From 86168b1a469807141c031a272062f60f8dcce306 Mon Sep 17 00:00:00 2001 From: Clayton J Barnette Date: Thu, 26 Oct 2023 15:11:09 -0400 Subject: [PATCH 01/16] Sitemap and JSON-LD Update --- _includes/meta.html | 9 ++-- _includes/scripts.html | 23 ++++++++ sitemap.xml | 119 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 148 insertions(+), 3 deletions(-) create mode 100644 sitemap.xml diff --git a/_includes/meta.html b/_includes/meta.html index 489502293..b7dda1550 100644 --- a/_includes/meta.html +++ b/_includes/meta.html @@ -76,7 +76,10 @@ - - - + + + + + + diff --git a/_includes/scripts.html b/_includes/scripts.html index 2e05a0478..ff8a33bd2 100644 --- a/_includes/scripts.html +++ b/_includes/scripts.html @@ -23,5 +23,28 @@ {% endif %} + + + diff --git a/sitemap.xml b/sitemap.xml new file mode 100644 index 000000000..b15f6a646 --- /dev/null +++ b/sitemap.xml @@ -0,0 +1,119 @@ +--- +# File: sitemap.xml for IDManagement.gov +# Note: each collection added to the site should be added here also +# Date: 1026/2023 +# +layout: +--- + + + + + + {% for docs in site.arch %} + + {{ site.url }}{{ docs.permalink }} + weekly + 1.0 + + {% for sub in docs.subnav %} + + {{ site.url }}{{docs.permalink}}{{ sub.href }} + weekly + 1.0 + + {% endfor %} + {% endfor %} + + + {% for docs in site.ficampmo %} + + {{ site.url }}{{ docs.permalink }} + weekly + 1.0 + + {% for sub in docs.subnav %} + + {{ site.url }}{{docs.permalink}}{{ sub.href }} + weekly + 1.0 + + {% endfor %} + {% endfor %} + + + {% for docs in site.implement %} + + {{ site.url }}{{ docs.permalink }} + weekly + 1.0 + + {% for sub in docs.subnav %} + + {{ site.url }}{{docs.permalink}}{{ sub.href }} + weekly + 1.0 + + {% endfor %} + {% endfor %} + + + {% for docs in site.partners %} + + {{ site.url }}{{ docs.permalink }} + weekly + 1.0 + + {% for sub in docs.subnav %} + + {{ site.url }}{{docs.permalink}}{{ sub.href }} + weekly + 1.0 + + {% endfor %} + {% endfor %} + + + {% for docs in site.playbooks %} + + {{ site.url }}{{ docs.permalink }} + weekly + 1.0 + + {% for sub in docs.subnav %} + + {{ site.url }}{{docs.permalink}}{{ sub.href }} + weekly + 1.0 + + {% endfor %} + {% endfor %} + + + {% for docs in site.university %} + + {{ site.url }}{{ docs.permalink }} + weekly + 1.0 + + {% for sub in docs.subnav %} + + {{ site.url }}{{docs.permalink}}{{ sub.href }} + weekly + 1.0 + + {% endfor %} + {% endfor %} + + + {% for page in site.pages %} + {% if page.url contains '.xml' or page.url contains 'assets' %}{% else %} + + {{ site.url }}{{ page.url }} + monthly + 1.0 + + {% endif %} + {% endfor %} + + \ No newline at end of file From bf65fc50d3ed948892628d59cc3c1e3b8cf5b052 Mon Sep 17 00:00:00 2001 From: Clayton J Barnette Date: Mon, 30 Oct 2023 12:18:02 -0400 Subject: [PATCH 02/16] Announcements: updated listing --- _data/fpkiannouncements.yml | 80 +++++++++---------- .../announcements/01_chrome_ballot_193.md | 2 +- .../announcements/02_microsoft_constraint.md | 2 +- _implement/announcements/03_google_ct.md | 2 +- .../announcements/04_apple_common_removal.md | 2 +- .../announcements/05_health_it_removal.md | 2 +- .../06_digicert_ca_decommissioning.md | 2 +- .../07_fpki-repository-migration.md | 2 +- _implement/announcements/08_commong2.md | 2 +- _includes/scripts.html | 23 ------ 10 files changed, 48 insertions(+), 71 deletions(-) diff --git a/_data/fpkiannouncements.yml b/_data/fpkiannouncements.yml index 344deab81..d126b652a 100644 --- a/_data/fpkiannouncements.yml +++ b/_data/fpkiannouncements.yml @@ -30,50 +30,50 @@ description: Release announcement for the Federal PKI Card Conformance Tool (CCT) and Certificate Profile Conformance Tool (CPCT). status: Active -- title: Federal Common
Policy CA G2 Update - pubDate: October 12, 2020 - url: /implement/announcements/common-g2-update/ - description: This announcement details the FCPCA update timeline and actions agencies need to perform. - status: Active +# - title: Federal Common
Policy CA G2 Update +# pubDate: October 12, 2020 +# url: /implement/announcements/common-g2-update/ +# description: This announcement details the FCPCA update timeline and actions agencies need to perform. +# status: Removed -- title: Upcoming Migration of Federal PKI Certificate Repository Services - pubDate: April 1, 2019 - url: /implement/announcements/2019fpkimigration/ - description: On April 22, 2019, the Federal Public Key Infrastructure Management Authority will migrate the hosting of HyperText Transfer Protocol (HTTP) repository services to a cloud-based solution. - status: Removed +# - title: Upcoming Migration of Federal PKI Certificate Repository Services +# pubDate: April 1, 2019 +# url: /implement/announcements/2019fpkimigration/ +# description: On April 22, 2019, the Federal Public Key Infrastructure Management Authority will migrate the hosting of HyperText Transfer Protocol (HTTP) repository services to a cloud-based solution. +# status: Removed -- title: DigiCert CA Decommissioning - pubDate: April 1, 2019 - url: /implement/announcements/2019digicert/ - description: DigiCert Incorporated is planning on decommissioning several certification authorities (CAs) from the Federal PKI. These CAs are no longer active or required, and there is no expected impact from these changes. - status: Removed +# - title: DigiCert CA Decommissioning +# pubDate: April 1, 2019 +# url: /implement/announcements/2019digicert/ +# description: DigiCert Incorporated is planning on decommissioning several certification authorities (CAs) from the Federal PKI. These CAs are no longer active or required, and there is no expected impact from these changes. +# status: Removed -- title: Removal of Health CAs from Federal PKI - pubDate: March 5, 2019 - url: /implement/announcements/2019removal/ - description: Federal PKI teams recently performed two actions to remove fifty-nine (59) certification authorities (CAs) related to health IT use cases from the Federal PKI trust framework. This change is not a distrust action. - status: Removed +# - title: Removal of Health CAs from Federal PKI +# pubDate: March 5, 2019 +# url: /implement/announcements/2019removal/ +# description: Federal PKI teams recently performed two actions to remove fifty-nine (59) certification authorities (CAs) related to health IT use cases from the Federal PKI trust framework. This change is not a distrust action. +# status: Removed -- title: Federal Common Policy CA Removal from Apple Trust Stores Impact - pubDate: September 13, 2018 - url: implement/announcements/2018applepkichanges/ - description: This change will impact government users of Apple iOS, macOS, and tvOS, starting in **September 2018**. This change will cause government users to receive errors when encountering instances of a Federal PKI CA-issued certificate. You can mitigate the impact for government intranets and government-furnished equipment. - status: Removed +# - title: Federal Common Policy CA Removal from Apple Trust Stores Impact +# pubDate: September 13, 2018 +# url: implement/announcements/2018applepkichanges/ +# description: This change will impact government users of Apple iOS, macOS, and tvOS, starting in **September 2018**. This change will cause government users to receive errors when encountering instances of a Federal PKI CA-issued certificate. You can mitigate the impact for government intranets and government-furnished equipment. +# status: Removed -- title: Chrome Certificate Transparency Requirements - pubDate: August 10, 2018 - url: /implement/announcements/2018chromect/ - description: As of **July 24, 2018**, Google is now enforcing Certificate Transparency (CT) for Chrome 68 and above. This change could affect your agency. This means that all TLS/SSL certificates issued after **April 30, 2018**, that validate to a publicly trusted Root Certification Authority (CA) certificate must appear in a CT log in order to be trusted by Chrome 68 and above. Users browsing to non-CT compliant, federal intranet websites will encounter connection errors. - status: Removed +# - title: Chrome Certificate Transparency Requirements +# pubDate: August 10, 2018 +# url: /implement/announcements/2018chromect/ +# description: As of **July 24, 2018**, Google is now enforcing Certificate Transparency (CT) for Chrome 68 and above. This change could affect your agency. This means that all TLS/SSL certificates issued after **April 30, 2018**, that validate to a publicly trusted Root Certification Authority (CA) certificate must appear in a CT log in order to be trusted by Chrome 68 and above. Users browsing to non-CT compliant, federal intranet websites will encounter connection errors. +# status: Removed -- title: Federal Common Policy CA Removal from Microsoft Trust Store Impact - pubDate: May 18, 2018 - url: /implement/announcements/2018mspkichanges/ - description: This change will cause Windows users to receive errors when encountering instances of a Federal PKI CA-issued certificate. You can mitigate the impact for the government intranets and government-furnished equipment by using configuration management tools for federal devices. - status: Removed +# - title: Federal Common Policy CA Removal from Microsoft Trust Store Impact +# pubDate: May 18, 2018 +# url: /implement/announcements/2018mspkichanges/ +# description: This change will cause Windows users to receive errors when encountering instances of a Federal PKI CA-issued certificate. You can mitigate the impact for the government intranets and government-furnished equipment by using configuration management tools for federal devices. +# status: Removed -- title: Chrome TLS Certificate Lifetime Requirement - pubDate: May 10, 2018 - url: /implement/announcements/2018tlslifetime/ - description: Recent changes to Chrome could affect your agency. Chrome users may receive errors when browsing to government intranet websites and applications. Starting **March 1, 2018**, Chrome requires all TLS/SSL certificates to have a maximum lifetime of 825 days. You can mitigate the impact for government intranets, applications, and government-furnished equipment by using these procedures. - status: Removed +# - title: Chrome TLS Certificate Lifetime Requirement +# pubDate: May 10, 2018 +# url: /implement/announcements/2018tlslifetime/ +# description: Recent changes to Chrome could affect your agency. Chrome users may receive errors when browsing to government intranet websites and applications. Starting **March 1, 2018**, Chrome requires all TLS/SSL certificates to have a maximum lifetime of 825 days. You can mitigate the impact for government intranets, applications, and government-furnished equipment by using these procedures. +# status: Removed diff --git a/_implement/announcements/01_chrome_ballot_193.md b/_implement/announcements/01_chrome_ballot_193.md index fbe11b032..6b95d03a0 100644 --- a/_implement/announcements/01_chrome_ballot_193.md +++ b/_implement/announcements/01_chrome_ballot_193.md @@ -4,7 +4,7 @@ title: Chrome TLS Certificate Lifetime Requirement pubDate: 05/10/2018 archiveDate: 05/09/2019 removeDate: 05/09/2021 -collection: implement +# collection: implement tag: Chrome description: Starting March 1, 2018, Chrome requires all TLS/SSL certificates to have a maximum lifetime of 825 days. You can mitigate the impact for government intranets, applications, and government-furnished equipment by using these procedures. sidenav: implement diff --git a/_implement/announcements/02_microsoft_constraint.md b/_implement/announcements/02_microsoft_constraint.md index 9da5ab237..5ad9e475d 100644 --- a/_implement/announcements/02_microsoft_constraint.md +++ b/_implement/announcements/02_microsoft_constraint.md @@ -4,7 +4,7 @@ title: Federal Common Policy CA Removal from Microsoft Trust Store Impact pubDate: 05/18/2018 archiveDate: 05/19/2019 removeDate: 05/19/2021 -collection: implement +# collection: implement category: Microsoft description: UUpcoming changes regarding Microsoft's remove of the U.S. Government Root CA. category: Removed diff --git a/_implement/announcements/03_google_ct.md b/_implement/announcements/03_google_ct.md index a7cf9cda7..d45be6ba6 100644 --- a/_implement/announcements/03_google_ct.md +++ b/_implement/announcements/03_google_ct.md @@ -4,7 +4,7 @@ title: Chrome Certificate Transparency Requirements pubDate: 08/10/2018 archiveDate: 08/09/2019 removeDate: 08/09/2021 -collection: implement +# collection: implement category: Google description: All TLS/SSL certificates issued after **April 30, 2018**, that validate to a publicly trusted Root Certification Authority (CA) certificate must appear in a CT log. Users browsing to non-CT compliant, federal intranet websites will encounter connection errors. sidenav: implement diff --git a/_implement/announcements/04_apple_common_removal.md b/_implement/announcements/04_apple_common_removal.md index 24e81210e..52b0a8444 100644 --- a/_implement/announcements/04_apple_common_removal.md +++ b/_implement/announcements/04_apple_common_removal.md @@ -4,7 +4,7 @@ title: Federal Common Policy CA Removal from Apple Trust Stores Impact pubDate: 09/13/2018 archiveDate: 09/12/2019 removeDate: 09/12/2021 -collection: implement +# collection: implement category: Apple # permalink: /fpki/announcements/2018applepkichanges/ description: Upcoming changes regarding Apple's remove of the U.S. Government Root CA. diff --git a/_implement/announcements/05_health_it_removal.md b/_implement/announcements/05_health_it_removal.md index 793a67b43..cfbf948c9 100644 --- a/_implement/announcements/05_health_it_removal.md +++ b/_implement/announcements/05_health_it_removal.md @@ -4,7 +4,7 @@ title: Removal of CAs from Federal PKI pubDate: 03/05/2019 archiveDate: 03/04/2020 removeDate: 03/04/2022 -collection: implement +# collection: implement category: Removal #permalink: /fpki/announcements/2019removal/ description: This announcement provides information related to the Health IT CAs removed from the Federal PKI. diff --git a/_implement/announcements/06_digicert_ca_decommissioning.md b/_implement/announcements/06_digicert_ca_decommissioning.md index 4ffb36a51..39b0a72e1 100644 --- a/_implement/announcements/06_digicert_ca_decommissioning.md +++ b/_implement/announcements/06_digicert_ca_decommissioning.md @@ -4,7 +4,7 @@ title: DigiCert CA Decommissioning pubDate: 04/01/2019 archiveDate: 03/20/2020 removeDate: 03/02/2022 -collection: implement +# collection: implement category: Decommission #permalink: /fpki/announcements/2019digicert/ description: Information related to the DigiCert CAs affected by this change. diff --git a/_implement/announcements/07_fpki-repository-migration.md b/_implement/announcements/07_fpki-repository-migration.md index 206206a03..4782bd117 100644 --- a/_implement/announcements/07_fpki-repository-migration.md +++ b/_implement/announcements/07_fpki-repository-migration.md @@ -4,7 +4,7 @@ title: Upcoming Migration of Federal PKI Certificate Repository Services pubDate: 04/01/2019 archiveDate: 03/30/2020 removeDate: 03/30/2022 -collection: implement +# collection: implement category: Migration #permalink: /fpki/announcements/2019fpkimigration/ description: Information related to the upcoming migration. diff --git a/_implement/announcements/08_commong2.md b/_implement/announcements/08_commong2.md index a6475a6ea..5ca97b3de 100644 --- a/_implement/announcements/08_commong2.md +++ b/_implement/announcements/08_commong2.md @@ -3,7 +3,7 @@ layout: page title: Federal Common Policy CA Update date: 10/12/2020 removeDate: 10/11/2023 -collection: implement +# collection: implement permalink: /implement/announcements/common-g2-update/ description: Details on the Federal Common Policy CA G2 timeline and actions agencies need to perform. category: Active diff --git a/_includes/scripts.html b/_includes/scripts.html index ff8a33bd2..2e05a0478 100644 --- a/_includes/scripts.html +++ b/_includes/scripts.html @@ -23,28 +23,5 @@ {% endif %} - - - From fb233d0fe991c5c254deb70f03af575818af1170 Mon Sep 17 00:00:00 2001 From: Clayton J Barnette Date: Mon, 30 Oct 2023 12:28:46 -0400 Subject: [PATCH 03/16] Announcements: updated listing --- .../announcements/01_chrome_ballot_193.md | 20 ++++++------- .../announcements/02_microsoft_constraint.md | 28 +++++++++---------- _implement/announcements/03_google_ct.md | 28 +++++++++---------- .../announcements/04_apple_common_removal.md | 24 ++++++++-------- .../announcements/05_health_it_removal.md | 24 ++++++++-------- .../06_digicert_ca_decommissioning.md | 2 +- .../07_fpki-repository-migration.md | 20 ++++++------- _implement/announcements/08_commong2.md | 24 ++++++++-------- 8 files changed, 85 insertions(+), 85 deletions(-) diff --git a/_implement/announcements/01_chrome_ballot_193.md b/_implement/announcements/01_chrome_ballot_193.md index 6b95d03a0..50bae5a38 100644 --- a/_implement/announcements/01_chrome_ballot_193.md +++ b/_implement/announcements/01_chrome_ballot_193.md @@ -7,19 +7,19 @@ removeDate: 05/09/2021 # collection: implement tag: Chrome description: Starting March 1, 2018, Chrome requires all TLS/SSL certificates to have a maximum lifetime of 825 days. You can mitigate the impact for government intranets, applications, and government-furnished equipment by using these procedures. -sidenav: implement +# sidenav: implement sticky_sidenav: true category: Removed -subnav: - - text: What Will Be Impacted? - href: '#what-will-be-impacted' - - text: What Other Browsers Enforce This Requirement? - href: '#what-other-browsers-enforce-this-requirement' - - text: What Should I Do? - href: '#what-should-i-do' - - text: Additional Resources - href: '#additional-resources' +# subnav: +# - text: What Will Be Impacted? +# href: '#what-will-be-impacted' +# - text: What Other Browsers Enforce This Requirement? +# href: '#what-other-browsers-enforce-this-requirement' +# - text: What Should I Do? +# href: '#what-should-i-do' +# - text: Additional Resources +# href: '#additional-resources' --- {% include alert-warning.html content="This announcement has been archived and is hosted solely for historical reference. It is no longer being updated or maintained." %} diff --git a/_implement/announcements/02_microsoft_constraint.md b/_implement/announcements/02_microsoft_constraint.md index 5ad9e475d..226fbed3f 100644 --- a/_implement/announcements/02_microsoft_constraint.md +++ b/_implement/announcements/02_microsoft_constraint.md @@ -8,22 +8,22 @@ removeDate: 05/19/2021 category: Microsoft description: UUpcoming changes regarding Microsoft's remove of the U.S. Government Root CA. category: Removed -sidenav: implement +# sidenav: implement sticky_sidenav: true -subnav: - - text: How Does this Work? - href: '#how-does-this-work' - - text: What Will Be Impacted? - href: '#what-will-be-impacted' - - text: What Should I Do? - href: '#what-should-i-do' - - text: How Can I Test? - href: '#how-can-i-test' - - text: Frequently Asked Questions - href: '#frequently-asked-questions' - - text: Additional Resources - href: '#additional-resources' +# subnav: +# - text: How Does this Work? +# href: '#how-does-this-work' +# - text: What Will Be Impacted? +# href: '#what-will-be-impacted' +# - text: What Should I Do? +# href: '#what-should-i-do' +# - text: How Can I Test? +# href: '#how-can-i-test' +# - text: Frequently Asked Questions +# href: '#frequently-asked-questions' +# - text: Additional Resources +# href: '#additional-resources' --- {% include alert-warning.html content="This announcement has been archived and is hosted solely for historical reference. It is no longer being updated or maintained." %} diff --git a/_implement/announcements/03_google_ct.md b/_implement/announcements/03_google_ct.md index d45be6ba6..609188150 100644 --- a/_implement/announcements/03_google_ct.md +++ b/_implement/announcements/03_google_ct.md @@ -7,23 +7,23 @@ removeDate: 08/09/2021 # collection: implement category: Google description: All TLS/SSL certificates issued after **April 30, 2018**, that validate to a publicly trusted Root Certification Authority (CA) certificate must appear in a CT log. Users browsing to non-CT compliant, federal intranet websites will encounter connection errors. -sidenav: implement +# sidenav: implement category: Removed sticky_sidenav: true -subnav: - - text: How Does This Work? - href: '#how-does-this-work' - - text: What Will Be Impacted? - href: '#what-will-be-impacted' - - text: When Will This Start? - href: '#when-will-this-start' - - text: What Should I Do? - href: '#what-should-i-do' - - text: Frequently Asked Questions - href: '#frequently-asked-questions' - - text: Additional Resources - href: '#additional-resources' +# subnav: +# - text: How Does This Work? +# href: '#how-does-this-work' +# - text: What Will Be Impacted? +# href: '#what-will-be-impacted' +# - text: When Will This Start? +# href: '#when-will-this-start' +# - text: What Should I Do? +# href: '#what-should-i-do' +# - text: Frequently Asked Questions +# href: '#frequently-asked-questions' +# - text: Additional Resources +# href: '#additional-resources' --- {% include alert-warning.html content="This announcement has been archived and is hosted solely for historical reference. It is no longer being updated or maintained." %} diff --git a/_implement/announcements/04_apple_common_removal.md b/_implement/announcements/04_apple_common_removal.md index 52b0a8444..c6d453d06 100644 --- a/_implement/announcements/04_apple_common_removal.md +++ b/_implement/announcements/04_apple_common_removal.md @@ -8,21 +8,21 @@ removeDate: 09/12/2021 category: Apple # permalink: /fpki/announcements/2018applepkichanges/ description: Upcoming changes regarding Apple's remove of the U.S. Government Root CA. -sidenav: fpkiarchivedannouncements +# sidenav: fpkiarchivedannouncements category: implement sticky_sidenav: true -subnav: - - text: How Does This Work? - href: '#how-does-this-work' - - text: What Will Be Impacted? - href: '#what-will-be-impacted' - - text: What Should I Do? - href: '#what-should-i-do' - - text: Frequently Asked Questions - href: '#frequently-asked-questions' - - text: Additional Resources - href: '#additional-resources' +# subnav: +# - text: How Does This Work? +# href: '#how-does-this-work' +# - text: What Will Be Impacted? +# href: '#what-will-be-impacted' +# - text: What Should I Do? +# href: '#what-should-i-do' +# - text: Frequently Asked Questions +# href: '#frequently-asked-questions' +# - text: Additional Resources +# href: '#additional-resources' --- {% include alert-warning.html content="This announcement has been archived and is hosted solely for historical reference. It is no longer being updated or maintained." %} diff --git a/_implement/announcements/05_health_it_removal.md b/_implement/announcements/05_health_it_removal.md index cfbf948c9..82bfcdf3a 100644 --- a/_implement/announcements/05_health_it_removal.md +++ b/_implement/announcements/05_health_it_removal.md @@ -8,21 +8,21 @@ removeDate: 03/04/2022 category: Removal #permalink: /fpki/announcements/2019removal/ description: This announcement provides information related to the Health IT CAs removed from the Federal PKI. -sidenav: implement +# sidenav: implement sticky_sidenav: true category: Archive -subnav: - - text: What Was the Change? - href: '#what-was-the-change' - - text: What Certification Authorities Were Impacted? - href: '#what-certification-authorities-were-impacted' - - text: What Should I Do? - href: '#what-should-i-do' - - text: Who Can I Contact for Help or More Information? - href: '#who-can-i-contact-for-help-or-more-information' - - text: Additional Resources - href: '#additional-resources' +# subnav: +# - text: What Was the Change? +# href: '#what-was-the-change' +# - text: What Certification Authorities Were Impacted? +# href: '#what-certification-authorities-were-impacted' +# - text: What Should I Do? +# href: '#what-should-i-do' +# - text: Who Can I Contact for Help or More Information? +# href: '#who-can-i-contact-for-help-or-more-information' +# - text: Additional Resources +# href: '#additional-resources' --- Federal PKI teams performed two actions to remove fifty-nine (59) certification authorities (CAs) related to health IT use cases from the Federal PKI trust framework. This change is related to efforts to assess and maintain the mission scope for Federal PKI and reduce burden for commercial and non-profit organizations. This change is **not a distrust** action. diff --git a/_implement/announcements/06_digicert_ca_decommissioning.md b/_implement/announcements/06_digicert_ca_decommissioning.md index 39b0a72e1..8a1b0a2ce 100644 --- a/_implement/announcements/06_digicert_ca_decommissioning.md +++ b/_implement/announcements/06_digicert_ca_decommissioning.md @@ -8,7 +8,7 @@ removeDate: 03/02/2022 category: Decommission #permalink: /fpki/announcements/2019digicert/ description: Information related to the DigiCert CAs affected by this change. -sidenav: implement +#sidenav: implement sticky_sidenav: true category: Removed diff --git a/_implement/announcements/07_fpki-repository-migration.md b/_implement/announcements/07_fpki-repository-migration.md index 4782bd117..91d7e5b31 100644 --- a/_implement/announcements/07_fpki-repository-migration.md +++ b/_implement/announcements/07_fpki-repository-migration.md @@ -8,19 +8,19 @@ removeDate: 03/30/2022 category: Migration #permalink: /fpki/announcements/2019fpkimigration/ description: Information related to the upcoming migration. -sidenav: implement +# sidenav: implement sticky_sidenav: true category: Removed -subnav: - - text: What Will Be Impacted? - href: '#what-will-be-impacted' - - text: When Will This Change Take Place? - href: '#when-will-this-change-take-place' - - text: What Should I Do? - href: '#what-should-i-do' - - text: Who Can I Contact for Help or More Information? - href: '#who-can-i-contact-for-help-or-more-information' +# subnav: +# - text: What Will Be Impacted? +# href: '#what-will-be-impacted' +# - text: When Will This Change Take Place? +# href: '#when-will-this-change-take-place' +# - text: What Should I Do? +# href: '#what-should-i-do' +# - text: Who Can I Contact for Help or More Information? +# href: '#who-can-i-contact-for-help-or-more-information' --- diff --git a/_implement/announcements/08_commong2.md b/_implement/announcements/08_commong2.md index 5ca97b3de..b6cb343ef 100644 --- a/_implement/announcements/08_commong2.md +++ b/_implement/announcements/08_commong2.md @@ -4,21 +4,21 @@ title: Federal Common Policy CA Update date: 10/12/2020 removeDate: 10/11/2023 # collection: implement -permalink: /implement/announcements/common-g2-update/ +# permalink: /implement/announcements/common-g2-update/ description: Details on the Federal Common Policy CA G2 timeline and actions agencies need to perform. category: Active sticky_sidenav: true -sidenav: fpkiannouncements - -subnav: - - text: What Will Be Impacted? - href: '#what-will-be-impacted' - - text: When Will This Change Take Place? - href: '#when-will-this-change-take-place' - - text: What Should I Do? - href: '#what-should-i-do' - - text: Who Can I Contact for Help or More Information? - href: '#who-can-i-contact-for-help-or-more-information' +# sidenav: fpkiannouncements + +# subnav: +# - text: What Will Be Impacted? +# href: '#what-will-be-impacted' +# - text: When Will This Change Take Place? +# href: '#when-will-this-change-take-place' +# - text: What Should I Do? +# href: '#what-should-i-do' +# - text: Who Can I Contact for Help or More Information? +# href: '#who-can-i-contact-for-help-or-more-information' --- {% include alert-info.html content="Upcoming changes to the Federal Common Policy Certification Authority (CA) will impact your agency. This announcement will be updated as more information is available." %} From ab5a9effb603732bfd6ea9b776d9a7270be8e275 Mon Sep 17 00:00:00 2001 From: Clayton J Barnette Date: Mon, 30 Oct 2023 12:32:27 -0400 Subject: [PATCH 04/16] Announcements: updated listing --- _data/fpkiannouncements.yml | 10 +++++----- _implement/announcements/09_test_tools.md | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/_data/fpkiannouncements.yml b/_data/fpkiannouncements.yml index d126b652a..0e499e441 100644 --- a/_data/fpkiannouncements.yml +++ b/_data/fpkiannouncements.yml @@ -24,11 +24,11 @@ description: The FPKIMA will be decommissioning the LDAP service associated with the old FCPCA root's SIA repository. status: Active -- title: New FPKI Tools Available - pubDate: May 18, 2021 - url: /implement/announcements/test-tools/ - description: Release announcement for the Federal PKI Card Conformance Tool (CCT) and Certificate Profile Conformance Tool (CPCT). - status: Active +# - title: New FPKI Tools Available +# pubDate: May 18, 2021 +# url: /implement/announcements/test-tools/ +# description: Release announcement for the Federal PKI Card Conformance Tool (CCT) and Certificate Profile Conformance Tool (CPCT). +# status: Remove # - title: Federal Common
Policy CA G2 Update # pubDate: October 12, 2020 diff --git a/_implement/announcements/09_test_tools.md b/_implement/announcements/09_test_tools.md index 1307cabb8..23e21f7df 100644 --- a/_implement/announcements/09_test_tools.md +++ b/_implement/announcements/09_test_tools.md @@ -3,12 +3,12 @@ layout: page title: New Test Tools Available pubDate: 05/18/2021 removeDate: 05/18/2024 -collection: implement -permalink: /implement/announcements/test-tools/ +# collection: implement +# permalink: /implement/announcements/test-tools/ description: Release announcement for the Card Conformance Tool (CCT) and Certificate Profile Conformance Tool (CPCT). category: Active sticky_sidenav: true -sidenav: fpkiannouncements +# sidenav: fpkiannouncements --- From 5c6b0b3b7f54f7c071df827a8353aff2a2dce280 Mon Sep 17 00:00:00 2001 From: Clayton J Barnette Date: Mon, 30 Oct 2023 12:57:28 -0400 Subject: [PATCH 05/16] FPKI Announmennts: Remove 3 year or older --- .../announcements/01_chrome_ballot_193.md | 48 -- .../announcements/02_microsoft_constraint.md | 148 ---- _implement/announcements/03_google_ct.md | 190 ----- .../announcements/04_apple_common_removal.md | 97 --- .../announcements/05_health_it_removal.md | 753 ------------------ .../06_digicert_ca_decommissioning.md | 36 - .../07_fpki-repository-migration.md | 52 -- _implement/announcements/08_commong2.md | 56 -- _implement/announcements/09_test_tools.md | 34 - 9 files changed, 1414 deletions(-) delete mode 100644 _implement/announcements/01_chrome_ballot_193.md delete mode 100644 _implement/announcements/02_microsoft_constraint.md delete mode 100644 _implement/announcements/03_google_ct.md delete mode 100644 _implement/announcements/04_apple_common_removal.md delete mode 100644 _implement/announcements/05_health_it_removal.md delete mode 100644 _implement/announcements/06_digicert_ca_decommissioning.md delete mode 100644 _implement/announcements/07_fpki-repository-migration.md delete mode 100644 _implement/announcements/08_commong2.md delete mode 100644 _implement/announcements/09_test_tools.md diff --git a/_implement/announcements/01_chrome_ballot_193.md b/_implement/announcements/01_chrome_ballot_193.md deleted file mode 100644 index 50bae5a38..000000000 --- a/_implement/announcements/01_chrome_ballot_193.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -layout: page -title: Chrome TLS Certificate Lifetime Requirement -pubDate: 05/10/2018 -archiveDate: 05/09/2019 -removeDate: 05/09/2021 -# collection: implement -tag: Chrome -description: Starting March 1, 2018, Chrome requires all TLS/SSL certificates to have a maximum lifetime of 825 days. You can mitigate the impact for government intranets, applications, and government-furnished equipment by using these procedures. -# sidenav: implement -sticky_sidenav: true -category: Removed - -# subnav: -# - text: What Will Be Impacted? -# href: '#what-will-be-impacted' -# - text: What Other Browsers Enforce This Requirement? -# href: '#what-other-browsers-enforce-this-requirement' -# - text: What Should I Do? -# href: '#what-should-i-do' -# - text: Additional Resources -# href: '#additional-resources' ---- - -{% include alert-warning.html content="This announcement has been archived and is hosted solely for historical reference. It is no longer being updated or maintained." %} - - -Recent changes to Chrome could affect your agency. Chrome now requires that TLS/SSL certificates issued on or after **March 1, 2018**, have a maximum lifetime of 825 days. Google is enforcing this change for Chrome as a result of the Certification Authority/Browser (CA/B) Forum's Ballot 193 to promote increased web security.[1](#1) - -## What Will Be Impacted? -A government user will receive an "untrusted site" error when browsing to an intranet website or application if all of the following are true: - -1. The intranet website's TLS/SSL certificate was issued by a Federal PKI Certification Authority -2. The TLS/SSL certificate was issued on or after March 1, 2018, with a lifetime greater than 825 days -3. Using the Chrome browser - -![Chrome Error Screen]({{site.baseurl}}/img/google_ballot193_hot_topic_error.png){:style="width:70%;float:center;"} - -## What Other Browsers Enforce This Requirement? -Chrome is the only browser currently enforcing this requirement for TLS/SSL certificates. If other browser vendors decide to enforce this requirement, we will post updates to this announcement. Please also check the [FPKI-Guides' Issues](https://github.com/GSA/fpki-guides/issues){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} for in-progress discussions. - -## What Should I Do? -To prevent Chrome browsing errors: -1. Request that your PKI team or Federal Shared Service Provider update the certificate profiles for TLS/SSL device certificates issued by Federal PKI Certification Authorities to require a certificate lifetime of less than 825 days. -2. Re-issue and re-install new TLS/SSL certificates for the impacted intranet websites and applications. - -## Additional Resources -1. In March 2017, the [CA/B Forum](https://cabforum.org/){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} passed [Ballot 193](https://cabforum.org/2017/03/17/ballot-193-825-day-certificate-lifetimes/){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"}, which introduced the 825-day maximum lifetime requirement. diff --git a/_implement/announcements/02_microsoft_constraint.md b/_implement/announcements/02_microsoft_constraint.md deleted file mode 100644 index 226fbed3f..000000000 --- a/_implement/announcements/02_microsoft_constraint.md +++ /dev/null @@ -1,148 +0,0 @@ ---- -layout: page -title: Federal Common Policy CA Removal from Microsoft Trust Store Impact -pubDate: 05/18/2018 -archiveDate: 05/19/2019 -removeDate: 05/19/2021 -# collection: implement -category: Microsoft -description: UUpcoming changes regarding Microsoft's remove of the U.S. Government Root CA. -category: Removed -# sidenav: implement -sticky_sidenav: true - -# subnav: -# - text: How Does this Work? -# href: '#how-does-this-work' -# - text: What Will Be Impacted? -# href: '#what-will-be-impacted' -# - text: What Should I Do? -# href: '#what-should-i-do' -# - text: How Can I Test? -# href: '#how-can-i-test' -# - text: Frequently Asked Questions -# href: '#frequently-asked-questions' -# - text: Additional Resources -# href: '#additional-resources' ---- - -{% include alert-warning.html content="This announcement has been archived and is hosted solely for historical reference. It is no longer being updated or maintained." %} - - -Upcoming changes regarding Microsoft's Trusted Root Program could impact your agency. The Federal PKI Policy Authority has requested that Microsoft **remove** our U.S. Government Root CA certificate (Federal Common Policy CA [COMMON]) from Microsoft's globally distributed Certificate Trust List (CTL). - -{% include alert-info.html content="The Federal PKI Policy Authority is working with Microsoft on the timeline for removing COMMON. As more information and additional procedures become available, this announcement will be updated. Please watch for updates from the Federal PKI listserves, ICAM listservs, and the ICAM Sub-committee." %} - -## How Does This Work? -Today, Microsoft distributes hundreds of trusted root CA certificates, including COMMON, through its _Certificate Trust List (CTL)_. Microsoft distributes two CTLs for Windows operating systems: which root CAs are trusted, and which CAs are untrusted. The _Trusted CTL_ (*authrootstl.cab*) adds certificates to the Microsoft Trusted Root Certification Authorities certificate store, and the _Untrusted CTL_ (*disallowedcertstl.cab*) adds certificates to the Untrusted Certificates store. - -Starting in Windows 10 and Server 2016, Microsoft may also include date-based CTL entries. For example, a date based CTL entry will disallow trusting code-signing or server authentication certificates issued after a specific date. - -Microsoft distributes the Trusted and Untrusted CTLs to the following Windows Operating Systems: - -| **Versions** | -| :-------- | -| Windows 10 | -| Windows 8.1 | -| Windows 8 | -| Windows Vista | -| Windows Server 2016 | -| Windows Server 2012 R2 | -| Windows Server 2008 R2 | - -## What Will Be Impacted? -When Microsoft removes COMMON, government users of Windows will receive errors. Errors will occur in the following scenarios: - -2. Performing smartcard logon to the government networks using PIV credentials -2. Authenticating to the government virtual private network endpoints (VPNs) using PIV credentials -2. Authenticating to the government internet facing authentication and collaboration portals -3. Browsing with Microsoft Internet Explorer, Edge or Chrome browsers to a government **intranet** website that has a TLS/SSL certificate issued by a Federal PKI CA that validates to COMMMON. -4. Opening an email in Microsoft Outlook that was digitally signed using a certificate issued by a Federal PKI CA that validates to COMMON. -5. Opening a Microsoft Office document that was digitally signed with a certificate issued by a Federal PKI CA that validates to COMMON. - -{% include alert-info.html content="If you are unsure whether your applications will be affected, email us at: fpki@gsa.gov." %} - -This change will also impact partner users that rely on COMMON. For example, a Department of Defense employee sending a digitally signed email to a business partner. - -You can mitigate the risk to government missions, intranets, applications, and government-furnished equipment. - -## How Can I Test? - -Testing by government teams did not allow locally administered certificate stores to override the Microsoft CTL distributed settings. The decision was made to remove COMMON entirely from Microsoft's trust store. No further testing on overriding the CTL settings will be conducted. - - -To review the previous testing procedures:  [CTL Testing](https://github.com/GSA/fpki-guides/projects/2){:target="_blank"}{:rel="noopener noreferrer"}. - -## Frequently Asked Questions - -### 1.  Why is COMMMON being removed? -The Federal PKI CAs don't comply with Microsoft's requirements for globally trusted TLS/SSL certificates. Microsoft's requirements include: - -**a.  Requirement for Fully-Qualified Domain Names (FQDNs)**
-Microsoft plans to restrict TLS/SSL certificates to only those certificates using FQDNs ending in .gov, .mil, or fed.us. Some Federal agencies issue TLS/SSL certificates to intranet assets. These certificates either:  don't have FQDNs; contain intranet domains that don't end in .gov, .mil, or fed.us; or use short names (aliases). Under Microsoft's requirements, these agencies would need to reissue, re-install, and reconfigure all "non-compliant" certificates and applications. The Federal PKI community has determined that this would have a negative impact on mission applications on the intranets. - -**b.  Requirement for public audit**
-The Federal PKI follows a government auditing standard, and we have not restricted our issuance of TLS/SSL certificates to only the .gov and .mil domains. Under the requirements, all CAs in Federal PKI that could issue TLS/SSL certificates are required to submit a non-government audit or be technically constrained. Federal PKI has **not** technically constrained our CAs. - -**c.  Requirement to disclose Certificate Practice Statements and Incident Post-Mortem Reports**
-Public trust requires public disclosure and transparency. All Federal PKI CAs would be required to publicly post their Certificate Practice Statements and their Audit Letters. The Federal PKI community has attempted to disclose all Certificate Practice Statements for a number of years. However, some federal agencies include sensitive information in these documents and cannot disclose the documents publicly. - -**d.  Requirement to create new issuing Certification Authorities (CAs)**
-Any Federal PKI CA that issues TLS/SSL, code-signing, or email-signing certificates would have to establish a new CA for each type of certificate. This effort requires time, planning, and funding. - -### 2.  How can I determine which of our intranet websites and applications will be impacted, including those used by cross-agency users? -All Windows-based websites and applications configured with certificates (email, Virtual Private Network, digital signature, etc.) issued by a Federal PKI CA that validates to COMMON will be impacted. For agencies and mission partners that are cross-certified with the FBCA, external users could also be impacted if COMMON is used instead of your root. - -You can run a report on all issued certificates or, if your agency has an agreement with a Federal PKI Shared Service Provider (SSP), you can request that the SSP run the report. - -You can scan your intranet websites in coordination with your CISO teams. There are existing tools to use, or you can use the DHS NCATS "**pshtt**" tool, which will also check for cipher suites and mis-configurations on the intranet websites: - -- DHS NCATS [**pshtt**](https://github.com/dhs-ncats/pshtt){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} - -**Note:**  This tool will look for not just Federal PKI certificates. Its outputs will include all certificates and information. - -### 3.  How can I determine whether my agency users and government-furnished equipment will be impacted? -Check your enterprise trust store configurations in your Microsoft domain and devices. You must verify how COMMON was installed and managed. - -View where and how a certificate is being installed using the certificates snap-in (certmgr.msc). Under **View -> Options**, click the **Show _Physical certificate stores_** option. - -If COMMON is already in the Trusted Root Certification Authorities or Enterprise Trust store and the _source_ is a group policy object or the enterprise trust domain, you don't need to reinstall or change. - -### 4.  Is PIV network login impacted? - -Yes. See [Install Using Group Policy Objects](#install-using-group-policy-objects) to mitigate this risk. - -### 5.  Do I need to remove the "baked-in" version of COMMON? -No, don't remove COMMON. When Microsoft does the update for the CTL, it will be removed during normal patching cycles. - -You may see two versions of the certificate in Trusted Root Certificate Authorities. You must verify how COMMON was installed and managed. - -View where and how a certificate is being installed using the certificates snap-in (certmgr.msc). Under **View -> Options**, click the **Show _Physical certificate stores_** option. - -### 6.  Do I need to add COMMON to the Trusted Root Certification Authorities store, or should I add it to the Enterprise Trust Store? -Microsoft Operating Systems use different physical containers and logical views of these containers for trust stores. In addition, different tools will have different **names** for the same physical or logical view. For example: - -| **Certificates snap-in (certmgr.msc)** | **Enterprise PKI snap-in** | **certutil** | **Registry** | -| :-------- | :------------------------------- | :--------- | :----------- | -| Trusted Root Certification Authorities | Certificate Authorities Container tab| Root and RootCA | Root | - -It can be confusing--the easiest model is to follow one of the two methods in [What Should I Do?](#what-should-i-do) - -To read detailed information on certificate stores, logical views, physical views, and registry locations: [Managing Certificates with Certificate Stores](https://msdn.microsoft.com/en-us/library/windows/desktop/aa386971(v=vs.85).aspx){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} - -### 7.  Do I need to change any trust property for COMMON managed by group policy objects? -No, trust properties are not set by group policy objects. If your agency currently distributes COMMON through a group policy object, no change is needed. - -### 8.  What Windows versions are affected? -All Windows versions from Vista forward are affected. - -### 9.  Can I create a custom CTL for our enterprise? -Yes, a trusted or untrusted, custom CTL can be created for your agency enterprise: [Creating, Signing, and Storing a CTL](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379867(v=vs.85).aspx){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"}. - -However, we don't recommend this. Simplicity can help security, and it can be simpler to manage a group policy object than a custom CTL. - -## Additional Resources - -1. [Certificate Trust List Overview](https://msdn.microsoft.com/en-us/library/windows/desktop/aa376545(v=vs.85).aspx){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} -1. [Managing Certificates with Certificate Stores](https://msdn.microsoft.com/en-us/library/windows/desktop/aa386971(v=vs.85).aspx){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} -1. [Configure Trusted Roots and Disallowed Certificates](https://technet.microsoft.com/en-us/library/dn265983.aspx){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} diff --git a/_implement/announcements/03_google_ct.md b/_implement/announcements/03_google_ct.md deleted file mode 100644 index 609188150..000000000 --- a/_implement/announcements/03_google_ct.md +++ /dev/null @@ -1,190 +0,0 @@ ---- -layout: page -title: Chrome Certificate Transparency Requirements -pubDate: 08/10/2018 -archiveDate: 08/09/2019 -removeDate: 08/09/2021 -# collection: implement -category: Google -description: All TLS/SSL certificates issued after **April 30, 2018**, that validate to a publicly trusted Root Certification Authority (CA) certificate must appear in a CT log. Users browsing to non-CT compliant, federal intranet websites will encounter connection errors. -# sidenav: implement -category: Removed -sticky_sidenav: true - -# subnav: -# - text: How Does This Work? -# href: '#how-does-this-work' -# - text: What Will Be Impacted? -# href: '#what-will-be-impacted' -# - text: When Will This Start? -# href: '#when-will-this-start' -# - text: What Should I Do? -# href: '#what-should-i-do' -# - text: Frequently Asked Questions -# href: '#frequently-asked-questions' -# - text: Additional Resources -# href: '#additional-resources' ---- - -{% include alert-warning.html content="This announcement has been archived and is hosted solely for historical reference. It is no longer being updated or maintained." %} - - -As of **July 24, 2018**, Google is now enforcing Certificate Transparency (CT) for Chrome 68 and above. This means that all TLS/SSL certificates issued after **April 30, 2018**, that validate to a publicly trusted Root Certification Authority (CA) certificate must appear in a CT log in order to be trusted by Chrome 68 and above. In addition, websites must serve proof of certificate inclusion in the CT log through a Signed Certificate Timestamp (SCT). Users browsing to non-CT compliant, federal intranet websites will encounter connection errors. - -{% include alert-info.html content="Many popular browsers plan to deploy CT in their product roadmaps. Timelines will be updated on this site as browser deployment dates become known." %} - -## How Does This Work? - -The requirements for CT are built into _browsers_. - -- All roots that have been distributed _by one or more_ of the Microsoft, Android, Apple, or Mozilla trusted root programs are listed here: [Root Stores](https://cs.chromium.org/chromium/src/net/data/ssl/root_stores/README.md){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"}. -- When a government user browses to an intranet website, the user's workstation or mobile device will build one or more certificate paths to the enterprise or publicly trusted roots. -- The browser will compare the certificate path(s) to the list of roots that have _ever_ been included in the popular trust stores currently in use worldwide. -- If any certificate in the trust chain matches one of the roots in the list, then the CT requirements will be in effect. - -## What Will Be Impacted? - -A government user will receive an error on government-furnished equipment if all of the following are true: - -1. Using Chrome 68 or higher (**Note:** Additional browsers may be affected in the future.) -2. Browsing to an intranet website with a TLS/SSL certificate that validates to the Federal Common Policy CA -3. The TLS/SSL certificate was issued after **April 30, 2018** - -![Chrome Error Screen]({{site.baseurl}}/img/google_ct_hot_topic_error.png){:style="width:55%;float:center;"} - -## When Will This Start? - -CT enforcement has begun. As of **July 24, 2018**, Google is now enforcing CT for Chrome 68 and above. - -## What Should I Do? - -To mitigate the impact on the federal enterprise, you must disable CT enforcement for the affected intranet websites. - -Please see [Disable CT Enforcement for Government-Furnished Equipment](#disable-ct-enforcement-for-government-furnished-equipment). - - -### Disable CT Enforcement for Government-Furnished Equipment -{% include alert-info.html content="Two options are outlined in this section. Additional options may become available for future releases of Chrome. We will continue to update these procedures and post additional information as it becomes available. Please also check the GitHub Issues in the GSA FPKI-Guides repository for in-progress discussions." %} - -#### Option 1:  Disable CT Enforcement for "Legacy" CAs (Recommended Configuration) - -Google Chrome's "CertificateTransparencyEnforcementDisabledForLegacyCas" policy configuration allows you to disable CT enforcement for websites that chain to a user-specified "legacy" CA. Google Chrome categorizes a CA as "legacy" if it meets the following criteria: - -1. The CA has been publicly trusted by default in one or more operating systems supported by Chrome, such as Windows or macOS. -2. The CA isn't currently trusted by the Android Open Source Project or Chrome OS. - -The Federal Common Policy CA meets Google's criteria for a "legacy" CA, so you can disable CT enforcement for intranet websites that chain to it. In some cases, you'll need to create a new registry key tree in the locations specified below: - -**a.  Windows Registry location for Windows clients:**
- -For _HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForLegacyCas_, add a new string value: - - ``` - Name = 1 | Data = sha256/jotW9ZGKJb2F3OdmY/2UzCNpDxDqlYZhMXHG+DeIkNU= - ``` - -**b.  Windows Registry location for Chrome OS clients:**
- -For _HKEY_LOCAL_MACHINE\Software\Policies\Google\ChromeOS\CertificateTransparencyEnforcementDisabledForLegacyCas_, add new string value: - - ``` - Name = 1 | Data = sha256/jotW9ZGKJb2F3OdmY/2UzCNpDxDqlYZhMXHG+DeIkNU= - ``` - -**c.  macOS**
- -For preference name, _CertificateTransparencyEnforcementDisabledForLegacyCas_, add values: - - ``` - - sha256/jotW9ZGKJb2F3OdmY/2UzCNpDxDqlYZhMXHG+DeIkNU= - - ``` - -**Note:**  In all cases above, `jotW9ZGKJb2F3OdmY/2UzCNpDxDqlYZhMXHG+DeIkNU=` is a Base64 encoding of a SHA-256 hash of the Federal Common Policy CA's Subject Public Key Information (SPKI) field. - - -#### Option 2:  Disable CT Enforcement for Domains and Sub-Domains - -Chrome for government-furnished equipment will not enforce CT requirements if you apply a policy rule and include a **.gov or .mil second-level domain**, such as _agency.gov_, or other **third-level sub-domains**, such as _example.agency.gov_. You should apply configuration changes for only government-furnished equipment and only include an explicit list of second-level or below sub-domains in use for intranet websites. In some cases, you may need to create a new registry key tree in the locations specified below: - - -**a.  Windows Registry location for Windows clients:**
- -For _HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls_, add new string value: - - ``` - Agency Sub-Domain example: - - Name = 1 | Data = example.agency.gov - - Gov/Mil Top-Level Domain example: - - Name = 2 | Data = gov - Name = 3 | Data = mil - ``` - -**b.  Windows Registry location for Chrome OS clients:**
- -For _HKEY_LOCAL_MACHINE\Software\Policies\Google\ChromeOS\CertificateTransparencyEnforcementDisabledForUrls_, add new string value: - - ``` - Sub-Domain example: - - Name = 1 | Data = example.agency.gov - - Gov/Mil Top-Level Domain example: - - Name = 2 | Data = gov - Name = 3 | Data = mil - ``` - -**c.  macOS**
- -For _preference name_, _CertificateTransparencyEnforcementDisabledForUrls_, add values:
- - ``` - - example.agency.gov - .example.agency.gov - gov - mil - - ``` - -## Frequently Asked Questions - -### 1. Will Google's use of CT in Chrome impact my agency's internal, only locally trusted CA TLS/SSL certificates? - -No. There will be no impact if you use your agency's internal, only locally trusted CA to issue TLS/SSL certificates to intranet sites. Chrome's CT enforcement will impact only federal intranet sites whose TLS/SSL certificates validate to Federal Common Policy CA, whose certificate is currently distributed through operating system trust stores. - -### 2. Why is Google enforcing CT in Chrome? - -Chrome's CT change has been planned and incrementally implemented for over two years. CT provides a benefit to the global community by: - -- Improving openness and transparency -- Allowing domain owners to identify mistakenly or maliciously issued certificates - -### 3. How do I know whether my intranet website is compliant with CT? -You can check for CT compliance by using the steps below to verify the presence of an SCT. These steps apply to any Federal PKI TLS/SSL certificate or commercially sourced certificate. - -**Note:**  SCTs are only required for certificates issued after April 30, 2018. Some certificates issued **before** this date may already be compliant. To check compliance: - -1. Open Chrome and browse to your website. -2. In Chrome, go to **Settings->More Tools**. -3. Open the **Developer Tools** panel:
- ``` - Windows: CTRL + Shift + "i" - macOS: Apple key + Shift + "i" - ``` -4. Select the **Security** tab in the **Developer Tools**. -5. Refresh the website page and click on the website under the **Main origin** column. -6. If the certificate is compliant, it will display the CT log details under the **Certificate Transparency** heading. - -## Additional Resources -1. [What is Certificate Transparency?](https://www.certificate-transparency.org/){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} -2. [Certificate Transparency Background](https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/78N3SMcqUGw){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} -3. [Certificate Transparency in Chrome--Detailed Information](http://www.certificate-transparency.org/certificate-transparency-in-chrome){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} -3. [Certificate Transparency--Resources for Site Owners](https://sites.google.com/site/certificatetransparency/resources-for-site-owners){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} -4. [How to Disable CT in Enterprise Chrome](http://www.chromium.org/administrators/policy-list-3#CertificateTransparencyEnforcementDisabledForUrls){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} -5. [Chrome Policy Templates](https://www.chromium.org/administrators/policy-templates){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} diff --git a/_implement/announcements/04_apple_common_removal.md b/_implement/announcements/04_apple_common_removal.md deleted file mode 100644 index c6d453d06..000000000 --- a/_implement/announcements/04_apple_common_removal.md +++ /dev/null @@ -1,97 +0,0 @@ ---- -layout: page -title: Federal Common Policy CA Removal from Apple Trust Stores Impact -pubDate: 09/13/2018 -archiveDate: 09/12/2019 -removeDate: 09/12/2021 -# collection: implement -category: Apple -# permalink: /fpki/announcements/2018applepkichanges/ -description: Upcoming changes regarding Apple's remove of the U.S. Government Root CA. -# sidenav: fpkiarchivedannouncements -category: implement -sticky_sidenav: true - -# subnav: -# - text: How Does This Work? -# href: '#how-does-this-work' -# - text: What Will Be Impacted? -# href: '#what-will-be-impacted' -# - text: What Should I Do? -# href: '#what-should-i-do' -# - text: Frequently Asked Questions -# href: '#frequently-asked-questions' -# - text: Additional Resources -# href: '#additional-resources' ---- - -{% include alert-warning.html content="This announcement has been archived and is hosted solely for historical reference. It is no longer being updated or maintained." %} - - -Upcoming changes regarding Apple devices and operating systems could impact your agency. The Federal PKI Policy Authority has elected to remove our U.S. Government Root CA certificate (Federal Common Policy CA [COMMON]) from Apple's pre-installed Operating System Trust Stores. - -Starting in the release of macOS Mojave, iOS 12, and tvOS 12, government users of Apple devices will receive errors when encountering instances of a Federal PKI CA-issued certificate. You can mitigate the impact for government intranets and the government-furnished Apple devices. - -**Apple Operating System Release Dates** -- iOS 12: September 17, 2018 -- tvOS 12: September 17, 2018 -- macOS Mojave: September 24, 2018 - -{% include alert-info.html content="The FPKIPA has also elected to remove the Federal Common Policy CA root certificate from Microsoft's Trust Store." %} - -## How Does This Work? - -Apple currently distributes the Federal Common Policy CA (COMMON) through its pre-installed operating system Trust Stores for iOS, macOS, and tvOS. - -Three root CA certificate _types_ reside in Apple's Trust Stores: - -- _Trusted Certificates_ — Trusted certificates that establish a chain of trust. -- _Always Ask_ — Untrusted certificates that are not blocked. If a resource (e.g., website or signed email) chains to one of these certificates, the Apple operating system will ask you to choose whether or not to trust it. -- _Blocked_ — Potentially compromised certificates that will never be trusted. - -These certificate types are stored within Apple _Keychains_: - -- _Login Keychain_ — Certificates associated with a user account logged into a device. -- _System Keychain_ — Certificates associated with all user accounts on a device (similar to the Microsoft Windows' _Local Machine_ certificate store). -- _System Roots Keychain_ — Includes Apple's _pre-installed_, trusted root CA certificates. COMMON will be removed from this Keychain. - -## What Will Be Impacted? - -These Apple operating system versions (and all subsequent versions) will be impacted: - -|**macOS**|**iOS**|**tvOS**| -| :-------- |:-------- |:-------- | -| Mojave (10.14), Release 9/24/18 | iOS 12, Release 9/17/18 | tvOS 12, Release 9/17/18 | - - -Government users will receive errors on government-furnished Apple devices if any of these are true: - -1. Logging into a government network with a PIV credential -2. Authenticating to a government Virtual Private Network (VPN) endpoint with a PIV credential -3. Authenticating to an internet-facing, government collaboration portal with a PIV credential -4. Browsing with Safari, Chrome, or Edge (iOS) to a government **intranet** website that uses a Federal PKI CA-issued TLS/SSL certificate -5. Opening an Apple Mail or Microsoft Outlook email that was digitally signed using a Federal PKI CA-issued certificate -6. Opening a Microsoft Office document that was digitally signed with a Federal PKI CA-issued certificate - -This change will also impact Federal Government partners that rely on COMMON—for example, a Department of Defense employee sending a digitally signed email to a business partner. - -You can mitigate the risk to government missions, intranets, applications, and government-furnished equipment. - -{% include alert-info.html content="If you are unsure whether your applications will be affected, email us at fpki@gsa.gov." %} - -## Frequently Asked Questions - -### 1.  Is PIV network login impacted? -Yes. - -### 2.  What versions are affected? -Please see [What Will Be Impacted?](#what-will-be-impacted). - -## Additional Resources -1. [macOS Available Trusted Root Certificates List](https://support.apple.com/en-us/HT202858){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} -2. [iOS Available Trusted Root Certificates List](https://support.apple.com/en-us/HT204132){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} -3. [tvOS Available Trusted Root Certificates](https://support.apple.com/en-us/HT207231){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} -4. [Apple Keychains](https://developer.apple.com/documentation/security/keychain_services){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} -5. [Apple Configuration Profile Reference](https://developer.apple.com/library/content/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} -6. [Over-the-Air Profile Delivery and Configuration](https://developer.apple.com/library/archive/documentation/NetworkingInternet/Conceptual/iPhoneOTAConfiguration/Introduction/Introduction.html#//apple_ref/doc/uid/TP40009505){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} -7. [Mobile Device Management Best Practices](https://developer.apple.com/library/archive/documentation/Miscellaneous/Reference/MobileDeviceManagementProtocolRef/6-MDM_Best_Practices/MDM_Best_Practices.html#//apple_ref/doc/uid/TP40017387-CH5-SW2){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} diff --git a/_implement/announcements/05_health_it_removal.md b/_implement/announcements/05_health_it_removal.md deleted file mode 100644 index 82bfcdf3a..000000000 --- a/_implement/announcements/05_health_it_removal.md +++ /dev/null @@ -1,753 +0,0 @@ ---- -layout: page -title: Removal of CAs from Federal PKI -pubDate: 03/05/2019 -archiveDate: 03/04/2020 -removeDate: 03/04/2022 -# collection: implement -category: Removal -#permalink: /fpki/announcements/2019removal/ -description: This announcement provides information related to the Health IT CAs removed from the Federal PKI. -# sidenav: implement -sticky_sidenav: true -category: Archive - -# subnav: -# - text: What Was the Change? -# href: '#what-was-the-change' -# - text: What Certification Authorities Were Impacted? -# href: '#what-certification-authorities-were-impacted' -# - text: What Should I Do? -# href: '#what-should-i-do' -# - text: Who Can I Contact for Help or More Information? -# href: '#who-can-i-contact-for-help-or-more-information' -# - text: Additional Resources -# href: '#additional-resources' ---- - -Federal PKI teams performed two actions to remove fifty-nine (59) certification authorities (CAs) related to health IT use cases from the Federal PKI trust framework. This change is related to efforts to assess and maintain the mission scope for Federal PKI and reduce burden for commercial and non-profit organizations. This change is **not a distrust** action. - -This announcement provides details related to the CAs affected by this change. - -## What Was the Change? - -- **February 28, 2019:** Federal PKI issued a cross-certificate from the Federal Bridge CA 2016 to DigiCert Federated ID L3 CA. - - The issuance of the new cross-certificate was to ensure operations for three (3) electronic prescriptions for controlled substance (EPCS) systems were not immediately impacted by the planned revocation of the Federal Bridge CA 2016 / DigiCert Federated ID CA-1 cross-certificate. -- **March 4, 2019:** Federal PKI revoked the cross-certificate issued from the Federal Bridge CA 2016 to DigiCert Federated ID CA-1 CA. - -## What Certification Authorities Were Impacted? -The following CAs are still **active** and may be used for the intended purposes. These CAs no longer have a trust relationship with - or are required to be audited for - Federal PKI compliance. - -Each CA is listed by common name with a link to additional CA certificate details in the [Additional Resources](#additional-resources) section. - -**CA Certificates _Issued By_ DigiCert Federated ID CA-1 CA** - -- [DigiCert Federated Trust CA](#digicert-federated-trust-ca) -- [DigiCert Federated Trust CA-1](#digicert-federated-trust-ca-1) -- [DigiCert Federated ID L1 CA](#digicert-federated-id-l1-ca) -- [DigiCert Federated ID L2 CA](#digicert-federated-id-l2-ca) -- [DigiCert Federated ID L3 CA](#digicert-federated-id-l3-ca) -- [DigiCert Federated ID L4 CA](#digicert-federated-id-l4-ca) -- [DigiCert Federated ID US L3 CA](#digicert-federated-id-us-l3-ca) -- [DigiCert Federated ID US L4 CA](#digicert-federated-id-us-l4-ca) - - -**CA Certificates _Issued By_ DigiCert Federated Trust CA** - -- [What Was the Change?](#what-was-the-change) -- [What Certification Authorities Were Impacted?](#what-certification-authorities-were-impacted) -- [What Should I Do?](#what-should-i-do) -- [Who Can I Contact for Help or More Information?](#who-can-i-contact-for-help-or-more-information) -- [Additional Resources](#additional-resources) - - [CA Certificates _Issued By_ DigiCert Federated ID CA-1 CA](#ca-certificates-issued-by-digicert-federated-id-ca-1-ca) - - [DigiCert Federated Trust CA](#digicert-federated-trust-ca) - - [DigiCert Federated Trust CA-1](#digicert-federated-trust-ca-1) - - [DigiCert Federated ID L1 CA](#digicert-federated-id-l1-ca) - - [DigiCert Federated ID L2 CA](#digicert-federated-id-l2-ca) - - [DigiCert Federated ID L3 CA](#digicert-federated-id-l3-ca) - - [DigiCert Federated ID L4 CA](#digicert-federated-id-l4-ca) - - [DigiCert Federated ID US L3 CA](#digicert-federated-id-us-l3-ca) - - [DigiCert Federated ID US L4 CA](#digicert-federated-id-us-l4-ca) - - [CA Certificates _Issued By_ DigiCert Federated Trust CA](#ca-certificates-issued-by-digicert-federated-trust-ca) - - [AAMC Direct Intermediate CA](#aamc-direct-intermediate-ca) - - [Allina Health Connect HIE Intermediate CA](#allina-health-connect-hie-intermediate-ca) - - [Axesson Direct CA](#axesson-direct-ca) - - [Care360 Direct Intermediate CA](#care360-direct-intermediate-ca) - - [Cerner Corporation Direct Intermediate CA](#cerner-corporation-direct-intermediate-ca) - - [Cerner Corporation Resonance Intermediate CA](#cerner-corporation-resonance-intermediate-ca) - - [CompuGroup Medical Certificate Authority](#compugroup-medical-certificate-authority) - - [Corepoint Direct Intermediate CA](#corepoint-direct-intermediate-ca) - - [DigiCert Accredited Direct Med CA](#digicert-accredited-direct-med-ca) - - [DigiCert Direct Non-Provider CA](#digicert-direct-non-provider-ca) - - [DigiCert Federated Healthcare CA](#digicert-federated-healthcare-ca) - - [DigiCert Governmental Direct CA](#digicert-governmental-direct-ca) - - [DigiCert Provisional Direct Med CA](#digicert-provisional-direct-med-ca) - - [Indian Health Service-RPMS DIRECT Messaging CA](#indian-health-service-rpms-direct-messaging-ca) - - [Inpriva Direct Federated CA](#inpriva-direct-federated-ca) - - [INTEGRIS Direct Intermediate CA](#integris-direct-intermediate-ca) - - [iShare Medical Direct Intermediate CA](#ishare-medical-direct-intermediate-ca) - - [MedicaSoft Direct Intermediate CA](#medicasoft-direct-intermediate-ca) - - [Medicity Direct CA](#medicity-direct-ca) - - [MHIN Direct CA](#mhin-direct-ca) - - [Mirth Direct Intermediate CA](#mirth-direct-intermediate-ca) - - [MobileMD Direct Intermediate CA](#mobilemd-direct-intermediate-ca) - - [MRO Direct Intermediate CA](#mro-direct-intermediate-ca) - - [Oregon Health Authority Direct CA](#oregon-health-authority-direct-ca) - - [Orion Health Direct Secure Messaging CA](#orion-health-direct-secure-messaging-ca) - - [RelayHealth Direct CA](#relayhealth-direct-ca) - - [Rochester RHIO Intermediate CA](#rochester-rhio-intermediate-ca) - - [SCHIEx Direct CA](#schiex-direct-ca) - - [CA Certificates _Issued By_ DigiCert Federated Trust CA-1](#ca-certificates-issued-by-digicert-federated-trust-ca-1) - - [MIDIGATE CA](#midigate-ca) - - [Trinity Health Direct CA](#trinity-health-direct-ca) - - [CA Certificates _Issued By_ Orion Health Direct Secure Messaging CA](#ca-certificates-issued-by-orion-health-direct-secure-messaging-ca) - - [Alaska eHealth Network CA](#alaska-ehealth-network-ca) - - [Cal INDEX CA](#cal-index-ca) - - [Catholic Health Initiatives CA](#catholic-health-initiatives-ca) - - [Greenville Health System CA](#greenville-health-system-ca) - - [Highmark Tapestry HIE CA](#highmark-tapestry-hie-ca) - - [Huntsville Hospital System CA](#huntsville-hospital-system-ca) - - [Inland Empire Health Information Exchange](#inland-empire-health-information-exchange) - - [Jax HR Saint Vincents HIE CA](#jax-hr-saint-vincents-hie-ca) - - [KeystoneHIE KeyHIE CA](#keystonehie-keyhie-ca) - - [Louisiana Health Care Quality Forum CA](#louisiana-health-care-quality-forum-ca) - - [Mary Washington Healthcare CA](#mary-washington-healthcare-ca) - - [Mass HIway CA](#mass-hiway-ca) - - [Mississippi Division of Medicaid CA](#mississippi-division-of-medicaid-ca) - - [New Hampshire Health Information Organization CA](#new-hampshire-health-information-organization-ca) - - [New Mexico Health Information Collaborative CA](#new-mexico-health-information-collaborative-ca) - - [North Carolina Health Information Exchange CA](#north-carolina-health-information-exchange-ca) - - [North Dakota Information Technology Department CA](#north-dakota-information-technology-department-ca) - - [Oklahoma State Department of Health CA](#oklahoma-state-department-of-health-ca) - - [Optioncare CA](#optioncare-ca) - - [Orion Health Direct Secure Messaging Public HISP CA](#orion-health-direct-secure-messaging-public-hisp-ca) - - [Rush Health CA](#rush-health-ca) - - [Sutter Health CA](#sutter-health-ca) - - [The Koble Group CA](#the-koble-group-ca) - - [Western Connecticut Health Network CA](#western-connecticut-health-network-ca) - - -**CA Certificates _Issued By_ DigiCert Federated Trust CA-1** - -- [MIDIGATE CA](#midigate-ca) -- [Trinity Health Direct CA](#trinity-health-direct-ca) - -**CA Certificates _Issued By_ Orion Health Direct Secure Messaging CA** - -- [Alaska eHealth Network CA](#alaska-ehealth-network-ca) -- [Cal INDEX CA](#cal-index-ca) -- [Catholic Health Initiatives CA](#catholic-health-initiatives-ca) -- [Greenville Health System CA](#greenville-health-system-ca) -- [Highmark Tapestry HIE CA](#highmark-tapestry-hie-ca) -- [Huntsville Hospital System CA](#huntsville-hospital-system-ca) -- [Inland Empire Health Information Exchange](#inland-empire-health-information-exchange) -- [Jax HR Saint Vincents HIE CA](#jax-hr-saint-vincents-hie-ca) -- [KeystoneHIE KeyHIE CA](#keystonehie-keyhie-ca) -- [Louisiana Health Care Quality Forum CA](#louisiana-health-care-quality-forum-ca) -- [Mary Washington Healthcare CA](#mary-washington-healthcare-ca) -- [Mass HIway CA](#mass-hiway-ca) -- [Mississippi Division of Medicaid CA](#mississippi-division-of-medicaid-ca) -- [New Hampshire Health Information Organization CA](#new-hampshire-health-information-organization-ca) -- [New Mexico Health Information Collaborative CA](#new-mexico-health-information-collaborative-ca) -- [North Carolina Health Information Exchange CA](#north-carolina-health-information-exchange-ca) -- [North Dakota Information Technology Department CA](#north-dakota-information-technology-department-ca) -- [Oklahoma State Department of Health CA](#oklahoma-state-department-of-health-ca) -- [Optioncare CA](#optioncare-ca) -- [Orion Health Direct Secure Messaging Public HISP CA](#orion-health-direct-secure-messaging-public-hisp-ca) -- [Rush Health CA](#rush-health-ca) -- [Sutter Health CA](#sutter-health-ca) -- [The Koble Group CA](#the-koble-group-ca) -- [Western Connecticut Health Network CA](#western-connecticut-health-network-ca) - - -## What Should I Do? -A majority of mission operational use cases will never encounter certificates issued from these CAs. Certificates from these CAs are primarily used for nationwide healthcare information systems and electronic health records. - -You can remove these CAs from trust list configurations used for the following purposes: - -- Federal government enterprise virtual private network (VPN) configurations -- Federal government enterprise ICAM single-sign-on services -- Federal government enterprise network authentication configurations -- Federal government enterprise federation service configurations used for authentication of end users - -Removing the CAs from these trust list configurations may improve performance and reduce maintenance overhead. - - -## Who Can I Contact for Help or More Information? -Email us at fpki@gsa.gov - -## Additional Resources -Details of each CA affected by this change are listed below. You can also download files with copies of the CA certificates. - - -#### CA Certificates _Issued By_ DigiCert Federated ID CA-1 CA - -##### DigiCert Federated Trust CA -- Serial #: 0E569A999C8F5DDAF576E08A12759914 -- Not Before: 11/18/2011 -- Not After: 11/18/2023 -- AKI: D02B3BFF6871D6900CF7C47379C7997000E54740 -- SKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- Thumbprint (SHA-1 Hash): A6B8FEE249869E52A3039CB86B97DE5EFB6E8EB4 -- SPKI (SHA-256 Hash): BAE872B27520AF07BCEC1F276FAACF9A3F53793CC340D7C6ADC6D60F9D37D841 - -##### DigiCert Federated Trust CA-1 -- Serial #: 0E25E27258328AEBDA5BAE23412F0B83 -- Not Before: 8/24/2017 -- Not After: 1/14/2023 -- AKI: D02B3BFF6871D6900CF7C47379C7997000E54740 -- SKI: 6BD202D3D1A9638B394B45319A8F0CBE29E6012B -- Thumbprint (SHA-1 Hash): E29C44387F7BAA9F49EFCCAEA654BCE20CFF5FD3 -- SPKI (SHA-256 Hash): 6473D4F3B628CD1A39AD7DD43D6EC4E85418154A64581EC8A5EB85CABD09235F - -##### DigiCert Federated ID L1 CA -- Serial #: 0C7A7DCC53DDE3D580FC9688D3449627 -- Not Before: 10/30/2012 -- Not After: 10/30/2027 -- AKI: D02B3BFF6871D6900CF7C47379C7997000E54740 -- SKI: DE9A5CAE53D3C97418000031921B4A2709C87948 -- Thumbprint (SHA-1 Hash): 629D8910A0342BF54BC81CE857B1CDE8F197FDE6 -- SPKI (SHA-256 Hash): 3D40F285BCE77279A6510F123783B0663D35BA4CE5AABCA8FE412AB95584AD4A - -##### DigiCert Federated ID L2 CA -- Serial #: 0DBA21F019A2AF46C3614FE7E72721F8 -- Not Before: 1/8/2014 -- Not After: 1/8/2029 -- AKI: D02B3BFF6871D6900CF7C47379C7997000E54740 -- SKI: 0A26205117910D71DB3B3E5E0200A0E803B65519 -- Thumbprint (SHA-1 Hash): A6B6A96F9FE96A7ABD6D653F1C042B46DB997ABF -- SPKI (SHA-256 Hash): B8580D56E54732240057C330614D728E0FE31D4598671FEADAC59D7EA2743DFA - -##### DigiCert Federated ID L3 CA -- Serial #: 0FDAC8733E6F53E33102675179703290 -- Not Before: 1/8/2014 -- Not After: 1/8/2029 -- AKI: D02B3BFF6871D6900CF7C47379C7997000E54740 -- SKI: 8F23D3C49CEBC2A6964E3AF1CE88B28BE2935412 -- Thumbprint (SHA-1 Hash): B60E8344FC32949C23D31A294F867EA64A9BECF2 -- SPKI (SHA-256 Hash): 0FFCB556F276AA77482A6A89EB1708AFB08DC32EE3D2D67199F00BA98DC8F436 - -##### DigiCert Federated ID L4 CA -- Serial #: 0AE4FB7C15E43A90A753212AFFCFE140 -- Not Before: 10/30/2012 -- Not After: 10/30/2027 -- AKI: D02B3BFF6871D6900CF7C47379C7997000E54740 -- SKI: E33A75499CDA442F6C86031C818B2857C8FFA232 -- Thumbprint (SHA-1 Hash): D69D7163302134697AFFBDB934E40CAB6AD57795 -- SPKI (SHA-256 Hash): E5F60FB3FCEA3DFB8BBF09B06F26077C46BFBB36966B611B6DCCCC0D2B591186 - -##### DigiCert Federated ID US L3 CA -- Serial #: 079E9B3BDD54A4449B220580F2602B97 -- Not Before: 1/8/2014 -- Not After: 1/8/2029 -- AKI: D02B3BFF6871D6900CF7C47379C7997000E54740 -- SKI: 0A8FEE0166735DE223EDA829E85592525AD0BE88 -- Thumbprint (SHA-1 Hash): 7FF5F80F53A0DF20C42A7D0DC544C68D684CD557 -- SPKI (SHA-256 Hash): D78BD9425A708E062927E3FE396AC22DF1414B1AE926FB6E868165C039197CAC - -> **Note**: Federal Bridge CA 2016 issued a cross certificate to the DigiCert Federated ID L3 CA on February 28, 2019. This will ensure operations for three (3) Electronic Prescriptions for Controlled Substance (EPCS) customers are not immediately impacted while we continue to review these systems and the use case. - -##### DigiCert Federated ID US L4 CA -- Serial #: 0288147B73BE38D74651E1DCA065CD08 -- Not Before: 4/18/2013 -- Not After: 4/18/2028 -- AKI: D02B3BFF6871D6900CF7C47379C7997000E54740 -- SKI: 9AC44371300E3025A54AE9B4234ED338F3373FA8 -- Thumbprint (SHA-1 Hash): F7F5D745DB7AEADE2AA27E0D5AFAB9760BF8B8A4 -- SPKI (SHA-256 Hash): 07CCF59B26C0559F70F16FB8876444394F7148569D62CC06B07B18EBB1ECCCFF - - -#### CA Certificates _Issued By_ DigiCert Federated Trust CA - -##### AAMC Direct Intermediate CA -- Serial #: 0B6957DF612F5190A590DCA544B775A1 -- Not Before: 5/28/2015 -- Not After: 5/28/2025 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: 4B322EA7FD956726D59CD8AE250C0C04284D71AD -- Thumbprint (SHA-1 Hash): 3C2C135BC01B3DF5B2F85AB78BB83698F1377116 -- SPKI (SHA-256 Hash): 317D690B644ADFBF8D3EBE4F235421A6840ED49945A15C787805B24A125E830A - -##### Allina Health Connect HIE Intermediate CA -- Serial #: 0A2F68961CDF5A7205CC820AD212BF21 -- Not Before: 12/8/2015 -- Not After: 12/8/2025 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: B051F97D55E4B8729FD13A680AD085DADA850F90 -- Thumbprint (SHA-1 Hash): 97C378CD81E32241D903CCC546BA6AD9C5C5880A -- SPKI (SHA-256 Hash): 92E2F8C212A70D9489D715A0D12379420ADAC5C4FBB551A4699E1B869FD11C4D - -##### Axesson Direct CA -- Serial #: 088F6B9D51E46E382D4D50F2F3FCF1C8 -- Not Before: 1/8/2014 -- Not After: 1/8/2024 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: BE8F4706EA5DBF8441C38E055111DAA347EF9CCB -- Thumbprint (SHA-1 Hash): C0A5BB8F511AB6BE007E0A5502E2E2F3998F958A -- SPKI (SHA-256 Hash): C76C23E36F825706D78B849E581CD1CB2BFBAC48D1BB500A177CB28FAFD536B3 - -##### Care360 Direct Intermediate CA -- Serial #: 0E117F35E685C8377C967FE06C8CD0D9 -- Not Before: 8/25/2015 -- Not After: 8/25/2025 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: 56901A6BF9F4429A64A6072F1524EE8C280E2A63 -- Thumbprint (SHA-1 Hash): 81C35E4E102FB6CCC52FAB22D3A193E0A63E5223 -- SPKI (SHA-256 Hash): E1573E8E0951404B724AF2AF5DD5760B29262F4DDF628B8BD1F752816EF0A894 - -##### Cerner Corporation Direct Intermediate CA -- Serial #: 0ED8D84E972DB014A66912DFFE8FDA97 -- Not Before: 9/26/2014 -- Not After: 9/26/2024 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: 52B72C85440C1F62F87B1C621ADD6C4DB98F0931 -- Thumbprint (SHA-1 Hash): 9C549F6C12662A37B0EDF91778444C1290D58D47 -- SPKI (SHA-256 Hash): B663DEB2964FE08D1485025A0469078E82BA828CF85C56A0E5D58CB1E39E0D09 - -##### Cerner Corporation Resonance Intermediate CA -- Serial #: 0D535AE73B9D531AAFAAD8E02686F9F7 -- Not Before: 11/11/2015 -- Not After: 11/11/2021 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: 5F2474960E21A88FCD98F0DAF610779428D58A36 -- Thumbprint (SHA-1 Hash): 0D535AE73B9D531AAFAAD8E02686F9F7 -- SPKI (SHA-256 Hash): E02D3B571F6878D487DE5E2788E8509BBD127199E611E83C3AA24C1078B8CFD5 - -##### CompuGroup Medical Certificate Authority -- Serial #: 0898830DED1957A72AB05F28363241D5 -- Not Before: 12/8/2015 -- Not After: 12/8/2025 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: 0D177F4A586EB40F15D1AAF3D1E486786C67E236 -- Thumbprint (SHA-1 Hash): 6A586F2CFCBED8C8C506A245AA59F329B45A84E5 -- SPKI (SHA-256 Hash): 8E215DE3D86027B3AABCA721136D295B33A5B8037C2F54C1C5ED18073379A0F7 - -##### Corepoint Direct Intermediate CA -- Serial #: 05B60D635544534278B24A48BCD8E8E3 -- Not Before: 1/14/2015 -- Not After: 1/14/2025 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: 32688EEF55C5851961D2DB09D07EAE98912632BC -- Thumbprint (SHA-1 Hash): 1A9B160563BC27E23F6CA9EA4C5D18F3DDA7D08D -- SPKI (SHA-256 Hash): A5CC00D887AD3538AF5710CD60A985FDF35C9B036C201C69F3B0358BD7D6FE05 - -##### DigiCert Accredited Direct Med CA -- Serial #: 09547628F41064DB095087100950673E -- Not Before: 8/6/2013 -- Not After: 8/6/2023 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: 77AE03566D1250157FFE10AB79BA2CB68C6F49D6 -- Thumbprint (SHA-1 Hash): DD110A059FE70BD57A26CA466AD7AE5573FAAF1F -- SPKI (SHA-256 Hash): 6C9292A402CC644B4DF0CB4BE498662ACE4A34000FDD9DE6FE869E4DAEC0F2F4 - -##### DigiCert Direct Non-Provider CA -- Serial #: 024F7D6040D5E5FA85D13EC99EC83152 -- Not Before: 2/11/2014 -- Not After: 2/11/2024 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: F98866882657FB27637B3F6343D18B01CA3A12F3 -- Thumbprint (SHA-1 Hash): F6AABDD56AA6333C4BEA891688E75141D4F82D77 -- SPKI (SHA-256 Hash): 3FE5DAB75E102E06E3523093EE6A42A518684B3D036C25A0731A8C27E374705E - -##### DigiCert Federated Healthcare CA -- Serial #: 0656F256EAA1A6DFF943082ABAE7B4EA -- Not Before: 2/11/2014 -- Not After: 2/11/2024 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: 824D97867C04CFD31144D21C1263C889417E2D3E -- Thumbprint (SHA-1 Hash): 0E694D69F792A2546B993D841A08AA4A85319C5B -- SPKI (SHA-256 Hash): 7E53D9869A0F6978EEE006E73C8508FAF7475B887692C4762E494C9D5F4CA731 - -##### DigiCert Governmental Direct CA -- Serial #: 0916AC4212F94019E734F0630DBF095F -- Not Before: 9/25/2015 -- Not After: 9/25/2025 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: 702D4BA984011A8475F778A90949EC304BF96FEB -- Thumbprint (SHA-1 Hash): F5F0A823699425DA59C5C48B1848F36CB78B1BB2 -- SPKI (SHA-256 Hash): E93A89E2D242026C0D06DE7889B06E963B3B286F85F0D4DB819E54E2072B6E79 - -##### DigiCert Provisional Direct Med CA -- Serial #: 0BEE774D81066945E4EB6DB18C39AE3B -- Not Before: 6/3/2014 -- Not After: 6/3/2024 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: 75AEE40F2EA9BEB233D9159AC994C1F730B435AA -- Thumbprint (SHA-1 Hash): 40EF4AFD9E41C1A7CB19D7AC603CBDAF4A6B0639 -- SPKI (SHA-256 Hash): AAB8548337A1266A4B049391497C3946BEF805ED395357879EFD0F9C3357517E - -##### Indian Health Service-RPMS DIRECT Messaging CA -- Serial #: 0933E5758078BBA93074A4D164FAA171 -- Not Before: 4/4/2014 -- Not After: 4/4/2024 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: 1B73DB517EB2CDE145E054E06D2B9872F066C02A -- Thumbprint (SHA-1 Hash): 2B1BDA3A2B2015CD00CD7DFCE9832ACA58FD92C9 -- SPKI (SHA-256 Hash): E5E29329C19A97086075EF390BC0CD6550BC44BA30DB711F65113D9CF1819259 - -##### Inpriva Direct Federated CA -- Serial #: 0EDEB3BAB925834900B297481174C4F0 -- Not Before: 11/18/2011 -- Not After: 11/18/2021 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: 7D174A10701A3F153BB4837AAE9FF128613E9E23 -- Thumbprint (SHA-1 Hash): 0983E63BFDAC2240FF648C1521DEE226DAD1E447 -- SPKI (SHA-256 Hash): 11B3D11879E58617BAB9AEC5E2D0C7764F5BDB5B2EC3469D8012662EDEE366B9 - -##### INTEGRIS Direct Intermediate CA -- Serial #: 01E9F27D867B6F81937EF4720B17E660 -- Not Before: 11/18/2014 -- Not After: 11/18/2024 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: CA8782FBA642FF63A96C4451CF74F76E8936E6BC -- Thumbprint (SHA-1 Hash): C28E0ADCB82438286285B2DA6BBCAB0980E30357 -- SPKI (SHA-256 Hash): 548AB06640FBDFC0902AA1B413031018C26AD8A3E219ADE869E99F49D64C1D05 - -##### iShare Medical Direct Intermediate CA -- Serial #: 0728BE4E2D23504FB44BB6D7ED21BAB7 -- Not Before: 1/14/2015 -- Not After: 1/14/2025 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: 05A93FA6DE09C5DEB45DE9F2D0F94EFD3EE4B4DD -- Thumbprint (SHA-1 Hash): AD7937A799CD888A08BAA603A253759FDF73253E -- SPKI (SHA-256 Hash): C82A85BC54A85A5AE54A48584E5DBC4738C6DFCA242677AE5F2F1BE9C51F115D - -##### MedicaSoft Direct Intermediate CA -- Serial #: 0FFCEBA644F85AAFFF1C45BCB2DD74C2 -- Not Before: 4/28/2015 -- Not After: 4/28/2025 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: 3DB1C40E4E7E977BA56F8592E0C8968C42AB0896 -- Thumbprint (SHA-1 Hash): E9F761B8D2BE9BE719B7D4D37DDD2A193EA240A0 -- SPKI (SHA-256 Hash): 57C8C86D14D9D8973087EFB1AAB734ED6ABB835B17F2ACF89B6A5DCE401F59CF - -##### Medicity Direct CA -- Serial #: 05376E815724C49DEC67CE208B8FA835 -- Not Before: 2/13/2014 -- Not After: 2/13/2024 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: 59F455C75BEE76663263173997F79A74D86C0EB7 -- Thumbprint (SHA-1 Hash): 9278A953771BE9BDE82E37A9C19BDD29D974B907 -- SPKI (SHA-256 Hash): 29C6DEEA67531B3EE41905E2BAA91907E0B997DA5B346F41A4B2B2154EACF0C2 - -##### MHIN Direct CA -- Serial #: 029FAFE71A57144DAF7CB403031616AF -- Not Before: 1/8/2014 -- Not After: 1/8/2024 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: 39629D94ACF873DDB2FDA4D15C208641A497C6C9 -- Thumbprint (SHA-1 Hash): DCC8C9D8F2610843F5653876CF7E2879FC62CB41 -- SPKI (SHA-256 Hash): C8CEFF21E62EEC7B49D5C00B718A4B661223D52EE940DC5A1EDEEC21AAD298F9 - -##### Mirth Direct Intermediate CA -- Serial #: 094A57F3ED91461B4D4E47B015698B4F -- Not Before: 9/26/2014 -- Not After: 9/26/2024 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: B25C27C56F7962A1FD3EB46683A440BCCA37E07D -- Thumbprint (SHA-1 Hash): BB1B5A342AD6929AF28AAC038CF4ED8E5377FD3B -- SPKI (SHA-256 Hash): 3FBD2D26E6A90688784E5EC17965109E997DBE7C9F84E426B9955F8F504B3C88 - -##### MobileMD Direct Intermediate CA -- Serial #: 0E14FC08CF32009C59C596A1AFEEE1B1 -- Not Before: 10/21/2014 -- Not After: 10/21/2024 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: 055244C67830566C0471612C12C8A493E14452AC -- Thumbprint (SHA-1 Hash): 633C3C8B7999E1D6998ECA1DB9D522961ED13379 -- SPKI (SHA-256 Hash): 285F267D69801CE8459D69A3C3BAA872EE8699F462F26ECB3F0C1C5604CC4BBB - -##### MRO Direct Intermediate CA -- Serial #: 0EDF2AA525860365D47A0662D3C9A48D -- Not Before: 10/21/2014 -- Not After: 10/21/2024 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: D245010C188D7330FCD40E2CFFA0E023E8B60CDB -- Thumbprint (SHA-1 Hash): 29431E91F570B976DA3B9A104FBC4CAA77E86C69 -- SPKI (SHA-256 Hash): 309B9EC320A5757B18045977BAA8F3320423372A4934FECFED93CBC5EAF7D3D0 - -##### Oregon Health Authority Direct CA -- Serial #: 0FE3D8092A6D7DF40369050171AF1E8B -- Not Before: 3/5/2014 -- Not After: 3/5/2024 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: 6A4A9128687032385649F2BE4D5D09285131CC0D -- Thumbprint (SHA-1 Hash): 0A57575F663467ECCE525284C84E7ADBB29BD8C6 -- SPKI (SHA-256 Hash): 0CD7582516043FDF87616AB4016F331E5EF1CC4B18B2C681D6F0941D48A94503 - -##### Orion Health Direct Secure Messaging CA -- Serial #: 0133727B8425DA865077348D70A96C03 -- Not Before: 10/21/2013 -- Not After: 10/23/2023 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- Thumbprint (SHA-1 Hash): C30BBDFA0C87E1F85D5C5F67315914305B88EA3B -- SPKI (SHA-256 Hash): 6C3148A661509D57D73F18C7E644A6573C55ED215C9F28AFA849B059948F1775 - -##### RelayHealth Direct CA -- Serial #: 0A1EC50E115F965EECCFFE5246BE3563 -- Not Before: 4/4/2014 -- Not After: 4/4/2024 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: 58E321F302914D72C610BE5E29F5F8724D7921F0 -- Thumbprint (SHA-1 Hash): A0B3E7213BC44939788EEC7647EC18D45EBBA335 -- SPKI (SHA-256 Hash): F2BFD6BC69CD63088991ABA3AA4A7DC3C0B1FF2743B5F1960FEBB82FF6550545 - -##### Rochester RHIO Intermediate CA -- Serial #: 0B8C2A7EF1543A0E64C54FE60F0A7FB6 -- Not Before: 10/21/2014 -- Not After: 10/21/2024 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: 39979F30AABA80BECD81463F31EBD49FA936DAD1 -- Thumbprint (SHA-1 Hash): 36197F60193DC00077E84AEB27DCAB5F835A2E61 -- SPKI (SHA-256 Hash): 390ED57A8EC33CD534AD7B98E32D52CC5C8A46B65CE13D12F2B5B0AEA6CA3D54 - -##### SCHIEx Direct CA -- Serial #: 05E21F7FE97524F25B84EFC29188FEB8 -- Not Before: 6/7/2016 -- Not After: 6/7/2026 -- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 -- SKI: CEE902347DAA0638416D04D5CFBAF2F03AA4435C -- Thumbprint (SHA-1 Hash): 0ECD0F4D9AB83326E91DC4CEC99C6FEFABDD3CCC -- SPKI (SHA-256 Hash): 9493051083E71E3404D462B36C4E89CEC4A397FFCDFCD10504316A3AD36C9E32 - -#### CA Certificates _Issued By_ DigiCert Federated Trust CA-1 - -##### MIDIGATE CA -- Serial #: 0C436FDCE81703C46951EB97CF926806 -- Not Before: 11/6/2017 -- Not After: 1/13/2023 -- AKI: 6BD202D3D1A9638B394B45319A8F0CBE29E6012B -- SKI: 240E400C2ED027DC1F2997EB1E9B2AC6D8E9A0C5 -- Thumbprint (SHA-1 Hash): FB597F2604CB7EEC8953935E2EF527CB83B67ECA -- SPKI (SHA-256 Hash): 0F88A7105EBE623CAD76D22E7A0A4229A7BB43714ED06BB798D781500E9ABE07 - -##### Trinity Health Direct CA -- Serial #: 05511821092EC4F77D4836AF31BB170F -- Not Before: 8/24/2017 -- Not After: 1/13/2023 -- AKI: 6BD202D3D1A9638B394B45319A8F0CBE29E6012B -- SKI: A5C2E43A16B419C3E1FABC3E7EC758C353798BC1 -- Thumbprint (SHA-1 Hash): 91C374480ABA3BB9B46C8A870F95E0CA98CF0C70 -- SPKI (SHA-256 Hash): 5B7AAE96A364A9DEE4E69BD81A910B5E4AD11A0ACB153EB033657CF9C88179B5 - -#### CA Certificates _Issued By_ Orion Health Direct Secure Messaging CA - -##### Alaska eHealth Network CA -- Serial #: 07A42C0E8D2725E05DF2A012B520D378 -- Not Before: 10/22/2013 -- Not After: 10/22/2023 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: 3FC54CA205FF8E1C0EF1F6E9C36F05FC71CF2977 -- Thumbprint (SHA-1 Hash): 41C64D922958E527051246C6D26FB0A1C392A6EB -- SPKI (SHA-256 Hash): 75F904F9B4876E6AE3441C24ACC1F93D0C1A210928B3F0267F010925760E21AD - -##### Cal INDEX CA -- Serial #: 04E99C3BEA35EBC9C93115BB5873F769 -- Not Before: 7/12/2016 -- Not After: 7/12/2026 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: 8A713030C19507E7331887D1175656487894E608 -- Thumbprint (SHA-1 Hash): C7E2D4CEC6F65653956E4116D896691A18A13FCB -- SPKI (SHA-256 Hash): F46B700EC8CCB400E860EC1BD517C9AEC697DDB25B4516478644004CD204260B - -##### Catholic Health Initiatives CA -- Serial #: 5737EBA16AEBC582D962F2EA938CC59 -- Not Before: 8/19/2014 -- Not After: 8/19/2024 -- AKI: 0A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: 66D2726A1C675A9520BB6321E1D8E54C545242A2 -- Thumbprint (SHA-1 Hash): F32A0706A0632E565D79F317141619FF2D314562 -- SPKI (SHA-256 Hash): 7868086FD31FF11D876E7344CB545DC56716DB3C9C626A599A5DF7BFC214EB46 - -##### Greenville Health System CA -- Serial #: 039C60B26637C6B8E9B63B5A9EC588AA -- Not Before: 3/5/2014 -- Not After: 3/5/2024 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: E0ADB796C1268C12FC470B8A85779EBFE1525C31 -- Thumbprint (SHA-1 Hash): AA1FF6AE9B3B3F437A887B806CEF53689FD70CBD -- SPKI (SHA-256 Hash): C8FB8CC2924C78C2DAE2912AD02F052FFBA0A54EFFC77663FF97E63821ED4612 - -##### Highmark Tapestry HIE CA -- Serial #: 0B7D4F1EA2A013A2A1BE3AB00CD0407D -- Not Before: 8/19/2014 -- Not After: 8/19/2024 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: BEB1DC3128BCB53142C45CCB287A3A3BBFEFFFBA -- Thumbprint (SHA-1 Hash): E1CAD6EC91D6D1CFB2777AB023BEA496C2E2EDBE -- SPKI (SHA-256 Hash): B6F3758082B347CEAA3D2436030AEABA098E8BA1ADAC8A681E499EEEC7A6F756 - -##### Huntsville Hospital System CA -- Serial #: 0F0CCD49BA7A570FB90C8108BF1693A2 -- Not Before: 3/5/2014 -- Not After: 3/5/2024 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: E86E22CAF499502F44F4D42D62E76C5975DCFA19 -- Thumbprint (SHA-1 Hash): B75219D4843296613B6369AFC628078CBC69DCFA -- SPKI (SHA-256 Hash): E236742BE61F26AA1C35AE90DCEA25B920CD9128EAD32B69BC0B6B0E04EA2EE4 - -##### Inland Empire Health Information Exchange -- Serial #: 0F6D2AE4D2580E0CA9EB1D4E1EAD131D -- Not Before: 1/8/2014 -- Not After: 1/8/2024 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: 0C95F04752DB4BA4EBE747D289B65CD1AF3A3010 -- Thumbprint (SHA-1 Hash): C68C49E448435DC6BD352A0CD05B157CD1D1E29C -- SPKI (SHA-256 Hash): ABA80268F12EEA1037FBBF18A8253DED14316A7BFE84C2269802A8BBFE52DE09 - -##### Jax HR Saint Vincents HIE CA -- Serial #: 0C03AE8086FBACDDDD35ADF818F0979C -- Not Before: 2/16/2015 -- Not After: 2/16/2025 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: 0E7E0E62F9F8B72F4FC6F4783EAC87D21790CE00 -- Thumbprint (SHA-1 Hash): EFABA80CF00268CE78B5F21C11CF3494FED2751C -- SPKI (SHA-256 Hash): ED367E66155FD54C27842FAC81802DDB3839FC4E8569880592D6AE25BA9A7C74 - -##### KeystoneHIE KeyHIE CA -- Serial #: 02A537BC58D09EB0714B9004340C9504 -- Not Before: 8/19/2014 -- Not After: 8/19/2024 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: 976E49AA98A72FDABBA276C51EF206073DC70C22 -- Thumbprint (SHA-1 Hash): 62247623C912B6286AC3EFB0EA2E649720EAB7DE -- SPKI (SHA-256 Hash): 06A14E63979CE1F42AED287C6E5BCFF6C5FF987B4CCEA622BC8E5A45B8FA2CC7 - -##### Louisiana Health Care Quality Forum CA -- Serial #: 0491751063891838340AD681034CF86A -- Not Before: 10/22/2013 -- Not After: 10/22/2023 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: FB88E1E7C123C6EB6B11D3F224D42F11962DDC9C -- Thumbprint (SHA-1 Hash): 9DB9E8FD19740D423B20E047FEDE8FCA03D6D599 -- SPKI (SHA-256 Hash): D2815EE9A325C079F3396BC9E8F24E5B5B194CC5E0CF2635FF48B39F07FC7E33 - -##### Mary Washington Healthcare CA -- Serial #: 0A3511BA0C581298F96CF119505F3FC3 -- Not Before: 3/5/2014 -- Not After: 3/5/2024 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: 302AF2922B485D0073E901735832EC0DC331D2FF -- Thumbprint (SHA-1 Hash): F2E05E1647BB5948040127E8E5515A38B24D0434 -- SPKI (SHA-256 Hash): DDF659CACDE9095019CC622F16308DF6A3D301AFC767170716F1255DA2F4A04A - -##### Mass HIway CA -- Serial #: 05A42A2A54A348EF8B10AAFCFDEDBB73 -- Not Before: 9/25/2015 -- Not After: 9/25/2025 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: 41F486F29C43C5AA9C525A7A3C7EF18431BC61BA -- Thumbprint (SHA-1 Hash): 7B3CE1AA5B8CB71DD8E7609AC7D144760C93CF84 -- SPKI (SHA-256 Hash): 3D5116D3A253451C0CB0D17D3FA3AAD1E3D07C1EFE79AA90B73AA369465BAB76 - -##### Mississippi Division of Medicaid CA -- Serial #: 07B268D3565D4EA118524BFE1A3088DD -- Not Before: 1/8/2014 -- Not After: 1/8/2024 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: B476B692CF0AF437BA2617FABF2011985A819271 -- Thumbprint (SHA-1 Hash): 03A88451EB50024EE1665F181BF511A623C724F3 -- SPKI (SHA-256 Hash): 4121DBF41295B77B1B6D97296EC621CDAEF8456618AC2C96D934623AE4589B6E - -##### New Hampshire Health Information Organization CA -- Serial #: 0FC78FF0B25CE0F20630C639C5A08C5F -- Not Before: 10/22/2013 -- Not After: 10/22/2023 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: 13CAA050FEDEAE9E4FDCAA61FDDC813C4BD7D695 -- Thumbprint (SHA-1 Hash): 6E2EF1187693A1C09E92DD083735BC7F39B3551E -- SPKI (SHA-256 Hash): 15C69004AA0A3A876AE0B322485114CC225AD1D1482D9EADC6EC62BD4210580E - -##### New Mexico Health Information Collaborative CA -- Serial #: 057E0CDCDDB211396AB5242B1839CC0E -- Not Before: 9/26/2014 -- Not After: 9/26/2024 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: A331DD14B60608534B60294205572C40E1218C9E -- Thumbprint (SHA-1 Hash): 71440E4192C9C5F916D1BAC809C09E52C77A9661 -- SPKI (SHA-256 Hash): D66EBFC9869A49975D37670D8E3D156B0691887A52EB80F3C2D869AD6923760F - -##### North Carolina Health Information Exchange CA -- Serial #: 066B4604152D707EE44DD584B4EE81C4 -- Not Before: 3/5/2014 -- Not After: 3/5/2024 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: 0F16204B5D1DA1D4E50421288478FC6A472D11F3 -- Thumbprint (SHA-1 Hash): FF1414C895D1BC1EDC866BA333D2942B46EDCBCC -- SPKI (SHA-256 Hash): B0A3302C22C10B9B713448CBE47B10489D40965B078ECADC19E7269D405D27FF - -##### North Dakota Information Technology Department CA -- Serial #: 04357DD28DE9370678C5094E9940E821 -- Not Before: 1/10/2014 -- Not After: 1/10/2024 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: 95C5DFF9172828E13FF267EAD9113D43381C4BE1 -- Thumbprint (SHA-1 Hash): A295DF1D857F219D96A9EAAA8CB4DE725B634D63 -- SPKI (SHA-256 Hash): 7BA409DEE6B1B5D74AAE9C311A17432226D8F8BC02BC4690540F927B07031EEC - -##### Oklahoma State Department of Health CA -- Serial #: 04793AAA351A61AE7F2756A5E524B014 -- Not Before: 2/16/2015 -- Not After: 2/16/2025 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: 0972F7657FC66F353FB4CF13823895BE1D80A986 -- Thumbprint (SHA-1 Hash): E1245959AF582F9AF0B101198CD85C97970765F9 -- SPKI (SHA-256 Hash): C50453968E8DF547E854C8E99C9199B6926BD3A2DD0C1A56A58FBC1027693A49 - -##### Optioncare CA -- Serial #: 074F2D04ADEBFC19884F420FFF9DF2CF -- Not Before: 3/1/2016 -- Not After: 3/1/2026 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: AD758EFBA5158B51565195450D1A714BEC4F3E63 -- Thumbprint (SHA-1 Hash): A776F75611B2A7B548573DC29994F142DD363882 -- SPKI (SHA-256 Hash): D5CA301C0A1FF6A5E18A2B4537BAE2047AE6E757D432D82EADB40EB765DD4128 - -##### Orion Health Direct Secure Messaging Public HISP CA -- Serial #: 06406F00285529404B11F92A78E67DA9 -- Not Before: 10/22/2013 -- Not After: 10/22/2023 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: FBC2F9B415959A384D5574A0DFBD873BD5783D38 -- Thumbprint (SHA-1 Hash): DCDC844A0B183107A172802BF2489173A914B0C9 -- SPKI (SHA-256 Hash): FC3903663F33AABAADB3B9E047CBDE625DD02D088275A16F23B8F7A2F2C92E34 - -##### Rush Health CA -- Serial #: 04B43B1C31EAB7E37BEB31F0CC3DBADD -- Not Before: 4/23/2014 -- Not After: 4/23/2024 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: BE66CD9A79849F1B023EDB3D1AD08F32164996E0 -- Thumbprint (SHA-1 Hash): EC5C1E327D71840FD108557031AEAB63E762A207 -- SPKI (SHA-256 Hash): 1F89679357E72BC42B1B977022EA54CE733ABE3D5268C8077B7B9781D48727EA - -##### Sutter Health CA -- Serial #: 0C59E5800EE065EA52B5581A65775CC6 -- Not Before: 10/21/2014 -- Not After: 10/21/2024 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: DF2B01740E9469FA8F055F48EA1D986BACAEE5FC -- Thumbprint (SHA-1 Hash): 6887CAE99ECD54FEC484A90294C45973FBC12A08 -- SPKI (SHA-256 Hash): E6D7D13A3FAB0C1123CFAFBEE3AE1621790AC39E5D86AAB33EC72FDE60528A93 - -##### The Koble Group CA -- Serial #: 01BC6B791447CDA90A8A14E8204957FD -- Not Before: 6/21/2016 -- Not After: 6/21/2026 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: CF604AC6EDBDC504D9C96A179A34FCD3F9D4DE79 -- Thumbprint (SHA-1 Hash): 4D540D6E7BC3867D81178F98C5F21991247C2FBB -- SPKI (SHA-256 Hash): F9BC6EFB2686D571B863BA7558B4CC37D55F90A384A419FF06CBBBB49B22D94E - -##### Western Connecticut Health Network CA -- Serial #: 07295D1F92953D6776E2146E93A58957 -- Not Before: 3/5/2014 -- Not After: 3/5/2024 -- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E -- SKI: 5B4B77AF749FD4F36146FE93C5AF8151A118075B -- Thumbprint (SHA-1 Hash): 948D1DAF1D124ACE83F6826192036EDC35C4D005 -- SPKI (SHA-256 Hash): 22AE4FFC23AEE5E6369025594C915F20B453E45EB058E2EC54CD7DD8AE6C0F5E - - - diff --git a/_implement/announcements/06_digicert_ca_decommissioning.md b/_implement/announcements/06_digicert_ca_decommissioning.md deleted file mode 100644 index 8a1b0a2ce..000000000 --- a/_implement/announcements/06_digicert_ca_decommissioning.md +++ /dev/null @@ -1,36 +0,0 @@ ---- -layout: page -title: DigiCert CA Decommissioning -pubDate: 04/01/2019 -archiveDate: 03/20/2020 -removeDate: 03/02/2022 -# collection: implement -category: Decommission -#permalink: /fpki/announcements/2019digicert/ -description: Information related to the DigiCert CAs affected by this change. -#sidenav: implement -sticky_sidenav: true -category: Removed - ---- - -DigiCert is planning on decommissioning several certification authorities (CAs) from the Federal PKI. These CAs are no longer active or required, and there is no expected impact from these changes. - -Remaining active certificates issued from any of the CAs listed in the table below will be revoked. Each CA planned for decommissioning will issue a long-lived CRL, and then have its signing CA certificate revoked by the Symantec Class 3 SSP Intermediate CA - G3 CA. - -The following CAs are planned for revocation and decommissioning: - -| Certificate Serial Number | Subject | Issuer | -|---------------------------|---------|--------| -| 0f76b14f6e3c3f3d78cc7cabf1e9d1f2 | CSC CA - 2 | Symantec Class 3 SSP Intermediate CA - G3 | -| 22058f804d89edd93122c840987ac7ab | CSRA FBCA C4 Device CA | Symantec Class 3 SSP Intermediate CA - G3 | -| 2aaa084cce8d13dc0b3b05b34e325922 | CSRA FBCA C4 CA | Symantec Class 3 SSP Intermediate CA - G3 | -| 45aabdffdae1621d52b260daf7ef3bd7 | CSRA FBCA C3 Device CA | Symantec Class 3 SSP Intermediate CA - G3 | -| 48b53c25944e6ed645339ecf1079fd37 | CSRA FBCA C3 CA | Symantec Class 3 SSP Intermediate CA - G3 | -| 75c13dbed31093353c73618effdabe6e | SureID Inc. CA2 | Symantec Class 3 SSP Intermediate CA - G3 | -| 4ff47dfa24d3aa3633dd4e55de80f870 | SureID Inc. Device CA1 | Symantec Class 3 SSP Intermediate CA - G3 | -| 7bc54c654c3a41d738d48ac17ab603af | Eid Passport LRA Content Signer CA 3 | Symantec Class 3 SSP Intermediate CA - G3 | -| 404d442e9c097771209218ac534936c3 | Eid Passport LRA Device 2 CA | Symantec Class 3 SSP Intermediate CA - G3 | - -## Who Can I Contact for Help or More Information? -Email us at fpki@gsa.gov. diff --git a/_implement/announcements/07_fpki-repository-migration.md b/_implement/announcements/07_fpki-repository-migration.md deleted file mode 100644 index 91d7e5b31..000000000 --- a/_implement/announcements/07_fpki-repository-migration.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -layout: page -title: Upcoming Migration of Federal PKI Certificate Repository Services -pubDate: 04/01/2019 -archiveDate: 03/30/2020 -removeDate: 03/30/2022 -# collection: implement -category: Migration -#permalink: /fpki/announcements/2019fpkimigration/ -description: Information related to the upcoming migration. -# sidenav: implement -sticky_sidenav: true -category: Removed - -# subnav: -# - text: What Will Be Impacted? -# href: '#what-will-be-impacted' -# - text: When Will This Change Take Place? -# href: '#when-will-this-change-take-place' -# - text: What Should I Do? -# href: '#what-should-i-do' -# - text: Who Can I Contact for Help or More Information? -# href: '#who-can-i-contact-for-help-or-more-information' - ---- - -{% include alert-info.html content="Upcoming changes to the hosting of Federal Public Key Infrastructure Certification Authority (CA) data repositories could impact your agency." %} - -On April 22, 2019, the Federal Public Key Infrastructure Management Authority will migrate the hosting of HyperText Transfer Protocol (HTTP) repository services to a cloud-based solution. Existing Federal PKI CA certificate Uniform Resource Locators (URLs) **will not** change as a result of this migration. - -## What Will Be Impacted? - -This change will affect the hosting of certificate revocation lists, CA certificates, and certificate bundles for the following Federal PKI CAs: -- Federal Bridge CA 2016 -- Federal Common Policy CA -- SHA1 Federal Root CA -- Some Test CAs operating for the FPKI Community Interoperability Test Environment (CITE) - -## When Will This Change Take Place? -The migration will take place on April 22, 2019. - -## What Should I Do? -This change will be transparent to Relying Parties, and should not require any agency action. - -The FPKI Community Interoperability Test Environment HTTP repository [http://http.cite.fpki-lab.gov](http://http.cite.fpki-lab.gov){:class="usa-link usa-link--external"} has used the new service since June 2018 with no reported issues. - -A new base URL is available for anyone who would like to test the planned repository service update before the April 22, 2019 migration. For example, to download a copy of the Federal Common Policy CA certificate using the cloud-based hosting solution, navigate to [http://cdn.http.fpki.gov/fcpca/fcpca.crt](http://cdn.http.fpki.gov/fcpca/fcpca.crt){:class="usa-link usa-link--external"}. - -Contact fpki-help@gsa.gov with the subject “CDN Test Issue” if you'd like to learn more about testing or if you have any issues. - -## Who Can I Contact for Help or More Information? -Email us at fpki-help@gsa.gov. diff --git a/_implement/announcements/08_commong2.md b/_implement/announcements/08_commong2.md deleted file mode 100644 index b6cb343ef..000000000 --- a/_implement/announcements/08_commong2.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -layout: page -title: Federal Common Policy CA Update -date: 10/12/2020 -removeDate: 10/11/2023 -# collection: implement -# permalink: /implement/announcements/common-g2-update/ -description: Details on the Federal Common Policy CA G2 timeline and actions agencies need to perform. -category: Active -sticky_sidenav: true -# sidenav: fpkiannouncements - -# subnav: -# - text: What Will Be Impacted? -# href: '#what-will-be-impacted' -# - text: When Will This Change Take Place? -# href: '#when-will-this-change-take-place' -# - text: What Should I Do? -# href: '#what-should-i-do' -# - text: Who Can I Contact for Help or More Information? -# href: '#who-can-i-contact-for-help-or-more-information' ---- - -{% include alert-info.html content="Upcoming changes to the Federal Common Policy Certification Authority (CA) will impact your agency. This announcement will be updated as more information is available." %} - -In **October 2020**, the Federal Government created a new Federal Public Key Infrastructure (FPKI) Root Certification Authority (CA). The new root is named the **Federal Common Policy CA G2**. - -Between December 2020 and June 2021, the CAs signed by the old root will be migrated to be signed by this new root: Federal Common Policy CA G2. Once the migration is complete, the old root will be decommissioned. - -## What Will Be Impacted? - -**This change will affect all federal agencies** and will have an impact on the following services: - -- Personal Identity Verification (PIV) credential authentication to the government networks -- Agency web applications implementing client authentication (e.g., PIV authentication) -- User digital signatures that leverage PIV or similar credentials -- Other applications leveraging the Federal Common Policy CA as a root - -## When Will This Change Take Place? -Tentative time-line: -- **October 14, 2020**: The Federal PKI Management Authority (FPKIMA) created the new Federal Common Policy CA G2 root -- **October 15, 2020**: The FPKIMA team issued a cross certificate from the Federal Common Policy CA G2 to the Federal Bridge CA G4 -- **November 18, 2020**: The FPKIMA team will issue CA certificates to migrate agency and shared service providers CAs to the new root: Federal Common Policy CA G2 -- **December 2020 to June 2021**: All agencies will need to transition from using the old Federal Common Policy CA as the root to the new Federal Common Policy CA G2 *(approximately six months)* -- **June 2021**: The FPKIMA team will decommission the old Federal Common Policy CA - -## What Should I Do? - -{% include alert-info.html content="We are collaborating with CISA on a series of webinars to communicate the upcoming changes and answer your questions. Email fpkirootupdate@gsa.gov to be notified of future events." %} - -To prevent issues, agencies **must** distribute the Federal Common Policy CA G2 root certificate as a trusted Root Certification Authority to workstations and servers. - -To prepare for the Federal Common Policy CA update, read our guide [here]({{ site.baseurl }}/implement/announcements/02_microsoft_constraint/). - -## Who Can I Contact for Help or More Information? -Email us at fpkirootupdate@gsa.gov. diff --git a/_implement/announcements/09_test_tools.md b/_implement/announcements/09_test_tools.md deleted file mode 100644 index 23e21f7df..000000000 --- a/_implement/announcements/09_test_tools.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -layout: page -title: New Test Tools Available -pubDate: 05/18/2021 -removeDate: 05/18/2024 -# collection: implement -# permalink: /implement/announcements/test-tools/ -description: Release announcement for the Card Conformance Tool (CCT) and Certificate Profile Conformance Tool (CPCT). -category: Active -sticky_sidenav: true -# sidenav: fpkiannouncements - ---- - -GSA has created two tools to streamline Federal PKI Annual Review testing with remote evaluation capabilities. - -- [**Card Conformance Tool (CCT)**](https://github.com/GSA/piv-conformance/releases) - a GSA managed Java tool which validates that Personal Identity Verification (PIV) and PIV-Interoperable (PIV-I) smart cards are compliant with key standards. -- [**Certificate Profile Conformance Tool (CPCT)**](https://github.com/GSA/cpct-tool/releases/) - a web site application that analyzes certificates for conformance to a specific Federal PKI profile document version and certificate profile. - -The tools enable entity representatives to perform testing directly, with results verified by the GSA FIPS 201 Evaluation Program support team. Benefits include: -- Preemptive identification of possible issues during development and maintenance, and -- Reduction in travel and related resource time costs. - -For more information, see the following web sites: -- Card Conformance Tool - - Latest release: [https://github.com/GSA/piv-conformance/releases](https://github.com/GSA/piv-conformance/releases){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} - - Support page: [https://github.com/GSA/piv-conformance/wiki](https://github.com/GSA/piv-conformance/wiki){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} - -- Certificate Profile Conformance Tool - - Latest release: [https://github.com/GSA/cpct-tool/releases](https://github.com/GSA/cpct-tool/releases){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} - - Support page: [https://github.com/GSA/cpct-tool/wiki](https://github.com/GSA/cpct-tool/wiki){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} - -## Who can I contact for help or more information? -Email us at fpki@gsa.gov. From 7c67a7348db9d476fe86b5ca849b58e6d74d9613 Mon Sep 17 00:00:00 2001 From: Clayton J Barnette Date: Mon, 30 Oct 2023 13:24:57 -0400 Subject: [PATCH 06/16] Removed 3 yrs+ from list --- _includes/meta.html | 3 -- sitemap.xml | 119 -------------------------------------------- 2 files changed, 122 deletions(-) delete mode 100644 sitemap.xml diff --git a/_includes/meta.html b/_includes/meta.html index b7dda1550..d2ce049a3 100644 --- a/_includes/meta.html +++ b/_includes/meta.html @@ -76,9 +76,6 @@ - - - diff --git a/sitemap.xml b/sitemap.xml deleted file mode 100644 index b15f6a646..000000000 --- a/sitemap.xml +++ /dev/null @@ -1,119 +0,0 @@ ---- -# File: sitemap.xml for IDManagement.gov -# Note: each collection added to the site should be added here also -# Date: 1026/2023 -# -layout: ---- - - - - - - {% for docs in site.arch %} - - {{ site.url }}{{ docs.permalink }} - weekly - 1.0 - - {% for sub in docs.subnav %} - - {{ site.url }}{{docs.permalink}}{{ sub.href }} - weekly - 1.0 - - {% endfor %} - {% endfor %} - - - {% for docs in site.ficampmo %} - - {{ site.url }}{{ docs.permalink }} - weekly - 1.0 - - {% for sub in docs.subnav %} - - {{ site.url }}{{docs.permalink}}{{ sub.href }} - weekly - 1.0 - - {% endfor %} - {% endfor %} - - - {% for docs in site.implement %} - - {{ site.url }}{{ docs.permalink }} - weekly - 1.0 - - {% for sub in docs.subnav %} - - {{ site.url }}{{docs.permalink}}{{ sub.href }} - weekly - 1.0 - - {% endfor %} - {% endfor %} - - - {% for docs in site.partners %} - - {{ site.url }}{{ docs.permalink }} - weekly - 1.0 - - {% for sub in docs.subnav %} - - {{ site.url }}{{docs.permalink}}{{ sub.href }} - weekly - 1.0 - - {% endfor %} - {% endfor %} - - - {% for docs in site.playbooks %} - - {{ site.url }}{{ docs.permalink }} - weekly - 1.0 - - {% for sub in docs.subnav %} - - {{ site.url }}{{docs.permalink}}{{ sub.href }} - weekly - 1.0 - - {% endfor %} - {% endfor %} - - - {% for docs in site.university %} - - {{ site.url }}{{ docs.permalink }} - weekly - 1.0 - - {% for sub in docs.subnav %} - - {{ site.url }}{{docs.permalink}}{{ sub.href }} - weekly - 1.0 - - {% endfor %} - {% endfor %} - - - {% for page in site.pages %} - {% if page.url contains '.xml' or page.url contains 'assets' %}{% else %} - - {{ site.url }}{{ page.url }} - monthly - 1.0 - - {% endif %} - {% endfor %} - - \ No newline at end of file From 3e13aa64d043824dafd62ac12ce2194bd2ffe157 Mon Sep 17 00:00:00 2001 From: Clayton J Barnette Date: Mon, 30 Oct 2023 13:40:18 -0400 Subject: [PATCH 07/16] Added sitemap.xml --- _includes/meta.html | 12 +++-- sitemap.xml | 119 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 127 insertions(+), 4 deletions(-) create mode 100644 sitemap.xml diff --git a/_includes/meta.html b/_includes/meta.html index 489502293..364423d68 100644 --- a/_includes/meta.html +++ b/_includes/meta.html @@ -59,7 +59,7 @@ ================================================== --> - + @@ -76,7 +76,11 @@ - - - + + + + + + + diff --git a/sitemap.xml b/sitemap.xml new file mode 100644 index 000000000..d61305116 --- /dev/null +++ b/sitemap.xml @@ -0,0 +1,119 @@ +--- +# File: sitemap.xml for IDManagement.gov +# Note: Collection-based: Each collection added to the site should be added here also +# Date: 1026/2023 +# +layout: +--- + + + + + + {% for docs in site.arch %} + + {{ site.url }}{{ docs.permalink }} + weekly + 1.0 + + {% for sub in docs.subnav %} + + {{ site.url }}{{docs.permalink}}{{ sub.href }} + weekly + 1.0 + + {% endfor %} + {% endfor %} + + + {% for docs in site.ficampmo %} + + {{ site.url }}{{ docs.permalink }} + weekly + 1.0 + + {% for sub in docs.subnav %} + + {{ site.url }}{{docs.permalink}}{{ sub.href }} + weekly + 1.0 + + {% endfor %} + {% endfor %} + + + {% for docs in site.implement %} + + {{ site.url }}{{ docs.permalink }} + weekly + 1.0 + + {% for sub in docs.subnav %} + + {{ site.url }}{{docs.permalink}}{{ sub.href }} + weekly + 1.0 + + {% endfor %} + {% endfor %} + + + {% for docs in site.partners %} + + {{ site.url }}{{ docs.permalink }} + weekly + 1.0 + + {% for sub in docs.subnav %} + + {{ site.url }}{{docs.permalink}}{{ sub.href }} + weekly + 1.0 + + {% endfor %} + {% endfor %} + + + {% for docs in site.playbooks %} + + {{ site.url }}{{ docs.permalink }} + weekly + 1.0 + + {% for sub in docs.subnav %} + + {{ site.url }}{{docs.permalink}}{{ sub.href }} + weekly + 1.0 + + {% endfor %} + {% endfor %} + + + {% for docs in site.university %} + + {{ site.url }}{{ docs.permalink }} + weekly + 1.0 + + {% for sub in docs.subnav %} + + {{ site.url }}{{docs.permalink}}{{ sub.href }} + weekly + 1.0 + + {% endfor %} + {% endfor %} + + + {% for page in site.pages %} + {% if page.url contains '.xml' or page.url contains 'assets' %}{% else %} + + {{ site.url }}{{ page.url }} + monthly + 1.0 + + {% endif %} + {% endfor %} + + \ No newline at end of file From 93b50c7649fefa289acd4468de943608866b8c99 Mon Sep 17 00:00:00 2001 From: py-crawler Date: Mon, 30 Oct 2023 18:40:01 +0000 Subject: [PATCH 08/16] automatic crawler update --- _implement/fpki_notifications.md | 2 +- ...catesValidatingToFederalCommonPolicyG2.p7b | 2558 ++++++++--------- _implement/tools/crawler-lastrun.json | 77 +- _implement/tools/fpki-certs.gexf | 4 +- 4 files changed, 1284 insertions(+), 1357 deletions(-) diff --git a/_implement/fpki_notifications.md b/_implement/fpki_notifications.md index 9ffe73c4c..4a631ead8 100644 --- a/_implement/fpki_notifications.md +++ b/_implement/fpki_notifications.md @@ -74,7 +74,7 @@ These announcements and hot topics concern Federal Public Key Infrastructure cha -**Last Update**: October 27, 2023 +**Last Update**: October 30, 2023 {% include graph.html %} diff --git a/_implement/tools/CACertificatesValidatingToFederalCommonPolicyG2.p7b b/_implement/tools/CACertificatesValidatingToFederalCommonPolicyG2.p7b index 146cfc3f9..8df53a77b 100644 --- a/_implement/tools/CACertificatesValidatingToFederalCommonPolicyG2.p7b +++ b/_implement/tools/CACertificatesValidatingToFederalCommonPolicyG2.p7b @@ -1,6 +1,6 @@ -----BEGIN PKCS7----- -MIMDu0UGCSqGSIb3DQEHAqCDA7s1MIMDuzACAQExADAPBgkqhkiG9w0BBwGgAgQA -oIMDuxMwggSPMIIDd6ADAgECAgIDAzANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQG +MIMDs6YGCSqGSIb3DQEHAqCDA7OWMIMDs5ECAQExADAPBgkqhkiG9w0BBwGgAgQA +oIMDs3QwggSPMIIDd6ADAgECAgIDAzANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQG EwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAK BgNVBAsTA1BLSTEWMBQGA1UEAxMNRG9EIFJvb3QgQ0EgMzAeFw0xOTA0MDIxMzM0 NDlaFw0yNTA0MDIxMzM0NDlaMFoxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMu @@ -3773,1034 +3773,1208 @@ Pjwf3sJZ9XKLXDvQoLNqdTMmcrwDtmb1ok/ygSLWTPqxNY2XeYLSRhqmZmGjTEu+ 2yClvOf/ckMHnZHebXjVH6RfvjRxPLiKjfMhZMTmsZfeQB22dQDUTANGCYxA+U2p O1pecN37qjuVAO9YExe1BF7Be0nktG2oR7uzcs7UIMErEvJ8xSXlhePCrYC9sU3u bc3axuauYMdf5TqPN6mq3+UYnUCLzew3m61p4/k4bwGlH3f3GAYDS5KcVxGs9mmG -YNDc1SvPOEqfdTCCB5swggaDoAMCAQICFBeMc1f66UGyokLw0hn9D+8VYHh+MA0G +YNDc1SvPOEqfdTCCB7wwggakoAMCAQICFBf6EuabcEf+CfXkZc79PU5itJnJMA0G CSqGSIb3DQEBCwUAMFUxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy bm1lbnQxDTALBgNVBAsTBEZQS0kxHTAbBgNVBAMTFEZlZGVyYWwgQnJpZGdlIENB -IEc0MB4XDTIwMTAyOTEzMjgwMVoXDTIzMTAyOTEzMjgwMVowcjELMAkGA1UEBhMC -VVMxEDAOBgNVBAoTB0VudHJ1c3QxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0 -aG9yaXRpZXMxLTArBgNVBAsTJEVudHJ1c3QgTWFuYWdlZCBTZXJ2aWNlcyBORkkg -Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL8fW2c5Y1H3 -DBZcF5uwko+I1N9643gEq3PYUU/AtMzRBJ1PFiipWRNyLYPoVaPYr6GUDsrlTyvQ -7LJD5uDOFPxWtGggqcDGFPC8u0MBUvqTvjCMBuGwI55vrjfeW4mZfsoGo+qX3qHb -CRmif/PywciYTnYhArPtM9tZ/9Nyaunpgrk0zKS0G7dgU+aaqW+BQKy8ss6t1qbc -D5HV5laf6nlTXJ0JrMCbUmuUbhNfCp9e+TwS4LtqjPRL5D/pnUkzURyl2F6/53yZ -0M51SJy9hxEnTYHd4QmJp3yR2fDEVI7Ug/6RBgyPSjlnWbuDPDArD+G2yzTs6tmc -1OSDvWYvVUkCAwEAAaOCBEQwggRAMB0GA1UdDgQWBBT63yMBxKrsI+Otbw00pQ3P -OWRlXjAfBgNVHSMEGDAWgBR58ABJ6393wl1BAmU0ipAjmx4HbzAOBgNVHQ8BAf8E -BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zCBpQYDVR0gBIGdMIGaMAwGCmCGSAFlAwIB -AwEwDAYKYIZIAWUDAgEDAjAMBgpghkgBZQMCAQMDMAwGCmCGSAFlAwIBAwwwDAYK -YIZIAWUDAgEDDjAMBgpghkgBZQMCAQMPMAwGCmCGSAFlAwIBAxIwDAYKYIZIAWUD -AgEDEzAMBgpghkgBZQMCAQMUMAwGCmCGSAFlAwIBAyUwDAYKYIZIAWUDAgEDJjCC -AWkGA1UdIQSCAWAwggFcMBsGCmCGSAFlAwIBAwEGDWCGSAGG+muBSAMKBwgwGwYK -YIZIAWUDAgEDAgYNYIZIAYb6a4FIAwoHBzAbBgpghkgBZQMCAQMDBg1ghkgBhvpr -gUgDCgcBMBsGCmCGSAFlAwIBAw4GDWCGSAGG+muBSAMKBw4wGwYKYIZIAWUDAgED -DAYNYIZIAYb6a4FIAwoHAjAbBgpghkgBZQMCAQMMBg1ghkgBhvprgUgDCgcEMBsG -CmCGSAFlAwIBAw8GDWCGSAGG+muBSAMKBw8wGwYKYIZIAWUDAgEDEgYNYIZIAYb6 -a4FIAwoHBjAbBgpghkgBZQMCAQMTBg1ghkgBhvprgUgDCgcNMBsGCmCGSAFlAwIB -AxQGDWCGSAGG+muBSAMKBwkwGwYKYIZIAWUDAgEDJQYNYIZIAYb6a4FIAwoHAzAb -BgpghkgBZQMCAQMmBg1ghkgBhvprgUgDCgcQMIIBFwYIKwYBBQUHAQsEggEJMIIB -BTBSBggrBgEFBQcwBYZGaHR0cDovL25maXJvb3R3ZWIubWFuYWdlZC5lbnRydXN0 -LmNvbS9TSUEvQ0FjZXJ0c0lzc3VlZEJ5TkZJUm9vdENBLnA3YzCBrgYIKwYBBQUH -MAWGgaFsZGFwOi8vbmZpcm9vdGRpci5tYW5hZ2VkLmVudHJ1c3QuY29tL291PUVu -dHJ1c3QlMjBNYW5hZ2VkJTIwU2VydmljZXMlMjBORkklMjBSb290JTIwQ0Esb3U9 -Q2VydGlmaWNhdGlvbiUyMEF1dGhvcml0aWVzLG89RW50cnVzdCxjPVVTP2Nyb3Nz -Q2VydGlmaWNhdGVQYWlyO2JpbmFyeTASBgNVHSQBAf8ECDAGgAEAgQEAMA0GA1Ud -NgEB/wQDAgEAMFEGCCsGAQUFBwEBBEUwQzBBBggrBgEFBQcwAoY1aHR0cDovL3Jl -cG8uZnBraS5nb3YvYnJpZGdlL2NhQ2VydHNJc3N1ZWRUb2ZiY2FnNC5wN2MwNwYD -VR0fBDAwLjAsoCqgKIYmaHR0cDovL3JlcG8uZnBraS5nb3YvYnJpZGdlL2ZiY2Fn -NC5jcmwwDQYJKoZIhvcNAQELBQADggEBALSfUavBC/u8fz2Gt/qvs/Ccp5sA5T5u -HhV+F7PEJhsxKQ7D67q5/2igeKJ3A+l2GmmOOIqLkX86SWceVkVr4L2OkwI1Rpnp -U65VGWzMJjD0+RwoZmT2FiSoMW25EuCRLgTR+Bk67qbMkL5jRwfJpsnChbECbzWT -1CkBe+miJw0kTw6tcW/bvErHVRYm77dJ/3ZSgX4P1i2QcLGuz9xwhVkf6vF/klLC -Jc4uAJD57H95wXtrYW+bZr9w6HTdb94ZZEaOr3H+LwXE4nuKZyI66VKEb+GwFNZZ -kojL98SHb7C5IjwaObqL7sZjf2xCkvu6IAD7xS/z1ZHMQOvKvZU7HkYwgge8MIIG -pKADAgECAhQX+hLmm3BH/gn15GXO/T1OYrSZyTANBgkqhkiG9w0BAQsFADBVMQsw -CQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQ0wCwYDVQQLEwRG -UEtJMR0wGwYDVQQDExRGZWRlcmFsIEJyaWRnZSBDQSBHNDAeFw0yMjAyMDgxNjE4 -NTJaFw0yNTAxMTcxNjE4NTJaMHoxCzAJBgNVBAYTAlVTMQ4wDAYDVQQKEwVTVFJB -QzEnMCUGA1UECxMeU1RSQUMgUEtJIFRydXN0IEluZnJhc3RydWN0dXJlMTIwMAYD -VQQDEylTVFJBQyBCcmlkZ2UgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCC -AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKiS5MwgXiCzg/9sTFRCaQjy -5xnrwDi0GuLhpDpel8ghBU+RFkkMVeiTyFLxS4QvqnKg8F31eKnlbqVMwnH9lGaS -7EFyUiCPQhOaUTOye3KAW3F97eOvpESaXmdPd0c97Hvq2CH6Gjkq13VlST8KByKB -s5CAdmF/pyhWk2cdZGd3lA/0NOqIIK6tc+71B3Sadg/FJEwB1RMH+Cjt6PF1lfyz -4+lmOdTfpx1ZpzWBduIeD/YTLRJD5PO+xU4jaxgfYiOGllkiEI9AWcGgwyxNAwR0 -GkeMs/EKPQuosNapYPX+yiPwQBgtTl0rPsWQ8RWFPsZpMQPKXtylXM/c15uVAxIE -npXszJklUSwPkmKUZodi/9t0N+PurgJd7xqAy+iio2WuxriRkM6+X53hEj8+c5bJ -ep42bun34gF6y2NQR+lucH1tlkn9CQRnN/61ddETZfuDy2K9PJ0fjXSOe5ZZxbUX -zg8YnW9OH+rxZX/ZuFIzjp3boCOheuWjOPfTH+MDNTZ93zmrM13TsZzGeQE7+274 -WWFK+lzP/caue6kfPeVYtwzpW9xvRWE5od7Uy2h8C87L6oXWLT3o8fi4FRnC56Ap -8l6KDuwHjN5w+R9Monnm8unADEdde25P6LDasfoblRsIHCsAoLezGe78uQp44uuA -zHdkVXROx6G310kImSgJAgMBAAGjggNdMIIDWTAdBgNVHQ4EFgQUGcHOh0kzgLb3 -Wqxlw3TwfzeSpWEwHwYDVR0jBBgwFoAUefAASet/d8JdQQJlNIqQI5seB28wDgYD -VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgaUGA1UdIASBnTCBmjAMBgpg -hkgBZQMCAQMBMAwGCmCGSAFlAwIBAwIwDAYKYIZIAWUDAgEDAzAMBgpghkgBZQMC -AQMMMAwGCmCGSAFlAwIBAw4wDAYKYIZIAWUDAgEDDzAMBgpghkgBZQMCAQMSMAwG -CmCGSAFlAwIBAxMwDAYKYIZIAWUDAgEDFDAMBgpghkgBZQMCAQMlMAwGCmCGSAFl -AwIBAyYwggFBBgNVHSEEggE4MIIBNDAaBgpghkgBZQMCAQMBBgwrBgEEAYK2bQIB -BQEwGgYKYIZIAWUDAgEDAgYMKwYBBAGCtm0CAQUCMBoGCmCGSAFlAwIBAwMGDCsG -AQQBgrZtAgEFAzAaBgpghkgBZQMCAQMOBgwrBgEEAYK2bQIBBQUwGgYKYIZIAWUD -AgEDDAYMKwYBBAGCtm0CAQUEMBoGCmCGSAFlAwIBAw8GDCsGAQQBgrZtAgEFBjAa -BgpghkgBZQMCAQMlBgwrBgEEAYK2bQIBBQowGgYKYIZIAWUDAgEDJgYMKwYBBAGC -tm0CAQULMBoGCmCGSAFlAwIBAxIGDCsGAQQBgrZtAgEFBzAaBgpghkgBZQMCAQMT -BgwrBgEEAYK2bQIBBQgwGgYKYIZIAWUDAgEDFAYMKwYBBAGCtm0CAQUJMFoGCCsG -AQUFBwELBE4wTDBKBggrBgEFBQcwBYY+aHR0cDovL3BraS5zdHJhYy5vcmcvYnJp -ZGdlL2NlcnRpZmljYXRlcy9TVFJBQ0JyaWRnZVJvb3RDQS5wN2MwEgYDVR0kAQH/ -BAgwBoABAIEBATANBgNVHTYBAf8EAwIBADBRBggrBgEFBQcBAQRFMEMwQQYIKwYB -BQUHMAKGNWh0dHA6Ly9yZXBvLmZwa2kuZ292L2JyaWRnZS9jYUNlcnRzSXNzdWVk -VG9mYmNhZzQucDdjMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9yZXBvLmZwa2ku -Z292L2JyaWRnZS9mYmNhZzQuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB1SCcRtFGA -DZS6d7wEz//fZoifC0S0Utw77OGqm7sqEqsoJOEJtmjhUl/lVL58csOZNLNOojvR -TPbj50dg8F0vwxYEXe5WCF2JYOHmBTkEWG49W1CUkGpBNg0MTR868GPCZIgRfnuF -Nm2/SLT2yso/VsJNUMMbiG7XwGhDja4+bEj6/p6MnFkXu8drBh2pWQrC8hygZr6p -SUGsZTz9aLLN4Ag/C5Fy1JpcuD38GFkkMTDoQ+/kBsOZdxTh1P0TlW6mQTnpHSmu -RXLyQ3FKpwL180xBaSBFUy2fyoa4kol9xjXjsppwniwewyaor6Lme52xtEDt2BRg -+lQbmlSnc+5zMIIHwTCCBamgAwIBAgIQSkeAYdSPLq30pUtSLLSipTANBgkqhkiG -9w0BAQwFADBoMQswCQYDVQQGEwJVUzESMBAGA1UEChMJQ2VydGlQYXRoMSIwIAYD -VQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMSEwHwYDVQQDExhDZXJ0aVBh -dGggQnJpZGdlIENBIC0gRzMwHhcNMjMwNDE5MDAwMDAwWhcNMjQwNDMwMjM1OTU5 -WjCBtDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCENvbG9yYWRvMQ8wDQYDVQQHEwZE -ZW52ZXIxJDAiBgNVBAoTG0xvY2toZWVkIE1hcnRpbiBDb3Jwb3JhdGlvbjEiMCAG -A1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczE3MDUGA1UEAxMuTG9ja2hl -ZWQgTWFydGluIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMf5MayZf+uYqk4mX9qaZTzFWppEpCua -d1Czvo/w1hCv62JpLdyCyx4e/NtGWv2/aKEtXw7P4Am8aEE/OrtJoJcyKkpNslV+ -dXHDiSQC8IB0hZIMCLLxJHbrSIi6ETJnl15gFv1uynakNhX8DehHFojU8k2amm9x -IcX1bGcRZQEXwYAGg7komSWIpZNxbY4ob1+ypc8jWuMpyM98E0DLDh+zVjYeVgxL -+nmBQ4LM+FT8CyyYFhyk/SRTBqSeIlqqIwwhQVoMSM425Yc8T7r7pPp/Jbi/Zlr+ -wl3p4k8PwZlE1c0OCgo/vEVaTX7heH29MywXgu6JVmI/hbwoMw3XZSMCAwEAAaOC -AxgwggMUMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUklfi6y+4i0hsTd0Hszxv -p+U5kM4wEgYDVR0TAQH/BAgwBgEB/wIBATBCBgNVHR8EOzA5MDegNaAzhjFodHRw -Oi8vY3JsLmNlcnRpcGF0aC5jb20vQ2VydGlQYXRoQnJpZGdlQ0EtRzMuY3JsMIG2 -BgNVHR4BAf8EgaswgaiggaUwCoEIbG1jby5jb20wC4EJLmxtY28uY29tMAqCCGxt -Y28uY29tMBSCEmxvY2toZWVkbWFydGluLmNvbTA3pDUwMzELMAkGA1UEBhMCVVMx -JDAiBgNVBAoTG0xvY2toZWVkIE1hcnRpbiBDb3Jwb3JhdGlvbjAvpC0wKzETMBEG -CgmSJomT8ixkARkWA2NvbTEUMBIGCgmSJomT8ixkARkWBGxtY28wWAYIKwYBBQUH -AQsETDBKMEgGCCsGAQUFBzAFhjxodHRwOi8vY3JsLmV4dGVybmFsLmxtY28uY29t -L2NybC9jZXJ0dXBkL2lzc3VlZGJ5LWxtcmNhMi5wN2MwCgYDVR02BAMCAQAwEgYD -VR0kAQH/BAgwBoABAIEBADBJBgNVHSAEQjBAMA4GDCsGAQQBgbtTAQEBATAOBgwr -BgEEAYG7UwEBAQIwDgYMKwYBBAGBu1MBAQEXMA4GDCsGAQQBgbtTAQEBGDCBnAYD -VR0hBIGUMIGRMBsGDCsGAQQBgbtTAQEBAQYLKwYBBAFnZAEBAwQwGwYMKwYBBAGB -u1MBAQECBgsrBgEEAWdkAQEDAzAbBgwrBgEEAYG7UwEBAQEGCysGAQQBZ2QBAQMD -MBsGDCsGAQQBgbtTAQEBFwYLKwYBBAFnZAEBAwcwGwYMKwYBBAGBu1MBAQEYBgsr -BgEEAWdkAQEDBjBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAKGMWh0dHA6Ly9h -aWEuY2VydGlwYXRoLmNvbS9DZXJ0aVBhdGhCcmlkZ2VDQS1HMy5wN2MwHwYDVR0j -BBgwFoAUeos8BpLcHqjSgqwbdG90PU7RqJswDQYJKoZIhvcNAQEMBQADggIBAESG -JTPnP+QbBa6JNub4+Oj8u3FT2oICa94ts4LnpSRfiv3/6kuzkYBu33pAIa2gFBYv -xuPRyzWxKrH9b8q5rrnnSBnYWdffqNgrOe+A9hcbZ05WyQkzYTPsB9Xnl8od7Lqi -ny09LRasVeeNvJQdv8kLeKDfH+Lw8vQWCvHhkrw/2vMevRRxjKfzrGxI9CQvF+xz -tgSI4KN5l/t22sy8GDR+PhgdLkYrEN/tVosvH8BxINJn3t1vVNLqOpYq/ARUeJzG -N+AprPP6jjue5wiAN7b5giWopMMtjUZdVoSUM6rgkKNfAVPUQ89bYUApjaYXPBay -MrjfWPMrIr/9/QR1m0Mz/Q3nn7sb5FtIsK4iiLc/veEKey4P/Ekf3ySlJuibLh1d -90BJ/22V6jWvxgbHYDACO8JozBp8U7wOY8vZwvEBltQghS38zVwhJo9PTBUkwDa4 -cvOmbbMeU870g0I0N3xsK19tx6WDLEG/2DtM20lZldKpPaIFPtP4pJ17ERTqSngc -62ACnOY7joUav6caVUuLaNh4mcXXJ2OHxZ2fOM8llcI0YxM1LoUaCNb5HJ6WPJwt -qmKuskXG84GWPM6mOobeq8hb8PSzIl9c1RtBZkXuNU06GWq5ExhGJYa86IgF85hs -mpgGlNdQy/19tKYGq4HpOrWW2NqeL9U3TWbEj07bMIIHyDCCBbCgAwIBAgIQZ8QQ -JuHUSJ9qZjX9MDkzQzANBgkqhkiG9w0BAQwFADBoMQswCQYDVQQGEwJVUzESMBAG -A1UEChMJQ2VydGlQYXRoMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 -aWVzMSEwHwYDVQQDExhDZXJ0aVBhdGggQnJpZGdlIENBIC0gRzMwHhcNMjMwMjIy -MDAwMDAwWhcNMjQwMjI4MjM1OTU5WjCBkjELMAkGA1UEBhMCTkwxIDAeBgNVBAoM -F01pbmlzdGVyaWUgdmFuIERlZmVuc2llMRcwFQYDVQRhDA5OVFJOTC0yNzM3MDk4 -NTFIMEYGA1UEAww/TWluaXN0ZXJpZSB2YW4gRGVmZW5zaWUgUEtJb3ZlcmhlaWQg -T3JnYW5pc2F0aWUgUGVyc29vbiBDQSAtIEczMIICIjANBgkqhkiG9w0BAQEFAAOC -Ag8AMIICCgKCAgEAyOFTzcAniXRHkyQmhkv+Mc+daW7P3uHAQsGONAf/kM3TM+Lx -y2+EXMOAcfWo5n9tsgOmCO3wZhoCn4DXw1ycdmF3Ll/UVuLIoJCbppeupIViZE98 -/HDCpC6FU6FyxqHqa/FOR7rW6WJn7TgYxqF/rxLE6v90qm7o3CKqJoeq4Y6UDqWW -I1d2gUlEqSWEFCO53Grwx/oCipeOTnHTcElvod/Wx37oOM58Ci/lm+Bp8N+eN7qh -hHmQHrsgKtj5fWFuNpahLqaO4RXjjoQYhqTkqAAk/ZmY4G+k1sCGykRnHd9vCkYl -v6k0xxx1hVg7M3y3hJhFerm94mwY0+Rr3hmzEY2Obd1kHgIrcuEwxsUCmCxcQbx4 -SYlq8rmolHcdmRjBKtok01nn+nPvCN+wtqKPIKu6/oIip1p35qQybAj2qj4LWMKu -ciYk45OufsLBk9PRM6I/9Tgwem4ZoPNy1n+a9TwLY1UVHyvPRstLSACIvHpLcsMg -/kxoddJFchTcbGM4qN1fPbuapToMCazaObrb/PGARc1QUWo94hyxiIEc6gdCKcTq -vRWueUR9dF9XAOuVhnJ3sbe6VJEjyjbp2hp5RLtpzX52TI1np0vLJesdIrBGZf8U -jteiQQvwIe0zE7Jg+EY5ZlnPz0kM7dbxhFVtRjVV4pme7wOVWtxh8GeXgZUCAwEA -AaOCAkEwggI9MCkGA1UdIAQiMCAwDgYMKwYBBAGBu1MBAQEBMA4GDCsGAQQBgbtT -AQEBAjBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3JsLmNlcnRpcGF0aC5jb20v -Q2VydGlQYXRoQnJpZGdlQ0EtRzMuY3JsMA4GA1UdDwEB/wQEAwIBBjBDBgNVHR4B -Af8EOTA3oDUwM6QxMC8xCzAJBgNVBAYTAk5MMSAwHgYDVQQKDBdNaW5pc3Rlcmll -IHZhbiBEZWZlbnNpZTASBgNVHSQBAf8ECDAGgAEAgQEAMIGzBgNVHSEEgaswgagw -GgYMKwYBBAGBu1MBAQECBgpghBABh2sBAgUBMBoGDCsGAQQBgbtTAQEBAgYKYIQQ -AYdrAQIFAjAaBgwrBgEEAYG7UwEBAQIGCmCEEAGHawECBQMwGgYMKwYBBAGBu1MB -AQEBBgpghBABh2sBAgUBMBoGDCsGAQQBgbtTAQEBAQYKYIQQAYdrAQIFAjAaBgwr -BgEEAYG7UwEBAQEGCmCEEAGHawECBQMwHQYDVR0OBBYEFCO7+d+AiROjdyfpxmlD -M41JB8JqMBIGA1UdEwEB/wQIMAYBAf8CAQAwCgYDVR02BAMCAQAwTQYIKwYBBQUH -AQEEQTA/MD0GCCsGAQUFBzAChjFodHRwOi8vYWlhLmNlcnRpcGF0aC5jb20vQ2Vy -dGlQYXRoQnJpZGdlQ0EtRzMucDdjMB8GA1UdIwQYMBaAFHqLPAaS3B6o0oKsG3Rv -dD1O0aibMA0GCSqGSIb3DQEBDAUAA4ICAQCQ6aD1/KmmPMNA9k0iBAxZ7r7LZtPg -UvF5ZVmdM5WrdRBSkI0+BNLuH+5JKEx3iW+FyP1EA15baAW0CCbqMQdKBnqS/+l4 -s+cuQeerJgi24232MfV7A+TqZ8+CL4in+R/IRlWMIbxhQcprrqf1J6y+G4HpwN9w -E7QHLdRCzOvRiY1Rz+0fh3HG51DHuklLZoyFcoTire78l7LmS0KVPWCgsgAYvmY4 -zvv1rs2m+eaMumrK2+M3iEAM+y6diD4WTnj3tJsbTPL5E3wYWcaIf3p/KlVR2W71 -KO50N1G3F472uGw0hz1km0tjSKx5HexEgEGk6cu/D0YSHr2pU6eK2HGBZMz2h+4P -766+L12PJ8J4F3N0NLjrWtk9Fku/REL5CzMEd8YF4vVxVmzGLG3Y66dkoisCPSWo -UiX4jo/e71lAP5nrWO75/GNZXhTtnvhoAC3sXjquoZWeH5Qotk5MgUpHN4DnRQE1 -fmfBz8xBrcnP4YVDlpwOKW87LhysPnkDYfWkjsDyzQ0GW9/Y3naN0fYKhAwUbgBx -WqBbRsvhEjdLVIzCI4cy/oubYZkmapX1leGQdfC4FA9RJACwzBFmD/S/X9PHB0fw -cY31wXTHn8QakjYsp77p3WSDqPIya/a9puVtUI6M8wulyCSLWGghTSvpMGFLfTMs -9H8ESQAfRO82mzCCB+gwggbQoAMCAQICBEqoueowDQYJKoZIhvcNAQELBQAwcjEL -MAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VudHJ1c3QxIjAgBgNVBAsTGUNlcnRpZmlj -YXRpb24gQXV0aG9yaXRpZXMxLTArBgNVBAsTJEVudHJ1c3QgTWFuYWdlZCBTZXJ2 -aWNlcyBORkkgUm9vdCBDQTAeFw0xNzA1MTYxNDMxMzVaFw0yNzExMTYxNTAxMzVa -MHExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFbnRydXN0MSIwIAYDVQQLExlDZXJ0 -aWZpY2F0aW9uIEF1dGhvcml0aWVzMSwwKgYDVQQLEyNFbnRydXN0IE5GSSBNZWRp -dW0gQXNzdXJhbmNlIFNTUCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBAKDhKmqOR89raC4LUQGnGvOGchLkPUFaWdUXSRB5BWaS538d/enI8e2ZcFH5 -nqONZfDVbIGYfAFZ0nWUC1Na09y39o/uL7xwxobVkxikDNtqG1+p/49Z5OuiQOlN -KQDSFp7h0PQD69dCLoAqVSKGH1Vl77o/iY/DSSnoVHQ379S90mcFvyhPTrLmnY8f -svo2d3fO2PvK/K85ioIKjcaxPsQVaURcWMlTLVnKKABumMjuwK6dwZbn3qYTVjo8 -2K90wgico5NNhcsU5X/Vqn4QzYLgBRoWy/ezUWTyqUS3BHOoByPFQbRnT/gYg8f3 -PCp9LU39yONcgYzGeoeyOuudNrECAwEAAaOCBIUwggSBMA4GA1UdDwEB/wQEAwIB -BjCCAR0GA1UdIASCARQwggEQMA8GDWCGSAGG+muBSAMKBwEwDwYNYIZIAYb6a4FI -AwoHAjAPBg1ghkgBhvprgUgDCgcDMA8GDWCGSAGG+muBSAMKBwQwDwYNYIZIAYb6 -a4FIAwoHBTAPBg1ghkgBhvprgUgDCgcGMA8GDWCGSAGG+muBSAMKBwcwDwYNYIZI -AYb6a4FIAwoHCDAPBg1ghkgBhvprgUgDCgcJMA8GDWCGSAGG+muBSAMKBwowDwYN -YIZIAYb6a4FIAwoHCzAPBg1ghkgBhvprgUgDCgcMMA8GDWCGSAGG+muBSAMKBw0w -DwYNYIZIAYb6a4FIAwoHDjAPBg1ghkgBhvprgUgDCgcPMA8GDWCGSAGG+muBSAMK -BxAwEgYDVR0TAQH/BAgwBgEB/wIBADCCAVoGCCsGAQUFBwEBBIIBTDCCAUgwUAYI -KwYBBQUHMAKGRGh0dHA6Ly9uZmlyb290d2ViLm1hbmFnZWQuZW50cnVzdC5jb20v -QUlBL0NlcnRzSXNzdWVkVG9ORklSb290Q0EucDdjMIHDBggrBgEFBQcwAoaBtmxk -YXA6Ly9uZmlyb290ZGlyLm1hbmFnZWQuZW50cnVzdC5jb20vb3U9RW50cnVzdCUy -ME1hbmFnZWQlMjBTZXJ2aWNlcyUyME5GSSUyMFJvb3QlMjBDQSxvdT1DZXJ0aWZp -Y2F0aW9uJTIwQXV0aG9yaXRpZXMsbz1FbnRydXN0LGM9VVM/Y0FDZXJ0aWZpY2F0 -ZTtiaW5hcnksY3Jvc3NDZXJ0aWZpY2F0ZVBhaXI7YmluYXJ5MC4GCCsGAQUFBzAB -hiJodHRwOi8vbmZpb2NzcC5tYW5hZ2VkLmVudHJ1c3QuY29tMIIBmgYDVR0fBIIB -kTCCAY0wgfqggfeggfSGOWh0dHA6Ly9uZmlyb290d2ViLm1hbmFnZWQuZW50cnVz -dC5jb20vQ1JMcy9ORklSb290Q0EyLmNybIaBtmxkYXA6Ly9uZmlyb290ZGlyLm1h -bmFnZWQuZW50cnVzdC5jb20vY249V2luQ29tYmluZWQyLG91PUVudHJ1c3QlMjBN -YW5hZ2VkJTIwU2VydmljZXMlMjBORkklMjBSb290JTIwQ0Esb3U9Q2VydGlmaWNh -dGlvbiUyMEF1dGhvcml0aWVzLG89RW50cnVzdCxjPVVTP2NlcnRpZmljYXRlUmV2 -b2NhdGlvbkxpc3Q7YmluYXJ5MIGNoIGKoIGHpIGEMIGBMQswCQYDVQQGEwJVUzEQ -MA4GA1UEChMHRW50cnVzdDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3Jp -dGllczEtMCsGA1UECxMkRW50cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIE5GSSBSb290 -IENBMQ0wCwYDVQQDEwRDUkwxMB8GA1UdIwQYMBaAFPrfIwHEquwj461vDTSlDc85 -ZGVeMB0GA1UdDgQWBBRm+SWYrsv74YwAhBnUhf+TVurWpjANBgkqhkiG9w0BAQsF -AAOCAQEAGMwdtExZW/4OEP5fnr6ltOS/TMbGsgkfrAl8aYuArWIHgMVhk0yyFG20 -Y+71jxgv2mp1q1mrPJkWLCUkEct0hmSdHBvG5IXiHuE6pugC5sNg0WmqJQykiesk -PiwEU9AvjovCGJOQXDOoS6UJZv99FGLbwOdwIsEzCVQpW+0Cvnv/+GdMJww9tz3U -F1olEBPauPr89y/on4BRJY2OhKnSk+nZWVZdesbeYGa63RZbG5T2cbr555oJfPP6 -sDHds33CkyGpzzPpZULeozNi9wvj0zgQC7fV2cqt0MNUS30FrGjXLNP3wzqCXxx8 -NK/UJjC6waViae6VcQNlpCEzBXJQbTCCB+wwggXUoAMCAQICEHVshZtKC8EaKjBe -7pfhL+EwDQYJKoZIhvcNAQEMBQAwaDELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUNl -cnRpUGF0aDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEhMB8G -A1UEAxMYQ2VydGlQYXRoIEJyaWRnZSBDQSAtIEczMB4XDTIzMDIyMjAwMDAwMFoX -DTI0MDIyODIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMScwJQYDVQQKEx5DYXJpbGxv -biBGZWRlcmFsIFNlcnZpY2VzIEluYy4xIjAgBgNVBAsTGUNlcnRpZmljYXRpb24g -QXV0aG9yaXRpZXMxLDAqBgNVBAMTI0NhcmlsbG9uIEZlZGVyYWwgU2VydmljZXMg -UElWLUkgQ0ExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2wwuSzV+ -hGsPbrtDzS8Om7HhEtLcuA2CTe1245fqRJ+LV4H4SrDgq6TZMZeWLHc6XE50rIV8 -S6HnoVyaH30KcF5kg7QRSC/4Aku4Gt2VWIOp4MTM9Y0+hWzIf0uMG7Aqo8tGEi5P -T1uJt4s2Ui3z1o1mNV+AWTDv+Ei5PnTGGkiMYLezOzH9FSlVWJVvTfg6lkcyCoub -FOBxOTCQGYlD2dDG2N+ZkmKjxANqoSG9JMX9IWbKvn2adg+t8GCRH+bS9rN+kNwz -vjSk52VG1g8OxezlKQv4sh4ygQlqGCkDCSss/ZwMINDyJk/lsUYboz5Sup6BnzAQ -hGXcgai/Dhye4AIqICwKJvj5hExyMAnyqmpe/U3xM7CVKZZmCEL3g8fO76HtcgXt -rNBx3kcRAd1WUqk19YEM6mkFPjR5XRWzi6QEquQPz4uRtzkwu+PRV3g5GroO1Pul -DkBVOLA9pzfx1Hh8PlBxivHsAi+N1ib2cWatz123uyrCbjx8ab+qe8/MTSJZwN7U -a93ASoDviZMTBiLiSE7WH5UlRkS4RIc/B0ppE3BkeiVa5tCsPKgI7NaFTNLtOcEy -H/a+tMjfjCX7505VwvTdCYEjjYqV9+PalO2Q6AKI1oyAJW01qAX0FqWjBAjvnR/W -mykehZO/kKRQp1VDfsr7KG0ouzYHmlHSqcsCAwEAAaOCAm8wggJrMB0GA1UdDgQW -BBTpumdDQK1BIpr++glDiPNiuGuvKjASBgNVHRMBAf8ECDAGAQH/AgEAMHkGA1Ud -IARyMHAwDgYMKwYBBAGBu1MBAQEBMA4GDCsGAQQBgbtTAQEBAjAOBgwrBgEEAYG7 -UwEBAQcwDgYMKwYBBAGBu1MBAQEIMA4GDCsGAQQBgbtTAQEBCTAOBgwrBgEEAYG7 -UwEBARcwDgYMKwYBBAGBu1MBAQEYMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9j +IEc0MB4XDTIyMDIwODE2MTg1MloXDTI1MDExNzE2MTg1MlowejELMAkGA1UEBhMC +VVMxDjAMBgNVBAoTBVNUUkFDMScwJQYDVQQLEx5TVFJBQyBQS0kgVHJ1c3QgSW5m +cmFzdHJ1Y3R1cmUxMjAwBgNVBAMTKVNUUkFDIEJyaWRnZSBSb290IENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +qJLkzCBeILOD/2xMVEJpCPLnGevAOLQa4uGkOl6XyCEFT5EWSQxV6JPIUvFLhC+q +cqDwXfV4qeVupUzCcf2UZpLsQXJSII9CE5pRM7J7coBbcX3t46+kRJpeZ093Rz3s +e+rYIfoaOSrXdWVJPwoHIoGzkIB2YX+nKFaTZx1kZ3eUD/Q06oggrq1z7vUHdJp2 +D8UkTAHVEwf4KO3o8XWV/LPj6WY51N+nHVmnNYF24h4P9hMtEkPk877FTiNrGB9i +I4aWWSIQj0BZwaDDLE0DBHQaR4yz8Qo9C6iw1qlg9f7KI/BAGC1OXSs+xZDxFYU+ +xmkxA8pe3KVcz9zXm5UDEgSelezMmSVRLA+SYpRmh2L/23Q34+6uAl3vGoDL6KKj +Za7GuJGQzr5fneESPz5zlsl6njZu6ffiAXrLY1BH6W5wfW2WSf0JBGc3/rV10RNl ++4PLYr08nR+NdI57llnFtRfODxidb04f6vFlf9m4UjOOndugI6F65aM499Mf4wM1 +Nn3fOaszXdOxnMZ5ATv7bvhZYUr6XM/9xq57qR895Vi3DOlb3G9FYTmh3tTLaHwL +zsvqhdYtPejx+LgVGcLnoCnyXooO7AeM3nD5H0yieeby6cAMR117bk/osNqx+huV +GwgcKwCgt7MZ7vy5Cnji64DMd2RVdE7HobfXSQiZKAkCAwEAAaOCA10wggNZMB0G +A1UdDgQWBBQZwc6HSTOAtvdarGXDdPB/N5KlYTAfBgNVHSMEGDAWgBR58ABJ6393 +wl1BAmU0ipAjmx4HbzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zCB +pQYDVR0gBIGdMIGaMAwGCmCGSAFlAwIBAwEwDAYKYIZIAWUDAgEDAjAMBgpghkgB +ZQMCAQMDMAwGCmCGSAFlAwIBAwwwDAYKYIZIAWUDAgEDDjAMBgpghkgBZQMCAQMP +MAwGCmCGSAFlAwIBAxIwDAYKYIZIAWUDAgEDEzAMBgpghkgBZQMCAQMUMAwGCmCG +SAFlAwIBAyUwDAYKYIZIAWUDAgEDJjCCAUEGA1UdIQSCATgwggE0MBoGCmCGSAFl +AwIBAwEGDCsGAQQBgrZtAgEFATAaBgpghkgBZQMCAQMCBgwrBgEEAYK2bQIBBQIw +GgYKYIZIAWUDAgEDAwYMKwYBBAGCtm0CAQUDMBoGCmCGSAFlAwIBAw4GDCsGAQQB +grZtAgEFBTAaBgpghkgBZQMCAQMMBgwrBgEEAYK2bQIBBQQwGgYKYIZIAWUDAgED +DwYMKwYBBAGCtm0CAQUGMBoGCmCGSAFlAwIBAyUGDCsGAQQBgrZtAgEFCjAaBgpg +hkgBZQMCAQMmBgwrBgEEAYK2bQIBBQswGgYKYIZIAWUDAgEDEgYMKwYBBAGCtm0C +AQUHMBoGCmCGSAFlAwIBAxMGDCsGAQQBgrZtAgEFCDAaBgpghkgBZQMCAQMUBgwr +BgEEAYK2bQIBBQkwWgYIKwYBBQUHAQsETjBMMEoGCCsGAQUFBzAFhj5odHRwOi8v +cGtpLnN0cmFjLm9yZy9icmlkZ2UvY2VydGlmaWNhdGVzL1NUUkFDQnJpZGdlUm9v +dENBLnA3YzASBgNVHSQBAf8ECDAGgAEAgQEBMA0GA1UdNgEB/wQDAgEAMFEGCCsG +AQUFBwEBBEUwQzBBBggrBgEFBQcwAoY1aHR0cDovL3JlcG8uZnBraS5nb3YvYnJp +ZGdlL2NhQ2VydHNJc3N1ZWRUb2ZiY2FnNC5wN2MwNwYDVR0fBDAwLjAsoCqgKIYm +aHR0cDovL3JlcG8uZnBraS5nb3YvYnJpZGdlL2ZiY2FnNC5jcmwwDQYJKoZIhvcN +AQELBQADggEBAHVIJxG0UYANlLp3vATP/99miJ8LRLRS3Dvs4aqbuyoSqygk4Qm2 +aOFSX+VUvnxyw5k0s06iO9FM9uPnR2DwXS/DFgRd7lYIXYlg4eYFOQRYbj1bUJSQ +akE2DQxNHzrwY8JkiBF+e4U2bb9ItPbKyj9Wwk1QwxuIbtfAaEONrj5sSPr+noyc +WRe7x2sGHalZCsLyHKBmvqlJQaxlPP1oss3gCD8LkXLUmly4PfwYWSQxMOhD7+QG +w5l3FOHU/ROVbqZBOekdKa5FcvJDcUqnAvXzTEFpIEVTLZ/KhriSiX3GNeOymnCe +LB7DJqivouZ7nbG0QO3YFGD6VBuaVKdz7nMwggfBMIIFqaADAgECAhBKR4Bh1I8u +rfSlS1IstKKlMA0GCSqGSIb3DQEBDAUAMGgxCzAJBgNVBAYTAlVTMRIwEAYDVQQK +EwlDZXJ0aVBhdGgxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMx +ITAfBgNVBAMTGENlcnRpUGF0aCBCcmlkZ2UgQ0EgLSBHMzAeFw0yMzA0MTkwMDAw +MDBaFw0yNDA0MzAyMzU5NTlaMIG0MQswCQYDVQQGEwJVUzERMA8GA1UECBMIQ29s +b3JhZG8xDzANBgNVBAcTBkRlbnZlcjEkMCIGA1UEChMbTG9ja2hlZWQgTWFydGlu +IENvcnBvcmF0aW9uMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVz +MTcwNQYDVQQDEy5Mb2NraGVlZCBNYXJ0aW4gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1 +dGhvcml0eSAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/kxrJl/ +65iqTiZf2pplPMVamkSkK5p3ULO+j/DWEK/rYmkt3ILLHh7820Za/b9ooS1fDs/g +CbxoQT86u0mglzIqSk2yVX51ccOJJALwgHSFkgwIsvEkdutIiLoRMmeXXmAW/W7K +dqQ2FfwN6EcWiNTyTZqab3EhxfVsZxFlARfBgAaDuSiZJYilk3FtjihvX7KlzyNa +4ynIz3wTQMsOH7NWNh5WDEv6eYFDgsz4VPwLLJgWHKT9JFMGpJ4iWqojDCFBWgxI +zjblhzxPuvuk+n8luL9mWv7CXeniTw/BmUTVzQ4KCj+8RVpNfuF4fb0zLBeC7olW +Yj+FvCgzDddlIwIDAQABo4IDGDCCAxQwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQW +BBSSV+LrL7iLSGxN3QezPG+n5TmQzjASBgNVHRMBAf8ECDAGAQH/AgEBMEIGA1Ud +HwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwuY2VydGlwYXRoLmNvbS9DZXJ0aVBhdGhC +cmlkZ2VDQS1HMy5jcmwwgbYGA1UdHgEB/wSBqzCBqKCBpTAKgQhsbWNvLmNvbTAL +gQkubG1jby5jb20wCoIIbG1jby5jb20wFIISbG9ja2hlZWRtYXJ0aW4uY29tMDek +NTAzMQswCQYDVQQGEwJVUzEkMCIGA1UEChMbTG9ja2hlZWQgTWFydGluIENvcnBv +cmF0aW9uMC+kLTArMRMwEQYKCZImiZPyLGQBGRYDY29tMRQwEgYKCZImiZPyLGQB +GRYEbG1jbzBYBggrBgEFBQcBCwRMMEowSAYIKwYBBQUHMAWGPGh0dHA6Ly9jcmwu +ZXh0ZXJuYWwubG1jby5jb20vY3JsL2NlcnR1cGQvaXNzdWVkYnktbG1yY2EyLnA3 +YzAKBgNVHTYEAwIBADASBgNVHSQBAf8ECDAGgAEAgQEAMEkGA1UdIARCMEAwDgYM +KwYBBAGBu1MBAQEBMA4GDCsGAQQBgbtTAQEBAjAOBgwrBgEEAYG7UwEBARcwDgYM +KwYBBAGBu1MBAQEYMIGcBgNVHSEEgZQwgZEwGwYMKwYBBAGBu1MBAQEBBgsrBgEE +AWdkAQEDBDAbBgwrBgEEAYG7UwEBAQIGCysGAQQBZ2QBAQMDMBsGDCsGAQQBgbtT +AQEBAQYLKwYBBAFnZAEBAwMwGwYMKwYBBAGBu1MBAQEXBgsrBgEEAWdkAQEDBzAb +BgwrBgEEAYG7UwEBARgGCysGAQQBZ2QBAQMGME0GCCsGAQUFBwEBBEEwPzA9Bggr +BgEFBQcwAoYxaHR0cDovL2FpYS5jZXJ0aXBhdGguY29tL0NlcnRpUGF0aEJyaWRn +ZUNBLUczLnA3YzAfBgNVHSMEGDAWgBR6izwGktweqNKCrBt0b3Q9TtGomzANBgkq +hkiG9w0BAQwFAAOCAgEARIYlM+c/5BsFrok25vj46Py7cVPaggJr3i2zguelJF+K +/f/qS7ORgG7fekAhraAUFi/G49HLNbEqsf1vyrmuuedIGdhZ19+o2Cs574D2Fxtn +TlbJCTNhM+wH1eeXyh3suqKfLT0tFqxV5428lB2/yQt4oN8f4vDy9BYK8eGSvD/a +8x69FHGMp/OsbEj0JC8X7HO2BIjgo3mX+3bazLwYNH4+GB0uRisQ3+1Wiy8fwHEg +0mfe3W9U0uo6lir8BFR4nMY34Cms8/qOO57nCIA3tvmCJaikwy2NRl1WhJQzquCQ +o18BU9RDz1thQCmNphc8FrIyuN9Y8ysiv/39BHWbQzP9DeefuxvkW0iwriKItz+9 +4Qp7Lg/8SR/fJKUm6JsuHV33QEn/bZXqNa/GBsdgMAI7wmjMGnxTvA5jy9nC8QGW +1CCFLfzNXCEmj09MFSTANrhy86Ztsx5TzvSDQjQ3fGwrX23HpYMsQb/YO0zbSVmV +0qk9ogU+0/iknXsRFOpKeBzrYAKc5juOhRq/pxpVS4to2HiZxdcnY4fFnZ84zyWV +wjRjEzUuhRoI1vkcnpY8nC2qYq6yRcbzgZY8zqY6ht6ryFvw9LMiX1zVG0FmRe41 +TToZarkTGEYlhrzoiAXzmGyamAaU11DL/X20pgargek6tZbY2p4v1TdNZsSPTtsw +ggfIMIIFsKADAgECAhBnxBAm4dRIn2pmNf0wOTNDMA0GCSqGSIb3DQEBDAUAMGgx +CzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlDZXJ0aVBhdGgxIjAgBgNVBAsTGUNlcnRp +ZmljYXRpb24gQXV0aG9yaXRpZXMxITAfBgNVBAMTGENlcnRpUGF0aCBCcmlkZ2Ug +Q0EgLSBHMzAeFw0yMzAyMjIwMDAwMDBaFw0yNDAyMjgyMzU5NTlaMIGSMQswCQYD +VQQGEwJOTDEgMB4GA1UECgwXTWluaXN0ZXJpZSB2YW4gRGVmZW5zaWUxFzAVBgNV +BGEMDk5UUk5MLTI3MzcwOTg1MUgwRgYDVQQDDD9NaW5pc3RlcmllIHZhbiBEZWZl +bnNpZSBQS0lvdmVyaGVpZCBPcmdhbmlzYXRpZSBQZXJzb29uIENBIC0gRzMwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDI4VPNwCeJdEeTJCaGS/4xz51p +bs/e4cBCwY40B/+QzdMz4vHLb4Rcw4Bx9ajmf22yA6YI7fBmGgKfgNfDXJx2YXcu +X9RW4sigkJuml66khWJkT3z8cMKkLoVToXLGoepr8U5HutbpYmftOBjGoX+vEsTq +/3SqbujcIqomh6rhjpQOpZYjV3aBSUSpJYQUI7ncavDH+gKKl45OcdNwSW+h39bH +fug4znwKL+Wb4Gnw3543uqGEeZAeuyAq2Pl9YW42lqEupo7hFeOOhBiGpOSoACT9 +mZjgb6TWwIbKRGcd328KRiW/qTTHHHWFWDszfLeEmEV6ub3ibBjT5GveGbMRjY5t +3WQeAity4TDGxQKYLFxBvHhJiWryuaiUdx2ZGMEq2iTTWef6c+8I37C2oo8gq7r+ +giKnWnfmpDJsCPaqPgtYwq5yJiTjk65+wsGT09Ezoj/1ODB6bhmg83LWf5r1PAtj +VRUfK89Gy0tIAIi8ektywyD+TGh10kVyFNxsYzio3V89u5qlOgwJrNo5utv88YBF +zVBRaj3iHLGIgRzqB0IpxOq9Fa55RH10X1cA65WGcnext7pUkSPKNunaGnlEu2nN +fnZMjWenS8sl6x0isEZl/xSO16JBC/Ah7TMTsmD4RjlmWc/PSQzt1vGEVW1GNVXi +mZ7vA5Va3GHwZ5eBlQIDAQABo4ICQTCCAj0wKQYDVR0gBCIwIDAOBgwrBgEEAYG7 +UwEBAQEwDgYMKwYBBAGBu1MBAQECMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9j cmwuY2VydGlwYXRoLmNvbS9DZXJ0aVBhdGhCcmlkZ2VDQS1HMy5jcmwwDgYDVR0P -AQH/BAQDAgEGMAoGA1UdNgQDAgEAMBIGA1UdJAEB/wQIMAaAAQCBAQAwgdYGA1Ud -IQSBzjCByzAbBgwrBgEEAYG7UwEBAQEGCysGAQQBguQmAwELMBsGDCsGAQQBgbtT -AQEBAgYLKwYBBAGC5CYDAQwwGwYMKwYBBAGBu1MBAQEHBgsrBgEEAYLkJgMBFDAb -BgwrBgEEAYG7UwEBAQgGCysGAQQBguQmAwEVMBsGDCsGAQQBgbtTAQEBCQYLKwYB -BAGC5CYDARYwGwYMKwYBBAGBu1MBAQEXBgsrBgEEAYLkJgMBDTAbBgwrBgEEAYG7 -UwEBARgGCysGAQQBguQmAwEOME0GCCsGAQUFBwEBBEEwPzA9BggrBgEFBQcwAoYx -aHR0cDovL2FpYS5jZXJ0aXBhdGguY29tL0NlcnRpUGF0aEJyaWRnZUNBLUczLnA3 -YzAfBgNVHSMEGDAWgBR6izwGktweqNKCrBt0b3Q9TtGomzANBgkqhkiG9w0BAQwF -AAOCAgEAd0yVYE75wLNrwfCEe/SZ5mi9BsBT6vOUHtoJWgJ37xkOeVlzPy2V0Hbn -afKCOhznlfdptsM+w9o1pooQ7Vg12H69tBbsGYM4tBTuSx4S7GJQrddqy5yl8uBa -+WQtSrQ1o+7TubumF1RQDWhyDTLExm7YezbMpOno0MqwoJBj+njZgSPo2+jxko99 -R+IXEv9WaBZhrCXlMcx1iS1vewsV3+gjToNhEuLiQ0wgyx8PVY6humRpzS/XRdsB -LAVHa5t9ir0Hd7T+Kv3FkHDcU3U1TypNT2PpD/habF3X1bsYCCv/5xTHuUYpXcLn -UuUaEcTvV2AlH6Awun/F7A/jccV5TnC8JYu0NJo8RXuooxxG/MBfukyVAU1KWifk -S7wilDiEyew/ewpqiq9vtT1QPfH5sM7JjMKvpHPy1EmbXQtXu436CAZL59yCqV8a -EllY6OzBZ5ZoXipXtHWR2P4ajushZ44BsAV4/bhEhPoeyDOj9lCqEtmVvEA4DeIk -M+YNRSFdlf1LCSHPGRbQbwhRFc0dR491PDxfDGCK8Z8nfPdDIXg6ZeN8sNhqQmLt -TwbzMVSIMn3hjZF3EgfXuxlmf+RbC3yfVCaraMdMSecbo0Bh2wq/N678LfG8OBVC -1ioM2L3RgA+yj488O3qoFVUjJwsMQpl8l8goMYT06wNf9z28lZQwgggTMIIGe6AD -AgECAgphhIQAAAAAAAACMA0GCSqGSIb3DQEBCwUAMIGWMQswCQYDVQQGEwJVUzEl -MCMGA1UEChMcTm9ydGhyb3AgR3J1bW1hbiBDb3Jwb3JhdGlvbjEwMC4GA1UECxMn -Tm9ydGhyb3AgR3J1bW1hbiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MS4wLAYDVQQD -EyVOb3J0aHJvcCBHcnVtbWFuIENvcnBvcmF0ZSBSb290IENBLUcyMB4XDTEzMTAx -MTE4NTYzNloXDTI2MTAxMTE5MDYzNlowgZkxCzAJBgNVBAYTAlVTMSUwIwYDVQQK -ExxOb3J0aHJvcCBHcnVtbWFuIENvcnBvcmF0aW9uMTAwLgYDVQQLEydOb3J0aHJv -cCBHcnVtbWFuIEluZm9ybWF0aW9uIFRlY2hub2xvZ3kxMTAvBgNVBAMTKE5vcnRo -cm9wIEdydW1tYW4gQ29ycG9yYXRlIFNpZ25pbmcgQ0EtRzIwggGiMA0GCSqGSIb3 -DQEBAQUAA4IBjwAwggGKAoIBgQDpmMfCu7nCRgwo0zDJ1Ua6KtYNzlCZww2271tx -Q/dV6eKaV9+3B4UifRKqm/pps54cKU5WtB7LAnO1caEjEeMaRyCKJ/VKEdu072ak -9YOTP1hIwKMgq8BkzGObhDDGt4wElboq0M16VmkIBUGvOgY4asQNx50otLT89deX -E2ZtyJB+j0MKC4mhLWgBIc/BpSmEkB24pZPm5UIzxPvlnFD+zkI+OHGwpY5UJVkR -ZNgX2WcUAKJut4a2KZ/f6UeWwVwXRRtIsREJJzkMww6F4cSmlAZJQZcIkWlSPFjy -6oYSVOkQ1+vCDriSxyX5yt8kj9RJwWCZWmqclYMSiGomIVPZdZuYGv9Db5cy5aEr -hiLkNDnNnaeRKL5Ai351KrbrO5edZKcZUK+9RgcmmDzOKkBmc5Js/YN/2eDUf8wy -XReke7qy3DtFLcywXcztbjkCSB4LeHLBf4snQexN8MSPiXhqnGd8mP8DhhaKNisZ -g7rvyVW9TMZSY8y2VzFq92MEKwMCAwEAAaOCA1wwggNYMA4GA1UdDwEB/wQEAwIB -BjAdBgNVHQ4EFgQU88L/+kxZ/biGdDEXlhJjKKCgqCgwggIBBgNVHSAEggH4MIIB -9DBiBgsrBgEEAf9Og30CBzBTMFEGCCsGAQUFBwIBFkVodHRwOi8vY2VydGRhdGEu -bm9ydGhyb3BncnVtbWFuLmNvbS9jZXJ0ZGF0YS9jcC9ub3J0aHJvcGdydW1tYW5j -cC5wZGYwYgYLKwYBBAH/ToN9AggwUzBRBggrBgEFBQcCARZFaHR0cDovL2NlcnRk -YXRhLm5vcnRocm9wZ3J1bW1hbi5jb20vY2VydGRhdGEvY3Avbm9ydGhyb3BncnVt -bWFuY3AucGRmMGIGCysGAQQB/06DfQIJMFMwUQYIKwYBBQUHAgEWRWh0dHA6Ly9j -ZXJ0ZGF0YS5ub3J0aHJvcGdydW1tYW4uY29tL2NlcnRkYXRhL2NwL25vcnRocm9w -Z3J1bW1hbmNwLnBkZjBiBgsrBgEEAf9Og30CCjBTMFEGCCsGAQUFBwIBFkVodHRw -Oi8vY2VydGRhdGEubm9ydGhyb3BncnVtbWFuLmNvbS9jZXJ0ZGF0YS9jcC9ub3J0 -aHJvcGdydW1tYW5jcC5wZGYwYgYLKwYBBAH/ToN9AgswUzBRBggrBgEFBQcCARZF -aHR0cDovL2NlcnRkYXRhLm5vcnRocm9wZ3J1bW1hbi5jb20vY2VydGRhdGEvY3Av -bm9ydGhyb3BncnVtbWFuY3AucGRmMBIGA1UdEwEB/wQIMAYBAf8CAQAwHwYDVR0j -BBgwFoAUf0PqPCB3PpLLjYWiiAYwXh5DPrcwcQYDVR0fBGowaDBmoGSgYoZgaHR0 -cDovL2NlcnRkYXRhLm5vcnRocm9wZ3J1bW1hbi5jb20vY2VydGRhdGEvY3Jscy9S -ZXZva2VkQnlOb3J0aHJvcEdydW1tYW5Db3Jwb3JhdGVSb290Q0EtRzIuY3JsMHoG -CCsGAQUFBwEBBG4wbDBqBggrBgEFBQcwAoZeaHR0cDovL2NlcnRkYXRhLm5vcnRo -cm9wZ3J1bW1hbi5jb20vY2VydGRhdGEvcDdjL0lzc3VlZFRvTm9ydGhyb3BHcnVt -bWFuQ29ycG9yYXRlUm9vdENBLUcyLnA3YzANBgkqhkiG9w0BAQsFAAOCAYEAQDLp -X/aIFBWIkFxZMom/GRGZF2pXHFCVzjLlklJ8A2rcUIhF05VoNVhGDJYM12t01N9I -ehsp05xcSpFPZg+ZJUHT6Cu7ZvbvwZFIU3h8Bc9cgLNFpb8czPFd8zZqxYH3Q5/S -Mm5n5Mn9Ed20jFtuS+wjzokyb7OqZSjdnCDMyxwyu+wiXj3GqE0MDnTt/aubwbyv -i8mjCoj2gaajEIChrOdIDs23wIOPmg/xASmuq8M7HYMy1FBbIaka6ppzSdEiPxPB -pLedwajwUpTYlu6AP2Gm0v8EpmTTtimql+4avMY9GKqizxDvx7Vac0ln9HP2wjMs -QHX2INM5CV7oB6VaU/gTD6o1WH88aGexpYafHXytFKqc6z9f/Mb66hUMCSk2KjEo -tzrr/J8yuIiMNfx0w8jKtKnXtzv3CONl+2/uUslrlkG1UMiu19OnnWUod5y94v3R -iNTPmfKIdqwbhxWbR0Ru5cc/cs8OuWdoPYTXaj9JH0RN0ytIFOTCutNOSOV2MIII -QjCCBiqgAwIBAgIEYzRVOjANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCVVMx -GDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVudCBv -ZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRp -ZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMjMwMzA0MTUwMzQ5 -WhcNMzMwMzA0MTUzMzQ5WjB2MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBH -b3Zlcm5tZW50MQwwCgYDVQQLEwNTU0ExPzA9BgNVBAsTNlNvY2lhbCBTZWN1cml0 -eSBBZG1pbmlzdHJhdGlvbiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJ -KoZIhvcNAQEBBQADggIPADCCAgoCggIBALL9SigG+CZFd4TaLbczdmMk90/22H/h -HS651CYkWH5zgQsHgfXjafFnx2eh/fIKSlLfyHD9PRKbJb3vrWtfl1P+HVU2fzAa -ccRpH1/ZVrgFsChbZVmA3CixPVSCRXXLuBlIozDWJwdgCI21jzKu+puil6sBaAfT -0za6ezj12eeBu0PjPxoJarlFh0aToRqfXmcRT3ETcWteeWB5BKrE5W11us8xSBkT -hSwlvLXIyEScq7SIKUVIlxozXivWofqUBK8xMO8w7aAaAbUeD+yMIs//3bfrmTSx -pIFF7OBpk7htQ8q7tJak27l74M6bAwVeCrkMqY3iYQogVuTtRqEiK6dqi0v8y9af -qyeLQ33AfluhLVFRMN1Lj6HmHaXmxbULdXuIHW7mBuebefY8gtTHUkS+IDzVARXa -iEenaPJtZxvOA2WfZvQ2zO7IVN5rIIxFzizW6mUvmNDkTNd6Um0IvmHchxQ2gAQ+ -2v8i1MtpRNL2e+OOnbkmn2Xy/aXywgaX6zp5jMxuf6Kk2QDIwlcbFQp4PqQ579kf -cqednxQF6kaaEDTGQc3C4HFYJaGaaAxnsA4cSWkfWk5msYwjTE0fdM4KyR6cHaN7 -yPPRuVNkay/k7HTSRLK464/5MzKF8iZNhU4kZMuWUDS09TNNyDhnq/s9P5E9aTNW -tuz5ydcBMJBFAgMBAAGjggK9MIICuTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ -BAUwAwEB/zCB3QYDVR0gBIHVMIHSMAwGCmCGSAFlAwIBAwYwDAYKYIZIAWUDAgED -BzAMBgpghkgBZQMCAQMIMAwGCmCGSAFlAwIBAw0wDAYKYIZIAWUDAgEDEDAMBgpg -hkgBZQMCAQMRMAwGCmCGSAFlAwIBAyQwDAYKYIZIAWUDAgEDJzAMBgpghkgBZQMC -AQMoMAwGCmCGSAFlAwIBAykwDAYKYIZIAWUDAgEDLTAMBgpghkgBZQMCAQMuMAwG -CmCGSAFlAwIBAy8wDAYKYIZIAWUDAgEFAjAMBgpghkgBZQMCAQUDMEEGCCsGAQUF -BwEBBDUwMzAxBggrBgEFBQcwAoYlaHR0cDovL3BraS50cmVhc3VyeS5nb3Yvc3Nh -Y2FfYWlhLnA3YzBBBggrBgEFBQcBCwQ1MDMwMQYIKwYBBQUHMAWGJWh0dHA6Ly9w -a2kudHJlYXN1cnkuZ292L3NzYWNhX3NpYS5wN2Mwge8GA1UdHwSB5zCB5DA2oDSg -MoYwaHR0cDovL3BraS50cmVhc3VyeS5nb3YvVVNfVHJlYXN1cnlfUm9vdF9DQTEu -Y3JsMIGpoIGmoIGjpIGgMIGdMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBH -b3Zlcm5tZW50MSMwIQYDVQQLExpEZXBhcnRtZW50IG9mIHRoZSBUcmVhc3VyeTEi -MCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEcMBoGA1UECxMTVVMg -VHJlYXN1cnkgUm9vdCBDQTENMAsGA1UEAxMEQ1JMMTAfBgNVHSMEGDAWgBQXS7gm -uml6rRJQV0Uxnle7dKXaLzAdBgNVHQ4EFgQU186d+YTWgldDFrvK0JT5zvane0Aw -DQYJKoZIhvcNAQELBQADggIBADIZn03Aq75yQxrUErctI42T+kKsnjxmlvOJonr1 -9ooeXmp4ZkffL6zxVPixfJwUjlAJ6qA33QgMCZlTj0BtEEqpcGGZO9gpgq4qCCN8 -DIclQGqrdB+1Xo6J+0rZR3SRMZHsi9IVFTI2WTUiQJkggXc46YPBWTu8mnkgart7 -n1Ay17gwaZhaNirpMPY9MPt6A/Zt0A6FQlqt2ApYWB9rKFkObHsEUpevaIRPqmYn -kO8RwuS8FD3pGFdWoJgN/Kj2WNRrSrBGqCUGVvMUIvp9a0A/Sf8f22GMazoMNb3F -cATG8Neg7crBEhwlNrJX0CWvPVSVRxWi8YfFm6bjPcqWnFW+u5TKsReiXXdfkQK0 -9L2XsZdEY83hbRAadpgUCR3xWwm++w8ucTfeRZBmu+AIyaHeXph//n+ndjhrf09B -UZXy9zH6ZRbLdGnImyJ84bMePsCeX3aZo3UDrNLcTaGEfNybdXqZO6K4tH40HYEx -PcTCiBn6p+msmoky2y+7rJihT1k9cEyoOauj+tBqwaB6UkwVs3SIhxn18A/QAvOK -FO4NOpy3c/goTiqu2NxnypAH+YjXvzKE07XHHjvmVrlOoudGxcWwsZBK84Al1+T1 -wUr0RbDKGDR4FvkBgkHcq6Vp8Mq+AYLayIauJoSAzW08fPLyUFSp56TmFemUv3Eg -WDwSMIIIUDCCBjigAwIBAgIEYzRVnTANBgkqhkiG9w0BAQwFADCBjjELMAkGA1UE -BhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0 -bWVudCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0 -aG9yaXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMjMwNDA4 -MTMxMjM4WhcNMzMwNDA4MTM0MjM4WjB4MQswCQYDVQQGEwJVUzEYMBYGA1UEChMP -VS5TLiBHb3Zlcm5tZW50MQ0wCwYDVQQLEwROQVNBMSIwIAYDVQQLExlDZXJ0aWZp -Y2F0aW9uIEF1dGhvcml0aWVzMRwwGgYDVQQLExNOQVNBIE9wZXJhdGlvbmFsIENB -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0I1lojZPSEpgt3sZ3+Jg -SGQ8WjEiJqGA9yRHgMq6h7OVjj+Qi7yeqqzQ9mNotkUXACk7nxFbTjZolJq1wpsz -WJpJTRynuwDklGi9kDOk2Nn3gC35MvHEtvB6TZtJgFHHZtYUlOGrZKvKxr5MuVCE -yhXiTuQ15DM6MkibE8oS8VcOOv0xFa1qWIlgvR6RJif0qvFO/Kql+ccRMgSLg9E7 -1IiyJKbNtyLl+FJ08XP7X2PfrV37DQmozJqdhwlDLXHgDw5ND8X2OInP3L9lwvG0 -S68t70yTJ7DWauRQL0a0EmJbLoFgdFbVKBbvTkVTUviBC4Kav5WKDivdktp0o8mc -P3tsmWSQupfTwkIsORd/424axfXTXt5ObLfW12p7prGArVlgosPu2EnbQ3epNKUu -2WB2ZCB4QsIwWfFJi1nyToAU5+6QqtKWPrWzmmOpnx+WkIHx+5W3gRuTUulr+KkX -P/j7DTeK8g7fDbcKZolgBJvL5zh06vJn7jocYb+qmYu1oxc19GDa/fRY2Zfjgxtm -LGHiZ33jCIpB8hyfqb9qOLhhWXLPomc3Dye+6MOSS8rG3nSWBv7VbNIuEZtQT8vM -i4R2KztG9GKo3Z0pfx9aTf6qwa3oip1JV/EGd9uyVpJ8KnDMz6R7TppHKF5oNTMN -DvQfQhr/c6akjQIwKzL68W8CAwEAAaOCAskwggLFMA4GA1UdDwEB/wQEAwIBBjAP -BgNVHRMBAf8EBTADAQH/MIHrBgNVHSAEgeMwgeAwDAYKYIZIAWUDAgEDBjAMBgpg -hkgBZQMCAQMHMAwGCmCGSAFlAwIBAwgwDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMC -AQMQMAwGCmCGSAFlAwIBAxEwDAYKYIZIAWUDAgEDJDAMBgpghkgBZQMCAQMnMAwG -CmCGSAFlAwIBAygwDAYKYIZIAWUDAgEDKTAMBgpghkgBZQMCAQMtMAwGCmCGSAFl -AwIBAy4wDAYKYIZIAWUDAgEDLzAMBgpghkgBZQMCAQUKMAwGCmCGSAFlAwIBBQsw -DAYKYIZIAWUDAgEFDDBABggrBgEFBQcBAQQ0MDIwMAYIKwYBBQUHMAKGJGh0dHA6 -Ly9wa2kudHJlYXN1cnkuZ292L25vY2FfYWlhLnA3YzBABggrBgEFBQcBCwQ0MDIw -MAYIKwYBBQUHMAWGJGh0dHA6Ly9wa2kudHJlYXN1cnkuZ292L25vY2Ffc2lhLnA3 -YzCB7wYDVR0fBIHnMIHkMDagNKAyhjBodHRwOi8vcGtpLnRyZWFzdXJ5Lmdvdi9V -U19UcmVhc3VyeV9Sb290X0NBMS5jcmwwgamggaaggaOkgaAwgZ0xCzAJBgNVBAYT -AlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxIzAhBgNVBAsTGkRlcGFydG1l -bnQgb2YgdGhlIFRyZWFzdXJ5MSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhv -cml0aWVzMRwwGgYDVQQLExNVUyBUcmVhc3VyeSBSb290IENBMQ0wCwYDVQQDEwRD -UkwxMB8GA1UdIwQYMBaAFBdLuCa6aXqtElBXRTGeV7t0pdovMB0GA1UdDgQWBBRp -yFN7BSGWink7EY8WPQKHuQGHcjANBgkqhkiG9w0BAQwFAAOCAgEAa5P9mN/7wmXh -W/4SxAOjBPdMC6VIVlRxzORd/m1Ok7JFwhSBB8Qf3auEf8XwtKv+EfsBmsPsgEHb -uZoRfpTSMw3OwstFFpp9TAQHo1gOKNKRXaxhlln21cI597W34Y8YLKljI36RXbtC -uA2AUr+u6ZgDs8iLQpZ0donCF9pJlSwgvaVqVj/NQAX7+haYN/N0FRe5EHENjcgc -DfY/UW/Z6BpEAmn9oM8HRZzNUMiuS1wubOJnQMmxBdEVjynlqKI0GxKKrCb3zCHJ -9IXTGcK+Xyk78mCz64SkAfpfnXTesHMu0bF9ajx+uueqiEOyai+tKMpzU2pxX3fg -D7CoyPNjxVACg2rcbL1E0vZKfTM4zGtVQ7SNehTRbwnai/Ng7GHu6NdY0Q+w1nq+ -oyIc1rtfmC+EG+o+LOx18DIqF5dVuKMSejpJvTB4okNF0R8bEbSabTLgHjdWEN6N -qpiz8A6dKauTrexKkHmadz6FPbL94Kg6z5v8U1InmaiXzKC/ye+/tlMU6qEg0aB5 -enSsLE6OXRc7y0do+F8GoXMIZr5LlZz+A6sJslEzWtBJxWnTwTj5cE5TzBazi6Kc -SbxV4eiR5/Kf3H35fEIjvr9gZRWOXPUb9yp6uTVDGI89lTDUCdIDjkH/9xsnYojb -1qMugHs9ARm2cI3O+jZ6317Ij+EUeF0wgghiMIIGSqADAgECAgRjNFYWMA0GCSqG -SIb3DQEBDAUAMIGOMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5t -ZW50MSMwIQYDVQQLExpEZXBhcnRtZW50IG9mIHRoZSBUcmVhc3VyeTEiMCAGA1UE -CxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEcMBoGA1UECxMTVVMgVHJlYXN1 -cnkgUm9vdCBDQTAeFw0yMzA0MjkxNDM0MTlaFw0zMzA0MjkxNTA0MTlaMIGHMQsw -CQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MSgwJgYDVQQLEx9E -ZXBhcnRtZW50IG9mIEhvbWVsYW5kIFNlY3VyaXR5MSIwIAYDVQQLExlDZXJ0aWZp -Y2F0aW9uIEF1dGhvcml0aWVzMRAwDgYDVQQLEwdESFMgQ0E0MIICIjANBgkqhkiG -9w0BAQEFAAOCAg8AMIICCgKCAgEAyuRik6e8d4/trH2xWBVpexami0RV5i/NCDzQ -ddu04Mg1JJtRqDB58ZqLSF+EQZL93Uedv8+k4WGzowqjSPzV20EdTEb8WzYTGHVS -dIHE5FwxFgdREMkstRuFxqsQBHrK6wGLNrs+FGPy3ryn4fZcPUhJ4LUBup/Ub3rz -2E4Iakxa9zY3pTuJiStqqDAuK692wK0Yh5RqwhJ1TK6I3L5c9EYUiISE6LBSGNmJ -F/N//d0AAHEO9bO5H4JHT9rQNGaVg8mDhavKu8A7hA1Zb9iNFdbyCooWt7QDbIHg -kJkiun/dVcEeLOB3AqD/iyUA+0RroFx2cS5RmzB4evVkDLZ9CMvgFBGR3RBNV6AI -sKv54UeTrbEreTOJ138hiOXhqeiomzujaQpPBu84mP0uSns0eLIbXB95f6ghG/h0 -mI3ldCzdinMT3JCRM4g8a2c/2U1ZbAUkEe918dyb9srG2HEVMDdafAiFIMvuohsG -dcMFtu9ARyOobNsBqtyVNleoS4lUH3Ocsy2Y1uW/dkVqoMIHZJmj3CzN7Lp1YpvN -7KlHxlgNAUp9bIvRPCFNNohL7h242omCvpPgcqNkC08t+rSrIoebqi31OcnwOjzE -4mwajy48XT7wsjkrbThDMuN3neflyDfsu6/M9nzZqJV3dE/7/xl2Ap32xJqeR2bX -/IULBr8CAwEAAaOCAsswggLHMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD -AQH/MIHrBgNVHSAEgeMwgeAwDAYKYIZIAWUDAgEDBjAMBgpghkgBZQMCAQMHMAwG -CmCGSAFlAwIBAwgwDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMQMAwGCmCGSAFl -AwIBAxEwDAYKYIZIAWUDAgEDJDAMBgpghkgBZQMCAQMnMAwGCmCGSAFlAwIBAygw -DAYKYIZIAWUDAgEDKTAMBgpghkgBZQMCAQMtMAwGCmCGSAFlAwIBAy4wDAYKYIZI -AWUDAgEDLzAMBgpghkgBZQMCAQUKMAwGCmCGSAFlAwIBBQswDAYKYIZIAWUDAgEF -DDBBBggrBgEFBQcBAQQ1MDMwMQYIKwYBBQUHMAKGJWh0dHA6Ly9wa2kudHJlYXN1 -cnkuZ292L2Roc2NhX2FpYS5wN2MwQQYIKwYBBQUHAQsENTAzMDEGCCsGAQUFBzAF -hiVodHRwOi8vcGtpLnRyZWFzdXJ5Lmdvdi9kaHNjYV9zaWEucDdjMIHvBgNVHR8E -gecwgeQwNqA0oDKGMGh0dHA6Ly9wa2kudHJlYXN1cnkuZ292L1VTX1RyZWFzdXJ5 -X1Jvb3RfQ0ExLmNybDCBqaCBpqCBo6SBoDCBnTELMAkGA1UEBhMCVVMxGDAWBgNV +AQH/BAQDAgEGMEMGA1UdHgEB/wQ5MDegNTAzpDEwLzELMAkGA1UEBhMCTkwxIDAe +BgNVBAoMF01pbmlzdGVyaWUgdmFuIERlZmVuc2llMBIGA1UdJAEB/wQIMAaAAQCB +AQAwgbMGA1UdIQSBqzCBqDAaBgwrBgEEAYG7UwEBAQIGCmCEEAGHawECBQEwGgYM +KwYBBAGBu1MBAQECBgpghBABh2sBAgUCMBoGDCsGAQQBgbtTAQEBAgYKYIQQAYdr +AQIFAzAaBgwrBgEEAYG7UwEBAQEGCmCEEAGHawECBQEwGgYMKwYBBAGBu1MBAQEB +BgpghBABh2sBAgUCMBoGDCsGAQQBgbtTAQEBAQYKYIQQAYdrAQIFAzAdBgNVHQ4E +FgQUI7v534CJE6N3J+nGaUMzjUkHwmowEgYDVR0TAQH/BAgwBgEB/wIBADAKBgNV +HTYEAwIBADBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAKGMWh0dHA6Ly9haWEu +Y2VydGlwYXRoLmNvbS9DZXJ0aVBhdGhCcmlkZ2VDQS1HMy5wN2MwHwYDVR0jBBgw +FoAUeos8BpLcHqjSgqwbdG90PU7RqJswDQYJKoZIhvcNAQEMBQADggIBAJDpoPX8 +qaY8w0D2TSIEDFnuvstm0+BS8XllWZ0zlat1EFKQjT4E0u4f7kkoTHeJb4XI/UQD +XltoBbQIJuoxB0oGepL/6Xiz5y5B56smCLbjbfYx9XsD5Opnz4IviKf5H8hGVYwh +vGFBymuup/UnrL4bgenA33ATtAct1ELM69GJjVHP7R+HccbnUMe6SUtmjIVyhOKt +7vyXsuZLQpU9YKCyABi+ZjjO+/Wuzab55oy6asrb4zeIQAz7Lp2IPhZOePe0mxtM +8vkTfBhZxoh/en8qVVHZbvUo7nQ3UbcXjva4bDSHPWSbS2NIrHkd7ESAQaTpy78P +RhIevalTp4rYcYFkzPaH7g/vrr4vXY8nwngXc3Q0uOta2T0WS79EQvkLMwR3xgXi +9XFWbMYsbdjrp2SiKwI9JahSJfiOj97vWUA/metY7vn8Y1leFO2e+GgALexeOq6h +lZ4flCi2TkyBSkc3gOdFATV+Z8HPzEGtyc/hhUOWnA4pbzsuHKw+eQNh9aSOwPLN +DQZb39jedo3R9gqEDBRuAHFaoFtGy+ESN0tUjMIjhzL+i5thmSZqlfWV4ZB18LgU +D1EkALDMEWYP9L9f08cHR/BxjfXBdMefxBqSNiynvundZIOo8jJr9r2m5W1Qjozz +C6XIJItYaCFNK+kwYUt9Myz0fwRJAB9E7zabMIIH6DCCBtCgAwIBAgIESqi56jAN +BgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRW50cnVzdDEi +MCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEtMCsGA1UECxMkRW50 +cnVzdCBNYW5hZ2VkIFNlcnZpY2VzIE5GSSBSb290IENBMB4XDTE3MDUxNjE0MzEz +NVoXDTI3MTExNjE1MDEzNVowcTELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VudHJ1 +c3QxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxLDAqBgNVBAsT +I0VudHJ1c3QgTkZJIE1lZGl1bSBBc3N1cmFuY2UgU1NQIENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOEqao5Hz2toLgtRAaca84ZyEuQ9QVpZ1RdJ +EHkFZpLnfx396cjx7ZlwUfmeo41l8NVsgZh8AVnSdZQLU1rT3Lf2j+4vvHDGhtWT +GKQM22obX6n/j1nk66JA6U0pANIWnuHQ9APr10IugCpVIoYfVWXvuj+Jj8NJKehU +dDfv1L3SZwW/KE9Osuadjx+y+jZ3d87Y+8r8rzmKggqNxrE+xBVpRFxYyVMtWcoo +AG6YyO7Arp3BlufephNWOjzYr3TCCJyjk02FyxTlf9WqfhDNguAFGhbL97NRZPKp +RLcEc6gHI8VBtGdP+BiDx/c8Kn0tTf3I41yBjMZ6h7I66502sQIDAQABo4IEhTCC +BIEwDgYDVR0PAQH/BAQDAgEGMIIBHQYDVR0gBIIBFDCCARAwDwYNYIZIAYb6a4FI +AwoHATAPBg1ghkgBhvprgUgDCgcCMA8GDWCGSAGG+muBSAMKBwMwDwYNYIZIAYb6 +a4FIAwoHBDAPBg1ghkgBhvprgUgDCgcFMA8GDWCGSAGG+muBSAMKBwYwDwYNYIZI +AYb6a4FIAwoHBzAPBg1ghkgBhvprgUgDCgcIMA8GDWCGSAGG+muBSAMKBwkwDwYN +YIZIAYb6a4FIAwoHCjAPBg1ghkgBhvprgUgDCgcLMA8GDWCGSAGG+muBSAMKBwww +DwYNYIZIAYb6a4FIAwoHDTAPBg1ghkgBhvprgUgDCgcOMA8GDWCGSAGG+muBSAMK +Bw8wDwYNYIZIAYb6a4FIAwoHEDASBgNVHRMBAf8ECDAGAQH/AgEAMIIBWgYIKwYB +BQUHAQEEggFMMIIBSDBQBggrBgEFBQcwAoZEaHR0cDovL25maXJvb3R3ZWIubWFu +YWdlZC5lbnRydXN0LmNvbS9BSUEvQ2VydHNJc3N1ZWRUb05GSVJvb3RDQS5wN2Mw +gcMGCCsGAQUFBzAChoG2bGRhcDovL25maXJvb3RkaXIubWFuYWdlZC5lbnRydXN0 +LmNvbS9vdT1FbnRydXN0JTIwTWFuYWdlZCUyMFNlcnZpY2VzJTIwTkZJJTIwUm9v +dCUyMENBLG91PUNlcnRpZmljYXRpb24lMjBBdXRob3JpdGllcyxvPUVudHJ1c3Qs +Yz1VUz9jQUNlcnRpZmljYXRlO2JpbmFyeSxjcm9zc0NlcnRpZmljYXRlUGFpcjti +aW5hcnkwLgYIKwYBBQUHMAGGImh0dHA6Ly9uZmlvY3NwLm1hbmFnZWQuZW50cnVz +dC5jb20wggGaBgNVHR8EggGRMIIBjTCB+qCB96CB9IY5aHR0cDovL25maXJvb3R3 +ZWIubWFuYWdlZC5lbnRydXN0LmNvbS9DUkxzL05GSVJvb3RDQTIuY3JshoG2bGRh +cDovL25maXJvb3RkaXIubWFuYWdlZC5lbnRydXN0LmNvbS9jbj1XaW5Db21iaW5l +ZDIsb3U9RW50cnVzdCUyME1hbmFnZWQlMjBTZXJ2aWNlcyUyME5GSSUyMFJvb3Ql +MjBDQSxvdT1DZXJ0aWZpY2F0aW9uJTIwQXV0aG9yaXRpZXMsbz1FbnRydXN0LGM9 +VVM/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5hcnkwgY2ggYqggYekgYQw +gYExCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdFbnRydXN0MSIwIAYDVQQLExlDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0aWVzMS0wKwYDVQQLEyRFbnRydXN0IE1hbmFnZWQg +U2VydmljZXMgTkZJIFJvb3QgQ0ExDTALBgNVBAMTBENSTDEwHwYDVR0jBBgwFoAU ++t8jAcSq7CPjrW8NNKUNzzlkZV4wHQYDVR0OBBYEFGb5JZiuy/vhjACEGdSF/5NW +6tamMA0GCSqGSIb3DQEBCwUAA4IBAQAYzB20TFlb/g4Q/l+evqW05L9MxsayCR+s +CXxpi4CtYgeAxWGTTLIUbbRj7vWPGC/aanWrWas8mRYsJSQRy3SGZJ0cG8bkheIe +4Tqm6ALmw2DRaaolDKSJ6yQ+LART0C+Oi8IYk5BcM6hLpQlm/30UYtvA53AiwTMJ +VClb7QK+e//4Z0wnDD23PdQXWiUQE9q4+vz3L+ifgFEljY6EqdKT6dlZVl16xt5g +ZrrdFlsblPZxuvnnmgl88/qwMd2zfcKTIanPM+llQt6jM2L3C+PTOBALt9XZyq3Q +w1RLfQWsaNcs0/fDOoJfHHw0r9QmMLrBpWJp7pVxA2WkITMFclBtMIIH7DCCBdSg +AwIBAgIQdWyFm0oLwRoqMF7ul+Ev4TANBgkqhkiG9w0BAQwFADBoMQswCQYDVQQG +EwJVUzESMBAGA1UEChMJQ2VydGlQYXRoMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9u +IEF1dGhvcml0aWVzMSEwHwYDVQQDExhDZXJ0aVBhdGggQnJpZGdlIENBIC0gRzMw +HhcNMjMwMjIyMDAwMDAwWhcNMjQwMjI4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMx +JzAlBgNVBAoTHkNhcmlsbG9uIEZlZGVyYWwgU2VydmljZXMgSW5jLjEiMCAGA1UE +CxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEsMCoGA1UEAxMjQ2FyaWxsb24g +RmVkZXJhbCBTZXJ2aWNlcyBQSVYtSSBDQTEwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQDbDC5LNX6Eaw9uu0PNLw6bseES0ty4DYJN7Xbjl+pEn4tXgfhK +sOCrpNkxl5YsdzpcTnSshXxLoeehXJoffQpwXmSDtBFIL/gCS7ga3ZVYg6ngxMz1 +jT6FbMh/S4wbsCqjy0YSLk9PW4m3izZSLfPWjWY1X4BZMO/4SLk+dMYaSIxgt7M7 +Mf0VKVVYlW9N+DqWRzIKi5sU4HE5MJAZiUPZ0MbY35mSYqPEA2qhIb0kxf0hZsq+ +fZp2D63wYJEf5tL2s36Q3DO+NKTnZUbWDw7F7OUpC/iyHjKBCWoYKQMJKyz9nAwg +0PImT+WxRhujPlK6noGfMBCEZdyBqL8OHJ7gAiogLAom+PmETHIwCfKqal79TfEz +sJUplmYIQveDx87voe1yBe2s0HHeRxEB3VZSqTX1gQzqaQU+NHldFbOLpASq5A/P +i5G3OTC749FXeDkaug7U+6UOQFU4sD2nN/HUeHw+UHGK8ewCL43WJvZxZq3PXbe7 +KsJuPHxpv6p7z8xNIlnA3tRr3cBKgO+JkxMGIuJITtYflSVGRLhEhz8HSmkTcGR6 +JVrm0Kw8qAjs1oVM0u05wTIf9r60yN+MJfvnTlXC9N0JgSONipX349qU7ZDoAojW +jIAlbTWoBfQWpaMECO+dH9abKR6Fk7+QpFCnVUN+yvsobSi7NgeaUdKpywIDAQAB +o4ICbzCCAmswHQYDVR0OBBYEFOm6Z0NArUEimv76CUOI82K4a68qMBIGA1UdEwEB +/wQIMAYBAf8CAQAweQYDVR0gBHIwcDAOBgwrBgEEAYG7UwEBAQEwDgYMKwYBBAGB +u1MBAQECMA4GDCsGAQQBgbtTAQEBBzAOBgwrBgEEAYG7UwEBAQgwDgYMKwYBBAGB +u1MBAQEJMA4GDCsGAQQBgbtTAQEBFzAOBgwrBgEEAYG7UwEBARgwQgYDVR0fBDsw +OTA3oDWgM4YxaHR0cDovL2NybC5jZXJ0aXBhdGguY29tL0NlcnRpUGF0aEJyaWRn +ZUNBLUczLmNybDAOBgNVHQ8BAf8EBAMCAQYwCgYDVR02BAMCAQAwEgYDVR0kAQH/ +BAgwBoABAIEBADCB1gYDVR0hBIHOMIHLMBsGDCsGAQQBgbtTAQEBAQYLKwYBBAGC +5CYDAQswGwYMKwYBBAGBu1MBAQECBgsrBgEEAYLkJgMBDDAbBgwrBgEEAYG7UwEB +AQcGCysGAQQBguQmAwEUMBsGDCsGAQQBgbtTAQEBCAYLKwYBBAGC5CYDARUwGwYM +KwYBBAGBu1MBAQEJBgsrBgEEAYLkJgMBFjAbBgwrBgEEAYG7UwEBARcGCysGAQQB +guQmAwENMBsGDCsGAQQBgbtTAQEBGAYLKwYBBAGC5CYDAQ4wTQYIKwYBBQUHAQEE +QTA/MD0GCCsGAQUFBzAChjFodHRwOi8vYWlhLmNlcnRpcGF0aC5jb20vQ2VydGlQ +YXRoQnJpZGdlQ0EtRzMucDdjMB8GA1UdIwQYMBaAFHqLPAaS3B6o0oKsG3RvdD1O +0aibMA0GCSqGSIb3DQEBDAUAA4ICAQB3TJVgTvnAs2vB8IR79JnmaL0GwFPq85Qe +2glaAnfvGQ55WXM/LZXQdudp8oI6HOeV92m2wz7D2jWmihDtWDXYfr20FuwZgzi0 +FO5LHhLsYlCt12rLnKXy4Fr5ZC1KtDWj7tO5u6YXVFANaHINMsTGbth7Nsyk6ejQ +yrCgkGP6eNmBI+jb6PGSj31H4hcS/1ZoFmGsJeUxzHWJLW97CxXf6CNOg2ES4uJD +TCDLHw9VjqG6ZGnNL9dF2wEsBUdrm32KvQd3tP4q/cWQcNxTdTVPKk1PY+kP+Fps +XdfVuxgIK//nFMe5RildwudS5RoRxO9XYCUfoDC6f8XsD+NxxXlOcLwli7Q0mjxF +e6ijHEb8wF+6TJUBTUpaJ+RLvCKUOITJ7D97CmqKr2+1PVA98fmwzsmMwq+kc/LU +SZtdC1e7jfoIBkvn3IKpXxoSWVjo7MFnlmheKle0dZHY/hqO6yFnjgGwBXj9uESE ++h7IM6P2UKoS2ZW8QDgN4iQz5g1FIV2V/UsJIc8ZFtBvCFEVzR1Hj3U8PF8MYIrx +nyd890MheDpl43yw2GpCYu1PBvMxVIgyfeGNkXcSB9e7GWZ/5FsLfJ9UJqtox0xJ +5xujQGHbCr83rvwt8bw4FULWKgzYvdGAD7KPjzw7eqgVVSMnCwxCmXyXyCgxhPTr +A1/3PbyVlDCCCBMwggZ7oAMCAQICCmGEhAAAAAAAAAIwDQYJKoZIhvcNAQELBQAw +gZYxCzAJBgNVBAYTAlVTMSUwIwYDVQQKExxOb3J0aHJvcCBHcnVtbWFuIENvcnBv +cmF0aW9uMTAwLgYDVQQLEydOb3J0aHJvcCBHcnVtbWFuIEluZm9ybWF0aW9uIFRl +Y2hub2xvZ3kxLjAsBgNVBAMTJU5vcnRocm9wIEdydW1tYW4gQ29ycG9yYXRlIFJv +b3QgQ0EtRzIwHhcNMTMxMDExMTg1NjM2WhcNMjYxMDExMTkwNjM2WjCBmTELMAkG +A1UEBhMCVVMxJTAjBgNVBAoTHE5vcnRocm9wIEdydW1tYW4gQ29ycG9yYXRpb24x +MDAuBgNVBAsTJ05vcnRocm9wIEdydW1tYW4gSW5mb3JtYXRpb24gVGVjaG5vbG9n +eTExMC8GA1UEAxMoTm9ydGhyb3AgR3J1bW1hbiBDb3Jwb3JhdGUgU2lnbmluZyBD +QS1HMjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOmYx8K7ucJGDCjT +MMnVRroq1g3OUJnDDbbvW3FD91Xp4ppX37cHhSJ9Eqqb+mmznhwpTla0HssCc7Vx +oSMR4xpHIIon9UoR27TvZqT1g5M/WEjAoyCrwGTMY5uEMMa3jASVuirQzXpWaQgF +Qa86BjhqxA3HnSi0tPz115cTZm3IkH6PQwoLiaEtaAEhz8GlKYSQHbilk+blQjPE +++WcUP7OQj44cbCljlQlWRFk2BfZZxQAom63hrYpn9/pR5bBXBdFG0ixEQknOQzD +DoXhxKaUBklBlwiRaVI8WPLqhhJU6RDX68IOuJLHJfnK3ySP1EnBYJlaapyVgxKI +aiYhU9l1m5ga/0NvlzLloSuGIuQ0Oc2dp5EovkCLfnUqtus7l51kpxlQr71GByaY +PM4qQGZzkmz9g3/Z4NR/zDJdF6R7urLcO0UtzLBdzO1uOQJIHgt4csF/iydB7E3w +xI+JeGqcZ3yY/wOGFoo2KxmDuu/JVb1MxlJjzLZXMWr3YwQrAwIDAQABo4IDXDCC +A1gwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTzwv/6TFn9uIZ0MReWEmMooKCo +KDCCAgEGA1UdIASCAfgwggH0MGIGCysGAQQB/06DfQIHMFMwUQYIKwYBBQUHAgEW +RWh0dHA6Ly9jZXJ0ZGF0YS5ub3J0aHJvcGdydW1tYW4uY29tL2NlcnRkYXRhL2Nw +L25vcnRocm9wZ3J1bW1hbmNwLnBkZjBiBgsrBgEEAf9Og30CCDBTMFEGCCsGAQUF +BwIBFkVodHRwOi8vY2VydGRhdGEubm9ydGhyb3BncnVtbWFuLmNvbS9jZXJ0ZGF0 +YS9jcC9ub3J0aHJvcGdydW1tYW5jcC5wZGYwYgYLKwYBBAH/ToN9AgkwUzBRBggr +BgEFBQcCARZFaHR0cDovL2NlcnRkYXRhLm5vcnRocm9wZ3J1bW1hbi5jb20vY2Vy +dGRhdGEvY3Avbm9ydGhyb3BncnVtbWFuY3AucGRmMGIGCysGAQQB/06DfQIKMFMw +UQYIKwYBBQUHAgEWRWh0dHA6Ly9jZXJ0ZGF0YS5ub3J0aHJvcGdydW1tYW4uY29t +L2NlcnRkYXRhL2NwL25vcnRocm9wZ3J1bW1hbmNwLnBkZjBiBgsrBgEEAf9Og30C +CzBTMFEGCCsGAQUFBwIBFkVodHRwOi8vY2VydGRhdGEubm9ydGhyb3BncnVtbWFu +LmNvbS9jZXJ0ZGF0YS9jcC9ub3J0aHJvcGdydW1tYW5jcC5wZGYwEgYDVR0TAQH/ +BAgwBgEB/wIBADAfBgNVHSMEGDAWgBR/Q+o8IHc+ksuNhaKIBjBeHkM+tzBxBgNV +HR8EajBoMGagZKBihmBodHRwOi8vY2VydGRhdGEubm9ydGhyb3BncnVtbWFuLmNv +bS9jZXJ0ZGF0YS9jcmxzL1Jldm9rZWRCeU5vcnRocm9wR3J1bW1hbkNvcnBvcmF0 +ZVJvb3RDQS1HMi5jcmwwegYIKwYBBQUHAQEEbjBsMGoGCCsGAQUFBzAChl5odHRw +Oi8vY2VydGRhdGEubm9ydGhyb3BncnVtbWFuLmNvbS9jZXJ0ZGF0YS9wN2MvSXNz +dWVkVG9Ob3J0aHJvcEdydW1tYW5Db3Jwb3JhdGVSb290Q0EtRzIucDdjMA0GCSqG +SIb3DQEBCwUAA4IBgQBAMulf9ogUFYiQXFkyib8ZEZkXalccUJXOMuWSUnwDatxQ +iEXTlWg1WEYMlgzXa3TU30h6GynTnFxKkU9mD5klQdPoK7tm9u/BkUhTeHwFz1yA +s0WlvxzM8V3zNmrFgfdDn9Iybmfkyf0R3bSMW25L7CPOiTJvs6plKN2cIMzLHDK7 +7CJePcaoTQwOdO39q5vBvK+LyaMKiPaBpqMQgKGs50gOzbfAg4+aD/EBKa6rwzsd +gzLUUFshqRrqmnNJ0SI/E8Gkt53BqPBSlNiW7oA/YabS/wSmZNO2KaqX7hq8xj0Y +qqLPEO/HtVpzSWf0c/bCMyxAdfYg0zkJXugHpVpT+BMPqjVYfzxoZ7Glhp8dfK0U +qpzrP1/8xvrqFQwJKTYqMSi3Ouv8nzK4iIw1/HTDyMq0qde3O/cI42X7b+5SyWuW +QbVQyK7X06edZSh3nL3i/dGI1M+Z8oh2rBuHFZtHRG7lxz9yzw65Z2g9hNdqP0kf +RE3TK0gU5MK6005I5XYwgghCMIIGKqADAgECAgRjNFU6MA0GCSqGSIb3DQEBCwUA +MIGOMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MSMwIQYD +VQQLExpEZXBhcnRtZW50IG9mIHRoZSBUcmVhc3VyeTEiMCAGA1UECxMZQ2VydGlm +aWNhdGlvbiBBdXRob3JpdGllczEcMBoGA1UECxMTVVMgVHJlYXN1cnkgUm9vdCBD +QTAeFw0yMzAzMDQxNTAzNDlaFw0zMzAzMDQxNTMzNDlaMHYxCzAJBgNVBAYTAlVT +MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA1NTQTE/MD0GA1UE +CxM2U29jaWFsIFNlY3VyaXR5IEFkbWluaXN0cmF0aW9uIENlcnRpZmljYXRpb24g +QXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsv1KKAb4 +JkV3hNottzN2YyT3T/bYf+EdLrnUJiRYfnOBCweB9eNp8WfHZ6H98gpKUt/IcP09 +Epslve+ta1+XU/4dVTZ/MBpxxGkfX9lWuAWwKFtlWYDcKLE9VIJFdcu4GUijMNYn +B2AIjbWPMq76m6KXqwFoB9PTNrp7OPXZ54G7Q+M/GglquUWHRpOhGp9eZxFPcRNx +a155YHkEqsTlbXW6zzFIGROFLCW8tcjIRJyrtIgpRUiXGjNeK9ah+pQErzEw7zDt +oBoBtR4P7Iwiz//dt+uZNLGkgUXs4GmTuG1Dyru0lqTbuXvgzpsDBV4KuQypjeJh +CiBW5O1GoSIrp2qLS/zL1p+rJ4tDfcB+W6EtUVEw3UuPoeYdpebFtQt1e4gdbuYG +55t59jyC1MdSRL4gPNUBFdqIR6do8m1nG84DZZ9m9DbM7shU3msgjEXOLNbqZS+Y +0ORM13pSbQi+YdyHFDaABD7a/yLUy2lE0vZ7446duSafZfL9pfLCBpfrOnmMzG5/ +oqTZAMjCVxsVCng+pDnv2R9yp52fFAXqRpoQNMZBzcLgcVgloZpoDGewDhxJaR9a +TmaxjCNMTR90zgrJHpwdo3vI89G5U2RrL+TsdNJEsrjrj/kzMoXyJk2FTiRky5ZQ +NLT1M03IOGer+z0/kT1pM1a27PnJ1wEwkEUCAwEAAaOCAr0wggK5MA4GA1UdDwEB +/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MIHdBgNVHSAEgdUwgdIwDAYKYIZIAWUD +AgEDBjAMBgpghkgBZQMCAQMHMAwGCmCGSAFlAwIBAwgwDAYKYIZIAWUDAgEDDTAM +BgpghkgBZQMCAQMQMAwGCmCGSAFlAwIBAxEwDAYKYIZIAWUDAgEDJDAMBgpghkgB +ZQMCAQMnMAwGCmCGSAFlAwIBAygwDAYKYIZIAWUDAgEDKTAMBgpghkgBZQMCAQMt +MAwGCmCGSAFlAwIBAy4wDAYKYIZIAWUDAgEDLzAMBgpghkgBZQMCAQUCMAwGCmCG +SAFlAwIBBQMwQQYIKwYBBQUHAQEENTAzMDEGCCsGAQUFBzAChiVodHRwOi8vcGtp +LnRyZWFzdXJ5Lmdvdi9zc2FjYV9haWEucDdjMEEGCCsGAQUFBwELBDUwMzAxBggr +BgEFBQcwBYYlaHR0cDovL3BraS50cmVhc3VyeS5nb3Yvc3NhY2Ffc2lhLnA3YzCB +7wYDVR0fBIHnMIHkMDagNKAyhjBodHRwOi8vcGtpLnRyZWFzdXJ5Lmdvdi9VU19U +cmVhc3VyeV9Sb290X0NBMS5jcmwwgamggaaggaOkgaAwgZ0xCzAJBgNVBAYTAlVT +MRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxIzAhBgNVBAsTGkRlcGFydG1lbnQg +b2YgdGhlIFRyZWFzdXJ5MSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +aWVzMRwwGgYDVQQLExNVUyBUcmVhc3VyeSBSb290IENBMQ0wCwYDVQQDEwRDUkwx +MB8GA1UdIwQYMBaAFBdLuCa6aXqtElBXRTGeV7t0pdovMB0GA1UdDgQWBBTXzp35 +hNaCV0MWu8rQlPnO9qd7QDANBgkqhkiG9w0BAQsFAAOCAgEAMhmfTcCrvnJDGtQS +ty0jjZP6QqyePGaW84mievX2ih5eanhmR98vrPFU+LF8nBSOUAnqoDfdCAwJmVOP +QG0QSqlwYZk72CmCrioII3wMhyVAaqt0H7Vejon7StlHdJExkeyL0hUVMjZZNSJA +mSCBdzjpg8FZO7yaeSBqu3ufUDLXuDBpmFo2Kukw9j0w+3oD9m3QDoVCWq3YClhY +H2soWQ5sewRSl69ohE+qZieQ7xHC5LwUPekYV1agmA38qPZY1GtKsEaoJQZW8xQi ++n1rQD9J/x/bYYxrOgw1vcVwBMbw16DtysESHCU2slfQJa89VJVHFaLxh8WbpuM9 +ypacVb67lMqxF6Jdd1+RArT0vZexl0RjzeFtEBp2mBQJHfFbCb77Dy5xN95FkGa7 +4AjJod5emH/+f6d2OGt/T0FRlfL3MfplFst0acibInzhsx4+wJ5fdpmjdQOs0txN +oYR83Jt1epk7ori0fjQdgTE9xMKIGfqn6ayaiTLbL7usmKFPWT1wTKg5q6P60GrB +oHpSTBWzdIiHGfXwD9AC84oU7g06nLdz+ChOKq7Y3GfKkAf5iNe/MoTTtcceO+ZW +uU6i50bFxbCxkErzgCXX5PXBSvRFsMoYNHgW+QGCQdyrpWnwyr4BgtrIhq4mhIDN +bTx88vJQVKnnpOYV6ZS/cSBYPBIwgghQMIIGOKADAgECAgRjNFWdMA0GCSqGSIb3 +DQEBDAUAMIGOMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50 +MSMwIQYDVQQLExpEZXBhcnRtZW50IG9mIHRoZSBUcmVhc3VyeTEiMCAGA1UECxMZ +Q2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEcMBoGA1UECxMTVVMgVHJlYXN1cnkg +Um9vdCBDQTAeFw0yMzA0MDgxMzEyMzhaFw0zMzA0MDgxMzQyMzhaMHgxCzAJBgNV +BAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDTALBgNVBAsTBE5BU0Ex +IjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxHDAaBgNVBAsTE05B +U0EgT3BlcmF0aW9uYWwgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDQjWWiNk9ISmC3exnf4mBIZDxaMSImoYD3JEeAyrqHs5WOP5CLvJ6qrND2Y2i2 +RRcAKTufEVtONmiUmrXCmzNYmklNHKe7AOSUaL2QM6TY2feALfky8cS28HpNm0mA +Ucdm1hSU4atkq8rGvky5UITKFeJO5DXkMzoySJsTyhLxVw46/TEVrWpYiWC9HpEm +J/Sq8U78qqX5xxEyBIuD0TvUiLIkps23IuX4UnTxc/tfY9+tXfsNCajMmp2HCUMt +ceAPDk0PxfY4ic/cv2XC8bRLry3vTJMnsNZq5FAvRrQSYlsugWB0VtUoFu9ORVNS ++IELgpq/lYoOK92S2nSjyZw/e2yZZJC6l9PCQiw5F3/jbhrF9dNe3k5st9bXanum +sYCtWWCiw+7YSdtDd6k0pS7ZYHZkIHhCwjBZ8UmLWfJOgBTn7pCq0pY+tbOaY6mf +H5aQgfH7lbeBG5NS6Wv4qRc/+PsNN4ryDt8NtwpmiWAEm8vnOHTq8mfuOhxhv6qZ +i7WjFzX0YNr99FjZl+ODG2YsYeJnfeMIikHyHJ+pv2o4uGFZcs+iZzcPJ77ow5JL +ysbedJYG/tVs0i4Rm1BPy8yLhHYrO0b0YqjdnSl/H1pN/qrBreiKnUlX8QZ327JW +knwqcMzPpHtOmkcoXmg1Mw0O9B9CGv9zpqSNAjArMvrxbwIDAQABo4ICyTCCAsUw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgesGA1UdIASB4zCB4DAM +BgpghkgBZQMCAQMGMAwGCmCGSAFlAwIBAwcwDAYKYIZIAWUDAgEDCDAMBgpghkgB +ZQMCAQMNMAwGCmCGSAFlAwIBAxAwDAYKYIZIAWUDAgEDETAMBgpghkgBZQMCAQMk +MAwGCmCGSAFlAwIBAycwDAYKYIZIAWUDAgEDKDAMBgpghkgBZQMCAQMpMAwGCmCG +SAFlAwIBAy0wDAYKYIZIAWUDAgEDLjAMBgpghkgBZQMCAQMvMAwGCmCGSAFlAwIB +BQowDAYKYIZIAWUDAgEFCzAMBgpghkgBZQMCAQUMMEAGCCsGAQUFBwEBBDQwMjAw +BggrBgEFBQcwAoYkaHR0cDovL3BraS50cmVhc3VyeS5nb3Yvbm9jYV9haWEucDdj +MEAGCCsGAQUFBwELBDQwMjAwBggrBgEFBQcwBYYkaHR0cDovL3BraS50cmVhc3Vy +eS5nb3Yvbm9jYV9zaWEucDdjMIHvBgNVHR8EgecwgeQwNqA0oDKGMGh0dHA6Ly9w +a2kudHJlYXN1cnkuZ292L1VTX1RyZWFzdXJ5X1Jvb3RfQ0ExLmNybDCBqaCBpqCB +o6SBoDCBnTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEj +MCEGA1UECxMaRGVwYXJ0bWVudCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNl +cnRpZmljYXRpb24gQXV0aG9yaXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJv +b3QgQ0ExDTALBgNVBAMTBENSTDEwHwYDVR0jBBgwFoAUF0u4Jrppeq0SUFdFMZ5X +u3Sl2i8wHQYDVR0OBBYEFGnIU3sFIZaKeTsRjxY9Aoe5AYdyMA0GCSqGSIb3DQEB +DAUAA4ICAQBrk/2Y3/vCZeFb/hLEA6ME90wLpUhWVHHM5F3+bU6TskXCFIEHxB/d +q4R/xfC0q/4R+wGaw+yAQdu5mhF+lNIzDc7Cy0UWmn1MBAejWA4o0pFdrGGWWfbV +wjn3tbfhjxgsqWMjfpFdu0K4DYBSv67pmAOzyItClnR2icIX2kmVLCC9pWpWP81A +Bfv6Fpg383QVF7kQcQ2NyBwN9j9Rb9noGkQCaf2gzwdFnM1QyK5LXC5s4mdAybEF +0RWPKeWoojQbEoqsJvfMIcn0hdMZwr5fKTvyYLPrhKQB+l+ddN6wcy7RsX1qPH66 +56qIQ7JqL60oynNTanFfd+APsKjI82PFUAKDatxsvUTS9kp9MzjMa1VDtI16FNFv +CdqL82DsYe7o11jRD7DWer6jIhzWu1+YL4Qb6j4s7HXwMioXl1W4oxJ6Okm9MHii +Q0XRHxsRtJptMuAeN1YQ3o2qmLPwDp0pq5Ot7EqQeZp3PoU9sv3gqDrPm/xTUieZ +qJfMoL/J77+2UxTqoSDRoHl6dKwsTo5dFzvLR2j4XwahcwhmvkuVnP4DqwmyUTNa +0EnFadPBOPlwTlPMFrOLopxJvFXh6JHn8p/cffl8QiO+v2BlFY5c9Rv3Knq5NUMY +jz2VMNQJ0gOOQf/3GydiiNvWoy6Aez0BGbZwjc76NnrfXsiP4RR4XTCCCGIwggZK +oAMCAQICBGM0VhYwDQYJKoZIhvcNAQEMBQAwgY4xCzAJBgNVBAYTAlVTMRgwFgYD +VQQKEw9VLlMuIEdvdmVybm1lbnQxIzAhBgNVBAsTGkRlcGFydG1lbnQgb2YgdGhl +IFRyZWFzdXJ5MSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMRww +GgYDVQQLExNVUyBUcmVhc3VyeSBSb290IENBMB4XDTIzMDQyOTE0MzQxOVoXDTMz +MDQyOTE1MDQxOVowgYcxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVy +bm1lbnQxKDAmBgNVBAsTH0RlcGFydG1lbnQgb2YgSG9tZWxhbmQgU2VjdXJpdHkx +IjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxEDAOBgNVBAsTB0RI +UyBDQTQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDK5GKTp7x3j+2s +fbFYFWl7FqaLRFXmL80IPNB127TgyDUkm1GoMHnxmotIX4RBkv3dR52/z6ThYbOj +CqNI/NXbQR1MRvxbNhMYdVJ0gcTkXDEWB1EQySy1G4XGqxAEesrrAYs2uz4UY/Le +vKfh9lw9SEngtQG6n9RvevPYTghqTFr3NjelO4mJK2qoMC4rr3bArRiHlGrCEnVM +rojcvlz0RhSIhITosFIY2YkX83/93QAAcQ71s7kfgkdP2tA0ZpWDyYOFq8q7wDuE +DVlv2I0V1vIKiha3tANsgeCQmSK6f91VwR4s4HcCoP+LJQD7RGugXHZxLlGbMHh6 +9WQMtn0Iy+AUEZHdEE1XoAiwq/nhR5OtsSt5M4nXfyGI5eGp6KibO6NpCk8G7ziY +/S5KezR4shtcH3l/qCEb+HSYjeV0LN2KcxPckJEziDxrZz/ZTVlsBSQR73Xx3Jv2 +ysbYcRUwN1p8CIUgy+6iGwZ1wwW270BHI6hs2wGq3JU2V6hLiVQfc5yzLZjW5b92 +RWqgwgdkmaPcLM3sunVim83sqUfGWA0BSn1si9E8IU02iEvuHbjaiYK+k+Byo2QL +Ty36tKsih5uqLfU5yfA6PMTibBqPLjxdPvCyOSttOEMy43ed5+XIN+y7r8z2fNmo +lXd0T/v/GXYCnfbEmp5HZtf8hQsGvwIDAQABo4ICyzCCAscwDgYDVR0PAQH/BAQD +AgEGMA8GA1UdEwEB/wQFMAMBAf8wgesGA1UdIASB4zCB4DAMBgpghkgBZQMCAQMG +MAwGCmCGSAFlAwIBAwcwDAYKYIZIAWUDAgEDCDAMBgpghkgBZQMCAQMNMAwGCmCG +SAFlAwIBAxAwDAYKYIZIAWUDAgEDETAMBgpghkgBZQMCAQMkMAwGCmCGSAFlAwIB +AycwDAYKYIZIAWUDAgEDKDAMBgpghkgBZQMCAQMpMAwGCmCGSAFlAwIBAy0wDAYK +YIZIAWUDAgEDLjAMBgpghkgBZQMCAQMvMAwGCmCGSAFlAwIBBQowDAYKYIZIAWUD +AgEFCzAMBgpghkgBZQMCAQUMMEEGCCsGAQUFBwEBBDUwMzAxBggrBgEFBQcwAoYl +aHR0cDovL3BraS50cmVhc3VyeS5nb3YvZGhzY2FfYWlhLnA3YzBBBggrBgEFBQcB +CwQ1MDMwMQYIKwYBBQUHMAWGJWh0dHA6Ly9wa2kudHJlYXN1cnkuZ292L2Roc2Nh +X3NpYS5wN2Mwge8GA1UdHwSB5zCB5DA2oDSgMoYwaHR0cDovL3BraS50cmVhc3Vy +eS5nb3YvVVNfVHJlYXN1cnlfUm9vdF9DQTEuY3JsMIGpoIGmoIGjpIGgMIGdMQsw +CQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MSMwIQYDVQQLExpE +ZXBhcnRtZW50IG9mIHRoZSBUcmVhc3VyeTEiMCAGA1UECxMZQ2VydGlmaWNhdGlv +biBBdXRob3JpdGllczEcMBoGA1UECxMTVVMgVHJlYXN1cnkgUm9vdCBDQTENMAsG +A1UEAxMEQ1JMMTAfBgNVHSMEGDAWgBQXS7gmuml6rRJQV0Uxnle7dKXaLzAdBgNV +HQ4EFgQUGC4gIbPJV4WIJ+eKdYTzc8Z34wkwDQYJKoZIhvcNAQEMBQADggIBAM7S +vpuyFVyEK621hA3QJtOAp6zmZpTe5t3MKoX2sG83Mfs3qSGG5V/y3dgEIXIt37bu +I2A96l9O2F9rBO9AgoJ5XzvmXHtj41Vy3MdT+L5K72ZtOTfSL9Va0Lxt7srKU8Wx +YbRE16ogS8W3ioci7JTOprM50duvHWW2Y2X4xw2R2hG+uocK2MoJh1FFhf007Yp1 +Bkhd2pV54AVtpfnUZelLgrFPCe5LBj74tODn8zghZQJ/wT217rNt4gSLG2rj2Slm +s0GCQWQt8rTEM8rmu1tjdfYtZ1zJob8ms1jEJS9bF/8NwaifVjsst/Osc/Zgv4Hw +JENPqDD33RW6LtiNzJjkDFayG19UYWts4mSepmrsqwG7vzu24tf09Ibf2gdekdEY +HmDeAA97QdUPzEn+OryI2uo8oE3DqX76QQAeh6pnX81Ovy+eBWD/vb2LK+B1yKRU +lzwM8CITBQZmGaBsQN2D1PB/BSRHrZN7UHSrrvrlhT8LXxHcZEexzA4W1WxgBZun +xHW8cr0YAhusC3J6iELFNbipP5s0SAQdK4Jsjl075nzTG8gt4xeQHafRXvaL5LNl +zgC+y1jJ8QyHn0Hvp4gZRx+1lUkJpmYMV1hVu0OjpbZJZbmWQzUNvg6hcAB1jrai +j3etpOJKgF6EGN5uvzgUu1tnetHz8rqoA+G7nyH8MIIIdTCCB12gAwIBAgIEUbAk +AjANBgkqhkiG9w0BAQsFADCBsTETMBEGCgmSJomT8ixkARkWA3NidTEVMBMGCgmS +JomT8ixkARkWBXN0YXRlMRYwFAYDVQQDDA1Db25maWd1cmF0aW9uMREwDwYDVQQD +DAhTZXJ2aWNlczEcMBoGA1UEAwwTUHVibGljIEtleSBTZXJ2aWNlczEMMAoGA1UE +AwwDQUlBMSwwKgYDVQQDDCNVLlMuIERlcGFydG1lbnQgb2YgU3RhdGUgQUQgUm9v +dCBDQTAeFw0xNjA4MDMxNjEzMjVaFw0yNjA4MDMxNjQzMjVaMIGiMQswCQYDVQQG +EwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MRwwGgYDVQQLExNEZXBhcnRt +ZW50IG9mIFN0YXRlMQwwCgYDVQQLEwNQSVYxIjAgBgNVBAsTGUNlcnRpZmljYXRp +b24gQXV0aG9yaXRpZXMxKTAnBgNVBAsTIFUuUy4gRGVwYXJ0bWVudCBvZiBTdGF0 +ZSBQSVYgQ0EyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTZkFXWa +8FgKcMc3LECOgmWSoA/lyUnvWHEImsM0jTVaNRMmfsuuRqlUJKc0npPxtFQYGcgW +NlVjEhZvCbiFsuYgDepXfAJ4QNuFfTKNY+KFbDwasoOBAHuZbr7gcK5AQxfm7O25 +exd8EZnC1genPycqJsoRoXklxk7ocaT1RXfav92ToXwrGdxPip6tu1RJmKCXmkbl ++bWWlQ8y4YMNJvinSOnEACOIc9lTjJWrIYPh0H9uhgBF0td7eQ2vXnYejCBO6Lo0 +dnHQtiHu03Q1kPh4adGfTuZmKoNz+xlS4LHCj+WqQJ16xQcgJE7vzTOojwo+L6Ra ++N2+5hgeU8JMgwIDAQABo4IEoDCCBJwwDgYDVR0PAQH/BAQDAgEGMIHdBgNVHSAE +gdUwgdIwDAYKYIZIAWUDAgEGATAMBgpghkgBZQMCAQYCMAwGCmCGSAFlAwIBBgMw +DAYKYIZIAWUDAgEGBDAMBgpghkgBZQMCAQYMMAwGCmCGSAFlAwIBAwYwDAYKYIZI +AWUDAgEDBzAMBgpghkgBZQMCAQMIMAwGCmCGSAFlAwIBAw0wDAYKYIZIAWUDAgED +EDAMBgpghkgBZQMCAQMRMAwGCmCGSAFlAwIBAyQwDAYKYIZIAWUDAgEDJzAMBgpg +hkgBZQMCAQMoMAwGCmCGSAFlAwIBAykwEgYDVR0TAQH/BAgwBgEB/wIBADCCAXYG +CCsGAQUFBwEBBIIBaDCCAWQwgdwGCCsGAQUFBzAChoHPbGRhcDovL2NlcnRyZXAu +cGtpLnN0YXRlLmdvdi9jbj1VLlMuJTIwRGVwYXJ0bWVudCUyMG9mJTIwU3RhdGUl +MjBBRCUyMFJvb3QlMjBDQSxjbj1BSUEsY249UHVibGljJTIwS2V5JTIwU2Vydmlj +ZXMsY249U2VydmljZXMsY249Q29uZmlndXJhdGlvbixkYz1zdGF0ZSxkYz1zYnU/ +Y0FDZXJ0aWZpY2F0ZTtiaW5hcnksY3Jvc3NDZXJ0aWZpY2F0ZVBhaXI7YmluYXJ5 +MEYGCCsGAQUFBzAChjpodHRwOi8vY3Jscy5wa2kuc3RhdGUuZ292L0FJQS9DZXJ0 +c0lzc3VlZFRvRG9TQURSb290Q0EucDdjMDsGCCsGAQUFBzABhi9odHRwOi8vb2Nz +cC5wa2kuc3RhdGUuZ292L09DU1AvRG9TT0NTUFJlc3BvbmRlcjCCAdoGA1UdHwSC +AdEwggHNMIH7oIH4oIH1hjFodHRwOi8vY3Jscy5wa2kuc3RhdGUuZ292L2NybHMv +RG9TQURQS0lSb290Q0EuY3JshoG/bGRhcDovL2NlcnRyZXAucGtpLnN0YXRlLmdv +di9jbj1VLlMuJTIwRGVwYXJ0bWVudCUyMG9mJTIwU3RhdGUlMjBBRCUyMFJvb3Ql +MjBDQSxjbj1BSUEsY249UHVibGljJTIwS2V5JTIwU2VydmljZXMsY249U2Vydmlj +ZXMsY249Q29uZmlndXJhdGlvbixkYz1zdGF0ZSxkYz1zYnU/Y2VydGlmaWNhdGVS +ZXZvY2F0aW9uTGlzdDtiaW5hcnkwgcyggcmggcakgcMwgcAxEzARBgoJkiaJk/Is +ZAEZFgNzYnUxFTATBgoJkiaJk/IsZAEZFgVzdGF0ZTEWMBQGA1UEAwwNQ29uZmln +dXJhdGlvbjERMA8GA1UEAwwIU2VydmljZXMxHDAaBgNVBAMME1B1YmxpYyBLZXkg +U2VydmljZXMxDDAKBgNVBAMMA0FJQTEsMCoGA1UEAwwjVS5TLiBEZXBhcnRtZW50 +IG9mIFN0YXRlIEFEIFJvb3QgQ0ExDTALBgNVBAMMBENSTDEwHwYDVR0jBBgwFoAU +b4P+glBkZXc+/d8Dms4p0S8wzOwwHQYDVR0OBBYEFIrMbENWw0Wlc8X9s/QcaILJ +60kgMA0GCSqGSIb3DQEBCwUAA4IBAQB0yhHG7bfef5vehjpNmaZmtwbMc0I5o9BR +CcQed1kbsPa+NgXr/S7EioGK6HhTNLjGIIMJ5j8mcCKdP9TTJmWGwB33M7f7Q3RI +Ci+YSuO0JLP5WL2OrWoNkp1Yg2J/0Jp3/JyIhFxkAhL1RFB+11lJwd5mZ3nW9geg +x0ALePqT5yqqvvO9OWR8wzQeZHt6L/AqJqA0yHVh8ZVOLLjesdYJUh72yt4S53Zv +vDbd9lLQX4lsXkN+JcP/3QgQ1OHBxO1o3zh2RDQgSekXrvjkRFc7CMchnIF3AJ57 +6eaOdR15yiAG1UqZwIE2LK3OJB0IGtHJOKcTO5Dxk+zB616j8DK+MIIIeTCCBmGg +AwIBAgIEYzRWoDANBgkqhkiG9w0BAQwFADCBjjELMAkGA1UEBhMCVVMxGDAWBgNV BAoTD1UuUy4gR292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVudCBvZiB0aGUg VHJlYXN1cnkxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxHDAa -BgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0ExDTALBgNVBAMTBENSTDEwHwYDVR0j -BBgwFoAUF0u4Jrppeq0SUFdFMZ5Xu3Sl2i8wHQYDVR0OBBYEFBguICGzyVeFiCfn -inWE83PGd+MJMA0GCSqGSIb3DQEBDAUAA4ICAQDO0r6bshVchCuttYQN0CbTgKes -5maU3ubdzCqF9rBvNzH7N6khhuVf8t3YBCFyLd+27iNgPepfTthfawTvQIKCeV87 -5lx7Y+NVctzHU/i+Su9mbTk30i/VWtC8be7KylPFsWG0RNeqIEvFt4qHIuyUzqaz -OdHbrx1ltmNl+McNkdoRvrqHCtjKCYdRRYX9NO2KdQZIXdqVeeAFbaX51GXpS4Kx -TwnuSwY++LTg5/M4IWUCf8E9te6zbeIEixtq49kpZrNBgkFkLfK0xDPK5rtbY3X2 -LWdcyaG/JrNYxCUvWxf/DcGon1Y7LLfzrHP2YL+B8CRDT6gw990Vui7YjcyY5AxW -shtfVGFrbOJknqZq7KsBu787tuLX9PSG39oHXpHRGB5g3gAPe0HVD8xJ/jq8iNrq -PKBNw6l++kEAHoeqZ1/NTr8vngVg/729iyvgdcikVJc8DPAiEwUGZhmgbEDdg9Tw -fwUkR62Te1B0q6765YU/C18R3GRHscwOFtVsYAWbp8R1vHK9GAIbrAtyeohCxTW4 -qT+bNEgEHSuCbI5dO+Z80xvILeMXkB2n0V72i+SzZc4AvstYyfEMh59B76eIGUcf -tZVJCaZmDFdYVbtDo6W2SWW5lkM1Db4OoXAAdY62oo93raTiSoBehBjebr84FLtb -Z3rR8/K6qAPhu58h/DCCCHUwggddoAMCAQICBFGwJAIwDQYJKoZIhvcNAQELBQAw -gbExEzARBgoJkiaJk/IsZAEZFgNzYnUxFTATBgoJkiaJk/IsZAEZFgVzdGF0ZTEW -MBQGA1UEAwwNQ29uZmlndXJhdGlvbjERMA8GA1UEAwwIU2VydmljZXMxHDAaBgNV -BAMME1B1YmxpYyBLZXkgU2VydmljZXMxDDAKBgNVBAMMA0FJQTEsMCoGA1UEAwwj -VS5TLiBEZXBhcnRtZW50IG9mIFN0YXRlIEFEIFJvb3QgQ0EwHhcNMTYwODAzMTYx -MzI1WhcNMjYwODAzMTY0MzI1WjCBojELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Uu -Uy4gR292ZXJubWVudDEcMBoGA1UECxMTRGVwYXJ0bWVudCBvZiBTdGF0ZTEMMAoG -A1UECxMDUElWMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMSkw -JwYDVQQLEyBVLlMuIERlcGFydG1lbnQgb2YgU3RhdGUgUElWIENBMjCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBALU2ZBV1mvBYCnDHNyxAjoJlkqAP5clJ -71hxCJrDNI01WjUTJn7LrkapVCSnNJ6T8bRUGBnIFjZVYxIWbwm4hbLmIA3qV3wC -eEDbhX0yjWPihWw8GrKDgQB7mW6+4HCuQEMX5uztuXsXfBGZwtYHpz8nKibKEaF5 -JcZO6HGk9UV32r/dk6F8KxncT4qerbtUSZigl5pG5fm1lpUPMuGDDSb4p0jpxAAj -iHPZU4yVqyGD4dB/boYARdLXe3kNr152HowgTui6NHZx0LYh7tN0NZD4eGnRn07m -ZiqDc/sZUuCxwo/lqkCdesUHICRO780zqI8KPi+kWvjdvuYYHlPCTIMCAwEAAaOC -BKAwggScMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0gBIHVMIHSMAwGCmCGSAFlAwIB -BgEwDAYKYIZIAWUDAgEGAjAMBgpghkgBZQMCAQYDMAwGCmCGSAFlAwIBBgQwDAYK -YIZIAWUDAgEGDDAMBgpghkgBZQMCAQMGMAwGCmCGSAFlAwIBAwcwDAYKYIZIAWUD +BgNVBAsTE1VTIFRyZWFzdXJ5IFJvb3QgQ0EwHhcNMjMwNTIwMTUyMDQ2WhcNMzMw +NTIwMTU1MDQ2WjCBoDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJu +bWVudDEnMCUGA1UECxMeRGVwYXJ0bWVudCBvZiBWZXRlcmFucyBBZmZhaXJzMSIw +IAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMSowKAYDVQQLEyFEZXBh +cnRtZW50IG9mIFZldGVyYW5zIEFmZmFpcnMgQ0EwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQCZVYbi26fpo1WEPdyoiBbVBx1LtpC+muAv6DOCIdaIkra4 +1XkfKkz7g+EgW/hwtnMfTDG9pfvv9hKYWqXFmBZpLtONYakH8Hjhe4pgkd5pBGLJ +z/5kZ0FpypRnWV3WTWceLo+u+H+Pt6BMMpspFl0icoi+pSPUyHOWKimMn9dH0ynw +EqbRIvDVMp5acnNwe1JhV6pSMNpZBu3oaaeWpCfNbn0d9cB27K4hfwz4aZa0xigD +ufyHID8rP0NGkvD7WQzKGF/Be1O4+iZRf34p3UmxlWhVjBPlX8NiayZzTIVjyejU +r5bVp+Xs43s51MpPVcYFyVy1eUPIjuwljxBql6kwqL9MJYkR/9s5255WpFNVW8yW +OM6pFR7KqFZWNeDBxTCZ7ZUtidxALQmnqoY3QYyrMcgKuz8wuwuGwubGS9lfburH +7XyMjyn6wNEkIFJ4rhq1pposlATbAgDe8eC+LUWIin2zWkj3kE5bI/lGcTVJo51E +srO4KNfdmNFjpw0MB0T2NsmkvNqnmrd+0jB82gMbHLIPg93d+RF/FvjR9YyGc/kU +QKazXJdLXt0HdwNscqeWxhb/o7GQDZ6dehcuNFrMk46yu6RJe1szjNI3mbXBJKrA +2UvTOPz7grFnzVSHfoJxY3HoUfYjhdqm5ckx1ScIGmFwedyklazAZNs5eelEnQID +AQABo4ICyTCCAsUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgesG +A1UdIASB4zCB4DAMBgpghkgBZQMCAQMGMAwGCmCGSAFlAwIBAwcwDAYKYIZIAWUD AgEDCDAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIBAxAwDAYKYIZIAWUDAgEDETAM BgpghkgBZQMCAQMkMAwGCmCGSAFlAwIBAycwDAYKYIZIAWUDAgEDKDAMBgpghkgB -ZQMCAQMpMBIGA1UdEwEB/wQIMAYBAf8CAQAwggF2BggrBgEFBQcBAQSCAWgwggFk -MIHcBggrBgEFBQcwAoaBz2xkYXA6Ly9jZXJ0cmVwLnBraS5zdGF0ZS5nb3YvY249 -VS5TLiUyMERlcGFydG1lbnQlMjBvZiUyMFN0YXRlJTIwQUQlMjBSb290JTIwQ0Es -Y249QUlBLGNuPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLGNuPVNlcnZpY2VzLGNu -PUNvbmZpZ3VyYXRpb24sZGM9c3RhdGUsZGM9c2J1P2NBQ2VydGlmaWNhdGU7Ymlu -YXJ5LGNyb3NzQ2VydGlmaWNhdGVQYWlyO2JpbmFyeTBGBggrBgEFBQcwAoY6aHR0 -cDovL2NybHMucGtpLnN0YXRlLmdvdi9BSUEvQ2VydHNJc3N1ZWRUb0RvU0FEUm9v -dENBLnA3YzA7BggrBgEFBQcwAYYvaHR0cDovL29jc3AucGtpLnN0YXRlLmdvdi9P -Q1NQL0RvU09DU1BSZXNwb25kZXIwggHaBgNVHR8EggHRMIIBzTCB+6CB+KCB9YYx -aHR0cDovL2NybHMucGtpLnN0YXRlLmdvdi9jcmxzL0RvU0FEUEtJUm9vdENBLmNy -bIaBv2xkYXA6Ly9jZXJ0cmVwLnBraS5zdGF0ZS5nb3YvY249VS5TLiUyMERlcGFy -dG1lbnQlMjBvZiUyMFN0YXRlJTIwQUQlMjBSb290JTIwQ0EsY249QUlBLGNuPVB1 -YmxpYyUyMEtleSUyMFNlcnZpY2VzLGNuPVNlcnZpY2VzLGNuPUNvbmZpZ3VyYXRp -b24sZGM9c3RhdGUsZGM9c2J1P2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q7Ymlu -YXJ5MIHMoIHJoIHGpIHDMIHAMRMwEQYKCZImiZPyLGQBGRYDc2J1MRUwEwYKCZIm -iZPyLGQBGRYFc3RhdGUxFjAUBgNVBAMMDUNvbmZpZ3VyYXRpb24xETAPBgNVBAMM -CFNlcnZpY2VzMRwwGgYDVQQDDBNQdWJsaWMgS2V5IFNlcnZpY2VzMQwwCgYDVQQD -DANBSUExLDAqBgNVBAMMI1UuUy4gRGVwYXJ0bWVudCBvZiBTdGF0ZSBBRCBSb290 -IENBMQ0wCwYDVQQDDARDUkwxMB8GA1UdIwQYMBaAFG+D/oJQZGV3Pv3fA5rOKdEv -MMzsMB0GA1UdDgQWBBSKzGxDVsNFpXPF/bP0HGiCyetJIDANBgkqhkiG9w0BAQsF -AAOCAQEAdMoRxu233n+b3oY6TZmmZrcGzHNCOaPQUQnEHndZG7D2vjYF6/0uxIqB -iuh4UzS4xiCDCeY/JnAinT/U0yZlhsAd9zO3+0N0SAovmErjtCSz+Vi9jq1qDZKd -WINif9Cad/yciIRcZAIS9URQftdZScHeZmd51vYHoMdAC3j6k+cqqr7zvTlkfMM0 -HmR7ei/wKiagNMh1YfGVTiy43rHWCVIe9sreEud2b7w23fZS0F+JbF5DfiXD/90I -ENThwcTtaN84dkQ0IEnpF6745ERXOwjHIZyBdwCee+nmjnUdecogBtVKmcCBNiyt -ziQdCBrRyTinEzuQ8ZPsweteo/AyvjCCCHkwggZhoAMCAQICBGM0VqAwDQYJKoZI -hvcNAQEMBQAwgY4xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1l -bnQxIzAhBgNVBAsTGkRlcGFydG1lbnQgb2YgdGhlIFRyZWFzdXJ5MSIwIAYDVQQL -ExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMRwwGgYDVQQLExNVUyBUcmVhc3Vy -eSBSb290IENBMB4XDTIzMDUyMDE1MjA0NloXDTMzMDUyMDE1NTA0NlowgaAxCzAJ -BgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxJzAlBgNVBAsTHkRl -cGFydG1lbnQgb2YgVmV0ZXJhbnMgQWZmYWlyczEiMCAGA1UECxMZQ2VydGlmaWNh -dGlvbiBBdXRob3JpdGllczEqMCgGA1UECxMhRGVwYXJ0bWVudCBvZiBWZXRlcmFu -cyBBZmZhaXJzIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmVWG -4tun6aNVhD3cqIgW1QcdS7aQvprgL+gzgiHWiJK2uNV5HypM+4PhIFv4cLZzH0wx -vaX77/YSmFqlxZgWaS7TjWGpB/B44XuKYJHeaQRiyc/+ZGdBacqUZ1ld1k1nHi6P -rvh/j7egTDKbKRZdInKIvqUj1MhzliopjJ/XR9Mp8BKm0SLw1TKeWnJzcHtSYVeq -UjDaWQbt6GmnlqQnzW59HfXAduyuIX8M+GmWtMYoA7n8hyA/Kz9DRpLw+1kMyhhf -wXtTuPomUX9+Kd1JsZVoVYwT5V/DYmsmc0yFY8no1K+W1afl7ON7OdTKT1XGBclc -tXlDyI7sJY8QapepMKi/TCWJEf/bOdueVqRTVVvMljjOqRUeyqhWVjXgwcUwme2V -LYncQC0Jp6qGN0GMqzHICrs/MLsLhsLmxkvZX27qx+18jI8p+sDRJCBSeK4ataaa -LJQE2wIA3vHgvi1FiIp9s1pI95BOWyP5RnE1SaOdRLKzuCjX3ZjRY6cNDAdE9jbJ -pLzap5q3ftIwfNoDGxyyD4Pd3fkRfxb40fWMhnP5FECms1yXS17dB3cDbHKnlsYW -/6OxkA2enXoXLjRazJOOsrukSXtbM4zSN5m1wSSqwNlL0zj8+4KxZ81Uh36CcWNx -6FH2I4XapuXJMdUnCBphcHncpJWswGTbOXnpRJ0CAwEAAaOCAskwggLFMA4GA1Ud -DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MIHrBgNVHSAEgeMwgeAwDAYKYIZI -AWUDAgEDBjAMBgpghkgBZQMCAQMHMAwGCmCGSAFlAwIBAwgwDAYKYIZIAWUDAgED -DTAMBgpghkgBZQMCAQMQMAwGCmCGSAFlAwIBAxEwDAYKYIZIAWUDAgEDJDAMBgpg -hkgBZQMCAQMnMAwGCmCGSAFlAwIBAygwDAYKYIZIAWUDAgEDKTAMBgpghkgBZQMC -AQMtMAwGCmCGSAFlAwIBAy4wDAYKYIZIAWUDAgEDLzAMBgpghkgBZQMCAQUKMAwG -CmCGSAFlAwIBBQswDAYKYIZIAWUDAgEFDDBABggrBgEFBQcBAQQ0MDIwMAYIKwYB -BQUHMAKGJGh0dHA6Ly9wa2kudHJlYXN1cnkuZ292L3ZhY2FfYWlhLnA3YzBABggr -BgEFBQcBCwQ0MDIwMAYIKwYBBQUHMAWGJGh0dHA6Ly9wa2kudHJlYXN1cnkuZ292 -L3ZhY2Ffc2lhLnA3YzCB7wYDVR0fBIHnMIHkMDagNKAyhjBodHRwOi8vcGtpLnRy -ZWFzdXJ5Lmdvdi9VU19UcmVhc3VyeV9Sb290X0NBMS5jcmwwgamggaaggaOkgaAw -gZ0xCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxIzAhBgNV -BAsTGkRlcGFydG1lbnQgb2YgdGhlIFRyZWFzdXJ5MSIwIAYDVQQLExlDZXJ0aWZp -Y2F0aW9uIEF1dGhvcml0aWVzMRwwGgYDVQQLExNVUyBUcmVhc3VyeSBSb290IENB -MQ0wCwYDVQQDEwRDUkwxMB8GA1UdIwQYMBaAFBdLuCa6aXqtElBXRTGeV7t0pdov -MB0GA1UdDgQWBBQA6dxt0krLkLxJDXEJi9mDumHc8jANBgkqhkiG9w0BAQwFAAOC -AgEAoYKv7qmQOkSKRecnI4lLNVGWae2XMxI8FuIFTN9BM43DZ1hAu4MTdjLjNdGC -O4p3ttolMgVps9bIal+qIQSikd2qhQcvQfJCpW41HZFMlx6gMcC+hjZf7lOEYnWY -wPrdzpXO6UjfgmmgSW9FzBCvXtWyTZPKC9DDojpVzsBm7fH2K1qNMNCmn29fYOQu -BdVqDr55XiCZN8LmOVA3VRUs2hDtOzHQKxKMaDlZzDxw1wjYOcHVRVfcqUtf3UsF -GlkxfK8kD0imJP6ASrQYfvIMu79GUjq6hjXtR082ptSLJ9/qsmD0xkatjMH7tAHT -KI/QVEc5U3HMDa3lhf/6QbypLyP223WSdreCKg8EoLAry88MCY5XEp/75AkUe5yL -Uj69qXsXjXUEMjU6f+TQ4DRt+Ol9PnHBsCPg2scmRCfq0UUjHoyy6UpR5EwbH9W6 -YxcH++fQSJswLAwFlhFCIDqciBXrbJQz9QBC/YqlghV5ge5u8JA+DMJXr7v02Omm -m9zM/NyGmlLJt1EMC/rOreDFmuxBHkqbMrVuWGQ1AmX1bKAKlf1qKGY+UD24tnUK -iLad/w8SAP30c23gEPlX1mQ46p96WauV/Ni4xvPuTwZQ1Q+n98uricnAI/aImNP+ -CRQfRIJQ8wqlNlM24kVFCvcrtn9Cwi5KqnIzQKwKkEeCBZEwggiIMIIGcKADAgEC -AgRjNFZdMA0GCSqGSIb3DQEBDAUAMIGOMQswCQYDVQQGEwJVUzEYMBYGA1UEChMP -VS5TLiBHb3Zlcm5tZW50MSMwIQYDVQQLExpEZXBhcnRtZW50IG9mIHRoZSBUcmVh -c3VyeTEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEcMBoGA1UE -CxMTVVMgVHJlYXN1cnkgUm9vdCBDQTAeFw0yMzA1MjAxNDQ1MzRaFw0zMzA1MjAx -NTE1MzRaMIGCMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50 -MSMwIQYDVQQLExpEZXBhcnRtZW50IG9mIHRoZSBUcmVhc3VyeTEiMCAGA1UECxMZ -Q2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEQMA4GA1UECxMHT0NJTyBDQTCCAiIw -DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALsv02w/0anKEQFjC7ULud/3TeYR -X6yOgOHwhx1cVguGod6I6zJaUrtT+H67w5L2zbGWX/kyFZs1QSSRFwHCefRESfhl -E5ifqGOJ+qWSZK0gWrQflZw/kiSI8lFEBQzViJ5yiubQsfiKPAELkuvPUGL7gi6R -RQgrb9pqyL6etVdn46ZgPzIMyqoeLd1t3cfoFSCOPPjTCoKPYcshQejm1mEVTgJW -Jy7q/AQww7ghdBFf/yYDUHwXO29GlWVL7EQKkgYbGgPcE+xu0w4g2rlLO9FcoahR -pHIf7zmr9EZsxuBsyh+YiKWfOcDBetlC4aVqpTLRGrku6zSUwAT7VP6qEbaED9yW -nCfnnDW1UQEFuDGRPnp1KWpuOPF/l3Qr6M3m1S407CmGFu2+IAmZEqLc1dYBHwlC -9JBeJXk36IxB3XIDud/3tmVSEVfR6IAahRNjEl0htpLRJr2iCuBMK2z+Tit9Vif6 -9rYgA+PbZ5kK+muUm8bHKJWMzXEaw6PpY5+URh+HvSXsaPcqQEAG4cLQfvNGQyLL -GTf7DQv8JjXyKGwPrsoqOFtRWNtOwhaHmkGDxGOOggnBDP0pU/lL7hSuau4w6V+O -qygMtOy/QrGwZcQMqCv6BaA0/uSPFgMj/xizEdsz/y2CL9lA5XmmcIU5NLoY0hoW -pKa3fAD5hSk7zP/JAgMBAAGjggL2MIIC8jAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T -AQH/BAUwAwEB/zCCARcGA1UdIASCAQ4wggEKMAwGCmCGSAFlAwIBBQIwDAYKYIZI -AWUDAgEFAzAMBgpghkgBZQMCAQUEMAwGCmCGSAFlAwIBBQcwDAYKYIZIAWUDAgEF -CjAMBgpghkgBZQMCAQULMAwGCmCGSAFlAwIBBQwwDAYKYIZIAWUDAgEDBjAMBgpg -hkgBZQMCAQMHMAwGCmCGSAFlAwIBAwgwDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMC -AQMRMAwGCmCGSAFlAwIBAyQwDAYKYIZIAWUDAgEDJzAMBgpghkgBZQMCAQMoMAwG -CmCGSAFlAwIBAykwDAYKYIZIAWUDAgEDLTAMBgpghkgBZQMCAQMuMAwGCmCGSAFl -AwIBAy8wQAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzAChiRodHRwOi8vcGtpLnRy -ZWFzdXJ5Lmdvdi90b2NhX2FpYS5wN2MwQAYIKwYBBQUHAQsENDAyMDAGCCsGAQUF -BzAFhiRodHRwOi8vcGtpLnRyZWFzdXJ5Lmdvdi90b2NhX3NpYS5wN2Mwge8GA1Ud -HwSB5zCB5DA2oDSgMoYwaHR0cDovL3BraS50cmVhc3VyeS5nb3YvVVNfVHJlYXN1 -cnlfUm9vdF9DQTEuY3JsMIGpoIGmoIGjpIGgMIGdMQswCQYDVQQGEwJVUzEYMBYG -A1UEChMPVS5TLiBHb3Zlcm5tZW50MSMwIQYDVQQLExpEZXBhcnRtZW50IG9mIHRo -ZSBUcmVhc3VyeTEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEc -MBoGA1UECxMTVVMgVHJlYXN1cnkgUm9vdCBDQTENMAsGA1UEAxMEQ1JMMTAfBgNV -HSMEGDAWgBQXS7gmuml6rRJQV0Uxnle7dKXaLzAdBgNVHQ4EFgQUOIAfd2fplzUz -7rBeGwcmCJYnRdowDQYJKoZIhvcNAQEMBQADggIBANB2ThDyhifon0qpwMO0kFrT -Ecz64ZR8I6IsFbMetwiKKnfh7cKWk8m8rgXnA3Nszf5lsdWY7efvuj9DTz3hmA/N -mTFy57Jds8hvAGfgomrEoCA48GDcbAqi8u6NmU5ka6IwXBHt1oEmGHXdNezYK014 -yIDILOc27HewfA5uhOOnvkXBbkE/cPOXVbiidiMjZJ+BDj27qlpdvWM+yDhFSG4D -CKEmJwrax1iqRlPTb1Fe15yEr5/PxpNkZY7mv9Lxmys2UKpKzq60C02+bdgk2Snd -0tl48/22k+gT7RY58PqCgHeGR4Q0YT2x+fjHuB/hTpOqyDHkK5a31mxfnvFhWP5e -vkdMw7D6VlisW57ZO38YOkSjKTQ3VEkVVm3RCxV/KaQekWurva/deA8jahtnLV79 -gvGcXlYSOj7aez1tN16H6pPtq8uth1CuwKgAp8ksq/H3SjIRSsYWn9BvwwzGSI+F -nDLPKD28Bolzbo76k4LcKgQPS6CVEg/FS5kbsjcda0itYbSuJi3Iwj8stbKjmY66 -6oNFKU0JWRXxOxYWPN40dSKPuC8MlsUtHuB6cbM+md/0xeciC22sclyPQ6yYT6TT -zSHakXHGP52Ts23fksbGlulIUjnYH3TZ0vGi4aTftoixn7UbaM+jVbMDTnpgQldD -gZL7n8QvF/Fb55De/BmdMIIImjCCBoKgAwIBAgITRAAAAAYvNctzuHL1JQAAAAAA -BjANBgkqhkiG9w0BAQwFADCBlDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHE5vcnRo -cm9wIEdydW1tYW4gQ29ycG9yYXRpb24xLTArBgNVBAsTJE5vcnRocm9wIEdydW1t -YW4gRW50ZXJwcmlzZSBTZXJ2aWNlczEvMC0GA1UEAxMmTm9ydGhyb3AgR3J1bW1h -biBDb3Jwb3JhdGUgUm9vdCBDQS0zODQwHhcNMjMwMzAxMTc1NTA4WhcNMzYwMzAx -MTgwNTA4WjCBlzELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHE5vcnRocm9wIEdydW1t -YW4gQ29ycG9yYXRpb24xLTArBgNVBAsTJE5vcnRocm9wIEdydW1tYW4gRW50ZXJw -cmlzZSBTZXJ2aWNlczEyMDAGA1UEAxMpTm9ydGhyb3AgR3J1bW1hbiBDb3Jwb3Jh -dGUgU2lnbmluZyBDQS0zODQwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIB -gQDN85c8zzZEC7BR9XhEcyzucNxjTMFFX75Do8AFRBO3zU47pd75pqvVOg6szNmE -8L9KELDkBYJamN4G84L0VTy/3B6MfFgbk1LraKmo1IBrYbHuCyJRDqt9fz3xYUxk -Ym7RBspcDxOPbmcUMzjuCYjZWZyK6ZG2FXE+fIJG4MGpYd/urrfMxJmzBi1ppR6M -/9k8hVF8FEMPZIGHZhCV0KavrhGEPOuKUA+29VpyDFF7W/JSPZmpvg5Z3iStiLCa -O6JBlddk2ZTYwAC3J/2q0RRDkx2wQCCZHCZxcMWPyzypLWDIQ061bqeGVIR1rGEs -eD0GA+KOOhyR/dc+BVxihOiAjZN7ynfm66JCcv5HnpUdefUz6dEvrtqH2OljNgWz -KQdODU/zArhkkElKMYHFhXej4HZ+SP4vL3aymxxcE6umeqtQ+1sFx1IVFHtZAWOE -GacCFTdYpIXukHsIINZjyB1YUnjkpNEvG+SKRh7gdaogp6KZXueIxEx2aEuN6puX -h40CAwEAAaOCA14wggNaMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU2y5iR2Fo -TjQBE/J0dIfPL+9IdNcwggIBBgNVHSAEggH4MIIB9DBiBgsrBgEEAf9Og30CDTBT -MFEGCCsGAQUFBwIBFkVodHRwOi8vY2VydGRhdGEubm9ydGhyb3BncnVtbWFuLmNv -bS9jZXJ0ZGF0YS9jcC9ub3J0aHJvcGdydW1tYW5jcC5wZGYwYgYLKwYBBAH/ToN9 -Ag4wUzBRBggrBgEFBQcCARZFaHR0cDovL2NlcnRkYXRhLm5vcnRocm9wZ3J1bW1h -bi5jb20vY2VydGRhdGEvY3Avbm9ydGhyb3BncnVtbWFuY3AucGRmMGIGCysGAQQB -/06DfQIJMFMwUQYIKwYBBQUHAgEWRWh0dHA6Ly9jZXJ0ZGF0YS5ub3J0aHJvcGdy -dW1tYW4uY29tL2NlcnRkYXRhL2NwL25vcnRocm9wZ3J1bW1hbmNwLnBkZjBiBgsr -BgEEAf9Og30CCjBTMFEGCCsGAQUFBwIBFkVodHRwOi8vY2VydGRhdGEubm9ydGhy -b3BncnVtbWFuLmNvbS9jZXJ0ZGF0YS9jcC9ub3J0aHJvcGdydW1tYW5jcC5wZGYw -YgYLKwYBBAH/ToN9AgswUzBRBggrBgEFBQcCARZFaHR0cDovL2NlcnRkYXRhLm5v -cnRocm9wZ3J1bW1hbi5jb20vY2VydGRhdGEvY3Avbm9ydGhyb3BncnVtbWFuY3Au -cGRmMBIGA1UdEwEB/wQIMAYBAf8CAQAwHwYDVR0jBBgwFoAU+0iqYUmA1PemhYKi -RN2X1pumcQUwcgYDVR0fBGswaTBnoGWgY4ZhaHR0cDovL2NlcnRkYXRhLm5vcnRo -cm9wZ3J1bW1hbi5jb20vY2VydGRhdGEvY3Jscy9SZXZva2VkQnlOb3J0aHJvcEdy -dW1tYW5Db3Jwb3JhdGVSb290Q0EtMzg0LmNybDB7BggrBgEFBQcBAQRvMG0wawYI -KwYBBQUHMAKGX2h0dHA6Ly9jZXJ0ZGF0YS5ub3J0aHJvcGdydW1tYW4uY29tL2Nl -cnRkYXRhL3A3Yy9Jc3N1ZWRUb05vcnRocm9wR3J1bW1hbkNvcnBvcmF0ZVJvb3RD -QS0zODQucDdjMA0GCSqGSIb3DQEBDAUAA4ICAQAP7R0ZRPvPJz30ENSxsMnvexM+ -AaCm0EV+slwDQSy/s4n9T8wo7Dx6Tto1riIJYAb9KDSINR1FQWGpeFGWZECw3TUg -Yi3Gr7JeOKhcMA1xbrhX6Kt1a9XBZiyZBSjKm0vo65uqByoYW0DZdRn8g7acYdKr -Ben/G2BOS2/QsD7epjsby/3H5n2NwIBcTS8wQmbBVlmKcxYYAL+bM1jLaYMB+Q+l -II9UhV8mmpiPZq//71QxLo8Eo1o2UlOBb+WlZR0D+a0FCSx/WVAW0gpbFCuIXKcC -U+XrKb//7uza/qQB0oqYF/eN2Q0vqVpbC8htdiEZXZiL/0MDzIz9W4Nwu+zhnpVa -K0MGAJ2mpSg2z6foFQ8nYuFQ9GD1FQPZYN97o3IVzLVMTzgQmMKaHp9kWPmxQUyq -oJQ/I+zeqMlN6bVDw6Nkf18UU3aPXKr2XkTJAB5CDQU7DLZa4pNcS4RD3m3fKzOk -+EH3I3ag6m96tdvLqNGZBKPG429O2liokBqjZPFxvihZrERWysusd+BB5kyDm3Yp -JRDvTGo2DhJ0kzvzcxctrUMHyKKlymoWOOztDO0Ddb1BEGsd9TUZ/Fyzb37zqs+c -20+cPOPncyctgKof6YfQ8hFjM/52MAhj/UqrHmS5o5knexIPWmCysnhJT0k1Pahb -rlEFjFnU3kpEBT1JcDCCCKEwggaJoAMCAQICEFrQlW0TnGVjZSUn1gkXVYYwDQYJ -KoZIhvcNAQEMBQAwaDELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUNlcnRpUGF0aDEi -MCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEhMB8GA1UEAxMYQ2Vy -dGlQYXRoIEJyaWRnZSBDQSAtIEczMB4XDTIzMDIyMjAwMDAwMFoXDTI0MDIyODIz -NTk1OVowgYsxCzAJBgNVBAYTAkNBMSswKQYDVQQKEyJDYXJpbGxvbiBJbmZvcm1h -dGlvbiBTZWN1cml0eSBJbmMuMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhv -cml0aWVzMSswKQYDVQQDEyJDYXJpbGxvbiBQS0kgU2VydmljZXMgRzIgUm9vdCBD -QSAyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsujWrAtR2K+KpFZ2 -Q1ufFhgc3wMbq6J+ot2YWSTvPWf3awcNhABQVlP6Bt0o9yZFHh37wkV7ogWAfW3w -sif+6X8R960X3gCqgSahMUjpcuif9RfKErK2Ovs7k8VdsJItLVnAjBzU+EBakO07 -zb3J4fFABq+ZQhbZgobtIoaVGj8GUdaURlZ15Y1Zc/IkOIctj46PtXaPBF0X+MWU -R5CCniNYRmbp+WKKyMp6QcFedteLBLPzJNmA029LxqcNRlqLXzrreIodBekwwP6V -LuPVjmpLkAEst/E9VwHoJQZ3ntyD1IuHVgnyiPrW1LWEg+TF2bchpwqaQEePyuIK -q6FX1FeVjHT2YWalPGN/JsoN26bJUXeXjLXmpwIMWirtUOk/+xKEDigHkM3tidz3 -vOSPBDlkj1WXMC6L9QEC9SIT1vi/0nKb0NCCtKVNRJdpJTWO8v7E8cRkCnJbfHUN -go91HOb9YvazVvsLwptCS5ZttvrYOv4Uk+L/+djHLjYO00XBbn44gDXDYqkz04o6 -riYbD1KTuVvIR+0ElrN4Bv3XsHje/t1/AQmwPfWkb5wMAogjjqXqabe3QPxh00Z/ -mdTDSYwJdnTkDvSyzGo12BJfHwPvhDs31K6T/I+GMqbtQfM+m/uQOpeIhRdSdZD+ -lGt+ApJuu4VG98WC5W3d4D/8pd0CAwEAAaOCAyEwggMdMB0GA1UdDgQWBBT+ARem -ii56CtuZ7g9LlIMEityRkTASBgNVHRMBAf8ECDAGAQH/AgEBMIGbBgNVHSAEgZMw -gZAwDgYMKwYBBAGBu1MBAQEBMA4GDCsGAQQBgbtTAQEBAjAOBgwrBgEEAYG7UwEB -AQQwDgYMKwYBBAGBu1MBAQEFMA4GDCsGAQQBgbtTAQEBBzAOBgwrBgEEAYG7UwEB -AQgwDgYMKwYBBAGBu1MBAQEJMA4GDCsGAQQBgbtTAQEBFzAOBgwrBgEEAYG7UwEB -ARgwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2NybC5jZXJ0aXBhdGguY29tL0Nl -cnRpUGF0aEJyaWRnZUNBLUczLmNybDAOBgNVHQ8BAf8EBAMCAQYwCgYDVR02BAMC -AQAwEgYDVR0kAQH/BAgwBoABAIEBADCCARIGA1UdIQSCAQkwggEFMBsGDCsGAQQB -gbtTAQEBAQYLKwYBBAGBw14DAQswGwYMKwYBBAGBu1MBAQECBgsrBgEEAYHDXgMB -DDAbBgwrBgEEAYG7UwEBAQQGCysGAQQBgcNeAwEeMBsGDCsGAQQBgbtTAQEBBQYL -KwYBBAGBw14DAR8wGwYMKwYBBAGBu1MBAQEHBgsrBgEEAYHDXgMBFDAbBgwrBgEE -AYG7UwEBAQgGCysGAQQBgcNeAwEVMBsGDCsGAQQBgbtTAQEBCQYLKwYBBAGBw14D -ARYwGwYMKwYBBAGBu1MBAQEXBgsrBgEEAYHDXgMBDTAbBgwrBgEEAYG7UwEBARgG -CysGAQQBgcNeAwEOMFAGCCsGAQUFBwELBEQwQjBABggrBgEFBQcwBYY0aHR0cDov -L3B1Yi5jYXJpbGxvbi5jYS9DQWNlcnRzL0lzc3VlZEJ5Q0lTRzJSQ0EyLnA3YzBN +ZQMCAQMpMAwGCmCGSAFlAwIBAy0wDAYKYIZIAWUDAgEDLjAMBgpghkgBZQMCAQMv +MAwGCmCGSAFlAwIBBQowDAYKYIZIAWUDAgEFCzAMBgpghkgBZQMCAQUMMEAGCCsG +AQUFBwEBBDQwMjAwBggrBgEFBQcwAoYkaHR0cDovL3BraS50cmVhc3VyeS5nb3Yv +dmFjYV9haWEucDdjMEAGCCsGAQUFBwELBDQwMjAwBggrBgEFBQcwBYYkaHR0cDov +L3BraS50cmVhc3VyeS5nb3YvdmFjYV9zaWEucDdjMIHvBgNVHR8EgecwgeQwNqA0 +oDKGMGh0dHA6Ly9wa2kudHJlYXN1cnkuZ292L1VTX1RyZWFzdXJ5X1Jvb3RfQ0Ex +LmNybDCBqaCBpqCBo6SBoDCBnTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g +R292ZXJubWVudDEjMCEGA1UECxMaRGVwYXJ0bWVudCBvZiB0aGUgVHJlYXN1cnkx +IjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxHDAaBgNVBAsTE1VT +IFRyZWFzdXJ5IFJvb3QgQ0ExDTALBgNVBAMTBENSTDEwHwYDVR0jBBgwFoAUF0u4 +Jrppeq0SUFdFMZ5Xu3Sl2i8wHQYDVR0OBBYEFADp3G3SSsuQvEkNcQmL2YO6Ydzy +MA0GCSqGSIb3DQEBDAUAA4ICAQChgq/uqZA6RIpF5ycjiUs1UZZp7ZczEjwW4gVM +30EzjcNnWEC7gxN2MuM10YI7ine22iUyBWmz1shqX6ohBKKR3aqFBy9B8kKlbjUd +kUyXHqAxwL6GNl/uU4RidZjA+t3Olc7pSN+CaaBJb0XMEK9e1bJNk8oL0MOiOlXO +wGbt8fYrWo0w0Kafb19g5C4F1WoOvnleIJk3wuY5UDdVFSzaEO07MdArEoxoOVnM +PHDXCNg5wdVFV9ypS1/dSwUaWTF8ryQPSKYk/oBKtBh+8gy7v0ZSOrqGNe1HTzam +1Isn3+qyYPTGRq2Mwfu0AdMoj9BURzlTccwNreWF//pBvKkvI/bbdZJ2t4IqDwSg +sCvLzwwJjlcSn/vkCRR7nItSPr2pexeNdQQyNTp/5NDgNG346X0+ccGwI+DaxyZE +J+rRRSMejLLpSlHkTBsf1bpjFwf759BImzAsDAWWEUIgOpyIFetslDP1AEL9iqWC +FXmB7m7wkD4Mwlevu/TY6aab3Mz83IaaUsm3UQwL+s6t4MWa7EEeSpsytW5YZDUC +ZfVsoAqV/WooZj5QPbi2dQqItp3/DxIA/fRzbeAQ+VfWZDjqn3pZq5X82LjG8+5P +BlDVD6f3y6uJycAj9oiY0/4JFB9EglDzCqU2UzbiRUUK9yu2f0LCLkqqcjNArAqQ +R4IFkTCCCIgwggZwoAMCAQICBGM0Vl0wDQYJKoZIhvcNAQEMBQAwgY4xCzAJBgNV +BAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxIzAhBgNVBAsTGkRlcGFy +dG1lbnQgb2YgdGhlIFRyZWFzdXJ5MSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1 +dGhvcml0aWVzMRwwGgYDVQQLExNVUyBUcmVhc3VyeSBSb290IENBMB4XDTIzMDUy +MDE0NDUzNFoXDTMzMDUyMDE1MTUzNFowgYIxCzAJBgNVBAYTAlVTMRgwFgYDVQQK +Ew9VLlMuIEdvdmVybm1lbnQxIzAhBgNVBAsTGkRlcGFydG1lbnQgb2YgdGhlIFRy +ZWFzdXJ5MSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMRAwDgYD +VQQLEwdPQ0lPIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuy/T +bD/RqcoRAWMLtQu53/dN5hFfrI6A4fCHHVxWC4ah3ojrMlpSu1P4frvDkvbNsZZf ++TIVmzVBJJEXAcJ59ERJ+GUTmJ+oY4n6pZJkrSBatB+VnD+SJIjyUUQFDNWInnKK +5tCx+Io8AQuS689QYvuCLpFFCCtv2mrIvp61V2fjpmA/MgzKqh4t3W3dx+gVII48 ++NMKgo9hyyFB6ObWYRVOAlYnLur8BDDDuCF0EV//JgNQfBc7b0aVZUvsRAqSBhsa +A9wT7G7TDiDauUs70VyhqFGkch/vOav0RmzG4GzKH5iIpZ85wMF62ULhpWqlMtEa +uS7rNJTABPtU/qoRtoQP3JacJ+ecNbVRAQW4MZE+enUpam448X+XdCvozebVLjTs +KYYW7b4gCZkSotzV1gEfCUL0kF4leTfojEHdcgO53/e2ZVIRV9HogBqFE2MSXSG2 +ktEmvaIK4EwrbP5OK31WJ/r2tiAD49tnmQr6a5SbxscolYzNcRrDo+ljn5RGH4e9 +Jexo9ypAQAbhwtB+80ZDIssZN/sNC/wmNfIobA+uyio4W1FY207CFoeaQYPEY46C +CcEM/SlT+UvuFK5q7jDpX46rKAy07L9CsbBlxAyoK/oFoDT+5I8WAyP/GLMR2zP/ +LYIv2UDleaZwhTk0uhjSGhakprd8APmFKTvM/8kCAwEAAaOCAvYwggLyMA4GA1Ud +DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MIIBFwYDVR0gBIIBDjCCAQowDAYK +YIZIAWUDAgEFAjAMBgpghkgBZQMCAQUDMAwGCmCGSAFlAwIBBQQwDAYKYIZIAWUD +AgEFBzAMBgpghkgBZQMCAQUKMAwGCmCGSAFlAwIBBQswDAYKYIZIAWUDAgEFDDAM +BgpghkgBZQMCAQMGMAwGCmCGSAFlAwIBAwcwDAYKYIZIAWUDAgEDCDAMBgpghkgB +ZQMCAQMNMAwGCmCGSAFlAwIBAxEwDAYKYIZIAWUDAgEDJDAMBgpghkgBZQMCAQMn +MAwGCmCGSAFlAwIBAygwDAYKYIZIAWUDAgEDKTAMBgpghkgBZQMCAQMtMAwGCmCG +SAFlAwIBAy4wDAYKYIZIAWUDAgEDLzBABggrBgEFBQcBAQQ0MDIwMAYIKwYBBQUH +MAKGJGh0dHA6Ly9wa2kudHJlYXN1cnkuZ292L3RvY2FfYWlhLnA3YzBABggrBgEF +BQcBCwQ0MDIwMAYIKwYBBQUHMAWGJGh0dHA6Ly9wa2kudHJlYXN1cnkuZ292L3Rv +Y2Ffc2lhLnA3YzCB7wYDVR0fBIHnMIHkMDagNKAyhjBodHRwOi8vcGtpLnRyZWFz +dXJ5Lmdvdi9VU19UcmVhc3VyeV9Sb290X0NBMS5jcmwwgamggaaggaOkgaAwgZ0x +CzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxIzAhBgNVBAsT +GkRlcGFydG1lbnQgb2YgdGhlIFRyZWFzdXJ5MSIwIAYDVQQLExlDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0aWVzMRwwGgYDVQQLExNVUyBUcmVhc3VyeSBSb290IENBMQ0w +CwYDVQQDEwRDUkwxMB8GA1UdIwQYMBaAFBdLuCa6aXqtElBXRTGeV7t0pdovMB0G +A1UdDgQWBBQ4gB93Z+mXNTPusF4bByYIlidF2jANBgkqhkiG9w0BAQwFAAOCAgEA +0HZOEPKGJ+ifSqnAw7SQWtMRzPrhlHwjoiwVsx63CIoqd+HtwpaTybyuBecDc2zN +/mWx1Zjt5++6P0NPPeGYD82ZMXLnsl2zyG8AZ+CiasSgIDjwYNxsCqLy7o2ZTmRr +ojBcEe3WgSYYdd017NgrTXjIgMgs5zbsd7B8Dm6E46e+RcFuQT9w85dVuKJ2IyNk +n4EOPbuqWl29Yz7IOEVIbgMIoSYnCtrHWKpGU9NvUV7XnISvn8/Gk2Rljua/0vGb +KzZQqkrOrrQLTb5t2CTZKd3S2Xjz/baT6BPtFjnw+oKAd4ZHhDRhPbH5+Me4H+FO +k6rIMeQrlrfWbF+e8WFY/l6+R0zDsPpWWKxbntk7fxg6RKMpNDdUSRVWbdELFX8p +pB6Ra6u9r914DyNqG2ctXv2C8ZxeVhI6Ptp7PW03Xofqk+2ry62HUK7AqACnySyr +8fdKMhFKxhaf0G/DDMZIj4WcMs8oPbwGiXNujvqTgtwqBA9LoJUSD8VLmRuyNx1r +SK1htK4mLcjCPyy1sqOZjrrqg0UpTQlZFfE7FhY83jR1Io+4LwyWxS0e4Hpxsz6Z +3/TF5yILbaxyXI9DrJhPpNPNIdqRccY/nZOzbd+SxsaW6UhSOdgfdNnS8aLhpN+2 +iLGftRtoz6NVswNOemBCV0OBkvufxC8X8VvnkN78GZ0wggiaMIIGgqADAgECAhNE +AAAABi81y3O4cvUlAAAAAAAGMA0GCSqGSIb3DQEBDAUAMIGUMQswCQYDVQQGEwJV +UzElMCMGA1UEChMcTm9ydGhyb3AgR3J1bW1hbiBDb3Jwb3JhdGlvbjEtMCsGA1UE +CxMkTm9ydGhyb3AgR3J1bW1hbiBFbnRlcnByaXNlIFNlcnZpY2VzMS8wLQYDVQQD +EyZOb3J0aHJvcCBHcnVtbWFuIENvcnBvcmF0ZSBSb290IENBLTM4NDAeFw0yMzAz +MDExNzU1MDhaFw0zNjAzMDExODA1MDhaMIGXMQswCQYDVQQGEwJVUzElMCMGA1UE +ChMcTm9ydGhyb3AgR3J1bW1hbiBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTm9ydGhy +b3AgR3J1bW1hbiBFbnRlcnByaXNlIFNlcnZpY2VzMTIwMAYDVQQDEylOb3J0aHJv +cCBHcnVtbWFuIENvcnBvcmF0ZSBTaWduaW5nIENBLTM4NDCCAaIwDQYJKoZIhvcN +AQEBBQADggGPADCCAYoCggGBAM3zlzzPNkQLsFH1eERzLO5w3GNMwUVfvkOjwAVE +E7fNTjul3vmmq9U6DqzM2YTwv0oQsOQFglqY3gbzgvRVPL/cHox8WBuTUutoqajU +gGthse4LIlEOq31/PfFhTGRibtEGylwPE49uZxQzOO4JiNlZnIrpkbYVcT58gkbg +walh3+6ut8zEmbMGLWmlHoz/2TyFUXwUQw9kgYdmEJXQpq+uEYQ864pQD7b1WnIM +UXtb8lI9mam+DlneJK2IsJo7okGV12TZlNjAALcn/arRFEOTHbBAIJkcJnFwxY/L +PKktYMhDTrVup4ZUhHWsYSx4PQYD4o46HJH91z4FXGKE6ICNk3vKd+brokJy/kee +lR159TPp0S+u2ofY6WM2BbMpB04NT/MCuGSQSUoxgcWFd6Pgdn5I/i8vdrKbHFwT +q6Z6q1D7WwXHUhUUe1kBY4QZpwIVN1ikhe6Qewgg1mPIHVhSeOSk0S8b5IpGHuB1 +qiCnople54jETHZoS43qm5eHjQIDAQABo4IDXjCCA1owDgYDVR0PAQH/BAQDAgEG +MB0GA1UdDgQWBBTbLmJHYWhONAET8nR0h88v70h01zCCAgEGA1UdIASCAfgwggH0 +MGIGCysGAQQB/06DfQINMFMwUQYIKwYBBQUHAgEWRWh0dHA6Ly9jZXJ0ZGF0YS5u +b3J0aHJvcGdydW1tYW4uY29tL2NlcnRkYXRhL2NwL25vcnRocm9wZ3J1bW1hbmNw +LnBkZjBiBgsrBgEEAf9Og30CDjBTMFEGCCsGAQUFBwIBFkVodHRwOi8vY2VydGRh +dGEubm9ydGhyb3BncnVtbWFuLmNvbS9jZXJ0ZGF0YS9jcC9ub3J0aHJvcGdydW1t +YW5jcC5wZGYwYgYLKwYBBAH/ToN9AgkwUzBRBggrBgEFBQcCARZFaHR0cDovL2Nl +cnRkYXRhLm5vcnRocm9wZ3J1bW1hbi5jb20vY2VydGRhdGEvY3Avbm9ydGhyb3Bn +cnVtbWFuY3AucGRmMGIGCysGAQQB/06DfQIKMFMwUQYIKwYBBQUHAgEWRWh0dHA6 +Ly9jZXJ0ZGF0YS5ub3J0aHJvcGdydW1tYW4uY29tL2NlcnRkYXRhL2NwL25vcnRo +cm9wZ3J1bW1hbmNwLnBkZjBiBgsrBgEEAf9Og30CCzBTMFEGCCsGAQUFBwIBFkVo +dHRwOi8vY2VydGRhdGEubm9ydGhyb3BncnVtbWFuLmNvbS9jZXJ0ZGF0YS9jcC9u +b3J0aHJvcGdydW1tYW5jcC5wZGYwEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSME +GDAWgBT7SKphSYDU96aFgqJE3ZfWm6ZxBTByBgNVHR8EazBpMGegZaBjhmFodHRw +Oi8vY2VydGRhdGEubm9ydGhyb3BncnVtbWFuLmNvbS9jZXJ0ZGF0YS9jcmxzL1Jl +dm9rZWRCeU5vcnRocm9wR3J1bW1hbkNvcnBvcmF0ZVJvb3RDQS0zODQuY3JsMHsG +CCsGAQUFBwEBBG8wbTBrBggrBgEFBQcwAoZfaHR0cDovL2NlcnRkYXRhLm5vcnRo +cm9wZ3J1bW1hbi5jb20vY2VydGRhdGEvcDdjL0lzc3VlZFRvTm9ydGhyb3BHcnVt +bWFuQ29ycG9yYXRlUm9vdENBLTM4NC5wN2MwDQYJKoZIhvcNAQEMBQADggIBAA/t +HRlE+88nPfQQ1LGwye97Ez4BoKbQRX6yXANBLL+zif1PzCjsPHpO2jWuIglgBv0o +NIg1HUVBYal4UZZkQLDdNSBiLcavsl44qFwwDXFuuFfoq3Vr1cFmLJkFKMqbS+jr +m6oHKhhbQNl1GfyDtpxh0qsF6f8bYE5Lb9CwPt6mOxvL/cfmfY3AgFxNLzBCZsFW +WYpzFhgAv5szWMtpgwH5D6Ugj1SFXyaamI9mr//vVDEujwSjWjZSU4Fv5aVlHQP5 +rQUJLH9ZUBbSClsUK4hcpwJT5espv//u7Nr+pAHSipgX943ZDS+pWlsLyG12IRld +mIv/QwPMjP1bg3C77OGelVorQwYAnaalKDbPp+gVDydi4VD0YPUVA9lg33ujchXM +tUxPOBCYwpoen2RY+bFBTKqglD8j7N6oyU3ptUPDo2R/XxRTdo9cqvZeRMkAHkIN +BTsMtlrik1xLhEPebd8rM6T4QfcjdqDqb3q128uo0ZkEo8bjb07aWKiQGqNk8XG+ +KFmsRFbKy6x34EHmTIObdiklEO9MajYOEnSTO/NzFy2tQwfIoqXKahY47O0M7QN1 +vUEQax31NRn8XLNvfvOqz5zbT5w84+dzJy2Aqh/ph9DyEWMz/nYwCGP9SqseZLmj +mSd7Eg9aYLKyeElPSTU9qFuuUQWMWdTeSkQFPUlwMIIIoTCCBomgAwIBAgIQWtCV +bROcZWNlJSfWCRdVhjANBgkqhkiG9w0BAQwFADBoMQswCQYDVQQGEwJVUzESMBAG +A1UEChMJQ2VydGlQYXRoMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +aWVzMSEwHwYDVQQDExhDZXJ0aVBhdGggQnJpZGdlIENBIC0gRzMwHhcNMjMwMjIy +MDAwMDAwWhcNMjQwMjI4MjM1OTU5WjCBizELMAkGA1UEBhMCQ0ExKzApBgNVBAoT +IkNhcmlsbG9uIEluZm9ybWF0aW9uIFNlY3VyaXR5IEluYy4xIjAgBgNVBAsTGUNl +cnRpZmljYXRpb24gQXV0aG9yaXRpZXMxKzApBgNVBAMTIkNhcmlsbG9uIFBLSSBT +ZXJ2aWNlcyBHMiBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCy6NasC1HYr4qkVnZDW58WGBzfAxuron6i3ZhZJO89Z/drBw2EAFBWU/oG +3Sj3JkUeHfvCRXuiBYB9bfCyJ/7pfxH3rRfeAKqBJqExSOly6J/1F8oSsrY6+zuT +xV2wki0tWcCMHNT4QFqQ7TvNvcnh8UAGr5lCFtmChu0ihpUaPwZR1pRGVnXljVlz +8iQ4hy2Pjo+1do8EXRf4xZRHkIKeI1hGZun5YorIynpBwV5214sEs/Mk2YDTb0vG +pw1GWotfOut4ih0F6TDA/pUu49WOakuQASy38T1XAeglBnee3IPUi4dWCfKI+tbU +tYSD5MXZtyGnCppAR4/K4gqroVfUV5WMdPZhZqU8Y38myg3bpslRd5eMteanAgxa +Ku1Q6T/7EoQOKAeQze2J3Pe85I8EOWSPVZcwLov1AQL1IhPW+L/ScpvQ0IK0pU1E +l2klNY7y/sTxxGQKclt8dQ2Cj3Uc5v1i9rNW+wvCm0JLlm22+tg6/hST4v/52Mcu +Ng7TRcFufjiANcNiqTPTijquJhsPUpO5W8hH7QSWs3gG/deweN7+3X8BCbA99aRv +nAwCiCOOpeppt7dA/GHTRn+Z1MNJjAl2dOQO9LLMajXYEl8fA++EOzfUrpP8j4Yy +pu1B8z6b+5A6l4iFF1J1kP6Ua34Ckm67hUb3xYLlbd3gP/yl3QIDAQABo4IDITCC +Ax0wHQYDVR0OBBYEFP4BF6aKLnoK25nuD0uUgwSK3JGRMBIGA1UdEwEB/wQIMAYB +Af8CAQEwgZsGA1UdIASBkzCBkDAOBgwrBgEEAYG7UwEBAQEwDgYMKwYBBAGBu1MB +AQECMA4GDCsGAQQBgbtTAQEBBDAOBgwrBgEEAYG7UwEBAQUwDgYMKwYBBAGBu1MB +AQEHMA4GDCsGAQQBgbtTAQEBCDAOBgwrBgEEAYG7UwEBAQkwDgYMKwYBBAGBu1MB +AQEXMA4GDCsGAQQBgbtTAQEBGDBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3Js +LmNlcnRpcGF0aC5jb20vQ2VydGlQYXRoQnJpZGdlQ0EtRzMuY3JsMA4GA1UdDwEB +/wQEAwIBBjAKBgNVHTYEAwIBADASBgNVHSQBAf8ECDAGgAEAgQEAMIIBEgYDVR0h +BIIBCTCCAQUwGwYMKwYBBAGBu1MBAQEBBgsrBgEEAYHDXgMBCzAbBgwrBgEEAYG7 +UwEBAQIGCysGAQQBgcNeAwEMMBsGDCsGAQQBgbtTAQEBBAYLKwYBBAGBw14DAR4w +GwYMKwYBBAGBu1MBAQEFBgsrBgEEAYHDXgMBHzAbBgwrBgEEAYG7UwEBAQcGCysG +AQQBgcNeAwEUMBsGDCsGAQQBgbtTAQEBCAYLKwYBBAGBw14DARUwGwYMKwYBBAGB +u1MBAQEJBgsrBgEEAYHDXgMBFjAbBgwrBgEEAYG7UwEBARcGCysGAQQBgcNeAwEN +MBsGDCsGAQQBgbtTAQEBGAYLKwYBBAGBw14DAQ4wUAYIKwYBBQUHAQsERDBCMEAG +CCsGAQUFBzAFhjRodHRwOi8vcHViLmNhcmlsbG9uLmNhL0NBY2VydHMvSXNzdWVk +QnlDSVNHMlJDQTIucDdjME0GCCsGAQUFBwEBBEEwPzA9BggrBgEFBQcwAoYxaHR0 +cDovL2FpYS5jZXJ0aXBhdGguY29tL0NlcnRpUGF0aEJyaWRnZUNBLUczLnA3YzAf +BgNVHSMEGDAWgBR6izwGktweqNKCrBt0b3Q9TtGomzANBgkqhkiG9w0BAQwFAAOC +AgEAvtWOBmcGVZPpdjNCYs3//f1m/UjxM6WlIo3ueJWRhUvQqSa4gMjN9SkJ80CI +Kv2BvXjNaH5ipmd6oeIZVQNY0j4BsJn9ZahXX6W2nPs2bL8tABF1qsgt3TiOPQV1 +z4ZFcmMdsJ1FWn0qUzIQHGugaoGaM4bEEHmddMb8JuR5+SlvtA7xT9pSD0PKkz+d +ljK2HdAOWBDq0WXYvNzlNkTFMf19qwU2nIeCM3d3nvIZ9izlYk9Rlwg49vL7C6f0 +72dUd99JCkxdvFy/cI0W/JIVtmm9igr3qn4lY4Jhnbtx+OO/Lqq+LC+7nSWPxfq8 +rkYMjDDx7z1BsmzROZHl2ZrFRQcSvmPwhGK6o5EZ+chyDZYKiBAEQHE5U8ZNVIdw +UP32YHqEWihprVv8Wwb6hhv3SLH19uhfOm2ZSShyZ0y0F/Yl32lhdfZ2tof2qVrl +5NbsjtT6w5MX1j3iyu96BqX4ip03yRa+TmO+QXgrEhRtkXHbk0BWHRwATxky//ID +LuEGOYvBv2eQJ2P1A0V3ohvolfBdogCSjTXYShk8cBwREYmdaFknQaEgqaWIaccv ++xkzGYq1bTt4d9DmRUZKMuoPYAhlISoAmvwHmU1QjgqKa4SzLblJMTPC1Re0HIja +zdQJgj8LwQwdnk98qcSTYyNTd0QsfoMNMVURtKspXJXhzsUwggi/MIIGp6ADAgEC +AhAByB+qq07BiSYrFZdlZlsHMA0GCSqGSIb3DQEBDAUAMGgxCzAJBgNVBAYTAlVT +MRIwEAYDVQQKEwlDZXJ0aVBhdGgxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0 +aG9yaXRpZXMxITAfBgNVBAMTGENlcnRpUGF0aCBCcmlkZ2UgQ0EgLSBHMzAeFw0y +MzA0MTkwMDAwMDBaFw0yNDA0MzAyMzU5NTlaMIGyMQswCQYDVQQGEwJVUzERMA8G +A1UECBMIQ29sb3JhZG8xDzANBgNVBAcTBkRlbnZlcjEkMCIGA1UEChMbTG9ja2hl +ZWQgTWFydGluIENvcnBvcmF0aW9uMSAwHgYDVQQLExdDZXJ0aWZpY2F0aW9uIEF1 +dGhvcml0eTE3MDUGA1UEAxMuTG9ja2hlZWQgTWFydGluIFJvb3QgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkgNjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +ALB4optANwOFyfv0CBfaTaFSfTjM4XlhoHoMdpvbgjtMEvN+So9XiH/chZGdWbgU +Bc2M8FvcSKlCFUwu3Ow4Y15biJiTmISIlZezvImf6FgjHV5HDW8v29VV5+979Bfu +FbeQp4cJfDJSsZq/B6WAQQAL67JM2OXiefJPGrytEF23a2tbwP6nuu6YvDiO8EVF +2J+HneZ9+sQT0qV4JGU/7JuRddPxxlPAijFM2upYD/6xZaxUg/dNntJeby1mr0Ng +zDw45fMbUseOvRDQyZg0yxomQ/nCNpfbZBq1k2FaEYMuDQ6pFw0alRVqnruC1/jB +BBNy1GAeiYtbkr1WvzNuQQjo0VbFjX8sNxURZLbemduraotV+6J1wrcesZXNODX8 +kFmUB9nMn6vNqTmExN32rkiVLY/CHT4FpuFYI936YzGS3zU1DMcQY1LgHIw/JzxG +Y1F+Qhaq4jnAfFhXZR2tJNs2S+1EYJulKTTapJNQTKy77GspT/vO2NiAsHFied1f +kEiorFc5v7xUo+/qj5kdxCkLmqtkrf8W1sLQXE83zGdRWnSqVBLX2RXVUkYt3RkM +QhTDG/iyFFj8HKqYQT8elZmS8Z9c9U5v+Msy67oDj2eodYPljL01rHApOx4WMSrh +Gkxzobbq6/P6TwUQNUqHBHQ/XSvAoZrygOfCQGZRwv9vAgMBAAGjggMYMIIDFDAS +BgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBRdvXEnHWbCht0FuhdJC02DkD6Y +njBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3JsLmNlcnRpcGF0aC5jb20vQ2Vy +dGlQYXRoQnJpZGdlQ0EtRzMuY3JsMAoGA1UdNgQDAgEAMBIGA1UdJAEB/wQIMAaA +AQCBAQAwgZwGA1UdIQSBlDCBkTAbBgwrBgEEAYG7UwEBAQEGCysGAQQBZ2QBAQME +MBsGDCsGAQQBgbtTAQEBAgYLKwYBBAFnZAEBAwMwGwYMKwYBBAGBu1MBAQEBBgsr +BgEEAWdkAQEDAzAbBgwrBgEEAYG7UwEBARcGCysGAQQBZ2QBAQMHMBsGDCsGAQQB +gbtTAQEBGAYLKwYBBAFnZAEBAwYwSQYDVR0gBEIwQDAOBgwrBgEEAYG7UwEBAQEw +DgYMKwYBBAGBu1MBAQECMA4GDCsGAQQBgbtTAQEBFzAOBgwrBgEEAYG7UwEBARgw +DgYDVR0PAQH/BAQDAgEGMIG2BgNVHR4BAf8EgaswgaiggaUwCoEIbG1jby5jb20w +C4EJLmxtY28uY29tMAqCCGxtY28uY29tMBSCEmxvY2toZWVkbWFydGluLmNvbTA3 +pDUwMzELMAkGA1UEBhMCVVMxJDAiBgNVBAoTG0xvY2toZWVkIE1hcnRpbiBDb3Jw +b3JhdGlvbjAvpC0wKzETMBEGCgmSJomT8ixkARkWA2NvbTEUMBIGCgmSJomT8ixk +ARkWBGxtY28wWAYIKwYBBQUHAQsETDBKMEgGCCsGAQUFBzAFhjxodHRwOi8vY3Js +LmV4dGVybmFsLmxtY28uY29tL2NybC9jZXJ0dXBkL2lzc3VlZGJ5LWxtcmNhNi5w +N2MwTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUFBzAChjFodHRwOi8vYWlhLmNlcnRp +cGF0aC5jb20vQ2VydGlQYXRoQnJpZGdlQ0EtRzMucDdjMB8GA1UdIwQYMBaAFHqL +PAaS3B6o0oKsG3RvdD1O0aibMA0GCSqGSIb3DQEBDAUAA4ICAQAoO4yJ4a/lhy77 +a0nDAQU7rLAY5g1icacEftV3toLcDUrmhQdHjOnnzsp3RQslMQFRgqYFmMnauJ/n +owLHrcLxSE18ADKdBAwdMic8QD04KSMCugN8i5Y6acjvcnL/gac6iUge9IoOysl4 +hKQABxqZUGgDES89W3CcKloVXLI5MT1LU0OqsAc4pKxhXN3Q4weRRihCo09iE5SK +h5z9bvEW09iJj+BkgaVJ4kdx6WlnfIce0MY3wOtRglCXrSIqIaHR+nYx1TktDrCK +gSc0zGpZTmHP36ZKSkygazXim0lnXMQsdlKI3+iRP5t9JyxLYeV0dQV0ej7LiIOj +VGcucBsYo+Lp6irhAN6SmFlApzg0+/ER0WDtIGMx9jJuXC/cbCWooSVWVzkqMj11 +lcA95ix30oklMYTOE5GMFo5svA5eEcMHKranlEj+XxhlxMwhO7ZmuCxYU4HHgNIu +akfN1NmHvwuIrWj1l/fKgb8YmNz4CFAN2/TsaI0JQlRnqa/EHLe/Ecc/pO8qjREe +zygAeVuS6jKR2HVhJLN4GZyPdx900f8QJzd7GPHV5TyxU6TJoT/uIlTZBhVVJz86 +2IYd9EciAXa0QiXHTQ+78tUCeQSXNe/gN0FxJ9g/WSx7gn9+NKCR8nawjF+dUW8A +s2aGLfhq66jCdOPTD73jqpVWbqtfVDCCCMowggayoAMCAQICFCdjT9Mhy/2MfvwK +6wKHb2PaTAwJMA0GCSqGSIb3DQEBDAUAMFwxCzAJBgNVBAYTAlVTMRgwFgYDVQQK +Ew9VLlMuIEdvdmVybm1lbnQxDTALBgNVBAsTBEZQS0kxJDAiBgNVBAMTG0ZlZGVy +YWwgQ29tbW9uIFBvbGljeSBDQSBHMjAeFw0yMDExMTgxNjE3MTNaFw0yMzExMTgx +NjE3MTNaMIGxMRMwEQYKCZImiZPyLGQBGRYDc2J1MRUwEwYKCZImiZPyLGQBGRYF +c3RhdGUxFjAUBgNVBAMMDUNvbmZpZ3VyYXRpb24xETAPBgNVBAMMCFNlcnZpY2Vz +MRwwGgYDVQQDDBNQdWJsaWMgS2V5IFNlcnZpY2VzMQwwCgYDVQQDDANBSUExLDAq +BgNVBAMMI1UuUy4gRGVwYXJ0bWVudCBvZiBTdGF0ZSBBRCBSb290IENBMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1WRdwmdia32+ptGjq8YX2F0Zamgj +mGyOjKcrth12nGylvBrcLN5bDswcQ0bjwPzeCWHEcguJ8GFPdWhjdf+3Ga3bceZ4 +F8hR1M2noDJkkp1v8yEu29nddxOn7Vp1CcKNwoEuJ4KykdnsQAVD3SK0EKvMud08 +xblFb2o5BXUKn/LYxyQSdu4PyhWJY3DM0LiAnphnyNYpxoeXE3t41TG+VuwTK3gX +8eybk8mz2R3XMCivfExdv19YvXpPRjaON8rWAH3Yi62X9mpDrFF7N1Z9Hm05+yOj +XUgTay4Ncc+xBzwGyokMLeQmzxljuGVVPMeiQVN0Ez1QBlanitRZzKQ7XYCePwcP +gh5++Iw7Z/00mi56FeyMwpmT9MnsvswQms01Fceb7rlZwWJWtJH1Wf92uaU03iOm +h2gMkFtVYUP5qtl1Di50exQVAFvb4xS5D4JaLNMQAJWUdnyDJnAogfimhPHfir71 +HCDbsXdubKE8kWXMmXZQ8IJ/i+bY+fQNpzgQ3naYCs6Aikg8GizEEccPMjbIV4z6 +ci5MO1eQMLQfSxHMYAW1PkvBuMBqOuyNjyixfxDzhrRVLf0FQeKNateVQ3pyv5RZ +3Cnv+HVEe6t7EITgz9exAxOVgX18La3d53/m6fH7S3of748LkiJc8Fme/+UUQsBI +e7DKuuDKidItBqkCAwEAAaOCAywwggMoMB0GA1UdDgQWBBTMAGhhpqUDkxAKG2G3 +hxjBRVbagjAfBgNVHSMEGDAWgBT0J1ypw3xH9Pqmp7BZl6rdNSYX4zAOBgNVHQ8B +Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zCBlwYDVR0gBIGPMIGMMAwGCmCGSAFl +AwIBAxMwDAYKYIZIAWUDAgEDBjAMBgpghkgBZQMCAQMHMAwGCmCGSAFlAwIBAwgw +DAYKYIZIAWUDAgEDJDAMBgpghkgBZQMCAQMNMAwGCmCGSAFlAwIBAxAwDAYKYIZI +AWUDAgEDETAMBgpghkgBZQMCAQMnMAwGCmCGSAFlAwIBAygwggErBgNVHSEEggEi +MIIBHjAYBgpghkgBZQMCAQMGBgpghkgBZQMCAQMGMBgGCmCGSAFlAwIBAwYGCmCG +SAFlAwIBBgMwGAYKYIZIAWUDAgEDBwYKYIZIAWUDAgEDBzAYBgpghkgBZQMCAQMH +BgpghkgBZQMCAQYMMBgGCmCGSAFlAwIBAxAGCmCGSAFlAwIBAxAwGAYKYIZIAWUD +AgEDEAYKYIZIAWUDAgEGBDAYBgpghkgBZQMCAQMIBgpghkgBZQMCAQMIMBgGCmCG +SAFlAwIBAwgGCmCGSAFlAwIBBiUwGAYKYIZIAWUDAgEDJAYKYIZIAWUDAgEDJDAY +BgpghkgBZQMCAQMkBgpghkgBZQMCAQYmMBgGCmCGSAFlAwIBAxMGCmCGSAFlAwIB +Ay4wUwYIKwYBBQUHAQsERzBFMEMGCCsGAQUFBzAFhjdodHRwOi8vY3Jscy5wa2ku +c3RhdGUuZ292L1NJQS9DZXJ0c0lzc3VlZEJ5QURSb290Q0EucDdjMA8GA1UdJAQI +MAaAAQCBAQAwCgYDVR02BAMCAQAwUQYIKwYBBQUHAQEERTBDMEEGCCsGAQUFBzAC +hjVodHRwOi8vcmVwby5mcGtpLmdvdi9mY3BjYS9jYUNlcnRzSXNzdWVkVG9mY3Bj +YWcyLnA3YzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vcmVwby5mcGtpLmdvdi9m +Y3BjYS9mY3BjYWcyLmNybDANBgkqhkiG9w0BAQwFAAOCAgEAA4c9UCjDUYUZ2Lh/ +EWhMHWX1CIL1fiUI8afGSJT46DjalJJiBillBN2mESzobwQBLnn71EzRL1lcN/Qs +va3iFaV2Cb/JoK77M776TtTmumg/zDgXbLfU762Cbcvp6UFYXv5SAkcigrUZAGDK +NDvyIRzX3rJeaidsfvbFUeMuJPD4av/eGSC4Z6Ib3irEG0+Ye2nSPyvAWAnloZTH +nnP5pwdbtOpmSrZBq4Z4WQ8IBIMqUUR6Q8tnXnJ6JlNBP5cZ8pArXeaWTKuciejR +rHSh/j4WUyIWdNEbe6fsDjgUVOajF+Lfl7pFstJUffvsZkzILq/CG8xwzeac1hai +8BLCwfnrXx9oYvrx6w5fRrdExUGTXMvusUmsUdxhdhG/abCUEwHkMhY9b6ilOqw2 +S4Y8bw1q+9S7eycM8dMAbom2jdtaA/AZeMrAlN9MwDtpHfJhS4ibB4lyIIJJ6a81 +BOSs8+4YppE+860X6A3DJGkB9LKVjgT1sAc86bHqn1eRpRDnRgyOzgCCbTl0So50 +teaoE46EPUgxDolTTYSd7Qsh+a0yX9F2HreWqukyxRlfqA7qoQ9n/x3N4IV8T0Jh +XScoCsGIrdyZFvUcxAXtD63QXYAFyr5WKh05fpVK9Ql/q6ZDIdbMF5pAalMCkVza +CGJbqJYWCW7gimKtDoaTdWvHhV0wggkuMIIHFqADAgECAhQnnwlzf+XdPXU0vg6l +Gv+dxAGFATANBgkqhkiG9w0BAQwFADBcMQswCQYDVQQGEwJVUzEYMBYGA1UEChMP +VS5TLiBHb3Zlcm5tZW50MQ0wCwYDVQQLEwRGUEtJMSQwIgYDVQQDExtGZWRlcmFs +IENvbW1vbiBQb2xpY3kgQ0EgRzIwHhcNMjIwNDA2MTcwODQwWhcNMjUwNDA2MTcw +ODQwWjCBjjELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEj +MCEGA1UECxMaRGVwYXJ0bWVudCBvZiB0aGUgVHJlYXN1cnkxIjAgBgNVBAsTGUNl +cnRpZmljYXRpb24gQXV0aG9yaXRpZXMxHDAaBgNVBAsTE1VTIFRyZWFzdXJ5IFJv +b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDsPmfNCAYlZsDM +UIy/nHudvttnURFsoYR8pUuDtdZPzFOwvwJoi2V1a1MYbBuOJMf6xsuaTX2OR8JD +tCHKKkwcN+YXEQBr9pNzbydaq5P86a3XIS6dfapArtcDjaAZgtF+SNxXzCv+BweJ +5AMRFQpRJg+j95yvN9wntLvFGkgqqIE+UPmaxYmMEcGyBla8ym9Pa1m45Tecrjuh +DcU1m0dSJSRhS1CJ4xHCTxNDxjR91n6vAnFZOjjgtQmniFc+C11JJ74MUMm/6V7w +1y/PDVwfyUnyyM+MW8UKN5ZVlUWEML8dHYGqcLu+pxIDJYLCwho01+fXWSu4sx/z +tJR2orBZ4sf7Ek6HmyUpX3X6l57sepRghrA7dssJ4dnZNdB+g3fufbbgh4WDOlHa +3h9VEuVhh5m4XFFvi8icIgUzC+Wais5eK1UJ9pl3vVaz0Yo7dKDe6v2w28qAF4Ts +DiablsRVEFLQamj6zov2N1Q9i+vNXVtHHV/gh8jC5JvGX3cyfUkss0U9LWcAeFE5 +zU3NN//VqedWc9a3j3G8l94qYVqDCQwq/fAWprRQcX1M7xNhw7mO547B+Idjp70B +ISVPR6/laTeRqg/nA9Z4/xGGS3UecP2m6K2ACJQ0ewSiXuix6ahFB2XOaDmNkTfT +oobPCNuA11fhA3yIan++3euD7SwVWQIDAQABo4IDszCCA68wHwYDVR0jBBgwFoAU +9CdcqcN8R/T6pqewWZeq3TUmF+MwHQYDVR0OBBYEFBdLuCa6aXqtElBXRTGeV7t0 +pdovMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MIHdBgNVHSAEgdUw +gdIwDAYKYIZIAWUDAgEDATAMBgpghkgBZQMCAQMCMAwGCmCGSAFlAwIBAxIwDAYK +YIZIAWUDAgEDEzAMBgpghkgBZQMCAQMUMAwGCmCGSAFlAwIBAwYwDAYKYIZIAWUD +AgEDBzAMBgpghkgBZQMCAQMIMAwGCmCGSAFlAwIBAyQwDAYKYIZIAWUDAgEDDTAM +BgpghkgBZQMCAQMQMAwGCmCGSAFlAwIBAxEwDAYKYIZIAWUDAgEDJzAMBgpghkgB +ZQMCAQMoMAwGCmCGSAFlAwIBAykwggF5BgNVHSEEggFwMIIBbDAYBgpghkgBZQMC +AQMBBgpghkgBZQMCAQUCMBgGCmCGSAFlAwIBAwIGCmCGSAFlAwIBBQMwGAYKYIZI +AWUDAgEDBgYKYIZIAWUDAgEDBjAYBgpghkgBZQMCAQMGBgpghkgBZQMCAQUHMBgG +CmCGSAFlAwIBAwcGCmCGSAFlAwIBAwcwGAYKYIZIAWUDAgEDBwYKYIZIAWUDAgEF +BDAYBgpghkgBZQMCAQMQBgpghkgBZQMCAQMQMBgGCmCGSAFlAwIBAxAGCmCGSAFl +AwIBBQUwGAYKYIZIAWUDAgEDEgYKYIZIAWUDAgEFCjAYBgpghkgBZQMCAQMTBgpg +hkgBZQMCAQULMBgGCmCGSAFlAwIBAxQGCmCGSAFlAwIBBQwwGAYKYIZIAWUDAgED +EgYKYIZIAWUDAgEDLTAYBgpghkgBZQMCAQMTBgpghkgBZQMCAQMuMBgGCmCGSAFl +AwIBAxQGCmCGSAFlAwIBAy8wQAYIKwYBBQUHAQsENDAyMDAGCCsGAQUFBzAFhiRo +dHRwOi8vcGtpLnRyZWFzdXJ5Lmdvdi9yb290X3NpYS5wN2MwEgYDVR0kAQH/BAgw +BoABAIEBADANBgNVHTYBAf8EAwIBADBRBggrBgEFBQcBAQRFMEMwQQYIKwYBBQUH +MAKGNWh0dHA6Ly9yZXBvLmZwa2kuZ292L2ZjcGNhL2NhQ2VydHNJc3N1ZWRUb2Zj +cGNhZzIucDdjMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9yZXBvLmZwa2kuZ292 +L2ZjcGNhL2ZjcGNhZzIuY3JsMA0GCSqGSIb3DQEBDAUAA4ICAQByJxJpTWO75u1o +A58LI/0zH+wqJu9H+ZwQfoKLx8euFqbvn6ZHt/JDsLo9mEJCEU7fPSMvFbojOmcq +GnOnSiok6RXvlaSoqgJ39rClbI/AC2tYcyPJvqzsAdwXCMALSF4r3pkyv5I4ztei +lVggCdDi1h7U43mUMEuagk6kc4jPUTgT65tzBO5bKAsDIvkhQcZglAszon9sOFtE +NvPpp4LFKFdZk/sBr6OGLQ3VmbIetnW66Q+kxf1H+qqFdKPNFjDGrrCjN1uH5qPY +5Tdl1FUpoILTiT3OviUVWrVG0pzfiJiq2lsEKbUhZosfVSjhqi+8mXHAQ8QjRcFr +nQgsKQRh44JOTn2QFaBNM3H1HsUUAD4OhNbVj7VWJtmlfGSCkGkWaJgGgj0t/A2H +nSf+WLHHGggap799O6nXIRpuimGo1yEGUrm1Fx8cN0B3bhWrgwKrUb7NRXN0scry +ddxcbM1Zr8pm8SxoA6QvHVsbLGnQPxtiawpa6aab+OUxirVEYfEVExc8xtyf4hmb +Dm3xsLvAhO9GVOhGXoIJ8TVxLHr1yA6ohUUizjcnXyfKZRiko6Kuncqby5PjtTId +MSC2fdUsoyFbWw3XMSPJiXhZwygaWNrbFbRbLxMWV3dr7Q7VjIfcFmG4L/Uy9JpF +UTriYdafCdmqcNjDjEnU5LVD6XXwSDCCCTwwggckoAMCAQICEHBzpi4AFpRHB6zU +wbEYpNUwDQYJKoZIhvcNAQEMBQAwaDELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUNl +cnRpUGF0aDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEhMB8G +A1UEAxMYQ2VydGlQYXRoIEJyaWRnZSBDQSAtIEczMB4XDTIzMDcxOTAwMDAwMFoX +DTI0MDczMTIzNTk1OVowgYAxEzARBgoJkiaJk/IsZAEZFgNjb20xEzARBgoJkiaJ +k/IsZAEZFgNydHgxDDAKBgNVBAoTA0NBczESMBAGA1UECxMJQ2xhc3MzLUczMTIw +MAYDVQQDEylSYXl0aGVvbiBUZWNobm9sb2dpZXMgTWVkaXVtIEFzc3VyYW5jZSBD +QTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJMfxBIJxddPSALEdiUd +EiNG5fKtILgyZSsmjhQtRo2ctQect9xXXRDyXUdrQdLCAJItgolmKct5CeDPNM0Z +J1ifloSxeBWAjc6g9Y73357xlHBqZzU4n3yKv2uyu1bbBIYwkCLpoEo0rMUeSHaT +G47KYvmQnrS8S91EXTyJbctKFbZxwRB/7UDmfbuRhcurcnAAt1qrTx6dUmY3lBrD +QynLBeircsXlcb5+AjXGnaeHRm88VOuV3IUZHqY/mXEbfL0tvpXvI8VWDeCwtDZ+ +s0Llu4NmT8tl0FrHqq9oZWvf1247zREo34sQ0FQbBd3VSjeaEYlKeBLQSYq1yPoq +7QQUnXhnhcKluVFGi1v0+lkwObY4Akx2DE+3pjhF03tqPqLLvXMDVzY8WX7/0ymD +XfwauLHX9G1yx2dKz6UgJqbeqmKXvj7+T3GfwY5fcaG2QrdJM0MvmiOADfdV47yv +LkHnU4iMV/e9P1vLRKhVKOVAprUOm8UcZx7tKd8nmIa0OwIDAQABo4IERzCCBEMw +EgYDVR0TAQH/BAgwBgEB/wIBADBpBgNVHSAEYjBgMA4GDCsGAQQBgbtTAQEBATAO +BgwrBgEEAYG7UwEBAQIwDgYMKwYBBAGBu1MBAQEEMA4GDCsGAQQBgbtTAQEBBTAO +BgwrBgEEAYG7UwEBARcwDgYMKwYBBAGBu1MBAQEYMEIGA1UdHwQ7MDkwN6A1oDOG +MWh0dHA6Ly9jcmwuY2VydGlwYXRoLmNvbS9DZXJ0aVBhdGhCcmlkZ2VDQS1HMy5j +cmwwDgYDVR0PAQH/BAQDAgEGMAoGA1UdNgQDAgEAMIIBEgYDVR0hBIIBCTCCAQUw +GwYMKwYBBAGBu1MBAQEBBgsrBgEEAYHREQoBDTAbBgwrBgEEAYG7UwEBAQIGCysG +AQQBgdERCgEMMBsGDCsGAQQBgbtTAQEBBAYLKwYBBAGB0REKAQ8wGwYMKwYBBAGB +u1MBAQEFBgsrBgEEAYHREQoBDjAbBgwrBgEEAYG7UwEBARcGCysGAQQBgdERCgET +MBsGDCsGAQQBgbtTAQEBGAYLKwYBBAGB0REKARIwGwYMKwYBBAGBu1MBAQEBBgsr +BgEEAYHREQoBDDAbBgwrBgEEAYG7UwEBAQQGCysGAQQBgdERCgEOMBsGDCsGAQQB +gbtTAQEBFwYLKwYBBAGB0REKARIwEgYDVR0kAQH/BAgwBoABAIEBADAdBgNVHQ4E +FgQUl2lt/X4r5afyYr116pYe4AzAqUYwTQYIKwYBBQUHAQEEQTA/MD0GCCsGAQUF +BzAChjFodHRwOi8vYWlhLmNlcnRpcGF0aC5jb20vQ2VydGlQYXRoQnJpZGdlQ0Et +RzMucDdjMIIBpwYDVR0eAQH/BIIBmzCCAZegggGTMAqBCC5iYm4uY29tMA6BDC5j +b2xsaW5zLmNvbTATgREucHJhdHR3aGl0bmV5LmNvbTAKgQgucmF5LmNvbTAPgQ0u +cmF5dGhlb24uY29tMAqBCC5ydHguY29tMA2BCy5zaWdvdnMuY29tMAqBCC51dGMu +Y29tMAmBB2Jibi5jb20wDYELY29sbGlucy5jb20wEoEQcHJhdHR3aGl0bmV5LmNv +bTAJgQdyYXkuY29tMA6BDHJheXRoZW9uLmNvbTAJgQdydHguY29tMAyBCnNpZ292 +cy5jb20wCYEHdXRjLmNvbTAJggdiYm4uY29tMA2CC2NvbGxpbnMuY29tMBKCEHBy +YXR0d2hpdG5leS5jb20wCYIHcmF5LmNvbTAOggxyYXl0aGVvbi5jb20wCYIHcnR4 +LmNvbTAMggpzaWdvdnMuY29tMAmCB3V0Yy5jb20wLqQsMCoxEzARBgoJkiaJk/Is +ZAEZFgNjb20xEzARBgoJkiaJk/IsZAEZFgNydHgwEqQQMA4xDDAKBgNVBAoTA3J0 +eDAfBgNVHSMEGDAWgBR6izwGktweqNKCrBt0b3Q9TtGomzANBgkqhkiG9w0BAQwF +AAOCAgEAabefjvcvZ49Wtl8F5qBCRqvJys4H52tLeSp9djHFcM7Fys5RUJyaeOMy +FnKb5+Jx801nqLca6tZLPUVGtYut4SEnQ37XCQ2j1qC3YJW1DajJKzvsrT1kiheF +36BQgLZQ7/CBGJfO/j1jVuQKw8fcn4QSbkISv3pMHiPCaAvdikAsAsGXgRUT1g4z +1QzLgfR1EeoYOQ7wDZkHWZZQyIVqQQj9N4PdAGqV/QNfdrVAhjw0thQT4nGZMjSO +xZOEsKn0nLSzkcI2u8BolvHCmJ/biVzzUoBqP5iKH7OCAuTjo1v3DqJJd7GHcknl +/UCNZwHsKF5OTjbLKjMELrhTq6ocwvNKG/MGH7vc967Kbe6joQlQ62mf3F0wcA4B +cSVny00wnV1ngtnTgWLy7IJxM/cwYOCQZ5MRzNd7UoQooHPwZyGG2/3WlosLRRwo +Qc7BIe0ih8BmHqDD8MhtBbZToobWjYUbHr9l7EdIRURWxG/bOagIQuCVF/CCFu5M +Pq4qAkNx+cFngRnn43Gy/ooZYNF9P56pIUKg71nRwjCBQvXHt3hiITYol+IHau3b +YRRweXXUR2edLDZH8k4EIuEK2txeswFm3B1Hvx6gryN3kHu8/mHI4EkePNfTq+Rs +sg+VUe6ZAnbOiBIS9aH3H01Ib9W+wp991BV90cJzMF6QP9QT2tIwggk9MIIHJaAD +AgECAgIBQTANBgkqhkiG9w0BAQsFADB6MQswCQYDVQQGEwJVUzEOMAwGA1UEChMF +U1RSQUMxJzAlBgNVBAsTHlNUUkFDIFBLSSBUcnVzdCBJbmZyYXN0cnVjdHVyZTEy +MDAGA1UEAxMpU1RSQUMgQnJpZGdlIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkwHhcNMjMwMTA3MTYzNTI5WhcNMjYwMTA2MTYzNTI5WjCBhDELMAkGA1UEBhMC +VVMxKDAmBgNVBAoTH0ZvdW5kYXRpb24gZm9yIFRydXN0ZWQgSWRlbnRpdHkxJTAj +BgNVBAsTHEZUSSBQS0kgVHJ1c3QgSW5mcmFzdHJ1Y3R1cmUxJDAiBgNVBAMTG0ZU +SSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBANMa8pzc5rqbQOq213ATXAzI7dq16HocMg+tho8Rh13mlCL8vpf+ +6VoGOsKCYw8KbtRJorB6xlKD9/oCVq3E7/yhTfAjCQPLYQSWH9Q8MuotiLNKIR9M +WYlkS0m91TLXoTi4DBO+5jftvqdO58GDA4YMdCvBLke/oJXgJmEr/400HaKn7Wr/ +AdxxbJ1tKVO7MfTIwfUXykxwdNg5y+bFtjzWL6v66JFuBB0NS+urd/26dt6Xm68E +uYfArDiyO1epkvGeEdTYQmzBcFGIPTl7yBIykHC6eDyoMMHxmS2PjHyGZRjFc3tZ +7jE+wtw+UjwBzLLw+Yzam+xUqP39/AzBYWlLtps8CUy0YIiFETNGhGbB+YpDOkSO +Co9HfDrAy7mIz2e6whLdz2b+XJBdgEa+yXaHp114XWweO4Eojxiov0qotOWiTEOp +mEY1Cwo2gFYteuecIuCLk9tOPBwtemfJcg7Muv6lC9KMOkXOSGWzHEGgSlPu+b+q +BDg62O085omDNZShwyh2jQZKlz2jzvQ8qou9/YLFcKZfy9L1knEXPQt74FOob8bm +KceHyvjhN2nyNkabqIgDtbMDkPZALOL4EBhqgD0CjkzQXAiG9PP80NNvb1fd1U5v +x47lk6VRuz23crslFFVVHwaeV4izAtxAIBmwxCXei6Kf37om9bZ5GHLlAgMBAAGj +ggPAMIIDvDAfBgNVHSMEGDAWgBQZwc6HSTOAtvdarGXDdPB/N5KlYTAdBgNVHQ4E +FgQU0jjdte9LWVc2f7+/nKZ9DBkxBa0wDgYDVR0PAQH/BAQDAgEGMIG7BgNVHSAE +gbMwgbAwDgYMKwYBBAGCtm0CAQUBMA4GDCsGAQQBgrZtAgEFAjAOBgwrBgEEAYK2 +bQIBBQMwDgYMKwYBBAGCtm0CAQUEMA4GDCsGAQQBgrZtAgEFBTAOBgwrBgEEAYK2 +bQIBBQYwDgYMKwYBBAGCtm0CAQUHMA4GDCsGAQQBgrZtAgEFCDAOBgwrBgEEAYK2 +bQIBBQkwDgYMKwYBBAGCtm0CAQUKMA4GDCsGAQQBgrZtAgEFCzAPBgNVHRMBAf8E +BTADAQH/MEYGA1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly9wa2kuc3RyYWMub3JnL2Jy +aWRnZS9jcmwvU1RSQUNCcmlkZ2VSb290Q0EuY3JsMIGDBggrBgEFBQcBAQR3MHUw +SgYIKwYBBQUHMAKGPmh0dHA6Ly9wa2kuc3RyYWMub3JnL2JyaWRnZS9jZXJ0aWZp +Y2F0ZXMvU1RSQUNCcmlkZ2VSb290Q0EucDdjMCcGCCsGAQUFBzABhhtodHRwOi8v +Y2VydHN0YXR1cy5zdHJhYy5vcmcwTAYIKwYBBQUHAQsEQDA+MDwGCCsGAQUFBzAF +hjBodHRwOi8vcGtpLmZ0aS5vcmcvZnRpX2NhL2NlcnRpZmljYXRlcy9GVElDQS5w +N2MwGAYDVR0SBBEwD4ENcGtpQHN0cmFjLm9yZzCCAVcGA1UdIQSCAU4wggFKMBwG +DCsGAQQBgrZtAgEFAQYMKwYBBAGC9k8CAgUBMBwGDCsGAQQBgrZtAgEFAgYMKwYB +BAGC9k8CAgUCMBwGDCsGAQQBgrZtAgEFAwYMKwYBBAGC9k8CAgUDMBwGDCsGAQQB +grZtAgEFBAYMKwYBBAGC9k8CAgUEMBwGDCsGAQQBgrZtAgEFBQYMKwYBBAGC9k8C +AgUFMBwGDCsGAQQBgrZtAgEFBgYMKwYBBAGC9k8CAgUGMBwGDCsGAQQBgrZtAgEF +BwYMKwYBBAGC9k8CAgUHMBwGDCsGAQQBgrZtAgEFCAYMKwYBBAGC9k8CAgUIMBwG +DCsGAQQBgrZtAgEFCQYMKwYBBAGC9k8CAgUJMBwGDCsGAQQBgrZtAgEFCgYMKwYB +BAGC9k8CAgUKMBwGDCsGAQQBgrZtAgEFCwYMKwYBBAGC9k8CAgULMAoGA1UdNgQD +AgEAMA0GCSqGSIb3DQEBCwUAA4ICAQA8AkBlzwarJj5PqQhOVCf7cgkj5T1gdulQ +tQhOB+xWlXH8URZHqOxl99JNfDlhMX2nNc0z9FCStiOf27oEjqjeX+jcLa/iUTAG +Gl7PinT1Jh69ej9PJacM/Sk/9431NYDEIluzpriA7DFa2J2lumP4QRic8A+rTm44 +nNN4Eg/bY6OBPUY2B7X69LIWqVS21qLgF89ljmyckZlWKqJ0f8C5n9qUilx2PVbT +r5noc/VfSVhvLJI8bno5KWSi979/7VR1MqeW1UXDBwa7++G8b7Z9CtSjbUCQkMCq +mmwWsj7xGcqJ2zeJs1pCnEbIMstqO9tXaIRtlpGrsZ3yqDFuoZq3A8i3ZgST4rwe ++uNmIWh2VI8cM/VWc9MxdKsSTRW3NlOczySyEOG8aZVMw53goipgmCdgXNy7gLDZ +WO+qFU3QLYSK3qJbWSMdhuIJIoJou9azhJVoho4kl//b7SwrLiHIjKHZDwL1m79Y +585iIYxh9ETvQqS2Bi2yIB7iE1taBBgEvQrTQxCVAEYEFWeax+BsA10NmhVm3r98 +tYiNP2UiiGWRYMjUjmyIfestvyKSihiQ1FV62kJ/Ut1rIDVBxtl2VCuHoaUOewiJ +RKlppMuXyDl1o+GbLTlbcOgpZllC933ecpJW/LDl9nf0/mjAZ7xmWZD2MDeqz68X +Nkil7JCUEzCCCWcwggdPoAMCAQICEAi8TYmd44cQNy/PtRlRDu0wDQYJKoZIhvcN +AQEMBQAwaDELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUNlcnRpUGF0aDEiMCAGA1UE +CxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEhMB8GA1UEAxMYQ2VydGlQYXRo +IEJyaWRnZSBDQSAtIEczMB4XDTIzMDIyMjAwMDAwMFoXDTI0MDIyODIzNTk1OVow +gZYxCzAJBgNVBAYTAlVTMSUwIwYDVQQKExxOb3J0aHJvcCBHcnVtbWFuIENvcnBv +cmF0aW9uMTAwLgYDVQQLEydOb3J0aHJvcCBHcnVtbWFuIEluZm9ybWF0aW9uIFRl +Y2hub2xvZ3kxLjAsBgNVBAMTJU5vcnRocm9wIEdydW1tYW4gQ29ycG9yYXRlIFJv +b3QgQ0EtRzIwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCh19Tsujvg +8WvhGSkaxAZa78KHBQxhE5z+UXjuqjZCZHxXW1x9fnfb2tUiE3DOWT0H1qaTF0L+ +2UAnqGSijCfV7i3CXNHLLJ3qO5y8JkhYih5GJeqMGL8bnMbSSiIN7WvqcCyxHbyb +hxinwlbUGN2IYeBS04Kaec7cGazJM8aaF5QwoQkmocl7BCZlFUgnjjU6nULZUUd5 +ahND7+xffZ1l4w4foLS5HWE6xU+z6Zyg5m/F+fd4eytmGHKlZ7Ab0SGALjxhWb7w +YfT42bIEDwlhBP8Svrv9r/WamJx+AoO5SdcMwhVnjBDWMQMy9dsmOrWKOXPPdMmZ +68qTPccEjLCP3b3CBg2P85I3o6QF5uTBsk01CYt8VxnTETrdXaZmUKKVHSaLG7tY +7Nao38htL7c0VCO/NIJ9ExbTITGBeFqNWViwnveLHbx9IQsjFMwu5lrcXY536XZs +HFjyl/TG8jjpzcu6G3cZPuRXv5EE5AoaWR9iUsdWp5GCQskU2A+wOkECAwEAAaOC +BFwwggRYMAoGA1UdNgQDAgEAMHoGCCsGAQUFBwELBG4wbDBqBggrBgEFBQcwBYZe +aHR0cDovL2NlcnRkYXRhLm5vcnRocm9wZ3J1bW1hbi5jb20vY2VydGRhdGEvcDdj +L0lzc3VlZEJ5Tm9ydGhyb3BHcnVtbWFuQ29ycG9yYXRlUm9vdENBLUcyLnA3YzCB +nAYDVR0hBIGUMIGRMBsGDCsGAQQBgbtTAQEBAQYLKwYBBAH/ToN9AgcwGwYMKwYB +BAGBu1MBAQECBgsrBgEEAf9Og30CCDAbBgwrBgEEAYG7UwEBAQcGCysGAQQB/06D +fQIJMBsGDCsGAQQBgbtTAQEBCAYLKwYBBAH/ToN9AgowGwYMKwYBBAGBu1MBAQEJ +BgsrBgEEAf9Og30CCzAdBgNVHQ4EFgQUf0PqPCB3PpLLjYWiiAYwXh5DPrcwggHH +BgNVHR4BAf8EggG7MIIBt6CCAbMwCYEHbmdjLmNvbTAKgQgubmdjLmNvbTALgQlt +eW5nYy5jb20wDIEKLm15bmdjLmNvbTAQgQ5vcmJpdGFsYXRrLmNvbTARgQ8ub3Ji +aXRhbGF0ay5jb20wDIEKc2NhbGVkLmNvbTANgQsuc2NhbGVkLmNvbTAJggduZ2Mu +Y29tMA+CDW5vcnRoZ3J1bS5jb20wFYITbm9ydGhyb3BncnVtbWFuLmNvbTALgglt +eW5nYy5jb20wC4IJbmdleHQuY29tMBCCDm9yYml0YWxhdGsuY29tMAyCCnNjYWxl +ZC5jb20wOKQ2MDQxCzAJBgNVBAYTAlVTMSUwIwYDVQQKExxOb3J0aHJvcCBHcnVt +bWFuIENvcnBvcmF0aW9uMDSkMjAwMRMwEQYKCZImiZPyLGQBGRYDY29tMRkwFwYK +CZImiZPyLGQBGRYJbm9ydGhncnVtMDCkLjAsMRMwEQYKCZImiZPyLGQBGRYDY29t +MRUwEwYKCZImiZPyLGQBGRYFbmdleHQwLqQsMCoxEzARBgoJkiaJk/IsZAEZFgNj +b20xEzARBgoJkiaJk/IsZAEZFgNuZ2MwEgYDVR0TAQH/BAgwBgEB/wIBATBZBgNV +HSAEUjBQMA4GDCsGAQQBgbtTAQEBATAOBgwrBgEEAYG7UwEBAQIwDgYMKwYBBAGB +u1MBAQEHMA4GDCsGAQQBgbtTAQEBCDAOBgwrBgEEAYG7UwEBAQkwQgYDVR0fBDsw +OTA3oDWgM4YxaHR0cDovL2NybC5jZXJ0aXBhdGguY29tL0NlcnRpUGF0aEJyaWRn +ZUNBLUczLmNybDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0kAQH/BAgwBoABAIEBADBN BggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAKGMWh0dHA6Ly9haWEuY2VydGlwYXRo LmNvbS9DZXJ0aVBhdGhCcmlkZ2VDQS1HMy5wN2MwHwYDVR0jBBgwFoAUeos8BpLc -HqjSgqwbdG90PU7RqJswDQYJKoZIhvcNAQEMBQADggIBAL7VjgZnBlWT6XYzQmLN -//39Zv1I8TOlpSKN7niVkYVL0KkmuIDIzfUpCfNAiCr9gb14zWh+YqZneqHiGVUD -WNI+AbCZ/WWoV1+ltpz7Nmy/LQARdarILd04jj0Fdc+GRXJjHbCdRVp9KlMyEBxr -oGqBmjOGxBB5nXTG/Cbkefkpb7QO8U/aUg9DypM/nZYyth3QDlgQ6tFl2Lzc5TZE -xTH9fasFNpyHgjN3d57yGfYs5WJPUZcIOPby+wun9O9nVHffSQpMXbxcv3CNFvyS -FbZpvYoK96p+JWOCYZ27cfjjvy6qviwvu50lj8X6vK5GDIww8e89QbJs0TmR5dma -xUUHEr5j8IRiuqORGfnIcg2WCogQBEBxOVPGTVSHcFD99mB6hFooaa1b/FsG+oYb -90ix9fboXzptmUkocmdMtBf2Jd9pYXX2draH9qla5eTW7I7U+sOTF9Y94srvegal -+IqdN8kWvk5jvkF4KxIUbZFx25NAVh0cAE8ZMv/yAy7hBjmLwb9nkCdj9QNFd6Ib -6JXwXaIAko012EoZPHAcERGJnWhZJ0GhIKmliGnHL/sZMxmKtW07eHfQ5kVGSjLq -D2AIZSEqAJr8B5lNUI4KimuEsy25STEzwtUXtByI2s3UCYI/C8EMHZ5PfKnEk2Mj -U3dELH6DDTFVEbSrKVyV4c7FMIIIvzCCBqegAwIBAgIQAcgfqqtOwYkmKxWXZWZb -BzANBgkqhkiG9w0BAQwFADBoMQswCQYDVQQGEwJVUzESMBAGA1UEChMJQ2VydGlQ -YXRoMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMSEwHwYDVQQD -ExhDZXJ0aVBhdGggQnJpZGdlIENBIC0gRzMwHhcNMjMwNDE5MDAwMDAwWhcNMjQw -NDMwMjM1OTU5WjCBsjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCENvbG9yYWRvMQ8w -DQYDVQQHEwZEZW52ZXIxJDAiBgNVBAoTG0xvY2toZWVkIE1hcnRpbiBDb3Jwb3Jh -dGlvbjEgMB4GA1UECxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxNzA1BgNVBAMT -LkxvY2toZWVkIE1hcnRpbiBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IDYw -ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCweKKbQDcDhcn79AgX2k2h -Un04zOF5YaB6DHab24I7TBLzfkqPV4h/3IWRnVm4FAXNjPBb3EipQhVMLtzsOGNe -W4iYk5iEiJWXs7yJn+hYIx1eRw1vL9vVVefve/QX7hW3kKeHCXwyUrGavwelgEEA -C+uyTNjl4nnyTxq8rRBdt2trW8D+p7rumLw4jvBFRdifh53mffrEE9KleCRlP+yb -kXXT8cZTwIoxTNrqWA/+sWWsVIP3TZ7SXm8tZq9DYMw8OOXzG1LHjr0Q0MmYNMsa -JkP5wjaX22QatZNhWhGDLg0OqRcNGpUVap67gtf4wQQTctRgHomLW5K9Vr8zbkEI -6NFWxY1/LDcVEWS23pnbq2qLVfuidcK3HrGVzTg1/JBZlAfZzJ+rzak5hMTd9q5I -lS2Pwh0+BabhWCPd+mMxkt81NQzHEGNS4ByMPyc8RmNRfkIWquI5wHxYV2UdrSTb -NkvtRGCbpSk02qSTUEysu+xrKU/7ztjYgLBxYnndX5BIqKxXOb+8VKPv6o+ZHcQp -C5qrZK3/FtbC0FxPN8xnUVp0qlQS19kV1VJGLd0ZDEIUwxv4shRY/ByqmEE/HpWZ -kvGfXPVOb/jLMuu6A49nqHWD5Yy9NaxwKTseFjEq4RpMc6G26uvz+k8FEDVKhwR0 -P10rwKGa8oDnwkBmUcL/bwIDAQABo4IDGDCCAxQwEgYDVR0TAQH/BAgwBgEB/wIB -ATAdBgNVHQ4EFgQUXb1xJx1mwobdBboXSQtNg5A+mJ4wQgYDVR0fBDswOTA3oDWg -M4YxaHR0cDovL2NybC5jZXJ0aXBhdGguY29tL0NlcnRpUGF0aEJyaWRnZUNBLUcz -LmNybDAKBgNVHTYEAwIBADASBgNVHSQBAf8ECDAGgAEAgQEAMIGcBgNVHSEEgZQw -gZEwGwYMKwYBBAGBu1MBAQEBBgsrBgEEAWdkAQEDBDAbBgwrBgEEAYG7UwEBAQIG -CysGAQQBZ2QBAQMDMBsGDCsGAQQBgbtTAQEBAQYLKwYBBAFnZAEBAwMwGwYMKwYB -BAGBu1MBAQEXBgsrBgEEAWdkAQEDBzAbBgwrBgEEAYG7UwEBARgGCysGAQQBZ2QB -AQMGMEkGA1UdIARCMEAwDgYMKwYBBAGBu1MBAQEBMA4GDCsGAQQBgbtTAQEBAjAO -BgwrBgEEAYG7UwEBARcwDgYMKwYBBAGBu1MBAQEYMA4GA1UdDwEB/wQEAwIBBjCB -tgYDVR0eAQH/BIGrMIGooIGlMAqBCGxtY28uY29tMAuBCS5sbWNvLmNvbTAKgghs -bWNvLmNvbTAUghJsb2NraGVlZG1hcnRpbi5jb20wN6Q1MDMxCzAJBgNVBAYTAlVT -MSQwIgYDVQQKExtMb2NraGVlZCBNYXJ0aW4gQ29ycG9yYXRpb24wL6QtMCsxEzAR -BgoJkiaJk/IsZAEZFgNjb20xFDASBgoJkiaJk/IsZAEZFgRsbWNvMFgGCCsGAQUF -BwELBEwwSjBIBggrBgEFBQcwBYY8aHR0cDovL2NybC5leHRlcm5hbC5sbWNvLmNv -bS9jcmwvY2VydHVwZC9pc3N1ZWRieS1sbXJjYTYucDdjME0GCCsGAQUFBwEBBEEw -PzA9BggrBgEFBQcwAoYxaHR0cDovL2FpYS5jZXJ0aXBhdGguY29tL0NlcnRpUGF0 -aEJyaWRnZUNBLUczLnA3YzAfBgNVHSMEGDAWgBR6izwGktweqNKCrBt0b3Q9TtGo -mzANBgkqhkiG9w0BAQwFAAOCAgEAKDuMieGv5Ycu+2tJwwEFO6ywGOYNYnGnBH7V -d7aC3A1K5oUHR4zp587Kd0ULJTEBUYKmBZjJ2rif56MCx63C8UhNfAAynQQMHTIn -PEA9OCkjAroDfIuWOmnI73Jy/4GnOolIHvSKDsrJeISkAAcamVBoAxEvPVtwnCpa -FVyyOTE9S1NDqrAHOKSsYVzd0OMHkUYoQqNPYhOUioec/W7xFtPYiY/gZIGlSeJH -celpZ3yHHtDGN8DrUYJQl60iKiGh0fp2MdU5LQ6wioEnNMxqWU5hz9+mSkpMoGs1 -4ptJZ1zELHZSiN/okT+bfScsS2HldHUFdHo+y4iDo1RnLnAbGKPi6eoq4QDekphZ -QKc4NPvxEdFg7SBjMfYyblwv3GwlqKElVlc5KjI9dZXAPeYsd9KJJTGEzhORjBaO -bLwOXhHDByq2p5RI/l8YZcTMITu2ZrgsWFOBx4DSLmpHzdTZh78LiK1o9Zf3yoG/ -GJjc+AhQDdv07GiNCUJUZ6mvxBy3vxHHP6TvKo0RHs8oAHlbkuoykdh1YSSzeBmc -j3cfdNH/ECc3exjx1eU8sVOkyaE/7iJU2QYVVSc/OtiGHfRHIgF2tEIlx00Pu/LV -AnkElzXv4DdBcSfYP1kse4J/fjSgkfJ2sIxfnVFvALNmhi34auuownTj0w+946qV -Vm6rX1QwggjKMIIGsqADAgECAhQnY0/TIcv9jH78CusCh29j2kwMCTANBgkqhkiG -9w0BAQwFADBcMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50 -MQ0wCwYDVQQLEwRGUEtJMSQwIgYDVQQDExtGZWRlcmFsIENvbW1vbiBQb2xpY3kg -Q0EgRzIwHhcNMjAxMTE4MTYxNzEzWhcNMjMxMTE4MTYxNzEzWjCBsTETMBEGCgmS -JomT8ixkARkWA3NidTEVMBMGCgmSJomT8ixkARkWBXN0YXRlMRYwFAYDVQQDDA1D -b25maWd1cmF0aW9uMREwDwYDVQQDDAhTZXJ2aWNlczEcMBoGA1UEAwwTUHVibGlj -IEtleSBTZXJ2aWNlczEMMAoGA1UEAwwDQUlBMSwwKgYDVQQDDCNVLlMuIERlcGFy -dG1lbnQgb2YgU3RhdGUgQUQgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP -ADCCAgoCggIBANVkXcJnYmt9vqbRo6vGF9hdGWpoI5hsjoynK7Yddpxspbwa3Cze -Ww7MHENG48D83glhxHILifBhT3VoY3X/txmt23HmeBfIUdTNp6AyZJKdb/MhLtvZ -3XcTp+1adQnCjcKBLieCspHZ7EAFQ90itBCrzLndPMW5RW9qOQV1Cp/y2MckEnbu -D8oViWNwzNC4gJ6YZ8jWKcaHlxN7eNUxvlbsEyt4F/Hsm5PJs9kd1zAor3xMXb9f -WL16T0Y2jjfK1gB92Iutl/ZqQ6xRezdWfR5tOfsjo11IE2suDXHPsQc8BsqJDC3k -Js8ZY7hlVTzHokFTdBM9UAZWp4rUWcykO12Anj8HD4IefviMO2f9NJouehXsjMKZ -k/TJ7L7MEJrNNRXHm+65WcFiVrSR9Vn/drmlNN4jpodoDJBbVWFD+arZdQ4udHsU -FQBb2+MUuQ+CWizTEACVlHZ8gyZwKIH4poTx34q+9Rwg27F3bmyhPJFlzJl2UPCC -f4vm2Pn0Dac4EN52mArOgIpIPBosxBHHDzI2yFeM+nIuTDtXkDC0H0sRzGAFtT5L -wbjAajrsjY8osX8Q84a0VS39BUHijWrXlUN6cr+UWdwp7/h1RHurexCE4M/XsQMT -lYF9fC2t3ed/5unx+0t6H++PC5IiXPBZnv/lFELASHuwyrrgyonSLQapAgMBAAGj -ggMsMIIDKDAdBgNVHQ4EFgQUzABoYaalA5MQChtht4cYwUVW2oIwHwYDVR0jBBgw -FoAU9CdcqcN8R/T6pqewWZeq3TUmF+MwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB -/wQFMAMBAf8wgZcGA1UdIASBjzCBjDAMBgpghkgBZQMCAQMTMAwGCmCGSAFlAwIB -AwYwDAYKYIZIAWUDAgEDBzAMBgpghkgBZQMCAQMIMAwGCmCGSAFlAwIBAyQwDAYK -YIZIAWUDAgEDDTAMBgpghkgBZQMCAQMQMAwGCmCGSAFlAwIBAxEwDAYKYIZIAWUD -AgEDJzAMBgpghkgBZQMCAQMoMIIBKwYDVR0hBIIBIjCCAR4wGAYKYIZIAWUDAgED -BgYKYIZIAWUDAgEDBjAYBgpghkgBZQMCAQMGBgpghkgBZQMCAQYDMBgGCmCGSAFl -AwIBAwcGCmCGSAFlAwIBAwcwGAYKYIZIAWUDAgEDBwYKYIZIAWUDAgEGDDAYBgpg -hkgBZQMCAQMQBgpghkgBZQMCAQMQMBgGCmCGSAFlAwIBAxAGCmCGSAFlAwIBBgQw -GAYKYIZIAWUDAgEDCAYKYIZIAWUDAgEDCDAYBgpghkgBZQMCAQMIBgpghkgBZQMC -AQYlMBgGCmCGSAFlAwIBAyQGCmCGSAFlAwIBAyQwGAYKYIZIAWUDAgEDJAYKYIZI -AWUDAgEGJjAYBgpghkgBZQMCAQMTBgpghkgBZQMCAQMuMFMGCCsGAQUFBwELBEcw -RTBDBggrBgEFBQcwBYY3aHR0cDovL2NybHMucGtpLnN0YXRlLmdvdi9TSUEvQ2Vy -dHNJc3N1ZWRCeUFEUm9vdENBLnA3YzAPBgNVHSQECDAGgAEAgQEAMAoGA1UdNgQD -AgEAMFEGCCsGAQUFBwEBBEUwQzBBBggrBgEFBQcwAoY1aHR0cDovL3JlcG8uZnBr -aS5nb3YvZmNwY2EvY2FDZXJ0c0lzc3VlZFRvZmNwY2FnMi5wN2MwNwYDVR0fBDAw -LjAsoCqgKIYmaHR0cDovL3JlcG8uZnBraS5nb3YvZmNwY2EvZmNwY2FnMi5jcmww -DQYJKoZIhvcNAQEMBQADggIBAAOHPVAow1GFGdi4fxFoTB1l9QiC9X4lCPGnxkiU -+Og42pSSYgYpZQTdphEs6G8EAS55+9RM0S9ZXDf0LL2t4hWldgm/yaCu+zO++k7U -5rpoP8w4F2y31O+tgm3L6elBWF7+UgJHIoK1GQBgyjQ78iEc196yXmonbH72xVHj -LiTw+Gr/3hkguGeiG94qxBtPmHtp0j8rwFgJ5aGUx55z+acHW7TqZkq2QauGeFkP -CASDKlFEekPLZ15yeiZTQT+XGfKQK13mlkyrnIno0ax0of4+FlMiFnTRG3un7A44 -FFTmoxfi35e6RbLSVH377GZMyC6vwhvMcM3mnNYWovASwsH5618faGL68esOX0a3 -RMVBk1zL7rFJrFHcYXYRv2mwlBMB5DIWPW+opTqsNkuGPG8NavvUu3snDPHTAG6J -to3bWgPwGXjKwJTfTMA7aR3yYUuImweJciCCSemvNQTkrPPuGKaRPvOtF+gNwyRp -AfSylY4E9bAHPOmx6p9XkaUQ50YMjs4Agm05dEqOdLXmqBOOhD1IMQ6JU02Ene0L -IfmtMl/Rdh63lqrpMsUZX6gO6qEPZ/8dzeCFfE9CYV0nKArBiK3cmRb1HMQF7Q+t -0F2ABcq+ViodOX6VSvUJf6umQyHWzBeaQGpTApFc2ghiW6iWFglu4IpirQ6Gk3Vr -x4VdMIIJLjCCBxagAwIBAgIUJ58Jc3/l3T11NL4OpRr/ncQBhQEwDQYJKoZIhvcN -AQEMBQAwXDELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEN -MAsGA1UECxMERlBLSTEkMCIGA1UEAxMbRmVkZXJhbCBDb21tb24gUG9saWN5IENB -IEcyMB4XDTIyMDQwNjE3MDg0MFoXDTI1MDQwNjE3MDg0MFowgY4xCzAJBgNVBAYT -AlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxIzAhBgNVBAsTGkRlcGFydG1l -bnQgb2YgdGhlIFRyZWFzdXJ5MSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhv -cml0aWVzMRwwGgYDVQQLExNVUyBUcmVhc3VyeSBSb290IENBMIICIjANBgkqhkiG -9w0BAQEFAAOCAg8AMIICCgKCAgEA7D5nzQgGJWbAzFCMv5x7nb7bZ1ERbKGEfKVL -g7XWT8xTsL8CaItldWtTGGwbjiTH+sbLmk19jkfCQ7QhyipMHDfmFxEAa/aTc28n -WquT/Omt1yEunX2qQK7XA42gGYLRfkjcV8wr/gcHieQDERUKUSYPo/ecrzfcJ7S7 -xRpIKqiBPlD5msWJjBHBsgZWvMpvT2tZuOU3nK47oQ3FNZtHUiUkYUtQieMRwk8T -Q8Y0fdZ+rwJxWTo44LUJp4hXPgtdSSe+DFDJv+le8Ncvzw1cH8lJ8sjPjFvFCjeW -VZVFhDC/HR2BqnC7vqcSAyWCwsIaNNfn11kruLMf87SUdqKwWeLH+xJOh5slKV91 -+pee7HqUYIawO3bLCeHZ2TXQfoN37n224IeFgzpR2t4fVRLlYYeZuFxRb4vInCIF -MwvlmorOXitVCfaZd71Ws9GKO3Sg3ur9sNvKgBeE7A4mm5bEVRBS0Gpo+s6L9jdU -PYvrzV1bRx1f4IfIwuSbxl93Mn1JLLNFPS1nAHhROc1NzTf/1annVnPWt49xvJfe -KmFagwkMKv3wFqa0UHF9TO8TYcO5jueOwfiHY6e9ASElT0ev5Wk3kaoP5wPWeP8R -hkt1HnD9puitgAiUNHsEol7osemoRQdlzmg5jZE306KGzwjbgNdX4QN8iGp/vt3r -g+0sFVkCAwEAAaOCA7MwggOvMB8GA1UdIwQYMBaAFPQnXKnDfEf0+qansFmXqt01 -JhfjMB0GA1UdDgQWBBQXS7gmuml6rRJQV0Uxnle7dKXaLzAOBgNVHQ8BAf8EBAMC -AQYwDwYDVR0TAQH/BAUwAwEB/zCB3QYDVR0gBIHVMIHSMAwGCmCGSAFlAwIBAwEw -DAYKYIZIAWUDAgEDAjAMBgpghkgBZQMCAQMSMAwGCmCGSAFlAwIBAxMwDAYKYIZI -AWUDAgEDFDAMBgpghkgBZQMCAQMGMAwGCmCGSAFlAwIBAwcwDAYKYIZIAWUDAgED -CDAMBgpghkgBZQMCAQMkMAwGCmCGSAFlAwIBAw0wDAYKYIZIAWUDAgEDEDAMBgpg -hkgBZQMCAQMRMAwGCmCGSAFlAwIBAycwDAYKYIZIAWUDAgEDKDAMBgpghkgBZQMC -AQMpMIIBeQYDVR0hBIIBcDCCAWwwGAYKYIZIAWUDAgEDAQYKYIZIAWUDAgEFAjAY -BgpghkgBZQMCAQMCBgpghkgBZQMCAQUDMBgGCmCGSAFlAwIBAwYGCmCGSAFlAwIB -AwYwGAYKYIZIAWUDAgEDBgYKYIZIAWUDAgEFBzAYBgpghkgBZQMCAQMHBgpghkgB -ZQMCAQMHMBgGCmCGSAFlAwIBAwcGCmCGSAFlAwIBBQQwGAYKYIZIAWUDAgEDEAYK -YIZIAWUDAgEDEDAYBgpghkgBZQMCAQMQBgpghkgBZQMCAQUFMBgGCmCGSAFlAwIB -AxIGCmCGSAFlAwIBBQowGAYKYIZIAWUDAgEDEwYKYIZIAWUDAgEFCzAYBgpghkgB -ZQMCAQMUBgpghkgBZQMCAQUMMBgGCmCGSAFlAwIBAxIGCmCGSAFlAwIBAy0wGAYK -YIZIAWUDAgEDEwYKYIZIAWUDAgEDLjAYBgpghkgBZQMCAQMUBgpghkgBZQMCAQMv -MEAGCCsGAQUFBwELBDQwMjAwBggrBgEFBQcwBYYkaHR0cDovL3BraS50cmVhc3Vy -eS5nb3Yvcm9vdF9zaWEucDdjMBIGA1UdJAEB/wQIMAaAAQCBAQAwDQYDVR02AQH/ -BAMCAQAwUQYIKwYBBQUHAQEERTBDMEEGCCsGAQUFBzAChjVodHRwOi8vcmVwby5m -cGtpLmdvdi9mY3BjYS9jYUNlcnRzSXNzdWVkVG9mY3BjYWcyLnA3YzA3BgNVHR8E -MDAuMCygKqAohiZodHRwOi8vcmVwby5mcGtpLmdvdi9mY3BjYS9mY3BjYWcyLmNy -bDANBgkqhkiG9w0BAQwFAAOCAgEAcicSaU1ju+btaAOfCyP9Mx/sKibvR/mcEH6C -i8fHrham75+mR7fyQ7C6PZhCQhFO3z0jLxW6IzpnKhpzp0oqJOkV75WkqKoCd/aw -pWyPwAtrWHMjyb6s7AHcFwjAC0heK96ZMr+SOM7XopVYIAnQ4tYe1ON5lDBLmoJO -pHOIz1E4E+ubcwTuWygLAyL5IUHGYJQLM6J/bDhbRDbz6aeCxShXWZP7Aa+jhi0N -1ZmyHrZ1uukPpMX9R/qqhXSjzRYwxq6wozdbh+aj2OU3ZdRVKaCC04k9zr4lFVq1 -RtKc34iYqtpbBCm1IWaLH1Uo4aovvJlxwEPEI0XBa50ILCkEYeOCTk59kBWgTTNx -9R7FFAA+DoTW1Y+1VibZpXxkgpBpFmiYBoI9LfwNh50n/lixxxoIGqe/fTup1yEa -bophqNchBlK5tRcfHDdAd24Vq4MCq1G+zUVzdLHK8nXcXGzNWa/KZvEsaAOkLx1b -Gyxp0D8bYmsKWummm/jlMYq1RGHxFRMXPMbcn+IZmw5t8bC7wITvRlToRl6CCfE1 -cSx69cgOqIVFIs43J18nymUYpKOirp3Km8uT47UyHTEgtn3VLKMhW1sN1zEjyYl4 -WcMoGlja2xW0Wy8TFld3a+0O1YyH3BZhuC/1MvSaRVE64mHWnwnZqnDYw4xJ1OS1 -Q+l18Egwggk8MIIHJKADAgECAhBwc6YuABaURwes1MGxGKTVMA0GCSqGSIb3DQEB -DAUAMGgxCzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlDZXJ0aVBhdGgxIjAgBgNVBAsT -GUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxITAfBgNVBAMTGENlcnRpUGF0aCBC -cmlkZ2UgQ0EgLSBHMzAeFw0yMzA3MTkwMDAwMDBaFw0yNDA3MzEyMzU5NTlaMIGA -MRMwEQYKCZImiZPyLGQBGRYDY29tMRMwEQYKCZImiZPyLGQBGRYDcnR4MQwwCgYD -VQQKEwNDQXMxEjAQBgNVBAsTCUNsYXNzMy1HMzEyMDAGA1UEAxMpUmF5dGhlb24g -VGVjaG5vbG9naWVzIE1lZGl1bSBBc3N1cmFuY2UgQ0EwggGiMA0GCSqGSIb3DQEB -AQUAA4IBjwAwggGKAoIBgQCTH8QSCcXXT0gCxHYlHRIjRuXyrSC4MmUrJo4ULUaN -nLUHnLfcV10Q8l1Ha0HSwgCSLYKJZinLeQngzzTNGSdYn5aEsXgVgI3OoPWO99+e -8ZRwamc1OJ98ir9rsrtW2wSGMJAi6aBKNKzFHkh2kxuOymL5kJ60vEvdRF08iW3L -ShW2ccEQf+1A5n27kYXLq3JwALdaq08enVJmN5Qaw0MpywXoq3LF5XG+fgI1xp2n -h0ZvPFTrldyFGR6mP5lxG3y9Lb6V7yPFVg3gsLQ2frNC5buDZk/LZdBax6qvaGVr -39duO80RKN+LENBUGwXd1Uo3mhGJSngS0EmKtcj6Ku0EFJ14Z4XCpblRRotb9PpZ -MDm2OAJMdgxPt6Y4RdN7aj6iy71zA1c2PFl+/9Mpg138Grix1/RtcsdnSs+lICam -3qpil74+/k9xn8GOX3GhtkK3STNDL5ojgA33VeO8ry5B51OIjFf3vT9by0SoVSjl -QKa1DpvFHGce7SnfJ5iGtDsCAwEAAaOCBEcwggRDMBIGA1UdEwEB/wQIMAYBAf8C -AQAwaQYDVR0gBGIwYDAOBgwrBgEEAYG7UwEBAQEwDgYMKwYBBAGBu1MBAQECMA4G -DCsGAQQBgbtTAQEBBDAOBgwrBgEEAYG7UwEBAQUwDgYMKwYBBAGBu1MBAQEXMA4G -DCsGAQQBgbtTAQEBGDBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3JsLmNlcnRp -cGF0aC5jb20vQ2VydGlQYXRoQnJpZGdlQ0EtRzMuY3JsMA4GA1UdDwEB/wQEAwIB -BjAKBgNVHTYEAwIBADCCARIGA1UdIQSCAQkwggEFMBsGDCsGAQQBgbtTAQEBAQYL -KwYBBAGB0REKAQ0wGwYMKwYBBAGBu1MBAQECBgsrBgEEAYHREQoBDDAbBgwrBgEE -AYG7UwEBAQQGCysGAQQBgdERCgEPMBsGDCsGAQQBgbtTAQEBBQYLKwYBBAGB0REK -AQ4wGwYMKwYBBAGBu1MBAQEXBgsrBgEEAYHREQoBEzAbBgwrBgEEAYG7UwEBARgG -CysGAQQBgdERCgESMBsGDCsGAQQBgbtTAQEBAQYLKwYBBAGB0REKAQwwGwYMKwYB -BAGBu1MBAQEEBgsrBgEEAYHREQoBDjAbBgwrBgEEAYG7UwEBARcGCysGAQQBgdER -CgESMBIGA1UdJAEB/wQIMAaAAQCBAQAwHQYDVR0OBBYEFJdpbf1+K+Wn8mK9deqW -HuAMwKlGME0GCCsGAQUFBwEBBEEwPzA9BggrBgEFBQcwAoYxaHR0cDovL2FpYS5j -ZXJ0aXBhdGguY29tL0NlcnRpUGF0aEJyaWRnZUNBLUczLnA3YzCCAacGA1UdHgEB -/wSCAZswggGXoIIBkzAKgQguYmJuLmNvbTAOgQwuY29sbGlucy5jb20wE4ERLnBy -YXR0d2hpdG5leS5jb20wCoEILnJheS5jb20wD4ENLnJheXRoZW9uLmNvbTAKgQgu -cnR4LmNvbTANgQsuc2lnb3ZzLmNvbTAKgQgudXRjLmNvbTAJgQdiYm4uY29tMA2B -C2NvbGxpbnMuY29tMBKBEHByYXR0d2hpdG5leS5jb20wCYEHcmF5LmNvbTAOgQxy -YXl0aGVvbi5jb20wCYEHcnR4LmNvbTAMgQpzaWdvdnMuY29tMAmBB3V0Yy5jb20w -CYIHYmJuLmNvbTANggtjb2xsaW5zLmNvbTASghBwcmF0dHdoaXRuZXkuY29tMAmC -B3JheS5jb20wDoIMcmF5dGhlb24uY29tMAmCB3J0eC5jb20wDIIKc2lnb3ZzLmNv -bTAJggd1dGMuY29tMC6kLDAqMRMwEQYKCZImiZPyLGQBGRYDY29tMRMwEQYKCZIm -iZPyLGQBGRYDcnR4MBKkEDAOMQwwCgYDVQQKEwNydHgwHwYDVR0jBBgwFoAUeos8 -BpLcHqjSgqwbdG90PU7RqJswDQYJKoZIhvcNAQEMBQADggIBAGm3n473L2ePVrZf -BeagQkarycrOB+drS3kqfXYxxXDOxcrOUVCcmnjjMhZym+ficfNNZ6i3GurWSz1F -RrWLreEhJ0N+1wkNo9agt2CVtQ2oySs77K09ZIoXhd+gUIC2UO/wgRiXzv49Y1bk -CsPH3J+EEm5CEr96TB4jwmgL3YpALALBl4EVE9YOM9UMy4H0dRHqGDkO8A2ZB1mW -UMiFakEI/TeD3QBqlf0DX3a1QIY8NLYUE+JxmTI0jsWThLCp9Jy0s5HCNrvAaJbx -wpif24lc81KAaj+Yih+zggLk46Nb9w6iSXexh3JJ5f1AjWcB7CheTk42yyozBC64 -U6uqHMLzShvzBh+73Peuym3uo6EJUOtpn9xdMHAOAXElZ8tNMJ1dZ4LZ04Fi8uyC -cTP3MGDgkGeTEczXe1KEKKBz8Gchhtv91paLC0UcKEHOwSHtIofAZh6gw/DIbQW2 -U6KG1o2FGx6/ZexHSEVEVsRv2zmoCELglRfwghbuTD6uKgJDcfnBZ4EZ5+Nxsv6K -GWDRfT+eqSFCoO9Z0cIwgUL1x7d4YiE2KJfiB2rt22EUcHl11EdnnSw2R/JOBCLh -CtrcXrMBZtwdR78eoK8jd5B7vP5hyOBJHjzX06vkbLIPlVHumQJ2zogSEvWh9x9N -SG/VvsKffdQVfdHCczBekD/UE9rSMIIJPTCCByWgAwIBAgICAUEwDQYJKoZIhvcN -AQELBQAwejELMAkGA1UEBhMCVVMxDjAMBgNVBAoTBVNUUkFDMScwJQYDVQQLEx5T -VFJBQyBQS0kgVHJ1c3QgSW5mcmFzdHJ1Y3R1cmUxMjAwBgNVBAMTKVNUUkFDIEJy -aWRnZSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTIzMDEwNzE2MzUy -OVoXDTI2MDEwNjE2MzUyOVowgYQxCzAJBgNVBAYTAlVTMSgwJgYDVQQKEx9Gb3Vu -ZGF0aW9uIGZvciBUcnVzdGVkIElkZW50aXR5MSUwIwYDVQQLExxGVEkgUEtJIFRy -dXN0IEluZnJhc3RydWN0dXJlMSQwIgYDVQQDExtGVEkgQ2VydGlmaWNhdGlvbiBB -dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDTGvKc3Oa6 -m0DqttdwE1wMyO3ateh6HDIPrYaPEYdd5pQi/L6X/ulaBjrCgmMPCm7USaKwesZS -g/f6AlatxO/8oU3wIwkDy2EElh/UPDLqLYizSiEfTFmJZEtJvdUy16E4uAwTvuY3 -7b6nTufBgwOGDHQrwS5Hv6CV4CZhK/+NNB2ip+1q/wHccWydbSlTuzH0yMH1F8pM -cHTYOcvmxbY81i+r+uiRbgQdDUvrq3f9unbel5uvBLmHwKw4sjtXqZLxnhHU2EJs -wXBRiD05e8gSMpBwung8qDDB8Zktj4x8hmUYxXN7We4xPsLcPlI8Acyy8PmM2pvs -VKj9/fwMwWFpS7abPAlMtGCIhREzRoRmwfmKQzpEjgqPR3w6wMu5iM9nusIS3c9m -/lyQXYBGvsl2h6ddeF1sHjuBKI8YqL9KqLTlokxDqZhGNQsKNoBWLXrnnCLgi5Pb -TjwcLXpnyXIOzLr+pQvSjDpFzkhlsxxBoEpT7vm/qgQ4OtjtPOaJgzWUocModo0G -Spc9o870PKqLvf2CxXCmX8vS9ZJxFz0Le+BTqG/G5inHh8r44Tdp8jZGm6iIA7Wz -A5D2QCzi+BAYaoA9Ao5M0FwIhvTz/NDTb29X3dVOb8eO5ZOlUbs9t3K7JRRVVR8G -nleIswLcQCAZsMQl3ouin9+6JvW2eRhy5QIDAQABo4IDwDCCA7wwHwYDVR0jBBgw -FoAUGcHOh0kzgLb3Wqxlw3TwfzeSpWEwHQYDVR0OBBYEFNI43bXvS1lXNn+/v5ym -fQwZMQWtMA4GA1UdDwEB/wQEAwIBBjCBuwYDVR0gBIGzMIGwMA4GDCsGAQQBgrZt -AgEFATAOBgwrBgEEAYK2bQIBBQIwDgYMKwYBBAGCtm0CAQUDMA4GDCsGAQQBgrZt -AgEFBDAOBgwrBgEEAYK2bQIBBQUwDgYMKwYBBAGCtm0CAQUGMA4GDCsGAQQBgrZt -AgEFBzAOBgwrBgEEAYK2bQIBBQgwDgYMKwYBBAGCtm0CAQUJMA4GDCsGAQQBgrZt -AgEFCjAOBgwrBgEEAYK2bQIBBQswDwYDVR0TAQH/BAUwAwEB/zBGBgNVHR8EPzA9 -MDugOaA3hjVodHRwOi8vcGtpLnN0cmFjLm9yZy9icmlkZ2UvY3JsL1NUUkFDQnJp -ZGdlUm9vdENBLmNybDCBgwYIKwYBBQUHAQEEdzB1MEoGCCsGAQUFBzAChj5odHRw -Oi8vcGtpLnN0cmFjLm9yZy9icmlkZ2UvY2VydGlmaWNhdGVzL1NUUkFDQnJpZGdl -Um9vdENBLnA3YzAnBggrBgEFBQcwAYYbaHR0cDovL2NlcnRzdGF0dXMuc3RyYWMu -b3JnMEwGCCsGAQUFBwELBEAwPjA8BggrBgEFBQcwBYYwaHR0cDovL3BraS5mdGku -b3JnL2Z0aV9jYS9jZXJ0aWZpY2F0ZXMvRlRJQ0EucDdjMBgGA1UdEgQRMA+BDXBr -aUBzdHJhYy5vcmcwggFXBgNVHSEEggFOMIIBSjAcBgwrBgEEAYK2bQIBBQEGDCsG -AQQBgvZPAgIFATAcBgwrBgEEAYK2bQIBBQIGDCsGAQQBgvZPAgIFAjAcBgwrBgEE -AYK2bQIBBQMGDCsGAQQBgvZPAgIFAzAcBgwrBgEEAYK2bQIBBQQGDCsGAQQBgvZP -AgIFBDAcBgwrBgEEAYK2bQIBBQUGDCsGAQQBgvZPAgIFBTAcBgwrBgEEAYK2bQIB -BQYGDCsGAQQBgvZPAgIFBjAcBgwrBgEEAYK2bQIBBQcGDCsGAQQBgvZPAgIFBzAc -BgwrBgEEAYK2bQIBBQgGDCsGAQQBgvZPAgIFCDAcBgwrBgEEAYK2bQIBBQkGDCsG -AQQBgvZPAgIFCTAcBgwrBgEEAYK2bQIBBQoGDCsGAQQBgvZPAgIFCjAcBgwrBgEE -AYK2bQIBBQsGDCsGAQQBgvZPAgIFCzAKBgNVHTYEAwIBADANBgkqhkiG9w0BAQsF -AAOCAgEAPAJAZc8GqyY+T6kITlQn+3IJI+U9YHbpULUITgfsVpVx/FEWR6jsZffS -TXw5YTF9pzXNM/RQkrYjn9u6BI6o3l/o3C2v4lEwBhpez4p09SYevXo/TyWnDP0p -P/eN9TWAxCJbs6a4gOwxWtidpbpj+EEYnPAPq05uOJzTeBIP22OjgT1GNge1+vSy -FqlUttai4BfPZY5snJGZViqidH/AuZ/alIpcdj1W06+Z6HP1X0lYbyySPG56OSlk -ove/f+1UdTKnltVFwwcGu/vhvG+2fQrUo21AkJDAqppsFrI+8RnKids3ibNaQpxG -yDLLajvbV2iEbZaRq7Gd8qgxbqGatwPIt2YEk+K8HvrjZiFodlSPHDP1VnPTMXSr -Ek0VtzZTnM8kshDhvGmVTMOd4KIqYJgnYFzcu4Cw2VjvqhVN0C2Eit6iW1kjHYbi -CSKCaLvWs4SVaIaOJJf/2+0sKy4hyIyh2Q8C9Zu/WOfOYiGMYfRE70KktgYtsiAe -4hNbWgQYBL0K00MQlQBGBBVnmsfgbANdDZoVZt6/fLWIjT9lIohlkWDI1I5siH3r -Lb8ikooYkNRVetpCf1LdayA1QcbZdlQrh6GlDnsIiUSpaaTLl8g5daPhmy05W3Do -KWZZQvd93nKSVvyw5fZ39P5owGe8ZlmQ9jA3qs+vFzZIpeyQlBMwgglnMIIHT6AD -AgECAhAIvE2JneOHEDcvz7UZUQ7tMA0GCSqGSIb3DQEBDAUAMGgxCzAJBgNVBAYT -AlVTMRIwEAYDVQQKEwlDZXJ0aVBhdGgxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24g -QXV0aG9yaXRpZXMxITAfBgNVBAMTGENlcnRpUGF0aCBCcmlkZ2UgQ0EgLSBHMzAe -Fw0yMzAyMjIwMDAwMDBaFw0yNDAyMjgyMzU5NTlaMIGWMQswCQYDVQQGEwJVUzEl -MCMGA1UEChMcTm9ydGhyb3AgR3J1bW1hbiBDb3Jwb3JhdGlvbjEwMC4GA1UECxMn -Tm9ydGhyb3AgR3J1bW1hbiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MS4wLAYDVQQD -EyVOb3J0aHJvcCBHcnVtbWFuIENvcnBvcmF0ZSBSb290IENBLUcyMIIBojANBgkq -hkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAodfU7Lo74PFr4RkpGsQGWu/ChwUMYROc -/lF47qo2QmR8V1tcfX5329rVIhNwzlk9B9amkxdC/tlAJ6hkoown1e4twlzRyyyd -6jucvCZIWIoeRiXqjBi/G5zG0koiDe1r6nAssR28m4cYp8JW1BjdiGHgUtOCmnnO -3BmsyTPGmheUMKEJJqHJewQmZRVIJ441Op1C2VFHeWoTQ+/sX32dZeMOH6C0uR1h -OsVPs+mcoOZvxfn3eHsrZhhypWewG9EhgC48YVm+8GH0+NmyBA8JYQT/Er67/a/1 -mpicfgKDuUnXDMIVZ4wQ1jEDMvXbJjq1ijlzz3TJmevKkz3HBIywj929wgYNj/OS -N6OkBebkwbJNNQmLfFcZ0xE63V2mZlCilR0mixu7WOzWqN/IbS+3NFQjvzSCfRMW -0yExgXhajVlYsJ73ix28fSELIxTMLuZa3F2Od+l2bBxY8pf0xvI46c3Luht3GT7k -V7+RBOQKGlkfYlLHVqeRgkLJFNgPsDpBAgMBAAGjggRcMIIEWDAKBgNVHTYEAwIB -ADB6BggrBgEFBQcBCwRuMGwwagYIKwYBBQUHMAWGXmh0dHA6Ly9jZXJ0ZGF0YS5u -b3J0aHJvcGdydW1tYW4uY29tL2NlcnRkYXRhL3A3Yy9Jc3N1ZWRCeU5vcnRocm9w -R3J1bW1hbkNvcnBvcmF0ZVJvb3RDQS1HMi5wN2MwgZwGA1UdIQSBlDCBkTAbBgwr -BgEEAYG7UwEBAQEGCysGAQQB/06DfQIHMBsGDCsGAQQBgbtTAQEBAgYLKwYBBAH/ -ToN9AggwGwYMKwYBBAGBu1MBAQEHBgsrBgEEAf9Og30CCTAbBgwrBgEEAYG7UwEB -AQgGCysGAQQB/06DfQIKMBsGDCsGAQQBgbtTAQEBCQYLKwYBBAH/ToN9AgswHQYD -VR0OBBYEFH9D6jwgdz6Sy42FoogGMF4eQz63MIIBxwYDVR0eAQH/BIIBuzCCAbeg -ggGzMAmBB25nYy5jb20wCoEILm5nYy5jb20wC4EJbXluZ2MuY29tMAyBCi5teW5n -Yy5jb20wEIEOb3JiaXRhbGF0ay5jb20wEYEPLm9yYml0YWxhdGsuY29tMAyBCnNj -YWxlZC5jb20wDYELLnNjYWxlZC5jb20wCYIHbmdjLmNvbTAPgg1ub3J0aGdydW0u -Y29tMBWCE25vcnRocm9wZ3J1bW1hbi5jb20wC4IJbXluZ2MuY29tMAuCCW5nZXh0 -LmNvbTAQgg5vcmJpdGFsYXRrLmNvbTAMggpzY2FsZWQuY29tMDikNjA0MQswCQYD -VQQGEwJVUzElMCMGA1UEChMcTm9ydGhyb3AgR3J1bW1hbiBDb3Jwb3JhdGlvbjA0 -pDIwMDETMBEGCgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW5vcnRo -Z3J1bTAwpC4wLDETMBEGCgmSJomT8ixkARkWA2NvbTEVMBMGCgmSJomT8ixkARkW -BW5nZXh0MC6kLDAqMRMwEQYKCZImiZPyLGQBGRYDY29tMRMwEQYKCZImiZPyLGQB -GRYDbmdjMBIGA1UdEwEB/wQIMAYBAf8CAQEwWQYDVR0gBFIwUDAOBgwrBgEEAYG7 -UwEBAQEwDgYMKwYBBAGBu1MBAQECMA4GDCsGAQQBgbtTAQEBBzAOBgwrBgEEAYG7 -UwEBAQgwDgYMKwYBBAGBu1MBAQEJMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9j -cmwuY2VydGlwYXRoLmNvbS9DZXJ0aVBhdGhCcmlkZ2VDQS1HMy5jcmwwDgYDVR0P -AQH/BAQDAgEGMBIGA1UdJAEB/wQIMAaAAQCBAQAwTQYIKwYBBQUHAQEEQTA/MD0G -CCsGAQUFBzAChjFodHRwOi8vYWlhLmNlcnRpcGF0aC5jb20vQ2VydGlQYXRoQnJp -ZGdlQ0EtRzMucDdjMB8GA1UdIwQYMBaAFHqLPAaS3B6o0oKsG3RvdD1O0aibMA0G -CSqGSIb3DQEBDAUAA4ICAQAUqjyBhAltRQN9K5SEN4H+Ugy7G1us2VHmY285LUQT -WLLFDAKVCW2o8Un1Dvu4cjsSfgRgLFXq4lC2WTcyawfN/101IBWtfWRD530pYyP7 -/0fjzVbU3SWIXGdgJC7IWzbGluC1u7UJ759OkToET2jRpxn5TD8t+DqJnaW8N8ca -qqH4FtYbj4jc97AvT95caRyP4B/RTDLESJD6lH3K3KK/n/Aem2blnRuNkitMKgno -5517J5s+a8w3qW6w1xVq3R8nK0VzsH6BzBkvcgcqkRjM6FUAe1vk4EP60q71cbHo -IQ3scMPjnjLYUScy2sk6iKVYSjGArZd5EEn8A8VL1LoGyhtdrGoqzPDd3M9VnJOL -gbm3kvqPVY1p6eBs5R5XIJ5IM3QLjrlAZBLgEPIbXW/lWIw5cZEZXvNKQMvuVse6 -oLfozSrtSBL1Qw+yjrDFRrlbJS1C9HEkqaR7hXNcHMXjH7gFpbTuUczdPNOfuz9i -Y5+IfAShbNTN7ALunDsRBoCiwbgedPdHFO2wIFEMovEgzaAplndVZrHXm2nvrwGh -M46r6TlDHsaGHWE63yclxclmpsyqTnzxbPPSLEUhXHUaoAoBaXzT0PZC2Sy9GPY9 -mGpfgCuyRr0+PEjBmt8FLz9juejlfa0wXb2p3hHvnQbQXBARqgltrYflhcexV0Ea -VzCCCawwggeUoAMCAQICBFGwuG8wDQYJKoZIhvcNAQELBQAwgbExEzARBgoJkiaJ +HqjSgqwbdG90PU7RqJswDQYJKoZIhvcNAQEMBQADggIBABSqPIGECW1FA30rlIQ3 +gf5SDLsbW6zZUeZjbzktRBNYssUMApUJbajxSfUO+7hyOxJ+BGAsVeriULZZNzJr +B83/XTUgFa19ZEPnfSljI/v/R+PNVtTdJYhcZ2AkLshbNsaW4LW7tQnvn06ROgRP +aNGnGflMPy34Oomdpbw3xxqqofgW1huPiNz3sC9P3lxpHI/gH9FMMsRIkPqUfcrc +or+f8B6bZuWdG42SK0wqCejnnXsnmz5rzDepbrDXFWrdHycrRXOwfoHMGS9yByqR +GMzoVQB7W+TgQ/rSrvVxseghDexww+OeMthRJzLayTqIpVhKMYCtl3kQSfwDxUvU +ugbKG12sairM8N3cz1Wck4uBubeS+o9VjWnp4GzlHlcgnkgzdAuOuUBkEuAQ8htd +b+VYjDlxkRle80pAy+5Wx7qgt+jNKu1IEvVDD7KOsMVGuVslLUL0cSSppHuFc1wc +xeMfuAWltO5RzN0805+7P2Jjn4h8BKFs1M3sAu6cOxEGgKLBuB5090cU7bAgUQyi +8SDNoCmWd1Vmsdebae+vAaEzjqvpOUMexoYdYTrfJyXFyWamzKpOfPFs89IsRSFc +dRqgCgFpfNPQ9kLZLL0Y9j2Yal+AK7JGvT48SMGa3wUvP2O56OV9rTBdvaneEe+d +BtBcEBGqCW2th+WFx7FXQRpXMIIJrDCCB5SgAwIBAgIEUbC4bzANBgkqhkiG9w0B +AQsFADCBsTETMBEGCgmSJomT8ixkARkWA3NidTEVMBMGCgmSJomT8ixkARkWBXN0 +YXRlMRYwFAYDVQQDDA1Db25maWd1cmF0aW9uMREwDwYDVQQDDAhTZXJ2aWNlczEc +MBoGA1UEAwwTUHVibGljIEtleSBTZXJ2aWNlczEMMAoGA1UEAwwDQUlBMSwwKgYD +VQQDDCNVLlMuIERlcGFydG1lbnQgb2YgU3RhdGUgQUQgUm9vdCBDQTAeFw0wNDA2 +MjMxNzUwNTVaFw0zNDA2MjMxODIwNTVaMIGxMRMwEQYKCZImiZPyLGQBGRYDc2J1 +MRUwEwYKCZImiZPyLGQBGRYFc3RhdGUxFjAUBgNVBAMMDUNvbmZpZ3VyYXRpb24x +ETAPBgNVBAMMCFNlcnZpY2VzMRwwGgYDVQQDDBNQdWJsaWMgS2V5IFNlcnZpY2Vz +MQwwCgYDVQQDDANBSUExLDAqBgNVBAMMI1UuUy4gRGVwYXJ0bWVudCBvZiBTdGF0 +ZSBBRCBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTZf +s7EF2kria8OXf0pcENkKKa/Zb5pVr6UZbrT0pe1+Q4OVkslNldLvviRNLqazobPm +SPVktuzCvmt9jpjM04Oh1c6Tt3Lq0YjP4eXyawBAWBXl6Lq9KFB2BcFnAoYtZNJm +ZDK2+FjvflqaUxZSL/W+zEoGjqB+VE1DRORwDDA4D1UBpyLMcpX7Re4pAspXeOTe ++uBwy3ZX88No9ER59Z7RMNqtKaerxmwTff0T4fe6zqiayiK94nhOAc8N2/oABeMp +o3CjooJdpYofDyRuWabhpj8Dpll4fq5sJ8wDOqUJh6f8VwyD6iceYb036DirCYQY +nj4MEDnNG5WILFzO5wIDAQABo4IEyDCCBMQwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwgd0GA1UdIASB1TCB0jAMBgpghkgBZQMCAQYBMAwGCmCGSAFl +AwIBBgIwDAYKYIZIAWUDAgEGAzAMBgpghkgBZQMCAQYEMAwGCmCGSAFlAwIBBgww +DAYKYIZIAWUDAgEDBjAMBgpghkgBZQMCAQMHMAwGCmCGSAFlAwIBAwgwDAYKYIZI +AWUDAgEDDTAMBgpghkgBZQMCAQMQMAwGCmCGSAFlAwIBAxEwDAYKYIZIAWUDAgED +JDAMBgpghkgBZQMCAQMnMAwGCmCGSAFlAwIBAygwDAYKYIZIAWUDAgEDKTCCAXYG +CCsGAQUFBwEBBIIBaDCCAWQwgdwGCCsGAQUFBzAChoHPbGRhcDovL2NlcnRyZXAu +cGtpLnN0YXRlLmdvdi9jbj1VLlMuJTIwRGVwYXJ0bWVudCUyMG9mJTIwU3RhdGUl +MjBBRCUyMFJvb3QlMjBDQSxjbj1BSUEsY249UHVibGljJTIwS2V5JTIwU2Vydmlj +ZXMsY249U2VydmljZXMsY249Q29uZmlndXJhdGlvbixkYz1zdGF0ZSxkYz1zYnU/ +Y0FDZXJ0aWZpY2F0ZTtiaW5hcnksY3Jvc3NDZXJ0aWZpY2F0ZVBhaXI7YmluYXJ5 +MEYGCCsGAQUFBzAChjpodHRwOi8vY3Jscy5wa2kuc3RhdGUuZ292L0FJQS9DZXJ0 +c0lzc3VlZFRvRG9TQURSb290Q0EucDdjMDsGCCsGAQUFBzABhi9odHRwOi8vb2Nz +cC5wa2kuc3RhdGUuZ292L09DU1AvRG9TT0NTUFJlc3BvbmRlcjAfBgNVHSMEGDAW +gBTMAGhhpqUDkxAKG2G3hxjBRVbagjAdBgNVHQ4EFgQUb4P+glBkZXc+/d8Dms4p +0S8wzOwwggHqBgNVHR8EggHhMIIB3TCCAQqgggEGoIIBAoYyaHR0cDovL2NybHMu +cGtpLnN0YXRlLmdvdi9jcmxzL0RvU0FEUEtJUm9vdENBMS5jcmyGgctsZGFwOi8v +ZGlyLnBraS5zdGF0ZS5nb3YvY249V2luQ29tYmluZWQxLGNuPVUuUy4lMjBEZXBh +cnRtZW50JTIwb2YlMjBTdGF0ZSUyMEFEJTIwUm9vdCUyMENBLGNuPUFJQSxjbj1Q +dWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxjbj1TZXJ2aWNlcyxjbj1Db25maWd1cmF0 +aW9uLGRjPXN0YXRlLGRjPXNidT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2Jp +bmFyeTCBzKCByaCBxqSBwzCBwDETMBEGCgmSJomT8ixkARkWA3NidTEVMBMGCgmS +JomT8ixkARkWBXN0YXRlMRYwFAYDVQQDDA1Db25maWd1cmF0aW9uMREwDwYDVQQD +DAhTZXJ2aWNlczEcMBoGA1UEAwwTUHVibGljIEtleSBTZXJ2aWNlczEMMAoGA1UE +AwwDQUlBMSwwKgYDVQQDDCNVLlMuIERlcGFydG1lbnQgb2YgU3RhdGUgQUQgUm9v +dCBDQTENMAsGA1UEAwwEQ1JMMTAZBgkqhkiG9n0HQQAEDDAKGwRWOC4yAwIEkDAN +BgkqhkiG9w0BAQsFAAOCAgEARJltIzIKrkKMLaDgAxODAlMFXIMxdwiuOZl45hd2 +8CXN5IDJz++/2I9Gk/MHI4sfXg8svloxT+gsyWfqSOmW9bA3hywtLzrQQ1ER8aum +V0jiU0rP3JV/ZJWdapMhM5YDSe+zyu47z6HQM6Wv225emrZTnvqor+yhDMnnN6mm +fSapAbXc+WtX8pxzARJrLNjYWv4QF2RR+X8C728sz9Gbbmk3fLQU/rlGTkxlFE72 +TrSDeaU/YnfvG56hcHrjmQrUhrUrbzdumjBAVjnVJMVP3WSwembUwi3/K4w3yuYD +pYDC3jodPa5msvu+VN8BUv2Rk3hpslkwYefa5ZakVj+uGOSpXey66Ka6kgBx6tGf +LSXe79i3S+lGwLu+MW9YcFhZI7dLzFWp4Y/MWN0ZNu5/OTEL84wtagKzzTjBCyuu +li0QtvcCNWwrCdoADSwdLUHQANVGNLhzPkXlR+UMiMOeLSzS9mkUI1nka6JaVjLj +Z9nGqyCg19PcKea3FuSQTMBuAd4gdZaUEXoM8ex7nwrJPP2YMSd8/QzkbiIxIOu6 +EMMEt0c1+ErLgQ4upwV7NkThoTe4PYdJeJ13ms//HMHI0Mqz6Ywc6lT5vNPA8RUm +X/rJOQ9GYRM3Y5yjLiuRshmJt3J+L6w6e20+2hR9Ju/Ny3jiIodrN3bgUCJGRs2V +uU0wggnlMIIHzaADAgECAgRRsLl/MA0GCSqGSIb3DQEBCwUAMIGxMRMwEQYKCZIm +iZPyLGQBGRYDc2J1MRUwEwYKCZImiZPyLGQBGRYFc3RhdGUxFjAUBgNVBAMMDUNv +bmZpZ3VyYXRpb24xETAPBgNVBAMMCFNlcnZpY2VzMRwwGgYDVQQDDBNQdWJsaWMg +S2V5IFNlcnZpY2VzMQwwCgYDVQQDDANBSUExLDAqBgNVBAMMI1UuUy4gRGVwYXJ0 +bWVudCBvZiBTdGF0ZSBBRCBSb290IENBMB4XDTIwMDEyNDIzMzQwOFoXDTMwMDEy +NTAwMDQwOFowgaIxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1l +bnQxHDAaBgNVBAsTE0RlcGFydG1lbnQgb2YgU3RhdGUxDDAKBgNVBAsTA1BJVjEi +MCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEpMCcGA1UECxMgVS5T +LiBEZXBhcnRtZW50IG9mIFN0YXRlIFBJViBDQTIwggGiMA0GCSqGSIb3DQEBAQUA +A4IBjwAwggGKAoIBgQCLAZkFNkuXHqCVWvQxw9dySp2tRKbzEn2ze4FezIVBZDWB +oho3bRJO7rxaWBs5VQdi/YqYdhUa2qr8mte9b0tJuacznsFR3sIxsihjGrqZadtI +FdtXohN4DIMy+dqBlQQpOqOO9YeMekpp3jw2OeqQFS2k0EqKrh1Eze8DV8WglWwq +L4Yvw5kWgXbWK+k/PCpB3yEP079XyzDYhQ8xVeWvpzhwx0SCcWaZ5+5p5VrVr/Mp +dR5oRIWEEXoJFTPqFWty4djvtCQCpI4h75nnSmBOvbmKtBxpA4Wn8k4y1KitV/o6 +Isr/FZu+xXaiuoxLIa9Dn6J8b42wAAF0hLH4LbNfYJCXn5bKbprkvmilpSAjOa2G +4pIsb2Wg6MeY6ffhnD/ZD96Zgbe1kgpTQGK/zhlXfDQMwMxoWLaQqOCGO+ZmB1xO +Ivkq96JpIW2Cg0TFQkii6nXmYNq0gitCk/c67QDg+tXcf1OqZNfrhW/PAdOQCX0t +8iwN59nMTafd9rGO6K8CAwEAAaOCBJAwggSMMA4GA1UdDwEB/wQEAwIBBjCBwQYD +VR0gBIG5MIG2MAwGCmCGSAFlAwIBBgEwDAYKYIZIAWUDAgEGAjAMBgpghkgBZQMC +AQYDMAwGCmCGSAFlAwIBBgQwDAYKYIZIAWUDAgEGDDAMBgpghkgBZQMCAQMGMAwG +CmCGSAFlAwIBAwcwDAYKYIZIAWUDAgEDCDAMBgpghkgBZQMCAQMNMAwGCmCGSAFl +AwIBAxAwDAYKYIZIAWUDAgEDETAMBgpghkgBZQMCAQMkMAwGCmCGSAFlAwIBAycw +EgYDVR0TAQH/BAgwBgEB/wIBADCCAXIGCCsGAQUFBwEBBIIBZDCCAWAwgdgGCCsG +AQUFBzAChoHLbGRhcDovL2Rpci5wa2kuc3RhdGUuZ292L2NuPVUuUy4lMjBEZXBh +cnRtZW50JTIwb2YlMjBTdGF0ZSUyMEFEJTIwUm9vdCUyMENBLGNuPUFJQSxjbj1Q +dWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxjbj1TZXJ2aWNlcyxjbj1Db25maWd1cmF0 +aW9uLGRjPXN0YXRlLGRjPXNidT9jQUNlcnRpZmljYXRlO2JpbmFyeSxjcm9zc0Nl +cnRpZmljYXRlUGFpcjtiaW5hcnkwRgYIKwYBBQUHMAKGOmh0dHA6Ly9jcmxzLnBr +aS5zdGF0ZS5nb3YvQUlBL0NlcnRzSXNzdWVkVG9Eb1NBRFJvb3RDQS5wN2MwOwYI +KwYBBQUHMAGGL2h0dHA6Ly9vY3NwLnBraS5zdGF0ZS5nb3YvT0NTUC9Eb1NPQ1NQ +UmVzcG9uZGVyMIIB6gYDVR0fBIIB4TCCAd0wggEKoIIBBqCCAQKGMmh0dHA6Ly9j +cmxzLnBraS5zdGF0ZS5nb3YvY3Jscy9Eb1NBRFBLSVJvb3RDQTEuY3JshoHLbGRh +cDovL2Rpci5wa2kuc3RhdGUuZ292L2NuPVdpbkNvbWJpbmVkMSxjbj1VLlMuJTIw +RGVwYXJ0bWVudCUyMG9mJTIwU3RhdGUlMjBBRCUyMFJvb3QlMjBDQSxjbj1BSUEs +Y249UHVibGljJTIwS2V5JTIwU2VydmljZXMsY249U2VydmljZXMsY249Q29uZmln +dXJhdGlvbixkYz1zdGF0ZSxkYz1zYnU/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlz +dDtiaW5hcnkwgcyggcmggcakgcMwgcAxEzARBgoJkiaJk/IsZAEZFgNzYnUxFTAT +BgoJkiaJk/IsZAEZFgVzdGF0ZTEWMBQGA1UEAwwNQ29uZmlndXJhdGlvbjERMA8G +A1UEAwwIU2VydmljZXMxHDAaBgNVBAMME1B1YmxpYyBLZXkgU2VydmljZXMxDDAK +BgNVBAMMA0FJQTEsMCoGA1UEAwwjVS5TLiBEZXBhcnRtZW50IG9mIFN0YXRlIEFE +IFJvb3QgQ0ExDTALBgNVBAMMBENSTDEwHwYDVR0jBBgwFoAUzABoYaalA5MQChth +t4cYwUVW2oIwHQYDVR0OBBYEFIzW1Gmp5IVBOmqmXtpRGheNkotsMA0GCSqGSIb3 +DQEBCwUAA4ICAQCVDVeCepB5wU7pK7TB0K7oZE+Z1Wllk/1Cj9mjoqrpJZ1bP3NP +iR3gpGg4H8IFHBwIuuL7XqgEJTA27rh9Zm6bmWVWKfZ77O52ilq2FV6M8h5QV5mT +Um62OecvH0w1tg5wfi7LSIzp2lo0znNm1mJnjfuNSt3Q5Erp2s1xli4IGDO4hp5b +g96i6+s7IlOFuckJTskwmBAT42SVNJoczUUMmyx/EXIiHxpYrjN9t/I0eJ1jsWeS +oTG/L8UqHx1qeC6sn74cntDs2CWPErdhgKDbgNk7oKSCZlwiLoP/BeJQKSahPMHY +mIBxXocXE8y+tH2Jow23rbxwArvrT1i+VHWeWsiKxFpBORI+1BUNdoedhLdSst7l +Avv1+uR1hOaQzmPnZYlDYv1x9ND2vInSLSReQallqGJU459JAxbBOa+arIPOxx9V +5SmlP9JBxt96aiBI/AKaH7ZxNQiVktIQbOidV1DYZjOMCTsfptRfitNpgkWO+GNM +VFqWiLog52M1zaC4IgQIWO09G1AUAlrBvuU8TpYpTGaPW884S7vlq0KyYwhsu9kb +LJ2fMd8kzUU+SQlB9gSF0xtUinXlsqwvCYm2ju8tTd4NN3kuCBwYXQHLEPJaymKF +fDwLdWbDu1dnNeOsVGPCmAGwvkLt54HwE++v/L724oDkLwHvMxyK0LpeaDCCCeUw +ggjNoAMCAQICFBSYeVbKMiX5klK/K+tWC4fqcT07MA0GCSqGSIb3DQEBCwUAMFUx +CzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDTALBgNVBAsT +BEZQS0kxHTAbBgNVBAMTFEZlZGVyYWwgQnJpZGdlIENBIEc0MB4XDTIxMDQyODEz +MzY0OVoXDTI0MDQyODEzMzY0OVowTTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUlk +ZW5UcnVzdDEqMCgGA1UEAxMhSWRlblRydXN0IEdsb2JhbCBDb21tb24gUm9vdCBD +QSAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA41SpM9RVgirpWkXR +VGu5W3Ir6uh4IbO6YAl/2nkT5ZAmtwNRpvKp4PiW2IJSom8w84NxiNtAMMJuUE8s +2XBWNHfQ9mbh8iF4Kc4yQTPbtOwLoIO0HIQfXokSWiNAQIcttkyWgBJt56CXa33h +uPPdUvSjK1mXfxTmUPEnBZJz89ZoI0sMa5ZSdlDEto2fMhGX8BNcG/5U2vE44V7g +cLZ5rMfBHWKkAGD0jCOdPsEDP9HfRjpEM6Lf0/yAgoejPPumCbCdwx7CTR7H5mxi +FHW0naxvnpEH2CSfIl9tZJwhlbJknckq60uJx4J2EK5sdvtUvePi4sChrrsonFfJ +FeIuX8tbvUGp3iNFecVHauwnfPOqKpQKanK3cEv390xpuK1t0U7LOdF8oE4JTvBo +O58DFmXdxt1OR8wWSqpHbyvscQ0sizxCdbT3kc4Sp9gw4fPExxAO3O8J0TS/my5d +hnWXVe9l+HNRD9brukU/2M9ZMo0851II/88GNTfJjOUpXdY7g+kkp4C9TqzOGTP/ +FZE/q8kCEDnfVLMIKtNlofCR/5560ifxUycrNf20F60Wz0I2sHHh9fZ6EuJb+0E2 +HxNvOGNqykmnew++KZfZNCTsjDEwIfQ1i57OsX2PzGbsANkfBY7W6xmJeuoBV6WC +aQHeeus9DBymYi6p62/fACA5DpECAwEAAaOCBbMwggWvMB0GA1UdDgQWBBT4+Ysv +f5BDn4/mjCy1SbhPkosWdDAfBgNVHSMEGDAWgBR58ABJ6393wl1BAmU0ipAjmx4H +bzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zCBlwYDVR0gBIGPMIGM +MAwGCmCGSAFlAwIBAwIwDAYKYIZIAWUDAgEDAzAMBgpghkgBZQMCAQMMMAwGCmCG +SAFlAwIBAw4wDAYKYIZIAWUDAgEDDzAMBgpghkgBZQMCAQMSMAwGCmCGSAFlAwIB +AxMwDAYKYIZIAWUDAgEDFDAMBgpghkgBZQMCAQMlMAwGCmCGSAFlAwIBAyYwggNS +BgNVHSEEggNJMIIDRTAZBgpghkgBZQMCAQMCBgtghkgBhvkvAGQCATAZBgpghkgB +ZQMCAQMCBgtghkgBhvkvAGQCAjAZBgpghkgBZQMCAQMCBgtghkgBhvkvAGQCAzAZ +BgpghkgBZQMCAQMCBgtghkgBhvkvAGQCBDAZBgpghkgBZQMCAQMCBgtghkgBhvkv +AGQCBTAZBgpghkgBZQMCAQMCBgtghkgBhvkvAGQCBjAZBgpghkgBZQMCAQMCBgtg +hkgBhvkvAGQCBzAZBgpghkgBZQMCAQMCBgtghkgBhvkvAGQCCDAZBgpghkgBZQMC +AQMDBgtghkgBhvkvAGQDATAZBgpghkgBZQMCAQMDBgtghkgBhvkvAGQDAjAZBgpg +hkgBZQMCAQMDBgtghkgBhvkvAGQDAzAZBgpghkgBZQMCAQMDBgtghkgBhvkvAGQD +BDAZBgpghkgBZQMCAQMDBgtghkgBhvkvAGQDBTAZBgpghkgBZQMCAQMDBgtghkgB +hvkvAGQDBjAZBgpghkgBZQMCAQMOBgtghkgBhvkvAGQOATAZBgpghkgBZQMCAQMO +BgtghkgBhvkvAGQOAjAZBgpghkgBZQMCAQMMBgtghkgBhvkvAGQMATAZBgpghkgB +ZQMCAQMMBgtghkgBhvkvAGQMAjAZBgpghkgBZQMCAQMMBgtghkgBhvkvAGQMAzAZ +BgpghkgBZQMCAQMMBgtghkgBhvkvAGQMBDAZBgpghkgBZQMCAQMPBgtghkgBhvkv +AGQPATAZBgpghkgBZQMCAQMPBgtghkgBhvkvAGQPAjAZBgpghkgBZQMCAQMPBgtg +hkgBhvkvAGQPAzAZBgpghkgBZQMCAQMPBgtghkgBhvkvAGQPBDAZBgpghkgBZQMC +AQMlBgtghkgBhvkvAGQlAjAZBgpghkgBZQMCAQMmBgtghkgBhvkvAGQmAjAZBgpg +hkgBZQMCAQMSBgtghkgBhvkvAGQSADAZBgpghkgBZQMCAQMSBgtghkgBhvkvAGQS +ATAZBgpghkgBZQMCAQMSBgtghkgBhvkvAGQSAjAZBgpghkgBZQMCAQMUBgtghkgB +hvkvAGQUATAZBgpghkgBZQMCAQMTBgtghkgBhvkvAGQTATBYBggrBgEFBQcBCwRM +MEowSAYIKwYBBQUHMAWGPGh0dHA6Ly92YWxpZGF0aW9uLmlkZW50cnVzdC5jb20v +cm9vdHMvSXNzdWVkYnlJR0NSb290Q0ExLnA3YzASBgNVHSQBAf8ECDAGgAEAgQEA +MAoGA1UdNgQDAgEAMFEGCCsGAQUFBwEBBEUwQzBBBggrBgEFBQcwAoY1aHR0cDov +L3JlcG8uZnBraS5nb3YvYnJpZGdlL2NhQ2VydHNJc3N1ZWRUb2ZiY2FnNC5wN2Mw +NwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL3JlcG8uZnBraS5nb3YvYnJpZGdlL2Zi +Y2FnNC5jcmwwVgYDVR0eAQH/BEwwSqFIMBmkFzAVMRMwEQYKCZImiZPyLGQBGRYD +bWlsMCukKTAnMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50 +MA0GCSqGSIb3DQEBCwUAA4IBAQC3hmSRCToMNraBVYWZqJ7HKZSzKOMVRM6lD+Cv +0VJp04oabk8CFpU7C/zir5W1udYha7zCFDkxll2hHHuLpf9xVypXG3+w/NC0xWl8 +FfyVX8oVwYXWsEi7Ad4xQEPQ3sX6gX4yHHSWqT3mM3q3V2egamrxFEzizuXwzuHN +T2oihQRYfKvbC08MY6xgyYjOcv/mBgWt5WxG/3X8zawNKtLDtcxJA/Pk87WQQ+Hl +3L7ceIc+Ck6oEC5Ck5ba2aUEJzU8tnzp5UdP5FX6q2vNO8LesaiuJt3HsLHPhcBZ +4J0lQhlGAWba6su5oLO1tHdUCj+tOcjAWWR2msIuI7Qpmg84MIIJ5jCCB86gAwIB +AgIQAk4/8KuaaA5FCnw+uVQd3DANBgkqhkiG9w0BAQwFADBoMQswCQYDVQQGEwJV +UzESMBAGA1UEChMJQ2VydGlQYXRoMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1 +dGhvcml0aWVzMSEwHwYDVQQDExhDZXJ0aVBhdGggQnJpZGdlIENBIC0gRzMwHhcN +MjMwMjIyMDAwMDAwWhcNMjQwMjI4MjM1OTU5WjCBlDELMAkGA1UEBhMCVVMxJTAj +BgNVBAoTHE5vcnRocm9wIEdydW1tYW4gQ29ycG9yYXRpb24xLTArBgNVBAsTJE5v +cnRocm9wIEdydW1tYW4gRW50ZXJwcmlzZSBTZXJ2aWNlczEvMC0GA1UEAxMmTm9y +dGhyb3AgR3J1bW1hbiBDb3Jwb3JhdGUgUm9vdCBDQS0zODQwggIiMA0GCSqGSIb3 +DQEBAQUAA4ICDwAwggIKAoICAQCN5oLYmP4KgVhOeGkEJtTlkDlIHOToq7/u4EXt +VDWVHuBnhN+03XodL8eUchMiG1U/a6FmErvBhKXkNZ+KA+Kcx1Pgj2Bfau36TnBn +VG5VyegXcA4eRwJ5Db3SOH+iiV8kIc2zosOyl5zR+M7cvxxrVLgEDmccqSYaZCwz +D++fht9CfwNiHR1zLWMBPbmLADx5g7/24H/vmBCZAGWR0ijjNsMazkBEBjPXcgPI +w+UcklsBCQHMIlPU5njO8jfktQSZeVHTMQjagD+O2sEo9qtJ1CMMAVo4E46ZCOXr +NG+xB0EET/yD7NrpSYblr5Igp95uq9QECro8xPQVqiPCylEiHO2mkKwlDQprmUvn +Cah76PFw4q0dWHCrd0ZFR3bcCpQ8yLNmfr8QEkYUfvbSboQSvMnQvhK9r573+gTB +N4zaA0HmPVjtft4xCFORG05y37N4SI8E3mfRlvJGWST/uhnTQfGfNFsqnDqsVa7l +gfk2vFxdb0fZKPrytmcMyRcPqUCGFXoPHjdEnbpnrfndBoegBQulAi/4Fymh5vdP +LQikKoL9tSbvvGlzFhkz+5RShmEPbvAyRbJ3G4/NULbFmAC1NHSvMwJ5zbJCL8Vb +d/macU5FbTxYenokTVcraZAVpNkqB4G/1Ye16WtCPSj/RxzcJHccCULqi4+Pa3fJ +f1TKWQIDAQABo4IEXTCCBFkwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQU ++0iqYUmA1PemhYKiRN2X1pumcQUwWQYDVR0gBFIwUDAOBgwrBgEEAYG7UwEBAQEw +DgYMKwYBBAGBu1MBAQECMA4GDCsGAQQBgbtTAQEBBzAOBgwrBgEEAYG7UwEBAQgw +DgYMKwYBBAGBu1MBAQEJMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwuY2Vy +dGlwYXRoLmNvbS9DZXJ0aVBhdGhCcmlkZ2VDQS1HMy5jcmwwDgYDVR0PAQH/BAQD +AgEGMIIBxwYDVR0eAQH/BIIBuzCCAbegggGzMAmBB25nYy5jb20wCoEILm5nYy5j +b20wC4EJbXluZ2MuY29tMAyBCi5teW5nYy5jb20wEIEOb3JiaXRhbGF0ay5jb20w +EYEPLm9yYml0YWxhdGsuY29tMAyBCnNjYWxlZC5jb20wDYELLnNjYWxlZC5jb20w +CYIHbmdjLmNvbTAPgg1ub3J0aGdydW0uY29tMBWCE25vcnRocm9wZ3J1bW1hbi5j +b20wC4IJbXluZ2MuY29tMAuCCW5nZXh0LmNvbTAQgg5vcmJpdGFsYXRrLmNvbTAM +ggpzY2FsZWQuY29tMDikNjA0MQswCQYDVQQGEwJVUzElMCMGA1UEChMcTm9ydGhy +b3AgR3J1bW1hbiBDb3Jwb3JhdGlvbjA0pDIwMDETMBEGCgmSJomT8ixkARkWA2Nv +bTEZMBcGCgmSJomT8ixkARkWCW5vcnRoZ3J1bTAwpC4wLDETMBEGCgmSJomT8ixk +ARkWA2NvbTEVMBMGCgmSJomT8ixkARkWBW5nZXh0MC6kLDAqMRMwEQYKCZImiZPy +LGQBGRYDY29tMRMwEQYKCZImiZPyLGQBGRYDbmdjMAoGA1UdNgQDAgEAMHsGCCsG +AQUFBwELBG8wbTBrBggrBgEFBQcwBYZfaHR0cDovL2NlcnRkYXRhLm5vcnRocm9w +Z3J1bW1hbi5jb20vY2VydGRhdGEvcDdjL0lzc3VlZEJ5Tm9ydGhyb3BHcnVtbWFu +Q29ycG9yYXRlUm9vdENBLTM4NC5wN2MwEgYDVR0kAQH/BAgwBoABAIEBADCBnAYD +VR0hBIGUMIGRMBsGDCsGAQQBgbtTAQEBAQYLKwYBBAH/ToN9Ag0wGwYMKwYBBAGB +u1MBAQECBgsrBgEEAf9Og30CDjAbBgwrBgEEAYG7UwEBAQcGCysGAQQB/06DfQIJ +MBsGDCsGAQQBgbtTAQEBCAYLKwYBBAH/ToN9AgowGwYMKwYBBAGBu1MBAQEJBgsr +BgEEAf9Og30CCzBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAKGMWh0dHA6Ly9h +aWEuY2VydGlwYXRoLmNvbS9DZXJ0aVBhdGhCcmlkZ2VDQS1HMy5wN2MwHwYDVR0j +BBgwFoAUeos8BpLcHqjSgqwbdG90PU7RqJswDQYJKoZIhvcNAQEMBQADggIBABQl +E3VqwvESXzRFPjnvdO36FXfQeHkDGqSEWyHLuTgwTSOdqc4Kp4u2dfksnakTSm49 +GanFxtEw914EosufFwNBlGx3z6ym0v0fTPlDVfA6bRfsjxqeiA3lOvAv4qwZ7va8 +awhrPARDPvamRCr5JsYpjQEJnwNLD71zdHDwX8J3GrAWY496siNhMkrj3zsQ8BEI +7Gg+bT1AYrpHdlRPfk+/GDFE6Lsx/V1+DI6/svyZccgNLKhAwSukKsTTf2vmCigR +H4xV/S1sAButBldgb3SoX88/cLWwf4t/QZzm/d4Q9ps7meqkupFTXl7tSAdJBBfS +iEsdoHBPb1xo7hfhZHNIcCLTt03cIoNgeRSMzL1NhJxIGE60kfsaaly5v/7+PtK1 +fVvBSoXWFmpIQ8QCdJEYt19/vhPszPEflVDy6dxdQsYAguXzhjf392VdeJH129qp +1Mf/QdmVncLLZsZ1RespJacTVkFYEyESHlglDJrRU1GmhyqAtn7gC4gwZmLwJO00 +5kLw3dzfQw6WtHGvcBdjYYkdlg/WWE4Tt5F6ZCxJV02NQKKqR8Y21ChPnnexEGy0 +sMRD8endC1Mv5cQb59TsB5ThqufksMxFZ0h+N7EB1v0CGoq+e4F0sX1Aw30cq7C+ +sdTSwVy3Kn5xyS5boO/BdmZavRn816DC+hxyu9PDMIIKLzCCCBegAwIBAgIGCOW5 +AwpiMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJDQTErMCkGA1UEChMiQ2Fy +aWxsb24gSW5mb3JtYXRpb24gU2VjdXJpdHkgSW5jLjEiMCAGA1UECxMZQ2VydGlm +aWNhdGlvbiBBdXRob3JpdGllczErMCkGA1UEAxMiQ2FyaWxsb24gUEtJIFNlcnZp +Y2VzIEcyIFJvb3QgQ0EgMjAeFw0yMDAxMjAyMDI1MTNaFw0yNzEwMjMyMDI1MTNa +MIGDMQswCQYDVQQGEwJDQTErMCkGA1UEChMiQ2FyaWxsb24gSW5mb3JtYXRpb24g +U2VjdXJpdHkgSW5jLjEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGll +czEjMCEGA1UEAxMaQ2FyaWxsb24gUEtJIFNlcnZpY2VzIENBIDEwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCmfig70NvZsDdkhiyivFSvLxvNb1w3oel5 +u/j51p8VCpHrMBl9Gp25s0qvW13IK0o1vvx3ZXMWJjme3p/DYtRdKIbbj8Kd5T9i +UpKZlmY8RIOapzEPFPrTdgdO2wWNW30IgbPcidj7naGuChrBdrP5KrOr2mU6hjH5 +HGbVEWL0Pc1PrDuZ/78C05+ZmXiFuAmTSisxKRu2uoyghyAm2hTv1QHTOe0NO7aZ +A2zfw4UB1laDXWzVWvzNWnAJqozmnmxeP+O4vfogKUoSB+F6nIgs63qGYmUPV/d5 +YCm2SnL3V1/oxf4lDRD6tLB2uncgYK8Zj3oGCpHcjUJRwmrfzfNjWWPvvnv3Kl6a +dazNXXHbkkx64PFoh6QrVXh08ED9s7wWg4W/SMKaIGuQ/+xKxTeUgT/BnJ4xSpS6 +AcRPK/MxiecVoe837yLRN3q+lh56XYArlCuI/r5/bAHJyJG7bOebgdTZk5VB10e/ +e5n4VPWeUVgzEZ4290pmYiohBmxe4qmUrAgPEZw44Y0HFi0lSTrlz467cV0puPpC +UvyPMtheiBRXptyfFu4/3hPXAbTS4MV1Ul/hwYiAyTHVxbTvTE4EVHD0vRYxLdj9 +xHN33HX6dPNtHZnEXZgHBwgpYdPbjwCwyrC4Ge0I1jKu63HH7fy52uPvel57ZIsJ +ltPlP64mWQIDAQABo4IEnTCCBJkwHQYDVR0OBBYEFCH4GUdEx3wYkb2ODzUTVQbU +4++lMB8GA1UdIwQYMBaAFP4BF6aKLnoK25nuD0uUgwSK3JGRMBIGA1UdEwEB/wQI +MAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMIIDrAYDVR0gBIIDozCCA58wDQYLKwYB +BAGBw14DAQMwDQYLKwYBBAGBw14DAQQwDQYLKwYBBAGBw14DAQUwDQYLKwYBBAGB +w14DAQYwDQYLKwYBBAGBw14DAQcwDQYLKwYBBAGBw14DAQgwDQYLKwYBBAGBw14D +AQkwDQYLKwYBBAGBw14DAQowDQYLKwYBBAGBw14DAR4wDQYLKwYBBAGBw14DAQsw +DQYLKwYBBAGBw14DAR8wDQYLKwYBBAGBw14DAQwwDQYLKwYBBAGBw14DAQ0wDQYL +KwYBBAGBw14DAQ4wgewGCysGAQQBgcNeAwEUMIHcMDkGCCsGAQUFBwIBFi1odHRw +czovL3B1Yi5jYXJpbGxvbi5jYS9DZXJ0aWZpY2F0ZVBvbGljeS5wZGYwgZ4GCCsG +AQUFBwICMIGRGoGOVGhpcyBjZXJ0aWZpY2F0ZSBoYXMgYmVlbiBpc3N1ZWQgaW4g +YWNjb3JkYW5jZSB3aXRoIHRoZSBDYXJpbGxvbiBJbmZvcm1hdGlvbiBTZWN1cml0 +eSBJbmMuIENlcnRpZmljYXRlIFBvbGljeSBhcyBmb3VuZCBpbiB0aGUgQ1BTcG9p +bnRlciBmaWVsZDCB7AYLKwYBBAGBw14DARUwgdwwOQYIKwYBBQUHAgEWLWh0dHBz +Oi8vcHViLmNhcmlsbG9uLmNhL0NlcnRpZmljYXRlUG9saWN5LnBkZjCBngYIKwYB +BQUHAgIwgZEagY5UaGlzIGNlcnRpZmljYXRlIGhhcyBiZWVuIGlzc3VlZCBpbiBh +Y2NvcmRhbmNlIHdpdGggdGhlIENhcmlsbG9uIEluZm9ybWF0aW9uIFNlY3VyaXR5 +IEluYy4gQ2VydGlmaWNhdGUgUG9saWN5IGFzIGZvdW5kIGluIHRoZSBDUFNwb2lu +dGVyIGZpZWxkMIHsBgsrBgEEAYHDXgMBFjCB3DA5BggrBgEFBQcCARYtaHR0cHM6 +Ly9wdWIuY2FyaWxsb24uY2EvQ2VydGlmaWNhdGVQb2xpY3kucGRmMIGeBggrBgEF +BQcCAjCBkRqBjlRoaXMgY2VydGlmaWNhdGUgaGFzIGJlZW4gaXNzdWVkIGluIGFj +Y29yZGFuY2Ugd2l0aCB0aGUgQ2FyaWxsb24gSW5mb3JtYXRpb24gU2VjdXJpdHkg +SW5jLiBDZXJ0aWZpY2F0ZSBQb2xpY3kgYXMgZm91bmQgaW4gdGhlIENQU3BvaW50 +ZXIgZmllbGQwSAYIKwYBBQUHAQEEPDA6MDgGCCsGAQUFBzAChixodHRwOi8vcHVi +LmNhcmlsbG9uLmNhL0NBY2VydHMvQ0lTRzJSQ0EyLnA3YzA5BgNVHR8EMjAwMC6g +LKAqhihodHRwOi8vcHViLmNhcmlsbG9uLmNhL0NSTC9DSVNHMlJDQTIuY3JsMA0G +CSqGSIb3DQEBCwUAA4ICAQCxCKjuGIqZfVo4MfvYBTrbfh+td4F8r1JU8dpcDi1Z +UaCEaT7iONqFLN/R52OYHYyyRLm+bkeJuN79BVjfKqcBYacEEbpOqJJjVDqbHKh0 +p6rq5TvO8DfaH1j8d3DEphFTmWA4EgdVNUZEZGyDxFUDwxIbjHPsUAd2q37kwx+B +ZwA04/DEdYj7wTNWc59w9fZMLvrbvLY5A9dr8h7eU5VDP3RzNlfWYaqHmzG6KBXi +pcpQjs5MFjTbgPaZ22hAQ7fzilywlzh3DQrlVSqwlOYWFuEDraX/qmCS1xWQ07Kf +Q9o76j8kgnIwF344t/9ayjiucFPxPAC3YbXtSlN517QcuD6ciHhWGtFFGnDOT3fF +khEREk8UVCOvpooIH4FeghFUP/QNol1pejXIkdcA8ehSYppM8EyIAKCemF65ChsH +CUWlOocC0rPGYQUnZ3vyjzIoG2TkiwM1ZwozgUHlMe8ZoNfcgKrJ3rFP2Q9bKAMG +q90/DwM1EbVMEa0/3Z2dJg871BQhgulf3bgsy1pTsohqdShDl6crY7kkjuGMMBTV +uMB3pvoTQVrfbMIOlv0MZ8z3tPPonmEmrJRJKDO2H/PHZZNQtiYEB+FBg318uY6h +kEAcAyqz9MaJA8OaN2dKmqFLuVXY5HeNOAYTt3uVncpco5240zqYScBBURTxuM+V +FjCCCjUwgggdoAMCAQICBFGwafowDQYJKoZIhvcNAQELBQAwgbExEzARBgoJkiaJ k/IsZAEZFgNzYnUxFTATBgoJkiaJk/IsZAEZFgVzdGF0ZTEWMBQGA1UEAwwNQ29u ZmlndXJhdGlvbjERMA8GA1UEAwwIU2VydmljZXMxHDAaBgNVBAMME1B1YmxpYyBL ZXkgU2VydmljZXMxDDAKBgNVBAMMA0FJQTEsMCoGA1UEAwwjVS5TLiBEZXBhcnRt -ZW50IG9mIFN0YXRlIEFEIFJvb3QgQ0EwHhcNMDQwNjIzMTc1MDU1WhcNMzQwNjIz -MTgyMDU1WjCBsTETMBEGCgmSJomT8ixkARkWA3NidTEVMBMGCgmSJomT8ixkARkW +ZW50IG9mIFN0YXRlIEFEIFJvb3QgQ0EwHhcNMTgwMzA2MjEyNDU0WhcNMjgwMzA2 +MjE1NDU0WjCBuzETMBEGCgmSJomT8ixkARkWA3NidTEVMBMGCgmSJomT8ixkARkW BXN0YXRlMRYwFAYDVQQDDA1Db25maWd1cmF0aW9uMREwDwYDVQQDDAhTZXJ2aWNl -czEcMBoGA1UEAwwTUHVibGljIEtleSBTZXJ2aWNlczEMMAoGA1UEAwwDQUlBMSww -KgYDVQQDDCNVLlMuIERlcGFydG1lbnQgb2YgU3RhdGUgQUQgUm9vdCBDQTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALk2X7OxBdpK4mvDl39KXBDZCimv -2W+aVa+lGW609KXtfkODlZLJTZXS774kTS6ms6Gz5kj1ZLbswr5rfY6YzNODodXO -k7dy6tGIz+Hl8msAQFgV5ei6vShQdgXBZwKGLWTSZmQytvhY735amlMWUi/1vsxK -Bo6gflRNQ0TkcAwwOA9VAacizHKV+0XuKQLKV3jk3vrgcMt2V/PDaPREefWe0TDa -rSmnq8ZsE339E+H3us6omsoiveJ4TgHPDdv6AAXjKaNwo6KCXaWKHw8kblmm4aY/ -A6ZZeH6ubCfMAzqlCYen/FcMg+onHmG9N+g4qwmEGJ4+DBA5zRuViCxczucCAwEA -AaOCBMgwggTEMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMIHdBgNV -HSAEgdUwgdIwDAYKYIZIAWUDAgEGATAMBgpghkgBZQMCAQYCMAwGCmCGSAFlAwIB -BgMwDAYKYIZIAWUDAgEGBDAMBgpghkgBZQMCAQYMMAwGCmCGSAFlAwIBAwYwDAYK -YIZIAWUDAgEDBzAMBgpghkgBZQMCAQMIMAwGCmCGSAFlAwIBAw0wDAYKYIZIAWUD -AgEDEDAMBgpghkgBZQMCAQMRMAwGCmCGSAFlAwIBAyQwDAYKYIZIAWUDAgEDJzAM -BgpghkgBZQMCAQMoMAwGCmCGSAFlAwIBAykwggF2BggrBgEFBQcBAQSCAWgwggFk -MIHcBggrBgEFBQcwAoaBz2xkYXA6Ly9jZXJ0cmVwLnBraS5zdGF0ZS5nb3YvY249 -VS5TLiUyMERlcGFydG1lbnQlMjBvZiUyMFN0YXRlJTIwQUQlMjBSb290JTIwQ0Es -Y249QUlBLGNuPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLGNuPVNlcnZpY2VzLGNu -PUNvbmZpZ3VyYXRpb24sZGM9c3RhdGUsZGM9c2J1P2NBQ2VydGlmaWNhdGU7Ymlu -YXJ5LGNyb3NzQ2VydGlmaWNhdGVQYWlyO2JpbmFyeTBGBggrBgEFBQcwAoY6aHR0 -cDovL2NybHMucGtpLnN0YXRlLmdvdi9BSUEvQ2VydHNJc3N1ZWRUb0RvU0FEUm9v -dENBLnA3YzA7BggrBgEFBQcwAYYvaHR0cDovL29jc3AucGtpLnN0YXRlLmdvdi9P -Q1NQL0RvU09DU1BSZXNwb25kZXIwHwYDVR0jBBgwFoAUzABoYaalA5MQChtht4cY -wUVW2oIwHQYDVR0OBBYEFG+D/oJQZGV3Pv3fA5rOKdEvMMzsMIIB6gYDVR0fBIIB -4TCCAd0wggEKoIIBBqCCAQKGMmh0dHA6Ly9jcmxzLnBraS5zdGF0ZS5nb3YvY3Js -cy9Eb1NBRFBLSVJvb3RDQTEuY3JshoHLbGRhcDovL2Rpci5wa2kuc3RhdGUuZ292 -L2NuPVdpbkNvbWJpbmVkMSxjbj1VLlMuJTIwRGVwYXJ0bWVudCUyMG9mJTIwU3Rh -dGUlMjBBRCUyMFJvb3QlMjBDQSxjbj1BSUEsY249UHVibGljJTIwS2V5JTIwU2Vy -dmljZXMsY249U2VydmljZXMsY249Q29uZmlndXJhdGlvbixkYz1zdGF0ZSxkYz1z -YnU/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5hcnkwgcyggcmggcakgcMw -gcAxEzARBgoJkiaJk/IsZAEZFgNzYnUxFTATBgoJkiaJk/IsZAEZFgVzdGF0ZTEW -MBQGA1UEAwwNQ29uZmlndXJhdGlvbjERMA8GA1UEAwwIU2VydmljZXMxHDAaBgNV -BAMME1B1YmxpYyBLZXkgU2VydmljZXMxDDAKBgNVBAMMA0FJQTEsMCoGA1UEAwwj -VS5TLiBEZXBhcnRtZW50IG9mIFN0YXRlIEFEIFJvb3QgQ0ExDTALBgNVBAMMBENS -TDEwGQYJKoZIhvZ9B0EABAwwChsEVjguMgMCBJAwDQYJKoZIhvcNAQELBQADggIB -AESZbSMyCq5CjC2g4AMTgwJTBVyDMXcIrjmZeOYXdvAlzeSAyc/vv9iPRpPzByOL -H14PLL5aMU/oLMln6kjplvWwN4csLS860ENREfGrpldI4lNKz9yVf2SVnWqTITOW -A0nvs8ruO8+h0DOlr9tuXpq2U576qK/soQzJ5zeppn0mqQG13PlrV/KccwESayzY -2Fr+EBdkUfl/Au9vLM/Rm25pN3y0FP65Rk5MZRRO9k60g3mlP2J37xueoXB645kK -1Ia1K283bpowQFY51STFT91ksHpm1MIt/yuMN8rmA6WAwt46HT2uZrL7vlTfAVL9 -kZN4abJZMGHn2uWWpFY/rhjkqV3suuimupIAcerRny0l3u/Yt0vpRsC7vjFvWHBY -WSO3S8xVqeGPzFjdGTbufzkxC/OMLWoCs804wQsrrpYtELb3AjVsKwnaAA0sHS1B -0ADVRjS4cz5F5UflDIjDni0s0vZpFCNZ5GuiWlYy42fZxqsgoNfT3CnmtxbkkEzA -bgHeIHWWlBF6DPHse58KyTz9mDEnfP0M5G4iMSDruhDDBLdHNfhKy4EOLqcFezZE -4aE3uD2HSXidd5rP/xzByNDKs+mMHOpU+bzTwPEVJl/6yTkPRmETN2Ocoy4rkbIZ -ibdyfi+sOnttPtoUfSbvzct44iKHazd24FAiRkbNlblNMIIJ5TCCB82gAwIBAgIE -UbC5fzANBgkqhkiG9w0BAQsFADCBsTETMBEGCgmSJomT8ixkARkWA3NidTEVMBMG -CgmSJomT8ixkARkWBXN0YXRlMRYwFAYDVQQDDA1Db25maWd1cmF0aW9uMREwDwYD -VQQDDAhTZXJ2aWNlczEcMBoGA1UEAwwTUHVibGljIEtleSBTZXJ2aWNlczEMMAoG -A1UEAwwDQUlBMSwwKgYDVQQDDCNVLlMuIERlcGFydG1lbnQgb2YgU3RhdGUgQUQg -Um9vdCBDQTAeFw0yMDAxMjQyMzM0MDhaFw0zMDAxMjUwMDA0MDhaMIGiMQswCQYD -VQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MRwwGgYDVQQLExNEZXBh -cnRtZW50IG9mIFN0YXRlMQwwCgYDVQQLEwNQSVYxIjAgBgNVBAsTGUNlcnRpZmlj -YXRpb24gQXV0aG9yaXRpZXMxKTAnBgNVBAsTIFUuUy4gRGVwYXJ0bWVudCBvZiBT -dGF0ZSBQSVYgQ0EyMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAiwGZ -BTZLlx6glVr0McPXckqdrUSm8xJ9s3uBXsyFQWQ1gaIaN20STu68WlgbOVUHYv2K -mHYVGtqq/JrXvW9LSbmnM57BUd7CMbIoYxq6mWnbSBXbV6ITeAyDMvnagZUEKTqj -jvWHjHpKad48NjnqkBUtpNBKiq4dRM3vA1fFoJVsKi+GL8OZFoF21ivpPzwqQd8h -D9O/V8sw2IUPMVXlr6c4cMdEgnFmmefuaeVa1a/zKXUeaESFhBF6CRUz6hVrcuHY -77QkAqSOIe+Z50pgTr25irQcaQOFp/JOMtSorVf6OiLK/xWbvsV2orqMSyGvQ5+i -fG+NsAABdISx+C2zX2CQl5+Wym6a5L5opaUgIzmthuKSLG9loOjHmOn34Zw/2Q/e -mYG3tZIKU0Biv84ZV3w0DMDMaFi2kKjghjvmZgdcTiL5KveiaSFtgoNExUJIoup1 -5mDatIIrQpP3Ou0A4PrV3H9TqmTX64VvzwHTkAl9LfIsDefZzE2n3faxjuivAgMB -AAGjggSQMIIEjDAOBgNVHQ8BAf8EBAMCAQYwgcEGA1UdIASBuTCBtjAMBgpghkgB -ZQMCAQYBMAwGCmCGSAFlAwIBBgIwDAYKYIZIAWUDAgEGAzAMBgpghkgBZQMCAQYE -MAwGCmCGSAFlAwIBBgwwDAYKYIZIAWUDAgEDBjAMBgpghkgBZQMCAQMHMAwGCmCG -SAFlAwIBAwgwDAYKYIZIAWUDAgEDDTAMBgpghkgBZQMCAQMQMAwGCmCGSAFlAwIB -AxEwDAYKYIZIAWUDAgEDJDAMBgpghkgBZQMCAQMnMBIGA1UdEwEB/wQIMAYBAf8C -AQAwggFyBggrBgEFBQcBAQSCAWQwggFgMIHYBggrBgEFBQcwAoaBy2xkYXA6Ly9k -aXIucGtpLnN0YXRlLmdvdi9jbj1VLlMuJTIwRGVwYXJ0bWVudCUyMG9mJTIwU3Rh -dGUlMjBBRCUyMFJvb3QlMjBDQSxjbj1BSUEsY249UHVibGljJTIwS2V5JTIwU2Vy -dmljZXMsY249U2VydmljZXMsY249Q29uZmlndXJhdGlvbixkYz1zdGF0ZSxkYz1z -YnU/Y0FDZXJ0aWZpY2F0ZTtiaW5hcnksY3Jvc3NDZXJ0aWZpY2F0ZVBhaXI7Ymlu -YXJ5MEYGCCsGAQUFBzAChjpodHRwOi8vY3Jscy5wa2kuc3RhdGUuZ292L0FJQS9D -ZXJ0c0lzc3VlZFRvRG9TQURSb290Q0EucDdjMDsGCCsGAQUFBzABhi9odHRwOi8v -b2NzcC5wa2kuc3RhdGUuZ292L09DU1AvRG9TT0NTUFJlc3BvbmRlcjCCAeoGA1Ud +czEcMBoGA1UEAwwTUHVibGljIEtleSBTZXJ2aWNlczEMMAoGA1UEAwwDQUlBMTYw +NAYDVQQDDC1VLlMuIERlcGFydG1lbnQgb2YgU3RhdGUgQUQgSGlnaCBBc3N1cmFu +Y2UgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwLljpY+64AMh1 +tndXzrOI/8eVDMDvWxOoOFsHA/qpSJBmXtg2JHsu9XW2ZBNoHJXPdNZa9k4Ke+vo +rpKiXgFZ6kPuJ99nwAy+9K5fs3IwYJpqTtIa0JslyGGt0OjoPisaZw/H/viKiBMS +6TDiXdKIirzo7jjdiosBen19cCFVdTcSidXj9BNy27xV7vqV2psSc99/dvuyCXn2 +C/WN1MsLs7xs74RdX9nlDVfY36/vNHimFAvv4KV7TnqyBN7c7xIs1EjYzL4x3Q6U +1W947+dWBUSPQk1Xi81CKIHQaoaV3ffTJ2S3wk8DCxop52aUStcJ4V3/jV3YUVsL +1TOxp872PNLoYBgiYe2ysvtEO2s04bSyorYjg0SpBRTKW9d13/vrFUlWqJkIsIPf +JXf6sbePMOA5Bo9W4rhAMJJFrNxlKSx0YgT7x84Ba186PhxUMaUdEK7307QrX0n8 +3hkfBt5BUI5aYsCNZcu52vMe+CWOQbjzVDFy+/5Ry92/htwuf8yCo9ukoYdhfLr+ +0A7yC32f/5sqYy4tsivG5HgqnPQEDxXiCavmesLtXm4IuvJRngeVk2bi9eo+ALR2 +C0fMrXK7HK775ZM8l0MvB60YzDaNV3TXCfJljyuUuiJ9Zzlv0andZaChZOgd50v5 +fw9ynX4N5M4JQIOHQRM042i4jtOORQIDAQABo4IERzCCBEMwDgYDVR0PAQH/BAQD +AgEGMGsGA1UdIARkMGIwDAYKYIZIAWUDAgEGATAMBgpghkgBZQMCAQYCMAwGCmCG +SAFlAwIBBgMwDAYKYIZIAWUDAgEGBDAMBgpghkgBZQMCAQYMMAwGCmCGSAFlAwIB +BiUwDAYKYIZIAWUDAgEGJjCCAXIGCCsGAQUFBwEBBIIBZDCCAWAwgdgGCCsGAQUF +BzAChoHLbGRhcDovL2Rpci5wa2kuc3RhdGUuZ292L2NuPVUuUy4lMjBEZXBhcnRt +ZW50JTIwb2YlMjBTdGF0ZSUyMEFEJTIwUm9vdCUyMENBLGNuPUFJQSxjbj1QdWJs +aWMlMjBLZXklMjBTZXJ2aWNlcyxjbj1TZXJ2aWNlcyxjbj1Db25maWd1cmF0aW9u +LGRjPXN0YXRlLGRjPXNidT9jQUNlcnRpZmljYXRlO2JpbmFyeSxjcm9zc0NlcnRp +ZmljYXRlUGFpcjtiaW5hcnkwRgYIKwYBBQUHMAKGOmh0dHA6Ly9jcmxzLnBraS5z +dGF0ZS5nb3YvQUlBL0NlcnRzSXNzdWVkVG9Eb1NBRFJvb3RDQS5wN2MwOwYIKwYB +BQUHMAGGL2h0dHA6Ly9vY3NwLnBraS5zdGF0ZS5nb3YvT0NTUC9Eb1NPQ1NQUmVz +cG9uZGVyMBIGA1UdEwEB/wQIMAYBAf8CAQAwDAYDVR0kBAUwA4EBADCCAeoGA1Ud HwSCAeEwggHdMIIBCqCCAQagggEChjJodHRwOi8vY3Jscy5wa2kuc3RhdGUuZ292 L2NybHMvRG9TQURQS0lSb290Q0ExLmNybIaBy2xkYXA6Ly9kaXIucGtpLnN0YXRl Lmdvdi9jbj1XaW5Db21iaW5lZDEsY249VS5TLiUyMERlcGFydG1lbnQlMjBvZiUy @@ -4812,286 +4986,72 @@ dGUxFjAUBgNVBAMMDUNvbmZpZ3VyYXRpb24xETAPBgNVBAMMCFNlcnZpY2VzMRww GgYDVQQDDBNQdWJsaWMgS2V5IFNlcnZpY2VzMQwwCgYDVQQDDANBSUExLDAqBgNV BAMMI1UuUy4gRGVwYXJ0bWVudCBvZiBTdGF0ZSBBRCBSb290IENBMQ0wCwYDVQQD DARDUkwxMB8GA1UdIwQYMBaAFMwAaGGmpQOTEAobYbeHGMFFVtqCMB0GA1UdDgQW -BBSM1tRpqeSFQTpqpl7aURoXjZKLbDANBgkqhkiG9w0BAQsFAAOCAgEAlQ1XgnqQ -ecFO6Su0wdCu6GRPmdVpZZP9Qo/Zo6Kq6SWdWz9zT4kd4KRoOB/CBRwcCLri+16o -BCUwNu64fWZum5llVin2e+zudopathVejPIeUFeZk1JutjnnLx9MNbYOcH4uy0iM -6dpaNM5zZtZiZ437jUrd0ORK6drNcZYuCBgzuIaeW4PeouvrOyJThbnJCU7JMJgQ -E+NklTSaHM1FDJssfxFyIh8aWK4zfbfyNHidY7FnkqExvy/FKh8dangurJ++HJ7Q -7NgljxK3YYCg24DZO6CkgmZcIi6D/wXiUCkmoTzB2JiAcV6HFxPMvrR9iaMNt628 -cAK7609YvlR1nlrIisRaQTkSPtQVDXaHnYS3UrLe5QL79frkdYTmkM5j52WJQ2L9 -cfTQ9ryJ0i0kXkGpZahiVOOfSQMWwTmvmqyDzscfVeUppT/SQcbfemogSPwCmh+2 -cTUIlZLSEGzonVdQ2GYzjAk7H6bUX4rTaYJFjvhjTFRaloi6IOdjNc2guCIECFjt -PRtQFAJawb7lPE6WKUxmj1vPOEu75atCsmMIbLvZGyydnzHfJM1FPkkJQfYEhdMb -VIp15bKsLwmJto7vLU3eDTd5LggcGF0ByxDyWspihXw8C3Vmw7tXZzXjrFRjwpgB -sL5C7eeB8BPvr/y+9uKA5C8B7zMcitC6XmgwggnlMIIIzaADAgECAhQUmHlWyjIl -+ZJSvyvrVguH6nE9OzANBgkqhkiG9w0BAQsFADBVMQswCQYDVQQGEwJVUzEYMBYG -A1UEChMPVS5TLiBHb3Zlcm5tZW50MQ0wCwYDVQQLEwRGUEtJMR0wGwYDVQQDExRG -ZWRlcmFsIEJyaWRnZSBDQSBHNDAeFw0yMTA0MjgxMzM2NDlaFw0yNDA0MjgxMzM2 -NDlaME0xCzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlJZGVuVHJ1c3QxKjAoBgNVBAMT -IUlkZW5UcnVzdCBHbG9iYWwgQ29tbW9uIFJvb3QgQ0EgMTCCAiIwDQYJKoZIhvcN -AQEBBQADggIPADCCAgoCggIBAONUqTPUVYIq6VpF0VRruVtyK+roeCGzumAJf9p5 -E+WQJrcDUabyqeD4ltiCUqJvMPODcYjbQDDCblBPLNlwVjR30PZm4fIheCnOMkEz -27TsC6CDtByEH16JElojQECHLbZMloASbeegl2t94bjz3VL0oytZl38U5lDxJwWS -c/PWaCNLDGuWUnZQxLaNnzIRl/ATXBv+VNrxOOFe4HC2eazHwR1ipABg9IwjnT7B -Az/R30Y6RDOi39P8gIKHozz7pgmwncMewk0ex+ZsYhR1tJ2sb56RB9gknyJfbWSc -IZWyZJ3JKutLiceCdhCubHb7VL3j4uLAoa67KJxXyRXiLl/LW71Bqd4jRXnFR2rs -J3zzqiqUCmpyt3BL9/dMabitbdFOyznRfKBOCU7waDufAxZl3cbdTkfMFkqqR28r -7HENLIs8QnW095HOEqfYMOHzxMcQDtzvCdE0v5suXYZ1l1XvZfhzUQ/W67pFP9jP -WTKNPOdSCP/PBjU3yYzlKV3WO4PpJKeAvU6szhkz/xWRP6vJAhA531SzCCrTZaHw -kf+eetIn8VMnKzX9tBetFs9CNrBx4fX2ehLiW/tBNh8TbzhjaspJp3sPvimX2TQk -7IwxMCH0NYuezrF9j8xm7ADZHwWO1usZiXrqAVelgmkB3nrrPQwcpmIuqetv3wAg -OQ6RAgMBAAGjggWzMIIFrzAdBgNVHQ4EFgQU+PmLL3+QQ5+P5owstUm4T5KLFnQw -HwYDVR0jBBgwFoAUefAASet/d8JdQQJlNIqQI5seB28wDgYDVR0PAQH/BAQDAgEG -MA8GA1UdEwEB/wQFMAMBAf8wgZcGA1UdIASBjzCBjDAMBgpghkgBZQMCAQMCMAwG -CmCGSAFlAwIBAwMwDAYKYIZIAWUDAgEDDDAMBgpghkgBZQMCAQMOMAwGCmCGSAFl -AwIBAw8wDAYKYIZIAWUDAgEDEjAMBgpghkgBZQMCAQMTMAwGCmCGSAFlAwIBAxQw -DAYKYIZIAWUDAgEDJTAMBgpghkgBZQMCAQMmMIIDUgYDVR0hBIIDSTCCA0UwGQYK -YIZIAWUDAgEDAgYLYIZIAYb5LwBkAgEwGQYKYIZIAWUDAgEDAgYLYIZIAYb5LwBk -AgIwGQYKYIZIAWUDAgEDAgYLYIZIAYb5LwBkAgMwGQYKYIZIAWUDAgEDAgYLYIZI -AYb5LwBkAgQwGQYKYIZIAWUDAgEDAgYLYIZIAYb5LwBkAgUwGQYKYIZIAWUDAgED -AgYLYIZIAYb5LwBkAgYwGQYKYIZIAWUDAgEDAgYLYIZIAYb5LwBkAgcwGQYKYIZI -AWUDAgEDAgYLYIZIAYb5LwBkAggwGQYKYIZIAWUDAgEDAwYLYIZIAYb5LwBkAwEw -GQYKYIZIAWUDAgEDAwYLYIZIAYb5LwBkAwIwGQYKYIZIAWUDAgEDAwYLYIZIAYb5 -LwBkAwMwGQYKYIZIAWUDAgEDAwYLYIZIAYb5LwBkAwQwGQYKYIZIAWUDAgEDAwYL -YIZIAYb5LwBkAwUwGQYKYIZIAWUDAgEDAwYLYIZIAYb5LwBkAwYwGQYKYIZIAWUD -AgEDDgYLYIZIAYb5LwBkDgEwGQYKYIZIAWUDAgEDDgYLYIZIAYb5LwBkDgIwGQYK -YIZIAWUDAgEDDAYLYIZIAYb5LwBkDAEwGQYKYIZIAWUDAgEDDAYLYIZIAYb5LwBk -DAIwGQYKYIZIAWUDAgEDDAYLYIZIAYb5LwBkDAMwGQYKYIZIAWUDAgEDDAYLYIZI -AYb5LwBkDAQwGQYKYIZIAWUDAgEDDwYLYIZIAYb5LwBkDwEwGQYKYIZIAWUDAgED -DwYLYIZIAYb5LwBkDwIwGQYKYIZIAWUDAgEDDwYLYIZIAYb5LwBkDwMwGQYKYIZI -AWUDAgEDDwYLYIZIAYb5LwBkDwQwGQYKYIZIAWUDAgEDJQYLYIZIAYb5LwBkJQIw -GQYKYIZIAWUDAgEDJgYLYIZIAYb5LwBkJgIwGQYKYIZIAWUDAgEDEgYLYIZIAYb5 -LwBkEgAwGQYKYIZIAWUDAgEDEgYLYIZIAYb5LwBkEgEwGQYKYIZIAWUDAgEDEgYL -YIZIAYb5LwBkEgIwGQYKYIZIAWUDAgEDFAYLYIZIAYb5LwBkFAEwGQYKYIZIAWUD -AgEDEwYLYIZIAYb5LwBkEwEwWAYIKwYBBQUHAQsETDBKMEgGCCsGAQUFBzAFhjxo -dHRwOi8vdmFsaWRhdGlvbi5pZGVudHJ1c3QuY29tL3Jvb3RzL0lzc3VlZGJ5SUdD -Um9vdENBMS5wN2MwEgYDVR0kAQH/BAgwBoABAIEBADAKBgNVHTYEAwIBADBRBggr -BgEFBQcBAQRFMEMwQQYIKwYBBQUHMAKGNWh0dHA6Ly9yZXBvLmZwa2kuZ292L2Jy -aWRnZS9jYUNlcnRzSXNzdWVkVG9mYmNhZzQucDdjMDcGA1UdHwQwMC4wLKAqoCiG -Jmh0dHA6Ly9yZXBvLmZwa2kuZ292L2JyaWRnZS9mYmNhZzQuY3JsMFYGA1UdHgEB -/wRMMEqhSDAZpBcwFTETMBEGCgmSJomT8ixkARkWA21pbDArpCkwJzELMAkGA1UE -BhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDANBgkqhkiG9w0BAQsFAAOC -AQEAt4ZkkQk6DDa2gVWFmaiexymUsyjjFUTOpQ/gr9FSadOKGm5PAhaVOwv84q+V -tbnWIWu8whQ5MZZdoRx7i6X/cVcqVxt/sPzQtMVpfBX8lV/KFcGF1rBIuwHeMUBD -0N7F+oF+Mhx0lqk95jN6t1dnoGpq8RRM4s7l8M7hzU9qIoUEWHyr2wtPDGOsYMmI -znL/5gYFreVsRv91/M2sDSrSw7XMSQPz5PO1kEPh5dy+3HiHPgpOqBAuQpOW2tml -BCc1PLZ86eVHT+RV+qtrzTvC3rGoribdx7Cxz4XAWeCdJUIZRgFm2urLuaCztbR3 -VAo/rTnIwFlkdprCLiO0KZoPODCCCeYwggfOoAMCAQICEAJOP/CrmmgORQp8PrlU -HdwwDQYJKoZIhvcNAQEMBQAwaDELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUNlcnRp -UGF0aDEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEhMB8GA1UE -AxMYQ2VydGlQYXRoIEJyaWRnZSBDQSAtIEczMB4XDTIzMDIyMjAwMDAwMFoXDTI0 -MDIyODIzNTk1OVowgZQxCzAJBgNVBAYTAlVTMSUwIwYDVQQKExxOb3J0aHJvcCBH -cnVtbWFuIENvcnBvcmF0aW9uMS0wKwYDVQQLEyROb3J0aHJvcCBHcnVtbWFuIEVu -dGVycHJpc2UgU2VydmljZXMxLzAtBgNVBAMTJk5vcnRocm9wIEdydW1tYW4gQ29y -cG9yYXRlIFJvb3QgQ0EtMzg0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC -AgEAjeaC2Jj+CoFYTnhpBCbU5ZA5SBzk6Ku/7uBF7VQ1lR7gZ4TftN16HS/HlHIT -IhtVP2uhZhK7wYSl5DWfigPinMdT4I9gX2rt+k5wZ1RuVcnoF3AOHkcCeQ290jh/ -oolfJCHNs6LDspec0fjO3L8ca1S4BA5nHKkmGmQsMw/vn4bfQn8DYh0dcy1jAT25 -iwA8eYO/9uB/75gQmQBlkdIo4zbDGs5ARAYz13IDyMPlHJJbAQkBzCJT1OZ4zvI3 -5LUEmXlR0zEI2oA/jtrBKParSdQjDAFaOBOOmQjl6zRvsQdBBE/8g+za6UmG5a+S -IKfebqvUBAq6PMT0FaojwspRIhztppCsJQ0Ka5lL5wmoe+jxcOKtHVhwq3dGRUd2 -3AqUPMizZn6/EBJGFH720m6EErzJ0L4Sva+e9/oEwTeM2gNB5j1Y7X7eMQhTkRtO -ct+zeEiPBN5n0ZbyRlkk/7oZ00HxnzRbKpw6rFWu5YH5NrxcXW9H2Sj68rZnDMkX -D6lAhhV6Dx43RJ26Z6353QaHoAULpQIv+Bcpoeb3Ty0IpCqC/bUm77xpcxYZM/uU -UoZhD27wMkWydxuPzVC2xZgAtTR0rzMCec2yQi/FW3f5mnFORW08WHp6JE1XK2mQ -FaTZKgeBv9WHtelrQj0o/0cc3CR3HAlC6ouPj2t3yX9UylkCAwEAAaOCBF0wggRZ -MBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFPtIqmFJgNT3poWCokTdl9ab -pnEFMFkGA1UdIARSMFAwDgYMKwYBBAGBu1MBAQEBMA4GDCsGAQQBgbtTAQEBAjAO -BgwrBgEEAYG7UwEBAQcwDgYMKwYBBAGBu1MBAQEIMA4GDCsGAQQBgbtTAQEBCTBC -BgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3JsLmNlcnRpcGF0aC5jb20vQ2VydGlQ -YXRoQnJpZGdlQ0EtRzMuY3JsMA4GA1UdDwEB/wQEAwIBBjCCAccGA1UdHgEB/wSC -AbswggG3oIIBszAJgQduZ2MuY29tMAqBCC5uZ2MuY29tMAuBCW15bmdjLmNvbTAM -gQoubXluZ2MuY29tMBCBDm9yYml0YWxhdGsuY29tMBGBDy5vcmJpdGFsYXRrLmNv -bTAMgQpzY2FsZWQuY29tMA2BCy5zY2FsZWQuY29tMAmCB25nYy5jb20wD4INbm9y -dGhncnVtLmNvbTAVghNub3J0aHJvcGdydW1tYW4uY29tMAuCCW15bmdjLmNvbTAL -ggluZ2V4dC5jb20wEIIOb3JiaXRhbGF0ay5jb20wDIIKc2NhbGVkLmNvbTA4pDYw -NDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHE5vcnRocm9wIEdydW1tYW4gQ29ycG9y -YXRpb24wNKQyMDAxEzARBgoJkiaJk/IsZAEZFgNjb20xGTAXBgoJkiaJk/IsZAEZ -Fglub3J0aGdydW0wMKQuMCwxEzARBgoJkiaJk/IsZAEZFgNjb20xFTATBgoJkiaJ -k/IsZAEZFgVuZ2V4dDAupCwwKjETMBEGCgmSJomT8ixkARkWA2NvbTETMBEGCgmS -JomT8ixkARkWA25nYzAKBgNVHTYEAwIBADB7BggrBgEFBQcBCwRvMG0wawYIKwYB -BQUHMAWGX2h0dHA6Ly9jZXJ0ZGF0YS5ub3J0aHJvcGdydW1tYW4uY29tL2NlcnRk -YXRhL3A3Yy9Jc3N1ZWRCeU5vcnRocm9wR3J1bW1hbkNvcnBvcmF0ZVJvb3RDQS0z -ODQucDdjMBIGA1UdJAEB/wQIMAaAAQCBAQAwgZwGA1UdIQSBlDCBkTAbBgwrBgEE -AYG7UwEBAQEGCysGAQQB/06DfQINMBsGDCsGAQQBgbtTAQEBAgYLKwYBBAH/ToN9 -Ag4wGwYMKwYBBAGBu1MBAQEHBgsrBgEEAf9Og30CCTAbBgwrBgEEAYG7UwEBAQgG -CysGAQQB/06DfQIKMBsGDCsGAQQBgbtTAQEBCQYLKwYBBAH/ToN9AgswTQYIKwYB -BQUHAQEEQTA/MD0GCCsGAQUFBzAChjFodHRwOi8vYWlhLmNlcnRpcGF0aC5jb20v -Q2VydGlQYXRoQnJpZGdlQ0EtRzMucDdjMB8GA1UdIwQYMBaAFHqLPAaS3B6o0oKs -G3RvdD1O0aibMA0GCSqGSIb3DQEBDAUAA4ICAQAUJRN1asLxEl80RT4573Tt+hV3 -0Hh5AxqkhFshy7k4ME0jnanOCqeLtnX5LJ2pE0puPRmpxcbRMPdeBKLLnxcDQZRs -d8+sptL9H0z5Q1XwOm0X7I8anogN5TrwL+KsGe72vGsIazwEQz72pkQq+SbGKY0B -CZ8DSw+9c3Rw8F/CdxqwFmOPerIjYTJK4987EPARCOxoPm09QGK6R3ZUT35Pvxgx -ROi7Mf1dfgyOv7L8mXHIDSyoQMErpCrE039r5gooER+MVf0tbAAbrQZXYG90qF/P -P3C1sH+Lf0Gc5v3eEPabO5nqpLqRU15e7UgHSQQX0ohLHaBwT29caO4X4WRzSHAi -07dN3CKDYHkUjMy9TYScSBhOtJH7Gmpcub/+/j7StX1bwUqF1hZqSEPEAnSRGLdf -f74T7MzxH5VQ8uncXULGAILl84Y39/dlXXiR9dvaqdTH/0HZlZ3Cy2bGdUXrKSWn -E1ZBWBMhEh5YJQya0VNRpocqgLZ+4AuIMGZi8CTtNOZC8N3c30MOlrRxr3AXY2GJ -HZYP1lhOE7eRemQsSVdNjUCiqkfGNtQoT553sRBstLDEQ/Hp3QtTL+XEG+fU7AeU -4arn5LDMRWdIfjexAdb9AhqKvnuBdLF9QMN9HKuwvrHU0sFctyp+cckuW6DvwXZm -Wr0Z/NegwvoccrvTwzCCCi8wgggXoAMCAQICBgjluQMKYjANBgkqhkiG9w0BAQsF -ADCBizELMAkGA1UEBhMCQ0ExKzApBgNVBAoTIkNhcmlsbG9uIEluZm9ybWF0aW9u -IFNlY3VyaXR5IEluYy4xIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRp -ZXMxKzApBgNVBAMTIkNhcmlsbG9uIFBLSSBTZXJ2aWNlcyBHMiBSb290IENBIDIw -HhcNMjAwMTIwMjAyNTEzWhcNMjcxMDIzMjAyNTEzWjCBgzELMAkGA1UEBhMCQ0Ex -KzApBgNVBAoTIkNhcmlsbG9uIEluZm9ybWF0aW9uIFNlY3VyaXR5IEluYy4xIjAg -BgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxIzAhBgNVBAMTGkNhcmls -bG9uIFBLSSBTZXJ2aWNlcyBDQSAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC -CgKCAgEApn4oO9Db2bA3ZIYsorxUry8bzW9cN6Hpebv4+dafFQqR6zAZfRqdubNK -r1tdyCtKNb78d2VzFiY5nt6fw2LUXSiG24/CneU/YlKSmZZmPESDmqcxDxT603YH -TtsFjVt9CIGz3InY+52hrgoawXaz+Sqzq9plOoYx+Rxm1RFi9D3NT6w7mf+/AtOf -mZl4hbgJk0orMSkbtrqMoIcgJtoU79UB0zntDTu2mQNs38OFAdZWg11s1Vr8zVpw -CaqM5p5sXj/juL36IClKEgfhepyILOt6hmJlD1f3eWAptkpy91df6MX+JQ0Q+rSw -drp3IGCvGY96BgqR3I1CUcJq383zY1lj77579ypemnWszV1x25JMeuDxaIekK1V4 -dPBA/bO8FoOFv0jCmiBrkP/sSsU3lIE/wZyeMUqUugHETyvzMYnnFaHvN+8i0Td6 -vpYeel2AK5QriP6+f2wByciRu2znm4HU2ZOVQddHv3uZ+FT1nlFYMxGeNvdKZmIq -IQZsXuKplKwIDxGcOOGNBxYtJUk65c+Ou3FdKbj6QlL8jzLYXogUV6bcnxbuP94T -1wG00uDFdVJf4cGIgMkx1cW070xOBFRw9L0WMS3Y/cRzd9x1+nTzbR2ZxF2YBwcI -KWHT248AsMqwuBntCNYyrutxx+38udrj73pee2SLCZbT5T+uJlkCAwEAAaOCBJ0w -ggSZMB0GA1UdDgQWBBQh+BlHRMd8GJG9jg81E1UG1OPvpTAfBgNVHSMEGDAWgBT+ -ARemii56CtuZ7g9LlIMEityRkTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB -/wQEAwIBxjCCA6wGA1UdIASCA6MwggOfMA0GCysGAQQBgcNeAwEDMA0GCysGAQQB -gcNeAwEEMA0GCysGAQQBgcNeAwEFMA0GCysGAQQBgcNeAwEGMA0GCysGAQQBgcNe -AwEHMA0GCysGAQQBgcNeAwEIMA0GCysGAQQBgcNeAwEJMA0GCysGAQQBgcNeAwEK -MA0GCysGAQQBgcNeAwEeMA0GCysGAQQBgcNeAwELMA0GCysGAQQBgcNeAwEfMA0G -CysGAQQBgcNeAwEMMA0GCysGAQQBgcNeAwENMA0GCysGAQQBgcNeAwEOMIHsBgsr -BgEEAYHDXgMBFDCB3DA5BggrBgEFBQcCARYtaHR0cHM6Ly9wdWIuY2FyaWxsb24u -Y2EvQ2VydGlmaWNhdGVQb2xpY3kucGRmMIGeBggrBgEFBQcCAjCBkRqBjlRoaXMg -Y2VydGlmaWNhdGUgaGFzIGJlZW4gaXNzdWVkIGluIGFjY29yZGFuY2Ugd2l0aCB0 -aGUgQ2FyaWxsb24gSW5mb3JtYXRpb24gU2VjdXJpdHkgSW5jLiBDZXJ0aWZpY2F0 -ZSBQb2xpY3kgYXMgZm91bmQgaW4gdGhlIENQU3BvaW50ZXIgZmllbGQwgewGCysG -AQQBgcNeAwEVMIHcMDkGCCsGAQUFBwIBFi1odHRwczovL3B1Yi5jYXJpbGxvbi5j -YS9DZXJ0aWZpY2F0ZVBvbGljeS5wZGYwgZ4GCCsGAQUFBwICMIGRGoGOVGhpcyBj -ZXJ0aWZpY2F0ZSBoYXMgYmVlbiBpc3N1ZWQgaW4gYWNjb3JkYW5jZSB3aXRoIHRo -ZSBDYXJpbGxvbiBJbmZvcm1hdGlvbiBTZWN1cml0eSBJbmMuIENlcnRpZmljYXRl -IFBvbGljeSBhcyBmb3VuZCBpbiB0aGUgQ1BTcG9pbnRlciBmaWVsZDCB7AYLKwYB -BAGBw14DARYwgdwwOQYIKwYBBQUHAgEWLWh0dHBzOi8vcHViLmNhcmlsbG9uLmNh -L0NlcnRpZmljYXRlUG9saWN5LnBkZjCBngYIKwYBBQUHAgIwgZEagY5UaGlzIGNl -cnRpZmljYXRlIGhhcyBiZWVuIGlzc3VlZCBpbiBhY2NvcmRhbmNlIHdpdGggdGhl -IENhcmlsbG9uIEluZm9ybWF0aW9uIFNlY3VyaXR5IEluYy4gQ2VydGlmaWNhdGUg -UG9saWN5IGFzIGZvdW5kIGluIHRoZSBDUFNwb2ludGVyIGZpZWxkMEgGCCsGAQUF -BwEBBDwwOjA4BggrBgEFBQcwAoYsaHR0cDovL3B1Yi5jYXJpbGxvbi5jYS9DQWNl -cnRzL0NJU0cyUkNBMi5wN2MwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL3B1Yi5j -YXJpbGxvbi5jYS9DUkwvQ0lTRzJSQ0EyLmNybDANBgkqhkiG9w0BAQsFAAOCAgEA -sQio7hiKmX1aODH72AU6234frXeBfK9SVPHaXA4tWVGghGk+4jjahSzf0edjmB2M -skS5vm5Hibje/QVY3yqnAWGnBBG6TqiSY1Q6mxyodKeq6uU7zvA32h9Y/HdwxKYR -U5lgOBIHVTVGRGRsg8RVA8MSG4xz7FAHdqt+5MMfgWcANOPwxHWI+8EzVnOfcPX2 -TC7627y2OQPXa/Ie3lOVQz90czZX1mGqh5sxuigV4qXKUI7OTBY024D2mdtoQEO3 -84pcsJc4dw0K5VUqsJTmFhbhA62l/6pgktcVkNOyn0PaO+o/JIJyMBd+OLf/Wso4 -rnBT8TwAt2G17UpTede0HLg+nIh4VhrRRRpwzk93xZIRERJPFFQjr6aKCB+BXoIR -VD/0DaJdaXo1yJHXAPHoUmKaTPBMiACgnpheuQobBwlFpTqHAtKzxmEFJ2d78o8y -KBtk5IsDNWcKM4FB5THvGaDX3ICqyd6xT9kPWygDBqvdPw8DNRG1TBGtP92dnSYP -O9QUIYLpX924LMtaU7KIanUoQ5enK2O5JI7hjDAU1bjAd6b6E0Fa32zCDpb9DGfM -97Tz6J5hJqyUSSgzth/zx2WTULYmBAfhQYN9fLmOoZBAHAMqs/TGiQPDmjdnSpqh -S7lV2OR3jTgGE7d7lZ3KXKOduNM6mEnAQVEU8bjPlRYwggo1MIIIHaADAgECAgRR -sGn6MA0GCSqGSIb3DQEBCwUAMIGxMRMwEQYKCZImiZPyLGQBGRYDc2J1MRUwEwYK -CZImiZPyLGQBGRYFc3RhdGUxFjAUBgNVBAMMDUNvbmZpZ3VyYXRpb24xETAPBgNV -BAMMCFNlcnZpY2VzMRwwGgYDVQQDDBNQdWJsaWMgS2V5IFNlcnZpY2VzMQwwCgYD -VQQDDANBSUExLDAqBgNVBAMMI1UuUy4gRGVwYXJ0bWVudCBvZiBTdGF0ZSBBRCBS -b290IENBMB4XDTE4MDMwNjIxMjQ1NFoXDTI4MDMwNjIxNTQ1NFowgbsxEzARBgoJ -kiaJk/IsZAEZFgNzYnUxFTATBgoJkiaJk/IsZAEZFgVzdGF0ZTEWMBQGA1UEAwwN -Q29uZmlndXJhdGlvbjERMA8GA1UEAwwIU2VydmljZXMxHDAaBgNVBAMME1B1Ymxp -YyBLZXkgU2VydmljZXMxDDAKBgNVBAMMA0FJQTE2MDQGA1UEAwwtVS5TLiBEZXBh -cnRtZW50IG9mIFN0YXRlIEFEIEhpZ2ggQXNzdXJhbmNlIENBMIICIjANBgkqhkiG -9w0BAQEFAAOCAg8AMIICCgKCAgEAsC5Y6WPuuADIdbZ3V86ziP/HlQzA71sTqDhb -BwP6qUiQZl7YNiR7LvV1tmQTaByVz3TWWvZOCnvr6K6Sol4BWepD7iffZ8AMvvSu -X7NyMGCaak7SGtCbJchhrdDo6D4rGmcPx/74iogTEukw4l3SiIq86O443YqLAXp9 -fXAhVXU3EonV4/QTctu8Ve76ldqbEnPff3b7sgl59gv1jdTLC7O8bO+EXV/Z5Q1X -2N+v7zR4phQL7+Cle056sgTe3O8SLNRI2My+Md0OlNVveO/nVgVEj0JNV4vNQiiB -0GqGld330ydkt8JPAwsaKedmlErXCeFd/41d2FFbC9UzsafO9jzS6GAYImHtsrL7 -RDtrNOG0sqK2I4NEqQUUylvXdd/76xVJVqiZCLCD3yV3+rG3jzDgOQaPVuK4QDCS -RazcZSksdGIE+8fOAWtfOj4cVDGlHRCu99O0K19J/N4ZHwbeQVCOWmLAjWXLudrz -HvgljkG481Qxcvv+Ucvdv4bcLn/MgqPbpKGHYXy6/tAO8gt9n/+bKmMuLbIrxuR4 -Kpz0BA8V4gmr5nrC7V5uCLryUZ4HlZNm4vXqPgC0dgtHzK1yuxyu++WTPJdDLwet -GMw2jVd01wnyZY8rlLoifWc5b9Gp3WWgoWToHedL+X8Pcp1+DeTOCUCDh0ETNONo -uI7TjkUCAwEAAaOCBEcwggRDMA4GA1UdDwEB/wQEAwIBBjBrBgNVHSAEZDBiMAwG -CmCGSAFlAwIBBgEwDAYKYIZIAWUDAgEGAjAMBgpghkgBZQMCAQYDMAwGCmCGSAFl -AwIBBgQwDAYKYIZIAWUDAgEGDDAMBgpghkgBZQMCAQYlMAwGCmCGSAFlAwIBBiYw -ggFyBggrBgEFBQcBAQSCAWQwggFgMIHYBggrBgEFBQcwAoaBy2xkYXA6Ly9kaXIu -cGtpLnN0YXRlLmdvdi9jbj1VLlMuJTIwRGVwYXJ0bWVudCUyMG9mJTIwU3RhdGUl -MjBBRCUyMFJvb3QlMjBDQSxjbj1BSUEsY249UHVibGljJTIwS2V5JTIwU2Vydmlj -ZXMsY249U2VydmljZXMsY249Q29uZmlndXJhdGlvbixkYz1zdGF0ZSxkYz1zYnU/ -Y0FDZXJ0aWZpY2F0ZTtiaW5hcnksY3Jvc3NDZXJ0aWZpY2F0ZVBhaXI7YmluYXJ5 -MEYGCCsGAQUFBzAChjpodHRwOi8vY3Jscy5wa2kuc3RhdGUuZ292L0FJQS9DZXJ0 -c0lzc3VlZFRvRG9TQURSb290Q0EucDdjMDsGCCsGAQUFBzABhi9odHRwOi8vb2Nz -cC5wa2kuc3RhdGUuZ292L09DU1AvRG9TT0NTUFJlc3BvbmRlcjASBgNVHRMBAf8E -CDAGAQH/AgEAMAwGA1UdJAQFMAOBAQAwggHqBgNVHR8EggHhMIIB3TCCAQqgggEG -oIIBAoYyaHR0cDovL2NybHMucGtpLnN0YXRlLmdvdi9jcmxzL0RvU0FEUEtJUm9v -dENBMS5jcmyGgctsZGFwOi8vZGlyLnBraS5zdGF0ZS5nb3YvY249V2luQ29tYmlu -ZWQxLGNuPVUuUy4lMjBEZXBhcnRtZW50JTIwb2YlMjBTdGF0ZSUyMEFEJTIwUm9v -dCUyMENBLGNuPUFJQSxjbj1QdWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxjbj1TZXJ2 -aWNlcyxjbj1Db25maWd1cmF0aW9uLGRjPXN0YXRlLGRjPXNidT9jZXJ0aWZpY2F0 -ZVJldm9jYXRpb25MaXN0O2JpbmFyeTCBzKCByaCBxqSBwzCBwDETMBEGCgmSJomT -8ixkARkWA3NidTEVMBMGCgmSJomT8ixkARkWBXN0YXRlMRYwFAYDVQQDDA1Db25m -aWd1cmF0aW9uMREwDwYDVQQDDAhTZXJ2aWNlczEcMBoGA1UEAwwTUHVibGljIEtl -eSBTZXJ2aWNlczEMMAoGA1UEAwwDQUlBMSwwKgYDVQQDDCNVLlMuIERlcGFydG1l -bnQgb2YgU3RhdGUgQUQgUm9vdCBDQTENMAsGA1UEAwwEQ1JMMTAfBgNVHSMEGDAW -gBTMAGhhpqUDkxAKG2G3hxjBRVbagjAdBgNVHQ4EFgQUheMozyV6pgGNxW/+xVJy -qp6jTE4wDQYJKoZIhvcNAQELBQADggIBAIrI6BcRMOZyzGy2Zs9M16r7yK2OYW51 -BBYc/Z2qtPOpMF1n3PsnrTw3dill5SlMLctqIhKTWcgUyy+35O8Um2IFvdOgo0G8 -48rYzxAzTTmMDADvzl++KDnfIks1TXmFjh1K1AbqC6D/kxENHQMBMWV8FE7t8Jsh -dIQ2Hg5CBfHdIMoG9SU3t18cYNjzmJz/pUQ8g5ckXegBjDiSvby8V1zceSPdGOoP -QZQp+dH5C1BhNQzY6mlE5zoW7ogfWBBghi07fyC+0T06Ffoffe8mHKzE6qsP+F0q -l3G7o3xcrT1EMAbCRCy0E3OoFRdsZ+gz73Y/pu+QKJ3CRms0bDO5+5urollHt2eC -fvq9WJ5ShsYF206BjC05gWQqp0TLi4+5ifKfcpjwN8bYb/6/xEXlGr1jPytVfRmj -E0aFS8GIoHqjZcmhjvLyqeygplT3mVEJ0xGB0cXHS6uPzlHELNwow1c+iXJYMk1p -A+aFAzqicBvnAIXeC39zeRcsdB2cqnC+T5VEdwSsIAYmTNm+1IMwI77+2q8jAJhT -Vu7jhKn/iEk2nJ+zNn9Mqa7ZgCCqpJmKF4Kev3Dns8QxHIxx9H8LubD/2Bppptm3 -MsiqXMN1HvUz3MAQF11HuTobQLz79BkLyCTUUTeL0sjPK3f/6FAXtTWyWpNg8LHE -v1G44MpR1CIIMIIKazCCCFOgAwIBAgIGDPYcANu0MA0GCSqGSIb3DQEBCwUAMIGL -MQswCQYDVQQGEwJDQTErMCkGA1UEChMiQ2FyaWxsb24gSW5mb3JtYXRpb24gU2Vj -dXJpdHkgSW5jLjEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEr -MCkGA1UEAxMiQ2FyaWxsb24gUEtJIFNlcnZpY2VzIEcyIFJvb3QgQ0EgMjAeFw0y -MTA0MjAxNjA5MzZaFw0zMDAxMjAxNjA5MzZaMIGDMQswCQYDVQQGEwJDQTErMCkG -A1UEChMiQ2FyaWxsb24gSW5mb3JtYXRpb24gU2VjdXJpdHkgSW5jLjEiMCAGA1UE -CxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEjMCEGA1UEAxMaQ2FyaWxsb24g -UEtJIFNlcnZpY2VzIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC -AQCdc4bYc4noNZ5FH4RgyFrqSdtsI4Tqdkmvui4xZ7wiXNJfQKlD4n/TMLcfDwCn -vFlDQTvzKWVIfyXDt9+v0XkKwhQX7g6Sy8ZY89xTJZcLeQ7iwQXhdeBQ0jnClb9k -stJqOjF5LKvL8s3pt+OusyC/FYLTU6k+t9L6ljEm0mXdyE570N0zJr2ZoXaCY3FI -hVAN2m+DznMjXG+XpID/xZktQnrgp0kjFBsLaMKtORszXDeODnpl5N9apeSaX220 -QXA4x88UA0YFHUTWSDgvOnjKafYoVJRvRbjOwItGgJf3djb7mqp1SdQtCHXA9mqf -xfgO52DLkwQhQEsLGnwwofmIcw9vVu8OChxGTSOP3zetS8J1QSzyGdU8WgNvcu3H -SrNKcXpLVGopcqsyDCqIU7kzO+T3lhFtJN2mUh7ASNWvZq4jW4ruhFuqRDmdxUF4 -+j5HwoRVPpxTfmX5wy/Fr7Bq6crVF5Dzzp5k1n9c73CfaLrAuVEmQPncY5rpdXLx -OOaGX+gMtkpZU1kFtuJq+WVHbIrJ84DuwplcLHE4VByqpzO7BcsI9mp22yyq16ov -C8hwaVAivkT41Hu/0WsQb4N1x80EyF5fE3CV9jCMRYJttt7TDE7P8fa1nUUUA+DA -CUhaUzuAsk16yKcysSijCHEd1tJU2lzHw6u7nlVrPpotoQIDAQABo4IE2TCCBNUw -HQYDVR0OBBYEFJ0+x2oIKlHAC7Wy/VQ9+cLed0+UMB8GA1UdIwQYMBaAFP4BF6aK -LnoK25nuD0uUgwSK3JGRMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQD -AgHGMIID6AYDVR0gBIID3zCCA9swDQYLKwYBBAGBw14DAQMwDQYLKwYBBAGBw14D -AQQwDQYLKwYBBAGBw14DAQUwDQYLKwYBBAGBw14DAQYwDQYLKwYBBAGBw14DAQcw -DQYLKwYBBAGBw14DAQgwDQYLKwYBBAGBw14DAREwDQYLKwYBBAGBw14DARIwDQYL -KwYBBAGBw14DAQkwDQYLKwYBBAGBw14DAQowDQYLKwYBBAGBw14DAR4wDQYLKwYB -BAGBw14DAQswDQYLKwYBBAGBw14DAR8wDQYLKwYBBAGBw14DAQwwDQYLKwYBBAGB -w14DAQ0wDQYLKwYBBAGBw14DAQ4wDQYLKwYBBAGBw14DAQ8wDQYLKwYBBAGBw14D -ARAwgewGCysGAQQBgcNeAwEUMIHcMDkGCCsGAQUFBwIBFi1odHRwczovL3B1Yi5j -YXJpbGxvbi5jYS9DZXJ0aWZpY2F0ZVBvbGljeS5wZGYwgZ4GCCsGAQUFBwICMIGR -GoGOVGhpcyBjZXJ0aWZpY2F0ZSBoYXMgYmVlbiBpc3N1ZWQgaW4gYWNjb3JkYW5j -ZSB3aXRoIHRoZSBDYXJpbGxvbiBJbmZvcm1hdGlvbiBTZWN1cml0eSBJbmMuIENl -cnRpZmljYXRlIFBvbGljeSBhcyBmb3VuZCBpbiB0aGUgQ1BTcG9pbnRlciBmaWVs -ZDCB7AYLKwYBBAGBw14DARUwgdwwOQYIKwYBBQUHAgEWLWh0dHBzOi8vcHViLmNh -cmlsbG9uLmNhL0NlcnRpZmljYXRlUG9saWN5LnBkZjCBngYIKwYBBQUHAgIwgZEa -gY5UaGlzIGNlcnRpZmljYXRlIGhhcyBiZWVuIGlzc3VlZCBpbiBhY2NvcmRhbmNl -IHdpdGggdGhlIENhcmlsbG9uIEluZm9ybWF0aW9uIFNlY3VyaXR5IEluYy4gQ2Vy -dGlmaWNhdGUgUG9saWN5IGFzIGZvdW5kIGluIHRoZSBDUFNwb2ludGVyIGZpZWxk -MIHsBgsrBgEEAYHDXgMBFjCB3DA5BggrBgEFBQcCARYtaHR0cHM6Ly9wdWIuY2Fy -aWxsb24uY2EvQ2VydGlmaWNhdGVQb2xpY3kucGRmMIGeBggrBgEFBQcCAjCBkRqB -jlRoaXMgY2VydGlmaWNhdGUgaGFzIGJlZW4gaXNzdWVkIGluIGFjY29yZGFuY2Ug -d2l0aCB0aGUgQ2FyaWxsb24gSW5mb3JtYXRpb24gU2VjdXJpdHkgSW5jLiBDZXJ0 -aWZpY2F0ZSBQb2xpY3kgYXMgZm91bmQgaW4gdGhlIENQU3BvaW50ZXIgZmllbGQw -SAYIKwYBBQUHAQEEPDA6MDgGCCsGAQUFBzAChixodHRwOi8vcHViLmNhcmlsbG9u -LmNhL0NBY2VydHMvQ0lTRzJSQ0EyLnA3YzA5BgNVHR8EMjAwMC6gLKAqhihodHRw -Oi8vcHViLmNhcmlsbG9uLmNhL0NSTC9DSVNHMlJDQTIuY3JsMA0GCSqGSIb3DQEB -CwUAA4ICAQCZw4/muyjv/FJnsjV88ew4uwV4JRLWmHWpK55fW9obFnrvE1UadXct -lU3PrF3AcFFCU6Frw5N3wQ98ou+DdJQh9VAddOpIPLCQEtYbB529OdrQHvkWmo0F -7GoqMmSaTPIG8h3XyF+PNi3CeXTy3WAL/By+HR9K0jNmjHuv15aSxsI6wy9mNpkE -POBidAfEzoVviuIe3IJeX2z16ZcgPB/wE8PFzRT2nKQYIjt3XCZiTSwidLVX86Xo -ewL40g8a4bYiSaZG/qINxoS6cXMM3ikGTrQniq//fcaOgG0gcRhlXCnYPG4o3EZ7 -uXb0idL6SqC6GBAcoQRh3qf1bdupYgO7op0/SI9Sd3JAQYDoYqVbSyFyQyM7AjAu -UOtDHrqPfkkNxBjT2fP/mnq2Wxc7/XEOB1RRFl4CQpGFVIonHAjJ3hvbP+aB6Fol -lmgYe6yAQdHQy6o4xOrbW5/uLU/D7DU5DMydfP5rQRQg3/yl0LZGFnCQOC4ukOSf -z6orF+yN6fWmN4c7A1vPoU1YKAXK83nGlm0DvYLP3ATd15g5GpHZLj5YCLLiZafK -Dj+l2GDssowecQ13yQhqSz1Hy6YuZRff3RTeFoJfG9NwLxTJLKwK3FWQvZ4dzwDN -ANbux7pwuqoPUHH1k2dZaoeOP5CGgHlMTX8TK7ATEQC5zpsqwQLNlDEA +BBSF4yjPJXqmAY3Fb/7FUnKqnqNMTjANBgkqhkiG9w0BAQsFAAOCAgEAisjoFxEw +5nLMbLZmz0zXqvvIrY5hbnUEFhz9naq086kwXWfc+yetPDd2KWXlKUwty2oiEpNZ +yBTLL7fk7xSbYgW906CjQbzjytjPEDNNOYwMAO/OX74oOd8iSzVNeYWOHUrUBuoL +oP+TEQ0dAwExZXwUTu3wmyF0hDYeDkIF8d0gygb1JTe3Xxxg2POYnP+lRDyDlyRd +6AGMOJK9vLxXXNx5I90Y6g9BlCn50fkLUGE1DNjqaUTnOhbuiB9YEGCGLTt/IL7R +PToV+h997yYcrMTqqw/4XSqXcbujfFytPUQwBsJELLQTc6gVF2xn6DPvdj+m75Ao +ncJGazRsM7n7m6uiWUe3Z4J++r1YnlKGxgXbToGMLTmBZCqnRMuLj7mJ8p9ymPA3 +xthv/r/EReUavWM/K1V9GaMTRoVLwYigeqNlyaGO8vKp7KCmVPeZUQnTEYHRxcdL +q4/OUcQs3CjDVz6JclgyTWkD5oUDOqJwG+cAhd4Lf3N5Fyx0HZyqcL5PlUR3BKwg +BiZM2b7UgzAjvv7aryMAmFNW7uOEqf+ISTacn7M2f0yprtmAIKqkmYoXgp6/cOez +xDEcjHH0fwu5sP/YGmmm2bcyyKpcw3Ue9TPcwBAXXUe5OhtAvPv0GQvIJNRRN4vS +yM8rd//oUBe1NbJak2DwscS/UbjgylHUIggwggprMIIIU6ADAgECAgYM9hwA27Qw +DQYJKoZIhvcNAQELBQAwgYsxCzAJBgNVBAYTAkNBMSswKQYDVQQKEyJDYXJpbGxv +biBJbmZvcm1hdGlvbiBTZWN1cml0eSBJbmMuMSIwIAYDVQQLExlDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0aWVzMSswKQYDVQQDEyJDYXJpbGxvbiBQS0kgU2VydmljZXMg +RzIgUm9vdCBDQSAyMB4XDTIxMDQyMDE2MDkzNloXDTMwMDEyMDE2MDkzNlowgYMx +CzAJBgNVBAYTAkNBMSswKQYDVQQKEyJDYXJpbGxvbiBJbmZvcm1hdGlvbiBTZWN1 +cml0eSBJbmMuMSIwIAYDVQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMSMw +IQYDVQQDExpDYXJpbGxvbiBQS0kgU2VydmljZXMgQ0EgMjCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAJ1zhthzieg1nkUfhGDIWupJ22wjhOp2Sa+6LjFn +vCJc0l9AqUPif9Mwtx8PAKe8WUNBO/MpZUh/JcO336/ReQrCFBfuDpLLxljz3FMl +lwt5DuLBBeF14FDSOcKVv2Sy0mo6MXksq8vyzem3466zIL8VgtNTqT630vqWMSbS +Zd3ITnvQ3TMmvZmhdoJjcUiFUA3ab4POcyNcb5ekgP/FmS1CeuCnSSMUGwtowq05 +GzNcN44OemXk31ql5JpfbbRBcDjHzxQDRgUdRNZIOC86eMpp9ihUlG9FuM7Ai0aA +l/d2NvuaqnVJ1C0IdcD2ap/F+A7nYMuTBCFASwsafDCh+YhzD29W7w4KHEZNI4/f +N61LwnVBLPIZ1TxaA29y7cdKs0pxektUailyqzIMKohTuTM75PeWEW0k3aZSHsBI +1a9mriNbiu6EW6pEOZ3FQXj6PkfChFU+nFN+ZfnDL8WvsGrpytUXkPPOnmTWf1zv +cJ9ousC5USZA+dxjmul1cvE45oZf6Ay2SllTWQW24mr5ZUdsisnzgO7CmVwscThU +HKqnM7sFywj2anbbLKrXqi8LyHBpUCK+RPjUe7/RaxBvg3XHzQTIXl8TcJX2MIxF +gm223tMMTs/x9rWdRRQD4MAJSFpTO4CyTXrIpzKxKKMIcR3W0lTaXMfDq7ueVWs+ +mi2hAgMBAAGjggTZMIIE1TAdBgNVHQ4EFgQUnT7HaggqUcALtbL9VD35wt53T5Qw +HwYDVR0jBBgwFoAU/gEXpoouegrbme4PS5SDBIrckZEwEgYDVR0TAQH/BAgwBgEB +/wIBADAOBgNVHQ8BAf8EBAMCAcYwggPoBgNVHSAEggPfMIID2zANBgsrBgEEAYHD +XgMBAzANBgsrBgEEAYHDXgMBBDANBgsrBgEEAYHDXgMBBTANBgsrBgEEAYHDXgMB +BjANBgsrBgEEAYHDXgMBBzANBgsrBgEEAYHDXgMBCDANBgsrBgEEAYHDXgMBETAN +BgsrBgEEAYHDXgMBEjANBgsrBgEEAYHDXgMBCTANBgsrBgEEAYHDXgMBCjANBgsr +BgEEAYHDXgMBHjANBgsrBgEEAYHDXgMBCzANBgsrBgEEAYHDXgMBHzANBgsrBgEE +AYHDXgMBDDANBgsrBgEEAYHDXgMBDTANBgsrBgEEAYHDXgMBDjANBgsrBgEEAYHD +XgMBDzANBgsrBgEEAYHDXgMBEDCB7AYLKwYBBAGBw14DARQwgdwwOQYIKwYBBQUH +AgEWLWh0dHBzOi8vcHViLmNhcmlsbG9uLmNhL0NlcnRpZmljYXRlUG9saWN5LnBk +ZjCBngYIKwYBBQUHAgIwgZEagY5UaGlzIGNlcnRpZmljYXRlIGhhcyBiZWVuIGlz +c3VlZCBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIENhcmlsbG9uIEluZm9ybWF0aW9u +IFNlY3VyaXR5IEluYy4gQ2VydGlmaWNhdGUgUG9saWN5IGFzIGZvdW5kIGluIHRo +ZSBDUFNwb2ludGVyIGZpZWxkMIHsBgsrBgEEAYHDXgMBFTCB3DA5BggrBgEFBQcC +ARYtaHR0cHM6Ly9wdWIuY2FyaWxsb24uY2EvQ2VydGlmaWNhdGVQb2xpY3kucGRm +MIGeBggrBgEFBQcCAjCBkRqBjlRoaXMgY2VydGlmaWNhdGUgaGFzIGJlZW4gaXNz +dWVkIGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2FyaWxsb24gSW5mb3JtYXRpb24g +U2VjdXJpdHkgSW5jLiBDZXJ0aWZpY2F0ZSBQb2xpY3kgYXMgZm91bmQgaW4gdGhl +IENQU3BvaW50ZXIgZmllbGQwgewGCysGAQQBgcNeAwEWMIHcMDkGCCsGAQUFBwIB +Fi1odHRwczovL3B1Yi5jYXJpbGxvbi5jYS9DZXJ0aWZpY2F0ZVBvbGljeS5wZGYw +gZ4GCCsGAQUFBwICMIGRGoGOVGhpcyBjZXJ0aWZpY2F0ZSBoYXMgYmVlbiBpc3N1 +ZWQgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDYXJpbGxvbiBJbmZvcm1hdGlvbiBT +ZWN1cml0eSBJbmMuIENlcnRpZmljYXRlIFBvbGljeSBhcyBmb3VuZCBpbiB0aGUg +Q1BTcG9pbnRlciBmaWVsZDBIBggrBgEFBQcBAQQ8MDowOAYIKwYBBQUHMAKGLGh0 +dHA6Ly9wdWIuY2FyaWxsb24uY2EvQ0FjZXJ0cy9DSVNHMlJDQTIucDdjMDkGA1Ud +HwQyMDAwLqAsoCqGKGh0dHA6Ly9wdWIuY2FyaWxsb24uY2EvQ1JML0NJU0cyUkNB +Mi5jcmwwDQYJKoZIhvcNAQELBQADggIBAJnDj+a7KO/8UmeyNXzx7Di7BXglEtaY +dakrnl9b2hsWeu8TVRp1dy2VTc+sXcBwUUJToWvDk3fBD3yi74N0lCH1UB106kg8 +sJAS1hsHnb052tAe+RaajQXsaioyZJpM8gbyHdfIX482LcJ5dPLdYAv8HL4dH0rS +M2aMe6/XlpLGwjrDL2Y2mQQ84GJ0B8TOhW+K4h7cgl5fbPXplyA8H/ATw8XNFPac +pBgiO3dcJmJNLCJ0tVfzpeh7AvjSDxrhtiJJpkb+og3GhLpxcwzeKQZOtCeKr/99 +xo6AbSBxGGVcKdg8bijcRnu5dvSJ0vpKoLoYEByhBGHep/Vt26liA7uinT9Ij1J3 +ckBBgOhipVtLIXJDIzsCMC5Q60Meuo9+SQ3EGNPZ8/+aerZbFzv9cQ4HVFEWXgJC +kYVUiiccCMneG9s/5oHoWiWWaBh7rIBB0dDLqjjE6ttbn+4tT8PsNTkMzJ18/mtB +FCDf/KXQtkYWcJA4Li6Q5J/PqisX7I3p9aY3hzsDW8+hTVgoBcrzecaWbQO9gs/c +BN3XmDkakdkuPlgIsuJlp8oOP6XYYOyyjB5xDXfJCGpLPUfLpi5lF9/dFN4Wgl8b +03AvFMksrArcVZC9nh3PAM0A1u7HunC6qg9QcfWTZ1lqh44/kIaAeUxNfxMrsBMR +ALnOmyrBAs2UMQA= -----END PKCS7----- diff --git a/_implement/tools/crawler-lastrun.json b/_implement/tools/crawler-lastrun.json index b62232e55..388c64e7c 100644 --- a/_implement/tools/crawler-lastrun.json +++ b/_implement/tools/crawler-lastrun.json @@ -2000,38 +2000,6 @@ ] } }, - { - "subject": "organizational_unit_name:Entrust Managed Services NFI Root CA,organizational_unit_name:Certification Authorities,organization_name:Entrust,country_name:US", - "issuer": "common_name:Federal Bridge CA G4,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", - "serial-number": "134438939907708807470910238709384261307369289854", - "akid": "79 f0 00 49 eb 7f 77 c2 5d 41 02 65 34 8a 90 23 9b 1e 07 6f", - "skid": "fa df 23 01 c4 aa ec 23 e3 ad 6f 0d 34 a5 0d cf 39 64 65 5e", - "status": "Certificate Valid and Chains to Common", - "pathbuilder-result": { - "result": "true", - "details": "CRL Only Validation" - }, - "path-to-common": [ - "common_name:Federal Common Policy CA G2,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", - "common_name:Federal Bridge CA G4,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US" - ], - "sia-entries": { - "http://nfirootweb.managed.entrust.com/SIA/CAcertsIssuedByNFIRootCA.p7c": [ - "organizational_unit_name:Entrust NFI Medium Assurance SSP CA,organizational_unit_name:Certification Authorities,organization_name:Entrust,country_name:US", - "organizational_unit_name:Entrust NFI Medium Assurance SSP CA,organizational_unit_name:Certification Authorities,organization_name:Entrust,country_name:US" - ], - "ldap://nfirootdir.managed.entrust.com/ou=Entrust Managed Services NFI Root CA,ou=Certification Authorities,o=Entrust,c=US?crossCertificatePair;binary": [] - }, - "aia-entries": { - "http://repo.fpki.gov/bridge/caCertsIssuedTofbcag4.p7c": [ - "common_name:CertiPath Bridge CA - G3,organizational_unit_name:Certification Authorities,organization_name:CertiPath,country_name:US", - "common_name:DoD Interoperability Root CA 2,organizational_unit_name:PKI,organizational_unit_name:DoD,organization_name:U.S. Government,country_name:US", - "common_name:Federal Common Policy CA G2,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", - "common_name:SAFE Identity Bridge CA,organizational_unit_name:Certification Authorities,organization_name:SAFE Identity,country_name:US", - "common_name:STRAC Bridge Root Certification Authority,organizational_unit_name:STRAC PKI Trust Infrastructure,organization_name:STRAC,country_name:US" - ] - } - }, { "subject": "common_name:DoD Interoperability Root CA 2,organizational_unit_name:PKI,organizational_unit_name:DoD,organization_name:U.S. Government,country_name:US", "issuer": "common_name:Federal Bridge CA G4,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", @@ -2256,12 +2224,10 @@ "common_name:DirectTrust Identity Bridge CA,organizational_unit_name:Certification Authorities,organization_name:DirectTrust.org, inc.,country_name:US", "common_name:DoD Interoperability Root CA 2,organizational_unit_name:PKI,organizational_unit_name:DoD,organization_name:U.S. Government,country_name:US", "organizational_unit_name:Entrust Managed Services NFI Root CA,organizational_unit_name:Certification Authorities,organization_name:Entrust,country_name:US", - "organizational_unit_name:Entrust Managed Services NFI Root CA,organizational_unit_name:Certification Authorities,organization_name:Entrust,country_name:US", "common_name:Exostar Federated Identity Service Root CA 2,organizational_unit_name:Certification Authorities,organization_name:Exostar LLC,country_name:US", "common_name:Federal Common Policy CA G2,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", "common_name:IdenTrust Global Common Root CA 1,organization_name:IdenTrust,country_name:US", "common_name:STRAC Bridge Root Certification Authority,organizational_unit_name:STRAC PKI Trust Infrastructure,organization_name:STRAC,country_name:US", - "common_name:Symantec Class 3 SSP Intermediate CA - G3,organizational_unit_name:Symantec Trust Network,organization_name:Symantec Corporation,country_name:US", "common_name:TSCP SHA256 Bridge CA,organizational_unit_name:CAs,organization_name:TSCP Inc.,country_name:US", "common_name:USPTO_INTR_CA1,common_name:AIA,common_name:Public Key Services,common_name:Services,common_name:Configuration,domain_component:uspto,domain_component:gov", "common_name:WidePoint NFI Root 2,organizational_unit_name:Certification Authorities,organization_name:WidePoint,country_name:US" @@ -3342,12 +3308,14 @@ "skid": "66 f9 25 98 ae cb fb e1 8c 00 84 19 d4 85 ff 93 56 ea d6 a6", "status": "Certificate Valid and Chains to Common", "pathbuilder-result": { + "WARNING": "Certificate is present in SIA of a CA that is not its issuer", "result": "true", "details": "CRL Only Validation" }, "path-to-common": [ "common_name:Federal Common Policy CA G2,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", "common_name:Federal Bridge CA G4,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", + "organizational_unit_name:Entrust Managed Services NFI Root CA,organizational_unit_name:Certification Authorities,organization_name:Entrust,country_name:US", "organizational_unit_name:Entrust Managed Services NFI Root CA,organizational_unit_name:Certification Authorities,organization_name:Entrust,country_name:US" ], "sia-entries": {}, @@ -4241,7 +4209,6 @@ "skid": "19 c1 ce 87 49 33 80 b6 f7 5a ac 65 c3 74 f0 7f 37 92 a5 61", "status": "Certificate Valid, but no Path to Common", "pathbuilder-result": { - "WARNING": "Certificate is present in SIA of a CA that is not its issuer", "result": "false", "details": "Unable to build Path" } @@ -4259,11 +4226,11 @@ } }, { - "subject": "common_name:Symantec Class 3 SSP Intermediate CA - G3,organizational_unit_name:Symantec Trust Network,organization_name:Symantec Corporation,country_name:US", + "subject": "organizational_unit_name:Entrust Managed Services NFI Root CA,organizational_unit_name:Certification Authorities,organization_name:Entrust,country_name:US", "issuer": "common_name:Federal Bridge CA G4,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", - "serial-number": "92755267400756876025975519437427891162422109922", + "serial-number": "134438939907708807470910238709384261307369289854", "akid": "79 f0 00 49 eb 7f 77 c2 5d 41 02 65 34 8a 90 23 9b 1e 07 6f", - "skid": "35 26 7d 50 95 e1 a1 c1 bd 05 d5 c3 9d 77 42 c7 0c 13 96 8c", + "skid": "fa df 23 01 c4 aa ec 23 e3 ad 6f 0d 34 a5 0d cf 39 64 65 5e", "status": "Certificate Invalid", "pathbuilder-result": { "result": "false", @@ -4271,8 +4238,8 @@ }, "parent_path_identifier": "common_name:Federal Bridge CA G4,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US:79f00049eb7f77c25d410265348a90239b1e076f", "validity-dates": { - "not-before": "2020-10-22 17:04:19+00:00", - "not-after": "2023-10-22 17:04:19+00:00" + "not-before": "2020-10-29 13:28:01+00:00", + "not-after": "2023-10-29 13:28:01+00:00" } }, { @@ -4327,7 +4294,6 @@ "skid": "7a 8b 3c 06 92 dc 1e a8 d2 82 ac 1b 74 6f 74 3d 4e d1 a8 9b", "status": "Certificate Valid, but no Path to Common", "pathbuilder-result": { - "WARNING": "Certificate is present in SIA of a CA that is not its issuer", "result": "false", "details": "Unable to build Path" } @@ -4457,9 +4423,9 @@ "issuer": "common_name:USPTO_INTR_CA1,common_name:AIA,common_name:Public Key Services,common_name:Services,common_name:Configuration,domain_component:uspto,domain_component:gov", "serial-number": "1670195538", "skid": "a0 14 b1 ba 64 4e f3 f9 37 16 db e5 4b 91 c1 84 55 72 84 2e", - "status": "Certificate Valid, but no Path to Common", + "status": "unchecked", "pathbuilder-result": { - "INFO": "Certificate is a trust anchor, but not the root of the graph" + "WARNING": "Certificate is present in SIA of a CA that is not its issuer" } }, { @@ -4644,12 +4610,6 @@ "common_name:Federal Bridge CA G4,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", "organizational_unit_name:Entrust Managed Services NFI Root CA,organizational_unit_name:Certification Authorities,organization_name:Entrust,country_name:US" ], - [ - "common_name:Federal Common Policy CA G2,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", - "common_name:Federal Bridge CA G4,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", - "organizational_unit_name:Entrust Managed Services NFI Root CA,organizational_unit_name:Certification Authorities,organization_name:Entrust,country_name:US", - "organizational_unit_name:Entrust Managed Services NFI Root CA,organizational_unit_name:Certification Authorities,organization_name:Entrust,country_name:US" - ], [ "common_name:Federal Common Policy CA G2,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", "common_name:Federal Bridge CA G4,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", @@ -4900,12 +4860,6 @@ "organizational_unit_name:Entrust Managed Services NFI Root CA,organizational_unit_name:Certification Authorities,organization_name:Entrust,country_name:US", "organizational_unit_name:Entrust NFI Medium Assurance SSP CA,organizational_unit_name:Certification Authorities,organization_name:Entrust,country_name:US" ], - [ - "common_name:Federal Common Policy CA G2,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", - "common_name:Federal Bridge CA G4,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", - "organizational_unit_name:Entrust Managed Services NFI Root CA,organizational_unit_name:Certification Authorities,organization_name:Entrust,country_name:US", - "organizational_unit_name:Entrust NFI Medium Assurance SSP CA,organizational_unit_name:Certification Authorities,organization_name:Entrust,country_name:US" - ], [ "common_name:Federal Common Policy CA G2,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", "common_name:Federal Bridge CA G4,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", @@ -5291,6 +5245,12 @@ "common_name:ECA Root CA 4,organizational_unit_name:ECA,organization_name:U.S. Government,country_name:US", "common_name:IdenTrust ECA S22,organizational_unit_name:Certification Authorities,organizational_unit_name:ECA,organization_name:U.S. Government,country_name:US" ], + [ + "common_name:Federal Common Policy CA G2,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", + "common_name:Federal Bridge CA G4,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", + "organizational_unit_name:Entrust Managed Services NFI Root CA,organizational_unit_name:Certification Authorities,organization_name:Entrust,country_name:US", + "organizational_unit_name:Entrust Managed Services NFI Root CA,organizational_unit_name:Certification Authorities,organization_name:Entrust,country_name:US" + ], [ "common_name:Federal Common Policy CA G2,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", "organizational_unit_name:Entrust Managed Services Root CA,organizational_unit_name:Certification Authorities,organization_name:Entrust,country_name:US", @@ -5350,6 +5310,13 @@ "organizational_unit_name:US Treasury Root CA,organizational_unit_name:Certification Authorities,organizational_unit_name:Department of the Treasury,organization_name:U.S. Government,country_name:US", "organizational_unit_name:US Treasury Root CA,organizational_unit_name:Certification Authorities,organizational_unit_name:Department of the Treasury,organization_name:U.S. Government,country_name:US", "organizational_unit_name:Social Security Administration Certification Authority,organizational_unit_name:SSA,organization_name:U.S. Government,country_name:US" + ], + [ + "common_name:Federal Common Policy CA G2,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", + "common_name:Federal Bridge CA G4,organizational_unit_name:FPKI,organization_name:U.S. Government,country_name:US", + "organizational_unit_name:Entrust Managed Services NFI Root CA,organizational_unit_name:Certification Authorities,organization_name:Entrust,country_name:US", + "organizational_unit_name:Entrust Managed Services NFI Root CA,organizational_unit_name:Certification Authorities,organization_name:Entrust,country_name:US", + "organizational_unit_name:Entrust NFI Medium Assurance SSP CA,organizational_unit_name:Certification Authorities,organization_name:Entrust,country_name:US" ] ] } \ No newline at end of file diff --git a/_implement/tools/fpki-certs.gexf b/_implement/tools/fpki-certs.gexf index 641023b32..54cf4d0f5 100644 --- a/_implement/tools/fpki-certs.gexf +++ b/_implement/tools/fpki-certs.gexf @@ -1,8 +1,8 @@ - + py-crawler - Created by Py-Crawler on 2023-10-27 + Created by Py-Crawler on 2023-10-30 From 4ce6b5aaf97124a0e3a885f288fdde6292740a76 Mon Sep 17 00:00:00 2001 From: Diana Proud-Madruga <118391820+dproudGSA@users.noreply.github.com> Date: Mon, 30 Oct 2023 17:33:24 -0700 Subject: [PATCH 09/16] Update fpkinotifications.yml FBCA cert revocation (USPTO) DirectTrust issuance to Trans Sped --- _data/fpkinotifications.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/_data/fpkinotifications.yml b/_data/fpkinotifications.yml index 6b6e75491..5cc6988af 100644 --- a/_data/fpkinotifications.yml +++ b/_data/fpkinotifications.yml @@ -26,6 +26,36 @@ # ee_cdp_uri: # ee_ocsp_uri: +- notice_date: October 30, 2023 + change_type: CA Certificate Revocation + system: FPKI Trust Infrastructure - Federal Bridge CA G4 + change_description: The Federal Bridge CA G4 intends to revoke the original cross certificate to the USPTO_INTR_CA1 that was issued on 11/9/2022 between 11/13/2023 and 11/17/2023. + contact: fpki dash help at gsa dot gov + ca_certificate_hash: e35da05374246a6d0a892f5eec31f74cdbd794b0 + ca_certificate_issuer: CN=Federal Bridge CA G4, OU=FPKI, O=U.S. Government, C=US + ca_certificate_subject: CN=USPTO_INTR_CA1, CN=AIA, CN=Public Key Services, CN=Services, CN=Configuration, DC=uspto, DC=gov + cdp_uri: http://repo.fpki.gov/bridge/fbcag4.crl + aia_uri: http://repo.fpki.gov/bridge/caCertsIssuedTofbcag4.p7c + sia_uri: http://ipki.uspto.gov/IPKI/Certs/IPKICACerts.p7c + ocsp_uri: N/A + ee_cdp_uri: http://ipki.uspto.gov/IPKI/CRLs/CombinedCRL4.crl + ee_ocsp_uri: N/A + +- notice_date: October 30, 2023 + change_type: CA Certificate Issuance + system: DirectTrust Identity Bridge CA + change_description: DirectTrust issued a cross certificate from the bridge to the Trans Sped Root CA on October 30, 2023. + contact: Kyle dot Neuman at DirectTrust dot org + ca_certificate_hash: + ca_certificate_issuer: CN = DirectTrust Identity Bridge CA, OU = Certification Authorities, O = DirectTrust.org, inc., C = US + ca_certificate_subject: CN = Trans Sped Root CA G3, OU = Trans Sped Trust Services, O = Trans Sped S.A./organizationIdentifier = VATRO-12458924, C = RO + cdp_uri: http://crl.makeidentitysafe.com/sibca.crl + aia_uri: http://aia.makeidentitysafe.com/sibca.p7c + sia_uri: N/A + ocsp_uri: N/A + ee_cdp_uri: N/A + ee_ocsp_uri: http://ocsp.transsped.ro/ + - notice_date: October 26, 2023 change_type: CA Certificate Issuance system: FPKI Trust Infrastructure - Federal Bridge CA G4 From c577d31f8672510026f8834110b22496df6b9a57 Mon Sep 17 00:00:00 2001 From: Ken Myers <61115074+idmken@users.noreply.github.com> Date: Tue, 31 Oct 2023 10:45:33 -0400 Subject: [PATCH 10/16] Revert "1030-annouce-list-update" --- _data/fpkiannouncements.yml | 90 +-- .../announcements/01_chrome_ballot_193.md | 48 ++ .../announcements/02_microsoft_constraint.md | 148 ++++ _implement/announcements/03_google_ct.md | 190 +++++ .../announcements/04_apple_common_removal.md | 97 +++ .../announcements/05_health_it_removal.md | 753 ++++++++++++++++++ .../06_digicert_ca_decommissioning.md | 36 + .../07_fpki-repository-migration.md | 52 ++ _implement/announcements/08_commong2.md | 56 ++ _implement/announcements/09_test_tools.md | 34 + _includes/meta.html | 6 +- 11 files changed, 1462 insertions(+), 48 deletions(-) create mode 100644 _implement/announcements/01_chrome_ballot_193.md create mode 100644 _implement/announcements/02_microsoft_constraint.md create mode 100644 _implement/announcements/03_google_ct.md create mode 100644 _implement/announcements/04_apple_common_removal.md create mode 100644 _implement/announcements/05_health_it_removal.md create mode 100644 _implement/announcements/06_digicert_ca_decommissioning.md create mode 100644 _implement/announcements/07_fpki-repository-migration.md create mode 100644 _implement/announcements/08_commong2.md create mode 100644 _implement/announcements/09_test_tools.md diff --git a/_data/fpkiannouncements.yml b/_data/fpkiannouncements.yml index 2addd12b7..f77ba114e 100644 --- a/_data/fpkiannouncements.yml +++ b/_data/fpkiannouncements.yml @@ -30,56 +30,56 @@ description: The FPKIMA will be decommissioning the LDAP service associated with the old FCPCA root's SIA repository. status: Active -# - title: New FPKI Tools Available -# pubDate: May 18, 2021 -# url: /implement/announcements/test-tools/ -# description: Release announcement for the Federal PKI Card Conformance Tool (CCT) and Certificate Profile Conformance Tool (CPCT). -# status: Remove +- title: New FPKI Tools Available + pubDate: May 18, 2021 + url: /implement/announcements/test-tools/ + description: Release announcement for the Federal PKI Card Conformance Tool (CCT) and Certificate Profile Conformance Tool (CPCT). + status: Active -# - title: Federal Common
Policy CA G2 Update -# pubDate: October 12, 2020 -# url: /implement/announcements/common-g2-update/ -# description: This announcement details the FCPCA update timeline and actions agencies need to perform. -# status: Removed +- title: Federal Common
Policy CA G2 Update + pubDate: October 12, 2020 + url: /implement/announcements/common-g2-update/ + description: This announcement details the FCPCA update timeline and actions agencies need to perform. + status: Active -# - title: Upcoming Migration of Federal PKI Certificate Repository Services -# pubDate: April 1, 2019 -# url: /implement/announcements/2019fpkimigration/ -# description: On April 22, 2019, the Federal Public Key Infrastructure Management Authority will migrate the hosting of HyperText Transfer Protocol (HTTP) repository services to a cloud-based solution. -# status: Removed +- title: Upcoming Migration of Federal PKI Certificate Repository Services + pubDate: April 1, 2019 + url: /implement/announcements/2019fpkimigration/ + description: On April 22, 2019, the Federal Public Key Infrastructure Management Authority will migrate the hosting of HyperText Transfer Protocol (HTTP) repository services to a cloud-based solution. + status: Removed -# - title: DigiCert CA Decommissioning -# pubDate: April 1, 2019 -# url: /implement/announcements/2019digicert/ -# description: DigiCert Incorporated is planning on decommissioning several certification authorities (CAs) from the Federal PKI. These CAs are no longer active or required, and there is no expected impact from these changes. -# status: Removed +- title: DigiCert CA Decommissioning + pubDate: April 1, 2019 + url: /implement/announcements/2019digicert/ + description: DigiCert Incorporated is planning on decommissioning several certification authorities (CAs) from the Federal PKI. These CAs are no longer active or required, and there is no expected impact from these changes. + status: Removed -# - title: Removal of Health CAs from Federal PKI -# pubDate: March 5, 2019 -# url: /implement/announcements/2019removal/ -# description: Federal PKI teams recently performed two actions to remove fifty-nine (59) certification authorities (CAs) related to health IT use cases from the Federal PKI trust framework. This change is not a distrust action. -# status: Removed +- title: Removal of Health CAs from Federal PKI + pubDate: March 5, 2019 + url: /implement/announcements/2019removal/ + description: Federal PKI teams recently performed two actions to remove fifty-nine (59) certification authorities (CAs) related to health IT use cases from the Federal PKI trust framework. This change is not a distrust action. + status: Removed -# - title: Federal Common Policy CA Removal from Apple Trust Stores Impact -# pubDate: September 13, 2018 -# url: implement/announcements/2018applepkichanges/ -# description: This change will impact government users of Apple iOS, macOS, and tvOS, starting in **September 2018**. This change will cause government users to receive errors when encountering instances of a Federal PKI CA-issued certificate. You can mitigate the impact for government intranets and government-furnished equipment. -# status: Removed +- title: Federal Common Policy CA Removal from Apple Trust Stores Impact + pubDate: September 13, 2018 + url: implement/announcements/2018applepkichanges/ + description: This change will impact government users of Apple iOS, macOS, and tvOS, starting in **September 2018**. This change will cause government users to receive errors when encountering instances of a Federal PKI CA-issued certificate. You can mitigate the impact for government intranets and government-furnished equipment. + status: Removed -# - title: Chrome Certificate Transparency Requirements -# pubDate: August 10, 2018 -# url: /implement/announcements/2018chromect/ -# description: As of **July 24, 2018**, Google is now enforcing Certificate Transparency (CT) for Chrome 68 and above. This change could affect your agency. This means that all TLS/SSL certificates issued after **April 30, 2018**, that validate to a publicly trusted Root Certification Authority (CA) certificate must appear in a CT log in order to be trusted by Chrome 68 and above. Users browsing to non-CT compliant, federal intranet websites will encounter connection errors. -# status: Removed +- title: Chrome Certificate Transparency Requirements + pubDate: August 10, 2018 + url: /implement/announcements/2018chromect/ + description: As of **July 24, 2018**, Google is now enforcing Certificate Transparency (CT) for Chrome 68 and above. This change could affect your agency. This means that all TLS/SSL certificates issued after **April 30, 2018**, that validate to a publicly trusted Root Certification Authority (CA) certificate must appear in a CT log in order to be trusted by Chrome 68 and above. Users browsing to non-CT compliant, federal intranet websites will encounter connection errors. + status: Removed -# - title: Federal Common Policy CA Removal from Microsoft Trust Store Impact -# pubDate: May 18, 2018 -# url: /implement/announcements/2018mspkichanges/ -# description: This change will cause Windows users to receive errors when encountering instances of a Federal PKI CA-issued certificate. You can mitigate the impact for the government intranets and government-furnished equipment by using configuration management tools for federal devices. -# status: Removed +- title: Federal Common Policy CA Removal from Microsoft Trust Store Impact + pubDate: May 18, 2018 + url: /implement/announcements/2018mspkichanges/ + description: This change will cause Windows users to receive errors when encountering instances of a Federal PKI CA-issued certificate. You can mitigate the impact for the government intranets and government-furnished equipment by using configuration management tools for federal devices. + status: Removed -# - title: Chrome TLS Certificate Lifetime Requirement -# pubDate: May 10, 2018 -# url: /implement/announcements/2018tlslifetime/ -# description: Recent changes to Chrome could affect your agency. Chrome users may receive errors when browsing to government intranet websites and applications. Starting **March 1, 2018**, Chrome requires all TLS/SSL certificates to have a maximum lifetime of 825 days. You can mitigate the impact for government intranets, applications, and government-furnished equipment by using these procedures. -# status: Removed +- title: Chrome TLS Certificate Lifetime Requirement + pubDate: May 10, 2018 + url: /implement/announcements/2018tlslifetime/ + description: Recent changes to Chrome could affect your agency. Chrome users may receive errors when browsing to government intranet websites and applications. Starting **March 1, 2018**, Chrome requires all TLS/SSL certificates to have a maximum lifetime of 825 days. You can mitigate the impact for government intranets, applications, and government-furnished equipment by using these procedures. + status: Removed diff --git a/_implement/announcements/01_chrome_ballot_193.md b/_implement/announcements/01_chrome_ballot_193.md new file mode 100644 index 000000000..fbe11b032 --- /dev/null +++ b/_implement/announcements/01_chrome_ballot_193.md @@ -0,0 +1,48 @@ +--- +layout: page +title: Chrome TLS Certificate Lifetime Requirement +pubDate: 05/10/2018 +archiveDate: 05/09/2019 +removeDate: 05/09/2021 +collection: implement +tag: Chrome +description: Starting March 1, 2018, Chrome requires all TLS/SSL certificates to have a maximum lifetime of 825 days. You can mitigate the impact for government intranets, applications, and government-furnished equipment by using these procedures. +sidenav: implement +sticky_sidenav: true +category: Removed + +subnav: + - text: What Will Be Impacted? + href: '#what-will-be-impacted' + - text: What Other Browsers Enforce This Requirement? + href: '#what-other-browsers-enforce-this-requirement' + - text: What Should I Do? + href: '#what-should-i-do' + - text: Additional Resources + href: '#additional-resources' +--- + +{% include alert-warning.html content="This announcement has been archived and is hosted solely for historical reference. It is no longer being updated or maintained." %} + + +Recent changes to Chrome could affect your agency. Chrome now requires that TLS/SSL certificates issued on or after **March 1, 2018**, have a maximum lifetime of 825 days. Google is enforcing this change for Chrome as a result of the Certification Authority/Browser (CA/B) Forum's Ballot 193 to promote increased web security.[1](#1) + +## What Will Be Impacted? +A government user will receive an "untrusted site" error when browsing to an intranet website or application if all of the following are true: + +1. The intranet website's TLS/SSL certificate was issued by a Federal PKI Certification Authority +2. The TLS/SSL certificate was issued on or after March 1, 2018, with a lifetime greater than 825 days +3. Using the Chrome browser + +![Chrome Error Screen]({{site.baseurl}}/img/google_ballot193_hot_topic_error.png){:style="width:70%;float:center;"} + +## What Other Browsers Enforce This Requirement? +Chrome is the only browser currently enforcing this requirement for TLS/SSL certificates. If other browser vendors decide to enforce this requirement, we will post updates to this announcement. Please also check the [FPKI-Guides' Issues](https://github.com/GSA/fpki-guides/issues){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} for in-progress discussions. + +## What Should I Do? +To prevent Chrome browsing errors: +1. Request that your PKI team or Federal Shared Service Provider update the certificate profiles for TLS/SSL device certificates issued by Federal PKI Certification Authorities to require a certificate lifetime of less than 825 days. +2. Re-issue and re-install new TLS/SSL certificates for the impacted intranet websites and applications. + +## Additional Resources +1. In March 2017, the [CA/B Forum](https://cabforum.org/){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} passed [Ballot 193](https://cabforum.org/2017/03/17/ballot-193-825-day-certificate-lifetimes/){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"}, which introduced the 825-day maximum lifetime requirement. diff --git a/_implement/announcements/02_microsoft_constraint.md b/_implement/announcements/02_microsoft_constraint.md new file mode 100644 index 000000000..9da5ab237 --- /dev/null +++ b/_implement/announcements/02_microsoft_constraint.md @@ -0,0 +1,148 @@ +--- +layout: page +title: Federal Common Policy CA Removal from Microsoft Trust Store Impact +pubDate: 05/18/2018 +archiveDate: 05/19/2019 +removeDate: 05/19/2021 +collection: implement +category: Microsoft +description: UUpcoming changes regarding Microsoft's remove of the U.S. Government Root CA. +category: Removed +sidenav: implement +sticky_sidenav: true + +subnav: + - text: How Does this Work? + href: '#how-does-this-work' + - text: What Will Be Impacted? + href: '#what-will-be-impacted' + - text: What Should I Do? + href: '#what-should-i-do' + - text: How Can I Test? + href: '#how-can-i-test' + - text: Frequently Asked Questions + href: '#frequently-asked-questions' + - text: Additional Resources + href: '#additional-resources' +--- + +{% include alert-warning.html content="This announcement has been archived and is hosted solely for historical reference. It is no longer being updated or maintained." %} + + +Upcoming changes regarding Microsoft's Trusted Root Program could impact your agency. The Federal PKI Policy Authority has requested that Microsoft **remove** our U.S. Government Root CA certificate (Federal Common Policy CA [COMMON]) from Microsoft's globally distributed Certificate Trust List (CTL). + +{% include alert-info.html content="The Federal PKI Policy Authority is working with Microsoft on the timeline for removing COMMON. As more information and additional procedures become available, this announcement will be updated. Please watch for updates from the Federal PKI listserves, ICAM listservs, and the ICAM Sub-committee." %} + +## How Does This Work? +Today, Microsoft distributes hundreds of trusted root CA certificates, including COMMON, through its _Certificate Trust List (CTL)_. Microsoft distributes two CTLs for Windows operating systems: which root CAs are trusted, and which CAs are untrusted. The _Trusted CTL_ (*authrootstl.cab*) adds certificates to the Microsoft Trusted Root Certification Authorities certificate store, and the _Untrusted CTL_ (*disallowedcertstl.cab*) adds certificates to the Untrusted Certificates store. + +Starting in Windows 10 and Server 2016, Microsoft may also include date-based CTL entries. For example, a date based CTL entry will disallow trusting code-signing or server authentication certificates issued after a specific date. + +Microsoft distributes the Trusted and Untrusted CTLs to the following Windows Operating Systems: + +| **Versions** | +| :-------- | +| Windows 10 | +| Windows 8.1 | +| Windows 8 | +| Windows Vista | +| Windows Server 2016 | +| Windows Server 2012 R2 | +| Windows Server 2008 R2 | + +## What Will Be Impacted? +When Microsoft removes COMMON, government users of Windows will receive errors. Errors will occur in the following scenarios: + +2. Performing smartcard logon to the government networks using PIV credentials +2. Authenticating to the government virtual private network endpoints (VPNs) using PIV credentials +2. Authenticating to the government internet facing authentication and collaboration portals +3. Browsing with Microsoft Internet Explorer, Edge or Chrome browsers to a government **intranet** website that has a TLS/SSL certificate issued by a Federal PKI CA that validates to COMMMON. +4. Opening an email in Microsoft Outlook that was digitally signed using a certificate issued by a Federal PKI CA that validates to COMMON. +5. Opening a Microsoft Office document that was digitally signed with a certificate issued by a Federal PKI CA that validates to COMMON. + +{% include alert-info.html content="If you are unsure whether your applications will be affected, email us at: fpki@gsa.gov." %} + +This change will also impact partner users that rely on COMMON. For example, a Department of Defense employee sending a digitally signed email to a business partner. + +You can mitigate the risk to government missions, intranets, applications, and government-furnished equipment. + +## How Can I Test? + +Testing by government teams did not allow locally administered certificate stores to override the Microsoft CTL distributed settings. The decision was made to remove COMMON entirely from Microsoft's trust store. No further testing on overriding the CTL settings will be conducted. + + +To review the previous testing procedures:  [CTL Testing](https://github.com/GSA/fpki-guides/projects/2){:target="_blank"}{:rel="noopener noreferrer"}. + +## Frequently Asked Questions + +### 1.  Why is COMMMON being removed? +The Federal PKI CAs don't comply with Microsoft's requirements for globally trusted TLS/SSL certificates. Microsoft's requirements include: + +**a.  Requirement for Fully-Qualified Domain Names (FQDNs)**
+Microsoft plans to restrict TLS/SSL certificates to only those certificates using FQDNs ending in .gov, .mil, or fed.us. Some Federal agencies issue TLS/SSL certificates to intranet assets. These certificates either:  don't have FQDNs; contain intranet domains that don't end in .gov, .mil, or fed.us; or use short names (aliases). Under Microsoft's requirements, these agencies would need to reissue, re-install, and reconfigure all "non-compliant" certificates and applications. The Federal PKI community has determined that this would have a negative impact on mission applications on the intranets. + +**b.  Requirement for public audit**
+The Federal PKI follows a government auditing standard, and we have not restricted our issuance of TLS/SSL certificates to only the .gov and .mil domains. Under the requirements, all CAs in Federal PKI that could issue TLS/SSL certificates are required to submit a non-government audit or be technically constrained. Federal PKI has **not** technically constrained our CAs. + +**c.  Requirement to disclose Certificate Practice Statements and Incident Post-Mortem Reports**
+Public trust requires public disclosure and transparency. All Federal PKI CAs would be required to publicly post their Certificate Practice Statements and their Audit Letters. The Federal PKI community has attempted to disclose all Certificate Practice Statements for a number of years. However, some federal agencies include sensitive information in these documents and cannot disclose the documents publicly. + +**d.  Requirement to create new issuing Certification Authorities (CAs)**
+Any Federal PKI CA that issues TLS/SSL, code-signing, or email-signing certificates would have to establish a new CA for each type of certificate. This effort requires time, planning, and funding. + +### 2.  How can I determine which of our intranet websites and applications will be impacted, including those used by cross-agency users? +All Windows-based websites and applications configured with certificates (email, Virtual Private Network, digital signature, etc.) issued by a Federal PKI CA that validates to COMMON will be impacted. For agencies and mission partners that are cross-certified with the FBCA, external users could also be impacted if COMMON is used instead of your root. + +You can run a report on all issued certificates or, if your agency has an agreement with a Federal PKI Shared Service Provider (SSP), you can request that the SSP run the report. + +You can scan your intranet websites in coordination with your CISO teams. There are existing tools to use, or you can use the DHS NCATS "**pshtt**" tool, which will also check for cipher suites and mis-configurations on the intranet websites: + +- DHS NCATS [**pshtt**](https://github.com/dhs-ncats/pshtt){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} + +**Note:**  This tool will look for not just Federal PKI certificates. Its outputs will include all certificates and information. + +### 3.  How can I determine whether my agency users and government-furnished equipment will be impacted? +Check your enterprise trust store configurations in your Microsoft domain and devices. You must verify how COMMON was installed and managed. + +View where and how a certificate is being installed using the certificates snap-in (certmgr.msc). Under **View -> Options**, click the **Show _Physical certificate stores_** option. + +If COMMON is already in the Trusted Root Certification Authorities or Enterprise Trust store and the _source_ is a group policy object or the enterprise trust domain, you don't need to reinstall or change. + +### 4.  Is PIV network login impacted? + +Yes. See [Install Using Group Policy Objects](#install-using-group-policy-objects) to mitigate this risk. + +### 5.  Do I need to remove the "baked-in" version of COMMON? +No, don't remove COMMON. When Microsoft does the update for the CTL, it will be removed during normal patching cycles. + +You may see two versions of the certificate in Trusted Root Certificate Authorities. You must verify how COMMON was installed and managed. + +View where and how a certificate is being installed using the certificates snap-in (certmgr.msc). Under **View -> Options**, click the **Show _Physical certificate stores_** option. + +### 6.  Do I need to add COMMON to the Trusted Root Certification Authorities store, or should I add it to the Enterprise Trust Store? +Microsoft Operating Systems use different physical containers and logical views of these containers for trust stores. In addition, different tools will have different **names** for the same physical or logical view. For example: + +| **Certificates snap-in (certmgr.msc)** | **Enterprise PKI snap-in** | **certutil** | **Registry** | +| :-------- | :------------------------------- | :--------- | :----------- | +| Trusted Root Certification Authorities | Certificate Authorities Container tab| Root and RootCA | Root | + +It can be confusing--the easiest model is to follow one of the two methods in [What Should I Do?](#what-should-i-do) + +To read detailed information on certificate stores, logical views, physical views, and registry locations: [Managing Certificates with Certificate Stores](https://msdn.microsoft.com/en-us/library/windows/desktop/aa386971(v=vs.85).aspx){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} + +### 7.  Do I need to change any trust property for COMMON managed by group policy objects? +No, trust properties are not set by group policy objects. If your agency currently distributes COMMON through a group policy object, no change is needed. + +### 8.  What Windows versions are affected? +All Windows versions from Vista forward are affected. + +### 9.  Can I create a custom CTL for our enterprise? +Yes, a trusted or untrusted, custom CTL can be created for your agency enterprise: [Creating, Signing, and Storing a CTL](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379867(v=vs.85).aspx){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"}. + +However, we don't recommend this. Simplicity can help security, and it can be simpler to manage a group policy object than a custom CTL. + +## Additional Resources + +1. [Certificate Trust List Overview](https://msdn.microsoft.com/en-us/library/windows/desktop/aa376545(v=vs.85).aspx){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} +1. [Managing Certificates with Certificate Stores](https://msdn.microsoft.com/en-us/library/windows/desktop/aa386971(v=vs.85).aspx){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} +1. [Configure Trusted Roots and Disallowed Certificates](https://technet.microsoft.com/en-us/library/dn265983.aspx){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} diff --git a/_implement/announcements/03_google_ct.md b/_implement/announcements/03_google_ct.md new file mode 100644 index 000000000..a7cf9cda7 --- /dev/null +++ b/_implement/announcements/03_google_ct.md @@ -0,0 +1,190 @@ +--- +layout: page +title: Chrome Certificate Transparency Requirements +pubDate: 08/10/2018 +archiveDate: 08/09/2019 +removeDate: 08/09/2021 +collection: implement +category: Google +description: All TLS/SSL certificates issued after **April 30, 2018**, that validate to a publicly trusted Root Certification Authority (CA) certificate must appear in a CT log. Users browsing to non-CT compliant, federal intranet websites will encounter connection errors. +sidenav: implement +category: Removed +sticky_sidenav: true + +subnav: + - text: How Does This Work? + href: '#how-does-this-work' + - text: What Will Be Impacted? + href: '#what-will-be-impacted' + - text: When Will This Start? + href: '#when-will-this-start' + - text: What Should I Do? + href: '#what-should-i-do' + - text: Frequently Asked Questions + href: '#frequently-asked-questions' + - text: Additional Resources + href: '#additional-resources' +--- + +{% include alert-warning.html content="This announcement has been archived and is hosted solely for historical reference. It is no longer being updated or maintained." %} + + +As of **July 24, 2018**, Google is now enforcing Certificate Transparency (CT) for Chrome 68 and above. This means that all TLS/SSL certificates issued after **April 30, 2018**, that validate to a publicly trusted Root Certification Authority (CA) certificate must appear in a CT log in order to be trusted by Chrome 68 and above. In addition, websites must serve proof of certificate inclusion in the CT log through a Signed Certificate Timestamp (SCT). Users browsing to non-CT compliant, federal intranet websites will encounter connection errors. + +{% include alert-info.html content="Many popular browsers plan to deploy CT in their product roadmaps. Timelines will be updated on this site as browser deployment dates become known." %} + +## How Does This Work? + +The requirements for CT are built into _browsers_. + +- All roots that have been distributed _by one or more_ of the Microsoft, Android, Apple, or Mozilla trusted root programs are listed here: [Root Stores](https://cs.chromium.org/chromium/src/net/data/ssl/root_stores/README.md){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"}. +- When a government user browses to an intranet website, the user's workstation or mobile device will build one or more certificate paths to the enterprise or publicly trusted roots. +- The browser will compare the certificate path(s) to the list of roots that have _ever_ been included in the popular trust stores currently in use worldwide. +- If any certificate in the trust chain matches one of the roots in the list, then the CT requirements will be in effect. + +## What Will Be Impacted? + +A government user will receive an error on government-furnished equipment if all of the following are true: + +1. Using Chrome 68 or higher (**Note:** Additional browsers may be affected in the future.) +2. Browsing to an intranet website with a TLS/SSL certificate that validates to the Federal Common Policy CA +3. The TLS/SSL certificate was issued after **April 30, 2018** + +![Chrome Error Screen]({{site.baseurl}}/img/google_ct_hot_topic_error.png){:style="width:55%;float:center;"} + +## When Will This Start? + +CT enforcement has begun. As of **July 24, 2018**, Google is now enforcing CT for Chrome 68 and above. + +## What Should I Do? + +To mitigate the impact on the federal enterprise, you must disable CT enforcement for the affected intranet websites. + +Please see [Disable CT Enforcement for Government-Furnished Equipment](#disable-ct-enforcement-for-government-furnished-equipment). + + +### Disable CT Enforcement for Government-Furnished Equipment +{% include alert-info.html content="Two options are outlined in this section. Additional options may become available for future releases of Chrome. We will continue to update these procedures and post additional information as it becomes available. Please also check the GitHub Issues in the GSA FPKI-Guides repository for in-progress discussions." %} + +#### Option 1:  Disable CT Enforcement for "Legacy" CAs (Recommended Configuration) + +Google Chrome's "CertificateTransparencyEnforcementDisabledForLegacyCas" policy configuration allows you to disable CT enforcement for websites that chain to a user-specified "legacy" CA. Google Chrome categorizes a CA as "legacy" if it meets the following criteria: + +1. The CA has been publicly trusted by default in one or more operating systems supported by Chrome, such as Windows or macOS. +2. The CA isn't currently trusted by the Android Open Source Project or Chrome OS. + +The Federal Common Policy CA meets Google's criteria for a "legacy" CA, so you can disable CT enforcement for intranet websites that chain to it. In some cases, you'll need to create a new registry key tree in the locations specified below: + +**a.  Windows Registry location for Windows clients:**
+ +For _HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForLegacyCas_, add a new string value: + + ``` + Name = 1 | Data = sha256/jotW9ZGKJb2F3OdmY/2UzCNpDxDqlYZhMXHG+DeIkNU= + ``` + +**b.  Windows Registry location for Chrome OS clients:**
+ +For _HKEY_LOCAL_MACHINE\Software\Policies\Google\ChromeOS\CertificateTransparencyEnforcementDisabledForLegacyCas_, add new string value: + + ``` + Name = 1 | Data = sha256/jotW9ZGKJb2F3OdmY/2UzCNpDxDqlYZhMXHG+DeIkNU= + ``` + +**c.  macOS**
+ +For preference name, _CertificateTransparencyEnforcementDisabledForLegacyCas_, add values: + + ``` + + sha256/jotW9ZGKJb2F3OdmY/2UzCNpDxDqlYZhMXHG+DeIkNU= + + ``` + +**Note:**  In all cases above, `jotW9ZGKJb2F3OdmY/2UzCNpDxDqlYZhMXHG+DeIkNU=` is a Base64 encoding of a SHA-256 hash of the Federal Common Policy CA's Subject Public Key Information (SPKI) field. + + +#### Option 2:  Disable CT Enforcement for Domains and Sub-Domains + +Chrome for government-furnished equipment will not enforce CT requirements if you apply a policy rule and include a **.gov or .mil second-level domain**, such as _agency.gov_, or other **third-level sub-domains**, such as _example.agency.gov_. You should apply configuration changes for only government-furnished equipment and only include an explicit list of second-level or below sub-domains in use for intranet websites. In some cases, you may need to create a new registry key tree in the locations specified below: + + +**a.  Windows Registry location for Windows clients:**
+ +For _HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\CertificateTransparencyEnforcementDisabledForUrls_, add new string value: + + ``` + Agency Sub-Domain example: + + Name = 1 | Data = example.agency.gov + + Gov/Mil Top-Level Domain example: + + Name = 2 | Data = gov + Name = 3 | Data = mil + ``` + +**b.  Windows Registry location for Chrome OS clients:**
+ +For _HKEY_LOCAL_MACHINE\Software\Policies\Google\ChromeOS\CertificateTransparencyEnforcementDisabledForUrls_, add new string value: + + ``` + Sub-Domain example: + + Name = 1 | Data = example.agency.gov + + Gov/Mil Top-Level Domain example: + + Name = 2 | Data = gov + Name = 3 | Data = mil + ``` + +**c.  macOS**
+ +For _preference name_, _CertificateTransparencyEnforcementDisabledForUrls_, add values:
+ + ``` + + example.agency.gov + .example.agency.gov + gov + mil + + ``` + +## Frequently Asked Questions + +### 1. Will Google's use of CT in Chrome impact my agency's internal, only locally trusted CA TLS/SSL certificates? + +No. There will be no impact if you use your agency's internal, only locally trusted CA to issue TLS/SSL certificates to intranet sites. Chrome's CT enforcement will impact only federal intranet sites whose TLS/SSL certificates validate to Federal Common Policy CA, whose certificate is currently distributed through operating system trust stores. + +### 2. Why is Google enforcing CT in Chrome? + +Chrome's CT change has been planned and incrementally implemented for over two years. CT provides a benefit to the global community by: + +- Improving openness and transparency +- Allowing domain owners to identify mistakenly or maliciously issued certificates + +### 3. How do I know whether my intranet website is compliant with CT? +You can check for CT compliance by using the steps below to verify the presence of an SCT. These steps apply to any Federal PKI TLS/SSL certificate or commercially sourced certificate. + +**Note:**  SCTs are only required for certificates issued after April 30, 2018. Some certificates issued **before** this date may already be compliant. To check compliance: + +1. Open Chrome and browse to your website. +2. In Chrome, go to **Settings->More Tools**. +3. Open the **Developer Tools** panel:
+ ``` + Windows: CTRL + Shift + "i" + macOS: Apple key + Shift + "i" + ``` +4. Select the **Security** tab in the **Developer Tools**. +5. Refresh the website page and click on the website under the **Main origin** column. +6. If the certificate is compliant, it will display the CT log details under the **Certificate Transparency** heading. + +## Additional Resources +1. [What is Certificate Transparency?](https://www.certificate-transparency.org/){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} +2. [Certificate Transparency Background](https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/78N3SMcqUGw){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} +3. [Certificate Transparency in Chrome--Detailed Information](http://www.certificate-transparency.org/certificate-transparency-in-chrome){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} +3. [Certificate Transparency--Resources for Site Owners](https://sites.google.com/site/certificatetransparency/resources-for-site-owners){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} +4. [How to Disable CT in Enterprise Chrome](http://www.chromium.org/administrators/policy-list-3#CertificateTransparencyEnforcementDisabledForUrls){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} +5. [Chrome Policy Templates](https://www.chromium.org/administrators/policy-templates){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} diff --git a/_implement/announcements/04_apple_common_removal.md b/_implement/announcements/04_apple_common_removal.md new file mode 100644 index 000000000..24e81210e --- /dev/null +++ b/_implement/announcements/04_apple_common_removal.md @@ -0,0 +1,97 @@ +--- +layout: page +title: Federal Common Policy CA Removal from Apple Trust Stores Impact +pubDate: 09/13/2018 +archiveDate: 09/12/2019 +removeDate: 09/12/2021 +collection: implement +category: Apple +# permalink: /fpki/announcements/2018applepkichanges/ +description: Upcoming changes regarding Apple's remove of the U.S. Government Root CA. +sidenav: fpkiarchivedannouncements +category: implement +sticky_sidenav: true + +subnav: + - text: How Does This Work? + href: '#how-does-this-work' + - text: What Will Be Impacted? + href: '#what-will-be-impacted' + - text: What Should I Do? + href: '#what-should-i-do' + - text: Frequently Asked Questions + href: '#frequently-asked-questions' + - text: Additional Resources + href: '#additional-resources' +--- + +{% include alert-warning.html content="This announcement has been archived and is hosted solely for historical reference. It is no longer being updated or maintained." %} + + +Upcoming changes regarding Apple devices and operating systems could impact your agency. The Federal PKI Policy Authority has elected to remove our U.S. Government Root CA certificate (Federal Common Policy CA [COMMON]) from Apple's pre-installed Operating System Trust Stores. + +Starting in the release of macOS Mojave, iOS 12, and tvOS 12, government users of Apple devices will receive errors when encountering instances of a Federal PKI CA-issued certificate. You can mitigate the impact for government intranets and the government-furnished Apple devices. + +**Apple Operating System Release Dates** +- iOS 12: September 17, 2018 +- tvOS 12: September 17, 2018 +- macOS Mojave: September 24, 2018 + +{% include alert-info.html content="The FPKIPA has also elected to remove the Federal Common Policy CA root certificate from Microsoft's Trust Store." %} + +## How Does This Work? + +Apple currently distributes the Federal Common Policy CA (COMMON) through its pre-installed operating system Trust Stores for iOS, macOS, and tvOS. + +Three root CA certificate _types_ reside in Apple's Trust Stores: + +- _Trusted Certificates_ — Trusted certificates that establish a chain of trust. +- _Always Ask_ — Untrusted certificates that are not blocked. If a resource (e.g., website or signed email) chains to one of these certificates, the Apple operating system will ask you to choose whether or not to trust it. +- _Blocked_ — Potentially compromised certificates that will never be trusted. + +These certificate types are stored within Apple _Keychains_: + +- _Login Keychain_ — Certificates associated with a user account logged into a device. +- _System Keychain_ — Certificates associated with all user accounts on a device (similar to the Microsoft Windows' _Local Machine_ certificate store). +- _System Roots Keychain_ — Includes Apple's _pre-installed_, trusted root CA certificates. COMMON will be removed from this Keychain. + +## What Will Be Impacted? + +These Apple operating system versions (and all subsequent versions) will be impacted: + +|**macOS**|**iOS**|**tvOS**| +| :-------- |:-------- |:-------- | +| Mojave (10.14), Release 9/24/18 | iOS 12, Release 9/17/18 | tvOS 12, Release 9/17/18 | + + +Government users will receive errors on government-furnished Apple devices if any of these are true: + +1. Logging into a government network with a PIV credential +2. Authenticating to a government Virtual Private Network (VPN) endpoint with a PIV credential +3. Authenticating to an internet-facing, government collaboration portal with a PIV credential +4. Browsing with Safari, Chrome, or Edge (iOS) to a government **intranet** website that uses a Federal PKI CA-issued TLS/SSL certificate +5. Opening an Apple Mail or Microsoft Outlook email that was digitally signed using a Federal PKI CA-issued certificate +6. Opening a Microsoft Office document that was digitally signed with a Federal PKI CA-issued certificate + +This change will also impact Federal Government partners that rely on COMMON—for example, a Department of Defense employee sending a digitally signed email to a business partner. + +You can mitigate the risk to government missions, intranets, applications, and government-furnished equipment. + +{% include alert-info.html content="If you are unsure whether your applications will be affected, email us at fpki@gsa.gov." %} + +## Frequently Asked Questions + +### 1.  Is PIV network login impacted? +Yes. + +### 2.  What versions are affected? +Please see [What Will Be Impacted?](#what-will-be-impacted). + +## Additional Resources +1. [macOS Available Trusted Root Certificates List](https://support.apple.com/en-us/HT202858){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} +2. [iOS Available Trusted Root Certificates List](https://support.apple.com/en-us/HT204132){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} +3. [tvOS Available Trusted Root Certificates](https://support.apple.com/en-us/HT207231){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} +4. [Apple Keychains](https://developer.apple.com/documentation/security/keychain_services){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} +5. [Apple Configuration Profile Reference](https://developer.apple.com/library/content/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} +6. [Over-the-Air Profile Delivery and Configuration](https://developer.apple.com/library/archive/documentation/NetworkingInternet/Conceptual/iPhoneOTAConfiguration/Introduction/Introduction.html#//apple_ref/doc/uid/TP40009505){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} +7. [Mobile Device Management Best Practices](https://developer.apple.com/library/archive/documentation/Miscellaneous/Reference/MobileDeviceManagementProtocolRef/6-MDM_Best_Practices/MDM_Best_Practices.html#//apple_ref/doc/uid/TP40017387-CH5-SW2){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} diff --git a/_implement/announcements/05_health_it_removal.md b/_implement/announcements/05_health_it_removal.md new file mode 100644 index 000000000..793a67b43 --- /dev/null +++ b/_implement/announcements/05_health_it_removal.md @@ -0,0 +1,753 @@ +--- +layout: page +title: Removal of CAs from Federal PKI +pubDate: 03/05/2019 +archiveDate: 03/04/2020 +removeDate: 03/04/2022 +collection: implement +category: Removal +#permalink: /fpki/announcements/2019removal/ +description: This announcement provides information related to the Health IT CAs removed from the Federal PKI. +sidenav: implement +sticky_sidenav: true +category: Archive + +subnav: + - text: What Was the Change? + href: '#what-was-the-change' + - text: What Certification Authorities Were Impacted? + href: '#what-certification-authorities-were-impacted' + - text: What Should I Do? + href: '#what-should-i-do' + - text: Who Can I Contact for Help or More Information? + href: '#who-can-i-contact-for-help-or-more-information' + - text: Additional Resources + href: '#additional-resources' +--- + +Federal PKI teams performed two actions to remove fifty-nine (59) certification authorities (CAs) related to health IT use cases from the Federal PKI trust framework. This change is related to efforts to assess and maintain the mission scope for Federal PKI and reduce burden for commercial and non-profit organizations. This change is **not a distrust** action. + +This announcement provides details related to the CAs affected by this change. + +## What Was the Change? + +- **February 28, 2019:** Federal PKI issued a cross-certificate from the Federal Bridge CA 2016 to DigiCert Federated ID L3 CA. + - The issuance of the new cross-certificate was to ensure operations for three (3) electronic prescriptions for controlled substance (EPCS) systems were not immediately impacted by the planned revocation of the Federal Bridge CA 2016 / DigiCert Federated ID CA-1 cross-certificate. +- **March 4, 2019:** Federal PKI revoked the cross-certificate issued from the Federal Bridge CA 2016 to DigiCert Federated ID CA-1 CA. + +## What Certification Authorities Were Impacted? +The following CAs are still **active** and may be used for the intended purposes. These CAs no longer have a trust relationship with - or are required to be audited for - Federal PKI compliance. + +Each CA is listed by common name with a link to additional CA certificate details in the [Additional Resources](#additional-resources) section. + +**CA Certificates _Issued By_ DigiCert Federated ID CA-1 CA** + +- [DigiCert Federated Trust CA](#digicert-federated-trust-ca) +- [DigiCert Federated Trust CA-1](#digicert-federated-trust-ca-1) +- [DigiCert Federated ID L1 CA](#digicert-federated-id-l1-ca) +- [DigiCert Federated ID L2 CA](#digicert-federated-id-l2-ca) +- [DigiCert Federated ID L3 CA](#digicert-federated-id-l3-ca) +- [DigiCert Federated ID L4 CA](#digicert-federated-id-l4-ca) +- [DigiCert Federated ID US L3 CA](#digicert-federated-id-us-l3-ca) +- [DigiCert Federated ID US L4 CA](#digicert-federated-id-us-l4-ca) + + +**CA Certificates _Issued By_ DigiCert Federated Trust CA** + +- [What Was the Change?](#what-was-the-change) +- [What Certification Authorities Were Impacted?](#what-certification-authorities-were-impacted) +- [What Should I Do?](#what-should-i-do) +- [Who Can I Contact for Help or More Information?](#who-can-i-contact-for-help-or-more-information) +- [Additional Resources](#additional-resources) + - [CA Certificates _Issued By_ DigiCert Federated ID CA-1 CA](#ca-certificates-issued-by-digicert-federated-id-ca-1-ca) + - [DigiCert Federated Trust CA](#digicert-federated-trust-ca) + - [DigiCert Federated Trust CA-1](#digicert-federated-trust-ca-1) + - [DigiCert Federated ID L1 CA](#digicert-federated-id-l1-ca) + - [DigiCert Federated ID L2 CA](#digicert-federated-id-l2-ca) + - [DigiCert Federated ID L3 CA](#digicert-federated-id-l3-ca) + - [DigiCert Federated ID L4 CA](#digicert-federated-id-l4-ca) + - [DigiCert Federated ID US L3 CA](#digicert-federated-id-us-l3-ca) + - [DigiCert Federated ID US L4 CA](#digicert-federated-id-us-l4-ca) + - [CA Certificates _Issued By_ DigiCert Federated Trust CA](#ca-certificates-issued-by-digicert-federated-trust-ca) + - [AAMC Direct Intermediate CA](#aamc-direct-intermediate-ca) + - [Allina Health Connect HIE Intermediate CA](#allina-health-connect-hie-intermediate-ca) + - [Axesson Direct CA](#axesson-direct-ca) + - [Care360 Direct Intermediate CA](#care360-direct-intermediate-ca) + - [Cerner Corporation Direct Intermediate CA](#cerner-corporation-direct-intermediate-ca) + - [Cerner Corporation Resonance Intermediate CA](#cerner-corporation-resonance-intermediate-ca) + - [CompuGroup Medical Certificate Authority](#compugroup-medical-certificate-authority) + - [Corepoint Direct Intermediate CA](#corepoint-direct-intermediate-ca) + - [DigiCert Accredited Direct Med CA](#digicert-accredited-direct-med-ca) + - [DigiCert Direct Non-Provider CA](#digicert-direct-non-provider-ca) + - [DigiCert Federated Healthcare CA](#digicert-federated-healthcare-ca) + - [DigiCert Governmental Direct CA](#digicert-governmental-direct-ca) + - [DigiCert Provisional Direct Med CA](#digicert-provisional-direct-med-ca) + - [Indian Health Service-RPMS DIRECT Messaging CA](#indian-health-service-rpms-direct-messaging-ca) + - [Inpriva Direct Federated CA](#inpriva-direct-federated-ca) + - [INTEGRIS Direct Intermediate CA](#integris-direct-intermediate-ca) + - [iShare Medical Direct Intermediate CA](#ishare-medical-direct-intermediate-ca) + - [MedicaSoft Direct Intermediate CA](#medicasoft-direct-intermediate-ca) + - [Medicity Direct CA](#medicity-direct-ca) + - [MHIN Direct CA](#mhin-direct-ca) + - [Mirth Direct Intermediate CA](#mirth-direct-intermediate-ca) + - [MobileMD Direct Intermediate CA](#mobilemd-direct-intermediate-ca) + - [MRO Direct Intermediate CA](#mro-direct-intermediate-ca) + - [Oregon Health Authority Direct CA](#oregon-health-authority-direct-ca) + - [Orion Health Direct Secure Messaging CA](#orion-health-direct-secure-messaging-ca) + - [RelayHealth Direct CA](#relayhealth-direct-ca) + - [Rochester RHIO Intermediate CA](#rochester-rhio-intermediate-ca) + - [SCHIEx Direct CA](#schiex-direct-ca) + - [CA Certificates _Issued By_ DigiCert Federated Trust CA-1](#ca-certificates-issued-by-digicert-federated-trust-ca-1) + - [MIDIGATE CA](#midigate-ca) + - [Trinity Health Direct CA](#trinity-health-direct-ca) + - [CA Certificates _Issued By_ Orion Health Direct Secure Messaging CA](#ca-certificates-issued-by-orion-health-direct-secure-messaging-ca) + - [Alaska eHealth Network CA](#alaska-ehealth-network-ca) + - [Cal INDEX CA](#cal-index-ca) + - [Catholic Health Initiatives CA](#catholic-health-initiatives-ca) + - [Greenville Health System CA](#greenville-health-system-ca) + - [Highmark Tapestry HIE CA](#highmark-tapestry-hie-ca) + - [Huntsville Hospital System CA](#huntsville-hospital-system-ca) + - [Inland Empire Health Information Exchange](#inland-empire-health-information-exchange) + - [Jax HR Saint Vincents HIE CA](#jax-hr-saint-vincents-hie-ca) + - [KeystoneHIE KeyHIE CA](#keystonehie-keyhie-ca) + - [Louisiana Health Care Quality Forum CA](#louisiana-health-care-quality-forum-ca) + - [Mary Washington Healthcare CA](#mary-washington-healthcare-ca) + - [Mass HIway CA](#mass-hiway-ca) + - [Mississippi Division of Medicaid CA](#mississippi-division-of-medicaid-ca) + - [New Hampshire Health Information Organization CA](#new-hampshire-health-information-organization-ca) + - [New Mexico Health Information Collaborative CA](#new-mexico-health-information-collaborative-ca) + - [North Carolina Health Information Exchange CA](#north-carolina-health-information-exchange-ca) + - [North Dakota Information Technology Department CA](#north-dakota-information-technology-department-ca) + - [Oklahoma State Department of Health CA](#oklahoma-state-department-of-health-ca) + - [Optioncare CA](#optioncare-ca) + - [Orion Health Direct Secure Messaging Public HISP CA](#orion-health-direct-secure-messaging-public-hisp-ca) + - [Rush Health CA](#rush-health-ca) + - [Sutter Health CA](#sutter-health-ca) + - [The Koble Group CA](#the-koble-group-ca) + - [Western Connecticut Health Network CA](#western-connecticut-health-network-ca) + + +**CA Certificates _Issued By_ DigiCert Federated Trust CA-1** + +- [MIDIGATE CA](#midigate-ca) +- [Trinity Health Direct CA](#trinity-health-direct-ca) + +**CA Certificates _Issued By_ Orion Health Direct Secure Messaging CA** + +- [Alaska eHealth Network CA](#alaska-ehealth-network-ca) +- [Cal INDEX CA](#cal-index-ca) +- [Catholic Health Initiatives CA](#catholic-health-initiatives-ca) +- [Greenville Health System CA](#greenville-health-system-ca) +- [Highmark Tapestry HIE CA](#highmark-tapestry-hie-ca) +- [Huntsville Hospital System CA](#huntsville-hospital-system-ca) +- [Inland Empire Health Information Exchange](#inland-empire-health-information-exchange) +- [Jax HR Saint Vincents HIE CA](#jax-hr-saint-vincents-hie-ca) +- [KeystoneHIE KeyHIE CA](#keystonehie-keyhie-ca) +- [Louisiana Health Care Quality Forum CA](#louisiana-health-care-quality-forum-ca) +- [Mary Washington Healthcare CA](#mary-washington-healthcare-ca) +- [Mass HIway CA](#mass-hiway-ca) +- [Mississippi Division of Medicaid CA](#mississippi-division-of-medicaid-ca) +- [New Hampshire Health Information Organization CA](#new-hampshire-health-information-organization-ca) +- [New Mexico Health Information Collaborative CA](#new-mexico-health-information-collaborative-ca) +- [North Carolina Health Information Exchange CA](#north-carolina-health-information-exchange-ca) +- [North Dakota Information Technology Department CA](#north-dakota-information-technology-department-ca) +- [Oklahoma State Department of Health CA](#oklahoma-state-department-of-health-ca) +- [Optioncare CA](#optioncare-ca) +- [Orion Health Direct Secure Messaging Public HISP CA](#orion-health-direct-secure-messaging-public-hisp-ca) +- [Rush Health CA](#rush-health-ca) +- [Sutter Health CA](#sutter-health-ca) +- [The Koble Group CA](#the-koble-group-ca) +- [Western Connecticut Health Network CA](#western-connecticut-health-network-ca) + + +## What Should I Do? +A majority of mission operational use cases will never encounter certificates issued from these CAs. Certificates from these CAs are primarily used for nationwide healthcare information systems and electronic health records. + +You can remove these CAs from trust list configurations used for the following purposes: + +- Federal government enterprise virtual private network (VPN) configurations +- Federal government enterprise ICAM single-sign-on services +- Federal government enterprise network authentication configurations +- Federal government enterprise federation service configurations used for authentication of end users + +Removing the CAs from these trust list configurations may improve performance and reduce maintenance overhead. + + +## Who Can I Contact for Help or More Information? +Email us at fpki@gsa.gov + +## Additional Resources +Details of each CA affected by this change are listed below. You can also download files with copies of the CA certificates. + + +#### CA Certificates _Issued By_ DigiCert Federated ID CA-1 CA + +##### DigiCert Federated Trust CA +- Serial #: 0E569A999C8F5DDAF576E08A12759914 +- Not Before: 11/18/2011 +- Not After: 11/18/2023 +- AKI: D02B3BFF6871D6900CF7C47379C7997000E54740 +- SKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- Thumbprint (SHA-1 Hash): A6B8FEE249869E52A3039CB86B97DE5EFB6E8EB4 +- SPKI (SHA-256 Hash): BAE872B27520AF07BCEC1F276FAACF9A3F53793CC340D7C6ADC6D60F9D37D841 + +##### DigiCert Federated Trust CA-1 +- Serial #: 0E25E27258328AEBDA5BAE23412F0B83 +- Not Before: 8/24/2017 +- Not After: 1/14/2023 +- AKI: D02B3BFF6871D6900CF7C47379C7997000E54740 +- SKI: 6BD202D3D1A9638B394B45319A8F0CBE29E6012B +- Thumbprint (SHA-1 Hash): E29C44387F7BAA9F49EFCCAEA654BCE20CFF5FD3 +- SPKI (SHA-256 Hash): 6473D4F3B628CD1A39AD7DD43D6EC4E85418154A64581EC8A5EB85CABD09235F + +##### DigiCert Federated ID L1 CA +- Serial #: 0C7A7DCC53DDE3D580FC9688D3449627 +- Not Before: 10/30/2012 +- Not After: 10/30/2027 +- AKI: D02B3BFF6871D6900CF7C47379C7997000E54740 +- SKI: DE9A5CAE53D3C97418000031921B4A2709C87948 +- Thumbprint (SHA-1 Hash): 629D8910A0342BF54BC81CE857B1CDE8F197FDE6 +- SPKI (SHA-256 Hash): 3D40F285BCE77279A6510F123783B0663D35BA4CE5AABCA8FE412AB95584AD4A + +##### DigiCert Federated ID L2 CA +- Serial #: 0DBA21F019A2AF46C3614FE7E72721F8 +- Not Before: 1/8/2014 +- Not After: 1/8/2029 +- AKI: D02B3BFF6871D6900CF7C47379C7997000E54740 +- SKI: 0A26205117910D71DB3B3E5E0200A0E803B65519 +- Thumbprint (SHA-1 Hash): A6B6A96F9FE96A7ABD6D653F1C042B46DB997ABF +- SPKI (SHA-256 Hash): B8580D56E54732240057C330614D728E0FE31D4598671FEADAC59D7EA2743DFA + +##### DigiCert Federated ID L3 CA +- Serial #: 0FDAC8733E6F53E33102675179703290 +- Not Before: 1/8/2014 +- Not After: 1/8/2029 +- AKI: D02B3BFF6871D6900CF7C47379C7997000E54740 +- SKI: 8F23D3C49CEBC2A6964E3AF1CE88B28BE2935412 +- Thumbprint (SHA-1 Hash): B60E8344FC32949C23D31A294F867EA64A9BECF2 +- SPKI (SHA-256 Hash): 0FFCB556F276AA77482A6A89EB1708AFB08DC32EE3D2D67199F00BA98DC8F436 + +##### DigiCert Federated ID L4 CA +- Serial #: 0AE4FB7C15E43A90A753212AFFCFE140 +- Not Before: 10/30/2012 +- Not After: 10/30/2027 +- AKI: D02B3BFF6871D6900CF7C47379C7997000E54740 +- SKI: E33A75499CDA442F6C86031C818B2857C8FFA232 +- Thumbprint (SHA-1 Hash): D69D7163302134697AFFBDB934E40CAB6AD57795 +- SPKI (SHA-256 Hash): E5F60FB3FCEA3DFB8BBF09B06F26077C46BFBB36966B611B6DCCCC0D2B591186 + +##### DigiCert Federated ID US L3 CA +- Serial #: 079E9B3BDD54A4449B220580F2602B97 +- Not Before: 1/8/2014 +- Not After: 1/8/2029 +- AKI: D02B3BFF6871D6900CF7C47379C7997000E54740 +- SKI: 0A8FEE0166735DE223EDA829E85592525AD0BE88 +- Thumbprint (SHA-1 Hash): 7FF5F80F53A0DF20C42A7D0DC544C68D684CD557 +- SPKI (SHA-256 Hash): D78BD9425A708E062927E3FE396AC22DF1414B1AE926FB6E868165C039197CAC + +> **Note**: Federal Bridge CA 2016 issued a cross certificate to the DigiCert Federated ID L3 CA on February 28, 2019. This will ensure operations for three (3) Electronic Prescriptions for Controlled Substance (EPCS) customers are not immediately impacted while we continue to review these systems and the use case. + +##### DigiCert Federated ID US L4 CA +- Serial #: 0288147B73BE38D74651E1DCA065CD08 +- Not Before: 4/18/2013 +- Not After: 4/18/2028 +- AKI: D02B3BFF6871D6900CF7C47379C7997000E54740 +- SKI: 9AC44371300E3025A54AE9B4234ED338F3373FA8 +- Thumbprint (SHA-1 Hash): F7F5D745DB7AEADE2AA27E0D5AFAB9760BF8B8A4 +- SPKI (SHA-256 Hash): 07CCF59B26C0559F70F16FB8876444394F7148569D62CC06B07B18EBB1ECCCFF + + +#### CA Certificates _Issued By_ DigiCert Federated Trust CA + +##### AAMC Direct Intermediate CA +- Serial #: 0B6957DF612F5190A590DCA544B775A1 +- Not Before: 5/28/2015 +- Not After: 5/28/2025 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: 4B322EA7FD956726D59CD8AE250C0C04284D71AD +- Thumbprint (SHA-1 Hash): 3C2C135BC01B3DF5B2F85AB78BB83698F1377116 +- SPKI (SHA-256 Hash): 317D690B644ADFBF8D3EBE4F235421A6840ED49945A15C787805B24A125E830A + +##### Allina Health Connect HIE Intermediate CA +- Serial #: 0A2F68961CDF5A7205CC820AD212BF21 +- Not Before: 12/8/2015 +- Not After: 12/8/2025 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: B051F97D55E4B8729FD13A680AD085DADA850F90 +- Thumbprint (SHA-1 Hash): 97C378CD81E32241D903CCC546BA6AD9C5C5880A +- SPKI (SHA-256 Hash): 92E2F8C212A70D9489D715A0D12379420ADAC5C4FBB551A4699E1B869FD11C4D + +##### Axesson Direct CA +- Serial #: 088F6B9D51E46E382D4D50F2F3FCF1C8 +- Not Before: 1/8/2014 +- Not After: 1/8/2024 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: BE8F4706EA5DBF8441C38E055111DAA347EF9CCB +- Thumbprint (SHA-1 Hash): C0A5BB8F511AB6BE007E0A5502E2E2F3998F958A +- SPKI (SHA-256 Hash): C76C23E36F825706D78B849E581CD1CB2BFBAC48D1BB500A177CB28FAFD536B3 + +##### Care360 Direct Intermediate CA +- Serial #: 0E117F35E685C8377C967FE06C8CD0D9 +- Not Before: 8/25/2015 +- Not After: 8/25/2025 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: 56901A6BF9F4429A64A6072F1524EE8C280E2A63 +- Thumbprint (SHA-1 Hash): 81C35E4E102FB6CCC52FAB22D3A193E0A63E5223 +- SPKI (SHA-256 Hash): E1573E8E0951404B724AF2AF5DD5760B29262F4DDF628B8BD1F752816EF0A894 + +##### Cerner Corporation Direct Intermediate CA +- Serial #: 0ED8D84E972DB014A66912DFFE8FDA97 +- Not Before: 9/26/2014 +- Not After: 9/26/2024 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: 52B72C85440C1F62F87B1C621ADD6C4DB98F0931 +- Thumbprint (SHA-1 Hash): 9C549F6C12662A37B0EDF91778444C1290D58D47 +- SPKI (SHA-256 Hash): B663DEB2964FE08D1485025A0469078E82BA828CF85C56A0E5D58CB1E39E0D09 + +##### Cerner Corporation Resonance Intermediate CA +- Serial #: 0D535AE73B9D531AAFAAD8E02686F9F7 +- Not Before: 11/11/2015 +- Not After: 11/11/2021 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: 5F2474960E21A88FCD98F0DAF610779428D58A36 +- Thumbprint (SHA-1 Hash): 0D535AE73B9D531AAFAAD8E02686F9F7 +- SPKI (SHA-256 Hash): E02D3B571F6878D487DE5E2788E8509BBD127199E611E83C3AA24C1078B8CFD5 + +##### CompuGroup Medical Certificate Authority +- Serial #: 0898830DED1957A72AB05F28363241D5 +- Not Before: 12/8/2015 +- Not After: 12/8/2025 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: 0D177F4A586EB40F15D1AAF3D1E486786C67E236 +- Thumbprint (SHA-1 Hash): 6A586F2CFCBED8C8C506A245AA59F329B45A84E5 +- SPKI (SHA-256 Hash): 8E215DE3D86027B3AABCA721136D295B33A5B8037C2F54C1C5ED18073379A0F7 + +##### Corepoint Direct Intermediate CA +- Serial #: 05B60D635544534278B24A48BCD8E8E3 +- Not Before: 1/14/2015 +- Not After: 1/14/2025 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: 32688EEF55C5851961D2DB09D07EAE98912632BC +- Thumbprint (SHA-1 Hash): 1A9B160563BC27E23F6CA9EA4C5D18F3DDA7D08D +- SPKI (SHA-256 Hash): A5CC00D887AD3538AF5710CD60A985FDF35C9B036C201C69F3B0358BD7D6FE05 + +##### DigiCert Accredited Direct Med CA +- Serial #: 09547628F41064DB095087100950673E +- Not Before: 8/6/2013 +- Not After: 8/6/2023 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: 77AE03566D1250157FFE10AB79BA2CB68C6F49D6 +- Thumbprint (SHA-1 Hash): DD110A059FE70BD57A26CA466AD7AE5573FAAF1F +- SPKI (SHA-256 Hash): 6C9292A402CC644B4DF0CB4BE498662ACE4A34000FDD9DE6FE869E4DAEC0F2F4 + +##### DigiCert Direct Non-Provider CA +- Serial #: 024F7D6040D5E5FA85D13EC99EC83152 +- Not Before: 2/11/2014 +- Not After: 2/11/2024 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: F98866882657FB27637B3F6343D18B01CA3A12F3 +- Thumbprint (SHA-1 Hash): F6AABDD56AA6333C4BEA891688E75141D4F82D77 +- SPKI (SHA-256 Hash): 3FE5DAB75E102E06E3523093EE6A42A518684B3D036C25A0731A8C27E374705E + +##### DigiCert Federated Healthcare CA +- Serial #: 0656F256EAA1A6DFF943082ABAE7B4EA +- Not Before: 2/11/2014 +- Not After: 2/11/2024 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: 824D97867C04CFD31144D21C1263C889417E2D3E +- Thumbprint (SHA-1 Hash): 0E694D69F792A2546B993D841A08AA4A85319C5B +- SPKI (SHA-256 Hash): 7E53D9869A0F6978EEE006E73C8508FAF7475B887692C4762E494C9D5F4CA731 + +##### DigiCert Governmental Direct CA +- Serial #: 0916AC4212F94019E734F0630DBF095F +- Not Before: 9/25/2015 +- Not After: 9/25/2025 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: 702D4BA984011A8475F778A90949EC304BF96FEB +- Thumbprint (SHA-1 Hash): F5F0A823699425DA59C5C48B1848F36CB78B1BB2 +- SPKI (SHA-256 Hash): E93A89E2D242026C0D06DE7889B06E963B3B286F85F0D4DB819E54E2072B6E79 + +##### DigiCert Provisional Direct Med CA +- Serial #: 0BEE774D81066945E4EB6DB18C39AE3B +- Not Before: 6/3/2014 +- Not After: 6/3/2024 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: 75AEE40F2EA9BEB233D9159AC994C1F730B435AA +- Thumbprint (SHA-1 Hash): 40EF4AFD9E41C1A7CB19D7AC603CBDAF4A6B0639 +- SPKI (SHA-256 Hash): AAB8548337A1266A4B049391497C3946BEF805ED395357879EFD0F9C3357517E + +##### Indian Health Service-RPMS DIRECT Messaging CA +- Serial #: 0933E5758078BBA93074A4D164FAA171 +- Not Before: 4/4/2014 +- Not After: 4/4/2024 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: 1B73DB517EB2CDE145E054E06D2B9872F066C02A +- Thumbprint (SHA-1 Hash): 2B1BDA3A2B2015CD00CD7DFCE9832ACA58FD92C9 +- SPKI (SHA-256 Hash): E5E29329C19A97086075EF390BC0CD6550BC44BA30DB711F65113D9CF1819259 + +##### Inpriva Direct Federated CA +- Serial #: 0EDEB3BAB925834900B297481174C4F0 +- Not Before: 11/18/2011 +- Not After: 11/18/2021 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: 7D174A10701A3F153BB4837AAE9FF128613E9E23 +- Thumbprint (SHA-1 Hash): 0983E63BFDAC2240FF648C1521DEE226DAD1E447 +- SPKI (SHA-256 Hash): 11B3D11879E58617BAB9AEC5E2D0C7764F5BDB5B2EC3469D8012662EDEE366B9 + +##### INTEGRIS Direct Intermediate CA +- Serial #: 01E9F27D867B6F81937EF4720B17E660 +- Not Before: 11/18/2014 +- Not After: 11/18/2024 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: CA8782FBA642FF63A96C4451CF74F76E8936E6BC +- Thumbprint (SHA-1 Hash): C28E0ADCB82438286285B2DA6BBCAB0980E30357 +- SPKI (SHA-256 Hash): 548AB06640FBDFC0902AA1B413031018C26AD8A3E219ADE869E99F49D64C1D05 + +##### iShare Medical Direct Intermediate CA +- Serial #: 0728BE4E2D23504FB44BB6D7ED21BAB7 +- Not Before: 1/14/2015 +- Not After: 1/14/2025 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: 05A93FA6DE09C5DEB45DE9F2D0F94EFD3EE4B4DD +- Thumbprint (SHA-1 Hash): AD7937A799CD888A08BAA603A253759FDF73253E +- SPKI (SHA-256 Hash): C82A85BC54A85A5AE54A48584E5DBC4738C6DFCA242677AE5F2F1BE9C51F115D + +##### MedicaSoft Direct Intermediate CA +- Serial #: 0FFCEBA644F85AAFFF1C45BCB2DD74C2 +- Not Before: 4/28/2015 +- Not After: 4/28/2025 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: 3DB1C40E4E7E977BA56F8592E0C8968C42AB0896 +- Thumbprint (SHA-1 Hash): E9F761B8D2BE9BE719B7D4D37DDD2A193EA240A0 +- SPKI (SHA-256 Hash): 57C8C86D14D9D8973087EFB1AAB734ED6ABB835B17F2ACF89B6A5DCE401F59CF + +##### Medicity Direct CA +- Serial #: 05376E815724C49DEC67CE208B8FA835 +- Not Before: 2/13/2014 +- Not After: 2/13/2024 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: 59F455C75BEE76663263173997F79A74D86C0EB7 +- Thumbprint (SHA-1 Hash): 9278A953771BE9BDE82E37A9C19BDD29D974B907 +- SPKI (SHA-256 Hash): 29C6DEEA67531B3EE41905E2BAA91907E0B997DA5B346F41A4B2B2154EACF0C2 + +##### MHIN Direct CA +- Serial #: 029FAFE71A57144DAF7CB403031616AF +- Not Before: 1/8/2014 +- Not After: 1/8/2024 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: 39629D94ACF873DDB2FDA4D15C208641A497C6C9 +- Thumbprint (SHA-1 Hash): DCC8C9D8F2610843F5653876CF7E2879FC62CB41 +- SPKI (SHA-256 Hash): C8CEFF21E62EEC7B49D5C00B718A4B661223D52EE940DC5A1EDEEC21AAD298F9 + +##### Mirth Direct Intermediate CA +- Serial #: 094A57F3ED91461B4D4E47B015698B4F +- Not Before: 9/26/2014 +- Not After: 9/26/2024 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: B25C27C56F7962A1FD3EB46683A440BCCA37E07D +- Thumbprint (SHA-1 Hash): BB1B5A342AD6929AF28AAC038CF4ED8E5377FD3B +- SPKI (SHA-256 Hash): 3FBD2D26E6A90688784E5EC17965109E997DBE7C9F84E426B9955F8F504B3C88 + +##### MobileMD Direct Intermediate CA +- Serial #: 0E14FC08CF32009C59C596A1AFEEE1B1 +- Not Before: 10/21/2014 +- Not After: 10/21/2024 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: 055244C67830566C0471612C12C8A493E14452AC +- Thumbprint (SHA-1 Hash): 633C3C8B7999E1D6998ECA1DB9D522961ED13379 +- SPKI (SHA-256 Hash): 285F267D69801CE8459D69A3C3BAA872EE8699F462F26ECB3F0C1C5604CC4BBB + +##### MRO Direct Intermediate CA +- Serial #: 0EDF2AA525860365D47A0662D3C9A48D +- Not Before: 10/21/2014 +- Not After: 10/21/2024 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: D245010C188D7330FCD40E2CFFA0E023E8B60CDB +- Thumbprint (SHA-1 Hash): 29431E91F570B976DA3B9A104FBC4CAA77E86C69 +- SPKI (SHA-256 Hash): 309B9EC320A5757B18045977BAA8F3320423372A4934FECFED93CBC5EAF7D3D0 + +##### Oregon Health Authority Direct CA +- Serial #: 0FE3D8092A6D7DF40369050171AF1E8B +- Not Before: 3/5/2014 +- Not After: 3/5/2024 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: 6A4A9128687032385649F2BE4D5D09285131CC0D +- Thumbprint (SHA-1 Hash): 0A57575F663467ECCE525284C84E7ADBB29BD8C6 +- SPKI (SHA-256 Hash): 0CD7582516043FDF87616AB4016F331E5EF1CC4B18B2C681D6F0941D48A94503 + +##### Orion Health Direct Secure Messaging CA +- Serial #: 0133727B8425DA865077348D70A96C03 +- Not Before: 10/21/2013 +- Not After: 10/23/2023 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- Thumbprint (SHA-1 Hash): C30BBDFA0C87E1F85D5C5F67315914305B88EA3B +- SPKI (SHA-256 Hash): 6C3148A661509D57D73F18C7E644A6573C55ED215C9F28AFA849B059948F1775 + +##### RelayHealth Direct CA +- Serial #: 0A1EC50E115F965EECCFFE5246BE3563 +- Not Before: 4/4/2014 +- Not After: 4/4/2024 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: 58E321F302914D72C610BE5E29F5F8724D7921F0 +- Thumbprint (SHA-1 Hash): A0B3E7213BC44939788EEC7647EC18D45EBBA335 +- SPKI (SHA-256 Hash): F2BFD6BC69CD63088991ABA3AA4A7DC3C0B1FF2743B5F1960FEBB82FF6550545 + +##### Rochester RHIO Intermediate CA +- Serial #: 0B8C2A7EF1543A0E64C54FE60F0A7FB6 +- Not Before: 10/21/2014 +- Not After: 10/21/2024 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: 39979F30AABA80BECD81463F31EBD49FA936DAD1 +- Thumbprint (SHA-1 Hash): 36197F60193DC00077E84AEB27DCAB5F835A2E61 +- SPKI (SHA-256 Hash): 390ED57A8EC33CD534AD7B98E32D52CC5C8A46B65CE13D12F2B5B0AEA6CA3D54 + +##### SCHIEx Direct CA +- Serial #: 05E21F7FE97524F25B84EFC29188FEB8 +- Not Before: 6/7/2016 +- Not After: 6/7/2026 +- AKI: 4608385AA98E20BB0CAF5E31BA89B328BFAC8C36 +- SKI: CEE902347DAA0638416D04D5CFBAF2F03AA4435C +- Thumbprint (SHA-1 Hash): 0ECD0F4D9AB83326E91DC4CEC99C6FEFABDD3CCC +- SPKI (SHA-256 Hash): 9493051083E71E3404D462B36C4E89CEC4A397FFCDFCD10504316A3AD36C9E32 + +#### CA Certificates _Issued By_ DigiCert Federated Trust CA-1 + +##### MIDIGATE CA +- Serial #: 0C436FDCE81703C46951EB97CF926806 +- Not Before: 11/6/2017 +- Not After: 1/13/2023 +- AKI: 6BD202D3D1A9638B394B45319A8F0CBE29E6012B +- SKI: 240E400C2ED027DC1F2997EB1E9B2AC6D8E9A0C5 +- Thumbprint (SHA-1 Hash): FB597F2604CB7EEC8953935E2EF527CB83B67ECA +- SPKI (SHA-256 Hash): 0F88A7105EBE623CAD76D22E7A0A4229A7BB43714ED06BB798D781500E9ABE07 + +##### Trinity Health Direct CA +- Serial #: 05511821092EC4F77D4836AF31BB170F +- Not Before: 8/24/2017 +- Not After: 1/13/2023 +- AKI: 6BD202D3D1A9638B394B45319A8F0CBE29E6012B +- SKI: A5C2E43A16B419C3E1FABC3E7EC758C353798BC1 +- Thumbprint (SHA-1 Hash): 91C374480ABA3BB9B46C8A870F95E0CA98CF0C70 +- SPKI (SHA-256 Hash): 5B7AAE96A364A9DEE4E69BD81A910B5E4AD11A0ACB153EB033657CF9C88179B5 + +#### CA Certificates _Issued By_ Orion Health Direct Secure Messaging CA + +##### Alaska eHealth Network CA +- Serial #: 07A42C0E8D2725E05DF2A012B520D378 +- Not Before: 10/22/2013 +- Not After: 10/22/2023 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: 3FC54CA205FF8E1C0EF1F6E9C36F05FC71CF2977 +- Thumbprint (SHA-1 Hash): 41C64D922958E527051246C6D26FB0A1C392A6EB +- SPKI (SHA-256 Hash): 75F904F9B4876E6AE3441C24ACC1F93D0C1A210928B3F0267F010925760E21AD + +##### Cal INDEX CA +- Serial #: 04E99C3BEA35EBC9C93115BB5873F769 +- Not Before: 7/12/2016 +- Not After: 7/12/2026 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: 8A713030C19507E7331887D1175656487894E608 +- Thumbprint (SHA-1 Hash): C7E2D4CEC6F65653956E4116D896691A18A13FCB +- SPKI (SHA-256 Hash): F46B700EC8CCB400E860EC1BD517C9AEC697DDB25B4516478644004CD204260B + +##### Catholic Health Initiatives CA +- Serial #: 5737EBA16AEBC582D962F2EA938CC59 +- Not Before: 8/19/2014 +- Not After: 8/19/2024 +- AKI: 0A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: 66D2726A1C675A9520BB6321E1D8E54C545242A2 +- Thumbprint (SHA-1 Hash): F32A0706A0632E565D79F317141619FF2D314562 +- SPKI (SHA-256 Hash): 7868086FD31FF11D876E7344CB545DC56716DB3C9C626A599A5DF7BFC214EB46 + +##### Greenville Health System CA +- Serial #: 039C60B26637C6B8E9B63B5A9EC588AA +- Not Before: 3/5/2014 +- Not After: 3/5/2024 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: E0ADB796C1268C12FC470B8A85779EBFE1525C31 +- Thumbprint (SHA-1 Hash): AA1FF6AE9B3B3F437A887B806CEF53689FD70CBD +- SPKI (SHA-256 Hash): C8FB8CC2924C78C2DAE2912AD02F052FFBA0A54EFFC77663FF97E63821ED4612 + +##### Highmark Tapestry HIE CA +- Serial #: 0B7D4F1EA2A013A2A1BE3AB00CD0407D +- Not Before: 8/19/2014 +- Not After: 8/19/2024 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: BEB1DC3128BCB53142C45CCB287A3A3BBFEFFFBA +- Thumbprint (SHA-1 Hash): E1CAD6EC91D6D1CFB2777AB023BEA496C2E2EDBE +- SPKI (SHA-256 Hash): B6F3758082B347CEAA3D2436030AEABA098E8BA1ADAC8A681E499EEEC7A6F756 + +##### Huntsville Hospital System CA +- Serial #: 0F0CCD49BA7A570FB90C8108BF1693A2 +- Not Before: 3/5/2014 +- Not After: 3/5/2024 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: E86E22CAF499502F44F4D42D62E76C5975DCFA19 +- Thumbprint (SHA-1 Hash): B75219D4843296613B6369AFC628078CBC69DCFA +- SPKI (SHA-256 Hash): E236742BE61F26AA1C35AE90DCEA25B920CD9128EAD32B69BC0B6B0E04EA2EE4 + +##### Inland Empire Health Information Exchange +- Serial #: 0F6D2AE4D2580E0CA9EB1D4E1EAD131D +- Not Before: 1/8/2014 +- Not After: 1/8/2024 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: 0C95F04752DB4BA4EBE747D289B65CD1AF3A3010 +- Thumbprint (SHA-1 Hash): C68C49E448435DC6BD352A0CD05B157CD1D1E29C +- SPKI (SHA-256 Hash): ABA80268F12EEA1037FBBF18A8253DED14316A7BFE84C2269802A8BBFE52DE09 + +##### Jax HR Saint Vincents HIE CA +- Serial #: 0C03AE8086FBACDDDD35ADF818F0979C +- Not Before: 2/16/2015 +- Not After: 2/16/2025 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: 0E7E0E62F9F8B72F4FC6F4783EAC87D21790CE00 +- Thumbprint (SHA-1 Hash): EFABA80CF00268CE78B5F21C11CF3494FED2751C +- SPKI (SHA-256 Hash): ED367E66155FD54C27842FAC81802DDB3839FC4E8569880592D6AE25BA9A7C74 + +##### KeystoneHIE KeyHIE CA +- Serial #: 02A537BC58D09EB0714B9004340C9504 +- Not Before: 8/19/2014 +- Not After: 8/19/2024 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: 976E49AA98A72FDABBA276C51EF206073DC70C22 +- Thumbprint (SHA-1 Hash): 62247623C912B6286AC3EFB0EA2E649720EAB7DE +- SPKI (SHA-256 Hash): 06A14E63979CE1F42AED287C6E5BCFF6C5FF987B4CCEA622BC8E5A45B8FA2CC7 + +##### Louisiana Health Care Quality Forum CA +- Serial #: 0491751063891838340AD681034CF86A +- Not Before: 10/22/2013 +- Not After: 10/22/2023 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: FB88E1E7C123C6EB6B11D3F224D42F11962DDC9C +- Thumbprint (SHA-1 Hash): 9DB9E8FD19740D423B20E047FEDE8FCA03D6D599 +- SPKI (SHA-256 Hash): D2815EE9A325C079F3396BC9E8F24E5B5B194CC5E0CF2635FF48B39F07FC7E33 + +##### Mary Washington Healthcare CA +- Serial #: 0A3511BA0C581298F96CF119505F3FC3 +- Not Before: 3/5/2014 +- Not After: 3/5/2024 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: 302AF2922B485D0073E901735832EC0DC331D2FF +- Thumbprint (SHA-1 Hash): F2E05E1647BB5948040127E8E5515A38B24D0434 +- SPKI (SHA-256 Hash): DDF659CACDE9095019CC622F16308DF6A3D301AFC767170716F1255DA2F4A04A + +##### Mass HIway CA +- Serial #: 05A42A2A54A348EF8B10AAFCFDEDBB73 +- Not Before: 9/25/2015 +- Not After: 9/25/2025 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: 41F486F29C43C5AA9C525A7A3C7EF18431BC61BA +- Thumbprint (SHA-1 Hash): 7B3CE1AA5B8CB71DD8E7609AC7D144760C93CF84 +- SPKI (SHA-256 Hash): 3D5116D3A253451C0CB0D17D3FA3AAD1E3D07C1EFE79AA90B73AA369465BAB76 + +##### Mississippi Division of Medicaid CA +- Serial #: 07B268D3565D4EA118524BFE1A3088DD +- Not Before: 1/8/2014 +- Not After: 1/8/2024 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: B476B692CF0AF437BA2617FABF2011985A819271 +- Thumbprint (SHA-1 Hash): 03A88451EB50024EE1665F181BF511A623C724F3 +- SPKI (SHA-256 Hash): 4121DBF41295B77B1B6D97296EC621CDAEF8456618AC2C96D934623AE4589B6E + +##### New Hampshire Health Information Organization CA +- Serial #: 0FC78FF0B25CE0F20630C639C5A08C5F +- Not Before: 10/22/2013 +- Not After: 10/22/2023 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: 13CAA050FEDEAE9E4FDCAA61FDDC813C4BD7D695 +- Thumbprint (SHA-1 Hash): 6E2EF1187693A1C09E92DD083735BC7F39B3551E +- SPKI (SHA-256 Hash): 15C69004AA0A3A876AE0B322485114CC225AD1D1482D9EADC6EC62BD4210580E + +##### New Mexico Health Information Collaborative CA +- Serial #: 057E0CDCDDB211396AB5242B1839CC0E +- Not Before: 9/26/2014 +- Not After: 9/26/2024 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: A331DD14B60608534B60294205572C40E1218C9E +- Thumbprint (SHA-1 Hash): 71440E4192C9C5F916D1BAC809C09E52C77A9661 +- SPKI (SHA-256 Hash): D66EBFC9869A49975D37670D8E3D156B0691887A52EB80F3C2D869AD6923760F + +##### North Carolina Health Information Exchange CA +- Serial #: 066B4604152D707EE44DD584B4EE81C4 +- Not Before: 3/5/2014 +- Not After: 3/5/2024 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: 0F16204B5D1DA1D4E50421288478FC6A472D11F3 +- Thumbprint (SHA-1 Hash): FF1414C895D1BC1EDC866BA333D2942B46EDCBCC +- SPKI (SHA-256 Hash): B0A3302C22C10B9B713448CBE47B10489D40965B078ECADC19E7269D405D27FF + +##### North Dakota Information Technology Department CA +- Serial #: 04357DD28DE9370678C5094E9940E821 +- Not Before: 1/10/2014 +- Not After: 1/10/2024 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: 95C5DFF9172828E13FF267EAD9113D43381C4BE1 +- Thumbprint (SHA-1 Hash): A295DF1D857F219D96A9EAAA8CB4DE725B634D63 +- SPKI (SHA-256 Hash): 7BA409DEE6B1B5D74AAE9C311A17432226D8F8BC02BC4690540F927B07031EEC + +##### Oklahoma State Department of Health CA +- Serial #: 04793AAA351A61AE7F2756A5E524B014 +- Not Before: 2/16/2015 +- Not After: 2/16/2025 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: 0972F7657FC66F353FB4CF13823895BE1D80A986 +- Thumbprint (SHA-1 Hash): E1245959AF582F9AF0B101198CD85C97970765F9 +- SPKI (SHA-256 Hash): C50453968E8DF547E854C8E99C9199B6926BD3A2DD0C1A56A58FBC1027693A49 + +##### Optioncare CA +- Serial #: 074F2D04ADEBFC19884F420FFF9DF2CF +- Not Before: 3/1/2016 +- Not After: 3/1/2026 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: AD758EFBA5158B51565195450D1A714BEC4F3E63 +- Thumbprint (SHA-1 Hash): A776F75611B2A7B548573DC29994F142DD363882 +- SPKI (SHA-256 Hash): D5CA301C0A1FF6A5E18A2B4537BAE2047AE6E757D432D82EADB40EB765DD4128 + +##### Orion Health Direct Secure Messaging Public HISP CA +- Serial #: 06406F00285529404B11F92A78E67DA9 +- Not Before: 10/22/2013 +- Not After: 10/22/2023 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: FBC2F9B415959A384D5574A0DFBD873BD5783D38 +- Thumbprint (SHA-1 Hash): DCDC844A0B183107A172802BF2489173A914B0C9 +- SPKI (SHA-256 Hash): FC3903663F33AABAADB3B9E047CBDE625DD02D088275A16F23B8F7A2F2C92E34 + +##### Rush Health CA +- Serial #: 04B43B1C31EAB7E37BEB31F0CC3DBADD +- Not Before: 4/23/2014 +- Not After: 4/23/2024 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: BE66CD9A79849F1B023EDB3D1AD08F32164996E0 +- Thumbprint (SHA-1 Hash): EC5C1E327D71840FD108557031AEAB63E762A207 +- SPKI (SHA-256 Hash): 1F89679357E72BC42B1B977022EA54CE733ABE3D5268C8077B7B9781D48727EA + +##### Sutter Health CA +- Serial #: 0C59E5800EE065EA52B5581A65775CC6 +- Not Before: 10/21/2014 +- Not After: 10/21/2024 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: DF2B01740E9469FA8F055F48EA1D986BACAEE5FC +- Thumbprint (SHA-1 Hash): 6887CAE99ECD54FEC484A90294C45973FBC12A08 +- SPKI (SHA-256 Hash): E6D7D13A3FAB0C1123CFAFBEE3AE1621790AC39E5D86AAB33EC72FDE60528A93 + +##### The Koble Group CA +- Serial #: 01BC6B791447CDA90A8A14E8204957FD +- Not Before: 6/21/2016 +- Not After: 6/21/2026 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: CF604AC6EDBDC504D9C96A179A34FCD3F9D4DE79 +- Thumbprint (SHA-1 Hash): 4D540D6E7BC3867D81178F98C5F21991247C2FBB +- SPKI (SHA-256 Hash): F9BC6EFB2686D571B863BA7558B4CC37D55F90A384A419FF06CBBBB49B22D94E + +##### Western Connecticut Health Network CA +- Serial #: 07295D1F92953D6776E2146E93A58957 +- Not Before: 3/5/2014 +- Not After: 3/5/2024 +- AKI: A56E22FF39693A23FB892417C66094001ADA8E9E +- SKI: 5B4B77AF749FD4F36146FE93C5AF8151A118075B +- Thumbprint (SHA-1 Hash): 948D1DAF1D124ACE83F6826192036EDC35C4D005 +- SPKI (SHA-256 Hash): 22AE4FFC23AEE5E6369025594C915F20B453E45EB058E2EC54CD7DD8AE6C0F5E + + + diff --git a/_implement/announcements/06_digicert_ca_decommissioning.md b/_implement/announcements/06_digicert_ca_decommissioning.md new file mode 100644 index 000000000..4ffb36a51 --- /dev/null +++ b/_implement/announcements/06_digicert_ca_decommissioning.md @@ -0,0 +1,36 @@ +--- +layout: page +title: DigiCert CA Decommissioning +pubDate: 04/01/2019 +archiveDate: 03/20/2020 +removeDate: 03/02/2022 +collection: implement +category: Decommission +#permalink: /fpki/announcements/2019digicert/ +description: Information related to the DigiCert CAs affected by this change. +sidenav: implement +sticky_sidenav: true +category: Removed + +--- + +DigiCert is planning on decommissioning several certification authorities (CAs) from the Federal PKI. These CAs are no longer active or required, and there is no expected impact from these changes. + +Remaining active certificates issued from any of the CAs listed in the table below will be revoked. Each CA planned for decommissioning will issue a long-lived CRL, and then have its signing CA certificate revoked by the Symantec Class 3 SSP Intermediate CA - G3 CA. + +The following CAs are planned for revocation and decommissioning: + +| Certificate Serial Number | Subject | Issuer | +|---------------------------|---------|--------| +| 0f76b14f6e3c3f3d78cc7cabf1e9d1f2 | CSC CA - 2 | Symantec Class 3 SSP Intermediate CA - G3 | +| 22058f804d89edd93122c840987ac7ab | CSRA FBCA C4 Device CA | Symantec Class 3 SSP Intermediate CA - G3 | +| 2aaa084cce8d13dc0b3b05b34e325922 | CSRA FBCA C4 CA | Symantec Class 3 SSP Intermediate CA - G3 | +| 45aabdffdae1621d52b260daf7ef3bd7 | CSRA FBCA C3 Device CA | Symantec Class 3 SSP Intermediate CA - G3 | +| 48b53c25944e6ed645339ecf1079fd37 | CSRA FBCA C3 CA | Symantec Class 3 SSP Intermediate CA - G3 | +| 75c13dbed31093353c73618effdabe6e | SureID Inc. CA2 | Symantec Class 3 SSP Intermediate CA - G3 | +| 4ff47dfa24d3aa3633dd4e55de80f870 | SureID Inc. Device CA1 | Symantec Class 3 SSP Intermediate CA - G3 | +| 7bc54c654c3a41d738d48ac17ab603af | Eid Passport LRA Content Signer CA 3 | Symantec Class 3 SSP Intermediate CA - G3 | +| 404d442e9c097771209218ac534936c3 | Eid Passport LRA Device 2 CA | Symantec Class 3 SSP Intermediate CA - G3 | + +## Who Can I Contact for Help or More Information? +Email us at fpki@gsa.gov. diff --git a/_implement/announcements/07_fpki-repository-migration.md b/_implement/announcements/07_fpki-repository-migration.md new file mode 100644 index 000000000..206206a03 --- /dev/null +++ b/_implement/announcements/07_fpki-repository-migration.md @@ -0,0 +1,52 @@ +--- +layout: page +title: Upcoming Migration of Federal PKI Certificate Repository Services +pubDate: 04/01/2019 +archiveDate: 03/30/2020 +removeDate: 03/30/2022 +collection: implement +category: Migration +#permalink: /fpki/announcements/2019fpkimigration/ +description: Information related to the upcoming migration. +sidenav: implement +sticky_sidenav: true +category: Removed + +subnav: + - text: What Will Be Impacted? + href: '#what-will-be-impacted' + - text: When Will This Change Take Place? + href: '#when-will-this-change-take-place' + - text: What Should I Do? + href: '#what-should-i-do' + - text: Who Can I Contact for Help or More Information? + href: '#who-can-i-contact-for-help-or-more-information' + +--- + +{% include alert-info.html content="Upcoming changes to the hosting of Federal Public Key Infrastructure Certification Authority (CA) data repositories could impact your agency." %} + +On April 22, 2019, the Federal Public Key Infrastructure Management Authority will migrate the hosting of HyperText Transfer Protocol (HTTP) repository services to a cloud-based solution. Existing Federal PKI CA certificate Uniform Resource Locators (URLs) **will not** change as a result of this migration. + +## What Will Be Impacted? + +This change will affect the hosting of certificate revocation lists, CA certificates, and certificate bundles for the following Federal PKI CAs: +- Federal Bridge CA 2016 +- Federal Common Policy CA +- SHA1 Federal Root CA +- Some Test CAs operating for the FPKI Community Interoperability Test Environment (CITE) + +## When Will This Change Take Place? +The migration will take place on April 22, 2019. + +## What Should I Do? +This change will be transparent to Relying Parties, and should not require any agency action. + +The FPKI Community Interoperability Test Environment HTTP repository [http://http.cite.fpki-lab.gov](http://http.cite.fpki-lab.gov){:class="usa-link usa-link--external"} has used the new service since June 2018 with no reported issues. + +A new base URL is available for anyone who would like to test the planned repository service update before the April 22, 2019 migration. For example, to download a copy of the Federal Common Policy CA certificate using the cloud-based hosting solution, navigate to [http://cdn.http.fpki.gov/fcpca/fcpca.crt](http://cdn.http.fpki.gov/fcpca/fcpca.crt){:class="usa-link usa-link--external"}. + +Contact fpki-help@gsa.gov with the subject “CDN Test Issue” if you'd like to learn more about testing or if you have any issues. + +## Who Can I Contact for Help or More Information? +Email us at fpki-help@gsa.gov. diff --git a/_implement/announcements/08_commong2.md b/_implement/announcements/08_commong2.md new file mode 100644 index 000000000..a6475a6ea --- /dev/null +++ b/_implement/announcements/08_commong2.md @@ -0,0 +1,56 @@ +--- +layout: page +title: Federal Common Policy CA Update +date: 10/12/2020 +removeDate: 10/11/2023 +collection: implement +permalink: /implement/announcements/common-g2-update/ +description: Details on the Federal Common Policy CA G2 timeline and actions agencies need to perform. +category: Active +sticky_sidenav: true +sidenav: fpkiannouncements + +subnav: + - text: What Will Be Impacted? + href: '#what-will-be-impacted' + - text: When Will This Change Take Place? + href: '#when-will-this-change-take-place' + - text: What Should I Do? + href: '#what-should-i-do' + - text: Who Can I Contact for Help or More Information? + href: '#who-can-i-contact-for-help-or-more-information' +--- + +{% include alert-info.html content="Upcoming changes to the Federal Common Policy Certification Authority (CA) will impact your agency. This announcement will be updated as more information is available." %} + +In **October 2020**, the Federal Government created a new Federal Public Key Infrastructure (FPKI) Root Certification Authority (CA). The new root is named the **Federal Common Policy CA G2**. + +Between December 2020 and June 2021, the CAs signed by the old root will be migrated to be signed by this new root: Federal Common Policy CA G2. Once the migration is complete, the old root will be decommissioned. + +## What Will Be Impacted? + +**This change will affect all federal agencies** and will have an impact on the following services: + +- Personal Identity Verification (PIV) credential authentication to the government networks +- Agency web applications implementing client authentication (e.g., PIV authentication) +- User digital signatures that leverage PIV or similar credentials +- Other applications leveraging the Federal Common Policy CA as a root + +## When Will This Change Take Place? +Tentative time-line: +- **October 14, 2020**: The Federal PKI Management Authority (FPKIMA) created the new Federal Common Policy CA G2 root +- **October 15, 2020**: The FPKIMA team issued a cross certificate from the Federal Common Policy CA G2 to the Federal Bridge CA G4 +- **November 18, 2020**: The FPKIMA team will issue CA certificates to migrate agency and shared service providers CAs to the new root: Federal Common Policy CA G2 +- **December 2020 to June 2021**: All agencies will need to transition from using the old Federal Common Policy CA as the root to the new Federal Common Policy CA G2 *(approximately six months)* +- **June 2021**: The FPKIMA team will decommission the old Federal Common Policy CA + +## What Should I Do? + +{% include alert-info.html content="We are collaborating with CISA on a series of webinars to communicate the upcoming changes and answer your questions. Email fpkirootupdate@gsa.gov to be notified of future events." %} + +To prevent issues, agencies **must** distribute the Federal Common Policy CA G2 root certificate as a trusted Root Certification Authority to workstations and servers. + +To prepare for the Federal Common Policy CA update, read our guide [here]({{ site.baseurl }}/implement/announcements/02_microsoft_constraint/). + +## Who Can I Contact for Help or More Information? +Email us at fpkirootupdate@gsa.gov. diff --git a/_implement/announcements/09_test_tools.md b/_implement/announcements/09_test_tools.md new file mode 100644 index 000000000..1307cabb8 --- /dev/null +++ b/_implement/announcements/09_test_tools.md @@ -0,0 +1,34 @@ +--- +layout: page +title: New Test Tools Available +pubDate: 05/18/2021 +removeDate: 05/18/2024 +collection: implement +permalink: /implement/announcements/test-tools/ +description: Release announcement for the Card Conformance Tool (CCT) and Certificate Profile Conformance Tool (CPCT). +category: Active +sticky_sidenav: true +sidenav: fpkiannouncements + +--- + +GSA has created two tools to streamline Federal PKI Annual Review testing with remote evaluation capabilities. + +- [**Card Conformance Tool (CCT)**](https://github.com/GSA/piv-conformance/releases) - a GSA managed Java tool which validates that Personal Identity Verification (PIV) and PIV-Interoperable (PIV-I) smart cards are compliant with key standards. +- [**Certificate Profile Conformance Tool (CPCT)**](https://github.com/GSA/cpct-tool/releases/) - a web site application that analyzes certificates for conformance to a specific Federal PKI profile document version and certificate profile. + +The tools enable entity representatives to perform testing directly, with results verified by the GSA FIPS 201 Evaluation Program support team. Benefits include: +- Preemptive identification of possible issues during development and maintenance, and +- Reduction in travel and related resource time costs. + +For more information, see the following web sites: +- Card Conformance Tool + - Latest release: [https://github.com/GSA/piv-conformance/releases](https://github.com/GSA/piv-conformance/releases){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} + - Support page: [https://github.com/GSA/piv-conformance/wiki](https://github.com/GSA/piv-conformance/wiki){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} + +- Certificate Profile Conformance Tool + - Latest release: [https://github.com/GSA/cpct-tool/releases](https://github.com/GSA/cpct-tool/releases){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} + - Support page: [https://github.com/GSA/cpct-tool/wiki](https://github.com/GSA/cpct-tool/wiki){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} + +## Who can I contact for help or more information? +Email us at fpki@gsa.gov. diff --git a/_includes/meta.html b/_includes/meta.html index d2ce049a3..489502293 100644 --- a/_includes/meta.html +++ b/_includes/meta.html @@ -76,7 +76,7 @@ - - - + + + From ab7ae36170c3d932f1d45b249602221df3355cb3 Mon Sep 17 00:00:00 2001 From: Ken Myers <61115074+idmken@users.noreply.github.com> Date: Tue, 31 Oct 2023 10:57:22 -0400 Subject: [PATCH 11/16] Update meta.html Added indent --- _includes/meta.html | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/_includes/meta.html b/_includes/meta.html index 489502293..d2ce049a3 100644 --- a/_includes/meta.html +++ b/_includes/meta.html @@ -76,7 +76,7 @@ - - - + + + From 53aaecd473466a9bfbc2d85baf2d7d3e2df339e5 Mon Sep 17 00:00:00 2001 From: Ken Myers <61115074+idmken@users.noreply.github.com> Date: Tue, 31 Oct 2023 10:58:02 -0400 Subject: [PATCH 12/16] Update fpkiannouncements.yml --- _data/fpkiannouncements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_data/fpkiannouncements.yml b/_data/fpkiannouncements.yml index f77ba114e..5fa9e6a00 100644 --- a/_data/fpkiannouncements.yml +++ b/_data/fpkiannouncements.yml @@ -40,7 +40,7 @@ pubDate: October 12, 2020 url: /implement/announcements/common-g2-update/ description: This announcement details the FCPCA update timeline and actions agencies need to perform. - status: Active + status: Removed - title: Upcoming Migration of Federal PKI Certificate Repository Services pubDate: April 1, 2019 From 51f559d6901f34ad4e4af3437a9d0d48401643eb Mon Sep 17 00:00:00 2001 From: Ken Myers <61115074+idmken@users.noreply.github.com> Date: Tue, 31 Oct 2023 11:04:03 -0400 Subject: [PATCH 13/16] Update _config.yml Removed pretty permalink so only pages with a permalink are loaded. --- _config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_config.yml b/_config.yml index cb6dd6e1e..14660a890 100644 --- a/_config.yml +++ b/_config.yml @@ -171,7 +171,7 @@ collections: output: true permalink: /:path/ -permalink: pretty +# permalink: pretty markdown: kramdown plugins: From 2f37e3bdd54a23beec706885391dc81d95e8952d Mon Sep 17 00:00:00 2001 From: Ken Myers <61115074+idmken@users.noreply.github.com> Date: Tue, 31 Oct 2023 11:11:52 -0400 Subject: [PATCH 14/16] Update _config.yml --- _config.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/_config.yml b/_config.yml index 14660a890..51bfd8712 100644 --- a/_config.yml +++ b/_config.yml @@ -67,12 +67,12 @@ primary_navigation: url: /implement/trust-fcpca/ - name: Smart Card Logon for Operating Systems url: /implement/scl-windows/ - - name: Certificate-based Authentication for Cloud - url: /implement/whfb/ + - name: Certificate-based Authentication for Cloud (Coming Soon!) + url: / - name: Use Smart Cards with Applications url: /implement/outlook/ - - name: FIDO2 and Web Authentication (Coming Soon!) - url: / + - name: FIDO2 and Web Authentication + url: /implement/whfb/ - name: FPKI Ecosystem Changes url: /fpki/notifications/ - name: Coordination Functions From 8747a7e6484e94ec35407fd351a2bc0f557258c4 Mon Sep 17 00:00:00 2001 From: Ken Myers <61115074+idmken@users.noreply.github.com> Date: Tue, 31 Oct 2023 11:13:49 -0400 Subject: [PATCH 15/16] Update 08_commong2.md --- _implement/announcements/08_commong2.md | 1 - 1 file changed, 1 deletion(-) diff --git a/_implement/announcements/08_commong2.md b/_implement/announcements/08_commong2.md index a6475a6ea..762341694 100644 --- a/_implement/announcements/08_commong2.md +++ b/_implement/announcements/08_commong2.md @@ -4,7 +4,6 @@ title: Federal Common Policy CA Update date: 10/12/2020 removeDate: 10/11/2023 collection: implement -permalink: /implement/announcements/common-g2-update/ description: Details on the Federal Common Policy CA G2 timeline and actions agencies need to perform. category: Active sticky_sidenav: true From fda295be2f56f8cfe4ea120222fcf2b9d8602293 Mon Sep 17 00:00:00 2001 From: Diana Proud-Madruga <118391820+dproudGSA@users.noreply.github.com> Date: Tue, 31 Oct 2023 11:23:06 -0700 Subject: [PATCH 16/16] Added thumbprint --- _data/fpkinotifications.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_data/fpkinotifications.yml b/_data/fpkinotifications.yml index 5cc6988af..6568ab568 100644 --- a/_data/fpkinotifications.yml +++ b/_data/fpkinotifications.yml @@ -46,7 +46,7 @@ system: DirectTrust Identity Bridge CA change_description: DirectTrust issued a cross certificate from the bridge to the Trans Sped Root CA on October 30, 2023. contact: Kyle dot Neuman at DirectTrust dot org - ca_certificate_hash: + ca_certificate_hash: d0575156c2333a2493890b3aee7900fc6ff8620f ca_certificate_issuer: CN = DirectTrust Identity Bridge CA, OU = Certification Authorities, O = DirectTrust.org, inc., C = US ca_certificate_subject: CN = Trans Sped Root CA G3, OU = Trans Sped Trust Services, O = Trans Sped S.A./organizationIdentifier = VATRO-12458924, C = RO cdp_uri: http://crl.makeidentitysafe.com/sibca.crl