From b7d0d3fd2cd9e68efc975a71a23a25a5bed9624c Mon Sep 17 00:00:00 2001
From: John Downs <john@johndowns.co.nz>
Date: Fri, 25 Nov 2022 19:28:32 +1300
Subject: [PATCH 1/3] Add quickstart

---
 .../front-door.tf                             |  73 ++++
 .../images/diagram.png                        | Bin 0 -> 52692 bytes
 .../outputs.tf                                |   3 +
 .../providers.tf                              |  20 ++
 .../readme.md                                 | 330 ++++++++++++++++++
 .../resource-group.tf                         |  12 +
 .../storage-account.tf                        |  24 ++
 .../variables.tf                              |  29 ++
 8 files changed, 491 insertions(+)
 create mode 100644 quickstart/101-front-door-premium-storage-blobs-private-link/front-door.tf
 create mode 100644 quickstart/101-front-door-premium-storage-blobs-private-link/images/diagram.png
 create mode 100644 quickstart/101-front-door-premium-storage-blobs-private-link/outputs.tf
 create mode 100644 quickstart/101-front-door-premium-storage-blobs-private-link/providers.tf
 create mode 100644 quickstart/101-front-door-premium-storage-blobs-private-link/readme.md
 create mode 100644 quickstart/101-front-door-premium-storage-blobs-private-link/resource-group.tf
 create mode 100644 quickstart/101-front-door-premium-storage-blobs-private-link/storage-account.tf
 create mode 100644 quickstart/101-front-door-premium-storage-blobs-private-link/variables.tf

diff --git a/quickstart/101-front-door-premium-storage-blobs-private-link/front-door.tf b/quickstart/101-front-door-premium-storage-blobs-private-link/front-door.tf
new file mode 100644
index 00000000..1b475946
--- /dev/null
+++ b/quickstart/101-front-door-premium-storage-blobs-private-link/front-door.tf
@@ -0,0 +1,73 @@
+locals {
+  front_door_profile_name      = "MyFrontDoor"
+  front_door_sku_name          = "Premium_AzureFrontDoor" // Must be premium for Private Link support.
+  front_door_endpoint_name     = "afd-${lower(random_id.front_door_endpoint_name.hex)}"
+  front_door_origin_group_name = "MyOriginGroup"
+  front_door_origin_name       = "MyBlobContainerOrigin"
+  front_door_route_name        = "MyRoute"
+  front_door_origin_path       = "/${var.storage_account_blob_container_name}" // The path to the blob container.
+}
+
+resource "azurerm_cdn_frontdoor_profile" "my_front_door" {
+  name                = local.front_door_profile_name
+  resource_group_name = azurerm_resource_group.my_resource_group.name
+  sku_name            = local.front_door_sku_name
+}
+
+resource "azurerm_cdn_frontdoor_endpoint" "my_endpoint" {
+  name                     = local.front_door_endpoint_name
+  cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.my_front_door.id
+}
+
+resource "azurerm_cdn_frontdoor_origin_group" "my_origin_group" {
+  name                     = local.front_door_origin_group_name
+  cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.my_front_door.id
+  session_affinity_enabled = true
+
+  load_balancing {
+    sample_size                 = 4
+    successful_samples_required = 3
+  }
+
+  health_probe {
+    path                = "/"
+    request_type        = "HEAD"
+    protocol            = "Https"
+    interval_in_seconds = 100
+  }
+}
+
+resource "azurerm_cdn_frontdoor_origin" "my_blob_container_origin" {
+  name                          = local.front_door_origin_name
+  cdn_frontdoor_origin_group_id = azurerm_cdn_frontdoor_origin_group.my_origin_group.id
+
+  enabled                        = true
+  host_name                      = azurerm_storage_account.my_storage_account.primary_blob_host
+  http_port                      = 80
+  https_port                     = 443
+  origin_host_header             = azurerm_storage_account.my_storage_account.primary_blob_host
+  priority                       = 1
+  weight                         = 1000
+  certificate_name_check_enabled = true
+
+  private_link {
+    private_link_target_id = azurerm_storage_account.my_storage_account.id
+    target_type            = "blob"
+    request_message        = "Request access for Azure Front Door Private Link origin"
+    location               = var.front_door_private_link_location
+  }
+}
+
+resource "azurerm_cdn_frontdoor_route" "my_route" {
+  name                          = local.front_door_route_name
+  cdn_frontdoor_endpoint_id     = azurerm_cdn_frontdoor_endpoint.my_endpoint.id
+  cdn_frontdoor_origin_group_id = azurerm_cdn_frontdoor_origin_group.my_origin_group.id
+  cdn_frontdoor_origin_ids      = [azurerm_cdn_frontdoor_origin.my_blob_container_origin.id]
+
+  supported_protocols       = ["Http", "Https"]
+  patterns_to_match         = ["/*"]
+  forwarding_protocol       = "HttpsOnly"
+  link_to_default_domain    = true
+  https_redirect_enabled    = true
+  cdn_frontdoor_origin_path = local.front_door_origin_path
+}
diff --git a/quickstart/101-front-door-premium-storage-blobs-private-link/images/diagram.png b/quickstart/101-front-door-premium-storage-blobs-private-link/images/diagram.png
new file mode 100644
index 0000000000000000000000000000000000000000..79c505e44cccd8a36225284cde1292fdeb6a9655
GIT binary patch
literal 52692
zcmeFZWmsIxwl0jjI|O%vyE_DTcPBVB?(R--w;%z61$Wor?!kfw4K80pvi4c~KHvR&
ze;t_6)syN`qefK?eJ2r$@)C$}cyJ&fAc#_uV#**O;KU#xpzttIz&j+tTXnz}h>yZ@
z!XO|uaqy2ukihrECX&i>ARwNUARzw1ARza^TmJhXATCTGAcuw^AUtUxAlMFBElPaA
zKLnd;N}0>afxHK{VL%{3(Llg~El}V$2q+%ND>YyXL>lznf7;5R)PMVcfq;Zrf<XN3
zqYZq0{gMR!yng1-D|jC0|4_^W`=>WJaUS?TZBY2vj}5sIkpf>}9VE4!KtSNpUw=SB
zGO}=h)U+&BHJvr(WO+>NZ5fPA?TyVC+-)6RKLx_)&I4@PnmHR0yW85>Iq|sjlfL!f
z0k&UnGm;X&b#b=lC)JcwBo?)IG$ZC<U}9h*6@ViqCgyWAHRn+l`|$VUz<2zl7S7HN
zJdBKPZf*>2tPJ*!9~qgsxw#pcSQuGY=z%@xojmNEjoj(&oXGwV`G<~}nUjg5rGvAj
zy&dr@T_a<A7iWG_($|6h^Yw>MXG`<{8OhG+@3epuWPJS#BQpaN<9}!aKg#!dmq)?T
z(hNBAD}4cGzPFzLb?@&ue2lMy|BIPFGkv=YoT>mEALD<-CIE-4zX=TjA_O8OCamfX
zdYldIucwy%(pe>!`~9<qvSj{^zG|62bwPCt+@V2#X!Uz6XBW(s%BJ!Py_!l)4Rut-
zYEtn?>TC!Y5?GS<kN4#-r#Gu^RE)i{l0!Sptamv(9bTu+C2JGyPQUKfH@NpGrJbu;
zLD8B1eFeNnkyIx^{%8b7Y4~4PfInooJ;eXfxeT=$<O`nFN7Mi6N@)nX<<$it`|m5y
z3W83kEOZ$+-5)mXUzeu;E#ZGL0E%9U2MQlwmhbxE|KI?NxC8pXXm&xAedq%FY*m__
z@Lx33fUKVWds4u5!2gBScn+|?bHb4YD?;mfS!oKszD1v3!9S0EBifY%9K%$hbxXkD
zwc{cp1UV0ynM?j}C)k*gv(|hr`RTWr8p5DUChdnh-08Bt5ey)a&8v#vA4xg83I&_D
zp&`yx$kU`NpiC6flS7;NK*iil5n`&9eHFtStS}?~XBlwBz#9A!NM)(aUghb97N9A#
zPe1>u-edI}d0eMpc5m4=*fN|H209G}E_F6FNxzwMaWJ>Z443%_sIW0fBWKa~KO$$A
z5*P1u<$%IBRG>73AIkCm?eptZlxKXflFmc%H64ZF8~mU8W8j@EP8kXWv>*@(G4OR-
zO)Z7Od-m=U=_w}Fq_^_UE!!^q*<zPlDTC`_JaVvmre0-lh=W!Qf*XoGCeHCH)O;bs
z%|rYSA2%fAs$mn|Vw6boC<$`8rg=k@UlRJTVlxaQcwo+0D*Mvp08sIv=CHW}fkcGO
zEdaUb=A$muA3?2&0tI~I;8OO=BoirYUrMAz%HCN~=g;a6`mkbEP{_lWf;x#~Q_xM<
zBEksd1AiWagWF{=$RPoC_n8`YERuHrwzvICmg(OK&Qe=dH8K9WCQva#bOKmaqubVQ
zyVd#para_`OQh674Q0s7e1T{2*vJ54&j{<g4|+AG6iRM%^xMiFx)Z;2I$JuSJwm@h
znocsLqO-hClSBr{;gCKa_V-t^p-2Im-ZnqE;&LC`p(kv{3z4{E58`)&z=BM8$wlhE
zR%=@upwl~YQpZv2I_o|!PXJOX)Qc}oV#%7Vl@z#)JXijlfoMZ8EMl_Tt^3(G$xgzQ
zc4Dj<V4DMuSRvUcNY6>k@+&p^m6>58iCJ(M(8w<08XA8|^q7?U1*Ra&&&kBS+uN&&
zWwl5Siw%B!G<iFMOcyYk{?TpLhpcam3zHFB2V)(?&FNg+uJw@OQFE9!Q!BFVEDgS|
zb?q|_3KTsId}-9?GoB(jf~Ke7t2B|;=pmmdg7R2xEcW-p+7nq?!?d1c$p0$`iB~!3
zp<xfb%0b^93=P^54NRLH<JUH)0HI#0c&Kr{A{Jr7ZG2jIi!P)L^qhq0d3XqPKg`TB
z9>;RZS$I!CU~#Z)jelqLJ9UXT5okp8`Df<0ql%*i@kr8>;KJ|2@wyMHM<K`sjN$vH
ze|vm4$mtKP7w4;v3>ug5*s%bm0l?{5=#A5N!?d68e>wSa3)(}i2xgQhcwb^WjG(2?
z7ErYwYIcj5Ag-hA?r4h?CR-k}MdP3S=RAj#8iKMEFq9|^yiOuV5Y!T?{)R#zXFYx!
z8mjd?Q=FU5im@QXm;UjShsatL4wG;VaRSMxgmOaN*CrnIbq(X=FPKGI>g0#nn5~h9
z_@U#cK}=^*NR9@5r;!k#Xwcq-N2D{KsHcrT{#lYb;F2JGJ=&ap)q7p=B0~2<wk`)j
zE4ljv3%?F}$lhJ1<uDj=#Gv9eqPFNI&xI7v$9xXiA{V(SEB#UHJR}jTj`}>nYIH8S
z7-uZjSsO~8ZY~*Q>AH8Rxt4-(5OTKb7_#HKMU@`yi9>526`u{Vm-i|{MM&WOQu9Bi
zd)r>r=rGEGk-{cyzLyT1&nH!DI2zxL)a4Su`_T8Np?OEPgt6i!^@kMXxB0f{BO`vG
z--Q_vCgLPahG+MbKBz_fMAMSJ*u|g_RmMPi*Q&C=nTmKclMo%zuY~{7JkQV1-}I~H
z$l+>A!eqWeOBe)^T*Q<nK~k#d%Cc|m6pBo+$OtHo>OGWjgVN~FtPLQzQW`UR#;+2Z
z2ojq84(%)0`R>J20=u|c6a!7%8Jm<FRSNn!<twbwj>KYYU&xL)ISV;uBnHW_q@7|#
zABifR+#D@Q-Xw_}4LlE|3MYdV0UJ|@Uj;<R!vY#oX2yVTqBT=7Ga57;Ap#T0{5L;i
zYl(ctuA9ympX2tMbzy%#-p?(eHCY(Ef)7g*iaI(`mlJ}5FsLD4F=zo9PenESogL>}
zkG^L?M23&I=kEQq`Zan+vj)q646+*L>5aSP37|UMc~yta3-ce%-)15ugeJ7LIfco8
zyS0{$Gn!t?H8{r+^nIJjYz}2Qx>Z74bfnNGDONXtR4nFpU!4CdsVcTK8J#MsaF>Ii
zb9=!@Hr^EDvU7u-Mj`2@`)9EERpcygk{CaMQY@+yjkp%J5X4@4g<vsDaweyrvZgHQ
z@x^#AwGKlp1&(vGvk>PAW9Buc!)V9#3;M$Gr2#}bB0RjjN(Kf*J)?s1jjgTk4xD-D
zYKZp_58)mFzBQe}@fV6bXo!*Jk9hCiiTVOENY3|eBW70XEYW>$dx;7vD=Rr;_QDT)
zfy>kzFQgiV#r$y`Kg;+2p!W=+!N3$g{^asp=~a#6)Ie+vczZR3=L&XJWj10mbAQ#U
zM3cP83kF>|%Fj%a#YosKj4s62YKR>wKn+R8C39}vI(LjW+=LM+(%@r?j{WwcX0J<G
z-gcFZ;xdVsYOIyEXJQS{b#%k+ZSFy6FIWS+ovGY@V0YS6x=EzN!q9%DjPHB9nLqVB
zL>6cG@^mx!ZsYdD<K2YcfS%i0h}me0u<@o#l@|er-D-H8&#?*Dadq$6SugVTHqi?g
zrEHr2C}StS$w0KQiVC{^^F^x3)&7+Gk<Lb>M(6#U@Zuw|TNn3U7CIi>h{nUl-ME{G
zzOAh-$uoW9D%yokr>_qR<zBWMAs!wcSX5KR3UA46TCi-6iP<smynUbqZD*U33H3T{
z=X9pxKkq~Djf%b%?~~-RhL2Bh!1O_SQ*!VSgu3%V?^3atNRlN|Oc==_dT<bnX;4w|
zp*<~BE{K=6pujQrm3}E=rgMo<_p9)r;YE(&><%5uVhX6@co&-7pAgIty3H83aL0h>
zOLAui{phSGj*{cIy`B7mMsg6JGtx{ZUm!}l6-iqu<mJU%ESnx!7|R3qF~@@vi%t`T
zj`%Q;LT12g{gSZl)aSG}L4q)1<LQ^%?R;YgCd6=02t43om}-0N)YomuajnIr>3Z23
z@T+-m>*cBQB`i^%hsOD4xz-Gx!+t$_l%W-2!N8ASTU+~VSiu*KbHkf;T;Rcm?`l$%
z>xVyhU^psSGXW|QAZ>nL-Fsh@2=4sVYBANqmipd5?g<hd&Lp@N15M&d<h}Qs&Vq(5
z1>KN38qCGMHk8po&X^Imirkmk<tYZ;T8Z6KG~u4c<-xKcuo87D4PTx%a%iT*;Va#C
z?4ItfkCn>Y&m`jMQ#9Iq-#4f2i$+@85lj$L@-bz`eoW5nJccR?X9J{dF9~b5m~^R-
zYhu^2Sr=zJ-=Wsf;xPmwI4gEoo3znlij?p9cDwt1jr;l554Slrjm_*+Z>kS5c#!QO
z70xpy3a2M{Bmu0p%WRVVd}m$Y-52@4lt&~|&?6GQjq}i+g<qD-T7PW#?K%teNPyZx
zvHi=hJOToO{8+q*k5-^8XjNqs!*6ydNXTOQ+wTrX8A3lDH6dC#bpDKwsc@oWI!KVP
z;Jp+O#?1Kx0_>oAY$tYEP+_*gG@calA}|NgzsN@r&H9zXND$dHmLn#|A^~Ya;mXf6
zN<J1U1%(=S)L?qhPqBtK)r{i`Kh7-mxNHUAqf+2+g%YnkMZ7zynIl1}sKKpq5nij#
z$jm&SRZ$2D>wKJ(lPM5i%ejYx4vCwYYjLy*!$VRKxHGLTJ8s<Y<=T#BC8gX#3y6%W
zp0P$2*|0Q?1uBS0A>FFzolY0{cq12?mg?6X&eQ~vv)L$Mw~^NC3+vh$IV(J?XwK2?
zDO@wjizTL&+AF3U04GFBd`lB3_JP~G0?E0p?W-XguGIUCJmH?2eTUU<+C_GECX0AS
zUG_yxg`gFkNZ7}%O$L1SawK|}?#cp$oLx3WKD&MEl=8)41$(S*6FeDI!5wxSJv~Cx
z14RugZUPPM+N8eCtvYh`E$1C7eYkRGwv-*<L}P+NoiWtGH@5?RB?G*`J$qjl;u-`D
zd|}<IYxn`<j}J{%UBenMR=Sz#J?7p2OT*@B@0LSwltQ6jaT34T+2+N`!82k5ata!j
zy_oF&IjmtfHC2e3aT*blQdJQzy2_+|&_gyCGohwvLE%A{O|B}I#*hB|Sd%2%QQ+$r
zG&}9&LDA6`HM$hCiiSI-CH1e`bG(WV^E&p3K)WGCt5Jy{BJ@C&<sgDHntx7MYxuZ@
z-PuKvs*5&YV}WuP!?})AV2Lla+hxCdzGxEnTU!WYKY}X9-+Y2+CtmcdHnkmr==m%x
z2y)jc_W>WnKz{3IhIM6k?(<cNp&D$?oAVXG9}Oa?xnl6UJxuBBAmi0bA(Rw~c|Lu1
zfnNu>amI>aw^({8a?;cv{5H)ajG#j`R<YY3RgmX^8;iuG!=9$TO8qS=AD3K>yOo3<
z5ePwojuwTk+%ppOLP{$sN%|SP#fsVUF->{t@b<FN25y792GpJ(;LLs2K<i=<4=EBT
z!a7``*UI7ib-E#Iz|7+Mi#t@=T)9SA_W|q2aRe-c6YHPvwOEVgv+;^A)$k4@i)dVS
z$v<$|ETRm!QD<GKw$x@>WEh+<8g%f%5bUygT<jRqCv;AyDyB1=d>A4l-zR#tQPk*)
z{3KCFJ~wM&jK1elP4|c8UPt8##@sI0bQ^CWQgs+=JcFT*fF@2$&_R9|0K3*yQOp6B
zBd!)~Q}fjJD*_+kmbIaz_#&|+Ip6-5fMcFwzJkf!6KXi*ns+JF$oZmq)f7a{D2%~o
zo=Vj}7|W%UgH+Hg>6Ws@K30Z@%3e+NQdgnS@ih&`61+P((;#{-citX|Ia-_R^`8DL
z)&79Si%unvAX7!fd0$L2l^?KIqhdm`u7S6#p;6Hx|BOcF`erw%(5pd~6015U)___i
zjy!LmW%&hH8=W#{%fuh?UinLAEir0~)&W<TIrM0dSOnfI-Zzp2)U8OoRxt`3!FxN2
zq`c{*WRU?xm)uCb{eE$Uh(ziTi2hhp$+{}88g`0w$xstnE=`0aX%rIeOM@Jv!6Z0$
zPZ^{W{sa&s7M`XUmGo`SkmMD(*^Q1zO#P_XLAyLQ=eADgEw-&~pP4ULaWk>K?zXQ!
zkrx~=n&;n@e&BmOPI*LN^mw`1qofL$dBW>TIvuO+WveK0D>qgSqoinb<k7`TRU_B2
zllAYXK_1PxU{eaj;CjW+3qSbaxJyo~<5rK*P-jigxyPa85N?`;U%@lDk2r#TPWP3_
zQO|552Bby0m~D4B>Il2Kc6M?--SKO*M3OCV>h2u<iQb)nzW6cs!tzI}H-C+k=?g^&
zZq`&oA+1!oL=LHtYovgIaH^TVu?U_&Ek|B5f*-kJPeZI&fjIc+E~fW;&K<_1Kry6{
zpgPg&P^M@er4Z)>Z1dGEZMe|hEiZaTX{B=(wy+8s^J)zzsF->Zr;vufq5TI4KKOa2
z7EOk-*DwSDFTiod=ROT#JWD&O|6UPVFIJjZVkWRIL@WS8nD3oh-2~_&K4(Ey(jcp`
zC5}`YsEl>!Lcy(3DBXuoYNAFxHk!KD9Q2-2kr0AK6xLGqO^!V0Hd=V`G}d9$h>^kb
zah7rvZ1elAhZrpLBmqHwZ}zka1?a6ZXpHQ#y+*ad<S30x5(^~`(-jDFLV<djq}|<W
z<mBXVP3Xbkjh7f;!p{5dD9F1$gozFbKNNMfILQe~K~e8y_$;LLVPT=*&)MfHr;)bE
z@Jl-4xi--v(kxn82#OF7W4X6k^LcTCmjA@L2&}+3r1v<mx#`U!XaXI@hp3<ITf1In
zXYK+KJT5L<othAm4p+V}LAWwF76}&dIFs62q8n#0JwYpIm^|;JJ|yTB8~b@mfPFYm
zMnbkA5R+R{Sh<)f@D|nA9W{vEkn2+dW<i{*EO=Ib9K4-%rT`;xV6dvG$ACTms@9?6
zgjQWF-+%1!d`Q5DQU0OPLjz|VC9xVJtq%JHza?rMBtwT_3ag}1W=NA?0AqwB;9PF3
zM8Oi69ONs_2!jlZY6qPz@?xm9>5GD|3mp|UJ;#AQPl`Gt_H9gCKIr#P@FS)my}_L=
zCm7y;B3dk9$}6<r%#q~Hkldhzdog7<_@N8<=z?QikolPe=Eb9g2Z#2F>>KxY)pSiV
z-^sWSF~Z3hDPbWP<(84)!vl?$1?FZ4L<mGgthLT&&<{mzReCh0nx^3zzOhxE#q6#x
zGuCH^qB>v*Q1yQ|TIkzGYqMaeecNbQpfQk2q8$R+eXaT|P_#VKw*wo?)%K!<M+X~H
zF7bx`7$pZq`Y<MJrY@7Z8nw|DwBCb3E6FpXhqONrQ;Mnz!yFLswnFOB;9l-}5y!$X
z;m|ll1$Zj2;ABmV-$#@<c^k~9^&~SA1VxP9+esx6nk@eRF8d;cu@O@W__UzUyk_)Q
znoZV5Tj7i&ngdeLG^3P5G8r|L9g#bUa$@ox0nQ@D5e67I!lY!eWf2B6MB#QZ8s?^+
zVGJT<!v!~iIs?%cywEZe{}P`4Zs9$*Hc!6TG=2MXVf;7c$dm;OjJNm7_i8g=Eg3QD
zJ|+nw&Et_4y2IHHp7+)Dm}V2Hgt(#*B6OJSwg${^k{(H2CX>jJTlj-dgpc9e{Q(U-
z1uoT*4#b{SoKK?qO2p6ag<X2KG6o%^=eyVH@nDp9oHgov+jirj+FoXv7yXpk&e}L%
z*4h4Kp(vTMUL*dJ^4;1uTWUv+5*2^%4EEx@V}Z|E0^6Cn5xRm^w;4uT>t2>U;_pe0
zu&mfg%YA?V7fnpOb#hUOl&U7RNC*A10c<FFCY*EkYqS3mI#*>fd}qA-&+bBp$Kwxd
z=C{ovgtfOQbi8lj*ZS*TyZP;O@V3_!Vf*G`Eh8<z;<o+1Wo|l4o4W1Fu&Y>46Bigv
zujCTq69z?FqANJwK7o^}k!$`;Z@gf?SX*2ARjQzwIcS(3SJqbQMj9h3E-h!_?a)5H
z%Jjv0pY=6Y8z4-9A_n2NWv5bq?B+7Lb6<^M^?^5DlNx-~cyth{%Ms;`CCXQphC>{g
z-xU8c#QS$oXkZDLh0`fDywVsu3f11!FC#3+v8!3dZ<!gP-@rjsbDN#sw3Cqpad?2@
zp(HUvE4o9#D+yrc4FPn_)#6WD1?XJ<bE%OSf+}NvAMbnZ^FNmmaC~o~e<z!PZPgfm
zNXa=xUb0sf|8>EmY=HlV;Gc#X8IUad?D$)<>wn00f%V-0H`c!|p*i4!t0LCFCEfl-
zwi@J|{~sp*5?5q@P0EO#ME{H6E6+eyk^hV4|FZhOQvKh(`v2@$EdszI#Eb{QkqhI2
z&dR=VbLqde0a>;X4Ntc+Y`-p6J6iAqS-+NlbQ0~s<-ZgNI!*(Gv{^ucY;g}ah6?WI
zL3yzbI$^Zo(j~&McMVh{fmH5jWD@d-d$gNxhUp*uahwk^i?2YOIbpK>b8KJ#8-lG2
zR-Ww`Ty$nVvK8foNN*Dj&f0WfU2u5DX>XHP3gi%>XXZoQABFfwi2w@{z+lN}CeTai
z;Rj-=truMSqx9!bxI6ItLv!CnZuUKf2%e>*Gu@a5VsS?UB?`>;v$|tb`@l>GwYWe3
zmnuWx2`Gxn6}v{>=t=9}DA_LsS4LM9!z=nF5ii+5ti=jTT_KKCui3dFj^lFij>+th
zEyct=5(Pe9xHBXx@4rYL;{=$=V3T?E`WdfY*cU1~L3A+_7aikSMcI8W&JI$pgzm@O
z5HEPvjLoJdPG~18-}8a^`q3ad0-ahm)X1&kDmEWL{cjZwG(6qJc_fP&#%?A$yga8(
zSm>#K;33P~G?cYMm534FA=t8BP9-_ygbHe4mn0NKZxE}%GvY+Q{FIb+-<r{6wX<jI
zyaHpJH7^w|xPmIQnUn1OW~dfa`(Mk*6u<%+f$Wl_-MOz+$LE4BeGo);o?zHm9(z~n
zw-lCOgC9emyGV4h;YDkOEP$HcD-f-`_tY)&Npf6#+oZF*<s()IM%aqGGd#)*&3|ch
zp=4O+-3w|u4-6OE#=JDE0uUMp8Y>n$@^^;`yL6hcp4jS-p#5Xk@#{y#dF8xGwQ0Cv
zp}!XjqQEGLygfUyly|?m`z|%Z&tGo;)cp7Eq^!P#7%|~!S#HQPpFt~&ImaMOh=x%)
zn&z9lT=XgBeRSTT%nhBb*iNvp5Wn8sAen08R6Nd?lp>M(`f0ruOfOr{qSz2uejLn{
zOOHNv?q4?4Pz+_rrGcdWfM(pCJ@f-|87wy<OI3E%<D)@g(}a?R_qGQ2Z5!wk)w8_y
zFfupcj%H{+NJ2U}KY<innvENk5GYI5KtL0`deic&R}8GN9xmW92BlZdyw;~)eTf7S
zp^4$iU1?)d*SgpwIEDNJxsAN>{ehH;Ur`O^#bm55Scl`yP(@>ID%E}SNJU*uyP(9F
zU;4fvF4aR0#kaFDq`@K(feG83NvNA~s|B7H_}qnw^S-%)Z?<=cjjeE!Co_m|J^?Co
z2Mz6ROj6#RLfNE*_~D0~WOUA0z@CunGr`bzfoOGPD0*i6Rzs3bgnp$NC6&?B&>_Ua
zgncaHDT>P~pfh<%i~=7;%%Mu;n1Jdb;|81A5@~TnlP`2m@=~3286GlnIW(>G*RmVB
zqf^6&g#J_-ip}YV-s7=?dk@c#KSNJlX>?OAXRYYf$BpmY0W-`TmUkVm!j1D3ap7?!
zH7c(&OWZu=l^?5D7n*q)1{1b|>Et127>=UIuT?2JCEs0RXoeKWFkv!R%-7(6=L8$a
zW&mKTl_yY3?F;ZSbC{e(7~qgN<$u48oS@>!{FfPE`TaJnui)WSWCrn6)V317$W$)L
ztphw_{=kCkh85p?{G7yl@n^0tiXNw~tmv><l5)M|?tK2&T}2FoC(G|?--xzp*gH<%
zQ35wfnl3f=3`8ifJk964C*5>%PPob>7*&+X?GWpdyCWVd2>U$a&jkf*Og?P#I~`(t
zsRXKoNHGjhgJN{MsbYpyRQ{v(&&fd006X_TM|?!t%-HaTP9%JUiL5_1#x!r*5={at
zR9);7-g^{~WDZk)(8G@&KQX0O;0_V{g<8S$e3a&UZ#|`{gPzlf_P!UWj}cO7cO5gj
zP)Jas;);&oZa3Gmo08SzhS_0FE#P9a*L(XaYk5>x)#_4?#m~=w79KgQ;;Vh`J!zNo
zHrIcR6o6M(CAwydDe48M5AJq~{#aGMis_X$>+K{$V6ejU=K+tiIeq3hvFlUK_Lq_=
z#{uy)Hh}W1i#1LJGU_)FR7jvF9zZ|}9Dh)K=j=|0r>5pxIKU;saCfqX08kt2?9_7k
z`woqPyM^#05gKBS%9V6YEtw^E^k21!;0EUTOs~&H)X!Vlokk@PW9o?1s>ME2)?GuG
zk;0h{Taq?ZB`%OKcpt<du?<_*Q`c^eu%glkg4>Wf4#^pCh!);ISitV#eO2uGS(9-d
z;4PtVvgtbgg*T<eivE~-^J4pmT4aj`(v5`#n)C1RLlrTc%TQaqoz$~%e>9)1Y<ri^
zHt1=Z5r3o~23FE}nBj}(dCiZxjm!gOqN5Y`TT90u;b?TPCsW7;rf<u{L;^K8|5kJS
zoG|9t^|yDQgs!m`ukxc-D!71)CmB+D4lKGq0xPYfH_v}$%z(a6gHhxA8}6#E(P)%a
z!EiSbp6OxIB*88_ICOprhu4>Mnk=u?Uti=cf6(O$+gI>o;l^dN1`(3&q~KQ3oQ2!k
z(p3CjFP6e`dl6;#TcKWaQs|%Ru0L!v4wyH{eDS9=7Bf8au@&UIDc18f-kh$_;ITiS
zJJPuF=>$G>1x<sQ_N~?nprSAGLqsaWI>+%P_SeUKWX{<hXyqQX3&8y0iaoIO3otOj
za<1*Vtu3VFw6eWMLiF-iqjwQX<vli3X-403P)U2tI-z*loKJq&>h8CP3}Yr2xIcM4
zcX@tbW#H`kqH62(aliAZG{h3vN$C5)dDBCSv@t%^n>TmhQ;Q^E9`4J+E(k8in3yjZ
z>#DGbDY5*cysG!memGx8?5A^0<1B))Ojnjp3_`dj_+N=Uexmq-7byK>c#iwg$P#J$
zHs*8AUajxGyBu1`PmIX5{vkLKDds%(VB-+}ma`uNU|4i}*a);2$p0iKm;(5dgsSFD
zg0nm6iOG%w@1120HDDy&Ax0S>g+Dd~ho$~D+#TTi<-rpMCXuygIThb;EL1X7_bKV;
zY(85nXoPsSB;9dYb?6ll=de2@TtY~>qx+PAOZOp*AtA53P;$ff#d{`|wqwItVPve#
z8CrCCC>M=`Zx4+RDWcJ;v71-tWort<+<)YGYzK^rS~II>I0KACh_Q&Yw3+Po+@p_(
z4tmzC;Wft;(kII0^3u1+22F(X5ZvW4aHeq%8~eG6p74}1B)<)l5m0{}CKVo)yj_$a
zA}FXKPQ*QK*yV1kZ4a+G4DDxHnXv8>2?n=PEm79#j4d6whM$|POj!)yNJ4bZ0Z-lz
zG5z*bzF+vqsFEf4Lk>x{l?hOxFG_&{O#FVQfK_(1BMNFS1|1w@v$H3{SX-f74Q1px
zKZJ+b)_yWJY$8XOwL%C_sd@CDuA!%<|0T9rBToS#86NCh(3e#Cxkp6)bR|*kvmO!j
zMIX9?kPJ`u0P`Sz&{Uy>%B-qFaG!^ZtLs*k-xKY{owp`j2pCH`f;_O?!p6piV3iJq
zMhFq9%Mix<s|kE<Z7m=FeJ&m8AfXo>rQBAk^V?Q?-EGpqAhHZ%c`2<+ks|MWi$#-e
zC4TUsYC{rLu`d7-wi+6%Uc|E1b9-s8Pg0rHS(=p^%l9`v2FtL|yM#2wphvP3>WY2g
zKwlC?417zgPpv$6{R@t<k(HlwsxWshb6@y69@b7-Ftyd~S`isNr=mnm1l{=t<M1x5
z@&-vs*Q=uEb8};FFhPOkE%yT%1H6JV1UWf599~ztSRm*6plBuU2Gu%z)~;jwjW}(W
zgX8=jx83)6HzL51xC}EHES7ArO0pcKVLba#B@C<DuX|h;^suji4eczqbq@f`lVjwi
zMqa=OXS|<%&-y>EH`))fjn~?m0!5x{WpK}O1DL?|iky2WRy?kYkVHpt8&sl-KSpC?
z(z^pI_kkz~M7IV~MCrg*4AKZ@+|P0L;`e9f80mn3d88N`CBnl{7nCt#H-^K3TDcHI
zzKDJaGe;eC-)r?%5dB(HDHNhA&$)7uycPRSf?B@5ZGzdf_4NX0XFjAVvHQ@|2?e7q
zmf+~SLOa7SB3~}m6oZ%hh1(N*zbK-oeF+>^b6FU)z5J${qs#>-f~a1<Q?HHQ*J87x
zT@hw(SOezI$IFR9k}&+hcXmyn!24BalcLB*oln>B&&UF|d4aZM+FQ=Fml|o(FYdhK
zwCiyTaQ1()AwUmMHEzUM04*DMn$OGbvt$jSVI)aQ$3~gAZ|}cm0^mQk@C2JMF4OS2
zE;3uxvNU<BD@ocAcqk=&T3$dSDO22IC*{t^T0^!I_GSOrVa(^Frq?Sj;H3av%(oaq
zHc)bQ5%dnQQ_-R*AAyqW=EYzK@v_V42iwiiyz|M>>~>#5Fw(94NH720{A=}n!snM0
z4yPUdKpatA2A;X}!s==?up+-{@Vsll1cVT*I?u?x)?Wa-$r_;y(nJr7gG~18Z7A2n
zRJncF9cPe3TMqr08ips!^=UjV@7FJLZVd0Q4kpk@%GJO21jC{?;3gJSYQ6k6c)`5L
z<pPjC-wp~wo##~=#|b`jRkj?K0YPlLt;e;aBI(O3E9XlSz8pIg@Po)eJck3Jz2{6O
z5MAT<a^n{^?YaGK117umac=BA;X^*3M#T?oS1->V4}9lI;oHeDfnd(gyRoLrabCb#
zH*{Ea6gDH$9(I`5%fm(-u#&{tr{uYy>xAeFd>{5p_hS|SO8;Sb0cza%0l4nGn%>Tc
z<2*-nZ5PQ^s~=!O#Qx&6&axmJ>vS1?4!?ZlSIJ@BVuAr8^_ZF@846&JvB1nW&!~`4
zI*o<h_Fd-&x(V+G1{-9Kv9-h+2n&;gEu9r@ovSG$QeEw^X)x~R;LH?!bzr|RTh0=)
zy}z#vub`KeF}9%Vt*fD(pTIT)T)o)#Vf!_r9xX4iM?KGSfb&Ekv)9c@c0T-S6>S1X
z=0hpTcGX_&*vs+i(MEi9n&8JS$?>#;xj9hq<B5*5u(s~i=(xbNpr@jZY@xPYs-?hR
zsF7i8$FR!EbsFb(|C#<Vka#LBva$WdmL#V|o2E@HWrVE6#l(aR2n9kH3#?$47JbgW
z?V~zNi1Q{-5;aq9>U=t}&#&opK2R<NR8^`t?Tz=pGBU2PCAAw*vAbUwH-O!F+dt`3
zR$q_#3RY0B(kH-suF+K1x^Iydbm{-(6^YD!N1F?T^1Q1Je?_E}R#hRZqs5pcv_4*p
z0=glwgIRKXu9w_Lb=Cu;7+R?DbsFsmI$oYmw}GG#y>M0_^5e(p-&z3yao%2Nieo#!
z(FjJ{-BwgW<u10r33gb-P1wOQR=kntrmhY8A|{v>Ub*ke_fzM`A4DfypRm>$-bV$z
zyNyI`{S@kK2y0N#=_w7CnltTBmmHqa45!w+AxIKKq$FFKs6-Mw|50xm^uv3~0tQXI
zhy2_3LFT2|(!G5Mgq@E8NPJBkVYCL!P>DLz$u5^1G-bk7P<88Pen2=%ARU%f5|Qho
z5lI#u0ve2GVwJc$d`v1A5LF?n=@R!TYHZEL<v8j?iSTg^q%h*qg!fO@e5FbN`a2FA
znE7A{A|JMJI4uUd=G~O_#%B`H=TcO^4WFA$f>U=16b8ZP^SB@ju8ScuQ9Nmtc^pL5
z*JF)aFnmE86+BW_L&v%9ZW2zEJJI>H(rGkXs&ot770a}dZ0lkV_U^s!0xgspzm24K
zZC$8VVt$aflsX=|AftkhgNVIIyluJrnW;1ymRG@nCiGf`7Uj~4F*Ta*sE~9#G<Mw#
z!45sSZ3!m$>s0Y&3eoY5^pI&nYZ6V^SoU9~<^+goG!l|aex|+0rjFI+mak*=_N5mJ
zov3$|k~5ry>2q1z$T{wtSlDr}GC|YBKzQO+bF67ogps!&-Jno~L#z-kj+G~s8I3p;
z8jjb7i=3|{_tZ47tJ05F`TmUw5Bd}Jute-#a%1x4@G+L_=m?#F>o(Nm&E58-?#c^-
zR*j^h1}QiDVSV4PBZC*uYSrU!69SW&o-T;mbrz_EK=hHJ$6}j@6AYdoEg2T6mC&Gk
z;D_f7rNe`gT%`5a(lz+#+z;P}l?}oQXdV<D+&cYN*pQ&$-LQg4Dh)wuQE_=Wt@Bu9
zYk;KzsfheM3O6h<ce0jVL0xHU>IlhERA0<Up*tXz#-;v~%DNAv|KnCIO>_mbBVHQA
zOUygY&?imV@N)B`Pm9VLEZi;zQF?9kzJQimmf@3dkjR<y<=0UDnhVUkV;>fMA-jm(
zI>B#C3L}M1+?Qk_N>kA7TjoV6<>%|1fGb&shwq|R>$>FHAH)H_qm9@2SF<3899oST
zs$h>vLDgLG+$)#tUK)bm2Z)ePi0hR@xkh60hMGMZbIYf!eW@#bhF7D344<BPmo=gZ
zIPS1UqJaro6Mb5Gm+uCy<L<4m2ezTJ9F+Ln0cp>b&o14Rd#{do%IJ4DDh%-mME@XT
zp|H=+B_Fn*`q*0t$@qI;B<2PW(3ZYSY_S|ZIO$vkVv%~ekO)qXOyv{{wNw1vWrL?x
zQpuYo2tCNZ3lyE)1{B!Fyu>S(Vz6Fli0XlnU27By%4?)#Eq(h49TnSSMci6}f%b01
z0H8`}YmKL8JGe(|G@Y9muc&2Q9@b<rP?6fUL&0@eS{PUwajAjLil~^nkD?KSt%Sqv
zGN`P<zWbHI%n^_C5(u*hInnIvFJN-NAAHM|7}5sRI!qQ;G}&-_+C77NR<?rPZ9KE^
z@iq!THhxgjq)+E;N2~`PD=P&L*j79-M(>7DJVG5{qH&w2If;_V9YVFd25MzBVet2;
zBUc6y!f~<Tj~4=0yzOo*2TgMPEpb@MRS4#8Tga746Feg<I?802gWp6gLG8h@<qAK(
z-qda1HY28u9eAth?^0lQ?xtEay*xjh-!F6$9<F2X`W%VK>wRN;NHmZ9<h3-ak2Qa<
zv_Qc<hT+l!OBFm&e{H4~{%-cZQu27#VnMaD*1K;lM*lKnK}bDz(JH?>vYf^8?k8s_
zt^~5#yc_pDPZ7!aIS_`@bQ9mg)xL#U1*6wZ9$&YgRWB(vEM@V9H$7`ygH%TEds1g#
zd{5a*TGoJjpFH>~qdAd@3uxkujoyf04v(fU(QOxWV80~zs@hL<1wQ6*5`sjPo9f|2
zDl)>4=sJc4h0pA7QR-r-|DpZ-C~U{w=<_ZI5K;}h^8(O;`IIJ*IWdlb)_k$TABy<&
z$$HUrqWVRcA?o<Wo0pCsy8|-j)DL+&j1Zrqs`?z<Jrf~p9Vz$j{a0Y9*p(wfT$zhi
z^{abbqiO(lOv?FJ^gS`PZz0N!bMje&mZkTjZY;t6NnjCjUaEtr0)0oH8Cq`*oKJ%a
z!LTP=D|48dpKcJ?U;())%TlbhEQJHKpz3XVqR!b*>?t_qP1Tq$311tp56eCeTwx%s
zM?IOLYW4{4dR|sJ0D}0iu;8d<21b%;MX|}*>&%oUZ=n!DQhytF2SVo4eyTtN;MIPx
zSPjb>u$Rr`u+97>b&;wj5-5Bymcd@Gu}JMrXOR>JA*QQe#OwF`h$3OO>i6;#RQg3$
z2B3<xTg3#xTTZpGvb5~}p3dquGuvE_Kf>ucqM#ltO&dL}>RJ19C@|lB#9%kE^D%|d
zfRKxpKnuWjnVJQ)e1umTm4@@TZhu9BA{gB2HF>v2ly~{b?StMI^Y7b+vf5j`Elc$N
z$WkFkM_1Ew+d>&fch$SBCd1qLjlwf7oCVie-|h@|&$*sD0AY(AkV7b~#0;^pzz`3x
zcC|po<FGX`zl8%AA28^5Wq^k#=THSPw2nbsW#zFB_Bjm9wEt8?#a|Ie(a@%90&At;
z1|gNnRTZz(<I<Gv8W$dobNzww{Kvzu%10<^H{zFWu5X%})L#QGBA#e_2Rx3_vihR_
z0=+>XwxF5%B?dJ*1ICd%kR#HaxPOy<bg?WsTf{A?8vx)B{gjh*u8^2{(F<$Qa9VaM
zX2!QNcI#eFk2<NQWD10#+b9Tl=j}AHT&8Fz^lSeBQ&f}{kFT*100lQlLTFS>hbMpU
zw~a2bbB-68q_ePBoz-KuPA)H_sWek|ULNYOs#s}*F!&5me)_t7%Y!xeRaOSkzS&(@
z6kp%Sn5vV@?zqHdqv^cn`7xJvtpfnHd|E{ZSmg5iipd~Q;%;y>Qk`r`V`Gp5cwFpc
zX`8P7Q{Z2`A3D6>c!}y8Tzv{i&a`+x@r5O}MZ5n{m>>Op4&$b~H=XZs#qJIfy<A;5
zTi#QfQ$ow7ooOsDWn{@!Xth_YJhEuh4nqd;5HO&^sG-wxMIdW=xmhXo4_&*PZ9m*$
zQSMYZ2G`nj;^W;`dSmZzhdebkF@JR_ih7z;B((T~P<Y~QVBO5Memx!2s~(C={p<R1
zyKS3~b|&U&iw|nKDtd;~24CXnxkoMKYbTS>D0T_a19Fl%{<!sP%6D-a=8PicaNw~w
zuHaG*o0!>%(eMN-_F!_f>w-0km4viA4BtyD#FCPhgx%5Z9%?+@paejSLFY)rvEAq}
z-}{-es|0m-J2$|58ty<XG8M($;^`lNJ+NeWJSPoaTHNso#HhcCH3};B67#OX{-bNd
zPKAA;DJkk_w%l?A;j`-RN6QVdCW}ip1nYm(-DT4Lao^DlZu6+3#;d&bPNyuUOE5bV
z^{PJeUoq`)b?+n%OS;+!)yDLg_BzI1<}FS-Y4?~su`o=4ywh+v<H_B?OR7wDL}SEY
ziD<tOeU9TSxLh_6FTsk+u&^I`()LGame~SJ2j<OWH#OmYcTOLx@R~gt`cPSi=r@**
zud0=t`ct<vVOCGCucKYila#<My*<SOwBVtTpgt5)p;346@lV$a32Ea1qVl^Fnh1!o
zE|%D}QXY+h&C!>D`TFw7763P%-<e5LLj{DnoLIyI;>IJ=2f=UnChAqfy)GNOO$nG;
z+ditMkW)$V<x9!s#hCmWzKH$F<z(-J&g0kRyy=Bp(KV^8!9=r#2*#S6s6JL}5kcf<
zP$yYHE_D~-%tHIQ)i};je=@v_hgr&J5i9%XjNYI4Px1|c42*x_<%7aR=}I!Ceu9d9
zAR#|!bIZB;b#a;SC!+SRJ_lbUCwTCSLgGk#hR#cQZ!jh0vIEHll{4GVi>b2-uc5*X
zhAdMC0Vay>_avsLExhFXNq#^a!NnY4N!E}PCH!mcwk4>?4G{D(r!GV$;cvfiF**1i
zwZ$+*o9*#fnWm7Lx(3Aq2|m0`H!>Nw&@%Qf01NoAlDrV(;q4E4dV`2n`bLSOxdks;
zqTDP{+L{G?Q@=BM=a*|Y5?RL!@>zWVZqWI5<7q37l&_e2<<Z^(=|grcrWyL6U!VMe
z<tLQN3uFO&*u>iaqA*+$AflVZnOPSDy%Y-+@#lPNs;IdG1E3>h%D0L_WIlW(WUzsN
zdc67&u3!B3VI`M%++}2oA#)X1r|(GoOp;y<%`tC6(D^HB{Pi*{MW+^|zNFR2cQ_i8
zluaMjs=CJ=TqHoGJH4-B%x_BC=HIvCE>s)KXB0k(QpgL>uXc9^<=MD5ANOXDFhDQ9
z4gX3_!sd5T7wDj-d4<txQ7_TadY>0NL%0Jhm=J@zI8rj<!;p{Wq6nJXp)+KuL`mF{
z#3$iBT0P$A8T);uZRq{M`Ag71gF^uN==@usL@tX(mLxbC-6qu(W64}`zQAE1d$7ST
zJ_EYgKgkCsFxVunUNv{)`3p$AT)>1Q21Z2s!&%h6n;7`;-Kxwlet0>-CragS=7;4C
z`;XT*mdHk_U(I824+;zqGNa9B3m}F!UYH`^aXNbK^T5aFd)ex;pf7%f_)Ks(1Kal0
zH--PGF2>qw6au=*hoVCPrJbtk@g9`Ebqhx?CAC`8`6|(EcC9>kndt}%2!_f~>dm0l
zG;*b|AN=D#Fa@m1<vkWxEb2E%4t<!~C{)?Jl|zx6Sh)<iA$HpUe-yHZJ9xTAq&V(4
zxEb<25KK5G=vr6kzRWsobRlJWIi+?@Y5n*+RYOpz{KO1Y*>-Du0wNS9VA0cItIhmz
zaF{-=Gv7a=0@cx{0(qh~{H*CJ%-7Wi#d8)i%EkOjxX<@O-6KPjabiQaD-6lH5B1yK
z&oG9Dt^Y(mX<aCk)uI~`(@_nf_e^s3n_noVmXZvvFuB3iC(+J(TRWYS8>YZ95q09G
z?WuVbC|EJ7B1cWZ)JXF@<y@9{<uk)qQg41VDmWYG&SR)24Gw-;KRn%)vPoW?Gq%F2
zF#P>P+brT@no$s9$Uv<SjVRM;b<0g=-F;fqH}^|0p&U^K$ZO7diU{e2kmZp&{e{k3
z6vz~rqVFVSMrL8B!Z^p$DN)(_aSTz&^d~CC%WD}Wula*bF=_nK1f03(dw7Gvr7GXJ
z)v-=7<3|Kv|9B$$<0A{^?&4iZd|$p#a&nvLJgP?!@bMkk6AzTt(5Q-J`Y!AHE#w`)
zm%lU}FJs>Ji=HgH$-*7&PvmIj=j{CCs3c$c!Z&Jf-oV|Y!ix_w;Vk0zK7~R)_A;b8
zm$u6om{0G4f-A`FFh&?)Bd>AS;~WvybbU_+%@L3wE#wzT^Q<Im`(>93GSte+<n#26
zM|xK*s$@g72wI`yYF8XW@zNtwN@Qfyn9E}xv7kseC0oayF*!A{DdfS=3Jt`U9-jgG
z+ePT=5HJXKZ!YtuovY6k4i|+ozj(1n?5TNyyVTo7mjk^N476T@9IUwB{A>)qc+<b8
z+@as#R+!B9vx~AVTD{eTLp~Brfsi<yF9s|?MFNr7)|wy+#xB(7E3_-cEK^bi-mXnN
z4ON+CKx(5BD0|V_rPJVcaC6N5VFX6P2ycAUC>l{*(12OYQ+;e)zi+b9`<aN|-~8(a
zZCq<3)qo}fJ&m6PgG>6j_oKA(g)I6-27Z98w)@I$_lqi7MkEanzU!#ofxAAVEf=$<
z6I+eYs?|za!Rxq%bLOwfe#b;ry9Nh4j2gHc7faWTEYCuK_fL&6?I-#hb;j~5p^?|`
zdq?)P9<CPkAD^e|a$(bil3|j@e$)8uKF)nCJR8jw$BMqF(8$NQFDwS3vDFM6u&xyM
ze7R_f6I>6B^?M>_86=3wNYszcFo_je!^{<5z$6kkUdA_+yE6$r|MHm(^wauBB12VR
z{ch?P7$G>C0b7-vAu=TpF~|Iy#`|jZOViWZ4B+~Tr=kGXlx9$$PA_*bk{+_cE-pnp
zD+bQiLw-a_C?kP8h5tKLsY^z^v<)$CsnX{bb$L<~IXBcJZukWr25Vk;&F)8aYNGqj
zlOG>e9lK5OCC*7?!VjkcrlXa;uK^)M)bieR`h%7hdbl6+wx8~9Vsz4f#@fBg_JFbK
z`SE?Pbt{W(mR(zHufReJi?^94plxKkCU-vh`P{Xw5&@X|8aYc|Nj?~SKIaj@I=#`m
z8B-X{rIpPx$9K!)N`3|`KF<SueP(<rtDizY8jIG&Ol=%2PC#7Kf!%NKWH$GuO_gre
zwR9f{<7$9;631GKSssYY>Obnwwr`n{NN%2o?E4Pt^tvwG`1Ms4NTei&y6FaAp)!gb
zq*HOv78*-?77fOsj+n)AXCQA;Z~S0}@UsEM4aDvjX9>U#6w=j@60<P8e>qtThR!|c
zYgcG6>OHjMlVh%B_GZ^JCJU&q`w)$*6NHF?bT1Hgs5#zA(hJM8WF~#kCsKHNccxgK
zGz&nwoVjDaR#iZQr0i1gHl%FTs*f%2pK`)uwl^lQ!ll%~BJ!Cz?*ML+^e!Pk8z|sY
z;Y_A5vsq3YEdsatN#sHnlgOmOqy=>z@U2SYVr2c|fkBf~YeAK{PmDnh@7KAZi644T
zi60J~l)Mh5BxCKwp9TfOuQk@>%VB#j#0}FXIw*stNBSj+{P3(|`Mig+E`=ba9I)PL
z=zvevbiy77K!}8N5y3`EFUX@#&Xi1)S;ZBYpHO#>D6Qhj?>%IWlUI%xF$Gv&9pvME
zQk}lvnZ`gG@KUMCymS#W5m2RyE5`hwp3L-sB}aZ}H`ho<g8G`8f&ja3mAQ;FUEbH8
zK-%-_fe2**)uvt+JjZqRxrQS*ug;tuK@`#p1s~BM_IMl~${G&X%aRodB)<tE%1hcz
zWD(a9hK4Sf$cdRvry|KeCu_!c+;}!1++OJ*-&n=G#n0iuDiVjEd`!$O{PnvkV*LVf
zGmQT_d-k9I1yBMxq}ZXP$ARu104r%|QT%>Ps-E@tVvKE9Nz?bdX~W;QbR`Vh7rEc-
zHgsls(<@2y^FxykmA+CayHYAZHL?cqe*#vt2tAg3rYC~@b1WGboy6^Dt{iR8m2Ctb
z5ir<v=7IrTAAE^E$Lf7qRuBGY;H@1I3hRw?Aypb?EQeQgMt~}yIm)0^vc0O*qVnMz
zJod*4&t4to!*Y!ft#2ZnLD<Kp+sa67uGkd;OSj>$$LA2LZsO=$AAYZL)SC!8t74bY
zrdD8s%fY-q@4jKz95-VK341@$w&lROgMG0h{03nKh6XqgV4fW3Q`58p`Y0qlVI~p$
zP(Y_4?|jfeWMy>X^I2M7ggV!QnhxheBDehKbYvv~3icEe{{B!;oc;WaF%?w@MGsa%
zmQwWL%iDoi$t;V*^`g<9#nEEFCq;4r5k7v~u*z>BxGf6<6s!Rx;zBO^rMIs6s$~wE
zV}YUvXJw|KjB-B}2ZK#EYvHAM-+=nS_2-KMK1N=*KC5QvB{;{svh@w@)I9FiB=~+n
z;$Uzg@2SV{gXN>@c%(R>CL++7{bSzoQ4j2y@KWzDO>N`BO6{~+JUXIJc=T@TF|!?)
zfkRS~eFy-~D;cgn&=z-~)t!(N!i?z~<YA~_IPXwJs**EfPQgN%`}$86m<b4-K2Io&
zczWk%*L9WqweRC|HCFj@;dr;2-}BIS#!Glek+q{|Sh>dm2}k-)hmMOclQD26mY@mM
z;VncqQKI&sW{6X&tr&zj6Ud0QD{7vPpu*mt*?X~O2$8l#sm$Sr8d4X$fSd%$3MI=T
zW4AAG(<*goVGwPjWpPLS#NY>0E%}=hNbAZ&r>2cJ5SR{idodzIvXa|WaXXLbtL)6>
z`^Fbqu#B89je3!Bc{>&-F?H9>Nc@m^8iMT@Vd*77M5DUI-XY3>MPwwGExegOb|0r7
z5bD-}IBcmxYE)Pk76DuuO6-w-wt!7BA+@{#kJ3P`UNijiIZmgBSkc70AGv08UzmDJ
z%1n*^);vQo1Dg1s8!`DM*{P-qp=V0Tv8sj(GSyM#APwfJ=lH8?VQ2u^0uFxB_xFB<
zdofiK6E2*@H!+MMEXhTK9J@2DD*SL(0(V-oIRG9O3H$+Q`rJCkp}Z75QFG8*>qq>R
zw<lIIJX71Xf^NCEwffSB=_r>Dr;us9{(#(pS&fGnxxz^$5fl2%b^?#+4PJr><c15A
zgxc28vx=*9fIDmn=yqX-(!;chl2;F4=w-B3vFU|mhr7CMc0H85Uz|BX%(2Ja^g2C^
ze9&XR{BX#@oQ`tjz{a2}(S2U)q&f_82&vFf=oMQ+(S<FWHe7a&Sm%jvS3VeP?8Nm4
zMD_Y8$C!be1ufQBtHC|OHUGvjyY5zlz61NP$QgeCrmBny`1HdsbS$4)&eVxZbm9{W
z+ugJ{fy%!0S~QvrXMHBfxe_7XW?Grpw@?lNE}%(fZj+tDn{+0qkVasKZ{9@lj0g44
zXxYSh4IT;G)Oglt?hhp5ZN|e2fMJrgMK4(%Z!x!_x;3@<S`->(%^e!P9YViHz~i2p
zMt<S9#QR{P<6UNgR880|6Dm!F`aIx2yQrt#x=8DSAy$+)3Nvq-4h}%0sA0kdE%~YP
zr@)Kz0m4%pN^qYu+lje2Qfb>)G6xJk^Rrsv0#Da3Ers#ixX^n~JRUU3;Vov7Rd`Y%
zk=%M;5Tu<A1;y7TLNEe5o{GeO$zwOk`zJ_MP4r(*#3P=f6{wroQ^I1uB5Xk}CWRbi
zU(gMb*XFabwyt@7?(>^5WM#*_)$H6HN#>aGY7@YHu3W!}6>q-M3hcA8E`sv`EimPT
zY~91q_G)>q8g=h(+Mr3#X#RkS+CU)Kl1O3Vd<jKh_kX8pr%kvrI=8CmReU-QO&;An
zYiMk@%>-Nb*voEz02UbSdm4HMi8zk=xuQABD21Gf_G9){*4U^3OG)$vVJdmM2dO`^
zm1WAO_cO?UUVIz+cKE5=9tYs8^lu=jz7W{GO(@-|HTR4fXPERcdnBv)l>IxIA&}i8
zi7EsX#~aUFuV2kvzh_m>fe%gR)zqMlrqK7UHajur>eVo`>=!uL+@$33d^uGI?Xf0Y
z50thSm{jT-%Zy5!kl&2E!Z<g~aSQ!<7=4N`-tVp15)4iwfFz3z_#lH8#`eKyZOgeV
zsIU1Cq~p(T1S+ta+r>VPpZ%N_-8>ze&%H+_7a^|BSXMG0zD^I3EkiHkJk$EE`OoZe
zY?ZbjdSw<VRUAHzWaKkw($mv7-EKtzfHE=y782<cXq<<Yr5M`IdM4RrHcjbq$L$(n
z<2BiAij%i*-d*0_74zARQ8N910JA_$zd4gaBNfRBoYOdwibGL{5In~R;eLLg^7rip
z{G&6Ee;%F2sjX>@dZ9iPGn}ui%WeWDU;-v!0w!PrdjNr0e6+K7%}0N?7S}%7iEo}c
z8fmrB%SwYyNxl>>#k)ah2+h-*a`@=oTkxwVI`O0PCSl+4HT(cMyF=}W*<_H}#$BpT
zIpq`_d+f2e`|i6jVZsC~S+WEdTyO!7Ip&y<<8T)rI*HvTpQJAz>MY=kt8)1G`XV05
zB{7GWy|yQdTp^Dxs<%$5y7HoZ`PcC{^&alaCh^I21zg4W^E->~PabYL|CoRYn1BhG
zfC-p@3B&~0j11kb)aB~RzpTgC?`gy5Pj1EAP8b`4=!@s-aMN9&{9ymATK2M$lfF>g
z118qu`d5y}-`D4H(e<nG^yXX;9}+dyb`l`6c<8$yANarrLiQ3MavB$+f#^Cu65MXH
zfGq4P;u~vnxQ0SvKgx#!r#;Jx*me}9W+o`{hR71`Sl%uvr19Cd5;kx^&ZUzwn8WT_
z!Y*-RX96Z*0y|Bhvf|!OU9{8bI)Vw9fC-pD)d{FdS5>Yt#$UZ-9X@mWW?b>2QMlwK
zW7(Yv_~WBpxOZ8eV~!K(?ry?UGvA3jpBampbAg%^+mz+D{3{M<#?NRydEE``@Bwz;
z`s%ADVFHH%#Fmw+pBOXLIFQ&1qOMo5_2Y#o%kIdNUvQ7{?|SmFIOt%KSFOz9>zj(0
z#XF;imJM~W+F7U1%hz(w<EI$$vepzXotObNh@A<Tzz`?U*;Bx(E!pk8Z>ZuKux8@_
z1iO8zK;aFOJXpV!^n?mk)6UmVRXhP_WdhqJpl7cpbD1`}mi@wgFK-u?4~`fDy6<(j
z%bxN5yEo#Z->k>QM>OF-UN!-vIH}S9+|hwQEY9J=L+dCu^cc`LHqyBMkuK~r26)HG
zP2t&~bmBjo@7=QzZ~g5CT)2NdzWU0EXsO#V5u!BIoF0t7zK|B5P5S1?udcfeujZ7y
zx88OeUi_jLg%1%XIQC;O@?nvqXJXi>{?DLVKw=<&;+T&cI)JH!lr7|*m-rA0U4$Nf
z4RU%-2G_O~aBv-P#^_A-DLF?IFo9u9K*FOGrZ((BA=iTvUx@H2gjA*unVMSYMMtTm
zN0^-nn1BhGz;Ga-_F>%S{Mmh*aM4X0aKS;1_{2-c2l26(J#emFn8nqv8imPxfxXq0
zFl%fbKKZ+L9KS4!gZHWl>F_ZSUYNb*n9=B>CFGLdZ{*k0*W$lkJ^@Xc$WpSs_vk8%
zUTzJB3#pVpIC$DiPQvFu^%<OSbTszEA0pfi;m0_|?oVm?*i3s^ONpP8*QM2!m5Vpy
zD=okHn6~B0LE{Y#1WI-HU}YkWpRFx~DSGGCSKdrfH2<1_379}70afB9ijU5YO(?8g
zhV;5cs9F0sl3iO+sB1=U+&pxT+Z*W#Gf>ww8cB+f-s-0^A#a<237CKh3@HMt-}Tz)
z7Z11L!kgCP{5f^F@~rWg&=9o`J2(b;R#T~0eB?L|<faF@@Z(2%@FrSBX14<KS7h<T
zssaw5nZe%U)4koT-ua@j*ut5y{`J<)XkxdUPn|v<4e?Z315mhc!y4SQoX;3OL<Z|Q
zq9;-<EjG`bd^o=R<O88MQ5YD%s~Hepf@u^fa{hVdzL?QCDwJ7FtLX;C0wNYFc$OQ#
zU7y80yzrBP^&@(#xD6}qgb4fz;v?*ouNb$Lki538m~N5j0XMf5am4y0=1r@Q0{GVi
zOuz*CA)sm`PZM_M^7*J=a0|vg{(WS!YuHa^JQ7I_;-eL0!CK@qt=K&0LbUI98tP{p
zh>WZy{iJ8FAxwZ5yZ1d7H#m}zh2>h?;d#P+K0~6Hll0(*!mC?wNrMix4hPviZwQ~J
zi#D_ggzh)tJ{sEP90{e<U%38O`E>_ewV)lSPvc!@Ou*FUG$%7EA;ame((EjA&xRg!
zb1L3CiiiLGTPN;$I)}?&+=yn5?fCZJH{qz6qmb<eK73Ofu0Fp7tqsW_LNr^}drlsQ
zBIADSwk?>_T7%1uYwZ;%eHnHa3i#Bbhw$qy8-jIR_0Qlq7KC-z<V+1#u3pNM))<6A
zOq;y{HZuMHIPlmPr0yFO0TP4WoG*goeb~i;GY;gl;bQfkRWCDjcZg$@*95TD@nHG5
zZZJ9R7K%Aer&fa}I8E=yToI#b60<V_6EK0k1XOS2S;=%fc`wG@`6V>1y$*%iBT%Z_
z7p0ANpv3N>sNr*B+|iuo0vPwm$I!L>R;)Ym!@#^_k>SgetrImysfQ{_KTJHXm!c#7
zeIW^`(U&Z0!V>nEro}zQ*LsnJjQV0H!ZbF#a6xfI*N<w0*Oyl@T+c{^6zP{Ma+_WA
zIJ<sW)X&<^1hz+@Qgl>yzp3=!UVI;Wegsqp>rc9w#*VMOcr^ZHV*)=+WH5v6!`Zb_
z4Lx&GEl#AB<DEZQjt|m;ap#gAoPT&dMm2DPq+8aZj&;S!`!;ZFNCNk-?7^Sscj47X
zHue^%C>3((IDoUU&S;66%2CR_L82;zyPK$D7I$^vCAHDZaaApY;lg<`AwAFL)$qmH
zU?f^jL$zBcRodfi8`-`tvVC3s`fgAJNPJPA;Fl*?P=qv-Qb8Z}h@I{fy6~&*_$@)%
zKT;&+RAN8ws{2*^#4m8WHBrFg?h+pBNaDEG+K{GyMjnBv^6qn9ycNRT5Z^m}4tv)G
zVgkBPI+s0)aeuuEjT;|CzW#V5_yVKUc?W7v`Z7|JDMZ@Wq35<MQOb9t*l+^s+ZJQo
zZJ)xr%x96BeR#OpbgPA0i9f2E6C9<edsFG_N9(w{vM>>p>bV3hSSempH6GY;g4Z_>
zJtI15>amVK8!0HdB`SDfdU&C-VH?Qss;PZa!=;wnYJ{|M8CS}pA=`y?i2@{*L7s0K
zvwW5n_|mJC*xg-z!yPpMyl@8&aLnE>906UkXhI9Mbh5bu+dQ1QHJL^x&G|dy5zV2N
z@HN~W*C}oa95Ja5-{EY#m#hUou?hG*x2LdWTgSTLBWI7tmwvYfH$T>adGuefrVFQB
zyAhYouEXa!?XKz%xx*$WaqkKW5Hv>9`SS99bv^L0LK44u<z&39IXZ(l&uDM!Z$TDT
z?soS+5Vjs0tS!}VgXw|*VVbfOzff*a1c(Z+Kf>jl`DQ~;9!ZK1eWfu-kZ^K5L7k(n
zP{k(q!UH`Vix0{(xC$s?v&4r(0xKDAb+;ZlQKO(7*sBphAbx99`6j9Nw0Q4CRYk9l
zH%y=p0d=`aqN8IAnjZQsn%3WpeBF_(U^xq4*S)BF*$<GOeh9KpJcOEg2O&M>YiR%B
zOWAmBMj<l+^;_;{ykDbp;w-eZj$;F~5MF{5XwmIp|I$ucUK?q7ZK~xAB)T8@lcs53
z&oG5ydo{R$9#VY@>)q!;Koba19#CTB+1FaLD`v2e=By_Z4Om}FVqI4W>nRtv&?dr{
zp<xW7M2N;Bau!ZnNg@#<A)<xy0_y!dmf<HP>oF!##B8R!Hz$p6C}#OvpomE^F8gz^
zaXGk74>r!q!+Ta+8m|<5_#+#Q9+uJM2(I}Cm-}F(MuD5lW9`akkX^q5i8W85*uD{o
zx<(|%PUkWWV<t^SOLNq64cB!rvUM8IBA_Pbe*E+N0%x^)1A9PylFMf)HpcP2!MLV0
zK7HO4Jj3sLyy|~e;`3*W!KM%Gjh4*TzbQ6b@tuEc!3BqLMl3o_=liXVz(?3M>$(>7
zijVDI!{{&eS%tI5b_onxjjCtw7QO}O;H*_?K8#B=i$}F74^$|ucvBZM1c)}mUhhvF
zNFKUR7)I|M(|j1L%O%jpeEN&l8{ZqljzBCv)MKK(s|%g&n~~kT0VU2_l&Wh$X4F_T
zHZ^lVSY-K%!w<U?b%A#yfrQ?LqqOW1G(UX<ikbZ>KG+P^+o}3PkY9Q~dj9g?C@y&b
zxhcS?%NC>N&<`Mc@28MxItIm>gD`5@wP;^_GHz`=26r#+#G*}{Kb}vdjeJUN;(83H
zb{s<i(psOySoR}6Y+?=eom_*_qcZeMF+V=Q*l$?%lZD7&UTSr<%5gwu0clyYI52a5
zz8-(?slnrv5{oGiwlKSTJ}*>5=)o4OR$Ob|ME1Cg9wj`k?pL}`*uFp~mvvm`GnB?K
zHuJHycPYn@=B9BpyJPK}Vb`u~miZ-koFY>~WH21lQWr1XCtcYd<T)_{I@o~C@oQNb
z+Gd)^a@B|$cDqp1#zJH;pbthG;V&C2SFXUuhwno3!~cg->+Yb4Y~$ZPhYTlp?ULh>
zs~v+?`@R<I4><+XXYY%2_}+wGkZf)E4n}F5MpV!0s&HI6zB3v)p8}+b%f~4~T389F
zIXSH*gNqJn#3{dAgWtbwOn8yRW-5Bv;P~FXTW~waE&u4iNGyJrR+RU$Vz_1$@XE5~
zLuowMrBfM(qkAFCJ!k?%HE9p8sLa;sU;&{>2;xDfSN@}`yo%f&@Wd6aj|)>}Qsr!6
zQn||RU46oNcX$#|#oX4>iB(TNg3_b6qITU9q`Q_Pk);T!pMtKsDcCe+e`F3i36rPq
zjrv+ODeO#OD*@FqIlUoYyA+xBf1uEC9IYE_X3C|If9&T-WX2;o?<}_Z?xnb8V~^c!
zBFFkj-6y&iqqOQNT)1R9u!c`BeRxO-m#eVFvc0N$($h<7nN|^SfZ}VW)!^`{85}vQ
z5pyQ+TMP`M!H|kqjv8g--{(PqRwjyqG_PeX`z+Hig@x=__0vQn9-|;=V2XNo$@W6H
zG`c)}pDq#|@|V+Ad`;B3N|SJ^=ePWLHL;XwO4K}Fs=@2KH{*aL#Scv<CHC{yadpw!
zH7D^w3r$ZadR8w+{bRSFal=xiJ6Yf5Hc|+WL%v};x+ly=``j0!mKM1hi4u-+@!hm*
z<aa%G0#7epjGjMy3zHW87rR`|L8)dU@2JVVG<*S(??9sKA$ILM1oi*86m8F3fJG-<
zgjt8b2sP}QWw(0>=x<kl-^XwW#*aDf<0OiRW{QvxQiL>?|JdKknXSe(Ch?&=HsOJG
z{w=Z1p)n+v%&x~1=TE{YzCijR<GqVx1iwe&@fuYqWhe2WUOmYdV4Or;hLN})Gy$S(
z+{Av5HGB(DR7J^)6*=7&Jlc<_2zN~MQx3~jIe730PmJ&r;urZ;AImNe4a}!}Pi>9o
ztzk`I^}2P~aOVveeczW+mt7XUO-k`Kb&5@cjq}-%ycxw64d`5O2$mdkF(x1TQnWUy
z*<e>~0z=mN#HU1ojk=olRjhI(P~$pCg!s<8ZZEzTZ$NSJO{hEP3lt+Y$UXcsT1O7$
zVRq7C7novl7Dlx_hPO{V0av%xV+!AZceA!pN>Qy7HD2{1T%Urf<@DeMwut}tiB2x8
zp#Ij5kJ6NX)`3l!F{U<j%_>l+=mBQ;d<pQu&u2;<zXz42H9`%6HHkVrM3KN|UvO%g
z>xCCDVR+nxsVXa(^D&}Fl8*Pjh2HvT3CH;83eO)|QJVN5x|ddv6ZuAapCZ2<)15^o
z!x?rsxk}V|D`fjTesnLS(9yO5$p>!4#7BODnvVN;Cuyt+`+HC*1FMkOa3`9d$)e|p
zBe3qsccQQl$0>2DXp4~NfqYP+=w@LT@RiHa^SiHM!c$-1#1_Y~UdZvD(T&C9`OQc)
z&qZqge?orYO{`0f!Kk%=LGn-Qu#{tyW*>4iEhUvV<)9SIiS!}x5;hBN;^jDtVxop3
z<iivpsut4xIq%5PIOlNv9hLw1>8}~HbX9&yBjlSnq1M+J{|)?8l%GNsIm4B{y&>@t
z$Lp;_c--#!6Bs-J!mHInaiEI3jc@)^yuf-;gePyf*yRhZReWXRn?U<?@ow0N!$e2;
z0HXPuPna=$i_pw`%2C2m{|r+Cy5Ovk*HC<H{L@b{>Hhby-FP^=&dla>m>ns2xYThw
z`&1mjTH@d!N*cRYq4t)GINs<hNSt&oS{fTdrQiyodiOxgdT6~7(!In71iS2|J67`k
znH=tyUMd<$%x<BjjkluywckbU5idp8pMT7O=@hq(NAnmP5_Ib5nJIK&N&~0q<zq`P
zyd*jJ5<IH6RP%6KZB;dTdw370SRYO0!X5zp{!sy+<+P1gKH7=TAKr*l4`{}i#xy^u
z%D3pQv`A>josg$kKWypBA=}xF*<(3sgZtt*oejSeIYQ$eHrz+?8nH(l@|?H7tGxr=
zZJo$=^@N6lx&oKjfGE;3uSreR08FOSd|AzFt40N%Cz<+M)HOGtp}8qc-N|IIhBIOv
z%RFW>4@L>sTLV_twdc^C$YOL;ZAfp&&qg67KKNZ4julAV{ZmYM=-*h5xhS!IE9TgR
zr)~mUNo@Uetwb@)#%$ewsO?;i$+vxo;~qbX?!#Vzx(1F|u_a{Zun$V;1Uh=M*z}J-
zW71-ZkGkV|Iiv2Kp+ew`jnd|SpyB+l@^N(>Hhu9<Rt5`^ubqXawujJj*ELu*c_yYz
zq_u?iVO)m}O3|E1AfW0suBOkVN%WWeJARNx?%1ihAs0=cs?b~AW4x5-wE_Q0bLvH{
zQ5Vj*zF59|Ij+C{dYo~_8JIhFZf_(#|2$J(FOKK6F=zsW^*`qD127Z#AYRLl5jN^;
z!@Wv_oAK3GF)O#VPZul8tx<Tlly8_2fET-)Z=m+ANnvJVCIk!q{u#am_+;<kc#m~=
z-;Bu=AEnx(dCA$VW8F|{zZ<13In<x~4ZfjnK-X_CV|SQYoRy}5jglD{f7ko5qGcQ!
zk3YR)#*yKRVyKrqerRsqycuiOtO*tIkb5Jf`hsHvigoM=T-02<<%f)3d#gHWzYk6C
zxD%;~)6xFFSD>)yI~@DLhD1Rl0m@<3xJ%Wbxq(k2wsbWmuR7f5m4`w^RT3Mr<vmT`
z+RZMZ%herA3;(w?@kI=~2wir2C*HCtiFdGHz?7C6WcgyIoC{O3drksmnPj8CqdSND
zmu^N)vJo@J)}xzjCvt%JYZ9ArAZ6dJZ6$nv<z`w)*Rzjq8>V)4g^$-tc*wL-(u**r
z6|NuGx~{PR0fh)SuB@}M9&0H;Fn%;%H?<WPaD2}piEd2g>{t>#&Gi{Pv#|^JFYm@o
zez0szv${m}-Zjs8DheR+k>wakJo;x$c=+Q;qz_`ZKZ@q=r;yqIO{hQhA_@@-S_-1B
zJFZ3c?hn!wa{`j=)-&PW&tY}*1mq7mIZT(S(-_#XyV&*v3>?)*o=t!-)zDn?^iybl
z^jExh_T`^Cr#1*CGX~d8X<f^a+WR%g%sGsM(KpjC>ZX^V^{klL3!|R-88$qA3bNzQ
z=FCf5-=se~GyCi+0p0rgTR)fGsLtk&ULIBcIaK~_$X{*OnY>)L^RaO--+O9?JXPh<
zA9w;?Y@=Ly>811luDtR}{L?@E6K2ht6)YkWDUq0T-5vn#<j<f85M3)>@R?0Dn8LoY
zf6V5v53g!Y6@R7M=E|3EiSSflARW`Irt;=Cw+s(y(t<^N195J;26I{Y+YNI9<?F3V
zef0g`q~+sKRuZ~j^gv#L^uCv%?!|9J?VLl=ecw%dy~)N!Vs7ZuUrg4brqGCn`+td5
zvkt(tsZ)9T#1+9X=Q2c#AM;(ib}i=3n}=_I``b9}w9_zi=FHv_zpxe&RuF6uBspP0
zu6Y^~g>`H=@_u1Mfh|3h+U`O9`M+criP6~fk!hjK96~?~+np4+M{$D#o7w#(S$rB@
zje8?AdLmAon8ke?+AtxLVqI2#d#-F)AE^uR2Ks5b&AsYta1dXLOlhp)K=e%LDpXgS
zLIYp5Ws52NazPJHo!O0f6ZzJ>PnFmU&l~*`(0!LA<NKFx!aa|z!0V6S3rEas<v{Zk
z_U0@^Q;Thw#(Lw#bUQYW&f`&b)4GRUDIV%#i$Y@swP<=Wi4kqHAsIx6gh$v;U<R+*
zNlhsn-k9UHZfANa?8l{%cSN$5FT40$dTdoYzI)3OlsFb+_LMQ(G-&!Q__I7UDkX`Y
zHH$HJ!S!quP2tNF-kKCri4?yzz;(wjK8pPOYuP>UE2ux^^~gQ;TUtX_p_pz(I=cxi
z5Bv<9rtXI(&afnFUi`f5%}V!X*rCAUw%s5RAWU)1tzC{$8-9gi{W0OXh13IRT2~WG
zQGeDikX`Usq$kZ}mD9{dY!}-_{CFL$ubCpd+%5bEx{o>yHTCu3o*JamIhg?n=ubdm
zLT;cxhuFW48z*WoS=q75>HYhvsj0z!`|XDX3l`w=%P$YhfB*M?<LtA~#+*5G{y%%)
z0bo~Et-bD@+vZO1eKM0ydI%wb(1Y|M3ep8cpV;-;@rgWrD*nR5r=ZwTK?GD#iZp=$
zArMMP?{(59)BElB|GstZzPXu9l1WIWBxlW>d(PQsx3l&>YwxvJ*_wi$?A+)Jp2UZz
z-=Xy}?z?cNWE@io%_-%_JTvE%M|)fz;&YH6%V9^N&U@rJKsSel0WtXVfuNrOz31nf
zx>a4u0VxP^lZ1WWSo{ZKYZQ*~NdVc#Z3ruyW1LZ$mG8kym?<$C>3|m;$ZQxI7_cT4
zP(=s?u?qc`c)ONj)%rLcgyHfE&a}6RYt#u6Yuzs03wJ<G0;`5>a$Rx4;7Ttzt~~MY
zd{$bwUoDZ+GR!G3NN{#Hh#%9?!0wT$h53Gr>cA&H@d@a}yXDS1@01UH=tELjS!t~Z
zaiV?*-{;|~wHpf*ft*qar;h?N!F~fW8^uH*Ynu3`%#py71>!#Sf5e$V3q#n9G_HqN
ztiNN0qXc(ge$yh-o;yamp^tw`O;|c$bI=%ws@IeV-mR5}<)CvTvE%OPIX)@N@=1>0
zE$LuV(h!aXdu4`6Zm{+aT7|tNK<1y>0KI>xhfRl}dKBtCb~o*Ri?h%5Knn7}OWS49
zu8@56_!5~tHeV)`XGkV=?`MHz%qs9ncf43OcZKErj-a$bZ7U4MgBxs7hdT!5gY<!U
zIiPx#Minfy7rhf@`P@>9MXixwB6Be!a%DS)cyx=qp)nw@uWgp6mNv>$^S8-$XM(w9
zpE}6l1f{~gCs^F=YbCw@VeCD_y=ky(F99?!yy5|Ic<~LDpDv+=pA+AS7f4$9G&oN9
zE$W*ACIoJxn_rc7cyNp4SBQ)Cvr;F2m98SZySrNgfq=fB`EHYu?2CiO0M+(7vH0oS
zz7!I<QheVSXB0>aU{khhzWA?vNXMt(qG!c@=@;>oE8?8u5h#($7EhoVZhN;$JiiFc
ziOIu?VgC+32KYUt&Mf)ukojnCZkFxaw`&DUOH0)r<cnYYqVTu_5|Qh##$rKEro4lF
zV4(QBM;?8>Rqt~8iqoI4zVhiSY+reSZI(K`V-EWFV8LNwKv;RcIJB?iyozjjtEopG
zXb4CtUXD7__)mbj&{5h1;%tSRc*=$#h-l#xGB%4bi2N4@oO3E^sAq*A4BE`ZNfX;Y
zgNgyu7U2jy?5|w_qMieSoah@-nEd9<fR~XUNp#Z^@qhdQxVJ%@>*GWm+;BC~<-qFp
z+BYOReGaZUb2ykDF{mgQc7@XjkKpss(m`bA%$f4mTW`r1zVHP-?z`_kIq$slWW<OO
z`dpiHfSZH80x}GVjhHOm#b-<Qw!gtp6jBiE?Eo%B0`H-(<&}wddMWx7!rXY5^)M7)
z`x8~~b9Swf;D{S#VQh?aU_XgGze`T5$(MhuZGyyudw`_LoWgXe%JabmuSb~<_GL<b
zz?)!^J&OG%FegD6U!5BlvP*KWi88-e7H)SU&k$@GY?~16BnR>1AZG_D#kx)H@|E=+
za_+QZxp-Wz<Y#-NqR20m*qAmSh9DE+)@E`xmNL;Eq!v6llCXUYuuV99*ET{RA2BQl
zX96wI1>fElk-EliX=xA1Ya83;4{tSK`5Uwb68<#w0h6oA@4#o2fK~8FSF3m%U~{CC
zSj*<fN{hPqN1_7-B;Gtvd>8*lq78Kt-S`Y7!w5%TjYFl!)m10%)}82Q@Cb$lx!%AD
z6W`;hC!ds$TzO^h$M*gEz`zyPT_@i=y&T^(m_ev%vhP4V2D^{>;-2v(agUuL9ly9h
z9EG$Ef!$H}PBdFL;^B|?5V!i`o${Cae<5H0-v7Rjn%GGP0|RExvUBH7Eq=<BDN<iw
zFW-Pfgvb4l{Z0OROcnNu0;9^0a2Nn<$sN|SKuZRz%6n6>LqwcGc`jTHTvL-HOImwm
zHGJoDlP7NM(kGZnXX2rCyF0S3AmSNS9WKOb;}x~}Fm$&jLZ-Yv^X(N#!u-f1kI0*E
zzA1j_cH65$y%03OxBQp`SfxAe_~YdwUk<ci>LAhJ+Cc(1IrL<MnByKR+Peq*WDK1?
zI6~XRhsocs?*D^qUcO9x8Bm(&)u&9B_WAu`fOvJmc$X?zgyqYZO9t?rnVG38t+(8A
zi&Rxr$;~(4EVq2}lagD=l|oL4cDLF4t3iKKqb&5D^qgX8oBk237{4d3AZ!ENSt>Q_
ze&~Y`rKaRVEf#t^$(;kK8&v!<3uR^HCGzu)88SJyLnc>bN*U<RnN>N`)Dx29iZdk#
z>Q<Z!b6463q#;xr<U3O6<HAA-SsgOdbVuIR6TyHK#Xb+%%np;=&WJ;n?}*5^&hSe)
zT=#}xm_DHBNqP0*bjc9`C?(Pb+hT|xNPBj9i#)rq88#b!nL9RDW|jh{U_NreB;>&8
zKLaXo=?OJBABGGcba>rpBx+*?fcF6M;{Gn&Trz;81;*tq9bswgj>+=IpgghxdR%pI
ziQ|e%p%;ZCePahkB-Z0#8;xmDc0AA}?v{06CMbPlAV4K_uqVKarGM}z;w%~gb-`WI
z^Xem*#IDr+X{es1liIW_xF&Ca4Ge6SGGHl7I++6OhpgWPPz~YaXkfp+l!_cpmp~{b
zWgQr=qA&jrD2FsPEgx?PL`Q<+EI3gzFZ;5DHm??E@j2oeGYf5*AuhQ34li#7F~E`p
zm`4ZP=5fL8va4>8n?8T5wkI0@Xu{M{_bwd2DCJ+XW{n!4)Bdrbpg?kRFuz^0MBkSS
za3A~F$FT5LBQ0H^7sIVd(T%CGVA(Vdd=nlv1|+rW)ARjuLv@y1zXE#CSefPqQXG^?
z9QTAo03VR3<HRAI{{#*gVXPe0LErVq)j2W+`5r117Z=Nn88fs)*^|^m#p2;f$8VIb
zOEdDI9}7eCK0QgWPjGzQqthfh2CISoLeGZ|sIyd6RZAfZH=Wocz=k7(0e&+SM{nJ_
zRSQUm9&<-WhcfgVH*VChy1F{?dVQ+?p@f*tHNXU!^n;9mr)HYepZFyyedC9c7Hj|$
zQYg;SxfY#K0)vWS@)wU_pOBs{umee#jg$UU9&DN@+d2^*>QL`h<vDPlS(G7T9ALDN
zgf4Yy55gDYJ=Lyw8^FxA1D=-}I)k#kGbGJW8QKNatsOy3K&Y>ef9=p%Vb6kN-&@Zw
zhC~G_U`RW_C}Ks19T4M06c@8v(HApd2AB&e6vvf+uWXZlF9pK@dmDj7L<)T}GZSi6
zkYE+2yCm1=l5DR-(jlS`pgG!+Ne33kT42oHfHv9=b*;7aP={(EcZvdBQ7OQNhyHvQ
zJUT|O`E6LTu+TvR9=6pXwHKKK^aCgR8$Gg_L5@rW_5_K8De8XmhY-W;5cjkjCF_c>
zN#|ous9^mO-mq#BpWuaU6I=q*QGx=ovb#29IEW7}4Dhhw@L?bm<5gW@EpU$yIMEB@
z5vT_jTqfado8i(sOMGYD1T{L?cckaQslXhGZhlE(Et{d%iLh9mguEY={PHR($c44D
z4Z{WloICQMq`Rr9Nsq65<tuU}q>RU75tR%opLMjubKPEVg^;}i_lh-O0ZK^qM~mc@
zGj3D`2doy!f(|<aqA!H(FM;a9kGmpr&z4q6gRvkDbogxV$^UL-Xstj%F}2h->jY7*
z!+7$4qx0qb5!Oe`*azF5B+O@?d8TG>{|p@rv|;1HmgRpHe;W1g53W_YF{OA4qzCRR
z&!2l1HYnquZo`qrz>Xa|RON~`9~4I$=Hsrr?vl$dzg()TtF;PUnCVdkY2X2L29r83
zjM3v0=gL-Zu9Uv_OYye61IzKZz_&s&gFPhRwgwZ*oiJJ-A>oRdvb^d_`Agdrd9*%V
zYO(i641)?K6zpbv3(_sz>NQu4=pL3EqV8%B%8u56)Pw2Rf_Lu1M8(5I0NSoqLS=_G
z9}!U6DC(8xj?06~0&?oe4!Lk@jzl@59t<>T4TsT>qBMahOyIjPXm)|=V_VSv#s_Ot
z7t{o~7f44_2x`EX*mJU|s+ph-x=9GmXjkP1If>^A21g}0AjrpcS`PMf!HRV#>X0_H
zSu^stJZNd*iMYu3Pyl_x0hPaqA7b4`GCF%Q2=w~r$e0Blqf&xTeO0{2e?Z)0W=doc
z)OGx$wVD!Zlo)o{cDm4ibu{hOaZpVwq_4%kL#ec##=-zr!ZE%?i^oXR5rmp2u#CRt
z@K#A|^S`8%PE^pfVi2ObPW`B4U-fP2e&mx07vD3$d_V=unJy8ie|o^65IAAAB~%u6
zhw3kBKA8*dJ+yZ1TCL`1Kl@pgcubx=Sv3Mo-6QaB*C%BF&5!AVm5DjHXTFaC(h8lA
zC&nuiK9J|b&VaD;B-h#aV81xI6uQqYxo2IIY-tOKA0MI{Mt`8~Xe>h{`7x8}z}S#D
zxSMeoR)wZO{o&{1i{$*;LLKngz`N0hn}Yy;@HPw$46xJFrXU89bhKmyjLpeBm_fc*
z9Wl{UH3bc3FCp+u<6aEnRg;7tKV2KzL|u_{M1F`{s$g|>(Y-DFt1n)x=b!%cr*hFn
z7fEext=^NCaj8KES2n3>GJQHQKXFVp(=hvwz(DjLky$cn`Y5SwUnoV5i{YNN4HDTd
zES5u;8<WAU(7j*ko+^LZULb4QoiYL{H<j5wnOK%3IWSJ<iZa2x3STD>ieW#9kZgvU
z>CW!31i^@~2j^fioaJ#r%_pYJN(AB5v85YV{30)hv@$2C^!)U#PC33NLrP%GPE{^;
za~t-J0rC%uB&sYau7F4Ub8PRyPmhLy#*;Zj6ffGJ(kT}h3m0sF$S^udBS<$8pE3lV
z*;bT7wJ<x55j+%-p*9NBQW}p;aqMm<B<L?N5%NvL9v-3Msp43FFC=oa)i%H?3e3|~
zc)(ixeThSB$2Iell9pd0Jy7|PbTBMnim1ZF_YV8PfKU%D(J%Y10+w?S*M`G{0W>wy
znN=}DI;%e+`I{fW{vM;iSU{TPDH3Nz4f=*l(h8cui1;P6VHKQSj6(+lqltEM#3K@L
z)rfP#sgjva=8;|LP-ill-2NFr3{dia>#euSrI%i+wvUE!<d|sMkzq<ddew{boGeHq
zO`2Yh2ke&R(?+qgv(sWaP_m(5%7hG9P4+D4urVNf8GfWZcwLW`y#@@_Y5BQw`WTO_
z+R`9zHFje0CoGw0IIaUwD#Fi@B%cFy7cSZ`fK*}NKcO&7PO2%A!s0C139)%TMtE*E
zMKEPqcm4Y{9i@M<?N|eWfovF;H;y|^qATylya7GOd=XkWZrGW?q{MOPbxH&h^`K{j
zI7dvC4EXUUp*M!o15x*5y$muQ7him_)YQ}{Ds~ewG#cA-kbwku;f7YZeMwBdH+7_J
z%q)|fyz`~CsU91_!7c<FU3SDXWo@%do&*Ct5fjx?%<-m_WXqUh=x~D$ae``SjoN*H
zK5@mp3pO3^!YwQNTn233(is;K=_M<I6)*N>ti?l$f-};ngd67=$_Qa5T>+}QVrN)h
zT-7O8p9o!k8}^F<wgFI$A0Uw}qGt>Sbc|s7nldKncZkTgpp8zFTxcA`NBd}eoRYw<
zs`pH5T{DP`ix){;kcMz$!gkp52<$_mu;bwhIF+%i-jU47B2l|<_qalD5EoXzdx}O%
z#5Z=ghc@<<;BxU!{-LCwaRXHUXb<9)p81bUWaV$5&NC7DU=oYHYC@UV8nN;?@l$0>
zaj-`b_RW#PK%$QomsZHSDHlp;=fAO8X%E~eLnV%Gz9UfoW9I=A65INMbgzU&BzqG2
zXBNW2w1(c2wiB>>dd+d#M@TCNdqR4oP<1rrYubp?{@ZWAUDfyberBxeJ*PC`1_xwN
zXd{`IH*{3)!cZsWBBH5#?>d{h57havFd(G$W*nfK%4J<qd9*n!&jd)yopJ^?lDlDQ
zwVbxAU0$eb!Nx8DX#%0`z<?0M0aa+p!|K#%h|<&j>2ltPe96ntktaLj@~5p483Uc%
ztKlE<Oo+$}5t)1l#|q|d!|=oaJ3dz>vuegm+lZT_aPu#*sx%#|N>Gg<fWSL*rb%$#
zJ-ES&o_`t|9h@iu;%rCHd}%-7CsJBbZH3vtM-&5w7-wf^t3UMd<Hu`xhJcypN3;_C
z%$$phoml+%+wy=^1u;>?N@PzIM&B`?tmsaY2ba@Uh!awra9QeyWEKX?vnsQ((H-1s
zqHj_vK>}kK4;quFV-r+9D}a5$DX>XfvZF(#AGA5)3b!&E)(`qB?vVv=;fYu6MbvdF
z^6cUR@XU9=(;=sf@k=!f(!(gv(9nLq=CKov#NL2j1Br^P#5omlyv785uhGH8C+>Ch
zV1|gRz%#-T#}B449g?di*oK7RctAKpW?}CsnjaSVU=QSz47h{Oz{HbXgk6Zt$nG;5
z9QlwvF}Wj(LK^ynqiUkGjl4<<R(%({Y0pu5=Wvgb?#I3*&ipB;JNB&U+78#QPr?BG
z1XPRaJ3euS-j=p;cZjnL%nLG(8)nL6Zl8}R21w`l{Z>q!4G(Ewl;VZo26GA<M(p>o
z2V?Bc7e~?Q7{8#Rh4IP}d{Y|6+$x!~FOs}$#<iJ`Bic|$Aafd`6O6=TUt=Ag8(<t0
zpJ8U4G|va)%sQERnRj5l2D5JOn*kv?$9t(5d?{9l9&L`u(?J-4#?vHQKQ@u)yCZTA
zi1?)=3*>Crax}o`Z#{LVLEt;#fg}s+S~M6O1%uCG7!3NrjLd6`%Cp^384YT?CG3=M
zH#=ljdq8e1fOG`z7;`W)(6R@kCG9fbHwMfHP*PGR>rS~rI$JkMX4|V^LdGYU5VkG`
zbL;}FKqXsU<xGbf&1=$J`6=<uyac;WWA|e8Gwp=$yH<7v`@#U*i-gJ;<S`!aO*`%@
z-9U%4E4V=$R@VpR>1`3og(^-vCX)r&*_uqm$h<W9&g^uVQSN~uvqRcpi2VAN2=@0#
zmy#TKQNtj@VT3e|%tsIC(`L98Z-Pgw@x^{HA0CyA6o8&hb!N%Z9bJfHsg_zQJXT+%
z8W`1vm{%OD=~O$VWW<T<2xwY0sMnVExGb&fks9o6q$UXijjUl*9@`bIV%3<9!%Ip5
z$l(E}xWGYdlldTM0_$wzkx{fVvKrVV)97*W<5_o4Ou(bc*m9qolINEZxoJ{X=#?y}
z13TPU0L#WM<!-oiCc}vM^wDP>NRN6sK&K+0TX4n+dx6y9)%t$?@Ltt1`6BT(yek<k
zizVu*LO!rn;f~ompFsVv$dXoo74(yE&0W~N;tDL1wyKXy&$J7%BYURyQJdbe(FP6-
z{i8Zf*%_D14qt}kynVm;J6^=FRE++Fc7bh~1D>%UBEdauiJ$`7eEd(rd|WIQmDN^d
z*>`Oib{ODTXQT#wRi4j#GayuXGGRkyoMe4?nEu??y9{JlDuq1ga!J4WIkkZp{}U3A
zpFxo}0FiYDH;TiDMlmtRh6qODB|RAYvE5`Ym<w;FSIXfRpCW9N2NA-R9n1-2J612>
z1M^WxuOTc06VF^21TF_{{v_O3-k2Gcn~U9222r(1f6$e;6ATFqu>Vw#ogf>|{))t2
zPM7S4hhS(q1N|q_HIrvd;2;%|&^yvp^;wCZ^BK6ltF_+2Ch7yymZ?OG*F1(EU}A`g
z=87#~T)}wscw<tJg^O&zM~*Lz$O%<21W(UaI{{Xo3(03=56qn%BJ($eWOa*6GST&D
zK;Mi_?bc&Ih!E6CLAG#>{)aUA*sv}Nn#a9Brj<Kn*^W+ZSP0{D(5Wy8UYzy^h)8J(
z_eNqOmJ`J@WkPsO!Ulu&W!r*s#)P<VCtgmUH9C{nuqOt9ON*&UV2Jm;G|UCBxky1Q
zG7ORgjn78r!UZ9jhSwU9$OGzDxb4O`H4%)*Wn+AD;+RY+haC{C+Y#=RHXQ93jaK2@
zgx2juTrb+Q02$@soCiCTT%5DOwYow*k^{R9AKb47)3^(aVTxEB7?tWt(sbH4BtHKq
zl3D*(iF>A_&p;`edwv+;>N)aog5I@`_>8okc)etm;JM<#M6%BVi2+0ZD9P}gc8Tm5
zF-f|Yy(r#I?}#hhAkHB6{&1H{6gFjn!jTf2bhZ?YnF6m@wwmQYw$qU)t3P91>Vh1v
zha#AI^*#?)UEdc2LYm(Qrr`cvLHT0`wxI`6h601?-*Uhux#h|q%;;nR)Usyzo$#X%
z*Mb-yI54NqUpQDp@(sOdxL*&%<aIDCd58lRMpt}TmK&n=0+jJvOcolj8PgZb+)@iB
z#D?LE0e%Qx7<rAJ4$*d2p6q&Os${KuOx)NV-9c3=7+=Pr?huEIk*>T8rStgDihssA
zQc+c-4D0ZH^Wj<Z{t)89dNb1eG%yZLSiE>|D?K2Q2svbNW0!nlR=Uir#EKMx)Ck#l
zGGz=97w&I**`$cf+aU7hb{FhKf?zlTNDbRFH}tsmDlVH4#>s0w)Uc?g#a+;+Rb<J^
z`Yzc8h6N@eSYcwGn4p4dp@BNI#39v%>J{?nL?yY<f_)Ap2eaOL>mqVJ_Mpg2><gmB
zApWrc{Pub5Z)I^WJg`mKU~Fvs>$OH=OA&B342NC=@jB2jJn@_-Wn9ou2=pR;5UZ7^
z)cEA9r{>AjD!;6Ue*Y7(bXgR}PRJ;S;}y2+vJBFh6%H29Zp8779@6O0%#Zp_gkIkn
zu8>TD$0T0_3@q}BI6YcC(=e}$k;hAm?_1Kf`ZUQ|^RRfjR%@n~^$>at>KDwOF0Ipk
zE};o?C94p-q=T_G69;5t!ysV5Fd-S(kahI93DQwjD_xyezzn2GLfsweAi$Mf0Q!(E
zIayh%W~_Zx``{o{*e-IwFkmDLra;~g#qX7p83U}}V2<gB#DI|Y^LyF_^@O{zg7=rs
zm=uA$#y~Vfe3&G)7+?@F4Pmcf@1!e3X)+oN2-Of21>{bYj1wJ}1cU=~9ab(EfeASg
zV+VE+;X}ki{*bINMKK19f3!PPrQ*vKUKyXhdxc3O+dsnw1BRfxVNf~}1iiJqQd;WH
zmyYHg;@GuD903^nX5_&I;#lz(mPuvRNXzJa*u0@#(SgE%PVTS*-H08mA8isD4Y9&H
z5R^|$bjhr0Oz1eTOVF;~^8s$xLBsRYM@3}|)JPv(AA~auP#Z+FRHqX9vq--U+hsGK
zf-HE+0!PD5@1}wYS-Y!S*0=P)co|F(W~0lX-lelmFe(zj0p?^BY}i_nh7;Bt%tYI;
z|HPJtpp@rPk>}U}4t&(DrsIfUkoW{b0Q(vY6Hl!M<d{Ke2bqWz>4Md`T#&M2Ge6}9
z$?+wJ8f!e!do&2`GI9~W9-QMBX6MM6wdt}VoF;#cX3A=?9OWp62N%bpXtX%mlJ*yr
z?mICK(T<Jnorbnln|O?AE23`MgyT9WW1R(;&afPkE)4o{wN0^VNA<o;7?cMJt7O;M
zQ^eJ}LtM=p#o5ye?`#DUE*vGX>|*g0SHlE_JG&3f$&BLo82d@~QS{j?*sSu9;*w;q
zV^=dU*b_Wc5Bq%NF<@wzDT(*=&^c6q3=xgc38t<*o9n@-=Rq?dB<&o$yFrA1y8}DM
zwnd~60a2(+QHo&^cD{<C_;`j-vkLLw?TpCSbcd==LCXp;b`KOl1J;ckvKh?BJJ>&D
zER>=nAm$8D1>TV<DM6Vp^tdDpm8|cSi_~(7(S~7(fh0jk?Q^rTC3nIUZ1y$@JN}-o
z9<ZEl4|X;7>gwaLd_lX?1A+lVaoRvXV3a1!pgGeZCH>&>nK}=}tx6yIsto6-T*-zB
znw&W*F3+u}%T=h;;DOFxN%R0*y{0?e9jzgiq!hvygk+EL#+71cc(_h_W^0$6T$m=e
zjrU0vY))u;u(c&3e_hri53LW$2rxF>OphM1NG4Y`hGphxTv|o+RlTDsj02tv%*W=9
z8)Vn6oigqCnYzg(2Wzg*?OP&Z#)8C|_(~!z<(Y=@K5>vyVVE*42_zHuc<#V6y5bc$
zIY~#`kuiXSW*LQ1W(QWucEH_oG!T$9Y%&?^#sRgtIQF&D)lM|56ZVTvI8RA~d(}8L
zLydbqlIi!!NVs#xE-%X9bc1`T$GBgFF)C5IHL78ZONT8%di6w!REz_IGY55n>Q$N>
z{gBKVIwKhu8VDs*;?jnpfdTX>GkMeQWom_P$DT*}kvg`S$M*T?!+@E{oBqHzWZQH1
zbkeoK><6q9%O`E^?uH})K>B4M_1c6D)cK$o5dEl7Gm4s@hAP5eT4Cgg>nL5N;swo%
znntjY4&xjU`D~<n5i65tW~WIdRt&AU)@w3f4&q!O+6vXHc~D6xLm2SYCop~x35wI=
z@-Hwz)mUlz@(90enBFJ0hG8JumVWo$>NDN)o6ff|{c9M$kzM5hzyK$AT&dp59j)PI
zkE%0Y9_N#yOsLp|EY+v|RfCKMOgW@F-zle5q{+N3knCc?gp7*;UV_xA3-S6kc-O*8
zN*SaV+=qrsAjLU;`C5rXE{0u4DQF$(8ev)$JZFvd%Cy%z<?F9?N;Qn#Fr5X_b4nxB
zQw`13{H-KM?JwVzdvt8syiu;b?0mWDlb@B#uf9&kKmy7gyi+A2*2Fup3`NA7iMU$r
z6XOWeaA1y)`D2itjGqW&cv3x!x^iH6kRm{41Y^{*;1Y7P-7?zmkn3FSGCt~(*BaYo
z&HA0PvZX`TlSAdW&3v>Bq@%zE<&=PPnUL+5+7Tr(qoz>K@WiDY<5Da7-Qupe?1EF4
zQ?dVx*^n2hn9yo>)Ps@~mxq=pq<45<<ZrnjM;X?O;cUZD!$6-COEei<&4yzO1AR^8
zqnPM7w>0yU9((|eA>AEHa8L}0srV8w2=_HW;sNh3TtTAGbql{d<I}@EKTLyj>#0Mw
zgA-hj)yXkXnZm}kI<T7$l`Bu&H)JjJsH4cYKg-=AFg{f<HvC&l6cP{&8fAWU>1*m~
zpNA<1(02%CQpRg$ryKbI06+jqL_t*cr#^{2AKGAJfEXZ6!Kss~PgHw?xMEfneDxm$
zc1W{e@&V=nSs*2ul2isHH7hb5t)N$3pjTD-UdiydCEpv74^M`(4KOa<n0zJympQOk
zyLnEQtZ4|#Z&wAtgy1RkcHm?yIY80YB+>noNsqP*>pOOcFCD5YfZzY}9z8z!x&M?4
zFa5AgoH7*>5iisQA{Gq*?hGx^GsYZ&lt7sYUMuT|h9bH-zVfU{<OM(nUG@SV3^Rvy
zML&Dli2pPs?sYrDaz(aNCg;$W1CpsqxJWLqlC>S!coJ>hhSj%Ls2+3kLl4qqL8UGW
z{h$nE+Jsy$&ae%F2PCQzZ^WJ<^E=}5Xj@D^R<OHt6xRnJ0jp*Gq@4SRY6lG&46r};
zH7=R{+SjuoQ+c~0hZO^+&6z3No%dAVbyJd=q&<hV$b-ntqJ5mJQ&Y+G%hWm_L}rIA
zYQGr}(nh{Q2L|^0w{^>ANGh_x-GwR20g?&kWfb{3YMWFT#9{YQf!jAB1(}uwTM!s;
z(v=}IWh@f&I=H%A2<E1kObxPCW=1o{HPUl%P6CjqA+!sD=;Q%d!%y%B<wOhuDY25#
z?Tg`u0rQazzna@M9xM!y1_kJ1ijz*zplnDQNDp>Xq65?n5xF3qjRg(ND?!utAKwkz
zfu3Mg*4KB7AF4MuOocWN=G6gcfsuJh0<L>7d1ZaBJl-$AU2Pe&bHdyKwNq|l=!2Wr
zFcxX7Jsy~{cg+v<7W;eN`<Z#M)Ji66+v}pQxV`i1l_ZJr)Oc1tw432-p)rOmE-hDk
zkYE1ne}%`#Zuy*i_{wW#>~Ryt=l3J09;+RaSpjK=$}5V<gfJ`-Au%3l97;U25%EmJ
z8INGbE#70#59CKTx;wx`{<zyABRiuq8R3&5#Tu3ChAN#~%Clo&PGR#wwJT<UvME7P
zM=3nxz3LFqfd01_`_DWN$=1$@OY#ue!g4QMqh9pb#zP$=VB9mWsP-jTm1BQa_s+?8
zV!<{HHU`)(9G`TqgUayxHS-^?GE<^OF!A)p{yAzfpx>#|8S51}$)`!d#&C~3(bEKa
z!7qF8fE3aP71T>$UseK#7~C+IJ#?`9XTKQ`Ru<owyxSU(*Fc;zz#$mbD+{fNk)WO!
zUaTO!w?0IMq$9#(?Gd>I#C$aN{lMF6JjNg|vK1>#FG1&a1_-w5M{9<OOcBSDq-YYo
z;}x{)#D^#=vE=l(9Wj{%o$L$}ZalL}W-J?Q4A>YrRxn_ZR=h11ExIx3KPXxNqJd=6
z1t(f$1e6J82KxY#Fc;`e7zWB~Te>CB2eAewy?xOhG9=t^a7+<a@3EIr4;EZlSTh(9
z?isOS>0<fEV}F%&+7qM<X1$9x?_<v9xw$uI6W;s0zvugVb};$$j+=VVcT01*q;AtD
z4Q^`K1!g1yJKi!4|J{8*6CNMF`lIs2uY6rRdF9%M7E(EzCw4KSsOl81$qgu@q1oXF
zZ;@2B;w|o#8#JxLw@ifV1;Y`>Xt<*9ft_f_?T}7A1qpj5Ho7i?G$s>utb(Lt4E6-c
z1mlUWCGDt22aXm<Pu4>+vKqD?Zj|SQt%w6U#D4Z6D{ItA3)6Su2<5=aXebnvU{|X+
z8a7H=OC7e4fI2hmKcaBsDh1Wz&Bz9G2HO&-X(cnTvax>$3j=6h(uEM(xVZ%zEAQGY
zk?rfC7mh^*^lN8fg?P)yN-lQ5&P+)82CJ%exdVp*qk_f0VM!UBvIz{xec^5y3wnfQ
z6#e!Gu0~c#q-oqraXpTikxVIr{T<CBD4preI9VwM?zdkI2<WHM&KBsvKDwhDD|TUs
ztZ55E%9^0A2^zjv)j3!o4)fq@Q4t98Qi!w1!GlZzbRB4n?!n-&6-$Q8I)YLRq8&wJ
z=>W{U6GVHjmP-i_BTXJe@(Vg(z}^;=Q}eMQ&|Vd>1BMj_5`D(hS=*C+$p#w(`@sN-
zYL17KQ_>EHyuCFfvqxL1KKn_Qe8e7xd4<$Nb%ri=na#d{k4V|9GxjioNy35Bkf2e;
zi>o=X5W$5*G7;d$-XU2zIWl3=Wc3WSzjF6gpWzZt+OE3`Cti}CuxNNrNx+V6b^00;
zCr^{<C!8o*a7qzCyxq-!D-52>V2~b=(V%g;UMJ{-g;on4v=veBQ;dtCz7Wf_3@4|6
zYnqCy>IANR2zR1>Et!64LH)MjcnkI%2^okk%IP2ui4K<JV0aD}DY&MWEYwon&{GCy
z$>FRjX*E#quBPqcT=$0Lt$tQK9qS}5xYDYkGee@@F%rzIk@krfN~m^*_;X9F_qMXI
ze+Lr-=ogL6&C<Ahp?DWRA?YnE#T8s7PTe@th0P^LO2Atw+a_Ef{wb$R#fVx<Vm6p{
zw#z=^7|=N@O5vH`KB*Q-eF?txavWG%IO28KR{^w^BNM{SQ^_1@9TR6=WZPH5BOKl@
z21E%aDzY5Am%j#2R$fX!fZ~HiCmE1pBzgr*!pZP^UkY`pAPBV^1IT8mUcCnOtYQoT
z5ik^c<;_ZvJOgRHf%!sHS2jcE`fuAi<@g+UB7yz{V`{SA3GDkJi2;5T$&Ud<zVEiP
zTXje_-Vmr1Ndp(Uv+0%_-+zV+5?81?T{|;Na(oy7Abmi$>H|QK!4TjdYETZ@)*6$y
z04+h%zP3js3)}?NYM6w*E)_HkfmDxSza=x#0N3I5knoNxvE1|OqI*gr=1+I6TU+%4
z>NyazU>QAwuC=hQQB`%VRMm{!yReizj)qH4&b{y!_4;cia@P<3Tgoe|WYdOqQomyx
za8M&(`o?W?>X~z;q^w*`0k<@?Cujli#0CWVtOj8#V5q0~+~`@8IoX49Fix*D8i&CQ
zM_SUF#3kD^it&iN2!XbV+*^i+lMRXkzmf)t2QO#?NofYhLte9D%!B=g{ldzIDR5;K
zrIVA69UCR*^<PWQ#=F5ojf5~K1Dn`QK!1R^rDw6Yy0?HSNtcXWPf5#`8>QpK>m;je
zH1c2>?;rM{weLT>V=9O3J9kRQ3xANp6?b6nl7qd=veDLgSh-lQ{l*nsAlZR3$$I_Y
z(z@|dS%3Pcq;~R5U7R?k5Os{bEEgWk{Dt2aNdzbRv@wHXEsnu~1oaWPW>K2NdiIup
z3>H1;7Xw1Hbwc{_+|Dj|eZh{uAc9dG2^y`0)u7f8a_c@B1Gko16uGdsp&Ppe>Q={P
zdsJ7l9eHnn^kY>|Sf*eCfZHT6KSDAmbCC!)529d-GQefN1@*8ctwA}d0GrrZN$uZZ
zfPvHxpa)CP?M=HR+}Wn9iB3!|d^!1&omZ&RGQLh~{9*8Vb`=K*1Dqq~V#8B1AXV6d
zVg9zTJhh}#Za6s`_G;`mI^W#0HlQ1>bdS2&r9}40HDRfP?tT^aEDC`DG0)z#gk*^B
zTf>-W^58(@0S$U#vr|qO?Gt~7H7_>l7@w0_+J>y`aLLzB$dl%dZu!mnHYqN2!Q-1>
zBHRyy8-yI?z;Bll52La`=A*K@M*i~~-<DI(m@8%F6^hRg@ZpBNMH1L}IsvD|18vM}
zqKmtp^IiuZgefy(QZWJ!K4W9>R>9mOfXo8cDs}RZ2(}_J+#0vYP%w;pSg}U*!Z_9$
zg8_O}mcrPac`LiYa`0|6V$}SY47;Qw)B-&3+*K#JuiPs+Tke&Z?<Dj|=xt%M!g$B4
z;>evVu9~kQ42y8hYoQCcO$yfB0oAOabe{fc-H?zBob@s$)Bc|g-82)W{-?BK5(D*(
z4bu7CZ>41Ue@Wao8;mC!I35&7&S<pV`4*DU#<9lb_}CjIf9JE(`fRgoa@{VYCQjSk
z53HE>?@@#Sep@^U7PVmCz_@^We*Z}tzz72frfkwJQ%9bSBxK)i&yRd156FNJk$iz}
za0LtCb}|+UDRNWT5381lNTQ~QPc(wwYX<xQ;1olgN)Yq6TYF>@Bo$*aJ@OtHhW8*{
zsR7ZAML@h$faRFAa3%1Xp9!%dGDxK$NV=^jBrjoC;%T{<1aQRf2bfM{6Xkv&>xe|*
z$}|S%o`CGyv|7UJ7K^8Tskob#iz^zGs5?X2i>6Cs=|u65pCKicHEIaTcC*{;h&0Hs
z%#?J1)FT_x4lXwaFi|UkLjT8K?u3^rmz+5+9eUe3H%z=AQefih03)$$<tos&9$C3d
zWd0jr8H<$?s^PGI(V!In3M@m(8wohB>1NULEFzMJuy;1b<e7*^W{rS;KjxJt9cdru
z(kmMrvUVd3lVOZr2-TjidV^Bb+#@Y(3nja11ge9&YXMeyN98ZxkM9}8{u+e4e*RlI
z{miqaxRlP<VgH9QhTve^;H)_3uZktu!VCcrS7ulz&KOx46Fx`lDDn|#@JX8ylVKuP
zle?8of}Sud&5J)wo+!_{LC#=0@#r*nL|o`&Pleo4jW`^G7*lByGSGCIls{x%9MTi$
z65qRjmz>RDKGNr)n()gH=0m#YOWN2kNcvgVA_J%lBH!S`M<u-Yb!<#{s^o3FN5Tc8
zC2;b!;)92<gJnVttz_MJy?y(3si>&n8`;oL3<O{Y)cp1fQnK>DlyO8)1p$B*(+gXV
z>wbvE1K^f+Ao#8W^L`_dHH#$T8!fr5^QCeAgR-lnQc4O77610Q)lZ}klW6>=QY9dy
z5nQu~AiNpZArKhOoRu65@H>%;aiZUVgY{7fEvOi&tEu+@S1DQC0T~cho=95@3B^vV
z&Us0|V2r1f94|vqx{gcU@vz7?!*P{}!+3-!!txO7&)6~e+`@D)AwJpC5s)X^0x}ij
z3B77*u1v?|Or$?Jo60cAT(ds<$9hF22z}pWQ1R*l!{i4cU{Xfi7qHV94$u(keZ{rI
zj}!(R(twqvhPVDLxr_cJ`K?cbh*#mO;U2~KOnUI?G`%A6)os$T{2JLX`$nmldXi*k
zW*(^u+4&Ab4DdV0=PY?}L@^5*5pUMVu$wuE3c?;<>4B+$L#C8PltH1V8j=_fHji8N
z@+<O}v(6T4IxKP=^5JB%FS=m}ri!yu;usQDjj%Uyyp03<S1bKVP)p5|`C@vhVtJf2
z4yG{j433kZcwVaKoCfC}gS&AR>vbf7%tr(}@=lmERTeB=r)pP}V4Gcf&E!mnjs%@2
zZB8Njs2(0Dan~PQqmel%B&8u}cQPXen2+X#_-0&UQnIXIY`CPwUj>9~+4>wI9Ah+q
zQY;7d^l-@KuCR=DMPz;u8yIT7i2@K$<04O1N3+10`N#O)TUScK#wR82nTCgGdD^dp
zTOhWZE14I6N&@fvTLO=LMjRw<=_TUu)u8{vPjlK>$yxolG>)1r@v4bh&HntD@y+0L
z&6+iG|NZytUMqLqb(hxFJnK(>$6_2aFW9wplVq-Z8uNv*_?GdFvQNZ1#o>qQ9Qt3^
zpRbeX=641DB+!1<;_!gMi*`%QT`SpJ9+S3p=SpGzTvg{g7V&trzcc%Zp%eV>sg_xc
z&TxU#t@amue?w9R5*MUQ9CvC#y9yw`rR1J-X8lE-&HQ&D>txC@<Egpd<4k0+@>G#}
zqp=(6S7FQh6-Rk}l0YX;dd0|qBy(UgV0hx1;{=WTXz95TQje9H0oeqjbS_QCJ!#+?
z5y8ag1qr!ku37K>lZ<O2ITsAbhG0ZiwFjiIC_}UAoyc?&5?&&o8(+Qj(n~OS%#t~C
z=2&V!2)E(LV!#mghNeboc<C=v`rh}kN|-Crj8m;uMD_)MGP3R*G;l<6nqC#(^DCt;
zaGQ)c`CQw}$dPTLVU;^RXSMSv%XY~Jsyy;0)USe=*iOmvNkvY&yt36P%No*TY(6~{
z1z|KA!GeXz=I2-F3Q^6ZDdNCRv2nwRq`p1r44@79#UaY5%*jpAslADl1DhO?1~zuW
zb^(1h8??m4f;Nu8RuyTj4CA1!@vL;&wR)*EEP6+(X3w$uzLs|M{?G+)enA1~Z;{ep
zzG<Hm;l#MH8xtnLV3Y~TL?jwW$B)FY#%nSp#t5C9DC22T#^(hNp7b{5I(6hoJf|H<
z0O3@<I@=RL{}Fj7k|z0@3stUgVP%A0{w1n~czm~TI3(`+4dQ8g4K(f~NZ!!V;1V<5
zwOZ28y-gx5P11AUXT&)g2_b=V_(odH2Xcz1Wr?@rd2wyIR>BqI)oneiwJ$JZoS9sZ
z@p$;*hvl~0Zqp=R``Xv^Y~t-JA3NM?QM%df*||jucRT=z)GV|eK4SE{IGDq<3@nu4
zJCC=$tC1a9wUCNHnir+^KjL5#>W;35_;Z1DOg>q1GvHd9b12hiZ6ptC4Dj3Lca$mt
z;R{jXQR{HatuAZ=q(p|HN@x;i-tQ007p{b59}!I)KHhgcG8~k6aPA#8^D3lZy$6#9
z?3V#Cgt-gK({D9(OE`cP8xY~WDy$p=UOx5x4PH{i6ooLx!RTCp%$Gvy(TR9#I)hS)
zdwR1nS!q;L0p>;VJ4f|oei~>+OZ-yg<%ThOJtQ@+)x#J)4@P`Y#Yl~5R)m;@D{k}W
z&zHad{qOR#pZ!dpei|$9fW6*NL+zi#jRAhR-NBGFzB^A!-n$cvffW*UVkh99H4<y9
z-%X#%3nJLzKVBl9O7TQmr0})>CtGuhW$cWT*(GhTF_6RnH800hL;kP`Dt(cVoS5wu
zKQ;l3fO+T)yX4u8B0pQ&iOC(-h2SykvW-!>7^%;|!UgTYW9iAY@MNC6h-1R>Y$JTS
zm)FP@uvKtF!fGv;q;x<K8=Y5xkp1=57bIiL8rY*1>#9>SGw#BwR0)FuY~DJYQTYc#
zoIcBYAL-T64*d2bkn|9EeIT%Kf=QdQiiy~ojKqORClkVJ>sH4L9V{3rfp5(O*BoSY
zpy63l;LN<OTUN&$iKocH8u!8&hc5I+WfG(x&j;PIA_`SH<i#<KtBhI{&j_=Mu?nC%
zSrqPeGaHt`*t{0i3p19+BeRiKS}U>Eddax$8F7`3lE{X)CGfASF_E2#IGEg`PH8}w
zySo*tePCQXM!sfc)BD%pbk(X=^7!MA%QwIIO^s4rT`gO-Y*9~Z3@{8z@AUTlo){p*
z?5badF$$AO?K^zVeuc)v93w5iLNY$S1YIyqf{UJ!(5qjDUC2owCINIY+5i=z?HVKk
z6+8h0qN<jA7Gd8FV+?q`Uj3HL-bUtC*h9SN6Qn1G)R<=jd1gIm^FirHDsZmLIq_h@
zei;xVj1>>!<68$`^&VE1D|QSd7>w#YZp?d_=S<Bw{9t)zI1U<a`EkDnYF(SVgSsIh
z_XxrKfRU}Z8kva_37JRo8RHQcwj0Rh(IZL#bzIyMP~*_uPpvBw+@78uS+r=8+;h)8
z^3X#MC8HQ(Y>0RAfqilKF~Ii3SGjA;ddYt4*HCTnLq!2<GNEnathz{CbI(FsVn|1v
zI3_Bw#x)Y%_zYH*dnD@06K`Oxco#k-^_3%~th5weETO-B_-ktCIGiv*`T{yKzStv`
z*wK1xD|V^I&VZaia)H7Fir3cFEhAlU-HnL@Ed-qoNJQ|CG!_Iupz(NbfK*2B@skFo
z#Q~1j?@NbG2h?Z!T**X4Olax8H4XbZaBI}W)Y!@=LARJMnI#HD2)Y5Gb$Lwu_KVIE
z@kA7l1oo6!P=*14e6DSPwn(l-a3CSZ6NwYdg{nItRA&RsQ1j$ZB0gvhQ&{0Rfu>k=
z1?_~uMhtwHdt-7McDwJu_2w8DP^5@atcB;8ifUV09<UO5@rl+C=TJag9otbpY(7jO
zxMEeE*(Ku4%#-dH{w(1o&q&6_pTRi$7YY3RDskjdT7pqCtw_?kcWOS^AcPqsvDTQm
zByzMEr4=hy$Y1~ZSGoQ6+w~dkJ-Fc3-VQHYfQ=hB%7O(8G^}6kps9|{A7Yrg^Oeop
z@a@A}nVIOoX4T;-l<2la(($`*fOw>XksKxdb8kW$bxQc%@4%erL@=9B#(`wt6K<4M
z@4YQCZ#Kf%b~YRh7~uC4fIS<(uRQGiLMFs~Q?w6k?C!EA`MW>W0e@{&Ll?|)F>a-T
zp>e5U19`n)1_XFjXol++ZnoqCA?1o6g*i&@_*N#;9<?S>Pr)|h5t4Da!U#qHM72j<
z)9?`prxokKzrC`z5?HCJcjrgmJFr^R1*5TCsC8+^s1A)A7cN{VfBfSg<=4OdwI(Ys
zFPBnGVBdZB-Q;SJVMGpG5j(~qV*u?P#0MMNut>5y-U3k`gLVSL5$}fTK{i&D%5>o7
zpzRw!4XU;$NXL>NiX#guDsgP-<EfR*?axc=wyPwL_A?*+A=k%Fcvvx@Ut<ahIINlP
zCo>kwU8Re$&(Oywq|5DZ;5yr<VbtH};>4<kZt2ECg$Ft`F`UVmFdgemf=sY}^)h+C
z=j$MbiDc-TiEc7W<f98CiDxDWZ_TwiC!*M=J}{s-;`qUXkb-07;)qR7^r>>i$b6oN
z%IH=)JYaf0H;3kl@hl-dVK6}-^9RqVy3hlLV=}y|odE_UAJN<4WAjuuyf#7-0+VoQ
z2I+bhJE$)NH|awBC?)n<S93<WWRSER%~;FPAI?SL<tn^sxrAT+9wxPLpj3p->}GyY
zf}Ah#xu%0s2lUBJT{Z0<Kg`!!h#>=Fm=BlBB^enRvVQ&gWb9?jmdT&~^rt;0OUZ}!
zMG^xXS3;OvR*o7i*OXGtj+?k~{$c=EaG@RB@q`A1U*8EPq*{E_&zA6;-+_@A8A33l
z^pxfH%c_;j<+Vj?#E-py*sL}Te+*cQ6b?D(oO2{M7wUNEAM7I@EI_Slte0Dsy)F5;
z=hrzHZBBaBg?W1woL78j$}FkQ#%@KRmF&Y>SJKTvg8effs1!FF+=Si9Be2nMWANsm
z8Bj@IldE>-izJp6NC?dpXeKWcji8s7z}i9rA8{5yU_@S;Gs9BBgqt&;@j3y@9--h4
zFdv&?TT<rtfbKh_1v{30>s#NFU;N@18gtU5NwO3Eym>S>Hfk94W678p)c}*HeLlPx
z;DFe;W1F0N`BidVb^})T;3oooL#USEsgcO)UrBhu-BzLCA3e9NkkGPM(HRlMfgOE?
z{m|`*NND-X@`Xp9lJ!_w@@HpbKpnh~>F{D{_~k~%Jq&48VP3A>_CG%ocSio8tgx~x
z(c{$F$NA+o*nIfV-#8$+P`~YM-SQqJuVt7FQm-5Q2gwq86Ba0Np#+)T3<rX7##IU-
zi(!{)C*t+MZp;In7|T5?A|iG&4dXK}tb~!wGhfnC^PI7*1s6+ghuxZG+0YvURtxNb
z9pF(X;GB^2nwZmQ3};&<@-SQ_Z#A4uM&hBSV>k{>4w(U$zf4k+80JYy7sJ?hLaKTd
zljA&bxZnj%!hLm`wG_wew_{FO2QNruM(F?Fsuc5Z3QR_Di~J$A2<OyboAr4J$i|TX
zFfY-D4VLJRBXTArx<RPwa6tzBn39e-)i`2p67>~;L4gEC-@(+_%7?XO)d^QzafOa~
zPd@pi+<Wi6^2Qr)VDA;LR8>{Ux^?U1yz|bJAOHBr`hD69ZWhk^`XxOee$+$biw{a{
zeM>?OD>2TXAI5_i!<?{DOfQG=IV4n6?Zn2&Nr0mPXS`Vgh;!kGua}!YU4#V@E4{sN
zmc-JqyfFQv8@7W>mMlq*cgm!K0jclofayYyl;NAD>u&RX4&=*{N?;pPS=`elO+B45
z0t|?nB7h#U{yYW?_RD~<QX!1cTRQ_fDR<+e;ndFn2iM&s4>U3HK*=Ir&M;Ptvzxq|
zSXN}cV}e95Pll|TnC3o_{q9prWD}RQ<3dwAYzsDGqA{a56P~-^83&><8s5#GJzH+L
z;RfLf5MlJ_(b{P?Z{94|U3Z<Fb=FzJ&SVp1MbDA@L8s?H?s($?ZEvf8prOEoIMOGG
zvo;Sp(a(wZ>|cW5!=>p0tPJL!fI%7_VF+|J5?U{Q==fiE^_Ake>hhF6W<{}o2NnYy
zOv$|GfdMIifpG&i7afcNmh;RA=vD<bJN@WnudHivLcPk;qi=-WSqOU>fh&Pp1w7Y)
zNO{p0>7wxQ4ov#OIM9>KPS_#rMH3C+JrbyF!`ac?BEQEzHJ~(@Y{bOn!5$)BpBncW
zl0=Hv($R)|T(Sj=A4;E4jtiB;R9J$oO*+5Se2WUy0~hI*p<{{S>{DMDP-y^=#WN=6
z78v9aqa-W|hC^>tuxc*ZNtF4(h`|BagflayL4Zy!@T>{XZh|CY4s3&rniXT97l9EG
z*#Ot^|LAc^6Z%{RCab%3s*#6g&-~F((z7I3JXsvew?g7ujkOfZ28K*VaK!@gf8b_G
z8-K0D>mL>Gj0@q8{2dsmqdK{e!JwZ-UD$3nyI5Rq7{u*SVb;b1tvW7Qcdo{AOykPz
zym|BF)1UsdG9QddW`v+S((9G|vp)=E!ER$m$#^iMJxUuC{Rt0du2JV>*y@((rYFTU
z@h0(2nj_t>{?%e05m9GJj*x`2ilrbsSD8{ShS+fQU?2_51~qJSVF}+J|40XvI)T=Z
zR&Z{bN@fP??b-j7(tsvXnro?uvWBP=>Nq4B5LS-FEQA&1P4Fm%Svskj4!DX$5^zN`
zP6qItpk9lJZtFI2Z*CH29RSQVQz1W-p0@<0rWTiG1u$%PJnK5~Bqc4s?M_H+Hej_g
z9Lt9hkd;SGO^xs%L8f8e9e3QJ1bN!DX+j2M!h{KO+;PVxi?T0{ECw2zo2C0Dt|(QY
zphRELM#o1Hg03>!(L3Q339We>n{@4fE_5}%7=FqC^aK3E4SP@~PMjzi?gR4DRyzB4
zKrql9v>ZyXjRphQo5(~=z|zllOyZ(p3=oh=)RC5<uTiI)UW_PtrGx?+^)ep2b337C
z!>K_t2=ki_JLU9~&z8!fQaH$f+fDt$L!{>l7fFsA(v=<XUi8X~Ps^!grEtj#Vvh%W
z?KDpEa3p#xBz6v24|R@>cz*6V9}+)zE5vmVyd%B%#3Py~bGIQC1J)9k4w6JT=>%u>
z1Z6~c!7!YZgTn<o9S@Dqczm7+XLN$eOIr$MATJKdniPx)AG05Dxnl;J@nje+<{&^9
zO_&@9nUOYB<<(Fc4ku(95oK!m424>e7?Yg=XE&s0-6bO>kT+Mn-8&?f1}}|VaLJf0
zk$1l@!J?6pdBt}T^?MTD_>Kgg`y5nGPr&O&VN28^-FX*Ev}PLm80t#th?Oxj-wTox
zA-qU&aj{B7=FXif&ph*tTzl=cQdd`}X^7XsSR~l1!b3Q~;3%`KTDmH(m7E<<OVm>Z
z>|>mYz$ry;srcqx2PWj(=rl3unfI`SUil*0btc*p_5g?%a@C0AxH;laFn%V_A^h5Q
z)%t+}(~i9-@*E#H(dUvqfxii=rS}8-V=)`7g_=-+e(E9#h#l*%*8^LjWN8PSwXy0!
zxXk4W3|IS-8z7|;c+HMf)<U+GJMNP~M1AtcdTf4y0Hyl8XL9DdM?U7ZcRYmm2IOTi
zKi1$ubsQp?Kq5;-^GutMTW+~UF1qL<dH(t5<x5}slE$HNI)SUWwgf~`aYTODCR{Pl
z9i*XCi(wrH+dTmYi+8*so>T4=CnjmZ1@}X=Jr3Q%Oyv+;+ZtkTk6U$gGu)ZBKC{8!
zAfGw$*RL+6Ne8-0ESl<7g&A>~RuYkg+p&5KNyc(WMRV{lgu%guS~`>g5y?XQiC{on
zNW)dDI?#?cV4pU&vPMRY7>xxO^iiGg^34)2M%v<bOCHn--$3YbnK_b;$u1cX1#`v?
zLp(?y0BzZd>#4P4Bm=9VeA3m`DX%5sFy};ST-jh@0JNJ(0df>K#A|W|Iq`rIId<?c
z?PKosj9}9qythOX48*|{oQQ+N(Co~l+@TVyc95ONI~?)?^!mCGb1KxZPW8d|18u!D
z?3RDR8&(bs(K*Vo2veN7AYa51IEH%4$4JY>Yozo|cu7hdk6@&V!9E~!h6JC#Swb(@
zpabSeyk{{a!Bd%xDe?Z>q;<k~!~<_jrq0ZDf55ShhZzI&^Yi7JYp#(q&NxFC+?bZn
zZP-5s433H`s$}id4@pMD0yv|9-3O$bbd?-l^pGCn!h%8s>cpYVU_KzN=XeFLj*h_V
z(lYr+QaEaonk%tAOrHBM*?v0IF<{z}XSS>P);Mq0xv~-jCujw~Vt#8Dy&2f|0v$tv
zRQlwC+pv&;7zBASQ5=<pRlJ>@_~<NdiMyHi35NRi`7jY^@SoZisVh|Gd0%<xD3qY^
z6rXE(xM!L~ov5EpF_Rk}ZffEG-;*4uIA&ph0hmrwSy?GJ-E@;&c;SU|-+lLq4{k6C
zjA!C%fc<k=F<|iT1M|?6Uo7$FK2!=IaPv+*Lqc2DNo>n=;wU~1Gs=!cJ=l3L;5#r-
zmygBH!1P~awVNRb8esnn8U~a?=yy42RZwyt1DzOM7==TMu>5^_RJ!3%BL}{ALtKnN
z)l%&~culV*B-XUqVD%~afB~GuC;{$8_t=lgtb}QV%Dk{r9Ym&db=bQfYM;kU6pCON
z0Gx28ianJe`5=VgDU0cC=#2quP<O#qSWY^=akM23Dy_jDlRIq>wi4*N(so|+AfO@8
zKDzFhWGoQIMo0VT1=BN*#!HzV@G%;esoB1}a9@Xp^}@zuJ=8(}8#|yEV9Z*HJwX16
zjR<L=&dmrz%pQjs;7wHwz2n*E@kz&oGo`8Jb5gkKhZ4hvgmEmm&{L8lV-^a<dm*7C
za~6NGpbiO1@J*?oez(LY&Bb~PcR^<y6x2^JeUat!pyL%DHuN6@#G4y^tPC6A?%ee$
zDS7w5u%TcT)Z!q;awqJ05J%iau+b?)#_U8cN$YuCnrgo+>8E}~3ZN3lzGm8^|E1e8
zhXV%80ypcb-x}ttv@^sCsl3B)mi=Q;fV2W-qkKzpZwV7Pk2f@7P^yJOIo9?Gi7M+p
z8fR7H%6;n^q!p5o3JeCut>B(SkS~~;)gCvA2L=(mH3Zb8!#!7}%%GqtOf3@0nPu{M
zB7Z$G4}FM%$RUe@VL3C?EvHoEh?n(EDUCT90zl*wD59nTx-mYtnGZ$F5&JRt&&te_
z#&M@hWX*lM^=jeeCEf+;$H})#T2ZxhKlQ(0-A99-Thb|0DGt~{H@shsfJy>ZuG#ra
zz9x=+wlP2qP$DzEA|@N_d*ngvJm`n<Ft!^6GXREwg9PXRCz@2%bi;y}-m<(1C-w0_
zZAM@~$UKzxFhhj|y>fdnDTL}4!n~NArek6n!Gu@I6bGLKQKV$n!~Ah(US2ZIup1%W
z@`Ay!mPV|c?OzK6#34PJ6=ET2W=+04IB&CL!=NvU2i;^U2t;vWVJRsgr6(*tu*kdO
zSk<tYA!$BN3i=#3Xcs=`;H;q0I7m~~$r>cdU@-adX))}89#c2G|AzEqaWqY(A7D=b
zOo$T?=7|ey-P2-j5TIpb<d;k5?CWF~+_4s{_^G79VM^RpgqH=gOS=MPFv8-DY?rV*
zLz-s&N+MIS>1qZRTvYvxc^^EGKJqY=4tt#IKMu{<l7|gQBWHX>>V27#x9Hd6>zWVx
zFg4ND(C=v1L$$g{D^xG*WY>iM5zlE?!T5iKRTw*w4M!aY_)YD>fZz>7kamyE$(JwJ
zK+<XG4r#+c1IZG~_h5V~%gEAt85&^fJ<wG$<?WLJF%fv4SePk4JE2<sZ}|>+W*1hW
zv5Ke&O^vj_YyIemd5b7pQ4`muK^TXPM9@bjKJQbWX@ta2?{E_R43Au2kuCo*p<HUQ
z`!Rvp^#z8gun~Ao?@Trf3<ijE7uqYMcA|7tULpD0{((&fM_?WR;*E{EqD@<+^KU<a
zkM(EaJ!T~O2KrnA;!aEm0}G^W+TBuIF+xMxb=VzjurbgZ1EeIBj9xM|0~6Y)eEsEi
z=<`P<1B?i5Jv^A?a(9HqJwZr$1Ii3E(VH4vWiH1)HLdU-qKgygU}RJXlya~S8ygTR
z5iV(Igx5_>kP*(Vm<Gm#YFpg*h(N|>a|pY$W5xXK^{d36PRkR^286N@PN}V!xUfMn
z!0(z8kU0~|<n!lu$WLF|f&ix!K{Ahh<|PcAvK_d1#T};=i@J~nY?3j-^WB8OU^hW1
z%xz+XU{nK|j17VoVg8KTj&?f@DpSSK^M51cmZw85Rcj!h$)uXzWWqWD_^b8fjmaPN
z%i`k7oa<$K#T3b0KTrHyUlnH*s#tJC9(O{W6b9#A<F1sh+LOdRVzOkyfZbv~n9=(K
zj&)}2dw)3{gQ?N3MTJG;J?jeDi5=-XR=+0c>z)yJum#^Q+Rl-V1qhD>Yd;{tv1dr$
zgcGHt2+XAoM?D5o84$iK<=VwQznnL6+-@2$h*;n^PvJp?`>Q2@w2Ac|EZFaioAi<d
zlq+}V))q=JT-x5!1h-=JBBNjtS&Opr+N9va-q)HS@nhneFms=pAD@}<)N2!mVX0-{
z4hZ)8+%l>#OO7kZWQ2Z!O^o}6ro$S^;Jmc7T-MIM9+Hm5;tw@T#FY;bHry1}{S&ji
zT~JFn5#4~(Gqg1)7$EL0c)w~XzD7JV&Xv3zh`;d>nfwlGCGE_P3Jj1+ki@z{$F7{2
zE2TLux#3^U(iVt89m}!>ft|W62Xo+vaOYx+8K}-JkPQo8mNi&#VIBl}!6FoMMH7J}
z=wviTj-M!Xn28#S#d8A~lC)4zvgig_Q(^858dZwb_II9pTs46--=h446_hC@5!pWJ
zq@EtliXa8K;jD2oc|@T+{Ps3^VR;K0G)=OhPUpo&l3_3#LEx1;l@r&*KYzh9=vf2E
z6afF$HDcis(e*j9(Kfc^<qTv(PSo*>AFgff#QhXFDQH8ckAVSUFClwL37Rq~nm?0S
zX>o<J=uu6t_V{6ZKO`E_iKj_V)kNv+x)!Qdov;_^ka#*I9av#^W#mc*HYemJh=+^$
z*rO8m&B0?p+cqxQe!pZ*pCxUh#!GwC2c;YCP2*i~sN#c4mLKhwl`WNp#Y%Gyz7RXb
zaKu1gbC3uYypqI!D7+NunbNkQP#H_Qyx*D_+R5|rCE0rHH-Y`o#y~$Yz+s+)^N1-Y
z%EsXLB=+yyC9`J<yu;MMr}|iYDG*&oF(ITOA0j)WSf`G@B`rl)OYrRfgbU?_$1)uh
z`dO$Q?U=*>=@%!aG&(<Xe3m?sktTP()GYJ1IiwN#GbMO-T2=;((6P}N<Kf^W(UAj3
z2kc*o&iX9&404uL$(3hbpgYS_-`@hBHI<&}B;nE5o)`bdm2y&EvAXExQ-a2%J~-mD
z|966cdAy-{cextN{xKLJ`c)Mx(<>jCS|MZ0bL7$~&GO`mMtQaltYZf;3Wfj@i(E)c
zsH^WxqZ*vG*;^F%QC!p071iG;4NC(-q2DV?PH2-8hw7aZj0Mwh<2Z|nU=6HRqfO9Q
zs9#YLbYa*fE3pfD5y}fkcQYwEu#*X8zp;|x%r<sXXp_i^d0IfGg7%93oI;VDBB*Cs
zQZ-FO_rfY=qx>w9nMr7$2N?radyrYp#hwa02oZEAe$Qy?6wt3d<=(zLS~0+#(1*Mh
z4M`s9UIIv~1{3xx0qI>a)-|>Ay`K-2dkzF<02nHDvg@%o2F$SPgA3i-nWsx##{Wvs
zJ5NaFwttJa<27s8bwZ5}dw*cOm+tKIq_g&B@yxtHMq}j(a}6784D=fVrn`jU-D+xO
zy4?Mt5}CIqBn#`gnhi-WIutgx-c6oKM3m@RMA{L@1QzxhoFMw(PSXXQS`}mTu0bN5
z18PD}Oe(oo1YQ2_0mzqsG^*wXRW|G&14Jn$A!H+KiZZ04AVVgO$d{YjgVNd+k+qH8
z@O0KK^BN#6?M5`}#Hqv-(?QM((H1%=Fe5UJU^>WrSoRjyDy2Id1taQ^OfoQtLvsuT
z?E{ds;N}&$-0i{?GY1XI>R1CfN1VjSi0sLHvfps8hlVg17j&=D+z=P(`3AcIkpbMW
zlE8kYAxImCV*=~OilY(ipCN_;v<=%T(RP%g5zM5H?U`sq4Yz-eUJRtCr%N_ALgvQS
zWI{|I7|L(V{z;~Z+fNLZJ=j4pApD*ZByuR@)vntx!vG05nUGOaPLSpiW2JrLxze_M
zv$%R%#S!Yj?!VZS5NZh?JS!eCPI9p+lnpip4iy8WV__^;=KGv-#mpS3Seh;Ee*kU6
zGPMIM+8jJMbuge440Dq_Ge+V_jjYcZuzRX$Xy#tg5_u)VlNX5x_Gu3cu-%ArG9u(D
zMi*zu*wReJ^z814oC_Drp9eD%0)t8C0%SD1FpuvD#iSJ*c!bclez!xiaAblj%)mkW
zk~AEC*!x7%ow5*yqtC;gl^Zq~8Q>Un<47_jC=eDJvICM5+OC<&ChLLjqCkFyyQjy&
z>;#d%EfADB-mqMn=aqb@i;?f?6Ra28^HE=6d&aQuh5`oAPQ5={i}4r=m9y(`C>Th!
ziRkadobhJPoGFcvkRMLqSd>~H=FKe(4hJxA)|*b41`7^~0U4}H+T|YI7%&8!>Jf#x
zIZ`lvj)bS4EFo+%7=f!&H@pRT;57*I1{-V)92N|4e#aGT2Y!55&8BTf7=%5>)hk@5
zb~STPPgZe1Y|9X@2P@QW4h~pF-*XC*h)s1GPDcIN*o2I`u2b1&Phd={dxi0w&vc)q
zJ)_unePDoXM+mb4=_~+{<$+Y92n!P!OW7X8ErILPjMoE61ep>ym<=De2igN!6Gamf
z>2Ns$8)!~}&Cjx6OjaRH9Xx6|;rccM@tKxVG7j2kPAwx6Ps9F0*rgndNdRh7A=nWW
zf>oK67L|#)E*S?8eU+a5FdtSm?Oz)MHU@?W2Kvi%^sX+YAXQaWy@T!h{b1mTGa!b0
zQ=*;V=6G$d66~i{j^RhT`ivO{9Upko;ii;F3Yh09LH4DMfkVas)&0{jVcmfo9$&sx
zC$yZB_GT7L0rZvyIlDZtZY?fg9t@h+H^il-yG`@iiulH^q_4Pftd4Vsn>4umC0*Qi
zo_(c0cEc=2#A+$xH%5j;!JMsj1ka#S4-2;z<G{F<@=PL0;#2}grWlJI$3<eW4T?)A
zvTA@GS~K*q0_ZG3sBZO;=>P}91raaoG`v)^gX`Q}v~r0Ll9hC~<io>SF(hh~lq9RQ
zXHoW@jR6}2Lj(h6Uct?%UwY{!m1LBamC4y>pWW}d>fxl@%!~76N>rYB;t9nP>o#)a
zNIB=6bMzSl4@a4UITt@{42WsK-se<qk}qn+M<(8(_CJI8!9?Dn*4<9GZwwr$JrDGJ
z-#Ob)Yz*v)0Zv^hbts!TONuUs%hT32abmY?LtFNYZQWVsrZ6)=x&uKbjE~8I>~<i%
zcM3InhT2a}NwL(<JqPv*C?C=lyPxlktNn$rE%(Va;*qvif-f;~_1r5{8WIx<V8mX8
z(UEaN2qPl`Z7v*f*z81*ANPx)L`BWtbwjNTv^V$<1sbxmOy<{DIaVzD*T#U2fuVo_
zGaucyZJTaPZR*t8+A2A4L}H%z9vf2Ww7E8Mdfzk8)G%I~xT(*$XwP}`+i$-u=bd++
zG&MEJCqD5BNLr)v;)^dTQ^ffH{O3RA<(FTUpZw$}yiMk{uYCI|i(x!Wn$-F+PZQ2-
z!v3C{XI9Mq{T?<3#1x)-Cdc;NbI+;z%(>^DD{I!QktIu($myq_E+r);$rtZmRd>fS
z4YWJNzOpf3W5CA1L1KUd0El|t*zt1K|NB4qI_QB8KTU=A4T<?_zb2LajY}rToe8(A
zaNQZhW^{&z?z<NDlY_-Tf0+OiPbDge24s)O!2|0V2WysYJv431GY`YSFb1PpX?SOY
zjR6}2LlpyNq5O?E-q0%Ebkj}p```aw-h1yoov)gD_lGw3j??>|d6_VCW|(0FOc?7z
z=HtmHpG-1En>WKY7Am_NHf)f~F1t)_zWHV*RWRvzlX`7EJ#d&wW9qT5bO(BF()H)O
z|IxNTIV9q|_S$Q5<&{^;$tRyIW5<q_d+)thT3TA<gCG2$TyVh!%Dw&NFMrWErjePH
zFJq3>;uzM~bB43Cbaiz}b8~ZQ68qZ5fQ<ng0|$)(G9e!9aGYLVA->YG{T}If&f`Gw
z_`JVyS*|M+8_huyV#CnDfMFgC1HsXVzN&bzmCRwnj6AG&Iz+X>#(<51VSs_o&Q7`h
z`s-ENKn8?B280lVJ?i(r|9zd<UvkMM@*n^49~$oqU-*K2?sK1$Z-4vSI>+Ur`)5A$
z8Ts_5KdqbBQetuHsi(@XfBkDY@x&A5vBw_M{GNL1DRH~qYPf#aU3Ur7kpbZR)-VF0
z5cfY5S+Qb;de`E!5hF&(;>C+))TmK1X3QAjyqodKm=H`k6DLlTAN=44%D^!E%{Ska
zIdkU7FMjb0osU2C&_gnB-aJi9<9XKYzWeS=)`N3*N>(_R=lk7$`|Wc1<(JFWty?wC
z_U+r{s;jONmc#Jn%a^klt-oIM^9LRS6EppOCP<BDkj0lG!pV)X0e9@!p%wb%CqJnS
zM}B_3Jo@OP($LT#>(;H4Y15`jULHIfB}7eq<(V30u1$RAL++0q;cH*}+8&K&;@W2$
z12zT*4+GsW=H1y&m$idehl45^WYAjjIH**IEwZ9%*dXh$y|$gvVZs3WE<JWt!s8Y_
zcG+NKz{WuTFkt4f@4WMloN&Sk^2=ZTQs=FlV88qByUK*n9_01cUl%edRMYy{$3CW+
zKm72+%5aPyKVEG|$TVbRWau-xxc$dJ{-G1}<BmH{nG`YsWNI$G^iuiz-~TRISy}Rd
z4}3s=`qQ84M4xrx!A15hTeisT*|T*%%?!yPaI#O}eEL(L`jj#gWO!!Hnx%Ps_q*TK
z#eXs=RNtztt(BE4SIU9~3*^i*&(yT{-+#ZHbka#eqj^4~`(R2`uD$kJdEkKu^!$~t
zd_~9@J^0{*($Uc&x7>1zrX>U7^ZBH(uuwkx+0V*HKl)K+s($#xAIh#>yQHY7=%D7~
zhb#dhGeFMk)mL9t=7S8#-FM%u;wm=Wx4!i)@ng48>aj(zvPb>3^73+halSBtNN#U$
z7wXxO<03H6Kp>#TH*8FDo|JSj9^*4FmN|d^e9fP6Sr;2@4A>a3F>uHj0No+&8LR^Z
zA9B_0gf<3j4A>a3F>q)Y;Dn!GG;=s<_hO$XnhkJL%}F|e+C4M?H}h9AA6x{dN>piS
zsm5VmWHu-{ATS>Sr4d(OeYM8>)vtb~Vb47Cj6DAM<9hx1&wpMhRWRcZ^Qo?`mbGiw
zDx*SUcrpQB{pwexprAk*7$#&KY8bV(wF#LIF8cFe-KmANapOi=v}lns4UGT0-~CQ*
zxZwt^Uu9*bOqnu8?MP@UL7>q)_c9^#L1u?qP0Wu{5CZGBaN$C|rZC}efBRd~NdEcf
zpVx4MPrW(7&ml7)WCmCeIV%ERirgHzJ~9O4l4x*lm<YO2CF03-Q5-~|JqQhaC=H>M
z<hQ^5t%mbCIVmFanrp66gfkwwFB;x__`@HT88c=mQkWmbSA>IkaZO<V*ch-ea7<%>
zw5m7Vc)wvxpL!hA2tJBlzOR096uqAPDmDg=ISi2Yb1qw7UoTXPB9O`8yz)z5`jXyL
zQo(sG;a~symrl$%H~q**KB9D<6Lv0?b8=3GgLI<1o4cXz1}?@E$YgMmKYjXiIpd5o
zlu>y0*=Oa27haG|*Z~?~UIa>0sO`f#kkO!B%F?Avbs?V5xgbxVWQM?bGT(<_@}s$e
z0VADZeZTq5Zwe(loO|<~39P?S{UU=x!2y9x4}s74zJ$|GJ5ANg?zrO);X53E{P7xY
z>aI5j_&Fp7#0=PcF(Q;;5KN}SRKUbDbs$qhAQH$~PMtbcs6$8nHHw8k{_&5?s#U9!
z+#21Xk#i*S36DJTh+K5hMJj%xxa>zi`jP6mnS4#T8rlA_F<@iB#=w3sKziW^Eh5cI
zrByx*K3p(K4I_P{&aMe#TGBC1n<#@}>FIvS$js0q6X*2Az_Xuf*pH4d2H0kC?#qJn
z`(Yy3mM*wTHhtg-SKH3s#(<51Ba8v_Ew5j{UYUzK@4Qnd*fb-cS`t;2C`lkg!3A?N
z0X(RBL|Q`a9Zt^aDwj@{xOl#L^=g$&u<E_%q!kqvI`5@aV$!5Za`D9%s~rfPGEuU^
zJeh`Ps&CcR)hUxfV{{{-;X=OwG7?mgGW(C*bI(0mf7X{a9t28c3>b!j^KZ_d`5rWz
zpbD7*GBIRIXahpVjPFC+5&{_%?wn3wJgRwJc;SUAL>N7Kw1)S7XARuP&ml1&CNB=i
z1{sEH+8=>8jm<dAmMzn4*tj&Tx$(vu^`1sGhJ&My+qiM#)Yyg(8P16TIWq#0#DkLn
z8*B{N7_c$WUks2)hOwIS#%r%Yy|Zl(8nR;P64|nOql(r^vl#d7Hy6mx9ouyR$}*UC
z{wps_2USDW-L6AdhnBqej=cQu=jG)Wo|6}z`Ijtud!Y^{{jHZB@9<%OZO6lljZArP
z>`>-1p%!tlC9y3V8|txN3pT4nzBbqxurV;aF~B(`=dLu$CQvd#W`HVHRK+^~{PQ)O
zHV#z5B0T-{(^6AYqhrQ5zVQvUy<j*e=70Y4pLwbFBBT*UJBN${fpg|tZ@pDjsHpzL
zv4wM3+Lah!I@XJe@l>&58rFrT2vl=o*<^ZXbN#13{Ye=YGD2jSX!}7^2QH3L-HP#f
zZzLq9K4gSw>+;7x{!xVotP_C@4;c%F6IedguV}kMpd^R}>(o}F?FrS-_zq;;4uvKj
zk{ezY$im1CkwGAkTO&tDB5%M{i1AZ_42Tg?k;|eei*d=xQT57L)EjQih?z`2rZH3V
zw6ARp*ch-e&>swN>PU)2m%D%X&CliZx#!B|S6!!sw5hQ{&Y3e^ZvE~Z^64*rRhfsj
zwpO|1>^buEyoFL;!Nrd>S+@9Hx%`4N<!8TnKrZ<Z=~oQ4Yd!LvZ+uCvx#8n7Y07j7
z;ywebRfcZ$r*3wf!-oOl-Hq|+m6x8ERm+!2HU`#)UG*|)>U25f^tsw*2P_Sp#Q~#k
zj#(F-Ia?li@&zd^E0+icV!K@rh&?-kje#ML0WM&F`O9C{qqw+O>&x$*OaN^&Xq?S!
zE{GG%yq0mO=0p<$N=gW1T&UW_IV&gUbLY-g$q47Q1g7PJJ16*5#bVi{BV-Z?EXU+e
zn~y85xI*KwEK1?Y91(a;n`<%-Ov7-hjZx}BduryH8lRr7D4`*<Ltq-3P0#?Ib)X=D
zb|gldh>{JeS}`7(4l-Z_!*JXPfdSu*z<D|uA~H$`3x~vjq!vQmv9r!POYJpS0V0gz
z9U7{Tu^^{K#)4oF%NM4%0Rna3$XW6QUViyyx$e5_6d`;@q^E*mM2G|e85JHh_&Jo9
zPtDuDwlQF1;Ml+bnGX`pjEqdV_QwB^NB{gsx$KIob@8O7#d7UU$wmhVa!ziZtX{E9
zF2DMEsTnyM#F!2>A~NsA7v#1d+$pcW@}iu6*4dJqm#;*B?6?UsW%>-6IC&DJBvJLO
zMQMo*1CIfYGk^H?&!rv%=_fw@c?`%ISZUlUjbK7B8sTtY-$$o1qfv}C+>eC=H^(Us
zygYD;n2alO@nu(lq46r?%DfqmNAENow|Fqz1{(u528K2U_$}Ae)a+47e)|MU19%(=
zY9XO8U^H}iPv(S&0YfXOZe@(w%`<a0ar!DdmEMqPr`#{e000XyNkl<ZFd9fqOPbTW
zJVS^2%8LSo)OwqGvJ86VqGv5iKxp4V)h?Pt7-M_lhm6$wg+o@sGDsrFNS9!gWY8Bf
zb;)R)!f+y(73ND2jC6#I1jFginD!quUg67-nIKY#00OTG>>vbkcm&#xeEsWR*D@(}
zF%l7zP9xbrHU?}A*cjLk24b<O<inldhV`qVTC+>1nM>Y%TkgE~H?m^sds4S$vtYg{
zb(=Ry?Wi$I&(g3{`qnL*WZTv)a?M9?2Ei|o<xtu3cwifV0U#8Ds2${sb5HJa9s{Fe
z)2011!V!2xe0wl<yz<fuXq(0Im2ce+2C)FlMjG02w48YIDTz`cb%*+0I~Yy26Bo9a
z*6pVKPYf%9t<u@iuFsgD2YS^mw0{>2K07-*G_Fa*Gsm?ys6v?4PrKcZK;zn3+88(j
z7~r?c$$IZ^HZ|N_n|S8T>hRj!n|KU2*E}0AbLZ6f=9xM7j$`67oRIpQ&j{9niS-^P
zKEqPurq(01ZswZl7@u=*s$J2xgtpmq$4hCDDTC#iGR&D_2Mh0O9}pJCiW{U*RAW|#
z4Aa0cJ|}_Zsv|4QXM7QYQM2N;Ny9h{XB>w0zGqyPOG2NT7sG9^F<@h0@G&sd_W>dO
zAbkn{|Mu<%wyN@u<M<yeq0aImEw6$t$h!_*HnXk;p}b0sD40nWaTy6AAezchB)UzM
z`4UBqFF}GYAikB!#t50wM6)Q!i=_AxW0pm<zK#JEQ*3Fgmi>Rv?ZMm1WeuErq4j%`
z+xDJw?sL!iJh$hb|9PJ0f4*t3rAvNq(`Q~~zbqPKmyRp6<trYy4KF-zMPtU<=y4P5
z?xi=|n39R%q2OY}3(wi!J^!(VOK!4F8#dazZ&g^?jkko8*=2uNY{g^8+tA@7y_;!`
z<rfUHyk5QSJ3m%M$H|jlJMDi9RJS*k&9^C+OtYz%ULN{D>$^hrt_ZPX$J1=xGi&^Y
zwqIKpzfkstXIPxO;CfFUkYis~?YBoCTyBGh4!6Dk-D86W5AkkxGj0Ct-+0T``PTQW
z{`T*Gy&t}N=9k?Vx?xm)wA&uIdzoEWSZwd?+G&e!UTVF)tCm{7GEwi^EA9i*{y*33
zAp)5Yh=K|oyY#ot-!&zl@5iwnC)@=~8yIcW(Yiq;&(jxx9?_)NB|nem>&rurXlnWV
zSnn6ThTjMvfIupN=)juecOdW6ufJ99{=fzg8D@iq4zvCP@~vdz6x+3PhYj(Q(7%;G
z6~=@3T|(^O*VXpy>Q(l~Ki}(D&JWqJ5$D<LnU{xgA6>e14Hr%t>J#@bs`q;o=|W24
znpLVTVSbzf(RYekDC!&P?93jyUI&T(+<G6?yIQ7nVXS1*#n#*JSg(24&AHm%+_uHW
zPo8Rv7R<5V&Y5SWp5y;ub&XYdUu^}d`W{k?$u$cX`}m$ZD;zPv#!s4R=Z?C-7GF2l
zmficX6%~%Mb?f?B`PwJ#+C@t;5`4tzM_C9UfI!RhZ;3?b-Er!Cf0lm&rRo5FJX5A$
zcRbt3YY;%7{R${RxTs`;XT7Slm;bTRMw~awy7xHKa`SrH&h2m5$CV#i@wh40IorE`
z`e9DpuXGXp{rBDtSI{^A^HuwKVUbn5xjkGd(lPBqe?EF_aR_4idT^tb+T%UewO{%4
z?U}wPl`dDAuM!uy5@R*=j#?H4DH=$A&$2(+^Byd0+x(hk`54AMd%g%+t_q9CdRMDD
ze?<o$bbeN-+ZqpQCSP({s7rOzy7;nRd-vZu|BUPo={Q4Xv~BN%d23g%^zK*({Qb$8
zmA;y$WCRe%lt4PZ!%nybBvU)j`yhY-0&xrI>i7^JIKFz-3Qx)Vnw2fSB?K6~diS-F
z-reT@J8!pn*WVD*x9T#>dLOVpuWXSINS<!BHT6C&t+VA19B7ZPc*ui}62I@q8J>Ev
z)=yp=LV8DCNlM3oJ8p;eQl6~UWgy1~X!gj>3+a>#i;KKY4j<{(t5m!do>qCmoLRP}
z{O_JL;HOsk;Rn9_TW{g04ujR@5d|w6528seCt61>VH%jO;I*+Spvm?Cb^rdoVZAP0
zyV<jUeJR`%M&pdA|G>fz1Q0-=nLsQpAk9kT2?7Wp&;|r_VyKhL&VGYbrB+po#~>eU
z-rzagyL-AqUHRU=_4TkUJG+ygr0%xoo_@@`Y7Mu#L*In{{k66Aq18lPbargr61wQ9
zdymE#5PY1x4}k`i&z$u;d*r^m?5&Djo<JbS$9m+1I{C`;>3`*|6JtCTuY!*QRR=@x
zsn(8u-eR?JeYt(&EnnTbCvHfo!RS$4M!|%F(a=r71CTy_`q_KCcG&qp`-NRGqtqsO
z3d;d!=ZDXgf*~dZ5I_Kd9}3U{@<S8mAb`M+M4+)z-F32T*6g`9VM=KjIINS#MAxi|
zwr<laVN6IOrS4%{`<EAOKz>0Y0fxU$SGbjecgd}Hgn4tXUFbR4`zEfGA7|Ip9|?Wh
zc2hxuy1f+)JjWhgQ*O)eSZd?FZq=>sZ66@6f#km$J=WGfvC^J?a*b7c=Bl?n`<a5s
zuHCxZ%Ude!{=06o=~rH5RaN^um?#L{=|1<YXpP=t=5b1xlw?5nv&!>~kE_?e814a6
zI&Fr1_UXrVcELcKTskd$j?%WH6pR1@2()2=6V8IwhWDLKM*x8|37qO#u#$IMU2T*i
zTz9yxJ9H>4(mdV7PQi&<L==#Ob-Yi%ZaA1cX<fCV9O;_lC%@nN`c3Dl$*b~r1_e|v
z>Kaw;Ef`gv*-G`Hn@{F?>gDXyf8yQb4qDZ|eIfIe#(!ja-Jb3@_)@*AmE^#IsxU9N
zXRq)%P&q13b*-}1U8|F)U)KFaH0eERYih!}c}=g;dYPE?E@Z*Vgf#Dg00MCd5P-xb
zNjV50a73Uj1t8jJoha%Ny45u8MKn)W)b)s-C$AIjaB^3hX#HpzzfYck>P121ku;LN
zDQX>27cC7?*I;$EVnubU_4QEp#xQ`~$9ib6x|S<I)iT}hMU!5y`3g?`17e+gxjvKT
zVq0{*Mb!91GlL5Ai9M`L97nVq#MeYvYVt6$+*)+tVpH3+&rx>%_s%b7RXut7=kF&R
zE8;{HS`-#$3NNb4v5c=>ZPUl$*wQ3oYm!;(%cZqw|KVcY@2MAUdjEDV%ZU3j2UM&x
zFr8)PaF|v70ca>N+sJY*;bIFqdwrdJZsh68|L-fUl~Te%Y48T?i6&8NO;#nK4zM<G
zmB7d}A;jp6I|E2Bga9h!a7a>L>Hrr3%6X_dFii4l`w7zsGD2WC1Ea^AB_hBU7(#d@
z3x`9{NdtL=d5kPc;tC9%bEhx~LTv!aDNF@w){=atjO>~>Oe_i;CkH7oaj-NV;azeN
zu6`CU)=VBh02T#D)Cw%NP14|CWa(2q@c-7vl8812rsWG9u4(S@%@G17NajYqdrXVi
zg_$@~931{<|Jk3)Fl#%|`xY!#GT$`&nlzY!)_1U!g#27L(b@aS!F-lWdJhh|hq)_F
z*kb*e4d|_Ipv!c6M4FJjwN@~J$0K`61Urhq1cCl)o#+G$Igs1}Q=lK#1}4cOhhB$k
w1A~f~8<!(;Fkj;kXxQS`S&FP%L9FpVBYV>QO9m@Wt1$opaI>h(I;Vst01(}UssI20

literal 0
HcmV?d00001

diff --git a/quickstart/101-front-door-premium-storage-blobs-private-link/outputs.tf b/quickstart/101-front-door-premium-storage-blobs-private-link/outputs.tf
new file mode 100644
index 00000000..3642fe18
--- /dev/null
+++ b/quickstart/101-front-door-premium-storage-blobs-private-link/outputs.tf
@@ -0,0 +1,3 @@
+output "frontDoorEndpointHostName" {
+  value = azurerm_cdn_frontdoor_endpoint.my_endpoint.host_name
+}
diff --git a/quickstart/101-front-door-premium-storage-blobs-private-link/providers.tf b/quickstart/101-front-door-premium-storage-blobs-private-link/providers.tf
new file mode 100644
index 00000000..c8990b6e
--- /dev/null
+++ b/quickstart/101-front-door-premium-storage-blobs-private-link/providers.tf
@@ -0,0 +1,20 @@
+# Configure the Azure provider
+terraform {
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "~> 3.27.0"
+    }
+
+    random = {
+      source = "hashicorp/random"
+      version = "~> 3.4.3"
+    }
+  }
+
+  required_version = ">= 1.1.0"
+}
+
+provider "azurerm" {
+  features {}
+}
diff --git a/quickstart/101-front-door-premium-storage-blobs-private-link/readme.md b/quickstart/101-front-door-premium-storage-blobs-private-link/readme.md
new file mode 100644
index 00000000..78bfc359
--- /dev/null
+++ b/quickstart/101-front-door-premium-storage-blobs-private-link/readme.md
@@ -0,0 +1,330 @@
+# Azure Front Door Premium with blob origin and Private Link
+
+This template deploys an [Azure Front Door Premium profile](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cdn_frontdoor_profile) with an Azure Storage blob container origin, using a private endpoint to access the storage account.
+
+## Architecture
+
+![Architecture diagram showing traffic flowing through Front Door to the storage account.](images/diagram.png)
+
+The data flows through the solution are:
+
+1. The client establishes a connection to Azure Front Door by using a custom domain name. The client's connection terminates at a nearby Front Door point of presence (PoP).
+1. The Front Door web application firewall (WAF) scans the request. If the WAF determines the request's risk level is too high, it blocks the request and Front Door returns an HTTP 403 error response.
+1. If the Front Door PoP's cache contains a valid response for this request, Front Door returns the response immediately.
+1. Otherwise, the PoP sends the request to the origin storage account, wherever it is in the world, by using Microsoft's backbone network. The PoP connects to the storage account by using a separate, long-lived, TCP connection. In this scenario, Private Link is used to securely connect to the storage account.
+1. The storage account sends a response to the Front Door PoP.
+1. When the PoP receives the response, it stores it in its cache for subsequent requests.
+1. The PoP returns the response to the client.
+1. Any requests directly to the storage account through the internet are blocked by the Azure Storage firewall.
+
+## Resources
+
+| Terraform Resource Type | Description |
+| - | - |
+| `azurerm_resource_group` | The resource group for all the deployed resources.|
+| `azurerm_cdn_frontdoor_profile` | The Front Door profile. |
+| `azurerm_cdn_frontdoor_endpoint` | The Front Door endpoint. |
+| `azurerm_cdn_frontdoor_origin_group` | The Front Door origin group. |
+| `azurerm_cdn_frontdoor_origin` | The Front Door origin, which refers to the storage account. |
+| `azurerm_cdn_frontdoor_route` | The Front Door route. |
+| `azurerm_storage_account` | The Azure Storage account. |
+| `azurerm_storage_container` | The blob container within the Azure Storage account. |
+| `random_id` | Two random identifier generators to generate a unique Front Door endpoint resource name and storage account name. |
+
+## Variables
+
+| Name | Description | Default Value |
+|-|-|-|
+| `location` | The location for all the deployed resources. | `westus3` |
+| `front_door_private_link_location` | The location that the Private Link connection will terminate in when connecting to the origin. This must be one of the [locations in which Private Link origins are available for Front Door](https://learn.microsoft.com/azure/frontdoor/private-link#region-availability). | `westus3` |
+| `resource_group_name` | The name of the resource group. | `FrontDoor` |
+| `storage_account_tier` | The tier of the storage account. | `Standard` |
+| `storage_account_replication_type` | The level of replication to be configured for the storage account. | `LRS` |
+| `storage_account_blob_container_name` | The name of the blob contianer. | `mycontainer` |
+
+## Example
+
+```bash
+$ terraform plan -out main.tfplan
+
+Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+  + create
+
+Terraform will perform the following actions:
+
+  # azurerm_cdn_frontdoor_endpoint.my_endpoint will be created
+  + resource "azurerm_cdn_frontdoor_endpoint" "my_endpoint" {
+      + cdn_frontdoor_profile_id = (known after apply)
+      + enabled                  = true
+      + host_name                = (known after apply)
+      + id                       = (known after apply)
+      + name                     = (known after apply)
+    }
+
+  # azurerm_cdn_frontdoor_origin.my_blob_container_origin will be created
+  + resource "azurerm_cdn_frontdoor_origin" "my_blob_container_origin" {
+      + cdn_frontdoor_origin_group_id  = (known after apply)
+      + certificate_name_check_enabled = true
+      + enabled                        = true
+      + health_probes_enabled          = (known after apply)
+      + host_name                      = (known after apply)
+      + http_port                      = 80
+      + https_port                     = 443
+      + id                             = (known after apply)
+      + name                           = "MyBlobContainerOrigin"
+      + origin_host_header             = (known after apply)
+      + priority                       = 1
+      + weight                         = 1000
+
+      + private_link {
+          + location               = "westus3"
+          + private_link_target_id = (known after apply)
+          + request_message        = "Request access for Azure Front Door Private Link origin"
+          + target_type            = "blob"
+        }
+    }
+
+  # azurerm_cdn_frontdoor_origin_group.my_origin_group will be created
+  + resource "azurerm_cdn_frontdoor_origin_group" "my_origin_group" {
+      + cdn_frontdoor_profile_id                                  = (known after apply)
+      + id                                                        = (known after apply)
+      + name                                                      = "MyOriginGroup"
+      + restore_traffic_time_to_healed_or_new_endpoint_in_minutes = 10
+      + session_affinity_enabled                                  = true
+
+      + health_probe {
+          + interval_in_seconds = 100
+          + path                = "/"
+          + protocol            = "Https"
+          + request_type        = "HEAD"
+        }
+
+      + load_balancing {
+          + additional_latency_in_milliseconds = 50
+          + sample_size                        = 4
+          + successful_samples_required        = 3
+        }
+    }
+
+  # azurerm_cdn_frontdoor_profile.my_front_door will be created
+  + resource "azurerm_cdn_frontdoor_profile" "my_front_door" {
+      + id                       = (known after apply)
+      + name                     = "MyFrontDoor"
+      + resource_group_name      = "FrontDoor"
+      + resource_guid            = (known after apply)
+      + response_timeout_seconds = 120
+      + sku_name                 = "Premium_AzureFrontDoor"
+    }
+
+  # azurerm_cdn_frontdoor_route.my_route will be created
+  + resource "azurerm_cdn_frontdoor_route" "my_route" {
+      + cdn_frontdoor_endpoint_id     = (known after apply)
+      + cdn_frontdoor_origin_group_id = (known after apply)
+      + cdn_frontdoor_origin_ids      = (known after apply)
+      + enabled                       = true
+      + forwarding_protocol           = "HttpsOnly"
+      + https_redirect_enabled        = true
+      + id                            = (known after apply)
+      + link_to_default_domain        = true
+      + name                          = "MyRoute"
+      + patterns_to_match             = [
+          + "/*",
+        ]
+      + supported_protocols           = [
+          + "Http",
+          + "Https",
+        ]
+    }
+
+  # azurerm_resource_group.my_resource_group will be created
+  + resource "azurerm_resource_group" "my_resource_group" {
+      + id       = (known after apply)
+      + location = "westus3"
+      + name     = "FrontDoor"
+    }
+
+  # azurerm_storage_account.my_storage_account will be created
+  + resource "azurerm_storage_account" "my_storage_account" {
+      + access_tier                       = (known after apply)
+      + account_kind                      = "StorageV2"
+      + account_replication_type          = "LRS"
+      + account_tier                      = "Standard"
+      + allow_nested_items_to_be_public   = true
+      + cross_tenant_replication_enabled  = true
+      + default_to_oauth_authentication   = false
+      + enable_https_traffic_only         = true
+      + id                                = (known after apply)
+      + infrastructure_encryption_enabled = false
+      + is_hns_enabled                    = false
+      + large_file_share_enabled          = (known after apply)
+      + location                          = "westus3"
+      + min_tls_version                   = "TLS1_2"
+      + name                              = (known after apply)
+      + nfsv3_enabled                     = false
+      + primary_access_key                = (sensitive value)
+      + primary_blob_connection_string    = (sensitive value)
+      + primary_blob_endpoint             = (known after apply)
+      + primary_blob_host                 = (known after apply)
+      + primary_connection_string         = (sensitive value)
+      + primary_dfs_endpoint              = (known after apply)
+      + primary_dfs_host                  = (known after apply)
+      + primary_file_endpoint             = (known after apply)
+      + primary_file_host                 = (known after apply)
+      + primary_location                  = (known after apply)
+      + primary_queue_endpoint            = (known after apply)
+      + primary_queue_host                = (known after apply)
+      + primary_table_endpoint            = (known after apply)
+      + primary_table_host                = (known after apply)
+      + primary_web_endpoint              = (known after apply)
+      + primary_web_host                  = (known after apply)
+      + public_network_access_enabled     = false
+      + queue_encryption_key_type         = "Service"
+      + resource_group_name               = "FrontDoor"
+      + secondary_access_key              = (sensitive value)
+      + secondary_blob_connection_string  = (sensitive value)
+      + secondary_blob_endpoint           = (known after apply)
+      + secondary_blob_host               = (known after apply)
+      + secondary_connection_string       = (sensitive value)
+      + secondary_dfs_endpoint            = (known after apply)
+      + secondary_dfs_host                = (known after apply)
+      + secondary_file_endpoint           = (known after apply)
+      + secondary_file_host               = (known after apply)
+      + secondary_location                = (known after apply)
+      + secondary_queue_endpoint          = (known after apply)
+      + secondary_queue_host              = (known after apply)
+      + secondary_table_endpoint          = (known after apply)
+      + secondary_table_host              = (known after apply)
+      + secondary_web_endpoint            = (known after apply)
+      + secondary_web_host                = (known after apply)
+      + shared_access_key_enabled         = true
+      + table_encryption_key_type         = "Service"
+
+      + blob_properties {
+          + change_feed_enabled           = (known after apply)
+          + change_feed_retention_in_days = (known after apply)
+          + default_service_version       = (known after apply)
+          + last_access_time_enabled      = (known after apply)
+          + versioning_enabled            = (known after apply)
+
+          + container_delete_retention_policy {
+              + days = (known after apply)
+            }
+
+          + cors_rule {
+              + allowed_headers    = (known after apply)
+              + allowed_methods    = (known after apply)
+              + allowed_origins    = (known after apply)
+              + exposed_headers    = (known after apply)
+              + max_age_in_seconds = (known after apply)
+            }
+
+          + delete_retention_policy {
+              + days = (known after apply)
+            }
+        }
+
+      + network_rules {
+          + bypass                     = (known after apply)
+          + default_action             = "Deny"
+          + ip_rules                   = (known after apply)
+          + virtual_network_subnet_ids = (known after apply)
+        }
+
+      + queue_properties {
+          + cors_rule {
+              + allowed_headers    = (known after apply)
+              + allowed_methods    = (known after apply)
+              + allowed_origins    = (known after apply)
+              + exposed_headers    = (known after apply)
+              + max_age_in_seconds = (known after apply)
+            }
+
+          + hour_metrics {
+              + enabled               = (known after apply)
+              + include_apis          = (known after apply)
+              + retention_policy_days = (known after apply)
+              + version               = (known after apply)
+            }
+
+          + logging {
+              + delete                = (known after apply)
+              + read                  = (known after apply)
+              + retention_policy_days = (known after apply)
+              + version               = (known after apply)
+              + write                 = (known after apply)
+            }
+
+          + minute_metrics {
+              + enabled               = (known after apply)
+              + include_apis          = (known after apply)
+              + retention_policy_days = (known after apply)
+              + version               = (known after apply)
+            }
+        }
+
+      + routing {
+          + choice                      = (known after apply)
+          + publish_internet_endpoints  = (known after apply)
+          + publish_microsoft_endpoints = (known after apply)
+        }
+
+      + share_properties {
+          + cors_rule {
+              + allowed_headers    = (known after apply)
+              + allowed_methods    = (known after apply)
+              + allowed_origins    = (known after apply)
+              + exposed_headers    = (known after apply)
+              + max_age_in_seconds = (known after apply)
+            }
+
+          + retention_policy {
+              + days = (known after apply)
+            }
+
+          + smb {
+              + authentication_types            = (known after apply)
+              + channel_encryption_type         = (known after apply)
+              + kerberos_ticket_encryption_type = (known after apply)
+              + multichannel_enabled            = (known after apply)
+              + versions                        = (known after apply)
+            }
+        }
+    }
+
+  # azurerm_storage_container.my_storage_container will be created
+  + resource "azurerm_storage_container" "my_storage_container" {
+      + container_access_type   = "blob"
+      + has_immutability_policy = (known after apply)
+      + has_legal_hold          = (known after apply)
+      + id                      = (known after apply)
+      + metadata                = (known after apply)
+      + name                    = "mycontainer"
+      + resource_manager_id     = (known after apply)
+      + storage_account_name    = (known after apply)
+    }
+
+  # random_id.front_door_endpoint_name will be created
+  + resource "random_id" "front_door_endpoint_name" {
+      + b64_std     = (known after apply)
+      + b64_url     = (known after apply)
+      + byte_length = 8
+      + dec         = (known after apply)
+      + hex         = (known after apply)
+      + id          = (known after apply)
+    }
+
+  # random_id.storage_account_name will be created
+  + resource "random_id" "storage_account_name" {
+      + b64_std     = (known after apply)
+      + b64_url     = (known after apply)
+      + byte_length = 8
+      + dec         = (known after apply)
+      + hex         = (known after apply)
+      + id          = (known after apply)
+    }
+
+Plan: 10 to add, 0 to change, 0 to destroy.
+
+Changes to Outputs:
+  + frontDoorEndpointHostName = (known after apply)
+```
diff --git a/quickstart/101-front-door-premium-storage-blobs-private-link/resource-group.tf b/quickstart/101-front-door-premium-storage-blobs-private-link/resource-group.tf
new file mode 100644
index 00000000..0a52e7a6
--- /dev/null
+++ b/quickstart/101-front-door-premium-storage-blobs-private-link/resource-group.tf
@@ -0,0 +1,12 @@
+resource "azurerm_resource_group" "my_resource_group" {
+  name     = var.resource_group_name
+  location = var.location
+}
+
+resource "random_id" "storage_account_name" {
+  byte_length = 8
+}
+
+resource "random_id" "front_door_endpoint_name" {
+  byte_length = 8
+}
diff --git a/quickstart/101-front-door-premium-storage-blobs-private-link/storage-account.tf b/quickstart/101-front-door-premium-storage-blobs-private-link/storage-account.tf
new file mode 100644
index 00000000..ac9d87fb
--- /dev/null
+++ b/quickstart/101-front-door-premium-storage-blobs-private-link/storage-account.tf
@@ -0,0 +1,24 @@
+locals {
+  storage_account_name = "stor${lower(random_id.storage_account_name.hex)}"
+}
+resource "azurerm_storage_account" "my_storage_account" {
+  name                          = local.storage_account_name
+  resource_group_name           = azurerm_resource_group.my_resource_group.name
+  location                      = var.location
+  account_kind                  = "StorageV2"
+  account_tier                  = var.storage_account_tier
+  account_replication_type      = var.storage_account_replication_type
+  enable_https_traffic_only     = true
+  public_network_access_enabled = false
+  min_tls_version               = "TLS1_2"
+
+  network_rules {
+    default_action = "Deny"
+  }
+}
+
+resource "azurerm_storage_container" "my_storage_container" {
+  name                  = var.storage_account_blob_container_name
+  storage_account_name  = azurerm_storage_account.my_storage_account.name
+  container_access_type = "blob"
+}
diff --git a/quickstart/101-front-door-premium-storage-blobs-private-link/variables.tf b/quickstart/101-front-door-premium-storage-blobs-private-link/variables.tf
new file mode 100644
index 00000000..60677e6c
--- /dev/null
+++ b/quickstart/101-front-door-premium-storage-blobs-private-link/variables.tf
@@ -0,0 +1,29 @@
+variable "location" {
+  type    = string
+  default = "westus3"
+}
+
+variable "front_door_private_link_location" {
+  type    = string
+  default = "westus3"
+}
+
+variable "resource_group_name" {
+  type    = string
+  default = "FrontDoor"
+}
+
+variable "storage_account_tier" {
+  type    = string
+  default = "Standard"
+}
+
+variable "storage_account_replication_type" {
+  type    = string
+  default = "LRS"
+}
+
+variable "storage_account_blob_container_name" {
+  type    = string
+  default = "mycontainer"
+}
\ No newline at end of file

From 0bc2f2b309667b0fffb9ccd93d9d4504972ff3e7 Mon Sep 17 00:00:00 2001
From: John Downs <john@johndowns.co.nz>
Date: Fri, 25 Nov 2022 20:45:11 +1300
Subject: [PATCH 2/3] Updates

---
 .../front-door.tf                             | 71 +++++++++++++++++--
 .../providers.tf                              |  5 ++
 .../readme.md                                 | 57 +++++++++++++--
 .../storage-account.tf                        | 25 ++++---
 .../variables.tf                              | 11 ++-
 5 files changed, 148 insertions(+), 21 deletions(-)

diff --git a/quickstart/101-front-door-premium-storage-blobs-private-link/front-door.tf b/quickstart/101-front-door-premium-storage-blobs-private-link/front-door.tf
index 1b475946..a5d74571 100644
--- a/quickstart/101-front-door-premium-storage-blobs-private-link/front-door.tf
+++ b/quickstart/101-front-door-premium-storage-blobs-private-link/front-door.tf
@@ -1,11 +1,14 @@
 locals {
-  front_door_profile_name      = "MyFrontDoor"
-  front_door_sku_name          = "Premium_AzureFrontDoor" // Must be premium for Private Link support.
-  front_door_endpoint_name     = "afd-${lower(random_id.front_door_endpoint_name.hex)}"
-  front_door_origin_group_name = "MyOriginGroup"
-  front_door_origin_name       = "MyBlobContainerOrigin"
-  front_door_route_name        = "MyRoute"
-  front_door_origin_path       = "/${var.storage_account_blob_container_name}" // The path to the blob container.
+  front_door_profile_name         = "MyFrontDoor"
+  front_door_sku_name             = "Premium_AzureFrontDoor" // Must be premium for Private Link support.
+  front_door_endpoint_name        = "afd-${lower(random_id.front_door_endpoint_name.hex)}"
+  front_door_origin_group_name    = "MyOriginGroup"
+  front_door_origin_name          = "MyBlobContainerOrigin"
+  front_door_route_name           = "MyRoute"
+  front_door_origin_path          = "/${var.storage_account_blob_container_name}" // The path to the blob container.
+  front_door_custom_domain_name   = "MyCustomDomain"
+  front_door_firewall_policy_name = "MyWAFPolicy"
+  front_door_security_policy_name = "MySecurityPolicy"
 }
 
 resource "azurerm_cdn_frontdoor_profile" "my_front_door" {
@@ -70,4 +73,58 @@ resource "azurerm_cdn_frontdoor_route" "my_route" {
   link_to_default_domain    = true
   https_redirect_enabled    = true
   cdn_frontdoor_origin_path = local.front_door_origin_path
+
+  cdn_frontdoor_custom_domain_ids = [
+    azurerm_cdn_frontdoor_custom_domain.my_custom_domain.id
+   ]
+}
+
+resource "azurerm_cdn_frontdoor_custom_domain" "my_custom_domain" {
+  name                     = local.front_door_custom_domain_name
+  cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.my_front_door.id
+  host_name                = var.custom_domain_name
+
+  tls {
+    certificate_type    = "ManagedCertificate"
+    minimum_tls_version = "TLS12"
+  }
+}
+
+resource "azurerm_cdn_frontdoor_firewall_policy" "my_waf_policy" {
+  name                = local.front_door_firewall_policy_name
+  resource_group_name = azurerm_resource_group.my_resource_group.name
+  sku_name            = local.front_door_sku_name
+  enabled             = true
+  mode                = var.waf_mode
+
+  managed_rule {
+    type    = "Microsoft_DefaultRuleSet"
+    version = "2.1"
+    action  = "Block"
+  }
+
+  managed_rule {
+    type    = "Microsoft_BotManagerRuleSet"
+    version = "1.0"
+    action  = "Block"
+  }
+}
+
+resource "azurerm_cdn_frontdoor_security_policy" "my_security_policy" {
+  name                     = local.front_door_security_policy_name
+  cdn_frontdoor_profile_id = azurerm_cdn_frontdoor_profile.my_front_door.id
+
+  security_policies {
+    firewall {
+      cdn_frontdoor_firewall_policy_id = azurerm_cdn_frontdoor_firewall_policy.my_waf_policy.id
+
+      association {
+        patterns_to_match = ["/*"]
+
+        domain {
+          cdn_frontdoor_domain_id = azurerm_cdn_frontdoor_custom_domain.my_custom_domain.id
+        }
+      }
+    }
+  }
 }
diff --git a/quickstart/101-front-door-premium-storage-blobs-private-link/providers.tf b/quickstart/101-front-door-premium-storage-blobs-private-link/providers.tf
index c8990b6e..bc4d47d2 100644
--- a/quickstart/101-front-door-premium-storage-blobs-private-link/providers.tf
+++ b/quickstart/101-front-door-premium-storage-blobs-private-link/providers.tf
@@ -6,6 +6,11 @@ terraform {
       version = "~> 3.27.0"
     }
 
+    azapi = {
+      source  = "Azure/azapi"
+      version = "~> 1.1.0"
+    }
+
     random = {
       source = "hashicorp/random"
       version = "~> 3.4.3"
diff --git a/quickstart/101-front-door-premium-storage-blobs-private-link/readme.md b/quickstart/101-front-door-premium-storage-blobs-private-link/readme.md
index 78bfc359..86119091 100644
--- a/quickstart/101-front-door-premium-storage-blobs-private-link/readme.md
+++ b/quickstart/101-front-door-premium-storage-blobs-private-link/readme.md
@@ -1,6 +1,6 @@
 # Azure Front Door Premium with blob origin and Private Link
 
-This template deploys an [Azure Front Door Premium profile](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cdn_frontdoor_profile) with an Azure Storage blob container origin, using a private endpoint to access the storage account.
+This quickstart deploys an [Azure Front Door Premium profile](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cdn_frontdoor_profile) with an Azure Storage blob container origin, using a private endpoint to access the storage account.
 
 ## Architecture
 
@@ -17,6 +17,32 @@ The data flows through the solution are:
 1. The PoP returns the response to the client.
 1. Any requests directly to the storage account through the internet are blocked by the Azure Storage firewall.
 
+## Usage
+
+### Approve custom domain
+
+After you deploy the Terraform file, you need to validate your ownership of the custom domain by updating your DNS server. You must create a TXT record with the name specified in the `customDomainValidationDnsTxtRecordName` deployment output, and use the value specified in the `customDomainValidationDnsTxtRecordValue` deployment output. You must the validation before the time specified in the `customDomainValidationExpiry` deployment output.
+
+Front Door validates your domin ownership and updates the status automatically. You can monitor the validation process, or trigger an immediate validation, in the domain configuration in the Azure portal.
+
+Next, you should configure your DNS server with a CNAME record to direct the traffic to Front Door. You must create a CNAME record at the host name you specified in the `customDomainName` deployment parameter, and use the value specified in the `frontDoorEndpointHostName` deployment output.
+
+### Approve private endpoint connection
+
+You need to approve the private endpoint connection to your storage account. This step is necessary because the private endpoint created by Front Door is deployed into a Microsoft-owned Azure subscription, and cross-subscription private endpoint connections require explicit approval. To approve the private endpoint:
+
+1. Open the Azure portal and navigate to the storage account.
+2. Click the **Networking** tab, and then click the **Private endpoint connections** tab.
+3. Select the private endpoint that is awaiting approval, and click the **Approve** button. This can take a couple of minutes to complete.
+
+After approving the private endpoint, wait a few minutes before you attempt to access your Front Door endpoint to allow time for Front Door to propagate the settings throughout its network.
+
+### Access the storage account
+
+You can then access the Front Door endpoint. The hostname is emitted as an output from the deployment - the output is named `frontDoorEndpointHostName`. You should see a page saying _The specified resource does not exist_. This is returned by Azure Storage because no files have been uploaded to the blob container and therefore there is no content to show yet. If you see a different error page, wait a few minutes and try again.
+
+You can also attempt to access the Azure Storage blob hostname directly. The hostname is also emitted as an output from the deployment - the output is named `blobEndpointHostName`. You should see an error saying _This request is not authorized to perform this operation_ error, since your storage account is configured to not accepts requests that come from the internet.
+
 ## Resources
 
 | Terraform Resource Type | Description |
@@ -27,8 +53,11 @@ The data flows through the solution are:
 | `azurerm_cdn_frontdoor_origin_group` | The Front Door origin group. |
 | `azurerm_cdn_frontdoor_origin` | The Front Door origin, which refers to the storage account. |
 | `azurerm_cdn_frontdoor_route` | The Front Door route. |
+| `azurerm_cdn_frontdoor_custom_domain` | The Front Door custom domain. See above for details on custom domain provisioning. |
+| `azurerm_cdn_frontdoor_firewall_policy` | The WAF policy. |
+| `azurerm_cdn_frontdoor_security_policy` | The Front Door security policy, which associates the WAF policy with the custom domain. |
 | `azurerm_storage_account` | The Azure Storage account. |
-| `azurerm_storage_container` | The blob container within the Azure Storage account. |
+| `azapi_resource` | The blob container within the Azure Storage account. |
 | `random_id` | Two random identifier generators to generate a unique Front Door endpoint resource name and storage account name. |
 
 ## Variables
@@ -40,7 +69,9 @@ The data flows through the solution are:
 | `resource_group_name` | The name of the resource group. | `FrontDoor` |
 | `storage_account_tier` | The tier of the storage account. | `Standard` |
 | `storage_account_replication_type` | The level of replication to be configured for the storage account. | `LRS` |
-| `storage_account_blob_container_name` | The name of the blob contianer. | `mycontainer` |
+| `storage_account_blob_container_name` | The name of the blob container. | `mycontainer` |
+| `waf_mode` | The mode that the WAF should be deployed using. In 'Prevention' mode, the WAF will block requests it detects as malicious. In 'Detection' mode, the WAF will not block requests and will simply log the request.' | `Prevention` |
+| `custom_domain_name` | The custom domain name to associate with your Front Door endpoint. | |
 
 ## Example
 
@@ -121,6 +152,7 @@ Terraform will perform the following actions:
       + cdn_frontdoor_endpoint_id     = (known after apply)
       + cdn_frontdoor_origin_group_id = (known after apply)
       + cdn_frontdoor_origin_ids      = (known after apply)
+      + cdn_frontdoor_origin_path     = "/mycontainer"
       + enabled                       = true
       + forwarding_protocol           = "HttpsOnly"
       + https_redirect_enabled        = true
@@ -225,9 +257,14 @@ Terraform will perform the following actions:
 
       + network_rules {
           + bypass                     = (known after apply)
-          + default_action             = "Deny"
+          + default_action             = (known after apply)
           + ip_rules                   = (known after apply)
           + virtual_network_subnet_ids = (known after apply)
+
+          + private_link_access {
+              + endpoint_resource_id = (known after apply)
+              + endpoint_tenant_id   = (known after apply)
+            }
         }
 
       + queue_properties {
@@ -291,6 +328,16 @@ Terraform will perform the following actions:
         }
     }
 
+  # azurerm_storage_account_network_rules.my_network_rules will be created
+  + resource "azurerm_storage_account_network_rules" "my_network_rules" {
+      + bypass                     = (known after apply)
+      + default_action             = "Deny"
+      + id                         = (known after apply)
+      + ip_rules                   = (known after apply)
+      + storage_account_id         = (known after apply)
+      + virtual_network_subnet_ids = (known after apply)
+    }
+
   # azurerm_storage_container.my_storage_container will be created
   + resource "azurerm_storage_container" "my_storage_container" {
       + container_access_type   = "blob"
@@ -323,7 +370,7 @@ Terraform will perform the following actions:
       + id          = (known after apply)
     }
 
-Plan: 10 to add, 0 to change, 0 to destroy.
+Plan: 11 to add, 0 to change, 0 to destroy.
 
 Changes to Outputs:
   + frontDoorEndpointHostName = (known after apply)
diff --git a/quickstart/101-front-door-premium-storage-blobs-private-link/storage-account.tf b/quickstart/101-front-door-premium-storage-blobs-private-link/storage-account.tf
index ac9d87fb..e9f0b4ef 100644
--- a/quickstart/101-front-door-premium-storage-blobs-private-link/storage-account.tf
+++ b/quickstart/101-front-door-premium-storage-blobs-private-link/storage-account.tf
@@ -1,6 +1,7 @@
 locals {
   storage_account_name = "stor${lower(random_id.storage_account_name.hex)}"
 }
+
 resource "azurerm_storage_account" "my_storage_account" {
   name                          = local.storage_account_name
   resource_group_name           = azurerm_resource_group.my_resource_group.name
@@ -11,14 +12,22 @@ resource "azurerm_storage_account" "my_storage_account" {
   enable_https_traffic_only     = true
   public_network_access_enabled = false
   min_tls_version               = "TLS1_2"
-
-  network_rules {
-    default_action = "Deny"
-  }
 }
 
-resource "azurerm_storage_container" "my_storage_container" {
-  name                  = var.storage_account_blob_container_name
-  storage_account_name  = azurerm_storage_account.my_storage_account.name
-  container_access_type = "blob"
+resource "azurerm_storage_account_network_rules" "my_network_rules" {
+  storage_account_id  = azurerm_storage_account.my_storage_account.id
+
+  default_action = "Deny"
+}
+
+// This resource uses the AzApi provider because of the issue described here: https://github.com/hashicorp/terraform-provider-azurerm/issues/2977
+resource "azapi_resource" "my_storage_container" {
+  name      = var.storage_account_blob_container_name
+  parent_id = "${azurerm_storage_account.my_storage_account.id}/blobServices/default"
+  type      = "Microsoft.Storage/storageAccounts/blobServices/containers@2021-04-01"
+  body      = jsonencode({
+    properties = {
+      publicAccess = "Blob"
+    }
+  })
 }
diff --git a/quickstart/101-front-door-premium-storage-blobs-private-link/variables.tf b/quickstart/101-front-door-premium-storage-blobs-private-link/variables.tf
index 60677e6c..ed5a5a93 100644
--- a/quickstart/101-front-door-premium-storage-blobs-private-link/variables.tf
+++ b/quickstart/101-front-door-premium-storage-blobs-private-link/variables.tf
@@ -26,4 +26,13 @@ variable "storage_account_replication_type" {
 variable "storage_account_blob_container_name" {
   type    = string
   default = "mycontainer"
-}
\ No newline at end of file
+}
+
+variable "waf_mode" {
+  type = string
+  default = "Prevention"
+}
+
+variable "custom_domain_name" {
+  type = string
+}

From 06955e5e546e17f1ad7700787bdaabce288ed0ce Mon Sep 17 00:00:00 2001
From: John Downs <john@johndowns.co.nz>
Date: Fri, 25 Nov 2022 20:52:33 +1300
Subject: [PATCH 3/3] Update readme

---
 .../readme.md                                 | 129 ++++++++++++++----
 1 file changed, 104 insertions(+), 25 deletions(-)

diff --git a/quickstart/101-front-door-premium-storage-blobs-private-link/readme.md b/quickstart/101-front-door-premium-storage-blobs-private-link/readme.md
index 86119091..245f9ece 100644
--- a/quickstart/101-front-door-premium-storage-blobs-private-link/readme.md
+++ b/quickstart/101-front-door-premium-storage-blobs-private-link/readme.md
@@ -83,6 +83,50 @@ Terraform used the selected providers to generate the following execution plan.
 
 Terraform will perform the following actions:
 
+  # azapi_resource.my_storage_container will be created
+  + resource "azapi_resource" "my_storage_container" {
+      + body                      = jsonencode(
+            {
+              + properties = {
+                  + publicAccess = "Blob"
+                }
+            }
+        )
+      + id                        = (known after apply)
+      + ignore_casing             = false
+      + ignore_missing_property   = true
+      + location                  = (known after apply)
+      + name                      = "mycontainer"
+      + output                    = (known after apply)
+      + parent_id                 = (known after apply)
+      + schema_validation_enabled = true
+      + tags                      = (known after apply)
+      + type                      = "Microsoft.Storage/storageAccounts/blobServices/containers@2021-04-01"
+
+      + identity {
+          + identity_ids = (known after apply)
+          + principal_id = (known after apply)
+          + tenant_id    = (known after apply)
+          + type         = (known after apply)
+        }
+    }
+
+  # azurerm_cdn_frontdoor_custom_domain.my_custom_domain will be created
+  + resource "azurerm_cdn_frontdoor_custom_domain" "my_custom_domain" {
+      + cdn_frontdoor_profile_id = (known after apply)
+      + expiration_date          = (known after apply)
+      + host_name                = "my-custom-domain-name.com"
+      + id                       = (known after apply)
+      + name                     = "MyCustomDomain"
+      + validation_token         = (known after apply)
+
+      + tls {
+          + cdn_frontdoor_secret_id = (known after apply)
+          + certificate_type        = "ManagedCertificate"
+          + minimum_tls_version     = "TLS12"
+        }
+    }
+
   # azurerm_cdn_frontdoor_endpoint.my_endpoint will be created
   + resource "azurerm_cdn_frontdoor_endpoint" "my_endpoint" {
       + cdn_frontdoor_profile_id = (known after apply)
@@ -92,6 +136,28 @@ Terraform will perform the following actions:
       + name                     = (known after apply)
     }
 
+  # azurerm_cdn_frontdoor_firewall_policy.my_waf_policy will be created
+  + resource "azurerm_cdn_frontdoor_firewall_policy" "my_waf_policy" {
+      + enabled               = true
+      + frontend_endpoint_ids = (known after apply)
+      + id                    = (known after apply)
+      + mode                  = "Prevention"
+      + name                  = "MyWAFPolicy"
+      + resource_group_name   = "FrontDoor"
+      + sku_name              = "Premium_AzureFrontDoor"
+
+      + managed_rule {
+          + action  = "Block"
+          + type    = "Microsoft_DefaultRuleSet"
+          + version = "2.1"
+        }
+      + managed_rule {
+          + action  = "Block"
+          + type    = "Microsoft_BotManagerRuleSet"
+          + version = "1.0"
+        }
+    }
+
   # azurerm_cdn_frontdoor_origin.my_blob_container_origin will be created
   + resource "azurerm_cdn_frontdoor_origin" "my_blob_container_origin" {
       + cdn_frontdoor_origin_group_id  = (known after apply)
@@ -149,25 +215,50 @@ Terraform will perform the following actions:
 
   # azurerm_cdn_frontdoor_route.my_route will be created
   + resource "azurerm_cdn_frontdoor_route" "my_route" {
-      + cdn_frontdoor_endpoint_id     = (known after apply)
-      + cdn_frontdoor_origin_group_id = (known after apply)
-      + cdn_frontdoor_origin_ids      = (known after apply)
-      + cdn_frontdoor_origin_path     = "/mycontainer"
-      + enabled                       = true
-      + forwarding_protocol           = "HttpsOnly"
-      + https_redirect_enabled        = true
-      + id                            = (known after apply)
-      + link_to_default_domain        = true
-      + name                          = "MyRoute"
-      + patterns_to_match             = [
+      + cdn_frontdoor_custom_domain_ids = (known after apply)
+      + cdn_frontdoor_endpoint_id       = (known after apply)
+      + cdn_frontdoor_origin_group_id   = (known after apply)
+      + cdn_frontdoor_origin_ids        = (known after apply)
+      + cdn_frontdoor_origin_path       = "/mycontainer"
+      + enabled                         = true
+      + forwarding_protocol             = "HttpsOnly"
+      + https_redirect_enabled          = true
+      + id                              = (known after apply)
+      + link_to_default_domain          = true
+      + name                            = "MyRoute"
+      + patterns_to_match               = [
           + "/*",
         ]
-      + supported_protocols           = [
+      + supported_protocols             = [
           + "Http",
           + "Https",
         ]
     }
 
+  # azurerm_cdn_frontdoor_security_policy.my_security_policy will be created
+  + resource "azurerm_cdn_frontdoor_security_policy" "my_security_policy" {
+      + cdn_frontdoor_profile_id = (known after apply)
+      + id                       = (known after apply)
+      + name                     = "MySecurityPolicy"
+
+      + security_policies {
+          + firewall {
+              + cdn_frontdoor_firewall_policy_id = (known after apply)
+
+              + association {
+                  + patterns_to_match = [
+                      + "/*",
+                    ]
+
+                  + domain {
+                      + active                  = (known after apply)
+                      + cdn_frontdoor_domain_id = (known after apply)
+                    }
+                }
+            }
+        }
+    }
+
   # azurerm_resource_group.my_resource_group will be created
   + resource "azurerm_resource_group" "my_resource_group" {
       + id       = (known after apply)
@@ -338,18 +429,6 @@ Terraform will perform the following actions:
       + virtual_network_subnet_ids = (known after apply)
     }
 
-  # azurerm_storage_container.my_storage_container will be created
-  + resource "azurerm_storage_container" "my_storage_container" {
-      + container_access_type   = "blob"
-      + has_immutability_policy = (known after apply)
-      + has_legal_hold          = (known after apply)
-      + id                      = (known after apply)
-      + metadata                = (known after apply)
-      + name                    = "mycontainer"
-      + resource_manager_id     = (known after apply)
-      + storage_account_name    = (known after apply)
-    }
-
   # random_id.front_door_endpoint_name will be created
   + resource "random_id" "front_door_endpoint_name" {
       + b64_std     = (known after apply)
@@ -370,7 +449,7 @@ Terraform will perform the following actions:
       + id          = (known after apply)
     }
 
-Plan: 11 to add, 0 to change, 0 to destroy.
+Plan: 14 to add, 0 to change, 0 to destroy.
 
 Changes to Outputs:
   + frontDoorEndpointHostName = (known after apply)