From 53ba1707f0da9d64aae53a43d59a5257dd4e12ce Mon Sep 17 00:00:00 2001
From: kjaniak <kornel.janiak@nokia.com>
Date: Thu, 25 Oct 2018 14:25:13 +0200
Subject: [PATCH] Publish HV-VES documentation including perf3gpp

Change-Id: I8d3e926ce6bc99f981d52eb72fcbe92e8ce67cde
Signed-off-by: kjaniak <kornel.janiak@nokia.com>
Issue-ID: DCAEGEN2-859
---
 docs/sections/apis/ves-hv/MeasDataCollection.proto |  78 ++++
 docs/sections/apis/ves-hv/Perf3gppFields.proto     |  37 ++
 docs/sections/apis/ves-hv/index.rst                |  84 +++-
 .../services/ves-hv/ONAP_VES_HV_Architecture.png   | Bin 0 -> 46724 bytes
 docs/sections/services/ves-hv/WTP.yaml             |  45 ++
 docs/sections/services/ves-hv/architecture.rst     |  18 +
 docs/sections/services/ves-hv/authorization.rst    |  26 ++
 docs/sections/services/ves-hv/deployment.rst       |  88 ++++
 docs/sections/services/ves-hv/design.rst           |  47 +-
 docs/sections/services/ves-hv/example-event.rst    |  15 +
 docs/sections/services/ves-hv/index.rst            |  15 +-
 docs/sections/services/ves-hv/repositories.rst     |  22 +
 .../services/ves-hv/run-time-configuration.rst     |  59 +++
 docs/sections/services/ves-hv/troubleshooting.rst  | 506 +++++++++++++++++++++
 14 files changed, 998 insertions(+), 42 deletions(-)
 create mode 100644 docs/sections/apis/ves-hv/MeasDataCollection.proto
 create mode 100644 docs/sections/apis/ves-hv/Perf3gppFields.proto
 create mode 100644 docs/sections/services/ves-hv/ONAP_VES_HV_Architecture.png
 create mode 100644 docs/sections/services/ves-hv/WTP.yaml
 create mode 100644 docs/sections/services/ves-hv/architecture.rst
 create mode 100644 docs/sections/services/ves-hv/authorization.rst
 create mode 100644 docs/sections/services/ves-hv/deployment.rst
 create mode 100644 docs/sections/services/ves-hv/example-event.rst
 create mode 100644 docs/sections/services/ves-hv/repositories.rst
 create mode 100644 docs/sections/services/ves-hv/run-time-configuration.rst
 create mode 100644 docs/sections/services/ves-hv/troubleshooting.rst

diff --git a/docs/sections/apis/ves-hv/MeasDataCollection.proto b/docs/sections/apis/ves-hv/MeasDataCollection.proto
new file mode 100644
index 00000000..978cb28a
--- /dev/null
+++ b/docs/sections/apis/ves-hv/MeasDataCollection.proto
@@ -0,0 +1,78 @@
+/*
+ * ============LICENSE_START=======================================================
+ * dcaegen2-collectors-veshv
+ * ================================================================================
+ * Copyright (C) 2018 NOKIA
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+syntax = "proto3";
+package org.onap.ves;
+
+// Definition for RTPM, structure aligned with 3GPP PM format optimized for RTPM delivery pre-standard TS 28.550 V2.0.0 (2018-09).
+// Some field details are taken from 3GPP TS 32.436 V15.0.0 (2018-06) ASN.1 file.
+// Note (2018-09): work is in progress for 3GPP TS 28.550. Changes will be made, if needed, to align with final version.
+// Differences/additions to 3GPP TS 28.550 are marked with "%%".
+
+message MeasDataCollection                  // top-level message 
+{
+    // %% Combined messageFileHeader, measData (single instance), messageFileFooter (not needed: timestamp = collectionBeginTime + granularityPeriod).
+    string formatVersion = 1;               // required, current value "28.550 2.0"
+    uint32 granularityPeriod = 2;           // required, duration in seconds, %% moved from MeasInfo (single reporting period per event)
+    string measuredEntityUserName = 3;      // network function user definable name ("userLabel") defined for the measured entity in 3GPP TS 28.622
+    string measuredEntityDn = 4;            // DN as per 3GPP TS 32.300
+    string measuredEntitySoftwareVersion = 5;
+    repeated string measObjInstIdList = 6; // %%: optional, monitored object LDNs as per 3GPP TS 32.300 and 3GPP TS 32.432
+    repeated MeasInfo measInfo = 7; 
+}
+
+message MeasInfo
+{
+    oneof MeasInfoId {                      // measurement group identifier
+        uint32 iMeasInfoId = 1;             // identifier as integer (%%: more compact)
+        string measInfoId = 2;              // identifier as string (more generic)
+    }
+
+    oneof MeasTypes {                       // measurement identifiers associated with the measurement results
+        IMeasTypes iMeasTypes = 3;          // identifiers as integers (%%: more compact)
+        SMeasTypes measTypes = 4;           // identifiers as strings (more generic)
+    }
+    // Needed only because GPB does not support repeated fields directly inside 'oneof'
+    message IMeasTypes { repeated uint32 iMeasType = 1; }
+    message SMeasTypes { repeated string measType = 1; }
+
+    string jobId = 5;
+    repeated MeasValue measValues = 6;      // performance measurements grouped by measurement object
+}
+
+message MeasValue
+{
+    oneof MeasObjInstId {                   // monitored object LDN as per 3GPP TS 32.300 and 3GPP TS 32.432
+        string measObjInstId = 1;           // LDN itself
+        uint32 measObjInstIdListIdx = 2;    // %%: index into measObjInstIdList (zero-based)
+    }
+    repeated MeasResult measResults = 3;
+    bool suspectFlag = 4;
+    map<string, string> measObjAddlFlds = 5; // %%: optional per-object data (name/value HashMap)
+}
+
+message MeasResult
+{
+    uint32 p = 1;                           // Index in the MeasTypes array (zero-based), needed only if measResults has fewer elements than MeasTypes
+    oneof xValue {
+        sint64 iValue = 2;
+        double rValue = 3;
+        bool isNull = 4;
+    }
+}
diff --git a/docs/sections/apis/ves-hv/Perf3gppFields.proto b/docs/sections/apis/ves-hv/Perf3gppFields.proto
new file mode 100644
index 00000000..453d1062
--- /dev/null
+++ b/docs/sections/apis/ves-hv/Perf3gppFields.proto
@@ -0,0 +1,37 @@
+/*
+ * ============LICENSE_START=======================================================
+ * dcaegen2-collectors-veshv
+ * ================================================================================
+ * Copyright (C) 2018 NOKIA
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+syntax = "proto3";
+package org.onap.ves;
+import "MeasDataCollection.proto";              // for 3GPP PM format
+
+message Perf3gppFields
+{
+    string perf3gppFieldsVersion = 1;           // required, current value "1.0"
+    MeasDataCollection measDataCollection = 2;  // required
+    // Based on 3GPP TS 28.550
+    // Logical mapping from 3GPP to ONAP header fields:
+    // 3GPP MeasFileHeader     ONAP/VES CommonEventHeader
+    // senderName              sourceName
+    // senderType              nfNamingCode + nfcNamingCode
+    // vendorName              nfVendorName
+    // collectionBeginTime     startEpochMicrosec
+    // timestamp               lastEpochMicrosec
+    map<string, string> eventAddlFlds = 3;      // optional per-event data (name/value HashMap)
+}
diff --git a/docs/sections/apis/ves-hv/index.rst b/docs/sections/apis/ves-hv/index.rst
index 799f92d4..b707d9fd 100644
--- a/docs/sections/apis/ves-hv/index.rst
+++ b/docs/sections/apis/ves-hv/index.rst
@@ -8,7 +8,7 @@ HV-VES (High Volume VES)
 :Date: 2018-10-05
 
 .. contents::
-    :depth: 3
+    :depth: 4
 ..
 
 Overview
@@ -18,42 +18,98 @@ Component description can be found under `HV-VES Collector`_.
 
 .. _HV-VES Collector: ../../services/ves-hv/index.html
 
+.. _tcp_endpoint:
 
 TCP Endpoint
 ============
 
 HV-VES is exposed as NodePort service on Kubernetes cluster on port 30222/tcp.
-It uses plain TCP connections tunneled in SSL/TLS or can be run in insecure manner without data encryption on the socket.
+It uses plain, insecure TCP connection without socket data encryption. In Casablanca release, there is an experimental option to enable SSL/TLS (see :ref:`authorization`).
 Without TLS client authentication/authorization is not possible.
-Connections are stream-based (as opposed to request-based) and long running.
+Connections are stream-based (as opposed to request-based) and long-running.
 
 Communication is wrapped with thin Wire Transfer Protocol, which mainly provides delimitation.
 
 .. literalinclude:: WTP.asn
     :language: asn
 
-Payload is binary-encoded, currently using Google Protocol Buffers representation of the VES Common Header.
+Payload is binary-encoded, using Google Protocol Buffers (GPB) representation of the VES Event.
 
 .. literalinclude:: VesEvent.proto
     :language: protobuf
 
-The PROTO file, which contains the VES CommonHeader, comes with a binary-type Payload parameter, where domain-specific
-data shall be placed. Domain-specific data are encoded as well with GPB, and they do require a domain-specific
-PROTO file to decode the data.
+HV-VES makes routing decisions based mostly on the content of the **Domain** parameter in the VES Common Event Header.
 
-HV-VES makes routing decisions based mostly on the content of the **Domain** parameter in VES Common Header.
+The PROTO file, which contains the VES CommonEventHeader, comes with a binary-type Payload (eventFields) parameter, where domain-specific
+data should be placed. Domain-specific data are encoded as well with GPB. A domain-specific PROTO file is required to decode the data.
 
+Domain **perf3gpp**
+===================
 
-Healthcheck
-===========
+The purpose of the **perf3gpp** domain is to deliver performance measurements from a network function (NF) to ONAP in 3GPP format.
+The first application of this domain is frequent periodic delivery of structured RAN PM data commonly referred to as Real Time PM (RTPM).
+The equipment sends an event right after collecting the PM data for a granularity period.
 
-Inside HV-VES docker container runs small http service for healthcheck - exact port for this service can be configured
-at deployment using `--health-check-api-port` command line option.
+The characteristics of each event in the **perf3gpp** domain:
 
-This service exposes single endpoint **GET /health/ready** which returns **HTTP 200 OK** in case HV-VES is healthy
-and ready for connections. Otherwise it returns **HTTP 503 Service Unavailable** with short reason of unhealthiness.
+- Single measured entity, for example, BTS
+- Single granularity period (collection *begin time* and *duration*)
+- Optional top-level grouping in one or more PM groups
+- Grouping in one or more measured objects, for example, cells
+- One or more reported PM values for each measured object
 
+Due to the single granularity period per event, single equipment supporting multiple concurrent granularity periods might send more than one event at a given reporting time.
 
+The **perf3gpp** domain is based on 3GPP specifications:
 
+- `3GPP TS 28.550 <http://www.3gpp.org/ftp//Specs/archive/28_series/28.550/>`_
+- `3GPP TS 32.431 <http://www.3gpp.org/ftp//Specs/archive/32_series/32.431/>`_
+- `3GPP TS 32.436 <http://www.3gpp.org/ftp//Specs/archive/32_series/32.436/>`_
 
+The event structure is changed in comparison to the one presented in 3GPP technical specifications. The 3GPP structure is enhanced to provide support for efficient transport.
 
+Definitions for the **perf3gpp** domain are stored in Perf3gppFields.proto and MeasDataCollection.proto, listed below:
+
+.. literalinclude:: Perf3gppFields.proto
+    :language: protobuf
+
+.. literalinclude:: MeasDataCollection.proto
+    :language: protobuf
+
+
+API towards DMaaP
+=================
+
+HV-VES Collector forwards incoming messages to a particular DMaaP Kafka topic based on the domain and configuration. Every Kafka record is comprised of a key and a value. In case of HV-VES:
+
+- **Kafka record key** is a GPB-encoded `CommonEventHeader`.
+- **Kafka record value** is a GPB-encoded `VesEvent` (`CommonEventHeader` and domain-specific `eventFields`).
+
+In both cases raw bytes might be extracted using ``org.apache.kafka.common.serialization.ByteArrayDeserializer``. The resulting bytes might be further passed to ``parseFrom`` methods included in classes generated from GPB definitions. WTP is not used here - it is only used in communication between PNF/VNF and the collector.
+
+
+.. _hv_ves_behaviors:
+
+HV-VES behaviors
+================
+
+Connections with HV-VES are stream-based (as opposed to request-based) and long-running. In case of interrupted or closed connection, the collector logs such event but does not try to reconnect to client.
+Communication is wrapped with thin Wire Transfer Protocol, which mainly provides delimitation. Wire Transfer Protocol Frame:
+
+- is dropped after decoding and validating and only GPB is used in further processing.
+- has to start with **MARKER_BYTE**, as defined in protocol specification (see :ref:`tcp_endpoint`). If **MARKER_BYTE** is invalid, HV-VES disconnects from client.
+
+HV-VES decodes only CommonEventHeader from GPB message received. Collector does not decode or validate the rest of the GPB message and publishes it to Kafka topic intact.
+Kafka topic for publishing events with specific domain can be configured through Consul service as described in :ref:`run_time_configuration`.
+In case of Kafka service unavailability, the collector drops currently handled messages and disconnects the client.
+
+Messages handling:
+
+- HV-VES Collector skips messages with unknown/invalid GPB CommonEventHeader format.
+- HV-VES Collector skips messages with unsupported domain. Domain is unsupported if there is no route for it in configuration (see :ref:`run_time_configuration`).
+- HV-VES Collector skips messages with invalid Wire Frame format, unsupported WTP version or inconsistencies of data in the frame (other than invalid **MARKER_BYTE**).
+- HV-VES Collector interrupts connection when it encounters a message with too big GPB payload. Default maximum size and ways to change it are described in :ref:`deployment`.
+
+.. note:: xNF (VNF/PNF) can split  messages bigger than 1 MiB and set `sequence` field in CommonEventHeader accordingly. It is advised to use smaller than 1 MiB messages for GPBs encoding/decoding efficiency.
+
+- Skipped messages (for any of the above reasons) might not leave any trace in HV-VES logs.
diff --git a/docs/sections/services/ves-hv/ONAP_VES_HV_Architecture.png b/docs/sections/services/ves-hv/ONAP_VES_HV_Architecture.png
new file mode 100644
index 0000000000000000000000000000000000000000..7652b9706d83e9a33b892cc3af96e3bd5b9e5d0f
GIT binary patch
literal 46724
zcmcG$WmFx(_azz#1P$&kNpKHt!GpUy1a}J#!5u=7-~@MfcX#)TT;SsF`kLQ=X5P#^
zS?|mHz+!dZ>h8K#)u;B^XYU)PASdw=kpS`CyLTTYzl$opdk59@?j5uS{0HF7Yi`mX
z;2)Hel7#TP@^PYl-~h%<NLJ|GyQ&zZCqr1^7{UI#rqjE3j1+HwP{mtoz!mlQlA=N?
zZhA-Qum(h&%fb3=Y%5j7rn|v$MoOl;bWX3+Yjx`Fhjp%bR-PuiddaD|hNio{RmQxg
zrVrPaW@&Y8`ClF8!Kad{6XstlTL{`7a^?R>r$ggxZ~C@Hx6xR@qka^(u_;4e;WIJ8
zZoGKXOyV+4LZ4y%oM+N_xoNg}2!7v)7t5fas~Zs5NWJQNi7hU3_;k5*8=IC0<?6~w
znGZW#F=+Pi_@0xTm2WoGI@v}0=T^t*Gpc|9NL*$_MMY&ZaLCvmRKymUG~aaH<=Ztk
z2g}G<<||oO=W=#sKfs0x${%-NH`3m%u`@FUUDTajTrnGI<=55{aq7D>iX)$x_14PR
z>OqmX9bn(Nx!2vhp2VU>c-l73hFYW#WO^dub2r&LS*@JvC~AgLophjYl6Q&!7%5$A
zegEqHDxILd^1!QZw0niXb-7LR)+JR{Fo^0UXPpiATDu|mp7-_9&J~ZP>~e^+!)P=7
z`pkOdw6r~E`oi&P{rYdV@2MzdwFyeD$yOC)Jus%>A$s|a_f{ry?$(@6zV(g+#dNp!
z-j%VUurnfNeP*|{&HkRp>+YKAfUU4~`NQzssn-KSoP7$ST7NZ#>x41W##W7dS0T9#
z-6)I@8qDET{edG@P+}Ary#J(2RqY^xKN-9(Av!nkSy#1&+P3B4!DQk|e_jdaW-%{m
zPm*#)_g=EP(E}_exDK_0H5w6UpN=oB?FiD#=ub3$dC7EjxL%9N(w2eI^LlzcyQx9l
zoUW1U_FaEPRA0MJij_ix5!x%&m~W|O_j&QAIdQwwY`wY4WO;5>6fccp;Jw`%EjjIL
z<J1i%WaM25#RhuGLueaA9eK>yw-zH11Lf_pF>b}gYJ`H0kJD{PySK!T;@v#3LV-={
zb<Os2y^eZ5rQTtru7ubhg$LtmJSwdxL{8%Ipqlp8h41BhS>mn%(FwOg-1!IIRyL(G
z!JmxSsDVshqzdn=k3LGmBb&z0p01qH(60O!L>Mi7WE5AEc!d+~nE`!t^M+TIejcx&
z0sY>)*nsn<aNmnQ*Rzo)lf4AAf`Ngy=Oxs;0qN5N&jE2UvM;ncnZ_6W1M3_6f7b_a
z1z)1mo`fSwcsjX^2<5NuZ=L4cHydBtJB-KrkGTvlH24`KjBoUOZhh|#3f!rw>HELq
zr;x)7Q~i_X$=JrmBB!K-V=IW_G)i$CsKYG=58!)t&bjgjtFJ#Qp{8vcY^{05vE0m-
z#Kxso#QaTAH@eAA;DX5CQu0!vs_Q%Rw6^g(3^Dlj<R5!Fr_=^$a_#?FLBrdN;Vp0a
zhFa=#w!d(8i@QEIFti{zp+1plb+n{W&}(*H{IQ=T{#V)TSdsLCb$0?}%s-@s*Y;&(
zrg5iY!r=OWp>gX;*~ND|!BwCbjxBYx^-0d_;n-T|CrIW=l7BtM2?rcma>^3D40E@l
zkGsM1*&bmnI{|)KVC5Va<bO44z3SY@-FUUCe0Bm6+~`hy$&NwrpS;&Bq@79(8cWcP
z@*XO3>5*%#wH-Q$0$!e{W&?NKOi9T6&Mr0q3kPH4`GkvaGeokj3`STV2n+3#k6)<t
zJv`H^53X)P^j~y1P3KiTRzx+$U4}1MZw?L~WVt(Rr@~$OGos)!-Rn*cT1eS|)BWi`
zRoB>GZyT!$3d>3eeIM9eI0eq)(G}Iz^%ONZJ?0Z!I+!%eZr2~KTAC5eUL@^SdKzOo
zUc~HPS$*BtCNUX{QmxWN=IuaPf`9o5>raYXE;k{O{J`SnrKhvBQWY{1YR>%(F_OVo
zRaVY<t?xeyqGL9_`xXcThX;HQ?nA6KUkR>{swS$~aw)8Gr>T`gm4&&YcBrJYxF*=x
zjVGWEa04uzf{s#njhS4}`v#q&n1+PmVcIlii_)qB`%M+ex+GTHKy)a6?BAIUxQK`m
zS1(U_RxDlycH4AxKlP<jP-@LXu1<s2|CUc#s6<JmL&Cyxf){VF`CD8A3PRw<+g_l&
zE=Qn$m_m&9eu3OhVtJ#m{K=euK0SLaf4$Z-%asl%f;{EG=jNK=vB=UWLFZEaR{jCm
z=G;?f3xh`zQgvaMk{YqW7yW#DVa;c!lb%r$gM6@n$t37b8ZIq;-YKZpU3+QUo!9XE
zk+9)pdH{8bxrTk*gNS4kvSLpn+>Cn9ky2AGmu@i*HROKw^GLR<NF5X<ZTFmtQlRI6
z`}1firuqUgJy?Dpe2l=^(!~1y$?Lo;B4$rO_~w;n1j|g{lhh}zrT05Iy#Ge4vt(?}
zw=0>*o{CF#pubt~2P2Ve=T`ind<I9DW>;<|rHp)&Dq<G0SloB@d5^>_hZ{HVws)v1
z_YOJF?z}n8O`48wLKJPxRMk|~@wGY3o7l@u*l`4uUXh~}Lh@zt!alFJ`sJ;+Ym)AI
zpX+<wZRLm)L^IUdEYDP^Q|NggK$YH|6SrRVwuMH8O=4cyuGCHZr)OzE&nOpk9dXo3
zS8@Ywo6w!$J+K*d>(CeUoSQ*{wzCTS=B+G()K*`}Ii!#jY;+Ilh@T+G6ZU<?9A;{Q
zq;~u>yaNyij<fCA0G^Dk1Z@K=qpwSiHm)mb6!yPpyhPw`=4;|PgK^f7?0k%l*mofJ
zBlg32^-Ej2bC7M?k4$t~NEf#~<K8qpdO(!d+^?qKG~O~#<FyK|Up#qzl-8(q<X5v>
z4K~w%gjZjG=K2zeA1*z?EmqLBH;Rc)NbGlMcUM!b_owz2EU52;+QFz1-2w8clM`Vn
zQkvH=wkpog$6@bR62uxYvEtYiJoPH)$G^?X1vAOF`P;I@?j@rY%tR6_lQOkEbI)5Z
zM-zMAf)hLV%2Iic{~~R%l3G{S7BuHKOA<X2ja{BJpJ4njfo!I{dO}OWO<zB|pVl1+
zu$e6;E^pi~XV<ojHf{#|_FzVOy<J4o3Y}qdI$LzI%gQZ9rjjEt&c%QcvX^Tv9gL+q
z?Le5|b53P!CG~nxU40(B)c99Qi~{X@ncP88Wc_q=9`QXgqF>hco{F(?pJ}nxn90ZI
z)g2jsQk&G(#X+nUqom(TEGPt)^3&vQC9B8cyVmOpI2P9_S{=tjk;aE|iOu8VAX1R8
z94VDu;Umh)0+K8L6TNNgD@`ORH;n7kzVO}SJps)>v8wYFMTe<a*?A-|9yeRGY^_s=
zo7e=jQ(pBKci-@}1v|ljc77XUD0f+&;n}4k9dmoKc8|+UuB3#V5C)xGfyazzxU;pE
z*WikZn78e;i+jJCE#qsj{(FWmoScwJZ-E##4_@v=Cj@`{JDHA+FQbo79sL<~m8G9=
z=O!+-uQIHWk!;P-xwcA$DWIv~h0VHw6<{}H$$y>rUofC_(19q8yCV1Ph`p-xKcK)S
zr?s`(uO~SHEfy2l!MD;p50D$V(u}e%DJiIcc708dVCg7^L-MyHG7X&n1|dTKb8(`W
zs2s5GSJG2B0(imS1pVzEX!H>#V&$c+N=%ZJz$MPQ^eu>82On1^3ncjbp`WAh01T2<
zLN0ymjFzA}N6kq0SM!PYovDSs9g~}<2Of*Crz8`Nn7d1qiCLHZmqrZ-qkp8UI(fHy
z=42ELLO*tQjC;y|G`5W7PDv1!_k(yD3D%4$Bk{7@T01N_Z?LhtbrC^1h>(cV;-a24
zV>rsek(p5J=uZ@m#G-0G<n>4V?@-a3a^zfOKYH|wlMB#}hN3Tz6s+7(<W*{jo>2E}
zHB{H5G(_V4dRJk*aAALu*8u(-qgR=`!^o`x^gKdYPtjs2-{Nf`0vV%AN?acG#J1l+
z*9gV`>lh_sH~D898B4zbrD6bry*%BjpFK{`^=G`z2R1Mt_jhhxYqF-e=s=5Mpv4a@
zP2d^zhC55dednV8dA72$nPwK|e@zuI|JWmp@4x)lJXKv_82oS35Sj*nI20bqBq1~{
zVPK{LQ3A46v{a-16c>N+bJ&@iD=aUwQESB0&xt;)Wv?q#9J*_eIbNtGbBl!3xs&Rx
zqu0^Oh6O+@iBeiZHd-4CNyq+lEc3^-{bG~L@TUQb<FO1RmOcqvFL}Nr!8zG*!6~+~
zoMhubJXbUnkDSyKSgXgS3F@<V<#)U`z+sP1ig>&YY)Q2WNGPPUvihy8<|nJ^zNoGM
zBY2&$==pfQT75tu`fzXLA^g<?2Ch?<xT2`6r@U48sh$ZtZ%*}0W#VwJmCb{Sf_xBF
z@I+F`Qc*HsLd@^d!F3?$y@w^bwQZ2KJ}PHxyHCh+F|ScZs8_qxHNGuA%R4AN67f>|
zPgSL#2M9>nD#+l+Mbc>}!O+iWJCOINoVadHE#2BdXiQAV5y*We0Un!w{MzDoRF&=6
zlZDy&$x#+Q9!7x3{T36He_>l_epm8e6r_i5h#?8Jg?cHp{84m{=tFXXhk@@;#w0Hz
z9V!%543oU@Wi@v<=-!QdcBSN{DdhvFH-DCsp{Dc+kR$okn96m93Oz?A8AoV15{GCw
z`ljWW3{71$yFMupQPcMMF4(Hh$F>NF_Y97VeKfm~oTaFz<tMDUC02mm%coD*LXJW1
zq2X^a^c7+e05waf8|cnS*0y%HwmDoDLOt+IR4n_aG;4WBD$rB8M09W8nbXS*b;jRO
zx3-#=;K*{SYZC~>Wft(-D$UPM&&oWNmhyuZ&;`U>H5}97MzkDbKu+m1@WA@{XsDbM
z6OxMa@q^uG`%+uqMiW#-x?<)pUv!9X6^u+V$q|X%J!j<Hnwu;ga?z%wMk-1>nLL%Q
z&wa9lc=)q^ovkk>!T(4|G}d!$jwUU;DY3M=`e{skV4e6iv&4Z+jrgmLDm@(#KDc-p
zwU|f0jSLU0VI%!PJ;?DEhE^yly#SF5dH5z*SGOi~CaV!_x?>G8a5uTx&Y4;djVlYA
zXqZcF8$CZevw>3rmX^B<7Na7f6mb3-OJHk-@~Mq=L_yan!<1kCCw$F(gBmHLURY6V
z7if-QSe}qLJ!PU-6JD$xoTeyxSx#X_MNl-6Wr&W5m|Y=cb*h_d;A4<JMGc2{*|Qk(
zY02n<+9O$HzJf>m)>xt5mSD~<@O;8)JmT>d3^%?iWDJ+sY=IAlc88lEURZ8&*v%vq
z7pZ^ecb@ZcSXJLUO33-u!&}hUjttEVQ1y$^K-pN1eS}Bq&I|AW`$O>)1YSPgb|S19
zU%QkJI@x&@r~WJpeS3xFf>N`7s19S~m?x+%1@_ID2Rp;`g(u?oMcI2AXoP}5DRD6d
zc1(A4Q_ijqb0R3&Pp#-%VAV`epa>pFql5U=W_gaRwZk3P2jujP(_0H&|5|tP$nd{H
z`pmZ}gzKC66-|?!W?zPe)p;-c&BKz%B?1vY;~LYLjc+z>=LARUgt%5##e6Mx6t;xy
z3ZC*H{-4YbfiMSm2vv&Bk~0}fp9}Fnn+($1;NhujXwLl;RM;a59dsdgHdN5f;oTs1
zX~v9Z`jOJ_2RYLKUs|e=Pi0*BPZEvNrFH$V4;+J*9%h>ELHtQQ5&^t`7R)~5f!(;<
zJ3*HZE(4<(2-GFz^WIiRA}cBBF$?oH11p5C^C9YU0u^k0v?|)+H)GDT%r}oyBh?OQ
zeurtmbI~=J&ps0`QlhkNWxLokNE&8|(tM%Ed*3{e<!fZ^y_bp>aKaKBs={uP(dEq3
zM*Dk<LO4~D)DJ!(<F<%>8p$8wQY@huzA7dnOE^p}wmSYH_(KU=A$@@(5k1YE$j2n#
z`W>u2sBIC7ZUr5a)R%~@ekU3Y2(=$&1S*lry_TkhgQAD8;;_)Rx(b=PW{~NiqM?aL
zy}<an>&^SYd!1c2ZbUT~zA9D<M_m|1<#>$B!QW)g5y(LuF|L@gC8|vJ-+u{a3kRT;
zO{b7^@WF&lZSGa{T3=MYoaKxBYSy#SW$5;QpCU<`)n_+7`Eq9Ox)2mXX0D=V@Vbbn
z>Og>w9UV(6vxgH@5^~ie_TFRfQ>NWIl3bmbbVM|j;IZVC>~F}8bZ?WlC)wzLg#2a#
z8s0B$iI2j$6`b=X+w<~EVsueXio5aZog&9GJZ$eD=QvDv_a5!J{MziN;+!Ij|D87x
z!1aebXe{(h7i;|N$20?LjJtJbHVU_$DN7)W>M62xt91R=*YW?@a?>-D<ltYK>|hXM
zD+T|a#dl0?mbPWg`k#Y~i%=v+Mf*7mwL1F=cB-qzCc!)>dX^NPuYQ{t=QY}kgNxIg
z(L#&%S1A>t8pn~754SuigOOA~tmFWP(b}94bM}T>!1o2nkqaKnP9?BDdd@gHIXLv)
zKete_Os<FW!wk$be3x7>-u+PM<?3<jW-@0&D=pW@?g6<Y!s<K>L7haQKDAxWgS543
zwvm>x2y)BHQ|%U=IDOiv;p&N`nqg{0xD<G;s4`;^-R223rg5xo_G)coZuXV8UUPjX
z^wQp(>@XF4to2)_!OAmMyV_79pdC?3Q8h^MfS~KeM{8S(j`mQ@cJtxbBk~VF*1SW&
z19iz1Qp8+asCz|DSm-J##5|112`iP15SNEf{I8GPP@fN%#It^>iUUZJl+!hkZX^mv
zQ__UJT5803Chu>t2KtHuw1*i75vN(qa}8R?>0Z;3p;V37*7qG_fsoMEslMv51Us)M
zhMy<WEH}*@rP!_!mDqRg#T&ze43jI7Y>x{m0ZcXcI;yhG)Ao>`ig^+ND4v%Uv5747
z2F3A{=(m(Am)JZ^Ja&a0SXkjf-Uf0P3i!c^8crxAkr0P^=E{!fI5tRp0uA}kDQL4@
ze!Upk)G-7iizoUq{=eQE4wpJvmj;@#E3G!1N~op;p1Qd6Sh~7vXv8>y{#!~av{q#b
z*l4xO81Z>IR<->jR;cMx#V(cZQfg}Ihuxp}sK4c@tEChRt%M^G%1C#8ol$3LD|QHh
zdDuVvOH(3`MvaC=Cn1CsgUDc*A&)e3WM$=*k(^()z&gR1nUgoU%nl3bsiuHzZkFr+
zDo06|><+N@#v8)tZnl$c1AQMG^-C>&{s4D(sAXxqmDBSZjkr9Jd39Ix4_=6558U46
zZN5pd)1rjYC$&%gi_<ClOGn%mZob~uW{w`-hMxeS78{DFfv2S~SH~{(i{i>h&L_*3
zW7|K$VyS*V%7a>{STRxEIQbBrFf4=ij49;(q*ZlwF#+#Q0r|awS{!0v^1O_E%m|R+
zTZ2;luhRHLbYO+-#id4u37rKs5YV}idgu?qJFtRwOl^WTvt%+v%cya|*8?!ue_>$n
zx<_VeB;$52WLqkoXXNPFy0@ZuE3Gf()-oj^$^B|ef1*OB53UG*?p-?VxBd%ME#(rj
z*R$=|?f$TaswONt-o5z2YQ;2W@o!>L>c_E4O74#|`1Mu7YZSsRTAqs);z%*i*2~;t
zVPt*bvT4yU5f<0nrXHWGutY5Ku~6XDnz;sBa;v3KyMMx@F1fc#78VOzsMZNgv|r3C
zJ+Q*<w_yCu@D8ss;TPSeN7Pq)5bO`4gHq1!@%hR@NHRK9f$FKm=Dd9O-9ztUN8rj|
zIf*D}*FHW`2yGeZk}(7^ZIK`4HkvRz3*AsQFxp>C;&;mc%2Ys?9V!1JPCs)0M__&u
zV8q2F3NNkWIN0pXyZH}1K2FDw1RjQb?Cg8*X<X=m>b71^>#QawI-Y%&hjMYdkf?5H
zT7DzW#=!C+Roa($y5{oQ{#WI{Z^yY5@B;+9!YJza#F*s+-LmrA7@R1(LaL8C<Y{#7
zR#v6WTG~IbI=FyX^mSa85^g?o#F7*)*t4mHM5>}xjIk>YZ!aX7zhzTi<gvtfj=~uS
z7-0W1*qwK0dTZ7-l?A4def;kP;N64Z_x)Gm-r$_Nz6HG)l~fJH?%05uRAj^k_8Q+d
zHcbS~g42r%(gIVX69>H!^?BQ#RA2_r4w`M;Ebl*9t0c6LF`@F?Bt1XHr>eAiKP;#`
zP$iZPoU~Gi-nkoxR_}3*%T<1$aK!184U<>$z?nal60R$*;<4oVVMS4}w{@k*`)6kJ
zc)w_Ts5hT~sQ8`5^XG!^Cvx0{Gtwiu_MZ%3%Y-%c(hQQHEmNzl6DnyCrV0ypna}d?
z|6sF`nq)1(X<1*Yf<C34E%~%d)>}?K)X0x?IQ;=Io}LiaY$BB;8V@S)c+uOCqK<p9
z&(yRuR`tH4IH>$wt^XQD?VO4kGt5Zr5Kxe)X-dqUJcP_Ya@0sXJdn)}D9bm>ltd?L
z#r%5*<KbBuG|fVLn0&7Thiy{N!j(wZQcH`*;e-*(X+=(9rg*p2TueY0aF4;8?ZCrd
zBSHsR6v?uZ2kwW!K^Hw4t<d=pNp$DlXsqgy2qMKn&sRsXLrz^<!j%|_@q4y`O;An3
zA}xzK9c7q&w*7)7$5xiyUYU)^hGBelzUCfe?-ZLoMXPc1mtGY|+@;QV!B_|_4R!5r
zDSe%T1Nz|h!K#Ug$Mp7^JM40cBW)^u!Z-Gxi2K+?ze+-GdVrL{s$%#Mcu~P|5{4Q-
zs8Na!OL>!W3f{5plj4+4-_Gsh@9Ey(#VhU+V}#CjV*ucFMtKoozVnT}kNRuWy_fZt
z2ae0tVN{R^`FVIs%Rw1Ed7*C|M*+K`_4xS0xwo*tGmqz<A%4lUXh~<ss-S|3zy59B
zR+}tu9cP}mbU<c^gtrGMz}s<1YSm{o&L6e@D7b@1U+YV00Dawz5Yb59&t?Lmct+{t
zCzj}bC0>Ruqr%!|g1@K-0iwp`suH=>=N`T@j0`gI<k4~3naL4MvzM&nfnz7N{pMYY
zm5U3I{oUvl@sFM1wK84}5qhchSFI>Biv_3DcTMSrMZ|QJA1D0Dh@3QLP|nU~q5sC~
z2SU_s`hirY1a+e5IiSxZ6!lEx_um2>228}N%z_p@n^ol6-Nwoy%C79+O9j_fpW7yz
z-Z+HKB$1Ffp?)l9y6GBgWe<x2H0_O-YUh<{P2<R9nLx^cZKra(=>-dHQ6TZ=%CEF9
zQ=s6e(vAleaOP5(?K-#=q3U3{IGL6U$PHitLwN`O%1Kp*{YG(YCJA>Ppkw61{jeJ!
zUdWzr?A#IHXK+um*OPMkfc4nkn5fX#_%c$|9T=?9l&nT1&jatkx6jpkz8y0Y8%<@3
zuA-@3Vp7NrLCrU=`J$XE0^L}VE~8>z^l!I`FJ_-65qVsp^0Fzd>-+~$OfdvOUfFL-
zgEW8yhe%nb>RhFJ?vE=a*gb7O$=`3K41s9Vfvv3uK5dfaEs3xnouZiia9$;EM!GEQ
zIfFF+?SJK00FK~T@OO0afu*th8;uYSkOUbX``+|ARpX0?tBbdvo$JV)8Fl95cjtow
z9^~y=>3IV;G6wWI@u}py;vFb~d~;+Ig}kt|RM;hItggAFE3ya<+S7fRVmTC<{0>Ys
zjt0Fubu^7=tT|Ku*O(i`G&rIgvtnhHMJoayEdX#Ry_=y#>U^NgKYp#P!fmG7>H(TF
z6BBT4o_$&Q#4}uBgU=2q65Fe)ZWdr4Rr3XBNxC%UnDjMDg6E$13N{TG?$TTlgR<PW
zALyShRO?LI*2@kP($bODIn^8K43EP7ls}$dBBjHq3V5`%93)G7wU`_9)v{q=;2Bu)
zRFNt9zcES<?cNam;y*^RhuZ&Re1uyJ1%<ttw*Vq04IQ03LQzdGY`Qx9OIB$sbb_j?
zR+5aRm6c-g7I7YDKwA&oL|I{}u%=jEbVXsQcoR=%G|8?@)A1h9jUQx1FvP&S@xWEh
z!u@#|>dPoxpK86a4rjSTy8%&5LUBhlwbFg;Kq^w&@8s>G+w5;UE&Y>}tm-?P)(K2w
zwO_n&NJeO_9#(}RLalVXp*`2-GLj?0LOzPAt#mZ@xS2fIAW+7#MNe+9QNG^Ra}mBq
zjeEmbvdHrhNKcRJF&Dg%{nF(4OPP|7pYLquDdGFXa6kl)UJi`)>KPOssG}todT@-X
zKU-D%cVa@$=@J7EG#gcnXpkbcA~H?B^Cy;p_H#{vM~kc%My-o(uzS0Y08mR42l|rK
zb5X7$xRa`_bfEr$Ijd85mKQ2Ujv!d^^f{2$MN;n1Xm-e!<71`3-KB%b**ZJ#*-<d@
z8Hd_l{+({l#qu*44r~{}xpBEhb9VU;wcsP-YL77-_)1`{R^9+yigmOT#@3M*ld$BT
z<T;L<i=D6`-%&A57ZGQ9o%Xpn`(`a!c~bBzJjA;JtwohU4tmUNME!K80wN<J{ExKX
z_lfRcmbVjPi{ha^E)^-9sn8(@(X}vH&Io`lD5x*T$?AI1ik!Du3mD`5Qz;pA?5R}y
znbXqVPRFC)xou4S_i0IH3@&1XbQR|g*&mc2B#1@Hiv?T5Dni{DxjJ+HOx)fnIE{7M
zH(R$RgjMF(YToH=@<bsS=N#m;>aabacx3OWwjnr0J<YIpzNDWkTgw?<I=iexvS~Fi
z6L0;B-`y(Enrl-Js5P4XRo$x3YCB&D6FEBssqp2~N&_iA7wld})%)vrm!AD7lSn13
zpul<6+F@;UAH6#leS+ODCI%-jBAW}|`_zgMX5APx-(I+f`3TgY#>Q;K2u3avN+V&1
zo}-<`Y}&Z|LZ_unmf}BOxoGkH1V|b!4Nz@V5z|otaQG)dJ#go+!FX;rU8AfUQI+@Q
zpdn8y{>iKDcVQ`!=ZN`8`Eyc@Gx2WOqCGYJ`mgoGQZc{cu^NMYbljkKCaT^!hyi(4
z4F(G@DlU2$0#7%tScS`{LvaaxrNc2qCRG=Fdd4@?b&G9+y6XYicP-7kry~o-VLX{?
zmeOiz1`J2)7rUnQ#mH+crJN*bU$IDSmqSW?bp4oBH(4)X#7rG!xV+j{9rj(N<A1vw
zdpRdXH%M3|Hg6nXs)0|$tj>LrP=g3}%SAoho9f%Svixc6Yd41De=#<n!8oIS?9|j}
z>};L2zN<13(l1BJQ)O=y;$Pn#^=fVPfIA^#>zt=GyyXrY_XGIl6!u1OCQ)@iwLb+R
zEw;8lfb#yYn1+JtY?K4=COOnc%ifdX8*AwiCxQ<gajZoZF%5FsI!gIqY9*4Ble6=S
zUX0Hf+CM+{NMnC*<vca}pqF~4WlD7V8G3=;P;Z!#Zh%3=W0Psv-_x~6Z#55wMn<)L
z^oyMGk8;9gX>B|GBS|4y7Y19>DO@qBw3L72NDB9~lS1aJt6F8{=@s;YLAWF_BvKou
zJ}jhGP8X_Lw-0<noB^^GY@U5v18o*}mbXxD%`HY!)-bdyQ`U@JZ~!};5#|sYW}h#B
zpUO#L<$sLOtYS`8XU$PsSc+<$@q=xvu*>`Ee7m;v!&uN!&(@Wp^QS7*w2hPr8KIRp
zqnbfRekX#5Td7|S1qE_FPI0KFG;|I%KC_gJdJlB=PitRslQM+300}`=a)r32pbf&V
z>pB59EfYwf7WE~czR@hvu8%)rfpU7GMTnHdq<3Hpo6U1zv(BXjt(3kMcj2VB_GIeJ
z)y3)nCi`Z|H?g2M0_BV8zd5r^RBB)r6LoUwxm2f8pQfy>$LPNOD*m+uSz-NL3b~b=
zT+u)J-oISRXM+IZZ|*puvZk?1cAuMa-KL&}Xo9^q2aPpjTb`GZraErP;lhlgA|gu0
zcpTN$l(pY8(75O!ovL6i=3)?Hhu6rbh0f&1^pqAE+do8}H@;*mGgrE{RyQg+$7Mf{
zBG2@H?27t3+U<gyp+ah_u+Jpm-Hb6r%Mf}5d0c0bjt|m_zz2tHRM+H#moMeJ!!RZG
zmN1sVc+(^rH?_B(IYCR<1wy=k>|ez6uiG9y&g`_IXFO_C)a~%634K%fRP1WxN7u@$
zO@!g1**y9Wj$Ip$L_!<j1lFqbPxS?B8^(~7Pw~h8(Z(G$y&zk6?5bF|EaRZ8y5Wp}
zj}&T(WlGL~Feu^ZR8)Q={#!x&Geb(|7&e+hOnzKj{HAaGNH{k!u}falovC6ih{a(O
zUTHmI`b)@}+^FyIJ;=*hE4=iWpgVS;8kC@BxW8<(?A|NV24AMAq!yjZB%nIyY!#cJ
z{EqXw8}|P3Ab)tf)_PR4Sx?ht=j`TUmZ>JD0hf{AIHmrm+L6X91oXB2E@Ajj4rl&8
z`tYv4R&XqN*RWEw_-UZV@t!b;^-9QRtA>N!?=_Pfzk^sr9%zuNaY0W<oYZZ$3jb<9
zl=a>f+K;AjEQg|}rL&N}6t|Hary^K9>u?rQz3>=Tf;!Ajv?8NX`osd74__*yhEpz7
zu`#>7Bx6R{|EBww{&6IFz1M*$c}gvy?_7e6b#4qATzMbD-FdqIQ&@u}>>JyQuXA}-
z8Zz-wYdp{nW2m^_C|`q0#~Hu157!VfWrpp&BlWgkZRs%RQ!V)SUDNX!bg!ttUi+ye
zo?4u4#IdW7YNJ0>ePgAqNDKb`?4`}ijD?$O*jijk{j8_?vdH0ik0vHFKlwE91)z#f
zc({*`)pH4br97g4PQ70I?Q;Xy=vOJu`C}UOOz|^LXAK_7NhupOV~@<+RiH{Q*jSO-
zAAw6%RW*RZEmlH;;c?>H-CfAN8~9Scis|$Fo)1^werQz6Iem)d(ST&veHjVCvF?17
z@_K1?3#fnT;5MVREU|K#A<lC8{`&iyGt$+ZUQCl~T1*>fT39PDW2d=^q<hIQC~)uW
zp`C?6?jXaJQ76DNu~gkK0HuLmqXae@T1;l)b@TKo@R{~i?-9%jL+#-Ca~OV`*1<>s
zj2U0-<s<njntn5v4F2si!o65gDvU_fq=LY<rkwJawo`00kMDjGB_H`#+A|ZPcCMW_
zFPchq><X71R-)^S1P5D^Thgc1-tqCHat9MRqE*e6)2YfnJtfCEywJp5;c?>7JCkJ1
zARxhMg??iF`n~Px7}F%n%0R750F?3LGF!#{s<Z<4;C*HqkK*kd3zLJ)n(BL-HROfo
zX6S}--Kdq_az#US##f8v=nmJTcQ$=<ITtzm<`}v3d~8Y35?nVnE|wf9@d=bNVJohW
zGw0VgKWt>j!(*oAzw}k>ti1-Kdsp5VFqYq&1Ua0tH#*$VwpMzCkc@ETXn&%OR=Rwu
z+NwE)P{%fy1}TY-Z%sO0p5JsfIH~PDv&E2BJT4v8I7Jn=si~=1LE`$muzF`Bi2{RQ
z$apAJc&jIAg2uwqpn|-AeX6L;^?UC}_BD7c^q~Ud-`tYBoA(+c5iV&~8^fha`}SR3
zNyv5opXcN|BXvX{P-<}IO@8semlNrpg_S=nv>eC|0w5a_dz-DIz;Tfs`F6}rDRaBb
z4wO9F^$zc4w?JyY+{tt_(!3dgHX}M8St-tw^x_6m{dP&x$BwDzx<Rd?1V3GZG_3CM
z&_T_Q3G#%TlG6wQ*}ch<e0;0S7PH?N48F8s8ngJ^y^ADXt`Op~?S1!2RKk29&g8J(
zqKnseS2T^;;giSb-hUDe<}##$$OUqQ0g<JA#=l*A=uPHuCCo{qE}<^XL;q5}G&@tW
zh7X^eZ5w_+yY9czNF97~?O_b`^t2d2W(zF#zZ+xlygpA2xt)vtWK*V6)v+YNkjlhO
z|4lnC{B$BE{A!DJmEH1J{hr#7ZA+`kR!%dmb4S;K*ZPxze}!nyx0f~tJ2YIM0kXg!
z7LI}SCX*e9hlAgCH8yZG4LXu&7D>qOrCHyPT!4|tIQXW2u&a##=BB1kEaWnMVaB8F
zxzE~KweIkRA8g+pxXEQP4Uc>h_iHZoW}{?jWTOl*DEQVzvD^GG$NY&;c)_oum76KI
zZPK1s6k*AIopJinZj29Q0p-N6`$CF-V$^1G^}BhP&EWVzd#h2}3a4JhdjGEM`0&i1
zMa4;TcXk{xJD2A%cUU*uK8{|v$IT!bN)|pI7=SJ=2_gL2P7ySYr5U}+#?J{00nl}N
znpjB#wV|YKoa^V!z!4&nPJz1qvx0fqgaannF#GE5#FQ;}{TjPye~moE@aAP6H+=v8
zOHF&`C`xi;UlK8O&JZpx5Qa6%F%EvP=F9*di+>H<L4ba3(pQqeu|^|RD5TqKOV(FP
z*xwmpL~@<2qNox#E8G~2yShB#ztIv3+{O@H1Rj^PFq(;Sn35rjJ%?4ve*z}<rzbX%
z^rZL*W765OdXO>`dJvxo+u|a9FSi|%mMHr}_xb)OEdiSJxY1p4N)@FarI!T_M?3vD
z74qJ1c9MeYy8$%zfkA;krC4D8WJAWhu~RUaGbSGE)Hh(Pgy^V;CtAWf(RqUGzqu6-
zx1_0X3)^r~X^cu>eN%?vrZN>}^EXGG;l$zUK6I$Z5+HoN06802a0t>J##j&{rERnV
z+3#^M?7R0!iMxpJfm*uRf6sgYT;$vSB*0<2Vsqr8w`lf{Sky8`Na423_k+X$FWDIg
z$g?I~hZIJjK*WSe`pNo4#D~BCo!WV!`_BL@wDiQNkgbnj)q;B#CIT*ziz{Ru1;w^p
z%G@$$iOs$qyREZi(qe;)s~kZB5*3Z?d}-!O8Wij##3SWY`(ChRZPd*_j*Kn<Y3z@-
zLZoX)T9lJqO6bYj4*`L$Cifph;(Q%HsV?kzCjbpWxSKknF2=mC25j|#v!H)nq3Y7C
zwGr;Jgra1!Ny`V(?ZEk1N0B|4?;QMI8TW@aiP!Ns|5eDB$z&d0tS0%tsowh=XueS#
z|C6?0Bs{GV6A4gT00T2U?bt?={NJ@5{MUcAnZb=y|EHb+7WN@$=;0b@Ec{oPNFKOP
zGuJ(=SbyU6e-nF*Hg7Q||I^&_$HT1Ga@kVr()!NG@5RT@|HI!j>#(a&NmoaAqxc2U
zzoy6QV2i^2+J0keP>tBlWJydp6})<QA|a%Ru)18i^|d4A;DF%i<(>}E@wVP<F5K-M
z>TiILO?qp8J?u)405N54;Z3m{HJCUwG%~QSz83IKaGgU{_x_0=6MWV`<I7^C1*s2t
z2^w3uC8MQ4HXG-`ciLqVzVQ1RQsT^Z8y}yznc9#cB&tz~zQPJ9J^OoJeLngK2-rLz
z@9bc6oz{XKR_1U4!7UrOJ9YEqAYZJR{m$Rh-F+*>HIp5<`O<=5e?tdDU;|Hu>a42@
zpvCp&vq#F0B()W-AMGk7N>C^Lm01yEq0sOhQ0w(06NeU%wvGW}V7gN;7`W-0PStho
zfKy>j_q>Pn*Raap_0QvP5-C7rS~Aw*q^Sw};yi@kxYep0m6W*2mhN_LW3Q_JTSAwC
z6%JKI?)C)l3G7<<Z;`#(OjedbIN<&HeTgq8(66GupdO~nzxz*9IN{;a=hK+CM%%xA
z08!+TtXv<qD_?Ot<tc}^L_&fpo}eT1%Q-~*P4fH{E%Ezj<^6i{y0L~mnt=Nb0%gCJ
zGj}ZJvYeqLK7iEJb(pPKo5e!#tNb_8_?oTRGIZPC!#1Q_^}_pqRYzn{P*u&ba#x+3
z6OSb0Vyc}zh!>-RzX9Gu1_Qi%qeG<hcSHI9l>gi6`~Rf=d8=9fUl;EGkC!t0_I;t(
zYwKIIB24}HX)|P9oxl@V^y6WnX}{8*C`uPAF$o(^*^IQl?0@^PORpRAl#MYvHwTOi
z&?p3G<RqW*%XVrrsVp!8dLCoRJ?PHk#t{bYVY8a8pr@~|kBb6O9(n;|lY%6l9(nfr
zn-{MuEUVK+)M7B!-$ZZ?DQ?%qfHcA?GNl@z+j0je%!8(_QvA0xlS+_Y)LrcJ>e`xf
zYicS(s@L7|X<=Dej|pvhh=UB!I{B@&;SBh*naoV~&6Mk<qMBNHgVmwsdDb#hMWGVT
z`lmY&PXaT5_~PQEa1?(3<lW|wjKRYp>%-~#8T!eK+4J0EdmCr3y=Ab{fHDsl`#0&<
zS8}dNQnPd}l7zWAkB;nW!~uDt=({BNHYT8krHK~n<oL#i<v_pw{P8_9su#d}S*6(+
zz^>c1ArOW#Lp)~SV+)9ndiwI@KJaj}N2u9!C9Vw(^iBobmX?<L6}0dcBbSs@7L^wX
zH5A&X@pwm~Q^Jp3PHsiH86KlxfqdG5W1}G#=!2_YR`a4fJSsGPU}`SJv>dPmuX!%Y
z7x-?{Z=&N%4i0{YEQnY2UjyDgNV>%V2wk23%c_e|)Ko3geIbPFUznZcNK!~%iJo4D
z^E?&LFJOZ=6QQB2nDuqn9rrg9j`=RJP=(4T@stkmqwu{g(?goI9!T{kQo$i1E$B0R
zSTPPFkNf+Liv@X#zLxRu35f}m?35A{()$)V5&PmO2R4wMDKwJxT4PdxOmbPrgQewQ
zMHYE*mH1V`SzKcE`%gyH*ulMJ{9RLHGufv}KyUPK2GQ_lYiA6y=~6uFRKDDbX<J^-
zaMNUQD&^9lxur`}3w2(OMMO>k*{+q?mWuzq_Va$<gSX-zUb&QL{P11})QbR*&&mnb
zQ@hvuRzCiXLvWO|TxK!2q{J#=V{goZD{leyQjMISO#*4J_PmF=(6zN$9@g;!adT(W
zuMmC(nL6!5X<;tb8aUfwI6gLb?t4}(J5JKVo4&EiV?3rKwLnZoRE|ptSi#Y6Q@_mM
z_%}V8p9cTV^ajJtb7?nen@LAgHHa;mGzJvLa(DL_r1hICXdw?+lQTbUKnb~G1uP&b
zWDArJuy<SjnsHUm#~k$Ql_CQ*G&5sk#GJaU%9`QWZjce~1MaojJ_+hbObO)PJM`zX
z%-eQ}bm?>)b}bjL`b3!Mw~by%RL(x|YDg1J%Rm66cipuxAUz?}<n@f=&ByYkRY*Uz
zprAz#TtMH_-!(QSD?e#HuGwU4R~&v@+yJvQ-z2QNAf{;!(j#d`xR|`xyWSdwFoT=c
zQaS;X0}%pHd;G3zlYW8;CbK1u7Za0+O$tTxPNVZ!i9mjwKOz<x{dO2r*>q{3mH`rQ
zn6?MJ9~L7~(NtJ<b=tQZ$FI-DF%fQno<|12+sGa~4|FAEz7uX&l93`6ff`rJD^#)s
zVPGm`5km+38{)yq`HZ1|0%2Sh**re0l@D*YH0i5lB>-!gc5$!_@0*W3V9)8sGyGB+
zxmELOWS3>ot;>96(V{v2Ji|!TE>jJ(r`GQh>kVtqU93#|{!p^e_-HfqZ#Uq>-93S}
zO^$*lV|lsFBUar3+uh^CB9L&y^W*OGtS9oGt?Z`#27&Z|jiR<e{v<!bv}-NLVx53k
zvHnD^D?eTG;pM4p(RxsTTg&}Ou;%q6wRIlti*E=0{Ii+N#8;no5Z*u08c#1Q3SsD|
z*-lp{butFF29Q&n0@(oaeu!d#=jPaiPe8<j)Cy(b@qQfmR!e0ydR<fX1N4*k$~9kK
zp2>r!`6b|KL8{TOWl*6jX{l|^24U8*yP^67-%NsByVQ5kU2p3<CUy?)ubu5}8e!MX
zeAEQ5+v~7>Ud8(IWCa2`3gBK^e_-mZ{RwP6loJW__>f=sJnm!TK@xY9;9kG$!!%L<
zI&Q5?V>NI(x=ya(9ekrO=$b{mz}fO;Is7GkU(x2Mq1W(vyqJ$c=~UY)({I667F7$Y
zX|)x4^?L7;gUXM?i|EBo<ik~ex^MH~f2=*eNROyQfu4lz20S@67RNyYukuKW+8Rwh
zbb3AzC)Iy7uZ1qdbhP$e_*4e-kzv39pM7pV&hpKY(&j5eqU>X){|Ybve2+t!Z-O##
z{^Qh7#*5di=!DbB)oH+;jmmQ21+^o+05*BSC^L=5(dn;k=dSK!stmL&6th@F2gBy6
z==o+PjA<vA$x`}Phrp8<&)3v-m%P4GGUwbu2CXU*K)n$~8^3bH`?qNQKK#;j^G?#n
z$ujHR+QUZ2)#+MdcR+{Jcl&o4FNZd7aO-;CRioN5;9-3KXol4bS3^O-;Z^o~XcViF
z_Lt8L?|oke=xlsk?;d4|*pL_Wyn@kZcz|;wgX3c%sa7i>NO(AH>*LcpfGUz}%&`UT
zE~wUi*v6RYGH?v^8oQdqj4w5#?1;Oos_8`w>U!XOi6Jh(UFkMy5G+M{u8((TuVW7l
zhws6>T{G{k9UnRM@ncW@xfeE}9T4OssfnNQypkS@+~C4l+h3lG#rLwBdhmQ>(L?o)
zcJ`Fdc#B%c=Y*az-^JE<Z@szHS~^(*eaG{4S&$SkYe5Fq|87K_?waQmal6TeyLadz
z+^y*PvKpmQfD+`!H$!!lv~YaVI;PKlmCnGPMBz@%T7d4J79Jw)!dLyVQ>(n~!bN~;
zcvUi=M=0YSZpD(4-4eRZS`oCLY|^E=b$7HkT)f6|MjfS?99o7(6Sh3ldU*HB1e*~|
zNnAo|h;Qp1Nrv~f9A!RD*+}IiO;)^u!eXh2?)?_zGtW!pKG-=fi64s|ksP+lVRFFI
z5`6;_mG#_mm`{h8>OD4iv_3O7Zd1$))cXsv|CD`HGCP$56waGznlq9713-8oLL^Sb
zW2?Tbq@$5V1)X4%<~+*EJb8JcVc`8!hiO117lLZm423Z1)M*y99i)L>FipxZ1oSAy
zHMMZZQ%d=H;!u8Y*qZ}#VXl-)c@HHz*(oIo&5tJE9ll_AQab~6rlc0@01$*C_XY*s
zIQY81uRy-*o{fqF9+J)q1rE7gP}5VC#BYCcDLTRA*G>0*7Ax5MGFc;sR}h^5ezx=F
zEbR|YOj~kZ$}p7zzyM{?)etu~5DRkH5YlBAN54-L^rK*4(YcyfOjY^GM$5<#{MmJU
zClBGaF3<gL5rSDqoNFon;?w@{0NeMOnwnO10+K&4y3|wJ$8~dEMH5#mag-}BXO7AW
z4%>jQ+NOtTBcS;b4HK<kzlSYZ!ROSE=``7p(`lUFiO!*|gtb)Q%FK&vp~?NArI&Fc
z3ln|D7ybz@D)kY-al}K0nvN}TC>!Mx88bM3`&#4BqXQ$DVQWVA!?ov00uHs&4Uk#7
z(`m-6fQOr2<69lOUXCEfR-y@~m!bji#ig~LpF~PpD|C<Qq6F^VmoyM9b0=vJ+;tz|
zj<Q@>jLs4Aq~|UnPfVL6>HULA<e-sAWCej^bNY>j8&o5g5k3>0Sr}w<b>_!q&y30W
zdTpUo4wK75Bp9c!5V(#*KjY0Ct<m7l`{s6O^%v&v-!boE;dw$<+$86Ej4$F+^$wnq
zOA1BE38tW>zyjQT#HM;a1wN*4VtFS=4GJ?35m^#m<OLmPp7M^PH-A-ABcRMbpYkQ?
ziHLctirsA8bUd$c^?b1Duj+y8nwi1We_~z;wHbudfAOCZf!jO28RePQ+dCNl(h_^1
zr>^hDW2=z4`5-;ff4ra<I&j(qMcR5tO-oCAUZF0?It~<=0gE0(@!*L!joa=VYE)bP
zq<a@Sl^lKqk{qwlgs=k{e@|$hvFOKaN)Z;9r|(av1NjsKi8K1U49eZ^!5JL+EZVLo
zJw2};#JKAhWPquQ$s<2@DMF1v0yS1&Bha_whJ~>MY?$WTlj*S5Ccm}D<nuL}BQOq^
z7qCa3z$2awfVNdAcNY~jEm9A{FezM}nIESYIU##)5->A{VrVd%_U2XcwvQ*Dyl&Qr
z_`F<uXq11_p117fcWkw%GWLj>W&G&n_yMk8YrGhjIQQk$@gEtlx-N-IaffB(1B<4)
zPh+LIKEJ<vI5wN)tx6RT2fbdHdEFe_-JL%}n2&m;-%`pA`M+rvyf=OFZd*YO*YVoQ
z{V|g>=Fj!^pLZFx^2!Fa%d5v6D-91BbsR@ThK-0qo#fNAAPL%ShP>@h`>x2Oi@0{r
zk3#9u-i~aHjra}4o;qf$JtT-brF19VTqf=Uw}ZOk)&nA07Kb{&Brvq5bnp^-KFDS8
zVemJL?F&>#2Xe=OPq=)u$!deIh7h97r~Vk%{LrRyvXRmF{`;nXWVD`P%BVX92#;YN
z|IQZ#$JmT)yvkt`#=rFHc{V*S-PT+W{v1blosM_ly1tWi+nj1i=t~F<8d)Hq@pBb?
zML(}nbb~Z?Y}R6aDXImZ|6M8X?la4XJodcdv}ZMhN=b+d;g^J~bblnVUaG>STd<ju
zE&989!Ko6jZVAPoXwOHu;1Bi+AjYSrPm4?jB@m&FL+s;E%s=?pqH_tMy}(P9&5Sr3
z+F4VlJVG*kpamKZ|K`j!zJ4QM6nOlh!f7d-yExtKdBD_g@C^84*N~f?uf_R=%#)`|
z#WOs&<(@94kUUZ|GVwK=fLDlWnytpg$wKxzt52BQ>8|4P?`GQJ$-tZa40rtj?ajq_
zclxNGEg_67;JqVxb)0OFd*YGQp$cAC0A8jV`&rSG&Mx}3R%}v;TksW9{9r<SqT#vJ
z3Oy02_cL8IA-gE5X}Q|Gh_T}(qQh$(li@)V=SFUXZIAl`|G(Zny5rAFZclR&cD})2
zrdHUQi4FuaJttI>m)pbU`>HBRqyaZww_V9a=10oXmwWzFMZ-Q+JMis<e%FXRC`5oC
z92F15EB~6<G!L|xr^k=R6D$(4+wGZc3Y;!-Bw#nas=_mcW3l_8hI;J0B~iDv&u06_
z{r2ujGv&>Mo;ReE^Q#MX`~f?HtpTWdUNBi*ejY!);v#HcN=_tNA^jt@pX;9<8_w5w
zU#G_zuMz{LdrTFa(AWwxjm#%fq<}|vSM}8E%w#13NfLQ%jXv2-#uAeHR?9lh{!3+2
zp*>|ijkEAlqf0~m)|N3P3t(mhe-}xtSS!WteL6f=x3XfQpkL%NvfBOnxb$WWjHWWn
zj7*-15ot*JPArd8t}*a);)_~#Z7%@Fo#hsTA=BaOgN9*53}hV73_9&3c0NyKCp{kb
zZLgc8ukPwCx9cyH9n97Sq)*@pPC~QANhi{I5)6El&T<vCMPJYhvRS&9c@s=A8(c)H
z#S)V^(qYG`ci2^=b(`>IxQn*^0k$g;?A`~7<?#>`f2K$Xx_h=my0(9>^^53(L(hA8
zLkQ?cdcSkT!mYxDv7FuKHycw-4+b|P3PZ(JDbdr_qmoV2bGsXR{jt<^M%<~uEobYk
z*9^YA5oHfL)}%fDEs|WS-)}$(@4bXcNL<c;1kX^-nel?;h=f?@G-x5Un&Eqi`Sk3k
zeHC8$;v>LSm=WZ4zAQM&z=7Bxa2J_TwLLD80feRjaEt3p)JEsK(v@0~0%JkF(rQ-s
z@;9zTR*Q&gV82e_)dz*7`BIBA-${t>*nB+2$i?vj>HOrclf$?q<|HMk>U}I37ZR&n
z`C)8YO0>G*ofbadN9~WtRkhHeZ`qHtjg}ge$+m+HE3j<{?M2p7JC@tpo}I_yQvty|
za9lEiVgYbrowV#b{zpKB#)CU;@t*;~`42slr7Rp1+pP8^{+|RqP!3^$*VEmTz%%;4
zj9omR5vr!#woeZK17F@O<^N9xu>X|;n$8~F*~K+FAHMz%Hwh?|0E8ZpymV*s@;~~)
z5Kg52?iTRq-@MVCSx)5M|HD$o?7IJfUZ-vepmzWor>DUwmqvTf?cm@CxmlOEkRi)1
zqn^nTx45X>Hz5ZEHJjz2G2UB37KR!@cFYc@_0aA=td!ztJi)VDtXJ-ba8DU&hP|~>
zQ>0J+1?o0zH!vl?wG~1$A&l%dL;!EHkrwympSClXk7nZsNjNP=KF5oQvz-cQbgYe#
zk%=_hUPR%6jnhpOJ6F!M%VP@bAsS}jHwGesN>}YBkc>qdV6Ot4>Hb{xI^f;-*JMBc
zLo^s}bES#ycWk;@FGucoP20@pMzj|nP~*|4g*bruiG+&3X}d2CJ)BDFkBW#}G&%IL
z07Wv4jxTxO<RVJ@vELcurIT;|yo08vQT(%;t4=dP260WX&wMIT$&F1*)k6d84BuQ_
z7#Mktn|XH2!7y1l=c@OP=Y3S!&Gk5#0vTnmJX;kJoLkRjo({KrFO4pu`jl#WmOw6k
zZ4cEwGM)nb=7PG{)v=dJQ-YOWNqJFU$oiOwm?}0Sk2j*1ckYq|SA8$s-PXcoK4n2E
z^Z-p3B}qBs!7Fkn-J$Ddvg(TceP_nqz_uZe++GTB*N<n)&_Ab&lofTff-`YT{W>yH
zcbV3Im8L<bxj%7<27kb(f!$nW<zt1(%n*P|t-f#}C4M}3;$LMp^Zjt5U5P^VMI1a9
zH$YGnR4zqFK~>(Y8#_tno8~$!8n3Q$;Nf854hw9Mh+z(~^)UV$pVFrJaVpZkihF9e
zS6MLm1D^OLd1)3t3K+o*wz==0olSuCmXe~SJBgr+>Y+^{Xo%-{5zg%KT_5>~*p3Jt
z2C_9Q#P2Y%2Su%7qN-}cAe=Bc*0BczE}WdRP~67Y%62$Uro#6WRyY1u;RXnfzDAOQ
z0LmW*vfTy#u<8F2MqOOoA6#PErF%Pp0KK7P7Q6rchIBOe|KRN{qvG7!E$tl$!6CRq
zfDp8B*Wd|GaJS&@4#6D)1Pks?;qD&X-3xbj`5v;*`T8BB$2i@;`d<hIwW^A>)-7{h
zchfoy6(QHIi%^*M`xHDC9GvCqR-o+jBm^z5tYyISfe_6sE`SgZ8;ODPqDV$Yy04hT
zBce^frV4Emb1--bOv~QBDEuiF+rKPyf~&spMQJvap(EOV)yUD2trunA@3R1jMow(G
zPRNqEmgweo*-A+tP`da4CyoNLQ<}zQ%fNy1Xt9iz>1_R___$NbaC%7YjL#$;eGM4c
z-)1VH6A?$6Gw^rK*@yq#uw&F`XJ?%mULe`ozox?flid?|Z}z9!ii-YKBLasBD0FFL
z`Qa=oVFlP%f4A{?;I>2(nRq#UN-VfB?_K1lXFbgb+mt>0E(mXL17C77XMeMoq|eT|
z#fA1TUszJ>Oowgn87`O<u9H+9n@h%R0Dk>#hp*fZU+Bj%zz70tE`nghy5b`9_jrW<
z+P33xs3;a69C$~Zv&E%8ZjcGr^s{19=AoY7Oq!x+lM@D}Rmk6S*GN!h3;Q{$Yv-R;
z$$f#4cTHFIwy!Q0`;6Hx4t5Fi8Do+O`&Q4v`|1i4%KFnI_K?zzk=UYT+BiBET32Nh
zDAM?ZMWKkl99IM*APUI{%KIVcSXvTw`a%87n2^)-XyHu`B?Oaff+roKLTqq1vOCwx
z-qz;TzFYpK%3RvQ)@!b;sH|rLetQ`n<{y;+8!9n)75?xEv*uWWu}L%#FeR0grLcQp
z3zpM(;Aj9=&E1JaY<Xdy;u&luYYOci2{~-=YFSh=S)V0{jz-!_uY#Xa-cp4}HKxD$
zITX~yWPOB9r&?F@wLo!pLx?FN8Q*o8#?eA#l~|o_vg)G3$~Xpl^WIqAbP4cb;Nb^{
zFF_IE;9!#t#|tI=z+hdy=??2nGXM_#4it8ICzTn+s5v;y1SQ?+T0X#AG<gu0B&X`p
z(z3p_7kT(dMmY3GT*T&wwtG|`VaK+dy2axn=bVP&^_VZg3@u>aS(~UlFZcAOY35x@
zR{yoX@{yWPGF|xK=jixS6`Ze<jnYY!F|A}tNIyK3yqg?Q*iC-#-YZHDE_hp9dprYW
z%s`VPrltZvuII+X)AoK(ViPWz4|UMj%)ygiGOqHIX@~sUH)i{C(B6+OV<wQqH#tpT
zMT$V}G-9~ZE8wD{i}E7CZ{d%4y|a2q5$V4nE-er}5QZWI_|^0!mg^es#bpb@8|Zya
z!mhKD*esxp><*BjVjI}k=VqC@p<tDetst6MH0n5#9qldKbO32aqz6c6uB4?krXT-6
z7m_vH%H7%AGdNr{xG0269h-iA9vD!)_Hx#hQ+XQ$@AC4&!`@+L`51YuZ){9-=|f+?
z&yXfaM9?b|R8ZmPX0XujlgPaxm&mOD1D%Sy1UF<##|rgeQH!VMXSuF-J?@PO5+6Oa
zkv}$JGC%cC7(g}+hccB#38zH_T+(voBnP@y{OpGdU>J*f^xtNN%WT+m2$K50q*W&>
zFKW8rkV}4r6A~q4bWcRX^my?g=oM+{5>74<m@GviAa`EpurBv)pFko2+ttEEb=#-9
zB=%35YQJ)^7K%3Idnt^+@3B_1qZZ#OzNhmCP6aBIZA{&R73c*GW^(XnhKtcW$<Q$P
zfS$=NWWj+6@=0;z&dqgbM#J0BQn(W;eYRhq`byZ0UOFreCBF6@L&F|)MLwA}o|O6w
zP&<9fKQQX!E5s`(D4Ou}Bz^OY{8m!q*R$7x+r`aQCldc)`I`kH!YLN*{16rWp-&UN
zzO-;!A=sjk3_(+G1IpT0ru<&5ZcjFtJlpQ<dhhP<r`n(&2?&Ub>h_NMw<R8Q8&CVh
zSRL2%aT}T%I<&M_`B{&R$q#iP_AW)`R^l;{1S=f!?#91`(W^yGS(T2J^uI_>ToZDA
zQTA1r(<}lD+G0jyG%|xiQ}Xj+ffii^pI|w?!>7yyY|$X$H!~+oV2JqTN#?@<75!8w
zCxtF%#L=I^FA{^Dt(Q{d-}N-U74cJ&(hO}YPH0;)U5*fzwHwobOTJ;R3APAS%Q`Rb
z^gdkR&2y;AeG6?d-DV*~;Q7V&rBOVHi?9v&cmuFS%Z!Bx0l$tA5S`J5rwWQjQ!8$C
z@G}8_9<c>|>Eobu13TbDR&1^uGKm=HR`5~APy&(Xe-2YH$?$HOp0+wn>(L5PtE?Q`
zmFoPYC?hDgo=r)axg`dRalv(2RUoIX9eEx~<6p3o0lTdy5ca{r4yeBXhs{c~!w05J
zHt}(NmJdO2<*4*bpM*3_x-Y+5AVE;R&lAeI_4Vz38oWPPgjcaI=c;7#zz&_u<6|F;
zk^Y4#$35_~Icwt`^fdga-k0Hl>4!7<OgA{c4-TS0)0-Z#6!5~1!}~)wALR-mrlKd*
zEZ*oEOK_VNnb#;FB!3*Fr6mf*9;F6>$4mha5-g^=lLMz7OLn%s)ZAk|WyEl}sr1`l
zWMYyQSG6q*)BzXYD_tEX)4oqpA8mLNbeWI2$BvfmG+OL!`;L9pgNC8xu!c|I4!e{X
z)oQ_8Ndw8AkikXht>WptdAR#<w9d5LX5<{4HJM_vd)Z6d<FI70cmIhuTSiUeadGKt
z*m!!hQ(zx_ENSuX!Pxn`D}s=QZd!?QT(vy3+ukR8V=@pqV!9U(fwPWx2yjdP8#b$@
zsBJFzDxSRFdH)9rz<)LQfvc0b((df(u;)KQ;-yEZ63w=rxmSpS|A=T9S>HV7cSpU~
zi?oXDf5pSVceyFJ8t!g49=L#GTRo-8t}pHB76>~tdBAM?DGBKbr3nqRFqw#uBP$Kl
zmaInnlmvB7JH_G?hr_j2xbq7p{S?0(Xj7NF)R*<7AS-}Aq>mR(OHVsnRfj14{>sy>
zu_;@^&?amM0#e1)v6l6yV1s{AYePh2;DX=6imQ}6MDsssi%KvKE7m4Nj8T|8+lSSG
zoS-gQbhGv_lTi{9VS`sfzh=V%eb}`Wi-D28DcPOQ*)C*C$Ec1)$|#mdIORML8KtM4
zP!*kO1$;64Q8&=x!e;`ytgr6(A%-3D?nP+9G~!#M**CoPF4?w<yZb<3iK5o(1<QW?
zMJS_<0T6lXkHlQ{q6yj%OB5B^EQwdG9~?(wpc}}kYxxbrI`y?FTXrFuJL4DnmjMCJ
zn7^g_w{nYRc0lH}AD1gE3{~#B;{`N_y8wL4NQW)SsGzAd+qO0%G@tL|PZjMD9Ha2g
zKYaS9?VVS*>S~Tcvw2w2#goOI2wFiofMveY1{r9tL#Fl&<P^UJni>RU>5OtN3)Fp8
zbM{?Bl6rPPaoWLJKVYFG=Woa9i3@6`Y2!0T2o!${2~AJX`>Gxf`nDSbWN2&vd7+?y
z6-Y#4Q&obkjTnUGevpi$bA45_Wm_mNs;op{$&VD%binn}Xh!*Jn$(NuYh%IruqdkP
z&WLj|L>NT9Oa?Tf=~^yDJ{B~4EF>V7Q?|_oV>RM~LN!Obt?Kte?Zf#x27djDgH)ws
zo2ncRj{Yu#%qf1Af?W!eN%j5P&vxgkv_o)6`QX6HF{~DFa+9-h_NU86uT2Cf2hi`Y
z#z@Nex8?KXd9&ldN)CjR3#nv@MqgZ?i_|4j8OWB?Oi#1jo+i6WOqtovC-rr8wcOoF
zfH~a*i5*_{q7dc3(F6pJRg`=g?I;EkhP3e~+nWL}F^h}0?ye@8gCKCbrTr{^g^<dt
zN~QT?n($Yl&|0TjEWn8~?dA?-k$8={>+1m>Im1p?V_q-Nj~7q3Wztji+WX^THedtv
z59Yo%Y{tZ%_TXVe;C9gLvgauiiUR?S6af#eF`)oTv|b0$#{oz!YmW+_^am1sY@F>`
z^kFg$GRA5W^w2B^7ln4RYV(vwttQdQ?4a%)qJ&5NaSgzhA^}0VsxN7;yHu#J>$uw8
zs(I=^;^k8taSI3kiXGhl8+n5yu%q!9zbhmD-O)f+Y`L21PpR#)_`i1i&h|Ef4vF=D
zXXmAte;RPTVO}49K^jR3g!V%DIeE3%cLAdR25i7VA@k=Mde7x@)%rj3^h<)XvuozR
z3GJ(4MxuK53vC(s|0pm5mNPv)lhxSR`yZ>>ISB$(>Hl#=-6np~bbT)T@BewN-eaRW
zb3Dy1-_ioYf_a-l1>8knj7obQnr|%jYugJIS7<=q17vM_v(Ky_dqv5{R#m_ZbJ0^X
zGo&BKNC2HIqyF1WS7Oa(G={R}kpJ$!ID9|`H$PCMd7ZKY-4`-DnUP1VWMIEOyA>Ca
z+sX@x)0P40grkHF_wW7R>fPc&>){x^1WdkTynv-XYA8kXk=2;GtnrlfzkWJvTBF=i
zg&ELHMkJO&_ta>7$2F2BG3bU9x&V%q$e;ZGlJS6l|6A1<(J#Mh$kmO?hD7@EE#(Wt
z;n3!gOF&q+y)=LabdHOOj0nwjLl-E$WWS$><+fE+RL&H8Vw?Q!O_0y#*P5oKo;GM+
z-`GgjJ_`#(rj4s5l|>8j%0cnqKgI_5`r0Z$@!ACVL}g^$31tEIuk8gze#i9i8I)ua
z*Ii=OcRmS4Za10xdlyK|WInz)(ZygV+ZUP92}$-l7k7j0DS0?VlyV|g)fQ6@Ws5l!
zRA=W)so)NHj6gi`-#gP$-V^B|qvM1dE@aiPw!CQntv#U9uG4noMlssaTQ3?uWgW@f
z64m?7>XxzMy_HQ;^WpB^WqpDrPj7JKdk*2yO!47DSB0yoS_2gWcr1SHwY{diD0`uj
zU0$z<%7D9+&l7kp+x;8lUZMZQ{ucI@6wuCc7~8E(w(@O^(URg<;ecnAN&8l(r)Esn
zH*14aY;u4i2I08A{g%(Al*j4TXm8pWUWU;x6=m~c5D)lsP<RS&$!aZ*z=%ff<fTmb
zq>w>pwR_BDImec+U%SuR)>d3&QnZk0>#Zr%MBFI=@XE}oCcIEC5my&O5kuZD6s=H%
zCmV&_H5*xZMe|$B+BJqs_7P)U=Ns12*u3V&zCegoU;no0CKuOT$k=B=us9r>5V|Kw
znW&Uu<6ujEl|jq_pM#^m*d8BNMJ4%t(jM2v*SN|tlfpCHWL})I1z#QPGNqZkWNdmA
zP2-H*K64Cb$ESOj8W0o!ToNCv1h53b%`GkAMC+<+TkCojHALLOV_7r`%DBQ`)dH~d
zFg`_&^*K`)544)bjC`<Ax4<>Ka-91;TwUF5GM?)7sG7oUiR9)KHf{=ZprbY9{J$Hf
z%EO5^`x^x08_y;)3Yw&1KWt7gSDxm(r-^*A(XC3ep?lxdBeF3cbixX>OdB}(J7Saw
z6!R=v{@Jk{92h)X_2&JN*w08_Yv^>s^P`Exo%p$xe;)%Mz;9+E?5p+3cGuvf0wuAL
z2vptxUZr}D<378$Z9Lb8o_F^OK!4feVUeu)>JJAln+FwoV-MTI(_$BYLo$6@E{IBo
z<!ehO;~CgAdVE7dg0G;InncM*FI`jeamVjuJ->tv1t$ZSSip<Zjbh<9{a064tQm{t
zh=|1-Q}c1{&AA*dqb~yC_)7rL?3zGxN@bcDP)EpGO<wc4?Cz=5u+7J>Ci!}dl<d_X
z9xD7*y<Lkd!gOrQFW^5$?xtLfRH5Plgw38C`_n&lZ8Z(dYTwiY#gAKw$=}@olE1u+
za$J>{RmcKHEojv<ZXmzw-F2^@v!*%lV#!~;pf#M1Efw0BE^GnB-OBT<9~{ythrWgp
zKyGw-45(WxZe85=GM2qsJ~<vIfX&jkUFziGJUL9_yqUu59iP$TQqfdj$XiW{Yb*cx
zx%vF&AtG_+Zf!9A^ojv-?P$vs&_23NOAZX2MhUEj`*^wm?|5udYEbg?qb%ss@-9`4
zI0BFTpPN;W0H7m}TI6imxAJ`%e-i&ORqeX@=>&GY&#oSsPOAm&#bXOPPWx%ZGDAvf
zQ_U#dsq-UwFVlw0#wMLw6~N7~Jszm#N?Wq~Q%FTcUBy*gFocVb`D10-0B9@|2{34u
z1_XB~e^?Z;T8?j#xMjwNs|~vsmpAYxf{B^$R{lJ_dm-$y?2mi7hgOV0!az7Q(52D_
zQV7_~OgJ<NOZhN&F%~0zJGzkC-*%)4lv35r%P=Fk8c`-9&EU+lTwy3wYfLF;Xb=zb
z1By=%Ivsbj{f~1($ZKp^%Vsxm;!GGM+zfw{^6|{dtYwsPsrTm9#3$<n=N{CqU&(rR
zR5~uA5uy3|&%rILP{Q>=ZJR3(z3m`I<D%TL(N;r<9o7d#W!1D?SUlHxS>9mI%M&zk
zDU*BR%C?EVJpz-T>HIhuk7ciFisOcDqj%Jpe1Np>bL+}nwLx1X<e#%%C>l6l8#=V;
zD$ZAQ2QQQRA2-lvN-4sboZdk%+~in<R3-d(>R#0-9LHaLqv|Mub0i`whIzTIM@~~+
zyKRL4)LwgO`g)6EzBbo!7C%@4y>(*ZvfJmIIJXxEL%>~1RJr{r95)ycZ3QA4OPjt2
zd^X&HS5=N4;MGRhJvCRi&v(c;!<}asfd;*|nf2F?u}oH~Iu>)as9bjeZjZ@)S6Q>y
zWk9RUpFA))B|sO$V8RCp_#7<B9C)49bZgOzTNXknILBl)OjBGxHf4Ms{i>EnR~6_Z
zj9OIlWrFtbU^RZDPW0fXid=AgKjX)4v8;>&+|^;NkRJ0o_Oms6N4*zav~MhSA`n0;
z@G00iH+FJGRN?CFz=ECm?=%56(Xg_X!>Vl8p6A+l-PPnh=AjF&7L^Eead*z|K3QfA
zHlN&vQYBWEah%+{o4x@J`_hEJ4f}UJIb4D{{bP6m%6Q3Wdp4a%@xD)qxM`!FD_#6!
z5*9M;R6m+!++hGp-1?UfWR%qe2=SgkYr;nP|CjjfY);Kg?b})&N*=iRJh?L0YXYi6
zaYEUY6u{zXv!*MPyxq@>U%na{Nz(@<!`Ey2M+|A-@bAU_sv1D!$`su#{knrLXyXL@
zPVq1Hxnp#Mk5B10ZG9u2g@CvfPG|?HsM&nclc#P?Ye5q9@w&A<<IXYO#utChqyTh*
z5JvsXRM6^(UvgL&vFeBqMCY;c?Ogzc7{Y5F=JT35M71VIabH>Q*LP5Xirf98q1TS~
zd}O^f3m$e~e+lBNFmvU>tgLb_)b@Gk&n`AmS!v_iXKziX8HX12jwYQEwr>Dams0?E
zAm5?i;2(xgY6US;X1anEv+R1?tCK3(-x-va&$|zIf9Z|$KvjuV0HhkR{4mJ`sn5h6
zqg@HM{8G2e*ditCCPvTyVp@R)L|lKB^NDR9<h4gK9dntUOddZhpX#>(a;+a8Mj$B#
zAELmJhGF;XQ&R$QZRG{xI9Qx8FOtZjyLzbKrv)g2TW?}x?rk{(FCzsDjq42{4S~-e
z#x*~zi6}G(S_`c*>Zf@N{5aeH7(M>a=)3>tKWajR0|6*+LX^THK!6GWrR(eK+n0xj
zUu*U~!^28DDuU&GxiWed8lfj%8vdxQkMMvJ5y%jJ#m7N>G{Eh<nb3fYyRe|7+pvxg
z$(n)T3doTE@~XXB(9cen0TI%xa(lHa5Y)7`zHSAuq;0=a^ShkM-`?Hh0?jAW2V&m)
zLxR(*Gj@HH4hyv1lc+ODpZ?Q5a{thXe0l@IPAWGvPKuXrbdh6O+sVm(Q|XUl^8=l4
zmX;u>$EVX(?<H&Cn!*tnn(kNx2!^IfF%!(Z_ujJxHZQLW-Q2?2$ZO+8Ms>bne;QE&
zs{Ks$4987(2tY1G?0yWgSWV5L#VYMs&CRPt0T-Q6F}9BeTPCq3*FsJhT8qy`Cs*gu
zfPm^1(rdH*6}Vji(faajyTX1G$a?ZbQ$Zo@bnHX(>D<ff4ZEHo0C|`XTbmv_IV?OM
z8R<@&Bf;~Fouw1CQlm&~ei3^bsR=k-^0>l#E?fzyjl+rCcP8f0|L{ur1QzssJ!C$Y
z>X32NR&}4Y;(AQ#;#v!`W&p0X(bngRuA6x@!!4}(>kSrLK&vAb{+CVZo#MNJ-h6du
zks@G^zG2WAp$ZT`iM4C-M!_pSzKbJl`fmk)(*|H?T>asebCiw%<i;b2Ad<o=#MjEN
zy7&MxurH~#BsKw^cDe2yH=SC|n=m|Ot9AfIS#ED#8NIPvVKFTBF*gVARV*$f4!A{<
zt6V7T>=48G2o8U=9d#Jntj02|w^C{=dh2w*5=2Lux3$B0w-6qgt&^h9`!8m_TSG~<
z>6l)d9sZF3%cIWa&Mn8-h`^m4C<E8zZ*W)(L;xt+fF7MTpRLul2;?e(Zrkj45FhVm
z|IRFQ@~dcy_R+dw;vcU`MRdnsZqXZ#**uacqRC^4!{B1>5!N)CBS2dRhjV3p9HVrv
zYUM>rLt9)e$q8yd50xOYuGCwkFPX0=qA=VNlM;4WQFmN9&cSRs(ce+mQc&>oOX6BE
zTuDn=^58?tU~*v40R$8Xp`j6pfrs<n{}j(yi|%*Ok#E0mM*TY2-@8rZepL$(9^76C
zr_;a(($3=X-1|)cosjJIZTHP6J^fXu{VK*w$Az_L=&KwdVd*hrh4Lc4tRqoPWqqcN
z-_M=c`;Ed#D>1nFM!<8(e>e>y)Ar6;;GDOt`GRTbtj_oVRv9BQF3D{L86ck)-$<7=
zKEOZTJTXM@QE1aFUtU;u*4*%hxTm?inH+6`XK21Fw8f;Nq3_}HZbZc?+<CZA0I!7?
zzn}sj?-bjq-aiS;KB&((<VHnp#zhdokl_Qpmz3zV5>fyB?7imG*5<FKvXsj|7zUJ0
zKETanB8H|Q`Vt~#c>><Y>MeHHLz|Y9lN~>>*Y6;p6$X9rd_x1Y;PF4^8?Md3rgvN=
zqy~uUv_!h<JmQS<+2Lq=JlH>S&d#jH$4BSB-4k7MT^3Dz*(z2&A0~K(-hY#5tR)Od
zMpr~JW4n<CoHYBTQigULp*+Mr{^P<|Y};P<%+FV+sV>(MQ5E{j*r}T_8YC0Y0xBLa
z?AspqF;-q$Ew%*2?$034l+&u#i@T`X%{a<a2<+(kW+B9(ZSyR)SARVLtT$rJ0GU)t
z>&{<&4g~%L*+&2(ZuvVc$<1G+TacrWL8}J>`o=x*0MtG0Nc}dkWs>LBg~yUTBsUld
zb^5F6QIDATn(w5{XA4D6vQDAX8Ol{sCi-^(zBpb+81TgSAj%570efH8th{VItO5aA
zDD6mU?hQQ5#AqLEjbqSnN+M~2ZYq}N1eig2d8LrPlNP~~SUe1|^+JKwKsbuuKx{p(
zoq59dV$-5(=ak_6yrt~%yiC|4%PIMXizVMcH=THQwYVt~g7k6T_0BCB2tK2R+q{7#
zC4L7SDr0f4k}ZHcJHAE76*^l$3e9MH$VkXx24^G#P@<MSxV)a%Ts1w{_rz#2UK?#q
zJ-F`db3trIbN?8eyw4827Pr#QTv@4MPzw?BU8$vH=FRy^qN$L?(@jsI>+|MWx}+s+
zlp75&AC;RfT3M2=Jl7f9c0I`!o}%)B#t%q5vnK)6O4*Cu4~tQM&KAq_S5;JsC@quQ
zc3l1aao-t$^{;WgX8~}x!G02TO1tW0D#pq7=e6ea?UpJ!KX}So;5f8g=|=>PT)L^u
zhlyoU+V2pK)`v)}P_|RE-zP;<uu1ger;GD)z2tbRWGq;jIt2o?`Faj?PInrbVn>11
zGYoNv|DSBz#~h|aCfi?W)~6v4)}KvmGGtWppBvm+n@6S~V)}z8=^GX9U={2<4sDkM
zh462_ugqWa0D$)oPYY1$fcI}AMf|$~)%)wq;HZvxG2+ngi)A0*-rwyX9n&C}HuP?8
z<4hxxibg}JOq(>8#KctI4`Gww1PH;V#Ygeqe0o)-09*kPWhdg1BsQ&(OL(`5?|}+Y
z=|650P58!b`J71nZnWw>Qqu}t0J*fw-XHfX#!#lNcN-D1t!&?bf{LmiJ+)oXV1RLo
ze}sm!-t$C_7}8HCMoAva6vqM97H^+Q1ceFa10wnU1c9eWKehQQVSJ$9TkZEJ3+v#D
z|86_sZee*<ip74x7AQru^Q3!%Z@y0WI5>jm;ouS4>!bay=q_*gOfT+P8@7)rt9Oj;
z<wRZ_R%35>22Ti>*o(}I(1_8$AO5=(3OgWT2T1(DfQkbQl*tKdkfq64g}^cJ$xRW*
zt1O+tS>0a<*zU(U8%)gU-A+;%@3ZouZ=CKdmQAq~Y1-dF>NRs8fIJV4088FlFp!3c
zOIl4+w&jwZzF~`$4>F)4u~{!7saIji=q8sT0I0M}f!!`^b2f~+flZ-lT<BmC$!j~n
znYuk}OsweJ^o~-?u8FwJrc<;|-&z8n-))b{GX)bfE<?!E%H3tfxeCWLp8$o6Q!O<;
z=66WYar4Y8Zd@0cu4!r{mZ3SKYENmdE(pzlV6Dae#48-1yIrp>iO<5<!P#CkJxx0G
z3#Zf%W!#6=xgqhB?%teY){BHvzq&e{5q`s>R_z~c42?Y^_|!ju0UKt6KcQSUepR?V
zrUW$+pdS%x0~Q!2_jNnIPgaMgg2?=+nJk0Wh{_+xc~F=2$!#9HnR?L(24}5iMsa5P
zB?cMjIxDA>FFn#cK3(szeG>Q7Iq~Ac*-2r2!?%$g{`da=&oZBXtzBHv&$fp{;lC8?
z{->k8S)1oQO5Oe+wV+69Rsb%&3%D?d_?5A_2H92Y3?VCg_>Cj4=0`2W!BE14mYXxH
zMdnlBYhSj#Z~vA@XJ0|b0Ht}-h5ZxlU+U{vPsMq)*WVCSD`hs#t^NPrYDtL0`8ueg
zksUBwia%d*vs(f#)Yl5378>yUupEsI4gUrYD&3u)cJ%w{z)HsA(E2cdo3o?xZ!yuq
zmjA&j@-Gt)@P9h#2$r+1J~sZl2BE6@Nn3IFl&0eE7#(+K4)#99iv1{v3=FaWRJMMK
zI^0t7Y!mThEhTA^F~b^_Jn!QCsX6Y8#GfC@8hxP=#poPB>6LH0JTGuQ2U3M_!k1yp
zE0e<72_Oxko!L)%j@rP2Kl6joCOfEXFXUaPg}3Ij2Fx73S16YrW9=P8M5v6g>T{E*
zEI)CscwUnljH(0dRH#?w)59dQWxNtBWMg9@6GqISsK|WmHEoC@G3$mK=@(zThCIU@
zyx(*T7dgiLrlb*ML&8AUvMB<rP|q+r)~R6RM^Ucb=eIEV*?z4pez%c`_Yg!G6mRk;
z4Yu2(Mu~Dys}8Q$zWIN_!fR{a)y!CgI3mpXo4y0yJL8^8G8{BwC;=T31MtD;aUc#C
zauqd<ZNJ^$|NX90QA6W^vD8x+A0tgeNvRa9Wcp}WE-P$|_G<l#+b8U}FV9kwlMk5K
zHv=M@?Fx@L5;HRb<#>xe8b=$&=puPrUIy@zEmc|N7I@&ddW+8T?tM3}a>=<Z#9gt7
zcgP?zO=DM6b>^&F;<3^MIYyys?RcdU0`D#H{9B<9$tORbKvUDg5%(H<iVBT}hPung
zZ+<Q|1%<>~Hg%<M5K*BId3<B1K&NA}iwIDl{Q#yLc&0$HRqLQ4?P7s<U`xvi#q8AC
z0jXLcxFeaOTcn6}xn>eB^B?Be20URjO)ag<Dmu-EuYAUXkqAmfKlf(&P$s+2x(n|T
zBPkL0T<rR>wCZvSUec0yp=gze?{rnrJ(icRD$L?22WX1V4y&VsuP%C^!)8boLPC=V
z2zbGoTd4_o5n`g2$j9pC*j_Xwzwct9a0<#U=0r5oY%G6S^DSvsur&P>Rkq}78=ZMO
zXzOQtb5a~#_;y-LD?Li7<b1mQgEud)Ew0lh<{Et5j6!OkyWHBlz_;tqwtlB=M-OMy
zE714P!}7WOlJ!v>@tPjKXp?vE`!F&mKd<jklE0H*?=WjpZmF(y37u|VIZNbn#FR<o
z6w=W1nCDws8Ut}7p=Aofon8oLv|0PT$6U)tKvMyIQ&M8%Jo)uCk=N+`fRZ%VUc2D;
z9c;ZXZ6ccXD<S(HI#UG;6@Xccdsa661YELrI|p|e9%W|ZsXi|eV~I+sij6Q+=&8@d
z%q*fI<FBk#fu5o>k`!qFK)L2u>i#o}hHo2}Baerk2B~Vw)%Yf?&!t97FGbQtT2@Jq
zyTKT#x1c%s{aP5Yj~B8~^?**Cga=vNZFnSnK;6Jji5b&q0+r7J$y!u8L!u8FnxKo*
zuoI{Zle1MIK*Hk$Z<(a8Ct$s>uuDGkyan4LQ-O@km}yAGR{R@x>%Ap)>x(B$YkD1&
z&Zu_ii^pk8<pxTY_bBIE>dZnVG82U16pDkhjyn6ZvzrTif9KXmWC}yW`>lLcdEU0<
zDkz<&%D0Fr*7C~RX3f`o4EOl?RBsF$m%p02oE*&G1Cdq*r6`H_Npi#OZj<Zn>Ei0y
z<RjMUdG+x>iXDL?TKnGBPH-^v;1a^NR1P9&GC$jSXUWsjfnq|4k-C{^oKn4H$Pk13
zWH}c(YF*TBP>h&#==RKNf>r0PtXEIY=+0D-ZTe%N22Pn^M!vWwO96Fs^;%=`zzi5?
z__NGcu6L~u<O5SxNf^Xq65*%UojLwrcuya=UFw@Qy8R2@k<mKPzcNDmrd-`!XJFYu
z_eJGi2il&zAE`0~GX*81q!X@p5`FwS&6V`fhzScOkCm`f>gw|OgZkzP8|=Dd6blx(
zl0R~pq~5UjakY+$=Nht5LqygZiBn`Vaw^dg893iSll$6^s30;5@DX%KgiHAtuozW?
zD_ixuPA}3}n=4FFKYbMWpt{8dyKL5o$E3NH&lm?j6#fh`vWc6e{sj&7#Pkw_Q6T`v
zB^P)Ub$(NxG?AkjG7saqadj<8Bb$#Ew{a~0B%jwk{_I(SZ&<XUr}X-Y9@geQs;P;>
zq9xmZ2^r|;!_dDx>x`MW_YGhybwZHeJM=46tC9&*Iq$GYz4ld8c)xZKwlQJnsdZgZ
zI$x=w7AfhFspqXF_@Vk|rR2cr0oUX>0~uVtClg6=)dkw7YXLX{{hPK{n7y0x<U<<;
zNq5R7Qj2HT*h*tk1(O3(rr(!VC*2Adc8+gTht!2-f+<lPUJW+yYK^dTC-SS-OW($@
z<RmhtPlh%-e%C3H9yFw6URf%K?a~)Q%cL=UL{i>jsM9jEPy<FJ$b5De&6ZJeHR$wX
zaxwwR^i#0pzzCAXgmgA&@^{zm*L<))lT~sa7NkB!;1xV9j&PX@d2*g?h9vS^6*zs!
z{AsweZO~CP92|kv@oGFGQc3ffG!7SjAwC-@x){S=9sevcd6y|HUPWbFP*m8lfhgPE
z-miN&%FtUGp7L(wBYs>Y_T)<h@sBNPwSIYJow6bqkkVpZ)G;`cV1&*|Qy`0@mEQoJ
zpYMv3sFl+a>Y2wN=Xkd2<bnv7@JF0VN>*LlLUg#DV`{H`rQLQ6DXAdb*;QwoiuGhw
zqDQ4c8^2Rf<@RpCJYj0f2O{?JDBzOrZmNV<Ei6gF=k_7&T_UOuccPW2G3xW6CF@L&
z@q9m<=1#V>q*a3fH_9{^{R9x^s_g}0CYb?YTqa`pXB`qvmj%pCs_|?JW1Zd8rN>UP
zA)N-bQN6Dw^A#b?O!Nqz7zSgYPnvzPBs-;@KH(P2yr$Yg@heCazn<J2yNc5vOTd%F
z;~U0sDA(dq-6o2~>RyuNa`s9uy(q_?xU1El&j)DEwtJ7Rw0~Oq411b0Uoi1-N#2wu
zF?urzl(ju#-cp4{ES)WyHQP*>JX#-kEpdAzcmDdBc<0k8Vs5@dLAeHKD-6y$2tgJK
z`edh94GK0rH<A@1A>=S@or8#B418#?VFN!^)H8|1gOeMToxXC>C$~Vc?QcR1vQB#o
zA(s^}4=g_mBU1$!(ek~RP!|zGr!HtRmHKXv#}GX9_P?aeQ=-VfJiXK2C)#))Wc@2R
zZHgQ_1ndbdz@U_5{>$5R{jP}D`{ML?0lj8&23t?SaJBry(7vfTF;*lB0GMo#LFTEB
z6>nLnhIUr^@sWZ^<g4kT=<z+GZ14Ti*TkmpAYMhwd4-mKoT1<0a!Schn-4IJg%iR(
z6<;SY8?2Qw%LPEfAqHJ~2p*a9H@&|7n1Tpcqq)1~0`%<6n1GZb5KL3P^7zPc#bvn@
zEkI+}?4_GQve6`(rH<tb%HkKGMUM?ER&TRW-K2?jHyt**tzoY2B1WZPB&ZB4XJjML
z7JH#(61AGdVp-3ckb3%#!oG#QMnUmW1?3>%z)Rgn2bFLNh3sQpvk)o)XTCS@^(N;2
z0W*sd6>Yh!%ln!9osDkr4*Aq#mG<UwQq?=K<sza0k9;1SU6#o;csMv@itOg06-o1S
zQa^44xv7jx3%-iLt?e$gNTks$EK*1*_xz&FTy_$?XXWVah20BV^bkOEaNMh-vQhWT
zPnzbR#}s~=BPG9$1HLbdLU9s{I-X@!_YNHT{@H@Yb(K6YbW?b$r*#~2BW(0jC{+5b
zMaoh*UI?@K0`ya7IO+UKv#fhx^rQAfvQmW)p+Nln&@ji%NeYaHL%Np3XZH?dndLyS
zZVl)->>bFR9>NBa;4NG~C9PJS_Ssx6*J7*R&+sWdXK&T!7rZ@t)9RwTC$>owwjZGe
zd4IfD7~rG7k?-#dRmVh*+LrTO_u5Aa%fdT>_6-p+MyRT_H7Mm%9t1uad-#3Hxh2Ho
zw62HXebzax2HwcMdJAIF=7Y_)ZNGBX$N*`;W%n%=sMp$h!OwMX{#JU~-OB9K%3^%Z
zYEqNfweVLKTEbJSsqf;e(vpJb2jk)*Wr(_Nyk0Es4J+wvmf_f-2O})Yq(Yoj=tcrq
zg=#bNBBlaaU;YS|_)|hH4V8dj>EJq<F2R-a4TOly8j-<pm?l5~GxBH@9r<!y@`p+e
zn-JDJ{g;V-XruEpH*c#23$d0N;!>;ev%2TuwfvL%A%QuHwP6L5j$84Ku9ghHwnh~O
z1VV0e@Kc*g&NXT9Vu`5|OpNF@cw&B9Z)>eF=g%>FGJ(PZ@73yNN|bp4OuG@)MP_Fs
zCuoY9cu#^6nRYh5fY<I1Sw%O<o~r17=i_Nj*eo5L(xx9P<38C_H3l~3^=Pr^LJzz=
z@~M&`j7oXb|4v&R36u0;&LEwf^QXJDEj+PKGyGY{vx|Nw<DrW3N@`$#$;ilL*FR7#
zybih-n`xcshkrnwY{G7xlBuHuN==OC9|Iz>m&s|_$#XN_MoHlX9zS~xWL<uK>DPTU
zUZ!thPjR&lq!O@hu5(Q1PxtE%GacUJ%VYtnsSm5D_R(bsS7m|oHr?Ce?zeXKSF7`q
zGkZ^JlVS(Y{0cvNk&gTn@}qi(3dsrlV=1HB+xbIkBVCo=dtOiK1H>1D`&-ib%OTVH
z%W%^~W~cYppGdkB00%o{6<@<nJ8)7k%u?N#VjL#?etFo7qw}$&!j{2$DZ(-drrt`#
z`q5Ryd->#grng19nZDuZ=s1u=$&H;-dyX=*^-pE)UM<`xIkD61<V=nm&d7^Z#fpx@
z8N7?gmht&k*{^$hsU;=1Pzy6XYI?#cBE9`3r?3*6q4E;QpKPFYypzTa?e}oQtRG1v
z$#Ja60Fysw=1nb&NJCBCGQ1M!?`h<4S9fE_s;5KPH_VhK)Ng;O$_a5XaA5~`?W}RJ
z4cr$i)>xvVa_}if5=Q{urTYt8;(=aeLhz`O+{!HG%C!e7dmo1P$8Pa`qw)B)7OHcM
zpeq)A|7)SXSb!03S_k=aUm`?jvgy*f>US3^?IUF%Pz;|bXQTQ1KKpp54D`{>?4Dgh
z+y%rPQ?53t186;~DDn@^na_<3Tu}IMB^AAp<!1ADa+5}!hS)!+MABHuOwTIsQJF=6
z`;50P(DK&hS&*Z~o6h$;9C%ILZ6*3*y(H#F4^vIL;l!bV5i!TdGzxWO2+Ca^dsKf-
zyN|n4`V5>)H&&lc6RB;wrL|@kC3^}_YU@joat*iCPZLMvStv#!RfLi4@TmmPGmkaU
zaa61T6Y5b2F{(I3LDhF!M;uBVx9^!XFOy2Xd{=Njr5&x;zMNyU0*6zd$Eb-?wCZ^w
zVj}5Ojrtc7@4^xv%ucp>;b)v54C#2kyZEIw{P>Ir14h_Uz^3@_fOs(%t>mkDTg%f~
z`~;e~DV};(uETZTp|E{5MZ{m63((ZHEopAe4%ReoH`$)`B-EnAO<%gD<z#tmAbbjp
zM}0i31!qj!%^yYKYRm|Wlwq_-T5<z6lI&ub#T}zPQx7~}h0cy8!YP1lm->a9C55xI
z2$+F+{s(8J1E_N9eO@IN8>)arxv0bp447%HIrpUfV<dC^<mys;NF$RNr!^&TR>tdr
z($^Go7n2r}tE8#5f<2onm-H*0XKt}d%aO_WysY|sVD0r{B*EgEh<j*U{4FfH`OFza
zZs$K=MY|)fkF;#g0({?(RmBNib<BAh=rTSgsrEZ>{q6a^R!0mg%KPV=(_Xt2Wx#N*
z$f`s8c#l_6*?~Sl-n`mJWc<AC4`k!J697;;i%jV1F-{BF4cE>BuXHY+(Aaf|-L`Ug
zVT;R+uK`;K5}<t5GIghEUp4?&x~x+E>9Ge$Lf8HKhviEnnUF7F`@HO$YG$yBjk)uz
zkyOaawX(M!w|84hVIFubya66%4GLDwED!RAi$3XXr){E;haxU8>*O+QZ<m5~(lII$
z@D`+F=kJ#50uxb$>)`r;8C`^4t=d;YedhL}zV98q(r<B*_OPP7;49z|k;WL>sMCC}
z^dfaBOf)Sp?*rd*VR9o#-(>s~9uYFN=hw_@tEq`e=HYqCB+khHjVOH%q|V@Nz~F#c
z`$d4n6FE}WTxR!{?u;hte7=6-A8?m3ZsvJaHsiOKh%p1Q+cZX-^19?OS}}3)wG#ei
zTc>p5#FY0D|H#Vz;y@SaxO*R6g{xE)|Ft7)t-gs}6KBw$3^RM;W3Rt?g~6NYVhv2U
zLMY)E$M?XjF*07x&seNtM@j)_08i6a^0S3VFglNSw?C|b+^AI|v&RqZ(u|5NN>v<`
zcj<Wu&yWo=qLF983cO4jok<LXOQ{#l4I>E;R-?iJ`CRV03OSoLsh;$C4zyUsXWEj2
z34^o4Otv2Lp)cV|`jZYdHrm<hTOIZfSM7>%W#yF;VYKP%ImEUoT_N{iH|Hsq^AIYV
zr%oZ8okT&-R(HC01vh!JCLcZ(Id27`JxyOw?(Q5O3aMoC`zZn9iT9XvWeDXQAcYh0
z02oujsvrh(Ks7~>Ol5x_cF9a8)yL?4q)fL`t`$Ip+!+(W^D`x_)R-ib3S~d(9|lxs
z3rUHd<{FK1lP-40V{D71*phSuhZpUjxAMEp)vPT_PfWSWFj#SOKt4goWqs@B#(L(T
zH;sJ^$rd%O8E~fASwO+9FEalgA73aJnO1bZb#%PaK0%&hMmMvHLu^%+n2?gEKX+)t
zbN%q_z*}Ph{oG=w5PN!9H0)N&wNZS2JMW1hC#M}^tYX!xFvzi%ghg;Rx<ya{YWk-O
zFt1A}VQZM>9U(bHMKRTu07R&s3|%0|**)UCg8J5fsN)$L*%no&y$S-+s*q$;p*{0`
zlz4QfnhV1!tseU<u!)nfZ|+jy8A>u6F*rgiqVAN|$d99RCBK752`|J)??zN_C}wCO
zl7k*1wqa8BD0Fqb5Kh=apOPdCU)NB!RCGz#vdY6*{<Vs-w47-i&CNZcF)-hAFmNDY
z7@1jLdneVU1sH?HeeBH>E2pNBou2G-FzH!i59Vjrf)_EyX#lz}9e=Bu@!c?c5+==j
zycR+RvljiWVVs6N(U=r+n(u4g1Pw$Rjn68)+!d&^gZj)63Nwu`M>m0?Sy{B;O@vKu
z^<6SXoUtrB%tJjA6+68O>0te?nrXvr(&w!iTtm{Wc%={7If^PP_`>UpiAlwEeSHhR
zzaD`*LT59Abr1hAOh{*4C#<mt#K@!g@o#6PO2a)|&3%+)f)JT}b!%*ZJPkLU{i$tn
z3$S~w{Z-+5a4k;}B>uK^zsv6Q1yU*<sn%Nu>=0yBF?rJl^vr>G0kBajO49{UnT;zN
z6a0zg?c6`(vXf~kQBR_Xnb1y^efyq2vl}WaDv`Doh^)@GUV~Igo>x|mH7gcd1W%pJ
z>+PB?t56Pp1#IP?qY+6-kyf*@+?$F==N2YOND+dchdI-_jJiy`NdOY_o`;M{z!hqZ
znqKilm1Ar!ALeY#fY~y~9H$AX!t9oNH49iS-`IOuN%&s>vuZH+yVNpuHK)BEihg>~
zq%RF8WqfMJd=e)*25TMcb57hoMG9jz3Gb3tg~=02eQ`nx3{(s09$lrYHG-Xz^lygz
zr1-39bi`Rph4|zn7P+z4Nrdw7DSQ^4QcBqRMpizJbs9mQMxCP|4AvJW6k}f_><>Ly
zakq;((Y3+KE_zq-_j#h+;>%2K8Q57|Utt|q)e8rraFBLG_(^>lQHQEv-ei6VbaRI+
z=y@_ZdvhxTM)K&953>ax@An`P-Ua5jMa})y@?Nd=`Zm@Oi$06~p{`N)nDrj}Df@Gx
z201>|ha0H@MME2N8UFZOqm25>A~jMgc=faqX2Ghs==~s=^}$}F{$EJkq4j(GoCyCs
z?Cjcf>W4thRvRHZ%0yyQKLB+4e7~eXz;zuk-g-$#k+E2=H|yn@GNWBi1NZJ~H&D;B
z=>SS-Urs9wAQF4DT9UNRCoO&OXyt>4{pDzlTBV>T3d1Zp;4t~IlvcUh#8G~Y-FRo#
zeRo1K20I?FD8i$sm5JT>8?Lx$!2EAMrRJ!j@}Ao}-Q0m}t9`Ku7^;R05fTl1#wJ14
z^d!HQyMTpIa!gL`3nC@?r_tY~x2`8|4wYw8qk;&;M1$66<e|q|IOPOl+0WkQ3%^c}
z*^*LWlkT*&Kjbj*#sf7}(_s@!gCw!37Go#NX}3N&Ee2>&@69=W(8@Q?aFHK#K|RJP
z5HiY_sFH(UsT}5s&PS+{b4;%fX7nV<JosEO|2sA)wc!rAv-VK)DANS>A~GSF06Twy
zP_7a7T}D>kJ7^)ltLK4gI*<zm4S1Qui|Uv}poIT%H8GQ2PrkgeRx@|YrGZf?(_nSJ
zpuon{A^@FP7WT=IXNu*inG&Y$NYe7X*NQM2?U;0KNk&}ZXxB3@iQ)9wJUb2Aqs5{&
zZ|(QgXGwb8G2u4En8{R(!BEY}fr4tyMrO>!6kjqv#uNq%|8?qGooUrQ()qW!u9rW*
zPv$kb6%xF~vPRI%X<V6#hISMnqy>9)%(Lzt?PVGZs8uarp9jI*&)!tQX+bL;jiZoa
z=J$3)U%-L#_!`))*O+Xh)j#(2itTRqLW}k+e7le{WjEg1d*%s5PHI>{U;+1;gOwk?
zn}`$;XYkRpqnq~RQe|Gm@=v@E#Z4yX;%v5MgelXEBT+#;3JL>iPn~}{V|@SU!93F(
zej9ySTv7CFF)?J5&~}yqMhK3!Jj2)G)3<7&A)xnAica%>&2WQ<bP8AZ8K{W{bU_83
zZfzGAy>P?vhIzX13Vh=I!c%y<RVJGqISGkT+<Vg)c|s27e^>BLDTPWOy32QMXWfS?
zP6daAQ+0K;hri*(nG%xFLe2eHO^Jv2ZKC?0^ZM36baprM$Ve3Nf`kNgS`|7KY<);3
z>?fMyeUC-W^4yB2BeX+svcT}RB1<~U*nEJZqVsUv0}pgO78lSg=$nzi@nvwf60GoI
zYU&edAMHZ~{2dE4_Q7uET-y=xgb$ba?-o@#FMexo`Am9VNe7PygsX9mxf-Sv-Nir`
z%~)Pr!U@^iEX`*@<GDSscES4zLsQB5yN(zcHq64Z+b@LS^cel|k-D12qPz^AwAHYm
zJKW`bVM?=lsU89bxLqt%zxQ5r{+!?DxcT|xJKJ88$n`4t<+W2ezCpwwt{e`QAwkaT
z|2?41&TgSS%9QlJN&ND$2%lc9+N;S8MWaJcXwYIH_>FqEy6+z61$;8YUJs{{F4!$f
z3V{$ZG-$P&9tkMCK|hJE8j|AfkT$ejZy)7P2Et>Qn;Z0ktR||0V)1px+9=(E-fr|v
zYdCoSrbc*N4y7r!IjPs%=jAvYq3twYyx#RHe?_Kc3#q9eHf0CYUF)KF%_n4)+3s@f
zj^ja2f(GARG3)={IY|987ncA|-hriN;>nivwe4n?TgF_A8NhFD)k}7gS@&G@b5U_Z
zdX23sFuAl&iywLegEFd{p|}PRAdLS!7_Wy7c{Rn0L>A7!NzdgQwdg{dd+CKw<I1Oi
zO=BqoCN98MU0kwB4}!DD(v?JxQEltVR17cuwh~nIjkN_^;1cC@IR)+Oqktu{UgW|@
zRV6Vqjgj!!Azo_69a+L;n0zd_FnIJVXQGwm&|A<@8A``&d7~$|pi#wTvSsT*81!z}
z1DqByi&wIeX(FHl>L#SDlgypZ<u8s(c5h0L1KM@}z534d#H_A|3q!|CLf#d1<u%u9
zq5exGI^H3LyRu|YJEAAoJ77w$cX$^Xmp%fK_eC$1u@I?&wrN@V5bwym97<i%V)MIH
zaY8ndbKJ@5z^6Oz^y0SdnucKyF(%dr7*tqe^oE3$C#X7Y$5vn(-fwUtV!RIn>BG8u
zWr@qsw%WW$ISyy1IdBk$uf!o8HW@swx84fv__wh?RQ<-_6k6B)y?q|&`WSTy`8{j%
z(Z>G_SZ29^&W=5V_ZoHrpS6XtG-foRbl&2%`26o|UGZ#w#eaLa|LH{MVmdtCcF;^g
zn#VR<*!(a-2!OhU5r!@ZPDo50f}Z3XYu7YSosCvD&6ZPY{C%qY39Y=gxGp1e?8W>%
z9b2+tPHZ_xX<k{HGH|Obp{Sag?{UzwRFHAU>tNqGMG2c^v|+biw}xX@|NO`Mat}MZ
z))MBMiQEtEuRm0{Cm1+d##~68h9o=mEN>s|@XJ0hFaQ%@dtQflGGj%a5F>ia%JK~>
zyPy9vIa9D{01#9dc|{P3_@4U;n+IG$QGsLfpNA=bJ(_`lGi#b{y79w_#p%;Vm3Y8g
zy@@fe-DQwEVsb)$P#TM!&8SQG@v4Gn?e#P_HK$(3bFfm@*A9r6i(E!pbHnoyzmVJ-
zpfh8#vLU%G@|7JxI?zX0O7d)iG_F4}^3w}N1sLEGVE7P-U-tdF#pNq2;k&EJD^rFy
zLJ})_{3;J=8k!dk6fgGdYUKHL>h>foY~$yqJfcFa3Ut>s+g3v0kl|UcxlsYYoBGfz
z2eBmU+bAQm^)NQwVl_q^cs|_IH0ku_s<+^o&*381v!mmvw}TiVnGcg(yxNH<c6-8h
z%SJsS1-VCg+{DGpekX~Od*lNr&Z9Jyb^_{gM8|rEYEoK6UqVUWMKSxj8djQiE1IdO
zVd4}Bfjp~|Kvj3!x(MWD&~#=!)IfGLs@GFifwi;C9ce<XmFu?isYkqHaax+Bs_&WC
zevz1E1nFuo(qUMh(*k&7aZ+v3^|SHmclQoYw`_osknP9Im)Av>?$y&h6n32NB4)<Z
zrjT0p*=K_h5fR4r;3nlSZ(|yY%mFf_O)}dNxa&=8#Dh}(FlVX^7B8Xj_w-0_(+Kp3
zov}Vuo5BlLURldUomDA=Cb0-&hr#I~*C{D-PFT&!Qs*x}(+t16%lM>m&X0DnOA4qw
zY`?EWtvjADl|3K=UxXx~QYjzSRYkDa3sOI%9Gwel=&Fy1eJeWud9+~TLX;}AMV(j0
zmcBS)Yr_#$aq`nAy${<OE)GFcJ6{S0MGmaIGj7HP8+*XI&j4|eWgl!TAdB;MZFf@S
zoarA}Bl@gi%&XS{pr3sBHmZAiDQu~%u1|M1d~=`qwW+A+r}eupsNDSAdJnd&q)>`{
zjm7PXh`XiNcZo<M>VxHmRN_e`GrWL7B=Cqu>7y}FJH=%zB3ePi*`KKQxvqCZQY{_H
zfT2*UIDYP*ruxtj7}MS5qFlNQez(A@(5P1G1w8}hXNw<|-;UN@HP_<&2B_UI0xv}c
zO}X}`Si}o=$Z2bj#gsfVcX7Qqm?3{ivP)UgPMeI@z3wtrzQCRLNt)MXHis(MvXyXD
zfs4g$GSbLs!OcQX-0bqW7#KdW;UT}ITNmTPhvysIe7}dzY8eEsWeh+_tmcuOubNg_
ztf;PWupqIZT33)O5&fWjmX=r6XWP`eU!D3kSkRpg3K;r;^;-z>GPYDo#b2B<ido-s
zNR~f%i$?Z5ms5=o0>{2bVAEK^;QWy^yIK*|W2b6`*(@V;G0Oh_)BX)rel-->dajHz
z&5F8>dorBzKeQ97GcgC@V>Afx)u4)WfKp<!4cp3kSv@4rP*H07R$`8qsmNQ_@~m_<
z&VMV}nc8Pas2V+Z-P7G9tf1yM5+X<z6?J*FPfcp(q*{yeP8S83PB~7=-|IvaH?lel
z+x6g}@-VI1WI&>9F`uh~e}aXRE5f3>`tYNodvs*e0hq!4x$SX0upKM@mwpXRu(H*%
zAHZtx)Q+0_VtIzf?kq+{%f`$qw=5v3)%12N0(%KFk}u_qd}35wHe9pd?T}aedyEnE
z%C?LzA;t~Zoa$m28(B5&M?;`)^CI6K_*4Z1iOY}uU1VL=)6@9PBO;DO2upb-yv><q
z9S7fw2F8H{kW^i%lhc&Bv<Rcgc@nCxW>;HT|8XTx%WWn`0QsOe;o8+Xd!Wq_>%NtQ
z=FM_+EErT3275ULRmVvo4FAIJQSMrowzs*T>G}R}E0@MS$fCynfr3m6{v1e<U#C5<
z1{`T&Me+d$cfhcopJKspu<|?D(=8_Rp~J3&e6vFTC#ULT6XYX)-KrvAMN&-kb_yYN
zdQK`vXhprx@kIxl#Rp?hi_tNmQze>5TVD}lhGU+7twkFS2!WIXa8xMg%FWwqv6~8o
zLTyEh*d=dyG1)?y9`KT!a%sLu(9%p9mrP}8%4r66@4{Kud=t5gB1t8yr)0w*a6UO1
zoBsc*JIkQ9;%;9TD-I3r+Cm9Xthg0gpwQy(R;;)ccehZA7c0esySoH;cXzko+}(H1
zoipdty>q|ad`mK!$!z)Wz1RA!=fMh`He4I-{;Ij_XsCoC<JgMZ{qr_{2QXtByBob%
zQhjr5Y?4W+rt%##Izc|OVYr}q-MNzX;)^4Dv}?h^SLK<taFh(&g)E8p+Ce~tcWT{H
zE#p%&lsCiH%BoHe{efK7o>_U?RLdTHS)GuNQ(@~s_!dR$z1tEXFYHx!;}T(i5!NrR
zn~!XB{G<{`w$ohaUMO-Bxr}~CfnW0XbpOseDK;+L1So?p3gW-XG5HS$-Vv<h6iaJi
zaVNrxEXmZ?5x|U~@D&`nO;^JCAuk#!xn4jPD96=6eh18~pYw}7iO8h(SEKB0Y!#HO
z`Mt2EZuX`?SDz*fiiEIf_9JHD%^mMRQNq_hi>=S=nHHy`P(P!*J%~O{780_$FgO<q
zcb74(5$R!25Q!+JE+N{IL3Y!93F6!FZ+*G+FehYQGH1Ho*OPP`&x%_Pj*d~?n>$s!
z^+oJm-PwcW^!#?PfASWvc2rQ<2za>UQAY^9yqM}FHrE|1j4h-=_VC!xz0~mWNwbl4
zhuHX=v}|ZO&4DvSD~;%D%yte4JDf#S{W5||G1S2{mRuF9wyCh~zVm(Xp{h6u`D$Sb
zSd*4s&=IrhkAuy?FoWG@kkm2ff2u+F?G8<mM5!GE0|7Y!%QY~T&u@dPT6XirWmKb*
zAavJ8f5HhL6KB4+^p>?JCLzB?NO@l*+Jn7c+<8Om#r|nZ3q2_M(KIk2*Xts#_-EN;
zHKAXKftW#wpwwE0kEG3b13iJzV=7oq5T%M{u%kSr6_kQBcPW+W5Xjm(ULJ@;?%d$^
zlR%ZDm8u^VytDuGZoL$_G)F%jh8TG;csPe$8%35M0%l+2H~oqCR@;aDgs=<#Sy4q(
zSAUk{SuxSgCq;zX9jD_##*ltW#Q`ZDhG9^0mP(*_LC88iW9ynW{K?8`$6?$O7=@8T
z))%-|j4AtI!d?Dn#v{Zab8Y7cFkieRd(^05z)!h(FQaSbvA0_`MwaVpx=CQrK40v<
z>rc9yRAI2hbA)D$L7@NRzA<^{;<;wN_)#&X62pGWah`HLm#J)O>UzZDHRmxSAL+i!
z+R5OyaLFIaT$cQvY2pjyG!ck=WOo35u;oF&)%t}>YrU6)-oUbAcC~)mG{vp?0M&!#
z7K2dj_b*<nqd|G<R!TDk(~pavNTW<4<0IYHH6*j?b3#S|a30t?_ptZZV{0MC6bW2P
zHPqLI0)TNu4jCmozv?R{BC16tf2mrt)m@H?AKSNjD982trmo#XMRoNE8A9UqlR|xS
zWvjZQlY^YvIVn?HVQw+X4a9saIxL(^Wp0~=SBQEMbo&Pz1(cGWs<aX=-W?1|6QCf!
zN0$JPHwF)@B9iS!jnonNL=2uU@#c4hmSczFvQ;!gLeiCGu*`y6aZ*m|5PA6vq<A-(
zF{RW8BUciJ$*ssJhzOzH7h27KzNfE!=rTlgPXN)gc9)u!S?e&TNgWn9^_*&`g|Uh{
zE8m8B*&aHYzAY%~%1=TAioIhau4P@*Gn1@s`l8Vd$+F{<&&O1P8XmgerHHFXb_`m~
zsIt`=!%nZttHC5AnmLHXK3l@o2DPWD{*E+sJD*OsjAom5e3vuWv#Ajuy)Fm3#r=s!
zPFt2hn>!IeX<(DkKHgUSH4|op*LN>`Bj<?>8yS^^=}|qNna#^oPir^s5VzNR1_?H5
zhZC%79(LziO*>`FOCVA_b4QSRkeZTKf=$CA5hxgAS-yMX981k8K21G4BN2zAOJ6hX
z-Ttyuu;B_->BkXi;2Z#A$$uKbas4W5>e(3C2^hTX^{f7w1z=no)!RakpVaSmuz0Dc
zwBD1@d3xHxcEtpahy{N+O&FL;GjUFyc<Sh66Hy6Rl@*kl*}V#u3^vH<ryn$9-9lW3
z`!?8mOXT1cn0J9Qnbq9FX7)+~&t2cxp$F%iKxK^m`n4~&u>f!BFe}Bdoj=E+L4^B{
z>rO?xIbP!3y@C|IdUyVM^AEVyC%L5~4D#u)?MVq#&gvFv8)xrtsXC~m>GAEdVi6eF
zMerZ5s~~T60%d<|U*}BnUMPOxlY}64I1x~Wzgko96<5taZFs~p22m2}h|1X*;HKj%
zh{{1`Naq<9(Gz@P4*)Ur-%rrb5#VAr)*6{fSDa#L9MQMxL8u}43i*6RhJ$T-cRJ_y
z`$O}Bj#c3oXP2Wp<<nNf;T1*~@0O4yA{@>~pX}@%+y6Q*td>A(t7+EEvZvl|Y~o~G
zmtYN_q<%z`J4o}T1<?w~X@7h$d$1Edlxy!PqBzQLm;4Yu$x4s9zuiY?@>qTqz2585
zT5aDrEUF5A7H0Q;J03A`dfh{*6$;d*zJ_UsQ6YZ7jM-U%mUP1XXV&y_#Mw$qx|t7Z
z_RWm{aP<~vz1%m;WHj?7;v{BK73XH-mlYk!zS+IAcPdoPIolCt`m7RP&ioQSZ7&r4
z=v1XwYr3<+e5H4GG3pkaVbbS^^~MwR%CVZzjEvFD1n{r>UWZbw$#?i?prGX4{N+Nk
zOmvdz>u37};NXy=Kj!9{kAlOou%|5|2Ks-N=t(-Gvj&@9nD|0<^8jGe#qL=zL+>CU
zEtPkr3|9|?f*coh3*74`DlVMxvr?dA=Lt>JDU6*+NFXALKbVP49Y)_ai6%vfgGQxv
zQ)V*l&e9|EP+$mav@)Nkf_|#&gnxCWVpSxvd01TQ2X8t~XgMp6EZ5i$UF-aN&b|((
zSc4BIi;FikkLj!a?TEXQ%NzhR!-9drzpNPN1@nDHzv>+=C^J<3*7rgM2)I$e^7fLI
zRLJ6yy;LQlxnd60-6C2oTgzyKzsOX~n^BqRt?9&moN``|<Ax37fkB(X%~Q^A^#X^Y
z2!>)}3_}&&QidYQD}Z#nW-e+x{xV?D4JmY4_igYFuOPUsPXbAO3Slms)P|qgf2At^
zsJ|h!t?6wFi5XxjR5<yp?N}J9BW0)=<8iTJYquU}|M}3Ae8QQ<qO>>pG%u6ytkipH
za_{obdsYDt*Cx5<K^BF&P7jW>N8usMWZ)Rwbn{dka=O!NDt)p9`m_~il?!<jaOIh*
zR-CoR%N@1nK@X}1o)aq}v#bjZSCCc|_Q^bF6T`_HI+q&?NN=)2(_0Mz`BPqXQL66H
zR$Jp6?Xd-==u+i-0@Uzd$+(yH8ziNMxjTl(DYN<^r({**hZp#U0zCTA>>h6NZNUox
zPkO7FvZa8GAiBAEw@AzAHV~*D(q7@^U_m<fmPa5>kl8ba5AC-a4$v7_5WwT>&<IDI
zU~kT9pAec6N#7&KB&i)bNP=5=QW|B*t(1;Aqn*GuuHl>dxl=o5NdXrmc^gq)nT~DZ
z>Be2NLcJWui$8!WMk{|aXEMagkbv;s^G`HaM!rJph)eq{Z+R;YQteTxaR=W*<=pWM
z-%9d~p<~vg@XdoYe`zx!qZ0*C0^}*?hWq~~PL2d<eSkhK&3{G4XPb?IG~vJGIiHKj
zdFp@C<EbP9R!&<qPE>Wv<av$zP(MqUvnc>&17>6l=V+1TTTXF?llifc?ylK^P(lb-
zpznm)(Nf}ciDMBmZ0_n1goJBMw_MX!#PSjCiR9n+h_!EO(FVpZR`;f_&Y44qZyM^?
zI=su>h4i#zB$NeT7Q7Q=Dss0o+JZvKgp(QyQM`Y!YOT{8Tmn<_YkJw<l}7RUje7Z#
zVRy`KQ$S0{QR${*G+gkq_5kIo&sslt_3||FF9_y0smsyJ&c6f1`GLvbG8Q7DdI4dR
z_<vD(XFzCdzenVV(^c|9)Y8O6bwWY4_`Z(po|t3U(4F3{fb!mvFNFHO4}c*!uR4f0
zK{zH(OZC$8#+=DQN-k5-tV3=?29B$U_(XHjN7jCc=!k?IOmdX@45q@y11-q(^Xi~7
z^5CIcmZOV$17Vf}-9G=>1r3I64ad6WctMw(*(-T&+@OHUJGfk=1SO{5-R3(jjk-_6
z2sqa&A-lij{SH9XQKzdPLayJPz+^hM)9zK=d4<O~<*7!Q5zaW)1WEwy2A~n8=VGM(
zhxs@q9j|S?8y4Qj#7;N!@NO>Lfi9-S1*dk<38NZ(IVHWnJbuaMB}`vI=&J9`dsgy*
zL;-Qh2`R*!HX}3=`~IUb;Wx+Hi5k@VB%}v>n$9Fb`Bv*O`q9($X(t@v#A-R93FBP}
zCP9AdqyK~b?P~fi^<in^S#n}(7;fzmQfbF61Ct$nX8;Gk2-Mr(OfSlEWGgPt*u)g)
zSGWvlbx+SH<GKTbrkS~vilX#*re_fP>ZBhcmN38f0#egE=D(jZi#-ud?ysc!*@AoH
zc}o6Z$HV+#pizIQT+<Fplgw{Yg(t9ZrwIXA?(I@5tiE}uj0Qho@n+Pe=}5hO%;N)x
zcGA?ms)*Lh$&t6ryd58#HxpAuC=s4mqib)y<|Gf7GjbW7ZO}pW#+~JO{O^<<Pq!Th
zi!3__uT|J=3hnN8F3OwpNhF|n_uFB{_F5S>`2{82zauG-UF(cLd<$*qiId-^X)gNe
z;k68ur;jN_N6)GWM_5+EcV<pLg~HcV!zDIT$wBovf9OAzxOlQaGWf7ceeSrxDy;Ee
zR$l2ba<UK*XYi2jCA;1HQ|A`RrN75GD_?U304SH=rmxwAGjk*`qcAhmJ=T#w6?SaI
zM|&$xlj`Q^Uim{OdT`o%#hOn$7vnz<3{P2(?QMCeK-Rfde%xAURNE610RYaKTzWk!
zs`=kmM_ggOl;n`G-o0o0$9jxrc|+h@-LY*c-x)8;0#o-;-k<TxdNqdOVF6?&g=rAr
zL%IPoHOB#^(8w_*Of|v^-I=t^3&-f0R+O2%R%<)kMM1+??#)la=V0b52Y&Z3>iDOS
z$~;5QTD!p;Cmf}EIb&v4tbckJ8^C&F<m%?O-z`)Bmp7ob6t}|R;%9n%#BQiT^FtK6
zy2a_)wSOsC!Si<Jox<wdPXw$Oi^q?9GF?z7cOL1NclSm^+e=!$bU^Q<&9%_+@^;_d
z^W}Ob2KD_xjl^nTNzgDhSpHMKXXmTEgCGU^XJn`lVdnLa@mKP!a}dh$1go^GhX-E6
z?LCdk*41a{CMD@@?ADUe9l5BeQ7@Ys@)w5tzngeU@sAFoXs+P4UwHS7VG=>W=7g5D
zE<u5!HVuJ)4YIb;0&uh@i$hgc^<SFmY4K(PI)sez=~mN#TBC_KtfEiVxJ7ArC8UYz
z@gab<2AFv-oH!S#s_Gq}e)7Fq_|f@s>JO8iK>p1~PSXXbXs-Ce8hmW{ME0ihG{x!i
zk%t(9EHJ{?OTC@$R@Br$v;&tPwP!0{DCkl^&#;edU+JX0P~rkT_N#0BikWDun9LY>
zH~O24wF{~hpRo|jO>X$i%6A8$Kru5~4E6iZ)AYd$sO5JjWvb^I#`m7i^OE9UUpK%c
zXlZ$rLd3lA?YH=0mIGE#;X_wmhMs-qCbE=V$jUuf9h+kz9g$}r|J`>`YBi~3o*n$<
zzPpuA5qZh0FMydhLK028-=L#1r9*OMZh&tETZzgt@P^5$c{_nM>Y3D6j5P%VYLWz2
zJ@VMEur8+-NVf>hn>3h$AhHm{ewjjIzKwct+=m3!f*o%0pZ%?D!z4M;kLkZrMmo)*
zubYHc7$0@>F^o1&a&P~D<G|5^NVWQonZQLSTfPM8t<?_376Fdd7hvMxtDwtiw>A2`
z2*1>!;7`9RZTPyukMv{mtovs`rTbSNP6A~1c<V*(hqhU?qaQ7jwc6hPNYyK{jpn;l
zB+~thCto=|U^=)$RH{tp-YYmXs5F!A^Q+?g+HkJHTI<^aQnTQQh#R8+gBMv{RIMB(
z;-gj2pHXk<lx>=x&h#fCtq%3DZpMY!v&sHqH1nO4Lo^K2xI{)GJ$F2tXKQTl&vL5p
zva7xALiqaCUKU583-6`(fd|mt=h38?8}u2BzMO8dP>^2~H7t{jqVOzA@zD*UhUZaU
zS6&EaN!%XPD_=d%|JJ@u71?(T0*etr041NC3?PGBzI7<UOP;<jJCrz1W82v^M9K!7
zKwl|&NeX$6dn&FLR`c{2^db;}j2yr*X}ar^cmMohLtA0-ZOtH+Rm-KqdhZjz79bqK
zI=yJ$ZTA9_niT&mJ^t}2RletUrU`fSbn04anJlCDlU_xFf(`LEDq)MwnA3Eh!zQS6
z-o$Jq)xmnOJ5)Q}joY+E75d1~I4`KIv&Ml;nb^0--EFaEyOlsOSNCq7IOZ=I6Lw=-
zvVCmr;e!-$h4+g2+8!gn14hW#Hln(TGYo(UuE6)|0!-IlW=DS2TH!xa+%0&I7DM96
ze;5spE|c(9wbra29=!L=6OKobWR65Mq5kTJiG$HL$0+L?ov7Xndy~TSWq|o~!e8~X
z+<+31p%s3N5Z<h4;p$?NSDh3&57V&h@Z<uLIHF<!au3z<n59E^H{*JT9(sf3=wQl;
z?OX^i&ruI~3VgNmNLpjCJPVxh4D#cON!<rLkeXO6g;=>eo9EaI0RJe`zVn{uZCh!W
z>vVy*zdcL#AreY3(_S4OKIm^zhmF?k*ERb!QD@xanSB4QP@=%B@VpdeqU^a($H3rC
zOd*T+wIv5N=Zb0JBlFAa4^DsBI0yR4tK^ghA5>5v!%PnY?dw(hPx)==!%+ZuWo_UK
z<{|91@bal(0`}c<_@$YTonJ;N+k<BlISMu5NmdXiW9h2`(s~l%Y+i;avZ8ez#lIMM
z;Tv%r0Wl=RVb0p{eM@OWS_<nV*sPNM$zt^`IZ^1!a9RoFXB>h=+R`dSUZC-T3Ly`?
z+H<?%V8TxG;!s|THlCv>6WsGX_Sgp}Q9+`Df`=f0A4#L$kk}u|vl{;T{**5Q9ag04
zJ?*69(4(T`(BPHiA0eOeHw49w{kqmM!2&flCcu6D_l11dk$NiR;GKX3F0y{58}2kv
zEKXr3HxQDFbrmy5(g}@!PsG%7S0HrNKKxi`c1#u-hTREeHv79;bMa3T?CR97@K7a)
zo#$2gf>x6HJu9Dhq3o_ZFblVtnWx{4l9%C2i{wtuk%ozJ>7oC;%mBlG3M62`sd>jK
z#D6q0CL7*=j&WY=Mo9!7Ggf8@8e1DFl{0btCaqZyLa;^{@5e;P7<KdqaL9DbwI5(9
z0O@<1n?EOs|G1<aRmXDlY%{zvTIx@0G>D#$i`sS}`kuH%kPgB)C_2b$4^>Lg)Pi6L
z2y*v}epUW^PI$i?9E3tEw{@gc-O5z@s!!t09ltA12!#ScK(lc5%v*~iukUP5Lg?xz
zJ$Uv)_A)G%edRQ{GY0CuY^=>xm~pPj_t$nAa`Y7aA3&RMB|XKUzvG+)%(RwxD(xM{
z+x1vZe3>Y&fOAF~6=$DRWj1j}V>Ps1zv$SR54eT5PV&)^l>xuCe`^<L!FNT%>~f%L
za?to_k(81EfVB9rc#t8Z?#!8tCNUc>AIn6DY|3(3$DLOPzR+48zu}3l6b&dNjlE|@
zxwo`W*%`mv@O5wu75f4=b_emT*%>^YDIiWOJ*|PlNl?8ULlMl_>}}(0(I@PDT^-$2
z%Xo;0{xRz^3jt_7a4X&IcC%s&gj72#AdLUxSwMgoNU{Mo>y_2*<N2K5y0Ux>C-OTP
z{szYB;()`{>_Tsm#|7KJ>FK6QFC?PYU0q0bNkOGs8aJ{R$9KYA;_l91LX|5jX&43=
zpZsz4J-cQriGXzxqnQ@YkVpQA29w(cy5iE&g6=Y?%a!WlRa8Ad0`(q4ri_PP9d}xU
z$ZomMt&jA^P#>(9DnjO#TGz(+qiT)D=^8VA{GWi<v-fX7+Rx#44#S8rn0+#(n4Kw~
zr$MiWXqJ*H#D;nf7Y-pcpa9MLv-}1-Nl)9%MV0z!hr2QJ{D&7xpsHrLDk!>F?x^$a
z>TFB<v}2yKNAW+Kh3}i05;&n~2{O9+!fGzL2-!B;{?n_}h_H;oF??=nV)7E$)X*VS
zKr73<udNF;yAql%DZmp#-%GB)v0nz?+`I41m$#PkZkNsmQr;^?5%{lC{Ns9F6B2Cf
zIOZ9;enWHU2cORE;d6k&1c?u21QE*CvHY02#6bU4RW<&{@~e3%8!-?dSV9*MK)jS$
zm3Xto=iR~X6oJ#phN(vXMtI>f6B;bxqD4P4evjW3aPpE6fg=4eu7=5}UShHdAS?wu
z*j@8RlylXN5-~YR1D(wcDO@q9Z%O5hRVeRj?)u=EYwO=r>gGB-mD%F@r`+BpagzcP
z3au9xm|r5fkk@AIIuBKEyj{RgB5ow_4igOkA<o<z#(hnNTyGKLTbUO@C1EBK$8i=g
zTA}x|v-ny8M%PcZtpSC-y6$%>!f({ELvT(tqK4>N4hQ!Dp{0s=-3R$UENC!)sYII|
zL0}Ds#CV<gWZjdO%c85e#S`g9L31eKW2JA4E4IusE&q8OwzE#Qv&zZ{0JIRO-S0`#
z>LZ`@1>hD03<L2pq9dV%fe>Q}cN{9sCIsTkFI^MLQY7U=oeTpRz^rDPTX)@Q$eaH%
zAe@$03<A@%_S<0_AWAADfDI~}0Nl<K=4{2g9z?7NIGLi0kr3kt+m56K<C;;L0R)}h
zU4=mrAAuGj<6j{9_w5}g<$&;$YUwY#$tBIDjQPT!ll)VIR8A8DJY#xV{6<X5A=2jc
z$l@9<dfNS@p`LNlw;T!66?Er?n0z*$d?KmFVStC?(Y<ReFsu{cL%$N>qJDz?zEH#a
zuh2r`4z>Q+lIH)OZvLMpjQ_?YWjcRL@})sbBNzx@oG5LI&W?L;EYC-=2+Z;JZywv&
z{Kv{_V^h*2bLVe|Hc*1~bQhw(QJAqqKe|#orO6*I^X2R$<hbpRw=e)I>Kh#H&N%kM
zOQ)jh@3nZ$ffhkKW@7?QXBJ9$08kNtn~6MX{I!}Hn9I$#^4h1zCBugV!MjD$YTzGV
zPQK}s2hfg1CItglRJyn9FSv4L+bakQ%UpagZ0ZiJQr*r~=p_d1-VF|%xDsq_ZP__n
zG`~|-)($u=d)4$bB1#S*g6^bNR{tS_mR`cmyroP`wp@?L8pmq$HqgDuV>7*Xm`_~0
zZsY)|ojesUB7D)c0D#{8<HB6$WJAM0EqLz$9s$qCX)ZfwYi+})`(INxGlkSV_kz5+
zDvx@#x{iM7_tnLzZbQxBjE3qx-PIEcQmSzE4EHv`=|{Zsgyl$79GEC|(OMbOV55}r
z^f@A|GjzqfBSQX}^sIcWXDneZ<2Qu-<T+1I3Ch~)C}HwO?l%wBzc>r<M`l*wF5h;x
zJBO;TFtTn1eeQ=_0o>s29z4hOc8P8EU}$7i0GPk6JJ}xKII2^WjQm%*K=(-vhmtj2
zKDpFA6m5V=iOd1cmgD(NzqPCBEfJtVO$V4n<BW_|AMB+Io-DVRe2@<m6qyG0&}9El
zN5_Bj1O6`+EB}39{r~gR_Yn~hnEU(tm-+y^?YnBe+O6uVL;JZV#`==7?5`M{nFxcp
z+}zx=6|Cr9?k)kP(Zt^^b6$W_@ojn4AAThSl;VEdI68Y&)X~iXoA-!ie%Yw-HdE3S
zlP&;=ZOGf`>V)P)Q!-(+d>kyzLb|$Zxjg;fzth&MvfIy<SpqY*_Dni}H3O)!A^&HU
z`Zp)>|FT~=NpyA<__#H!b&J!byQiuxC?hHhCnu-(=hPM>H@5j%+pCI)<~uFbXC?sz
znXG>7vz9>VS*2Zy{ZN{5F5qY__Q@D@)bby3e9e*333~UCm!1}F>m7VIQc!c7!gpsC
zCF=17&Ta@yQ(#u_YjN-M+Phdjx)20j13*0|5&|M0eYQ`*$h6F@XhCmsurb7xu^IrU
zL<N)#)$zhP^KfS)D0H>WG>^zp*^QS~P(EWq2cggM;)(tq-nK2wbVs_V;`bZy6h!li
zjHrdqWUA{B^n<}MzvBavP8A+m?k6gz>{D)%*_#39FCf^6N!AWsuW(@f+Z0_|n<rrN
z+6sB4vAKX$>g(?1j!LG7)2G;iVm@LERcCCBF9QlnYMCfOr;c5PCr!{?B2>=Glu*8I
z7C^5dhTuJ$_`3jdCi20^$u-s^>GT2bit^hQaShmspzf9P<Lv1xtHm@HaYhQod9@+D
zK>8P$20qlbT@rytt{I;u$9{iTxpS=b_=;>qFTP)lnvPFRn2V_@<@a~@K!Vnyq&Mi@
z;(eD?=SOr9N~lq{<D*wIWx7-*+8JDR24@OUr5KrpL5O5&vJ!WHP8JjT=(c!$c{-Xg
zv@-JLr1BJkgDoi@x3L36pHJtd@RoVo+ne3N?Z=5E5gbVFfXc)5G3^zxi5sU^Y29bt
zWOJ*`a)(zSynIo?9N5Do<k&D6`O2faVCCmd%}W$k=F(T0GP_0{{wa(4fDX;54_ylR
z9&x3G$cB0ZkxhUF4d|;~dFvT+OrOk`2Et@BI;*~lSZIh^TNf>r<Jv%90Op4Apo^EP
z10#wFep#k+S|&|}^q9UuEzya@lDNBJs@ib#fkE9R$Bv&Zy~Auhxy|?0gr*%ke_mjn
zEKt(+yK7b%3PS5w<d5#}_udO$=UIH20BSq9KKj&=3Ok2i<zVfpo=aT<RqAx&0S_E5
zQ>Isucj(UU9$yC}e3XBzB!*>;Oj3CM;OUbi=l`tT&s=+`mN9ib=SqmdAt5k2g4&4t
zjfR^G^_c27DZd3XwtN5LoM|@u>y7T^2~`%dAacY^p>d=dIs=g1*SR7unQKv3ry}dz
z$&I&us*zPV+h#0O6sM-5@bwdJFkHK{zFR)JUGyKN0JfA5N#zS;>{PX|`jOVEP>o%O
zg_b1dcZH*}DiD^CZ9DaKNyW^!?{QdgC<()xY^xhYiuuB|WANnFcKfGz;GF@Fs?gjZ
zc1&vw3QT(uQNx%bQDf&~q9s#ITaQSo3Sl#@5gVO6H7^$e0xdO`&0F1b@8abwQk}`2
zs#Zp3L{;u71ww7F)C7wtU41iYx11-zy1b!&%K@*s=h?-b3SvHQBJb#iJtf_Q8ME%T
zCM2KO!6wA!AqJy+&(~-^$RPf;&<_XS_e1@lKSVze%VDwn>GVgeQXQ+*t^!Y58Hv>#
z$||Dhq}lLrC0^XpSE(Gpo!}pS0(5&^aG?ZY@7IA=-~_z1=V6-XEi7ky2Y#<$%a~(g
zVb9Gr;y806GrrL2?qXX>QWbcsEAjS=>0Q295?>V?1J+SqORe87i2N!fP%bMyd1R>V
zL`(22|G?s4>bRmFMS|}SOQXS?V{2<3tGxnOQ4wC0!d55&J2gcfOOJFvVk+nQ^Mc?+
zF3+#mSi~>wZ`w8xkOHtHNj<z)jZYq{AhWajmHIqJ&+QMD!t@NLyh1f*)4mAggKx^j
z5MPfX;Mj`Hfz7#>1YTNqX$&(;N>)J&3!&V%YNjUKE>p~=X`_kpK1+9Mk{?@^Bi=_=
z8qt}hl44D+jm4nNK!=xYqoNze*J6g}^K5inw$5Wxd@A(_O%LN7TQc;g;mW*n(;?se
z)I<GnywjU#q>-J3rMr-7;12ssFVd0v*x12T*jGv+7!Z=>@=P(WjG+^CEV~yyE>aK>
zq{*{fzA4k-h&@K8vZ{DI!LHFO<+irAabYRGd>$|J_PX1@rB1S}hFjrH2X@v>+*t>G
zk*ktPy?o-`oyyJi`IL_oXZ-#oJBxMW{T6q<Pug7zgAV=nn`et>k`(eR^`+3z?T7u~
z`|Z{XvSrWbrvMK-$HlAc1_;d0L;QwBBjgH(y}^>yOUjBcV$M~$v1|(O;%X?8++Qn3
ze?06Pm?^=>?S~yBBmW!})GN}&)-9l}@ubnCUT!l!BkE+Ec3>~Er_n<qjOpyXCo))!
z?yAggc6BQlHjoX|8irrjEvLt6%h+1Xva%qzk*yDo|0XjOA`t&^g~drlw)~}T$+a2$
zdi;d>k<rrY+Z&<*6S$GRL{njtHx*e!uyh!zAj>-EYq;@ep$W@?j4vLgmcdLcMYiA3
zE&|&Y?!9Tz%tUU!FH-h@%OR?|k8W+zpJLN%t$WOYxUl!_&Pb0QOv$SM^4`J;caJ)1
zZYm+Zi!nwluhk!gS05J`z7GgX9ph{;QG=YpnD3V+WdVBPh%8$P6#i-qJ?PvMM>#f-
zRe}W~yKM35lhPA<!L7PG^8rry78n6LAno-<g@%aG7B(o@vl0}@5`y}!uy_5e4EqHS
z=N$NCqO<zd-VPy$>su=HJvjI8V>KS=0%a5Dc#FZvs@(C10nl(G|8-E~=mIn1!d6R)
zw$t8GkzT2$d!sZbsWNQ~m%Z#hrDAD(x$B+7SiFo$^AD1{l%)li6his<DsO6~$gJ1S
ztWtM1*Y7rXYJOaLLtPlehsYSwC0uh{ZC?`!r)ZBmkJ*t!mQnx8EXZy|su|FkRbgGZ
zc5x1|pma#|;$?;SLEJyKfsg~56+cYt7nhl6VX@Jcs#~VOO6%jRj&D1Xdi>1kazoV#
z<^$FJVC_7}(~$h2Nf%B?M9#-YVVsf>602`NrtrUEM<6FEtALYYf5Z-v*xVOZV_&J6
zOJ%AkwZrINf0Aa{-H>uweC)HQY^BC;SYRVs;uQrvb9+9fdi6f?Z06gqVY8AT##P@u
zfyUHnRw@^;;Xw94Y*B|W8r)LsuD?a1>C^nMNLy9tGRoPp^b7IcKC3hmDiwsN1MS*S
zogvKt!}p>8cI2c+m?DfFk?Y5`=~RClrs-XLnTe?3KwDNgQUK|<bJf;g$j2o0H5k@g
z>bUD2WOV6h=}1&7IhbDiek@@jc?)<(U2_2>U)f6XSsAX<MosY;HAAMX^Sqypu#c(b
z%@%9fwwDgBYD*N}9VA5PFQr?V4{>6oGizqM+Mw~o;`~`c(@|RSzvf$7M!>a=I%sL*
zJMCD%Bg6?%nyLEg`E>21#U(h?9kA8tXVy1wHuYHYe(z(4OB?&|?oY$!q=9dIczB?i
z9<SvNH!+X5uRt>sUcYo+p#;d>Cd<s8x41g)8&;X)MdxX}LK<n|tF8gPYQ6mNvtf9i
z5*@EiOXGbUaZru%Xfp|o6T%QT75#{*<#d}luD`g(wf=~HgSCZ}zHRNichAoX*L3L(
z&7jn5|2N{ppM0N?5!D*?KL}RbHZ2U^^hvS58(Ll9;}<xziNx7EX}m{WpUPd*Z%vsV
zDbcG}nM%Z23f$3Al&JO=#Ll8(aFF~$L%}!dBMsLBLFwGqLxO0gsN_F2*T3E<m8|_}
zc1vOqX<uAjZ`xLOvUx2L>F=d&ABT%uja6_^B*toMGegLSyTw_b8mx3C=S?s^RRS4a
zEuj0DG4O4z8Di!Fowz!{*X&}B6%XW*UQZ&ahvNGM2OeXw-zE{_MtaQ5e7q@h<8xW9
zjG%M+*f1O_6|QhEd)0U!WIUE5>N?&=W|9SOWB+dWZ!wQlR-fUAhe|p3-QUJnl>`{Z
zx!s|jNPD;0-8=s&<82r03MF_hmeKN=sgE_|uizKBnQI#BRA^b6n}9zOk7V@EX32?L
z+Va$Np}}`KerXQ(mG53bxj;y714sr{l}>1zrh}wZaPL}bs*4W-0$rX@2R!1v9F*U^
zF@}43OAAX@urLOf?i-IN6~(F!%lmizmTX%HGS}WC*ZVV46Pcy<>}0j&*s8i&3vY2~
z^>JDde!3MNYUwgIq5fMMaAu4o^37yjffvh~1bg&0PxN`qk~917^G9;YECZ|LoE=<@
z->$wK*OnsLfw5w+$n;GNZz_T>cblO1?LH?>VxF}rfaALhhdwluUI@l7lpF4xYuZ|<
z<74HjAk2zK^Vdki+IuNH&t`K|VE$><I0%ly6g#vPU?s=@%0}??LE@Lek8{-hVw$qa
z#uT<x0Y)s?+b_T5^a3G$FAmJAf|^4jLrQREG<#xy?(a87>d_a7h*vFe22XaL<b6?9
z{&{VZZJT`;a*(YXNquBALId}cXX>!OzOv6)pGTlztPc#)QijJYil+bg$oE5y;pIFV
zQ|D%=_ex4riE-UEkK+R+XJn<pNXdIG#7eu0Gp9$!Z%OQWFe;p$NMj|)iFPW&#5wpI
zBUOxOf|H!^D>Xbmo9O5UACZ))hO8@<YA!lEs;(5gOZpN@dt-%@RQ49^ht1dFA=tth
z93UF5vlDr<O|K}9IN}Va*Oza;)-_RIyhQ`wc)xd$BVlDT&hm<l&8HV)h{Pvf_n}{2
zj-8VLO>7>@cbdPvCjzdV0o_H5<Sw|9Se=6d<UFDt(H{qt<$K$1jiq-ckvKlL4nY0V
zZj2Np*uwQXYbzaCFs#oXL+Nd>_S5itYQ?w+8haJ6D%gb45Tq%rxL56z(psoWbf2M9
zTd}JbcA{kbjFAb6<(c}wy-1;$b&Rz=Qj^Augwf?=?!Y;CEz3DiWowYpq%$e%@e!lh
zoq(DYt#k3bAsB6Ld-UBZ=v*Bn(&#D{8?DjF9jRuxCbJRS7BVx73!9f8cb}F|`;dx$
zfzn!wbjg(DdOCxy5mH@WJ0@_r@XZsC#yk)t{p&^p1;^Y)5S?O_v4-fU!8b&+DzbY?
z(hMxW52>#ONkl0RTS%VSzHVZ5vPaeciy1psr@8k3)!Uqnxy4^1XI<C%B*BIxN0P7y
pnY)iI3PtYuMTWp9o)3I*(Vbt6P4&fvi7$Ycw1nKJ5^)3n{{`33&RYNg

literal 0
HcmV?d00001

diff --git a/docs/sections/services/ves-hv/WTP.yaml b/docs/sections/services/ves-hv/WTP.yaml
new file mode 100644
index 00000000..835ab309
--- /dev/null
+++ b/docs/sections/services/ves-hv/WTP.yaml
@@ -0,0 +1,45 @@
+WTP:
+  -- direct encoding using ASN.1 notation - WTP.asn
+  magic: 0xAA
+  versionMajor: 0x01
+  versionMinor: 0x00
+  reserved: 0x00 0x00 0x00
+  payloadId: 0x00 0x01
+  -- payloadLength set to the highest value 1MiB = 1024 * 1024 = 1048576 B
+  payloadLength: 0x00 0x10 0x00 0x00
+  payload:
+    -- GPB encoded payload - VesEvent.proto
+      commonEventHeader:
+        version: "1.0"
+        domain: "perf3gpp"
+        sequence: 0
+        priority: 1
+        eventId: "sampleEventId01"
+        eventName: "sampleEventName01"
+        lastEpochMicrosec: 120034455
+        startEpochMicrosec: 120034455
+        reportingEntityName: "sampleEntityName"
+        sourceName: "sampleSourceName"
+        vesEventListenerVersion: "anotherVersion"
+      eventFields:
+        -- GPB encoded fields for perf3gpp domain - Perf3gppFields.proto
+        perf3gppFieldsVersion: "1.0"
+        measDataCollection:
+          -- GPB encoded RTPM - MeasDataCollection.proto
+          formatVersion: "28.550 2.0"
+          granularityPeriod: 5
+          measuredEntityUserName: "sampleEntityUserName"
+          measuredEntityDn: "sampleEntityDn"
+          measuredEntitySoftwareVersion: "1.0"
+          measInfo:
+            - measInfo1:
+              iMeasInfoId: 1
+              iMeasTypes: 1
+              jobId: "sampleJobId"
+              measValues:
+                - measValue1:
+                  measObjInstIdListIdx: 1
+                  measResults:
+                    p: 0
+                    sint64 iValue: 63888
+                    suspectFlag: false
diff --git a/docs/sections/services/ves-hv/architecture.rst b/docs/sections/services/ves-hv/architecture.rst
new file mode 100644
index 00000000..986e8bb3
--- /dev/null
+++ b/docs/sections/services/ves-hv/architecture.rst
@@ -0,0 +1,18 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+
+.. _architecture:
+
+High-level architecture of HV-VES
+=================================
+
+HV-VES Collector is a part of DCAEGEN2. Its goal is to collect data from xNF (PNF/VNF) and publish it in DMaaP's Kafka.
+High Volume Collector is deployed with DCAEGEN2 via OOM Helm charts and Cloudify blueprints.
+
+Input messages come from TCP interface and Wire Transfer Protocol. Each frame includes Google Protocol Buffers (GPB) encoded payload.
+Based on information provided in CommonEventHeader, domain messages are validated and published to specific Kafka topic in DMaaP.
+
+.. image:: ONAP_VES_HV_Architecture.png
+
+Messages published in DMaaP's Kafka topic will be consumed by DCAE analytics application or other ONAP component that consumes messages from DMaaP/Kafka.
+DMaaP serves direct access to Kafka allowing other analytics applications to utilize its data.
diff --git a/docs/sections/services/ves-hv/authorization.rst b/docs/sections/services/ves-hv/authorization.rst
new file mode 100644
index 00000000..27efdf49
--- /dev/null
+++ b/docs/sections/services/ves-hv/authorization.rst
@@ -0,0 +1,26 @@
+    **WARNING: SSL/TLS authorization is a part of an experimental feature for ONAP Casablanca release and thus should be treated as unstable and subject to change in future releases.**
+
+.. _authorization:
+
+SSL/TLS authorization
+=====================
+
+HV-VES can be configured to require usage of SSL/TLS on every TCP connection. This can be done only during deployment of application container. For reference about exact commands, see :ref:`deployment`.
+
+General steps for configuring TLS for HV-VES collector:
+
+1. Create the collector's key-store in **PKCS #12** format and add HV-VES server certificate to it.
+2. Create the collector's trust-store in **PKCS #12** format with all trusted certificates and certification authorities. Every client with certificate signed by a Certificate Authority (CA) in chain of trust is allowed. The trust-store should not contain ONAP's root CAs.
+3. Start the collector with all required options specified.
+
+    .. code-block:: bash
+
+        docker run -v /path/to/key/and/trust/stores:/etc/hv-ves nexus3.onap.org:10001/onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main --listen-port 6061 --config-url http://consul:8500/v1/kv/dcae-hv-ves-collector --key-store /etc/hv-ves/keystore.p12  --key-store-password keystorePass --trust-store /etc/hv-ves/truststore.p12 --trust-store-password truststorePass
+
+
+
+HV-VES uses OpenJDK (version 8u181) implementation of TLS ciphers. For reference, see https://docs.oracle.com/javase/8/docs/technotes/guides/security/overview/jsoverview.html.
+
+If SSL/TLS is enabled for HV-VES container then service turns on also client authentication. HV-VES requires clients to provide their certificates on connection. In addition, HV-VES provides its certificate to every client during SSL/TLS-handshake to enable two-way authorization.
+
+The service rejects any connection attempt that is not secured by SSL/TLS and every connection made by unauthorized client - this is client which certificate is not signed by CA contained within the HV-VES Collector trust store. With TLS tunneling, the communication protocol does not change (see the description in :ref:`hv_ves_behaviors`). In particular there is no change to Wire Frame Protocol.
diff --git a/docs/sections/services/ves-hv/deployment.rst b/docs/sections/services/ves-hv/deployment.rst
new file mode 100644
index 00000000..55529061
--- /dev/null
+++ b/docs/sections/services/ves-hv/deployment.rst
@@ -0,0 +1,88 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+
+
+.. _deployment:
+
+Deployment
+============
+
+To run HV-VES Collector container, you need to specify required parameters by passing them as command
+line arguments either by using long form (--long-form) or short form (-s) followed by argument if needed.
+
+All parameters can also be configured by specifying environment variables. These variables have to be named after command line option name
+rewritten using `UPPER_SNAKE_CASE` and prepended with `VESHV_` prefix, for example `VESHV_LISTEN_PORT`.
+
+Command line options have precedence over environment variables.
+
++-------------+------------+-------------------+----------+-----+-------------------------------------------------+
+| Long form   | Short form | Env form          | Required | Arg | Description                                     |
++=============+============+===================+==========+=====+=================================================+
+| listen-port | p          | VESHV_LISTEN_PORT | yes      | yes | Port on which HV-VES listens internally         |
++-------------+------------+-------------------+----------+-----+-------------------------------------------------+
+| config-url  | c          | VESHV_CONFIG_URL  | yes      | yes | URL of HV-VES configuration on Consul service   |
++-------------+------------+-------------------+----------+-----+-------------------------------------------------+
+
+HV-VES requires also to specify if SSL should be used when handling incoming TCP connections.
+This can be done by passing the flag below to the command line.
+
++-------------+------------+-------------------+----------+-----+-------------------------------------------------+
+| Long form   | Short form | Env form          | Required | Arg | Description                                     |
++=============+============+===================+==========+=====+=================================================+
+| ssl-disable | l          | VESHV_SSL_DISABLE | no       | no  | Disables SSL encryption                         |
++-------------+------------+-------------------+----------+-----+-------------------------------------------------+
+
+
+Minimal command for running the container:
+
+.. code-block:: bash
+
+    docker run nexus3.onap.org:10001/onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main --listen-port 6061 --config-url http://consul:8500/v1/kv/dcae-hv-ves-collector --ssl-disable
+
+Optional configuration parameters:
+
++-----------------------+------------+----------------------------+----------+-----+-----------------+-------------------------------------------------------+
+| Long form             | Short form | Env form                   | Required | Arg | Default         | Description                                           |
++=======================+============+============================+==========+=====+=================+=======================================================+
+| health-check-api-port | H          | VESHV_HEALTHCHECK_API_PORT | no       | yes | 6060            | Health check REST API listen port                     |
++-----------------------+------------+----------------------------+----------+-----+-----------------+-------------------------------------------------------+
+| first-request-delay   | d          | VESHV_FIRST_REQUEST_DELAY  | no       | yes | 10              | Delay of first request to Consul service in seconds   |
++-----------------------+------------+----------------------------+----------+-----+-----------------+-------------------------------------------------------+
+| request-interval      | I          | VESHV_REQUEST_INTERVAL     | no       | yes | 5               | Interval of Consul configuration requests in seconds  |
++-----------------------+------------+----------------------------+----------+-----+-----------------+-------------------------------------------------------+
+| idle-timeout-sec      | i          | VESHV_IDLE_TIMEOUT_SEC     | no       | yes | 60              | Idle timeout for remote hosts. After given time       |
+|                       |            |                            |          |     |                 | without any data exchange, the connection             |
+|                       |            |                            |          |     |                 | might be closed.                                      |
++-----------------------+------------+----------------------------+----------+-----+-----------------+-------------------------------------------------------+
+| max-payload-size      | m          | VESHV_MAX_PAYLOAD_SIZE     | no       | yes | 1048576 (1 MiB) | Maximum supported payload size in bytes               |
++-----------------------+------------+----------------------------+----------+-----+-----------------+-------------------------------------------------------+
+
+As part of experimental API if you do not specify `ssl-disable` flag, there is need to specify additional
+parameters for security configuration.
+
++-----------------------+------------+----------------------------+----------+-----+------------------------+--------------------------------------------------------------+
+| Long form             | Short form | Env form                   | Required | Arg | Default                | Description                                                  |
++=======================+============+============================+==========+=====+========================+==============================================================+
+| key-store             | k          | VESHV_KEY_STORE            | no       | yes | /etc/ves-hv/server.p12 | Key store in PKCS12 format path                              |
++-----------------------+------------+----------------------------+----------+-----+------------------------+--------------------------------------------------------------+
+| key-store-password    | kp         | VESHV_KEY_STORE_PASSWORD   | no       | yes |                        | Key store password                                           |
++-----------------------+------------+----------------------------+----------+-----+------------------------+--------------------------------------------------------------+
+| trust-store           | t          | VESHV_TRUST_STORE          | no       | yes | /etc/ves-hv/trust.p12  | File with trusted certificate bundle in PKCS12 format path   |
++-----------------------+------------+----------------------------+----------+-----+------------------------+--------------------------------------------------------------+
+| trust-store-password  | tp         | VESHV_TRUST_STORE_PASSWORD | no       | yes |                        | Trust store password                                         |
++-----------------------+------------+----------------------------+----------+-----+------------------------+--------------------------------------------------------------+
+
+Passwords are mandatory without ssl-disable flag. If key-store or trust-store location is not specified, HV-VES will try to read them from default locations.
+
+These parameters can be configured either by passing command line option during `docker run` call or
+by specifying environment variables named after command line option name
+rewritten using `UPPER_SNAKE_CASE` and prepended with `VESHV_` prefix e.g. `VESHV_LISTEN_PORT`.
+
+Healthcheck
+===========
+
+Inside HV-VES docker container runs small http service for healthcheck - exact port for this service can be configured
+at deployment using `--health-check-api-port` command line option.
+
+This service exposes single endpoint **GET /health/ready** which returns **HTTP 200 OK** in case HV-VES is healthy
+and ready for connections. Otherwise it returns **HTTP 503 Service Unavailable** with short reason of unhealthiness.
diff --git a/docs/sections/services/ves-hv/design.rst b/docs/sections/services/ves-hv/design.rst
index 8e7ce7ad..a6c2b864 100644
--- a/docs/sections/services/ves-hv/design.rst
+++ b/docs/sections/services/ves-hv/design.rst
@@ -1,6 +1,8 @@
 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
 .. http://creativecommons.org/licenses/by/4.0
 
+.. _design:
+
 Design
 ======
 
@@ -8,44 +10,43 @@ Design
 Compatibility aspects (VES-JSON)
 --------------------------------
 
-HV-VES Collector has been designed as a high-volume variant of the existing VES(JSON) collector, and not a completely new collector.
-HV-VES follows the VES-JSON schema - as much as possible
+HV-VES Collector is a high-volume variant of the existing VES (JSON) collector, and not a completely new collector.
+HV-VES follows the VES-JSON schema as much as possible.
 
-- It uses a Google Protocol Buffers ( GPB/PROTO ) representation of the VES Common Header
-- The PROTO files tend to use most encoding effective types defined by GPB to cover Common Header fields.
-- It makes routing decisions based mostly on the content of the "Domain" parameter
-- It allows to embed Payload of different types (by default PERF3GPP domain is included)
+- HV-VES uses a Google Protocol Buffers (GPB, proto files) representation of the VES Common Header.
+- The proto files use most encoding effective types defined by GPB to cover Common Header fields.
+- HV-VES makes routing decisions based mostly on the content of the **Domain** parameter.
+- HV-VES allows to embed Payload of different types (by default perf3gpp domain is included).
 
 Analytics applications impacts
 
-- An analytics application operating on high-volume data needs to be prepared to read directly from Kafka
-- An analytics application need to operate on GPB encoded data in order to benefit from GPB encoding efficiencies
-- It is assumed, that due to the nature of high volume data, there would have to be dedicated applications provided,
-able to operate on such volumes of data.
+- An analytics application operating on high-volume data needs to be prepared to read directly from Kafka.
+- An analytics application needs to operate on GPB encoded data in order to benefit from GPB encoding efficiencies.
+- It is assumed, that due to the nature of high volume data, there would have to be dedicated applications provided, able to operate on such volumes of data.
 
 Extendability
 -------------
 
-HV-VES was designed to allow for extendability - by adding new domain-specific PROTO files.
+HV-VES is designed to allow extending by adding new domain-specific proto files.
 
-The PROTO file, which contains the VES CommonHeader, comes with a binary-type Payload parameter, where domain-specific data shall be placed.
-Domain-specific data are encoded as well with GPB, and they do require a domain-specific PROTO file to decode the data.
-This domain-specific PROTO needs to be shared with analytics applications - HV-VES is not analyzing domain-specific data.
+The proto file (with the VES CommonHeader) comes with a binary-type **Payload** parameter, where domain-specific data should be placed. 
+Domain-specific data are encoded as well with GPB. A domain-specific proto file is required to decode the data.
+This domain-specific proto has to be shared with analytics applications - HV-VES does not analyze domain-specific data.
 
-In order to support the RT-PM use-case, HV-VES includes a "PERF3GPP" domain PROTO file, as within this domain,
-the high volume data is expected to be reported to HV-VES collector.
-Still, there are no limitations to define additional domains, based on existing VES domains (like Fault, Heartbeat)
-or completely new domains. New domains can be added "when needed".
+In order to support the RT-PM use-case, HV-VES includes a **perf3gpp** domain proto file. Within this domain, high volume data are expected to be reported to HV-VES collector.
+Additional domains can be defined based on existing VES domains (like Fault, Heartbeat) or completely new domains. New domains can be added when needed.
 
-GPB PROTO files are backwards compatible, and such a new domain could be added without affecting existing systems.
+GPB proto files are backwards compatible, and a new domain can be added without affecting existing systems.
 
-Analytics applications will have to be as well equipped with this new domain-specific PROTO file.
-Currently, these additional, domain specific proto files could be simply added to respective repos of HV-VES collector.
+Analytics applications have to be equipped with the new domain-specific proto file as well.
+Currently, these additional, domain specific proto files can be added to respective repos of HV-VES collector.
 
 Implementation details
 ----------------------
 
 - Project Reactor is used as a backbone of the internal architecture.
 - Netty is used by means of reactor-netty library.
-- We are using Kotlin so we can write very concise code with great interoperability with existing Java libraries.
-- Types defined in Λrrow library are also used when it improves readability or general cleanness of the code.
\ No newline at end of file
+- Kotlin is used to write concise code with great interoperability with existing Java libraries.
+- Types defined in Λrrow library are also used when it improves readability or general cleanness of the code.
+
+
diff --git a/docs/sections/services/ves-hv/example-event.rst b/docs/sections/services/ves-hv/example-event.rst
new file mode 100644
index 00000000..3a335395
--- /dev/null
+++ b/docs/sections/services/ves-hv/example-event.rst
@@ -0,0 +1,15 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+
+HV-VES example event
+=====================
+
+HV-VES Collector accepts messages in the format provided in :ref:`tcp_endpoint`.
+
+This Yaml file represents a message with sample values. It should be treated as an abstract example showing the structure of the message.
+The message consists of several parts. Each part is encoded in a different way. Encoding is noted with inline comments with proper file names.
+
+Values of fields can be changed according to types specified in noted definition files.
+
+.. literalinclude:: WTP.yaml
+    :language: yaml
diff --git a/docs/sections/services/ves-hv/index.rst b/docs/sections/services/ves-hv/index.rst
index 483ddbd7..8dec5693 100644
--- a/docs/sections/services/ves-hv/index.rst
+++ b/docs/sections/services/ves-hv/index.rst
@@ -26,10 +26,15 @@ High Volume VES Collector overview and functions
 
 .. toctree::
     :maxdepth: 1
-   ./design.rst
-   ./configuration.rst
-   ./delivery.rst
-   ./installation.rst
+
+   ./architecture
+   ./design
+   ./run-time-configuration
+   ./repositories
+   ./deployment
+   ./troubleshooting
    `Offered APIs`_
+   ./authorization
+   ./example-event
 
-.. _`Offered APIs`: ../../apis/ves-hv.rst
\ No newline at end of file
+.. _`Offered APIs`: ../../apis/ves-hv
diff --git a/docs/sections/services/ves-hv/repositories.rst b/docs/sections/services/ves-hv/repositories.rst
new file mode 100644
index 00000000..98034f20
--- /dev/null
+++ b/docs/sections/services/ves-hv/repositories.rst
@@ -0,0 +1,22 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+
+.. _repositories:
+
+Repositories
+============
+
+**HV-VES** is delivered as a docker container and published in ONAP Nexus repository following image naming convention.
+
+Full image name is `onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main`_.
+
+.. _`onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main`: https://nexus3.onap.org/#browse/search=keyword%3Dmain:7f6379d32f8dd78f1ec5ed038decc99e
+
+There are also simulators published as docker images. Those simulators are used internally during CSIT tests.
+
+Full simulators' names are `onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-dcae-app-simulator`_ and `onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-xnf-simulator`_.
+
+.. _`onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-dcae-app-simulator`: https://nexus3.onap.org/#browse/search=keyword%3Dapp-simulator%20AND%20version%3Dlatest:22b3686a9064fa3d301b54dedc8da8d1
+.. _`onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-xnf-simulator`: https://nexus3.onap.org/#browse/search=keyword%3Dapp-simulator%20AND%20version%3Dlatest:912d0fe7b8192392927ae1ac6dcb50ea
+
+For source code, see https://gerrit.onap.org/r/#/admin/projects/dcaegen2/collectors/hv-ves.
diff --git a/docs/sections/services/ves-hv/run-time-configuration.rst b/docs/sections/services/ves-hv/run-time-configuration.rst
new file mode 100644
index 00000000..76d622c6
--- /dev/null
+++ b/docs/sections/services/ves-hv/run-time-configuration.rst
@@ -0,0 +1,59 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+
+.. _run_time_configuration:
+
+Run-Time configuration
+======================
+
+(see :ref:`deployment`)
+
+HV-VES can fetch configuration directly from Consul service in the following JSON format:
+
+.. code-block:: json
+
+    {
+        "dmaap.kafkaBootstrapServers": "message-router-kafka:9093",
+        "collector.routing": [
+                {
+                    "fromDomain": "perf3gpp",
+                    "toTopic": "HV_VES_PERF3GPP"
+                },
+                {
+                    "fromDomain": "heartbeat",
+                    "toTopic": "HV_VES_HEARTBEAT"
+                },
+                ...
+        ]
+    }
+
+HV-VES does not verify the correctness of configuration data and uses them as is, in particular:
+
+- **KafkaBootstrapServers** is used as host name and port for publishing events to Kafka service.
+- Every **routing** array object specifies one event publishing route.
+
+  - **fromDomain** node should be a case-sensitive string of single domain taken from VES Common Event Header specification.
+  - **toTopic** should be a case-sensitive string of Kafka topic.
+  - When HV-VES receives VES Event, it checks the domain contained in it. If the route from that domain to any topic exists in configuration, then HV-VES publishes that event to topic in that route.
+  - If there are two routes from the same domain to different topics, then it is undefined which route will be used.
+
+The configuration is created from HV-VES Cloudify blueprint by specifying **application_config** node during ONAP OOM/Kubernetes deployment. Example of the node specification:
+
+.. code-block:: YAML
+
+    node_templates:
+      hv-ves:
+        properties:
+          application_config:
+            dmaap.kafkaBootstrapServers: message-router-kafka:9092
+            collector.routing:
+              fromDomain: perf3gpp
+              toTopic: HV_VES_PERF3GPP
+
+Endpoint on which HV-VES seeks configuration can be set during deployment as described in :ref:`deployment`.
+
+HV-VES waits 10 seconds (default, configurable during deplyoment with **first-request-delay** option, see :ref:`deployment`) before the first attempt to retrieve configuration from Consul. This is to prevent possible synchronization issues. During that time HV-VES declines any connection attempts from xNF (VNF/PNF).
+
+After first request, HV-VES asks for configuration in fixed intervals, configurable from command line (**request-interval**). By defualt interval is set to 5 seconds.
+
+In case of failing to retrieve configuration, collector temporarily extends this interval and retries. After five unsuccessfull attempts, container becomes unhealthy and cannot recover. HV-VES in this state is unusable and the container should be restarted.
diff --git a/docs/sections/services/ves-hv/troubleshooting.rst b/docs/sections/services/ves-hv/troubleshooting.rst
new file mode 100644
index 00000000..49037738
--- /dev/null
+++ b/docs/sections/services/ves-hv/troubleshooting.rst
@@ -0,0 +1,506 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+
+.. _troubleshooting:
+
+Troubleshooting
+===============
+
+Deployment/Installation errors
+------------------------------
+
+**Missing required parameters**
+
+::
+
+  Unexpected error when parsing command line arguments
+  usage: java org.onap.dcae.collectors.veshv.main.MainKt
+  Required parameters: p, c
+  -c,--config-url <arg>              URL of ves configuration on consul
+  -d,--first-request-delay <arg>     Delay of first request to consul in
+                    seconds
+  -H,--health-check-api-port <arg>   Health check rest api listen port
+  -I,--request-interval <arg>        Interval of consul configuration
+                    requests in seconds
+  -i,--idle-timeout-sec <arg>        Idle timeout for remote hosts. After
+                    given time without any data exchange
+                    the
+                    connection might be closed.
+  -k,--key-store <arg>               Key store in PKCS12 format
+  -kp,--key-store-password <arg>     Key store password
+  -l,--ssl-disable                   Disable SSL encryption
+  -m,--max-payload-size <arg>        Maximum supported payload size in
+                    bytes
+  -p,--listen-port <arg>             Listen port
+  -t,--trust-store <arg>             File with trusted certificate bundle
+                    in PKCS12 format
+  -tp,--trust-store-password <arg>   Trust store password
+  -u,--dummy                         If present will start in dummy mode
+                    (dummy external services)
+  All parameters can be specified as environment variables using
+  upper-snake-case full name with prefix `VESHV_`.
+
+
+This log message is printed when you do not specify the required parameters (via command line, or in environment variables).
+As described in the above log message, there are a few required parameters:
+**listen port**, **config url** and either **trust store password** and **key store password** if you want to use SSL, or only **ssl disable** if not.
+
+To get rid of this error, specify the required parameters. For example:
+
+- Via command line:
+
+::
+
+    <hv-ves run command> --listen-port 6061 --config-url http://consul-url/key-path --key-store-password password --trust-store-password password
+
+- By defining environment variables:
+
+::
+
+    export VESHV_LISTEN_PORT=6061
+    export VESHV_CONFIG_URL=http://consul-url/key-path
+    export VESHV_KEY_STORE_PASSWORD=password
+    export VESHV_TRUST_STORE_PASSWORD=password
+
+**NOTE**
+
+Command line arguments have priority over environment variables. If you configure a parameter in both ways, **HV-VES** applies the one from the command line.
+
+For more information about **HV-VES** configuration parameters, see :ref:`deployment`.
+
+Configuration errors
+--------------------
+
+**Consul service not responding**
+
+::
+
+    ap.dcae.collectors.veshv.impl.adapters.HttpAdapter | 2018-10-16T13:13:01.155Z | ERROR | Failed to get resource on path: http://localhost:8500/v1/hv/veshv-config (Connection refused: localhost/127.0.0.1:8500) |  | reactor-http-client-epoll-8
+    ap.dcae.collectors.veshv.impl.adapters.HttpAdapter | 2018-10-16T13:13:01.155Z | DEBUG | Nested exception: | java.net.ConnectException: Connection refused
+        ... 10 common frames omitted
+    Wrapped by: io.netty.channel.AbstractChannel$AnnotatedConnectException: Connection refused: localhost/127.0.0.1:8500
+        at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
+        at sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:717)
+        at io.netty.channel.socket.nio.NioSocketChannel.doFinishConnect(NioSocketChannel.java:327)
+        at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.finishConnect(AbstractNioChannel.java:340)
+        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:616)
+        at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:563)
+        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:480)
+        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:442)
+        at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:884)
+        at java.lang.Thread.run(Thread.java:748)
+     | reactor-http-client-epoll-8
+    rs.veshv.impl.adapters.ConsulConfigurationProvider | 2018-10-16T13:13:01.163Z | WARN  | Could not get fresh configuration | java.net.ConnectException: Connection refused
+        ... 10 common frames omitted
+    Wrapped by: io.netty.channel.AbstractChannel$AnnotatedConnectException: Connection refused: localhost/127.0.0.1:8500
+        at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
+        at sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:717)
+        at io.netty.channel.socket.nio.NioSocketChannel.doFinishConnect(NioSocketChannel.java:327)
+        at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.finishConnect(AbstractNioChannel.java:340)
+        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:616)
+        at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:563)
+        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:480)
+        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:442)
+        at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:884)
+        at java.lang.Thread.run(Thread.java:748)
+     | reactor-http-client-epoll-8
+
+
+
+The above three logs indicate that **HV-VES** cannot connect to the Consul service under url given in **--consul-url** parameter.
+Make sure Consul is up and running and the **ip + port** combination is correct.
+
+====
+
+**Missing configuration on Consul**
+
+::
+
+    ap.dcae.collectors.veshv.impl.adapters.HttpAdapter | 2018-10-16T13:52:20.585Z | ERROR | Failed to get resource on path: http://consul:8500/v1/kv/veshv-config (HTTP request failed with code: 404.
+    Failing URI: /v1/kv/veshv-config) |  | reactor-http-nio-1
+    ap.dcae.collectors.veshv.impl.adapters.HttpAdapter | 2018-10-16T13:52:20.586Z | DEBUG | Nested exception: | reactor.ipc.netty.http.client.HttpClientException: HTTP request failed with code: 404.
+    Failing URI: /v1/kv/veshv-config
+     | reactor-http-nio-1
+    rs.veshv.impl.adapters.ConsulConfigurationProvider | 2018-10-16T13:52:20.591Z | WARN  | Could not get fresh configuration | reactor.ipc.netty.http.client.HttpClientException: HTTP request failed with code: 404.
+    Failing URI: /v1/kv/veshv-config
+     | reactor-http-nio-1
+
+
+**HV-VES** logs this information when connected to Consul, but cannot find any json configuration under given key which in this case is **veshv-config**.
+For more information, see :ref:`run_time_configuration`
+
+====
+
+**Invalid configuration format**
+
+::
+
+    rs.veshv.impl.adapters.ConsulConfigurationProvider | 2018-10-16T14:06:14.792Z | INFO  | Obtained new configuration from consul:
+    {
+        "invalidKey": "value"
+    } |  | reactor-http-nio-1
+    rs.veshv.impl.adapters.ConsulConfigurationProvider | 2018-10-16T14:06:14.796Z | WARN  | Could not get fresh configuration | java.lang.NullPointerException: null
+        at org.glassfish.json.JsonObjectBuilderImpl$JsonObjectImpl.getString(JsonObjectBuilderImpl.java:257)
+        at org.onap.dcae.collectors.veshv.impl.adapters.ConsulConfigurationProvider.createCollectorConfiguration(ConsulConfigurationProvider.kt:113)
+        at org.onap.dcae.collectors.veshv.impl.adapters.ConsulConfigurationProvider.access$createCollectorConfiguration(ConsulConfigurationProvider.kt:44)
+        at org.onap.dcae.collectors.veshv.impl.adapters.ConsulConfigurationProvider$invoke$6.invoke(ConsulConfigurationProvider.kt:80)
+        at org.onap.dcae.collectors.veshv.impl.adapters.ConsulConfigurationProvider$invoke$6.invoke(ConsulConfigurationProvider.kt:44)
+        at org.onap.dcae.collectors.veshv.impl.adapters.ConsulConfigurationProvider$sam$java_util_function_Function$0.apply(ConsulConfigurationProvider.kt)
+        at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:100)
+        at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:108)
+        at reactor.core.publisher.FluxFlatMap$FlatMapMain.tryEmitScalar(FluxFlatMap.java:432)
+        at reactor.core.publisher.FluxFlatMap$FlatMapMain.onNext(FluxFlatMap.java:366)
+        at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:108)
+        at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:108)
+        at reactor.core.publisher.FluxFlatMap$FlatMapMain.tryEmit(FluxFlatMap.java:484)
+        at reactor.core.publisher.FluxFlatMap$FlatMapInner.onNext(FluxFlatMap.java:916)
+        at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onNext(FluxMapFuseable.java:115)
+        at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1083)
+        at reactor.core.publisher.MonoFlatMap$FlatMapInner.onNext(MonoFlatMap.java:241)
+        at reactor.core.publisher.MonoNext$NextSubscriber.onNext(MonoNext.java:76)
+        at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:108)
+        at reactor.core.publisher.FluxFilter$FilterSubscriber.onNext(FluxFilter.java:97)
+        at reactor.ipc.netty.channel.FluxReceive.drainReceiver(FluxReceive.java:213)
+        at reactor.ipc.netty.channel.FluxReceive.onInboundNext(FluxReceive.java:329)
+        at reactor.ipc.netty.channel.ChannelOperations.onInboundNext(ChannelOperations.java:311)
+        at reactor.ipc.netty.http.client.HttpClientOperations.onInboundNext(HttpClientOperations.java:605)
+        at reactor.ipc.netty.channel.ChannelOperationsHandler.channelRead(ChannelOperationsHandler.java:138)
+        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
+        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
+        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
+        at io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireChannelRead(CombinedChannelDuplexHandler.java:438)
+        at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:310)
+        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:284)
+        at io.netty.channel.CombinedChannelDuplexHandler.channelRead(CombinedChannelDuplexHandler.java:253)
+        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
+        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
+        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
+        at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434)
+        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
+        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
+        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965)
+        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
+        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:628)
+        at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:563)
+        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:480)
+        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:442)
+        at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:884)
+        at java.lang.Thread.run(Thread.java:748)
+     | reactor-http-nio-1
+
+
+This log is printed when you upload a configuration in an invalid format (for example, with missing fields). In the first log you can see that configuration on Consul is:
+
+.. code-block:: json
+
+    {
+        "invalidKey": "value"
+    }
+
+The above is not a valid **HV-VES** configuration, therefore **HV-VES** does not apply it and becomes **unhealthy**.
+For more information on **Consul configuration**, see :ref:`run_time_configuration`.
+
+
+Message handling errors
+-----------------------
+
+**Handling messages when invalid kafka url is specified**
+
+::
+
+     | reactor-tcp-server-epoll-6
+                  org.apache.kafka.clients.ClientUtils | 2018-10-19T08:29:36.917Z | WARN  | Removing server invalid-kafka:9093 from bootstrap.servers as DNS resolution failed for invalid-kafka |  | reactor-tcp-server-epoll-6
+       org.apache.kafka.clients.producer.KafkaProducer | 2018-10-19T08:29:36.918Z | INFO  | [Producer clientId=producer-1] Closing the Kafka producer with timeoutMillis = 0 ms. |  | reactor-tcp-server-epoll-6
+    org.onap.dcae.collectors.veshv.impl.VesHvCollector | 2018-10-19T08:29:36.962Z | WARN  | Error while handling message stream: org.apache.kafka.common.KafkaException (Failed to construct kafka producer) |  | reactor-tcp-server-epoll-6
+    org.onap.dcae.collectors.veshv.impl.VesHvCollector | 2018-10-19T08:29:36.966Z | DEBUG | Detailed stack trace | org.apache.kafka.common.config.ConfigException: No resolvable bootstrap urls given in bootstrap.servers
+        at org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:64)
+        at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:396)
+        ... 24 common frames omitted
+    Wrapped by: org.apache.kafka.common.KafkaException: Failed to construct kafka producer
+        at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:441)
+        at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:285)
+        at reactor.kafka.sender.internals.ProducerFactory.createProducer(ProducerFactory.java:33)
+        at reactor.kafka.sender.internals.DefaultKafkaSender.lambda$new$0(DefaultKafkaSender.java:90)
+        at reactor.core.publisher.MonoCallable.subscribe(MonoCallable.java:57)
+        at reactor.core.publisher.MonoPeekFuseable.subscribe(MonoPeekFuseable.java:74)
+        at reactor.core.publisher.Mono.subscribe(Mono.java:3088)
+        at reactor.core.publisher.MonoProcessor.add(MonoProcessor.java:531)
+        at reactor.core.publisher.MonoProcessor.subscribe(MonoProcessor.java:444)
+        at reactor.core.publisher.MonoFlatMapMany.subscribe(MonoFlatMapMany.java:49)
+        at reactor.core.publisher.FluxPeek.subscribe(FluxPeek.java:80)
+        at reactor.core.publisher.FluxFilter.subscribe(FluxFilter.java:52)
+        at reactor.core.publisher.FluxMap.subscribe(FluxMap.java:62)
+        at reactor.core.publisher.FluxDefer.subscribe(FluxDefer.java:55)
+        at reactor.core.publisher.FluxPeek.subscribe(FluxPeek.java:83)
+        at reactor.core.publisher.FluxDoFinally.subscribe(FluxDoFinally.java:73)
+        at reactor.core.publisher.FluxOnErrorResume.subscribe(FluxOnErrorResume.java:47)
+        at reactor.core.publisher.MonoIgnoreElements.subscribe(MonoIgnoreElements.java:37)
+        at reactor.ipc.netty.channel.ChannelOperations.applyHandler(ChannelOperations.java:381)
+        at reactor.ipc.netty.channel.ChannelOperations.onHandlerStart(ChannelOperations.java:296)
+        at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:163)
+        at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:404)
+        at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:315)
+        at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:884)
+        at java.lang.Thread.run(Thread.java:748)
+     | reactor-tcp-server-epoll-6
+    p.dcae.collectors.veshv.impl.socket.NettyTcpServer | 2018-10-19T08:29:36.971Z | INFO  | Connection from /172.26.0.6:55574 has been closed |  | reactor-tcp-server-epoll-6
+
+
+**HV-VES** responds with the above when it handles a message and currently applied configuration has invalid Kafka bootstrap server defined.
+The configuration read from Consul in this case:
+
+.. code-block:: json
+
+    {
+        "dmaap.kafkaBootstrapServers": "invalid-kafka:9093",
+        "collector.routing": [
+                {
+                    "fromDomain": "perf3gpp",
+                    "toTopic": "HV_VES_PERF3GPP"
+                },
+                {
+                    "fromDomain": "heartbeat",
+                    "toTopic": "HV_VES_HEARTBEAT"
+                }
+        ]
+    }
+
+where **invalid-kafka:9093** is not an existing **ip+port** combination.
+
+
+====
+
+**First creation of topics on kafka**
+
+
+On the first try of creating and publishing to a given kafka topic, **HV-VES** logs the following warnings and creates the requested topics anyway.
+
+::
+
+    org.apache.kafka.clients.NetworkClient | 2018-10-22T10:11:53.396Z | WARN  | [Producer clientId=producer-1] Error while fetching metadata with correlation id 1 : {HV_VES_PERF3GPP=LEADER_NOT_AVAILABLE} |  | kafka-producer-network-thread | producer-1
+    org.apache.kafka.clients.NetworkClient | 2018-10-22T10:11:53.524Z | WARN  | [Producer clientId=producer-1] Error while fetching metadata with correlation id 3 : {HV_VES_PERF3GPP=LEADER_NOT_AVAILABLE} |  | kafka-producer-network-thread | producer-1
+    org.apache.kafka.clients.NetworkClient | 2018-10-22T10:11:53.636Z | WARN  | [Producer clientId=producer-1] Error while fetching metadata with correlation id 4 : {HV_VES_PERF3GPP=LEADER_NOT_AVAILABLE} |  | kafka-producer-network-thread | producer-1
+    org.apache.kafka.clients.NetworkClient | 2018-10-22T10:11:53.749Z | WARN  | [Producer clientId=producer-1] Error while fetching metadata with correlation id 5 : {HV_VES_PERF3GPP=LEADER_NOT_AVAILABLE} |  | kafka-producer-network-thread | producer-1
+
+====
+
+**Kafka service became unavailable after producer for a given topic was successfully created**
+
+
+After receiving a **Ves Common Event**, **HV-VES** creates a producer for a given topic and keeps it for the whole lifetime of an application.
+If Kafka service becomes unreachable after the producer creation, you will see the following logs when trying to establish another connection with the Kafka server.
+
+::
+
+     org.apache.kafka.clients.NetworkClient | 2018-10-22T10:04:08.604Z | WARN  | [Producer clientId=producer-1] Connection to node 1001 could not be established. Broker may not be available. |  | kafka-producer-network-thread | producer-1
+                org.apache.kafka.clients.NetworkClient | 2018-10-22T10:04:11.896Z | WARN  | [Producer clientId=producer-1] Connection to node 1001 could not be established. Broker may not be available. |  | kafka-producer-network-thread | producer-1
+                org.apache.kafka.clients.NetworkClient | 2018-10-22T10:04:14.968Z | WARN  | [Producer clientId=producer-1] Connection to node 1001 could not be established. Broker may not be available. |  | kafka-producer-network-thread | producer-1
+                org.apache.kafka.clients.NetworkClient | 2018-10-22T10:04:18.040Z | WARN  | [Producer clientId=producer-1] Connection to node 1001 could not be established. Broker may not be available. |  | kafka-producer-network-thread | producer-1
+                org.apache.kafka.clients.NetworkClient | 2018-10-22T10:04:21.111Z | WARN  | [Producer clientId=producer-1] Connection to node 1001 could not be established. Broker may not be available. |  | kafka-producer-network-thread | producer-1
+     reactor.kafka.sender.internals.DefaultKafkaSender | 2018-10-22T10:04:23.519Z | ERROR | error {} | org.apache.kafka.common.errors.TimeoutException: Expiring 1 record(s) for HV_VES_PERF3GPP-0: 30050 ms has passed since batch creation plus linger time
+     | kafka-producer-network-thread | producer-1
+    cae.collectors.veshv.impl.adapters.kafka.KafkaSink | 2018-10-22T10:04:23.522Z | WARN  | Failed to send message to Kafka | org.apache.kafka.common.errors.TimeoutException: Expiring 1 record(s) for HV_VES_PERF3GPP-0: 30050 ms has passed since batch creation plus linger time
+     | single-1
+    org.onap.dcae.collectors.veshv.impl.VesHvCollector | 2018-10-22T10:04:23.528Z | WARN  | Error while handling message stream: org.apache.kafka.common.errors.TimeoutException (Expiring 1 record(s) for HV_VES_PERF3GPP-0: 30050 ms has passed since batch creation plus linger time) |  | single-1
+
+To resolve this issue, **HV-VES** restart is required.
+
+====
+
+**Message with too big payload size**
+
+::
+
+    g.onap.dcae.collectors.veshv.impl.VesHvCollector | 2018-10-19T08:53:18.349Z | WARN  | Error while handling message stream: org.onap.dcae.collectors.veshv.impl.wire.WireFrameException (PayloadSizeExceeded: payload size exceeds the limit (1048576 bytes)) |  | single-1
+    org.onap.dcae.collectors.veshv.impl.VesHvCollector | 2018-10-19T08:53:18.349Z | DEBUG | Detailed stack trace | org.onap.dcae.collectors.veshv.impl.wire.WireFrameException: PayloadSizeExceeded: payload size exceeds the limit (1048576 bytes)
+        at org.onap.dcae.collectors.veshv.impl.wire.WireChunkDecoder$onError$1$1.invoke(WireChunkDecoder.kt:67)
+        at org.onap.dcae.collectors.veshv.impl.wire.WireChunkDecoder$onError$1$1.invoke(WireChunkDecoder.kt:38)
+        at arrow.effects.IO$Companion$invoke$1.invoke(IO.kt:28)
+        at arrow.effects.IO$Companion$invoke$1.invoke(IO.kt:22)
+        at arrow.effects.IORunLoop.step(IORunLoop.kt:50)
+        at arrow.effects.IO.unsafeRunTimed(IO.kt:109)
+        at arrow.effects.IO.unsafeRunSync(IO.kt:106)
+        at org.onap.dcae.collectors.veshv.impl.wire.WireChunkDecoder$generateFrames$1.accept(WireChunkDecoder.kt:61)
+        at org.onap.dcae.collectors.veshv.impl.wire.WireChunkDecoder$generateFrames$1.accept(WireChunkDecoder.kt:38)
+        at reactor.core.publisher.FluxGenerate.lambda$new$1(FluxGenerate.java:56)
+        at reactor.core.publisher.FluxGenerate$GenerateSubscription.slowPath(FluxGenerate.java:262)
+        at reactor.core.publisher.FluxGenerate$GenerateSubscription.request(FluxGenerate.java:204)
+        at reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.request(FluxPeekFuseable.java:138)
+        at reactor.core.publisher.Operators$MultiSubscriptionSubscriber.set(Operators.java:1454)
+        at reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onSubscribe(Operators.java:1328)
+        at reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onSubscribe(FluxPeekFuseable.java:172)
+        at reactor.core.publisher.FluxGenerate.subscribe(FluxGenerate.java:83)
+        at reactor.core.publisher.FluxPeekFuseable.subscribe(FluxPeekFuseable.java:86)
+        at reactor.core.publisher.FluxDefer.subscribe(FluxDefer.java:55)
+        at reactor.core.publisher.Flux.subscribe(Flux.java:6877)
+        at reactor.core.publisher.FluxConcatMap$ConcatMapImmediate.drain(FluxConcatMap.java:418)
+        at reactor.core.publisher.FluxConcatMap$ConcatMapImmediate.onNext(FluxConcatMap.java:241)
+        at reactor.core.publisher.FluxPeek$PeekSubscriber.onNext(FluxPeek.java:185)
+        at reactor.core.publisher.FluxPeek$PeekSubscriber.onNext(FluxPeek.java:185)
+        at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:108)
+        at reactor.ipc.netty.channel.FluxReceive.drainReceiver(FluxReceive.java:213)
+        at reactor.ipc.netty.channel.FluxReceive.onInboundNext(FluxReceive.java:329)
+        at reactor.ipc.netty.channel.ChannelOperations.onInboundNext(ChannelOperations.java:311)
+        at reactor.ipc.netty.channel.ChannelOperationsHandler.channelRead(ChannelOperationsHandler.java:138)
+        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
+        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
+        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
+        at io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:286)
+        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
+        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
+        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
+        at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434)
+        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
+        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
+        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965)
+        at io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:808)
+        at io.netty.channel.epoll.EpollEventLoop.processReady(EpollEventLoop.java:410)
+        at io.netty.channel.epoll.EpollEventLoop.run(EpollEventLoop.java:310)
+        at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:884)
+        at java.lang.Thread.run(Thread.java:748)
+     | single-1
+    p.dcae.collectors.veshv.impl.socket.NettyTcpServer | 2018-10-19T08:53:18.351Z | INFO  | Connection from /172.26.0.6:56924 has been closed |  | single-1
+
+
+
+The above log is printed when the message payload size is too big. **HV-VES** does not handle messages that exceed specified payload size. Default value is **1048576 bytes (1MiB)**, but it can be configured via cmd or by environment variables.
+
+
+
+====
+
+**Other invalid messages**
+
+
+Messages with **invalid wire frame** or **invalid gpb** data are ommitted and **HV-VES** only logs the connection-related logs as follows:
+
+::
+
+    p.dcae.collectors.veshv.impl.socket.NettyTcpServer | 2018-10-19T09:03:03.345Z | INFO  | Handling connection from /172.26.0.6:57432 |  | reactor-tcp-server-epoll-5
+    p.dcae.collectors.veshv.impl.socket.NettyTcpServer | 2018-10-19T09:04:03.351Z | INFO  | Idle timeout of 60 s reached. Closing connection from /172.26.0.6:57432... |  | reactor-tcp-server-epoll-5
+    p.dcae.collectors.veshv.impl.socket.NettyTcpServer | 2018-10-19T09:04:03.353Z | INFO  | Connection from /172.26.0.6:57432 has been closed |  | reactor-tcp-server-epoll-5
+    p.dcae.collectors.veshv.impl.socket.NettyTcpServer | 2018-10-19T09:04:03.354Z | DEBUG | Channel (/172.26.0.6:57432) closed successfully. |  | reactor-tcp-server-epoll-5
+
+
+For more information, see the :ref:`hv_ves_behaviors` section.
+
+Authorization related errors
+----------------------------
+
+**WARNING: SSL/TLS authorization is a part of an experimental feature for ONAP Casablanca release and should be treated as unstable and subject to change in future releases.**
+**For more information, see** :ref:`authorization`.
+
+**Key or trust store missing**
+
+::
+
+    org.onap.dcae.collectors.veshv.main | 2018-10-22T06:51:54.191Z | ERROR | Failed to start a server | java.io.FileNotFoundException: /etc/ves-hv/server.p12 (No such file or directory)
+        at java.io.FileInputStream.open0(Native Method)
+        at java.io.FileInputStream.open(FileInputStream.java:195)
+        at java.io.FileInputStream.<init>(FileInputStream.java:138)
+        at org.onap.dcae.collectors.veshv.ssl.boundary.UtilsKt$streamFromFile$1.invoke(utils.kt:79)
+        at org.onap.dcae.collectors.veshv.ssl.boundary.UtilsKt$streamFromFile$1.invoke(utils.kt)
+        at org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.loadKeyStoreFromFile(SslFactories.kt:50)
+        at org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.keyManagerFactory(SslFactories.kt:43)
+        at org.onap.dcae.collectors.veshv.ssl.boundary.ServerSslContextFactory.jdkContext(ServerSslContextFactory.kt:42)
+        at org.onap.dcae.collectors.veshv.ssl.boundary.SslContextFactory.createSslContextWithConfiguredCerts(SslContextFactory.kt:49)
+        at org.onap.dcae.collectors.veshv.ssl.boundary.SslContextFactory.createSslContext(SslContextFactory.kt:39)
+        at org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer.configureServer(NettyTcpServer.kt:61)
+        at org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer.access$configureServer(NettyTcpServer.kt:46)
+        at org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer$start$1$ctx$1.invoke(NettyTcpServer.kt:52)
+        at org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer$start$1$ctx$1.invoke(NettyTcpServer.kt:46)
+        at org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer$sam$java_util_function_Consumer$0.accept(NettyTcpServer.kt)
+        at reactor.ipc.netty.tcp.TcpServer.<init>(TcpServer.java:149)
+        at reactor.ipc.netty.tcp.TcpServer$Builder.build(TcpServer.java:278)
+        at org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer$start$1.invoke(NettyTcpServer.kt:53)
+        at org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer$start$1.invoke(NettyTcpServer.kt:46)
+        at arrow.effects.IO$Companion$invoke$1.invoke(IO.kt:28)
+        at arrow.effects.IO$Companion$invoke$1.invoke(IO.kt:22)
+        at arrow.effects.IORunLoop.step(IORunLoop.kt:50)
+        at arrow.effects.IO.unsafeRunTimed(IO.kt:109)
+        at arrow.effects.IO.unsafeRunSync(IO.kt:106)
+        at org.onap.dcae.collectors.veshv.utils.arrow.EffectsKt.unsafeRunEitherSync(effects.kt:50)
+        at org.onap.dcae.collectors.veshv.main.MainKt.main(main.kt:41)
+    | main
+
+
+The above error is logged when key store is not provided. Similarly, when trust store is not provided, **/etc/ves-hv/trust.p12** file missing is logged.
+**server.p12** and **trust.p12** are default names of key and trust stores. They can be changed by specifying **--trust-store** or **--key-store** command line arguments on deployment.
+
+====
+
+**Invalid credentials**
+
+::
+
+    org.onap.dcae.collectors.veshv.main | 2018-10-22T06:59:24.039Z | ERROR | Failed to start a server | java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
+        ... 23 common frames omitted
+        Wrapped by: java.io.IOException: keystore password was incorrect
+        at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2059)
+        at java.security.KeyStore.load(KeyStore.java:1445)
+        at org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.loadKeyStoreFromFile(SslFactories.kt:51)
+        at org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.keyManagerFactory(SslFactories.kt:43)
+        at org.onap.dcae.collectors.veshv.ssl.boundary.ServerSslContextFactory.jdkContext(ServerSslContextFactory.kt:42)
+        at org.onap.dcae.collectors.veshv.ssl.boundary.SslContextFactory.createSslContextWithConfiguredCerts(SslContextFactory.kt:49)
+        at org.onap.dcae.collectors.veshv.ssl.boundary.SslContextFactory.createSslContext(SslContextFactory.kt:39)
+        at org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer.configureServer(NettyTcpServer.kt:61)
+        at org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer.access$configureServer(NettyTcpServer.kt:46)
+        at org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer$start$1$ctx$1.invoke(NettyTcpServer.kt:52)
+        at org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer$start$1$ctx$1.invoke(NettyTcpServer.kt:46)
+        at org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer$sam$java_util_function_Consumer$0.accept(NettyTcpServer.kt)
+        at reactor.ipc.netty.tcp.TcpServer.<init>(TcpServer.java:149)
+        at reactor.ipc.netty.tcp.TcpServer$Builder.build(TcpServer.java:278)
+        at org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer$start$1.invoke(NettyTcpServer.kt:53)
+        at org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer$start$1.invoke(NettyTcpServer.kt:46)
+        at arrow.effects.IO$Companion$invoke$1.invoke(IO.kt:28)
+        at arrow.effects.IO$Companion$invoke$1.invoke(IO.kt:22)
+        at arrow.effects.IORunLoop.step(IORunLoop.kt:50)
+        at arrow.effects.IO.unsafeRunTimed(IO.kt:109)
+        at arrow.effects.IO.unsafeRunSync(IO.kt:106)
+        at org.onap.dcae.collectors.veshv.utils.arrow.EffectsKt.unsafeRunEitherSync(effects.kt:50)
+        at org.onap.dcae.collectors.veshv.main.MainKt.main(main.kt:41)
+    | main
+
+
+Key or trust store password provided in configuration is invalid.
+
+====
+
+**Invalid key store file**
+
+::
+
+    org.onap.dcae.collectors.veshv.main | 2018-10-22T09:11:38.200Z | ERROR | Failed to start a server | java.io.IOException: DerInputStream.getLength(): lengthTag=111, too big.
+        at sun.security.util.DerInputStream.getLength(DerInputStream.java:599)
+        at sun.security.util.DerValue.init(DerValue.java:391)
+        at sun.security.util.DerValue.<init>(DerValue.java:332)
+        at sun.security.util.DerValue.<init>(DerValue.java:345)
+        at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1938)
+        at java.security.KeyStore.load(KeyStore.java:1445)
+        at org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.loadKeyStoreFromFile(SslFactories.kt:51)
+        at org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.keyManagerFactory(SslFactories.kt:43)
+        at org.onap.dcae.collectors.veshv.ssl.boundary.ServerSslContextFactory.jdkContext(ServerSslContextFactory.kt:42)
+        at org.onap.dcae.collectors.veshv.ssl.boundary.SslContextFactory.createSslContextWithConfiguredCerts(SslContextFactory.kt:49)
+        at org.onap.dcae.collectors.veshv.ssl.boundary.SslContextFactory.createSslContext(SslContextFactory.kt:39)
+        at org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer.configureServer(NettyTcpServer.kt:61)
+        at org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer.access$configureServer(NettyTcpServer.kt:46)
+        at org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer$start$1$ctx$1.invoke(NettyTcpServer.kt:52)
+        at org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer$start$1$ctx$1.invoke(NettyTcpServer.kt:46)
+        at org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer$sam$java_util_function_Consumer$0.accept(NettyTcpServer.kt)
+        at reactor.ipc.netty.tcp.TcpServer.<init>(TcpServer.java:149)
+        at reactor.ipc.netty.tcp.TcpServer$Builder.build(TcpServer.java:278)
+        at org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer$start$1.invoke(NettyTcpServer.kt:53)
+        at org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer$start$1.invoke(NettyTcpServer.kt:46)
+        at arrow.effects.IO$Companion$invoke$1.invoke(IO.kt:28)
+        at arrow.effects.IO$Companion$invoke$1.invoke(IO.kt:22)
+        at arrow.effects.IORunLoop.step(IORunLoop.kt:50)
+        at arrow.effects.IO.unsafeRunTimed(IO.kt:109)
+        at arrow.effects.IO.unsafeRunSync(IO.kt:106)
+        at org.onap.dcae.collectors.veshv.utils.arrow.EffectsKt.unsafeRunEitherSync(effects.kt:50)
+        at org.onap.dcae.collectors.veshv.main.MainKt.main(main.kt:41)
+    | main
+
+The above is logged when provided keystore has invalid or corrupted content.
+This log also appears when you try to use key store/trust store in archive format other than **PKCS12** (the only supported by **HV-VES** store type).
+
+
-- 
2.16.6