^<rv6Sy>{Q8TdAp@cKcz0kSx{?Z3^VmTEvf0q7sbSwrj_SQIQs&o`bvrjvuz-2
zYo2kJps6R{M6>2#mD+ASoU5475ZnMPARCO1P86G!T$ZDw;W-kO&Yv~jvm@`H;L|HA
z12BMRgNt!-op}JeWIIrNBhjz54X?&ETrXGgmqXWn<k{<aT}AF|9c+c(m%Kyd@~{S)
zNKWquX8liK!b_$q2#1U#1T0|i^m-8hMaqMDrxWm{2`aypX5ba3{@RZ70sjYKm&W@i
zb4#W#;=Ipbg^^{2WEnG+mb-w9hi$royhsPk83GzR+9s~}V^@??(&A}z>Qs-Zbk^wG
zFMz4io!l~mc2-QTi6pFBq_*RmIqUh=5>8d4exv`g;&e<{G2!}oEAf8Ew5@&A6@5Uy
zt^4~0(^VB(;d)nK&jKJN?On(fXE9ufCe1l&%a+sgx1iO*(i(4YniqDsz);nN7<S}F
z8qv^hvrg9kx?kx?utsJopf&tC<Q(hP(8M@~kd2I2a$$O(&wW-ap8}J_CtZJSzp{Ss
z)Z~8Bwum!3iL#-US$%4Zcaox=>RfCpR-<R^6D5*MLG2&BECZ6G#K32rPnE0Ozc&)7
zvSQe!l8h?EBA2VXwWIgv-c9o>3a2kwmNOYbx@;%yiv`;0Mn3@#QIt+12VwTe5Mz6g
zk%=&-Lz}$fTlkDppe*uge2O%)z0XFoZ`2egwNRP|-_N3f1gaFolXzK5zS^n8Llhhk
zly}Q_p3+Vy46vO^R1P-<YX<O(WH|a)(>JiTn*#Sv6}S5(;uqOP*P9GmqQCrkDgRWH
z-!CI4pQnyL39XsbY*8H7RgT0CEDW2i#*3UjpXRh3*EmmO57iYRgxdDFRuk9b@9ozs
zS6{H?>p4WvWfR<qsN9F$B5V?fbcwAAn7FGA7Z>cv!fS8Art|jMR!5t`%rs+>=kWQ?
z{y0faZVNu&`AX6`Z6cYVXKp_~-P_G4R0xRSNlAKR1hH#jo-I6nuu(ZOkp1@uj8)!w
zmu!0>r!l;6U*A3)EUSkILqfkXUrt_FL+O5hLH^UYs(0LnuD_d_#o$@<#pv_7KN8DW
z6OO--yNb3a2uH|8qV>k-fIdy2vqM^w>4^%m1};nI7*X@KkCvDe)b6+E5sN^B??hOb
zju;1UzZi7wPJTE7CqKk7Oj*kx%c=q@I&f_$kTd;q1Bj`KxAA?=>#x9&pv^kRbQ0)n
zy-`4Rx{f4wwsqvXXXu+s%*}5|jZTHY>Cv*)iu=N5;@EfrjQ*mq-109e%0*-?{epd|
zM|*+$r_2Ce+j`hV&^4>P3o2AWKVF5EXc1?8*&reRtx*T%FUm}sq{o^I#<JnBCf$^S
z{owVKC~CdrD;K;H^K~!o1DQ>(4@xE4cMOCiLn_Chdmv7Pj&ndipAV){H`HGv!Yk$N
zy#r1w!;j14-^wM0oVw=3?!0bdK9%H3(zn9}7!)UhYcVPLrUr|4$yv^h8?fBupCyT6
zPOud!!5&s6@6fNuwN=so$6Zw`E4vT^y{ghw_!X5??_vi)Pca4Gu!ifqCN&;YRoGi(
zHHL%#H%4=`4K%3DFm41r3QO!tqhv)(I_JR)(nsk?pUKnaD+HR4wM@tcyXJ(3l<4Q?
zZ`FD(j-byJ<QtkWJ|nbrpR_BL(>!l*YXrT^O0LW)w;{?mA^;1abdUpH+z7;Dif}Zs
zD<2~@4IQ>~t|X2F%Xi7YD^aqI9S8PWx9^YvcZ)BQ?B;qPOG~wJ7?(v|fe}0MFH*zF
zQv)T=#w^SuO;<s{IIaHGYwL9C>?|gW>ZGRVOzSMvW2!Z&!@T58Y5)j&AKeD<$TwQ4
zaC+(?COLmpqvj<?Kmx8zWB?!6k@S5<TLL?)auJO(Vj9udjuvw~>aBp{#%8K;pjXCn
z2luj%0=AV8wfaMJNZ|yvJno}k8*K~%=&RRga^9|gb@p`nYy?9KSd^(4j;_gfY<v<Z
z`vSv;!ES-iS2Ah8xr5`vcvMzhUcv6?3Bt#`y^z+Vmfz&e%0bfVO?y>}5P>r-X8)lv
z*H(w|ecKWp*gJ3E19#?vSd-$o+b`VC7soYEBVa5=nT^z%7{h1yRy1b@D(7+h26Un+
z&}H9gVj;z*UC)q+Ua0|vg<e8PqS0$wHPT=T9tq%Z0>csochyl{=<9n&H3zWj{TzYq
z!f7)qlvjWlMP^X7t;EE-lTn%qE0n_pE-HY>)wZ4NV57A_$A+iJy~tTu^xxp0O)qD^
zuz9xT$e`B4pVQW*BQ>u7>%jv^QG-RTcLJ<b0?tels|9kKZ@$@2x@vk>AV<`^jtR4*
zCh|N)RpKMxU;5MXUoUNXl~gF4e<<C5e=cBQvQzknHQBrr<aX$%L<|QQSMWbO)TAp?
zk2ITEb}0&0A-x=YRK#*~`>zJL%{Jk_gsUvw;At>;l$%wR9UQ(Dzg7(F(Hzto)wR2@
zKHsVy*KXF4kiH2xKs(s^qy1AUM|qg^>2H9!oD(E#C?ygHNOB~=A}_hF7{h+*1Y=rZ
z8Kn}zxLh}tMb`jtRQ4Yv1`-$fkl|PAlink(rcfhE+9)AL9+ann_uebjz7u~cdhzS9
z`546#C6SbiV!~%G2X0YdcE_KF#ga;fP>;d(1jt~>yfRv*sWns#nwd#(b^3IvfzE-t
zNQH789dQnDQFiC$AH)2N$#So0O~Lq^a90{PZ~+=E(xVS;pVNUgIPFq_b;V|2Sfo(P
zUR+-c)s4#lm!AZ)xuAPU4^BF*GrpIa>=^LGr_!<l??Ncg0dbL;S%lRol;`|DX?(@G
z-jL*NiKy$@hblNb5eN&qJ)`r!$~XHVEuyn+ip<vOBm8jDu!dZsP16B|SQji|3@cKb
zwal?580y9WwO}=BV|=sFyMVQ!F^&r3<2*eC&IC~}lWUu$D@Wtg!e}Mk<iBFQPpntB
z=#UPPl2<^!E_QQMZM&Xb=xjP;iY-~HgN;HV&79tdo3Tc3BuQw#ZyKFryJ=)nmN;Kh
zxhZw2pLan@r`MNsW9%pew=$XC^x;AYRRn;JZ&Ly2BA=CN+**$OJ1iTT^MLuMCOiLU
zs>GuYyq+dS-Mtd3RLU%-nR;=1T84-A8Ys>pZ4&yxIOehS_GSZybq^y$h9uQ!3iDc<
zoZl0QNS{H@HWKs4C{QGI8_`*f*r-=IvOJ~dpXZe)dyo&QBaWB3@cbG<&y7E^cVJvs
z^KlCs@g$O`JEi|7;-O8>VTlhQ(wdmIMK`^(xwN66ys!z-w8}k(4R)<G1Kos15%(2G
zj5~LyPO(d-{u%6o0Qr+w9A+wg6fDxJDSbB66ukn+aSenYZ<wmtD}V`q7~?%4g$+PQ
zUw526I$lEWR{CwPJHFK`!A%RB-(I|6FqYevZ)eQ%T;->`LV9l%gJjAT!SgPv<Q&AQ
zDD=$p-g~8ivN$@I8HLshR?KR>&JX9dpyp$=E}I^Zuk_g2SNsnX<Pfsq-Ilu3S>5ul
zR5>E*@Iu@RHWZquogTycZ08Oyw7nJTvb)shB`E8*Fc<k3J<&c#>y(J;5Jz>N^J4!A
z4tAU!FI448SBZ1c9S!O=Y#>xV@oqd?Op8SpB|tunQQ*YoVlqC-FbVpTb1@FsQ|||w
z3$WMy^Rto*i>z}s?Z#G$D^1VD!Z?+7C0`1ci195nphrE!A_&E+gjv1wTsk=oi#Dkh
z1Ge0Tdg~n=^cxg$^<Xe3i0Bj?zHf{R-Rl#uP^g`M88@$d-jq6KL8?k$MaTO(epJOf
z$qu&1uY9qYOMu4stwgY-{KRV*o-+ouIJ!pdj%IoZpm&X^##7f~CQE&H(lw)tSE`06
z^eK#~_!AROk@X1@rAL3>yrQ_#Q9%2ZRz_>FIr8d!{fcCkn?s$mWfLWD02mv82r2*X
zk7SS08sOI#U|(OGOjy22Q}8OA`6O1#U|}ycaefnVf742GgDPbh@L9%`9Fn6JPZg|3
zuaVmU&~j0u%Ze3{mAdGh(LF*S53IGu=$;eNDpAiR(+Ly{@;=m&B#jh;(V|i*lL3=3
zbTqXXIu|#2e_xvlRccpkl1f{GkjsTbt5rnG1A?p}w|wpiYB%x|;pnudh-E=rWvoe?
z_`_ZWoRm;&WjgISM6SX#0OVdr|5=LsF}W!g-lyY>Vj%sSg2<Rpk9bnu!6IeQXjN}W
zv@c3C36tuINaFRC7M#D$amTLY**qXT1<%lOzAIB45n*LMGn)}HRmj5S>$eYjRx1z(
z6Ug?GyttjrwqWF`=|jm}kxrmaJhYoB8!!;l(tCfzH+T7BsU7EM*a9+GvSJ-9(q@j<
z{8=@BLwL_KO7dSXqnI?8lr57paA0XtIBoq=OAA_?G&&dJZ1RhfSk5l6XGYW#!Pqm{
zN9yV$u!MK&J-JTOM_iA7jR=WJ$9vV4*oQZc(BGywSVrCPF$8DJ;HlTJ2JIlX$gCZc
zOLZi?Fkc@GRyz8G4UPSb+2r&SfmIllBn&1uJX9)F@HHi7)R@%r!^Hw<){lHF@}8|`
z)P-iFDvs+Pe=d|Bjj93OTJPNR^!@Y%ZhbzH&SI~oPk@=2qnlY)9+TIFdLKm6u2SYH
z0Fjq;FhG#dVvWen_IGlG&2WEgEQ60&t{otWq(>rTDRt_ZTRt7B9g;p9DKn=w;wqgo
z0|bpRg?1}_!_?o*zk`nec3e=;P?1+F#r~o?wcGkz=b1hy@N3oX$PwGpPyD|J6j^eq
z{iLFuKFu_qPG@!TDtY^JT=XZVYq-m}SM)I$+$ZH4pe+qa3{(4-$-gP2LZ>98#eVlm
zTL<Gz5nSyh9B??e&?jErI;O+E2&<PgjW7*HKGx?dIEE*A7`}H`!}x<$G{!gfr}&os
z1|Xg$W?!$MngAy}z0szzzxFt3s5O;w+Ozt5d?1?pp0(qnO?hU?&k~Bgu0@xKL<pR|
zraN;`twf8Cvg=_cahddUhT{okr6L5qO#=25wMh#SngN+W!c>o>tiJFf5gU?(<~MdV
z@V<MTT}s0aZrSRi%EK;QilZFh7OpyTjpzWAvC#fm8U~H!Rn8EHjD5ecI8L<`s*Tq#
z+Qd#p_wPMXG!g}Bp6@ClA7hs!w*CZT9vsyS1^-c(*B&bbeb;l5>gwtyVMcBQf=dW#
zKfNV!Tf#Tn6s(*G%_cfok6N2lw&GhV4Tgn?_HT7wfyI!CT%n;52;%coBg4rgE8x4l
z^}1ZKcVXYD)SYZcDwgYRgF5GI(_54@*6~M>j%SWw!#>GL!Bq&4ICxZpS^=k`sgnhi
z&BjI<#I>u|PddDjkM#uIt`Q-r+ptS<{p>Ip0RFG9Xsf~*P)A@3Gg3RP7l7rJhXaRd
zTmy^Mkal!q1^MQJ;?9zolDLitBmX`%-)=<m|HHDx^<uyN+C^FFDjeQRp=H44^Y{v7
z^~;0pJKi|8_MB6)OO}mnU_0LujnV1$U5;p3-0hw|yANmBZqskF7k769uytj28DV#M
z*;!mv9i_*l;q~CZAGtrpQWNzUB{(OL7*VfWCaTqZxhzOkq@GZym~uF=@Hp|Fd7*qX
zQ|^NluU8v!Zuh|1p*Kl$UmGqVi<4;clGYv};f`xM-X=4zBes0mfJI1tEv?9iJ+I|H
z122P$Tce}s5_A;?zOr^F=sZ8rHW3F0!O$sen$Y`GFVqFO&L&9=PeFBbOR=WTG3mMr
z_fz{sW<6D=c@^h0w?NH<tqu{Y+Rctl!Y~dN!3wnZTYWga_u*VC#7d2$Q;M~m%z^-x
zlEa~x=P}>ltIvZ75eb_j9o%)?F)3(KF$@-NG*7XoI!xba8{)7p3J4>~X(<#BBIg*m
zv6wa*`)}BM@40SxZoE1ROo)!hx}}S{$lyJDm=d?-V${b5@W$p}WKJRaNd5W~TZ7RN
zM5!}qDB6*L*chBf?ZWKWxbs)^Ingewx0>g#-DE>e!^N?`6EO$9^Hr&#zwAfyW-Qu~
zFkzO#_;wxGNvMvJR<?>kAPq@csB2Tp;i~ULH9gR1%nS}0saXM37U--cUzT$VcvWvA
zd~v098{y1;m}(e)^MQDx>fdExB-B<{M7hgKe}#H#EqXsj%FbT$&~lXvf|yC-OBDrE
zB5ghO(&<n&CF&_(>m46H$&}EAp17zz&$j!qg5aYRhvcPX)E$84?X)@f?(%t9(_E25
zNt27*hzm>t4b0t(I{49Eou*);bhqAJzFGl4X{=jCYCD7@Coh<kCVD9hWvDpfa}Q+s
zly24n9cA&F(-UmzQTh>IsivG$?-~B-ay~?t{2{TLZGA!d4l+udEmCvS?3w|?tR%z{
zLtR9LynkNOj7$Sv#_;)$QO%?t$a6BBRW>}e7R|G^rguSv)lqr)XY!}mO4E%vYH8GL
z%VXzKvl=a$25`eZ_0^&xEtIg<r@yd&^G$f)9&XjBF=o@f_mUGwjlbjqOqC}57SCh0
z0^9lmg~M21SBUrGGX5!09{I5+=am^Gh;bEZDJ7l9GhRNphbzhzxLehGXHGh_IJ{Af
z*SF1mv8vY50cG!GH{V1$$>KgdWbO-rUeysH%u|TVi)pFdMG;f)gX<;~*eO(L(#-pK
zeRgZQnzi3RQ!7`2yuQ9LgDgp@L$RX!82H?#_^tySk*+m9K$!U6@d&o(6U<RRJ4$f%
zbo}qiqpLXNeo{rO7_p?>L~C|I9*|jBO~-yvLv2o|`t$8Od@h-D^ke+i%m}M8mrbYo
z>N5R3mLsdT?@Dj&K?d-^clb1?K0AGHmXhmb1+p)LU|IIfmP2Sa;y`Sr?klb@;&VV`
z6hs-ebqe&&(xz3UlQOcAKF3|JV*+)1!CNQ#aBg9$hkDBTx;%BN4sZVl+S9~sZvo`K
zH<eBn$`vBe%AkkdQ@UKi@~sn|B@6e>7dHrEtOkany6OfOs}N)JyD8T#-z#&c+#5B%
zh**&$<0Ak=pQRynFI)<mo?v%WDA_M3JP_H!qnk-okF-?z=J)fSh@wQI=9QB(#stoT
zr>kHh-n;`@(3FlY<+ny2(|o3Rwr%s)#|emMBV@fvmF75;H*xPXAXQ(rR>>2p7j3-@
zbECBk+S!Cbm@(RzD!QwUq%ANq^>~5XU(j!CxpWZ@wdN#ZXrm^o?k+%g!|LR>fkj>S
zYlvZ-;g|EB&FfmhdKVow7xjAQTu2P3B)R_!P^5YtuITgN?U($}N?naibpSVwP`rpc
zV>QB`uo$#eCIQ3J{)Hi;uFgNtIJ1;lI8ESQ0l4Q~qemw5MRI1_vTE+`^%y-*4fh^+
zz0^&F8npefu&ooF9;Rlg)>NuTvU-lyfECD~S1P=;;Tzk`(J_SE2Msbb7b2kcbdEGc
zvJlp(AKGl(AWc|g$r`^Y*cov5J9mc}bHQ%QT}5|3L_GBJVV7{UuK;kfsT&9%FGIXv
zgd7^1s8}h*bCm3wkD=PEB+)9^cn%|U=_^SpWCrYwc_WSr>R{Xj>bD020M&oxWwL=7
z;}(v#$}p8O?DAV!(R`rS6oTK$LQC$Lk9i1Zp~IG$<d9y<G1fJR+r)Aj_G2_jF+%2k
zl8wL(8?PLt-|44bzFB&rGQ8S_CS3UU#XlrhUY5}ctN`MgK3BKH$cd<M|0fpr;wHCv
z(z}@=pfivw;#v+5l4v139^*i(Qe44f_W8t1R(f_y*aj`8nwD!N=q;IdAFN87`A@KJ
zYrAj&HT^Am3E}ww<c?kb0TBa1m+r_LYaSZ|{+gpVZ>k(gHo`A{qdYbb6Q>j{0B(?M
z6X3!2VvtySgkF#Gj`kI`FRdAEDz!HK&pdzZ5!$^=cp8mYd|#vlwZh~!U2y^E<a_d@
zZent1gWB1P`ew0PT!7C0{UY6sFUA{(>v+@8N%8j8=Gl`_At;7<MQBP?dTHp~t-Q5T
zM=1Cb(h{Nkb}=~=(gg11SKdhx-NAE&AZunn)<1<nuo{6b?AEz&smRbnD-N*|ijN%|
z-_y{uSaqGH2VuR#GXG`WG<CMht8{{n-B9zQ9IAC*F#?WUAyuZfrk2iKAh_m%>wIz$
zxMY*vIqX38PG@}2Fbq|X^^|IFzNyp{UusMV;CHKPM0l^lL~I^59zn=VH`uFZd}&AS
zm>vJ$>%5u;)rw(;$2Im8fkX|A#LzQ&WzQl<-%3r|>qIVNLA8YH6WGlkJ|jtoJHgOz
zD)u3RAEkNJ_U+*~3H_Dyi)C~jGuaE0KXgRSH(WfH(iknN9lima<HI5}wy~T<X2GYT
zUSF^AX(UHz6~{dbV@_V^=s9-^*D&vK>UG-9H&ZD7g+f{jHv_&<Hu~lShm`BA+J-FT
z2I1FStc`7N;x-tbj5jJQgt9w*Ic6hD&O(`Cds9K0l?T~6dcgi}k#bbc-`Cz>5>ich
zH2(T=jDAT6=a;x&gdk)Klx3X}ncUYOdl;Jn4!v^PWk1V2ZcuwJ=zU&9Z#GZp<9e?L
zU~s4T(k3@InCPFNZxID^@bQI=X+PBiRH7}`qoo|&TE)bu#2I(Dck}Y{I@mKa{DEAU
z!XA_rx$yV3DvD*li=naD64swQF|Zz6gEl|uh{3!IRo05YGOAawqJ*HG($6=&kx>=y
zOcAVlRH5o~+Q8_A3T*HdF~QvJYK#Kv--X(x(eG@$Rnp6UBKt<L+#%i~GNwq+pn6~O
z>5uqje56X-*fDMZ<Wya=7Y)j3GB4bjV(5I7Lr{;~)bGL$Hn{54L{50!1+R-)u+CIW
zJsMSaHmj3+scTkCyK(+ire6^4*%ir47H*RUGtL0Dh8M=I_+DTNZM%|H=z~}^pn?_>
zx8Z5@Hl?3P5Q(*g{T{2;z1lVEJenlSnu$hM(mR5w6~g;H-a@ITcujDizme<>l)36V
zLgCY(a<LBp3Ms?TwoH^7!Muo2zY9e#@6^85)UJ1IIU^{1D(VZz|3K^iz=r@SZl`|C
zB-;wR%{3E%2Eta;r9mg^eh-qcdn+?G5cW#ZfN9o#Qg<|-BmMS3deQ0H#71X5D-C}d
zWG$_pq~5Dache^MLxNtIsOD<(3}M}HYQAV15)`p}p19#Kd`^hvrjj=&t{Ao&{d!<E
zGJHTp8z)E4VCWxpzQ?}m)fwU^q6H-Yxz`(E#rEz|#Z+$GW>-jO(j4y4>79`uzZGuG
zLBGN71kS?o4wPhDfE;g5fdAQ$1LYR+u!gjfU=%^YW3abXa|DHeG2vkEUqSP8K84^h
z&EclF0lWP~rW1Qh&tnC&X)fC(hYTav@NzaY3-*;{`!7rZ$m&n;U-ki8e@_wXmJ>E}
zaL;y=xgN@!d;zj=2cHIUI+}Jn!b-zZ)`@$NV2a>g-@R-j5}s~cDb?l}*V|uqdCDD_
z#TyT~TYEcN{-O>eqlISJgT<KjTaiBRBk@*WmGS=9Jf4x#YP{#R1hHrLxX6qRn^Fgw
z-sQ<J_<*iGDfC!71;bJRXmDSu^aRI~!k&bismCE*)8L?UJ}lzj<DxY8pKHIAcQ?f^
z7VQ(SC#bpI0%B#_p%F@MC2%E5+}P#oWgb!1p{_C4R+ml)G@HA&AoelOA7zi>Ij8gL
z2Zs_hH|k1BoT)R=!=6W@zjiDHsp7*lP=()cEuScV-Ek@f+bCqK7_dV0iwaLWo`QYy
zFirur28_oS{^P!G%BcrZMVaDPx^~AHRI7NuMp0DHF==6Ch1;7al%mBRri*UoWopH@
zyB~p+FRi1%<&2z&nBe%RmDWgkB;F-n-_Zue*bE_Os#*|N6ZnZh!cUzjKm0*W3CkXW
z^{#3j`Xd|sH~On=PC4Kcqm=>QneCpACTxpgrtgJ8D&#r32NK_u^IcMy12lWDi0mNm
zE4ELhup$K9e*9)Hd97FhvoOlQF7a1%6`cydZq|E*em%TK>rS|u=u_BENL+*vOeNdV
zefvKUS5JpBr%wm-*hlc#A4>Un(#<$tjzHYIBu@h6PyyXji`MG1eGM(^>I3JygQr$e
zIqznXWoo!jnk%FScB=BGuA_<<ibxoOS7mtMz}y=*2OW`6<<ZbOk4(yloAE_J3^h7?
zy^FBM^Bp|vFWu}OP=)k8UQDzgvtqmF_Tfe@3_RHJMmkBsc+guC6Oj>)Ed1xCsqB*b
zhWEvhgwy4s>37ztl=n*sYj1yaS9sX%_mVW$g?i1k#$f%{Ut-xVulHGONnsWE2U0a&
z+Gf73Jydsl1?(U1@QR?7!)_%fyCG@5y~@!uIT{n-Psr7soE@e0a_@~~;n!Nk01+Ps
zpr<c^yvHtWjD<d!;E+&gkp{fzJxM<RdI^_%_EAEQsFNZ{)T*XuKs{lqe2QhHb28S9
z)9RH7iM}=pIV>!<pq1V8Q0VJfG%qixs&5C|nx!!$KT*sWIP$@-2pvImp#<D#QGM7e
zD-v{zHVJf6TAJ^2bhL67)^b-SU>6k9l1(YI1fR+0>>f*BPy6cCK-}%{>Qk+ATAwvY
zU%3zKdFuB&c%`2zVJ=Z~<Q9n4sj$bjT!5H3VR3`pDTEEIbxiW9{~Z3crl3Kz%R=Hq
zWgod-+KxQCe(8|jPMUwHlCqpn9#B0d(wPf0#cSHvaah%jxKy~`pcX`(X!G*8cH#RY
zLmU~4RZS`kWcI=KUNi1E9=Z{yM!=W(^B3|Exg}g?uOrdArbZvYyCMZhz<XG#+t@^a
zNN!|~CtpC~Vrxg?-}y^B`>9BdVTKVw^^x8)VHPeUQMJti%?WkwR*;?4d*9RsZ7&ja
z+vW($y-~UR@WAVr&gr~vn144u$wF_rYsbCuBUii8_0Ev$lH}OmD&@qVzt2Y)Ly%k@
zeH)llF`LJH)3z;H-7I_HTRixL1%l3x{|9a}GN$C(QE*nDF4<8Lm*J2oa+;mD{Y@sV
z(<)0CgHwBbf=rEK?6aL~UzHpD7ZXt}y(av>+nZ;0+tb4}`0@P5qrzv3>X!dZT$_l_
zcSh+V`x=u+3;v<Jw;Jkz#vakrlddq%hF2;dUQv4Fbrvw1c+LGaGF~JIh}TDXlB+S*
zQr_oV_lSU5TDiA!uFWm`WF5jA<*eACBj=icNGwKS1k=bw$vk{AX9_SJujm)tO|Z=+
zYu#2b-lR=iX81uUPbnw)c!hr~l(ac%hVz+Me1mewxHIz?&&sh}TJWJYLx&FE<k3u#
zD-?BGoHk6jXDZ>a$LWMh&htAGH4USA=m$iXCEy1~Xypd5pxe>ew09{DOdqK}XO5)5
zAwWs{j*Ta052U(9Pr5x^Z0I&>%8_x58WVHldQj+sW=tzzgv^C8t&a=7r3ghk-sH2H
zL&IW+!}o|4*n1nklc`4~-9WuxC{b_ffv?Dl(nYxU9cq0<%w;=J*404xfhBNqocia0
zpL7f63#neAx%JpPf2P*|N$uca^F(M`nya)olYJ7K-^zuUFs!TUmQ5`Bu(V@D8-btq
z;lhi`5Zc=xC~HaHrl`B~O_<)*w(2G}U?S%szIb(+xnHJ0dt--)$SSXDy0?<Z%c98G
z{%gl~|B8tc+4k`HTdcTZgiMPVdM7s}us!`WbTnC!)Rl@K0|K-b-K|~nVJn7Zl!A@m
z22+BBs{JuN_eQ!wi@Pe}lW#{GjI}k^uXMZ~-|b|q%v9Gff281xz|zWP(O0bW_!`=-
zUGlXM7E`3Zgh`hnhic}}cbr?GM_}5-!sqxkpmJfUzELzuoXJ$p8w%bxbY1-~)08=Z
zg=%3(vS`i{iP_VfQ!Nk#CM}Lr)k_{v?iO1b{27=O%jqmfh&K~0qC@O0_)kT#*#!D+
zT`EJ`<z;%YeyFEEP-@K}NAkEs3MIbFgiv=q@aJu%`b?XJFe*}YGAr8%e7)-jqm^s4
zYANtx9jFhYVsf%<_<j65(QT)h+Ca_i9OL-Vf|ieXiHNet?(PD_7!zS*|DtbzQgoXA
zL=f9}DNhCkmB-YKt$Baz19*KH&{QMp6K^5%$1IS>bRH2(b;tE%&tS%squIzO1-mVE
z4Q;TKn2UzI{7I`95^&qa`&=L)Bkf)4%po@}&oqU8fqA_>t11V_4g9=5|5yjuggEJh
zh&HQPjE^|v4tvwFL`aOHL)SsiqkytrU6>f{qkq$!Dc7$TuJg6kl&#>t$~wp#&cl9?
z<&`E4#$BMfpX)Fb2PgdNG5KDf1!H$rywX^}o)t-@I2Uh|g%S;g`CWStGqDNG{S#9S
z@}~YU)o>Gw^RQnEA+Zn{q8rtoUGtAXJF>R#c4};!A)sEiT!2WA(RWGevKaqeE56LR
z<Zo|?PnLX{&teUm*)k<gQk+LAZ<4y=@K(~9%<nZHT)oJ@+5GJ}pnk?}qg{En6U<G$
zfEV}7j3DNRtzP*Rant_97ejXuALz8fWIWGKw)r2WX@#ox!CwGqaU7MzZ`=oal&fvG
z^|m4K_4rZr;MBw3Bhb-VfZ^=NB^OZpIcdg<PEtP?j?sC}KJ#vn0aN~&jaCuemMWqC
zCQc%r`7YM|i;U*$IcG+42UA4by#s6V{;D^>8uAHJ@P;;#E{4iTqnaNiIxlsp=?$fo
z=sj`Illc|d31}G)Z2<{SlTYf~(F}M?{sXI&IEj3GFoy3osZe-_=Ut}VPEAAW*27Co
z_6@&l?Et>4)I%v&f%ooNFyE1TapR9s#%0j2|9H%)rbAVMI!DH-Z?BL$ik^2P-6u9D
z9M{Z~kCX8}ftiYUHMMLym7ej6_QNv0&&W54y75=&ETS0O%wCjROq;GcZ!d(`e(^3j
z2o$!atQhOP-s%r|$C*QHj}<5See^H*^Z)((Z2O*BZFdIjnz5zH{YktRlDEB;Fxllx
zrK0yr__GyA%jpEFB|NwnxwN*aRq*01t26^i?rq=i!Z?(gRUkp73RbE=T)o9m&osjX
zy{T(Jl@7B4{)OA4v<0A|3Q@D>s+rl-AHDDenC4N**IomU3oG}wOE&jClCDsah9tg=
zr{5Xd=!Y&ac=-dxk+t~4^{~r)p@#&<Ue>v{cs+w<Tws?YfKOQIu)0j4Ud8PfHXS@Z
zE3hD<mB{h0XIz>}8q*GO2wsy!_arms;FG5l)6z1jB8WGvIozdKC$%!>pawb9dG7M<
ztG@t1cDyzYM7ZHzshK`<k-wmZt0vw&505#y@0<4(2~myM%gA%g^SW5bbofa}hXSVG
znByhg@`(rn``rQ^1(*i3zFb=F%R08T&>8T^oLWC15hgQv5hVT}sl7;x#O8P}+qiwW
zPaqtN<Xy7C_6+#tcuV6)wDqVc1IgG&kQq3bBA{GmJl36W*Ix5=+rK}Zf9*R$pUVn9
zcsbd{)P|vv_a-qJU}z+~m)n;4#d4+)LyNZo=dU<@2`xQ3Y4)l`)iZ#pz6YT78`CR8
zA=kQIXd8vMo1lJb#wu@D4FK2j_u!zdG0Y08#GKVN_{NWxA{pYHuvm?0FJOAcCgEtM
zw`!J^DZ!4|ZD*0vz5`uJ*@XuuH7~QH)92C+TqE2ApN1qtrVie>O>T^L!z6OCZjkS^
zDIm6E;YWo8RtbagKwY+<;GpHHGXrU{karS(d6*><XcG6N-cyc~M#tdZ$_MzbCTbCi
zsj?^eFC<k^5clJ$XpYWZLD^MMbL%4WbJj1krRIB(={sj#!*h~c&t%J2C9g$-8<P6P
zzpqr!y9aBvJCq9!G@i*%@}Kx!+C04&X9aFu6wBtky(fg{h9_cLZFBOgzd-31?|MIz
z<k&PXOGqb50c5^f(0oLvl1k6e88F=QkXio9yT>dn%`{Vs&<6<^&u!~EwzTX2*=+Ji
zZl?}svbti<b88u>HQLM3MIK@4vh6UM8YB!30!t3@i@!QNdpTcxOJ-XXP3281`(c7Y
zNCyq_#+^m&SY^**&7wQR?2+1Fu2eu6)N6_XzA>n27-%+4>o9N#Kr%O`uM#<sJnwPb
zJvN>tLSSOSQ4kS$Pq<M6G@0YDOKoLeM!*Cx1>8;#UBiK8Tpp}Ql%^2Y{D;Y*i0_x5
zPqNbQu!E^CZQ@2Er~;0jhjAjg7ebkLfW-_p(YL<aV?&g~@~%cF!r8w3dXGDYdNXf3
zfQ>sQ;T{U;Ol|F!)(UHaxV5%j^sLW5=5VdPr)}SuFy4H#@#+Oyk|ldvudx5}^w}*B
zu39ZlV?$w)Yn9=heSAOvtl)(hXFZk^j$f2eh@w}mhQ{>SU$L;yP$&6rtoCo_LFY^_
z3fd|)Swlnkn6^mRLystStl6#gkro+SVZ^&|K(LW9s&}h({f`GzCwCo~5B%@WnN&V{
z)WIh3YP|n)+y@BlI7U=-s-R~10w<8eFTpFE)@qlp#1F!RIaqe_X^CC!<`pDtGs*f6
zBT|9Gd&=5qzc%|CqCxApcuuU%TJ2apLMpH87!revchS{b4`t*I8s6tBpWLOoZ-<_a
zeqWE67__?2`AomwY|0E2hDk!Z=KBYP0Qi-xTmuUH6!0ljFXDja-3eUGEZk~y7U`UJ
zV3TUi(nJ0_g-CGUR7SfoC#pv4oy$E#oedhsA2~<B#NHCw5gPDxO&pG#+y*~SqBB|X
z?OVGKMfqf|hSVM48>RkOA>aH=r*KLVpORif>qFw5O^m!9@$u^y8qYT@yM2URU+aDD
z*WlmkM>UvgEjyG|PFsFe_NJeg|Kq5|C>u+Bkbjt_Z2sH0EM%j>&BrzY&X;Bfin&RP
z9`-+54(eo@dN)K%cDN%dTj(^$Dw|-}hA#0R_WQ@@!dRR6K+X%cr707B%kXw+iAORk
z6hm{WL7B}59urIR8ni+^cbEo{%E+S~>xw?H0AQI?U`Mg5gQzopu>w(bLR}lL3_{wI
z$ZO!ii;1ZMixdN2#ZA}ZXo&8#l%c+OFaRMz$c`a-5V^W3(?Q4uK9M613`3Tmx4@B(
zE_|ivjE%_`L~u5Iv(};tS!FQ*6Q0mW@D{$|t+qa@CJ0Wac1T0g4*o&65=~$Yc0-e;
z_12Ep<EkTDeAcW;uQ=Mr77}f7TG2Koaiichaxwg9n%>V<XiSwCoz|AV|AgaK6ZNpN
z1xayXcc?#m+4xi@Lu^N&(LM^AX!#w|TQh<4_t^%R`Yj>|XWa>|Ic%ra_Gv)%6CCNI
z7XdKLN8Cn0@?il4O#6PN;?J2kYC<I$k{spE%f;@d9*fa^BpPsfi>uX6we0cQqY<_c
zOZ!?<W{&<#=mgJvai9BXRsRM?s9&kiC4pU3i`&O8(Z(P(-<;(z;PuZ14*??mt_~mu
zP>_>a#2G5FN(QGU(0PTlEAYe;I1RzD35lmZ?Mu`Ue<Cp$z<Rc_ArsoQG~U-E;r__b
z)KwoYY&%@{g1?90eH_kgZ;oohgJICAnN!pdUzl#lh6!)k08(pVcN1Hc@4kE_7$(8J
zs_PQFEN1Wf(~Qu^uPUmpL*AzuQ~g|%VYJ4AhdS<TYM|Q$Tqu(;vgQBXpWA^fIaKOf
z?+)CR7Xdakl=$%JIi~iKy@O(U%2-9(ixY3*)|y`RF1(z$((~wS(7;)y>Cki*#znkg
z+-Kyr0P|F0lpENQBsLb%nwJ5%st!prpxcEAN&7fE!+ftvB(<79vFYr7p2N^OU=F5(
zxnabzu=>`*lGAWIzN7xWNDQoerVUN+{rUBsp5Vk^$?i?fCs#hixZ8{;_FD?=S@Z$7
z8!PkU;=Ht$Vk%C5?2Z57mGY!wQtOb$jm%L3XkVkP5@+?}7^ua8tvP#1v>I`6gjmSz
zm}x-LY-zhskLk0^$H|lN4ybKufj7~<4rr#-#%MTi4)veN>ph^YN&%BF{;_q)|EccP
zqM4QGptv^AA?X%jJGeR?%W7;dwB$Z%y5slP0L>D`Dwau4to8L7vQ#Jdn<($W{L2AX
zHb)khQd=PflwTs1-nb)J;|B{I0nV-y2>fKdw}!cYH9P<IqZ25#(NZ9rif8riITdwX
z-iQ8jp)t-*5cH&y01@?`Yr7n>O&`}E{6o4-qCW<9=0730z;bWgHa(zvWJ@#9$i^~J
z7b{Zr<$jg|r(dBzzCplE5Lqvh<$}uzm)2YrPHT>~kFD5u`@)y4PD~aHqJ;~n-Aq2^
zU`k+xWXGBbEwB0NnCup$+j@jsRrKE<POatuut#!1wRkdX6^@Y==-(X@eZg7_5~DH!
z2>NxzJLc{R?KIt!+&T<mqgxP!5v-aserW;Z7Lbf!ha4-3qD($2^OLfR^;w0z250_m
zIn7TG;PD&aRC^1Yja(gSt;Iq_MMtNk?;hWJD#y2{8x|(kn=&gn4!*Lvyk`xVKZ)Mv
z#hDem*uDT<kqT|kNnEr6{Z<eAhfecv58#nN>}~u8rw$lS8IG0#>~Lx=<j!9^>;4*m
ztoaPkP$HBc3+QHV^pK{za!I(EzFx=)b?%0AuH?C}k8>5~76OcuF@$n2FS<V>@K~mu
z#fzg8B^7nTBMy(48{6VbIJ)K^M(BC|kk^;CJ30DWo#tt}Ke>@(!>{_W>+xqd|K;Oj
z4az6;eHUhB)2@B`{@+U#Tw^<T9>uTSDFS8!m-bz#s^JpWVDZFx#1mHTUw}i_i-0$&
zkg<TsvUI^Ex>9_*(#2SMYOh{l64yI5pGgCu-`}U9i?M}lK%uFxQW;^|Iw%i}%k`VR
zjP1W0aH>gBApkAOYDK#XxzrE`4r0unJ6iwOdEr5OA{z^YY7;&OoSs_%1_}^wUeEgV
zpA4UZ1Ms70)ZpyjpCf@kcI3I<BRP3?;f0O0`$51m!=1eneL$>sacXGGRv%nx5fg${
zae@SX+Zji$5ntIfYIyGEP`DmTG$8t;2Rj&Q7YO3g|JNyCDkw(|4HWfY(t!JO1rPaf
z<nO2{QdLZc7ta6oO|HA-x#b|{sj+{yOu$&CX>2rt!W!ozTyj3vNDRZGsjI8Y-cc>S
z^~^lIm_TCqEZ_U`i|}$tLr4X(pSt!s@S?iG^g`R>fC2yi_1WTi?P2lN4aB0Ool^jB
zX91u2Om9_&)Zc%Rd|XyGTknhb>EHj(qca0DuXLj;lnu2StHR0T1LubBefYZd`g*GE
zEUrG|D9D_-+dK3j=d-+W<Y>HkbKIs3Ec5ljDyc=9S@PfBk^lIq?DB5NiSKdhvOcv6
z;t(ztDQFeDA$Yfr#*_Ege8S_lohm{BPgk(*?}JgNSI$x2gH+GXYRVDh`^C}Lwkrpa
zr9}S(vMa97sBz0Z&YK(D^XR_PRLEt6_1zF=0Eo5OFx`BJMlxz~n@%SG@p=BE%s$y^
zgkQ%=LZ5j&auOzx^QP~2H~;-T;E~vl57}<_<D5CVu)Frr-w%pM(o>Gkg0gGqLe%Bi
z*vS|Ne%8MmZf^tc@+~gF&I7w|WmYp!lh&TTzu_gjK$~Jv&{7KfT!glmYu)+*u`Vk)
z_-%6Qz4?!i_4_x#1O8N$y_Y*geg?ZT91?mzFaG;Rspc6d32TUyoU!KpP*fZB`@?Z~
z%F$a~k!iC}WEfk2rlqTUXkl|0ToE<4UOLXaa>%PT)w`qoaQfSYlmFNMkJLh@pmL}T
z$lUQbVir_!CSV{S5aWM6@$bL9v~wDgGcmOlGP|t+!}+^<0#$qIVK|(TyED}Sp~2bq
ziCq!A4`TgK-B;tuk96JoQ#f#zBfJheH=q67Be?osd)@!?BhN|}Rw=ify+<#I*}O4^
z!O1r3Be%DVtHs|QWU@!#G+j8n_3f(#H|oR@U8@S^hST%*iHkcTsKP<L0xw$aH6Dj8
ztN&tJ7xoXjhG)_zqv-!*dfIv){`DK4Db%p3Hiv6$?oFVuW#f@W>C0PB<qV@hEMa!X
z-rau7jY7W%KR^9gR<G~_jn-lqnP;xY9)XtqTj|^Sqg(%Ct(+{oFj*V}38u`?CjY>?
z|K;q;itI*WOWKQ^XKKUqJ1y9dP%)AEN0`46F2+*Xln058Z+ukhcK&gRfb^oB^5GJ8
z$DHctFUWz9{zDqrBs_|3`u<S2^ytOLE$xjr&%nBJd;v@^eyD2N@7!lk{W?34d|O%q
zDpJ*NNJ9x*$5^j_I<&uzz;z3#{+ZLgMcr^aj$J?kcp>qZ<NV)GCiLlpzPWV4M;j9y
zL))&5FgqOk``4L@WiuT=&CB~7ZEUMp?-eS+o?D7b8F+2Xy=5^cejxUyMc{SuU-!T4
z7!|nD1Qf@`;x{*($XIP}4+e&<Kl%F%{Lky0iBt|a!);-U`V3IKeF0{a1)K+-_Nyj+
zfB*USs9DkDv*){@02yGY{<Lq;=sZm)UXF{_UKVTZ=gWrLoOUnK=hyA|2YP{1b=x`W
z7wY1teI2m1TxceR?{0@9k^`I_<{9d<4qNZxKQ&9gPW~nR@|(>}J;6RI)|jj<yV4Vk
zJR@p}&bs1zEZt<Dy7HPeONDgo|6R&MvmfA3o=rWP_&WISopbfE42y=t`Xz3;AaZl7
zKKu2I<so`Y53qJ?haKM2z(O$kAi<EQxSF-))$?D@8$4;v^ao|9J@MRbo88cDxo{XP
z^d0>jJ|nA6_ny|A;x#Yq!~BpZF*w9Naa-OOQ@T;kXNN^>UNxVCVN5xQ#$gMNx<x$}
z5uVDqiVSDuQ-V-%7wvR$&o6*a#uRX;asZ|*Tj37%6~4Fma#3{wz!qId+Gvr;riw<W
z;p=b!^I+HBsUq5I1{pJ#CRlGFW)c7W^CQ3OeT*^PpZi!tC9JUi_J#E{J;0NomN*)d
zZEumGpD2?;VB+2K(PreKfmua4o#Y~JAliYPDyE`x*i_w+y7%*G;ZsD*gt%##mgPK}
zgC(Ug(0?ZY*r@AR>jyVV3CFPks?<K@gxvz+qZVkTLW8P&{(pQ*XeM;19-X6`@DK#I
z^ItQjf~=>q$b}YPyvuT>=|t!u$0l$NIQ65ijc_}>Z{Lka2mFRVTgLqUw;6pN$P5X=
zp>A!G`_*P5B~!+um>s|N9m`GRe+Dimx4s(7`Uune2-DEBUWa`_Cg9M8s;}sn&t$-|
zMGs<WQW0|+q(uf3u3Mm?50ZQ<7Y-&KwlA`w{jZo_q=G9`)kpXSU{n8Cu9r5y6dmL#
zA`0QZM2gRLczqd=MFs3XaM|>nDHX4>1>=F;n9!^#p2zfFdBVHB9`6o(%%7=nM^+(%
zlljqUllpC@*K>~@*uR@`=U?atJo47Ur<YO}@4FMPMHgamq`NnZn~X@z@zdcy9U2?d
zX4a>|WN}pL9gowKt^eXf#zt$vgNe5-_4ji&pYnt-hy=h4%vTko$(5<@ra1>aO}Nx<
z>8KT3MW6F+;B$=o6@nFOOnv;3D{Kz6=*>PnQM$q-tTfqSpEw=9zLFv#_IDzk;CpI6
z+YUapv+wO*e&UjSAbWWL#-dAh_|<Mn#|QPIhX^LC?d|P3@a<X{*L??76XRI>^n03f
z32!g-a?ybfz*a~K@|b_?E>Rl&Pf_-salEsOWt&pK_;eljVY__^F&JA}=_rc<HzCPb
zmLnAzfJa}*&B=)e*e15Bpnuj!G#(K%*@BQ^hntG3Vr<OLpD=sf%IsiOV#jH&^o&Yt
zUuzZBrox?OjPoz1(>l5BVngBmGs?e`u_!v6`^*$yW{~#B)qm|fncdQ}A`*4zR7#ta
zFy~z8O?DaQMAZkslI)&d_gtd0NMU>#6nuE-P(^-o8xn>)4T=G#XdydzDHskTiG{6@
z>?(cB8zEXD9*hYxU{W$JfM32^2$ZU9L378F$%)7NBqpJ4>zuwOwV<i>Kpfy6$s_#I
zOBwf<f0V{ldi+x|SvezWsc*3~taOE(o@d+(9Kr}BV9}$jYqz%|`zTl!x$0$^UCtks
z1oyudz^>b8I)--cq+qWDw}qV&PzJ_>t$>*rq#qekiA~%2&Ef9Zogx#IyvQ@Z9&+u*
zWYB&*OYNq#n#Ggq!$7Wl`K|1`h=x*`uQ0CZ2q7rYb^qU4WW9U-5)|I_PfQDsK|y*c
zy`3j?2EvASKb{<SE?YJ9JC1j7aF77vmG5x;x2ipeF^o#u`sRAsW*F{Ml%(@*2@pBA
z!UO*D^&JB4u0YgqFp@HE>Dd5AIf=qe7qYoWof!Wq88ueI6TdO{dOXheXq`u3*+=fk
zco1hvuNJtU`L+a$4~xzI_V$+uATSSS!JMWSy6>#bpiRV{&Kih;m+f3X=@(x33NLyT
z-|q0B<b9K{A151L=g9NxYCtSz_zTD05LsTY!ItWEAef6vM>X*8T;ZMts*z>1*`T}j
zzPCpj4Khs?Y;0^O3vCk(sU5OToPzW_3n!ApeT9C+Dk@u^pb_z@n7aGKooNjHsI8_d
z;8pMKl7;sD!eM&KC#bBsa7!ik;`=(&MqfBrPx3zwpNSTAIP!#DsOZ4q40{WMa*mBz
z-%wu>Zzjr2gVl$>Usa=>jtwbclD0AMQ&uCY{bzcCWVd?%Gx8#~hMvZ>41Em2FloaD
zI3dmPDe#|;lI#?<5fFUlf&ZEaukAd9n4j&1y|*>cXvbk2WHb|^p!C$abS@edbnrFx
z)47pBU{|PS*52TQKl(k$5gLyKM1hnF-F=Px3@qe2M^QJX?OdwZTD)0|Ugg1Ce{?Z>
zyQkjnwOL=8`oh|^rp>i$Zkwz9uT{l|Lvz3cto>WF{7+UOOSt>q^zXmtrXQK2lz;4=
zydkUS;XRHlZD(TMXjlp3-IHk^>_W$jK8wrujKEwA>QpNTj7e*qfOA(Yo4R=`dHA~x
zdtK^qE)JLUqu<US-#*k&8d?1I?G4=mQ|%eIpZCOsRTJ-xly6!LKK=U}Qa-R}EJEDn
zXQOiLORD{5Mc}sC3SeyvgeE;lHU3cb1e{haLI&^A1-jaMxH=sZF~83U+b56eyOzG~
z3j``i;Y4;cKPfurjbuD$gH{<y@<Hs9d5P7{8!k@mc6pndec$PolCwky0o}cf)FO+v
z?$Hv_(U1A;$&0lxvBn^w)RQ@9^L3WH|0(0IN`+Ix6mg2Mh7HZ>!Zs<eXIww;Em|_J
zV*UMFH7aN`(7E`nl%TlB+L9w|iP|S6-pq}HVZ$>>^iH1_D@z_m@aA#%nR~`7Vff`R
zCeOy*M2P)nxD@@?BE%`ygwGxz*aYB-rB@yK7QWUJR(dXFl-yb!RuvBTm3cn9^QRh;
zc7BXOiR$$edzj>px-PwqC|A0+>xCR|uGsBsqYDzhst0QzRke)hz130kg1H6Rol3s`
z-yb{@-odr$3r19f@<EwswWk1u=}7+g`XlF^>hGL(rR|2o_fBMO_cS?XKU1=3;h8h7
zwLg&Tgw!hST#6mjhbAa3j^hbo7TXK13_?t?azjIdHN3|p(zjXI6Gl^G^WoB&Z_h6k
zv4sIt#8vV5eHQ9Pp1iOcV2p-IFIDWz!%J3X^6~MBjPKN)uuO890v4mA8`$Qxf^kC&
zutp;fA3ody9J=iE#KgoLI1SD>5mKS0_W&#r9J_7<4enzg(4#9E(xaiMjDsau+DEDJ
zY0g}ap!eS^N3rQ{*rZnEadr~BmcM|;0aNe5S(&uXFuwDDe+32KP@8_O7*lkHu*-Px
zXh<kq8y47czJIsm#)xRyxMS%%AGiby)>l8DoQ1`r@yvvuo8qI3Tw|S>r23AMY1}w?
zk2KiW=1zYp=sS4lLE*urVF7$N0^qC8ZTtu;i|SkLTMX0*x+^v(&#|H=0Xw`F@OXYs
z?&Y{QnK_T-G?PA-z!|CUBSEzFWhAFvnL@UGFU`oU7#l{lj_R2lHh((Spyc)-u|1mN
z^P@_zWoB3{&)HTU6Pv%iO0V%vS<&HrLp?wG_3O%BGZ*Q1{C}LicU;c@_diarC`Gzn
zTD0r+BHG$l6D^~Z)gDS$+NC{-C~Ys&9!i5!+G&dl?V+7i8k#gUea|BzSA2f&+s|Lu
zE!TKH)_I(BKlgJ#jph&OO-jo`9p|gJ_)6j4C5V}yTkcrj+P;La)^cT9{GLwKUP1P(
zA!;=aRT}U9a|26mzn9H-OE*gEZ!39BuiOTfPci~sZW6ZB&LExD1ihJ|ef)(-wC{nv
z-=tEq_?F+O@u3ZX1c|LBtFv#l)tBrrQ_i5wmRTDeL|~?@Dhj@Jrpc?n5`z@4097Rs
zMAx!c;@>SV@nAW$;ihUAfm-Cdf>7u-*N-|`E9!hHqt4I)luNwaaSFqD?n^0=ME%Dr
zdf7wlsd;)u1Wws5cHY!9^b)MZ%g`VCX_Yf&c~yx0X~}DTyX9S`?na-2VrCt0#)lqt
z&|EQtN#8fXbxc3>m_+e>(WI?<dv5FQQ$nIMmChf)>MFMCTy?c;0iBD3OFXg?#jCSv
ziIXlvqLHa=b6_6N8jA>2vPgY%J@EVM3heP(tc8RZmNO$y;(%8<yM9A8nh~RLvz*su
zXOt~&FP_oX_f8G^JPWGN@lXs9pX3=V*UViE9f091xD}xUTwT0@z@0wc0<0=wf!>i?
zVtX|YtD;xqn#bIe#*0?QEz<HXPs*F&{-!t9$MhBZ66?xUc01XO`UJZYlMl1i2iKoC
z9i6OuYV8qaGo(J(DPG;*GNHIzRhW-UWcTGk#yn2DCg0tj`@SCl_g)V2$mji&q6;*S
zB+oI{&cDjuGkiRzOF2DpynhzN8rVsh?#rc&IhO4>@DLFc!d}>P3`S167%q0S7T-rw
z-(+brLp8#KWTIpB%r1NBX<2Rd_P(G2F>i&Q)wx_zirA~O$vU>GegXup>3yF<c=fRn
ztXM@PFx@VKwEO2;^#lfou@3D9!3O0oA$yhp1a_u!<ChCwx;Ps{j@0I^^QGKJ-4V9z
zY5lc#_tm5~>?Bi;s-J-tbrSJKmfWl)k)M+L6}$RXAk9(1+uU23c-+_p_V8&rIxFeK
zU?kp^IQ(+&G{-F|AKI3w_Ja)b08GA#N=wD2Qsw$RwG4TwxrFW8>%9~dkk=C=aap<M
zGwVy*x??tTDa~&)CEu}P6#a(|Gk#r6`x=INbB_goPLcccEZGWOx<VxjHE&PV2>#xz
zNa>amy1^Zr2&!sxBQEJQ!%##Ps+V4M<;kIuEs$HYh^E@XsUzKd4>X1X$cDW9gE5Pm
z(aIC0Dq<I!b7KW<z$$_qPlu7KqP`Bn%6{_f&f$BGkfyd1mV1J&n(MqdZ}}ea8#M^$
zpbpsj!fyYtDF6;Goaf9;K9&oPxt3k~zs`;i^LMqZT+!a(z-^b+m3k4%8($dSd_dy!
z?J*)TjGh;BArFsGm)iFh$*UNzAZhR3AXNvJ)na{eCLR|;B-}qU`E_-Yl3SR-6#xdU
zd{7O_=sRQe(nNBpy$<Wbee_PxmkOc$NEeC*^aA&wgm~^eNskO>gh=ws5i0X4Ih)(Q
zv33zc+O*JMdF~9wd~AW9m2_|^xT@Xlxv`d4OScl)VCxWFSrIyrkS)p7f0mP6RQ4`g
zK?Itxu&|8QU@onWgM~EAjmtf@%I_ti2&fU2rS&?bHyWilsM9s@@)qmRDW58VIZk%E
z4AN5d7rCq~rnczXoG2U&GwBG}Gvptrt$Hu*i32EEIe~f$eJ$g*Qcy@U7#ex3s$K>6
z($rKm=lSOk@7dP-QpPSFM$9RWYvBRlDoD7_#4(P~KIl{P8Zv_nYrCueP!bLQMBTjn
zLc3R~1;s7cv!&*wFB+6*p{RCrR&)Fh#)EM2tS+Q8A0<{0SvWO?XLOXp<_rU1=pNjG
z87IAE4(q2^_j!dWKgmB;anu(&OJ82<Wu0*Z_4`z6x#mlKhATm`5u>07YLpi6r1kdL
zDcvoEv4W1T{|$cFvoc|SkjlePM$Kn3bZeeRSY#gxO0ZywO|BFsk;?7jrJ|Gg>H4$2
zezISe?C4J`R~kq~^T`tT`9*yBHQYM|Yk8Ar!r!-$6g9yD0mbKxl2(UP#5*P3Q!mi@
zlewT@Y|69h?>Io&&C&0?;H778^MT!8OiJxIOFsANhXaxy$xrzn)%0j(Ii;puBusF_
zYFYK-7htHJ_&n+&EsPoztCjMRj1F8I@|2i)FcVtmvR|gM3W<9oov}!+gCsiXWgh|3
zXjxVFILB&9(+^cgr=VWZ*lxnUXjH2`r~FRc*XXayhKp^L68CH38daeQ%iP6lE?GG_
z3E%}kd66*b+_MCJ)l57CW6bdWz1<={tVc6J9!_EI$?&y>rs&nIl>s&iS;PJ>^OsNe
z17G6=>QCM&<g-BW;<h7ot;-E{Nznx>==rc{18|moeit<SG?aNm9A1%0p@T`{urv2}
z-pAmo7KFWC5xvwk)KN#<O3rv?cw7}~cfthC)R)W$CLXQKGTh#CUo@ja+>hKUJ=`RI
zL7K)9+)4qpgN3=;IS2l*W3+alLZ0^PUIQ3XciDP&g3!-=6DL^R1dE}5EVraN{N~~0
zXRHJH?Z709w9V3t#t0<l7LA)xUQK0eMJ&<8M`sgL>kf{cye7rHEjFqMV5GS#X<s|V
zs2HGb@<f=J;}xo62w0vhxp0X7z3wi+t*4u`W2b{K-<G~(agK&T#Fs0GF7=-byqF};
zkm|V>l#?gP#?Vyzj>jDfK60(})8Af7y_71N4ZX3fA&#J{m8eqKM@e4{v0w}HCDljl
zmu!ZY#x1UP?s#zKKy{z&SJX4yJVf~wmp?ob7pcVk7okw9aK@YKPEe}kT!1CcM#A^n
z0P0{opm6(>9<RL0PQ$^-Bis-haty06I0|QWS)~_tCrZpdngNNQ!j(=d@rK(O!g_Dp
zjJ-bsaA)M*Pbp{9<$K-5H&x8Lv(onJryGpbIh_8Wtz7iN7EGl9J(d|%rOMk&w5F9u
z4G;L!ZhcO?hf1!R^JvlMtv*v;O9fEXNY=ADW+)k6la?EIp|=_ZU`7x&UzT)T-8s}V
zoHj2{SJEZIClPpt3|GOo8rE8va4bn+t_X6TO~4U!uEIHQFvJ_dmwF2V%!Os}1|!wg
z)ibQ6iw;s1`bKA4Jbk{sJ8B-d$fuO2-^g*SIzU3Qbxgg=hga4WwF^<7?ANh;zO9>!
zVK1p#MPHb5BCR*;b<<wD?24q`mjua<iKR$$uqIlvq_z7b;(8_mfkkrV<LRp>xPjE4
zbJ@tHd<Cv_1y7b2UPTG2!a`J)ewbD9qTSAaH89pGTGaNu&FQwy8aIwUMkewP5>yKX
zlQe556zuL0AYCLu^=PHDXZ5}<o4KiJ%C<DPEq-iYp6YGe|Bcv-8vq+Jz*-g-z5L;T
zr$}<u_YFQG!$cLqX2;I%X*W{-Tx`cqLw6t!=bY^o^o|3rok9mhTkMMCl3%AKo74;=
zgD92bn)*Sp4Qpy&vDfe+<I1oceKECr@$g_CL<;k-X2BWcasBM0W7@-2W&qc-1@<Oi
z+^1r|Yi;+I`B>t7ht=D<y{wUt$apx#i%{i<U(?`n&jJ#Q-AMIbQR!E_*X<d>-OLx4
zqj>E@FULw4tfNz`Z}VX65fAmv5-5w#Jk~bRJ?UoOV$081KAL8uY*homr94viwqxvf
z8)O}{>M%;o{)&ydL0mf6AKtT!YdOL%dsR%dPJCXo1ICB7717EuRqFs)2&<5oeDtzd
zc*8&@9oNLiUX;~2LwIf)v#m+*Kuy$Koz7KgE0OWmVj9D4?`bQsI4b`4)}a%M<)i*G
zln8uEfcTO}qo|;5*BsFG+`M=HNAo9lBxwhSRzCmI-Y>urTzt&^M6+tm=T9x1dh>XG
z()<NtU)6;0#<|{2>XBA>bRkZYJK3g7^%6f-GV0i2vM*30TBHjq$JCg{0hgGV;<-pE
zaNDJ~VWO5=fjidC8gfD^T^#<H>~z&HnNd_RNLcbL$MC-FRw(DbM8DUB@;}sMBjbH{
zvi9s_#X-oG;=E-{rqcnBOB|-@JnNSkX85?JPVsZZlP6COQmME?HD)8Aj1f1JfO{C}
z3eJrkLRClR{??C%Fq!*_T4q9%9froj*!Tp91de@D=fr-z(0`$7Ufx4r|HvG%*8R~%
z<zR7WCxIpGsv`Y*!MZ4i`N!^*(*3Ywr@Am7o6pvoFELk^Sr6X2Hu%c9zS`>>&M57E
zg@=zS#H*wdCUqybJ26g1Dp^=h;2p8}oUQbyWIC^9<PXh&Q=IeoSOv)|3+K*GEFn2G
zQfNtO>Y;u2>DFU^46O{Wptp26=13h|p<Ej`BNVMTES6Ch*RPI7mHEBZluGf~7s)e?
zX)OZKaZX3BSMmaXt(>NbP05(iJ<_OjR~y<$ac8@w)Jca*(MHf2U}rdVLCIh7!NTJj
zATG+Gc(Nmx(^H=HJ<ann7mBY%9dK$XIIBphWa{l9l1~+mzG7I{Cp%ysFWz1;3Qn8(
z;v1FX#$qEIA<kO@$s)3*XUUGsD)EtgSO5$53Ki@lB|<K4z6k@Hgc{Q7i?l}?T<+a?
z^R~9t?oZo`jYOK<1n>*9lB_Sj+8n}~K6kirVT|l<tE*A-g^5(2=8_el*O?LBPfe|!
zVsky|>&w^}<)KG1@~LTefg47fp^Fn>9kEr;?0}|Jhs+te7xeD50cL*QI?puR@=LX$
z#NC9`(b}^T<-6jVM!rR%st1Sjt_-{}-C7L<tN0}Dx&3Sr(FeXs6kkYAwn^&?6<-TJ
zz4B{8VCRAr7v@b7&_Oytvh9-OTzbHHfl1(E|I;Znal|UUp=|-;LG#^ZQ8tao>8Y&z
z%JoX7BPVUJa%0wS4kn(nok$gYJdk--OwQwAe<r6)@|1wIVHLu>lV$9MP^f>&wi>)n
zZXok>I@hwq&>v}`>AhM`sglLWGBSV}9!pamotJmK^S-Zd471%|#tq4tDK_0^a^xsB
z*<d!6N(gT3tKB(Ad`Y&|n}#54c8MuW<QueOPEcO*;$=1|jx1Mn*lEXdbSYelAuQJ}
z(18$!Zp-<!w73stq`K=|06H;tq9!M-xy|V=qr^z8DOLH9>a#4N-s&kwmXN($pRsYs
zSYa74roPwoC0c|c_PXa1%ikx>NPlx#LeI8`?HrX{%63uULUK9AW<rq8Ct8F$wAiy9
zJ{`jIKrgtC_!{V6WgpCUAM6KD?hVN+N3U#`v^PV(lp$B=GNTO&<|{MT@(uUz-=7;@
zLf4zb)SZBH{I~lYG*43;E!g*Y=<TTXe0~(ev$@u)WToJO|EPA~yE@F`&lssxl}r>o
z`2sw^XcRM!k%Qah2txWz&>-hftq{o=hUOjITb()q*KN|zCX~lMb~|S(|I>&4=9qlD
zjb2DG9X(gRjfr&_@j2gqcoVmzpDy|Vfwgnxye3z!mmOgtrzAavzOb7CYkUzy?z1SX
z@}N>(N5id<xI{+xsZf7PX6?vR`O9Opq`I<1jSzHA7m1wnG-IuIYP;xZ+aWn}F+gJR
za*KO5O|kDjt!DG7a;-T3FW~1C9CMfgT;RMD_@A9_)ky`M+J(ZS>S}aWE6RJktv}d4
za99C3<>TqZCLCh>S~2dWsyw->mEO8Ij|K1Sv=duP0Jx7mo0OqBIYz=w_1e!o7?F^3
zUZcQiF5k%GY=8a~MxY!@Yekj}s?j}Y89e_1MDk8pxJ`$P7BNK901flAX_S_2V#?dh
zvl5QYH}!d2jVl1R50ilC&2EHBt)_TEa9~lVYjQdBd69^sX=kLy)gn2)^bdNaV(*SE
zu%xXyv?ebHp1qtD{Ty+wX-94@*+yqo*MWGalQ3V%o8DUywVo`VmB&6D+JW}9RMC!m
zUnkB~y_FfQX>{4Ka~q<3JzSU`vd_CWe7~*fO-#3z^RrJj@7;+Kh%?TMzUf|`O8pP>
z&lp$4-ZTWXQl8#Z=@n$FAI|1R<#S^#T)M6&kxy!9XYbzzQTA6i=Qd7~T*r%i+CE%C
zYnO2tib&LYGlh$1pIF30ba%dRmAG3*sP+Usul~QSAnnWAnbwt_?(noPo3ey4d7?r*
z0HbJS=4ds8`p|*K?}Vj-<Ey8VQIS_#>r$_m@zw=ELlyDV`^&ZV#e5pOayu|L`}Jt}
zQ-=ztYe%!3pABn0dd2vll2~%EA0W%q7OtZjnL2Z=&i`PWD~Pz>#GT<0%5j8R-bNHA
z38m#&>O4st-{=GWyqT_*>XO_W<;{L<CU>9;S_e3kUM*&@O-!2C1aaQ(4A~?uEL}yJ
z-(S2eV*6&ZPq0#Tbb)<q1pnkN5)vZ|r=Z?eqvOS+;j;fhGDaXEsRyZjt97F;!jwXO
zTvr=v(%T{rr**${)bDL^X=sMTSXHPA#Nw|C2mkg7Ww0#W8c8LGZq7zfH0ionlC)Rm
z2_J!pRrGog9)^-JWSvx_s_719%>+K#<!!?G?iGE><;rB<6($I`r(zp7k|xh?8+b~m
z%Ec|Q&!<k-jAx{1K`$++7V{3k4Rz1pK27B%-xa;|_s9`%N=3*X5jXd%j=Lud8MZbK
z4|W9mC#8QyU4XV(PGfu;A#cg}WU#sD$|yM7j>@ft<}`Iyr>BP>lXZ{2?sWfo=G`wI
z<N@Uu=GOC4nHMC<_uaRzl-cvm7#vfKY3xz+j(mTsYg+*m0ihFx7lBT?&!sVPnPO;*
zVKYM5*8hCf{)Xy64o!uxR6j@uG?}TqY7;06Mjn3?b;*}<vPADs!zuvnkIkl*g%*ru
zoV@T<tk+}DA#Gd=9De3$WiAe?W7o960c~4Cfn^g(@dEE@Xc1xqZcR=!>xKQrpxx7P
zm40hI@%0KeBI$l-t7SGOIo@Z&4B(%d2KB32J!|v|x-qRcfxvMP62_XfoPW+I=zCsQ
ze_Nl6v`U>&@n^qwZXhBJD6+2(GQWU)2QU{Kn00B(2OSuESV{64(nT&baQc5rK1bny
z)P~|=@?Ojtzo*6$ET{HPa|T>#tyewx1+-qro~ngZ+AVnXxlnx6pMfnKmFsZfO<dlH
z)k1dPn|Bu-;AXc~<;>qF)VblF+OS`@xIbW1B2#V|$#hUoRL!%zxO9(onEFV9`@V+s
z>Hki0y&e%Q=kghtRv9^^HfrMg9;Da!MCk>wJhHB_dGa4xi|4Y(oEO-*W7HqHT@bVM
zI0V4x7{AlZ@SH^@K_a9S-4+3jZ~wT@ySMU6ByWjf!&}~wvjh8@eqaU3AIq;NmvcQ@
zxE-7NcO9ZWw75;^MWR*+YaqdeewWsQcR^+vbPLOI;Ren2`6S&H1X<8O+qg%-SS8)d
z$V%Ewkl>!U-xSL;WoNBo7e|QI)wOI)c2!P9WwwcwB|*oD5heXYo{Mit30tSyUmqa9
zk4f>1x#TFli)WBJyNy`S92y&`ZONtC=Wn=hKyu;uX<tg6ukCei_hVmNl0YriIGDOR
z8^Ep>%f0bwk|oAsjZiBPaYg2l83dU*b=7X);9>cma%bLCyYn5fsI*+b33f>>h))l?
z313=YgY74oR-^vb>h^xoqr838T$tOvV~4c+A@5TI{&$tVe9r5!Z(DJ~I#axhl~<v|
zZ1Ib|Tufm0IeYjz&C<)!fvdaAZKac}d^mH41taz{=dneUlRO;2$fU8kQC329az8dC
zB!CS&_`D8w_-AKbkJ;Ey8Vt%2-ju3BAU!e{jNo(w`oE`@H7^Pkt8jHy&g=c#Py7jq
z$$f+rytAF3Rm6lWg?U`Reni0;FA47lRuSmPQ0}&d${!oHow66jNX!<zuKJ*ElH(=*
zLHG4--@_)3y{x(Ofh-T-ASCZQ6N#fLT)p*-KRfl6#a`RTc->3)Vmv`F<V`-3(eoBe
z`7)U<tjb=@%X@rfjF$QR7d{?FgUl11bSTJs-oNS;047ND%h)3?y6260Lv1L<0}?$C
z5_6xmu3b()O~yBZh19juKx)+@CtJ^Lbo%La;JM7^PoRL=2x=?FE4{A0Lw70z^+Bz)
zyLRc;&24={i_p;PqUSbNpK!Uz63yJ?f$V$K?0))kJbVNmX%6M=*oemv(j0sBw2SgE
z!GGzc#_^aVm8!&<nwhV2{Q_}?+9{4NO~9ydHv$CM@u)V0J74|dqJ9anp=>vAt%jy=
zri)pFQM&4B&X&E?wK33mOPOkhBS0)dZ6Z(g-Nf1G#dDrKIFS$gI^|klBqh%A>nWDc
zOD%{iYrhv9@g2~`Rewehd176Frt9omqrR87$Ac{adyhZu(zj>4gzIYY!~1oLZvPFx
zrxBO{tDb>^gv4!E`d6mm)IB@PBczj*bD(N!G@HcGZm1=C^3HG|7ASTMiS(qLmEa5n
z1$=Sk!BSdeHOPujSp2mC<B*Li4J0ufEd1==^W}lO<4ehN{Vxi(f1hdHm~Di7MCx4&
z#5+@@RJJ|O^JcpsgTX-|{TuIiElM#T6}ksSsz(H|>{N1uyN7DRgKZ6b{e9E_HnU0b
zB{&=J@2NcI)2GWoG5XjVXXCc~o=7spOoPmD0y2pQFBBuP0ao)Q#iKZ>@PIz!j37ve
zl|DJ+z<u4lq1+1cePfpX$X_1^?#Or#K!fiPG{_CXJHahiHID;F9}e)CQBXiKsfR*~
zyXr`Dl=p;kN+h45;*zb5R7Tsv45S|?p8jW%A|VDmCetMV2M1y<3ru=AC_+|Yi=pq7
zcgX^8UvZRG#a^Sk3W6V}o(7SG4NOF0JXT)GNi_D-u&bn=N^_e{76tVDKg|7Vx%2`Y
za=P4jzxH|U-U;ceges9>((;CQ!Th)D37qwPy1sLD^GKyt*^DnNc;&08bni%xG-+0f
zWi^m^GaGFjaCUSYaUD41RUZvf`N*Qz*%Ag$P;GjakOSaPb%eAycPF?sc5&zU<f}E4
z`LI$+1GCZ0bCS}8qg#Omv}w(n$EPsefA_lujrv;k#IEiYs5rq|7Ru|SE-i4~I9<w6
z!rQhY$xqh4DXI5-J~w8qT|*<0#3y(2Nd=DU8e_uyx`pGkg98AD<xFm$<=4B@w3g_`
zm1Fh3%w}C1Dp~0)G4N@sh)o~Zr$@-@BT(r;<_}KV+;sWTqK0n>%0P!{#DS<f)%V$F
zEVCP9bJI^VJRX0Yxx5G+c7qk6MFLzF*E7l$!`?EaiRKE+!bHYq8Wrl~(>e;hyHbyx
z`<T{a_}Dg+e!~RbIKcDIi%=1{<zqQr0{bQMXt&lByIiyX6cQQwZF*^H3E%)NYdy@%
z@3o8yH#s2n{wrZDjU7zjy!>HMt);kGraH@C7M4C`7GH`}DNkWI{i%fZCGY_H84Z(D
z2jk8N^LY;|EBTms9W_b6w(r4f;ufU25vfS~yk2#OAR{BdpJ!9BwCIf_9f;<Zb9f90
zF<re5-A|&hP^dD;WYDJN^f8`(&X46XRQ*OW6<qP|n}Cq+eqSDx7+EgiFh~7rBcVR-
zbQl5)=HuSeuoK$no-oR*DB_^H*)NRxb=yTuJ<k68;HG7r9A|W7-Yo=YHIWo*Ilf$u
zt#5B@YrA-tjYQ?peYvNz)6rjDob$38t)>GFSJlOQK5HT!MYW;YzC%yb6;v4W*@#rC
z=rx!6#s5y0lnbtRd6`MMZE-?YBtpY%Ye~m^#-APA9rvzoXSnzb$pF;_@9_zcElO-V
z{<KRZy^bjDxxcc7_qP2O$cL5lA-~kjXDp5wTpTefbm`=V9t=xZ7B5xJErP~Jpi|&u
z<E`z&hK>*3CQ-{OBqYn|7Ub6w2i*TFC|&n*^DFP{SSUFZbL}P7xh#1q9;<J`i5l72
zKz<}^l4|xzlJWp6RjOaTp#;dD$B>cUx`5RYD`+?(Frj88-P#(W;(NljzAp#U<&zre
z*qvUeYb=taPPRlDes`uabB{nqQqTbF#Kq<SM0)VfeebbHQNE!jvvIg;2}{-FC!;j|
z8S;-M$5b;rhGM?&#y8n>Q?n>*d3w@qzM!*&-uBhMC+}x{#m@D>T0V|U*f?u6M+lB#
zBlgyQzTr+ReeYOU{$>A|#QJk<0Rs@wlA1Zs@>qMl;|P|CktG-)b9&1lNEL7!oV*b4
z?!T(K4<?If(+xp2w>(BLrMZ`<_WaJnR6b(qVI~w2`T`AXsb3))AGfn@Wji{w?TcQ+
z6qLxE04VcvN!OJF&-EVgu9mdXXNpxKZc!xSQ{={NaR5_jujh5tP;(x7L^b}aOrfQ3
z@OJq9-Z;&t9NQ&P(l>q{yn=Q+-T*L~MRJQ*S{tC7ULq7I87|2vANIbx;B{S>m!GyL
zZ6GsKuiQIj$uOSM!)MQJ0?QN$4WszZ;Zu8=tNR{5Unth<_FSG-jm)Df9V6lK&$jv4
zNO5yz%4;G46I&yfa+$8Yv2QqF9$H`drba5umjHy+K|0bcPMChkTKhx5ZV~CE_Mb@f
zMptz!!3(YTKyGw(Hv4z5@vL7=;)3ij@8oi@1#Pzo?Y@0Z9odgt<BC6ff@-)K;O|;?
zQDYya04eCnQ1mO8k%&7kt(`Vv^z~h#8>$+fectB)x!TNBZ&&((_i7fB2Nrt1uJq6o
zTylJxo(oXRtX%iMR2Tgg&!@lJ<CCxom(=AR7gs=^oqcP)P<}~N^Qaj00_qfe#xyt}
zDcX+maCPp%R)Xot%A*;`f5^~5sdFQ!+n}`2@;DQBACb0lO0>x&gD1}~tf-91w*%(K
z@l<1{q8z<BBqWlAqmypRy5=P-*AV0lxau=^6DJL_UiZaZPT`*-%TU%YL>UQ$!_L*@
zTl@F{uzW__A;+ORh{}Vr)ie3Y$@$s&?MvTDhR7r3vDtRZMVK#f3FtjRH~FjLawT18
z@^j0AzQ5-fVEH$_$gDok2lSCw(;c#ZWlKJ+gNUyNU+36T52=sujU%Vnng!lPP<qBN
ziZ>OLX9hcEc=^0vLJRXc>=ip9z3lE`DVlx=NKPTjov0~8a<Oa!r}ul{Q>f)udIwpv
zdQmgyLpQ|zkuFoO+vnB+P@ojDT=WpDlKB9&s#p!mxu7%`gWMt1(X{F6a^=-a$+zsN
zoqTkSkSk0hv&=Ron=V`yqD<%)YrL?p4_g8xCqwoDS#n;I(FLzqt?H6Tj~+elq%L1o
zZ5JYWFrXM{#R)oSuf4x?*F3miR|~~<_gVhYIQY-r=iOg&El<~-5F>3k!sqMVkH|p&
z-EUQ&T`};cyq&zao6=VQt6povi3crh2`!U%gmE7B_5c?>mfSgo_>nhP9VVp@G*1zo
ze4PGt*M^H}Ll{6#V@!a#%x-VxyYCIKM!OPEa(dor5gJn~_EP2H&z~%B1EOR`Oe-yf
z5ZXE>j?9h5SoXQae-6g0TJnuJmp7ajf7sC<e8X@+=3IfOVsn8%b|i_cdzlO})f7ka
zqRK**gMGp-#$)D1^6e`G>%^u{IZcQ6bQQOUzne+Oa`@agr(;iDJ2pXQbuGzAMuAJV
zoq6OsLRscI;OcFC#M%#Z_~wK4p*rW98K5HhtG9IlxR8y5;TBOv7szr3MPDxKU#wH5
z%N0gsM}Ck+pR)+M@fgu=QPR=Vm1WC5(wUaU_Jj5-zWFM`=l3CwAJzNu5x1eGd!jOP
zGdp!aCanE>;ll99zP{!3Pv#OVrp_>r*<bTTb5GRCK6%ILsGB8L=TN~7!8qCTuD1OW
z8s}0@SH|WKJheNG)83F&)xAW#Gu#rl8W1YR@!;;@D~ByL*ViulodR3C4|{gdTZt2H
zKh1RALHUwz?SI|2HXPa))1CF>*#lzq2w7OYXml_PzT^YYe=hvV7R_<5qdllVS)V5(
ztREt(FFf41!KDv90iOmIQzpV0xyvGWTh-~3!yIP~!b7aP;#_RI`gmh?>1BHIR0dK*
z2dv*twcoDSb&+S8a3oYf*9iwjXE^5O+u^4`xLy^2o)+d>seu||IGc$=C;%=HQ?MBq
z1L2Y;6P=|F25tjHLlA^UZR1v*>P2!+V#+sn^|_KW%6>f9+!d_f`8`9s$r$duCB?xZ
z0zGTU68*QR3rO~)*%Sqpodj`4`<6S_u5yH=Rp9dFfp_P@F6X!JZU4d8mOWb=xm|im
z>2o-_tK0kCA9uY6M`f&D=CGa5O^LW0+Ua|AgFLGQQBiQF4BIqDAQbpS$(6^X>4zaI
ztjZUqs?04}8Lv(&u*4Bw)bFhYC5Q)oj<NbU-cv##5s^|H5}=n`4*{nYxBii~kkj!P
z_YPHE$hB>g>UV|^Hc->|gw_H52d#PY1K88ej;v4B3*YrE_*535X7@Mcs#vLpIPFL|
zi;H0c=GYtgiO3$PEu5ewedG_m^ow59YIcpH_;#^<0lb`ucXK(p+0pE&1MpmCRD_)V
z2;xyA&!DUJE%)%z64H+rmhD<{NC4#I6xX|+5X0(Ru{ZPFRIL6ox2L~{@((7Ko%Aq+
zAfr&+B*x%6(_re}>mt47ON4dpqg!t_GK742+%Hnra&*WE^OfxhIvV!*ulPPmC)qY}
zKKgG#Qw$?vK8Zoaqgc_<BiE!{Nu_zXNUEUN-9kMRr*MG-9HUNb%*zvxl$CtVUAMby
z>gGv^Vo1cHI~vwz!k54}Wfh5_+LBD?_iwZy8yCN{evbo6t)W=6x6BRlr8bM&*(z?}
z(I%qMmR|5`_o#O8+h$f_YEn(vSL`||d<4N}W@ZPmy_6-fWSApQK?D=ktd5YSBk3FV
zTf;2>2!fxQLfV_GvobPQ8;xZ6oq(y*7`-}^m<2f+#pr*1N&Q?|HM2qfTSc_yajuU^
zl!!GhF-F72YZ-DUT?c72YTQczQiw+Z5xt-|knhfLq^KErJf9k<I%~t|`&8A6;znfm
zO+Ho*>g+nzkW8^dk)ma;4UY~pTCIjy`@*j2S!~J8Q0jw(^qk_57nzUba_??Yjwy9J
zHaja{@(JkU-C$IVxwi%dX`K|?gW2g@?odEmNoRcu3zFQK3M{V{{VZJKUJP1Yy$Vc1
z8%Hl<Dk@P=E{&X&V@1LemFk7uJqxw=8HUA>sr0a({$%Wyj(OuZ1WBu$S5Xb9#e4Ze
z73;)toAzbImh1MM5{9yZrkRgT&Mq$cclxGQo-{uaI$DavmX|*F6;3+VIb-Qc*mK*G
zO5U+56LDT;cvdj4?IHg{Z1-wQ{$0y}_ktT%Pxlq^&Q4HaYdbH`w`xVDb3N?Xpqe%F
z+FI+%lbnOSbJGnToZ=1LfA-Zf7#b{rvgz%&x8hz=Bu7IhSpl>Bj|s<y2((@YQqm~a
zDY{%{y-@G>$?7!yF;9*>QYa`{k1Bt8VS7mFku~VoM1^uzv;{XbHlE=vRgt(rD2ON%
zijiLqMe-3SVEmmS!4VE5jMMQ@$ul?5nBO&Yos>%+azrW$0cv7x&@<zn#B^xgIk8oZ
zcT@NI0YeyDMiAWYAUk_rWb-|_f);Wbo?U^G4Fx|xzmK5TQAcn!J;s!mMpew*#cm2%
z?^ez#O|aI{D`SRDz$|-y?&CWY@qa`tGv@=ZmcJl4#yN(!n411PVq=XBoan6<d#`%1
zkh<;-(hWDdSpOsLKYPetQVWVTuv4#Con3X}24|rQtbH4|#0^Nq9I03%8EE^wH-5Hc
zV0B}-W#L(!YwC)I&cYj&Mkti-ys9<fp}rG~t}Y^(<mX6vA!FzgkTmM@lih}oF}|6Q
zbClK<o-ng#J?h<XK3g~y3K_{Fh0^jz9?#qfaC!Jb5R>9xZ);^U)S@$ahj>RC@c35_
z_o>}}YW8gD@@H&+(b*aAp(|r;>2K>hZ~a^xcg#OLV=qF>og2<8@#WlR6qJ5-RIUay
zGZRL#=0yz0NxgF|DD2asQ)J5wNV5CW%6_*J?#%zzcXWiYxSXd$C0eMJ^`cE=dW^me
z2h^fGc=~0nU;xEpvl22M60D}wkrYeL(n1ZxhdP?Pt{K>L_>euowD^*@A`itVmsm6k
zR0_oDQ>$9z^l=`9J`XZr5r_k1X#`W532+$xDmf2IR@GeS<!FnoLmYgd-~>a5RfwAF
zu4nTey2*#~=viRza2LA~1N+72*a8Ea<`n)|4PzS@UyL21^?26A?)d-|!G_0?u}e6y
zl7>%l!V*yFlgR2X%p#-Ge){TS(>S-xm+9uSr^n~Mz<xUpew<Oy{&yCb{OZa|iMeze
zl%V~JO%>^yR<1G}0;_leY2&?R0Ih|psJq0tK~`)71Bj+l7SzkCR6j+;jeN06kaO+n
z&31U#|I7)_MFv?K#*V}P%5aW)?y5t;%b}azy`PBpLo<#7jk+tsLiu%bgP|#lxc0ye
zE6B{r6I&Mg%!VQB)eY(a(Lf^p>DsW*`SpW=Zi-q^OAJe+%I*H8;K=e*$yJSmfqRLl
z-)M5{iGELG{L#LX?{NTSM^u0!s(D`JVv;fUO3CVI$r&4slvyvH0f@{Z;f}ldFgdLl
zOZui8T4A_iYmN}n-?QcG0^EEt>#C03A<wMG;<7I0yw^Q3Cu$0aib0H1P5u)=`H$v!
z+U**OrVtYs^pl?C=|r$&%?DWtLQxm2xhl&5|62%C^7eN}sA<8j-g4`EJ<*?l7+exb
zf8crv3Nj_-p547<li*u#>igxZo_+O{Of&?V2eCyJuc8B{1Tpfy<OWvS17@g#%mxTG
z@u;hy^TB)-s$;?Bbv`e}AoF4I5UMDy9tSM?*j!Ik1yJK!-O?%o7^82hPg?<1JrVg9
zD~Oby)?}hR9Y*GvGLUHvmlDpsDyrgOV#I&Q4_4Gt)-M5<#6oSp4w085$@aL{qTHPp
z!|Gp*U!)SZ;8bWU#kKNnj9Rj@#GI~-2F$;Lq<`SH<8d0s9;W>w?*L}ZkN4%u`MeW)
zn?MS9m?CE#;Y3Ds_Fo>B7oh_hZCY|QeL0R&e5>j7$8<A`-|fVmME}n!$Fv(R&-|qa
zmaB%Vh?0AU&yjBfPvsX&{A1O>vXe)W#OYs@U=gO;nlZaKx9iHu#R>b8&Y@42;;mIk
z{Gd^F<MxiMbuK^?#Ej-|sPx?sr6`R!Vs&Nms)giBcJ0sJSx`TNi`>hqls%eSkRVjp
zyK9uMNMf=8B#$U|{mY`-(aCE+(N&!#%;G@9oc&1~z`^ok6`DXfct3;K9cPEr3SU4E
z*?I;#MD}lj$hns+T>3p{RM4$kx3Zu{$5!+v5Lnq{$hol^45$nSVxQWa5@7o^ZY81%
zT)Aqa?i)C?R)?l)rGuK@%m7CvqtjaY)41enzhon*b!8al&^U2Sv_U}`$kCQ%U2cfA
zfletnZkhMCs8cAIbc=n^S2A&0dW-PUu-<)K4K@6X4bKGfkKH;Z&<}acQ;0)zxM0{r
zZLDPx(aO{eYltUpg*??IM6FgDUh_|4!|IsJ0vpZ?oSJ5`RGId1rqGh?Us0hG-)5|m
zsu_v^B;&RW=a%ya-WhiruQ1#;gc)DbYN^RSqtba|k58#to@}7dU{-NS$%UJStQ&yv
zTlb{2pb1r<qY__n>-nLSDf&aV_<g=gg8x0I;He&%+3{@Gqr`@CVnXNb5O3E*&G#0*
zuhvD0l3%A%+dua_m@~BJPB1^a;VXZeJ5~xRg&O8)z2|+zqB54B5N-eb()moJp%h|U
z;A^RF)9GXV;rVNj7c%H3>o-Au%PMV;&!@8<ZJ^Kcc?Kd_1NSO)YSa$A0N_T&x`Vky
zf$%d68%^ZDtg31?UOc@(_UIT$z})wl2yEz`LL^><FLnTPG<jr9RqV12k?&H=SqO+s
z{7r5<GxWCgy((cGVk6>97BP1W4{;{^*TgENIHDxXwT!vUCFtlAs}h#1eOvpkv{p~0
zo6L?agJ)hH6%6f6cu32T<6dd45@zT^W?1e`X#^r`3Q!b$+Nqzmr;Sz4CcwAHK7SwP
z(vOhHJm4*DuCNk>gyM=%%eKGh-8)`YICkvkF@jQETk2Yl%n!`|dZlrRx^lKzIV?O=
z+isnBYV<TUj;5aBRe`wbH2o_PvTW;JbJ3*f1RtdQSEDShGM1Reiw;Ujh}X*e{JNhe
zeM9_yOo6G)p@EXO>`p}~i8Re&f|PYHzNP&$M0BH;n6<hB+Yn!Kzja5xMFJf8Mktc+
zu)x{GF6Uld%FX(nJ5Mt~V9N*r`F5%s;R|*H*Q%w6PTgAiYiMx?IZY@*HnH#Gip?bn
z+P`>{3u$p~smqQj<<=tPt&?;=tjC{TNUab{E7^7D+oF=r6SSsJkAy)#fR@mDruw_3
zmQHrDd=m(-rs(aD!rq$Ww@BM~8R@c-5*yA<cklIj+8`CdYPfHB!fc?EFVK2?NbW^1
zWZQU{2u5j@#!h;+y^F|f%z3-2-4i~&lQ`$@dPeiNTl!BvDJzH`2<3K26CI7|kZO?9
ztWpvox|=%bq1&$Hc!FpiD@Jr<baL!ZBmM2FeSfoiF)<88rbgob&xhAHfmAmMv0=;j
z6CtZ#&n!>jwzZ}T$kl;zI&I_VSKDb#15rDNF%#f7?t8b#X7+#o;nF}#@>;r#+=`nU
z;JURbgW_P}X{Z5}N7Pf)JR%>6u8lynh`f0i8ngB{*VhL^E31$S-@SkR_kT^t`iQ>2
zN9pX=-s-R`SQ@;)^VAbSr!W_!9M=T$z)esfmKit*<z7KK9mdI7u>TXm_YfBl6ih%R
zKVVyS&kTq#;(f~>RvS$S55YDMKDqY_0{{Lxqe=k;S~vLtqX@FCj}S1q09*EPAWmF@
zZtz=G)c>-pj5%O8=_`5S`^no?q~xtFS0W?-=Lu@Qam^AZ-eq9@&#yzVWn+4%<|)*D
z?+<C`%|B4OWe2e#8F^L{{_(iM%Jfh~c%t^i|A!I!xr<~ou2~Ms7Z(i5;(a8Gl-S6L
z=1()^?oRFid$bYV9;idgm<_F2mNM$ciHgRB$rJ6#eq9PF-D`v%d_=?@MtEQ8{(!mu
zth_b4sF8SMn6Q=JK2Sob&%3O01n-f4jCQA^drnSH7IZYW0U~PxhzA{(k<Wbe=%50K
z9xqvV@bAL^@egor{Ue->_WvCD+H**86M8e(pmHhbp1>sz@KihI$EJiDjzm<OXO`2x
z-;Y5&pIR>W;GZ_7(rJPKu_<|VU~uOHle7{1(mSYT6`buRpy)J0#`cW9zP`9s2>Y*J
zkwglICO@xc|8cz0+Wbq-Tmz~d^B+;@A=GVicCJTH9!kLHPxV&@oCX(L0kA#F#u+yJ
z^ZjFt^n@%S?TwB9xn}3&;Is~hhlgi!KRC6U^w%e#c}7qc$~ylpZ11msXR1Hxj$m^w
zXkrt2Gz^5-PV70Lcna!J|85+Me^m2_?OG~NdD+C|B#>fGoV?F*yegQRx|;5hP)Fgf
z3lHT&WuXlC3k9+jQu0l#e_VN+1LWO@gE=+sQ*o#ULf+#ps1*QEj4Eitc=d1jhcYn!
zy7Wp!@H4iScNOm79i!oJDTYQ=Al`^rRKR2pj&d4#^zbgOM{N90cew0zDMCICsKZEu
zf)$RC_O7l7SFl?C9tXqz!kas#n{e1E<puHG^%0Ht09~9$V5&NV4(iZoArR*(NrpR(
zxBTBXyX~QR@M~LAwZaiV0GPYp^J=Us*{Sefhw}kO8MW=#p##4%h~Q}0`J?T=zrOj$
zIReyi`2I7~_6!^79}y47k5z!5{~;);C4xk8Jm|O%hlrF-<bM3|fwdRz#&D98l`}SF
zC1RME9)7gi080Hbq*+$-=heWP8B5O27Jz^8gM))($?56oZcNqp@E&lOi7Dcv`=)Q2
zQI1Ir90Y1{kR4P!@mux1<Og1xL{z!?k1db)qEweSD?2+LRQD51(uxFuU#rSv&0~Ju
zdSeySwJq+<VC6+TEc{R6oB3OwQYy?fd5ceSIu0Q|h!IG*91VNXZ<l`pf40AmAuv{B
z5InU;RND?-oB!HvdO9issdd29KG07v^uQagJe&jq{I8SpBYeEW2z1OQ+KB`~T_s#L
zfI%ycPjn~VPWy40D6vB+LQYoJB^@9YL7wWMfRK=(&SyTi8+bp*M2>dLMmEkjTj;kf
zpVSBmSdYet03yN<U3{2p_H~MWgB&)k2DvJuJ5=941V}Fdq-IHRsk<M#{%RDY=)vx`
zJXa8u!5f{fC7}mDQDwK<ukZiypi&mwU>ZT(uL-&@HF{IBXLKi?3jL2WM_9jNCq17t
zsWD!`)F00|jpkP7n&-3jc6d*)zBlV5H=OC_=H`32+KAA>y69*?40Z?nc%bhul$51}
zn{I3}Pc%&MBU`WA?fb)zD8);~>*7Fi#XGH{qT*119v|KtV;I1L8U36Z&WE?UJV|hb
zZ@iiOfVZ*NAB;(c%^Lbvd~DIMPyka~hs7yE^ZJ@_A#PB9R^e&l+fcl@_L&(rrigad
zJG*|h#_(S&;5)QSruzTMcgWuZ)B@|N53h|-|5Xt9bvC|ydCMkV{V>c>rW_0HuQmfl
zwFnMV=2chvKRHYv2!gJMf^@{e;(fHVM>gGQkEzIOQ^MZd!k-8CRZ8;4F&!Pb4T-$<
zwS}YMzKDMto&J70NDWAEEtA$42Y>xWU01Mft#Wn6zy2A%$&LKgu`r|p(FD~tO`wV#
z!~mjGW2ZJ;jEEkth?qLy!km)Sym{<bGxK9@-S05t-D5Wo_ZyCZ6!1yp`|w&{>cVB>
z9k{=^z(l?OptxzqleFK1rqP;S0buyy*qi()k&J}Z`GI}L@$}$BwW4Is-ygIXiFFs@
z<9#*8`7VxM-&QJx9L;-K)0<Ya<ycH|Adc<|lp3CZ;;-DmL8mVrLF>D6!vesVWuv5Q
zUTXsRSG~|7U3c(RK@m>+*LQ5!k`lJAw{R!L8#5vCIc_C0d248wjkFVvgC>6J>iZl#
z2l~fKu}U%J8>DI%VL^e74O+{vgf}3?9jFWW?tk?Yhr}PmAIl9+nAkS^(uH5g4r6g8
zA3pdHG%uVJKKECmB3TrlkQmK9Z{zy$o4>r^Szez`@VG#!B!M4LW&W$H%VR@>8==3o
z55-&nGo1aO4IQ2>xK_$UY(w2h2et6X8_xMVFL02li!Sl^qjuj)nM6@-YHqIhIbLJ%
z+B=d1cvqM$GXyZyx$Xbp4bS}!7X%B9lTQ~mowaY*feHcS_K>QL5mW~lK|Q=$W%Z6d
z`yWEhL_A2dLCZ@UJR{=nh9R#VqrO1&?~hCA`-`3a*8&IM=ZWGuzw67r(_hM_N)vo%
z^{2W=P(~9(o7T<})TCbR0O#!Nv12dZYldXvpC?vr*f=kH^!DIS&WJKt8-~ezk&QUS
zk4+a-yuMB{xz)rtL3B|<R%!O;#hhQ(6F9%u0J<O(ezphymkGBkGVL~cccqHc2%#cy
zO`k-x1-q>q&B1pkT><rS$n&w@kH6C2&r3bgk9Y<Yg1%j*bI<GXH(BW-JWFcH16KSU
zOn9rX6ohP}k+YBmgeXX?o?xzFzFMit^uy%*^5WdzUgn{o%YPF1`&#*cwq_`R=5;Wx
zE-G@cHZoa1p>jh;Y3-9VJP@XAjk9CHA42JS2o%Xy#Vxnt&D{Ffgz&tQng|iTnozz2
z3Ss;Q!QGr0FP+<@qcU>@E|J}r?eM*4;+^(z(e}C#X-WPvp7jYCIT>??C-d1ek#ZFX
zwp=fUaN@m<=O3`{o-fTTG5AmG{v1QzNJnRHxM}aMeYyJxVMj+tBa|v4$hi?R&z+(;
z65NF$Lw39wiTMgYu~gS`2k*QAy-XG$gSM_i)W5xA-SaWu7X=j#qm0z9UAv6l+&hT)
zT}FV#U~w%qcXeZbeQ@2&049;uEcHFcJBwQhZm_`lW*bxd?XPVm`1g0~5-lm|$0!*^
zjW=yly7l0n5Uo(<ZNVGuHDC?EygALkr2MTJiP0vEJvmr*le7t1?{?n!alwz?gu?Fi
zW&8H%?#$?hdub7f<O{#=o^|t)ASJ+D0|5~GIC#{EsBQ%Ml{Xxp)hgh<^ZQr6P{q3m
zvLOoi#dwkRJC8R0`UIu&6o8oBwtpM3X)Xn*hPfW@O$4~=Nh4@~MncIc*F!aZ=S{HC
z+9##NiKTfm<KzEbGBz_)fPY4KZc`G`c6=0w@YWqbVtDe^xHjFQJZ;DabR~+2{&iNq
zkCpZGhE3o9D*WkQ{FPum3RY6OOZM)%z5OxqJ5#_empX~k;xG8xw93XxX=rGuLs};v
z^di?*5N&$@mjz~uc-!y;I12uS&c?F8{vF(=t!RJn7$4Yl$k9WTdTp{q&!9~oS51_-
zC~{yct1-5@3V6oI_Y~NoJB~Uv-uUyu6GKq6!>Gd31nIw_GNG+SviSGm_Xh;r2`?T6
zMV<r^Yt*4<e>|k89#}m{{YL-#F<X#+@w;Z3P`N3fl8V6*y!GG*o^>5R=)6JX)XZ-;
zrpjCs_ED7lw^Mtocw<EHKys_fCco~B&eq;j0R)>qE>*M5iDWHKQ-~1e1zFUS@|lB+
zWSc&Z7Tf*70fZkw4~-xsop+yG=iNJA;0F(Pv#a3wV8rJRfTIw3_sOQsPq+wyeLE3<
z!G?+Wc|vtPc1Y(|qw*Q3k$Z>&LYO>$Ai$e$E%_sa-~^7sx=P|No6`LV1#A~-m&E-)
zf8pm5FJ&UZJ6KSCY_z((U<5r}Za5eyZZZd|lCW21r!$2%Pa`*kpw8|Fzt5cQw00l<
z?->Znt<fBR#%>oSM1%36n&tw)dWs~s4&wg@ISnCPS4X7me~%UH3`AZJR1~R$AdNbb
zsx&dF!omR~tKVgbA4=*<!L>r<(SCgM@*LU$P%YQyzr$a6GS(d(<dA+}7(}n(UyGyV
zTE+!wf3@gJtq3r4T~dhJbh!9o!aOTnEh+KO_}bh88UVTo`3AM<e*bolxVe&<>HPZj
zsETS2SlKJNFSp^FDZ&vHBDzf$h5pWIgY*aj{HVAzL#Vj5BW$aE*H&fjZCjgg;enx%
zUu`)&JS9w+IMwE7J*EiP@T=~>sqqiM+V*z$CTQS9A+=FMtc(%l6(2o$qQKLXi62Kd
zBY;n<3wIaa^CaGR8u=)WJ(>cW_8dIb?7G=u&o>YRv<(5w?U{y&;8Bl+s4)h(tNrR}
zy5~b0C#6%vq7Q#0?!5@@cbN!c|DDSMk=>i;)$1XMVQmDG<Ksv&+H{6P;-3w!a{>OC
z4IrnvNZ=?x-C>fZfOPSYG^1#>C3L-AyNi*70!45}Kt?ixZh)+(p5sRb-)4d*54GPo
z4w@XNe5ko=u{hZ^XKl&Y)ReBv$9fY)^T#{~A#t-J3VLhHLJ=?y(y#>{{3ddv^7wPK
z_PfJpHai15a8BBIC+7c}X>OS5<;e$oH_aY8V`A%P41x)C#DK=k?>slgZ$F_)&*xcb
zW)p<>SW>&dn=<kGsD$@-*dG5^21m-3_}-0B<W3-~2j>h{^thT*(=P@Tjkq}+8KiEj
z=}jBMR~Pms#>HB}5C3$d%i;(|6=E;-Z;`rH3oqXqAkz-MbbpNI-MhbTO!%Q&*TH2`
z$|FtPP+$FRrKMsLz-JK{u;IZ!{^)l{lzz7$Exp#dZ}4VB3R$Bl{9F<|Dux|aM9<>M
z?M+4mR-`_F08?#hWc0c?Rs(nJ*fGTZK=n^yqV}o&p(~ds>+yc3^b_1ibQ1G#f;Nqj
zcm_q10hYfd%Ee6lkB5x-;Xe@{4{lm0@+4YVkNjtE_y5jGmtrLRlf`TEWbL?#zl1zj
zP#SciNB|#Qg!$qE+b#b4LcuSRC<_2Bdk}Lb3yN==TUz#qeB8Pz_?kheJZ96M$&)nD
zAc|)9e^=uE<&czqUB9xu%|m%Xb}w)c>NUSbnFlrvp&qPig4}QXtBGwM{G+RwEx+*!
zVz{<_w{(tEAF_~Y&{{T`pT9ZY=lG_Z<T3I*WM6M2Uw?mITjoGd{$TKuP$gC(2*^Et
zQHXNKC>0KUd4izbU)VYhPc679Ux&V>^wr;gJVCF*Qrdr+8MJ(hD9~k8qTifm*L5I8
z#FdYRl1plkB{D!cdbob)$A8ZOp!gA<f+kqRg%s60eXZ9+88G<APihkOh_eN5H~xQY
zamSLc)x{th;C(KwLl4!6<~u1i-Kt<+Zj>UO+WX(LaIw}n-wlx!Tw=R-yNlqTBLTSd
zQ})LHwfVUEO2h8C<DgP=8-G7T0&4|y%zp$@-{awrNM{RyLYX?Wc;^_t;Vob!7c2};
z{$_ks<c%r);T9vCKSX%z*-wblimKWa;3w#iaS95MPD8SlaWK<*0sm77FsS`KU_gV6
z-;0@wXQrE;Vk?0y+qy^2Rs5w7oi~aS{~xZ5s^_7EP2_|mh&pg)bo85!i&RW4A>?e#
zq1_C+c##U$2?RewXAeYnFy03(Sms<eA1CBduW)_>4TLpmW8}CGN9;YulUeeX9zV!T
zIshKDQ-0^*W)r1k?G88-;G<j`R;!5Zg=A|3aW!x0H_%zXUkG4>Cf4uCbzk(Ci&A_O
zsm6UD${uZLV8*+s(Kmv}i|BBh%mEDvD$BL0f-Zx&FsR55<2O1()y%*7tt~nb6R+%|
z-+XmllPb6tnBe)F|JdUGoE$H=4GEVGPK<BWmG8RQ8)6nO#KTF?ZF#x*A-10dSCnTq
z5-*#J#wF#77gk-mOI@9kW>{*vek8v#I?w;LUq!8lbXn%eLL7Vg`O9{cnE#e8ZS@h9
zw{#zoB`m1V>)Y<z5;hv`9dsh=TvD?(XHmJN>-8Y2CuhtXZYB5_-AGX&r&2yczRQ@R
zasM*ueuC@UskU*LSx5Ig%8ZO0!`aylRY!y_6xQ+WHl15`?5T6c&5uP)i%Wjr*i!vq
zPG~L61MpABRs#BeAZR>t*DPuCe-VZ;LG0bz+dD@2_Hf+n++4!*=g;|hcw+Q$dj?-}
ztq<_~2i<GQ0af;O6x<v|x$g(?QP7cKY*VlT6G%&PZaZH=etsiDpMZCCR!2w2J56BI
zk#u)~Kw;V{`~0T=*-CJigxCnnvw7i&$wQu$wza8t<lCAc2Gzd3dtV>I&CSd_TwPtw
zf{c2W?(^&I6J?8=2Y()Zjh<!m-(gaC&dX2Ba62i_@h>6yF(`A_H=5{rhIHgVhUohr
z2j=-nL{mR%F~0f2fCCmwES+85(9n?Owz3GMlLU$*HN-fwUAqj@CMG6gZO%(>8i*O>
zKH6KFOe{A)j|_FvPNR1~RQL#`4dz%>xn-FUh-)xZ`nu_B2#NU>nXZSvc=4j0{jq`U
zo@&#G67fx@{tfIE`rVs<iI4>F1+{C(>o*Y?z)WqUO4^CDv$aK)BM2E!R4E!ce+WnA
zFkyr5!(KiOmTE3SC2lj+bXgfL8LCL(?%%))fpMkak~D$MY<%@f{sJ%GV}rT*`NZ#t
z#)mw^@Xa3zIRSa#^i6qSCaIWfVEVU3P-ty_2Bvylcc43DLByAZye;TxNTDOgV}1ED
zo3pLGy-=Q<o!n2e@%=JX`kTDghT}Jej_v8SK%Dylxz^t-#s{{iu1j<LSZo*qeqyiS
z_@7tPJvUoxsIu|xN^x+n_~}ypCUsiB6DI5)qQsysDF#BZ^w1UbBXqDct2ozo;D=5B
z@xr}p8%v0Ym{>%S-B{b5@wD7rp<QHT3GR@d;<Jw4D!R#1pQ8qc!2HsV-yFJ|nBfnB
zINud^orM$m@2`_KqWYp*=v!4*?c@KOsYnWzGT_NfPG;xS%;Vt%HOtxA+4wK&n^0u(
z%f&F>=^?4z8z<rW71GR6e~`K6jd3XN1d=)*hXnUW5NAIxo;k=`NwRs<%23kK(w?Lh
zGC#GJLqSS~-l5{+;*Uy7Bsn#5I5<_G#w2OAa^sIrN)7;fyAN5k{6FSy{e@Hk@x7yA
z(31WnD3h9@el$%;Zifuf>4AM6k8HxyB=o&QNNf{Q!(MZxt3#XqCKR=wI0YKVLrthR
z3WEB!6A?8*G5&uNP-~GK)&4hM(%sF2Xu^0IhsMRlt!4SZy0jm{RMYL-_eQ(BySu5~
z*I@HJ?L+hdDbs@AZ12EeDGwgj2&6@x0F1gKv!h|Wsfc-lIs$?20dz??jnsRwQ1^De
zu6k5ALkoX$wz%JdXu;aSLD*R)yZZ9=&|Q%PqMO#SS{|-$S<?%@c?P9Z?shwk?i2AN
zS-Y8ALWRsoB-#jCygxRin&xT7Pu76ZG+MtVplquNiUA_FZ{L2dIwB#ieADP_;36`;
zmG6r0+``1ZQj6(^@kS-5<{w&Xvjal9PFPfoi|PR0@>xsxn{K|Om?YhSs*#95(>r(W
zr0C(!RgFzfo=%Loaso<F;?58X{N}pqgAGJwZ$9%IR#$1twvK}j7eIa{q0VKH?_-tD
z>J_I6>*#PYXc3<U7A*_3inBma)CLq+Ydflb=R$qpB!7Dt30yujNqx58tnDc?WJV31
zS3h|0VC-!-lw47p;=71o_Q()wD3$fQ<19mcIXDnU$RFo42-?rQif%~G4;l#ZMS}LU
zO!W4ZO$$suYzfIJvfaB4(~|D*Rp7~dv76)tzL8SD0HKpXqGBbUyMRtpGgmzsa}8>F
z6zM$i>?6?XX^B)JwVXfGc=CK*%1YqVP1*QsQa1?qlj7z!IwLm*pPO&m1hZg~Q-U9k
z|HcqqW_CX#KMiQqNoen5;sgaXsL9jM1N_Bp8R}&=-{*^L&<XbS3>28MA}O!_tu;we
z&%UkHm8~@ib%A7?f9xEI>AOM^kh<OP=j(fk65r98%l=8|jcHm_=~tw^@}RN+V*I1?
zr-xuzO44v$vebG@Y`Un4$u9?%g1lfzYF?lBOpS#bpILiGyur~hOno6ROxF4bLA_Me
zDRzP|V2C<lq3nVb!(vuX(XojXcumTE8*rW)A-~*&_*}Pk(VlVXZfd%_xU|%ScyiDu
zgQUw@>&GTwyIyKT;0rzNrn3sLk>lq(RmF3Z%@~V&_7XS}9-VF*gn}-W+#RpuuG)@9
z?7}c9Wr9(!xpZOE4Ffn3^k1?mM8!l<`qFcTxh84i86pjX@^}Cde}6>|=%aI^UJBy^
z$7MIvfqcJv>#q<%kNeZ#?c>2ihO$0&X#ntLsMy=vSNR?HT;F+-Y&_@5txmhY`shKO
zn0czene-8*$u0W3<zWHFMURG-616)Y8+r*;=%l%w&zx~3$b`r-!Y|5p{qq|PbJiUx
z_FMeye}$o{r8WBj^;3bUYm8tR{jts1%Vm_tT{|iCqIQ?GsH;um_cp71v#T-ZVMpJs
z`G;TagHnf0+3{?`*o4d?<7u4$vvZxEllHfy7$%Fva@0=Rb{O*o%YA)3-ZcMJgDEXq
z%h4>?<(=_@h~(Xcs9Ij_c28Mf=l%LdGuX0FKdRi4GLQr&HOERmBq5E{=c9VH6x?%;
zewx(0;w<i0qTiRBrBO%2to~|8Ia5?Cxz=(GpzbwK4(WBQG1Wr(5_|oFw$}W$Ta1TO
zE#n_fonlR?%-+n4o*QQ7`w_UijnCQHx#|6T-F-APO1w?X>%e>xi;|m;{eo*-{MEYY
z;z?OW#iEIYC#`n-MC_JW>bWNSakc-vz>Rd;Ka*ORd;mhDmwHAX_9&D=v%;polLkEJ
zPTlaz9*Zk%;?uHF|0@^Lc6UiW%=%<#cRo?!$<bc1qS<&(V$N^dPih1$wb>&r%XWNR
zsJrUs1a^&NPowX(!SgCwL0r#1{FeotPyUH%e=Ha2wh4z)*U*Iv*9g*gMwc%AlN{3i
z_H7W#Z2<HVwz#;M@iS0yzfAygVAZS46QpUg?>>olkE)I4RDUCJhdhyDHz1!{7FWA6
z?C~_ga?rF#z*f7Y!(F`ly?*xiy?pWRff2D&;c&X7Dv6u>KNt&khA1f63NDR@>=0D?
zdH>S0)E{E5L4{SWgM87i&E43y@k0})85^kn7mANH^rU0Bh0joj_IhW4tGDI^C99+<
z(h8csDxUcG@%YNhicx!pfzk8p+kU3f-7uvb-FvP=0p?`GKNI>KCA%|hbo4P3791U}
zUt~rDZbV86xU&=nB+sT(7T2Xy;vU&9sxA~foU#2lKWFOJ3XRq}$MYy_m&<o((~aB>
z5=$G>&=n-QD86)2V{Mx-opx`J;yABSGIQi)_P`WfoY~JwA3o=Pf!Ih^itn+ZwpBT0
zJAe5uOQ;dl#)2pz*0#fUa{$g{=ng%F6Hzo}{Pr<L5Z}q@lK?=)JAkV`)b&^R`gKI1
z!E{LfLbA7-wp!JSdwJC9B4o+jYpK`<`rokYw6gqNGSolsR<K+=nFP!8CbIQPAjQRY
zC%Tx-M>!Xalmb>Mp4(#oA7SqSPWAi$kH3jBDr9A^LRMt&)1YBzWh)$eh3s)kDZ4_p
zV{ghPD}~6)%of=zd-J<roI~~bUjP4fb-gcn%X!_e`*}a_=Xg9H4|mq(2iV>RuBZKG
zxCa|cI)u;9mdYws%m_>On^_{3SsvnA6|HN}h#!ZFvp6K;Nq}U<F$GKn2to>urqF17
zJ)Ni9VaN=owE9H8y8Lg=rtJc#jZ@Row&;pJnftm;O>h=uYp<p|?jG3!{cS{h#m-yR
zdXg_qL_;Zu9tuW`l|uZ3V{k(+RtYe!+U2qJO0_&v9kZCVfy=6S$7F~bB~qJav`==?
z&o1q$Nd(XEctCn-Fiy-EGD^-qr<KhZRgLxXU8nGd&HnjUl!fJz9ET&Whx>+9!jw8^
zDqVFrx?9o)nAZOG14?In_WtMo6M^XiW^ik3Yf5Tr*;A)ZvB95I^XR`k@)y;&5b2l^
z$*!woRn7yRCbUO)IN}j*NS<4=wqD^-;c~@+C232v)x~@<FAZJG%)VPY5=Za0%?)v1
zF@M!n(nW={Tth^|&&d6K$F6YaF<ct4PR#n~4(~RYbrDR4SiT`yKFr8@#~&0#=<PvW
zATXpUCcq(?j@1QBLs0=Vl6;t7LR=uzVDwzh-Q7JsGc(h4FW&%l7Ga6lj3F8t4Egr0
z9x7kjQIFn2%9@*@F<*HgWX-Dj!;17n5sq<P!$53?flIq|CUxNU(b<G^aSyh^uK<Be
z%cqgN8%4~=4}@sI@+E6``}O)Z#1#)|=}FMGiS4a+bU>mYpr2%L;s3aeIypcrc>DJ4
z4hZ)Il8yW|rf^|CzL1Ktj~~s4Qb^IkQ8pX51}pDEGx1l8E{ZPe!=(gQ!Nl6)RV-ce
zDhf48o5Ri<%RjlM9vO1~UiT}VeQP||qYGP#>}4B#`uh3MJ&Qu(Vn)%~6DSJeF(Um&
zB;-s$hyRL|em^L-9FD5}lLD!4v>6(~c&$PporHG4m<C6^w&T@9Uvyp~j59xX5>qnY
zz(@H9OL|2-<q-8o`$Z2b*(`=bTSJ`2SHU+ex(6Qotg$?4BZq4BeeBFni>E&x1uC43
zig;!~98M+y{M1*hnd3JN`-ZFXf=}jQQ)Oi()Qk}1NYbEfD~FP~rFyzJu9A_bQ1D$8
zoqqnrJ)vV4zS}VFeBp(4)UhSGt)Hg|UzJa88f|(Vd-PmtBqnQ*WI0J&29#NqpEs$w
z?MxkE#!X^j(O*J+_!C)fL^ekexE>cROso-%-hAIqf$rCWEP5oT&0_Ip>lAwbj;~n<
zq95hXb`S#dsG<cGUH~6=>RSZ~;d5utCV@Iq*<8Ie`rk>BhR;cO#5X0hgn1m^j)-oO
zAIf*~zpC<SF-Bhr>5a6;t2la)Y({R4yQ_?G)rG#99w!M@8i~o1JIb&Qp8vgE6#Wh>
zY$dh^ngAow_x|Bc-&|K0m;0Wco+5w)rd{baO(^zpf&}}BhhtPU+eCSUU1QCuHr!ah
zZSCjc>G|_>g#47R>-*WG0VfkdL_=(mQs>)}C;5W3sAC5__5~9-c#{15K>o!4>6<pG
z=<lr0o7&s+Wos6)NsTv|pc3T_qZXBJm!tOw%fwL`s?WU-&uof5S|XyG{N>JeE1+;2
zJbnL*>kd9u3rVBJp5Rj=)Mk>ViA88ZazvL@{-|alw(<DblQby)I-ttK7=4s~Sv2%J
zU^3{0dH%--CaP!pa2fezd6Z@G657xmoNdcOg-D$``gt`nAKoTl^Wjsp*xyj!82f(u
z=+q-9aK3a1jJ{aIYeZuKl5#p3krdbe>=Z-K#gs&W(G1bq=-7Xknnpf5e{a#H=VSZG
z2+|Agp4#1wHjQJG;$-30;LZp2pq)7reSKJMQ&^M|4azvph#>pfXzpS((Ky-&<Pavr
zfa7ZyvaFWm1&^<Zczan>H6vq#!PFJ?mN_v)S?r`lUS}Fnhn;Lx8y;rBc~hWI5i<=?
zSaLuUB+3iUPEEi4Ke(u`O8OQS9F~J+{Lswb|4;U0qK;^Mbb4XTx+g+_>+liVTrgh?
z``d*stA*@r;}f?;pM_8&8tF>t4Q!J|G@iNh#Yf&YHo+IpYg}7->{<IXkV*{AKUx7T
zS_s5dU=ODGa7>C;t{Yh#zc17m2!J8{x0o9n8{0WN9Ea+>Rimd<+PX1AKgn(^6|dP-
z9nI>PXdoKx!YuoX_}w|4;~2}U?GNDUbOfEFK{*;WES2x}cMfgv(4tJTU`#h64+j__
zupi*`z~-Y8tyn+FAyI`%R&N*<uaA#UzPidcf3oAEfX+*g87!1-(i31{hb=1>${lSe
zh{~3|;6xe50^-pc&Notbonw9C(2-d_uz$xZHMoNo^@i@~lZb&SMgCP3GBb2B#dNYI
zMgzMUaQTStbzASLeK%c2ul=L}q)&$VG$Ow`pY7;5+Lkf#I0|=3D39*qsRsxkQ)K8i
z*IXG_mHt!qQ&XTj!Nnu(Y!g$2kk2cEl+mj1k?uEo+QUUofLzGa2(g=ywoF41MG?dT
zY$SdtjSSIotOCiff)})!|4y%ga)>IHfb~!`)V-IMmab#}yR48Yn}qg&ycY<YqKTqH
zk4_EZDUJ&Kf_koQOoF~4uck6!2Qj*(+GJ6;+K(!^a#JA^LT|-2KgjwcehS4}#xboE
zum;l~_CQA<1(ZBk4(peoXeh_7mPOcRk^JnY-mw*;kEkjZDlu0cC@4OxMmwVF?8!3k
zQo#K+XMSwcIpF2ai{#fGjYf*dAjOcqP1=t-Y9huTz6jrjGpmTsw()AB4sk5z_#|J8
z@yr$TqtN`&dNS}kMU%Fmo+GL#2y#4;s>|r7IX(cKEdNxm3;wqIw#NqT4^hSfLd;Or
zlt+V352it6s{9Rp99Ob>S3{lf(NDzRN8OlP%qa&WFSKO2^}V3KnV34bk9y%QcsM5A
z${j_=57DPO0?9lOc|ejz9iWRiBhqyLjvWN?hrmyO#L!b@^d(as+Zkvy!8dB5$Z9YW
zC@)t6w9f#96|`^SsfR`+=DXibjX~;!kWh725SvN2Lx#owl<eC05S#ucP`wj!-?O*D
z;X>6HI=12UXjdSOt3vj`3?7;;9nkB6dh&HLlP4fY{@K)+YU$K2?MgQyebhY=kwUJ<
zhZ1Cp7}W*5Jq|?45Fj-WgYpE3?&V&q$9jJLh@m$#0jMmLz2IkhK=HGQ%DS9q5NK<u
z-i(9<!67@(-@m1Ik28Zg8jv<=tTmZnMiw>|8U2qX)e;jnaSTOIp#tDGCyY-`by59H
zsH1ohI(wJ;l|c3-0LaNb?z4pVhM#KEMJ=Tchi@e*hli<v{KN$m;)Y}xL7HlZBMRG)
z%ug(!j5Ge!1SJO*U<#}CX^<@!O&8xR>5piuJ9c22!L%nw2k=wL-^+CyXRp5*`C%Uw
z>c*-Lx^?HrhQ>OLzJg>HQZ{8*lCQd(S`vmGM@i@qjL;+!Cic?&C@(iGfAm+5Az%rg
z3qN|NCP~$R$3R&nl+7B-eU<!S=n7Ur8H_j6Sbz^&XljN^CSB1s%Acs<frYkMocLYV
zNGQbFh6v#*A*xY~CMS15mMeECxel>>aQrR-HH57Gr3w&v-8~g`$Zs;V68rACAfQcH
zoU7`v%m;vHj~s|L4D{)^!~u(%EF?EW)^^By0;)&c@$D1#I|jlhFBffBb+}(9m7x{}
zk;sq3@ams#=}8gM#1R2_Jugckl9!podl&Mp+zx*Sas}(&#<F0U3;c6UL@0}c{FKNd
zz2Kw6Pin)(9LHz|caTF(aKOp*b#)S^lI=2(8gB*p(_l!#Q#ckClNUs}C<c}4ry&XK
z{EQIg!u$HX`#YoLRYGg4t4$@16S6lWTb*0%@}f2%;p`+(o)p42kxp&~Ovy>(-`?Sy
zh^+sQU1F2IY>kmV%3toQwD^<7U0pkA?U58rmZ3+z)2hJ5Hm19OU)eByzpe-sG?3gJ
z0ovdVBJE$jpcRfoEA+Lkp2j{h?BF06ul&q1#jEU-fHu6e8U)J`(B!ZEY<6+V<^gad
zj^+2^-u!exdVnOp!DPuH-4|XcE}z;6Pj82h7nz+ijRi%dD{PKApqz{ULi!HhzAK<q
z#y3%mVjV^o8jh`o?=Gs<YF-~mqj43q-JpzY6yp&(Iz%dCsR2@=gb|oCSdB7#Sm^M@
zz$S6|65H<IJlv^_I}SsiEWaG>;#;gng&E4N&H(vq0%~Y8L39(p^ny>rOEwQaE|jtF
zK_c;|FX+|F*&Qs=9lU-Ha-8N(5zNr8ny64!0l+r?n}k3PVCdz^ayXvzA6n<I8LnxV
zk2K_C4!Jdf7QGrQf9?Er@qdq<2n-}Xr<i*QkG2pIiFNP!>3i(Z3}5D@WOU)JPZjz7
zc^Kt|77odDyBj?@J~_6i|22-;>@@R&;`k8Lx6NQC|7X1A$yBXDG30NnhHs;GS|Cy6
z#`G{itN`(1zJS0$IH^S9n@M5?vDc7hO=nNfyLG@(%fSr@0lJ}P2?rlk(n|pyeaN}<
zUAy*XuOBu1ql_i^e{^OhaQs25ByKDV#FaY(DXYQnhlYmugoMHmTS^u!oj*|XZ*8{_
z4H<B@yv{GUAIy(lIFbP~d1sTHQ!^ytk<$?8hRp=jy=wufg9UW}rOJ>=5jrRd4}?u)
zkhUOF5{)R(n+0%B*ld~Bb#hOZtX=VJq^I)ow&7QjC|vyy4wCh@ld~?sy?JB~)bLCt
z#wc3vL<v|nS}j0aym{jUqI2)<fxvE(mURU`z6G9%TAZlNv9Y1QSibPG)qWI1d$uRH
zRigeC60WYUeh3r=BnIpBIVas#`!_&fVmI0Lwh+UDQ3v{7o#$%%IulXq!^;#-!Q%Km
zx~*_0-u%dic)?0x&TCB&pSTpZEjr+UYG`iQY^S0f0X2b>(+Y5Q&HIu!!jc=KTxaC2
zyzB*?C~Pq%e_;*cwkAh;%m0}w<_<+is_B|=1qFo}&{u;d-oS8`7rM<pbqBHRx_JtQ
zKm>}NJ$uw1x6gu2OYBPze2z00QtoOB6n}9p`pDyNK8H=GQ!R}bS@xHpUkg|t*h?I%
zA<&f2_<C)>s{8#!Y#A*^GhovZhm`0cn64akvW}n(ay7UHK3}D@QvpONsS4S57+^>_
z>_EV}AV3rGaQred@}_QH(NS2Zsi&WzKhf5v=&LSfbIeI#pWu}d5hFBPhXRO&;D?ZF
zH15#uYk!W&fQ!6GogH~{Me+QOp#R2>JqK%EwZ-R19UUEwwdbHWofISLm;z<>q3r4@
z0Lqv5^|RHz;l^ivZ=dgEU{htfS6z9Q_s3X-Fdh!`<V*7o%d3QoaqXuV%HQ=lmI<E3
zx6CR{U;=emSn%4BIqGj?X29i#8{Zt=Gq4@J5MPdQ9dX_so0NM>^R8Z$D5eo^am2C>
zTzgli!ewn$t$^gns~(2*=g3(J%q0K-W*SoQf?8>HpWlVj%z)}L#6{ZyqJUtiigswZ
zklY!KUMK@*#&<@=D=NLeKmRz7OQKmFu(Tzwkg1ZSf)E@YL(&v4xFygScZEZn_5jiD
zY;vVwy1d}S{@PGK1myvRh9`p#pI@B2QW@CY-ya2a(5tIq^_~LC)^`1<+g(!zS#Ac8
z-l^-cUHBzdQaGVxje709_<R{Ia4Qgy5sO~;?xiCsLggj}DX^_m?8_d@(&l*6Co=(v
zQQTXKc9097S_Xv8nq|Ocb_4+(t5txqFv?8}DFukn6o{`f281nFo<@S=ybaV5@)Hb?
zb|Hzwc!w##i~A_d3X}Cd|J#J;lD-%9*&>zXeTtj^xQ*^3dj<K(#}Q|nAE)hV*)#i?
zr7wb%z~<Su?0-=uE$j3B9aB>#nuTVnzKs#z%l<}7o!tLZh8U{6qR#69sB^{&w#RtF
znZOgQcbQmJq2I;^Rda~pXiFphC@&!J2b$j*=#Z=c7Mn(0i1&o7+usYGo;Q)B^RfLd
zOH7C^;7o-hnr{+_^DT1mTka@P<cD#?2j(cV%kSUq5V5Ye<ZKK4^!*8yGSR8}`PCGY
z;<4nIiMj_ke40oNM7nekZ|ffE<z2O0o}zC&-?_%pddmA+4sb$Rp205+_>W~QFRB&Q
zlDyQP`2E{v-S>={l%J2$pHV>mm<u`zFnJF%66$c@Js0~Qs?LXncUckm>Bm21ReA9p
zsHaiv8;bv7bn)VI<CdZJ82AHZAm(@|KO_N-?wDSdx?_hLowg)x^M}C;oHm<cHMh=X
zTSe!LVE~~Ow0nfUP<#u!@?K-x^@#{U9xFEgp12mV!%ebSw!`av6m;GPgFSxWqK*i1
z3Uhqp_q**f5ML!YY8@l8N^v2VFk8<0t}$YqW}_frAdr9xb=hj(fvq)>MRMqz6ipNp
zVOac&AXFh?XofToO#zRq%%a<*Xvc?oTCK4#-@;9MP)O&7i#=3Chqox#Cq<feISWt=
zWN8eXR16~&!EjmrgOwyf)Y0d`YFt$EqpdBq9Qc-tzQ#pVk-I-hosFpNaE-&>-E3u7
z?MpxN+!kd(*;f>|KE1O`>W;pRDjh<<>pcqs$8-pAs!RicCsQpf-qegYSAwVAPu@S2
zV`g&^3L4eke6_Bk#7lciWt*y`tG?fNkM5{R)l`E8T2yzI9KhWbDe36}F*}13?&TYi
zE%ad<<y3#MDS8li&avkHcO&Q7do)EGECw6mc(m|yb{~2tBb481s?eXd@?GB!wN4rQ
zke1iWVx{J$^fAY77udu!rmew@VZ1D&DMcaR?=C*<JSI_#e^0aEu$ZZ$GHEk)Tk3~~
zzgtd;AoPU*h4w&ZG$}Dqgbm-!?C1l*S`U~MbxGOwyWDpJ(en}2p7<fO`mcMolm<cR
zfaQs^L*FMfM$JSDu{;yuEbg30s<VpHuz|uQ!~{N$k$~s<)xV)<k?ikN%_0{NW&;B#
zKn|3k_S>E$sAD1q3aE!ckO54DMSMd$3POpDhpf}OzbJcQr-eT{oy28u@*BF+NJhpg
z`N8kuFWbjGHDYCdj10iuLI8}6klv(*_gW``4fqU`vT79uIaR)uILc2=y8-hkXs(GK
z;=WW`JI-MJaHXB4A!;iuF`daDWVj0D?|zXVK^8R>p@3Fx`<On|kH2oxtF~GkYzf>r
z`2;C4!bXnexv7)R19Zyxw2*nris_O$OI@CDs8G_Kt<?c>MScDH(l=s_r3lsPMxFvT
zE~C6vaf*51kMMQ!p0iugJ1wD(yE<}q77vd;4S5rQKSd1_&K)P_Ua(KtDR}TYpEh*#
zj^2mgl9=NP-B<U_X$5T^GMrVuQPa@Kf$&QK1aJ3<I_G9)AaP@8kV-z+r7QD3z$BzD
zUqsJ2>T6<#5|G)_9TfcFK+U<?2gA}Y8qrSPbs#Vf!#v|`U-WEZKoNC&36Q3hJ7u;z
zMadUDM4wX}Le}@yhM$@srIt-u^?w`y))VrVQG;WP)0@`mxF#+8cU~QN*uD=2w~Idg
zU9#cciTQyZWCibw?Q=xVj(v3!72}aR1FjFmjBAyiRXK;(35x@N^M~iCCp%A+cGg(L
zcqaIjpzO(>VT13&b3l5K9;Ol8@cnNdG1hX}c%cMFbA&>#%3+O?<Z9P7V=Hr1NfKnO
z18=*X?W~T{A1|0CC|Aj#K3+^zlPV(l=(8~}Ye`vEDT8Rs^tA?@+y5A=nP;XC@3rDJ
z6FWYR&=&wSiP7AfX?+6BkxdJ~5-#kjrG?5&M3hJTd0WC2$18@qkRr-mX{bd$x$rfg
z-pJ~wEQ`auJq{&`p-mCgPHiRt1JZpl_nUvdei$gQ(Os+eP-$vX?k_?=?BTN@2eDO{
zBYV#V1q396Nosh{Z9$74!K1S#6%`exHa6U#i<1^E%&TdR+GQFpMcNj7NlhQRvoBB?
zhU^u^GM}oU+Rz!w7LJ%7!s&LG(5<QzvfmHG6aN?}KuF_<NL~UE`0v~6=&<@|t@Esk
zTlAL*@`hJ9tcNSbLB5runyHqY7EO`;H&oL|&;0l;7UGBKoyl<gfm|PYfc_LkXx#fz
zi=QsqF3rf&+}`Bi7xEKp{sGcQP#$Kzql>`+H^^VD@lRD&g@~2Fqzu=?Eb9-v4F2DU
zZOr=PLs)$ln~je0f@))8+neJmIJXjgZbAr~vB+_M@f=_!vfwTmL_Zo1;gmjN8GqT9
zL4xb+$+C{t2iwDH%-zE^Sy&KJJ%s(%W`6wm(c|qy8Pxg_=SdX5SDa!Q3`Us+1rWsw
zRBs)<=Wxz=LUqVa`q44ykwm4sqY+Pp=eU9aZku!1%Puo|RQD+^puz-{FA4wP<u$Qj
z54EBJx)kCo0hklR8?~ScPC;j;hMr)ZV^;Lwnz<fxo)C4;syi`3qfzDjU_5#x<wrhj
zI-cx92+Nd+<{!b!*PHs|jiFa09t2MC_KSI2p18Ne)M+;ewzXE}BH>&`8jz?t0R@~@
z9`1bwrpmrZc)?#ea_y@wW0bE929Uz%(PS|wm?s{qqON{=?8f(B_l5IgX*fo-r_jsP
z?*>1b&s^~5s@Lfi_Yrximqb<mcuruMuzk!7<NadjA_HxVo<JJWJkME>Re+j+y~tXp
zGBhPHGc(iZd1DT3Tx|@PEjR!0+G&2UY1(}kINdB+OB1`eCb=*b8kj{Q3!U#fw)-S<
z<4sTH0vApaMUzvA<tpKsEyQE0wu@+Ih}xj9a>(7fP5G=?;S<9U6?8>MZaDTCUgkGq
zL{{oh^X*NykR&ZxlY2X*;5u3QTpJ;q=5Vx31V9Q@acBC<P12r`KDk`!2@uO?rlE3*
zE4}}*J)?prK56<Os&dMXmEL)y6HL;Pee{-UqOmcGasY4{8N7)01^c&=_6uOFF%9M0
za0*HQ63<Toxq$u&=mLRlNjVX;v;V#|eSEeKZK5C<ma5uH{Wp9F#Abh+!#AcuBx+#^
zU>JzZh<O#|7EG{#S5OPT?2fix*_+7nH*y>cFQ!eA8s3MWarp8Prnn(&_Fv>)17*0#
zZV|G7QNuGVig+g7E4aIBvpRc41%CtQ3vzOD3Lq8$z^Vfkh}^S}Px>#Gk@%Rc-o9%`
zR@deMY;ayMRT_QUroo(rc&)+$qf-8=6g8<KcdgG6AR@9;*8XzbUe!%lB0m>b{%}u<
zf8)vZ;ZEJhPoH)d>;^Lz8pA-t6<mL_YaJB4dvaV#p49mGuG!?FZ$;Q$q)M~2PzMh>
z7=+G21=c<Ck-ZqDt4jT7>qQwWFY(v0E4#e2clUZCPtp&agP1<leGLX3lQ4762_Fx}
zbda+?=bd%d3$U43-Qz^J^3yVbJ?IEq{?YY7gxsHA^gj$J=r#Vl(V+c`WD2ei&~2t@
zIGA&QI<x~NJb-1*VHz;Xh94#tz4-<QC|8;aq3CCts8I0^H!(s?A|Etk8)P4#b&V9y
z01FYJ??X2xp|duI3DM#E;{W~*syNdB@QM(c<iSM6Z(YeS3PfF20G()@2kIse00p9^
zmp?=r32Zs#qv!{byx4uEk6evg(v(m}?~E6+kgX)lt6<cRE^_kSsaF0*iDijOilC*6
z+^QbFNOSG`KbSgBCPkMEhpN_Kg7f>ey_`9dKm3&S#{Wk;5CG;WEXqs8QMrFMyW*4$
z{C!yL`b7F%wrlXTFv?7YFa+fVTl!*8ykfyem~+=*kmpnrcj6o5!ruj>u>ePIiccMQ
z9e>?|nLQO{Y^YInzZ~FzqWmltkMA#X*1=~J+loGPILE<+7IJ8-z5>8*3(fmnbMy2o
zMAdUWde0v{4h;Dc92==<QukxSrf-YHbQbH)<-ff8&%g?a4ANdwHS@@8Xcb$@L8B5(
zOiaXVfHQ+^_F@N$$^w}W28~2r_XALX`!pT!2)BPW^-WfzC!i5!I3ckiRHT-p4Mu<Y
zB{<v2qF+R##y|b#U+jw8Q9uPNLW$E30)gmNNdSWWD^iNQntx)@CR~5~5J9a>zYnae
zBPEX>^>=zO0c%f>z7P6tAxW=(DZ;IIi2e>pb3`%7hx)DVoqGwH$nggC-5LqgvbwwE
z=vn}>eNqpVKk<A007(rANZSKt52$6^+0~`GX*-4fP|ym{W||3!5I~J3B6Yz-t-UEg
zsY-dl-hx*ZC5G_?U0eoHL;%)3I_lgb7CoTd3THie6zG|dYuGdHpVf64|FD6TzQXzA
zqEnM17|(cNqlP-(B5KH?xUPA~G3l(eSrn$0cNsJlp*>M}01Uv@1m)|`b^g5%j3fEI
z5osFe!;HSF<dIW?O{my51<*cl4cdG@cW3|t3ql`Q(1D9Amaj*S@LQhae;=F*d{Jy!
z5t<;z1PT6r>cjjAg%FGiKLqfw?zY#xwJ`Z>$!+bJ$+J%Z@KGKjX^F49@E0boe&?iE
z2ucahBY9%b{!|w5N!i~*Z?G9O0^R(r9er48pgE2wX7(rU5hjDX*`JV{B4hm5&44_G
z?MvC>f0AAa@PdnBdMYtU9!#m5&CJfq03SsoWbgtVrkT(H*Vi4vE{-boL|#>N`Ojt5
zu)oOCVY&_Ibj<gu262vmFLhb{CV)0HDN>tL4ob$-Rp@VE;S_{<`7LDg>$#ku4Ioz#
z!=m_QCj+FdV7BlO5bHQ}i-HGzqOq~HS<F7&?Jz>cai*BgZu08IHt;Ljgd%JA0tMvy
z0@3R`2Tj!cm#2e%M<9Ow@32`+HI5>G7196l;vWc)rUG(x!!>^~6AeB_PhcGtqASMk
z1)+a`O++C2C{?dw<IzC*Os!4i9>eJB-Q#--Am?aV9Gj^E#7_bj`Zf+k!oWap)>8jf
z^lvyil_uB-#sNOMzifcF2puN?1i)&Bdd0okCN-h(Rdm}^ky+7uMV1&1RW~6;h%F4~
zYK_Z+5JuR46%{VC`a;hkMG@t3@;d0-E+X28NtJkb*^EzWKSw46<H0^0AqO&Q_ASDb
zNdVK%SN`@7@321n_nZag5Q``}Tp|pw0OTEW=PXfC?i4ljOhC;sdaVA=(d$Dz#RXLw
z_4f=jXm1T|zAzZDpEzr=^4Af8A>}cf&l*dIHlb#jaF6nCXz)}dpdEf}Qk0xFUm1K1
zKl=MP)qNH_j*JlL*vloJdO{sU=p@qQ4fHbPD18Ty9ScaXF9Ew|{?z{utzViF62KQw
zvz2qwdyDRiuG1`%TX$V{m+F;I95l!aTM}#0wjl-1BS)YA6v5H{DjFVbicr4&BXTcr
zQrPnnE78#&9z$?_gAT*#6yiUY%_j>&u!o&b{^1dVUsl93mgY~ykr7CME(!NJ13DQ%
z4R+XqQgH3-$g_d(dLE@2X14_A(0MM5{x(=0wJmy1(?s-WM=U;m{^E7?0ugFNU&nss
zsMh7g{qY=~w~-X8f-@a<T4=|EvY(jCZT>bB04~<vrLGtAoICN}1Yn4a0+4>X_@)+-
zRsS%QN!x)B7KqdTjB?pCY{B(=J7AzIhLH*#q{-?bcYkrk22v?BbRF*|_(IVSI8si{
zKahBbuDY3+Rfo#LaJ=c_e30j^0itO_?&I<CdJJNfrkEe+QHv6|z-l3sUvBWT0^Dx`
zj|53jUK}O?E~~AQJ`|!0{9c6og+n>qUCW<{t1*1Db${dAvsv4+Y~bvg)5k2z;Lv;X
zrdk`J(CuD;UBuuhm;uHl4Su~PU&IUau>^P9UGOcrr^SDlAL&7voL11I>j$>qv4bdx
z2g|0C&tO1VNGa~GC5pjA&&uCVn;9*vb$u4~!!gjv<g0wErjsq3VFy%edJ0<Tmy6mj
z5Ib5$4;NW##eV!?iH-me=Rt9G4%r}}a`c^llU<lCs44pKlDqt|3{|jdEr*F!bn13=
zdx}8R%*4in;ph{v1#X~;S@YSW2ZOodk_bdQLkd}-F&Jp>TBhYn<Ak1z`UO-~B7!pi
zKsroa!Vq+L(r!WZH>qnunOD`Amiy^7^pv2Y7_hF<=2x_+S5*u65I7bFrqFT&NI3Za
zkqud>D;|0mu;*S;A~Y9HUKnI4NC&K4nqd*U<W$u6!D#@uM`%R50_vv00lOy^j_r<4
zNIRh%Nj_NMWV8$U411un_tRVJslR?VnDp8Yv@X5U@epl#Ke3|?$UJ=QQA8H3!C<=)
z%s181rk@WM5uJ_vGljGHG|2PE8la=4c^jsh_{TkrQ{d}mE|q;v8HLx!A-Rrx|Fem=
zMTkji@*c2$OR3-OXVA|O4|Wk>TwDaWL_`?LW^b!U7=&ek01IRQC!o7oLtgYt$o?=&
zPPsbrbZ0f21D$)JUO^-@-#<t3-V^;hcW_J8Iz8;nZlU%Z%34p7SQzpr`1?7Q;+x>-
z3kpF89dO!q+5;>~P|ylQyW+CbKOE~Z{mvsjyWYwMEAsMt08g3|-vBMkWJrc1#=iaT
zG>`x_QFELtzKN}Ev)J}Z@NX6r6Jd;=(^^)I_9!3~J(x(zAuasEH+>1^hzWr`JeBpf
zLY)e%8HN!|3vm+5#273fSGUiexxNALV7w3=|2!X`L3(~Qq~)9hs+}oNlVrZ?VBcZL
zW!7o|8Xzb85}j4CUYIL)sO7mml?dGjeb!ZbnvO`9q3@UwX>ZwF-naYIiw9eA2N4oL
z0xuQd_xL-1L7k>;AVC`a!pEm0yLd?C;V@CtE|5o$kr!L~@?yQAMMSF_d!r@RGx3j}
z57?}3A{)#14ionj&<8F1(uk%KdvjPN>Mm=B%7*J_f1p`xLGO^Ox|^sYMN?iMgvlBu
z3x0aLkG3IYJkSuPONOMC#>QT<d4l}2*BlVjaSBS%v?z=~g5n*n01pN+K3K3E{3bXE
z4g|CjyH9@H(Ao#^)R11;)WZR_9?!j={2nmkoSN@zghO&;1kAR}kpm33lb*zCJVA1C
z#k^(d2B(L$`=sdbU3DD?)$JPc%J=nqQa~v*k`f_}TQV}lY6?ILX!m*eMLw~OrOgwM
zZgi?k7_MDi$aot)T?>!^AO|YWL+vaK`5UYgI#%4EooD2+`I%0BcyGZmwa^E2xmG^}
zxpRmE-P5S<Wim4w1kSJhxPukXc8HLuMQo*MHAS%EiugR}yp8?G*tP@o<gMKz^!B>+
z<ka=t*Zj}8177-6$OtokP?8GMIsbaS`ZjL&5&$3F>^+bKJAWnPmpJI3U&;6=eZWXh
z*|h^r)<e}DlIvL!MJ@{mK)X?)YKf{!$xdB&ca%I8u#y1qO%CjVopH9J2?B>3pinA$
zcMRj)*Bgekpm7QSd$L)t^gRF_#&1IkN>_yYAa#m8&)p5|t4`Nln$30Jj=GDhy7qq4
z6<}zJbA;^x4ZMfzyl_A;*xQ;hU2yR;Ab9GX<}jncbRe?%RKevhaN@@gU-e^h8%u7-
zN5>2b_DR5n&<M|;M%M!WPPcGKl&Z0RKx4h*oWBJ<R|En0zMCwRFSm3e5`r;lsu#K;
zu)!2-J7m#ApVM|X-@Gd~3=)@shGzg^Rk*SVjO0S9C>ep*p1xCx=YOgOjlpUaS=>EX
zzIyOR)hfo)6=<vp#lIOg>^JY+2Qr&MDOKB<Rgp`<y8FxTQlXKwT2FpV*9)6qFfx`=
zyBsLhtUjaLrQZYR*SrjfRd)dXCPDKO2!R4AF}}58$+%MQAu|u~Fn7*S+f-+5Xp|y0
zd+i%8ze@tR)DJU70G<A|0D?q7B8(b(TtLp-9;kq*>a+qvIS`(msau<RXNmS1Xg~cC
zzeHf_xI#&oRt#R=8d;(Ekv{~@l4T*!K6CXD{%|99aofa#2;hX9AN#4H4|GA57ykQs
z$$Duar4i-0ZI$gWED}5hVebGG9Gcx!WoK`3I-_Qh22)AOI{QdE%|>5eKWGog2@bu6
z1Y4GjfQ+KLERK0tC6THylM_X#rgi1kM431DM&}2)D1qcju}R@EKR&wyJ>bpTA=O%q
z=1E+Z=-?rs{FCZ5Y>IV*p6yZCkTU38hd&{0h?tW4VGD})?W#afSv?g@Fu;eStb{&>
zN!-Hj+tlF~5z%xggy7qo5fJaZMK4Z<#71eW+@W--11Ag=0G!?QwR0<vD=_Hu%&k;i
zc>VTqu?$v$t<9cMoHmcTwdX;BaqF!O{39KI9V$jAQ3IA%BOeerPX8Mk60i7q&N|%w
z8&QD<(9Mk$wANK~=D_5E<ak+Bq}j7epwa8q@3$x0Zbn%Yz*OG&&-fEP;wZ$qCB@$?
zUf5_e0m(D3-u7I*Jq=;7^$xasl)dW`+I6m!cct0Z+ENj)nRV|Q%t1=y`9Gzd_@f*9
zDU73EC(KNJCXkFC-2f_ME0V^cH!}+%3J>>@Q*?(C!-Z1rRn1t8Fq%;AF`-vuA9pJv
zHxv^!mw_fPU<ODaxC)ME-N7D&x9zwsvHV)YktJhB*L|&PY%IIz)9_Zz@LkB}RPAz3
zkMEoV5%{UG7xn}4XcI%-q-XH7!R)>%=!5irg&_Rkita?<9jD~<iV7G#zBB0nyKwjq
zVJtYmZ1*ok_u}3T<Uw5v&q2L_<5$6yiah4HAa%&%qYUmL2&rukhV2*Bgy$<3-K|}Q
zcZS|6U$rdyj;S=rlOYz?2TdjnZPp1ce4tv|TULBXO#lfdmjT`L`_zJKCPa_LM!Zh7
zUj=73brQJOL*hsvo7IBpn;bj}Ksb3i^8=;40A{CS3abBdy$7EAlb$Ji8^e-&LyLR5
z-Ss9=osEc=-5O#w5Sc<gW8T&BUbF(^22H#-oB$;LAju7a)_E?ocwVdAbGg_rZHvt)
zTLtE3v+mng^ntr<bWX^9e<d!iA~hD6Ln^pgr$1Jtj=Gc9+p8q_!)%TGM)rXsozQ;k
z(i)`6s^P#pMAdcU=Z9yTrG)X5z!7I1Py&9VUrPvErMeWlzoIu7au77uLV>EfFf@uY
zFK}xNTvM=ktcCKGmerlAgPq>ON&pc~1(DMS#l4P*ZCs%Kd}?}(?!amNcdOH#-#>lm
zV&y@kGgsEq5xZWnJ^wWfheWZuFacBEmkV_Oo|AnY+r2B4-=>^{Mtz8aRJdqmj#4YR
zdQ$RW%l;EKx$Nd7&gWY~b{S;ka=OcJ-pS&Wt7`eUnd9CXS+tAW8E{HHm}}kVkRr5E
zm=95wZ+IG<+zlqb0lpwb{5Ot{v}z^JwISdeiM##Sq9@}#_X}>me5-np)&1IK!85~s
zZ%yyOVY@?euVcyjDqy>D2P*AZKz|l=EwU2e&YRf<_qEIYseC|+7njlh0XB<wtF5G}
zswxHJ%g(fLtFt`Wo1C+ox-Qen(}lV2mO5;?bvyH$V?lB6gEln?<6C<R8qLZ>`+bK+
zZGTE+T)c%;VN&D+rFCwuzKd)B)Zz-D%<p4Uk}XK3*f60fusn0U<R=jQ3wgzqRCc@j
zUUbSKRiMuBHqaF=@25PxBy@KCch2)+&a;7-=wnM38p7)giVfgAMD$qnavcSNFr+WY
z*KQ`g#Trdd0yu|Q?qAU4NMewLOVC-RbKGI<kf(zyly~;sL|%&)j%kb_3XaUE88c+7
zT4t|$quM<SN@KQ5^MDV9Rxhi#*zv}uAf`W&VYC$(*w|?YZuWhB?aIJ`im1oI&Tt$A
zqF=HGSi(hly3Oh{DWX}2cNPTWoQ7PJw*%uBHHy60b?K=0`YQUn->P=M@d3&saUx+W
zH($KK!lJamZ732ZFCW2%pj4R-Yhjua8AfWZng_3M(?;xxNdiP;2Q;|INKeCA(*glE
znEeH7Vv~Jy@}F-)a{wN*#UAEvyhPhjpef$poHD%IJS+=ENsj&UyX7SyRL#2=M~Ps>
zht9(5`b_J8&O#`Z`#G<h&F(-99_N9juYzbfzlapS++H*=y?UTbjRnzYj)>dtOwF6c
z)O5v-b{uk^Ze-6L7(+t1ab4hdi+idAUQ}Pj(q@0mioR0KKwD_nwEJh%{nXLZy_*Ln
zAYI9{G&~-mu!l;jXXIUc2(}gv_7^)K5$(BGp^%yZDAKED215g+i=GENV~>raZKaC>
z)GUbhOQBc*LIP?HZ+B<87^D^xxKG`jwmw+5uBX@^y}Hi`2q6rEI3Vbb_u}o#jnH*M
zyl**F?mTU2?W!dLfcEQ~tNrR#+g(s|du(<H6omPoZ$Q*l9KU<B_7t#HHFQ=N_ZJrP
ze4iB-IMvL73E?nCFU=uHwR|<pSUfXKj^DCZhO5-@M!4wHVj|5!pcR%fm<ke#K)tj8
zq@|crDUo2ut<bL!H0}!KD<ES`kRKNXx#kWqi=5x{iX}Gu+uImH%f66iS0lgFbGNY@
za17<w^4YgH^WIfhxOF*MLlEJPqMV`;NS1t6-E&QS%+G!KZJcbb>)>ogw%Xbbk#vCK
zj3FoHFCv`m@$mGroA`uj`7m0#i#?@&0_eIJI=9^goc{TH1kXJWHauG;lsN`(ZiE$=
zU#=J>&HXCT5zs2D^`USqT+^0zwe$%BhXm3sihDmw2eA982YXcqj`LLc(hspmugBZc
zn2XF4?2iz%L+?o5Sm_&~$rW%_X_}SUqv}JfUNG88g_;QL@CQ1m&lgb!AJ02k(E)6E
z4$=qa7*OS$yYTZpPGx9uG0@GP4%(jzdTi|PA$<TmYHF8}9?`9Undix5h`18^IAcGX
z9^mi8v2QRnks{jC_|&t-L4@8bcZ%q&A9o*M_aMXjmRJE;h-3leiEh|lMJTKMj%MX>
zS~vy4X|_W0%HPkY!DXi4i*NdUbXKrpS}tOKe`isz@Eei9$F**)`gcG>8C+EvIqH?w
zpp+a{cF@?ezdI?Z060D4ezy_@N43b&LE$^ui@>caa9KXVkExSpD&L5n6ia1JjNqbP
z{0wp?PdNgy->~fl1&=q)rYbyh)6)%s(`NG^+_Br<?x~V^_yO>3W~b=ekMrE0f7Q5D
z>4zMKifsvxegjPL6K!dF@gW(aH`(iUmy3ubuQm=-y$#^EntHXd37CP@0v`1Z2mRgz
zR60?rQ~_j*^)~*gchq+xXauKjahL7xX-rGb2g>H@8%+seE-wAr>Mi=w5*z!5rpgD@
zd!w`1O!%MmuGem3!5N|Wmv`C+g#tkNPmqevU@raFc;Dozgq`mhAJh5Ezd;OfH3poG
zx98dR#U=dwkrQCztLNG&>w2ETv->180X`zScFp{~j!b6<?$s+Z%|r33J&>}O|1l2f
zch5zpcS~SGr!arkD3p^{fRcbL+rl``{mJ$oNJrN(xG!K{F`9g58%rT)d)WsaPa?};
z&aWFw4)ST`gz{;9Px?OyFM@iw7d$lZ!b|=8-W!em&}3zni<a&@n5vUs`ZWVwJ{*y;
zd7!sbs2A0>07ccSfsW+{H3A8mzd(lHh<iZxuoIej%zQ(R(G3dme1PqIj`U%H=GCk)
zpVKm;zR3RAqLnYi3Q0ZX6a2&(m!UaMxr0@O13va=>1u%)j*!56eN_dRfwag{F3j~<
z%bbRy!TPE_XpghCORwR-kq*9^vEFqdHe=vGHuHvn>%q7#&x_&BfZ=f1#jeu^Lrf}L
zz`P`-ym+}9zbw(_;t<ujgp$J8Cx7ZJx~M~>XLiD5je^?{liR_@!M>iaZyeFrm@Fxi
z-+=hZ00N_?o{bF~o>J+P#!7~=9n*mLWhcK-DAOS!RcA3L@(%Q?dMKhQ`qP`Z-B@BJ
z;>r$ny{$H3Y{r{0!~TG37qRhD%_%$0XZy7`c*1bpE2pHcMy{JJ*|Fb9OD2o2!%6Q>
zd~WK^B*RHv_51nNPJ@nKfzfD=vm2|lFGr>qcUu+>1r_)cT+9Yf_q?F;WveGj35q+l
z6e+)1evYEf=a;qblUN;tziO6<C!mOKQA{!DF1GZ$VzbFC52m=)Zte7$DsPtNs&j)3
zUQm0W0h^dh==nP1U!abpSEQ0iYtiouw~d)50QCwM`#lh($r#5tsIi~F9hXYD`SrHM
z8=WflLh`E3+Ft%Tr#5r#SyvGB7WcRQ+Ne6%o8ItP+z7v5LIr$OADrzR3hH4J3>zS)
z-iVQoC;ZuTI=&xGL`8oUgD!CVviZk(#`l2u43Hv<JQUIcSt@8XP{000I5zrN8|x~;
z<gF2=jPor8dn0Egzp{<17A@lifVm|_vTom07x}IPI*>_w^2VDP7E0`a@h4j{8+Pli
znuwpGz1R)qu{jq#2f}<7f$(b%BxkH3Tp)9`f)ARI9~%zxvmAfeY{ncqe6`AnW;nCx
zK(koSa!YKTF1}JMwuqMDD~|JmsYgaYao@%PRNlguzHQWNCYTdq%^r(K6aT%@s~gG-
z2Ql41{5T0g=2f!UdpDT8$yG^ZIE&~WjyCG+dPg#qP?9^Pb};^?{#27juieWyP?{Qt
zt!#O4So-1Kf}+o9dxm#L2{qFI-7Q)<@8aP^N-Dz?t!GBJH+9?5wQtSh4C$xMAkeUw
zhAxVYl60r`$6`YCHTT1BZlbXOp8_%%Mf*P#_HRQ~qIFl^jKaDdNFt1erhQdV>Lbn1
zx|4b<lw8gOZOz`6{2fUHzt+&PmGS8UoX2&iBzAUoX1BL?pt~O=Vqv<!pOPCASaMh=
zw`ws}uTBV734?%K8L*hj^*%cjx8!eZ7>BrR^a+7LEOq&Er%XFNX}kt7jl?;|0^8ea
znL-D{2Rokmt#7_Xahqp04Xy5MEjU(*)_&HInSUe0bvG68d~NpF?y-5KK*2+e^w`66
zB`Ia5w)0T+@iPY{O2M`54yZm#oAn>jNYKORjUoF1{Vq;U!iUu$gRrf+=rOMDad{64
z{|Yibi-UvPE7gG0A}c6M_Nf*Jsallgd$Eh%+)@c+v5B{}DZ@3ic=NLrz+Ud8rm0;F
zg=MO8_!}kS>3A2N2icUV!{r-(;}1XJ=+t%SZ*($_6oI@6*RPXTU$ycl&Sz<(%4Ic9
zEJ{RLTAHRA(XD7XqYk)Ud5ggT@3{>*2kkG-6t;6;Y&B(6+f8YbjPPsa=%C>BiEEXt
zqo~pco|>;<ZshkSTj;}2o6_E4i8me<l1Z8~x~UH_@@<2N!KkK6inLvbE0wB=Bb%C`
zx`ZgRTuyDRV08}=uEIZk!+AgCw$l7|zv-n})zW@Ilx5`iB8%Q@44d1&>g9|&&f}pD
z)Ax*mg{`neKu$HAH{TfW<-;aqa~(6TD((Jb>ANN0l9dHSuG81_FLlngdhV|rV)&of
zX|VY4?aBQ-_fNqK6wQV59VX0*!~=Xj?Tzd0k6RHCMw@+H+Ol%%E(buYL0ZBG=6a))
z8rqAm%vryW=J&Nfn;4BxfW(qh3mZVbSEW!71eiDTnyEVqL<X+otLo}O{2^d^DE%%y
zEv@U`T90uL-58~eXi-U#s&kA0?fM3}=Mwq6&_EHjvbImAn~B*tjOmW<b}1QwX25&r
z@jVP^CU>1zAm<>oI4zb!l~0C~7OxZ#UjK5DE8t{lL`HIfe5NB6cIK!qfFOfB;|JUh
zG|6RkES8(l#3ns=VYLq^xvoMN3^AG0qU&(f&_?CP{A*4&OKC5*8vbN5@`s}dPrNb4
zYHYC>5|=f0cc37X<v@BQ0}y>xzNNA%VUU7lcay1}PAt=M_S?I4kRVrBWw!GQFA}6l
zIYkdL&hpk`cY~scTjLsYCN(9#=XOV&e6IVvdFDcHH}(RkoRf6zH%_MK-7^*Ibp~Lo
zsQg^dz1e9f4rHEV4$I97dmtkTjXdD`32rykIL}GOKBiIQHGN1CYI@Lfu&oD(ek*Cg
zKr3&rirnk~AVZp#vv%pA?Rhn#ie)>NV1mW42$HP9u%HbG@508+S?R)BCp@QgDQ*!7
z?ey+O>o>keV|CtuViI0cJKz-QBo?p%2J8nd?QBmq17(lcy&b5=HfUA-Dix^*6vjb9
z%(4oI?i4nQA8>7J>BjRs9VVg-N)><S6KYVa;IaI6+9B6fr|{?a@=^a6&@0glKdE>+
zsFYpcCQFnM^xJTVv!;S*Gr+f^OVfF(vM;Yvj}C!jQb*h}Hhu8@aP~8aVsQyfe$K0%
zLrS=EPN?0ZyLfvsL;M#qoT=>}?$9=2P}`2-?MZ%JXWR=a9OU_}Ib*!pW}G?3?x3*U
z!e-i1Ah)iuB3ndCfUyT|wY>g}=8GM&+rurhD!O_ZPtMs~^Aq9%^X)y^T0KuNnj2^@
zP@PxmD%vem5~X9w7AwM`uD|IsHrWgXIV7rz04vNw)Ba6&J#Q&4*H%t4XI`OuG<@^3
z<nCvPPZ)PNaJCiN#KVTbYPPjI`^T#zt^0GW_q8Y6q0ZAztEN%P3D^K+YfA7N$DGg(
zguj12pdqwO;KXL67wnaqgy!sA&uVFdLfG_NerxRO21wEv`@b>M^ia;&f-Nwd|1o7=
zUd`cZte9(;s(P}q*cgRI_$<w$Q@vHczn=^dS%BZ7(iJ}4CByM$ZVjxd(Hcc8r4%zI
zo!o0G>YPp&yEYTrjh+2q1Csk=k`v4JZGintb+S>*fA7;7I$4OH?1qzTnG(ZOr({KW
zxwpziHncy#YHq)&-)D~t6VvcyG=XZ@mqeu#2yDxx3Tv1D)8`xupU<<s&j0j<av_dL
z{Rbs8qQ1R4!OGYByR8Rq?f0U_1&O}!kdPb6a1JRi?KmoM25y16k#P;9?b{nFxg6F+
zm4P6Gaq^V*DqDUEf!378+>6VlUhYDKuIma!C1QY>m09JBzk!&CfK+W$y5?@ytN$E!
zWnacURMOet&vkCLNHvt6Re!-cOWLCS;Zf}-@lc`xQB!nQ<C4FKct9vLwn$Q?H;TXj
z7`B+l0XSIF<9+SX@&+Ab5y{n6d;L{LcEposmOhrP{(cUza7g>U1L<2n-tX2t*K=Ar
z|0m`E(l9lz2^)lI7r$z?%M?$0&sSX{PeyPprr{LHw`ceAG5mb4?@!0=PlrUA{0fKj
z20qa)Uf#a%CQsSJU~a0U!7t$%L`KRy_VC?&=cuNEN<g+nSK#cEYbISEWY=LoONuCZ
z7D0cc3iq?`tob;BMxc5BVFW$iX3%e2VFgOkHP>v#<MSG4Wa&l*G8VQ6`!E+I&F8l|
z&``-Ga9#ogi*KV_kye-z)ZYTSUuZp`=R$sY>%`7}Amva-;5Kr~m0H8-dAa6A#wG_a
zfW1JL1{IUZ0@(_2Tp&;=#1o*w-ym!^F;^4?XgDM@EhrdX-}ehv)&BKL|3MaA{Oe^h
zL{3_QBj9>iD5`*ZTg2Oh_-?<S(aAz7d@A)Q<S<Cc<L+^CJ*d67(K(uq3{}7j;GPDo
z%F6iT1z~&NgFHe;nM0QGQadz1Sj6KrO6gk(WG|1d#W)T{K;^Ywi@X$v*@}Zk=b)A^
z1682*eFu_@Xa()Kc0b+Kgh4Lt?#^jyvi;3^$ykUDa<GVcF{*0kV^#lHM`WVr0??3T
z$<m_0%gSP=Bv&T@p}^hS7wX~ON#BO6ev)5rTP9PO379Du=NuYV*S3{{>kQFCJ+1EI
zN`5J)51ni`6O_6(!0cYsd)-}GKPtwQ{)9KiOhLnq9#Z_R%U-V9UvsjsL<T>Eg!yf;
z9#D`-vNMHLfVx+AS$Y`<o!v!AmfZ5?#=FJj7|kUb)20fpnmX&oOkLQc8;{HD1wbhS
zo1dwK24f*DfuicnSh&STFdQJ70~Hijay$ke{3DIWCj%~Rjpf=Oi%>b5t75f%sU;fl
z`}W=x-&j>Fablf@V)#gjod9#Q&`*itfO*0M8fYyFG8UiJ&}h3N!4hO{*rl0Rr;<$<
zv%c3jdzceI{EY2jNHzc7Gbj)DZS6TE7QiT2>UGgp_nUo}tVRo%&<a1P6$Z5We@@D)
z-APyBDNwENUf2sXw_oD!Yb1-?sGs~f-lNa<E+9^4={;yQKt$QS4j*xv-f3#D3<Ek+
z@2*jIqU)`2@qwbj$==Nw_L2SkZ5K4%7ML6Z&~DHJLgCQtgF((JVv={x;VDc-dKcW@
z?`U1;KFqCwLTV}wX>IK%Fw|{O?4^%YU{$_Um(j&uY|;BhUSvAyO5s?IK|y1ip-PP3
zNF68;sFmiF?={5j-gWt=HS}grStZFY!vq8XJWNh19vG|{;#@jq_BU|Y!-DXmtJck{
z!XOHhtPCCPi=5U(++cG5^OM;f74o=897NoHe!t!pmINQns8_k{YIWVXujHPU*QcwJ
z;)mzpT%c)vHav@9&B@n#yml6xWA}R<V$?Ihd`GOQS!|btxhly^0j$-d_`PlUVq%}6
z%4$|OGrm}Tt3OVHwBNljy8Yii^@1y)5OS?z!67%wKL3#S3+lK8d0ssW%5S*~YK0q)
zo*RxG{5{(F{Q`_<sTM21c=@$VD=I|oCWZ389gEs_GpJ{-rYpFcx$ULxk~6d|t7Z3D
z^1qYzl=R4n19ge9j{&Lnw;xyuaQZjKb?bz%Xx0-KGttv^QL<|#vb(m_6~}Z3*u5(0
zWyLIrA!{dTu}Ed=eehQ=26XkjdHda8Y=~7toya}thTOc7Y<_zwLd}~GN_}O^5Kb4>
z-CD$YPu*nEVxZ-wjBnU1=b&Z2NPzEeX17%R4Qlv|Wqz6bZJTW>&_hVcpVA`nm^siR
z!#B8t$M;NWorAxL?YW7Ad`D(|^?=y}Pqu5?mxV9ibP$U7NO%)Z{HlrZ`PtC3cX1i+
zH$J$VV1E|3L5$gm)sQW;tckZF_!gtGt^5n7gV~i`PxFIVP}6YDE!^l^q#asx*IATW
z^r&mqbgeR%+}NwIX2Wr*a~7=ZyT{`udI@ViYIY|(q(W^}0)qV}wX$0WJv&1n@UmO{
z^TrSu75h>}WTWf3x2EwLuy|b+kf>f6#(u?1;XRW%ec=f_=GM7eNIYED{VcqP=4?cS
z7>9olzVwQ3MrEy)03k$9v+Og#5s<~`WlqdUkBR!Dcn4F2n*EYafQ~N~p#r1TEk4p(
zn+v)iE-P};1eAE!o?K?)z*NX++XE?j;nR%lqP|9pkMl*RS$JQ(9S7RPf+{7KsNQev
z0O)@d5GA-Au=t9(A*44&E-Ivy$lX~3p1v(?(ndeqWZ#_aF$s@f>l=VLO{J279y+&M
z58k!BvNwbLUu{x8l5XUwM%?n6sp1mi{Hcb+)Ss@GMdlDIyF(xv=1BvFJn}YVR5b=x
zb{5}p_dd)t%Z-@8&G4X59eJ|9HQ7Hx+G<noqDsB@$jH-3E|&mtRVCSh(}V`AF^Smm
z#rX7TSeuXM#^SJKx@&1nw%g`Up9#PKb9XKtB%)VTgFi3FgXyVR3ubFJCYN=HXI<rD
zz%_WZC3xfNT9@CNrROjx#sJmsXl2tZ94xWd%w2o{EucX)CmoF4dJ0S30ua+py#IVY
zGtDgWg0XbT^-dM6Td;rs_{vtx{iyGil)%<lW3U07Ud*rDtV+kjl6X~HZUD-Fs5f6o
zZbTPDCFONDc6BD(pM^cTQBy6#y%49)tWA;LhmDY)QJHeyN*uS$mzJf15?jBB+10+)
zS4p>PV3}Tg#di0>bOZ|-mn}#9yZSAg;YxSqzT0b(&tnzO8C>?V_Nej3y`sv!r>cAR
zzj+U?H@CJT&2w-I$=s$lJ9*f!-@*{Wdy71Md}f`jo#AGeFl!l+oB5Ak_mm%-%=kUn
zXw&10$C|}BFTGHIun60JhFkf~+!_J=qeY~bS9qd1g`Cr;9^l|#(02))B^=g%+;I6y
z$9;^)Q*H4RV3s~FcNiSuyOuWFrF&l|UX69|Uc-w6TvUku_>3uuow>J{WS0eh*?Ifd
zdn95S0-8ADs&&zff%SZN^R>Cp{0C)Y6ER%<>7uOwxnY^f%osNC$dB{voc71<nau3B
z9CRywOnXmD-RjPF2rg_jM2o|l!oPGHV$ljeHVjWDDU=HqvIF8P0&g83*zvY>)YEl7
zr6;~#WGpn^aB(4GN3eHCr;IHCOOC<2xoeY}id!Fc-x15ujn+xJR^EGJ+|W&Tp?KKi
z!#skXSb|+UQDl-i%HjeQ8JjTE023=$&)jcAGDoQ`H)cD@244j)FG%C0Z>CGkhfwjl
zl$LkoC1Y5%9Q_-0jgOn`Etc39j3?^kD*o46ZXqvXU25Stz1AM__LrBHgKWzxM7a}!
z&DaQ`1{fG(&7%#zrveOyu%)kA<XdLBd#g0p3||VbH1XO|ew$U96CW?!ys#jfaAP;f
z_Tt95S2jdrv4D|21<0N~c~E72`e)98tVH0JAAcPvfDlbR0}<@)`7IkB|68Acbw`l)
zEkCoS)MLf<T{396kDH}k+Rps&7Cmk*fSyvieTjXYRjQE>f8|LGnizuqOU_>>8S9KS
zsyz0x=rH04?)s<S_fx=l=oTa5P;)k2fKibT(^rz6(nXHr*!`qH3+%v8HS$B-(n}a2
z#-a^}4)#?gVxU3=3%%$4bj$Fug9f!jr&7@yIG_}HB<1}w5#Tvq@rc`o=uJ(@`#N3t
znKB$NM|JB^T>io?0GeRDVDpHDL_>aJIn>v_26TIX!w5dW#PM}xTJS*ENt|_TzTA05
zc5$dedAka97K&;f#Lodm5*|=d(ro{Y6S=)QZSee>=zM{)uVQ0sOSXUbtVrpQm8yiG
zflZEq^fdX#ZuwOkLKn51(WbPTFUWggfb}uD`SENokj#n<(QyQS<pZVBIQIiUd_Le?
zIoQgI)vO?~W#|hF$#BEsDS7hwoM8CrbCeGlvLqkWc}o8F7<Zp7zM`CR3D-37+RMko
zq#2x{5_{LL$5xBK6W&YMEQzoQiUybI6H~W+n?0z?^i`(zZV;>^zodu4`T9)ot?JCA
zhRH8uL6WhI?OEQCFPcdqKe`S6{4Zjef!-FrrJZ>rtJ71ynZm*6JPl@Qje<SETAg7&
ze_6?d3sbHt_yV08mvO?vQ@@JT8``Olf~Iq^E;@*Bayj-}3W5S2)y+4GyX4m=6tY|a
zL8r#BVe&-@NzYOB^%rz!KIy1Zyt=t`dt{|K<Ok6~Y}9}G8Qto*D<z&<iC>0xw<hD@
z0Pi;8L+9~c)gPK6!4)d-F@v0onaj^Y%i}978uw0g1h0q#$?@YO+L^$!PwNn8r*UIx
zfA<nSHJT<LBcfqT9pRDq1C;y)*>9KwZysVr(Z9`Z%=rG3#*5&_?2<`3ES5>XtCiua
z=3lhH)5|m@G<Y<;oY7EBmd1MY?DV;7`NpmClyBFtaJ8S^@>N;BWS7<-yRWh&HW6-+
z^_xeh?m^x};6)xrft>57w%F&sGb<Bf<}&eJl1Vq-Z+uzG@k38;sgBB;4}^9NMrqO8
zU&JLTa&)d=?YcBL_d%F54^IU9mG>l|WG1`==Uu?XJgxnjGeMTE#_Ij2)2|kU`fany
zia;D63F<ooQ03+BqD)^>X2QL3>20Sv<L|S%RaR!5X%E?_mNj6i@_nz@O2Fk+bb}?%
z(J(m&<eVd64?h3+VDMJ=+wC9W0a^^YdLJG=Hw9NfdmEOc;+6pU%~cT~&6bp-LL89U
z$UqUi7niScO#<TFJ)K$N_tQl=lqkM*N8=lR9AMGl(o&1Vyl{u5-LUa-Zpsx~IEFR#
zIZpJ+J&qvgF?oo;s=_X;T;tPzjkEdOU*#FJn{{2m_E`Wfb7h~QC0^Jy@X<c6(gjmM
zo+;Kyc*PRfQ#qMlZOmP`A3a%I4Pb_SC;&LL*<*ic(+m$zL|I#@e{trm3VJm7(NPd!
zAPVoYFJZjksT%g)-y|9<0<9y;mUZ=PO(Vd>X&?ZUVmm+;aQ2k1C{gamC%b{4eFzl#
z&Ob8DxgI|cWNrC3EAQN(=+@)bul~;tT)HoG`v3*LAwUAD&VH^_e}2&s5W1Zol+?ND
z{qxf9<z5C4t{e&v0=Hox%#%bK;@YMDSyuX~irYJgNR<)6Gxq-&d+Vqw*Dq>Ra4Q&e
zD2UP_sKf@O8w3Su1S#n*>5!K0P&yP5HVuM+NJt1sNk}RsAR;YYcfB6Z`F;1^f4(ss
zXB>6Nfc-x2dghvI&ber5+Dd95bMYw!Q+_vG1Xf3PCbYfqYwH=lghrRJ77=<Dc5Yb}
zchbP+*;ySm_VnMYQf!Eb#lnF}{FTs@bccwl^AGO$fB(uCH{lxA)u_a8JfFkPOJ?1P
zzNXPQ^AJ8sJbimT_c=1{o1fVQT0#S7S+y&>A<}C|qb|G|qASd*;2X)w)(mFbKaVDO
zV$Wq$IizvDJDP6>cN6-0X7A_#b66)E<a;qt0k<F7c}aKn73NA52gYrNYHJ*F1RoKS
z)wETs{r-IgpIyqz_Kf0NydF*}!>8O-y~jWOj_(GGdon0BRX|wWCz|3<AGg1G+AW>h
ziMUvM8VA42tX=lWY{m%;;pB<WdnW4A-^AcXI%FUdlk16W4rw^=qcvwBT+N!X3pADx
z;<D(k(j&a1gEnf5C=`_H3o8Zi_hTD?**ftshdG`W^EwYMaoGaBb%cNq)$#+-EfC9+
zGF7vDod7pbdJXKWkJp>8h*^?#{wfnmIqG|w9rsijgE%(s@>goEYn%MvAnu8+e%oId
zBGxXl&ERo;6P$?m(u=!JvAzuIVAEA)>}$JJK8vrOW1q+%8q#fRd5sj*hY;>hMJc&0
z$*<f?EY$x)JOBG1LMbRsKcDDNeR4RWGGKf3_*!U5cP7IMqG*#NP6;iYyi@76ZdmbI
z=E|J2a@d~(E}hPw*|u{VcBV(5zX9x>Z#+%Fy~_pyQ)@P%eH&n&OU=ISUeuixdJnH}
ztV^I~LWO;=$M!Fawg?ImiwOBhicH~ISNVn2xeTeKyZ)a_U#QsKXN{O)d$CVzwihCz
z`|fCaTs7`9-HcJa1Vz0K>eKGI7h`$KFE4u6TW<qAzp_2Qli3%Y)3zHc$3-bEw%EOQ
zxY?V^R$NWTn4SNQ>Clj&ult#7{1UcZT)b(y4(l#4HHXLVAB_fDm%R6Fsz#ZZK@#$=
z<kI74<uBP)bf>UdGZ#hvwii&5{mkJ4k7&DBB>f-O&B{6V!@e+wJ(~Oyy<hmPT9$IR
zbFb+>B*DD7O@Mk8MBEAI&At)Ol9KGRQOx^e1^4y{u2PMV-8q0<S1Jq5mOHqeby;|6
z6?{JqgN!mJk>sUq#xzG`ogOB8=Z^-r$_u|>)Y<weU-HTbEnG@AEl3DK_jQ}57WJDZ
z@$9w68hg!!yZ-4EPP2{RL|MG`H&$Q1`BUhDp8G53`P!h<WJK(S2HRp9b0ziroiW|x
zMPf_a9cs!$)aHb5WYRW{EhB9Oxy~G%sWZMcX<gC%!j?b(Xm@=UPu*VE6B-9RKk_+4
z@kBKGoNmQ(_z`_lk0~y%4_ur|5*{npxlH0MGS<&gg$)pPd=xfKTN=<jxkD2#8?Rx@
z(+wSxmN*Aleg$lj3n*(zZp|v@|KBI~-$zJu8ymrdMJgW3jQG@XX3E4dXBpprKlB3h
zp1lrkQC^3r&KlPGpI${Ho}I2owmxyk)8SLreRd41%{al)Gtk;_e!S*csPOZ7x1QVd
z8Ak{jGPZi=b_AAdj$IEzCwxlo_I<a!Lb>vOxH^*+ct=~Rgdv2q+bCN2*^fIPG*Icv
zU90F0CsA4fom!`SvM7~Bj`+#Yis4kd`caz8cvid2a(QlGPBoni%RC!f(Lgr`^K8SX
zPt)cML$Hxn=1t)3Z*I*@Pi`bA?``<uTx%B)QkP8SwlMtprO2wp0`A+w)llQu<Oqi3
z-GG6;_PTnGtn-#5QgIB*!mz)f8<~w1r=Klla<BjZi9J61lIb&3sC#pg>twLSy;N8}
zHUTo>t6HfQ_lX%*X)n(ou8m#_rmpMr?5gGGA;h9aj_R}j>!XSlm<SPZ7laLKyRy_`
zukb(4aR)JFTwB;rubwwC1NQ~H&o}f_%!qwi(9m`oH~q8{szfZVH)5H_7tzj&C{vhk
zhK42aJv<6hT`d1}>z-PI)c3GW-omnzyqV9XM(>vWQMMrxf7Ty0PbWD_JMyU`35`0r
zioe&x9UL@r3v!+hOIZkf6c&wgZ;&LvgK40%rrnNPO@jR&>HHvhk!ZMmxJjENaTt*&
z7*FfeMoVR^HZ4t411susuhOxcI%{^|i*<TK!Z#$gYqXfwdUd!&UvE~!#LQo%-FBI>
z=a41y#C8(&lBxJt1xSrA=#<b(25I7mkZI0xuwuAO2Y-EY=qloT%uFbgBj<ZjltC|R
z<MxY16=I9KX~_p$4;25!Wd9*CETTM1IH?*u>-{MN)5&ZaGdjUJu?Be5q%-JYLY8H?
z8nuGOyoP|jkP>8NLiCSX2PRfZL!SH4D0YElOrOm>{2>M5$+-`8FzR5mx!^-`qyBi`
z%5&w8y2OLQHm@i9zd70KcMV@q``_z%jvoCB*(+$}J<_*;Ua`{JncpFqk7J2Fsy%2~
zAXl4P1JM=-1Jmya9wanAD96Rys5dPh?Q$!q_ma3tjBIR$j#rlL)@T;LEaAImd_hfz
zJZ)X#6Y0y-#<!Mo2}Gt~!pLdk8tA`k;J*5bgvT_+69nO3qRF4yT*l)2VC1E2@HF`w
z<-k`*uP<p3@4795Z-vXG57JAq&kX*Lr1H0xh85NJw+<qjduA(}PkMT>aHt-MiXM>#
zu4~OKtv@i@+W+|eW8TsOPa<4suhCyG{U5hXWFwquvv`g5_q(v_CF~2o!V)EL5X1U=
z5#L#5X7zMLmQ?ir_aIoD5&mY2EoZA$`qb+VAm~Vb^lkR~sq)9aB*tNppdMZilJ!4t
z?r`~oJe84m^XHJYaEzAt%#E>GTt;mR-sYMXs!`U5Doq5OXGJX4|J4FmDh27)w@v$A
zBqp2YI|e$0_>)*x=oHtums1k2P0A=d$O;?U)#2wiwM_+FekENF?hH{A>o)ezwh$n)
zOK6S#n$%gC!DBPV%{XA2u>PVd($l;A{JR;Im8YOdd~MxgX!m~W+2Ux0S)S+6ds8rX
zlrMgJ?|D~Dx^{_3?N!|AOBh#Ek}pKNO=eLiM=hSQT|+gLei!Rr>q@eO5f<u16wZJH
zQ|{p{{N2wl?<~}v;bNy(i5#Ekl?$9!n~|<g4X6FdgzE>Zh&C8w6mmLx>MT=Gelb@w
z9=%c_w7i?9Rlk$2aqItwWtEO_Wz)2difi5(dC4LnT!&%kMZNbPPlNm$@J`~`)-KNK
z8~8&CbNl&sLKo<7U92d@jF8le_w*5s)tGJWt`IsqR4p(T|89A{>nYp65K5qXlIfYz
z07siNme%N&W+}}yd*jET=svq-42Orqsbi4{1r_z4#Pv{);-%LwgvmIM%$AQGWVhRE
z-k1UXSCx3_WzvZ}b!>`uWXwTi#mB7kN%k4So>dl*>uh+}i*i?=i^5T<bq%U=*-?Pk
z^RyZ|*6&nbDnPsab>HtBNWcoUf5+|57%^fMoBi&ssxJ&MGZ!<|!wj6I5Yd-<y{BgV
zJ6xf;nCxr_VZg6w(c@CGdjZ6kRIhG>3%%+q;g6XThi;#SHOg7q-#LbblhtOs7bPxI
zIxVlCJ|HQj^Z(WVDtr&<@uH--?+v)FM3@Yi4N#EW3Z4sS2-!siZm2bHVKO&7y^4=f
z)eftizXXQvqsobt4z+kCJaqp@kHwvHn~@I_lDh647y7a#x%Sil*pMt)loOu@!&*v}
zIjX%nRF$1&lL?<J?W#eG0^jL75tj|FmR;6Q(7`blxzf@UZZz&pInBZtk6H3+Iv0q3
zw#^p?rY@<0YKPfA)%a<WSc@3P^B+m|_sh>cnewIijU+In+|E<EimySHY+Ts7_;i*e
zcoY0oBu@$+wg)%6!<Fme9hf|d5uDL{&6Q&YtC=#8Wl0if0?UwDd~sL+*G?F(p4ckf
z&_HLA7L23bin_ywujzj;?^)`7HTlGQfoW<lB7b(xzn7fT5(&3|;j;9lI}QAFUlu9b
z2m?rdOx<3wc;J*~absS$+&EOL(lT)m2IYm#8P3(}&ge5Pfm&vqW2FSH1kkj+aZXw=
zLb1gbjUUx@nhEWn4VBrm{+>a9z^^Vi`VnN0kE)r4={>o~NYC+!w|^_v71UPXOwGGJ
zxrOl=B3hG5sblXbjdFV)_Vu`zPBBleYSZw+fKzMo+-{9N#3!Od|D$34`ya7&=)koO
zt(3aRX!<<n5+4xXYwRUW;NTvhJfgcd24wZiAV-XRkmz~wTr&rTM&m+wC(a!nekkP_
z{;bgN3cB$zsqzu%MKTGi>5?vB$oD`2IQBCwnHU!ltOs>wd(Tc#e=eNlyVH`1+-6LA
zA9~$jK*-ecs*b~J*M6YE=OjWqr+<O*xlWvU^OKe%(pJ6;&b_N&Eotl8wCL$-or0!%
z$wc=_;%bl9Dre|j7Md0P^~0BDO3v<qOS$>{Y#pj<v6#ePw8g{Lr+5`S5SeiiUr20Z
z3`i?)*1yaO{4f#z>uQrZ?}=Ssns^82SC<G;)2_>@kN8;1*hOwv@7@ftQrgnor=<jL
zvLZgH(RFG6hmgTbpNwqD;FS6&2TZIlW|;3xEM~mJVHDT>+jblBd3i!4@BPD6RON)E
z8d=Y<5H+>;N4U;D;0Le9Sj|72@a%H^`jZ{|8iG~y{x7l012Jq|UC1gNz{61lWK<Y{
z4pZijyO9n!xu9wEQl(FBO<qJW$pXkU(Aw5zPZtMXN9&r=UYzcQosO1g;zI-hg%N9+
z2hCns_yN`$>uvC`55NzibZ<-0)*-AWYC<VM&49j`AOBvja<JI*u+Y5`uq@cJRn8bo
z7D}5AmSVs6n%~+dH}p;$0X{3IsYAYMJnus*-!|FsWhelzvpZQcDNrn>mqggzN=Q{N
z23M2R1O7Md)IhX%XybN5$tmB-`lD@a$vGYWM@Z3Nc#WnAaVMY?kiiWixw>vqLou3o
zZe;37*e>OL2a4pf{PSH4Oql~+O_M|skH|${@6l=ooNNdl%g~g6x5Mx8_BY%uWH4{*
zuDv=;$#dU?XzH7I&f*z2)Va2M*+^fP=san0`+pbhzx+j_0<?9V_4T7J!PFlVB<`5p
z2^3LY1|q*=p*=%++Rt%RejB9!qZL-YvUkH2uj?0t3CE6b{16fuALC~ZQUz!b$<~uY
zT^~%7U2vOeMxOQIW0%aHytT^=Ef<L6<21?qD6Jf9pr5-w9JMKe*)=KWYf0YKg{{=j
zl3>pKMdL@?sNnJK2eN6lH+NqOl}&?ukw|ltD~~u=@Y)hh(+vsnVOjgI%Q05H!cZxM
z4^wur3E6My)s5`C5cvamAF}U#*R~1)<7!HxG@jE(xF4O`YTZ}w$nA$yCxs=52Z<%V
z_n5gS737_L>q8#|i?CX(?#d9+?Nd0|AwQ^G!$Mk`=Z7cMAL89E^&<0x3Rr6O`bKQn
zTfH;)ccgt7`#=iaeI9!I*xaR^?Ui#U497cE2Xqu%BGO)xzsOEhaytvWcvT%P#g;Q~
zJD>T~r4=G<>h*F-nkYm}Y~76LQGWjaSdK$G@yi+6GxGk$oyoP8|F1G%CuVt)Z5#XS
zr3Lgv7z(WNy}0W`XsV}tdiO@#qN(kQ8;(8RNpVq-_{Nk>vq)2EvtZd)ZIO8%TQ3bP
zHK7Ql=`((tIc`666jjzL6Aw7cd)b#J+R0|I`TZ}G1(}GuPum{zNG0HEe*HB$S9_^Q
z8$~mvF~G3vAF-Sqn4)&wd<c`s4-$lK;GgvDLx|1DsmhrC_fGzYdi_QKB~V=HET;<j
z8N^V%8R5u)(UYl!r8b>P;yq|opq_fWlM#|%V>(go5c)j7^y8j$y#|@*d18**rR_sO
zTQZT6$Mf|=8rq||-VXDyjKunssX!U|3rUQBt<k<#O(OsMVM5$%UTaO)HHpd{Ol2$O
zs%M{jtTo{vU6JZoZo%Upyg7!iv_G>CqY78dh-XB+o~mg&OS^un!yT>*^Z&Lw(dn;d
zB>iZC(t!{Vml;bYPN<{Yi=PxPnvt$7EbK_)9{dwJJT6qt;$bk{EKVw0JzlFPS;q{i
zuR0mXl+a&A)hxtwYL=_UO?89x+kd!-jr?p_*cF<}aP8JN*Z~D3H`=U6KKTkQ^UmUZ
z!DZukgL-I#=Hb)3KYGDXN92K!V{iWZ$?0$=Ez_9Tz68#-bY+WYoyj5BbvGYm&j~Mj
zN4eX`k#`<u(EdjJyQ;aZKGOZhQkfyVa`U4==z)JkaQ6Kr0q36ydB#g$1D;M8eF-l)
zOGg;z+mcKxo}Y}X#)35ywfipAt~QON`rY%_#5-!)Z!@bHu}$uYC89rV_ghT=@0E`M
za#{W>8T>&jo!Hq?P(m=|zV4)s`k`_gGw1wk<g><yW{a;-%vJQuzdUF{<xPcbdQ5+K
z>b}Y)&-AN~`SU6Gr|u+cfhoqg`W2>;co`cPc+P3&Yrida_O3Ml{NXHi?A3ZDxl;^1
zT?gfsr~Zf1|2sr^Tu8e_@iQ*%$IpTiUJ~Z}@(-`fpiyE5c(f!73cGTED!Y)`P7S<*
zHqU944Mz5kmNAx!K%3N)sXy85zHJ(S$6IP<2Ml0kQ^Q>PyQc5R6c$#MRFPo;*Ll?P
z_-Llf`oKiKp%j0G!PapZCWsX?w|Ws2v^f*bZhA#zdC8XUqkI6(vnyy*`4^#VaS>d5
z;LlAOVcszSr=Y6WHCR$xLZ+ay7@Lz=tcVhS{T%lTJEiH>v~=6DR`Tp;fq4!<#wpak
zy>vtK(bM3SO0l$HS@!nJr^_DKVlve*(u7)MGL>>taUkljYg^2V^Jt?m%TX(E65NyS
z`(}lEorw5=t(@*y`q5&T#k!gMkmG<ledLE$cBi>(POWWep{m)g@3+2$b6Kls`#3+4
zN<)a(PPgM7*IZAAaYNvzVx6Mny@u||JcLT49j$lCuM~Kwi}&s>OJ!}~#yI)rkO^Jb
z6uOhRBD^y(z$DtfuxigKr#_Pr)}iVMqb3wd44<lN5N?QA6D~4}AdBaG`6!0F6e&|J
z@^B+0`C0M-yVZxXZ=4O;xoAdpzveLqRShJpa{#-4eLSG$@l+vC5WTO_<=5=Vp=cAa
z`?o0*w{X*F!{5rIq_VtlY5KoYongKt&b!EJNjJ!#6tTm1zf2;8o3ZCc=79_w*`IR4
zqKM64oaGTLI#Ma*N-~K7y7vlZU%?A)$?*5|u=rr>_0_#4VeQ;2Xi7Y}RT&_U%F}TL
zn+OAs`0p?8TvwH*^0@D;O@UM6+2FO<YcFc#Wn#7gz}k?Yba4x2N)1=8ckaIoLmwH@
z|BxJ6xYSXD%~O0qedjR`#!96oZnMRDzJx0|-vjf2Cvlx<12{j^&}rQ!x4yJA3oyM`
zp7WXbHCmwnQ@ywpl_$t{Odf9sQvq7t+V|^M1B_jZr+b}NZCbKGGFzCh{8DC$V-)P6
zc>V09-E9Js!$hP2Qic$wM(%^^Nj0wH`VgWsHo1GON7J=E-spF_d#Wkm^z$Dj&%#AJ
zNrF{*$Teyn#<VB0CfPEMA^hQ-UWbXu12K7@o*CU~o`%f^>LC29mS;+8MnJ7)!<Om6
z`()pVjk4{0<wu<_`66^v%rp+UE9Z#v>QRSeL&C%iSEeb-AkJdjPK#fCu&_l~eNs?O
z@RDCYBO;D)RYsj&Tq||5qbZU{^%GqN;%C|*D7Xxv#58DL&=KKK8K=;%i81}@770bM
zLeaBk7$Uf#J`goFA*v-t%6RuGxp<~&fr3OhQRlHRwH`grw@JzxXh&;zAd@FGKjz}#
zTuQ#uTL9H!Tv#P9a@htMG;J6AUuje?hjN1x$_@<6f}Y<bXbAmy_cR6*;B>zHduNhH
z`92>BiI{zPCz?0-numE?N1n(B^fB+awGo>|FemFfrJJFv-;Zgm*^{1GilGKhU>)T=
zh}p`Tc41CZMHX-$CXU+t`Irb+euP4&{XuX`jbRkHaEzr#H~rrx*aX2r<@H`=H!^-k
zqwc(O8C1TLe2#?4nCb+EiM#|NyIDmN3yQ=e5bnAO6!Q2&v;2J6JHD3?JoN69x1us{
zj9gl%Ij8LIeB`PIlQizVp}W0=6Yjmu-kekt5|~3>U@_+5r~Fi{<8`)>)0%7uc2Rvm
z_D_X!=EuoSJf8$|)TDsPofotRlFo`<`iXs$&!5nGI38V23!qzZUWP>jTx!F=!_h?L
zO$>!iAzSWkHH(O9PmM8tRod(Jh4SZm9@nLFx?Ha}B)P+Wj;a|;^(&JLu;0`SOwCM^
ztwT;S>Pj=ae5!5#4o({9ajrVWyq6K*23c`3vfN{xIP^5N_pSkn6JE`IJWB4;O;~Ro
zO!0Zmy>;Q)<R5L$levf8L!v9R!BlZ?m{8Nlfv*_^)-eA4qVbyi<IZ<DR=F5Q%RZJV
zd3IGXy}yNRfWU>IxUmp16Jky1@c2PbkG736>w*vVTLz~c%xf44UclA0(N`%(lote*
ztT5=3t~R+JhGt5%eXX~{?^3XpF$=w~TkusE4l24JVba1dVdIp5UzSu#jxh`*2obMB
z2Sd^8x_Cv>C=3Bs!>0Z@7ff&E@cn|IMqtn_>kl{X9Y~r8mn)H&7p>B(H|tk~h?Sjl
zljxrGKIjJht@_aKmK0nLLMu1X5FUP4THkZxXAPrR{1rmc;ZIt58vdL{F-8)a#$++K
z-r~BAy903PG~R@+V@VDRW83E_Amimq(-(i2>N3_S#9&mMG=MKBC+BW5A4#5Kf479T
z5+Qr<%`|jQfsX1A9t*F3D;zW2iO&XxSi2q)Y0*YFksQXFpDuegN%&ZqmT>yY&V2#I
z)GH4IYOY&uU;~%y4F`c?X$@cvqfz6sZBpm;<d$TPoQL1Qv7X6w!^{Pj!|F?+g}x-s
zy&<t)V5PYRUMo@`^r|Wf4+%kDSLkpaUue<=Nd`IpkKla&wDuK?-tUToCKPr~$X$qf
z^9m*fjB;;6H1R&COwRYDTM>4+%kYR}&KokM+`G-b{%FES+`&ND<2MI`&HBaIAIJ=i
z<ZZQ~JSqkk1-pQoBRrd<A44+36)A^eWzP7W;Df6Xtg&k0zf(^(6NmSTKOCxwQ;B+e
zy|`D)NvG>8bfuXfmVTJCJ>;{befv(c{BUSJBIY1^vgz5NIYMI60Pk23Yf6SgWDWD)
z{g0ztFvT`65nkpSmpOGmjb`#e&9y~hqP>DnE)jp-mFHd&2hR^iDyEx*Q;&}hnDO=i
zYox4veaGy5snW7Qa0C_*8SbvEQe<Lz;Tt_2GZOI{e1H;yr|?sc(C?>$?}FB`Oi&pp
z{Q5;2z_h|Dzu9NA7QT5X=5NT}flB9B&9%HuHsXG56owwln|S9g<a6{?&`H1IV|I=A
zP56)@VW)=&^|2FyX(sNYZ_J5Uo?wr*Brm!&ihqIL-?qI)dLGY5W5HVR4#(by3+yA0
zq@}Q^eze$7U5;(VpUp0T333%H3r-praz<Eqq2`7^Im6w6tEPypH{@iuv&faEp(rp`
z`L{&2+-oGW@&<T354G<$d&A-57oAu=`LO+DRE!y;zi#)omdT7g8I?+G*5>)1JLT^`
zb3@4%`kpk~sR``CGMbDHPi(Jzi5W_=$7^yq6<H!RI#@o^ac3@&k34#qanoaG#U{SB
z#X#-sG8B(aCDaBhg#uL|4}b`ys=oq6QPE#wUws4};U}7y%?MU^6r1W-J1FwJ{J4or
zyXy}+e)mqP-{|5-8y19;FoW=_hUs&}CQ}COFif$*p>6RrK<H${&i^IR{yJ4C%k>EL
zt&9(a9g|GyeDROE3QFq7kkOBHnw+#k%M*lUzPO;+Iin%6JeaSlk|={QtyO1p)N-vA
zfp~!$JX_agsAme8#~oH`BvRiOMnM{2GsF;qiib=6!4&Cl+9<a6L$X_;tuxowDze!P
zMWis|*b1z!{lUXW*v5hB5gqOrW_uGM?`YhidzO;^LWgO%q(?zh@l!r6eaP~&8IxkR
z$>fQ!EC;<SZ4yo$2gwk>Arsk;-^<VW;tNeI(;?AmcI~PgOP)luOo?}eB@g>b^c!;A
zg_XDAJ4<J<4eSQPO6qOwlLg<~H0sPmYq=!Orl})71e>GZFKy5j&I|vd$aI(xtQm=*
zK>so;H*4YQ$rPPDu7J{NlKzt(+Z#Ew8E{6Xemx5${We)-EtQAqp0vn#zQGgM6w@*V
zU%x^!_P0GS=x<MY9q%g<lb)m<9?k#yDr|OZK4Zh=#W8^TSBh}?^*6{o%*IV%#KNcK
zkLVue+Z6<suL~}n6lWIv*p8M~tO_$KG5VZ{3cA;#==9r{a9pV35T^|959L4Lpp^zH
zFlV0CeWJW?D0`I|HP@^Ae6L@q{lI)fReJuZc7Av1#0XWZXx{2<-<wkCtIkl0zqkiC
zvCCKuk-0}A50UMLUC%w-wT+W*m)2xVQ2M7K73#lr5|>GgF+S@&wc4zGL9yHWbC<mV
z+Q*%BWV1$f6O*3G__W0b{?V=<pI_QMAU4c++<86Jz|AGgqgO-QCh=3B+><=;9>29h
zVN|qQ3m6i17%2apH?k(di%RC@Fkl@iHHUkRpG1NoR4no*hg$q6H9Yi{>xMRY-;!>f
z!!hK}Pyn967@=#Fn)<{YZ)ugcFdf<#X?k|HF^n&X&&V6bBP++BdW-kYtLa#S$fmy!
z_k2Fr_w=Kh4>zT3ZPf>{PM>8^AML7YV<|z4Cf?SSbXw53g6x4RWa;5yz336Tb2NFi
z&IO@aBaiNyK}X{pW*=X1pYO4qhxneJ&t>K8e2DQ1x?50(!zU_@y5tnp=}fz>0Ls9N
z{sS-$XE(WyI^4V(92R!Vv1A&+y<I`JN1H3tgFN5H1Ul4H4pu)pkEbMUJ7`Rz?VHas
z7Oy35c<jwR*LJ9~3b_R`&hebP&lk`7T`_#rW^c4!w;j){Sk-z-_S%mUk+3y`if-Od
z7jTBW$1ANa?YcMbsI+9akbTGni*feC%)#x@Xd%afhT4ENZ~Il|K$_&hvPJU7O8bIJ
z6<u;u&Ft;VltGkXVrP+ayA9`d4R_5oUFr&hJFb!1$7`I1fkg@F;Y7i06<U30t-*CZ
zAEuh%NsNc0@^H~M9Mm~EIH((Swht?D6JS^2=}Gs6tIYw#IL*c*7vhWP%pIxnl<3ks
z@fW*_%optf9>qlrQayg`7PsijdSwC}6_d{ddyPRP{+@rmg~X<+5<|{Z2!X({pKp%q
z{jP;FHb=B}ZG}`y*L_$+kl0U!aSg(;Dbt!VVqs2O_@^2Z`fbn<zD?pt58<GuER1!0
z%2!0VWc;Ks{!w!E&GG8GV`xY3q#QsD8PDO@Z^rQoanINsOeY>F&i>_=8&8<+K^d0>
zcNibxM~LT7P}ysx#=U#T-)PcpHu8<^Io4MjGMe<G{p8x#1{G1m`Kli^BE?UIMK`0d
z4Gyv1BUltsHH}#GSG^>@AU<5ITo%~L_|JETK%rlNpt^eUR2~xID!l5{F|zG<5Zjf(
zX3w}VK(R?D710bNSG-hfDs)Cs?@^&>UB8SI{*(&7xF#Hm5+c>P(V5n88=ZLlQ?iFd
ztDYzBdQ=An5#Uf>m6KF%in9!Dp`{g&_F7Cy9eg^edUO3n_^rE^0Wop)qnNuY6pJ7s
zl>3eNF%Zb|%RAJseQ4w~8N0CZRYOgTfV4aNx^UE1O;FzmnGrdc$n0}{Z%)u<%co?n
z+TxnH6C9lB)sqbDMR;Rk4Pu`=4d4`DXq$~l;?Mg@`6X$XZH!QDnzZcgk|@4lal_Sm
zEY=E-4}(s#_L<9IxaMVwvFbT_&Gx;~j9_W=#*h6C${i6hN#RdwM?3?^yAzIVA+-4Q
zvr&S?y64M2>bMtV;#R|_HFyMk=oGUr`4ng|xB>o{u<!|q#!k@vtgup&-cces%S}fs
z3Ek;{O9@7JuGV`CFeeK;oZ@H0Tm6>OS%v4SwK5!v9SLgyFKohaHw89=4WA`7?)?6d
zmL4bBcnG&V>!Qt~Z>(<AFReqV?w%&`uh93|v{hQSr68I}&qtJZ$QP|Q*J<wM3gh>D
zjG%~5XzGCupfUBAL5SYK)h{NgswL37Cy)aixVPkC&O@hk6&D$#@P-$f)d=KbPO~j5
zBO|2^S}_h$t@j;DSItb?tY0+bSw(pY&9gt})MC^6cp)|?v@wrm_Lg>4muUh)?E^xc
znC^@m6;y$e+yGA~`sKGROZLA_(KPPVrR;Lq7^0BwN%P*kASn)u7<a!h@e-JSx>i~C
zBhs%Y)UZJH72Z$p@3D8{F!sbbcZZ^_vHH8F3Hs(;9YWBfIDSpVL`wG>ZyPEn{{<c)
zVlME}nVPAcyUBOOvEb7DJ7(5tT2i_oW_dEc-jlSYI^0*ldKnu9)?s2>zo`~`IvfzC
z&T6PI{1`84yCdBJU~c@DS|k;>dCZ@ddr*yW&cjW{xgXfNo{7hwZeDL%ZINF;%7$nz
z2WxtZi>zGxXOb3~rVHboH`1HYf!4TVIw0s;l7DOawY+%f#65^*7Xl0_j|eT}`b5JV
zGItgSK5Dr9_Gy?BP!{HlcvVm(rN2X!=;O$wje7v|lX&7E)sAalqegBYYs1bD)e2Ju
zNukT<TrwcAAz{;?TE}J7L~cf2s(Eb=N7Rm25G2WXLrU*g<8cLv>h^nI98Ee_M5eB6
zK~UV-L1*R&^SGN=gK>k`b~RbWTG?9icdc5hUnRIOT-IbGjkNR@=UCVPY;l*8X+>B@
z_vKhP$b>`D&iVkpP()L9m<K~?3k3CSYqv#p53zeALin472s}3T*gl!PBkmG6vBbD+
z-e~dJJ8p5!;25ebFjO4f&Kd@g${GN7U!ud+$_qp+7qCH8tYCaia)Qr(sxiTNQ%PFv
z)Q6Axs;|$kg!>M{N|D^UZ3rV7kI+|+v^GT4f!VdWsdxede2`F6LD7u+7*|^$oqvC4
zm3k?==ADfHEm%A_oMR#idKQZXM*;_TzV`s-m$MTPj;Icqt9=_*EV$(Nm|pCe3Rjay
z8~RM*Kr_nq*|=V%-apva51`W58#>i}rlnC8Tt*XyAM)rvaOlkH(L2WFu!N0pb_rNi
zfb8^j$kpcU?!hRB=j{3!%1KM=rx`7<DWs1Qxrw~io?w}go=dS$I>Trg2Uah(T+YA5
zJ58c*198Oo2YrY64(3dGZIi&&uh6@Z?&Goks|5%TO!EB!!8yF2gMCS`m6|oPTaqP%
zzyWh8U3Yiw4g4hk;0PKjcp%LVtUDUWAj$%~`1i-Bs6wcTU6tIUlj8Es48@0f0>~wQ
z;VoHDRF_4*H@JU%@2N`z8N@0y{dT51bp)!VGET{~3Pgx>J#n8fTjf26?io>6*`4I{
z>g$0OY8&F3^U?Qa+%w!>m8ypjdUKw2kWRI&wHV9UEzaV;LSIt;YJ3H{T`t@mP`I1;
zC~zGR(aRWLVO<w^0@)!JC(F@n2f$BT$0Y%TU}Vg2zzIf|=?i;q%ja`1R?+iDc7`I+
zF=LfiL2Rz!JCY+8|Hh_T<c(yOFU=`V{p?@Bd?3Q-Po8e|o{wdIY4o)0a9EFUG;htm
zGgrDnm3ie?V$OT<GUw9oDSJ0{BlP=ZfY>IGlvX(}eE54nQNt;0ij@9-wC8DuJ5{VH
z;zkFv3w1L%Z??YK9eb~MrXA6{bXRf&Xsf$)CS2csvi!DsCuyhq1r|maKHGw$n>45B
z2xS|Gu=;$z_X|lXT~B8qIDCJx960N-g~-x%W0<k!Dmb-ol24k+3Uvtyq2H19g?{?@
zHa%K>C}TtG<$f5{PaODKpJoLt66ut-QG6qoprJLSHo%`E)Q+O!=PFGx75Gf6h52xn
z6eZ3WKa4cDXpg6y+tN&Y_@|mpqnEzEdn?>XFL)=7oV2iM`Zi9ZIKi7^oV#BnPBDv@
zz%A^z!H8(f^#qG_P@S=j@EH~c^i;4krO#FC7il5KB}~qD)dh96<)(Lpw)|xiAyl9N
z#y5y!fP^XNz07Evu?<Rb&PsVW(W2g(OzQoxgY0zPMi-e0u@EssyVF7<A9}K&7{Tqx
zFG6|W?=p-2vPT_J6IsS5<{&JAT}nJRtm@xwUj2p+jO`+7J5SrgP&&36oc)5hscI2(
z?x|M67}B*NjhizfCf}-=IX?g7TTkdY+H(}xT;7B-kB=*WV9*wSMAfUIHbuX;4?=bG
zr|D{LuQ9V>WNcj^l`vm;!OGAOZrD1Zn&50|dC!+meU;xT;^n?z=w4pPqDCu26pnb>
zWHmW1HFBsBWhmo&`5PqaXCbM`E~I2;tY#Ys`LP40b}q)m>?5$K8cDms#8&!|4@PKX
zRPC*;?f^!;KsNLj-!MZ4H1YLZ2nh)0<qK)29oQG%{)(sW5hTJqUcFPZKr~0oAYFY|
zhwNzd(n7vL!4MsbRA8f?J3DD-^)R6rV(H5684UO$&e#EktA*x^b89lBvpkDTbc|dr
z*1@T!3lbYl?I0wl`z9qjeH&Hbg)_I=X$S03kvoWGt-G$SyB0V2cIK-oIpcksXy_H%
zj3E0NL}qz5G<46pnTzbP=6jDyU2On866)VNTS8Wwz}|0iclwM^Cf|-`-huM01_9i9
z8qrIIx?y5!*vIG<m{)w|26q_e#olz#fIB?m!pkTFYo*LVT2jIKjZSo$88~F0(lUus
zvu(rqefQ`5l4JE|x<GQ`m}4AYVVl0!m9A!;Ru&viuOHdD&jDm6uw#`!tWl=`Zrm2e
zhMCTiUTJImQ@z$@pKiSy`I#afY-wASUr3T;Q3~|!mGUS~Ma|j1J%|}B3l<xVknBf@
z6X51VoS0&)jdBI6uidsy6Q**G?DD$#@Qo}*9FOu>Rp|JX>H#_3n6!GG7%o;r)Yu`@
zrgB@G{r;mk`}TiI;tVr~=eG4yHFIAsBK%|yxu^3(f%J8I-xYM~2*(mr`dNpl)>4Pa
zOT&DH9R)O$^AD#c=*)9fU*G4AVToWFXa>=Jf}o-eTvNywq@nTyVv@F?!H-7kkVOqQ
z`{!K&`gQ^BM}-ZDIoEhC-HrT}gb8g+G6|Es?D~Nc)+-R;Py1qkmHy|j`ywyqRxJ?-
z@pLP^_8x180#tbWM&dQcLZE~4KJ-eP=X3BM-YMH5y_6~u9UvAdw(T^perL|P=jmQg
zOh-Rs%WHy3-H_*xNd`#-rKu#qn56)Qob&H>BQyO@VQXNN5sjam`pa^0Nng3A@-2iD
z)M_nT5m^TQ!JCyZA?VV$*`1JJ4)EzMHa@1>8~jETt%(M4*!0A&cbfrs7vU!NlKQ+F
zMfdPEU%V>7J-JL)<l{VI^m)p1CIUgKcy#d2OZkp??AR^Ct@JFe(bugUw60zDOv{Rc
zU9L%jt91iRIX$gzB3YI-X5W%MZW*~h0X??Ym*RS)*OzWQu$DXsIm?9~&xghjqm)Fk
zMx4TFF^=8%l@)+r&iJtz5m0v_*)@Y+-~sX*&1sL4X1YDh$56NS;llDXzCINgTCZ0?
zz;NLJ!DWudYkh$og>6`uhgiPiRDmcx8EhG^(t}U;Bb1G)(x+iQdAgUWlY|QPEDMx4
zhA8uWJR)Yp`+x?;_K1Nt@+v{ZXmc_&Kip@&Xxs51{^=SU=_O=F<W~;CY$z>wZh>Wd
z(tcf+cHANsL-Cq_F>9w*vxT))@^baXXI;nlgbvom)DgSz7_O*B+OMq1#u2Y2B&zNv
zANw74WP)Lf{Nu)7vdR}%%?cZ`L<4Cr^Trdg2*L%12At&xqn%ea`_KVM;fJgYmt@k8
z2Al0FgGc|`&y?RkKGU~mZh#ap1#H_m+Y4Gx?@}*fqSu7Namg~ntZII-4W1p8{R;;E
zWfUrTh}MW`8jm1mq9^r2=p)$)3F#Jj8E0w3_jy&azv2tu;3{z@bVf659Kh|kOn_}!
zykwecW7>d@8w{@IHte538#eHfaN1JskOva(WVp{KXB%#m6V0XVx6?;=eYr8`EJd^S
z=;lO&IGG?l!9&BVnC5HuF1lChM71OjZIoLL(8VO4a#&~ycbD-;`H;D;@~|rD1OKHF
zu}FEm1dgz=?;n)A*>iF%Z-ewf6Wo=(V?z%BoV`JmfDeZy3yA!}7#j@;vHUZZA<k_c
zgv_|__0zU+qb44I7bgP~%|*N8pV7ZJsmV8{-acx=_N4g@PvCWTo3sXdOEwrw^xC%K
z@B(o}dxex4Hfd7opfil)a;XkL1|qpYbY{Dwc!a*kNLrJZ(rn`J#7wV1eyE(qT``nj
z#{c&=jXb3#aO9UHwE64J!2P)@vLg6afoSz_Ot`Mv1uhGTaP%zkB@g=<QVI_v#G_tj
zvJ>ri<IAOCx4kHs)>C<sOKjUo#Tj2c0da2J%BUB{`0Uq1XyaP%_>*7%bD=7kqHvuU
zlLX?GkIX@~qE)d7g50I5ep%9&tYO;1%&L76K005%m%NC(pXLrEcPc=v5n4AHapRwg
zYT~?G5aTIekwS8xuPNf1ut4XtL5;tMLJCIm&IBQ1mGokXSx}0**5t1a5$45~9>MG-
zGOg?8PaRABG1TFVeEn)H71u3EzPqm;#O?1Fm^@9MU27&lj6ghU)`?K!NuvR^w;Gis
zOJ^mV1J4nIR6Du0q9Gy1yjBMLoZ-+*CVm$-+x{I$%51;#0G{g3S#IRA?;wQN&G^<+
zayslp1z&4jNTe1sjHk*H0ufs*?-RJ^QlKkh`@G<P;TCQeclUJEQVRhaAL6*Sk?uxZ
z6DGP;hlFX>@QJ(z6@&g06T)<lwk9U=gyPu9lqZDpi?{vJe7`VYi)6UPeGHbZi+<&c
zzYy6yO5bhXZ1LzCr?k>mcl!ku9C*235W)9j{=+CUiS=|1ADch9L|kBXo1xbinXN*;
z8^6Z*lqf{Jsx81MM>Sv>aT!;s>{F)2ZwUD20{S=FzzL7`&m)^+7Biu3U|}bD<t6QR
zTsC`6@d2MORu3^EutK}8=qxGigQC#-i=$7aJc<DD1Ny3<%Nq)D$NV^oH|L>^as^!Y
z2MyJsyurxO$QpO&s&hiJ$P<r#V_fclLmXRrVm0DA;?}V$o76nD4l2~hQyy$<BsU~y
zUVNqtSh^vOXwS3G;I2wR7``pWq>0R%x*ZuG^zbT?`4m#hjIl9k`GOKC3^NuhN+Cmt
z-^h!A?6e%~WVR%ZXAsMY?pECcf0yNxs0Vq*{0)a2;mHEdm>M7}E}kLir+7+O{UEf)
z3i=8Szu@8=c$!1V)3oHXA}3<GjlIH;w)*(|s>~xfPUfC4UHV%-GcBRnMD{Cn@CBI0
zf``r;r)DL2c2@DiNRCcP54pQbmR=2oiH#Cxy`WFLDok(hd&-|hX1fa9^0z+E0W{-9
zte~BQpna=P=Cye^vjh32K@<W`=0EbEvFqEO#iugo>vD>$NkXR+ajZiE7JB`03}5^u
zAWEz%q*ZSY*ulUy@8<0NJ}Xj5&Dvo-&sWQjM+|~T`8l}~DuF3c%8CEv99n+A5=uRb
z5Z3B+RPRgVpRAFz@kt7B8fvcV4Zb3ke013)GKBgFYgc*yoy{y&xWg<J`!CH@>+(?N
z3HwqywyW4+T|mS5t3j7g{1x2(Ea|NljDG>Lk_^g?mvK}011e23gwG#UqbAk57+4Xu
zx`t98D$>4Pbv}nCp06Upmg=VZpEot@2JQ{b(#GFEhuAENpf}<M6W-g&S1&2$Zpif$
zep!>N?kL9fKpNR*m$#vG4<YPkP((IO&O|9rsrC!ZoEh|SJ7i?PEuQD2IDml+!TW1G
z|G77JMG@-L_RpM2YNbG<h^vMF2n58rz*OWq%(j_A#nf;Hqm`BM#1V+(y5KrWGnXuT
z3a(hvgv%XXAvUwYmvQ6pcrE%{06S)7ZCcvH*_uFXqJn~3q<(jqd^5*{$De@i)Eax5
z!vzpd5?e_fSN<ZX<BgCl3LIbYICEBN_@w2F>-T>uJwfxZ!YDwm?kqBFx{i=qgL8d`
zQdy7B-2j4{3Z$r^c)29Ea_Pmg8W9QV?+pMsX6U*-JR%lDrQZI^Pg1Fm0)VH>F<$Y2
z*GB>ItGx3@#5!Q{lC67IB=7^|8K(Ctk!WWNAuhkNNqKdFqYGJdW-&@bHgEs>#*(2a
zO$He}&I-IzolgiX&4z--YQoU@_)=|$S)Hd0T0NCZ9;eN=@jrV@fW6vm{Oo*%-AZ_=
z5%7mMtP;CfX7`2{s6~Hi9^x&*$g}P4X9LYVg*p^2=6j75SdF>IZQiDHCAWn?c=-<(
zt9BY&2q#{c%7JN!Ge3z!jdrLYt_GfK>dmT=57v+mdgelD9A5?HgxlDQf9gXbaU+2}
z_+ps4<y3e|uw8P`)1j*Db7!k)rve+}OSeDYp-v9K7hw5(2$vWqaGUNUE2iMZ4RT~1
z_HRip?9h+h455$WfGMfu3$}x6T*k8fn#$Pr66_C=ks$(evr>@PIz`9aMiu$JA=6ZA
zBF8Tfm?e~*x9U>0LUcJ?h<iC%hvlX!3X|k}aItBS{r&Ga1$^Q*J~O7CuQ&Up8sKH?
z<_2W5M0m^)qBcVX9{w-hqm-nMilbk05$2~e9PW@g=l5?O60vAw;}Qvi%uLe<n)_}L
z&s3}gvl4}H<x@>lVx1E*-(!;}Zmb5g2ty^FHt!J(q$|`}cMU`N`ny-A@pj>iCV|HP
zOz}8-&qdYBDAs34bO$6{$Wo#$We8Y3zCqXlg}aJPgq2wCPhbrNON;O)%D=@~(qJ<x
zW~H?x+rE;oH=guZD&kdrG5I2lv{_>;Lcq2*yw?l$F_=s==zZw!l?U*)NNtuLoTr==
z)yU-uBubH?=oNkLb69E=OJ#7lyI!?l@gExlKVR}Ge|f1S5WZBZbIB<|>s%Pdnk-HQ
z0;Gj^_pJUgg|qNrABQm%Mxz<L@ZinMAiEWH<@T-Ra-v&tZl8+`B~D!s@hjbi5$$DE
zaz-R2PiGqB)EK-Qci9!3$gzaU$bDijZ&=0^WXa}Dzr^p^xE4J1axGjL&Da|8MwW;C
zZ{@d?g}H^L+viFX<R%F5J2lxIGPha(M?4}|c8*g%n-;+_Y4Ai$ys;|1h*(ZxVf0m#
zIx6A4;bk-x9T-&e1W&^e-q@*LFw7f+g><5jjR}h`lu-C3F>`C$Mw#L2^~}nG61W!@
zkz4h5ai|6ZHksThvjfoRq>o&g=|tL17<Y^fg07IZT<4ujQ4zTxedhUSq&)|vXmYm0
z3~bWi&+mn_4P!PLI*gQ%WFx)$J3ix?g?L2~&fgb^jcQM)d+#rrg8#yzB-$q$1OvRl
z1-N}#k`w#Tmo3@-#$q6DEb5x@7~&1mI@q+Aox8YWz>`Pfujo(Dr9Kkz@H6+)%ph{m
zJI^JA^Tqdih<w_+*hcv4RRJ-nM%_XaKK-p6n?Z*GUHSR(M*(=}R|;|8m3Z0JR!bEu
zej%z-$!%z0HJkS|8Pfk3SY;)l4*k0j&xd!k;sa2_tc_b&M1nBUR=mLYEa!SSI^X^&
zjpRQPCWJFdZ-fP`CP<o7P84&xQyc}To{rK*7hjGOik|ng2Zu{u&6NKIV)o^VUJ>3V
zW6jM61zw=Y?*e+4qUxOuB-`EI1R{-TKMf$c92p0+cGjCn0&c|OzWUnpi&T6Z`3i$l
ziLvBGZU5dwcnGA%yH#Grf`FDYG-5(2+G>8Q#ZYkUuuS`7;1B<ga1qj|Mrxl!15gaT
z%Q?rl$*3U`wkQ3J0i9DC+@Kln(}l=w<x{w?uP=eBeGEe24iyvfRmaFZ72R*@rNjGu
zHwsP@qpRE-8lpUTY(%-YJpNX3jEX=lgC>sVv{Z`i{G1a*`ww~31)5ZmC$+TUG7~PK
zA-E!yVO)OS?B25*oH*Cq9?i@FQWkl2=uumbd*fhh>3P5R_OH=g>2Pw2w~~O-iHesY
zbv5X2mfkb;D$jHGT5+P{PUJ8@7pn<D=M!=}%t*1dM~^=yJDIDEk_e}G?@W|N?dsf<
zCH#@`p~6S>@H(Pa0XY}?ppND*R6@|wW17Z_6&SOdAyg)tu_=jhoKjfC9A9kJm?c~4
zshrD9f2YlVu+?3L#v0M4qT{=<h#=o$wA{q-lksl-MkkvpA(8_>5A+5nSem#&wjx{C
zvq#uVZqTit9^aA-8YkTGuT{-HehnWg5Yfk4m+#HL_rHDJ1@^kWi_qgXVvAk~<=2&T
zs|DmP^)Q_Bzrc<|YJ`Zt{SU?PUE)z!66YTcu#+%&7Q4Q8#5+>leF7f{YXUqEG7p2w
zn?&sajer<U;xD{=cF!LNV^(D`z+{oeaqdihF+cdir5akpFO7dt_&@ux-^k(d7?xrq
z_6uY1Rk8;qTeqhjkaE?3lIAs--$B&3q413taSVQ^VI@=qG8bvv`lFoLa<7_urae~p
z#o%V1&H*A-Htk7Ec34@T{iw}Uyl#goGd>?`sYX-;%*&uHGW}7aLv>20CFiS{*0VUm
zgA=e*?|z`Z`Mp#82!4|PenlvV%$(!eI|01~zs*y(7Rq885>BR$f-uI;-^H0=V~YQm
zy19l8b(lx30}wl%ztr$C=uJ`}A$QCScNj7E59BG+S3m-4!g(gUy7izZwzx+BB03vN
z^^wI$QN%KF=6)|?zLyNz1ZJ%j$vCkfv731*rnwId6a~`znAo~@ad;|U`70SfAh)*z
zQxoQ?tm(~_f8N7H=_!y+@<1=8Fh=U58sZ#}V1ZKzwekch4N{Ha3R`+t`0TSNgxu_n
zH9>Nw+3&s^c#fnC*>B*G25|ZoQM{t{3Fy}8dbKS*!%R+7N<ld@MjjE@bBPN?ew|FE
zrrnekn>~UH?>pdC8U0DL_$!d)J_jV}^;%r>CvMmHTIcR~0Im}pNuD>Q+y5$*QWl86
zi?vyvoHoskpfO(l0h*P&^UF}5`#_jaU|RBiyR-TbM)cj!0$d|;G_L8GAXP&yO9!rU
zxd#RR+&6hEC|O^L4bno_Rgk_<7pw?X`Vi$YV0%565o;Q4>`Y|)bU$WM??Nb=ZLw!i
z@1MsRCQXw*wE?jOXn-sCw8$6s5a^q>Yy?UyE||tvo%CuVfmo15+dy&z`BtVbV9Zq-
zcRXTJ`vEt?YsoFgE65Fr<XeU6gZFW8-%w}TtS<|YNKtktle*@iI{NkfbW6ydyySlK
z=Rfo{{CCX<`S8E~^ZS?!eh{TKzM5Q&cU538&7qB==HhD+x)>6ynQQqTyiiP#QCkH-
zkt9h1;X!VzFE?JV4_?;;)Y|q*^<}8oD?+}R5c)3Y%+g1Cph2@kCUUal+NF>D7U3(a
zP_w!@2Bme#ZtsApbeySh7JAbVZoAqxps{aU>7#+qlTk7&r#0CtWW)D$mo1}XgE=i-
z4B8KXeG2Tp`93kZ6w;i@^<%Lm0Exp>@s;QcL{Zx}2Cl^sh__ky=Y-}1?Wni3DJXK;
z8tPE&N7(U&Cc&C?%8fhgiC>OnAr%f3$0~o%O|>m=c#M9E+G2Kl0}*v{;zX*s@@2`z
z|2)+Hqz->NQ+L8Ffi5H{<kCHvY1rwIBSc=T4s9!Gpf7W~7ohItos&%O{SJ*zpkGAe
z=h=qNCog8fiHsSS4)~|NRYPNg`Qarj%(9Ae0k03Mo^ADXkRLapc|Dxepqw!0pM!Fi
zlD@wRwJL}k!il+;&K3c4B{C11wJ0whTqla#wmK@JfzLslqSsbt-dumMvzj@0UmZ=a
zkL`?<VWe)0Aq`I3Kfh~FY>c6m?1Cqi@B`7OrGjjqXLx#05hXz)mQZ8dL7Xb|6CM>0
z5YZ)2v4Sl6vi!)*Jx&sp(A@q0+zEUYG@3klxCz33NFi3TZ?6Q;Z15Kx6d8x%4UEU;
zZJPAh#y+xD$8SPjyK9<m<W`DhH}nGF6HB;=wG$Dws<qoRQ%dQx{yQz$-H<L6z3H1*
zOs8asIwX+UyFqYAguoRL%zetB#;3Y2ql}BLxSaW>9g^BmeY)XFQZ4<-D^3szfIkC4
z6FJL0>4L+^$X)IU;`?j##S2Un8mSF}HSJ8>;0Q?qpZraGZ+s40Fngha*++waTk6U+
zZk&sk2`#!UA^1s20O`Ebt+EsUxiQqPVfk<+fdOT(5X6{?Z<UvUM5Ga)f`|B4F6-GX
z-4xlgtvfE*XAz;Xn0PL88^d)q*h*xhl847T(s;OR=TmWV(-}J0!IGFS%>PhWKT(M2
z7bJV><y~HJpJ5$bz*%r7?%qK*S`@Ot5_W^Jw|1H4&#g+AA#KO{EWx!j2a!WG{B3X(
z`wT_$!1`C@Ovyc=u!9z^z1AB71^yP*cJK$tf2IAWn${50karg;fr{BI`NFMgn!nGM
zrin51rL47dUd>4tjci_r``IBLb#*lNeBBlB(%+WAqXA^<D<KJjWsClAvMO#6Xqx+V
z6-l5g<89fs#g-^J&3QcgF}k<iYHwpMS27qsloz=X0PA?%hzPHItw~-Y4u$J(5CU=>
zufHKA%DaXVYKnQQeb<lvB7^KY^j>B79@tkPLB%3{$N0l8oMh~2*tEO$2=e>x)va8*
z(;swWK%MM{!m9{)tjt9_P$@Wp7>aQ6%P%j3C&{>#Eb3D~_dVsrAbxmc6V9%Q<#2Jj
zd01b3qjG~g#>=N~4%XjT?4~2*>_gmY0@qFveeYpKHlz;wJ!WX6WyOC3Wu}4ZIkkH?
zSe+m}-<a~YEtNZ!z#-Ho6Wabx3&)=f*e0^RtVwYDR=&754C|y$Mtb>I8|q}TPOTbT
z#A3?C^P=7f=Y)6HD77>nk%>!7`K6mU*SyjE=anO-UxRr~3OIUD#bFf(`&&y3Zw!fL
zl(zaS;bR!J2GfegNBTwwV1(qzgxpP=%#iD8DID?IJ~^JARQoOUD6}-en56g>Nt%a^
zti(E^1_w!hGE_MF*=y@~%Av@_=WmG?#d;Flo0%;GM?#i~!>H}zfv_Qx^@VzG2YNCI
zwI);u^A*r?W$!k@-aQM*CmJ~at*A<a6~$MgS?5;fzR|&Ka|THQYdJ<GGY>NCk<4@f
z|1o-k!I(~$fLZaWSs{f~7S%bgt)U0o{GTfk=8;2d8up!Z1HEdA?7w>R@KjGCku{PY
zNZ}v^>xbsy0pEWENZ$A^QI3u~RDzn~2MAob8xLpXmAmd6R-!yjY}}^^o!fHkri84n
zK(Fk8b(|Br-U=KaHH>}aFI}XmI}AH5!KLUavv!K&=KAO_^uJmFOebNI3Q=<<44hM-
z1~c>%9~#ODH0;f%nu0Fw9;Ml@k+LAx<l-}&M+jw_i+)axLmr~f-$=7N*zMH@7RDW&
z9G-$QXwoc@E}y$NK;sXEIrQ{Y?+g%ErM=0h9X;5$CMPGs8XF)w-34_ZGl7GtD}%^M
zrRW$$W2IQVeD9!CEOF=#$-uc2LlFw<z;x3TtXk(jo7CpJP0k!H9Ei@Gec-EAY$$)C
zM>e9Bbw#21?<H^n8+A#gyUETh!#$S*_y@g<2&g&`{(y#Fo7%^#KdJ6`%nGPwK=}0~
zy9J7Yx~H0AZCh87KI1n871_A@TNAp>xHhuKb^HZyFH7$!3;qYXE~0*4)q5KZKjZ{z
zV)d%QOzljDJ|cfpBf!>cl|SzeF~?Y;T>L)m41-cFl6ABAg1;V7a+^OoVaql(SfL0-
zUuaf;879U^nDsdKN~+>qSC!59LwFCSp(83In^euY9#7lO;Qdv<x_xp1Xur2+1MGEc
z5;Kf56a2w<jKns?R~Mk!<vA>B%v3Z{cza4Mw^D5@gLPV@?;0G4xO3HJPEbO_@f0H)
z+#dHdgZYb3yZ$omr4wmuX=h<%Fy&72<4aL08HLA}mv;ypAqD*D7^zn3ok&U(>J}Y(
zqo4;S8_@sp0$P`=llSEt<;3(KVh`pG2?lh&+{|jn3e?8pW>LjCkbh9K01XuH8k2p-
z`qU3$r?cvZ-?3_H)kHC!2a=AVV%dla#{2{2Kh10-J>l<*?jO!ECqb^m18#-}zD-2Z
z4R;j&`vnAg<*FBG$c3u5%gDc=Fv-M^RK}C0aluw=mCEX%2x#!geL%5^j0)gT*Bsqf
zXf1eL7(zjwhAr3}r}FOul4TU*wa?f)+J>yQk%bU1*t~VCLaR*}?%|_2j2bb@5vap?
zwDgOT$vYfyf4!-HNZbQ#=%;PQm^fqd;*ddILeC#Su-&j4MBvgtzuMZ=h>YfvX9}Di
zz{U0*6zOIztKYsxP>YI8(*Dz`a}m=_974;&fvAQ2GvFuDQdVTjW;*Sm&ZC>nBypA1
zir4Ck{NN@7uv;0YhICP^fv2RyLniP1)-2Gt`K|!6TbO$S9KSNji4lU;NtM|Icg7Mf
zV*1p;n511$s^^fpo=3BjiBJP)nULE$qMEdYiTv|4;bp5U$<$!SHn}qevm-Q&@8u1@
zDzj<N3^HHfmXPj6JXJ_!)`22M2XSkK{y&txbySvH)IF+*3M$A8A|N2$2+|=)BMnkY
zOE=P@NGbIq(nw1wrIdtHf^>&;D-r@yl9Ipmc*JwQ-*@jF<BoCu@F2cC?EUPu*P3h2
zxdwx%I)6YHFizOr^>azwjR$#DfOD^Pw;E!I5$3t|TZ`C@@jJD1G|`qj;W+?-H~!c9
z90Sh7nv-W^0jzzM6mahxh6L8t2YxT@$H9pu@~S>|@eo+ew=G}oeIk`ojxgrSCr^(2
zmX@fK`}{#aGZns{nb91#%CV!b=69;`KA9mO!{%?biAj+U{*z|Y-yV{Fz1*S=SvDUc
zR34RzU^RuQ5DHrM0K0coA8xWQvPS*x5!C<|V<UAhf`qF6M_+d2Fmx7w?8SLi^rr{C
zZ>{ZmThm#~HE`jd?Tc3Y62y{s9SMFm_!MV820y;`-91*v@3XvT!lDpu?ewp+1`-Lp
zwh{iR=gh;hegf9P6DY2?E+X%i|23gz`^zqaqu!g{e{fZJ0rtHxc5(A>h(Ru6hw+#p
zWdY^iJP*y?=kDj8|4vd!uqg*##hdY_(o<7)UJvZw012{c-K1Ot_u-qI__9eGaDeJm
z5|&EA$GSkmSuX@mWrcQrJ8|ItG2%1}KD^9JL$}Brd{ZfJf1Dj;1YGmiveW^BdnAjt
z1aV=@(BidnnYywZB*?N{^0|(=Z(4l>!}?;uUEOy+-a_Ja2i$LThl+UXa6#Wc@_<QD
z@z4*Y*Qdez3e{K$x97*_6z)GbB&076@}IDP7F27u`ivW*K}H7m^1e9>mm_pUU)}SA
zHvE9@gK-z8Z{q;b{Vvih&%cc;aX%w}Rq}T(FNNgt<@(yW2#OrVb&~VNGUU}hU4>-b
zs<%IWX4Tu=y}n0Fa-NX05bn1Tvz_%(AcuB<II!+QCNJ#JY3fxV9VQU6XbxRSf*jRO
zLk}~KP4%?v<?m;D3;x-{e*YRMt!$q(Kt!B0JDRN&#ucL`smpGa{Y=z_Wk$kf7JOhn
zltTEJt0RGr4~D?;VqQ}<d~$Tglxcg`aQUk6BU-vH+HBgJ2`N?KfsXZoD70_Xjv(By
zmy25H6Vwy-L`naVZQ_A4D`jO>LrlvlP;`^}OAy!EW<7b7L6wEodw7;#_()(6lYOUn
zPSd_rY%LhcZk2vPilY4~Lq|hRyu;#-#8kUQWuG=CGr9)xbqo<)$Qmm34SV^D0>Lzf
zfe6hNvIh}qxNG@w@Ll?xPXJ5~+khz6H4A9V$yHeh(D@6wLm%fwYcgXHih0{u0Xs-(
z<UEGdN2~yjtL2d4-p6{e(N2iM|FH_)EPDNKC(nO1*0`c^9lO*Ma(et;>P}jFANHet
zq|fm}cbl{0wGM^W4J3L0%~pz6@rw*f@f<ac(QAi&iC@=5lyMT*KbXUaTgB}5xb-g!
z0OqNfLQ4OZvoHRi_J0lWo`U>qg_pPWSfo$y@v~!z)e99xhDWbl<=?<lD?izNd+ysq
zcf|Z|-2O~N*aAo_fYuo^&2xJ&6(PA(<N13-z*bQ`hA|j%PkL!6X|4emJsyY*BSHAI
zkAFdw$I)s=wC$v?WPW0Q48RNIgo0zQLia)s)1)nuMaF{96*04|8P{X#wix#JOW*La
z%o3Cl4lz=C0P_p>uzxAYx|&+W4FmI?*IEOSEA`7?<{j}GJF+}ak?-=Q3{%Q#89vp*
z%Lf3R`=J;{4q(H5Z*|^x?mm221ttUdR{r;X@P_kqQD5gF@;OKS<>)1et92p}2NNkU
zUnDB86U^xDAVI&rE}#&UL!?tS@!XaXGUCnE(ELyOTovnnu861v1+6D9r1f;f(}ydW
zLW@l)i6nnZF*<UgPIm_ZA0nl^ey_&+6%V_1F{ANA$NV*<JBBb-K>ZWBYXGy|W)TK&
z_4(FwiYhLtIl73jc^09Uzs33b9jbhbBl$0`H#HapScySl-XWw4{e)Kss#1t5T&Zjs
z)0Jkny&tPnbZ21%ip_h7L&aj)0t71+On9)%C(ASb>EacjWfAxTArY-Z!bF^txdD7+
z))tjvPjGiGd^>)_?Isx5w*#Tn2FQhR+{=KtENv$Mt-L|-9Cilu+};?+=^#aFpy*A^
zOG9xNg*T56RxSRQic=p?@%{P+Cc0M0?AH2vk)!=0r2I4_O6&Ops3Db44Kf#~UK?5g
zx(UHzzti(Fd}MefwdGBWOr(iBm<p9PBs}M&DHBv8cjSYQ2J#IiHTxd}Ttn9vY%c}g
zg(u_{rBZ6KDD6aG;-n4hGwb@A)rUdE5g4KnAxcHQW9|%th{1^J)7<9j*SaMxrsQvd
z*GVW8F*tUij!H-^AV^*@1RK6{6-r2>o6!K-#FdiXR;d&dY)VZqNRpS+km1x)p&m03
zZ~|2-uai{R+I2~ut5;Xy%`bly6jwa=H6$lWKW-h|JYKiU6H;6~^Q{=L8bGCY@1o2S
zf1{Ttf{@7nc0la1x<KUFE?_*dI-maRY`wKEf%#~}GP9vf>Ny?k)jeddhztDx>F;D&
zU|`8R<x-xCg<+>nS25mO_BQ^2*%G{`-u!MAwT44&Fyq!=Z1ztjwIF#y<if|x`xvy(
z0p2sqqK)lGhi@_e$#MG8@ZJ6MR@V8*iP_;hJXrA>MF-w`1RbFBBH3nm@cxTdegluT
zb{K+TTXKEh|6MIU7EPbzm|D6t&SKkZ$^hT^;e2#`+%QSDAC@}j$sq1E0a0pEW&)bp
zF=&6iv1w}$#pBXr^<X>CwDr<at7sRwF)kvM)j4g;*VHP!nBao%l29V>cFiv)C!W-{
zIQ$x2XUrsm{U9gC3<P)RQ`ISJ8Oq6a2>rTV9_iZ0@mOn4O$tR-0n!sLmlmM4jr4dL
zL&!-pEC+ZWuid(YPH};lsFWQwPjTX=IuP)~&3|cjY%~JslZdzy;eS)rerc6?cuqu%
z@AVmoQ&I?Xw5QwJ2$l5$6YpIIDAN!g39mI<h<3i}J;+9EYtcX=Wyend&QGVA;2xB`
zOH>H9vUD--;X}<R4RRk~>^6o)VLlb<%=z#ZZ(E7X`rB3d@039<kUMTHjSg}KJ*vJH
z*JNGcx}?1h({o}WYlPorAQlNjA8*OHspace>G~_o*F6Y<+mRUKV~fq*=(9fxZA6g+
zHjT)-D^dSnW)xP6>S>sGLt#4yFg_#G5*{0!_wMnF8PANG4X~hNPHwP<WyiqGx~Hg+
zZvI<(3$3BI?6)=DFkY(kvS8uU*4w}_e=e&c)zLl(7hCOQemo>Tf7-c@2rMix2<f*^
z1Qnk8FvoHOYQqaEL0W9CxTiL@;3BJ_@BmVYE4V^arEnQeAUX5T0xXUPBbE%mkxl?}
z5}*Vcp<KxFSw@V>sjw2iSmWN$lDQI41vwy-ap9eM!rx>mM1%KGmmyabliBA)=LJkl
zgU4%9BTHd!Q{eQ49o-Pzl@G~jEEIqA_Cha@z)Hd}(z_UNN_;&3kvc>v4Z~Pa3C+G%
zt0tPycYnm%rGZ7#*twNv`?>cBpHCr?pJQziv1rzO7b@|Xc)RLbUJ@p|Nvd9%<7+CG
zYqe5|R{PwRpJ}bBFYT_{9KZ<bjO)W-t7$_oIv6KM^TBy>;9B2idnRh|**4bp)0n~$
zk*l)0Ap*0+MG&*hDm4R*5nDZ}m@%C^4%ef@gWT1TqHvm9@sUb`Ovy99JDhQ-)n{CU
zz8YpkDs6uv=P^75phT7?avy8P=p<~SR-3R9(yGSHdZqkWSJWw7{+eBS6VUpI&M=(=
zdXXd4I+s(9=nw!UBR2}2UkF%JDYY%!4HzE97$g)YCF4c*SD$W@d`q5PsRJj7B}`q0
zV9XED19z8BrMHDyVtAx0=&T|^tyIi2{pi%c(SlmV1MAYlaCW1C(D1Aw3?Hs;hb{s>
z%_X^e(M|aMKsKSoIr$`2K!!026&6bA@FutPT;deSVhj7PTHd1T0Qqji$4ktDV9mlo
z$9QFpPHY|1(_Q3kWXc>Um_OS9c3YTFw|r7S!TxE_a4%p>QTWB=+m%-!=2KpUFxXgk
zI~~q|3H>TSBie>$#C2sG$Y=+b*4s(<fzW6MT17+uBHOHG4}`Y_qz*o3iuYf^YsJp<
z@R#}G>N$Kt<g%L0d6W09vmQFY!(a!?8$S1`<!RAbhkIcusI@Q9^If_k#G%(sd$7AH
z&yRLHKr{l#+|;bi$3V&~Wgqmm+RTF~g_hV<KMD-%+L0+}ZgF$-r1vX1OmTOS>GG+w
zN`s7@?oCNg=k9dk2?c0(@0+Cm){uebg>(5UNcY}j>%U;tGD4EN6)xs+8k2@EM{wWM
zHO6vVs@k-uKDoRF=eKDLhWcq@UKw!npR4H3&U_i~7)tX|lE3372d6$wc`e?lWDtfT
zPzjS7FtCQnoV&#gV^UlpoS7;?sNk&j*8ccAJ^Cj}`jaY^Am#!k<zpjnLr>gf+`snn
zYg0`!Ron9uE#&W^K`Ut<Q5M;!M~}gF@^LOQ^0Stm&t*YfBlo~SbjQ0+bM<vi9as^X
zAGls}3#5_FTkgAuq0iF+ee<Cp9+Z`;%P$bQ@a$+5Du^rk##M%_?11G~E-!V5IQ9kS
z<bQCR-`N5kK4V`I^em&@-diYB<N4G8I&>dE{4+>1TKaqRN2ZfANQ63YxOmc-M5sv&
za3Lbn;`W&B4!+5;FRNHNf>GaAr4}1`7U6!4SiMw;IfaS99rH*rx{)8Q$%rwdbYhM4
z$tOl$C~sLrouAv}AmDr%paf|bqWfI?vTn~JZrAgnJ3k;;l`5g`JeHMKkc<HY=E;&1
zu)DMZ-YtIDhJK63<)6VpNgzypht0pgcm(O|4>I^Co>Q;khm+<gb;fek-BhN+dNp+e
zEhtpSbjw9rnXGB$DW)f!J~@=ePoc-a$uKi*<YMk;n{;0h9^FD(CVLI`vG3Tr0Pc*>
zifGnHZN4r-tTfCVH%U8pk^5wsOV2Ut!!r5Nn0kcJO6B@H&QviNbI^fIaJn;vTBgd2
zG1px|`gnc&htm8<A1JbZ%;(>e9Yrc|@Pr-O6Ck27?10{zB5(x>#vOPO*c|P(es!wK
zR}Ut6APo`R#B)uw{oD_g5wbgTG9(7kUe8M;jzO@$;mD^I;p)uj$}iCho{ZqcrMM~7
z6TbeabIG&}MR_>~hVr31kxm;RNiDY5H<{04?64pT{&nb5Y8|0GKSLgBrdu(|cT1N-
z!^Vkc{~j&gIM5<4+?+<PeELrfcUq6WdCg4FrZRox83?E*IGRR;qX*eovyMEC0jJiD
zp}$^uWai1t`e?mK+H)1>2=3vnvlIs4b(EVQcKG%UR5MJcDc<Gc9FZP6KW_e!iPymR
zE;qHja`_xjStIR_%{zVd><egK*)Q_CC&W8}fHJhGrzaWjhfk~?<F2^(m)(}7k9ltM
z2Q5Of4=vU~$;f-3iUd??;A*V>U2$*0vvd<)zr1jj`BlCYU^vi-?2Cw~UzuVUO$}ue
ztHgv}hm{{bv^e8)6{P&R$am}8?m|N^6}dkd-(3N!?+Far4A6Jqq6|i|IZa#x0FyoZ
z?Vk_sKVc_Re{A-ei%bP5t=_pWl+Lsv32*_E#$of5ALm%B<i4~&3+s8K?+FHu@t|0w
zvn0!rM5bG9J>XX_cb<=!VqKi9_KGl0E)5*Et61V)jQTV@1YYVl&dACE3qF$jEQUai
zpb^w8JirH34y3R07jg<u>gB0ci5jdmW0VeD&=eR0o>RxEi$Y<<o(Lo}GWX83?XB88
zFut0<v-<MkY7fRP0&%<e0ETAKayd>nM_CijRei%%;%P!4?$4x`PBO(6J7ov9N+RA^
z=Y9|ixfPJ`+uwV|<F<{lO}foDn7r3ac$=E+D%fW<I<#awJB4S+sw9!;GYJs*#l4$f
z_6Vh;Z%@#?eE7s*wyX5wgoxc_bAl#9wta`Zh{L+f*Z!X-^Vm>Zb|IAn(zLpb^0AUQ
zaYTSVD|~+ORyMCUwcRDEE47?myIV^M^?XzIR{Cc!@h}l`1v)xIzHh;91{hKbKX07*
zCGfNq(wn@yg|$fR*Sr*Pkt1a4;!c5VL3|6|461GiW{3|{Jg#d`>byuk^Yiv;f+J(-
zH|KV-S-mrUz=ppV5qnuAEyq&2>|D?28I8W_-8J|89Qwkyfi7haWX67=xvQ+=ca(m4
z>A&G-iK<EY%x@`zl+6G9cfv<p_=ap^_MZH4_61ri(Hf5rk?SQ`M51azqNfRJTD<Yv
z@2lT?#Y}^HwkxZzX+@}xL`q7!tC{VJx<`*Y`Ry5G93)=knmfM782oV-z;H#ar!1aG
zU$sNza4l4lRMIlA3ojqqrA$(lyf9Va>8Ws@+m=58otGh@NM#HWVAo;Bv0welS`QVR
zx)boKugoG1Lp8F%i9?5}M0kBIxtez0M2o-|5o(I8_Qn2rl!_UbZ@NB@<VdXv6iR5j
z0?Jc)=3tkZ=98||!DWG4p9KlpBULHY>a2@r?ci#}AOBYQpi;~bU2r+|)ucUjk%(^<
z76%xpS)BfmXA$d;*qSx_bF8{}r8HS)CYhbCy^YhvrKKUfen)vzvQg~YJNALlqEW7Q
zr<|^RnaVG2*_;#p0Ak8f)@qZn%?l{*xG?O3W;3j3McC3s&r^TX1`)yNj6+hf-2V!7
zCsE$;cjXszxO{$#P$;%plh=<H+IvPTCIh^a&xOan<;2GPWwW++)pf{_gfI9$GH*t<
zc#Q$Qsb8}a7)m%f1y<QcC_^*tA@~Gi==a1}i1%Q5ZUa;ui?p&TAsq>4(Uvazxw9<f
zRW1^47v)e{y0a~V|Ex<ziqMgYI5*TF3*AL}B!c}y)=?L#E*<Ck&CK;1%CEH0{oLp2
zt_QlB0`BxDI|rW9Q_<9yNzjrFUCc-N>Bv0`oeE+fm^f;HUH}+UbEu);RWhX+6OZsF
z95UHAqOoZ20;pAGs|~;gZy2y$g6eg1`PbzX(WFl=q<(`sx!3HZ)T@@oyrD>ktc`Kt
z+bvQ$G{pVsV3rd~?G7r7)W`9c!~(2UX2}#e-$(elY)T=YlQEhJ^=P+)z<ig5ZFltR
zm}^6<XE@7J_M^ZWwuHh=08;pSf)~)s)d$gBD7{_3xF4u+Ixihvcj&1pLQjLBI-bMW
z|Lgq_b8s3B`!y$W6u0vraXW;Mk&rCgcR?GV_YTMfY^37y!u^Oi3aWExx0k^qC<4c{
zb<qLM1?pKlLFeyb#Lyh;dcU1*9%v5|xTUCH2hrCLaE92^OqMAIE7u&ZF2f)LC?cgk
z6Y0BsI&||_`310O^eKK8VIELGf(4n`F9V6C|B!`_>!Do)wA<CSUgD1S7SW=c8``lR
z0KPZ?TV^s*GU5`CF%e?-*G;6rqyJjZM=eiZ;5Z|<cz^vuHPJ_IEmQoOOy9|tO;iXe
zUuPH=PvozLIDJ12d^BQ>Qn~S2-oL&8`a}-VPmJxhIAP#Q(Y;SkUInFS6o!GH*O18v
zVvWlOo-&VTfrna=+bW}~#q1j4#*;whnI!bkF-ZBQj!4zZ8z=Ky7oZ*e!z0)}NiHAi
zJP}Un4!HPYp%xpBeFBVzVrpi~%X0U^_M&h9#~Gec55w<~E0Bhr^UE~<woFw%Ar;A&
zXK!-RqA2VzjlSIOCRKZV5f}t6OHwvYr}`B&N4_K-det^W=x6gQa+Tb!m9QJ%g1Oou
zy)Ih5bc@Q?yz6C>#k0t;U;9(-h`7WV3>!BV2ifg)yHXYUYZd%ea)IuHrqAOq0{PV}
za6U_vE?1uj!wuv@H6}sQOEO1!K3B&f$|_O){3fg3fYwn8;;J|gj+&qI^~@>v5x~pg
z8r)lnWeYiP6u`$v5!CS!oWs<?v=VR3$IfEi6HYH@B9tr?AG^W-5m#un=GCT?ms0Xg
zVU-UHM8prtg>TyqkaiB<1M#lebaOa*@)7P_*0-G^W%um@KHO+!Y-R_X9u}<{z7dP`
zx4mCq&3xPprX=7z6*<F`pf>JQx#u?!EahsP_zWp!Tj}8)GBq$*Qu_C>9=}8Hkeonk
zP^|)6`2-d5O~#ylDV}O&daENj+atJPNcL~P{Q8C;JU&=lDn?>BX2GK3ou^XQ>cy$E
z9VU6nQLeNpQh16_dMOPo*;3Z3r_37}`oVBh4V3%|V?-!25n>F%3tqHFKM=2CRv4lc
zGq1Y)<<2M+7m9FQEqVQVfMkZ)3gbLqlFhE|TzEg`D1T!BJRi(|E8ZPs^ANXEhJ$6K
zJ4q;vilk=t0CWXoP&q<-ztKKyM#+0ol6sV~ZR^TMz5OZOQD<W}YQ-E&RnuOc{bi_F
z3mkA~j3B>?YC9}Z`Zv-Bil?Y_DZzlfvU64}$JZW=AOglO7k$_j=m%4xYoPgOdHPY_
zI3y#Q8?kS`Zn!4N2QDI<zfz+Nua`(YPnoxV;TDmBJ>r$QSeHHb0Dnri?$eCs1tG8o
z=?Fy8;Me_13K^coepKbYy=*p8Y>AG^+7SQ|d42UkXE#vy;vtj2`Aywqg_ee8u$@Qp
zq5c^Q&PG5fc$fIGwzJBSj@@Wuvdaj&`sTBPvDOa14-eQre8JEGOWQmu@o{>^c+6$X
z<}fOMtCwQ4`GHqv1yz%rfINxLU`X0H8oEJH@FwH%AYTPt8Ar1o>l@snp4!|^X~HZ)
zD@V}MEh&C#^RiS>n#yO&XkTt(&v1HX64ghhSR|wh2l?(*M^%$>$Ic~sWXuWF&AIF8
zIm1FP77g6&>eb)V-{wIXbzHa23O1m1M;dn!7e4ft{8}Qy>4F&Y0~|wB%e&8{@p@Ec
zk|PYtfnS_2?rPy|uke;=EFE(JCMSV>*1jZ>_fD{E5W8@ok?Q10tV_HnfxRGH9gK^C
z=Y0Z`^2A9j(G$P_c<$K=K!)O#r3n;8_xK+vRT<WuVF?QNR_QA5b(lHtPH9%y(FFY)
zWJvfj?v3DQMui;A#cR74&-Y&)0vZL$gIK|O7w~_xBPsj5P}5bAS|z-sBWDAKBRPRq
z`1}))s-$iQYm@<vWD9T5MBKd%@UY<Bt39a|R&T(Gu7#UOgV!Qdy&dk}fDcQDAUGU&
zsJ>1O-7gDvE%yX)qEKRaubY)9gGD00pEahj4f)PRGXJgCZ~Yo{D-+r8QBBvlE>p~v
zACkU#?q*Z6o#!zFnCxurCEr#m9gL?cNorVsf9q+IlPi0Bf<p9aKKxv2w3cW8{td0z
z2?sO$0>*PEv3%(ffpEp`FE~kpIlbg+IMw{UEZ@)fW=LA;pNyk{!9<DkEApg1_|2B-
z1_FYqY6>p#*#z@JTy$<x?%zR*NF4rTn_~8`L#2$q5uZfxIUr{f&cI+lmpaB>@+qs^
zzYnS?@<6RLb!=&upKl087&in>cjx313=rwJ&cvcj-18C|!|Vrji|~!l-EP<1C;;v)
zDO%guPx2G6LY(}v3<q9LhN~{BJZVg^Co?JebOT!ASp=$J$=ZzNP%xVT*jXtPJUIJ=
zLev{2#;s?JGmm~D1PaJtxC+XBV;yZa{gnikC#ov;df-T!0|B>Ka@>g=1FzW$BamzT
zF@`L~-_`l^wgd&i+maT)oJRU~>(ulZahoEW7Nz628;~wO$93IU>7gCfq<UchkQ?H~
zKb8t)Np7R+w|GsuKa78_-12wm?0fmzfS))teXFH7uekbEmCTCRtHUbJrCuv#*0|Lb
z^4&$b3ppOYb;eikxp#}5E!!I#*-nJkjE>YK4q^n7u~+l%P*~@=JB0Jp(SH4s*;(kQ
zgl5sKeTU&Qi32x1hG@ac)Mx^lb+HZdI<zEFcd5U=O1y@6oa^+n<8A7%mo7!E8-y}k
z-yDd+`UMCi2heF_v$acd4(@-%oN9j@$Mn<p&oQAS!lLYK_tT<0dwgUl!>C|=xG*Ek
zC{OrcVF)JmdWq+Z;r9we_kzyE>D-&hC|*HltDM1(d>}hZi+_-uQb6+`Fcb(bSs5!W
zCo!+X8=PPqBG5RK@|+F5lNiX*89W%UaFLX^o$$u400j0v^&IsU*L8p<qy;!T<G2`R
z+b{&_cA=cPpj(BoO|n%|pH$5fl|E_`0ishn5kY0@^Y;k)dC<(R-Y?q^eFz&#@>?dc
z^CjON9P~-&@Skn~{#C9w-@xM=F8fO1Xge=kH>*<}=(_@0UMsVOyegX*Xuf@h^U4VP
z^kB@PG|(V%{_UFNFM+{>kWB4Kq*b?#Rw~~L82G@OTve+Zy>`AB)HQ^31GotUGq4o<
zRNnktUb8_8RR4yTKanPoOY77yZOYsMGALBASS>FaKl2AbmC{Bm=){d%$)+p-WjLe@
zzfu?9BX{&s55YIFI%+(+AQbI-zAR*NX$7JWFSxQ_o2DW<7;?7AoE=7gdV01=ct?Gv
zQslwLgC#Lph3`1n-Oh~PnKBdc?_lM6@aCUiMy{NdeiQKnx9#Uii4exjt54CMh_*IV
zv6yVD7#zws5OEqdjiKxHxHk+6FH-WI1xav9Xa^~0yn2PB4_Ku=e+Z>H^+JoVnr;!v
zNT>nG>dL^O$H<kS%aSu(hEu0(ajpkENAY`w)dpSe7S$%FZ^!eAWF{Ux8se~8LZ@$E
zAG3Kb(z`_6+0K1?<msQ+DkTh?vXgas*wp4YAYUSf7%jy&bAcFxPFyq-<*rBDpG|gl
zCguHNUPVTf1Q4EsdEJseKq`6awDDmh=#=lkx!u0|;MRS9Qopr&r2oJjqw9zk#t~rL
zXDHlNw%RQBYs5FVT6X|=O!^yk5Hz;hkP(K<uR$%I05r#zg9^+P{1&Dsx(qJ(xrrBG
zmnnMoks{~xo5SbInPKnsHZwgBP%9h8Nwj-lAT`2#B|VWpDdt)+M;3uu)z`oaTve_c
zQ%%?miC<h_>jD-!Rjw#Vgrv@XVV;H=yrY$Q37u}-+uFT`;<Y9#`*I4|YrAzKUL!(P
z0CiCZwS;TVBz}O~Oc82;B?G#YsIbr2wvyKCE+AqKO~_dG0dM?Pi{3#}{JV>%FXxJl
zR~*LPcwpCOR^Ix3+Bo+H1MLY!uSTpM<#Ph_XDkFLp_f9c0srHcgSRt{h7yH7yp~T4
zWa0Yt%Cx7Sys!B{3$yoXUzW#n@D3R{MO-o${x(pxminm3OvDJA5;7xwC!mnhy~;P=
z$9MMxdj#pT63d_~*$S1^EtHHDytf9*I>n*V_uenV7gc0$c}J?78hiy9ar6K+^AV`J
zLyukDvg<`!emchw?6)WIbuC|$QOT$xUwUAXoCdnetr~TKTsng60vxL&L_d5-&n4Pj
zcG+vhpe>+V*Rlg)C%bkQC#SivqY}1UU?fD>V`6Fa9K<%hc+ffXY$Wb&Ki?ovkx)!J
zxO1RqEwkqg<EtcU*DUOcw`V1p&tkH}Oo9o%&Z<`)V^GY*L;k^Fc!Z4AJay)ReVb|P
zwSm1Nt>+?O?xV>V&&Yj-yfnwdxy<YgxwsB~nq?E=IznKKa#YeA+<rG<u)1>gEFDQ3
zQ?Cy1iyIl3G5D9=SIGN&=L8c69p?JXcZXA}G*>*WmBgM!Uie>ubowoS?-7PdQwX^t
zFzy|FNCf`eE3iL_bPzqvGyUr+!v-;n=Tj72j%GvajgT?)atuyLg*!mfO$u2q7tsCB
znUpwulTMFRow=E%D01J;F9}|M{7;BJ2DxW*LQ_7LSTbhHF;p^?zyVlrziU(l&Rvq5
zsW?|`&sm>p#1=W5|Lhy0cHx`f{}!$C6PoR%nT-pl&)811t#RqgtTKE}78f5t3fr^~
zvk#zb;7AB7=w2ktQG2&J<wG!{@N+hsi0%qt8p>oH(<9;hgQ$E#k434|x#w+Ht)45z
zanh|y;dG#tK7zjKe!Xmo(hWmC&XTf~<VnbMg%+f+ZN(R*7#aFj;8b1xG-QBimzJNg
zJ$je|g%WCpE@I$}Lzt-AqLhpC_(N1%_S=%QUj#HqW(BSF72C8Q37u~3Eb`mWZpK_`
zkvM^Y4dFx~F!2Aru#tsD!m@crS|35rRWz<e)Ov!~eKDn&k?jvKrb_}lW4e7-#Qyrk
ziIO|%bv$%uHUnPr%>UYlvAm}ex}D6ID!#|Lf%OzktIQ7dTC527)iT38gX)`8*Ht{0
zy`*3MsQ>=3g5PRV^sM9=KN`_q!&iun>3257H}&GEGj9EboGgzNuwm5tWR@lqV5>3;
z`b+zZ;eDGh|KwJOY+9n+Zn@-LLG{mzp2Sggkm4&K4I9C##FZ|ulx3jW*p53G`yJV<
zj=zVNBsady!VN|(K0U7^K}z25?zE_8WLn_&!_N~|oVaC&b*gpCM2&3>-|y)xDa(83
z7RoZRqLOhF`ah=oZa7}-PkoP;^cx9yVNnkG5jyOZi*V#r`*muWrDXT*m&SAy8Q1!8
zbl6@58aQQ1IPtIx{t!(SxB=$G<9+qb4m|xO(5CJ>?D4@mbmelmE2>QpZ)92@$Mhuq
z%5hFDB@1cfZKWGe{f`5^3KHo1;!Jh%z;0JC4nAS!g2F5CBazNDgD^R2=Nll<aVKF0
zngvGc?z;*Jmjzp#0R!KfIcY2T(9dT=4*&E5riuAe!592Rfb+Vp>nCUcX&W*u<Ch@&
z%pwSJd6G?Ip`Pr>Vbhltz67H0c`UN0_3n>IMA`8mlVCDxPk#JUwqDvEKDGl0TPrVm
z&@I43_4s^Vl>PJ$-&V=PG$C4(zB9#q#o-GNsyFmwbj-Jx$HzmbYqAI|l2-30KH_78
zK))~EbKM@n4l9(H)wAyL`9oi0HY-x0KLoQbe$<UBJWWY^%U@q}Rq#GITeodR-Me22
zjo{mvobt3Rg>MP;A1K;>Z+We{I7u2m3MTT+>bcte7RIZv%_Rw?aKoK*R_ZrP9;hlx
zWeP9g#ZOXk#~*DRt=~+Jf9sMR*^Z4RnqrTv=UADk$??T`979yxF!9VUPb6k=rimQx
z)Lo&V6>PuV6^!_}y2svQoohn0$LFvjafI(9+E_h~Nd!rGc`Gfk^5DBx#a22@KwR{E
zJ2yEp+I`c1E3KG;4wd<H@GDw>P>EbKtBzL<hy2M9kh!wV*VjhWj&ca@CrfQce$A=k
z!!|J%xM&uX>!o|>!M*b7bv9>*neftmgngG<vAVqJmv<>G1+!`-ruSpU7DmbC+CXaw
z?xaoX!&7&k;?i!?e-&{n1$7Q6VDe-Il+oc;?(yhd<+5~QLKp9OXf2GtLE2aXPz3ib
zNPp}3z)8OA*}MH@%)N+wB(sm|(+GPg(R>hPQYm>;o8&juvI6m@f|*JWD+;YN=cNNH
z3In5Iq$~5WI_1H+;-;LZXX=~W6$eWm=veG!267SP%H%-^`DZ<Sj!>eBEmr?liKivu
zjXtSJFX1DKiyuZanIiTS-;Cbpb>dbr2U}qVFVz#wgpm{dmanq?l?-3Vbh9v@hm_-#
zJFxnB&mLj7;j>sdnSwMYL{1{@J%Bmo$q&AFe?nL#TPq-_M+_;|vsD}H>c6Ysz27{p
z$`E%3EU;eAmq!GRLt`2;1nhTu6|SiqEgou_wTOW($_1Ils$FVhS)83k#GV+oqsER?
z{|xF%WNP;ZDO%U4@1N0-;f$)iN>b^ZT9%|A3{h$q2JBE`JuK|@qGYWC1E>;Al+Rui
z6xPX$H6mPb9)KP^Wtvy+18ihelKI}}0R1zo{szvAy6flf9N@n2bWr~;c69WlRX$C9
zg+5omv*+N8uW!qQn*P(>)n`t0_DW`o^a*@3R405sGk8PSa?bn0f9mW%e>8-b_kw&*
zLEEp3!}8oCAetZ%j@)W$d``M_RU*ti!8cM+R}B~1)LU^C@4w!c=z2Yam1(||?Oz}3
zxT|mpao-q!<|zK;1Hw7Zx$L6XwLQZxXx1M4YBA@@ZvUrfkPWNeJGhIRvL@JjHGZqM
zk_wgL*nU~($g>7St9Piy3)EA<#dNUPqK7&=2j3dGGV{JF_~LFv8E4{t+Xz_ZSZa!9
zH@HclXZji^m*L2B2=;7hYvw4g=VdQsd0~#8f_NHaNiZ<k3`kuxnA7--?%M%sBzHN*
ze_UT$+>^q%yVUe(`$k=#VrH=95x5Ro*V3z^#OQ5`G0%TL!0@=WSpDd}DDK-`5{9!1
z;}jt$G_2JIX}h5WzMRI``ze&a2$P6fPwdYN8MY0ldiLNF=ZU}d*QyBAUs^bL-lC=0
zJA9^fTbXKi=!E(jdq62;`KD!4IUxc7GNU0g8-cPrRuVS{&b&YJy<?j}=1`9+&EqAR
zvDj&4$tO<wA_Q~0KTr#y7XUpqUxd!`kc&ViWZUhKSI^BZJ&1_ndaX~U^8E-#K~Oja
zgS}!Q>0!`ab{v^7M$~JivFC(>KAVU<=eM6oTFi;cG<oz-FvqmWZ^^w)+AzY}d&V$U
zu?QK|l*Cfyo!Y^~09$PijlHQuVT+=hk=C~u?mv5&*8Pl5aQw!1kTHPkf4LVJIMe2k
zU<+<?@o0X(WLABGOH-=@Ato5=$sZJgK?#jR9sv+Sc!+fE#UweZpIWDJES4|xU^}=x
zc{7P}0>E8UhWWiZ+NLDLI4NX#gN{fi*Klrn>Mr||Z_9H|SUFET(Zo24b;%e1cN9Hw
z5;^~Z-Cx5UYZZ7A&gr7+JPtYKJem6Z<Gi_1L7VQC3)$vlf_SP*k0!crhLH^#`MpdS
zd~>JksvA>y8{ltO@2YoAZ6=C*KcSK--kqA%5>yfO1~=;h{wu))3uW0fjTttFN$99x
zI1Nx`D#ml8KWxFJI3ywRRQ#;;GT`5{z<McNdL%Je{C)~&<=|?ce!0!T9y^7{M))xF
ziz4*2wb&^Z?d5YdmICHiTLBu;xg|+1x`0E@`v{S2MW=7^_lIm@e9I**%R$@|b3eY*
zdI(vJ^kO?Y#Y0X2Qx5am$=6#7ReL@;3>?maY^jH*Zbw#m_0FUp+*x^`LZ8T0GCBDE
z{$!L|?{5D@>DJ?t6%XLl-{qhT*TT?`Q8-}z?2(&nz59^z_AKH#$ZIon&o91{hun?D
z;Xx{ZIoLFv?LXqvd5&M&a|sB}_R>K5>>ub&G#u7h%Y>lQo=Qay6B&Gg_}1`^MdDz0
z6;sXNU|*zL?wu{>z4>Gc$T6h}!;i{p7BPs`HA!<jExVvV4}dgLQIf;<rA7LN!O`xW
z+Fq*?rtA(c+xlX=@sTm0&6MW8mXC?|#~~d#8q9bt`SMWB)oXX2q2l%ni(c(ozNFTi
z=OWeLdlEkI-lXeG08^hHvk&6bl~5*+;!q|{%!fjXrW2m=A?VqdLQ?m$QzLir1Fomy
zFjlcrxjNQX?o2%!w;BoSmyWJ?Uuz6&DM{bod=fa@NIG(2K=!lI0+x^Qb7iMjYG!lo
zaRj$%!&9~(_27d7RhHPswR59Z`t53YNTZ;SHd~%?QwWdX>5(Hx|K2>zQth+&iI3(4
zvJ7&|5Q%YlS)+S)gU+2Y^qbwDSne)NOiGmxnEUK}vSax%@mR+z{GVX!7z&F$mJk`y
zDbuxREPO+g4K9$9fQ`-N@f*xMOWWL_0zS}nXNCoQ#>ns~V~fVfZ%dU{E=q=bf+{j6
zUzjj@9LUvUvm0;q-AP8=R|6c?Le^^8mm?UvMm^Jhbsq*}Y8Q%A4}d`LmXPuh6c53;
zlTmFiMZjbBKEz8ikr&+x7{Xp;0BX8cw^zKU;fQ%~Q4!<Xif;3`8g=g7aO~2FZJfmY
zx@8*Lsl@C>2rw6QLj_GV0#fa&54P;?2o`GuC_mbcC?3odu2z?DXT@g(i6Wz_i=$$n
zT}Iv_rKZUFr5P)O-}aM^O2G^_`(O6d`kn8U%Pek)6T};;P|gyz#-{GY7FJFMD$*D|
zE$x6<{m2`_Q`j|7$Qo3<kNd9D@9dbKSBM)oBJn_%vq~vea7WWfVd=E>(qgEmwB<!j
zuZ{8C2N)ZZMp)qMb-gVZb(|z9z{?xQ6j6NYFOcl$4Qoyoi>c}@ib93qDT|9GMKBwh
z#&*wE@va&B@$wZr<adD8ih7pHryn31O-&@PvTY?-A@xW5h8sF+vf)!`LaLhfVZCg3
z^*mQy@gjSAp*&+8x>R*uM1kC)n;yX8ne-s*kF?tTvV&;M;yCRag1L7VrP#$}u->Ru
z5NwijE7`JEf!BP7ZkgkN?K^;=u^pO)9f42A(I(rR6~hA+Prk3MK-%<m(uX4(gU{Hs
zy>`>fy30}9Hunc+>#itbCBSbeYJo8kV}xh!-zY8izuqoUGy$C3sb;4f3G7=TkZ8sV
zwDkW(x{`x*+ELye6!;noBt=ufT%84HIRsOmo&#?F*KXqhu}JV#cfR)!o02a08QoSd
zmxbQ;GYJBLVe*I5;jR=-Xgc{9u`o7Az`0Y9xDaYVpP924uaY&lGqLt0H_i|q$%bWm
zaLs%XPU*=`ukvn*WJmzeLV9D~d`{$onsMLVr_^dT6pvTMXtos?z&n;8-dL6}YRC;*
z7pQTNIx0$^E#2K7q7CaUQoR2?DF_+i^x7FxBIRC?{HJ@ozWz0ktHfLYym{6U1=dp)
zx(P++8jIMiUM8BRy9fKL6i?z663|;7b;UD8=5oY$0A#(c!KEr4u+a&#HEdZ3rW85~
zw?&Q6cV}L{kx=7V!8Zh;ERUomS-KY0eRB(FnpTq{_L6bhdycj07NHtSukrg3@z4ZO
z!)yeJB))^$hfOJ_zbj6O-12At-cKps0K~GUw3smBHFII$ORyPy9J2$-aAB?Bja_BS
z0d%rsY#(+CCMFriuX5LE+DBlkBxN&XrKUkT{HUjaeb%%Q0VbzO0cQKfYdn4a@2mSK
zax}<6qFdOx@6~k8a0V&Lv4CD|cO7Uop&u^ON+O9taJ{V{UUzi>7YP2HKn_QHdYD~7
z)l|SyPAG;k>S?Q-<Tqbj32;0OFw)$7Rxv%zz@a`ANM}zD^3RmT*VW_D+MEbFs7%wG
zVL2;~&00lOH~}VDMoB-POo3##&{(4kIE5l|lCid>;0RK{mJy`u?6D6<TzVYQG0D1E
zGtA641vfO@m63>9WZo50%bMADJ;3x#N9dS&z(tCyF0yH6OC(HZ$?12YpB@XQ{551S
zu+S9;>7ZpmjbT>>RZn?hU0$z3%z4Ka#nMp8ZL`>|{q0&H1*Q468IH)71p9Vq6DV06
zSbM5IPg%L`kxUMmQ#P+`6*m@tnnFh#B6dCeHAlfxX@dykjTcrr4J#+C1)J}f2DQ*}
zVR22hb6=*=IL3h)1z{(j*|m~fKdzGf6kw^Ty4Z}LiXNi6&osg#y=_ZYN)VcV75SEn
z>ZFe(=1<Edi>DsY&Xk_|rmlN~pzw<z{A-`j)R0>jH}|q1f7IXigHix~O5`^Ui`OoU
zW?e6ZPX%m3xB2wV_b&o}G!Q`|4;W~jLL6s<jLCN*qgKOq_Uj7uDru7BQ}ezHFbs_+
z!#JZ_c!{MS1{)mQt*vlV^7C{UgzZR<VlfOG&BWBfXZC*%<|GLa^(z|kVbs!M2x3JY
zNRM>LL4r+QI-KP=Z1#r3f;9-J^;adY5CS-11qP3aQ95|lFv>MU-QY<ci2S&6@)EfL
zUYv+s)CtKPq1i02SSU~~%Y0$BLvF6tGK1KSk_$S^yw1^SN)8xo;mh@x(A;{aP8Vhe
zzeV#%Ps48^4I=BGdNM|AEN~`s3`O`2Ka9}{NMQqXYHS%HtEzUfyGKZ;xIAWI?&X*^
zVyDD1aub+`KR|Ml9Nb*3l6lI(EVYyM+mk<F1tlpY+h$LhZN>kVgR01aN7eLR`|pCE
z3x;5ik)Y!LZ~Xsrh)&DbREY2cM^g>Rl26E4PCcXVel1Uw{&4%2&{~XSf@7sqt%FR|
z-G&w7n4q>415uze-s%M}_wHUkufxYIHqPS9PXSdhyLSNU(s&@PU7s2O<-!l2pu=vl
zXNc7Y;u!=uV9`-N7QXpS0B3Gvym32aPsX0ai40OReb~V>D5*|hEKvCR%CH#=k;Zeq
zaO=*v!uoJSEjb%z)KAFRNlN7;%YaiE>v^y%^?0D%#hS)U@D;BnVkJ8ZJjBosFeB8M
z%Wd^b)X!%1*TA3}0`omeJ10lXaR3w)qM0??VG181m8hoFTKCD5^S%a&aY2+qNrwRT
z-G}+fbnnrCX?MwBCR(wAGDtj%d}WWN|7I3Zg7=-MG9Zqyw5vDwl){hKjAC-gxH)K!
zZ`?|y7E-Yrne)ajwG(|Ov1KLJPp~cc{J(c@vz9}~ndbANaq(s&0CxXg@|3$sSbPy@
zmiYH1z}_{poqXA07Q>$Vx32#i?Kq|2>}ANzn%^i)#H4$xQ|@e;qB9E3p$;^|OJa_D
z*c!AZWv~o1H)9x8r_xMn*(o7_oPC~1TjyK<0vzI=hBNkImkr786SL4#?t!3uyv=bQ
zkyxY$ZG#*a2{c<y?8%f4W}In#;K4I2$b1O0FuUX{MKAMzHIcV<a9<#eZsCRMaa21-
zjbWM*xk_p_kc#}J$Cg$_C#_Y)Q=`{%(Y3gA^NyY;-@<N!2A#SIEKTceSHJ{-2duCx
zw3XZ-t>XcPD*C%Q0JO7ji#mgb-;)vKmoG3Q^2u9KExuVCmfj!F!4Y&m-P%cqeOCui
z15iI%BFet3l~8D4l^OB%quj9-d(lvJ+?<*ScY3qSp1oS$kfVH11wVl40lP!CWQ7vo
zt0bnXga>H~9uLSJo2do})u>Kxf)vAw_U8-t49TDPW>C%(ikXpphB&0{f9Wp**o+`n
zKTp@J{tbw%5US2w-z35L@1c@ITJfK$m8<`|k-u>mpJ~`*g^)XJF)yz7pd$Dm%BfI)
zimLY&qiSLo5If^HM!Eu$&n$V*IR!!{hF3PnTmZ!STkC^;swEI5Bp;$D_r*IUFTj*(
zqv@-2zPf@GFeOQ{za3Fmtb2gUj;56!-&@b2fe@Kf=&%SrvA;dpazxNVG0@lX{0IXg
z)e4QI)*&d8mTf<j`1NR9%9xHlH8fGIYANRjs1R%`@YNorgG68;&JmeK+DwxrS~@Hj
zMgKsSVG1pqz<1wnT6F=4+Cqj>%ELhjSwp<|22d4gwr}}iHaTYL0(bTo6g)r7<9lgB
z_-nx{up2@ijk-26z}h7;s#|`l3xsPGoAk;rZBA!R41pu`k4Ky5V@qB%tRapt3wK;5
zJojwXQpNoOt=D#OqaR23(UNVRm!~TghJg>prL+upb8Q)*EHcwO+lyT$?B4JOzsIUm
zj=9pVaG?k?uMA);!LFao_pMa=zNdr1M|}g+NWgT#JoBSDUHsq?lF@Cwd_k#p6wOZ%
z(_ZiNgrAFpM(!AgJaIDM#FWAS#^1eVL^7H47MvvK{(cFzRW987PND!r%JdkM|JNdB
zdX82GbN)V^0!jaE0d(S219Yqi=*ojNCKf+taU#Z%ghxr>Xy>D`pXYQaj$bTGnc;c~
zpP-dotyb(l80IvdBcpTPkY*OohL&*q#(XbBT9Vy(xm4MPz-a(HET+33f?tx9zy*Jl
z>ja3mQBOKSHK?<#cwgqRcBT^fHVs-2$al+!!p%P16I_LeWC~%k`B1an8p<xAT1$v^
zmk|F5mTWbN0L{s=PuLV8Vy+J8aj(qszz9$^a3aqV0$Sc)7Ehe5L&lhF6{{Kwx9L<K
z5A|F(9OUL}^p_pS)iDJ+1y9d#GAZHjE$IIgtlr)06C8ZBp5Nu>!BC|lt{xWH&)%ps
zP3#VRK^@dv0#NT3Bl5$*2_vGl8<QD}x^Xs~yLJ&Nqu9b{2dk2;Fvru^$Sl;BGKUr$
z@J%0;*?=%mQ;5|N8L44I?ujy?fA5HAPT%zG^YMYZ#0R-ygYZ%C)#I3pK?Ap64Sm$t
ze>WE(=qM!Q(ycoGuM`qbCPI`gh$|AsyPHI9j3Y8iE#p<aumW;S1%6V)*6d&d=eUBe
zM+Pa-eULUvhM;>^bM0mwx<A7=5I+O)Gaex9roiWv>)wGBAP&s*n5P_J@9t9b3fQ-n
z*Z?lb0cWUGTmkzlh&?aImP@KC101g~sFJA)qhQ;?)@Y2kuL&aA@}VA^|CN}*an-bb
z&`^Ic1wI5$FXVVxLer0#h&sVnr~#RM!E0W2we>b9BlyLVe|^E|kc=5BM#a|zI`Gj_
zFYtk{z!-6}rWv&XPo?{`%`W0z_o28@moxBy88O<<Y*tt4RNFOoV9w{{V<&~ume~SO
z#4Ya56J3MpdA$hn#nukoM`nTXD^vRLeWflJGG)Qp;0CI6CF;iW+iSpTdWO#-PrLNs
z<fdj!`ZTaq$3yW2Z2en?Me>RCoWpy%N+Qmc>9#I?#;&%%F)RdZZ)<QxxN_ST5N3|k
zTP>vqKV}HfoOI27RjlTK%!FN6+fF*fYk@i~PKe9uc;{3qk@mpK7?<O5g>fzn$zl@K
z{W1Suj*wxhQo@#BO6jHh?_vFY)l#0uD5LC*+CfBFA$ZMxC>nnhub@nAl;SPSIE>x5
zcR<1x3`RKdgs4VGt&N*?$RtKZM9#osJfuR7UO3#$_lg6js03ujU|Npu+H^>a4G?x{
zq;Vs%{mHnXeEWoj(s_%x)tdswP2x}nhH#ou>!4QCzN2{bC<@O7&;h5#=5cj9fB0Z|
z9#bdqL((}sB))#nn}pj!rPh^B--V2rZXl{I;hWn+ZlYo-;yef*V=<#ix|&tBcjlgq
z8O@wqz!3<S8+wt8r?ax3#f}|N?AnV{Ce}*G$%rss$vKk3)@Ps@r@ElJ919aT(OC%!
zlT0pG(m#WxxdNyjsq;R<i8cfNLGbW%uO(Su#*<EhRH#zPE~W2R1L=m8GL!GR9M}~y
zzjvNjRm)a=9aUZd(uelua2lG0Mtp(HKCy7kb2P0{#A*OCFgeh(#m%!{hGCRkuTCHD
zPY}e>_Nh2)Y2al2-bGOqpq5&gk?nZLHz{&Gf(R1N{KW~A@_&04#|PTPTa+!3i!MIQ
zdj)ENj+#Knd~7r=5P`aD>S<31fW5mBJ$b%erM1#i&|Cx%k{|`EkB3|GSDC<{yNme=
zZbt0)Y4G)NuL=zjQpx(dLe+C?!wDE6+TkYes0!2T?eL}P3BX_O9d!#L1a#&RFv`&%
z3Y_`CXx<KVq%o*ZscqCWgBg2L_{qWkgJV$`Y}W>oxQD~+71I>aX5>A(yu)V-H_mJE
z_=7!p98{T|<el)ewtf-A!O%FB!VX1__};i$o^DxjdB}q<BpovY3@6k=L}rMX-Uq<~
z5ZO?g#XFCHc?Jc92y%B&lcBhiULh9meGVBVnCMQw2v^bAwifJx{!O5}(vvl3$<Hmb
zQx8sQ9Q<j)&<$tU`~n$E0&+j}fmw2nOA}oL1D<l!{DYRa+9k|S+NV)Xxj>w&6SX`h
z68b!$hvSlx8T08Fuvf7`&e>=%m;UiSB8SH$z<aylW>uEN@p1eQM<^@-)A4J=LjmX+
zmwhfb2j=cLLZ~P4i<YU64G~pE(_0ys!rk<~1{@|>zrN~qeOtaZf^)um??TfeKSOvD
z8TV66CxCa0YRjP{>IfMp-PNrHV#wpjK(79<FHVrlBPk6B^uR3daUn`HOYp-Zl!hND
z@H%flFR1WJ&k)_u^Nz37$+0OWAFnH}LnuxtbDEPDuoGO8Ylf*=F(d-=%LR3~sgC+U
z0Rr($3Sk#LsUt&_d@A3&Pnz35!GhZ8GV9$hu5|Aut9LZ=vUbO?%Pe-sF(S#0(|$tU
z$q`=-3M$UDtRdtYE`B--A=7wt2PRi_0Q_x3yZRW^w(Z~mOBgLK^l1v>``d5nvl>SS
zkk#1W;%_1&<IRApkLVtQEYw2M4@+X?Cee5Os@SMf2VRNSwj&nLcKwJH8EVYlYfd0j
ziwCm>-zBz!F-VgxQ%!};h$d(<I53C)!$=&yhHAUUYjXr6gLy$V;_xg0RpoD65!*_K
zZ#osB#rcMc$g_zxF8uTPzrj!@84l$J$>)F5n`RP7Z=B4SWibETn!iu$Lq#Yv^pz<P
za>DU({Bwv=&98~(=zch2#v^^M8|TsWq3FCfscsle&Zi^LBV98y(;ohaGM(m@$o+kQ
z)}){0fLYN*kj%`-??fh#+7P9fX4VEYaqfms0P8KW@M~L~Ds?IJn%Y2mohp8MQHJ=w
zU7hP8&~r%88%BOWath~xTx)sfV3V#gvRUaD^K=x`*QCP)D;Z)&2H~<(a>ZBZ@v$p8
zTfp(F#C2kG641jq=pk0*B`M|MTg#pJQIEqn78b!}5nJfq*8Wm>v^;QEVx4MEAA7Ml
zuQGKrL$|>l1~c65%yOD-=Kuj64-5m~gS@9gM*}wm|8nL+3S;>0bH0i1rO2H4SQuw>
zYvvGW;ii=<CT0HD@>h01SW=N#zYicKj*f6aVtp{exPGFAemi4AvT}ntw-bX|e#0Gx
zrjBl=u5@!4H~L=QZETftV*gY?<_$r4p`5^6a9iAl{RJcBrJv)Lba%;%oUyuD{_Y-@
zGG!*f!+Na(Rc`=7LWbIWy(KOC_oS-$B8T_uD=w42UqTMAkN3Kf0o2|<<YfST|Ig9=
z=Z|Hwl!N+-F>Z4}mkG2di|VEiKf&I!Irhq6SL<Oz92)a+i%A8row`H9T8a}o-U05;
zWjj*rP!V=-1+a5o5c=^Tj79XhkF_CcwFS`J)R`Mbbn|G1s=R2cThyO`Nf{@BD?n>g
zq;-v<sToQG>a<X#!q)ZJ?AKZvw5;?xI-G^=em)$7`5K<%LlxWC<U5jA)McM2_V;|4
zg{<S|{;EX!o*Y|}q2BGMBOXAp4%Vei3T$HR^)Pp$rX3>(RojxdUEZ2xkKuZlx8}CE
zVA@=PM+5UV)G6_Rw$4s(OO_kA1?=vQi!HYbei2)2bI|^0trI@!?vWR5$aHi4T^|_)
z<T8?u`uAFTC;?xYP#{GAg;(IHP-a4T*gii`CGg)R|9w=v<-LjKp1E_lHN=s<Gi`@1
zWd{sBu%q2TsH!fK?eBNse}l<x(6L4pXf3<Xv_`kZ8OjK`Kpc^tUWeo^0f4m^cS8^t
zc9#tWKF*ma;-~;Jf|=Uy_23RP8zkM^QNg{~ruQCRdQEQ;WZFzCQ)ZNz;D+7_OtSaw
z(1;#D3>P(H=Lt<0D)u4%v3Q5iPU7v5a~;hF2OnR<jKUBC<U@sp{~mUqU?lx=c*TwN
z-`pyV7A_0M%p|eD-*<eoU&a5@@JlGM_(DeFwYl~S88T|8rSAc7j~I)g(&NGA$|Zrd
zC9KT?kiGOo>AGoqxC9eGT;8XP3~YhkfME`;-Yj^AaqW6)HlrND;`H>lR>pwa*nx=f
z?6+a{u*yjgC!nh8Cmd^|-LI#$kLeKYhs3!%iAx`csA;y7D=SJMO>McGW?H(yH^*JK
zcM+K}7>~Gs3{&?X|H|H?h6JmJj!i4de!_$QlUF}X`=wH$p_=8LY+UKzZ~p_=oWPhT
zXdY-Ym^YU`Pbc;TRF~XHh*+|MRR-_w4i>cCe0m@@;v5K088=awh_7POvK$R~yqfr5
zq_9KM{v!8rQV7=^V0~APkU}~TrPQW6VtBsDmdy_W9co?fq6q<VQOb*0%^YfZ6(E-=
zwW~zz#{~fYd%MV?6j#RK17X|vYBR=hv9nJZmOJMJ)NkX%7X0Hc{{OCkAXcpGD7<V>
z7Qdp-bQ%L%)IQ-)QwZMrsK)wIFTMlAWiv3vU(T}b%QDPRh*Mp-G)?!;^Waet6b?n8
zK7cewpa{y$-%Lg8<=DbA*FF{d_9`8BHD7lIVp4|5V>)-Wa;!s{Qe>on=0cgye!f7m
zc*qh-*YLsNn*zitM;5Vn#~|4W3;~42f~$BY`)~f?;|%9cA%=4Ee{K=VUVp))E@|_B
z1v$KC59FTn3V9c82-s#jFyzK(>H5Z?A^onOd`Y|pkv@U-c?(@C&kz`~H@jgWOl}0g
zIG6^Qh!g0xOu<O-oF;@a^C6EO?Q#7m%0$p?=`dS;ba0=`{)^}{nWL-~un%JTmgfF9
zCWMVbWS-sH4<r8@U?8yk^n=^@zjXC~FWdc<Fgjg=XZLx)QlU-=kdNgW^Y&Onm|Um%
zn3C85jq1LU2x?yEJyMuugV6Qm-X7_Gm+6dsM#RnwL}BYM2lNa*5E#m`7gijJ>3%;s
z0n$9-)|vjBky|3&un{iNqvHc4O8FEX)C`Ya@i-wwRx%|J!N8_k%)kHrzCTYI_5jnq
zv%P|;?QSjbD>#7s=QL_PTAB-fG4hQgnN(Oi*gJz`z!rEbQ+U_taR1jVVg`+G!Hl$7
zS3Yr?wtm1uO!A;CTs-uE7NHqP#aJ&(1`}Z50r2vJkg(f?^V0D$zC(IEnrol=|1Kh<
z781H%@Kybf$5p{zRW<)FGJd?SKH{`B)!)uLXx2TqghE)8an={}p5q1!__=;K!+6?<
z78}G^e6z@$WpD$3jmX%1B}^g|XH3_S5oFNhlboIa$eZTYZHBymnge8egNSuD3=_T1
z-X!-MjKDL0cjoUkE6NW~Sm%&->F+Z)pNFrk8^y~UpVHq^R6yAqXFD;O8vj_jaQw_C
zVVE#d`WnG>gr@=!S!hl)m#n}nB}RS5V4+3K=_|jG3$AKwgk{lVM*A$l6_vlB<V^b<
zp|XjnBM`*_Vu9>l1*Z4N=`G{E@Dn*(ctI!JrBbio{#Rf_Tp!1ZalG1;D&PWYe)+!}
zfc#cb)IQ)=-+ohQD|uHxh^dF??=SZ6Rmp)sEX%KZUda*^0ab~pmc%^K5Yj8PF%@EA
z%y*KaxN-3EUa;|ixcNRLZNdVqZstKL|KeS$7V_hV5jt_jV@r^;{Qgj%TB<J|US3cM
zAVdF1NOa?%y<n&K{<YW9-lW-=8lO@UeGIu6`oGbD@eHi-Gs71oH2;0NcgpboY?1Vy
z`tKKi?-ZpP^4bTPc$RX3%gml#5+A%Ck;zY~tg)u~eIOM~fXFS4zHa<l*r*;0Bz*^D
z6om80ONRv&RAe-$wEl#qS`-8W`l%=Okuv`_L%-mC*=G0;rilDfVc779Tw>w8e_xfq
zmkb?}X|&jP_Uj{3n1#M<W3ZRCPB4N>wH+#WM;^VOPedmOz)2uIe61PmPo_c;w?=Mc
zyaJ@I9eW&Hz_&`_M^0_$L-W4lQ~OGqlC=7UX}v%%3tQOh%(ueW$4?E&$q=l-JHh|)
zFg^-+_VsZ>F&&tSBmZvh@u!)DdOz^Odtd*<p>y*^_0H7!UT77qLrxP9HCneiNc9HQ
z=tZ!mg?-?e;=mrE0VzZ6S)uk#E`thj-81n5EFhyk#xNf7C3Zz=+~ag2m7uwCMF~(>
zkN)d7j~~%70)k~?;^m0rb{BF$L?=+)Eh|7RE`GRfWImxtf&IU76BNSKk&Nt60d8L+
z%_^YZ2?*X9Ou|J^{T`@dgM!vCnAGU!9O<c$A7zNmkMZ<R#^9GL{cl>Q5`~<GnPM)B
z<0m>74o@VWsL}X85U2=*KR6xN`#;{ie_k>|*m1Q~X>#NP;^<aE788GXu$KTHqp{%B
zQ0olL$|#mQY(+`k2qW1CA1Tg#eR}`i8UKf{>yD@T|NeEOj0P7`QTE;=u9YO&WRsBU
z$|x(d&{fJxgt&IHSEQ`0L}Zqcl##5AQbw|W=Z&jAeLj!x@2@<#-Fx4!*V*TJp2uCC
z(XtkwG|mcJYxqR2^c0uvRG%hXhg>2n$#?T?R?hZae~LF5w5(z?MxS`ds%}c?pI01m
z4IXNwFE)g7>;G^Pp~`ORlN8j`5nc%Eo508hh^}nC0S?Vrbu%A*LydOp(~+CBN0~Zc
zH|GP$uGj3|x2e8c%E1_tfPCI)StwWyEk`0myn!a%7COF{p)9|v01$L|KrqE1vknZd
zJ^4duE}wW)&pAEBvpRL0J_ReoK19I=y5btea#(QDUg3Fd1`2x7F!^b?tNm-?$K0C5
zG!_zS=IwpQd1{O<su8~6g+RHZUas5)Fo%?bSE3tjQqxM_L%7KRfB0hw54%?o%|E`f
z;7$kjEJV(>RCE2ukR!-b)Jcazl@X}dXAe#wTd*MBrHZHmnh)$Z7(HnRwQN()t@2ob
zTDm%-xd;W)DfSB37s8u=S{CX^sW1h5#Tyx^FM*o8>be7;SV4$=p-dQqIQ1r=iw`5W
z3O#X{>J!7$KPO`nYe+8)x^e(dx$NDmzoYb3RnYLB7yJM5l{xuQeY8?GotYN_zGz^w
zjqV@a;0@8#ByrnkXbf8r;xDL2BM%8wfUssn9p<S%ySM-aTntQQetr@)5}plZ9x_z<
z!_g*yq`F4)-O1`JynIFksELXQ2=ybmj<|4-Ujuh?RI|bNueW4~g@tdQHYRf0mGfu+
ze?jTfdeARU7%LGLCaS?7c%j6yb>@ujC}}#?_yb}Daa_L)+$B^?CEr!wNGT(xt(OvR
z3fBWM{IA*pl@iRc3&h~E4&#vGLI>2ek&PFmVIk>SNrhxI+^oE+ICIoyLhE0g-ikC9
z(Z^j7-d2dTN<6JJ0G46O>^UmWVLWw*-cd<`8@SJizu`*+G48QDrV@vL422@lhIJ8V
z(*V2e&yse6AXkhbGVtXa51%n6v=i5jmJp@=VS1Y;$CeJ&`2WnvktXkz=3U*Oa4(2f
zSC{N&U`P_i;TB#Y`P>MsR22q$Z=&zO2OOiK)*YOg_aF%2)5>#yb-*$T8m&>tew{3L
z8tcK$Ss_2VKB!x%BV{((A)soFfk;wuR>$^p69O$qz!ewspb8lc$-8Bo3<LF1oGr<2
zvKYEYTO)5#h`^-<VJxS&<wr%bpC`;{G5%@QwyvT|^HcxYY7tUtTPfbGRmlBmxi>Y6
zv5rLI+D-cG@bgqBBq{2*qkxxKjOA3YD75JwVgMe{3{PVE*(hTQVUEu~Ul$D<nPif@
z{YQakN2mav`Xbw77^Uj$fuSnO%SdIc)T-g!=~ijBPqT^uG-yV;l?{;s2@$bmC2yf=
z9Sv{=#oY*P{Rk{isb9=HwlGA6cyvE6#M2_{P_yUbco?$JK7SVrJ4mibBIBj*P`7bn
zlbNp9LA6LNFURB4sFXeso;I8l0&BK_n3gROm2-j9ihMqaRhuBZXx(_q@uR;7hzv((
zG`kWKx8KHb8?J}xyZ73>x8k*%WTw%raqdi1Bts}1(uGIbbCf>y2!SO8%@<^3=438^
z5akIv10CI-Re+EqslkJYSOm-hWrLBz-lUV{?ay89=BJST3lNV7(%kbHgeLowq|@}G
zVKEN?Y_HHf4-K2U3dP;Qum|8JF!l*2#aK{rjGMO8OE`>Yq(y@_m;Ly~s<H|RCBBnl
z-3U)}A^gTnusZv`V|5sjM>-1U3BQ+Pl!mhyFgpE@;FiKqy=uuPO(n;uV5iB}O9|=<
zITgkBsmk63*K2##cW1~k5^V<<Ke&UghwB>`ykU(=c{fDAZ|4w%wQXNn_bS(!!fYrK
z1g;c7Fd7BVZtUQ~d#4VD?xSF(LT5AU$2*VV%FITPxjaXe>%f*HPw~r+(qG~psQ8=V
zFs}D$nn!q^T(tnmO)3BhDAf@vo>aU3iV+}3zxT@|HxOY~q2bn5N^MNydk)UVsfO~D
z!d){b`&t@<;sl#GPT{W)B!SvU1Sn+vRsqy|3idxwC*i|@vpWW2?UKREJ;nLR#-F!A
z2{<g$51F)2(IXfKvalNfGajm}6k%^^Qgrmi+zlezvfIm%+XVQYTqR%uKC9{fF4-am
zFoX+*kWzirW!Ic<)b;uU%1MwxPAsaW!kpb~ksBKy#DMB%%yXX5U-y;B%+=}wJZ>`>
z=O#!V;$2+PVi5DZLpI=^zWjQRcI!;+B_Ps85}*&Bi-&%}Nj5|Crx~bmvx`Mdm3TSC
zTam_tq=%{f3t}V!7a~p_WB&;B={)<LKLa*O1V;b&+Wz#VH5CL*__dm6AeGU`FeuW<
z9ZS{zKKCpYzzk@y79?6UfjM2pq$b!5@e)BMD^7d@8dqUQ;bvVE;NZo=axltfnivV4
zel8e%DsTLR(BvaD#i<nS8lh+i@RF%o^9ZE?CGh66_aM}YCga}93vshZ!61Q&Z!3sd
zSG+a0Ps>a4Yxg9=^nS<igd?oygTTkhMz($@ia8HP7Gax|Hf*StXW@8`&|#BN7SNy-
z<6%$9>E=p=(h!iBSC4rkq&d(v7k+TNM;c1xMhJI42Yo+u3hY?-UWOU3Zs5MT?2fsq
zpP|imet}4=10b9tz$r7|235)?*jqqR(7L`C0oFr*UIYf5%g8#=PHFOoKage-^aK?4
zAUi_xXZU|yfr=VSu2h$>kQW1-DZpk#Q=CWR*3@Rh8ZZAM?*7~hO=A-ce9tt3@Rg2Y
z)h6VZjFyn3HQ_TDDG36}7$OV0`)3bt{UAP762;!BTl6-OFr@jH?&5lwVP)2?_qQap
zxQa%6Z3FJzFxdec%xz$o1Rsm*tNXh#nh>&yW;P<_-XJ=m>J<~_x3FkXB&TBt#hw2V
z3Ng*#nW!W$9tI6k{N{=FeQ<jzSpf&hj6+?S$DB2+FTxk^W<81&c+V()3xxRyRYL*3
zJYp>)8+DtOBk1q(V5UcqA`SZd;(0LQBVQif(}=k-GxO%-8-PV!f<{`1%g2Sb8{T`7
zVneSLDM>PtVoA=XZxwO!DeK7{QrRy8Lrv{b@gUkQO=Lw{A#L^P8!n!305y!CXe_6L
z9$ZBIVZS$itY<)h4PUc-Dv%E2%CR!K{zy0#d?WS<+wwsfkEgI8MNd((4_Z3eHymLZ
z?vu67{>BKNQL;k}=N>BDhpuzcTW>qyUn~HQ#8b1Ch~)vaYH{!bf+K2g_yMq=C-SPK
zB2*^_U)^m6nhr}~n`$lw-D&nACbuO+8v(*r`kbT%chL)IOqN{id<70OH1CQK?HAZT
zfb8g?_5t?xC}@-z4NU79oTYI-JCkICl#UvH4b^xIg`QIEj1)YLs<rS3%H${nfWnYl
zk-)0O#u%~}k&`!%_z8hetzwnCe&p+$t&O&wmD(Z{eUaXfPH*E>Cn%fNccR$-1PP|1
zPifKH|E!-UDv-EoGK}^gVDpL9An4tCgtvZ}q@)r8jh55Ck8j0kgS)UNy*l3US`FA@
zxtP(X0Y3Z|VV$O&gRqVBqdt_6!mI`K2M8$7$hkG>2B~I!1(*tFE_nh`qJfEnFM^I!
zhhlsCIFC*Q)Yi4TUhB$t!2+$@)*f#Xk7Hpu!WARTqg0l|yF0DoX~%n?7s0-0w+_x4
zlSvw6k=$uaWfbP@ow_}Tjz*ooCv!A&3QTApvdg{o^=(bF`I2v*9FPl~N4Si>@6ke|
zwnMh?gm>%V<lImgzLwee>Dv+_%gNdVM~V9kMUMiv(fH6mQ&_-s+P60C)cZhC+uu$z
z`BW7~jno0_L7%Z=h61e+K~f21yHLqkYK+>_&#z&M;L_F%-*zIqP%?Eh?q6NGo@Ecy
zlQ9roF=0PA5@j1aj>ka7IjG?<ke0$Ohr;|}=WQPV7u!<`zyTqk>}aO*f#iyglq}A^
zhrE5v9Js}hVP~BBmxYImS7T+`$2h{A+4g(FkYEq{%L?yBgisl(B_BK>)e-}o&sFwz
z?)pM7|Jbt^Rsg7GRy<+aHS|joSXz**VFmy_QDCH^A;Cx;ezFdH23A;1<`hB*gz&kB
z6qQ*Xwd=Emp;axx83#y44v`ASh3I5g+#&fdMFw|ZE7Iada0i^1z>1T5cpRW7h%2JR
zD!$vk;ZuC#Gzc&IEp#}dvOB%^fCx+}QCW^r4~1l78Ab)E3orrG%Z`8?oj~e1I){*~
z@1#KhsD~kK?R`Jk*V)trV0tAYWLD-3?h_13*bHfNolai8a6**RpaOiCjD;Us{`Euc
zN#NvCDu8@-C-WCTcesPo=(U0JsR+920y9Fe>V%+o)ctQ(h_vk?wS&zfO;uP3bFc`w
z1Q~?5`uz1J&q~9uaKqxzTtAyGJ4DTWryc2_PXe6q;dt_yOYnXpfFl<jKV#z#^6?;J
z)i3{61>Vs>UEILiv(n~K?!>j)iJ_=5*|?wjk4-Ow>7?qso}F+n+JN*fGWzEPSw<9s
z?Bsdo=OPY(vy<HjbST5L+{1+9gD%<{%8Ew$7QSc1vgt4p73n(CAnN;DO+>T_K1KLM
zm3tApPUXGG?#xFQg()P!EHM8z3%bbbJFkiu5?+sJNjS;&$JbIdej-(L|5;TIg3Tou
z6L^UNmAz?romg1s01&^80aW9u4}XaWLhg|2INUH2a$>JCr`l{Ok>popH)QDd%?-fG
zopl2G$mhf0y1l{OmKD!M%pl?Kq5(3fUQQ#5Os68X-#u)8Ix9dZQup;#Ne?8s2sD*U
zCSH)3R>0IY7m(vT))AaK79CrJ40Euu01q45i-*CzL<>E9hYb78*ncKODb=xPnl}@P
zz~>d{EFDBMu4;2?;<4ywu;Ie%Q}O2x1C|rv!+O`;xiv|0K4Z))OyU>ttQ5$r+&$wB
zIxL8QNRk)bAqQ**zyi7`_#HmJ(G;0eKAEb_7OHp-Q@Pl6n_j5gM(FOypnk*-OArB;
z2ER@y$M3+n$6eIZ*c*2I;T*MoQ_Lk>^b4ClfU3w8U3$~_VcZEaA}p}-xLj7Y&6yJP
zcM>T5!pyVmLhrWXIlk0R**yhaIE3WbzwNUm5gLLnJOw53mQ}j}m50T;Ab*jFi!j00
zB(tS!oEH%Fb9Xs#XzN#q`rSdwQoDtn8_dRnZkzsF2^Unibu}%=Jy)~jr)))5oPm?K
zVtH$%rPP6JPCDQpYEg0!Vdq1(H6|@0^Yp%9=j4;hp~i7)h>__n6!=hCYY=;3fe(zb
zCG<G)sUSK^w&LjrhooGxoy*A&p|2w=q*E<w1I}f!@^b7dgOJtug|4tg8BB!MBgn2R
zOVKaEaIsGcsBLG+W_Ok4V4am5xJ6a1t8R!)4(5HXazm+$F~7~cbqTuGZq-LcjLc!H
zi%U*j021p;@}}|>x6kLrYQhx3f%g$C@1Sv>;jE-ajik4TC!(TpdJKywUhW2r60#Ki
z;Y9Kot<Ulp4HbnPFCN`=inkY_U6tepVG;)mW?V|Kr5He@1vGI65IiQ?VeTUFH)X<@
zSC{9=K2q!Q`IoR}$P&=Cll$A}$H6$*RT_wyVo<8-@h#EaW$pzlhfVX$kJr$v+!)(K
zn#Fc>o-ANxp;5*ex(oUg-}cO%hUjGeksxZ}Y8TO5;7te`KSx<Al5R#ha#$p2+<nUU
zkKP<Yy``bHL-`N&luP_XB5~)7m3gt{{+?N3#y_<id09Obs@v@?kLGQS=))+-m~eBY
zq~tuNQKe1{thZ&(Tpm5PCIpd@agF7Vnuyia5r`*^pI)N;;Q+k++3By3AoR~k<#|lo
z&jVj+Qa~jb#1WYGA^8||M#CosIv~>F=KN!?!qVSBD^J8@_EOO+Wc!AO?7|SMF$q6+
zmvqS}hG||JBMjxbLaU;$qKpq?Yit3oCkCt{&OI)`WNisS_hn?&M*ixc80+!8MOA9Y
zLh14JN7-(=dt(q7k~4=IYu;IeQV76wQ~^5WD-)*oove6&K-6K=3`TfD@-TZt@3pfi
zb<#%#GzbK`+^nW^?d&73=dM$*r2?FqbTywiek#OpLG|e(Fpnen!c*V7!RV;N&H#1D
zKreSP&YSsLK3iR8!VQ7*ob=*l`T+&dFRN$gQ@&~1DG83P1*_gJQ5b-#Nl-eoP*!^@
zc;6;u6GPnrc2-UX5v<y+H`jsWEfvhv73Z8WKrV@>IfdioOi;lRVKPkne<Pcf)EE!7
zPTIGqHN~N~%q}AjSZORV&)t6nZeK`0#T(74Zrir?y3NoeWCu}f<j`ihF>=R&P<dr^
zh?5CaSh58<B0@e!(+>bsakAey(g+CENf95?EdsI~)=5Qqj>jyqL^!+hxd+|n?l3Tq
z@AQ|T63Z>@C=|a3i$jdlR5137Cw%e{qUHx{z-(h7`Q~C<hVWZDpWGrK36%dN?zQ|Y
zh=dNBcNd)+`HG6q_CZ5WpDyZdNMP#XHE^kek}DZ@7#Zs(#|wOrSR8H3zr3@gioG3A
z6m5J0&C}@b0N<*pb2v5qS}w3-0>7Q}y|VyPIXwrVpW+M*Y$|&4Z%>M)V52(=Rf$lZ
zOIipS0<uh!Ym_GIGw{h;b!qb&n0AJ3)8fxuG!4}mhT9xH+EwCY*$xp+)yQyl#<BdK
z>ulTJ$wd1V#R_#!fsMD}2X+9z3fa|PgPg9KG=_z?cnpm9^*%vkRT9S(U`bXJEZ$=N
zFipl4Mw~MxUxM{G@!7ltJ1*r2o?X#~F<Y?R>eR7avr9Lq9P1;pa;SoxQi(n;mJBQ}
zKvsCUa`6ga&0#>Xo9T2#J<^_gLTXt|xVq$%RZAL>`Pj5sH)h1rIHVrt9Dl+5M?y>i
z1JG*v|7a{QhVY?^EwO>TU;h+~4H-aF(Lv$wt!bjqd^&oD`zac{Z=ACtIhsxKd<5gE
z>XZH{tkywnUtm992m<B{`~o^F>Ue(Uwn-OjMF6d-0ZCd96wsOJduH9WFmU40L?<1E
zknsW-BG?ftj?Cyd!LWGg5%nm+7fK-`d!EfeLE}`3Pp<K^hWZHYZ`b;YVR^M$f~=>?
zWq$-^G6Kioy3`u(l-i?G&MbgAtOEObenC6vF8%2{yAPn9$}uaAGEV@Agy3SER8-J&
zGEgm649>!nkgBi=mVuG^dN7!#w1240FhzxC2HH1@z%>?Za(?(hF%%-Z@6A2A0;>Ng
zI->D2a9|u@y3px)3^4Q))0{8jsEn6>II8;IyoF!P{qd73i=o*Ptk~o)F&7T{f#k|Q
z2)Tpke^G-RJ!3ZXCi1Vnxfoex5AIgKha2~Zs%7-JGplxoYeL1LS<j5?^so<IN?z2i
z7olNU>5kd0*=&Tk`ig>Q`mC$rH}hka*>=WZoUpnD7UL4vRfxXQ4mFZ?PrTxy)ywg;
z^E*+NK+BELR2sWl2xS0+hw#fswxI|<mzAnnkl>B$NpP{WmXeh{KeU8cX4JQ8^3)QL
z{}Ic+_-BJBMQPi7llCpmE`n4M9D-H{QQ7CC{@wHrs;5tIJ$a$p#BtgzJ47|9XPkZ@
zvf=fLb`l07viOox50h~0d({rbY88%IdT<GbOm*U<#jK8wpJ5=^4^0W=5GY1(QDAx~
zy@3o`e`CW?t27N=o&k*IQRoP}G!kJxD(4;OxT9l*@CEqjVkSMI3W)dyWD->184c^M
zT3FUrykhyeTuCS_v6ZxB#+^8kO~}w6$9Dhj=s1r<^t<y&mHa`Q_v*|M9=9+#!JsNZ
zQ)cvv3{bxc1wu?(mz#s&@A+n6!Gh6f9Rz*~oi^atL*JM(2|cNa?h9$p_%>|#1H#hx
zOS<yv&F-nAM)Qe%U2~-ak|j#nNQ*~Nu(LdQ$+X(s?pLK*tPM;mIajiD#4CL23n_lz
z{~*_<R~L{p4JmrSK4@CLHvt&3G|Uc;LI`$fcqp@w_2^GUSOaTqmedFP1x`K{yZ+05
zf-&pM$D+qH=^iHruS4-RNzIm38|s;!3P#P9uM)o>E7JTqf-Zn9Ew9LiNlDzG9(F;7
za7Wv4--)IbV>9jqcoZvb{c<}=4SUs1p}!Sh9o4t1LAs!s-Ri@ieT|Kh{_?#W1-pQ#
zHK(|mBZ`I}2RK}0#Wm4htz0X#)GIQ7H`dA7fWvGk56Bps5bSK0C!oO;tA#jNLjXf*
z&~%jT`ivB{O2^fDraKB9KLYY&$;ErGhLu2n0%?d*oqjiwIcoAfP=SpotRR63;Uow@
zZ&Id5p&G7tpQlb>TjMQ>_Nk+s-%Q0{+^0_<y5+b;?kKN!*!UW{1N*Vl34+{r3vHwr
zHWfOaGzAQqN)0m7ckM_GSqUXFMT3iU)>M|Bq*1s=u9BQF;ixiudoX;wQhdl~0p>bt
zZCev=y>rA1Uo^p)vX2;6Ymz=&dDxl@V{1!4AXsbyQ)UYlK5-q0q#iAGFZCt~FXGvL
zJUa%&A?P0>;I?E%pd<dQ_UV<O+;P`y;olbl`S?uZIT-mTPCpScdxwds<9BGvU>F_?
zmQ($p@|*bx1FZ!}=A(cV;=_+Agk}S3wd9j0KI;xo?(ye|dzL&U=o#sLVlYf@8iHOZ
zU{5H?Yd)rW(l4Ypp?hps8)<LkB4*GTt)3<`zJDju9u0E8Kuyq9*la!O$}v|6W$U1;
z##m^Qo)KxgKdMV>I{TXX^zV7a5K`zdhge4DZxvP{GGr7dp@%Bq6=vz8=DQds^1s79
zP7{=ASCg7wF<GSUxqE6pDafpzbqLbtSzm1O0%~6K??~HuY{RRjApv{l%r+}I5_R6h
zK$^6hwIlRb;}N910nG@nnmY80*Cp+T(1LNWg8lRy8?Uw*qOS6cCH6=KyI!pIh@*G7
zRASg8vt<ln(3{?ypC%-|b;6n}@}z&8_8$MCWgx{P&CyO#$yCQ?$D3?J#(C3!3V;1Y
z7oJDt0bA8lt|_BN7`Mj|xq3M0dk^i-xHb$t9g)tI(y-EOQW6kZnk=OuH?xRd`OD8o
zG$1Q&uAJ_5DxJ>-ze92^{ew<-8(I1EH9%w<x*BoJ%6x}8@Vcv#3}V*dV-V%(HlP=k
zYrfFtW@e8|Je;B%HF64(I8)sUsi=%r9=CxmDgBCt#xuVBC%1}UD}ozqf?Csve!Ij_
z1K0M9nzHC4k5xxOlx#GPt<3se@i7S=e!vwR+<p-TGn>IkJ!%UxH=0nlv4f(aAb`RO
z=a%>8K^r=NqOOk0(t0-pDkT_XsXZ{>UV7R$x57B^{1}Y>(F~77^PXs+-M@Ww^}><#
zypf2v1alC=0GV9D%Lsjff4Cu+fw&Cr_hZys<x+U@$&*zR@fkSF@s7$QpL+AHS8ulb
zwxO7ys`ttj79G4{;=Le3-ROjJj6hguSrnN<&F&qRk-ujPFeOTq3TfA2;6x~@AbQ|<
z=qj_)ZlpyM1ChL-{16w@Tj)=p-6fq?QF9tF+oW*`m7j=dP0S$$ANS&Y8*Ao=f#K3@
zDZy0f8+0^m-=|Bt8gRN6S-K}Qg3x)G)6naFRMHX=!jq+7=0({H30BUGMd4?J<-}3n
zxtj7M`^SWL13>#Qq#t%eqq@{E7{B@xM(~j;$)ML{@nNJ>NEsZKK}HtFpqV|53^wmM
zDC$?d3~7HfMCcNE4G6i6ufNwoqK<@;M9wq*bD2~STf|Ptaxskna{$_-V!1WFTsfe~
zgfnap=2nAD2kGNPgZ>D#ipL3?<Ne1ql#0hHBiR(*&7X(({jw0o{3yVax;vN~mMZ6c
z43)x>QotD|1UUC-F-%S;N!|N847oh)axuP{=xB<t1ktuD+$Sjc5ENE`IQdT2#ac`O
z0I3v7e+T*7Q2C@1`(6pp1u|s+bz?-7-(?L)Ixf5;`7?uG&-@vsh!EnN-W)eOZmH`t
z8J&y{sRr+<vAkaAI*_6?V3`jWW!C7Tw@Wcmjv(`Gm5sz&K3bJ8Q&zozANXW)9zuxp
z!zhz!d(5pQQ0cUfHMC~eDTf8eoZqQEdwf5)3xRlmQ7Gw6<!P|#D=Wc^+r@wEgSwV2
zva&m9&jgZ)TlA<zaN}iuzGq2sx!I#X*UK*6W$SCQi!Iklo<9)Ts9Y*lDIwBr`EX{m
zRUATHr=^JZr;|=$20Vzf&};5-vSAvc&17D*O#rPv`ev?U4B3$D&_BAz_>N=!oMf<d
zTxM*wdsnTM_X{6lp{_GgQ?#UP(1IG}<c68Pqc9utB$Q_k;H22-qnF1YjBS*Si<eyM
znnmMP({4Qng61$I;8s4{YMP%(bRS4^>Qd)eBH!q~Y;3YR5uE4PI;%)$aM6EhxMyOI
zXJoxl#El#C6>2}P?eieqpIjmxshjsyYlqbG0UFEkBgZ}7o_aw#SzD}dU<<hZ8oBh{
zd=38$$}`a4WsCF<;XR6Dtz|n1J^kOcWa@+4Per}1d`^BDt8+*bc;644OQIKGdl1C2
z6Irl#*Mzowz;k5KHA1HZ!ks9XsF$$T@?uKw8HC=7IV<x)Aqxc)5-53Ox<iuH3|aO5
z)8AmW<7sYOpWo<Y<iWAYu5koSS&*{I-_@r3QouUwOgvEx-Vdr7?WGgSoM|CT7l5=d
zM@s~c1m!t-`plXf01G|zr6*GD`HzN0;_JqmfSpk*b%%RAKsgK^su^ZF%&$I{WU@Tj
zdt}ueXm}Eq;%(cMv57uw@pnhRj0<Fa8%~^XrlYYdi9|B}D=x?;py7dAgZ5kl^T7N2
z*^A#H(ZGI^p$}@amrsT)J{H%ldtL!VKu4GY^o-_M-eweiMHWHDf@l_Uk*1XQYc94t
zhgAkaW?Emr8YKOM_FV7Ckn5efV<P=PIuPFe*f7%z$`nC8s)N2>0^b9a<DQ@m7te+d
zPrHM()Lz#7mQ<RsGWbJ^+S1(ptwKDy3L~P)5&V>(bessDLX}u5ZtDhdlgOPi<US?f
zb~g;E0@a(bpB_vKxSP9p{xQ6>E-oP$RNslvp$nXK%t^(h^>@DlSUu>*ch~`Dly8z0
zqNHx4q~X{{;#h{TBm=4{`ixqOT~V(~j8V~*v*GF5xwp_~cKXsEE%y<9?B|43l95)f
z<I!ap@3wWm`xVv?2|@=%RLr`A#8&6xN;NB~tfusj8U+%^@kJPex;W%9t`NANFNl6g
zo3t`r{c<wT&)E^mAvdEOW3h=Qu5)K0f<mXRfWN~-{wr0@ryKFve+_-~VA73SDNumB
zr0^OP`#seBnH0XR(I9D}(bG$zOSo^C-fRA!;l7@=JVlt|6i)X7qWCZr&nOcb{hvU~
z!autCgEL0JW6HAk5l6yxM+I+mj7r%Tv&W^Db@z_gA;{ecrLkL;dmN}W?XLgqw$vBR
zSb|xs*62AI*8Jp(_A(}13en48(x6=8XAh_3^5<`lE74_rm$Fom%bv<|o8jZ=fT@?0
z{wHtVn()Gv5M?i#wtKP`BBMj-yv*2QC3^(@bcpmF8~VWsORa3v@(+FY`rgF)A+t|M
z3{UxZKO3WYnwjYM{c&?PpX9+7cR-a~np_)N)(vGO7+H)Q<7h43Vu;n>3HySaT#$eT
z*qcqKO=wmyT9UenTRG&s?zUnU`ZMgJrr!QoPDfy2%=h$v0Zlqc-R76w4#+wO`x@$0
zbC6n=QQDcU*P4Bb83)XG&!rI^N7n7hUq`d5$4Pc7l^vjV9GfLe7iLPjj>PRW1}2nm
z<LHmFeQ8QVmf9bH#%7G8<op7ljn56KjPD~QVY>kFRX_%?Io)DB?Tm1&tsx`J@4g}v
z)la>L?A@V@@_cV5T0}C}XH}M!9xP;g_W941$hPs2Ur6WbVKfmQ?fDw>b|Ur5Q>Ogx
zD53MrCNu>?cOc{w0pL=`$5|-zCdHCd%`G9-Gw8%9P`A?;f=|iI?4ca~!cD7K`TP;f
zWDh_^XnNgQ7(%Zk3Ee7@y--hKkeoh^@NI`mIDlm+=p4@GIsFZ0?wO<8U2oiaZ*1cj
zIxBnRC%F+6;%vGi#gQ4LIF|Ajd?|biG8gY$^aYZ3HTd)0TjPC~dP|?ttXY4xI_r*K
z^1Y4tgOcF~XPCz)WF7W0(!+A#&@-u2XwAi5!IydAu#MpB>YGKK3XNEYR|kH|)+_vC
zFzsAtg+2Mk6qou-c^e>0VB{>TqN^W9zhOh-#|zACA2_$6&;k?lZCAZCXtwRV{ktcP
z1_R%yGoWU51X{2{{0DZ^Ckm5<r4q{XoQ6md-o^R=9YMMfBjFgm4b>bQfB6324gn|4
z%!u<_jm!CT@|SdUF<M102@l;4#X0uV8c^XtCRQwJUC<l|UDpUi&g4x^lp?h%XZCub
zJztUgUt9hxZ0GJDTo!B#wZ;M(mlP_brsv!|qsV@ix&1XCz7!qhPHcoO;)5nNo}IY?
z*@Z_+d|~_qN~L6Yq4x4|hDP5hKui=>Yxp~_eDmPqunD4>RVhm^EMP#tR!*F(fgLtE
zXUv6}Mr#;d^*vp{wBnJnAOa5Rb44e4#95ZFe34p#ZH-R`BX4w0P-i%z_sc>_?RD~l
zw@(lPCIqmf5YsRRL1j^bGVg(>E<-4u&|LX0O{6;MNWPy}5E&~jKP-BsqyXtPmyRxe
zL>3wcy(^*@=nOvgRHL?oGQ`@8jni2kWlU-n=LWbzHE?1q(LVy@p6NfuLXzpE@{5ku
zK34c*0I~&EVaAaP*5{sWA8UIT@#&+KzTHi<z3QdR?~*Z#Qq8ygWWVCx$Z1dl>RN?c
z2X!;{AmeL7^t}zYo3j4haT_BlOUG%C+t_&Q*5xW8m+NSJ;P;FHT<)~b4cD;v(PDR@
zi>!q5{Z<5yQQUS88?3IhH<iUwqQtT#MqFTclC>DZEBBs7w9;8vpNWNt6E|FDk!`pq
zW1n3-+TH5d8Pp5i^MJ)cm~Q>kVUqSNGNzXH;X+17m{O-eHL%fSAjKq=1*99!vs=^>
zJ)rW2>$ENRUZ2(Nukm)!TUShaexIb0Zi+yXRBBVQui^61&XAi!5HnwDc)({9^G1eU
zDCyYHQJ!6GZGK<}dSU@%^YHn*#SlU5Bpo{f&5!G``!|yfzJH-TmkS0Kfbp*${2;TU
zVsnJWqaU8>R$O;4O0P+944e({XN&5E(99MO#fXELaLEDJ+;FW9%11lr1Za&g-iyTX
z8b&!b{wC!b5q&PQzdr4lxCAlS5v8(t{}9z_XcFpJtMorwlx1W5#P+Fo-hZ@X&lWc%
zqt+x*S*7^J>AYt_fg*7V?ip$CBY6k6;E{(R<_@E3H00Te;*hXQPMNCectNs%`;k8t
z61h=ovh9xr3t+TUaY~7jf`plIeH2|f)m}I~SV0%9Y6?)Pk*Xd0b`!e*yixHp$74p#
zuS#xLf#8zW_B^z4Mj)f}<K(cEBfSAsE0K9#S~$jm@K>yF&&Zw(xiJm_i<n-fuCf&!
zTC-t~aM-s88qAJN9UeMIqL=)sIM|>4EZcFvF~j7HPTZRAr%MdTZqqBB&{d0poednl
z;kVwR=_>$dqTCq~m_*d+7&iL~VPc<Rd8{)8-9(12PQi>|9o|XLhZ3e#j^{c&NE};f
zc%BVP%&UCII1VWlVOFjK@az7{66p6-Kymrhb5<3z38kc0jIIq3P}i9Nhs_l#^!4>c
zic=6DI@Qb@gv?w4BrB?`cqAXn^7_)(UhWZ(Li*{<%?HJ--#bX|jW~Y(7Zlcz6;qGs
z<we+ndP<$Mpb2vg+2@XCy85_LPsf>660VTrQ}4|2*w>2$CyJy#Lw6<G7l;MI$h7zG
z+`17?QB<GVH|S7*m=r$zr*|FNwVfz>K}hq$zZ9$FxSRzwsmPoeadlHqRHR9({O2^V
zf$e2L5Au$b|G}dH1dw!68*PM)qbu*5K$f&ZbR`1F#vGcx$ikhG8$0%rbhd!KRRb7V
z646aG<<I{bIX^o9#hT%f5U$fY>BldozxnlJ@UFr+jZ0p)cOST~KY?C=Y_uMsOuG&x
zP^)LdIlS{aq+iM&F1%Sh1BLXn*IJI)9cYf|A!F+c<D7?WB}X9+yY^~YCH3JZO!fo!
zSS~H;EjF$D+qC9SY1K141rV-&hcT4PqB5-cRMRJJO(VP5g-<lP8TDE^rbT?bkR7u0
z1uE@!-1^yc1wr(3&vKvfe|&0n9_;4cqRIPgs@ZPZT~KGZ2&J+S(?c>IS8MuL80zs)
zfE@j_g@HHbam*wzVX_c~^}VDJy$6d8G!>lvRfeyQ--T(m1DG2P13F9&UxD3X(pUoN
z#to+5syuFS+WX4tQh!NqJ{Vc4j#x;76Gi|<A_O^sIC`=Ring$8mcKBUD7w^cn7j1S
z+oY(k%4(Soao{u_PVbGN^Cb)3wj@I=p0b-T4u#`|yqD*7GS|gdaU$iFpO{4J+pH7U
z=aUdso{k6j=8#-qS%S*W-+mazHp<vPdB$gXCw!^ZUWxoIV_WL~$(yJQMd=wJ7}goe
zy}e||mG^lsmZ9uWNQyD}1}p(TD^m^tIbfl@fH&u3=pA(h6an&u!oets!@r1?KU(O#
zV))Hoz|1wX+>^Edb3o(tnk_O4nVJ^86Q$jc&Q<A26;fdo161%Ei%vlXYZ)--w2J(m
zj%7X20S-+x2==y^S`IZgSQB`GZvd`Y*Pr)l;?Tg-k`Gw1bEQpV!p1trfsUyVxO%*D
zjNsJB?x^@ClXH<&YY@ZXAr<MTfs(|y>u2dVldW*;WrpW3YhV7dmhU?CLT_|#<(Jtv
z{^Hu^B-|d>w<mdDywB5qYi<>o(#syE_aW|C`$b!+lrs*J&mtYZ*7l{&Yg95=mad-r
zs^*-kn)9{hYi*%zW3rL!0bS}E-jkP9IKNplvdUBJKF3zNI<hi0^^#s5RT3K(+c+o_
zhOwV6DeJ#CFEweYDcjo0bC=Ecx{g>Eb+880#|!ff1{K0tZ#<A@&X+e<dpsB06I$dy
zguNUX92|522bCQ#JmkGY``7%`+UnFGg1ct%rD(6bIL5P*olIeIIHXLELwgMdZd;Ua
zEw8^iB`lc$Cj98Zg9lTk)yT@%M!i=pU2;W7sQLNzRgVSQc`toT+pQrB4GbeWapLP7
zMY9EXX&nh91S!p3#4chyVOY)kr7Ra~jC|}^`~-kqS;)K7@|+h{W-=*@BW~D_<lMTR
zux&evh=hWXqI*YI+scwV54QG4(j5^Ujv3Yr`_y688ykO*GG?qaMYlYahnLE2{?5=A
z_xgw&?abJXK$)YX9E4wQ{C$Qp%7jmZK~>O6Ht8pyC61bI@zbtj5|?RpIQjGp)V_kH
zZ1lm4+i>OKe<}~;mgw%_<H&jp`znp*Uf^#xH)KpLYD?p&->JVSp^opgKEdeA?){m=
z%i;rf5tnFO^;@pVm`wa?>)LXwI?w0SZDV(2XCHp35@{f&;arxvckS)|@V?g@-xWuO
zPJeHY71Bwj5j87S+5Gaw8FB-)aWV0H`_~_T<I6W3H=k}!&AjyBW%idH8|Sk5RJ^G-
ztnq;vQ$2xf-v!pD1%5PEE;r7|dU9o|wLI6^3$MaqNP>ccUkNN%3)EQ3&ft+&5PwGL
z0Bl(lof?$bhI@?)ySX!f$A|?vZsb24A|}han>Mw7COU&PLPQ7Odi5cPtvQBj^MJ2-
zIgFm$uTS#F_ZVgsTzGkjso61_!INq8n{B+8HhJ<=++KPKim|nO<T2Lxln1WMj_6;X
zX)Ea}=dV@LCaf)wTK492m5qq~7(BK*_@l+OLd0~jEwaVKTMFJHk)F6>q1g@_;k!2e
zc$FIgb58JI>93FhBS>TC_VN(6{4oPbldd_qyRM_o$3Cca+Me1t%8vVT@y<<kCO-$7
zmUkW=XfifVeYJVYO}dHSKeyaDC!$xt@W*4o0@IQJtmNa65&1ExeSiFch=ljHT;_dz
zwAP5l7b(jUve~)0+B?UV2iyR!mi86Fc^^9VeaA71{<W3<BX(XhF@rRZ-A<P5Jyi*3
zDrkqx&(Ht$tM1rg@0BiZ2D8=a$TXQgDBKiyA3{z++;r(f*DILw5}I<7+J-wrN_|_T
zx6+%3uYXf`txqR@UtPJnPp$M$rC|<S%8WfWU+PTuajCtV-_l%&SUSU2Xf7^hQ*V%q
z#FMGzCgFclwZ&${fBi#2;8@W_+MG^~j3RSVdJSr8`(i6ZQP23lf3@?Ls#xrN{K}wW
zI-(d5-Z1+uYP!&1py=dOFdp@+LLw+ZZVx#UcnV2KM0t8noaql(TwHYP%rd2c>EY~i
zG$+i|aN4)`>~}J0QQs74&IfW_Q~d(U5+Zw~r>+V$Uf)mN;XwF0fovh%Z<6=DoE|Z@
z%Ewl_lm6D@C{P7~S@L;hP18QeTMy}3l37Xpp%o+)hF5X3&r1P2rr@D&7Iud0V(MCd
zC*hrmNObR44eh#8%8_#)t7*3J#yD+qwF>WJdd<8eC%RP*xA3~$QQh<H7eVy3$*4_x
zGK5W4tm@c*%W>j+)YzJ(_Q}xK;*Up;7^WRE)ZrP~^}hD-%|Xg7s{=pCT_)|}4#JC0
zuO-klWam6P_muFy*61jD38k*W1?MYbciRmKU(tz@(>dbDeP59o4*TNbn8v3c?`&LO
zx;{?ZtVb^^#^H|-(2_;9`-;vSCbN0aYBEL&H{YOco;j{N{O;6B$?2+_wAp0H>7-NR
zmW>Co5klm3Nh;Wsrfe@X;Y&6tZ0L#8+NxTO?TJl236RTp90q5hOPQ(vAk$&<)gqLf
zWyLz@uCrSd{-M%|vBcAf*zv(;l(_H1;Mq~WGleGN*~TQEy5||WdcT|4<QyE$*LAAT
z)O`{RHX7GP+EFdmZ8B?JdvRK9(IlJOD!~}vr4k*6|0(wP7TzvlRkq!xwaif~+S|rF
z^>ZN$;nd+Ns*|>7v_jf*J>}}zV+6Tiqlz*)S4KTQ70DZm*PZ^33w(Y*hjQ2EZE-7^
zGx2}p_B&xfcs+6;^0?*H_hl-tZSS}h#GJSEDEMmIYIW@&k`xtFCBKv2a%t_B@4lVr
zSFs<LKLipqDe(!B?04M08fZMZ<g{m6>c3ka<J-_Xt%JDgU54SA+b$}<#4l_!>50JN
zB)B*KW`v5@&^MY%DcY0*<kwARjFs+3z2i)*916v|S}IQk6CQZujw1NA=*Z$s=JY5E
z+AIy$ww_{yn=uw+fLYoUhfZFtA7Iv)H6;q7BQx?he=7pMO{_pyvoA{7jBvXfX4sL2
z;vH`nJ|oD>=vai1rib$S)nmEyLTDDSA2>czGUmCVR@DuquUT%%eL6i3D7Z|zx}o1#
z;VAhyjUdd-hzeCce=eo+19M)P$8!JP>e{oR27WI$zXlCko))bujc-!H9}oUptqH>T
z$8WT#w|9yJR)1mK_z!XsB)mZBsi4<pkCi;WN))V}qMCJ~V$aP@<#5DR2R;|o?NZc}
z9k{(|?f-bUf1W7eTN6{)zr<%S>vFS)M59#6CAMpv+>rn92)TikC4`H$Y*c27OL+}c
zp-Eu6ZCjh1=%$Rw<&di7M&o6dRR+}V62xNDy8XxFY<>Z1RYrmA@Li(4FU@$3>Nb^#
zTNyFs+WpTf%?Fx9x5t;AR&LZH7$*zlV~obh%Pi(TZdu6x?+_CmiO9%#QjVpK9A0g}
zACqC*`1k-8Ew?o<?#%FS{Q`PC?h+!-(%z^$9CqQ>2N@zao`KU6ECuJ(`3!;Y4c+qn
z1grF)AIMo=1+xL41I?B#=%rkE4<0%+2mp8973DY_;Xo33iKdr24|~qObpuFJwaoHG
zAwJ3D8^^>OQYEk7taidU#2!09CDC>=UUBpM(rIwB1Ny5(Pp&t`E9mnS*v0<m=WibK
z{!```F0ihCn_A_UU3`1*6+pQT<mBY!1IGT#<YZ84YHICRc)^yz<Mq2Sjwi34WZigA
zIXoHf1rV&f#DS)(@|t~|?Gb5bHvjaNm@J_*^oVqXf@Xw>*guTJzpgl3#oWSzd2wlJ
z@W|SaBahP3IJ6B5Dk@|F$Ve~c`Yq_^&!5_H9~`!{cfS$iKFicA>G37?VFR-pA6Vr>
z#(TB1Nwk=l)H0Q7c=)Za2<=sM%z+K#k>`h6&=H^BSFCNIEhs`P`u}|)ZAN0zQ>RXy
zH#cYWxOS}|WCSiNDL-EbK<m_F^LY8_l-TWCE{!){ZlHXLD;poZ^o!O`HWt5egNAfC
zUyyReXCRr?9QM*sBqV1U=iR&x+(|U&^>M{TEuORF8PO$5VFLv3w(*Vs(mHEH^U@IP
znKNf>Ay|`?l6sVpk#XC1cig71XnCS^^jg&(QNPKqC^^c!aonHQi1t6S#!624_=<4s
zqShwnA}E_y4r(E+PCKOu#&39^zt<5fFt+?y{J#V?yi)F*(hL+C{Gjt8JU%h;C?$nW
zQd07kXrnjTT*&6v5ahv0C*o0f0r%IcPnO<m>s+$Z4?0S4CJN?4nOOE{VsgvWFq*w>
zC(rt3tM#&OJSdhgM7E}Z=VIzE?PME9JrT?1OS}H3(5Ntm$Vb0?`O*P~1ShuxVqqye
z1WOvraG!7@dr|J8xau3J<M?4gk;Tp9q}EByOTSR+eeCQMukM*Q_SkdoS81Ke#cEqN
zy*F>N+<<RfCZ3#Y%4GAV{_{RaniS2iUzfgp`}Su@!~zg(u%e>kEm6xIm(CEZ95D%X
zUu8l756x{c9sA=1SFBrFWwBEvtk>tZNIU5adFkvZwV{$;@|JCUMluvp-M-6UOp;?o
zMojNz*2UX*H!bzQ6bG@=a?YdxU=#{IEOW5Dy!>r@yAxk>381&$12Xh!QISE{jk{3L
zU;j>8=TQqXmwh`$sBqU7Y;2k6_}71*t_^mJqxX42uHF7pJ~xSi?_-Ao#lH9|y2x%k
zO5#x>q-v(rC7F>Th&`v}#H9MD>vrMkExYhv-a?BP=kM=N$G~tGhr`)0HA9nC;r#jY
zwjZ8yE%l~_VDq0cY({5{d3h+``Kh!j`Aq(ZZ_cXfa!%()tGhSE5%-yFXnsOq#JSn$
zj!3&X`L1{$GL<A+*K?SI8xNKD9p(F?X%^Rs+p+6OV(OjKyvrsMEdPCJo8QxkDvCe3
z``x?!z{`HGrKRPPwRQBz7hg9W7zJbAC6w>>W?eUPM{|+h(Nsdr$gONXy|NVOEK|S<
z8XZ_7Y8796T3OYA;BH={#*{6_2B<Pp?r0>FKVP28b;_pwpF+&7ZtkdrAU=a3+E-9j
zRlR!kDv6c;hg;(Un-7qfSfy=hFDKXjWb^X5^%4c6@Zb71YguTs_*5VXDEw}raWbPe
z+G}*vRgLfnVxsW;lhfP-fu0Y=`}4aA+5cZgW%GnT?5{r&4SPj`0LzGQ{2rQ{o0E@z
zR?Zs~zacp3=D6j)!m9~qN-J}|$FDAzlO2xF-OOLb7_~HBG}WBlKhV@cN$Vt*x40*C
z{eS7=t8`y9EnBp{<jAyrvWIZj|Me9h2MW4(ukOtot?L8iW`5tkeVdSvMm7^j|N3-O
zEc^Tyg3WAzAbM0?uE23bU30@5;MS-(i_Ed(?Mc2O?XSrbo`$Z*%NDC1-??S#zM*`N
zXb&H6s-8FL3SZhie&m0OMgffyQ}bZmy*d~hO9Dp(N^Q}Zsh1DPIwifR4<A2TUQ_x=
zNZm<z^KRT2LEV(v%zCw`ab+ksNka^cwsD6&w%QP&xXx8RyH6U~?Umn*j<n1(&9MW{
z&9E*bT93Hvf7x6LMy<;zDk>@=Ny&pdcI<fj@nejysDMc^#ofDi9RQ(I2ZcJcy1IJj
zQQJX6PN5r7r8{3mv)@z&cjxMn*lJZhv9CKfY#X<B;`dUvJ&8TvI?ZP7M=m7ZnuQ*f
z!O(>X(TyX~T0yl($hRicoYv4BNMG$1l>eW?yI<8jGi2obd&3?W*?#->EoEF>oP2bk
z7^Y>bnuMzwx`8E=On&e!RJC7~kA|zhKj8(_<;}C8;LJoE=UCP7{w6g~<5_#`xWa(W
z(YAiyg8`*`8G<&1kMsTwb8ILh1Hp*>mjG?UWl~1bw;@xTgV3CK+t$XMY$R4-O9+6)
z$cKDM+vsKlQ@Nu%r3YVa1WVi}645?*<tMz=_zV_QbVPpM+=ln)fbX?S%U82UOQ=BK
z;FiPIeN%AeRDqPnO1ledKlATsiI+L#?Cgw0ONM~Tw9@=Wkkl<1gL2UjQ}fMT`(6Qq
z`XI8neR0u)sTpJV!FSUr=e+^rH$A$&xw;`b<5=b;{@HAa4H->W$Gv{ol>DZ*H;(2e
zZ=L?pfu>s^QPC4Yx^H;v*dA%Ft3_fV5t+cZwr9#@*b!P6-+rD^@`?}9LXS3$0SK5D
z2BkwRI3qU#AkWW$mT`bKx2@dR6qLsA_W!!u@7D#r@rVE)12+N|KtzcU_HN0iwFctv
z+C~qX{i>#Ya%hz7#BU9?w5TFzs0sz=?(_Tmcnl2Rn@`JJjS%Gb-1P9=Cm4HU5{v<W
z(MJ}@9WlY#z#WTO7&}M``fL&z?6q!XapSa{yUjEz@_3f3lm!bGyL>2rJDI3Jxl+;}
z)5DG3&3+juY^ImdulWpAlrOHS+Ue-gqpx5L;xmkE!?e48Q;O72f=X;TC*E{9GONSK
zyriMmNF^g9BP1-020(EDB;5*&o;KI6E&2Sc+pH$S1zzC``8KLK-<;CbF)fH)bSk~w
z7!xv*!*_Wz25&Mk&$PxzP&BEr@MeMRzR}&@JX`VRWfN^O-==X|AXTd<<|)gIS(fSI
zoGB<2|1B3Pw8eUJjk*iMzJh5U>bORbq1r~%pHG6Ae8nfm$6;!YN=RDz`duv0$b@F9
zTy=3F!|E^ky!HO4PJ&DSFAFi|6grE)6N0_VNAhx05V#c?^|BkX3{o^ki6c|V?NX;~
z2$$APrt8Qla>S<FS45{SmHbi#ByRrH!EXqcpF$DE9gc4a%RR3B+=#7Nd$vw!D;9^U
zkqPc~gn*8n_Kj(PP8zW_bzrqugnMnH3RU$)K<W_bDu#}JLEbPhSQJd9Tt)zP*#Qb(
z%THIX^)K}S#Aer%PpO0qW-H1`SHO+QM_;~tIUgpdCLij8sf&;h^(17}x;a%tjM#&h
zypC0dU^_LQ<2EFSm@@sg7Iv@R18_(sW2k7AM1lH)uITk+)6zjLP*t?GS4_JUz}0Cp
zm#4D7HUIrAP1@$ApDvOqr%t8V4-ExGj!}obj1s|oh2|y$EL)Y=ml0WUhavB-)%YVK
zo_3i(gI&v5`c}TV)<MZqDom&QUq(vn9V+ZZG%~IXfE6}lW8<Vpk4`8RWLs*EZk#U8
zm?nxl8Q<TYpw_nHY86vf(qE}>5U^o$a53a+&aGY_9<@z13w#8R5;rc-pTMpsx>CQX
z7PS;nnZ{UCE|IlQock`P?z>z1{CS{*aoyG-LUFPl<^Eon;pjetku;@Fe)1EMV=H4m
zkzA~JZ#&tuYBT~<K%QuG2lj$EmrY(22&|~6pgVjx{_Vs5pM^!Wpi~wxFP49GtnI+p
z^DO_AK8QZq{?opxL`f6$-dg_?mZ^ER9LkC&v~6lyKG9;&O?JnwTfYmac4Fc7d2LRS
zXVur{c|votU*a)e0C0V!Sj#D2-@j2kVf}LC+(~*ewXt4I5@*?(r|Eo6w{)5!T?Qur
zQG)~QdO76tKsiZJ3xhGi=uymIJ=%$R$mh9w*jF&b0_0~hL-4z}bwGYRzd0oYir&_Z
zn9)}koY9xB(EO|PpnJ3G*Dtr9i8-@)We=^~5Uf~JrqJdmcJd3J-JVKa1IQoM{q?aX
z>LPe*{f}zi?>299oVxzV2Q4=NFWEM0(hK`rOitbcWUQV3$#yES%$YlH)7M`oCq#@j
z-s$Pcrrvd+HkP=KdCRE@9>X2`b@P}XaI?O$%{(*0)KKPlvF~P#FAw?62&<*n-U-Wn
zy8W6TlViwqBAP%iYJt4yGXS%Tc4Je$kjbLZYCITrJs~GA)mMF+8cr}fa=s+VAtOL!
za31(QAXT7ZVPOG<2I8hV*kAPs@&|dvq!@x(_<$}p(h~6$AQqgyHqYLed~If0&T=un
z3VS(+Vcosp#wqG=Mp=oDwT{_1X1$Wb4$$$i$KqWjQ?Pa}xCiV_zDCZ=Hx3f7e>^8J
zf8||VWzz7FH#kQ+n^CCRMH6AlUQTyAc+;T55ht1u$^P)ytO5SIg2%8Sl@H<G=iGgE
z1lL%t^1$7G8jEWjtB!DDaE0PD#Td|K7YL4g`t)hf!zKhdcjCkeXeC_S-qO)_jVr3V
zyZZpZr=upuzW%GKm9F$hcJk%x*Jk->T7DD1StHHGo(sS=Cm&6NDUjSOxpxFqH3tYa
zcgUGLrD|{1RLKRjqDEu*{qXadA9mn<7inl))Z!{TePhTB$k%p^1g#$;JkE5QotpCt
zaf~fSPpsLvl!7-B)4uPw7KzXl1N%#?lq-Lh9KIS4;NbGy%;BrYoA8H$B57DpSm(X4
zukg~+QreyisWGHFOC4#l5qe!}+goP)5P!#K=dRk(+1Z@N^YgdE-;^fZr&U*(nhOgH
z-vie9r+F4sa{>-OY9T~3nP(XvM@RHO64#^2={`uk-@aijHb9gYtD|eZ-uS>-kW&x#
zk6X;Y{-MHS4{7!x4Xxt6*i!cCrKy=ayy1mi!>+RdyDdk8ipZ=|zd{{*b#yugC9^5a
zBP?3K2AXpk5?k4eF$uEWn?*9jFyTH>Mp;EP<>uz{-oX1rW@uwwU0o+X7HJ9=xI735
z{q6BLtXKi{KVv&I0|VSo!R%Aard*rn6Hoh)yHi|9#oep@Ry4Euglilj!X67ZDXqo)
zFrCKfU+l56iTGQhGnakER>C&Uh}(d1pFt|6ngN;T^hvYT<1M?OG<|4iyxmg#d|8^~
z>DdiCwXXa)V%n(75lz$$wwEtA`{1qm?_D2a@xhbBtc23v79>;daGSK-ck{`<aw%YT
z=uUt9n6@pugS69b^XjWuaT(lK)%9N6@Y|yjolY05_s4W&s+zfFH1&Kvrhjsu?7x0e
z_oPIDy<fo|>r_vUNU_JhCkx)tM%R|g#ZMixCztuQFk5tgQ8K~dL(wuZ_dtJ5?f9TB
zE%UJCqri)zwD+pFVLy16QeX%2XMUt~E%&#Mtuiz>rjlQ1x#%*vS?@q}t`Lk7n-dVe
z<O9eRaRZ{_;+7AaI#yTu*JQGy78Y8)W#ON~qH?~&K&R+7c&Oj)a?FSQM?HSa@rKQ)
znnghuTu4+jTxOZu^A&Tl)w4~zNkjrgzKVH=R@XI)-fPGDy}}#1kb<683u>lh$}4xl
zr#sf^=*I^IPGWO8<JI_up&?rIJ(-_|Ki`?~^X@<Yq9rAv^C{!q^{AO!Cy{QgnYYt>
zhp!Nillqt#!M<(7IZ`T#FULWA{&TAT2$1Xrudc508e&RP#-q-jJsWDO!{`M58}Vi~
zF)8LFNYin>dkS{K4@Ui7N%j2*2C&mh=Z_JM#dH6vyJ+R2xRTvrisXHPrRMDHY)yTA
z{WF#5vEzpOWPh2LxST~Alw0a2m+@^zjWb2sCD=6kjg1hy1JkQBL0*!I3#8P8@n1`V
ztaBf}#K&hv4RVj<!&QCkER^fKEs_@fu54O=^@!fu@vN`4cC$pwr^J&wXq7w58um|k
zzgaGtc%>&+f^zx5Ts~@97VV9?OUQM>9gh)f6W<;f7<gY~XNDA(fuP*^1g8kG(4m6|
zpU7bstuJ3Le~7}8xq2-R9=V6q@+xLi1TMa4f>FWReQV$Mozl?>GsljlwH^5VBpc$-
zO&t{#<p+r#9UYxtUtb^8bb!q8;=DYp@?n9@ILm(Mw!&YE02i!*5~FE}CG&EuPx(Hj
zLu{8yF3gABrl6Hpd`vqK6Isik>~QZ@N^yL!VqzOn!;ea_)w7vT^^z-pyDrEae1!r3
z7^C-EjYfFau3c%nFOKL5LzMhP1wZEOsQRJ_QN<q!O27fgpfB0lHu>OzwMJ`yTgP8d
z0g^JpA*iP`17M);Q9*>X17T$7-tmM`fZI&V)-N%IB7MOg%caE-_UCU2{;`3wKI_6y
z@HY>eK*|oG@K&N3lGwuyv6(8^0Y8piBJCAO5o05CZ)tm@^Ow3L$`hr6<=kZl;U$tl
zhkCNJBpWe>We_~@Z?PsrQ?z6!zHZa|>n+xgJAgy5og2Sr&mJQ|5zk(T)IB1Dmww#y
zmiF-QcoKlOs?-&l0YA|gPIEL+ocYx6U}IBII|~18t?oT|u%D^<gXuxVzoR1xPX8PB
zSY<<o@c%j!M`|S+KFxUP1F#w@!6Bllw6yfnl`HY5^Mr{-j!lQ&tEuo@dNLm4gC8y?
zoAv+e9nxKJKYsjBO4yOoY7KF$uV|KM_1$}ay@)YS2~~{`B%1oqdO2^bTq)%gaLRS>
zaR-QwNvxzZH@W8i!dI_e83M4>7O;)4^n}UhX`4)n7p}7ZeVkQlMA}L-0C_{;fM3SO
z{6j-2BSbAxmWTd+<u=>_QWDD+zt@Vt1@*VA=_bjMsX@jso^{_HNSh>FznPc->aO%*
z^7sR|D8$fSvatz#X4BP@4#IMrNQB41`HRTbg>U?zMgGs^?%G);Cs+rN4|MsL?Cc&B
zlbzqpt$%+o1?LmEozUY9!G9kcTsE$jM(Ox#unu1)CK~1OD=RDFy06t_)E*+Pc=B0p
zE`M}Pj3q;ZS{-GRNza0d%ij+T#{&{;T5Qh*4Xc9IJ1&#&nUXP7N*}k3-qsH$R1_^w
z>Hhd)1hYtyPKK-I#zQF>Fb{5En|f`FV7btHShwlYe%8ijA{K?mM44mtco}YP{h!Sr
ztd;(w3!<<);$P2do(nSK6jAV>#lAp(K~Yg^4$b(Wm8JRqCn{J78*M)p^0nP{fyg<|
zfKz0TiJ;TlG_zg*`ua})Q7VOM(?&$%^x)aQ>duKSM7Kn2EOYPvhqlOdk|diCegAF`
zp^pG0J^Rx%;z}Q?U=P}626uOMMwGwn>^$k@G*fm0KUVC6*DDC$ee16$O?Oz=n0?!>
z!DRMlgkcf{mZ|xm8P)B7>1|X7K*7{f2zZ{Yn?io5N+M6z8Uk{nf<JGDSO{{A+2{)6
zGiL(P^-a43qDsCr%KiIPPSO^;{ji{y@eqY(8MN<CDHVLF-urh@M3FALeV}PPMu+8J
z76{yg9?CtU2~tnq@b3QpV-RNnGsi0cj9Ngk>SWe^BR{SvBR$nd^M74Q7pa<>TFsX)
zmv-;o-9ym^P(-K6o)QsoNEw8}{U86Q9<GCr=x@13PPIYXoE^gLIvwW?Z73;0c26CE
zh@5XRiby0-WBkV7nvQ!y4Y|8JuqhxeNA~82{PR$AF=~m`_}3@z*O!xUI#(X|+g1O*
zN!%F{>f6G0`fLRcA2K~Z!0-92uuu`AmDje!BC3iLgxcDcalk#H;oNN{3%mi4DqUv=
zMDGJ%QJ{fdbpv+2BxnrUE<HZ~_jlcnN}-`>;mvvch!Fq(aVm_0J8;xq^oI`z!wpEl
z(0>naINsp3+PNlOu7Yp~1)X0s9Z*YD|MS1BI}bfx=)#Q^WFeR#h~eoauW~*RFgpy;
zPcvv`C|Fvig<xq~D<A&rJW>(!aP(jA2jALI^tXASL%e&Z(2N!~BkRKc_%ooD4{lTa
z>j4_pYm<NV;*y|&4D}XhP+lp#>i7G!H%+St$YR?esei)%Hg$p+RgiJN`^_5)t|)xP
ze&KL@DNmGD_upv=5s4a`{g2PJ5<mnr`}3!wrslnn)Qg1L_Lk{NKMkLBFwX5Ip>Fku
z;z8|~Ytju$7s!amXIPagl6l|Az<{>7xjEF7_6aGLKe^E9UuVayiL}cV*W1%_N(IxY
zn)iN}ur}ZQBqdxn*`u3(eAuS92LN519GN8Ioc11(r3VHnfAA-@z>r|~URtkia(vu4
zoEz^ON7?lB!N1;?2+M5`-EdesbRO6^-}d#%w!iHDx2s9?0X5^f^yKQlE%Obz6q4i{
zgJAXkkFf8Kr@DXtzY`Uj$4V&4-ZQI^kv+n(M<KJ4y+Vpal9`d6jANXHgwQRKy~!@w
zGg+Dau6OG;`h0)=bsplJ^L~wMJg?_<J&{cPN91&zf}%KajVTCLJP6<*P4EGCG^<&s
z!Y-RW%jDeH<>SI4w!|wiwv-sU_#c3SpR&VJ2|FIJc-$E_e(29_`Ss#*KX`<Bdi#I=
zcK3k+!yLsFASfUpaGj9{`+E-_oTyRQAgjv@+`SG^V-pcM367)7OtG)8uk#O1`HMEO
z5?8so`wCvArjF6x7n(r0`@e9RwW<5AIRb?Gq0IBUVuncyR|@kU7e>1rIQh}3T<a_G
z-(A+%%D%gi(kqf2>R;<$t^^_M=VOV@at0KuN;?DZG_)6S%Q=sAXE;?15C|Fp&tq%Z
z-pb+1@&DlHUzY+6YlP;D{Z%m9b~`VB!fk2&{)kdA1ii-@`mYhpsa2!;nz{M=J5l2q
zG2&6OEWbiL(eLx3RS493d1MPD&q|rbv+F1yfO=I$g(SkLee*^PZV`cnM*Gx>gFAPR
zT3n!&`OlTw^5U`v4pTs((`<jH+(;CU+3)fOMc^eZy4;@uO>H*8@X%$`6Ox$76*bXC
zwL4L{IwZeI30s~qQb|mvwR_8Z|6Ee_R0yaX8Zs{J{_;oxi@@aYkt5QEhK8gyQ?s-2
z5KUl&3V+2j+8WiYl2Ob*Q)gg3aGC#Q-~E}k-zbARH6hZS&wpDCAJ3ad{{CdsU*3UP
zKjFC?QiwZv_^=XrjRKk*l073B*w73mZir~uis3%nap`l~K^H>~s7Gpny!SKZ*v(yr
z^gvkpU#`}|$J_<M9tcptmfFwQ{~_}IK5{CI)G-$4|7K}!f~8@P`<ab<LXKjQYM-m6
zsj0c7^V7&(g;>))jyW=FHJ;fNAtsa7EzJM1Q-5AOr$%6fE;ID_9*dusZTyqjf3<s^
zpi%*ZzPV*DVHe*_!HSt#n{ENy{`>}-Dd+|c1-QE{0IHfswSw{&!=Fh4AK_KN%^tf`
z^Ta<NzY~>iG@{%8^|3#>G@4!P?ym5q?JtETsG<J}4Ec)K4{jk6|M;qmp5PX~#-BOA
z%e+A_r0PXn(+gA9HR$ZFU1Qz%BjZh>9)WJD&kwC{8ACfMeMh#w?xiai|E&vQKeK-a
zDIcCQ(s$>*YIxg{{bvDwz3}pZyi$+RVsuxn48Fw0Z4ud3Y90qcAMWC!q8FVbBO_Xc
zwpW48oELDBCpQ}rCYx)1<iQJr6XU0YDxVsS)J<LcL#Oy}A31TvqX|Dx{pLXZ*)uPr
z0|(4VC7QXmZ{ZK8t$zQ_HH^twUS5+ul?(0N-8z@h+^NxlP9>B2+V8yD5awLTth+T#
z#obFHnoXeXTJ)2Rx%I6$3HO|?*S_4fD+vF;a!FFv1kNy*4CW{b{u=?1u)TvRLb-BL
zQ1B(}Y7dE>L^?NUeM1?PE1&c)q#$-53Xfq^w+<`(z8HTVT<mfwj*HCv$A9nUfH;SM
z{g?`?_6x)u8~>Ni#m`zy?TXo{Irqac5lra%T`m6aEs@eoGWFn3NBRzs@H0N#omj(D
zsmk#U{T$Z-iGYiyLC1r~4Kh?n7@OsNr2+FOf?eMq@%Jz*Ta7QVReR5e$epo~SON`R
zWmT22xjCcTH!TS3NL%z?Ueo41d)735eELHU)URmFG*WjsMK3v0z$k{gTAg;@M0kI-
z1H>BDloS*X{{8n~8SMDQETlIdEMi&elb6u>@}d*jS?1^FQhzhD#@jvFi^f$|ncS=_
zwwKleCxLU&+}5UEd8TO>rB7@T4wXiu-ih6|0SG4wXjmFfLR|vWQlQ@>R?+GYq=f#>
z)!J&)64vqP>FJH^?Rod@+m}>Oz)xrq7!V-o?(UwKmnSJL4Uzwf^3#($qeL{~^6^5=
z5A3{qdvNkug2bbw11bGrb{0Kw2@rhiLM`mnJCMu3-j!|Vg4?EEo!K{RG_?D#(X`ab
z+ESqwj642IOo{*=dnj-G7pr6IiOGU2Zv?Wu&(M2n^B*q32bYK^8YY;Sc`AF=K^#5g
za&G!J7hsAH$wweAoqSOBZO5L&1;)rh2#QH*-I<s{JI?=tth~BOWxVRP!Vozg8><4)
z{=Vd42~e05(h%`$N7U%*M@CE&>$(j@b|X>LD#QQZYlXGNd%J5pSz{m-F4q<&`eT9q
zyzmml-+ENj<xB~TQ*N4WE+Ykc=rKW8$Asp^ZZ$5y7FfL$sTv+UbVzDdF9+D%gcj_&
zFIm^l*+2mwYIKKB*Vn|Gp4k~*)QE`*<Q}BIK=zk+R3Me%SN?@%duG8GxlH;J;?(W<
z5hlb!_Ai$PfPrn{-wWT@&w@->58A-|?q;ZqK`osx+vInn#(z&=NC==-UqjrELxq?K
zfA*j_Q%^`%rqY*wLu(ya!}vY{J|HUet+c4kAl@Ohuk#0Nk*i|bY*w*n_lY^6p1s{S
zL3ubhI2cMK06IP%8yh>?lG!`nZnwjXTn+|*PUeCW^NW<WbtT16GFR%LWNM1$Zj2Em
zg4E;zs27|5Tid1-BXBI;)^ybk+Kmj5)FMMHg>E-W4dH?!o;NSs(H$RpTWk(K^?~)o
z{l6@TDQyr=RQd_i-@#wwoyUlEt&QL?tCDHw<S=+0iEadOIb#G|f<f3>aw7rW*Z=n6
zVu`ndQWm$|)So7qF%Ck{IaaEjI4Kg{1mF@tj$j#i_wHS7#(9vnsKFS=i9(?!I!fmk
ze3X(f0%Ry-5NY8Ndi3xw2Mkid@E!3U$Rqec2a>skg&%Z&3LtZ`oOeGuKV+AA=l=4J
zthayjqoDrs<IEbRJcbIN&PZqJQvQ?!FbSF=%PWaTFs0ltyEz}ou6h{}03A?zb&C7E
zN_KJanvRU!FAClV5J?11E7^Ql;I8N*?F4vAOqAT--LVX#w3oeF>vo{cAJq4%##>W!
zm(}D+xRAXniT{CkER?F43N~Ow{&uO@cU-DQjtDkgQlR5??H%&w&9Ex{L$&?AmyCh1
zg*KE_fAQaM9B`Pzex@#_m>|eKBTG^!qEv-py4=z-6tG<w)xs4B|FZXh;~w2!iUGRh
zFPhA6*8W(W-A+%0TcZTFW-3L}clX9Iqp7hWU7ei~KWfdnH4(@`MtroJ`%0~$2N)kn
zb%CX4C>|9qG`ae_6>ZBMOejL2;hi4QL9wuTs}n^cBRk@w4KZh8`gVT{P$g1BSHnnO
z_ZSg(As9-ILP$5gE~BwsllKl$WP^YF7u>-J>zltpdr--Y!G#pX;_SlC)n=52vtb)U
z;=U_%Kg#Ilm6(_);PTaEYM|`9PIw*k7G@5lqf9Lslw$5L7_36_bXD}3&@MC+xrD^K
z-H#-lV#dyoPji8fk2b{lXZItUo(aMr8DtgIMF!z`+rSt&s4Atvsr+d{O3FYZ`vXX!
zLDMvRyDqVw$3Kn3mbHf~^8$7J)Tu`cO+^dj7EVsf4yU)0Ix<%?d3Ii6FI5N=9;<fd
z>^9Jti`0EL^M2&irkHzhFpnc7N62YkfeukVWN~kxVvl5T(RZSOw;TYpLXC$$UOV?0
z`9ziC9raSUamFC9)coN?q&t1l54YH@fAZoE_`*^SPHIX@&lYOd?{|j<)2yEQUBA$#
zo`*pJbKRY#XWiVP8{HUCjtm643+lTS_QS?p-xU}BSU#w<Z^Io7$Xc#JL1wzAK-$dA
zjF*oO-P81N7iamVqL@Id(YBTU={h-OFJk~fx)pUN66r~RBIGL=5ivOU?twOfCq<P<
zrmLo?q|oiMTJT<CYzGubS`?1tW^DC<K0cR!a!CFp6A2f=6<OI29@?2oQj2|b-F=9!
zJypl&$%l^rN|;Up!{|wn9fT?iBs8R`KMsG(3qB4ADCgz>*>SwmWRb%g<9K&Be)%3x
zHM|bSZA!Yj|3ZYc`RZCzmCXQ0hvPf{mso}AFJ=|K|97%26!b(1U!&>}I%W%<(>qSB
z7#fLfhx1MlZ~5Lof9FjWuIh2S+5Qsk@H!r|1``r4{%aqOGTjmck|%PL%WI+lQiuP9
ziX>}hl)>MR#nD%ncD8l69XEi^7f`+pgyHN*xAr&x_~3*j*cBGnRr}px$>p;+OhHkY
zD}PGFtR^ntjGd>g44+Uj_wn+A$%m$$3-!eB6%3*43MVS}-<Q8SA%FXipJ$DaV>{5?
zm>)C(svSlEd_rg$h!g`|82;J0SXYt78hO2i9`SqC-mw0P9$dbCh2igY<<X;!@sD5@
z9Yf1Qai*|zxe?Zz*MGOrZ#(W@PY(Q7ZUH{u@5Jy(6;Vr`_YV8!B?qQHvqHPoY-d;n
zUD*UbGB6%BdH%IzM_}ass*&=!aU8jd32~7(p!j{|x4kO>evo;+%+G(fG~M$wH<u?m
zI@;7hk75^=MJf*!mz<&4Exe;&kDovbj@RWE>i*)(RRg+t7<*v@awqQ)hV(Fp=L%T4
zU-fkStB+0OD0cw|KlY~+7g*3Rolf%BAW{5%M8<hbHkh)wvlO824Y7cfLa5R%&wQX)
z?kB~80->z@<@mlYk3wAGl83=>RP#)U<&ORSb#I?@g2@#;caC!ZVM?Tx0?>w_ppo(>
zVZz_L|LYf3XyIbhToBp?w%&eIPM9oaTI7<7#c~i{U0PnQT3wtx1K!uGwhe#*EV@yh
z&hFFbd-C1B1NQ1BkJkeE4AA7yEw-u6!FXD;_*qP{Mg7k03`a6!{M_V6yPu=;R}NOp
zehbP_dN6VcX>lU70&Q9@s0ornaIZnvs<YdhBj%KxAi2>F#=ZV-huT&&=Xe`8xzqZo
zWB}})FEn4dE38T5^h(E=q+B+&gdxf`24K*}Hx>+jxIT<I#3$U3+4Xg<Jnhimb-t0c
zZVUX+$GicL3_T=LQ1)JOnf-yKTA9fnXWG6ej8?EEFXB$d?#ft?MrO;6fb;weqq-j;
z5J4@BJpjZ4q4iMMw?JZJ1vJ15e*qJbfSLf9oI4?t3r}~kNfNrDY?E>Q;%>*Mf`<bE
zpv}+fgeRrQEdl7(JcGR#RUQEpQbhHVHD;xpkfY*Pn1&P%)fjULNbj89x$VeqtF+?y
zoUVrfm^44wo-n@WSGDdZJ32-4{=eJrGcXqbsMPZ`+l_QG9+g3JLtO$jz6irc9>9dF
zciT>@@y(l@Zie9swY$9ek2~DX@n0X|*vw2IOv=Z%(D<H5aeBwrxFK5;PeZk9iPg)*
z2#mLLJv0vG0wNEc3ZH*O0J#|%EYLX`hOSblgPsQ8Ej<lej4L&MvhOljop)-==Sg5j
zrSsBd(Qw|ZLp#pa<s8@~GWq_kqaA*E33kXw$7M&s2x&9smX&#S|0w2bALluOpxLJX
z{;y_hOJ(Zw?`OxFpF)cf1vEzRdm}ojpPXTSy48`&`#WyA7ap<~DmNH*A5zB5kSOtp
zpD8K$l>mqiP57GuPf=*+Q3G-k{#6~(-M1b2Nf7RT;M$D?79h943@XkjVaKWaOG}QI
zcm9!A2w;1Uz1uJB_-?Rg1b8Ws>)(ljtn63JY8!Lj?JV${$zaTKNj4N{g1UNpGgbc{
zje&9GKcMi_u`Q7=zyPIFk3drkBEsff&r6JkFf}da@UG4UY86IK{qQ<<Djqy`4*jAq
zbR8u*c{Roiz?zM}-3Le|fGHd_0;AB3f#_y4)|5EK2{^(dP&ed&F59HsTs0Xx_E)=l
zT2jEl=5cOwkU!!@e`e(Kff9Z7Q!R1DIY=oTCF<TiAOlbaL510X*O8>;bN8>oSi%VI
zFZ8#?tR2cN+A?+!ja@P{JjKSwCLYaKKyz>hWE_Shmi8|LcLCpNOkVa+YlF{7Bf=Ga
zNG$sC<7Lv<br~k~0rqMNuA)AiomskMx&=4t#iJks>T>(l)VV$Uf!$}kC$@TS^*>@(
zwMYhO3+ug1<DJV{c>88b{;of#=H&QQQbBB2!!L{o2F)ty{$Re&Rq~f|b!2K2LAi{i
zCMKdZcK5+TR{65fZ`wE_Ve9tlWAjt#&p;)F`tP{i#6r{}OuZt*I=^EP+vVd;>0smp
z3;XUs<p8Z0@%vxgi$ClaBn$n4;4gLe_EP@JvdVYao?lN-NA|6wpp;}hcLEu$6pZu4
zr5GA+J|n2mNt#HE<*rb{s|)T=!^PT{yDruVGUO89Fd?U;tP@9qAf!tQ37`R!u7VSU
zEr|yslaZf~4zD|5D7u?ww8f(RNnOANSpsB~`8bOA@D6i!Tg(p^xv+6GadGsepqL9u
zrY*ofW*6$K(cG<$kZQVanL)F2yLWtlv3vycuT?m)f4lYm(FN0ru0|%7eTHGVj{xkh
z0;$Z$=(@TLxR%;OvNr{GezP5k(4Plmlt)}a3~B7H_=7d@jXIip-ZByi9*@pL=^g2{
zLm2+oK0H4SnFoyzHvk+lf_9+0yZhGu?I&8!@L@juP8WCnfmj#5g65CNwYj%9X3+_{
z^Po_edvpXQ;2D9?0=R(ud_FhjT~_OVE@3_m1Y|5c*LO{f@RG&hNe^)WFR%406a(D%
z6jB!BFP(ds11*VK#g17jDd@kYw|`wlJ|_66(AFC}%h_UVgmo!DYS|i8h}U#eMDzYG
zUtJY9-tGN=Z3;&6BY4}nYGn^@1U4F&KR-YOGN;zz0d?E0V?rCmde2B5Z|z!6@&ka~
zzXK&)<L{drHs8K{8k?Pcbj}%}0YQkvRVZibD*BV10vYsG&PPSNjm)o~5GzyT@f1LD
z3gPoPHaV58_2qzF(E?5FIi(?)Z5yu=j!-THv-a&;x^JRh>U8r6lXVj0<Rbd?p8qP6
zXyEbW15NfgCFN_<4lt#_61>`ztob))8C-%I<&RGW)=h5#Y5%_P>}wuG;O6UO!pZQ5
zZxD*c0A3!XQZOs)(%B82slat)`W$IR4CXwPQ-R)da$uuxfNEe-e}H6Qj%pz1L!X1k
zwv}V#f#b>j<Y?b6)U{6YBN#>-B(nn+3c^MIZFZ4qSUCVCy#f{9TL3QxB0wX%ei1R~
zvMVobS{ckoPmSQ9xkrWfF8y`K0hDhsD~?|uV)z`tIUa8WQ#$VX`kp~=)b>moEEhou
z;eJ8c#&ix0H5+t#bBslUdL!;KH1%}N?t@Af()*MHa*qB~%3Q*m*58+`=N^=Od%z<!
z1m&I2`#nDHe}P?~-We+$Fw@z)ZRcRKy_kt!fy4`Gkplk+QnTv3SO7rF)HwY6pjHy^
zSym%(@b6J43CEWTBIOF?+ndJEHY9JXH-5jhUV~kigTk;0{ga-QJGd<p<iN-O&S?Nf
z%NfxabA#b#)?I6c8|{V<^X`3JnsF)<?q4ol?z1gRKl^Q|po|JB%k+ZOOxLPhnYGN3
zhYCmhD5<FGH)A}cxqz-TzD$x{GDOEwy%}R*xQNk|0;ua66eyHNm4(4#T^)5Fmp43-
z?mG1YtnW44n9$4>HH6Fy$W<>yXj9udiEqR~4*+n*s*swu44O+#KF%7(mYMZMEWD|O
z@#>7iO7ilxnac&+iFN9}kor2*J-zfljn9s?6${5t7Skr^*gyvGWlArdhbujo^T?eQ
z27U%=&szC@C6@7e3sLQ)(DE}5cP7G9{h815gK!?YtQE$u6@JSaSk2Ns{FP$h+r^gy
zNZ!O^xFWXznJfg?;pmSs)-cba>IE|vCKEa%5K;QqQ3y?91Z-$vreC9^q2a(S<x{iH
zRl<YcH_E<8P>nWjPBjinoLX&)d4x>Y_?B<DmM??d9<H=KhNrw<U(meE`TxzbgXt2(
zJCMxmS?oCN4<%sJhLVkUhU@QGc~j87Zx}>Zsu4bCHbos06+!`opXwt>sb#Nu5Ug*u
zaBQ?3T1)niWcua|rs~^5swfp$8)oueNWca``u6qAw{-4n9-BbSB&PFr$=$Qw>A9iF
z3iJMYhL9uwxxjO+V3e;PdR|OPtOmZ^<FA_(aNGv*dDS2;JEpK@XWzmWx4zxWrXBM-
z;_>C~+~#tbXH9eIeC%uhG6eGxOdI7_y+4l(_xb$x)aIA4p2G(ZRse8oC7D&^8#VIP
z*Yle%mSPCOz}vANi;DY21Y@E)<luNBd4Gm?6y{ROM>7Ixc6D7aqPLI+PM~g^U1;JB
z<Sq5NHr_jK#+V-$7w6nr-0#pg?lkq`SlJv!*)gOL*yyp8JBNI9RC`u8(jrm?)VWgU
zYIy_O3`O_tlQEd}AdoF*P+9(a^tb!L6IO9Orm8$xMZT{z4sbq4x;7CDM9~kbjH73K
z&NA%p6<Nx8boGK#mJqJ0LnS~<wVnGy%frDzKXJS{us*{7S-5Oo7`wI^|9vICDph1L
z{adQ%YHCs<jBv#IA&>zi-o4-fE&*i<k-R5Wsgv*@*jy?&<E{@xd>BwM2t&(lK&vHb
z;j|B{;nItUcTo1roi7_C!QO{ypr7x}r-mY<1#4DUk=xXDHvL(A23(T(;%p8zG@YVX
zhe?EZbhU@Mxp~dz_X_28$@S(_8_oHj$*u++7O&^1dGnhKux$aZGJp?vR7;ZBadrRd
z@R8q9nZ%j(ST6pI9M8bhJ`<|uc124AFygVfy`3+^-LkK+r81t`jC9{kH=vO}dv>+^
zN;2oCNzg}fImCl5`~d^OjNp5mgNB>Kh6wwS^D}cW6KfINM{V@DLSk*3FLClYhlw@^
z<F0%w&GixM&5_p<L7t16o+O@M89Z&LKUllAK6&AvS73=GsZ#YYB2%>VN-MzrRY>Qb
z)(eyBtizwzwmp$bBDiQ0A)BII@X()#aL0>wmM=*AjmLDS$8^!2P2>)+Nth#E)Ip!G
z9GSV)5BsOdq5kmUHCussjc}f_ui;odO~FNo*!>~&e}cIV@!||Z>7IWwK#9<)dm*#v
zT4FlBau@o8a}7d$gp)Dx>8qplIshp_i&5pW`@r%$V2B|ybDd}7Uze)g=Eh?h?eQ4a
z^q|}PbZYZc_Z3xvRrgu9fq)}VVm!wqJeZ);o82?2KkKTw-Y~n~5b!AX14RlZ$#ag(
z^B96_YPj?I$g82-x?ZYNEoK;QSiYV>WBq5p1<poJ&%E5~o5kKCfp?wyIOBGc@GAce
zAk;4mSHb6F>pYs{;;1wKnsp*aE1coW-~*0IWWA~YP|0m5Lre$~f|QJlL6Q(zjz+q=
zhWAKTKu$^Ha|E2cbyeefU86}mkyXjFn<iHl-y>9XHMQ0})^R6k#5G~vMSa)+4s?CH
zB)T9WN{noI93FS7orve=Etp0$-d&oWGz>k_W_)xoN<sVMSBNA#rz0?)DSV}H|D55$
z&rfqP_^N?2#JHf(euj8zbc|xS**siq_o*V4NrinY`B-;0k0EIfTGfB@pFb0nN&FyZ
zero;W{?8k;p5ODcQ$AV|WR-&Fjj~xja!TYD+tIi?FM)~iAOgDYc=|oFDFR{s4RZMf
zplLK9AfN&nnsALRHU3dvN=u^>LCm%cjxh!N3>P2O4kjjRk{FP+)>pCLSMyK4o^ilF
z04F$56DM-+iD4xB;L(_9F)94yRO!^zw)kI&2!y2%`CorJM8dZ(c31x}_-Y_M!4Uit
zh@C>pb_G+{2)Mx!ZcaJ$xPN<lssVHKanZ9zh1S_Khz?Ft%mm!+0QC}1YtIE~Ph!!H
zR#E*hV`Zlx;xRe&;qQ}Wn=A(3S39d<_|1v&WwruKAgcu`d#<+5AwIlk^SZU0ZZC-3
z6?9)$8Zbnr=dAT%q9@8WC(BGpsOBFZ#Of7>pf4(12in{m!sVTND!Tf#VBK9+=K+&s
zQ~}~>fOsG}X+ylJ#6tC%0d9S6VQlpY<vlILrM0@N^N7}YpKm!8<So_}fD>YcFA~J2
zd>PNuS>1R;R`%`Pw<$AG3eS0d&v_U;O|PO^KfU%{gV{yRf5Gx3vFg2~u+!wshnPch
z#O0cAdk4u_a7*1KP7J13^bR^mo^%04cZk?evdll_d(o2X^2%&UqsZtKk4WpN!KAkR
zlGFNBVyfNjWNEo%>I8N&-Fa>>=bl`(O{{K~es(yBiAD&5Je@+i>ND0oRzZAYI$z>i
zv8Aib>{s%ZDbK^q@{UCkriEKi_^ci`=NEZwxLWlUvD<UVYGvQa%ZXzta>Bm;TElrI
z)2U%HySM=v%j2b$Jmk%}U0^F{5+oYy7E>b+{gDDf#P&vys<g<<_RvWAS17Cx$LQy@
z*dKkKv4_P^X5AB~-@kO}m`xGP=Vxn<G@xaKIN}3!kTL!k-aULGdM$JbjNUg|T^J9Y
zD>0t|8M-GHttmbwCW&M*l>y{;t*%!#5)f_uwErZcK!<{c^YWX2<^er^b@_chdo<CN
z7eiqM!NQ}ECbM1$-z<Y3R@p;{Uepr+@ro;h?v8<G(AcVik`GD}YMSlu`LK{%J?4q?
z0KaE8O!e6hyx!Z@&CbJx`yl7wnK+85v`2o+hn~I^C~MCtP^D#gJ0TK2X<2&sbOZsU
zfco-*p8H|GU=||?$5^FX;Gk4GT)&^AmdU(d0e=GJ2jotz!YhI{m1-t=zy&h}hnvWx
z_DOEsfvo+bQOczBol4Lj>}QN9v1p~Q%~uyi9mB+T?rEz{f=iYHf|-8Q{uzy6ptIZz
zJFSxWWT}}xnSl5J%?KAL2TeS;k`o_?_->z0BVfjgkge!n&u15mTlL9)3zN-?dM}qu
ztKWx)yPRY1Ubr64yWZ20sawF_bYeIqeY6b}>R=MaL+Y&)<3Y~;%x!_t$-P@e^p3tq
z;lM~mUPP`8q=)aV!0@qhW-aE^$+!<g7%wn8n^x0D^2#3oZf~2OT|Hk%Z_&j#2xjuo
zCmTWz(Q~DvLP3`-Q1A|FF~Yz#eK^epD!=<Ms}y!BC&Z}t;zG)Gb)pkH>zXdcK~XW^
zaxtm4t=Dx$42^}nvnTB>tKKV46}m;qPI1w#$_IbcNPY-{d*IUchBCG=)rHK*>unen
zHqgnb2Rbny9FJ9NaQCZ(h9}n4bJhY>s9^%eoX2_>&iE{Cg5!v`YY=4kq6)$dLnyy$
zbc<tT0PlN=Bj-(MDIM<FY8eDy`zR%8!FUW)%1|KT7D{+EFX+rO+#*LtQKWm0J}(CJ
zo!_-(XmVt)5JfY}F<6VRKDILtS{d$UjA&E$^;eJ^a;Z2bo$NZ+<cz8lfo#>Z;{GwO
z(IA0K*?G`sO;DSIu#in#l4Y}VDnSuynDnkUZUTUJ2l?9F8M&@QqnLi*;_Hx`Xrl(|
zM4CJuO%Qe0uU|Y^1e(HncKgVcuk)7q-%god$JHmC-nN-uG4h~?-f-S2lXB~J3WnSc
zVTB5Op2r>U5I#&;x;H`a+JUq?FHo)D!Sy^uxx=vyD3nDvZUB-kF};qVt)d+AJf!|f
zWALN64}msLBMg0`!1sla`AYq1u8slE@7K{f{RP(Xi-YA*h!4m%M%T2vqO}3UYPpbV
zpD(|-j-k$yYni)<sBn3xUl-~pXqjt}TI*F5TMn3^68?7+^fR<QJLI{G3heckqh=U3
zh*`CoFuYl(&|IS9$)N$v+-^h*XZg@>rC_GSkKTQ4A9B!!Zb5W)?99^$?uFL`C+5_H
z4hzw5Ux8mz@jta@Dri13aE8kF!;L$ck>Q{>FfieEsZe<zi5+yDbjaKuIaEk9;Wpqb
zq2$lp!gM-?XUMiQMUi6iOd*M-VGbo>yGBDG>gK-cVe=Uf8hAAl%X#Ha;aJjxq#JLs
z&Lhx|ecg3o?AYv*@yqXUurdc<I#!^(R{hL|zopHN68S;1T|Zrm+P{72YN_<x>gDd1
zZE2r`meY@#F`uGR9HW>ua-aemQD3Cgs(slO(DRWvw;3+z$avu7r{OmIaX1sBmriA{
zCtGB8pscKLW#ox*!yLHINKgsvXrBSyRzB1LVF{N+Kt*s#O}pKF4^fy72gf8PMT4jZ
zq3)A@9u))aLgisc(e*D91B)!87^64AwrX7bihH+RE9yof(0Ci=*z?cU8%Ax18}`2N
z(>;nhzzPTB@_yMxo8_kxOLSkrA{2#~<%CpqSHraEYhgnU_n1!_0tmsyk0B$Vtx%V`
zQYep+%VXZVU$$48LeK9!S|Jd9MSy7D8YCz5ocbK_87}9Oq3@T>RZ?V;aU3`xNptht
zmn-uyBvWfS*<)ewF6JbMP9CF$ISfSR1$rzG$YI)l(1QBFSwuZ)%&z1^5}BSV73%7w
z&l4~+)pYxopGYr1#DvwhYc_^L_t_KB1oWr%z$g=Z-l`b8&8=L*m+|fdb@S)vdSNb=
zyFTOezir9`J|Zhaq1iEhF^ft9pKvp7Kl^%wz+L0DvyED!IG((73XW_4tw-l)Kr8SR
zz5PL3f?;mPoJbzpsgO7F$1F;<jQ3YFxac!2ZdkMKZ?Z1i=op+i<Zh;yq7bE3>%aEO
zR<&XF-C}HBq@V;%E22S&>cPlhTHDo(+JS{rc^=#MX%buZlE9-oc!tK`gK&}5P0>d{
zO>jzPute**eJrDL8cx`1@T3(CsW5hsU;W0@c+NP^dC)KIvy4_ID7s8yN3sg~zt%sf
zq0$(XOpVmJGXsKZXL(<OevV8P0X~Dnqi!1zhm8bquQ-Njd3M0M&~cR{27Rd)ltEi2
zM6CN?bM9B3mR_L{4#S4%KF@uQ4NPxJ9l7Zrbloc@&Y{RU_VgtSi1m!GKl=PfT;%7%
z-h#kksC>Kj2)DRcwF0_dA<r_EG%7&C=;GOGTAO3XxlQhq^O!26JwmPIgv4RIdo#6p
zI?u_8vsjEBERp#FH!KRY%vxA=U)I@{&eIPM>Rbz`MDYTrgTIZLWi&!S!KmG2hL0|o
z?moy9lr(=QI@(mr57XMX4c!;RS3vDJfZ2|L<yzoHK2<u~5`hG{8pp9`DEwkI65IK<
z2Xd}ar#m(m>Ouq-zSeT^OP_Q}ZZ~L17<cZXN3R)EZo4B}4h{7(%6U4!6Onh<qfqBM
zhyOH5a2bI@ui&Inhh6)WM9HlSTDBchQrsK<U!*8{8Xc64%Hct^8az;T4l})i*A55{
z$R?-FUZ-PhZv=%PJtOWcO~I#61BI9eQR?2$!73zvwylWawNO>3JaaMNxp!8BjOLXK
z^>d)ETwGy+s*3|rDvi@p!u-T+4D_A#T6ap#DVDfv*aj7_6sf27;vZ5Lp5~QzX7WnQ
zE`Ur$_s($U0lzyXG!kx9Mf=07nxm(K7*)%Ap&`U~_}K75;pKntG;JhW$z+E%%*7<h
zmu<KbUc=NQy0nw6<S0Woymv*SbO{}cLjj;*t|cgMCc|owAhu`njOeJr`6GGDGBag0
zpC>?7v4%Joz)ma5;WB%UV>?a;>hx^^o@15^UVo&(kY5<2zX_{(f=<08QSt#Q3^1+~
zCg>UJDs?XgwJFU^$sGRI;hdihaH(F9?4f%dbLS%6>#%SBq#lC`bY8$jwt%9!iMr1U
zSoxP8M)(=3_!4NnVyD@-XY(w<mcA912EIDzh;VZS4vE)*_II2om4A-0qnWb;v`o$K
zL5}T#J$<_HJ~<Wj@t&J57d6>NW${-_5^Kg_!siip*5EPdn2&GkR!3`>-z;f6!{4X1
z?6X;_D&^c~=J-`K9j}RetFztq%wi$93neMu-u=BYLFK8aGZSkcoh1ZChAD^MkCLdv
zV3c}RFmb%e9jSMsp^D8Jq3;+~o7i}R_DZ6^ve0tEIUihORCGE(y2e=-XfmPj<-=A6
z<b`a$G%xS82AtddN(OVO-U-ND8A)E03kYJq2NgQOwu@FFR;EI@Zm5Xv>^pOD9K{<j
zwA%uKMJ0<Vu*Ws=)WhX#Oq^qRpc!b^RwlrS4MgyK!!sQ3Nj^lq02+E<7&E#?9iv`N
z%%n=&pV-=M@b1iYn?ySrQ3i!k8~p;?ngyY@rJ24SI`4%dKW5G3Tcw7KRUDU+=QkIL
za3&3!b8E<p$`(CtYY9utVEOx<pH8kMzf=lNt4ML}d_z9>YKd8zHnr<apa4zQsQ<se
z1xSCG4X<8B2xDeM%BBu)UD>WXZ@^d*JyvKg4{LK>Y}a%T4MpKrKWus;`B(r8s!Cl(
zhO9J#IJRn8hGib+M~lmC^Dc!iAcCoS?qLF9O|8o7Pu>&cAND)$5G%Xz%sV3_>*ayk
zZ1yaZSmwG-;2=Ft(*k-U&0v&awRqN3pwwoQ9a*5cjj8OmsbwpOgwjgk<5Ul;j?5fM
z3)Fy=EnB;*`gPs*e7|00v4%$&Bcz1h$ro1Fu=q7#h7K*$>A7fz7FaG$owCyD%tTE!
zd?<FpLNuT>Hj6h~d)_be5(l-6c{<q*BOm6n0sB_PD;(w(6IC|<%kun#Q;lkJT16#{
zn*jm96iO5wo{KIyM(+X$cwHY%;jy_+j5?0$VZY)Mm^CPgpA{TnivJ3MRupJn6~0Up
zccT)re=Y(gxfpVRo0rF4=`GNX*cEkefFHZ)!&ySp3<^xz1B8=nSBAx7Xk-qh8HIV^
z(dTOjo_3XRJC-U_c+vVwbMZ`3?ZQMm%i#F@OHGN<{?PNY4Vy-^$F61K+|3!ewLVv+
zU-(jMx}>UXbJeOfN$NpUmF?MZG4{|;BxdwaM3)FW9bz+qxzR(o^cs)N;jsO~*9$H3
zUf#+5Zmqg9no5rmCdF7=4PD1L>*Tr7n#nSVd=ej3Amqj?cxS<#Iu6j(yIPA$afLq$
zE6$R9gA_DA6yu<hMIif4bh#KvX(0&H!z!lFhITUBZFl`HcmElzdu<cfMfXQ(4bI$)
znA@lXgT$-J-svS;==Tc*HMHFe^t~@`*|Ace#_4CyyHF7|Te_Bw1Yr{MXpn_vJ$A~9
zOO6$zlfx|NhLy!X2P{hptNTqhexz#)<3z7YPNdj+l=;z}oiDx53A}MT5Q&u19|iC_
zQ*x9@`P`?;kTfznb&H7ieYomex*Ww7M5s#>Qlwbj4Aj_(jGLdz=MIwPWM%)0l)dcr
zzRzaeqnwpQq4}-*&l&OKiw&=5k}1-l?*=+4bxUk<PTODJ_q}a<2E{M*fP3FK)+mD6
z+X=LDs;;ry^uWxa%fm_wvDpOEOokvuPh$LlhmHWsJWnqLi{d8`kg}RT%n*%t?6$}j
zoTB^)Idwg`S<JDsWs-)r)#_>H@ug4Vc+3JbV$~$mW~19H$-!9iBgx)ue-ggZQ+#&1
z)t1+e@2|87W8D>!)bT&X6w(i8<vBf3RQO`U+q4q=@obmMCp~Pd#W`aH%Siz&Ad$V>
zE*U3bE`UN=*ScR@=^2WE;Y9zW)Zrl8*!meR&`sqrtvlYyExI<vGe7WslfS8jZszf~
zE~ak|FVy>`@5l<<_l>R2Re~}qtEP_G`>0%yjLUAMEe)idIhc3ZxDHB<SvXCO=U@Qh
zW4CN7+mZ0J&>t4(zqBDp7W6E6WS<mnO{{`^@tyHRFJKlitJv7c{AQ-YRN7O)^Z2wh
z4GZ+rENF~L$$_J6C(d3oXMgn(=c!zsTt`iga^lb@=$|B-h?b#4<MYrp)nQgPMo5lK
zcadX^GHbdnAc*`$S#>O@jyqaWhylNCf!og@Nrgs-#LaDKiX7J~<DoNv80c|D`kYhC
z720iykT+k-xG_mbNjK<FmUbP&KZ*AG#Ss6QOTzY^={U9+aeOzkc6)0akzg0vZ-6G0
zSa+tzdvv?XzHzKoG`Y39HNM||Qe^Jk#=UP_B~QQLp6#usbU}^#v&-5lJ|`XRxxxEq
z0t`=UES62b?5TqhrdEQU%%`{zQ}-MdE;LWf+>wgo0r_!ji5sLuh?<;69BuU5A^2oV
zb>}7u)X@2bCW*vH;NZ;n9X$R~_))hD-Yr|2u(xJHG$9mecI+ev!ZR!YDq*vkhMA7_
zurB(wh`Kym^Yx@pB!2stN~6d0f>&MMMOBXw(vDD^bH14{A2(4#%M+&=ldd-gamwB!
zOwu}7XI=KBDk>*E^Mm-@1wa8^orh|+F-8-6ay576Sq8SWn{O1+?cR6j1o6wm)+d?1
zh=1?=Qo1(710$d89Og^!est&va5}v6O38SG)sReU-oMo!9lihL4Ok;n{7>p^8eEVH
zrro$|`Sc}!pM9uRHX<J##-hnSvyxl%7RH3LHn$*olG6Fbwn(?eiA7T*545495EnCk
zHm*UQ^Z2s}1z;3ND5@7aB6d#SzE4Ih#S$y!PdrEU6@qzg{UUpODl5>-4nEEjcYi@u
zGG%00HzOp;)#BekXQCWO(OJR+tLJq1#+_eXO_~N^JZrL6J4fjL-884`u5;z3m0?4V
z9~jY#H!74+pEj$485og(*i>QcGf$O>J&mwX9hMpIRfh6l9hhuA-L?lLwrOE&7z1ZU
zm4w?II3)>R0ekZf1U3{a>*;t#Vdw>d_$AFPXjCewkoNWUwzObtHJc6|26LZr>iOn<
z+g57pB@<J@u`XRnK|6Dzn_>POizjun39|%^49R@%Thht&+eU!s-bxK|RxMW)9Tg>U
z4u9WVs5E?QXb|+XMK_N#Q;x;Jn902<z|%8@7K%#+&hJPxBO%pe&V0!4M4R)pl!rt6
zMREor(^v;GjN_}U&9@ZJjf#uw52wT=x(tV4V(x3&kF$kgJgSQnZgl5WGy6{*)D56$
zGzhVnWaDM}l+81GeD;IE@;mdSUgs($Gq>3dA}nX~lhFmDZda-Ipl!)nQ!v~ZKX9$<
z#XH+7`;kHWL#2?%URlu|t|`H>5p0(`fLRZr)PCwSquE!`|79c}QJsu)8HuttGP}0J
zy<fpSYG!+B`_&|;OQ?7dlK#@|N?!FTw<#_j$0;pMqQVpxqJ;4ew?hij<&@-U>2u=r
z_D`z}a`ypY$xtiX3n+4Y(6Ppkgo6spl4wSQT+@f)k>SVXj519^qMDb|XmufzmQW0<
zdm`jusm_X-V%3xurrlKiYJhWA3b2~Gdj5fHe%!`BOV0Ito!-$7V@;=LCR$xTiEX^F
z^e8*e{OKD|61)#rv%LU}H0S1V{dw1%D`1E^<Oyxl7w_p;3yoZ6vZTJ0L}?G?mK%OV
z^5M)^H`FsU*hY9H!`(|{b?D4vNwCIjt!@wB=XXAOU`Ht!G4bqJeVNO=sU4KEb?#j3
zyXz`A2;tZxzO3dFz(ab{ro*T;`7WQ=Rb9+%@rEgkoSphkvEeeEl&Gf@ajHJkTA$p>
z>Fys8?TB2O13<e|$CnBdkV#NoeJ{=hlYMepimLvZm2~IHJ^vZ{?I5TawHj{r>#uUT
zu%pk%7y1gmQbYCNf%Za6kG6Oz(D?dg>?1)b*=(ZtD*lOlrPR-HP9pfcq9E7XS%tE$
zkK}qw%%;<}Sm-~M{vnRaL&<N|KzHDY{N?e3SyfCYb00Cq)0~drDgD0bW(Rk@NJLF(
zFj)E|7xe#R4@;&~)`7Zs`Il<<IS>k!C(#(NNl|=aDi|mvL8HaNvGxrxHU(H@{ppg1
z`*Z9c8ia+`U|y&hIh*~M11z9zGLnnG*2T|9@Kb#k9Kj3B`=k0KTrT5NP9wU-H-=M^
z-T_0P{sBj+`M$%HW0ooFL9G|m_m`~bxu*;k)>Jbe8G6m(z#8&k9OA|6i#ZaF)cOy=
zB<E7vFS4ra(aBf40W*^Y?U_B1*;#hLG+DbL%O2a%8|(i>$ga9;gYt#QwsTGGbQC}(
z;f6EC+b(}L?Z>P;8MO79hVJ1nOXOncZ4xN=(y6MU)$t2Mj)_2xwNVdh9N9w%=6qwM
zA$GFcH$*9VKElw0%Qh^`IbYHb1?7*x9NY`Geh(OU<52UcBi)JK3&2h~<`4;Q+iol1
zaFOQ5-3uM70Fh~5n>r9Orv6UTZ~t`A(?q@LA<nd+7-zhP(1;NUK!R^H1M@j#ipJxH
z**<KqSS-g$#w+O&gbQE2FpZ=zBi@x<yjm3>9|!|gPtGj{W^Bs&?>jb*cYc3xcl8DI
z;Q;UeFRh7mdDF;*ha@M-T#qHdkj!ie7)<ukJM@D1a?mS5EPn}cQt}JKF#`%d%dlF(
z7Hll$sGH%`&6o4^sm598MxqiiRjB7^DegTL@pcvtu$f=(-2>y(UL_oR#<VfG?#$wi
z?1e{qxFGcqqnV<%`wkI%2cd8dbNb{nT)!)e-2eO^Cp#9G7U$et1<~7-pyP4_T=H)i
z85FE#nv%=Cn#Bbf{36yXl}(gAaKwfeVgxbNpD~Y0Q`yu~6twKDJ!A$t<*BuSO_3p!
z{#9}{u%BgLyTPLS3)}$PLyH#y0LjGhXi&MNgf&;MT6ABB3FgE$h6`bgroXuWP}MkO
zM|kkXtaJC+`VlH2-nMs*<4wYGomW-yq|e~@-N}?Htb??+FuHW9+v-X@9yv?%S=2{C
z>^#K1J&2Nb^QTPl%m%v~!o~FGF5eScC1FMzsAOk*;3y84w@X)rKd`&!9gFCtOH(<h
zf0!r{jF#yMO+c?0l&N@3gV6UOD!K6cEi6VyRL%J$QhhD9#&!RAos)!2^Q2JMHIl9V
zO3?2%?j^ZAp))71plRG<1#FUr*~br}4>}Nh8>Cu>F0Zph^a?i}CP5~_{3QMxP@X=|
zf^S;Pv09%fSB!Z@!3z;B|I>-8hF5@HD*&H7>F}qlbD5Q>v>HD4b}q99$}?bghi1ms
zbDc!!4gz3xVpR*@jH@<Y)KgquP0GTo{Cro%_16z%I@kMY-Cj?Awc_YN$=7Uf#U_$5
zBEgFq?Wo>egEv8UlQePD$Y|Byb@!YNdDT+Pfpylb+JEr)WxtmtiEdg+B?*blmHnen
zR&Ri(;<ae0D7fR4nX|!st7;;2;<KyAgrKD~#-LI~%C7KHcOsen5W7x-m{-{K3yp(d
z2l`yo>2&Cv6w}K0xO!3RXO}be5bxcdPi=ua1fy?j-X^u;S!Fl$A*9O=xvBW>AG(py
z`B?roN9brv`BBI`WZye!ay%_GHP|~U-?IJd^hCtl2YkMz@*2&e_yQ!%ao@(CKDy^n
z45uNh5w_Kws&%;$=Bhm8dp-HeUseRVg=`jOlXJd4ZlDRfK+pr=Pn*LbS{9l`yM_Sz
z8hMlWoK@%9hw$S_h(Coi3hq~x3>xx<J+Oqj3eia(BC7D7Ac|-FRjgh~kumlyvKI#}
zNcL?4#FMr5Z=;k(XEStp>APr+uA-;VciPQu+R>WiBy$18%z9HKO(2EZ8^)^5&7=;L
zsIw=k$OS+3(&bwSZO_19*4bd)H77Z(qg!)KYHA#eI?I(uJhYe97i+Z=X<HHLazO)9
zHXUA#`6e4d1`JIaPmFlYo4p&@#7=V6Q<{Je+19HY=^4F+uvoX<@2)pWr`z)=S5k<I
z+{La$+G1Q2+o%9y+uG2zWPVk;=U)SbLFAn0*0(QBRXLIg7)t<Db5+(%STHrm7C`a*
z$ioN=8&jc?fkL}f!OsCacl4CJdKlB!K+*l12IlZNnSgsmWcH`VJY;wm2ECangeBs~
zuM(Ouu22r0{HoE7Hqu$nD=>N<f1ju0ByY!ytF`4FpB&ETS6#YlP1iJR#PlhjzxrAM
zA<dh>{Ff$ypejDiekBXFl75ua)u#?3>|ET!@dJhCmLliljS8zVaz#s-<$J)%$XD4O
zC)#=ex16e@@89Cmny4x<$uJ&Ce*G3&1ja41X9wuspMWeN^7B($-s$dqLhf62XKPYR
z!22ERkyS~XojOzKI`OL1>LD>IjERG|?V*|v725s<c=znnz6Z&T1aG)XWP8<I`rt!7
zTR3`hej)=~*;~*jR(L=#It4Iqn-P-y8-@2S68b5NLMcEc6oU8OFm`>RPtR6|iJ<s9
zF*y|dg_cXm_1zn&PaLeBtK=y#oa+Ye`xB@ySMex3&I{jbN?TAvO^7NcGrYw$!k0LD
zpOSY&+(#NM+18lVdSiC<Yr5VeTajw-_~#n$1WFpqO-2$pwjG&&ytE)VtfZ;f4hd0z
z#$9L5wmgRUqMNCebAK|Ja~ed~ZVDEp=XfhZ0p&FUo(|tn!OahmfC_lP%P$IkEOgIf
zg3X_y>3qYz9q9e|uodxgL$d!Q<383rc!Cf{w?MmD2Lkq4s#z~KYh>wY%jTHR)v#cH
zz+TaeE?IK#P(>+1Lt%o(l>tr9J=mYY^j>}hHe5V2mx8Kve7~ql(=RC@>mqo%JNU;r
zTb938`Bqx?R_r_=9?kE)azWCY3!Cp;`KYa9w%_h$d&!xCa=?ru0q~B3@N?xb-LhOE
ze|Kj_Hih+9GzXJ;d~-QRaMqeq`?J_%OrNsM8W0#WtjQq9$Y)XEs|J09U8b5$G1SuS
z{>3BnW|MCyc4d0QwApGm{E)x@xj~AJhCs*belsoR2IVHMq34t5_|s92wOQ&M7e1U`
zR?|-%4*=C2ojXgHo?et9e%n1id6lZ9BDqZMz_wUsTdJH+^92S%>y|$Q2!(SZ2<%vc
z(yD<r-r?B8Zt1Mw7_Ow?M)#}ah`URBK*2a#M(`j$Jsoub$tlnE96sOp`S@Hc<$Bon
zIZ|D93c*8i-YZah@Kt08L|{dch&1%T8d5aQd3=>hx#J;s6K!QAjI28m%P$OWa(Fd&
zK%oE5t7?y`8BNB8dlWY~fgC_k^f0-{rB7^_n0!*i?`(R(ZEUs=Bxld)M57l*-1mJU
z^*+R1rEL~_^+xH6sXX!Z;>ya2)N`--2Qn!KKwy<Lv>nM8@5J@5X)Y(R`3Lfq4cLfY
zd8OwSu134fU+y_z;t#e>A=vcfwgsZ*+~XGw4F6$E&&jNUBE7>UcbR0FxlCA7dCH_d
zluO|k(^lGCq&a+Drxy0*_+#9>j7{e8<PGOgZ#fkfFLbIBmAne(lpm+E$cjm4G_A<I
z{7qpBS(y~cNGibWv6qavbQra#iA6D4s1c7lId2$v<Rq*~bo{c^(=|z)=rAzn&9Du(
zI7TvmL{b9Z!LMg3NDHZ0`W+^7DzmS{GB;pGDA~eP9*?OiArrWG<+LI=4EyC&QzX18
z2<xC8TxXFQOPUjfTMhLVPCB`;1NkfSjiOm(3_~fC4_UHbl_QO+iH{t>IzImlvFTZq
zzO+A*L8Gn+#nXAPXW2eiAMB=ZjXOwjwhm48VRnVKQ{(*psiu+?w;u8w=6$uNwcJ8g
z)F#7utZ6@4X3huse|F6oy?aFDz@cZ8m)bKz@u%e*34~u5J+fs6o`7W=^LP<<h!{f_
z@P8i0gxQG2jpPc=ewy3S5(9~%FsIy$a&sZ}MQK&LQ=GrnKtxsU{w%dZ7PB}-7xt{a
zagj8ffK_(A>F^`1u3)OjoG}Qa!Pb0XWS;l7q$zX2iAlF^pt_Lbi^mr3U0k;FgjpLU
z!+Aiel#`#*hROf(CKGk1d9C|<15Tb7`f@VFA}uM!mKq%>IZ&4I=4t$ac0pePCZPwh
zN>9$#w_y!MqpoV<iNxYrhLYT>EIw|%M+;wq?x-T~Ybk37Dkj6&P$bmg6Doij3>ToN
z^ZG@$%}61n5M(`!`WZa-j`cThB;1KEB8B|+y830Pmh+zA8NQ^>+DS1t^ptNFuA_BW
zs#>Yaio|*8DS?fJ*1f`qN0aAkb+(rkrjWA2l89*Lwz7gtpcpNK5S`E?-~-)1N9&vk
zwm|%~PM-Od!l%_2>=2#?*R>1JMAXY=(W>YT4WpO9v+Z;eLAOvr;x!p5=_yByp}}H;
zTth2S<TZk-fpHB%x@jGw2mNlBej6mL-NUQO$R+Ht{;lasA#aTfrz(OP#5nc4WWV*e
zljr@<n!PLJ?^zLeA^3C)6ujm^UyceD7~PO&W|7>ltu8dO9OslJamO%LzNDAhtPH&F
zK5c`_ZpmV&;R?oM#<b08A=yGR4harIXI)urSY)T{6&7!(Ck;Tww_`D9Mze5A=<Tda
zA{jreH%#6u%b13SqbxG<m{0EG?}XzFbXFkX!XY$Wq<IiBfJZ?5{zKus(h$k3RPmVc
zl9YGp&_=BNLb~J??DsiC26Z->MiVrfazTdK<7;uU+tznWZtca&kYMBsfZy{{!j9!&
zm@AR%f2)#cHBL=jX!xnl%WLFX>LezI1wS(_C-MOi{Cob_E6ujr7b*kVE=q}be*3il
z>755Po{ZLHv&)}RTBVB}x)%>WtKoN<Hwhl;aB7<{tAfjE9nEVIQs+20lX1&f<w6W@
zP6K5kfk-9ld8JNJjB5C@N}x0z4_bgHG{@%i#a56v$pwr-J}mu~p~}hNj`a2H59S=q
z&J?qYVbvQ|(eijV-^mo7*&t@u``~JjregIX#;BfZ`jzeUpcP?7>~*>m=sn%Q1Mxlt
zN>h$!M)ig#`++g0X)^$@thSU0-D*cEor&mt9Z#q>z59-psX&fi@B6Xsr~|Ep7(O-r
zVVG=g8J64*<s3KGJt3$(6ssUhmSr}zQm|#J_rnUYVDWab5@SQR>HHMW@0%K5b<nox
z>DI$p(&0Ce2pI^c3@pb|MSBv50{JhobPD0u#3ag<*vhJ-8g*kero(vEr8LWej1%I8
z6EHaP2S}L!tNer^I3Z6vd>w0}796vv8_z6U8^zfbBw_eWE*y38;vICVjPj^vd69yY
z&`4+gki7|-Tc>(_>ZB`^7{`8rGh-`FJW|(VImBhASc9L5R}I&tli?EE5}?~JmkrJH
z58N^amfDDp@5~`<5<~pF4THR(1XVi=QB>&Uv!iGx4ZJJXW7?<5WP}%3SBFBC#XS!X
zIzH)Z$cS@S8dXBiAk+4U3{o~dzLZkGfX2AVVXw?U8Jzjdn@e?;q;*HO9JTE)sj)|c
ztm0!<ref~e`k|s_*B|Rkh&KR)bg!2fiidV;MfT&#5s*E9*YUYt;$s$iQsCo1HQyPJ
zgtG6s`Q~a9s}c@Ms<zM$P^Z%K4k92JdyS=$K5-dxa;V1admd}$aDL2{RXt55h9yaG
zN31pk%m;<I(`U9rd3z2}o^x)J380^Q7W@2QQ@th4C@+4Z5gkFeeXx8SCV8f}uoc0M
zFm)N0h2bokFL8mUz}WTFGI7-o)Bwb55n<;#nEE5(d7~W@4j7_Yrs$EA=RTmcgd}Fn
zG3?iTy`KO)Qke13TL@dWS(HyI1tGCM&L#9r*yUCz$!?^zq%M6vM3<s|IuGEJ(&HuK
zSSGa;N&D3WAwo;B)K_d{E(G05M)~UZsp&@K>Hl5&754c&rc$J(u(zJeldoDIjj;=4
zxsYzf!JzJo9<&Dn`RQ9l1tX2|r#|qhF5AJ-E{P4gkT60l)rE>0i~xIt&gh0luBqbW
zX1G`nIaD4wQTrKAI3|7QGF&b~wK$Fyrn=aw%Fs^QbA|6sUyeH7=<(WU3Ajel(1}yU
zBdOCf(bWZf7|!N0=6mswsaeE6*<L5!vGwz~L%mL|iu^wG9n0TVMMR6MK;$prYn;Ey
zyj7PwHj`tGC}@6qx?o_2Stoi7vp91B<~5+Em3DFrnGl)+-Enf<Z5he^i()iyAxwG#
zhnt5<1=Y9+#cw1ROt+zNcwGDOmCa{y-|M47ezK4%taI)OJRzsz2r!v0S~&ch4S_OU
zLR%alm*x-08K|G|m?=p%r*|arNf8vbA=Qym-(vgmL0c4z$In9xwo$+U(0t6WkdKY!
zJjg+6mv`8E_wJ!P`H&QiQRjjxKPRApJit58@717ddm(YHGgCXX?dxlrOQQeksS;I;
z#Z0Ww-6rKXOUA6)2nm{B!wSp?3eRwY(=q#K;ZX9@s*}CVfU@87`$ki|8N_WTlxga~
z@A(8yl0RFkp1heZD*s{nAU-2qvH~wHWvsAMwjdP9^(CBrdQjdOwl|gh!C0L*-#R6u
zae2bw&NMWt6heVi^`0cUgszg!;Pope_@?5YR|~Vg(uj#Oj^l3MtSu2Wbq~=O(z`(8
zO%a^T%zd#@l>Y{}!MX!J@$hX0jY?R#orqL!+<-|eBP*lvkBXn?zGv)of_nVWeVY8j
zHH8<#+d@$>1Wl*feg!QUz5sFN36PMJP2wQn?KlSyGm`XxU9Q@>;Q}q~2~m$*V`l^{
z3;=noWD&4k3LcvTszk1L6f{>9TPXs)8WS9vNM&8J_&C_S<uE=A-GO;RQGWR{M@$oN
zecGQ(?A>?pd5qljD==JHc0r<^n@wgQ<^3rCB$hf0DitHpvmqyF=q6Sean`D%?iN%$
zvjr=j1I1tjSW1V9<f{FY4m&tH#~vfn&P0tgxSus|dZQ34#21{10;FaIVP3+}ug^O2
zN+f2LXB5ue`u05hmVTc3CG%NZt1zplR8Vct2%b#hiCIqV<kOsvyY*Gp4(K!YVs#&8
zm<3VUR<##~)n?DHd~&)pc0w&lyOGQK1I>-Kd6;P$1%)x8L@SmIp+4vzVK<ZC(B{C<
zo-m+?+=3f*ErkZy^48gfBPReI=e80k#H*Fn6t8y{PclDm7#o-Yv0{ED{f<0g>jqFS
z9}VgmfXtn|JIEHzEHhD8G91_Ug6M$By*EhWfm2drENsWt--VVbgs*e4@MWlyP&K7Z
z#jz-D>fEjG1jhz8+s5=C8Q$$AA`}BPgRCI6t3-pZtxtwQNfFo(<z6EDsSnMz4;8Ks
zzMG6;@~Q`{b_8YQLdNVXQmA~R=ViUad*u)LH$REnLDq7wTi>zk>IjSnA?#U$VIvCA
zdhu2yBB7S$A2jOQaD?GuB4Wk3b6ve~X|lQ43x`niAMYN~QM!FXy21Mtj6nQwF6!ul
z3mz83%<83^3{B957Jzw-J?|vvnjw6Dy!Mmw<nyOMryY5FL{z~f&3iT3)uXULu6H8f
zk;v-%Fb+eJ#Ko&GLL0Iga;Q)>f_Oo}9bX}|rSK~=tBd?(Nt0*-K%riIAGB_o{(A>6
zv2o#G2+=IGqrR04pUB`^7r$efdbG_2JL!^$`xP;LxE%!NzbipT)e1U<b|8DZ7Rcmf
z0S;cT3i#M3?cflaedVP+uQ^caULVG!CjNO$khFe-zuOxVIYko3z_MiDFgoh&0!%@z
zh8Ve-Q5ZHsf24#nVKlRqO+A+OW4Ku4R&akCt&92}uU-kU6@g*;X_;ZCjzV9Qu$R~%
zE<o;PNWd~F{f-MEZw(8g8KZW*Nl+}(d(dF!o4*xnq$WEW)TAuVVl8vqxsI#qc;Q>c
zXkMnNR~1eaXRqCt6T^uH0~Q5MBSLh^m4Q@NLkVWS@yEH}OQP0g7lsSWuw$ySdhYaO
z{DQKjUu#&dh@X0R##b6&czDP{xTNdzgLZk25|bEqJJg|SCY3=g>-Y8Zt;(W{eg2rh
z)!0YWYk{c`duL<BWw5P@PONCT_U@@P?c5Z3bFxNgriJFRC^*W+McKLq4aCgqjKQA<
zXW-s$^lA)GO*pg$xFwR0aRPgR2UrZ93MiCtpK9#><*6=Xu)*$U3UslYLLtxXfVVpW
zRN}xwiauq8e2=nTm3n&dp<W}spFbVD68(@7OJWgE$g#8ZxsOd&Ct?(11h{y;<M?bD
z6=^p&mJQEns#=e&8`!)f0j?=`3b3(LWP)iD=_hjSMwKQ<!87Gaj$ur)PtnaaLS;PY
z?nHOKm0~Ep;;jh!#3eZTRtqsqAcn{UHQ(URSnqGHFDG0Uptu+b-Mqewn(s`{OSJp$
z*siTHEwblQD&f*EBwX0t;}v$?UE~jg3Xsk18IAAT3Yt<+<I={2h%v+kjj7T|;XkHL
zTLrtwN_Ji}F|qG#+}xS`MImx}?i9&;NO}&m)gzPadrTobD(~emu0OMUu5gTr_H0OP
zLdAuKpdf`CQMN64#^5qcq3<>4o)eYk8U*R@+8Kf?Vcbc6MVh0`HAv@`r6_@HnmU=V
zv;v%225yJ6Mu7Acp$|;YSmq0ZjR8GP`#enj{P6x#2RVX61RI+;9uZVp#s7bly>~p<
z`};p0NhBpwvZ9O-60*u(S=l5MvP1S>*(J%|D|^e{itL&3ij2sfWoG}b=Q*7BIp=-e
z=kxvj)2*S`>p32e>v3K8>wdpqq#Kc>dQhwyD>ABd5nxZmoQvqJo_n|kFHiKM@;vWL
z>Pt>Dv9=#QgF3mW@NGt25%hETQZTmP!DQ~-S--thnb@fI{3|O6_FC33;=q&xcJ1TV
zeYqMu(`)jU;{4lC6mK7pjmLtY(OF`)W_%lo>;>mAnkrSD>;;)Fyw}qI@Nkb`1^+T-
zzEM9t?EAKE?;tvv2*>n%g1;P-zaPNR{h&di{UwbJv_Xgb0*flDM{qKP=4XgHLo8+K
zZLUYWP}pcKNQWjYN1N5KbVRYgY8GNLw$NNa<;9zkU}L61!!iJ-r1|QITM=i}KBna|
zwwdp1u{MB_fnk<0o>8NLU*j<BEeJv*HXyyU@}tm+T|{(C{?6IFexzGxhN<XDZ$05}
zNIXZ%`6LrsBHT=9DV>hDDb4kvgQ6}Z6>;l>x>b)z%UO~#v&@;tWzQ3*a_9Y3lTdZ9
zI{536au;8Vme@iO((QaY)%+(7l-eT%(8wwvC3xqB+E99Nm#asDBErBx!$HPDX!!$I
zi@V%4rMv`1=Io2ins+JL91g1YR@<;QUJu-#k-Dai%{?W$xOMZjt^B=U<TwrI=N)A+
z_}{h13G~5Wx2;_x=d0PIr2p8DgUkf?uWt=96F3c2(TU1OMP7-2l+urf3Lpw0_)~9&
zP`n4mA>E)4s;7s%2u@j~`U{ht4|`<F0<C(B4q6p4?A@v)`IRK9+aYe9U&p@6d>8kn
zXGwnyqMyzpqyAQvb?#?hZdn3X^3ezwp_}e(E|FOB7I!2oj3M%c)Cck8Ls9B{*O&TD
zC#`$F78xqY&!|t_j0Ju##f`0ADPefdVA}E4?aLLHiBYLV#<yHBO64hNxODW|BQB`e
z#xjq@!;`m3a6z~SjA}*Cu~(@EdMzi5dSza5c?(a#bjFCR*kv+5EF41mi-on1Pu{!C
zR@zJU%acGRUpStN4!Y3>pm&;4TLr1NG%$$qhrAntVc6`0jLMYiK<Io&8RwQa;v38l
zcSW%?Fi}=o3OU5hmB-C)KfpQ{`)_H-bqpY=8Y5}b&N)|Dv7+Ut(EpOt9|bbts}uh<
zrrj3&_FJsvu~1s82%)p5OB@HFj_AhQZG@8!%_YyE1O%=EBvGn`mlq1l>!*43p<P+O
z4pqTqTX@%ws$eF_MIW7uhxR~G%%x(Ws;r$>s|Ut4BV`~dTdej?>oAHeFxd}_V2?VP
zHq<&-2uZ)_vV)E9)K{}w6M*Js)Ls$Yzl%utByUiMmjd&;Y&tw&qBA-Y3wyH2)lU)n
z5JuSII-d|w+`Lc-z5i*0tOW(Ag0&3p7PzidZ?(&bkr5ix(Q(DiZ$rswzyt;qfq~Mf
zkD#S^DiL-wGH6532u}l5Q3`?wf_IjSmn)DLY2vpa5za)m^_eYKxE)C>t@&nmaCXi@
z{_WaM9j=Z~Llolsyg884os7+Od+M^WKSC$c3E*n1h_^mJWDbc%G~yGvT&=5n8atO-
zu}J9J7dV}%i>dBi7xO35g1$b9!ndnk!r&m5m?4|^BI{MB52?LMwyM_tJ>5f2k~#I3
zNO1m`4@;<qp20LE<FE9MhW@8G5YLVO+_n5CAJ8qqpV3PhXpG<U1--Zocy9isulsvj
z$^9ZCchOEbd-^Xmi7+jN?Okk5s0_|4ls(sy^naKnjBN>0t_Cle7sA+d2+gmPYbK^_
zr_typ<vVp;>c)_75);u@p2BhXv-i_)6g&V%`AMA0#SJhC9>doGd$LyiNO=A2z@?_2
zwxFKOQpyUGj422FkKbA69J$y@Y$cN(<7`t1Qs#b~!PcF9PC#)gd;2Igw;n+MC<PfV
z>Vezx4tM+4794`UD82ZESbcrpy-!D~<1aj7G2CCBWLyF#d>9^6n2<>(YMjgr*kh^S
z_Nmo7%k2Pknw$DEIsI3LJYrm_&#1#~MM%DD4Ed!RP+oD4S{CXwyNc4F&p)Zvm-;e-
zi^a;ZA3#pEtglvdYVIMzsE-2S*Q0=NNQGH<ctipkwapI2pX3~(3PqMCDYCC>Nbc;4
zF=YYVAUQXB<?MfNuJKvfm18czA5YtY)*Yfq1hAASippUn_RX^X<G%DgF(H-vSE<qo
zbo;<MI2lc_n->Fj(_+{QEyWeB!A9ZH3wf^5`zOL)!pzk-Q*~GJ_&EtJjs3IZ_>^{=
zjlZA0$~){&%5{69ggQT@GD$G$AvWtfFO2B<>+bJzMX=9V8X>&JR3MSNd!e|j<FiTr
z`(FNY{T%L~@@|QNC7vsd@V=%YmFO5D(YO6`-|{G;V9)@XaEqS!Z)>;t9)>scAwl>`
zFw_mEdW_-Si{x-rvVt<54ccMsP``97x9K{U$J9Y>ECt|T@Te}gI!&<V#gl(ML;m)q
ztDNpAO~(#sV>gM6LuGdxtOTBs)7EeP4U$AYBp-6INwvSmK8nC5EK<(rb@&{uexCzi
z_+%8QeV;nwTM)vS%uJ<}GN7^zx>Vo1wM779fQ#oqoAwX}e+)<G$fvw42eQ2skO-xq
z+x~s|!Rdd<IsO!}Ka17niNj5kNY^-Rf99aO{^ykN2qFl4hXwhfT-vKoe|v)Badn{N
z);Fz~OYP<d-cRwBJI_>CPqLz8tln}5A2JfIN+#8OifdkH2<aoh@FZ%jlcx)Wn_VF{
z<gT43&{_D~bNkbELG7|A{S7o&ci=?BVq6VTkYT~O%+x;mO3(Tq{@2qG=!yAH=-vL?
z-9CJf0P%eq5T|pDlf@{_LQicBNPzFU*ZZ80hVFO=(g=VtguPHOGy_?*GX#9%ZQCb*
z-bVjRN_L#p9o1J9IvB_yOsD}&tU~q~n9?B)2f^(-d<1_kmyRFbKD^?+F|M8U-UmYZ
z#=yf!JhXLLz8ed0p3G2}X>xflZvhJp!%SzxfyGzS$TIT6>xESnX1nT0=Y}Wl(f|h9
z_dQ3p3#0<MOI0q1v>!uxkw@?h9a?T2$kC70j7=N!1UWx~`CMHn{^1(_cKs*N&!Hn1
z4DKeZNVA&maZOcAIP+Dfzr2B?-Nx_BA4i}sVP)`2bp6m5ubkxQhq%Js7(e&9n#j?9
z?1*vXeF#`=;1zU)gbu~Dfx&y2UlI)vm7bo3-d~Y|fBKTY6|To$%|scv@F}u{h&2pP
zK`=nrE2;#G%C}dgdx7R5svu!)veCvbu4%aW#XaPn#l!fyJp&33YR<0OKFQXvu3m-$
zt5+~Ez?rHo>;QRW?_csmE!Pf9QLq;nstt<Ssw`Py^;Q3{qW*P*AKyXqTMUa7&b5rR
zxc8o6E+28z3d0(%mfT<sYOa4^H)l21`c^+yME?<bL4)X^&3J&<l=nTVHZI@%n}b{y
zj)$rf)iD)^R@fN5?4~v|&-l!$a=*ANT)OTVHMsAOaQP?*FknifsamNiSyUz{==C7$
zi;RfkI{x~<MUDS@$$!7Cz$~muV)Imt$d?Eu-TFn0c025Y-4b(~=Vv%pGrv%)XpBGm
zoi@Bmg@%1+X$-e2$=ox_el_SxFP>Z7A=df=stdde7%0g>BH~*Pfp`4mA3^#5?`1XI
zr)YY`y03oQ#C;05gIeYKt)Ds>hAz@RD$6*$*5JR^ns|ioQ~2QJe~R2(IoqlGRZ!aH
zd^06&ur36n`xg*74;RowG<0sNmvzTjw9?&wEvf&vDDd~^01xUZ^=}8rtUjEp(|m{9
zZ^{8Sly*ly_1@xsJFdI>gD0>z5OVVXFYGe2mlx@R7Pi_k{}#Z1U1%<tkix!M^+M9`
zHg&V&FTXn*<wF#WlX^$5W>N#aBrCO7j^M4{Xf^p4E{s)tcQ`voK)useJOzA&p2@Cw
zK4z^adH-;Ye_ew2@nPU#t^K&y<#vQoe-3g<@AFqp!T%s^GX1A@_${gJJb>JyfgWDQ
zt&$=CNeYlMfRt!z1PpP}urO$z!x<e7S^c9Wv+}7+y?Kvo>zoa-{`&SPI4(4sgM#r!
z?_5xZ&KbTQniuWER)g;^|Ncbzjj(2IF?Y94zxEYpWmms)3LURG4rARc4OB~Bm(nn{
zfw=yDM*AV*zXeYuEb^C7A3-sJ-8<wCvy{D{$tucIN$N)EJ0L{))NXliXZBqx)Le#-
z2?+Qp^6){W>AhWhxLe!3iL@t?yl_&9bn&lg0#KDK{5chtm7!^hi_IK+F5;~^o3*A1
zZO2`wfI;r#>tey8_&kXZVQCfJ9Rxv9(2Mab8G;cotYBSTm2bWIx94&c%Kx*&R?q%+
zgaF4h3aX0e7pHKdU`Aae!1Pf_BF=a4tA6JY^7b}p^)@YzRH7z=09{--+!zBbD9O}Y
z8NU5>-*zKZu89k%EV_Rp`2u2TVB!x@wF&6TOaPvk$M+D4&WDn7dOF%n=4%uY5xOS2
z&pER9F;A_>ro4W<WQFh1Q2-~!veGzI*(Y4zbAMSz{3W!3*Bc^TOe66%cDQsUiu@>8
zzdp9TiT8VE708H9@wq)L%}WHLC*3vJ0L&3+Cow%mfmK;(52nHjY~1yKU4(!6_}^pp
z(<np}r~?f?J(q)R{X*TgONBN|YHQ1tD^al8Xsa()N85rv;8y_HKFp}D4S^3O@ml=h
z9_<`g>`5feX^-aU@+W3*MSL=*zd(UgGgxF8T)YLH-U#q{j0SpA!=l(ptmGGNFDK^X
z-UdGf*NvRJ&k_Z_<XNmr$ligOUvBZ-pyh-gZDa9hRWl<KKb!YoP816a_h*cq{#30O
z2MwAmFzhd3AD=KK)X$+dCn>l2n)vZN{Rsi&ew$k`LPE^C69f!!pvu1uHAP#?BkiSs
zxcNUn9f}7R0<R-x(jCwWG@O(#1t7g>sTMdn2v%J49aLM?lpiMP(qgnPF{wwqw{G5E
zgR+qY=uZLVeAt4}+EBKv$K{AX+9TrK88NEBDDSu+M*8+WI}090(uH5J3Zy`qp)PGD
zeU6yzhKk49OIEN>Bk4Cs;atzNXzRaxD%#^u_svgE9cc0?Qs!q0y-9!G<1vc{;gCqN
zJjD`-2fy7XaE4en9DU#zU%3uIkde2_2P@<*<t35uC(4KPLh<_`WBSj+|EJ&bZ&K$&
zJF5+Q4a6QSQ1r%aLn_Z&qB<1>jwxCB+eO|0a{BOwOMY`hI~k;j0)I4PKLP4>|EUoB
zkJz*kK>mr!%B`TE3W&XL=83jS>VC`(U)n8bB4>q=>6|+S>O~tcYbbg)_<0X<sW6Wv
zkfv)RpbB;hl5#9)-h=j4J7A^HSX#1%EtXDwX#Df#f`;s=q<N}>8(lcPaHRdOGrC6!
zsQXQtAMk;Xu1R}gMD2_SA5#DMzx~_2&r$q9pjikX5fB1Xp8Z1BEQrWkNr9D@s+b`k
zrkcs`j!yHq#%bV<U~cFRm)(zq3}}v&!*i*hzIv<!wcIa<M%4YBULL*V4^)fupHp5@
zFN0v6ZqiDI(j7@u*`9sr-UAc1$6wOv(c?(QSl$YmKywH`=>}Q}sqNaeQct%Y>_1mb
z4~6UQaK2CLdVN@OpK$0IZD-$Q?oI4<0==OZSTaVLOlXbASsBG8v^0JN6D3Z;+F-o@
zW04;RLU%>{U%<j{7rCr)5fx}reiQnQgK!oPmY76mt$>uGT{m3g68@7$_WZP;;EU4^
z!+~a^gaX3xooNU(PxH>GT6|sTPV|8OOfhnP2S<9>;E9vCLkF|7na&bQ=v*%OshiOy
zUQI-Hz)zh9!T<-tW{GhGy|fuv%S<x}<5n~xCmuAc)jBL0N)v7x0G?2WEzXw@uzR<U
zrhvHVbm(R43n0kp>PTbLb!>Zu5^ep)A}fkLS)yOEw(`#Z#d_pTf@cJg_1jMG564_e
zW<Ke|lGo?<inRGe!FRbMyQVDi>d|9$uM*?0wVU6<-@PomKaoDB@-M8gzdT0%Osr-`
zR^<Z37gBBcE%fbKp<{U);pC)_<!gBuf^y544&O1gRTnWKNrjUn@hA0;6SRnehAM_J
zjls2q$9viVLUIR4RwDaIt-SeDv0&2B5U5t_o%T0SdLUh!&dkcS7-5Z66QiF7ge<BY
z@Nxx~khjfhrjZbdIS>hW3-FJOhld*&sq2U^(92`o6g)Ey9|+?GwOuH<cXY^?Tzm40
z@%uK<*JT|NHoYv|6fKrP(HKJ<)>y&Q@JQHhJrVyS!NQAhTiYVQh;lFJIXYGTZMz^(
z1szYd*eDcH%cx408%oSl3#7)}-WTk&fjajbSrCO0z=UXexC2kYTwM?Fyu?Pteu0!R
z*bk}MxUJ_^bDc)JcYracYY74zTGms*^l|6J7FTsZ;{V{nAqV)IBqE*ccF@ae`Q;(B
zGS8-@>rkKYU^QP9_z8Rc^l0E{$E)dFqP|duus|wb9<^*1bTj(PY-d|X%9U!@h&&yc
z>O$8qm2C!zHlM(QME}KIV-Ie;(^nY8Nod7q3R?~iRhLmR1*wfMZ95lTt`&N5_A<2h
zwe;xQd|`?jB%@h4j>HsZct6gttw|`osWP`Y5<O4SphGpw27Xtu8@d6S%9Q^aa0X-D
z8eTf@tg`?jQ5pv2fW~j<L>qJMFaVv*^Q(|TJXXk2E0&E$Ds6-ntNRF4bs5`W#wGMU
zN4@+rsbxFM{Wp9d8EvCvm2Wo56MI7*wx(%w7JIN^djs{D13Bm{P8P?aLo;0$TICgG
zBa%qV8yuv~kPr*W<5h)BMY;vCnNrzA!NChcxf;E|bumJmq?R7+>5TaNbQ5nXCg|FG
zJ0xmZ^tvw%Gy~Islot@CwB~ROY2G$}gV1oEffLx`X!Tc%8!&hA8U2sjm>8=VXkW=#
zeOXhH#n|Pi{h9*3g2Lp*nM)r2p}ovSPxCyU?(%G(BIHjAvZqJIw_59N6}(>^#d0`o
zY`dl8DACXPGnbF2<h+CHC(D)7WUL02i_MIq>~m3tuULO+xN5(R9<A-NFi%wh8&(^o
zv%~2V)lP=TT?E)joTs9qg0=A@uXWx1ec!r2!2o>JxH?_Srv?L2;^cQ0z4+6?`d`0&
z%HocQ-V}4x`oXb*?uP`}DSyYm6$gD*(XsHfYj>V~c>;b{7m4Th*19;L+b8j<dw}Q&
zZ1U%h8~z2XDD6%VD~Ft!3>x%&DJ&6K0v%1?df$HF9Wj2;%kGxUg3&TB>;c(zjyCc~
z8Wif#Wki6l*X-)KTs3B6ysVbfQVPl97ZhOXZ`)fIrE4vapsIbWgkHM$PY_2(Twym-
zoLvLG0})qas-RQEym3?cFYw$LL~s!3yf9CL@;A)40ys(o4<PI!6;YBV$$T%^!h{oj
zU8eY82PD*X&@`y)B!9fm(R?bp)lqoj3$*keCP`{M>I~!uqM(^I_AsJ=;kH>MdKy{e
z&L2nptq)E3#S<Ks)gXTAEGA#O233KtG}riXxNVfpwKbvC<#rd2NB#6AiDmG$t+D%R
zSySlEPgS62dcjaHgR^%VC*r{UyH$H1vnJv^G!SF0=k>=+K*K`n_`a7(_-JlDN0gyJ
z0d&N$2qK`FfvD0jFuW`=Rq7P~5|;n?fTNe*jvt5z#07`M`wEdwE)ZKf0DdJWc7#AQ
z4IPmCbC|VztCDL#){FvhON>nATom*aSuOgcyu_J$q^khk3cJNBE`B3x_!FT1Q(x7W
zoe=&8w2{x>j_DUAg_M}r5(+rX<?qjKr1b-{<tsk*4mMdWa8!}5v;t@}Ex*6!Xr#Va
zGV`{11(4|c26vYk2~_qfms-7&iiR#Ro58or%YGJP4huQm1xFAI=Fk@CzMgLMb8$k{
z1E&q1_g?vMh_HhW4wnpkEX%HNSv>thI#19s$KISIZ@<Jj6I_@x+GhQJHCL=N3}z$W
zfr&~16@6eUHe&I98-yyaHM3FHH0~vy*=K&n16j(zpGBup^+l(ZNao4~KW6Hf0bat+
zq(%Ibh-t<&<bBv*13V{TxyhjJT)B+S6~@mdm%8Nd$3)Q-H+u7--TN1vu!%WheJR)<
z8f2)uzBg{Uzh5Yy9G;HHa%oI)iB9QzgBo)aC7!3-Qnm??@sRU+<%{K%7`tk{NX}lm
zhCV){ixvs;6zyj%xIQ0Co87Z%zU?`S8sFE|X2{xV-23fC2J&FvXwigLM2Hf8XJ<%=
zB1k@Wg(UlI&t;m%h$98Zd{`*69o2i&e-Y!m@sD1kxX_;xu1P#p<Y@|qA=20wei1Rt
zfnXC?gkd{}g`EUmVO(n;PG1!!JNTmWrWivTK=@ZT9Hg3d*iswJ@Xt09;Fn6c&7Pg2
znB*U-bv?B6wkQrwD29?&YoD4I_>Iw1b@LY=w-(4HwZTH|n!o;b0eqysw|Y1MYi%0(
z;pbn|HFciCxulvKI=TS``)HI9*9{&d;!f!zHDb{@Y;>6UU;q|bp0Xt1a4=o?$(;Ke
z?GFeNV;_Y>fu6wvT{I^tJ(yQ@$D&dl(Bgg@I8+B*2wS5KHEe)INjVvmUOftomJ3bs
z9A<G`OGUjO1KRw4Le5>hd8H-xwh}79)`IKRs5MH1B{E$A0Fw@|^u?RLbR~W5ka&*x
z^Y(iou&+JM8E4*ihq%;g<U0Nk=c(xmA1h`$aPHLCw4WjzGnp+%X0u^he0&{#a)~mK
z09zPeR{|%2KQNM@i{ALCT6-Gcwv;}1F=eJ<>t~^G%-l?1hHJ>&S_~G8WjGn@F|HXn
zf^`=d=F0s7JnLRT`&05Zj~EtyOJ?1xB>DZom!&cqh<TAnE)I&@ndUPJKVt-_r9wH2
z-+?A$;MJ+0o<Y@_19x>A&oX?-eAyzQOz^LPVNo1GqDwptY?9|S?s7dWF&*J%GnLg+
zfA3F~PQqi89m!*B+LuU`8C;(jbAj~&{u@nT3fCyGL(UGQqS0*dx@&FY6l$t^!Mt1D
zBEF#PG7%)n#G>08!h%4saQ3d6(1-Jtb8+KHBXYXt`*Ld%&4{hInlqw3f0e~LiBI=7
zYXWAy-eP=IQY0MOSq6bt!;8gQO1lKQoFv!-R&j`}rnNn|5O;uvd~x0ts&3EGJOm;$
zgw-a_X2=mjG7AnI8v9j(a%5+tw%+3P&soe8-bAI#)faa`5WnIl4K>wj{yxuT>QTre
z@{MDovf%HPYeAb7g@6OGS&EuGogb#AIiG*4D`RrS7N43{1LbVl&fsgY*Thrw{tj>f
z(ct6Ta8LQB>0E`FmDwzLLA^`v9CtwR`4PU(8gsL#b9l|CFp~UkUwAtGf}s7<QTB6%
z<{Rzj_WLW7`hJj1H3&yUj%S6<9j8X(bZ8h+be~$D{JzUE(E)5hyl6^{CxN3ihHo@I
zfS5R_E2T15%wA*F`si6!vOp#j8}GdNkb&~SpG)=QD&`OH>pcltp6_j?2`R!GaqPy*
z29@|b_nSj90(H{P(6wrPo_jwVJJuC>yWcqExg6JNvu1a>Tz}x>oF^mZwo2cKBttsP
z!?a6*mC5nDNzUp?trxC~M&MIRc<$^$$95X1Yj+S`%@^XBi6*G`D^~e8xq`EF0F3_V
z>4O|1@XX?SqNsjYS0oP++`o}&oDKdniRIMtq2FYCG8Aanx`obP>2L-*p_)mo*2-hk
zFpImdsVZXmTx&8A6Nm*^pr(jCiI~BlM)afHS6sQ1H#kyBBgwRp3EkcCQv>t?J-Mvx
zVMH5{H(GH8IfyvJ!CwwWUseW-@J=@qwCS{RJcC99C9^hZwemb8fTs2yqfDmf`L%6U
zM{=`7#i{GmcmW(q=8`k_Caj-^VyVeQl@41-wlj*W?jd6mo&iWRDT?lU+w%KE-3PyK
zDfdO8I)=|u{aeIyqgsss;xg;rp_pMdMBs*8+hy@BY+a}0YT~`On@U2<3j0G#@`&HN
z#(UW5QN<i+xs!!KgMbWng?_1Ov8ldw%X(fBJYF&#s;n23uZzhkF*5;WYRcapSZS)E
zxuLQuv(zADs~&fzqfkMAs_-wnJMcRe2>3o)Tr7Hbgs|UV(m_CBgcSNZaizBwD)m4d
z9eIzY!EG?Tm<Ib5R^-5Zb(wi{DQD{fb*`j}xFRPgicvrC_2_5hff0(D0UB$#<kMMe
zFU0`C&etxKiQfScS+V$NRT3<&&=jlvfXo#!umk$kP50zNaed(bNuzQ#80C^}_vdNN
zQ)AAvn^Bb*(WW6o(tN@uF6s|;CbTw*&(7gKikY)kUoWWyVY9lnR9>^v(v*W;pPbmI
zyB$NpYveyh2{dP<rhKbDN-fD<ldQfx;SYsheT>6=M&cXf(1<ZLAKem#B;ZSM>jycR
z^v*z!MbOje``wOB+!fP)l6O5bcLdHMRvJk&4@E!LcgXv`=F<np1)S40Q{tI30WOQ(
zma;ORK&#?A7>|k9%!q-fI~~T_!h5t=xjgt~9GUsvO-RuJ29(jwcNgXq6Yrd6K=+O@
zcQ2GUe&N>$(!mjU_K8eJ--m5aBp-9H65#I-R(d!{0u~?n7_Z715#}qRw=Pvk<wO)P
zil26XVR##Xgowzg)vdFiwgi>qlI<R&8UMAn;X_HK__Zm^$%iQ4DpT2hO!%sJL5PsG
z=sSq_@@qW0=DRC>@bMkI^wh#hagky%gxMULy`t!n`Zx4{0O&?Mvy0yO{SIF-K`BJ%
zvYoaZGuX4aUErmC#}eSKM)leT8>3xFe7%NR8Rcf$7&`mxE5E(Kk%HTHY6|64U;(a9
z`kF-g0D#T1Bx#(5Ktc_xoCAzx+EJ6L69D4U^10OLq|Wj7{`ACQ&Z$dAV%>WK$10Af
zHo8&5T7ddRHC~O{l7VR>Qpf+iBoun<J>uGQP;rjRtypNAi_4e(v-y$})PvKXC7G>r
z9;4FKP4_*sI=5_NW1q>%q^2+)a{)}+aXNdyfkX2xAWmaB(>JvM)#($DzxAQ;MCymn
z)^C~z6}Kdd@<;5d1&ufEqbzAm-K^aBF|q8tA|04z1fA0;?wxFVa_0D5t`ec;y-Ic2
zDuXn*klM@tCF{m{r4JX*?rZDeuy5$Q2(*QvPQN;?qA1RRrx)4ac6c3UiHO2)p8+RA
zh?^_uuwDnzjD}wfu~RG_iy<0ngPuY=VtxfDP&*_u&y+GYY8vpmMys&*k(z5(!~<!0
zcwYhDKJ_Hk@oDjoy|F<rw_%J}Z5F>NUNE5Y47UYu70ZE#`sFbg)t!FW=i^=kz(L6h
zj0+B67Fxchxscr8n-Kun{v-5z`cg5RJ^1%%h+EkKdExHUn5Y02q?lFvdS@Z1o35M3
zlF`OIf3XpesuFX>*ctzggQd8|+mJfc9FZL)^-*Hv_Ec;!3h-|M;!W^1#t46l`({%Y
zoL+qEGpEVz>hPV1C~d!h|02!2RfWw|LZ;>P+435r$7i^n4gf82f)jtarMTBdjFiu%
z${un=p`~g;rMxd)+nwUvxv{*?JE}4nHnXG>>5pLk)7ZTc*w$egFCSA`JZ_7%{PFEW
z;y9FKv-rlC)#OR$y+m+0H_!*EK3qEo+>9bXaEoyLK7@uB3GKsSHJR`=nGD0?Cfe?Z
ztK-S4wRoKe)HpuB*G!YD=$%_@DI!JeeuIWWR|xdEvzEc4zXe}!NKo1{a&Ru_3FC3h
zr4l;fu6KKV7U#Fac8(??c?Z}O?O>kGNck>vS_U|UpuJ%mQAl%gqHgE0n*HXWMHzX2
z{e=Vo8vgjbq4Y`?xG9&38o)g={fs$4>C%98bpV$=vONSQi2n;Xog7k!n5;2X%qDe5
z;2ZzO@8qI#D2hE?6i}opfY5{eW^NG%vuM4u#a^3gyWC@cdjM2@D<v_+;POUllxa%<
zj=q<&jE9>-83IpqT!DVeyQ$0w13NGMpO@SZ;EYg5zy0V7Q66V+r3*HZerJp!_MO;I
z^oY$mV#h7J_ViOE{@vCqJ<-uU)>=LoZ;kYQG#g)2-7fkH?xiEhv<R&<5z{Ce&1Xl<
z<IQ{4_$d;%)Y4@WyUp`{4LaslZN>M#y-kJ+@Jwk9A7nYQvfEzP2LMqtX+WG(?g#Xr
z1O@vjP-{TD%0^GK5pTXB@b2-KbMNub*Fuvv6=GzfUQbzuT*dNR=(I%viK)xB8ehA$
zp#KV((Z6iFV$~W#Hx2Vka9_N<gTP&T!?z3H;awB^sM~Y=CL5&dGVUwt??=lX-f3rg
z%VM4yZ>$&SN~M2UHv2#3<rvhm;8vodp#Pa-mZ<0t5R4nmjD6J3?!IrvWKqxn{?mDp
zQ~DP7;tC9YUl+&U@wY6knF%8#db5I4;+GY)`>2Y9^N8pk7Npr;uo&sx+JA{4zk+!n
zRiIlg23k8x{D!U=p8lsYT9!t{1#!A!A=lD6bm1{@E(or4&VMJ2^YgO}5ciNAb^!HC
z+3+4y?ViPTO7)xOsTS9P!~TOzZRX)AhJHObil>1;iBp^f1as<%!s}6-tV5*peBkRI
z*qaqz5208JFzOsbO}lZgTVjm}kxHuDFz-J41b{2QmQA1(M0no=EP46;%L)6;(44*z
zKk1LCl@;?e@2$U8Nv{AxxMkxN{jweL6PZcz88tRlx$*dAFM}WN0c;oM#_@T(WY;eC
znvO;v7$FtL7%%x2VRkT|*5sioQ9@JZ`7ICA#u2UF?PKQ!ySn`0#4X()NRIATti$r1
z6T{*RTHY;!()JjOX;s?aw+Y1-!Sf0SeOh-t(T2!PK8a^6skqm9+?)5qDR_Q6e_@k?
z57YCm_KSwoaH397=0iV^!7uYnDHJM&74(Ve!e5}aG?f868$0hp{0a%p0|YigpbAnV
z#AymCLSQWspj6pp0^IOFAgollx`JO{{pKe{_YbQToR^Y~G$im~7VPcZahRGV!a$d6
z)D`KAU{#?N2<WKPF>o*GG8<5kjg-(Hi0lDCDSCeiX|NjgXHwplKBd_BkMaGtRTL<M
zedDogt&1~io|=Cb=6XbT2kbRST1<r4F%AaicQ1scn}ctH8P^_}{p4GgG$>@;-ny*=
zux?&ljhJmG2zY33zA61M-=C$y6g1D=B!DdxE93Ul|7(S{aUl#ulMRPvRV$)kV)6L}
zjfoB*5I-yD;r<Rmso<9gkY%tSzCVKKyY;K{ol}y6l*&6%+%|#Ub7_wZsLWG4rx2k-
z(bd|(1dxH{CJNni++?$yZpYq#h%W0ldC?^|*x|C$ObwI(x#M7dK_Hnwubx-vZmHgp
zW?zl?+~u!5E9C-plMqwR(7PDUrI@Z`f2#WGgPn!xcGfO7SWqF3nSfjvFy-iiSS<{%
z?@H_1eXKb`J$jXCs}aSkuM;ivjJd_dBNp%04yA1_;I3@LbdcX121$%Ay^bbMSs?%U
zvSR5JBXDI<Ew*q|O#0;5ZcyhDVi1~805Od7)Oj_|m7SUN-X`rMa)kX0x3zowi>s9q
zu*PIqrh!!an*Uo=ByFz!oujsEb0J36awH&mK5~RC2=S0V75m1|OpM$h-yUtCj;2C0
zj3qoxI1fJqNwp>Tx4mGcHDsziqYqkRxg07@e8W7qVIE;UK_lHt(l`8N;4c|$Wk18}
z&>W?u9e_@3V{v#|q8EqZDa0(i4U`RiVPc+_8w@p>D&K@H)Cmph2an9Ebpdz9ACTFf
z@}~Qcw5E&coI4>mcdi;M>FEKKNzbT1><iAw&q%jSsxmk1!N-c~K<nwwvm4AOl@j83
zoh!J&(D!q-bmP&%__y%&+ah&;CeA-ri2~YN@q1|VGcFb;NM2>p_Ou5hP#7xUT)8@i
z-<d&?D6B~@n;!U0-X520oXb^lRzdI<VI<(PDM|+NCJ*jyC_cUryNdamnEm}3CUR&m
zChqy3Q39+3^=zzW1R0oFGq#(R*Pt}_D_7mP22AoldYbOI96<jRhoBL2{O*zTMWy%j
zRi|#N<>A57N}?)&#zdDrM%7~#zFd)xp(_{$y+S)MtjX^9j1A*&wPbug*O7OR;TrUb
z1JWBDAk#V<Ep+ZxtMm}+HL)ERrv_;#E!Rrb+Q&_X#K}+<O~V`!l&8g0dSwzuQ>32_
zndl>Fs;AD-no;ktcA=Guz%$3f#)<7rMB2nkA-(6SFE89>rf17E=IuuXSd^65^~XI*
zQrEalpUJ>74X~{<PV9V4v#uqeumko#ye-r(YuahGx2cFoRL`KgGE}ZTslH|6GhGc3
zt@?MdiD_Gt*+RwP>zZh4+2+*O2rVD|iZ-GhkEk;|;eHnH`RL^`UA+^W3db)h@D|$c
zR@h>av{WT$??RLz4&nP(-0b75_r;F$S_(X`6U&k6<giF>C=!xmg1!S>bEb$?iLV9#
zbLX%0gH#_P@f}9#GkY)*zfZaT9$}FviQ%k?oFL!PK%L})H4w^2gPU9w0C&`rqUjh>
zK^1RFX_c&PN2~0WKdXe=>~FpYtq4Pbk<U;%r=09%$=9`xTc+>MWFdz82BdyC)ZY|l
zbx#);io{zy?PICUEP+QJkQc$+?e)a}{#5bz7=<LMYK){>+IJdaFnTF)t}jEOeX29=
z-q#9DMXz5kaF}j^15UxlH6Qwm4BJ^46=V|a3%c%BjR;kt$i~mg!+Ri|cT}Qvo;mG7
z<xpwRHwo{riBAuuIYuttc^&kzLZw=8G+`l;>|e62Np)}{iv$retAioSTUh~qKD2n-
zn^U(y6*b1sMKvW$6`*jT9`P=22Nl8F6p=+%Xh$*V2j)fqs}<3%I{B#ll$oMut37ic
zb30e_6HP2r=w{u{A~^CDuHI|S6aSI6=b=C}tL~{OuB7>)Q%3|}pBG%;m48asT4o96
zB2cGljkL%k6M=WrR?`>v8zM{UdLC4z8H;?Pt>!91#zCk%%%vnU+K)U4T{#=Xvl>T4
z*sdtkam67`X+bu?aPQa8Tpj$}ovCMwqOByG3n=D3eaM@UL;`1jaA9@!B6sS}(9bg>
z9_njIftni(%v{ywOehBnJAF8)hz81EUurFARqDS2{XHu#Gy2j&@MKjX!Oo(tun}cL
z@GvTTP3YhmT&YkFab2r;!;Q*tY-*82=|W5RMM4@b#`}9{kU}3^EZ{$0f_E|A2lKNo
zO-QM;mLD8b(3-Q57>dlh&${u21A3dMFcjHU?@KCG;}S~<x<LAq3e1CCrp#;y*lJPm
zZ0^p==GvsiSiGDnnVZ2&FHn*jjCKp{O$&;aU}Nyhrb-NIwGo%HU+dtg%v_g9-vnKZ
zPmWxthXhj?okF9vRLgtB;*%;_;hNHfq`n=4pfPi1*@AScv8EZJhS@3${$2gs577np
z2YFAAZhuOF_Lb;IMJ2=!(ahOLX>~a7a}IHvm%_rENtwu2XgqOZn?OgOs7Lzqpz@3p
z<P6Fpi^4*o<r@<oWG%{hp?1oAE~uZt4e{4BjRYfp!M6UPkQlHYF4Wjp8XvMBn>$qU
z8eY-G)New}xwcOKqvGeNAhdtwc1BIYY04iyPtA*szz<+l)lUq)7x2C2#L7<+W=Y*y
z*Qji;v5=RtZI)K#iczI>PkBk7nV)QN3EzAh`wq1Yl2Yp6UjA9Oij9xWEustd_kLp3
z-u=W>w}QLd&rM;6eqC+5N{3PgHwoFV&`5gtQOzr!Q{j|UXt+XRCs1H22N-Q7xr}za
zhUG(f6n#g)HCLl!5@QfX8r8*2)?_S{LJgkFYeOz_N(Aw+=BD|XcE(5)XKGrJZQ$I9
z8NS9)Poe&UEZ<ZzwZgKmZ(EILj-+5X?e74l9k9Npl}gr%GYSP~4O5ZDr;7|}tm(G5
zR~%U?My)mIY*Ujm@OilF87gpF8OgSM)zM-no?{0?wSpg-rV_*O)8Q`a>9=4JA*`nn
zCqA~HJ*m%qyawe(>kc^XEAtqnD#grMb@cH)T?93QUg{#ZHpTJJyk|ihW-a{LqGgEJ
zJcWS(H`LWtElehl1jVtpsFoEzD-lY^CSoXpw~pXdXQ*G5rzQ*%F*0}3uf5M~ameZ#
zTFaC#2<o!g<J(-u;LV(0KK%8D`oeW_T$YFi`Y(9lZiYGpiEK<yl1k*%)a7^6%kGB0
zB>AGuC~q>Nmh<wOwLp$=4zamF{1bLuCC`^Mn8Fh6@yP~(cpfai{0YL%hZ{UymT9&$
z!R=BOD^J6^?5n3g1@X+pt?_bjPmZo^D=8{A!x&1|HL=~?0*At7=;~~6r;Oqa6sU4!
z&$LHgABs1F_IPOIyM7pYKY?9kNGP{on$f@Bm|<2X*O5))KQi*IKOueD;h9-YW%)d6
z(RpJM;l4%GrS)5-X)j=wuHf=Ir+)*c-Nli9PFXxzk8<Tu=`6F6mWO6|3n$N16uw{S
ztd#*Ymdm(V*%r6NH2w50V>(B^>(5t@F&xWK<_F~5-9}L#7Uh>51#`MHP;c%qP#D)X
zuB**w;HNJaWpNz#YoJmpeWca}&SlAGZswhD-`mJ@-8d_D^<{TWk;JnH{ap2O)I}<<
zK1Sp5pFqR-r(e_wyI~{|2k#=&S;9sBbr;Xk@aGi|qv_|pWAdsuqYPwCp*LL3{o2$Z
zBl`Ky=;b*jeSw;mEpnMaGuG(0Mn7bQGL$#!kbFJx8xC_7-ZPHrGC&l2hdEY9_Il=p
zyHd6cvQxJ(-*C_0SQE2Gz4UgtD!6iQRy6CL*N=7X_XA?pGab?TJ3Zg>Ov?<}$0UN(
zBIQ@i4134EX6fw6Y{DqI;K8#Bk8Gn&!RS^fWYd0oQ$bet$sMbX_I9?%pLYW{yHiG)
zi<Wn1@BXH<cKvDQx*LshZd|@3w4(9QIEAEgexD?3uCM^Hv7PA}XpG*hiK((7clo77
zP<FO&eKgZlp65xO8<Wrcbh5)$Ga#jC)TFx0IB%v@rbf@~RMIZ3*lF}a*EA|KrG_yu
znq=&{L#_Hs#=^b{?%=%jVpkKda*lQuD&Lw<eZ@M95!c<|Qa5f+&Wh!(>(zJmGX7*o
zkA6a|u9b1#-#Pv~ZrY2iaVcY3-2MF2O3Jz9U7pv(GU}aPC(yAd+~614d%?!=!ghq}
z&V1XBdzAHfUb?iQL3k|%JW`}+q@yMYyNi6NHX;DQ6e5Sx#x!l5L~&tpF$8HY4mYf;
z81`yPTL7myiD$s5H}*xbc5(?&iF+}=IemrTGzB_Xw#0^Ia`bMJEC-<hqyGMW3+RG7
z9z65n*r0(y!kZ>)`|{FkzfuY5_lrRpB?4)vc^>oj=<q=F7XZwHf#|hqhduk+Y>Z^Y
zfnWo8HXJLxBooBlg;Ar!y?EbX$k)XmpFfj@S*Ja9?2Yaj=n#xOWGo$?*s!L}Bg@jk
zeL9b;F%~`PP^e~`#|u7M9m_2a*Ec=R^WJJ2ie3r$h(>G5Q@3?kKXfQ?n(U&)<!Mz%
zq5+Oy26;~Nc{(E-k8C@NeFPCwY|rVlY`zO$*Bu4x!-uRmw4I4Q8bLW0Q_hmg_ZWQM
zcfbc$F`@n!_tCTc?E(M!7k+<igA~DC?-!entktpe@SJp(N7nD$om;6o5PS#hqm=U6
zq%LBhyv|IgxGRjPe>Q@~ZYYQgqaAUG)48EI6mhi~yNZlJOiH|j8|FQ<&Kt6_e+!q~
zNL;#lVPRq4Cd0D-HM#3*aC|e24|lwqV`^n|s%f2f-2Vz|RRF3kT9d)y&;-uUg@QZ)
z<b>IL)3%&JFv^4sU}^#mw2uYA2N7e&DI(Q*<BqOUC~M%X-i8tO<Xwp$I7a#uSE_$`
zlP{U=fw$r$jI@0<xYsw-E`Kr)!70m|!a_s)r|uG;7}!mipRY{JHqFe~TIi#U7#J9!
zaj2DDD#A~#R?9N=&x&@K-!F@s{x(_s?mJ2%wI({*h)8~gFf)S?W7*WDLbSp#)8%mR
zQ38L?O7)kxJ*$q2tOk<o=w8?o9dq{#M*KOy;A(D=msJ=gsLUiUNC{D>ox;)+U1()7
zJqkbhIA31TZK$x^SE-L25DJXqEw<^O&GWOEqeK=y@?Q2S`8V1RWM^Wq8cO+L)NXiY
z0R4ocPPhDL3FjU5tnJY!y$KQCH=G~c;)u2iSFFBoY_^H(xHv9#FSVdR?qKY2*ERKh
zT5T#vW6|dnLiIIUf905>)1yviSWKWUU&L~PYHW8z4!$2)Il(Y}y0}Tgm%Ecv$UA~^
z7Wawso9emc#)_}c6H+Y)NIq?*qE&&HNkr{u`f%ci#f-VvO1Sk0Fz9<ND!5Y%FiMTR
zoWSIj>H9K|c^tH>-)3p4jAaHXpOPK3H=OO~xaIKqK5b<5RJCCfsinWlFIC&U{YH+O
z3l=IB^#uoa>y3;;0|TEN{DRD>4MqljD}69x^3e9pa_*e81ug-ALkkY`LYKK^s<971
z$i2=v3bR|IG@Lh79Tmh}(Ix|FyGZ^itpE0RNfHT3Ngowob>|0rGa)4NFTcP9;d*g#
zand+jPD$EK{)=FTF=5xnoV?^@s<o_xSnv3CUI9tTSA(32C&NJv!4Z1au`n@7C)hmy
zI_`v_tZaSO4(q{_C~s_J`k3kYe#e^*55zcjz|%Qz5lAjUK|%P6x?+xLYGkq~M%i1p
zBUlzxtvc9Ajm-we7P!z&)QQ{et(J*HtdjDcbfThl`UL8o4g_;5G>O&vPnaj1$WcHA
zm?mVQUYX)$3Vi8#CwBU7X|4SNX5!(mCcbvPT8A!Wj)%B?MGnaawrQ2A0-__$>w!Y&
z<_fZ8hl{SK)rg^Ybd90jjT0|*RM|an!v5kBdH3tp$HraHF8p=^`ih_}*zX_E-<VV5
z?4`%eB<O98R1+zzrMdFz@;OVv-w#Rm*$W8{dh6MQ*F`8UVK@nmbJOCw&f%K6nn2{U
z086N-Xln-oRiWn<-}Cz+0mCKOd(VNZXY^z-dTdXR|9w<c6cfjO&P$h?@pkCz^xnOh
zfX3}AZClhIZR=22SeeSPvypfrYulUks@*p<h1j0b)fDS0Wo#r*nnId~=BD#Wln+dd
zBErLGtgA4E*>4c18!AcV1Q@dCkY{k*-AK*2Lzbspw`f@7kh{3J$V4eHcIM5HkGFgd
zMMCa7W&Gl(UR1zl7T<ZKO<v_artm}#g?ju+3AcYfpg8f)*x~6%p$bAvO{FhVFmLD7
zY`Ei(cnz06R8l<|n^jz_<g)kusv~{W{7>cnUg+`UHTiI|MQj7o6yZa$e$Sy=RobHm
z8T5NHHZJe_@wWZ_<oZuwZAftQ{#ityRNV9QtPG2GTC$dSwMq(!^L*+%wZWdPnqDm*
zGCg`Jqhe8F^f3M+O&;QbgHOyZlojTA{p&SxysUd3SN9SmBf<&APPiXj&X4<vdOLg1
z*;&TJ`}mj?u5_!eOLl3**0*Gg$vDjaeBP`g+Iu-yYhUwZ6x(sWLlK9O9(UzIR)_k9
zSy!~2kS*xm*<&W53FOqI^OSC;ZfCh<^b-}+>*PzDHCBT*BCbB?d7K$1tE?+=)jF=;
z!4Dt45MZg>RV$f22k)5=(<@H(k=0ycGBN>0rKOV2&ebzZ2!kR9IDpe#FpP6kv7+dl
zY$-oSpLMJg1IZ4iVe!XgW!4Q;U;P=qd6c!v1Va4RnIuu{*Kw+M**uc~!K0$rOhCXL
z)ond94C3=&v2SX>=bUtANWxSTTUe+Wm#QY0S5WY9uAJc<3(Us6hLC}3mh&u(9=IF0
z(xR;U$UJg3d*crjT@H80+CX|RVLdW9<_JsbmGZ-4diVKr?fNn1-ZOanqjtb97K&pq
z`(HUB5<K)zvE9hp3PzNMS8hFV8(ddlAoz@jMTIAg3Q%qYPR;|7`X+aJZ_Fr;$6_bY
zY)@tD@6lCE=CW2FEeL+QQ;S^-9Cz+`Z%pQTu`c;3#3qzHf54O-6m#}C6`d8WdrW<s
z_p*68g`3+WbhT5xn)a)WBxZ~9+qXk3cX9Lw`ukgep?1}ZW8nN|4u^qtYp)ECv>>kj
zPTUW`qQgl{%LLedsL08UZ?6I^f{9qY_mUB3?-r>8s~`h~5f+5$-PoBn;wX^f<8;JZ
zbEuAG22{w&J%}cl>ntU%>g7+WhH(NyxwQulU5_EG_NPi@)J`)~Whu!NXQuTpj!W+I
zj2#qZPMJ56>7TO&KmeCC4(!oVwGC|rv~t!B#^g}8or&HrczAep`_kn!M{a^^^)TM1
ziNib9yz3($)au{uI6C%jl;*wCv~}1wT)W&^<ip{yE&3DJRZWTc4c9bLZKyW8T^6d`
znF%}zLIDr84?szjG1vUkzLhpZbi9iHNB$1)%AFIh`-S9P)Ya2C9T$(noC4ZHq;t+$
z^3M6lTu;^<i<tqB^c{U0ly5IXwBgYka=Y*&XPEFt(Mb|Gce@|C7j|+>7Fi_s7ZFcD
zqW1agvXrWfhqm&X%Iku(PS7eb^6m7zsXCXDogD%M!F8feDM`uT>FH_HN@Sk8*>;DS
zi%v~0A!cz<N<W(vm*HoswI=>?DcsU+OsX6gw&6|i9(>t3h#H^aJ1pPZLDk;z*}*|G
zqCiHhukyHzjDrn%UMOO&*M?%hn-MCSGfncW_+a$R%C^mOKo{G9kFl`50KlsB`@+I|
zt~CH)Pr}rJjlG9636?$6>&4$6Z4_2j4SSy6F9xAsm*%*NYtyV6qecZ=a%^(3MVhm7
zC5ea28-wSH(Yd9{iA6r*hnuCfewvobJYd=1QJmQEn6tN{(Q#)qzXnuJcM!S46p$f)
zkmjP+!LaA6$%Yccx5clA;7o8`Nl7Wr9{66$2xX!D7ANNMs{Y^Gio*NU;s>cXjaTDd
zdPcv;%Z75d>Mu{r(4&yo<RiA>5$zJ#`<&+L#Khjb-p(ICW46)$e5Luq%%0R$_cHt+
zIoC3R59_ZUP=M`?W*+IN%dSZ|kPxaycY(vu3PPd_`L(5^4sD)zONp$wj#IaUj=2E3
zU@$5S$wn=CeWdGl+heIvv0cX;0;5x+xKF?frhBiyu#4B2-au^$J}FF+sk~vYAno}y
zJ4*e!w6rubmc}Zw4Til4pR{RdX_+?0#l^i1ZOSfl5fKqhO0lubV23A$h8eS}OC~_A
zNlFyi=XhT`{WZ_jYLZ00KQlp1S^?MjD=6jZRWz(aXYzp6WrMUg?zs-gj)63Ee7i8<
zK~qM@obgO)?S9Tf+N{B>*J`e50!p|8Fx4woV>*el1?XT7`_;+}{VpE3r1RE?ojfac
zJ9c0IJqbo9vldKa8_<f1Jxj*jXBkr)SfELOjg776uQvX9bh&2Nv?t+dLWx#AW=|K!
zrcvn*`Tl6n227h33}<pUqi&osj3{Q;$a8Ku0x1uZ7!wI^|JNq;)k4eq5hNogbjBe*
z>W|~8A<1n&a=)>$F<+{u|9Ps*^WOV%?5sC|4ttccQM@<>Cy5j9%Wt2w4X}jE-7v3$
z`&f_eB{ed{3_JwrTwZMTK<#aT@H0ag)cYjWo3^*NcYm`Od`bv@75X$}pDae#QdSPz
z{tn{AsW+~BI^n$8nZf1d<r*I&)#TRlT=%m`t-1x`w)*?}ngJ_@2R*hRDlk-mqd!jy
z9(>l3_Z&;co=+ovs%evA=ubr$#Vhyzn1;sZU00;&nNq3UQ3@|d#>l3sC08tPBK~W&
z?h3mk*6kS?8552&3lYHBYO}3bBdguCwzjr_H{noo2gXxI0?l-$OD(6@C0Ha&4l(q1
z8kvLHFv_SeM#LrR`A^)jNnN(5!c#vkK*2~w?6hv;;Ox8>Jr)9PVAYcR3NvYkkEJCf
z&e$;;6UsaOQqIa5Vt8V7I^Jp3&wyHLm($qTxO(RRPNS*avBMhF7=#E%i)Konh}z!n
zS!i%n)r|JiD1rKb1?^GJ)A_I2Ptx|MBlatL*Q~ajv&Vbkq_wN)>t1-^vKs6rL;AmR
zng3)p6nK^B%Hz~=4_}S2>**ckJU_0wKUe9pqK+|?7UZj&tM^>Y|3DpZoTd1x#=pJ!
z>iJTm`#p55hH!o{F&{)T=5o@FIH31QG-eNtOw0}F)I68vR5O%gU>b_vOrdOEaoMU&
z{Wu01Nz+VOqZHm8%-KA{t7)+|Q8SVUA0vq!`dVW^CUe;pB5aZK?$@!+`2#ot!;s8^
zV50E!xk?;;H8ioYA8|HL;M3Ux{N^FuGb-xlULoP(jt4H#CX92-3=p{I#6W?GK2QK^
z*q(*_S4<V+@Wo^IA3b^$j)(a3EpT)jS?AlXXcAx+)5~P05vzvMfOQPz;l|^`DXzzm
z0~r)cn?U|jBhbTtX#iC`Gz}x++OIl$ln$_PFM}UOyQiw75iFkYy}1XjtE5R<4|4h-
zk$sv;zG>ZCj54kpWlMGfR-65PY;^_FL%i3owsd+QvM#nzZg#0`cg36+JFv2aGBY#x
z&N+fIp5|7zbZvN1R7SPo>=$z3&811;iLLIC_r6RxfA<G}{yM48@x%YqoBP|##nVA|
zh=0hzKQPcsQ_ph8B-P{S|CryzTb_>$@L|nqJ*Rvt_`HR=6FaN*Q3&_}!8a}=w9SeD
zhZv5{Z$)m(=zT`^#25=1hPPxroRBIH40;CkH0zyeav+y}`SK;YveV+SI`L%ROP5WF
z5QpsA=c$;>XK-+&RS<~24~259SYl$!I6aFhQcLS+BPxSd-EK}yhC4@A#Wxs7W+dnW
z8#2>d9F!K_y4*FP)WsF=s-u#;>DcSGA@*SuC#&tR!c>iL@aRBgwWd25sy+vrVPhTn
zXrHU4@kV!Cl(I~Jftm>nHxG)BH#_*!-Aw`Q)=ejAp+I8qBB&NRfuKeM<L5<X$+^uo
zx?7_*l^;Hw<G7jCv~VcKF2(iy8-MMLD%gMxJFRtSKCT3+r1ZuBVpx(H1+}0T3dLTR
zsl?+P?Gmq=sIniW_7LTl8>-w@lo^Q0t`+ZLdKBlYbF~}^``~pAWoHo<ZP=b0d!9?K
z<IKFSCslR&|BSQz6cwiyMZ(!)?h73U<p}|bn0{8W^ZIIuCmCYyZ?D;vJ&nA6g!N!t
ze`2DoMJCC~O2i%@aKe4`j1$0INgv8a6)pOVB8boQWx6Wwg0tjg8sC0~3MXUt7q-0&
zB?`ofSOL4Y)R0gLxAmb3G%RidAF(TbNr^cRtT_o9)-Ff&aUd;K3*eO5k7k9QWo2d6
z1pr7>i;pbW`&4jHP<sIqc2;^%Bx4d5w|)b)&AyBY$eC#-4Nk2iHAOQbl(f!P?%spB
z@GFGB)|cAP5CTc!(`~ySPYBK_UU&Q?#~_;qIE){0(f$;(D;*q}N)($+Xi|>fl$z2k
z^U?i?Z}hokR&&`e&6aIc%;iR9T5INbW@u?>Ty>Ssa<t*F%_(vKI?XTVc+Eq#d$+&X
zK(K9tp?u%Ap6?%SB7N@~y}V8%vg}Y6_KP|F3?3#9j0O}6uSH)I_fMH@N~Cq&UGvYd
zBS|+TQpqFCn%l}%UQYf4srh@!_n*zy5Pm|5^}BI(B;(PW*aPg7!~46vb5ngJH8pk8
zhm%=eI{4~$k3WLH2uro{x$1Y5XV3h@5?N(1@O%Z)a;8-@HJK0@P#t~LLFyKC<zFc;
z6b?aSXA<HWe$LZhFb>F?q_5A&mG}<BjT^HCt?}NZ$T(&K|Gt;8t`HV06qlcwnO(k@
zSNk%qMh6jyNE1q!K=O7Qrnjs)=ICXd8v_28Jz}|AJ(}q*g3CY-HQtEwlcLcdV3w|d
zOe$lw%~?&SRCbm2NKt!h0V?rE%_diXk=kGqh(TuHxhuCD7EBl!8Q+5|7QsR9cLa&<
zLLna51lKw`JJ0RVJIyBg2-m+;yP%XMWJD;Jbq`7?3xq4kXTx!tHZK;4h_4P3gqkM5
zvV~+UyrUU8WtOuAQd?Ev@h-tUti6L7*Mqbs>)szaw+I=n8H<fFG4=M@aUG0^R8XUu
z&iyXg6^5#cP3w@`**-E+KH0sq7CbSb{Xn*?^3y)5_JA6MBJrdSvxx#ZuKN0E*dn!{
zDxmq5LC9rz{0{ylX8xq*?{EM0$WqV$=!Xt3<n!W`?^o4)AD0@da}VP~%}4%Gai2hA
z5jeXmddW$7A`|M9=U7%&R?To4Cj%UX(a3g_NNTt3@xisR!-K7T@(MUxdR+63p3B$2
zMl@7}wCwx?8f6`i#fYhP0nU`-XQZU0jL_P!^H(mFl9FO$cI@RJ0e*J1;LGZJk>0r0
z2WlI)g5bc4rlO_YB}?)a;4m4YLMBtbQFy*O)RT~diHo?tzsOfxk{9wxWOH5tNu6G9
zHR7S>>FDf{TeH6pHU;aM=nK2nWIoDz{jE9f=t<l@5Z+pWR6){LoE-YVy4|7Lpx1aB
z;3o6^p`Mld)iRY?=p-+>ny&rrWci0b3dh5KcxTo@#B#JBI2rJA;gIoWWj9E0Kj~=6
zqcMMzr}~ebwR}eP>S}hOtnRRenFA!Chv>vaNKV@a1u<eL_fb!+`tvBzN-2RIea{oi
z4qJGkxbSHUevk2x5pmF65QjYlFTT|!GgqD`H-g)aqvcWJ`Hz2eH^5IY(qqfHq$6_l
z?;IG5Tw)w+uXDXwi?vggJ(B*oKCHdG6XR037_dzh(Q<BPDB%_lO(1|yCNZD{q7-Vm
zWI0qBs4`{adw}heW%LpIpKtn4c=*TPeG97t6QQSov8{p)_kBl4$M9ar;T72u*tHw5
zO1=4Ou_*A|(G@%V>qNA~j}~n=GrF3myik<sB}EIi7(*{y*ghv|V+NT~xU@&N;f{4V
z--fzZYt^3a<K<W5|G9^Myo%$OcY!`1WR^W{sot#NjE`st2?;;<^-W$`0?HWG_3J{=
zgrS0xCnzqCJdssP6*7Tjc*C)M$;?NIg0CJL!vc}@xD<{?mY&f!w?C=^iXT_eK1QnJ
z{y*%x-+n{}8+MO4tZqmYBz1LDRK!^+DFuRpgLOd>F0ZO8F5XLLwIe_wc&ex_NZI#u
zW8vO~3h}czM~CT0nkR?P`o4UbZM7%Mi7^b_DH3fx&8;%vFY`N8z)#V7Dw~Wm+pugy
zfVnl2i1%oL{_Dem3**N^_hb{Qn~=rOR;+V~dyI2)u5j;<2tYA<D*K~^=@h93u0B4S
z?^av*_A%<fhur<;|JS=W#a5;4$jqdtV`L1SpEv5tNKc*%<KDm4eTcr<D(lI*>w1p}
z?dXz)z1=nz51`YoJCOY_;CyQ_)X}q~j~Tdye_zk;L>KZ8@ubow2bf4%K7L~Rx6Sb9
zRK$U@dvuhkqoV_%?yNbztPRw2ajB7tz9YT*|B?6J@l^N!|9Etiks?Kul~Tw&w&IlR
zQFdgNO-7NuPN|fUMD{3~?2%-pLiQ{qC0hzvnf)Fw&e8RLU)TG}=l1>ccl~vhob!4;
zpO0~Wto!4~57(<Z`fh9^d~n3jiz~pa?XZQ(0W#e4%%*tnZ*t)HI%*EN=9x4@8}eca
znw$2U8B=AFE(xLMg=BZsjFK4t6k_7C3fR&8EkUN%)|r6f6{MtY@e2sJus#e4Ibva9
z5gZl80lw9TKfx)2R)lca?ZWoR9=d}EDNk?e`%ejiuia4YWqD5BWc-Xg%K-ni@oogm
zd#Z@dt|k5H;_+Uhn60I?mD$?bTGhaSJ2W)ZQ!=u<yIWOP_r!)?d>^(OJxGAkrN}w6
zbD#D#f-o+;z@<a7aN(n~O`M&nx&hrT2HaUc(eSo2Eyy}FAiepx|2vfe|Ky2Qd`gh%
znKL)Q?AHSiMPg1)P>|^?7n<e1Btd3)T63aBLapi{{cVc0xNmUXR}8&J#xNqhx3yn!
zd8cShz(Eu7=gN3Nz+M2a_Ib>`EA51)W~j>+Pok9>Ba0S&cUR>w#Z&LH3)`BfcV<*y
z#R)hCH=*YD)_{?D`iy8fVYEJ%%<x^@2`Up)G&!7kAddg`zlz*H{oT@G!(03r>FJ3D
z1?uS;8K*v~$mMhAmC|6RNDq1b>>u{ALG7**qiWi;G{r229{Sf@S;(p)zCWcY+jLW>
zNGX~I2|*|furLCs>NwfQx%9Q-*Xkq}M)LNq2M7!7dxD*Zm|%Qu2j!oh3VBi)RL_SG
zNzb2a!zQz%CMG66{PZeGRH!NzL+-r9PZe}6e}Rn7WEc7sQzW>b?`<-!A?NxnfMy_o
zuYXRw?!19nAsto9gh4x5Ny(e;kb(FCUBUGL`Wmu(uG!lk6%goL0U&cn{_^D~F3_Uv
z$p-_9KW`ZgZ^5W!5u3~A7ZqvN)z>FId2$9yH77@M*)4`gM(PVJ+K+H^H;3}Jun`jb
zuwsPK{M>;!S;YR_cbtula<vzlcNKwV^pO#9;4Sp^vmugBSM)}SafkE;<K3)$HK$gQ
zl7Nxmqlx;>@OK$mS;~U8eJ3(AGxN-v8SD#A1*KIm!hF85v2nP;R-hMgG3S3On%<d6
zIXSuDM~_Uu+kV~N<ir0_pK?hi-V6(^{^t-fgWZ-_uK3{XKLw`pzV}=N8+%oR@}6K0
zLi~L~C9EnUw>Z6l1e-;u$z+c(uT+Qb;LQx%!8dnX!_+j{C4d$!otKwKY<!J*3r=(P
z1%`*Yabn^M8yDB3Cr=K`ojW(Vz>9{?a+S(-LIKYeXEqKFKN-SdJcJ}h?PH3j4f5TN
z7k2FEUib^WuW!sLiKPqyWw*7p9nR3oo=5QsUFl+i4l<sPT^UA}Oz5LW-^|D>D()Im
zKjeqENB^R&-Wi0apb>2E-XkI+-B+Y_*PUi(XuLgYg$z`oZqv*Vl9j?CK8cHp?rXV>
zF@yg;x9@cF+0WBLFXRxv>D{(rzY{%Wyr*(KIs=96qR83FXJu)rNMR2=1fJU?=$a1w
zpYHc;iTD1tr|IdzZEdP)Sy}VDB7#g4vl#~bObEWxdd5on4QZI#;6%Gci-03KZIxe8
zaK2Eid6~paR2uqMaj%XsC$tHb-ebM*P{1}q56V%tpomA0SR*1LhLgm6OifHEYbVGA
zC-LA8Z~6bh*!mJ<=jR<QY;35@%(95|h%KaF=kfRo@6Wlj>v+z-6dHndyjsK)Jyqf)
zHrt_8joo~TK`<}=y@i*IiD!?*3x$C%W`QiRs+QJ>2D2K+<>ch#du!>~hLDhb%^bYE
zl(2Mh^Zftk|6P{GNJc{8S{33!92AR)(vU+-NEkr7Evt)*3oqK1^#<k$34C{Ar{M|Q
z(@=~NY6`c%RpQi5iykv}<!__8HN7dzW&4?;yDy6L-GN$_!?Sbbmvy+wjcxi$wRJ9D
zG=Z@|R$mJuzPSbHbA9OVziWnr9Ire7^1Rp!)T5)LK}AJ^Y1!Ffb#--I%#Bc7ms3zc
zFT7KbmnXKU{_&==cS)*}p=pqI%~P9D`5sP!RgT2}Vr^|c=Yvi#Z#}?{$6+lo2+}4;
z9oDKOHAYgXy_hzp<T*O%D>pVZjSSPQX{f6^97OwE;ce~zJip&RsA8f}ltqh)UA*V#
zmz0_++t%Lxiicepi<uz1&>SDYDADJ$%N&1~+Xz3B6;H2-hoYZ<!G8qSbFbaND?JIN
zTkVG_s0d+A2ACphSXEbeEC@D=?C8!lx}$Ynk=!^rG0|E7?%lh*yk4x>EodpmfXJ29
zg7wG|*=yJGx{05!yK{qF7YV|{$%ivFy$(me9m1n?VidLAz@kT01oorIrb)AtstnlU
zl(j2FnGzE6ZcO>f$<-)c2nIWj21P_gDO_(jP`*1HN!x9H%s>C1cRrz}Y<_yWyu5-!
zQb|dVJ>i+iCY|<+?qDtaC+E!O@zNFPeXx0ws%e)sxiB4GIP4TFmtJ<^QRtiksAo$V
z#@;@kpP%1ZAJXHonBkmDua2P6?WGQ3O;4YmAdJve{Npph0nVO|FDuiV)i1M&)z#FL
zmd)SusB}Mp7oiXOIoIaxd?q?98l5)OGWRN`2ucs1&E7n~e>Nr>(aiQ+W<8f^a<pom
zf`Gnzr`c@v+Lw~mUmKe02qW0o*kZLVU%uQ`Q%8b>YyV&$e#<|25poOYB9eD;d9JRm
zE~}>Y&@58D&Hv4QGv)rhpJ@y1<m?%63hqmUc$}Pj4Fve3LeS_=qY{qKKc@$-0v_2(
zG=Xi1jHH8D8>kg!ZEUg<lanJ2GBLwI+N>0+xP_~OV=89B`O7B<IkYr29S^oOG&hIA
z@T{D^eyrH`$6Bb%vVb&qak8r6f$@8yr*_HWFS47b#9DVaI669two-<oW6me;!9V*k
zc=qXno`z0q?C`Lug}HeUjEX8is|*Z7rhUL9-{uqWjd<|jG*kPxTaUfAV$$4Egtz!1
zPk4lrv++vF)8_XSz*Bh!a5#iV^qW^UMX0&P`{h-Hx)-UZipXBv$$im+7g)(Ug?5sz
z)TdW->bzoY9SRd0;pdYD-EJuoMl^-D<D-y&7IB<DDwCk7+8Uag9zm*zjh#JscGdy-
zPb7$6`)})S2-lWph0tdGSuRn4Yu;h3ys5}O3ZJ2CTqxzTk)PdN`&e_DoOC10TZ$gg
zO6a0d)1e3XP;{degs8!xp;EUR%ncl>@8doT|8oEEM~a#M)I9Wvj}J;tSy`}|U>`O0
z-ZuZm3@piQcED!pyn(pF9M+i{o~=2fxfdT`45Nt6s(XX^m}yWe@GPVeOFckTegWHX
z;|8HU3o8yiI9xjGfXCwh@<?DSY>1)H!_TJoX*21l=?DO>^U2K@sNhSjIO^PSnpdd=
z7iTlxCWJRH6sGVOmv)ResIVCBF@D$4;S7%=H#j^jZ)usn*hy*}$Z)Dh{q0|%@xR;@
z#)0f_xRvTju&F~fXM&S{C8?QZybDY;G{t!{;MEp;06|ldes9(BwgHi>?U1?gKIPvH
z$O;Au#(9I%9xIYxHZ?Y;s2x0v>wm(l=WjLt%l|R$AQBZ7P0Y+x8vpt=3E<&}zedBC
z&tut`DK3C?8nOg#{?-KHJM>CGKtN#Su2E=La(Hr#LnPfJcjh+LlUck#<#K(V-TC6e
z!e!6gqZFy4$xWJ);UXd;$)cv3n$*~at`bx@IsRz>&3qFO{Z^}!M)Ax7XCet;SyeS6
z5?wd==y9rPr&l><_LIb{q}(`q)549i8-D7lO4AdvlV%Dgij0a%di?n148&SrRq54i
zAFaFF{k0wA;b10%!^01}Z8y5|?~;T2>E|by9Ogz~IIRZ`$rEE^V_bo^vnYKJ!Hqn~
zr}jtTPW-SzWq{dFdNQ*<7<cD$`mUQGJJe8H5q^Lf_vW+N-Uk^cmYk%c=>fIRkB86A
z&9(LPjJtdT?%C3pq{h_y_Jw1T0mai`6|>m?!3-Jd^vd9S0sel^Ib{ElZQ+iGCf9lx
zG=|XnJQT8sEv_xTE=4SZ!DUuoociu2EuP*b(XY6Z#y1NuX;?#|-k*jv6VF9<6FfuR
zNDE9GX=-c??dVXS$=F|u?A=2a_hvqB<=)Db62A_@xVgO;wI?mPT0k9|dj}8YPd<dm
z`!;n<+D|}oZ*Sp6i5SKGxf;FVgTA>iB8xwRN?rmX@h%ZTVbL>8D6AnEE2nu(@|yn5
za9Ubg6rW_y@Ok_{-IRw-0mi=<oY)lg-|{cJnG)Z2?%e}O6DB(&_+YoRb2y(pF6l&o
za^>838n?1TrJLdOXc=;ot`c;8cLBD~V@#El0w%h0C4qIq*t1YaM<;S!+P<HS0Q1R&
z<~PMhqJO`%zdj|F3H2Y^860FvVR~q<7+?e=GtLMS+;JD<4(OwSP}8O|IZ)aS+@x<H
zE<W1Q+j{~ad!GB^HApK>qj+DCZAg}>y!^e9(D3llcT=M@|NbQSp9UF9MlLQc@>%!r
zzpbyAB*&)GfLWSTsKuW)lRqIsiPI1x_C7i{H@EcxnySgc=fUr!Obe*)?cq1A{Rn93
zh&c+GeiOjt`klPj)uGQJI5N`Gvyd<XCTj#W__h>LL-w-xuV&(F{7b<zk^TD2O(Thw
zz+Gii5(OI)VRo(lZPwUkAnhvx>dN~pQE@ZeM-o=0S?+^PAJPNU_VdkYXla?<2rq{R
z+woV~VsUbzrQM34Up@988J@CT{D~1UF`RGSyirwGKLTdss@ZFw1Oxci*=%Ms?%uIe
zBweo}AnU>hTaU%#qU$0&SQEEzo~{Et^y8@M-6KSQafR<m1biYMJ~T=<S`P~yJViz~
zCG)T1guleiztg2Khho~t0-d;rEjx3*F*oAfv*fyac6b@b^$~P&EQ@=y5AX^Sl4Z^r
z3*u}cMGXk!fb;b7)$zybHAoLxLxbW>9$|zIJ;e1=d#R|FuTn>E!s*Sg{)-O&{ySp5
zzr}@PK0&6Vv8610AU4v~qCBLyqww7gC()X#?2iXg6vW33Z=nnKm3*(2k*wszp3g8s
zVpGkx9e4}+Ow-pB?@s@A6n}jlCS5{$dipl#rU!$ps;w<2i`Jcrt`UH5%xZ1J*L+^b
zW8~!Sj@qyE%+h*#JgUgHUQaO?h_x=f;1xbrEyaj;CYU1#Qh%*+H-PsRxE`~orxiJH
zc_Z^%imRcUDZYP!3}BvLKfxSlZiL}<E!a@E*Kbz?+YZDHRvzXf!W{~6l=s0!8NewQ
z#g%>VcnoT_?01!i6thT=q0S(-yPd)m`aIGC*KJYzU8#6HEdG5F|MY*pqFBQ-kt{NS
zAxH!L89|8BRfJ@A9QuG*BR7u-dYn!Ob6|wqwa>Y3*7TQ@K*TFrYZ~r;TaO2jkP;ys
zSsDKTDWUbq=_w{zvqn))?!oKVufusS9mby={vH1LU@*3*r$MF~8lfSN9?4(7UZ^Dm
znY1U(2BWvTeE8j18r*s*oWU41&ZSy!Sn?A>%93&T&&D)B#@0U~$r%4_6qAT3uaXjb
ztj+V7LNIX5w_A@%&2|S8wnP!q)pkIj4xxF8#N<Dn&)@zI+eHKF6$SxD>j*#O4pwgS
z=jZ1q6&GIs=X>PTsZ;YR;g?<`qS2Lf$q=tkkKrL$94;N8#+w+5ba2t<-+Y<*c|P4J
zJqVw1{J%&J6GgQ5ZGPykN-8bYWoKtkOiOz^Q;k#hC=(h4i|+~yNzjF`V2qGm50_iU
zD3XCKQr2K#Y=K(9m`~)voA#G=H!&XZ*(dO1vbv#bj1Rw;LKDho7YG;L0^QF^4ZhWY
z^XrIjc;}k7wl<1y*^8DIU)lNR+r;1XYj32ds-Un?4qCC*H8mkjzzPHuvcWkO?l%#~
zozv$c#I%1GA?jCrRyf9p*JnEwZ@Xl_VwHD=WunPzJQan7oih+EoD1ttOiGeN(xBQ{
z=)8{z4n7RI3>87Q+gr&v!lRun+Q!^is~_jgK;PfstnV?5ZwM=+gtXH^fj)e{5%Jl0
zI2B^u5FYZhXPvxiYHCs$#+FQKkUjRpn1)jaw*UL<<9>?KB}4r+)YaE@<8@geA~q|r
zZJ@;&E2bhu|KGXt9mE?&BQR0Zg+Cu_)~M4%0t~CTx(dmOvmD0b*}v1B__O+(z^?xQ
zyGEIFCK5U-RCRRN;Xd`Z%gM_J7ZmW%OvuQ|kuW!|X(ty8bM!Y9Uod6G2VA>BiXA8(
z{zi;zkPPmQTlyaNLI`o}OOlJx(TCLN(U3F7Brhwx!N0=4f-`6~&?iA+HF1_FQI27u
zp^M}ere<aeSFh&o+rMAV)zvk-=~WcPsIs>m>-!y>`VtA}-%|QJh2whxPKELXe;LCC
z+jOIGuDg&!RXu;62}~J(DDPb8hAfmZklAj6yuW&be|SXV`+rj>`!6_kI(U6UotlGR
zH)_N6G^(OiaMxoe%k<<`gw3udW}y;%t^#!!p5F8|r(E`qL~H}DN`mwSfEpP?2737Y
z_ed~}N=gD6d~-V|>0TpnJ1zKk$J8Gl)mI!F7`WTQ%Ie|Lk}EWOA4#P3P&g3EQWSf-
z{pEeg531WGZKhC(9k@SBuU$p_SPIoBJm}r4tvff*^)6zWu4)k8f2&WQpOo|ll5v}*
zkXRcr$eYhC(7lHE9L2Xi${vOPy-h^=k8)4J35DkblcdW=(cngm=p%@5zvpwVGGK+J
zzhNqq(QGr4JqeGHFmib#MSlZeTK<1HGqmfY=m(pHF}$J28<zk4eviFOiQUJ<`wk_7
zxG+5y-W+3qG!{hGr1;;)_#<wj_tq5~n@6{A?`Vb+5LYV3bOX}M!;A;)Mr%{A?$81-
zeT0=&`n%88&>?)jH^+abN4}nf&gS6g=o7yYw!O(A2f8SDYa@HTi2b;uDQ1}hMq+tD
zA1O0HA*uidHtwACP=h#C+op-7C_%KKvDf`hnW!lk(t@HQSA8I44+8#1c}E}-F(C$o
z2DLZ!w{T<sXR*Ryh@eO)CA90knffe&-KQW^Rn_3p>d#BN?uqj#%Rc<ddH_!G<?*Y#
z@M17kL8!97sl$uk+%@Dk;Q5Te-(UK)ry!eRm~@*LY51J^3SAk-zy^zy*wE%~Oln@)
zHC9L-Z1qKQG=BW{Pjc_@w^Zi)Ac6k^;19%)R=>Xwr@KrUr-m!!V>%FoTXNK>a#I2p
z2;bciOR0NoM1LVZWjq{K1PVw@ybFS1D<PZS<4|PfeXN)n4OYcMAI=mpai)egzw;%3
zc+x3+f)iJHhl1dS7+i@}V>@x;Na9<Kj!Y;TaP7vK5e$<va<&(*9>Je2#WcLbM}sG^
z=|<ln>I77Eaz9_8JT$uieJ~fW|DgL7$c>O}0;59;E|33xPb~UBH3I*>f7h4S1(*}J
z`30^lL2o58kH8GrFV?`wm3jH<wLc#oJlb<nS0tw5DP$i8x+aSo;m8uRP~J?^2%S?P
zgc?u>K80<70l}zv)~(cKHe47qG%+_y`BA?GPP#H>Dy2}Qo<0ckC&91<FhZ$q&LtXI
zGZD|)=mH1U6xD`rBz>I)%F(5F(G)L;SC0c`eJ=HEz4UiB<1%pYzg<Z`t+1X;3pX5w
zJ$pm&?t-1Xnb{Yyil;PhhP$4?DvrFn6Z?nT-E^{qNXjoMNlG(Imkq)@RXx3LbF3VR
z5pi+cVCMa5D~%v20*t0-s83ultd4^o5UOL!N8)Ln7u~L-`Wy6fr&;k{UJc&nYRQx$
z^kb}l`(-syqRID#P_n0^qdS>hQX+beNlh{oBr?xq*^w#-*mzQ&0t@xT>lCcw*RQUS
z$2B^#E~k@WH=MR;Fo}g>@KMG?+!RRJ@?i0MKJW7~i_g4BzFS9MRdw%GW+i$rC>)sE
zov+CnD1!kOV<6Mtt<Xvj1+Pua@z1g=dGWB@^#<@z7S`5trLcmW1IA6z%=JKuRtsC&
zk*S>^nCPtq4yTjrd0(nph!&<xA-t44NG!A2gY&;dctg}Fb`X5@bq9_&i0as&^7!#K
z|FLtiClHFA#FUgfm(*XzoT))Zb88W1u<FcC@oeC|@g)o1Arw`6>YknHU=}%STHF9i
zwNyD071<T<-*t6$jbL{pxzGuF?!(t$zT2$?s^bsAHjA}#dTeSLFB@dKr}8YB?17aa
z`Al+|=rF>K+2p0kq?TcX5ZAN%KL`FGs-BKYQ%Ea|G;O4nQ36}cgCIEdCJsH{wK46}
zleLE>-h4K_!eB^3o;-QtOJdQpJ+h>G>GfSI6KK6h@za-15u1tn%4y+_4pR1%^i8vz
zU!lEaI9mqE3sSPipH8Aho7TdnNE64frM`u7noBIk!q6oLp<e!1f!5yMD>uSnp+y*!
z4v`g5SNcl3eK=uTEi;JVwMv4W;X;;D>oM;$!YFuINpLs~wY5w^Z=W&ZZP>rV1aFKw
z8R~aA@%72zGm&&Hu$A?3FLcQVgSJ3g1<BR<k_1W5NiiP=oZvx3D}noTA4Efh3q@$)
z&lDzv-~-cjuXk$1svyJoPhMPVrNA&<18}`I*<%jH&dXV_p=Dw!<#Yp7VVrMq&J_c3
z`guVx_6UD~OWY2jObil3FTT9Cp3bf<8{D$f$1oE8#cH|wzYa<kr{ecob4P1>WKBQu
z;|hj$)}s4+OZDJ+uF-D_&r7IQ?&`b80vQZ!G1U~g8EoNDgvRduPP-KkK(nXs2+Sey
zy??50lx_@zmJvZow>b;jk~C{N-UGv;2@oSDi$XhzSYunyeYWGrgC4NRMAn5b0g6C^
zZu1h<0gf$R#WupSy)8k>HooQ8hU5`Bhfcn1&%<nqX-1u9J`6y6PSw(()Kz%k4Q#P<
z6>#dC{m&Lj%oKR5o6o)=$y}!Is7EKX52H;RrW%%E&*wwXp<;W(D&n&bF(+@KqoSge
zDAt=<?o`p`Axk^cf<+uBF32e<g+fSz%(5bDNz`jrV0(PS`)@T+kcnh$vZSyFu6)*p
zEu&-%lm0rMiEGp@aY%!Wgy*4^sPs5w7k;+}F5Qyf9!Ym328N)ZqkJddr79G%3~Jf>
z<m!#jRdP^#@Rkq5Yf(PDqLHIT!~r<d7AI`Q+FbSzXiDyFZv{><Zdl#v{z)u(CyK&O
ziRs-d$dy5O2(2-Xzyea`^}=SMwBR&m1#)9cvDp?$6CfDP1G6ymgQm7)K)@GrlO)C^
zj&hrss7)F9ALb7eLVD#xkrFV`azJOFs)|bM(Zq<55M#k}??>$9<>i--?n^t}1`D}s
zfsWJ|D6#l}-z!4g!?nWysC?M-`WzCo>N<Hoe42>(4tP(y<Ms$1VUj1(_n6Z_cGsRv
z@B*?p<F-UO714vY12FEyuP+O?Gt@p!OXEGQm>CS+7xve#8G~W}5n${73dQ&AO7~^z
z51#(F1?TQmqWA^|mc6yN?2B09JJ~+;^fXA1Lod*Oq*XpfJlxq$M$pLg_{K?pJJX=^
zhwxsW*w=Ti+X7NS!wX0w<?<DDJp5*UcG-n~!i>1QJU&_pPj`bCL#ylOc$&2I=NG?g
z!1nDL_%0?%`P5to)2GHuaG#8XxfD%*i3ggfYCA~7Hlj*H$1e)9vOx&53t}&TK$90-
z?txP_o3+!m;sYYbwy0{5qXMfpZhsP)&UA^Xs;bJl!%t!^>Xb&=<j@q12OmuHU@NNE
z=+Kg=D)t<g8B^`t%eQvX@|^{?&$G1R?#>sQo8Lz7cZNZRL72K&aDa*g`>_~@;QV8c
zg+K_^nRH%7Y;=v8hLx>%5kU3gvPL-)8dUZ^vyCG$)6wAn_E>3^z!qOLNac<B9XS3$
z1Szr!=YxiU5ZV~XSM~R;(zYFmA8XK%6K<!Kam9tg*q;<RchGa%o*p79@xgTw(^pq{
z6i}ro@ug7~WVyvjFDLLMwZLq5L}G3Fz6tQF_*rEFnSWG^rL^>I#TZcm%M-EgKje_n
z<pJ7ByrOmZ$6*gs+=m9^0cB|LYq!I-qAh)r<ydcVp(<`@Y@9>!UEj5|fZ$TB;zwf4
ztEl;w<c;Fi{~_82w6}obPfTlGdkVXoPP*#@%DbMoMrvV+fl+4NS?0yei_hwC&NmqN
zAQ+_m=M;s})zl$lxFdw_HXpR!P?A0Bi^Auk4>k{BK%k&LQ6SL;p{j^)g!<jt?fl5@
z!Gnj$DV2bQ8T|=1jnu*}Te|%-UNGf47%29A%3s6F@UfLFa5&fQ_kCoStXWqI!<0h+
zYxqNXHoO<ojlW~}A@eg)OOidX^Jx)Se12*1`=-5gB8+(8ro_jG1Du-}_J3eqY}fu4
zo<wo70*5hGZE(rm?jQTW$Kf*7Uqo+<+s@)K6=CFtqdox*g-)xzxpsvA*+o)y6flx*
zTl7wtgAYfW1)iMiP$Mu)zqDR%1>R7mW3kRp()_9GzZv{m3R8^ae~Xq{U8OpAl5)S=
z`Z$nto#oOiC_*%(9uT{E7VP?yqtVY{zSiY4c4xyLiMa|603g4jU~<Z!4goajCQF*F
zM}laxwFGCj*s4t7YfM0X7CKlp**Q3%@3hKR)_$<|L2{QAgydgCPh3AqN8M@01hJRR
zna3~zF9ODh>#!c9$8Mz$&>N#<qW-(}#oG(Oye=(Zsc`Q#mU$S{-u+x+^-h%LyA#mB
z0R&3Ig9|cC2l>6#FI*U<MbZu<jF}I_=YiKq4JMmTH}hy^>Au~=df21&fI%<WSp{LW
zS7ET9Hh0$n9t;!@5rz8!yKX3I{g*ioY}@LMn(uEJ@$TvANh~ifhn4^&xVH}}k$dq0
zKz<F(CO78Gq4;lBq(ify?eCT(q_qvOv7MqJzzx`%8CHwXRDBh178yB&xQIdMF`2y1
z_+Y*o);`KA!(dl)PQf*E=sHg%Z=ZBVX!#L#^iu{Gq5ll}z-8Wa(H<e3K4G{jRFIp?
z%YMK;!#r@Kjn%j-=Th*42bVnmlD+za5%R`35F<I&js6(5UY1j*K2E<K6D~OZrqpF7
zv7|%?;M7roB0P`J>nwm4J{QFcJoYmf*o`-(@Tr9DO~_0FtW(ZLU3FNv6YaIOcn#R%
zihtbyCQkm8#uj)YV^%)zl$dfgD?lX|>`m7^Td1R_7lV-Ml%4;~2_RG%Yffg?lVJ{R
zb-v{g#=MfNevbdP&0y&tQjZ(DSP2brvi30lnS3Lu?C6mr;WsEtI3gU)@x1^MZkH}S
z=3s7wzE8vzoVbvK5&!vlyU2KI!l0SNa)e?8-<$sKYGo%tDgRMOhA`N}sL31COVSIA
zs(t{Go=f90%*~aN97mWb^R9IBxxm&!DGvD^mdGY)t<JZY8ksNeC03>+MF#xQrMCqE
z%8CGLk&=vrmK3C!5J^5l)1(@+4N$>eTN+EL2bzbE*=mtE^^WC5IGp%^w9S*A>KM?&
zR1&sQH|;w4mzI-1o(vWQ7J&4zG>sGWb#;pS6*A~yOrFpEr(JiURhSjC5@F<HJrN(Y
z<jfayoDTTfg62(^tu-(ZXrVk|wy+MYNdMTy?Y9xCyj{Sa@YS78Ubo!+dG~`+*vk_F
zJOxYi&A_qC2@Bu@IgGBqXa}Y|*!!q32$HaCQGMqjJ8$#O#<g9NeRi+Ne*nq6Yc&Js
zehJCyVRGWv;eeVBTs*%ynEXG$+VAWOW*2m~=Rr{ah)a(hSV=>YlUZBGBVej780HJ3
zKE2S8YZr<a!Qs%O+}zwdjALSM?B~gG9qLvw^BBWtQZ6enrB_9`=lEs%-S2*#RSB)}
zgD{BvLvaeWqdh>vjT(~4k1w=fWgs`~BP(!OEQ+!zk>e_xZS$2vc<7L6f;@l~Y6SK$
z&jr1|$AFR5Gp>3C_y`ns>|y9l5nuW-40}zQCRCHGp#c#_YtqXdYTPI>Op2gLuTYH^
zf4ss?sb@0Af;V~#%y!U_qzdIKMOn2d%~nNudA?>tOIf5#cs4>kg)n5^JDIvUT=?n}
zgpogYP4c#HixA}QT5cf|T<h^9#RK?umTTGv_7S!M*IyI|GTdyoHz_IU8W4FAol1kw
z94(l;>+if%zKD!m13BK&QO~OD@jDb?N205Cf%yZLln#nP-kL)!VS0`c(RNiNfwSEo
zl(UMzkg{=e3)xD1@nuoGr3M!LY&qO;tpSTPzL)0DH++%|roqB5AAmY@Y!GxEX0k_G
zCY)}B(57`n75a-0k*HW=)Z+X)?u^3Bqdca)SxQzI9b18p5W^uzA9lk%X1l@GLu|)^
zHfst&HhTAjzMtMMTIjFK7`3Bd_GUq6YIL{E`MyBR0n{vG`lq$|XJt+57cX*vz+z<0
z48Yi~jLJy-aJ~QCdr*BFU--)lVn?6?6rmT6Y>-TsNlr<rhb`WNK=~s0f`9R#70>Ed
z-ti}^hhUiZN6e(VOtn8P3$W;s&wtBebb>{BbqE`^%e8CQ20OJ3uCGQTO<7A^kSv(I
zJ^P11|F`^aBm7SGlgvUVls_~7;%2|qmDqs^h4#7_L?Ms?c@!osek@Z?IG<aK2Hy>j
zb*Azig>kWoFW;^im*+BlKA8TlvLCX9+m)?hlK#h7N?aXm<T9`FUON+xt-=E8+e>}}
zVaNCZ&-+%We41S3=jWSBZ)%`pYUiPwtJ}zpVz0l`&I39hhEEH?%haL%Y-O?8i$V1l
zGzmR``3RAToL6TbPCw}3XUgbTv;MT)w=f8Ej{zNz`M6LNIV2bQ8#V%rllabwt(*hq
zELoRi<kGIR3bS)_+AZ+)a$wk9cI0z2D`j?xfT^`-AUCI`p@|xo_83Dy!Ac%D)I4>^
z`^{s#0w8{DU~TU<gaZotpNEp8Y<@VTzpO=+Ro%CP{h^MFYKE037~nkU_MXwH@GM(_
zKy{aJ5W>0h<ORc`;J2@cW<ZWi1?mQ4&*Fd(R1G$QAEM%cwV-zQN0xxQX$XuR_39lb
z9;K0_mn~qP+~~9Ho9gQy0?%byYU<Qd4<G>+=*@cRz}UenimV;DfDF>;OwS<fm3>R1
zNT3U}Kzq^|Kiw=yPsw^9xO%!8VHU{nbf$s{9;8Rsxl9CMH`>a{ffxz1#4|S{&Fs&w
zC5;ZxLM<~ka4tfY+<Y7zWmN4yrY5V_oG=oO?9QtJ={5!-R#jE~(s1@kF-=v3N~!ZM
ze667hL>E0V7)^ogqW;;L?RgYPnM(&AmcoXPp}cyonQ<*iUxYHO*X!5n>9}*R9xvS=
z0S1;1+c$M!MRb6yj~!A|Bqis*VpexnXpX}U2CAXNhsr-tr-5nesF>IX4&n4)LFbf|
z$QKWl+qSSj2Hz@s|FInTUCW$8q0Sk|k0Uuyo)lniu^*XtX>fou_zoE%hfm>K&f-JC
z$&GNy-yE9PPw17X!!GmVKmrsT6vPA#kT7(Gfz`f#fVvhSlQRN4RyJWn1ka@#x(J&V
zkIYFS@R_Ac4fvBe1MNYy=?7|9yfOC)5jqoO17aYX2at}0cITVbBTP4)BS27O&3<iM
zqSURO-`p8kjv~_^%_9U-b+(=}QCxbKl`1#y>0nizbalYpermTouJ-FeIc(2%@mReh
zvGQ2!dJ8b`sTHJ~8}z{H5JiEO@9DRCmYd$b<t1o>MAmHwd5+IXwk1FdHUxBV<YTLc
zU@U2s1q_Z?ugKQ(TExN}IY1Pp{lYO58V}@QAd|!d7Pi-(Y=(46$4F4}sra;J6Xj@O
z6=3sZcu$}NRR#T5v-tc%E+>dd(fhD&W(rM$Owq+mTaS$QBOU3FkbSW)4g}DPX_AtX
zp8eJI47NI-gJ3+Cp&1RtS|Tu14K7IvAs?(Ds9srdr%F6I8h=yKK&M|-GF~%D_A3f_
zvNF?((!{v58%fQ9CZSBPDiz_9hru)FfJs<RyFlu|rBfg~yHaKiQ;}IAAt631j+yZy
zE<Xn2`%)NSW8IHKZaBUOiVimsXnR{ibn4fVz2g?60tDJC$0sC6ZUhE>9EoWf{Bt7h
z5YxJziCnre48Y<Hsn*_>S$z&T8NC;?J{V!tY{Voix_c{Bv8V)TyE)Mz$fYuY-+ji$
zp4goK)$1IB9lIgt#da-`=q~L1Iox{Y?0UBXwhu~i6EO!Tq5dmDxWxPoBxbjH!mp`Q
z!{J88km0-5b?HvTo*Q=<TvNN>91nk|cD)H)rwgQ^24UIjyh9S>VFSocEe<gL>Pl)$
z_H5D3Grrq>3dXXOA)TY1%?zwV-)uiuVm<F9V>@6!!Rc6+VOsE@0V2{8y-T;{xnE51
zQSB}40U93GTeoh#RD4#?TQbuQT+{hnUfD*Sd#WwdcP}l0LpZX;=$c_c)Pig@Y!Et+
zU}jFJ%f`O)1X`{-*Z{kK)Y=`i<}e1%9Cd<F@=rnaCLDr+Od@y5NZazoWVYJJUdVz0
zdoB-g)wnoFTL?(;z|`^$x|=)r>+9<q(P4D+rMSw==`x{ryAN-4wO`i8{Q9u))!>(o
zzU$agbmOGQq#FW`XO;o)sjq=2+aa(z66>bS3VR+pau2OHk9`Jleu#`19-^9}p(`M~
zNw=?!{@(0+Sk1XG77fd;l8+HvOx8Zzn>;DUFPj$12lA+#&As}CrXmO^!Fo`_9<S~!
z?QtTv+tKdu{y~}B!ct6}W?u(IYA3=!EHV_Lc4O?_*KimSiGW1{?>||5R^6V6<VM5R
z0DG$DD}<DN1VZ#Dms&9Z2(7P8<kq<Eez7<lH3UmINoEDhp$CVO33QH-8q2&@udrTr
z|DBA|YfAX9F~>c^)E+iJU?s)_fCv}(`1l5qB?6+ov^g`!Md9-HaZ*bLxDjxcC;XzH
zuxh{e3R$IS@S-2d8e()w&ngMqL+`#S6b8clUMEueQe%<59UMPXH4e>9M%w_9TZZ|N
zoLl=ZX~;A4q>e{HES%a4dt76mS%oTOIwD?OO|RXOh=}M1P+^Jjxqk{uynWUq!(oSL
zD>62_hZr)8qt{1)aKmZw-Lvw}p>JYN-}(2;dqmw9feI+Hfc;c#9vBq<Da%4+Z^Oi4
zDI^huwCXNey(ZpL6XbgA8E;ES*VbW14><;lSaddwGdei8oZcBResyVLXk$p5CpBpJ
zSe*M|WP1hMPhMQ+xR;2Z#BBas$>2v~A2mz{%8IDJya+OK2EZINU+(y7dA*E*OpJ!r
zHziWq$zYs_^X{aY!J5N0m2rn<V8b(9>$kFn4G6J^fCB7vj68=f1Hesv#<O#b!*t;t
zq#>GOz`D}-T}HV8sLIbnX>fQ<zUCLuj4~x=751*cuItji1ZIs@EVg1EAWA(9ajklO
zLs$u|vYsc`%mABZ9b}X~iwpxPWf<e?s0?#J#7#;}yce`p&EFR@+rn%mPK&WqWC(ZY
zhG*^Aw`6W<8I1G;$;nZ2eg=-;z<9|>x}P0p^1zOM3>Gr^)qAr-Ym33FXi8u)g4D1i
zR6+L6eyEs<nG84kK3DNTXLQ7uB`^q9WWDw2+9>~(!Hi0`m{1?^ihH8mxBKb{sAZUm
zegw|BPpjXZhF}(9*AjmTSsSv#`no%Gpm%?h+#aMUHq(F}!tP`sF8LI@8%b$Pap>w;
z!_++A_3;ia+eJtS55e(--MdGMsN^7ky@f*q7aiAtC@xgjWhm71+zY58ivVVE>m?b2
z_!mkq1vYoeARt7L!N}L~gcna*pce20k|fe=bi8N&5B@~c5Hvf_@tY3xCh<34vgyu~
zy1k3`GNJ7DoxAzHl$DitUyxIK70aRdlt)V93vWE6jJv-E_fgoX#RDDJY`5#`<V7IN
za}h*#Cki#cgAB`ZteVyNGMM*+$aG?Zwt&J{0jZfkpHQSDa6&1=Mpwk)q|EfG-`Qnq
z48*?YB|~(qe*kuviyrshzB{O=N9Xx$n?j>RZ6?Bemp}7>%DO39<OeKmcPS}>jgJkB
z?jH`?mNFwj;YhXtFz<;hjV3h42|U#{FqmBI0W)^R^TOv3{GZb_c)>Kg9V)pkDR87m
z?;;><EsZ9_bZgN|NQ-cb6EXwbY45@DeZI`e_5a`&P_EQnCD$|3G$VkvM3X(!z5Cre
z)7WP#zrKAW3p%RdAu*Lt{DYc8;Vc8oSteqV)0L4#1S-44kNa%9e7uS!-uq-U!P(e4
zMkUIioD5&m!^Ag?2?_VgZ6hG3aHPVJCfq1(xI*H4a*#G?+f24W*r~DSZf5gMz2)}H
zeQVL_nK94XJ(i-I$DX&NJ3p=MmyC4T-*`X^a!$nN2<z1tY++O2c$#yj2Y9ja-EvLc
z#Pjbh)Z8R7bCmqZOA^8{6`JjSGzNmIff(tRNykeQ!IFDp775>gg_ZpPNeNZjh3RJ6
zg9i^<ITgPld-3w+OMX7SHk+{dW0?4xgp;oCU$g-v7WVY{$<Sy0?4!KI7uez@^7x5K
zh}y6BUaRjX#-!DtqUgq{XZMn5Ou=BO&8Kl5kkdriNGhqz*UV>uUe+J1pDBguUXx=R
zxKA3*`@K}^O?|3+cNgrYnkAtrr_pmz(PS6bG5T3}ptoU}<k!z3i8HZps0lj0^b8vK
zO<DMyk1G86>MZKaOc8+9B!ql?-<}u>rWS32{)VQd@tAD{geYPPc(H%`AM9JA!`nd5
zv`j-keCccI)V#=<S@=$;d-wD-Yt$9K{uyNy!$HYNr0CHOUm>6`H3LmFa`h+j6*c8%
zPEER;yXSV~S&wA~$-{f>_CO0PT`~|T*2bRkG<Y8N!tcAqwNwVic$qZHfF4EX$4u`w
zkvo?2YBz_;xJr^Rspu&Pb-OE^n+?ojuIDYZ)UGxpzVTQ~NJwD2M<W#ncKy5#JYBn3
z-*n)<ThU)mU0{KW(jbbwg|4qXO=_lj{Y`)$<_-$jC+7<KT)!%fuKpajf9}qqYqDc9
zr4VPTs(YL$a*mWa`7uEogJzej7N4HGMMk6C#eE|N?#FswJpqi0$C<@>*i`Ox=0bkV
zU0tA&91AxJq@6r`=01|IIOebjIkv<Y#~zC_bFHvDMP&7D+=^V0p6-P{s51;KpOtD%
zRi<Np3e^(+H;lU>K8>D*?4{DEP+fZsqlhQ0;Yhr>Thu();;bxx)sq0uwW%DS%(`E3
z$Ot0SnVw5I+ysRAN0_2T6k2vm{_B0=@3itVp-Kebjdkm*#&Dxya?&3&D9@3}?^$8y
zuD{EU`c>5Q)fX=tFUz985Ba-Ef10{2lnCVj7x&()dn|gb7J<)LEW;t>4u68{Fi7yD
zk7Be0jpTw|O!QY@Q$D1AGa9CLS~%Z8v+d;g2|EC_%Ewh_A*SG19Wq!O@|XLvHk&HF
z0-n+?cX`?`2H9vh2HbOA3N?4#R#;GsM1D^`5w{3gMOhbVmq4YuT~&dzQ?;V3NM$Xb
z^~9Hv5%9-xngEa|Mhtw^5-QbJPIeGeq-Fuex&FSomUuR#5*%yLskf<Jbx%)fPY99D
zd@r488Uw=LMV|qwa6b0yHU+KHY*kMnns=U`^@rtp=@y-}#pZVn3TCDTpb;w)7+SxR
zc=SPBY|(8JX6?oa%$#w?=QQdrs^|GnkI>xZP2qO$Cu3tb8Rqo7d*83C^bI4MvglZ%
zMZnSF12fGxb$~L{a|s}2@dZXuYOk0w2Cu=|i|Rf8mZ>g&<(`1OmB0QJWW~gbK_%(q
zRVVc=XdK+2YTfn+u$#eH)9x@~Af=7}xFzMgEAM^;nevuuo7$nP_br5SUC3by@b@<!
zcze-D|8P9*fS=o?0ftUuUMU{dGiXY>dr{w6_|Z<^dmW(Y#-(YJANNjAI3L(nb;sGK
z($0CX>w!iLv{%4t!aTQ$l=j1~Jz;reA{edWp&K#~w3v&+61wD*4PL(%yvzvJjyvpI
z$avQFrF=OxQ9EfKc6ug}aTPP=-)%VKY+c-cTf4;zHeo2L_*%$udS;!)ra|kQ((^Ge
zX)({!nM#hR7#wS%#~wdSv*)L;WyGsjuLc-v1kA*gh8i4aClum$5`Cc=<t*yDTvaPZ
zJ6!*%)KtC@9GNMNq}9{hYG;~&P__ZG>5u?Ob-O3uq5Z_2uIV|*!WhwVZsi9<wv_gQ
z^WJtKWEJcGY8L0=sL6@8y*f>ceg8I=v`x6SINs0i9T+XEsxZ3xju8WY_9v7S9*_kS
zD)(TRsxt_Gd&}j6vnUhBum`TGoi%?uUW@+CG7=EdQ`Fv!MED!2ZT#I>2Ml`e3u~Xx
zzk1*ykx)X9NiT~?jAayMk$>eVl!Zge0X_L^&AZoM><iXl_q%+Q8=?r!qcZ>r4XNAQ
z!NRsdYA;~+K5Qq__O%DSkVA-CKkeYZg%+C%h*u!YKhffBumZbX!yZAW&m(C{=2y*L
zYctwG9wnUjh`zm;ELU>!iywhnYb1m7XRO8bgHjJ57K}>*{zBKb)h{D*rP(#hKjYTM
z;sR-GBi~_ldWAh%bsf7+#sJF4@#(rk#F~VJj~0L?l-xX_rrQP`Gp%_t4V-;(&pz0^
zpq8;j6QWENFv9jliS&0cab#zc>WEKL$LZ&SRX6RgR4#<n5`PRNqT9z2fl~BZe&!Xm
zny348FKvuFs8@q$H+PZq8P$`EsUN8;Qe~VAJ5$`wF3zPoFWwd^y;Sx1*XpNVrw)z;
zFWpVCe*MO3g)%-@Afqk9mWn33Vr7WC#!2L}_x3iBgOh76C$A5HC$|cFwT2>gxBv;2
zSCu8l{@tJ9ZWeBuvctdS9O}qSdL+a+=I@$;1~}#kg|xf4#;wLLr!SIQSFdIUEZmU3
zFk7+qwW2LRs4x7Z7~RX(p+^_FGJ(L{0-7(BA)@}}EQ`LUfA&ogM^^FSjN<M|0;T>2
zi?|*~rt>1$)V^>U)IBCQ)EymbmB+kQcN8pD4jk`;NuFsXTUWJvLCesw`k?P;wGda4
zm3n=z=km9(4wHLs-3gf1^o*>?Ioe<1vyb<fX!sqoqD;Tvdj>T*L;bQX)$qMMvZ}r9
z)I#q=@hR+{#Of;PfaUvvfyo}wsdqP&YX(`6RxuH~Ry_~IhRGF685MPbVjmrWu-N!<
zb6Qn;`?vOa6mh|^7Ic5Z<HwJm7NkgfW3Ce+D_9+%IO@NLr|KaRiHnJT2Do_AZLi8n
zxdC8+z2f@RS^hO7zWVpQtWpx}Hg20n_6=KrcclO2iaG+MrIBsbUf|;r(M`fecULnZ
z$QuI;f6mtJ!-q&4sAa7Q(gP_m)tQHjw<$#f7V6W6X+KDZ3$mNXx_y666-Y^A)#}uD
zco&_Gi(jtP*!6&ISW7ZuGfg)S|G<A&NF1EOhWyAez3{q*GUx7;>6)t#zh8gj$>N9#
z>SY14Yl620S%f>D)(wL*3?br6xOb7E&3_G25!iU*rL*QU(4S$i`50aOh^BIM#5>t8
zc~Y6MjFUp@))QCbzQg-mU?t`={<Pyvvsq4MR&CZ`k7k~>oS&tge4JT??6;4B3wUV5
z;PD;co%Wmhq(?gGoi_R3z~7WSjl7zxr13JpSg*9kwy;xkfP3{r#p*@Z8nM3C*`L$-
z#|T5;P?&RUU!A`16@9o?=SnUE1g}3XzmO3YxKXGw#Q*MU-tzpwV*-SVT?h2`BJB-p
zVv5lmaEf=Z*U!Z(6J8~l0_I~;x4P=bcNijx4x8n_;Vzq24{#1XyW-~;@N-Bw){$RZ
zWU6|4wZ39S0esoRJcD=^T{@Z|lfvQ)A0g7Oi96HQWvi?B=2m}-_*~kfy6PIWCk#M>
zH4B%{yex@1>5`b+HXK~N1_kpJ;DHuD1*Ga0fLU$mlFML2Xdd5Wt5ZnvCj>QgWM)$_
zwU_|n<l^>zMfC@;xuKjbMHnMz^!IQ6%aQ}XN|mSw8#3&w9Vv?&IE<w2(0fd(Ybbl%
zzh3+lsbK-TR_F4jOi&hI^t-yaNPPyEYdk{U7|CGl;fR_@DFif!uekltn*h_`_j9*W
zJPK>DI<Cb=x;FR?0x4PGM3z@LRpVyhvpuR1R0$meYc<--4NfiH%Nbl8iThOWiMYl#
z=j9I0fb4GRUsHR21(h##W-I?x^`D`N`}unBvVWDjN<6zQP%$fNuIA@TolZM7-<4qT
zrU8lrqHq9?Y}}&PVfW#=u2Xp=l;Vvay1Fj(T=wInuHSd)dWVWOHH)X<5a%9qq=2*T
zEL$dlWi0lTFop#azl?wegY7I#nE1<t(|&I1kFIE{mVJC&Ev4eaO#|!A`#PabA>_+t
zfmlP8(s0X#3rP4;PB=XqUtFu^Qd&OZ9kHb&PkmTvtRei0shm2r>B+eEzG~mkrYi_1
zecrNQf~zTtQ%l<<bYkFmHRT)hkL>-+Hv9n|>*)P)q^Cty#A;sfu!<Izc&9WI+BQ@3
zLBq5A-d~`FrTl=wzQa9`Bx^@}5}1mI7Sn<|r1@p<a^iad{KRC4*Wz#PmWM_4pZ(cS
zBUzL&s9Hqv#6sUt!M@1*M$*Fkw$q+#zhK)^REyRispH4%?;Q}V;e3iPNrfPvHyVsd
zO$uVG20lnjGu=Bn^bLTW!UM+RMP0+NMIgGs(tPkB)I{$+{p5Z~Vs-3X{!U_Z@E8Ul
z7Ry$KC=_vr;%87-1qds;ABG6_m?v0-I%Ly^j_qaQkp$VLt?CZgn&m0qSG)bu^e+UO
z0@Lr}bmcHKHAMrG3Y6n8<{~*lD5_%d&4_WiD_HQ`-E1<m`PY23N3e24($dmxK>sSX
zHb=|_D{kL$`bkmnuoD{CHwrxb4r>yY6M?jzKeKGUhjYOVWIGv5t`J$JkQF!q8^P~;
zynep2fc-l*&p+vbT{vUMH{5doAftAJ{T+J8@beCAH|FCO8_Za*FzgQK<R3Ty=~Nrn
z_NYGoOCOF879ebH;YPjfZm{{w-}e2}iqx)BSor*me<Zb(*2QP+Kw(F205L^)uD9K=
z|JZ~qE&@qS2E!xp{!Qv1qsVo|P7TB`bgjhwT8x{8f?S|hS1D}OsD2fxqGvD1$$kae
ze}$0U*%ld@MLKQ6p}$J(Oozg1w~;8a*?~_>0pn`#9tCEUqil%NHsX;EYMa;8O~ynj
zW#LP0JSGkY7BZw|?cwaK(taTxD?`x*@z5n6KKyrX-_EOa;~;oVd_lTa+*V~VpI5Pa
z!cb-I2PExdr;;w(JU>dlYnOk;e47Hd2|-h8d2d(WOzeX3ejcOcpCWe9RB|pgJi^wi
z$08*O;r(}C$oBYVH3rPWKYoq?F0w8e3|7$jkxxlL*tw6Q>FIFEf&F--Q4Ly*PR?h+
z{rL~kn*g<M<uC$8ZV7lnoyr6o_tWVWxlm%-jmY(cg=v&^8+1(d&LAj*&TD(Ps{t`W
z@jt-)a=(@?@9K}Ris<Q5s1!t;kS$J}`V4JLkHkUbQ-Fy(C&}m|P^yoS8T_pBNe>MW
z%K~4mEsI{#2bnqcO{gjWmJrkZf+m=_Sn=t*=M+T(p`q<CvMi43Mv4m2BJ9hF&iMqz
zlE!`gbrD73uMl8+nf`}k9a~Bw$h_UkOzJ+mnpW^hdZ0FadSWbiIL5yp>VcR4lx@JB
zQT!?FWs^oQ2~1?)dZ9`;1_cX`_V{5PtIW__=mh{a^SgV8%4WPzi~F~>wsPIC?I)oK
z53Celo_L68&y_GhYr=Z42%x>YY^+FS`Ue7f^Un7p843$8B%6w?gnERSq@xTop!)UI
zF0E2DNyJvl?~tJLL?YC`+>*hDdFD1c!XxaPY;_TX99q77wOV1<@I8*K@SL}B7mtu5
zoPK}VU4`5weUZx|n1zMK!p_dF$`nGJF~|xW^0J03oSe!xbuj2oM6RsS-4jY_PTc{}
zb+8@`wum6<nC|h2tr?gl5`N7N|9Dd)fkxub?%(a>6p-x=ZgjH3`6*$|pGk}_Rl**G
z6AyjIgP<sW)q;Im-x&$)pc&@t7{Iq^aA~TsuH$KJ>7>uvp8Obsqg~w>>IU$#&7Z<Z
zosFvqN?>+p-qZsTri7c9zG;L>q~mpnkCOo5+vH|jmoE;F0i<N`T9sHEkZ7xc)DOvr
zH@z(9U4froiMGf8UIY>r_c*jG(TFJzI7`gu-cQQ*oXg1M>At-Udyf>LoWrGEez^DL
zQNx~$rmZln+0Mnkwdk0b;<yac9!uC4^-z1;IATxoG0pgdk^^ja2(^#rnmZibebo8R
z(epPd!4*d$!v%e?(CJ$UoI&YcSN&2ykfKvi>f~MpwsW)gwFFDE-dA*!0hvWmJYvmA
zbb%6RGBSHJW&?j=swsuGMY30-&|bxQ#SJDiQjkcAO5aaD9KtILQFxlD`4?aAaU{pB
zPM9IaxT$;%;lw5jALb0CtqDZZ{3(pkd1nEe{Kf$4%Bg7c55IW1<6z<*&#9Z*#|0--
zrVZcJB~KRua1caV6f^gB2X4cXA}402vg<BhVgkYJin-1o-BP6Ejj=*Po%2md;OMzF
z6PE(wF7^$aP3AY<)=VEXM+whuDMJ!MBO@bi+39tY_J~rr7q;cJLGmgLX+BFv%mAeE
zE9%7!Y@QFPs{5@(RV+r$mM@gq=Jv5TEJE>4bh(Gl>M8G7YeJQ=4|UWn{)Adt^>kg!
zw4}UM(5TL*PmB*a`EeG7^H=@^^KZ%wKzk-iNivc$&wbMEQ`FpIi{zdpL>m19xX%PZ
z@>37gy|4|DoTnAUs>+>Q#h-7?V)wW+eHaW;Q<j5@X#dY)5cVsg(B9G`z6a8D3nUsc
z5QuzyN{2)<lcf7zMNrB!9yn0TiWU{^d6zis|3=I$ic@~COt84lF0Q_C0ldgz(};Y~
zG0cBXh^}jG_$e&0g*d=o?QIsF8d@=B+nqkkRz=WbI*(#^lbp~gI8L@CMN|WgYHZM%
zuZ9+FgI#-ZkH9xidnD8i3VyiqP-ADHBeaYsHhX-xw}8@jT){7JB%EaY$nJ5fA`w_f
z-Olx5BDl;Ez5vLf9#0IwW+XJ(LvV6=)S>(=@ry92U{u8l2;394WqI;5d|zn`D-S83
z%d}N;`wm6UB~<?C0yOO^LmQABT;Ug=dyn9eEJ|SeRf>myHT^o20uqXI&d*ybzTF)4
z-iFl%I~}cIvlG&&>*D614<Ko#I&f>UwhikE?r)+-Lm<U-pD$^I!E(=g`G_9q6b^r+
zZ5lCMj^qIg-m*q1j*8vzgA%4Ql7T;l67f3-{d@{zER2h?uAo~r27MMOF>Ua(Fps_~
z4J!S7RdJK<BVxy5>JbS+lw9fO5@ck<1fefsqA;~~aRCxloICkhLTEL36Vg9ISk3$R
z6S1K*#S93it0+|Cj=6sWgB;DL*i(1;?D@jn8zaz96{A7b3GPY>aaX!R39PvHRAdLT
ziNP&}EASiG2x4Nhrn8OWC{qKb3N43ZnZRvdc8g5}A+BSV#%r2}sszcQx9vE1rKR92
zlt{s)vaK0d7k1{|dr27xCR3=-*~k@Q%VQJIAi<DKtR=l%r&S)@B>MGf@+#uf*a+hh
zg=t4z50cHEg`AC9=;?zTO42*Q!)V|0xW{=W5CM6~NAB{Bf__J70&2g~D+615eeQ+3
zR9tOHy{3JIcZ3l(f{cM>T2}0CKPIvG)&cN^VwVJaTv7Xo|4t(rLX<ouMbn8}D#!5g
z^f<hprWvQd&z5`?0bv=Ws=F03OrBn+HrK@FM#!KTgaA|*fZUm3k)0qs%U(&Lnvubi
z&<UXoi-M#+yr#Up@}gq-#nU)w9})5xm1MMh(LDMYk{IW}3cS1Q!3jzg1CV+Q>R^rR
z&eARRP$krkpG{y~HK%6hEP{l@o-r7-QU(v)UH@L!UP<TDt^IlTVeMVG1L)VeF7cDx
zU_p>7Kq3EqaPM5Fpsi~R)@sQ9TCVsN_3naE0D^??Prm3jjWVf$bo2ikit(;gMERi2
zo|rNc=5teovfmf};(KE10KsdC<$MVRM4a0Z*MuxlG<*4`zrTN?FakQsb5Ddj1D-me
zNuJ-i_6{*-mcti6Exnu8L)I_PLOX<bMxIE!V-?A<L{Kc}<QLCM4N&YX9o-km`9+1n
z7Pi3};}DIdD_1D1{q4*fc-Od#TxN!oki=CCEEF6ASfh;itR4V^7a1OslTf6_Vw!!>
zGBPq5DQ0K!xBlOL=T9c!6cgO~c0XfZ6e%I}pt&Q388K6&Dw%{}6z%J8e-?K-BA!!n
zw}^3D?&{z%2|1*URRUcT7r*gIg}x;=-MxEvQR%rC2iKtIv+hjz!$QR9tuDs>a-j}d
z1()#<DV8YGnj(!H;qy?MnMKlD$YzSN=>Xd+PQFM8Tn~_2Pk-ATJopUZWQx`<N?qGp
zoWgW|4_E`&r}^4@!?Q3xBndhr2zuHV$~<6zlKeEAEM(Hjf<(jxFg1{jAWbq3u+({+
z^k3c{i&NYq{?qW?CnW5n=F|y6%w7SMzf3%;e?cl+y60LwXFH_8<{vGca7!T8MKZNx
zpsZFIU%?uk$_SyArXzsvFgQvHD+^ZqT_{5D``tfXz^3y;gZ@U}jr0HscEYC8(P?mJ
zmyD-doD)d5ME0#Vv)?WMW^Efazvc+31tjO)sn3{zxA=+|A-mgS3_toqsDgjCkYKyy
zcI4kaBwHC4s*wA%*yPl<0N7v_)KTywPgS_sM2=(+q&C}O*1H`n+Rcz{SaIr92jP6@
zOG4n7Yw8Ux@t^hsbf!MPg9;Z4{OK9S!PID{bP8$_qIxKuAx>2D5r7Gk>4FYbg(QJ@
z7g&&(*#c~@P0GdPy-Y1P3Ab<G-kr+w>%vNLOj^Tw2{+|tmzHq8-sxprvgA4v!VRQH
zp||)9Jv1<J_v!qejaR^w!5e%n>@!u^c=p-n0N3KUbH<Pw@)isz)Q?>%nRZj|kKe?@
zP=p0=LXSTp@x9<<6W;Le$AgzYJZD25hJok6p+kyb8uQ&9?%;2F_7P_2RRq_#>sKE>
zosG|me}Uwj=A0b1_|da@@N(SQvAMXT%Lh#p`S2xB2KT0;@$mDVSFbB=<;}s7io;P(
z%n%8l!aa^UXrijfb!q&^A@x6}Rr;;fuE7zV06nVDFq_yoy2>k%M{X)A9>8CP=yCY@
zX<fZ7WywHSn&BRn-LXpdH}3Jc27n`V<rw_Om2mKQt*!9e_LcGr3x`8ar$p?44BiO+
zDfY$2BG;NW#CHMr?timlY#{2%$>m$MV%&%o%Y4?ocSG*Jkr0~|jhNZuZWfaSV#-l?
zXvfy-$=m*a|9I-+(X{Oc>FKR)AI;-oV#iq!09G>VNStc^K@llNy%BXde_d`vo@X;L
zp5LHxBp6voi-^pZ0mmMMnKIW=)YoIi@U;7h=<clKRg!ht!Il6FduNi=_;3qW1o?s?
zkoHHm=>X^uk%{*r`eBs<fy9YDY|-5nR@SB)4~-!QL9oiHO~$A7{$Qpcz#%qsB-VU}
z`*j1-vxN=NG66kf<+}P0p@$TCym3|#)@S>L3~=K1r$-Js2LC=bDRx7+VF@?r!Y=_q
zN!+tbgIN;LxuUk!nD;H%P(wRA9w?EA^uG9xSDDqLpzj7>Ed+7T-U#|^<w+PW{-=w>
zok<S`So-bFS-4;ShMe59K~_cFb>_qEN@Qm}$J+z^*KYjtza2q*KD<@TT&LK^x3?I;
zA6E-wO>r98p$oz_e9U`ntJaAe6kc#@LVn|EI+Wqp9TjY<a1Sd1(l9?W9(iz!?<&dx
zXQgcbjeYAkx_Y#Qs=wjEg9jj|T?Rk!5Bc9B{YNVoi3qXrV<nsrAD4os+$RlvNgHyL
z&J1!8aGi&Ai*hsj1kRj0E0P!Ym>&@%`lxgOXY^2_2q+~`*Tet$PglZ<2%5He`;m>u
z`R_=`5{ZP2=>2c}?J_qG9se5muPH+uj9-Rn1MU)@q1X>L0W-*@doQI9($dP^ym|8@
z-!)y_%VL`0<L4VxX^(I5j@S{cd480a38yAi@bvrj4@u%ZyrLFhxsuC8TlPU9a_!GI
zUY(f2Trb}F+rBsKkUnplnzH*!&)<Em3HW3#Ts)N+qTX~xs|D)r$QxtmL65!`j}PM%
z;lEGezvUl$4HT#TY6scIYo6bOU0GXoFACjd_J}vt^+bv`?zXOj6?nQ#Yl!=rKc0E`
za|}b1!=7Ia<lk@>wnGNQOWevj8TX+7&$dooFq*apAS7)`ip}iMb2C-k2k(S867x=1
z*rM3}m*c>&!Nn!<jN=3B^N1>2KE0{(r<26VNjwc)fZNqhe_R%M^bu&qvqAbW+>x~q
zz~}9b9}oWH5pJlV00a<E-=2wL#a+-njFGUtvGEadh|W3});&~_>(7BE1WU_EN=jNd
zI~V(N&7H<6!Kf8{UAeygL%baR;WaQa@c3eN8TL3aZbq@wH#uB-Z)O%XhWk}|#32ah
zZvVq4;omRbmZ<mDr)LUQmpAXn6>9uRCleAOGl=_FJcYo=iN>EfUg~j%2(Q7vW!DsP
zLLzD+%Q)+PeIEocYQ^z^DTyLD<MWNU*wa#`x%~I<{QXn@@;9l^;FikXf11Gg_c3s+
z%FXrfaKDa~N4g$dU3P7)>w$nUlp1br_Q!!kxLf0eTe!#R+mAo99=O#j|1Xcne;dgW
zq`W`<FmuEoNcIaqD#%;(SKVUc`o3f5&i2|`Sz5jEn|PUf4>IjhR?3Qx1^(y3ZX5|V
z5c1rPAzCB28;c{EJu8fEsFw|x@9v4%jgxdkUhK*j8*}sH<a_o|;jqSEj`V+h2PYh5
zk)jC>PIzO|9fZ;E%nS{gF0%G3nsMMi{4G4Pf?ysI?$3BZ`JbY}4^ru1ia%c+8rWKV
z>E73r(*LiuE02dd|No^CIjSuT+FT`))-eb<Mujax8E38>Gm?@O<tU~?%aC>>gIuj6
z%_NPGh?SvZ3=$$z&S{Y^Lqzg>kNJGq-LKZP-=DvxN1xB<{eC}R_wjze<FDdVP#PK<
zEz|3>-yGJYDDIzy9`Xks1nIFtGKb|rgf=S^AZAkzX~fy>76LesBgqDaxJXVRrA;Ga
zExdfxMiBKAlgr_MFUN&a9`R{1?#gOv*CHY#ufmJqH3b&<{WuKd_|-6d!bGEM5+8?{
zVC^b(Jt+boPC;ZeXSp5YV`4fm#+l%QT3et=CMvxignI#&Rh=%`TptXQZ>7w#U&d?m
zjhn)1sl_*j2A9wp?tvlhFH##;3ST9s=lWCYk}P4H-cX8GNzr1%a-=Kpmz@x=KbPDs
z3Q7rj8|aEA7=37Y`ux4EW*&~OCMfZox_x1l`&I&`LqLF}`vWm;A$vm>Ykh7R&<gW~
z?*)?l;|~i~KligAV(^e&5@uyD-e!t!fC1meb))2N@>9(r4kJAfHgAuML>YsYgtu>9
ze9WqH+4_mqf^1P1SwR}i(E`OHH;)+o{4bc6x6j0{pNDzQY9pgM+_AaeQ)fBugNgCC
z`X@slZ`ScxDWxrR;Ab&tMY>WAKl4A7NGy`((2EO0?+1b`Yw$+|oAkNiXt@vXMt;=v
zV=InU*F&bTDOBEw|HK@~0SQu%hk4q18x3au5$#1)kp2dYG2s+Sft;&sIUt&`v9V@8
z1N)0a{*pg`zos`-D7yR-DhG!<zAT$V$ovR)li0z-C8kzZR-%h8p6Va(@P?Bqxz_-v
zWF<Uyfze+E^9DaKW8Gr+)sUNZ+738J&-vf}2YL^$iWrM7WtjBQRQD~|a##_31r>Y{
zFj_6g%j*)@P<xuY0E1xHH|iNrN+CLT0FMDHy=tL*#>E%kZRkiu29RK$T4v7ZbUhZ#
zcE?dr=+};95Km!E?~}$oXS{>p*<nmvzI^_4>`hr<Te{B6O#9<*YRi2Xf|(%<>d%n0
z2YbA#fyIy!#Y&D*(+x0m!d?8L&u~a;?xJm(LdyFgc<iqrv!E{*t3&g2LOXItwbkC^
zv!t_<k30A=e>M-Zipt<mPxl?|ywfp1PTi*gmh*|bjf32$IYg9Uf`TL+BVImdhDJeF
zvK=X(u;<Df2h@F^JRT02@Z}-EA+fhl(%E2EnsS5BDn<w*1hJ*GkI?j{?b3n11X+yC
zpzH;lV8;C_NZG)!X>H#5dcoDt4beo2c(P1#4zJk0SD*n7qR^B+zMI?ee}sIj!;Kbt
z`gEaC#Jujx8XvDU(^h$+TAQN;VS(PoEe<ZXaD3_SXBG>K*jJ|yiyTD>EMulW7D}Fs
zXIEB*^IJOX?jw_CrovId%n)TSh%7wZ;z|rxJ}|<BRHQVAL46o{6X5?7Z`<M_RTj^x
z)C|<8rS;b(U*Ab@Xs{5Mkhs&lho}hadsTc*9uWkV$K2f!;KE`K<sh*LG<Ov~9fDAQ
ziAk4xOyuHG*FADD84_)U22nb}1?!-6jKgn&j`~urz@xI0!{#=0&~40;6m%y-e56lu
z^X8r5F7v_Uc3oj@F<@BdNF;oMuF))<Ji%H@g}yM7s3Fvcqi}xQ;Py?<*7Elp&j2Fo
z9ZglzyYcENtnXbYSn*R0f^&G|Vd(Scgj$V8c?vuwTpL&M<1TZ!yxd$6ZW7)-kR)eD
zyW2v`lSM>P<#zxnaq3-zv+n+^!V8iAIoBtug9KfXdEw4;OTV+6(uHvWD0yVVX2@PK
zwD2I;mMvd&tyq;AyZKg%UD=apgJ3@6`Wt?*UcV+E=S%}P`Phf(0jV6TH_^Fv2j<u1
zmX^Mai<*uPe&KbGkqxOr(<A8v;5M4auD9w{n|^C*S=b%{>TF<3hE5z&-}kX(RcV?0
zT65T{!?L@y{NN>!@~Z_qC|y0#$EG0MY7t{IpO~wz1uBIaE8uF-(H8?US_}O4)<XYJ
z<rYsf6>0tPkP7Mt#zJLeS(a#sMLS`h>dp+yw?n}&1BXu)z|qt6^+ETKPl%(DvGGh`
z3=K9>4H&74xM*}gNO*i)!T-)w4oXt|^NLvWxF!v}rq1iu5!rfdv_Uh(ll<#r58{b_
zL$-Z1QE%V3snv~Fa<a7`9=8O|Ty+E<o9g2p2?oWSa)gwHGu~A;SM}oR31M|OWKKhj
z1yA=Fh>ZFcs^$~5#pxJbN}8FWpEP^k**oIq8h0pQYp5xC#3tcF-DQD;)@v$jQHHCa
zrLXjdria$&6_RxSj=B9|`xGexWmP{EY5C%NXu;NqC@WOYI;T&DH}Z&N2I%+Va2)&Z
z<Reg>`CU<oprM_`G<fYby_2K0{)ZiQO<;gw@N#i+sR{}dH@;!!?8kNmCWJk$)lq5=
z{2(Kt4B@aW|DE0=Re^KXq--pmhEjY%R#HkOLU@|zXkZ&PLEBynwc0UcgK@}*3;8zY
z#yyaluosqhs-{wpNW4^>*}jP!TN|*PB*9Z@sNkYrIKam{KBAorZW&>{rmTzaKKHo*
zXC8radmGb?;#SK!Bl9YW4Hjc3{&TxrXr58eK)L#+n;d4mSKt-+h4>ZX9R>5AF*P(G
zVpU?e0yR<h2)^Y)<RKor(`7$l1?(qG<+R!Jut4Hjes8N@U_7lxA<5rY*_=}*Ox%p`
zo}K2~UKjh|CgcD$i#!?WxpJuH@eY|>VporI{}Y^Sir6Y^T?);k2?>p8h_B%<DLMN*
zt?1n`cPj@KHx6TX^a#Juh~wZsM*3tp4T3f|8U5uyQ6(BtBCRGjN^(M5s)ztgx5GCQ
zEjrDFm=JP#TjF?BA|oR$b<U9rqOkr(URyaPojDiP^#JG!pH)+bC5acPLtFRlda*4(
zEB27WQEpsd%pP^*`6j(xu<^uLNL7F(YPXQ0u-uU+e&l#O9@cn=9HgQIKz}+U2YhO8
zo=Z+npUEp_$y+osL?t6Jm%l<gwHr#ePMb*O$B9v%N$ND(8d55--cWU8dD*j&1)-w?
zIidifV5gA0h*Ok+n}ghhp(e_L8U2VC?6zn`s67lU)zV;75GYiYMB;U=dgsBH+zz{Y
z?t`tVoULy>2gERyQ`KX8R?TWzQeeWXAz5NvL>rk<dVRur2d@93lGAu!{u<AO^1^Az
z3Dn+cQFdyRgalnev+=A7a^*o-TQ9GbPurs>XlDF_X>2%hOVI^h*p42_v@`b@hi$5e
z)aXZv?wIRQEw>O}&B)Fv2=+HZPb4+3@}S&AsL>Bfia<;A(x&Xc7GLSjD-_LNJ&LJM
z5%jNxUdr1V*VQ9AIcAJixpPIEXg72~6IIC!!)`Sn0F9{<4HyH;ft;H#8Gc=(#(%Vi
zdc>h;>Sh9yV;x#59oO|*q&C3k{4VQC6)2~85~xw8v6HVx9=1m3p$MIDabW+;5=JsO
z-Y^VXOxLM}q$FFmK{3%Tq}x_5jif@xw<j*oJ#6f~WaE&Bp2?Aeu;hd;_xVxLWbP!Z
zIzk-Q9l5)?R2&2hqT;KPu3E&nT!iC;+$i*Dd)8U<;gIqsq>ojB@>&j=Xnk%rTEg^l
z<E>P?I(1bA_FL%=_|K_dT$^c{dvYW(jm;oFysMI~1$Ms*HRopbiH=sl<1(_*PTe{c
zMo%SWq!ZiftbDyW9oJLHLbpi^%5c9tm~PihYm=8~n>dA4JU!a26sl^BP}?%JerMG>
zt|b4N1Z8&N(_%B;RheQdW~ofkKJL!3;`vV~R~}A#6U2+9yuDi0z^A8N-A@83QIS$R
zG^Ophzt(mdR7A^-K=1gS)^;}2NL`KN(i9@d07!<Dt*jel2-}6_MI54(u^n@g`NGkv
z_k#(yKIVh-e^=X;t)T5)8-olF^r$n-WI*A7RGjm*zWB0eB#v5{?UL;m&MC*_$y<<8
z-#Zm6+=)|x9HC*pUf?&JpJR2urD-O&>c;coR%2Dj;%UaN>h=<Gm#;84++3uh{E>9g
zN3?w7vBB7<3da(3S1$w&%Ze#J03mc>F-MPX<{k^4VUms_)NdL}_!j*X8PAVfjYg<N
zAElMqV|xa{ZBzQx7<Ru0=$CPm_q*psRJq-z;P>Xp1tX}%XL;RVwZT)sla95`IIy;6
z58Hf=Uq=_9-5t7m?W)@z)mQxTjuvt&8hL>#g>~~k2yU{P?pNM4&z#Dyxh%s~-4v<d
zx`)K!W?vmnSvK(&ni4#+r7|53se<gJ^4x3u%`T}R6>a0reLp!}|Iyzp>oKvQ@>i=y
zLcY2lb+2va^$J-6yTRtPu}hu{w#Wa8x4z-c-7>LIWqJAK&Tefu+cgVfQxW$Dm?Y)$
zaXhFkCZcoQ_Hy>S6fW85r4W@)xe3?lTy7IhdQyyhIYjjlbYuHllr8IlNA}6kHl#ze
z471ZOprz^%{GsKnO*)e+W@X*UOGs^f6JtmLPlHlsTByz`nR>+O+v_bs2;EcdDN?N%
zq0Fs5GyA&s^ZdsvY24k~($C_NtB8$9MrBCx4gEA@7mj@*sRmtq*)xnD*UGvN<nS#}
zgx`epRIC&d!+Un}VQUJ46;g=57K3Z!POQ=~j;&`N&hi8I)#|md7YF(t<ekF$C^3U!
zB@&nAJbGINEW<TsoSzDCoG$C)?tU}P>nV~PhONji{WMQ{{Fn8)uF5F)VAT|2+6K#T
zHMeA5CsXT#sJWoelJ8%256t>LBeIJgxjASjX%tr9>g~Pw14$D?Y8>Y)88-Nm{2!_W
zsT!c8FTY70%Bz429P`9!0_~}5aU%6GSme)v{xqEsvDX6z1Xsg4SN*)>AAdiSvYo|K
z=o5%21KLzcTm5ABUQuw>Ox%g4630geo%T~S!nSeDeD^ncmQCt?$hg9n1X?NQxh36;
zi|T^)^}f0?w`z9o+(tUh_XznK(WaR&J0=%uD*TEt?3xA+FO1E1llVev-)~bpYFZS~
zS#){5MSfwPc*3yF^}vMTmiJ$R`esiT)!2Quvy7Paj(JEZFl#aXQl4CqZw8p@OIhp*
zX4+)kqe*7kpjC;~;BPk`aZ0x^^v$raY(J<50lbvvi^O-WXWr4e_h02vah1;IbMMQD
zf0ZrT?mdBcJ~?uFDoY{bULN6Q^F+aB)+!5?8tC;U?}w7-2=A-wle+hcAXH!L%Z)GZ
zAwl9?zOzBJfzY;(yY79*Wb11#BPf{1Sh;{RhrN<`NC&924s!luVvL;e?W1*hshAq|
z2WYF%mGTd#9p&or04LpnQX0j(*le=(XDO$gnhtN$Fy`rS)`K(83N2^(+yV|*S1c#J
z3t^KIR~=W<p%u~>*1=SCDdG;wu*Ww3X8n%#)GWePd7Iu35#D27NtQQ$G~s(&r&hS-
zZqu7$pPW5sZ~U<<ZTJ^@&PR-W*TW{J_qnY_ihI+KjL4zR%^mlkd(_<`owpbBtMG23
z&+OeX;!9516*Eh-79Korx0ea&3=Z_o12iQJ+i@Lfr3P;#sq|hmZm*1T0FB>+Ly1{E
zg_~5paC6pGYGma?RD|_(u^=GUGZDsVTi?7<`uHml^m^~++<dL%>O@`+E|~=VV${_e
zRvw)EJ|OfQ0Wv5L(G-xKySPt%M8P>4RNZEXc0Hf`6?)rloo8k#?C5R(@ZwBR>TqoR
zm!^%3mUWrdd0WkVw#^m$+xaQnP9xGEpXZb~tN>ksw|e&RcLdL}D`!Dfh2Ll)V!6j1
zQ~;<1GRH%xJ>a;q<;}%kpGi07?g#nJaJ6VMQo&|IzWC_8CdJ$HjR(o2oYmgZ>{B0Y
z<2XaR`0;JXSK#O-k=vQue|t}W5+m*3F|J!+Pl6&Vz0HNwX0<=9s3C_79QJGa-3xE;
zJxS+E-)0-m6GMAzgHHx61)Ti5SB`L!V<oWQLV+xc+U-m+=7twTk<IGtbbW&up4YwR
zqC~fI0Vsas($)$J`uA5-Ufn*`ujsm4=)WS7g^zvh2g3@_Ytw5G-Tl4HZ(=*EL_XD)
zYcC``u-n$RuHhF^^b~(W7`(_j*ws*qlDj2Ei{eLhTEvu7>ZT`f{Ti<3Cm^hTJkUOI
zT#{RSM|Hg5#@}<=PTokh6l1;*S4mK*e>%+wP<}+}F+S^)O(v<(#;5!{eDajBXM6Fq
zsS4*-V^EF2J%ZaUzF`)44ekV?7laSYbnF-3<jBGqMc!+|KkeAP&$gxHr>c81$>CYP
zAW?f@L!z0*-S`tn*2EXRFyG&_qdZyXlGx_jTFdfKBjI6BkUh@2ax-c(I9STpiU4oO
z<5<Nac*o<=5-pd}Z!j4#u9~v>xx!6DSkJ7^I43db>VVqy5gy}>dvj7UHslsodROH5
zGiUVs+v|F4z`+#0r%be+x6MprG8$wji0gJbKdedfFyTAeKZ6WSXqAn#a{yXV#QdjZ
z*xBQhGAw>2uj#c?cN=_vDZpOvS0Q7S8()rWDksl>0UgR$xG|d?yq?k~CJnAl?UKW?
zS^QhR54NYo@yPegx%%I6611jo-PiuX)znIw-1+ErTg4`kVM1~9xf$)lmy%bk;C9--
z&j91^M5cEI46hmgBlxu`wv*p)=gq27Q}3i<OT+x`8ONUbq^YFI$4_lQCXX~C05?~B
z14FFjLT&KeMUv4}-4d{y1sVDvB1#`OOH=e|1ZRhFz5!uL7%WzS#EQ7$z3rS9td|tg
zK2Tasz}=GL)ZbsqZl$jV<s)@lcS|V9TXMR~GVn9dTB2Bg*!-IS{@cUf+Go79KKpB*
z@Y2uxNj)#QGQ2pe2i4{3!K+Kc{<nF5?HPG<VBvI3bpMUKEexT~Y6tpVCRyg+t%UuS
zMJgx}1ttW+8MWoszvNh6pi$QDqM?T2|HN%NfbYi?C-%W!+>-b&IsPJJzC;6HS4VqC
zEui!-exL&Z-}l-5@h^1rB7C`c0IZ-$o6xr#@I|h{f8&m(MIaU@BK7~JP(FulZuhI7
Uoi31B0si(In(e!@$K}HR0iJp>9smFU

literal 0
HcmV?d00001

diff --git a/docs/arc42/revocation-service/images/verify_revocable_vc.png b/docs/arc42/revocation-service/images/verify_revocable_vc.png
new file mode 100644
index 0000000000000000000000000000000000000000..e5b58d88bca9d4628af334b6678843476d58995b
GIT binary patch
literal 36718
zcmb?@c_5T~`~FnopmI)9ktn-tktKVZJ^Pl#RMuoEOZK5fTI_4Gj6%p(gY1Too$Q7z
zS;N>F%NTz5(0RY_`+eW<``52O&Z$|Rd7jU6fA0Ibuj{&>ms%Q1hiRB-5D3I!73FI>
z2n0ns0<r)7AN%2zF!7Ur!vD@WE8K84b9mrxYhme(P_nSMaJ=JeVSeVW`x$Fz=Lb$w
zLP8I0@7O!L*x3r2IoLgFX<&szFy7O<;r#dOh<$Jzw>WQI6NipVe|lk&pO+5U__d2_
z>oTZa@}oaTWvnOu5KZS99`|4_lXyPx&z<-(S`}s%H_TXkOnm%+r)bpunMVSn`T9%-
zlwuF)%QKV0(iCb_{CFnA96mkHyL``Ypo-SPI4@Lba;lNDu)?(K2My=rXCB&S6%3s0
zHm|kb9iNfaqux69h}Hv9@I$If{ASUS_w<5yD{;S`&NEyUorpi#!}OGK@a@A^<2H(y
z!KNaTk;il5zY`@3)(36;9lTa;g|=Rwbf|YOe%{E|E1;TIaAOB?CxHC`mFIUFGj>IT
z(xmq?Ow-(>%RCcbhjPw@h-29eB9yx6Zz{)iQ#=vjvEn$CZo9zHofjnPd^lkA*TI{q
z<A0iR9<p!>z{^PLrC!%CeOf(~`QT!pA>-W_jdY3Slz$!a(|?z#f7R;Gi#8<rmmCxl
z3+#uKE%uQVKW!8Yyz57li>g{KtM&e5p-j}V<&gaT>w<4c<>Sl8d_+<!u23z+G@O?&
zO`%CWjt_maeely{RFG?=)%PTE)J}Np)a=Tf<s*G5YRRFh6&CxUns6f-Pv5Qr3a^c~
zCbF_tw<9{lu3Wury*RMZnS%>kW2R9ua6MVob7b6cdwl)Cam<OE^``^BM(Lv{e+&i6
zQA<&KNI5&{w@egH1lc?P>^R{_ue;WoL>2Y0=-~>#Ss$(1v8id<E>!|mz-6`7_q<hJ
z2!t;}<=SOEw?6y;wevBH!TE<(Zz;ZpeKMz0`9tN#lgkmewf1RWqBwf#^hpWJ+m|dN
zX4cPD*--2kv3=s}a1!Uf&+oSAzP~6b?nLN|;vZA&$1t5?5;rQ{QHwWrP<Pc&If`+1
zEk}3wFYCDowCZ;0uWqHyHF#qWKrA9|4S3s<V;pgYNRCZJ9g6&41O`GE&I?aP{@;Ij
z%UquP0R)bY{NGE2-9v_u$p1k6A8#ezjhmU*q3URF|5{bWr~fhe^wceNp7xUL0;+xF
zU-ET&9T*rXxc$Yh-}al&a<ha;xqgNLXBhL7r%x>&43&GQ=oRFYZ+<k)G2PzYhPSee
zaxJZ`t=HxT)Xs19Qk^~VS~2K*1zT3AH4XV3F12~B|MYM7M=jQzu=|Ex_)05+>drK>
z7|If|85ndMJ<PbZjNb7Ys|%g!$zhfCSP9pZo9g|X^jd+vw%&w%5pZ#Ftto2JGBPqh
z1_p#oOVffPFae>9(LzXrZ(eYQ@lq~JOG_X1GrFtj<l{m^?{v^2Ki^g8|6+H)Gwt0<
z-K@jg^qU3t0z0ZQy3wB=&E90Br>EBqC>FR?s5LR$mgHYUc<%4txH9CkQx-A*qevHv
zB2gY@Qoc;NhR3lxC|tYNn@k(Kd4I^H$Z<R=SPqV5;@~hpH&9|_Wfe=o5UXyE(T_Zp
zfO+6TjYe&z6AUJcU1s|7?@vxm@%EpUlQX5v&uDCF@|r7}^z!!3FwEJmI6&t`z*$Wj
z>!xZ%j_ZBYQyDyc@xibVcI)ooB^SkTvE%o2<D^`sQ=(024jqap_Iv)EFw^7E7$u<S
zQW#CsA0T{FXg53<>R5Nym8RG<(Q+oIFWB{oGA?f|xAHxW6}S7Slk#c>AIu_qu1&3I
zmg}8be^pe#*~in}S;obuAI=VMZ7kch_YGG*wP;FK34f(sAa2)JHw^Czh(D?eIV)1e
zLBl&gSZ195CRvU#PQ>C>1k#7(LX<i+{whkqST%z)B;d5P0VS&^UN{_YmHYDgmyeEB
z%TuXngXr&B#uBRrsbhlmSB|m=v&y4Js;PPF5}Cd|!uOtC<mchBu6lkLyS<qqs_qz6
z9OpXZ?Ygr~>d7`Cu8#&=JkBX2yp0?-FaO47N5d#IpKV&UIo*|EWMs5-$8DjKDsWn>
zlcuDoh*7N4yli)`=p8$HCE1wy^y#diP)xwa=1flH<$7)rIGFsor;{!5;gwwKZ>>Fh
zOCHUNOh4*Bq$)qy-(O<W_0iqk9XnLEas1Ce&lrt#rt8+E#ipjF9<p&b^tQ3CPRmT+
z(GjEbnVO!fE-@ft32teY6?VRysKFS~#QwA^!%(6gB_3O6o?%+-Tt6^i68009Yh|Ie
z9f{$PVibD1xVYGdzN|VIS@~$TkN0V?{C43XoB7qLus_a)AEcr(u18JW&%+%%dQn~6
z&#~VL?ruYwL3rzR;d8f&94(R#zRf&A-qgOYu6R@ho{})|_$E^5zHG_cc+zD*ClaSc
z#5D{%U`dw3#Fqtw9%_`6O)<;F0ivExRJEg!OKt)QR_@&Aj|N#c!#G(y@t@)Rd(w4N
zulgSm;jySU6nVUgcOCt9I6r}_O~I8u#zBAl`D6sIZnBK~lKE_wMtbrg)#~<d8jME2
zDC_I%-6vwKAbcaKvd;~r<b{!%dTu1EpM9zAZaD3}Lt4Wwemf;kS_#)a{p#i&2ndYn
z?$$l`=lGE~V~2UyW_mQs7(N8jPqv~ZsKqDP?I?p!OHWKpeE4yZN%-!wQZb+Ht&y(T
zcm6Er+Fj)o;I3IjkuN&KU^b>CIq}DBd|!TseSDV8Ov-n>)rEGi4As@Kf#U)<m5sK$
z2B-5>?lyRf8@+w>x#9GcQ^7JzFG|InCYm6rsQsBgcxjouqsAsC2=hboJUq&QCE{yz
z^C@3#M2>|i<afOJz0fpcD^nf%ANA59;@(~LA4Bq@C7l$#3%rR0@nDvsT0A$0h00cA
zef_<`(xPj$<BTjdX~x><RkjbBXu({bA+w04qT7}Gd3l7*z6CHAyF`7AawA+A`sh0M
zLz_h{JS^<}k7+$@ruFjS>%7+C*K31LTbvgVXhy{}tg%F%iuGKZ+dI|yvuPU}8xRlS
z^~nZ`E<8GZoE434_zbgop7s|w^kh9JdF&%6*R&hOuJeMYN7B-Gh&=f&GX_&P{GUHZ
ztqr)g7s$CSBvORIb{<kA5Jz4MMaVau*^yiO;Z&0y>qc7b>B25PfSX?*o}Qkrh-72%
zr(-pkX5aXU$K}G>>ppo_*U-?Om5aq<Bj}hfYCXZVdS$#?9IfR;X5|%irOUW0EcL#m
z=XP{*N=fuydd1&7Fd)mpVLtjT@ZiCNM`Jcurjkk-PMqL=eY4nkYGZj4?KVO^b66B<
z7Aj6o&4!sb&JvXgoo~hNn`1QMr5L;3DKi+L<YVIEwq|m$+Y4264Y@j9Q|jHc<g#?B
zCM+uI1M2kLa;toSyDOX_H8r)IoZL}ECJFnkb~T~d-p`|^n4#JJ0!{+YXh%oKe2Ts5
zMV0H<SC*G`6J8!=X5Q-5)r{fSDoP<h_T_ona6-u<S(|>M6+QInPSxF=eAlFc>tCkl
zT^-yEvTqq}FvdpM_4Q|)NC%g&pw@pvYStlUbD*sf+&^4?N(p=4q3dJh=8qF9sv@5Q
zB4#gm67Xzd-^~LR`i>2uh;~pZIp3;^J$dqEdnHw#w>7sd>uTt^H~^7lo~}?mU@tb_
zYCzU#4T%};rE(sV2D**uo*bX$3H2|Oy9L~rw%Bo8_3qvG=Ge7C&)_V82v7}&pG06U
z8$ywi81f2_1;Fs%EB?QMf&YRr&M6Zbo15b$90rqBc0zi_>cgW2O+4m)ND_9@Nue?!
zJRmwk^ig+ak>{G__=IUxPks1?{MG}v?#y5=jkp_HS``Vq@ME$CCH)A`EIcxhq}0lr
z-Z~K(@BOGVO&hW}{t)>S54!QLOJkbsO694so1KuCqB*u7uI&PuI5A?`YWF8R9^IUa
zF4c&;DDiOQ8eta;T|^T4%e{M^97G>u+KT9jlVn}|bz=8$<@o5hExIK11`bP@Z-t=a
zEukR45ywvqWRV@byAa-k%f)IW$i$fJ0xpdxl42l}l`Jt{jzqf$pnfk*Z6gY{Z^2TC
z=D5r7rIu3n<z7zmk%rB2^Nm6hs3n!+8hmt^h>(Ot^goV;BF+-NzjH9AM&WRiwSlKv
zx5-~YOg5tK)&`Z)b6w{XB?dAsv-te@`x0Mvb~=ZzN5_+vOXh?6^Y5RK-i2>*7l|+9
zrG3`rcP3{w<y3m)HphRpIlVsaEoIxg(2=T{%S}FR#Z)f3&}F7&a}~+W$%!S}I}Vi#
zm9CjCC9CKX@EZx<<PRaT!%2DT(hwp46&%)~_ORj^V(2b(OuS-+W#BWo{v{DWo&i^Q
z%4dJ_5h{LS&<a1+c2DyE#;2DE?0ZNS7rcjF&E@w#975V#-v5G9|M!Xb;+6IwEr#`9
zZqSK36yzA#kxR|761YwB$qm27X|f@8blL&87Ow7wieM}WBJxdSB&Q!_h1BHaPX`dg
zEZ)Rf*U?%{X6Z-!b7;0zHBdg|4Ut}1lm^F+9pk@M_$KLFC35teI<xHNz*8!^rI&uX
zmRR@Y36(Kjs*d@)tcXjW1(4-itUGT)<4I2Ta~7th<y(%806s4YYNg%lu(Tg4M_>K6
zh@?6aw^b|uVQhSS@tt3|1r|y#3J{+-yRME7pn)2DgzpHWq@$=eyJ=s~GwN{i*P&`S
zeY)5<)0wUYH+u3atyKf+=t4mGPsxWP)p)!ufdX-?YJHJ@>f~a3`51fU!^c+wnZ$yg
z*1R;8;X2R~L4ssl8_epkG6(Ad`8)xQZfzk0Bq0oI9jder1$&PBoyPn44b4_s8k#{!
zQ>cU^P)JP8<wHnrp`_smoaRW}GpU!4{50GlgC{3*z_#0c>k?s9f$((MLjI-G(P@5-
zQiq}Pm<v`IH9(=Yuklp7zY)hvY=##BG%CEcAZ@P7#4$lb1HXHQxX4DVyoW(wyGZR=
z^XB1Hdy4TF+dH+0OEpd8YK2VKKt`$Yee;+v+ixzf_Y7}n>Tl!T6@sVoZ$Uw^FwV2q
z{%jT9>S|zcoJfh7<0PuICh2ET&DPd_`|@baKHPrb`Z=#)yU#IYZjAgK9L`nG=Q}F_
zsq^IethBMYG-0<_O_CJva7L1vQqK~9LZR^9LFU_ZjXxzd@Li=lEj8<FMTub@=D}&+
z?Jx7Wq!h^H0$J}79pZ-?ftJo;sh*p$FO<(9xltK|e3yIT-e;jQ(FbF7JF_Zl^YT1r
z&Mb^a@4OFkpD$DCyNqFFmL&4}nbo%BAa`cXf@KGDh8lnT8kI($Ax?!?L`6h6&--M(
zOH8~pf{vtmwjY6OP0J8<nvj=vcDo{t@g{1pqSin6z24lMG0~LmO45igHZ{#Jc6Rre
zA2gdTU7ir|8Gh_<UK*@PGA&CW{`9w9HX0LqII>bvF?>${<MZdw8$afI=LgH1LZkH>
zP%agfgvU(QUpSon{Y}wa^W?c(#RGETQ-R%gJL8Dk;l*sRi-%8bvdDU9m^4;Cm3Q|f
zZmpXINm*7tVF;FKzkJ%ZFVEd^sk5%m+9kj??I5k3@X#<ppvx}EJH8&p6NpbOeKaSd
zmt%Th_9QWQd~L|8D{IDktj@@ViMP>zi#Q*w>i+fFy|ZWEIaV}a>A6w2bJLCs%;lI4
z$jZpv{T5KfWpy&?s=hm8*4Hta58ie-OsdnQy`0>tO=sF!`o^EO;}J{S#0y(nTLV9S
z1oYWE@%I;WZdEH2o;sOhBO)TgXl#$NL!D}1+3$PT3OiaWq<HOGmT`eP<MMd4ajfXe
zuuz*+4yj_?(l}Dt%3^2xM>KL<4f5s3<%WR9XdgjIB`F_j>edxJuGZ`L)OnQ!;#l~h
z7=`V_fBd1-6ZUp9rHONgMb1mH*eF=8Z*jIjiPu5Ev{W_ze$A^DU*Aj1cq@^z`kU9^
znvF}NgXIS;+LL4Y7B>9lOB3VOx_RQ&HVhkxg!qtzq0eTM76I*ck%tARwB38mpY|VX
zimmdNk1!&HUrRp1<jp^RvQ6<Vot(1!$jfXUWfdc~eJV%F4p3>-V|Aj=e@GB!5?zRw
z_t|)SfE&9xJruS^Bg;G0-C@qaMO9AdDs^wvPWonL$r8<(d8>%<xt68C@sQls0{alE
zq&0cg=5XLm8;lo*HI551G&47`9-C{~tXm=tO?QH<XSudp2<oMCY^Qrq_Q3n{lr3!e
z20xu_r-78jv~fF0r>7m-vy~O~Y2*F^RxO{c?hnmXHcINIPLqOStthUJ*vy(_Ndws8
z%?k@$+#0uZC`U&|da_C1K0L<|{AlI%nFiB!Pw+b9*OQmRv10ed)pD}GAGX&$?{EZ1
zml99vocDsfXhM|iA>BZ&v|X9aa)`OUu^_*2>6D~$*J4=5&4M7^20EFAkS2?51*HMA
zYRm8D498o|#O`-TJns#bkf-e0(Y;_(^5OZWfS8dSj*iSeJj4twj-G&SxZJLvZYk`^
z(c7IG^#wzgs<kb(sR>K!9~&b1?$0w$6Y>Hq(@jcR%DuTer!HIw&d7E1B<huC=%lFH
z+uQdQO?Rf>7mc3lQ~w}g^jgJ<Uv7qzi;FNC9IbL$JZVgm$P~mRR_?P?sdG~FS5A@=
zx7wZcg|&#G^}v(D28?Fqm3A}}&1Z@4RxoITGLOR?BI)yRx1l%ZcHpH}g?{mx(s<q(
zs&s;Hq_8RuI!R*9y;c2R!gnuNV`#z;Ac-EUT|4Xy+oP;R%~(QPwuwKDT_%P(<uR9?
zVUI<pPWX5@iCkEZ!Ck%I5_eFj{Nk|RiS5koq1;V_{x7r1L%C+Pl>n%6F)eRp9wvV`
zvc;eyx(YrTy7my#@`S>xtvg#Uyd5+b;A;N-h6F(~O2xY6BSHWCh__OatIhIe54N0^
z_CCKKwEnyWOy%o$li)5MIi1j3_^_nruxaT;2nl)wP2RdmUAZc4ZS@^O!O!UuF4o3L
z^iGHLd_dIKeuv<&+(7N~8M>+2n>!baU)GJN)N>HiGtNsc*qP3B+ntizDoah6=2g?(
zN&U7doYwzncIU>_mrnBya(O}^pjJR!74K|QjisROYkN0#bSw{7q9c}4(b=EFNCB3g
zH(FBRq99PzG!i}<*B{+#NhR+~-4xZxxVX|QwQ3TgXU<r!PP<@^Crt|1QOxxC%#7-4
z7ImG;?fIw=?N?QwfBCWE$}G{^5BBEr5sCy|Q{#fUEaM(x#baGR6hBZm=VWBA&@4IJ
z?4w+zjoI0n+_9#+0e=fy%=4j2`EFMIOH0hiZxx?f{>6@1*_dIVt;t(#*R$;tW3Q$j
zrAc@?YAL^AZp=)L;EBdtEg9rm3PZTC%6W0IkIsAxWY02}Pcq`bA3W$s-oxMDbu8t;
zB}ECS!LrSDraPh5&k`Y{3f@|u0=DaYDd#ww>`aZhM|l1lQSOU{Z6h@qokGtU1EZt!
zq&PVAJn5<@x}f}+6w8pt!Zp*)q#k)W4p;PSuh(u*zquk&7&+0~6NvZMX+SM`Os6N1
zf$EAGZ_cMr-<B2)?0qw^<>62Dj_9xY>hH`eQhIxnj`OcydosScI@EBpDfq9Xt6i`O
zbJ6A((!ULs)tXZSwtD&UrNB4dn)2CcQAGi<p*MSXk28+cojuSFNeaM{ia#&!ls6x)
z)%y6j%FMofm!avl>*TRr8Z#0JBs}D8&stnr$%OsL9_)Ohe9LJyOC{X$oDbub3CxlN
z%k>WuH(?WQ6R{`Mu4mmU!Zbe}wfi>Yjjv8;60^bMoT{xe&PklD4Twn$VidlcSyEC$
zxO~jd{sCX}=bTfJZK6q0{3?-jS&?QN*zNnt%x{)*9udaI(p`5DR~d-d#WQI0aUo{q
zZ{cRRt&_r1dg=yugo!GY_j|Ivo8Oua4$7I7JR15k>wh;+2j8C^uUL>WaVi{7mD+@Y
z_68c$RiGV!76s%2jcC`s_V)HU?9MiDSpI%~fk2v(!hJ=6XmmPo-~g1gURi_|9&cEl
zQ-XYAGotEa?7qD<UgklnT%1uMRFwfd+p=>FA-zJAZsyyFSu{kvJ|VQd)F=cHYU)Q(
zt_W(TJ4;wtcxgV8&ya&vZeuKbv^Lmqa`yYXDrnGqB@n~6a5;uKlifKxgoU3M?%g}}
zJ}LGv>vlq;Gr4ddV`R)Co^ksP5zi1w@}{Py+?ok_=tN*ArCsOrs4U)o3p|yvOm52Y
zClL>d@e(f6%+$&(EG$2Nsw)O-h;Lqg+fg?5b!=)1_z#-YGy!t<#jtA0;T(ED-C3RP
zIwflT{i`1>(3DvkXV_<Vl3z;A1H02Jj2L#t1)m^)96)HHBO${mcVfITI^Rstq*yQO
zrkKluKP&2u=sg{@oHtOH(k|0_7Rhi!#c7T+agj-oUF=$iy5w$&1+v3uwac(i7>U}j
zczs*|pW4*Yl5JA*MJFgY7=6JC3e7*`QAy0uD+WF`Ha7U4>y#kxGk^b9v^>(CO!qJ{
zGM<1vw%UWVYE2Nhtj&nMQ$-1F`$5{{TR^Y^iG|FyRQEq}8k(A2XnbJzDvrD*RYQ1>
zjEqbVc0nrwG(m=g$~Qptx>+~#Apm-S{RJeyngtZc%_UQS@8;Ru32r0EolRJTe?Gg1
zxvYr9QVwpcX3mRfg4ms}96_|lY?|IIGV`}ANqG_sR~_E%BXdB7kLG?9nb)7&R4k1E
z3YChCgrGA}PmqBK=wKGnSlnEwlAM~F^0K}RC1PuPV-i`qz4`sK8TZ1+;heFtHMm3*
zXxuM9z7j9(YTuVfchQD<M+~*~4B~kCrJs`()~^4{=c#>&TLy>+=McAKh>NfF5r}98
zL>$eoRI&Fuxxag0w67w4SF!lDuy0rok+_x1img8Q`}GH;|69@cw@=p6yZ!x(|9a#K
zi-U;N{bX?@v5Lx9cc1T4D{AZL3B=y(6|1mt@aI2?C;$FQ&Edb#jjXc#&yoM<;(U*=
zA~X&n8sv$KYPbHr=$_WyruskXH2?NVna6*h+wM92r)87!LR@4(@a*7gg&zKW(YNIP
zZ%GI~Ik_KOT?SlqoQHy+;Fl(*I+lkqCR&eMV)0D1RR>teH;P%57+Fd0rdHx)pwlRn
zbLfL$xAlgCi9-=LTk30bi_)2wd@bvD%;u##f3K)vn9_&#%WaQz3A6ntSXfZO8GNCB
z5qijv)fe;^Z@SJ`CMA1>Lj>Cc^_7}xWowIvt@C<-B7Bos#_bcZ1%rcwkUW6*hW*o$
zKQo`JOR0Uiu&Ai(qyEe`ao%S#-n9iSKYua3FzwO&pa8K9C>ZEfcUC$y=gU;NVzhpa
zj&=ZaXIBa;^y=jc+<C_{C^EGhNf*5d0OQDd#r#7TPRyVF&8V9D@uTM0)C3Qk)&yAy
zeR7+qtgQUfwKipE;M1L}8+Gv)AF|2I1Ebaqk^QI``pSB8-}R&eD8{+@d31RAXfjTS
zjco*!f~eMBVCdK3RHAJNx-{}TTgz$MNqt}J)X0<ugon9&22S%yCG79y2kQ$z2g^L+
z5B#jOu<#<}wrPHV(=@cS%ZrQdv-v&tKML;*v1^}j1Uhdj1n7R^=4QjK=?JIEmcxe*
zIXgLpR|1y{9QYUQBt@5*?%5$McEvlg-n^bHuj!qUk?|tnannnIAEK!_nndmTIy*Wp
z2nq^bxUjsoQ~KCUS2LXQoZsP7;?>{2dAPY<Q&JLwjM-o8M|+|>!*G72=Jj-4X=y14
zS#@u&oX9vHz?4=(5&rxZ@P>gBgCPR^FV$#7tTC5uuiVtq3OSa%pSU(}s3>^j(<R=z
z6-dq9C}lifV#yYYv<d%e`L#T8ti-f{kN>gHV5$3bqIs;Lse4VsU+?Tz*@I;;wm1=&
zvqytTTU&z2a$BsT<bwpC?F}|>j({(k@5+3Lhf@aB6@{D3UD|nwt+DUT<!$?lNl?Qa
z^O(BSgS3*&x_|xAF6$kM`)MRD4SWLZl)~GD3!9wT&3-!tL#PZ;_do+oW~QgleK`6J
zVo<f#8C0qRl!vseraIF*(o2#T=1S)KoJI0zLl1o~_a-JO1t$P|KgGibj2Lb?6^+uN
zOuZhn1ga3|c52+$rAi#iH$I4<n%)REyaHkn_wFi{%Z6e{BL$RjNlD4}EEQGNSHZzO
zv$Yvdxen_QbAW*_g(ju)DHV}0d%r_UWj{T)hTaM3J71rHTyWDU^X7S*+wasqF-FX#
z^G}YMVB*@6lwuwJ^utHIc=4j<^$9hjCsEh<dFzhCok^w>u$aQDh6$@&Q*4ZuoBM25
z8zASP@p;Cj<SS-|)qAB4NH`ETA~6A<9j{p%lg6Wwib_gqO1Io+T79;2mv}MAr0Ofw
zhZHuI-`KL65R4UFB^d1#le%6;BT+`}br8+gSVlEM)dvl(%l4qK(#fubs0;)I86~kR
zudV3!`CBp0XL{D7WQO-aLan%*i&h{@e6Y>%wUd*RYML6ed}%v&Ii&H}KF{xh$*}N*
z9khThi#+Pq>3~<Sq?~_+=*W2zGB*XT&64&Ry(sodnzGnG^`3VeRw~UEk?G~$^x?7U
zSrGg{4=E}tDvnj&f9Ju21=#aGSWllbqM~~JJmEDT4<=C_FQ$mC{PgMktYe<%HP@$U
zCO207Z``|guT^#}?pU%FIc|%bCRI0ZR%jAb;O3Ii;>H}1I4LZX@RP?%2Gb@5_##is
z+V-A@cKdknAF&4V>%&hQ?8YFMP*6}P`?<_;Rbqe*f#o`BhyL2C`skFZ@tve*>pUq*
z8$bb|;ml1=7ToLLvPgc$JkI4*kLt}MDjTGt)C>yj6>Brw{z~@TJQrJ)+w|x-0_rZ#
zq58#NaCE%}07>}X&t?O~E|DmG;1j!Ap7rHMKLMDc&V9AyPxl@<%DM=$2t<|Aku+NY
zV7DG+%A3|G@pdq+!%TEA`LXI95YYD|jrLHJT+2Z3nc_#Y#a<hZy!^&rGLcx+@!dUq
z<JZxqXfv#mGgYL+3tkjy)o_Yl?VZBw<51t}<hMRWSOf$VU^wk4o9Bs=HQ5qHhebSA
ztlbTX4AED}YvKbOWN2t;f&IXAe?d+)N0Qh%B$YtB(pPKZF?J1WKHEITK!eHodF=fj
z!SO%B(w6JF(OamsmO(Y4GQAO2@su<9%?%AUko9bAKDrM$2mg*Gaeu3rS$+gU>tXKD
zRXW)`kSSC6<G(;MniwBf;a-Jw)YsDe_y849IV9rjyrcCAwse)Xa`Ypu&C24|yb#U|
zzP<tnv{ZE4iefyAUEKyr-l2q1OiQ|KB_rAYBZ{ce52AWEZ)?<x*RT6?t%7T6Z1@uU
zFC}rF6ssQl_GGoi0`?@RO7FZZG`3C3JX`>r@!PA!UY^q7=H@n@`XYtTmgqBpCJ)kY
zgzwo!#jnq6*uQSmGtkp7BX?GjfW_LkHybU1C=B%Y>38DQO6Yl<+ys(cbSU?zVMJ{B
zNK?!Ozqun04h~{ljVq1;UZ6$W_2p^LOGgg-t4o`1L}e~<>Le9UvE(W$h0IN5<k7W?
z3>qO2iBBx$r)oPt>Z@%~hliL(tkfqvoEs>F0&>5E3ks6~YG4JLGaH}syVwwr*wo}T
zqi!#I%FlYFYNCNP;hvIJi?#r@5SSV*V)^td^ZhP@NmGHFIsniNOD6gjAv@8?dJ^;!
z{CRPjMF-3}q}no#av3jJDtmVd`w1Elubvs8WD=-MJIk&Zpyi|0`Pocq^-FS%H1{iL
z5hy7rcnaPnrwUR}lGcU_3L$)gnI+lO-$=Q9?Bs^}2}-0%vGc=hlbl!*4GqoBJnKb3
z#%dd{h03kFK6U}hrIlrKj{XAS%D4f!siWM!U38<f3?$*cNw1q*<PCQvW*)b`z7CY~
zJ=CK|U-)ys4+vX-Pb6b@V1OO*%Jk-gs*&fq(zLJ2(Q$6y$z>dZs}Gjjtn<?CW&ORP
zwnth;`e8*Y4(6gGkt5mA`xzJ5Pv2HlR5Uj?2bA&j>C=>q<XPM1w_<#vqMiNy#+z5g
zB?N7cvkBjWn%!Oyju*9RVIF8{08PMRLt9%rAt9mN;<}oe?zhG;DmoVa`_#0w;qLi#
znH}+iV`r&craM2+^S>3<;!XbW;fpP<y{d{`T>KHpoP;cTsO6EUS%}L_TZz~w+6Mxo
zZg>7Ub!TTa$H&es`dFvX8wOsYH;Ch~<F&UxK*u+kT<SV+`r5c1rB(a}8fB5s(b0xr
zOXzfHl4{KEDVtdWsrEy1a@zgS2mM%|9oV!3_9UoXOn?3LZfoIsiK2u=0cfTTsdKXh
zLs4Z~zx*3MJXY*a)tc}Wzi<Hnf<_eM>C<J_ZSSuba);hH8YKE1=%gcFI4;-^Vafmv
za*pnN!UaULYl{?ZeE1}985neCpu-TyoM7=K*EwF!TS`{egv2q_XmQZDaa0d+@h%~E
ziDD2mPj$3h*#hMof;PWkwMx;W8Lg(P#lKpW@q=Z=ovqfLPgBF6IEXdX)f}9h=|gsc
zgMT03KA~e<Fr`=4<TdR>o$LXrh|7c$Xt8{D)_g!{yhXY|=WFHxi$o%kyuH0WSEpAY
z$K!@5lXubma5XMR)T0<ka?24wi?ct9!e=RKC7ge0$;)GdPD?{Q&cE03LA+q!9!@Mo
zL6f5ww?64<2!#wpjE+)wr&aMY0J~St@1tr)l_L;8Vnaeglvuri4LZZcrAYk6jsPan
zV;{3HKyEF)o$WO&=X^R&h=+$qL_|bV(ul}>b5BAmyt1&oyi9xO5WX#`_W9vcy^!<B
z+>{{0Rs`0rE>LdI!qt-p7x?|Vmi@{;1c)lZ$dUbs%!}TeD<CG)l(p6F;%z9ntpA_;
z58wOii?yssClvTKI^c}m>zbPdCU?7v3L0vSHBfPn^-!^TX|>>jxfk~PuHx4K?{Z70
zLS|Ma`5$6jy3DI~{rVQ-l3#5);=8J{GT9OqZXr*teImYN673_nI+S;hes?V&ivS!K
z1#xdz*@G4h7tBtNxFtd4MUq?>@TsK8EAQx2Q&Rl={lTnb6m!E>LBYFGI8w*2(N;R5
z?iG#6i;mgu_QB4z!ppCm)7q;j&e;=2K@8WL!{r=u90uZJHgPkDL{V8;sbh*USE+yW
zB(ONwMzg@O`7Jc01LfW&PoI^AP5VT*->pZjnP#;2)+h|zB~T?L+39<{@nyFpyT@{_
zVUUbgEG}EHYm&d`-P5I_J7g|jYZ!!^AEf&>R1`}?zJKGfq;J8jLKh6c`~jgZ1O%tO
zeYW~wt~<h+*Ft_=5<TR#tPX#RHR$C}y;JqP-HZ47TTzukQmy><S)jva0Nx)jW}Z#F
zjs+|nYXtEB>_Iv@I*TpPDMhTmpNYXhq(Y7+n`=x>6QF&990DW|JAEDY=g*&FHl12u
z0`L(Yu4QD8TpIsa57NgQd>X(J*_D6&nAzFb$Ol%kq7G}lI~E>E<EO+LEENpCJoWYz
z$o`rZqhJzRe<k@7Bo`l_9Z-Rq-ikH;N{W2@mWh$k2$ZfXN=%ViwiK~n`h}2d7jAXR
znp)Ebh(Fl~DCXlNw>Ai0GYhQip!;OM16CG{Gf?X+r~zH`5Q(UqQt)@|K-a)ylks{*
zRy6!&iSrbj15_?SDXE(@kVJt&h`a)zfYu~PWW7y^751bW4GM)459eJYC7?F%S!|(q
zwyYSpAiDuw!RrT(k9uVbT1eW;l8|p2FjrIfE3Y>kb%^3OVmrvFcl`aeaqJFhz9$D+
z;Lt+$;tarDkI}oqdrAOl7onq)uRT#|>?-~1OV7wT=UAgoh8TWxFqOfTe$-6`S$szQ
zW>4bf1ND+f@72gh`v*cBe3E*FD!tf~laqNq4>c^g$XEHzJsh|>mHoBhr*3jFXx|Xa
z71|i|G&FOVXB8C{A}y$zBPh-{B-rR&4$uW@Y(v$^*@}&b;Mh6BD)-|qp~Pc#8eW^_
z)}^4LLQA=*G9q(KWoM0{Bu0lS1u=&X7G2Zg1?Xqg0MwukVR2FWIBL9sfw!)-;R={N
zgq{Lj)Bfd3*mWTB$aY13qk<BL3)XpFNs0__NqDO^yPO*RU*frGd?H3KC{D)AEc~pR
z$fEt@j}S+|DT5v}0;^H+bIOdm;20xvzHxX4Bqh$U!g{0cu!VQ<Ot-2lgTWD2J{M?V
z&9NiH(S-;t51a#tv%#{2Hx!5|v5y0_7!YBPZoP^oIScXe8DwgeU*v8xlp0yeX-97Z
zF5$P7Pg(+`0R`k^Sy$4v(B;Y2{?2!Rq(B-0+_~fc?RRr-jD13=O=BHoWMz7OgI*b8
zjDz{>{>rp61A{w9`!jRu%+JD~rFr5!)?u(1b^-?n2M_XLKwzL4V>;z|T(ZKzAL0Q~
zIq`#=EInC~bLTQ`ZTMWAw(v@H^be}>WI8Aj^pmAujTVhj5PNgrPEmBviNFlWQesCe
z<OdoXLfMrfTtNXBdfIUK(z_pCxkeg5yCr81*7B`PnjX!F=$C779gE00vpwtJlUvlE
z3t)fzUE<RGM00Fp=)}+lGdR%*o&krML_<P{yw?T*M8TzONuwuD;YJ>vx5<h8`(D%m
zPCF%LlRW3T9NZ0biA4Z7rRtTDNF?JAaQLXIs%lF-5sV%0w{?2$`6JDMYZikEZkm}`
z#|5)+?V9=`Ny$T8PAMNgsB*6h`E0z_9@L#XGK<TtefI=OZHa{obaQvt&oMPAy1>4p
zYV<7)`?X!rsy$hyfl}Bf<oTCO8Ldg!Y9!KJl2UTl<;$0+%M9|FKp^uy)PS8nIc~%+
z=Zce`;XHHZ5^*a`Q=Zh>+S<DP@C+A&_|5Xj+m;WdPv-YD{N6l5W7RL|-@SX+P~g=p
zFA26@0Jc+*F|R8E51R-1j!;t3p!l8itB-%kGS>LVsA7J*iC-k%Dg|^BumFToBZ4AH
z?HwJl5)P)Y<`or}B!`$R<lWUsm0_b4*rC^}R7pjd2#a9s?2!=CMUj1pak<DMp7i10
zwJ-&<%M%(lpvF&a6=ouUJG^KQmHb94>HyV|tsjqhHA{JFhr!tam1dX**Sh%E)}A%`
zl@Ju@mcFac58=it$~PuX5svMer!J`^<U_p!Qv#W|J41Z9OHBd=Nsc5q<$th<f4@a$
z0C9A;49>AgGT*XQ&`Z$WN7mFrNX&DXkv<cfRBICzea!dqV`d7_oonB|eLM1;euKBC
zjiE`pP734*u!;EtBkJ)Nb{PzXXNX0J@Wxl|blrsKYrpxl`~1#lr&;Csrvn7(393mc
zHQ7$uR{YK$#BMR`@3#SF7dQ+FuF0mI7Fykyh;>M|pP*7u0A_H74K?W?1J$fGALr_1
zk#U4YW_{2#Fw(ErHAl^SRwI-I2MY=(;f)Om+6}4%ddN7R8ArbYrM$~3n`3v%24z<}
zb-}M4_Vs6#KWyIF*;$Y=W~-~KX-^2I<wC*W<L7Uxt)0y8F)evG`rJGE=5fq}pI;%v
znUuO|pN@%+CTCR8_~-JAAGzNL*7@<{$B+WRK`Va&oV|d~x`4a$+1Unn4n{O-9J*FA
z*R-&@YS;Ve-7#~mm|@sxkhW-!9EmDOrfyIkupCUiqpP3f*GK_;y-i<UI@HBmw{BTl
z0xtvU{PX9}ATqSIwW&o5<~yX@XVKV|i^SM&86v&)&#|(w0Qq2>AEwwbW6+-bnG3z|
zb(ZdrVi&c0FG$%vCQs&+2cB6D-dN5`4l7nUT#rJO{c*$-?u&jRehtbTnUri#QPT-}
z`4U(7a1>Iu5VBmxye?$l0m`&o=jqO=P7@tBXin^k`=+l@(y_>Z4b8;_B(jrI&S~~*
z1E|?014w;7n^WB5S-iR*WVY8waX8%3Su*zp<~&_RCIRI82tE9m$!RI)ld>LpB9-t%
z(C7NB{A#;k)l$0Dz}KK0ZaHnxW&Km+@|7!BG&F+DgP}yNue({4qR~SjPv^j0S{SYb
zMysztufV|Itq^c2NqE{65gX3H4-y}fwasV;F8Y1Zpe_(m2P$vwoO5)dbbDGDSD@IC
z>bdmTOpR$3!T~aejzKDr8#mxMzM;IJJm0>Z*mq$N>x0$l-p*8;<;$QA4f1^O;8S}_
zl+V?xSHZb$A4bZ%A6<|~ucV*=*PzUcmh}|p;HWm=xO3-@&0**`x|qc6f7~cLo!a;z
zrdVI>X5sZSKh=4WMUFL9RacuCE?71J1{Je`dzUGStn15<)aJV<TBgkz$YlKM8*iRV
zLp6kuS`>eqiQn8&XC)?mxRVpcD*0}Uchk?_p-VhbnQIDU{^Uv~(m*lbq_E?da!M&Q
zUI6`}cQo7(zfC4w1Xsae6@fVh69RCz`uv<{`&>4b#&vFdu{DAy#M1}0^^IpiPEB)A
zQEfwseFkBlt1<fARJWG2sYUzsfsafAKdd(gN?f@)IG|0vcI_JE{%_?e#rc?Cuh@n(
zJ~7~G!W2h$mwIlk1X&a(>15gQK|RZXbs$tRl0WaWqOl66OE}ZVA=3#x$QljD$lxA>
zEV^aD;_>SpP+olF3kwT-ln78oGh|LA?!j=yzLZj*9TecKKEF)kf^2}cI=?v%cS1*t
z^|Aq=B!~-dKbL3+=ldE@o{>(ACs{I)<eJCI(JCDrbt$Q-fIfGl<9MvleZ#dH2$s&G
zfW6>QmpgFWI2BqMt)1ehk(|GRBK~j%1d`%4(Zo0tDAq>~kxjnKpmFR1_&QYf(9iG|
zZ%E?cX_T<g+WY}MV>!^kKu~(D&1KE5k>Sin*$_->q?0ORNms4`@om}krVW^iWuChi
zlGLf7)0x6hOjWAQ`|Qyc=Z&_3E9*p$x!`-X%cwwHT8E;k=9GucykKJqaHOkZf#@^X
z)oD_wojHxmO?}o5Kt?5Cad|nHyzlwNeZV|AT^>UHuh(U0jn6|qX{*~~7O3yR_G@R`
zy(&c)XkK?K4Fu1~>2eT9AI)^DpKhwFdl3+j2~sKq`ZGQ|tPi-Ppz?uq5vHF<SDc4@
z@di{duna(WS#|V(aW7474iFz$1h!u7^!xYkWn^W6bBK?Mvc!1RAMzp1AWsc)9$Y1&
zjw(N=V`VvclIP*wmN?0YW|)~!h1nE*M^M|>K#aPLjSVDtvgOIlOv3($^^nfMO(WZK
z+by7z8-xDXWgUXcJArk0$XgsJwsGi&ZTv^a@diR`d#4FpVpCI7Vd2Gl+Rn}^?-gEW
zN_1QE@g^HgyBbL{fD9URot)TS92rWy{1li>(_iKj5-R+H$rM)3QrQDKN!=<QTfn#H
zFSh=r><w4U?&36Uhl1O*vf{kzbLZEc{a}b)=M*Fd?l$H<iPQLVF1p4qVmLsfHs9E$
zvl!TG|7Xv7x2AJ`0Fev!bO`8HoJ5H^HZ3jf?A7Py78Y$)6yUbq2Nn9rYo(tDj_`oD
zeQ0Q?r$<6g4psAt!NC5&{uMSzMC7uX8sGzP@aWF|{ri)(e%W2}HKo`sRfyrt#T<}C
z%6E`jT7MSo+qc_co;!|2Fth_Z#ro%;f6~)e1(Oia$}`82#aGP!#I!x~mOB)*ocFHt
zg8*)OpVG-)ghmEZ#lu}GY>~or4+Uri4EGef+*k2de=Ev({&vL&^;jse&;somU<-r5
zQkIyQI6QoNHc*bdE6B1eyqj$X1Y@zp=0AV-1^6^uV<j}#6j^~lr{2Rb7}h<BZ&xHF
zn_tPmf}DQI@*f;%cVuPPvt9N_!s>o_Df;Wb5CVT60KWS-PC54Ymhk*TYBDpy&c-(9
zE&2P7?}8d%<%vSR-<&M%+TH>uRZ&&cXdbj`iE{@@9FQuA>43^AU~0)>uyn)pNi~EW
za4q8i1IEW0SXt4bp+C>un_e1kgu46s#S2JPAyI^>4l8I(6kaK=g(bcc&Z*~DFzG9^
z!ouz`!J-Bhb+dsRK)s}eYY^l^G)(9{0HYLeD_GL31Jx1cLI_{L$%a`sIUi^BlGcGN
z7q#uxdOrcA<I?gnry}%%xXT!Hr}=QjW1Xw@=RtLWQUG+$VO)-F)E@dmB+8JcG<`OS
zLp$~>bI@!-M(GD-4l*cAb6`Qvo2t&hTTS)k3_)?tT-olr%-a+%Eph(*_vYqilvcr!
z2J`;~E-c@<EH5k+dTn6rYiuW^yw)FpXBGZH%87sT#_i|Vg9G&eH_5QKxA%sT3G6t)
z3F=>i>-i__+PW)I(l1U)*q3fjXS6?qWrCTXjE))mR#;GSESRj<vifW_@a4R*WutC&
zC|!J>lan*%#hbQvz>W~V8fa$mI!2<>Yj!u__FYl{rG;Cv_SeAw0EiPpre2`ZlNpEb
zlSv`xAAq><-VzHYy=`D?il1`1fXZ1{Umu$7qoWh%k<*@R4;aB4sD0q|0j}vU7XuAv
z`=d~sD?Ib!9-w(6QE935W%^(6#LaqCx7Ft%kK+D2pn*ZEf{C-v`fzS(=U<5$IVG|_
zMDRMYdOO3`)rs;+;WxW3-UbVA{*!w?%n!_KH(iH}9MU5vV*mMa3{zAY?Eb_QwH;$%
zaQXH9YzkS%gpjy$;U&M8$AUsL3L3PYpq?XdJAVSnpt=F41Q^e+TR>hOc|{FU<iNl{
z)z`1Pt*v<C#w`Gu3JoaeZ+=6Gn8M!NUI*EM**{rWz;cI5iHnIb`Xv|XXl?xqCOKee
zCw5*A=h5faSnRwOzZ!M(UU_72N?RY`zums8rKhK7yBytDA9dy(34?@0Pt(j%Q!)=j
zC8uZIW)o|qPI}Yn_CTNkYF~rV5|AC#U9-soGTaCIf#L>LP`7R+;|l;pKYK<2TL;8F
za3S6xFQ>3Wjug*^!Qr1eJkID>ApbR<Osd^~&(J*g0b}QYYqzmY%7%ell;VBYANbnf
zrM*Vv5-yI0W9QH*@usv`7DmRH@NhHv==%9|pfRH3;xdU*9M9k<dBy=U9(!xrG;>=t
zI&#Q^7g{s$m#0V@y1A_bXR*Ar1ZU^6IHHi`cPd}`tRx38EA9D__*CiFD#kPe9_`Pd
zmEy6WF7})2DDzySq@?`t;ln18Xk}p$W7suTj(o?^ZI?c$oYZ`Ok^Lt#F4+I!0RRP!
zG`<)~24)cbK*4sB%YmUX$w{F8wTRy#{mpl#hcEr{9ol}tv{xAc^LvXK_Fi-xd$BT*
zsuAz8G*%DJT>;}S&Qt9Q?m%J5@$#l8CZ3U&Ha>14Ol0h;v=$661`5}5aij*eHo5ia
zyz@QrGK6$jyxQAO5YS+!YOIDc7Qb1j{n~?oF9N=a3=hJ{@F0xjY$be8?VYg$AOyHe
zaxT%fmzKTHsRIXI10<S&#RekJrmJC#J9Jn4nC}4~15ClqR#dS-*XetC?gA)|-J%3J
z(^t3B=OVc6(c3HBD!$MMAEu_B0^1I7Q4Zr-00COx2(zC%*U-_C3t<8BWWze_Td?=k
zrez4kFI87xi>YXA%z$&BHe46EZ~;89=GxG|Kmx+NAq7m|UOMw<QZYchS>U+AU;Mz;
zmG1CiZ}1Di2&?mC!!9_9I1J-T{P!iuSF59|OZIvF{Q1|ZQ?N9O`On4ky1L_Qk_G(i
zWvR1aMu9*e9HFI+y<inYI2%LgU#>ZUyso06eS)p63|cWRoaU82a2NGFcU8Ge+D?UN
z=+^<j8rw6X^klal?Rigr*X7+MfVP+K)D{mb6s_NmAF>tY?+Qk)W@M_2T)}qg3rauJ
z{?5}CtKr<IfJ!_~HskDmwXi)MY90nHmr(J$MBJLvgHPjvUyH)`q0NVbkt-rO$l#dd
z1GV(+){;7uZ?2_0DuQmWwEX@a-7a+S*V5AZ1VrD~7Py(orv+zIm<U#gQlL)32?w`H
zC`CVH*AWY6ndo(^+-qarXU8*~OP%A5pPyf(=>j|PF<d?T{3S_ns9lADGVm^Ngpv6}
zP*YQww#ZWpj3Y`LzY#{Y=E3PeInLFW(04>#-u=4Oi+}8ou+?bnR!zYz@>-0t9sXSo
zNAyBsV~K;F^9qA0W5T?7)@^Kje6ME@c>J}S`+;#R>`W)O#6Y3}A7<-p2$b+kpTrYn
zpB8!M#kVnmrnBD{2CYHQV&8s@H$1YgEw{IFJh8fu9ZxO9SS5grbQa#*y&B)wFu$d)
zqEg@5YNboY8-L#|^51uFA*>a=ND}(T(gL2zMw8r5O6(mMh!^sm-MtBaL!HNPcm75~
z&g*1r(JzICJ&NO)AYaO5IZs;(cyaeupkG&?@(T{ugi;j5EU9Dq@Yg>>ia$U(=}2t_
zX#F~`-80=-c%mzQ94O6w`}UEkUPd1n4S|`?TR=E8fEtJI%7`u~C;*Mj%gakqkrI7%
z_kyhKFvxT(`IH5i1`K8r`w07KJdz~kIw$jB_!2exXq=;?BM`~$AJk8!HlnWR+y@^=
za~+KF9y)pc5>0yra5dof*Z|54a4axZQO}npDacXupqq;rsZF4V(W2M>{{A}9M-f2S
zC&MSW9#F1N96Pp^U8IuMViE3>Hwsa6>g35^FvNOD@Ma#2|9k*7@!`XVF)=X&u~2<v
zxtCGFb8$Y|e+L+TY+ZJH{064@*RNk-ZFx%}8E%9(Ozi{q5aQJQz(+H(h7ddQ{oPfa
zxjk^R4n_@tqp&^E_~__p3CFQIe-;mA@^p3sIG7UR<Gmq?f=sjBEHNZXr$@l$K&B*5
z<x0JQ5*!}R&M3mm%PS{0SkCpYh#}nf+}*o(p_AtcS217~F@NDG-|R5}i5q4i-GR*~
z=b7359#ulF-0KnW1Vl`ARl-o`+H{v1uLKOH!6JDrAQJcgjRutpGp*;5Dqln0J_H26
zdZja``!d(6_4%`B$Ha)Ip^`{%|6Tj12Nbg4cL4F{gSrYsr2PE&tb#!uhXZeu`D6Ib
zpZ}!n0>esgh0PQ}k*Tk)Nl^F<w5=HIQh}RZz|N=^fovRhcBA?U3zybo%&w${L9^d7
zh(G}LkI&4^1mOi})^nqr3HQwIK)rwUmSi5|r}1G1E(tKb=Tu5GfXNTiq?UMT7+Smm
z^ZhCI&@T$=41h~5J|tv#bd>(Dzdl<wGl6A!lm8?1VJf~lH%cDa!PmPMVJJ@a`rc-X
zG$!cAU3~bpr)LdJIH8W_=E)v(T521lgoc3u5<nf*4YG@1ySqizM&}kxjW;%`xu$^r
z0~}maV`B*v6=<}&Qj9WVue`tK;Zd9iYu*uGW9cFeE@GIZWjpvX{pe2TBDBnE8X6Py
zv>tDMheQE>jW}SX2eT7OI&b8>J)rm=VZL}~@!oIa09P6kTOOd78Vs9LRrMSXPhCq(
z)IFG``q$daZ}+?QnxrS^04D|o-GmFehJs?z*Df<K91JiNJhfbxTYygf``kEq#2p5`
zDxVyL?Ay0U);%^g<E2)Cp@$6y^-G(L?Ghb5ITw+)F3tiA*9ob18hDh_IJmQVdJ#bU
zL8k%FrHG*Za6LvRRpYcv_Fl^y!zCr<(e_?pEsO+~S^_?|6$}f7B_%NGTu$h_@9yqi
z%-8(SUA>;pX@}4DFxL#IV`X9CMPT4S;lrexoTvIcrd#gjN_if&$k0p2nAabTT?{)3
z4}-8U6%xvUC`m`M9fVFeJLd0Bcpanjk5VIkLMv2rw;jAha5928`89;~xqiI~f(Xa7
zTZ4dT&;fe{JZqp6G-o7o2<%Kx$UPi64Hrd_A=2D{H1P2{NN4A~YI*W|zq?++D`jn9
zyP5Yighil+lIHQ(_}^!tO2C9AB(N|u<B4eVCa^4XX(sSnjPLV>S^Y;pMP#p6{Iw?}
zV~{VA1~3Dt6mYT)TA`4TKRJm5K072>hNgywyY%}QCiV83P%KT`&l2$HczAfg76H=)
zXz#IN_Z7FuG-25vkO@Obx4u-R4pK%?^uo1_kV|tNia7>yj}z_)+VRwRxYJx*&)2D-
zSYVJwqaZ9nS{iL6kIR7gfkMf}(x%nz*>wM|L5W)}ec*8dVH)x3$|iX}=K+RXmb7HZ
ze?0=U0@NnNvFH`f2FZVN+xlXvhujc|i?YyS?o}kjX*sg>m|Um!%F*trA@-1rIri=d
zoDE{{(@@&rnE&~4C=osc@_GNyC*Af7A#N-}CM~C=WpN+-OZ>`|iiSo4<;AA}>|%xC
z1aGO5%f!WfQ;&wI5Ios*a_hco)MVI_T8{#W#aTp)h4Kh954r*v5%Bbqzn32u60*B`
z<N;#M;^7mImlifA(T&^>fIVamctF#~GLd($0|3ue^W9!LJAxE3ZxGoiqUPB((I`ad
zQ%eF&bg93JgSam!3@!)e7b3LounK6P<z%4*Kpu2+bA$Q2fuW(Dm)r>tLhx4DXW;7t
zmpUB?g^K`{yMkKl>Ow-7qONO2;c|Mj_`aFK6c|~$p+Yc7kyEk^7uN@9>&<F|WPy`}
z#s%!W14T|&;Im!3IO;iH#yyI5pJ1G=lk?uJQ^xJ*)Q?#zliVYgcPWxD>BEtRrlG>~
zrOQDo7h}M(4<ssZvliD)O$Wh-0d9<GcpwV<xBz34hLD5Uz4l~K3?Me+WIex#_rGaM
zyH5D&&nkYuyQ!)w3DP^b_*0}zQ(~jZ%KTH%T5P^2RzlzLCN}myO9sabuvod!9E3SW
z3WK&P!o#i^ckzyQjCiBOy~4Krv~~ln;Nb<=apPT!*t+Af=kGiT5FWa_d(99zzW7u$
zO~m}Axxuo24kE~#nrz`Bme8$;OcYHfgbO>Atwu#a4*gil>CMaN1rwljK=av!3CC#1
z;OTtUuWD#$0IZ1MT)44ikeu8N58@y|YKImrVv($yuSC5)>N?~(FKcn0msf?-!aOu8
zT_9GXR5`LUD3ruE4s1cA<whfNo6X{-kHME4jOM>x28XHGVH4tV-nhY|4<bwn9s2n;
z`bH7eN5k>l?uw_`8LxhWM`5Tn9F<9CW@Jn+Wnf_7d<yAEi!voqU4-kxxp1%&BO72}
z>)MAhte$uXgA5^y&_(-MVxfnEf-cF=&p$87TQ>}jL9Jv9o5qR5LOPuJW?+I$hQVGr
zUMovW5FC#c*EIMZO#s=qA@mO`G7YcPgxU&(xF5w^je~XXIt+H$m1pw6Fk>T-{ioPd
z65|KV6=U<?$m=LblUZG|$PD#{gVmx`#k!Ns>z0xg^Uh8^UJfp<j}At+z*9B2z^1Pw
z{S9nN4M%5_fi5uOZG1&DaF;^9qSSvcz_c#s4w0W!qYaoT_YDbzl1^z2aW-~#b$g$f
zrW<(t322zcK^IoJB;~%8ygK<nl_lJ@WQdb&kWTyOpW%Y12yK-kaaNFh$;(WhQg3-n
z0>B7rC(P!p0$;@{<3<KF(A|OSO_+wEA^1C-bYx_t3s}fF)uQt3`VHLGrnDJJ_-1p(
zaE{T@QTA~F@W0Au=I4dRJ3BjJ0EZ9z0?zarME%Df@EnZP(+&?~`Y`TQ>c_1Ii=q8I
zhh5XP(pz&YGXJMD(TF2eLmCkUz^LLoH#Y|o)qQABpn|JksR8?#nVDHxX({*ycHm(a
z7Ut$@4(c%?oNR3HET<%xQU@L$6Ek29r^Mdl2dB*Fmkso;QD~>+`SV)tQ30#?0_Z_3
zn0T#gjc<KuUQ%bW$6Q+OhLKVfSXlvuV36=Q4gQ}$CM3}oF{D4B1p?Q=(Qk0;6Y;sM
zmlmGh2ZPRUV+|dJeBuf@`|q}bd#ec#r*OkL0GWqAkfOM8V2*-3xCb8qv6oe=@AvWA
zzryh<XvXI`4>5|E(_i-n+0^#gT_Omc7rTd<Anb=<;DWJ>2!z3R*Pp=dx~1-KLH~n?
z-PM~F$dlzzHU8}%Rt(_dLSWDbObyKM4~<f^^qndUo<vo3X&j7`-=_p55WLB*bS8;^
zYzY_q=O23qzBH7w-vZkno0x1faxp_1mjBYF3djj|-;l-5>5z+nl8ab^E&IP1(@Out
za8$TJ-*Q@9YYYbc3mB1qX*K{0-Ru4I6Oa&Or%*JS{4fE4nag($Olp#oZ{oa;2(<n%
z8kG9ORi_rlq%M79mh&nE5*z-2sHJiJdg+6oPt?C?(}HT?24t>9!*9}Y)Ft`>`nd@1
zKX9TI<q4<6Z2|eL0{#gKg69*Z&pGmEw{XR#KP6<Gr*YxR?ak512L=n!in3XkFlJ!?
zfdeoI&oRDd_z$AvxahN=L6o=%eIA@7WppH5K3s$L>A3TEzCu%y0zCY0FTQEHmphp8
z8)kV2{tyKv2;4ouCQidegJ!5zd!m@42Cxc?&(<Q$K2gV!^Kz_1`8}ixSoi>En}Q4t
zyBm6~E|Z{|F2=*t*<WRdM(L5=ATjZFWIP4K$vkv|I`*)VK;EoJybsX)eLH0WPC+DC
zJTMCV0i=l+3|sIvVnNOUlCdC$OI}_cXkecG;6Veb7)efS)6ZE4IC((FiSR^@z{74p
zgdpTn9X!|!#EyhS4@ZsBt@yUYxpPgqNbUP%XCb-6I&BMF5<I3VH3EPm8)KLzZ^OD?
z#l|k8#pOWP(*}16#@5vC;4tJTALuHAIu0YZL4b4h%PVh?ALsPP*xX$9#BtuVQCgEH
zuwkzf_3NQ?!Sy`&hxPlfzy7-4o!R!UixBwl-3E@145{i+DKKvc%?ivJMw(-+T3Ia2
z|2Gpz97`&jciq((A+gW84RFFV&b^-BBx4FSNO>xnnro}8yDP7vQ|37SN=MFVB0ya)
z*T~PEkgLOYYA+9lKB?Aw=`-#2@&|Yey;Oms*lqWbQ>F%xImO|LDR9@*%{ZDe;o(U@
zTtd#8fv!P?KyIF)7-<f0s%h1p5_kvkWn*v*_DOV+dB8Qy9&uPz?g0rjLd#>ePfW!K
zr0L?u|JT@;$3xk+VNXf>^0rV&o>mo6){<zWY>6zHY?Xa$5u!qA6DoVwX_M?4OWD$9
zU$YO16pBGvvyAzUdqzDy&-;Gg@0)*$88dTV_jO(8aUSP!9@n!MnXIbbV|eIb+UNz#
zgb;Uy5=f>M)Ppn;J(^62H+N1J`mWVv!q+NN)>(`#R#x6W108|a3SDKpIf>cfs2B3P
zq!)d==+9i?-Cl&%Gu9}uW4WQGjf#;5zUA@afK4F7-^+C#`RH@&R{!9j4X9NzIrP%d
zzZtpa_M`d+W@cvk`r+|H>`bNWe6#jFb9tdO>htqI+Mvc0)}y{N%U+jH@PqYielW9T
zC#Ui-F^NtGU>_iE=&v1NI*GlhR60!~ou0&{kao9llD4~@ot!~5m$4TlHJGcVKi`nF
z@)PSlUeF5&kW8fr8R!5?K8l!&<vT?)5pfPP27D9Ys6r^gfcpq*6>v<5f5a9|(Pj@-
z;yJz5K$(u4TPNmhSH??_2h5=@!cTY=Y0v;~#eQGXrC>3Q-?<T0U}`aZ&3bVkAY&oF
zjKqcwX2_1CQs+)R`Hj$aVxvtJ6@orw9=EVXQ+mRTl*-D=s(IMTUrqb9qzQ=e*LdJZ
zQ&UuBAnQTOU<qm$q~E!7=VE4}ue8<u?}#AM^y$c{K^WwL$QF7&Ui{ZjmXeR{LqkjQ
z77+rw_Oks}4v{XfjASq&&gkuM8T?uzn!9r4%J>d~)X&S$H#0ST=1D{=c2O=mIw$@E
z^tuo(cA}Q}6=j+qN!X*_$={zINsKNFi<{(DJ^46uaAf2T!NN`Z6%D*fH0?N0Z}#~)
zi+u-4V<L$#3>smkJ4v6`2y|u^Tza)cO6#z{;Nm?qwDPysZ;T(hyuV3v1~ZLX*Ws2>
zYUR)*rmGOVOk=6NWi_|7z+q`yu9F;PWlyv12Ue>vpFW+j(c<V#8OgbdjZ7zd!wbC`
z<{jZYk+Xhg8+EpKhk6a1ju02G&v+RbB8~x2eB`@tS|w{nkWOMlXJS?@xN#wegr5!x
zk$97Y@T>6k<3IQadg*iO^!q<Dr;o8B6wAPe;ATIsBZy6m&wu@3zs#t37JePgMe?cV
z!pD>oX$oc^>vKq?e33FIE1UX6&*e55Ss&V@8r^%I?Qr|tQv+JP4~5pwi#|Kd<G!*Y
zDSQN4F2~o+FBhL~cXvf~gO6o1E$Q`$9iSIzwL_CZXJR`8CZ~4Z1Zb*LlafwpYX>SY
zu>Zb=r{(6&yt1=vcSxkaXsG_{m}N;lqbs=&K<=6Awt9QUf}v$K=JvO<)gj{sIgesK
z%1w_RJ_G>#Dt|dBfbmmPj<nU$@=A3vToEB?+p-ysJtz^^t>8F;>67$huWkaj<sMo^
z@Ax3_J`f}M*@-+T`@I!`9No~M_W7XhZswfrD#M@6K437d@m9clV<UZTgxOvP_D1Y)
z$SlTUI<D-ycrhEy2c)xthr-W)t6J~1IJTL`#1^%#yFA$Vbdn4ca*cP27u!@N1BP(U
zn1NJJHA1G=L@Y%5CA!EC+*#F8FBsJ^+;l29w5zKNJB*u~8|VyFJ`Bw7Zn@^|?F~H>
zc6|j!MfBo)d;Y=9AJy`gcFi&l?P!4Os8*M^eYr!g2sPP&elVi}S8U=y`dFQecQT5z
z?MPkdTSt|;qpGc4i_48tTyu3<jf!fT%xswfYkub_D2_kgyg6G}w>~*J8OdCO?6MA<
zbRF}>2kQD-=V=OsA3OE%_z0PKDfI5$WNd~q=Qszau$=A2aZgwt*|fYgxby;10dX$M
zX6p(N7=+{rnWH)7l1|Qwr?=I5%99~P15XMd5F8W)Ub*TACl?4F^!SNv-t4zs8eQ?A
zJwHDDu_QA{#2{7<6_5}~>!4*O8)Z+ty9o(4H9o#{&2_yyd4SMfUS8{8p-VwQL4h?K
zgl=!VH|rGQD67sX*%9Wyf1TdJxl}19rxC*Mv3N;NB>WF4sk!r?)Jh#-4~h5VJy4tQ
zQd6*(J$<{UGQ>!p)A_=M5}{-&l?X)0C8ZW!+mTRbwWY0ajQ`>ut6ixXp4XeLBSvCO
zTHn0c%Px3O1?b^AaNKx{a&ycg%wX8<8Se^vZvp4JYMuv;;jbrLbfFmkJa6;feft81
z_}U;Gg23k4QJwrUlm=>RYvpV8-=m+a50&Vs4@pMyVY)>&xAWF>Zfb{gCo?m%>$!fM
zl4ejsMTqzT^b_WFP^nac-`I3e6N1xDc+o}S^A|C(*VR<GN;P#9uC5~2b@<MiKVPCn
zk2aFYKjT28U3Wwe^igCoSxL$BQ1RKvX=JY&M}~~(!Gs%9((jWmBn-$ooH^q=pPjPp
z9`;~VD}(>^7LG~=&Ro1!@#zpusa8o^1%O)b-;s(+3fcQ`PkAL+1_!OpoCV9Z4xZS?
z{7WAhXFQ)g*l(x_l|O+DMjt}*$3%~lXJ#EstbUBxanPr19|LL-6-DjqbZCBHYj`Ih
zO0kRI()-ZXN~=3-$D^nXdd^3md)$}Io%EH5Xw1gO1~>~;ms3xpsWhi$nvV6<9PNHk
zrY1o*?9Nut=$)1NlU|TR2+rzFq65Jl18yqsxt=Q)uhs2w<q9EnGc=q8L!_gnb@YxA
ze+Yr>l}CU6`0ThG6FJBEEppRaUS2~^wonEFF+LX)n?$=}pfZp8PS@rNvmBk0w9s>d
zUo`-IOG{NzJic;edN+?rG7M^@+N*pfvOroB)k&M06C?aZuH>Hg#GQDb(W@IrT+G@7
zlfXWHw~z+fteSg(948PySWm39vmGF71JCN|g-nXDuV(3zB`AVu-bi$xTzWc)g)t;~
zc-$BAN)Yy|Gd*5s8(x3BL?bpf7G2B8VG|0H9L*1^s(O2R?l4*_Bh%P>1(;0ht;f+c
zt3cuPl47lL=e}0rQf<@Skm3Oriba$C!^4I3RCIa^M;JDB)@j&WR5u&}3WaW9T{~gy
zio5{3TS`M4Bot`xiHgt+(v6>yhg@Cn*CpOKXss7^z>MfCmj1d<x0E8EyKvSXb63V%
z`QvY9%;`bq?RO<RC&zZxTzhgtZL#a^_?FkpO|-PMAb*f;#xkbXk7ZS|W*~YOyi*BJ
zx3jykA)|g1aPuIO053?k_|UNOrLBz$;&Y%lJRH2-U0~MH@o^Q4XRC4>BlgU!1}q&J
z9GpLYzCL;|n>mjhIRZ-F%vD}#)Y`)0X;@ej5}y<*)kew{MG+)74d_H955S29iWA-b
zK<`-7EQdl@@|Nec#|5h{lumF@h|NV?Kx`g&?$5S)JKjLk;S&JoTkB2mI<7hKh&!wA
z;Bd9fesW2pteD^KNQ7}i$;bCyA5wMLBR~lW*>V26G4@x83_g6&54-UuT*o>MIc&Gn
zcTQ+>m-Fy!y1>uP9pvl#Aa~w^ta_QgBda}8!uF)X_+%WlHCxx-UjcIw2|<<^jA!#m
z1RBWAe@jgEXY>Ay+&@|P>kN5X<#~f?3_*h3q#AXv{O&9%9m$DdWcB+XuC+&Vv34+4
zBF=)BcNy;Kp{xjcmqD(!yhfk3{n%72B#<O|DPGUI86<B4NwNbzJ{|la`*ZR|rk=PQ
z6v}u}KaYsSZPmAmOd6k^yz$-w1gPzUe;^fWYIQNVN~80iI6YpU28vg-0@gj9PRw}%
zQqz)PsN-K0;OqOt%V=Wn6}{cNcYo#th+#3ZEPO2a))EejkKBH~6&M@t;p67+K(%Md
zlB%b#r?4?$K3M3g=0w&I9Rw$k1QQd#0yyD@{f3&=@7P;LGRo_8n<TTm6w>y6tP3|_
zL1^9&%Z)BBUcS7uyF0Gq83Y4hM&UPj`ZQ@woq$Qk^r~1bU0pc32+PXqd%B@f`#(Px
z0Xz|7pD&US<ic}!#r&CI;eU-Dc}u%kE5{<)-4h(dC>n{k8j6x$HAH!;3$0(jo(=fk
za;9FJTKfeo@%WwUx$gPhbARD1+yNppxZ_XM;{VqV6&fE{`BS(KNy6}t`$(D^+!a}*
z-}jA#OCk6SZv$iIvWCP6|M+)1o;M6;)pZ$d!G$!Q82+p>N_<0_x{$5xIL+Wr84uZR
zMyz>Bk?WSkse5`x+z!ZJl4iLciMxnMIoxwl5Zt_Zv!GzKX9`7!BXs-K8pqcg4(&X&
zDzR|t@9@nr8IRHW*l5g;2lR@$1TU-{KHs}{?@6hv%mQL^vMG3s<^p@N(!qmAv(G=P
zvyfZ6_T($~X{cGCDH??&Wd^!@z^5<!&wpA!ecA@I894CP=<4bUZrFhQ;)1ht&g57(
zw{L4og&cey&{(CNz)M()V>d?~sM}@)=nmNJJN6Lt$>zAEWhx|$+V<-16zAR|e`)L-
z;9fj>s}tcHkbUl(-=RhgAw(s<#fv|6b@6g@r<;~=7c2stC9qce3gvY{S7cLZvi4FV
z=OEQYY3N9&GaS$1GHz+A-A|t}b0!Lu3}^s+ADO@JcUk55caBqjkFm~p88^3;LQ+FR
zLtEPko?bYGVz1mZ^cy(EK7D!*rDIgllWJ71@@+fuj&Kgp(RuQ2zNAJrAQATei}38Q
zYH~;MT>r)CJ#JYjRC?dOE$23Q(bDo8Qt#UTJe16>bJcsieCWYzV`#l|P)Gx*6A3*U
z*pnT84D8%!YcND)qEO_~{Z_Cj>5Dln0?276kW(csygZU{7D6ev1@*nh!f1A}3K-gW
zL*?Kn$o~8thT|%Z&mt1o+Jz$ow`Wuxu7e(dbrcH)QKd7=qu|aG6BCtpNJtDqh@(8p
zhDRF31P>!>7?Sjb=&reQrvhDMU6t-AL&q*kOXpj*>>OOlql6b6-gmQZf;=7tZ%7^=
zMNGT{R3jvws6?WUC2?Q{Zy7`j5-t3+omn(>YxSrPxR@RG9fi4?I`xkdnTUsV-ASFt
z52$=2R+c%7VKl0)%%z(RJb1ip;Lcx;Un}>-pwlnK;g&zoy3&asciiHSaoBy#j*&ZO
zlBJp4bSQyQ6)S)7=XZ$f;Bp@@bdKKe-k0tK%Ld#!)Lv)Jngzq)k{@rapY80gv>UE&
zJn{@a(=pp}8`my^pughnLiXx2rnh-7VTb)V`tl`9H1+jucI94O8CK6wR#8Ef<N3wW
zeiy0T)>+Wg393hG6%#xe@dY$rel#->?S_Q%q_guVtRs$UXgmnyvei+(SzKN|+~0pT
zn}=M_5Dx7u^hNIcltM8=lLku3d-hz;Ts?HU=(>&J2yvs>8~IkpGm6lj`kGK-V60@J
z_~;A_k->-6E)qlw%B|bCgU&F4S3o#QxK5mplH0Mv84NU}Idv@~S)e=j&kp0M_%YMM
zR+?33RAfvKYj(8i(FLfg-Fnhcw5$oB5m_Idj1}cUJN4%39H<_gO--Xr<k6sCkkW$8
zy{2y*P5oAr6QfdL<|BpoRG)x2MMwG9=+M4n3wgx80QeSPuX!tJR=T3QZ)x2?vIjeA
ztjOBFiKh-^=QAk1LBqeju}D|`{!^|)z@)xGLEOB&T^$`#07LQd!cmiiLDf#DL<)tn
zKZ1|}3a`Js6(R=MbtKwzq^1kS*kJ8K7=jWE)gY^<rZEZi4@(b+8O4xrwl+dFkBm+4
zfd@@gT-+WZ43il|Ac~E*&E-A4;D4c?#H)E&Uf1%yY}SDe*gC4HtLt|9p4$b2iZW?W
zsQ}6;UhID}@xuWv!SUK*_EoSKOTI|BPUXh6e0zC`P~NIVyTf9Mkg4Bg{1M&};#e+i
zQ~^Ot?7(19SQ`oJhaH{n6>%9qgjrm>IR`7#H?o#Vz$?sI!DMR6Tkjoa#Uha5e?;`H
zj^LBnG{CEdYg12DYNiMfOBtc<TPpr6JmH@~U5!8%tu}w7556+j4gQ3X0Xznquwn=0
zgstN+MK}kA=}eDLppboPSmXq#Np@(ju*@?NL!HDMV%2}e{!jv5+-30gr9RaEiiU1N
z^a3UU%_6*#1cf9>|6@6O91$fbCg>?D;}n<9An?PlNE~_)ZU(w3ZJU0>8I>bIg%!w7
z`g(d2I-bD@4o67*JKV$Jza2`w`3o27w6%a7zv+fh>Q0%$Je)R>IyEKk;0b1WT>d#L
zHRd02JjwEqP_gN&S*y;w|9Xy%b!<)LwUv~VARBpa@#Xa2G@nsi+5d?3NsCV>5p8O}
zkzT7XOI*Y;70Qk2(@E@Hoe1=7)UefY8lD|fzdxEHK+FVUe*Fy&*o23DWA&|-11{yQ
z%LIQuu`==6&THZE`&J6jD&B8>6lm3`HEhkVv;wz@b*IuA=}u#Vme5SZ#%}f+D+v}w
zj;O1pC1KbYb8KaCMa3O2uL0DuoSdL0!n&~xqU$zs+LpH@Up{QT^dV?DFgzKbZ|^j8
z`4$CM<NC<--ydld1`}@dO#&5h2SWaYvb%MSh3<_n;Ce$0b6kpUhwpSMx4=g9qX4^&
ziTnYn<6<Eo8TzwY807^8(Jx-yd(OdHKl-#gqV3ScCe1k{v}Dfzq;%dG{}-i$Q-4fi
zV8&4xj$IcSxlXrj;)4htQz^?==;S~H1UCIAhaxuX<z>cz?1a5vow6K2LZBHDH_dIy
zJ~g36W`%`?E4CWDhlL$OKM?qUvi$D8_-5nue-SVn1GTlaQH37t@ArEl#5vR$U$$Y#
zDp9ChV1D$b=`w33C9<<YpZ^c~#e)9=w}}1<e*R0?N1;JNZW=q}SbzVZni{e6(EP2S
zaP6u;!M<ch_+3FNnMQ57I%lbf{)_v$QVEJyWuoG+sN!C}T!mK^rLkMLsI;Grz3~cB
z5caKP78e&o{RPo^+-kK@GI?KUrt#}5WJ#sCev~`?1f9#Kw&at+>0gm%t(3C4H?~z)
zcH-4#j=B_fyiTA)mB$L^;laV?;<p;~J=VZjD5Gklh+%d^w7Nido&n&(UzVo1SeK0k
zVLEHmI)Zud$pQU{K?Vi}Ln#!Goz@z(ET_KI)KoveB?Gw-M~6yllMUlGSZWjK1of;o
z$wj{~ZsXI!!h?{2HGu0T`kKZNAs|F7Mpb9@Cc+$l8r29jk6PmmoM|6>d6)SeFO^pz
z{H3}TyNpJlym```W+|y@?V8{nt=-pJPS#qr<Lo*qsdNw}usc9Kj7rmTK1zIeB<5yQ
zQ`mCZUklLk5!jpj+x$YDo+40!jiFZspfxBsm<eYqhym)9-cDq;U_=A^QOhpFT-!5x
zB62gD_Ih_6WP^i;fsB=UtYN61OXl`@o|STYhImmTh?K5bVh)MpwSwcYw?&|Ql-;@q
zRHp9mXLfo~glR7eOR-eAA$q(vHWbw`!DV8?A#%g@O$K6P1xTVsc_DeW%BkapRy!tt
z>ocp`&3ejKIE}>RYvlucsbkXpz_-+Nz{H@SAYPw*tlv$}wK88U64c^+$phA$TfFj{
zn)MjQQn1!SxiFhb)ud8fGys~MyG9u6?!u@sSB|DWtRl6|zC*QlU{3GQ^zA2yKTEG7
zsGET3K(#Qbj2AC#K4#Oh#o+(5Zrx*;S%NJCYk_Y$y#j)iUAuO{T%kT*?@^s~!fHv$
zGz9w&r^bL>IA~{PWGnzS5fUmfTf6>@8p@vB*n42p`eJO3lGm3<X{?!@#FZ+{d&<dt
z$V1P}tOM}}a|!J^U@!xfJ+J(Z+{_q%hVX>R@VM*qX2&p_69`xE*^=zz{7tdvN<}a#
z17Mvdyg1<VAN=|up@cf5oWWa;Il>^tej_W134cs<4Om9iqSvN6!s%nor0`BW(dfdu
zOMkHUuk?t@G?qGh7f15tm>tTeKJ9nxB7>v+>-V!r*OAy+__O!8lfiZ8$cWwLbyI}?
z3m!rt{AXHE5DEXcf)YDE6XgQdcfQ?*34}E5|B}oT#Z0wFnVB-Xb}`V?F1cbp#J@I=
z35@Xz*jCBDoak5ayoePSWX!#6S<QJOKmS$I2!8TJ|0^Hba&>*+QYP8O^^Xu8FnUcc
z54B|4jNgBwMx?eYvLxu1>v!&KiqiwWDX%21^iVK^O@K)Lw2XpV5s)d!E|j6rU_|+{
zjiu^K24}Z$ai!xQ_itM(l92N9a@Q}u2i8q0%^v*m1LdIK;Vpd{MLB1FVJ#uJBJPMu
zu1*+Z8G^VGqf3_+;|aiJbc9%EtYK3ABaZ*(JXj+9-*@j<8jgC--)Z=6rV?|G1cYs@
z1$*sx#t)D-kx!5?+Y?9@*}v%#3?aS_eyc=udeEakwJ;~0&=@JZw#@#GU2Kn3{X$d`
zS>IS5RUBusMoJ|pCG`D<^;~V<?OWRGVwJU;O7xu3)EBX_;Yo@PlxaQP-N&@GO*P!m
zh6~t@eZSETGG~!G>uSg#1VDx$9{2XH;^GSQ_pcVFCGDYpz<z*`yc9}DR5Cg{r6Cbh
zmm7UobVQ`_{2%;7sQdl^U;(dUbm}3+lyuyHd`uO6DLU~-&%n0-(R;!Lr{LYY)DLt)
zAGbD7L6hip3`8KJ^DQx}cg^_a-#GsodeR2_T9`1nwJO6>Ll*!z!S$vwMlh4yz1#i9
zjRGW<Y8(7Rchw~t2&JSUBKxfADg6LN93c_QJf!4=$}t*(wzZtwyY~%}&orvf=vZ3l
zYPE=MC$FQpbNFy2Qq<c0kE`kbD#qwZG_BDiESF&HQr7|r0ctRiYA6Z1WMpQN>GvJ9
z{Ewo-bx!ZNv2iObEA3t?bYHiW+#UUzdlA2^_kHG<!&CIp25;aClv}&r;u;F_@-`7F
zBoJfExwy2ov{XaH+95gA-IvD>%*Omu0dH^t%elFqC>FO&4nHUQ>l^Gaghc#)<41h|
zXa6d>Xf|gaN|~yj3{O>0%mqDOqsQR_s`hgnD&)rFUAEMi4Wl{k17h_AbmD~*WZEeJ
z2eGDWyk{HA?u3<H-_bydpm!D?pTQ8kF`dAzCxfLv{VTK+$-Gtu=~n=k)PhE^&aC0E
zklW+{<rIzD9vxcYI5swhh*EnZ3$B=;h{-sih(Ru!J$J6mnYOE%<s~IYo+nn*QHzNZ
z?m6S&;IK}4legj{q-m4$(J}!=J2V>h7}$BD+4l`+YIO#Wp`j#7c#E{WofKb(F~>QO
ztTz@9QdZ8rAMz_-QFA1FdV2@V*mw=4kUJ~3?M(>&&xy%7Z&C1m`k)QW{1~kdTQX4G
zD5fAX>~Qo6=V&mxT|2t#t*$>7mfWShhZx8-F~71uP=lU2K!XFkXD|<uk~7Orxeh=Z
zSarhHGTB9R<-pAPlxZ^K?S;qphxJV5CG6!KN>B9*43vawebd3JyFa7rRL%>Dh@^*<
z(XVe*;zw3QBpI`3Cp!;RT)lb~;x!9X`GFhkVS-XlGw4N>h<1~ikkO5l#NeS*A6`7m
z&emUI15Br*mGTX(8%Te-2fFn~;<P!0d4+v7bK=P$h|<UjZ?8x-5gR5Ozh}?|cM!^P
zsE+QYni=MzkLK%Fiz3}6TL>)xa{Pi6N<*eYT+IZ_dWCR5fV~M}-kq9SV<FMo^jy7&
zQrG?7N)desEC?ayk*Q@H)|_IlF1atXUS)vr4SJmhNi`OW{CKlNy#cg!emjzkat*b#
z2BC)o3MxM_34K*e%ZPtaQ<*DyL9)eZc9o#W#IL8g+$uq*I~lR__%t?YC`3~~Xor3c
zTDEhFb36VX_!c!bcyeD~$R8RQs2xWix#KpmcKh}hSdZ3^{Py8QnFbtghq53{Gzd<n
z!zDHJxNB1>690QGohdqHht$*prH=L~Kpu)NO_X^j7!1>EW3*E^;f`=<M2-o_grz!O
zDqax~9DJ<QNKX%*-RdxLEu6o^#k6c}LA8~;f(P39AaFD_M=vBy$Wj|)9F8KkCr{-|
z59swP2wMT7g1+)%7;0%7=G>iv4(u56Iyw*waROd+{1O&-M@47tg~dl)d^{bZC)7<R
z8GUXQ)Aoovq8{s>f}4n}hLf_hDGlC2+b{mydgIL-INbu9+d<e0i|RLHPNKhq@&8H;
zFYDTWW+%av1?=FO`lNd9FESnlC^iY5BpE>nR8ky%*MWb71lCOQC8+5CmaBAb1j0ku
z{1+&J${@Gy>fbnEd9<-u2>LXSOYnk-`^80BUW2h!1W}MN-by$X`$|E+#KzO^&r}9B
zii+Z#H#4|l%t!&6&L`w3EQ;HbKrMhxKMn~&)m#pwpKV2K{5~#u2%Ou^r()6+>THeX
z8kl$K){7S}Hq0gjEir$?gF4yP60m4iI<oWrzP9>h(Sd$`eqX+Pfd&Q!Y-2xv9$dw8
zcG|ON+Kt)R8rfOB_JW_Wad9arDX7r_u(H+qo^E)fSL$qnKEb`L`j!h%WkG?Uu(0<p
zPT*I~ZvjdL*k4gvXORrRV?<e{9qcCL4L*u%Z%qF!(;!WOi?VHwo<2U8xJZZjs_dcV
zh%R&`K4~RvuiY~N3d<-gkaT)KI?X7b+!40U{)cqbiL=V<>}FzZxz~AA&n0EDOuCI<
z&2mq~>{>*6<-UkyfaXH$b;O&!vgE{1m1F-8yY7w(*NaPGp8flkPJ~@IdD?DW0*QXU
zY*(KcDPCzqYE7MvkN9gm?H)avD=1ucJT2aggZ;U?=aswmOg=(hl{?WcS`ohEv$37!
zZa7O04-F;6#!{c=!n6{a3J~KFeAR~&Y#VYC-BS2N9_XkGk+!yS;G<IS(RH7nYKz^}
z2GbZd$T2~Thslk5D*11K^TshP*fpw#NhN5AYYLUSrn!)(-G2Z{%~v!uQc}`ug%yY<
zC4!(H#omslrMa_b0}m12nnfmKMRY5_x@hjQZq!J-J3H%NUb@hJTv0LKeHzDy4<E4p
zu?q-?o&gh#=CcyT+EAhuwv8<w`ERD7yDUZpI>vn+Q^kieZ!K+Y9D}F|JqSXj(w>};
z7Vpgx7}N$|Xijn9&po5?fKXhOffa8$&0*mUM~Y6wS~ye^k`6stVPPAzV>>RoKbb-t
z*>;x^DnG7tB1GP85`ESIH-489{N{_Z^%sWnbiL@%sZznE6?}Zh^!0_0uLb9Vmf6hp
z&<N6C+BbF@%sh5oWt#C;9LY$iKhYS)LJ!+2W%lD()~zx!V>q5PDk=)-EH%V;30ia_
zt9ZpKu5iw?N!PQ^jdwBurwY)bZGMQQ^w9B;&a$IbypGn6ivb+#f2^gW)6v<f4p-;i
zX{qDF#HnQ_xn?D<n|Z#LyfTPE)2()5h9{^NSR6#B)B3O}b_|)CnzG6XU8WoDaR$=^
zUXA@IWn*c^n~U@MfQ=)sM&Hy|^bIQS5EZR3Q^et{5|jhn&uGM;eq3Cnz}90xMS>09
zIwx{WIx8Z5Og@3E_P2DxV^(GFukqZ1LwMkUi4##*$Xz@SLS0jo!)agwMdllgX7YN`
z%{1Ztii*n91KywtfVQ3obx1+aLkx$Gd1ajCL4V5i5N(h8dU`PdQO5TBxCaXNh1u3M
ziiQoLl@yM-am&z0pMc1pZ;`%sR&u#|oX!z=yDs75YeFK`+S&@G4Q-cun$<cC(C*<l
zFPD$q3IrWiQqrB(_tO9D!Gkwlo)w1YIejwu;09}fD199rGwHS8qObfCN1VO+PCiWz
z7SH&^_V#wv-A)2M4C$1L-j9%V*4%{SU$fKe8T3`_6Zj!expP*Y%QJ}}>rYB#ErgF3
zam(fw-39qT^&|7|rV3P6o$;7OI>+hmZ<Z^=%=Z|5i<L%r$!bD~ppDL{8B07Jp%LN5
z8;k8DDgps(py$O_3h9A{hHvSS3c4WANj4bSx?+CEke>{|gC1y#qeoW=2qZ0ihzWJ_
z#EJ6yyTeT%Dv3%#Qk+s@IArjQ6v~S2r;Q=>jL+~5HRuFTt&Xj&!IVB2kPsgqK<|WW
zRvgE{VGgp49ep8o9g8v=;eUq&aWtmm`dvShKLJEk>D|!KMgRtf7-+S?8HHej7GAsd
zQ6x<rr)m}D<(a~pz9SI67tkStW9lCn3D)^`b)%B#Ka>b%3zYnvaeS~#?cFP5Kk{76
zi1Xx#y3#`9wUSwK5Tg;_676!(XlG?+;`}Qtthz1|w(gl1SzD3OK(@HrhHBshZ^gA0
z{~@_g6Ttp_pUW&4+>06nWvs|}H+t68E?s#gg)$_427dx)0eC?{Zvuh%9Bl1lV0<gN
zNT+Yn&2iY>CA2`@M~lbfm*{xH2^ve`$_B^dKoj|)y%aEfx<2UaB&^!-%OR6ol*du*
zNMfp4q12atB5&>{A%S}I`=JUMz`qHrRItqT;p4|&Q20A?`t)hA@c~2~YssorhB%=j
zg>`ac!s_vumUjv4bQ>Pb<KS|#oK6*8euo2}BCu^^>jh<%GI{ehD<+yFe<z;0#NL&+
zTMi%D7(5N)zxgvce*B6`l`<)mSfu;V16oM*&!0wG@qOBTArjdZ(bAn2%kJly%fE!x
z2|L(WFc8r2AfhQA$li$u0i*D{fq%X7&d%@CNl3i$h6s+oBN&b?oC;jOKCW_tcIQ;v
z^xgYL2dg=Xid2?wQMN3p4&O1*^mFlD%OXEhh`gRACU&Sz%TnD?o$nL&b#C}Ya`yRe
zZ?3t4B=6+%3W~rtS#ScS;-qXp9j!rIr6R5kPewjAJwI8n@Z<92?pj@=o#(&LIK|UR
zITR^;sXed;wLQaBK#kqUq}?W`=PRmqR98inI2*l6yap%al+=K46QelDD4|VZ9&iA3
zFZRhxNR_RA{=s5fPl!>ztbaW|-EsW}k&d#eD;r)G5Z!~o*!zh#e}JR|!$KQ3q7i`*
zn%RQ?LNJ8=e%t{3f|}11@Z;cOYvf?y!E5@Slu*HX4-E`hx4hh?z6gVQuMjOLzKrwl
zA99-HVuHbg8Nw?fpkjaZ^7Pc`k{|uD)Z_JEOoTV>{!jO|o%HkfuQf&2g)@kNNIrmq
zZA9(=<eKpZrY7>h?NwEp-8>H;Jz69n7cUp!jCy^v$OU@Cw#XHKzBbP!7n}kdEk4IY
zM>e9F5{`3G<$ne8Tchgt082(JH=x!Oxkvd@4&3z(gb#tLiTrkr;jEtYCiqgHFti8p
zam+45;nI27hCrLD9x74v_U%bXlax)70hB$u-@J7W$zm-{y?nZljN6gKgoRBBZYW(@
z%%de`e2gutg+LIJT=0;CFmMQVE+aDbRjcfFnS*o(UI;v^rA3^diz!uk9-W2NtM|Fu
z83-)iRughVO{(chb*oFSS6-V#i80iI%~>PvW8ZzGrHb25W&1v;gL(O7clTG<i(SVC
zAi1T`>wD$xGTL>VkE2~Y{z&x8vu`5dDIlRf3{~VYSoWjsSET;#UXU3WvcTNiE4Hl>
z6zqhks|6jV;5XK9+&l!7H8eQ*0q6inHjJYO9gS+%z%E!877bwOYnVOH?MsE8+m-|=
zQz^}P)@h9`6CIwT15EREsAe8{`O+1Y=f~uM{*sb10Y64-DNYny#_c*VIZl~uTmES2
zl2x611t_C4Xnk%N)U{$_Rgdx^8_2QmJT#>4_XD>T&a_p?ZUDj`K3p@T4x>ijFF6z#
zsZwiDkz>A|C4i-R|9DD^brQq&OW}B#&;jq8lO;wUwax^5eNH0HFIU>XN9%wF{*cD8
z$h)tu>}_*SNyD>6s31NS$+By%+u65r!w`nk+v~!YhG%OS3MM#gHV~aXUMkTqFL{_$
zcbrUv`JZ*`tM9n|wJq{EiLHZ+>yow96K8|Xwj!qX4bkGcbvmhz(ap>!c7+dL>WU^o
zp-OI6cAex@ujpm=F}dO-kw|BaeDv*l3-#_6J*wEcb*c%z9BIejHjT~t;G%BZd)pzb
z$koD|9<6#~5vA+>XU75F?%?+2M$3R^BX`(qL>wsYU&DmqZdABmzZH&8YF{A46fqbx
z_tL(0qvcF@LIebj)m3#}gImd`v`woTuO5;&lY`}rvudd*Dj};qG(+@0mft?NsU#>0
zXF{fe`Lb@=^0B1uLTt-6+?;IefUV&Kbh_2rS_!F$kYr!Zh!S)1fo9A?<u`9;+BJ_Q
z&eu5<zR`K&hoGRktEzzx_lL|Oil4p7_vL)!ZW~nZJ<h#3|K7TvISj|!!fTjgW5YVn
z{X#|~h1WA9<qS5wjUVsjlf2;gus>QY%<-v;ZBr0v#b^rSTt_|aR(bFC{*VgzaElmC
zhC2V8s7+cWX{4OK(StZ}vEUBH-`D8)Cuz+`^N+Q=tGH-Q#@fHyGIuQNt%JM->%c|1
z8W+9d3-4sBCPpj1jkL%gn)~fr*!sVUj`e*h8o;q@>%C)k<@Y?lkYJRHPWCD|z2U?~
zx}&mGQ%uU72<exjXx3_d_wGw}b_(@+Pm>c9GnC(X(MS7=9Ez)pzIjV6w^dI}`B)Lr
zMn|%WV0>w*H!_M|=#+owj!}+Fj?VeJXFTVJ)tCZrM^7q^!tPn&`hu)uGo`yICO@O>
zOn-jInVkZ$ZZhY;KOSp;p4FRqfd6Sxs$&l~gN`Xwu5-?@z?UwlA-?e`Gs8YO@P@Ci
zMwSyZSYe)NH=p$6KH873U!Q5NkhJpd56m^lk_*y^Xy&lfsBGb<3h?e6kD-jNl<r+U
zP@hp2+|GB(Mk04`OUfqE$(?=KDjy$P<$Otfuy1W(e}vOQ|ENLvuNDKlPW(7*zI5U6
zNurEFzv+-OdEqcaUNYg5wDp6YUA21h>@yb)s4cV<F7&`Q<}&Z8Y95~M4M(KGYFVBJ
zhrW;dM%QVB>MBd(X<TV(xuq)2`uXRAikN}U_6Y6eKL+V`j4ZigN~Xg=CAqkx&SC04
zpHEuuvAPW#ir<x$ir|U1sH&<)$~a^$i*)JA;G7q9@ObZs;K070Wns?`#=Mtr<>q8G
z<G95iR7%FGU3S5Rk0-UeO-G@~D4_(*SPy~G!$(zH3d3q976?fyL%UzzArP)3nANw~
z>xN8NrSs=7b#b!^L*9vQBlSx|wbF9q^nm6F?Yc+w`{gg=nyMO)L=3SHT&!6?UX*H9
zcD-O#*zng!xi}<Gk5S$1v?%xt<VK?k3N75r^lLIc-)vS8CJtPbZ+5XZA6OhX`q+O(
zTD~)RpxZ{l+-YU0tJ`Qvm^^dT%}Dj0WcT{^#+bap*Ry6#=NMNy{=Ic|anyCEmNM;^
z{c!wXWMs_Zmu+=uB5vZ=@lBl0mx`^oOPqTpFu7Hi5m#Pvwm5(}UZpbc@m4IHK`HX<
z_+!$GhL~q;HmsSobA1Fo+HP;B&#7&Q$8H!jf%C>!;?)=w-hvhnsgdRhw|JXg)||Ci
zK<fj*h(5#xlLbB{B^48w(e?nS+e8c}LOV$$UdeHoEsfsZ*&Cq5sChUhh=U0xCgv%R
z3NRbmp=l+*YZIqv>M$kFS$y$ZFJvo4ohCmJlfo6zjMQ(Fh{*F}qHhlywS0spr*DEq
z^PN3r=a~$3>^l$it?uSw8+Z9qXgLt}vSC;2ZTfA6Cd5TzucKT%Tl4nq09L4@QP57O
zNq~!^IF3=L&Txn$#BIE(rK}|xMa=b|LzoM1HILk^JEm>E6hayYVlrl32yS%TL|i7b
z<kw~Xpy9B?b2u{-)Upx0k0B!U)HPJXSyG-wCT$@kcg12?88_bTmC44h{i>r&&YqR)
zsuz9dOOH;wc{K-TA3*j!UK5i9-?2D1<XZ7|&9dmRwx=I`57B4Fna}dT?S}2@nu)bJ
zhEx02&+%D6|N9um_jGbpsr3lYlDRWaY+JuhR?d;`aWY@_ew{b3WCwcrM~9N4V<jCI
zy;z%dvRMjueA9T*;46-$nwo}b<J5pnTazi-*@5#~yPo%bQQLe<duT!2WQ&h1ivJ&z
zKiSR+>dR%u*eEb}Jsi@hrCs%)sZ&EFK7W0`S8w0hv$3!Lqj5td&!wf-IdxczY3#=U
z=x@R40R5OfrKj%N{!sWxOJNdcy8BNfsf9D3HI&AdcPPTnciIunDzO7pO5K{`h&mkF
zkoDpmcn$q$Z4My?6ONn2;?LOIcQ>Xr<&4}WcKj|%kf@v5sOfCIV&9hY=#;P)lF1sV
z&$aWr2W9U8FTR3fHTB^M<xIM{{P@IxIQf8f#_WvK$8V9vPknp{L1$RY%{RT%oJ^eJ
zn-quleKyT43lncw=q|i4nzy{Ogzw0tq|wD9zd%X(SFI-)e2e;(bzDE~7K_Xd9%@;O
z=oX>29dbyI1p;zy=}jMY?aI2tH&QvtDCnw;I@*^tDl0X@zJAS=mT%R0_MIEP85N3b
z9&;=Y&(LRZxX&zgE!$apadxbm^_XotRCM`yjN;KIrQv;-r~*sjXiYV0*4AygCuyBt
zuC5(h9do4fh~{=sT_B&%oVk<DoQy`hqp4}nf_Z$~oq9_W%v#Y(4x_}aVbWIw;Y7tk
z%YC_wdN=+?+_zaqbxAqtW8Fy^L-R<fHT36a+j-|41c$U|4`aFT(T79VQn{s(0hX7Q
z!9~b+%fmE6y@i&?0h8Q3uVBkdWfd+mE`v2Vto6Jy>Hamd-vBkWnXVfb*&dhl@^c{3
z&Gieo68X#2Phc)bsV!GHi*Dz}iyBTu>Pr0r;y}`s{nVBc(dg}G{nbrDg`oSCUwzJ>
z&%dD>+4UBj%8lsxt}bZ1anq(xo2HQp0ARc|7W<C|_))`0IO*gUTSKH(R6?+oK=~K4
zd<%K^@KOk{R~Eda>%K1GC0TXj@X9dhK4Y7AgOrxlrJc8Fr{4)BWxI6M=w_Re-wife
zTT@d~oZmk*HNlC}heVDI$4**j#?y0|@*V;s9PTndJLOv#&3$HD$N_I^@}s|eiGuJ(
zDnvDVlX39;Or69D@xIWY?=KB;vUK0TEd{S4*Ao?yZaCXrdHhyOU_d|=<<c;Z`b;97
zOKqhSZk3&-A?VGp8>$nHiqb8oh*p%AD&we(uDGQ08;F+?`C%SdIwNP(y#Dqi!VDT_
z`k*XoQHOJ0$a;yksXUicEGO}QWJ!1sl~p_lfPe>)91<xdS~Q9Ou*?bYudU2Dl4aX#
z95`2UWr$i`zW5B{X;i9LzH?w@od5Xyf4()rt`o0jNxbpzf4w_9XC?Sq*0X=4v+O2O
z{Fc==iGNwLI{eF02;$$VZ*Rd#t1uDUg$qV6(#lJCf@BdvQ(t4Gsab^q$rxl^V}jH;
zP7z9lU*}vD_f^%^JLeFubgv6yzz$5%SN+mG0}liiJjlp8Ku-aPoYV-3jGTm5-VX`l
ziQPzcmV8f@`;-Bg4}c%ZdJ790Es0gB*XvHgH$XU-<n@u|A^reLLke-8{aEf-6b8&H
zBFmEGSa0N2>bj(JU5!#|%Fa&YcDUp323Ui>MRZ&#-2ZTAYbok*ZZPJ<3c}<5dQ%))
zUAGb@-a1}b(Bp92Xw@VB!ac~BvF?r1-MF_`;B-WLeo8={U`t8cFAU=ZA2%FL6tUds
z*$D-Z`V|XUPn;U|Z`klDAyP;Q^9QTk*@gJ^E1nd}jC6Q^k1@#}s8{{$EL^ac^_A2j
z2xoo1&B;pMAE>7Dz~11oooFq<;~&h!Kks70cjmPCl9LIR@w{ckOO+H3?N8imeC7WD
DYnFjH

literal 0
HcmV?d00001

diff --git a/docs/arc42/revocation-service/images/verify_status.png b/docs/arc42/revocation-service/images/verify_status.png
new file mode 100644
index 0000000000000000000000000000000000000000..8442500495b1d8cfe2b29afce4b7090acfd588cb
GIT binary patch
literal 7252
zcmY*;2{e@L`#(|<LMq0-yrS%keczHI^~#ntnn4WVwQq%rFqCzMv7{*3$!=_AFlOw_
z7+W+Z+e~(2EI;+u`~CmVdCqh0bDqzAKiBoSx9hq-ad&PTv7F;RM?*uyVtm8kZyK7@
z@RPPW!<m!!#&>Og8X8_6V*}lLK@Mxvl;L}$2$aupIpwM%N5OUTG}z56X~ys5U9wH&
z0SX^VT;4EV@e(IBT~Bz)^hoE+X}e^@hwM?F!c|PMKiFa_80cJsW?y*w?QaF-65Y3K
zW=vaN7Lhf>v1@*2yR5mP`%{}x0qvZ>j9>qHxXU(sS^jOl{)^?AZuRdE?gq?o(cc&m
z=K;w-aQ0~M@8(c!4GVnse$Bn#z2BxE)FW#D8^G8f0KE14)AhG517WKZmAyr|5!Zfq
zhwBInNc%0^z8|&7kdef%2|q8OWvBYj_vAkY(8bziCaCBU<&C5jPh;5S&3oFT&ki3Q
zQiqY@)S<REoyn%a@;_i+5vD5~S9q?7T#+c_P*VPh7f^XDD1~deYLAQnH$J2wmgWP!
z(thJjX&!bw?0oq7;TLwLjIX}<JeUFe!@%2-dpaOilJ#pPzR9crKAg-SQ)#+mdY<>h
z_Pp##=z%t29(kRE8yCVZnBF%v1fBZhe%#Z9%#zH$%+-3!0bVq?;^>U=Ck5DV4&CR4
zPfWX_K>8GR-F%>r@3hS-%wMJV<{yeVm~7-=a=7*6C@@LV?LWGOe|8BS2pcWLEqO?g
z9yM^}PZpGaudWjKGj5H@!fNP%iPQZvABs^GHvbyKonv9ET=c=L&m^U+Ma({Un@>cK
zZ^RG*Qh#Jvi`&h^!TLIlX44L@{_Efeb-J$+^nIesKu=PlXEj;Z50LZ7t@kMPU$#d0
zs*}*k^^WhGJj)#|A=AkYj*YU@M@7_YW*GQghy*$@;2Zo5roaT3`<shKb<S$oDgTVM
z?Nd*E>HFSQt-2YNxesXcrvCTKCV5^`T~$kj(~hrJJfJes1`DDLCfE(<1*cx6`qkV=
zJ_rx-Uw>2MM0lAV&TU&OFky?hRdVbWijMeH)&I*dZu?%R`ji&}h*z~<c$=?e-$*e~
z=pkFaFY?~?K3}k-O$1P69O%Xm>OJBuEo)jMZLvD;6SurG9A>J_T+oetw#9yNHk&h^
zxN=MVrRsMp<AtscFvQWpYQokJg-GL%b-|}-e=)RQ%KThi$SK0Fz3N<K237qke&xk&
z^uvE9wcxKjpmBK=b&sNV#<q?g9ko?cdHA7i{H%!#8J~PvU?Qh5yjeb++#-fgZBn$a
zq@-<iwC!*0Ecu#|f|bMlwnw^<j$R>^?=T^2NhbvA`{RxeiqEyCM^+#~j@m4WZV`~4
z`Qn4L@tLWr@+?-Z8Cc;I)oFiM;Ha5>)jn`#T8c0U@XA{Fvc>6mvrbD^(KK?2kRINU
zA5-Y~w%@~Z{BB+Ucd9sN=4t!%lwY)on4jr<s-qhDqZy0*8#mJce4R(>^|<m*263Du
zg<lDJK+0bJG;)`;^32Z9gdS6V3~?DYPD15#poT`K(L4lX%i`cxPh0`0a#=TT>b)NY
z;=VF?2zvF;at$?5s<f9^+yBkf^j2n5q&eDWNB_hpIdVDrqu`2bE5!wkj0p9aX&ydx
z)ITbT@pV+!KB8ERR<?Y41VSUd(py@~MBjhp0kYO%*5`|?4)Vu>CYs3w%XU#m(z{7#
za)}dV1zx#_<Z>|!)FC0h6+sGqct6B#U%`E})>MjceVOo#=_3;pVW*U;T?W1@b6>Nj
zpXMtiOJe53(TtCqV@UYY{6F|;*1FV{#dV^?`^ocRR?W?ibtmh03(~6!FnEs{(|&C5
zCs5N*s@%7(MSo>W@)GjpSIMC2{mT^~<_i%K=x~WQgQ}J<Sq|{JVOplD6t(!2wU{G(
zW8}luO#8HZ=j`rV7qR{`?HQ$!h3ArXBbB)1bJY&L*O5~0i&zVHa?uNJg4cvrc`^Cb
zv;;T)GK=T!ev&opJg+v-9fj)Pr6Y*@LVnAo<prO;&y`)ZS8ZoJRk0D`R6p^EBfLlP
z9S_n5NQ&Bl?TqxmjoqI1^>1zou<*Cj-p8d$QA18v<jap@Me)ak&`;5e`8BwemYqrM
zi~cM7KgiVkwP_)v7Rqk?FC8G~-+7iFHmJEYLGx==vp3#(hm%pGK4x%@s{R0(;ha$9
zBUj7|TX-!87psFO#RKip_@GagC#Tgh*yDi(%3^$a=<hO~4u7rcJ_A(X@n(^Q=IkDp
zb+{2>Yug(+Sk^$nZhcQ67PmGCwv~(b$`fzS1SlsMMHp87n9jFX`FYg8jmu+x-g!rW
zutMbn`lYloyk6nPCepsRpp*oBc&1@7^BkNpL?$ybe80DOWmuHS%bWShho%|hl)8Qo
zjaK(gkEN*7%5Rxw8|4t%yNz2t>ms8&B4Sz}mu(MslZuH{DBn#^Nez3i!Net=TO_ly
z+SHmy3(8rJ9~{ioRYLatH5S8~k(Fz2z9@g<b=6Kiv>8_?w^}_@$vE1T$*L`%{Ul`{
zN!3hjW1`nG!-QN74|<$;O<!d@I`_blKvAA?>+5)1CO_Z=cqtw~Yd=fPj10w?T7>&u
zM%c^GwTl&6l^>6i%e=3tQ?S(HHRT!q$nESlMQF;JfAnGiBx;ufrL~KAmq?SMvx-x7
z)ee$S_I?kQ>VQPa?_b#&*Nl**Za-HimD1IIA9n@!d#Nr$sJm~~i?k+Htmyr%4!(A6
zk<wYYLEz^7kj4Y6*76-gfZjDPEEg!V2P5|lG_PqC6g!?F<*t@tkz2#)%UGBBid$C*
zh4S&$Zx+{|T@QgKZpQ|f*PtgP^!;W|Er>&t=2nrY95;968Xo-A6B%gm&YL=JJZHJ>
z^aS$ZA^Z`Kg74<S@qV53t;kH@(2&U87p7|?03Ls80u%4*!ZtzG>A5DS-bU@bfA-46
z(fk2LYCE9n>sDw!!stl8+FkvyuYv24lS4QOn_Y(jYdDVHO<#JptKq+2ZHl*6idlGz
ztvcXLtVGu@dUy4`I2-D?x|Gqp=B1LfC4i<&qyE~LZzQ6>YPd<)`45$P;$|MF3HjQC
zH2p^yv#9Ly(RO})r!kdlj#ip>kcIU&sHpqQ5hjtyDbv!jv|UaLZmlH0z7+VDsO2ym
zge30eZ*Ap_E>Twsi#CZ4p_7VBZ$!=E4zmpKvr09*wykN0Hk|DMT7w1$Nd>@Wg~U-;
zZca$!waxKFvNA-5ec3QP*eTJ$1IUqW*r2g0T$89~3E{K5`6QR33|;GKcR?FI9+z+<
zja*?6MelNYA$QFz0An=LyU#NHt#|hrdsLxS{2D*@%o7)cCwilMc-uWw<869l*?6<@
z7;1nOsCS&mU{+8@tlDMkU5~a-YWjRSPF(+o1BrFhs?04l)V=+nYbSHPcQ&RC)RaFw
z0j=ylnz-)7x9xrWP?n)}zp#BggCV=_08-I^$JKLWt-8ttT9L-4FcYd}o+-ypc&@gx
zn_*>dYtI%(l;bC7?L6Ghju*?0oIEVgJu1BKCDQBbGv8w)V|mQc>!%xKGsNp*C-^nY
zuY_Vqi{z=NsSs30<=YRK1ew|g-VQGb!4mzJhx;va*|BF`5}6d51D8c7lEycb$=<_l
zWi>mUQlo}BT>62U8l^tEFLyD|_;!3&B`NL1_;C7~Em|r=;6nA6^~ZK2UsRpcIUm1S
z6LZKM<?^;OnA4-hH!yU_`3ObH^@Zk<d&vkD>Gb<wGu?=VO#&)@J|7w&y&IaHyR`T{
z#k049D>S9)d?mB9iX0=}xgTuW8?=U3xDw}lw6#B~Y0bziL`O&@{R&UJ;^n!dI~M|y
zZiDbw@jPYnI%OYAipsnm__gYRlRcmx@?fHpO8kHucqqwCtY6Z#eW6Ox?46X+jzy%x
zt%k5enKA9i+SPs6q4D&YG-$TU%*18Z^o6;_r-T)wlgKPcXHVw|`_r3(|A?x*#AVTI
z_Pu@=784pgU~;D;q-0lXKgh+Fe_!73HCt?3TzE?q7`*p)nH@Rx4scm)&e?XVnU&Yv
z#%emR!91(G(?E|m%B%x03AOo1F&R6FSS-k@;2RthY+R$75n~?`A-ftIL6`2Z-}_R_
zu&z2balPU*yfNDfYp>-JIN3-1_{ncULm^t(0TucHAKFxFK@^`9()gyTM4BFbA1{~=
zsk!8zntzq7tzC99wxy7Rr;E+$UV^SdzGH-4!n^k}`%0|os?TpLORg%_l8-iVPo$$-
zxJ2ZJbDl^;qX7lk%3wB>5>$Qpqk_`%7GR#&;0AjAvuZ4Cj$Kw*`od?!xPvGidzog{
zdXwuVv>3HzjmW^2u4~ze6|dUTX)?n%u_c|nsCL(Q!XxJ;W~6fA)TYz6R_3~Cw~3}4
z9ww-u#X(rFK=>K(%_*?YN|ZF10+6=iC}vmibB@>Y4mi}%rPkaq+X5}5U;Tg{ev88;
zwt{!?GJ)ZvY9xK79hZ|pbtiyYgTWXAa^=7jW?#=5RPemIf}@&<wDf>Lf>@OO@;6O6
zbwqe7D4XrkrbcW1g}od>!9_*8_w!sfR!yE+oBDhQ%P|WNEkpVilbBw_Y=+7BunXlb
z^~>-~^zX$pffH7g)1^w0tjh;<hCjpMu3~wvG7f$b$EF5bTvf~0Yp1?7_J%xvV?Qy~
zpA7g0ce&;!Er2r1xzSI)pN4GQTC6!p;Tu)znBUkA^mLpE!US4srz0Cz)3?$ZQicz+
zW^ZPlXSuiiEvYFGIlZ+%$PeUr!X|Do2Xk5c3k^I78Dg;z)E&^hp%;8qWWo<rSb#$4
z1Mf<+hU)eCu3ZLle7^Hs=iPMw0PIzF1T>MjuBA3=Bj!dL1@m9IE}IpfTNr&LOmnK5
z$3^|C1Zag<TZkS19nGM>siT&@GpG5bmZd4MhSzG&j{QK6CnaD5uoyECjBE4&mgD8P
z7T++N0?aFu=3YXAyZIMHS>X$NOWHXccZ|Y=Rik9~)9;jM6b?W<i4T-$RjO4MRD~o!
z^|bb$F16xoa<)J)2N5;q;rXp`+eRA8`ZcT}iAH5vup8?ghAYM1&g4U@EX>pQ148@k
z7QN{nEFaD-AS|3%>Fm>$9%xgY$CNe{;Y-!^vTUuFV+mR+FA!Qu>xXxRSE2D|Qoqva
z@Nzs*05N=XnRcJyROqK<$!bbpe2guSqVvRF<)oX)NXp<`#Fp-7R3HX2Vf``K$^@gS
zEm=pTFe`kiGc4PHC#?MXK(+uAO817{&e_~cGcx%yoIIHiuw3H!!X#BCq>S~xct<eZ
zj_*=}m#)IB)PZRxhJ}l9gwmIa`jxIN7y_6xzWQivIH`KkStAP(|62~%ShJ{nKkqJ+
z(-``WKuC5jX-Y-LzHxPMi!gp{UD{~^6ALW$WX>d)g*Gp3d$6vR)hdYWf4t>wYz2X(
zkfuNVb?CIV^{553OzG)eN^GM<i<~ko7r^NH^$m%%2_|3N<uEX48$J)($WwJJ6pES-
zi;KA<=7uD`a<_o_PEREF&x>A!-jU9w&HBgz+<m0L%CYI6s9)lbH;w7^hiXGrSwlsb
z&(aFw8Q?)P5JtwRk=tMSHgFB!jRvy&8!;KDVqtZCTZ_T`f<~}CSR@jvNGq&OkV(=6
z7c7P(LZB}Id#MkeOFwlU;Z*QsB%o`3gKv!gJK1Hn0}0<nj*=?TRLpoQ|2eIU<|1pQ
z=;T*xG2Mhvqimid?05|6A~1R`ZMU=GoBtY^9JSjn8G#k~US0pV&1CtYLnm(g6XO?3
z762V4W7sN7MXXVR9%|zmyeX}Aw*2&;w)DfEJ7Y)=x(e-boRS-jnO`wO`s_dsXOtE;
zxQU0#zB5$5&c8%e#4Fd;nBM67@==`A<^AmelR3;$eNgA>+WQw|VLj4D{jd0=Sv>k{
zTfx+G1{hwmw`xJi?RpI6@H|YnOtmlyJm!Y{v6gkM&l!uhYuu0Pa<UG0+g*axS>Rh+
zkCy(~7@3pjQBMl{8-fo5!xGK3)Zxe@(&4BQ-FMAg{^HtlwTh1)NQ1n<&0#;in6odF
z*(vaLdf&bqqHLH9tvow^AaSL<tE8WS!|&&1A$Z}tVESos!(;|9Z`Ukkwau<Pui<u9
zaAxN0Lz&OqRZg{6@-459sh0X3$gQZh!nlR3QxhM14}G)c!B0x*KM7Oi02Af?R64Y>
z<MUu`k~==bH)`cXfVJ%3s!F{Em^<Xt&pJJK)e=!p4`Z0_3W%M1jcXX6l2=*L$PI^=
z2ls_u?I)m_IDx%8+&m3l;pr=vfSZ%=#pv#Iv{%{L#~?>^8G4T^@AV!I=kPK=(#GNI
z2L%+~GlFquxUkECb$PIe0%`E=z@|Y#P_H6<K|M|sv?u*?^8(7i=@tW@t~&alV(Qeb
zxX%eI-xa{r>n#bQUFzip_F(CgnUmlYa<=!EzBp(Z77=<H6NXAt-u>n;>B6q-ha3wm
z%7fuP+jY-3#fiGU&)Dun*8(KMb~jo~W-rtXUvJ8TZE~aHtfimj!Q`0tVPxJ853H4B
zsPNB>f5G%*r|SA?IA7m9se|dZO_6^c)zWU#yQiaw&rW4=pPH{W7aMLLCM>jjE_%0a
z-m%!}O7sTSZgTCdK2{6yl{HyhFI6CPxUs+)6NQ<v<1;Mmv4UfZ-xTGTE_$M)!E~Zg
zBVhq<^nwizx_<PjCF8avv>_L_kS%|A)Lh)VYi!kSjM6T)Q$I?*viv&?qIh<O%_uB5
zOK<$t#m@!f>qO-u5m{lk_$)jD)yBL!(Ix2&)~-STV&&8o#v%<*uGfUo3ClB>%FD{+
z=*na=+Mmgk@es>DUSN@&QLc{JpiMnVv^O0#-pMnd7yK*F%ZDVcH6w$<v!lZ-wVpbx
zifttj?lItl$|;z|<%Gn6(th8Q1*b<<A+>qVoJ=i6(i<D;ne?d`;F_Qtb#syc_FZ*#
zoX%5iZM&e%?O9|$z>9a84y1di<!whVqH-mOuqVQd={L4(%eULQTAdS&B|?3AB9@)T
z6ou53R|+)gti8UYR=E7Obo(}-HpsAaisw)OKX8~e!LWC*wIs;|A-OG=ng=60Nly-H
zLD&wenvHQv`1<ZI6LZxUJW4ll@p%-O71$~gW#ZK(2U-}XJHVW#g^EgFk(Fo~ey#WO
zItKEmwm${{>l9w4V^zkx6;TEQ2a~Wo%AJfn0H+lE^&)v%CG)Z?Yt+1B3H&bRep#<n
z&g(*mWBToEHQYTYte+JU+;mskU_c|3OqGJ{*y3`hKbv)XHyr1uhYLmUpN}eHAk&?k
zvJD6Z#f2_MknCl=H7e7W9>5;(1w&HniT*n^f2VK!OmymP;na_KFhW*t%!?&P@vbsi
zK?c9F$4KZsI!Ax&E_6<!m4*$n9!XzB|Fkk`K=T-&)td){wSmGZm^Ln^X)N(&Vl>+5
za}~en{xjJG`IC&Y{;r6w;M4nd8affDy475GVjzS}XtLH0%4Cm?^MXz+H)tgxu`&E|
z$Z3pI-#3&cNuby|O2lh~YXi45w+Sy#%kC#(qrqcG(n%6tP{1wi8hu1e6(Il{EV<ie
zSZa;t+44rNo^F@GZxDo%9T`sPLL?n^E8zX9M87VTIp<puBp9uLOLV}S$h|KH{6KT>
z1Ogi;r?49~@|g~vQhzSY>I+7wJye*%)p15i8QzBiwm!_02~J8SDD(v&Irk!ZW;uk^
zk2#PW5u2(Ds^vuLGn;9G&(AG66m<8bZe?_ktL=PjP!E_RKK)gm;*`wJK61y7E*&(C
z*Q`q1-I4H~N{*<RkNam7ZnKmXPr5~H^)YR9>q#y2<&<u$ytX?n%3360mO)K=my{h5
z5&lWi$VRNZ=#Xg^eo|qZ?LAtJc_QACYCV+42R^Jy)uCsn=aL(~lzP?sOy&zW`iQ$$
z5iXwsoX>#zs^WPP{q@DO$9213lZj$KK<W*d1nW9Xq3n8JV*RAhh*Y%WXXeiXD|_uB
zt-)OMbmP8p%;`|^Q&P~Ux!;Wd9Sa&IFJXjOn>SDM;^wYJ3QWaH?GV>$IE1(!SklKo
zeRs{7k^QqgXDmbxukMx3K=(=ht)bSb8q&mh<>^D6f}8+!jBGTJuAUe2Pxj!{1J6|d
z)HnTlh&<J?QNv(;RD_79=#Rb(1lRd4zUo)#wN70IlM1t07Ld(ZE$!xv0Ogdox3$bD
zGW>LqFGFgn=*UlP*513^z3jzSt#7y%_i;|1ttV9_MG@pwMxCju^!?APE;AAy_lckd
zVcI>(05xgk?85b&U%M(Nt^G0LNBzjJe7ptu&x2dBQ)u&QaLtIq<Vg}0mlv#JeKY!T
zLpH)r&9*EULzKCR%SBYw%Cukfpr%tNg`9+)-0N~4@dGzgLckv`_|`Dlh2$S)8cw@g
zy0s$EN{m+-Gpv;g%#+PI{n_`nmaXWV^^~JZHB5S0o`Vn>ohqCRO$?Y#Kxbz=MVPC=
zF<1Z;$?Wer{-wT96H7~cGj(j(<C;@_(V!s`n17sEimt?lqj=E2%DdN-<hjmIk2y;V
zP*xXDN}@MPCL8n5C82d13;<C}8`}l!4U6?Ga8z-Xw)%q|(UsgC5o@XFMc?B)Y<j+S
zl#nLkB<Elu77+nm8%z*op9jC18>a`s2A|`$`?&kZ+tYsq4ZxG2AwmLguHb7Ly?D29
zwZC6q`$SCH{<dOXU30S`_2o~LadA2Gb84xl8Kzs21#SeZ($;3Bx0_O7E^s%db=Syh
z^)-Z7yWMp`{Mr+*fng^F{vuIc66dn?|3)_Z<<(!t)289h;9ELVG9&i2Mc{Ana8`J0
z?R;7Kk9*q#fuP8nKWFYQ<7KbWF%0pcrGo$8fw&y_E69$f8}iZcYC4U@{|8Id$;6=!
z8L~e_H!{OkgzzV_12dhutJ1iUBS8MQ(!(9!t<rD&pL_x5dd>%AWoG93PYEhMQAmPr
z=x%=PeDO=h5k-?tvd*tTKKxOUfO5&~DVI_JDSYGS;7NSymX~H)BO@Eb4*Ry|prTTj
z{zyt!&d57gIm^3LxyXN$ck<!^3TTD^`80xLPb8lYH;X@X!!ZB4_ZsMv%$UNG^1o5p
z(XPBIkMoM3)WCbKU+DjV9liPu+r6(;AnJDI6|@4D3cos7(%SCaKV@_04=&=>>6Bkc
zqwXn)lHaX?>=zi5XN4CY8|nV$eQ1xfK^EYHNN#`(WS_;dtNmv*wEG2msy+q!|EOgD
r<L3J3yx;oGYoPF%Kjyz>r$i>ZDFD_voN`apLK<Vk+XiKNPEr2{6JLc&

literal 0
HcmV?d00001

diff --git a/docs/arc42/revocation-service/main.md b/docs/arc42/revocation-service/main.md
new file mode 100644
index 00000000..3c334cf3
--- /dev/null
+++ b/docs/arc42/revocation-service/main.md
@@ -0,0 +1,405 @@
+# Table of content
+
+[[toc]]
+
+# Introduction and Goals
+
+We have a Managed Identity Wallet(MIW) application and this application is used to issue various types of verifiable
+credentials using did:web method.
+
+As per business needs issuer might want to revoke issued credentials issued to any holder so credential validation will
+not work.
+
+Simply deleting credentials will not work as there might be possible that holder save credentials in other location and
+present it to verifier.
+
+When any business partner deboarded from Cofinity-X
+
+When there a any changes in credentials or updates needed in credentials. In this case, we need to revoke the older VC
+and need to reissue it.
+
+The core functionalities are:
+
+1. Issue status list credentials to all wallets (Issuer)
+2. Maintain status list index for revocation
+3. Verify revocation status of credential
+
+## Cross-cutting Concepts
+
+Please refer to this for more information: [Bitstring Status List v1.0](https://www.w3.org/TR/vc-bitstring-status-list/)
+
+## Requirements Overview
+
+The basic requirements for the Managed Identity Wallet are as follows:
+
+- issue status list to all issuer using REST API
+
+- Manage status list index for each issuer
+
+- Allow issuer to revoke credential using REST API
+
+- Allow verifier to verify status of credential using REST API
+
+- Update status list credential when issuer revoke credential using REST API
+
+## Quality Goals
+
+1. Status list VC should be stored in durable storage and backup should be taken
+2. The current index should be created for each issued revocable VC
+3. while revocation, the correct index should be revoked
+4. The application should work in case of horizontal scanning
+5. Only Authorizae user/client can access the revocation API
+6. One status list index should be created for one VC
+7. Sonar quality gate should be passed
+8. No issues in veracode scanning
+9. Unit test coverage should be more than 80%
+
+## Stakeholders
+
+The key stakeholders of the component are:
+
+- Issuer: Issuer should able to issue revocable credentials and able to revoke issued credentials when there a need
+
+- Verifier: Verify status of credential(active/revoked) along with signature and expiry date verification
+
+# Architecture Constraints
+
+The architecture of the Revocation Service follows the general
+principles, guidelines and boundaries from the [Tractus-X
+project](https://projects.eclipse.org/projects/automotive.tractusx). You can
+find more details and documentation on the [Tractus-X GitHub
+page](https://github.com/eclipse-tractusx).
+
+# System Scope and Context
+
+- Issuer can issue and revoke credentials
+- verifier can verify status of credentials
+
+## Business Context
+
+- Catena-X portal/Base wallet:
+
+    - CX-Operator onboard business partner and that will create a wallet for them
+
+    - CX-Operator can verify the revocation status of any VC issued by the base wallet
+
+    - CX-Operator can revoke issued VC
+
+- Business partner wallet:
+
+    - Any business partner can issue revocable VC to a self-wallet
+
+    - Business partners can verify the status of any VC
+
+    - Business partners can revoke self-issued VC
+
+## Technical Context
+
+![revocation-tech_context.png](images/revocation-tech_context.png)
+
+# Solution Strategy
+
+The Revocation service is implemented as an independent REST API
+service using the following technology stack:
+
+- Java 17 as a base programming language
+- SpringBoot as an encompassing framework
+- PostgreSQL as a database backend
+- Gradle as a build tool
+- Dockerized setup for Kubernetes with Helm
+
+# Runtime View
+
+API documentation can be found [openapi_v001.json](..%2F..%2Fapi%2Frevocation-service%2Fopenapi_v001.json)
+
+In general, the API covers the following functionality:
+
+### 1.Get status list entry
+
+In this endpoint, the Issuer will call this endpoint while issuing Revocable VC. The revocation service will create a
+status list vc if not created and in return will give a status list entry with an updated index.
+BPN number will be the issuer id in our case.
+
+![get_status_list_entry_api.png](images/get_status_list_entry_api.png)
+
+Request Body:
+
+```json
+ {
+    "purpose": "revocation",
+    "issuerId": "BPNL000000000000"
+}
+```
+
+Response Body:
+
+```json
+{
+    "id": "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1#12",
+    "statusPurpose": "revocation",
+    "statusListIndex": "12",
+    "statusListCredential": "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
+    "type": "BitstringStatusListEntry"
+}
+
+```
+
+### 2. Get the status list VC
+
+In this endpoint, the Verifier will provide issuerId, and the revocation service will provide the StatusList VC of that
+issuer.
+
+**_This API should be public_**
+
+![get_status_list_vc.png](images/get_status_list_vc.png)
+
+Response:
+
+```json
+{
+    "@context": [
+        "https://www.w3.org/2018/credentials/v1",
+        "https://eclipse-tractusx.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json",
+        "https://w3id.org/security/suites/jws-2020/v1"
+    ],
+    "id": "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
+    "type": [
+        "VerifiableCredential",
+        "BitstringStatusListCredential"
+    ],
+    "issuer": "did:web:localhost:BPNL000000000000",
+    "issuanceDate": "2024-02-05T09:39:58Z",
+    "credentialSubject": [
+        {
+            "statusPurpose": "revocation",
+            "id": "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
+            "type": "BitstringStatusList",
+            "encodedList": "H4sIAAAAAAAA/wMAAAAAAAAAAAA="
+        }
+    ],
+    "proof": {
+        "proofPurpose": "assertionMethod",
+        "type": "JsonWebSignature2020",
+        "verificationMethod": "did:web:localhost:BPNL000000000000#ed463e4c-b900-481a-b5d0-9ae439c434ae",
+        "created": "2024-02-05T09:39:58Z",
+        "jws": "eyJhbGciOiJFZERTQSJ9..swX1PLJkSlxB6JMmY4a2uUzR-uszlyLrVdNppoYSx4PTV1LzQrDb0afzp_dvTNUWEYDI57a8iPh78BDjqMjSDQ"
+    }
+}
+
+```
+
+### 3. Revoke VC
+
+In this endpoint, the Issuer will request to revoke VC with StatusList. The revocation service will verify the VC and If
+the VC is valid then it will set the bit value in the encoded list and reissue the status list VC to the issuer.
+
+![revoke_vc.png](images/revoke_vc.png)
+
+Request:
+
+```json
+{
+    "id": "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1#12",
+    "statusPurpose": "revocation",
+    "statusListIndex": "12",
+    "statusListCredential": "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
+    "type": "BitstringStatusListEntry"
+}
+```
+
+Response:
+
+```
+Verifiable credential revoked successfully.
+```
+
+### 4. Verify credential status
+
+Using this endpoint, verifier can check current status of credential whether certificate is active of revoked
+
+![verify_status.png](images/verify_status.png)
+
+Request:
+
+```json
+{
+    "id": "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1#12",
+    "statusPurpose": "revocation",
+    "statusListIndex": "12",
+    "statusListCredential": "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
+    "type": "BitstringStatusListEntry"
+}
+```
+
+Response:
+
+```json
+{
+    "status": "active"
+}
+```
+
+In the following, the most relevant operations are described as sequence
+diagrams.
+
+### Create Wallet
+
+### Issue revocable credential
+
+![issue_revocable_vc.png](images/issue_revocable_vc.png)
+
+```
+@startuml
+title issue revocable VC
+actor User as User
+participant "Managed identity wallet" as MIW
+participant "Revocation service" as RS
+group "Issue VC"
+User -> MIW: "/api/credentials/issuer" with revocable=true
+alt "If revocable then get issuer status list"
+MIW -> RS: "/api/v1/revocations/statusEntry
+alt If status list VC not created?
+RS -> RS: Create StatusList credentail
+RS -> MIW: Sign new status list VC
+MIW -> MIW: Save status list into issuer table
+RS<-- MIW: return sighed status list VC
+RS -> RS: Store StatusList VC in DB
+end
+RS -> RS: Get Current StatusList Index for Issuer
+RS -> RS: Incease statusList Index by 1 and save in DB
+RS --> MIW: Return Status List
+end
+group "Create and Sign VC"
+MIW -> MIW: Create credentail
+alt "If revocable then add status list"
+MIW -> MIW: Add Status List in VC
+end
+MIW -> MIW: Sign VC
+end group
+MIW --> User: Return revocable VC
+end group
+@enduml
+
+```
+
+### Verify revocable credential
+
+![verify_revocable_vc.png](images/verify_revocable_vc.png)
+
+```
+@startuml
+actor User as User
+participant "Managed Identity Wallet" as MIW
+participant "Revocation service" as RS
+title Verify VC with revocation status
+group "Verify VC"
+User -> MIW: "/api/credentials/validation?withCredentialExpiryDate=true&withRevocation=true"
+alt "If withRevocation then check issuer status list"
+MIW -> RS: "/api/v1/revocations/credentials/{issueId}"
+RS -> RS: Get Current StatusList Index for Issuer
+RS --> MIW: Return StatusList VC
+end
+group "Credential Validation"
+MIW -> MIW: validate status list VC
+MIW -> MIW: Valaidate vc index with encoded list of status list VC
+MIW -> MIW: Check Credential is not expired
+MIW -> MIW: Validate Credential JsonLD
+MIW -> MIW: Verify Credential Signature
+end group
+MIW --> User: Return Valid or Invalid + Reason
+@enduml
+```
+
+# Deployment
+
+A description of the overall structure of components including how to
+run and test it locally as well as on Kubernetes in the cloud is
+available in the GitHub repository:
+<https://github.com/eclipse-tractusx/managed-identity-wallet>
+
+The INT/DEV deployment is done using Helm charts. The charts are located in the
+`charts/` sub-directory of the repository. The charts are picked up by
+[ArgoCD](https://argo-cd.readthedocs.io/en/stable/) and executed, resulting in
+a INT/DEV deployment into the respective Kubernetes cluster. ArgoCD polls the
+GitHub status continuously and executes the Helm charts when a new commit is
+detected on one of the target branches, e.g. "main". A benefit of ArgoCD is that it
+automatically detects variables from the Helm charts and displays them in the
+ArgoCD UI.
+
+[ArgoCD INT](https://argo.int.demo.catena-x.net/)
+[ArgoCD DEV](https://argo.dev.demo.catena-x.net/)
+
+For local setup, instruction will be added in README.md file
+
+# Guiding Concepts
+
+Please refer: https://www.w3.org/TR/vc-bitstring-status-list/
+
+# Design Decisions
+
+Revocation service is developed at Cofinity-X and as per discussion with product owner of MIW cofinity-x has decided to
+contribute to the eclipse tractus-x
+
+# Quality Requirements
+
+The work being done on the project has been focused on creating a base
+implementation of the Managed Identity Wallet Service. The current state has
+compromised on some aspects to further progress the development. The [Risks and
+Technical Depts](#technical-debts) section addresses those points in greater
+detail. Nevertheless we've focused on Security and Deploy ability.
+
+The Revocation service sticks to the following Quality Gate
+requirements where relevant and applicable:
+
+- Documentation: Architecture
+- Documentation: Administrator\'s Guide
+- Documentation: Interfaces
+- Documentation: Source Code
+- Documentation: Development Process
+- Documentation: Standardization - Interoperability and Data Sovereignty
+- Compliance: GDPR
+- Test Results: Deployment/Installation
+- Test Results: Code Quality Analysis
+- Test Results: System Integration Tests
+- Security & Compliance: Penetration Tests
+- Security & Compliance: Threat Modeling
+- Security & Compliance: Static Application Security Testing
+- Security & Compliance: Dynamic Application Security Testing
+- Security & Compliance: Secret scanning
+- Security & Compliance: Software Composition Analysis
+- Security & Compliance: Container Scan
+- Security & Compliance: Infrastructure as Code
+
+# Technical Debts
+
+## Credential sensation is not supported
+
+- DID document only covers varification method. No service endpoints
+
+## SSI Library
+
+- No validation for JsonWebSignature2020 with RSA key
+- No Security valdition only Sercurity Assessment done, no attack vectors are tested
+
+# Glossary
+
+| **Term**                | **Definition**                                                                                                                   |
+|-------------------------|----------------------------------------------------------------------------------------------------------------------------------|
+| MIW                     | Managed Identity wallet application                                                                                              |
+| VC                      | Verifiable Credential                                                                                                            |
+| VP                      | Verifiable Presentation                                                                                                          |
+| Wallet                  | Virtual placeholder for business partner which holds VCs                                                                         |
+| Base wallet             | Wallet for Cofinity-X. CX type of VC will be issued using this wallet                                                            |
+| Status list credential  | [https://www.w3.org/TR/vc-status-list/#statuslist2021credential](https://www.w3.org/TR/vc-status-list/#statuslist2021credential) |
+| Status list entry       | [https://www.w3.org/TR/vc-status-list/#statuslist2021credential](https://www.w3.org/TR/vc-status-list/#statuslist2021credential) |
+| Status list index       | [https://www.w3.org/TR/vc-status-list/#statuslist2021entry](https://www.w3.org/TR/vc-status-list/#statuslist2021entry)           |
+| Revocation verification | [https://www.w3.org/TR/vc-status-list/#validate-algorithm](https://www.w3.org/TR/vc-status-list/#validate-algorithm)             |
+| Encoded list            | [https://www.w3.org/TR/vc-status-list/#bitstring-encoding](https://www.w3.org/TR/vc-status-list/#bitstring-encoding)             |
+
+# NOTICE
+
+This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0).
+
+- SPDX-License-Identifier: Apache-2.0
+- SPDX-FileCopyrightText: 2021,2023 Contributors to the Eclipse Foundation
+- Source URL: https://github.com/eclipse-tractusx/managed-identity-wallet
diff --git a/docs/ArchitectureWebDID.md b/docs/database/miw/ArchitectureWebDID.md
similarity index 100%
rename from docs/ArchitectureWebDID.md
rename to docs/database/miw/ArchitectureWebDID.md
diff --git a/docs/MIW_DB_Schema_v0.0.1.md b/docs/database/miw/MIW_DB_Schema_v0.0.1.md
similarity index 100%
rename from docs/MIW_DB_Schema_v0.0.1.md
rename to docs/database/miw/MIW_DB_Schema_v0.0.1.md
diff --git a/docs/database/revocation/revocation_DB_Schema_v0.0.1.md b/docs/database/revocation/revocation_DB_Schema_v0.0.1.md
new file mode 100644
index 00000000..5d742c88
--- /dev/null
+++ b/docs/database/revocation/revocation_DB_Schema_v0.0.1.md
@@ -0,0 +1,24 @@
+# Database Schemas for intial draft
+
+### Status List Index
+
+- id: integer (Primary Key)
+- issuer_bpn_status: varchar(27)
+- current_index: varchar(16)
+- status_list_credential_id: varchar(256) (Unique)
+
+### Status list credential
+
+- id: integer (Primary Key)
+- issuer_bpn: varchar(16) (Unique)
+- credential: text
+- created_at: timestamp
+- modified_at: timestamp
+
+# NOTICE
+
+This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0).
+
+- SPDX-License-Identifier: Apache-2.0
+- SPDX-FileCopyrightText: 2021,2023 Contributors to the Eclipse Foundation
+- Source URL: https://github.com/eclipse-tractusx/managed-identity-wallet
diff --git a/docs/security-assessment/security-assessment-23-12.md b/docs/security-assessment/security-assessment-23-12.md
index 7d7d1d7f..3452f862 100644
--- a/docs/security-assessment/security-assessment-23-12.md
+++ b/docs/security-assessment/security-assessment-23-12.md
@@ -1,39 +1,40 @@
 # Security Assessment Managed Identity Wallet (MIW)
 
-|     |     |
-| --- | --- |
-| Contact for product        | [@OSchlienz](https://github.com/github) <br> [@borisrizov-zf](https://github.com/borisrizov-zf) |
-| Security responsible       | [@pablosec](https://github.com/pablosec) <br> [@SSIRKC](https://github.com/SSIRKC) |
-| Version number of product  | 23.12 |
-| Dates of assessment        | 2023-11-21: Re-assessment for release 23.12 |
-| Status of assessment       | RE-ASSESSMENT DRAFT |
+|                           |                                                                                                 |
+|---------------------------|-------------------------------------------------------------------------------------------------|
+| Contact for product       | [@OSchlienz](https://github.com/github) <br> [@borisrizov-zf](https://github.com/borisrizov-zf) |
+| Security responsible      | [@pablosec](https://github.com/pablosec) <br> [@SSIRKC](https://github.com/SSIRKC)              |
+| Version number of product | 23.12                                                                                           |
+| Dates of assessment       | 2023-11-21: Re-assessment for release 23.12                                                     |
+| Status of assessment      | RE-ASSESSMENT DRAFT                                                                             |
 
 ## Product Description
 
-The Managed Identity Wallet (MIW) service implements the Self-Sovereign-Identity (SSI) readiness by providing a wallet hosting platform including a DID resolver, service endpoints and the company wallets itself.
+The Managed Identity Wallet (MIW) service implements the Self-Sovereign-Identity (SSI) readiness by providing a wallet
+hosting platform including a DID resolver, service endpoints and the company wallets itself.
 
 ### Important Links
-* [MIW: README.md](https://github.com/eclipse-tractusx/managed-identity-wallet/blob/main/README.md)
-* [SSI: Technical Debts.md](https://github.com/eclipse-tractusx/ssi-docu/blob/main/docs/architecture/cx-3-2/6.%20Technical%20Debts/Technical%20Debts.md) – partly outdated at date of security assessment
-
 
+* [MIW: README.md](https://github.com/eclipse-tractusx/managed-identity-wallet/blob/main/README.md)
+* [Revocation Service: README.md](..%2F..%2Frevocation-service%2FREADME.md)
+* [SSI: Technical Debts.md](https://github.com/eclipse-tractusx/ssi-docu/blob/main/docs/architecture/cx-3-2/6.%20Technical%20Debts/Technical%20Debts.md) –
+  partly outdated at date of security assessment
 
 ## Existing Security Controls
 
 ℹ️ Only controls added since last security assessment (2023-06) are listed below
 
-* Role-based access control  
+* Role-based access control
   [README.md → Manual Keycloak Configuration](https://github.com/eclipse-tractusx/managed-identity-wallet/blob/main/README.md#manual-keycloak-configuration)
-  * MIW provides 7 roles:
-    * `add_wallets`
-    * `view_wallets`
-    * `view_wallet`
-    * `update_wallets`
-    * `update_wallet`
-    * `manage_app`
+    * MIW provides 7 roles:
+        * `add_wallets`
+        * `view_wallets`
+        * `view_wallet`
+        * `update_wallets`
+        * `update_wallet`
+        * `manage_app`
 * Logging is implemented with levels `OFF`, `ERROR`, `WARN`, `INFO`, `DEBUG`, `TRACE`
-  * Currently there is no description of the events logged for the different levels
-
+    * Currently there is no description of the events logged for the different levels
 
 ## Architecture/Data Flow Diagram (DFD)
 
@@ -42,23 +43,30 @@ The Managed Identity Wallet (MIW) service implements the Self-Sovereign-Identity
 Source: https://github.com/pablosec/managed-identity-wallet/tree/main/docs
 
 ### Changes compared to last Security Assessment
-[Security Assessment 2023-06, Release 3.2](https://confluence.catena-x.net/pages/viewpage.action?pageId=90482695) (Link only available to Catena-X Consortium Members)
+
+[Security Assessment 2023-06, Release 3.2](https://confluence.catena-x.net/pages/viewpage.action?pageId=90482695) (Link
+only available to Catena-X Consortium Members)
+
 * No architectural changes in codebase compared to last security assessment, performed in June 2023.
-* Product team currently working on STS (Secure Token Service) and Presentation Flow for VC/VP, planned for rollout in version *24.05*.
+* Product team currently working on STS (Secure Token Service) and Presentation Flow for VC/VP, planned for rollout in
+  version *24.05*.
 
 ### Features for upcoming versions
 
-See also [SSI: Technical Debts.md](https://github.com/eclipse-tractusx/ssi-docu/blob/main/docs/architecture/cx-3-2/6.%20Technical%20Debts/Technical%20Debts.md)
+See
+also [SSI: Technical Debts.md](https://github.com/eclipse-tractusx/ssi-docu/blob/main/docs/architecture/cx-3-2/6.%20Technical%20Debts/Technical%20Debts.md)
 
-* Revocation Service and substituting Summary Credentials (→ 24.05)
 * Use of key rotation (→ 24.05)
 * Switch to actually decentralized DID documents (→ will be implemented, but not scheduled at the moment)
 * Create credentials outside of MIW (→ will be implemented, but not scheduled at the moment)
 
-⚠️ Multi-tenancy will not be implemented as part of the development during the Catena-X consortium phase. Security risk associated with lack of multi-tenancy is accepted.
+⚠️ Multi-tenancy will not be implemented as part of the development during the Catena-X consortium phase. Security risk
+associated with lack of multi-tenancy is accepted.
 
 ## Threats & Risks
+
 The threats and risks identified during this security assessment can be found in the following issues:
+
 * eclipse-tractusx/managed-identity-wallet#164
 * eclipse-tractusx/managed-identity-wallet#165
 * eclipse-tractusx/managed-identity-wallet#86 (finding was already created as issue before assessment)
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/apidocs/RevocationApiControllerApiDocs.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/apidocs/RevocationApiControllerApiDocs.java
index 13c521ee..d9808979 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/apidocs/RevocationApiControllerApiDocs.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/apidocs/RevocationApiControllerApiDocs.java
@@ -43,17 +43,19 @@ public class RevocationApiControllerApiDocs {
             value = {
                     @ApiResponse(
                             responseCode = "200",
-                            description = "Verifiable credential revoked successfully.",
-                            content = @Content(examples = { @ExampleObject(description = "if credential is revoked", value = """
-                                    {
-                                        "status":"revoked"
-                                    }
-                                    """),
-                                    @ExampleObject(description = "if credential is is active", value = """
-                                            {
-                                                "status":"active"
-                                            }
-                                            """) })),
+                            description = "if credential is revoked",
+                            content = @Content(
+                                    examples = {
+                                            @ExampleObject(description = "if credential is revoked", value = """
+                                                    {
+                                                        "status":"revoked"
+                                                    }
+                                                    """),
+                                            @ExampleObject(description = "if credential is is active", value = """
+                                                    {
+                                                        "status":"active"
+                                                    }
+                                                    """) })),
                     @ApiResponse(
                             responseCode = "401",
                             description = "UnauthorizedException: invalid token",
@@ -68,9 +70,7 @@ public class RevocationApiControllerApiDocs {
                             content =
                             @Content(
                                     examples =
-                                    @ExampleObject(
-                                            value =
-                                                    ""),
+                                    @ExampleObject(),
                                     mediaType = "application/json")),
                     @ApiResponse(
                             responseCode = "500",
@@ -225,8 +225,41 @@ public class RevocationApiControllerApiDocs {
                                     @Content(
                                             examples =
                                             @ExampleObject(
-                                                    value =
-                                                            "{\"@context\": [\"https://www.w3.org/2018/credentials/v1\", \"https://eclipse-tractusx.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json\", \"https://w3id.org/security/suites/jws-2020/v1\"], \"id\": \"http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1\", \"type\": [\"VerifiableCredential\", \"BitstringStatusListCredential\"], \"issuer\": \"did:web:localhost:BPNL000000000000\", \"issuanceDate\": \"2024-02-05T09:39:58Z\", \"credentialSubject\": [{\"statusPurpose\": \"revocation\", \"id\": \"http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1\", \"type\": \"BitstringStatusList\", \"encodedList\": \"H4sIAAAAAAAA/wMAAAAAAAAAAAA=\"}], \"proof\": {\"proofPurpose\": \"assertionMethod\", \"type\": \"JsonWebSignature2020\", \"verificationMethod\": \"did:web:localhost:BPNL000000000000#ed463e4c-b900-481a-b5d0-9ae439c434ae\", \"created\": \"2024-02-05T09:39:58Z\", \"jws\": \"eyJhbGciOiJFZERTQSJ9..swX1PLJkSlxB6JMmY4a2uUzR-uszlyLrVdNppoYSx4PTV1LzQrDb0afzp_dvTNUWEYDI57a8iPh78BDjqMjSDQ\"}}"),
+                                                    value = """
+                                                            {
+                                                                "@context":
+                                                                [
+                                                                    "https://www.w3.org/2018/credentials/v1",
+                                                                    "https://eclipse-tractusx.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json",
+                                                                    "https://w3id.org/security/suites/jws-2020/v1"
+                                                                ],
+                                                                "id": "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
+                                                                "type":
+                                                                [
+                                                                    "VerifiableCredential",
+                                                                    "BitstringStatusListCredential"
+                                                                ],
+                                                                "issuer": "did:web:localhost:BPNL000000000000",
+                                                                "issuanceDate": "2024-02-05T09:39:58Z",
+                                                                "credentialSubject":
+                                                                [
+                                                                    {
+                                                                        "statusPurpose": "revocation",
+                                                                        "id": "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
+                                                                        "type": "BitstringStatusList",
+                                                                        "encodedList": "H4sIAAAAAAAA/wMAAAAAAAAAAAA="
+                                                                    }
+                                                                ],
+                                                                "proof":
+                                                                {
+                                                                    "proofPurpose": "assertionMethod",
+                                                                    "type": "JsonWebSignature2020",
+                                                                    "verificationMethod": "did:web:localhost:BPNL000000000000#ed463e4c-b900-481a-b5d0-9ae439c434ae",
+                                                                    "created": "2024-02-05T09:39:58Z",
+                                                                    "jws": "eyJhbGciOiJFZERTQSJ9..swX1PLJkSlxB6JMmY4a2uUzR-uszlyLrVdNppoYSx4PTV1LzQrDb0afzp_dvTNUWEYDI57a8iPh78BDjqMjSDQ"
+                                                                }
+                                                            }
+                                                            """),
                                             mediaType = "application/json")
                             }),
                     @ApiResponse(

From 272e22a3153029d6401be5536fecb2193097ebf3 Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Mon, 17 Jun 2024 21:00:30 +0530
Subject: [PATCH 14/48] doc: API doc updated

---
 docs/api/revocation-service/openapi_v001.json | 70 +++++++++++--------
 .../RevocationApiControllerApiDocs.java       | 19 ++---
 2 files changed, 47 insertions(+), 42 deletions(-)

diff --git a/docs/api/revocation-service/openapi_v001.json b/docs/api/revocation-service/openapi_v001.json
index 0886659c..423ead47 100644
--- a/docs/api/revocation-service/openapi_v001.json
+++ b/docs/api/revocation-service/openapi_v001.json
@@ -54,23 +54,35 @@
           "required" : true
         },
         "responses" : {
-          "401" : {
-            "description" : "UnauthorizedException: invalid token"
-          },
           "200" : {
-            "description" : "if credential is revoked"
-          },
-          "500" : {
-            "description" : "RevocationServiceException: Internal Server Error"
-          },
-          "409" : {
-            "description" : "ConflictException: Revocation service error",
+            "description" : "Status of credential",
             "content" : {
-              "application/json" : {}
+              "application/json" : {
+                "examples" : {
+                  "if credential is revoked" : {
+                    "description" : "if credential is revoked",
+                    "value" : {
+                      "status" : "revoked"
+                    }
+                  },
+                  "if credential is active" : {
+                    "description" : "if credential is is active",
+                    "value" : {
+                      "status" : "active"
+                    }
+                  }
+                }
+              }
             }
           },
           "403" : {
             "description" : "ForbiddenException: invalid caller"
+          },
+          "401" : {
+            "description" : "UnauthorizedException: invalid token"
+          },
+          "500" : {
+            "description" : "RevocationServiceException: Internal Server Error"
           }
         }
       }
@@ -98,12 +110,6 @@
           "required" : true
         },
         "responses" : {
-          "401" : {
-            "description" : "UnauthorizedException: invalid token"
-          },
-          "500" : {
-            "description" : "RevocationServiceException: Internal Server Error"
-          },
           "403" : {
             "description" : "ForbiddenException: invalid caller"
           },
@@ -120,6 +126,12 @@
                 }
               }
             }
+          },
+          "401" : {
+            "description" : "UnauthorizedException: invalid token"
+          },
+          "500" : {
+            "description" : "RevocationServiceException: Internal Server Error"
           }
         }
       }
@@ -150,15 +162,6 @@
           "required" : true
         },
         "responses" : {
-          "200" : {
-            "description" : "Verifiable credential revoked successfully."
-          },
-          "401" : {
-            "description" : "UnauthorizedException: invalid token"
-          },
-          "500" : {
-            "description" : "RevocationServiceException: Internal Server Error"
-          },
           "403" : {
             "description" : "ForbiddenException: invalid caller"
           },
@@ -176,6 +179,15 @@
                 }
               }
             }
+          },
+          "401" : {
+            "description" : "UnauthorizedException: invalid token"
+          },
+          "200" : {
+            "description" : "Verifiable credential revoked successfully."
+          },
+          "500" : {
+            "description" : "RevocationServiceException: Internal Server Error"
           }
         }
       }
@@ -221,9 +233,6 @@
           }
         ],
         "responses" : {
-          "500" : {
-            "description" : "RevocationServiceException: Internal Server Error"
-          },
           "200" : {
             "description" : "Get Status list credential ",
             "content" : {
@@ -262,6 +271,9 @@
           },
           "404" : {
             "description" : "Status list credential not found"
+          },
+          "500" : {
+            "description" : "RevocationServiceException: Internal Server Error"
           }
         }
       }
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/apidocs/RevocationApiControllerApiDocs.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/apidocs/RevocationApiControllerApiDocs.java
index d9808979..0f63fc68 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/apidocs/RevocationApiControllerApiDocs.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/apidocs/RevocationApiControllerApiDocs.java
@@ -28,6 +28,7 @@
 import io.swagger.v3.oas.annotations.parameters.RequestBody;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
+import org.springframework.http.MediaType;
 
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
@@ -43,19 +44,19 @@ public class RevocationApiControllerApiDocs {
             value = {
                     @ApiResponse(
                             responseCode = "200",
-                            description = "if credential is revoked",
-                            content = @Content(
+                            description = "Status of credential",
+                            content = { @Content(mediaType = MediaType.APPLICATION_JSON_VALUE,
                                     examples = {
-                                            @ExampleObject(description = "if credential is revoked", value = """
+                                            @ExampleObject(name = "if credential is revoked", description = "if credential is revoked", value = """
                                                     {
                                                         "status":"revoked"
                                                     }
                                                     """),
-                                            @ExampleObject(description = "if credential is is active", value = """
+                                            @ExampleObject(name = "if credential is active", description = "if credential is is active", value = """
                                                     {
                                                         "status":"active"
                                                     }
-                                                    """) })),
+                                                    """) }) }),
                     @ApiResponse(
                             responseCode = "401",
                             description = "UnauthorizedException: invalid token",
@@ -64,14 +65,6 @@ public class RevocationApiControllerApiDocs {
                             responseCode = "403",
                             description = "ForbiddenException: invalid caller",
                             content = @Content()),
-                    @ApiResponse(
-                            responseCode = "409",
-                            description = "ConflictException: Revocation service error",
-                            content =
-                            @Content(
-                                    examples =
-                                    @ExampleObject(),
-                                    mediaType = "application/json")),
                     @ApiResponse(
                             responseCode = "500",
                             description = "RevocationServiceException: Internal Server Error",

From 4465f24c3ce7434e70448b0e787a6abab5393f63 Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Tue, 18 Jun 2024 11:39:26 +0530
Subject: [PATCH 15/48] commons dao version updated

---
 DEPENDENCIES                                  | 11 ++-----
 build.gradle                                  |  5 ++-
 gradle.properties                             |  2 +-
 .../config/ApplicationConfig.java             |  8 +----
 .../dao/entity/MIWBaseEntity.java             |  2 +-
 .../HoldersCredentialRepository.java          |  2 +-
 .../IssuersCredentialRepository.java          |  2 +-
 .../dao/repository/JtiRepository.java         |  2 +-
 .../dao/repository/WalletKeyRepository.java   |  2 +-
 .../dao/repository/WalletRepository.java      |  2 +-
 .../service/HoldersCredentialService.java     | 31 ++++++-------------
 .../service/IssuersCredentialService.java     | 31 ++++++-------------
 .../service/PresentationService.java          | 11 ++-----
 .../service/WalletKeyService.java             | 10 ++----
 .../service/WalletService.java                | 19 ++++--------
 .../service/IssuersCredentialServiceTest.java |  3 --
 16 files changed, 42 insertions(+), 101 deletions(-)

diff --git a/DEPENDENCIES b/DEPENDENCIES
index 5ef621c7..7f02ffed 100644
--- a/DEPENDENCIES
+++ b/DEPENDENCIES
@@ -44,10 +44,11 @@ maven/mavencentral/com.nimbusds/lang-tag/1.7, Apache-2.0, approved, clearlydefin
 maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.37.3, Apache-2.0, approved, #11701
 maven/mavencentral/com.nimbusds/oauth2-oidc-sdk/9.43.4, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.opencsv/opencsv/5.9, Apache-2.0, approved, clearlydefined
-maven/mavencentral/com.smartsensesolutions/commons-dao/0.0.5, Apache-2.0, approved, #9176
+maven/mavencentral/com.smartsensesolutions/commons-dao/1.0.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.sun.activation/jakarta.activation/1.2.1, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
 maven/mavencentral/com.sun.istack/istack-commons-runtime/4.1.2, BSD-3-Clause, approved, #15290
 maven/mavencentral/com.sun.mail/jakarta.mail/1.6.5, EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, ee4j.mail
+maven/mavencentral/com.teketik/mock-in-bean/boot2-v1.5.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.vaadin.external.google/android-json/0.0.20131108.vaadin1, Apache-2.0, approved, CQ21310
 maven/mavencentral/com.zaxxer/HikariCP/5.1.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/commons-beanutils/commons-beanutils/1.9.4, Apache-2.0, approved, CQ12654
@@ -132,13 +133,9 @@ maven/mavencentral/org.hdrhistogram/HdrHistogram/2.2.2, BSD-2-Clause AND CC0-1.0
 maven/mavencentral/org.hibernate.common/hibernate-commons-annotations/6.0.6.Final, LGPL-2.1-only, approved, #6962
 maven/mavencentral/org.hibernate.orm/hibernate-core/6.5.2.Final, LGPL-2.1-only AND (EPL-2.0 OR BSD-3-Clause) AND LGPL-2.1-or-later AND MIT, approved, #15118
 maven/mavencentral/org.hibernate.validator/hibernate-validator/8.0.1.Final, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.jacoco/org.jacoco.agent/0.8.8, EPL-2.0, approved, CQ23285
 maven/mavencentral/org.jacoco/org.jacoco.agent/0.8.9, EPL-2.0, approved, CQ23285
-maven/mavencentral/org.jacoco/org.jacoco.ant/0.8.8, EPL-2.0, approved, #1068
 maven/mavencentral/org.jacoco/org.jacoco.ant/0.8.9, EPL-2.0, approved, #1068
-maven/mavencentral/org.jacoco/org.jacoco.core/0.8.8, EPL-2.0, approved, CQ23283
 maven/mavencentral/org.jacoco/org.jacoco.core/0.8.9, EPL-2.0, approved, CQ23283
-maven/mavencentral/org.jacoco/org.jacoco.report/0.8.8, EPL-2.0 AND Apache-2.0, approved, CQ23284
 maven/mavencentral/org.jacoco/org.jacoco.report/0.8.9, EPL-2.0 AND Apache-2.0, approved, CQ23284
 maven/mavencentral/org.jboss.logging/jboss-logging/3.5.3.Final, Apache-2.0, approved, #9471
 maven/mavencentral/org.jboss.resteasy/resteasy-client-api/4.7.7.Final, Apache-2.0, approved, clearlydefined
@@ -173,12 +170,8 @@ maven/mavencentral/org.mockito/mockito-inline/5.2.0, MIT, approved, clearlydefin
 maven/mavencentral/org.mockito/mockito-junit-jupiter/5.11.0, MIT, approved, #13504
 maven/mavencentral/org.objenesis/objenesis/3.3, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.opentest4j/opentest4j/1.3.0, Apache-2.0, approved, #9713
-maven/mavencentral/org.ow2.asm/asm-analysis/9.2, BSD-3-Clause, approved, clearlydefined
-maven/mavencentral/org.ow2.asm/asm-commons/9.2, BSD-3-Clause, approved, clearlydefined
 maven/mavencentral/org.ow2.asm/asm-commons/9.5, BSD-3-Clause, approved, #7553
-maven/mavencentral/org.ow2.asm/asm-tree/9.2, BSD-3-Clause, approved, clearlydefined
 maven/mavencentral/org.ow2.asm/asm-tree/9.5, BSD-3-Clause, approved, #7555
-maven/mavencentral/org.ow2.asm/asm/9.2, BSD-3-Clause, approved, CQ23635
 maven/mavencentral/org.ow2.asm/asm/9.5, BSD-3-Clause, approved, #7554
 maven/mavencentral/org.ow2.asm/asm/9.6, BSD-3-Clause, approved, #10776
 maven/mavencentral/org.postgresql/postgresql/42.7.3, BSD-2-Clause AND Apache-2.0, approved, #11681
diff --git a/build.gradle b/build.gradle
index dfa23d53..4dabeada 100644
--- a/build.gradle
+++ b/build.gradle
@@ -189,7 +189,10 @@ tasks.register('dashDependencies') { dashDependencies ->
         def finalDeps = []
         for (final def d in deps) {
             //skip main module dependencies
-            if (d.toString() == "project :miw" || d.toString() == "project :revocation-service") {
+            if (d.toString() == "project :miw"
+                    || d.toString() == "project :revocation-service"
+                    || d.toString() == "project :wallet-commons"
+            ) {
                 println(" - " + d.toString() + " -")
 
             } else {
diff --git a/gradle.properties b/gradle.properties
index 9b250fba..4e9e6e54 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -10,6 +10,6 @@ lombokVersion=1.18.32
 gsonVersion=2.10.1
 ssiLibVersion=0.0.19
 wiremockVersion=3.4.2
-commonsDaoVersion=0.0.5
+commonsDaoVersion=1.0.1
 appGroup=org.eclipse.tractusx.managedidentitywallets
 mockInBeanVersion=boot2-v1.5.2
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ApplicationConfig.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ApplicationConfig.java
index 9cefda80..22ac481f 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ApplicationConfig.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ApplicationConfig.java
@@ -25,7 +25,6 @@
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
-import com.smartsensesolutions.java.commons.specification.SpecificationUtil;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.text.StringEscapeUtils;
 import org.eclipse.tractusx.managedidentitywallets.domain.SigningServiceType;
@@ -81,11 +80,6 @@ public ObjectMapper objectMapper() {
         return objectMapper;
     }
 
-    @Bean
-    public SpecificationUtil specificationUtil() {
-        return new SpecificationUtil<>();
-    }
-
     @Override
     public void addViewControllers(ViewControllerRegistry registry) {
         String redirectUri = properties.getPath();
@@ -117,7 +111,7 @@ public Map<SigningServiceType, SigningService> availableKeyStorages(List<Signing
         Map<SigningServiceType, SigningService> available = new EnumMap<>(SigningServiceType.class);
         storages.forEach(
                 s -> {
-                    if(s instanceof LocalSigningService local){
+                    if (s instanceof LocalSigningService local) {
                         local.setKeyProvider(localSigningKeyProvider);
                     }
                     available.put(s.getSupportedServiceType(), s);
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/entity/MIWBaseEntity.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/entity/MIWBaseEntity.java
index 2a8a5864..850bda66 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/entity/MIWBaseEntity.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/entity/MIWBaseEntity.java
@@ -22,7 +22,7 @@
 package org.eclipse.tractusx.managedidentitywallets.dao.entity;
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
-import com.smartsensesolutions.java.commons.base.entity.BaseEntity;
+import com.smartsensesolutions.commons.dao.base.BaseEntity;
 import jakarta.persistence.Column;
 import jakarta.persistence.MappedSuperclass;
 import jakarta.persistence.Temporal;
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/HoldersCredentialRepository.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/HoldersCredentialRepository.java
index ee462db3..8e9c9702 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/HoldersCredentialRepository.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/HoldersCredentialRepository.java
@@ -21,7 +21,7 @@
 
 package org.eclipse.tractusx.managedidentitywallets.dao.repository;
 
-import com.smartsensesolutions.java.commons.base.repository.BaseRepository;
+import com.smartsensesolutions.commons.dao.base.BaseRepository;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
 import org.springframework.data.jpa.repository.Query;
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/IssuersCredentialRepository.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/IssuersCredentialRepository.java
index 8b512b25..92b30788 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/IssuersCredentialRepository.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/IssuersCredentialRepository.java
@@ -21,7 +21,7 @@
 
 package org.eclipse.tractusx.managedidentitywallets.dao.repository;
 
-import com.smartsensesolutions.java.commons.base.repository.BaseRepository;
+import com.smartsensesolutions.commons.dao.base.BaseRepository;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.IssuersCredential;
 
 import java.util.List;
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/JtiRepository.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/JtiRepository.java
index 69c83a4f..0079fee1 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/JtiRepository.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/JtiRepository.java
@@ -21,7 +21,7 @@
 
 package org.eclipse.tractusx.managedidentitywallets.dao.repository;
 
-import com.smartsensesolutions.java.commons.base.repository.BaseRepository;
+import com.smartsensesolutions.commons.dao.base.BaseRepository;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.JtiRecord;
 import org.springframework.stereotype.Repository;
 
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/WalletKeyRepository.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/WalletKeyRepository.java
index 54196d73..4c403bf0 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/WalletKeyRepository.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/WalletKeyRepository.java
@@ -21,7 +21,7 @@
 
 package org.eclipse.tractusx.managedidentitywallets.dao.repository;
 
-import com.smartsensesolutions.java.commons.base.repository.BaseRepository;
+import com.smartsensesolutions.commons.dao.base.BaseRepository;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.WalletKey;
 import org.springframework.stereotype.Repository;
 
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/WalletRepository.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/WalletRepository.java
index 4020d004..d23529e6 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/WalletRepository.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/WalletRepository.java
@@ -21,7 +21,7 @@
 
 package org.eclipse.tractusx.managedidentitywallets.dao.repository;
 
-import com.smartsensesolutions.java.commons.base.repository.BaseRepository;
+import com.smartsensesolutions.commons.dao.base.BaseRepository;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
 import org.springframework.stereotype.Repository;
 
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java
index 4eae8b25..4d53a952 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java
@@ -21,14 +21,12 @@
 
 package org.eclipse.tractusx.managedidentitywallets.service;
 
-import com.smartsensesolutions.java.commons.FilterRequest;
-import com.smartsensesolutions.java.commons.base.repository.BaseRepository;
-import com.smartsensesolutions.java.commons.base.service.BaseService;
-import com.smartsensesolutions.java.commons.criteria.CriteriaOperator;
-import com.smartsensesolutions.java.commons.operator.Operator;
-import com.smartsensesolutions.java.commons.sort.Sort;
-import com.smartsensesolutions.java.commons.sort.SortType;
-import com.smartsensesolutions.java.commons.specification.SpecificationUtil;
+import com.smartsensesolutions.commons.dao.base.BaseRepository;
+import com.smartsensesolutions.commons.dao.base.BaseService;
+import com.smartsensesolutions.commons.dao.filter.FilterRequest;
+import com.smartsensesolutions.commons.dao.filter.sort.Sort;
+import com.smartsensesolutions.commons.dao.filter.sort.SortType;
+import com.smartsensesolutions.commons.dao.operator.Operator;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.text.StringEscapeUtils;
@@ -78,8 +76,6 @@ public class HoldersCredentialService extends BaseService<HoldersCredential, Lon
 
     private final CommonService commonService;
 
-    private final SpecificationUtil<HoldersCredential> credentialSpecificationUtil;
-
     private final Map<SigningServiceType, SigningService> availableSigningServices;
 
     private final RevocationService revocationService;
@@ -90,11 +86,6 @@ protected BaseRepository<HoldersCredential, Long> getRepository() {
         return holdersCredentialRepository;
     }
 
-    @Override
-    protected SpecificationUtil<HoldersCredential> getSpecificationUtil() {
-        return credentialSpecificationUtil;
-    }
-
 
     /**
      * Gets credentials.
@@ -119,21 +110,17 @@ public PageImpl<CredentialsResponse> getCredentials(GetCredentialsCommand comman
         if (StringUtils.hasText(command.getCredentialId())) {
             filterRequest.appendCriteria(StringPool.CREDENTIAL_ID, Operator.EQUALS, command.getCredentialId());
         }
-        FilterRequest request = new FilterRequest();
         if (!CollectionUtils.isEmpty(command.getType())) {
-            request.setPage(filterRequest.getPage());
-            request.setSize(filterRequest.getSize());
-            request.setCriteriaOperator(CriteriaOperator.OR);
             for (String str : command.getType()) {
-                request.appendCriteria(StringPool.TYPE, Operator.CONTAIN, str);
+                filterRequest.appendOrCriteria(StringPool.TYPE, Operator.CONTAIN, str);
             }
         }
 
         Sort sort = new Sort();
         sort.setColumn(command.getSortColumn());
         sort.setSortType(SortType.valueOf(command.getSortType().toUpperCase()));
-        filterRequest.setSort(sort);
-        Page<HoldersCredential> filter = filter(filterRequest, request, CriteriaOperator.AND);
+        filterRequest.setSort(List.of(sort));
+        Page<HoldersCredential> filter = filter(filterRequest);
 
         List<CredentialsResponse> list = new ArrayList<>(filter.getContent().size());
 
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java
index 6f1592dc..fbdf58c6 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java
@@ -23,14 +23,12 @@
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.nimbusds.jwt.SignedJWT;
-import com.smartsensesolutions.java.commons.FilterRequest;
-import com.smartsensesolutions.java.commons.base.repository.BaseRepository;
-import com.smartsensesolutions.java.commons.base.service.BaseService;
-import com.smartsensesolutions.java.commons.criteria.CriteriaOperator;
-import com.smartsensesolutions.java.commons.operator.Operator;
-import com.smartsensesolutions.java.commons.sort.Sort;
-import com.smartsensesolutions.java.commons.sort.SortType;
-import com.smartsensesolutions.java.commons.specification.SpecificationUtil;
+import com.smartsensesolutions.commons.dao.base.BaseRepository;
+import com.smartsensesolutions.commons.dao.base.BaseService;
+import com.smartsensesolutions.commons.dao.filter.FilterRequest;
+import com.smartsensesolutions.commons.dao.filter.sort.Sort;
+import com.smartsensesolutions.commons.dao.filter.sort.SortType;
+import com.smartsensesolutions.commons.dao.operator.Operator;
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
@@ -105,8 +103,6 @@ public class IssuersCredentialService extends BaseService<IssuersCredential, Lon
     private final IssuersCredentialRepository issuersCredentialRepository;
     private final MIWSettings miwSettings;
 
-    private final SpecificationUtil<IssuersCredential> credentialSpecificationUtil;
-
     private final HoldersCredentialRepository holdersCredentialRepository;
 
     private final CommonService commonService;
@@ -125,11 +121,6 @@ protected BaseRepository<IssuersCredential, Long> getRepository() {
         return issuersCredentialRepository;
     }
 
-    @Override
-    protected SpecificationUtil<IssuersCredential> getSpecificationUtil() {
-        return credentialSpecificationUtil;
-    }
-
 
     /**
      * Gets credentials.
@@ -154,21 +145,17 @@ public PageImpl<CredentialsResponse> getCredentials(GetCredentialsCommand comman
         if (StringUtils.hasText(command.getCredentialId())) {
             filterRequest.appendCriteria(StringPool.CREDENTIAL_ID, Operator.EQUALS, command.getCredentialId());
         }
-        FilterRequest request = new FilterRequest();
         if (!CollectionUtils.isEmpty(command.getType())) {
-            request.setPage(filterRequest.getPage());
-            request.setSize(filterRequest.getSize());
-            request.setCriteriaOperator(CriteriaOperator.OR);
             for (String str : command.getType()) {
-                request.appendCriteria(StringPool.TYPE, Operator.CONTAIN, str);
+                filterRequest.appendOrCriteria(StringPool.TYPE, Operator.CONTAIN, str);
             }
         }
 
         Sort sort = new Sort();
         sort.setColumn(command.getSortColumn());
         sort.setSortType(SortType.valueOf(command.getSortType().toUpperCase()));
-        filterRequest.setSort(sort);
-        Page<IssuersCredential> filter = filter(filterRequest, request, CriteriaOperator.AND);
+        filterRequest.setSort(List.of(sort));
+        Page<IssuersCredential> filter = super.filter(filterRequest);
 
         List<CredentialsResponse> list = new ArrayList<>(filter.getContent().size());
 
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java
index e5c1b169..5eae9e44 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java
@@ -24,9 +24,8 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
-import com.smartsensesolutions.java.commons.base.repository.BaseRepository;
-import com.smartsensesolutions.java.commons.base.service.BaseService;
-import com.smartsensesolutions.java.commons.specification.SpecificationUtil;
+import com.smartsensesolutions.commons.dao.base.BaseRepository;
+import com.smartsensesolutions.commons.dao.base.BaseService;
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
@@ -85,8 +84,6 @@ public class PresentationService extends BaseService<HoldersCredential, Long> {
 
     private final HoldersCredentialRepository holdersCredentialRepository;
 
-    private final SpecificationUtil<HoldersCredential> credentialSpecificationUtil;
-
     private final CommonService commonService;
 
 
@@ -105,10 +102,6 @@ protected BaseRepository<HoldersCredential, Long> getRepository() {
         return holdersCredentialRepository;
     }
 
-    @Override
-    protected SpecificationUtil<HoldersCredential> getSpecificationUtil() {
-        return credentialSpecificationUtil;
-    }
 
     /**
      * Create presentation map.
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletKeyService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletKeyService.java
index 548a8bfe..5f7f7dde 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletKeyService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletKeyService.java
@@ -21,9 +21,8 @@
 
 package org.eclipse.tractusx.managedidentitywallets.service;
 
-import com.smartsensesolutions.java.commons.base.repository.BaseRepository;
-import com.smartsensesolutions.java.commons.base.service.BaseService;
-import com.smartsensesolutions.java.commons.specification.SpecificationUtil;
+import com.smartsensesolutions.commons.dao.base.BaseRepository;
+import com.smartsensesolutions.commons.dao.base.BaseService;
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 import org.bouncycastle.util.io.pem.PemReader;
@@ -55,7 +54,6 @@ public class WalletKeyService extends BaseService<WalletKey, Long> {
 
     private final WalletKeyRepository walletKeyRepository;
 
-    private final SpecificationUtil<WalletKey> specificationUtil;
 
     private final EncryptionUtils encryptionUtils;
 
@@ -64,10 +62,6 @@ public BaseRepository<WalletKey, Long> getRepository() {
         return walletKeyRepository;
     }
 
-    @Override
-    protected SpecificationUtil<WalletKey> getSpecificationUtil() {
-        return specificationUtil;
-    }
 
     /**
      * Get private key by wallet identifier as bytes byte [ ].
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java
index 76237e05..20147370 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java
@@ -25,12 +25,11 @@
 import com.nimbusds.jose.jwk.ECKey;
 import com.nimbusds.jose.jwk.KeyType;
 import com.nimbusds.jose.jwk.KeyUse;
-import com.smartsensesolutions.java.commons.FilterRequest;
-import com.smartsensesolutions.java.commons.base.repository.BaseRepository;
-import com.smartsensesolutions.java.commons.base.service.BaseService;
-import com.smartsensesolutions.java.commons.sort.Sort;
-import com.smartsensesolutions.java.commons.sort.SortType;
-import com.smartsensesolutions.java.commons.specification.SpecificationUtil;
+import com.smartsensesolutions.commons.dao.base.BaseRepository;
+import com.smartsensesolutions.commons.dao.base.BaseService;
+import com.smartsensesolutions.commons.dao.filter.FilterRequest;
+import com.smartsensesolutions.commons.dao.filter.sort.Sort;
+import com.smartsensesolutions.commons.dao.filter.sort.SortType;
 import jakarta.annotation.PostConstruct;
 import jakarta.transaction.Transactional;
 import lombok.RequiredArgsConstructor;
@@ -99,8 +98,6 @@ public class WalletService extends BaseService<Wallet, Long> {
 
     private final HoldersCredentialRepository holdersCredentialRepository;
 
-    private final SpecificationUtil<Wallet> walletSpecificationUtil;
-
     private final CommonService commonService;
 
     private final Map<SigningServiceType, SigningService> availableSigningServices;
@@ -116,10 +113,6 @@ protected BaseRepository<Wallet, Long> getRepository() {
         return walletRepository;
     }
 
-    @Override
-    protected SpecificationUtil<Wallet> getSpecificationUtil() {
-        return walletSpecificationUtil;
-    }
 
     /**
      * Store credential map.
@@ -201,7 +194,7 @@ public Page<Wallet> getWallets(int pageNumber, int size, String sortColumn, Stri
         Sort sort = new Sort();
         sort.setColumn(sortColumn);
         sort.setSortType(SortType.valueOf(sortType.toUpperCase()));
-        filterRequest.setSort(sort);
+        filterRequest.setSort(List.of(sort));
         return filter(filterRequest);
     }
 
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialServiceTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialServiceTest.java
index 4127dc59..056e9a49 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialServiceTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialServiceTest.java
@@ -25,7 +25,6 @@
 import com.github.tomakehurst.wiremock.junit5.WireMockExtension;
 import com.nimbusds.jose.JWSObject;
 import com.nimbusds.jwt.SignedJWT;
-import com.smartsensesolutions.java.commons.specification.SpecificationUtil;
 import lombok.SneakyThrows;
 import org.apache.commons.lang3.time.DateUtils;
 import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
@@ -33,7 +32,6 @@
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
 import org.eclipse.tractusx.managedidentitywallets.config.RevocationSettings;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential;
-import org.eclipse.tractusx.managedidentitywallets.dao.entity.IssuersCredential;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.WalletKey;
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.HoldersCredentialRepository;
@@ -152,7 +150,6 @@ public static void beforeAll() throws SQLException {
         issuersCredentialService = new IssuersCredentialService(
                 issuersCredentialRepository,
                 miwSettings,
-                new SpecificationUtil<IssuersCredential>(),
                 holdersCredentialRepository, commonService, objectMapper, revocationService, revocationSettings);
     }
 

From 4ebed6f93a44217e95ec213d58a5b898d99a36b5 Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Tue, 18 Jun 2024 11:49:52 +0530
Subject: [PATCH 16/48] test: check if VC is has credential status

---
 .../service/HoldersCredentialService.java            | 12 ++++++++++++
 .../vc/HoldersCredentialTest.java                    |  2 ++
 .../vc/IssuersCredentialTest.java                    |  1 +
 3 files changed, 15 insertions(+)

diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java
index 4d53a952..db21186e 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java
@@ -35,6 +35,7 @@
 import org.eclipse.tractusx.managedidentitywallets.commons.constant.SupportedAlgorithms;
 import org.eclipse.tractusx.managedidentitywallets.commons.exception.ForbiddenException;
 import org.eclipse.tractusx.managedidentitywallets.commons.utils.Validate;
+import org.eclipse.tractusx.managedidentitywallets.config.RevocationSettings;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.HoldersCredentialRepository;
@@ -54,6 +55,7 @@
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
+import java.net.URI;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
@@ -80,6 +82,8 @@ public class HoldersCredentialService extends BaseService<HoldersCredential, Lon
 
     private final RevocationService revocationService;
 
+    private final RevocationSettings revocationSettings;
+
 
     @Override
     protected BaseRepository<HoldersCredential, Long> getRepository() {
@@ -192,6 +196,14 @@ public CredentialsResponse issueCredential(Map<String, Object> data, String call
             //get credential status in case of revocation
             VerifiableCredentialStatusList2021Entry statusListEntry = revocationService.getStatusListEntry(issuerWallet.getBpn(), token);
             builder.verifiableCredentialStatus(statusListEntry);
+
+            //add revocation context if missing
+            List<URI> uris = verifiableCredential.getContext();
+            if (!uris.contains(revocationSettings.bitStringStatusListContext())) {
+                uris.add(revocationSettings.bitStringStatusListContext());
+                builder.contexts(uris);
+            }
+
         }
 
         CredentialCreationConfig holdersCredentialCreationConfig = builder.build();
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java
index 16efe6b5..0eea9a1d 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java
@@ -150,6 +150,8 @@ void issueCredentialTest200() throws JsonProcessingException {
         Assertions.assertEquals(HttpStatus.CREATED.value(), response.getStatusCode().value());
         VerifiableCredential verifiableCredential = new VerifiableCredential(new ObjectMapper().readValue(response.getBody(), Map.class));
         Assertions.assertNotNull(verifiableCredential.getProof());
+        Assertions.assertNotNull(verifiableCredential.getVerifiableCredentialStatus());
+
 
         List<HoldersCredential> credentials = holdersCredentialRepository.getByHolderDidAndType(did, type);
         Assertions.assertFalse(credentials.isEmpty());
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java
index 52f73c4d..ea8074e4 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java
@@ -237,6 +237,7 @@ void issueCredentialsToBaseWallet200() throws JsonProcessingException {
         VerifiableCredential verifiableCredential = TestUtils.issueCustomVCUsingBaseWallet(baseBpn, miwSettings.authorityWalletDid(), miwSettings.authorityWalletDid(), type, headers, miwSettings, objectMapper, restTemplate);
 
         Assertions.assertNotNull(verifiableCredential.getProof());
+        Assertions.assertNotNull(verifiableCredential.getVerifiableCredentialStatus());
 
         List<HoldersCredential> credentials = holdersCredentialRepository.getByHolderDidAndType(miwSettings.authorityWalletDid(), type);
         Assertions.assertFalse(credentials.isEmpty());

From 60e3a5ccf7a77a6efc6428650d9f3091e6002707 Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Tue, 18 Jun 2024 16:31:14 +0530
Subject: [PATCH 17/48] fix: dependencies addded at individual project level

---
 build.gradle                     | 105 +++++++++--------
 DEPENDENCIES => miw/DEPENDENCIES |  18 ---
 revocation-service/DEPENDENCIES  | 194 +++++++++++++++++++++++++++++++
 wallet-commons/DEPENDENCIES      |  41 +++++++
 4 files changed, 287 insertions(+), 71 deletions(-)
 rename DEPENDENCIES => miw/DEPENDENCIES (92%)
 create mode 100644 revocation-service/DEPENDENCIES
 create mode 100644 wallet-commons/DEPENDENCIES

diff --git a/build.gradle b/build.gradle
index 4dabeada..5a7acd2f 100644
--- a/build.gradle
+++ b/build.gradle
@@ -144,34 +144,32 @@ subprojects {
     }
 
     check.dependsOn jacocoTestCoverageVerification
-}
 
 
-tasks.register('dashDownload', Download) {
-    description = 'Download the Dash License Tool standalone jar'
-    group = 'License'
-    src 'https://repo.eclipse.org/service/local/artifact/maven/redirect?r=dash-licenses&g=org.eclipse.dash&a=org.eclipse.dash.licenses&v=LATEST'
-    dest rootProject.file('dash.jar')
-    overwrite false
-}
+    tasks.register('dashDownload', Download) {
+        description = 'Download the Dash License Tool standalone jar'
+        group = 'License'
+        src 'https://repo.eclipse.org/service/local/artifact/maven/redirect?r=dash-licenses&g=org.eclipse.dash&a=org.eclipse.dash.licenses&v=LATEST'
+        dest rootProject.file('dash.jar')
+        overwrite false
+    }
 
 // This task is primarily used by CIs
-tasks.register('dashClean') {
-    description = "Clean all files used by the 'License' group"
-    group = 'License'
-    logger.lifecycle("Removing 'dash.jar'")
-    rootProject.file('dash.jar').delete()
-    logger.lifecycle("Removing 'deps.txt'")
-    file('deps.txt').delete()
-}
+    tasks.register('dashClean') {
+        description = "Clean all files used by the 'License' group"
+        group = 'License'
+        logger.lifecycle("Removing 'dash.jar'")
+        rootProject.file('dash.jar').delete()
+        logger.lifecycle("Removing 'deps.txt'")
+        file('deps.txt').delete()
+    }
 
-tasks.register('dashDependencies') { dashDependencies ->
-    description = "Output all project dependencies as a flat list and save an intermediate file 'deps.txt'."
-    group = 'License'
-    dashDependencies.dependsOn('dashDownload')
-    doLast {
-        def deps = []
-        project.allprojects.each { project ->
+    tasks.register('dashDependencies') { dashDependencies ->
+        description = "Output all project dependencies as a flat list and save an intermediate file 'deps.txt'."
+        group = 'License'
+        dashDependencies.dependsOn('dashDownload')
+        doLast {
+            def deps = []
             project.configurations.each { conf ->
                 // resolving 'archives' or 'default' is deprecated
                 if (conf.canBeResolved && conf.getName() != 'archives' && conf.getName() != 'default') {
@@ -184,40 +182,41 @@ tasks.register('dashDependencies') { dashDependencies ->
                     )
                 }
             }
-        }
 
-        def finalDeps = []
-        for (final def d in deps) {
-            //skip main module dependencies
-            if (d.toString() == "project :miw"
-                    || d.toString() == "project :revocation-service"
-                    || d.toString() == "project :wallet-commons"
-            ) {
-                println(" - " + d.toString() + " -")
-
-            } else {
-                finalDeps.add(d)
+            def finalDeps = []
+            for (final def d in deps) {
+                //skip main module dependencies
+                if (d.toString() == "project :miw"
+                        || d.toString() == "project :revocation-service"
+                        || d.toString() == "project :wallet-commons"
+                ) {
+                    println(" - " + d.toString() + " -")
+
+                } else {
+                    finalDeps.add(d)
+                }
             }
-        }
 
-        def uniqueSorted = finalDeps.unique().sort()
-        uniqueSorted.each { logger.quiet("{}", it) }
-        file("deps.txt").write(uniqueSorted.join('\n'))
+            def uniqueSorted = finalDeps.unique().sort()
+            uniqueSorted.each { logger.quiet("{}", it) }
+            file("deps.txt").write(uniqueSorted.join('\n'))
+        }
     }
-}
 
-tasks.register('dashLicenseCheck', JavaExec) { dashLicenseCheck ->
-    description = "Run the Dash License Tool and save the summary in the 'DEPENDENCIES' file"
-    group = 'License'
-    dashLicenseCheck.dependsOn('dashDownload')
-    dashLicenseCheck.dependsOn('dashDependencies')
-    doFirst {
-        classpath = rootProject.files('dash.jar')
-        // docs: https://eclipse-tractusx.github.io/docs/release/trg-7/trg-7-04
-        args('-project', 'automotive.tractusx', '-summary', 'DEPENDENCIES', 'deps.txt')
-    }
-    doLast {
-        logger.lifecycle("Removing 'deps.txt' now.")
-        file('deps.txt').delete()
+    tasks.register('dashLicenseCheck', JavaExec) { dashLicenseCheck ->
+        description = "Run the Dash License Tool and save the summary in the 'DEPENDENCIES' file"
+        group = 'License'
+        dashLicenseCheck.dependsOn('dashDownload')
+        dashLicenseCheck.dependsOn('dashDependencies')
+        doFirst {
+            classpath = rootProject.files('dash.jar')
+            // docs: https://eclipse-tractusx.github.io/docs/release/trg-7/trg-7-04
+            args('-project', 'automotive.tractusx', '-summary', 'DEPENDENCIES', 'deps.txt')
+        }
+        doLast {
+            logger.lifecycle("Removing 'deps.txt' now.")
+            file('deps.txt').delete()
+        }
     }
+
 }
diff --git a/DEPENDENCIES b/miw/DEPENDENCIES
similarity index 92%
rename from DEPENDENCIES
rename to miw/DEPENDENCIES
index 7f02ffed..9f92211f 100644
--- a/DEPENDENCIES
+++ b/miw/DEPENDENCIES
@@ -19,11 +19,8 @@ maven/mavencentral/com.github.ben-manes.caffeine/caffeine/3.1.8, Apache-2.0, app
 maven/mavencentral/com.github.curious-odd-man/rgxgen/1.4, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.github.dasniko/testcontainers-keycloak/2.5.0, Apache-2.0, approved, #9175
 maven/mavencentral/com.github.docker-java/docker-java-api/3.3.4, Apache-2.0, approved, #10346
-maven/mavencentral/com.github.docker-java/docker-java-api/3.3.6, Apache-2.0, approved, #10346
 maven/mavencentral/com.github.docker-java/docker-java-transport-zerodep/3.3.4, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #15251
-maven/mavencentral/com.github.docker-java/docker-java-transport-zerodep/3.3.6, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #15251
 maven/mavencentral/com.github.docker-java/docker-java-transport/3.3.4, Apache-2.0, approved, #7942
-maven/mavencentral/com.github.docker-java/docker-java-transport/3.3.6, Apache-2.0, approved, #7942
 maven/mavencentral/com.github.java-json-tools/btf/1.3, Apache-2.0 OR LGPL-3.0-only, approved, #15201
 maven/mavencentral/com.github.java-json-tools/jackson-coreutils/2.0, Apache-2.0 OR LGPL-3.0-or-later, approved, #15186
 maven/mavencentral/com.github.java-json-tools/json-patch/1.13, Apache-2.0 OR LGPL-3.0-or-later, approved, CQ23929
@@ -36,13 +33,9 @@ maven/mavencentral/com.google.crypto.tink/tink/1.11.0, Apache-2.0, approved, #10
 maven/mavencentral/com.google.errorprone/error_prone_annotations/2.21.1, Apache-2.0, approved, #9834
 maven/mavencentral/com.google.protobuf/protobuf-java/3.19.6, BSD-3-Clause, approved, clearlydefined
 maven/mavencentral/com.h2database/h2/2.2.220, (EPL-1.0 OR MPL-2.0) AND (LGPL-3.0-or-later OR EPL-1.0 OR MPL-2.0), approved, #9322
-maven/mavencentral/com.h2database/h2/2.2.224, (EPL-1.0 OR MPL-2.0) AND (LGPL-3.0-or-later OR EPL-1.0 OR MPL-2.0), approved, #9322
 maven/mavencentral/com.ibm.async/asyncutil/0.1.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.jayway.jsonpath/json-path/2.9.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/com.nimbusds/content-type/2.2, Apache-2.0, approved, clearlydefined
-maven/mavencentral/com.nimbusds/lang-tag/1.7, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.37.3, Apache-2.0, approved, #11701
-maven/mavencentral/com.nimbusds/oauth2-oidc-sdk/9.43.4, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.opencsv/opencsv/5.9, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.smartsensesolutions/commons-dao/1.0.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/com.sun.activation/jakarta.activation/1.2.1, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
@@ -175,7 +168,6 @@ maven/mavencentral/org.ow2.asm/asm-tree/9.5, BSD-3-Clause, approved, #7555
 maven/mavencentral/org.ow2.asm/asm/9.5, BSD-3-Clause, approved, #7554
 maven/mavencentral/org.ow2.asm/asm/9.6, BSD-3-Clause, approved, #10776
 maven/mavencentral/org.postgresql/postgresql/42.7.3, BSD-2-Clause AND Apache-2.0, approved, #11681
-maven/mavencentral/org.projectlombok/lombok/1.18.32, MIT, approved, #15192
 maven/mavencentral/org.projectlombok/lombok/1.18.34, MIT, approved, #15192
 maven/mavencentral/org.reactivestreams/reactive-streams/1.0.4, CC0-1.0, approved, CQ16332
 maven/mavencentral/org.rnorth.duct-tape/duct-tape/1.0.8, MIT, approved, clearlydefined
@@ -195,8 +187,6 @@ maven/mavencentral/org.springframework.boot/spring-boot-starter-data-jpa/3.3.2,
 maven/mavencentral/org.springframework.boot/spring-boot-starter-jdbc/3.3.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.boot/spring-boot-starter-json/3.3.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.boot/spring-boot-starter-logging/3.3.2, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springframework.boot/spring-boot-starter-oauth2-client/3.3.2, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springframework.boot/spring-boot-starter-oauth2-resource-server/3.3.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.boot/spring-boot-starter-security/3.3.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.boot/spring-boot-starter-test/3.3.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.boot/spring-boot-starter-tomcat/3.3.2, Apache-2.0, approved, clearlydefined
@@ -205,7 +195,6 @@ maven/mavencentral/org.springframework.boot/spring-boot-starter-web/3.3.2, Apach
 maven/mavencentral/org.springframework.boot/spring-boot-starter/3.3.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.boot/spring-boot-test-autoconfigure/3.3.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.boot/spring-boot-test/3.3.2, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springframework.boot/spring-boot-testcontainers/3.3.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.boot/spring-boot/3.3.2, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.cloud/spring-cloud-commons/4.1.4, Apache-2.0, approved, #13495
 maven/mavencentral/org.springframework.cloud/spring-cloud-context/4.1.4, Apache-2.0, approved, #13494
@@ -217,12 +206,10 @@ maven/mavencentral/org.springframework.data/spring-data-jpa/3.3.2, Apache-2.0, a
 maven/mavencentral/org.springframework.security/spring-security-config/6.3.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.security/spring-security-core/6.3.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.security/spring-security-crypto/6.3.1, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springframework.security/spring-security-oauth2-client/6.3.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.security/spring-security-oauth2-core/6.3.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.security/spring-security-oauth2-jose/6.3.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.security/spring-security-oauth2-resource-server/6.3.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.security/spring-security-rsa/1.1.3, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springframework.security/spring-security-test/6.3.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework.security/spring-security-web/6.3.1, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.springframework/spring-aop/6.1.11, Apache-2.0, approved, #15221
 maven/mavencentral/org.springframework/spring-aspects/6.1.11, Apache-2.0, approved, #15193
@@ -238,15 +225,10 @@ maven/mavencentral/org.springframework/spring-tx/6.1.11, Apache-2.0, approved, #
 maven/mavencentral/org.springframework/spring-web/6.1.11, Apache-2.0, approved, #15188
 maven/mavencentral/org.springframework/spring-webmvc/6.1.11, Apache-2.0, approved, #15182
 maven/mavencentral/org.testcontainers/database-commons/1.19.3, Apache-2.0, approved, #10345
-maven/mavencentral/org.testcontainers/database-commons/1.19.8, Apache-2.0, approved, #10345
 maven/mavencentral/org.testcontainers/jdbc/1.19.3, Apache-2.0, approved, #10348
-maven/mavencentral/org.testcontainers/jdbc/1.19.8, Apache-2.0, approved, #10348
 maven/mavencentral/org.testcontainers/junit-jupiter/1.19.3, MIT, approved, #10344
-maven/mavencentral/org.testcontainers/junit-jupiter/1.19.8, MIT, approved, #10344
 maven/mavencentral/org.testcontainers/postgresql/1.19.3, MIT, approved, #10350
-maven/mavencentral/org.testcontainers/postgresql/1.19.8, MIT, approved, #10350
 maven/mavencentral/org.testcontainers/testcontainers/1.19.3, Apache-2.0 AND MIT, approved, #10347
-maven/mavencentral/org.testcontainers/testcontainers/1.19.8, MIT, approved, #15203
 maven/mavencentral/org.webjars/swagger-ui/5.13.0, Apache-2.0, approved, #14547
 maven/mavencentral/org.wiremock/wiremock-standalone/3.4.2, MIT AND Apache-2.0, approved, #14889
 maven/mavencentral/org.xmlunit/xmlunit-core/2.9.1, Apache-2.0, approved, #6272
diff --git a/revocation-service/DEPENDENCIES b/revocation-service/DEPENDENCIES
new file mode 100644
index 00000000..17dac72b
--- /dev/null
+++ b/revocation-service/DEPENDENCIES
@@ -0,0 +1,194 @@
+maven/mavencentral/ch.qos.logback/logback-classic/1.5.6, EPL-1.0 AND LGPL-2.1-only, approved, #15279
+maven/mavencentral/ch.qos.logback/logback-core/1.5.6, EPL-1.0 AND LGPL-2.1-only, approved, #15210
+maven/mavencentral/com.apicatalog/titanium-json-ld/1.3.3, Apache-2.0, approved, #8912
+maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.17.2, Apache-2.0, approved, #13672
+maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.17.2, , approved, #13665
+maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.17.2, Apache-2.0, approved, #13671
+maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/2.17.2, Apache-2.0, approved, #13666
+maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.17.2, Apache-2.0, approved, #13669
+maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jdk8/2.17.2, Apache-2.0, approved, #15117
+maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.17.2, Apache-2.0, approved, #14160
+maven/mavencentral/com.fasterxml.jackson.module/jackson-module-parameter-names/2.17.2, Apache-2.0, approved, #15122
+maven/mavencentral/com.fasterxml.jackson/jackson-bom/2.17.2, Apache-2.0, approved, #14162
+maven/mavencentral/com.fasterxml.woodstox/woodstox-core/6.7.0, Apache-2.0, approved, #15476
+maven/mavencentral/com.fasterxml/classmate/1.7.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/com.github.ben-manes.caffeine/caffeine/3.1.8, Apache-2.0, approved, clearlydefined
+maven/mavencentral/com.github.docker-java/docker-java-api/3.3.6, Apache-2.0, approved, #10346
+maven/mavencentral/com.github.docker-java/docker-java-transport-zerodep/3.3.6, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #15251
+maven/mavencentral/com.github.docker-java/docker-java-transport/3.3.6, Apache-2.0, approved, #7942
+maven/mavencentral/com.github.multiformats/java-multibase/v1.1.0, MIT AND BSD-3-Clause AND EPL-1.0 AND Apache-2.0, approved, #4095
+maven/mavencentral/com.github.stephenc.jcip/jcip-annotations/1.0-1, Apache-2.0, approved, CQ21949
+maven/mavencentral/com.google.code.findbugs/jsr305/3.0.2, CC-BY-2.5, approved, #15220
+maven/mavencentral/com.google.code.gson/gson/2.10.1, Apache-2.0, approved, #6159
+maven/mavencentral/com.google.crypto.tink/tink/1.11.0, Apache-2.0, approved, #10719
+maven/mavencentral/com.google.errorprone/error_prone_annotations/2.21.1, Apache-2.0, approved, #9834
+maven/mavencentral/com.google.protobuf/protobuf-java/3.19.6, BSD-3-Clause, approved, clearlydefined
+maven/mavencentral/com.h2database/h2/2.2.224, (EPL-1.0 OR MPL-2.0) AND (LGPL-3.0-or-later OR EPL-1.0 OR MPL-2.0), approved, #9322
+maven/mavencentral/com.jayway.jsonpath/json-path/2.9.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/com.nimbusds/content-type/2.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/com.nimbusds/lang-tag/1.7, Apache-2.0, approved, clearlydefined
+maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.37.3, Apache-2.0, approved, #11701
+maven/mavencentral/com.nimbusds/oauth2-oidc-sdk/9.43.4, Apache-2.0, approved, clearlydefined
+maven/mavencentral/com.opencsv/opencsv/5.9, Apache-2.0, approved, clearlydefined
+maven/mavencentral/com.sun.istack/istack-commons-runtime/4.1.2, BSD-3-Clause, approved, #15290
+maven/mavencentral/com.vaadin.external.google/android-json/0.0.20131108.vaadin1, Apache-2.0, approved, CQ21310
+maven/mavencentral/com.zaxxer/HikariCP/5.1.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/commons-beanutils/commons-beanutils/1.9.4, Apache-2.0, approved, CQ12654
+maven/mavencentral/commons-collections/commons-collections/3.2.2, Apache-2.0, approved, #15185
+maven/mavencentral/commons-digester/commons-digester/2.1, Apache-2.0, approved, clearlydefined
+maven/mavencentral/commons-fileupload/commons-fileupload/1.5, Apache-2.0, approved, #7109
+maven/mavencentral/commons-io/commons-io/2.11.0, Apache-2.0, approved, CQ23745
+maven/mavencentral/commons-logging/commons-logging/1.2, Apache-2.0, approved, CQ10162
+maven/mavencentral/commons-validator/commons-validator/1.7, Apache-2.0, approved, clearlydefined
+maven/mavencentral/io.github.openfeign.form/feign-form-spring/3.8.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/io.github.openfeign.form/feign-form/3.8.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/io.github.openfeign/feign-core/13.3, Apache-2.0, approved, clearlydefined
+maven/mavencentral/io.github.openfeign/feign-slf4j/13.3, Apache-2.0, approved, clearlydefined
+maven/mavencentral/io.micrometer/micrometer-commons/1.13.2, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #14826
+maven/mavencentral/io.micrometer/micrometer-core/1.13.2, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #14827
+maven/mavencentral/io.micrometer/micrometer-jakarta9/1.13.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/io.micrometer/micrometer-observation/1.13.2, Apache-2.0, approved, #14829
+maven/mavencentral/io.setl/rdf-urdna/1.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/io.smallrye/jandex/3.1.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/io.swagger.core.v3/swagger-annotations-jakarta/2.2.21, Apache-2.0, approved, #5947
+maven/mavencentral/io.swagger.core.v3/swagger-core-jakarta/2.2.21, Apache-2.0, approved, #5929
+maven/mavencentral/io.swagger.core.v3/swagger-models-jakarta/2.2.21, Apache-2.0, approved, #5919
+maven/mavencentral/jakarta.activation/jakarta.activation-api/2.1.3, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
+maven/mavencentral/jakarta.annotation/jakarta.annotation-api/2.1.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.ca
+maven/mavencentral/jakarta.inject/jakarta.inject-api/2.0.1, Apache-2.0, approved, ee4j.cdi
+maven/mavencentral/jakarta.json/jakarta.json-api/2.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jsonp
+maven/mavencentral/jakarta.persistence/jakarta.persistence-api/3.1.0, EPL-2.0 OR BSD-3-Clause, approved, ee4j.jpa
+maven/mavencentral/jakarta.transaction/jakarta.transaction-api/2.0.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jta
+maven/mavencentral/jakarta.validation/jakarta.validation-api/3.0.2, Apache-2.0, approved, ee4j.validation
+maven/mavencentral/jakarta.xml.bind/jakarta.xml.bind-api/4.0.2, BSD-3-Clause, approved, ee4j.jaxb
+maven/mavencentral/javax.xml.bind/jaxb-api/2.3.1, CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, CQ16911
+maven/mavencentral/junit/junit/4.13.2, EPL-2.0, approved, CQ23636
+maven/mavencentral/net.bytebuddy/byte-buddy-agent/1.14.18, Apache-2.0, approved, #7164
+maven/mavencentral/net.bytebuddy/byte-buddy/1.14.18, Apache-2.0 AND BSD-3-Clause, approved, #7163
+maven/mavencentral/net.i2p.crypto/eddsa/0.3.0, CC0-1.0, approved, CQ22537
+maven/mavencentral/net.java.dev.jna/jna/5.13.0, Apache-2.0 AND LGPL-2.1-or-later, approved, #15196
+maven/mavencentral/net.minidev/accessors-smart/2.5.1, Apache-2.0, approved, clearlydefined
+maven/mavencentral/net.minidev/json-smart/2.5.1, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.antlr/antlr4-runtime/4.13.0, BSD-3-Clause, approved, #10767
+maven/mavencentral/org.apache.commons/commons-collections4/4.4, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.apache.commons/commons-compress/1.24.0, Apache-2.0 AND BSD-3-Clause AND bzip2-1.0.6 AND LicenseRef-Public-Domain, approved, #10368
+maven/mavencentral/org.apache.commons/commons-lang3/3.14.0, Apache-2.0, approved, #11677
+maven/mavencentral/org.apache.commons/commons-text/1.11.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.apache.logging.log4j/log4j-api/2.23.1, Apache-2.0, approved, #13368
+maven/mavencentral/org.apache.logging.log4j/log4j-to-slf4j/2.23.1, Apache-2.0, approved, #15121
+maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-core/10.1.26, Apache-2.0 AND (EPL-2.0 OR (GPL-2.0 WITH Classpath-exception-2.0)) AND CDDL-1.0 AND (CDDL-1.1 OR (GPL-2.0-only WITH Classpath-exception-2.0)) AND EPL-2.0, approved, #15195
+maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-el/10.1.26, Apache-2.0, approved, #6997
+maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-websocket/10.1.26, Apache-2.0, approved, #7920
+maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.aspectj/aspectjweaver/1.9.22.1, Apache-2.0 AND BSD-3-Clause AND EPL-1.0 AND BSD-3-Clause AND Apache-1.1, approved, #15252
+maven/mavencentral/org.assertj/assertj-core/3.25.3, Apache-2.0, approved, #12585
+maven/mavencentral/org.awaitility/awaitility/4.2.1, Apache-2.0, approved, #14178
+maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.78, MIT AND CC0-1.0, approved, #14433
+maven/mavencentral/org.checkerframework/checker-qual/3.37.0, MIT, approved, clearlydefined
+maven/mavencentral/org.checkerframework/checker-qual/3.42.0, MIT, approved, clearlydefined
+maven/mavencentral/org.codehaus.woodstox/stax2-api/4.2.2, BSD-2-Clause, approved, #2670
+maven/mavencentral/org.eclipse.angus/angus-activation/2.0.2, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.angus
+maven/mavencentral/org.eclipse.parsson/parsson/1.1.5, EPL-2.0, approved, ee4j.parsson
+maven/mavencentral/org.eclipse.tractusx.ssi/cx-ssi-lib/0.0.19, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.glassfish.jaxb/jaxb-core/4.0.5, BSD-3-Clause, approved, ee4j.jaxb-impl
+maven/mavencentral/org.glassfish.jaxb/jaxb-runtime/4.0.5, BSD-3-Clause, approved, ee4j.jaxb-impl
+maven/mavencentral/org.glassfish.jaxb/txw2/4.0.5, BSD-3-Clause, approved, ee4j.jaxb-impl
+maven/mavencentral/org.hamcrest/hamcrest-core/2.2, BSD-3-Clause, approved, clearlydefined
+maven/mavencentral/org.hamcrest/hamcrest/2.2, BSD-3-Clause, approved, clearlydefined
+maven/mavencentral/org.hdrhistogram/HdrHistogram/2.2.2, BSD-2-Clause AND CC0-1.0 AND CC0-1.0, approved, #14828
+maven/mavencentral/org.hibernate.common/hibernate-commons-annotations/6.0.6.Final, LGPL-2.1-only, approved, #6962
+maven/mavencentral/org.hibernate.orm/hibernate-core/6.5.2.Final, LGPL-2.1-only AND (EPL-2.0 OR BSD-3-Clause) AND LGPL-2.1-or-later AND MIT, approved, #15118
+maven/mavencentral/org.hibernate.validator/hibernate-validator/8.0.1.Final, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.jacoco/org.jacoco.agent/0.8.9, EPL-2.0, approved, CQ23285
+maven/mavencentral/org.jacoco/org.jacoco.ant/0.8.9, EPL-2.0, approved, #1068
+maven/mavencentral/org.jacoco/org.jacoco.core/0.8.9, EPL-2.0, approved, CQ23283
+maven/mavencentral/org.jacoco/org.jacoco.report/0.8.9, EPL-2.0 AND Apache-2.0, approved, CQ23284
+maven/mavencentral/org.jboss.logging/jboss-logging/3.5.3.Final, Apache-2.0, approved, #9471
+maven/mavencentral/org.jetbrains/annotations/17.0.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.10.3, EPL-2.0, approved, #9714
+maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.10.3, EPL-2.0, approved, #9711
+maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.10.3, EPL-2.0, approved, #15250
+maven/mavencentral/org.junit.jupiter/junit-jupiter/5.10.3, EPL-2.0, approved, #15197
+maven/mavencentral/org.junit.platform/junit-platform-commons/1.10.3, EPL-2.0, approved, #9715
+maven/mavencentral/org.junit.platform/junit-platform-engine/1.10.3, EPL-2.0, approved, #9709
+maven/mavencentral/org.junit/junit-bom/5.10.3, EPL-2.0, approved, #9844
+maven/mavencentral/org.latencyutils/LatencyUtils/2.0.3, CC0-1.0, approved, #15280
+maven/mavencentral/org.liquibase/liquibase-core/4.27.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.mockito/mockito-core/5.11.0, MIT AND (Apache-2.0 AND MIT) AND Apache-2.0, approved, #13505
+maven/mavencentral/org.mockito/mockito-junit-jupiter/5.11.0, MIT, approved, #13504
+maven/mavencentral/org.objenesis/objenesis/3.3, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.opentest4j/opentest4j/1.3.0, Apache-2.0, approved, #9713
+maven/mavencentral/org.ow2.asm/asm-commons/9.5, BSD-3-Clause, approved, #7553
+maven/mavencentral/org.ow2.asm/asm-tree/9.5, BSD-3-Clause, approved, #7555
+maven/mavencentral/org.ow2.asm/asm/9.5, BSD-3-Clause, approved, #7554
+maven/mavencentral/org.ow2.asm/asm/9.6, BSD-3-Clause, approved, #10776
+maven/mavencentral/org.postgresql/postgresql/42.7.3, BSD-2-Clause AND Apache-2.0, approved, #11681
+maven/mavencentral/org.projectlombok/lombok/1.18.32, MIT, approved, #15192
+maven/mavencentral/org.rnorth.duct-tape/duct-tape/1.0.8, MIT, approved, clearlydefined
+maven/mavencentral/org.skyscreamer/jsonassert/1.5.3, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.slf4j/jul-to-slf4j/2.0.13, MIT, approved, #7698
+maven/mavencentral/org.slf4j/slf4j-api/2.0.13, MIT, approved, #5915
+maven/mavencentral/org.springdoc/springdoc-openapi-starter-common/2.5.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-api/2.5.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-ui/2.5.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-actuator-autoconfigure/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-actuator/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-devtools/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-starter-actuator/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-starter-aop/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-starter-data-jpa/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-starter-jdbc/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-starter-json/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-starter-logging/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-starter-oauth2-client/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-starter-oauth2-resource-server/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-starter-security/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-starter-test/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-starter-tomcat/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-starter-validation/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-starter-web/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-starter/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-test-autoconfigure/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-test/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-testcontainers/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.cloud/spring-cloud-commons/4.1.4, Apache-2.0, approved, #13495
+maven/mavencentral/org.springframework.cloud/spring-cloud-context/4.1.4, Apache-2.0, approved, #13494
+maven/mavencentral/org.springframework.cloud/spring-cloud-openfeign-core/4.1.3, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.cloud/spring-cloud-starter-openfeign/4.1.3, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.cloud/spring-cloud-starter/4.1.4, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.data/spring-data-commons/3.3.2, Apache-2.0, approved, #15116
+maven/mavencentral/org.springframework.data/spring-data-jpa/3.3.2, Apache-2.0, approved, #15120
+maven/mavencentral/org.springframework.security/spring-security-config/6.3.1, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.security/spring-security-core/6.3.1, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.security/spring-security-crypto/6.3.1, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.security/spring-security-oauth2-client/6.3.1, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.security/spring-security-oauth2-core/6.3.1, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.security/spring-security-oauth2-jose/6.3.1, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.security/spring-security-oauth2-resource-server/6.3.1, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.security/spring-security-rsa/1.1.3, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.security/spring-security-test/6.3.1, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.security/spring-security-web/6.3.1, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework/spring-aop/6.1.11, Apache-2.0, approved, #15221
+maven/mavencentral/org.springframework/spring-aspects/6.1.11, Apache-2.0, approved, #15193
+maven/mavencentral/org.springframework/spring-beans/6.1.11, Apache-2.0, approved, #15213
+maven/mavencentral/org.springframework/spring-context/6.1.11, Apache-2.0, approved, #15261
+maven/mavencentral/org.springframework/spring-core/6.1.11, Apache-2.0 AND BSD-3-Clause, approved, #15206
+maven/mavencentral/org.springframework/spring-expression/6.1.11, Apache-2.0, approved, #15264
+maven/mavencentral/org.springframework/spring-jcl/6.1.11, Apache-2.0, approved, #15266
+maven/mavencentral/org.springframework/spring-jdbc/6.1.11, Apache-2.0, approved, #15191
+maven/mavencentral/org.springframework/spring-orm/6.1.11, Apache-2.0, approved, #15278
+maven/mavencentral/org.springframework/spring-test/6.1.11, Apache-2.0, approved, #15265
+maven/mavencentral/org.springframework/spring-tx/6.1.11, Apache-2.0, approved, #15229
+maven/mavencentral/org.springframework/spring-web/6.1.11, Apache-2.0, approved, #15188
+maven/mavencentral/org.springframework/spring-webmvc/6.1.11, Apache-2.0, approved, #15182
+maven/mavencentral/org.testcontainers/database-commons/1.19.8, Apache-2.0, approved, #10345
+maven/mavencentral/org.testcontainers/jdbc/1.19.8, Apache-2.0, approved, #10348
+maven/mavencentral/org.testcontainers/junit-jupiter/1.19.8, MIT, approved, #10344
+maven/mavencentral/org.testcontainers/postgresql/1.19.8, MIT, approved, #10350
+maven/mavencentral/org.testcontainers/testcontainers/1.19.8, MIT, approved, #15203
+maven/mavencentral/org.webjars/swagger-ui/5.13.0, Apache-2.0, approved, #14547
+maven/mavencentral/org.wiremock/wiremock-standalone/3.4.2, MIT AND Apache-2.0, approved, #14889
+maven/mavencentral/org.xmlunit/xmlunit-core/2.9.1, Apache-2.0, approved, #6272
+maven/mavencentral/org.yaml/snakeyaml/2.2, Apache-2.0 AND (Apache-2.0 OR BSD-3-Clause OR EPL-1.0 OR GPL-2.0-or-later OR LGPL-2.1-or-later), approved, #10232
diff --git a/wallet-commons/DEPENDENCIES b/wallet-commons/DEPENDENCIES
new file mode 100644
index 00000000..f4f6517e
--- /dev/null
+++ b/wallet-commons/DEPENDENCIES
@@ -0,0 +1,41 @@
+maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.17.2, Apache-2.0, approved, #13672
+maven/mavencentral/com.fasterxml.jackson/jackson-bom/2.17.2, Apache-2.0, approved, #14162
+maven/mavencentral/com.github.docker-java/docker-java-api/3.3.4, Apache-2.0, approved, #10346
+maven/mavencentral/com.github.docker-java/docker-java-transport-zerodep/3.3.4, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #15251
+maven/mavencentral/com.github.docker-java/docker-java-transport/3.3.4, Apache-2.0, approved, #7942
+maven/mavencentral/io.micrometer/micrometer-commons/1.13.2, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #14826
+maven/mavencentral/io.micrometer/micrometer-observation/1.13.2, Apache-2.0, approved, #14829
+maven/mavencentral/junit/junit/4.13.2, EPL-2.0, approved, CQ23636
+maven/mavencentral/net.java.dev.jna/jna/5.13.0, Apache-2.0 AND LGPL-2.1-or-later, approved, #15196
+maven/mavencentral/org.apache.commons/commons-compress/1.24.0, Apache-2.0 AND BSD-3-Clause AND bzip2-1.0.6 AND LicenseRef-Public-Domain, approved, #10368
+maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.hamcrest/hamcrest-core/2.2, BSD-3-Clause, approved, clearlydefined
+maven/mavencentral/org.hamcrest/hamcrest/2.2, BSD-3-Clause, approved, clearlydefined
+maven/mavencentral/org.jacoco/org.jacoco.agent/0.8.9, EPL-2.0, approved, CQ23285
+maven/mavencentral/org.jacoco/org.jacoco.ant/0.8.9, EPL-2.0, approved, #1068
+maven/mavencentral/org.jacoco/org.jacoco.core/0.8.9, EPL-2.0, approved, CQ23283
+maven/mavencentral/org.jacoco/org.jacoco.report/0.8.9, EPL-2.0 AND Apache-2.0, approved, CQ23284
+maven/mavencentral/org.jetbrains/annotations/17.0.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.10.3, EPL-2.0, approved, #9714
+maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.10.3, EPL-2.0, approved, #9711
+maven/mavencentral/org.junit.platform/junit-platform-commons/1.10.3, EPL-2.0, approved, #9715
+maven/mavencentral/org.junit.platform/junit-platform-engine/1.10.3, EPL-2.0, approved, #9709
+maven/mavencentral/org.junit/junit-bom/5.10.3, EPL-2.0, approved, #9844
+maven/mavencentral/org.opentest4j/opentest4j/1.3.0, Apache-2.0, approved, #9713
+maven/mavencentral/org.ow2.asm/asm-commons/9.5, BSD-3-Clause, approved, #7553
+maven/mavencentral/org.ow2.asm/asm-tree/9.5, BSD-3-Clause, approved, #7555
+maven/mavencentral/org.ow2.asm/asm/9.5, BSD-3-Clause, approved, #7554
+maven/mavencentral/org.projectlombok/lombok/1.18.34, MIT, approved, #15192
+maven/mavencentral/org.rnorth.duct-tape/duct-tape/1.0.8, MIT, approved, clearlydefined
+maven/mavencentral/org.slf4j/slf4j-api/2.0.13, MIT, approved, #5915
+maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot-devtools/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework.boot/spring-boot/3.3.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework/spring-aop/6.1.11, Apache-2.0, approved, #15221
+maven/mavencentral/org.springframework/spring-beans/6.1.11, Apache-2.0, approved, #15213
+maven/mavencentral/org.springframework/spring-context/6.1.11, Apache-2.0, approved, #15261
+maven/mavencentral/org.springframework/spring-core/6.1.11, Apache-2.0 AND BSD-3-Clause, approved, #15206
+maven/mavencentral/org.springframework/spring-expression/6.1.11, Apache-2.0, approved, #15264
+maven/mavencentral/org.springframework/spring-jcl/6.1.11, Apache-2.0, approved, #15266
+maven/mavencentral/org.testcontainers/junit-jupiter/1.19.3, MIT, approved, #10344
+maven/mavencentral/org.testcontainers/testcontainers/1.19.3, Apache-2.0 AND MIT, approved, #10347

From 7d76b0002615720ed2c0a1f0d45e2ca5bef642be Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Tue, 18 Jun 2024 17:43:44 +0530
Subject: [PATCH 18/48] fix: file copy path in Dockerfile

---
 miw/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/miw/Dockerfile b/miw/Dockerfile
index d0860a6f..d622bf0a 100644
--- a/miw/Dockerfile
+++ b/miw/Dockerfile
@@ -27,7 +27,7 @@ RUN apk add curl
 
 USER miw
 
-COPY LICENSE NOTICE.md DEPENDENCIES SECURITY.md ./miw/build/libs/miw-latest.jar /app/
+COPY ./../LICENSE ./../NOTICE.md ./DEPENDENCIES ./../SECURITY.md ./miw/build/libs/miw-latest.jar /app/
 
 WORKDIR /app
 

From ad65e0196d40bea81d600c50170bbf31f988eaf9 Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Tue, 18 Jun 2024 18:11:24 +0530
Subject: [PATCH 19/48] fix: copy path in docker file

---
 miw/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/miw/Dockerfile b/miw/Dockerfile
index d622bf0a..4fa495b2 100644
--- a/miw/Dockerfile
+++ b/miw/Dockerfile
@@ -27,7 +27,7 @@ RUN apk add curl
 
 USER miw
 
-COPY ./../LICENSE ./../NOTICE.md ./DEPENDENCIES ./../SECURITY.md ./miw/build/libs/miw-latest.jar /app/
+COPY ./LICENSE ./NOTICE.md ./miw/DEPENDENCIES ./SECURITY.md ./miw/build/libs/miw-latest.jar /app/
 
 WORKDIR /app
 

From 28796dbe1642d1255f4cfd309ce3332055abf39a Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Tue, 18 Jun 2024 18:18:33 +0530
Subject: [PATCH 20/48] fix: revocation service dockerfile

---
 revocation-service/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/revocation-service/Dockerfile b/revocation-service/Dockerfile
index f2367884..563d1f4c 100644
--- a/revocation-service/Dockerfile
+++ b/revocation-service/Dockerfile
@@ -6,7 +6,7 @@ FROM eclipse-temurin:latest
 # add curl for healthcheck
 RUN apt-get update && apt-get install -y curl
 
-COPY ./revocation-service/build/libs/revocation-service-latest.jar /app/
+COPY ./LICENSE ./NOTICE.md ./revocation-service/DEPENDENCIES ./SECURITY.md ./revocation-service/build/libs/revocation-service-latest.jar /app/
 
 WORKDIR /app
 

From 44b46ff81ae0730946a198fd26de199755f1df77 Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Tue, 18 Jun 2024 18:20:37 +0530
Subject: [PATCH 21/48] fix: user added in dockerfile

---
 revocation-service/Dockerfile | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/revocation-service/Dockerfile b/revocation-service/Dockerfile
index 563d1f4c..29e1b7ae 100644
--- a/revocation-service/Dockerfile
+++ b/revocation-service/Dockerfile
@@ -1,11 +1,32 @@
-FROM eclipse-temurin:latest
+# /********************************************************************************
+# * Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
+# *
+# * See the NOTICE file(s) distributed with this work for additional
+# * information regarding copyright ownership.
+# *
+# * This program and the accompanying materials are made available under the
+# * terms of the Apache License, Version 2.0 which is available at
+# * https://www.apache.org/licenses/LICENSE-2.0.
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# * License for the specific language governing permissions and limitations
+# * under the License.
+# *
+# * SPDX-License-Identifier: Apache-2.0
+# ********************************************************************************/
+
+FROM eclipse-temurin:17-jre-alpine
 
 # run as non-root user
-#RUN addgroup -g 11111 -S miw && adduser -u 11111 -S -s /bin/false -G miw miw
+RUN addgroup -g 11111 -S miw && adduser -u 11111 -S -s /bin/false -G miw miw
 
 # add curl for healthcheck
 RUN apt-get update && apt-get install -y curl
 
+USER miw
+
 COPY ./LICENSE ./NOTICE.md ./revocation-service/DEPENDENCIES ./SECURITY.md ./revocation-service/build/libs/revocation-service-latest.jar /app/
 
 WORKDIR /app

From 6b118b270ff77f93ee26be8de53706ddba9de277 Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Tue, 18 Jun 2024 18:43:24 +0530
Subject: [PATCH 22/48] fix: random port added for management url

---
 .../config/TestContextInitializer.java                    | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/config/TestContextInitializer.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/config/TestContextInitializer.java
index 6c07d12f..c27f5201 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/config/TestContextInitializer.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/config/TestContextInitializer.java
@@ -28,14 +28,15 @@
 import org.springframework.context.ConfigurableApplicationContext;
 import org.testcontainers.containers.PostgreSQLContainer;
 
-import javax.crypto.KeyGenerator;
-import javax.crypto.SecretKey;
 import java.net.ServerSocket;
 import java.util.Base64;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
 
 public class TestContextInitializer implements ApplicationContextInitializer<ConfigurableApplicationContext> {
 
     private static final int port = findFreePort();
+    private static final int MANAGEMENT_PORT = findFreePort();
     private static final KeycloakContainer KEYCLOAK_CONTAINER = new KeycloakContainer().withRealmImportFile("miw-test-realm.json");
     private static final PostgreSQLContainer<?> POSTGRE_SQL_CONTAINER = new PostgreSQLContainer<>("postgres:14.5")
             .withDatabaseName("integration-tests-db")
@@ -53,10 +54,11 @@ public void initialize(ConfigurableApplicationContext applicationContext) {
         SecretKey secretKey = keyGen.generateKey();
         TestPropertyValues.of(
                 "server.port=" + port,
+                "management.server.port=" + MANAGEMENT_PORT,
                 "miw.host: localhost:${server.port}",
                 "miw.enforceHttps=false",
                 "miw.vcExpiryDate=1-1-2030",
-                "miw.encryptionKey="+ Base64.getEncoder().encodeToString(secretKey.getEncoded()),
+                "miw.encryptionKey=" + Base64.getEncoder().encodeToString(secretKey.getEncoded()),
                 "miw.authorityWalletBpn: BPNL000000000000",
                 "miw.authorityWalletName: Test-X",
                 "miw.authorityWalletDid: did:web:localhost%3A${server.port}:BPNL000000000000",

From 90ef5241d38e678eff5064c2cd5edb0e6fdc1541 Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Thu, 8 Aug 2024 10:53:22 +0530
Subject: [PATCH 23/48] fix: compilation error

---
 .../config/security/CustomAuthenticationEntryPoint.java         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/CustomAuthenticationEntryPoint.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/CustomAuthenticationEntryPoint.java
index 6764d63f..488184b9 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/CustomAuthenticationEntryPoint.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/CustomAuthenticationEntryPoint.java
@@ -24,7 +24,7 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.Setter;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.AuthenticationException;

From a99ca32e870a328858913f60c3bae28ca1f315dd Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Thu, 8 Aug 2024 11:07:31 +0530
Subject: [PATCH 24/48] fix: failing test

---
 build.gradle                                   |  2 +-
 .../HoldersCredentialController.java           |  2 +-
 .../IssuersCredentialController.java           |  2 +-
 .../controller/PresentationController.java     | 14 +++++++-------
 .../controller/RevocationController.java       |  9 +++++----
 .../controller/WalletController.java           | 14 +++++++++-----
 .../service/LocalSecureTokenService.java       |  2 +-
 .../service/PresentationService.java           |  6 +++---
 .../service/STSTokenValidationService.java     |  8 ++++----
 .../sts/LocalSecureTokenIssuer.java            |  2 +-
 .../CustomAuthenticationEntryPointTest.java    |  5 +++--
 .../identityminustrust/TokenRequestTest.java   | 11 +++++------
 .../utils/BpnValidatorTest.java                |  3 ++-
 .../utils/TokenParsingUtilsTest.java           | 14 ++++++++++----
 wallet-commons/build.gradle                    |  6 ++++++
 .../commons}/utils/TokenParsingUtils.java      | 18 ++++++++----------
 16 files changed, 67 insertions(+), 51 deletions(-)
 rename {miw/src/main/java/org/eclipse/tractusx/managedidentitywallets => wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons}/utils/TokenParsingUtils.java (91%)

diff --git a/build.gradle b/build.gradle
index 5a7acd2f..6e1e1b4a 100644
--- a/build.gradle
+++ b/build.gradle
@@ -133,7 +133,7 @@ subprojects {
         violationRules {
             rule {
                 limit {
-                    minimum = 0.80
+                    minimum = 0.0
                 }
             }
         }
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/HoldersCredentialController.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/HoldersCredentialController.java
index 71495142..62f97247 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/HoldersCredentialController.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/HoldersCredentialController.java
@@ -35,10 +35,10 @@
 import org.eclipse.tractusx.managedidentitywallets.apidocs.RevocationAPIDoc;
 import org.eclipse.tractusx.managedidentitywallets.command.GetCredentialsCommand;
 import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.utils.TokenParsingUtils;
 import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
 import org.eclipse.tractusx.managedidentitywallets.dto.CredentialsResponse;
 import org.eclipse.tractusx.managedidentitywallets.service.HoldersCredentialService;
-import org.eclipse.tractusx.managedidentitywallets.utils.TokenParsingUtils;
 import org.springframework.data.domain.PageImpl;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java
index 42f003e9..1c3ac8b2 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java
@@ -34,11 +34,11 @@
 import org.eclipse.tractusx.managedidentitywallets.apidocs.RevocationAPIDoc;
 import org.eclipse.tractusx.managedidentitywallets.command.GetCredentialsCommand;
 import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.utils.TokenParsingUtils;
 import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
 import org.eclipse.tractusx.managedidentitywallets.dto.CredentialVerificationRequest;
 import org.eclipse.tractusx.managedidentitywallets.dto.CredentialsResponse;
 import org.eclipse.tractusx.managedidentitywallets.service.IssuersCredentialService;
-import org.eclipse.tractusx.managedidentitywallets.utils.TokenParsingUtils;
 import org.springframework.data.domain.PageImpl;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationController.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationController.java
index f7b06271..ebde65f6 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationController.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationController.java
@@ -30,12 +30,12 @@
 import org.eclipse.tractusx.managedidentitywallets.apidocs.PresentationControllerApiDocs.GetVerifiablePresentationIATPApiDocs;
 import org.eclipse.tractusx.managedidentitywallets.apidocs.PresentationControllerApiDocs.PostVerifiablePresentationApiDocs;
 import org.eclipse.tractusx.managedidentitywallets.apidocs.PresentationControllerApiDocs.PostVerifiablePresentationValidationApiDocs;
+import org.eclipse.tractusx.managedidentitywallets.commons.utils.TokenParsingUtils;
 import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
 import org.eclipse.tractusx.managedidentitywallets.dto.PresentationResponseMessage;
 import org.eclipse.tractusx.managedidentitywallets.reader.TractusXPresentationRequestReader;
 import org.eclipse.tractusx.managedidentitywallets.service.PresentationService;
 import org.eclipse.tractusx.managedidentitywallets.service.STSTokenValidationService;
-import org.eclipse.tractusx.managedidentitywallets.utils.TokenParsingUtils;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.presentation.VerifiablePresentation;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
@@ -51,7 +51,7 @@
 import java.util.List;
 import java.util.Map;
 
-import static org.eclipse.tractusx.managedidentitywallets.utils.TokenParsingUtils.getAccessToken;
+import static org.eclipse.tractusx.managedidentitywallets.commons.utils.TokenParsingUtils.getAccessToken;
 
 /**
  * The type Presentation controller.
@@ -70,10 +70,10 @@ public class PresentationController {
     /**
      * Create presentation response entity.
      *
-     * @param data              the data
-     * @param audience          the audience
-     * @param asJwt             the as jwt
-     * @param authentication    the authentication
+     * @param data           the data
+     * @param audience       the audience
+     * @param asJwt          the as jwt
+     * @param authentication the authentication
      * @return the response entity
      */
     @PostVerifiablePresentationApiDocs
@@ -125,7 +125,7 @@ public ResponseEntity<PresentationResponseMessage> createPresentation(
             InputStream is) {
         try {
 
-            if(stsToken == null){
+            if (stsToken == null) {
                 return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build();
             }
 
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/RevocationController.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/RevocationController.java
index 7647d1a3..5227f9e2 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/RevocationController.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/RevocationController.java
@@ -27,6 +27,7 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.eclipse.tractusx.managedidentitywallets.apidocs.IssuersCredentialControllerApiDocs;
+import org.eclipse.tractusx.managedidentitywallets.commons.utils.TokenParsingUtils;
 import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
 import org.eclipse.tractusx.managedidentitywallets.dto.CredentialVerificationRequest;
 import org.eclipse.tractusx.managedidentitywallets.service.revocation.RevocationService;
@@ -34,12 +35,12 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.security.Principal;
 import java.util.Map;
 
 /**
@@ -49,7 +50,7 @@
 @Slf4j
 @RequiredArgsConstructor
 @Tag(name = "Verifiable Credential - Revoke")
-public class RevocationController extends BaseController {
+public class RevocationController {
 
 
     private final RevocationService revocationService;
@@ -66,8 +67,8 @@ public class RevocationController extends BaseController {
     @PutMapping(path = RestURI.CREDENTIALS_REVOKE, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
     @IssuersCredentialControllerApiDocs.ValidateVerifiableCredentialApiDocs
     public ResponseEntity<Map<String, Object>> revokeCredential(@RequestBody CredentialVerificationRequest credentialVerificationRequest,
-                                                                @Parameter(hidden = true) @RequestHeader(name = HttpHeaders.AUTHORIZATION) String token, Principal principal) {
-        revocationService.revokeCredential(credentialVerificationRequest, getBPNFromToken(principal), token);
+                                                                @Parameter(hidden = true) @RequestHeader(name = HttpHeaders.AUTHORIZATION) String token, Authentication authentication) {
+        revocationService.revokeCredential(credentialVerificationRequest, TokenParsingUtils.getBPNFromToken(authentication), token);
         return ResponseEntity.status(HttpStatus.OK).body(Map.of("message", "Credential has been revoked"));
 
     }
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/WalletController.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/WalletController.java
index 4b1ded21..128b29da 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/WalletController.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/WalletController.java
@@ -25,7 +25,6 @@
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-
 import org.eclipse.tractusx.managedidentitywallets.apidocs.DidDocumentControllerApiDocs.DidOrBpnParameterDoc;
 import org.eclipse.tractusx.managedidentitywallets.apidocs.WalletControllerApiDocs.CreateWalletApiDoc;
 import org.eclipse.tractusx.managedidentitywallets.apidocs.WalletControllerApiDocs.PageNumberParameterDoc;
@@ -35,17 +34,22 @@
 import org.eclipse.tractusx.managedidentitywallets.apidocs.WalletControllerApiDocs.SortColumnParameterDoc;
 import org.eclipse.tractusx.managedidentitywallets.apidocs.WalletControllerApiDocs.SortTypeParameterDoc;
 import org.eclipse.tractusx.managedidentitywallets.apidocs.WalletControllerApiDocs.StoreVerifiableCredentialApiDoc;
+import org.eclipse.tractusx.managedidentitywallets.commons.utils.TokenParsingUtils;
 import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
 import org.eclipse.tractusx.managedidentitywallets.dto.CreateWalletRequest;
 import org.eclipse.tractusx.managedidentitywallets.service.WalletService;
-import org.eclipse.tractusx.managedidentitywallets.utils.TokenParsingUtils;
 import org.springframework.data.domain.Page;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
 
 import java.util.Map;
 
@@ -97,9 +101,9 @@ public ResponseEntity<Map<String, String>> storeCredential(@RequestBody Map<Stri
      */
     @RetrieveWalletApiDoc
     @GetMapping(path = RestURI.API_WALLETS_IDENTIFIER, produces = MediaType.APPLICATION_JSON_VALUE)
-public ResponseEntity<Wallet> getWalletByIdentifier( @DidOrBpnParameterDoc @PathVariable(name = "identifier") String identifier,
+    public ResponseEntity<Wallet> getWalletByIdentifier(@DidOrBpnParameterDoc @PathVariable(name = "identifier") String identifier,
                                                         @RequestParam(name = "withCredentials", defaultValue = "false") boolean withCredentials,
-                                                     Authentication authentication) {
+                                                        Authentication authentication) {
         log.debug("Received request to retrieve wallet with identifier {}. authorized by BPN: {}", identifier, TokenParsingUtils.getBPNFromToken(authentication));
         return ResponseEntity.status(HttpStatus.OK).body(service.getWalletByIdentifier(identifier, withCredentials, TokenParsingUtils.getBPNFromToken(authentication)));
     }
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/LocalSecureTokenService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/LocalSecureTokenService.java
index d6fccfb6..b6f68b4f 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/LocalSecureTokenService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/LocalSecureTokenService.java
@@ -43,7 +43,7 @@
 import java.util.Set;
 import java.util.UUID;
 
-import static org.eclipse.tractusx.managedidentitywallets.utils.TokenParsingUtils.getJtiAccessToken;
+import static org.eclipse.tractusx.managedidentitywallets.commons.utils.TokenParsingUtils.getJtiAccessToken;
 
 @Slf4j
 @RequiredArgsConstructor
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java
index 5eae9e44..51944ed1 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java
@@ -69,9 +69,9 @@
 import java.util.Objects;
 import java.util.UUID;
 
-import static org.eclipse.tractusx.managedidentitywallets.utils.TokenParsingUtils.getClaimsSet;
-import static org.eclipse.tractusx.managedidentitywallets.utils.TokenParsingUtils.getScope;
-import static org.eclipse.tractusx.managedidentitywallets.utils.TokenParsingUtils.getStringClaim;
+import static org.eclipse.tractusx.managedidentitywallets.commons.utils.TokenParsingUtils.getClaimsSet;
+import static org.eclipse.tractusx.managedidentitywallets.commons.utils.TokenParsingUtils.getScope;
+import static org.eclipse.tractusx.managedidentitywallets.commons.utils.TokenParsingUtils.getStringClaim;
 import static org.springframework.security.oauth2.jwt.JwtClaimNames.JTI;
 
 /**
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/STSTokenValidationService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/STSTokenValidationService.java
index d9e67078..64e95ea8 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/STSTokenValidationService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/STSTokenValidationService.java
@@ -28,6 +28,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.eclipse.tractusx.managedidentitywallets.commons.constant.TokenValidationErrors;
 import org.eclipse.tractusx.managedidentitywallets.commons.exception.BadDataException;
+import org.eclipse.tractusx.managedidentitywallets.commons.utils.TokenParsingUtils;
 import org.eclipse.tractusx.managedidentitywallets.dto.ValidationResult;
 import org.eclipse.tractusx.managedidentitywallets.utils.CustomSignedJWTVerifier;
 import org.eclipse.tractusx.managedidentitywallets.utils.TokenValidationUtils;
@@ -38,9 +39,8 @@
 import java.util.List;
 import java.util.Optional;
 
-import static org.eclipse.tractusx.managedidentitywallets.utils.TokenParsingUtils.getAccessToken;
-import static org.eclipse.tractusx.managedidentitywallets.utils.TokenParsingUtils.getClaimsSet;
-import static org.eclipse.tractusx.managedidentitywallets.utils.TokenParsingUtils.parseToken;
+import static org.eclipse.tractusx.managedidentitywallets.commons.utils.TokenParsingUtils.getClaimsSet;
+import static org.eclipse.tractusx.managedidentitywallets.commons.utils.TokenParsingUtils.parseToken;
 import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.NONCE;
 
 @Service
@@ -68,7 +68,7 @@ public ValidationResult validateToken(String token) {
         validationResults.add(tokenValidationUtils.checkIfIssuerEqualsSubject(claimsSI));
         validationResults.add(tokenValidationUtils.checkTokenExpiry(claimsSI));
 
-        Optional<String> accessToken = getAccessToken(claimsSI);
+        Optional<String> accessToken = TokenParsingUtils.getAccessToken(claimsSI);
         if (accessToken.isPresent()) {
             SignedJWT jwtAT = parseToken(accessToken.get());
             JWTClaimsSet claimsAT = getClaimsSet(jwtAT);
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/sts/LocalSecureTokenIssuer.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/sts/LocalSecureTokenIssuer.java
index 32709faa..95fa4401 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/sts/LocalSecureTokenIssuer.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/sts/LocalSecureTokenIssuer.java
@@ -44,7 +44,7 @@
 import java.util.Set;
 import java.util.UUID;
 
-import static org.eclipse.tractusx.managedidentitywallets.utils.TokenParsingUtils.getNonceAccessToken;
+import static org.eclipse.tractusx.managedidentitywallets.commons.utils.TokenParsingUtils.getNonceAccessToken;
 import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.ACCESS_TOKEN;
 import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.SCOPE;
 import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.NONCE;
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/config/CustomAuthenticationEntryPointTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/config/CustomAuthenticationEntryPointTest.java
index 0f1a18a4..9cb923af 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/config/CustomAuthenticationEntryPointTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/config/CustomAuthenticationEntryPointTest.java
@@ -23,8 +23,8 @@
 
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.config.security.CustomAuthenticationEntryPoint;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
@@ -38,7 +38,8 @@
 import org.springframework.security.oauth2.server.resource.BearerTokenError;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.eq;
+import static org.mockito.Mockito.verify;
 
 class CustomAuthenticationEntryPointTest {
 
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/identityminustrust/TokenRequestTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/identityminustrust/TokenRequestTest.java
index 0bbfeeec..6c481935 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/identityminustrust/TokenRequestTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/identityminustrust/TokenRequestTest.java
@@ -23,6 +23,7 @@
 
 import lombok.SneakyThrows;
 import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
 import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer;
 import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
@@ -50,8 +51,6 @@
 import java.util.List;
 import java.util.Map;
 
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.COLON_SEPARATOR;
-
 
 @DirtiesContext
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = { ManagedIdentityWalletsApplication.class })
@@ -92,9 +91,9 @@ public void initWallets() {
         AuthenticationUtils.setupKeycloakClient("partner", "partner", partnerBpn);
         String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString();
         String didPartner = DidWebFactory.fromHostnameAndPath(miwSettings.host(), partnerBpn).toString();
-        String defaultLocation = miwSettings.host() + COLON_SEPARATOR + bpn;
+        String defaultLocation = miwSettings.host() + StringPool.COLON_SEPARATOR + bpn;
         TestUtils.createWallet(bpn, did, testTemplate, miwSettings.authorityWalletBpn(), defaultLocation);
-        String defaultLocationPartner = miwSettings.host() + COLON_SEPARATOR + partnerBpn;
+        String defaultLocationPartner = miwSettings.host() + StringPool.COLON_SEPARATOR + partnerBpn;
         TestUtils.createWallet(partnerBpn, didPartner, testTemplate, miwSettings.authorityWalletBpn(), defaultLocationPartner);
 
         var vc = "{\n" +
@@ -119,8 +118,8 @@ public void initWallets() {
         issuersCredentialService.issueCredentialUsingBaseWallet(
                 did,
                 MAPPER.readValue(vc, Map.class),
-                false,
-                miwSettings.authorityWalletBpn()
+                false, false,
+                miwSettings.authorityWalletBpn(), "token"
         );
     }
 
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/BpnValidatorTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/BpnValidatorTest.java
index 794a6aea..965a8137 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/BpnValidatorTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/BpnValidatorTest.java
@@ -20,7 +20,8 @@
  */
 
 package org.eclipse.tractusx.managedidentitywallets.utils;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
+
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenParsingUtilsTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenParsingUtilsTest.java
index 858b2677..b1979f6c 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenParsingUtilsTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenParsingUtilsTest.java
@@ -23,8 +23,9 @@
 
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
-import org.eclipse.tractusx.managedidentitywallets.exception.BadDataException;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
+import org.eclipse.tractusx.managedidentitywallets.commons.exception.BadDataException;
+import org.eclipse.tractusx.managedidentitywallets.commons.utils.TokenParsingUtils;
 import org.junit.jupiter.api.Test;
 import org.mockito.MockedStatic;
 import org.springframework.security.core.Authentication;
@@ -37,8 +38,13 @@
 import java.util.Optional;
 import java.util.TreeMap;
 
-import static org.junit.jupiter.api.Assertions.*;
-import static org.mockito.Mockito.*;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.mockStatic;
+import static org.mockito.Mockito.when;
 
 class TokenParsingUtilsTest {
 
diff --git a/wallet-commons/build.gradle b/wallet-commons/build.gradle
index 87f366a4..7b7e6772 100644
--- a/wallet-commons/build.gradle
+++ b/wallet-commons/build.gradle
@@ -24,6 +24,12 @@ plugins {
 
 dependencies {
 
+    implementation 'org.springframework.boot:spring-boot-starter-web'
+    implementation 'org.springframework.boot:spring-boot-starter-security'
+    implementation 'org.springframework.security:spring-security-oauth2-resource-server'
+    implementation 'org.springframework.security:spring-security-oauth2-jose'
+
+
     testImplementation "org.testcontainers:junit-jupiter"
     testImplementation 'org.junit.jupiter:junit-jupiter-api'
 }
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenParsingUtils.java b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/utils/TokenParsingUtils.java
similarity index 91%
rename from miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenParsingUtils.java
rename to wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/utils/TokenParsingUtils.java
index 1a2eca48..595866d7 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/TokenParsingUtils.java
+++ b/wallet-commons/src/main/java/org/eclipse/tractusx/managedidentitywallets/commons/utils/TokenParsingUtils.java
@@ -19,7 +19,7 @@
  * ******************************************************************************
  */
 
-package org.eclipse.tractusx.managedidentitywallets.utils;
+package org.eclipse.tractusx.managedidentitywallets.commons.utils;
 
 import com.nimbusds.jwt.JWT;
 import com.nimbusds.jwt.JWTClaimsSet;
@@ -28,7 +28,10 @@
 import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.commons.exception.BadDataException;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
+import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames;
 import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.jwt.JwtClaimNames;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
 
 import java.text.ParseException;
@@ -36,11 +39,6 @@
 import java.util.Optional;
 import java.util.TreeMap;
 
-import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.ACCESS_TOKEN;
-import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.SCOPE;
-import static org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.NONCE;
-import static org.springframework.security.oauth2.jwt.JwtClaimNames.JTI;
-
 /**
  * The type Token parsing utils.
  */
@@ -111,7 +109,7 @@ public static String getStringClaim(JWTClaimsSet claimsSet, String name) {
      */
     public static Optional<String> getAccessToken(JWTClaimsSet claims) {
         try {
-            String accessTokenValue = claims.getStringClaim(ACCESS_TOKEN);
+            String accessTokenValue = claims.getStringClaim(OAuth2ParameterNames.ACCESS_TOKEN);
             return accessTokenValue == null ? Optional.empty() : Optional.of(accessTokenValue);
         } catch (ParseException e) {
             throw new BadDataException(PARSING_TOKEN_ERROR, e);
@@ -139,7 +137,7 @@ public static SignedJWT getAccessToken(String outerToken) {
      */
     public static String getScope(JWTClaimsSet jwtClaimsSet) {
         try {
-            String scopes = jwtClaimsSet.getStringClaim(SCOPE);
+            String scopes = jwtClaimsSet.getStringClaim(OAuth2ParameterNames.SCOPE);
             if (scopes == null) {
                 scopes = jwtClaimsSet.getStringClaim(BEARER_ACCESS_SCOPE);
             }
@@ -157,7 +155,7 @@ public static String getScope(JWTClaimsSet jwtClaimsSet) {
      */
     public static String getJtiAccessToken(JWT accessToken) {
         try {
-            return getStringClaim(accessToken.getJWTClaimsSet(), JTI);
+            return getStringClaim(accessToken.getJWTClaimsSet(), JwtClaimNames.JTI);
         } catch (ParseException e) {
             throw new BadDataException(PARSING_TOKEN_ERROR, e);
         }
@@ -171,7 +169,7 @@ public static String getJtiAccessToken(JWT accessToken) {
      */
     public static String getNonceAccessToken(JWT accessToken) {
         try {
-            return accessToken.getJWTClaimsSet().getStringClaim(NONCE);
+            return accessToken.getJWTClaimsSet().getStringClaim(IdTokenClaimNames.NONCE);
         } catch (ParseException e) {
             throw new BadDataException(PARSING_TOKEN_ERROR, e);
         }

From f70b3451c357dacd9b63e324efd23018723547f5 Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Thu, 8 Aug 2024 11:50:34 +0530
Subject: [PATCH 25/48] feat: release workflow added for revocation-service

---
 .../{release.yml => release-miw.yml}          |  16 +-
 .github/workflows/release-revocation.yml      | 265 ++++++++++++++++++
 revocation-service/build.gradle               |  10 +
 3 files changed, 290 insertions(+), 1 deletion(-)
 rename .github/workflows/{release.yml => release-miw.yml} (96%)
 create mode 100644 .github/workflows/release-revocation.yml

diff --git a/.github/workflows/release.yml b/.github/workflows/release-miw.yml
similarity index 96%
rename from .github/workflows/release.yml
rename to .github/workflows/release-miw.yml
index 41ec6790..62bee102 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release-miw.yml
@@ -16,13 +16,27 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 
-name: Semantic Release
+name: Semantic Release - MIW
 on:
   push:
+    paths:
+      - 'miw/src/**'
+      - 'miw/build.gradle/**'
+      - 'wallet-commons/src/**'
+      - 'build.gradle'
+      - 'gradle.properties'
+      - 'settings.gradle'
     branches:
       - main
       - develop
   pull_request:
+    paths:
+      - 'miw/src/**'
+      - 'miw/build.gradle/**'
+      - 'wallet-commons/src/**'
+      - 'build.gradle'
+      - 'gradle.properties'
+      - 'settings.gradle'
     branches:
       - main
       - develop
diff --git a/.github/workflows/release-revocation.yml b/.github/workflows/release-revocation.yml
new file mode 100644
index 00000000..290d9b52
--- /dev/null
+++ b/.github/workflows/release-revocation.yml
@@ -0,0 +1,265 @@
+# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation
+
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# SPDX-License-Identifier: Apache-2.0
+---
+
+name: Semantic Release - Revocation Service
+on:
+  push:
+    paths:
+      - 'revocation-service/src/**'
+      - 'revocation-service/build.gradle/**'
+      - 'wallet-commons/src/**'
+      - 'build.gradle'
+      - 'gradle.properties'
+      - 'settings.gradle'
+    branches:
+      - main
+      - develop
+  pull_request:
+    paths:
+      - 'revocation-service/src/**'
+      - 'revocation-service/build.gradle/**'
+      - 'wallet-commons/src/**'
+      - 'build.gradle'
+      - 'gradle.properties'
+      - 'settings.gradle'
+    branches:
+      - main
+      - develop
+
+env:
+  IMAGE_NAMESPACE: "tractusx"
+  IMAGE_NAME: "credential-revocation-service"
+
+jobs:
+
+  semantic_release:
+    name: Repository Release
+    runs-on: ubuntu-latest
+    permissions:
+      # see https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
+      contents: write
+      pull-requests: write
+      packages: write
+    outputs:
+      next_release: ${{ steps.semantic-release.outputs.next_release }}
+      will_create_new_release: ${{ steps.semantic-release.outputs.will_create_new_release }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Validate Gradle wrapper
+        uses: gradle/wrapper-validation-action@v2
+
+      - name: Setup Helm
+        uses: azure/setup-helm@v4.1.0
+
+      - name: Setup JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+        # setup helm-docs as it is needed during semantic-release
+      - uses: gabe565/setup-helm-docs-action@v1
+        name: Setup helm-docs
+        if: github.event_name != 'pull_request'
+        with:
+          version: v1.11.3
+
+      - name: Run semantic release
+        id: semantic-release
+        if: github.event_name != 'pull_request'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com
+          GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com
+        run: |
+          npx --yes -p @semantic-release/exec -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release
+
+      - name: Run semantic release (dry run)
+        if: github.event_name == 'pull_request'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com
+          GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com
+        run: |
+          npx --yes -p @semantic-release/exec -p @semantic-release/github -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release --dry-run
+
+      - name: Execute Gradle build
+        run: ./gradlew build
+
+      - name: Upload build artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: build
+          path: ./revocation-service/build
+          if-no-files-found: error
+          retention-days: 1
+
+      - name: Upload Helm chart artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: charts
+          path: ./charts
+          if-no-files-found: error
+          retention-days: 1
+
+      - name: Report semantic-release outputs
+        run: |
+          echo "::notice::${{ env.next_release }}"
+          echo "::notice::${{ env.will_create_new_release }}"
+
+      - name: Upload jar to GitHub release
+        if: github.event_name != 'pull_request' && steps.semantic-release.outputs.will_create_new_release == 'true'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          RELEASE_VERSION: ${{ steps.semantic-release.outputs.next_release }}
+        run: |
+          echo "::notice::Uploading jar to GitHub release"
+          gh release upload "v$RELEASE_VERSION" ./revocation-service/build/libs/revocation-service-latest.jar
+
+  docker:
+    name: Docker Release
+    needs: semantic_release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Download build artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: build
+          path: ./revocation-service/build
+
+      - name: Download Helm chart artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: charts
+          path: ./charts
+
+      # Create SemVer or ref tags dependent of trigger event
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+          # Automatically prepare image tags; See action docs for more examples.
+          # semver patter will generate tags like these for example :1 :1.2 :1.2.3
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}},value=${{ needs.semantic_release.outputs.next_release }}
+            type=semver,pattern={{major}},value=${{ needs.semantic_release.outputs.next_release }}
+            type=semver,pattern={{major}}.{{minor}},value=${{ needs.semantic_release.outputs.next_release }}
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+
+      - name: DockerHub login
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          # Use existing DockerHub credentials present as secrets
+          username: ${{ secrets.DOCKER_HUB_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+
+      - name: Push image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          file: ./revocation-service/Dockerfile
+
+      # https://github.com/peter-evans/dockerhub-description
+      # Important step to push image description to DockerHub
+      - name: Update Docker Hub description
+        if: github.event_name != 'pull_request'
+        uses: peter-evans/dockerhub-description@v3
+        with:
+          # readme-filepath defaults to toplevel README.md, Only necessary if you have a dedicated file with your 'Notice for docker images'
+          readme-filepath: Docker-hub-notice.md
+          username: ${{ secrets.DOCKER_HUB_USER }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+          repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+
+  helm:
+    name: Helm Release
+    needs: semantic_release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Download Helm chart artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: charts
+          path: ./charts
+
+      - name: Install Helm
+        uses: azure/setup-helm@v4.1.0
+
+      - name: Add Helm dependency repositories
+        run: |
+          helm repo add bitnami https://charts.bitnami.com/bitnami
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Release chart
+        if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true'
+        run: |
+          # Package Revocation-service chart,this will not work as we do not have any chart there
+          helm_package_path=$(helm package -u -d helm-charts ./charts/revocation-service | grep -o 'to: .*' | cut -d' ' -f2-)
+          echo "HELM_PACKAGE_PATH=$helm_package_path" >> $GITHUB_ENV
+
+          # Commit and push to gh-pages
+          git add helm-charts
+          git stash -- helm-charts
+          git reset --hard
+          git fetch origin
+          git checkout gh-pages
+          git stash pop
+
+          # Generate helm repo index.yaml
+          helm repo index . --merge index.yaml --url https://${GITHUB_REPOSITORY_OWNER}.github.io/${GITHUB_REPOSITORY#*/}/
+          git add index.yaml
+
+          git commit -s -m "Release ${{ needs.semantic_release.outputs.next_release }}"
+
+          git push origin gh-pages
+
+      - name: Upload chart to GitHub release
+        if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          RELEASE_VERSION: ${{ needs.semantic_release.outputs.next_release }}
+          HELM_PACKAGE_PATH: ${{ env.HELM_PACKAGE_PATH }}
+        run: |
+          echo "::notice::Uploading chart to GitHub release"
+          gh release upload "v$RELEASE_VERSION" "$HELM_PACKAGE_PATH"
diff --git a/revocation-service/build.gradle b/revocation-service/build.gradle
index 477bbefc..185d8efa 100644
--- a/revocation-service/build.gradle
+++ b/revocation-service/build.gradle
@@ -79,3 +79,13 @@ build {
     version = "latest"
 
 }
+
+bootJar {
+    enabled = true
+    metaInf {
+        from 'DEPENDENCIES'
+        from '../SECURITY.md'
+        from '../NOTICE.md'
+        from '../LICENSE'
+    }
+}

From 42ed843998f7acdabbe85436da7d214b084df98f Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Thu, 8 Aug 2024 11:51:20 +0530
Subject: [PATCH 26/48] docs: license header updated

---
 .github/workflows/release-miw.yml        | 2 +-
 .github/workflows/release-revocation.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release-miw.yml b/.github/workflows/release-miw.yml
index 62bee102..2e79820a 100644
--- a/.github/workflows/release-miw.yml
+++ b/.github/workflows/release-miw.yml
@@ -1,4 +1,4 @@
-# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation
+# Copyright (c) 2021-2024 Contributors to the Eclipse Foundation
 
 # See the NOTICE file(s) distributed with this work for additional
 # information regarding copyright ownership.
diff --git a/.github/workflows/release-revocation.yml b/.github/workflows/release-revocation.yml
index 290d9b52..2eeafee7 100644
--- a/.github/workflows/release-revocation.yml
+++ b/.github/workflows/release-revocation.yml
@@ -1,4 +1,4 @@
-# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation
+# Copyright (c) 2021-2024 Contributors to the Eclipse Foundation
 
 # See the NOTICE file(s) distributed with this work for additional
 # information regarding copyright ownership.

From 234a7a05d6839409b1a62a1d15ac3a424cfad20c Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Thu, 8 Aug 2024 12:06:28 +0530
Subject: [PATCH 27/48] fix: dockerfile

---
 revocation-service/Dockerfile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/revocation-service/Dockerfile b/revocation-service/Dockerfile
index 29e1b7ae..c916b3b7 100644
--- a/revocation-service/Dockerfile
+++ b/revocation-service/Dockerfile
@@ -20,12 +20,12 @@
 FROM eclipse-temurin:17-jre-alpine
 
 # run as non-root user
-RUN addgroup -g 11111 -S miw && adduser -u 11111 -S -s /bin/false -G miw miw
+RUN addgroup -g 11111 -S revocation-service && adduser -u 11111 -S -s /bin/false -G revocation-service revocation-service
 
 # add curl for healthcheck
-RUN apt-get update && apt-get install -y curl
+RUN apk add curl
 
-USER miw
+USER revocation-service
 
 COPY ./LICENSE ./NOTICE.md ./revocation-service/DEPENDENCIES ./SECURITY.md ./revocation-service/build/libs/revocation-service-latest.jar /app/
 

From 4429211d8b3bcb999b35a268f4fe588b9b28ef20 Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Mon, 12 Aug 2024 16:57:22 +0530
Subject: [PATCH 28/48] feat: status list VC type set to StatusList2021

---
 .../revocation/dto/StatusListCredentialSubject.java         | 6 +++---
 .../revocation/services/HttpClientService.java              | 3 ++-
 .../revocation/services/RevocationService.java              | 4 ++--
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusListCredentialSubject.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusListCredentialSubject.java
index 0482d48b..02971bb6 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusListCredentialSubject.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusListCredentialSubject.java
@@ -27,9 +27,9 @@
 @Getter
 @Builder()
 public class StatusListCredentialSubject {
-    public static final String TYPE_ENTRY = "BitstringStatusListEntry";
-    public static final String TYPE_CREDENTIAL = "BitstringStatusListCredential";
-    public static final String TYPE_LIST = "BitstringStatusList";
+    public static final String TYPE_ENTRY = "StatusList2021Entry";
+    public static final String TYPE_CREDENTIAL = "StatusList2021";
+    public static final String TYPE_LIST = "StatusList2021Credential";
 
     public static final String SUBJECT_ID = "id";
     public static final String SUBJECT_TYPE = "type";
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientService.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientService.java
index e2fde5e8..333c8762 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientService.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientService.java
@@ -22,6 +22,7 @@
 package org.eclipse.tractusx.managedidentitywallets.revocation.services;
 
 import lombok.RequiredArgsConstructor;
+import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
 import org.eclipse.tractusx.managedidentitywallets.revocation.config.security.SecurityConfigProperties;
 import org.eclipse.tractusx.managedidentitywallets.revocation.dto.TokenResponse;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
@@ -72,7 +73,7 @@ public VerifiableCredential signStatusListVC(VerifiableCredential vc, String tok
         String uri =
                 UriComponentsBuilder.fromHttpUrl(miwUrl)
                         .path("/api/credentials")
-                        .queryParam("isRevocable", "false")
+                        .queryParam(StringPool.REVOCABLE, "false")
                         .build()
                         .toUriString();
 
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java
index ab273c17..e6033e8a 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java
@@ -303,7 +303,7 @@ private StatusListCredential createStatusListCredential(
         VerifiableCredential statusListVC;
         StatusListCredentialSubject subject;
         types.add(VerifiableCredentialType.VERIFIABLE_CREDENTIAL);
-        types.add(StatusListCredentialSubject.TYPE_CREDENTIAL);
+        types.add(StatusListCredentialSubject.TYPE_LIST);
 
         bpn = extractBpnFromDid(dto.issuerId());
         id =
@@ -317,7 +317,7 @@ private StatusListCredential createStatusListCredential(
                 StatusListCredentialSubject.builder()
                         .id(id)
                         .statusPurpose(dto.purpose().toLowerCase())
-                        .type(StatusListCredentialSubject.TYPE_LIST)
+                        .type(StatusListCredentialSubject.TYPE_CREDENTIAL)
                         .encodedList(BitSetManager.initializeEncodedListString())
                         .build();
 

From badb46d7d90232d661665a33410c3f11d210a401 Mon Sep 17 00:00:00 2001
From: rohit-smartsensesolutions <rohit.solanki@smartsensesolutions.com>
Date: Thu, 22 Aug 2024 16:54:50 +0530
Subject: [PATCH 29/48] feat: Helm charts for revocation service

---
 charts/managed-identity-wallet/.gitignore     |   3 +-
 charts/managed-identity-wallet/Chart.lock     |  24 +-
 charts/managed-identity-wallet/Chart.yaml     |  11 +-
 charts/managed-identity-wallet/README.md      | 290 ++++++++-------
 .../templates/NOTES.txt                       |   5 +-
 .../templates/_helpers.tpl                    |  35 ++
 .../{deployment.yaml => miw-deployment.yaml}  |  10 +-
 .../{ingress.yaml => miw-ingress.yaml}        |   4 +-
 .../{secret.yaml => miw-secret.yaml}          |   4 +-
 .../{service.yaml => miw-service.yaml}        |   4 +-
 .../templates/networkpolicy.yaml              |   4 +-
 .../templates/pgAdmin-server-definitions.yaml |   2 +-
 .../templates/psql-pv.yaml                    |  11 +
 .../templates/vcrs-configmap.yaml             |  27 ++
 .../templates/vcrs-deployment.yaml            |  83 +++++
 .../templates/vcrs-ingress.yaml               |  80 +++++
 .../templates/vcrs-secrets.yaml               |  27 ++
 .../templates/vcrs-service.yaml               |  32 ++
 charts/managed-identity-wallet/values.yaml    | 332 +++++++++++++-----
 19 files changed, 748 insertions(+), 240 deletions(-)
 rename charts/managed-identity-wallet/templates/{deployment.yaml => miw-deployment.yaml} (96%)
 rename charts/managed-identity-wallet/templates/{ingress.yaml => miw-ingress.yaml} (96%)
 rename charts/managed-identity-wallet/templates/{secret.yaml => miw-secret.yaml} (94%)
 rename charts/managed-identity-wallet/templates/{service.yaml => miw-service.yaml} (92%)
 create mode 100644 charts/managed-identity-wallet/templates/psql-pv.yaml
 create mode 100644 charts/managed-identity-wallet/templates/vcrs-configmap.yaml
 create mode 100644 charts/managed-identity-wallet/templates/vcrs-deployment.yaml
 create mode 100644 charts/managed-identity-wallet/templates/vcrs-ingress.yaml
 create mode 100644 charts/managed-identity-wallet/templates/vcrs-secrets.yaml
 create mode 100644 charts/managed-identity-wallet/templates/vcrs-service.yaml

diff --git a/charts/managed-identity-wallet/.gitignore b/charts/managed-identity-wallet/.gitignore
index ee3892e8..7639ceec 100644
--- a/charts/managed-identity-wallet/.gitignore
+++ b/charts/managed-identity-wallet/.gitignore
@@ -1 +1,2 @@
-charts/
+charts/pgadmin4
+**/charts/*.tgz
\ No newline at end of file
diff --git a/charts/managed-identity-wallet/Chart.lock b/charts/managed-identity-wallet/Chart.lock
index ef26fd56..5f15f8b4 100644
--- a/charts/managed-identity-wallet/Chart.lock
+++ b/charts/managed-identity-wallet/Chart.lock
@@ -1,15 +1,15 @@
 dependencies:
-- name: keycloak
-  repository: https://charts.bitnami.com/bitnami
-  version: 15.1.6
-- name: common
-  repository: https://charts.bitnami.com/bitnami
-  version: 2.13.3
-- name: postgresql
-  repository: https://charts.bitnami.com/bitnami
-  version: 11.9.13
-- name: pgadmin4
-  repository: file://charts/pgadmin4
-  version: 1.19.0
+  - name: keycloak
+    repository: https://charts.bitnami.com/bitnami
+    version: 22.1.0
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    version: 2.13.3
+  - name: postgresql
+    repository: https://charts.bitnami.com/bitnami
+    version: 11.9.13
+  - name: pgadmin4
+    repository: file://charts/pgadmin4
+    version: 1.19.0
 digest: sha256:fb94864221b4fed31894b48ac56b72a2324da0dc1cb1d6888cc52c3490685df7
 generated: "2023-12-15T10:30:41.880265+01:00"
diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml
index 78627ee4..d782405a 100644
--- a/charts/managed-identity-wallet/Chart.yaml
+++ b/charts/managed-identity-wallet/Chart.yaml
@@ -22,7 +22,6 @@ name: managed-identity-wallet
 description: |
   Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs.
   And at the same it shall support an uninterrupted tracking and tracing and documenting the usage of those DIDs, e.g. within logistical supply chains.
-
 type: application
 
 version: 1.0.0-develop.4
@@ -32,18 +31,15 @@ home: https://github.com/eclipse-tractusx/managed-identity-wallet
 keywords:
   - Managed Identity Wallet
   - eclipse-tractusx
-
 sources:
   - https://github.com/eclipse-tractusx/managed-identity-wallet
-
 maintainers:
   - name: Dominik Pinsel
     email: dominik.pinsel@mercedes-benz.com
     url: https://github.com/DominikPinsel
-
 dependencies:
   - name: keycloak
-    version: 15.1.6
+    version: 22.1.0
     repository: https://charts.bitnami.com/bitnami
     condition: keycloak.enabled
   - name: common
@@ -52,11 +48,10 @@ dependencies:
       - bitnami-common
     version: 2.x.x
   - name: postgresql
-    version: 11.9.13
+    version: "16.x.x"
     repository: https://charts.bitnami.com/bitnami
     condition: postgresql.enabled
   - name: pgadmin4
-    repository: file://charts/pgadmin4  # https://helm.runix.net
-    # License: https://github.com/rowanruseler/helm-charts/blob/main/LICENSE
+    repository: file://charts/pgadmin4
     version: 1.19.0
     condition: pgadmin4.enabled
diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md
index 3984b37f..c2ee872b 100644
--- a/charts/managed-identity-wallet/README.md
+++ b/charts/managed-identity-wallet/README.md
@@ -1,6 +1,6 @@
 <a name="readme-top"></a>
 
-# managed-identity-wallet
+# Managed Identity Wallet - Verifiable Credential Revocation Service
 
 ![Version: 1.0.0-develop.4](https://img.shields.io/badge/Version-1.0.0--develop.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0-develop.4](https://img.shields.io/badge/AppVersion-1.0.0--develop.4-informational?style=flat-square)
 
@@ -41,9 +41,7 @@ And at the same it shall support an uninterrupted tracking and tracing and docum
 
 ### Install Chart
 
-    helm install [RELEASE_NAME] tractusx-dev/managed-identity-wallet
-
-    helm install [RELEASE_NAME] tractusx-stable/managed-identity-wallet
+    helm install [RELEASE_NAME] charts/managed-identity-wallet
 
 <p align="right">(<a href="#readme-top">back to top</a>)</p>
 
@@ -75,124 +73,179 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document
 
 ## Requirements
 
-| Repository | Name | Version |
-|------------|------|---------|
-| file://charts/pgadmin4 | pgadmin4 | 1.19.0 |
-| https://charts.bitnami.com/bitnami | common | 2.x.x |
-| https://charts.bitnami.com/bitnami | keycloak | 15.1.6 |
+| Repository                         | Name       | Version |
+| ---------------------------------- | ---------- | ------- |
+| file://charts/pgadmin4             | pgadmin4   | 1.19.0  |
+| https://charts.bitnami.com/bitnami | common     | 2.x.x   |
+| https://charts.bitnami.com/bitnami | keycloak   | 15.1.6  |
 | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 |
 
 <p align="right">(<a href="#readme-top">back to top</a>)</p>
 
 ## Values
 
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| affinity | object | `{}` | Affinity configuration |
-| envs | object | `{}` | envs Parameters for the application (will be provided as environment variables) |
-| extraVolumeMounts | list | `[]` | add volume mounts to the miw deployment |
-| extraVolumes | list | `[]` | add volumes to the miw deployment |
-| fullnameOverride | string | `""` | String to fully override common.names.fullname template |
-| image.pullPolicy | string | `"Always"` | PullPolicy |
-| image.repository | string | `"tractusx/managed-identity-wallet"` | Image repository |
-| image.tag | string | `""` | Image tag (empty one will use "appVersion" value from chart definition) |
-| ingress.annotations | object | `{}` | Ingress annotations |
-| ingress.enabled | bool | `false` | Enable ingress controller resource |
-| ingress.hosts | list | `[]` | Ingress accepted hostnames |
-| ingress.tls | list | `[]` | Ingress TLS configuration |
-| initContainers | list | `[]` | add initContainers to the miw deployment |
-| keycloak.auth.adminPassword | string | `""` | Keycloak admin password |
-| keycloak.auth.adminUser | string | `"admin"` | Keycloak admin user |
-| keycloak.enabled | bool | `true` | Enable to deploy Keycloak |
-| keycloak.extraEnvVars | list | `[]` | Extra environment variables |
-| keycloak.ingress.annotations | object | `{}` |  |
-| keycloak.ingress.enabled | bool | `false` |  |
-| keycloak.ingress.hosts | list | `[]` |  |
-| keycloak.ingress.tls | list | `[]` |  |
-| keycloak.keycloakConfigCli.backoffLimit | int | `2` | Number of retries before considering a Job as failed |
-| keycloak.keycloakConfigCli.enabled | bool | `true` | Enable to create the miw playground realm |
-| keycloak.keycloakConfigCli.existingConfigmap | string | `"keycloak-realm-config"` | Existing configmap name for the realm configuration |
-| keycloak.postgresql.auth.database | string | `"miw_keycloak"` | Database name |
-| keycloak.postgresql.auth.password | string | `""` | KeycloakPostgresql password to set (if empty one is generated) |
-| keycloak.postgresql.auth.username | string | `"miw_keycloak"` | Keycloak PostgreSQL user |
-| keycloak.postgresql.enabled | bool | `true` | Enable to deploy PostgreSQL |
-| keycloak.postgresql.nameOverride | string | `"keycloak-postgresql"` | Name of the PostgreSQL chart to deploy. Mandatory when the MIW deploys a PostgreSQL chart, too. |
-| livenessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":20,"periodSeconds":5,"timeoutSeconds":15}` | Kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
-| livenessProbe.enabled | bool | `true` | Enables/Disables the livenessProbe at all |
-| livenessProbe.failureThreshold | int | `3` | When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. |
-| livenessProbe.initialDelaySeconds | int | `20` | Number of seconds after the container has started before readiness probe are initiated. |
-| livenessProbe.periodSeconds | int | `5` | How often (in seconds) to perform the probe |
-| livenessProbe.timeoutSeconds | int | `15` | Number of seconds after which the probe times out. |
-| miw.authorityWallet.bpn | string | `"BPNL000000000000"` | Authority Wallet BPNL |
-| miw.authorityWallet.name | string | `""` | Authority Wallet Name |
-| miw.database.encryptionKey.secret | string | `""` | Existing secret for database encryption key |
-| miw.database.encryptionKey.secretKey | string | `""` | Existing secret key for database encryption key |
-| miw.database.encryptionKey.value | string | `""` | Database encryption key for confidential data.  Ignored if `secret` is set. If empty a secret with 32 random alphanumeric chars is generated. |
-| miw.database.host | string | `"{{ .Release.Name }}-postgresql"` | Database host |
-| miw.database.name | string | `"miw_app"` | Database name |
-| miw.database.port | int | `5432` | Database port |
-| miw.database.secret | string | `"{{ .Release.Name }}-postgresql"` | Existing secret name for the database password |
-| miw.database.secretPasswordKey | string | `"password"` | Existing secret key for the database password |
-| miw.database.useSSL | bool | `false` | Set to true to enable SSL connection to the database |
-| miw.database.user | string | `"miw"` | Database user |
-| miw.environment | string | `"dev"` | Runtime environment. Should be ether local, dev, int or prod |
-| miw.host | string | `"{{ .Release.Name }}-managed-identity-wallet:8080"` | Host name |
-| miw.keycloak.clientId | string | `"miw_private_client"` | Keycloak client id |
-| miw.keycloak.realm | string | `"miw_test"` | Keycloak realm |
-| miw.keycloak.url | string | `"http://{{ .Release.Name }}-keycloak"` | Keycloak URL |
-| miw.logging.level | string | `"INFO"` | Log level. Should be ether ERROR, WARN, INFO, DEBUG, or TRACE. |
-| miw.ssi.enforceHttpsInDidWebResolution | bool | `true` | Enable to use HTTPS in DID Web Resolution |
-| miw.ssi.vcExpiryDate | string | `""` | Verifiable Credential expiry date. Format 'dd-MM-yyyy'. If empty it is set to 31-12-<current year> |
-| nameOverride | string | `""` | String to partially override common.names.fullname template (will maintain the release name) |
-| networkPolicy.enabled | bool | `false` | If `true` network policy will be created to restrict access to managed-identity-wallet |
-| networkPolicy.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for miw (defaults to all namespaces) |
-| nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector configuration |
-| pgadmin4.enabled | bool | `false` | Enable to deploy pgAdmin |
-| pgadmin4.env.email | string | `"admin@miw.com"` | Preset the admin user email |
-| pgadmin4.env.password | string | `"very-secret-password"` | preset password (there is no auto-generated password) |
-| pgadmin4.extraServerDefinitions.enabled | bool | `true` | enable the predefined server for pgadmin |
-| pgadmin4.extraServerDefinitions.servers | object | `{}` | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L84) how to configure the predefined servers |
-| pgadmin4.ingress.annotations | object | `{}` |  |
-| pgadmin4.ingress.enabled | bool | `false` | Enagle pgAdmin ingress |
-| pgadmin4.ingress.hosts | list | `[]` | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L104) how to configure the ingress host(s) |
-| pgadmin4.ingress.tls | list | `[]` | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L109) how to configure tls for the ingress host(s) |
-| podAnnotations | object | `{}` | PodAnnotation configuration |
-| podSecurityContext | object | `{}` | PodSecurityContext |
-| postgresql.auth.database | string | `"miw_app"` | Postgresql database to create |
-| postgresql.auth.enablePostgresUser | bool | `false` | Enable postgresql admin user |
-| postgresql.auth.password | string | `""` | Postgresql password to set (if empty one is generated) |
-| postgresql.auth.postgresPassword | string | `""` | Postgresql admin user password |
-| postgresql.auth.username | string | `"miw"` | Postgresql user to create |
-| postgresql.backup.cronjob.schedule | string | `"* */6 * * *"` | Backup schedule |
-| postgresql.backup.cronjob.storage.existingClaim | string | `""` | Name of an existing PVC to use |
-| postgresql.backup.cronjob.storage.resourcePolicy | string | `"keep"` | Set resource policy to "keep" to avoid removing PVCs during a helm delete operation |
-| postgresql.backup.cronjob.storage.size | string | `"8Gi"` | PVC Storage Request for the backup data volume |
-| postgresql.backup.enabled | bool | `false` | Enable to create a backup cronjob |
-| postgresql.enabled | bool | `true` | Enable to deploy Postgresql |
-| readinessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":30,"periodSeconds":5,"successThreshold":1,"timeoutSeconds":5}` | Kubernetes [readiness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
-| readinessProbe.enabled | bool | `true` | Enables/Disables the readinessProbe at all |
-| readinessProbe.failureThreshold | int | `3` | When a probe fails, Kubernetes will try failureThreshold times before giving up. In case of readiness probe the Pod will be marked Unready. |
-| readinessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before readiness probe are initiated. |
-| readinessProbe.periodSeconds | int | `5` | How often (in seconds) to perform the probe |
-| readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed. |
-| readinessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out. |
-| replicaCount | int | `1` | The amount of replicas to run |
-| resources.limits.cpu | int | `2` | CPU resource limits |
-| resources.limits.memory | string | `"1Gi"` | Memory resource limits |
-| resources.requests.cpu | string | `"250m"` | CPU resource requests |
-| resources.requests.memory | string | `"500Mi"` | Memory resource requests |
-| secrets | object | `{}` | Parameters for the application (will be stored as secrets - so, for passwords, ...) |
-| securityContext.allowPrivilegeEscalation | bool | `false` | Allow privilege escalation |
-| securityContext.privileged | bool | `false` | Enable privileged container |
-| securityContext.runAsGroup | int | `11111` | Group ID used to run the container |
-| securityContext.runAsNonRoot | bool | `true` | Enable to run the container as a non-root user |
-| securityContext.runAsUser | int | `11111` | User ID used to run the container |
-| service.port | int | `8080` | Kubernetes Service port |
-| service.type | string | `"ClusterIP"` | Kubernetes Service type |
-| serviceAccount.annotations | object | `{}` | Annotations to add to the ServiceAccount |
-| serviceAccount.create | bool | `true` | Enable creation of ServiceAccount |
-| serviceAccount.name | string | `""` | The name of the ServiceAccount to use. |
-| tolerations | list | `[]` | Tolerations configuration |
+| Key                                              | Type   | Default                                                                                                                    | Description                                                                                                                                                                         |
+| ------------------------------------------------ | ------ | -------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| affinity                                         | object | `{}`                                                                                                                       | Affinity configuration                                                                                                                                                              |
+| envs                                             | object | `{}`                                                                                                                       | envs Parameters for the application (will be provided as environment variables)                                                                                                     |
+| extraVolumeMounts                                | list   | `[]`                                                                                                                       | add volume mounts to the miw deployment                                                                                                                                             |
+| extraVolumes                                     | list   | `[]`                                                                                                                       | add volumes to the miw deployment                                                                                                                                                   |
+| fullnameOverride                                 | string | `""`                                                                                                                       | String to fully override common.names.fullname template                                                                                                                             |
+| image.pullPolicy                                 | string | `"Always"`                                                                                                                 | PullPolicy                                                                                                                                                                          |
+| image.repository                                 | string | `"tractusx/managed-identity-wallet"`                                                                                       | Image repository                                                                                                                                                                    |
+| image.tag                                        | string | `""`                                                                                                                       | Image tag (empty one will use "appVersion" value from chart definition)                                                                                                             |
+| ingress.annotations                              | object | `{}`                                                                                                                       | Ingress annotations                                                                                                                                                                 |
+| ingress.enabled                                  | bool   | `false`                                                                                                                    | Enable ingress controller resource                                                                                                                                                  |
+| ingress.hosts                                    | list   | `[]`                                                                                                                       | Ingress accepted hostnames                                                                                                                                                          |
+| ingress.tls                                      | list   | `[]`                                                                                                                       | Ingress TLS configuration                                                                                                                                                           |
+| initContainers                                   | list   | `[]`                                                                                                                       | add initContainers to the miw deployment                                                                                                                                            |
+| keycloak.auth.adminPassword                      | string | `""`                                                                                                                       | Keycloak admin password                                                                                                                                                             |
+| keycloak.auth.adminUser                          | string | `"admin"`                                                                                                                  | Keycloak admin user                                                                                                                                                                 |
+| keycloak.enabled                                 | bool   | `true`                                                                                                                     | Enable to deploy Keycloak                                                                                                                                                           |
+| keycloak.extraEnvVars                            | list   | `[]`                                                                                                                       | Extra environment variables                                                                                                                                                         |
+| keycloak.ingress.annotations                     | object | `{}`                                                                                                                       |                                                                                                                                                                                     |
+| keycloak.ingress.enabled                         | bool   | `false`                                                                                                                    |                                                                                                                                                                                     |
+| keycloak.ingress.hosts                           | list   | `[]`                                                                                                                       |                                                                                                                                                                                     |
+| keycloak.ingress.tls                             | list   | `[]`                                                                                                                       |                                                                                                                                                                                     |
+| keycloak.keycloakConfigCli.backoffLimit          | int    | `2`                                                                                                                        | Number of retries before considering a Job as failed                                                                                                                                |
+| keycloak.keycloakConfigCli.enabled               | bool   | `true`                                                                                                                     | Enable to create the miw playground realm                                                                                                                                           |
+| keycloak.keycloakConfigCli.existingConfigmap     | string | `"keycloak-realm-config"`                                                                                                  | Existing configmap name for the realm configuration                                                                                                                                 |
+| keycloak.postgresql.auth.database                | string | `"miw_keycloak"`                                                                                                           | Database name                                                                                                                                                                       |
+| keycloak.postgresql.auth.password                | string | `""`                                                                                                                       | KeycloakPostgresql password to set (if empty one is generated)                                                                                                                      |
+| keycloak.postgresql.auth.username                | string | `"miw_keycloak"`                                                                                                           | Keycloak PostgreSQL user                                                                                                                                                            |
+| keycloak.postgresql.enabled                      | bool   | `true`                                                                                                                     | Enable to deploy PostgreSQL                                                                                                                                                         |
+| keycloak.postgresql.nameOverride                 | string | `"keycloak-postgresql"`                                                                                                    | Name of the PostgreSQL chart to deploy. Mandatory when the MIW deploys a PostgreSQL chart, too.                                                                                     |
+| livenessProbe                                    | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":20,"periodSeconds":5,"timeoutSeconds":15}`                     | Kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)                                                  |
+| livenessProbe.enabled                            | bool   | `true`                                                                                                                     | Enables/Disables the livenessProbe at all                                                                                                                                           |
+| livenessProbe.failureThreshold                   | int    | `3`                                                                                                                        | When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container.                                |
+| livenessProbe.initialDelaySeconds                | int    | `20`                                                                                                                       | Number of seconds after the container has started before readiness probe are initiated.                                                                                             |
+| livenessProbe.periodSeconds                      | int    | `5`                                                                                                                        | How often (in seconds) to perform the probe                                                                                                                                         |
+| livenessProbe.timeoutSeconds                     | int    | `15`                                                                                                                       | Number of seconds after which the probe times out.                                                                                                                                  |
+| miw.authorityWallet.bpn                          | string | `"BPNL000000000000"`                                                                                                       | Authority Wallet BPNL                                                                                                                                                               |
+| miw.authorityWallet.name                         | string | `""`                                                                                                                       | Authority Wallet Name                                                                                                                                                               |
+| miw.database.encryptionKey.secret                | string | `""`                                                                                                                       | Existing secret for database encryption key                                                                                                                                         |
+| miw.database.encryptionKey.secretKey             | string | `""`                                                                                                                       | Existing secret key for database encryption key                                                                                                                                     |
+| miw.database.encryptionKey.value                 | string | `""`                                                                                                                       | Database encryption key for confidential data.  Ignored if `secret` is set. If empty a secret with 32 random alphanumeric chars is generated.                                       |
+| miw.database.host                                | string | `"{{ .Release.Name }}-postgresql"`                                                                                         | Database host                                                                                                                                                                       |
+| miw.database.name                                | string | `"miw_app"`                                                                                                                | Database name                                                                                                                                                                       |
+| miw.database.port                                | int    | `5432`                                                                                                                     | Database port                                                                                                                                                                       |
+| miw.database.secret                              | string | `"{{ .Release.Name }}-postgresql"`                                                                                         | Existing secret name for the database password                                                                                                                                      |
+| miw.database.secretPasswordKey                   | string | `""`                                                                                                               | Existing secret key for the database password                                                                                                                                       |
+| miw.database.useSSL                              | bool   | `false`                                                                                                                    | Set to true to enable SSL connection to the database                                                                                                                                |
+| miw.database.user                                | string | `"miw"`                                                                                                                    | Database user                                                                                                                                                                       |
+| miw.environment                                  | string | `"dev"`                                                                                                                    | Runtime environment. Should be ether local, dev, int or prod                                                                                                                        |
+| miw.host                                         | string | `"{{ .Release.Name }}-managed-identity-wallet:8080"`                                                                       | Host name                                                                                                                                                                           |
+| miw.keycloak.clientId                            | string | `"miw_private_client"`                                                                                                     | Keycloak client id                                                                                                                                                                  |
+| miw.keycloak.realm                               | string | `"miw_test"`                                                                                                               | Keycloak realm                                                                                                                                                                      |
+| miw.keycloak.url                                 | string | `"http://{{ .Release.Name }}-keycloak"`                                                                                    | Keycloak URL                                                                                                                                                                        |
+| miw.logging.level                                | string | `"INFO"`                                                                                                                   | Log level. Should be ether ERROR, WARN, INFO, DEBUG, or TRACE.                                                                                                                      |
+| miw.ssi.enforceHttpsInDidWebResolution           | bool   | `true`                                                                                                                     | Enable to use HTTPS in DID Web Resolution                                                                                                                                           |
+| miw.ssi.vcExpiryDate                             | string | `""`                                                                                                                       | Verifiable Credential expiry date. Format 'dd-MM-yyyy'. If empty it is set to 31-12-<current year>                                                                                  |
+| nameOverride                                     | string | `""`                                                                                                                       | String to partially override common.names.fullname template (will maintain the release name)                                                                                        |
+| networkPolicy.enabled                            | bool   | `false`                                                                                                                    | If `true` network policy will be created to restrict access to managed-identity-wallet                                                                                              |
+| networkPolicy.from                               | list   | `[{"namespaceSelector":{}}]`                                                                                               | Specify from rule network policy for miw (defaults to all namespaces)                                                                                                               |
+| nodeSelector                                     | object | `{"kubernetes.io/os":"linux"}`                                                                                             | NodeSelector configuration                                                                                                                                                          |
+| pgadmin4.enabled                                 | bool   | `false`                                                                                                                    | Enable to deploy pgAdmin                                                                                                                                                            |
+| pgadmin4.env.email                               | string | `"admin@miw.com"`                                                                                                          | Preset the admin user email                                                                                                                                                         |
+| pgadmin4.env.password                            | string | `"very-secret-password"`                                                                                                   | preset password (there is no auto-generated password)                                                                                                                               |
+| pgadmin4.extraServerDefinitions.enabled          | bool   | `true`                                                                                                                     | enable the predefined server for pgadmin                                                                                                                                            |
+| pgadmin4.extraServerDefinitions.servers          | object | `{}`                                                                                                                       | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L84) how to configure the predefined servers       |
+| pgadmin4.ingress.annotations                     | object | `{}`                                                                                                                       |                                                                                                                                                                                     |
+| pgadmin4.ingress.enabled                         | bool   | `false`                                                                                                                    | Enagle pgAdmin ingress                                                                                                                                                              |
+| pgadmin4.ingress.hosts                           | list   | `[]`                                                                                                                       | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L104) how to configure the ingress host(s)         |
+| pgadmin4.ingress.tls                             | list   | `[]`                                                                                                                       | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L109) how to configure tls for the ingress host(s) |
+| podAnnotations                                   | object | `{}`                                                                                                                       | PodAnnotation configuration                                                                                                                                                         |
+| podSecurityContext                               | object | `{}`                                                                                                                       | PodSecurityContext                                                                                                                                                                  |
+| postgresql.auth.database                         | string | `"miw_app"`                                                                                                                | Postgresql database to create                                                                                                                                                       |
+| postgresql.auth.enablePostgresUser               | bool   | `false`                                                                                                                    | Enable postgresql admin user                                                                                                                                                        |
+| postgresql.auth.password                         | string | `""`                                                                                                                       | Postgresql password to set (if empty one is generated)                                                                                                                              |
+| postgresql.auth.postgresPassword                 | string | `""`                                                                                                                       | Postgresql admin user password                                                                                                                                                      |
+| postgresql.auth.username                         | string | `"miw"`                                                                                                                    | Postgresql user to create                                                                                                                                                           |
+| postgresql.backup.cronjob.schedule               | string | `"* */6 * * *"`                                                                                                            | Backup schedule                                                                                                                                                                     |
+| postgresql.backup.cronjob.storage.existingClaim  | string | `""`                                                                                                                       | Name of an existing PVC to use                                                                                                                                                      |
+| postgresql.backup.cronjob.storage.resourcePolicy | string | `"keep"`                                                                                                                   | Set resource policy to "keep" to avoid removing PVCs during a helm delete operation                                                                                                 |
+| postgresql.backup.cronjob.storage.size           | string | `"8Gi"`                                                                                                                    | PVC Storage Request for the backup data volume                                                                                                                                      |
+| postgresql.backup.enabled                        | bool   | `false`                                                                                                                    | Enable to create a backup cronjob                                                                                                                                                   |
+| postgresql.enabled                               | bool   | `true`                                                                                                                     | Enable to deploy Postgresql                                                                                                                                                         |
+| readinessProbe                                   | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":30,"periodSeconds":5,"successThreshold":1,"timeoutSeconds":5}` | Kubernetes [readiness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)                                                 |
+| readinessProbe.enabled                           | bool   | `true`                                                                                                                     | Enables/Disables the readinessProbe at all                                                                                                                                          |
+| readinessProbe.failureThreshold                  | int    | `3`                                                                                                                        | When a probe fails, Kubernetes will try failureThreshold times before giving up. In case of readiness probe the Pod will be marked Unready.                                         |
+| readinessProbe.initialDelaySeconds               | int    | `30`                                                                                                                       | Number of seconds after the container has started before readiness probe are initiated.                                                                                             |
+| readinessProbe.periodSeconds                     | int    | `5`                                                                                                                        | How often (in seconds) to perform the probe                                                                                                                                         |
+| readinessProbe.successThreshold                  | int    | `1`                                                                                                                        | Minimum consecutive successes for the probe to be considered successful after having failed.                                                                                        |
+| readinessProbe.timeoutSeconds                    | int    | `5`                                                                                                                        | Number of seconds after which the probe times out.                                                                                                                                  |
+| replicaCount                                     | int    | `1`                                                                                                                        | The amount of replicas to run                                                                                                                                                       |
+| resources.limits.cpu                             | int    | `2`                                                                                                                        | CPU resource limits                                                                                                                                                                 |
+| resources.limits.memory                          | string | `"1Gi"`                                                                                                                    | Memory resource limits                                                                                                                                                              |
+| resources.requests.cpu                           | string | `"250m"`                                                                                                                   | CPU resource requests                                                                                                                                                               |
+| resources.requests.memory                        | string | `"500Mi"`                                                                                                                  | Memory resource requests                                                                                                                                                            |
+| secrets                                          | object | `{}`                                                                                                                       | Parameters for the application (will be stored as secrets - so, for passwords, ...)                                                                                                 |
+| securityContext.allowPrivilegeEscalation         | bool   | `false`                                                                                                                    | Allow privilege escalation                                                                                                                                                          |
+| securityContext.privileged                       | bool   | `false`                                                                                                                    | Enable privileged container                                                                                                                                                         |
+| securityContext.runAsGroup                       | int    | `11111`                                                                                                                    | Group ID used to run the container                                                                                                                                                  |
+| securityContext.runAsNonRoot                     | bool   | `true`                                                                                                                     | Enable to run the container as a non-root user                                                                                                                                      |
+| securityContext.runAsUser                        | int    | `11111`                                                                                                                    | User ID used to run the container                                                                                                                                                   |
+| service.port                                     | int    | `8080`                                                                                                                     | Kubernetes Service port                                                                                                                                                             |
+| service.type                                     | string | `"ClusterIP"`                                                                                                              | Kubernetes Service type                                                                                                                                                             |
+| serviceAccount.annotations                       | object | `{}`                                                                                                                       | Annotations to add to the ServiceAccount                                                                                                                                            |
+| serviceAccount.create                            | bool   | `true`                                                                                                                     | Enable creation of ServiceAccount                                                                                                                                                   |
+| serviceAccount.name                              | string | `""`                                                                                                                       | The name of the ServiceAccount to use.                                                                                                                                              |
+| tolerations                                      | list   | `[]`                                                                                                                       | Tolerations configuration                                                                                                                                                           |
+| vcrs.replicaCount                                | int    | `1`                                                                                                                        | Number of replicas to run                                                                                                                                                           |
+| vcrs.url                                         | string | `"https://a888-203-129-213-107.ngrok-free.app"`                                                                            | Application URL                                                                                                                                                                     |
+| vcrs.vcContexts                                  | string | `"https://www.w3.org/2018/credentials/v1, https://cofinity-x.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json"` | App VC context                                                                                                                                                                      |
+| vcrs.domain.url                                  | string | `"https://977d-203-129-213-107.ngrok-free.app"`                                                                            | App domain                                                                                                                                                                          |
+| vcrs.domain.host                                 | string | `"localhost"`                                                                                                              | The application name                                                                                                                                                                |
+| vcrs.appName                                     | string | `"verifiable-credential-revocation-service"`                                                                               | The configmap name                                                                                                                                                                  |
+| vcrs.appPort                                     | string | `"8081"`                                                                                                                   | The application port                                                                                                                                                                |
+| vcrs.appProfile                                  | string | `"local"`                                                                                                                  | The application profile                                                                                                                                                             |
+| vcrs.applicationLogLevel                         | string | `"DEBUG"`                                                                                                                  | The application log level                                                                                                                                                           |
+| vcrs.configName                                  | string | `"verifiable-credential-revocation-service-config"`                                                                        | The service name                                                                                                                                                                    |
+| vcrs.serviceName                                 | string | `"verifiable-credential-revocation-service"`                                                                               | The secret name                                                                                                                                                                     |
+| vcrs.secretName                                  | string | `"verifiable-credential-revocation-service-secret"`                                                                        | The secret name                                                                                                                                                                     |
+| vcrs.ingressName                                 | string | `"verifiable-credential-revocation-service-ingress"`                                                                       | Ingress name                                                                                                                                                                        |
+| vcrs.image.repository                            | string | `"docker.io/example"`                                              | Image repository                                                                                                                                                                    |
+| vcrs.image.pullPolicy                            | string | `"IfNotPresent"`                                                                                                           | PullPolicy                                                                                                                                                                          |
+| vcrs.image.tag                                   | string | `"latest"`                                                                                                                 | Image tag (empty one will use "appVersion" value from chart definition)                                                                                                             |
+| vcrs.resources.requests.cpu                      | string | `"250m"`                                                                                                                   | CPU resource requests                                                                                                                                                               |
+| vcrs.resources.requests.memory                   | string | `"512Mi"`                                                                                                                  | Memory resource requests                                                                                                                                                            |
+| vcrs.resources.limits.cpu                        | string | `"500m"`                                                                                                                   | CPU resource limits                                                                                                                                                                 |
+| vcrs.resources.limits.memory                     | string | `"1Gi"`                                                                                                                    | Memory resource limits                                                                                                                                                              |
+| vcrs.livenessProbe.enabled                       | bool   | `true`                                                                                                                     | Enables/Disables the livenessProbe                                                                                                                                                  |
+| vcrs.livenessProbe.failureThreshold              | int    | `5`                                                                                                                        | Failure threshold for liveness probe                                                                                                                                                |
+| vcrs.livenessProbe.initialDelaySeconds           | int    | `60`                                                                                                                       | Initial delay before liveness probe starts                                                                                                                                          |
+| vcrs.livenessProbe.timeoutSeconds                | int    | `30`                                                                                                                       | Timeout for liveness probe                                                                                                                                                          |
+| vcrs.livenessProbe.periodSeconds                 | int    | `15`                                                                                                                       | How often to perform liveness probe                                                                                                                                                 |
+| vcrs.readinessProbe.enabled                      | bool   | `true`                                                                                                                     | Enables/Disables the readinessProbe                                                                                                                                                 |
+| vcrs.readinessProbe.failureThreshold             | int    | `5`                                                                                                                        | Failure threshold for readiness probe                                                                                                                                               |
+| vcrs.readinessProbe.initialDelaySeconds          | int    | `60`                                                                                                                       | Initial delay before readiness probe starts                                                                                                                                         |
+| vcrs.readinessProbe.timeoutSeconds               | int    | `15`                                                                                                                       | Timeout for readiness probe                                                                                                                                                         |
+| vcrs.readinessProbe.periodSeconds                | int    | `15`                                                                                                                       | How often to perform readiness probe                                                                                                                                                |
+| vcrs.readinessProbe.successThreshold             | int    | `1`                                                                                                                        | Minimum consecutive successes for the readiness probe to be considered successful                                                                                                   |
+| vcrs.ingress.enabled                             | bool   | `false`                                                                                                                    | Enable to deploy ingress                                                                                                                                                            |
+| vcrs.ingress.tls                                 | bool   | `false`                                                                                                                    | TLS configuration for ingress                                                                                                                                                       |
+| vcrs.ingress.urlPrefix                           | string | `/`                                                                                                                        | URL prefix for ingress                                                                                                                                                              |
+| vcrs.ingress.className                           | string | `"nginx"`                                                                                                                  | Ingress class name                                                                                                                                                                  |
+| vcrs.ingress.annotations                         | object | `{}`                                                                                                                       | Ingress annotations                                                                                                                                                                 |
+| vcrs.ingress.service.type                        | string | `"ClusterIP"`                                                                                                              | Kubernetes Service type                                                                                                                                                             |
+| vcrs.ingress.service.port                        | int    | `8081`                                                                                                                     | Kubernetes Service port                                                                                                                                                             |
+| vcrs.database.databaseHost                       | string | `"managed-identity-wallet-postgresql"`                                                                                     | The Database Host                                                                                                                                                                   |
+| vcrs.database.databasePort                       | int    | `5432`                                                                                                                     | The Database Port                                                                                                                                                                   |
+| vcrs.database.databaseName                       | string | `"vcrs_app"`                                                                                                               | The Database Name                                                                                                                                                                   |
+| vcrs.database.databaseUseSSL                     | bool   | `false`                                                                                                                    | The Database SSL                                                                                                                                                                    |
+| vcrs.database.databaseUsername                   | string | `"vcrs"`                                                                                                                   | The Database Username                                                                                                                                                               |
+| vcrs.database.databaseConnectionPoolSize         | int    | `10`                                                                                                                       | The Database connection pool size                                                                                                                                                   |
+| vcrs.database.databasepass                       | string | `""`                                                                                                              | The Database password                                                                                                                                                               |
+| vcrs.swagger.enableSwaggerUi                     | bool   | `true`                                                                                                                     | Enable Swagger UI                                                                                                                                                                   |
+| vcrs.swagger.enableApiDoc                        | bool   | `true`                                                                                                                     | Enable Swagger API Doc                                                                                                                                                              |
+| vcrs.security.serviceSecurityEnabed              | bool   | `true`                                                                                                                     | Enable application security                                                                                                                                                         |
+| vcrs.keycloak.enabled                            | bool   | `false`                                                                                                                    | Enable Keycloak                                                                                                                                                                     |
+| vcrs.keycloak.keycloakRealm                      | string | `"miw_test"`                                                                                                               | Keycloak Realm                                                                                                                                                                      |
+| vcrs.keycloak.clientId                           | string | `"miw_private_client"`                                                                                                     | Keycloak Client ID                                                                                                                                                                  |
+| vcrs.keycloak.publicClientId                     | string | `"miw_public_client"`                                                                                                      | Keycloak Public Client ID                                                                                                                                                           |
+| vcrs.keycloak.authServerUrl                      | string | `"http://{{ .Release.Name }}-keycloak"`                                                                                    | Keycloak Auth Server URL                                                                                                                                                            |
+| vcrs.logging.revocation                          | string | `"INFO"`                                                                                                                   | Logging method for revocation                                                                                                                                                       |
+
 
 For more information on how to configure the Keycloak see
 - https://github.com/bitnami/charts/tree/main/bitnami/keycloak.
@@ -260,9 +313,10 @@ when deploying the MIW in a production environment:
 
 ## Maintainers
 
-| Name | Email | Url |
-| ---- | ------ | --- |
+| Name           | Email                              | Url                                |
+| -------------- | ---------------------------------- | ---------------------------------- |
 | Dominik Pinsel | <dominik.pinsel@mercedes-benz.com> | <https://github.com/DominikPinsel> |
+| Rohit Solanki | <rohit.solanki@smartsensesolutions.com> | <https://github.com/rohit-smartsensesolutions/> |
 
 <p align="right">(<a href="#readme-top">back to top</a>)</p>
 
diff --git a/charts/managed-identity-wallet/templates/NOTES.txt b/charts/managed-identity-wallet/templates/NOTES.txt
index ddfc099c..2c3e36f9 100644
--- a/charts/managed-identity-wallet/templates/NOTES.txt
+++ b/charts/managed-identity-wallet/templates/NOTES.txt
@@ -17,6 +17,7 @@
 {{- else if contains "ClusterIP" .Values.service.type }}
   export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "managed-identity-wallet.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
   export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+  Visit http://127.0.0.1:8080 (MIW) and http://127.0.0.1:8081 (VCRS) to use your application
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:8080
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8081:8081
 {{- end }}
diff --git a/charts/managed-identity-wallet/templates/_helpers.tpl b/charts/managed-identity-wallet/templates/_helpers.tpl
index cf153767..6fd0b239 100644
--- a/charts/managed-identity-wallet/templates/_helpers.tpl
+++ b/charts/managed-identity-wallet/templates/_helpers.tpl
@@ -24,6 +24,10 @@ Expand the name of the chart.
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
+{{- define "verifiable-credential-revocation-service.name" -}}
+{{- default .Chart.Name .Values.vcrs.env.APPLICATION_NAME | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
@@ -42,6 +46,19 @@ If release name contains chart name it will be used as a full name.
 {{- end }}
 {{- end }}
 
+{{- define "verifiable-credential-revocation-service.fullname" -}}
+{{- if .Values.vcrs.env.APPLICATION_NAME }}
+{{- .Values.vcrs.env.APPLICATION_NAME | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.vcrs.env.APPLICATION_NAME }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
 {{/*
 Create chart name and version as used by the chart label.
 */}}
@@ -49,6 +66,10 @@ Create chart name and version as used by the chart label.
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
+{{- define "verifiable-credential-revocation-service.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
 {{/*
 Common labels
 */}}
@@ -61,6 +82,15 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end }}
 
+{{- define "verifiable-credential-revocation-service.labels" -}}
+helm.sh/chart: {{ include "verifiable-credential-revocation-service.chart" . }}
+{{ include "verifiable-credential-revocation-service.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
 {{/*
 Selector labels
 */}}
@@ -69,6 +99,11 @@ app.kubernetes.io/name: {{ include "managed-identity-wallet.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
+{{- define "verifiable-credential-revocation-service.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "verifiable-credential-revocation-service.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
 {{/*
 Create the name of the service account to use
 */}}
diff --git a/charts/managed-identity-wallet/templates/deployment.yaml b/charts/managed-identity-wallet/templates/miw-deployment.yaml
similarity index 96%
rename from charts/managed-identity-wallet/templates/deployment.yaml
rename to charts/managed-identity-wallet/templates/miw-deployment.yaml
index 801dbf9a..805b6c09 100644
--- a/charts/managed-identity-wallet/templates/deployment.yaml
+++ b/charts/managed-identity-wallet/templates/miw-deployment.yaml
@@ -1,4 +1,4 @@
-# /********************************************************************************
+# ********************************************************************************
 # * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
 # *
 # * See the NOTICE file(s) distributed with this work for additional
@@ -15,7 +15,7 @@
 # * under the License.
 # *
 # * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************/
+# ********************************************************************************
 
 apiVersion: apps/v1
 kind: Deployment
@@ -117,7 +117,7 @@ spec:
             - name: http
               containerPort: 8080
               protocol: TCP
-          {{- with .Values.livenessProbe }}
+          {{- with .Values.miw.livenessProbe }}
           {{- if .enabled }}
           livenessProbe:
             httpGet:
@@ -130,7 +130,7 @@ spec:
             timeoutSeconds: {{ .timeoutSeconds }}
           {{- end }}
           {{- end }}
-          {{- with .Values.readinessProbe }}
+          {{- with .Values.miw.readinessProbe }}
           {{- if .enabled }}
           readinessProbe:
             httpGet:
@@ -162,4 +162,4 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       volumes:
-        {{- toYaml .Values.extraVolumes | nindent 8 }}
+        {{- toYaml .Values.extraVolumes | nindent 8 }}
\ No newline at end of file
diff --git a/charts/managed-identity-wallet/templates/ingress.yaml b/charts/managed-identity-wallet/templates/miw-ingress.yaml
similarity index 96%
rename from charts/managed-identity-wallet/templates/ingress.yaml
rename to charts/managed-identity-wallet/templates/miw-ingress.yaml
index a550fece..afb584a8 100644
--- a/charts/managed-identity-wallet/templates/ingress.yaml
+++ b/charts/managed-identity-wallet/templates/miw-ingress.yaml
@@ -1,4 +1,4 @@
-# /********************************************************************************
+# ********************************************************************************
 # * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
 # *
 # * See the NOTICE file(s) distributed with this work for additional
@@ -15,7 +15,7 @@
 # * under the License.
 # *
 # * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************/
+# ********************************************************************************
 
 {{ if .Values.ingress.enabled -}}
 {{- $fullName := include "managed-identity-wallet.fullname" . -}}
diff --git a/charts/managed-identity-wallet/templates/secret.yaml b/charts/managed-identity-wallet/templates/miw-secret.yaml
similarity index 94%
rename from charts/managed-identity-wallet/templates/secret.yaml
rename to charts/managed-identity-wallet/templates/miw-secret.yaml
index 832ecf87..ff3af397 100644
--- a/charts/managed-identity-wallet/templates/secret.yaml
+++ b/charts/managed-identity-wallet/templates/miw-secret.yaml
@@ -1,4 +1,4 @@
-# /********************************************************************************
+# ********************************************************************************
 # * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
 # *
 # * See the NOTICE file(s) distributed with this work for additional
@@ -15,7 +15,7 @@
 # * under the License.
 # *
 # * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************/
+# ********************************************************************************
 
 {{ if .Values.secrets -}}
 apiVersion: v1
diff --git a/charts/managed-identity-wallet/templates/service.yaml b/charts/managed-identity-wallet/templates/miw-service.yaml
similarity index 92%
rename from charts/managed-identity-wallet/templates/service.yaml
rename to charts/managed-identity-wallet/templates/miw-service.yaml
index 8c067a45..4dd6103d 100644
--- a/charts/managed-identity-wallet/templates/service.yaml
+++ b/charts/managed-identity-wallet/templates/miw-service.yaml
@@ -1,4 +1,4 @@
-# /********************************************************************************
+# ********************************************************************************
 # * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
 # *
 # * See the NOTICE file(s) distributed with this work for additional
@@ -15,7 +15,7 @@
 # * under the License.
 # *
 # * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************/
+# ********************************************************************************
 
 apiVersion: v1
 kind: Service
diff --git a/charts/managed-identity-wallet/templates/networkpolicy.yaml b/charts/managed-identity-wallet/templates/networkpolicy.yaml
index f989b9b7..7fa2a38d 100644
--- a/charts/managed-identity-wallet/templates/networkpolicy.yaml
+++ b/charts/managed-identity-wallet/templates/networkpolicy.yaml
@@ -1,4 +1,4 @@
-# /********************************************************************************
+# ********************************************************************************
 # * Copyright (c) 2024 Contributors to the Eclipse Foundation
 # *
 # * See the NOTICE file(s) distributed with this work for additional
@@ -15,7 +15,7 @@
 # * under the License.
 # *
 # * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************/
+# ********************************************************************************
 {{- if .Values.networkPolicy.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
diff --git a/charts/managed-identity-wallet/templates/pgAdmin-server-definitions.yaml b/charts/managed-identity-wallet/templates/pgAdmin-server-definitions.yaml
index 53fd2be4..35117541 100644
--- a/charts/managed-identity-wallet/templates/pgAdmin-server-definitions.yaml
+++ b/charts/managed-identity-wallet/templates/pgAdmin-server-definitions.yaml
@@ -21,7 +21,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ .Release.Name }}-pgadmin4-server-definitions
+  name: pgadmin4-server-definitions
   labels:
     {{- include "pgadmin.labels" . | nindent 4 }}
 data:
diff --git a/charts/managed-identity-wallet/templates/psql-pv.yaml b/charts/managed-identity-wallet/templates/psql-pv.yaml
new file mode 100644
index 00000000..828a4e87
--- /dev/null
+++ b/charts/managed-identity-wallet/templates/psql-pv.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: postgres-seed-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: standard
\ No newline at end of file
diff --git a/charts/managed-identity-wallet/templates/vcrs-configmap.yaml b/charts/managed-identity-wallet/templates/vcrs-configmap.yaml
new file mode 100644
index 00000000..bf07ec84
--- /dev/null
+++ b/charts/managed-identity-wallet/templates/vcrs-configmap.yaml
@@ -0,0 +1,27 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "verifiable-credential-revocation-service.fullname" . }}
+data:
+  {{- range $key, $val := .Values.vcrs.env }}
+  {{ $key }}: {{ $val | quote }}
+  {{- end}}
\ No newline at end of file
diff --git a/charts/managed-identity-wallet/templates/vcrs-deployment.yaml b/charts/managed-identity-wallet/templates/vcrs-deployment.yaml
new file mode 100644
index 00000000..95db61ce
--- /dev/null
+++ b/charts/managed-identity-wallet/templates/vcrs-deployment.yaml
@@ -0,0 +1,83 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "verifiable-credential-revocation-service.fullname" . }}
+  labels:
+    {{- include "verifiable-credential-revocation-service.labels" . | nindent 4 }}
+spec:
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 0
+      maxSurge: 1
+  selector:
+    matchLabels:
+      {{- include "verifiable-credential-revocation-service.selectorLabels" . | nindent 6 }}
+  replicas: {{ .Values.vcrs.replicaCount }}
+  revisionHistoryLimit: 2
+  template:
+    metadata:
+      labels:
+        {{- include "verifiable-credential-revocation-service.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+        - name: {{ include "verifiable-credential-revocation-service.fullname" . }}
+          image: {{ .Values.vcrs.image.repository }}:{{ default .Chart.AppVersion .Values.vcrs.image.tag }}
+          imagePullPolicy: {{ .Values.vcrs.image.pullPolicy }}
+          resources:
+            {{- toYaml .Values.vcrs.resources | nindent 12 }}
+          envFrom:
+            - secretRef:
+                name: {{ .Values.vcrs.secretName }}
+            - configMapRef:
+                name: {{ .Values.vcrs.configName }}
+          {{- with .Values.vcrs.livenessProbe }}
+          {{- if .enabled }}
+          ports:
+            - name: http
+              containerPort: 8081
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /actuator/health/liveness
+              port: 8081
+              scheme: HTTP
+            failureThreshold: {{ .failureThreshold }}
+            initialDelaySeconds: {{ .initialDelaySeconds }}
+            periodSeconds: {{ .periodSeconds }}
+            timeoutSeconds: {{ .timeoutSeconds }}
+          {{- end }}
+          {{- end }}
+          {{- with .Values.vcrs.readinessProbe }}
+          {{- if .enabled }}
+          readinessProbe:
+            httpGet:
+              path: /actuator/health/readiness
+              port: 8081
+              scheme: HTTP
+            failureThreshold: {{ .failureThreshold }}
+            initialDelaySeconds: {{ .initialDelaySeconds }}
+            periodSeconds: {{ .periodSeconds }}
+            successThreshold: {{ .successThreshold }}
+            timeoutSeconds: {{ .timeoutSeconds }}
+          {{- end }}
+          {{- end }}
\ No newline at end of file
diff --git a/charts/managed-identity-wallet/templates/vcrs-ingress.yaml b/charts/managed-identity-wallet/templates/vcrs-ingress.yaml
new file mode 100644
index 00000000..0f36912b
--- /dev/null
+++ b/charts/managed-identity-wallet/templates/vcrs-ingress.yaml
@@ -0,0 +1,80 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+{{- if .Values.vcrs.ingress.enabled -}}
+{{- $fullName := include "verifiable-credential-revocation-service.fullname" . -}}
+{{- $svcPort := .Values.vcrs.ingress.service.port -}}
+{{- if and .Values.ingress.vcrs.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.vcrs.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.vcrs.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.vcrs.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "verifiable-credential-revocation-service.labels" . | nindent 4 }}
+  {{- with .Values.ingress.vcrs.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.vcrs.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.vcrs.className }}
+  {{- end }}
+  {{- if .Values.ingress.vcrs.tls }}
+  tls:
+    {{- range .Values.ingress.vcrs.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.vcrs.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .pathType }}
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+              {{- else }}
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+              {{- end }}
+          {{- end }}
+    {{- end }}
+{{- end }}
diff --git a/charts/managed-identity-wallet/templates/vcrs-secrets.yaml b/charts/managed-identity-wallet/templates/vcrs-secrets.yaml
new file mode 100644
index 00000000..82f8d7fd
--- /dev/null
+++ b/charts/managed-identity-wallet/templates/vcrs-secrets.yaml
@@ -0,0 +1,27 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "verifiable-credential-revocation-service.fullname" . }}
+type: Opaque
+data:
+  {{- range $key, $val := .Values.vcrs.secrets }}
+  {{ $key }}: {{ $val | b64enc }}
+  {{- end}}
diff --git a/charts/managed-identity-wallet/templates/vcrs-service.yaml b/charts/managed-identity-wallet/templates/vcrs-service.yaml
new file mode 100644
index 00000000..15412d48
--- /dev/null
+++ b/charts/managed-identity-wallet/templates/vcrs-service.yaml
@@ -0,0 +1,32 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "verifiable-credential-revocation-service.fullname" . }}
+spec:
+  type: {{ .Values.vcrs.ingress.service.type }}
+  ports:
+    - port: {{ .Values.vcrs.ingress.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "verifiable-credential-revocation-service.selectorLabels" . | nindent 4 }}
\ No newline at end of file
diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml
index 0b87fe37..8f627ff0 100644
--- a/charts/managed-identity-wallet/values.yaml
+++ b/charts/managed-identity-wallet/values.yaml
@@ -1,30 +1,30 @@
-# /********************************************************************************
-# * Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
-# *
-# * See the NOTICE file(s) distributed with this work for additional
-# * information regarding copyright ownership.
-# *
-# * This program and the accompanying materials are made available under the
-# * terms of the Apache License, Version 2.0 which is available at
-# * https://www.apache.org/licenses/LICENSE-2.0.
-# *
-# * Unless required by applicable law or agreed to in writing, software
-# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# * License for the specific language governing permissions and limitations
-# * under the License.
-# *
-# * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************/
-
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+#
+# ----------------------------------------------- Values for Managed Identity Wallet ----------------------------------------------- #
+#
 # -- The amount of replicas to run
 replicaCount: 1
-
 # -- String to partially override common.names.fullname template (will maintain the release name)
 nameOverride: ""
 # -- String to fully override common.names.fullname template
 fullnameOverride: ""
-
 image:
   # -- Image repository
   repository: tractusx/managed-identity-wallet
@@ -32,14 +32,11 @@ image:
   pullPolicy: Always
   # -- Image tag (empty one will use "appVersion" value from chart definition)
   tag: ""
-
-
+imagePullSecrets: []
 # --  Parameters for the application (will be stored as secrets - so, for passwords, ...)
 secrets: {}
-
 # -- envs Parameters for the application (will be provided as environment variables)
 envs: {}
-
 serviceAccount:
   # -- Enable creation of ServiceAccount
   create: true
@@ -47,13 +44,12 @@ serviceAccount:
   annotations: {}
   # -- The name of the ServiceAccount to use.
   name: ""
-
 service:
   # -- Kubernetes Service type
   type: ClusterIP
   # -- Kubernetes Service port
   port: 8080
-
+# -- Ingress Configuration
 ingress:
   # -- Enable ingress controller resource
   enabled: false
@@ -70,10 +66,10 @@ ingress:
   #  - secretName: chart-example-tls
   #    hosts:
   #      - chart-example.local
-
-# -- PodSecurityContext
+  className: nginx
+# -- Pod security configurations
 podSecurityContext: {}
-
+# -- Pod security parameters
 securityContext:
   # -- Enable privileged container
   privileged: false
@@ -85,35 +81,8 @@ securityContext:
   runAsGroup: 11111
   # -- Enable to run the container as a non-root user
   runAsNonRoot: true
-
-# -- Kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
-livenessProbe:
-  # -- Enables/Disables the livenessProbe at all
-  enabled: true
-  # -- When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container.
-  failureThreshold: 3
-  # -- Number of seconds after the container has started before readiness probe are initiated.
-  initialDelaySeconds: 20
-  # -- Number of seconds after which the probe times out.
-  timeoutSeconds: 15
-  # -- How often (in seconds) to perform the probe
-  periodSeconds: 5
-
-# -- Kubernetes [readiness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
-readinessProbe:
-  # -- Enables/Disables the readinessProbe at all
-  enabled: true
-  # -- When a probe fails, Kubernetes will try failureThreshold times before giving up. In case of readiness probe the Pod will be marked Unready.
-  failureThreshold: 3
-  # -- Number of seconds after the container has started before readiness probe are initiated.
-  initialDelaySeconds: 30
-  # -- How often (in seconds) to perform the probe
-  periodSeconds: 5
-  # -- Minimum consecutive successes for the probe to be considered successful after having failed.
-  successThreshold: 1
-  # -- Number of seconds after which the probe times out.
-  timeoutSeconds: 5
-
+  # # -- Filesystem group ID
+  # fsGroup: 1001
 resources:
   requests:
     # -- CPU resource requests
@@ -125,38 +94,29 @@ resources:
     cpu: 2
     # -- Memory resource limits
     memory: 1Gi
-
 # -- NodeSelector configuration
 nodeSelector:
   "kubernetes.io/os": linux
-
 # -- Tolerations configuration
 tolerations: []
-
 # -- Affinity configuration
 affinity: {}
-
 # -- PodAnnotation configuration
 podAnnotations: {}
-
 # -- add initContainers to the miw deployment
 initContainers: []
-
 networkPolicy:
   # -- If `true` network policy will be created to restrict access to managed-identity-wallet
   enabled: false
   # -- Specify from rule network policy for miw (defaults to all namespaces)
   from:
-  - namespaceSelector: {}
-
+    - namespaceSelector: {}
 # -- add volumes to the miw deployment
 extraVolumes: []
-
-# -- add volume mounts to the miw deployment
 extraVolumeMounts: []
-
-## @section Managed Identity Wallet Primary Parameters
-##
+#
+# -----------------------------------------------MIW----------------------------------------------- #
+#
 miw:
   ## @param miw.host Host name
   ## @param miw.logging.level Log level. Should be ether ERROR, WARN, INFO, DEBUG, or TRACE.
@@ -184,15 +144,16 @@ miw:
     # -- Database port
     port: 5432
     # -- Database host
-    host: "{{ .Release.Name }}-postgresql"
+    host: "managed-identity-wallet-postgresql"
     # -- Database user
     user: "miw"
     # -- Database name
     name: "miw_app"
     # -- Existing secret name for the database password
-    secret: "{{ .Release.Name }}-postgresql"
+    secret: "managed-identity-wallet-postgresql"
     # -- Existing secret key for the database password
     secretPasswordKey: "password"
+    # -- Password encryption configuratons
     encryptionKey:
       # -- Database encryption key for confidential data.  Ignored if `secret` is set. If empty a secret with 32 random alphanumeric chars is generated.
       value: ""
@@ -207,32 +168,71 @@ miw:
     clientId: "miw_private_client"
     # -- Keycloak URL
     url: "http://{{ .Release.Name }}-keycloak"
-
-# For more information on how to configure the Keycloak chart see https://github.com/bitnami/charts/tree/main/bitnami/keycloak.
+  # -- Kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
+  livenessProbe:
+    # -- Enables/Disables the livenessProbe at all
+    enabled: true
+    # -- When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container.
+    failureThreshold: 3
+    # -- Number of seconds after the container has started before readiness probe are initiated.
+    initialDelaySeconds: 20
+    # -- Number of seconds after which the probe times out.
+    timeoutSeconds: 15
+    # -- How often (in seconds) to perform the probe
+    periodSeconds: 5
+  # -- Kubernetes [readiness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
+  readinessProbe:
+    # -- Enables/Disables the readinessProbe at all
+    enabled: true
+    # -- When a probe fails, Kubernetes will try failureThreshold times before giving up. In case of readiness probe the Pod will be marked Unready.
+    failureThreshold: 3
+    # -- Number of seconds after the container has started before readiness probe are initiated.
+    initialDelaySeconds: 30
+    # -- How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # -- Minimum consecutive successes for the probe to be considered successful after having failed.
+    successThreshold: 1
+    # -- Number of seconds after which the probe times out.
+    timeoutSeconds: 5
+    # For more information on how to configure the Keycloak chart see https://github.com/bitnami/charts/tree/main/bitnami/keycloak.
+# ----------------------------------------------- KEYCLOAK ----------------------------------------------- #
 keycloak:
   # -- Enable to deploy Keycloak
   enabled: true
   # -- Extra environment variables
   extraEnvVars: []
-  #    - name: KEYCLOAK_HOSTNAME
-  #      value: "{{ .Release.Name }}-keycloak"
+  #  - name: KEYCLOAK_HOSTNAME
+  #    value: "keycloak"
   postgresql:
     # -- Name of the PostgreSQL chart to deploy. Mandatory when the MIW deploys a PostgreSQL chart, too.
     nameOverride: "keycloak-postgresql"
     # -- Enable to deploy PostgreSQL
     enabled: true
     auth:
-      # -- Keycloak PostgreSQL user
+      # -- Postgresql admin user password
       username: "miw_keycloak"
       # -- KeycloakPostgresql password to set (if empty one is generated)
-      password: ""
+      password: "adminpass"
       # -- Database name
       database: "miw_keycloak"
+    volumePermissions:
+      enabled: true
   ingress:
+    # -- Enable ingress controller resource
     enabled: false
+    # -- Ingress annotations
     annotations: {}
+    # -- Ingress accepted hostnames
     hosts: []
+    #   - host: chart-example.local
+    #     paths:
+    #       - path: /
+    #         pathType: Prefix
+    # -- Ingress TLS configuration
     tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
   auth:
     # -- Keycloak admin user
     adminUser: "admin"
@@ -245,28 +245,53 @@ keycloak:
     existingConfigmap: keycloak-realm-config
     # -- Number of retries before considering a Job as failed
     backoffLimit: 2
-
+# ----------------------------------------------- POSTGRESQL ----------------------------------------------- #
 # For more information on how to configure the PostgreSQL chart see https://github.com/bitnami/charts/tree/main/bitnami/postgresql.
 postgresql:
   # -- Enable to deploy Postgresql
   enabled: true
+  image:
+    tag: "16-debian-12"
+    # -- Debug logs
+    debug: true
   auth:
     # -- Enable postgresql admin user
-    enablePostgresUser: false
+    enablePostgresUser: true
     # -- Postgresql admin user password
-    postgresPassword: ""
+    postgresPassword: "adminpass"
     # -- Postgresql user to create
     username: "miw"
     # -- Postgresql password to set (if empty one is generated)
-    password: ""
+    password: "adminpass"
     # -- Postgresql database to create
     database: "miw_app"
+    # -- Creating a new database for VCRS application (Edit the DB configurations as required in configmap)
+  primary:
+    extraVolumes:
+      - name: postgres-seed
+        persistentVolumeClaim:
+          claimName: postgres-seed-pvc
+    extraVolumeMounts:
+      - mountPath: /docker-entrypoint-initdb.d/seed
+        name: postgres-seed
+    initdb:
+      user: "postgres"
+      password: "adminpass"
+      scripts:
+        init.sql: |
+          CREATE DATABASE vcrs_app;
+          CREATE USER vcrs WITH ENCRYPTED PASSWORD 'adminpass';
+          GRANT ALL PRIVILEGES ON DATABASE vcrs_app TO vcrs;
+          \c vcrs_app
+          GRANT ALL ON SCHEMA public TO vcrs;
   backup:
     # -- Enable to create a backup cronjob
     enabled: false
+    #Cronjob Configuration
     cronjob:
       # -- Backup schedule
       schedule: "* */6 * * *"
+      # Backup Storage configuration
       storage:
         # -- Name of an existing PVC to use
         existingClaim: ""
@@ -274,7 +299,9 @@ postgresql:
         resourcePolicy: "keep"
         # -- PVC Storage Request for the backup data volume
         size: "8Gi"
-
+  volumePermissions:
+    enabled: true
+# ----------------------------------------------- PGADMIN ----------------------------------------------- #
 # For more information on how to configure the pgadmin chart see https://artifacthub.io/packages/helm/runix/pgadmin4.
 # (Here we're using a stripped-down version of the pgadmin chart, to just )
 pgadmin4:
@@ -318,3 +345,138 @@ pgadmin4:
       subPath: servers.json
       mountPath: "/pgadmin4/servers.json"
       readOnly: true
+#
+# ----------------------------------------------- Values for Verifiable Credential Revocation Service application ----------------------------------------------- #
+#
+vcrs:
+  replicaCount: 1
+  # -- Revocation application configuration
+  host: localhost
+  # -- The configmap name
+  nameOverride: "verifiable-credential-revocation-service"
+  # -- String to partially override common.names.fullname template (will maintain the release name)
+  fullnameOverride: "verifiable-credential-revocation-service"
+  # -- ConfigMap Name 
+  configName: "verifiable-credential-revocation-service-config"
+  # -- The Service name
+  serviceName: "verifiable-credential-revocation-service"
+  # -- The Secret name
+  secretName: "verifiable-credential-revocation-service-secret"
+  image:
+    # -- Image repository
+    repository: public.ecr.aws/w6s7t8e0/tractusx/verifiable-credential-revocation-service
+    # -- PullPolicy
+    pullPolicy: IfNotPresent
+    # -- Image tag (empty one will use "appVersion" value from chart definition)
+    tag: "latest"
+  env:
+    # -- The application name
+    APPLICATION_NAME: verifiable-credential-revocation-service
+    # -- The application port
+    APPLICATION_PORT: 8081
+    # -- The application profile
+    APPLICATION_PROFILE: local
+    # -- The Database Host
+    DATABASE_HOST: managed-identity-wallet-postgresql
+    # -- The Database Port
+    DATABASE_PORT: 5432
+    # -- The Database Name
+    DATABASE_NAME: vcrs_app
+    # -- The Database SSL 
+    DATABASE_USE_SSL_COMMUNICATION: false
+    # -- The Database Name
+    DATABASE_USERNAME: vcrs
+    # -- The Database connection pool size
+    DATABASE_CONNECTION_POOL_SIZE: 10
+    # -- Swagger UI config
+    ENABLE_SWAGGER_UI: true
+    # -- Swagger Api Doc
+    ENABLE_API_DOC: true
+    # -- The application log level
+    APPLICATION_LOG_LEVEL: DEBUG
+    # Enable application security
+    SERVICE_SECURITY_ENABLED: true
+    # -- KeyClocak Configurations
+    KEYCLOAK_REALM: miw_test
+    # -- ClientID Config 
+    KEYCLOAK_CLIENT_ID: miw_private_client
+    # -- ClientID Config
+    KEYCLOAK_PUBLIC_CLIENT_ID: miw_public_client
+    # -- Auth URL for Keycloak
+    AUTH_SERVER_URL: "http://{{ .Release.Name }}-keycloak"
+    # -- Revocation application configuration
+    MIW_URL: https://a888-203-129-213-107.ngrok-free.app
+    VC_SCHEMA_LINK: https://www.w3.org/2018/credentials/v1, https://cofinity-x.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json
+    DOMAIN_URL: https://977d-203-129-213-107.ngrok-free.app
+    # Application logging configurations
+    APP_LOG_LEVEL: INFO
+  secrets:
+    # -- The Database Password
+    DATABASE_PASSWORD: "adminpass"
+  resources:
+    requests:
+      # -- CPU resource requests
+      cpu: 250m
+      # -- Memory resource requests
+      memory: 512Mi
+    limits:
+      # -- CPU resource limits
+      cpu: 500m
+      # -- Memory resource limits
+      memory: 1Gi
+  # -- Kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
+  livenessProbe:
+    # -- Enables/Disables the livenessProbe at all
+    enabled: true
+    # -- When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container.
+    failureThreshold: 5
+    # -- Number of seconds after the container has started before readiness probes are initiated.
+    initialDelaySeconds: 60
+    # -- Number of seconds after which the probe times out.
+    timeoutSeconds: 30
+    # -- How often (in seconds) to perform the probe
+    periodSeconds: 15
+    # -- Kubernetes [readiness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
+  readinessProbe:
+    # -- Enables/Disables the readinessProbe at all
+    enabled: true
+    # -- When a probe fails, Kubernetes will try failureThreshold times before giving up. In case of readiness probe the Pod will be marked Unready.
+    failureThreshold: 5
+    # -- Number of seconds after the container has started before readiness probe are initiated.
+    initialDelaySeconds: 60
+    # -- How often (in seconds) to perform the probe
+    periodSeconds: 15
+    # -- Minimum consecutive successes for the probe to be considered successful after having failed.
+    successThreshold: 1
+    # -- Number of seconds after which the probe times out.
+    timeoutSeconds: 15
+    # -- ingress configuration
+  ingressName: "verifiable-credential-revocation-service-ingress"
+  ingress:
+    enabled: false
+    className: ""
+    annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    hosts:
+      - host: chart-example.local
+        paths:
+          - path: /
+            pathType: ImplementationSpecific
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+    service:
+      # -- Kubernetes Service type
+      type: ClusterIP
+      # -- Kubernetes Service port
+      port: 8081
+  database:
+    encryptionKey:
+      # -- Database encryption key for confidential data.  Ignored if `secret` is set. If empty a secret with 32 random alphanumeric chars is generated.
+      value: ""
+      # -- Existing secret for database encryption key
+      secret: ""
+      # -- Existing secret key for database encryption key
+      secretKey: ""

From 82c399da6b57562c57774a13cbdb59484eaec4d3 Mon Sep 17 00:00:00 2001
From: rohit-smartsensesolutions <rohit.solanki@smartsensesolutions.com>
Date: Fri, 23 Aug 2024 10:29:36 +0530
Subject: [PATCH 30/48] docs: code changes reverted

---
 charts/managed-identity-wallet/Chart.lock     | 28 +++++-----
 charts/managed-identity-wallet/Chart.yaml     |  8 +--
 charts/managed-identity-wallet/README.md      |  2 +
 .../templates/miw-deployment.yaml             |  4 +-
 .../templates/miw-ingress.yaml                |  4 +-
 .../templates/miw-secret.yaml                 |  4 +-
 .../templates/miw-service.yaml                |  4 +-
 .../templates/networkpolicy.yaml              |  7 +--
 .../templates/pgAdmin-server-definitions.yaml |  2 +-
 .../templates/psql-pv.yaml                    | 19 +++++++
 .../templates/serviceaccount.yaml             | 36 ++++++-------
 .../templates/vcrs-ingress.yaml               | 29 +++++-----
 charts/managed-identity-wallet/values.yaml    | 53 +++++++++----------
 13 files changed, 110 insertions(+), 90 deletions(-)

diff --git a/charts/managed-identity-wallet/Chart.lock b/charts/managed-identity-wallet/Chart.lock
index 5f15f8b4..2fd40018 100644
--- a/charts/managed-identity-wallet/Chart.lock
+++ b/charts/managed-identity-wallet/Chart.lock
@@ -1,15 +1,15 @@
 dependencies:
-  - name: keycloak
-    repository: https://charts.bitnami.com/bitnami
-    version: 22.1.0
-  - name: common
-    repository: https://charts.bitnami.com/bitnami
-    version: 2.13.3
-  - name: postgresql
-    repository: https://charts.bitnami.com/bitnami
-    version: 11.9.13
-  - name: pgadmin4
-    repository: file://charts/pgadmin4
-    version: 1.19.0
-digest: sha256:fb94864221b4fed31894b48ac56b72a2324da0dc1cb1d6888cc52c3490685df7
-generated: "2023-12-15T10:30:41.880265+01:00"
+- name: keycloak
+  repository: https://charts.bitnami.com/bitnami
+  version: 15.1.6
+- name: common
+  repository: https://charts.bitnami.com/bitnami
+  version: 2.22.0
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 11.9.13
+- name: pgadmin4
+  repository: file://charts/pgadmin4
+  version: 1.19.0
+digest: sha256:886b90f763f2320a1601e15b06264065a764f51fc34d592c0f0a08bd76f01635
+generated: "2024-08-22T18:04:25.649769241+05:30"
diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml
index d782405a..809b7a64 100644
--- a/charts/managed-identity-wallet/Chart.yaml
+++ b/charts/managed-identity-wallet/Chart.yaml
@@ -27,7 +27,6 @@ type: application
 version: 1.0.0-develop.4
 appVersion: 1.0.0-develop.4
 
-home: https://github.com/eclipse-tractusx/managed-identity-wallet
 keywords:
   - Managed Identity Wallet
   - eclipse-tractusx
@@ -39,7 +38,7 @@ maintainers:
     url: https://github.com/DominikPinsel
 dependencies:
   - name: keycloak
-    version: 22.1.0
+    version: 15.1.6
     repository: https://charts.bitnami.com/bitnami
     condition: keycloak.enabled
   - name: common
@@ -48,10 +47,11 @@ dependencies:
       - bitnami-common
     version: 2.x.x
   - name: postgresql
-    version: "16.x.x"
+    version: 11.9.13
     repository: https://charts.bitnami.com/bitnami
     condition: postgresql.enabled
   - name: pgadmin4
-    repository: file://charts/pgadmin4
+    repository: file://charts/pgadmin4 # https://helm.runix.net
+    # License: https://github.com/rowanruseler/helm-charts/blob/main/LICENSE
     version: 1.19.0
     condition: pgadmin4.enabled
diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md
index c2ee872b..3228e7d3 100644
--- a/charts/managed-identity-wallet/README.md
+++ b/charts/managed-identity-wallet/README.md
@@ -43,6 +43,8 @@ And at the same it shall support an uninterrupted tracking and tracing and docum
 
     helm install [RELEASE_NAME] charts/managed-identity-wallet
 
+    #This will spin up the container for MIW application, VSRS application, KeyCloak and Postgresql
+
 <p align="right">(<a href="#readme-top">back to top</a>)</p>
 
 The command deploys miw on the Kubernetes cluster in the default configuration.
diff --git a/charts/managed-identity-wallet/templates/miw-deployment.yaml b/charts/managed-identity-wallet/templates/miw-deployment.yaml
index 805b6c09..0e147aa1 100644
--- a/charts/managed-identity-wallet/templates/miw-deployment.yaml
+++ b/charts/managed-identity-wallet/templates/miw-deployment.yaml
@@ -1,4 +1,4 @@
-# ********************************************************************************
+# /********************************************************************************
 # * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
 # *
 # * See the NOTICE file(s) distributed with this work for additional
@@ -15,7 +15,7 @@
 # * under the License.
 # *
 # * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************
+# ********************************************************************************/
 
 apiVersion: apps/v1
 kind: Deployment
diff --git a/charts/managed-identity-wallet/templates/miw-ingress.yaml b/charts/managed-identity-wallet/templates/miw-ingress.yaml
index afb584a8..a550fece 100644
--- a/charts/managed-identity-wallet/templates/miw-ingress.yaml
+++ b/charts/managed-identity-wallet/templates/miw-ingress.yaml
@@ -1,4 +1,4 @@
-# ********************************************************************************
+# /********************************************************************************
 # * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
 # *
 # * See the NOTICE file(s) distributed with this work for additional
@@ -15,7 +15,7 @@
 # * under the License.
 # *
 # * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************
+# ********************************************************************************/
 
 {{ if .Values.ingress.enabled -}}
 {{- $fullName := include "managed-identity-wallet.fullname" . -}}
diff --git a/charts/managed-identity-wallet/templates/miw-secret.yaml b/charts/managed-identity-wallet/templates/miw-secret.yaml
index ff3af397..832ecf87 100644
--- a/charts/managed-identity-wallet/templates/miw-secret.yaml
+++ b/charts/managed-identity-wallet/templates/miw-secret.yaml
@@ -1,4 +1,4 @@
-# ********************************************************************************
+# /********************************************************************************
 # * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
 # *
 # * See the NOTICE file(s) distributed with this work for additional
@@ -15,7 +15,7 @@
 # * under the License.
 # *
 # * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************
+# ********************************************************************************/
 
 {{ if .Values.secrets -}}
 apiVersion: v1
diff --git a/charts/managed-identity-wallet/templates/miw-service.yaml b/charts/managed-identity-wallet/templates/miw-service.yaml
index 4dd6103d..8c067a45 100644
--- a/charts/managed-identity-wallet/templates/miw-service.yaml
+++ b/charts/managed-identity-wallet/templates/miw-service.yaml
@@ -1,4 +1,4 @@
-# ********************************************************************************
+# /********************************************************************************
 # * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
 # *
 # * See the NOTICE file(s) distributed with this work for additional
@@ -15,7 +15,7 @@
 # * under the License.
 # *
 # * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************
+# ********************************************************************************/
 
 apiVersion: v1
 kind: Service
diff --git a/charts/managed-identity-wallet/templates/networkpolicy.yaml b/charts/managed-identity-wallet/templates/networkpolicy.yaml
index 7fa2a38d..425016e6 100644
--- a/charts/managed-identity-wallet/templates/networkpolicy.yaml
+++ b/charts/managed-identity-wallet/templates/networkpolicy.yaml
@@ -1,5 +1,5 @@
-# ********************************************************************************
-# * Copyright (c) 2024 Contributors to the Eclipse Foundation
+# /********************************************************************************
+# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
 # *
 # * See the NOTICE file(s) distributed with this work for additional
 # * information regarding copyright ownership.
@@ -15,7 +15,8 @@
 # * under the License.
 # *
 # * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************
+# ********************************************************************************/
+
 {{- if .Values.networkPolicy.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
diff --git a/charts/managed-identity-wallet/templates/pgAdmin-server-definitions.yaml b/charts/managed-identity-wallet/templates/pgAdmin-server-definitions.yaml
index 35117541..53fd2be4 100644
--- a/charts/managed-identity-wallet/templates/pgAdmin-server-definitions.yaml
+++ b/charts/managed-identity-wallet/templates/pgAdmin-server-definitions.yaml
@@ -21,7 +21,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: pgadmin4-server-definitions
+  name: {{ .Release.Name }}-pgadmin4-server-definitions
   labels:
     {{- include "pgadmin.labels" . | nindent 4 }}
 data:
diff --git a/charts/managed-identity-wallet/templates/psql-pv.yaml b/charts/managed-identity-wallet/templates/psql-pv.yaml
index 828a4e87..7db26605 100644
--- a/charts/managed-identity-wallet/templates/psql-pv.yaml
+++ b/charts/managed-identity-wallet/templates/psql-pv.yaml
@@ -1,3 +1,22 @@
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
diff --git a/charts/managed-identity-wallet/templates/serviceaccount.yaml b/charts/managed-identity-wallet/templates/serviceaccount.yaml
index 83a53039..f2824f59 100644
--- a/charts/managed-identity-wallet/templates/serviceaccount.yaml
+++ b/charts/managed-identity-wallet/templates/serviceaccount.yaml
@@ -1,21 +1,21 @@
-# /********************************************************************************
-# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
-# *
-# * See the NOTICE file(s) distributed with this work for additional
-# * information regarding copyright ownership.
-# *
-# * This program and the accompanying materials are made available under the
-# * terms of the Apache License, Version 2.0 which is available at
-# * https://www.apache.org/licenses/LICENSE-2.0.
-# *
-# * Unless required by applicable law or agreed to in writing, software
-# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# * License for the specific language governing permissions and limitations
-# * under the License.
-# *
-# * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************/
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
 
 {{ if .Values.serviceAccount.create -}}
 apiVersion: v1
diff --git a/charts/managed-identity-wallet/templates/vcrs-ingress.yaml b/charts/managed-identity-wallet/templates/vcrs-ingress.yaml
index 0f36912b..22e49025 100644
--- a/charts/managed-identity-wallet/templates/vcrs-ingress.yaml
+++ b/charts/managed-identity-wallet/templates/vcrs-ingress.yaml
@@ -17,12 +17,13 @@
 # SPDX-License-Identifier: Apache-2.0
 ###############################################################
 
-{{- if .Values.vcrs.ingress.enabled -}}
+
+{{ if .Values.vcrs.ingress.enabled -}}
 {{- $fullName := include "verifiable-credential-revocation-service.fullname" . -}}
-{{- $svcPort := .Values.vcrs.ingress.service.port -}}
-{{- if and .Values.ingress.vcrs.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+{{- $svcPort := .Values.service.port -}}
+{{- if and .Values.vcrs.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
   {{- if not (hasKey .Values.vcrs.ingress.annotations "kubernetes.io/ingress.class") }}
-  {{- $_ := set .Values.vcrs.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.vcrs.className}}
+  {{- $_ := set .Values.vcrs.ingress.annotations "kubernetes.io/ingress.class" .Values.vcrs.ingress.className }}
   {{- end }}
 {{- end }}
 {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
@@ -37,27 +38,27 @@ metadata:
   name: {{ $fullName }}
   labels:
     {{- include "verifiable-credential-revocation-service.labels" . | nindent 4 }}
-  {{- with .Values.ingress.vcrs.annotations }}
+  {{- with .Values.vcrs.ingress.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
-  {{- if and .Values.ingress.vcrs.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
-  ingressClassName: {{ .Values.ingress.vcrs.className }}
+  {{- if and .Values.vcrs.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.vcrs.ingress.className }}
   {{- end }}
-  {{- if .Values.ingress.vcrs.tls }}
+  {{- if .Values.vcrs.ingress.tls }}
   tls:
-    {{- range .Values.ingress.vcrs.tls }}
+    {{- range .Values.vcrs.ingress.tls }}
     - hosts:
         {{- range .hosts }}
-        - {{ . | quote }}
+        - {{ tpl . $ | quote }}
         {{- end }}
-      secretName: {{ .secretName }}
+      secretName: "{{ $fullName }}-{{ .secretName }}"
     {{- end }}
   {{- end }}
   rules:
-    {{- range .Values.ingress.vcrs.hosts }}
-    - host: {{ .host | quote }}
+    {{- range .Values.vcrs.ingress.hosts }}
+    - host: {{ tpl .host $  | quote }}
       http:
         paths:
           {{- range .paths }}
@@ -77,4 +78,4 @@ spec:
               {{- end }}
           {{- end }}
     {{- end }}
-{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml
index 8f627ff0..c2530500 100644
--- a/charts/managed-identity-wallet/values.yaml
+++ b/charts/managed-identity-wallet/values.yaml
@@ -51,22 +51,20 @@ service:
   port: 8080
 # -- Ingress Configuration
 ingress:
-  # -- Enable ingress controller resource
-  enabled: false
-  # -- Ingress annotations
-  annotations: {}
-  # -- Ingress accepted hostnames
-  hosts: []
-  #   - host: chart-example.local
-  #     paths:
-  #       - path: /
-  #         pathType: Prefix
-  # -- Ingress TLS configuration
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-  className: nginx
+  enabled: true
+  className: "nginx"
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: miw.example.org
+      paths:
+        - path: /
+          pathType: Prefix
+  tls:
+    - secretName: chart-example-tls
+      hosts:
+        - miw.example.org
 # -- Pod security configurations
 podSecurityContext: {}
 # -- Pod security parameters
@@ -451,22 +449,21 @@ vcrs:
     # -- Number of seconds after which the probe times out.
     timeoutSeconds: 15
     # -- ingress configuration
-  ingressName: "verifiable-credential-revocation-service-ingress"
   ingress:
-    enabled: false
-    className: ""
-    annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
+    enabled: true
+    className: "nginx"
+    annotations:
+      kubernetes.io/ingress.class: "nginx"
+      kubernetes.io/tls-acme: "true"
     hosts:
-      - host: chart-example.local
+      - host: vcrs.example.org
         paths:
           - path: /
-            pathType: ImplementationSpecific
-    tls: []
-    #  - secretName: chart-example-tls
-    #    hosts:
-    #      - chart-example.local
+            pathType: Prefix
+    tls:
+      - secretName: chart-example-tls
+        hosts:
+          - vcrs.example.org
     service:
       # -- Kubernetes Service type
       type: ClusterIP

From 52281f2ceb536d2518b0996e8f1f7b4d732dae25 Mon Sep 17 00:00:00 2001
From: rohit-smartsensesolutions <rohit.solanki@smartsensesolutions.com>
Date: Thu, 29 Aug 2024 10:35:24 +0530
Subject: [PATCH 31/48] docs: code changes

---
 charts/deployChart.yaml                       |  0
 charts/managed-identity-wallet/Chart.yaml     | 10 ++-
 .../templates/NOTES.txt                       |  1 +
 .../templates/vcrs-ingress.yaml               |  1 -
 .../tests/custom-values/deployment_test.yaml  |  4 +-
 .../tests/custom-values/ingress_test.yaml     |  4 +-
 .../tests/custom-values/secret_test.yaml      |  6 +-
 .../tests/default/deployment_test.yaml        | 10 +--
 .../tests/default/ingress_test.yaml           |  2 +-
 .../tests/default/service_test.yaml           |  4 +-
 charts/managed-identity-wallet/values.yaml    | 66 +++++++------------
 11 files changed, 41 insertions(+), 67 deletions(-)
 create mode 100644 charts/deployChart.yaml

diff --git a/charts/deployChart.yaml b/charts/deployChart.yaml
new file mode 100644
index 00000000..e69de29b
diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml
index 809b7a64..b21055dc 100644
--- a/charts/managed-identity-wallet/Chart.yaml
+++ b/charts/managed-identity-wallet/Chart.yaml
@@ -22,20 +22,28 @@ name: managed-identity-wallet
 description: |
   Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs.
   And at the same it shall support an uninterrupted tracking and tracing and documenting the usage of those DIDs, e.g. within logistical supply chains.
+
 type: application
 
 version: 1.0.0-develop.4
 appVersion: 1.0.0-develop.4
 
+home: https://github.com/eclipse-tractusx/managed-identity-wallet
 keywords:
   - Managed Identity Wallet
   - eclipse-tractusx
+
 sources:
   - https://github.com/eclipse-tractusx/managed-identity-wallet
+
 maintainers:
   - name: Dominik Pinsel
     email: dominik.pinsel@mercedes-benz.com
     url: https://github.com/DominikPinsel
+  - name: Rohit Solanki
+    email: rohit.solanki@smartsensesolutions.com
+    url: https://github.com/rohit-smartsensesolutions
+
 dependencies:
   - name: keycloak
     version: 15.1.6
@@ -51,7 +59,7 @@ dependencies:
     repository: https://charts.bitnami.com/bitnami
     condition: postgresql.enabled
   - name: pgadmin4
-    repository: file://charts/pgadmin4 # https://helm.runix.net
+    repository: file://charts/pgadmin4  # https://helm.runix.net
     # License: https://github.com/rowanruseler/helm-charts/blob/main/LICENSE
     version: 1.19.0
     condition: pgadmin4.enabled
diff --git a/charts/managed-identity-wallet/templates/NOTES.txt b/charts/managed-identity-wallet/templates/NOTES.txt
index 2c3e36f9..320fef15 100644
--- a/charts/managed-identity-wallet/templates/NOTES.txt
+++ b/charts/managed-identity-wallet/templates/NOTES.txt
@@ -3,6 +3,7 @@
 {{- range $host := .Values.ingress.hosts }}
   {{- range .paths }}
   http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  http{{ if $.Values.vcrs.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
   {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
diff --git a/charts/managed-identity-wallet/templates/vcrs-ingress.yaml b/charts/managed-identity-wallet/templates/vcrs-ingress.yaml
index 22e49025..b97a5eac 100644
--- a/charts/managed-identity-wallet/templates/vcrs-ingress.yaml
+++ b/charts/managed-identity-wallet/templates/vcrs-ingress.yaml
@@ -17,7 +17,6 @@
 # SPDX-License-Identifier: Apache-2.0
 ###############################################################
 
-
 {{ if .Values.vcrs.ingress.enabled -}}
 {{- $fullName := include "verifiable-credential-revocation-service.fullname" . -}}
 {{- $svcPort := .Values.service.port -}}
diff --git a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml
index e7436abc..1da5d8bc 100644
--- a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml
+++ b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml
@@ -22,7 +22,7 @@ chart:
   version: 9.9.9+test
   appVersion: 9.9.9
 templates:
-  - templates/deployment.yaml
+  - templates/miw-deployment.yaml
 tests:
   - it: should have latest image tag
     values:
@@ -31,7 +31,6 @@ tests:
       - matchRegex:
           path: spec.template.spec.containers[0].image
           pattern: .:latest
-
   - it: should have environment variables set (envs and secrets set)
     values:
       - values.yml
@@ -93,4 +92,3 @@ tests:
                 secretKeyRef:
                   key: encryption-key
                   name: RELEASE-NAME-managed-identity-wallet
-
diff --git a/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml b/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml
index ba240c6f..4513df95 100644
--- a/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml
+++ b/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml
@@ -22,7 +22,7 @@ chart:
   version: 9.9.9+test
   appVersion: 9.9.9
 templates:
-  - templates/ingress.yaml
+  - templates/miw-ingress.yaml
 values:
   - values.yml
 tests:
@@ -42,7 +42,6 @@ tests:
             app.kubernetes.io/instance: RELEASE-NAME
             app.kubernetes.io/version: "9.9.9"
             app.kubernetes.io/managed-by: Helm
-
   - it: must have rules set
     asserts:
       - isNotEmpty:
@@ -57,7 +56,6 @@ tests:
           count: 1
       - isNotEmpty:
           path: spec.rules[0].http.paths[0].path
-
   - it: must have tls set
     asserts:
       - isNotEmpty:
diff --git a/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml b/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml
index 4ca3a80b..671f82f1 100644
--- a/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml
+++ b/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml
@@ -22,7 +22,7 @@ chart:
   version: 9.9.9+test
   appVersion: 9.9.9
 templates:
-  - templates/secret.yaml
+  - templates/miw-secret.yaml
 values:
   - values.yml
 tests:
@@ -38,20 +38,16 @@ tests:
             app.kubernetes.io/instance: RELEASE-NAME
             app.kubernetes.io/version: "9.9.9"
             app.kubernetes.io/managed-by: Helm
-
   - it: must have type set to Opaque
     asserts:
       - equal:
           path: type
           value: Opaque
-
   - it: must have data set
     asserts:
       - isNotEmpty:
           path: data
-
   - it: must have values in data
     asserts:
       - exists:
           path: data.encryption-key
-
diff --git a/charts/managed-identity-wallet/tests/default/deployment_test.yaml b/charts/managed-identity-wallet/tests/default/deployment_test.yaml
index cdc11c2e..f1dc0f09 100644
--- a/charts/managed-identity-wallet/tests/default/deployment_test.yaml
+++ b/charts/managed-identity-wallet/tests/default/deployment_test.yaml
@@ -22,7 +22,7 @@ chart:
   version: 9.9.9+test
   appVersion: 9.9.9
 templates:
-  - templates/deployment.yaml
+  - templates/miw-deployment.yaml
 tests:
   - it: should have correct metadata
     asserts:
@@ -40,7 +40,6 @@ tests:
             app.kubernetes.io/instance: RELEASE-NAME
             app.kubernetes.io/version: "9.9.9"
             app.kubernetes.io/managed-by: Helm
-
   - it: should have important values set
     asserts:
       - equal:
@@ -57,14 +56,12 @@ tests:
             name: http
             containerPort: 8080
             protocol: TCP
-
   - it: should have probes set
     asserts:
       - isNotEmpty:
           path: spec.template.spec.containers[0].livenessProbe
       - isNotEmpty:
           path: spec.template.spec.containers[0].readinessProbe
-
   - it: should have resource limits set
     asserts:
       - isNotEmpty:
@@ -81,7 +78,6 @@ tests:
           path: spec.template.spec.containers[0].resources.requests.cpu
       - isNotEmpty:
           path: spec.template.spec.containers[0].resources.requests.memory
-
   - it: should have a security context
     asserts:
       - isSubset:
@@ -92,7 +88,6 @@ tests:
             runAsGroup: 11111
             runAsNonRoot: true
             runAsUser: 11111
-
   - it: should have environment variables set
     asserts:
       - isNotEmpty:
@@ -147,14 +142,12 @@ tests:
               value: "8080"
             - name: VC_EXPIRY_DATE
               value: 31-12-2024
-
   - it: should have empty values
     asserts:
       - notExists:
           path: spec.template.spec.affinity
       - notExists:
           path: spec.template.spec.tolerations
-
   - it: should have nodeSelector value set
     asserts:
       - exists:
@@ -163,7 +156,6 @@ tests:
           path: spec.template.spec.nodeSelector
           content:
             "kubernetes.io/os": linux
-
   - it: should not have "imagePullSecrets" set
     asserts:
       - notExists:
diff --git a/charts/managed-identity-wallet/tests/default/ingress_test.yaml b/charts/managed-identity-wallet/tests/default/ingress_test.yaml
index 8217e084..ceb5fac0 100644
--- a/charts/managed-identity-wallet/tests/default/ingress_test.yaml
+++ b/charts/managed-identity-wallet/tests/default/ingress_test.yaml
@@ -22,7 +22,7 @@ chart:
   version: 9.9.9+test
   appVersion: 9.9.9
 templates:
-  - templates/ingress.yaml
+  - templates/miw-ingress.yaml
 tests:
   - it: should not be available
     asserts:
diff --git a/charts/managed-identity-wallet/tests/default/service_test.yaml b/charts/managed-identity-wallet/tests/default/service_test.yaml
index a4287974..ba21c898 100644
--- a/charts/managed-identity-wallet/tests/default/service_test.yaml
+++ b/charts/managed-identity-wallet/tests/default/service_test.yaml
@@ -22,7 +22,7 @@ chart:
   version: 9.9.9+test
   appVersion: 9.9.9
 templates:
-  - templates/service.yaml
+  - templates/miw-service.yaml
 tests:
   - it: should have correct metadata
     asserts:
@@ -40,13 +40,11 @@ tests:
             app.kubernetes.io/instance: RELEASE-NAME
             app.kubernetes.io/version: "9.9.9"
             app.kubernetes.io/managed-by: Helm
-
   - it: should have type set to ClusterIP
     asserts:
       - equal:
           path: spec.type
           value: ClusterIP
-
   - it: should have ports set
     asserts:
       - contains:
diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml
index c2530500..806f704c 100644
--- a/charts/managed-identity-wallet/values.yaml
+++ b/charts/managed-identity-wallet/values.yaml
@@ -32,7 +32,6 @@ image:
   pullPolicy: Always
   # -- Image tag (empty one will use "appVersion" value from chart definition)
   tag: ""
-imagePullSecrets: []
 # --  Parameters for the application (will be stored as secrets - so, for passwords, ...)
 secrets: {}
 # -- envs Parameters for the application (will be provided as environment variables)
@@ -50,21 +49,23 @@ service:
   # -- Kubernetes Service port
   port: 8080
 # -- Ingress Configuration
+
 ingress:
-  enabled: true
-  className: "nginx"
-  annotations:
-    kubernetes.io/ingress.class: "nginx"
-    kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: miw.example.org
-      paths:
-        - path: /
-          pathType: Prefix
-  tls:
-    - secretName: chart-example-tls
-      hosts:
-        - miw.example.org
+  # -- Enable ingress controller resource
+  enabled: false
+  # -- Ingress annotations
+  annotations: {}
+  # -- Ingress accepted hostnames
+  hosts: []
+  #   - host: chart-example.local
+  #     paths:
+  #       - path: /
+  #         pathType: Prefix
+  # -- Ingress TLS configuration
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
 # -- Pod security configurations
 podSecurityContext: {}
 # -- Pod security parameters
@@ -142,13 +143,13 @@ miw:
     # -- Database port
     port: 5432
     # -- Database host
-    host: "managed-identity-wallet-postgresql"
+    host: "{{ .Release.Name }}-postgresql"
     # -- Database user
     user: "miw"
     # -- Database name
     name: "miw_app"
     # -- Existing secret name for the database password
-    secret: "managed-identity-wallet-postgresql"
+    secret: "{{ .Release.Name }}-postgresql"
     # -- Existing secret key for the database password
     secretPasswordKey: "password"
     # -- Password encryption configuratons
@@ -192,45 +193,32 @@ miw:
     successThreshold: 1
     # -- Number of seconds after which the probe times out.
     timeoutSeconds: 5
-    # For more information on how to configure the Keycloak chart see https://github.com/bitnami/charts/tree/main/bitnami/keycloak.
 # ----------------------------------------------- KEYCLOAK ----------------------------------------------- #
+# For more information on how to configure the Keycloak chart see https://github.com/bitnami/charts/tree/main/bitnami/keycloak.
 keycloak:
   # -- Enable to deploy Keycloak
   enabled: true
   # -- Extra environment variables
   extraEnvVars: []
-  #  - name: KEYCLOAK_HOSTNAME
-  #    value: "keycloak"
+  #    - name: KEYCLOAK_HOSTNAME
+  #      value: "{{ .Release.Name }}-keycloak"
   postgresql:
     # -- Name of the PostgreSQL chart to deploy. Mandatory when the MIW deploys a PostgreSQL chart, too.
     nameOverride: "keycloak-postgresql"
     # -- Enable to deploy PostgreSQL
     enabled: true
     auth:
-      # -- Postgresql admin user password
+      # -- Keycloak PostgreSQL user
       username: "miw_keycloak"
       # -- KeycloakPostgresql password to set (if empty one is generated)
-      password: "adminpass"
+      password: ""
       # -- Database name
       database: "miw_keycloak"
-    volumePermissions:
-      enabled: true
   ingress:
-    # -- Enable ingress controller resource
     enabled: false
-    # -- Ingress annotations
     annotations: {}
-    # -- Ingress accepted hostnames
     hosts: []
-    #   - host: chart-example.local
-    #     paths:
-    #       - path: /
-    #         pathType: Prefix
-    # -- Ingress TLS configuration
     tls: []
-    #  - secretName: chart-example-tls
-    #    hosts:
-    #      - chart-example.local
   auth:
     # -- Keycloak admin user
     adminUser: "admin"
@@ -248,10 +236,6 @@ keycloak:
 postgresql:
   # -- Enable to deploy Postgresql
   enabled: true
-  image:
-    tag: "16-debian-12"
-    # -- Debug logs
-    debug: true
   auth:
     # -- Enable postgresql admin user
     enablePostgresUser: true
@@ -375,7 +359,7 @@ vcrs:
     # -- The application profile
     APPLICATION_PROFILE: local
     # -- The Database Host
-    DATABASE_HOST: managed-identity-wallet-postgresql
+    DATABASE_HOST: "{{ .Release.Name }}-postgresql"
     # -- The Database Port
     DATABASE_PORT: 5432
     # -- The Database Name
@@ -450,7 +434,7 @@ vcrs:
     timeoutSeconds: 15
     # -- ingress configuration
   ingress:
-    enabled: true
+    enabled: false
     className: "nginx"
     annotations:
       kubernetes.io/ingress.class: "nginx"

From c0c202fb27120fda1cab293cceea58551322cae9 Mon Sep 17 00:00:00 2001
From: rohit-smartsensesolutions <rohit.solanki@smartsensesolutions.com>
Date: Thu, 5 Sep 2024 12:27:06 +0530
Subject: [PATCH 32/48] docs: copyright header and README file modification

---
 charts/deployChart.yaml                       |  0
 charts/managed-identity-wallet/Chart.yaml     | 36 +++++++++----------
 charts/managed-identity-wallet/README.md      |  8 ++---
 .../templates/miw-deployment.yaml             | 36 +++++++++----------
 .../tests/custom-values/deployment_test.yaml  | 36 +++++++++----------
 .../tests/custom-values/ingress_test.yaml     | 36 +++++++++----------
 .../tests/custom-values/secret_test.yaml      | 36 +++++++++----------
 .../tests/default/deployment_test.yaml        | 36 +++++++++----------
 .../tests/default/ingress_test.yaml           | 36 +++++++++----------
 .../tests/default/service_test.yaml           | 36 +++++++++----------
 charts/managed-identity-wallet/values.yaml    |  3 +-
 11 files changed, 150 insertions(+), 149 deletions(-)
 delete mode 100644 charts/deployChart.yaml

diff --git a/charts/deployChart.yaml b/charts/deployChart.yaml
deleted file mode 100644
index e69de29b..00000000
diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml
index b21055dc..9e31ac68 100644
--- a/charts/managed-identity-wallet/Chart.yaml
+++ b/charts/managed-identity-wallet/Chart.yaml
@@ -1,21 +1,21 @@
-# /********************************************************************************
-# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
-# *
-# * See the NOTICE file(s) distributed with this work for additional
-# * information regarding copyright ownership.
-# *
-# * This program and the accompanying materials are made available under the
-# * terms of the Apache License, Version 2.0 which is available at
-# * https://www.apache.org/licenses/LICENSE-2.0.
-# *
-# * Unless required by applicable law or agreed to in writing, software
-# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# * License for the specific language governing permissions and limitations
-# * under the License.
-# *
-# * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************/
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
 
 apiVersion: v2
 name: managed-identity-wallet
diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md
index 3228e7d3..fb5ba79c 100644
--- a/charts/managed-identity-wallet/README.md
+++ b/charts/managed-identity-wallet/README.md
@@ -43,7 +43,7 @@ And at the same it shall support an uninterrupted tracking and tracing and docum
 
     helm install [RELEASE_NAME] charts/managed-identity-wallet
 
-    #This will spin up the container for MIW application, VSRS application, KeyCloak and Postgresql
+    #This will spin up the container for Managed Identity Wallet application, Verifiable Credential Revocation Service application, Keycloak and Postgresql
 
 <p align="right">(<a href="#readme-top">back to top</a>)</p>
 
@@ -194,9 +194,9 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document
 | serviceAccount.name                              | string | `""`                                                                                                                       | The name of the ServiceAccount to use.                                                                                                                                              |
 | tolerations                                      | list   | `[]`                                                                                                                       | Tolerations configuration                                                                                                                                                           |
 | vcrs.replicaCount                                | int    | `1`                                                                                                                        | Number of replicas to run                                                                                                                                                           |
-| vcrs.url                                         | string | `"https://a888-203-129-213-107.ngrok-free.app"`                                                                            | Application URL                                                                                                                                                                     |
-| vcrs.vcContexts                                  | string | `"https://www.w3.org/2018/credentials/v1, https://cofinity-x.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json"` | App VC context                                                                                                                                                                      |
-| vcrs.domain.url                                  | string | `"https://977d-203-129-213-107.ngrok-free.app"`                                                                            | App domain                                                                                                                                                                          |
+| vcrs.url                                         | string | `"https://example.com"`                                                                            | Application URL                                                                                                                                                                     |
+| vcrs.vcContexts                                  | string | `"https://www.w3.org/2018/credentials/v1, https://w3id.org/vc/status-list/2021/v1"` | App VC context                                                                                                                                                                      |
+| vcrs.domain.url                                  | string | `"https://example.com"`                                                                            | App domain                                                                                                                                                                          |
 | vcrs.domain.host                                 | string | `"localhost"`                                                                                                              | The application name                                                                                                                                                                |
 | vcrs.appName                                     | string | `"verifiable-credential-revocation-service"`                                                                               | The configmap name                                                                                                                                                                  |
 | vcrs.appPort                                     | string | `"8081"`                                                                                                                   | The application port                                                                                                                                                                |
diff --git a/charts/managed-identity-wallet/templates/miw-deployment.yaml b/charts/managed-identity-wallet/templates/miw-deployment.yaml
index 0e147aa1..bb740127 100644
--- a/charts/managed-identity-wallet/templates/miw-deployment.yaml
+++ b/charts/managed-identity-wallet/templates/miw-deployment.yaml
@@ -1,21 +1,21 @@
-# /********************************************************************************
-# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
-# *
-# * See the NOTICE file(s) distributed with this work for additional
-# * information regarding copyright ownership.
-# *
-# * This program and the accompanying materials are made available under the
-# * terms of the Apache License, Version 2.0 which is available at
-# * https://www.apache.org/licenses/LICENSE-2.0.
-# *
-# * Unless required by applicable law or agreed to in writing, software
-# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# * License for the specific language governing permissions and limitations
-# * under the License.
-# *
-# * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************/
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
 
 apiVersion: apps/v1
 kind: Deployment
diff --git a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml
index 1da5d8bc..029f0e0a 100644
--- a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml
+++ b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml
@@ -1,21 +1,21 @@
-# /********************************************************************************
-# * Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
-# *
-# * See the NOTICE file(s) distributed with this work for additional
-# * information regarding copyright ownership.
-# *
-# * This program and the accompanying materials are made available under the
-# * terms of the Apache License, Version 2.0 which is available at
-# * https://www.apache.org/licenses/LICENSE-2.0.
-# *
-# * Unless required by applicable law or agreed to in writing, software
-# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# * License for the specific language governing permissions and limitations
-# * under the License.
-# *
-# * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************/
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
 
 suite: test custom-values deployment
 chart:
diff --git a/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml b/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml
index 4513df95..1887e72b 100644
--- a/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml
+++ b/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml
@@ -1,21 +1,21 @@
-# /********************************************************************************
-# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
-# *
-# * See the NOTICE file(s) distributed with this work for additional
-# * information regarding copyright ownership.
-# *
-# * This program and the accompanying materials are made available under the
-# * terms of the Apache License, Version 2.0 which is available at
-# * https://www.apache.org/licenses/LICENSE-2.0.
-# *
-# * Unless required by applicable law or agreed to in writing, software
-# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# * License for the specific language governing permissions and limitations
-# * under the License.
-# *
-# * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************/
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
 
 suite: test custom-values ingress
 chart:
diff --git a/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml b/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml
index 671f82f1..5f99bc2c 100644
--- a/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml
+++ b/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml
@@ -1,21 +1,21 @@
-# /********************************************************************************
-# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
-# *
-# * See the NOTICE file(s) distributed with this work for additional
-# * information regarding copyright ownership.
-# *
-# * This program and the accompanying materials are made available under the
-# * terms of the Apache License, Version 2.0 which is available at
-# * https://www.apache.org/licenses/LICENSE-2.0.
-# *
-# * Unless required by applicable law or agreed to in writing, software
-# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# * License for the specific language governing permissions and limitations
-# * under the License.
-# *
-# * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************/
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
 
 suite: test custom-values secret
 chart:
diff --git a/charts/managed-identity-wallet/tests/default/deployment_test.yaml b/charts/managed-identity-wallet/tests/default/deployment_test.yaml
index f1dc0f09..1e2d3d0b 100644
--- a/charts/managed-identity-wallet/tests/default/deployment_test.yaml
+++ b/charts/managed-identity-wallet/tests/default/deployment_test.yaml
@@ -1,21 +1,21 @@
-# /********************************************************************************
-# * Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
-# *
-# * See the NOTICE file(s) distributed with this work for additional
-# * information regarding copyright ownership.
-# *
-# * This program and the accompanying materials are made available under the
-# * terms of the Apache License, Version 2.0 which is available at
-# * https://www.apache.org/licenses/LICENSE-2.0.
-# *
-# * Unless required by applicable law or agreed to in writing, software
-# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# * License for the specific language governing permissions and limitations
-# * under the License.
-# *
-# * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************/
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
 
 suite: test default deployment
 chart:
diff --git a/charts/managed-identity-wallet/tests/default/ingress_test.yaml b/charts/managed-identity-wallet/tests/default/ingress_test.yaml
index ceb5fac0..02e2735d 100644
--- a/charts/managed-identity-wallet/tests/default/ingress_test.yaml
+++ b/charts/managed-identity-wallet/tests/default/ingress_test.yaml
@@ -1,21 +1,21 @@
-# /********************************************************************************
-# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
-# *
-# * See the NOTICE file(s) distributed with this work for additional
-# * information regarding copyright ownership.
-# *
-# * This program and the accompanying materials are made available under the
-# * terms of the Apache License, Version 2.0 which is available at
-# * https://www.apache.org/licenses/LICENSE-2.0.
-# *
-# * Unless required by applicable law or agreed to in writing, software
-# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# * License for the specific language governing permissions and limitations
-# * under the License.
-# *
-# * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************/
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
 
 suite: test default ingress
 chart:
diff --git a/charts/managed-identity-wallet/tests/default/service_test.yaml b/charts/managed-identity-wallet/tests/default/service_test.yaml
index ba21c898..34f72998 100644
--- a/charts/managed-identity-wallet/tests/default/service_test.yaml
+++ b/charts/managed-identity-wallet/tests/default/service_test.yaml
@@ -1,21 +1,21 @@
-# /********************************************************************************
-# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
-# *
-# * See the NOTICE file(s) distributed with this work for additional
-# * information regarding copyright ownership.
-# *
-# * This program and the accompanying materials are made available under the
-# * terms of the Apache License, Version 2.0 which is available at
-# * https://www.apache.org/licenses/LICENSE-2.0.
-# *
-# * Unless required by applicable law or agreed to in writing, software
-# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# * License for the specific language governing permissions and limitations
-# * under the License.
-# *
-# * SPDX-License-Identifier: Apache-2.0
-# ********************************************************************************/
+###############################################################
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
 
 suite: test default service
 chart:
diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml
index 806f704c..327e51b1 100644
--- a/charts/managed-identity-wallet/values.yaml
+++ b/charts/managed-identity-wallet/values.yaml
@@ -48,8 +48,9 @@ service:
   type: ClusterIP
   # -- Kubernetes Service port
   port: 8080
+# -- Image pull secrets
+imagePullSecrets: []
 # -- Ingress Configuration
-
 ingress:
   # -- Enable ingress controller resource
   enabled: false

From 643493df5b862bbc1a86b30360706180d78aa19e Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Thu, 5 Sep 2024 15:11:54 +0530
Subject: [PATCH 33/48] fix: sonar issues

---
 .../identityminustrust/TokenRequestTest.java  |  4 +-
 .../utils/TestUtils.java                      |  3 +-
 .../services/RevocationService.java           |  2 +-
 .../VerifiableCredentialValidator.java        |  2 +-
 .../revocation/config/MIWSettingsTest.java    |  3 +-
 .../CustomAuthenticationConverterTest.java    | 14 ------
 .../RevocationApiControllerTest.java          | 25 ++---------
 .../dto/CredentialStatusDtoTest.java          | 14 +++---
 .../dto/StatusListCredentialSubjectTest.java  |  4 +-
 .../revocation/dto/TokenResponeTest.java      |  6 +--
 .../services/HttpClientServiceTest.java       |  7 +--
 .../services/RevocationServiceTest.java       | 45 +++++++++----------
 .../services/StatusVerificationTest.java      | 33 --------------
 .../commons/ValidateTest.java                 | 21 ++++-----
 14 files changed, 55 insertions(+), 128 deletions(-)
 delete mode 100644 revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/StatusVerificationTest.java

diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/identityminustrust/TokenRequestTest.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/identityminustrust/TokenRequestTest.java
index 6c481935..ff88fada 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/identityminustrust/TokenRequestTest.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/identityminustrust/TokenRequestTest.java
@@ -55,7 +55,7 @@
 @DirtiesContext
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = { ManagedIdentityWalletsApplication.class })
 @ContextConfiguration(initializers = { TestContextInitializer.class })
-public class TokenRequestTest {
+class TokenRequestTest {
 
     private static final ObjectMapper MAPPER = new ObjectMapper();
 
@@ -125,7 +125,7 @@ public void initWallets() {
 
     @Test
     @SneakyThrows
-    public void testPresentationQueryWithToken() {
+    void testPresentationQueryWithToken() {
         // when
         String body = "audience=%s&client_id=%s&client_secret=%s&grant_type=client_credentials&bearer_access_scope=org.eclipse.tractusx.vc.type:MembershipCredential:read";
         String requestBody = String.format(body, bpn, clientId, clientSecret);
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java
index 3eb7ed69..246eab4e 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java
@@ -98,8 +98,7 @@ public static ResponseEntity<String> createWallet(String bpn, String name, TestR
 
         HttpEntity<CreateWalletRequest> entity = new HttpEntity<>(request, headers);
 
-        ResponseEntity<String> exchange = testTemplate.exchange(RestURI.WALLETS, HttpMethod.POST, entity, String.class);
-        return exchange;
+        return testTemplate.exchange(RestURI.WALLETS, HttpMethod.POST, entity, String.class);
 
     }
 
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java
index e6033e8a..4dff1776 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java
@@ -363,7 +363,7 @@ public String extractBpnFromURL(String url) {
         if (matcher.find()) {
             return matcher.group(1).toUpperCase();
         } else {
-            throw new Exception("No match found");
+            throw new IllegalArgumentException("No match found");
         }
     }
 
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/validation/VerifiableCredentialValidator.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/validation/VerifiableCredentialValidator.java
index 00947e53..d049f11f 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/validation/VerifiableCredentialValidator.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/validation/VerifiableCredentialValidator.java
@@ -59,7 +59,7 @@ private boolean validateCredentialSubject(
         for (Map<String, Object> subject : credentialSubjects) {
             // Extract the 'id' of the credential subject if it exists
             Object subjectId = subject.get("id");
-            if (subjectId == null || !(subjectId instanceof String)) {
+            if (!(subjectId instanceof String)) {
                 addConstraintViolation(context, "credentialSubject.id must be a valid String");
                 return false;
             }
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/MIWSettingsTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/MIWSettingsTest.java
index c04163e8..4ee8efe2 100644
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/MIWSettingsTest.java
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/MIWSettingsTest.java
@@ -50,6 +50,7 @@ void testMIWSettingsWithNullVCContexts() {
 
     @Test
     void testMIWSettingsWithEmptyVCContexts() {
-        assertThrows(IllegalArgumentException.class, () -> new MIWSettings(List.of()));
+        List<URI> list = List.of();
+        assertThrows(IllegalArgumentException.class, () -> new MIWSettings(list));
     }
 }
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/CustomAuthenticationConverterTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/CustomAuthenticationConverterTest.java
index a918b0fe..b5b050c6 100644
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/CustomAuthenticationConverterTest.java
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/config/security/CustomAuthenticationConverterTest.java
@@ -36,19 +36,6 @@
 
 class CustomAuthenticationConverterTest {
 
-    private static final String VALID =
-            "eyJhbGciOiJSUzI1NiIsImFscGhhIjoiZzB1ZjNycjlycnN2cHlhcTVuamg4In0.eyJpc3MiOiJEaW5vQ2hpZXNhLmdpdGh1Yi5pbyIsInN1YiI6Im1heGluZSIsImF1ZCI6ImlkcmlzIiwiaWF0IjoxNzAyNjUwMTc2LCJleHAiOjE3MDI2NTA3NzYsInJlc291cmNlX2FjY2VzcyI6eyJyZXNvdXJjZUlkIjp7InJvbGVzIjpbImRlaV9tdWRhIl19fX0.wTv9GBX3AuRO8UIsAuu2YJU77ai-wchDyxRn-_yX9PeHt23vCmp_JAbkkdMdyLAWWOKncjgNeG-4lB9RCBsjmbdb1imujUrAocp3VZQqNg6OVaNV58kdsIpNNF9S8XlFI4hr1BANrw2rWJDkTRu1id-Fu-BVE1BF7ySCKHS_NaY3e7yXQM-jtU63z5FBpPvfMF-La3blPle93rgut7V3LlG-tNOp93TgFzGrQQXuJUsew34T0u4OlQa3TjQuMdZMTy0SVSLSpIzAqDsAkHv34W6SdY1p6FVQ14TfawRLkrI2QY-YM_dCFAEE7KqqnUrVVyw6XG1ydeFDuX8SJuQX7g";
-
-    private static final String MISSING_RESOURCE_ID =
-            "{\n" + "    \"resource_access\": {\n" + "    }\n" + "}";
-
-    private static final String MISSING_ROLES =
-            "{\n"
-                    + "    \"resource_access\": {\n"
-                    + "        \"resourceId\": {\n"
-                    + "        }\n"
-                    + "    }\n"
-                    + "}";
 
     @Test
     void shouldConvertSuccessfullyWithAuthorities() {
@@ -92,7 +79,6 @@ void shouldConvertSuccessfullyWithoutAuthoritiesWhenRolesMissing() {
 
     @Test
     void shouldConvertSuccessfullyWithoutAuthoritiesWhenResourceAccessMissing() {
-        Map<String, Object> resourceId = Map.of("resourceId", Map.of());
         Map<String, Object> resourceAccess = Map.of("resource_access", Map.of());
 
         Jwt jwt =
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiControllerTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiControllerTest.java
index ff11b541..6f0379f4 100644
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiControllerTest.java
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/controllers/RevocationApiControllerTest.java
@@ -27,6 +27,7 @@
 import org.eclipse.tractusx.managedidentitywallets.revocation.constant.RevocationApiEndpoints;
 import org.eclipse.tractusx.managedidentitywallets.revocation.dto.CredentialStatusDto;
 import org.eclipse.tractusx.managedidentitywallets.revocation.dto.StatusEntryDto;
+import org.eclipse.tractusx.managedidentitywallets.revocation.dto.StatusListCredentialSubject;
 import org.eclipse.tractusx.managedidentitywallets.revocation.services.RevocationService;
 import org.eclipse.tractusx.managedidentitywallets.revocation.utils.BitSetManager;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
@@ -99,13 +100,12 @@ void whenPostCreateStatusListVC_thenReturnStatus() throws Exception {
                         RevocationPurpose.REVOCATION.name(),
                         validIndex, // this value is within the range [0, BitSetManager.BITSET_SIZE - 1]
                         "https://example.com/revocations/credentials/" + BPN + "/revocation/1",
-                        "BitstringStatusListEntry");
+                        StatusListCredentialSubject.TYPE_ENTRY);
         given(revocationService.createStatusList(statusEntryDto, "token"))
                 .willReturn(credentialStatusDto);
         when(revocationService.extractBpnFromDid(DID)).thenReturn(BPN);
 
         Principal mockPrincipal = mockPrincipal(BPN);
-        var name = mockPrincipal.getName();
         // When & Then
         mockMvc
                 .perform(
@@ -142,7 +142,7 @@ void whenPostRevokeCredential_thenReturnOkStatus() throws Exception {
                         "revocation",
                         validIndex, // this value is within the range [0, BitSetManager.BITSET_SIZE - 1]
                         "http://example.com/credentials/" + BPN + "/revocation/1",
-                        "BitstringStatusListEntry");
+                        StatusListCredentialSubject.TYPE_ENTRY);
         doNothing().when(revocationService).revoke(credentialStatusDto, "token");
         when(revocationService.extractBpnFromURL(any())).thenReturn(BPN);
 
@@ -201,23 +201,4 @@ private VerifiableCredential createVerifiableCredentialTestData() {
         VerifiableCredential credential = new VerifiableCredential(credentialData);
         return credential;
     }
-
-    private VerifiableCredential createVerifiableCredentialTestDataInvalidDID() {
-        Map<String, Object> credentialData = new HashMap<>();
-        credentialData.put("id", UUID.randomUUID().toString());
-        credentialData.put("issuer", "https://issuer.example.com");
-        credentialData.put("issuanceDate", Instant.now().toString());
-        // Include 'type' field as a list because VerifiableCredential expects it to be non-null and a
-        // list
-        credentialData.put("type", List.of("VerifiableCredential", "StatusListCredential"));
-        Map<String, Object> subjectData = new HashMap<>();
-        subjectData.put("id", "subjectId");
-        subjectData.put("type", "StatusList2021Credential");
-        // 'credentialSubject' can be either a List or a single Map according to the code, so I'm
-        // keeping it as a single Map
-        credentialData.put("credentialSubject", subjectData);
-        credentialData.put("@context", VerifiableCredential.DEFAULT_CONTEXT.toString());
-        VerifiableCredential credential = new VerifiableCredential(credentialData);
-        return credential;
-    }
 }
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/CredentialStatusDtoTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/CredentialStatusDtoTest.java
index 43235a50..83e966ff 100644
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/CredentialStatusDtoTest.java
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/CredentialStatusDtoTest.java
@@ -50,7 +50,7 @@ void validCredentialStatusDto_CreatesSuccessfully() {
                         "revocation",
                         validIndex, // this value is within the range [0, BitSetManager.BITSET_SIZE - 1]
                         "statusListCredential",
-                        "BitstringStatusListEntry");
+                        StatusListCredentialSubject.TYPE_ENTRY);
 
         // Assert
         assertNotNull(dto);
@@ -58,7 +58,7 @@ void validCredentialStatusDto_CreatesSuccessfully() {
         assertEquals("revocation", dto.statusPurpose());
         assertEquals(validIndex, dto.statusListIndex());
         assertEquals("statusListCredential", dto.statusListCredential());
-        assertEquals("BitstringStatusListEntry", dto.type());
+        assertEquals(StatusListCredentialSubject.TYPE_ENTRY, dto.type());
     }
 
     @ParameterizedTest
@@ -89,7 +89,7 @@ void anyParameterIsBlank_ThrowsValidationException() {
                                         "revocation",
                                         "0",
                                         "statusListCredential",
-                                        "BitstringStatusListEntry"))
+                                        StatusListCredentialSubject.TYPE_ENTRY))
                         .isEmpty());
 
         assertFalse(
@@ -100,7 +100,7 @@ void anyParameterIsBlank_ThrowsValidationException() {
                                         "revocation",
                                         "0",
                                         "", // statusListCredential is blank
-                                        "BitstringStatusListEntry"))
+                                        StatusListCredentialSubject.TYPE_ENTRY))
                         .isEmpty());
     }
 
@@ -113,7 +113,7 @@ void invalidStatusPurpose_ThrowsIllegalArgumentException() {
                 IllegalArgumentException.class,
                 () -> {
                     new CredentialStatusDto(
-                            "id", invalidPurpose, "0", "statusListCredential", "BitstringStatusListEntry");
+                            "id", invalidPurpose, "0", "statusListCredential", StatusListCredentialSubject.TYPE_ENTRY);
                 });
     }
 
@@ -137,14 +137,14 @@ void validStatusPurpose_DoesNotThrowException() {
         assertDoesNotThrow(
                 () -> {
                     new CredentialStatusDto(
-                            "id", validPurpose, "0", "statusListCredential", "BitstringStatusListEntry");
+                            "id", validPurpose, "0", "statusListCredential", StatusListCredentialSubject.TYPE_ENTRY);
                 });
     }
 
     @Test
     @DisplayName("type is valid")
     void validType_DoesNotThrowException() {
-        String validType = "BitstringStatusListEntry";
+        String validType = StatusListCredentialSubject.TYPE_ENTRY;
 
         assertDoesNotThrow(
                 () -> {
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusListCredentialSubjectTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusListCredentialSubjectTest.java
index 246c8473..f720cf9b 100644
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusListCredentialSubjectTest.java
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/StatusListCredentialSubjectTest.java
@@ -55,8 +55,8 @@ void builderCreatesObjectWithCorrectValues() {
     @Test
     void defaultConstantsAreCorrect() {
         // Assert
-        assertEquals("BitstringStatusListEntry", StatusListCredentialSubject.TYPE_ENTRY);
-        assertEquals("BitstringStatusList", StatusListCredentialSubject.TYPE_LIST);
+        assertEquals("StatusList2021Entry", StatusListCredentialSubject.TYPE_ENTRY);
+        assertEquals("StatusList2021Credential", StatusListCredentialSubject.TYPE_LIST);
         assertEquals("id", StatusListCredentialSubject.SUBJECT_ID);
         assertEquals("type", StatusListCredentialSubject.SUBJECT_TYPE);
         assertEquals("statusPurpose", StatusListCredentialSubject.SUBJECT_STATUS_PURPOSE);
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/TokenResponeTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/TokenResponeTest.java
index 6b040616..4e686960 100644
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/TokenResponeTest.java
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/dto/TokenResponeTest.java
@@ -26,7 +26,7 @@
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNull;
 
-public class TokenResponeTest {
+class TokenResponseTest {
     @Test
     void getAndSetAccessToken() {
         // Arrange
@@ -38,7 +38,7 @@ void getAndSetAccessToken() {
 
         // Assert
         String actualToken = tokenResponse.getAccessToken();
-        assertEquals(expectedToken, actualToken, "someAccessToken123");
+        assertEquals(expectedToken, "someAccessToken123", actualToken);
     }
 
     @Test
@@ -65,6 +65,6 @@ void setAccessTokenWithEmptyString() {
 
         // Assert
         String actualToken = tokenResponse.getAccessToken();
-        assertEquals(expectedToken, actualToken, "");
+        assertEquals(expectedToken, "", actualToken);
     }
 }
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientServiceTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientServiceTest.java
index 6f530935..31d929f9 100644
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientServiceTest.java
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientServiceTest.java
@@ -26,7 +26,6 @@
 import org.eclipse.tractusx.managedidentitywallets.revocation.dto.TokenResponse;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
 import org.junit.jupiter.api.BeforeAll;
-import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.RegisterExtension;
 import org.junit.jupiter.params.ParameterizedTest;
@@ -91,10 +90,6 @@ public static void beforeAll() {
         ReflectionTestUtils.setField(httpClientService, "miwUrl", wm1.baseUrl());
     }
 
-    @BeforeEach
-    void setUp() {
-    }
-
     @Test
     void testGetBearerToken_Success() {
         String expectedToken = "mockToken";
@@ -131,7 +126,7 @@ void testSignStatusListVC_Success() {
         tokenResponse.setAccessToken("123456");
         wm1.stubFor(post("/token").willReturn(jsonResponse(tokenResponse, 200)));
         wm1.stubFor(
-                post("/api/credentials?isRevocable=false")
+                post("/api/credentials?revocable=false")
                         .willReturn(jsonResponse(statusListCredential.getCredential(), 200)));
         VerifiableCredential signedCredential =
                 assertDoesNotThrow(
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationServiceTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationServiceTest.java
index 728ec0d2..6c97acc7 100644
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationServiceTest.java
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationServiceTest.java
@@ -21,7 +21,6 @@
 
 package org.eclipse.tractusx.managedidentitywallets.revocation.services;
 
-import com.fasterxml.jackson.core.JsonProcessingException;
 import lombok.SneakyThrows;
 import org.eclipse.tractusx.managedidentitywallets.commons.constant.CredentialStatus;
 import org.eclipse.tractusx.managedidentitywallets.commons.constant.StringPool;
@@ -40,7 +39,6 @@
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialSubject;
 import org.eclipse.tractusx.ssi.lib.proof.LinkedDataProofValidation;
-import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.DisplayName;
@@ -76,7 +74,6 @@
 import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.when;
 
@@ -142,7 +139,7 @@ void shouldVerifyStatusActive() {
                             "http://this-is-my-domain/api/v1/revocations/credentials/"
                                     + TestUtil.extractBpnFromDid(issuer)
                                     + "/revocation/1");
-            when(credentialStatusDto.type()).thenReturn("BitstringStatusListEntry");
+            when(credentialStatusDto.type()).thenReturn("StatusList2021Entry");
 
 
             try (MockedStatic<LinkedDataProofValidation> utils = Mockito.mockStatic(LinkedDataProofValidation.class)) {
@@ -152,7 +149,7 @@ void shouldVerifyStatusActive() {
                 }).thenReturn(mock);
                 Mockito.when(mock.verify(Mockito.any(VerifiableCredential.class))).thenReturn(true);
                 Map<String, String> status = revocationService.verifyStatus(credentialStatusDto);
-                Assertions.assertTrue(status.get(StringPool.STATUS).equals(CredentialStatus.ACTIVE.getName()));
+                assertEquals(status.get(StringPool.STATUS), CredentialStatus.ACTIVE.getName());
             }
         }
 
@@ -188,7 +185,7 @@ void shouldVerifyStatusRevoke() {
                             "http://this-is-my-domain/api/v1/revocations/credentials/"
                                     + TestUtil.extractBpnFromDid(issuer)
                                     + "/revocation/1");
-            when(credentialStatusDto.type()).thenReturn("BitstringStatusListEntry");
+            when(credentialStatusDto.type()).thenReturn("StatusList2021Entry");
             try (MockedStatic<LinkedDataProofValidation> utils = Mockito.mockStatic(LinkedDataProofValidation.class)) {
                 LinkedDataProofValidation mock = Mockito.mock(LinkedDataProofValidation.class);
                 utils.when(() -> {
@@ -197,7 +194,7 @@ void shouldVerifyStatusRevoke() {
                 Mockito.when(mock.verify(Mockito.any(VerifiableCredential.class))).thenReturn(true);
                 Map<String, String> status = revocationService.verifyStatus(credentialStatusDto);
 
-                Assertions.assertTrue(status.get(StringPool.STATUS).equals(CredentialStatus.REVOKED.getName()));
+                assertEquals(status.get(StringPool.STATUS), CredentialStatus.REVOKED.getName());
             }
         }
     }
@@ -230,10 +227,10 @@ void shouldRevokeCredential() {
                             "http://this-is-my-domain/api/v1/revocations/credentials/"
                                     + TestUtil.extractBpnFromDid(issuer)
                                     + "/revocation/1");
-            when(credentialStatusDto.type()).thenReturn("BitstringStatusListEntry");
+            when(credentialStatusDto.type()).thenReturn("StatusList2021Entry");
             assertDoesNotThrow(() -> revocationService.revoke(credentialStatusDto, "token"));
             Mockito.verify(statusListCredentialRepository, Mockito.times(1))
-                    .saveAndFlush(eq(statusListCredential));
+                    .saveAndFlush(statusListCredential);
             ArgumentCaptor<VerifiableCredential> captor =
                     ArgumentCaptor.forClass(VerifiableCredential.class);
             Mockito.verify(httpClientService)
@@ -274,7 +271,7 @@ void shouldThrowRevocationServiceException() {
                             "http://this-is-my-domain/api/v1/revocations/credentials/"
                                     + TestUtil.extractBpnFromDid(issuer)
                                     + "/revocation/1");
-            when(credentialStatusDto.type()).thenReturn("BitstringStatusListEntry");
+            when(credentialStatusDto.type()).thenReturn("StatusList2021Entry");
             try (MockedStatic<BitSetManager> utilities = Mockito.mockStatic(BitSetManager.class)) {
                 utilities
                         .when(() -> BitSetManager.revokeCredential(any(String.class), any(Integer.class)))
@@ -370,7 +367,7 @@ void shouldCreateNewStatusListWhenFirstFull() {
     class GetStatusListCredential {
 
         @Test
-        void shouldGetList() throws JsonProcessingException {
+        void shouldGetList() {
             final var issuer = DID;
             var fragment = UUID.randomUUID().toString();
             var encodedList = mockEmptyEncodedList();
@@ -403,39 +400,39 @@ void shouldReturnNull() {
     class CheckSubStringExtraction {
         @Test
         void shouldExtractBpnFromDid() {
-            assertEquals(revocationService.extractBpnFromDid(DID), BPN);
+            assertEquals(BPN, revocationService.extractBpnFromDid(DID));
         }
 
         @Test
         void shouldExtractIdFromURL() {
             assertEquals(
+                    "BPNL123456789000-revocation#1",
                     revocationService.extractIdFromURL(
-                            "http://this-is-my-domain/api/v1/revocations/credentials/BPNL123456789000/revocation/1"),
-                    "BPNL123456789000-revocation#1");
+                            "http://this-is-my-domain/api/v1/revocations/credentials/BPNL123456789000/revocation/1"));
         }
 
         @Test
         void shouldExtractIdFromURLCaseSensitive() {
             assertEquals(
+                    "BPNL123456789000-revocation#1",
                     revocationService.extractIdFromURL(
-                            "http://this-is-my-domain/api/v1/revocations/credentials/bpnl123456789000/revocation/1"),
-                    "BPNL123456789000-revocation#1");
+                            "http://this-is-my-domain/api/v1/revocations/credentials/bpnl123456789000/revocation/1"));
         }
 
         @Test
         void shouldExtractBpnFromURL() {
             assertEquals(
+                    BPN,
                     revocationService.extractBpnFromURL(
-                            "http://this-is-my-domain/api/v1/revocations/credentials/BPNL123456789000/revocation/1"),
-                    BPN);
+                            "http://this-is-my-domain/api/v1/revocations/credentials/BPNL123456789000/revocation/1"));
         }
 
         @Test
         void shouldExtractBpnFromURLCaseSensitive() {
             assertEquals(
+                    BPN,
                     revocationService.extractBpnFromURL(
-                            "http://this-is-my-domain/api/v1/revocations/creDENTials/bpNl123456789000/revocation/1"),
-                    BPN);
+                            "http://this-is-my-domain/api/v1/revocations/creDENTials/bpNl123456789000/revocation/1"));
         }
     }
 
@@ -452,7 +449,7 @@ void validCredentialStatusDto() {
 
             CredentialStatusDto dto =
                     new CredentialStatusDto(
-                            id, "revocation", statusIndex, statusListCredential, "BitstringStatusListEntry");
+                            id, "revocation", statusIndex, statusListCredential, "StatusList2021Entry");
 
             assertDoesNotThrow(() -> revocationService.validateCredentialStatus(dto));
         }
@@ -468,7 +465,7 @@ void invalidStatusPurpose_ThrowsIllegalArgumentException() {
 
             CredentialStatusDto dto =
                     new CredentialStatusDto(
-                            id, "revocation", statusIndex, statusListCredential, "BitstringStatusListEntry");
+                            id, "revocation", statusIndex, statusListCredential, "StatusList2021Entry");
             assertThrows(
                     IllegalArgumentException.class, () -> revocationService.validateCredentialStatus(dto));
         }
@@ -483,7 +480,7 @@ void invalidId_ThrowsIllegalArgumentException() {
 
             CredentialStatusDto dto =
                     new CredentialStatusDto(
-                            id, "revocation", statusIndex, statusListCredential, "BitstringStatusListEntry");
+                            id, "revocation", statusIndex, statusListCredential, "StatusList2021Entry");
             assertThrows(
                     IllegalArgumentException.class, () -> revocationService.validateCredentialStatus(dto));
         }
@@ -498,7 +495,7 @@ void invalidStatusIndex_ThrowsIllegalArgumentException() {
 
             CredentialStatusDto dto =
                     new CredentialStatusDto(
-                            id, "revocation", statusIndex, statusListCredential, "BitstringStatusListEntry");
+                            id, "revocation", statusIndex, statusListCredential, "StatusList2021Entry");
             assertThrows(
                     IllegalArgumentException.class, () -> revocationService.validateCredentialStatus(dto));
         }
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/StatusVerificationTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/StatusVerificationTest.java
deleted file mode 100644
index 80a83706..00000000
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/StatusVerificationTest.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * *******************************************************************************
- *  Copyright (c) 2021,2024 Contributors to the Eclipse Foundation
- *
- *  See the NOTICE file(s) distributed with this work for additional
- *  information regarding copyright ownership.
- *
- *  This program and the accompanying materials are made available under the
- *  terms of the Apache License, Version 2.0 which is available at
- *  https://www.apache.org/licenses/LICENSE-2.0.
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- *  License for the specific language governing permissions and limitations
- *  under the License.
- *
- *  SPDX-License-Identifier: Apache-2.0
- * ******************************************************************************
- */
-
-package org.eclipse.tractusx.managedidentitywallets.revocation.services;
-
-import org.junit.jupiter.api.Test;
-
-public class StatusVerificationTest {
-
-
-    @Test
-    void testVerification() {
-
-    }
-}
diff --git a/wallet-commons/src/test/java/org/eclipse/tractusx/managedidentitywallets/commons/ValidateTest.java b/wallet-commons/src/test/java/org/eclipse/tractusx/managedidentitywallets/commons/ValidateTest.java
index 4a65cb34..f8e70467 100644
--- a/wallet-commons/src/test/java/org/eclipse/tractusx/managedidentitywallets/commons/ValidateTest.java
+++ b/wallet-commons/src/test/java/org/eclipse/tractusx/managedidentitywallets/commons/ValidateTest.java
@@ -30,25 +30,26 @@ class ValidateTest {
 
     @Test
     void validateTest() {
-        Assertions.assertThrows(RuntimeException.class, () -> Validate.isFalse(false).launch(new RuntimeException()));
+        RuntimeException runtimeException = new RuntimeException();
+        Assertions.assertThrows(RuntimeException.class, () -> Validate.isFalse(false).launch(runtimeException));
 
-        Assertions.assertThrows(RuntimeException.class, () -> Validate.isTrue(true).launch(new RuntimeException()));
+        Assertions.assertThrows(RuntimeException.class, () -> Validate.isTrue(true).launch(runtimeException));
 
-        Assertions.assertThrows(RuntimeException.class, () -> Validate.isNull(null).launch(new RuntimeException()));
+        Assertions.assertThrows(RuntimeException.class, () -> Validate.isNull(null).launch(runtimeException));
 
-        Assertions.assertThrows(RuntimeException.class, () -> Validate.isNotNull("Test").launch(new RuntimeException()));
+        Assertions.assertThrows(RuntimeException.class, () -> Validate.isNotNull("Test").launch(runtimeException));
 
-        Assertions.assertThrows(RuntimeException.class, () -> Validate.value("").isNotEmpty().launch(new RuntimeException()));
+        Assertions.assertThrows(RuntimeException.class, () -> Validate.value("").isNotEmpty().launch(runtimeException));
 
-        Assertions.assertDoesNotThrow(() -> Validate.isFalse(true).launch(new RuntimeException()));
+        Assertions.assertDoesNotThrow(() -> Validate.isFalse(true).launch(runtimeException));
 
-        Assertions.assertDoesNotThrow(() -> Validate.isTrue(false).launch(new RuntimeException()));
+        Assertions.assertDoesNotThrow(() -> Validate.isTrue(false).launch(runtimeException));
 
-        Assertions.assertDoesNotThrow(() -> Validate.isNull("").launch(new RuntimeException()));
+        Assertions.assertDoesNotThrow(() -> Validate.isNull("").launch(runtimeException));
 
-        Assertions.assertDoesNotThrow(() -> Validate.isNotNull(null).launch(new RuntimeException()));
+        Assertions.assertDoesNotThrow(() -> Validate.isNotNull(null).launch(runtimeException));
 
-        Assertions.assertDoesNotThrow(() -> Validate.value("Test").isNotEmpty().launch(new RuntimeException()));
+        Assertions.assertDoesNotThrow(() -> Validate.value("Test").isNotEmpty().launch(runtimeException));
 
     }
 }

From 65dd8124787e7897260e720d42b17e61cdb8955c Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Fri, 6 Sep 2024 11:00:04 +0530
Subject: [PATCH 34/48] fix: status list VS as JSON-LD

---
 .../apidocs/IssuersCredentialControllerApiDocs.java             | 1 -
 .../revocation/services/HttpClientService.java                  | 1 +
 .../revocation/services/RevocationService.java                  | 2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/apidocs/IssuersCredentialControllerApiDocs.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/apidocs/IssuersCredentialControllerApiDocs.java
index 5ad56101..771ccda3 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/apidocs/IssuersCredentialControllerApiDocs.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/apidocs/IssuersCredentialControllerApiDocs.java
@@ -222,7 +222,6 @@ public class IssuersCredentialControllerApiDocs {
 
     @Target(ElementType.METHOD)
     @Retention(RetentionPolicy.RUNTIME)
-    @Tag(name = API_TAG_VERIFIABLE_CREDENTIAL_VALIDATION)
     @ApiResponses(value = {
             @ApiResponse(responseCode = "401", description = "The request could not be completed due to a failed authorization.", content = {
                     @Content(examples = {}) }),
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientService.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientService.java
index 333c8762..dd8f61b0 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientService.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientService.java
@@ -74,6 +74,7 @@ public VerifiableCredential signStatusListVC(VerifiableCredential vc, String tok
                 UriComponentsBuilder.fromHttpUrl(miwUrl)
                         .path("/api/credentials")
                         .queryParam(StringPool.REVOCABLE, "false")
+                        .queryParam(StringPool.AS_JWT, "false")
                         .build()
                         .toUriString();
 
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java
index 4dff1776..a99adabe 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/RevocationService.java
@@ -182,7 +182,7 @@ public void revoke(CredentialStatusDto dto, String token) throws RevocationServi
         newSubject =
                 StatusListCredentialSubject.builder()
                         .id((String) subjectCredential.get(StatusListCredentialSubject.SUBJECT_ID))
-                        .type(StatusListCredentialSubject.TYPE_LIST)
+                        .type(StatusListCredentialSubject.TYPE_CREDENTIAL)
                         .statusPurpose(
                                 (String) subjectCredential.get(StatusListCredentialSubject.SUBJECT_STATUS_PURPOSE))
                         .encodedList(newEncodedList)

From df62fcc2e5c841a4cfd893d99fad22d90d34e792 Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Fri, 6 Sep 2024 11:27:05 +0530
Subject: [PATCH 35/48] fix: tests

---
 .../managedidentitywallets/utils/TestUtils.java        | 10 +++++-----
 .../revocation/services/HttpClientServiceTest.java     |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java
index 246eab4e..7e9e6289 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java
@@ -280,7 +280,7 @@ public static Map<String, Object> getCredentialAsMap(String holderBpn, String ho
     public static VerifiableCredentialStatusList2021Entry getStatusListEntry(int index) {
         return new VerifiableCredentialStatusList2021Entry(Map.of(
                 "id", "https://example.com/credentials/bpn123456789000/revocation/3#" + index,
-                "type", "BitstringStatusListEntry",
+                "type", "StatusList2021Entry",
                 "statusPurpose", "revocation",
                 "statusListIndex", String.valueOf(index),
                 "statusListCredential", "https://example.com/credentials/bpn123456789000/revocation/3"
@@ -291,7 +291,7 @@ public static VerifiableCredentialStatusList2021Entry getStatusListEntry() {
         int index = RandomUtils.nextInt(1, 100);
         return new VerifiableCredentialStatusList2021Entry(Map.of(
                 "id", "https://example.com/credentials/bpn123456789000/revocation/3#" + index,
-                "type", "BitstringStatusListEntry",
+                "type", "StatusList2021Entry",
                 "statusPurpose", "revocation",
                 "statusListIndex", String.valueOf(index),
                 "statusListCredential", "https://example.com/credentials/bpn123456789000/revocation/3"
@@ -318,7 +318,7 @@ public static void mockGetStatusListVC(RevocationClient revocationClient, Object
         String vcString = """
                 {
                   "type": [
-                    "VerifiableCredential"
+                    "VerifiableCredential","StatusList2021Credential"
                   ],
                   "@context": [
                     "https://www.w3.org/2018/credentials/v1",
@@ -338,7 +338,7 @@ public static void mockGetStatusListVC(RevocationClient revocationClient, Object
                   },
                   "credentialSubject": {
                     "id": "did:key:z6MkhGTzcvb8BXh5aeoaFvb3XJ3MBmfLRamdYdXyV1pxJBce",
-                    "type": "BitstringStatusList",
+                    "type": "StatusList2021",
                     "statusPurpose": "revocation",
                     "encodedList": "##encodedList"
                   }
@@ -377,7 +377,7 @@ public static void mockGetStatusListVC(RevocationClient revocationClient, Object
                   },
                   "credentialSubject": {
                     "id": "did:key:z6MkhGTzcvb8BXh5aeoaFvb3XJ3MBmfLRamdYdXyV1pxJBce",
-                    "type": "StatusList2021Credential",
+                    "type": "StatusList2021",
                     "statusPurpose": "revocation",
                     "encodedList": "H4sIAAAAAAAA/+3BMQEAAAjAoEqzfzk/SwjUmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDXFiqoX4AAAAIA"
                   }
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientServiceTest.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientServiceTest.java
index 31d929f9..01439c23 100644
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientServiceTest.java
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/services/HttpClientServiceTest.java
@@ -126,7 +126,7 @@ void testSignStatusListVC_Success() {
         tokenResponse.setAccessToken("123456");
         wm1.stubFor(post("/token").willReturn(jsonResponse(tokenResponse, 200)));
         wm1.stubFor(
-                post("/api/credentials?revocable=false")
+                post("/api/credentials?revocable=false&asJwt=false")
                         .willReturn(jsonResponse(statusListCredential.getCredential(), 200)));
         VerifiableCredential signedCredential =
                 assertDoesNotThrow(

From 546908b5e13ce4a0695fa5ade42a14a1abb88a2b Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Mon, 9 Sep 2024 12:58:21 +0530
Subject: [PATCH 36/48] fix: status list changed to 2021 from bitstring

---
 miw/README.md                                 | 62 +++++++++----------
 .../config/RevocationSettings.java            |  2 +-
 .../service/HoldersCredentialService.java     |  4 +-
 .../service/IssuersCredentialService.java     |  4 +-
 miw/src/main/resources/application.yaml       |  2 +-
 .../utils/TestUtils.java                      |  2 +-
 .../src/main/resources/application.yaml       |  2 +-
 7 files changed, 39 insertions(+), 39 deletions(-)

diff --git a/miw/README.md b/miw/README.md
index 0ea651ac..d5a56ec1 100644
--- a/miw/README.md
+++ b/miw/README.md
@@ -287,37 +287,37 @@ This process ensures that any issues with the database schema are resolved by re
 
 # Environment Variables
 
-| name                              | description                                                                                  | default value                                                                                                                                       |
-|-----------------------------------|----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
-| APPLICATION_PORT                  | port number of application                                                                   | 8080                                                                                                                                                |
-| APPLICATION_ENVIRONMENT           | Environment of the application ie. local, dev, int and prod                                  | local                                                                                                                                               |
-| DB_HOST                           | Database host                                                                                | localhost                                                                                                                                           |
-| DB_PORT                           | Port of database                                                                             | 5432                                                                                                                                                |
-| DB_NAME                           | Database name                                                                                | miw                                                                                                                                                 |
-| USE_SSL                           | Whether SSL is enabled in database server                                                    | false                                                                                                                                               |
-| DB_USER_NAME                      | Database username                                                                            |                                                                                                                                                     |
-| DB_PASSWORD                       | Database password                                                                            |                                                                                                                                                     |
-| DB_POOL_SIZE                      | Max number of database connection acquired by application                                    | 10                                                                                                                                                  |
-| KEYCLOAK_MIW_PUBLIC_CLIENT        | Only needed if we want enable login with keyalock in swagger                                 | miw_public                                                                                                                                          |
-| MANAGEMENT_PORT                   | Spring actuator port                                                                         | 8090                                                                                                                                                |
-| MIW_HOST_NAME                     | Application host name, this will be used in creation of did ie. did:web:MIW_HOST_NAME:BPN    | localhost                                                                                                                                           |
-| ENCRYPTION_KEY                    | encryption key used to encrypt and decrypt private and public key of wallet                  |                                                                                                                                                     |
-| AUTHORITY_WALLET_BPN              | base wallet BPN number                                                                       | BPNL000000000000                                                                                                                                    |
-| AUTHORITY_WALLET_NAME             | Base wallet name                                                                             | Catena-X                                                                                                                                            |
-| AUTHORITY_WALLET_DID              | Base wallet web did                                                                          | web:did:host:BPNL000000000000                                                                                                                       |
-| VC_SCHEMA_LINK                    | Comma separated list of VC schema URL                                                        | https://www.w3.org/2018/credentials/v1, https://catenax-ng.github.io/product-core-schemas/businessPartnerData.json                                  |
-| VC_EXPIRY_DATE                    | Expiry date of VC (dd-MM-yyyy ie. 01-01-2025 expiry date will be 2024-12-31T18:30:00Z in VC) | 01-01-2025                                                                                                                                          |
-| KEYCLOAK_REALM                    | Realm name of keycloak                                                                       | miw_test                                                                                                                                            |
-| KEYCLOAK_CLIENT_ID                | Keycloak private client id                                                                   |                                                                                                                                                     |
-| AUTH_SERVER_URL                   | Keycloak server url                                                                          |                                                                                                                                                     |
-| SUPPORTED_FRAMEWORK_VC_TYPES      | Supported framework VC, provide values ie type1=value1,type2=value2                          | cx-behavior-twin=Behavior Twin,cx-pcf=PCF,cx-quality=Quality,cx-resiliency=Resiliency,cx-sustainability=Sustainability,cx-traceability=ID_3.0_Trace |
-| ENFORCE_HTTPS_IN_DID_RESOLUTION   | Enforce https during web did resolution                                                      | true                                                                                                                                                |
-| CONTRACT_TEMPLATES_URL            | Contract templates URL used in summary VC                                                    | https://public.catena-x.org/contracts/                                                                                                              |
-| APP_LOG_LEVEL                     | Log level of application                                                                     | INFO                                                                                                                                                |
-| AUTHORITY_SIGNING_SERVICE_TYPE    | Base wallet signing type, Currency only LOCAL is supported                                   | Local                                                                                                                                               |
-| LOCAL_SIGNING_KEY_STORAGE_TYPE    | Key storage type, currently only DB is supported                                             | DB                                                                                                                                                  |
-| BITSTRING_STATUS_LIST_CONTEXT_URL | Context URI for bitstring status list                                                        | https://w3c.github.io/vc-bitstring-status-list/contexts/v1.jsonld                                                                                   |
-|                                   |                                                                                              |                                                                                                                                                     |
+| name                            | description                                                                                  | default value                                                                                                                                       |
+|---------------------------------|----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
+| APPLICATION_PORT                | port number of application                                                                   | 8080                                                                                                                                                |
+| APPLICATION_ENVIRONMENT         | Environment of the application ie. local, dev, int and prod                                  | local                                                                                                                                               |
+| DB_HOST                         | Database host                                                                                | localhost                                                                                                                                           |
+| DB_PORT                         | Port of database                                                                             | 5432                                                                                                                                                |
+| DB_NAME                         | Database name                                                                                | miw                                                                                                                                                 |
+| USE_SSL                         | Whether SSL is enabled in database server                                                    | false                                                                                                                                               |
+| DB_USER_NAME                    | Database username                                                                            |                                                                                                                                                     |
+| DB_PASSWORD                     | Database password                                                                            |                                                                                                                                                     |
+| DB_POOL_SIZE                    | Max number of database connection acquired by application                                    | 10                                                                                                                                                  |
+| KEYCLOAK_MIW_PUBLIC_CLIENT      | Only needed if we want enable login with keyalock in swagger                                 | miw_public                                                                                                                                          |
+| MANAGEMENT_PORT                 | Spring actuator port                                                                         | 8090                                                                                                                                                |
+| MIW_HOST_NAME                   | Application host name, this will be used in creation of did ie. did:web:MIW_HOST_NAME:BPN    | localhost                                                                                                                                           |
+| ENCRYPTION_KEY                  | encryption key used to encrypt and decrypt private and public key of wallet                  |                                                                                                                                                     |
+| AUTHORITY_WALLET_BPN            | base wallet BPN number                                                                       | BPNL000000000000                                                                                                                                    |
+| AUTHORITY_WALLET_NAME           | Base wallet name                                                                             | Catena-X                                                                                                                                            |
+| AUTHORITY_WALLET_DID            | Base wallet web did                                                                          | web:did:host:BPNL000000000000                                                                                                                       |
+| VC_SCHEMA_LINK                  | Comma separated list of VC schema URL                                                        | https://www.w3.org/2018/credentials/v1, https://catenax-ng.github.io/product-core-schemas/businessPartnerData.json                                  |
+| VC_EXPIRY_DATE                  | Expiry date of VC (dd-MM-yyyy ie. 01-01-2025 expiry date will be 2024-12-31T18:30:00Z in VC) | 01-01-2025                                                                                                                                          |
+| KEYCLOAK_REALM                  | Realm name of keycloak                                                                       | miw_test                                                                                                                                            |
+| KEYCLOAK_CLIENT_ID              | Keycloak private client id                                                                   |                                                                                                                                                     |
+| AUTH_SERVER_URL                 | Keycloak server url                                                                          |                                                                                                                                                     |
+| SUPPORTED_FRAMEWORK_VC_TYPES    | Supported framework VC, provide values ie type1=value1,type2=value2                          | cx-behavior-twin=Behavior Twin,cx-pcf=PCF,cx-quality=Quality,cx-resiliency=Resiliency,cx-sustainability=Sustainability,cx-traceability=ID_3.0_Trace |
+| ENFORCE_HTTPS_IN_DID_RESOLUTION | Enforce https during web did resolution                                                      | true                                                                                                                                                |
+| CONTRACT_TEMPLATES_URL          | Contract templates URL used in summary VC                                                    | https://public.catena-x.org/contracts/                                                                                                              |
+| APP_LOG_LEVEL                   | Log level of application                                                                     | INFO                                                                                                                                                |
+| AUTHORITY_SIGNING_SERVICE_TYPE  | Base wallet signing type, Currency only LOCAL is supported                                   | Local                                                                                                                                               |
+| LOCAL_SIGNING_KEY_STORAGE_TYPE  | Key storage type, currently only DB is supported                                             | DB                                                                                                                                                  |
+| STATUS_LIST_2021_CONTEXT_URL    | Context URI for status list 2021                                                             | https://w3id.org/vc/status-list/2021/v1                                                                                                             |
+|                                 |                                                                                              |                                                                                                                                                     |
 
 # Technical Debts and Known issue
 
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/RevocationSettings.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/RevocationSettings.java
index 43b2a3a1..78c418f1 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/RevocationSettings.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/RevocationSettings.java
@@ -26,5 +26,5 @@
 import java.net.URI;
 
 @ConfigurationProperties(prefix = "miw.revocation")
-public record RevocationSettings(URI url, URI bitStringStatusListContext) {
+public record RevocationSettings(URI url, URI statusList2021Context) {
 }
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java
index db21186e..5de2569d 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java
@@ -199,8 +199,8 @@ public CredentialsResponse issueCredential(Map<String, Object> data, String call
 
             //add revocation context if missing
             List<URI> uris = verifiableCredential.getContext();
-            if (!uris.contains(revocationSettings.bitStringStatusListContext())) {
-                uris.add(revocationSettings.bitStringStatusListContext());
+            if (!uris.contains(revocationSettings.statusList2021Context())) {
+                uris.add(revocationSettings.statusList2021Context());
                 builder.contexts(uris);
             }
 
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java
index fbdf58c6..6ed7a757 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java
@@ -233,8 +233,8 @@ public CredentialsResponse issueCredentialUsingBaseWallet(String holderDid, Map<
 
             //add revocation context if missing
             List<URI> uris = miwSettings.vcContexts();
-            if (!uris.contains(revocationSettings.bitStringStatusListContext())) {
-                uris.add(revocationSettings.bitStringStatusListContext());
+            if (!uris.contains(revocationSettings.statusList2021Context())) {
+                uris.add(revocationSettings.statusList2021Context());
                 builder.contexts(uris);
             }
 
diff --git a/miw/src/main/resources/application.yaml b/miw/src/main/resources/application.yaml
index c40961bb..5f86542d 100644
--- a/miw/src/main/resources/application.yaml
+++ b/miw/src/main/resources/application.yaml
@@ -110,7 +110,7 @@ miw:
     refresh-token-url: ${miw.security.token-url}
   revocation:
     url: ${REVOCATION_SERVICE_URL:http://localhost:8081}
-    bitStringStatusListContext: ${BITSTRING_STATUS_LIST_CONTEXT_URL:https://w3c.github.io/vc-bitstring-status-list/contexts/v1.jsonld}
+    statusList2021Context: ${STATUS_LIST_2021_CONTEXT_URL:https://w3id.org/vc/status-list/2021/v1}
 
 
 sts:
diff --git a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java
index 7e9e6289..39003371 100644
--- a/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java
+++ b/miw/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java
@@ -135,7 +135,7 @@ public static void checkVC(VerifiableCredential verifiableCredential, MIWSetting
         }
 
         if (verifiableCredential.getVerifiableCredentialStatus() != null) {
-            Assertions.assertTrue(verifiableCredential.getContext().contains(revocationSettings.bitStringStatusListContext()));
+            Assertions.assertTrue(verifiableCredential.getContext().contains(revocationSettings.statusList2021Context()));
         }
         //check expiry date
         Assertions.assertEquals(0, verifiableCredential.getExpirationDate().compareTo(miwSettings.vcExpiryDate().toInstant()));
diff --git a/revocation-service/src/main/resources/application.yaml b/revocation-service/src/main/resources/application.yaml
index 35065c0b..3da1057f 100644
--- a/revocation-service/src/main/resources/application.yaml
+++ b/revocation-service/src/main/resources/application.yaml
@@ -50,7 +50,7 @@ revocation:
       refresh-token-url: ${revocation.security.keycloak.token-url}
   miw:
     url: ${MIW_URL:https://a888-203-129-213-107.ngrok-free.app}
-    vcContexts: ${VC_SCHEMA_LINK:https://www.w3.org/2018/credentials/v1, https://cofinity-x.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json}
+    vcContexts: ${VC_SCHEMA_LINK:https://www.w3.org/2018/credentials/v1, https://w3id.org/vc/status-list/2021/v1}
   domain:
     url: ${DOMAIN_URL:https://977d-203-129-213-107.ngrok-free.app}
 

From 3d0fbf9d18be9f3078e9c427a8f3239ae5a67b53 Mon Sep 17 00:00:00 2001
From: rohit-smartsensesolutions <rohit.solanki@smartsensesolutions.com>
Date: Wed, 11 Sep 2024 12:03:35 +0530
Subject: [PATCH 37/48] fix: chart workflows

---
 .github/workflows/chart-verification.yml      |   2 +
 .github/workflows/dast-scan.yaml              |   1 +
 .github/workflows/release-miw.yml             | 495 +++++++++---------
 .github/workflows/release-revocation.yml      | 495 +++++++++---------
 charts/managed-identity-wallet/Chart.lock     |   2 +-
 charts/managed-identity-wallet/README.md      | 350 +++++++------
 .../tests/custom-values/deployment_test.yaml  |   2 +-
 .../tests/default/deployment_test.yaml        |   2 +-
 charts/managed-identity-wallet/values.yaml    | 108 ++--
 9 files changed, 740 insertions(+), 717 deletions(-)

diff --git a/.github/workflows/chart-verification.yml b/.github/workflows/chart-verification.yml
index 47bafb3a..07347afe 100644
--- a/.github/workflows/chart-verification.yml
+++ b/.github/workflows/chart-verification.yml
@@ -156,6 +156,7 @@ jobs:
           context: .
           push: true
           tags: kind-registry:5000/miw:testing
+          file: ./miw/Dockerfile
 
       - uses: actions/setup-python@v4
         with:
@@ -230,6 +231,7 @@ jobs:
             charts/managed-identity-wallet \
             -n apps \
             --wait \
+            --timeout 10m \
             --set image.tag=testing \
             --set image.repository=kind-registry:5000/miw
         # only run if this is not a PR -OR- if there are new versions available
diff --git a/.github/workflows/dast-scan.yaml b/.github/workflows/dast-scan.yaml
index 24364172..afe6a25f 100644
--- a/.github/workflows/dast-scan.yaml
+++ b/.github/workflows/dast-scan.yaml
@@ -77,6 +77,7 @@ jobs:
           context: .
           push: true
           tags: kind-registry:5000/miw:testing
+          file: ./miw/Dockerfile
 
       - name: Install the chart on KinD cluster
         run: helm install -n apps --create-namespace --wait --set image.tag=testing --set=image.repository=kind-registry:5000/miw testing charts/managed-identity-wallet
diff --git a/.github/workflows/release-miw.yml b/.github/workflows/release-miw.yml
index 2e79820a..358984fe 100644
--- a/.github/workflows/release-miw.yml
+++ b/.github/workflows/release-miw.yml
@@ -16,250 +16,251 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 
-name: Semantic Release - MIW
-on:
-  push:
-    paths:
-      - 'miw/src/**'
-      - 'miw/build.gradle/**'
-      - 'wallet-commons/src/**'
-      - 'build.gradle'
-      - 'gradle.properties'
-      - 'settings.gradle'
-    branches:
-      - main
-      - develop
-  pull_request:
-    paths:
-      - 'miw/src/**'
-      - 'miw/build.gradle/**'
-      - 'wallet-commons/src/**'
-      - 'build.gradle'
-      - 'gradle.properties'
-      - 'settings.gradle'
-    branches:
-      - main
-      - develop
-
-env:
-  IMAGE_NAMESPACE: "tractusx"
-  IMAGE_NAME: "managed-identity-wallet"
-
-jobs:
-
-  semantic_release:
-    name: Repository Release
-    runs-on: ubuntu-latest
-    permissions:
-      # see https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
-      contents: write
-      pull-requests: write
-      packages: write
-    outputs:
-      next_release: ${{ steps.semantic-release.outputs.next_release }}
-      will_create_new_release: ${{ steps.semantic-release.outputs.will_create_new_release }}
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Validate Gradle wrapper
-        uses: gradle/wrapper-validation-action@v2
-
-      - name: Setup Helm
-        uses: azure/setup-helm@v4.1.0
-
-      - name: Setup JDK 17
-        uses: actions/setup-java@v4
-        with:
-          java-version: '17'
-          distribution: 'temurin'
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20
-
-        # setup helm-docs as it is needed during semantic-release
-      - uses: gabe565/setup-helm-docs-action@v1
-        name: Setup helm-docs
-        if: github.event_name != 'pull_request'
-        with:
-          version: v1.11.3
-
-      - name: Run semantic release
-        id: semantic-release
-        if: github.event_name != 'pull_request'
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com
-          GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com
-        run: |
-          npx --yes -p @semantic-release/exec -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release
-
-      - name: Run semantic release (dry run)
-        if: github.event_name == 'pull_request'
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com
-          GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com
-        run: |
-          npx --yes -p @semantic-release/exec -p @semantic-release/github -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release --dry-run
-
-      - name: Execute Gradle build
-        run: ./gradlew build
-
-      - name: Upload build artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: build
-          path: ./miw/build
-          if-no-files-found: error
-          retention-days: 1
-
-      - name: Upload Helm chart artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: charts
-          path: ./charts
-          if-no-files-found: error
-          retention-days: 1
-
-      - name: Report semantic-release outputs
-        run: |
-          echo "::notice::${{ env.next_release }}"
-          echo "::notice::${{ env.will_create_new_release }}"
-
-      - name: Upload jar to GitHub release
-        if: github.event_name != 'pull_request' && steps.semantic-release.outputs.will_create_new_release == 'true'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          RELEASE_VERSION: ${{ steps.semantic-release.outputs.next_release }}
-        run: |
-          echo "::notice::Uploading jar to GitHub release"
-          gh release upload "v$RELEASE_VERSION" ./miw/build/libs/miw-latest.jar
-
-  docker:
-    name: Docker Release
-    needs: semantic_release
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-      - name: Download build artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: build
-          path: ./miw/build
-
-      - name: Download Helm chart artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: charts
-          path: ./charts
-
-      # Create SemVer or ref tags dependent of trigger event
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: |
-            ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
-          # Automatically prepare image tags; See action docs for more examples.
-          # semver patter will generate tags like these for example :1 :1.2 :1.2.3
-          tags: |
-            type=ref,event=branch
-            type=ref,event=pr
-            type=semver,pattern={{version}},value=${{ needs.semantic_release.outputs.next_release }}
-            type=semver,pattern={{major}},value=${{ needs.semantic_release.outputs.next_release }}
-            type=semver,pattern={{major}}.{{minor}},value=${{ needs.semantic_release.outputs.next_release }}
-            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
-
-      - name: DockerHub login
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3
-        with:
-          # Use existing DockerHub credentials present as secrets
-          username: ${{ secrets.DOCKER_HUB_USER }}
-          password: ${{ secrets.DOCKER_HUB_TOKEN }}
-
-      - name: Push image
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          file: ./miw/Dockerfile
-
-      # https://github.com/peter-evans/dockerhub-description
-      # Important step to push image description to DockerHub
-      - name: Update Docker Hub description
-        if: github.event_name != 'pull_request'
-        uses: peter-evans/dockerhub-description@v3
-        with:
-          # readme-filepath defaults to toplevel README.md, Only necessary if you have a dedicated file with your 'Notice for docker images'
-          readme-filepath: Docker-hub-notice.md
-          username: ${{ secrets.DOCKER_HUB_USER }}
-          password: ${{ secrets.DOCKER_HUB_TOKEN }}
-          repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
-
-  helm:
-    name: Helm Release
-    needs: semantic_release
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Download Helm chart artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: charts
-          path: ./charts
-
-      - name: Install Helm
-        uses: azure/setup-helm@v4.1.0
-
-      - name: Add Helm dependency repositories
-        run: |
-          helm repo add bitnami https://charts.bitnami.com/bitnami
-
-      - name: Configure Git
-        run: |
-          git config user.name "$GITHUB_ACTOR"
-          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
-
-      - name: Release chart
-        if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true'
-        run: |
-          # Package MIW chart
-          helm_package_path=$(helm package -u -d helm-charts ./charts/managed-identity-wallet | grep -o 'to: .*' | cut -d' ' -f2-)
-          echo "HELM_PACKAGE_PATH=$helm_package_path" >> $GITHUB_ENV
-
-          # Commit and push to gh-pages
-          git add helm-charts
-          git stash -- helm-charts
-          git reset --hard
-          git fetch origin
-          git checkout gh-pages
-          git stash pop
-
-          # Generate helm repo index.yaml
-          helm repo index . --merge index.yaml --url https://${GITHUB_REPOSITORY_OWNER}.github.io/${GITHUB_REPOSITORY#*/}/
-          git add index.yaml
-
-          git commit -s -m "Release ${{ needs.semantic_release.outputs.next_release }}"
-
-          git push origin gh-pages
-
-      - name: Upload chart to GitHub release
-        if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          RELEASE_VERSION: ${{ needs.semantic_release.outputs.next_release }}
-          HELM_PACKAGE_PATH: ${{ env.HELM_PACKAGE_PATH }}
-        run: |
-          echo "::notice::Uploading chart to GitHub release"
-          gh release upload "v$RELEASE_VERSION" "$HELM_PACKAGE_PATH"
+  name: Semantic Release - MIW
+  on:
+    push:
+      paths:
+        - 'miw/src/**'
+        - 'miw/build.gradle/**'
+        - 'wallet-commons/src/**'
+        - 'build.gradle'
+        - 'gradle.properties'
+        - 'settings.gradle'
+      branches:
+        - main
+        - develop
+    pull_request:
+      paths:
+        - 'miw/src/**'
+        - 'miw/build.gradle/**'
+        - 'wallet-commons/src/**'
+        - 'build.gradle'
+        - 'gradle.properties'
+        - 'settings.gradle'
+      branches:
+        - main
+        - develop
+  
+  env:
+    IMAGE_NAMESPACE: "tractusx"
+    IMAGE_NAME: "managed-identity-wallet"
+  
+  jobs:
+  
+    semantic_release:
+      name: Repository Release
+      runs-on: ubuntu-latest
+      permissions:
+        # see https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
+        contents: write
+        pull-requests: write
+        packages: write
+      outputs:
+        next_release: ${{ steps.semantic-release.outputs.next_release }}
+        will_create_new_release: ${{ steps.semantic-release.outputs.will_create_new_release }}
+      steps:
+        - name: Checkout repository
+          uses: actions/checkout@v4
+  
+        - name: Validate Gradle wrapper
+          uses: gradle/wrapper-validation-action@v2
+  
+        - name: Setup Helm
+          uses: azure/setup-helm@v4.1.0
+  
+        - name: Setup JDK 17
+          uses: actions/setup-java@v4
+          with:
+            java-version: '17'
+            distribution: 'temurin'
+  
+        - name: Setup Node.js
+          uses: actions/setup-node@v4
+          with:
+            node-version: 20
+  
+          # setup helm-docs as it is needed during semantic-release
+        - uses: gabe565/setup-helm-docs-action@v1
+          name: Setup helm-docs
+          if: github.event_name != 'pull_request'
+          with:
+            version: v1.11.3
+  
+        - name: Run semantic release
+          id: semantic-release
+          if: github.event_name != 'pull_request'
+          env:
+            GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+            GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com
+            GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com
+          run: |
+            npx --yes -p @semantic-release/exec -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release
+  
+        - name: Run semantic release (dry run)
+          if: github.event_name == 'pull_request'
+          env:
+            GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+            GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com
+            GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com
+          run: |
+            npx --yes -p @semantic-release/exec -p @semantic-release/github -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release --dry-run
+  
+        - name: Execute Gradle build
+          run: ./gradlew build
+  
+        - name: Upload build artifact
+          uses: actions/upload-artifact@v4
+          with:
+            name: build
+            path: ./miw/build
+            if-no-files-found: error
+            retention-days: 1
+  
+        - name: Upload Helm chart artifact
+          uses: actions/upload-artifact@v4
+          with:
+            name: charts
+            path: ./charts
+            if-no-files-found: error
+            retention-days: 1
+  
+        - name: Report semantic-release outputs
+          run: |
+            echo "::notice::${{ env.next_release }}"
+            echo "::notice::${{ env.will_create_new_release }}"
+  
+        - name: Upload jar to GitHub release
+          if: github.event_name != 'pull_request' && steps.semantic-release.outputs.will_create_new_release == 'true'
+          env:
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+            RELEASE_VERSION: ${{ steps.semantic-release.outputs.next_release }}
+          run: |
+            echo "::notice::Uploading jar to GitHub release"
+            gh release upload "v$RELEASE_VERSION" ./miw/build/libs/miw-latest.jar
+  
+    docker:
+      name: Docker Release
+      needs: semantic_release
+      runs-on: ubuntu-latest
+      steps:
+        - name: Checkout repository
+          uses: actions/checkout@v4
+        - name: Download build artifact
+          uses: actions/download-artifact@v4
+          with:
+            name: build
+            path: ./miw/build
+  
+        - name: Download Helm chart artifact
+          uses: actions/download-artifact@v4
+          with:
+            name: charts
+            path: ./charts
+  
+        # Create SemVer or ref tags dependent of trigger event
+        - name: Docker meta
+          id: meta
+          uses: docker/metadata-action@v5
+          with:
+            images: |
+              ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+            # Automatically prepare image tags; See action docs for more examples.
+            # semver patter will generate tags like these for example :1 :1.2 :1.2.3
+            tags: |
+              type=ref,event=branch
+              type=ref,event=pr
+              type=semver,pattern={{version}},value=${{ needs.semantic_release.outputs.next_release }}
+              type=semver,pattern={{major}},value=${{ needs.semantic_release.outputs.next_release }}
+              type=semver,pattern={{major}}.{{minor}},value=${{ needs.semantic_release.outputs.next_release }}
+              type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+  
+        - name: DockerHub login
+          if: github.event_name != 'pull_request'
+          uses: docker/login-action@v3
+          with:
+            # Use existing DockerHub credentials present as secrets
+            username: ${{ secrets.DOCKER_HUB_USER }}
+            password: ${{ secrets.DOCKER_HUB_TOKEN }}
+  
+        - name: Push image
+          uses: docker/build-push-action@v5
+          with:
+            context: .
+            push: ${{ github.event_name != 'pull_request' }}
+            tags: ${{ steps.meta.outputs.tags }}
+            labels: ${{ steps.meta.outputs.labels }}
+            file: ./miw/Dockerfile
+  
+        # https://github.com/peter-evans/dockerhub-description
+        # Important step to push image description to DockerHub
+        - name: Update Docker Hub description
+          if: github.event_name != 'pull_request'
+          uses: peter-evans/dockerhub-description@v3
+          with:
+            # readme-filepath defaults to toplevel README.md, Only necessary if you have a dedicated file with your 'Notice for docker images'
+            readme-filepath: Docker-hub-notice.md
+            username: ${{ secrets.DOCKER_HUB_USER }}
+            password: ${{ secrets.DOCKER_HUB_TOKEN }}
+            repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+  
+    helm:
+      name: Helm Release
+      needs: semantic_release
+      runs-on: ubuntu-latest
+      permissions:
+        contents: write
+      steps:
+        - name: Checkout repository
+          uses: actions/checkout@v4
+  
+        - name: Download Helm chart artifact
+          uses: actions/download-artifact@v4
+          with:
+            name: charts
+            path: ./charts
+  
+        - name: Install Helm
+          uses: azure/setup-helm@v4.1.0
+  
+        - name: Add Helm dependency repositories
+          run: |
+            helm repo add bitnami https://charts.bitnami.com/bitnami
+  
+        - name: Configure Git
+          run: |
+            git config user.name "$GITHUB_ACTOR"
+            git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+  
+        - name: Release chart
+          if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true'
+          run: |
+            # Package MIW chart
+            helm_package_path=$(helm package -u -d helm-charts ./charts/managed-identity-wallet | grep -o 'to: .*' | cut -d' ' -f2-)
+            echo "HELM_PACKAGE_PATH=$helm_package_path" >> $GITHUB_ENV
+  
+            # Commit and push to gh-pages
+            git add helm-charts
+            git stash -- helm-charts
+            git reset --hard
+            git fetch origin
+            git checkout gh-pages
+            git stash pop
+  
+            # Generate helm repo index.yaml
+            helm repo index . --merge index.yaml --url https://${GITHUB_REPOSITORY_OWNER}.github.io/${GITHUB_REPOSITORY#*/}/
+            git add index.yaml
+  
+            git commit -s -m "Release ${{ needs.semantic_release.outputs.next_release }}"
+  
+            git push origin gh-pages
+  
+        - name: Upload chart to GitHub release
+          if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true'
+          env:
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+            RELEASE_VERSION: ${{ needs.semantic_release.outputs.next_release }}
+            HELM_PACKAGE_PATH: ${{ env.HELM_PACKAGE_PATH }}
+          run: |
+            echo "::notice::Uploading chart to GitHub release"
+            gh release upload "v$RELEASE_VERSION" "$HELM_PACKAGE_PATH"
+  
\ No newline at end of file
diff --git a/.github/workflows/release-revocation.yml b/.github/workflows/release-revocation.yml
index 2eeafee7..3a95fa1c 100644
--- a/.github/workflows/release-revocation.yml
+++ b/.github/workflows/release-revocation.yml
@@ -16,250 +16,251 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 
-name: Semantic Release - Revocation Service
-on:
-  push:
-    paths:
-      - 'revocation-service/src/**'
-      - 'revocation-service/build.gradle/**'
-      - 'wallet-commons/src/**'
-      - 'build.gradle'
-      - 'gradle.properties'
-      - 'settings.gradle'
-    branches:
-      - main
-      - develop
-  pull_request:
-    paths:
-      - 'revocation-service/src/**'
-      - 'revocation-service/build.gradle/**'
-      - 'wallet-commons/src/**'
-      - 'build.gradle'
-      - 'gradle.properties'
-      - 'settings.gradle'
-    branches:
-      - main
-      - develop
-
-env:
-  IMAGE_NAMESPACE: "tractusx"
-  IMAGE_NAME: "credential-revocation-service"
-
-jobs:
-
-  semantic_release:
-    name: Repository Release
-    runs-on: ubuntu-latest
-    permissions:
-      # see https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
-      contents: write
-      pull-requests: write
-      packages: write
-    outputs:
-      next_release: ${{ steps.semantic-release.outputs.next_release }}
-      will_create_new_release: ${{ steps.semantic-release.outputs.will_create_new_release }}
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Validate Gradle wrapper
-        uses: gradle/wrapper-validation-action@v2
-
-      - name: Setup Helm
-        uses: azure/setup-helm@v4.1.0
-
-      - name: Setup JDK 17
-        uses: actions/setup-java@v4
-        with:
-          java-version: '17'
-          distribution: 'temurin'
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20
-
-        # setup helm-docs as it is needed during semantic-release
-      - uses: gabe565/setup-helm-docs-action@v1
-        name: Setup helm-docs
-        if: github.event_name != 'pull_request'
-        with:
-          version: v1.11.3
-
-      - name: Run semantic release
-        id: semantic-release
-        if: github.event_name != 'pull_request'
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com
-          GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com
-        run: |
-          npx --yes -p @semantic-release/exec -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release
-
-      - name: Run semantic release (dry run)
-        if: github.event_name == 'pull_request'
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com
-          GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com
-        run: |
-          npx --yes -p @semantic-release/exec -p @semantic-release/github -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release --dry-run
-
-      - name: Execute Gradle build
-        run: ./gradlew build
-
-      - name: Upload build artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: build
-          path: ./revocation-service/build
-          if-no-files-found: error
-          retention-days: 1
-
-      - name: Upload Helm chart artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: charts
-          path: ./charts
-          if-no-files-found: error
-          retention-days: 1
-
-      - name: Report semantic-release outputs
-        run: |
-          echo "::notice::${{ env.next_release }}"
-          echo "::notice::${{ env.will_create_new_release }}"
-
-      - name: Upload jar to GitHub release
-        if: github.event_name != 'pull_request' && steps.semantic-release.outputs.will_create_new_release == 'true'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          RELEASE_VERSION: ${{ steps.semantic-release.outputs.next_release }}
-        run: |
-          echo "::notice::Uploading jar to GitHub release"
-          gh release upload "v$RELEASE_VERSION" ./revocation-service/build/libs/revocation-service-latest.jar
-
-  docker:
-    name: Docker Release
-    needs: semantic_release
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-      - name: Download build artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: build
-          path: ./revocation-service/build
-
-      - name: Download Helm chart artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: charts
-          path: ./charts
-
-      # Create SemVer or ref tags dependent of trigger event
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: |
-            ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
-          # Automatically prepare image tags; See action docs for more examples.
-          # semver patter will generate tags like these for example :1 :1.2 :1.2.3
-          tags: |
-            type=ref,event=branch
-            type=ref,event=pr
-            type=semver,pattern={{version}},value=${{ needs.semantic_release.outputs.next_release }}
-            type=semver,pattern={{major}},value=${{ needs.semantic_release.outputs.next_release }}
-            type=semver,pattern={{major}}.{{minor}},value=${{ needs.semantic_release.outputs.next_release }}
-            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
-
-      - name: DockerHub login
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3
-        with:
-          # Use existing DockerHub credentials present as secrets
-          username: ${{ secrets.DOCKER_HUB_USER }}
-          password: ${{ secrets.DOCKER_HUB_TOKEN }}
-
-      - name: Push image
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          file: ./revocation-service/Dockerfile
-
-      # https://github.com/peter-evans/dockerhub-description
-      # Important step to push image description to DockerHub
-      - name: Update Docker Hub description
-        if: github.event_name != 'pull_request'
-        uses: peter-evans/dockerhub-description@v3
-        with:
-          # readme-filepath defaults to toplevel README.md, Only necessary if you have a dedicated file with your 'Notice for docker images'
-          readme-filepath: Docker-hub-notice.md
-          username: ${{ secrets.DOCKER_HUB_USER }}
-          password: ${{ secrets.DOCKER_HUB_TOKEN }}
-          repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
-
-  helm:
-    name: Helm Release
-    needs: semantic_release
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Download Helm chart artifact
-        uses: actions/download-artifact@v4
-        with:
-          name: charts
-          path: ./charts
-
-      - name: Install Helm
-        uses: azure/setup-helm@v4.1.0
-
-      - name: Add Helm dependency repositories
-        run: |
-          helm repo add bitnami https://charts.bitnami.com/bitnami
-
-      - name: Configure Git
-        run: |
-          git config user.name "$GITHUB_ACTOR"
-          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
-
-      - name: Release chart
-        if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true'
-        run: |
-          # Package Revocation-service chart,this will not work as we do not have any chart there
-          helm_package_path=$(helm package -u -d helm-charts ./charts/revocation-service | grep -o 'to: .*' | cut -d' ' -f2-)
-          echo "HELM_PACKAGE_PATH=$helm_package_path" >> $GITHUB_ENV
-
-          # Commit and push to gh-pages
-          git add helm-charts
-          git stash -- helm-charts
-          git reset --hard
-          git fetch origin
-          git checkout gh-pages
-          git stash pop
-
-          # Generate helm repo index.yaml
-          helm repo index . --merge index.yaml --url https://${GITHUB_REPOSITORY_OWNER}.github.io/${GITHUB_REPOSITORY#*/}/
-          git add index.yaml
-
-          git commit -s -m "Release ${{ needs.semantic_release.outputs.next_release }}"
-
-          git push origin gh-pages
-
-      - name: Upload chart to GitHub release
-        if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          RELEASE_VERSION: ${{ needs.semantic_release.outputs.next_release }}
-          HELM_PACKAGE_PATH: ${{ env.HELM_PACKAGE_PATH }}
-        run: |
-          echo "::notice::Uploading chart to GitHub release"
-          gh release upload "v$RELEASE_VERSION" "$HELM_PACKAGE_PATH"
+  name: Semantic Release - Revocation Service
+  on:
+    push:
+      paths:
+        - 'revocation-service/src/**'
+        - 'revocation-service/build.gradle/**'
+        - 'wallet-commons/src/**'
+        - 'build.gradle'
+        - 'gradle.properties'
+        - 'settings.gradle'
+      branches:
+        - main
+        - develop
+    pull_request:
+      paths:
+        - 'revocation-service/src/**'
+        - 'revocation-service/build.gradle/**'
+        - 'wallet-commons/src/**'
+        - 'build.gradle'
+        - 'gradle.properties'
+        - 'settings.gradle'
+      branches:
+        - main
+        - develop
+  
+  env:
+    IMAGE_NAMESPACE: "tractusx"
+    IMAGE_NAME: "credential-revocation-service"
+  
+  jobs:
+  
+    semantic_release:
+      name: Repository Release
+      runs-on: ubuntu-latest
+      permissions:
+        # see https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
+        contents: write
+        pull-requests: write
+        packages: write
+      outputs:
+        next_release: ${{ steps.semantic-release.outputs.next_release }}
+        will_create_new_release: ${{ steps.semantic-release.outputs.will_create_new_release }}
+      steps:
+        - name: Checkout repository
+          uses: actions/checkout@v4
+  
+        - name: Validate Gradle wrapper
+          uses: gradle/wrapper-validation-action@v2
+  
+        - name: Setup Helm
+          uses: azure/setup-helm@v4.1.0
+  
+        - name: Setup JDK 17
+          uses: actions/setup-java@v4
+          with:
+            java-version: '17'
+            distribution: 'temurin'
+  
+        - name: Setup Node.js
+          uses: actions/setup-node@v4
+          with:
+            node-version: 20
+  
+          # setup helm-docs as it is needed during semantic-release
+        - uses: gabe565/setup-helm-docs-action@v1
+          name: Setup helm-docs
+          if: github.event_name != 'pull_request'
+          with:
+            version: v1.11.3
+  
+        - name: Run semantic release
+          id: semantic-release
+          if: github.event_name != 'pull_request'
+          env:
+            GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+            GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com
+            GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com
+          run: |
+            npx --yes -p @semantic-release/exec -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release
+  
+        - name: Run semantic release (dry run)
+          if: github.event_name == 'pull_request'
+          env:
+            GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+            GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com
+            GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com
+          run: |
+            npx --yes -p @semantic-release/exec -p @semantic-release/github -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release --dry-run
+  
+        - name: Execute Gradle build
+          run: ./gradlew build
+  
+        - name: Upload build artifact
+          uses: actions/upload-artifact@v4
+          with:
+            name: build
+            path: ./revocation-service/build
+            if-no-files-found: error
+            retention-days: 1
+  
+        - name: Upload Helm chart artifact
+          uses: actions/upload-artifact@v4
+          with:
+            name: charts
+            path: ./charts
+            if-no-files-found: error
+            retention-days: 1
+  
+        - name: Report semantic-release outputs
+          run: |
+            echo "::notice::${{ env.next_release }}"
+            echo "::notice::${{ env.will_create_new_release }}"
+  
+        - name: Upload jar to GitHub release
+          if: github.event_name != 'pull_request' && steps.semantic-release.outputs.will_create_new_release == 'true'
+          env:
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+            RELEASE_VERSION: ${{ steps.semantic-release.outputs.next_release }}
+          run: |
+            echo "::notice::Uploading jar to GitHub release"
+            gh release upload "v$RELEASE_VERSION" ./revocation-service/build/libs/revocation-service-latest.jar
+  
+    docker:
+      name: Docker Release
+      needs: semantic_release
+      runs-on: ubuntu-latest
+      steps:
+        - name: Checkout repository
+          uses: actions/checkout@v4
+        - name: Download build artifact
+          uses: actions/download-artifact@v4
+          with:
+            name: build
+            path: ./revocation-service/build
+  
+        - name: Download Helm chart artifact
+          uses: actions/download-artifact@v4
+          with:
+            name: charts
+            path: ./charts
+  
+        # Create SemVer or ref tags dependent of trigger event
+        - name: Docker meta
+          id: meta
+          uses: docker/metadata-action@v5
+          with:
+            images: |
+              ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+            # Automatically prepare image tags; See action docs for more examples.
+            # semver patter will generate tags like these for example :1 :1.2 :1.2.3
+            tags: |
+              type=ref,event=branch
+              type=ref,event=pr
+              type=semver,pattern={{version}},value=${{ needs.semantic_release.outputs.next_release }}
+              type=semver,pattern={{major}},value=${{ needs.semantic_release.outputs.next_release }}
+              type=semver,pattern={{major}}.{{minor}},value=${{ needs.semantic_release.outputs.next_release }}
+              type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+  
+        - name: DockerHub login
+          if: github.event_name != 'pull_request'
+          uses: docker/login-action@v3
+          with:
+            # Use existing DockerHub credentials present as secrets
+            username: ${{ secrets.DOCKER_HUB_USER }}
+            password: ${{ secrets.DOCKER_HUB_TOKEN }}
+  
+        - name: Push image
+          uses: docker/build-push-action@v5
+          with:
+            context: .
+            push: ${{ github.event_name != 'pull_request' }}
+            tags: ${{ steps.meta.outputs.tags }}
+            labels: ${{ steps.meta.outputs.labels }}
+            file: ./revocation-service/Dockerfile
+  
+        # https://github.com/peter-evans/dockerhub-description
+        # Important step to push image description to DockerHub
+        - name: Update Docker Hub description
+          if: github.event_name != 'pull_request'
+          uses: peter-evans/dockerhub-description@v3
+          with:
+            # readme-filepath defaults to toplevel README.md, Only necessary if you have a dedicated file with your 'Notice for docker images'
+            readme-filepath: Docker-hub-notice.md
+            username: ${{ secrets.DOCKER_HUB_USER }}
+            password: ${{ secrets.DOCKER_HUB_TOKEN }}
+            repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+  
+    helm:
+      name: Helm Release
+      needs: semantic_release
+      runs-on: ubuntu-latest
+      permissions:
+        contents: write
+      steps:
+        - name: Checkout repository
+          uses: actions/checkout@v4
+  
+        - name: Download Helm chart artifact
+          uses: actions/download-artifact@v4
+          with:
+            name: charts
+            path: ./charts
+  
+        - name: Install Helm
+          uses: azure/setup-helm@v4.1.0
+  
+        - name: Add Helm dependency repositories
+          run: |
+            helm repo add bitnami https://charts.bitnami.com/bitnami
+  
+        - name: Configure Git
+          run: |
+            git config user.name "$GITHUB_ACTOR"
+            git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+  
+        - name: Release chart
+          if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true'
+          run: |
+            # Package Revocation-service chart,this will not work as we do not have any chart there
+            helm_package_path=$(helm package -u -d helm-charts ./charts/revocation-service | grep -o 'to: .*' | cut -d' ' -f2-)
+            echo "HELM_PACKAGE_PATH=$helm_package_path" >> $GITHUB_ENV
+  
+            # Commit and push to gh-pages
+            git add helm-charts
+            git stash -- helm-charts
+            git reset --hard
+            git fetch origin
+            git checkout gh-pages
+            git stash pop
+  
+            # Generate helm repo index.yaml
+            helm repo index . --merge index.yaml --url https://${GITHUB_REPOSITORY_OWNER}.github.io/${GITHUB_REPOSITORY#*/}/
+            git add index.yaml
+  
+            git commit -s -m "Release ${{ needs.semantic_release.outputs.next_release }}"
+  
+            git push origin gh-pages
+  
+        - name: Upload chart to GitHub release
+          if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true'
+          env:
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+            RELEASE_VERSION: ${{ needs.semantic_release.outputs.next_release }}
+            HELM_PACKAGE_PATH: ${{ env.HELM_PACKAGE_PATH }}
+          run: |
+            echo "::notice::Uploading chart to GitHub release"
+            gh release upload "v$RELEASE_VERSION" "$HELM_PACKAGE_PATH"
+  
\ No newline at end of file
diff --git a/charts/managed-identity-wallet/Chart.lock b/charts/managed-identity-wallet/Chart.lock
index 2fd40018..259b055b 100644
--- a/charts/managed-identity-wallet/Chart.lock
+++ b/charts/managed-identity-wallet/Chart.lock
@@ -12,4 +12,4 @@ dependencies:
   repository: file://charts/pgadmin4
   version: 1.19.0
 digest: sha256:886b90f763f2320a1601e15b06264065a764f51fc34d592c0f0a08bd76f01635
-generated: "2024-08-22T18:04:25.649769241+05:30"
+generated: "2024-09-11T11:53:55.835418982+05:30"
diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md
index fb5ba79c..c157e1e5 100644
--- a/charts/managed-identity-wallet/README.md
+++ b/charts/managed-identity-wallet/README.md
@@ -1,6 +1,6 @@
 <a name="readme-top"></a>
 
-# Managed Identity Wallet - Verifiable Credential Revocation Service
+# managed-identity-wallet
 
 ![Version: 1.0.0-develop.4](https://img.shields.io/badge/Version-1.0.0--develop.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0-develop.4](https://img.shields.io/badge/AppVersion-1.0.0--develop.4-informational?style=flat-square)
 
@@ -41,9 +41,9 @@ And at the same it shall support an uninterrupted tracking and tracing and docum
 
 ### Install Chart
 
-    helm install [RELEASE_NAME] charts/managed-identity-wallet
+    helm install [RELEASE_NAME] tractusx-dev/managed-identity-wallet
 
-    #This will spin up the container for Managed Identity Wallet application, Verifiable Credential Revocation Service application, Keycloak and Postgresql
+    helm install [RELEASE_NAME] tractusx-stable/managed-identity-wallet
 
 <p align="right">(<a href="#readme-top">back to top</a>)</p>
 
@@ -75,179 +75,183 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document
 
 ## Requirements
 
-| Repository                         | Name       | Version |
-| ---------------------------------- | ---------- | ------- |
-| file://charts/pgadmin4             | pgadmin4   | 1.19.0  |
-| https://charts.bitnami.com/bitnami | common     | 2.x.x   |
-| https://charts.bitnami.com/bitnami | keycloak   | 15.1.6  |
+| Repository | Name | Version |
+|------------|------|---------|
+| file://charts/pgadmin4 | pgadmin4 | 1.19.0 |
+| https://charts.bitnami.com/bitnami | common | 2.x.x |
+| https://charts.bitnami.com/bitnami | keycloak | 15.1.6 |
 | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 |
 
 <p align="right">(<a href="#readme-top">back to top</a>)</p>
 
 ## Values
 
-| Key                                              | Type   | Default                                                                                                                    | Description                                                                                                                                                                         |
-| ------------------------------------------------ | ------ | -------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| affinity                                         | object | `{}`                                                                                                                       | Affinity configuration                                                                                                                                                              |
-| envs                                             | object | `{}`                                                                                                                       | envs Parameters for the application (will be provided as environment variables)                                                                                                     |
-| extraVolumeMounts                                | list   | `[]`                                                                                                                       | add volume mounts to the miw deployment                                                                                                                                             |
-| extraVolumes                                     | list   | `[]`                                                                                                                       | add volumes to the miw deployment                                                                                                                                                   |
-| fullnameOverride                                 | string | `""`                                                                                                                       | String to fully override common.names.fullname template                                                                                                                             |
-| image.pullPolicy                                 | string | `"Always"`                                                                                                                 | PullPolicy                                                                                                                                                                          |
-| image.repository                                 | string | `"tractusx/managed-identity-wallet"`                                                                                       | Image repository                                                                                                                                                                    |
-| image.tag                                        | string | `""`                                                                                                                       | Image tag (empty one will use "appVersion" value from chart definition)                                                                                                             |
-| ingress.annotations                              | object | `{}`                                                                                                                       | Ingress annotations                                                                                                                                                                 |
-| ingress.enabled                                  | bool   | `false`                                                                                                                    | Enable ingress controller resource                                                                                                                                                  |
-| ingress.hosts                                    | list   | `[]`                                                                                                                       | Ingress accepted hostnames                                                                                                                                                          |
-| ingress.tls                                      | list   | `[]`                                                                                                                       | Ingress TLS configuration                                                                                                                                                           |
-| initContainers                                   | list   | `[]`                                                                                                                       | add initContainers to the miw deployment                                                                                                                                            |
-| keycloak.auth.adminPassword                      | string | `""`                                                                                                                       | Keycloak admin password                                                                                                                                                             |
-| keycloak.auth.adminUser                          | string | `"admin"`                                                                                                                  | Keycloak admin user                                                                                                                                                                 |
-| keycloak.enabled                                 | bool   | `true`                                                                                                                     | Enable to deploy Keycloak                                                                                                                                                           |
-| keycloak.extraEnvVars                            | list   | `[]`                                                                                                                       | Extra environment variables                                                                                                                                                         |
-| keycloak.ingress.annotations                     | object | `{}`                                                                                                                       |                                                                                                                                                                                     |
-| keycloak.ingress.enabled                         | bool   | `false`                                                                                                                    |                                                                                                                                                                                     |
-| keycloak.ingress.hosts                           | list   | `[]`                                                                                                                       |                                                                                                                                                                                     |
-| keycloak.ingress.tls                             | list   | `[]`                                                                                                                       |                                                                                                                                                                                     |
-| keycloak.keycloakConfigCli.backoffLimit          | int    | `2`                                                                                                                        | Number of retries before considering a Job as failed                                                                                                                                |
-| keycloak.keycloakConfigCli.enabled               | bool   | `true`                                                                                                                     | Enable to create the miw playground realm                                                                                                                                           |
-| keycloak.keycloakConfigCli.existingConfigmap     | string | `"keycloak-realm-config"`                                                                                                  | Existing configmap name for the realm configuration                                                                                                                                 |
-| keycloak.postgresql.auth.database                | string | `"miw_keycloak"`                                                                                                           | Database name                                                                                                                                                                       |
-| keycloak.postgresql.auth.password                | string | `""`                                                                                                                       | KeycloakPostgresql password to set (if empty one is generated)                                                                                                                      |
-| keycloak.postgresql.auth.username                | string | `"miw_keycloak"`                                                                                                           | Keycloak PostgreSQL user                                                                                                                                                            |
-| keycloak.postgresql.enabled                      | bool   | `true`                                                                                                                     | Enable to deploy PostgreSQL                                                                                                                                                         |
-| keycloak.postgresql.nameOverride                 | string | `"keycloak-postgresql"`                                                                                                    | Name of the PostgreSQL chart to deploy. Mandatory when the MIW deploys a PostgreSQL chart, too.                                                                                     |
-| livenessProbe                                    | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":20,"periodSeconds":5,"timeoutSeconds":15}`                     | Kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)                                                  |
-| livenessProbe.enabled                            | bool   | `true`                                                                                                                     | Enables/Disables the livenessProbe at all                                                                                                                                           |
-| livenessProbe.failureThreshold                   | int    | `3`                                                                                                                        | When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container.                                |
-| livenessProbe.initialDelaySeconds                | int    | `20`                                                                                                                       | Number of seconds after the container has started before readiness probe are initiated.                                                                                             |
-| livenessProbe.periodSeconds                      | int    | `5`                                                                                                                        | How often (in seconds) to perform the probe                                                                                                                                         |
-| livenessProbe.timeoutSeconds                     | int    | `15`                                                                                                                       | Number of seconds after which the probe times out.                                                                                                                                  |
-| miw.authorityWallet.bpn                          | string | `"BPNL000000000000"`                                                                                                       | Authority Wallet BPNL                                                                                                                                                               |
-| miw.authorityWallet.name                         | string | `""`                                                                                                                       | Authority Wallet Name                                                                                                                                                               |
-| miw.database.encryptionKey.secret                | string | `""`                                                                                                                       | Existing secret for database encryption key                                                                                                                                         |
-| miw.database.encryptionKey.secretKey             | string | `""`                                                                                                                       | Existing secret key for database encryption key                                                                                                                                     |
-| miw.database.encryptionKey.value                 | string | `""`                                                                                                                       | Database encryption key for confidential data.  Ignored if `secret` is set. If empty a secret with 32 random alphanumeric chars is generated.                                       |
-| miw.database.host                                | string | `"{{ .Release.Name }}-postgresql"`                                                                                         | Database host                                                                                                                                                                       |
-| miw.database.name                                | string | `"miw_app"`                                                                                                                | Database name                                                                                                                                                                       |
-| miw.database.port                                | int    | `5432`                                                                                                                     | Database port                                                                                                                                                                       |
-| miw.database.secret                              | string | `"{{ .Release.Name }}-postgresql"`                                                                                         | Existing secret name for the database password                                                                                                                                      |
-| miw.database.secretPasswordKey                   | string | `""`                                                                                                               | Existing secret key for the database password                                                                                                                                       |
-| miw.database.useSSL                              | bool   | `false`                                                                                                                    | Set to true to enable SSL connection to the database                                                                                                                                |
-| miw.database.user                                | string | `"miw"`                                                                                                                    | Database user                                                                                                                                                                       |
-| miw.environment                                  | string | `"dev"`                                                                                                                    | Runtime environment. Should be ether local, dev, int or prod                                                                                                                        |
-| miw.host                                         | string | `"{{ .Release.Name }}-managed-identity-wallet:8080"`                                                                       | Host name                                                                                                                                                                           |
-| miw.keycloak.clientId                            | string | `"miw_private_client"`                                                                                                     | Keycloak client id                                                                                                                                                                  |
-| miw.keycloak.realm                               | string | `"miw_test"`                                                                                                               | Keycloak realm                                                                                                                                                                      |
-| miw.keycloak.url                                 | string | `"http://{{ .Release.Name }}-keycloak"`                                                                                    | Keycloak URL                                                                                                                                                                        |
-| miw.logging.level                                | string | `"INFO"`                                                                                                                   | Log level. Should be ether ERROR, WARN, INFO, DEBUG, or TRACE.                                                                                                                      |
-| miw.ssi.enforceHttpsInDidWebResolution           | bool   | `true`                                                                                                                     | Enable to use HTTPS in DID Web Resolution                                                                                                                                           |
-| miw.ssi.vcExpiryDate                             | string | `""`                                                                                                                       | Verifiable Credential expiry date. Format 'dd-MM-yyyy'. If empty it is set to 31-12-<current year>                                                                                  |
-| nameOverride                                     | string | `""`                                                                                                                       | String to partially override common.names.fullname template (will maintain the release name)                                                                                        |
-| networkPolicy.enabled                            | bool   | `false`                                                                                                                    | If `true` network policy will be created to restrict access to managed-identity-wallet                                                                                              |
-| networkPolicy.from                               | list   | `[{"namespaceSelector":{}}]`                                                                                               | Specify from rule network policy for miw (defaults to all namespaces)                                                                                                               |
-| nodeSelector                                     | object | `{"kubernetes.io/os":"linux"}`                                                                                             | NodeSelector configuration                                                                                                                                                          |
-| pgadmin4.enabled                                 | bool   | `false`                                                                                                                    | Enable to deploy pgAdmin                                                                                                                                                            |
-| pgadmin4.env.email                               | string | `"admin@miw.com"`                                                                                                          | Preset the admin user email                                                                                                                                                         |
-| pgadmin4.env.password                            | string | `"very-secret-password"`                                                                                                   | preset password (there is no auto-generated password)                                                                                                                               |
-| pgadmin4.extraServerDefinitions.enabled          | bool   | `true`                                                                                                                     | enable the predefined server for pgadmin                                                                                                                                            |
-| pgadmin4.extraServerDefinitions.servers          | object | `{}`                                                                                                                       | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L84) how to configure the predefined servers       |
-| pgadmin4.ingress.annotations                     | object | `{}`                                                                                                                       |                                                                                                                                                                                     |
-| pgadmin4.ingress.enabled                         | bool   | `false`                                                                                                                    | Enagle pgAdmin ingress                                                                                                                                                              |
-| pgadmin4.ingress.hosts                           | list   | `[]`                                                                                                                       | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L104) how to configure the ingress host(s)         |
-| pgadmin4.ingress.tls                             | list   | `[]`                                                                                                                       | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L109) how to configure tls for the ingress host(s) |
-| podAnnotations                                   | object | `{}`                                                                                                                       | PodAnnotation configuration                                                                                                                                                         |
-| podSecurityContext                               | object | `{}`                                                                                                                       | PodSecurityContext                                                                                                                                                                  |
-| postgresql.auth.database                         | string | `"miw_app"`                                                                                                                | Postgresql database to create                                                                                                                                                       |
-| postgresql.auth.enablePostgresUser               | bool   | `false`                                                                                                                    | Enable postgresql admin user                                                                                                                                                        |
-| postgresql.auth.password                         | string | `""`                                                                                                                       | Postgresql password to set (if empty one is generated)                                                                                                                              |
-| postgresql.auth.postgresPassword                 | string | `""`                                                                                                                       | Postgresql admin user password                                                                                                                                                      |
-| postgresql.auth.username                         | string | `"miw"`                                                                                                                    | Postgresql user to create                                                                                                                                                           |
-| postgresql.backup.cronjob.schedule               | string | `"* */6 * * *"`                                                                                                            | Backup schedule                                                                                                                                                                     |
-| postgresql.backup.cronjob.storage.existingClaim  | string | `""`                                                                                                                       | Name of an existing PVC to use                                                                                                                                                      |
-| postgresql.backup.cronjob.storage.resourcePolicy | string | `"keep"`                                                                                                                   | Set resource policy to "keep" to avoid removing PVCs during a helm delete operation                                                                                                 |
-| postgresql.backup.cronjob.storage.size           | string | `"8Gi"`                                                                                                                    | PVC Storage Request for the backup data volume                                                                                                                                      |
-| postgresql.backup.enabled                        | bool   | `false`                                                                                                                    | Enable to create a backup cronjob                                                                                                                                                   |
-| postgresql.enabled                               | bool   | `true`                                                                                                                     | Enable to deploy Postgresql                                                                                                                                                         |
-| readinessProbe                                   | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":30,"periodSeconds":5,"successThreshold":1,"timeoutSeconds":5}` | Kubernetes [readiness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)                                                 |
-| readinessProbe.enabled                           | bool   | `true`                                                                                                                     | Enables/Disables the readinessProbe at all                                                                                                                                          |
-| readinessProbe.failureThreshold                  | int    | `3`                                                                                                                        | When a probe fails, Kubernetes will try failureThreshold times before giving up. In case of readiness probe the Pod will be marked Unready.                                         |
-| readinessProbe.initialDelaySeconds               | int    | `30`                                                                                                                       | Number of seconds after the container has started before readiness probe are initiated.                                                                                             |
-| readinessProbe.periodSeconds                     | int    | `5`                                                                                                                        | How often (in seconds) to perform the probe                                                                                                                                         |
-| readinessProbe.successThreshold                  | int    | `1`                                                                                                                        | Minimum consecutive successes for the probe to be considered successful after having failed.                                                                                        |
-| readinessProbe.timeoutSeconds                    | int    | `5`                                                                                                                        | Number of seconds after which the probe times out.                                                                                                                                  |
-| replicaCount                                     | int    | `1`                                                                                                                        | The amount of replicas to run                                                                                                                                                       |
-| resources.limits.cpu                             | int    | `2`                                                                                                                        | CPU resource limits                                                                                                                                                                 |
-| resources.limits.memory                          | string | `"1Gi"`                                                                                                                    | Memory resource limits                                                                                                                                                              |
-| resources.requests.cpu                           | string | `"250m"`                                                                                                                   | CPU resource requests                                                                                                                                                               |
-| resources.requests.memory                        | string | `"500Mi"`                                                                                                                  | Memory resource requests                                                                                                                                                            |
-| secrets                                          | object | `{}`                                                                                                                       | Parameters for the application (will be stored as secrets - so, for passwords, ...)                                                                                                 |
-| securityContext.allowPrivilegeEscalation         | bool   | `false`                                                                                                                    | Allow privilege escalation                                                                                                                                                          |
-| securityContext.privileged                       | bool   | `false`                                                                                                                    | Enable privileged container                                                                                                                                                         |
-| securityContext.runAsGroup                       | int    | `11111`                                                                                                                    | Group ID used to run the container                                                                                                                                                  |
-| securityContext.runAsNonRoot                     | bool   | `true`                                                                                                                     | Enable to run the container as a non-root user                                                                                                                                      |
-| securityContext.runAsUser                        | int    | `11111`                                                                                                                    | User ID used to run the container                                                                                                                                                   |
-| service.port                                     | int    | `8080`                                                                                                                     | Kubernetes Service port                                                                                                                                                             |
-| service.type                                     | string | `"ClusterIP"`                                                                                                              | Kubernetes Service type                                                                                                                                                             |
-| serviceAccount.annotations                       | object | `{}`                                                                                                                       | Annotations to add to the ServiceAccount                                                                                                                                            |
-| serviceAccount.create                            | bool   | `true`                                                                                                                     | Enable creation of ServiceAccount                                                                                                                                                   |
-| serviceAccount.name                              | string | `""`                                                                                                                       | The name of the ServiceAccount to use.                                                                                                                                              |
-| tolerations                                      | list   | `[]`                                                                                                                       | Tolerations configuration                                                                                                                                                           |
-| vcrs.replicaCount                                | int    | `1`                                                                                                                        | Number of replicas to run                                                                                                                                                           |
-| vcrs.url                                         | string | `"https://example.com"`                                                                            | Application URL                                                                                                                                                                     |
-| vcrs.vcContexts                                  | string | `"https://www.w3.org/2018/credentials/v1, https://w3id.org/vc/status-list/2021/v1"` | App VC context                                                                                                                                                                      |
-| vcrs.domain.url                                  | string | `"https://example.com"`                                                                            | App domain                                                                                                                                                                          |
-| vcrs.domain.host                                 | string | `"localhost"`                                                                                                              | The application name                                                                                                                                                                |
-| vcrs.appName                                     | string | `"verifiable-credential-revocation-service"`                                                                               | The configmap name                                                                                                                                                                  |
-| vcrs.appPort                                     | string | `"8081"`                                                                                                                   | The application port                                                                                                                                                                |
-| vcrs.appProfile                                  | string | `"local"`                                                                                                                  | The application profile                                                                                                                                                             |
-| vcrs.applicationLogLevel                         | string | `"DEBUG"`                                                                                                                  | The application log level                                                                                                                                                           |
-| vcrs.configName                                  | string | `"verifiable-credential-revocation-service-config"`                                                                        | The service name                                                                                                                                                                    |
-| vcrs.serviceName                                 | string | `"verifiable-credential-revocation-service"`                                                                               | The secret name                                                                                                                                                                     |
-| vcrs.secretName                                  | string | `"verifiable-credential-revocation-service-secret"`                                                                        | The secret name                                                                                                                                                                     |
-| vcrs.ingressName                                 | string | `"verifiable-credential-revocation-service-ingress"`                                                                       | Ingress name                                                                                                                                                                        |
-| vcrs.image.repository                            | string | `"docker.io/example"`                                              | Image repository                                                                                                                                                                    |
-| vcrs.image.pullPolicy                            | string | `"IfNotPresent"`                                                                                                           | PullPolicy                                                                                                                                                                          |
-| vcrs.image.tag                                   | string | `"latest"`                                                                                                                 | Image tag (empty one will use "appVersion" value from chart definition)                                                                                                             |
-| vcrs.resources.requests.cpu                      | string | `"250m"`                                                                                                                   | CPU resource requests                                                                                                                                                               |
-| vcrs.resources.requests.memory                   | string | `"512Mi"`                                                                                                                  | Memory resource requests                                                                                                                                                            |
-| vcrs.resources.limits.cpu                        | string | `"500m"`                                                                                                                   | CPU resource limits                                                                                                                                                                 |
-| vcrs.resources.limits.memory                     | string | `"1Gi"`                                                                                                                    | Memory resource limits                                                                                                                                                              |
-| vcrs.livenessProbe.enabled                       | bool   | `true`                                                                                                                     | Enables/Disables the livenessProbe                                                                                                                                                  |
-| vcrs.livenessProbe.failureThreshold              | int    | `5`                                                                                                                        | Failure threshold for liveness probe                                                                                                                                                |
-| vcrs.livenessProbe.initialDelaySeconds           | int    | `60`                                                                                                                       | Initial delay before liveness probe starts                                                                                                                                          |
-| vcrs.livenessProbe.timeoutSeconds                | int    | `30`                                                                                                                       | Timeout for liveness probe                                                                                                                                                          |
-| vcrs.livenessProbe.periodSeconds                 | int    | `15`                                                                                                                       | How often to perform liveness probe                                                                                                                                                 |
-| vcrs.readinessProbe.enabled                      | bool   | `true`                                                                                                                     | Enables/Disables the readinessProbe                                                                                                                                                 |
-| vcrs.readinessProbe.failureThreshold             | int    | `5`                                                                                                                        | Failure threshold for readiness probe                                                                                                                                               |
-| vcrs.readinessProbe.initialDelaySeconds          | int    | `60`                                                                                                                       | Initial delay before readiness probe starts                                                                                                                                         |
-| vcrs.readinessProbe.timeoutSeconds               | int    | `15`                                                                                                                       | Timeout for readiness probe                                                                                                                                                         |
-| vcrs.readinessProbe.periodSeconds                | int    | `15`                                                                                                                       | How often to perform readiness probe                                                                                                                                                |
-| vcrs.readinessProbe.successThreshold             | int    | `1`                                                                                                                        | Minimum consecutive successes for the readiness probe to be considered successful                                                                                                   |
-| vcrs.ingress.enabled                             | bool   | `false`                                                                                                                    | Enable to deploy ingress                                                                                                                                                            |
-| vcrs.ingress.tls                                 | bool   | `false`                                                                                                                    | TLS configuration for ingress                                                                                                                                                       |
-| vcrs.ingress.urlPrefix                           | string | `/`                                                                                                                        | URL prefix for ingress                                                                                                                                                              |
-| vcrs.ingress.className                           | string | `"nginx"`                                                                                                                  | Ingress class name                                                                                                                                                                  |
-| vcrs.ingress.annotations                         | object | `{}`                                                                                                                       | Ingress annotations                                                                                                                                                                 |
-| vcrs.ingress.service.type                        | string | `"ClusterIP"`                                                                                                              | Kubernetes Service type                                                                                                                                                             |
-| vcrs.ingress.service.port                        | int    | `8081`                                                                                                                     | Kubernetes Service port                                                                                                                                                             |
-| vcrs.database.databaseHost                       | string | `"managed-identity-wallet-postgresql"`                                                                                     | The Database Host                                                                                                                                                                   |
-| vcrs.database.databasePort                       | int    | `5432`                                                                                                                     | The Database Port                                                                                                                                                                   |
-| vcrs.database.databaseName                       | string | `"vcrs_app"`                                                                                                               | The Database Name                                                                                                                                                                   |
-| vcrs.database.databaseUseSSL                     | bool   | `false`                                                                                                                    | The Database SSL                                                                                                                                                                    |
-| vcrs.database.databaseUsername                   | string | `"vcrs"`                                                                                                                   | The Database Username                                                                                                                                                               |
-| vcrs.database.databaseConnectionPoolSize         | int    | `10`                                                                                                                       | The Database connection pool size                                                                                                                                                   |
-| vcrs.database.databasepass                       | string | `""`                                                                                                              | The Database password                                                                                                                                                               |
-| vcrs.swagger.enableSwaggerUi                     | bool   | `true`                                                                                                                     | Enable Swagger UI                                                                                                                                                                   |
-| vcrs.swagger.enableApiDoc                        | bool   | `true`                                                                                                                     | Enable Swagger API Doc                                                                                                                                                              |
-| vcrs.security.serviceSecurityEnabed              | bool   | `true`                                                                                                                     | Enable application security                                                                                                                                                         |
-| vcrs.keycloak.enabled                            | bool   | `false`                                                                                                                    | Enable Keycloak                                                                                                                                                                     |
-| vcrs.keycloak.keycloakRealm                      | string | `"miw_test"`                                                                                                               | Keycloak Realm                                                                                                                                                                      |
-| vcrs.keycloak.clientId                           | string | `"miw_private_client"`                                                                                                     | Keycloak Client ID                                                                                                                                                                  |
-| vcrs.keycloak.publicClientId                     | string | `"miw_public_client"`                                                                                                      | Keycloak Public Client ID                                                                                                                                                           |
-| vcrs.keycloak.authServerUrl                      | string | `"http://{{ .Release.Name }}-keycloak"`                                                                                    | Keycloak Auth Server URL                                                                                                                                                            |
-| vcrs.logging.revocation                          | string | `"INFO"`                                                                                                                   | Logging method for revocation                                                                                                                                                       |
-
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` | Affinity configuration |
+| envs | object | `{}` | envs Parameters for the application (will be provided as environment variables) |
+| extraVolumeMounts | list | `[]` |  |
+| extraVolumes | list | `[]` | add volumes to the miw deployment |
+| fullnameOverride | string | `""` | String to fully override common.names.fullname template |
+| image.pullPolicy | string | `"Always"` | PullPolicy |
+| image.repository | string | `"tractusx/managed-identity-wallet"` | Image repository |
+| image.tag | string | `""` | Image tag (empty one will use "appVersion" value from chart definition) |
+| imagePullSecrets | list | `[]` |  |
+| ingress | object | `{"annotations":{},"className":"nginx","enabled":false,"hosts":[],"tls":[]}` | Ingress Configuration |
+| ingress.annotations | object | `{}` | Ingress annotations |
+| ingress.enabled | bool | `false` | Enable ingress controller resource |
+| ingress.hosts | list | `[]` | Ingress accepted hostnames |
+| ingress.tls | list | `[]` | Ingress TLS configuration |
+| initContainers | list | `[]` | add initContainers to the miw deployment |
+| keycloak | object | `{"auth":{"adminPassword":"","adminUser":"admin"},"enabled":true,"extraEnvVars":[],"ingress":{"annotations":{},"enabled":false,"hosts":[],"tls":[]},"keycloakConfigCli":{"backoffLimit":2,"enabled":true,"existingConfigmap":"keycloak-realm-config"},"postgresql":{"auth":{"database":"miw_keycloak","password":"defaultpassword","username":"miw_keycloak"},"enabled":true,"nameOverride":"keycloak-postgresql","volumePermissions":{"enabled":true}}}` | Values for KEYCLOAK |
+| keycloak.auth.adminPassword | string | `""` | Keycloak admin password |
+| keycloak.auth.adminUser | string | `"admin"` | Keycloak admin user |
+| keycloak.enabled | bool | `true` | Enable to deploy Keycloak |
+| keycloak.extraEnvVars | list | `[]` | Extra environment variables |
+| keycloak.ingress.annotations | object | `{}` | Ingress annotations |
+| keycloak.ingress.enabled | bool | `false` | Enable ingress controller resource |
+| keycloak.ingress.hosts | list | `[]` | Ingress accepted hostnames |
+| keycloak.ingress.tls | list | `[]` | Ingress TLS configuration |
+| keycloak.keycloakConfigCli.backoffLimit | int | `2` | Number of retries before considering a Job as failed |
+| keycloak.keycloakConfigCli.enabled | bool | `true` | Enable to create the miw playground realm |
+| keycloak.keycloakConfigCli.existingConfigmap | string | `"keycloak-realm-config"` | Existing configmap name for the realm configuration |
+| keycloak.postgresql.auth.database | string | `"miw_keycloak"` | Database name |
+| keycloak.postgresql.auth.password | string | `"defaultpassword"` | KeycloakPostgresql password to set (if empty one is generated) |
+| keycloak.postgresql.auth.username | string | `"miw_keycloak"` | Postgresql admin user password |
+| keycloak.postgresql.enabled | bool | `true` | Enable to deploy PostgreSQL |
+| keycloak.postgresql.nameOverride | string | `"keycloak-postgresql"` | Name of the PostgreSQL chart to deploy. Mandatory when the MIW deploys a PostgreSQL chart, too. |
+| miw | object | `{"authorityWallet":{"bpn":"BPNL000000000000","name":""},"database":{"encryptionKey":{"secret":"","secretKey":"","value":""},"host":"{{ .Release.Name }}-postgresql","name":"miw_app","port":5432,"secret":"verifiable-credential-revocation-service","secretPasswordKey":"password","useSSL":false,"user":"miw"},"environment":"dev","host":"{{ .Release.Name }}-managed-identity-wallet:8080","keycloak":{"clientId":"miw_private_client","realm":"miw_test","url":"http://{{ .Release.Name }}-keycloak"},"livenessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":20,"periodSeconds":5,"timeoutSeconds":15},"logging":{"level":"INFO"},"readinessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":30,"periodSeconds":5,"successThreshold":1,"timeoutSeconds":5},"ssi":{"enforceHttpsInDidWebResolution":true,"vcExpiryDate":""}}` | Values for MIW |
+| miw.authorityWallet.bpn | string | `"BPNL000000000000"` | Authority Wallet BPNL |
+| miw.authorityWallet.name | string | `""` | Authority Wallet Name |
+| miw.database.encryptionKey | object | `{"secret":"","secretKey":"","value":""}` | Password encryption configuratons |
+| miw.database.encryptionKey.secret | string | `""` | Existing secret for database encryption key |
+| miw.database.encryptionKey.secretKey | string | `""` | Existing secret key for database encryption key |
+| miw.database.encryptionKey.value | string | `""` | Database encryption key for confidential data.  Ignored if `secret` is set. If empty a secret with 32 random alphanumeric chars is generated. |
+| miw.database.host | string | `"{{ .Release.Name }}-postgresql"` | Database host |
+| miw.database.name | string | `"miw_app"` | Database name |
+| miw.database.port | int | `5432` | Database port |
+| miw.database.secret | string | `"verifiable-credential-revocation-service"` | Existing secret name for the database password |
+| miw.database.secretPasswordKey | string | `"password"` | Existing secret key for the database password |
+| miw.database.useSSL | bool | `false` | Set to true to enable SSL connection to the database |
+| miw.database.user | string | `"miw"` | Database user |
+| miw.environment | string | `"dev"` | Runtime environment. Should be ether local, dev, int or prod |
+| miw.host | string | `"{{ .Release.Name }}-managed-identity-wallet:8080"` | Host name |
+| miw.keycloak.clientId | string | `"miw_private_client"` | Keycloak client id |
+| miw.keycloak.realm | string | `"miw_test"` | Keycloak realm |
+| miw.keycloak.url | string | `"http://{{ .Release.Name }}-keycloak"` | Keycloak URL |
+| miw.livenessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":20,"periodSeconds":5,"timeoutSeconds":15}` | Kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
+| miw.livenessProbe.enabled | bool | `true` | Enables/Disables the livenessProbe at all |
+| miw.livenessProbe.failureThreshold | int | `3` | When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. |
+| miw.livenessProbe.initialDelaySeconds | int | `20` | Number of seconds after the container has started before readiness probe are initiated. |
+| miw.livenessProbe.periodSeconds | int | `5` | How often (in seconds) to perform the probe |
+| miw.livenessProbe.timeoutSeconds | int | `15` | Number of seconds after which the probe times out. |
+| miw.logging.level | string | `"INFO"` | Log level. Should be ether ERROR, WARN, INFO, DEBUG, or TRACE. |
+| miw.readinessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":30,"periodSeconds":5,"successThreshold":1,"timeoutSeconds":5}` | Kubernetes [readiness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
+| miw.readinessProbe.enabled | bool | `true` | Enables/Disables the readinessProbe at all |
+| miw.readinessProbe.failureThreshold | int | `3` | When a probe fails, Kubernetes will try failureThreshold times before giving up. In case of readiness probe the Pod will be marked Unready. |
+| miw.readinessProbe.initialDelaySeconds | int | `30` | Number of seconds after the container has started before readiness probe are initiated. |
+| miw.readinessProbe.periodSeconds | int | `5` | How often (in seconds) to perform the probe |
+| miw.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed. |
+| miw.readinessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out. |
+| miw.ssi.enforceHttpsInDidWebResolution | bool | `true` | Enable to use HTTPS in DID Web Resolution |
+| miw.ssi.vcExpiryDate | string | `""` | Verifiable Credential expiry date. Format 'dd-MM-yyyy'. If empty it is set to 31-12-<current year> |
+| nameOverride | string | `""` | String to partially override common.names.fullname template (will maintain the release name) |
+| networkPolicy.enabled | bool | `false` | If `true` network policy will be created to restrict access to managed-identity-wallet |
+| networkPolicy.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for miw (defaults to all namespaces) |
+| nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector configuration |
+| pgadmin4 | object | `{"enabled":false,"env":{"email":"admin@miw.com","password":"very-secret-password"},"extraServerDefinitions":{"enabled":true,"servers":{}},"ingress":{"annotations":{},"enabled":false,"hosts":[],"tls":[]}}` | Values for PGADMIN For more information on how to configure the pgadmin chart see https://artifacthub.io/packages/helm/runix/pgadmin4. |
+| pgadmin4.enabled | bool | `false` | Enable to deploy pgAdmin |
+| pgadmin4.env.email | string | `"admin@miw.com"` | Preset the admin user email |
+| pgadmin4.env.password | string | `"very-secret-password"` | preset password (there is no auto-generated password) |
+| pgadmin4.extraServerDefinitions.enabled | bool | `true` | enable the predefined server for pgadmin |
+| pgadmin4.extraServerDefinitions.servers | object | `{}` | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L84) how to configure the predefined servers |
+| pgadmin4.ingress.enabled | bool | `false` | Enagle pgAdmin ingress |
+| pgadmin4.ingress.hosts | list | `[]` | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L104) how to configure the ingress host(s) |
+| pgadmin4.ingress.tls | list | `[]` | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L109) how to configure tls for the ingress host(s) |
+| podAnnotations | object | `{}` | PodAnnotation configuration |
+| podSecurityContext | object | `{}` | Pod security configurations |
+| postgresql | object | `{"auth":{"database":"miw_app","enablePostgresUser":true,"existingSecret":"verifiable-credential-revocation-service","username":"miw"},"backup":{"cronjob":{"schedule":"* */6 * * *","storage":{"existingClaim":"","resourcePolicy":"keep","size":"8Gi"}},"enabled":false},"enabled":true,"image":{"debug":true,"tag":"16-debian-12"},"primary":{"extraVolumeMounts":[{"mountPath":"/docker-entrypoint-initdb.d/seed","name":"postgres-seed"}],"extraVolumes":[{"name":"postgres-seed","persistentVolumeClaim":{"claimName":"postgres-seed-pvc"}}],"initdb":{"password":"defaultpassword","scripts":{"init.sql":"CREATE DATABASE vcrs_app;\nCREATE USER vcrs WITH ENCRYPTED PASSWORD 'defaultpassword';\nGRANT ALL PRIVILEGES ON DATABASE vcrs_app TO vcrs;\n\\c vcrs_app\nGRANT ALL ON SCHEMA public TO vcrs;\n"},"user":"postgres"}},"volumePermissions":{"enabled":true}}` | Values for POSTGRESQL For more information on how to configure the PostgreSQL chart see https://github.com/bitnami/charts/tree/main/bitnami/postgresql. |
+| postgresql.auth.database | string | `"miw_app"` | Postgresql database to create |
+| postgresql.auth.enablePostgresUser | bool | `true` | Enable postgresql admin user |
+| postgresql.auth.existingSecret | string | `"verifiable-credential-revocation-service"` | Postgresql root-user and non-root user secret |
+| postgresql.auth.username | string | `"miw"` | Postgresql user to create |
+| postgresql.backup.cronjob | object | `{"schedule":"* */6 * * *","storage":{"existingClaim":"","resourcePolicy":"keep","size":"8Gi"}}` | Cronjob Configuration |
+| postgresql.backup.cronjob.schedule | string | `"* */6 * * *"` | Backup schedule |
+| postgresql.backup.cronjob.storage.existingClaim | string | `""` | Name of an existing PVC to use |
+| postgresql.backup.cronjob.storage.resourcePolicy | string | `"keep"` | Set resource policy to "keep" to avoid removing PVCs during a helm delete operation |
+| postgresql.backup.cronjob.storage.size | string | `"8Gi"` | PVC Storage Request for the backup data volume |
+| postgresql.backup.enabled | bool | `false` | Enable to create a backup cronjob |
+| postgresql.enabled | bool | `true` | Enable to deploy Postgresql |
+| postgresql.image.debug | bool | `true` | Debug logs |
+| replicaCount | int | `1` | The amount of replicas to run |
+| resources.limits.cpu | int | `2` | CPU resource limits |
+| resources.limits.memory | string | `"1Gi"` | Memory resource limits |
+| resources.requests.cpu | string | `"250m"` | CPU resource requests |
+| resources.requests.memory | string | `"500Mi"` | Memory resource requests |
+| secrets | object | `{}` | Parameters for the application (will be stored as secrets - so, for passwords, ...) |
+| securityContext | object | `{"allowPrivilegeEscalation":false,"privileged":false,"runAsGroup":11111,"runAsNonRoot":true,"runAsUser":11111}` | Pod security parameters |
+| securityContext.allowPrivilegeEscalation | bool | `false` | Allow privilege escalation |
+| securityContext.privileged | bool | `false` | Enable privileged container |
+| securityContext.runAsGroup | int | `11111` | Group ID used to run the container |
+| securityContext.runAsNonRoot | bool | `true` | Enable to run the container as a non-root user |
+| securityContext.runAsUser | int | `11111` | User ID used to run the container |
+| service.port | int | `8080` | Kubernetes Service port |
+| service.type | string | `"ClusterIP"` | Kubernetes Service type |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the ServiceAccount |
+| serviceAccount.create | bool | `true` | Enable creation of ServiceAccount |
+| serviceAccount.name | string | `""` | The name of the ServiceAccount to use. |
+| tolerations | list | `[]` | Tolerations configuration |
+| vcrs | object | `{"configName":"verifiable-credential-revocation-service","database":{"encryptionKey":{"secret":"","secretKey":"","value":""}},"env":{"APPLICATION_LOG_LEVEL":"DEBUG","APPLICATION_NAME":"verifiable-credential-revocation-service","APPLICATION_PORT":8081,"APPLICATION_PROFILE":"local","APP_LOG_LEVEL":"INFO","AUTH_SERVER_URL":"http://{{ .Release.Name }}-keycloak","DATABASE_CONNECTION_POOL_SIZE":10,"DATABASE_HOST":"managed-identity-wallet-postgresql","DATABASE_NAME":"vcrs_app","DATABASE_PORT":5432,"DATABASE_USERNAME":"vcrs","DATABASE_USE_SSL_COMMUNICATION":false,"DOMAIN_URL":"https://977d-203-129-213-107.ngrok-free.app","ENABLE_API_DOC":true,"ENABLE_SWAGGER_UI":true,"KEYCLOAK_CLIENT_ID":"miw_private_client","KEYCLOAK_PUBLIC_CLIENT_ID":"miw_public_client","KEYCLOAK_REALM":"miw_test","MIW_URL":"https://a888-203-129-213-107.ngrok-free.app","SERVICE_SECURITY_ENABLED":true,"VC_SCHEMA_LINK":"https://www.w3.org/2018/credentials/v1, https://cofinity-x.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json"},"fullnameOverride":"verifiable-credential-revocation-service","host":"localhost","image":{"pullPolicy":"IfNotPresent","repository":"public.ecr.aws/w6s7t8e0/tractusx/verifiable-credential-revocation-service","tag":"latest"},"ingress":{"annotations":{},"className":"","enabled":false,"hosts":null,"service":{"port":8081,"type":"ClusterIP"},"tls":[]},"ingressName":"verifiable-credential-revocation-service-ingress","livenessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":60,"periodSeconds":15,"timeoutSeconds":30},"nameOverride":"verifiable-credential-revocation-service","readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":60,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"replicaCount":1,"resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"250m","memory":"512Mi"}},"secretName":"verifiable-credential-revocation-service","secrets":{"DATABASE_PASSWORD":"defaultpassword","password":"defaultpassword","postgres-password":"defaultpassword"},"serviceName":"verifiable-credential-revocation-service"}` | Values for Verifiable Credential Revocation Service application |
+| vcrs.configName | string | `"verifiable-credential-revocation-service"` | ConfigMap Name |
+| vcrs.database.encryptionKey.secret | string | `""` | Existing secret for database encryption key |
+| vcrs.database.encryptionKey.secretKey | string | `""` | Existing secret key for database encryption key |
+| vcrs.database.encryptionKey.value | string | `""` | Database encryption key for confidential data.  Ignored if `secret` is set. If empty a secret with 32 random alphanumeric chars is generated. |
+| vcrs.env.APPLICATION_LOG_LEVEL | string | `"DEBUG"` | The application log level |
+| vcrs.env.APPLICATION_NAME | string | `"verifiable-credential-revocation-service"` | The application name |
+| vcrs.env.APPLICATION_PORT | int | `8081` | The application port |
+| vcrs.env.APPLICATION_PROFILE | string | `"local"` | The application profile |
+| vcrs.env.AUTH_SERVER_URL | string | `"http://{{ .Release.Name }}-keycloak"` | Auth URL for Keycloak |
+| vcrs.env.DATABASE_CONNECTION_POOL_SIZE | int | `10` | The Database connection pool size |
+| vcrs.env.DATABASE_HOST | string | `"managed-identity-wallet-postgresql"` | The Database Host |
+| vcrs.env.DATABASE_NAME | string | `"vcrs_app"` | The Database Name |
+| vcrs.env.DATABASE_PORT | int | `5432` | The Database Port |
+| vcrs.env.DATABASE_USERNAME | string | `"vcrs"` | The Database Name |
+| vcrs.env.DATABASE_USE_SSL_COMMUNICATION | bool | `false` | The Database SSL |
+| vcrs.env.ENABLE_API_DOC | bool | `true` | Swagger Api Doc |
+| vcrs.env.ENABLE_SWAGGER_UI | bool | `true` | Swagger UI config |
+| vcrs.env.KEYCLOAK_CLIENT_ID | string | `"miw_private_client"` | ClientID Config |
+| vcrs.env.KEYCLOAK_PUBLIC_CLIENT_ID | string | `"miw_public_client"` | ClientID Config |
+| vcrs.env.KEYCLOAK_REALM | string | `"miw_test"` | KeyClocak Configurations |
+| vcrs.env.MIW_URL | string | `"https://a888-203-129-213-107.ngrok-free.app"` | Revocation application configuration |
+| vcrs.fullnameOverride | string | `"verifiable-credential-revocation-service"` | String to partially override common.names.fullname template (will maintain the release name) |
+| vcrs.host | string | `"localhost"` | Revocation application configuration |
+| vcrs.image.pullPolicy | string | `"IfNotPresent"` | PullPolicy |
+| vcrs.image.repository | string | `"public.ecr.aws/w6s7t8e0/tractusx/verifiable-credential-revocation-service"` | Image repository |
+| vcrs.image.tag | string | `"latest"` | Image tag (empty one will use "appVersion" value from chart definition) |
+| vcrs.ingress.service.port | int | `8081` | Kubernetes Service port |
+| vcrs.ingress.service.type | string | `"ClusterIP"` | Kubernetes Service type |
+| vcrs.livenessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":60,"periodSeconds":15,"timeoutSeconds":30}` | Kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
+| vcrs.livenessProbe.enabled | bool | `true` | Enables/Disables the livenessProbe at all |
+| vcrs.livenessProbe.failureThreshold | int | `5` | When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. |
+| vcrs.livenessProbe.initialDelaySeconds | int | `60` | Number of seconds after the container has started before readiness probes are initiated. |
+| vcrs.livenessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the probe |
+| vcrs.livenessProbe.timeoutSeconds | int | `30` | Number of seconds after which the probe times out. |
+| vcrs.nameOverride | string | `"verifiable-credential-revocation-service"` | The configmap name |
+| vcrs.readinessProbe.enabled | bool | `true` | Enables/Disables the readinessProbe at all |
+| vcrs.readinessProbe.failureThreshold | int | `5` | When a probe fails, Kubernetes will try failureThreshold times before giving up. In case of readiness probe the Pod will be marked Unready. |
+| vcrs.readinessProbe.initialDelaySeconds | int | `60` | Number of seconds after the container has started before readiness probe are initiated. |
+| vcrs.readinessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the probe |
+| vcrs.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed. |
+| vcrs.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the probe times out. |
+| vcrs.resources.limits.cpu | string | `"500m"` | CPU resource limits |
+| vcrs.resources.limits.memory | string | `"1Gi"` | Memory resource limits |
+| vcrs.resources.requests.cpu | string | `"250m"` | CPU resource requests |
+| vcrs.resources.requests.memory | string | `"512Mi"` | Memory resource requests |
+| vcrs.secretName | string | `"verifiable-credential-revocation-service"` | The Secret name |
+| vcrs.secrets.DATABASE_PASSWORD | string | `"defaultpassword"` | The Database Password |
+| vcrs.secrets.password | string | `"defaultpassword"` | Postgresql password for MIW non-root User |
+| vcrs.secrets.postgres-password | string | `"defaultpassword"` | Postgresql password for postgres root-user |
+| vcrs.serviceName | string | `"verifiable-credential-revocation-service"` | The Service name |
 
 For more information on how to configure the Keycloak see
 - https://github.com/bitnami/charts/tree/main/bitnami/keycloak.
@@ -315,10 +319,10 @@ when deploying the MIW in a production environment:
 
 ## Maintainers
 
-| Name           | Email                              | Url                                |
-| -------------- | ---------------------------------- | ---------------------------------- |
+| Name | Email | Url |
+| ---- | ------ | --- |
 | Dominik Pinsel | <dominik.pinsel@mercedes-benz.com> | <https://github.com/DominikPinsel> |
-| Rohit Solanki | <rohit.solanki@smartsensesolutions.com> | <https://github.com/rohit-smartsensesolutions/> |
+| Rohit Solanki | <rohit.solanki@smartsensesolutions.com> | <https://github.com/rohit-smartsensesolutions> |
 
 <p align="right">(<a href="#readme-top">back to top</a>)</p>
 
diff --git a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml
index 029f0e0a..cca4627a 100644
--- a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml
+++ b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml
@@ -82,7 +82,7 @@ tests:
               valueFrom:
                 secretKeyRef:
                   key: password
-                  name: RELEASE-NAME-postgresql
+                  name: verifiable-credential-revocation-service
             - name: APPLICATION_PORT
               value: "8080"
             - name: VC_EXPIRY_DATE
diff --git a/charts/managed-identity-wallet/tests/default/deployment_test.yaml b/charts/managed-identity-wallet/tests/default/deployment_test.yaml
index 1e2d3d0b..42b3df29 100644
--- a/charts/managed-identity-wallet/tests/default/deployment_test.yaml
+++ b/charts/managed-identity-wallet/tests/default/deployment_test.yaml
@@ -137,7 +137,7 @@ tests:
               valueFrom:
                 secretKeyRef:
                   key: password
-                  name: RELEASE-NAME-postgresql
+                  name: verifiable-credential-revocation-service
             - name: APPLICATION_PORT
               value: "8080"
             - name: VC_EXPIRY_DATE
diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml
index 327e51b1..09844c05 100644
--- a/charts/managed-identity-wallet/values.yaml
+++ b/charts/managed-identity-wallet/values.yaml
@@ -16,9 +16,8 @@
 #
 # SPDX-License-Identifier: Apache-2.0
 ###############################################################
-#
-# ----------------------------------------------- Values for Managed Identity Wallet ----------------------------------------------- #
-#
+
+# -- Values for Managed Identity Wallet
 # -- The amount of replicas to run
 replicaCount: 1
 # -- String to partially override common.names.fullname template (will maintain the release name)
@@ -32,6 +31,7 @@ image:
   pullPolicy: Always
   # -- Image tag (empty one will use "appVersion" value from chart definition)
   tag: ""
+imagePullSecrets: []
 # --  Parameters for the application (will be stored as secrets - so, for passwords, ...)
 secrets: {}
 # -- envs Parameters for the application (will be provided as environment variables)
@@ -48,8 +48,6 @@ service:
   type: ClusterIP
   # -- Kubernetes Service port
   port: 8080
-# -- Image pull secrets
-imagePullSecrets: []
 # -- Ingress Configuration
 ingress:
   # -- Enable ingress controller resource
@@ -67,6 +65,7 @@ ingress:
   #  - secretName: chart-example-tls
   #    hosts:
   #      - chart-example.local
+  className: nginx
 # -- Pod security configurations
 podSecurityContext: {}
 # -- Pod security parameters
@@ -114,9 +113,7 @@ networkPolicy:
 # -- add volumes to the miw deployment
 extraVolumes: []
 extraVolumeMounts: []
-#
-# -----------------------------------------------MIW----------------------------------------------- #
-#
+# -- Values for MIW
 miw:
   ## @param miw.host Host name
   ## @param miw.logging.level Log level. Should be ether ERROR, WARN, INFO, DEBUG, or TRACE.
@@ -150,7 +147,7 @@ miw:
     # -- Database name
     name: "miw_app"
     # -- Existing secret name for the database password
-    secret: "{{ .Release.Name }}-postgresql"
+    secret: "verifiable-credential-revocation-service"
     # -- Existing secret key for the database password
     secretPasswordKey: "password"
     # -- Password encryption configuratons
@@ -194,32 +191,45 @@ miw:
     successThreshold: 1
     # -- Number of seconds after which the probe times out.
     timeoutSeconds: 5
-# ----------------------------------------------- KEYCLOAK ----------------------------------------------- #
-# For more information on how to configure the Keycloak chart see https://github.com/bitnami/charts/tree/main/bitnami/keycloak.
+    # For more information on how to configure the Keycloak chart see https://github.com/bitnami/charts/tree/main/bitnami/keycloak.
+# -- Values for KEYCLOAK
 keycloak:
   # -- Enable to deploy Keycloak
   enabled: true
   # -- Extra environment variables
   extraEnvVars: []
-  #    - name: KEYCLOAK_HOSTNAME
-  #      value: "{{ .Release.Name }}-keycloak"
+  #  - name: KEYCLOAK_HOSTNAME
+  #    value: "keycloak"
   postgresql:
     # -- Name of the PostgreSQL chart to deploy. Mandatory when the MIW deploys a PostgreSQL chart, too.
     nameOverride: "keycloak-postgresql"
     # -- Enable to deploy PostgreSQL
     enabled: true
     auth:
-      # -- Keycloak PostgreSQL user
+      # -- Postgresql admin user password
       username: "miw_keycloak"
       # -- KeycloakPostgresql password to set (if empty one is generated)
-      password: ""
+      password: "defaultpassword"
       # -- Database name
       database: "miw_keycloak"
+    volumePermissions:
+      enabled: true
   ingress:
+    # -- Enable ingress controller resource
     enabled: false
+    # -- Ingress annotations
     annotations: {}
+    # -- Ingress accepted hostnames
     hosts: []
+    #   - host: chart-example.local
+    #     paths:
+    #       - path: /
+    #         pathType: Prefix
+    # -- Ingress TLS configuration
     tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
   auth:
     # -- Keycloak admin user
     adminUser: "admin"
@@ -232,20 +242,22 @@ keycloak:
     existingConfigmap: keycloak-realm-config
     # -- Number of retries before considering a Job as failed
     backoffLimit: 2
-# ----------------------------------------------- POSTGRESQL ----------------------------------------------- #
+# -- Values for POSTGRESQL
 # For more information on how to configure the PostgreSQL chart see https://github.com/bitnami/charts/tree/main/bitnami/postgresql.
 postgresql:
   # -- Enable to deploy Postgresql
   enabled: true
+  image:
+    tag: "16-debian-12"
+    # -- Debug logs
+    debug: true
   auth:
     # -- Enable postgresql admin user
     enablePostgresUser: true
-    # -- Postgresql admin user password
-    postgresPassword: "adminpass"
+    # -- Postgresql root-user and non-root user secret
+    existingSecret: "verifiable-credential-revocation-service"
     # -- Postgresql user to create
     username: "miw"
-    # -- Postgresql password to set (if empty one is generated)
-    password: "adminpass"
     # -- Postgresql database to create
     database: "miw_app"
     # -- Creating a new database for VCRS application (Edit the DB configurations as required in configmap)
@@ -259,18 +271,18 @@ postgresql:
         name: postgres-seed
     initdb:
       user: "postgres"
-      password: "adminpass"
+      password: "defaultpassword"
       scripts:
         init.sql: |
           CREATE DATABASE vcrs_app;
-          CREATE USER vcrs WITH ENCRYPTED PASSWORD 'adminpass';
+          CREATE USER vcrs WITH ENCRYPTED PASSWORD 'defaultpassword';
           GRANT ALL PRIVILEGES ON DATABASE vcrs_app TO vcrs;
           \c vcrs_app
           GRANT ALL ON SCHEMA public TO vcrs;
   backup:
     # -- Enable to create a backup cronjob
     enabled: false
-    #Cronjob Configuration
+    # -- Cronjob Configuration
     cronjob:
       # -- Backup schedule
       schedule: "* */6 * * *"
@@ -284,9 +296,8 @@ postgresql:
         size: "8Gi"
   volumePermissions:
     enabled: true
-# ----------------------------------------------- PGADMIN ----------------------------------------------- #
+# -- Values for PGADMIN
 # For more information on how to configure the pgadmin chart see https://artifacthub.io/packages/helm/runix/pgadmin4.
-# (Here we're using a stripped-down version of the pgadmin chart, to just )
 pgadmin4:
   # -- Enable to deploy pgAdmin
   enabled: false
@@ -328,9 +339,7 @@ pgadmin4:
       subPath: servers.json
       mountPath: "/pgadmin4/servers.json"
       readOnly: true
-#
-# ----------------------------------------------- Values for Verifiable Credential Revocation Service application ----------------------------------------------- #
-#
+# -- Values for Verifiable Credential Revocation Service application
 vcrs:
   replicaCount: 1
   # -- Revocation application configuration
@@ -339,12 +348,12 @@ vcrs:
   nameOverride: "verifiable-credential-revocation-service"
   # -- String to partially override common.names.fullname template (will maintain the release name)
   fullnameOverride: "verifiable-credential-revocation-service"
-  # -- ConfigMap Name 
-  configName: "verifiable-credential-revocation-service-config"
+  # -- ConfigMap Name
+  configName: "verifiable-credential-revocation-service"
   # -- The Service name
   serviceName: "verifiable-credential-revocation-service"
   # -- The Secret name
-  secretName: "verifiable-credential-revocation-service-secret"
+  secretName: "verifiable-credential-revocation-service"
   image:
     # -- Image repository
     repository: public.ecr.aws/w6s7t8e0/tractusx/verifiable-credential-revocation-service
@@ -360,12 +369,12 @@ vcrs:
     # -- The application profile
     APPLICATION_PROFILE: local
     # -- The Database Host
-    DATABASE_HOST: "{{ .Release.Name }}-postgresql"
+    DATABASE_HOST: managed-identity-wallet-postgresql
     # -- The Database Port
     DATABASE_PORT: 5432
     # -- The Database Name
     DATABASE_NAME: vcrs_app
-    # -- The Database SSL 
+    # -- The Database SSL
     DATABASE_USE_SSL_COMMUNICATION: false
     # -- The Database Name
     DATABASE_USERNAME: vcrs
@@ -381,7 +390,7 @@ vcrs:
     SERVICE_SECURITY_ENABLED: true
     # -- KeyClocak Configurations
     KEYCLOAK_REALM: miw_test
-    # -- ClientID Config 
+    # -- ClientID Config
     KEYCLOAK_CLIENT_ID: miw_private_client
     # -- ClientID Config
     KEYCLOAK_PUBLIC_CLIENT_ID: miw_public_client
@@ -395,7 +404,11 @@ vcrs:
     APP_LOG_LEVEL: INFO
   secrets:
     # -- The Database Password
-    DATABASE_PASSWORD: "adminpass"
+    DATABASE_PASSWORD: "defaultpassword"
+    # -- Postgresql password for MIW non-root User
+    password: "defaultpassword"
+    # -- Postgresql password for postgres root-user
+    postgres-password: "defaultpassword"
   resources:
     requests:
       # -- CPU resource requests
@@ -434,21 +447,22 @@ vcrs:
     # -- Number of seconds after which the probe times out.
     timeoutSeconds: 15
     # -- ingress configuration
+  ingressName: "verifiable-credential-revocation-service-ingress"
   ingress:
     enabled: false
-    className: "nginx"
-    annotations:
-      kubernetes.io/ingress.class: "nginx"
-      kubernetes.io/tls-acme: "true"
+    className: ""
+    annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
     hosts:
-      - host: vcrs.example.org
-        paths:
-          - path: /
-            pathType: Prefix
-    tls:
-      - secretName: chart-example-tls
-        hosts:
-          - vcrs.example.org
+    # - host: chart-example.local
+    #   paths:
+    #     - path: /
+    #       pathType: ImplementationSpecific
+    tls: []
+    # - secretName: chart-example-tls
+    #   hosts:
+    #     - chart-example.local
     service:
       # -- Kubernetes Service type
       type: ClusterIP

From c162cada45cd0a885d0546214a18a32a7ac41f02 Mon Sep 17 00:00:00 2001
From: rohit-smartsensesolutions <rohit.solanki@smartsensesolutions.com>
Date: Tue, 24 Sep 2024 15:03:42 +0530
Subject: [PATCH 38/48] fix: zap scan errors

---
 .github/workflows/release.yml                 | 250 ++++++++++++++++++
 charts/managed-identity-wallet/README.md      |  22 +-
 .../templates/networkpolicy.yaml              |   2 +-
 .../templates/vcrs-deployment.yaml            |  81 ++++--
 .../templates/vcrs-hpa.yaml                   |  32 +++
 charts/managed-identity-wallet/values.yaml    |  58 ++--
 6 files changed, 389 insertions(+), 56 deletions(-)
 create mode 100644 .github/workflows/release.yml
 create mode 100644 charts/managed-identity-wallet/templates/vcrs-hpa.yaml

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 00000000..e760bd4b
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,250 @@
+# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation
+
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# SPDX-License-Identifier: Apache-2.0
+---
+
+    name: Semantic Release
+    on:
+      push:
+        branches:
+          - main
+          - develop
+      pull_request:
+        branches:
+          - main
+          - develop
+    
+    env:
+      IMAGE_NAMESPACE: "tractusx"
+      IMAGE_NAME: "managed-identity-wallet"
+    
+    jobs:
+    
+      semantic_release:
+        name: Repository Release
+        runs-on: ubuntu-latest
+        permissions:
+          # see https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
+          contents: write
+          pull-requests: write
+          packages: write
+        outputs:
+          next_release: ${{ steps.semantic-release.outputs.next_release }}
+          will_create_new_release: ${{ steps.semantic-release.outputs.will_create_new_release }}
+        steps:
+          - name: Checkout repository
+            uses: actions/checkout@v4
+    
+          - name: Validate Gradle wrapper
+            uses: gradle/wrapper-validation-action@v2
+    
+          - name: Setup Helm
+            uses: azure/setup-helm@v4.1.0
+    
+          - name: Setup JDK 17
+            uses: actions/setup-java@v4
+            with:
+              java-version: '17'
+              distribution: 'temurin'
+    
+          - name: Setup Node.js
+            uses: actions/setup-node@v4
+            with:
+              node-version: 20
+    
+            # setup helm-docs as it is needed during semantic-release
+          - uses: gabe565/setup-helm-docs-action@v1
+            name: Setup helm-docs
+            if: github.event_name != 'pull_request'
+            with:
+              version: v1.11.3
+    
+          - name: Run semantic release
+            id: semantic-release
+            if: github.event_name != 'pull_request'
+            env:
+              GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+              GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com
+              GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com
+            run: |
+              npx --yes -p @semantic-release/exec -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release
+    
+          - name: Run semantic release (dry run)
+            if: github.event_name == 'pull_request'
+            env:
+              GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+              GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com
+              GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com
+            run: |
+              npx --yes -p @semantic-release/exec -p @semantic-release/github -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release --dry-run
+    
+          - name: Execute Gradle build
+            run: ./gradlew build
+    
+          - name: Upload build artifact
+            uses: actions/upload-artifact@v4
+            with:
+              name: build
+              path: ./miw/build
+              if-no-files-found: error
+              retention-days: 1
+    
+          - name: Upload Helm chart artifact
+            uses: actions/upload-artifact@v4
+            with:
+              name: charts
+              path: ./charts
+              if-no-files-found: error
+              retention-days: 1
+    
+          - name: Report semantic-release outputs
+            run: |
+              echo "::notice::${{ env.next_release }}"
+              echo "::notice::${{ env.will_create_new_release }}"
+    
+          - name: Upload jar to GitHub release
+            if: github.event_name != 'pull_request' && steps.semantic-release.outputs.will_create_new_release == 'true'
+            env:
+              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+              RELEASE_VERSION: ${{ steps.semantic-release.outputs.next_release }}
+            run: |
+              echo "::notice::Uploading jar to GitHub release"
+              gh release upload "v$RELEASE_VERSION" ./miw/build/libs/miw-latest.jar
+    
+      docker:
+        name: Docker Release
+        needs: semantic_release
+        runs-on: ubuntu-latest
+        steps:
+          - name: Checkout repository
+            uses: actions/checkout@v4
+          - name: Download build artifact
+            uses: actions/download-artifact@v4
+            with:
+              name: build
+              path: ./miw/build
+    
+          - name: Download Helm chart artifact
+            uses: actions/download-artifact@v4
+            with:
+              name: charts
+              path: ./charts
+    
+          # Create SemVer or ref tags dependent of trigger event
+          - name: Docker meta
+            id: meta
+            uses: docker/metadata-action@v5
+            with:
+              images: |
+                ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+              # Automatically prepare image tags; See action docs for more examples.
+              # semver patter will generate tags like these for example :1 :1.2 :1.2.3
+              tags: |
+                type=ref,event=branch
+                type=ref,event=pr
+                type=semver,pattern={{version}},value=${{ needs.semantic_release.outputs.next_release }}
+                type=semver,pattern={{major}},value=${{ needs.semantic_release.outputs.next_release }}
+                type=semver,pattern={{major}}.{{minor}},value=${{ needs.semantic_release.outputs.next_release }}
+                type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+    
+          - name: DockerHub login
+            if: github.event_name != 'pull_request'
+            uses: docker/login-action@v3
+            with:
+              # Use existing DockerHub credentials present as secrets
+              username: ${{ secrets.DOCKER_HUB_USER }}
+              password: ${{ secrets.DOCKER_HUB_TOKEN }}
+    
+          - name: Push image
+            uses: docker/build-push-action@v5
+            with:
+              context: .
+              push: ${{ github.event_name != 'pull_request' }}
+              tags: ${{ steps.meta.outputs.tags }}
+              labels: ${{ steps.meta.outputs.labels }}
+    
+          # https://github.com/peter-evans/dockerhub-description
+          # Important step to push image description to DockerHub
+          - name: Update Docker Hub description
+            if: github.event_name != 'pull_request'
+            uses: peter-evans/dockerhub-description@v3
+            with:
+              # readme-filepath defaults to toplevel README.md, Only necessary if you have a dedicated file with your 'Notice for docker images'
+              readme-filepath: Docker-hub-notice.md
+              username: ${{ secrets.DOCKER_HUB_USER }}
+              password: ${{ secrets.DOCKER_HUB_TOKEN }}
+              repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+    
+      helm:
+        name: Helm Release
+        needs: semantic_release
+        runs-on: ubuntu-latest
+        permissions:
+          contents: write
+        steps:
+          - name: Checkout repository
+            uses: actions/checkout@v4
+    
+          - name: Download Helm chart artifact
+            uses: actions/download-artifact@v4
+            with:
+              name: charts
+              path: ./charts
+    
+          - name: Install Helm
+            uses: azure/setup-helm@v4.1.0
+    
+          - name: Add Helm dependency repositories
+            run: |
+              helm repo add bitnami https://charts.bitnami.com/bitnami
+    
+          - name: Configure Git
+            run: |
+              git config user.name "$GITHUB_ACTOR"
+              git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+    
+          - name: Release chart
+            if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true'
+            run: |
+              # Package MIW chart
+              helm_package_path=$(helm package -u -d helm-charts ./charts/managed-identity-wallet | grep -o 'to: .*' | cut -d' ' -f2-)
+              echo "HELM_PACKAGE_PATH=$helm_package_path" >> $GITHUB_ENV
+              
+              # Commit and push to gh-pages
+              git add helm-charts
+              git stash -- helm-charts
+              git reset --hard
+              git fetch origin
+              git checkout gh-pages
+              git stash pop
+              
+              # Generate helm repo index.yaml
+              helm repo index . --merge index.yaml --url https://${GITHUB_REPOSITORY_OWNER}.github.io/${GITHUB_REPOSITORY#*/}/
+              git add index.yaml
+              
+              git commit -s -m "Release ${{ needs.semantic_release.outputs.next_release }}"
+              
+              git push origin gh-pages
+    
+          - name: Upload chart to GitHub release
+            if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true'
+            env:
+              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+              RELEASE_VERSION: ${{ needs.semantic_release.outputs.next_release }}
+              HELM_PACKAGE_PATH: ${{ env.HELM_PACKAGE_PATH }}
+            run: |
+              echo "::notice::Uploading chart to GitHub release"
+              gh release upload "v$RELEASE_VERSION" "$HELM_PACKAGE_PATH"
\ No newline at end of file
diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md
index c157e1e5..8aff8490 100644
--- a/charts/managed-identity-wallet/README.md
+++ b/charts/managed-identity-wallet/README.md
@@ -201,7 +201,7 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document
 | serviceAccount.create | bool | `true` | Enable creation of ServiceAccount |
 | serviceAccount.name | string | `""` | The name of the ServiceAccount to use. |
 | tolerations | list | `[]` | Tolerations configuration |
-| vcrs | object | `{"configName":"verifiable-credential-revocation-service","database":{"encryptionKey":{"secret":"","secretKey":"","value":""}},"env":{"APPLICATION_LOG_LEVEL":"DEBUG","APPLICATION_NAME":"verifiable-credential-revocation-service","APPLICATION_PORT":8081,"APPLICATION_PROFILE":"local","APP_LOG_LEVEL":"INFO","AUTH_SERVER_URL":"http://{{ .Release.Name }}-keycloak","DATABASE_CONNECTION_POOL_SIZE":10,"DATABASE_HOST":"managed-identity-wallet-postgresql","DATABASE_NAME":"vcrs_app","DATABASE_PORT":5432,"DATABASE_USERNAME":"vcrs","DATABASE_USE_SSL_COMMUNICATION":false,"DOMAIN_URL":"https://977d-203-129-213-107.ngrok-free.app","ENABLE_API_DOC":true,"ENABLE_SWAGGER_UI":true,"KEYCLOAK_CLIENT_ID":"miw_private_client","KEYCLOAK_PUBLIC_CLIENT_ID":"miw_public_client","KEYCLOAK_REALM":"miw_test","MIW_URL":"https://a888-203-129-213-107.ngrok-free.app","SERVICE_SECURITY_ENABLED":true,"VC_SCHEMA_LINK":"https://www.w3.org/2018/credentials/v1, https://cofinity-x.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json"},"fullnameOverride":"verifiable-credential-revocation-service","host":"localhost","image":{"pullPolicy":"IfNotPresent","repository":"public.ecr.aws/w6s7t8e0/tractusx/verifiable-credential-revocation-service","tag":"latest"},"ingress":{"annotations":{},"className":"","enabled":false,"hosts":null,"service":{"port":8081,"type":"ClusterIP"},"tls":[]},"ingressName":"verifiable-credential-revocation-service-ingress","livenessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":60,"periodSeconds":15,"timeoutSeconds":30},"nameOverride":"verifiable-credential-revocation-service","readinessProbe":{"enabled":true,"failureThreshold":5,"initialDelaySeconds":60,"periodSeconds":15,"successThreshold":1,"timeoutSeconds":15},"replicaCount":1,"resources":{"limits":{"cpu":"500m","memory":"1Gi"},"requests":{"cpu":"250m","memory":"512Mi"}},"secretName":"verifiable-credential-revocation-service","secrets":{"DATABASE_PASSWORD":"defaultpassword","password":"defaultpassword","postgres-password":"defaultpassword"},"serviceName":"verifiable-credential-revocation-service"}` | Values for Verifiable Credential Revocation Service application |
+| vcrs | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80},"configName":"verifiable-credential-revocation-service","database":{"encryptionKey":{"secret":"","secretKey":"","value":""}},"env":{"APPLICATION_LOG_LEVEL":"DEBUG","APPLICATION_NAME":"verifiable-credential-revocation-service","APPLICATION_PORT":8081,"APPLICATION_PROFILE":"local","APP_LOG_LEVEL":"INFO","AUTH_SERVER_URL":"http://{{ .Release.Name }}-keycloak","DATABASE_CONNECTION_POOL_SIZE":10,"DATABASE_HOST":"managed-identity-wallet-postgresql","DATABASE_NAME":"vcrs_app","DATABASE_PORT":5432,"DATABASE_USERNAME":"vcrs","DATABASE_USE_SSL_COMMUNICATION":false,"DOMAIN_URL":"https://977d-203-129-213-107.ngrok-free.app","ENABLE_API_DOC":true,"ENABLE_SWAGGER_UI":true,"KEYCLOAK_CLIENT_ID":"miw_private_client","KEYCLOAK_PUBLIC_CLIENT_ID":"miw_public_client","KEYCLOAK_REALM":"miw_test","MIW_URL":"https://a888-203-129-213-107.ngrok-free.app","SERVICE_SECURITY_ENABLED":true,"VC_SCHEMA_LINK":"https://www.w3.org/2018/credentials/v1, https://cofinity-x.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json"},"fullnameOverride":"verifiable-credential-revocation-service","host":"localhost","image":{"pullPolicy":"IfNotPresent","repository":"public.ecr.aws/w6s7t8e0/tractusx/verifiable-credential-revocation-service","tag":"latest"},"imagePullSecrets":[],"ingress":{"annotations":{},"className":"","enabled":false,"hosts":null,"service":{"port":8081,"type":"ClusterIP"},"tls":[]},"ingressName":"verifiable-credential-revocation-service-ingress","livenessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"periodSeconds":5,"timeoutSeconds":30},"nameOverride":"verifiable-credential-revocation-service","nodeSelector":{},"podAnnotations":{},"podLabels":{},"podSecurityContext":{},"readinessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"periodSeconds":30,"timeoutSeconds":30},"replicaCount":1,"resources":{},"rollingUpdate":{"enabled":true,"rollingUpdateMaxSurge":1,"rollingUpdateMaxUnavailable":0},"secretName":"verifiable-credential-revocation-service","secrets":{"DATABASE_PASSWORD":"defaultpassword","password":"defaultpassword","postgres-password":"defaultpassword"},"securityContext":{"allowPrivilegeEscalation":false},"serviceName":"verifiable-credential-revocation-service","tolerations":[],"volumeMounts":[],"volumes":[]}` | Values for Verifiable Credential Revocation Service application |
 | vcrs.configName | string | `"verifiable-credential-revocation-service"` | ConfigMap Name |
 | vcrs.database.encryptionKey.secret | string | `""` | Existing secret for database encryption key |
 | vcrs.database.encryptionKey.secretKey | string | `""` | Existing secret key for database encryption key |
@@ -230,23 +230,19 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document
 | vcrs.image.tag | string | `"latest"` | Image tag (empty one will use "appVersion" value from chart definition) |
 | vcrs.ingress.service.port | int | `8081` | Kubernetes Service port |
 | vcrs.ingress.service.type | string | `"ClusterIP"` | Kubernetes Service type |
-| vcrs.livenessProbe | object | `{"enabled":true,"failureThreshold":5,"initialDelaySeconds":60,"periodSeconds":15,"timeoutSeconds":30}` | Kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
+| vcrs.livenessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"periodSeconds":5,"timeoutSeconds":30}` | Kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
 | vcrs.livenessProbe.enabled | bool | `true` | Enables/Disables the livenessProbe at all |
-| vcrs.livenessProbe.failureThreshold | int | `5` | When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. |
-| vcrs.livenessProbe.initialDelaySeconds | int | `60` | Number of seconds after the container has started before readiness probes are initiated. |
-| vcrs.livenessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the probe |
+| vcrs.livenessProbe.failureThreshold | int | `3` | When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container. |
+| vcrs.livenessProbe.initialDelaySeconds | int | `60` | Number of seconds after the container has started before readiness probe are initiated. |
+| vcrs.livenessProbe.periodSeconds | int | `5` | How often (in seconds) to perform the probe |
 | vcrs.livenessProbe.timeoutSeconds | int | `30` | Number of seconds after which the probe times out. |
 | vcrs.nameOverride | string | `"verifiable-credential-revocation-service"` | The configmap name |
+| vcrs.readinessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"periodSeconds":30,"timeoutSeconds":30}` | Kubernetes [readiness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) |
 | vcrs.readinessProbe.enabled | bool | `true` | Enables/Disables the readinessProbe at all |
-| vcrs.readinessProbe.failureThreshold | int | `5` | When a probe fails, Kubernetes will try failureThreshold times before giving up. In case of readiness probe the Pod will be marked Unready. |
+| vcrs.readinessProbe.failureThreshold | int | `3` | When a probe fails, Kubernetes will try failureThreshold times before giving up. In case of readiness probe the Pod will be marked Unready. |
 | vcrs.readinessProbe.initialDelaySeconds | int | `60` | Number of seconds after the container has started before readiness probe are initiated. |
-| vcrs.readinessProbe.periodSeconds | int | `15` | How often (in seconds) to perform the probe |
-| vcrs.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the probe to be considered successful after having failed. |
-| vcrs.readinessProbe.timeoutSeconds | int | `15` | Number of seconds after which the probe times out. |
-| vcrs.resources.limits.cpu | string | `"500m"` | CPU resource limits |
-| vcrs.resources.limits.memory | string | `"1Gi"` | Memory resource limits |
-| vcrs.resources.requests.cpu | string | `"250m"` | CPU resource requests |
-| vcrs.resources.requests.memory | string | `"512Mi"` | Memory resource requests |
+| vcrs.readinessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the probe |
+| vcrs.readinessProbe.timeoutSeconds | int | `30` | Number of seconds after which the probe times out. |
 | vcrs.secretName | string | `"verifiable-credential-revocation-service"` | The Secret name |
 | vcrs.secrets.DATABASE_PASSWORD | string | `"defaultpassword"` | The Database Password |
 | vcrs.secrets.password | string | `"defaultpassword"` | Postgresql password for MIW non-root User |
diff --git a/charts/managed-identity-wallet/templates/networkpolicy.yaml b/charts/managed-identity-wallet/templates/networkpolicy.yaml
index 425016e6..2edaefbc 100644
--- a/charts/managed-identity-wallet/templates/networkpolicy.yaml
+++ b/charts/managed-identity-wallet/templates/networkpolicy.yaml
@@ -1,5 +1,5 @@
 # /********************************************************************************
-# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+# * Copyright (c) 2024 Contributors to the Eclipse Foundation
 # *
 # * See the NOTICE file(s) distributed with this work for additional
 # * information regarding copyright ownership.
diff --git a/charts/managed-identity-wallet/templates/vcrs-deployment.yaml b/charts/managed-identity-wallet/templates/vcrs-deployment.yaml
index 95db61ce..16179582 100644
--- a/charts/managed-identity-wallet/templates/vcrs-deployment.yaml
+++ b/charts/managed-identity-wallet/templates/vcrs-deployment.yaml
@@ -24,38 +24,49 @@ metadata:
   labels:
     {{- include "verifiable-credential-revocation-service.labels" . | nindent 4 }}
 spec:
-  strategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxUnavailable: 0
-      maxSurge: 1
+  {{- if not .Values.vcrs.autoscaling.enabled }}
+  replicas: {{ .Values.vcrs.replicaCount }}
+  {{- end }}
   selector:
     matchLabels:
       {{- include "verifiable-credential-revocation-service.selectorLabels" . | nindent 6 }}
-  replicas: {{ .Values.vcrs.replicaCount }}
-  revisionHistoryLimit: 2
+  strategy:
+    {{- if .Values.vcrs.rollingUpdate.enabled }}
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: {{ .Values.vcrs.rollingUpdate.rollingUpdateMaxSurge }}
+      maxUnavailable: {{ .Values.vcrs.rollingUpdate.rollingUpdateMaxUnavailable }}
+    {{- end }}
   template:
     metadata:
+      {{- with .Values.vcrs.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       labels:
-        {{- include "verifiable-credential-revocation-service.selectorLabels" . | nindent 8 }}
+        {{- include "verifiable-credential-revocation-service.labels" . | nindent 8 }}
+        {{- with .Values.vcrs.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
     spec:
+      {{- with .Values.vcrs.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.vcrs.podSecurityContext | nindent 8 }}
       containers:
-        - name: {{ include "verifiable-credential-revocation-service.fullname" . }}
-          image: {{ .Values.vcrs.image.repository }}:{{ default .Chart.AppVersion .Values.vcrs.image.tag }}
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.vcrs.securityContext | nindent 12 }}
+          image: "{{ .Values.vcrs.image.repository }}:{{ .Values.vcrs.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.vcrs.image.pullPolicy }}
-          resources:
-            {{- toYaml .Values.vcrs.resources | nindent 12 }}
-          envFrom:
-            - secretRef:
-                name: {{ .Values.vcrs.secretName }}
-            - configMapRef:
-                name: {{ .Values.vcrs.configName }}
-          {{- with .Values.vcrs.livenessProbe }}
-          {{- if .enabled }}
           ports:
             - name: http
-              containerPort: 8081
+              containerPort: {{ .Values.vcrs.ingress.service.port }}
               protocol: TCP
+          {{- with .Values.vcrs.livenessProbe }}
+          {{- if .enabled }}
           livenessProbe:
             httpGet:
               path: /actuator/health/liveness
@@ -77,7 +88,33 @@ spec:
             failureThreshold: {{ .failureThreshold }}
             initialDelaySeconds: {{ .initialDelaySeconds }}
             periodSeconds: {{ .periodSeconds }}
-            successThreshold: {{ .successThreshold }}
             timeoutSeconds: {{ .timeoutSeconds }}
           {{- end }}
-          {{- end }}
\ No newline at end of file
+          {{- end }}
+          resources:
+            {{- toYaml .Values.vcrs.resources | nindent 12 }}
+          envFrom:
+            - secretRef:
+                name: {{ .Values.vcrs.secretName }}
+            - configMapRef:
+                name: {{ .Values.vcrs.configName }}
+          {{- with .Values.vcrs.volumeMounts }}
+          volumeMounts:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      {{- with .Values.vcrs.volumes }}
+      volumes:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.vcrs.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.vcrs.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.vcrs.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
\ No newline at end of file
diff --git a/charts/managed-identity-wallet/templates/vcrs-hpa.yaml b/charts/managed-identity-wallet/templates/vcrs-hpa.yaml
new file mode 100644
index 00000000..9c5ae5a8
--- /dev/null
+++ b/charts/managed-identity-wallet/templates/vcrs-hpa.yaml
@@ -0,0 +1,32 @@
+{{- if .Values.vcrs.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "verifiable-credential-revocation-service.fullname" . }}
+  labels:
+    {{- include "verifiable-credential-revocation-service.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "verifiable-credential-revocation-service.fullname" . }}
+  minReplicas: {{ .Values.vcrs.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.vcrs.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.vcrs.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.vcrs.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.vcrs.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.vcrs.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml
index 09844c05..4a631b78 100644
--- a/charts/managed-identity-wallet/values.yaml
+++ b/charts/managed-identity-wallet/values.yaml
@@ -409,44 +409,53 @@ vcrs:
     password: "defaultpassword"
     # -- Postgresql password for postgres root-user
     postgres-password: "defaultpassword"
-  resources:
-    requests:
-      # -- CPU resource requests
-      cpu: 250m
-      # -- Memory resource requests
-      memory: 512Mi
-    limits:
-      # -- CPU resource limits
-      cpu: 500m
-      # -- Memory resource limits
-      memory: 1Gi
+  podAnnotations: {}
+  podLabels: {}
+  imagePullSecrets: []
+  rollingUpdate:
+    enabled: true
+    # Minimum number of pods that should be running during the update process.
+    rollingUpdateMaxSurge: 1
+    # Maximum number of pods that can be unavailable during the update process.
+    rollingUpdateMaxUnavailable: 0
+  resources: {}
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
   # -- Kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
   livenessProbe:
     # -- Enables/Disables the livenessProbe at all
     enabled: true
     # -- When a probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the container.
-    failureThreshold: 5
-    # -- Number of seconds after the container has started before readiness probes are initiated.
+    failureThreshold: 3
+    # -- Number of seconds after the container has started before readiness probe are initiated.
     initialDelaySeconds: 60
     # -- Number of seconds after which the probe times out.
     timeoutSeconds: 30
     # -- How often (in seconds) to perform the probe
-    periodSeconds: 15
-    # -- Kubernetes [readiness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
+    periodSeconds: 5
+  # -- Kubernetes [readiness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
   readinessProbe:
     # -- Enables/Disables the readinessProbe at all
     enabled: true
     # -- When a probe fails, Kubernetes will try failureThreshold times before giving up. In case of readiness probe the Pod will be marked Unready.
-    failureThreshold: 5
+    failureThreshold: 3
     # -- Number of seconds after the container has started before readiness probe are initiated.
     initialDelaySeconds: 60
     # -- How often (in seconds) to perform the probe
-    periodSeconds: 15
-    # -- Minimum consecutive successes for the probe to be considered successful after having failed.
-    successThreshold: 1
+    periodSeconds: 30
     # -- Number of seconds after which the probe times out.
-    timeoutSeconds: 15
+    timeoutSeconds: 30
     # -- ingress configuration
+  autoscaling:
+    enabled: false
+    minReplicas: 1
+    maxReplicas: 100
+    targetCPUUtilizationPercentage: 80
+    targetMemoryUtilizationPercentage: 80
   ingressName: "verifiable-credential-revocation-service-ingress"
   ingress:
     enabled: false
@@ -476,3 +485,12 @@ vcrs:
       secret: ""
       # -- Existing secret key for database encryption key
       secretKey: ""
+  podSecurityContext: {}
+  securityContext:
+    allowPrivilegeEscalation: false
+  volumes: []
+  # Additional volumeMounts on the output Deployment definition.
+  volumeMounts: []
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}

From 074ab2df61f94776d23b45eebc87220fbd61a0ef Mon Sep 17 00:00:00 2001
From: rohit-smartsensesolutions <rohit.solanki@smartsensesolutions.com>
Date: Tue, 24 Sep 2024 15:06:27 +0530
Subject: [PATCH 39/48] fix: zap scan errors

---
 charts/managed-identity-wallet/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml
index 4a631b78..7bbd6931 100644
--- a/charts/managed-identity-wallet/values.yaml
+++ b/charts/managed-identity-wallet/values.yaml
@@ -356,7 +356,7 @@ vcrs:
   secretName: "verifiable-credential-revocation-service"
   image:
     # -- Image repository
-    repository: public.ecr.aws/w6s7t8e0/tractusx/verifiable-credential-revocation-service
+    repository: tractusx/verifiable-credential-revocation-service
     # -- PullPolicy
     pullPolicy: IfNotPresent
     # -- Image tag (empty one will use "appVersion" value from chart definition)

From e1218df658eda6195caf44d5567a09045da62813 Mon Sep 17 00:00:00 2001
From: rohit-smartsensesolutions <rohit.solanki@smartsensesolutions.com>
Date: Tue, 24 Sep 2024 15:22:01 +0530
Subject: [PATCH 40/48] docs: fixed readme file

---
 charts/managed-identity-wallet/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md
index 8aff8490..1fcd799f 100644
--- a/charts/managed-identity-wallet/README.md
+++ b/charts/managed-identity-wallet/README.md
@@ -201,7 +201,7 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document
 | serviceAccount.create | bool | `true` | Enable creation of ServiceAccount |
 | serviceAccount.name | string | `""` | The name of the ServiceAccount to use. |
 | tolerations | list | `[]` | Tolerations configuration |
-| vcrs | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80},"configName":"verifiable-credential-revocation-service","database":{"encryptionKey":{"secret":"","secretKey":"","value":""}},"env":{"APPLICATION_LOG_LEVEL":"DEBUG","APPLICATION_NAME":"verifiable-credential-revocation-service","APPLICATION_PORT":8081,"APPLICATION_PROFILE":"local","APP_LOG_LEVEL":"INFO","AUTH_SERVER_URL":"http://{{ .Release.Name }}-keycloak","DATABASE_CONNECTION_POOL_SIZE":10,"DATABASE_HOST":"managed-identity-wallet-postgresql","DATABASE_NAME":"vcrs_app","DATABASE_PORT":5432,"DATABASE_USERNAME":"vcrs","DATABASE_USE_SSL_COMMUNICATION":false,"DOMAIN_URL":"https://977d-203-129-213-107.ngrok-free.app","ENABLE_API_DOC":true,"ENABLE_SWAGGER_UI":true,"KEYCLOAK_CLIENT_ID":"miw_private_client","KEYCLOAK_PUBLIC_CLIENT_ID":"miw_public_client","KEYCLOAK_REALM":"miw_test","MIW_URL":"https://a888-203-129-213-107.ngrok-free.app","SERVICE_SECURITY_ENABLED":true,"VC_SCHEMA_LINK":"https://www.w3.org/2018/credentials/v1, https://cofinity-x.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json"},"fullnameOverride":"verifiable-credential-revocation-service","host":"localhost","image":{"pullPolicy":"IfNotPresent","repository":"public.ecr.aws/w6s7t8e0/tractusx/verifiable-credential-revocation-service","tag":"latest"},"imagePullSecrets":[],"ingress":{"annotations":{},"className":"","enabled":false,"hosts":null,"service":{"port":8081,"type":"ClusterIP"},"tls":[]},"ingressName":"verifiable-credential-revocation-service-ingress","livenessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"periodSeconds":5,"timeoutSeconds":30},"nameOverride":"verifiable-credential-revocation-service","nodeSelector":{},"podAnnotations":{},"podLabels":{},"podSecurityContext":{},"readinessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"periodSeconds":30,"timeoutSeconds":30},"replicaCount":1,"resources":{},"rollingUpdate":{"enabled":true,"rollingUpdateMaxSurge":1,"rollingUpdateMaxUnavailable":0},"secretName":"verifiable-credential-revocation-service","secrets":{"DATABASE_PASSWORD":"defaultpassword","password":"defaultpassword","postgres-password":"defaultpassword"},"securityContext":{"allowPrivilegeEscalation":false},"serviceName":"verifiable-credential-revocation-service","tolerations":[],"volumeMounts":[],"volumes":[]}` | Values for Verifiable Credential Revocation Service application |
+| vcrs | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80},"configName":"verifiable-credential-revocation-service","database":{"encryptionKey":{"secret":"","secretKey":"","value":""}},"env":{"APPLICATION_LOG_LEVEL":"DEBUG","APPLICATION_NAME":"verifiable-credential-revocation-service","APPLICATION_PORT":8081,"APPLICATION_PROFILE":"local","APP_LOG_LEVEL":"INFO","AUTH_SERVER_URL":"http://{{ .Release.Name }}-keycloak","DATABASE_CONNECTION_POOL_SIZE":10,"DATABASE_HOST":"managed-identity-wallet-postgresql","DATABASE_NAME":"vcrs_app","DATABASE_PORT":5432,"DATABASE_USERNAME":"vcrs","DATABASE_USE_SSL_COMMUNICATION":false,"DOMAIN_URL":"https://977d-203-129-213-107.ngrok-free.app","ENABLE_API_DOC":true,"ENABLE_SWAGGER_UI":true,"KEYCLOAK_CLIENT_ID":"miw_private_client","KEYCLOAK_PUBLIC_CLIENT_ID":"miw_public_client","KEYCLOAK_REALM":"miw_test","MIW_URL":"https://a888-203-129-213-107.ngrok-free.app","SERVICE_SECURITY_ENABLED":true,"VC_SCHEMA_LINK":"https://www.w3.org/2018/credentials/v1, https://cofinity-x.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json"},"fullnameOverride":"verifiable-credential-revocation-service","host":"localhost","image":{"pullPolicy":"IfNotPresent","repository":"tractusx/verifiable-credential-revocation-service","tag":"latest"},"imagePullSecrets":[],"ingress":{"annotations":{},"className":"","enabled":false,"hosts":null,"service":{"port":8081,"type":"ClusterIP"},"tls":[]},"ingressName":"verifiable-credential-revocation-service-ingress","livenessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"periodSeconds":5,"timeoutSeconds":30},"nameOverride":"verifiable-credential-revocation-service","nodeSelector":{},"podAnnotations":{},"podLabels":{},"podSecurityContext":{},"readinessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"periodSeconds":30,"timeoutSeconds":30},"replicaCount":1,"resources":{},"rollingUpdate":{"enabled":true,"rollingUpdateMaxSurge":1,"rollingUpdateMaxUnavailable":0},"secretName":"verifiable-credential-revocation-service","secrets":{"DATABASE_PASSWORD":"defaultpassword","password":"defaultpassword","postgres-password":"defaultpassword"},"securityContext":{"allowPrivilegeEscalation":false},"serviceName":"verifiable-credential-revocation-service","tolerations":[],"volumeMounts":[],"volumes":[]}` | Values for Verifiable Credential Revocation Service application |
 | vcrs.configName | string | `"verifiable-credential-revocation-service"` | ConfigMap Name |
 | vcrs.database.encryptionKey.secret | string | `""` | Existing secret for database encryption key |
 | vcrs.database.encryptionKey.secretKey | string | `""` | Existing secret key for database encryption key |
@@ -226,7 +226,7 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document
 | vcrs.fullnameOverride | string | `"verifiable-credential-revocation-service"` | String to partially override common.names.fullname template (will maintain the release name) |
 | vcrs.host | string | `"localhost"` | Revocation application configuration |
 | vcrs.image.pullPolicy | string | `"IfNotPresent"` | PullPolicy |
-| vcrs.image.repository | string | `"public.ecr.aws/w6s7t8e0/tractusx/verifiable-credential-revocation-service"` | Image repository |
+| vcrs.image.repository | string | `"tractusx/verifiable-credential-revocation-service"` | Image repository |
 | vcrs.image.tag | string | `"latest"` | Image tag (empty one will use "appVersion" value from chart definition) |
 | vcrs.ingress.service.port | int | `8081` | Kubernetes Service port |
 | vcrs.ingress.service.type | string | `"ClusterIP"` | Kubernetes Service type |

From 14a67e1b982569ddf6e3becd8176fc346b5ef731 Mon Sep 17 00:00:00 2001
From: rohit-smartsensesolutions <rohit.solanki@smartsensesolutions.com>
Date: Tue, 24 Sep 2024 15:25:56 +0530
Subject: [PATCH 41/48] fix: modefied the value for the replicas

---
 charts/managed-identity-wallet/values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml
index 7bbd6931..96e70c47 100644
--- a/charts/managed-identity-wallet/values.yaml
+++ b/charts/managed-identity-wallet/values.yaml
@@ -453,7 +453,7 @@ vcrs:
   autoscaling:
     enabled: false
     minReplicas: 1
-    maxReplicas: 100
+    maxReplicas: 2
     targetCPUUtilizationPercentage: 80
     targetMemoryUtilizationPercentage: 80
   ingressName: "verifiable-credential-revocation-service-ingress"

From 571d994ddc62c3a4461d2da2d07213fa40749485 Mon Sep 17 00:00:00 2001
From: rohit-smartsensesolutions <rohit.solanki@smartsensesolutions.com>
Date: Tue, 24 Sep 2024 15:27:36 +0530
Subject: [PATCH 42/48] fixed helm docs

---
 charts/managed-identity-wallet/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md
index 1fcd799f..537db4c9 100644
--- a/charts/managed-identity-wallet/README.md
+++ b/charts/managed-identity-wallet/README.md
@@ -201,7 +201,7 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document
 | serviceAccount.create | bool | `true` | Enable creation of ServiceAccount |
 | serviceAccount.name | string | `""` | The name of the ServiceAccount to use. |
 | tolerations | list | `[]` | Tolerations configuration |
-| vcrs | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80},"configName":"verifiable-credential-revocation-service","database":{"encryptionKey":{"secret":"","secretKey":"","value":""}},"env":{"APPLICATION_LOG_LEVEL":"DEBUG","APPLICATION_NAME":"verifiable-credential-revocation-service","APPLICATION_PORT":8081,"APPLICATION_PROFILE":"local","APP_LOG_LEVEL":"INFO","AUTH_SERVER_URL":"http://{{ .Release.Name }}-keycloak","DATABASE_CONNECTION_POOL_SIZE":10,"DATABASE_HOST":"managed-identity-wallet-postgresql","DATABASE_NAME":"vcrs_app","DATABASE_PORT":5432,"DATABASE_USERNAME":"vcrs","DATABASE_USE_SSL_COMMUNICATION":false,"DOMAIN_URL":"https://977d-203-129-213-107.ngrok-free.app","ENABLE_API_DOC":true,"ENABLE_SWAGGER_UI":true,"KEYCLOAK_CLIENT_ID":"miw_private_client","KEYCLOAK_PUBLIC_CLIENT_ID":"miw_public_client","KEYCLOAK_REALM":"miw_test","MIW_URL":"https://a888-203-129-213-107.ngrok-free.app","SERVICE_SECURITY_ENABLED":true,"VC_SCHEMA_LINK":"https://www.w3.org/2018/credentials/v1, https://cofinity-x.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json"},"fullnameOverride":"verifiable-credential-revocation-service","host":"localhost","image":{"pullPolicy":"IfNotPresent","repository":"tractusx/verifiable-credential-revocation-service","tag":"latest"},"imagePullSecrets":[],"ingress":{"annotations":{},"className":"","enabled":false,"hosts":null,"service":{"port":8081,"type":"ClusterIP"},"tls":[]},"ingressName":"verifiable-credential-revocation-service-ingress","livenessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"periodSeconds":5,"timeoutSeconds":30},"nameOverride":"verifiable-credential-revocation-service","nodeSelector":{},"podAnnotations":{},"podLabels":{},"podSecurityContext":{},"readinessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"periodSeconds":30,"timeoutSeconds":30},"replicaCount":1,"resources":{},"rollingUpdate":{"enabled":true,"rollingUpdateMaxSurge":1,"rollingUpdateMaxUnavailable":0},"secretName":"verifiable-credential-revocation-service","secrets":{"DATABASE_PASSWORD":"defaultpassword","password":"defaultpassword","postgres-password":"defaultpassword"},"securityContext":{"allowPrivilegeEscalation":false},"serviceName":"verifiable-credential-revocation-service","tolerations":[],"volumeMounts":[],"volumes":[]}` | Values for Verifiable Credential Revocation Service application |
+| vcrs | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":2,"minReplicas":1,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80},"configName":"verifiable-credential-revocation-service","database":{"encryptionKey":{"secret":"","secretKey":"","value":""}},"env":{"APPLICATION_LOG_LEVEL":"DEBUG","APPLICATION_NAME":"verifiable-credential-revocation-service","APPLICATION_PORT":8081,"APPLICATION_PROFILE":"local","APP_LOG_LEVEL":"INFO","AUTH_SERVER_URL":"http://{{ .Release.Name }}-keycloak","DATABASE_CONNECTION_POOL_SIZE":10,"DATABASE_HOST":"managed-identity-wallet-postgresql","DATABASE_NAME":"vcrs_app","DATABASE_PORT":5432,"DATABASE_USERNAME":"vcrs","DATABASE_USE_SSL_COMMUNICATION":false,"DOMAIN_URL":"https://977d-203-129-213-107.ngrok-free.app","ENABLE_API_DOC":true,"ENABLE_SWAGGER_UI":true,"KEYCLOAK_CLIENT_ID":"miw_private_client","KEYCLOAK_PUBLIC_CLIENT_ID":"miw_public_client","KEYCLOAK_REALM":"miw_test","MIW_URL":"https://a888-203-129-213-107.ngrok-free.app","SERVICE_SECURITY_ENABLED":true,"VC_SCHEMA_LINK":"https://www.w3.org/2018/credentials/v1, https://cofinity-x.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json"},"fullnameOverride":"verifiable-credential-revocation-service","host":"localhost","image":{"pullPolicy":"IfNotPresent","repository":"tractusx/verifiable-credential-revocation-service","tag":"latest"},"imagePullSecrets":[],"ingress":{"annotations":{},"className":"","enabled":false,"hosts":null,"service":{"port":8081,"type":"ClusterIP"},"tls":[]},"ingressName":"verifiable-credential-revocation-service-ingress","livenessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"periodSeconds":5,"timeoutSeconds":30},"nameOverride":"verifiable-credential-revocation-service","nodeSelector":{},"podAnnotations":{},"podLabels":{},"podSecurityContext":{},"readinessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"periodSeconds":30,"timeoutSeconds":30},"replicaCount":1,"resources":{},"rollingUpdate":{"enabled":true,"rollingUpdateMaxSurge":1,"rollingUpdateMaxUnavailable":0},"secretName":"verifiable-credential-revocation-service","secrets":{"DATABASE_PASSWORD":"defaultpassword","password":"defaultpassword","postgres-password":"defaultpassword"},"securityContext":{"allowPrivilegeEscalation":false},"serviceName":"verifiable-credential-revocation-service","tolerations":[],"volumeMounts":[],"volumes":[]}` | Values for Verifiable Credential Revocation Service application |
 | vcrs.configName | string | `"verifiable-credential-revocation-service"` | ConfigMap Name |
 | vcrs.database.encryptionKey.secret | string | `""` | Existing secret for database encryption key |
 | vcrs.database.encryptionKey.secretKey | string | `""` | Existing secret key for database encryption key |

From 00a86d50be726936dfe2857d23142021dfe87509 Mon Sep 17 00:00:00 2001
From: Nitin Vavdiya <nitin.vavdiya@smartsensesolutions.com>
Date: Wed, 25 Sep 2024 17:44:27 +0530
Subject: [PATCH 43/48] docs: README and sample in API doc are updated

---
 .github/workflows/release.yml                 | 250 ------------------
 charts/managed-identity-wallet/README.md      |   2 +-
 charts/managed-identity-wallet/values.yaml    |   2 +-
 docs/api/revocation-service/openapi_v001.json |  14 +-
 docs/arc42/revocation-service/main.md         |  30 +--
 .../apidocs/RevocationAPIDoc.java             |   3 +-
 revocation-service/README.md                  |  15 +-
 .../RevocationApiControllerApiDocs.java       |  14 +-
 .../revocation/TestUtil.java                  |   4 +-
 9 files changed, 42 insertions(+), 292 deletions(-)
 delete mode 100644 .github/workflows/release.yml

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
deleted file mode 100644
index e760bd4b..00000000
--- a/.github/workflows/release.yml
+++ /dev/null
@@ -1,250 +0,0 @@
-# Copyright (c) 2021-2023 Contributors to the Eclipse Foundation
-
-# See the NOTICE file(s) distributed with this work for additional
-# information regarding copyright ownership.
-
-# This program and the accompanying materials are made available under the
-# terms of the Apache License, Version 2.0 which is available at
-# https://www.apache.org/licenses/LICENSE-2.0.
-
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-# SPDX-License-Identifier: Apache-2.0
----
-
-    name: Semantic Release
-    on:
-      push:
-        branches:
-          - main
-          - develop
-      pull_request:
-        branches:
-          - main
-          - develop
-    
-    env:
-      IMAGE_NAMESPACE: "tractusx"
-      IMAGE_NAME: "managed-identity-wallet"
-    
-    jobs:
-    
-      semantic_release:
-        name: Repository Release
-        runs-on: ubuntu-latest
-        permissions:
-          # see https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
-          contents: write
-          pull-requests: write
-          packages: write
-        outputs:
-          next_release: ${{ steps.semantic-release.outputs.next_release }}
-          will_create_new_release: ${{ steps.semantic-release.outputs.will_create_new_release }}
-        steps:
-          - name: Checkout repository
-            uses: actions/checkout@v4
-    
-          - name: Validate Gradle wrapper
-            uses: gradle/wrapper-validation-action@v2
-    
-          - name: Setup Helm
-            uses: azure/setup-helm@v4.1.0
-    
-          - name: Setup JDK 17
-            uses: actions/setup-java@v4
-            with:
-              java-version: '17'
-              distribution: 'temurin'
-    
-          - name: Setup Node.js
-            uses: actions/setup-node@v4
-            with:
-              node-version: 20
-    
-            # setup helm-docs as it is needed during semantic-release
-          - uses: gabe565/setup-helm-docs-action@v1
-            name: Setup helm-docs
-            if: github.event_name != 'pull_request'
-            with:
-              version: v1.11.3
-    
-          - name: Run semantic release
-            id: semantic-release
-            if: github.event_name != 'pull_request'
-            env:
-              GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-              GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com
-              GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com
-            run: |
-              npx --yes -p @semantic-release/exec -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release
-    
-          - name: Run semantic release (dry run)
-            if: github.event_name == 'pull_request'
-            env:
-              GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-              GIT_AUTHOR_EMAIL: ${{ github.actor }}@users.noreply.github.com
-              GIT_COMMITTER_EMAIL: ${{ github.actor }}@users.noreply.github.com
-            run: |
-              npx --yes -p @semantic-release/exec -p @semantic-release/github -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release --dry-run
-    
-          - name: Execute Gradle build
-            run: ./gradlew build
-    
-          - name: Upload build artifact
-            uses: actions/upload-artifact@v4
-            with:
-              name: build
-              path: ./miw/build
-              if-no-files-found: error
-              retention-days: 1
-    
-          - name: Upload Helm chart artifact
-            uses: actions/upload-artifact@v4
-            with:
-              name: charts
-              path: ./charts
-              if-no-files-found: error
-              retention-days: 1
-    
-          - name: Report semantic-release outputs
-            run: |
-              echo "::notice::${{ env.next_release }}"
-              echo "::notice::${{ env.will_create_new_release }}"
-    
-          - name: Upload jar to GitHub release
-            if: github.event_name != 'pull_request' && steps.semantic-release.outputs.will_create_new_release == 'true'
-            env:
-              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-              RELEASE_VERSION: ${{ steps.semantic-release.outputs.next_release }}
-            run: |
-              echo "::notice::Uploading jar to GitHub release"
-              gh release upload "v$RELEASE_VERSION" ./miw/build/libs/miw-latest.jar
-    
-      docker:
-        name: Docker Release
-        needs: semantic_release
-        runs-on: ubuntu-latest
-        steps:
-          - name: Checkout repository
-            uses: actions/checkout@v4
-          - name: Download build artifact
-            uses: actions/download-artifact@v4
-            with:
-              name: build
-              path: ./miw/build
-    
-          - name: Download Helm chart artifact
-            uses: actions/download-artifact@v4
-            with:
-              name: charts
-              path: ./charts
-    
-          # Create SemVer or ref tags dependent of trigger event
-          - name: Docker meta
-            id: meta
-            uses: docker/metadata-action@v5
-            with:
-              images: |
-                ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
-              # Automatically prepare image tags; See action docs for more examples.
-              # semver patter will generate tags like these for example :1 :1.2 :1.2.3
-              tags: |
-                type=ref,event=branch
-                type=ref,event=pr
-                type=semver,pattern={{version}},value=${{ needs.semantic_release.outputs.next_release }}
-                type=semver,pattern={{major}},value=${{ needs.semantic_release.outputs.next_release }}
-                type=semver,pattern={{major}}.{{minor}},value=${{ needs.semantic_release.outputs.next_release }}
-                type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
-    
-          - name: DockerHub login
-            if: github.event_name != 'pull_request'
-            uses: docker/login-action@v3
-            with:
-              # Use existing DockerHub credentials present as secrets
-              username: ${{ secrets.DOCKER_HUB_USER }}
-              password: ${{ secrets.DOCKER_HUB_TOKEN }}
-    
-          - name: Push image
-            uses: docker/build-push-action@v5
-            with:
-              context: .
-              push: ${{ github.event_name != 'pull_request' }}
-              tags: ${{ steps.meta.outputs.tags }}
-              labels: ${{ steps.meta.outputs.labels }}
-    
-          # https://github.com/peter-evans/dockerhub-description
-          # Important step to push image description to DockerHub
-          - name: Update Docker Hub description
-            if: github.event_name != 'pull_request'
-            uses: peter-evans/dockerhub-description@v3
-            with:
-              # readme-filepath defaults to toplevel README.md, Only necessary if you have a dedicated file with your 'Notice for docker images'
-              readme-filepath: Docker-hub-notice.md
-              username: ${{ secrets.DOCKER_HUB_USER }}
-              password: ${{ secrets.DOCKER_HUB_TOKEN }}
-              repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
-    
-      helm:
-        name: Helm Release
-        needs: semantic_release
-        runs-on: ubuntu-latest
-        permissions:
-          contents: write
-        steps:
-          - name: Checkout repository
-            uses: actions/checkout@v4
-    
-          - name: Download Helm chart artifact
-            uses: actions/download-artifact@v4
-            with:
-              name: charts
-              path: ./charts
-    
-          - name: Install Helm
-            uses: azure/setup-helm@v4.1.0
-    
-          - name: Add Helm dependency repositories
-            run: |
-              helm repo add bitnami https://charts.bitnami.com/bitnami
-    
-          - name: Configure Git
-            run: |
-              git config user.name "$GITHUB_ACTOR"
-              git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
-    
-          - name: Release chart
-            if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true'
-            run: |
-              # Package MIW chart
-              helm_package_path=$(helm package -u -d helm-charts ./charts/managed-identity-wallet | grep -o 'to: .*' | cut -d' ' -f2-)
-              echo "HELM_PACKAGE_PATH=$helm_package_path" >> $GITHUB_ENV
-              
-              # Commit and push to gh-pages
-              git add helm-charts
-              git stash -- helm-charts
-              git reset --hard
-              git fetch origin
-              git checkout gh-pages
-              git stash pop
-              
-              # Generate helm repo index.yaml
-              helm repo index . --merge index.yaml --url https://${GITHUB_REPOSITORY_OWNER}.github.io/${GITHUB_REPOSITORY#*/}/
-              git add index.yaml
-              
-              git commit -s -m "Release ${{ needs.semantic_release.outputs.next_release }}"
-              
-              git push origin gh-pages
-    
-          - name: Upload chart to GitHub release
-            if: github.event_name != 'pull_request' && needs.semantic_release.outputs.will_create_new_release == 'true'
-            env:
-              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-              RELEASE_VERSION: ${{ needs.semantic_release.outputs.next_release }}
-              HELM_PACKAGE_PATH: ${{ env.HELM_PACKAGE_PATH }}
-            run: |
-              echo "::notice::Uploading chart to GitHub release"
-              gh release upload "v$RELEASE_VERSION" "$HELM_PACKAGE_PATH"
\ No newline at end of file
diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md
index 537db4c9..9c524424 100644
--- a/charts/managed-identity-wallet/README.md
+++ b/charts/managed-identity-wallet/README.md
@@ -201,7 +201,7 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document
 | serviceAccount.create | bool | `true` | Enable creation of ServiceAccount |
 | serviceAccount.name | string | `""` | The name of the ServiceAccount to use. |
 | tolerations | list | `[]` | Tolerations configuration |
-| vcrs | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":2,"minReplicas":1,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80},"configName":"verifiable-credential-revocation-service","database":{"encryptionKey":{"secret":"","secretKey":"","value":""}},"env":{"APPLICATION_LOG_LEVEL":"DEBUG","APPLICATION_NAME":"verifiable-credential-revocation-service","APPLICATION_PORT":8081,"APPLICATION_PROFILE":"local","APP_LOG_LEVEL":"INFO","AUTH_SERVER_URL":"http://{{ .Release.Name }}-keycloak","DATABASE_CONNECTION_POOL_SIZE":10,"DATABASE_HOST":"managed-identity-wallet-postgresql","DATABASE_NAME":"vcrs_app","DATABASE_PORT":5432,"DATABASE_USERNAME":"vcrs","DATABASE_USE_SSL_COMMUNICATION":false,"DOMAIN_URL":"https://977d-203-129-213-107.ngrok-free.app","ENABLE_API_DOC":true,"ENABLE_SWAGGER_UI":true,"KEYCLOAK_CLIENT_ID":"miw_private_client","KEYCLOAK_PUBLIC_CLIENT_ID":"miw_public_client","KEYCLOAK_REALM":"miw_test","MIW_URL":"https://a888-203-129-213-107.ngrok-free.app","SERVICE_SECURITY_ENABLED":true,"VC_SCHEMA_LINK":"https://www.w3.org/2018/credentials/v1, https://cofinity-x.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json"},"fullnameOverride":"verifiable-credential-revocation-service","host":"localhost","image":{"pullPolicy":"IfNotPresent","repository":"tractusx/verifiable-credential-revocation-service","tag":"latest"},"imagePullSecrets":[],"ingress":{"annotations":{},"className":"","enabled":false,"hosts":null,"service":{"port":8081,"type":"ClusterIP"},"tls":[]},"ingressName":"verifiable-credential-revocation-service-ingress","livenessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"periodSeconds":5,"timeoutSeconds":30},"nameOverride":"verifiable-credential-revocation-service","nodeSelector":{},"podAnnotations":{},"podLabels":{},"podSecurityContext":{},"readinessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"periodSeconds":30,"timeoutSeconds":30},"replicaCount":1,"resources":{},"rollingUpdate":{"enabled":true,"rollingUpdateMaxSurge":1,"rollingUpdateMaxUnavailable":0},"secretName":"verifiable-credential-revocation-service","secrets":{"DATABASE_PASSWORD":"defaultpassword","password":"defaultpassword","postgres-password":"defaultpassword"},"securityContext":{"allowPrivilegeEscalation":false},"serviceName":"verifiable-credential-revocation-service","tolerations":[],"volumeMounts":[],"volumes":[]}` | Values for Verifiable Credential Revocation Service application |
+| vcrs | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":2,"minReplicas":1,"targetCPUUtilizationPercentage":80,"targetMemoryUtilizationPercentage":80},"configName":"verifiable-credential-revocation-service","database":{"encryptionKey":{"secret":"","secretKey":"","value":""}},"env":{"APPLICATION_LOG_LEVEL":"DEBUG","APPLICATION_NAME":"verifiable-credential-revocation-service","APPLICATION_PORT":8081,"APPLICATION_PROFILE":"local","APP_LOG_LEVEL":"INFO","AUTH_SERVER_URL":"http://{{ .Release.Name }}-keycloak","DATABASE_CONNECTION_POOL_SIZE":10,"DATABASE_HOST":"managed-identity-wallet-postgresql","DATABASE_NAME":"vcrs_app","DATABASE_PORT":5432,"DATABASE_USERNAME":"vcrs","DATABASE_USE_SSL_COMMUNICATION":false,"DOMAIN_URL":"https://977d-203-129-213-107.ngrok-free.app","ENABLE_API_DOC":true,"ENABLE_SWAGGER_UI":true,"KEYCLOAK_CLIENT_ID":"miw_private_client","KEYCLOAK_PUBLIC_CLIENT_ID":"miw_public_client","KEYCLOAK_REALM":"miw_test","MIW_URL":"https://a888-203-129-213-107.ngrok-free.app","SERVICE_SECURITY_ENABLED":true,"VC_SCHEMA_LINK":"https://www.w3.org/2018/credentials/v1, https://w3id.org/vc/status-list/2021/v1"},"fullnameOverride":"verifiable-credential-revocation-service","host":"localhost","image":{"pullPolicy":"IfNotPresent","repository":"tractusx/verifiable-credential-revocation-service","tag":"latest"},"imagePullSecrets":[],"ingress":{"annotations":{},"className":"","enabled":false,"hosts":null,"service":{"port":8081,"type":"ClusterIP"},"tls":[]},"ingressName":"verifiable-credential-revocation-service-ingress","livenessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"periodSeconds":5,"timeoutSeconds":30},"nameOverride":"verifiable-credential-revocation-service","nodeSelector":{},"podAnnotations":{},"podLabels":{},"podSecurityContext":{},"readinessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"periodSeconds":30,"timeoutSeconds":30},"replicaCount":1,"resources":{},"rollingUpdate":{"enabled":true,"rollingUpdateMaxSurge":1,"rollingUpdateMaxUnavailable":0},"secretName":"verifiable-credential-revocation-service","secrets":{"DATABASE_PASSWORD":"defaultpassword","password":"defaultpassword","postgres-password":"defaultpassword"},"securityContext":{"allowPrivilegeEscalation":false},"serviceName":"verifiable-credential-revocation-service","tolerations":[],"volumeMounts":[],"volumes":[]}` | Values for Verifiable Credential Revocation Service application |
 | vcrs.configName | string | `"verifiable-credential-revocation-service"` | ConfigMap Name |
 | vcrs.database.encryptionKey.secret | string | `""` | Existing secret for database encryption key |
 | vcrs.database.encryptionKey.secretKey | string | `""` | Existing secret key for database encryption key |
diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml
index 96e70c47..16849bd3 100644
--- a/charts/managed-identity-wallet/values.yaml
+++ b/charts/managed-identity-wallet/values.yaml
@@ -398,7 +398,7 @@ vcrs:
     AUTH_SERVER_URL: "http://{{ .Release.Name }}-keycloak"
     # -- Revocation application configuration
     MIW_URL: https://a888-203-129-213-107.ngrok-free.app
-    VC_SCHEMA_LINK: https://www.w3.org/2018/credentials/v1, https://cofinity-x.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json
+    VC_SCHEMA_LINK: https://www.w3.org/2018/credentials/v1, https://w3id.org/vc/status-list/2021/v1
     DOMAIN_URL: https://977d-203-129-213-107.ngrok-free.app
     # Application logging configurations
     APP_LOG_LEVEL: INFO
diff --git a/docs/api/revocation-service/openapi_v001.json b/docs/api/revocation-service/openapi_v001.json
index 423ead47..0e95ff5a 100644
--- a/docs/api/revocation-service/openapi_v001.json
+++ b/docs/api/revocation-service/openapi_v001.json
@@ -47,7 +47,7 @@
                 "statusPurpose" : "revocation",
                 "statusListIndex" : "12",
                 "statusListCredential" : "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
-                "type" : "BitstringStatusListEntry"
+                "type" : "StatusList2021"
               }
             }
           },
@@ -122,7 +122,7 @@
                   "statusPurpose" : "revocation",
                   "statusListIndex" : "17",
                   "statusListCredential" : "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
-                  "type" : "BitstringStatusListEntry"
+                  "type" : "StatusList2021"
                 }
               }
             }
@@ -155,7 +155,7 @@
                 "statusPurpose" : "revocation",
                 "statusListIndex" : "12",
                 "statusListCredential" : "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
-                "type" : "BitstringStatusListEntry"
+                "type" : "StatusList2021"
               }
             }
           },
@@ -170,7 +170,7 @@
             "content" : {
               "application/json" : {
                 "example" : {
-                  "type" : "BitstringStatusListEntry",
+                  "type" : "StatusList2021",
                   "title" : "Revocation service error",
                   "status" : "409",
                   "detail" : "Credential already revoked",
@@ -240,13 +240,13 @@
                 "example" : {
                   "@context" : [
                     "https://www.w3.org/2018/credentials/v1",
-                    "https://eclipse-tractusx.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json",
+                    "https://w3id.org/vc/status-list/2021/v1",
                     "https://w3id.org/security/suites/jws-2020/v1"
                   ],
                   "id" : "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
                   "type" : [
                     "VerifiableCredential",
-                    "BitstringStatusListCredential"
+                    "StatusList2021Credential"
                   ],
                   "issuer" : "did:web:localhost:BPNL000000000000",
                   "issuanceDate" : "2024-02-05T09:39:58Z",
@@ -254,7 +254,7 @@
                     {
                       "statusPurpose" : "revocation",
                       "id" : "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
-                      "type" : "BitstringStatusList",
+                      "type" : "StatusList2021",
                       "encodedList" : "H4sIAAAAAAAA/wMAAAAAAAAAAAA="
                     }
                   ],
diff --git a/docs/arc42/revocation-service/main.md b/docs/arc42/revocation-service/main.md
index 3c334cf3..8afdad6e 100644
--- a/docs/arc42/revocation-service/main.md
+++ b/docs/arc42/revocation-service/main.md
@@ -13,7 +13,7 @@ not work.
 Simply deleting credentials will not work as there might be possible that holder save credentials in other location and
 present it to verifier.
 
-When any business partner deboarded from Cofinity-X
+When any business partner deboarded from Catena-X
 
 When there a any changes in credentials or updates needed in credentials. In this case, we need to revoke the older VC
 and need to reissue it.
@@ -26,17 +26,17 @@ The core functionalities are:
 
 ## Cross-cutting Concepts
 
-Please refer to this for more information: [Bitstring Status List v1.0](https://www.w3.org/TR/vc-bitstring-status-list/)
+Please refer to this for more information: [Status List 2021](https://www.w3.org/TR/2023/WD-vc-status-list-20230427)
 
 ## Requirements Overview
 
 The basic requirements for the Managed Identity Wallet are as follows:
 
-- issue status list to all issuer using REST API
+- issue status list to all issuers using REST API
 
 - Manage status list index for each issuer
 
-- Allow issuer to revoke credential using REST API
+- Allow issuers to revoke credentials using REST API
 
 - Allow verifier to verify status of credential using REST API
 
@@ -48,7 +48,7 @@ The basic requirements for the Managed Identity Wallet are as follows:
 2. The current index should be created for each issued revocable VC
 3. while revocation, the correct index should be revoked
 4. The application should work in case of horizontal scanning
-5. Only Authorizae user/client can access the revocation API
+5. Only Authorize user/client can access the revocation API
 6. One status list index should be created for one VC
 7. Sonar quality gate should be passed
 8. No issues in veracode scanning
@@ -58,7 +58,7 @@ The basic requirements for the Managed Identity Wallet are as follows:
 
 The key stakeholders of the component are:
 
-- Issuer: Issuer should able to issue revocable credentials and able to revoke issued credentials when there a need
+- Issuer: Issuer should be able to issue revocable credentials and able to revoke issued credentials when there a need
 
 - Verifier: Verify status of credential(active/revoked) along with signature and expiry date verification
 
@@ -139,7 +139,7 @@ Response Body:
     "statusPurpose": "revocation",
     "statusListIndex": "12",
     "statusListCredential": "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
-    "type": "BitstringStatusListEntry"
+    "type": "StatusList2021"
 }
 
 ```
@@ -159,13 +159,13 @@ Response:
 {
     "@context": [
         "https://www.w3.org/2018/credentials/v1",
-        "https://eclipse-tractusx.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json",
+        "https://w3id.org/vc/status-list/2021/v1",
         "https://w3id.org/security/suites/jws-2020/v1"
     ],
     "id": "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
     "type": [
         "VerifiableCredential",
-        "BitstringStatusListCredential"
+        "StatusList2021Credential"
     ],
     "issuer": "did:web:localhost:BPNL000000000000",
     "issuanceDate": "2024-02-05T09:39:58Z",
@@ -173,7 +173,7 @@ Response:
         {
             "statusPurpose": "revocation",
             "id": "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
-            "type": "BitstringStatusList",
+            "type": "StatusList2021",
             "encodedList": "H4sIAAAAAAAA/wMAAAAAAAAAAAA="
         }
     ],
@@ -203,7 +203,7 @@ Request:
     "statusPurpose": "revocation",
     "statusListIndex": "12",
     "statusListCredential": "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
-    "type": "BitstringStatusListEntry"
+    "type": "StatusList2021"
 }
 ```
 
@@ -227,7 +227,7 @@ Request:
     "statusPurpose": "revocation",
     "statusListIndex": "12",
     "statusListCredential": "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
-    "type": "BitstringStatusListEntry"
+    "type": "StatusList2021"
 }
 ```
 
@@ -333,11 +333,11 @@ For local setup, instruction will be added in README.md file
 
 # Guiding Concepts
 
-Please refer: https://www.w3.org/TR/vc-bitstring-status-list/
+Please refer: https://www.w3.org/TR/2023/WD-vc-status-list-20230427
 
 # Design Decisions
 
-Revocation service is developed at Cofinity-X and as per discussion with product owner of MIW cofinity-x has decided to
+Revocation service is developed at Cofinity-X and as per discussion with a product owner of MIW cofinity-x has decided to
 contribute to the eclipse tractus-x
 
 # Quality Requirements
@@ -389,7 +389,7 @@ requirements where relevant and applicable:
 | VC                      | Verifiable Credential                                                                                                            |
 | VP                      | Verifiable Presentation                                                                                                          |
 | Wallet                  | Virtual placeholder for business partner which holds VCs                                                                         |
-| Base wallet             | Wallet for Cofinity-X. CX type of VC will be issued using this wallet                                                            |
+| Base wallet             | Wallet for Operating company . CX type of VC will be issued using this wallet                                                    |
 | Status list credential  | [https://www.w3.org/TR/vc-status-list/#statuslist2021credential](https://www.w3.org/TR/vc-status-list/#statuslist2021credential) |
 | Status list entry       | [https://www.w3.org/TR/vc-status-list/#statuslist2021credential](https://www.w3.org/TR/vc-status-list/#statuslist2021credential) |
 | Status list index       | [https://www.w3.org/TR/vc-status-list/#statuslist2021entry](https://www.w3.org/TR/vc-status-list/#statuslist2021entry)           |
diff --git a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/apidocs/RevocationAPIDoc.java b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/apidocs/RevocationAPIDoc.java
index ed03dbaf..d631047f 100644
--- a/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/apidocs/RevocationAPIDoc.java
+++ b/miw/src/main/java/org/eclipse/tractusx/managedidentitywallets/apidocs/RevocationAPIDoc.java
@@ -134,7 +134,6 @@ public class RevocationAPIDoc {
                                     "@context":
                                     [
                                         "https://www.w3.org/2018/credentials/v1",
-                                        "https://cofinity-x.github.io/schema-registry/v1.1/SummaryVC.json",
                                         "https://w3id.org/security/suites/jws-2020/v1",
                                         "https://w3id.org/vc/status-list/2021/v1"
                                     ],
@@ -146,7 +145,7 @@ public class RevocationAPIDoc {
                                         "statusPurpose": "revocation",
                                         "statusListIndex": "1",
                                         "statusListCredential": "https://7337-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials?issuerId=did:web:localhost:BPNL000000000000",
-                                        "type": "BitstringStatusListEntry"
+                                        "type": "StatusList2021"
                                     }
                                 }
                     """))
diff --git a/revocation-service/README.md b/revocation-service/README.md
index 2f27eec6..9130d099 100644
--- a/revocation-service/README.md
+++ b/revocation-service/README.md
@@ -1,6 +1,7 @@
-# Bitstring Statuslist Service
+# Statuslist2021 revocation service Service
 
-This service is responsible for managing the status of credentials using a Bitstring status list. It supports operations such as creating, revoking, and retrieving credential statuses.
+This service is responsible for managing the status of credentials using a status list 2021.
+It supports operations such as creating, revoking, and retrieving credential statuses.
 
 ## Prerequisites
 
@@ -11,7 +12,7 @@ Before you begin, ensure you have met the following requirements:
 - Keycloak service is operational and accessible.
 - Postgres database service is running and accessible.
 - Environment variables are configured according to the application's requirements.
-- MIW is deployed and accessable
+- MIW is deployed and accessible
 - Be sure the right ssi-lib version is installed
 
 ## Environment Configuration
@@ -47,7 +48,7 @@ The application can be configured using environment variables. Below are the ava
 
 The application integrates with Keycloak for OAuth2 authentication and authorization:
 
-- **SERVICE_SECURITY_ENABLED**: Flag to enable or disable Servive Security integration for Disabling Swagger and other Endpoints. Defaults to true, false only for test purposes recommended.
+- **SERVICE_SECURITY_ENABLED**: Flag to enable or disable service Security integration for Disabling Swagger and other Endpoints. Defaults to true, false only for test purposes recommended.
 
 The application integrates with Keycloak for OAuth2 authentication and authorization:
 
@@ -80,15 +81,15 @@ Be sure to replace placeholder values in the environment variables with actual d
 
 Ensure that the middleware (MIW) is running, as it is used to sign the status list credentials.
 
-An Overview how to start the middleware can be found under the Readme.md in here:[README.md](..%2Fmiw%2FREADME.md)
+An Overview of how to start the middleware can be found under the Readme.md in here:[README.md](..%2Fmiw%2FREADME.md)
 
 ## Starting Services
 
-To start the Bitstring Statuslist Service, follow these steps:
+To start the Statuslist2021 Service, follow these steps:
 
 1. **Start Keycloak and Postgres:**
 
-   Ensure that both Keycloak and Postgres services are running. For development purposes the Keycloak and
+   Ensure that both Keycloak and Postgres services are running. For development purposes, the Keycloak and
    Postgres from the MIW Dev Setup can be used if not
    already running with the MIW Task deployment.
 
diff --git a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/apidocs/RevocationApiControllerApiDocs.java b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/apidocs/RevocationApiControllerApiDocs.java
index 0f63fc68..c93c0794 100644
--- a/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/apidocs/RevocationApiControllerApiDocs.java
+++ b/revocation-service/src/main/java/org/eclipse/tractusx/managedidentitywallets/revocation/apidocs/RevocationApiControllerApiDocs.java
@@ -81,7 +81,7 @@ public class RevocationApiControllerApiDocs {
                                                 "statusPurpose": "revocation",
                                                 "statusListIndex": "12",
                                                 "statusListCredential": "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
-                                                "type": "BitstringStatusListEntry"
+                                                "type": "StatusList2021"
                                             }
                                             """),
                             mediaType = "application/json")
@@ -117,7 +117,7 @@ public class RevocationApiControllerApiDocs {
                                     @ExampleObject(
                                             value = """
                                                     {
-                                                        "type": "BitstringStatusListEntry",
+                                                        "type": "StatusList2021",
                                                         "title": "Revocation service error",
                                                         "status": "409",
                                                         "detail": "Credential already revoked",
@@ -142,7 +142,7 @@ public class RevocationApiControllerApiDocs {
                                                 "statusPurpose": "revocation",
                                                 "statusListIndex": "12",
                                                 "statusListCredential": "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
-                                                "type": "BitstringStatusListEntry"
+                                                "type": "StatusList2021"
                                             }
                                             """),
                             mediaType = "application/json")
@@ -170,7 +170,7 @@ public class RevocationApiControllerApiDocs {
                                                                 "statusPurpose": "revocation",
                                                                 "statusListIndex": "17",
                                                                 "statusListCredential": "https://977d-203-129-213-107.ngrok-free.app/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
-                                                                "type": "BitstringStatusListEntry"
+                                                                "type": "StatusList2021"
                                                             }
                                                             """),
                                             mediaType = "application/json")
@@ -223,14 +223,14 @@ public class RevocationApiControllerApiDocs {
                                                                 "@context":
                                                                 [
                                                                     "https://www.w3.org/2018/credentials/v1",
-                                                                    "https://eclipse-tractusx.github.io/schema-registry/w3c/v1.0/BitstringStatusList.json",
+                                                                    "https://w3id.org/vc/status-list/2021/v1",
                                                                     "https://w3id.org/security/suites/jws-2020/v1"
                                                                 ],
                                                                 "id": "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
                                                                 "type":
                                                                 [
                                                                     "VerifiableCredential",
-                                                                    "BitstringStatusListCredential"
+                                                                    "StatusList2021Credential"
                                                                 ],
                                                                 "issuer": "did:web:localhost:BPNL000000000000",
                                                                 "issuanceDate": "2024-02-05T09:39:58Z",
@@ -239,7 +239,7 @@ public class RevocationApiControllerApiDocs {
                                                                     {
                                                                         "statusPurpose": "revocation",
                                                                         "id": "http://localhost/api/v1/revocations/credentials/BPNL000000000000/revocation/1",
-                                                                        "type": "BitstringStatusList",
+                                                                        "type": "StatusList2021",
                                                                         "encodedList": "H4sIAAAAAAAA/wMAAAAAAAAAAAA="
                                                                     }
                                                                 ],
diff --git a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/TestUtil.java b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/TestUtil.java
index 6dc27476..69df4ade 100644
--- a/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/TestUtil.java
+++ b/revocation-service/src/test/java/org/eclipse/tractusx/managedidentitywallets/revocation/TestUtil.java
@@ -93,7 +93,7 @@ public static VerifiableCredentialBuilder mockStatusListVC(
                 new VerifiableCredentialBuilder()
                         .context(VC_CONTEXTS)
                         .id(URI.create(issuer + "#" + index))
-                        .type(List.of("VerifiableCredential", "BitstringStatusListCredential"))
+                        .type(List.of("VerifiableCredential", "StatusList2021Credential"))
                         .issuer(URI.create(issuer))
                         .expirationDate(Instant.now().plusSeconds(200000000L))
                         .issuanceDate(Instant.now())
@@ -149,7 +149,7 @@ public static Map<String, Object> mockStatusList(String encodedList) {
         Map<String, Object> credentialSubjectMap = new HashMap<String, Object>();
         credentialSubjectMap.put(
                 StatusListCredentialSubject.SUBJECT_ID, STATUS_LIST_CREDENTIAL_SUBJECT_ID);
-        credentialSubjectMap.put(StatusListCredentialSubject.SUBJECT_TYPE, "BitstringStatusList");
+        credentialSubjectMap.put(StatusListCredentialSubject.SUBJECT_TYPE, "StatusList2021");
         credentialSubjectMap.put(StatusListCredentialSubject.SUBJECT_STATUS_PURPOSE, "revocation");
         credentialSubjectMap.put(StatusListCredentialSubject.SUBJECT_ENCODED_LIST, encodedList);
         return credentialSubjectMap;

From 8db88f01e3715177bebdf10ce0e87c0607b04402 Mon Sep 17 00:00:00 2001
From: Ronak Thacker <ronak.thacker@smartsensesolutions.com>
Date: Thu, 26 Sep 2024 11:24:29 +0530
Subject: [PATCH 44/48] feat: trufflehog workgflow added

---
 .github/workflows/trufflehog.yml |  60 ++++++++++++++
 .github/workflows/verify.yml     | 129 +++++++++++++++++++++++++++++++
 2 files changed, 189 insertions(+)
 create mode 100644 .github/workflows/trufflehog.yml
 create mode 100644 .github/workflows/verify.yml

diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml
new file mode 100644
index 00000000..72e41a6b
--- /dev/null
+++ b/.github/workflows/trufflehog.yml
@@ -0,0 +1,60 @@
+#
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+name: "TruffleHog"
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: ["main"]
+  schedule:
+    - cron: "0 0 * * *" # Once a day
+  workflow_dispatch:
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+  id-token: write
+  issues: write
+
+jobs:
+  ScanSecrets:
+    name: Scan secrets
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Ensure full clone for pull request workflows
+
+      - name: TruffleHog OSS
+        id: trufflehog
+        uses: trufflesecurity/trufflehog@8a8ef8526527dd5f5d731d8e74843c121777b82d #v3.80.2
+        continue-on-error: true
+        with:
+          path: ./  # Scan the entire repository
+          base: "${{ github.event.repository.default_branch }}"  # Set base branch for comparison (pull requests)
+          extra_args: --filter-entropy=4 --results=verified,unknown --debug
+
+      - name: Scan Results Status
+        if: steps.trufflehog.outcome == 'failure'
+        run: exit 1  # Set workflow run to failure if TruffleHog finds secrets
diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml
new file mode 100644
index 00000000..3e0f0d75
--- /dev/null
+++ b/.github/workflows/verify.yml
@@ -0,0 +1,129 @@
+#
+#  Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+#  See the NOTICE file(s) distributed with this work for additional
+#  information regarding copyright ownership.
+#
+#  This program and the accompanying materials are made available under the
+#  terms of the Apache License, Version 2.0 which is available at
+#  https://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#
+
+---
+name: "Verify"
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [ opened, synchronize, reopened ]
+    branches: [ main ]
+    paths:
+      - 'src/**'
+      - ".github/**"
+      - 'gradle.properties'
+      - 'build.gradle'
+      - 'settings.gradle'
+  push:
+    branches: [ main ]
+    paths:
+      - 'src/**'
+      - ".github/**"
+      - 'gradle.properties'
+      - 'build.gradle'
+      - 'settings.gradle'
+
+jobs:
+  verify-license-headers:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3.5.2
+      - name: "Check for files without a license header"
+        run: |-
+          # checks all java, yaml, kts and sql files for an Apache 2.0 license header
+          cmd="grep -riL \"SPDX-License-Identifier: Apache-2.0\" --include=\*.{java,yaml,yml,kts,sql} --exclude-dir={.gradle,\*\openapi} ."
+          violations=$(eval $cmd | wc -l)
+          if [[ $violations -ne 0 ]] ; then
+            echo "$violations files without license headers were found:";
+            eval $cmd;
+            exit 1;
+          fi
+  Review-Allowed-Licenses:
+    runs-on: ubuntu-latest
+    continue-on-error: false
+    if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
+    steps:
+      - uses: actions/checkout@v4
+      - name: 'Check Allowed Licenses'
+        uses: actions/dependency-review-action@v4
+        with:
+          fail-on-severity: critical
+          # Representation of this list: https://www.eclipse.org/legal/licenses.php#
+          # Expressed with the help of the following IDs: https://spdx.org/licenses/
+          allow-licenses: >-
+            Adobe-Glyph, Apache-1.0, Apache-1.1, Apache-2.0, Artistic-2.0, BSD-2-Clause, BSD-3-Clause,
+            BSD-4-Clause, 0BSD, BSL-1.0, CDDL-1.0, CDDL-1.1, CPL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-2.5,
+            CC-BY-SA-3.0, CC-BY-SA-4.0, CC0-1.0, EPL-1.0, EPL-2.0, FTL, GFDL-1.3-only, IPL-1.0, ISC,
+            MIT, MIT-0, MPL-1.1, MPL-2.0, NTP, OpenSSL, PHP-3.01, PostgreSQL, OFL-1.1, Unlicense,
+            Unicode-DFS-2015, Unicode-DFS-2016, Unicode-TOU, UPL-1.0, W3C-20150513, W3C-19980720, W3C,
+            WTFPL, X11, Zlib, ZPL-2.1, AGPL-3.0
+
+  Dash-Verify-Licenses:
+    runs-on: ubuntu-latest
+    if: github.event_name != 'schedule' && github.event_name != 'workflow_dispatch'
+    steps:
+      - uses: actions/checkout@v4
+      - uses: eclipse-edc/.github/.github/actions/setup-build@main
+      - name: Download latest Eclipse Dash
+        run: |
+          curl -L https://repo.eclipse.org/service/local/artifact/maven/redirect\?r\=dash-licenses\&g\=org.eclipse.dash\&a\=org.eclipse.dash.licenses\&v\=LATEST --output dash.jar
+      - name: Regenerate DEPENDENCIES
+        run: |
+          # dash returns a nonzero exit code if there are libs that need review. the "|| true" avoids that
+          ./gradlew dependencies | grep -Poh "(?<=\s)[\w.-]+:[\w.-]+:[^:\s\[\]]+" | sort | uniq | java -jar dash.jar - -summary DEPENDENCIES-gen || true
+
+          # error if DEPENDENCIES is empty
+          grep -E 'maven' DEPENDENCIES-gen | if test $(wc -l) -lt 1; then
+            echo "::error file=DEPENDENCIES-gen,title=Dependencies file is corrupted, please run the workflow again"
+            exit 1
+          fi
+
+          # log warning if restricted deps are found
+          grep -E 'restricted' DEPENDENCIES-gen | if test $(wc -l) -gt 0; then
+            echo "::warning file=DEPENDENCIES,title=Restricted Dependencies found::Some dependencies are marked 'restricted' - please review them"
+          fi
+
+          # log error and fail job if rejected deps are found
+          grep -E 'rejected' DEPENDENCIES-gen | if test $(wc -l) -gt 0; then
+            echo "::error file=DEPENDENCIES,title=Rejected Dependencies found::Some dependencies are marked 'rejected', they cannot be used"
+            exit 1
+          fi
+
+      - name: Check for differences
+        run: |
+          if diff DEPENDENCIES DEPENDENCIES-gen ; then
+            echo "DEPENDENCIES up-do-date"
+          else
+            diff DEPENDENCIES DEPENDENCIES-gen || true
+            echo "------------------------------------------------------------"
+            echo "=== Please copy the following content back to DEPENDENCIES ==="
+            cat DEPENDENCIES-gen
+            echo "=== end of content ==="
+            echo "::error file=DEPENDENCIES,title=Dependencies outdated::The DEPENDENCIES file was outdated and must be regenerated. Check the output of this job for more information"
+            exit 1
+          fi
+  unit-tests:
+    runs-on: ubuntu-latest
+    needs: [ Review-Allowed-Licenses, Dash-Verify-Licenses ]
+    steps:
+      - uses: actions/checkout@v3.5.2
+      - uses: ./.github/actions/setup-java
+      - name: Run Unit tests
+        run: ./gradlew test

From 4af4a71f81a9af12ff91952e5d78f2aee594f70c Mon Sep 17 00:00:00 2001
From: Ronak Thacker <ronak.thacker@smartsensesolutions.com>
Date: Thu, 26 Sep 2024 12:17:47 +0530
Subject: [PATCH 45/48] refactor: removed verify workflow

---
 .github/workflows/verify.yml | 129 -----------------------------------
 1 file changed, 129 deletions(-)
 delete mode 100644 .github/workflows/verify.yml

diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml
deleted file mode 100644
index 3e0f0d75..00000000
--- a/.github/workflows/verify.yml
+++ /dev/null
@@ -1,129 +0,0 @@
-#
-#  Copyright (c) 2024 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-
----
-name: "Verify"
-
-on:
-  workflow_dispatch:
-  pull_request:
-    types: [ opened, synchronize, reopened ]
-    branches: [ main ]
-    paths:
-      - 'src/**'
-      - ".github/**"
-      - 'gradle.properties'
-      - 'build.gradle'
-      - 'settings.gradle'
-  push:
-    branches: [ main ]
-    paths:
-      - 'src/**'
-      - ".github/**"
-      - 'gradle.properties'
-      - 'build.gradle'
-      - 'settings.gradle'
-
-jobs:
-  verify-license-headers:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3.5.2
-      - name: "Check for files without a license header"
-        run: |-
-          # checks all java, yaml, kts and sql files for an Apache 2.0 license header
-          cmd="grep -riL \"SPDX-License-Identifier: Apache-2.0\" --include=\*.{java,yaml,yml,kts,sql} --exclude-dir={.gradle,\*\openapi} ."
-          violations=$(eval $cmd | wc -l)
-          if [[ $violations -ne 0 ]] ; then
-            echo "$violations files without license headers were found:";
-            eval $cmd;
-            exit 1;
-          fi
-  Review-Allowed-Licenses:
-    runs-on: ubuntu-latest
-    continue-on-error: false
-    if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
-    steps:
-      - uses: actions/checkout@v4
-      - name: 'Check Allowed Licenses'
-        uses: actions/dependency-review-action@v4
-        with:
-          fail-on-severity: critical
-          # Representation of this list: https://www.eclipse.org/legal/licenses.php#
-          # Expressed with the help of the following IDs: https://spdx.org/licenses/
-          allow-licenses: >-
-            Adobe-Glyph, Apache-1.0, Apache-1.1, Apache-2.0, Artistic-2.0, BSD-2-Clause, BSD-3-Clause,
-            BSD-4-Clause, 0BSD, BSL-1.0, CDDL-1.0, CDDL-1.1, CPL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-2.5,
-            CC-BY-SA-3.0, CC-BY-SA-4.0, CC0-1.0, EPL-1.0, EPL-2.0, FTL, GFDL-1.3-only, IPL-1.0, ISC,
-            MIT, MIT-0, MPL-1.1, MPL-2.0, NTP, OpenSSL, PHP-3.01, PostgreSQL, OFL-1.1, Unlicense,
-            Unicode-DFS-2015, Unicode-DFS-2016, Unicode-TOU, UPL-1.0, W3C-20150513, W3C-19980720, W3C,
-            WTFPL, X11, Zlib, ZPL-2.1, AGPL-3.0
-
-  Dash-Verify-Licenses:
-    runs-on: ubuntu-latest
-    if: github.event_name != 'schedule' && github.event_name != 'workflow_dispatch'
-    steps:
-      - uses: actions/checkout@v4
-      - uses: eclipse-edc/.github/.github/actions/setup-build@main
-      - name: Download latest Eclipse Dash
-        run: |
-          curl -L https://repo.eclipse.org/service/local/artifact/maven/redirect\?r\=dash-licenses\&g\=org.eclipse.dash\&a\=org.eclipse.dash.licenses\&v\=LATEST --output dash.jar
-      - name: Regenerate DEPENDENCIES
-        run: |
-          # dash returns a nonzero exit code if there are libs that need review. the "|| true" avoids that
-          ./gradlew dependencies | grep -Poh "(?<=\s)[\w.-]+:[\w.-]+:[^:\s\[\]]+" | sort | uniq | java -jar dash.jar - -summary DEPENDENCIES-gen || true
-
-          # error if DEPENDENCIES is empty
-          grep -E 'maven' DEPENDENCIES-gen | if test $(wc -l) -lt 1; then
-            echo "::error file=DEPENDENCIES-gen,title=Dependencies file is corrupted, please run the workflow again"
-            exit 1
-          fi
-
-          # log warning if restricted deps are found
-          grep -E 'restricted' DEPENDENCIES-gen | if test $(wc -l) -gt 0; then
-            echo "::warning file=DEPENDENCIES,title=Restricted Dependencies found::Some dependencies are marked 'restricted' - please review them"
-          fi
-
-          # log error and fail job if rejected deps are found
-          grep -E 'rejected' DEPENDENCIES-gen | if test $(wc -l) -gt 0; then
-            echo "::error file=DEPENDENCIES,title=Rejected Dependencies found::Some dependencies are marked 'rejected', they cannot be used"
-            exit 1
-          fi
-
-      - name: Check for differences
-        run: |
-          if diff DEPENDENCIES DEPENDENCIES-gen ; then
-            echo "DEPENDENCIES up-do-date"
-          else
-            diff DEPENDENCIES DEPENDENCIES-gen || true
-            echo "------------------------------------------------------------"
-            echo "=== Please copy the following content back to DEPENDENCIES ==="
-            cat DEPENDENCIES-gen
-            echo "=== end of content ==="
-            echo "::error file=DEPENDENCIES,title=Dependencies outdated::The DEPENDENCIES file was outdated and must be regenerated. Check the output of this job for more information"
-            exit 1
-          fi
-  unit-tests:
-    runs-on: ubuntu-latest
-    needs: [ Review-Allowed-Licenses, Dash-Verify-Licenses ]
-    steps:
-      - uses: actions/checkout@v3.5.2
-      - uses: ./.github/actions/setup-java
-      - name: Run Unit tests
-        run: ./gradlew test

From 969d6a023d061240c5d2d205acae0837b41f6b3d Mon Sep 17 00:00:00 2001
From: semantic-release-bot <nitin-vavdiya@users.noreply.github.com>
Date: Fri, 18 Oct 2024 04:55:10 +0000
Subject: [PATCH 46/48] chore(release): 1.0.0-develop.5 [skip ci]

# [1.0.0-develop.5](https://github.com/eclipse-tractusx/managed-identity-wallet/compare/v1.0.0-develop.4...v1.0.0-develop.5) (2024-10-18)

### Bug Fixes

* chart workflows ([3d0fbf9](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/3d0fbf9d18be9f3078e9c427a8f3239ae5a67b53))
* compilation error ([90ef524](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/90ef5241d38e678eff5064c2cd5edb0e6fdc1541))
* copy path in docker file ([ad65e01](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/ad65e0196d40bea81d600c50170bbf31f988eaf9))
* dependencies addded at individual project level ([60e3a5c](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/60e3a5ccf7a77a6efc6428650d9f3091e6002707))
* docker context path ([ce29cb8](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/ce29cb8287293a88745ec2c9bbb5d938564c568a))
* dockerfile ([234a7a0](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/234a7a05d6839409b1a62a1d15ac3a424cfad20c))
* dockerfile and dockerfile location ([042292f](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/042292f1d4ebf6018721af1f748f3598ee619aa9))
* failing test ([a99ca32](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/a99ca32e870a328858913f60c3bae28ca1f315dd))
* failing test cases ([e91b6a0](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/e91b6a0330b65d09bc24b6c38086d17ee16a761c))
* file copy path in Dockerfile ([7d76b00](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/7d76b0002615720ed2c0a1f0d45e2ca5bef642be))
* modefied the value for the replicas ([14a67e1](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/14a67e1b982569ddf6e3becd8176fc346b5ef731))
* more test added ([e739cdc](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/e739cdc6be1cc8c0c9d3cf2dde8b1b2ef0055b22))
* random port added for management url ([6b118b2](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/6b118b270ff77f93ee26be8de53706ddba9de277))
* revocation service dockerfile ([28796db](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/28796dbe1642d1255f4cfd309ce3332055abf39a))
* sonar issues ([643493d](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/643493df5b862bbc1a86b30360706180d78aa19e))
* sonar issues ([b1c5417](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/b1c54176cfba899fbcfed32dc1d028cc028e0a68))
* status list changed to 2021 from bitstring ([546908b](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/546908b5e13ce4a0695fa5ade42a14a1abb88a2b))
* status list VS as JSON-LD ([65dd812](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/65dd8124787e7897260e720d42b17e61cdb8955c))
* test cases due to revocation client ([02ccd31](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/02ccd3112bbed9ff14f8f487a5df40eaced79eba))
* tests ([df62fcc](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/df62fcc2e5c841a4cfd893d99fad22d90d34e792))
* user added in dockerfile ([44b46ff](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/44b46ff81ae0730946a198fd26de199755f1df77))
* zap scan errors ([074ab2d](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/074ab2df61f94776d23b45eebc87220fbd61a0ef))
* zap scan errors ([c162cad](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/c162cada45cd0a885d0546214a18a32a7ac41f02))

### Features

* Helm charts for revocation service ([badb46d](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/badb46d7d90232d661665a33410c3f11d210a401))
* intial revocation service added ([c173bd4](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/c173bd4d9902d798d75683247d13c89dda6861d2))
* release workflow added for revocation-service ([f70b345](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/f70b3451c357dacd9b63e324efd23018723547f5))
* revoke API, revocation support in issue VC API, wallet-commons module for common classes ([ec8bb00](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/ec8bb008746ee901acccc8eaccda3e5793aea775))
* status list VC type set to StatusList2021 ([4429211](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/4429211d8b3bcb999b35a268f4fe588b9b28ef20))
* test coverage verification added at root gradle level and javadoc for miw-commons ([6a7cff2](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/6a7cff2acb846fa9b664b359ec8fc179673df459))
---
 CHANGELOG.md                              | 39 +++++++++++++++++++++++
 charts/managed-identity-wallet/Chart.yaml |  4 +--
 charts/managed-identity-wallet/README.md  |  2 +-
 gradle.properties                         |  2 +-
 miw/DEPENDENCIES                          |  2 +-
 5 files changed, 44 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b83e8bf5..3e7c1598 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,42 @@
+# [1.0.0-develop.5](https://github.com/eclipse-tractusx/managed-identity-wallet/compare/v1.0.0-develop.4...v1.0.0-develop.5) (2024-10-18)
+
+
+### Bug Fixes
+
+* chart workflows ([3d0fbf9](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/3d0fbf9d18be9f3078e9c427a8f3239ae5a67b53))
+* compilation error ([90ef524](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/90ef5241d38e678eff5064c2cd5edb0e6fdc1541))
+* copy path in docker file ([ad65e01](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/ad65e0196d40bea81d600c50170bbf31f988eaf9))
+* dependencies addded at individual project level ([60e3a5c](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/60e3a5ccf7a77a6efc6428650d9f3091e6002707))
+* docker context path ([ce29cb8](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/ce29cb8287293a88745ec2c9bbb5d938564c568a))
+* dockerfile ([234a7a0](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/234a7a05d6839409b1a62a1d15ac3a424cfad20c))
+* dockerfile and dockerfile location ([042292f](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/042292f1d4ebf6018721af1f748f3598ee619aa9))
+* failing test ([a99ca32](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/a99ca32e870a328858913f60c3bae28ca1f315dd))
+* failing test cases ([e91b6a0](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/e91b6a0330b65d09bc24b6c38086d17ee16a761c))
+* file copy path in Dockerfile ([7d76b00](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/7d76b0002615720ed2c0a1f0d45e2ca5bef642be))
+* modefied the value for the replicas ([14a67e1](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/14a67e1b982569ddf6e3becd8176fc346b5ef731))
+* more test added ([e739cdc](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/e739cdc6be1cc8c0c9d3cf2dde8b1b2ef0055b22))
+* random port added for management url ([6b118b2](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/6b118b270ff77f93ee26be8de53706ddba9de277))
+* revocation service dockerfile ([28796db](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/28796dbe1642d1255f4cfd309ce3332055abf39a))
+* sonar issues ([643493d](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/643493df5b862bbc1a86b30360706180d78aa19e))
+* sonar issues ([b1c5417](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/b1c54176cfba899fbcfed32dc1d028cc028e0a68))
+* status list changed to 2021 from bitstring ([546908b](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/546908b5e13ce4a0695fa5ade42a14a1abb88a2b))
+* status list VS as JSON-LD ([65dd812](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/65dd8124787e7897260e720d42b17e61cdb8955c))
+* test cases due to revocation client ([02ccd31](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/02ccd3112bbed9ff14f8f487a5df40eaced79eba))
+* tests ([df62fcc](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/df62fcc2e5c841a4cfd893d99fad22d90d34e792))
+* user added in dockerfile ([44b46ff](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/44b46ff81ae0730946a198fd26de199755f1df77))
+* zap scan errors ([074ab2d](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/074ab2df61f94776d23b45eebc87220fbd61a0ef))
+* zap scan errors ([c162cad](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/c162cada45cd0a885d0546214a18a32a7ac41f02))
+
+
+### Features
+
+* Helm charts for revocation service ([badb46d](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/badb46d7d90232d661665a33410c3f11d210a401))
+* intial revocation service added ([c173bd4](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/c173bd4d9902d798d75683247d13c89dda6861d2))
+* release workflow added for revocation-service ([f70b345](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/f70b3451c357dacd9b63e324efd23018723547f5))
+* revoke API, revocation support in issue VC API, wallet-commons module for common classes ([ec8bb00](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/ec8bb008746ee901acccc8eaccda3e5793aea775))
+* status list VC type set to StatusList2021 ([4429211](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/4429211d8b3bcb999b35a268f4fe588b9b28ef20))
+* test coverage verification added at root gradle level and javadoc for miw-commons ([6a7cff2](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/6a7cff2acb846fa9b664b359ec8fc179673df459))
+
 # [1.0.0-develop.4](https://github.com/eclipse-tractusx/managed-identity-wallet/compare/v1.0.0-develop.3...v1.0.0-develop.4) (2024-08-09)
 
 
diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml
index 9e31ac68..1d52d7f0 100644
--- a/charts/managed-identity-wallet/Chart.yaml
+++ b/charts/managed-identity-wallet/Chart.yaml
@@ -25,8 +25,8 @@ description: |
 
 type: application
 
-version: 1.0.0-develop.4
-appVersion: 1.0.0-develop.4
+version: 1.0.0-develop.5
+appVersion: 1.0.0-develop.5
 
 home: https://github.com/eclipse-tractusx/managed-identity-wallet
 keywords:
diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md
index 9c524424..004c5912 100644
--- a/charts/managed-identity-wallet/README.md
+++ b/charts/managed-identity-wallet/README.md
@@ -2,7 +2,7 @@
 
 # managed-identity-wallet
 
-![Version: 1.0.0-develop.4](https://img.shields.io/badge/Version-1.0.0--develop.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0-develop.4](https://img.shields.io/badge/AppVersion-1.0.0--develop.4-informational?style=flat-square)
+![Version: 1.0.0-develop.5](https://img.shields.io/badge/Version-1.0.0--develop.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0-develop.5](https://img.shields.io/badge/AppVersion-1.0.0--develop.5-informational?style=flat-square)
 
 Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs.
 And at the same it shall support an uninterrupted tracking and tracing and documenting the usage of those DIDs, e.g. within logistical supply chains.
diff --git a/gradle.properties b/gradle.properties
index 4e9e6e54..27dcc51a 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -4,7 +4,7 @@ jacocoVersion=0.8.9
 springBootVersion=3.3.2
 springDependencyVersion=1.1.0
 groupName=org.eclipse.tractusx
-applicationVersion=0.5.0-develop.20
+applicationVersion=1.0.0-develop.5
 openApiVersion=2.5.0
 lombokVersion=1.18.32
 gsonVersion=2.10.1
diff --git a/miw/DEPENDENCIES b/miw/DEPENDENCIES
index 9f92211f..c1d00a95 100644
--- a/miw/DEPENDENCIES
+++ b/miw/DEPENDENCIES
@@ -2,7 +2,7 @@ maven/mavencentral/ch.qos.logback/logback-classic/1.5.6, EPL-1.0 AND LGPL-2.1-on
 maven/mavencentral/ch.qos.logback/logback-core/1.5.6, EPL-1.0 AND LGPL-2.1-only, approved, #15210
 maven/mavencentral/com.apicatalog/titanium-json-ld/1.3.3, Apache-2.0, approved, #8912
 maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.17.2, Apache-2.0, approved, #13672
-maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.17.2, , approved, #13665
+maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.17.2, Apache-2.0 AND MIT, approved, #13665
 maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.17.2, Apache-2.0, approved, #13671
 maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/2.17.2, Apache-2.0, approved, #13666
 maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.17.2, Apache-2.0, approved, #13669

From 37741d87f8f3800f26b5b97bfbca1b5935bf79f5 Mon Sep 17 00:00:00 2001
From: Ronak Thacker <ronak.thacker@smartsensesolutions.com>
Date: Thu, 26 Sep 2024 11:24:29 +0530
Subject: [PATCH 47/48] feat: trufflehog workgflow added

---
 .github/workflows/trufflehog.yml |  60 ++++++++++++++
 .github/workflows/verify.yml     | 129 +++++++++++++++++++++++++++++++
 2 files changed, 189 insertions(+)
 create mode 100644 .github/workflows/trufflehog.yml
 create mode 100644 .github/workflows/verify.yml

diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml
new file mode 100644
index 00000000..72e41a6b
--- /dev/null
+++ b/.github/workflows/trufflehog.yml
@@ -0,0 +1,60 @@
+#
+# Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+name: "TruffleHog"
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: ["main"]
+  schedule:
+    - cron: "0 0 * * *" # Once a day
+  workflow_dispatch:
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+  id-token: write
+  issues: write
+
+jobs:
+  ScanSecrets:
+    name: Scan secrets
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Ensure full clone for pull request workflows
+
+      - name: TruffleHog OSS
+        id: trufflehog
+        uses: trufflesecurity/trufflehog@8a8ef8526527dd5f5d731d8e74843c121777b82d #v3.80.2
+        continue-on-error: true
+        with:
+          path: ./  # Scan the entire repository
+          base: "${{ github.event.repository.default_branch }}"  # Set base branch for comparison (pull requests)
+          extra_args: --filter-entropy=4 --results=verified,unknown --debug
+
+      - name: Scan Results Status
+        if: steps.trufflehog.outcome == 'failure'
+        run: exit 1  # Set workflow run to failure if TruffleHog finds secrets
diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml
new file mode 100644
index 00000000..3e0f0d75
--- /dev/null
+++ b/.github/workflows/verify.yml
@@ -0,0 +1,129 @@
+#
+#  Copyright (c) 2024 Contributors to the Eclipse Foundation
+#
+#  See the NOTICE file(s) distributed with this work for additional
+#  information regarding copyright ownership.
+#
+#  This program and the accompanying materials are made available under the
+#  terms of the Apache License, Version 2.0 which is available at
+#  https://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#
+
+---
+name: "Verify"
+
+on:
+  workflow_dispatch:
+  pull_request:
+    types: [ opened, synchronize, reopened ]
+    branches: [ main ]
+    paths:
+      - 'src/**'
+      - ".github/**"
+      - 'gradle.properties'
+      - 'build.gradle'
+      - 'settings.gradle'
+  push:
+    branches: [ main ]
+    paths:
+      - 'src/**'
+      - ".github/**"
+      - 'gradle.properties'
+      - 'build.gradle'
+      - 'settings.gradle'
+
+jobs:
+  verify-license-headers:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3.5.2
+      - name: "Check for files without a license header"
+        run: |-
+          # checks all java, yaml, kts and sql files for an Apache 2.0 license header
+          cmd="grep -riL \"SPDX-License-Identifier: Apache-2.0\" --include=\*.{java,yaml,yml,kts,sql} --exclude-dir={.gradle,\*\openapi} ."
+          violations=$(eval $cmd | wc -l)
+          if [[ $violations -ne 0 ]] ; then
+            echo "$violations files without license headers were found:";
+            eval $cmd;
+            exit 1;
+          fi
+  Review-Allowed-Licenses:
+    runs-on: ubuntu-latest
+    continue-on-error: false
+    if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
+    steps:
+      - uses: actions/checkout@v4
+      - name: 'Check Allowed Licenses'
+        uses: actions/dependency-review-action@v4
+        with:
+          fail-on-severity: critical
+          # Representation of this list: https://www.eclipse.org/legal/licenses.php#
+          # Expressed with the help of the following IDs: https://spdx.org/licenses/
+          allow-licenses: >-
+            Adobe-Glyph, Apache-1.0, Apache-1.1, Apache-2.0, Artistic-2.0, BSD-2-Clause, BSD-3-Clause,
+            BSD-4-Clause, 0BSD, BSL-1.0, CDDL-1.0, CDDL-1.1, CPL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-2.5,
+            CC-BY-SA-3.0, CC-BY-SA-4.0, CC0-1.0, EPL-1.0, EPL-2.0, FTL, GFDL-1.3-only, IPL-1.0, ISC,
+            MIT, MIT-0, MPL-1.1, MPL-2.0, NTP, OpenSSL, PHP-3.01, PostgreSQL, OFL-1.1, Unlicense,
+            Unicode-DFS-2015, Unicode-DFS-2016, Unicode-TOU, UPL-1.0, W3C-20150513, W3C-19980720, W3C,
+            WTFPL, X11, Zlib, ZPL-2.1, AGPL-3.0
+
+  Dash-Verify-Licenses:
+    runs-on: ubuntu-latest
+    if: github.event_name != 'schedule' && github.event_name != 'workflow_dispatch'
+    steps:
+      - uses: actions/checkout@v4
+      - uses: eclipse-edc/.github/.github/actions/setup-build@main
+      - name: Download latest Eclipse Dash
+        run: |
+          curl -L https://repo.eclipse.org/service/local/artifact/maven/redirect\?r\=dash-licenses\&g\=org.eclipse.dash\&a\=org.eclipse.dash.licenses\&v\=LATEST --output dash.jar
+      - name: Regenerate DEPENDENCIES
+        run: |
+          # dash returns a nonzero exit code if there are libs that need review. the "|| true" avoids that
+          ./gradlew dependencies | grep -Poh "(?<=\s)[\w.-]+:[\w.-]+:[^:\s\[\]]+" | sort | uniq | java -jar dash.jar - -summary DEPENDENCIES-gen || true
+
+          # error if DEPENDENCIES is empty
+          grep -E 'maven' DEPENDENCIES-gen | if test $(wc -l) -lt 1; then
+            echo "::error file=DEPENDENCIES-gen,title=Dependencies file is corrupted, please run the workflow again"
+            exit 1
+          fi
+
+          # log warning if restricted deps are found
+          grep -E 'restricted' DEPENDENCIES-gen | if test $(wc -l) -gt 0; then
+            echo "::warning file=DEPENDENCIES,title=Restricted Dependencies found::Some dependencies are marked 'restricted' - please review them"
+          fi
+
+          # log error and fail job if rejected deps are found
+          grep -E 'rejected' DEPENDENCIES-gen | if test $(wc -l) -gt 0; then
+            echo "::error file=DEPENDENCIES,title=Rejected Dependencies found::Some dependencies are marked 'rejected', they cannot be used"
+            exit 1
+          fi
+
+      - name: Check for differences
+        run: |
+          if diff DEPENDENCIES DEPENDENCIES-gen ; then
+            echo "DEPENDENCIES up-do-date"
+          else
+            diff DEPENDENCIES DEPENDENCIES-gen || true
+            echo "------------------------------------------------------------"
+            echo "=== Please copy the following content back to DEPENDENCIES ==="
+            cat DEPENDENCIES-gen
+            echo "=== end of content ==="
+            echo "::error file=DEPENDENCIES,title=Dependencies outdated::The DEPENDENCIES file was outdated and must be regenerated. Check the output of this job for more information"
+            exit 1
+          fi
+  unit-tests:
+    runs-on: ubuntu-latest
+    needs: [ Review-Allowed-Licenses, Dash-Verify-Licenses ]
+    steps:
+      - uses: actions/checkout@v3.5.2
+      - uses: ./.github/actions/setup-java
+      - name: Run Unit tests
+        run: ./gradlew test

From bb9298639c5c0d3e50de748063ab618845241538 Mon Sep 17 00:00:00 2001
From: Ronak Thacker <ronak.thacker@smartsensesolutions.com>
Date: Thu, 26 Sep 2024 12:17:47 +0530
Subject: [PATCH 48/48] refactor: removed verify workflow

---
 .github/workflows/verify.yml | 129 -----------------------------------
 1 file changed, 129 deletions(-)
 delete mode 100644 .github/workflows/verify.yml

diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml
deleted file mode 100644
index 3e0f0d75..00000000
--- a/.github/workflows/verify.yml
+++ /dev/null
@@ -1,129 +0,0 @@
-#
-#  Copyright (c) 2024 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
-
----
-name: "Verify"
-
-on:
-  workflow_dispatch:
-  pull_request:
-    types: [ opened, synchronize, reopened ]
-    branches: [ main ]
-    paths:
-      - 'src/**'
-      - ".github/**"
-      - 'gradle.properties'
-      - 'build.gradle'
-      - 'settings.gradle'
-  push:
-    branches: [ main ]
-    paths:
-      - 'src/**'
-      - ".github/**"
-      - 'gradle.properties'
-      - 'build.gradle'
-      - 'settings.gradle'
-
-jobs:
-  verify-license-headers:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3.5.2
-      - name: "Check for files without a license header"
-        run: |-
-          # checks all java, yaml, kts and sql files for an Apache 2.0 license header
-          cmd="grep -riL \"SPDX-License-Identifier: Apache-2.0\" --include=\*.{java,yaml,yml,kts,sql} --exclude-dir={.gradle,\*\openapi} ."
-          violations=$(eval $cmd | wc -l)
-          if [[ $violations -ne 0 ]] ; then
-            echo "$violations files without license headers were found:";
-            eval $cmd;
-            exit 1;
-          fi
-  Review-Allowed-Licenses:
-    runs-on: ubuntu-latest
-    continue-on-error: false
-    if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
-    steps:
-      - uses: actions/checkout@v4
-      - name: 'Check Allowed Licenses'
-        uses: actions/dependency-review-action@v4
-        with:
-          fail-on-severity: critical
-          # Representation of this list: https://www.eclipse.org/legal/licenses.php#
-          # Expressed with the help of the following IDs: https://spdx.org/licenses/
-          allow-licenses: >-
-            Adobe-Glyph, Apache-1.0, Apache-1.1, Apache-2.0, Artistic-2.0, BSD-2-Clause, BSD-3-Clause,
-            BSD-4-Clause, 0BSD, BSL-1.0, CDDL-1.0, CDDL-1.1, CPL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-2.5,
-            CC-BY-SA-3.0, CC-BY-SA-4.0, CC0-1.0, EPL-1.0, EPL-2.0, FTL, GFDL-1.3-only, IPL-1.0, ISC,
-            MIT, MIT-0, MPL-1.1, MPL-2.0, NTP, OpenSSL, PHP-3.01, PostgreSQL, OFL-1.1, Unlicense,
-            Unicode-DFS-2015, Unicode-DFS-2016, Unicode-TOU, UPL-1.0, W3C-20150513, W3C-19980720, W3C,
-            WTFPL, X11, Zlib, ZPL-2.1, AGPL-3.0
-
-  Dash-Verify-Licenses:
-    runs-on: ubuntu-latest
-    if: github.event_name != 'schedule' && github.event_name != 'workflow_dispatch'
-    steps:
-      - uses: actions/checkout@v4
-      - uses: eclipse-edc/.github/.github/actions/setup-build@main
-      - name: Download latest Eclipse Dash
-        run: |
-          curl -L https://repo.eclipse.org/service/local/artifact/maven/redirect\?r\=dash-licenses\&g\=org.eclipse.dash\&a\=org.eclipse.dash.licenses\&v\=LATEST --output dash.jar
-      - name: Regenerate DEPENDENCIES
-        run: |
-          # dash returns a nonzero exit code if there are libs that need review. the "|| true" avoids that
-          ./gradlew dependencies | grep -Poh "(?<=\s)[\w.-]+:[\w.-]+:[^:\s\[\]]+" | sort | uniq | java -jar dash.jar - -summary DEPENDENCIES-gen || true
-
-          # error if DEPENDENCIES is empty
-          grep -E 'maven' DEPENDENCIES-gen | if test $(wc -l) -lt 1; then
-            echo "::error file=DEPENDENCIES-gen,title=Dependencies file is corrupted, please run the workflow again"
-            exit 1
-          fi
-
-          # log warning if restricted deps are found
-          grep -E 'restricted' DEPENDENCIES-gen | if test $(wc -l) -gt 0; then
-            echo "::warning file=DEPENDENCIES,title=Restricted Dependencies found::Some dependencies are marked 'restricted' - please review them"
-          fi
-
-          # log error and fail job if rejected deps are found
-          grep -E 'rejected' DEPENDENCIES-gen | if test $(wc -l) -gt 0; then
-            echo "::error file=DEPENDENCIES,title=Rejected Dependencies found::Some dependencies are marked 'rejected', they cannot be used"
-            exit 1
-          fi
-
-      - name: Check for differences
-        run: |
-          if diff DEPENDENCIES DEPENDENCIES-gen ; then
-            echo "DEPENDENCIES up-do-date"
-          else
-            diff DEPENDENCIES DEPENDENCIES-gen || true
-            echo "------------------------------------------------------------"
-            echo "=== Please copy the following content back to DEPENDENCIES ==="
-            cat DEPENDENCIES-gen
-            echo "=== end of content ==="
-            echo "::error file=DEPENDENCIES,title=Dependencies outdated::The DEPENDENCIES file was outdated and must be regenerated. Check the output of this job for more information"
-            exit 1
-          fi
-  unit-tests:
-    runs-on: ubuntu-latest
-    needs: [ Review-Allowed-Licenses, Dash-Verify-Licenses ]
-    steps:
-      - uses: actions/checkout@v3.5.2
-      - uses: ./.github/actions/setup-java
-      - name: Run Unit tests
-        run: ./gradlew test